Page 1: Ethernet Switch
Layer 2 Ethernet Switch AT-8000S Series CLI Reference Guide...
Page 2 Allied Telesis AT-8000S Command Line Interface User’s Guide...
Page 3: Table Of Contents
Table of Contents Preface ........................... 1 Intended Audience........................... 2 Document Conventions ........................3 Contacting Allied Telesis ......................... 4 Chapter 1.Using the CLI ....................... 5 Overview ..............................5 CLI Command Modes........................5 Introduction ..............................5 User EXEC Mode ............................5 Privileged EXEC Mode ..........................5 Global Configuration Mode ........................6 Interface Configuration and Specific Configuration Modes................7 Starting the CLI..........................
Page 4 Allied Telesis Command Line Interface User’s Guide ip https authentication.......................... 27 show authentication methods ......................28 password ............................. 29 username............................. 29 show users accounts ........................... 30 enable password ..........................31 Chapter 4.Address Table Commands ................33 bridge address............................. 33 bridge multicast filtering........................33 bridge multicast address........................
Page 5 Chapter 6.Configuration and Image File Commands ............64 copy..............................64 dir .................................66 delete ..............................67 boot system............................68 show running-config ..........................68 show startup-config ..........................69 show bootvar............................70 Chapter 7.DHCP Option 82 Commands ................71 ip dhcp information option ........................71 show ip dhcp information option......................71 ip dhcp relay enable ..........................72 Chapter 8.DHCP Snooping Commands ................
Page 6 Allied Telesis Command Line Interface User’s Guide port storm-control broadcast rate ......................96 show ports storm-control ........................97 Chapter 10.GVRP Commands.................... 98 gvrp enable (Global) ..........................98 gvrp enable (Interface) ........................98 garp timer ............................99 gvrp vlan-creation-forbid........................100 gvrp registration-forbid........................100 clear gvrp statistics ..........................
Page 7 speed ..............................125 autobaud ............................126 exec-timeout............................127 history..............................127 history size ............................128 terminal history...........................128 terminal history size ...........................129 show line ............................129 Section 14.LACP Commands................... 131 lacp system-priority ..........................131 lacp port-priority ..........................132 lacp timeout............................133 show lacp ethernet ..........................134 show lacp port-channel ........................136 Chapter 15.Management ACL Commands ..............137 management access-list ........................137 permit (Management).........................138 deny (Management) ...........................139...
Page 8 Allied Telesis Command Line Interface User’s Guide Chapter 20.QoS Commands .................... 156 qos..............................156 show qos ............................156 priority-queue out num-of-queues ..................... 157 rate-limit............................. 157 traffic-shape............................158 show qos interface..........................158 wrr-queue cos-map..........................159 qos wrr-queue threshold........................160 qos trust(Global) ..........................161 qos map dscp-queue .........................
Page 9 snmp-server contact...........................193 snmp-server location..........................193 snmp-server set ..........................194 show snmp ............................195 show snmp engineid ..........................196 show snmp views ..........................197 show snmp groups ..........................197 show snmp filters ..........................198 show snmp users ..........................199 Chapter 24.Spanning-Tree Commands................200 spanning-tree .............................200 spanning-tree mode ...........................200 spanning-tree forward-time ........................201 spanning-tree hello-time........................201 spanning-tree max-age ........................202 spanning-tree priority .........................203...
Page 10 Allied Telesis Command Line Interface User’s Guide user-key............................. 231 key-string ............................232 show ip ssh............................233 show crypto key mypubkey ....................... 234 show crypto key pubkey-chain ssh....................235 Chapter 26.Syslog Commands ..................237 logging on ............................237 logging ............................... 237 logging console..........................
Page 11 disable..............................265 login..............................266 configure ............................266 exit (Configuration)..........................267 exit..............................267 end ..............................268 help ..............................268 terminal datadump ..........................269 show history ............................270 show privilege ............................270 Chapter 30.VLAN Commands ..................272 vlan database.............................272 vlan..............................272 default-vlan vlan ..........................273 interface vlan............................273 interface range vlan..........................274 name ..............................275 switchport protected ...........................275 switchport mode ..........................276 switchport access vlan ........................278 switchport trunk allowed vlan ......................278...
Page 12 Allied Telesis Command Line Interface User’s Guide show crypto certificate mycertificate....................298 show ip http ............................299 show ip https............................299 Chapter 32..................802.1x Commands301 aaa authentication dot1x ........................301 dot1x system-auth-control ......................... 301 dot1x port-control..........................302 dot1x re-authentication ........................303 dot1x timeout re-authperiod.......................
Page 13: Preface
Preface Preface This guide describes how to configure an AT-8000S Series switch using the command line interface. The commands are grouped by topic into the following chapters: • Chapter 1. "Using the CLI" — Describe the CLI basic structure and command usage.
Page 14: Intended Audience
Allied Telesis Command Line Interface User’s Guide administrative LACP timeouts, display LACP information for Ethernet ports, and display LACP information for a port-channel. • Chapter 15. "Management ACL Commands" — Define a permit or deny a rule, or configure a management access control list.
Page 15: Document Conventions
Preface Document Conventions Document Conventions This document uses the following conventions: Note Provides related information or information of special importance. Caution Indicates potential damage to hardware or software, or loss of data. Warning Indicates a risk of personal injury. Page 3...
Page 16: Contacting Allied Telesis
Email and Telephone For Technical Support via email or telephone, refer to the Allied Telesis web site: www.alliedtelesis.com. Select your country from the list displayed on the website. Then Support select the appropriate menu tab.
Page 17: Chapter 1.Using The Cli
Using the CLI CLI Command Modes Chapter 1. Using the CLI Overview This chapter describes how to start using the CLI and the CLI command editing features. CLI Command Modes Introduction To assist in configuring the device, the Command Line Interface (CLI) is divided into different command modes. Each command mode has its own set of specific commands.
Page 18: Global Configuration Mode
Allied Telesis Command Line Interface User’s Guide Enter the password and press <Enter>. The password is displayed as *. The Privileged EXEC mode prompt is displayed. The Privileged EXEC mode prompt consists of the device host name followed by #. Console# To return from the Privileged EXEC mode to the User EXEC mode, use the disable command.
Page 19: Interface Configuration And Specific Configuration Modes
Using the CLI CLI Command Modes Interface Configuration and Specific Configuration Modes Interface Configuration mode commands modify specific interface operations. The following are the Interface Configuration modes: • Line Interface — Contains commands to configure the management connections. These include commands such as line timeout settings, etc.
Page 20: Starting The Cli
Allied Telesis Command Line Interface User’s Guide Starting the CLI The device can be managed over a direct connection to the device console port or via a Telnet connection. The device is managed by entering command keywords and parameters at the prompt. Using the device Command Line Interface (CLI) is very similar to entering commands on a UNIX system.
Page 21: Editing Features
Using the CLI Editing Features Editing Features Entering Commands A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command show interfaces status ethernet 1/e11, show, interfaces and status are keywords, ethernet is an argument that specifies the interface type, and 1/e11 specifies the port.
Page 22: Negating The Effect Of Commands
Allied Telesis Command Line Interface User’s Guide Negating the Effect of Commands For many configuration commands, the prefix keyword no can be entered to cancel the effect of a command or reset the configuration to the default value. This guide describes the negation effect for all applicable commands. Command Completion If the command entered is incomplete, invalid or has missing or invalid parameters, then the appropriate error message is displayed.
Page 23: Cli Command Conventions
CLI Command Conventions When entering commands there are certain command entry standards that apply to all commands. The following table describes the command conventions. Con ve nti on Desc ri pti on In a command line, square brackets indicates an optional entry. In a command line, curly brackets indicate a selection of compulsory parameters separated by the | character.
Page 24: Chapter 2.Acl Commands
Allied Telesis Command Line Interface User’s Guide Chapter 2. ACL Commands ip access-list The ip access-list Global Configuration mode command defines an IPv4 Access List and places the device in IPv4 Access List Configuration mode. Use the no form of this command to remove the Access List. Syntax ip access-list access-list-name no ip access-list access-list-name...
Page 25 ACL Commands permit-udp {any | { source source-wildcard}} {any | source-port} {any | {destination destination-wildcard}} {any | destination-port} [dscp number | ip-precedence number] Parameters • source — Source IP address of the packet. • source-wildcard — Wildcard bits to be applied to the source IP address. Use 1s in the bit position to be ignored.
Page 26 Allied Telesis Command Line Interface User’s Guide IP P r o t oco l A bb r ev ia t ed N am e P r o to co l N u m be r Internet Control Message Protocol icmp Internet Group Management Protocol igmp IP in IP (encapsulation) Protocol...
Page 27: Deny (Ip)
ACL Commands mobile-registration-request, mobile-registration-reply, domain-name-request, domain-name-reply, skip and photuris. (Range: 0-255) • icmp-code — Specifies an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code. (Range: 0-255) •...
Page 28 Allied Telesis Command Line Interface User’s Guide flags] deny-udp [disable-port] {any|{ source source-wildcard}} {any| source-port} {any|{destination destination-wildcard}} {any|destination-port} [dscp number | ip-precedence number] Parameters • disable-port — The Ethernet interface is disabled if the condition is matched. (Range: 0 - 65535) •...
Page 29: Mac Access-List
ACL Commands IP P r o t oco l A bb r ev ia t ed N am e P r o to co l N u m be r Ipv6 protocol ipv6 Routing Header for IPv6 ipv6-route Fragment Header for IPv6 ipv6-frag Inter-Domain Routing Protocol idrp...
Page 30: Permit (Mac)
Allied Telesis Command Line Interface User’s Guide no mac access-list access-list-name Parameters • access-list-name — Name of the MAC-Access List. Default Configuration No MAC-Access List is defined. Command Mode Global Configuration mode User Guidelines MAC ACLs are defined by a unique name. An IPv4 ACL, IPv6 ACL and MAC ACL cannot share the same name. Example The following example shows how to create a MAC ACL.
Page 31: Deny (Mac)
ACL Commands User Guidelines Enter IP-Access List configuration mode by using the MAC access-list Global Configuration mode command. After an access control entry (ACE) is added to an access control list, an implied deny-any-any condition exists at the end of the list. That is, if there are no matches, the packets are denied. However, before the first ACE is added, the list permits all packets.
Page 32: Service-Acl
Allied Telesis Command Line Interface User’s Guide The following user guidelines are relevant to GE devices only: • Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an ACE is added, an implied deny-any-any condition exists at the end of the list and those packets that do not match the conditions defined in the permit statement are denied.
Page 33: Show Interfaces Access-Lists
ACL Commands Parameters • name — Name of the ACL. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays access lists. Console# show access-lists IP access list ACL1 permit ip host 172.30.40.1 any...
Page 34 Allied Telesis Command Line Interface User’s Guide Example The following example displays ACLs applied to the interfaces of a device: Console# show interfaces access-lists Interface Input ACL --------- --------- 1/e1 ACL1 2/e1 ACL3 Page 22 Not approved by Document Control. For review only.
Page 35: Chapter 3.Aaa Commands
AAA Commands Chapter 3. AAA Commands aaa authentication login The aaa authentication login Global Configuration mode command defines login authentication. Use the no form of this command to return to the default configuration. Syntax aaa authentication login {default | list-name} method1 [method2...] no aaa authentication login {default | list-name} Parameters •...
Page 36: Aaa Authentication Enable
Allied Telesis Command Line Interface User’s Guide User Guidelines The default and optional list names created with the aaa authentication login command are used with the login authentication command. Create a list by entering the aaa authentication login list-name method command for a particular protocol, where list-name is any character string used to name this list.
Page 37: Login Authentication
AAA Commands Command Mode Global Configuration mode User Guidelines The default and optional list names created with the aaa authentication enable command are used with the enable authentication command. The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
Page 38: Enable Authentication
Allied Telesis Command Line Interface User’s Guide enable authentication The enable authentication Line Configuration mode command specifies the authentication method list when accessing a higher privilege level from a remote telnet or console. Use the no form of this command to return to the default configuration specified by the aaa authentication enable command.
Page 39: Ip Https Authentication
AAA Commands radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Configuration The local user database is checked. This has the same effect as the command ip http authentication local. Command Mode Global Configuration mode User Guidelines...
Page 40: Show Authentication Methods
Allied Telesis Command Line Interface User’s Guide User Guidelines The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
Page 41: Password
AAA Commands Line Login Method List Enable Method List -------------- ----------------- ------------------ Console Console_Login Console_Enable Telnet Default Default Default Default http: Radius, Local https: Radius, Local dot1x: Radius password The password Line Configuration mode command specifies a password on a line. Use the no form of this command to remove the password.
Page 42: Show Users Accounts
Allied Telesis Command Line Interface User’s Guide Syntax username name [password password] [level level] [encrypted] no username name Parameters • name — The name of the user (Range: 1- 20 characters). • password — The authentication password for the user (Range: 1-159 characters). •...
Page 43: Enable Password
AAA Commands Example The following example displays the local users configured with access to the system. Console# show users accounts Username Privilege Password Password Expiry Lockout Aging date -------- --------- -------- ----------- ------- Jan 21 2005 Admin Jan 21 2005 Manager Jan 21 2005 The following table describes significant fields shown above.
Page 44 Allied Telesis Command Line Interface User’s Guide Example The following example sets a local level 15 password called ‘secret’ to control access to user and privilege levels. . Console(config)# enable password secret level 15 Page 32 Not approved by Document Control. For review only.
Page 45: Chapter 4.Address Table Commands
Address Table Commands Chapter 4. Address Table Commands bridge address The bridge address Interface Configuration (VLAN) mode command adds a MAC-layer station source address to the bridge table. Use the no form of this command to delete the MAC address. Syntax bridge address mac-address {ethernet interface | port-channel port-channel-number} [permanent permanent} | delete-on-reset delete-on-reset} | delete-on-timeout delete-on-timeout} | secure secure]...
Page 46: Bridge Multicast Address
Allied Telesis Command Line Interface User’s Guide Syntax bridge multicast filtering no bridge multicast filtering Parameters This command has no keywords or arguments. Default Configuration Filtering Multicast addresses is disabled. All Multicast addresses are flooded to all ports. Command Mode Global Configuration mode User Guidelines If routers exist on the VLAN, do not change the unregistered Multicast addresses state to drop on the routers...
Page 47: Bridge Multicast Forbidden Address
Address Table Commands Command Mode Interface configuration (VLAN) mode User Guidelines If the command is executed without add or remove, the command only registers the group in the bridge database. Static Multicast addresses can only be defined on static VLANs. Example The following example registers the MAC address: Console(config)# interface vlan 8...
Page 48: Bridge Multicast Forward-All
Allied Telesis Command Line Interface User’s Guide Example In this example, MAC address 0100.5e02.0203 is forbidden on port 2/e9 within VLAN 8. Console(config)# interface vlan 8 Console(config-if)# bridge multicast address 0100.5e02.0203 Console(config-if)# bridge multicast forbidden address 0100.5e02.0203 add ethernet 2/e9 bridge multicast forward-all The bridge multicast forward-all Interface Configuration (VLAN) mode command enables forwarding all Multicast packets on a port.
Page 49: Bridge Aging-Time
Address Table Commands Syntax bridge multicast forbidden forward-all {add | remove} {ethernet interface-list | port-channel port-channel- number-list} no bridge multicast forbidden forward-all Parameters • add — Forbid forwarding all Multicast packets. • remove — Do not forbid forwarding all Multicast packets. •...
Page 50: Clear Bridge
Allied Telesis Command Line Interface User’s Guide Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example In this example the bridge aging time is set to 250. Console(config)# bridge aging-time 250 clear bridge The clear bridge Privileged EXEC mode command removes any learned entries from the forwarding database.
Page 51: Port Security Mode
Address Table Commands Default Configuration This setting is disabled. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example In this example, port 1/e1 forwards all packets without learning addresses of packets from unknown sources and sends traps every 100 seconds if a packet with an unknown source address is received.
Page 52: Port Security Max
Allied Telesis Command Line Interface User’s Guide port security max The port security max Interface Configuration (Ethernet, port-channel) mode command configures the maximum number of addresses that can be learned on the port while the port is in port security mode. Use the no form of this command to return to the default configuration.
Page 53: Show Bridge Address-Table
Address Table Commands Command Mode Interface Configuration (Ethernet, port-channel) mode. Cannot be configured for a range of interfaces (range context). User Guidelines The command enables adding secure MAC addresses to a routed port in port security mode. The command is available when the port is a routed port and in port security mode.
Page 54: Show Bridge Address-Table Static
Allied Telesis Command Line Interface User’s Guide Aging time is 300 sec vlan mac address Port Type --------- -------------- ---- ------- 00:02:3f:b4:28:05 dynamic 00:07:40:c9:5f:83 dynamic 00:15:77:74:64:40 dynamic show bridge address-table static The show bridge address-table static Privileged EXEC mode command displays statically created entries in the bridge-forwarding database.
Page 55: Show Bridge Address-Table Count
Address Table Commands show bridge address-table count The show bridge address-table count Privileged EXEC mode command displays the number of addresses present in the Forwarding Database. Syntax show bridge address-table count [vlan vlan][ ethernet interface-number | port-channel port-channel-number] Parameters • vlan —...
Page 56: Show Bridge Multicast Address-Table
Allied Telesis Command Line Interface User’s Guide show bridge multicast address-table The show bridge multicast address-table Privileged EXEC mode command displays the bridge Multicast Address Table information. Syntax show bridge multicast address-table [vlan vlan-id] [address mac-multicast-address | ip-multicast-address] [format ip | format mac] [source ip-address] Parameters •...
Page 57 Address Table Commands Examples In these examples, Multicast MAC address and IP Address Table information is displayed. Console# show bridge multicast address-table Multicast address table for VLANs in MAC-GROUP bridging mode: Vlan MAC Address Type Ports ---- -------------- ------- ---------- 0100.5e23.8787 static 1/e1, 2/e2...
Page 58: Show Bridge Multicast Address-Table Static
Allied Telesis Command Line Interface User’s Guide Note A Multicast MAC address maps to multiple IP addresses as shown above. show bridge multicast address-table static The show bridge multicast address-table static Privileged EXEC mode command displays statically configured Multicast addresses. Syntax show bridge multicast address-table static [vlan vlan-id] [address mac-multicast-address | Parameters...
Page 59: Default Configuration
Address Table Commands Syntax show bridge multicast filtering vlan-id Parameters • vlan-id — VLAN ID value. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example In this example, the Multicast configuration for VLAN 1 is displayed.
Page 60: Show Ports Security
Allied Telesis Command Line Interface User’s Guide show ports security The show ports security Privileged EXEC mode command displays the port-lock status. Syntax show ports security [ethernet interface | port-channel port-channel-number] Parameters • interface — A valid Ethernet port. • port-channel-number —...
Page 61: Show Ports Security Addresses
Address Table Commands show ports security addresses The show ports security addresses Privileged EXEC mode command displays the current dynamic addresses in locked ports. Syntax show ports security addresses [ethernet interface | port-channel port-channel-number] Parameters • interface — A valid Ethernet port. •...
Page 62 Allied Telesis Command Line Interface User’s Guide In this example, dynamic addresses in currently locked port 1/e1 are displayed. Console# show ports security addresses ethernet 1/e1 Port Status Learning Current Maximum ---- -------- -------- ------- ------- 1/e1 Disabled Lock Page 50 Not approved by Document Control.
Page 63: Chapter 5.Clock Commands
Clock Commands Chapter 5. Clock Commands clock set The clock set Privileged EXEC mode command manually sets the system clock. Syntax clock set hh:mm:ss day month year clock set hh:mm:ss month day year Parameters • hh:mm:ss — Current time in hours (military format), minutes, and seconds (hh: 0 - 23, mm: 0 - 59, ss: 0 - 59). •...
Page 64: Clock Timezone
Allied Telesis Command Line Interface User’s Guide Default Configuration No external clock source Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures an external time source for the system clock. Console(config)# clock source sntp clock timezone The clock timezone Global Configuration mode command sets the time zone for display purposes.
Page 65: Clock Summer-Time
Clock Commands clock summer-time The clock summer-time Global Configuration mode command configures the system to automatically switch to summer time (daylight saving time). Use the no form of this command to configure the software not to automatically switch to summer time. Syntax clock summer-time recurring {usa | eu | {week day month hh:mm week day month hh:mm}} [offset offset] [zone acronym]...
Page 66: Sntp Authentication-Key
Allied Telesis Command Line Interface User’s Guide User Guidelines In both the date and recurring forms of the command, the first part of the command specifies when summer time begins, and the second part specifies when it ends. All times are relative to the local time zone. The start time is relative to standard time.
Page 67: Sntp Authenticate
Clock Commands Example The following example defines the authentication key for SNTP. Console(config)# sntp authentication-key 8 md5 ClkKey sntp authenticate The sntp authenticate Global Configuration mode command grants authentication for received Simple Network Time Protocol (SNTP) traffic from servers. Use the no form of this command to disable the feature. Syntax sntp authenticate no sntp authenticate...
Page 68: Sntp Client Poll Timer
Allied Telesis Command Line Interface User’s Guide Command Mode Global Configuration mode User Guidelines The command is relevant for both received Unicast and Broadcast. If there is at least 1 trusted key, then unauthenticated messages will be ignored. Example The following example authenticates key 8. Console(config)# sntp authentication-key 8 md5 ClkKey Console(config)# sntp trusted-key 8 Console(config)# sntp authenticate...
Page 69: Sntp Anycast Client Enable
Clock Commands Syntax sntp broadcast client enable no sntp broadcast client enable Default Configuration The SNTP Broadcast client is disabled. Command Mode Global Configuration mode User Guidelines Use the sntp client enable (Interface) Interface Configuration mode command to enable the SNTP client on a specific interface.
Page 70: Sntp Client Enable (Interface)
Allied Telesis Command Line Interface User’s Guide sntp client enable (Interface) The sntp client enable Interface Configuration (Ethernet, port-channel, VLAN) mode command enables the Simple Network Time Protocol (SNTP) client on an interface. This applies to both receive Broadcast and Anycast updates.
Page 71: Sntp Unicast Client Poll
Clock Commands Example The following example enables the device to use the Simple Network Time Protocol (SNTP) to request and accept SNTP traffic from servers. Console(config)# sntp unicast client enable sntp unicast client poll The sntp unicast client poll Global Configuration mode command enables polling for the Simple Network Time Protocol (SNTP) predefined Unicast servers.
Page 72: Show Clock
Allied Telesis Command Line Interface User’s Guide Default Configuration No servers are defined. Command Mode Global Configuration mode User Guidelines Up to 8 SNTP servers can be defined. To enable predefined Unicast clients globally use the sntp unicast client enable Global Configuration mode command.
Page 73: Show Sntp Configuration
Clock Commands Example The following example displays the time and date from the system clock. Console> show clock 15:29:03 PDT(UTC-7) Jun 17 2002 Time source is SNTP Console> show clock detail 15:29:03 PDT(UTC-7) Jun 17 2002 Time source is SNTP Time zone: Acronym is PST Offset is UTC-8...
Page 74: Show Sntp Status
Allied Telesis Command Line Interface User’s Guide Authentication is required for synchronization. Trusted Keys: 8, 9 Unicast Clients: Enabled Unicast Clients Polling: Enabled Server Polling Encryption Key ----------- ------- -------------- 176.1.1.8 Enabled 176.1.8.179 Disabled Disabled Broadcast Clients: Enabled Anycast Clients: Enabled Broadcast and Anycast Interfaces: 1/e1, 1/e3 show sntp status The show sntp status Privileged EXEC mode command shows the status of the Simple Network Time Protocol...
Page 75 Clock Commands ----------- ------- ---------------------------- ------ ------ 176.1.1.8 19:58:22.289 PDT Feb 19 2002 7.33 117.79 176.1.8.179 Unknown 12:17.17.987 PDT Feb 19 2002 8.98 189.19 Anycast server: Server Interface Status Last response Offset Delay [mSec] [mSec] --------- ------- ----- ----------------------------- ------ ----- 176.1.11.8 VLAN 118...
Page 76: Chapter 6.Configuration And Image File Commands
Allied Telesis Command Line Interface User’s Guide Chapter 6. Configuration and Image File Commands copy The copy Privileged EXEC mode command copies files from a source to a destination. Syntax copy source-url destination-url Parameters • source-url — The source file location URL or reserved keyword of the source file to be copied. (Range: 1-160 characters) •...
Page 77 Configuration and Image File Commands User Guidelines Up to five backup configuration files are supported on the device. The location of a file system dictates the format of the source or destination URL. The entire copying process may take several minutes and differs from protocol to protocol and from network to network.
Page 78: Dir
Allied Telesis Command Line Interface User’s Guide To copy the running configuration file to a backup configuration file, enter the copy running-config file command. To copy the startup configuration file to a backup configuration file, enter the copy startup-config file command. Before copying from the backup configuration file to the running configuration file, make sure that the backup configuration file has not been corrupted.
Page 79: Delete
Configuration and Image File Commands syslog1.sys 262144 01-Jan-2000 01:03:21 syslog2.sys 262144 01-Jan-2000 01:03:21 directry.prv 262144 01-Jan-2000 01:02:15 startup-config 524288 01-Jan-2000 01:06:34 Total size of flash: 15728640 bytes Free size of flash: 3538944 bytes console# delete The delete Privileged EXEC mode command deletes a file from a flash memory device. Syntax delete url Parameters...
Page 80: Boot System
Allied Telesis Command Line Interface User’s Guide boot system The boot system Privileged EXEC mode command specifies the system image that the device loads at startup. Syntax boot system [unit unit] {image-1 | image-2} Parameters • unit — Specifies the unit number. •...
Page 81: Show Startup-Config
Configuration and Image File Commands Example The following example displays the contents of the running configuration file. Console# show running-config software version 1.1 hostname device interface ethernet 1/e1 ip address 176.242.100.100 255.255.255.0 duplex full speed 1000 interface ethernet 1/e2 ip address 176.243.100.100 255.255.255.0 duplex full speed 1000 show startup-config...
Page 82: Show Bootvar
Allied Telesis Command Line Interface User’s Guide interface ethernet 1/e1 ip address 176.242.100.100 255.255.255.0 duplex full speed 1000 interface ethernet 1/e2 ip address 176.243.100.100 255.255.255.0 duplex full speed 1000 show bootvar The show bootvar Privileged EXEC mode command displays the active system image file that is loaded by the device at startup.
Page 83: Chapter 7.Dhcp Option 82 Commands
DHCP Option 82 Commands Chapter 7. DHCP Option 82 Commands ip dhcp information option The ip dhcp information option Global Configuration mode command enables Dynamic Host Configuration Protocol (DHCP) option-82 data insertion. Use the no form of this command to disable DHCP option-82 data insertion.
Page 84: Ip Dhcp Relay Enable
Allied Telesis Command Line Interface User’s Guide Command Mode Privileged EXEC User Guidelines There are no user guidelines for this command. Example The following example displays the DHCP option 82 configuration. Console(config)# show ip dhcp information option ip dhcp relay enable The ip dhcp relay enable Global Configuration mode command enables DHCP relay features on your router.
Page 85: Chapter 8.Dhcp Snooping Commands
DHCP Snooping Commands Chapter 8. DHCP Snooping Commands ip dhcp snooping The ip dhcp snooping Global Configuration mode command globally enables DHCP snooping. Use the no form of this command to return to the default setting. Syntax ip dhcp snooping no ip dhcp snooping Parameters This command has no arguments or keywords...
Page 86: Ip Dhcp Snooping Trust
Allied Telesis Command Line Interface User’s Guide Command Mode Global Configuration mode User Guidelines DHCP snooping must be first globally enabled before enabling DHCP snooping on a VLAN. Example The following example configures DHCP snooping on a VLAN. Console(config)# ip dhcp snooping vlan 1 ip dhcp snooping trust The ip dhcp snooping trust Interface Configuration mode command configures a port as trusted for DHCP snooping purposes.
Page 87: Ip Dhcp Snooping Information Option Allowed-Untrusted
DHCP Snooping Commands ip dhcp snooping information option allowed-untrusted The ip dhcp snooping information option allowed-untrusted Global Configuration mode command configures a switch to accept DHCP packets with option-82 information from an untrusted port. Use the no form of this command to configure the switch to drop these packets from an untrusted port.
Page 88: Ip Dhcp Snooping Database
Allied Telesis Command Line Interface User’s Guide User Guidelines There are no user guidelines for this command. Example The following example configures the switch to verify on an untrusted port that the source MAC address in a DHCP packet matches the client hardware address Console(config) #ip dhcp snooping verify ip dhcp snooping database The ip dhcp snooping database Global Configuration mode command configures the DHCP snooping binding...
Page 89: Ip Dhcp Snooping Binding
DHCP Snooping Commands no ip dhcp snooping database update-freq Parameters • seconds — Specify, in seconds, the update frequency (Range: 600 - 86400 ). Default Configuration 1200 Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures the update frequency of the DHCP snooping binding file.
Page 90: Clear Ip Dhcp Snooping Database
Allied Telesis Command Line Interface User’s Guide User Guidelines After entering this command an entry is added to the DHCP snooping database. If DHCP snooping binding file exists, the entry is added to that file also. The entry is displayed in the show commands as a ‘DHCP Snooping entry’. Example The following example configures the DHCP snooping binding database and adds binding entries to the database.
Page 91 DHCP Snooping Commands Parameters • mac-address — Specify a MAC address • ip-address — Specify an IP address. • vlan-id — Specify a VLAN number. • interface — Specify Ethernet port. • port-channel-number — Specify Port-channel number Default Configuration Command Mode EXEC User Guidelines There are no user guidelines for this command.
Page 92: Chapter 9.Ethernet Configuration Commands
Allied Telesis Command Line Interface User’s Guide Chapter 9. Ethernet Configuration Commands interface ethernet The interface ethernet Global Configuration mode command enters the interface configuration mode to configure an Ethernet type interface. Syntax interface ethernet interface Parameters • interface — Valid Ethernet port. (Full syntax: unit/port) Default Configuration This command has no default configuration.
Page 93: Shutdown
Ethernet Configuration Commands Command Mode Global Configuration mode User Guidelines Commands under the interface range context are executed independently on each active interface in the range. If the command returns an error on one of the active interfaces, it does not stop executing commands on other active interfaces.
Page 94: Description
Allied Telesis Command Line Interface User’s Guide description The description Interface Configuration (Ethernet, port-channel) mode command adds a description to an interface. Use the no form of this command to remove the description. Syntax description string no description Parameters • string —...
Page 95: Duplex
Ethernet Configuration Commands Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines The no speed command in a port-channel context returns each port in the port-channel to its maximum capability. Example The following example configures the speed operation of Ethernet port 1/e5 to 100 Mbps operation. Console(config)# interface ethernet 1/e5 Console(config-if)# speed 100 duplex...
Page 96: Negotiation
Allied Telesis Command Line Interface User’s Guide negotiation The negotiation Interface Configuration (Ethernet, port-channel) mode command enables auto-negotiation operation for the speed and duplex parameters of a given interface. Use the no form of this command to disable auto-negotiation. Syntax negotiation [capability1 [capability2…capability5]] no negotiation Parameters...
Page 97: Mdix
Ethernet Configuration Commands Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines Negotiation should be enabled for flow control auto. Example In the following example, flow control is enabled on port 1/e5. Console(config)# interface ethernet 1/e5 Console(config-if)# flowcontrol on mdix The mdix Interface Configuration (Ethernet) mode command enables cable crossover on a given interface.
Page 98: Back-Pressure
Allied Telesis Command Line Interface User’s Guide back-pressure The back-pressure Interface Configuration (Ethernet, port-channel) mode command enables back pressure on a given interface. Use the no form of this command to disable back pressure. Syntax back-pressure no back-pressure Default Configuration Back pressure is enabled.
Page 99: Set Interface Active
Ethernet Configuration Commands Example In the following example, the counters for interface 1/e1 are cleared. Console> clear counters ethernet 1/e1 set interface active The set interface active Privileged EXEC mode command reactivates an interface that was shutdown. Syntax set interface active {ethernet interface | port-channel port-channel-number} Parameters •...
Page 100: Show Interfaces Configuration
Allied Telesis Command Line Interface User’s Guide Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following examples display autonegotiation information. Console# show interfaces advertise Port Type Operational Link Advertisement ---- ----------- ------- ------------------------------ 100M-Copper...
Page 101: Command Modes
Ethernet Configuration Commands Parameters • interface — Valid Ethernet port. (Full syntax: unit/port) • port-channel-number — Valid port-channel number. Default Configuration This command has no default configuration. Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the configuration of all configured interfaces: Console# show interfaces configuration...
Page 102: Show Interfaces Status
Allied Telesis Command Line Interface User’s Guide show interfaces status The show interfaces status Privileged EXEC mode command displays the status of all configured interfaces. Syntax show interfaces status [ethernet interface| port-channel port-channel-number] Parameters • interface — A valid Ethernet port. (Full syntax: unit/port) •...
Page 103: Show Interfaces Description
Ethernet Configuration Commands 100M-Copper Down 100M-Copper Down 100M-Copper Down 100M-Copper Down 100M-Copper Down show interfaces description The show interfaces description Privileged EXEC mode command displays the description for all configured interfaces. Syntax show interfaces description [ethernet interface | port-channel port-channel-number] Parameters •...
Page 104: Show Interfaces Counters
Allied Telesis Command Line Interface User’s Guide show interfaces counters The show interfaces counters User EXEC mode command displays traffic seen by the physical interface. Syntax show interfaces counters [ethernet interface | port-channel port-channel-number] Parameters • interface — A valid Ethernet port. (Full syntax: unit/port) •...
Page 105 Ethernet Configuration Commands OutUcastPkts OutMcastPkts OutBcastPkts OutOctets -------- ------------ ------------ ------------------ --------------- console# Console# show interfaces counters ethernet 1/e1 Port InUcastPkts InMcastPkts InBcastPkts InOctets ------ ----------- -------------- ----------- ----------- 1/e1 Port OutUcastPkts OutMcastPkts OutBcastPkts OutOctets ------ ----------- -------------- ------------ ------------ 1/e1 FCS Errors: 0 Single Collision Frames: 0...
Page 106: Show System Flowcontrol
Allied Telesis Command Line Interface User’s Guide The following table describes the fields shown in the display: Field Des cription InOctets Counted received octets. InUcastPkts Counted received Unicast packets. InMcastPkts Counted received Multicast packets. InBcastPkts Counted received Broadcast packets. OutOctets Counted transmitted octets.
Page 107: Port Storm-Control Include-Multicast (Ic)
Ethernet Configuration Commands Example Console# show system flowcontrol port storm-control include-multicast (IC) The port storm-control include-multicast Interface Configuration (Ethernet) mode command counts Multicast packets in Broadcast storm control. Use the no form of this command to disable counting Multicast packets. Syntax port storm-control include-multicast [unknown-unicast] no port storm-control include-multicast...
Page 108: Port Storm-Control Broadcast Rate
Allied Telesis Command Line Interface User’s Guide Command Modes Interface Configuration (Ethernet) mode User Guidelines Use the port storm-control broadcast rate Interface Configuration (Ethernet) mode command, to set the maximum allowable Broadcast rate. For FE devices, use the port storm-control include-multicast Interface Configuration (Ethernet) mode command to enable counting Multicast packets and optionally unknown Unicast packets in the storm control calculation.
Page 109: Show Ports Storm-Control
Ethernet Configuration Commands Command Mode Interface Configuration (Ethernet) mode User Guidelines Use the port storm-control broadcast enable Interface Configuration mode command to enable Broadcast storm control. For FE ports, the software displays the actual rate since granularity depends on the requested rate. For GE ports, the rate is rounded off to the nearest 64 Kbits/Sec (except for 1-63 Kbits/Sec which is rounded off to 64 Kbits/Sec).
Page 110: Chapter 10.Gvrp Commands
Allied Telesis Command Line Interface User’s Guide Chapter 10.GVRP Commands gvrp enable (Global) GARP VLAN Registration Protocol (GVRP) is an industry-standard protocol designed to propagate VLAN information from device to device. With GVRP, a single device is manually configured with all desired VLANs for the network, and all other devices on the network learn these VLANs dynamically.
Page 111: Garp Timer
GVRP Commands User Guidelines An access port does not dynamically join a VLAN because it is always a member in only one VLAN. Membership in an untagged VLAN is propagated in the same way as in a tagged VLAN. That is, the PVID is manually defined as the untagged VLAN VID.
Page 112: Gvrp Vlan-Creation-Forbid
Allied Telesis Command Line Interface User’s Guide Example The following example sets the leave timer for Ethernet port 1/e6 to 900 milliseconds. Console(config)# interface ethernet 1/e6 Console(config-if)# garp timer leave 900 gvrp vlan-creation-forbid The gvrp vlan-creation-forbid Interface Configuration (Ethernet, port-channel) mode command disables dynamic VLAN creation or modification.
Page 113: Clear Gvrp Statistics
GVRP Commands Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example forbids dynamic registration of VLANs on Ethernet port 1/e6. Console(config)# interface ethernet 1/e6 Console(config-if)# gvrp registration-forbid clear gvrp statistics The clear gvrp statistics Privileged EXEC mode command clears all GVRP statistical information.
Page 114: Show Gvrp Statistics
Allied Telesis Command Line Interface User’s Guide Parameters • interface — A valid Ethernet port. (Full syntax: unit/port) • port-channel-number — A valid port-channel number. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command.
Page 115: Show Gvrp Error-Statistics
GVRP Commands Parameters • interface — A valid Ethernet port. (Full syntax: unit/port) • port-channel-number — A valid port-channel number. Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example shows GVRP statistical information: Console>...
Page 116: Command Mode
Allied Telesis Command Line Interface User’s Guide Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays GVRP statistical information. Console> show gvrp error-statistics GVRP Error Statistics: Legend: INVPROT : Invalid Protocol Id INVALEN : Invalid Attribute Length...
Page 117: Chapter 11.Igmp Snooping Commands
IGMP Snooping Commands Chapter 11.IGMP Snooping Commands Note In order to enable IGMP snooping, the user must enable bridge Multicast filtering ip igmp snooping (Global) The ip igmp snooping Global Configuration mode command enables Internet Group Management Protocol (IGMP) snooping. Use the no form of this command to disable IGMP snooping. Syntax ip igmp snooping no ip igmp snooping...
Page 118: Ip Igmp Snooping Mrouter Learn-Pim-Dvmrp
Allied Telesis Command Line Interface User’s Guide Command Mode Interface Configuration (VLAN) mode User Guidelines IGMP snooping can only be enabled on static VLANs. Example The following example enables IGMP snooping on VLAN 2. Console(config)# interface vlan 2 Console(config-if)# ip igmp snooping ip igmp snooping mrouter learn-pim-dvmrp The ip igmp snooping mrouter learn-pim-dvmrp Interface Configuration (VLAN) mode command enables automatic learning of Multicast device ports in the context of a specific VLAN.
Page 119: Ip Igmp Snooping Host-Time-Out
IGMP Snooping Commands ip igmp snooping host-time-out The ip igmp snooping host-time-out Interface Configuration (VLAN) mode command configures the host-time- out. If an IGMP report for a Multicast group was not received for a host-time-out period from a specific port, this port is deleted from the member list of that Multicast group.
Page 120: Ip Igmp Snooping Querier Address
Allied Telesis Command Line Interface User’s Guide Command Mode Interface Configuration (VLAN) mode User Guidelines IGMP snooping querier can be enabled on a VLAN only if IGMP snooping is enabled for that VLAN. No more then one switch can be configured as an IGMP Querier for a VLAN. When IGMP Snooping Querier is enabled, it starts after host-time-out/2 with no IGMP traffic detected from a Multicast router.
Page 121: Ip Igmp Snooping Querier Version
IGMP Snooping Commands Example .The following example configures the source IP address that the IGMP Snooping querier uses. Console(config)# interface vlan 2 Console(config-if)# ip igmp snooping querier address 192.168.1.220 ip igmp snooping querier version The ip igmp snooping querier version Interface Configuration mode command configures the IGMP version of an IGMP querier on a specific VLAN.
Page 122: Ip Igmp Snooping Leave-Time-Out
Allied Telesis Command Line Interface User’s Guide no ip igmp snooping mrouter-time-out Parameters • time-out — Multicast device timeout in seconds (Range: 1 - 2147483647) Default Configuration The default value is 300 seconds. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command.
Page 123: Show Ip Igmp Snooping Mrouter
IGMP Snooping Commands Use immediate leave only where there is just one host connected to a port. Example The following example configures the host leave-time-out to 60 seconds. Console(config)# interface vlan 2 Console(config-if)# ip igmp snooping leave-time-out 60 show ip igmp snooping mrouter The show ip igmp snooping mrouter User EXEC mode command displays information on dynamically learned Multicast device interfaces.
Page 124: Show Ip Igmp Snooping Interface
Allied Telesis Command Line Interface User’s Guide show ip igmp snooping interface The show ip igmp snooping interface EXEC mode command shows IGMP snooping configuration. Syntax show ip igmp snooping interface vlan-id Parameters • vlan-id — VLAN number. Default Configuration This command has no default configuration.
Page 125: Show Ip Igmp Snooping Groups
IGMP Snooping Commands show ip igmp snooping groups The show ip igmp snooping groups command displays the Multicast groups that was learned by the IGMP snooping Syntax show ip igmp snooping groups [vlan vlan-id] [ip-multicast-address ip-multicast-address] [ip-address ip- address] Parameters •...
Page 126: Chapter 12.Ip Addressing Commands
Allied Telesis Command Line Interface User’s Guide Chapter 12.IP Addressing Commands ip address The ip address Interface Configuration (Ethernet, VLAN, port-channel) mode command sets an IP address. Use the no form of this command to remove an IP address. Syntax ip address ip-address {mask | prefix-length} no ip address [ip-address] Parameters...
Page 127: Ip Default-Gateway
IP Addressing Commands Parameters • host-name — Specifies the name of the host to be placed in the DHCP option 12 field. This name does not have to be the same as the host name specified in the hostname Global Configuration mode command. (Range: 1-20 characters) Default Configuration This command has no default configuration.
Page 128: Show Ip Interface
Allied Telesis Command Line Interface User’s Guide Default Configuration No default gateway is defined. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example defines default gateway 192.168.1.1. Console(config)# ip default-gateway 192.168.1.1 show ip interface The show ip interface Privileged EXEC mode command displays the usability status of configured IP interfaces.
Page 129: Arp
IP Addressing Commands IP Address Type ------------- --------- ------- 192.168.1.200/24 VLAN 1 Static console# The arp Global Configuration mode command adds a permanent entry in the Address Resolution Protocol (ARP) cache. Use the no form of this command to remove an entry from the ARP cache. Syntax arp ip_addr hw_addr {ethernet interface-number | vlan vlan-id | port-channel port-channel number | out-of- band-eth oob-interface }...
Page 130: Clear Arp-Cache
Allied Telesis Command Line Interface User’s Guide Syntax arp timeout seconds no arp timeout Parameters • seconds — Time (in seconds) that an entry remains in the ARP cache. (Range: 1-40000000) Default Configuration The default timeout is 60000 seconds. Command Mode Global Configuration mode User Guidelines It is recommended not to set the timeout value to less than 3600.
Page 131: Show Arp
IP Addressing Commands show arp The show arp Privileged EXEC mode command displays entries in the ARP table. Syntax show arp [ip-address ip-address] [mac-address mac-address] [ethernet interface | port-channel port-channel- number] Parameters • ip-address — Displays the ARP entry of a specific IP address. •...
Page 132: Ip Domain-Name
Allied Telesis Command Line Interface User’s Guide no ip domain-lookup Default Configuration The default configuration is set to enabled. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables IP Domain Naming System (DNS)-based host name-to-address translation. Console(config)# ip domain-lookup ip domain-name The ip domain-name Global Configuration mode command defines a default domain name used by the software...
Page 133: Ip Name-Server
IP Addressing Commands ip name-server The ip name-server Global Configuration mode command defines the available name servers. Use the no form of this command to remove a name server. Syntax ip name-server server-address [server-address2 … server-address8] no ip name-server [server-address1 … server-address8] Parameters •...
Page 134: Clear Host
Allied Telesis Command Line Interface User’s Guide Command Mode Interface Configuration (VLAN) mode User Guidelines To define an out-of-band address, use the out-of-band IP address format: oob/ip-address. Example The following example defines a static host name-to-address mapping in the host cache. Console(config)# ip host accounting.website.com 176.10.23.1 clear host The clear host Privileged EXEC mode command deletes entries from the host name-to-address cache.
Page 135: Show Hosts
IP Addressing Commands • * — Removes all entries. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command deletes the host name-to-address mapping temporarily until the next renew of the IP address. Example The following example deletes all entries from the host name-to-address mapping.
Page 136 Allied Telesis Command Line Interface User’s Guide Configured host name-to-address mapping: Host Addresses ---- --------- accounting.gm.com 176.16.8.8 176.16.8.9 (DHCP) Cache: TTL(Hours) Host Total Elapsed Type Addresses ---- ----- ------- ------ --------- www.stanford.edu 171.64.14.203 Page 124 Not approved by Document Control. For review only.
Page 137: Chapter 13.Line Commands
Line Commands Chapter 13.Line Commands line The line Global Configuration mode command identifies a specific line for configuration and enters the Line Configuration command mode. Syntax line {console | telnet | ssh} Parameters • console — Console terminal line. • telnet —...
Page 138: Autobaud
Allied Telesis Command Line Interface User’s Guide Default Configuration The default speed is 9600 bps. Command Mode Line Configuration (console) mode User Guidelines This command is available only on the line console. The configured speed is applied when Autobaud is disabled. This configuration applies only to the current session.
Page 139: Exec-Timeout
Line Commands exec-timeout The exec-timeout Line Configuration mode command sets the interval that the system waits until user input is detected. Use the no form of this command to return to the default configuration. Syntax exec-timeout minutes [seconds] no exec-timeout Parameters •...
Page 140: History Size
Allied Telesis Command Line Interface User’s Guide Example The following example enables the command history function for telnet. Console(config)# line telnet Console(config-line)# history history size The history size Line Configuration mode command configures the command history buffer size for a particular line.
Page 141: Terminal History Size
Line Commands Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example disables the command history function for the current terminal session. Console# terminal no history terminal history size The terminal history size user EXEC command configures the command history buffer size for the current terminal session.
Page 142 Allied Telesis Command Line Interface User’s Guide Syntax show line [console | telnet | ssh] Parameters • console — Console terminal line. • telnet — Virtual terminal for remote console access (Telnet). • ssh — Virtual terminal for secured remote console access (SSH). Default Configuration If the line is not specified, the default value is console.
Page 143: Section 14.Lacp Commands
LACP Commands Section 14. LACP Commands lacp system-priority The lacp system-priority Global Configuration mode command configures the system priority. Use the no form of this command to return to the default configuration. Syntax lacp system-priority value no lacp system-priority Parameters •...
Page 144: Lacp Port-Priority
Allied Telesis Command Line Interface User’s Guide lacp port-priority The lacp port-priority Interface Configuration (Ethernet) mode command configures physical port priority. Use the no form of this command to return to the default configuration, use the no form of this command. Syntax lacp port-priority value no lacp port-priority...
Page 145: Lacp Timeout
LACP Commands lacp timeout The lacp timeout Interface Configuration (Ethernet) mode command assigns an administrative LACP timeout. Use the no form of this command to return to the default configuration. Syntax lacp timeout {long | short} no lacp timeout Parameters •...
Page 146: Show Lacp Ethernet
Allied Telesis Command Line Interface User’s Guide show lacp ethernet The show lacp ethernet Privileged EXEC mode command displays LACP information for Ethernet ports. Syntax show lacp ethernet interface [parameters | statistics | protocol-state] Parameters • interface — Valid Ethernet port. (Full syntax: unit/port) •...
Page 147 LACP Commands distributing: FALSE expired: FALSE Partner system priority: system mac addr: 00:00:00:00:00:00 port Admin key: port Oper key: port Oper number: port Admin priority: port Oper priority: port Oper timeout: LONG LACP Activity: PASSIVE Aggregation: AGGREGATABLE synchronization: FALSE collecting: FALSE distributing: FALSE...
Page 148: Show Lacp Port-Channel
Allied Telesis Command Line Interface User’s Guide show lacp port-channel The show lacp port-channel Privileged EXEC mode command displays LACP information for a port-channel. Syntax show lacp port-channel [port_channel_number] Parameters • port_channel_number — Valid port-channel number. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 149: Chapter 15.Management Acl Commands
Management ACL Commands Chapter 15.Management ACL Commands management access-list The management access-list Global Configuration mode command configures a management Access List and enters the Management Access-list Configuration command mode. Use the no form of this command to delete an Access List. Syntax management access-list name no management access-list name...
Page 150: Permit (Management)
Allied Telesis Command Line Interface User’s Guide The following example creates a management Access List called mlist, configures all interfaces to be management interfaces except Ethernet interfaces 1/e1 and 2/e9 and makes the new Access List the active list. Console(config)# management access-list mlist Console(config-macl)# deny ethernet 1/e1 Console(config-macl)# deny ethernet 2/e9 Console(config-macl)# permit...
Page 151: Deny (Management)
Management ACL Commands deny (Management) The deny Management Access-List Configuration mode command defines a deny rule. Syntax deny [ethernet interface-number | vlan vlan-id | port-channel port-channel-number] [service service] deny ip-source ip-address [mask mask | prefix-length] [ethernet interface-number | vlan vlan-id | port-channel port-channel-number] [service service] Parameters •...
Page 152: Show Management Access-List
Allied Telesis Command Line Interface User’s Guide Parameters • console-only — Indicates that the device can be managed only from the console. • name — Specifies the name of the Access List to be used. (Range: 1-32 characters) Default Configuration If no Access List is specified, an empty Access List is used.
Page 153: Show Management Access-Class
Management ACL Commands permit ethernet 2/e2 ! (Note: all other access implicitly denied) show management access-class The show management access-class Privileged EXEC mode command displays the active management Access List. Syntax show management access-class Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 154: Chapter 16.Phy Diagnostics Commands
Allied Telesis Command Line Interface User’s Guide Chapter 16.PHY Diagnostics Commands test copper-port tdr The test copper-port tdr Privileged EXEC mode command uses Time Domain Reflectometry (TDR) technology to diagnose the quality and characteristics of a copper cable attached to a port. Syntax test copper-port tdr interface Parameters...
Page 155: Show Copper-Ports Cable-Length
PHY Diagnostics Commands Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines The maximum length of the cable for the TDR test is 120 meter. Example The following example displays information on the last TDR test performed on all copper ports. Console show copper-ports tdr Port Result...
Page 156 Allied Telesis Command Line Interface User’s Guide Example The following example displays the estimated copper cable length attached to all ports. Console show copper-ports cable-length Port Length [meters] ---- --------------------- 1/e1 < 50 1/e2 Copper not active 1/e3 110-140 1/g1 Fiber Page 144 Not approved by Document Control.
Page 157: Chapter 17.Port Channel Commands
Port Channel Commands Chapter 17.Port Channel Commands interface port-channel The interface port-channel Global Configuration mode command enters the interface configuration mode to configure a specific port-channel. Syntax interface port-channel port-channel-number Parameters • port-channel-number — A valid port-channel number. Default Configuration This command has no default configuration.
Page 158: Channel-Group
Allied Telesis Command Line Interface User’s Guide Command Mode Global Configuration mode User Guidelines Commands under the interface range context are executed independently on each interface in the range. Example The following example groups port-channels 1, 2 and 6 to receive the same command. Console(config)# interface range port-channel 1-2,6 channel-group The channel-group Interface Configuration (Ethernet) mode command associates a port with a port-channel.
Page 159 Port Channel Commands Parameters • port-channel-number — Valid port-channel number. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays information on all port-channels. Console# show interfaces port-channel Channel Ports...
Page 160: Chapter 18.Port Monitor Commands
Allied Telesis Command Line Interface User’s Guide Chapter 18.Port Monitor Commands port monitor The port monitor Interface Configuration mode command starts a port monitoring session. Use the no form of this command to stop a port monitoring session. Syntax port monitor src-interface [rx | tx] no port monitor src-interface Parameters •...
Page 161: Show Ports Monitor
Port Monitor Commands show ports monitor The show ports monitor User EXEC mode command displays the port monitoring status. Syntax show ports monitor Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example shows how the port monitoring status is displayed.
Page 162: Chapter 19.Power Over Ethernet Commands
Allied Telesis Command Line Interface User’s Guide Chapter 19.Power over Ethernet Commands Note The PoE commands are operational in the AT-8000S/24, AT-8000S/24POE, AT-8000S/48 and AT- 8000S/48POE devices. power inline The port inline Interface Configuration (Ethernet) mode command configures the administrative mode of inline power on an interface.
Page 163: Power Inline Priority
Power over Ethernet Commands no power inline powered-device Parameters • pd-type—Specifies the type of powered device attached to the interface. (Range: 1-24 characters) Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet) mode User Guidelines There are no user guidelines for this command. Example The following example configures a description to an IP-phone to a powered device connected to Ethernet interface 1/e1.
Page 164: Power Inline Usage-Threshold
Allied Telesis Command Line Interface User’s Guide Example The following example configures the device connected to Ethernet interface 1/e1 as a high-priority powered device. Console(config)# interface ethernet 1/e1 Console(config-if)# power inline priority high power inline usage-threshold The power inline usage-threshold Global Configuration mode command configures the threshold for initiating inline power usage alarms.
Page 165: Show Power Inline
Power over Ethernet Commands Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables inline power traps to be sent when a power usage threshold is exceeded. Console(config)# power inline traps enable show power inline The show power inline User EXEC mode command displays the information about inline power.
Page 166 Allied Telesis Command Line Interface User’s Guide Port Powered State Status Priority Class Device ---- ------- ----------- ------------- ------------ -------- 4/e1 Auto class1 4/e2 Auto class3 4/e3 Auto class1 4/e4 Auto class0 4/e5 Auto class1 4/e6 Auto class2 4/e7 Auto class4 4/e8 Auto...
Page 167 Power over Ethernet Commands Priority The priority of the port from the point of view of inline power management. Can be: Critical, High or Low. Status Describes the inline power operational status of the port. Can be: On, Off, Test- Fail, Testing, Searching or Fault.
Page 168: Chapter 20.Qos Commands
Allied Telesis Command Line Interface User’s Guide Chapter 20.QoS Commands The qos Global Configuration mode command enables quality of service (QoS) on the device. Use the no form of this command to disable QoS on the device. Syntax no qos Default Configuration QoS is disabled on the device.
Page 169: Priority-Queue Out Num-Of-Queues
QoS Commands Example The following example displays QoS attributes when QoS is disabled on the device. Console show qos Qos: disable Trust: dscp priority-queue out num-of-queues The priority-queue out num-of-queues Global Configuration mode command configures the number of expedite queues. Use the no form of this command to return to the default configuration. Syntax priority-queue out num-of-queues number-of-queues no priority-queue out num-of-queues...
Page 170: Traffic-Shape
Allied Telesis Command Line Interface User’s Guide Default Configuration 1000 Kbits/Sec Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines The command can be enabled on a specific port only if port storm-control Broadcast enable interface configuration command is not enabled on that port. Example The following example limits the rate of the incoming traffic to 62.
Page 171: Wrr-Queue Cos-Map
QoS Commands Syntax show qos interface [ethernet interface-number | vlan vlan-id | port-channel number] [queuing] Parameters • interface-number — Valid Ethernet port number. • vlan-id— Valid VLAN ID. • number — Valid port-channel number. • queuing — Indicates the queue strategy (WRR or EF), the weight for WRR queues, the CoS to queue map and the EF priority.
Page 172: Qos Wrr-Queue Threshold
Allied Telesis Command Line Interface User’s Guide Syntax wrr-queue cos-map queue-id cos1...cos8 no wrr-queue cos-map [queue-id] Parameters • queue-id — Specifies the queue number to which the CoS values are mapped. • cos1...cos8 — Specifies CoS values to be mapped to a specific queue. (Range: 0-7) Default Configuration.
Page 173: Qos Trust(Global)
QoS Commands Parameters • queue-id — Specify the queue ID you wish to assign the tail-drop. • threshold-percentage0,1,2 — Specify the tail-drop threshold percentage value. Range 0-100. each value is separate by space. Default Configuration The default thresholds are 80% for all thresholds. Command Mode Global Configuration mode User Guidelines...
Page 174: Qos Map Dscp-Queue
Allied Telesis Command Line Interface User’s Guide User Guidelines There are no user guidelines for this command. Example The following example configures the System to basic mode and the trust state. Console(config)# qos map dscp-dp 2 4 6 8 10 to qos map dscp-queue The qos map dscp-queue Global Configuration mode command modifies the DSCP to CoS map.
Page 175: Show Qos Map
QoS Commands Syntax qos cos default-cos no qos cos Parameters • default-cos — Specifies the default CoS value of the port. (Range: 0 - 7) Default Configuration Default CoS value of a port is 0. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines If the port is trusted, the default CoS value of the port is used to assign a CoS value to all untagged packets entering the port.
Page 176 Allied Telesis Command Line Interface User’s Guide Example The following example displays the DSCP port-queue map. Console> show qos map Dscp-queue map: The following table describes the significant fields shown above. Column Des cription Decimal Bit 1 of DSCP Decimal Bit 2 of DSCP 01 - 04 Queue numbers Page 164...
Page 177: Chapter 21.Radius Commands
Radius Commands Chapter 21.Radius Commands radius-server host The radius-server host Global Configuration mode command specifies a RADIUS server host. Use the no form of this command to delete the specified RADIUS host. Syntax radius-server host {ip-address | hostname} [auth-port auth-port-number] [timeout timeout] [retransmit retries] [deadtime deadtime] [key key-string] [source source] [priority priority] [usage type] no radius-server host {ip-address | hostname} Parameters...
Page 178: Radius-Server Key
Allied Telesis Command Line Interface User’s Guide Example The following example specifies a RADIUS server host with IP address 192.168.10.1, authentication request port number 20 and a 20-second timeout period. Console(config)# radius-server host 192.168.10.1 auth-port 20 timeout 20 radius-server key The radius-server key Global Configuration mode command sets the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon.
Page 179: Radius-Server Source-Ip
Radius Commands Parameters • retries — Specifies the retransmit value. (Range: 1 - 10) Default Configuration The software searches the list of RADIUS server hosts 3 times. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures the number of times the software searches the list of RADIUS server hosts to 5 times.
Page 180: Radius-Server Timeout
Allied Telesis Command Line Interface User’s Guide radius-server timeout The radius-server timeout Global Configuration mode command sets the interval during which the device waits for a server host to reply. Use the no form of this command to return to the default configuration. Syntax radius-server timeout timeout no radius-server timeout...
Page 181: Show Radius-Servers
Radius Commands User Guidelines There are no user guidelines for this command. Example The following example sets the deadtime to 10 minutes. Console(config)# radius-server deadtime 10 show radius-servers The show radius-servers Privileged EXEC mode command displays the RADIUS server settings. Syntax show radius-servers Default Configuration...
Page 182: Chapter 22.Rmon Commands
Allied Telesis Command Line Interface User’s Guide Chapter 22.RMON Commands show rmon statistics The show rmon statistics User EXEC mode command displays RMON Ethernet statistics. Syntax show rmon statistics {ethernet interface number | port-channel port-channel-number} Parameters • interface number — Valid Ethernet port. •...
Page 183 RMON Commands The following table describes significant fields shown above: Field De scrip tio n Octets The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). Packets The total number of packets (including bad packets, Broadcast packets, and Multicast packets) received.
Page 184: Rmon Collection History
Allied Telesis Command Line Interface User’s Guide rmon collection history The rmon collection history Interface Configuration (Ethernet, port-channel) mode command enables a Remote Monitoring (RMON) MIB history statistics group on an interface. Use the no form of this command to remove a specified RMON history statistics group.
Page 185: Show Rmon History
RMON Commands Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays all RMON history group statistics. Console> show rmon collection history Index Interface Interval...
Page 186 Allied Telesis Command Line Interface User’s Guide Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Examples The following examples displays RMON Ethernet history statistics for index 1. Console>...
Page 187 RMON Commands Console> show rmon history 1 other Sample Set: 1 Owner: Me Interface: 1/e1 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 500 Time Dropped Collisions -------------------- -------- ---------- Jan 18 2002 21:57:00 Jan 18 2002 21:57:30 The following table describes significant fields shown above: Field D escr ip tio n...
Page 188: Rmon Alarm
Allied Telesis Command Line Interface User’s Guide Dropped The total number of events in which packets were dropped by the probe due to lack of resources during this sampling interval. This number is not necessarily the number of packets dropped, it is just the number of times this condition has been detected. Collisions The best estimate of the total number of collisions on this Ethernet segment during this sampling interval.
Page 189: Show Rmon Alarm-Table
RMON Commands Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures the following alarm conditions: • Alarm index — 1000 • Variable identifier — ati • Sample interval — 360000 seconds •...
Page 190: Show Rmon Alarm
Allied Telesis Command Line Interface User’s Guide The following table describes significant fields shown above: Field Desc ription Index An index that uniquely identifies the entry. Monitored variable OID. Owner The entity that configured this entry. show rmon alarm The show rmon alarm User EXEC mode command displays alarm configuration. Syntax show rmon alarm number Parameters...
Page 191: Rmon Event
RMON Commands The following table describes the significant fields shown in the display: Field Desc rip tio n Alarm Alarm index. Monitored variable OID. Last Sample Value The statistic value during the last sampling period. For example, if the sample type is delta, this value is the difference between the samples at the beginning and end of the period.
Page 192: Show Rmon Events
Allied Telesis Command Line Interface User’s Guide Parameters • index — Specifies the event index. (Range: 1 - 65535) • type — Specifies the type of notification generated by the device about this event. Possible values: none, log, trap, log-trap. •...
Page 193: Show Rmon Log
RMON Commands Example The following example displays the RMON event table. Console> show rmon events Index Description Type Community Owner Last time sent ----- -------------- -------- --------- ------- -------------------- Errors Jan 18 2002 23:58:17 High Broadcast Log-Trap device Manager Jan 18 2002 23:59:48 The following table describes significant fields shown above: Field De scr ip tio n...
Page 194: Rmon Table-Size
Allied Telesis Command Line Interface User’s Guide Example The following example displays the RMON log table. Console> show rmon log Maximum table size: 500 Event Description Time ------- -------------- --------- Errors Jan 18 2002 23:48:19 Errors Jan 18 2002 23:58:17 High Broadcast Jan 18 2002 23:59:48 Console>...
Page 195 RMON Commands Command Mode Global Configuration mode User Guidelines The configured table size takes effect after the device is rebooted. Example The following example configures the maximum RMON history table sizes to 100 entries. Console(config)# rmon table-size history 100 Page 183...
Page 196: Chapter 23.Snmp Commands
Allied Telesis Command Line Interface User’s Guide Chapter 23.SNMP Commands snmp-server community The snmp-server community Global Configuration mode command configures the community access string to permit access to the SNMP protocol. Use the no form of this command to remove the specified community string. Syntax snmp-server community community [ro | rw | su] [ip-address][view view-name] snmp-server community-group community group-name [ip-address]...
Page 197: Snmp-Server View
SNMP Commands Example The following example defines community access string public to permit administrative access to SNMP protocol at an administrative station with IP address 192.168.1.20. Console(config)# snmp-server community public su 192.168.1.20 snmp-server view The snmp-server view Global Configuration mode command creates or updates a Simple Network Management Protocol (SNMP) server view entry.
Page 198: Snmp-Server Group
Allied Telesis Command Line Interface User’s Guide snmp-server group The snmp-server group Global Configuration mode command configures a new Simple Management Protocol (SNMP) group or a table that maps SNMP users to SNMP views. Use the no form of this command to remove a specified SNMP group.
Page 199 SNMP Commands Syntax snmp-server user username groupname [remote engineid-string] [ auth-md5 password | auth-sha password | auth-md5-key md5-des-keys | auth-sha-key sha-des-keys ] no snmp-server user username [remote engineid-string] Parameters • username—Specifies the name of the user on the host that connects to the agent. (Range: 1-30 characters) •...
Page 200: Snmp-Server Engineid Local
Allied Telesis Command Line Interface User’s Guide snmp-server engineID local The snmp-server engineID local Global Configuration mode command specifies the Simple Network Management Protocol (SNMP) engineID on the local device. Use the no form of this command to remove the configured engine ID.
Page 201: Snmp-Server Enable Traps
SNMP Commands The show running-config Privileged EXEC mode command does not display the SNMP engine ID configuration. To see the SNMP engine ID configuration, enter the snmp-server engineID local Global Configuration mode command. Example The following example enables SNMPv3 on the device and sets the local engine ID of the device to the default value.
Page 202: Snmp-Server Host
Allied Telesis Command Line Interface User’s Guide Parameters • filter-name—Specifies the label for the filter record that is being updated or created. The name is used to reference the record. (Range: 1-30 characters) • oid-tree—Specifies the object identifier of the ASN.1 subtree to be included or excluded from the view. To identify the subtree, specify a text string consisting of numbers, such as 1.3.6.2.4, or a word, such as system.
Page 203: Snmp-Server V3-Host
SNMP Commands Parameters • ip-address—Specifies the IP address of the host (targeted recipient). • hostname—Specifies the name of the host. (Range:1-158 characters) • community-string—Specifies a password-like community string sent with the notification operation. (Range: 1-20) • traps—Indicates that SNMP traps are sent to this host. If unspecified, SNMPv2 traps are sent to the host. •...
Page 204: Snmp-Server Trap Authentication
Allied Telesis Command Line Interface User’s Guide Parameters • ip-address—Specifies the IP address of the host (targeted recipient). • hostname—Specifies the name of the host. (Range:1-158 characters) • username—Specifies the name of the user to use to generate the notification. (Range: 1-25) •...
Page 205: Snmp-Server Contact
SNMP Commands Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables SNMP failed authentication traps. Console(config)# snmp-server trap authentication snmp-server contact The snmp-server contact Global Configuration mode command configures the system contact (sysContact) string.
Page 206: Snmp-Server Set
Allied Telesis Command Line Interface User’s Guide Parameters • text — Specifies a string that describes system location information. (Range: 0-160 characters) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Do not include spaces in the text string or place text that includes spaces inside quotation marks. Example The following example defines the device location as New_York.
Page 207: Show Snmp
SNMP Commands show snmp The show snmp Privileged EXEC mode command displays the SNMP status. Syntax show snmp Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays the SNMP communications status.
Page 208: Show Snmp Engineid
Allied Telesis Command Line Interface User’s Guide Version 3 notifications Target Address Type Username Security Filter Retries Level Port Name -------------- ----- --------- ------- ---- ------ ------- 192.122.173.42 Inform Priv System Contact: Robert System Location: Marketing The following table describes significant fields shown above. Field Description Community-string...
Page 209: Show Snmp Views
SNMP Commands show snmp views The show snmp views Privileged EXEC mode command displays the configuration of views. Syntax show snmp views [viewname] Parameters • viewname — Specifies the name of the view. (Range: 1-30) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 210: Show Snmp Filters
Allied Telesis Command Line Interface User’s Guide User Guidelines There are no user guidelines for this command. Example The following example displays the configuration of views. Console# show snmp groups Name Security Views Model Level Read Write Notify -------------- ----- ----- ------- -------...
Page 211: Show Snmp Users
SNMP Commands User Guidelines There are no user guidelines for this command. Example The following example displays the configuration of filters. Console# show snmp filters Name OID Tree Type ----------- ----------------------- --------- user-filter 1.3.6.1.2.1.1 Included user-filter 1.3.6.1.2.1.1.7 Excluded user-filter 1.3.6.1.2.1.2.2.1.*.1 Included show snmp users The show snmp users Privileged EXEC mode command displays the configuration of users.
Page 212: Chapter 24.Spanning-Tree Commands
Allied Telesis Command Line Interface User’s Guide Chapter 24.Spanning-Tree Commands spanning-tree The spanning-tree Global Configuration mode command enables spanning-tree functionality. Use the no form of this command to disable spanning-tree functionality. Syntax spanning-tree no spanning-tree Default Configuration Spanning-tree is enabled. Command Modes Global Configuration mode User Guidelines...
Page 213: Spanning-Tree Forward-Time
Spanning-Tree Commands Command Modes Global Configuration mode User Guidelines In RSTP mode, the device uses STP when the neighbor device uses STP. In MSTP mode, the device uses RSTP when the neighbor device uses RSTP and uses STP when the neighbor device uses STP.
Page 214: Spanning-Tree Max-Age
Allied Telesis Command Line Interface User’s Guide Syntax spanning-tree hello-time seconds no spanning-tree hello-time Parameters • seconds — Time in seconds. (Range: 1 - 10) Default Configuration The default hello time for IEEE Spanning Tree Protocol (STP) is 2 seconds. Command Modes Global Configuration mode User Guidelines...
Page 215: Spanning-Tree Priority
Spanning-Tree Commands Example The following example configures the spanning tree bridge maximum-age to 10 seconds. Console(config)# spanning-tree max-age 10 spanning-tree priority The spanning-tree priority Global Configuration mode command configures the spanning tree priority of the device. The priority value is used to determine which bridge is elected as the root bridge. Use the no form of this command to return to the default configuration.
Page 216: Spanning-Tree Cost
Allied Telesis Command Line Interface User’s Guide User Guidelines There are no user guidelines for this command. Example The following example disables spanning-tree on Ethernet port 1/e5. Console(config)# interface ethernet 1/e5 Console(config-if)# spanning-tree disable spanning-tree cost The spanning-tree cost Interface Configuration mode command configures the spanning tree path cost for a port.
Page 217: Spanning-Tree Port-Priority
Spanning-Tree Commands spanning-tree port-priority The spanning-tree port-priority Interface Configuration mode command configures port priority. Use the no form of this command to return to the default configuration. Syntax spanning-tree port-priority priority no spanning-tree port-priority Parameters • priority — The priority of the port. (Range: 0 - 240 in multiples of 16) Default Configuration The default port priority for IEEE Spanning TreeProtocol (STP) is 128.
Page 218: Spanning-Tree Link-Type
Allied Telesis Command Line Interface User’s Guide Example The following example enables PortFast on Ethernet port 1/e15 Console(config)# interface ethernet 1/e15 Console(config-if)# spanning-tree portfast spanning-tree link-type The spanning-tree link-type Interface Configuration mode command overrides the default link-type setting determined by the duplex mode of the port and enables Rapid Spanning Tree Protocol (RSTP) transitions to the forwarding state.
Page 219: Spanning-Tree Bpdu
Spanning-Tree Commands Parameters • long — Specifies port path costs with a range of 1-200,000,000 . • short — Specifies port path costs with a range of 0-65,535. Default Configuration Short path cost method. Command Mode Global Configuration mode User Guidelines This command applies to all spanning tree instances on the device.
Page 220: Spanning-Tree Guard Root
Allied Telesis Command Line Interface User’s Guide spanning-tree guard root The spanning-tree guard root Interface Configuration (Ethernet, port-channel) mode command enables root guard on all spanning tree instances on the interface. Root guard prevents the interface from becoming the root port of the device.
Page 221: Clear Spanning-Tree Detected-Protocols
Spanning-Tree Commands Example The following example shutsdown an interface when it receives a BPDU. Console(config)# interface ethernet 1/e1 Console(config-if)# spanning-tree bpduguard clear spanning-tree detected-protocols The clear spanning-tree detected-protocols Privileged EXEC mode command restarts the protocol migration process (forces renegotiation with neighboring devices) on all interfaces or on a specified interface. Syntax clear spanning-tree detected-protocols [ethernet interface | port-channel port-channel-number] Parameters...
Page 222: Spanning-Tree Mst Max-Hops
Allied Telesis Command Line Interface User’s Guide Default Configuration The default bridge priority for IEEE Spanning Tree Protocol (STP) is 32768. Command Mode Global Configuration mode User Guidelines The device with the lowest priority is selected as the root of the spanning tree. Example The following example configures the spanning tree priority of instance 1 to 4096.
Page 223: Spanning-Tree Mst Cost
Spanning-Tree Commands Syntax spanning-tree mst instance-id port-priority priority no spanning-tree mst instance-id port-priority Parameters • instance-ID—ID of the spanning tree instance. (Range: 1- 7) • priority—The port priority. (Range: 0 - 240 in multiples of 16) Default Configuration The default port priority for IEEE Multiple Spanning Tree Protocol (MSTP) is 128. Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines...
Page 224: Spanning-Tree Mst Configuration
Allied Telesis Command Line Interface User’s Guide Fast Ethernet (100 Mbps) 200,000 Ethernet (10 Mbps) 2,000,000 Command Modes Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures the MSTP instance 1 path cost for Ethernet port 1/e9 to 4. Console(config) # interface ethernet 1/e9 Console(config-if) # spanning-tree mst 1 cost 4 spanning-tree mst configuration...
Page 225: Name (Mst)
Spanning-Tree Commands Syntax instance instance-id {add | remove} vlan vlan-range Parameters • instance-ID—ID of the MST instance (Range: 1-15). • vlan-range—VLANs to be added to or removed from the specified MST instance. To specify a range of VLANs, use a hyphen. To specify a series of VLANs, use a comma. (Range: 1-4094). Default Configuration VLANs are mapped to the common and internal spanning tree (CIST) instance (instance 0).
Page 226: Revision (Mst)
Allied Telesis Command Line Interface User’s Guide User Guidelines There are no user guidelines for this command. Example The following example defines the configuration name as region1. Console(config) # spanning-tree mst configuration Console(config-mst) # name region 1 revision (mst) The revision MST configuration command defines the configuration revision number. Use the no form of this command to return to the default configuration.
Page 227: Exit (Mst)
Spanning-Tree Commands Default Configuration This command has no default configuration. Command Mode MST Configuration mode User Guidelines The pending MST region configuration takes effect only after entering the MST configuration mode. Example The following example displays a pending MST region configuration. Console(config-mst)# show pending Pending MST configuration Name: Region1...
Page 228: Abort (Mst)
Allied Telesis Command Line Interface User’s Guide abort (mst) The abort MST Configuration mode command exits the MST configuration mode without applying the configuration changes. Syntax abort Default Configuration This command has no default configuration. Command Mode MST Configuration mode User Guidelines There are no user guidelines for this command.
Page 229 Spanning-Tree Commands Command Modes Privileged EXEC mode User Guidelines There are no user guidelines for this command. Examples The following examples displays spanning-tree information. Console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 32768 Address 00:01:42:97:e0:00...
Page 230 Allied Telesis Command Line Interface User’s Guide Console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 36864 Address 00:02:4b:29:7a:00 This switch is the root. Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State...
Page 231 Spanning-Tree Commands Enabled 128.2 20000 Disabled 128.3 20000 Enabled 128.4 20000 Enabled 128.5 20000 Console# show spanning-tree active Spanning tree enabled mode RSTP Default port cost method: long Root ID Priority 32768 Address 00:01:42:97:e0:00 Path Cost 20000 Root Port 1 (1/e1) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec...
Page 232 Allied Telesis Command Line Interface User’s Guide Bridge ID Priority 36864 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio.Nbr Cost Role PortFast Type ---- ------- -------- ----- ---- -------- ---------- Enabled 128.4 ALTN...
Page 233 Spanning-Tree Commands Port 2 (1/2) enabled State: Forwarding Role: Designated Port id: 128.2 Port cost: 20000 Type: Shared (configured: auto) STP Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:7a:00 Designated port id: 128.2 Designated path cost: 20000 Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Port 3 (1/3) disabled State: N/A...
Page 234 Allied Telesis Command Line Interface User’s Guide Console# show spanning-tree ethernet 1/e1 Port 1 (1/e1) enabled State: Forwarding Role: Root Port id: 128.1 Port cost: 20000 Type: P2p (configured: auto) RSTP Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:01:42:97:e0:00 Designated port id: 128.25 Designated path cost: 0 Number of transitions to forwarding state: 1...
Page 235 Spanning-Tree Commands Name State Prio.Nbr Cost Role PortFast Type ---- ------- -------- ----- ---- -------- ---------- Enabled 128.1 20000 Root P2p Bound (RSTP) Enabled 128.2 20000 Desg Shared Bound (STP) Enabled 128.3 20000 Desg Enabled 128.4 20000 Desg ###### MST 1 Vlans Mapped: 10-20 CST Root ID Priority 24576...
Page 236 Allied Telesis Command Line Interface User’s Guide Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master ID Priority 32768 Address 00:02:4b:29:7a:00 This switch is the IST master. Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops Number of topology changes 2 last change occurred 2d18h ago...
Page 237 Spanning-Tree Commands Port 4 (1/4) enabled State: Forwarding Role: Designated Port id: 128.4 Port cost: 20000 Type: Shared (configured: auto) Internal Port Fast: No (configured:no) Designated bridge Priority: 32768 Address: 00:02:4b:29:7a:00 Designated port id: 128.2 Designated cost: 20000 Guard Root: Disabled BPDU Guard: Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638...
Page 238 Allied Telesis Command Line Interface User’s Guide Designated port id: 128.2 Designated cost: 20000 Guard Root: Disabled BPDU Guard: Disabled Number of transitions to forwarding state: 1 BPDU: sent 2, received 170638 Port 3 (1/3) disabled State: Blocking Role: Alternate Port id: 128.3 Port cost: 20000 Type: Shared (configured: auto) Internal...
Page 239 Spanning-Tree Commands Address 00:02:4b:19:7a:00 Path Cost 10000 Rem hops Bridge ID Priority 32768 Address 00:02:4b:29:7a:00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops Console# show spanning-tree Spanning tree enabled mode MSTP Default port cost method: long ###### MST 0 Vlans Mapped: 1-9 CST Root ID Priority...
Page 240: Chapter 25.Ssh Commands
Allied Telesis Command Line Interface User’s Guide Chapter 25.SSH Commands ip ssh port The ip ssh port Global Configuration mode command specifies the port to be used by the SSH server. Use the no form of this command to return to the default configuration. Syntax ip ssh port port-number no ip ssh port...
Page 241: Crypto Key Generate Dsa
SSH Commands User Guidelines If encryption keys are not generated, the SSH server is in standby until the keys are generated. To generate SSH server keys, use the crypto key generate dsa, and crypto key generate rsa Global Configuration mode commands.
Page 242: Ip Ssh Pubkey-Auth
Allied Telesis Command Line Interface User’s Guide Command Mode Global Configuration mode User Guidelines RSA keys are generated in pairs: one public RSA key and one private RSA key. If the device already has RSA keys, a warning and prompt to replace the existing keys with new keys are displayed. This command is not saved in the device configuration;...
Page 243: User-Key
SSH Commands Syntax crypto key pubkey-chain ssh Default Configuration No keys are specified. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enters the SSH Public Key-chain Configuration mode and manually configures the RSA key pair for SSH public key-chain bob.
Page 244: Key-String
Allied Telesis Command Line Interface User’s Guide Parameters • username — Specifies the username of the remote SSH client. (Range: 1-48 characters) • rsa — Indicates the RSA key pair. • dsa — Indicates the DSA key pair. Default Configuration No SSH public keys exist.
Page 245: Show Ip Ssh
SSH Commands Use the key-string row SSH Public Key-string Configuration mode command to specify the SSH public key row by row. Each row must begin with a key-string row command. This command is useful for configuration files. Example The following example enters public key strings for SSH public key client bob. Console(config)# crypto key pubkey-chain ssh Console(config-pubkey-chain)# user-key bob rsa Console(config-pubkey-key)# key-string...
Page 246: Show Crypto Key Mypubkey
Allied Telesis Command Line Interface User’s Guide Example The following example displays the SSH server configuration. Console# show ip ssh SSH server enabled. Port: 22 RSA key was generated. DSA (DSS) key was generated. SSH Public Key Authentication is enabled. Active incoming sessions: IP address SSH username...
Page 247: Show Crypto Key Pubkey-Chain Ssh
SSH Commands Example The following example displays the SSH public RSA keys on the device. Console# show crypto key mypubkey rsa RSA key data: 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 64CAB820 847EDAD9 DF0B4E4C 73A05DD2 BD62A8A9 FA603DD2 E2A8A6F8 98F76E28 D58AD221 B583D7A4 71020301 87685768 Fingerprint(Hex): 77:C7:19:85:98:19:27:96:C9:CC:83:C5:78:89:F8:86 Fingerprint(Bubble Babble): yteriuwt jgkljhglk yewiury hdskjfryt gfhkjglk...
Page 248 Allied Telesis Command Line Interface User’s Guide Key: 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 Fingerprint: 9A:CC:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86 Page 236 Not approved by Document Control. For review only.
Page 249: Chapter 26.Syslog Commands
Syslog Commands Chapter 26.Syslog Commands logging on The logging on Global Configuration mode command controls error message logging. This command sends debug or error messages to a logging process, which logs messages to designated locations asynchronously to the process that generated the messages. Use the no form of this command to disable the logging process. Syntax logging on no logging on...
Page 250: Logging Console
Allied Telesis Command Line Interface User’s Guide Parameters • ip-address — IP address of the host to be used as a syslog server. • hostname — Specifies the host name of the syslog server. (Range: 1-158 characters) • port — Specifies the port number for syslog messages. (Range: 1 - 65535) •...
Page 251: Logging Buffered
Syslog Commands Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example limits logging messages displayed on the console to severity level errors. Console(config)# logging console errors logging buffered The logging buffered Global Configuration mode command limits syslog messages displayed from an internal buffer based on severity.
Page 252: Clear Logging
Allied Telesis Command Line Interface User’s Guide Syntax logging buffered size number no logging buffered size Parameters • number — Specifies the maximum number of messages stored in the history table. (Range: 20 - 60) Default Configuration The default number of messages is 200. Command Mode Global Configuration mode User Guidelines...
Page 253: Logging File
Syslog Commands logging file The logging file Global Configuration mode command limits syslog messages sent to the logging file based on severity. Use the no form of this command to cancel using the buffer. Syntax logging file level no logging file Parameters •...
Page 254: Aaa Logging
Allied Telesis Command Line Interface User’s Guide Example The following example clears messages from the logging file. Console# clear logging file Clear Logging File [confirm] aaa logging The aaa logging Global Configuration mode command enables logging AAA login events. Use the no form of this command to disable logging AAA login events.
Page 255: Management Logging
Syslog Commands Parameters • copy — Indicates logging messages related to file copy operations. • delete-rename — Indicates logging messages related to file deletion and renaming operations. Default Configuration Logging file system events is enabled. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Page 256: Show Logging
Allied Telesis Command Line Interface User’s Guide show logging The show logging Privileged EXEC mode command displays the state of logging and the syslog messages stored in the internal buffer. Syntax show logging Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 257: Show Logging File
Syslog Commands 29-Nov-2007 17:46:02 :%LINK-I-Up: 2/e16 29-Nov-2007 17:46:02 :%LINK-I-Up: Vlan 1 29-Nov-2007 17:45:59 :%LINK-W-Down: 3/e14 29-Nov-2007 17:45:59 :%LINK-W-Down: Vlan 1 29-Nov-2007 17:36:58 :%AAA-I-CONNECT: New http connection for user Admin, source 192.168.1.96 destination 192.168.1.25 ACCEPTED 29-Nov-2007 17:36:36 :%AAA-W-REJECT: New http connection for user manager, sourc e 192.168.1.96 destination 192.168.1.25 REJECTED console#...
Page 258: Show Syslog-Servers
Allied Telesis Command Line Interface User’s Guide Example The following example displays the logging state and the syslog messages stored in the logging file Console# show logging file Logging is enabled. Console Logging: Level info. Console Messages: 226 Dropped. Buffer Logging: Level info. Buffer Messages: 20 Logged, 6 Displayed, 20 Max. File Logging: Level error.
Page 259 Syslog Commands Device Configuration IP address Port Severity Facility Description ------------ ---- ------------- -------- ----------- 192.180.2.27 Informational local7 192.180.2.28 Warning local7 Page 247...
Page 260: Chapter 27.Tacacs+ Commands
Allied Telesis Command Line Interface User’s Guide Chapter 27.TACACS+ Commands tacacs-server host The tacacs-server host Global Configuration mode command specifies a TACACS+ host. Use the no form of this command to delete the specified name or address. Syntax tacacs-server host {ip-address | hostname} [single-connection] [port port-number] [timeout timeout] [key key- string] [source source] [priority priority] no tacacs-server host {ip-address | hostname} Parameters...
Page 261: Tacacs-Server Key
TACACS+ Commands Example The following example specifies a TACACS+ host. Console(config)# tacacs-server host 172.16.1.1 tacacs-server key The tacacs-server key Global Configuration mode command sets the authentication encryption key used for all TACACS+ communications between the device and the TACACS+ daemon. Use the no form of this command to disable the key.
Page 262: Tacacs-Server Source-Ip
Allied Telesis Command Line Interface User’s Guide Default Configuration 5 seconds Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example sets the timeout value to 30. Console(config)# tacacs-server timeout 30 tacacs-server source-ip The tacacs-server source-ip Global Configuration mode command configures the source IP address to be used for communication with TACACS+ servers.
Page 263 TACACS+ Commands Syntax show tacacs [ip-address] Parameters • ip-address — Name or IP address of the TACACS+ server. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays configuration and statistical information about a TACACS+ server.
Page 264: Chapter 28.System Management Commands
Allied Telesis Command Line Interface User’s Guide Chapter 28.System Management Commands ping The ping User EXEC mode command sends ICMP echo request packets to another node on the network. Syntax ping {ip-address | hostname } [size packet_size] [count packet_count] [timeout time_out] Parameters •...
Page 265 System Management Commands Example The following example displays pinging results: Console> ping 10.1.1.1 Pinging 10.1.1.1 with 64 bytes of data: 64 bytes from 10.1.1.1: icmp_seq=0. time=11 ms 64 bytes from 10.1.1.1: icmp_seq=1. time=8 ms 64 bytes from 10.1.1.1: icmp_seq=2. time=8 ms 64 bytes from 10.1.1.1: icmp_seq=3.
Page 266: Reload
Allied Telesis Command Line Interface User’s Guide reload The reload Privileged EXEC mode command reloads the operating system. Syntax reload Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines Caution should be exercised when resetting the device, to ensure that no other activity is being performed. In particular, the user should verify that no configuration files are being downloaded at the time of reset.
Page 267: Hostname
System Management Commands hostname The hostname Global Configuration mode command specifies or modifies the device host name. Use the no form of this command to remove the existing host name. Syntax hostname name no hostname Parameters • name — The host name. of the device. (Range: 1-158 characters) Default Configuration This command has no default configuration.
Page 268: Stack Reload
Allied Telesis Command Line Interface User’s Guide Default Configuration Disables forcing the selection of a stack master. Command Mode Global Configuration mode User Guidelines This command is not relevant to standalone devices. The following algorithm is used to select a unit as the master: •...
Page 269: Stack Change Unit-Id
System Management Commands User Guidelines This command is not relevant to standalone devices. If no unit is specified, all units are reloaded. Example The following example reloads Unit 2 of the stack. Console(config)# stack reload unit 2 stack change unit-id Note This command is operational in the AT-8000S/24, AT-8000S/24POE, AT-8000S/48 and AT-8000S/ 48POE devices.
Page 270: Show Stack
Allied Telesis Command Line Interface User’s Guide show stack Note This command is operational in the AT-8000S/24, AT-8000S/24POE, AT-8000S/48 and AT-8000S/ 48POE devices. The show stack User EXEC mode command displays information about the status of a stack. Syntax show stack [unit unit] Parameters •...
Page 271: Show Users
System Management Commands console# console# show stack 1 Unit: 1 MAC address: 10:20:30:40:50:60 Master: Forced. Product: AT-8000S/48. Software: v1.1.0.29 Uplink unit: 6 Downlink unit: 2. Status: master Active image: image2. Selected for next boot: image2. Topology is Ring Unit Num After Reset: console# show users The show users User EXEC mode command displays information about the active users.
Page 272: Show Sessions
Allied Telesis Command Line Interface User’s Guide manager Serial 0.0.0 Admin HTTP 192.168.1.960. Telnet 192.168.1.120 bill Telnet 192.168.1.101 console# show sessions The show sessions User EXEC mode command lists open Telnet sessions. Syntax show sessions Default Configuration There is no default configuration for this command. Command Mode User EXEC mode User Guidelines...
Page 273: Show System
System Management Commands show system The show system User EXEC mode command displays system information. Syntax show system [unit unit] Parameters • unit— Specifies the number of the unit. (Range: 1-6) Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines There are no user guidelines for this command.
Page 274: Show System Id
Allied Telesis Command Line Interface User’s Guide show system id The show system id Privileged EXEC mode command displays the system identity information. Syntax show system id [unit unit] Parameters • unit unit — Unit number. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 275: Set System
System Management Commands Command Mode User EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays system version information (only for demonstration purposes). Console> show version Unit SW version Boot version HW version ---- ---------- ------------...
Page 276 Allied Telesis Command Line Interface User’s Guide Example The following example deactivate features. Console> set system qos inactive policy-based-vlans active Page 264 Not approved by Document Control. For review only.
Page 277: Chapter 29.User Interface Commands
User Interface Commands Chapter 29.User Interface Commands enable The enable User EXEC mode command enters the Privileged EXEC mode. Syntax enable [privilege-level] Parameters • privilege-level — Privilege level to enter the system. (Range: 1 - 15) Default Configuration The default privilege level is 15. Command Mode User EXEC mode User Guidelines...
Page 278: Login
Allied Telesis Command Line Interface User’s Guide Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example returns to Users EXEC mode. Console# disable Console> login The login User EXEC mode command changes a login username. Syntax login Default Configuration...
Page 279: Exit (Configuration)
User Interface Commands Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example enters Global Configuration mode. Console# configure Console(config)# exit (Configuration) The exit command exits any configuration mode to the next highest mode in the CLI mode hierarchy. Syntax exit Default Configuration...
Page 280: End
Allied Telesis Command Line Interface User’s Guide Command Mode Privileged and User EXEC modes User Guidelines There are no user guidelines for this command. Example The following example closes an active terminal session. Console> exit The end command ends the current configuration session and returns to the Privileged EXEC mode. Syntax Default Configuration This command has no default configuration.
Page 281: Terminal Datadump
User Interface Commands User Guidelines There are no user guidelines for this command. Example The following example describes the help system Console# help Help may be requested at any point in a command by entering a question mark '?'. If nothing matches the currently entered incomplete command, the help list is empty.
Page 282: Show History
Allied Telesis Command Line Interface User’s Guide show history The show history User EXEC mode command lists the commands entered in the current session. Syntax show history Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines The buffer includes executed and unexecuted commands.
Page 283 User Interface Commands User Guidelines There are no user guidelines for this command. Example The following example displays the current privilege level for the Privileged EXEC mode. Console# show privilege Current privilege level is 15 Page 271...
Page 284: Chapter 30.Vlan Commands
Allied Telesis Command Line Interface User’s Guide Chapter 30.VLAN Commands vlan database The vlan database Global Configuration mode command enters the VLAN Configuration mode. Syntax vlan database Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Page 285: Default-Vlan Vlan
VLAN Commands User Guidelines There are no user guidelines for this command. Example The following example VLAN number 1972 is created. console(config)# vlan database console(config-vlan)# vlan 1972 console(config-vlan)# default-vlan vlan The default-vlan vlan VLAN Configuration mode command defines the default VLAN. Use the no form of this command to return to default.
Page 286: Interface Range Vlan
Allied Telesis Command Line Interface User’s Guide Parameters • vlan-id — Specifies an existing VLAN ID. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines In case the VLAN doesn't exist (‘ghost VLAN’), only partial list of the commands are available under the interface VLAN context.
Page 287: Name
VLAN Commands Example The following example groups VLANs 221, 228 and 889 to receive the same command. Console(config)# interface range vlan 221-228,889 Console(config-if)# name The name Interface Configuration mode command adds a name to a VLAN. Use the no form of this command to remove the VLAN name.
Page 288: Switchport Mode
Allied Telesis Command Line Interface User’s Guide Default Configuration Switchport protected is disabled. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines Private VLAN Edge (PVE) supports private communication by isolating PVE-defined ports and ensuring that all Unicast, Broadcast and Multicast traffic from these ports is only forwarded to uplink port(s). PVE requires only one VLAN on each device, but not on every port;...
Page 289 VLAN Commands Example The following example configures Ethernet port 1/e16 as an untagged layer 2 VLAN port. Console(config)# interface ethernet 1/e16 Console(config-if)# switchport mode access Page 277...
Page 290: Switchport Access Vlan
Allied Telesis Command Line Interface User’s Guide switchport access vlan The switchport access vlan Interface Configuration mode command configures the VLAN ID when the interface is in access mode. Use the no form of this command to return to the default configuration. Syntax switchport access vlan {vlan-id } no switchport access vlan...
Page 291: Switchport Trunk Native Vlan
VLAN Commands Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example adds VLANs 1, 2, 5 to 6 to the allowed list of Ethernet port 1/e16. Console(config)# interface ethernet 1/e16 console(config-if)# switchport trunk allowed vlan add 1-2,5-6 switchport trunk native vlan The switchport trunk native vlan Interface Configuration mode command defines the native VLAN when the...
Page 292: Switchport General Pvid
Allied Telesis Command Line Interface User’s Guide Syntax switchport general allowed vlan add vlan-list [tagged | untagged] switchport general allowed vlan remove vlan-list Parameters • add vlan-list — Specifies the list of VLAN IDs to be added. Separate nonconsecutive VLAN IDs with a comma and no spaces.
Page 293: Switchport General Ingress-Filtering Disable
VLAN Commands User Guidelines There are no user guidelines for this command. Example The following example configures the PVID for Ethernet port 1/e16, when the interface is in general mode. Console(config)# interface ethernet 1/e16 Console(config-if)# switchport general pvid 234 switchport general ingress-filtering disable The switchport general ingress-filtering disable Interface Configuration mode command disables the ingress filtering of a port.
Page 294: Switchport General Map Macs-Group Vlan
Allied Telesis Command Line Interface User’s Guide Default Configuration All frame types are accepted at ingress. Command Mode Interface Configuration (Ethernet, port-channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures Ethernet port 1/e16 to discard untagged frames at ingress. Console(config)# interface ethernet 1/e16 Console(config-if)# switchport general acceptable-frame-type tagged-only switchport general map macs-group vlan...
Page 295: Map Mac Macs-Group
VLAN Commands Example The following example sets a mac-based classification rule. console(config)# vlan database console(config-vlan)# map mac 00:08:78:32:98:78 9 macs-group 1 interface ethernet e17 console(config-vlan)# exit console(config)# interface ethernet 1/e17 console(config-if)# switchport mode general console(config-if)# switchport general map macs-group 1 vlan 2 map mac macs-group The map mac macs-group VLAN Configuration mode command maps a MAC address or a range of MAC addresses to a group of MAC addresses.
Page 296: Switchport Forbidden Vlan
Allied Telesis Command Line Interface User’s Guide Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays macs-groups information Console# show vlan macs-groups MAC Address Mask Group ID...
Page 297: Ip Internal-Usage-Vlan
VLAN Commands Example The following example forbids adding VLAN IDs 234 to 256 to Ethernet port 1/e16. Console(config)# interface ethernet 1/e16 Console(config-if)# switchport forbidden vlan add 234-256 ip internal-usage-vlan The ip internal-usage-vlan Interface Configuration mode command reserves a VLAN as the internal usage VLAN of an interface.
Page 298: Show Vlan
Allied Telesis Command Line Interface User’s Guide show vlan The show vlan Privileged EXEC mode command displays VLAN information. Syntax show vlan [tag vlan-id | name vlan-name ] Parameters • vlan-id — specifies a VLAN ID • vlan-name — Specifies a VLAN name string. (Range: 1 - 32 characters) Default Configuration This command has no default configuration.
Page 299: Show Interfaces Switchport
VLAN Commands Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays VLANs used internally by the device. Console# show vlan internal usage VLAN Usage IP address...
Page 300 Allied Telesis Command Line Interface User’s Guide Example The following example displays the switchport configuration for Ethernet port 1/e1. Console# show interface switchport ethernet 1/e1 Port 1/e1: VLAN Membership mode: General Operating parameters: PVID: 1 (default) Ingress Filtering: Enabled Acceptable Frame Type: All GVRP status: Enabled Protected: Enabled, Uplink is 1/e9.
Page 301 VLAN Commands Console show interface switchport ethernet 1/e2 Port 1/e2: VLAN Membership mode: General Operating parameters: PVID: 4095 (discard vlan) Ingress Filtering: Enabled Acceptable Frame Type: All Port 1/e1 is member in: Vlan Name Egress rule Type ---- ------------ ----------- ------ IP Telephony tagged...
Page 302 Allied Telesis Command Line Interface User’s Guide Acceptable Frame Type: Untagged GVRP status: Disabled Page 290 Not approved by Document Control. For review only.
Page 303: Chapter 31.Web Server Commands
Web Server Commands Chapter 31.Web Server Commands ip http server The ip http server Global Configuration mode command enables configuring the device from a browser. Use the no form of this command to disable this function. Syntax ip http server no ip http server Default Configuration HTTP server is enabled.
Page 304: Ip Http Exec-Timeout
Allied Telesis Command Line Interface User’s Guide User Guidelines Use the crypto certificate generate Global Configuration mode command to generate an HTTPS certificate. Specifying 0 as the port number effectively disables HTTP access to the device. Example The following example configures the http port number to 100. Console(config)# ip http port 100 ip http exec-timeout The ip http port Global Configuration mode command specifies the TCP port to be used by the Web browser...
Page 305: Ip Https Port
Web Server Commands Command Mode Global Configuration mode User Guidelines Use the crypto certificate generate Global Configuration mode command to generate an HTTPS certificate. Example The following example enables configuring the device from a secured browser. Console(config)# ip https server ip https port The ip https port Global Configuration mode command specifies the TCP port used by the server to configure the device through the Web browser.
Page 306: Crypto Certificate Generate
Allied Telesis Command Line Interface User’s Guide Parameters • minutes — Integer that specifies the number of minutes. (Range: 1 - 65535) • seconds — Additional time intervals in seconds. (Range: 0-59) Default Configuration The default configuration is the exec-timeout set by the ip http exec-timeout command. Command Mode Global Configuration mode User Guidelines...
Page 307: Crypto Certificate Request
Web Server Commands If no URL or IP address is specified, the default common name is the lowest IP address of the device at the time that the certificate is generated. If the number of days is not specified, the default period of time that the certification is valid is 365 days. Command Mode Global Configuration mode User Guidelines...
Page 308: Crypto Certificate Import
Allied Telesis Command Line Interface User’s Guide User Guidelines Use this command to export a certificate request to a Certification Authority. The certificate request is generated in Base64-encoded X.509 format. Before generating a certificate request you must first generate a self-signed certificate using the crypto certificate generate Global Configuration mode command.
Page 309: Ip Https Certificate
Web Server Commands User Guidelines Use this command to enter an external certificate (signed by Certification Authority) to the device. To end the session, enter an empty line. The imported certificate must be based on a certificate request created by the crypto certificate request Privileged EXEC mode command.
Page 310: Show Crypto Certificate Mycertificate
Allied Telesis Command Line Interface User’s Guide Command Mode Global Configuration mode User Guidelines The crypto certificate generate command should be used to generate HTTPS certificates. Example The following example configures the active certificate for HTTPS. Console(config)# ip https certificate 1 show crypto certificate mycertificate The show crypto certificate mycertificate Privileged EXEC mode command displays the SSH certificates of the device.
Page 311: Show Ip Http
Web Server Commands Issued by: www.verisign.com Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 show ip http The show ip http Privileged EXEC mode command displays the HTTP server configuration. Syntax show ip http Default Configuration...
Page 312 Allied Telesis Command Line Interface User’s Guide Example The following example displays the HTTP server configuration. Console# show ip https HTTPS server enabled. Port: 443 Certificate 1 is active Issued by: www.verisign.com Valid from: 8/9/2004 to 8/9/2005 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Issued by: self-signed...
Page 313: Chapter 32
802.1x Commands Chapter 32. 802.1x Commands aaa authentication dot1x The aaa authentication dot1x Global Configuration mode command specifies one or more authentication, authorization, and accounting (AAA) methods for use on interfaces running IEEE 802.1X. Use the no form of this command to return to the default configuration.
Page 314: Dot1X Port-Control
Allied Telesis Command Line Interface User’s Guide no dot1x system-auth-control Default Configuration 802.1x is disabled globally. Command Modes Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables 802.1x globally. Console(config)# dot1x system-auth-control dot1x port-control The dot1x port-control Interface Configuration mode command enables manually controlling the authorization state of the port.
Page 315: Dot1X Re-Authentication
802.1x Commands Example The following example enables 802.1X authentication on Ethernet port 1/e16. Console(config)# interface ethernet 1/e16 Console(config-if)# dot1x port-control auto dot1x re-authentication The dot1x re-authentication Interface Configuration mode command enables periodic re-authentication of the client. Use the no form of this command to return to the default configuration. Syntax dot1x re-authentication no dot1x re-authentication...
Page 316: Dot1X Re-Authenticate
Allied Telesis Command Line Interface User’s Guide Command Mode Interface Configuration (Ethernet) mode User Guidelines There are no user guidelines for this command. Example The following example sets the number of seconds between re-authentication attempts, to 300. Console(config)# interface ethernet 1/e16 Console(config-if)# dot1x timeout re-authperiod 300 dot1x re-authenticate The dot1x re-authenticate Privileged EXEC mode command manually initiates a re-authentication of all 802.1X-...
Page 317: Dot1X Timeout Tx-Period
802.1x Commands Parameters • seconds — Specifies the time in seconds that the device remains in the quiet state following a failed authentication exchange with the client. (Range: 0 - 65535 seconds) Default Configuration Quiet period is 60 seconds. Command Mode Interface Configuration (Ethernet) mode User Guidelines During the quiet period, the device does not accept or initiate authentication requests.
Page 318: Dot1X Max-Req
Allied Telesis Command Line Interface User’s Guide User Guidelines The default value of this command should be changed only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients. and authentication servers Example The following command sets the number of seconds that the device waits for a response to an EAP-request/ identity frame, to 3600 seconds.
Page 319: Dot1X Timeout Server-Timeout
802.1x Commands Syntax dot1x timeout supp-timeout seconds no dot1x timeout supp-timeout Parameters • seconds — Time in seconds that the device waits for a response to an EAP-request frame from the client before resending the request. (Range: 1- 65535 seconds) Default Configuration Default timeout period is 30 seconds.
Page 320: Show Dot1X
Allied Telesis Command Line Interface User’s Guide User Guidelines The actual timeout can be determined by comparing the dot1x timeout server-timeout value and the result of multiplying the radius-server retransmit value with the radius-server timeout value and selecting the lower of the two values.
Page 321 802.1x Commands 1/e5 Force-auth Unauthorized* Disabled 3600 * Port is down or not present. console# Console# show dot1x ethernet 1/e1 802.1x is enabled. Port Admin Mode Oper Mode Reauth Reauth Username Control Period ---- ---------- --------- ------- ------ -------- 1/e1 Auto Unauthorized Enabled...
Page 322: Show Dot1X Users
Allied Telesis Command Line Interface User’s Guide Reauth Period Reauthentication period. Username The username representing the identity of the Supplicant. This field shows the username in case the port control is auto. If the port is Authorized, it shows the username of the current user.
Page 323: Show Dot1X Statistics
802.1x Commands Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays 802.1X users. Console# show dot1x users Port Username Session Time Auth Method MAC Address ----- -------- ------------ ----------- -------------- 1/e1 1d:03:08.58...
Page 324 Allied Telesis Command Line Interface User’s Guide Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays 802.1X statistics for the specified interface. Console# show dot1x statistics ethernet 1/e1 EapolFramesRx: 11 EapolFramesTx: 12...
Page 325: Dot1X Auth-Not-Req
802.1x Commands EapolReqIdFramesTx The number of EAP Req/Id frames that have been transmitted by this Authenticator. EapolReqFramesTx The number of EAP Request frames (other than Rq/Id frames) that have been transmitted by this Authenticator. InvalidEapolFramesRx The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized.
Page 326: Dot1X Single-Host-Violation
Allied Telesis Command Line Interface User’s Guide Syntax dot1x guest-vlan no dot1x guest-vlan Default Configuration No VLAN is defined as a guest VLAN. Command Mode Interface Configuration (VLAN) mode User Guidelines Use the dot1x guest-vlan enable Interface Configuration mode command to enable unauthorized users on an interface to access the guest VLAN.
Page 327: Dot1X Mac-Authentication
802.1x Commands Default Configuration Frames with source addresses that are not the supplicant address are discarded. No traps are sent. Command Mode Interface Configuration (Ethernet) mode User Guidelines The command is relevant when multiple hosts is disabled and the user has been successfully authenticated. Example The following example forwards frames with source addresses that are not the supplicant address and sends consecutive traps at intervals of 100 seconds.
Page 328: Show Dot1X Advanced
Allied Telesis Command Line Interface User’s Guide Example The following example enables authentication based on the station's MAC address. Console# configure Console(config)# interface ethernet 1/e1 Console(config-if)# dot1x mac-authentication show dot1x advanced The show dot1x advanced privileged EXEC mode command displays 802.1X advanced features for the switch or for the specified interface.
Page 329: Dot1X Guest-Vlan Enable
802.1x Commands Unauthenticated VLANs: 91,92 Interface Multiple Hosts Guest VLAN MAC Authentication --------- -------------- ---------- ---------- Disabled Enabled MAC-and-802.1X Enabled Disabled Disabled Single host parameters Violation action: Discard Trap: Enabled Trap frequency: 100 Status: Single-host locked Violations since last trap: 9 dot1x guest-vlan enable The dot1x guest-vlan enable Interface Configuration mode command enables unauthorized users on the interface access to the Guest VLAN.
Page 330: Index
Allied Telesis Command Line Interface User’s Guide Index crypto certificate import 296 crypto certificate request 295 crypto key generate dsa 229 crypto key generate rsa 229 crypto key pubkey-chain ssh 230 aaa authentication dot1x 301 aaa authentication dot1x default 301 delete 67, 73 aaa authentication enable 24 deny (Management) 139...
Page 331 Index gvrp enable (Interface) 98 gvrp registration-forbid 100 Keyboard Shortcuts 10 gvrp vlan-creation-forbid 100 key-string 232 help 268 line 125 history 127 logging 237 history size 128 logging buffered 239 hostname 255 logging buffered size 239 how bootvar 70 logging console 238 logging file 241 instance (mst) 212 logging on 237...
Page 332 Allied Telesis Command Line Interface User’s Guide priority-queue out num-of-queues 157 show gvrp error-statistics 103 Privileged EXEC Mode 5 show gvrp statistics 102 show history 270 qos 156 show interfaces advertise 87 qos cos 162 show interfaces counters 92 qos map dscp-queue 162 show interfaces description 91 qos trust (Global) 162 show interfaces port-channel 146...
Page 333 Index show snmp filters 198 spanning-tree 200 show snmp groups 197 spanning-tree bpdu 207 show snmp users 199 spanning-tree cost 204, 205 show snmp views 197 spanning-tree disable 203 show sntp configuration 61 spanning-tree forward-time 201 show sntp status 62 spanning-tree hello-time 201 show spanning-tree 216 spanning-tree link-type 206...
Page 334 Allied Telesis Command Line Interface User’s Guide terminal history size 129 test copper-port tdr 142 traffic-shape 158 User EXEC Mode 5 user-key 231 username 29 vlan 272 vlan database 272 wrr-queue cos-map 159 Page 322...

Allied Telesis AT-8000S Series Cli Reference Manual

Preface

Chapter 1.Using The CLI

Chapter 2.ACL Commands

Chapter 3.AAA Commands

Chapter 4.Address Table Commands

Chapter 5.Clock Commands

Chapter 6.Configuration And Image File Commands

Chapter 7.DHCP Option 82 Commands

Chapter 8.DHCP Snooping Commands

Chapter 9.Ethernet Configuration Commands

Chapter 10.GVRP Commands

Chapter 11.IGMP Snooping Commands

Chapter 12.IP Addressing Commands

Ip Domain-Lookup

Chapter 13.Line Commands

Section 14.LACP Commands

Chapter 15.Management ACL Commands

Chapter 16.PHY Diagnostics Commands

Chapter 17.Port Channel Commands

Chapter 18.Port Monitor Commands

Chapter 19.Power Over Ethernet Commands

Chapter 20.Qos Commands

Chapter 21.Radius Commands

Chapter 22.RMON Commands

Chapter 23.SNMP Commands

Chapter 24.Spanning-Tree Commands

Chapter 25.SSH Commands

Quick Links

Ethernet Switch

Need help?

Questions and answers

Related Manuals for Allied Telesis AT-8000S Series

Summary of Contents for Allied Telesis AT-8000S Series