Download Print this page

Allied Telesis AT-S63 Cli User's Manual

Command line interface at-9424t/sp and at-9424t/gb layer 2+ gigabit ethernet switches

Hide thumbs Also See for AT-S63:

User manual (668 pages)

,

Features manual (538 pages)

Table Of Contents

page of 464

/ 464
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual See also: Feature Manual, User Manual

◆

Command Line Interface

User's Guide

AT-9424T/SP AND AT-9424T/GB

LAYER 2+ GIGABIT ETHERNET SWITCHES

VERSION 1.0.0

PN 613-50571-00 Rev A

Management

Software

AT-S63

®

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the AT-S63 and is the answer not in the manual?

Questions and answers

Summary of Contents for Allied Telesis AT-S63

Page 1: Management Software
Management Software ® AT-S63 ◆ Command Line Interface User’s Guide AT-9424T/SP AND AT-9424T/GB LAYER 2+ GIGABIT ETHERNET SWITCHES VERSION 1.0.0 PN 613-50571-00 Rev A...
Page 2 Copyright © 2004 Allied Telesyn, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn, Inc. Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. Netscape Navigator is a registered trademark of Netscape Communications Corporation.
Page 3: Table Of Contents
Contents Tables ............................................11 Preface ............................................ 13 Document Conventions ....................................14 Where to Find Web-based Guides ................................15 Contacting Allied Telesyn ....................................16 Online Support ......................................16 Email and Telephone Support ................................16 For Sales or Corporate Information ..............................16 Obtaining Management Software Updates ..............................
Page 4 Contents RESET SWITCH ........................................43 RESET SYSTEM ........................................44 RESTART REBOOT .........................................45 RESTART SWITCH ........................................46 SET ASYN ..........................................48 SET IP INTERFACE .........................................49 SET IP ROUTE ..........................................51 SET PASSWORD MANAGER ....................................52 SET PASSWORD OPERATOR .....................................53 SET SWITCH CONSOLETIMER ...................................54 SET SYSTEM ..........................................55 SET USER PASSWORD ......................................56 SHOW ASYN ...........................................57 SHOW CONFIG ........................................58 SHOW DHCPBOOTP ......................................59...
Page 5 AT-S63 Management Software Command Line Interface User’s Guide DISABLE INTERFACE LINKTRAP ..................................105 DISABLE SWITCH PORT ....................................106 DISABLE SWITCH PORT FLOW ..................................107 ENABLE INTERFACE LINKTRAP ..................................108 ENABLE SWITCH PORT .....................................109 ENABLE SWITCH PORT FLOW ..................................110 RESET SWITCH PORT ......................................111 SET SWITCH PORT ......................................112 SET SWITCH PORT RATELIMITING ................................117...
Page 6 Contents Chapter 14 Quality of Service (QoS) Commands ..............................177 MAP QOS COSP ........................................178 SET QOS COSP ........................................180 SET QOS SCHEDULING ....................................181 SHOW QOS CONFIG ......................................182 Chapter 15 IGMP Snooping Commands ..................................183 DISABLE IGMPSNOOPING ....................................184 ENABLE IGMPSNOOPING ....................................
Page 7 AT-S63 Management Software Command Line Interface User’s Guide Chapter 20 SNMPv3 Commands ......................................245 ADD SNMPV3 USER ......................................247 CLEAR SNMPV3 ACCESS ....................................249 CLEAR SNMPV3 COMMUNITY ..................................251 CLEAR SNMPV3 NOTIFY ....................................252 CLEAR SNMPV3 TARGETADDR ..................................253 CLEAR SNMPV3 VIEW .......................................254 CREATE SNMPV3 ACCESS ....................................255 CREATE SNMPV3 COMMUNITY ..................................258...
Page 8 Contents SET GARP PORT ........................................325 SET GARP TIMER ......................................... 326 SHOW GARP ........................................328 SHOW GARP COUNTER ....................................329 SHOW GARP DATABASE ....................................331 SHOW GARP GIP ........................................ 332 SHOW GARP MACHINE ....................................333 Chapter 23 Protected Ports VLAN Commands ................................335 ADD VLAN GROUP ......................................
Page 9 AT-S63 Management Software Command Line Interface User’s Guide DELETE PKI CERTIFICATE ....................................393 PURGE PKI ..........................................394 SET PKI CERTIFICATE ......................................395 SET PKI CERTSTORELIMIT ....................................397 SET SYSTEM DISTINGUISHEDNAME ................................398 SHOW PKI ..........................................399 SHOW PKI CERTIFICATE ....................................400 Chapter 30 Secure Sockets Layer (SSL) Commands ..............................401 SET SSL ..........................................402...
Page 10 Contents...
Page 11: Tables
Tables Table 1: File Name Extensions ..................................156 Table 2: File Name Extensions ..................................161 Table 3: AT-S63 Modules ....................................171 Table 4: Event Log Severity Levels ................................172 Table 5: Default Mappings of IEEE 802.1p Priority Levels to Priority Queues ................178 Table 6: Bridge Priority Value Increments ...............................200 Table 7: STP Auto-Detect Port Costs ................................203...
Page 12 Tables...
Page 13: Preface
The first page of each chapter lists the commands, and the commands are described in alphabetical order. For more information about the AT-S63 management software, refer to the AT-S63 Management Software Menus Interface User’s Guide and the AT-S63 Management Software Web Browser Interface User’s Guide.
Page 14: Document Conventions
Preface Document Conventions This document uses the following conventions: Note Notes provide additional information. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data.
Page 15: Where To Find Web-Based Guides
AT-S63 Management Software Command Line Interface User’s Guide Where to Find Web-based Guides The installation and user guides for all Allied Telesyn products are available in portable document format (PDF) from on our web site at www.alliedtelesyn.com. You can view the documents online or...
Page 16: Contacting Allied Telesyn
Preface Contacting Allied Telesyn This section provides Allied Telesyn contact information for technical support as well as sales or corporate information. Online Support You can request technical support online by accessing the Allied Telesyn Knowledge Base at www.alliedtelesyn.com/kb. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
Page 17: Obtaining Management Software Updates
AT-S63 Management Software Command Line Interface User’s Guide Obtaining Management Software Updates New releases of management software for our managed products are available from either of the following Internet sites: ❑ Allied Telesyn web site: www.alliedtelesyn.com ❑ Allied Telesyn FTP server: ftp://ftp.alliedtelesyn.com...
Page 18 Preface...
Page 19: Starting A Command Line Management Session
Chapter 1 Starting a Command Line Management Session This chapter contains the following topics: ❑ “Starting a Command Line Management Session” on page 20 ❑ “Command Line Interface Features” on page 21 ❑ “Command Formatting” on page 22...
Page 20: Starting A Command Line Management Session
Chapter 1: Starting a Command Line Management Session Starting a Command Line Management Session The default management session type is the command line interface (CLI). The prompt differs depending on whether you logged in as manager or operator. If you logged in as manager, you will see “#.” If you logged in as operator, you will see “$.”...
Page 21: Command Line Interface Features
AT-S63 Management Software Command Line Interface User’s Guide Command Line Interface Features The following features are supported in the command line interface: ❑ Command history - Use the up and down arrow keys. ❑ Context-specific help - Press the question mark key at any time to see a list of legal next parameters.
Page 22: Command Formatting
Chapter 1: Starting a Command Line Management Session Command Formatting The following formatting conventions are used in this manual: ❑ - This font illustrates the format of a command screen text font and command examples. ❑ screen text font - Italicized screen text indicates a variable for you to enter.
Page 23: Basic Command Line Commands
Chapter 2 Basic Command Line Commands This chapter contains the following commands: ❑ “CLEAR SCREEN” on page 24 ❑ “EXIT” on page 25 ❑ “HELP” on page 26 ❑ “LOGOFF, LOGOUT and QUIT” on page 27 ❑ “MENU” on page 28 ❑...
Page 24: Clear Screen
Chapter 2: Basic Command Line Commands CLEAR SCREEN Syntax clear screen Parameters None. Description This command clears the screen. Example The following command clears the screen: clear screen...
Page 25: Exit
AT-S63 Management Software Command Line Interface User’s Guide EXIT Syntax exit Parameters None. Description This command displays the AT-S63 Main Menu. It performs the same function as the MENU command. Example The following command displays the main menu: exit...
Page 26: Help
Chapter 2: Basic Command Line Commands HELP Syntax help Parameters None. Description This command displays a list of the CLI keywords with a brief description for each keyword. Example The following command displays the CLI keywords: help...
Page 27: Logoff, Logout And Quit
AT-S63 Management Software Command Line Interface User’s Guide LOGOFF, LOGOUT and QUIT Syntax logoff logout quit Parameters None. Description These three commands all perform the same function: they end a management session. If you are managing a slave switch, the commands return you to the master switch from which you started the management session.
Page 28: Menu
Parameters None. Description This command displays the AT-S63 Main Menu. For instructions on how to use the management menus, refer to Chapter 2, “Starting a Local or Telnet Management Session” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 29: Save Configuration
“SHOW CONFIG” on page 58. To view the contents of a configuration file, see “SHOW FILE” on page 152. For background information on boot configuration files, refer to Chapter 10, “File System” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 30: Set Prompt
Chapter 2: Basic Command Line Commands SET PROMPT Syntax prompt set prompt=" " Parameter prompt Specifies the command line prompt. The prompt can be from one to 12 alphanumeric characters. Spaces and special characters are allowed. The prompt must be enclosed in quotes. Description This command changes the command prompt.
Page 31: Set Switch Consolemode
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH CONSOLEMODE Syntax set switch consolemode=menu|cli Parameter consolemode Specifies the mode you want management sessions to start in. Options are: menu Specifies the AT-S63 Main Menu. Specifies the command line prompt. This is the default.
Page 32: Show User
Chapter 2: Basic Command Line Commands SHOW USER Syntax show user Parameter None. Description Displays the user account you used to log on to manage the switch. Example show user...
Page 33: Basic Switch Commands
Chapter 3 Basic Switch Commands This chapter contains the following commands: ❑ “DISABLE DHCPBOOTP” on page 35 ❑ “DISABLE IP REMOTEASSIGN” on page 36 ❑ “DISABLE TELNET” on page 37 ❑ “ENABLE DHCPBOOTP” on page 38 ❑ “ENABLE IP REMOTEASSIGN” on page 39 ❑...
Page 34 Chapter 3: Basic Switch Commands ❑ “SET SYSTEM” on page 55 ❑ “SET USER PASSWORD” on page 56 ❑ “SHOW ASYN” on page 57 ❑ “SHOW CONFIG” on page 58 ❑ “SHOW DHCPBOOTP” on page 59 ❑ “SHOW IP INTERFACE” on page 60 ❑...
Page 35: Disable Dhcpbootp
AT-S63 Management Software Command Line Interface User’s Guide DISABLE DHCPBOOTP Syntax disable dhcpbootp Parameters None. Description This command deactivates the DHCP and BOOTP client software on the switch. This command is equivalent to “DISABLE IP REMOTEASSIGN” on page 36. The default setting for the client software is disabled.
Page 36: Disable Ip Remoteassign
Chapter 3: Basic Switch Commands DISABLE IP REMOTEASSIGN Syntax disable ip remoteassign Parameters None. Description This command deactivates the DHCP and BOOTP client software on the switch. This command is equivalent to “DISABLE DHCPBOOTP” on page 35. The default setting for the client software is disabled. To activate the DHCP and BOOTP client software, refer to “ENABLE DHCPBOOTP”...
Page 37: Disable Telnet
AT-S63 Management Software Command Line Interface User’s Guide DISABLE TELNET Syntax disable telnet Parameters None. Description This command disables the Telnet server software on the switch. You might disable the server software if you do not want anyone to manage the switch using the Telnet application protocol or if you plan to use the Secure Shell protocol.
Page 38: Enable Dhcpbootp
Chapter 3: Basic Switch Commands ENABLE DHCPBOOTP Syntax enable dhcpbootp Parameters None. Description This command activates the DHCP and BOOTP client software on the switch. This command is equivalent to “ENABLE IP REMOTEASSIGN” on page 39. The default setting for the DHCP and BOOTP client software is disabled.
Page 39: Enable Ip Remoteassign
AT-S63 Management Software Command Line Interface User’s Guide ENABLE IP REMOTEASSIGN Syntax enable ip remoteassign Parameters None. Description This command activates the DHCP and BOOTP client software on the switch. This command is equivalent to “ENABLE DHCPBOOTP” on page 38. The default setting for the DHCP and BOOTP client software is disabled.
Page 40: Enable Telnet
Chapter 3: Basic Switch Commands ENABLE TELNET Syntax enable telnet Parameters None. Description This command activates the Telnet server on the switch. With the server activated, you can manage the switch using the Telnet application protocol from any management station on your network. To disable the server, refer to “DISABLE TELNET”...
Page 41: Ping
AT-S63 Management Software Command Line Interface User’s Guide PING Syntax ipaddress ping Parameter ipaddress Specifies the IP address of an end node you want the switch to ping. Description This command instructs the switch to ping an end node. You can use this command to determine whether a valid link exists between the switch and another device.
Page 42: Purge Ip
Chapter 3: Basic Switch Commands PURGE IP Syntax purge ip [ipaddress] [netmask] [route] Parameters ipaddress Returns the switch’s IP address to the default setting 0.0.0.0. netmask Returns the subnet mask to the default setting 0.0.0.0. route Returns the gateway address to the default setting 0.0.0.0.
Page 43: Reset Switch
AT-S63 Management Software Command Line Interface User’s Guide RESET SWITCH Syntax reset switch Parameters None. Description This command does all of the following: ❑ Performs a soft reset on all ports. The reset takes less than a second to complete. The ports retain their current operating parameter settings.
Page 44: Reset System
Chapter 3: Basic Switch Commands RESET SYSTEM Syntax reset system [name] [contact] [location] Parameters name Deletes the switch’s name. contact Deletes the switch’s contact. location Deletes the switch’s location. Description This command delete’s the switch’s name, the name of the network administrator responsible for managing the unit, and the location of the unit.
Page 45: Restart Reboot
Description This command resets the switch. The switch runs its internal diagnostics, loads the AT-S63 management software, and configures its parameter settings using the current boot configuration file. The reset takes approximately 20 to 30 seconds to complete. The switch does not forward traffic during the time required to run its internal diagnostics and initialize its operating software.
Page 46: Restart Switch
❑ Returning the switch to its default values deletes all port-based and tagged VLANs you may have created on the switch. ❑ This option does not delete files from the AT-S63 file system. To delete files, refer to “DELETE FILE” on page 148.
Page 47 AT-S63 Management Software Command Line Interface User’s Guide This command does not change the assignment of the active boot configuration file, the configuration file the switch uses the next time it is reset. If you reset or power cycle the switch, the switch uses the previous configuration.
Page 48: Set Asyn
Chapter 3: Basic Switch Commands SET ASYN Syntax set asyn speed=1200|2400|4800|9600|19200|38400| 57600|115200 [prompt=”prompt”] Parameters speed Sets the speed (baud rate) of the serial terminal port on the switch. The default is 9600 bps. prompt Specifies the command line prompt. The prompt can be from one to 12 alphanumeric characters.
Page 49: Set Ip Interface
INTERFACE” on page 60. To return the IP address and subnet mask to their default values, refer to “PURGE IP” on page 42. For background information on when to assign a switch an IP address, refer to Chapter 3, “Basic Switch Parameters” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 50 Chapter 3: Basic Switch Commands Examples The following command sets the switch’s IP address to 140.35.22.22 and the subnet mask to 255.255.255.0: set ip interface=eth0 ipaddress=140.35.22.22 netmask=255.255.255.0 The following command sets just the subnet mask: set ip interface=eth0 netmask=255.255.255.252 The following command activates the DHCP and BOOTP client software: set ip interface=eth0 ipaddress=dhcp...
Page 51: Set Ip Route
AT-S63 Management Software Command Line Interface User’s Guide SET IP ROUTE Syntax ipaddress set ip route ipaddress= Parameter ipaddress Specifies the IP address of the default gateway for the switch. Description This command specifies the IP address of the default gateway for the switch.
Page 52: Set Password Manager
Chapter 3: Basic Switch Commands SET PASSWORD MANAGER Syntax set password manager Parameters None. Description This command sets the manager’s password. Logging in as manager allows you to view and change all switch parameters. The default password is “friend.” The password can be from 0 to 16 alphanumeric characters.
Page 53: Set Password Operator
AT-S63 Management Software Command Line Interface User’s Guide SET PASSWORD OPERATOR Syntax set password operator Parameters None. Description This command sets the operator’s password. Logging in as operator allows you to only view the switch parameters. The default password is “operator.”...
Page 54: Set Switch Consoletimer
Description This command sets the console timer, which is used by the management software to end inactive management sessions. If the AT-S63 software does not detect any activity from a local or remote management station after the period of time set by the console timer, it automatically ends the management session.
Page 55: Set System
AT-S63 Management Software Command Line Interface User’s Guide SET SYSTEM Syntax name contact set system [name=" "] [contact=" "] location [location=" "] Parameters name Specifies the name of the switch. The name can be from 1 to 39 alphanumeric characters in length and must be enclosed in double quotes (“...
Page 56: Set User Password
Chapter 3: Basic Switch Commands SET USER PASSWORD Syntax password set user manager|operator password= Parameter password Specifies the password. Description This command sets the manager or operator’s password. The default manager password is “friend.” The default operator password is “operator.” The password can be from 0 to 16 alphanumeric characters. Allied Telesyn recommends that you avoid special characters, such as spaces, asterisks, or exclamation points because some web browsers do not accept them in passwords.
Page 57: Show Asyn
AT-S63 Management Software Command Line Interface User’s Guide SHOW ASYN Syntax show asyn Parameters None. Description This command displays the settings for the serial terminal port on the switch. To configure the baud rate, refer to “SET ASYN” on page 48.
Page 58: Show Config
Chapter 3: Basic Switch Commands SHOW CONFIG Syntax show config [dynamic] [info] Parameters dynamic Displays the settings for all the switch and port parameters in command line format. info Displays the settings for all the switch and port parameters. Description This command, when used without any parameter, displays two pieces of information.
Page 59: Show Dhcpbootp
AT-S63 Management Software Command Line Interface User’s Guide SHOW DHCPBOOTP Syntax show dhcpbootp Parameters None. Description This command displays the status of the DHCP and BOOTP client software on the switch. The status will be either “enabled” or “disabled.” The default setting for DHCP and BOOTP is disabled.
Page 60: Show Ip Interface
Chapter 3: Basic Switch Commands SHOW IP INTERFACE Syntax show ip interface=eth0 Parameter interface Specifies the switch’s interface number. This value is always eth0. Description This command displays the current values for the following switch parameters: ❑ IP address ❑ Subnet mask ❑...
Page 61: Show Ip Route
AT-S63 Management Software Command Line Interface User’s Guide SHOW IP ROUTE Syntax show ip route Parameters None. Description This command displays the switch’s default gateway address. You can also display the gateway address using “SHOW IP INTERFACE” on page To manually set the default gateway address, refer to “SET IP ROUTE” on page 51.
Page 62: Show Switch
Chapter 3: Basic Switch Commands SHOW SWITCH Syntax show switch Parameters None. Description This command displays the following switch parameters: ❑ Application software version ❑ Application software build date ❑ Bootloader version ❑ Bootloader build date ❑ MAC address ❑ Switch VLAN mode ❑...
Page 63: Show System
AT-S63 Management Software Command Line Interface User’s Guide SHOW SYSTEM Syntax show system Parameters None. Description This command displays the following information: ❑ MAC address ❑ IP address ❑ Model name ❑ Subnet mask ❑ Serial number ❑ Gateway ❑ System up time ❑...
Page 64 Chapter 3: Basic Switch Commands ❑ System 12 V power ❑ System temperature ❑ System fan speed ❑ Main PSU ❑ RPS For instructions on how to set the name, contact, and location of the switch, see “SET SYSTEM” on page 55. Example The following command displays the information about the switch: show system...
Page 65: Snmpv2 And Snmpv2C Commands
❑ “SHOW SNMP” on page 82 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on SNMPv1 and SNMPv2c, refer to Chapter 4, “SNMPv1 and SNMPv2c” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 66: Add Snmp Community
Chapter 4: SNMPv2 and SNMPv2c Commands ADD SNMP COMMUNITY Syntax community ipaddress add snmp community=" " [traphost= [manager= ipaddress Parameters community Specifies an existing SNMP community string on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or special character such as an exclamation point.
Page 67 AT-S63 Management Software Command Line Interface User’s Guide add snmp community=private manager=149.212.11.22 The following command adds the IP address 149.212.10.11 as a trap receiver to the “public” community string: add snmp community=public traphost=149.212.10.11...
Page 68: Create Snmp Community
Chapter 4: SNMPv2 and SNMPv2c Commands CREATE SNMP COMMUNITY Syntax community create snmp community=" " [access=read|write] [open=yes|no] [traphost= ipaddress ] [manager= ipaddress Parameters community Specifies a new community string. The maximum length of a community string is 15 alphanumeric characters. Spaces are allowed. The name must be enclosed in double quotes if it includes a space or other special character such as an exclamation point.
Page 69 AT-S63 Management Software Command Line Interface User’s Guide Description This command creates a new SNMP community string on the switch. The switch comes with two default community strings, “public,” with an access of read only, and “private,” with an access level of read and write.
Page 70 Chapter 4: SNMPv2 and SNMPv2c Commands The following command creates the new community string “wind11” with read and write access level. To limit the use of the string, its access status is specified as closed and it is assigned the IP address of the management station that will use the string: create snmp community=wind11 access=write open=no manager=149.35.24.22...
Page 71: Delete Snmp Community
AT-S63 Management Software Command Line Interface User’s Guide DELETE SNMP COMMUNITY Syntax community ipaddress delete snmp community=" " traphost= manager= ipaddress Parameters community Specifies the SNMP community string on the switch to be modified. The community string must already exist on the switch. This parameter is case sensitive.
Page 72 Chapter 4: SNMPv2 and SNMPv2c Commands The following command deletes the IP address 149.212.44.45 of a trap receiver from the community string “public.” delete snmp community=public traphost=149.212.44.45...
Page 73: Destroy Snmp Community
AT-S63 Management Software Command Line Interface User’s Guide DESTROY SNMP COMMUNITY Syntax community destroy snmp community=" " Parameter community Specifies an SNMP community string to delete from the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or special character, such as an exclamation point.
Page 74: Disable Snmp
Chapter 4: SNMPv2 and SNMPv2c Commands DISABLE SNMP Syntax disable snmp Parameters None. Description This command disables SNMP on the switch. You cannot manage the unit from an SNMP management station when SNMP is disabled. The default setting for SNMP is disabled. Example The following command disables SNMP on the switch: disable snmp...
Page 75: Disable Snmp Authenticatetrap
AT-S63 Management Software Command Line Interface User’s Guide DISABLE SNMP AUTHENTICATETRAP Syntax disable snmp authenticatetrap|authenticate_trap Parameters None. Description This command stops the switch from sending authentication failure traps to trap receivers. However, the switch will continue to send other system traps, such as alarm traps. The default setting for sending authentication failure traps is disabled.
Page 76: Disable Snmp Community
Chapter 4: SNMPv2 and SNMPv2c Commands DISABLE SNMP COMMUNITY Syntax community disable snmp community=" " Parameter community Specifies an SNMP community string to disable on the switch. This parameter is case sensitive. The string must be enclosed in double quotes if it contains a space or other special character such as an exclamation point.
Page 77: Enable Snmp
AT-S63 Management Software Command Line Interface User’s Guide ENABLE SNMP Syntax enable snmp Parameters None. Description This command activates SNMP on the switch. After activated, you can remotely manage the unit with an SNMP application program from a management station on your network. The default setting for SNMP on the switch is disabled.
Page 78: Enable Snmp Authenticatetrap
Chapter 4: SNMPv2 and SNMPv2c Commands ENABLE SNMP AUTHENTICATETRAP Syntax enable snmp authenticatetrap|authenticate_trap Parameters None. Description This command configures the switch to send authentication failure traps to trap receivers. The switch sends an authentication failure trap whenever a SNMP management station attempts to access the switch using an incorrect or invalid community string, or the management station’s IP address has not been added to a community string that has a closed access status.
Page 79: Enable Snmp Community
AT-S63 Management Software Command Line Interface User’s Guide ENABLE SNMP COMMUNITY Syntax community enable snmp community=" " Parameter community Specifies an SNMP community string. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or other special character such as an exclamation point.
Page 80: Set Snmp Community
Chapter 4: SNMPv2 and SNMPv2c Commands SET SNMP COMMUNITY Syntax community set snmp community=" " [access=read|write] [open=yes|no] Parameters community Specifies the SNMP community string whose access level or access status is to be changed. This community string must already exist on the switch. This parameter is case sensitive.
Page 81 AT-S63 Management Software Command Line Interface User’s Guide set snmp community=sw44 open=no The following command changes the access level for the SNMP community string “serv12” to read and write with open access: set snmp community=serv12 access=write open=yes...
Page 82: Show Snmp
Chapter 4: SNMPv2 and SNMPv2c Commands SHOW SNMP Syntax community show snmp [community=" "] Parameter community Specifies a community string on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or other special character such as an exclamation point.
Page 83 AT-S63 Management Software Command Line Interface User’s Guide ❑ Management station IP addresses - These are the IP addresses of management stations that can access the switch through a community string that has a closed access status. (Management station IP addresses are displayed only when you specify a specific community string using the COMMUNITY parameter in this command.) To add IP addresses of management stations to a...
Page 84 Chapter 4: SNMPv2 and SNMPv2c Commands...
Page 85: Simple Network Time Protocol (Sntp) Commands
❑ “SHOW SNTP” on page 94 ❑ “SHOW TIME” on page 95 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on SNTP, refer to Chapter 3, “Basic Switch Parameters” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 86: Add Sntpserver Peer|Ipaddress
Chapter 5: Simple Network Time Protocol (SNTP) Commands ADD SNTPSERVER PEER|IPADDRESS Syntax ipaddress add sntpserver peer|ipaddress= Parameter peer Specifies the IP address of an SNTP server. These ipaddress parameters are equivalent. Description This command adds the IP address of an SNTP server to the SNTP client software on the switch.
Page 87: Delete Sntpserver Peer|Ipaddress
AT-S63 Management Software Command Line Interface User’s Guide DELETE SNTPSERVER PEER|IPADDRESS Syntax ipaddress delete sntpserver peer|ipaddress= Parameter peer Specifies the IP address of an SNTP server. The ipaddress parameters are equivalent. Description This command deletes the IP address of the SNTP server from the SNTP client software on the switch and returns the parameter to the default value of 0.0.0.0.
Page 88: Disable Sntp
Chapter 5: Simple Network Time Protocol (SNTP) Commands DISABLE SNTP Syntax disable sntp Parameters None. Description This command disables the SNTP client software on the switch. The default setting for SNTP is disabled. Example The following command disables SNTP on the switch: disable sntp...
Page 89: Enable Sntp
AT-S63 Management Software Command Line Interface User’s Guide ENABLE SNTP Syntax enable sntp Parameters None. Description This command enables the SNTP client software on the switch. The default setting for SNTP is disabled. After enabled, the switch will obtain its date and time from an SNTP server, assuming that you have specified a server IP address with “ADD SNTPSERVER PEER|IPADDRESS”...
Page 90: Purge Sntp
Chapter 5: Simple Network Time Protocol (SNTP) Commands PURGE SNTP Syntax purge sntp Parameters None. Description This command clears the SNTP configuration and disables the SNTP server. To disable SNTP and retain the configuration, see “DISABLE SNTP” on page 88. Example The following command clears the SNTP configuration and disables SNTP:...
Page 91: Set Date
AT-S63 Management Software Command Line Interface User’s Guide SET DATE Syntax dd-mm-yyyy set date= Parameter date Specifies the date for the switch in day-month-year format. Description This command sets the date on the switch. You can use this command to set the switch’s date if you are not using an SNTP server.
Page 92: Set Sntp
Chapter 5: Simple Network Time Protocol (SNTP) Commands SET SNTP Syntax value set sntp [dst=enabled|disabled] [pollinterval= [utcoffset= value Parameters Enables or disables daylight savings time. pollinterval Specifies the time interval between two successive queries to the SNTP server. The range is 60 to 1200 seconds.
Page 93: Set Time
AT-S63 Management Software Command Line Interface User’s Guide SET TIME Syntax hh:mm:ss set time= Parameter time Specifies the hour, minute, and second for the switch’s time in 24-hour format. Description This command sets the time on the switch. You can use this command to set the switch’s time if you are not using an SNTP server.
Page 94: Show Sntp
Chapter 5: Simple Network Time Protocol (SNTP) Commands SHOW SNTP Syntax show sntp Parameters None. Description This command displays the following information: ❑ Status of the SNTP client software ❑ SNTP server IP address ❑ UTC Offset ❑ Daylight Savings Time (DST) - enabled or disabled ❑...
Page 95: Show Time
AT-S63 Management Software Command Line Interface User’s Guide SHOW TIME Syntax show time Parameters None. Description This command shows the system’s current date and time. Example The following command shows the system’s date and time. show time...
Page 96 Chapter 5: Simple Network Time Protocol (SNTP) Commands...
Page 97: Enhanced Stacking Commands
❑ “SET SWITCH STACKMODE” on page 100 ❑ “SHOW REMOTELIST” on page 102 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on enhanced stacking, refer to Chapter 5, “Enhanced Stacking” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 98: Access Switch
Chapter 6: Enhanced Stacking Commands ACCESS SWITCH Syntax number macaddress access switch number= |macaddress= Parameters number Specifies the number of the switch in an enhanced stack that you want to manage. You view this number using the SHOW REMOTELIST command. macaddress Specifies the MAC address of the switch you want to manage.
Page 99 AT-S63 Management Software Menus Interface User’s Guide Examples The following command starts a management session on switch number 12: access switch number=12 The following command starts a management session on a switch with the MAC address 00:30:84:52:02:11 access switch macaddress=003084520211...
Page 100: Set Switch Stackmode
Chapter 6: Enhanced Stacking Commands SET SWITCH STACKMODE Syntax set switch stackmode=master|slave|unavailable Parameter stackmode Specifies the enhanced stacking mode of the switch. The options are: master Specifies the switch’s stacking mode as master. A master switch must be assigned an IP address and subnet mask.
Page 101 AT-S63 Management Software Menus Interface User’s Guide Example The following command sets the switch’s stacking status to master: set switch stackmode=master...
Page 102: Show Remotelist
Chapter 6: Enhanced Stacking Commands SHOW REMOTELIST Syntax macaddress name show remotelist [sorted by= Parameter sorted Sorts the list either by MAC address or by name. The default is by MAC address. Description This command displays a list of the switches in an enhanced stack. This command can only be performed from a management session on a master switch.
Page 103: Port Parameter Commands
❑ “SHOW SWITCH PORT” on page 122 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on port parameters, refer to Chapter 6, “Port Parameters” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 104: Activate Switch Port
Chapter 7: Port Parameter Commands ACTIVATE SWITCH PORT Syntax port activate switch port= autonegotiate Parameter port Specifies a port. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22).
Page 105: Disable Interface Linktrap
AT-S63 Management Software Command Line Interface User’s Guide DISABLE INTERFACE LINKTRAP Syntax port disable interface= linktrap Parameter port Specifies the port on which you want to disable link traps. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22).
Page 106: Disable Switch Port
Chapter 7: Port Parameter Commands DISABLE SWITCH PORT Syntax port disable switch port= Parameter port Specifies the port to disable. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22).
Page 107: Disable Switch Port Flow
AT-S63 Management Software Command Line Interface User’s Guide DISABLE SWITCH PORT FLOW Syntax port disable switch port= flow=pause Parameter port Specifies the port where you want to deactivate flow control. You can specify more than one port at a time.
Page 108: Enable Interface Linktrap
Chapter 7: Port Parameter Commands ENABLE INTERFACE LINKTRAP Syntax port enable interface= linktrap Parameter port Specifies the port on which you want to enable link traps. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22).
Page 109: Enable Switch Port
AT-S63 Management Software Command Line Interface User’s Guide ENABLE SWITCH PORT Syntax port enable switch port= Parameter port Specifies the port to enable. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22).
Page 110: Enable Switch Port Flow
Chapter 7: Port Parameter Commands ENABLE SWITCH PORT FLOW Syntax port enable switch port= flow=pause Parameter port Specifies the port where you want to activate flow control. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22).
Page 111: Reset Switch Port
AT-S63 Management Software Command Line Interface User’s Guide RESET SWITCH PORT Syntax port reset switch port= Parameter port Specifies the port to reset. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22).
Page 112: Set Switch Port
Chapter 7: Port Parameter Commands SET SWITCH PORT Syntax port description set switch port= [description= [status=enabled|disabled] [speed=autonegotiate|10mhalf|10mfull||100mhalf|100mfull [mdimode=mdi|mdix] [renegotiation=auto] value [flowcontrol=disable|enable] [fctrllimit= [backpressure=yes|no|on|off|true|false|enabled|disabled] [bplimit= value ] [holbplimit= value [bcastfiltering=yes|no|on|off|true|false|enabled|disabled] [unkmcastfiltering=yes|no|on|off|true|false|enabled| disabled] [unkucastfiltering=yes|no|on|off|true|false|enabled| value disabled] [softreset] [priority= [overridepriority=yes|no|on|off|true|false] Parameters port Specifies the port you want to configure. You can specify more than one port at a time, but the ports must be of the same medium type.
Page 113 AT-S63 Management Software Command Line Interface User’s Guide 100mfull 100 Mbps and full-duplex mode. Note A speed of 1000 Mbps is only available when you set the port to autonegotiate. Note When a transceiver is inserted into an uplink slot and a link is...
Page 114 Chapter 7: Port Parameter Commands fctrllimit Specifies the number of cells for flow control. A cell represents 64 bytes. The range is 1 to 57,344 cells. The default value is 8192 cells. backpressure Controls back pressure on the port. Back pressure applies only to ports operating in half-duplex mode.
Page 115 This command sets a port’s operating parameters. You can set more than one parameter at a time. For an explanation of the port parameters, refer to Chapter 6, “Port Parameters” in the AT-S63 Management Software Menus Interface User’s Guide. Examples...
Page 116 Chapter 7: Port Parameter Commands The following command configures port 8 to operate at 10 Mbps, half duplex: set switch port=8 speed=10mhalf The following command sets the speed to 100 Mbps, the duplex mode to full duplex, the wiring configuration to MDI-X, and flow control to enabled for ports 2 to 6: set switch port=2-6 speed=100mfull mdimode=mdix flowcontrol=enabled...
Page 117: Set Switch Port Ratelimiting
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH PORT RATELIMITING Syntax set switch port=1 [bcastratelimiting=yes|no|on|off|true|false|enabled| value disabled] [bcastrate= [mcastratelimiting=yes|no|on|off|true|false|enabled| value disabled] [mcastrate= [unkucastratelimiting=yes|no|on|off|true|false|enabled| disabled] [unkucastrate= value Parameters port Specifies the port you want to configure. You can specify more than one port at a time, but the ports must be of the same medium type.
Page 118 Chapter 7: Port Parameter Commands yes, on, true, enabled Activates multicast packet rate limit on the port. The options are equivalent. no, off, false, disabled Deactivates multicast packet rate limit on the port. The options are equivalent. unkucastratelimiting Enables or disables rate limit for ingress unicast packets.
Page 119 AT-S63 Management Software Command Line Interface User’s Guide Examples The following command sets a rate limit of 40,000 ingress packets and activates broadcast and multicast rate limiting on all switch ports: set switch port=1 ratelimit=40000 bclimit=enabled mclimit=enabled The following command activates unicast rate filtering on all ports...
Page 120: Show Interface
Chapter 7: Port Parameter Commands SHOW INTERFACE Syntax port show interface= Parameter port Specifies the port whose interface information you want to display. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22).
Page 121 AT-S63 Management Software Command Line Interface User’s Guide disabled - Link traps are disabled. To enable link traps, see “ENABLE INTERFACE LINKTRAP” on page 108. Example The following command displays information about port 21: show interface 21...
Page 122: Show Switch Port
Description This command displays a port’s operating parameters, such as speed and duplex mode. For details on port parameters, refer to Chapter 6, “Port Parameters” in the AT-S63 Management Software Menus Interface User’s Guide. Examples The following command displays the operating settings for all ports:...
Page 123: Mac Address Table Commands
❑ “SHOW SWITCH FDB” on page 129 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on the MAC address table, refer to Chapter 7, “MAC Address Table” in the AT-S63 Management Software Menus Interface User’s Guide...
Page 124: Add Switch Fdb|Filter
Chapter 8: MAC Address Table Commands ADD SWITCH FDB|FILTER Syntax macaddress add switch fdb|filter destaddress|macaddress= port name port= vlan= |vid Note The FDB and FILTER keywords are equivalent. Parameters destaddress Specifies the static unicast or multicast address to be macaddress added to the switch’s MAC address table.
Page 125 AT-S63 Management Software Command Line Interface User’s Guide add switch fdb macaddress=00A0D2181A11 port=7 vlan=default_vlan The following command adds the multicast MAC address 01:00:51:00:00 10 to ports 1 to 5. The ports belong to the Engineering VLAN: add switch fdb macaddress=010051000010 port=1-5...
Page 126: Delete Switch Fdb|Filter
Chapter 8: MAC Address Table Commands DELETE SWITCH FDB|FILTER Syntax macaddress name delete switch fdb|filter macaddress= vlan= Note The FDB and FILTER keywords are equivalent. Parameters macaddress Specifies the dynamic or static unicast or multicast MAC address to delete from the MAC address table. The address can be entered in either of the following formats: xxxxxxxxxxxx or xx:xx:xx:xx:xx:xx...
Page 127: Reset Switch Fdb
AT-S63 Management Software Command Line Interface User’s Guide RESET SWITCH FDB Syntax port reset switch fdb port= Parameter port Specifies the port whose dynamic MAC addresses you want to delete from the MAC address table. You can specify more than one port at a time.
Page 128: Set Switch Agingtimer|Ageingtimer
Chapter 8: MAC Address Table Commands SET SWITCH AGINGTIMER|AGEINGTIMER Syntax value set switch agingtimer|ageingtimer= Parameter agingtimer Specifies the aging timer for the MAC address table. ageingtimer The value is in seconds. The range is 0 to 1048575. The default is 300 seconds (5 minutes). The parameters are equivalent.
Page 129: Show Switch Fdb
AT-S63 Management Software Command Line Interface User’s Guide SHOW SWITCH FDB Syntax macaddress port show switch fdb [address= ] [port= name [status=static|dynamic|multicast] [vlan= Parameters address Specifies a MAC address. Use this parameter to determine the port on the switch on which a particular MAC address was learned (dynamic) or assigned (static).
Page 130 Chapter 8: MAC Address Table Commands The following command displays the static and dynamic multicast addresses: show switch fdb status=multicast The following command displays the port on which the MAC address 00:A0:D2:18:1A:11 was learned (dynamic) or added (static): show switch fdb address=00A0D2181A11 The following command displays the MAC addresses learned on port 2: show switch fdb port=2 The following command displays the MAC addresses learned on the...
Page 131: Port Trunking Commands
❑ “SHOW SWITCH TRUNK” on page 138 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information and guidelines on port trunking, refer to Chapter 8, “Port Trunking” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 132: Add Switch Trunk
Chapter 9: Port Trunking Commands ADD SWITCH TRUNK Syntax name port add switch trunk= port= Parameters trunk Specifies the name of the port trunk to be modified. port Specifies the port to be added to the port trunk. You can add more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-20), or both (for example, 1,14-16).
Page 133: Create Switch Trunk
AT-S63 Management Software Command Line Interface User’s Guide CREATE SWITCH TRUNK Syntax name ports create switch trunk= port= [select=macsrc|macdest|macboth|ipsrc|ipdest|ipboth] Parameters trunk Specifies the name of the trunk. The name can be up to 16 alphanumeric characters. No spaces or special characters are allowed.
Page 134 Chapter 9: Port Trunking Commands Caution Do not connect the cables to the trunk ports on the switches until after you have created the trunk in the management software. Connecting the cables before configuring the software will create a loop in your network topology. Data loops can result in broadcast storms and poor network performance.
Page 135: Delete Switch Trunk
AT-S63 Management Software Command Line Interface User’s Guide DELETE SWITCH TRUNK Syntax name port delete switch trunk= port= Parameters trunk Specifies the name of the trunk to be modified. port Specifies the port to be removed from the existing port trunk. You can specify more than one port at a time.
Page 136: Destroy Switch Trunk
Chapter 9: Port Trunking Commands DESTROY SWITCH TRUNK Syntax name destroy switch trunk= Parameter trunk Specifies the name of the trunk to be deleted. Description This command deletes a port trunk from a switch. After a port trunk has been deleted, the ports that made up the trunk can be connected to different end nodes.
Page 137: Set Switch Trunk
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH TRUNK Syntax name set switch trunk= select=[macsrc|macdest|macboth|ipsrc|ipdest|ipboth] Parameters trunk Specifies the name of the port trunk. select Specifies the load distribution method. Options are: macsrc Source MAC address. macdest Destination MAC address.
Page 138: Show Switch Trunk
Chapter 9: Port Trunking Commands SHOW SWITCH TRUNK Syntax show switch trunk Parameters None. Description This command displays the names, ports, and load distribution methods of the port trunks on the switch. Example The following command displays port trunking information: show switch trunk...
Page 139: Port Mirroring Commands
❑ “SHOW SWITCH MIRROR” on page 143 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information and guidelines on port mirroring, refer to Chapter 9, “Port Mirroring” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 140: Set Switch Mirror
Chapter 10: Port Mirroring Commands SET SWITCH MIRROR Syntax port set switch mirror= Parameter mirror Specifies the destination port for the port mirror. This is the port to where the traffic from the source ports will be copied. You can specify only one port as the destination port. Specifying “0”...
Page 141: Set Switch Port Mirror
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH PORT MIRROR Syntax port set switch port= mirror=none|rx|tx|both Parameters port Specifies the source port of a port mirror. You can specify more than one port. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22).
Page 142 Chapter 10: Port Mirroring Commands The following command removes ports 5, 7, and 10 as source ports of a port mirror: set switch port=5,7,10 mirror=none...
Page 143: Show Switch Mirror
AT-S63 Management Software Command Line Interface User’s Guide SHOW SWITCH MIRROR Syntax show switch mirror Parameters None. Description This command displays the source and destination ports of a port mirror on the switch. Example The following command displays the ports of a port mirror:...
Page 144 Chapter 10: Port Mirroring Commands...
Page 145: Chapter 11 File System Commands
❑ “RENAME” on page 149 ❑ “SET CONFIG” on page 150 ❑ “SHOW FILE” on page 152 Note For background information on the switch’s file system, refer to Chapter 10, “File System” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 146: Copy
Chapter 11: File System Commands COPY Syntax filename1.ext filename2.ext copy " " " " Parameters filename1.ext Specifies the name of the file to be copied. If the name contains spaces, it must be enclosed in double quotes. Otherwise, the quotes are optional. filename2.ext Specifies the name of the copy.
Page 147: Create Config
AT-S63 Management Software Command Line Interface User’s Guide CREATE CONFIG Syntax filename create config=" .cfg" Parameter config Specifies the name of a new configuration file. If the filename contains spaces, it must be enclosed in double quotes. Otherwise, the quotes are optional.
Page 148: Delete File
Chapter 11: File System Commands DELETE FILE Syntax filename delete file=" " Parameter file Specifies the name of the file to be deleted. A name with spaces must be enclosed in double quotes. Otherwise, the quotes are optional. You cannot use wildcards.
Page 149: Rename
AT-S63 Management Software Command Line Interface User’s Guide RENAME Syntax filename1.ext filename2.ext rename " " " " Parameters filename1.ext Specifies the name of the file to be renamed. If the name contains spaces, enclose it in double quotes. Otherwise, the quotes are optional.
Page 150: Set Config
Chapter 11: File System Commands SET CONFIG Syntax filename set config=" .cfg" Parameter config Specifies the name of the configuration file to act as the active configuration file for the switch. The name can be from 1 to 15 alphanumeric characters, not including the extension “.cfg”.
Page 151 AT-S63 Management Software Command Line Interface User’s Guide Example The following command sets the boot configuration file to switch22.cfg: set config=switch22.cfg The switch uses the switch22.cfg configuration file the next time it is reset.
Page 152: Show File
Chapter 11: File System Commands SHOW FILE Syntax filename show file=" " Parameter file Specifies the name of the file to be displayed. Use double quotes to enclose the name if it contains spaces. Otherwise, the quotes are optional. Description This command displays a list of the files in the switch’s file system.
Page 153: File Download And Upload Commands
❑ “LOAD” on page 154 ❑ “UPLOAD” on page 160 Note For background information on downloading and uploading software images and configuration files, refer to Chapter 11, “File Downloads and Uploads” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 154: Load
The name can be from 1 to 15 alphanumeric characters, not including the three-letter extension. If the name includes spaces, enclose it in double quotes. If you are downloading an AT-S63 software image, the name must be “ATS63.IMG”. server Specifies the IP address of network node containing the TFTP server software.
Page 155 Do not display the download details. The options are equivalent. Description You can use this command to download a new version of the AT-S63 management software onto a switch. You can also use this command to download any of the following types of files into a switch’s file system:...
Page 156: Table 1: File Name Extensions
The DESTFILE parameter specifies a name for the file. This is the name the file will be stored as on the switch. If you are downloading an AT-S63 software image, the name must be “ATS63.IMG”. Enclose the name in double quotes if it contains a space.
Page 157 You cannot use Xmodem to download a file onto a switch accessed through enhanced stacking. ❑ The new AT-S63 image file must be stored on the computer or terminal connected to the serial terminal port on the switch.
Page 158 Xmodem, or, switch to switch using the REMOTESWITCH option. Caution After you have downloaded an AT-S63 image file, the switch writes the image to flash memory, resets itself, and re initializes the software, a process that can take a minute or so to complete. Do not interrupt the process by resetting or power cycling the switch.
Page 159 TFTP Download Examples The following command downloads a new AT-S63 image to the switch using TFTP. You can perform a TFTP download from either a local or Telnet management session. The command uses the SERVER parameter to specify the IP address of the TFTP server and the FILE parameter to indicate the location of the image file on the TFTP server.
Page 160: Upload
Description This command can upload any of the following types of files from a switch to a management station or TFTP server: ❑ AT-S63 software image ❑ Configuration file ❑ Public key certificate ❑ Public key certificate enrollment request...
Page 161: Table 2: File Name Extensions
Public key certificate .cer Public key certificate enrollment .csr request Encryption key file .key ❑ To upload the AT-S63 management image, specify “ATS63.IMG” as the value for the FILE parameter. (The AT-S63 management image is not listed in a switch’s file system.)
Page 162 Chapter 12: File Download and Upload Commands For an Xmodem upload, note the following: ❑ Xmodem can download a file only onto the switch on which you started the local management session. You cannot use Xmodem to download a file onto a switch accessed through enhanced stacking.
Page 163: Chapter 13 Event Log Commands
❑ “SHOW LOG STATUS” on page 175 Note Remember to save your changes with the SAVE CONFIGURATION command. For more information about the event log, refer to Chapter 12, “Event Log” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 164: Disable Log
This command disables the event logs. This is the default setting for the event log. Note The event logs, even when disabled, log all AT-S63 initialization events that occur when the switch is reset or power cycled. Any switch events that occur after AT-S63 initialization are recorded only if the event logs are enabled.
Page 165: Enable Log
AT-S63 Management Software Command Line Interface User’s Guide ENABLE LOG Syntax enable log Parameters None. Description This command activates the event logs. After the logs are activated, the switch immediately starts to store events. The default setting for the event logs is disabled.
Page 166: Purge Log
Chapter 13: Event Log Commands PURGE LOG Syntax purge log[=permanent|temporary] Parameter The type of memory on the switch where the log file you want to purge is located. The options are: permanent Permanent (nonvolatile) memory. Deletes all events stored in nonvolatile memory, which can contain up to 2,000 events.
Page 167: Save Log
AT-S63 Management Software Command Line Interface User’s Guide SAVE LOG Syntax filename save log[=permanent|temporary] filename=" .log" module severity [full] [module= ] [reverse] [severity= [overwrite] Parameters The source of the events you want to save to the log file. The options are: permanent Permanent (nonvolatile) memory.
Page 168 Chapter 13: Event Log Commands severity Saves events of a selected severity. Choices are I for Informational, E for Error, W for Warning, D for Debug, and ALL for All. The default is informational, error, and warning. You can select more than one severity at a time (for example, E,W).
Page 169: Set Log Fullaction
AT-S63 Management Software Command Line Interface User’s Guide SET LOG FULLACTION Syntax set log fullaction=halt|wrap Parameters fullaction Defines what the logs will do when they reach maximum capacity. Actions are: halt The logs stop storing new events. wrap The logs delete the oldest entries as new ones are added.
Page 170: Show Log
With it, the log also displays the filename, line number, and event ID. module Displays events associated with a particular AT-S63 module. For a list of modules, refer to Table 3 on page 171. reverse Controls the order of the events in the log.
Page 171: Table 3: At-S63 Modules
AT-S63 Management Software Command Line Interface User’s Guide The MODULE parameter displays entries generated by a particular AT-S63 module. You can specify more than one module at a time. If you omit this parameter, the log displays the entries for all the modules.
Page 172: Table 4: Event Log Severity Levels
Chapter 13: Event Log Commands Table 3. AT-S63 Modules Module Name Description Secure Shell protocol Secure Sockets Layer protocol Spanning Tree, Rapid Spanning, and Multiple Spanning Tree protocols SYSTEM Hardware status; Manager and Operator log in and log off events.
Page 173 ❑ Event ID - A unique number that identifies the event. (Displayed only in the full display mode.) ❑ Filename and Line Number - The subpart of the AT-S63 module and the line number that generated the event. (Displayed only in the full display mode.)
Page 174 Chapter 13: Event Log Commands The following command displays the error and warning entries for the AT-S63 module VLAN: show log module=vlan severity=e,w...
Page 175: Show Log Status
AT-S63 Management Software Command Line Interface User’s Guide SHOW LOG STATUS Syntax show log status Parameter None. Description This command displays information about the event log feature. Following is an example of what is displayed with this command: Event Log Configuration: Event Logging ...
Page 176 Chapter 13: Event Log Commands...
Page 177: Quality Of Service (Qos) Commands
❑ “SHOW QOS CONFIG” on page 182 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on Quality of Service, refer to Chapter 13, “Quality of Service” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 178: Map Qos Cosp
Chapter 14: Quality of Service (QoS) Commands MAP QOS COSP Syntax priority-number queue-number map qos cosp= qid= Parameters cosp Specifies the Class of Service (CoS) priority level. The CoS priority levels are 0 through 7, with 0 as the lowest priority and 7 as the highest. You can specify more than one priority to assign to the same egress queue.
Page 179 AT-S63 Management Software Command Line Interface User’s Guide Example The following command maps priorities 4 and 5, to queue 3: map qos cosp=4,5 qid=3...
Page 180: Set Qos Cosp
Chapter 14: Quality of Service (QoS) Commands SET QOS COSP Syntax priority-number queue-number set qos cosp= qid= Parameters cosp Specifies the Class of Service (CoS) priority level. The CoS priority levels are 0 through 7, with 0 as the lowest priority and 7 as the highest. You can specify more than one priority to assign to the same egress queue.
Page 181: Set Qos Scheduling
AT-S63 Management Software Command Line Interface User’s Guide SET QOS SCHEDULING Syntax weights set qos scheduling=strict|wrr weights= Parameters scheduling Specifies the type of scheduling. The options are: strict Strict priority. The port transmits all packets out of the higher priority queues before it transmits any from the low priority queues.
Page 182: Show Qos Config
Chapter 14: Quality of Service (QoS) Commands SHOW QOS CONFIG Syntax show qos config Parameters None. Description Displays the QoS priority queues and scheduling. Example The following command displays the QoS priority queues and scheduling: show qos config...
Page 183: Igmp Snooping Commands
❑ “SHOW IP IGMP” on page 189 Note Remember to use the SAVE CONFIGURATION command to save your changes on the switch. Note For background information on IGMP Snooping, refer to Chapter 14, “IGMP Snooping” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 184: Disable Igmpsnooping
Chapter 15: IGMP Snooping Commands DISABLE IGMPSNOOPING Syntax disable igmpsnooping Parameters None. Description This command deactivates IGMP snooping on the switch. This command performs the same function as the SNOOPINGSTATUS option in the command “SET IP IGMP” on page 186. Example The following command deactivates IGMP snooping: disable igmpsnooping...
Page 185: Enable Igmpsnooping
AT-S63 Management Software Command Line Interface User’s Guide ENABLE IGMPSNOOPING Syntax enable igmpsnooping Parameters None. Description This command activates IGMP snooping on the switch. This command performs the same function as the SNOOPINGSTATUS option in the command “SET IP IGMP” on page 186.
Page 186: Set Ip Igmp
Chapter 15: IGMP Snooping Commands SET IP IGMP Syntax set ip igmp [snoopingstatus=enabled|disabled] [hoststatus=singlehost|multihost] [timeout= value value [numbermulticastgroups= port [routerport= |all|none|auto] Parameters snoopingstatus Activates and deactivates IGMP snooping on the switch. The options are: enabled Activates IGMP snooping. disabled Deactivates IGMP snooping. This is the default setting hoststatus Specifies the IGMP host node topology.
Page 187 AT-S63 Management Software Command Line Interface User’s Guide numbermulticastgroups Specifies the maximum number of multicast addresses the switch learns. This parameter is useful with networks that contain a large number of multicast groups. You can use the parameter to prevent the switch’s MAC address table...
Page 188: Show Igmpsnooping
Chapter 15: IGMP Snooping Commands SHOW IGMPSNOOPING Syntax show igmpsnooping Parameters None. Description This command displays the following IGMP parameters: ❑ IGMP snooping status ❑ Multicast host topology ❑ Host/router timeout interval ❑ Maximum multicast groups Note For instructions on how to set the IGMP parameters, refer to “SET IP IGMP”...
Page 189: Show Ip Igmp
AT-S63 Management Software Command Line Interface User’s Guide SHOW IP IGMP Syntax show ip igmp [hostlist] [routerlist] Parameters hostlist Displays a list of the multicast groups learned by the switch, as well as the ports on the switch that are connected to host nodes. This parameter displays information only there are active host nodes.
Page 190 Chapter 15: IGMP Snooping Commands The following command displays a list of active multicast routers: show ip igmp routerlist...
Page 191: Chapter 16 Rrp Snooping Commands
❑ “ENABLE RRPSNOOPING” on page 193 ❑ “SHOW RRPSNOOPING” on page 194 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on RRP snooping, refer to Chapter 15, “RRP Snooping” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 192: Disable Rrpsnooping
Chapter 16: RRP Snooping Commands DISABLE RRPSNOOPING Syntax disable rrpsnooping Parameters None. Description This command disables RRP snooping. This is the default setting. Example The following command disables RRP snooping: disable rrpsnooping...
Page 193: Enable Rrpsnooping
AT-S63 Management Software Command Line Interface User’s Guide ENABLE RRPSNOOPING Syntax enable rrpsnooping Parameters None. Description This command enables RRP snooping. Example The following command activates RRP snooping on the switch: enable rrpsnooping...
Page 194: Show Rrpsnooping
Chapter 16: RRP Snooping Commands SHOW RRPSNOOPING Syntax show rrpsnooping Parameter None. Description This command displays the status of RRP snooping, enabled or disabled. Example The following command displays the status of RRP snooping: show rrpsnooping...
Page 195: Chapter 17 Stp Commands
❑ “SHOW STP” on page 205 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on the Spanning Tree Protocol (STP)., refer to Chapter 16, “STP and RSTP” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 196: Activate Stp
Chapter 17: STP Commands ACTIVATE STP Syntax activate stp Parameters None. Description Use this command to designate STP as the active spanning tree on the switch. You cannot enable STP or configure its parameters until you have designated it as the active spanning tree with this command. Only one spanning tree protocol, STP, RSTP, or MSTP, can be active on the switch at a time.
Page 197: Disable Stp
AT-S63 Management Software Command Line Interface User’s Guide DISABLE STP Syntax disable stp Parameters None. Description This command disables the Spanning Tree Protocol on the switch. The default setting for STP is disabled. To view the current status of STP, refer to “SHOW STP”...
Page 198: Enable Stp
Chapter 17: STP Commands ENABLE STP Syntax enable stp Parameters None. Description This command enables the Spanning Tree Protocol on the switch. The default setting for STP is disabled. To view the current status of STP, refer to “SHOW STP” on page 205. Note You cannot enable STP until after you have activated it with “ACTIVATE STP”...
Page 199: Purge Stp
AT-S63 Management Software Command Line Interface User’s Guide PURGE STP Syntax purge stp Parameters None. Description This command returns all STP bridge and port parameters to the default settings. STP must be disabled in order for you to use this command. To disable STP, see “DISABLE STP”...
Page 200: Set Stp
Chapter 17: STP Commands SET STP Syntax priority hellotime set stp [default] [priority= ] [hellotime= [forwarddelay= forwarddelay ] [maxage= maxage Parameters default Disables STP and returns all bridge and port STP settings to the default values. This parameter cannot be used with any other command parameter and can only be used when STP is disabled.
Page 201: Bridge Priority
AT-S63 Management Software Command Line Interface User’s Guide hellotime Specifies the time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds. forwarddelay Specifies the waiting period before a bridge changes to a new state, for example, becomes the new root bridge after the topology changes.
Page 202 Chapter 17: STP Commands Examples The following command sets the switch’s bridge priority value to 45,056 (increment 11): set stp priority=11 The following command sets the hello time to 7 seconds and the forwarding delay to 25 seconds: set stp hellotime=7 forwarddelay=25 The following command returns all STP parameters on the switch to the default values: set stp default...
Page 203: Set Stp Port
AT-S63 Management Software Command Line Interface User’s Guide SET STP PORT Syntax port portcost set stp port= [pathcost|portcost=auto| [portpriority= portpriority Parameters port Specifies the port you want to configure. You can configure more than one port at a time. You can...
Page 204: Table 9: Port Priority Value Increments
Chapter 17: STP Commands portpriority Specifies the port’s priority. This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge. The range is 0 to 240 in increments of 16, for a total of 16 increments as shown in Table 9.
Page 205: Show Stp
AT-S63 Management Software Command Line Interface User’s Guide SHOW STP Syntax port show stp [port= Parameter port Specifies the port whose STP parameters you want to view. You can view more than one port at a time.You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22).
Page 206 Chapter 17: STP Commands...
Page 207: Chapter 18 Rstp Commands
❑ “SHOW RSTP” on page 219 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on the Rapid Spanning Tree Protocol (RSTP)., refer to Chapter 16, “STP and RSTP” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 208: Activate Rstp
Chapter 18: RSTP Commands ACTIVATE RSTP Syntax activate rstp Parameters None. Description Use this command to designate RSTP as the active spanning tree on the switch. After you have selected RSTP, you can enable or disable it using the ENABLE RSTP and DISABLE RSTP commands. RSTP is active on a switch only after you have designated it as the active spanning tree with this command and enabled it with the ENABLE RSTP command.
Page 209: Disable Rstp
AT-S63 Management Software Command Line Interface User’s Guide DISABLE RSTP Syntax disable rstp Parameters None. Description This command disables the Rapid Spanning Tree Protocol on the switch. To view the current status of RSTP, use “SHOW RSTP” on page 219.
Page 210: Enable Rstp
Chapter 18: RSTP Commands ENABLE RSTP Syntax enable rstp Parameters None. Description This command enables the Rapid Spanning Tree Protocol on the switch. The default setting for RSTP is disabled. To view the current status of RSTP, use “SHOW RSTP” on page 219. You cannot enable RSTP until you have activated it with the ACTIVATE RSTP command.
Page 211: Purge Rstp
AT-S63 Management Software Command Line Interface User’s Guide PURGE RSTP Syntax purge rstp Parameters None. Description This command returns all RSTP bridge and port parameters to the default settings. RSTP must be disabled before you can use this command. To disable RSTP, refer to “DISABLE RSTP” on page 209.
Page 212: Set Rstp
Chapter 18: RSTP Commands SET RSTP Syntax priority hellotime set rstp [default] [priority= ] [hellotime= [forwarddelay= forwarddelay ] [maxage= maxage [rstptype|forceversion=stpcompatible| forcestpcompatible|normalrstp] Parameters default Returns all bridge and port RSTP settings to the default values. This parameter cannot be used with any other command parameter and only when RSTP is disabled.
Page 213 AT-S63 Management Software Command Line Interface User’s Guide hellotime Specifies the time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds. forwarddelay Specifies the waiting period before a bridge changes to a new state, for example, becomes the new root bridge after the topology changes.
Page 214 Chapter 18: RSTP Commands forcestpcompatible The bridge uses the RSTP parameter settings, but transmits only STP BPDU packets from the ports. This option is equivalent to the STPCOMPATIBLE option. normalrspt The bridge uses RSTP. It transmits RSTP BPDU packets, except on ports connected to bridges running STP.
Page 215: Default Values
AT-S63 Management Software Command Line Interface User’s Guide The following command returns all RSTP parameter settings to their default values: set rstp default...
Page 216: Set Rstp Port
Chapter 18: RSTP Commands SET RSTP PORT Syntax port cost set rstp port= [pathcost|portcost= |auto] [portpriority= portpriority [edgeport=yes|no|on|off|true|false] [ptp|pointtopoint=yes|no|on|off|true|false|autoupdate] [migrationcheck=yes|no|on|off|true|false] Parameters port Specifies the port you want to configure. You can specify more than one port at a time. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22).
Page 217: Table 12: Rstp Auto-Detect Port Trunk Costs
AT-S63 Management Software Command Line Interface User’s Guide Table 12 lists the RSTP port costs with Auto-Detect when the port is part of a port trunk. Table 12. RSTP Auto-Detect Port Trunk Costs Port Speed Port Cost 10 Mbps 20,000...
Page 218 Chapter 18: RSTP Commands yes, on, true The port is an edge port. The options are equivalent. This is the default. no, off, false The port is not an edge port. The options are equivalent. Defines whether the port is functioning as a point- pointtopoint to-point port.
Page 219: Show Rstp
AT-S63 Management Software Command Line Interface User’s Guide SHOW RSTP Syntax port port show rstp [portconfig= |portstate= Parameters portconfig Displays the RSTP port settings. You can specify more than one port at a time. portstate Displays the RSTP port status. You can specify more than one port at a time.
Page 220 Chapter 18: RSTP Commands The following command displays RSTP port status for port 15: show rstp portstate=15...
Page 221: Chapter 19 Mstp Commands
Chapter 19 MSTP Commands This chapter contains the following commands: ❑ “ACTIVATE MSTP” on page 223 ❑ “ADD MSTP” on page 224 ❑ “CREATE MSTP” on page 225 ❑ “DELETE MSTP” on page 226 ❑ “DESTROY MSTP MSTIID” on page 227 ❑...
Page 222 Chapter 19: MSTP Commands Note For background information on the Multiple Spanning Tree Protocol (MSTP)., refer to Chapter 17, “MSTP” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 223: Activate Mstp
AT-S63 Management Software Command Line Interface User’s Guide ACTIVATE MSTP Syntax activate mstp Parameters None. Description This command designates MSTP as the active spanning tree on the switch. You cannot enable MSTP or configure its parameters until after you have designated it as the active spanning tree with this command.
Page 224: Add Mstp
Chapter 19: MSTP Commands ADD MSTP Syntax mstiid vids add mstp mstiid= mstivlanassoc= Parameters mstiid Specifies the ID of the multiple spanning tree instance (MSTI) to which you want to associate VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. mstivlanassoc Specifies the VID of the VLAN you want to associate with the MSTI ID.
Page 225: Create Mstp
AT-S63 Management Software Command Line Interface User’s Guide CREATE MSTP Syntax mstiid vids create mstp mstiid= [mstivlanassoc= Parameters mstiid Specifies the MSTI ID of the spanning tree instance you want to create. You can specify only one MSTI ID at a time. The range is 1 to 15.
Page 226: Delete Mstp
Chapter 19: MSTP Commands DELETE MSTP Syntax mstiid vids delete mstp mstiid= mstivlanassoc= Parameters mstiid Specifies the MSTI ID of the spanning tree instance where you want to remove VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. mstivlanassoc Specifies the VID of the VLAN you want to remove from the spanning tree instance.
Page 227: Destroy Mstp Mstiid
AT-S63 Management Software Command Line Interface User’s Guide DESTROY MSTP MSTIID Syntax mstiid destroy mstp mstiid= Parameter mstiid Specifies the MSTI ID of the spanning tree instance you want to delete. You can specify only one MSTI ID at a time. The range is 1 to 15.
Page 228: Disable Mstp
Chapter 19: MSTP Commands DISABLE MSTP Syntax disable mstp Parameters None. Description This command disables the Multiple Spanning Tree Protocol on the switch. To view the current status of MSTP, refer to “SHOW MSTP” on page 242. Example The following command disables MSTP: disable mstp...
Page 229: Enable Mstp
AT-S63 Management Software Command Line Interface User’s Guide ENABLE MSTP Syntax enable mstp Parameters None. Description This command enables Multiple Spanning Tree Protocol on the switch. To view the current status of MSTP, refer to “SHOW MSTP” on page 242.
Page 230: Purge Mstp
Chapter 19: MSTP Commands PURGE MSTP Syntax purge mstp Parameters None. This command returns all MSTP bridge and port parameters settings to their default values. In order for you to use this command, MSTP must be the active spanning tree protocol on the switch and the protocol must be disabled. To select MSTP as the active spanning tree protocol on the switch, see “ACTIVATE MSTP”...
Page 231: Set Mstp
AT-S63 Management Software Command Line Interface User’s Guide SET MSTP Syntax set mstp [default] [forceversion=stpcompatible|forcestpcompatible| hellotime normalmstp] [hellotime= forwarddelay maxage [forwarddelay= ] [maxage= maxhops name number [maxhops= ] [configname=" "] [revisionlevel= Parameters default Disables MSTP and returns all bridge and port MSTP settings to the default values.
Page 232 Chapter 19: MSTP Commands normalmspt The bridge uses MSTP. The bridge sends out MSTP BPDU packets from all ports except for those ports connected to bridges running STP. This is the default setting. hellotime Specifies the time interval between generating and sending configuration messages by the bridge.
Page 233 AT-S63 Management Software Command Line Interface User’s Guide revisionlevel Specifies the version number of an MSTP region. The range is 0 (zero) to 255. This is an arbitrary number that you assign to a region. The version level must be the same on all bridges in a region.
Page 234: Set Mstp Cist
Chapter 19: MSTP Commands SET MSTP CIST Syntax priority set mstp cist priority= Parameter priority Specifies the CIST priority number for the switch. The range is 0 to 61,440 in increments of 4,096. The range is divided into sixteen increments, as shown in Table 14.
Page 235 AT-S63 Management Software Command Line Interface User’s Guide Example The following command sets the CIST priority value to 45,056, which is increment 11: set mstp cist priority=11...
Page 236: Set Mstp Msti
Chapter 19: MSTP Commands SET MSTP MSTI Syntax mstiid priority set mstp msti mstiid= priority= Parameters mstiid Specifies a MSTI ID. You can specify only one MSTI ID at a time. The range is 1 to 15. priority Specifies the MSTI priority value for the switch. The range is 0 to 61,440 in increments of 4,096.
Page 237 AT-S63 Management Software Command Line Interface User’s Guide The PRIORITY parameter specifies the new MSTI priority value. The range is 0 (zero) to 61,440 in increments of 4,096, with 0 being the highest priority. Examples The following command changes the MSTI priority value to 45,056...
Page 238: Set Mstp Mstivlanassoc
Chapter 19: MSTP Commands SET MSTP MSTIVLANASSOC Syntax mstiid vids set mstp mstivlanassoc mstiid= vlanlist= Parameters mstiid Specifies the ID of the spanning tree instance where you want to associate VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. vlanlist Specifies the VID of the VLAN you want to associate with the MSTI ID.
Page 239: Set Mstp Port
AT-S63 Management Software Command Line Interface User’s Guide SET MSTP PORT Syntax port portcost set mstp port= |all [intportcost=auto| [extportcost= portcost ] [portpriority= priority [edgeport=yes|no|no|on|off|true|false] [ptp|pointtopoint=yes|no|on|off|true|false|autoupdate] [migrationcheck=yes|no|on|off|true|false] Parameters port Specifies the port you want to configure. You can specify more than one port at a time. To configure all ports in the switch, enter ALL.
Page 240: Table 16: Port Priority Value Increments
Chapter 19: MSTP Commands Table 16. Port Priority Value Increments Port Port Increment Increment Priority Priority edgeport Defines whether the port is functioning as an edge port. An edge port is connected to a device operating at half-duplex mode and is not connected to any device running STP or MSTP.
Page 241 AT-S63 Management Software Command Line Interface User’s Guide migrationcheck This parameter resets a MSTP port, allowing it to send MSTP BPDUs. When a MSTP bridge receives STP BPDUs on an MSTP port, the port transmits STP BPDUs. The MSTP port continues to transmit STP BPDUs indefinitely.
Page 242: Show Mstp
You can specify only one parameter at a time in this command. Description This command displays MSTP parameters. For definitions of the MSTP terms used below, refer to Chapter 17, “MSTP” in the AT-S63 Management Software Menus Interface User’s Guide. Entering SHOW MSTP without any parameters displays the following MSTP settings: ❑...
Page 243 AT-S63 Management Software Command Line Interface User’s Guide ❑ Configuration name ❑ Reversion level ❑ Bridge identifier The PORTCONFIG parameter displays the following MSTP port parameter settings: ❑ Edge-port status ❑ Point-to-point status ❑ External and internal port costs ❑ Port priority...
Page 244 Chapter 19: MSTP Commands...
Page 245: Snmpv3 Commands
Chapter 20 SNMPv3 Commands This chapter contains the following commands: ❑ “ADD SNMPV3 USER” on page 247 ❑ “CLEAR SNMPV3 ACCESS” on page 249 ❑ “CLEAR SNMPV3 COMMUNITY” on page 251 ❑ “CLEAR SNMPV3 NOTIFY” on page 252 ❑ “CLEAR SNMPV3 TARGETADDR” on page 253 ❑...
Page 246 ❑ “SHOW SNMPV3 VIEW” on page 302 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information about the SNMPv3 protocol, refer to Chapter 18, “SNMPv3” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 247: Add Snmpv3 User
AT-S63 Management Software Command Line Interface User’s Guide ADD SNMPV3 USER Syntax user add snmpv3 user= [authentication=md5|sha] =password =password authpassword privpassword [storagetype=volatile|nonvolatile] Parameters user Specifies the name of an SNMPv3 user, up to 32 alphanumeric characters. authentication Specifies the authentication protocol that is used to authenticate this user with an SNMP entity (manager or NMS).
Page 248 Chapter 20: SNMPv3 Commands nonvolatile Allows you to save the table entry to the configuration file on the switch. Description This command creates an SNMPv3 User Table entry. Examples The following command creates an SNMPv3 user with the name “steven142” with an authentication protocol of MD5, an authentication password of “99doublesecret12”, a privacy password of “encrypt178”...
Page 249: Clear Snmpv3 Access
AT-S63 Management Software Command Line Interface User’s Guide CLEAR SNMPV3 ACCESS Syntax access clear snmpv3 access= [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] readview writeview notifyview Parameters access Specifies the name of the security group, up to 32 alphanumeric characters. securitymodel Specifies the security model. The options are: Associates the Security Name, or User Name, with the SNMPv1 protocol.
Page 250 Chapter 20: SNMPv3 Commands Description This command clears the specified fields in an SNMPv3 Access Table entry. Examples The following command clears the readview parameter in a security group called “Engineering” which has a security model of the SNMPv3 protocol and a security level of privacy. clear snmpv3 access=Engineering securitymodel=v3 securitylevel=privacy readview The following command clears the values in the readview, writeview,...
Page 251: Clear Snmpv3 Community
AT-S63 Management Software Command Line Interface User’s Guide CLEAR SNMPV3 COMMUNITY Syntax index clear snmpv3 community index= transporttag Parameters index Specifies the name of an existing SNMPv3 Community Table entry, up to 32 alphanumeric characters. transporttag Specifies the transport tag, up to 32 alphanumeric characters.
Page 252: Clear Snmpv3 Notify
Chapter 20: SNMPv3 Commands CLEAR SNMPV3 NOTIFY Syntax notify clear snmpv3 notify= Parameters notify Specifies the name of an SNMPv3 Notify Table entry, up to 32 alphanumeric characters. Specifies the notify tag name, up to 32 alphanumeric characters. Description This command clears the value of the tag parameter in an SNMPv3 Notify Table entry.
Page 253: Clear Snmpv3 Targetaddr
AT-S63 Management Software Command Line Interface User’s Guide CLEAR SNMPV3 TARGETADDR Syntax targetaddr clear snmpv3 targetaddr= taglist Parameters targetaddr Specifies the name of the SNMPv3 Target Address Table entry, up to 32 alphanumeric characters. taglist Specifies a tag or list of tags, up to 256 alphanumeric characters.
Page 254: Clear Snmpv3 View
Chapter 20: SNMPv3 Commands CLEAR SNMPV3 VIEW Syntax view clear snmpv3 view= [subtree=OID|text] mask Parameters view Specifies the name of the SNMPv3 view, up to 32 alphanumeric characters. subtree Specifies the view of the MIB Tree. Options are: A numeric value in hexadecimal format. text Text name of the view.
Page 255: Create Snmpv3 Access
AT-S63 Management Software Command Line Interface User’s Guide CREATE SNMPV3 ACCESS Syntax access create snmpv3 access= [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| readview writeview privacy] readview= writeview= notifyview notifyview= [storagetype=volatile|nonvolatile] Parameters access Specifies the name of the security group, up to 32 alphanumeric characters.
Page 256 Chapter 20: SNMPv3 Commands to this parameter, then the writeview parameter defaults to none. notifyview Specifies a Notify View Name that allows the users assigned to this Group Name to send traps permitted in the specified View. This is an optional parameter.
Page 257 AT-S63 Management Software Command Line Interface User’s Guide create snmpv3 access=hwengineering securitymodel=v3 securitylevel=authentication readview=internet Note In the above example, the storage type has not been specified. As a result, the storage type for the hwengineering security group is volatile storage.
Page 258: Create Snmpv3 Community
Chapter 20: SNMPv3 Commands CREATE SNMPV3 COMMUNITY Syntax index create snmpv3 community index= communityname securityname communityname= securityname= transporttag transporttag= [storagetype=volatile|nonvolatile] Parameters index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. communityname Specifies a password for this community entry, up to 32 alphanumeric characters.
Page 259 AT-S63 Management Software Command Line Interface User’s Guide create snmpv3 community index=95 communityname=12sacramento49 securityname=regina transporttag=trainingtag storagetype=nonvolatile...
Page 260: Create Snmpv3 Group
Chapter 20: SNMPv3 Commands CREATE SNMPV3 GROUP Syntax username create snmpv3 group username= groupnam [securitymodel=v1|v2c|v3] groupname= [storagetype=volatile|nonvolatile] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: Associates the Security Name, or User Name, with the SNMPv1 protocol.
Page 261 AT-S63 Management Software Command Line Interface User’s Guide Examples The following command creates the SNMPv3 SecurityToGroup Table entry for a user named Nancy. The security model is set to the SNMPv3 protocol. The group name, or security group, for this user is the “admin”...
Page 262: Create Snmpv3 Notify
Chapter 20: SNMPv3 Commands CREATE SNMPV3 NOTIFY Syntax notify create snmpv3 notify= tag= [type=trap|inform] [storagetype=volatile|nonvolatile] Parameters notify Specifies the name of an SNMPv3 Notify Table entry, up to 32 alphanumeric characters. Specifies the notify tag name, up to 32 alphanumeric characters. This is an optional parameter.
Page 263 AT-S63 Management Software Command Line Interface User’s Guide Examples The following command creates the SNMPv3 Notify Table entry called “testengtrap1” and the notify tag is “testengtag1.” The message type is defined as a trap message and the storage type for this entry is nonvolatile storage.
Page 264: Create Snmpv3 Targetaddr
Chapter 20: SNMPv3 Commands CREATE SNMPV3 TARGETADDR Syntax targetaddr params create snmpv3 targetaddr= params= ipaddress udpport timeout ipaddress= udpport= timeout= retries taglist retries= taglist= [storagetype=volatile|nonvolatile] Parameters targetaddr Specifies the name of the SNMP manager, or host, that manages the SNMP activity on the switch, up to 32 alphanumeric characters.
Page 265 AT-S63 Management Software Command Line Interface User’s Guide Examples In the following command, the name of the Target Address Table entry is “snmphost1.” In addition, the params parameter is assigned to “snmpv3manager” and the IP address is 198.1.1.1. The tag list consists of “swengtag,”...
Page 266: Create Snmpv3 Targetparams
Chapter 20: SNMPv3 Commands CREATE SNMPV3 TARGETPARAMS Syntax targetparams username create snmpv3 targetparams= username= [securitymodel=v1|v2c|v3] [messageprocessing=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] [storagetype=volatile|nonvolatile] Parameters targetparams Specifies the name of the SNMPv3 Target Parameters Table entry, up to 32 alphanumeric characters. username Specifies a user name configured in the SNMPv3 User Table.
Page 267 AT-S63 Management Software Command Line Interface User’s Guide noauthentication This option provides no authentication protocol and no privacy protocol. authentication This option provides an authentication protocol, but no privacy protocol. privacy This option provides an authentication protocol and the privacy protocol.
Page 268: Create Snmpv3 View
Chapter 20: SNMPv3 Commands CREATE SNMPV3 VIEW Syntax view mask create snmpv3 view= [subtree=OID|text] mask= [type=included|excluded] [storagetype=volatile|nonvolatile] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view of the MIB Tree. The options are: A numeric value in hexadecimal format.
Page 269 AT-S63 Management Software Command Line Interface User’s Guide Examples The following command creates an SNMPv3 View Table entry called “internet1” with a subtree value of the Internet MIBs and a view type of included. The storage type for this table entry is nonvolatile storage.
Page 270: Delete Snmpv3 User
Chapter 20: SNMPv3 Commands DELETE SNMPV3 USER Syntax user delete snmpv3 user= Parameters user Specifies the name of an SNMPv3 user to delete from the switch. Description This command deletes an SNMPv3 User Table entry. After you delete an SNMPv3 user from the switch, you cannot recover it. Examples The following command deletes the user named “wilson890.”...
Page 271: Destroy Snmpv3 Access
AT-S63 Management Software Command Line Interface User’s Guide DESTROY SNMPv3 ACCESS Syntax access destroy snmpv3 access= [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] Parameter access Specifies an SNMPv3 Access Table entry. securitymodel Specifies the security model of the user name specified above. The options are: Associates the Security Name, or User Name, with the SNMPv1 protocol.
Page 272 Chapter 20: SNMPv3 Commands Examples The following command deletes the SNMPv3 Access Table entry called “swengineering” with a security model of the SNMPv3 protocol and a security level of authentication. destroy snmpv3 access=swengineering securitymodel=v3 securitylevel=authentication The following command deletes the SNMPv3 Access Table entry called “testengineering”...
Page 273: Destroy Snmpv3 Community
AT-S63 Management Software Command Line Interface User’s Guide DESTROY SNMPv3 COMMUNITY Syntax index destroy snmpv3 community index= Parameter index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. Description This command deletes an SNMPv3 Community Table entry. After you delete an SNMPv3 Community Table entry, you cannot recover it.
Page 274: Destroy Snmpv3 Group
Chapter 20: SNMPv3 Commands DESTROY SNMPv3 GROUP Syntax username destroy snmpv3 group username= [securitymodel=v1|v2c|v3] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: Associates the Security Name, or User Name, with the SNMPv1 protocol.
Page 275: Destroy Snmpv3 Notify
AT-S63 Management Software Command Line Interface User’s Guide DESTROY SNMPv3 NOTIFY Syntax notify destroy snmpv3 notify= Parameter notify Specifies an SNMPv3 Notify Table entry. Description This command deletes an SNMPv3 Notify Table entry. After you delete an SNMPv3 Notify Table entry, you cannot recover it.
Page 276: Destroy Snmpv3 Targetaddr
Chapter 20: SNMPv3 Commands DESTROY SNMPv3 TARGETADDR Syntax target destroy snmpv3 targetaddr= Parameter targetaddr Specifies an SNMPv3 Target Address table entry. Description This command deletes an SNMPv3 Target Address Table entry. After you delete an SNMPv3 Target Address Table entry, you cannot recover it. Example The following command deletes an SNMPv3 Address Table entry called “snmpmanager.”...
Page 277: Destroy Snmpv3 Targetparms
AT-S63 Management Software Command Line Interface User’s Guide DESTROY SNMPv3 TARGETPARMS Syntax targetparams destroy snmpv3 targetparams= Parameter targetparams Specifies an SNMPv3 Target Parameters table entry. Description This command deletes an SNMPv3 Target Parameters Table entry. After you delete an SNMPv3 Target Parameters Table entry, you cannot recover it.
Page 278: Destroy Snmpv3 View
Chapter 20: SNMPv3 Commands DESTROY SNMPV3 VIEW Syntax view destroy snmpv3 view= [subtree=OID|text] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view subtree view. The options are: A numeric value in hexadecimal format. text Text name of the view.
Page 279: Set Snmpv3 Access
AT-S63 Management Software Command Line Interface User’s Guide SET SNMPV3 ACCESS Syntax access set snmpv3 access= [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| readview writeview privacy] readview= writeview= notifyview= notifyview [storagetype=volatile|nonvolatile] Parameters access Specifies the name of the group, up to 32 alphanumeric characters. securitymodel Specifies the security model.
Page 280 Chapter 20: SNMPv3 Commands volatile Does not allow you to save the table entry to the configuration file on the switch. This is the default. nonvolatile Allows you to save the table entry to the configuration file on the switch. Description This command modifies an SNMPv3 Access Table entry.
Page 281: Set Snmpv3 Community
AT-S63 Management Software Command Line Interface User’s Guide SET SNMPV3 COMMUNITY Syntax index communityname set snmpv3 community index= communityname= securityname transporttag securityname= transporttag= [storagetype=volatile|nonvolatile] Parameters index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters.
Page 282 Chapter 20: SNMPv3 Commands The following command modifies the community table entry with an index of 52. The community has a password of “oldmiss71” and a security name of “jjhuser234.” The transport tag is set to “testtag40.” set snmpv3 community index=52 communityname=oldmiss71 securityname=jjhuser234 transporttag=testtag40...
Page 283: Set Snmpv3 Group
AT-S63 Management Software Command Line Interface User’s Guide SET SNMPV3 GROUP Syntax username set snmpv3 group username= [securitymodel=v1|v2c|v3] groupnam groupname= e [storagetype=volatile|nonvolatile] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name.
Page 284 Chapter 20: SNMPv3 Commands Examples The following command modifies the SecurityToGroup Table entry with a user name of “nancy28.” The security model is the SNMPv3 protocol. and the group name is set to engineering. set snmpv3 group username=nancy28 securitymodel=v3 groupname=engineering The following command modifies the SecurityToGroup Table entry with a user name of “nelvid.”...
Page 285: Set Snmpv3 Notify
AT-S63 Management Software Command Line Interface User’s Guide SET SNMPV3 NOTIFY Syntax notify set snmpv3 notify= tag= [type=trap|inform] [storagetype=volatile|nonvolatile] Parameters notify Specifies the name associated with the trap message, up to 32 alphanumeric characters. Specifies the notify tag name, up to 32 alphanumeric characters.
Page 286 Chapter 20: SNMPv3 Commands The following command modifies an SNMPv3 Notify Table entry called “systemtestinform5.” The notify tag is “systemtestinform5tag” and the message type is an inform message. set snmpv3 notify=systemtestinform5 tag=systemtestinform5tag type=inform...
Page 287: Set Snmpv3 Targetaddr
AT-S63 Management Software Command Line Interface User’s Guide SET SNMPV3 TARGETADDR Syntax targetaddr params set snmpv3 targetaddr= params= ipaddress udpport timeout ipaddress= udpport= timeout= retries taglist retries= taglist= [storagetype=volatile|nonvolatile] Parameters targetaddr Specifies the name of the SNMP entity (NMS or manager) that manages the SNMP activity on the switch, up to 32 alphanumeric characters.
Page 288 Chapter 20: SNMPv3 Commands Description This command modifies an SNMPv3 Target Address Table entry. Examples The following command modifies the Target Address Table entry with a value of “snmphost.” The params parameter is set to “targetparameter7” and the IP address is 198.1.1.1. The taglist is set to “systemtesttraptag” and “systemtestinformtag.”...
Page 289: Set Snmpv3 Targetparams
AT-S63 Management Software Command Line Interface User’s Guide SET SNMPV3 TARGETPARAMS Syntax targetparams username set snmpv3 targetparams= username= [securitymodel=v1|v2c|v3] [messageprocessing=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] [storagetype=volatile|nonvolatile] Parameters targetparams Specifies the target parameters name, up to 32 alphanumeric characters. username Specifies the user name.
Page 290 Chapter 20: SNMPv3 Commands noauthentication This option provides no authentication protocol and no privacy protocol. authentication This option provides an authentication protocol, but no privacy protocol. privacy This option provides an authentication protocol and the privacy protocol. storagetype Specifies the storage type of this table entry. This is an optional parameter.
Page 291: Set Snmpv3 User
AT-S63 Management Software Command Line Interface User’s Guide SET SNMPV3 USER Syntax user set snmpv3 user= [authentication=md5|sha] =password =password authpassword privpassword [storagetype=volatile|nonvolatile] Parameters user Specifies the name of an SNMPv3 user, up to 32 alphanumeric characters. authentication Specifies the authentication protocol that is used to authenticate this user with an SNMPv3 entity (or NMS).
Page 292 Chapter 20: SNMPv3 Commands Examples The following command modifies a User Table entry called “atiuser104”. The authentication protocol is set to the MD5 protocol and the authentication password is “atlanta45denver.” The DES privacy protocol is on and the privacy password is “denvertoatlanta3.” set snmpv3 user=atiuser104 authentication=md5 authpassword=atlanta45denver privpassword=denvertoatlanta3 The following command modifies a User Table entry called “atiuser104.”...
Page 293: Set Snmpv3 View
AT-S63 Management Software Command Line Interface User’s Guide SET SNMPV3 VIEW Syntax view mask set snmpv3 view= [subtree=OID|text] mask= [type=included|excluded] [storagetype=volatile|nonvolatile] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view subtree view. Options are: A numeric value in hexadecimal format.
Page 294 Chapter 20: SNMPv3 Commands Examples The following command modifies the view called “internet1.” The subtree is set to the Internet MIBs and the view type is included. set snmpv3 view=internet1 subtree=internet type=included The following command modifies the view called system. The subtree is set to 1.3.6.1.2.1 (System MIBs) and the view type is excluded.
Page 295: Show Snmpv3 Access
AT-S63 Management Software Command Line Interface User’s Guide SHOW SNMPV3 ACCESS Syntax access show snmpv3 access= Parameter access Specifies an SNMPv3 Access Table entry. Description This command displays the SNMPv3 Access Table. You can display one or all of the table entries.
Page 296: Show Snmpv3 Community
Chapter 20: SNMPv3 Commands SHOW SNMPV3 COMMUNITY Syntax index show snmpv3 community index= Parameter index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. Description This command displays the SNMPv3 Community Table. You can display one or all of the SNMPv3 Community Table entries.
Page 297: Show Snmpv3 Group
AT-S63 Management Software Command Line Interface User’s Guide SHOW SNMPv3 GROUP Syntax username show snmpv3 group username= [securitymodel=v1|v2c|v3] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: Associates the Security Name, or User Name, with the SNMPv1 protocol.
Page 298: Show Snmpv3 Notify
Chapter 20: SNMPv3 Commands SHOW SNMPV3 NOTIFY Syntax notify show snmpv3 notify= Parameter notify Specifies an SNMPv3 Notify Table entry. Description This command displays SNMPv3 Notify Table entries. You can display one or all of the table entries. Examples The following command displays the SNMPv3 Notify Table entry called “testengtrap1”: show snmpv3 notify=testengtrap1 The following command displays all of the SNMPv3 Notify Table entries:...
Page 299: Show Snmpv3 Targetaddr
AT-S63 Management Software Command Line Interface User’s Guide SHOW SNMPV3 TARGETADDR Syntax targetaddr show snmpv3 targetaddr= Parameter targetaddr Specifies an SNMPv3 Target Address Table entry. Description This command displays SNMPv3 Target Address Table entries. You can display one or all of the table entries.
Page 300: Show Snmpv3 Targetparams
Chapter 20: SNMPv3 Commands SHOW SNMPV3 TARGETPARAMS Syntax targetparams show snmpv3 targetparams= Parameter targetparams Specifies an SNMPv3 Target Parameters Table entry. Description This command displays SNMPv3 Target Parameters Table entries. You can display one or all of the table entries. Examples The following command displays the SNMPv3 Target Parameters Table entry called “snmpv3manager95”:...
Page 301: Show Snmpv3 User
AT-S63 Management Software Command Line Interface User’s Guide SHOW SNMPV3 USER Syntax user show snmpv3 user= Parameters user Specifies the name of an SNMPv3 user, up to 32 alphanumeric characters. Description This command displays SNMPv3 User Table entries. You can display one or all of the table entries.
Page 302: Show Snmpv3 View
Chapter 20: SNMPv3 Commands SHOW SNMPV3 VIEW Syntax view show snmpv3 view= [subtree=OID|text] Parameter view Specifies an SNMPv3 View Table entry. subtree Specifies the view subtree view. Options are: A numeric value in hexadecimal format. text Text name of the view. Description This command displays the SNMPv3 View Table entries.
Page 303: Vlans And Multiple Vlan Mode Commands
Remember to use the SAVE CONFIGURATION command to save your changes on the switch. Note For background information on tagged and port-based VLANs, multiple VLAN modes, and ingress filtering, refer to Chapter 19, “Port-based and Tagged VLANs” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 304: Add Vlan
Chapter 21: VLANs and Multiple VLAN Mode Commands ADD VLAN Syntax 1 name ports add vlan= [vid= ] port= |all frame=untagged|tagged Syntax 2 name ports add vlan= [vid= ] taggedports= |all ports untaggedports= |all Parameters vlan Specifies the name of the VLAN you want to modify. The name can be from 1 to 20 characters in length.
Page 305 AT-S63 Management Software Command Line Interface User’s Guide Note When a transceiver is inserted into an uplink slot and a link is established, that slot becomes a primary uplink port and the corresponding backup port, 23R or 24R, automatically transitions to redundant uplink status.
Page 306 Chapter 21: VLANs and Multiple VLAN Mode Commands Adding both tagged and untagged ports to a VLAN using Syntax 1 takes two commands, one command for each port type. For example, if you had a VLAN called Service and you wanted to add port 5 as a tagged port and ports 7 and 8 as untagged ports, the commands would be: add vlan=Service port=5 frame=tagged add vlan=Service port=7-8 frame=untagged...
Page 307: Create Vlan
AT-S63 Management Software Command Line Interface User’s Guide CREATE VLAN Syntax 1 name ports create vlan= vid= port= |all frame=untagged|tagged Syntax 2 name ports create vlan= vid= taggedports= |all ports untaggedports= |all Parameters vlan Specifies the name of the VLAN. You must assign a name to a VLAN.
Page 308 Chapter 21: VLANs and Multiple VLAN Mode Commands port Specifies the ports on the switch that are either tagged or untagged members of the new VLAN. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22).
Page 309 AT-S63 Management Software Command Line Interface User’s Guide Tagged ports of the new VLAN remain as tagged and untagged members of their current VLAN assignments. No change is made to a tagged port’s current VLAN assignments, other than its addition to the new VLAN.
Page 310 Chapter 21: VLANs and Multiple VLAN Mode Commands The advantage of Syntax 2 over Syntax 1 is that you can create VLANs containing both types of ports with one rather than two commands.
Page 311: Delete Vlan
AT-S63 Management Software Command Line Interface User’s Guide DELETE VLAN Syntax 1 name ports delete vlan= [vid= ] port= frame=untagged|tagged Syntax 2 name ports delete vlan= [vid= ] taggedports= ports untaggedports= Parameters vlan Specifies the name of the VLAN to be modified.
Page 312 Chapter 21: VLANs and Multiple VLAN Mode Commands Note You cannot change a VLAN’s name or VID. When you remove an untagged port from a VLAN, the following happens: ❑ The port is returned to the Default_VLAN as an untagged port. ❑...
Page 313 AT-S63 Management Software Command Line Interface User’s Guide delete vlan=Service port=6-8 frame=untagged Using Syntax 2, you can do the whole thing with just one command: delete vlan=Service untaggedports=6-8 taggedports=2...
Page 314: Destroy Vlan
Chapter 21: VLANs and Multiple VLAN Mode Commands DESTROY VLAN Syntax name destroy vlan vlan= |all [vid= Parameters vlan Specifies the name of the VLAN to be deleted. To delete all VLANs, use the ALL option. Specifies the VID of the VLAN to be deleted. This parameter is optional.
Page 315: Set Switch Infiltering
To view the current setting, use the “SHOW SWITCH” on page 62. For further information on ingress filtering, refer to the AT-S63 Management Software Menus Interface User’s Guide. Example...
Page 316: Set Switch Managementvlan
For background information on the function of the management VLAN, refer to Chapter 19, “Port-based and Tagged VLANs” in the AT-S63 Management Software Menus Interface User’s Guide. To determine the current management VLAN, use the SHOW SWITCH command.
Page 317: Set Switch Vlanmode
UPLINKPORT parameter. You can specify only one uplink port. Note For background information on the multiple VLAN modes, refer to Chapter 20, “Multiple VLANs” in the AT-S63 Management Software Menus Interface User’s Guide. Examples The following command configures the switch for the 802.1Q-compliant...
Page 318 Chapter 21: VLANs and Multiple VLAN Mode Commands The following command sets the switch so that you can create your own port-based and tagged VLANs: set switch vlanmode=userconfig...
Page 319: Set Vlan
AT-S63 Management Software Command Line Interface User’s Guide SET VLAN Syntax name set vlan= [vid= ] type=portbased Parameter vlan Specifies the name of the dynamic GVRP VLAN you want to convert into a static VLAN. To view VLAN names, refer to “SHOW VLAN” on page 320.
Page 320: Show Vlan
Chapter 21: VLANs and Multiple VLAN Mode Commands SHOW VLAN Syntax name show vlan[= Parameter vlan Specifies the name or VID of the VLAN. Description This command displays the following information: ❑ VLAN mode ❑ VLAN name ❑ Untagged port(s) ❑...
Page 321: Garp Vlan Registration Protocol Commands
You cannot convert a dynamic GVRP VLAN or port to a static VLAN or port using the command line interface. That is possible only from the menus interface. Refer to Chapter 21, “GARP VLAN Registration Protocol” in the AT-S63 Management Software Menus Interface User’s Guide for background information on GVRP.
Page 322: Disable Garp
[gip] Parameters garp Specifies the GARP application you want to disable. The only GARP application supported by AT-S63 management software is GVRP. Disables GARP Information Propagation (GIP). Note The online help for this command contains an STP option. The option is not supported.
Page 323: Enable Garp
AT-S63 Management Software Command Line Interface User’s Guide ENABLE GARP Syntax enable garp=gvrp [gip] Parameters garp Specifies the GARP application you want to enable. The only GARP application supported by AT-S63 management software is GVRP. Enables GARP Information Propagation (GIP).
Page 324: Purge Garp
Syntax purge garp=gvrp Parameter garp Specifies the GARP application you want to reset. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported.
Page 325: Set Garp Port
AT-S63 Management Software Command Line Interface User’s Guide SET GARP PORT Syntax port set garp=gvrp port= mode=normal|none Parameters garp Specifies the GARP application you want to configure. The only GARP application supported by AT-S63 management software is GVRP. port Specifies the port you want to configure on the switch.
Page 326: Set Garp Timer
Parameters garp Specifies the GARP application you want to configure. The only GARP application supported by AT-S63 management software is GVRP. default Returns the GARP timers to their default settings. jointime Specifies the Join Timer in centi seconds, which are one hundredths of a second.
Page 327 AT-S63 Management Software Command Line Interface User’s Guide Examples The following command sets the Join Period timer to 0.1 second, Leave Period timer to 0.35 seconds, and the LeaveAllPeriod timer to 11 seconds for all GVRP applications: set garp=gvrp timer jointime=10 leavetime=35...
Page 328: Show Garp
Syntax show garp=gvrp Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported.
Page 329: Show Garp Counter
AT-S63 Management Software Command Line Interface User’s Guide SHOW GARP COUNTER Syntax show garp=gvrp counter Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported.
Page 330 Chapter 22: GARP VLAN Registration Protocol Commands ❑ Receive GARP Messages: JoinIn ❑ Transmit GARP Messages: JoinIn ❑ Receive GARP Messages: LeaveEmpty ❑ Transmit GARP Messages: LeaveEmpty ❑ Receive GARP Messages: LeaveIn ❑ Transmit GARP Messages: LeaveIn ❑ Receive GARP Messages: Empty ❑...
Page 331: Show Garp Database
AT-S63 Management Software Command Line Interface User’s Guide SHOW GARP DATABASE Syntax show garp=gvrp database Parameters garp Specifies the GARP application you want to display. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported.
Page 332: Show Garp Gip
Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported.
Page 333: Show Garp Machine
AT-S63 Management Software Command Line Interface User’s Guide SHOW GARP MACHINE Syntax show garp=gvrp machine Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported.
Page 334 Chapter 22: GARP VLAN Registration Protocol Commands...
Page 335: Protected Ports Vlan Commands
❑ “SHOW VLAN” on page 344 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on protected ports VLANs, refer to Chapter 22, “Protected Ports VLANs” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 336: Add Vlan Group
Chapter 23: Protected Ports VLAN Commands ADD VLAN GROUP Syntax 1 name ports add vlan= ports= frame=tagged|untagged group=uplink|1..256 Syntax 2 add vlan= name [taggedports= ports ] [untaggedports= ports group=uplink|1..256 Parameters vlan Specifies the name or VID of the protected ports VLAN where ports are to be added.
Page 337 AT-S63 Management Software Command Line Interface User’s Guide Note the following before using this command: ❑ You must first create the protected ports VLAN by giving it a name and a VID before you can add ports. Creating a VLAN is accomplished with “CREATE VLAN PORTPROTECTED”...
Page 338 Chapter 23: Protected Ports VLAN Commands The following command does the same thing using Syntax 2: add vlan=InternetGroups untaggedports=5,6 group=4...
Page 339: Create Vlan Portprotected
AT-S63 Management Software Command Line Interface User’s Guide CREATE VLAN PORTPROTECTED Syntax name create vlan= vid= portprotected Parameters vlan Specifies the name of the new protected ports VLAN. The name can be from one to fifteen alphanumeric characters in length. The name should...
Page 340: Delete Vlan
Chapter 23: Protected Ports VLAN Commands DELETE VLAN Syntax 1 name ports delete vlan= ports= frame=tagged|untagged Syntax 2 delete vlan= name [taggedports= ports [untaggedports= ports Parameters vlan Specifies the name or VID of the VLAN to be modified. You can specify the VLAN by its name or VID.
Page 341 AT-S63 Management Software Command Line Interface User’s Guide Examples The following command uses Syntax 1 to delete untagged port 12 from the InternetGroups VLAN: delete vlan=InternetGroups port=12 frame=untagged The following command accomplishes the same thing using Syntax 2: delete vlan=InternetGroups untagged=12...
Page 342: Destroy Vlan
Chapter 23: Protected Ports VLAN Commands DESTROY VLAN Syntax name destroy vlan= |all Parameters vlan Specifies the name or VID of the VLAN to be destroyed. To delete all tagged, port-based, and protected ports VLANs on the switch, use the ALL option.
Page 343: Set Vlan
AT-S63 Management Software Command Line Interface User’s Guide SET VLAN Syntax name ports set vlan= port= frame=tagged|untagged Parameters vlan Specifies the name or VID of the VLAN to be modified. ports Specifies the port whose VLAN type is to be changed.
Page 344: Show Vlan
Chapter 23: Protected Ports VLAN Commands SHOW VLAN Syntax name show vlan[= Parameter vlan Specifies the name or VID of the VLAN you want to view. Omitting this displays all VLANs. Description This command displays information about the VLANs on the switch. The information includes the names and VIDs of the VLANs, and the tagged and untagged port members.
Page 345: Chapter 24 Statistics Commands
❑ “SHOW SWITCH PORT COUNTER” on page 348 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on port statistics, refer to Chapter 6, “Port Statistics” in the AT-S63 Management Software Menus Interface User’s Guide...
Page 346: Reset Switch Port Counter
Chapter 24: Statistics Commands RESET SWITCH PORT COUNTER Syntax port reset switch port= counter Parameter port Specifies the port whose statistics counters you want to return to zero. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22).
Page 347: Show Switch Counter
CRC errors, for the entire switch. For a list of and definitions for the statistics, refer to Chapter 3, “Basic Switch Parameters” in the AT-S63 Management Software Menus Interface User’s Guide. Example The following command displays the switch’s operating statistics:...
Page 348: Show Switch Port Counter
Examples of the statistics include the number of packets transmitted and received, and the number of CRC errors. For a list of and definitions for the statistics, refer to Chapter 6, “Port Parameters” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 349: Port Security Commands
❑ “SHOW SWITCH PORT SECURITYMODE” on page 355 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on port security, refer to Chapter 23, “Port Security” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 350: Set Switch Port Intrusion
Chapter 25: Port Security Commands SET SWITCH PORT INTRUSION Syntax port set switch port= intrusion=discard|trap|disable Parameters port Specifies the port where you want to change the intrusion action. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22).
Page 351: Set Switch Port Securitymode
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH PORT SECURITYMODE Syntax port set switch port= [securitymode=automatic|limited|secured|locked] [intrusionaction=discard|trap|disable] value [learn= ] [participate=yes|no|on|off|true|false] Parameters port Specifies the port where you want to set security. You can specify more than one port at a time.You...
Page 352 Note For explanations of the security levels and intrusion actions, refer to Chapter 23, “Port Security” in the AT-S63 Management Software Menus Interface User’s Guide. To view a port’s current security mode, use the command “SHOW...
Page 353 AT-S63 Management Software Command Line Interface User’s Guide The management software displays a confirmation prompt whenever you perform this command. Responding with Y for yes completes your command, while N for no cancels the command. Examples The following command sets the security level for port 8 to the Limited mode and specifies a limit of 5 dynamic MAC addresses.
Page 354: Show Switch Port Intrusion
Chapter 25: Port Security Commands SHOW SWITCH PORT INTRUSION Syntax port show switch port= intrusion Parameter port Specifies the port where you want to view the number of intrusions that have occurred. You can specify more than one port at a time. Description This command displays the number of times a port has detected an intrusion violation.
Page 355: Show Switch Port Securitymode
AT-S63 Management Software Command Line Interface User’s Guide SHOW SWITCH PORT SECURITYMODE Syntax port show switch port= securitymode Parameters port Specifies the port whose security mode settings you want to view. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22).
Page 356 Chapter 25: Port Security Commands...
Page 357: Management Acl Commands
❑ “SHOW MGMTACL” on page 365 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on the Management ACL, refer to Chapter 19, “Port-based and Tagged VLANs” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 358: Add Mgmtacl
Chapter 26: Management ACL Commands ADD MGMTACL Syntax ipaddress string add mgmtacl ipddress= mask= protocol=tcp|udp|all interface=telnet|web|all Parameters ipaddress Specifies the IP address of a specific management station or of a subnet. mask Specifies the mask used by the switch to filter the IP address.
Page 359 AT-S63 Management Software Command Line Interface User’s Guide Description This command adds an access control entry to the Management ACL. There can be up to 256 ACEs in a Management ACL. An ACE is an implicit “permit” statement. A workstation that meets the criteria of the ACE will be allowed to remotely manage the switch.
Page 360 Chapter 26: Management ACL Commands The following command allows all management stations in the Class A subnet 169.24.144.128 to manage the switch using a Telnet protocol application: add mgmtacl ipaddress=169.24.144.128 mask=255.255.255.224 protocol=tcp interface=web...
Page 361: Delete Mgmtacl
AT-S63 Management Software Command Line Interface User’s Guide DELETE MGMTACL Syntax ipaddress string delete mgmtacl ipaddress= mask= protocol=tcp|udp|all interface=telnet|web|all Parameters ipaddress Specifies the IP address to be deleted. mask Specifies the mask of the IP address. protocol Specifies the protocol of the management packets.
Page 362: Disable Mgmtacl
Chapter 26: Management ACL Commands DISABLE MGMTACL Syntax disable mgmtacl Parameters None Description This command disables the management ACL and performs the same function as the SETMGMTALL STATE=DISABLE command. Example The following command disables the management ACL: disable mgmtacl...
Page 363: Enable Mgmtacl
AT-S63 Management Software Command Line Interface User’s Guide ENABLE MGMTACL Syntax enable mgmtacl Parameters None Description This command enables the management ACL and performs the same function as the SETMGMTALL STATE=DISABLE command. Note Activating the Management ACL without entering any access control entries (ACEs) prohibits you from remotely managing the switch from a Telnet or web browser management session.
Page 364: Set Mgmtacl State
Chapter 26: Management ACL Commands SET MGMTACL STATE Syntax set mgmtacl state=disable|enable Parameters state Sets the state of the Management ACL. The options are: enable Enables the Management ACL. disable Disables the Management ACL. This is the default setting. Description This command enables or disables the Management ACL.
Page 365: Show Mgmtacl
AT-S63 Management Software Command Line Interface User’s Guide SHOW MGMTACL Syntax show mgmtacl state|entries Parameters state Displays the status of the Management ACL as either enabled or disabled. entries Lists the entries in the Management ACL. Description This command shows the state of and/or entries in the Management ACL.
Page 366 Chapter 26: Management ACL Commands...
Page 367: Chapter 27 Web Server Commands
❑ “SHOW HTTP SERVER” on page 376 Note Remember to use the SAVE CONFIGURATION command to save your changes. Note For background information on the web server, refer to Chapter 25, “Web Server” in the AT-S63 Management Software Menus Interface User’s Guide...
Page 368: Disable Http Server
Chapter 27: Web Server Commands DISABLE HTTP SERVER Syntax disable http server Parameters None. Description This command disables the web server on the switch. When the server is disabled, you cannot manage the switch from a web browser. To view the current status of the web server, see “SHOW HTTP SERVER”...
Page 369: Enable Http Server
AT-S63 Management Software Command Line Interface User’s Guide ENABLE HTTP SERVER Syntax enable http server Parameters None. Description This command activates the web server on the switch. Activating the server allows you to manage the unit from a web browser. To view the current status of the web server, see “SHOW HTTP SERVER”...
Page 370: Purge Http Server
This command resets the HTTP server to its default values. Refer to Appendix A, “AT-S63 Default Settings” in the AT-S63 Management Software Menus Interface User’s Guide or in the AT-S63 Management Software Web Browser Interface User’s Guide. To view the current web server settings, refer to “SHOW HTTP SERVER”...
Page 371: Set Http Server
AT-S63 Management Software Command Line Interface User’s Guide SET HTTP SERVER Syntax key- set http server [security=enabled|disabled] [sslkeyid= ] [port= port Parameters security Specifies the security mode of the web server. The options are: enabled Specifies that the web server is to function in the secure HTTPS mode.
Page 372 Chapter 27: Web Server Commands set http server security=disabled The following command configures the web server for the secure HTTPS mode. It specifies the key pair ID as 5. Since no port is specified, the default HTTPS port 443 is used: set http server security=enabled sslkeyid=5 General Configuration Steps for a Self-signed Certificate Below are the steps to configuring the switch’s web server for a self-...
Page 373 AT-S63 Management Software Command Line Interface User’s Guide add pki certificate="Switch 12 certificate" location=Sw12cert.cer 4. This command disables the web server: disable http server 5. This command configures the web server by activating HTTPS and specifying the encryption key pair created in step 1: set http server security=enabled sslkeyid=4 6.
Page 374 Chapter 27: Web Server Commands The following is an example of the command sequence for configuring the web server for CA certificates. It explains how to create an encryption key and enrollment request, and how to download the CA certificates on the switch.
Page 375 AT-S63 Management Software Command Line Interface User’s Guide 9. This command enables the web server: enable http server...
Page 376: Show Http Server
Chapter 27: Web Server Commands SHOW HTTP SERVER Syntax show http server Parameters None. Description This command displays the following information about the web server on the switch: ❑ Status ❑ SSL security ❑ SSL key ID ❑ Listen port Example The following command displays the status of the web server: show http server...
Page 377: Encryption Key Commands
Remember to save your changes with the SAVE CONFIGURATION command. Note The feature is not available in all versions of the AT-S63 management software. Contact your Allied Telesyn sales representative to determine if this feature is available in your locale.
Page 378: Create Enco Key
This parameter, which is optional, is used when creating a new key pair and when importing a public key from the AT-S63 file system to the key database. This parameter should not be used when exporting a public key to the file system.
Page 379 AT-S63 Management Software Command Line Interface User’s Guide Specifies a hexadecimal format used to transfer a key between devices other than switches. This is the default. Specifies a format for Secure Shell version 1 users. ssh2 Specifies a format for Secure Shell version 2 users.
Page 380 Syntax 2 Description Syntax 2 is used to import and export public encryption keys. You can import a public key from the AT-S63 file system to the key database or vice versa. The only circumstance in which you are likely to use this command is if you are using an SSH client that does not download the key automatically when you start an SSH management session.
Page 381 AT-S63 Management Software Command Line Interface User’s Guide If you are exporting a public key from the key database to the file system, the KEY parameter should specify the ID of the key that you want to export. Only the public key of a key pair is exported to the file system.
Page 382: Destroy Enco Key
Chapter 28: Encryption Key Commands DESTROY ENCO KEY Syntax key-id destroy enco key= Parameter Specifies the ID number of the key pair to be deleted from the key database. Description This command deletes an encryption key pair from the key database. This command also deletes a key’s corresponding ”.UKF”...
Page 383: Set Enco Key
AT-S63 Management Software Command Line Interface User’s Guide SET ENCO KEY Syntax key-id description set enco key= description=" " Parameters Specifies the ID number of the key pair whose description you want to change. description Specifies the new description of the key. The description can contain up to 25 alphanumeric characters.
Page 384: Show Enco
Chapter 28: Encryption Key Commands SHOW ENCO Syntax key-id show enco key= Parameters Specifies the ID of a specific key whose information you want to display. Otherwise, all keys are displayed. Description This command displays information about encryption key pairs stored in the key database.
Page 385: Public Key Infrastructure (Pki) Certificate Commands
Remember to save your changes with the SAVE CONFIGURATION command. Note The feature is not available in all versions of the AT-S63 management software. Contact your Allied Telesyn sales representative to determine if this feature is available in your locale.
Page 386: Add Pki Certificate
Description This command adds a certificate to the certificate database from the AT-S63 file system. To view the certificate files in the file system, refer to “SHOW FILE” on page 152. To view the certificates already in the database, refer to “SHOW PKI CERTIFICATE” on page 400.
Page 387 AT-S63 Management Software Command Line Interface User’s Guide The CERTIFICATE parameter assigns the certificate a name. The name can be from 1 to 40 alphanumeric characters. Each certificate in the database should be given a unique name. The LOCATION parameter specifies the filename of the certificate as stored in the switch’s file system.
Page 388: Create Pki Certificate
Chapter 29: Public Key Infrastructure (PKI) Certificate Commands CREATE PKI CERTIFICATE Syntax name key-id create pki certificate= keypair= serialnumber= value [format=der|pem] distinguished-name subject=" " Parameters certificate Specifies a name for the self-signed certificate. The name can be from one to eight alphanumeric characters.
Page 389 IP address as the distinguished name. For a explanation of distinguished names, refer to Chapter 27, “PKI Certificates and SSL” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 390 Chapter 29: Public Key Infrastructure (PKI) Certificate Commands with the ID 12 to create the certificate. The format is ASCII and the distinguished name is the IP address of a master switch: create pki certificate=sw12 keypair=12 serialnumber=0 format=pem subject="cn=149.11.11.11" The following command creates a self-signed certificate with a filename of “S45 cert”.
Page 391: Create Pki Enrollmentrequest
You must also set the system’s distinguished name before using this command. For a explanation of distinguished names, refer to Chapter 27, “PKI Certificates and SSL” in the AT-S63 Management Software Menus Interface User’s Guide. To set the distinguished name, refer to “SET...
Page 392 Chapter 29: Public Key Infrastructure (PKI) Certificate Commands Note For a review of the steps to configuring the web server for a CA certificate, refer to “SET HTTP SERVER” on page 371. The ENROLLMENTREQUEST parameter specifies a filename for the request.
Page 393: Delete Pki Certificate
AT-S63 Management Software Command Line Interface User’s Guide DELETE PKI CERTIFICATE Syntax name delete pki certificate=" " Parameter certificate Specifies the name of the certificate you want to delete from the certificate database. The name is case sensitive. If the name contains spaces, it must be enclosed in double quotes.
Page 394: Purge Pki
Chapter 29: Public Key Infrastructure (PKI) Certificate Commands PURGE PKI Syntax purge pki Parameters None. Description This command deletes all certificates from the certificate database and resets the certificate database storage limit to the default. This command does not delete the certificates from the file system. To delete files from the file system, refer to “DELETE FILE”...
Page 395: Set Pki Certificate
AT-S63 Management Software Command Line Interface User’s Guide SET PKI CERTIFICATE Syntax name set pki certificate=" " [trusted=yes|no|on|off|true|false] [type=ca|ee|self] Parameters certificate Specifies the certificate name whose trust or type you want to change. The name is case sensitive. If the name contains spaces, it must be enclosed in quotes.
Page 396 Chapter 29: Public Key Infrastructure (PKI) Certificate Commands The TYPE parameter specifies the certificate type. If CA is specified, the switch tags this certificate as a CA certificate. If ENDENTITY or EE is specified, the switch tags the certificate to indicate that it belongs to an end entity.
Page 397: Set Pki Certstorelimit
AT-S63 Management Software Command Line Interface User’s Guide SET PKI CERTSTORELIMIT Syntax value set pki certstorelimit= Parameter certstorelimit Specifies the maximum number of certificates that can be stored in the certificate database. The range is 12 and 256; the default is 256.
Page 398: Set System Distinguishedname
For a explanation of distinguished names, refer to Chapter 27, “PKI Certificates and SSL” in the AT-S63 Management Software Menus Interface User’s Guide. Allied Telesyn recommends using the switch’s IP address or, for networks with a Domain Name System, its domain name as the distinguished name.
Page 399: Show Pki
AT-S63 Management Software Command Line Interface User’s Guide SHOW PKI Syntax show pki Parameters None. Description This command displays the current setting for the maximum number of certificates the switch will allow you to store in the certificate database. To change this value, refer to “SET PKI CERTSTORELIMIT” on page 397.
Page 400: Show Pki Certificate
Chapter 29: Public Key Infrastructure (PKI) Certificate Commands SHOW PKI CERTIFICATE Syntax name show pki certificate[=" "] Parameter certificate Specifies the name of the certificate whose information you want to view. If the name contains spaces, it must be enclosed in double quotes. This parameter is case sensitive.
Page 401: Secure Sockets Layer (Ssl) Commands
Remember to save your changes with the SAVE CONFIGURATION command. Note The feature is not available in all versions of the AT-S63 management software. Contact your Allied Telesyn sales representative to determine if this feature is available in your locale.
Page 402: Set Ssl
Chapter 30: Secure Sockets Layer (SSL) Commands SET SSL Syntax value value set ssl [cachetimeout= ] [maxsessions= Parameters cachetimeout Specifies the maximum time in seconds that a session will be retained in the cache The range is 1 to 600 seconds. The default is 300 seconds. maxsessions Specifies the maximum number of sessions that will be allowed in the session resumption cache.
Page 403: Show Ssl
AT-S63 Management Software Command Line Interface User’s Guide SHOW SSL Syntax show ssl Parameters None. Description This command displays the current settings for the following SSL values: ❑ Version ❑ Available ciphers ❑ Maximum number of sessions ❑ Cache timeout...
Page 404 Chapter 30: Secure Sockets Layer (SSL) Commands...
Page 405: Secure Shell (Ssh) Commands
Remember to save your changes with the SAVE CONFIGURATION command. Note The feature is not available in all versions of the AT-S63 management software. Contact your Allied Telesyn sales representative to determine if this feature is available in your locale.
Page 406: Disable Ssh Server
Chapter 31: Secure Shell (SSH) Commands DISABLE SSH SERVER Syntax disable ssh server Parameters None. Description This command disables the Secure Shell server. When the Secure Shell server is disabled, connections from Secure Shell clients are not accepted. By default, the Secure Shell server is disabled. Example The following command disables the Secure Shell server: disable ssh server...
Page 407: Enable Ssh Server
AT-S63 Management Software Command Line Interface User’s Guide ENABLE SSH SERVER Syntax key-id key-id enable ssh server hostkey= serverkey= [expirytime= hours ] [logintimeout= seconds Parameters hostkey Specifies the ID number of the encryption key pair to function as the host key.
Page 408 11. Disable Telnet access to the switch with the DISABLE TELNET command. See “DISABLE TELNET” on page 37. Although the AT-S63 management software allows the SSH and Telnet servers to be active on the switch simultaneously, allowing Telnet to remain active negates the security of the SSH feature.
Page 409 AT-S63 Management Software Command Line Interface User’s Guide Example The following is an example of the command sequence to configuring the SSH software on the server: 1. The first step is to create the two encryption key pairs. Each key must be created separately and the key lengths must be at least one increment (256 bits) apart.
Page 410: Set Ssh Server
Chapter 31: Secure Shell (SSH) Commands SET SSH SERVER Syntax key-id key-id set ssh server hostkey= serverkey= [expirytime= hours ] [logintimeout= seconds Parameters hostkey Specifies the ID number of the encryption key pair to function as the host key. serverkey Specifies the ID number of the encryption key pair to function as the server key.
Page 411 AT-S63 Management Software Command Line Interface User’s Guide Example The following command sets the Secure Shell server key expiry time to 1 hour: set ssh server expirytime=1...
Page 412: Show Ssh
Chapter 31: Secure Shell (SSH) Commands SHOW SSH Syntax show ssh Parameters None. Description This command displays the current values for the following SSH parameters: ❑ Versions supported ❑ Server Status ❑ Server Port ❑ Host Key ID ❑ Host Key Bits (size of host key in bits) ❑...
Page 413: Tacacs+ And Radius Commands
❑ “SHOW AUTHENTICATION” on page 424 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on the RADIUS and TACACS+ protocols, refer to Chapter 30, “TACACS+ and RADIUS Protocols” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 414: Add Radiusserver
Chapter 32: TACACS+ and RADIUS Commands ADD RADIUSSERVER Syntax ipaddress value add radiusserver server|ipaddress= order= [secret= string ] [port= value ] [accport= value Parameters server Specifies an IP address of a RADIUS server. The parameters ipaddress are equivalent. order Specifies the order that the RADIUS servers are queried by the switch.
Page 415 AT-S63 Management Software Command Line Interface User’s Guide add radiusserver ipaddress=149.245.22.22 order=2 secret=tiger74 port=1811...
Page 416: Add Tacacsserver
Chapter 32: TACACS+ and RADIUS Commands ADD TACACSSERVER Syntax ipaddress value add tacacsserver server|ipaddress= order= [secret= string Parameters server Specifies an IP address of a TACACS+ server. The ipaddress parameters are equivalent. order Specifies the order that your TACACS+ servers are queried by the switch.
Page 417: Delete Radiusserver
AT-S63 Management Software Command Line Interface User’s Guide DELETE RADIUSSERVER Syntax ipaddress delete radiusserver server|ipaddress= Parameter server Specifies the IP address of a RADIUS server to be deleted ipaddress from the management software. The parameters are equivalent. Description This command deletes the IP address of a RADIUS from your switch.
Page 418: Delete Tacacsserver
Chapter 32: TACACS+ and RADIUS Commands DELETE TACACSSERVER Syntax ipaddress delete tacacsserver server|ipaddress= Parameter server Specifies the IP address of a TACACS+ server to be deleted ipaddress from the management software. The parameters are equivalent. Description This command deletes the IP address of a TACACS+ server from your switch.
Page 419: Disable Authentication
AT-S63 Management Software Command Line Interface User’s Guide DISABLE AUTHENTICATION Syntax disable authentication Parameters None. Description This command disables TACACS+ and RADIUS manager account authentication on your switch. When you disable authentication you retain your current authentication parameter settings. Note This command applies only to TACACS+ and RADIUS manager accounts.
Page 420: Enable Authentication
Chapter 32: TACACS+ and RADIUS Commands ENABLE AUTHENTICATION Syntax enable authentication Parameters None. Description This command enables TACACS+ or RADIUS manager account authentication on your switch. To select an authenticator protocol, refer to “SET AUTHENTICATION” on page 422. Note If you are using the RADIUS authentication protocol for 802.1x Port- based Network Access Control but not for manager account authentication, you do not need to use this command.
Page 421: Purge Authentication
AT-S63 Management Software Command Line Interface User’s Guide PURGE AUTHENTICATION Syntax purge authentication Parameters None. Description This command disables authentication, returns the authentication method to TACACS+, deletes any global secret, and returns the timeout value to its default setting of 10 seconds. This command does not delete the IP address or secret of any RADIUS or TACACS+ authentication servers you may have specified.
Page 422: Set Authentication
Chapter 32: TACACS+ and RADIUS Commands SET AUTHENTICATION Syntax string set authentication method=tacacs|radius [secret= [timeout= value Parameters method Specifies which authenticator protocol, TACACS+ or RADIUS, is to be the active protocol on the switch. secret Specifies the global encryption key that is used by the TACACS+ or RADIUS servers.
Page 423 AT-S63 Management Software Command Line Interface User’s Guide The following command selects RADIUS as the authentication protocol with a global encryption key of leopard09 and a timeout of 15 seconds: set authentication method=radius secret=leopard09 timeout=15...
Page 424: Show Authentication
Chapter 32: TACACS+ and RADIUS Commands SHOW AUTHENTICATION Syntax show authentication [=tacacs|radius] Parameters None. Description This command displays the following information about the authenticated protocols on the switch: ❑ Status - The status of your authenticated protocol: enabled or disabled. ❑...
Page 425: Port-Based Network Access Control Commands
❑ “SHOW RADIUSACCOUNTING” on page 440 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on 802.1x Port-based Network Access Control, refer to Chapter 29, “802.1x Port-based Network Access Control” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 426: Disable Portaccess|Portauth
Chapter 33: 802.1x Port-based Network Access Control Commands DISABLE PORTACCESS|PORTAUTH Syntax disable portaccess|portauth Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters None. Description This command disables 802.1x Port-based Network Access Control on the switch. This is the default setting. Example The following command disables 802.1x Port-based Network Access Control on the switch:...
Page 427: Disable Radiusaccounting
AT-S63 Management Software Command Line Interface User’s Guide DISABLE RADIUSACCOUNTING Syntax disable radiusaccounting Parameters None Description This command disables RADIUS accounting on the switch. This command is equivalent to the SET RADIUSACCOUNTING STATUS=DISABLED command. Example The following command disables RADIUS accounting:...
Page 428: Enable Portaccess|Portauth
Chapter 33: 802.1x Port-based Network Access Control Commands ENABLE PORTACCESS|PORTAUTH Syntax enable portaccess|portauth Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters None. Description This command activates 802.1x Port-based Network Access Control on the switch. The default setting for this feature is disabled. Note You should activate and configure the RADIUS client software on the switch before you activate port-based access control.
Page 429: Enable Radiusaccounting
AT-S63 Management Software Command Line Interface User’s Guide ENABLE RADIUSACCOUNTING Syntax enable radiusaccounting Parameters None Description This command enables RADIUS accounting on the switch. This command is equivalent to the SET RADIUSACCOUNTING STATUS=ENABLED command. Example The following command disables RADIUS accounting:...
Page 430: Set Portaccess|Portauth Port Role=Authenticator
Chapter 33: 802.1x Port-based Network Access Control Commands SET PORTACCESS|PORTAUTH PORT ROLE=AUTHENTICATOR Syntax port set portaccess|portauth port= type|role=authenticator|none [control=auto|authorised|forceauthenticate| unauthorised|forceunauthenticate] [quietperiod= value value value value [txperiod= ] [reauthperiod= ] [supptimeout= value value [servertimeout|servtimeout= ] [maxreq= [ctrldirboth=ingress|both] Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters port Specifies the port that you want to set to the...
Page 431 AT-S63 Management Software Command Line Interface User’s Guide the network is uniquely identified by the switch by using the client's MAC address. This is the default setting. authorised or Disables 802.1X port-based forceauthenticate authentication and causes the port to transition to the...
Page 432 Chapter 33: 802.1x Port-based Network Access Control Commands servtimeout authentication server timeout conditions. The default value is 10 seconds. The range is 1 to 60 seconds. The parameters are equivalent. maxreq Specifies the maximum number of times that the switch retransmits an EAP Request packet to the client before it times out the authentication session.
Page 433 AT-S63 Management Software Command Line Interface User’s Guide Examples The following command sets ports 4 to 6 to the authenticator role: set portaccess port=4-6 role=authenticator The following command sets port 7 to the authenticator role, the quiet period on the port to 30 seconds, and the server timeout period to 200...
Page 434: Set Portaccess|Portauth Port Role=Supplicant
Chapter 33: 802.1x Port-based Network Access Control Commands SET PORTACCESS|PORTAUTH PORT ROLE=SUPPLICANT Syntax port set portaccess|portauth port= type|role=supplicant|none value value value [authperiod= ] [heldperiod= ] [maxstart= value name password [startperiod= ] [username|name= ] [password= Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters port Specifies the port that you want to set to the...
Page 435 AT-S63 Management Software Command Line Interface User’s Guide username Specifies the username for the switch port. The name parameters are equivalent. The port sends the name to the authentication server for verification when the port logs on to the network. The username can be from 1 to 16 alphanumeric characters (A to Z, a to z, 1 to 9).
Page 436: Set Radiusaccounting
Chapter 33: 802.1x Port-based Network Access Control Commands SET RADIUSACCOUNTING Syntax set radiusaccounting [status=enabled|disabled] [serverport= value ] [type=network] [trigger=start_stop|stop_only] value [updateenable=enabled|disabled] [interval= Parameters status Activates and deactivates RADIUS accounting on the switch. The options are: enabled Activates RADIUS accounting. disabled Deactivates the feature.
Page 437 AT-S63 Management Software Command Line Interface User’s Guide Description RADIUS accounting is supported on those switch ports operating in the Authenticator role. The accounting information sent by the switch to a RADIUS server includes the date and time when clients log on and log off, as well as the number of packets sent and received by a switch port during a client session.
Page 438: Show Portaccess|Portauth
Chapter 33: 802.1x Port-based Network Access Control Commands SHOW PORTACCESS|PORTAUTH Syntax show portaccess|portauth config|status Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters config Displays whether port-based access control is enabled or disabled on the switch. status Displays the role and status of each port. Description Use this command to display operating information for port-based access control.
Page 439: Show Portaccess|Portauth Port
AT-S63 Management Software Command Line Interface User’s Guide SHOW PORTACCESS|PORTAUTH PORT Syntax port show portaccess|portauth port= authenticator|supplicant config|status Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters port Specifies the port whose port-based access control settings you want to view. You can specify more than one port at a time.
Page 440: Show Radiusaccounting
Chapter 33: 802.1x Port-based Network Access Control Commands SHOW RADIUSACCOUNTING Syntax show radiusaccounting Parameters None. Description Use this command to display the current parameter settings for RADIUS accounting. For an explanation of the parameters, refer to “SET RADIUSACCOUNTING” on page 436. Examples The following command displays the current parameter settings for RADIUS accounting:...
Page 441: Denial Of Service (Dos) Defense Commands
Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on Denial of Service (DoS) attacks and the defense mechanisms employed by the management software, refer to Chapter 31, “Denial of Service Defense” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 442: Set Dos
Chapter 34: Denial of Service (DoS) Defense Commands SET DOS Syntax ipaddress mask port set dos ipaddress= subnet= uplinkport= Parameters ipaddress Specifies the IP address of one of the devices connected to the switch, preferably the lowest IP address. subnet Specifies the subnet mask of the LAN.
Page 443: Set Dos Ipoption
This type of attack occurs when an attacker sends packets containing bad IP options to a victim node. There are many different types of IP options attacks and the AT-S63 management software does not try to distinguish between them. Rather, a switch port where this defense is activated counts the number of ingress IP packets containing IP options.
Page 444 Chapter 34: Denial of Service (DoS) Defense Commands Example The following command activates the IP Options defense on ports 5, 7, and 10: set dos ipoption port=5,7,10 state=enable...
Page 445: Set Dos Land
Description This command enables and disables the Land DoS defense. For an explanation of this attack and the AT-S63 defense mechanism, refer to Chapter 31, “Denial of Service Defense” in the AT-S63 Management Software Menus Interface User’s Guide.
Page 446: Set Dos Pingofdeath
Chapter 34: Denial of Service (DoS) Defense Commands SET DOS PINGOFDEATH Syntax port set dos pingofdeath port= state=enable|disable port [mirrorport= Parameters port Specifies the switch ports on which to enable or disable the Ping of Death defense. You can specify more than one port at a time.
Page 447 AT-S63 Management Software Command Line Interface User’s Guide Note This defense mechanism requires some involvement by the switch’s CPU, though not as much as the Teardrop defense. This will not impact the forwarding of traffic between the switch ports, but it can affect the handling of CPU events, such as the processing of IGMP packets and spanning tree BPDUs.
Page 448: Set Dos Smurf
Chapter 34: Denial of Service (DoS) Defense Commands SET DOS SMURF Syntax port set dos smurf port= state=enable|disable Parameters port Specifies the switch ports on which you want to enable or disable SMURF defense. You can select more than one port at a time. state Specifies the state of the SMURF defense.
Page 449: Set Dos Synflood
AT-S63 Management Software Command Line Interface User’s Guide SET DOS SYNFLOOD Syntax port set dos synflood port= state=enable|disable Parameters port Specifies the switch ports on which you want to enable or disable this DoS defense. You can select more than one port at a time.
Page 450 Chapter 34: Denial of Service (DoS) Defense Commands Example The following command activates the defense on ports 18 to 20: set dos synflood port=18-20 state=enable...
Page 451: Set Dos Teardrop
AT-S63 Management Software Command Line Interface User’s Guide SET DOS TEARDROP Syntax port set dos teardrop port= state=enable|disable port [mirrorport=auto| Parameters port Specifies the switch ports on which you want to enable or disable this DoS defense. You can select more than one port at a time.
Page 452 Chapter 34: Denial of Service (DoS) Defense Commands Caution This defense is extremely CPU intensive and should be used with caution. Unrestricted use can cause a switch to halt operations if the CPU becomes overwhelmed with IP traffic. To prevent this, Allied Telesyn recommends that you activate this defense on only one port at a time, and only on a port where ingress fragments comprise only a small percentage of its total traffic.
Page 453: Show Dos
AT-S63 Management Software Command Line Interface User’s Guide SHOW DOS Syntax 1 show dos [ipaddress] [subnet] [uplinkport] Syntax 2 show dos defense port= port state Parameters ipaddress Displays the IP address of the LAN. subnet Displays the subnet mask. uplinkport Displays the uplink port for the Land defense.
Page 454 Chapter 34: Denial of Service (DoS) Defense Commands show dos ipaddress subnet The following command displays the status of the SMURF defense on port 4: show dos smurf port=4 state...
Page 455: Index
128 disabling 426 AT-S63 software image displaying 438, 439 downloading 154 enabling 428 uploading 160 supplicant port AT-S63 software, resetting to factory defaults configuring 434 displaying 438 authentication disabling 419 displaying 424 access control enabling 420 authenticator port, displaying 438...
Page 456 Index BPDU 213, 232 CREATE SNMPV3 NOTIFY command 262 bridge forwarding delay 200, 212, 231 CREATE SNMPV3 TARGETADDR command 264 bridge hello time 200, 212, 231 CREATE SNMPV3 TARGETPARAMS command bridge max age 200, 212, 231 bridge priority 200 CREATE SNMPV3 VIEW command 268 broadcast filter 112, 114 CREATE SWITCH TRUNK command 133 CREATE VLAN command 307...
Page 457 AT-S63 Management Software Command Line Interface User’s Guide DISABLE HTTP SERVER command 368 DISABLE IGMPSNOOPING command 184 ENABLE RADIUSACCOUNTING command 429 DISABLE INTERFACE LINKTRAP command 105 ENABLE RRPSNOOPING command 193 DISABLE IP REMOTEASSIGN command 36 ENABLE RSTP command 210 DISABLE LOG command 164...
Page 458 Index enabling 110, 112 setting 49 force version 212, 231 IPOPTION denial of service defense 443 forwarding delay 200, 212, 231 keyword abbreviations 21 GARP converting dynamic VLANs 319 counters, displaying 329 LAND denial of service defense 445 database, displaying 331 LOAD command 154 disabling 322 location, configuring 44, 55...
Page 459 AT-S63 Management Software Command Line Interface User’s Guide MSTP GVRP status, setting 325 activating 223 head of line blocking 115 disabling 228 interface information 120 displaying 242 link traps, disabling 105 enabling 229 link traps, enabling 108 returning to defaults 230...
Page 460 Index PURGE GARP command 324 port, setting 216 PURGE HTTP SERVER command 370 resetting to defaults 211 PURGE IP command 42 setting 212 PURGE LOG command 166 PURGE MSTP command 230 PURGE PKI command 394 SAVE CONFIGURATION command 29 PURGE RSTP command 211 SAVE LOG command 167 PURGE SNTP command 90 Secure Shell (SSH), configuration overview 408...
Page 461 AT-S63 Management Software Command Line Interface User’s Guide SET RADIUSACCOUNTING command 436 SHOW GARP GIP command 332 SET RSTP command 212 SHOW GARP MACHINE command 333 SET RSTP PORT command 216 SHOW HTTP SERVER command 376 SET SNMP COMMUNITY command 80...
Page 462 Index SHOW SYSTEM command 63 SNMPv3 User Table entry SHOW TIME command 95 adding 247 SHOW USER command 32 deleting 270 SHOW VLAN command 320, 344 displaying 301 slave switch 100 SNMPv3 View Table entry SMURF denial of service defense 448 clearing 254 SNMP creating 268...
Page 463 AT-S63 Management Software Command Line Interface User’s Guide information, displaying 63 converting dynamic VLANs into static 319 parameters, displaying 62 creating 307 restarting 46 deleting 311 statistics counters, displaying 347 destroying 314 SYNFLOOD denial of service defense 449 displaying 320...
Page 464 Index...