Fortinet FortiSwitch-548B v. 5.2.0.2 Administration Manual
  1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Switch
  5. FortiSwitch-548B v. 5.2.0.2
  6. Administration manual

Fortinet FortiSwitch-548B v. 5.2.0.2 Administration Manual

Hide thumbs Also See for FortiSwitch-548B v. 5.2.0.2:
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
Table of Contents

Advertisement

Quick Links

Download this manual
FortiSwitch-548B
Version 5.2.0.2
Administration Guide

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiSwitch-548B v. 5.2.0.2

Summary of Contents for Fortinet FortiSwitch-548B v. 5.2.0.2

  • Page 1 FortiSwitch-548B Version 5.2.0.2 Administration Guide...
  • Page 2 Copyright© 2012 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

  • Page 3: Table Of Contents

    Table of Contents Introduction ........................ 6 Scope ......................... 6 Documentation ....................6 Customer Service and Technical Support ............6 Training ....................... 6 Product Overview....................... 8 Switch Description ....................8 Features ......................8 Front-Panel Components .................. 10 LED Indicators ....................10 Rear Panel Description ..................
  • Page 4 Device Configuration Commands..............41 Management Commands ................152 Spanning Tree Commands ................202 System Log Management Commands ............222 Script Management Commands ..............229 User Account Management Commands ............231 Security Commands ..................237 CDP (Cisco Discovery Protocol) Commands ..........269 7.10 SNTP (Simple Network Time Protocol) Commands ........
  • Page 5 Multicast Commands ..................513 Protocol Independent Multicast – Dense Mode (PIM-DM) Commands .... 519 Protocol Independent Multicast – Sparse Mode (PIM-SM) Commands ... 523 IGMP Proxy Commands ................. 532 MLD Proxy Commands ................... 537 IPv6 Commands ....................542 10.1 Tunnel Interface Commands ................542 10.2 Loopback Interface Commands ..............

  • Page 6: Introduction

    Fortinet Knowledge Base at http://kb.fortinet.com. 1.2.2 Comments on Fortinet Technical Documentation Please send information about any errors or omissions in this or any Fortinet technical document to techdoc@fortinet.com. Customer Service and Technical Support Fortinet Technical Support provides services designed to make sure that your Fortinet products install quickly, configure easily, and operate reliably in your network.
  • Page 7 To learn about the training services that Fortinet provides, visit the Fortinet Training Services web site at http://campus.training.fortinet.com, or email them at training@fortinet.com. - 7 -...

  • Page 8: Product Overview

    Product Overview Switch Description FortiSwitch-548B is a layer 2 SFP+ 10-Gigabit Ethernet backbone switch designed for adaptability and scalability. The Switch provides a management platform and uplink to backbone. Alternatively, the Switch can utilize up to 48 10-Gigabit Ethernet ports to function as a central distribution hub for other switches, switch groups, or routers.
  • Page 9  VLAN routing support  IP Multicast support  IGMP v1, v2, and v3 support  DVMRP support  Protocol Independent Multicast - Dense Mode (PIM-DM) support for IPv4 and IPv6  Protocol Independent Multicast - Sparse Mode (PIM-SM) support for IPv4 and IPv6 ...

  • Page 10: Front-Panel Components

    Front-Panel Components The front panel of the Switch consists of 48 10-Gigabit interfaces, 2 LED indicators, 1 built-in 1000/100/10 RJ-45 Ethernet service ports, an RS-232 communication port, and 48 port LEDs. The upper LED indicators display power status. The lower LED indicators displays the status of the switch.

  • Page 11: Management Options

    Management Options The system may be managed by using one Service Ports through a Web Browswer,Telent, SNMP function and using the console port on the front panel through CLI command. Web-based Management Interface After you have successfully installed the Switch, you can configure the Switch, monitor the LED panel, and display statistics graphically using a Web browser, such as Mozilla FireFox (version 3.6 or higher) or Microsoft®...
  • Page 12  RFC 3289 - DIFFSERV-DSCP-TC  RFC 3289 - DIFFSERV-MIB  QOS-DIFFSERV-EXTENSIONS-MIB  QOS-DIFFSERV-PRIVATE-MIB  RFC 2674 802.1p  RFC 2932 (IPMROUTE-MIB)  Fortinet Enterprise MIB  ROUTING-MIB  MGMD-MIB  RFC 2934 PIM-MIB  DVMRP-STD-MIB  IANA-RTPROTO-MIB  MULTICAST-MIB ...

  • Page 13: Installation And Quick Startup

    Installation and Quick Startup Package Contents Before you begin installing the Switch, confirm that your package contains the following items:  One FortiSwitch-548B Layer 2 10-Gigabit Managed Switch  Mounting kit: 2 mounting brackets and screws  Four rubber feet with adhesive backing ...

  • Page 14: Switch Installation

    Switch Installation Installing the Switch Without the Rack 1. Install the Switch on a level surface that can safely support the weight of the Switch and its attached cables. The Switch must have adequate space for ventilation and for accessing cable connectors. 2.

  • Page 15: Installing The Switch In A Rack

    Installing the Switch in a Rack You can install the Switch in most standard 19-inch (48.3-cm) racks. Refer to the illustrations below. 1. Use the supplied screws to attach a mounting bracket to each side of the Switch. 2. Align the holes in the mounting bracket with the holes in the rack. 3.

  • Page 16: Quick Starting The Switch

     Type the word admin in the login area. Since a number of the Quick Setup commands require administrator account rights, FORTINET suggests logging into an administrator account.  Do not enter a password because there is no password in the default mode.

  • Page 17: System Information Setup

    System Information Setup 3.5.1 Quick Start up Software Version Information Table 2-1. Quick Start up Software Version Information Command Details show hardware Allows the user to see the HW & SW version the device contains System Description - switch's model name show version Allows the user to see Serial Number, Part Number, and Model name...
  • Page 18 (Read/Write) or is only able to view (Read Only). As a factory default, admin has Read/Write access and guest has Read Only access. There can only be one Read/Write user and up to 5 Read Only users. show loginsession Displays all login session information username <username>...
  • Page 19 Management VLAN Id - Specifies VLAN id Web Mode - Indicates whether HTTP/Web is enabled. Java Mode - Indicates whether java mode is enabled. ip address (Config)#interface vlan 1 (if-vlan 1)#ip address <ipaddr> <netmask> (if-vlan 1)#exit (Config)#ip default-gateway <gateway> IP Address range from 0.0.0.0 to 255.255.255.255 Subnet Mask range from 0.0.0.0 to 255.255.255.255...
  • Page 20 copy <url> startup-config <filename> Sets the download datatype to be an image or config file. The URL must be specified as: tftp://ipAddr/filepath/fileName. The startup-config option downloads the config file using tftp and image option downloads the code file. 3.5.8 Quick Start up Factory Defaults Table 2-8 Quick Start up Factory Defaults Command Details...

  • Page 21: Console And Telnet Administration Interface

    Console and Telnet Administration Interface This chapter discusses many of the features used to manage the Switch, and explains many concepts and important points regarding these features. Configuring the Switch to implement these concepts is discussed in detail in chapter 6. Local Console Management Local console management involves the administration of the Switch via a direct connection to the RS-232 DCE console port.
  • Page 22  The console port is set for the following configuration:  Baud rate: 11,520  Data width: 8 bits  Parity: none  Stop bits: 1  Flow Control: none A typical console connection is illustrated below: Figure 3-1: Console Setting Environment - 22 -...

  • Page 23: Set Up Your Switch Using Telnet Access

    Set Up your Switch Using Telnet Access Once you have set an IP address for your Switch, you can use a Telnet program (in a VT-100 compatible terminal mode) to access and control the Switch. Most of the screens are identical, whether accessed from the console port or from a Telnet interface.

  • Page 24: Web-Based Management Interface

    Web-Based Management Interface Overview The Fortinet FortiSwitch-548B Series Layer III plus QoS Managed Switch provides a built-in browser interface that lets you configure and manage it remotely using a standard Web browser such as Microsoft Internet Explorer 5.0 or later or Netscape Navigator 6.0 or later. This interface also allows for system monitoring and management of the switch.

  • Page 25: How To Log In

    How to log in The Fortinet FortiSwitch-548B Series Layer III plus QoS Managed Switch can be configured remotely from Microsoft Internet Explorer (version 5.0 or above), or Mozilla FireFox (version 3.6 or above). 1. Determine the IP address of your managed switch.

  • Page 26: Web-Based Management Menu

    Web-Based Management Menu Menus The Web-based interface enables navigation through several menus. The main navigation menu is on the left of every page and contains the screens that let you access all the commands and statistics the switch provides. Main Menus ...
  • Page 27 Secondary Menus The Secondary Menus under the Main Menu contain a host of options that you can use to configure your switch. The online help contains a detailed description of the features on each screen. You can click the ‘help’ or the question mark at the top right of each screen to view the help menu topics. The Secondary Menus are detailed below, with cross-references to the sections in this manual that contain the corresponding command descriptions.
  • Page 28  MAC-based VLAN — see “MAC-based Commands”  MAC-based Vocie VLAN — see “MAC-based Vocie VLAN Commands”  Voice VLAN — see “Voice VLAN Commands”  Filters — see “MAC Filters Commands”  GARP — see “GVRP and Bridge Extension Commands” ...
  • Page 29  Secure HTTP — see “HTTP Commands”  Secure Shell — see “Secure Shell (SSH) Commands” IPv6  OSPFv3 — see “OSPFv3 Configuration Commands”  IPv6 Routes — see “IPv6 Routes Configuration Commands”  RIPv6 — see “RIPv6 Configuration Commands” ...

  • Page 30: Command Line Interface Structure And Mode-Based Cli

    Command Line Interface Structure and Mode-based CLI The Command Line Interface (CLI) syntax, conventions, and terminology are described in this section. Each CLI command is illustrated using the structure outlined below. CLI Command Format Commands are followed by values, parameters, or both. Example 1 ip address <ipaddr>...

  • Page 31: Cli Mode-Based Topology

    CLI Mode-based Topology Parameters Parameters are order dependent. The text in bold italics should be replaced with a name or number. To use spaces as part of a name parameter, enclose it in double quotes like this: "System Name with Spaces". Parameters may be mandatory values, optional values, choices, or a combination.
  • Page 32 Conventions Network addresses are used to define a link to a remote host, workstation, or network. Network addresses are shown using the following syntax: Table 5-1. Network Address Syntax Address Type Format Range IPAddr A.B.C.D 0.0.0.0 to 255.255.255.255 MacAddr YY:YY:YY:YY:YY:YY hexidecimal digit pairs Double quotation marks such as "System Name with Spaces"...

  • Page 33: Switching Commands

    Switching Commands System Information and Statistics commands 7.1.1 show arp This command displays connectivity between the switch and other devices. The Address Resolution Protocol (ARP) cache identifies the MAC addresses of the IP stations communicating with the switch. Syntax show arp Default Setting None Command Mode...
  • Page 34 7.1.3 show process cpu This command provides the percentage utilization of the CPU by different tasks. Syntax show process cpu It is not necessarily the traffic to the CPU, but different tasks that keep the CPU busy. Default Setting None Command Mode Privileged Exec Display Message...
  • Page 35 7.1.4 show eventlog This command displays the event log, which contains error messages from the system, in the Primary Management System or in the specified unit. The event log is not cleared on a system reset. Syntax show eventlog [unit] unit - The unit number of the remote system.
  • Page 36 Default Setting None Command Mode Privileged Exec 7.1.6 show sysinfo This command displays switch brief information and MIBs supported. Syntax show sysinfo Default Setting None Command Mode Privileged Exec Display Message System Description: The text used to identify this switch. System Name: The name used to identify the switch.
  • Page 37 Display Message System Description: Text used to identify this switch. System Object ID: The manufacturing ID System Information System Up Time: The time in days, hours and minutes since the last switch reboot. System Name: Name used to identify the switch. System Location: Text used to identify the location of the switch.
  • Page 38 Default Setting None Command Mode Privileged Exec Display Message System Description: Text used to identify the product name of this switch. Machine Type: Specifies the machine model as defined by the Vital Product Data. Machine Model: Specifies the machine model as defined by the Vital Product Data. Serial Number: The unique box serial number for this switch.
  • Page 39 Name: Name provided by Power Supply vendor. Model: Model Number provided by Power Supply vendor. Revision Number: Revision Number provided by Power Supply vendor. Manufacturer Location: Location provided by Power Supply vendor. Date of Manufacturing: Date of Manufacturing provided by Power Supply vendor. Serial Numbe: Serial Number provided by Power Supply vendor.
  • Page 40 Serial Number: The unique box serial number for this switch. Hardware Version: The hardware version of this switch. It is divided into four parts. The first byte is the major version and the second byte represents the minor version. Number of ports:Total number of port for this swirch system. Label Revision Number: The label revision serial number of this switch is used for manufacturing purposes.

  • Page 41: Device Configuration Commands

    7.1.12 show command filter This command displays the information that begin/include/exclude the regular expression. Syntax show command [| begin/include/exclude <LINE>] Default Setting None Command Mode Privileged Exec Display Message command: Any show command of the CLI begin: Begin with the line that matches include: Include lines that match exclude: Exclude lines that match <LINE>: Regular Expression...
  • Page 42 Source: This port is a monitoring port. PC Mbr: This port is a member of a port-channel (LAG). Dest: This port is a probe port. Admin Mode: Selects the Port control administration state. The port must be enabled in order for it to be allowed into the network.
  • Page 43 Broadcast Packets Received: The total number of packets received that were directed to the broadcast address. Note that this does not include multicast packets. Packets Transmitted Without Error: The total number of packets transmitted out of the interface. Transmit Packets Errors: The number of outbound packets that could not be transmitted because of errors.
  • Page 44 Total Packets Received (Octets): The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). This object can be used as a reasonable estimate of Ethernet utilization. If greater precision is desired, the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval.
  • Page 45 Packets RX and TX 2048-4095 Octets: The total number of packets (including bad packets) received that were between 2048 and 4095 octets in length inclusive (excluding framing bits but including FCS octets). Packets RX and TX 4096-9216 Octets: The total number of packets (including bad packets) received that were between 4096 and 9216 octets in length inclusive (excluding framing bits but including FCS octets).
  • Page 46 Packets Transmitted 512-1023 Octets: The total number of packets (including bad packets) received that were between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets). Packets Transmitted 1024-1518 Octets: The total number of packets (including bad packets) received that were between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS octets).
  • Page 47 STP BPDUs Received: Spanning Tree Protocol Bridge Protocol Data Units received. RSTP BPDUs Transmitted: Rapid Spanning Tree Protocol Bridge Protocol Data Units sent. RSTP BPDUs Received: Rapid Spanning Tree Protocol Bridge Protocol Data Units received. MSTP BPDUs Transmitted: Multiple Spanning Tree Protocol Bridge Protocol Data Units sent. MSTP BPDUs Received: Multiple Spanning Tree Protocol Bridge Protocol Data Units received.
  • Page 48 Maximum VLAN Entries: The maximum number of Virtual LANs (VLANs) allowed on this switch. Most VLAN Entries Ever Used: The largest number of VLANs that have been active on this switch since the last reboot. Static VLAN Entries: The number of presently active VLAN entries on this switch that have been created statically.
  • Page 49 7.2.1.4 interface This command is used to enter Interface configuration mode. Syntax interface <slot/port> <slot/port> - is the desired interface number. Default Setting None Command Mode Global Config 7.2.1.5 speed-duplex This command is used to set the speed and duplex mode for the interface. The 10-Giga interfaces will not provide the following command.
  • Page 50 all - This command represents all interfaces. no - This command will be back to 10G speed from 1G speed for all ports. Default Setting None Command Mode Global Config 7.2.1.6 negotiate This command enables automatic negotiation on a port. The default value is enabled. The 10-Giga interfaces will not provide the following command.
  • Page 51 Command Mode Global Config 7.2.1.7 capabilities This command is used to set the capabilities on specific interface. The 10-Giga interfaces will not provide the following command. Syntax capabilities {{10 | 100 } {full-duplex | half-duplex}} | {1000 full-duplex } no capabilities {{10 | 100 } {full-duplex | half-duplex}} | {1000 full-duplex } 10 - 10BASE-T 100 - 100BASE-T 1000 - 1000BASE-T...
  • Page 52 Default Setting 10 half-duplex, 10 full-duplex, 100 half-duplex, 100 full-duplex, and 1000 full-duplex Command Mode Global Config 7.2.1.8 storm-control flowcontrol This command enables 802.3x flow control for the switch. 802.3x flow control only applies to full-duplex mode ports. Syntax storm-control flowcontrol no storm-control flowcontrol no - This command disables 802.3x flow control for the switch.
  • Page 53 7.2.1.9 storm-control flowcontrol pfc The PFC function is disabled by default. Only after enabling it, the PFC process also starts. Once the feature is enabled, the original basic IEEE 802.3x PAUSE control cannot be enabled. It means these two features cannot be enabled at the same time. 802.3x flow control only applies to full-duplex mode ports.
  • Page 54 all - This command represents all ports. no - This command enables all ports. Default Setting Enabled Command Mode Global Config 7.2.1.11 description This command is used to create an alpha-numeric description of the port. Syntax description <description> no description no - This command removes the description of the port.
  • Page 55 Default Setting Auto Command Mode Interface Config 7.2.2 L2 MAC Address and Multicast Forwarding Database Tables 7.2.2.1 show mac-addr-table This command displays the forwarding database entries. If the command is entered with no parameter, the entire table is displayed. This is the same as entering the optional all parameter. Alternatively, the administrator can enter a MAC Address to display the table entry for the requested MAC address and all entries following the requested MAC address.
  • Page 56 Self: The value of the corresponding instance is the address of one of the switch’s physical interfaces (the system’s own MAC address). GMRP Learned: The value of the corresponding instance was learned via GMRP and applies to Multicast. Other: The value of the corresponding instance does not fall into one of the other categories. 7.2.2.2 show mac-addr-table count This command displays the total forwarding database entries, the number of static and learnning mac...
  • Page 57 example 01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes. In an SVL system, the MAC address will be displayed as 6 bytes. Note: This software version only supports IVL systems. VLAN ID: The vlan id of that mac address. Status: The status of this entry.
  • Page 58 Learned: The value of the corresponding instance was learned by observing the source MAC addresses of incoming traffic, and is currently in use. Management: The value of the corresponding instance (system MAC address) is also the value of an existing instance of dot1dStaticAddress. It is identified with interface 3/1 and is currently used when enabling VLANs for routing.
  • Page 59 Display Message Mac Address: A unicast MAC address for which the switch has forwarding and/or filtering information. The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes. In an SVL system, the MAC address will be displayed as 6 bytes.
  • Page 60 7.2.2.8 show mac-address-table stats This command displays the MFDB statistics. Syntax show mac-address-table stats Default Setting None Command Mode Privileged Exec Display Message Max MFDB Table Entries: This displays the total number of entries that can possibly be in the MFDB.
  • Page 61 no - This command sets the forwarding database address aging timeout to 300 seconds. Default Setting Command Mode Global Config 7.2.3 VLAN Management 7.2.3.1 show vlan This command displays brief information on a list of all configured VLANs. Syntax show vlan Default Setting None Command Mode...
  • Page 62 Default Setting None Command Mode Privileged Exec Display Message VLAN ID: There is a VLAN Identifier (VID) associated with each VLAN. The range of the VLAN ID is 1 to 3965. VLAN Name: A string associated with this VLAN as a convenience. It can be up to 16 alphanumeric characters, including blanks.
  • Page 63 <macaddr> - enter a MAC Address to display the table entry for the requested MAC address. Default Setting None Command Mode Privileged Exec Display Message MAC Address: A unicast MAC address for which the switch has forwarding and/or filtering information. The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB.
  • Page 64 Syntax show protocol group {<group-name> | all} <group-name> - The group name of an entry in the Protocol-based VLAN table. all – Displays the entire table. Default Setting None Command Mode Privileged Exec Display Message Group Name: This field displays the group name of an entry in the Protocol-based VLAN table. Group ID: This field displays the group identifier of the protocol group.
  • Page 65 port. With either option, VLAN tagged frames are forwarded in accordance to the 802.1Q VLAN specification. Ingress Filtering: May be enabled or disabled. When enabled, the frame is discarded if this port is not a member of the VLAN with which this frame is associated. In a tagged frame, the VLAN is identified by the VLAN ID in the tag.
  • Page 66 Syntax vlan name <vlanid> <newname> no vlan name <vlanid> <vlanid> - VLAN ID (Range: 1 –3965). <newname> - Configure a new VLAN Name (up to 16 alphanumeric characters). no - This command sets the name of a VLAN to a blank string. The VLAN ID is a valid VLAN identification number.
  • Page 67 <vlandid> - VLAN identification number. ID range is 1-3965. no - This command removes association of a specific IP-subnet to a VLAN. Default Setting None Command Mode VLAN database 7.2.3.12 vlan makestatic This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined).
  • Page 68 Default Setting None Command Mode VLAN database 7.2.3.14 switchport acceptable-frame-type This command sets the frame acceptance mode per interface. For VLAN Only mode, untagged frames or priority frames received on this interface are discarded. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port.
  • Page 69 no - This command sets the frame acceptance mode for all interfaces to Admit All. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification.
  • Page 70 Default Setting Disabled Command Mode Global Config 7.2.3.16 switchport native vlan This command changes the VLAN ID per interface. Syntax switchport native vlan <vlanid> no switchport native vlan <vlanid> <vlanid> - VLAN ID (Range: 1 –3965). no - This command sets the VLAN ID per interface to 1. Default Setting Command Mode Interface Config...
  • Page 71 7.2.3.17 switchport allowed vlan This command configures the degree of participation for a specific interface in a VLAN. The ID is a valid VLAN identification number, and the interface is a valid interface number. Syntax switchport allowed vlan {add [tagged | untagged] | remove} <vlan-list> <vlan-list>...
  • Page 72 Command Mode Global Config 7.2.3.18 switchport tagging This command configures the tagging behavior for a specific interface in a VLAN to enable. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames.
  • Page 73 Command Mode Global Config 7.2.3.19 switchport forbidden vlan This command used to configure forbidden VLANs. Syntax switchport forbidden vlan {add | remove} <vlan-list> no switchport forbidden <vlan-list> - VLAN ID (Range: 1 –3965) – separate non-consecutive IDs with ',' and no spaces and no zeros in between the range;...
  • Page 74 This command configures the port priority assigned for untagged packets for all ports presently plugged into the device. Any subsequent per port configuration will override this configuration setting. Syntax switchport priority all <0-7> <0-7> - The range for the priority is 0-7. all –...
  • Page 75 Syntax switchport protocol group <group-name> no switchport protocol group <group-name> <group-name> - a VLAN Group Name (a character string of 1 to 16 characters). no - This command removes the protocol-based VLAN group that is identified by this <group-name>. Default Setting None Command Mode Global Config...
  • Page 76 Syntax switchport protocol group add protocol <group-name> {ip | arp | ipx} no switchport protocol group add protocol <group-name> {ip | arp | ipx} <group-name> - a VLAN Group Name (a character string of 1 to 16 characters). ip - IP protocol. arp - ARP protocol.
  • Page 77 Mode: This field specifies the administrative mode through which Double VLAN Tunneling can be enabled or disabled. The default value for this field is disabled. EtherType This field represents a 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel.
  • Page 78 7.2.5 GVRP and Bridge Extension 7.2.5.1 show bridge-ext This command displays Generic Attributes Registration Protocol (GARP) information. Syntax show bridge-ext Default Setting None Command Mode Privileged Exec User Exec Display Message GMRP Admin Mode: This displays the administrative mode of GARP Multicast Registration Protocol (GMRP) for the system.
  • Page 79 Join Timer: Specifies the interval between the transmission of GARP PDUs registering (or re-registering) membership for an attribute. Current attributes are a VLAN or multicast group. There is an instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 10 to 100 centiseconds (0.1 to 1.0 seconds).
  • Page 80 Leave Timer: Specifies the period of time to wait after receiving an unregister request for an attribute before deleting the attribute. Current attributes are a VLAN or multicast group. This may be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service.
  • Page 81 7.2.5.5 bridge-ext gvrp This command enables GVRP. Syntax bridge-ext gvrp no bridge-ext gvrp no - This command disables GVRP. Default Setting Disabled Command Mode Global Config 7.2.5.6 bridge-ext gmrp This command enables GARP Multicast Registration Protocol (GMRP) on the system. The default value is disabled.
  • Page 82 no - This command disables GVRP (GARP VLAN Registration Protocol) for a specific port. If GVRP is disabled, Join Time, Leave Time, and Leave All Time have no effect. Default Setting Disabled Command Mode Interface Config This command enables GVRP (GARP VLAN Registration Protocol) for all ports. Syntax switchport gvrp all no switchport gvrp all...
  • Page 83 subsequently be re-enabled if routing is disabled or port-channel (LAG) membership is removed from an interface that has GMRP enabled. Default Setting Disabled Command Mode Interface Config This command enables GMRP Multicast Registration Protocol on all interfaces. If an interface which has GMRP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), GMRP functionality will be disabled on that interface.
  • Page 84 no - This command sets the GVRP join time per port and per GARP to 20 centiseconds (0.2 seconds). This command has an effect only when GVRP and GMRP are enabled. Default Setting 20 centiseconds (0.2 seconds) Command Mode Interface Config This command sets the GVRP join time for all ports and per GARP.
  • Page 85 This command sets the GVRP leave time per port. Leave time is the time to wait after receiving an unregister request for a VLAN or a multicast group before deleting the VLAN entry. This can be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service.
  • Page 86 Command Mode Global Config This command sets how frequently Leave All PDUs are generated per port. A Leave All PDU indicates that all registrations will be unregistered. Participants would need to rejoin in order to maintain registration. The value applies per port and per GARP participation. The time may range from 200 to 6000 (centiseconds).
  • Page 87 Default Setting 1000 centiseconds (10 seconds) Command Mode Global Config 7.2.6 IGMP Snooping 7.2.6.1 ip igmp snooping The user can go to the CLI Global Configuration Mode to set IGMP Snooping on the system, use the ip igmp snooping global configuration command. Use the no ip igmp snooping to disable IGMP Snooping on the system.
  • Page 88 Command Mode Global Config Interface Config 7.2.6.3 ip igmp snooping fast-leave The user can go to the CLI Global/Interface Configuration Mode to set IGMP Snooping fast-leave admin mode on a selected interface or all interfaces, use the ip igmpsnooping fast-leave global/interface configuration command.
  • Page 89 7.2.6.5 ip igmp snooping max-response-time The user can go to the CLI Interface Global/Interface Configuration Mode to set the IGMP Maximum Response time for the system, on a particular interface, use the ip igmp snooping max-response-time <1-25> global/interface configuration command. Use the no ip igmp snooping max-response-time return to default value 10 Syntax ip igmp snooping max-response-time <1-25>...
  • Page 90 7.2.6.7 ip igmp snooping mrouter interface The user can go to the CLI Interface Configuration Mode to configure the interface as a multicast router-attached interface or configure the VLAN ID for the VLAN that has the multicast router attached mode enabled, use the ip igmp snooping mrouter interface|<vlanId> interface configuration command.
  • Page 91 7.2.6.9 set igmp fast-leave The user can go to the CLI VLAN Configuration Mode to set IGMP Snooping fast-leave admin mode on a particular VLAN, use the set igmp fast-leave <vlanid> vlan configuration command. Use the no set igmp fast-leave <vlanid> disable IGMP Snooping fast-leave admin mode. Syntax set igmp fast-leave <vlanid>...
  • Page 92 Syntax set igmp maxresponse <vlanid> <1-25> no set igmp maxresponse <vlanid> < vlanid > - VLAN ID (Range: 1 – 3965). <1-25> -- This value must be less than the IGMP Query Interval time value. The range is 1 to 25 seconds.
  • Page 93 Syntax ip igmp snooping static <macaddr> vlan <vlanid> interface <slot/port> no ip igmp snooping static <macaddr> vlan <vlanid> interface <slot/port> < vlanid > - VLAN ID (Range: 1 – 3965). <macaddr> - Static MAC address. <slot/port> - Interface number. Default Setting None Command Mode Global Config...
  • Page 94 Group Membership Interval: Shows the amount of time in seconds that a switch will wait for a report from a particular group on a particular interface, which is participating on the interface, before deleting the interface from the entry. This value may be configured. Max Response Time: Interface on which IGMP Snooping is enabled.
  • Page 95 7.2.6.16 show ip igmp snooping mrouter vlan The user can go to the CLI Privilege Exec to display information about statically configured multicast router-attached interfaces, use the show ip igmp snooping mrouter vlan Privilege command. Syntax show ip igmp snooping mrouter vlan <slot/port> <slot/port>...
  • Page 96 7.2.6.18 show mac-address-table igmpsnooping The user can go to the CLI Privilege Exec to display the IGMP Snooping entries in the Multicast Forwarding Database (MFDB) table, use the show mac-address-table igmpsnooping Privilege command. Syntax show mac-address-table igmpsnooping Default Setting None Command Mode Privilege Exec Display Message...
  • Page 97 7.2.7.2 ip igmp snooping querier address The user can go to the CLI Global Configuration Mode to set IGMP snooping querier address, use the ip igmp snooping querier address <ip-address> global configuration command. Use the no ip igmp snooping querier address return to default value zero. Syntax ip igmp snooping querier address <ip-address>...
  • Page 98 Syntax ip igmp snooping querier querier-expiry-interval <60-300> no ip igmp snooping querier querier-expiry-interval <60-300> - set igmp querier timer expiry Default Setting 60 seconds Command Mode Global Config 7.2.7.5 ip igmp snooping querier version The user can go to the CLI Global Configuration Mode to set IGMP snooping querier version, use the ip igmp snooping querier version <1-2>...
  • Page 99 Default Setting Disabled Command Mode Global Config 7.2.7.7 ip igmp snooping querier vlan address The user can go to the CLI Global Configuration Mode to set IGMP snooping querier vlan address, use the ip igmp snooping querier vlan <1-3965> address <ip-address> global configuration command. Use the no ip igmp snooping querier vlan <1-3965>...
  • Page 100 Command Mode Global Config 7.2.7.9 show ip igmp snooping querier This command display IGMP snooping querier global information on the system. Syntax show ip igmp snooping querier Command Mode Privilege Exec Display Information IGMP Snooping Querier Mode: Administrative mode for IGMP Snooping. The default is disable. Querier Address: Specify the Snooping Querier Address to be used as source address in periodic IGMP queries.
  • Page 101 Display Information IGMP Snooping Querier Vlan Mode: Display the administrative mode for IGMP Snooping for the switch. Querier Election Participation Mode: Displays the querier election participate mode on the VLAN. When this mode is disabled, up on seeing a query of the same version in the vlan, the snooping querier move to non querier state.
  • Page 102 Syntax show ipv6 mld snooping [<slot/port>|<vlan-id>] Default Setting None Command Mode Privileged Exec User Exec Display Message When the optional arguments <slot/port> or <vlanid> are not used, the command displays the following information. Admin Mode: Indicates whether or not MLD Snooping is active on the switch. Interfaces Enabled for MLD Snooping: Interfaces on which MLD Snooping is enabled.
  • Page 103 7.2.8.2 show ipv6 mld snooping mrouter interface The user can go to the CLI Privilege Exec to display information about statically configured multicast router-attached interfaces, use the show ipv6 mld snooping mrouter interface Privilege command. Syntax show ipv6 mld snooping mrouter interface <slot/port> Default Setting None Command Mode...
  • Page 104 VLAN ID: Displays the list of VLANs of which the interface is a member. Interface: Shows the interface on which multicast router information is being displayed. 7.2.8.4 show ipv6 mld snooping static The user can go to the Privilege Exec to display MLD snooping static information, use the show ipv6 mld snooping static Privilege command.
  • Page 105 Display Message MAC Address: A multicast MAC address for which the switch has forwarding or filtering information. The format is twodigit hexadecimal numbers that are separated by colons, for example 33:33:45:67:89:AB. Type: The type of entry, which is either static (added by the user) or dynamic (added to the table as a result of a learning process or protocol.) Description: The text description of this multicast table entry.
  • Page 106 7.2.8.8 ipv6 mld snooping interfacemode The user can go to the CLI Global/Interface Configuration Mode to set MLD Snooping on one interface or all interfaces, use the ipv6 mld snooping interfacemode global/interface configuration command. Use the no ipv6 mld snooping interfacemode disable MLD Snooping on all interfaces. Syntax Ipv6 mld snooping interfacemode <all>...
  • Page 107 Syntax Ipv6 mld snooping groupmembershipinterval <2-3600> no ipv6 mld snooping groupmembershipinterval Default Setting Command Mode Global Config Interface Config 7.2.8.11 ipv6 mld snooping max-response-time The user can go to the CLI Interface Global/Interface Configuration Mode to set the MLD Maximum Response time for the system, on a particular interface, use the ipv6 mld snooping max-response-time <1-65>...
  • Page 108 Command Mode Global Config Interface Config 7.2.8.13 ipv6 mld snooping mrouter interface The user can go to the CLI Interface Configuration Mode to configure the interface as a multicast router-attached interface or configure the VLAN ID for the VLAN that has the multicast router attached mode enabled, use the ipv6 mld snooping mrouter interface interface|<vlanId>...
  • Page 109 Syntax set mld <vlanid> no set mld <vlanid> Default Setting Disabled Command Mode VLAN Mode 7.2.8.16 set mld fast-leave The user can go to the CLI VLAN Configuration Mode to set MLD Snooping fast-leave admin mode on a particular VLAN, use the set mld fast-leave <vlanid> vlan configuration command. Use the no set mld fast-leave <vlanid>...
  • Page 110 Command Mode VLAN Mode 7.2.8.18 set mld maxresponse The user can go to the CLI Interface VLAN Mode to set the MLD Maximum Response time on a particular VLAN, use the set mld max-response-time <vlanid> <1-65> vlan configuration command. Use the no set mld max-response-time <vlanid> return to default value 10. Syntax set mld max-response-time <vlanid>...
  • Page 111 Syntax show ipv6 mld snooping querier Default Setting None Command Mode Privileged Exec User Exec Display Message MLD Snooping Querier Mode: Specify the Snooping Querier Address to be used as source address in periodic MLD queries. This address is used when no address is configured on the VLAN on which query is being sent.
  • Page 112 participate in querier election where in the least ip address will win the querier election and operates as the querier in that VLAN. The other querier moves to non-querier state. Querier Election Participation Mode: Displays the querier election participate mode on the VLAN. When this mode is disabled, up on seeing a query of the same version in the vlan, the snooping querier move to non querier state.
  • Page 113 7.2.9.4 ipv6 mld snooping querier The user can go to the CLI Global Configuration Mode to set MLD snooping querier admin mode, use the ipv6 mld snooping querier global configuration command. Use the no ipv6 mld snooping querier to disable. Syntax ipv6 mld snooping querier no ipv6 mld snooping querier...
  • Page 114 Command Mode Global Config 7.2.9.7 ipv6 mld snooping querier querier-expiry-interval The user can go to the CLI Global Configuration Mode to set MLD snooping querier querier expiry interval, use the ipv6 mld snooping querier querier-expiry-interval <60-300> global configuration command. Use the no ipv6 mld snooping querier querier-expiry-interval return to default value zero. Syntax ipv6 mld snooping querier querier-expiry-interval <60-300>...
  • Page 115 Syntax ipv6 mld snooping querier vlan <1-3965> address <ipv6-address> no ipv6 mld snooping querier vlan <1-3965> address <ipv6-address> Default Setting Disabled Command Mode Global Config 7.2.9.10 ipv6 mld snooping querier vlan election participate The user can go to the CLI Global Configuration Mode to set MLD snooping querier vlan election participate mode, use the ipv6 mld snooping querier vlan election-participate <1-3965>...
  • Page 116 Display Message For each port-channel the following information is displayed: Logical Interface: The field displays logical slot and the logical port. Port-Channel Name: This field displays the name of the port-channel. Link State: This field indicates whether the link is up or down. Trap Flag: This object determines whether or not to send a trap when link status changes.
  • Page 117 Port Speed: Speed of the port-channel port. Port Active: This field lists the ports that are actively participating in the port-channel (LAG). This command displays an overview of all port-channels (LAGs) on the switch. Syntax show port-channel all Default Setting None Command Mode Privileged Exec...
  • Page 118 <logical slot/port> - The port-channel interface number. <name> - The port-channel name (up to 15 alphanumeric characters). <index> - The port-channel index number, the range is from 1 to 64. all - all port-channel interfaces. no - This command removes that port-channel. Default Setting None Command Mode...
  • Page 119 no - This command disables to support static function on specific port-channel on this device. Default Setting Disabled Command Mode Interface Config 7.2.10.5 port-channel linktrap This command enables link trap notifications for the port-channel (LAG). The interface is a logical slot and port for a configured port-channel.
  • Page 120 dst-src-mac - Sets the mode on the source and destination MAC addresses. src-ip - Sets the mode on the source IP address. dst-ip - Sets the mode on the destination IP address. dst-src-ip - Sets the mode on the source and destination IP addresses. no - Restore the mode to be default value.
  • Page 121 Syntax port-channel name {<logical slot/port> | all} <name> <logical slot/port> - The port-channel interface number. all - all port-channel interfaces. <name> - The port-channel name (up to 15 characters) to be configured. Default Setting None Command Mode Global Config 7.2.10.8 port-channel system priority This command defines a system priority for the port-channel (LAG).
  • Page 122 Default Setting Enabled Command Mode Interface Config 7.2.10.10 lacp This command enables Link Aggregation Control Protocol (LACP) on a port. Syntax lacp no lacp no - This command disables Link Aggregation Control Protocol (LACP) on a port. Default Setting Enabled Command Mode Interface Config This command enables Link Aggregation Control Protocol (LACP) on all ports.
  • Page 123 7.2.10.11 lacp actor or lacp partner This command set <actor | partner> admin key value of Link Aggregation Control Protocol (LACP) on a port. Syntax lacp <actor|partner> admin key <key-value> no lacp <actor|partner> admin key <key-value>: 0-65535 no - This command restores <actor | partner> admin key value of Link Aggregation Control Protocol (LACP) on a port.
  • Page 124 This command set <actor | partner> port priority value of Link Aggregation Control Protocol (LACP) on a port. Syntax lacp <actor|partner> port priority <priority-value> no lacp <actor|partner> port priority <priority-value> – range 0-255. no - This command restores <actor | partner> port priority value of Link Aggregation Control Protocol (LACP) on a port.
  • Page 125 no - This command restores collector max-delay time of Link Aggregation Control Protocol (LACP) on a port-channel Default Setting Command Mode Interface Config 7.2.10.12 channel-group This command adds one port to the port-channel (LAG). The first interface is a logical slot and port number of a configured port-channel.
  • Page 126 Default Setting None Command Mode Interface Config This command deletes all configured ports from the port-channel (LAG). The interface is a logical slot and port number of a configured port-channel. Syntax delete-channel-group <logical slot/port> all <logical slot/port> - Port-Channel Interface number. all - All members for specific Port-Channel.
  • Page 127 Level: Displays level for storm control broadcast. Rate: Displays rate for storm control broadcast. This command is used to display multicast storm control information. Syntax show storm-control multicast Default Setting None Command Mode Privileged Exec Display Message Intf: Displays interface number. Mode: Displays status of storm control multicast.
  • Page 128 7.2.11.2 storm-control broadcast This command enables broadcast storm recovery mode on the selected interface. If the mode is enabled, broadcast storm recovery with high threshold is implemented. The threshold implementation follows a percentage pattern. If the broadcast traffic on any Ethernet port exceeds the high threshold percentage (as represented in “Broadcast Storm Recovery Thresholds”...
  • Page 129 Syntax storm-control multicast no storm-control multicast no - This command disables multicast storm recovery mode on the selected interface. Default Setting None Command Mode Interface Config This command enables multicast storm recovery mode on all interfaces. Syntax storm-control multicast no storm-control multicast no - This command disables multicast storm recovery mode on all interfaces.
  • Page 130 Command Mode Interface Config This command enables unicast storm recovery mode on all interfaces. Syntax storm-control unicast no storm-control unicast no - This command disables unicast storm recovery mode on all interfaces. Default Setting None Command Mode Global Config 7.2.11.5 switchport broadcast packet-rate This command will protect your network from broadcast storms by setting a threshold level for broadcast traffic on each port.
  • Page 131 This command will protect your network from broadcast storms by setting a threshold level for broadcast traffic on all ports. Syntax switchport broadcast all packet-rate {1 | 2 | 3 | 4} 1 - Threshold level represents 64 pps for 1G Port or 1042 pps for 10G port. 2 - Threshold level represents 128 pps for 1G Port or 2084 pps for 10G port.
  • Page 132 This command will protect your network from multicast storms by setting a threshold level for multicast traffic on all ports. Syntax switchport multicast all packet-rate {1 | 2 | 3 | 4} 1 - Threshold level represents 64 pps for 1G Port or 1042 pps for 10G port. 2 - Threshold level represents 128 pps for 1G Port or 2084 pps for 10G port.
  • Page 133 Command Mode Interface Config This command will protect your network from unicast storms by setting a threshold level for unicast traffic on all ports. Syntax switchport unicast all packet-rate {1 | 2 | 3 | 4} 1 - Threshold level represents 64 pps for 1G Port or 1042 pps for 10G port. 2 - Threshold level represents 128 pps for 1G Port or 2084 pps for 10G port.
  • Page 134 Display Message User Priority: Displays the 802.1p priority to be mapped. Traffic Class: Displays internal traffic class to map the corresponding 802.1p priority. 7.2.12.2 queue cos-map This command is used to assign class of service (CoS) value to the CoS priority queue. Syntax queue cos-map <priority>...
  • Page 135 <Session Number> - session number. Default Setting None Command Mode Privileged Exec Display Message Session ID: indicates the session ID. Admin Mode: indicates whether the Port Monitoring feature is enabled or disabled. The possible values are enabled and disabled. Dest.Port: is the slot/port that is configured as the probe port. If this value has not been configured, 'Not Configured' will be displayed.
  • Page 136 This command removes all configured probe ports and mirrored port. Syntax no port-monitor Default Setting None Command Mode Global Config 7.2.13.3 port-monitor session mode This command configures the mode parameter to enabled the administrative mode of the session. If enabled, the probe port monitors all the traffic received and transmitted on the physical monitored port. Syntax port-monitor session <session-id>...
  • Page 137 Command Mode Global Config Display Message Admin Mode: the link state admin mode. Group ID: The group ID for each displayed row. Mode: This group was set which mode. UpStream: Display such port was included to UpStream set. DownStream: Display such port was included to DownStream set. 7.2.14.2 link state Enable/Disable the link state admin mode.
  • Page 138 Command Mode Interface Config 7.2.15 Port Backup 7.2.15.1 show port backup Show port-backup information. Syntax show port-backup Command Mode Privileged EXEC Display Message Admin Mode: Indicates whether or not port-backup is active on the switch. Group ID: The Group ID for each displayed row. Mode: Indicates whether or not the group is active.
  • Page 139 no - This command disables port-backup function. Command Mode Global Config 7.2.15.3 port-backup group Set active port or backup port for a port-backup group. Use ‘port-backup group <group id> <active | backup>’ to set the port to be configured active or configured backup port. Syntax port-backup group <1-6>...
  • Page 140 7.2.16.2 show fip-snooping enode This command displays the ENode connections for the entire system. Syntax show fip-snooping enode Default Setting None Command Mode Privileged Exec Display Message Interface: Name of the interface to which the ENode is connected. VLAN ID: ID number of the VLAN to which the ENode belongs. ENode Name ID: Name ID.
  • Page 141 7.2.16.4 show fip-snooping fcf This command displays to what interfaces the FCFs are connected for the entire system. Syntax show fip-snooping fcf Default Setting None Command Mode Privileged Exec Display Message Interface: Name of the interface to which the FCoE Forwarder (FCF) is connected. VLAN ID: ID number of the VLAN to which the FCF belongs.
  • Page 142 7.2.16.6 fip-snooping The FIP snooping function is disabled by default. Only after enabling it, are the FIP related CLIs under VLAN and interface mode visible. The FIP-snoop process also starts after the “fip-snooping” command is enabled. Once the feature is enabled, the FIP-snoop packets and FCoE packets are dropped, unless explicitly enabled on a per-VLAN basis.
  • Page 143 7.2.17 Enhanced Transmission Selection (ETS) 7.2.17.1 show queue ets This command displays ETS mode on specific interface. Syntax show queue ets <slot/port> <slot/port> - Interface number. Default Setting None Command Mode Privileged Exec Display Message Interface: Name of the interface. Mode: ETS mode.
  • Page 144 Syntax show queue ets weight <slot/port> Default Setting None Command Mode Privileged Exec Display Message Interface: Name of the interface to which the ETS is enabled. Weight : ETS weight in percentage. 7.2.17.4 show queue ets pg-mapping This command displays ETS function on specific interface for the entire system. Syntax show queue ets pg-mapping <slot/port>...
  • Page 145 Default Setting Disabled Command Mode Interface Config 7.2.17.6 queue ets scheduler-type This command configures the scheduler type for an interface. The scheduler type is WRR or WERR. When the ETS is enabled, the default scheduler type is WERR. Syntax queue ets scheduler-type [wrr|werr] no queue ets scheduler-type WRR - Set ETS scheduler type to WRR WERR - Set ETS scheduler type to WERR...
  • Page 146 Default Setting 50(LAN), 50(SAN) Command Mode Interface Config 7.2.17.8 queue ets pg-mapping This command configures the mapping list of priority to priority groups. The range of priority id is from 0 to 7. The priority groups are LAN, SAN and IPC. This command let you assign priority id to specific priority group.
  • Page 147 Default Setting None Command Mode Privileged Exec Display Message Congestion Notify: Displays Congestion Notification function status. Tag ethertype recognize: When set to 1 , CN-Tag ether type is recognized by parsing stages Tag ethertype: A new tag that is being added by 802.1Qau as a part of the congestion management requirements.
  • Page 148 Priority Queue: Priority queue is enabled for CN function. Mode: CN mode (Enable/Disable) CNM Count: Counts the number of CN message generated by the congestion messaged queue. 7.2.18.3 congestion-notify priority The CN function is disabled by default on all priorities for each port. User can use this command to enable/disable the priority queue on specific interface.
  • Page 149 The user can go to the CLI Global Configuration Mode to configure the Ether Type of CN-TAG. Use the ‘congestion-notify tag ethertype <value>’ global configuration command. Use the ‘no congestion-notify tag ethertype’ to configure CN-TAG Ether Type to default value.. Syntax congestion-notify tag ethertype <0-65535>...
  • Page 150 Syntax congestion-notify msg ethertype <0-65535> no congestion-notify msg ethertype <0-65535> - This command sets the Ether Type value of CNM. no - This command disables Ether Type for Congestion Notification Message (CNM). Default Setting 0x22e7 Command Mode Global Config 7.2.18.7 congestion-notify CPID The user can go to the CLI Global Configuration Mode to configure the device identifier of CPID.
  • Page 151 CPIndex - This command configures queue number of sampled packet. Q_No - This command sets congestion point index. Default Setting Command Mode Global Config 7.2.18.8 congestion-notify outer This command set value of CNM's outer VLAN tag's CFI bits, value of CNM's outer VLAN tag's 802.1p bits, value of CNM's outer VLAN tag's TPID, and set the CNM's outer VLAN ID.

  • Page 152: Management Commands

    <-1-1> - This command sets value of CNM's inner VLAN tag's CFI bits. <-1-7> - This command sets value of CNM's inner VLAN tag's 802.1p bits. no - This command restored default value.. Default Setting Command Mode Global Config 7.2.18.10 congestion-notify no-generate The user can go to the CLI Global Configuration Mode to choose the CNM generation behavior when congestion notification threshold is reached but the incoming sampled packet does not have CN-TAG.
  • Page 153 switch's front panel ports. The configuration parameters associated with the switch's network interface do not affect the configuration of the front panel ports through which traffic is switched or routed. Syntax show ip interface Default Setting None Command Mode Privileged Exec User Exec Display Message IP Address: The IP address of the interface.
  • Page 154 Command Mode Privileged Exec Display Message Manegement IP Filter Address Table: The admin mode status for IP filter. Index: The index of stations. IP Address: The IP address of stations that are allowed to make configuration changes to the Switch. 7.3.1.3 This command sets the maximum transmission unit (MTU) size (in bytes) for physical and port-channel (LAG) interfaces.
  • Page 155 Command Mode Global Config 7.3.1.5 ip address This command sets the IP Address, and subnet mask. The IP Address and the gateway must be on the same subnet. Syntax ip address <ipaddr> <netmask> no ip address <ipaddr> - IP address <netmask>...
  • Page 156 Command Mode Global Config 7.3.1.7 ip address protocol This command specifies the network configuration protocol to be used. If you modify this value, the change is effective immediately. Syntax ip address protocol {bootp | dhcp | none} <bootp> - Obtains IP address from BOOTP. <dhcp>...
  • Page 157 This command is used to set an IP address to be a filter. Syntax ip filter <ipaddr> no ip filter <ipaddr> <ipaddr> - Configure a IP address to the filter. no - Remove this IP address from filter. Default Setting None Command Mode Global Config...
  • Page 158 Password Threshold: When the logon attempt threshold is reached on the console port, the system interface becomes silent for a specified amount of time before allowing the next logon attempt. (Use the silent time command to set this interval.) When this threshold is reached for Telnet, the Telnet logon interface closes.
  • Page 159 7.3.2.4 exec-timeout This command specifies the maximum connect time (in minutes) without console activity. A value of 0 indicates that a console can be connected indefinitely. The time range is 0 to 160. Syntax exec-timeout <0-160> <0-160> - max connect time (Range: 0 -160), 0: forever. no - This command sets the maximum connect time (in minutes) without console activity to 5.
  • Page 160 <0-65535> - silent time (Range: 0 - 65535) in seconds. no - This command sets the maximum value to the default. Default Setting Command Mode Line Config 7.3.2.7 terminal length This command uses to configure the columns per page for the management console. Syntax terminal-length <10-100>...
  • Page 161 [line] - Set the outbound telnet operational mode as ‘linemode’, where by default, the operational mode is ‘character mode’. [echo] - Enable local echo. Default Setting None Command Mode Privileged Exec User Exec 7.3.3.2 show line vty This command displays telnet settings. Syntax show line vty Default Setting...
  • Page 162 7.3.3.3 line vty This command is used to enter vty (Telnet) configuration mode. Syntax line vty Default Setting None Command Mode Global Config 7.3.3.4 exec-timeout This command sets the remote connection session timeout value, in minutes. A session is active as long as the session has been idle for the value set.
  • Page 163 Syntax password-threshold <0-120> no password-threshold <threshold> - max threshold (Range: 0 - 120). no - This command sets the maximum value to the default. Default Setting Command Mode Line Vty 7.3.3.6 terminal length This command uses to configure the columns per page for the vty session. Syntax terminal-length <10-100>...
  • Page 164 Default Setting Command Mode Line Vty 7.3.3.8 server enable This command enables/disables telnet server. If telnet server is enabled, all telnet sessions can be established until there are no more sessions available. If telnet server is disabled, all telnet sessions are closed.
  • Page 165 7.3.3.10 telnet sessions This command regulates new outbound telnet connections. If enabled, new outbound telnet sessions can be established until it reaches the maximum number of simultaneous outbound telnet sessions allowed. If disabled, no new outbound telnet session can be established. An established session remains active until the session is ended or an abnormal network error ends it.
  • Page 166 7.3.3.12 telnet exec-timeout This command sets the outbound telnet session timeout value in minute. Changing the timeout value for active sessions does not become effective until the session is reaccessed. Any keystroke will also activate the new timeout duration. Syntax telnet exec-timeout <1-160>...
  • Page 167 7.3.4 SSH Client Session Commands 7.3.4.1 This command establishes a new outbound ssh connection to a remote host. Syntax ssh <ip-address|hostname> <username> { [port <1-65535>] [protocol <protocollevel>] | [protocol <protocollevel>] [port <1-65535>]} <ip-address|hostname> - A hostname or a valid IP address. <username>...
  • Page 168 7.3.4.3 sshc maxsessions This command specifies the maximum number of simultaneous outbound ssh sessions. A value of 0 indicates that no outbound ssh session can be established. Syntax sshc maxsessions <0-5> no maxsessions <0-5> - max sessions (Range: 0 - 5). no - This command sets the maximum value to be 5.
  • Page 169 Syntax show sshc Default Setting None Command Mode Privileged Exec User Exec Display Message Outbound SSH Login Timeout (in minutes) Indicates the number of minutes an outbound ssh session is allowed to remain inactive before being logged off. A value of 0, which is the default, results in no timeout.
  • Page 170 SNMP Community Name: The community string to which this entry grants access. A valid entry is a case-sensitive alphanumeric string of up to 16 characters. Each row of this table must contain a unique community name. Client IP Address: An IP address (or portion thereof) from which this device will accept SNMP packets with the associated community.
  • Page 171 OSPFv3 Traps May be enabled or disabled. The factory default is disabled. Indicates whether OSPF traps will be sent. PIM Traps May be enabled or disabled. The factory default is disabled. Indicates whether PIM traps will be sent. 7.3.5.3 snmp-server sysname This command sets the name of the switch.
  • Page 172 7.3.5.5 snmp-server contact This command sets the organization responsible for the network. The range for contact is from 1 to 31 alphanumeric characters. Syntax snmp-server contact <con> <con> - Range is from 1 to 31 alphanumeric characters. Default Setting None Command Mode Global Config 7.3.5.6...
  • Page 173 This command activates an SNMP community. If a community is enabled, an SNMP manager associated with this community manages the switch according to its access right. If the community is disabled, no SNMP requests using this community are accepted. In this case the SNMP manager associated with this community cannot manage the switch until the Status is changed back to Enable.
  • Page 174 This command restricts access to switch information. The access mode is read-only (also called public) or read/write (also called private). Syntax snmp-server community {ro | rw} <name> <name> - community name. <ro> - access mode is read-only. <rw> - access mode is read/write. Default Setting None Command Mode...
  • Page 175 Syntax snmp-server enable traps acl-trapflags no snmp-server enable traps acl-trapflags no - This command disables the acl trap. Default Setting Enabled Command Mode Global Config This command enables the Authentication trap. Syntax snmp-server enable traps authentication no snmp-server enable traps authentication no - This command disables the Authentication trap.
  • Page 176 This command enables Link Up/Down traps for the entire switch. When enabled, link traps are sent only if the Link Trap flag setting associated with the port is enabled (see ‘snmp trap link-status’ command). Syntax snmp-server enable traps linkmode no snmp-server enable traps linkmode no - This command disables Link Up/Down traps for the entire switch.
  • Page 177 no snmp-server enable traps ospf {all | errors {all | authentication-failure | bad-packet | config-error | virtauthentication-failure | virt-bad-packet | virt-config-error} | if-rx {all | if-rx-packet} | lsa {all | lsa-maxage | lsa-originate} | overflow {all | lsdb-overflow | lsdb-approaching-overflow} | retransmit {all | packets | virt-packets} | rtb {all, rtb-entry-info} | state-change {all | if-state-change | neighbor-state-change | virtif-statechange | virtneighbor-state-change}} no - This command disables OSPF trap.
  • Page 178 Default Setting Enabled Command Mode Global Config This command enables the sending of new root traps and topology change notification traps. Syntax snmp-server enable traps stpmode no snmp-server enable traps stpmode no - This command disables the sending of new root traps and topology change notification traps. Default Setting Enabled Command Mode...
  • Page 179 SNMP Trap Name: The community string of the SNMP trap packet sent to the trap manager. This may be up to 16 alphanumeric characters. This string is case sensitive. IP Address: The IP address to receive SNMP traps from this device. Enter 4 numbers between 0 and 255 separated by periods.
  • Page 180 Default Setting Disabled Command Mode Interface Config This command enables link status traps for all interfaces. This command is valid only when the Link Up/Down Flag is enabled. See ‘snmpserver enable traps linkmode’ command. Syntax snmp trap link-status all no snmp trap link-status all all - All interfaces.
  • Page 181 Command Mode Global Config 7.3.6.5 snmptrap ipaddr <name> <ipaddr> <ipaddrnew> This command changes the IP address of the trap receiver for the specified community name. The maximum length of name is 16 case-sensitive alphanumeric characters. IP addresses in the SNMP trap receiver table must be unique for the same community name.
  • Page 182 Default Setting None Command Mode Global Config 7.3.7 HTTP commands 7.3.7.1 show ip http This command displays the http settings for the switch. Syntax show ip http Default Setting None Command Mode Privileged Exec Display Message HTTP Mode (Unsecure): This field indicates whether the HTTP mode is enabled or disabled. HTTP Port: This field specifies the port configured for HTTP.
  • Page 183 Syntax ip javamode no ip javamode no - This command disallows access to the Java applet in the header frame of the Web interface. When access is disabled, the user cannot view the Java applet. Default Setting Enabled Command Mode Global Config 7.3.7.3 ip http port...
  • Page 184 Syntax ip http server no ip http server no - This command disables access to the switch through the Web interface. When access is disabled, the user cannot login to the switch's Web server. Default Setting Enabled Command Mode Global Config 7.3.7.5 ip http secure-port This command is used to set the SSLT port where port can be 1-65535 and the default is port 443.
  • Page 185 Default Setting Disabled Command Mode Global Config 7.3.7.7 ip http secure-protocol This command is used to set protocol levels (versions). The protocol level can be set to TLS1, SSL3 or to both TLS1 and SSL3. Syntax ip http secure-protocol <protocollevel1> [protocollevel2] no ip http secure-protocol <protocollevel1>...
  • Page 186 Display Message Administrative Mode: This field indicates whether the administrative mode of SSH is enabled or disabled. Protocol Levels: The protocol level may have the values of version 1, version 2, or both versions. SSH Sessions Currently Active: This field specifies the current number of SSH connections. Max SSH Sessions Allowed: The maximum number of inbound SSH sessions allowed on the switch.
  • Page 187 Command Mode Global Config 7.3.8.4 ip ssh maxsessions This command specifies the maximum number of SSH connection sessions that can be established. A value of 0 indicates that no ssh connection can be established. The range is 0 to 5. Syntax ip ssh maxsessions <0-5>...
  • Page 188 Default Setting Command Mode Global Config 7.3.9 Management Security Commands 7.3.9.1 crypto certificate generate This commands is used to generation self-signed certificate for HTTPS. Syntax crypto certificate generate no crypto certificate generate no- This command is used to delete the HTTPS certificate file from the device, regardless of whether they are self-signed or download from an outside source.
  • Page 189 7.3.10 DHCP Client Commands 7.3.10.1 ip dhcp restart This command is used to initiate a BOOTP or DCHP client request. Syntax ip dhcp restart Default Setting None Command Mode Global Config 7.3.10.2 ip dhcp client-identifier This command is used to specify the DCHP client identifier for this switch. Use the no form to restore to default value.
  • Page 190 7.3.11 DHCPv6 Client Commands 7.3.11.1 ipv6 address protocol This command specifies the network of IPv6 configuration protocol to be used . If you modify this value, the change is effective immediately. Syntax ipv6 address protocol {dhcp6 | none} <dhcp6> - Obtains IPv6 address from DHCPv6. <none>...
  • Page 191 <bootp> - Obtains IP address from BOOTP. <dhcp> - Obtains IP address from DHCP. <dhcp6> - Obtains IPv6 address from DHCPv6. <none> - Obtains IP address by setting configuration. <none dhcp6> - Obtains IPv6 address by setting configuration. Default Setting None Command Mode Global Config...
  • Page 192 Display Message Maximum Hop Count - The maximum number of Hops a client request can go without being discarded. Minimum Wait Time (Seconds) - The Minimum time in seconds. This value will be compared to the time stamp in the client's request packets, which should represent the time since the client was powered up.
  • Page 193 Syntax show sflow agent Default Setting None Command Mode Privilege Exec Display Message sFlow Version: Uniquely identifies the version and implementation of this MIB. IP Address: The IP address associated with this agent. 7.3.13.2 show sflow pollers The user can go to the CLI Privilege Exec to get the sFlow polling instances created on the switch, use the show sflow pollers Privilege command.
  • Page 194 show sflow receivers Default Setting None Command Mode Privilege Exec Display Message Receiver Index: The sFlow Receiver associated with the sampler/poller. Owner String: The identity string for receiver, the entity making use of this sFlowRcvrTable entry. Time Out: The time (in seconds) remaining before the receiver is released and stops sending samples to sFlow receiver.
  • Page 195 7.3.13.5 set sflow rate The user can go to the CLI Interface Configuration Mode to set sampling rate, use the sflow rate <0-3600> interface configuration command. Use the no sflow rate return to default value zero. Syntax sflow rate <0-3600> no sflow rate Default Setting Command Mode...
  • Page 196 Default Setting 1400 Command Mode Global Config 7.3.13.8 set sflow receiver address The user can go to the CLI Global Configuration Mode to set receiver ip address, use the sflow receiver <index> ip <ip> global configuration command. Use the no sflow receiver <index> ip to clear collector ip address.
  • Page 197 7.3.13.10 set sflow interval The user can go to the CLI Interface Configuration Mode to set polling interval, use the sflow poller interval <0-86400> interface configuration command. Use the no sflow poller interval return to default value zero. Syntax sflow poller interval <0-86400> no sflow poller interval Default Setting Command Mode...
  • Page 198 Default Setting None Command Mode Interface Config 7.3.14 Service Port Commands 7.3.14.1 show serviceport This command displays service port configuration information. Syntax show serviceport Default Setting None Command Mode Privileged Exec Display Message Interface Status: Indicates whether the interface is up or down. IP Address: The IP address of the interface.
  • Page 199 Default Setting None Command Mode Privileged Exec Display Message IPv6 Address: Specifies the IPv6 address of neighbor or interface. MAC Address: Specifies MAC address associated with an interface. isRr:. Specifies router flag. Neighbor State: Incmp - Address resolution is being performed on the entry. A neighbor solicitation message has been sent to the solicited-node multicast address of the target, but the corresponding neighbor advertisement message has not yet been received.
  • Page 200 Command Mode Global Config 7.3.14.4 serviceport protocol This command specifies the network management port configuration protocol. If you modify this value, the change is effective immediately. If you use the bootp parameter, the switch periodically sends requests to a BootP server until a response is received. If you use the dhcp parameter, the switch periodically sends requests to a DHCP server until a response is received.
  • Page 201 7.3.14.6 serviceport ipv6 address Use this command to configure IPv6 global addressing (i.e. Default routers) information for the service port. Syntax serviceport ipv6 address <address>/<prefix-length> [eui64] no serviceport ipv6 address [<address>/<prefix-length>] no - This command remove all IPv6 prefixes on the service port interface. <address>: IPv6 prefix in IPv6 global address format.

  • Page 202: Spanning Tree Commands

    Default Setting None Command Mode Global Config Spanning Tree Commands This section provides detailed explanation of the spanning tree commands. The commands are divided into two functional groups:  Show commands display spanning tree settings, statistics, and other information.  Configuration Commands configure features and options of the switch.
  • Page 203 Root Path Cost: Value of the Root Path Cost parameter for the common and internal spanning tree. Root Port Identifier: The Root Port for the spanning tree instance identified by the MSTID. Bridge Max Age: Maximum message age. Bridge Max Hops: The maximum number of hops for the spanning tree. Max Tx Hold Count: The max value of bridge tx hold count for the spanning tree.
  • Page 204 Auto Edge: True or false. Port Up Time Since Counters Last Cleared: Time since the port was reset, displayed in days, hours, minutes, and seconds. STP BPDUs Transmitted: Spanning Tree Protocol Bridge Protocol Data Units sent. STP BPDUs Received: Spanning Tree Protocol Bridge Protocol Data Units received. RSTP BPDUs Transmitted: Rapid Spanning Tree Protocol Bridge Protocol Data Units sent.
  • Page 205 <0-4094> - multiple spanning tree instance ID. Default Setting None Command Mode Privileged Exec Display Message MST Instance ID: The multiple spanning tree instance ID. MST Bridge Priority: The bridge priority of current MST. MST Bridge Identifier: The bridge ID of current MST. Time Since Topology Change: In seconds.
  • Page 206 This command displays the detailed settings and parameters for a specific switch port within a particular multiple spanning tree instance. The instance <mstid> is a number that corresponds to the desired existing multiple spanning tree instance. The <slot/port> is the desired switch port. Syntax show spanning-tree mst port detailed <0-4094>...
  • Page 207 External Port Path Cost - The External Path Cost of the specified port in the spanning tree. Designated Root: Identifier of the designated root for this port within the CST. Designated Port Cost: Path Cost offered to the LAN by the Designated Port. Designated Bridge: The bridge containing the designated port.
  • Page 208 STP Mode: Indicate STP mode. Type: Currently not used. STP State: The forwarding state of the port in the specified spanning tree instance. Port Role: The role of the specified port within the spanning tree. Desc: The port in loop inconsistence state will display “*LOOP_Inc”. 7.4.1.5 show spanning-tree summary This command displays spanning tree settings and parameters for the switch.
  • Page 209 Syntax show spanning-tree brief Default Setting None Command Mode Privileged Exec Display Message Bridge Priority: Configured value. Bridge Identifier: The bridge ID of current Spanning Tree. Bridge Max Age: Configured value. Bridge Max Hops: Configured value. Bridge Hello Time: Configured value. Bridge Forward Delay: Configured value.
  • Page 210 7.4.2.2 spanning-tree protocol-migration This command enables BPDU migration check on a given interface. The all option enables BPDU migration check on all interfaces. Syntax spanning-tree protocol-migration {<slot/port> | all} no spanning-tree protocol-migration {<slot/port> | all} <slot/port> - is the desired interface number. all - All interfaces.
  • Page 211 Syntax spanning-tree configuration revision <0-65535> no spanning-tree configuration revision <value> - Revision Level is a number in the range of 0 to 65535. no - This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using to the default value, that is, 0. Default Setting Command Mode Global Config...
  • Page 212 Syntax spanning-tree forward-time <4-30> no spanning-tree forward-time <4-30> - forward time value (Range: 4 – 30). no - This command sets the Bridge Forward Delay parameter for the common and internal spanning tree to the default value, that is, 15. Default Setting Command Mode Global Config...
  • Page 213 Syntax spanning-tree max-age <6-40> no spanning-tree max-age <6-40> - the Bridge Max Age value (Range: 6 – 40). no - This command sets the Bridge Max Age parameter for the common and internal spanning tree to the default value, that is, 20. Default Setting Command Mode Global Config...
  • Page 214 <1-10> - the Maximum hold-count value (Range: 1-110). no - This command sets the Bridge Tx Hold Count parameter for the common and internal spanning tree to the default value. Default Setting Command Mode Global Config 7.4.2.10 spanning-tree mst This command adds a multiple spanning tree instance to the switch. The instance <1-3965> is a number within a range of 1 to 3965 that corresponds to the new instance ID to be added.
  • Page 215 Syntax spanning-tree mst priority <0-4094> <0-61440> no spanning-tree mst priority <0-4094> <0-4094> - multiple spanning tree instance ID. <0-61440> - priority value (Range: 0 – 61440). no - This command sets the bridge priority for a specific multiple spanning tree instance to the default value, that is, 32768.
  • Page 216 This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance or in the common and internal spanning tree. If the <1-4094> parameter corresponds to an existing multiple spanning tree instance, then the configurations are done for that multiple spanning tree instance.
  • Page 217 <1-4094> - multiple spanning tree instance ID. no - This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance or in the common and internal spanning tree to the respective default values. If the <1-4094>...
  • Page 218 no - This command sets the Administrative Switch Port State for all ports to disabled. Default Setting Disabled Command Mode Global Config 7.4.2.12 spanning-tree auto-edge This command sets the auto-edge for this port to enabled. Syntax spanning-tree auto-edge no spanning-tree auto-edge no - This command sets the auto-edge for this port to disabled.
  • Page 219 This command specifies that this port is an Edge Port within the common and internal spanning tree. This will allow this port to transition to Forwarding State without delay. Syntax spanning-tree edgeport no spanning-tree edgeport no - This command specifies that this port is not an Edge Port within the common and internal spanning tree.
  • Page 220 no - This command sets the Edgeport BPDU Guard to the default value, that is, Disabled. Default Setting Disabled Command Mode Global Config This command sets the Edgeport BPDU Filter enable/disable parameter for sending/receiving BPDUs on this interface. This command only works on dot1d mode. Syntax spanning-tree bpdufilter no spanning-tree bpdufilter...
  • Page 221 7.4.2.14 spanning-tree uplinkfast This command sets the Uplink Fast parameter to a new value on this switch. This command only works on dot1d mode. Syntax spanning-tree uplinkfast no spanning-tree uplinkfast no - This command sets the Uplink Fast parameter to the default value, that is Disabled. Default Setting Disabled Command Mode...

  • Page 222: System Log Management Commands

    Syntax spanning-tree tcnguard no spanning-tree tcnguard no - This command sets the tcnguard parameter to the default value, that is Disabled. Default Setting Disabled Command Mode Interface Config System Log Management Commands 7.5.1 Show Commands 7.5.1.1 show logging This command displays logging. Syntax show logging Default Setting...
  • Page 223 Terminal Logging Severity Filter The minimum severity to log to the terminal log. Messages with an equal or lower numerical severity are logged. Log Messages Received The number of messages received by the log process. This includes messages that are dropped or ignored Log Messages Dropped The number of messages that could not be processed.
  • Page 224 Display Message Number of Traps since last reset: The number of traps that have occurred since the last reset of this device. Trap Log Capacity: The maximum number of traps that could be stored in the switch. Log: The sequence number of this trap. System Up Time: The relative time since the last reboot of the switch at which this trap occurred.
  • Page 225 Syntax logging buffered no logging buffered no - This command disables logging to in-memory log. Default Setting None Command Mode Global Config This command enables wrapping of in-memory logging when full capacity reached. Otherwise when full capacity is reached, logging stops. Syntax logging buffered wrap no logging buffered wrap...
  • Page 226 Default Setting None Command Mode Global Config 7.5.2.3 logging monitor This command enables logging to the terminal monitor. Syntax logging console [<severitylevel> | <0-7>] no logging console [<severitylevel> | <0-7>] - The value is specified as either an integer from 0 to 7 or symbolically through one of the following keywords: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), informational (6), debug (7).
  • Page 227 7.5.2.5 logging host This command enables logging to a host where up to eight hosts can be configured. Syntax logging host <hostaddress> [ <port>] [[<severitylevel> | <0-7>]] <hostaddress> - IP address of the log server. <port> - Port number. [<severitylevel> | <0-7>] - The value is specified as either an integer from 0 to 7 or symbolically through one of the following keywords: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), informational (6), debug (7).
  • Page 228 <hostindex> - Index of the log server. <hostaddress> - New IP address of the log server. Default Setting None Command Mode Globla Config 7.5.2.6 logging syslog This command enables syslog logging. Syntax logging syslog no logging syslog no - Disables syslog logging. Default Setting None Command Mode...

  • Page 229: Script Management Commands

    7.5.2.7 clear logging buffered This command clears all in-memory log. Syntax clear logging buffered Default Setting None Command Mode Privileged Exec Script Management Commands 7.6.1 script apply This command applies the commands in the configuration script to the switch. The apply command backs up the running configuration and then starts applying the commands in the script file.
  • Page 230 Syntax script delete {<scriptname> | all} <scriptname> - The name of the script to be deleted. all - Delete all scripts presented in the switch. Default Setting None Command Mode Privileged Exec 7.6.2.1 script list This command lists all scripts present on the switch as well as the total number of files present. Syntax script list Default Setting...

  • Page 231: User Account Management Commands

    Default Setting None Command Mode Privileged Exec 7.6.4 script validate This command displays the content of a script file. Syntax script validate <scriptname> <scriptname> - Name of the script file. Default Setting None Command Mode Privileged Exec User Account Management Commands 7.7.1 Show Commands 7.7.1.1...
  • Page 232 Command Mode Privileged Exec Display Message User Name: The name the user will use to login using the serial port, Telnet or Web. A new user may be added to the switch by entering a name in a blank entry. The user name may be up to eight characters, and is not case sensitive.
  • Page 233 7.7.1.3 show passwords configuration Use this command to display the configured password management settings. Syntax show passwords configuration Default Setting None Command Mode Privileged Exec Display Message Minimum Password Length: Minimum number of characters required when changing passwords. Password History: Number of passwords to store for reuse prevention. Password Aging: Length in days that a password is valid.
  • Page 234 The admin user account cannot be deleted. Default Setting No password Command Mode Global Config 7.7.2.2 Unlock a locked user account The user can go to the CLI Global Configuration Mode to unlock a locked user account, use the username <name> unlock global configuration command. Syntax username <username>...
  • Page 235 none - no use authentication method. no - This command sets the authentication protocol to be used for the specified login user to none. The <username> is the login user name for which the specified authentication protocol will be used. Default Setting No authentication Command Mode...
  • Page 236 Syntax passwords aging <1-365> no passwords aging <1-365> - Number of days until password expires. Default Setting Command Mode Global Config 7.7.2.6 Set the password history The user can go to the CLI Global Configuration Mode to set the password history, use the passwords history <0-10>...

  • Page 237: Security Commands

    <1-5> - the number of password failures before account lock. Default Setting Command Mode Global Config 7.7.2.8 Set the minimum password length The user can go to the CLI Global Configuration Mode to set the minimum password length, use the passwords min-length <8-64>...
  • Page 238 Command Mode Privileged Exec Display Message User: This field lists every user that has an authentication login list assigned. System Login: This field displays the authentication login list assigned to the user for system login. 802.1x: This field displays the authentication login list assigned to the user for 802.1x port security. 7.8.1.2 show authentication This command displays the ordered authentication methods for all authentication login lists.
  • Page 239 Command Mode Privileged Exec Display Message User Name: This field displays the user assigned to the specified authentication login list. Component: This field displays the component (User or 802.1x) for which the authentication login list is assigned. 7.8.1.4 show dot1x This command is used to show the status of the dot1x Administrative mode.
  • Page 240 Display Message Port: The interface whose configuration is displayed Protocol Version: The protocol version associated with this port. The only possible value is 1, corresponding to the first version of the dot1x specification. PAE Capabilities: The port access entity (PAE) functionality of this port. Possible values are Authenticator or Supplicant.
  • Page 241 Session Termination Action - This value indicates the action to be taken once the session timeout expires. Possible values are Default, Radius-Request. If the value is Default, the session is terminated the port goes into unauthorized state. If the value is Radius-Request, then a reauthentication of the client authenticated on the port is performed.
  • Page 242 Invalid EAPOL Frames Received: The number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized. EAP Length Error Frames Received: The number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized. 7.8.1.7 show dot1x summary This command is used to show a summary of the global dot1x configuration and summary information of...
  • Page 243 Command Mode Privileged Exec Display Message User: Users configured locally to have access to the specified port. 7.8.1.9 show dot1x client This command displays 802.1x client information. Syntax show dot1x clients {<slot/port> | all} <slot/port> - is the desired interface number. all - All interfaces.
  • Page 244 7.8.1.10 show radius servers This command is used to display items of the configured RADIUS servers. Syntax show radius servers [<ipaddr|hostname>] Default Setting None Command Mode Privileged Exec Display Message <ipaddr|hostname>: The IP address or host name of the authenticating server. Current: The ‘*’...
  • Page 245 Number of Named Accounting Server Groups: The number of configured named RADIUS server groups. Number of Retransmits: The configured value of the maximum number of times a request packet is retransmitted. Time Duration: The configured timeout value, in seconds, for request re-transmissions. RADIUS Accounting Mode: A global parameter to indicate whether the accounting mode for all the servers is enabled or not.
  • Page 246 Round Trip Time: The time interval in centiseconds, between the most recent Accounting- Response and the Accounting-Request that matched it from the RADIUS accounting server. Requests: The number of RADIUS Accounting-Request packets sent to this accounting server. This number does not include retransmissions. Retransmission: The number of RADIUS Accounting-Request packets retransmitted to this RADIUS accounting server.
  • Page 247 Round Trip Time - The time interval, in hundredths of a second, between the most recent Access-Reply, Access - Challenge and the Access-Request that matched it from the RADIUS authentication server. Access Requests - The number of RADIUS Access-Request packets sent to this server. This number does not include retransmissions.
  • Page 248 Port: Shows the configured TACACS+ server port number. TimeOut: Shows the timeout in seconds for establishing a TCP connection. Priority: Shows the preference order in which TACACS+ servers are contacted. If a server connection fails, the next highest priority server is contacted. 7.8.1.15 show port-security This command shows the port-security settings for the entire system.
  • Page 249 This command shows the dynamically locked MAC addresses for port. Syntax show port-security dynamic <slot/port> Default Setting None Command Mode Privileged Exec Display Message MAC address Dynamically locked MAC address. This command shows the statically locked MAC addresses for port. Syntax show port-security static <slot/port>...
  • Page 250 Display Message MAC address MAC address of discarded packet on locked ports. 7.8.2 Configuration Commands 7.8.2.1 authentication login This command creates an authentication login list. The <listname> is up to 15 alphanumeric characters and is not case sensitive. Up to 10 authentication login lists can be configured on the switch. When a list is created, the authentication method “local”...
  • Page 251 Default Setting None Command Mode Global Config 7.8.2.2 username defaultlogin This command assigns the authentication login list to use for non-configured users when attempting to log in to the system. This setting is overridden by the authentication login list assigned to a specific user if the user is configured locally.
  • Page 252 Default Setting None Command Mode Global Config 7.8.3 Dot1x Configuration Commands 7.8.3.1 dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned. Syntax dot1x initialize <slot/port>...
  • Page 253 Command Mode Global Config 7.8.3.3 dot1x login This command assigns the specified authentication login list to the specified user for 802.1x port security. The <user> parameter must be a configured user and the <listname> parameter must be a configured authentication login list. Syntax dot1x login <user>...
  • Page 254 7.8.3.5 dot1x user This command adds the specified user to the list of users with access to the specified port or all ports. The <username> parameter must be a configured user. Syntax dot1x user <user> {<slot/port> | all} no dot1x user <user> {<slot/port> | all} <user>...
  • Page 255 Command Mode Global Config This command sets the authentication mode to be used on the specified port. The control mode may be one of the following. force-unauthorized: The authenticator PAE unconditionally sets the controlled port to unauthorized. force-authorized: The authenticator PAE unconditionally sets the controlled port to authorized. auto: The authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant, authenticator, and the authentication server.
  • Page 256 Default Setting Command Mode Interface Config 7.8.3.8 dot1x max-user This command configures the maximum users to a specified port, The system’s default maximum users of an interface has no limitation. If ‘no dot1x max-users’ command is executed, the system will reset the maximum users to infinity.
  • Page 257 7.8.3.10 dot1x re-reauthenticate This command begins the re-authentication sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned. Syntax dot1x re-authenticate <slot/port>...
  • Page 258 server-timeout: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to timeout the authentication server. The supp-timeout must be a value in the range 1 - 65535. Syntax dot1x timeout {guest-vlan-period | quiet-period | reauth-period | server-timeout | supp-timeout | tx-period} <seconds>...
  • Page 259 7.8.4 Radius Configuration Commands 7.8.4.1 radius accounting mode This command is used to enable the RADIUS accounting function. Syntax radius accounting mode no radius accounting mode no - This command is used to set the RADIUS accounting function to the default value - that is, the RADIUS accounting function is disabled.
  • Page 260 7.8.4.3 radius server attribute 4 This command to set the NAS-IP address for the radius server. Syntax radius-server attribute 4 [ipaddr] no radius-server attribute 4 no – use this command to reset the NAS-IP address for the radius server. Default Setting None Command Mode Global Config...
  • Page 261 number, the IP address must match that of a previously configured RADIUS authentication server. The port number must lie between 1 - 65535, with 1812 being the default value. If the 'acct' token is used, the command configures the IP address to use for the RADIUS accounting server.
  • Page 262 Default Setting None Command Mode Global Config 7.8.4.7 radius-server retransmit This command sets the maximum number of times a request packet is re-transmitted when no response is received from the RADIUS server. The retries value is an integer in the range of 1 to 15. Syntax radius-server retransmit <retries>...
  • Page 263 Command Mode Global Config 7.8.4.9 radius-server msgauth This command enables the message authenticator attribute for a specified server. Syntax radius-server msgauth <ipaddr|hostname > <ipaddr|hostname > - is a IP address or hostname. Default Setting None Command Mode Global Config 7.8.4.10 radius-server primary This command is used to configure the primary RADIUS authentication server for this RADIUS client.
  • Page 264 7.8.5 TACACS+ Configuration Commands 7.8.5.1 tacacs host This command is used to enable /disable TACACS+ function and to configure the TACACS+ server IP address. The system has not any TACACS+ server configured for its initialization and support 5 TACACS+ servers. Syntax tacacs host <ip-address|hostname>...
  • Page 265 This command is used to configure the TACACS+ authentication and encryption key. Syntax key [<key-string> | encrypted <key-string>] Note that the length of the secret key is up to 128 characters. < key-string > - The valid value of the key. encrypted - the key string is encrypted.
  • Page 266 Default Setting Command Mode TACACS Host Config 7.8.5.3 tacacs timeout This command is used to configure the TACACS+ connection timeout value. Syntax tacacs timeout [<timeout>] no tacacs timeout <timeout> - The connection timeout value. Max timeout (Range: 1 to 30). no - This command is used to reset the timeout value to the default value.
  • Page 267 7.8.6 Port Security Configuration Commands 7.8.6.1 port-security This command enables port locking at the system level (Global Config) or port level (Interface Config). Syntax port-security no port-security Default Setting None Command Mode Global Config Interface Config 7.8.6.2 port-security max-dynamic This command sets the maximum of dynamically locked MAC addresses allowed on a specific port. Syntax port-security max-dynamic [<0-600>] no port-security max-dynamic...
  • Page 268 no - This command resets the maximum number of statically locked MAC addresses allowed on a specific port to its default value. Default Setting Command Mode Interface Config 7.8.6.4 port-security mac-address This command adds a MAC address to the list of statically locked MAC addresses. Syntax port-security mac-address <mac-addr>...

  • Page 269: Cdp (Cisco Discovery Protocol) Commands

    7.8.6.6 port-security violation shutdown This command configures the port violation shutdown mode. Once the violation happens, the interface will be shutdown. Syntax port-security violation shutdown no port-security violation no - This command restore violation mode to be default. Default Setting None Command Mode Interface Config...
  • Page 270 Capability: Describes the device's functional capability in the form of a device type, for example, a switch. Platform: Describes the hardware platform name of the device, for example, Fortinet the L2 Network Switch. Port Id: Identifies the port on which the CDP packet is sent.
  • Page 271 Device Id: Identifies the device name in the form of a character string. Entry Address(es): The addresses of the interface that has sent the update. Platform: Describes the hardware platform name of the device, for example, Fortinet the L2 Network Switch.
  • Page 272 Syntax no cdp no - This command is used to disable CDP Admin Mode. Default Setting Enabled Command Mode Global Config 7.9.2.2 cdp run This command is used to enable CDP on a specified interface. Syntax cdp run no cdp run no - This command is used to disable CDP on a specified interface.
  • Page 273 Command Mode Global Config 7.9.2.3 cdp timer This command is used to configure an interval time (seconds) of the sending CDP packet. Syntax cdp timer <5-254> no cdp timer <5-254> - interval time (Range: 5 – 254). no - This command is used to reset the interval time to the default value. Default Setting Command Mode Global Config...

  • Page 274: Sntp (Simple Network Time Protocol) Commands

    7.10 SNTP (Simple Network Time Protocol) Commands 7.10.1 Show Commands 7.10.1.1 show sntp This command displays the current time and configuration settings for the SNTP client, and indicates whether the local time has been properly updated. Syntax show sntp Default Setting None Command Mode Privileged Exec...
  • Page 275 Client Mode: Configured SNTP Client Mode. Unicast Poll Interval Poll interval value for SNTP clients in seconds as a power of two. Poll Timeout (Seconds) Poll timeout value in seconds for SNTP clients. Poll Retry Poll retry value for SNTP clients. This command displays configured SNTP servers and SNTP server settings.
  • Page 276 7.10.2 Configuration Commands 7.10.2.1 sntp broadcast client poll-interval This command will set the poll interval for SNTP broadcast clients in seconds as a power of two where <poll-interval> can be a value from 6 to 10. Syntax sntp broadcast client poll-interval <6-10> no sntp broadcast client poll-interval <6-10>...
  • Page 277 7.10.2.3 sntp client port This command will set the SNTP client port id and polling interval in seconds. Syntax sntp client port <portid> no sntp client port <portid> - SNTP client port id. no - Resets the SNTP client port id. Default Setting The default portid is 123.
  • Page 278 Syntax sntp unicast client poll-timeout <poll-timeout> no sntp unicast client poll-timeout < poll-timeout > - Polling timeout in seconds. The range is 1 to 30. no - This command will reset the poll timeout for SNTP unicast clients to its default value. Default Setting The default value is 5.
  • Page 279 <ipaddress/ipv6address/domain-name > - IPv4 or IPv6 address or domain name of the SNTP server. <addresstype > - The address type is ipv4 or ipv6 or dns or dnsv6. <1-3> - The range is 1 to 3. <version> - The range is 1 to 4. <portid>...

  • Page 280: Mac-Based Voice Vlan Commands

    Syntax sntp multicast client poll-interval <poll-interval> no sntp multicast client poll-interval <poll-interval> - Polling interval. It’s 2^(value) seconds where the range of value is 6 to 10. no – This command will reset the poll interval for SNTP multicast client to its default value. Default Setting The default value is 6.
  • Page 281 MAC-Address: A MAC address for which the switch has forwarding and or filtering information. The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes. Mask: The mac-mask is the last eight digit of the mask code of the MAC address, the valid values are: 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 and 0x0.
  • Page 282 no - This command is used to disable Voice VLAN Admin Mode. Default Setting Disabled Command Mode Global Config 7.11.2.2 voice-vlan vlan This command configures the specified VLAN to Voice VLAN. Syntax voice-vlan vlan <vlan-id> Default Setting None Command Mode Global Config 7.11.2.3 voice-vlan mac This command is used to add a voice device to a Voice VLAN.
  • Page 283 7.11.2.4 voice vlan This command is used to enable/disable Voice VLAN Admin Mode. Syntax voice vlan no voice vlan no - This command disables the Voice VLAN capability on this switch. Default Setting Disabled Command Mode Global Config This command configures the Voice VLAN capability on the interface. Syntax voice vlan { <vlanid-id>...

  • Page 284: Lldp (Link Layer Discovery Protocol) Commands

    7.11.2.5 voice vlan data priority Use this command to either trust or entrust the data traffic arriving one the Voice VLAN port. Syntax voice vlan data priority untrust | trust Default Setting trust Command Mode Interface Config 7.12 LLDP (Link Layer Discovery Protocol) Commands 7.12.1 Show Commands 7.12.1.1 show lldp...
  • Page 285 7.12.1.2 show lldp interface This command uses to display a summary of the current LLDP configuration for a specific interface or for all interfaces. Syntax show lldp interface {<slot/port> | all} <slot/port> - Configs a specific interface. Default Setting None Command Mode Privileged Exec Display Message...
  • Page 286 Display Message Last Update: Shows the amount of time since the last update to the remote table in days, hours, minutes, and seconds. Total Inserts: Total number of inserts to the remote data table. Total Deletes: Total number of deletes from the remote data table. Total Drops: Total number of times the complete remote data received was not inserted due to insufficient resources.
  • Page 287 Chassis ID: The ID that is sent by a remote device as part of the LLDP message, it is usually a MAC address of the device. Port ID: Shows the port number that transmitted the LLDPDU. System Name: Shows the system name of the remote device. 7.12.1.5 show lldp remote-device detail This command uses to display detailed information about remote devices that transmit current LLDP data to an interface on the system.
  • Page 288 7.12.1.6 show lldp local-device This command uses to display summary information about the advertised LLDP local data. This command can display summary information or detail for each interface. Syntax show lldp local-device {<slot/port> | all} <slot/port> - Displays a specific interface. Default Setting None Command Mode...
  • Page 289 System Name: Shows the system name of the local device. System Description: Describes the local system by identifying the system name and versions of hardware, operating system, and networking software supported in the device. Port Description: Describes the port in an alpha-numeric format. System Capabilities Supported: Indicates the primary function(s) of the device.
  • Page 290 <slot/port> - Displays a specific interface. Default Setting None Command Mode Privileged Exec Display Message Interface: Specifies all the ports on which LLDP-MED can be configured. Link: Specifies the link status of the ports whether it is Up/Down. ConfigMED: Specifies the LLDP-MED mode is enabled or disabled on this interface. OperMED: Specifies the LLDP-MED TLVs are transmitted or not on this interface ConfigNotify: Specifies the LLDP-MED topology notification mode of the interface.
  • Page 291 Unknown: Specifies the unknown bit associated with a particular policy type. Tagged: Specifies the tagged bit associated with a particular policy type. Inventory Specifies if inventory TLV is present in LLDP frames. Hardware Rev: Specifies hardware version. Firmware Rev: Specifies Firmware version. Software Rev: Specifies Software version.
  • Page 292 Default Setting None Command Mode Privileged Exec Display Message Interface: Specifies the list of all the ports on which LLDP-MED is enabled. Remote ID: An internal identifier to the switch to mark each remote device to the system. Device Class: Specifies local device's MED Classification. There are four different kinds of devices, three of them represent the actual end points (classified as Class I Generic [IP Communication Controller etc.], Class II Media [Conference Bridge etc.], Class III Communication [IP Telephone etc.]).
  • Page 293 Media Policy Application Type: Specifies the application type. Types of application types are unknown, voicesignaling, guestvoice, guestvoicesignalling, softphonevoice, videoconferencing, streammingvideo, vidoesignalling. Each application type that is received has the VLAN id, priority, DSCP, tagged bit status and unknown bit status. A port may receive one or many such application types.
  • Page 294 7.12.2 Configuration Commands 7.12.2.1 lldp notification This command uses to enable remote data change notifications. Syntax lldp notification no lldp notification no - This command is used to disable notifications. Default Setting Disbaled Command Mode Interface Config 7.12.2.2 lldp notification-interval This command is used to configure how frequently the system sends remote data change notifications.
  • Page 295 7.12.2.3 lldp receive This command uses to enable the LLDP receive capability. Syntax lldp receive no lldp receive no - This command is used to return the reception of LLDPDUs to the default value. Default Setting Disabled Command Mode Interface Config 7.12.2.4 lldp transmit This command uses to enable the LLDP advertise capability.
  • Page 296 no lldp transmit-mgmt no - This command is used to cancel inclusion of the management information in LLDPDUs. Default Setting None Command Mode Interface Config 7.12.2.6 lldp transmit-tlv This command is used to specify which optional type length values (TLVs) in the 802.1AB basic management set are transmitted in the LLDPDUs.
  • Page 297 Syntax lldp timers [interval <interval-seconds>] [hold <hold-value>] [reinit <reinit-seconds>] no lldp timers [interval] [hold] [reinit] <interval-seconds> - Configures the number of seconds to wait between transmitting local data LLDPDUs <hold-value> - Configures the multiplier on the transmit interval that sets the TTL in local data LLDPDUs <reinit-seconds>...
  • Page 298 7.12.2.9 lldp med The user can go to the CLI Interface Configuration Mode to set MED to enable, use the lldp med Interface configuration command. Use the no lldp med to disable med function. Syntax lldp med no lldp med Default Setting Disabled Command Mode...
  • Page 299 no lldp med transmit-tlv [capabilities] [ex-pd] [ex-pse] [inventory] [location] [network-policy] capabilities -Transmit the LLDP capabilities TLV. ex-pd - Transmit the LLDP extended PD TLV. ex-pse - Transmit the LLDP extended PSE TLV. inventory - Transmit the LLDP inventory TLV. location - Transmit the LLDP location TLV. network-policy - Transmit the LLDP network policy TLV.
  • Page 300 no lldp med confignotification all Default Setting None Command Mode Global Config 7.12.2.14 lldp med faststartrepeatcount The user can go to the CLI Global Configuration Mode to set the fast start repeat count, use the lldp med faststartrepeatcount Global configuration command. Use the no lldp med faststartrepeatcount to return the default value 3.

  • Page 301: Denial Of Service Commands

    location - Transmit the LLDP location TLV. network-policy - Transmit the LLDP network policy TLV. Default Setting None Command Mode Global Config 7.13 Denial Of Service Commands 7.13.1 Show Commands 7.13.1.1 show dos-control This command displays the Denial of Service configurations for the entire system. Syntax show dos-control Default Setting...
  • Page 302 TCP SYN Mode: May be enabled or disabled. The factory default is disabled. TCP SYN&FIN Mode: May be enabled or disabled. The factory default is disabled. First Fragment Mode: May be enabled or disabled. The factory default is disabled. TCP Fragment Offset Mode: May be enabled or disabled. The factory default is disabled. 7.13.2 Configuration Commands 7.13.2.1 dos-control sipdip This command enables Source IP Address = Destination IP Address (SIP=DIP) Denial of Service...
  • Page 303 no - This command sets Minimum TCP Header Size Denial of Service protection to the default value of disabled. Default Setting Disabled, 20 Command Mode Global Config 7.13.2.3 dos-control firstfrag This command enables IP First Fragment Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack.
  • Page 304 Default Setting Disabled Command Mode Global Config 7.13.2.5 dos-control l4port This command enables L4 Port Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having Source TCP/UDP Port Number equal to Destination TCP/UDP Port Number, the packets will be dropped if the mode is enabled.
  • Page 305 no - This command disables the TCP L4 source = destination port number (Source TCP Port =Destination TCP Port) Denial of Service protection. Default Setting Disabled Command Mode Global Config 7.13.2.7 dos-control udpport This command enables the UDP L4 source = destination port number (Source UDP Port = Destination UDP Port) Denial of Service protection.
  • Page 306 Default Setting Disabled Command Mode Global Config 7.13.2.9 dos-control icmpv4 This command enables Maximum ICMPv4 Packet Size Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If ICMPv4 Echo Request (PING) packets ingress having a size greater than the configured value, the packets will be dropped if the mode is enabled.
  • Page 307 no - This command resets the Maximum ICMPV6 Packet Size Denial of Service protections to its default value. Default Setting Command Mode Global Config 7.13.2.11 dos-control icmpfrag This command enables the ICMP Fragment Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack.
  • Page 308 Default Setting Disabled Command Mode Global Config 7.13.2.13 dos-control tcpfinurgpsh This command enables the TCP FIN and URG and PSH and SEQ=0 checking Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having TCP FIN, URG, and PSH all set and TCP Sequence Number set to 0, the packets will be dropped if the mode is enabled.
  • Page 309 Command Mode Global Config 7.13.2.15 dos-control tcpsynfin This command enables the TCP SYN and FIN Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having TCP flags SYN and FIN set, the packets will be dropped if the mode is enabled.

  • Page 310: Vtp (Vlan Trunking Protocol) Commands

    7.13.2.17 dos-control all This command enables the Denial of Service protection checks globally. Syntax dos-control all no dos-control all no - This command disables the Denial of Service protection checks globally. Default Setting Disabled Command Mode Global Config 7.14 VTP (VLAN Trunking Protocol) Commands 7.14.1 Show Commands 7.14.1.1 show vtp counters This command displays the VTP packet statistics.
  • Page 311 Summary advertisements transmitted: Number of summary advertisements sent by this switch on its trunk ports. Subset advertisements transmitted: Number of subset advertisements sent by this switch on its trunk ports. Request advertisements transmitted: Number of advertisement requests sent by this switch on its trunk ports.
  • Page 312 VTP Version: Displays the VTP version operating on the switch. Configuration Revision: Displays the current configuration revision number on this switch. Maximum VTP supported VLANs: Maximum number of VLANs supported locally. VTP support VLAN number: Number of existing VLANs. VTP Operating Mode: Displays the VTP operating mode, which can be server, client, or transparent.
  • Page 313 Syntax no vtp no - This command disables global VTP administrative mode. Default Setting Disabled Command Mode Global Config 7.14.2.2 vtp domain This command uses to set VTP administrative domain name. Syntax vtp domain <string> no vtp domain <string> - Configures the string for domain name. (maximum length 32 bytes) no - This command resets the domain name to NULL.
  • Page 314 Syntax vtp mode { client | server | transparent } no vtp mode <client> - This command set client mode for VTP. <server> - This command set server mode for VTP. <transparent> - This command set transparent mode for VTP. no - This command resets the VTP mode to default value.
  • Page 315 <password> - Configures VTP administrative domain password.(Max. length 64 bytes) no - This command resets the VTP domain password to default value. Default Setting None Command Mode Global Config 7.14.2.6 vtp pruning This command uses to configure the adminstrative domain to permit pruning Syntax vtp pruning no vtp pruning...

  • Page 316: Protected Ports Commands

    Command Mode Global Config This command uses to configure the adminstrative domain trunk port on specific interfaces. Syntax vtp trunkport no vtp trunkport no - This command resets the adminstrative domain trunk port to default value. Default Setting Disabled Command Mode Interface Config 7.15 Protected Ports Commands...
  • Page 317 7.15.1.2 show interface switchport protected This command displays the status of the interface (protected/unprotected) under the groupid. Syntax show interface switchport protected <slot/port> <groupid> Default Setting None Command Mode Privileged Exec Display Message Name: An name of the protected port group. Protected: Indicates whether the interface is protected or not.

  • Page 318: Static Mac Filtering Commands

    Default Setting None Command Mode Global Config This command uses to add an interface to a protected port group. The <groupid> parameter identifies the set of protected ports to which this interface is assigned. You can only configure an interface as protected in one group. Syntax switchport protected <0-2>...
  • Page 319 Default Setting None Command Mode Privileged Exec Display Message MAC Address: Is the MAC Address of the static MAC filter entry. VLAN ID: Is the VLAN ID of the static MAC filter entry. Source Port(s): Indicates the source port filter set's slot and port(s). 7.16.2 Configuration Commands 7.16.2.1 macfilter This command adds a static MAC filter entry for the MAC address <macaddr>...
  • Page 320 Syntax macfilter addsrc <macaddr> <1-3965> no macfilter addsrc <macaddr> <1-3965> <macaddr> - Specified a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. no - This command removes a port from the source filter set for the MAC filter with the MAC address of <macaddr>...

  • Page 321: System Utilities

    7.17 System Utilities 7.17.1 clear 7.17.1.1 clear arp This command causes all ARP entries of type dynamic to be removed from the ARP cache. Syntax clear arp Default Setting None Command Mode Privileged Exec 7.17.1.2 clear traplog This command clears the trap log. Syntax clear traplog Default Setting...
  • Page 322 Default Setting None Command Mode Privileged Exec 7.17.1.4 clear logging buffered This command is used to clear the message log maintained by the switch. The message log contains system trace information. Syntax clear logging buffered Default Setting None Command Mode Privileged Exec 7.17.1.5 clear config This command resets the configuration to the factory defaults without powering off the switch.
  • Page 323 7.17.1.6 clear pass This command resets all user passwords to the factory defaults without powering off the switch. You are prompted to confirm that the password reset should proceed. Syntax clear pass Default Setting None Command Mode Privileged Exec 7.17.1.7 clear counters This command clears the stats for a specified <slot/port>...
  • Page 324 Syntax clear dns [counter | cache] counter - this command clear the DNS statistics. cache - this command clear all entries from the DNS cache. Default Setting None Command Mode Privileged Exec 7.17.1.9 clear cdp This command is used to clear the CDP neighbors information and the CDP packet counters. Syntax clear cdp [traffic] traffic - this command is used to clear the CDP packet counters.
  • Page 325 Command Mode Privileged Exec 7.17.1.11 clear igmpsnooping This command clears the tables managed by the IGMP Snooping function and will attempt to delete these entries from the Multicast Forwarding Database. Syntax clear igmpsnooping Default Setting None Command Mode Privileged Exec 7.17.1.12 clear port-channel This command clears all port-channels (LAGs).
  • Page 326 Default Setting None Command Mode Privileged Exec 7.17.1.14 clear dot1x statistics This command resets the 802.1x statistics for the specified port or for all ports. Syntax clear dot1x statistics {all | <slot/port>} <slot/port> - is the desired interface number. all - All interfaces. Default Setting None Command Mode...
  • Page 327 7.17.1.16 clear domain-list This command is used to clear all entries domain names for incomplete host names. Syntax clear domain-list Default Setting None Command Mode Privileged Exec 7.17.1.17 clear hosts This command is used to clear all static host name-to-address mapping. Syntax clear hosts Default Setting...
  • Page 328 Default Setting None Command Mode Privileged Exec 7.17.1.19 clear ip arp-cache This command causes all ARP entries of type dynamic to be removed from the ARP cache. If the gateway keyword is specified, the dynamic entries of type gateway are purged as well. If interface keyword is specified, he dymanic entries of that interface on the ARP cache Table are purged.
  • Page 329 7.17.1.21 clear lldp remote-data This command will use to delete all information from the LLDP remote data table. Syntax clear lldp remote-data Default Setting None Command Mode Privileged Exec 7.17.1.22 enable passwd This command changes Privileged EXEC password. Syntax enable passwd Default Setting None Command Mode...
  • Page 330 Command Mode Global Config. 7.17.1.24 clear ipv6 neighbors This command will use to clear all entries IPv6 neighbor table or an entry on a specific interface. Use the <slot/port> parameter to specify the interface. Syntax clear ipv6 neighbors [<slot/port>] <slot/port> - Specify the interface. Default Setting None Command Mode...
  • Page 331 7.17.1.26 clear ipv6 dhcp This command will use to clear DHCPv6 statistics for all interfaces or for a specific interface. Use the <slot/port> parameter to specify the interface. Syntax clear ipv6 dhcp {statistics | interface <slot/port> statistics} <slot/port> - Specify the interface. Default Setting None Command Mode...
  • Page 332 <sourcefilename> - The filename of a configuration file or a script file. <url> - xmodem, tftp://ipaddr/path/file or ftp://user:pass@ipaddr/path/file. errorlog - event Log file. log - message Log file. traplog - trap Log file. <filename> - Operation code file name. Default Setting None Command Mode Privileged Exec...
  • Page 333 Write running configuration file into flash Syntax copy running-config startup-config [filename] <filename> - name of the configuration file. Default Setting None Command Mode Privileged Exec This command upload or download the pre-login banner file Syntax copy clibanner <url> copy <url> clibanner no clibanner <url>...
  • Page 334 <filename> - name of the configuration or image file. Default Setting None Command Mode Privileged Exec 7.17.4 dir This command is used to display a list of files in Flash memory. Syntax dir [boot-rom | config | opcode [<filename>] ] <filename>...
  • Page 335 Syntax whichboot Default Setting None Command Mode Privileged Exec 7.17.6 boot-system This command is used to specify the file or image used to start up the system. Syntax boot-system {boot-rom | config | opcode} <filename> <filename> - name of the configuration or image file. boot-rom - bootrom.
  • Page 336 Syntax ping <ipaddress|hostname> count <0-20000000> [size <32-512>] ping <ipaddress|hostname> size <32-512> [count <0-20000000>] < ipaddress|hostname> - a host name or an IP address. <0-20000000> - number of pings (Range: 0 - 20000000). Note that 0 means infinite. <size> - packet size (Range: 32 - 512). Default Setting Count = 5 Size = 32...
  • Page 337 7.17.7.3 ping ipv6 interface This command use to determine whether another computer is on the network. To use the command, configure the switch for network (in-band) connection. The source and target devices must have the ping utility enabled and running on top of TCP/IP. The switch can be pinged from any IP workstation with which the switch is connected through the default VLAN (VLAN 1), as long as there is a physical path between the switch and the workstation.
  • Page 338 <initTtl> - The Use initTtl to specify the initial time-to-live (TTL), the maximum number of router hops between the local and remote system. Range is 1 to 255. <maxTtl> - Use maxTtle to specify the maximum TTL. Range is 1 to 255. <interval>...
  • Page 339 7.17.9 logging cli-command This command enables the CLI command Logging feature. The Command Logging component enables the switch to log all Command Line Interface (CLI) commands issued on the system. Syntax logging cli-command Default Setting None Command Mode Global Config 7.17.10 calendar set This command is used to set the system clock.
  • Page 340 Syntax reload Default Setting None Command Mode Privileged Exec 7.17.12 configure This command is used to activate global configuration mode. Syntax configure Default Setting None Command Mode Privileged Exec 7.17.13 disconnect This command is used to close a telnet session. Syntax disconnect {<0-58>...
  • Page 341 7.17.14 hostname This command is used to set the prompt string. Syntax hostname <prompt_string> <prompt_string> - Prompt string. Default Setting Fortinet Command Mode Global Config 7.17.15 quit This command is used to exit a CLI session. Syntax quit Default Setting...

  • Page 342: Dhcp Snooping Commands

    <slot/port> - Interface Number. Default Setting None Command Mode Privileged Exec Display Message Cable Status: One of the following statuses is returned: Normal: The cable is working correctly. Open: The cable is disconnected or there is a faulty connector. Short: There is an electrical short in the cable. Cable Test Failed: The cable status could not be determined.
  • Page 343  DHCPRELEASE and DHCPDECLINE messages are dropped if for a MAC address in the snooping database, but the binding's interface is other than the interface where the message was received.  On untrusted interfaces, the switch drops DHCP packets whose source MAC address does not match the client hardware address.
  • Page 344 Syntax show ip dhcp snooping binding [{static/dynamic}] [interface slot/port] [vlan id] Default Setting None Command Mode Privileged Exec Display Message MAC Address: Displays the MAC address for the binding that was added. The MAC address is the key to the binding database. IP Address: Displays the valid IP address for the binding rule.
  • Page 345 Syntax show ip dhcp snooping statistics Default Setting None Command Mode Privileged Exec Display Message Interface: The IP address of the interface in slot/port format. MAC Verify Failures: Represents the number of DHCP messages that were filtered on an untrusted interface because of source MAC address and client HW address mismatch.
  • Page 346 Syntax ip dhcp snooping vlan <vlan-list> no ip dhcp snooping vlan <vlan-list> no - This command disables the DHCP Snooping on VLANs. Default Setting Disabled Command Mode Global Config 7.18.2.3 ip dhcp snooping verify mac-address This command enables the verification of the source MAC address with the client hardware address in the received DCHP message.
  • Page 347 Command Mode Global Config 7.18.2.5 ip dhcp snooping database write-delay This command configures the interval in seconds at which the DHCP Snooping database will be persisted. The interval value ranges from 15 to 86400 seconds. Syntax ip dhcp snooping database write-delay <in seconds> no ip dhcp snooping database write-delay no - This command sets the write delay value to the default value.
  • Page 348 Syntax ip dhcp snooping binding <mac-address> vlan <vlan id> <ip address> interface <interface id> no ip dhcp snooping binding <mac-address> no - This command removes the DHCP static entry from the DHCP Snooping database. Default Setting None Command Mode Global Config 7.18.2.8 ip dhcp snooping limit This command controls the rate at which the DHCP Snooping messages come.
  • Page 349 Default Setting Disabled Command Mode Interface Config 7.18.2.10 ip dhcp snooping trust This command configures the port as trusted. Syntax ip dhcp snooping trust no ip dhcp snooping trust no - This command configures the port as untrusted. Default Setting Disabled Command Mode Interface Config...

  • Page 350: Ip Source Guard (Ipsg) Commands

    7.18.2.12 ip dhcp snooping information option allow-untrusted This command ip dhcp snooping information option allow-untrusted is used to allow DHCP packet received form untrusted port with option 82 data. Syntax ip dhcp snooping information option allow-untrusted no ip dhcp snooping information option allow-untrusted no - This command disallows DHCP packet received form untrusted port with option 82 data.
  • Page 351 7.19.1 Show Commands 7.19.1.1 show ip verify This command displays the IPSG interface configurations on all ports. Syntax show ip verify [interface <slot/port>] Default Setting None Command Mode Privileged Exec Display Message Interface: Interface address in slot/port format. Filter Type: Is one of two values: ...
  • Page 352 VLAN: The VLAN for the binding rule. 7.19.1.3 show ip source binding This command displays the IPSG bindings. Syntax show ip source binding [{static/dhcp-snooping}] [interface <slot/port>] [vlan id] Default Setting None Command Mode Privileged Exec Display Message MAC Address: The MAC address for the entry that is added. IP Address: The IP address of the entry that is added.

  • Page 353: Dynamic Arp Inspection (Dai) Command

    7.19.2.2 ip verify binding This command configures static IP source guard (IPSG) entries. Syntax ip verify binding <mac-address> vlan <vlan id> <ip address> interface <slot/port> no ip verify binding <mac-address> vlan <vlan id> <ip address> interface <slot/port> no - This command removes the IPSG static entry from the IPSG database. Default Setting None Command Mode...
  • Page 354 7.20.1 Show Commands 7.20.1.1 show ip arp inspection statistics This command displays the statistics of the ARP packets processed by Dynamic ARP Inspection. Give the vlan-list argument and the command displays the statistics on all DAI-enabled VLANs in that list. Give the single vlan argument and the command displays the statistics on that VLAN.
  • Page 355 Command Mode Privileged Exec Display Message Source MAC Validation: Displays whether Source MAC Validation of ARP frame is enabled or disabled. Destination MAC Validation: Displays whether Destination MAC Validation is enabled or disabled. IP Address Validation: Displays whether IP Address Validation is enabled or disabled. VLAN: The VLAN ID for each displayed row.
  • Page 356 7.20.1.4 show arp access-list This command displays the configured ARP ACLs with the rules. Giving an ARP ACL name as the argument will display only the rules in that ARP ACL. Syntax show arp access-list [acl-name] Default Setting None Command Mode Privileged Exec 7.20.2 Configuration Commands...
  • Page 357 no - This command disables Dynamic ARP Inspection on a list of comma-separated VLAN ranges. Default Setting Disabled Command Mode Global Config 7.20.2.3 ip arp inspection vlan logging This command enables logging of invalid ARP packets on a list of comma-separated VLAN ranges. Syntax ip arp inspection vlan <vlan-list>...
  • Page 358 Command Mode Global Config 7.20.2.5 ip arp inspection trust This command configures an interface as trusted for Dynamic ARP Inspection. Syntax ip arp inspection trust no ip arp inspection trust no - This command configures an interface as untrusted for Dynamic ARP Inspection. Default Setting Disabled Command Mode...
  • Page 359 Syntax arp access-list <acl-name> no arp access-list <acl-name> no - This command deletes a configured ARP ACL. Default Setting None Command Mode Global Config 7.20.2.8 permit ip host mac host This command configures a rule for a valid IP address and MAC address combination used in ARP packet validation.

  • Page 360: Differentiated Service Command

    Command Mode Privileged Exec 7.21 Differentiated Service Command This Switching Command function can only be used on the QoS software version. This chapter contains the CLI commands used for the QOS Differentiated Services (DiffServ) package. The user configures DiffServ in several stages by specifying: 1.
  • Page 361 allowed within a class definition. If a field is already specified for a class, all subsequent attempts to specify the same field fail, including the cases where a field can be specified multiple ways through alternative formats. The exception to this is when the 'exclude' option is specified, in which case this restriction does not apply to the excluded fields.
  • Page 362 7.21.1.2 no diffserv This command sets the DiffServ operational mode to inactive. While disabled, the DiffServ configuration is retained and can be changed, but it is not activated. When enabled, Diffserv services are activated. Syntax no diffserv Command Mode Global Config 7.21.2 Class Commands The 'class' command set is used in DiffServ to define:...
  • Page 363 The class name 'default' is reserved and is not allowed here. The class type of match-all indicates all of the individual match conditions must be true for a packet to be considered a member of the class. The optional keywords [{ipv4 | ipv6}] specify the Layer 3 protocol for this class. If not specified, this parameter defaults to ‘ipv4’.
  • Page 364 <class-map-name> is the name of an existing DiffServ class. <new-class-map-name> is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the class. The class name ‘default’ is reserved and must not be used here. Default Setting None Command Mode Global Config 7.21.2.4 match any This command adds to the specified class definition a match condition whereby all packets are...
  • Page 365 Default Setting None Command Mode Class-Map Config / Ipv6-Class-Map Config Restrictions The class types of both <classname> and <refclassname> must be identical (that is, any vs. any, or all vs. all). A class type of acl is not supported by this command. Cannot specify <refclassname>...
  • Page 366 7.21.2.7 match cos This command adds to the specified class definition a match condition for the Class of Service value (the only tag in a single tagged packet or the first or outer 802.1Q tag of a double VLAN tagged packet). The value may be from 0 to 7.
  • Page 367 7.21.2.9 match dstip This command adds to the specified class definition a match condition based on the destination IP address of a packet. Syntax match dstip <ipaddr> <ipmask> <ipaddr> specifies an IP address. <ipmask> specifies an IP address bit mask; note that although similar to a standard subnet mask, this bit mask need not be contiguous.
  • Page 368 Command Mode Class-Map Config / Ipv6-Class-Map Config 7.21.2.11 match ethertype This command adds to the specified class definition a match condition based on the value of the ethertype. The <ethertype> value is specified as one of the following keywords: appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp or as a custom ethertype value in the range of 0x0600-0xFFFF.
  • Page 369 user notation. To specify a match on all DSCP values, use the match [not] ip tos <tosbits> <tosmask> command with <tosbits> set to 0 and <tosmask> set to 03 (hex). Default Setting None Command Mode Class-Map Config / Ipv6-Class-Map Config 7.21.2.13 match ip precedence This command adds to the specified class definition a match condition based on the value of the IP Precedence field in a packet, which is defined as the high-order three bits of the Service Type octet in...
  • Page 370 <tosmask> is a two-digit hexadecimal number from 00 to ff. The <tosmask> denotes the bit positions in <tosbits> that are used for comparison against the IP TOS field in a packet. For example, to check for an IP TOS value having bits 7 and 5 set and bit 1 clear, where bit 7 is most significant, use a <tosbits>...
  • Page 371 7.21.2.16 match source-address mac This command adds to the specified class definition a match condition based on the source MAC address of a packet. The <address> parameter is any layer 2 MAC address formatted as six, two-digit hexadecimal numbers separated by colons (e.g., 00:11:22:dd:ee:ff). The <macmask> parameter is a layer 2 MAC address bit mask, which may not be contiguous, and is formatted as six, two-digit hexadecimal numbers separated by colons (e.g., ff:07:23:ff:fe:dc).
  • Page 372 7.21.2.18 match srcl4port This command adds to the specified class definition a match condition based on the source layer 4 port of a packet using a single keyword or numeric notation or a numeric range notation. Syntax match srcl4port {<portkey> | <0-65535>} <portkey>...
  • Page 373 Command Mode Class-Map Config 7.21.2.20 match dstip6 This command adds to the specified class definition a match condition based on the destination IPv6 address of a packet. Syntax match dstip6 <destination-ipv6-prefix/prefix-length> Default Setting None Command Mode IPv6-Class-Map Config 7.21.2.21 match srcip6 This command adds to the specified class definition a match condition based on the source IP address of a packet.
  • Page 374 Default Setting None Command Mode IPv6-Class-Map Config 7.21.3 Policy Commands The 'policy' command set is used in DiffServ to define: Traffic Conditioning Specify traffic conditioning actions (policing, marking, shaping) to apply to traffic classes Service Provisioning Specify bandwidth and queue depth management requirements of service levels (EF, AF, etc.) The policy commands are used to associate a traffic class, which was defined by the class command set, with one or more QoS policy attributes.
  • Page 375 7.21.3.1 assign-queue This command modifies the queue id to which the associated traffic stream is assigned. The queueid is an integer from 0 to n-1, where n is the number of egress queues supported by the device. Syntax assign-queue <0-7> <0-7>...
  • Page 376 <slot/port> - Interface Number. Default Setting None Command Mode Policy-Class-Map Config Incompatibilities Drop, Redirect 7.21.3.4 redirect This command specifies that all incoming packets for the associated traffic stream are redirected to a specific egress interface (physical port or port-channel). Syntax redirect <slot/port>...
  • Page 377 Incompatibilities Drop, Mirror 7.21.3.6 mark cos This command marks all packets for the associated traffic stream with the specified class of service value in the priority field of the 802.1p header. If the packet does not already contain this header, one is inserted.
  • Page 378 7.21.3.8 no class This command deletes the instance of a particular class and its defined treatment from the specified policy. Syntax no class <classname> <classname> is the name of an existing DiffServ class. Note that this command removes the reference to the class definition for the specified policy. Command Mode Policy-Class-Map Config 7.21.3.9 mark ip-dscp...
  • Page 379 Command Mode Policy-Class-Map Config Policy Type Incompatibilities Drop, Mark (all forms) 7.21.3.11 police-simple This command is used to establish the traffic policing style for the specified class. The simple form of the police command uses a single data rate and burst size, resulting in two outcomes: conform and violate. The conforming data rate is specified in kilobits-per-second (Kbps) and is an integer from 1 to 4294967295.
  • Page 380 <set-prec-transmit> - an IP Precedence value is required and is specified as an integer from 0-7. Command Mode Policy-Class-Map Config Incompatibilities Drop, Mark(all forms) 7.21.3.12 policy-map This command establishes a new DiffServ policy. The <policyname> parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the policy. The type of policy is specific to the inbound traffic direction as indicated by the in parameter.
  • Page 381 7.21.4 Service Commands The 'service' command set is used in DiffServ to define: Traffic Conditioning Assign a DiffServ traffic conditioning policy (as specified by the policy commands) to an interface in the incoming direction. Service Provisioning Assign a DiffServ service provisioning policy (as specified by the policy commands) to an interface in the outgoing direction The service commands attach a defined policy to a directional interface.
  • Page 382 Interface Config (for a specific interface) Restrictions Only a single policy may be attached to a particular interface in a particular direction at any one time. 7.21.4.2 no service-policy This command detaches a policy from an interface in a particular direction. Syntax no service-policy in <policy-map-name>...
  • Page 383 7.21.5.1 show class-map This command displays all configuration information for the specified class. Syntax show class-map [<classname>] <classname> is the name of an existing DiffServ class. Default Setting None Command Mode Privileged Exec User Exec Display Message Class Name: The name of this class. Class Type: The class type (all, any, or acl) indicating how the match criteria are evaluated for this class.
  • Page 384 Syntax show diffserv Default Setting None Command Mode Privileged Exec User Exec Display Message DiffServ Admin mode: The current value of the DiffServ administrative mode. Class Table Size Current/Max: The current or maximum number of entries (rows) in the Class Table.
  • Page 385 Display Message DiffServ Admin Mode: The current setting of the DiffServ administrative mode. An attached policy is only in effect on an interface while DiffServ is in an enabled mode. Interface: The slot number and port number of the interface (slot/port). Direction: The traffic direction of this interface service.
  • Page 386 Syntax show policy-map [<policy-map-name>] <policy-map-name> - is the name of an existing DiffServ policy. Default Setting None Command Mode Privileged Exec Display Message Policy Name: The name of this policy. Policy Type: The policy type, namely whether it is an inbound or outbound policy definition. The following information is repeated for each class associated with this policy (only those policy attributes actually configured are displayed): Class Name: The name of this class.
  • Page 387 Assign Queue: Directs traffic stream to the specified QoS queue. This allows a traffic classifier to specify which one of the supported hardware queues are used for handling packets belonging to the class. Drop: Drop a packet upon arrival. This is useful for emulating access control list operation using DiffServ, especially when DiffServ and ACL cannot co-exist on the same interface.
  • Page 388 In Discarded Packets: A count of the packets discarded for this class instance for any reason due to DiffServ treatment of the traffic class. Only displayed for the 'in' direction. None of the counters listed here are guaranteed to be supported on all platforms. Only supported counters are shown in the display output.

  • Page 389: Acl Command

    7.22 ACL Command 7.22.1 Show Commands 7.22.1.1 show mac access-lists name This command displays a MAC access list and all of the rules that are defined for the ACL. The <name> parameter is used to identify a specific MAC ACL to display. Syntax show mac access-lists <name>...
  • Page 390 Syntax show mac access-lists Default Setting None Command Mode Privileged Exec Display Message Current number of all ACLs: The number of user-configured rules defined for this ACL. Maximum number of all ACLs: The maximum number of ACL rules. MAC ACL Name: The name of the MAC ACL rule. Rules: The number of rule in this ACL.
  • Page 391 ACL ID: The identifier of this ACL. Rule: This displays the number identifier for each rule that is defined for the ACL. Action: This displays the action associated with each rule. The possible values are Permit or Deny. Match ALL: Match all packets or not. Protocol: This displays the protocol to filter for this rule.
  • Page 392 ACL ID: Access List name for a MAC or IPv6 access list or the numeric identifier for an IP access list. Sequence Number: An optional sequence number may be specified to indicate the order of this access list relative to other access lists already assigned to this interface and direction. A lower number indicates higher precedence order.
  • Page 393 <newname> - New name which uniquely identifies the MAC access list. Default Setting None Command Mode Global Config 7.22.2.3 mac access-group in This command attaches a specific MAC Access Control List (ACL) identified by <name> to an interface, or associates it with a VLAN ID, in a given direction. The <name> parameter must be the name of an exsiting MAC ACL.
  • Page 394 A rule may either deny or permit traffic according to the specified classification fields. At a minimum, the source and destination MAC value and mask pairs must be specified, each of which may be substituted using the keyword any to indicate a match on any value in that field. The bpdu keyword may be specified for the destination MAC value/mask pair indicating a well-known BPDU MAC value of 01-80-c2-xx-xx-xx (hex), where 'xx' indicates a don't care.
  • Page 395 <accesslistnumber> - The ACL number is an integer from 1 to 199. The range 1 to 99 is for the normal ACL List and 100 to 199 is for the extended ACL List. permit or deny - The ACL rule is created with two options. The protocol to filter for an ACL rule is specified by giving the protocol to be used like icmp ,igmp ,ip ,tcp, udp.
  • Page 396 access list replaces the currently attached IP access list using that sequence number. If the sequence number is not specified for this command, a sequence number that is one greater than the highest sequence number currently in use for this interface and direction is used. This command specified in 'Interface Config' mode only affects a single interface, whereas the 'Global Config' mode setting is applied to all interfaces.

  • Page 397: Ipv6 Acl Command

    no - This command removes the IP ACL identified by <name> from the system. Default Setting None Command Mode Global Config 7.22.2.9 ip access-list rename Use this command to change the name of an IP Access Control List (ACL). The <name> parameter is the names of an existing IP ACL.
  • Page 398 Command Mode Privileged EXEC User EXEC Display Message Rule Number: The ordered rule number identifier defined within the IPv6 ACL. Action: The action associated with each rule. The possible values are Permit or Deny. Match All: Indicates whether this access list applies to every packet. Possible values are True or False.
  • Page 399 The CLI mode changes to IPv6-Access-List Config mode when you successfully execute this command. Default Setting None Command Mode Global Config 7.23.2.2 ipv6 access-list rename This command changes the name of an IPv6 ACL. The <name> parameter is the name of an existing IPv6 ACL.
  • Page 400 specified. The source and destination IPv6 address fields may be specified using the keyword ‘any’ to indicate a match on any value in that field. The remaining command parameters are all optional, but the most frequently used parameters appear in the same relative order as shown in the command format. The assign-queue parameter allows specification of a particular hardware queue for handling traffic that matches this rule.

  • Page 401: Cos (Class Of Service) Command

    Default Setting None Command Mode Global Config Interface Config 7.24 CoS (Class of Service) Command 7.24.1 Show Commands 7.24.1.1 show queue cos-map This command displays the current Dot1p (802.1p) priority mapping to internal traffic classes for a specific interface. The slot/port parameter is optional and is only valid on platforms that support independent per-port class of service mappings.
  • Page 402 7.24.1.2 show queue ip-dscp-mapping This command maps an IP DSCP value to an internal traffic class. The <ipdscp> value is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef.
  • Page 403 Non-IP Traffic Class: The traffic class used for non-IP traffic. This is only displayed when the COS trust mode is set to either 'trust ip-dscp' or 'trust ip-precedence'. Untrusted Traffic Class: The traffic class used for all untrusted traffic. This is only displayed when the COS trust mode is set to 'untrusted'.
  • Page 404 7.24.2 Configuration Commands 7.24.2.1 queue cos-map This command maps an 802.1p priority to an internal traffic class on a "per-port" basis. Syntax queue cos-map <0-7> <0-7> no queue cos-map < 0-7 > - The range of queue priority is 0 to 7. <...
  • Page 405 Syntax queue trust {dot1p | ip-dscp | untrusted } all no queue trust all no - This command sets the class of service trust mode to untrusted for all interfaces. Default Setting None Command Mode Global Config. 7.24.2.3 queue cos-queue min-bandwidth This command specifies the minimum transmission bandwidth guarantee for each interface queue.
  • Page 406 <bw-0> <bw-1> … <bw-6>- Each Valid range is (0 to 100) in increments of 5 and the total sum is less than or equal to 100. no - This command restores the default for each queue's minimum bandwidth value in the device. Default Setting None Command Mode...
  • Page 407 7.24.2.5 queue cos-queue traffic-shape This command specifies the maximum transmission bandwidth limit for the interface as a whole. Also known as rate shaping, this has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded. Syntax queue cos-queue traffic-shape <bw>...

  • Page 408: Domain Name Server Relay Commands

    7.25 Domain Name Server Relay Commands 7.25.1 Show Commands 7.25.1.1 show hosts This command displays the static host name-to-address mapping table. Syntax show hosts Default Setting None Command Mode Privileged Exec Display Message Domain Name List: Domain Name. IP Address: IPv4 or IPv6 address of the Host. 7.25.1.2 show dns This command displays the configuration of the DNS server.
  • Page 409 Response: Number of the DNS response packets been received. 7.25.1.3 show dns cache This command displays all entries in the DNS cache table. Syntax show dns cache Default Setting None Command Mode Privileged Exec Display Message Domain Name List: Domain Name IP Address: IP address of the corresponding domain name, including IPv4 and IPv6.
  • Page 410 Command Mode Global Config 7.25.2.2 clear hosts This command clears the entire static host name-to-address mapping table. Syntax clear hosts Default Setting None Command Mode Privileged Exec 7.25.2.3 ip domain-name This command defines the default domain name to be appended to incomplete host names (i.e., host names passed from a client are not formatted with dotted notation).
  • Page 411 7.25.2.4 ip domain-list This command defines the domain name that can be appended to incomplete host names (i.e., host names passed from a client are not formatted with dotted notation). The domain name table can contain maximum 6 entries. Syntax ip domain-list <name>...
  • Page 412 7.25.2.6 ip domain-lookup This command enables the IP Domain Naming System (DNS)-based host name-to-address translation. Syntax ip domain-lookup no ip domain-lookup <no> - This command disables the IP Domain Naming System (DNS)-based host name-to-address translation. Default Setting None Command Mode Global Config 7.25.2.7 clear domain-list This command clears all entries in the domain name list table.
  • Page 413 Default Setting None Command Mode Privileged Exec 7.25.2.9 clear dns cache This command clears all entries in the DNS cache table. Syntax clear dns cache Default Setting None Command Mode Privileged Exec 7.25.2.10 clear dns counter This command clears the statistics of all entries in the DNS cache table. Syntax clear dns counter Default Setting...

  • Page 414: Routing Commands

    Routing Commands Address Resolution Protocol (ARP) Commands 8.1.1 Show Commands 8.1.1.1 show ip arp This command displays the Address Resolution Protocol (ARP) cache. Syntax show ip arp Default Setting None Command Mode Privileged Exec Display Message Age Time: Is the time it takes for an ARP entry to age out. This value was configured into the unit. Age time is measured in seconds.
  • Page 415 Type: Is the type that was configured into the unit. The possible values are Local, Gateway, Dynamic and Static. Age: This field displays the current age of the ARP entry since last refresh (in hh:mm:ss format). 8.1.1.2 show ip arp brief This command displays the brief Address Resolution Protocol (ARP) table information.
  • Page 416 Command Mode Privileged Exec Display Message IP address: Is the IP address of a device on a subnet attached to an existing routing interface. MAC address: Is the MAC address for that device. 8.1.2 Configuration Commands 8.1.2.1 This command creates an ARP entry. The value for <ipaddress> is the IP address of a device on a subnet attached to an existing routing interface.
  • Page 417 no - This command disables proxy ARP on a router interface. Default Setting Enabled Command Mode Interface Config 8.1.2.3 ip local-proxy-arp This command enables or disables Local Proxy ARP on an interface. Syntax ip local-proxy-arp no ip local-proxy-arp no - This command disables Local Proxy ARP on a router interface. Default Setting Disabled Command Mode...
  • Page 418 8.1.2.5 arp dynamicrenew This command enables ARP component to automatically renew ARP entries of type dynamic when they age out. Syntax arp dynamicrenew no arp dynamicrenew no - This command disables ARP component from automatically renewing ARP entries of type dynamic when they age out.
  • Page 419 <1-10> - The range of default response time is 1 to 10 seconds. no - This command configures the default response timeout time. Default Setting The default response time is 1. Command Mode Global Config 8.1.2.8 arp retries This command configures the ARP count of maximum request for retries. Syntax arp retries <0-10>...

  • Page 420: Ip Routing Commands

    Command Mode Global Config 8.1.2.10 clear ip arp-cache This command causes all ARP entries of type dynamic to be removed form the ARP cache. If the [gateway] parameter is specified, the dynamic entries of type gateway are purged as well. Syntax clear ip arp-cache [gateway | interface <slot/port>] Default Setting...
  • Page 421 IP Forwarding Mode: Disable or enable the forwarding of IP frames. Maximum Next Hops: The maximum number of hops supported by this switch. 8.2.1.2 show ip interface port This command displays all pertinent information about the IP interfaces. Syntax show ip interface port <slot/port> Default Setting None Command Mode...
  • Page 422 8.2.1.3 show ip interface brief This command displays summary information about IP configuration settings for all ports in the router. Syntax show ip interface brief Default Setting None Command Mode Privileged Exec User Exec Display Message Interface: Valid slot, and port number separated by forward slashes. IP Address: The IP address of the routing interface.
  • Page 423 Display Message Route Codes: Displays the key for the routing protocol codes that might appear in the routing table output. The command displays the routing tables in the following format: Code IP-Address/Mask [Preference/Metric] via Next-Hop, Interface Code: The codes for the routing protocols that created the routes. IP-Address/Mask: The IP-Address and mask of the destination network corresponding to this route.
  • Page 424 8.2.1.6 show ip route entry This command displays the router route entry information. Syntax show ip route entry <networkaddress> <networkaddress> - Is a valid network address identifying the network on the specified interface. Default Setting None Command Mode Privileged Exec Display Message Network Address: Is a valid network address identifying the network on the specified interface.
  • Page 425 Route Codes: Displays the key for the routing protocol codes that might appear in the routing table output. The command displays the routing tables in the following format: Code IP-Address/Mask [Preference/Metric] via Next-Hop, Interface Code: The codes for the routing protocols that created the routes. IP-Address/Mask: The IP-Address and mask of the destination network corresponding to this route.
  • Page 426 via Next-Hop: The outgoing router IP address to use when forwarding traffic to the next router (if any) in the path toward the destination. Interface: The outgoing router interface to use when forwarding traffic to the next destination. 8.2.1.9 show ip route rip This command displays Routing Information Protocol (RIP) routes.
  • Page 427 Default Setting None Command Mode Privileged Exec Display Message Route Codes: Displays the key for the routing protocol codes that might appear in the routing table output. The command displays the routing tables in the following format: Code IP-Address/Mask [Preference/Metric] via Next-Hop, Interface Code: The codes for the routing protocols that created the routes.
  • Page 428 Total Routes: Total number of routes in the routing table. 8.2.1.12 show ip route precedence This command displays detailed information about the route preferences. Route preferences are used in determining the best route. Lower router preference values are preferred over higher router preference values.
  • Page 429 Default Setting Disabled Command Mode Interface Config 8.2.2.2 ip routing This command enables the IP Router Admin Mode for the master switch. Syntax ip routing no ip routing no - Disable the IP Router Admin Mode for the master switch. Default Setting Disabled Command Mode...
  • Page 430 8.2.2.4 ip route This command configures a static route. Syntax ip route <networkaddr> <subnetmask> [ <nexthopip> [<1-255 >] ] no ip route <networkaddr> <subnetmask> [ { <nexthopip> | <1-255 > } ] <ipaddr> - A valid IP address . <subnetmask> - A valid subnet mask. <nexthopip>...
  • Page 431 8.2.2.6 ip route precedence This command sets the default precedence for static routes. Lower route preference values are preferred when determining the best route. The "ip route" and "ip default-next-hop" commands allow you to optionally set the precedence of an individual static route. The default precedence is used when no precedence is specified in these commands.

  • Page 432: Open Shortest Path First (Ospf) Commands

    8.2.2.8 encapsulation This command configures the link layer encapsulation type for the packet. Syntax encapsulation {ethernet | snap} ethernet - The link layer encapsulation type is ethernet. snap - The link layer encapsulation type is SNAP. Default Setting The default value is ethernet. Command Mode Interface Config Restrictions...
  • Page 433 Router ID : A 32-bit integer in dotted decimal format identifying the router, about which information is displayed. This is a configured value. OSPF Admin Mode : Shows whether the administrative mode of OSPF in the router is enabled or disabled.
  • Page 434 LSA Count: The total number of link state advertisements currently in the link state database. Maximum Number of LSAs: The maximum number of LSAs that OSPF can store. LSA High Water Mark: The maximum size of the link state database since the system started. Retransmit List Entries: The total number of LSAs waiting to be acknowledged by all neighbors.
  • Page 435 Command Mode Privileged Eexc User Exec Display Messages Type: The type of the route to the destination. It can be either:  intra — Intra-area route  inter — Inter-area route Router ID: Router ID of the destination. Cost: Cost of using this route. Area ID: The area ID of the area from which this route is learned.
  • Page 436 OSPF Stub Metric Value: The metric value of the stub area. This field displays only if the area is a configured as a stub area. The following OSPF NSSA specific information displays only if the area is configured as an NSSA: Import Summary LSAs: Shows whether to import summary LSAs into the NSSA.
  • Page 437 8.3.1.4 show ip ospf asbr This command displays the internal OSPF routing table entries to Autonomous System Boundary Routers (ASBR). This command takes no options. Syntax show ip ospf asbr Default Setting None Command Mode Privileged Exec User Exec Display Messages Type: The type of the route to the destination.
  • Page 438 nssa-external - Use nssa-external to display NSSA external LSAs. opaque-area - Use opaque-area to display area opaque LSAs. opaque-as - Use opaque-as to display AS opaque LSAs. opaque-link - Use opaque-link to display link opaque LSAs. router - Use router to display router LSAs. summary - Use summary to show the LSA database summary information.
  • Page 439 Command Mode Privileged Exec User Exec Display Messages Router: Total number of router LSAs in the OSPF link state database. Network: Total number of network LSAs in the OSPF link state database. Summary Net: Total number of summary network LSAs in the database. Summary ASBR: Number of summary ASBR LSAs in the database.
  • Page 440 Retransmit Interval: A number representing the OSPF Retransmit Interval for the specified interface. Hello Interval: A number representing the OSPF Hello Interval for the specified interface. Dead Interval: A number representing the OSPF Dead Interval for the specified interface. LSA Ack Interval: A number representing the OSPF LSA Acknowledgment Interval for the specified interface.
  • Page 441 OSPF Admin Mode: States whether OSPF is enabled or disabled on a router interface. OSPF Area ID: The OSPF Area Id for the specified interface. Router Priority: A number representing the OSPF Priority for the specified interface. Hello Interval: A number representing the OSPF Hello Interval for the specified interface. Dead Interval: A number representing the OSPF Dead Interval for the specified interface.
  • Page 442 External LSA Count: The number of external (LS type 5) link-state advertisements in the link-state database. Sent Packets: The number of OSPF packets transmitted on the interface. Received Packets: The number of valid OSPF packets received on the interface. Discards: Discards The number of received OSPF packets discarded because of an error in the packet or an error in processing the packet.
  • Page 443 Default Setting None Command Mode Privileged Exec User Exec Display Messages If you do not specify an IP address, a table with the following columns displays for all neighbors or the neighbor associated with the interface that you specify: Router ID: The 4-digit dotted-decimal number of the neighbor router. Priority: The OSPF priority for the specified interface.
  • Page 444 Router Priority: The OSPF priority for the specified interface. The priority of an interface is a priority integer from 0 to 255. A value of '0' indicates that the router is not eligible to become the designated router on this network. Dead Timer Due: The amount of time, in seconds, to wait before the router assumes the neighbor is unreachable.
  • Page 445 Syntax show ip ospf statistics Default Setting None Command Mode Privileged Exec User Exec Display Messages Delta T: How long ago the SPF ran. The time is in the format hh:mm:ss, giving the hours, minutes, and seconds since the SPF run. SPF Duration: How long the SPF took in milliseconds.
  • Page 446 Metric Val: The metric value is applied based on the TOS. It defaults to the least metric of the type of service among the interfaces to other areas. The OSPF cost for a route is a function of the metric value.
  • Page 447 Default Setting None Command Mode Privileged Exec User Exec Display Messages Area ID: The area id of the requested OSPF area. Neighbor: The neighbor interface of the OSPF virtual interface. Hello Interval: The configured hello interval for the OSPF virtual interface. Dead Interval: The configured dead interval for the OSPF virtual interface.
  • Page 448 Default Setting Enabled Command Mode Router OSPF Config Mode 8.3.2.3 network area Use network area command to enable OSPFv2 on an interface and set its area ID if the IP address of an interface is covered by this network command. Use no network area command to disable the OSPFv2 on a interface if the IP address of an interface was earlier covered by this network command Syntax network <ip-address>...
  • Page 449 8.3.2.5 1583compatibility 1583 compatibility mode is enabled by default. If all OSPF routers in the routing domain are capable of operating according to RFC 2328, OSPF 1583 compatibility mode should be disabled. 1583compatibility command enables OSPF 1583 compatibility. no 1583compatibility command disables OSPF 1583 compatibility Syntax 1583compatibility...
  • Page 450 Command Mode Router OSPF Config Mode 8.3.2.8 area nssa default-info-originate area nssa default-info-originate command configures the metric value and type for the default route advertised into the NSSA. The optional metric parameter specifies the metric of the default route and is to be in a range of 1-16777214.
  • Page 451 Syntax area <areaid> nssa no-summary no area <areaid> nssa no-summary Default Setting None Command Mode Router OSPF Config Mode 8.3.2.11 area nssa translator-role area nssa translator-role command configures the translator role of the NSSA. A value of always causes the router to assume the role of the translator the instant it becomes a border router and a value of candidate causes the router to participate in the translator election process when it attains border router status.
  • Page 452 Command Mode Router OSPF Config Mode 8.3.2.13 area range area range command creates a specified area range for a specified NSSA. The <ipaddr> is a valid IP address. The <subnetmask> is a valid subnet mask. The LSDB type must be specified by either summarylink or nssaexternallink, and the advertising of the area range can be allowed or suppressed.
  • Page 453 8.3.2.15 area stub no-summary area stub no-summary command configures the Summary LSA mode for the stub area identified by <areaid>. Use this command to prevent LSA Summaries from being sent. no area stub no-summary command configures the default Summary LSA mode for the stub area identified by <areaid>. Syntax area <areaid>...
  • Page 454 no area virtual-link authentication command configures the default authentication type for the OSPF virtual interface identified by <areaid> and <neighbor>. The <neighbor> parameter is the Router ID of the neighbor. Syntax area <areaid> virtual-link <neighbor> authentication {none | {simple <key>} | {encrypt <key> <keyid>}} no area <areaid>...
  • Page 455 Default Setting Command Mode Router OSPF Config Mode 8.3.2.20 area virtual-link retransmit-interval area virtual-link retransmit-interval command configures the retransmit interval for the OSPF virtual interface on the virtual interface identified by <areaid> and <neighbor>. The <neighbor> parameter is the Router ID of the neighbor. The range for seconds is 0 to 3600.. no area virtual-link retransmit -interval command configures the default retransmit interval for the OSPF virtual interface on the virtual interface identified by <areaid>...
  • Page 456 8.3.2.22 auto-cost By default, OSPF computes the link cost of each interface from the interface bandwidth. Faster links have lower metrics,making them more attractive in route selection. The configuration parameters in the auto-cost reference bandwidth and bandwidth commands give you control over the default link cost. You can configure for OSPF an interface bandwidth that is independent of the actual link speed.
  • Page 457 8.3.2.24 capability opaque Use capability opaque command to enable Opaque Capability on the Router. The information contained in Opaque LSAs may be used directly by OSPF or indirectly by an application wishing to distribute information throughout the OSPF domain. Supports the storing and flooding of Opaque LSAs of different scopes.
  • Page 458 8.3.2.27 clear ip ospf counters Use this command to reset global and interface statistics Syntax clear ip ospf counters Default Setting None Command Mode Privileged Exec 8.3.2.28 clear ip ospf neighbor Use this command to drop the adjacency with all OSPF neighbors. On each neighbor’s interface, send a one-way hello.Adjacencies may then be re-established.
  • Page 459 Command Mode Privileged Exec 8.3.2.30 clear ip ospf redistribution Use this command to flush all self-originated external LSAs. Reapply the redistribution configuration and re-originate prefixes as necessary. Syntax clear ip ospf redistribution Default Setting None Command Mode Privileged Exec 8.3.2.31 default-information originate default-information originate command is used to control the advertisement of default routes.
  • Page 460 Default Setting None Command Mode Router OSPF Config Mode 8.3.2.33 distance ospf distance ospf command sets the route preference value of OSPF in the router. Lower route preference values are preferred when determining the best route. The type of OSPF route can be intra, inter, or external.
  • Page 461 8.3.2.35 exit-overflow-interval exit-overflow-interval command configures the exit overflow interval for OSPF. It describes the number of seconds after entering overflow state that a router will wait before attempting to leave the overflow state. This allows the router to again originate non-default AS-external-LSAs. When set to 0, the router will not leave overflow state until restarted.
  • Page 462 8.3.2.37 ip ospf authentication ip ospf authentication command sets the OSPF Authentication Type and Key for the specified interface. The value of <type> is either none, simple or encrypt. The <key> is composed of standard displayable, non-control keystrokes from a Standard 101/102-key keyboard. The authentication key must be 8 bytes or less if the authentication type is simple.
  • Page 463 Syntax ip ospf dead-interval <seconds> no ip ospf dead-interval Default Setting Command Mode Interface Config 8.3.2.40 ip ospf hello-interval ip ospf hello-interval command sets the OSPF hello interval for the specified interface. The value for seconds is a valid positive integer, which represents the length of time in seconds. The value for the length of time must be the same for all routers attached to a network.
  • Page 464 no ip ospf network Default Setting Broadcast Command Mode Interface Config 8.3.2.42 ip ospf priority ip ospf priority command sets the OSPF priority for the specified router interface. The priority of the interface is a priority integer from 0 to 255. A value of 0 indicates that the router is not eligible to become the designated router on this network.
  • Page 465 8.3.2.44 ip ospf transmit-delay ip ospf transmit-delay command sets the OSPF Transit Delay for the specified interface. The transmit delay is specified in seconds. In addition, it sets the estimated number of seconds it takes to transmit a link state update packet over this interface. Valid values for <seconds> range from 1 to 3600 (1 hour). no ip ospf transmit-delay command sets the default OSPF Transit Delay for the specified interface Syntax ip ospf transmit-delay <1-3600>...
  • Page 466 Syntax router-id <ipaddress> Default Setting None Command Mode Router OSPF Config Mode 8.3.2.47 redistribute redistribute command configures OSPF protocol to allow redistribution of routes from the specified source protocol/routers. no redistribute command configures OSPF protocol to prohibit redistribution of routes from the specified source protocol/routers. Syntax redistribute {rip | bgp | static | connected} [metric <0-16777214>] [metric-type {1 | 2}] [tag <0-4294967295>] [subnets]...
  • Page 467 Command Mode Router OSPF Config Mode 8.3.2.49 passive-interface default passive-interface default command to enable global passive mode by default for all interfaces. It overrides any interface level passive mode. OSPF will not form adjacencies over a passive interface. no passive-interface default command to disable the global passive mode by default for all interfaces. Any interface previously configured to be passive reverts to non-passive mode.

  • Page 468: Bootp/Dhcp Relay Commands

    Syntax timers spf <delay-time> <hold-time> Default Setting delay-time—5 hold-time—10 Command Mode Router OSPF Config Mode BOOTP/DHCP Relay Commands 8.4.1 Show Commands 8.4.1.1 show bootpdhcprelay This command displays the BootP/DHCP Relay information. Syntax show bootpdhcprelay Default Setting None Command Mode Privileged Exec User Exec Display Message Maximum Hop Count: Is the maximum allowable relay agent hops.
  • Page 469 8.4.2 Configuration Commands 8.4.2.1 bootpdhcprelay cidoptmode This command enables the circuit ID option mode for BootP/DHCP Relay on the system. Syntax bootpdhcprelay cidoptmode no bootpdhcprelay cidoptmode Default Setting Disabled Command Mode Global Config 8.4.2.2 bootpdhcprelay enable This command enables the forwarding of relay requests for BootP/DHCP Relay on the system. Syntax bootpdhcprelay enable no bootpdhcprelay enable...
  • Page 470 <count> - The range of maximum hop count is 1 to 16. no - Set the maximum hop count to 4. Default Setting The default value is 4. Command Mode Global Config 8.4.2.4 bootpdhcprelay minwaittime This command configures the minimum wait time in seconds for BootP/DHCP Relay on the system. When the BOOTP relay agent receives a BOOTREQUEST message, it may use the seconds-since-client-began-booting field of the request as a factor in deciding whether to relay the request or not.

  • Page 471: Routing Information Protocol (Rip) Commands

    Command Mode Global Config Routing Information Protocol (RIP) Commands 8.5.1 Show Commands 8.5.1.1 show ip rip This command displays information relevant to the RIP router. Syntax show ip rip Default Setting None Command Mode Privileged Exec Display Message RIP Admin Mode: Select enable or disable from the pulldown menu. If you select enable RIP will be enabled for the switch.
  • Page 472 Distance: Configured distance value for rip routes. 8.5.1.2 show ip rip interface This command displays information related to a particular RIP interface. Syntax show ip rip interface <slot/port> < slot/port > - Interface number Default Setting None Command Mode Privileged Exec Display Message Interface: Valid slot and port number separated by forward slashes.
  • Page 473 8.5.1.3 show ip rip interface brief This command displays general information for each RIP interface. For this command to display successful results routing must be enabled per interface (i.e. ip rip). Syntax show ip rip interface brief Default Setting None Command Mode Privileged Exec Display Message...
  • Page 474 8.5.2.2 ip rip This command enables RIP on a router interface. Syntax ip rip no ip rip no - This command disables RIP on a router interface. Default Setting Disabled Command Mode Interface Config 8.5.2.3 auto-summary This command enables the RIP auto-summarization mode. Syntax auto-summary no auto-summary...
  • Page 475 no - This command is used to cancel the advertisement of default routes. Default Setting Not configured Command Mode Router RIP Config 8.5.2.5 default-metric This command is used to set a default for the metric of distributed routes. Syntax default-metric <1-15> no default-metric <1 - 15>...
  • Page 476 Command Mode Router RIP Config 8.5.2.7 hostrouteaccept This command enables the RIP hostroutesaccept mode. Syntax hostrouteaccept no hostrouteaccept no - This command disables the RIP hostroutesaccept mode. Default Setting Enabled Command Mode Router RIP Config 8.5.2.8 split-horizon This command sets the RIP split horizon mode. None mode will not use RIP split horizon mode. Simple mode will be that a route is not advertised on the interface over which it is learned.
  • Page 477 8.5.2.9 distribute-list This command is used to specify the access list to filter routes received from the source protocol. Source protocols have OSPF, Static, and Connected. Syntax distribute-list <1-199> out {ospf | static | connected} no distribute-list <1-199> out {ospf | static | connected} <1 - 199>...
  • Page 478 Command Mode Router RIP Config 8.5.2.11 ip rip authentication This command sets the RIP Version 2 Authentication Type and Key for the specified interface. The value of <type> is either none, simple, or encrypt. The value for authentication key [key] must be 16 bytes or less. The [key] is composed of standard displayable, non-control keystrokes from a Standard 101/102-key keyboard.

  • Page 479: Router Discovery Protocol Commands

    no - This command configures the interface to allow RIP control packets of the default version(s) to be received. Default Setting Both Command Mode Interface Config 8.5.2.13 ip rip send version This command configures the interface to allow RIP control packets of the specified version to be sent. The value for <mode>...
  • Page 480 Syntax show ip irdp {<slot/port> | all} <slot/port> - Show router discovery information for the specified interface. <all> - Show router discovery information for all interfaces. Default Setting None Command Mode Privileged Exec User Exec Display Message Ad Mode: Displays the advertise mode which indicates whether router discovery is enabled or disabled on this interface.
  • Page 481 Command Mode Interface Config 8.6.2.2 ip irdp broadcast This command configures the address to be used to advertise the router for the interface. Syntax ip irdp broadcast no ip irdp broadcast broadcast - The address used is 255.255.255.255. no - The address used is 224.0.0.1. Default Setting The default address is 224.0.0.1 Command Mode...
  • Page 482 8.6.2.4 ip irdp maxadvertinterval This commands configures the maximum time, in seconds, allowed between sending router advertisements from the interface. Syntax ip irdp maxadvertinterval < minadvertinterval-1800 > no ip irdp maxadvertinterval < minadvertinterval-1800 > - The range is 4 to 1800 seconds. no - This command configures the default maximum time, in seconds.

  • Page 483: Vlan Routing Commands

    Syntax ip irdp preference < -2147483648-2147483647> no ip irdp preference < -2147483648-2147483647> - The range is -2147483648 to 2147483647. no - This command sets the preference to 0. Default Setting The default value is 0. Command Mode Global Config VLAN Routing Commands 8.7.1 show ip vlan This command displays the VLAN routing information for all VLANs with routing enabled in the...

  • Page 484: Virtual Router Redundancy Protocol (Vrrp) Commands

    8.7.2 vlan routing This command creates routing on a VLAN. Syntax vlan routing <vlanid> [<vlan-index>] no vlan routing <vlanid> <vlanid> - The range is 1 to 3965. <vlan-index> - VLAN routing index, the range is 1 to 128. no - Delete routing on a VLAN. Default Setting None Command Mode...
  • Page 485 Router Version Errors: Represents the total number of VRRP packets received with Unknown or unsupported version number. Router VRID Errors: Represents the total number of VRRP packets received with invalid VRID for this virtual router. 8.8.1.2 show ip vrrp brief This command displays information about each virtual router configured on the switch.
  • Page 486 Command Mode Privileged Exec User Exec Display Message VRID: Represents the router ID of the virtual router. Primary IP Address: This field represents the configured IP Address for the Virtual router. VMAC address: Represents the VMAC address of the specified router. Authentication type: Represents the authentication type for the specific virtual router.
  • Page 487 Advertisement Interval Errors: Represents the total number of VRRP advertisements received for which advertisement interval is different than the configured value for this virtual router. Authentication Failure: Represents the total number of VRRP packets received that don't pass the authentication check. IP TTL errors: Represents the total number of VRRP packets received by the virtual router with IP TTL (time to live) not equal to 255.
  • Page 488 This command sets the virtual router ID on an interface for Virtual Router configuration in the router. Syntax ip vrrp <1-255> no ip vrrp <1-255> <1-255> - The range of virtual router ID is 1 to 255. <no> - This command removes all VRRP configuration details of the virtual router configured on a specific interface.
  • Page 489 Syntax ip vrrp <1-255> mode no ip vrrp <1-255> mode <1-255> - The range of virtual router ID is 1 to 255. <no> - Disable the virtual router configured on the specified interface. Disabling the status field stops a virtual router. Default Setting Disabled Command Mode...
  • Page 490 no ip vrrp <1-255> preempt <1-255> - The range of virtual router ID is 1 to 255. <no> - This command sets the default preemption mode value for the virtual router configured on a specified interface. Default Setting Enabled Command Mode Interface Config 8.8.2.6 ip vrrp priority...
  • Page 491 Syntax ip vrrp <1-255> timers advertise <1-255> ip vrrp <1-255> timers advertise <1-255> - The range of virtual router ID is 1 to 255. < 1-255 > - The range of advertisement interval is 1 to 255. <no> - This command sets the default advertisement value for a virtual router. Default Setting The default value of advertisement interval is 1.
  • Page 492 8.8.2.9 ip vrrp track ip route This command tracks the route reachability. When the tracked route is deleted, the priority of the VRRP router will be decremented by the value specified in the decrement argument. When the tracked route is added, the priority will be incremented by the same.

  • Page 493: Ip Multicast Commands

    IP Multicast Commands Distance Vector Multicast Routing Protocol (DVMRP) Commands This section provides a detailed explanation of the DVMRP commands. The commands are divided into the following different groups: Show commands are used to display device settings, statistics and other information. Configuration commands are used to configure features and options of the switch.
  • Page 494 9.1.1.2 show ip dvmrp interface This command displays the interface information for DVMRP on the specified interface. Syntax show ip dvmrp interface <slot/port> <slot/port> - Valid slot and port number separated by forward slashes. Default Setting None Command Mode Privileged Exec User EXEC Display Message Interface Mode: This field indicates whether DVMRP is enabled or disabled on the specified...
  • Page 495 User EXEC Display Message IfIndex: This field displays the value of the interface used to reach the neighbor. Nbr IP Addr: This field indicates the IP Address of the DVMRP neighbor for which this entry contains information. State: This field displays the state of the neighboring router. The possible value for this field are ACTIVE or DOWN.
  • Page 496 9.1.1.5 show ip dvmrp prune This command displays the table listing the router’s upstream prune information Syntax show ip dvmrp prune Default Setting None Command Mode Privileged Exec User Exec Display Message Group IP: This field identifies the multicast Address that is pruned. Source IP: This field displays the IP Address of the source that has pruned.
  • Page 497 Upstream Neighbor: This field indicates the IP Address of the neighbor which is the source for the packets for a specified multicast address. Interface: This field displays the interface used to receive the packets sent by the sources. Metric: This field displays the distance in hops to the source subnet. This field has a different meaning than the Interface Metric field.

  • Page 498: Internet Group Management Protocol (Igmp) Commands

    Command Mode Interface Config 9.1.2.2 ip dvmrp metric This command configures the metric for an interface. This value is used in the DVMRP messages as the cost to reach this network. Syntax ip dvmrp metric <value> no ip dvmrp metric <value> <value>...
  • Page 499 Default Setting None Command Mode Privileged Exec User EXEC Display Message IGMP Admin Mode: This field displays the administrative status of IGMP. This is a configured value. Interface: Valid slot and port number separated by forward slashes. Interface Mode: This field indicates whether IGMP is enabled or disabled on the interface. This is a configured value.
  • Page 500 If detail is specified, the following fields are displayed: Multicast IP Address: This displays the IP Address of the registered multicast group on this interface. Last Reporter: This displays the IP Address of the source of the last membership report received for the specified multicast group address on this interface.
  • Page 501 Robustness: This field displays the tuning for the expected packet loss on a subnet. If a subnet is expected to be have a lot of loss, the Robustness variable may be increased for that interface. This is a configured value. Startup Query Interval (secs): This value indicates the interval between General Queries sent by a Querier on startup.
  • Page 502 Source Filter Mode: The source filter mode (Include/Exclude) for the specified group on this interface. This is “-----” for IGMPv1 and IGMPv2 Membership Reports. Source Hosts: This displays the list of unicast source IP Addresses in the group record of the IGMPv3 Membership Report with the specified multicast group IP Address.
  • Page 503 9.2.2 Configuration Commands 9.2.2.1 ip igmp This command sets the administrative mode of IGMP in the router to active. Syntax ip igmp no ip igmp no - This command sets the administrative mode of IGMP in the router to inactive. Default Setting Disabled Command Mode...
  • Page 504 no - This command resets the version of IGMP for this interface. The version is reset to the default value. Default Setting Command Mode Interface Config 9.2.2.3 ip igmp last-member-query-count This command sets the number of Group-Specific Queries sent before the router assumes that there are no local members on the interface.
  • Page 505 Command Mode Interface Config 9.2.2.5 ip igmp query-interval This command configures the query interval for the specified interface. This is the frequency at which IGMP Host-Query packets are transmitted on this interface. Syntax ip igmp query-interval <1-3600> no ip igmp query-interval <1-3600>...
  • Page 506 9.2.2.7 ip igmp robustness This command configures the robustness that allows tuning of the interface. The robustness is the tuning for the expected packet loss on a subnet. If a subnet is expected to have a lot of loss, the Robustness variable may be increased for the interface.

  • Page 507: Mld Commands

    9.2.2.9 ip igmp startup-query-interval This command sets the interval between General Queries sent by a Querier on startup on the interface. The time interval value is in seconds. Syntax ip igmp startup-query-interval <1-300> no ip igmp startup-query-interval <1-300> - The range for <1-300> is 1 to 300 seconds. no - This command resets the interval between General Queries sent by a Querier on startup on the interface to the default value.
  • Page 508 Command Mode Privileged Exec Display Message The following fields are displayed as a table when <slot/port> is specified. Group Address: The address of the multicast group. Interface: Interface through which the multicast group is reachable. Up Time: Time elapsed in hours, minutes, and seconds since the multicast group has been known. Expiry Time: Time left in hours, minutes, and seconds before the entry is removed from the MLD membership table.
  • Page 509 MLD Version: Indicates the version of MLD configured on the interface. Query Interval: Indicates the configured query interval for the interface. Query Max Response Time: Indicates the configured maximum query response time (in seconds) advertised in MLD queries on this interface. Robustness: Displays the configured value for the tuning for the expected packet loss on a subnet attached to the interface.
  • Page 510 Queries Received: The number of valid MLD queries received by the router. Queries Sent: The number of valid MLD queries sent by the router. Reports Received: The number of valid MLD reports received by the router. Reports Sent: The number of valid MLD reports sent by the router. Leaves Received: The number of valid MLD leaves received by the router.
  • Page 511 Default Setting 1000 milliseconds Command Mode Interface Config 9.3.2.3 ipv6 mld last-member-query-interval Use this command to set the last member query interval for the MLD interface, which is the value of the maximum response time parameter in the group specific queries sent out of this interface. The range for <last-member-query-interval>...
  • Page 512 9.3.2.5 ipv6 mld router Use this command, in the administrative mode of the router, to enable MLD in the router. Syntax ipv6 mld router no ipv6 mld router Default Setting Disabled Command Mode Global Config Interface Config 9.3.2.6 clear ipv6 mld counters The user can go to the CLI Privilege Configuration Mode to clear MLD counters on the system, use the clear ipv6 mld counters [<slot/port>] priviledge configuration command.

  • Page 513: Multicast Commands

    Default Setting None Command Mode Privilege Exec 9.3.2.8 ipv6 mld version This command configures the version of MLD for an interface. Syntax ipv6 mld version {1 | 2} no ipv6 mld version <1- 2> - The mld version number. no - This command resets the version of MLD for this interface. The version is reset to the default value.
  • Page 514 User Exec Display Message Admin Mode: This field displays the administrative status of multicast. This is a configured value. Protocol State: This field indicates the current state of the multicast protocol. Possible values are Operational or Non-Operational. Table Max Size: This field displays the maximum number of entries allowed in the multicast table. Protocol: This field displays the multicast protocol running on the router.
  • Page 515 <slot/port > - Interface number. Default Setting None Command Mode Privileged Exec User Exec Display Message Interface: Valid slot and port number separated by forward slashes. TTL: This field displays the time-to-live value for this interface. 9.4.1.4 show ip mcast mroute This command displays a summary or all the details of the multicast table.
  • Page 516 Source IP: This field displays the IP address of the multicast data source. Group IP: This field displays the IP address of the destination of the multicast packet. Protocol: This field displays the multicast routing protocol by which this entry was created. Incoming Interface: This field displays the interface on which the packet for this source/group arrives.
  • Page 517 Outgoing Interface List: This field displays the list of outgoing interfaces on which this packet is forwarded. This command displays the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces, RPF neighboring routers, and expiration times of all the entries in the multicast mroute table containing the given <sourceipaddr>...
  • Page 518 9.4.2 Configuration Commands 9.4.2.1 ip multicast This command sets the administrative mode of the IP multicast forwarder in the router to active. For multicast routing to become operational, IGMP must be currently enabled. An error message will be displayed on the CLI if multicast routing is enabled while IGMP is disabled. However, the IP multicast mode configuration is stored in the multicast configuration file and is automatically enabled once IGMP is enabled.

  • Page 519: Protocol Independent Multicast - Dense Mode (Pim-Dm) Commands

    Command Mode Interface Config 9.4.2.3 ip multicast ttl-threshold This command applies the given <ttlthreshold> to a routing interface. The <ttlthreshold> is the TTL threshold which is to be applied to the multicast Data packets which are to be forwarded from the interface.
  • Page 520 Command Mode Privileged Exec User Exec Display Message Admin Mode: This field indicates whether PIM-DM is enabled or disabled. This is a configured value. Interface: Valid slot and port number separated by forward slashes. Interface Mode: This field indicates whether PIM-DM is enabled or disabled on this interface. This is a configured value.
  • Page 521 <slot/port> - Interface number. all - this command represents all interfaces. Default Setting None Command Mode Privileged Exec User Exec Display Message Interface: Valid slot and port number separated by forward slashes. IP Address: This field indicates the IP Address that represents the PIM-DM interface. Nbr Count: This field displays the neighbor count for the PIM-DM interface.
  • Page 522 9.5.2 Configuration Commands 9.5.2.1 ip pimdm This command enables the administrative mode of PIM-DM in the router. Syntax ip pimdm no ip pimdm no - This command disables the administrative mode of PIM-DM in the router. IGMP must be enabled before PIM-DM can be enabled. Default Setting Disabled Command Mode...

  • Page 523: Protocol Independent Multicast - Sparse Mode (Pim-Sm) Commands

    9.5.2.3 ip pimdm hello-interval This command configures the transmission frequency of hello messages between PIM enabled neighbors. This field has a range of 10 to 3600 seconds. Syntax ip pimdm hello-interval <10 - 3600> no ip pimdm hello-interval <10 - 3600> - This is time interval in seconds. no - This command resets the transmission frequency of hello messages between PIM enabled neighbors to the default value.
  • Page 524 Register Threshold Rate (Kbps): This field indicates the threshold rate for the RP router to switch to the shortest path. This is a configured value. Interface: Valid slot and port number separated by forward slashes. Interface Mode: This field indicates whether PIM-SM is enabled or disabled on the interface. This is a configured value.
  • Page 525 <slot/port> - Interface number. Default Setting None Command Mode Privileged Exec User Exec Display Message Slot/Port: Valid slot and port number separated by forward slashes. IP Address: This field indicates the IP address of the specified interface. Subnet Mask: This field indicates the Subnet Mask for the IP address of the PIM interface. Hello Interval: This field indicates the frequency at which PIM hello messages are transmitted on this interface.
  • Page 526 IP Address: This field displays the IP Address of the neighbor on an interface. Up Time: This field indicates the time since this neighbor has become active on this interface. Expiry Time: This field indicates the expiry time of the neighbor on this interface. 9.6.1.5 show ip pimsm rphash This command displays which rendezvous point (RP) is being used for a specified group.
  • Page 527 9.6.2 Configuration Commands 9.6.2.1 ip pimsm This command sets administrative mode of PIM-SM multicast routing across the router to enabled. IGMP must be enabled before PIM-SM can be enabled. Syntax ip pimsm no ip pimsm no - This command sets administrative mode of PIM-SM multicast routing across the router to disabled.
  • Page 528 9.6.2.3 ip pimsm register-threshold This command is used to configure the Threshold rate for the RP router to switch to the shortest path. The rate is specified in Kilobits per second. The possible values are 0 to 2000. Syntax ip pimsm register-threshold <0 - 2000> no ip pimsm register-threshold <0 - 2000>...
  • Page 529 The parameter <group-mask> is the group mask for the group address. The optional keyword override indicates that if there is a conflict, the RP configured with this command prevails over the RP learned by BSR. Syntax ip pimsm rp-address <rp-address> <group-address> <group-mask> [override] no ip pimsm rp-address <rp-address>...
  • Page 530 Syntax ip pimsm query-interval <0 - 18000> no ip pimsm query-interval <0 - 18000> - This is time interval in seconds. no - This command resets the transmission frequency of hello messages between PIM enabled neighbors to the default value. Default Setting Command Mode Interface Config...
  • Page 531 no - This command is used to reset the priority to default value. Default Setting Command Mode Interface Config 9.6.2.10 ip pimsm bsr-candidate This command is used to configure the router to announce its candidacy as a bootstrap router (BSR). Syntax ip pimsm bsr-candidate interface <slot/port>...

  • Page 532: Igmp Proxy Commands

    no - This command is used to disable the router to advertise itself as a PIM candidate rendezvous point (RP) to the bootstrap router (BSR). Default Setting None Command Mode Global Config 9.6.2.12 ip pimsm ssm default Use this command to define the Source Specific Multicast (SSM) range of IP multicast addresses. Syntax ip pimsm ssm {default | <group-address>...
  • Page 533 Default Setting None Command Mode Privileged Exec User Exec Display Message Interface index: The interface number of the IGMP Proxy. Admin Mode: States whether the IGMP Proxy is enabled or not. This is a configured value. Operational Mode: States whether the IGMP Proxy is operationally enabled or not. This is a status parameter.
  • Page 534 Member State: The status of the entry. Possible values are IDLE_MEMBER or DELAY_MEMBER.  IDLE_MEMBER - interface has responded to the latest group membership query for this group.  DELAY_MEMBER - interface is going to send a group membership report to respond to a group membership query for this group.
  • Page 535 9.7.1.4 show ip igmp-proxy interface This command displays a detailed list of the host interface status parameters. It displays the following parameters only when you enable IGMP Proxy. Syntax show ip igmp-proxy interface Default Setting None Command Mode Privileged Exec User Exec Display Message Interface Index: Shows the slot/port of the IGMP proxy.
  • Page 536 Command Mode Interface Config 9.7.2.2 ip igmp-proxy reset-status This command resets the host interface status parameters of the IGMP Proxy router. This command is valid only when you enable IGMP Proxy on the interface. Syntax ip igmp-proxy reset-status Default Setting None Command Mode Interface Config...

  • Page 537: Mld Proxy Commands

    MLD Proxy Commands MLD-Proxy is the IPv6 equivalent of IGMP-Proxy. MLD-Proxy commands allow you to configure the network device as well as to view device settings and statistics using either serial interface or telnet session. The operation of MLD-Proxy commands is the same as for IGMP-Proxy: MLD is for IPv6 and IGMP is for IPv4.MGMD is a term used to refer to both IGMP and MLD.
  • Page 538 Syntax show ipv6 mld-proxy groups Default Setting None Command Mode Privileged Exec User Exec Display Message Interface: The interface number of the MLD-Proxy. Group Address: The IP address of the multicast group. Last Reporter: The IP address of the host that last sent a membership report for the current group, on the network attached to the MLD-Proxy interface (upstream interface).
  • Page 539 group, on the network attached to the MLD-Proxy interface (upstream interface). Up Time (in secs): The time elapsed since last created. Member State: Possible values are:  Idle_Member - interface has responded to the latest group membership query for this group. ...
  • Page 540 9.8.2 Configuration Commands 9.8.2.1 ipv6 mld-proxy This command enables MLD-Proxy on the router. To enable MLD-Proxy on the router, you must enable multicast forwarding. Also, make sure that there are no other multicast routing protocols enabled n the router. Syntax ipv6 mld-proxy no ipv6 mld-proxy no - This command disables the MLD-Proxy on the router.
  • Page 541 no ipv6 mld-proxy unsolicit-rprt-interval no - This command resets the unsolicited report interval of the MLD-Proxy router to the default value. Default Setting None Command Mode Interface Config - 541 -...

  • Page 542: Ipv6 Commands

    IPv6 Commands 10.1 Tunnel Interface Commands The commands in this section describe how to create, delete, and manage tunnel interfaces.Several different types of tunnels provide functionality to facilitate the transition of IPv4 networks to IPv6 networks. These tunnels are divided into two classes: configured and automatic. The distinction is that configured tunnels are explicitly configured with a destination or endpoint of the tunnel.
  • Page 543 address and prefix display. 10.1.2 Configuration Commands 10.1.2.1 interface tunnel This command uses to enter the Interface Config mode for a tunnel interface. The <tunnel-id> range is 0 to 7. Syntax interface tunnel <0-7> no interface tunnel <0-7> no - This command removes the tunnel interface and associated configuration parameters for the specified tunnel interface.

  • Page 544: Loopback Interface Commands

    10.1.2.3 tunnel destination This command specifies the destination transport address of the tunnel. Syntax tunnel destination {<ipv4-address>} <ipv4-address> - A valid IP Address. Default Setting None Command Mode Interfacel Tunnel Mode 10.1.2.4 tunnel mode ipv6ip This command specifies the mode of the tunnel. With the optional 6to4 argument, the tunnel mode is set to 6to4 automatic.
  • Page 545 10.2.1 Show Commands 10.2.1.1 show interface loopback This command displays information about configured loopback interfaces. Syntax show interface loopback [<0-7>] Default Setting None Command Mode Privileged Exec Display Message If you do not specify a loopback ID, the following information appears for each loopback interface on the system: Loopback ID: Shows the loopback ID associated with the rest of the information in the row.

  • Page 546: Ipv6 Routing Commands

    interface loopback <0-7> no interface loopback <0-7> no - This command removes the loopback interface and associated configuration parameters for the specified loopback interface. Default Setting Disabled Command Mode Global Config 10.3 IPv6 Routing Commands This section describes the IPv6 commands you use to configure IPv6 on the system and on the interfaces.
  • Page 547 ICMPv6 Rate Limit Burst Size:Shows the number of ICMPv6 error messages that can be sent during one burst-interval. For more information, see “ipv6 icmp error-interval” Maximum Routes:Shows the maximum IPv6 route table size. 10.3.1.2 show ipv6 interface port This command displays the usability status of IPv6 interfaces. Syntax show ipv6 interface [{ brief | port <slot/port>...
  • Page 548 Router Advertisement Reachable Time: Shows the amount of time, in milliseconds, to consider a neighbor reachable after neighbor discovery confirmation. Router Advertisement Interval: Shows the frequency, in seconds, that router advertisements are sent. Router Advertisement Managed Config Flag: Shows whether the managed configuration flag is set (enabled) for router advertisements on this interface.
  • Page 549 Neighbor State: State of neighbor cache entry. Possible values are Incomplete, Reachable, Stale, Delay, Probe, and Unknown. Age(Seconds): Shows the system uptime when the information for the neighbor was last updated. 10.3.1.4 show ipv6 interface neighbors static This command display static neighbor cache table on the system each interface port. Syntax show ipv6 interface neighbors static Default Setting...
  • Page 550 MAC Address: The MAC Address used. isRtr: Specifies the router flag. Neighbor State: The state of the neighbor cache entry. Possible values are: Reachable, Delay. Age Updated: The time in seconds that has elapsed since an entry was added to the cache. 10.3.1.6 show ipv6 route This command displays the IPv6 routing table The <ipv6-address>...
  • Page 551 Next-Hop: The outgoing router IPv6 address to use when forwarding traffic to the next router (if any) in the path toward the destination Route-Timestamp: The last updated time for dynamic routes. The format of Route-Timestamp will  Days:Hours:Minutes if days > = 1 ...
  • Page 552 Syntax show ipv6 route summary [all] Default Setting None Command Mode Privileged Exec Display Message Connected Routes: Total number of connected routes in the routing table. Static Routes: Shows whether the IPv6 unicast routing mode is enabled. OSPF Routes: Total number of routes installed by OSPFv3 protocol. Reject Routes : Total number of reject routes installed by all protocols.
  • Page 553 10.3.1.10 show ipv6 traffic This command displays traffic and statistics for IPv6 and ICMPv6. Specify a logical, loopback, or tunnel interface to view information about traffic on a specific interface. If you do not specify an interface, the command displays information about traffic on all interfaces. Syntax show ipv6 traffic [{<slot/port>...
  • Page 554 Datagrams Successfully Reassembled: Number of IPv6 datagrams successfully reassembled. Note that this counter increments at the interface to which these datagrams were addressed, which might not be necessarily the input interface for some of the fragments. Datagrams Failed To Reassemble: Number of failures detected by the IPv6 reassembly algorithm (for whatever reason: timed out, errors, etc.).
  • Page 555 ICMPv6 Router Solicit Messages Received: Number of ICMP Router Solicit messages received by the interface. ICMPv6 Router Advertisement Messages Received: Number of ICMP Router Advertisement messages received by the interface. ICMPv6 Neighbor Solicit Messages Received: Number of ICMP Neighbor Solicit messages received by the interface.
  • Page 556 ICMPv6 Duplicate Address Detects: Number of duplicate addresses detected by interface. 10.3.2 Configuration Commands 10.3.2.1 ipv6 forwarding This command enables IPv6 forwarding on the switch. Syntax Ipv6 forwarding no ipv6 forwarding no - This command disables IPv6 forwarding on the switch. Default Setting Enabled Command Mode...
  • Page 557 10.3.2.3 ipv6 unicast-routing Use this command to enable the forwarding of IPv6 unicast packets. Syntax ipv6 unicast-routing no ipv6 unicast-routing no – Use this command to disable the forwarding of IPv6 unicast packets. Default Setting Disabled Command Mode Global Config 10.3.2.4 ipv6 enable Use this command to enable IPv6 routing on an interface, including a tunnel and loopback interface that has not been configured with an explicit IPv6 address.
  • Page 558 using this command since one is automatically created. The <prefix> field consists of the bits of the address to be configured. The <prefix_length> designates how many of the high-order contiguous bits of the address make up the prefix. You can express IPv6 addresses in eight blocks. Also of note is that instead of a period, a colon now separates each block.
  • Page 559 <gateway-address> - Gateway address in IPv6 global or link-local address format. no – Use this command remove IPv6 gateways on the network port interface. Command Mode Interface vlan 10.3.2.7 ipv6 route Use this command to configure an IPv6 static route. The <ipv6-prefix> is the IPv6 network that is the destination of the static route.
  • Page 560 Changing the default distance does not update the distance of existing static routes, even if they were assigned the original default distance. The new default distance will only be applied to static routes created after invoking the ipv6 route distance command. Syntax ipv6 route distance <1-255>...
  • Page 561 no ipv6 nd dad attempts no – This command resets to number of duplicate address detection value to default value. Default Setting Command Mode Interface Config 10.3.2.11 ipv6 nd managed-config-flag This command sets the “managed address configuration” flag in router advertisements. When the value is true, end nodes use DHCPv6.
  • Page 562 Default Setting Command Mode Interface Config 10.3.2.13 ipv6 nd other-config-flag This command sets the “other stateful configuration” flag in router advertisements sent from the interface. Syntax ipv6 nd other-config-flag no ipv6 nd other-config-flag no – This command resets the “other stateful configuration” flag back to its default value in router advertisements sent from the interface.
  • Page 563 10.3.2.15 ipv6 nd ra-lifetime This command sets the value, in seconds, that is placed in the Router Lifetime field of the router advertisements sent from the interface. The <lifetime> value must be zero, or it must be an integer between the value of the router advertisement transmission interval and 9000. A value of zero means this router is not to be used as the default router.
  • Page 564 no –This command enables router transmission on an interface. Default Setting Disabled Command Mode Interface Config 10.3.2.18 ipv6 nd prefix This command sets the IPv6 prefixes to include in the router advertisement. The first optional parameter is the valid lifetime of the router, in seconds. You can specify a value or indicate that the lifetime value is infinite.
  • Page 565 10.3.2.19 ipv6 unreachables Use this command to enable the generation of ICMPv6 Destination Unreachable messages. By default, the generation of ICMPv6 Destination Unreachable messages is enabled. Syntax ipv6 unreachables no ipv6 unreachables no – This command prevent the generation of ICMPv6 Destination Unreachable messages. Default Setting Enabled Command Mode...

  • Page 566: Ospfv3 Commands

    10.3.2.21 ipv6 neighbors static The user can add/delete a static neighbor into neighbor cache table. Syntax ipv6 neighbors static <ipv6-address> <mac-address> no ipv6 neighbors static <ipv6-address> <ipv6-address> - Enter the IPv6 Address. <mac-address> - Enter the MAC Address. no – This command sets IPv6 neighbor configuration to default values. Default Setting None Command Mode...
  • Page 567 Router ID: Is a 32 bit integer in dotted decimal format identifying the router, about which information is displayed. This is a configured value. OSPF Admin Mode: Shows whether the administrative mode of OSPF in the router is enabled or disabled.
  • Page 568 10.4.1.2 show ip ospf abr This command displays the internal OSPFv3 routes to reach Area Border Routers (ABR).This command takes no options. Syntax show ipv6 ospf abr Default Setting None Command Mode Privileged Exec User Exec Display Messages Type: The type of the route to the destination. It can be either: ...
  • Page 569 External Routing: Is a number representing the external routing capabilities for this area. Spf Runs: Is the number of times that the intra-area route table has been calculated using this area's link-state database. Area Border Router Count: The total number of area border routers reachable within this area. Area LSA Count: Total number of link-state advertisements in this area's link-state database, excluding AS External LSAs.
  • Page 570 Display Messages Type: The type of the route to the destination. It can be either:  intra — Intra-area route  inter — Inter-area route Router ID: Router ID of the destination Cost: Cost of using this route Area ID: The area ID of the area from which this route is learned. Next Hop: Next hop toward the destination Next Hop Intf: The outgoing router interface to use when forwarding traffic to the next hop.
  • Page 571 LSDB interface. Age: Is a number representing the age of the link state advertisement in seconds. Sequence: Is a number that represents which LSA is more recent. Checksum: Is the total number LSA checksum. Options: This is an integer. It indicates that the LSA receives special handling during routing calculations.
  • Page 572 10.4.1.7 show ipv6 ospf interface This command displays the information for the IFO object or virtual interface tables. Syntax show ipv6 ospf interface {<slot/port> | loopback <0-7> | tunnel <0-7>} <slot/port> - Interface number. <0-7> - Loopback/Tunnel Interface ID. Default Setting None Command Mode Privileged Exec...
  • Page 573 broadcast. The OSPF Interface Type will be 'broadcast'. State: The OSPF Interface States are: down, loopback, waiting, point-to-point, designated router, and backup designated router. Designated Router: The router ID representing the designated router. Backup Designated Router: The router ID representing the backup designated router. Number of Link Events: The number of link events.
  • Page 574 10.4.1.9 show ipv6 ospf interface stats This command displays the statistics for a specific interface. The command only displays information if OSPF is enabled Syntax show ipv6 ospf interface stats <slot/port> <slot/port> - Interface number. Default Setting None Command Mode Privileged Exec User Exec Display Messages...
  • Page 575 No Neighbor at Source Address: The number of OSPF packets dropped because the sender is not an existing neighbor or the sender’s IP address does not match the previously recorded IP address for that neighbor. NOTE: Does not apply to Hellos. Invalid OSPF Packet Type The number of OSPF packets discarded because the packet type field in the OSPF header is not a known type.
  • Page 576  Exchange start - the first step in creating an adjacency between the two neighboring routers, the goal is to decide which router is the master and to decide upon the initial DD sequence number.  Exchange - the router is describing its entire link state database by sending Database Description packets to the neighbor.
  • Page 577 User Exec Display Messages Area ID: The area id of the requested OSPF area. IP Address: An IP Address which represents this area range. Subnet Mask: A valid subnet mask for this area range. Lsdb Type: The type of link advertisement associated with this area range. Advertisement: The status of the advertisement.
  • Page 578 <areaid> - Area ID. <neighbor> - Neighbor's router ID. Default Setting None Command Mode Privileged Exec User Exec Display Messages Area ID: The area id of the requested OSPF area. Neighbor Router ID: The input neighbor Router ID. Hello Interval: The configured hello interval for the OSPF virtual interface. Dead Interval: The configured dead interval for the OSPF virtual interface.
  • Page 579 Retransmit Interval: Is the configured retransmit interval for the OSPFv3 virtual interface. Transit Delay: Is the configured transit delay for the OSPFv3 virtual interface. 10.4.2 Configuration Commands 10.4.2.1 ipv6 ospf This command enables OSPF on a router interface or loopback interface. Syntax ipv6 ospf no ipv6 ospf...
  • Page 580 10.4.2.3 ipv6 ospf cost This command configures the cost on an OSPF interface. The <cost> parameter has a range of 1 to 65535. Syntax ipv6 ospf cost <1-65535> no ipv6 ospf cost <no> - This command configures the default cost on an OSPF interface. Default Setting None Command Mode...
  • Page 581 must be the same for all routers attached to a network. Valid values for <seconds> range from 1 to 65535. Syntax ipv6 ospf hello-interval <seconds> no ipv6 ospf hello-interval <no> - This command sets the default OSPF hello interval for the specified interface. Default Setting Command Mode Interface Config...
  • Page 582 Syntax ipv6 ospf network {broadcast | point-to-point} no ipv6 ospf network {broadcast | point-to-point} <no> - This command sets the interface type to the default value. Default Setting Broadcast Command Mode Interface Config 10.4.2.8 ipv6 ospf priority This command sets the OSPF priority for the specified router interface. The priority of the interface is a priority integer from 0 to 255.
  • Page 583 <no> - This command sets the default OSPF retransmit Interval for the specified interface. Default Setting Command Mode Interface Config 10.4.2.10 ipv6 ospf transmit-delay This command sets the OSPF Transit Delay for the specified interface. The transmit delay is specified in seconds.
  • Page 584 10.4.2.12 area default-cost This command configures the monetary default cost for the stub area. The operator must specify the area id and an integer value between 1-16777215. Syntax area <areaid> default-cost <1-16777215> <areaid> - Area ID. Default Setting None Command Mode Router OSPFv3 Config 10.4.2.13 area nssa This command configures the specified areaid to function as an NSSA.
  • Page 585 Syntax area <areaid> nssa default-info-originate [<1-16777215>] [{comparable | non-comparable}] no area <areaid> nssa default-info-originate [<1-16777215>] [{comparable | non-comparable}] <areaid> - Area ID. <1-16777215> - The metric of the default route. The range is 1 to 16777215. comparable - It's NSSA-External 1. non-comparable - It's NSSA-External 2.
  • Page 586 Syntax area <areaid> nssa no-summary no area <areaid> nssa no-summary <areaid> - Area ID. no - This command disables nssa from the summary LSAs. Default Setting None Command Mode Router OSPFv3 Config 10.4.2.17 area nssa translator-role This command configures the translator role of the NSSA. A value of always causes the router to assume the role of the translator the instant it becomes a border router and a value of candidate causes the router to participate in the translator election process when it attains border router status.
  • Page 587 Syntax area <areaid> nssa translator-stab-intv <0-3600> no area <areaid> nssa translator-stab-intv <areaid> - Area ID. <0-3600> - The range is 0 to 3600. no - Disables the nssa translator’s <stabilityinterval> from the specified area id. Default Setting None Command Mode Router OSPFv3 Config 10.4.2.19 area range This command creates a specified area range for a specified NSSA.
  • Page 588 10.4.2.20 area stub This command creates a stub area for the specified area ID. A stub area is characterized by the fact that AS External LSAs are not propagated into the area. Removing AS External LSAs and Summary LSAs can significantly reduce the link state database of routers within the stub area. Syntax area <areaid>...
  • Page 589 10.4.2.22 area virtual-link This command creates the OSPF virtual interface for the specified <areaid> and <neighbor>. The <neighborid> parameter is the Router ID of the neighbor. Syntax area <areaid> virtual-link <neighborid> no area <areaid> virtual-link <neighborid> <areaid> - Area ID. <neighborid>...
  • Page 590 10.4.2.24 area virtual-link hello-interval This command configures the hello interval for the OSPF virtual interface on the interface identified by <areaid> and <neighborid>. Syntax area <areaid> virtual-link <neighborid> hello-interval <1-65535> no area <areaid> virtual-link <neighborid> hello-interval <areaid> - Area ID. <neighborid>...
  • Page 591 10.4.2.26 area virtual-link transmit-delay This command configures the transmit delay for the OSPF virtual interface on the virtual interface identified by <areaid> and <neighborid>. Syntax area <areaid> virtual-link <neighborid> transmit-delay <0-3600> no area <areaid> virtual-link <neighborid> transmit-delay <areaid> - Area ID. <neighborid>...
  • Page 592 10.4.2.28 default-information originate This command is used to control the advertisement of default routes. Syntax default-information originate [always] [metric <1-16777215>] [metric-type {1 | 2}] no default-information originate [metric] [metric-type] [always] - Sets the router advertise 0.0.0.0/0.0.0.0. metric - The range of the metric is 1 to 16777215. metric type - The value of metric type is type 1 or type 2.
  • Page 593 10.4.2.30 distance ospf This command sets the route preference value of OSPF in the router. Lower route preference values are preferred when determining the best route. The type of OSPF can be intra, inter, type-1, or type-2. The OSPF specification (RFC 2328) requires that preferences must be given to the routes learned via OSPF in the following order: intra <...
  • Page 594 10.4.2.32 exit-overflow-interval This command configures the exit overflow interval for OSPF. It describes the number of seconds after entering Overflow state that a router will wait before attempting to leave the Overflow State. This allows the router to again originate non-default AS-external-LSAs. When set to 0, the router will not leave Overflow State until restarted.
  • Page 595 10.4.2.34 maximum-paths This command sets the number of paths that OSPF can report for a given destination where <maxpaths> is platform dependent. Syntax maximum-paths <1-2> no maximum-paths <1-2> - The maximum number of paths that OSPF can report for a given destination. The range of the value is 1 to 2.
  • Page 596 Default Setting Disabled Command Mode Router OSPFv3 Config. 10.4.2.37 redistribute This command configures the OSPFv3 protocol to allow redistribution of routes from the specified source protocol/routers. Syntax redistribute {static | connected} [metric <0-16777214>] [metric-type {1 | 2}] [tag <0-4294967295>] no redistribute { static | connected} [metric] [metric-type] [tag] <0-16777215>...

  • Page 597: Ripng Commands

    10.5 RIPng Commands RIPng is intended to allow routers to exchange information for computing routes through an IPv6-based network. RIPng is a distance vector protocol. RIPng should be implemented only in routers. Any router that uses RIPng is assumed to have interfaces to one or more networks, otherwise it isn’t really a router. These are referred to as its directly-connected networks.
  • Page 598 Info Time: Configured value. Enable Ripng of interfaces: List all interfaces enabled RIPng. Enable passive mode of interfaces: List all interfaces enabled RIPng passive. 10.5.2 Configuration Commands 10.5.2.1 enable This command resets the default administrative mode of RIPng in the router (active). Syntax enable no enable...
  • Page 599 10.5.2.3 ipv6 router rip Use this command to enter Router RIPng mode. Syntax ipv6 router rip Default Setting Disabled Command Mode Global Config 10.5.2.4 default-information originate This command is used to set the advertisement of default routes. Syntax default-information originate no default-information originate no - This command is used to cancel the advertisement of default routes.
  • Page 600 Default Setting Not configured Command Mode IPv6 Router RIP Config 10.5.2.6 distance rip This command sets the route preference value of RIPng in the router. Lower route preference values are preferred when determining the best route. Syntax distance rip <1-255> no distance rip <1-255>...
  • Page 601 Command Mode IPv6 Router RIP Config 10.5.2.8 redistribute This command configures RIPng protocol to redistribute routes from the specified source protocol/routers. Source protocols have OSPF, Static, and Connetced. Syntax Format for OSPF as source protocol: redistribute ospf [metric <1-15>] Format for other source protocols: redistribute {static | connected} [metric <1-15>] no redistribute {ospf | static | connected} [metric] <1 - 15>...

  • Page 602: Protocol Independent Multicast - Dense Mode (Pim-Dm) Commands

    Default Setting update - the default value is 30 (seconds) garbage - the default value is 120 (seconds) info - the default value is 180 (seconds) Command Mode Global Config 10.5.2.10 ipv6 rip passive-interface The user can go to the CLI Interface Configuration Mode to set ipv6 rip passive, use the ipv6 rip passive-interface interface configuration command.
  • Page 603 Command Mode Privileged Exec User Exec Display Message PIM-DM Admin Mode: Indicates whether PIM-DM is enabled or disabled. Interface: Valid unit, slot, and port number separated by forward slashes. Interface Mode: Indicates whether PIM-DM is enabled or disabled on this interface. Operational State: The current state of PIM-DM on this interface.
  • Page 604 Command Mode Privileged Exec User Exec Display Message Interface: Valid unit, slot, and port number separated by forward slashes. Neighbor Address: The IP address of the neighbor on an interface. Up Time: The time since this neighbor has become active on this interface. Expiry Time: The expiry time of the neighbor on this interface.

  • Page 605: Protocol Independent Multicast - Sparse Mode (Pim-Sm) Commands

    no - Use this command to set the PIM-DM hello interval to the default value. Default Setting Disabled Command Mode Interface Config Protocol Independent Multicast – Sparse Mode (PIM-SM) Commands 10.7 10.7.1 Show Commands 10.7.1.1 show ipv6 pimsm This command displays the system-wide information for PIM-SM. Syntax show ipv6 pimsm Default Setting...
  • Page 606 10.7.1.2 show ipv6 pimsm bsr This command displays the bootstrap router (BSR) information. The output includes elected BSR information and information about the locally configured candidate rendezvous point (RP) advertisement. Syntax show ipv6 pimsm bsr Default Setting None Command Mode Privileged Exec User Exec Display Message...
  • Page 607 IP Address: The IP address of the specified interface. Subnet Mask: The Subnet Mask for the IP address of the PIM interface. Hello Interval (secs): The frequency at which PIM hello messages are transmitted on this interface. By default, the value is 30 seconds. Join Prune Interval (secs): The join/prune interval for the PIM-SM router.
  • Page 608 Default Setting None Command Mode Privileged Exec User Exec Display Message RP: The IP address of the RP for the group specified. Origin: Indicates the mechanism (BSR or static) by which the RP was selected. 10.7.1.6 show ipv6 pimsm rp mapping Use this command to display all group-to-RP mappings of which the router is a aware (either configured or learned from the bootstrap router (BSR)).
  • Page 609 no - This command sets administrative mode of PIM-SM multicast routing across the router to disabled. MLD must be enabled before PIM-SM can be enabled. Default Setting Disbaled Command Mode Global Config Interface Config 10.7.2.2 ipv6 pimsm bsr-candidate This command is used to configure the router to announce its candidacy as a bootstrap router (BSR). Syntax ipv6 pimsm bsr-candidate interface <slot/port>...
  • Page 610 no - This command resets the register threshold rate for the Rendezvous Pointer router to the default value. Default Setting Command Mode Global Config 10.7.2.4 ipv6 pimsm rp-address This command is used to statically configure the RP address for one or more multicast groups. The parameter <rpaddress>...
  • Page 611 Default Setting Command Mode Global Config 10.7.2.6 ipv6 pimsm spt-threshold This command is used to configure the Data Threshold rate for the last-hop router to switch to the shortest path. The rate is specified in Kilobits per second. The possible values are 0 to 2000. Syntax iipv6 pimsm spt-threshold <1-2000>...
  • Page 612 10.7.2.8 ipv6 pimsm bsr-border Use this command to prevent bootstrap router (BSR) messages from being sent or received through an interface. Syntax ipv6 pimsm bsr-border no ipv6 pimsm bsr-border no - Use this command to disable the interface from being the BSR border. Default Setting Disbaled Command Mode...
  • Page 613 no - Use this command to set the join/prune interval to the default value. Default Setting Command Mode Interface Config 10.7.2.11 ipv6 pimsm hello-interval This command is used to configure the PIM-SM hello interval for the specified interface. The hello interval range is 0-18000 is specified in seconds.

  • Page 614: Web-Based Management Interface

    Web-Based Management Interface 11.1 Overview The Layer 3 Network Switch provides a built-in browser software interface that lets you configure and manage it remotely using a standard Web browser such as Microsoft Internet Explorer or Netscape Navigator. This software interface also allows for system monitoring and management of the Network Switch.

  • Page 615: System Menu

    7. IPv4 Multicast Menu: This section provides users to configure IGMP, DVMRP, Multicast, PIM-DM, PIM-SM. It also provides information for a multicast distribution tree. 8. IPv6 Multicast Menu: This section provides users to configure MLD, PIM-DM, PIM-SM. It also provides information for a multicast distribution tree. 11.2 System Menu 11.2.1...
  • Page 616 Non-Configurable Data System Description - The product name of this switch. Machine Type - The machine type of this switch. Machine Model - The model within the machine type. Serial Number - The unique box serial number for this switch. Part Number - The manufacturing part number.
  • Page 617 Boot Rom Version - The release-version number of the boot rom code currently running on the switch. For example, if the release was 1, and the version was 2, the format would be '1.2'. Label Revision Number - The label revision serial number of this switch is used for manufacturing purpose.
  • Page 618 Interface = y...... SFP+(The yth 10-Giga information of switch 1). 10 Gigabit Ethernet Compliance Codes: Transceiver’s compliance codes. Vendor Name: The SFP transceiver vendor name shall be the full name of the corporation, a commonly accepted abbreviation of the name of the corporation, the SCSI company code for the corporation, or the stock exchange code for the corporation.
  • Page 619 Configurable Data System Name - Enter the name you want to use to identify this switch. You may use up to 31 alpha-numeric characters. The factory default is blank. System Location - Enter the location of this switch. You may use up to 31 alpha-numeric characters.
  • Page 620 System Up time - The time in days, hours and minutes since the last switch reboot. Current SNTP Syncronized Time - Displays currently synchronized SNTP time in UTC. If time is not syncronised, it displays "Not Syncronized." MIBs Supported - The list of MIBs supported by the management agent running on this switch. Command Buttons Submit - Update the switch with the values on the screen.
  • Page 621 Non-Configurable Data Burned-in MAC Address - The burned-in MAC address used for in-band connectivity. Default Routers - The IPv6 default routers. Command Buttons Submit - Update the switch with the values on the screen. If you want the switch to retain the new values across a power cycle you must perform a save.
  • Page 622 11.2.3.4 Configuring Network Connectivity Page The network interface is the logical interface used for in-band connectivity with the switch via any of the switch's front panel ports. The configuration parameters associated with the switch's network interface do not affect the configuration of the front panel ports through which traffic is switched or routed. To access the switch over a network you must first configure it with IP information (IP address, subnet mask, and default gateway).
  • Page 623 Configurable Data IP Address - The IP address of the interface. The factory default value is 0.0.0.0 Subnet Mask - The IP subnet mask for the interface. The factory default value is 0.0.0.0 Default Gateway - The default gateway for the IP interface. The factory default value is 0.0.0.0 Management VLAN ID Specifies the management VLAN ID of the switch.
  • Page 624 unknown(6) - Unknown status. Last Updated - The last sysUpTime that this neighbor has been updated. Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the router. 11.2.3.6 HTTP Configuration Configurable Data HTTP Session Soft Timeout - This field is used to set the inactivity timeout for HTTP sessions.
  • Page 625 11.2.3.7 Configuring Telnet Session Page Selection Criteria Maximum Number of Telnet Sessions - Use the pulldown menu to select how many simultaneous telnet sessions will be allowed. The maximum is 5, which is also the factory default. Allow New Telnet Sessions - If you set this to no, new telnet sessions will not be allowed. The factory default is yes.
  • Page 626 11.2.3.8 Configuring Outbound Telnet Client Configuration Page Selection Criteria Admin Mode - Specifies if the Outbound Telnet service is Enabled or Disabled. Default value is Enabled. Maximum Sessions - Specifies the maximum number of Outbound Telnet Sessions allowed. Default value is 5. Valid Range is (0 to 5). Configurable Data Session Timeout - Specifies the Outbound Telnet login inactivity timeout.
  • Page 627 Session Timeout - Specifies the Outbound Telnet login inactivity timeout. Default value is 5. Valid Range is (1 to 160). Command Buttons Submit - Sends the updated configuration to the switch. Configuration changes take effect immediately. 11.2.3.10 Configuring Serial Port Page Selection Criteria Baud Rate (bps) - Select the default baud rate for the serial port connection from the pull-down menu.
  • Page 628 Command Buttons Submit - Update the switch with the values on the screen. If you want the switch to retain the new values across a power cycle you must perform a save. 11.2.3.11 Defining User Accounts Page By default, two user accounts exist: ...
  • Page 629 Encryption Protocol - Specify the SNMPv3 Encryption Protocol setting for the selected user account. The valid Encryption Protocols are None or DES. If you select the DES Protocol you must enter a key in the Encryption Key field. If None is specified for the Protocol, the Encryption Key is ignored.
  • Page 630 Selection Criteria Authentication List - Select the authentication login list you want to configure. Select 'create' to define a new login list. When you create a new login list, 'local' is set as the initial authentication method. Method 1 - Use the dropdown menu to select the method that should appear first in the selected authentication login list.
  • Page 631 11.2.3.13 Viewing Login Session Page Non-Configurable Data ID - Identifies the ID of this row. User Name - Shows the user name of user who made the session. Connection From - Shows the IP from which machine the user is connected. Idle Time - Shows the idle session time.
  • Page 632 802.1x Port Security Users The users you assigned to this login list on the Port Access Control User Login Configuration screen - This list is used to authenticate the users for port access, using the IEEE 802.1x protocol. Command Buttons Refresh - Update the information on the page.
  • Page 633 Command Buttons Submit - Sends the updated screen to the switch and causes the changes to take effect on the switch. These changes will not be retained across a power cycle unless you perform a save. Refresh - Updates the information on the page. 11.2.3.16 Defining Password Management Configurable Data Password Minimum Length - All new local user passwords must be at least this many characters in...
  • Page 634 11.2.3.17 Defining Denial Of Service Page Selection Criteria TCP Fragment - Enable or disable this option by selecting the corresponding line on the pulldown entry field. Enabling TCP Fragment DoS prevention causes the switch to drop packets that have a TCP header smaller then the configured Min TCP Hdr Size.
  • Page 635 SMAC=DMAC - Enable or disable this option by selecting the corresponding line on the pulldown entry field. Enabling SMAC=DMAC DoS prevention causes the switch to drop packets that have a source MAC address equal to the destination MAC address. The factory default is disabled. TCP FIN&URG&PSH - Enable or disable this option by selecting the corresponding line on the pulldown entry field.
  • Page 636 Configurable Data Aging Interval(secs) - The forwarding database contains static entries, which are never aged out, and dynamically learned entries, which are removed if they are not updated within a given time. You specify that time by entering a value for the Address Ageing Timeout. You may enter any number of seconds between 10 and 1000000.
  • Page 637 Non-Configurable Data MAC Address - A unicast MAC address for which the switch has forwarding and/or filtering information. The format is a two byte hexadecimal VLAN ID number followed by a six byte MAC address with each byte separated by colons. For example: 01:23:45:67:89:AB:CD:EF, where 01:23 is the VLAN ID and 45:67:89:AB:CD:EF is the MAC address.
  • Page 638 11.2.5.2 Viewing Buffered Log Page This help message applies to the format of all logged messages which are displayed for the buffered log, persistent log, or console log. Format of the messages <15>Aug 24 05:34:05 STK0 MSTP[2110]: mspt_api.c(318) 237 %% Interface 12 transitioned to root state on message age timer expiry -The above example indicates a user-level message (1) with severity 7 (debug) on a system that is not stack and generated by component MSTP running in thread id 2110 on Aug 24 05:34:05 by line...
  • Page 639 11.2.5.3 Configuring Command Logger Page Selection Criteria Admin Mode - Enable/Disable the operation of the CLI Command logging by selecting the corresponding pulldown field and clicking Submit. Command Buttons Submit - Update the switch with the values you entered. 11.2.5.4 Configuring Console Log Page This allows logging to any serial device attached to the host.
  • Page 640  Critical (2): critical conditions  Error (3): error conditions  Warning (4): warning conditions  Notice(5): normal but significant conditions  Info (6): informational messages  Debug(7): debug-level messages Command Buttons Submit - Update the switch with the values you entered. 11.2.5.5 Viewing Event Log Page Use this panel to display the event log, which is used to hold error messages for catastrophic events.
  • Page 641 Code - The event code passed to the event log handler by the code reporting the event. Time - The time the event occurred, measured from the previous reset. Command Buttons Refresh - Update the information on the page. Clear Log - Remove all log information. 11.2.5.6 Configuring Hosts configuration Page Selection Criteria Host - This is a list of the hosts that have been configured for syslog.
  • Page 642 Refresh - Refetch the database and display it again starting with the first entry in the table. Delete - Delete a configured host. 11.2.5.7 Configuring Terminal Log Configuration Page This allows logging to any terminal client connected to the switch via telnet or SSH. To receive the log messages, terminals have to enable "terminal monitor"...
  • Page 643  Error (3): error conditions  Warning (4): warning conditions  Notice(5): normal but significant conditions  Informational(6): informational messages  Debug(7): debug-level messages Command Buttons Submit - Update the switch with the values you entered. 11.2.5.8 Configuring syslog configuration Page Selection Criteria Admin Status -For Enabling and Disabling logging to configured syslog hosts.
  • Page 644 Refresh - Refetch the database and display it again starting with the first entry in the table. 11.2.6 Managing Switch Interface 11.2.6.1 Configuring Switch Interface Page Selection Criteria Slot/Port - Selects the interface for which data is to be displayed or configured. Admin Mode - Use the pulldown menu to select the Port control administration state.
  • Page 645 Broadcast Storm Control - Used to enable or disable the broadcast storm feature on the selected interface. The broadcast storm control value can be set to Level 1, Level 2, Level 3, and Level 4. The following description is for the broadcast storm, multicast storm, and unicast storm control. The actual packet rate for switch will convert from the input level and the speed of that interface.
  • Page 646 Selection Criteria MST ID - Select the Multiple Spanning Tree instance ID from the list of all currently configured MST ID's to determine the values displayed for the Spanning Tree parameters. Changing the selected MST ID will generate a screen refresh. If Spanning Tree is disabled this will be a static value, CST, instead of a selector.
  • Page 647 Port Role - Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree. The port role will be one of the following values: Root Port, Designated Port, Alternate Port, Backup Port, Master Port, or Disabled Port. Admin Mode - The Port control administration state.
  • Page 648 Selection Criteria Slot/Port - Selects the interface for which data is to be displayed or configured. Configurable Data Port Description Enter the Description string to be attached to a port. It can be up to 64 characters in length. Non-Configurable Data Slot/Port - Identifies the port Physical Address - Displays the physical address of the specified interface.
  • Page 649 Selection Criteria Slot/Port - This field indicates the interface to which the cable to be tested is connected. Non-Configurable Data Interface - Displays the interface tested in the Slot/Port notation. This field is displayed after the "Test Cable" button has been clicked and results are available. This field is not visible when the page is initially displayed.
  • Page 650 11.2.6.5 Configuring Multiple Port Mirroring Function Page Selection Criteria Session Select a port mirroring session from the list. The number of sessions allowed is platform specific. By default the First Session is selected. Up to 1 sessions are supported. Mode pecifies the Session Mode for a selected session ID.
  • Page 651 11.2.6.6 Configuring Double VLAN Tunneling Function Page Selection Criteria Slot/Port - Select the physical interface for which you want to display or configure data. Configurable Data Interface Mode - This specifies the administrative mode via which Double VLAN Tagging can be enabled or disabled.
  • Page 652 11.2.6.7 Configuring Double VLAN Tnuueling Summary Function Page Non-Configurable Data Slot/Port - The physical interface for which data is being displayed. Interface Mode - This specifies the administrative mode via which Double VLAN Tagging can be enabled or disabled. The default value for this is Disabled. Interface EtherType - The two-byte hex EtherType to be used as the first 16 bits of the DVlan tag.
  • Page 653 11.2.7 Defining sFlow 11.2.7.1 Configuring sFlow Agent Summary Configuration Page Configurable Data Version - Uniquely identifies the version and implementation of this MIB. The version string must have the following structure: MIB Version;Organization;Software Revision where:  MIB Version: '1.3', the version of this MIB. ...
  • Page 654 11.2.7.2 Configuring sFlow Receiver Configuration Page Selection Criteria Receiver Index - Selects the receiver for which data is to be displayed or configured. Allowed range is (1 to 8 ) Configurable Data Receiver Owner - The entity making use of this sFlowRcvrTable entry. The empty string indicates that the entry is currently unclaimed and the receiver configuration is reset to default values.
  • Page 655 sFlow Receiver Address - The IP address of the sFlow collector. sFlow Receiver Port - The destination port for sFlow datagrams. sFlow Receiver Datagram Version - The version of sFlow datagrams that should be sent. Command Buttons Submit - Send the updated data to the switch and cause the changes to take effect on the switch. Refresh - Refresh the data on the screen with present state of data in the switch.
  • Page 656 11.2.7.4 Configuring sFlow Sampler Configuration Page sFlow agent collects statistical packet-based sampling of switched flows and sends them to the configured receivers. A data source configured to collect flow samples is called a sampler. Selection Criteria sFlow Sampler Datasource(Slot/Port) - sFlowDataSource for this flow sampler. This Agent will support Physical ports only.
  • Page 657 11.2.7.5 Viewing sFlow Port Summary Page Selection Criteria Slot/Port - Selects the interface for which data is to be displayed or configured. Non-Configurable Data Slot/Port - The interface for which data is being displayed. ifIndex - This object indicates the ifIndex of the interface table entry associated with this port on an adapter.
  • Page 658 Unicast Packets Transmitted Rate - The total number of packets rates that higher-level protocols requested be transmitted to a subnetwork-unicast address, including those that were discarded or not sent. Multicast Packets Transmitted Rate - The total number of packets rates that higher-level protocols requested be transmitted to a Multicast address, including those that were discarded or not sent.
  • Page 659 Selection Criteria Community - You can use this screen to reconfigure an existing community, or to create a new one. Use this pulldown menu to select one of the existing community names, or select 'Create' to add a new one. Access Mode - Specify the access level for this community by selecting Read/Write or Read Only from the pull down menu.
  • Page 660 Selection Criteria Community - You can use this screen to reconfigure an existing community, or to create a new one. Use this pulldown menu to select one of the existing community names, or select 'Create' to add a new one. SNMP Version - Select the trap version to be used by the receiver from the pull down menu: SNMP v1 - Uses SNMP v1 to send traps to the receiver.
  • Page 661 Non-configurable Data Name - The RFC number if applicable and the name of the MIB. Description - The RFC title or MIB description. Command Buttons Refresh - Update the data. - 661 -...
  • Page 662 11.2.9 Viewing Statistics 11.2.9.1 Viewing the whole Switch Detailed Statistics Page Non-Configurable Data ifIndex - This object indicates the ifIndex of the interface table entry associated with the Processor of this switch. Octets Received - The total number of octets of data received by the processor (excluding framing bits but including FCS octets).
  • Page 663 Broadcast Packets Transmitted - The total number of packets that higher-level protocols requested be transmitted to the Broadcast address, including those that were discarded or not sent. Transmit Packets Discarded - The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher-layer protocol.
  • Page 664 Broadcast Packets Received - The total number of packets received that were directed to the broadcast address. Note that this does not include multicast packets. Packets Received with Errors - The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. Packets Transmitted Without Errors - The total number of packets transmitted out of the interface.
  • Page 665 Selection Criteria Slot/Port - Selects the interface for which data is to be displayed or configured. Non-Configurable Data ifIndex - This object indicates the ifIndex of the interface table entry associated with this port on an adapter. Packets RX and TX 64 Octets - The total number of packets (including bad packets) received or transmitted that were 64 octets in length (excluding framing bits but including FCS octets).
  • Page 666 Packets Received 512-1023 Octets - The total number of packets (including bad packets) received that were between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets). Packets Received 1024-1518 Octets - The total number of packets (including bad packets) received that were between 1024 and 1518 octets in length inclusive (excluding framing bits but including FCS octets).
  • Page 667 Packets Transmitted 256-511 Octets - The total number of packets (including bad packets) received that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets). Packets Transmitted 512-1023 Octets - The total number of packets (including bad packets) received that were between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets).
  • Page 668 RSTP BPDUs Received - Number of RSTP BPDUs received at the selected port. RSTP BPDUs Transmitted - Number of RSTP BPDUs transmitted from the selected port. MSTP BPDUs Received - Number of MSTP BPDUs received at the selected port. MSTP BPDUs Transmitted - Number of MSTP BPDUs transmitted from the selected port. Time Since Counters Last Cleared - The elapsed time, in days, hours, minutes, and seconds since the statistics for this port were last cleared.
  • Page 669 11.2.9.4 Viewing Each Port Summary Statistics Page Selection Criteria Slot/Port - Selects the interface for which data is to be displayed or configured. Non-Configurable Data ifIndex - This object indicates the ifIndex of the interface table entry associated with this port on an adapter.
  • Page 670 Time Since Counters Last Cleared - The elapsed time, in days, hours, minutes, and seconds since the statistics for this port were last cleared. Command Buttons Clear Counters - Clears all the counters, resetting all statistics for this port to default values. Clear All Counters - Clears all the counters for all ports, resetting all statistics for all ports to default values.
  • Page 671 11.2.10.3 Restoring All Configuration to Default Values Page Command Buttons Reset - Clicking the Reset button will reset all of the system login passwords to their default values. If you want the switch to retain the new values across a power cycle, you must perform a save. 11.2.10.4 Resetting the Passwords to Default Values Page Command Buttons Reset - Select this button to have all passwords reset to their factory default values.
  • Page 672 Selection Criteria File Type - Specify what type of file you want to download: Script - specify configuration script when you want to update the switch's script file. CLI Banner - Specify the banner that you want to display before user login to the switch. Code –...
  • Page 673 FTP/TFTP File Name (Target) - Enter the name on the switch of the file you want to save. You may enter up to 30 characters. The factory default is blank. Start File Transfer - To initiate the download you need to check this box and then select the submit button.
  • Page 674 Start File Transfer - To initiate the upload you need to check this box and then select the submit button. Non-Configurable Data The last row of the table is used to display information about the progress of the file transfer. The screen will refresh automatically until the file transfer completes.
  • Page 675 Configurable Data Configuration File - Configuration files. Runtime File - Run-time operation codes. Script File - Configuration script files. Command Buttons Remove File - Send the updated screen to the switch and perform the file remove. 11.2.10.9 Copying Running Configuration to Flash Page Use this menu to copy a start-up configuration file from the running configuration file on switch.
  • Page 676 11.2.10.10 Defining Ping Function Page Use this screen to tell the switch to send a Ping request to a specified IP address. You can use this to check whether the switch can communicate with a particular IP station. Once you click the Submit button, the switch will send three pings and the results will be displayed below the configurable data.
  • Page 677 Selection Criteria Ping - Select either global IPv6 Address or Link Local Address to ping. Interface - Select a IPv6 interface. Configurable Data IPv6 Address - Enter the IPv6 address of the station you want the switch to ping. The initial value is blank.
  • Page 678 Selection Criteria IPv4 Address - Select the way "IPv4 Address" to trace. Host Name - Select the way "host name" to trace. Host Name V6 - Select the way "Host Name V6" to trace. IPv6 Address - Select the way "IPv6 Address" to trace. Configurable Data IP Address - Enter the IP address of the station you want the switch to discover path.
  • Page 679 11.2.11 Managing CDP Function 11.2.11.1 Defining CDP Configuration Page Use this menu to configure the parameters for CDP, which is used to discover a CISCO device on the LAN. Selection Criteria Admin Mode - CDP administration mode which are Enable and Disable. Slot/Port - Specifies the list of ports.
  • Page 680 11.2.11.2 Viewing Neighbors Information Page Non-Configurable Data Device ID - Identifies the device name in the form of a character string. Intf - The CDP neighbor information receiving port. Time - The length of time a receiving device should hold CDP information before discarding it. Capability - Describes the device's functional capability in the form of a device type, for example, a switch.
  • Page 681 Non-Configurable Data Incoming Packet Number - Received legal CDP packets number from neighbors. Outgoing Packet Number - Transmitted CDP packets number from this device. Error Packet Number - Received illegal CDP packets number from neighbors. Command Buttons Clear Counters - Clear all the counters, resetting all switch summary and detailed statistics to default values.
  • Page 682 ACL Traps - Enable or disable activation of ACL traps by selecting the corresponding line on the pulldown entry field. The factory default is disabled. DVMRP Traps - Enabled or disable activation of DVMRP traps by selecting the corresponding line on the pulldown entry field.
  • Page 683 System Up Time - The time at which this trap occurred, expressed in days, hours, minutes and seconds since the last reboot of the switch. Trap - Information identifying the trap. Command Buttons Clear Log - Clear all entries in the log. Subsequent displays of the log will only show new log entries. 11.2.13 Configuring SNTP 11.2.13.1 Configuring SNTP Global Configuration Page Selection Criteria...
  • Page 684 Broadcast Poll Interval - Specifies the number of seconds between broadcast poll requests expressed as a power of two when configured in broadcast mode. Broadcasts received prior to the expiry of this interval are discarded. Allowed range is (6 to 10). Default value is 6. Multicast Poll Interval - Specifies the number of seconds between multicast poll requests expressed as a power of two when configured in multicast mode.
  • Page 685 Last Attempt Status - Specifies the status of the last SNTP request or unsolicited message for both unicast and broadcast modes. If no message has been received from a server, a status of Other is displayed. These values are appropriate for all operational modes. ...
  • Page 686 11.2.13.3 Configuring SNTP Server Page Selection Criteria Server - Specifies all the existing Server Addresses along with an additional option "Create". When the user selects "Create" another text box "Address" appears where the user may enter Address for Server to be configured. Address Type - Specifies the address type of the configured SNTP Server address.
  • Page 687 11.2.13.4 Viewing SNTP Server Status Page Non-Configurable Data Address - Specifies all the existing Server Addresses. If no Server configuration exists, a message saying "No SNTP server exists" flashes on the screen. Last Update Time - Specifies the local date and time (UTC) that the response from this server was used to update the system clock.
  • Page 688 11.2.13.5 Configuring Current Time Settings Page Configurable Data Year - Year (4-digit). (Range: 2000 - 2099). Month - Month. (Range: 1 - 12). Day - Day of month. (Range: 1 - 31). Hour - Hour in 24-hour format. (Range: 0 - 23). Minute - Minute.
  • Page 689 Selection Criteria Direction  before-utc - Sets the local time zone before (east) of UTC  after-utc - Sets the local time zone after (west) of UTC Configurable Data Time Zone Name - The name of time zone, usually an acronym. (Range: 1-15 characters). Time Zone Hours - The number of hours before/after UTC.
  • Page 690 Command Buttons Reset - Send the updated screen to the switch to restart the DHCP client. 11.2.14.1.1 Configurating DHCPv6 Restart Page This command issues a DHCP6 client request for any IP interface that has been set to DHCP mode via the ip address command.
  • Page 691 Non-Configurable Data Current DHCP Identifier (Hex/Text) - Shows the current setting of DHCP identifier. Configurable Data Text String - A text string. Hex Value - The hexadecimal value. Command Buttons Submit - Send the updated screen to the switch perform the setting DHCP client identifier. 11.2.15 Defining DNS Relay Function 11.2.15.1 Configuring DNS Relay Configuration Page The DNS protocol controls the Domain Name System (DNS), a distributed database with which you can...
  • Page 692 11.2.15.2 Configuring Domain Name Configuration Page You can use this screen to change the configuration parameters for the domain names that can be appended to incomplete host names (i.e., host names passed from a client that are not formatted with dotted notation).
  • Page 693 Selection Criteria Protocol - Select IPv4 or IPv6 to configure the corresponding attributes. Name Server - Specifies all the existing domain name servers along with an additional option "Create". When the user selects "Create" another text box "IP Address" appears where the user may enter domain name server to be configured.
  • Page 694 Non-Configurable Data Domain Name List - The domain name associated with this record. IP address - The IP address associated with this record. TTL - The time to live reported by the name server. Flag - The flag of the record. Command Buttons Refresh - Refresh the page with the latest DNS cache entries.

  • Page 695: Switching Menu

    11.3 Switching Menu 11.3.1 Managing DHCP Snooping 11.3.1.1 Configuring DHCP Snooping Configuration Page Configurable Data DHCP Snooping Mode - Enables or disables the DHCP Snooping feature. The factory default is disabled. MAC Address Validation - Enables or disables the validation of sender MAC Address for DHCP Snooping.
  • Page 696 Selection Criteria VLAN ID - Select the VLAN for which information to be displayed or configured for DHCP Snooping Application. Configurable Data DHCP Snooping Mode - Enables or disables the DHCP Snooping feature on selected VLAN. The factory default is disabled. Command Buttons Submit - Applies the new configuration and causes the changes to take effect.
  • Page 697 11.3.1.4 Configuring DHCP Snooping Static Binding Configuration Page Configurable Data Slot/Port - Selects the interface to add a binding into the DHCP snooping database. MAC Address - Specify the MAC address for the binding to be added. This is the Key to the binding database.
  • Page 698 Dynamic Binding List - Lists all the DHCP snooping dynamic binding entries page by page. Ex: Page 1 displays first available up to 15 dynamic entries. Page 2 displays Next available up to 15 dynamic entries.  Slot/Port - Interface ...
  • Page 699 Time Out - Configure DHCP snooping bindings store timeout. The range of Time Out is (15 to 86400) . 0 is defined as an infinite duration. Write Delay - Configures the maximum write time to write the database into local or remote. The range of Write Delay is (15 to 86400).
  • Page 700 11.3.2 Managing IP Source Guard (IPSG) 11.3.2.1 Configuring IPSG Configuration Page Configurable Data IPSG - Enables or disables validation of Sender IP Address on this interface. If IPSG is Enabled Packets will not be forwarded if Sender IP Address is not in DHCP Snooping Binding database. The factory default is disabled.
  • Page 701 11.3.2.2 Configuring IPSG Static Binding Configuration Page Configurable Data Slot/Port - Selects the interface to add a binding into the IPSG database. MAC Address - Specify the MAC address for the binding. VLAN ID - Selects the VLAN from the list for the binding rule. IP Address - Specify valid IP Address for the binding rule.
  • Page 702  IP Address -IP address  Filter Type - This tells you the IPSG filtering Type.  Page - Lists the Number of Pages the IPSG dynamic binding entries occupied. Select the Page Number from this list to display the particular Page entries. Command Buttons Add - Adds DHCP snooping binding entry into the database.
  • Page 703 11.3.3.2 Configuring DAI VLAN Configuration Page Selection Criteria VLAN List - Select the DAI Capable VLANs for which information has to be displayed or configured. Configurable Data Dynamic ARP Inspection - Indicates whether the Dynamic ARP Inspection is enabled on this VLAN.
  • Page 704 11.3.3.3 Configuring DAI Interface Configuration Page Selection Criteria Slot/Port - Select the physical interface for which data is to be displayed or configured. Configurable Data Trusted State - Indicates whether the interface is trusted for Dynamic ARP Inspection purpose. If this object is set to 'Enable', the interface is trusted.
  • Page 705 11.3.3.4 Configuring DAI ARP ACL Configuration Page Configurable Data ARP ACL Name - This is used to create New ARP ACL for DAI. Remove - This is used to select the particular ACLs which you want to delete. Non-Configurable Data ARP ACL Name - This will list all the configured ARP ACL List.
  • Page 706 Selection Criteria ARP ACL Name - Select the ARP ACL for which information want to be displayed or configured. Configurable Data Sender IP Address - This is used to create new Rule for the Selected ARP ACL. This indicates Sender IP address match value for the ARP ACL. Sender MAC Address - This is used to create new Rule for the Selected ARP ACL.
  • Page 707 DHCP Permits - Number of ARP packets that were forwarded by DAI as there is a matching DHCP Snooping binding entry found. ACL Permits - Number of ARP packets that were permitted by DAI as there is a matching ARP ACL rule found for this VLAN.
  • Page 708  01:80:C2:00:00:00 to 01:80:C2:00:00:0F  01:80:C2:00:00:20 to 01:80:C2:00:00:21  FF:FF:FF:FF:FF:FF Source Port Members - List the ports you want included in the inbound filter. If a packet with the MAC address and VLAN ID you selected is received on a port that is not in the list, it will be dropped. Command Buttons Submit - Update the switch with the values on the screen.
  • Page 709 Selection Criteria VLAN ID and Name - You can use this screen to reconfigure an existing VLAN, or to create a new one. Use this pull down menu to select one of the existing VLANs, or select 'Create' to add a new one.
  • Page 710 this screen, its type will always be 'Static'. A VLAN that is created by GVRP registration initially has a type of 'Dynamic'. You may use this pull down menu to change its type to 'Static'. Non-Configurable Data Slot/Port - Indicates which port is associated with the fields on this line. Status - Indicates the current value of the participation parameter for the port.
  • Page 711 11.3.5.3 Configuring VLAN Port Configuration Page Selection Criteria Slot/Port - Select the physical interface for which you want to display or configure data. Select 'All' to set the parameters for all ports to same values. Acceptable Frame Types - Specify how you want the port to handle untagged and priority tagged frames.
  • Page 712 11.3.5.4 Viewing VLAN Port Summary Page Non-Configurable Data Slot/Port - The interface. Port VLAN ID - The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port. Acceptable Frame Types - Specifies the types of frames that may be received on this port. The options are 'VLAN only' and 'Admit All'.
  • Page 713 11.3.5.5 Resetting VLAN Configuration Page Command Buttons Reset - If you select this button and confirm your selection on the next screen, all VLAN configuration parameters will be reset to their factory default values. Also, all VLANs, except for the default VLAN, will be deleted.
  • Page 714 Selection Criteria Group ID - The protected ports can be combined into a logical group. Traffic can flow between protected ports belonging to different groups, but not within the same group. The selection box lists all the possible protected port Group IDs supported for the current platform. The valid range of the Group ID is (0 to 2) .
  • Page 715 Non-Configurable Data Group ID - The protected ports can be combined into a logical group. Traffic can flow between protected ports belonging to different groups, but not within the same group. The valid range of the Group ID is (0 to 2) . Group Name - Displays the alphanumeric string associated with a Group ID.
  • Page 716 Selection Criteria Group ID - You can use this screen to reconfigure or delete an existing protocol-based VLAN, or create a new one. Use this pull down menu to select one of the existing PBVLANs, or select 'Create' to add a new one. A Group ID number will be assigned automatically when you create a new group. You can create up to 128 groups.
  • Page 717 Group ID - The number used to identify the group. It was automatically assigned when you created the group. Protocol(s) - The protocol(s) that belongs to the group. There are three configurable protocols: IP, IPX, and ARP. IP - IP is a network layer protocol that provides a connectionless service for the delivery of data. ARP - Address Resolution Protocol (ARP) is a low-level protocol that dynamically maps network layer addresses to physical medium access control (MAC) addresses.
  • Page 718 Command Buttons Submit - Update the switch with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save. Delete - Delete an entry of IP Subnet to VLAN mapping. 11.3.8.2 Viewing IP Subnet-based VLAN Information Page Non-Configurable Data IP Address - The IP Address of the subnet that is being bound to a VLAN ID.
  • Page 719 user is allowed to configure a MAC address mapping to a VLAN that has not been created on the system. Configurable Data MAC Address - Valid MAC Address which is to be bound to a VLAN ID. This field is configurable only when a MAC-based VLAN is created.
  • Page 720 11.3.10 Managing MAC-based Voice VLAN 11.3.10.1 Voice VLAN Administration Page Configurable Data VLAN ID - Sets the VLAN as a Voice VLAN. Admin Mode - Enables or disables the Voice VLAN function. Command Buttons Submit - Applies the new configuration and causes the changes to take effect. These changes will not be retained across a power cycle unless a save configuration is performed.
  • Page 721 01:80:C2:00:00:20 to 01:80:C2:00:00:21 01:00:5E:00:00:00 to 01:00:5E:FF:FF:FF 33:33:00:00:00:00 to 33:33:FF:FF:FF:FF FF:FF:FF:FF:FF:FF Configurable Data MAC Address - Specify the MAC Address for the new Voice VLAN. (You can only enter data in this field when you are creating a new Voice VLAN.). MAC Address Mask - Use this optional field to specify a mask for the Voice VLAN.
  • Page 722 11.3.11 Managing Voice VLAN 11.3.11.1 Voice VLAN Configuration Page Use this menu to configure the parameters for Voice VLAN Configuration. Note that only a user with Read/Write access privileges may change the data on this screen. Selection Criteria Voice VLAN Admin Mode - Select the administrative mode for Voice VLAN for the switch from the pulldown menu.
  • Page 723 11.3.12 Defining GARP 11.3.12.1 Viewing GARP Information Page This screen shows the GARP Status for the switch and for the individual ports. Note that the timers are only relevant when the status for a port shows as enabled. Non-Configurable Data Switch GVRP - Indicates whether the GARP VLAN Registration Protocol administrative mode for this switch is enabled or disabled.
  • Page 724 will need to rejoin in order to maintain registration. An instance of this timer exists for each GARP participant for each port. The Leave All Period Timer is set to a random value in the range of LeaveAllTime to 1.5*LeaveAllTime. Permissible values are 200 to 6000 centiseconds (2 to 60 seconds).
  • Page 725 11.3.12.3 Configuring each Port GARP Configuration Page It can take up to 10 seconds for GARP configuration changes to take effect. Selection Criteria Slot/Port - Select the physical interface for which data is to be displayed or configured. It is possible to set the parameters for all ports by selecting 'All'.
  • Page 726 Command Buttons Submit - Update the switch with the values you entered. If you want the switch to retain the new values across a power cycle you must perform a save. 11.3.13 Managing IGMP Snooping 11.3.13.1 Configuring IGMP Snooping Global Configuration Page Use this menu to configure the parameters for IGMP Snooping, which is used to build forwarding lists for multicast traffic.
  • Page 727 Command Buttons Submit - Update the switch with the values you entered. If you want the switch to retain the new values across a power cycle you must perform a save. You will only see this button if you have Read/Write access privileges.
  • Page 728 11.3.13.3 Configuring IGMP Snooping VLAN Page Selection Criteria VLAN ID - Specifies list of VLAN IDs for which IGMP Snooping is enabled. Fast Leave Admin Mode - Enable or disable the Igmp Snooping Fast Leave Mode for the specified VLAN ID. Configurable Data VLAN ID - Appears when "New Entry"...
  • Page 729 11.3.13.4 Viewing IGMP Snooping VLAN Status Page Non-Configurable Data VLAN ID - All Vlan Ids for which the IGMP Snooping mode is Enabled. Admin Mode - Igmp Snooping Mode for Vlan ID. Fast Leave Admin Mode - Fast Leave Mode for Vlan ID. Group Membership Interval - Group Membership Interval of IGMP Snooping for the specified VLAN ID.
  • Page 730 11.3.13.6 Viewing Multicast Router Statistics Page Selection Criteria Slot/Port - The single select box lists all physical and LAG interfaces. Select the interface for which you want to display the statistics. Non-Configurable Data Multicast Router - Specifies for the selected interface whether multicast router is enable or disabled.
  • Page 731 Selection Criteria Slot/Port - The select box lists all Slot/Ports.Select the interface for which you want Multicast Router to be enabled. Multicast Router - For the Vlan ID, multicast router may be enabled or disabled using this. Configurable Data VLAN ID - VLAN ID for which the Multicast Router Mode is to be Enabled or Disabled. Command Buttons Submit - Update the switch with the values you entered.
  • Page 732 Selection Criteria MAC Filter - This is the list of MAC address and VLAN ID pairings for all configured L2Mcast Groups. To change the port mask(s) for an existing L2Mcast Group, select the entry you want to change. To add a new L2Mcast Group, select "Create Filter" from the top of the list. VLAN ID - The VLAN ID used with the MAC address to fully identify packets you want L2Mcast Group.
  • Page 733 11.3.14 Managing IGMP Snooping Querier 11.3.14.1 Configuring IGMP Snooping Querier Configuration Page Use this menu to configure the parameters for IGMP Snooping Querier, Note that only a user with Read/Write access privileges may change the data on this screen. Selection Criteria Snooping Querier Admin Mode - Select the administrative mode for IGMP Snooping for the switch from the pulldown menu.
  • Page 734 11.3.14.2 Configuring IGMP Snooping Querier VLAN Configuration Page Selection Criteria VLAN ID - Selects the VLAN ID on which IGMP Snooping Querier is enabled. Querier Election Participate Mode - Enable or disable the Igmp Snooping Querier participate in election mode. When this mode is disabled, up on seeing other querier of same version in the vlan, the snooping querier move to non querier state.
  • Page 735 Configurable Data VLAN ID Search- Enter VLAN ID, then click on the search button. If the record exists, that entry will be displayed. An exact match is required. Non-Configurable Data Admin Mode - Display the administrative mode for IGMP Snooping for the switch. VLAN ID Search- Enter VLAN ID, then click on the search button.
  • Page 736 Last Querier Version - Displays the IGMP protocol version of the last querier from which a query was snooped on the VLAN. Operational Max Response Time - Displays maximum response time to be used in the queries that are sent by the Snooping Querier. Command Buttons Refresh - Reload the information on the page.
  • Page 737 Selection Criteria Admin Mode - Select the administrative mode for MLD Snooping for the switch from the pulldown menu. The default is disable. Non-Configurable Data Multicast Control Frame Count - The number of multicast control frames that are processed by the CPU.
  • Page 738 Multicast Router Present Expiration Time - Specify the amount of time you want the switch to wait to receive a query on an interface before removing it from the list of interfaces with multicast routers attached. Enter a value between 0 and 3600 seconds. The default is 0 seconds. A value of zero indicates an infinite timeout, i.e.
  • Page 739 11.3.15.4 Configuring MLD Snooping VLAN Status Page Non-Configurable Data VLAN ID - All Vlan Ids for which the MLD Snooping mode is Enabled. Admin Mode - MLD Snooping Mode for Vlan ID. Fast Leave Admin Mode - Fast Leave Mode for Vlan ID. Group Membership Interval - Group Membership Interval of MLD Snooping for the specified VLAN ID.
  • Page 740 11.3.15.6 Configuring Multicast Router Status Page Selection Criteria Slot/Port - The single select box lists all physical and LAG interfaces. Select the interface for which you want to display the status. Non-Configurable Data Multicast Router - Specifies for the selected interface whether multicast router is enable or disabled.
  • Page 741 11.3.15.8 Configuring Multicast Router VLAN Status Page Selection Criteria Slot/Port - The select box lists all Slot/Ports.Select the interface for which you want to display the status. Non-Configurable Data VLAN ID - All Vlan Ids for which the Multicast Router Mode is Enabled. Multicast Router - Multicast Router Mode for Vlan ID.
  • Page 742 You cannot define L2Mcast Group for these MAC addresses: 00:00:00:00:00:00 33:33:00:00:00:01 to 33:33:00:00:00:FF FF:FF:FF:FF:FF:FF Solt/Port(s) - List the ports you want included into L2Mcast Group. Command Buttons Submit - Update the switch with the values on the screen. If you want the switch to retain the new values across a power cycle you must perform a save.
  • Page 743 11.3.16 Managing MLD Snooping Querier 11.3.16.1 Configuring MLD Snooping Querier Configuration Page Use this menu to configure the parameters for MLD Snooping Querier, Note that only a user with Read/Write access privileges may change the data on this screen. Selection Criteria Snooping Querier Admin Mode - Select the administrative mode for MLD Snooping for the switch from the pulldown menu.
  • Page 744 11.3.16.2 Configuring MLD Snooping VLAN Configuration Page Selection Criteria VLAN ID - Selects the VLAN ID on which MLD Snooping Querier is enabled. Querier Election Participate Mode - Enable or disable the Igmp Snooping Querier participate in election mode. When this mode is disabled, up on seeing other querier of same version in the vlan, the snooping querier move to non querier state.
  • Page 745 Non-Configurable Data VLAN ID - Specifies the VLAN ID on which MLD Snooping Querier is administratively enabled. Admin Mode - Display the administrative mode for MLD Snooping for the switch. Querier Election Participate Mode - Displays the querier election participate mode on the VLAN. When this mode is disabled, up on seeing a query of the same version in the vlan, the snooping querier move to non querier state.
  • Page 746 Operational Max Response Time - Displays maximum response time to be used in the queries that are sent by the Snooping Querier. 11.3.17 Managing Port-Channel 11.3.17.1 Configuring Port-Channel Configuration Page Selection Criteria Port Channel Name – You can use this screen to reconfigure an existing Port Channel, or to create a new one.
  • Page 747  Source and destination MAC address - Sets the mode on the source and destination MAC addresses.  Source IP address - Sets the mode on the source IP address.  Destination IP address - Sets the mode on the destination IP address. ...
  • Page 748 Port Channel Type - The type of this Port Channel. Admin Mode - The Administrative Mode of the Port Channel, enable or disable. Link Status - Indicates whether the Link is up or down. STP Mode - The Spanning Tree Protocol Administrative Mode associated with the Port Channel. The possible values are: Disable - spanning tree is disabled for this Port Channel.
  • Page 749 Configurable Data MAC Address - Enter the VLAN ID - MAC Address pair whose MFDB table entry you want displayed. Enter eight two-digit hexadecimal numbers separated by colons, for example 00:01:23:43:45:67:89:AB. The first two two-digit hexadecimal numbers are the VLAN ID and the remaining numbers are the MAC address.
  • Page 750 Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch. 11.3.18.3 Viewing IGMP Snooping MFDB Table Page Non-Configurable Data MAC Address - A VLAN ID - multicast MAC address pair for which the switch has forwarding and/or filtering information.
  • Page 751 Description - The text description of this multicast table entry. Possible values are Management Configured, Network Configured and Network Assisted. Slot/Port(s) - The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:). Command Buttons Clear Entries - Clicking this button tells the MLD Snooping component to delete all of its entries from the multicast forwarding database.
  • Page 752 Selection Criteria Spanning Tree Mode - Specifies whether spanning tree operation is enabled on the switch. Value is enabled or disabled Spanning Tree Forward BPDU - Specifies whether spanning tree for BPDU is enabled on the switch. Value is enabled or disabled. Force Protocol Version - Specifies the Force Protocol Version parameter for the switch.
  • Page 753 Selection Criteria BPDU Guard - Specifies whether BPDU Guard is enabled for the Common and Internal Spanning tree (CST). Value is enabled or disabled BPDU Filter - Specifies whether BPDU Filter is enabled for the Common and Internal Spanning tree (CST).
  • Page 754 11.3.19.3 Configuring Spanning Tree MST Configuration Page Selection Criteria MST ID - Create a new MST which you wish to configure or configure already existing MSTs. Configurable Data MST ID - This is only visible when the select option of the MST ID select box is selected. The ID of the MST being created.
  • Page 755 Command Buttons Submit - Applies the new configuration and causes the changes to take effect. These changes will not be retained across a power cycle unless a save configuration is performed. Delete - Deletes the selected MST instance. All VLANs associated with the instance are associated with the CST Refresh - Refreshes the screen with most recent data.
  • Page 756 Selection Criteria Slot/Port - Selects one of the physical or LAG interfaces associated with VLANs associated with the CST. Admin Edge Port - Specifies if the specified port is an Edge Port within the CIST. It takes a value of Enable or Disable, where the default value is Disable.
  • Page 757 Designated Root - Root Bridge for the CST. It is made up using the bridge priority and the base MAC address of the bridge. Designated Cost - Path Cost offered to the LAN by the Designated Port. Designated Bridge - Bridge Identifier of the bridge with the Designated Port. It is made up using the bridge priority and the base MAC address of the bridge.
  • Page 758 Selection Criteria MST ID - Selects one MST instance from existing MST instances. Slot/Port - Selects one of the physical or LAG interfaces associated with VLANs associated with the selected MST instance. Configurable Data Port Priority - The priority for a particular port within the selected MST instance. The port priority is set in multiples of 16.
  • Page 759 11.3.19.6 Viewing Spanning Tree Statistics Page Selection Criteria Slot/Port - Selects one of the physical or LAG interfaces of the switch. Non-Configurable Data STP BPDUs Received - Number of STP BPDUs received at the selected port. STP BPDUs Transmitted - Number of STP BPDUs transmitted from the selected port. RSTP BPDUs Received - Number of RSTP BPDUs received at the selected port.
  • Page 760 Selection Criteria Slot/Port - Select the physical interface for which you want to display or configure data. Select 'All' to set the parameters for all ports to the same values. Configurable Data Traffic Class - Specify which internal traffic class to map the corresponding 802.1p priority. Non-Configurable Data 802.1p Priority - Displays the 802.1p priority to be mapped.
  • Page 761 11.3.21.2 Configuring Port Security Interface Page Selection Criteria Slot/Port - Selects the interface to be configured. Port Security - Enables or disables the Port Security feature for the selected interface. Enable violation traps- Enables or disables the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port.
  • Page 762 11.3.21.3 Deleting Port Security Statically Configured MAC Address Page Selection Criteria Slot/Port - Select the physical interface for which you want to display data. Configurable data Delete a Static MAC Address - Accepts user input for the MAC address to be deleted. VLAN ID - Accepts user input for the VLAN ID corresponding to the MAC address being deleted.
  • Page 763 11.3.21.5 Viewing Port Security Violation Status Page Selection Criteria Slot/Port - Select the physical interface for which you want to display data. Non-configurable data Last Violation MAC Address - Displays the source MAC address of the last packet that was discarded at a locked port.
  • Page 764 11.3.22 Managing LLDP 11.3.22.1 Configuring LLDP Global Configuration Page Configurable Data Transmit Interval - Specifies the interval in seconds to transmit LLDP frames. The range is from (1 to 32768) . Default value is 30 seconds. Transmit Delay - Specifies the transmit delay in seconds. The range is from (1 to 8192) . Default value is 2 seconds.
  • Page 765 11.3.22.2 Configuring LLDP Interface Configuration Page Selection Criteria Interface - Specifies the list of ports on which LLDP - 802.1AB can be configured. Transmit - Specifies the LLDP - 802.1AB transmit mode for the selected interface. Receive - Specifies the LLDP - 802.1AB receive mode for the selected interface. Notify - Specifies the LLDP - 802.1AB notification mode for the selected interface.
  • Page 766 11.3.22.3 Viewing LLDP Interface Summary Page Non-Configurable Data Interface - Specifies all the ports on which LLDP - 802.1AB can be configured. Link Status - Specifies the Link Status of the ports whether it is Up/Down. Transmit - Specifies the LLDP - 802.1AB transmit mode of the interface. Receive - Specifies the LLDP - 802.1AB receive mode of the interface.
  • Page 767 11.3.22.4 Viewing LLDP Statistics Page Non-Configurable Data Last Update - Specifies the time when an entry was created, modified or deleted in the tables associated with the remote system. Total Inserts - Specifies the number of times the complete set of information advertised by a particular MAC Service Access Point (MSAP) has been inserted into tables associated with the remote systems.
  • Page 768 TLV MED - Specifies the total number of LLDP-MED TLVs received on the local ports. TLV 802.1 - Specifies the total number of LLDP TLVs received on the local ports which are of type 802.1. TLV 802.3 - Specifies the total number of LLDP TLVs received on the local ports which are of type 802.3.
  • Page 769 Port Description - Specifies the description of the selected port associated with the local system. System Capabilities Supported - Specifies the system capabilities of the local system. System Capabilities Enabled - Specifies the system capabilities of the local system which are supported and enabled.
  • Page 770 Command Buttons Refresh - Updates the information on the page. 11.3.22.7 Viewing LLDP Remote Device Information Page Selection Criteria Local Interface - Specifies all the local ports which can receive LLDP frames. Non-Configurable Data Remote ID - Specifies the remote client identifier assigned to the remote system. Chassis ID Subtype - Specifies the source of the chassis identifier.
  • Page 771 Port Description - Specifies the description of the given port associated with the remote system. System Capabilities Supported - Specifies the system capabilities of the remote system. System Capabilities Enabled - Specifies the system capabilities of the remote system which are supported and enabled.
  • Page 772 Non-Configurable Data Local Interface - Specifies the local port which can receive LLDP frames advertised by a remote system. Chassis ID - Specifies the chassis component associated with the remote system. Port ID - Specifies the port component associated with the remote system. System Name - Specifies the system name of the remote system.
  • Page 773 11.3.23.2 Configuring LLDP-MED Interface Configuration Page Selection Criteria Interface - Specifies the list of ports on which LLDP-MED - 802.1AB can be configured. 'All' option is provided to configure all interfaces on the DUT and to be consistent with CLI. To view the summary of all interfaces refer to 'Interface Summary' webpage.
  • Page 774 11.3.23.3 Configuring LLDP-MED Interface Summary Page Non-Configurable Data Interface - Specifies all the ports on which LLDP-MED can be configured. Link Status - Specifies the link status of the ports whether it is Up/Down. MED Status - Specifies the LLDP-MED mode is enabled or disabled on this interface. Operational Status - Specifies the LLDP-MED TLVs are transmitted or not on this interface.
  • Page 775 Selection Criteria Interface - Specifies the list of all the ports on which LLDP-MED frames can be transmitted. Non-Configurable Data Network Policy Information - Specifies if network policy TLV is present in the LLDP frames. Media Application Type - Specifies the application type. Types of application types are unknown, voicesignaling, guestvoice, guestvoicesignalling, softphonevoice, videoconferencing, streammingvideo, vidoesignalling.
  • Page 776 11.3.23.5 Configuring LLDP-MED Remote Device Information Page Selection Criteria Local Interface - Specifies the list of all the ports on which LLDP-MED is enabled. Non-Configurable Data Capability Information - Specifies the supported and enabled capabilities that was received in MED TLV on this port.
  • Page 777 Media Application Type - Specifies the application type. Types of application types are unknown, voicesignaling, guestvoice, guestvoicesignalling, softphonevoice, videoconferencing, streammingvideo, vidoesignalling. Each application type that is received has the VLAN id, priority, DSCP, tagged bit status and unknown bit status. A port may receive one or many such application types.
  • Page 778 11.3.24 Managing VTP 11.3.24.1 Configuring VTP Configuration Page Selection Criteria Admin Mode - Enable or disable the VTP feature. Device Mode - Use the pulldown menu to select the VTP device mode(client, server and transparent). The default operational mode of VTP device is "server". Pruning Mode - Enable or disable the VTP pruning mode.
  • Page 779 11.3.24.2 Viewing VTP Status Page Non-configurable data VTP Status - Displays the VTP Status. VTP Version - Displays the VTP version operating on the switch. Configuration Revision - Displays the current configuration revision number on this switch. Maximum VTP supported VLANs - Maximum number of VLANs supported locally. Support VLAN number - Number of existing VLANs.
  • Page 780 11.3.25 Managing Link State 11.3.25.1 Configuring Link State Configuration Page Selection Criteria Admin Mode - Choose the link state administrative mode for the switch by selecting enable or disable from the pull-down menu. The factory default is disabled. Group ID – You can use this screen to reconfigure an existing group or to create a new one. Use this pull-down menu to select one of the existing groups or select 'Create' to add a new one.
  • Page 781 Selection Criteria Admin Mode - The administrative mode of the link state function. Group ID - The group identify of the link state. The range of the group ID is 1 ~ 6. Mode - The administrative mode of the group. Upstream port - The monitored uplink port, and the link state of this uplink port.
  • Page 782 Group Mode - Choose the group administrative mode for the switch by selecting enable or disable from the pull-down menu. The factory default is disabled. You could enable this group as active port and backup port are configured. Active port - Configure the active port for a group. 6 port pair for six 1Gbps are configurable for active port.
  • Page 783 11.3.27 Managing FIP-Snooping 11.3.27.1 Configuring FIP-Snooping Configuration Selection Criteria Admin Mode - Enable/Disable FIP Snooping function.  Enable - Enable FIP Snooping and start the FIP Snooping process.  Disable - Disable ETS and stop the ETS process. The system's default FIP Snooping admin mode is disabled. Vlan ID - Configure Vlans the FIP packets will be snooped.

  • Page 784: Routing Menu

     FC ID - ID number of the virtual port that was created by the FCF when the ENode logged into the network. FIP Snooping FCFs  Interface - Name of the interface to which the FCoE Forwarder (FCF) is connected. ...
  • Page 785 Command Buttons Submit - Update the switch with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save. Delete - Allows the user to remove specified static entry from the ARP Table. Delete All - Allows the user to remove all static entries from the ARP Table.
  • Page 786 Dynamic Renew - This controls whether the ARP component automatically attempts to renew ARP Entries of type Dynamic when they age out. The default setting is Enable. Remove from Table - Allows the user to remove certain entries from the ARP Table. The choices listed specify the type of ARP Entry to be deleted: ...
  • Page 787 11.4.2 Managing IP Interfaces 11.4.2.1 Configuring IP Use this menu to configure routing parameters for the switch as opposed to an interface. Selection Criteria Routing Mode - Select enable or disable from the pulldown menu. You must enable routing for the switch before you can route through any of the interfaces.
  • Page 788 Non-Configurable Data IpInReceives - The total number of input datagrams received from interfaces, including those received in error. IpInHdrErrors - The number of input datagrams discarded due to errors in their IP headers, including bad checksums, version number mismatch, other format errors, time-to-live exceeded, errors discovered in processing their IP options, etc.
  • Page 789 IpForwDatagrams - The number of input datagrams for which this entity was not their final IP destination, as a result of which an attempt was made to find a route to forward them to that final destination. In entities which do not act as IP Gateways, this counter will include only those packets which were Source-Routed via this entity, and the Source-Route option processing was successful.
  • Page 790 IcmpInRedirects - The number of ICMP Redirect messages received. IcmpInEchos - The number of ICMP Echo (request) messages received. IcmpInEchoReps - The number of ICMP Echo Reply messages received. IcmpInTimestamps - The number of ICMP Timestamp (request) messages received. IcmpInTimestampReps - The number of ICMP Timestamp Reply messages received. IcmpInAddrMasks - The number of ICMP Address Mask Request messages received.
  • Page 791 11.4.2.3 Configuring IP Interfaces Selection Criteria Slot/Port - Select the interface for which data is to be displayed or configured. Routing Mode - Setting this enables or disables routing for an interface. The default value is enable. Administrative Mode - The Administrative Mode of the interface. The default value is enable. Forward Net Directed Broadcasts - Select how network directed broadcast packets should be handled.
  • Page 792 Non-Configurable Data Active State - The state of the specified interface is either Active or Inactive. An interface is considered active if it the link is up and it is in forwarding state. MAC Address - The burned-in physical address of the specified interface. The format is six two-digit hexadecimal numbers separated by colons, for example 00:06:29:32:81:40.
  • Page 793 Configurable Data Router ID - The 32 bit integer in dotted decimal format that uniquely identifies the router within the autonomous system (AS). If you want to change the Router ID you must first disable OSPF. After you set the new Router ID, you must re-enable OSPF to have the change take effect. The default value is 0.0.0.0, although this is not a valid Router ID.
  • Page 794 ABR Status - The values of this are enabled or disabled. Enabled implies that the router is an area border router. Disabled implies that it is not an area border router. External LSA Count - The number of external (LS type 5) LSAs (link state advertisements) in the link state database.
  • Page 795 same destination. If you select Enable, the preference rules will be those defined by RFC 1583. If you select Disable, the preference rules will be those defined in Section 16.4.1 of RFC 2328. The newer preference rules prevent routing loops when AS-external-LSAs for the same destination have been originated from different areas.
  • Page 796 router LSAs, setting the cost of all non-stub interfaces to infinity. To restore OSPF to normal operation, disable and re-enable OSPF. External LSDB Overflow - When the number of non-default external LSAs exceeds the configured limit, External LSDB Limit, OSPF goes into LSDB overflow state. In this state, OSPF withdraws all of its self-originated non-default external LSAs.
  • Page 797 Metric Value - Set the metric value you want applied for the default route advertised into the area. Valid values range from 1 to 16,777,215. Import Summary LSAs - Whether the import of Summary LSAs is enabled or disabled. Command Buttons Refresh - Refresh the data on the screen to the current values from the switch.
  • Page 798 11.4.3.5 View Interface Statistics This panel displays statistics for the selected interface. The information will be displayed only if OSPF is enabled. Selection Criteria Slot/Port - Select the interface for which data is to be displayed. Non-Configurable Data - 798 -...
  • Page 799 OSPF Area ID - The OSPF area to which the selected router interface belongs. An OSPF Area ID is a 32 bit integer in dotted decimal format that uniquely identifies the area to which the interface connects. Area Border Router Count - The total number of area border routers reachable within this area. This is initially zero, and is calculated in each SPF Pass.
  • Page 800 Hellos Sent - The number of Hello packets sent on this interface by this router. Hellos Received - The number of Hello packets received on this interface by this router. DD Packets Sent - The number of Database Description packets sent on this interface by this router.
  • Page 801 Selection Criteria Slot/Port - Select the interface for which data is to be displayed or configured. Configurable Data OSPF Area ID - Enter the 32 bit integer in dotted decimal format that uniquely identifies the OSPF area to which the selected router interface connects. If you assign an Area ID which does not exist, the area will be created with default values.
  • Page 802 authentication you cannot use a key of more than 8 octets. If you choose 'encrypt' the key may be up to 16 octets long. The key value will only be displayed if you are logged on with Read/Write privileges, otherwise it will be displayed as asterisks. Authentication Key ID - Enter the ID to be used for authentication.
  • Page 803 The State is only displayed if the OSPF admin mode is enabled. Designated Router - The identity of the Designated Router for this network, in the view of the advertising router. The Designated Router is identified here by its router ID. The value 0.0.0.0 means that there is no Designated Router.
  • Page 804 Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch. 11.4.3.8 Configuring OSPF Neighbor This panel displays the OSPF neighbor configuration for a selected neighbor ID. When a particular neighbor ID is specified, detailed information about a neighbor is given. The information below will only be displayed if OSPF is enabled and the interface has a neighbor.
  • Page 805  Attempt - This state is only valid for neighbors attached to NBMA networks. It indicates that no recent information has been received from the neighbor, but that a more concerted effort should be made to contact the neighbor. This is done by sending the neighbor Hello packets at intervals of Hello Interval.
  • Page 806 Non-Configurable Data Router ID - The 32 bit integer in dotted decimal format that uniquely identifies the router within the autonomous system (AS). The Router ID is set on the IP Configuration page. If you want to change the Router ID you must first disable OSPF. After you set the new Router ID, you must re-enable OSPF to have the change take effect.
  • Page 807 11.4.3.10 Configuring OSPF Virtual Link Selection Criteria Create New Virtual Link - Select this option from the dropdown menu to define a new virtual link. The area portion of the virtual link identification is fixed: you will be prompted to enter the Neighbor Router ID on a new screen.
  • Page 808  Encrypt - If you select 'Encrypt' you will be prompted to enter both an authentication key and an authentication ID. Encryption uses the MD5 Message-Digest algorithm. All routers on the network must be configured with the same key and ID. Authentication Key - Enter the OSPF Authentication Key for the specified interface.
  • Page 809 11.4.3.11 Viewing OSPF Virtual Link Summary Table Non-Configurable Data Area ID - The Area ID portion of the virtual link identification for which data is to be displayed. The Area ID and Neighbor Router ID together define a virtual link. Neighbor Router ID - The neighbor portion of the virtual link identification.
  • Page 810 Configurable Data Configured Source - This select box is a dynamic selector and would be populated by only those Source Routes that have already been configured for redistribute by OSPF. However, the topmost option in the select box would be "Create", and this allows the user to configure another, among the Available Source Routes.
  • Page 811 Delete - Delete the entry of the Source Route selected as Configured Source from the list of Sources configured for OSPF Route Redistribution. 11.4.3.13 Viewing OSPF Route Redistribution Summary Information This screen displays the OSPF Route Redistribution Configurations. Non-Configurable Data Source - The Source Route to be Redistributed by OSPF.
  • Page 812 11.4.4 Managing BOOTP/DHCP Relay Agent 11.4.4.1 Configuring BOOTP/DHCP Relay Agent Configurable Data Maximum Hop Count - Enter the maximum number of hops a client request can take before being discarded. Admin Mode - Select enable or disable from the pulldown menu. When you select 'enable' BOOTP/DHCP requests will be forwarded to the IP address you entered in the 'Server IP address' field.
  • Page 813 Admin Mode - Administrative mode of the relay. When you select 'enable' BOOTP/DHCP requests will be forwarded to the IP address you entered in the 'Server IP address' field. Minimum Wait Time (secs) - The Minimum time in seconds. This value will be compared to the time stamp in the client's request packets, which should represent the time since the client was powered up.
  • Page 814 Simple - a route will not be included in updates sent to the router from which it was learned. Poisoned reverse - a route will be included in updates sent to the router from which it was learned, but the metric will be set to infinity. The default is simple.
  • Page 815 The default is RIP-2. Receive Version - Which RIP version control packets will be accepted by the interface. The value is one of the following: RIP-1 - only RIP version 1 formatted packets will be received. RIP-2 - only RIP version 2 formatted packets will be received. Both - packets will be received in either format.
  • Page 816 None - no RIP control packets will be sent. The default is RIP-2. Receive Version - Select what RIP control packets the interface will accept from the pulldown menu. The value is one of the following: RIP-1 - accept only RIP version 1 formatted packets. RIP-2 - accept only RIP version 2 formatted packets.
  • Page 817 11.4.5.4 Configuring Route Redistribution Configuration This screen can be used to configure the RIP Route Redistribution parameters. The allowable values for each field are displayed next to the field. If any invalid values are entered, an alert message will be displayed with the list of all the valid values.
  • Page 818 External 2 - Sets External Type 2 OSPF Routes to be redistributed NSSA-External 1 - Sets NSSA External Type 1 OSPF Routes to be redistributed NSSA-External 2 - Sets NSSA External Type 2 OSPF Routes to be redistributed The default is Internal. Distribute List - Distribute List - Sets the Access List that filters the routes to be redistributed by the destination protocol.
  • Page 819 Metric- The Metric of redistributed routes for the given Source Route. Displays "Unconfigured" when not configured. Match - List of Routes redistributed when "OSPF" is selected as Source. The list may include one or more of: Internal External 1 External 2 NSSA-External 1 NSSA-External 2 Distribute List - The Access List that filters the routes to be redistributed by the Destination...
  • Page 820 Minimum Advertise Interval (secs) - Enter the minimum time (in seconds) allowed between router advertisements sent from the interface. Advertise Lifetime (secs) - Enter the value (in seconds) to be used as the lifetime field in router advertisements sent from the interface. This is the maximum length of time that the advertised addresses are to be considered as valid router addresses by hosts.
  • Page 821 Minimum Advertise Interval (secs) - The minimum time (in seconds) allowed between router advertisements sent from the interface. Advertise Lifetime (secs) - The value (in seconds) used as the lifetime field in router advertisements sent from the interface. This is the maximum length of time that the advertised addresses are to be considered as valid router addresses by hosts.
  • Page 822 Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch. 11.4.7.2 Viewing Router Best Route Table Non-Configurable Data Network Address - The IP route prefix for the destination. Subnet Mask - Also referred to as the subnet/network mask, this indicates the portion of the IP interface address that identifies the attached network.
  • Page 823 11.4.7.3 Configuring Router Static Route Entry Selection Criteria Network Address - Specifies the IP route prefix for the destination. In order to create a route a valid routing interface must exist and the next hop IP Address must be on the same network as the routing interface.
  • Page 824 11.4.7.4 Configuring (Static) Routes Entry Selection Criteria Route Type - This field can be either default or static or static reject. If creating a default route, all that needs to be specified is the next hop IP address, otherwise each field needs to be specified. Configurable Data Network Address - The IP route prefix for the destination.
  • Page 825 11.4.7.5 Configuring Router Route Preference Use the Route Preferences Configuration page to configure the default preference for each protocol. These values arearbitrary values that range from 1 to 255, and are independent of route metrics. Most routing protocols use a route metric todetermine the shortest path known to the protocol, independent of any other protocol.
  • Page 826 Non-Configurable Data Local - This field displays the local route preference value. Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. 11.4.8 Managing VLAN Routing 11.4.8.1 Configuring VLAN Routing...
  • Page 827  Select the Submit button.  Change back to the VLAN Routing Summary page. The new VLAN should appear in the table with the correct IP address and subnet mask assigned. 11.4.8.2 Viewing VLAN Routing Summary Information Non-Configurable Data VLAN ID - The ID of the VLAN whose data is displayed in the current table row Slot/Port - The Slot/Port assigned to the VLAN Routing Interface MAC Address - The MAC Address assigned to the VLAN Routing Interface IP Address - The configured IP Address of the VLAN Routing Interface.
  • Page 828 11.4.9.2 Configuring Virtual Router Selection Criteria VRID and Slot/Port - Select 'Create' from the pulldown menu to configure a new Virtual Router, or select one of the existing Virtual Routers, listed by interface number and VRID. Configurable Data VRID - This field is only configurable if you are creating new Virtual Router, in which case enter the VRID in the range 1 to 255 .
  • Page 829 Authentication Type - Select the type of Authentication for the Virtual Router from the pulldown menu. The default is None. The choices are: 0-None - No authentication will be performed. 1-Key - Authentication will be performed using a text password. Authentication Data - If you selected simple authentication, enter the password.
  • Page 830 Non-Configurable Data Slot/Port - The interface for which data is to be displayed or configured. Virtual Router ID - The Virtual Router ID for which data is to be displayed or configured. Primary IP Address - The Primary IP Address of the Virtual Router. Command Buttons Submit - Update the switch with the values on this screen.
  • Page 831 Cancel - Return to the Virtual Router Configuration screen. 11.4.9.5 Configuring VRRP Track Interface Selection Criteria Track Slot/Port - Displays all routing interface which are not yet tracked for this vrid and interface configuration. Exception to this loopback and tunnels could not be tracked. Configurable Data Priority Decrement - The priority decrement for the tracked interface.
  • Page 832 Configurable Data Priority Decrement - Enter the priority decrement for the tracked Route. The valid range is 1 -254. default value is 10. Remove - Removes the selected Tracking Routes from the VRRP tracked list. Non-Configurable Data Slot/Port - The VRRP interface for which Tracking data is to be displayed. Virtual Router ID - he Virtual Router ID for which Tracking data is to be displayed.
  • Page 833 Virtual Router ID - The Virtual Router ID for which data is to be displayed. Command Buttons Submit - Send the updated configuration to the router. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. Cancel - Return to the VRRP Route Tracking Configuration screen.
  • Page 834  Simple State - The current state of the Virtual Router:  Initialize  Master  Backup Status - The current status of the Virtual Router:  Inactive  Active Secondary IP Address - The secondary IP address. Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch.
  • Page 835 Router Version Errors - The total number of VRRP packets received with an unknown or unsupported version number. Router VRID Errors - The total number of VRRP packets received with an invalid VRID for this virtual router. VRID - the VRID for the selected Virtual Router. Slot/Port - The Slot/Port for the selected Virtual Router.
  • Page 836 Configurable Data Tunnel - Select list of currently configured tunnel interfaces. Create is also a valid choice if the maximum number of tunnel interfaces has not been created. Tunnel ID - When 'Create' is chosen from the tunnel selector this list of available tunnel ID's becomes visible.
  • Page 837 Non-Configurable Data Tunnel ID - The Tunnel ID. Mode - The corresponding mode of the Tunnel. Address - The IPv6 Address(es) of the Tunnel. Source - The corresponding Tunnel Source Address. In the case where an interface has been configured both the interface and the address are displayed. If the source interface has no address configured the text 'unconfigured' is displayed in place of the address.
  • Page 838 IPv6 Mode - Enable IPv6 on this interface using the IPv6 address. This option is only configurable prior to specifying an explicit IPv6 address. IPv6 Address - Select list of configured IPv6 addresses for the selected Loopback interface. Add is also a valid choice if the maximum number of addresses has not been configured.

  • Page 839: Security Menu

    11.5 Security Menu 11.5.1 Managing Access Control (802.1x) 11.5.1.1 Defining Access Control Page Configurable Data Administrative Mode - This selector lists the two options for administrative mode: enable and disable. The default value is disabled. Guest Vlan Supplicant Mode - This selector lists the two options for Guest VLAN Supplicant mode: enable and disable.
  • Page 840 Selection Criteria Port - Selects the port to be configured. When the selection is changed, a screen refresh will occur causing all fields to be updated for the newly selected port. All physical interfaces are valid. Control Mode - This selector lists the options for control mode. The control mode is only set if the link status of the port is link up.
  • Page 841 timeout the authentication server. The server timeout must be a value in the range of 1 to 65535. The default value is 30. Changing the value will not change the configuration until the Submit button is pressed. Maximum Requests - This input field allows the user to enter the maximum requests for the selected port.
  • Page 842 11.5.1.3 Viewing each Port Access Control Configuration Information Page Selection Criteria Port - Selects the port to be displayed. When the selection is changed, a screen refresh will occur causing all fields to be updated for the newly selected port. All physical interfaces are valid. Non-Configurable Data Control Mode - Displays the configured control mode for the specified port.
  • Page 843 define periods of time in which it will not attempt to acquire a supplicant. The quiet period is the period for which the authenticator does not attempt to acquire a supplicant after a failed authentication exchange with the supplicant. The quiet period is a number in the range of 0 and 65535.
  • Page 844 "Held" "ForceAuthorized" "ForceUnauthorized". Backend State - This field displays the current state of the backend authentication state machine. Possible values are: "Request" "Response" "Success" "Fail" "Timeout" "Initialize" "Idle" VLAN Assigned - Displays the VLAN ID assigned to the selected interface by the Authenticator. Note: This field is displayed only when the port control mode of the selected interface is not MAC-based.
  • Page 845 11.5.1.4 Viewing Access Control Summary Page Non-Configurable Data Port - Specifies the port whose settings are displayed in the current table row. Control Mode - This field indicates the configured control mode for the port. Possible values are:  Force Unauthorized: The authenticator port access entity (PAE) unconditionally sets the controlled port to unauthorized.
  • Page 846 Port Status - This field shows the authorization status of the specified port. The possible values are 'Authorized' and 'Unauthorized'. Command Buttons Refresh - Update the information on the page. 11.5.1.5 Viewing each Port Access Control Statistics Page Selection Criteria Port - Selects the port to be displayed.
  • Page 847 EAP Response/Id Frames Received - This displays the number of EAP response/identity frames that have been received by this authenticator. EAP Response Frames Received - This displays the number of valid EAP response frames (other than resp/id frames) that have been received by this authenticator. EAP Request/Id Frames Transmitted - This displays the number of EAP request/identity frames that have been transmitted by this authenticator.
  • Page 848 11.5.1.7 Defining Port Access Client Summary Page Selection Criteria Port - Selects the port to be displayed. When the selection is changed, a screen refresh will occur causing all fields to be updated for the newly selected port. All physical interfaces are valid. Non-Configurable Data User Name - Displays the user name representing the supplicant device.
  • Page 849 Selection Criteria Users - Selects the user name that will use the selected login list for 802.1x port security. Configurable Data Login - Selects the login to apply to the specified user. All configured logins are displayed. Command Buttons Submit - Sends the updated screen to the switch and causes the changes to take effect on the switch but these changes will not be retained across a power cycle unless a save is performed.
  • Page 850 11.5.1.10 Viewing each Port Access Privileges Summary Page Non-Configurable Data Port - Displays the port in Slot/Port format. Users - Displays the users that have access to the port. Command Buttons Refresh - Update the information on the page. 11.5.2 Managing RADIUS 11.5.2.1 Configuring RADIUS Configuration Page - 850 -...
  • Page 851 Selection Criteria Accounting Mode - Selects if the RADIUS accounting mode is enabled or disabled. Configurable Data Max Number of Retransmits - The value of the maximum number of times a request packet is retransmitted. The valid range is 1 - 15. Consideration to maximum delay time should be given when configuring RADIUS maxretransmit and RADIUS timeout.
  • Page 852 11.5.2.2 Configuring RADIUS Server Configuration Page Selection Criteria RADIUS Server IP Address - Selects the RADIUS server to be configured. Select add to add a server. Primary Server - Sets the selected server to thePrimary or Secondary server. Message Authenticator - Enable or disable the message authenticator attribute for the selected server.
  • Page 853 Refresh - Update the information on the page. 11.5.2.3 Viewing RADIUS Server Statistics Page Selection Criteria RADIUS Server IP Address - Selects the IP address of the RADIUS server for which to display statistics. Non-Configurable Data Round Trip Time (secs) - The time interval, in hundredths of a second, between the most recent Access-Reply/Access-Challenge and the Access-Request that matched it from this RADIUS authentication server.
  • Page 854 Bad Authenticators - The number of RADIUS Access-Response packets containing invalid authenticators or signature attributes received from this server. Pending Requests - The number of RADIUS Access-Request packets destined for this server that have not yet timed out or received a response. Timeouts - The number of authentication timeouts to this server.
  • Page 855 Apply - The Secret will only be applied if this box is checked. If the box is not checked, anything entered in the Secret field will have no affect and will not be retained. This field is only displayed if the user has READWRITE access.
  • Page 856 Accounting Responses - Displays the number of RADIUS packets received on the accounting port from this server. Malformed Accounting Responses - Displays the number of malformed RADIUS Accounting-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators and unknown types are not included as malformed accounting responses.
  • Page 857 11.5.3 Defining TACACS+ Configuration 11.5.3.1 Configuring TACACS Configuration Page Configurable Data Key String - Specifies the authentication and encryption key for TACACS+ communications between the device and the TACACS+ server. The valid range is 0-128 characters. The key must match the key configured on the TACACS+ server. Connection Timeout - The maximum number of seconds allowed to establish a TCP connection between the device and the TACACS+ server.
  • Page 858 IP Address - Specifies the TACACS+ Server IP address. You cannot define these IP addresses: 0.0.0.0 255.255.255.255 224.xxx.xxx.xxx 127.0.0.1 Host name - The host name of the server being added. Priority - Specifies the order in which the TACACS+ servers are used. It should be within the range 0-65535.
  • Page 859 Selection Criteria Admin Mode - Selects the IP Filter admin mode for enable or disable. Configurable Data Filter Address 1~5 - Stations that are allowed to make configuration changes to the Switch. Command Buttons Submit - Send the updated screen to the switch. Changes take effect on the switch but these changes will not be retained across a power cycle unless a save is performed.
  • Page 860 Maximum Number of HTTPS Sessions - This field is used to set the maximum allowable number of HTTPS sessions. The value must be in the range of (0 to 16). The default value is 16. The currently configured value is shown when the web page is displayed. Non-Configurable Data Certificate Present? - Displays whether there is a certificate present on the device.

  • Page 861: Ipv6 Menu

    Configurable Data SSH Session Timeout (Minutes) - This text field is used to configure the inactivity timeout value for incoming SSH sessions to the switch. The acceptable range for this value is (1-160) minutes. Non-Configurable Data SSH Connections in Use - Displays the number of SSH connections currently in use in the system. Keys Present - Displays which keys, RSA, DSA or both, are present (if any).
  • Page 862 ICMPv6 Rate Limit Burst Size -To control the ICMP error packets user can specify the number of ICMP error packets are allowed per burst interval. Default burstsize is 100 packets. When burst interval is 0 then configuring this field is not a valid operation. Valid Burst Size must be in the range (1 to 200) Command Buttons Submit - Send the updated configuration to the switch.
  • Page 863 OnLink Flag by Prefix - Specifies selected prefix can be used for on-link determination. Default value is enable. This selector lists the two options for on-link flag: enable and disable. Autonomous Flag by Prefix - Specifies selected prefix can be used for autonomous address configuration.
  • Page 864 11.6.3 Viewing IPv6 Interface Summary Page Non-Configurable Data Interface - Specifies the interface whose settings are displayed in the current table row. Routing Mode - Specifies routing mode of an interface. Admin Mode - Specifies administrative mode of an interface. Implicit Mode - When ipv6 implicit mode is enabled, interface is capable of ipv6 operation without a global address.
  • Page 865 11.6.4 Viewing IPv6 Interface Statistics Page - 865 -...
  • Page 866 Selection Criteria Interface - Selects the interface to be configured. When the selection is changed, a screen refresh will occur causing all fields to be updated for the newly selected port. Non-Configurable Data IPv6 Statistics Total Datagrams Received - The total number of input datagrams received by the interface, including those received in error.
  • Page 867 which these fragments were addressed which might not be necessarily the input interface for some of the fragments. Datagrams Successfully Reassembled - The number of IPv6 datagrams successfully reassembled. Note that this counter is incremented at the interface to which these datagrams were addressed which might not be necessarily the input interface for some of the fragments.
  • Page 868 ICMPv6 Echo Reply Messages Received - The number of ICMP Echo Reply messages received by the interface. ICMPv6 Router Solicit Messages Received - The number of ICMP Router Solicit messages received by the interface. ICMPv6 Router Advertisement Messages Received - The number of ICMP Router Advertisement messages received by the interface.
  • Page 869 ICMPv6 Redirect Messages Transmitted - The number of Redirect messages sent. ICMPv6 Group Membership Query Messages Transmitted - The number of ICMPv6 Group Membership Query messages sent. ICMPv6 Group Membership Response Messages Transmitted - The number of ICMPv6 Group Membership Response messages sent. ICMPv6 Group Membership Reduction Messages Transmitted - The number of ICMPv6 Group Membership Reduction messages sent.
  • Page 870 received within DELAY_FIRST_PROBE_TIME seconds of entering the DELAY state, send a neighbor solicitation message and change the state to PROBE.  Probe - A reachability confirmation is actively sought by resending neighbor solicitation messages every RetransTimer milliseconds until a reachability confirmation is received. Last Updated - Time since the address was confirmed to be reachable.
  • Page 871 11.6.7 Managing OSPFv3 Protocol 11.6.7.1 Configuring OSPFv3 Configuration Page Configurable Data Router ID - The 32 bit integer in dotted decimal format that uniquely identifies the router within the autonomous system (AS). If you want to change the Router ID you must first disable OSPFv3. After you set the new Router ID, you must re-enable OSPFv3 to have the change take effect.
  • Page 872 Exit Overflow Interval - Enter the number of seconds that, after entering overflow state, the router should wait before attempting to leave overflow state. This allows the router to again originate non-default AS-external-LSAs. If you enter 0, the router will not leave Overflow State until restarted. The range is 0 to 2147483647 seconds.
  • Page 873 AS_OPAQUE LSA Count - The number of opaque LSAs with domain wide flooding scope. AS_OPAQUE LSA Checksum - The sum of the LS checksums of the opaque LSAs with domain wide flooding scope. This sum can be used to determine if there has been a change in a router's link state database, and to compare the link-state databases of two routers.
  • Page 874 Stub Area Specific Parameters. Metric Value - Enter the metric value you want applied for the default route advertised into the stub area. Valid values range from 1 to 16,777,215. This value is applicable only to Stub areas. NSSA Specific Parameters. Default Information Originate - The default Route Information.
  • Page 875 Border router is translating type-7 LSAs into type-5.' Disabled' implies tha a candidate NSSA Border router is NOT translating type-7 LSAs into type-5. Command Buttons Create Stub Area - Configure the area as a stub area. Delete Stub Area - Delete the stub area designation. The area will be returned to normal state. Create NSSA - Configure the area as NSSA.
  • Page 876 Configurable Data IPv6 Prefix - Enter the IPv6 Prefix/Prefix Length for the address range for the selected area. LSDB Type - Select the type of Link Advertisement associated with the specified area and address range. The default type is 'Network Summary'. Advertisement - Select enable or disable from the pulldown menu.
  • Page 877 Selection Criteria Slot/Port - Select the interface for which data is to be displayed or configured. Configurable Data OSPFv3 Admin Mode* - You may select enable or disable from the pulldown menu. The default value is 'disable.' You can configure OSPFv3 parameters without enabling OSPFv3 Admin Mode, but they will have no effect until you enable Admin Mode.
  • Page 878 LSA Ack Interval - The number of seconds between LSA Acknowledgment packet transmissions, which must be less than the Retransmit Interval. State - The current state of the selected router interface. One of:  Down - This is the initial interface state. In this state, the lower-level protocols have indicated that the interface is unusable.
  • Page 879 11.6.7.6 Viewing OSPFv3 Interface Statistics Page This screen displays statistics for the selected interface. The information will be displayed only if OSPFv3 is enabled. Selection Criteria Slot/Port - Select the interface for which data is to be displayed. Non-Configurable Data OSPFv3 Area ID - The OSPFv3 area to which the selected router interface belongs.
  • Page 880 Area LSA Count - The total number of link-state advertisements in this area's link-state database, excluding AS External LSAs. IPv6 Address - The IPv6 address of the interface. Interface Events - The number of times the specified OSPFv3 interface has changed its state or an error has occurred.
  • Page 881 LS Acknowledgements Received - The number of LS acknowledgements received on this interface by this router. Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the switch. 11.6.7.7 Viewing OSPFv3 Neighbor Information Page This screen shows the OSPFv3 Neighbor information for a selected neighbor Router ID on the selected interface.
  • Page 882 Command Buttons Refresh - Refreshes the page with the latest OSPFv3 neighbor information for the selected interface and Neighbor Router ID. 11.6.7.8 Viewing OSPFv3 Neighbor Table Information Page This screen shows the OSPFv3 Neighbor Table, either for all interfaces on which valid OSPFv3 Neighbors are present or the neighbors specific to a given interface on which OSPFv3 Neighbors exist.
  • Page 883 11.6.7.9 Viewing OSPFv3 Link State Database Information Page Non-Configurable Data Router ID - The 32 bit integer in dotted decimal format that uniquely identifies the router within the autonomous system (AS). The Router ID is set on the OSPFv3 Interface Configuration page. If you want to change the Router ID you must first disable OSPFv3.
  • Page 884 11.6.7.10 Configuring OSPFv3 Virtual Link Configuration Page Selection Criteria Create New Virtual Link - Select this option from the dropdown menu to define a new virtual link. The area portion of the virtual link identification is fixed: you will be prompted to enter the Neighbor Router ID on a new screen.
  • Page 885 values. All interface timers will be disabled, and there will be no adjacencies associated with the interface.  Waiting - The router is trying to determine the identity of the (Backup) Designated Router by monitoring received Hello Packets. The router is not allowed to elect a Backup Designated Router or a Designated Router until it transitions out of Waiting state.
  • Page 886 Neighbor Router ID - The neighbor portion of the virtual link identification. Virtual links may be configured between any pair of area border routers having interfaces to a common (non-backbone) area. Hello Interval - The OSPFv3 hello interval for the virtual link in units of seconds. Dead Interval - The OSPFv3 dead interval for the virtual link in units of seconds.
  • Page 887 Metric- Sets the metric value to be used as the metric of redistributed routes. This field displays the metric if the source was pre-configured and can be modified. The valid values are (0 to 16777214) Metric Type - Sets the OSPFv3 metric type of redistributed routes. Tag - Sets the tag field in routes redistributed.
  • Page 888 Selection Criteria Global or Link-local Next-hop - Specify if the Next Hop IPv6 Address is a Global IPv6 Address or a Link-local IPv6 Address. Slot/Port - Enter the unit, slot and port number for the Link-local IPv6 Next Hop Address. This field is displayed only if the Global or Link-local Next-hop Selector is selected as Link-local.
  • Page 889 Next Hop IP - Displays the Next Hop IPv6 Address for the Active Route. Command Buttons Refresh - Reloads the data on the page. 11.6.8.3 Configuring IPv6 Router Route Preference Page Use this panel to configure the default preference for each protocol. These values are arbitrary values in the range of 1 to 255 and are independent of route metrics.
  • Page 890 11.6.8.4 Configuring IPv6 Routes Configuration Page Selection Criteria Routes Displayed -  Configured Routes - Shows the routes configured by the user  Best Routes - Shows only the best active routes  All Routes - Shows all active IPv6 routes Non-Configurable Data IPv6 Prefix/Prefix Length - Displays the Network Prefix and Prefix Length for the Configured Route.
  • Page 891 Configurable Data RIPv6 Admin Mode - Select enable or disable from the pulldown menu. If you select enable RIPv6 will be enabled for the switch. The default is disable. Split Horizon Mode - Select none, simple or poison reverse from the pulldown menu. Split horizon is a technique for avoiding problems caused by including routes in updates sent to the router from which the route was originally learned.
  • Page 892 11.6.9.3 Configuring RIPv6 Redistribution Configuration Page This screen can be used to configure the RIPv6 Route Redistribution parameters. The allowable values for each fields are displayed next to the field. If any invalid values are entered, an alert message will be displayed with the list of all the valid values.

  • Page 893: Qos Menu

    11.6.9.4 Configuring RIPv6 Route Redistribution Summary Page This screen displays the RIPv6 Route Redistribution Configurations. Non-Configurable Data Source - The Source Route to be Redistributed by RIPv6. Metric - The Metric of redistributed routes for the given Source Route. Displays "Unconfigured" when not configured.
  • Page 894 Configurable Data IP ACL ID - IP ACL ID must be a whole number in the range of 1 to 99 for IP Standard Access Lists and 100 to 199 for IP Extended Access Lists. IP ACL Name - Specifies IP ACL Name string which includes alphanumeric characters only. The name must start with an alphabetic character.
  • Page 895 11.7.1.3 Configuring IP Access Control List Rule Configuration Page Use these screens to configure the rules for the IP Access Control Lists created using the IP Access Control List Configuration screen. What is shown on this screen varies depending on the current step in the rule configuration process.
  • Page 896 minute report interval is used for the entire system. A trap is not issued if the ACL rule hit count is zero for the current interval. This field is visible for a 'Deny' Action. Assign Queue ID - Specifies the hardware egress queue identifier used to handle all packets matching this IP ACL rule.
  • Page 897 optional configuration. Enter an integer from 0 to 63. The IP DSCP is selected by possibly selection one of the DSCP keyword from a dropdown box. If a value is to be selected by specifying its numeric value, then select the 'Other' option in the dropdown box and a text box will appear where the numeric value of the DSCP can be entered.
  • Page 898 Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. Rename - Rename the currently selected IPv6 ACL. Delete - Removes the currently selected IPv6 ACL from the switch configuration. 11.7.1.5 IPv6 Access Control List Summary Page Non-Configurable Data IPv6 ACL Name - Exiting IPv6 ACL identifier.
  • Page 899 Selection Criteria IPv6 ACL Name - Use the pull down menu to select the IPv6 ACL for which to create or update a rule. Rule - Select an existing rule from the pull down menu, or select 'Create New Rule.' New rules cannot be created if the maximum number of rules has been reached.
  • Page 900 match the rule, the option of configuring other match criteria will not be offered. To configure specific match criteria for the rule, remove the rule and re-create it, or re-configure 'Match Every' to 'False' for the other match criteria to be visible. Protocol - There are two ways to configure IPv6 protocol.
  • Page 901 Selection Criteria MAC ACL - A new MAC Access Control List may be created or the configuration of an existing MAC ACL can be updated based on selection. Configurable Data MAC ACL Name - Specifies MAC ACL Name string which may include alphabetic, numeric, dash, underscore or space characters only.
  • Page 902 Rules - The number of rules currently configured for the MAC ACL. Direction - The direction of packet traffic affected by the MAC ACL. Valid Directions  Inbound Slot/Port(s) - The interfaces to which the MAC ACL applies. VLAN(s) - VLAN(s) to which the MAC ACL applies. Command Buttons Refresh - Refresh the data on the screen to the latest state.
  • Page 903 Selection Criteria MAC ACL - Select the MAC ACL for which to create or update a rule. Rule - Select an existing rule or select 'Create New Rule' to add a new Rule. New rules cannot be created if the maximum number of rules has been reached. For each rule, a packet must match all the specified criteria in order to be true against that rule and for the specified rule action (Permit/Deny) to take place.
  • Page 904 Ethertype User Value - Specifies the user defined customised Ethertype value to be used when the user has selected "User Value" as Ethertype Key, to compare against an Ethernet frame. Valid range of values is (0x0600 to 0xFFFF). Source MAC - Specifies the Source MAC address to compare against an Ethernet frame. Valid format is (xx:xx:xx:xx:xx:xx).
  • Page 905  MAC ACL IP ACL - Specifies list of all IP ACLs. This field is visible only if the user has selected "IP ACL" as "ACL Type". IPv6 ACL - Specifies list of all IPv6 ACLs. This field is visible only if the user has selected "IPv6 ACL" as "ACL Type".
  • Page 906 Configurable Data VLAN ID - Specifies list of all configured VLAN Id(s) for ACL mapping. Direction - Specifies the packet filtering direction for ACL. Valid Directions:  Inbound ACL Type - Specifies the type of ACL. Valid ACL Types:  IP ACL ...
  • Page 907 Non-Configurable Data Summary Display Selector - Select interface or VLAN to display summary. By default summary of Interface-based ACL(s) is displayed. Slot/Port(s) - The interfaces to which the IP ACL applies. VLAN(s) - VLAN(s) to which the IP ACL applies. Direction - The direction of packet traffic affected by the IP ACL.
  • Page 908 Selection Criteria DiffServ Admin Mode - This lists the options for the mode, from which one can be selected. The default value is 'enable'. While disabled, the DiffServ configuration is retained when saved and can be changed, but it is not activated. When enabled, Diffserv services are activated. Non-Configurable Data Class table - Displays the number of configured DiffServ classes out of the total allowed on the switch.
  • Page 909 Class Layer 3 Protocol - Indicates how to interpret the any layer 3. This lists types of packets supported by Diffserv. Layer 3 Protocol option is available only when user selects class type as 'All' . Options:  IPv4  IPv6 Only when a new class is created, this field is a selector field.
  • Page 910 11.7.2.3 Viewing DiffServ Class Summary Page Non-Configurable Data Class Name - Displays names of the configured DiffServ classes. Class Type - Displays types of the configured classes as 'all', 'any', or 'acl'. Class types are platform dependent. Reference Class - Displays name of the configured class of type ...
  • Page 911 Selection Criteria Policy Selector - Along with an option to create a new policy, this lists all the existing DiffServ policy names, from which one can be selected. The content of this screen varies based on the selection of this field. If an existing policy is selected then the screen will display Member Classes for that DiffServ policy.
  • Page 912 11.7.2.5 Viewing DiffServ Policy Summary Page Non-Configurable Data Policy Name - Displays name of the DiffServ policy. Policy Type - Displays type of the policy as 'In'. Member Classes - Displays name of each class instance within the policy. Command Buttons Refresh –...
  • Page 913 11.7.2.7 Viewing DiffServ Policy Attribute Summary Page Non-Configurable Data Policy Name - Displays name of the specified DiffServ policy. Policy Type - Displays type of the specified policy as 'In’. Class Name - Displays name of the DiffServ class to which this policy is attached. Attribute - Displays the attributes attached to the policy class instances.
  • Page 914 Direction - Shows that the traffic direction of this service interface is In. Operational Status - Shows the operational status of this service interface, either Up or Down. Policy Name - Shows the name of the attached policy. Command Buttons Submit - Send the updated screen to the switch and cause the changes to take effect on the switch but these changes will not be retained across a power cycle unless a save is performed.
  • Page 915 Non-Configurable Data Slot/Port - Shows the Slot/Port that uniquely specifies an interface. Direction - Shows that the traffic direction of this service interface is In. Operational Status - Shows the operational status of this service interface, either Up or Down. Command Buttons Refresh - Refresh the displayed data.
  • Page 916 Non-Configurable Data Policy Name - Name of the policy currently attached to the specified interface and direction. Operational Status - Operational status of the policy currently attached to the specified interface and direction. The value is either Up or Down. Command Buttons Refresh - Refresh the displayed data.
  • Page 917 Selection Criteria Traffic Type - Traffic type is used to define the DiffServ Class. Traffic type options: VOIP, HTTP, FTP, Telnet, and Any. Policing - Enabling policing will add policing to the DiffServ Policy and the policing rate will be applied.
  • Page 918 11.7.4 Managing Class of Service 11.7.4.1 Configuring Trust Mode Configuration Page Selection Criteria Slot/Port - Specifies all CoS configurable interfaces. The option "Global" represents the most recent global configuration settings. These may be overridden on a per-interface basis. Interface Trust Mode - Specifies whether or not to trust a particular packet marking at ingress. Interface Trust Mode can only be one of the following: ...
  • Page 919 11.7.4.2 Managing DSCP Mapping Configuration Page Selection Criteria Slot/Port - Specifies all CoS configurable interfaces. The option "Global" represents the most recent global configuration settings. Configurable Data IP DSCP Value Traffic Class - Specify which internal traffic class to map the corresponding IP DSCP value.
  • Page 920 Selection Criteria Slot/Port - Specifies all CoS configurable interfaces. The option "Global" represents the most recent global configuration settings. These may be overridden on a per-interface basis. Configurable Data Interface Shaping Rate - Specifies the maximum bandwidth allowed, typically used to shape the outbound transmission rate.
  • Page 921  taildrop Default value is taildrop. Configurable Data Minimum Bandwidth Allocated - Specifies the sum of individual Minimum Bandwidth values for all queues in the interface. The sum cannot exceed the defined maximum (100). This value is considered while configuring the Minimum Bandwidth for a queue in the selected interface. Minimum Bandwidth - Specifies the minimum guaranteed bandwidth allotted to this queue.
  • Page 922 Queue Management Type - Queue depth management technique used for queues on this interface. This is only used if device supports independent settings per-queue. Queue Management Type can only be one of the following:  taildrop 11.7.4.6 Configuring Enhanced Transmission Selection (ETS) interface Selection Criteria Slot/Port - Choose a ETS configurable interfaces for setting.
  • Page 923 ETS PG-Mapping - This command configures the mapping list of priority to priority groups. Choose the CNM generation behavior when congestion notification threshold is reached but the incoming sampled packet does not have CN-TAG.  LAN - assign specific priority id to LAN priority group. ...
  • Page 924 11.7.4.8 Configuring Congestion Notification (CN)) Global configuration Selection Criteria CNM Admin Mode - Enable/Disable congestion notification message(CNM) handling.  Enable - to enable handling congestion notification message.  Disable - to disable handling congestion notification message. The system's default CNM handling is Enabled. CN-TAG Processing - Enable/Disable CN-TAG processing.
  • Page 925 Outer TPID for CNM - Set Outer TPID for Congestion Notification Message (CNM). The system's default Outer TPID for CNM is 0. The valid TPID range is 0 to 16777215. Outer VLAN ID for CNM - Set Outer VLAN ID for Congestion Notification Message (CNM). The system's default Outer VLAN ID for CNM is 1.

  • Page 926: Ipv4 Multicast Menu

    11.7.4.10 Viewing Congestion Notification (CN) interface summary Non-Configurable Data Interface - The list of CN configurable interfaces. Queue ID - Specifies the ID of priority queues. Mode - Specifies the mode of priority queues. CNM Count - Counts the number of CN message generated by the congestion messaged queue. 11.8 IPv4 Multicast Menu 11.8.1...
  • Page 927 Configurable Data Admin Mode - Select enable or disable from the dropdown menu. This sets the administrative status of DVMRP to active or inactive. The default is disable. Non-Configurable Data Version - The current value of the DVMRP version string. Total Number of Routes - The number of routes in the DVMRP routing table.
  • Page 928 11.8.1.3 Viewing DVMRP Configuration Summary Selection Criteria Slot/Port - Select the interface for which data is to be displayed. You must configure at least one router interface before you can display data for a DVMRP interface. Otherwise you will see a message telling you that no router interfaces are available, and the configuration summary screen will not be displayed.
  • Page 929 Received Bad Routes - The number of invalid routes received on the selected interface. Sent Routes - The number of routes sent on the selected interface. Neighbor IP - The IP address of the neighbor whose information is displayed. State - The state of the specified neighbor router on the selected interface, either active or down. Neighbor Uptime - The DVMRP uptime for the specified neighbor on the selected interface.
  • Page 930 11.8.1.5 Viewing DVMRP Prune Summary Non-Configurable Data Group IP - The group address which has been pruned. Source IP - The address of the source or source network which has been pruned. Source Mask - The subnet mask to be combined with the source IP address to identify the source or source network which has been pruned.
  • Page 931 Upstream Neighbor - The address of the upstream neighbor (e.g., RPF neighbor) from which IP datagrams from these sources are received. Interface - The interface on which IP datagrams sent by these sources are received. A value of 0 typically means the route is an aggregate for which no next-hop interface exists. Metric - The distance in hops to the source subnet.
  • Page 932 Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed or configured from the pulldown menu. Slot 0 is the base unit. You must have configured at least one router interface before configuring or displaying data for an IGMP interface, otherwise an error message will be displayed. Configurable Data Interface Mode - Select enable or disable from the pulldown menu to set the administrative status of IGMP on the selected interface.
  • Page 933 11.8.2.3 Viewing IGMP Configuration Summary Page Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed. Slot 0 is the base unit. Non-Configurable Data Interface Mode - The administrative status of IGMP on the selected interface. IP Address - The IP address of the selected interface.
  • Page 934 Startup Query Interval - The interval at which startup queries are sent on the selected interface. Startup Query Count - The number of queries to be sent on startup. Last Member Query Interval - The last member query interval. The last member query interval is the maximum response time inserted into group-specific queries sent in response to leave group messages, and is also the amount of time between group-specific query messages.
  • Page 935 Non-Configurable Data Last Reporter - The IP address of the source of the last membership report received for the IP Multicast group address on the selected interface. Up Time - The time elapsed since this entry was created. Expiry Time - The minimum amount of time remaining before this entry will be aged out. Version 1 Host Timer - The time remaining until the local router will assume that there are no longer any IGMP version 1 members on the IP subnet attached to this interface.
  • Page 936 Source Filter Mode - The source filter mode (Include/Exclude/NA) for the specified group on this interface. Source Hosts - This parameter shows source addresses which are members of this multicast address. Expiry Time - This parameter shows expiry time interval against each source address which are members of this multicast group.
  • Page 937 11.8.2.7 Viewing IGMP Proxy Configration Summary Page Non-Configurable Data Slot/Port - Displays the interface on which IGMP proxy is enabled. IP Address - The IP address of the IGMP Proxy interface. Subnet Mask - The subnet mask for the IP address of the IGMP Proxy interface. Admin Mode - The administrative status of IGMP Proxy on the selected interface.
  • Page 938 Selection Criteria Multicast Group IP - Select the IP multicast group address for which data is to be displayed. If no group membership reports have been received on the selected interface you will not be able to make this selection, and none of the non-configurable data will be displayed. Non-Configurable Data Slot/Port - Displays the interface on which IGMP proxy is enabled.
  • Page 939 Up Time - Displays the up time since the entry was created in cache table. State - The state of the host entry. A Host can be in one of the state. Non-member state - does not belong to the group on the interface. Delaying member state - host belongs to the group on the interface and report timer running.
  • Page 940 11.8.3.2 Configuring Interface’s Multicast Configuration Page Selection Criteria Slot/Port - Select the routing interface you want to configure from the dropdown menu. Configurable Data TTL Threshold - Enter the TTL threshold below which a multicast data packet will not be forwarded from the selected interface.
  • Page 941 Outgoing Interface(s) - The list of outgoing interfaces on which multicast packets for this source/group are forwarded. Up Time (secs)- The time in seconds since the entry was created. Expiry Time (secs)- The time in seconds before this entry will age out and be removed from the table.
  • Page 942 Slot/Port - Select the interface number from the dropdown menu. This is the interface that connects to the neighbor router for the given source IP address. Command Buttons Submit - Send the updated configuration to the router. Configuration changes take effect immediately.
  • Page 943 Slot/Port - Select the router interface for which the administratively scoped boundary is to be configured. Configurable Data Group IP - Enter the multicast group address for the start of the range of addresses to be excluded. The address must be in the range of 239.0.0.0 through 239.255.255.255. Group Mask - Enter the mask to be applied to the multicast group address.
  • Page 944 Configurable Data Admin Mode - Select enable or disable from the pulldown menu to set the administrative status of PIM-DM in the router. The default is disabled. Command Buttons Submit - Send the updated configuration to the router. Configuration changes take effect immediately.
  • Page 945 11.8.4.3 Viewing Interface’s PIM-DM Configuration Page Selection Criteria Slot/Port - Select the physical interface for which data is to be displayed. There must be configured at least one router interface before displaying data for a PIM-DM interface, otherwise a message will be displayed.
  • Page 946 11.8.5 Managing PIM-SM Protocol 11.8.5.1 Configuring PIM-SM Global Configuration Page Configurable Data Admin Mode - Select enable or disable from the pulldown menu to set the administrative status of PIM-SM in the router. The default is disable. Data Threshold Rate - Enter the rate in K bits/second above which the last-hop router will switch to a source-specific shortest path tree.
  • Page 947 Register Threshold Rate - The minimum source data rate in K bits/second above which the Rendezvous Point router will switch to a source-specific shortest path tree. Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the router. 11.8.5.3 Configuring PIM-SM SSM Range Configuration Page Configurable Data SSM Group Address - Enter the source-specific multicast group ip-address.
  • Page 948 Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed or configured. Slot 0 is the base unit. Configurable Data Mode - Select enable or disable from the pulldown menu to set the administrative status of PIM-SM in the router.
  • Page 949 Net Mask - The network mask for the IP address of the selected PIM interface. Hello Interval (secs) - The frequency at which PIM Hello messages are transmitted on the selected interface. Join/Prune Interval - The frequency at which PIM Join/Prune messages are transmitted on this PIM interface.
  • Page 950 11.8.5.7 Configuring PIM-SM BSR Candidate Configuration Page Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed. Slot 0 is the base unit. Configurable Data Hash Mask Length - Enter the C-BSR hash mask length to be advertised in bootstrap messages. This hash mask length will be used in the hash algorithm for selecting the RP for a particular group.

  • Page 951: Ipv6 Multicast Menu

    Command Buttons Refresh - Refresh the data on the screen with the present state of the data in the router. 11.8.5.9 Configuring PIM-SM Static RP Configuration Page Configurable Data IP Address - IP Address of the RP to be created or deleted. Group - Group Address of the RP to be created or deleted.
  • Page 952 Selection Criteria Admin Mode - Select enable or disable from the pulldown menu to set the administrative status of MLD in the router to active or inactive. The default is disabled. Command Buttons Submit - Send the updated configuration to the switch. Configuration changes take effect immediately.
  • Page 953 Non-Configurable Data Robustness - Enter the robustness value. This variable allows tuning for the expected packet loss on a subnet. If you expect the subnet to be lossy, you should enter a higher number for this parameter. MLD is robust to (robustness variable-1) packet losses. Valid values are from (1 to 255) . The default value is 2 Startup Query Interval - Enter the number of seconds between the transmission of startup queries on the selected interface.
  • Page 954 11.9.1.4 Viewing MLD Interface Summary Page Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed. Slot 0 is the base unit. Non-Configurable Data MLD Global Admin Mode - The administrative status of MLD on the selected interface. MLD Operational Mode- The operational status of MLD on the Interface.
  • Page 955 Last Member Query Count - This value indicates the configured number of Group-Specific Queries sent before the router assumes that there are no local members. Querier Status - This value indicates whether the interface is a MLD querier or non-querier on the subnet it is associated with.
  • Page 956 Malformed MLD Packets - The number of Malformed MLD Packets received by the router. Common Button Refresh - Refresh the data on the screen with the present state of the data in the router. Clear Traffic - Clears all the parameters for the selected interface. 11.9.1.6 Configuring MLD Proxy Interface Congiuration Page Selection Criteria Slot/Port - Select the port for which data is to be displayed or configured from the pulldown menu.
  • Page 957 11.9.1.7 Viewing MLD Proxy Configration Summary Page Non-Configurable Data Slot/Port - Displays the interface on which MLD proxy is enabled. IPv6 Address - The IPv6 address of the MLD Proxy interface. Subnet Mask - The subnet mask for the IPv6 address of the MLD Proxy interface. Admin Mode - The administrative status of MLD Proxy on the selected interface.
  • Page 958 11.9.1.8 Viewing MLD Proxy Interface Membership Information Page Selection Criteria Multicast Group IPv6 - Select the IPv6 multicast group address for which data is to be displayed. If no group membership reports have been received on the selected interface you will not be able to make this selection, and none of the non-configurable data will be displayed.
  • Page 959 Selection Criteria Multicast Group IPv6 - Select the IPv6 multicast group address for which data is to be displayed. If no group membership reports have been received on the MLD Proxy interface you will not be able to make this selection, and none of the non-configurable data will be displayed. Non-Configurable Data Slot/Port - Displays the interface on which MLD proxy is enabled.
  • Page 960 11.9.2.2 Configuring PIM-DM Interface Configuration Page Selection Criteria Slot/Port - Select the Slot and port for which data is to be displayed or configured. Slot 0 is the base unit. You must have configured at least one router interface before configuring or displaying data for a PIM-DM interface, otherwise an error message will be displayed.
  • Page 961 Selection Criteria Slot/Port - Select the physical interface for which data is to be displayed. There must be configured at least one router interface before displaying data for a PIM-DM interface, otherwise a message will be displayed. Non-Configurable Data Interface Mode - Displays the administrative status of PIM-DM for the selected interface. The default is disable.
  • Page 962 Command Buttons Submit - Send the updated configuration to the router. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. 11.9.3.2 Viewing PIM-SM Global Status Page Non-Configurable Data PIMSM Admin Mode - The administrative status of PIM-SM in the router: either enable or disable. Data Threshold Rate - The minimum source data rate in K bits/second above which the last-hop router will switch to a source-specific shortest path tree.
  • Page 963 Command Buttons Submit - Send the updated configuration to the router. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. Refresh - Refresh the data on the screen with the present state of the data in the router. 11.9.3.4 Configuring Interface’s PIM-SM Configuration Page Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed or configured.
  • Page 964 11.9.3.5 Viewing Interface’s PIM-SM Summary Page Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed. Slot 0 is the base unit. Non-Configurable Data Admin Mode - The administrative status of PIM-SM in the router: either enable or disable. Protocol State - The operational state of the PIM-SM protocol on this interface.
  • Page 965 11.9.3.6 Configuring PIM-SM Candidate RP Configuration Page Selection Criteria Slot/Port - Select the slot and port for which data is to be displayed. Slot 0 is the base unit. Non-Configurable Data Group Address - The group address transmitted in Candidate-RP-Advertisements. Configurable Data Interface - Display the interface.
  • Page 966 Configurable Data Hash Mask Length - Enter the C-BSR hash mask length to be advertised in bootstrap messages. This hash mask length will be used in the hash algorithm for selecting the RP for a particular group. The valid values are from (0 to 128). Default value is 30. Priority - Enter the priority of C-BSR.
  • Page 967 11.9.3.9 Configuring PIM-SM Static RP Configuration Page Configurable Data RP Address - IP Address of the RP. Group Address/Prefix Length - Enter the source-specific multicast group ip-address / Prefix Length. Overide - To override the entry you need to check this box and then select the submit button. Delete - Attempts to remove the specified Static RP Address for the PIM-SM router.
  • Page 968 Selection Criteria Source IP - Enter the IP address of the multicast packet source to be combined with the Group IP to fully identify a single route whose Mroute table entry you want to display or clear. You may leave this field blank.
  • Page 969 www.fortinet.com...

Table of Contents