NETGEAR ProSafe M7100-24X User Manual
  1. Manuals
  2. Brands
  3. NETGEAR Manuals
  4. Switch
  5. ProSAFE M7100-24X
  6. User manual

NETGEAR ProSafe M7100-24X User Manual

Prosafe managed switch
Hide thumbs Also See for ProSafe M7100-24X:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
Table of Contents

Advertisement

Quick Links

See also: Reference Manual
350 East Plumeria Drive
San Jose, CA 95134
USA
October 2012
202-1xxxx-01
1.0
ProSafe Managed Switch
Command Line Interface (CLI)

User Manual

10.0.1
M7100-24X
M4100-D10-POE
M4100-26-POE
M4100-50-POE
M4100-D12G
M4100-26G
M4100-50G
M4100-26G-POE
M4100-48G-POE+

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ProSafe M7100-24X and is the answer not in the manual?

Questions and answers

Related Manuals for NETGEAR ProSafe M7100-24X

Summary of Contents for NETGEAR ProSafe M7100-24X

  • Page 1: User Manual

    ProSafe Managed Switch Command Line Interface (CLI) User Manual 10.0.1 M7100-24X M4100-D10-POE M4100-26-POE M4100-50-POE M4100-D12G M4100-26G M4100-50G M4100-26G-POE M4100-48G-POE+ 350 East Plumeria Drive San Jose, CA 95134 October 2012 202-1xxxx-01...

  • Page 2: Revision History

    NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change without notice. Other brand and product names are registered trademarks or trademarks of their respective holders.

  • Page 3: Table Of Contents

    Contents Chapter 1 Using the Command-Line Interface Licensing and Command Support ....... . 8 Command Syntax .
  • Page 4 ProSafe M4100 Series Managed Switches IGMP Snooping Configuration Commands ..... . . 146 IGMP Snooping Querier Commands ......154 MLD Snooping Commands .
  • Page 5 ProSafe M4100 Series Managed Switches Chapter 6 IPv6 Commands Tunnel Interface Commands ........351 IPv6 Routing Commands .
  • Page 6 ProSafe M4100 Series Managed Switches Software License Commands ....... . . 600 IP Address Conflict Commands .
  • Page 7 ProSafe M4100 Series Managed Switches Index...

  • Page 8: Chapter 1 Using The Command-Line Interface

    As shown in the following table, some command groups or commands require a license and some are supported on particular switch models. For those requiring a license, license keys are available from your VAR or NETGEAR authorized e-commerce portal. License activation is described in the Software Setup Manual.
  • Page 9 ProSafe M4100 Series Managed Switches Command Group or Command M4100 M7100 Non-Stop Forwarding Commands Supported Supported Router Discovery Protocol Commands Not supported Not supported Virtual Router Redundancy Protocol Commands Not supported Not supported Open Shortest Path First (OSPF) Commands Not supported Not supported OSPF Graceful Restart Commands Not supported...

  • Page 10: Command Syntax

    ProSafe M4100 Series Managed Switches Command Syntax A command is one or more words that might be followed by one or more parameters. Parameters can be required or optional values. Some commands, such as show network or clear vlan, do not require parameters. Other commands, such as network parms, require that you supply a value after the command.

  • Page 11: Common Parameter Values

    ProSafe M4100 Series Managed Switches Table 1. Parameter Conventions Symbol Example Description {choice1 | {} curly braces Indicates that you must select a parameter from the list of choice2} choices. choice1 | choice2 | Vertical bars Separates the mutually exclusive choices. [{choice1 | [{}] Braces within Indicates a choice within an optional element.

  • Page 12: Unit/Slot/Port Naming Convention

    ProSafe M4100 Series Managed Switches Unit/Slot/Port Naming Convention Managed switch software references physical entities such as cards and ports by using a unit/slot/port naming convention. The software also uses this convention to identify certain logical entities, such as Port-Channel interfaces. The slot number has two uses.

  • Page 13: Using A Command's "No" Form

    ProSafe M4100 Series Managed Switches the no shutdown configuration command reverses the shutdown of an interface. Use the command without the keyword no to re-enable a disabled feature or to enable a feature that is disabled by default. Only the configuration commands are available in the no form. Managed Switch Modules Managed switch software consists of flexible modules that can be applied in various combinations to develop advanced Layer 2/3/4+ products.
  • Page 14 ProSafe M4100 Series Managed Switches Table 5. CLI Command Modes Command Mode Prompt Mode Description Switch> User EXEC Contains a limited set of commands to view basic system information. Switch# Privileged EXEC Allows you to issue any EXEC command, enter the VLAN mode, or enter the Global Configuration mode.
  • Page 15 ProSafe M4100 Series Managed Switches Table 5. CLI Command Modes (Continued) Command Mode Prompt Mode Description DHCPv6 Pool Switch (Config dhcp6-pool)# Contains the DHCPv6 server IPv6 address pool Config configuration commands. Stack Global Switch (Config stack)# Allows you to access the Stack Global Config Config Mode Mode.
  • Page 16 ProSafe M4100 Series Managed Switches Table 6. CLI Mode Access and Exit (Continued) Command Mode Access Method Exit or Access Previous Mode Ipv6-Class-Map From the Global Config mode, To exit to the Global Config mode, enter exit. To Config enter return to the Privileged EXEC mode, enter class-map and specify the Ctrl-Z.

  • Page 17: Command Completion And Abbreviation

    ProSafe M4100 Series Managed Switches Command abbreviation allows you to execute a command when you have entered there are enough letters to uniquely identify the command. You must enter all of the required keywords and parameters before you enter the command. CLI Error Messages If you enter a command and the system is unable to execute it, an error message appears.

  • Page 18: Cli Line-Editing Conventions

    ProSafe M4100 Series Managed Switches Table 8. CLI Editing Conventions (Continued) Key Sequence Description Ctrl-P Go to previous line in history buffer Ctrl-R Rewrites or pastes the line Ctrl-N Go to next line in history buffer Ctrl-Y Prints last deleted character Ctrl-Q Enables serial flow Ctrl-S...

  • Page 19: Accessing The Cli

    ProSafe M4100 Series Managed Switches If there are no additional command keywords or parameters, or if additional parameters are optional, the following message appears in the output: <cr> Press Enter to execute the command You can also enter a question mark (?) after typing one or more characters of a word to list the available command or parameters that begin with the letters, as shown in the following example: (switch) #show m?

  • Page 20: Chapter 2 Switching Commands

    Switching Commands This chapter describes the switching commands available in the managed switch CLI. This chapter contains the following sections: • Port Configuration Commands • Loopback Interface Commands • Spanning Tree Protocol (STP) Commands • VLAN Commands • Double VLAN Commands •...

  • Page 21: Port Configuration Commands

    ProSafe Managed Switch • Port Security Commands • LLDP (802.1AB) Commands • LLDP-MED Commands • Denial of Service Commands • MAC Database Commands • ISDP Commands • Priority-Based Flow Control Commands The commands in this chapter are in three functional groups: •...

  • Page 22: Auto-Negotiate All

    ProSafe Managed Switch Note: The IP address cannot be assigned to a LAG virtual interface. The interface must be put under a VLAN group and an IP address assigned to the VLAN group. Format interface lag <lag id> Mode Global Config auto-negotiate This command enables automatic negotiation on a port.
  • Page 23 ProSafe Managed Switch description Use this command to create an alpha-numeric description of the port. Format description <description> Mode Interface Config Use the mtu command to set the maximum transmission unit (MTU) size, in bytes, for frames that ingress or egress the interface. You can use the mtu command to configure jumbo frame support for physical and port-channel (LAG) interfaces.

  • Page 24: Shutdown All

    ProSafe Managed Switch Format shutdown Mode Interface Config no shutdown This command enables a port. Format no shutdown Mode Interface Config shutdown all This command disables all ports. Note: You can use the shutdown all command on physical and port-channel (LAG) interfaces, but not on VLAN routing interfaces. Format shutdown all Mode...

  • Page 25: Speed All

    ProSafe Managed Switch Acceptable Definition Values 10BASE-T half duplex 10BASE-T full duplex speed all This command sets the speed and duplex setting for all interfaces. Format speed all {<100 | 10> <half-duplex | full-duplex>} Mode Global Config Acceptable Definition Values 100h 100BASE-T half duplex 100f...

  • Page 26: Show Port Protocol

    ProSafe Managed Switch Term Definition Link Status The Link is up or down. Link Trap This object determines whether or not to send a trap when link status changes. The factory default is enabled. LACP Mode LACP is enabled or disabled on this port. show port protocol This command displays the Protocol-Based VLAN information for either the entire system, or for the indicated group.

  • Page 27: Loopback Interface Commands

    ProSafe Managed Switch Term Definition Interface Valid slot and port number separated by forward slashes. Media Type “Copper” or “Fiber” for combo port. STP Mode Indicate the spanning tree mode of the port. Physical Mode Either “Auto” or fixed speed and duplex mode. Physical Status The actual speed and duplex mode.

  • Page 28: Show Interface Loopback

    ProSafe Managed Switch show interface loopback This command displays information about configured loopback interfaces. Format show interface loopback [<loopback-id>] Mode Privileged EXEC If you do not specify a loopback ID, the following information appears for each loopback interface on the system: Term Definition Loopback ID...

  • Page 29: Spanning Tree Protocol (Stp) Commands

    ProSafe Managed Switch Spanning Tree Protocol (STP) Commands This section describes the commands you use to configure Spanning Tree Protocol (STP). STP helps prevent network loops, duplicate messages, and network instability. spanning-tree This command sets the spanning-tree operational mode to enabled. Default enabled Format...

  • Page 30: Spanning-Tree Bpdufilter Default

    ProSafe Managed Switch no spanning-tree bpdufilter Use this command to disable BPDU Filter on the interface or range of interfaces. Default disabled Format no spanning-tree bpdufilter Mode Interface Config spanning-tree bpdufilter default Use this command to enable BPDU Filter on all the edge port interfaces. Default disabled Format...

  • Page 31: Spanning-Tree Bpduguard

    ProSafe Managed Switch spanning-tree bpduguard Use this command to enable BPDU Guard on the switch. Default disabled Format spanning-tree bpduguard Mode Global Config no spanning-tree bpduguard Use this command to disable BPDU Guard on the switch. Format no spanning-tree bpduguard Mode Global Config spanning-tree bpdumigrationcheck...

  • Page 32: Spanning-Tree Configuration Revision

    ProSafe Managed Switch spanning-tree configuration revision This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using. The Configuration Identifier Revision Level is a number in the range of 0 to 65535. Default Format spanning-tree configuration revision <0-65535>...

  • Page 33: Spanning-Tree Forward-Time

    ProSafe Managed Switch • Use 802.1s to specify that the switch transmits MST BPDUs (IEEE 802.1s functionality supported). • Use 802.1w to specify that the switch transmits RST BPDUs rather than MST BPDUs (IEEE 802.1w functionality supported). no spanning-tree forceversion This command sets the Force Protocol Version parameter to the default value.

  • Page 34: Spanning-Tree Tcnguard

    ProSafe Managed Switch spanning-tree tcnguard This command enables the propagation of received topology change notifications and topology changes to other ports. Default disable Format spanning-tree tcnguard Mode Interface Config no spanning-tree tcnguard This command disables the propagation of received topology change notifications and topology changes to other ports.

  • Page 35: Spanning-Tree Mst

    ProSafe Managed Switch no spanning-tree max-hops This command sets the Bridge Max Hops parameter for the common and internal spanning tree to the default value. Format no spanning-tree max-hops Mode Global Config spanning-tree mst This command sets the Path Cost or Port Priority for this port within the multiple spanning tree instance or in the common and internal spanning tree.

  • Page 36: Spanning-Tree Mst Instance

    ProSafe Managed Switch If the you specify cost, this command sets the path cost for this port within a multiple spanning tree instance or the common and internal spanning tree instance, depending on the <mstid> parameter, to the default value, i.e. a path cost value based on the Link Speed. If you specify external-cost, this command sets the external path cost for this port for mst ‘0’...

  • Page 37: Spanning-Tree Mst Vlan

    ProSafe Managed Switch are masked according to the 802.1s specification. This causes the priority to be rounded down to the next lower valid priority. Default 32768 Format spanning-tree mst priority <mstid> <0-61440> Mode Global Config no spanning-tree mst priority This command sets the bridge priority for a specific multiple spanning tree instance to the default value.

  • Page 38: Spanning-Tree Port Mode

    ProSafe Managed Switch spanning-tree port mode This command sets the Administrative Switch Port State for this port to enabled. Default enabled Format spanning-tree port mode Mode Interface Config no spanning-tree port mode This command sets the Administrative Switch Port State for this port to disabled. Format no spanning-tree port mode Mode...

  • Page 39: Spanning-Tree Bpduforwarding

    ProSafe Managed Switch spanning-tree bpduforwarding Normally a switch will not forward Spanning Tree Protocol (STP) BPDU packets if STP is disabled. However, if in some network setup, the user wishes to forward BDPU packets received from other network devices, this command can be used to enable the forwarding. Default disabled Format...

  • Page 40: Show Spanning-Tree Brief

    ProSafe Managed Switch Term Definition Root Port Identifier of the port to access the Designated Root for the CST Identifier Root Port Max Derived value. Root Port Derived value. Bridge Forward Delay Hello Time Configured value of the parameter for the CST. Bridge Hold Minimum time between transmission of Configuration Bridge Protocol Data Units Time...

  • Page 41: Show Spanning-Tree Interface

    ProSafe Managed Switch show spanning-tree interface This command displays the settings and parameters for a specific switch port within the common and internal spanning tree. The <unit/slot/port> is the desired switch port. The following details are displayed on execution of the command. Format show spanning-tree interface <unit/slot/port>...
  • Page 42 ProSafe Managed Switch corresponds to the desired existing multiple spanning tree instance. The <unit/slot/port> is the desired switch port. Format show spanning-tree mst port detailed <mstid> <unit/slot/port> Mode • Privileged EXEC • User EXEC Term Definition MST Instance ID The ID of the existing MST instance. Port Identifier The port identifier for the specified port within the selected MST instance.
  • Page 43 ProSafe Managed Switch tree. The <unit/slot/port> is the desired switch port. In this case, the following are displayed. Term Definition Port Identifier The port identifier for this port within the CST. Port Priority The priority of the port within the CST. Port Forwarding The forwarding state of the port within the CST.

  • Page 44: Show Spanning-Tree Mst Port Summary

    ProSafe Managed Switch Term Definition Transitions Into The number of times this interface has transitioned into loop inconsistent state. Loop Inconsistent State Transitions Out The number of times this interface has transitioned out of loop inconsistent state. of Loop Inconsistent State show spanning-tree mst port summary This command displays the settings of one or all ports within the specified multiple spanning...

  • Page 45: Show Spanning-Tree Mst Summary

    ProSafe Managed Switch Term Definition mstid The ID of the existing MST instance. Interface unit/slot/port STP Mode Indicates whether spanning tree is enabled or disabled on the port. Type Currently not used. STP State The forwarding state of the port in the specified spanning tree instance. Port Role The role of the specified port within the spanning tree.

  • Page 46: Vlan Commands

    ProSafe Managed Switch Term Definition Spanning Tree Enabled or disabled. Adminmode Spanning Tree Version of 802.1 currently supported (IEEE 802.1s, IEEE 802.1w, or IEEE 802.1d) based Version upon the Force Protocol Version parameter. BPDU Guard Enabled or disabled. Mode BPDU Filter Enabled or disabled.

  • Page 47: Vlan Database

    ProSafe Managed Switch vlan database This command gives you access to the VLAN Config mode, which allows you to configure VLAN characteristics. Format vlan database Mode Privileged EXEC network mgmt_vlan This command configures the Management VLAN ID. Default Format network mgmt_vlan <1-4093> Mode Privileged EXEC no network mgmt_vlan...

  • Page 48: Vlan Acceptframe

    ProSafe Managed Switch vlan acceptframe This command sets the frame acceptance mode per interface. For VLAN Only mode, untagged frames or priority frames received on this interface are discarded. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port.

  • Page 49: Vlan Makestatic

    ProSafe Managed Switch vlan makestatic This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 2-4093. Format vlan makestatic <2-4093>...

  • Page 50: Vlan Participation All

    ProSafe Managed Switch vlan participation all This command configures the degree of participation for all interfaces in a VLAN. The ID is a valid VLAN identification number. Format vlan participation all {exclude | include | auto} <1-4093> Mode Global Config You can use the following participation options: Participation Definition...

  • Page 51: Vlan Port Ingressfilter All

    ProSafe Managed Switch assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification. Format no vlan port acceptframe all Mode Global Config vlan port ingressfilter all This command enables ingress filtering for all ports.

  • Page 52: Vlan Port Tagging All

    ProSafe Managed Switch vlan port tagging all This command configures the tagging behavior for all interfaces in a VLAN to enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. Format vlan port tagging all <1-4093>...

  • Page 53: Vlan Protocol Group Add Protocol

    ProSafe Managed Switch no vlan protocol group name This command removes the name from a protocol-based VLAN groups. Format group name <1-128> no vlan protocol Mode Global Config vlan protocol group add protocol This command adds the protocol to the protocol-based VLAN identified by groupid. A group may have more than one protocol associated with it.

  • Page 54: Protocol Vlan Group

    ProSafe Managed Switch no protocol group This command removes the <vlanid> from this protocol-based VLAN group that is identified by this <groupid>. Format no protocol group <groupid> <vlanid> Mode VLAN Config protocol vlan group This command adds the physical interface to the protocol-based VLAN identified by <groupid>.

  • Page 55: Vlan Pvid

    ProSafe Managed Switch no protocol vlan group all This command removes all interfaces from this protocol-based VLAN group that is identified by this <groupid>. Format no protocol vlan group all <groupid> Mode Global Config vlan pvid This command changes the VLAN ID per interface. Default Format vlan pvid <1-4093>...

  • Page 56: Vlan Association Subnet

    ProSafe Managed Switch vlan association subnet This command associates a VLAN to a specific IP-subnet. Format vlan association subnet <ipaddr> <netmask> <1-4093> Mode VLAN Config no vlan association subnet This command removes association of a specific IP-subnet to a VLAN. Format no vlan association subnet <ipaddr>...

  • Page 57: Show Vlan

    ProSafe Managed Switch show vlan <vlanid> This command displays detailed information, including interface information, for a specific VLAN. The ID is a valid VLAN identification number. Format show vlan <vlanid> Mode • Privileged EXEC • User EXEC Term Definition VLAN ID There is a VLAN Identifier (VID) associated with each VLAN.

  • Page 58: Show Vlan Brief

    ProSafe Managed Switch show vlan brief This command displays a list of all configured VLANs. Format show vlan brief Mode • Privileged EXEC • User EXEC Term Definition VLAN ID There is a VLAN Identifier (vlanid) associated with each VLAN. The range of the VLAN ID is 1 to 3965.

  • Page 59: Double Vlan Commands

    ProSafe Managed Switch show vlan association subnet This command displays the VLAN associated with a specific configured IP-Address and net mask. If no IP address and net mask are specified, the VLAN associations of all the configured IP-subnets are displayed. Format show vlan association subnet [<ipaddr>...

  • Page 60: Dvlan-Tunnel Ethertype

    ProSafe Managed Switch dvlan-tunnel ethertype This command configures the ether-type for all interfaces. The ether-type may have the values of 802.1Q, vMAN, or custom. If the ether-type has a value of custom, the optional value of the custom ether type must be set to a value from 0 to 65535. Default vman Format...

  • Page 61: Show Dot1Q-Tunnel

    ProSafe Managed Switch no mode dvlan-tunnel This command is used to disable Double VLAN Tunneling on the specified interface. By default, Double VLAN Tunneling is disabled. Format no mode dvlan-tunnel Mode Interface Config show dot1q-tunnel Use this command without the optional parameters to display all interfaces enabled for Double VLAN Tunneling.

  • Page 62: Voice Vlan Commands

    ProSafe Managed Switch Term Definition Mode The administrative mode through which Double VLAN Tunneling can be enabled or disabled. The default value for this field is disabled. EtherType A 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. There are three different EtherType tags.

  • Page 63: Voice Vlan Data Priority

    ProSafe Managed Switch Format voice vlan {<id> | dot1p <priority> | none | untagged} Mode Interface Config You can configure Voice VLAN in any of the following ways: Parameter Description vlan-id Configure the IP phone to forward all voice traffic through the specified VLAN. Valid VLAN IDs are from 1 to 4093 (the maximum supported by the platform).

  • Page 64: Provisioning (Ieee 802.1P) Commands

    ProSafe Managed Switch When the interface is specified: Term Definition Voice VLAN Interface Mode The admin mode of the Voice VLAN on the interface. Voice VLAN ID The Voice VLAN ID Voice VLAN Priority The do1p priority for the Voice VLAN on the port. Voice VLAN Untagged The tagging option for the Voice VLAN traffic.

  • Page 65: Switchport Protected (Interface Config)

    ProSafe Managed Switch If an interface is configured as a protected port, and you add that interface to a Port Channel or Link Aggregation Group (LAG), the protected port status becomes operationally disabled on the interface, and the interface follows the configuration of the LAG port. However, the protected port configuration for the interface remains unchanged.

  • Page 66: Show Switchport Protected

    ProSafe Managed Switch Default unprotected Format switchport protected <groupid> Mode Interface Config no switchport protected (Interface Config) Use this command to configure a port as unprotected. The groupid parameter identifies the set of protected ports to which this interface is assigned. Format no switchport protected <groupid>...

  • Page 67: Private Vlan

    ProSafe Managed Switch Private VLAN The Private VLANs feature separates a regular VLAN domain into two or more subdomains. Each subdomain is defined (represented) by a primary VLAN and a secondary VLAN. The primary VLAN ID is the same for all subdomains that belong to a private VLAN. The secondary VLAN ID differentiates subdomains from each other and provides Layer 2 isolation between ports of the same private VLAN.

  • Page 68: Switchport Mode Private-Vlan

    ProSafe Managed Switch Term Definition host-association Defines VLAN association for community or host ports. mapping Defines the private VLAN mapping for promiscuous ports. primary-vlan-id Primary VLAN ID of a private VLAN. secondary-vlan-id Secondary (isolated or community) VLAN ID of a private VLAN. Associates the secondary VLAN with the primary one.

  • Page 69: Show Vlan

    ProSafe Managed Switch private-vlan This command is used to configure the private VLANs and to configure the association between the primary private VLAN and secondary VLANs. Format private-vlan {association [add | remove] secondary-vlan-list | community | isolated | primary} Mode VLAN Config Term Definition...

  • Page 70: Garp Commands

    ProSafe Managed Switch Term Definition Private -vlan Displays information about the configured private VLANs type Displays only private VLAN ID and its type. Primary Displays primary VLAN ID Secondary Displays secondary VLAN ID Type Displays secondary VLAN type Ports Displays ports which are associated with a private VLAN show interface ethernet <unit/slot/port >...

  • Page 71: Set Garp Timer Leave

    ProSafe Managed Switch no set garp timer join This command sets the GVRP join time (for one or all ports and per GARP) to the default and only has an effect when GVRP is enabled. Format no set garp timer join Mode •...

  • Page 72: Gvrp Commands

    ProSafe Managed Switch no set garp timer leaveall This command sets how frequently Leave All PDUs are generated the default and only has an effect when GVRP is enabled. Format no set garp timer leaveall Mode • Interface Config • Global Config show garp This command displays GARP information.

  • Page 73: Set Gvrp Interfacemode

    ProSafe Managed Switch no set gvrp adminmode This command disables GVRP. Format no set gvrp adminmode Mode Privileged EXEC set gvrp interfacemode This command enables GVRP on a single port (Interface Config mode) or all ports (Global Config mode). Default disabled Format set gvrp interfacemode...

  • Page 74: Gmrp Commands

    ProSafe Managed Switch Term Definition Leave Timer The period of time to wait after receiving an unregister request for an attribute before deleting the attribute. Current attributes are a VLAN or multicast group. This may be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service.

  • Page 75: Set Gmrp Interfacemode

    ProSafe Managed Switch set gmrp interfacemode This command enables GARP Multicast Registration Protocol on a single interface (Interface Config mode) or all interfaces (Global Config mode). If an interface which has GARP enabled is enabled for routing or is enlisted as a member of a port-channel (LAG), GARP functionality is disabled on that interface.

  • Page 76: Port-Based Network Access Control Commands

    ProSafe Managed Switch Term Definition Leave Timer The period of time to wait after receiving an unregister request for an attribute before deleting the attribute. Current attributes are a VLAN or multicast group. This may be considered a buffer time for another station to assert registration for the same attribute in order to maintain uninterrupted service.

  • Page 77: Clear Dot1X Statistics

    ProSafe Managed Switch clear dot1x statistics This command resets the 802.1x statistics for the specified port or for all ports. Format clear dot1x statistics {<unit/slot/port> | all} Mode Privileged EXEC clear radius statistics This command is used to clear all RADIUS statistics. Format clear radius statistics Mode...

  • Page 78: Dot1X Max-Req

    ProSafe Managed Switch devices’ MAC address as an identifier. This requires that the known and allowable MAC address and corresponding access rights be pre-populated in the authentication server. MAB works only when the port control mode of the port is MAC-based. Format dot1x mac-auth-bypass Mode...

  • Page 79: Dot1X Port-Control

    ProSafe Managed Switch no dot1x max-users This command resets the maximum number of clients allowed per port to its default value. Format no dot1x max-req Mode Interface Config dot1x port-control This command sets the authentication mode to use on the specified port. Select force-unauthorized to specify that the authenticator PAE unconditionally sets the controlled port to unauthorized.

  • Page 80: Dot1X Re-Authenticate

    ProSafe Managed Switch no dot1x port-control all This command sets the authentication mode on all ports to the default value. Format no dot1x port-control all Mode Global Config dot1x re-authenticate This command begins the re-authentication sequence on the specified port. This command is only valid if the control mode for the specified port is “auto”...

  • Page 81: Dot1X Timeout

    ProSafe Managed Switch no dot1x system-auth-control This command is used to disable the dot1x authentication support on the switch. Format no dot1x system-auth-control Mode Global Config dot1x timeout This command sets the value, in seconds, of the timer used by the authenticator state machine on this port.

  • Page 82: Dot1X User

    ProSafe Managed Switch no dot1x timeout This command sets the value, in seconds, of the timer used by the authenticator state machine on this port to the default values. Depending on the token used, the corresponding default values are set. Format no dot1x timeout {guest-vlan-period | reauth-period | quiet-period | tx-period | supp-timeout | server-timeout}...

  • Page 83: Clear Dot1X Authentication-History

    ProSafe Managed Switch clear dot1x authentication-history This command clears the authentication history table captured during successful and unsuccessful authentication on all interface or the specified interface. Format clear dot1x authentication-history [unit/slot/port] Mode Global Config dot1x dynamic-vlan enable Use this command to enable the switch to create VLANs dynamically when a RADIUS assigned VLAN does not exist in the switch.

  • Page 84: Show Authentication Methods

    ProSafe Managed Switch show dot1x authentication-history This command displays 802.1X authentication events and information during successful and unsuccessful Dot1x authentication process for all interfaces or the specified interface. Use the optional keywords to display only failure authentication events in summary or in detail. Format show dot1x authentication-history {unit/slot/port | all} [failedauth-only] [detail]...

  • Page 85: Show Dot1X

    ProSafe Managed Switch show dot1x This command is used to show a summary of the global dot1x configuration, summary information of the dot1x configuration for a specified port or all ports, the detailed dot1x configuration for a specified port and the dot1x statistics for a specified port - depending on the tokens used.
  • Page 86 ProSafe Managed Switch If you use the optional parameter 'detail <unit/slot/port>', the detailed dot1x configuration for the specified port is displayed. Term Definition Port The interface whose configuration is displayed. Protocol Version The protocol version associated with this port. The only possible value is 1, corresponding to the first version of the dot1x specification.
  • Page 87 ProSafe Managed Switch Term Definition Reauthentication The timer used by the authenticator state machine on this port to determine when Period reauthentication of the supplicant takes place. The value is expressed in seconds and will be in the range of 1 and 65535. Reauthentication Indicates if reauthentication is enabled on this port.

  • Page 88: Show Dot1X Clients

    ProSafe Managed Switch If you use the optional parameter statistics <unit/slot/port>, the following dot1x statistics for the specified port appear. Term Definition Port The interface whose statistics are displayed. EAPOL Frames The number of valid EAPOL frames of any type that have been received by this Received authenticator.

  • Page 89: Show Dot1X Users

    ProSafe Managed Switch Term Definition Clients Indicates the number of the Dot1x clients authenticated using Monitor mode. Authenticated using Monitor Mode Clients Indicates the number of Dot1x clients authenticated using 802.1x authentication process. Authenticated using Dot1x Logical The logical port number associated with a client. Interface Interface The physical port to which the supplicant is associated.

  • Page 90: 802.1X Supplicant Commands

    ProSafe Managed Switch 802.1X Supplicant Commands 802.1X (“dot1x”) supplicant functionality is on point-to-point ports. The administrator can configure the user name and password used in authentication and capabilities of the supplicant port. dot1x pae Use this command to set the port’s dot1x role. The port can serve as either a supplicant or an authenticator.

  • Page 91: Dot1X Supplicant Max-Start

    ProSafe Managed Switch dot1x supplicant max-start Use this command to configure the number of attempts that the supplicant makes to find the authenticator before the supplicant assumes that there is no authenticator. Default Format dot1x supplicant max-start <1-10> Mode Interface Config no dot1x supplicant max-start Use this command to set the max-start value to the default.

  • Page 92: Storm-Control Commands

    ProSafe Managed Switch no dot1x supplicant timeout held-period Use this command to set the held-period value to the default value. Format no dot1x supplicant timeout held-period Mode Interface Config dot1x supplicant timeout auth-period Use this command to configure the authentication period timer interval to wait for the next EAP request challenge from the authenticator.

  • Page 93: Storm-Control Broadcast

    ProSafe Managed Switch multicast, or unicast traffic will be dropped. The Storm-Control feature allows you to limit the rate of specific types of packets through the switch on a per-port, per-type, basis. Configuring a storm-control level also enables that form of storm-control. Disabling a storm-control level (using the “no”...

  • Page 94: Storm-Control Broadcast Rate

    ProSafe Managed Switch interface increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of broadcast traffic is limited to the configured threshold. Default Format storm-control broadcast level <0-100> Mode Interface Config no storm-control broadcast level This command sets the broadcast storm recovery threshold to the default value for an interface and disables broadcast storm recovery.

  • Page 95: Storm-Control Broadcast Level (Global)

    ProSafe Managed Switch Format storm-control broadcast Mode Global Config no storm-control broadcast This command disables broadcast storm recovery mode for all interfaces. Format no storm-control broadcast Mode Global Config storm-control broadcast level (Global) This command configures the broadcast storm recovery threshold for all interfaces as a percentage of link speed and enables broadcast storm recovery.

  • Page 96: Storm-Control Multicast

    ProSafe Managed Switch no storm-control broadcast rate This command sets the broadcast storm recovery threshold to the default value for all interfaces and disables broadcast storm recovery. Format no storm-control broadcast rate Mode Global Config storm-control multicast This command enables multicast storm recovery mode for an interface. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.

  • Page 97: Storm-Control Multicast Rate

    ProSafe Managed Switch storm-control multicast rate Use this command to configure the multicast storm recovery threshold for an interface in packets per second. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped.

  • Page 98: Storm-Control Multicast Rate (Global)

    ProSafe Managed Switch interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold. Default Format storm-control multicast level <0-100> Mode Global Config no storm-control multicast level This command sets the multicast storm recovery threshold to the default value for all interfaces and disables multicast storm recovery.

  • Page 99: Storm-Control Unicast Level

    ProSafe Managed Switch Format storm-control unicast Mode Interface Config no storm-control unicast This command disables unicast storm recovery mode for an interface. Format no storm-control unicast Mode Interface Config storm-control unicast level This command configures the unicast storm recovery threshold for an interface as a percentage of link speed, and enables unicast storm recovery.

  • Page 100: Storm-Control Unicast (Global)

    ProSafe Managed Switch no storm-control unicast rate This command sets the unicast storm recovery threshold to the default value for an interface and disables unicast storm recovery. Format no storm-control unicast rate Mode Interface Config storm-control unicast (Global) This command enables unicast storm recovery mode for all interfaces. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.

  • Page 101: Storm-Control Unicast Rate (Global)

    ProSafe Managed Switch no storm-control unicast level This command sets the unicast storm recovery threshold to the default value and disables unicast storm recovery for all interfaces. Format no storm-control unicast level Mode Global Config storm-control unicast rate (Global) Use this command to configure the unicast storm recovery threshold for all interfaces in packets per second.

  • Page 102: Flow Control Commands

    ProSafe Managed Switch Use the all keyword to display the per-port configuration parameters for all interfaces, or specify the unit/slot/port to display information about a specific interface. Format show storm-control [all | <unit/slot/port>] Mode Privileged EXEC Term Definition Bcast Mode Shows whether the broadcast storm control mode is enabled or disabled.

  • Page 103: Port-Channel/Lag (802.3Ad) Commands

    ProSafe Managed Switch no flowcontrol Format no flowcontrol Mode • Global Config • Interface Config show flowcontrol Use this command to display the IEEE 802.3 Annex 31B flow control settings and status for a specific interface or all interfaces. It also displays 802.3 Tx and Rx pause counts. Priority Flow Control frames counts are not displayed.

  • Page 104: Deleteport (Global Config)

    ProSafe Managed Switch A port-channel (LAG) interface can be either static or dynamic, but not both. All members of a port channel must participate in the same protocols.) A static port-channel interface does not require a partner system to be able to aggregate its member ports. Note: If you configure the maximum number of dynamic port-channels (LAGs) that your platform supports, additional port-channels that you...

  • Page 105: Lacp Admin Key

    ProSafe Managed Switch lacp admin key Use this command to configure the administrative value of the key for the port-channel. The value range of <key> is 0 to 65535. Default 0x8000 Format lacp admin key <key> Mode Interface Config Note: This command is only applicable to port-channel interfaces.

  • Page 106: Lacp Actor Admin State Individual

    ProSafe Managed Switch lacp actor admin key Use this command to configure the administrative value of the LACP actor admin key. The valid range for <key> is 0-65535. Default Internal Interface Number of this Physical Port Format lacp actor admin key <key> Mode Interface Config Note:...

  • Page 107: Lacp Actor Admin State Passive

    ProSafe Managed Switch Note: This command is only applicable to physical interfaces. no lacp actor admin state longtimeout Use this command to set the LACP actor admin state to short timeout. Format no lacp actor admin state longtimeout Mode Interface Config Note: This command is only applicable to physical interfaces.

  • Page 108: Lacp Actor System Priority

    ProSafe Managed Switch no lacp actor port priority Use this command to configure the default priority value assigned to the Aggregation Port. Format no lacp actor port priority Mode Interface Config lacp actor system priority Use this command to configure the priority value associated with the LACP Actor’s SystemID. The range for <priority>...

  • Page 109: Lacp Partner Admin State Individual

    ProSafe Managed Switch no lacp partner admin key Use this command to configure the administrative value of the Key for the protocol partner. Format no lacp partner admin key <key> Mode Interface Config lacp partner admin state individual Use this command to set LACP partner admin state to individual. Format lacp partner admin state individual Mode...

  • Page 110: Lacp Partner Port Id

    ProSafe Managed Switch lacp partner admin state passive Use this command to set the LACP partner admin state to passive. Format lacp partner admin state passive Mode Interface Config Note: This command is only applicable to physical interfaces. no lacp partner admin state passive Use this command to set the LACP partner admin state to active.

  • Page 111: Lacp Partner System Priority

    ProSafe Managed Switch Format lacp partner port priority <priority> Mode Interface Config Note: This command is only applicable to physical interfaces. no lacp partner port priority Use this command to configure the default LACP partner port priority. Format no lacp partner port priority Mode Interface Config lacp partner system id...

  • Page 112: Port-Channel Local-Preference

    ProSafe Managed Switch Note: This command is applicable only to physical interfaces. no lacp partner system priority Use this command to configure the default administrative value of priority associated with the Partner’s System ID. Format no lacp partner system priority Mode Interface Config port-channel local-preference...

  • Page 113: Port Lacpmode

    ProSafe Managed Switch no port-channel static This command sets the static mode on a particular port-channel (LAG) interface to the default value. This command will be executed only for interfaces of type port-channel (LAG). Format no port-channel static Mode Interface Config port lacpmode This command enables Link Aggregation Control Protocol (LACP) on a port.

  • Page 114: Port Lacptimeout (Global Config)

    ProSafe Managed Switch no port lacptimeout This command sets the timeout back to its default value on a physical interface of a particular device type (actor or partner). Format no port lacptimeout {actor | partner} Mode Interface Config port lacptimeout (Global Config) This command sets the timeout for all interfaces of a particular device type (actor or partner) to either long or short timeout.

  • Page 115: Port-Channel Linktrap

    ProSafe Managed Switch port-channel linktrap This command enables link trap notifications for the port-channel (LAG). The interface is a enables link trap logical unit/slot/port for a configured port-channel. The option all notifications for all the configured port-channels. Default enabled Format port-channel linktrap {<logical unit/slot/port>...

  • Page 116: Port-Channel Name

    ProSafe Managed Switch Term Definition Source MAC, VLAN, EtherType, and incoming port associated with the packet Destination MAC, VLAN, EtherType, and incoming port associated with the packet Source/Destination MAC, VLAN, EtherType, and incoming port associated with the packet Source IP and Source TCP/UDP fields of the packet Destination IP and Destination TCP/UDP Port fields of the packet Source/Destination IP and source/destination TCP/UDP Port fields of the packet Enhanced Hashing Mode...

  • Page 117: Show Lacp Actor

    ProSafe Managed Switch port-channel system priority Use this command to configure port-channel system priority. The valid range of <priority> is 0-65535. Default 0x8000 Format port-channel system priority <priority> Mode Global Config no port-channel system priority Use this command to configure the default port-channel system priority value. Format no port-channel system priority Mode...

  • Page 118: Show Port-Channel Brief

    ProSafe Managed Switch The following output parameters are displayed. Parameter Description System Priority The administrative value of priority associated with the Partner’s System ID. System ID The value representing the administrative value of the Aggregation Port’s protocol Partner’s System ID. Admin Key The administrative value of the Key for the protocol Partner.

  • Page 119: Port Mirroring

    ProSafe Managed Switch Term Definition Logical Valid slot and port number separated by forward slashes. Interface Port-Channel The name of this port-channel (LAG). You may enter any string of up to 15 alphanumeric Name characters. Link State Indicates whether the Link is up or down. Admin Mode May be enabled or disabled.

  • Page 120: No Monitor

    ProSafe Managed Switch specify the interface to receive the monitored traffic. Use the mode parameter to enabled the administrative mode of the session. If enabled, the probe port monitors all the traffic received and transmitted on the physical monitored port. Format monitor session <session-id>...

  • Page 121: Static Mac Filtering

    ProSafe Managed Switch show monitor session This command displays the Port monitoring information for a particular mirroring session. Note: The <session-id> parameter is an integer value used to identify the session. In the current version of the software, the <session-id> parameter is always one (1) Format show monitor session <session-id>...

  • Page 122: Macfilter Adddest

    ProSafe Managed Switch • For multicast MAC address filters with destination ports configured, the maximum number of static filters supported is 256. For example, for current platforms you can configure the following combinations: • Unicast MAC and source port (max = 20) •...

  • Page 123: Macfilter Adddest All

    ProSafe Managed Switch 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The <vlanid> parameter must identify a valid VLAN. Format no macfilter adddest <macaddr> <vlanid> Mode Interface Config macfilter adddest all This command adds all interfaces to the destination filter set for the MAC filter with the given <macaddr>...

  • Page 124: Macfilter Addsrc All

    ProSafe Managed Switch specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The <vlanid> parameter must identify a valid VLAN. Format no macfilter addsrc <macaddr> <vlanid> Mode Interface Config macfilter addsrc all This command adds all interfaces to the source filter set for the MAC filter with the MAC address of <macaddr>...

  • Page 125: Dhcp L2 Relay Agent Commands

    ProSafe Managed Switch Note: Only multicast address filters will have destination port lists. show mac-address-table staticfiltering This command displays the Static Filtering entries in the Multicast Forwarding Database (MFDB) table. Format show mac-address-table staticfiltering Mode Privileged EXEC Term Definition Mac Address A unicast MAC address for which the switch has forwarding and or filtering information.

  • Page 126: Dhcp L2Relay Circuit-Id Vlan

    ProSafe Managed Switch no dhcp l2relay Use this command to disable the DHCP Layer 2 relay agent for an interface or range of interfaces. Format no dhcp l2relay Modes • Global Config • Interface Config dhcp l2relay circuit-id vlan Use this parameter to set the DHCP Option-82 Circuit ID for a VLAN. When enabled, the interface number is added as the Circuit ID in DHCP option 82.

  • Page 127: Dhcp L2Relay Vlan

    ProSafe Managed Switch dhcp l2relay vlan Use this command to enable the DHCP L2 Relay agent for a set of VLANs. All DHCP packets which arrive on interfaces in the configured VLAN are subject to L2 Relay processing. vlan–list range is 1–4093. Separate non-consecutive IDs with a comma (,), and do not insert spaces or zeros between the range.

  • Page 128: Show Dhcp L2Relay Interface

    CircuitId RemoteId --------- ---------- ----------- ------------ Disabled Enabled --NULL— Enabled Enabled --NULL— Enabled Enabled netgear Enabled Disabled --NULL— Enabled Disabled --NULL— Enabled Disabled --NULL— Enabled Disabled --NULL— show dhcp l2relay interface Use this command to display DHCP L2 relay configuration specific to interfaces.

  • Page 129: Dhcp Client Commands

    DHCP L2 Relay is Enabled. VLAN Id L2 Relay CircuitId RemoteId --------- ---------- ----------- ------------ Enabled Enabled --NULL— Enabled Enabled netgear Enabled Disabled --NULL— Enabled Disabled --NULL— Enabled Disabled --NULL— Enabled Disabled --NULL-- DHCP Client Commands DHCP Client can include vendor and configuration information in DHCP client requests relayed to a DHCP server.

  • Page 130: Dhcp Snooping Configuration Commands

    ProSafe Managed Switch dhcp client vendor-id-option-string Use this command to set the DHCP Vendor Option-60 string to be included in requests transmitted to the DHCP server by the DHCP client operating in the switch. Format dhcp client vendor-id-option-string <string> Mode Global Config no dhcp client vendor-id-option-string Use this command to clear the DHCP Vendor Option-60 string.

  • Page 131: Ip Dhcp Snooping Vlan

    ProSafe Managed Switch no ip dhcp snooping Use this command to disable DHCP Snooping globally. Format no ip dhcp snooping Mode Global Config ip dhcp snooping vlan Use this command to enable DHCP Snooping on a list of comma-separated VLAN ranges. Default disabled Format...

  • Page 132: Ip Dhcp Snooping Database

    ProSafe Managed Switch ip dhcp snooping database Use this command to configure the persistent location of the DHCP Snooping database. This can be local or a remote file on a given IP machine. Default local Format ip dhcp snooping database {local|tftp://hostIP/filename} Mode Global Config ip dhcp snooping database write-delay...

  • Page 133: Ip Verify Binding

    ProSafe Managed Switch ip verify binding Use this command to configure static IP source guard (IPSG) entries. Format ip verify binding <mac-address> vlan <vlan id> <ip address> interface <interface id> Mode Global Config no ip verify binding Use this command to remove the IPSG static entry from the IPSG database. Format no ip verify binding <mac-address>...

  • Page 134: Ip Dhcp Snooping Trust

    ProSafe Managed Switch no ip dhcp snooping log-invalid Use this command to disable the logging DHCP messages filtration by the DHCP Snooping application. Format no ip dhcp snooping log-invalid Mode Interface Config ip dhcp snooping trust Use this command to configure the port as trusted. Default disabled Format...

  • Page 135: Show Ip Dhcp Snooping

    ProSafe Managed Switch show ip dhcp snooping Use this command to display the DHCP Snooping global configurations and per port configurations. Format show ip dhcp snooping Mode • Privileged EXEC • User EXEC Term Definition Interface The interface for which data is displayed. Trusted If it is enabled, DHCP snooping considers the port as trusted.

  • Page 136: Show Ip Dhcp Snooping Database

    ProSafe Managed Switch Term Definition MAC Address Displays the MAC address for the binding that was added. The MAC address is the key to the binding database. IP Address Displays the valid IP address for the binding rule. VLAN The VLAN for the binding rule. Interface The interface to add a binding into the DHCP snooping interface.

  • Page 137: Show Ip Dhcp Snooping Interfaces

    ProSafe Managed Switch show ip dhcp snooping interfaces Use this command to show the DHCP Snooping status of the interfaces. Format show ip dhcp snooping interfaces Mode Privileged EXEC show ip dhcp snooping statistics Use this command to list statistics for DHCP Snooping security violations on untrusted ports. Format show ip dhcp snooping statistics Mode...

  • Page 138: Clear Ip Dhcp Snooping Binding

    ProSafe Managed Switch 1/0/20 clear ip dhcp snooping binding Use this command to clear all DHCP Snooping bindings on all interfaces or on a specific interface. Format clear ip dhcp snooping binding [interface <unit/slot/port>] Mode • Privileged EXEC • User EXEC clear ip dhcp snooping statistics Use this command to clear all DHCP Snooping statistics.

  • Page 139: Dynamic Arp Inspection Commands

    ProSafe Managed Switch ip-mac 210.1.1.3 00:02:B3:06:60:80 ip-mac 210.1.1.4 00:0F:FE:00:13:04 show ip source binding This command displays the IPSG bindings. Format show ip source binding [{static/dynamic}] [interface unit/slot/port] [vlan id] Mode • Privileged EXEC • User EXEC Term Definition MAC Address The MAC address for the entry that is added.

  • Page 140: Ip Arp Inspection Vlan

    ProSafe Managed Switch ip arp inspection vlan Use this command to enable Dynamic ARP Inspection on a list of comma-separated VLAN ranges. Default disabled Format ip arp inspection vlan vlan-list Mode Global Config no ip arp inspection vlan Use this command to disable Dynamic ARP Inspection on a list of comma-separated VLAN ranges.

  • Page 141: Ip Arp Inspection Trust

    ProSafe Managed Switch no ip arp inspection vlan logging Use this command to disable logging of invalid ARP packets on a list of comma-separated VLAN ranges. Format no ip arp inspection vlan vlan-list logging Mode Global Config ip arp inspection trust Use this command to configure an interface as trusted for Dynamic ARP Inspection.

  • Page 142: Ip Arp Inspection Filter

    ProSafe Managed Switch no ip arp inspection limit Use this command to set the rate limit and burst interval values for an interface to the default values of 15 pps and 1 second, respectively. Format no ip arp inspection limit Mode Interface Config ip arp inspection filter...

  • Page 143: Permit Ip Host Mac Host

    ProSafe Managed Switch permit ip host mac host Use this command to configure a rule for a valid IP address and MAC address combination used in ARP packet validation. Format permit ip host sender-ip mac host sender-mac Mode ARP Access-list Config no permit ip host mac host Use this command to delete a rule for a valid IP and MAC combination.

  • Page 144: Show Ip Arp Inspection Statistics

    ProSafe Managed Switch Source Mac Validation : Disabled Destination Mac Validation : Disabled IP Address Validation : Disabled Vlan Configuration Log Invalid ACL Name Static flag ---- ------------- ----------- --------- ---------- Enabled Enabled Enabled Disabled Enabled Enabled Disabled show ip arp inspection statistics Use this command to display the statistics of the ARP packets processed by Dynamic ARP Inspection.

  • Page 145: Clear Ip Arp Inspection Statistics

    ProSafe Managed Switch VLAN DHCP DHCP Bad Src Bad Dest Invalid Drops Drops Permits Permits ----- -------- --------- ----------- --------- ---------- ----------- --------- clear ip arp inspection statistics Use this command to reset the statistics for Dynamic ARP Inspection on all VLANs. Default none Format...

  • Page 146: Igmp Snooping Configuration Commands

    ProSafe Managed Switch show arp access-list Use this command to display the configured ARP ACLs with the rules. Giving an ARP ACL name as the argument will display only the rules in that ARP ACL. Format show arp access-list [acl-name] Mode •...

  • Page 147: Set Igmp Interfacemode

    ProSafe Managed Switch • Flooding of unregistered multicast data packets to all ports in the VLAN. Default disabled Format set igmp Mode • Global Config • Interface Config Format set igmp <vlanid> Mode VLAN Config no set igmp This command disables IGMP Snooping on the system, an interface or a VLAN. Format no set igmp Mode...

  • Page 148: Set Igmp Groupmembership-Interval

    ProSafe Managed Switch LAN interface from its forwarding table entry upon receiving an IGMP leave message for that multicast group without first sending out MAC-based general queries to the interface. You should enable fast-leave admin mode only on VLANs where only one host is connected to each layer 2 LAN port.

  • Page 149: Set Igmp Maxresponse

    ProSafe Managed Switch no set igmp groupmembership-interval This command sets the IGMPv3 Group Membership Interval time to the default value. Format no set igmp groupmembership-interval Mode • Interface Config • Global Config Format no set igmp groupmembership-interval <vlan_id> Mode VLAN Config set igmp maxresponse This command sets the IGMP Maximum Response time for the system, or on a particular interface or VLAN.

  • Page 150: Set Igmp Mrouter

    ProSafe Managed Switch interfaces with multicast routers attached. The range is 0 to 3600 seconds. A value of 0 indicates an infinite time-out, i.e. no expiration. Default Format set igmp mcrtrexpiretime <0-3600> Mode • Global Config • Interface Config Format set igmp mcrtrexpiretime <vlan_id>...

  • Page 151: Set Igmp Mrouter Interface

    ProSafe Managed Switch set igmp mrouter interface This command configures the interface as a multicast router interface. When configured as a multicast router interface, the interface is treated as a multicast router interface in all VLANs. Default disabled Format set igmp mrouter interface Mode Interface Config no set igmp mrouter interface...

  • Page 152: Show Igmpsnooping

    ProSafe Managed Switch no set igmp unknow-multicast filter This command disables the filtering of unknown multicast packets. Unknown multicast packets will be flooded to all ports in the same VLAN. Format no set igmp unknow-multicast filter Mode Global Config show igmpsnooping This command displays IGMP Snooping information.

  • Page 153: Show Igmpsnooping Mrouter Interface

    ProSafe Managed Switch When you specify a value for <vlan_id>, the following information appears: Term Definition VLAN ID The VLAN ID. IGMP Snooping Indicates whether IGMP Snooping is active on the VLAN. Admin Mode Fast Leave Indicates whether IGMP Snooping Fast-leave is active on the VLAN. Mode Group The amount of time in seconds that a switch will wait for a report from a particular group...

  • Page 154: Igmp Snooping Querier Commands

    ProSafe Managed Switch show mac-address-table igmpsnooping This command displays the IGMP Snooping entries in the MFDB table. Format show mac-address-table igmpsnooping Mode Privileged EXEC Term Definition MAC Address A multicast MAC address for which the switch has forwarding or filtering information. The format is two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB.

  • Page 155: Set Igmp Querier Timer Expiry

    ProSafe Managed Switch The IGMP Snooping Querier application supports sending periodic general queries on the VLAN to solicit membership reports. Default disabled Format set igmp querier [<vlan-id>] [address ipv4_address] Mode • Global Config • VLAN Mode no set igmp querier Use this command to disable IGMP Snooping Querier on the system.

  • Page 156: Set Igmp Querier Version

    ProSafe Managed Switch no set igmp querier timer expiry Use this command to set the IGMP Querier timer expiration period to its default value. Format no set igmp querier timer expiry Mode Global Config set igmp querier version Use this command to set the IGMP version of the query that the snooping switch is going to send periodically.

  • Page 157: Show Igmpsnooping Querier

    ProSafe Managed Switch show igmpsnooping querier Use this command to display IGMP Snooping Querier information. Configured information is displayed whether or not IGMP Snooping Querier is enabled. Format show igmpsnooping querier [{detail | vlan <vlanid>}] Mode Privileged EXEC When the optional argument <vlanid> is not used, the command displays the following information.

  • Page 158: Mld Snooping Commands

    ProSafe Managed Switch When the optional argument detail is used, the command shows the global information and the information for all Querier-enabled VLANs. MLD Snooping Commands This section describes commands used for MLD Snooping. In IPv4, Layer 2 switches can use IGMP Snooping to limit the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded only to those interfaces associated with IP multicast addresses.

  • Page 159: Set Mld Interfacemode

    ProSafe Managed Switch set mld interfacemode Use this command to enable MLD Snooping on all interfaces. If an interface has MLD Snooping enabled and you enable this interface for routing or enlist it as a member of a port-channel (LAG), MLD Snooping functionality is disabled on that interface. MLD Snooping functionality is re-enabled if you disable routing or remove port-channel (LAG) membership from an interface that has MLD Snooping enabled.

  • Page 160: Set Mld Maxresponse

    ProSafe Managed Switch no set mld fast-leave Use this command to disable MLD Snooping fast-leave admin mode on a selected interface. Format no set mld fast-leave vlanid Mode • Interface Config • VLAN Mode set mld groupmembership-interval Use this command to set the MLD Group Membership Interval time on a VLAN, one interface or all interfaces.

  • Page 161: Set Mld Mrouter

    ProSafe Managed Switch no set mld maxresponse Use this command to set the max response time (on the interface or VLAN) to the default value. Format no set mld maxresponse Mode • Global Config • Interface Config • VLAN Mode set mld mcrtexpiretime Use this command to set the Multicast Router Present Expiration time.

  • Page 162: Set Mld Mrouter Interface

    ProSafe Managed Switch no set mld mrouter Use this command to disable multicast router attached mode for a VLAN with a particular VLAN ID. Format no set mld mrouter vlanid Mode Interface Config set mld mrouter interface Use this command to configure the interface as a multicast router-attached interface. When configured as a multicast router interface, the interface is treated as a multicast router-attached interface in all VLANs.

  • Page 163: Show Mldsnooping Mrouter Interface

    ProSafe Managed Switch Term Definition MLD Control Displays the number of MLD Control frames that are processed by the CPU. Frame Count VLANs Enabled VLANs on which MLD Snooping is enabled. for MLD Snooping When you specify the values, the following information displays. unit/slot/port Term Definition...

  • Page 164: Mld Snooping Querier Commands

    ProSafe Managed Switch show mldsnooping mrouter vlan Use this command to display information about statically configured multicast router-attached interfaces. Format show mldsnooping mrouter vlan unit/slot/port Mode Privileged EXEC Term Definition Interface Shows the interface on which multicast router information is being displayed. VLAN ID Displays the list of VLANs of which the interface is a member.

  • Page 165: Set Mld Querier

    ProSafe Managed Switch set mld querier Use this command to enable MLD Snooping Querier on the system (Global Config Mode) or on a VLAN. Using this command, you can specify the IP address that the snooping querier switch should use as a source address while generating periodic queries. If a VLAN has MLD Snooping Querier enabled and MLD Snooping is operationally disabled on it, MLD Snooping Querier functionality is disabled on that VLAN.

  • Page 166: Set Mld Querier Timer Expiry

    ProSafe Managed Switch set mld querier timer expiry Use this command to set the MLD Querier timer expiration period. This is the time period that the switch remains in Non-Querier mode once it discovers that there is a Multicast Querier in the network.

  • Page 167: Show Mldsnooping Querier

    ProSafe Managed Switch show mldsnooping querier Use this command to display MLD Snooping Querier information. Configured information is displayed whether or not MLD Snooping Querier is enabled. Format show mldsnooping querier [{detail | vlan <vlanid>}] Mode Privileged EXEC When the optional arguments vlandid are not used, the command displays the following information.

  • Page 168: Port Security Commands

    ProSafe Managed Switch Field Description Last Querier Indicates the IP address of the most recent Querier from which a Query was received. Address Last Querier Indicates the MLD version of the most recent Querier from which a Query was received Version on this VLAN.

  • Page 169: Port-Security Max-Dynamic

    ProSafe Managed Switch port-security max-dynamic This command sets the maximum number of dynamically locked MAC addresses allowed on a specific port. Default Format port-security max-dynamic <maxvalue> Mode Interface Config no port-security max-dynamic This command resets the maximum number of dynamically locked MAC addresses allowed on a specific port to its default value.

  • Page 170: Port-Security Mac-Address Move

    ProSafe Managed Switch no port-security mac-address This command removes a MAC address from the list of statically locked MAC addresses. Format no port-security mac-address <mac-address> <vid> Mode Interface Config port-security mac-address move This command converts dynamically locked MAC addresses to statically locked addresses. Format port-security mac-address move Mode...

  • Page 171: Show Port-Security

    ProSafe Managed Switch show port-security This command displays the port-security settings. If you do not use a parameter, the command displays the settings for the entire system. Use the optional parameters to display the settings on a specific interface or on all interfaces. Format show port-security [{<unit/slot/port>...

  • Page 172: Lldp (802.1Ab) Commands

    ProSafe Managed Switch show port-security violation This command displays the source MAC address of the last packet discarded on a locked port. Format show port-security violation [lag <lag-intf-num> | <unit/slot/port>] Mode Privileged EXEC Term Definition MAC Address MAC Address of discarded packet on locked port. LLDP (802.1AB) Commands This section describes the command you use to configure Link Layer Discovery Protocol (LLDP), which is defined in the IEEE 802.1AB specification.

  • Page 173: Lldp Timers

    ProSafe Managed Switch no lldp receive Use this command to return the reception of LLDPDUs to the default value. Format no lldp receive Mode Interface Config lldp timers Use this command to set the timing parameters for local data transmission on ports enabled for LLDP.

  • Page 174: Lldp Notification

    ProSafe Managed Switch no lldp transmit-tlv Use this command to remove an optional TLV from the LLDPDUs. Use the command without parameters to remove all optional TLVs from the LLDPDU. Format no lldp transmit-tlv [sys-desc] [sys-name] [sys-cap] [port-desc] Mode Interface Config lldp transmit-mgmt Use this command to include transmission of the local system management address information in the LLDPDUs.

  • Page 175: Clear Lldp Statistics

    ProSafe Managed Switch lldp notification-interval Use this command to configure how frequently the system sends remote data change notifications. The <interval> parameter is the number of seconds to wait between sending notifications. The valid interval range is 5-3600 seconds. Default Format lldp notification-interval <interval>...

  • Page 176: Show Lldp Interface

    ProSafe Managed Switch Term Definition Re-initialization The delay before re-initialization, in seconds. Delay Notification How frequently the system sends remote data change notifications, in seconds. Interval show lldp interface Use this command to display a summary of the current LLDP configuration for a specific interface or for all interfaces.

  • Page 177: Show Lldp Remote-Device

    ProSafe Managed Switch Term Definition Total Drops Total number of times the complete remote data received was not inserted due to insufficient resources. Total Ageouts Total number of times a complete remote data entry was deleted because the Time to Live interval expired.

  • Page 178: Show Lldp Remote-Device Detail

    ProSafe Managed Switch Term Definition Port ID The port number that transmitted the LLDPDU. System Name The system name of the remote device. Example: The following shows example CLI display output for the command. (switch) #show lldp remote-device all LLDP Remote Device Summary Local Interface RemID Chassis ID...

  • Page 179: Show Lldp Local-Device

    ProSafe Managed Switch Term Definition Port ID The port number that transmitted the LLDPDU. System Name The system name of the remote device. System Describes the remote system by identifying the system name and versions of hardware, Description operating system, and networking software supported in the device. Port Describes the port in an alpha-numeric format.

  • Page 180: Lldp-Med Commands

    ProSafe Managed Switch Term Definition Interface The interface in a unit/slot/port format. Port ID The port ID associated with this interface. Port The port description associated with the interface. Description show lldp local-device detail Use this command to display detailed information about the LLDP data a specific interface transmits.

  • Page 181: Lldp Med

    ProSafe Managed Switch lldp med Use this command to enable MED. By enabling MED, you will be effectively enabling the transmit and receive function of LLDP. Default enabled Format lldp med Mode Interface Config no lldp med Use this command to disable MED. Format no lldp med Mode...

  • Page 182: Lldp Med All

    ProSafe Managed Switch Term Definition ex-pse Transmit the LLDP extended PSE TLV. inventory Transmit the LLDP inventory TLV. location Transmit the LLDP location TLV. network-policy Transmit the LLDP network policy TLV. Note: The current implementation supports one network policy: the voice VLAN as defined by the voice vlan commands.

  • Page 183: Lldp Med Faststartrepeatcount

    ProSafe Managed Switch no lldp med confignotification all Use this command to disable all the ports to send the topology change notification. Format no lldp med confignotification all Mode Global Config lldp med faststartrepeatcount Use this command to set the value of the fast start repeat count. [count] is the number of LLDP PDUs that will be transmitted when the product is enabled.

  • Page 184: Show Lldp Med

    ProSafe Managed Switch no lldp med transmit-tlv Use this command to remove a TLV. Format no lldp med transmit-tlv all [capabilities] [network-policy] [ex-pse] [ex-pd] [location] [inventory] Mode Global Config show lldp med Use this command to display a summary of the current LLDP MED configuration. Format show lldp med Mode...
  • Page 185 ProSafe Managed Switch Term Definition Interface The interface in a unit/slot/port format. Link Shows whether the link is up or down. ConfigMED Shows if the LLPD-MED mode is enabled or disabled on this interface OperMED Shows if the LLPD-MED TLVs are transmitted or not on this interface. ConfigNotify Shows if the LLPD-MED topology notification mode of this interface.

  • Page 186: Show Lldp Med Local-Device Detail

    ProSafe Managed Switch show lldp med local-device detail This command displays detailed information about the LLDP data a specific interface transmits. Format show lldp med local-device detail <unit/slot/port> Mode Privileged EXEC Term Definition Media Application Shows the application type. Types are unknown, voice, voicesignaling, guestvoice, Type guestvoicesignaling, sfotphonevoice, videoconferencing, streamingvideo, videosignaling.

  • Page 187: Show Lldp Med Remote-Device

    ProSafe Managed Switch Unknown: False Tagged: True Inventory Hardware Rev: xxx xxx xxx Firmware Rev: xxx xxx xxx Software Rev: xxx xxx xxx Serial Num: xxx xxx xxx Mfg Name: xxx xxx xxx Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx...

  • Page 188: Show Lldp Med Remote-Device Detail

    ProSafe Managed Switch LLDP MED Remote Device Summary Local Interface Remote ID Device Class --------- --------- ------------ 1/0/8 Class I 1/0/9 Not Defined 1/0/10 Class II 1/0/11 Class III 1/0/12 Network Con show lldp med remote-device detail Use this command to display detailed information about remote devices that transmit current LLDP MED data to an interface on the system.
  • Page 189 ProSafe Managed Switch Term Definition Serial Number Shows the serial number of the remote device. Manufacturer Shows the manufacture name of the remote device. Name Model Name Shows the model name of the remote device. Asset ID Shows the asset id of the remote device. Sub Type Shows the type of location information.

  • Page 190: Denial Of Service Commands

    ProSafe Managed Switch Firmware Rev: xxx xxx xxx Software Rev: xxx xxx xxx Serial Num: xxx xxx xxx Mfg Name: xxx xxx xxx Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE...

  • Page 191: Dos-Control All

    ProSafe Managed Switch • TCP SYN: TCP Flag SYN set. • TCP SYN & FIN: TCP Flags SYN and FIN set. • TCP FIN & URG & PSH: TCP Flags FIN and URG and PSH set and TCP Sequence Number = 0. •...

  • Page 192: Dos-Control Tcpfrag

    ProSafe Managed Switch having a TCP Header Size smaller then the configured value, the packets will be dropped if the mode is enabled.The default is disabled. If you enable dos-control firstfrag, but do not provide a Minimum TCP Header Size, the system sets that value to 20. Default disabled <20>...

  • Page 193: Dos-Control L4Port

    ProSafe Managed Switch Format dos-control tcpflag Mode Global Config no dos-control tcpflag This command sets disables TCP Flag Denial of Service protections. Format no dos-control tcpflag Mode Global Config dos-control l4port This command enables L4 Port Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack.

  • Page 194: Dos-Control Smacdmac

    ProSafe Managed Switch Request (PING) packets ingress having a size greater than the configured value, the packets will be dropped if the mode is enabled. Default disabled <512> Format dos-control icmp [<0-1023>] Mode Global Config no dos-control icmp This command disables Maximum ICMP Packet Size Denial of Service protections. Format no dos-control icmp Mode...

  • Page 195: Dos-Control Udpport

    ProSafe Managed Switch no dos-control tcpport This command disables TCP L4 source = destination port number (Source TCP Port = Destination TCP Port) Denial of Service protection. Format no dos-control smacdmac Mode Global Config dos-control udpport This command enables UDP L4 source = destination port number (Source UDP Port = Destination UDP Port) Denial of Service protection.

  • Page 196: Dos-Control Tcpoffset

    ProSafe Managed Switch no dos-control tcpflagseq This command sets disables TCP Flag and Sequence Denial of Service protection. Format no dos-control tcpflagseq Mode Global Config dos-control tcpoffset This command enables TCP Offset Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack.

  • Page 197: Dos-Control Tcpsynfin

    ProSafe Managed Switch dos-control tcpsynfin This command enables TCP SYN and FIN Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having TCP flags SYN and FIN set, the packets will be dropped if the mode is enabled. Default disabled Format...

  • Page 198: Dos-Control Icmpfrag

    ProSafe Managed Switch Format dos-control icmpv4 <0-16384> Mode Global Config no dos-control icmpv4 This command disables Maximum ICMP Packet Size Denial of Service protections. Format no dos-control icmpv4 Mode Global Config dos-control icmpv6 This command enables Maximum ICMPv6 Packet Size Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack.

  • Page 199: Show Dos-Control

    ProSafe Managed Switch show dos-control This command displays Denial of Service configuration information. Format show dos-control Mode Privileged EXEC Note: Not all messages below are available in all 7000series managed switches. Term Definition First Fragment May be enabled or disabled. The factory default is disabled. Mode Min TCP Hdr The factory default is 20.

  • Page 200: Mac Database Commands

    ProSafe Managed Switch MAC Database Commands This section describes the commands you use to configure and view information about the MAC databases. bridge aging-time This command configures the forwarding database address aging timeout in seconds. The <seconds> parameter must be within the range of 10 to 1,000,000 seconds. Default Format bridge aging-time <10-1,000,000>...

  • Page 201: Isdp Commands

    ProSafe Managed Switch Term Definition MAC Address A multicast MAC address for which the switch has forwarding and or filtering information. The format is two-digit hexadecimal numbers separated by colons, for example 01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as a MAC address and VLAN ID combination of 8 bytes.

  • Page 202: Isdp Holdtime

    ProSafe Managed Switch no isdp run This command disables ISDP on the switch. Format no isdp run Mode Global Config isdp holdtime This command configures the hold time for ISDP packets that the switch transmits. The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it.

  • Page 203: Isdp Enable

    ProSafe Managed Switch isdp enable This command enables ISDP on the interface. Default Enabled Format isdp enable Mode Interface Config no isdp enable This command disables ISDP on the interface. Format no isdp enable Mode Interface Config clear isdp counters This command clears ISDP counters.

  • Page 204: Show Isdp Interface

    ProSafe Managed Switch Term Definition Device ID The Device ID advertised by this device. The format of this Device ID is characterized by the value of the Device ID Format object. Device ID Indicates the Device ID format capability of the device. Format •...

  • Page 205: Show Isdp Neighbors

    ProSafe Managed Switch Term Definition Hold Time The hold time advertised by the neighbor. Version The software version that the neighbor is running. Advertisement The version of the advertisement packet received from the neighbor. Version Capability ISDP Functional Capabilities advertised by the neighbor. show isdp neighbors This command displays the list of neighboring devices.

  • Page 206: Show Isdp Traffic

    ProSafe Managed Switch show isdp traffic This command displays ISDP statistics. Format show isdp traffic Mode Privileged EXEC Term Definition ISDP Packets Received Total number of ISDP packets received ISDP Packets Transmitted Total number of ISDP packets transmitted ISDPv1 Packets Received Total number of ISDPv1 packets received ISDPv1 Packets Total number of ISDPv1 packets transmitted...

  • Page 207: Priority-Based Flow Control Commands

    Priorities are differentiated by the priority field of the IEEE 802.1Q VLAN header, which identifies an IEEE 802.1p priority value. In NETGEAR Managed Switch, these priority values must be mapped to internal class-of-service (CoS) values. To enable priority-based flow control for a particular CoS value on an interface: •...

  • Page 208: Priority-Flow-Control Priority

    ProSafe Managed Switch priority-flow-control priority Use this command to specify the priority group(s) that should be paused when necessary to prevent dropped frames; i.e., the group to receive priority flow control. This configuration has no effect on interfaces not enabled for priority flow control. VLAN tagging must be enabled to carry the 802.1p value through the network.

  • Page 209: Chapter 3 Multicast Vlan Registration (Mvr)

    Multicast VLAN Registration (MVR) This chapter contains the following sections: • About MVR • MVR Commands About MVR Internet Group Management Protocol (IGMP) Layer 3 is widely used for IPv4 network multicasting. In Layer 2 networks, IGMP uses resources inefficiently. For example, a Layer 2 switch multicasts traffic to all ports, even if there are receivers connected to only a few ports.

  • Page 210: Mvr Group

    ProSafe Managed Switch no mvr This command disables MVR. Format no mvr Mode Global Config Interface Config mvr group This command adds an MVR membership group. <A.B.C.D> is the IP multicast group being added. The count is the number of incremental multicast groups being added (the first multicast group is A.B.C.D).

  • Page 211: Mvr Querytime

    ProSafe Managed Switch no mvr mode This command sets the mode type to the default value. Format no mvr mode Mode Global Config mvr querytime This command sets the MVR query response time. Format mvr querytime<1-100> Mode Global Config Default no mvr querytime This command sets the MVR query response time to the default value.

  • Page 212: Mvr Type

    ProSafe Managed Switch received from other interested hosts that are also connected to that port, for example, using hub. • In immediate leave mode, when a leave is received, the switch is immediately reconfigured not to forward a specific multicast stream to the port where a message is received.

  • Page 213: Show Mvr

    ProSafe Managed Switch no mvr vlan Use this command to exclude the port from the specific MVR group. Format no mvr vlan <mVLAN> group <A.B.C.D> Mode Interface Config show mvr This command displays global MVR settings. Format show mvr Mode Privileged EXEC The following table explains the output parameters.

  • Page 214: Show Mvr Interface

    ProSafe Managed Switch The following table describes the output parameters. Term Definition MVR Group IP MVR group multicast IP address. Status The status of the specific MVR group. It can be active or inactive. Members The list of ports that participates in the specified MVR group. Example: (switch)#show mvr members MVR Group IP...

  • Page 215: Show Mvr Traffic

    ProSafe Managed Switch (switch)#show mvr interface 1/0/9 Type: RECEIVER Status: ACTIVE Immediate Leave: DISABLED (switch)#show mvr interface Fa1/0/23 members 235.0.0.1 STATIC ACTIVE (switch)#show mvr interface Fa1/0/23 members vlan 12 235.0.0.1 STATIC ACTIVE 235.1.1.1 STATIC ACTIVE show mvr traffic This command displays global MVR statistics. Format show mvr traffic Mode...
  • Page 216 ProSafe Managed Switch IGMP Report V1 Transmitted…......... 0 IGMP Report V2 Transmitted…......... 3 IGMP Leave Transmitted…........1 IGMP Packet Receive Failures…....... 0 IGMP Packet Transmit Failures…......0 Multicast VLAN Registration (MVR)

  • Page 217: Chapter 4 Routing Commands

    Routing Commands This chapter describes the routing commands available in the 7000 series CLI. Note: Some commands described in this chapter require a license. For more information, see Licensing and Command Support on page 8. This chapter contains the following sections: •...

  • Page 218: Ip Local-Proxy-Arp

    ProSafe Managed Switch This command creates an ARP entry. The value for <ipaddress> is the IP address of a device on a subnet attached to an existing routing interface. <macaddr> is a unicast MAC address for that device. The format of the MAC address is 6 two-digit hexadecimal numbers that are separated by colons, for example 00:06:29:32:81:40.

  • Page 219: Arp Cachesize

    ProSafe Managed Switch address is reachable. The device only responds if all next hops in its route to the destination are through interfaces other than the interface that received the ARP request. Default enabled Format ip proxy-arp Mode Interface Config no ip proxy-arp This command disables proxy ARP on a router interface.

  • Page 220: Arp Purge

    ProSafe Managed Switch arp purge This command causes the specified IP address to be removed from the ARP cache. Only entries of type dynamic or gateway are affected by this command. Format arp purge <ipaddr> Mode Privileged EXEC arp resptime This command configures the ARP request response timeout.

  • Page 221: Arp Timeout

    ProSafe Managed Switch arp timeout This command configures the ARP entry ageout time. The value for <seconds> is a valid positive integer, which represents the IP ARP entry ageout time in seconds. The range for <seconds> is between 15-21600 seconds. Default 1200 Format...

  • Page 222: Show Arp Brief

    ProSafe Managed Switch Term Definition Age Time The time it takes for an ARP entry to age out. This is configurable. Age time is (seconds) measured in seconds. Response Time The time it takes for an ARP request timeout. This value is configurable. Response (seconds) time is measured in seconds.

  • Page 223: Ip Routing Commands

    ProSafe Managed Switch Term Definition Dynamic Renew Displays whether the ARP component automatically attempts to renew dynamic ARP Mode entries when they age out. Total Entry The total entries in the ARP table and the peak entry count in the ARP table. Count Current / Peak Static Entry...

  • Page 224: Ip Routing

    ProSafe Managed Switch You can view the current value for this function with the show ip brief command. The value is labeled as “Routing Mode.” Format no routing Mode Interface Config ip routing This command enables the IP Router Admin Mode for the master switch. Format ip routing Mode...

  • Page 225: Ip Address Dhcp

    ProSafe Managed Switch Mask of the interface. To remove all of the IP addresses (primary and secondary) configured on the interface, enter the command no ip address. Format no ip address [{<ipaddr> <subnetmask> [secondary]}] Mode Interface Config ip address dhcp Use this command to enable the DHCPv4 client on an in-band interface so that it can acquire network information, such as the IP address, subnet mask, and default gateway from a network DHCP server.

  • Page 226: Release Dhcp

    ProSafe Managed Switch release dhcp Use this command to force the DHCPv4 client to release the leased address from the specified interface. Format release dhcp <unit/slot/port> Mode Privileged EXEC renew dhcp Use this command to force the DHCPv4 client to immediately renew an IPv4 address lease on the specified interface.

  • Page 227: Ip Route Default

    ProSafe Managed Switch ip route This command configures a static route. The <ipaddr> parameter is a valid IP address, and <subnetmask> is a valid subnet mask. The <nexthopip> parameter is a valid IP address of the next hop router. Specifying Null0 as nexthop parameter adds a static reject route.

  • Page 228: Ip Route Distance

    ProSafe Managed Switch no ip route default This command deletes all configured default routes. If the optional <nexthopip> parameter is designated, the specific next hop is deleted from the configured default route and if the optional preference value is designated, the preference of the configured default route is reset to its default.

  • Page 229: Ip Mtu

    ProSafe Managed Switch no ip netdirbcast This command disables the forwarding of network-directed broadcasts. When disabled, network directed broadcasts are dropped. Format no ip netdirbcast Mode Interface Config ip mtu This command sets the IP Maximum Transmission Unit (MTU) on a routing interface. The IP MTU is the size of the largest IP packet that can be transmitted on the interface without fragmentation.

  • Page 230: Clear Ip Route All

    ProSafe Managed Switch encapsulation This command configures the link layer encapsulation type for the packet. The encapsulation type can be ethernet or snap. Default ethernet Format encapsulation {ethernet | snap} Mode Interface Config Note: Routed frames are always ethernet encapsulated when a frame is routed to a VLAN.

  • Page 231: Show Ip Interface

    ProSafe Managed Switch Term Definition Default Time to Live The computed TTL (Time to Live) of forwarding a packet from the local router to the final destination. Routing Mode Shows whether the routing mode is enabled or disabled. Maximum Next Hops The maximum number of next hops the packet can travel. Maximum Routes The maximum number of routes the packet can travel.
  • Page 232 ProSafe Managed Switch Term Definition Method Shows whether the IP address was configured manually or acquired from a DHCP server. Routing Mode The administrative mode of router interface participation. The possible values are enable or disable. This value is configurable. Administrative The administrative mode of the specified interface.

  • Page 233: Show Ip Interface Brief

    ProSafe Managed Switch show ip interface brief This command displays summary information about IP configuration settings for all ports in the router. Format show ip interface brief Modes • Privileged EXEC • User EXEC Term Definition Interface Valid slot and port number separated by forward slashes. State Routing operational state of the interface.

  • Page 234: Show Ip Route

    ProSafe Managed Switch Parameter Description Always Whether default advertisement depends on having a default route in the common routing table Metric The metric configured to be advertised with the default route Metric Type The metric type for the default route Redist Source A type of routes that OSPF is redistributing Metric...
  • Page 235 ProSafe Managed Switch A “T” flag appended to a route indicates that it is an ECMP route, but only one of its next hops has been installed in the forwarding table. The forwarding table might limit the number of ECMP routes or the number of ECMP groups. When an ECMP route cannot be installed because such a limit is reached, the route is installed with a single next hop.
  • Page 236 ProSafe Managed Switch source. This is typically used for preventing routing loops. The reject route added in the RTO is of the type OSPF Inter-Area. Reject routes (routes of REJECT type installed by any protocol) are not redistributed by OSPF/RIP. Reject routes are supported in both OSPFv2 and OSPFv3.

  • Page 237: Show Ip Route Summary

    ProSafe Managed Switch show ip route summary Use this command to display the routing table summary. Use the optional all parameter to show the number of all routes, including best and non-best routes. To include only the number of best routes, do not use the optional parameter. When the optional keyword all is given, some statistics, such as the number of routes from each source, include counts for alternate routes.
  • Page 238 ProSafe Managed Switch Term Definition Unique Next The number of distinct next hops used among all routes currently in the routing table. Hops These include local interfaces for local routes and neighbors for indirect routes. Unique Next The highest count of unique next hops since the counters were last cleared. Hops High Water Next Hop...

  • Page 239: Show Ip Route Preferences

    ProSafe Managed Switch Routes with 1 Next Hop......31 Routes with 2 Next Hops......1 Routes with 4 Next Hops......1000 show ip route preferences This command displays detailed information about the route preferences. Route preferences are used in determining the best route. Lower router preference values are preferred over higher router preference values.

  • Page 240: Router Discovery Protocol Commands

    The maximum memory in use since the system last rebooted. Mark The following shows example CLI display output for the command. (netgear switch) #show routing heap summary Heap Size....... 92594000 bytes Memory In Use....149598 bytes (0%) Memory on Free List..... 78721 bytes (0%) Memory Available in Heap..

  • Page 241: Ip Irdp Multicast

    ProSafe Managed Switch ip irdp multicast This command configures the address that the interface uses to send the router discovery advertisements. The address is 224.0.0.1, which is the all-hosts IP multicast address. Default 224.0.0.1 Format ip irdp multicast Mode Interface Config no ip irdp multicast This command configures the address used to advertise the router to the Broadcast address (255.255.255.155)..

  • Page 242: Ip Irdp Minadvertinterval

    ProSafe Managed Switch no ip irdp maxadvertinterval This command configures the default maximum time, in seconds. Format no ip irdp maxadvertinterval Mode Interface Config ip irdp minadvertinterval This command configures the minimum time, in seconds, allowed between sending router advertisements from the interface. The range for minadvertinterval is three to the value of maxadvertinterval.

  • Page 243: Virtual Lan Routing Commands

    ProSafe Managed Switch show ip irdp This command displays the router discovery information for all interfaces, or a specified interface. Format show ip irdp {<unit/slot/port> | all} Modes • Privileged EXEC • User EXEC Term Definition Interface The <unit/slot/port> that matches the rest of the information in the row. Ad Mode The advertise mode, which indicates whether router discovery is enabled or disabled on this interface.

  • Page 244: Virtual Router Redundancy Protocol Commands

    ProSafe Managed Switch no vlan routing This command deletes routing on a VLAN. The <vlanid> value has a range from 1 to 4093. Format no vlan routing <vlanid> Mode VLAN Config show ip vlan This command displays the VLAN routing information for all VLANs with routing enabled. Format show ip vlan Modes...

  • Page 245: Ip Vrrp Mode

    ProSafe Managed Switch no ip vrrp Use this command in Global Config mode to disable the default administrative mode of VRRP on the router. Format no ip vrrp Mode Global Config ip vrrp (Interface Config) Use this command in Interface Config mode to create a virtual router associated with the interface.

  • Page 246: Ip Vrrp Ip

    ProSafe Managed Switch ip vrrp ip This command sets the virtual router IP address value for an interface. The value for <ipaddr> is the IP address which is to be configured on that interface for VRRP. The parameter <vrid> is the virtual router ID which has an integer value range from 1 to 255. You can use the optional [secondary] parameter to designate the IP address as a secondary IP address.

  • Page 247: Ip Vrrp Preempt

    ProSafe Managed Switch ip vrrp preempt This command sets the preemption mode value for the virtual router configured on a specified interface. The parameter <vrid> is the virtual router ID, which is an integer from 1 to 255. Default enabled Format ip vrrp <vrid>...

  • Page 248: Ip Vrrp Timers Advertise

    ProSafe Managed Switch ip vrrp timers advertise This command sets the frequency, in seconds, that an interface on the specified virtual router sends a virtual router advertisement. Default Format ip vrrp <vrid> timers advertise <1-255> Mode Interface Config no ip vrrp timers advertise This command sets the default virtual router advertisement value for an interface.

  • Page 249: Ip Vrrp Track Ip Route

    ProSafe Managed Switch no ip vrrp track interface Use this command to remove the interface from the tracked list or to restore the priority decrement to its default. Format no ip vrrp <vrid> track interface <unit/slot/port> [decrement] Mode Interface Config ip vrrp track ip route Use this command to track the route reachability.

  • Page 250: Show Ip Vrrp Interface Stats

    ProSafe Managed Switch Ping to a VRRP IP address only works from the host side (where the VRRP router is configured). There is no value in pinging to the VRRP IP from another interface because packet flow from the network to the host doesn't involve VRRP. This is used only to troubleshoot a connectivity problem for traffic originating on the VRRP protected LAN.

  • Page 251: Show Ip Vrrp

    ProSafe Managed Switch Term Definition Advertisement The total number of VRRP advertisements received for which advertisement interval is Interval Errors different than the configured value for this virtual router. Authentication The total number of VRRP packets received that don't pass the authentication check. Failure IP TTL errors The total number of VRRP packets received by the virtual router with IP TTL (time to live)

  • Page 252: Show Ip Vrrp Interface

    ProSafe Managed Switch show ip vrrp interface This command displays all configuration information and VRRP router statistics of a virtual router configured on a specific interface. Use the output of the command to verify the track interface and track IP route configurations. Format show ip vrrp interface {<interface-name>...

  • Page 253: Dhcp And Bootp Relay Commands

    ProSafe Managed Switch 10.10.10.1/255.255.255.0 down show ip vrrp interface brief This command displays information about each virtual router configured on the switch. This command takes no options. It displays information about each virtual router. Format show ip vrrp interface brief Modes •...

  • Page 254: Bootpdhcprelay Maxhopcount

    ProSafe Managed Switch bootpdhcprelay maxhopcount This command configures the maximum allowable relay agent hops for BootP/DHCP Relay on the system. The <hops> parameter has a range of 1 to 16. Default Format bootpdhcprelay maxhopcount <1-16> Mode Global Config no bootpdhcprelay maxhopcount This command configures the default maximum allowable relay agent hops for BootP/DHCP Relay on the system.

  • Page 255: Ip Helper Commands

    ProSafe Managed Switch Term Definition Maximum Hop The maximum allowable relay agent hops. Count Minimum Wait The minimum wait time. Time (Seconds) Admin Mode Indicates whether relaying of requests is enabled or disabled. Server IP The IP address for the BootP/DHCP Relay server. Address Circuit Id The DHCP circuit Id option which may be enabled or disabled.

  • Page 256: Ip Helper Enable

    ProSafe Managed Switch udp-port-list: The broadcast packet destination UDP port number to forward. If not specified, packets for the default services are forwarded to the helper address. Valid range, 0-65535. Default Disabled Format ip helper-address <ip-address> {<1-65535>|dhcp|domain|isakmp|mobile-ip|nameserver| netbios-dgm|netbios-ns|ntp|pim-auto-rip|rip|tacacs|tftp|time} Mode Global Config no ip helper-address (Global Config) Use this command to remove the IP address from the previously configured list.

  • Page 257: Ip Helper-Address Discard

    ProSafe Managed Switch on the routing interface to form the helper addresses list until the list reaches the maximum supported helper addresses. Format ip helper-address <ip-address> {<1-65535>|dhcp|domain|isakmp|mobile-ip|nameserver| netbios-dgm|netbios-ns|ntp|pim-auto-rip|rip|tacacs|tftp|time} Mode Interface Config no ip helper-address Use this command to remove the IP address from the previously configured list. The no command without an <...

  • Page 258: Show Ip Helper Statistics

    ProSafe Managed Switch Helper IP Address......1.2.3.4 ..........1.2.3.5 show ip helper statistics Use this command to display the number of DHCP and other UDP packets processed and relayed by the UDP relay agent. Format show ip helper statistics Mode Privileged EXEC Term Definition...

  • Page 259: Open Shortest Path First (Ospf) Commands

    ProSafe Managed Switch Term Definition Packets with expired The number of packets received with TTL of 0 or 1 that might otherwise have been relayed. Packets that The number of packets ignored by the relay agent because they match a discard matched a discard relay entry.

  • Page 260: Ip Ospf Area

    ProSafe Managed Switch no network area (OSPF) Use this command to disable the OSPFv2 on a interface if the IP address of an interface was earlier covered by this network command. Format no network <ip-address> <wildcard-mask> area <area-id> Mode Router OSPF Config ip ospf area Use this command to enable OSPFv2 and set the area ID of an interface.

  • Page 261: Area Default-Cost (Ospf)

    ProSafe Managed Switch no 1583compatibility This command disables OSPF 1583 compatibility. Format no 1583compatibility Mode Router OSPF Config area default-cost (OSPF) This command configures the default cost for the stub area. You must specify the area ID and an integer value between 1-16777215. Format area <areaid>...

  • Page 262: Area Nssa No-Redistribute (Ospf)

    ProSafe Managed Switch no area nssa default-info-originate (OSPF) This command disables the default route advertised into the NSSA. Format no area <areaid> nssa default-info-originate [<metric>] [{comparable | non-comparable}] Mode Router OSPF Config area nssa no-redistribute (OSPF) This command configures the NSSA Area Border router (ABR) so that learned external routes will not be redistributed to the NSSA.

  • Page 263: Area Nssa Translator-Stab-Intv (Ospf)

    ProSafe Managed Switch of candidate causes the router to participate in the translator election process when it attains border router status. Format area <areaid> nssa translator-role {always | candidate} Mode Router OSPF Config no area nssa translator-role (OSPF) This command disables the nssa translator role from the specified area id. Format no area <areaid>...

  • Page 264: Area Stub (Ospf)

    ProSafe Managed Switch Parameter Description summarylink When this keyword is given, the area range is used when summarizing prefixes advertised in type 3 summary LSAs. nssaexternallink When this keyword is given, the area range is used when translating type 7 LSAs to type 5 LSAs.

  • Page 265: Area Stub No-Summary (Ospf)

    ProSafe Managed Switch area stub no-summary (OSPF) This command configures the Summary LSA mode for the stub area identified by <areaid>. Use this command to prevent LSA Summaries from being sent. Default disabled Format area <areaid> stub no-summary Mode Router OSPF Config no area stub no-summary This command configures the default Summary LSA mode for the stub area identified by <areaid>.

  • Page 266: Area Virtual-Link Dead-Interval (Ospf)

    ProSafe Managed Switch specified. The default value for authentication type is none. Neither the default password key nor the default key id are configured. Default none Format area <areaid> virtual-link <neighbor> authentication {none | {simple <key>} | {encrypt <key> <keyid>}} Mode Router OSPF Config no area virtual-link authentication...

  • Page 267: Area Virtual-Link Retransmit-Interval (Ospf)

    ProSafe Managed Switch Format area <areaid> virtual-link <neighbor> hello-interval <1-65535> Mode Router OSPF Config no area virtual-link hello-interval This command configures the default hello interval for the OSPF virtual interface on the virtual interface identified by <areaid> and <neighbor>. The <neighbor> parameter is the Router ID of the neighbor.

  • Page 268: Auto-Cost (Ospf)

    ProSafe Managed Switch no area virtual-link transmit-delay This command resets the default transmit delay for the OSPF virtual interface to the default value. Format no area <areaid> virtual-link <neighbor> transmit-delay Mode Router OSPF Config auto-cost (OSPF) By default, OSPF computes the link cost of each interface from the interface bandwidth. Faster links have lower metrics, making them more attractive in route selection.

  • Page 269: Capability Opaque

    ProSafe Managed Switch port-based routing interfaces and to 10 Mbps for VLAN routing interfaces. This command does not affect the actual speed of an interface. Default actual interface bandwidth Format bandwidth <1-10000000> Mode Interface Config no bandwidth Use this command to set the interface bandwidth to its default value. Format no bandwidth Mode...

  • Page 270: Clear Ip Ospf Redistribution

    ProSafe Managed Switch clear ip ospf counters Use this command to reset global and interface statistics. Format clear ip ospf counters Mode Privileged EXEC clear ip ospf neighbor Use this command to drop the adjacency with all OSPF neighbors. On each neighbor’s interface, send a one-way hello.

  • Page 271: Default-Information Originate (Ospf)

    ProSafe Managed Switch default-information originate (OSPF) This command is used to control the advertisement of default routes. Default • metric—unspecified • type—2 Format default-information originate [always] [metric <0-16777214>] [metric-type {1 | 2}] Mode Router OSPF Config no default-information originate (OSPF) This command is used to control the advertisement of default routes.

  • Page 272: Distribute-List Out (Ospf)

    ProSafe Managed Switch no distance ospf This command sets the default route preference value of OSPF routes in the router. The type of OSPF can be intra, inter, or external. All the external type routes are given the same preference value. Format no distance ospf {intra-area | inter-area | external} Mode...

  • Page 273: Ip Ospf Authentication

    ProSafe Managed Switch external-lsdb-limit (OSPF) This command configures the external LSDB limit for OSPF. If the value is -1, then there is no limit. When the number of non-default AS-external-LSAs in a router's link-state database reaches the external LSDB limit, the router enters overflow state. The router never holds more than the external LSDB limit non-default AS-external-LSAs in it database.

  • Page 274: Ip Ospf Cost

    ProSafe Managed Switch authentication key must be 8 bytes or less if the authentication type is simple. If the type is encrypt, the key may be up to 16 bytes. If the type is encrypt a <keyid> in the range of 0 and 255 must be specified.

  • Page 275: Ip Ospf Dead-Interval

    ProSafe Managed Switch no ip ospf database-filter all out Use this command in Interface Configuration mode to enable OSPFv2 LSA flooding on an interface. Default Disabled Format no ip ospf database-filter all out Mode Interface Configuration ip ospf dead-interval This command sets the OSPF dead interval for the specified interface. The value for <seconds>...

  • Page 276: Ip Ospf Network

    ProSafe Managed Switch no ip ospf hello-interval This command sets the default OSPF hello interval for the specified interface. Format no ip ospf hello-interval Mode Interface Config ip ospf network Use this command to configure OSPF to treat an interface as a point-to-point rather than broadcast interface.

  • Page 277: Ip Ospf Retransmit-Interval

    ProSafe Managed Switch no ip ospf priority This command sets the default OSPF priority for the specified router interface. Format no ip ospf priority Mode Interface Config ip ospf retransmit-interval This command sets the OSPF retransmit Interval for the specified interface. The retransmit interval is specified in seconds.

  • Page 278: Ip Ospf Mtu-Ignore

    ProSafe Managed Switch ip ospf mtu-ignore This command disables OSPF maximum transmission unit (MTU) mismatch detection. OSPF Database Description packets specify the size of the largest IP packet that can be sent without fragmentation on the interface. When a router receives a Database Description packet, it examines the MTU advertised by the neighbor.

  • Page 279: Maximum-Paths (Ospf)

    ProSafe Managed Switch no redistribute This command configures OSPF protocol to prohibit redistribution of routes from the specified source protocol/routers. Format no redistribute {rip | static | connected} [metric] [metric-type] [tag] [subnets] Mode Router OSPF Config maximum-paths (OSPF) This command sets the number of paths that OSPF can report for a given destination where maxpaths is platform dependent.

  • Page 280: Timers Pacing Flood

    ProSafe Managed Switch passive-interface (OSPF) Use this command to set the interface or tunnel as passive. It overrides the global passive mode that is currently effective on the interface or tunnel. Default disabled Format passive-interface {<unit/slot/port>} Mode Router OSPF Config no passive-interface Use this command to set the interface or tunnel as non-passive.

  • Page 281: Timers Spf

    ProSafe Managed Switch timers pacing lsa-group To adjust how OSPF groups LSAs for periodic refresh, use this command in OSPFv2 Router Configuration mode. OSPF refreshes self-originated LSAs approximately once every 30 minutes. When OSPF refreshes LSAs, it considers all self-originated LSAs whose age is from 1800 to 1800 plus the pacing group size.

  • Page 282: Trapflags (Ospf)

    ProSafe Managed Switch trapflags (OSPF) Use this command to enable individual OSPF traps, enable a group of trap flags at a time, or enable all the trap flags at a time. The different groups of trapflags, and each group’s specific trapflags to enable or disable, are listed in Table Table 1.
  • Page 283 ProSafe Managed Switch Default disabled Format trapflags { all | errors {all | authentication-failure | bad-packet | config-error | virt- authentication-failure | virt-bad-packet | virt-config-error} | if-rx {all | if-rx-packet} | lsa {all | lsa-maxage | lsa-originate} | overflow {all | lsdb-overflow | lsdb-approaching-overflow} | retransmit {all | packets | virt-packets} | rtb {all, rtb-entry-info} | state-change {all | if-state-change | neighbor-state-change |...

  • Page 284: Show Ip Ospf

    ProSafe Managed Switch show ip ospf This command displays information relevant to the OSPF router. Format show ip ospf Mode Privileged EXEC Note: Some of the information below displays only if you enable OSPF and configure certain features. Term Definition Router ID A 32-bit integer in dotted decimal format identifying the router, about which information is displayed.
  • Page 285 ProSafe Managed Switch Term Definition ASBR Status Reflects whether the ASBR mode is enabled or disabled. Enable implies that the router is an autonomous system border router. The router automatically becomes an ASBR when it is configured to redistribute routes learnt from other protocols. The possible values for the ASBR status is enabled (if the router is configured to redistribute routes learned by other protocols) or disabled (if the router is not configured for the same).
  • Page 286 ProSafe Managed Switch Term Definition Default Passive Shows whether the interfaces are passive by default. Setting Default Route Indicates whether the default routes received from other source protocols are advertised Advertise or not. Always Shows whether default routes are always advertised. Metric The metric of the routes being redistributed.

  • Page 287: Show Ip Ospf Abr

    ProSafe Managed Switch Number of Active Areas......3 (3 normal, 0 stub, 0 nssa) ABR Status........Disable ASBR Status........Disable Stub Router........FALSE External LSDB Overflow......FALSE External LSA Count......0 External LSA Checksum......0 AS_OPAQUE LSA Count......0 AS_OPAQUE LSA Checksum......0 LSAs Originated.......0 LSAs Received.........0 LSA Count........0 Maximum Number of LSAs......18200 LSA High Water Mark......0 Retransmit List Entries......
  • Page 288 ProSafe Managed Switch Term Definition AreaID The area id of the requested OSPF area. External A number representing the external routing capabilities for this area. Routing Spf Runs The number of times that the intra-area route table has been calculated using this area's link-state database.

  • Page 289: Show Ip Ospf Asbr

    ProSafe Managed Switch show ip ospf asbr This command displays the internal OSPF routing table entries to Autonomous System Boundary Routers (ASBR). This command takes no options. Format show ip ospf asbr Mode • Privileged EXEC • User EXEC Term Definition Type The type of the route to the destination.

  • Page 290: Show Ip Ospf Database Database-Summary

    ProSafe Managed Switch Parameter Description adv-router Use adv-router to show the LSAs that are restricted by the advertising router. self-originate Use self-originate to display the LSAs in that are self originated. The information below is only displayed if OSPF is enabled The information below is only displayed if OSPF is enabled.

  • Page 291: Show Ip Ospf Interface

    ProSafe Managed Switch Term Definition Type-7 Ext Total number of Type-7 external LSAs in the database. Self-Originated Total number of self originated AS external LSAs in the OSPFv3 link state database. Type-7 Opaque Link Number of opaque link LSAs in the database. Opaque Area Number of opaque area LSAs in the database.

  • Page 292: Show Ip Ospf Interface Brief

    ProSafe Managed Switch Term Definition Metric Cost The cost of the OSPF interface. Passive Status Shows whether the interface is passive or not. OSPF Indicates whether to ignore MTU mismatches in database descriptor packets sent from MTU-ignore neighboring routers. The information below will only be displayed if OSPF is enabled. Term Definition OSPF Interface...

  • Page 293: Show Ip Ospf Interface Stats

    ProSafe Managed Switch Term Definition Retransmit A number representing the OSPF Retransmit Interval for the specified interface. Interval Retransmit A number representing the OSPF Transit Delay for the specified interface. Delay Interval LSA Ack A number representing the OSPF LSA Acknowledgment Interval for the specified Interval interface.
  • Page 294 ProSafe Managed Switch Term Definition Source Not On The number of received packets discarded because the source IP address is not within a Local Subnet subnet configured on a local interface. Note: This field only applies to OSPFv2. Virtual Link Not The number of received OSPF packets discarded where the ingress interface is in a Found non-backbone area and the OSPF header identifies the packet as belonging to the...

  • Page 295: Show Ip Ospf Neighbor

    ProSafe Managed Switch show ip ospf neighbor This command displays information about OSPF neighbors. If you do not specify a neighbor IP address, the output displays summary information in a table. If you specify an interface or tunnel, only the information for that interface or tunnel displays. The <ip-address> is the IP address of the neighbor, and when you specify this, detailed information about the neighbor displays.
  • Page 296 ProSafe Managed Switch If you specify an IP address for the neighbor router, the following fields display: Term Definition Interface Valid slot and port number separated by forward slashes. Neighbor IP The IP address of the neighbor router. Address Interface Index The interface ID of the neighbor router.

  • Page 297: Show Ip Ospf Range

    ProSafe Managed Switch show ip ospf range This command displays information about the area ranges for the specified <areaid>. The <areaid> identifies the OSPF area whose ranges are being displayed. Format show ip ospf range <areaid> Modes • Privileged EXEC •...

  • Page 298: Show Ip Ospf Stub Table

    ProSafe Managed Switch show ip ospf stub table This command displays the OSPF stub table. The information below will only be displayed if OSPF is initialized on the switch. Format show ip ospf stub table Modes • Privileged EXEC • User EXEC Term Definition Area ID...

  • Page 299: Show Ip Ospf Virtual-Link

    The high water marks are not cleared when OSPF counters are cleared. The following shows example CLI display output for the command. (netgear switch) #show ip ospf traffic Time Since Counters Cleared: 4000 seconds OSPFv2 Packet Statistics...

  • Page 300: Ospf Graceful Restart Commands

    ProSafe Managed Switch Term Definition Hello Interval The configured hello interval for the OSPF virtual interface. Dead Interval The configured dead interval for the OSPF virtual interface. Iftransit Delay The configured transit delay for the OSPF virtual interface. Interval Retransmit The configured retransmit interval for the OSPF virtual interface.

  • Page 301: Nsf

    ProSafe Managed Switch thereby avoiding announcement of a topology change and the potential for flooding of LSAs and shortest-path-first (SPF) runs, which determine OSPF routes. Helpful neighbors continue to forward packets through the restarting router. The restarting router relearns the network topology from its helpful neighbors.

  • Page 302: Nsf Helper

    ProSafe Managed Switch set long enough to allow the restarting router to reestablish all of its adjacencies and complete a full database exchange with each of those neighbors. Default 120 seconds Format nsf [ietf] restart-interval <1-1800> Modes OSPF Router Configuration Parameter Description ietf...

  • Page 303: Nsf Helper Disable

    ProSafe Managed Switch nsf helper disable Use this command to disable helpful neighbor functionality for OSPF. Note: The commands no nsf helper and nsf ietf helper disable are functionally equivalent. The command nsf ietf helper disable is supported solely for compatibility with other network software CLI.

  • Page 304: Max-Metric Router-Lsa

    ProSafe Managed Switch Format nsf [ietf] helper strict-lsa-checking Modes OSPF Router Configuration max-metric router-lsa To configure OSPF to enter stub router mode, use this command in Router OSPF Global Configuration mode. When OSPF is in stub router mode, as defined by RFC 3137, OSPF sets the metric in the non-stub links in its router LSA to LsInfinity.

  • Page 305: Ospf Interface Flap Dampening Commands

    ProSafe Managed Switch the command no max-metric router-lsa on-startup. The command no max-metric router-lsa summary-lsa causes OSPF to send summary LSAs with metrics computed using normal procedures defined in RFC 2328. Format no max-metric router-lsa [on-startup] [summary-lsa] Mode OSPFv2 Router Configuration OSPF Interface Flap Dampening Commands Dampening Use this command to enable IP event dampening on a routing interface.

  • Page 306: Show Dampening Interface

    Mode Privileged EXEC The following shows example CLI display output for the command. (netgear switch)# show dampening interface 2 interfaces are configured with dampening. 1 interface is being suppressed. show interface dampening This command displays the status and configured parameters of the interfaces configured with dampening.

  • Page 307: Routing Information Protocol (Rip) Commands

    Any change in the dampening configuration resets the current penalty, reuse time, and suppressed state to their default values, meaning 0, 0, and FALSE respectively. The following shows example CLI display output for the command. (netgear switch)# show interface dampening Interface 0/2 Flaps Penalty...

  • Page 308: Ip Rip

    ProSafe Managed Switch ip rip This command enables RIP on a router interface. Default disabled Format ip rip Mode Interface Config no ip rip This command disables RIP on a router interface. Format no ip rip Mode Interface Config auto-summary This command enables the RIP auto-summarization mode.

  • Page 309: Distance Rip

    ProSafe Managed Switch default-metric (RIP) This command is used to set a default for the metric of distributed routes. Format default-metric <0-15> Mode Router RIP Config no default-metric (RIP) This command is used to reset the default metric of distributed routes to its default value. Format no default-metric Mode...

  • Page 310: Ip Rip Authentication

    ProSafe Managed Switch no distribute-list out This command is used to specify the access list to filter routes received from the source protocol. Format no distribute-list <1-199> out {ospf | static | connected} Mode Router RIP Config ip rip authentication This command sets the RIP Version 2 Authentication Type and Key for the specified interface.

  • Page 311: Ip Rip Send Version

    ProSafe Managed Switch no ip rip receive version This command configures the interface to allow RIP control packets of the default version(s) to be received. Format no ip rip receive version Mode Interface Config ip rip send version This command configures the interface to allow RIP control packets of the specified version to be sent.

  • Page 312: Redistribute (Rip)

    ProSafe Managed Switch split-horizon This command sets the RIP split horizon mode. Split horizon is a technique for avoiding problems caused by including routes in updates sent to the router from which the route was originally learned. The options are: None - no special processing for this case. Simple - a route will not be included in updates sent to the router from which it was learned.

  • Page 313: Show Ip Rip

    ProSafe Managed Switch show ip rip This command displays information relevant to the RIP router. Format show ip rip Modes • Privileged EXEC • User EXEC Term Definition RIP Admin Enable or disable. Mode Split Horizon None, simple or poison reverse. Mode Auto Summary Enable or disable.

  • Page 314: Icmp Throttling Commands

    ProSafe Managed Switch Term Definition RIP Mode The administrative mode of router RIP operation (enabled or disabled). Link State The mode of the interface (up or down). show ip rip interface This command displays information related to a particular RIP interface. Format show ip rip interface {<unit/slot/port>...

  • Page 315: Ip Unreachables

    ProSafe Managed Switch ip unreachables Use this command to enable the generation of ICMP Destination Unreachable messages. By default, the generation of ICMP Destination Unreachable messages is enabled. Default enable Format ip unreachables Mode Interface Config no ip unreachables Use this command to prevent the generation of ICMP Destination Unreachable messages. Format no ip unreachables Mode...

  • Page 316: Ip Icmp Error-Interval

    ProSafe Managed Switch no ip icmp echo-reply Use this command to prevent the generation of ICMP Echo Reply messages by the router. Format no ip icmp echo-reply Mode Global Config ip icmp error-interval Use this command to limit the rate at which IPv4 ICMP error messages are sent. The rate limit is configured as a token bucket, with two configurable parameters, burst-size and burst-interval.

  • Page 317: Chapter 5 Ip Multicast Commands

    IP Multicast Commands This chapter describes the IP Multicast commands available in the managed switch CLI. Note: Some commands described in this chapter require a license. For more information, see Licensing and Command Support on page 8. This chapter contains the following sections: •...

  • Page 318: Ip Multicast

    ProSafe Managed Switch no ip mcast boundary This command deletes an administrative scope multicast boundary specified by <groupipaddr> and <mask> for which this multicast administrative boundary is applicable. <groupipaddr> is a group IP address and <mask> is a group IP mask. Format no ip mcast boundary <groupipaddr>...

  • Page 319: Show Ip Mcast

    ProSafe Managed Switch no ip multicast ttl-threshold This command applies the default <ttlthreshold> to a routing interface. The <ttlthreshold> is the TTL threshold which is to be applied to the multicast Data packets which are to be forwarded from the interface. Format no ip multicast ttl-threshold Mode...

  • Page 320: Show Ip Mcast Boundary

    ProSafe Managed Switch Term Definition Table Max Size The maximum number of entries allowed in the multicast table. Protocol The multicast protocol running on the router. Possible values are PIM-DM, PIM-SM, or DVMRP. Multicast The number of entries in the multicast forwarding cache. Forwarding Cache Entry Count...

  • Page 321: Show Ip Mcast Mroute Group

    ProSafe Managed Switch If you use the detail parameter, the command displays the following fields: Term Definition Source IP The IP address of the multicast data source. Group IP The IP address of the destination of the multicast packet. Expiry Time The time of expiry of this entry in seconds.

  • Page 322: Dvmrp Commands

    ProSafe Managed Switch show ip mcast mroute source This command displays the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces, RPF neighboring routers, and expiration times of all the entries in the multicast mroute table containing the given source IP address or source IP address and group IP address pair.

  • Page 323: Ip Dvmrp Metric

    ProSafe Managed Switch ip dvmrp(Global Config) This command sets administrative mode of DVMRP in the router to active. Default disabled Format ip dvmrp Mode Global Config no ip dvmrp(Global Config) This command sets administrative mode of DVMRP in the router to inactive. Format no ip dvmrp Mode...

  • Page 324: Show Ip Dvmrp

    ProSafe Managed Switch no ip dvmrp trapflags This command disables the DVMRP trap mode. Format no ip dvmrp trapflags Mode Global Config ip dvmrp This command sets the administrative mode of DVMRP on an interface to active. Default disabled Format ip dvmrp Mode Interface Config...

  • Page 325: Show Ip Dvmrp Interface

    ProSafe Managed Switch Term Definition Interface-Mode The mode of this interface. Possible values are Enabled and Disabled. Operational-stat The current state of DVMRP on this interface. Possible values are Operational or Non-Operational. show ip dvmrp interface This command displays the interface information for DVMRP on the specified interface. Format show ip dvmrp interface <unit/slot/port>...

  • Page 326: Show Ip Dvmrp Nexthop

    ProSafe Managed Switch Term Definition IfIndex The value of the interface used to reach the neighbor. Nbr IP Addr The IP address of the DVMRP neighbor for which this entry contains information. State The state of the neighboring router. The possible value for this field are ACTIVE or DOWN.

  • Page 327: Pim Commands

    ProSafe Managed Switch show ip dvmrp prune This command displays the table listing the router’s upstream prune information. Format show ip dvmrp prune Modes • Privileged EXEC • User EXEC Term Definition Group IP The multicast Address that is pruned. Source IP The IP address of the source that has pruned.

  • Page 328: Ip Pim Dense (Global Config)

    ProSafe Managed Switch routing across the Internet, independent of the mechanisms provided by any particular unicast routing protocol. ip pim dense (Global Config) This command enables the administrative mode of PIM-DM in the router. Default Disabled Format ip pim dense Mode Global Config no ip pim dense (Global Config)

  • Page 329: Show Ip Pim Interface

    ProSafe Managed Switch no ip pim hello-interval This command resets the transmission frequency of hello messages between PIM enabled neighbors to its default value. Format no ip pim hello-interval Mode Interface Config show ip pim interface This command displays the PIM Interface status parameters. If the interface number is not specified, this command displays the status parameters of all the PIM enabled interfaces.

  • Page 330: Show Ip Pim Neighbor

    ProSafe Managed Switch Join Prune Interval (secs) 60 DR Priority NA BSR Border Disabled Neighbor Count 1 Designated Router NA show ip pim neighbor This command displays the neighbor information for PIM on the specified interface. Format show ip pim neighbor <unit/slot/port> Modes Privileged EXEC Term...

  • Page 331: Ip Pim Bsr-Border

    ProSafe Managed Switch no ip pim sparse(Global Config) This command is used to administratively disable PIM-SM multicast routing mode on the router. Format no ip pim sparse Mode Global Config ip pim bsr-border Use this command to prevent bootstrap router (BSR) messages from being sent or received through an interface.

  • Page 332: Ip Pim Dr-Priority

    ProSafe Managed Switch no ip pim bsr-candidate This command is used to disable the router to announce its candidacy as a bootstrap router (BSR). Format no ip pim bsr-candidate interface [vlan | <unit/slot/port>] Mode Global Config ip pim dr-priority Use this command to set the priority value for which a router is elected as the designated router (DR).

  • Page 333: Ip Pim Rp-Candidate

    ProSafe Managed Switch <groupaddress> is the group address supported by the RP. The parameter <groupmask> is the group mask for the group address. The optional keyword override indicates that if there is a conflict, the RP configured with this command prevails over the RP learned by BSR.

  • Page 334: Ip Pim Ssm

    ProSafe Managed Switch ip pim ssm Use this command to define the Source Specific Multicast (SSM) range of IP multicast addresses. Default disabled Format ip pim ssm {default | <group-address> <group-mask>} Mode Global Config Parameter Description default-range Defines the SSM range access list to 232/8. no ip pim ssm This command is used to disable the Source Specific Multicast (SSM) range.

  • Page 335: Show Ip Pim Ssm

    ProSafe Managed Switch Term Definition PIM Mode Configured mode of PIM protocol (enabled or disabled). Interface Interface number. Interface-Mode Enable status of the interface. Operational-Sta Operational Status of the Interface. Example 1: (Switch) #show ip pim PIM Mode Dense Interface Interface-Mode Operational-Status --------- -------------- ------------------ 1/0/1 Enabled...

  • Page 336: Show Ip Pim Bsr-Router

    ProSafe Managed Switch show ip pim bsr-router This command displays the bootstrap router (BSR) information. The output includes elected BSR information and information about the locally configured candidate rendezvous point (RP) advertisement. Format show ip pim bsr-router [candidate | elected] Mode •...

  • Page 337: Show Ip Pim Rp Mapping

    ProSafe Managed Switch show ip pim rp mapping This command displays the mappings for the PIM group to the active rendezvous points.. Format show ip pim rp mapping [<rp address> | candidate | static] Modes Privileged EXEC Term Definition RP Address The IP address of the RP for the group specified.

  • Page 338: Internet Group Message Protocol (Igmp) Commands

    ProSafe Managed Switch Group Mask 255.255.0.0 Origin Static Expiry Time (hh:mm:ss) NA Internet Group Message Protocol (IGMP) Commands This section describes the commands you use to view and configure IGMP settings. ip igmp This command sets the administrative mode of IGMP in the system to active. Default disabled Format...

  • Page 339: Ip Igmp Last-Member-Query-Count

    ProSafe Managed Switch ip igmp last-member-query-count This command sets the number of Group-Specific Queries sent before the router assumes that there are no local members on the interface. The range for <count> is 1 to 20. Format ip igmp last-member-query-count <count> Modes Interface Config no ip igmp last-member-query-count...

  • Page 340: Ip Igmp Robustness

    ProSafe Managed Switch no ip igmp query-interval This command resets the query interval for the specified interface to the default value. This is the frequency at which IGMP Host-Query packets are transmitted on this interface. Format no ip igmp query-interval Modes Interface Config ip igmp query-max-response-time...

  • Page 341: Show Ip Igmp

    ProSafe Managed Switch ip igmp startup-query-count This command sets the number of Queries sent out on startup, separated by the Startup Query Interval on the interface. The range for <count> is 1 to 20. Default Format ip igmp startup-query-count <count> Mode Interface Config no ip igmp startup-query-count...

  • Page 342: Show Ip Igmp Groups

    ProSafe Managed Switch Term Definition IGMP Admin The administrative status of IGMP. This is a configured value. Mode Interface Valid slot and port number separated by forward slashes. Interface-Mode Indicates whether IGMP is enabled or disabled on the interface. This is a configured value.

  • Page 343: Show Ip Igmp Interface

    ProSafe Managed Switch Term Definition Version1 Host The time remaining until the local router assumes that there are no longer any IGMP Timer version 1 multicast members on the IP subnet attached to this interface. This could be an integer value or “-----” if there is no Version 1 host present. Version2 Host The time remaining until the local router assumes that there are no longer any IGMP Timer...

  • Page 344: Show Ip Igmp Interface Membership

    ProSafe Managed Switch show ip igmp interface membership This command displays the list of interfaces that have registered in the multicast group. Format show ip igmp interface membership <multiipaddr> [detail] Mode Privileged EXEC Term Definition Interface Valid unit, slot and port number separated by forward slashes. Interface IP The IP address of the interface participating in the multicast group.

  • Page 345: Igmp Proxy Commands

    ProSafe Managed Switch Term Definition Querier Status The status of the IGMP router, whether it is running in Querier mode or Non-Querier mode. Querier IP The IP address of the IGMP Querier on the IP subnet to which this interface is attached. Address Querier Up Time The time since the interface Querier was last changed.

  • Page 346: Ip Igmp-Proxy Unsolicit-Rprt-Interval

    ProSafe Managed Switch ip igmp-proxy unsolicit-rprt-interval This command sets the unsolicited report interval for the IGMP Proxy router. This command is valid only when you enable IGMP Proxy on the interface. The value of <interval> can be 1-260 seconds. Default Format ip igmp-proxy unsolicit-rprt-interval <interval>...

  • Page 347: Show Ip Igmp-Proxy Interface

    ProSafe Managed Switch Term Definition Number of The number of multicast groups that are associated with the IGMP Proxy interface. Multicast Groups Unsolicited The time interval at which the IGMP Proxy interface sends unsolicited group membership Report Interval report. Querier IP The IP address of the Querier, if any, in the network attached to the upstream interface Address on (IGMP-Proxy interface).

  • Page 348: Show Ip Igmp-Proxy Groups

    ProSafe Managed Switch Term Definition The IGMP version. Query Rcvd Number of IGMP queries received. Report Rcvd Number of IGMP reports received. Report Sent Number of IGMP reports sent. Leaves Rcvd Number of IGMP leaves received. Valid for version 2 only. Leaves Sent Number of IGMP leaves sent on the Proxy interface.

  • Page 349: Show Ip Igmp-Proxy Groups Detail

    ProSafe Managed Switch Term Definition Filter Mode Possible values are Include or Exclude. Sources The number of sources attached to the multicast group. Example: The following shows example CLI display output for the command. (Switch) #show ip igmp-proxy groups Interface Index........ 1/0/1 Group Address Last Reporter Up Time...
  • Page 350 ProSafe Managed Switch Term Definition Group Source The list of IP addresses of the sources attached to the multicast group. List Expiry Time Time left before a source is deleted. Example: The following shows example CLI display output for the command. (Switch) #show ip igmp-proxy groups Interface Index........

  • Page 351: Chapter 6 Ipv6 Commands

    IPv6 Commands This chapter describes the IPv6 commands available in the managed switch CLI. Note: Some commands described in this chapter require a license. For more information, see Licensing and Command Support on page 8. This chapter contains the following sections: •...

  • Page 352: Interface Tunnel

    ProSafe Managed Switch tunnel from the destination address of packets routed into the tunnel. To assign an IP address to the tunnel interface, see ip address on page 224. To assign an IPv6 address to the tunnel interface, see ipv6 address on page 355.

  • Page 353: Ipv6 Routing Commands

    ProSafe Managed Switch show interface tunnel This command displays the parameters related to tunnel such as tunnel mode, tunnel source address and tunnel destination address. Format show interface tunnel [<tunnel-id>] Mode Privileged EXEC If you do not specify a tunnel ID, the command shows the following information for each configured tunnel: Term Definition...

  • Page 354: Ipv6 Enable

    ProSafe Managed Switch advertisements and a value of 64 is sent in packets originated by the node. Note that this is not the same as configuring a value of 64. Default not configured Format ipv6 hop-limit <hops> Mode Global Config no ipv6 hop-limit This command returns the unicast hop count to the default.

  • Page 355: Ipv6 Address

    ProSafe Managed Switch no ipv6 enable Use this command to disable IPv6 routing on an interface. Format no ipv6 enable Mode Interface Config ipv6 address Use this command to configure an IPv6 address on an interface, including tunnel and loopback interfaces, and to enable IPv6 processing on this interface. You can assign multiple globally reachable addresses to an interface by using this command.

  • Page 356: Ipv6 Address Autoconfig

    ProSafe Managed Switch ipv6 address autoconfig This command is used to enable stateless address autoconfiguration capability. Note: When unicast-routing is enabled, autoconfig mode doesn’t work. Format ipv6 address autoconfig Mode Interface Config ipv6 address autoconfig This command disables the stateless autoconfiguration. Format no ipv6 address autoconfig Mode...

  • Page 357: Ipv6 Route Distance

    ProSafe Managed Switch using a link-local address as the next hop. A route with a preference of 255 cannot be used to forward traffic. Default disabled Format ipv6 route <ipv6-prefix>/<prefix_length> {<next-hop-address> | Null0 | interface {<unit/slot/port> | tunnel <tunnel_id>} <next-hop-address>} [<preference>] Mode Global Config no ipv6 route...

  • Page 358: Ipv6 Mtu

    ProSafe Managed Switch ipv6 mtu This command sets the maximum transmission unit (MTU) size, in bytes, of IPv6 packets on an interface. This command replaces the default or link MTU with a new MTU value. Note: The default MTU value for a tunnel interface is 1480. You cannot change this value.

  • Page 359: Ipv6 Nd Managed-Config-Flag

    ProSafe Managed Switch ipv6 nd managed-config-flag This command sets the “managed address configuration” flag in router advertisements. When the value is true, end nodes use DHCPv6. When the value is false, end nodes automatically configure addresses. Default false Format ipv6 nd managed-config-flag Mode Interface Config no ipv6 nd managed-config-flag...

  • Page 360: Ipv6 Nd Ra-Interval

    ProSafe Managed Switch no ipv6 nd other-config-flag This command resets the “other stateful configuration” flag back to its default value in router advertisements sent from the interface. Format no ipv6 nd other-config-flag Mode Interface Config ipv6 nd ra-interval This command sets the transmission interval between router advertisements. Default Format ipv6 nd ra-interval-max <4- 1800>...

  • Page 361: Ipv6 Nd Reachable-Time

    ProSafe Managed Switch ipv6 nd reachable-time This command sets the router advertisement time to consider a neighbor reachable after neighbor discovery confirmation. Reachable time is specified in milliseconds. A value of zero means the time is unspecified by the router. Default Format ipv6 nd reachable-time <0–3600000>...

  • Page 362: Ipv6 Unreachables

    ProSafe Managed Switch ipv6 nd router-preference This command will set the router preference to default. Format no ipv6 router-preference Mode Interface Config ipv6 unreachables Use this command to enable the generation of ICMPv6 Destination Unreachable messages. By default, the generation of ICMPv6 Destination Unreachable messages is enabled. Default enable Format...

  • Page 363: Show Ipv6 Brief

    ProSafe Managed Switch no ipv6 icmp error-interval Use the no form of the command to return burst-interval and burst-size to their default values. Format no ipv6 icmp error-interval Mode Global Config show ipv6 brief Use this command to display the IPv6 status of forwarding mode and IPv6 unicast routing mode.

  • Page 364: Show Ipv6 Interface

    ProSafe Managed Switch show ipv6 interface Use this command to show the usability status of IPv6 interfaces and whether ICMPv6 Destination Unreachable messages may be sent. Format show ipv6 interface {brief | <unit/slot/port> |tunnel <0-7> | loopback <0-7>} Mode Privileged EXEC If you use the brief parameter, the following information displays for all configured IPv6 interfaces: Term...
  • Page 365 ProSafe Managed Switch Term Definition Router The frequency, in seconds, that router advertisements are sent. Advertisement Interval Router Shows whether the managed configuration flag is set (enabled) for router advertisements Advertisement on this interface. Managed Config Flag Router Shows whether the other configuration flag is set (enabled) for router advertisements on Advertisement this interface.

  • Page 366: Clear Ipv6 Neighbors

    ProSafe Managed Switch show ipv6 neighbor Use this command to display information about the IPv6 neighbors. Format show ipv6 neighbor Mode Privileged EXEC Term Definition Interface The interface in unit/slot/port format. IPv6 Address IPV6 address of neighbor or interface. MAC Address Link-layer Address.
  • Page 367 ProSafe Managed Switch Note: If you use the connected keyword for <protocol>, the all option is not available because there are no best or non-best connected routes. Format show ipv6 route [{<ipv6-address> [<protocol>] | {{<ipv6-prefix/ipv6-prefix-length> | <unit/slot/port>} [<protocol>] | <protocol> | summary} [all] | all}] Modes •...

  • Page 368: Show Ipv6 Route Ecmp-Groups

    ProSafe Managed Switch Example: The following shows example CLI display output for the command. (Switch) #show ipv6 route IPv6 Routing Table - 3 entries Codes: C - connected, S - static O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF Ext 1, OE2 - OSPF Ext 2 ON1 - OSPF NSSA Ext Type 1, ON2 - OSPF NSSA Ext Type 2 2001::/64 [10/0] directly connected, Null0...

  • Page 369: Show Ipv6 Route Preferences

    ProSafe Managed Switch show ipv6 route preferences Use this command to show the preference value associated with the type of route. Lower numbers have a greater preference. A route with a preference of 255 cannot be used to forward traffic. Format show ipv6 route preferences Mode...
  • Page 370 ProSafe Managed Switch Term Definition Alternate The number of alternate routes currently in the routing table. An alternate route is a route Routes that was not selected as the best route to its destination. Route Adds The number of routes added to the routing table. Route Modifies The number of routes that changed after they were initially added to the routing table.

  • Page 371: Show Ipv6 Vlan

    ProSafe Managed Switch OSPF Routes........13 Intra Area Routes......0 Inter Area Routes......13 External Type-1 Routes....... 0 External Type-2 Routes....... 0 Reject Routes........0 Total routes........17 Best Routes (High)......17 (17) Alternate Routes....... 0 Route Adds........44 Route Deletes........27 Unresolved Route Adds......

  • Page 372: Show Ipv6 Traffic

    ProSafe Managed Switch Column Definition Headings Logical The interface in unit/slot/port format that is associated with the VLAN ID. Interface IPv6 The IPv6 prefix and prefix length associated with the VLAN ID. Address/Prefix Length show ipv6 traffic Use this command to show traffic and statistics for IPv6 and ICMPv6. Specify a logical, loopback, or tunnel interface to view information about traffic on a specific interface.
  • Page 373 ProSafe Managed Switch Term Definition Received Datagrams Number of input IPv6 datagrams for which no problems were encountered to Discarded Other prevent their continue processing, but which were discarded (e.g., for lack of buffer space). Note that this counter does not include datagrams discarded while awaiting re-assembly.
  • Page 374 ProSafe Managed Switch Term Definition ICMPv6 Messages with Number of ICMP messages which the interface received but determined as errors having ICMP-specific errors (bad ICMP checksums, bad length, etc.). ICMPv6 Destination Number of ICMP Destination Unreachable messages received by the interface. Unreachable Messages ICMPv6 Messages Number of ICMP destination unreachable/communication administratively...

  • Page 375: Clear Ipv6 Route Counters

    ProSafe Managed Switch Term Definition ICMPv6 Time Exceeded Number of ICMP Time Exceeded messages sent by the interface. Messages Transmitted ICMPv6 Parameter Number of ICMP Parameter Problem messages sent by the interface. Problem Messages Transmitted ICMPv6 Packet Too Big Number of ICMP Packet Too Big messages sent by the interface. Messages Transmitted ICMPv6 Echo Request Number of ICMP Echo (request) messages sent by the interface.ICMP echo...

  • Page 376: Ospfv3 Commands

    ProSafe Managed Switch clear ipv6 statistics Use this command to clear IPv6 statistics for all interfaces or for a specific interface, including loopback and tunnel interfaces. IPv6 statistics display in the output of the show ipv6 traffic command. If you do not specify an interface, the counters for all IPv6 traffic statistics reset to zero.

  • Page 377: Ipv6 Ospf Cost

    ProSafe Managed Switch ipv6 ospf cost This command configures the cost on an OSPF interface. The <cost> parameter has a range of 1 to 65535. Default Format ipv6 ospf cost <1-65535> Mode Interface Config no ipv6 ospf cost This command configures the default cost on an OSPF interface. Format no ipv6 ospf cost Mode...

  • Page 378: Ipv6 Ospf Network

    ProSafe Managed Switch Format ipv6 ospf hello-interval <seconds> Mode Interface Config no ipv6 ospf hello-interval This command sets the default OSPF hello interval for the specified interface. Format no ipv6 ospf hello-interval Mode Interface Config ipv6 ospf mtu-ignore This command disables OSPF maximum transmission unit (MTU) mismatch detection. OSPF Database Description packets specify the size of the largest IP packet that can be sent without fragmentation on the interface.

  • Page 379: Ipv6 Ospf Priority

    ProSafe Managed Switch no ipv6 ospf network This command sets the interface type to the default value. Format no ipv6 ospf network {broadcast | point-to-point} Mode Interface Config ipv6 ospf priority This command sets the OSPF priority for the specified router interface. The priority of the interface is a priority integer from 0 to 255.

  • Page 380: Ipv6 Router Ospf

    ProSafe Managed Switch ipv6 ospf transmit-delay This command sets the OSPF Transit Delay for the specified interface. The transmit delay is specified in seconds. In addition, it sets the estimated number of seconds it takes to transmit a link state update packet over this interface. Valid values for <seconds> range from 1 to 3600 (1 hour).

  • Page 381: Area Nssa Default-Info-Originate (Ospfv)

    ProSafe Managed Switch no area nssa(OSPFv3) This command disables nssa from the specified area id. Format no area <areaid> nssa Mode Router OSPFv3 Config area nssa default-info-originate (OSPFv3) This command configures the metric value and type for the default route advertised into the NSSA.

  • Page 382: Area Nssa No-Summary (Ospfv)

    ProSafe Managed Switch area nssa no-summary (OSPFv3) This command configures the NSSA so that summary LSAs are not advertised into the NSSA. Format area <areaid> nssa no-summary Mode Router OSPFv3 Config no area nssa no-summary (OSPFv3) This command disables nssa from the summary LSAs. Format no area <areaid>...

  • Page 383: Area Range (Ospfv)

    ProSafe Managed Switch no area nssa translator-stab-intv (OSPFv3) This command disables the nssa translator’s <stabilityinterval> from the specified area id. Format no area <areaid> nssa translator-stab-intv <stabilityinterval> Mode Router OSPF Config area range (OSPFv3) This command creates a specified area range for a specified NSSA. The <ipaddr> is a valid IP address.

  • Page 384: Area Stub No-Summary (Ospfv)

    ProSafe Managed Switch area stub no-summary (OSPFv3) This command disables the import of Summary LSAs for the stub area identified by <areaid>. Default enabled Format area <areaid> stub no-summary Mode Router OSPFv3 Config no area stub no-summary(OSPFv3) This command sets the Summary LSA import mode to the default for the stub area identified by <areaid>.

  • Page 385: Area Virtual-Link Hello-Interval (Ospfv)

    ProSafe Managed Switch no area virtual-link dead-interval(OSPFv3) This command configures the default dead interval for the OSPF virtual interface on the virtual interface identified by <areaid> and <neighbor>. The <neighbor> parameter is the Router ID of the neighbor. Format no area <areaid> virtual-link <neighbor> dead-interval Mode Router OSPFv3 Config area virtual-link hello-interval (OSPFv3)

  • Page 386: Area Virtual-Link Transmit-Delay (Ospfv)

    ProSafe Managed Switch no area virtual-link retransmit-interval(OSPFv3) This command configures the default retransmit interval for the OSPF virtual interface on the virtual interface identified by <areaid> and <neighbor>. The <neighbor> parameter is the Router ID of the neighbor. Format no area <areaid> virtual-link <neighbor> retransmit-interval Mode Router OSPFv3 Config area virtual-link transmit-delay (OSPFv3)

  • Page 387: Clear Ipv6 Ospf

    ProSafe Managed Switch Format auto-cost reference-bandwidth <1 to 4294967> Mode Router OSPFv3 Config no auto-cost reference-bandwidth (OSPFv3) Use this command to set the reference bandwidth to the default value. Format no auto-cost reference-bandwidth Mode Router OSPFv3 Config clear ipv6 ospf Use this command to disable and re-enable OSPF.

  • Page 388: Clear Ipv6 Ospf Neighbor Interface

    ProSafe Managed Switch clear ipv6 ospf neighbor interface To drop adjacency with all neighbors on a specific interface, use the optional parameter [unit/slot/port]. To drop adjacency with a specific router ID on a specific interface, use the optional parameter [neighbor-id]. Format clear ipv6 ospf neighbor interface [unit/slot/port] [neighbor-id] Mode...

  • Page 389: Distance Ospf (Ospfv)

    ProSafe Managed Switch no default-metric (OSPFv3) This command is used to set a default for the metric of distributed routes. Format no default-metric Mode Router OSPFv3 Config distance ospf (OSPFv3) This command sets the route preference value of OSPF route types in the router. Lower route preference values are preferred when determining the best route.

  • Page 390: Exit-Overflow-Interval (Ospfv)

    ProSafe Managed Switch exit-overflow-interval (OSPFv3) This command configures the exit overflow interval for OSPF. It describes the number of seconds after entering Overflow state that a router will wait before attempting to leave the overflow state. This allows the router to again originate non-default AS-external-LSAs. When set to 0, the router will not leave overflow state until restarted.

  • Page 391: Maximum-Paths (Ospfv)

    ProSafe Managed Switch maximum-paths (OSPFv3) This command sets the number of paths that OSPF can report for a given destination where maxpaths is platform dependent. Default Format maximum-paths <maxpaths> Mode Router OSPFv3 Config no maximum-paths This command resets the number of paths that OSPF can report for a given destination back to its default value.

  • Page 392: Redistribute (Ospfv)

    ProSafe Managed Switch no passive-interface(OSPFv3) Use this command to set the interface or tunnel as non-passive. It overrides the global passive mode that is currently effective on the interface or tunnel. Format no passive-interface {<unit/slot/port> | tunnel <tunnel-id>} Mode Router OSPFv3 Config redistribute (OSPFv3) This command configures the OSPFv3 protocol to allow redistribution of routes from the specified source protocol/routers.

  • Page 393: Trapflags (Ospfv)

    ProSafe Managed Switch trapflags (OSPFv3) Use this command to enable individual OSPF traps, enable a group of trap flags at a time, or enable all the trap flags at a time. The different groups of trapflags, and each group’s specific trapflags to enable or disable, are listed in Table 2, Trapflag Groups (OSPFv3).

  • Page 394: Show Ipv6 Ospf

    ProSafe Managed Switch • To enable all the flags, give the command as trapflags all. Default disabled Format trapflags { all | errors {all | authentication-failure | bad-packet | config-error | virt- authentication-failure | virt-bad-packet | virt-config-error} | if-rx {all | if-rx-packet} | lsa {all | lsa-maxage | lsa-originate} | overflow {all | lsdb-overflow | lsdb-approaching-overflow} | retransmit {all | packets | virt-packets} |...
  • Page 395 ProSafe Managed Switch Note: Some of the information below displays only if you enable OSPF and configure certain features. Term Definition Router ID A 32 bit integer in dotted decimal format identifying the router, about which information is displayed. This is a configured value. OSPF Admin Shows whether the administrative mode of OSPF in the router is enabled or disabled.
  • Page 396 ProSafe Managed Switch Term Definition Maximum The maximum number of LSAs that can be waiting for acknowledgment at any given Number of time. Retransmit Entries Retransmit The highest number of LSAs that have been waiting for acknowledgment. Entries High Water Mark External LSDB The maximum number of non-default AS-external-LSAs entries that can be stored in the Limit...

  • Page 397: Show Ipv6 Ospf Abr

    ProSafe Managed Switch show ipv6 ospf abr This command displays the internal OSPFv3 routes to reach Area Border Routers (ABR). This command takes no options. Format show ipv6 ospf abr Modes • Privileged EXEC • User EXEC Term Definition Type The type of the route to the destination.

  • Page 398: Show Ipv6 Ospf Asbr

    ProSafe Managed Switch Term Definition Stub Mode Represents whether the specified Area is a stub area or not. The possible values are enabled and disabled. This is a configured value. Import Shows whether to import summary LSAs (enabled). Summary LSAs OSPF Stub The metric value of the stub area.

  • Page 399: Show Ipv6 Ospf Database

    ProSafe Managed Switch Term Definition Cost Cost of using this route. Area ID The area ID of the area from which this route is learned. Next Hop Next hop toward the destination. Next Hop Intf The outgoing router interface to use when forwarding traffic to the next hop. show ipv6 ospf database This command displays information about the link state database when OSPFv3 is enabled.

  • Page 400: Show Ipv6 Ospf Interface

    ProSafe Managed Switch show ipv6 ospf database database-summary Use this command to display the number of each type of LSA in the database and the total number of LSAs in the database. Format show ipv6 ospf database database-summary Modes • Privileged EXEC •...

  • Page 401: Show Ipv6 Ospf Interface Brief

    ProSafe Managed Switch Term Definition OSPF Area ID The area ID associated with this interface. Router Priority The router priority. The router priority determines which router is the designated router. Retransmit The frequency, in seconds, at which the interface sends LSA. Interval Hello Interval The frequency, in seconds, at which the interface sends Hello packets.

  • Page 402: Show Ipv6 Ospf Interface Stats

    ProSafe Managed Switch Term Definition Interface Valid slot and port number separated by forward slashes. Admin Mode States whether OSPF is enabled or disabled on a router interface. Area ID The OSPF Area ID for the specified interface. Router Priority The router priority.

  • Page 403: Show Ipv6 Ospf Neighbor

    ProSafe Managed Switch Term Definition LSA Acks The total number of LSA acknowledged from this interface. Received LSA Acks Sent The total number of LSAs acknowledged to this interface. Sent Packets The number of OSPF packets transmitted on the interface. Received The number of valid OSPF packets received on the interface.
  • Page 404 ProSafe Managed Switch If you do not specify an IP address, a table with the following columns displays for all neighbors or the neighbor associated with the interface that you specify: Term Definition Router ID The 4-digit dotted-decimal number of the neighbor router. Priority The OSPF priority for the specified interface.

  • Page 405: Show Ipv6 Ospf Range

    ProSafe Managed Switch Term Definition Events Number of times this neighbor relationship has changed state, or an error has occurred. Retransmission An integer representing the current length of the retransmission queue of the specified Queue Length neighbor router Id of the specified interface. show ipv6 ospf range This command displays information about the area ranges for the specified <areaid>.

  • Page 406: Show Ipv6 Ospf Virtual-Link

    ProSafe Managed Switch show ipv6 ospf virtual-link This command displays the OSPF Virtual Interface information for a specific area and neighbor. The <areaid> parameter identifies the area and the <neighbor> parameter identifies the neighbor’s Router ID. Format show ipv6 ospf virtual-link <areaid> <neighbor> Modes •...

  • Page 407: Ospfv3 Graceful Restart Commands

    ProSafe Managed Switch Term Definition Retransmit The configured retransmit interval for the OSPFV3 virtual interface. Interval Transit Delay The configured transit delay for the OSPFV3 virtual interface. OSPFv3 Graceful Restart Commands The managed switch implementation of OSPFv3 supports graceful restart as specified in RFC 5187 and RFC 3623.

  • Page 408: Nsf Ietf Helper Disable (Ospfv)

    ProSafe Managed Switch The grace LSA announcing the graceful restart includes the reason for the restart. Reasons 1 (software restart) and 2 (software reload/upgrade) are considered planned restarts. Reasons 0 (unknown) and 3 (switch to redundant control processor) are considered unplanned restarts.

  • Page 409: Dhcpv6 Commands

    ProSafe Managed Switch no nsf [ietf] helper strict-lsa-checking (OSPFv3) This command allows OSPF to continue as a helpful neighbor in spite of topology changes. nsf restart-interval (OSPFv3) This command configures the length of the grace period on the restarting router. The grace period must be set long enough to allow the restarting router to reestablish all of its adjacencies and complete a full database exchange with each of its neighbors.

  • Page 410: Ipv6 Dhcp Server

    ProSafe Managed Switch ipv6 dhcp server Use this command to configure DHCPv6 server functionality on an interface. The <pool-name> is the DHCPv6 pool containing stateless and/or prefix delegation parameters, rapid-commit is an option that allows for an abbreviated exchange between the client and server, and <pref-value>...

  • Page 411: Domain-Name (Ipv)

    ProSafe Managed Switch These pools are shared between multiple interfaces over which DHCPv6 server capabilities are configured. Format ipv6 dhcp pool <pool-name> Mode Global Config no ipv6 dhcp pool This command removes the specified DHCPv6 pool. Format no ipv6 dhcp pool <pool-name> Mode Global Config domain-name (IPv6)

  • Page 412: Show Ipv6 Dhcp

    ProSafe Managed Switch prefix-delegation (IPv6) Multiple IPv6 prefixes can be defined within a pool for distributing to specific DHCPv6 Prefix delegation clients. Prefix is the delegated IPv6 prefix. DUID is the client’s unique DUID value (Example: 00:01:00:09:f8:79:4e:00:04:76:73:43:76'). Name is 31 characters textual client’s name, which is useful for logging or tracing only.
  • Page 413 ProSafe Managed Switch Term Definition DHCPv6 Solicit Packets Number of solicit received statistics. Received DHCPv6 Request Packets Number of request received statistics. Received DHCPv6 Confirm Packets Number of confirm received statistics. Received DHCPv6 Renew Packets Number of renew received statistics. Received DHCPv6 Rebind Packets Number of rebind received statistics.

  • Page 414: Show Ipv6 Dhcp Interface

    ProSafe Managed Switch show ipv6 dhcp interface This command displays DHCPv6 information for all relevant interfaces or the specified interface. If you specify an interface, you can use the optional statistics parameter to view statistics for the specified interface. Format show ipv6 dhcp interface <unit/slot/port>...

  • Page 415: Show Ipv6 Dhcp Pool

    ProSafe Managed Switch show ipv6 dhcp pool This command displays configured DHCP pool. Format show ipv6 dhcp pool <pool-name> Mode Privileged EXEC Term Definition DHCP Pool Unique pool name configuration. Name Client DUID Client’s DHCP unique identifier. DUID is generated using the combination of the local system burned-in MAC address and a timestamp value.
  • Page 416 ProSafe Managed Switch Term Definition Valid Lifetime Valid lifetime in seconds for delegated prefix. Preferred Preferred lifetime in seconds for delegated prefix. Lifetime IPv6 Commands...

  • Page 417: Chapter 7 Ipv6 Multicast Commands

    IPv6 Multicast Commands This chapter describes the IPv6 multicast commands available in the managed switch CLI. Note: Some commands described in this chapter require a license. For more information, see Licensing and Command Support on page 8. This chapter contains the following sections: •...

  • Page 418: Show Ipv6 Mroute

    ProSafe Managed Switch show ipv6 mroute Use this command to show the mroute entries specific for IPv6. (This command is the IPv6 equivalent of the IPv4 show ip mcaste mroute command.) Format show ipv6 mroute {detail | summary} Modes • Privileged EXEC •...

  • Page 419: Show Ipv6 Mroute Source

    ProSafe Managed Switch Term Definition Source IP The IP address of the multicast data source. Group IP The IP address of the destination of the multicast packet. Protocol The multicast routing protocol by which this entry was created. Incoming The interface on which the packet for this group arrives. Interface Outgoing The list of outgoing interfaces on which this packet is forwarded.

  • Page 420: Ipv6 Pim Commands

    ProSafe Managed Switch Term Definition Incoming The interface on which the packet for this source arrives. Interface Outgoing The list of outgoing interfaces on which this packet is forwarded. Interface List IPv6 PIM Commands This section describes the Protocol Independent Multicast (PIM) commands that support the PIM version of IPv6.

  • Page 421: Show Ipv6 Pim

    ProSafe Managed Switch ipv6 pim hello-interval Use this command to configure the PIM hello interval for the specified router interface. The hello-interval is specified in seconds and is in the range 10–18000. Default Format ipv6 pim hello-interval <10-18000> Mode Interface Config no ipv6 pim hello-interval Use this command to set the PIM hello interval to the default value.

  • Page 422: Show Ipv6 Pim Neighbor

    ProSafe Managed Switch show ipv6 pim neighbor Use this command to display the PIM neighbor information for all interfaces or for the specified interface. Format show ipv6 pim neighbor [<unit/slot/port>|vlan] Modes • Privileged EXEC • User EXEC Term Definition Interface Valid slot and port number separated by forward slashes.

  • Page 423: Ipv6 Pim Bsr-Border

    ProSafe Managed Switch Term Definition Neighbor Count Number of PIM neighbors discovered on the interface. This field is displayed only when the interface is operational. Designated-Router IP address of the elected DR on the interface. This field is displayed only when the interface is operational.

  • Page 424: Ipv6 Pim Dr-Priority

    ProSafe Managed Switch Parameters Description hash-mask-length Length of a mask (32 bits maximum) that is to be ANDed with the group address before the hash function is called. All groups with the same seed hash correspond to the same RP. For example, if this value was 24, only the first 24 bits of the group addresses matter.

  • Page 425: Ipv6 Pim Rp-Address

    ProSafe Managed Switch Format ipv6 pim join-prune-interval <0-18000> Mode Interface Config no ipv6 pim join-prune-interval Use this command to set the join/prune interval to the default value. Format no ipv6 pim join-prune-interval Mode Interface Config ipv6 pim rp-address Use this command to statically configure the RP address for one or more multicast groups. The parameter <rp-address>...

  • Page 426: Ipv6 Pim Ssm

    ProSafe Managed Switch no ipv6 pim rp-candidate Use this command to disable the router to advertise itself as a PIM candidate rendezvous point (RP) to the bootstrap router (BSR). Format no ipv6 pim rp-candidate interface <unit/slot/port> <group-address> <group-mask> Mode Global Config ipv6 pim ssm Use this command to define the Source Specific Multicast (SSM) range of IP multicast addresses.

  • Page 427: Ipv6 Mld Commands

    ProSafe Managed Switch Term Definition Hash Mask Length of a mask (maximum 32 bits) that is to be ANDed with the group address Length before the hash function is called. This value is configured in the ip pim bsr-candidate command. Next Bootstrap Time (in hours, minutes, and seconds) in which the next bootstrap message is due Message In...

  • Page 428: Ipv6 Mld Router

    ProSafe Managed Switch ipv6 mld router Use this command, in the administrative mode of the router, to enable MLD in the router. Default Disabled Format ipv6 mld router Mode • Global Config • Interface Config no ipv6 mld router Use this command, in the administrative mode of the router, to disable MLD in the router. Default Disabled Format...

  • Page 429: Ipv6 Mld Last-Member-Query-Interval

    ProSafe Managed Switch no ipv6 mld query-max-response-time This command resets the MLD query max response time for the interface to the default value. Format no ipv6 mld query-max-response-time Mode Interface Config ipv6 mld last-member-query-interval Use this command to set the last member query interval for the MLD interface, which is the value of the maximum response time parameter in the group specific queries sent out of this interface.

  • Page 430: Show Ipv6 Mld Groups

    ProSafe Managed Switch show ipv6 mld groups Use this command to display information about multicast groups that MLD reported. The information is displayed only when MLD is enabled on at least one interface. If MLD was not enabled on even one interface, there is no group information to be displayed. Format show ipv6 mld groups {<unit/slot/port>...

  • Page 431: Show Ipv6 Mld Interface

    ProSafe Managed Switch Example: The following shows examples of CLI display output for the commands. (Switch) #show ipv6 mld groups ? <group-address> Enter Group Address Info. <unit/slot/port> Enter interface in unit/slot/port format. (Switch) #show ipv6 mld groups 1/0/1 Group Address........FF43::3 Interface........

  • Page 432: Show Ipv6 Mld Traffic

    ProSafe Managed Switch Field Description Query Max Indicates the configured maximum query response time (in seconds) advertised in MLD Response Time queries on this interface. Robustness Displays the configured value for the tuning for the expected packet loss on a subnet attached to the interface.

  • Page 433: Ipv6 Mld-Proxy Commands

    ProSafe Managed Switch Field Description Valid MLD Packets Received The number of valid MLD packets received by the router. Valid MLD Packets Sent The number of valid MLD packets sent by the router. Queries Received The number of valid MLD queries received by the router. Queries Sent The number of valid MLD queries sent by the router.

  • Page 434: Ipv6 Mld-Proxy Unsolicit-Rprt-Interval

    ProSafe Managed Switch ipv6 mld-proxy unsolicit-rprt-interval Use this command to set the unsolicited report interval for the MLD-Proxy router. This command is only valid when you enable MLD-Proxy on the interface. The value of <interval> is 1-260 seconds. Default Format ipv6 mld-proxy unsolicit-rprt-interval <interval>...

  • Page 435: Show Ipv6 Mld-Proxy Interface

    ProSafe Managed Switch Field Description Number of Multicast Groups The number of multicast groups that are associated with the MLD-Proxy interface. Unsolicited Report Interval The time interval at which the MLD-Proxy interface sends unsolicited group membership report. Querier IP Address on Proxy The IP address of the Querier, if any, in the network attached to the Interface upstream interface (MLD-Proxy interface).

  • Page 436: Show Ipv6 Mld-Proxy Groups

    ProSafe Managed Switch Term Definition Leaves Rcvd Number of MLD leaves received. Valid for version 2 only. Leaves Sent Number of MLD leaves sent on the Proxy interface. Valid for version 2 only. Example: The following shows example CLI display output for the command. (Switch) #show ipv6 mld-proxy interface Interface Index........

  • Page 437: Show Ipv6 Mld-Proxy Groups Detail

    ProSafe Managed Switch ------------- -------------- ---------- ----------------- -------------- ------- FF1E::1 FE80::100:2.3 00:01:40 DELAY_MEMBER Exclude FF1E::2 FE80::100:2.3 00:02:40 DELAY_MEMBER Include FF1E::3 FE80::100:2.3 00:01:40 DELAY_MEMBER Exclude FF1E::4 FE80::100:2.3 00:02:44 DELAY_MEMBER Include show ipv6 mld-proxy groups detail Use this command to display information about multicast groups that MLD-Proxy reported. Format show ipv6 mld-proxy groups detail Mode...
  • Page 438 ProSafe Managed Switch 2001::2 -------- FF1E::2 FE80::100:2.3 DELAY_MEMBER Include Group Source List Expiry Time ------------------ --------------- 3001::1 00:03:32 3002::2 00:03:32 FF1E::3 FE80::100:2.3 DELAY_MEMBER Exclude FF1E::4 FE80::100:2.3 DELAY_MEMBER Include Group Source List Expiry Time ------------------ --------------- 4001::1 00:03:40 5002::2 00:03:40 4001::2 00:03:40 5002::2 00:03:40...

  • Page 439: Chapter 8 Quality Of Service (Qos) Commands

    Quality of Service (QoS) Commands This chapter describes the Quality of Service (QoS) commands available in the managed switch CLI. This chapter contains the following sections: • Class of Service (CoS) Commands • Differentiated Services (DiffServ) Commands • DiffServ Class Commands •...

  • Page 440: Classofservice Dot1P-Mapping

    ProSafe Managed Switch Note: Commands you issue in the Interface Config mode only affect a single interface. Commands you issue in the Global Config mode affect all interfaces. classofservice dot1p-mapping This command maps an 802.1p priority to an internal traffic class. The <userpriority> values can range from 0-7.

  • Page 441: Classofservice Trust

    ProSafe Managed Switch classofservice trust This command sets the class of service trust mode of an interface. You can set the mode to trust one of the Dot1p (802.1p), IP DSCP, or IP Precedence packet markings. You can also set the interface mode to untrusted. If you configure an interface to use Dot1p, the mode does not appear in the output of the show running config command because Dot1p is the default.

  • Page 442: Cos-Queue Strict

    ProSafe Managed Switch no cos-queue min-bandwidth This command restores the default for each queue's minimum bandwidth value. Format no cos-queue min-bandwidth Modes • Global Config • Interface Config cos-queue strict This command activates the strict priority scheduler mode for each specified queue. Format cos-queue strict <queue-id-1>...

  • Page 443: No Cos-Queue Random-Detect

    ProSafe Managed Switch no cos-queue random-detect Use this command to disable WRED and restore the default tail drop operation for the specified queues on all interfaces or one interface. Format cos-queue random-detect queue-id-1 [queue-id-2 … queue-id-n] Modes • Global Config •...

  • Page 444: Show Classofservice Dot1P-Mapping

    ProSafe Managed Switch The last precedence applies to all non-TCP traffic. For example, in a 3-color system, four of each parameter specified: green TCP, yellow TCP, red TCP, and non-TCP, respectively. Format random-detect queue-parms queue-id-1 [queue-id-2 … queue-id-n] minthresh thresh-prec-1 … thresh-prec-n max-thresh thresh-prec-1 … threshprec-n drop-probability prob-prec-1 …...

  • Page 445: Show Classofservice Trust

    ProSafe Managed Switch The following information is repeated for each user priority. Term Definition User Priority The 802.1p user priority value. Traffic Class The traffic class internal queue identifier to which the user priority value is mapped. show classofservice ip-precedence-mapping This command displays the current IP Precedence mapping to internal traffic classes for a specific interface.

  • Page 446: Show Interfaces Cos-Queue

    ProSafe Managed Switch displays the port trust mode of the interface. If you do not specify an interface, the command displays the most recent global configuration settings. Format show classofservice trust [<unit/slot/port>] Mode Privileged EXEC Term Definition Non-IP Traffic The traffic class used for non-IP traffic. This is only displayed when the COS trust mode Class is set to trust IP Precedence or IP DSCP (on platforms that support IP DSCP).

  • Page 447: Differentiated Services (Diffserv) Commands

    ProSafe Managed Switch Differentiated Services (DiffServ) Commands This section describes the commands you use to configure QOS Differentiated Services (DiffServ). You configure DiffServ in several stages by specifying three DiffServ components: Class a. Creating and deleting classes. b. Defining match criteria for a class. Policy a.

  • Page 448: Diffserv Class Commands

    ProSafe Managed Switch diffserv This command sets the DiffServ operational mode to active. While disabled, the DiffServ configuration is retained and can be changed, but it is not activated. When enabled, DiffServ services are activated. Format diffserv Mode Global Config no diffserv This command sets the DiffServ operational mode to inactive.

  • Page 449: Class-Map Rename

    ProSafe Managed Switch Note: The class-map-name default is reserved and must not be used. The class type of match-all indicates all of the individual match conditions must be true for a packet to be considered a member of the class. This command may be used without specifying a class type to enter the Class-Map Config mode for an existing DiffServ class.

  • Page 450: Match Ethertype

    ProSafe Managed Switch match ethertype This command adds to the specified class definition a match condition based on the value of the ethertype. The <ethertype> value is specified as one of the following keywords: appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp or as a custom ethertype value in the range of 0x0600-0xFFFF.

  • Page 451: Match Cos

    ProSafe Managed Switch In some cases, each removal of a refclass rule reduces the maximum number of available rules in the class definition by one. no match class-map This command removes from the specified class definition the set of match conditions defined for another class.

  • Page 452: Match Dstip

    ProSafe Managed Switch match destination-address mac This command adds to the specified class definition a match condition based on the destination MAC address of a packet. The <macaddr> parameter is any layer 2 MAC address formatted as six, two-digit hexadecimal numbers separated by colons (e.g., 00:11:22:dd:ee:ff).

  • Page 453: Match Ip Dscp

    ProSafe Managed Switch To specify the match condition using a numeric notation, one layer 4 port number is required. The port number is an integer from 0 to 65535. Default none Format match dstl4port {<portkey> | <0-65535>} Mode Class-Map Config Ipv6-Class-Map Config match ip dscp This command adds to the specified class definition a match condition based on the value of...

  • Page 454: Match Protocol

    ProSafe Managed Switch Default none Format match ip precedence <0-7> Mode Class-Map Config match ip tos This command adds to the specified class definition a match condition based on the value of the IP TOS field in a packet, which is defined as all eight bits of the Service Type octet in the IP header.

  • Page 455: Match Srcip

    ProSafe Managed Switch Note: This command does not validate the protocol number value against the current list defined by IANA. Default none Format match protocol {<protocol-name> | <0-255>} Mode Class-Map Config Ipv6-Class-Map Config match source-address mac This command adds to the specified class definition a match condition based on the source MAC address of a packet.

  • Page 456: Match Srcl4Port

    ProSafe Managed Switch Format match srcip6 <source-ipv6-prefix/prefix-length> Mode Ipv6-Class-Map Config match srcl4port This command adds to the specified class definition a match condition based on the source layer 4 port of a packet using a single keyword or numeric notation. To specify the match condition as a single keyword notation, the value for <portkey>...

  • Page 457: Diffserv Policy Commands

    ProSafe Managed Switch DiffServ Policy Commands Use the DiffServ policy commands to specify traffic conditioning actions, such as policing and marking, to apply to traffic classes Use the policy commands to associate a traffic class that you define by using the class command set with one or more QoS policy attributes.
  • Page 458 ProSafe Managed Switch mirror This command specifies that all incoming packets for the associated traffic stream are copied to a specific egress interface (physical port or LAG). Format mirror <unit/slot/port> Mode Policy-Class-Map Config Incompatibilities Drop, Redirect redirect This command specifies that all incoming packets for the associated traffic stream are redirected to a specific egress interface (physical port or port-channel).

  • Page 459: Mark Cos

    ProSafe Managed Switch Note: The CLI mode is changed to Policy-Class-Map Config when this command is successfully executed. Format class <classname> Mode Policy-Map Config no class This command deletes the instance of a particular class and its defined treatment from the specified policy.

  • Page 460: Mark Ip-Dscp

    ProSafe Managed Switch Mode Policy-Class-Map Config Incompatibilities Drop, Mark IP DSCP, IP Precedence, Police mark ip-dscp This command marks all packets for the associated traffic stream with the specified IP DSCP value. The <dscpval> value is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef.
  • Page 461 ProSafe Managed Switch For set-dscp-transmit, a <dscpval> value is required and is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef. For set-prec-transmit, an IP Precedence value is required and is specified as an integer from 0-7.

  • Page 462: Diffserv Service Commands

    ProSafe Managed Switch Format policy-map <policyname> [in|out] Mode Global Config no policy-map This command eliminates an existing DiffServ policy. The <policyname> parameter is the name of an existing DiffServ policy. This command may be issued at any time. If the policy is currently referenced by one or more interface service attachments, this delete attempt fails.

  • Page 463: Diffserv Show Commands

    ProSafe Managed Switch Note: This command fails if any attributes within the policy definition exceed the capabilities of the interface. Once a policy is successfully attached to an interface, any attempt to change the policy definition, that would result in a violation of the interface capabilities, causes the policy change attempt to fail.

  • Page 464: Show Diffserv

    ProSafe Managed Switch show class-map This command displays all configuration information for the specified class. The <class-name> is the name of an existing DiffServ class. Format show class-map <class-name> Modes • Privileged EXEC • User EXEC If the class-name is specified the following fields are displayed: Term Definition Class Name...

  • Page 465: Show Policy-Map

    ProSafe Managed Switch Term Definition DiffServ Admin mode The current value of the DiffServ administrative mode. Class Table Size The current number of entries (rows) and the maximum allowed entries (rows) in Current /Max the Class Table. Class Rule Table Size The current number of entries (rows) and the maximum allowed entries (rows) in Current /Max the Class Rule Table.
  • Page 466 ProSafe Managed Switch Term Definition Conform Action The current setting for the action taken on a packet considered to conform to the policing parameters. This is not displayed if policing is not in use for the class under this policy. Conform COS The CoS mark value if the conform action is set-cos-transmit.

  • Page 467: Show Diffserv Service

    ProSafe Managed Switch Term Definition Policy Type The policy type (Only inbound is supported). Class Members List of all class names associated with this policy. show diffserv service This command displays policy service information for the specified interface and direction. The <unit/slot/port>...

  • Page 468: Show Policy-Map Interface

    ProSafe Managed Switch Term Definition OperStatus The current operational status of this DiffServ service interface. Policy Name The name of the policy attached to the interface in the indicated direction. show policy-map interface This command displays policy-oriented statistics information for the specified interface and direction.

  • Page 469: Mac Access Control List (Acl) Commands

    ProSafe Managed Switch The following information is repeated for each interface and direction (only those interfaces configured with an attached policy are shown): Term Definition Interface Valid slot and port number separated by forward slashes. Operational The current operational status of this DiffServ service interface. Status Policy Name The name of the policy attached to the interface.

  • Page 470: Mac Access-List Extended Rename

    ProSafe Managed Switch no mac access-list extended This command deletes a MAC ACL identified by <name> from the system. Format no mac access-list extended <name> Mode Global Config mac access-list extended rename This command changes the name of a MAC Access Control List (ACL). The <name> parameter is the name of an existing MAC ACL.
  • Page 471 ProSafe Managed Switch VLAN, then the ACL rule is applied immediately. If a time range withspecified name exists and the MAC ACL containing this ACL rule is applied to aninterface or bound to a VLAN, then the ACL rule is applied when the time-range withspecified name becomes active. The ACL rule is removed when the time-range withspecified name becomes inactive.

  • Page 472: Mac Access-Group

    ProSafe Managed Switch mac access-group This command either attaches a specific MAC Access Control List (ACL) identified by <name> to an interface, or associates it with a VLAN ID, in a given direction. The <name> parameter must be the name of an existing MAC ACL. An optional sequence number may be specified to indicate the order of this mac access list relative to other mac access lists already assigned to this interface and direction.

  • Page 473: Ip Access Control List (Acl) Commands

    ProSafe Managed Switch show mac access-lists This command displays a MAC access list and all of the rules that are defined for the MAC ACL. Use the [name] parameter to identify a specific MAC ACL to display. Format show mac access-lists [name] Mode Privileged EXEC Term...

  • Page 474: Ip Standard Acl

    ProSafe Managed Switch positions that are not used. In contrast, a wildcard mask has (0’s) in a bit position that must be checked. A ‘1’ in a bit position of the ACL mask indicates the corresponding bit can be ignored. access-list This command creates an IP Access Control List (ACL) that is identified by the access list number, which is 1-99 for standard ACLs or 100-199 for extended ACLs.

  • Page 475: Ip Access-List

    ProSafe Managed Switch Parameter Description [precedence <precedence> | Specifies the TOS for an IP ACL rule depending on a match of tos <tos> <tosmask> | dscp precedence or DSCP values using the parameters dscp, <dscp>] precedence, tos/tosmask. [log] Specifies that this rule is to be logged. rate-limit The user can specify a simple rate limiter for packets matching an ACL “permit”...

  • Page 476: Ip Access-List Rename

    ProSafe Managed Switch no ip access-list This command deletes the IP ACL identified by <name> from the system. Format no ip access-list <name> Mode Global Config ip access-list rename This command changes the name of an IP Access Control List (ACL). The <name> parameter is the names of an existing IP ACL.

  • Page 477: Ip Access-Group

    ProSafe Managed Switch command parameters are all optional, but the most frequently used parameters appear in the same relative order as shown in the command format. The assign-queue parameter allows specification of a particular hardware queue for handling traffic that matches this rule. The allowed <queue-id> value is 0-(n-1), where n is the number of user configurable queues available for the hardware platform.

  • Page 478: Show Ip Access-Lists

    ProSafe Managed Switch Default none Format ip access-group {<accesslistnumber>|<name>} {{control-plane|in|out}|vlan <vlan-id> {in|out}}[sequence <1-4294967295>] Modes • Interface Config • Global Config no ip access-group This command removes a specified IP ACL from an interface. Default none Format no ip access-group <accesslistnumber> {{control-plane|in|out}|vlan <vlan-id>...

  • Page 479: Show Access-Lists

    ProSafe Managed Switch Term Definition Rule Number The number identifier for each rule that is defined for the IP ACL. Action The action associated with each rule. The possible values are Permit or Deny. Match All Indicates whether this access list applies to every packet. Possible values are True or False.

  • Page 480: Ipv6 Access Control List (Acl) Commands

    ProSafe Managed Switch Term Definition ACL Type Type of access list (IP, IPv6, or MAC). ACL ID Access List name for a MAC or IPv6 access list or the numeric identifier for an IP access list. Sequence An optional sequence number may be specified to indicate the order of this access list Number relative to other access lists already assigned to this interface and direction.

  • Page 481: Ipv6 Access-List Rename

    ProSafe Managed Switch no ipv6 access-list This command deletes the IPv6 ACL identified by <name> from the system. Format no ipv6 access-list <name> Mode Global Config ipv6 access-list rename This command changes the name of an IPv6 ACL. The <name> parameter is the name of an existing IPv6 ACL.

  • Page 482: Ipv6 Traffic-Filter

    ProSafe Managed Switch forwarded to the specified <unit/slot/port>. The assign-queue and redirect parameters are only valid for a permit rule. The time-range parameter allows imposing time limitation on the IPv6 ACL rule as defined by the parameter <time-range-name>. If a time range with the specified name does not exist and the IPv6 ACL containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule is applied immediately.

  • Page 483: Show Ipv6 Access-Lists

    ProSafe Managed Switch no ipv6 traffic-filter This command removes an IPv6 ACL identified by <name> from the interface(s) in a given direction. Format no ipv6 traffic-filter <name> {{control-plane|in|out}|vlan <vlan-id> {in|out}} Modes • Global Config • Interface Config show ipv6 access-lists This command displays an IPv6 access list and all of the rules that are defined for the IPv6 ACL.

  • Page 484: Time Range Commands For Time-Based Acls

    ProSafe Managed Switch Time Range Commands for Time-Based ACLs Time-based ACLs allow one or more rules within an ACL to be based on time. Each ACL rule within an ACL, except for the implicit rule, can be configured to be active and deny all operational only during a specific time period.
  • Page 485 ProSafe Managed Switch range is no longer in effect. The end time and date must be after the start time and date. If no end time and date are specified, the configuration statement is in effect indefinitely. Format absolute {[start time date] [end time date]} Mode Time-Range Config no absolute...

  • Page 486: Autovoip

    ProSafe Managed Switch periodic {start|end} time Use this command to configure the start/end time for the time-range. Format periodic {start|end} time Mode Time-Range Config show time-range Use this command to display a time range and all the absolute/periodic time entries that are defined for the time range.

  • Page 487: Auto-Voip {Protocol-Based | Oui-Based

    ProSafe Managed Switch Note: If voice VLAN and Auto-VoIP are enabled at the same time, then one of them is operational. If the connected phone is LLDP-MED capable, then voice VLAN has precedence over the Auto VoIP and Auto VoIP is operational if the phone does not support LLDP-MED. auto-voip {protocol-based | oui-based} This command is used to configure auto VoIP mode.

  • Page 488: Auto-Voip Vlan

    ProSafe Managed Switch auto-voip vlan This command is used to configure the global Auto VoIP VLAN id. The VLAN behavior is depend on the configured auto VoIP mode. Format auto-voip vlan <vlanid> Mode Global Config Default None no auto-voip vlan This command is used to set the auto-voip VLAN to the default 2.

  • Page 489: Show Auto-Voip Interface

    ProSafe Managed Switch Note: The administrator has to enable tagging on auto-VoIP-enabled ports to remark the voice data when it is egressed. Format auto-voip protocol-based {remark <remark-priority> | traffic-class <tc>} Mode • Global Config • Interface Config Default Traffic-class 7 no auto-voip protocol-based {remark | traffic-class} This command is used to set the traffic-class to the default value.

  • Page 490: Iscsi Commands

    ProSafe Managed Switch show auto-voip oui-table This command lists all of the configured OUIs. Format show auto-voip oui-table Mode • Privileged EXEC • User EXEC Term Definition OUI of the source MAC address Status Default or Configured entry. OUI Description Description of the OUI Example: show auto-voip oui-table Status...

  • Page 491: Iscsi Enable

    ProSafe Managed Switch iscsi enable The iscsi enable Global Configuration mode command globally enables iSCSI awareness. Format iscsi enable Mode Global Config Default Disabled no iscsi enable This command is to disable iSCSI awareness use the no form of this command. When User uses this command, iSCSI resources will be released.

  • Page 492: Iscsi Cos

    ProSafe Managed Switch with the iSCSI session information acquired by snooping. Maximum of 16 TCP ports can be configured either bound to IP or not. Format iscsi target port tcp-port-1 [tcp-port-2.… tcp-port-8] [address ip-address] [name targetname] Mode Global Config Default 3260 and 860, but they can be removed as any other configured target Term Definition...

  • Page 493: Iscsi Aging Time

    ProSafe Managed Switch setting for egress queues scheduling is Weighted Round Robin (WRR). The user may complete the QoS setting by configuring the relevant ports to work in other scheduling and queue management modes via the Class of Service settings. Depending on the platform, these choices may include strict priority for the queue used for iSCSI traffic.

  • Page 494: Show Iscsi

    ProSafe Managed Switch Term Definition time The number in minutes a session is not active prior to it's removal. (Range: 1-43,200) no iscsi aging time This command is to reset the aging time to the default. Format no iscsi aging time Mode Global Config show iscsi...
  • Page 495 ProSafe Managed Switch Term Definition detailed Displayed list is detailed when this option is used. Example: The following example displays the iSCSI sessions. Console # show iscsi sessions Target: iqn.1993-11.com.disk-vendor:diskarrays.sn.45678 ----------------------------------------------------------- Initiator: iqn.1992-04.com.os-vendor.plan9:cdrom.12 ISID: 11 Initiator: iqn.1995-05.com.os-vendor.plan9:cdrom.10 ISID: 222 ----------------------------------------------------------- Target: iqn.103-1.com.storage-vendor:sn.43338.

  • Page 496: Chapter 9 Power Over Ethernet (Poe) Commands

    Power over Ethernet (PoE) Commands This chapter contains the following sections: • About PoE • PoE Commands About PoE Power over Ethernet describes a technology to pass electrical power safely along with data on existing Ethernet cabling. The PSE or power supply equipment is the device or switch that delivers electrical power, and the PD or powered device is the end device that powers up through the power delivered along the Ethernet cable.

  • Page 497: Poe Commands

    ProSafe Managed Switch PoE Commands Use this command to enable the Power over Ethernet (PoE) functionality on a global basis or per interface. Format Mode Global Config Interface Config Default enabled no poe Use this command to disable the Power over Ethernet (PoE) functionality on a global basis or per interface.

  • Page 498: Poe Power Limit

    ProSafe Managed Switch no poe detection Use this command to set the detection mode to the default on a global basis or per interface. Format no poe detection Mode Global Config Interface Config poe high-power Use this command to switch a port from 802.3af mode to high-power mode. This mode is used to power up devices that require more power than the current IEEE 802.3af power (more than 12.95 watts at the PD).

  • Page 499: Poe Power Management

    ProSafe Managed Switch • user-defined—Allows you to define the maximum power to the port. This can be a value between 3 and 32 watts. Format poe power limit { class-based | none | user-defined [<3000 - 32000>] } Mode Global Config Interface Config Default User-defined, with a maximum of 30 watts...

  • Page 500: Poe Priority

    ProSafe Managed Switch Dynamic Power Management Available power = 300 watts - 3 watts = 297 watts Format poe power management {<unit>|all} {dynamic | static} Mode Global Config Default dynamic no poe power management Use this command to set the power management mode to the default. Format no poe power management {<unit>|all} Mode...

  • Page 501: Poe Timer Schedule Name

    ProSafe Managed Switch used to reset the PoE port. The command can also reset the power-delivering ports. Note that this command takes effect only once after it is executed and cannot be saved across power cycles. Format poe reset Mode Global Config Interface Config poe timer schedule name...

  • Page 502: Poe Usagethreshold

    ProSafe Managed Switch no poe timer schedule name Use this command to detach the schedule from the port. Format no poe timer schedule Mode Interface Config poe usagethreshold Use this command to set a threshold (as a percentage) for the total amount of power that can be delivered by the switch.

  • Page 503: Show Poe

    ProSafe Managed Switch no poe traps Use this command to disable logging the PoE traps. Format no poe traps Mode Global Config show poe Use this command to get global information regarding the PoE status. Format show poe Mode Privileged EXEC User EXEC Term Definition...

  • Page 504: Show Poe Port Configuration

    ProSafe Managed Switch Example: (switch) #show poe Firmware Version....... 1.0.0.2 PSE Main Operational Status....ON Total Power (Main AC)......380 Total Power (RPS)......300 Total Power (PD) ......25 Power Source........Main AC Threshold Power........ 342 Total Power Consumed......7 Usage Threshold........

  • Page 505: Show Poe Port Info

    ProSafe Managed Switch show poe port info Use this command to get information about the status of the PoE ports. You can display information based on each individual port or all the ports collectively. The command displays only PSE-capable ports. Format show poe port info [<port>...

  • Page 506: Show Poe Pd

    ProSafe Managed Switch Intf Power Power Class Power Current Voltage Status Fault (mA) (volt) Status ------ ------- ----- ------- ------ ------- ------- ------------------ --------------- 1/0/33 18.0 04.400 53.3 Delivering Power No Error show poe pd Use this command to get information about the PD ports. You can display information based on each individual port or all the PD ports collectively.

  • Page 507: Chapter 10 Utility Commands

    Utility Commands This chapter describes the utility commands available in the CLI. This chapter contains the following sections: • Auto Install Commands • Dual Image Commands • System Information and Statistics Commands • Logging Commands • Email Alerting and Mail Server Commands •...

  • Page 508: Auto Install Commands

    ProSafe Managed Switch Auto Install Commands This section describes the Auto Install Commands. Auto Install is a software feature which provides for the configuration of a switch automatically when the device is initialized and no configuration file is found on the switch. The Auto Install process requires DHCP to be enabled by default in order for it to be completed.

  • Page 509: Boot Host Auto-Save

    ProSafe Managed Switch boot host auto-save This command is used to enable automatically saving the downloaded configuration on the switch. Default Disabled Format boot host auto-save Mode Privileged EXEC no boot host auto-save This command is used to disable automatically saving the downloaded configuration on the switch.

  • Page 510: Dual Image Commands

    ProSafe Managed Switch no boot host retry-count This command is used to reset the number to the default. The default number is 3. Format no boot host retry-count Mode Privileged EXEC boot host dhcp This command is used to enable AutoInstall on the switch for the next reboot cycle. The command does not change the current behavior of AutroInstall and saves the command to NVRAM.

  • Page 511: Boot System

    ProSafe Managed Switch delete This command deletes the supplied image file from the permanent storage. The image to be deleted must be a backup image. If this image is the active image, or if this image is activated, an error message displays. The optional <unit> parameter is valid only on Stacks.

  • Page 512: System Information And Statistics Commands

    ProSafe Managed Switch update bootcode This command updates the bootcode (boot loader) on the switch. The bootcode is read from the active-image for subsequent reboots. The optional <unit> parameter is valid only on Stacks. Error will be returned, if this parameter is provided, on Standalone systems. For Stacking, the <unit>...

  • Page 513: Show Hardware

    ProSafe Managed Switch Term Definition File The file in which the event originated. Line The line number of the event. Task Id The task ID of the event. Code The event code. Time The time this event occurred. Unit The unit for the event. Note: Event log information is retained across a switch reset.

  • Page 514: Show Interface

    ProSafe Managed Switch Term Definition Switch Text used to identify the product name of this switch. Description Machine Type The machine model as defined by the Vital Product Data. Machine Model The machine model as defined by the Vital Product Data Serial Number The unique box serial number for this switch.

  • Page 515: Show Interface Counters

    ProSafe Managed Switch The display parameters, when the argument is “switchport” are as follows: Term Definition Packets The total number of packets (including broadcast packets and multicast packets) Received received by the processor. Without Error Broadcast The total number of packets received that were directed to the broadcast address. Note Packets that this does not include multicast packets.

  • Page 516: Show Interface Ethernet

    ProSafe Managed Switch show interface ethernet This command displays detailed statistics for a specific interface or for all CPU traffic based upon the argument. Format show interface ethernet {unit/slot/port | switchport} Mode Privileged EXEC When you specify a value for unit/slot/port, the command displays the following information.
  • Page 517 ProSafe Managed Switch Term Definition (cont) • Packets RX and TX 65–127 Octets - The total number of packets (including bad packets) received and transmitted that were between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets). •...
  • Page 518 ProSafe Managed Switch Term Definition Packets Received • Total Packets Received with MAC Errors - The total number of inbound packets that with MAC Errors contained errors preventing them from being deliverable to a higher-layer protocol. • Jabbers Received - The total number of packets received that were longer than 1518 octets (excluding framing bits, but including FCS octets), and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).
  • Page 519 ProSafe Managed Switch Term Definition Packets • Total Packets Transmitted (Octets) - The total number of octets of data (including those in Transmitted bad packets) received on the network (excluding framing bits but including FCS octets). Octets This object can be used as a reasonable estimate of Ethernet utilization. If greater precision is desired, the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval.
  • Page 520 ProSafe Managed Switch Term Definition Transmit Discards • Total Transmit Packets Discards - The sum of single collision frames discarded, multiple collision frames discarded, and excessive frames discarded. • Single Collision Frames - A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision.
  • Page 521 ProSafe Managed Switch Term Definition Unicast Packets The number of subnetwork-unicast packets delivered to a higher-layer protocol. Received Multicast Packets The total number of packets received that were directed to a multicast address. Note that this Received number does not include packets directed to the broadcast address. Broadcast The total number of packets received that were directed to the broadcast address.

  • Page 522: Show Mac-Addr-Table

    ProSafe Managed Switch show mac-addr-table This command displays the forwarding database entries. These entries are used by the transparent bridging function to determine how to forward a received frame. Enter all or no parameter to display the entire table. Enter a MAC Address and VLAN ID to display the table entry for the requested MAC address on the specified VLAN.

  • Page 523: Process Cpu Threshold

    ProSafe Managed Switch The following information displays if you enter the count parameter: Term Definition Dynamic Number of MAC addresses in the forwarding database that were automatically learned. Address count Static Address Number of MAC addresses in the forwarding database that were manually entered by a (User-defined) user.

  • Page 524: Show Mbuf Total

    ProSafe Managed Switch Note: It is not necessarily the traffic to the CPU, but different tasks that keep the CPU busy. Format show process cpu Mode Privileged EXEC The following shows example CLI display output. (Switch) #show process cpu Memory Utilization Report status bytes ------ ----------...

  • Page 525: Show Running-Config

    ProSafe Managed Switch Total Rx Mid1 Alloc Failures Total Rx High Alloc Failures Total Tx Alloc Failures show running-config Use this command to display or capture the current setting of different protocol packages supported on the switch. This command displays or captures commands with settings and configurations that differ from the default value.

  • Page 526: Show Sysinfo

    ProSafe Managed Switch If some, but not all, of the flags in that group are enabled, the command displays trapflags <groupname> <flag-name>. Format show running-config [all | <scriptname>] Mode Privileged EXEC show running-config interface This command shows the current configuration on a particular interface. The interface could be a physical port or a virtual port—like a LAG or VLAN.

  • Page 527: Terminal Length

    ProSafe Managed Switch • show port all • show isdp neighbors • show logging • show event log • show logging buffered • show trap log Format show tech-support Mode Privileged EXEC show tech-support techsupport This command without the techsupport parameter displays system and configuration information on the console.

  • Page 528: Logging Commands

    ProSafe Managed Switch of <5-48> lines. The command terminal length 0 disables pagination and, as a result, the output of the show running-config command is displayed immediately. Default 24 lines per page Format terminal length <0|5-48> Mode Privileged EXEC no terminal length Use this command to set the terminal length to the default value.

  • Page 529: Logging Buffered

    ProSafe Managed Switch logging buffered This command enables logging to an in-memory log that keeps up to 128 logs. Default disabled; critical when enabled Format logging buffered Mode Global Config no logging buffered This command disables logging to in-memory log. Format no logging buffered Mode...

  • Page 530: Logging Console

    ProSafe Managed Switch no logging cli-command This command disables the CLI command Logging feature. Format no logging cli-command Mode Global Config logging console This command enables logging to the console. You can specify the <severitylevel> value as either an integer from 0 to 7 or symbolically through one of the following keywords: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), info (6), or debug (7).

  • Page 531: Logging Host Remove

    ProSafe Managed Switch logging host remove This command disables logging to host. See show logging hosts on page 532 for a list of host indexes. Format logging host remove <hostindex> Mode Global Config logging syslog This command enables syslog logging. The <portid> parameter is an integer with a range of 1-65535.

  • Page 532: Show Logging Buffered

    ProSafe Managed Switch Term Definition Console The minimum severity to log to the console log. Messages with an equal or lower Logging numerical severity are logged. Severity Filter Buffered Shows whether buffered logging is enabled. Logging Syslog Logging Shows whether syslog logging is enabled. Log Messages Number of messages received by the log process.

  • Page 533: Show Logging Traplogs

    ProSafe Managed Switch Term Definition Severity Level The minimum severity to log to the specified address. The possible values are emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), info (6), or debug (7). Port The server port number, which is the port on the local host from which syslog messages are sent.

  • Page 534: Email Alerting And Mail Server Commands

    ProSafe Managed Switch no logging persistent Use this command to disable the persistent logging in the switch. Format no logging persistent Mode Global Config Email Alerting and Mail Server Commands logging email This command enables email alerting and sets the lowest severity level for which log messages are emailed.

  • Page 535: Logging Email Message-Type To-Addr

    <to-email-addr> Mode Global Config logging email from-addr This command configures the email address of the sender (the switch). Default switch@netgear.com Format logging email from-addr <from-email-addr> Mode Global Config no logging email from-addr This command removes the configured email source address.

  • Page 536: Logging Email Logtime

    ProSafe Managed Switch logging email message-type subject This command configures the subject line of the email for the specified type. Default For urgent messages: Urgent Log Messages For non-urgent messages: Non Urgent Log Messages Format logging email message-type {urgent |non-urgent |both} subject <subject>...

  • Page 537: Logging Email Test Message-Type

    ProSafe Managed Switch no logging traps This command resets the SNMP trap logging severity level to the default value. Format no logging traps Mode Global Config logging email test message-type This command sends an email to the SMTP server to test the email alerting function. Format logging email test message-type {urgent |non-urgent |both} message-body <message-body>...

  • Page 538: Show Logging Email Statistics

    ProSafe Managed Switch show logging email statistics This command displays email alerting statistics. Format show logging email statistics Mode Privileged EXEC Term Definition Email Alert Operation The operational status of the email alerting feature. Status No of Email Failures The number of email messages that have attempted to be sent but were unsuccessful.

  • Page 539: Show Mail-Server Config

    ProSafe Managed Switch security Use this command to set the email alerting security protocol by enabling the switch to use TLS authentication with the SMTP Server. If the TLS mode is enabled on the switch but the SMTP sever does not support TLS mode, no email is sent to the SMTP server. Default none Format...

  • Page 540: System Utility And Clear Commands

    ProSafe Managed Switch Term Definition No of mail The number of SMTP servers configured on the switch. servers configured Email Alert Mail The IPv4/IPv6 address or DNS hostname of the configured SMTP server. Server Address Email Alert Mail The TCP port the switch uses to send email to the SMTP server. Server Port Email Alert The security protocol (TLS or none) the switch uses to authenticate with the SMTP...
  • Page 541 ProSafe Managed Switch Using the options described below, you can specify the initial and maximum time-to-live (TTL) in probe packets, the maximum number of failures before termination, the number of probes sent for each TTL, and the size of each probe. Parameter Description ipaddr|hostname...

  • Page 542: Traceroute Ipv6

    ProSafe Managed Switch Hop Count = 6 Last TTL = 7 Test attempt = 19 Test Success = 18 traceroute ipv6 Use the traceroute command to discover the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis. The <ipv6-address|hostname>...

  • Page 543: Clear Counters

    ProSafe Managed Switch clear counters This command clears the statistics for a specified <unit/slot/port>, for all the ports, or for the entire switch based upon the argument. Format clear counters {<unit/slot/port> | all} Mode Privileged EXEC clear igmpsnooping This command clears the tables managed by the IGMP Snooping function and attempts to delete these entries from the Multicast Forwarding Database.

  • Page 544: Enable Password

    ProSafe Managed Switch enable password This command prompts you to change the Privileged EXEC password. Passwords are a maximum of 64 alphanumeric characters. The password is case sensitive. The option [encrypted] allows the administrator to transfer the enable password between devices without having to know the password.

  • Page 545: Ping Ipv6

    ProSafe Managed Switch Using the options described below, you can specify the number and size of Echo Requests and the interval between Echo Requests. Parameter Description count Use the count parameter to specify the number of ping packets (ICMP Echo requests) that are sent to the destination address specified by the <ip-address>...

  • Page 546: Ping Ipv6 Interface

    ProSafe Managed Switch command, configure the switch for network (in-band) connection. The source and target devices must have the ping utility enabled and running on top of TCP/IP. The switch can be pinged from any IP workstation with which the switch is connected through the default VLAN (VLAN 1), as long as there is a physical path between the switch and the workstation.
  • Page 547 ProSafe Managed Switch quit This command closes the current telnet connection or resets the current serial connection. The system asks you whether to save configuration changes before quitting. Format quit Modes • Privileged EXEC • User EXEC reload This command resets the switch without powering it off. Reset means that all network connections are terminated and the boot code executes.
  • Page 548 ProSafe Managed Switch Note: <ip6address> is also a valid parameter for routing packages that support IPv6. For switches that support a USB device, the copy command can be used to transfer files from and to the USB device. The syntax for the USB file is: .
  • Page 549 When you use this option, the copy command will not <destfilename> noval validate the downloaded script file. An example of the CLI command follows: (NETGEAR Switch) #copy tftp://1.1.1.1/file.scr nvram:script file.scr <url> nvram:sshkey-dsa Downloads an SSH key file. For more information, see Secure Shell (SSH) Commands on page 626.

  • Page 550: Simple Network Time Protocol (Sntp) Commands

    ProSafe Managed Switch write memory Use this command to save running configuration changes to NVRAM so that the changes you make will persist across a reboot. This command is the same as copy system:running config nvram:startup-config. Format write memory Mode Privileged EXEC Simple Network Time Protocol (SNTP) Commands This section describes the commands you use to automatically configure the system time...

  • Page 551: Sntp Client Port

    ProSafe Managed Switch no sntp client mode This command disables Simple Network Time Protocol (SNTP) client mode. Format no sntp client mode Mode Global Config sntp client port This command sets the SNTP client port id to a value from 1-65535. Default Format sntp client port <portid>...

  • Page 552: Sntp Server

    ProSafe Managed Switch Format sntp unicast client poll-timeout <poll-timeout> Mode Global Config no sntp unicast client poll-timeout This command will reset the poll timeout for SNTP unicast clients to its default value. Format no sntp unicast client poll-timeout Mode Global Config sntp unicast client poll-retry This command will set the poll retry for SNTP unicast clients to a value from 0 to 10.

  • Page 553: Clock Set

    ProSafe Managed Switch Mean Time (GMT). This may not be the time zone in which the switch is located. Use the clock timezone command to configure a time zone specifying the number of hours and optionally the number of minutes difference from UTC. To set the switch clock to UTC, use the no form of the command.

  • Page 554: Clock Summer-Time Date

    ProSafe Managed Switch • hh:mm—Time in 24-hour format in hours and minutes. (Range: hh:0-23, mm: 0-59) • offset—Number of minutes to add during the summertime. (Range:1-1440) • acronym—The acronym for the time zone to be displayed when summertime is in effect. (Range: Up to four characters) Format clock summer-time recurring {USA | EU | {week day month hh:mm week...

  • Page 555: Show Sntp

    ProSafe Managed Switch no clock summer-time Use the no clock summer-time command to reset the summertime offset. Format no clock summer-time Mode Global Config For example: console(config)#no clock summer-time show sntp This command is used to display SNTP settings and status. Format show sntp Mode...

  • Page 556: Show Sntp Server

    ProSafe Managed Switch show sntp server This command is used to display SNTP server settings and configured servers. Format show sntp server Mode Privileged EXEC Term Definition Server Host IP address or hostname of configured SNTP Server. Address Server Type Address Type of Server.

  • Page 557: Dhcp Server Commands

    ProSafe Managed Switch show clock Use the show clock command in Privileged EXEC or User EXEC mode to display the time and date from the system clock. Use the show clock detail command to show the time zone and summertime configuration. Format show clock [detail] Mode...
  • Page 558 ProSafe Managed Switch client-identifier This command specifies the unique identifier for a DHCP client. Unique-identifier is a valid notation in hexadecimal format. In some systems, such as Microsoft DHCP clients, the client identifier is required instead of hardware addresses. The unique-identifier is a concatenation of the media type and the MAC address.
  • Page 559 ProSafe Managed Switch Format default-router <address1> [<address2>..<address8>] Mode DHCP Pool Config no default-router This command removes the default router list. Format no default-router Mode DHCP Pool Config dns-server This command specifies the IP servers available to a DHCP client. Address parameters are valid IP addresses;...

  • Page 560: Network (Dhcp Pool Config)

    ProSafe Managed Switch host This command specifies the IP address and network mask for a manual binding to a DHCP client. Address and Mask are valid IP addresses; each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. The prefix-length is an integer from 0 to 32. Default none Format...
  • Page 561 ProSafe Managed Switch Format network <networknumber> [{<mask> | <prefixlength>}] Mode DHCP Pool Config no network This command removes the subnet number and mask. Format no network Mode DHCP Pool Config bootfile The command specifies the name of the default boot image for a DHCP client. The <filename>...
  • Page 562 ProSafe Managed Switch One IP address is required, although one can specify up to eight addresses in one command line. Servers are listed in order of preference (address1 is the most preferred server, address2 is the next most preferred server, and so on). Default none Format...

  • Page 563: Ip Dhcp Excluded-Address

    ProSafe Managed Switch Format next-server <address> Mode DHCP Pool Config no next-server This command removes the boot server list. Format no next-server Mode DHCP Pool Config option The option command configures DHCP Server options. The <code> parameter specifies the DHCP option code and ranges from 1-254. The <ascii string> parameter specifies an NVT ASCII character string.

  • Page 564: Ip Dhcp Ping Packets

    ProSafe Managed Switch no ip dhcp excluded-address This command removes the excluded IP addresses for a DHCP client. Low-address and high-address are valid IP addresses; each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. Format no ip dhcp excluded-address <lowaddress>...

  • Page 565: Ip Dhcp Bootp Automatic

    ProSafe Managed Switch ip dhcp bootp automatic This command enables the allocation of the addresses to the bootp client. The addresses are from the automatic address pool. Default disabled Format ip dhcp bootp automatic Mode Global Config no ip dhcp bootp automatic This command disables the allocation of the addresses to the bootp client.

  • Page 566: Clear Ip Dhcp Server Statistics

    ProSafe Managed Switch clear ip dhcp server statistics This command clears DHCP server statistics counters. Format clear ip dhcp server statistics Mode Privileged EXEC clear ip dhcp conflict The command is used to clear an address conflict from the DHCP Server database. The server detects conflicts using a ping.

  • Page 567: Show Ip Dhcp Pool Configuration

    ProSafe Managed Switch Term Definition Service DHCP The field to display the status of dhcp protocol. Number of Ping The maximum number of Ping Packets that will be sent to verify that an ip address id not Packets already assigned. Conflict Shows whether conflict logging is enabled or disabled.

  • Page 568: Show Ip Dhcp Server Statistics

    ProSafe Managed Switch show ip dhcp server statistics This command displays DHCP server statistics. Format show ip dhcp server statistics Modes • Privileged EXEC • User EXEC Field Definition Automatic The number of IP addresses that have been automatically mapped to the MAC Bindings addresses of hosts that are found in the DHCP database.

  • Page 569: Dns Client Commands

    ProSafe Managed Switch Term Definition IP address The IP address of the host as recorded on the DHCP server. Reporting Host The hardware address of the host that reported the conflict. Hardware Address Detection The manner in which the IP address of the hosts were found on the DHCP Server. Method Detection time The time when the conflict was found.

  • Page 570: Ip Name Server

    ProSafe Managed Switch no ip domain name Use this command to remove the default domain name configured using the ip domain name command. Format no ip domain name Mode Global Config ip domain list Use this command to define a list of default domain names to complete unqualified names. By default, the list is empty.

  • Page 571: Ipv6 Host

    ProSafe Managed Switch ip host Use this command to define static host name-to-address mapping in the host cache. <name> is host name. <ip address> is the IP address of the host. Default none Format ip host <name> <ipaddress> Mode Global Config no ip host Use this command to remove the name-to-address mapping.

  • Page 572: Ip Domain Timeout

    ProSafe Managed Switch no ip domain retry Use this command to return to the default. Format no ip domain retry <number> Mode Global Config ip domain timeout Use this command to specify the amount of time to wait for a response to a DNS query. The parameter <seconds>...

  • Page 573: Packet Capture Commands

    ProSafe Managed Switch show hosts Use this command to display the default domain name, a list of name server hosts, the static and the cached list of host names and addresses <name> ranges from 1-255 characters. This command displays both IPv4 and IPv6 entries. Format show hosts [name] Mode...

  • Page 574: Capture {Start|Stop

    ProSafe Managed Switch internally allocated buffer area for export to a PC host for protocol analysis. Public domain packet analysis tools like Ethereal can be used to decode and review the packets in detail. Capturing can be performed in a variety of modes, either transmit-side only, receive-side only, or both.

  • Page 575: Capture Remote Port

    ProSafe Managed Switch Parameter Description file In capture file mode, the captured packets are stored in a file on NVRAM. The maximum file size defaults to 524288 bytes. The switch can transfer the file to a TFTP server via TFTP, SFTP, SCP via CLI, Web and SNMP.

  • Page 576: Serviceability Packet Tracing Commands

    ProSafe Managed Switch capture file size Use this command to configure file capture options. The command is persistent across a reboot cycle. The range is from 2 to 512 Kbytes. Default 512Kbytes Format capture file size <file-size> Mode Global Config no capture file size Use this command to reset the file size to the default (512Kbytes).

  • Page 577: Debug Arp

    ProSafe Managed Switch debug arp Use this command to enable ARP debug protocol messages. Default disabled Format debug arp Mode Privileged EXEC no debug arp Use this command to disable ARP debug protocol messages. Format no debug arp Mode Privileged EXEC debug auto-voip Use this command to enable Auto VOIP debug messages.

  • Page 578: Debug Dhcp Packet

    ProSafe Managed Switch has been enabled. The configuration of this command remains in effect for the life of the login session. The effect of this command is not persistent across resets. Default disabled Format debug console Mode Privileged EXEC no debug console This command disables the display of “debug”...

  • Page 579: Debug Igmpsnooping Packet

    ProSafe Managed Switch no debug dot1x packet Use this command to disable dot1x packet debug trace. Format no debug dot1x Mode Privileged EXEC debug igmpsnooping packet This command enables tracing of IGMP Snooping packets received and transmitted by the switch. Default disabled Format...

  • Page 580: Debug Igmpsnooping Packet Receive

    ProSafe Managed Switch Parameter Definition Src_Mac Source MAC address of the packet. Dest_Mac Destination multicast MAC address of the packet. Src_IP The source IP address in the IP header in the packet. Dest_IP The destination multicast IP address in the packet. Type The type of IGMP packet.

  • Page 581: Debug Ip Acl

    ProSafe Managed Switch Parameter Definition Src_Mac Source MAC address of the packet. Dest_Mac Destination multicast MAC address of the packet. Src_IP The source IP address in the ip header in the packet. Dest_IP The destination multicast ip address in the packet. Type The type of IGMP packet.

  • Page 582: Debug Ip Igmp Packet

    ProSafe Managed Switch information such as source address, destination address, control packet type, packet length, and the interface on which the packet is received or transmitted is displayed on the console. Default disabled Format debug ip dvmrp packet [receive|transmit] Mode Privileged EXEC no debug ip dvmrp packet Use this command to disable debug tracing of DVMRP packet reception and transmission.

  • Page 583: Debug Ip Pimdm Packet

    ProSafe Managed Switch no debug ip mcache packet Use this command to disable debug tracing of MDATA packet reception and transmission. Format no debug ip mcache packet [receive|transmit] Mode Privileged EXEC debug ip pimdm packet Use this command to trace PIMDM packet reception and transmission. receive traces only received PIMDM packets and transmit traces only transmitted PIMDM packets.

  • Page 584: Debug Ip Vrrp

    ProSafe Managed Switch debug ip vrrp Use this command to enable VRRP debug protocol messages. Default disabled Format debug ip vrrp Mode Privileged EXEC no debug ip vrrp Use this command to disable VRRP debug protocol messages. Format no debug ip vrrp Mode Privileged EXEC debug ipv6 dhcp...

  • Page 585: Debug Ipv6 Mld Packet

    ProSafe Managed Switch no debug ipv6 mcache packet Use this command to disable debug tracing of MDATAv6 packet reception and transmission. Format no debug ipv6 mcache packet [receive|transmit] Mode Privileged EXEC debug ipv6 mld packet Use this command to trace MLDv6 packet reception and transmission. receive traces only received MLDv6 packets and transmit traces only transmitted MLDv6 packets.

  • Page 586: Debug Lacp Packet

    ProSafe Managed Switch neither keyword is used in the command, then all PIMSMv6 packet traces are dumped. Vital information such as source address, destination address, control packet type, packet length, and the interface on which the packet is received or transmitted is displayed on the console. Default disabled Format...

  • Page 587: Debug Ospf Packet

    ProSafe Managed Switch packet type, packet length, and the interface on which the packet is received or transmitted is displayed on the console. Default disabled Format debug mldsnooping packet [receive|transmit] Mode Privileged EXEC no debug mldsnooping packet Use this command to disable debug tracing of MLD snooping packet reception and transmission.
  • Page 588 ProSafe Managed Switch The following parameters are displayed in the trace message: Parameter Definition TX/RX TX refers to a packet transmitted by the device. RX refers to packets received by the device. Intf The interface that the packet came in or went out on. Format used is unit/slot/port (internal interface number).

  • Page 589: Debug Ping Packet

    ProSafe Managed Switch LS_REQ packet field definitions. Field Definition Length Length of packet LS_UPD packet field definitions. Field Definition Length Length of packet LS_ACK packet field definitions. Field Definition Length Length of packet no debug ospf packet This command disables tracing of OSPF packets. Format no debug ospf packet Mode...

  • Page 590: Debug Rip Packet

    ProSafe Managed Switch Format debug ping packet Mode Privileged EXEC A sample output of the trace message is shown below. <15> JAN 01 00:21:22 192.168.17.29-1 SIM[181040176]: sim_debug.c(128) 20 % Pkt TX - Intf: 1/0/1(1), SRC_IP:10.50.50.2, DEST_IP:10.50.50.1, Type:ECHO_REQUEST <15> JAN 01 00:21:22 192.168.17.29-1 SIM[182813968]: sim_debug.c(82) 21 % Pkt RX - Intf: 1/0/1(1), S RC_IP:10.50.50.1, DEST_IP:10.50.50.2, Type:ECHO_REPLY The following parameters are displayed in the trace message:...

  • Page 591: Debug Sflow Packet

    ProSafe Managed Switch Rip_Version: RIPv2 Packet_Type:RIP_RESPONSE ROUTE 1): Network: 10.1.1.0 Mask: 255.255.255.0 Metric: 1 ROUTE 2): Network: 40.1.0.0 Mask: 255.255.0.0 Metric: 1 ROUTE 3): Network: 10.50.50.0 Mask: 255.255.255.0 Metric: 1 ROUTE 4): Network: 41.1.0.0 Mask: 255.255.0.0 Metric: 1 ROUTE 5): Network:42.0.0.0 Mask:255.0.0.0 Metric:1 Another 6 routes present in packet not displayed.

  • Page 592: Debug Spanning-Tree Bpdu

    ProSafe Managed Switch no debug sflow packet Use this command to disable sFlow debug packet trace. Format no debug sflow packet Mode Privileged EXEC debug spanning-tree bpdu This command enables tracing of spanning tree BPDUs received and transmitted by the switch.

  • Page 593: Debug Spanning-Tree Bpdu Transmit

    ProSafe Managed Switch Parameter Definition Source_Mac Source MAC address of the packet. Version Spanning tree protocol version (0-3). 0 refers to STP, 2 RSTP and 3 MSTP. Root_Mac MAC address of the CIST root bridge. Root_Priority Priority of the CIST root bridge. The value is between 0 and 61440. It is displayed in hex in multiples of 4096.

  • Page 594: Debug Aaa Accounting

    ProSafe Managed Switch Parameter Definition Root_Priority Priority of the CIST root bridge. The value is between 0 and 61440. It is displayed in hex in multiples of 4096. Path_Cost External root path cost component of the BPDU. no debug spanning-tree bpdu transmit This command disables tracing of transmitted spanning tree BPDUs.

  • Page 595: Cable Test Command

    ProSafe Managed Switch Cable Test Command The cable test feature enables you to determine the cable connection status on a selected port. Note: The cable test feature is supported only for copper cable. It is not supported for optical fiber cable. If the port has an active link while the cable test is run, the link can go down for the duration of the test.

  • Page 596: Sflow Receiver

    ProSafe Managed Switch sflow receiver Use this command to configure the sFlow collector parameters (owner string, receiver timeout, max datagram size, IP address, and port). Format sflow receiver <rcvr_idx> owner <owner-string> [timeout <rcvr_timeout> | notimeout] max datagram <size> ip/ipv6 <ip> port <port>...

  • Page 597: Sflow Sampler

    ProSafe Managed Switch sflow sampler A data source configured to collect flow samples is called a poller. Use this command to configure a new sFlow sampler instance for this data source if <rcvr_idx> is valid. Format sflow sampler {<rcvr-indx> | rate <sampling-rate> | maxheadersize <size>} Mode Interface Config...

  • Page 598: Show Sflow Agent

    Uniquely identifies the version and implementation of this MIB. The version string must have the following structure: MIB Version; Organization; Software Revision where: • MIB Version: ‘1.3’, the version of this MIB. • Organization: Netgear. • Revision: 1.0 IP Address The IP address associated with this agent.

  • Page 599: Show Sflow Pollers

    ProSafe Managed Switch show sflow pollers Use this command to display the sFlow polling instances created on the switch. Use “-” for range. Format show sflow pollers Mode Privileged EXEC Field Description Poller Data The sFlowDataSource (slot/port) for this sFlow sampler. This agent will support Physical Source ports only.

  • Page 600: Software License Commands

    ProSafe Managed Switch IP Address:........0.0.0.0 Address Type........1 Port........... 6343 Datagram Version....... 5 Maximum Datagram Size......1400 show sflow samplers Use this command to display the sFlow sampling instances created on the switch. Format show sflow samplers Mode Privileged EXEC Field Description Sampler Data...

  • Page 601: Ip Address Conflict Commands

    ProSafe Managed Switch show license This command displays the license status. License Date indicates the date of the license. License Status indicates whether license is active or inactive. Format show license Mode Privileged EXEC Example: The following shows example CLI display output for the command. (Managed Switches) #show license License date : Apr-9-2010 License copy : 1...

  • Page 602: Link Local Protocol Filtering Commands

    ProSafe Managed Switch Note: This command takes effect only once after it is executed and cannot be saved across power cycles. Format ip address-conflict-detect run Mode Global Config show ip address-conflict This command displays the status information corresponding to the last detected address conflict.

  • Page 603: Rmon Stats And History Commands

    ProSafe Managed Switch the DTP packets on the interface. Use to filter the UDLD packets on the interface. blockudld to filter the PAGP packets on the interface. Use to filter the SSTP blockpagp blocksstp packets on the interface. Format llpf {blockisdp | blockvtp | blockdtp | blockudld | blockpagp | blocksstp | blockall } Mode Interface Config...
  • Page 604 ProSafe Managed Switch RFC 2819 • Group 1 - Statistics Contains cumulative traffic and error statistics. • Group 2 - History Generates reports from periodic traffic sampling that are useful for analyzing trends. This group includes History Control Group and Ethernet History Group. •...

  • Page 605: Rmon Alarm

    ProSafe Managed Switch rmon alarm This command sets the RMON alarm entry in the RMON alarm MIB group. Format rmon alarm alarm number variable sample interval sampling type rising-threshold value falling-threshold value startup rising/falling/rising-falling owner string Mode Global Config Parameter Description Alarm Number The Alarm number which identifies an Alarm.

  • Page 606: Rmon Event

    ProSafe Managed Switch Parameter Description hcalarm alarm The identifier of the hcalarm instance. number High Capacity The object identifier of the particular variable to be sampled. Only variables that resolve to an Alarm Variable ASN.1 primitive type of integer. High Capacity The interval in seconds over which the data is sampled and compared with the rising and Alarm interval falling thresholds.

  • Page 607: Rmon Collection History

    ProSafe Managed Switch Parameter Description Event Number Event identifier Event Type The type of notification that the probe will make about the event. Possible values are: • None • • SNMP Trap • Log and SNMP Trap no rmon event This command deletes the rmon event entry.

  • Page 608: Show Rmon Events

    ProSafe Managed Switch show rmon events This command displays the entries in the RMON event table. Format show rmon events Mode Privileged Exec Example: (Switch) # show rmon events Index Description Type Community Owner Last time sent ------------------------------------------------------------------------------- test public 0 days 0 h:0 m:0 s show rmon history This command displays the specified entry in the RMON history table.

  • Page 609: Udld Commands

    ProSafe Managed Switch show rmon statistics interface This command displays the RMON statistics for the given interface. Format show rmon statistics interface <unit/slot/port> Mode Privileged Exec Example: (switch) # show rmon statistics interface 1/0/1 Interface: 1/0/1 Dropped: 0 Octets: 0 Packets: 0 Broadcast: 0 Multicast: 0...

  • Page 610: Udld Message Time

    ProSafe Managed Switch no udld enable This command disables udld globally on the switch. Format no udld enable Mode Global Config udld message time This command configures the interval between UDLD probe messages on ports that are in the advertisement phase. The range is from 7 to 90 seconds. Default Format udld message time <interval>...

  • Page 611: Udld Port

    ProSafe Managed Switch udld port This command selects the UDLD mode operating on this interface. If the keyword “aggressive” is not entered, the port operates in normal mode. Default normal Format udld port [aggressive] Mode Interface Config udld reset This command resets all interfaces that have been shutdown by UDLD. Format udld reset Mode...
  • Page 612 ProSafe Managed Switch Term Definition UDLD Mode The UDLD mode configured on this interface. This is either “Normal” or “Aggressive.”. UDLD Status The status of the link as determined by UDLD. The options are: • “Undetermined” - UDLD has not collected enough information to determine the state of the port •...

  • Page 613: Chapter 11 Management Commands

    Management Commands This chapter describes the management commands available in the managed switch CLI. This chapter contains the following sections: • Configuring the Switch Management CPU • Network Interface Commands • Console Port Access Commands • Telnet Commands • Secure Shell (SSH) Commands •...

  • Page 614: Configuring The Switch Management Cpu

    To manage the switch via the web GUI or telnet, an IP address needs to be assigned to the switch management CPU. Whereas there are CLI commands that can be used to do this, ezconfig simplifies the task. The tool is applicable to all NETGEAR 7000-series managed switches, and allows you to configure the following parameters: The administrator’s user password and administrator-enable password...
  • Page 615 ProSafe Managed Switch The following is an example of an ezconfig session. NETGEAR EZ Configuration Utility -------------------------------- Hello and Welcome! This utility will walk you thru assigning the IP address for the switch management CPU. It will allow you to save the changes at the end. After the session, simply use the newly assigned IP address to access the Web GUI using any public domain Web browser.

  • Page 616: Network Interface Commands

    ProSafe Managed Switch Network Interface Commands This section describes the commands you use to configure a logical interface for management access. To configure the management VLAN, see step on page 47. enable (Privileged EXEC access) Use this command to access the Privileged EXEC mode. From the Privileged EXEC mode, you can configure the network interface.

  • Page 617: Network Javamode

    ProSafe Managed Switch A locally administered address must have bit 6 On (b'1') and bit 7 Off (b'0'). Format network mac-address <macaddr> Mode Privileged EXEC network mac-type Use this command to specify whether the switch uses the burned in MAC address or the locally-administered MAC address.
  • Page 618 Locally Administered address. The factory default is to use the burned in MAC address. The following shows example CLI display output for the network port. (Netgear Switch) #show network Interface Status....... Always Up IP Address........10.250.3.1 Subnet Mask........

  • Page 619: Console Port Access Commands

    ProSafe Managed Switch IPv6 Address/Length is ......3099::210:18FF:FE82:337/64 IPv6 Default Router is ......FE80::204:76FF:FE73:423A Burned In MAC Address......00:10:18:82:03:37 Locally Administered MAC Address....00:00:00:00:00:00 MAC Address Type....... Burned In Network Configuration Protocol Current..None Management VLAN ID......1 Web Mode........Enable Java Mode........

  • Page 620: Serial Timeout

    ProSafe Managed Switch no serial baudrate Use this command to set the communication rate of the terminal interface. Format no serial baudrate Mode Line Config serial timeout Use this command to specify the maximum connect time (in minutes) without console activity. A value of 0 indicates that a console can be connected indefinitely.

  • Page 621: Telnet Commands

    ProSafe Managed Switch enable authentication Use this command in line configuration mode to specify an authentication method list when the user accesses a higher privilege level in remote telnet or console. Format enable authentication {default | list-name} Mode Line Config no enable authentication Use this command to return to the default specified by the enable authentication...

  • Page 622: Ip Telnet Server Enable

    ProSafe Managed Switch ip telnet server enable Use this command to enable Telnet connections to the system and to enable the Telnet Server Admin Mode. This command opens the Telnet listening port. Default enabled Format ip telnet server enable Mode Privileged EXEC no ip telnet server enable Use this command to disable Telnet access to the system and to disable the Telnet Server...

  • Page 623: Transport Output Telnet

    ProSafe Managed Switch Default enabled Format transport input telnet Mode Line Config no transport input telnet Use this command to prevent new Telnet sessions from being established. Format no transport input telnet Mode Line Config transport output telnet Use this command to regulate new outbound Telnet connections. If enabled, new outbound Telnet sessions can be established until the system reaches the maximum number of simultaneous outbound Telnet sessions allowed.

  • Page 624: Telnetcon Maxsessions

    ProSafe Managed Switch no session-limit Use this command to set the maximum number of simultaneous outbound Telnet sessions to the default value. Format no session-limit Mode Line Config session-timeout Use this command to set the Telnet session timeout value.The timeout value unit of time is minutes.

  • Page 625: Telnetcon Timeout

    ProSafe Managed Switch telnetcon timeout Use this command to set the Telnet connection session timeout value, in minutes. A session is active as long as the session has not been idle for the value set. The time is a decimal value from 1 to 160.

  • Page 626: Secure Shell (Ssh) Commands

    ProSafe Managed Switch Term Definition Outbound The number of minutes an outbound Telnet session is allowed to remain inactive before Telnet Login being logged off. Timeout Maximum The number of simultaneous outbound Telnet connections allowed. Number of Outbound Telnet Sessions Allow New Indicates whether outbound Telnet sessions will be allowed.

  • Page 627: Ip Ssh Protocol

    ProSafe Managed Switch ip ssh Use this command to enable SSH access to the system. (This command is the short form of the ip ssh server enable command.) Default disabled Format ip ssh Mode Privileged EXEC ip ssh protocol Use this command to set or remove protocol levels (or versions) for SSH. Either SSH1 (1), SSH2 (2), or both SSH 1 and SSH 2 (1 and 2) can be set.

  • Page 628: Sshcon Timeout

    ProSafe Managed Switch no sshcon maxsessions Use this command to set the maximum number of allowed SSH connection sessions to the default value. Format no sshcon maxsessions Mode Privileged EXEC sshcon timeout Use this command to set the SSH connection session timeout value, in minutes. A session is active as long as the session has been idle for the value set.

  • Page 629: Management Security Commands

    ProSafe Managed Switch Term Definition Max SSH The maximum number of SSH sessions allowed. Sessions Allowed SSH Timeout The SSH timeout value in minutes. Keys Present Indicates whether the SSH RSA and DSA key files are present on the device. Key Generation Indicates whether RSA or DSA key files generation is currently in progress.

  • Page 630: Hypertext Transfer Protocol (Http) Commands

    ProSafe Managed Switch no crypto key generate rsa Use this command to delete the RSA key files from the device. Format no crypto key generate rsa Mode Global Config crypto key generate dsa Use this command to generate a DSA key pair for SSH. The new key files will overwrite any existing generated or downloaded DSA key files.

  • Page 631: Ip Http Java

    ProSafe Managed Switch no ip http server Use this command to disable access to the switch through the Web interface. When access is disabled, the user cannot login to the switch's Web server. Format no ip http server Mode Privileged EXEC ip http secure-server Use this command to enable the secure socket layer for secure HTTP.

  • Page 632: Ip Http Authentication

    ProSafe Managed Switch user will be forced to re-authenticate. This timer begins on initiation of the web session and is unaffected by the activity level of the connection. Default Format ip http session hard-timeout <0-168> Mode Privileged EXEC no ip http session hard-timeout Use this command to restore the hard timeout for un-secure HTTP sessions to the default value.

  • Page 633: Ip Http Session Maxsessions

    ProSafe Managed Switch ip http session maxsessions Use this command to limit the number of allowable un-secure HTTP sessions. Zero is the configurable minimum. Default Format ip http session maxsessions <0-16> Mode Privileged EXEC no ip http session maxsessions Use this command to restore the number of allowable un-secure HTTP sessions to the default value.

  • Page 634: Ip Http Secure-Session Soft-Timeout

    ProSafe Managed Switch no ip http secure-session maxsessions Use this command to restore the number of allowable secure HTTP sessions to the default value. Format no ip http secure-session maxsessions Mode Privileged EXEC ip http secure-session soft-timeout Use this command to configure the soft timeout for secure HTTP sessions in minutes. Configuring this value to zero will give an infinite soft-timeout.

  • Page 635: Ip Https Authentication

    ProSafe Managed Switch ip https authentication Use this command to specify the authentication methods for http server users. The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.

  • Page 636: Show Ip Http

    ProSafe Managed Switch ip http secure-protocol Use this command to set protocol levels (versions). The protocol level can be set to TLS1, SSL3 or to both TLS1 and SSL3. Default SSL3 and TLS1 Format ip http secure-protocol [SSL3] [TLS1] Mode Privileged EXEC show ip http Use this command to display the http settings for the switch.

  • Page 637: Access Commands

    ProSafe Managed Switch Access Commands Use the commands in this section to close remote connections or to view information about connections to the system. disconnect Use the disconnect command to close HTTP, HTTPS, Telnet or SSH sessions. Use all to close all active sessions, or use <session-id>...
  • Page 638 ProSafe Managed Switch username Use this command to add a new user to the local user database. The default privilege level is 1. Using the encrypted keyword allows the administrator to transfer local user passwords between devices without having to know the passwords. When the password parameter is used along with encrypted parameter, the password must be exactly 128 hexadecimal characters in length.

  • Page 639: Username Name Nopassword

    ProSafe Managed Switch username name nopassword Use this command to remove an existing user’s password (NULL password). Format username name nopassword [Level Level] Mode Global Config Parameter Description name The name of the user. Range: 1-32 characters. password The authentication password for the user. Range 8-64 characters. level The user level.

  • Page 640: Username Snmpv3 Authentication

    ProSafe Managed Switch username snmpv3 authentication Use this command to specify the authentication protocol to be used for the specified user. The valid authentication protocols are none, md5 or sha. If you specify md5 or sha, the login password is also used as the snmpv3 authentication password and therefore must be at least eight characters in length.

  • Page 641: Show Users

    ProSafe Managed Switch no username snmpv3 encryption Use this command to set the encryption protocol to none. The <username> is the login user name for which the specified encryption protocol will be used. Format no username snmpv3 encryption <username> Mode Global Config show users Use this command to display the configured user names and their settings.

  • Page 642: Show Users Accounts Detail

    ProSafe Managed Switch Term Definition Lockout Status Indicates whether the user account is locked out (true or false). Password The current password expiration date in date format. Expiration Date show users accounts detail This command displays the local user status with respect to user account lockout and password aging.

  • Page 643: Passwords History

    ProSafe Managed Switch Term Definition Login Time The time at which the user logged in. Username The user name used to login. Protocol The protocol that the user used to login. Location The location of the user. passwords min-length Use this command to enforce a minimum password length for local users. The value also applies to the enable password.

  • Page 644: Passwords Aging

    ProSafe Managed Switch passwords aging Use this command to implement aging on passwords for local users. When a user’s password expires, the user will be prompted to change it before logging in again. The valid range is 1-365. The default is 0, or no aging. Default Format passwords aging <1-365>...

  • Page 645: Passwords Strength Minimum Uppercase-Letters

    ProSafe Managed Switch Mode Global Config Default Disable no passwords strength-check Use this command to disable the password strength-check. Format no passwords strength-check Mode Global Config passwords strength minimum uppercase-letters Use this command to enforce a minimum number of uppercase letters that a password should contain.

  • Page 646: Passwords Strength Minimum Numeric-Characters

    ProSafe Managed Switch passwords strength minimum numeric-characters Use this command to enforce a minimum number of numeric characters that a password should contain. The valid range is 0-16. The default is 2. Minimum of 0 means no restriction on that set of characters. Format passwords strength minimum numeric-letters Mode...

  • Page 647: Passwords Strength Maximum Repeated-Characters

    ProSafe Managed Switch no passwords strength maximum consecutive-characters Use this command to reset the maximum number of consecutive characters to the default value. Format no passwords strength maximum consecutive-characters Mode Global Config passwords strength maximum repeated-characters Use this command to enforce a maximum number of repeated characters that a password should contain.

  • Page 648: Show Passwords Configuration

    ProSafe Managed Switch passwords strength exclude-keyword Use this command to exclude the specified keyword while configuring the password. The password does not accept the keyword in any form (in between the string, case insensitive and reverse) as a substring. User can configure up to a maximum of 3 keywords. Format passwords strength exclude-keyword keyword Mode...

  • Page 649: Show Passwords Result

    ProSafe Managed Switch Termd Definition Minimum Password Minimum number of character classes (uppercase, lowercase, numeric and Character Classes special) required when configuring passwords. Password Exclude- The set of keywords to be excluded from the configured password when strength Keywords checking is enabled. show passwords result Use this command to display the last password set result information.

  • Page 650: Aaa Authentication Enable

    ProSafe Managed Switch list-name Character string used to name the list of authentication methods activated when a user logs in. Up to 12 characters. method1 [method2…] At least one from the following table: Keyword Description enable Uses the enable password for authentication. line Uses the line password for authentication.

  • Page 651: Aaa Authentication Dot1X

    ProSafe Managed Switch Default Uses the listed authentication methods that follow this argument as the default list of methods when a user accesses a higher privilege level. list-name Character string used to name the list of authentication methods activated when a user accesses a higher privilege level.

  • Page 652: Aaa Accounting

    ProSafe Managed Switch specified as an authentication method after radius, no authentication is used if the radius server is down. Format aaa authentication dot1x default method1 Mode Global Config method1: At least one from the following table: Keyword Description local Uses the local username database for authentication.

  • Page 653: Accounting (Console/Telnet/Ssh)

    ProSafe Managed Switch Term Definition exec Provides accounting for an user EXEC terminal sessions. commands Provides accounting for all user-executed commands. default The default list of methods for accounting services. list-name Character string used to name the list of accounting methods. start-stop Sends a start accounting notice at the beginning of a process and a stop accounting notice at the end of a process.

  • Page 654: Show Accounting Methods

    ProSafe Managed Switch ip http/https accounting This command applies user exec accounting list to the line methods HTTP and HTTPs methods. Format ip {http| https} accounting exec {default| <listname>} Mode Global Config Term Definition HTTP/HTTPS Line method for which the list needs to be applied. default The default list of methods for authorization services.

  • Page 655: Aaa Authorization

    ProSafe Managed Switch aaa authorization This command creates an authorization method list. This list is identified by “default” or a user-specified “list_name.” If “tacacs” is specified as the Authorization method, Authorization commands are notified to a TACACS+ server. If “none” is specified as the Authorization method, command authorization is not applicable.

  • Page 656: Show Authorization Methods

    ProSafe Managed Switch no authorization(console/telnet/ssh) This command is used to remove command authorization from a line config mode. Format no authorization {commands| exec} Mode • Line console • Line telnet • Line SSH show authorization methods This command displays the configured authorization method lists. Format show authorization methods Mode...

  • Page 657: Domain-Name Enable

    ProSafe Managed Switch username, then the managed switch sends the username input as the domain-name(as entered by the user)\username to the RADIUS server. • Domain disabled: In this case, the domain name is not included when the user-name is sent to the RADIUS server. Note: If the user domain is already provided by the user/supplicant, the domain name is assumed to reach the managed switch along with...

  • Page 658: Mac Address-Table Multicast Forward-Unregistered Vlan

    ProSafe Managed Switch Format mac address-table multicast forbidden-unregistered vlan <1-4093> Mode Global Config no mac address-table multicast forbidden-unregistered vlan Use this command to restore the default. Format no mac address-table multicast forbidden-unregistered vlan Mode Global Config mac address-table multicast forward-unregistered vlan Use this command to enable forwarding unregistered multicast address (in other words, unknown multicast traffic) on a given VLAN ID.

  • Page 659: Show Mac Address-Table Multicast Filtering

    A valid VLAN ID mode The filtering mode The following shows example CLI display output for the command. (netgear switch) #show mac address-table multicast filtering 1 VLAN-ID..1 Mode..Forward-Forbidden-Unregistered show domain-name This command displays the configured domain-name. Format...

  • Page 660: Aaa Ias-User Username

    ProSafe Managed Switch aaa ias-user username The Internal Authentication Server (IAS) database is a dedicated internal database used for local authentication of users for network access through the IEEE 802.1X feature. Use this command to add the specified user to the internal user database. This command also changes the mode to AAA User Config mode.

  • Page 661: Snmp Commands

    ProSafe Managed Switch Parameter Definition password Password for this level. Range: 8-64 characters. encrypted Encrypted password to be entered, copied from another switch configuration. no password(AAA IAS User Configuration) Use this command to remove a password for a user in the IAS database. Format no password Mode...

  • Page 662: Snmp-Server Community

    ProSafe Managed Switch snmp-server community Use this command to add (and name) a new SNMP community. A community <name> is a name associated with the switch and with a set of SNMP managers that manage it with a specified privileged level. The length of <name> can be up to 16 case-sensitive characters. Note: Community names in the SNMP Community Table must be unique.

  • Page 663: Snmp-Server Community Ipmask

    ProSafe Managed Switch no snmp-server community ipaddr Use this command to set a client IP address for an SNMP community to 0.0.0.0. The name is the applicable community name. Format no snmp-server community ipaddr <name> Mode Global Config snmp-server community ipmask Use this command to set a client IP mask for an SNMP community.

  • Page 664: Snmp-Server Community Ro

    ProSafe Managed Switch no snmp-server community mode Use this command to deactivate an SNMP community. If the community is disabled, no SNMP requests using this community are accepted. In this case the SNMP manager associated with this community cannot manage the switch until the Status is changed back to Enable.

  • Page 665: Snmp-Server Enable Traps

    ProSafe Managed Switch no snmp-server enable traps violation Use this command to disable sending new violation traps. Format no snmp-server enable traps violation Mode Interface Config snmp-server enable traps Use this command to enable the Authentication Flag. Default enabled Format snmp-server enable traps Mode Global Config...

  • Page 666: Snmp-Server Enable Traps Multiusers

    The SNMP trap address can be set using both an IPv4 address format as well as an IPv6 global address format. The following shows an example of the CLI command. (Netgear Switch)# snmptrap mytrap ip6addr 3099::2 Management Commands...

  • Page 667: Snmptrap Snmpversion

    ProSafe Managed Switch Note: The <name> parameter does not need to be unique, however; the <name> and <ipaddr | hostname> pair must be unique. Multiple entries can exist with the same <name>, as long as they are associated with a different <ipaddr | hostname>. The reverse scenario is also acceptable.

  • Page 668: Snmptrap Ipaddr

    ProSafe Managed Switch snmptrap ipaddr Use this command to assign an IP address to a specified community name. The maximum length of name is 16 case-sensitive alphanumeric characters. Note: IP addresses in the SNMP trap receiver table must be unique. If you make multiple entries using the same IP address, the first entry is retained and processed.

  • Page 669: Show Snmpcommunity

    ProSafe Managed Switch no snmp trap link-status Use this command to disable link status traps by interface. Note: This command is valid only when the Link Up/Down Flag is enabled. Format no snmp trap link-status Mode Interface Config snmp trap link-status all Use this command to enable link status traps for all interfaces.

  • Page 670: Show Snmptrap

    ProSafe Managed Switch The SNMP agent of the switch complies with SNMP Versions 1, 2 or 3. For more information about the SNMP specification, see the SNMP RFCs. The SNMP agent sends traps through TCP/IP to an external SNMP manager based on the SNMP configuration (the trap receiver and other SNMP community parameters).

  • Page 671: Show Trapflags

    ProSafe Managed Switch (Netgear Switch)#show snmptrap Community Name IpAddress IPv6 Address Snmp Version Mode Mytrap 0.0.0.0 2001::1 SNMPv2 Enable show trapflags show trapflags Use this command to display trap conditions. The command’s display shows all the enabled OSPFv2 and OSPFv3 trapflags. Configure which traps the switch should generate by enabling or disabling the trap condition.

  • Page 672: Radius Commands

    ProSafe Managed Switch RADIUS Commands This section describes the commands you use to configure the switch to use a Remote Authentication Dial-In User Service (RADIUS) server on your network for authentication and accounting. authorization network radius Use this command to enable the switch to accept VLAN assignment by the radius server. Default disable Format...

  • Page 673: Radius Server Host

    ProSafe Managed Switch RADIUS client uses that IP address while sending NAS-IP-Address attribute in RADIUS communication. Format radius server attribute <4> [<ipaddr>] Mode Global Config Term Definition NAS-IP-Address attribute to be used in RADIUS requests. ipaddr The IP address of the server. no radius server attribute Use the version of this command to disable the NAS-IP-Address attribute global...
  • Page 674 ProSafe Managed Switch Note: To re-configure a RADIUS authentication server to use the default UDP <port>, set the <port> parameter to 1812. If you use the <acct> token, the command configures the IP address or hostname to use for the RADIUS accounting server. You can only configure one accounting server. If an accounting server is currently configured, use the “no”...

  • Page 675: Radius Server Key

    ProSafe Managed Switch address or dns name of the previously configured RADIUS authentication / accounting server. Format no radius server host {auth | acct} {<ipaddr|dnsname>} Mode Global Config The following shows an example of the command. (Switch) (Config) #radius server host acct 192.168.37.60 (Switch) (Config) #radius server host acct 192.168.37.60 port 1813 (Switch) (Config) #radius server host auth 192.168.37.60 name Network1_RADIUS_Auth_Server port 1813...

  • Page 676: Radius Server Msgauth

    ProSafe Managed Switch The following shows an example of the CLI command. radius server key acct 10.240.4.10 encrypted <encrypt-string> radius server msgauth Use this command to enable the message authenticator attribute to be used for the specified RADIUS Authenticating server. Format radius server msgauth <ipaddr|dnsname>...

  • Page 677: Radius Server Retransmit

    ProSafe Managed Switch radius server retransmit Use this command to configure the global parameter for the RADIUS client that specifies the number of transmissions of the messages to be made before attempting the fall back server upon unsuccessful communication with the current RADIUS authenticating server. When the maximum number of retries are exhausted for the RADIUS accounting server and no response is received, the client does not communicate with any other server.

  • Page 678: Show Radius

    ProSafe Managed Switch show radius Use this command to display the values configured for the global parameters of the RADIUS client. Format show radius Mode Privileged EXEC Term Definition Number of Configured The number of RADIUS Authentication servers that have been configured. Authentication Servers Number of Configured The number of RADIUS Accounting servers that have been configured.

  • Page 679: Show Radius Servers

    ProSafe Managed Switch show radius servers Use this command to display the summary and details of RADIUS authenticating servers configured for the RADIUS client. Format show radius servers [ { <ipaddr | dnsname> | name [<servername> ] } ] Mode Privileged EXEC Field Description...

  • Page 680: Show Radius Accounting

    ProSafe Managed Switch 192.168.37.201 Network2_RADIUS_Server 1813 Secondary 192.168.37.202 Network3_RADIUS_Server 1813 Primary 192.168.37.203 Network4_RADIUS_Server 1813 Secondary (Switch) #show radius servers name Current Host Address Server Name Type ------------------------ --------------------------------- ----------192.168.37.200 Network1_RADIUS_Server Secondary 192.168.37.201 Network2_RADIUS_Server Primary 192.168.37.202 Network3_RADIUS_Server Secondary 192.168.37.203 Network4_RADIUS_Server Primary (Switch) #show radius servers name Default_RADIUS_Server Server Name......

  • Page 681: Show Radius Accounting Statistics

    ProSafe Managed Switch Term Definition Host Address The IP address of the host. Server Name The name of the accounting server. Port The port used for communication with the accounting server. Secret Configured Yes or No Boolean value indicating whether this server is configured with a secret.
  • Page 682 ProSafe Managed Switch Term Definition Server Host The IP address of the host. Address Round Trip Time The time interval, in hundredths of a second, between the most recent Accounting-Response and the Accounting-Request that matched it from this RADIUS accounting server. Requests The number of RADIUS Accounting-Request packets sent to this server.

  • Page 683: Show Radius Statistics

    ProSafe Managed Switch Requests........0 Retransmissions....... 0 Responses........0 Malformed Responses......0 Bad Authenticators......0 Pending Requests......0 Timeouts........0 Unknown Types......... 0 Packets Dropped....... 0 show radius statistics Use this command to display the summary statistics of configured RADIUS Authenticating servers.

  • Page 684: Tacacs+ Commands

    ProSafe Managed Switch Term Definition Timeouts The number of authentication timeouts to this server. Unknown Types The number of packets of unknown type that were received from this server on the authentication port. Packets Dropped The number of RADIUS packets received from this server on the authentication port and dropped for some other reason.

  • Page 685: Debug Tacacs Packet

    ProSafe Managed Switch delivery and a shared key configured on the client and daemon server to encrypt all messages. debug tacacs packet Use the debug tacacs packet command to turn on TACACS+ packet debug. Default Disabled Format debug tacacs packet [receive | transmit] Mode Global Config no debug tacacs packet...

  • Page 686: Tacacs-Server Keystring

    ProSafe Managed Switch only. If you want to enter the key in encrypted format, enter the key along with the encrypted keyword. In the show running config command’s display, these secret keys are displayed in encrypted format. You cannot show these keys in plain text format. Format tacacs-server key [<key-string>...

  • Page 687: Tacacs-Server Timeout

    ProSafe Managed Switch no tacacs-server source interface Use this command in Global Configuration mode to remove the global source interface (Source IP selection) for all TACACS+ communications between the TACACS+ client and the server. Format no tacacs-server source-interface Mode Privileged Exec tacacs-server timeout Use the tacacs-server timeout command to set the timeout value for communication with the TACACS+ servers.

  • Page 688: Show Tacacs

    ProSafe Managed Switch port Use the port command in TACACS Configuration mode to specify a server port number. The server <port-number> range is 0 - 65535. Default Format port <port-number> Mode TACACS Config priority Use the priority command in TACACS Configuration mode to specify the order in which servers are used, where 0 (zero) is the highest priority.

  • Page 689: Configuration Scripting Commands

    ProSafe Managed Switch Configuration Scripting Commands Configuration Scripting allows you to generate text-formatted script files representing the current configuration of a system. You can upload these configuration script files to a PC or UNIX system and edit them. Then, you can download the edited files to the system and apply the new configuration.

  • Page 690: Script Apply

    ProSafe Managed Switch hello hello script apply Use this command to apply the commands in the script to the switch. The <scriptname> parameter is the name of the script to apply. Format script apply <scriptname> Mode Privileged EXEC script delete Use this command to delete a specified script, where the <scriptname>...

  • Page 691: Pre-Login Banner And System Prompt Commands

    ProSafe Managed Switch script validate Use this command to validate a script file by parsing each line in the script file, where <scriptname> is the name of the script to validate.The validate option is intended to be used as a tool for script development. Validation identifies potential problems. It might not identify all problems with a given script on any given device.

  • Page 692: Switch Database Management (Sdm) Templates

    ProSafe Managed Switch set clibanner Use this command to add the CLI Banner. The banner message supports up to 2000 characters. Format set clibanner <line> Mode Global Config no set clibanner Use this command to remove the CLI Banner downloaded through TFTP. Format no set clibanner Mode...

  • Page 693: Show Sdm Prefer

    ProSafe Managed Switch Parameter Description ipv4-routing Supports IPv4 routing only. -data-center : Support more ECMP next hops in IPv4 routes. -default : The routing template maximizes system resources for unicast routing, typically required for a router in the center of a network. dual-ipv4-and-ipv Supports both IPv4 and IPv6 routing.

  • Page 694: Ipv6 Management Commands

    ProSafe Managed Switch Term Description IPv4 Multicast The maximum number of IPv4 multicast forwarding table entries. Routes IPv6 Multicast The maximum number of IPv6 multicast forwarding table entries. Routes Example: #show sdm prefer Current template: Dual IPv4 and IPv6 ARP Entries........4096 IPv4 Unicast Routes......

  • Page 695: Network Ipv6 Address

    ProSafe Managed Switch network ipv6 address Use this command to configure an IPv6 global address, enable or disable stateless global address autoconfiguration, and enable or disable dhcpv6 client protocol information for the network port. You can configure multiple IPv6 addresses on the network port. Format address/prefix-length network ipv6 address {...

  • Page 696: Show Network Ndp

    ProSafe Managed Switch no network ipv6 gateway Use this command to remove IPv6 gateways on the network port interface. Format no network ipv6 gateway Mode Privileged EXEC show network ndp Use this command to display NDP cache information for the network port. Default enabled Format...
  • Page 697 ProSafe Managed Switch Term Description DHCPv6 Advertisement The number of DHCPv6 Advertisement packets received on the network Packets Received interface. DHCPv6 Reply Packets The number of DHCPv6 Reply packets received on the network interface. Received Received DHCPv6 The number of DHCPv6 Advertisement packets discarded on the network Advertisement Packets interface.

  • Page 698: Clear Network Ipv6 Dhcp Statistics

    ProSafe Managed Switch clear network ipv6 dhcp statistics Use this command to clear the DHCPv6 statistics on the network management interface. Format clear network ipv6 dhcp statistics Mode Privileged EXEC Management Commands...

  • Page 699: Chapter 12 Log Messages

    There is no specific action that can be taken per message. When there is a problem being diagnosed, a set of these messages in the event log, along with an understanding of the system configuration and details of the problem will assist NETGEAR, Inc. in determining the root cause of such a problem.

  • Page 700: Core

    ProSafe Managed Switch Core Table 3. BSP Log Messages Component Message Cause Event(0xaaaaaaaa) Switch has restarted. Starting code... BSP initialization complete, starting 7000 series application. Table 4. NIM Log Messages Component Message Cause NIM: L7_ATTACH out of order for Interface creation out of order intIfNum(x) unit x slot x port x NIM: Failed to find interface at unit x slot x There is no mapping between the USP and...
  • Page 701 ProSafe Managed Switch Table 5. System Log Messages Component Message Cause SYSTEM Configuration file Switch CLI.cfg size is 0 The configuration file could not be read. (zero) bytes This message may occur on a system for which no configuration has ever been saved or for which configuration has been erased.

  • Page 702: Utilities

    ProSafe Managed Switch Utilities Table 6. Trap Mgr Log Message Component Message Cause Trap Mgr Link Up/Down: unit/slot/port An interface changed link state. Table 7. DHCP Filtering Log Messages Component Message Cause DHCP Filtering Unable to create r/w lock for DHCP Unable to create semaphore used for dhcp Filtering filtering configuration structure .
  • Page 703 ProSafe Managed Switch Table 9. RADIUS Log Messages Component Message Cause RADIUS RADIUS: Invalid data length - xxx The RADIUS Client received an invalid message from the server. RADIUS RADIUS: Failed to send the request A problem communicating with the RADIUS server.

  • Page 704: Management

    ProSafe Managed Switch Table 10. TACACS+ Log Messages Component Message Cause TACACS+ TACACS+: authentication error, no server TACACS+ request needed, but no servers to contact are configured. TACACS+ TACACS+: connection failed to server TACACS+ request sent to server x.x.x.x but x.x.x.x no response was received.
  • Page 705 ProSafe Managed Switch Table 14. EmWeb Log Messages Component Message Cause EmWeb EMWEB (Telnet): Max number of Telnet A user attempted to connect via telnet login sessions exceeded when the maximum number of telnet sessions were already active. EmWeb EMWEB (SSH): Max number of SSH login A user attempted to connect via SSH when sessions exceeded the maximum number of SSH sessions...
  • Page 706 ProSafe Managed Switch Table 16. WEB Log Messages Component Message Cause Max clients exceeded This message is shown when the maximum allowed java client connections to the switch is exceeded. Error on send to sockfd XXXX, closing Failed to send data to the java clients connection through the socket.
  • Page 707 ProSafe Managed Switch Table 18. SSHD Log Messages Component Message Cause SSHD SSHD: Unknown UI event in message, Failed to dispatch the UI event to the event=XXXX appropriate SSHD function as it’s an invalid event. XXXX indicates the event to be dispatched.

  • Page 708: Switching

    ProSafe Managed Switch Table 20. User_Manager Log Messages Component Message Cause User_Manager User Login Failed for XXXX Failed to authenticate user login. XXXX indicates the username to be authenticated. User_Manager Access level for user XXXX could not be Invalid access level specified for the user. determined.
  • Page 709 ProSafe Managed Switch Table 22. IP Subnet VLANS Log Messages Component Message Cause IPsubnet vlans ERROR vlanIpSubnetSubnetValid :Invalid This occurs when an invalid pair of subnet subnet and netmask has come from the CLI IPsubnet vlans IP Subnet Vlans: failed to save This message appears when save configuration configuration of subnet vlans failed...
  • Page 710 ProSafe Managed Switch Table 23. Mac-based VLANs Log Messages Component Message Cause Mac based vlanMacVlanChangeCallback: Failed to This appears when a dtl fails to add an VLANS add an entry entry for a vlan add notify event. Mac based vlanMacVlanChangeCallback: Failed to This appears when a dtl fails to delete an VLANS delete an entry...
  • Page 711 ProSafe Managed Switch Table 25. IGMP Snooping Log Messages Component Message Cause IGMP Snooping Failed to set igmp mrouter mode %d for Failed to set VLAN multicast router mode interface xxx on Vlan yyy due to IGMP Snooping message queue being full IGMP Snooping snoopCnfgrInitPhase1Process: Error Could not allocate buffers for small IGMP...
  • Page 712 ProSafe Managed Switch Table 27. 802.3ad Log Messages Component Message Cause 802.3ad dot3adReceiveMachine: received default Received a LAG PDU and the RX state event %x machine is ignoring this LAGPDU 802.3ad dot3adNimEventCompletionCallback, The event sent to NIM was not completed dot3adNimEventCreateCompletionCallbac successfully k: DOT3AD: notification failed for...
  • Page 713 ProSafe Managed Switch Table 32. 802.1Q Log Messages Component Message Cause 802.1Q dot1qIssueCmd: Unable to send message dot1qMsgQueue is full. %d to dot1qMsgQueue for vlan %d - %d msgs in queue 802.1Q dot1qVlanCreateProcess: Attempt to This accommodates for reserved vlan ids. create a vlan with an invalid vlan id %d ;...

  • Page 714: Qos

    ProSafe Managed Switch Table 35. Protocol-based VLANs Log Messages Component Message Cause Protocol Based pbVlanCnfgrInitPhase2Process: Unable to Appears when nimRegisterIntfChange fails VLANs register NIM callback to register pbVlan for link state changes. Protocol Based pbVlanCnfgrInitPhase2Process: Unable to Appears when vlanRegisterForChange VLANs register pbVlan callback with vlans fails to register pbVlan for vlan changes.

  • Page 715: Routing/Ipv6 Routing

    ProSafe Managed Switch Table 38. DiffServ Log Messages Component Message Cause DiffServ diffserv.c 165: diffServRestore Failed to While attempting to clear the running reset DiffServ. Recommend resetting configuration an error was encountered in device removing the current settings. This may lead to an inconsistent state in the system and resetting is advised.
  • Page 716 ProSafe Managed Switch Table 40. OSPFv2 Log Messages (Continued) Component Message Cause OSPFv2 Warning: OSPF LSDB is 90% full (22648 OSPFv2 limits the number of Link State LSAs). Advertisements (LSAs) that can be stored in the link state database (LSDB). When the database becomes 90 or 95 percent full, OSPFv2 logs this warning.
  • Page 717 ProSafe Managed Switch Table 42. Routing Table Manager Log Messages Component Message Cause Routing Table RTO is full. Routing table contains 8000 The routing table manager, also called Manager best routes, 8000 total routes. “RTO,” stores a limited number of best routes, based on hardware capacity.

  • Page 718: Multicast

    ProSafe Managed Switch Table 45. RIP Log Message Component Message Cause RIP : discard response from xxx via When RIP response is received with a unexpected interface source address not matching the incoming interface’s subnet. Table 46. DHCP6 Log Message Component Message Cause...
  • Page 719 ProSafe Managed Switch Table 49. IGMP-Proxy Log Messages Component Message Cause IGMP-Proxy Error getting memory for igmp host group When we are unable to allocate memory for record the IGMP group record in the Host (Proxy) table IGMP-Proxy Error getting memory for source record When we are unable to allocate memory for the IGMP source record in the Host (Proxy) table...

  • Page 720: Stacking

    ProSafe Managed Switch Table 51. PIM-DM Log Messages Component Message Cause PIM-DM Out of memory when creating xxx This message is logged when there is insufficient memory to accommodate a new neighbor/(S,G) Entry, Prune, Graft, Join etc. PIM-DM Error entry->ll_xxx LL creation error This message is logged when the SLL creation is Failed.

  • Page 721: Technologies

    ProSafe Managed Switch Technologies Table 54. System General Error Messages Component Message Cause Invalid USP unit = x, slot = x, port =x A port was not able to be translated correctly during the receive. In hapiBroadSystemMacAddress call to Failed to add an L2 address to the MAC 'bcm_l2_addr_add' - FAILED : x table.
  • Page 722 ProSafe Managed Switch Table 54. System General Error Messages Component Message Cause USL: A Trunk being created by bcmx Possible synchronization issue between already existed in USL the application, hardware, and sync layer USL: A Trunk being destroyed doesn't exist Possible synchronization issue between in USL the application, hardware, and sync layer.

  • Page 723: O/S Support

    ProSafe Managed Switch Table 54. System General Error Messages Component Message Cause USL: failed to sync L3 Route table on unit= Could not synchronize unit x due to a transport failure or API issue on remote unit. A synchronization retry will be issued USL: failed to sync initiator table on unit=x Could not synchronize unit x due to a transport failure or API issue on remote...
  • Page 724 ProSafe Managed Switch Table 55. OSAPI Log Messages (Continued) Component Message Cause OSAPI osapiCleanupIf: NetIPGet During the call to remove the interface from the route table, the attempt to get an ipv4 interface address from the stack failed. OSAPI osapiCleanupIf: NetMaskGet During the call to remove the interface from the route table ,the attempt to get the ipv4 interface mask from the stack failed.

  • Page 725: Chapter 13 Captive Portal Commands

    Captive Portal Commands The Captive Portal feature is a software implementation that blocks clients from accessing the network until user verification has been established. Verification can be configured to allow access for both guest and authenticated users. Authenticated users must be validated against a database of authorized Captive Portal users before access is granted.

  • Page 726: Http Port

    ProSafe Managed Switch enable Use this command to globally enable captive portal. Default disabled Format enable Mode Captive Portal Configuration mode no enable Use this command to globally disable captive portal. Default disabled Format no enable Mode Captive Portal Configuration mode http port Use this command to configure an additional HTTP port for captive portal to monitor.

  • Page 727: Authentication Timeout

    ProSafe Managed Switch no https port Use this command to reset the HTTPs port to the default HTTPS port 443. Format no https port Mode Captive Portal Configuration mode authentication timeout Use this command to configure the authentication timeout. If the user does not enter valid credentials within this time limit, the authentication page needs to be served again in order for the client to gain access to the network.

  • Page 728: Show Captive-Portal Status

    ProSafe Managed Switch Operational Status......Disabled Disable Reason......Administrator Disabled CP IP Address....1.2.3.4 show captive-portal status Use this command to report the status of all captive portal instances in the system. Format show captive-portal status Mode Privileged EXEC mode Term Definition Additional HTTP...

  • Page 729: Captive Portal Configuration Commands

    ProSafe Managed Switch Captive Portal Configuration Commands The commands in this section are related to captive portal configurations. configuration (Captive Portal) Use this command to enter the captive portal instance mode. The captive portal configuration identified by CP ID 1 is the default CP configuration. The system supports a total of ten CP configurations.
  • Page 730 ProSafe Managed Switch Format name <cp-name> Mode Captive Portal Instance mode no name Use this command to remove a configuration name. Format no name Mode Captive Portal Instance mode protocol Use this command to configure the protocol mode for a captive portal configuration. The default protocol is http.

  • Page 731: Redirect (Captive Portal)

    ProSafe Managed Switch no group Use this command to reset the group number to the default. Default Format no group <1-10> Mode Captive Portal Instance mode redirect (Captive Portal) Use this command to enable the redirect mode for a captive portal configuration. Use the “no” form of this command to disable redirect mode.
  • Page 732 ProSafe Managed Switch no max-bandwidth-down Use this command to reset the maximum rate to the default. Format no max-bandwidth-down Mode Captive Portal Instance mode max-bandwidth-up Use this command to configure the maximum rate at which a client can send data into the network.

  • Page 733: Session-Timeout (Captive Portal)

    ProSafe Managed Switch max-output-octets Use this command to configure the maximum number of octets the user is allowed to receive. After this limit has been reached the user will be disconnected. The number of octets is in bytes. 0 indicates limit not enforced Use the “no”. Default Format max-output-octets <0-4294967295>...
  • Page 734 ProSafe Managed Switch no session-timeout Use this command to reset the session timeout to the default. Format session-timeout <0-86400> Mode Captive Portal Instance mode idle-timeout Use this command to configure the idle timeout for a captive portal configuration. 0 indicates timeout not enforced.

  • Page 735: Captive Portal Status Commands

    ProSafe Managed Switch interface (Captive Portal) Use this command to associate an interface with a captive portal configuration. Format interface <unit/slot/port> Mode Captive Portal Instance Config mode no interface Use this command to remove an association with a captive portal configuration. Format no interface <unit/slot/port>...

  • Page 736: Show Captive-Portal Configuration Interface

    ProSafe Managed Switch Term Definition CP ID The captive portal ID CP Name The captive portal instance name Operational The operational status is enabled or disabled. Status Disable Reason If the operational status is disabled, this field shows the reason. Blocked Status Blocked status shows if this captive portal instance block all traffic.

  • Page 737: Show Captive-Portal Configuration Status

    ProSafe Managed Switch If the interface is specified. The following term will be displayed. Term Definition Authenticated The number of authenticated users associated with the CP ID. users Example (Switch)#show captive-portal configuration 1 interface CP ID........1 CP Name........cp1 Operational Block Interface...
  • Page 738 ProSafe Managed Switch If the interface is specified, the following terms are displayed. Term Definition Group Name The name of the group associated with this captive portal instance. Redirect URL The redirect mode for this captive portal instance Mode Redirect URL The redirect URL is up to 512 characters.

  • Page 739: Captive Portal Client Connection Commands

    ProSafe Managed Switch show captive-portal configuration locales Use this command to display locales associated with a specific captive portal configuration. <1-10> is captive port ID. Format show captive-portal configuration <1-10> locales Mode Privileged EXEC mode Example (switch)#show captive-portal configuration 1 locales Locale Code --------------- show captive-portal trapflags...
  • Page 740 ProSafe Managed Switch Term Definition Client MAC The MAC address of the authenticated user Address Client IP Address The IP address of the authenticated user Protocol The protocol the user is using to access the network. Verification The verification mode for this client. Session Time The current session time since the client is authenticated.

  • Page 741: Show Captive-Portal Client Statistics

    ProSafe Managed Switch show captive-portal client statistics Use this command to display the statistics for a specific captive portal client. The macaddr is client MAC address. Format show captive-portal client <macaddr> statistics Mode Privileged EXEC mode Term Definition Client MAC The MAC address of the authenticated client address Bytes Received...

  • Page 742: Show Captive-Portal Configuration Client Status

    ProSafe Managed Switch If the interface is specified, the following terms are displayed. Term Definition CP ID The ID of the captive portal associated with the client CP Name The name of the captive portal associated with the client Protocol The protocol the client is using Verification The user verification mode...

  • Page 743: Captive Portal Interface Commands

    ProSafe Managed Switch If the CP ID is specified, the following terms are displayed. Term Definition Interface The description of the interface Description Example (switch)#show captive-portal configuration client status CP ID CP Name Client MAC Address Client IP Address Interface ----- ------- ------------------...

  • Page 744: Captive Portal Local User Commands

    ProSafe Managed Switch Term Definition Interface The interface associated with the CP ID. Interface The description of the interface Description Type The type of the interface Example (switch)#show captive-portal interface configuration status CP ID CP Name Interface Interface Description Type ----- ------------ --------- ---------------------------- --------...

  • Page 745: User Name

    ProSafe Managed Switch user name Use this command to modify the user name for a local captive portal user. <1-128> is the user ID and the name is the user name in the range of 1-32 characters. The local user must exist before you use this command.

  • Page 746: User Idle-Timeout

    ProSafe Managed Switch user idle-timeout Use this command to set the session idle timeout value for a captive portal user. <1-128> is the user ID. The range of idle timeout is 0-900 seconds. 0 indicates use global configuration. Default Format user <1-128>...

  • Page 747: User Max-Input-Octets

    ProSafe Managed Switch no user max-bandwidth-up Use this command to reset the limit to the default. Format user <1-128> max-bandwidth-up Mode Captive Portal Configuration mode user max-input-octets Use this command to limit the number of octets the user is allowed to transmit. After this limit has been reached the user will be disconnected.

  • Page 748: Show Captive-Portal User

    ProSafe Managed Switch has been reached the user will be disconnected. <1-128> is the user ID. The range of octets is 0-4294967295. 0 indicates to use the global limit. Use the “no” form of this command to reset the limit to the default. Default Format user <1-128>...

  • Page 749: Clear Captive-Portal Users

    ProSafe Managed Switch Term Definition Max Bandwidth Maximum client receive rate (b/s). Limits the bandwidth at which the client can receive Down (bytes/sec) data from the network. If the value is 0 or then use the value configured for the captive portal.

  • Page 750: Captive Portal User Group Commands

    ProSafe Managed Switch Captive Portal User Group Commands The following section describes captive portal user group commands. user group (Create) Use this command to create a user group. User group 1 is created by default and cannot be deleted. Default Format user group <1-10>...

  • Page 751: Chapter 14 Command List

    Command List {deny | permit} (IP ACL) ............476 {deny | permit} (IPv6) .
  • Page 752 ProSafe Managed Switch area virtual-link dead-interval (OSPF) ......... . . 266 area virtual-link dead-interval (OSPFv3) .
  • Page 753 ProSafe Managed Switch class ..............458 class-map .
  • Page 754 ProSafe Managed Switch clear pass ..............543 clear port-channel .
  • Page 755 ProSafe Managed Switch debug ping packet ............589 debug rip packet .
  • Page 756 ProSafe Managed Switch dos-control tcpport ............194 dos-control tcpsyn .
  • Page 757 ProSafe Managed Switch interface ..............21 interface lag .
  • Page 758 ProSafe Managed Switch ip http secure-session hard-timeout ..........634 ip http secure-session maxsessions .
  • Page 759 ProSafe Managed Switch ip pim dr-priority ............332 ip pim hello-interval .
  • Page 760 ProSafe Managed Switch ipv6 mld router ............. 428 ipv6 mld-proxy .
  • Page 761 ProSafe Managed Switch lacp actor admin state individual ..........106 lacp actor admin state longtimeout .
  • Page 762 ProSafe Managed Switch login authentication ............620 logout .
  • Page 763 ProSafe Managed Switch mvr ..............209 mvr group .
  • Page 764 ProSafe Managed Switch password (AAA IAS User Configuration) ......... 660 password .
  • Page 765 ProSafe Managed Switch port-security max-dynamic ........... . 169 port-security max-static .
  • Page 766 ProSafe Managed Switch serial baudrate ............. 619 serial timeout .
  • Page 767 ProSafe Managed Switch show authentication methods ........... 84 show authorization methods .
  • Page 768 ProSafe Managed Switch show igmpsnooping ............152 show igmpsnooping mrouter interface .
  • Page 769 ProSafe Managed Switch show ip mcast boundary ............320 show ip mcast interface .
  • Page 770 ProSafe Managed Switch show ipv6 interface ............364 show ipv6 mld groups .
  • Page 771 ProSafe Managed Switch show lldp local-device detail ........... 180 show lldp med .
  • Page 772 ProSafe Managed Switch show port-channel ............118 show port-channel brief .
  • Page 773 ProSafe Managed Switch show terminal length ............528 show time-range .
  • Page 774 ProSafe Managed Switch spanning-tree bpduguard ............31 spanning-tree bpdumigrationcheck .
  • Page 775 ProSafe Managed Switch telnetcon timeout ............625 terminal length .
  • Page 776 ProSafe Managed Switch vlan makestatic ............. . 49 vlan name .

This manual is also suitable for:

Prosafe m4100-26gProsafe m4100-50gProsafe m4100-26g-poeProsafe m4100-d10-poeProsafe m4100-48g-poe+Prosafe m4100-26-poe ... Show all

Table of Contents