Download  Print this page
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942

Advertisement

3Com Switch 4500 Family

Command Reference Guide

Switch 4500 26-Port
Switch 4500 50-Port
Switch 4500 PWR 26-Port
Switch 4500 PWR 50-Port
Product Version: V03.03.00
Manual Version:
6W101-20090811
www.3com.com
3Com Corporation
350 Campus Drive, Marlborough,
MA, USA 01752 3064

Advertisement

   Also See for 3Com Switch 4500 Family

   Related Manuals for 3Com Switch 4500 Family

   Summary of Contents for 3Com Switch 4500 Family

  • Page 1: Command Reference Guide

    3Com Switch 4500 Family Command Reference Guide Switch 4500 26-Port Switch 4500 50-Port Switch 4500 PWR 26-Port Switch 4500 PWR 50-Port Product Version: V03.03.00 Manual Version: 6W101-20090811 www.3com.com 3Com Corporation 350 Campus Drive, Marlborough, MA, USA 01752 3064...
  • Page 2 3Com Corporation. 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
  • Page 3: About This Manual

    About This Manual Organization 3Com Switch 4500 Family Command Reference Guide is organized as follows: Part Contents Introduces the commands used for logging into the Ethernet 1 Login switch and the commands used for configuring CLI. Introduces the commands used for configuration file 2 Configuration File Management management.
  • Page 4 Part Contents 27 UDP Helper Introduces the commands used for configuring UDP helper 28 SNMP-RMON Introduces the SNMP-related and RMON-related commands. 29 NTP Introduces the NTP-related commands. 30 SSH Introduces the commands used for configuring SSH2.0 31 File System Management Introduces the commands used for file system management.
  • Page 5: Related Documentation

    3Com Switch 4500 Family Release information in this guide differs from information in the Notes release notes, use the information in the Release Notes. Obtaining Documentation You can access the most up-to-date 3Com product documentation on the World Wide Web at this URL: http://www.3com.com.
  • Page 6: Table Of Contents

    Table of Contents 1 Login Commands ······································································································································1-1 Login Commands ····································································································································1-1 authentication-mode ························································································································1-1 auto-execute command ···················································································································1-3 copyright-info enable ·······················································································································1-3 databits ············································································································································1-4 display telnet-server source-ip ········································································································1-5 display telnet source-ip····················································································································1-6 display user-interface ······················································································································1-6 display users····································································································································1-8 display web users ····························································································································1-9 free user-interface ·························································································································1-10 header ···········································································································································1-11 history-command max-size ···········································································································1-13 idle-timeout ····································································································································1-14 ip http shutdown ····························································································································1-14...
  • Page 7 ip http acl ·········································································································································2-2 snmp-agent community ···················································································································2-2 snmp-agent group ···························································································································2-3 snmp-agent usm-user······················································································································2-4...
  • Page 8: Login Commands

    Login Commands Login Commands authentication-mode Syntax authentication-mode { password | scheme [ command-authorization ] | none } View User interface view Parameters none: Specifies not to authenticate users. password: Authenticates users using the local password. scheme: Authenticates users locally or remotely using usernames and passwords. command-authorization: Performs command authorization on TACACS authentication server.
  • Page 9 To improve security and prevent attacks to the unused Sockets, TCP 23 and TCP 22, ports for Telnet and SSH services respectively, will be enabled or disabled after corresponding configurations. If the authentication mode is none, TCP 23 will be enabled, and TCP 22 will be disabled. If the authentication mode is password, and the corresponding password has been set, TCP 23 will be enabled, and TCP 22 will be disabled.
  • Page 10: Auto-execute Command

    auto-execute command Syntax auto-execute command text undo auto-execute command View VTY user interface view Parameters text: Command to be executed automatically. Description Use the auto-execute command command to set the command that is executed automatically after a user logs in. Use the undo auto-execute command command to disable the specified command from being automatically executed.
  • Page 11: Databits

    Note that these two commands apply to users logging in through the console port and by means of Telnet. Examples # Disable copyright information displaying. ******************************************************************************** Copyright(c) 2004-2008 3Com Corp. and its licensors. All rights reserved. Without the owner's prior written consent, no decompiling or reverse-engineering shall be allowed. ******************************************************************************** <Sysname> system-view System View: return to User View with Ctrl+Z.
  • Page 12: Display Telnet-server Source-ip

    Use the undo databits command to revert to the default databits. The default databits is 8. This command takes effect on AUX user interfaces only. The databits setting on the terminal and that on the device user interface must be the same for communication.
  • Page 13: Display Telnet Source-ip

    Examples # Display the source IP address configured for the switch operating as the Telnet server. <Sysname> display telnet-server source-ip The source IP you specified is 192.168.1.1 display telnet source-ip Syntax display telnet source-ip View Any view Parameters None Description Use the display telnet source-ip command to display the source IP address configured for the switch operating as the Telnet client.
  • Page 14 In absolute user interface number scheme, the type argument is not required. In this case, user interfaces are numbered from 0 to 12. summary: Displays the summary information about a user interface. Description Use the display user-interface command to display the information about a specified user interface or all user interfaces.
  • Page 15: Display Users

    # Display the summary information about the user interface. <Sysname> display user-interface summary User interface type : [AUX] 0:XXXX XXXX User interface type : [VTY] 8:UXXX X 1 character mode users. 12 UI never used. 1 total UI in use Table 1-2 display user-interface summary command output description Field Description...
  • Page 16: Display Web Users

    Examples # Display the user information about the current user interface. <Sysname> display users Delay Type Ipaddress Username Userlevel VTY 0 00:00:00 192.168.0.208 : Current operation user. : Current operation user work in async mode. Table 1-3 display users command output description Field Description The numbers in the left sub-column are the absolute user interface...
  • Page 17: Free User-interface

    Table 1-4 display web users command output description Field Description ID of a Web user Name Name of a Web user Language Language a Web user uses Level Level of a Web user Login Time Time when a Web user logs in Last Req.
  • Page 18: Header

    : Current operation user. : Current operation user work in async mode. <Sysname> free user-interface vty 0 Are you sure you want to free user-interface vty0 [Y/N]? y [OK] After you perform the above operation, the user connection on user interface VTY0 is torn down. The user in it must log in again to connect to the switch.
  • Page 19 This command is valid to users logging in through AUX and VTY user interfaces, without affecting users logging in through the Web interface. Note the following: If you specify any one of the four keywords without providing the text argument, the specified keyword will be regarded as the login information.
  • Page 20: History-command Max-size

    ******************************************************************************** Copyright(c) 2004-2008 3Com Corp. and its licensors. All rights reserved. Without the owner's prior written consent, no decompiling or reverse-engineering shall be allowed. ******************************************************************************** Welcome to legal! Press Y or ENTER to continue, N to exit. Welcome to login!
  • Page 21: Idle-timeout

    System View: return to User View with Ctrl+Z. [Sysname] user-interface aux 0 [Sysname-ui-aux0] history-command max-size 20 idle-timeout Syntax idle-timeout minutes [ seconds ] undo idle-timeout View User interface view Parameters minutes: Number of minutes. This argument ranges from 0 to 35,791. seconds: Number of seconds.
  • Page 22: Lock

    By default, the WEB Server is launched. To improve security and prevent attacks to the unused Sockets, TCP 80 port for HTTP service will be enabled or disabled after corresponding configurations. TCP 80 port is enabled only after you use the undo ip http shutdown command to enable the Web server.
  • Page 23: Parity

    To unlock a user interface, press Enter and then enter the password as prompted. Note that if you set a password containing more than 16 characters, the system matches only the first 16 characters of the password entered for unlocking the user interface. That is, the system unlocks the user interface as long as the first 16 characters of the password entered are correct.
  • Page 24: Protocol Inbound

    This command takes effect on AUX user interfaces only. The check mode on the terminal and that on the device user interface must be the same for communication. Examples # Set to perform even checks. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] user-interface aux 0 [Sysname-ui-aux0] parity even protocol inbound...
  • Page 25: Screen-length

    To improve security and prevent attacks to the unused Sockets, TCP 23 and TCP 22 (ports for Telnet and SSH services respectively) will be enabled or disabled after corresponding configurations. If the authentication mode is none, TCP 23 will be enabled, and TCP 22 will be disabled. If the authentication mode is password, and the corresponding password has been set, TCP 23 will be enabled, and TCP 22 will be disabled.
  • Page 26: Send

    You can use the screen-length 0 command to disable the function to display information in pages. Examples # Set the number of lines the terminal screen can contain to 20. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] user-interface aux 0 [Sysname-ui-aux0] screen-length 20 send...
  • Page 27: Service-type

    service-type Syntax service-type { ftp | lan-access | { ssh | telnet | terminal }* [ level level ] } undo service-type { ftp | lan-access | { ssh | telnet | terminal }* } View Local user view Parameters ftp: Specifies the users to be of FTP type.
  • Page 28: Set Authentication Password

    [Sysname-luser-zbr] service-type telnet level 0 # To verify the above configuration, you can quit the system, log in again using the user name of zbr, and then list the available commands, as listed in the following. <Sysname> ? User view commands: cluster Run cluster command display...
  • Page 29: Shell

    By default, password authentication is performed when a user logs in through a modem or Telnet. If no password is set, the user cannot establish a connection with the switch. Examples # Set the local password of VTY 0 to “123”. <Sysname>...
  • Page 30: Speed

    speed Syntax speed speed-value undo speed View AUX user interface view Parameters speed-value: Transmission speed (in bps). This argument can be 300, 600, 1200, 2400, 4800, 9600, 19,200, 38,400, 57,600, and 115,200. Description Use the speed command to set the transmission speed of the user interface. Use the undo speed command to revert to the default transmission speed.
  • Page 31: Telnet

    2: Sets the stopbits to 2. Description Use the stopbits command to set the stopbits of the user interface. Use the undo stopbits command to revert to the default stopbits. Execute these two commands in AUX user interface view only. By default, the stopbits is 1.
  • Page 32: Telnet Ipv6

    <Sysname> telnet ipv6 3001::1 Trying 3001::1 ... Press CTRL+K to abort Connected to 3001::1 ... ***************************************************************************** Copyright(c) 2004-2008 3Com Corp. and its licensors. All rights reserved. * Without the owner's prior written consent, no decompiling or reverse-engineering shall be allowed. ***************************************************************************** 1-25...
  • Page 33: Telnet Source-interface

    <Sysname> telnet source-interface Syntax telnet source-interface interface-type interface-number undo telnet source-interface View System view Parameters interface-type interface-number: Interface type and interface number. Description Use the telnet source-interface command to specify the source interface for a Telnet client. Use the undo telnet source-interface command to remove the specified source interface. The source interface can be a loopback interface or a VLAN interface.
  • Page 34: Telnet-server Source-interface

    With the telnet source-ip command configured, the specified IP address functions as the source IP address when a device logs into a Telnet server as a Telnet client, and the login succeeds only when there is a route between the specified source IP address and the Telnet server. Note that when the telnet source-ip command is executed, if the IP address specified is not an IP address of the local device, your configuration fails.
  • Page 35: User-interface

    View System view Parameters ip-address: Source IP address to be set. Description Use the telnet-server source-ip command to specify the source Telnet server IP address. Use the undo telnet-server source-ip command to remove the source Telnet server IP address. With the telnet-server source-ip command configured, the client can log in to the local device using the specified IP address only, and the login succeeds only when there is a route between the client and specified source IP address.
  • Page 36: User Privilege Level

    last-number: User interface number identifying the last user interface to be configured. The value of this argument must be larger than that of the first-number argument. Description Use the user-interface command to enter one or more user interface views to perform configuration. Examples # Enter VTY0 user interface.
  • Page 37: Cli Configuration Commands

    Command level to be set, in the range of 0 to 3. view view: CLI view. It can be any CLI view that the Ethernet switch supports. The 3com switch 4500 supports only the CLI views listed in...
  • Page 38 CLI view Description acl-ethernetframe Layer 2 ACL view acl-user User-defined ACL view Aux 1/0/0 port view, that is, console port view cluster Cluster view detect-group Detected group view ethernet 100M Ethernet port view ftp-client FTP client view gigabitethernet GigabitEthernet port view ISP domain view loopback Loopback interface view...
  • Page 39 The default levels of commands are described in the following table: Table 1-6 Default levels of commands Level Name Command Commands used to diagnose network, such as ping, tracert, and Visit level telnet commands. Commands used to maintain the system and diagnose service fault, Monitor level such as debugging, terminal and reset commands.
  • Page 40: Display History-command

    # Restore the default level of the tftp get command. To restore the default levels of the commands starting with the tftp keyword, you only need to specify the tftp keyword. [Sysname] undo command-privilege view shell tftp display history-command Syntax display history-command View Any view...
  • Page 41: Super Password

    Executing this command without the level argument will switch the current user level to level 3 by default. Note that: Users logged into the switch fall into four user levels, which correspond to the four command levels respectively. Users at a specific level can only use the commands at the same level or lower levels. You can switch between user levels after logging into a switch successfully.
  • Page 42 Description Use the super password command to set a switching password for a specified user level, which will be used when users switch from a lower user level to the specified user level. Use the undo super password command to restore the default configuration. By default, no such password is set.
  • Page 43: Commands For User Control

    Commands for User Control Commands for Controlling Logging in Users Syntax acl acl-number { inbound | outbound } undo acl acl-number { inbound | outbound } View User interface view Parameters acl-number: ACL number. This argument can identify different types of ACLs, as listed below. 2000 to 2999, for basic ACLs 3000 to 3999, for advanced ACLs 4000 to 4999, for Layer 2 ACLs...
  • Page 44: Ip Http Acl

    Parameters all: Specifies all Web users. user-id: Web user ID, an eight-digit hexadecimal number. user-name: User name of the Web user. This argument can contain 1 to 80 characters. Description Use the free web-users command to disconnect a specified Web user or all Web users by force. Examples # Disconnect all Web users by force.
  • Page 45 Parameters read: Specifies that the community has read-only permission in the specified view. write: Specifies that the community has read/write permission in the specified view. community-name: Community name, a string of 1 to 32 characters. acl acl-number: Specifies an ACL number for the community. The acl-number argument ranges from 2000 to 2999.
  • Page 46: Snmp-agent Usm-user

    group-name: Group name. This argument can be of 1 to 32 characters. authentication: Specifies to authenticate SNMP data without encrypting the data. privacy: Authenticates and encrypts packets. read-view: Name of the view to be set to read-only. This argument can be of 1 to 32 characters. write-view: Name of the view to be set to readable &...
  • Page 47 group-name: Name of the group to which the user corresponds. This argument is a string of 1 to 32 characters. cipher: Specifies the authentication or encryption password to be in ciphertext. authentication-mode: Requires authentication. If this keyword is not provided, neither authentication nor encryption is performed.
  • Page 48 Table of Contents 1 Configuration File Management Commands ··························································································1-1 File Attribute Configuration Commands ··································································································1-1 display current-configuration ···········································································································1-1 display current-configuration vlan····································································································1-5 display saved-configuration·············································································································1-6 display startup ·································································································································1-8 display this·······································································································································1-9 reset saved-configuration ··············································································································1-10 save ···············································································································································1-11 startup saved-configuration ···········································································································1-13...
  • Page 49: Configuration File Management Commands

    Configuration File Management Commands The 4500 series Ethernet switches support Expandable Resilient Networking (XRN), and allow you to access a file on the switch in one of the following ways: To access a file on the specified unit, you need to enter the file universal resource locator (URL) starting with unit[No.]>flash:/, where [No.] represents the unit ID of the switch.
  • Page 50 system: Indicates the system configuration. user-interface: Indicates the user interface configuration. interface: Displays port/interface configuration. interface-type: Port/interface type, which can be one of the following: Aux, Ethernet, GigabitEthernet, Loopback, NULL and VLAN-interface. interface-number: Port/interface number. by-linenum: Displays configuration information with line numbers. |: Uses a regular expression to filter the configuration of the switch to be displayed.
  • Page 51 After you finish a set of configurations, you can execute the display current-configuration command to display the parameters that take effect currently. Note that: Parameters that are the same as the default are not displayed. The configured parameter whose corresponding function does not take effect is not displayed. Related commands: save, reset saved-configuration, display saved-configuration.
  • Page 52 interface Ethernet1/0/16 interface Ethernet1/0/17 interface Ethernet1/0/18 interface Ethernet1/0/19 interface Ethernet1/0/20 interface Ethernet1/0/21 interface Ethernet1/0/22 interface Ethernet1/0/23 interface Ethernet1/0/24 interface GigabitEthernet1/0/25 interface GigabitEthernet1/0/26 interface GigabitEthernet1/0/27 shutdown interface GigabitEthernet1/0/28 shutdown interface NULL0 return # Display the lines that include the strings matching 10* in the configuration information. (The character * means that the character 0 in the string before it can appear multiple times or does not appear.) <Sysname>...
  • Page 53: Display Current-configuration Vlan

    interface Ethernet1/0/9 interface Ethernet1/0/10 interface Ethernet1/0/11 interface Ethernet1/0/12 interface Ethernet1/0/13 interface Ethernet1/0/14 interface Ethernet1/0/15 interface Ethernet1/0/16 interface Ethernet1/0/17 interface Ethernet1/0/18 interface Ethernet1/0/19 interface Ethernet1/0/20 interface Ethernet1/0/21 interface Ethernet1/0/22 interface Ethernet1/0/23 interface Ethernet1/0/24 interface GigabitEthernet1/0/25 interface GigabitEthernet1/0/26 interface GigabitEthernet1/0/27 interface GigabitEthernet1/0/28 ip route-static 0.0.0.0 0.0.0.0 1.2.1.1 preference 60 # Display the configuration information starting with the string user.
  • Page 54: Display Saved-configuration

    Examples # Display the VLAN configuration information of the current switch. <Sysname> display current-configuration vlan vlan 1 vlan 5 to 69 vlan 70 description Vlan 70 vlan 71 to 100 return display saved-configuration Syntax display saved-configuration [ unit unit-id ] [ by-linenum ] View Any view Parameters...
  • Page 55 domain system vlan 1 interface Vlan-interface1 ip address 192.168.0.39 255.255.255.0 #LOCCFG. MUST NOT DELETE interface Aux1/0/0 interface Ethernet1/0/1 interface Ethernet1/0/2 interface Ethernet1/0/3 interface Ethernet1/0/4 interface Ethernet1/0/5 interface Ethernet1/0/6 interface Ethernet1/0/7 interface Ethernet1/0/8 interface Ethernet1/0/9 interface Ethernet1/0/10 interface Ethernet1/0/11 interface Ethernet1/0/12 interface Ethernet1/0/13 interface Ethernet1/0/14 interface Ethernet1/0/15...
  • Page 56: Display Startup

    interface Ethernet1/0/20 interface Ethernet1/0/21 interface Ethernet1/0/22 interface Ethernet1/0/23 interface Ethernet1/0/24 interface GigabitEthernet1/0/25 interface GigabitEthernet1/0/26 interface GigabitEthernet1/0/27 shutdown interface GigabitEthernet1/0/28 shutdown #TOPOLOGYCFG. MUST NOT DELETE undo xrn-fabric authentication-mode #GLBCFG. MUST NOT DELETE interface NULL0 ip route-static 0.0.0.0 0.0.0.0 1.2.1.1 preference 60 user-interface aux 0 7 user-interface vty 0 4 authentication-mode none...
  • Page 57: Display This

    Parameters unit unit-id: Specifies the unit ID of a switch. With this keyword-argument combination specified, this command can display the startup configuration file information of the specified unit. Description Use the display startup command to display the startup configuration of a switch. Note that: If the switch is not a unit of a fabric, this command displays the startup configuration file information of the current switch no matter whether you have specified the unit-id argument or not.
  • Page 58: Reset Saved-configuration

    View Any view Parameters by-linenum: Displays configuration information with line numbers. Description Use the display this command to display the current configuration performed in the current view. To verify the configuration performed in a view, you can use this command to display the parameters that are valid in the current view.
  • Page 59: Save

    View User view Parameters backup: Erases the backup configuration file. main: Erases the main configuration file. Description Use the reset saved-configuration command to erase the configuration file saved in the Flash of a switch. The following two situations exist: While the reset saved-configuration [ main ] command erases the configuration file with main attribute, it only erases the main attribute of a configuration file having both main and backup attribute.
  • Page 60 View Any view Parameters cfgfile: Path name or file name of a configuration file in the Flash, a string of 5 to 56 characters. safely: Saves the current configuration in the safe mode. backup: Saves the configuration to the backup configuration file. main: Saves the configuration to the main configuration file.
  • Page 61: Startup Saved-configuration

    It is recommended to adopt the fast saving mode in the conditions of stable power and adopt the safe mode in the conditions of unstable power or remote maintenance. If you use the save command after a fabric is formed on the switch, the units in the fabric save their own startup configuration files automatically.
  • Page 62 Description Use the startup saved-configuration command to specify a configuration file to be the main configuration file or the backup configuration file to be used for the next startup of the switch. Use the undo startup saved-configuration command to specify a switch to use null configuration when it restarts.
  • Page 63 Table of Contents 1 VLAN Configuration Commands··············································································································1-1 VLAN Configuration Commands·············································································································1-1 description ·······································································································································1-1 display interface Vlan-interface ·······································································································1-1 display vlan······································································································································1-2 interface Vlan-interface····················································································································1-4 name················································································································································1-4 shutdown ·········································································································································1-5 vlan ··················································································································································1-6 Port-Based VLAN Configuration Commands··························································································1-7 display port ······································································································································1-7 port···················································································································································1-7 port access vlan·······························································································································1-8 port hybrid pvid vlan ························································································································1-9 port hybrid vlan ································································································································1-9 port link-type ··································································································································1-10 port trunk permit vlan·····················································································································1-11...
  • Page 64: Vlan Configuration Commands

    VLAN Configuration Commands VLAN Configuration Commands description Syntax description text undo description View VLAN view, VLAN interface view Parameter text: Case sensitive character string to describe the current VLAN or VLAN interface. Special characters and spaces are allowed. It has: 1 to 32 characters for a VLAN description.
  • Page 65: Display Vlan

    Parameter vlan-id: ID of the specific VLAN interface. Description Use the display interface Vlan-interface command to display the information about the VLAN interface. VLAN interface is a virtual interface in Layer 3 mode, used to realize the layer 3 communication between different VLANs.
  • Page 66 to: Specifies multiple contiguous VLAN IDs. The VLAN ID after to cannot be less than that before to. all: Displays the information about all the VLANs. dynamic: Displays information about the dynamic VLANs (which are registered through GVRP protocol). static: Displays information about the static VLANs (which are created through manual configuration). Description Use the display vlan command to display the information about the specified VLANs or all VLANs.
  • Page 67: Interface Vlan-interface

    Field Description Name VLAN name Tagged Ports Ports through which packets are sent with VLAN tag kept. Untagged Ports Port through which packets are sent with VLAN tag stripped. interface Vlan-interface Syntax interface Vlan-interface vlan-id undo interface Vlan-interface vlan-id View System view Parameter vlan-id: ID of the VLAN interface, in the range of 1 to 4,094.
  • Page 68: Shutdown

    undo name View VLAN view Parameter text: VLAN name, in the range of 1 character to 32 characters. It can contain special characters and spaces. Parameter Use the name command to assign a name to the current VLAN. Use the undo name command to restore to the default VLAN name. By default, the name of a VLAN is its VLAN ID, such as “VLAN 0001”.
  • Page 69: Vlan

    You can use the undo shutdown command to enable a VLAN interface when its related parameters and protocols are configured. When a VLAN interface fails, you can use the shutdown command to disable the interface, and then use the undo shutdown command to enable this interface again, which may restore the interface.
  • Page 70: Port-based Vlan Configuration Commands

    Example # Enter VLAN 1 view. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] vlan 1 [Sysname-vlan1] # Remove VLAN 5. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] undo vlan 5 Port-Based VLAN Configuration Commands display port Syntax display port { hybrid | trunk }...
  • Page 71: Port Access Vlan

    Parameters interface-list: List of Ethernet ports to be added to or removed from a VLAN. Provide this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where: interface-type is port type and interface-number is port number. The port number to the right of the to keyword must be larger than or equal to the one to the left of the keyword.
  • Page 72: Port Hybrid Pvid Vlan

    Examples # Assign GigabitEthernet 1/0/1 to VLAN 3. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] vlan 3 [Sysname-vlan3] quit [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port access vlan 3 [Sysname-GigabitEthernet1/0/1] port hybrid pvid vlan Syntax port hybrid pvid vlan vlan-id undo port hybrid pvid View Ethernet port view...
  • Page 73: Port Link-type

    undo port hybrid vlan vlan-id-list View Ethernet port view Parameters vlan-id-list: VLAN range to which the hybrid port will be added. vlan-id-list = [ vlan-id1 [ to vlan-id2 ] ]&<1-10>, where, vlan-id is in the range of 1 to 4094 and can be discrete, and &<1-10> means you can input up to ten VLAN IDs/ID ranges.
  • Page 74: Port Trunk Permit Vlan

    Description Use the port link-type command to set the link type of the current Ethernet port. Use the undo port link-type command to restore the default link type. By default, the link type of an Ethernet port is access. The three types of ports can coexist on an Ethernet switch. You can change the link type of an Ethernet port.
  • Page 75: Port Trunk Pvid Vlan

    Please wait... Done. port trunk pvid vlan Syntax port trunk pvid vlan vlan-id undo port trunk pvid View Ethernet port view Parameters vlan-id: VLAN ID defined in IEEE802.1Q, in the range of 1 to 4094. It is 1 by default. Description Use the port trunk pvid vlan command to set the default VLAN ID for the trunk port.
  • Page 76 Table of Contents 1 IP Address Configuration Commands·····································································································1-1 IP Address Configuration Commands·····································································································1-1 display ip host··································································································································1-1 display ip interface···························································································································1-1 display ip interface brief···················································································································1-4 ip address ········································································································································1-5 ip host ··············································································································································1-6 2 IP Performance Optimization Configuration Commands ······································································2-1 IP Performance Optimization Configuration Commands ········································································2-1 display fib·········································································································································2-1 display fib ip-address·······················································································································2-2 display fib acl ···································································································································2-3...
  • Page 77: Ip Address Configuration Commands

    IP Address Configuration Commands IP Address Configuration Commands display ip host Syntax display ip host View Any view Parameters None Description Use the display ip host command to display mappings between host names and IP addresses in the static DNS database. Examples # Display mappings between host names and IP addresses in the static DNS database.
  • Page 78 View Any view Parameters interface-type interface-number: Specifies an interface by its type and number. Description Use the display ip interface command to display information about a specified or all Layer 3 interfaces. If no argument is specified, information about all Layer 3 interfaces is displayed. Examples # Display information about VLAN-interface 1.
  • Page 79 Table 1-2 Description on the fields of the display ip interface command Field Description Current physical state of the interface, which can Administrative DOWN: Indicates that the interface is administratively down; that is, the interface is shut down with the shutdown command.
  • Page 80: Display Ip Interface Brief

    display ip interface brief Syntax display ip interface brief [ interface-type [ interface-number ] ] View Any view Parameters interface-type: Interface type. interface-number: Interface number. Description Use the display ip interface brief command to display brief information about a specified or all Layer 3 interfaces.
  • Page 81: Ip Address

    Field Description Physical state of the interface, which can be *down: Indicates that the interface is administratively down; that is, the interface is shut down with the shutdown command. down: Indicates that the interface is administratively up but its Physical physical state is down, which may be caused by a connection or link failure.
  • Page 82: Ip Host

    A newly specified IP address overwrites the previous one if there is any. The IP address of a VLAN interface must not be on the same network segment as that of a loopback interface on a device. Related commands: display ip interface. Examples # Assign the IP address 129.12.0.1 to VLAN-interface 1 with subnet mask 255.255.255.0.
  • Page 83: Ip Performance Optimization Configuration Commands

    IP Performance Optimization Configuration Commands IP Performance Optimization Configuration Commands display fib Syntax display fib View Any view Parameters None Description Use the display fib command to display all forwarding information base (FIB) information. Examples # Display all FIB information. <Sysname>...
  • Page 84: Display Fib Ip-address

    Table 2-1 Description on the fields of the display fib command Field Description Flags: U: Usable route. G: Gateway route H: Host route B: Blackhole route Flag D: Dynamic route S: Static route R: Rejected route E: Multi-path equal-cost route L: Route generated by ARP or ESIS Destination/Mask Destination address/mask length...
  • Page 85: Display Fib Acl

    Description Use the display fib ip-address command to view the FIB entries matching the specified destination IP address. If no mask or mask length is specified, the FIB entry that matches the destination IP address and has the longest mask will be displayed; if the mask is specified, the FIB entry that exactly matches the specified destination IP address and mask will be displayed.
  • Page 86: Display Fib

    <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule permit source 211.71.75.0 0.0.0.255 [Sysname-acl-basic-2001] display acl 2001 Basic ACL 2001, 1 rule Acl's step is 1 rule 0 permit source 211.71.75.0 0.0.0.255 # Display the FIB entries filtered by ACL 2001. <Sysname>...
  • Page 87: Display Fib Ip-prefix

    display fib ip-prefix Syntax display fib ip-prefix ip-prefix-name View Any view Parameters ip-prefix-name: IP prefix list name, in the range of 1 to 19 characters. Description Use the display fib ip-prefix command to display the FIB entries matching a specific IP prefix list. For details about IP prefix list, refer to the part discussing IP routing in this manual.
  • Page 88: Display Icmp Statistics

    Description Use the display fib statistics command to display the total number of FIB entries. Examples # Display the total number of FIB entries. <Sysname> display fib statistics Route Entry Count : 8 display icmp statistics Syntax display icmp statistics View Any view Parameters...
  • Page 89: Display Ip Socket

    Field Description Number of received destination unreachable destination unreachable packets source quench Number of received source quench packets redirects Number of received redirection packets echo reply Number of received replies parameter problem Number of received parameter problem packets timestamp Number of received time stamp packets information request Number of received information request packets mask requests...
  • Page 90 Examples # Display the TCP socket information. <Sysname> display ip socket socktype 1 SOCK_STREAM: Task = VTYD(18), socketid = 1, Proto = 6, LA = 0.0.0.0:23, FA = 0.0.0.0:0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_SENDVPNID SO_SETKEEPALIVE, socket state = SS_PRIV SS_ASYNC Task = VTYD(18), socketid = 2, Proto = 6,...
  • Page 91: Display Ip Statistics

    display ip statistics Syntax display ip statistics View Any view Parameters None Description Use the display ip statistics command to display the statistics about IP packets. Related commands: display ip interface, reset ip statistics. Examples # Display the statistics about IP packets. <Sysname>...
  • Page 92: Display Tcp Statistics

    Field Description dropped Total number of IP packets discarded no route Total number of IP packets for which no route is available compress fails Total number of IP packets failed to compress input Total number of fragments received output Total number of fragments sent dropped Total number of fragments discarded Fragment:...
  • Page 93 duplicate ACK packets: 7, too much ACK packets: 0 Sent packets: Total: 665 urgent packets: 0 control packets: 5 (including 1 RST) window probe packets: 0, window update packets: 2 data packets: 618 (8770 bytes) data packets retransmitted: 0 (0 bytes) ACK-only packets: 40 (28 delayed) Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0 Keepalive timeout: 0, keepalive probe: 0, Keepalive timeout, so connections disconnected :...
  • Page 94: Display Tcp Status

    Field Description Number of window probe packets sent; in the window probe packets brackets are resent packets window update packets Number of window update packets sent data packets Number of data packets sent data packets retransmitted Number of data packets retransmitted Number of ACK packets sent;...
  • Page 95: Display Udp Statistics

    <Sysname> display tcp status *: TCP MD5 Connection TCPCB Local Add:port Foreign Add:port State 03e37dc4 0.0.0.0:4001 0.0.0.0:0 Listening 04217174 100.0.0.204:23 100.0.0.253:65508 Established Table 2-6 Description on the fields of the display tcp status command Field Description If there is an asterisk before a connection, it means that the TCP connection is authenticated through the MD5 algorithm.
  • Page 96: Icmp Redirect Send

    Table 2-7 Description on the fields of the display udp statistics command Field Description Total Total number of received UDP packets checksum error Total number of packets with incorrect checksum shorter than header Number of packets with data shorter than header data length larger than Number of packets with data longer than packet packet...
  • Page 97: Icmp Unreach Send

    icmp unreach send Syntax icmp unreach send undo icmp unreach send View System view Parameters None Description Use the icmp unreach send command to enable the device to send ICMP destination unreachable packets. After enabled with this feature, the switch, upon receiving a packet with an unreachable destination, discards the packet and then sends a destination unreachable packet to the source host.
  • Page 98: Reset Tcp Statistics

    reset tcp statistics Syntax reset tcp statistics View User view Parameters None Description Use the reset tcp statistics command to clear the statistics about TCP packets. You can use the display tcp statistics command to view the current TCP packet statistics. Examples # Clear the statistics about TCP packets.
  • Page 99: Tcp Timer Syn-timeout

    Parameters time-value: TCP finwait timer, in seconds, with the value ranging from 76 to 3600. Description Use the tcp timer fin-timeout command to configure the TCP finwait timer. Use the undo tcp timer fin-timeout command to restore the default value of the TCP finwait timer. By default, the value of the TCP finwait timer is 675 seconds.
  • Page 100: Tcp Window

    tcp window Syntax tcp window window-size undo tcp window View System view Parameters window-size: Size of the send/receive buffer, in kilobytes (KB), in the range of 1 to 32. Description Use the tcp window command to configure the size of the TCP send/receive buffer,. Use the undo tcp window command to restore the default.
  • Page 101 Table of Contents 1 Voice VLAN Configuration Commands ···································································································1-1 Voice VLAN Configuration Commands···································································································1-1 display voice vlan error-info·············································································································1-1 display voice vlan oui·······················································································································1-1 display voice vlan status··················································································································1-2 display vlan······································································································································1-3 voice vlan·········································································································································1-4 voice vlan aging·······························································································································1-5 voice vlan enable·····························································································································1-6 voice vlan legacy ·····························································································································1-6 voice vlan mac-address···················································································································1-7 voice vlan mode·······························································································································1-8 voice vlan security enable ···············································································································1-9...
  • Page 102: Voice Vlan Configuration Commands

    Voice VLAN Configuration Commands Voice VLAN Configuration Commands display voice vlan error-info Syntax display voice vlan error-info View Any view Parameters None Description Use the display voice vlan error-info command to display the ports on which the voice VLAN function fails to be enabled.
  • Page 103: Display Voice Vlan Status

    H3C Aolynk phone 00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3Com phone display voice vlan status Syntax display voice vlan status View Any view Parameters None Description Use the display voice vlan status command to display voice VLAN-related information.
  • Page 104: Display Vlan

    PORT MODE -------------------------------- Ethernet1/0/2 AUTO Ethernet1/0/3 MANUAL Table 1-1 Description on the fields of the display voice vlan status command Field Description The status of global voice VLAN function: Voice Vlan status enabled or disabled. The VLAN which is currently enabled with voice Voice Vlan ID VLAN.
  • Page 105: Voice Vlan

    VLAN Type: static Route Interface: not configured Description: VLAN 0006 Name: VLAN 0006 Tagged Ports: Ethernet1/0/5 Untagged Ports: Ethernet1/0/6 The output indicates that Ethernet 1/0/5 and Ethernet 1/0/6 are in the voice VLAN. voice vlan Syntax voice vlan vlan-id enable undo voice vlan enable View System view...
  • Page 106: Voice Vlan Aging

    Examples # Create VLAN 2, and enable the voice VLAN function on it. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] vlan 2 [Sysname-vlan2] quit [Sysname] voice vlan 2 enable # After the voice VLAN function of VLAN 2 is enabled, if you enable the voice VLAN function for other VLANs, the system will prompt that your configuration fails.
  • Page 107: Voice Vlan Enable

    recommended to set a small voice VLAN aging timer in a network with only a few voice applications. Related commands: display voice vlan status. Examples # Set the aging time of the voice VLAN to 100 minutes. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] voice vlan aging 100 voice vlan enable Syntax...
  • Page 108: Voice Vlan Mac-address

    Parameters None Description Use the voice vlan legacy command to realize the communication between 3Com device and other vendors’ voice device by automatically adding the voice VLAN tag to the voice data coming from other vendors’ voice device. Use the undo voice vlan legacy command to disable the voice VLAN legacy function.
  • Page 109: Voice Vlan Mode

    00d0-1e00-0000 Pingtel phone 00e0-7500-0000 Polycom phone 00e0-bb00-0000 3Com phone Related commands: display voice vlan oui. Examples # Add MAC address 00aa-bb00-0000 to the OUI list and configure its description as ABC. <Sysname> system-view System View: return to User View with Ctrl+Z.
  • Page 110: Voice Vlan Security Enable

    Examples # Configure the voice VLAN assignment mode on Ethernet1/0/2 to manual. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface Ethernet 1/0/2 [Sysname-Ethernet1/0/2] undo voice vlan mode auto voice vlan security enable Syntax voice vlan security enable undo voice vlan security enable View System view...
  • Page 111 Table of Contents 1 Port Basic Configuration Commands······································································································1-1 Port Basic Configuration Commands······································································································1-1 broadcast-suppression ····················································································································1-1 copy configuration ···························································································································1-2 description ·······································································································································1-4 display brief interface·······················································································································1-4 display interface·······························································································································1-6 display link-delay ···························································································································1-10 display loopback-detection ············································································································1-10 display port combo ························································································································1-11 display unit·····································································································································1-12 duplex ············································································································································1-13 flow-control ····································································································································1-14 flow interval····································································································································1-15 giant-frame statistics enable··········································································································1-15 interface·········································································································································1-16...
  • Page 112: Port Basic Configuration Commands

    Port Basic Configuration Commands Port Basic Configuration Commands broadcast-suppression Syntax broadcast-suppression { ratio | pps max-pps } undo broadcast-suppression View System view, Ethernet port view Parameters ratio: Maximum ratio of the broadcast traffic allowed on a port to the total transmission capacity of the port.
  • Page 113: Copy Configuration

    The global broadcast suppression setting configured by the broadcast-suppression command in system view takes effect on all Ethernet ports in the system except for the reflection ports, stack ports and ports having their own broadcast suppression settings. If you configure broadcast-suppression command in both system view and Ethernet port view, the configuration in Ethernet port view will take effect.
  • Page 114 If you specify a source aggregation group ID, the system uses the port with the smallest port number in the aggregation group as the source. If you specify a destination aggregation group ID, the configuration of the source port will be copied to all ports in the aggregation group and all ports in the group will have the same configuration as that of the source port.
  • Page 115: Description

    Any aggregation group port you input in the destination port list will be removed from the list and the copy command will not take effect on the port. If you want an aggregation group port to have the same configuration with the source port, you can specify the aggregation group of the port as the destination (with the destination-agg-id argument).
  • Page 116 Parameters interface-type: Port type. interface-number: Port number. |: Specifies to use a regular expression to filter the configuration information entries to be displayed. begin: Each entry must begin with a specified character string. include: Each entry must include a specified character string. exclude: Each entry must not include a specified character string.
  • Page 117: Display Interface

    Table 1-2 Description on the fields of the display brief interface command Field Description Interface Port type Link Current link state: UP, DOWN or ADMINISTRATIVELY DOWN Speed Link rate Duplex Duplex attribute Type Link type: access, hybrid or trunk PVID Default VLAN ID Description Port description string...
  • Page 118 If you specify only port type, the command displays information about all ports of the specified type. If you specify both port type and port number, the command displays information about the specified port. Examples # Display the configuration information of Ethernet 1/0/1. <Sysname>...
  • Page 119 Field Description Media type Media type Port hardware type Port hardware type 100Mbps-speed mode, full-duplex mode Current speed mode and duplex mode Link speed type is force link, link duplex Link speed and duplex status ( force or type is force link auto-negotiation) Flow-control is enabled Status of flow-control on the port...
  • Page 120 Field Description The number of throttles that occurred on the port - throttles (A throttle occurs when a port is shut down due to buffer or memory overload.) The number of CRC error frames received in correct length The number of incoming CRC error frames with frame non-integer number of bytes The number of packets dropped because the receiving...
  • Page 121: Display Link-delay

    Field Description The number of detected collisions collisions (Transmission of a frame will be aborted upon detection of a collision.) The number of detected late collisions (A late collision occurs if the transmission of a frame late collisions defers due to detection of collision after its first 512 bits have been transmitted.) The lost carrier counter applicable to serial WAN interfaces...
  • Page 122: Display Port Combo

    View Any view Parameters None Description Use the display loopback-detection command to display the loopback detection status on the port. If loopback detection is enabled, this information will also be displayed: time interval for loopback detection and the loopback ports. Examples # Display the loopback detection status on the port.
  • Page 123: Display Unit

    <Sysname> display port combo Combo-group Active Inactive GigabitEthernet1/0/25 GigabitEthernet1/0/27 GigabitEthernet1/0/26 GigabitEthernet1/0/28 Table 1-6 display port combo command output description Field Description Combo ports of the device, represented by Combo port number, which Combo-group is generated by the system. Active Ports of the Combo ports that are active Inactive Ports of the Combo ports that are inactive As for the optical port and the electrical port of a Combo port, the one with the smaller port number is...
  • Page 124: Duplex

    Multicast MAX-ratio: 100% Allow jumbo frame to pass PVID: 1 Mdi type: auto Port link-type: access Tagged VLAN ID : none Untagged VLAN ID : 1 Last 300 seconds input: 0 packets/sec 0 bytes/sec Last 300 seconds output: 0 packets/sec 0 bytes/sec Input(total): 0 packets, 0 bytes 0 broadcasts, 0 multicasts, 0 pauses...
  • Page 125: Flow-control

    Description Use the duplex command to set the duplex mode of the current port. Use the undo duplex command to restore the default duplex mode, that is, auto-negotiation. By default, the port is in auto-negotiation mode. Related commands: speed. Examples # Set the Ethernet 1/0/1 port to auto-negotiation mode.
  • Page 126: Flow Interval

    flow interval Syntax flow-interval interval undo flow-interval View Ethernet port view Parameters Interval: Interval (in seconds) to perform statistics on port information. This argument ranges from 5 to 300 (in step of 5) and is 300 by default. Description Use the flow-interval command to set the interval to perform statistics on port information. Use the undo flow-interval command to restore the default interval.
  • Page 127: Interface

    Description Use the giant-frame statistics enable command to enable the giant-frame statistics function. Use the undo giant-frame statistics enable command to disable the giant-frame statistics function. By default, the giant-frame statistics function is not enabled. After enabling the giant-frame statistics function, you can use the display interface command to view the statistics about giant frames.
  • Page 128: Jumboframe Enable

    <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] jumboframe enable Syntax jumboframe enable undo jumboframe enable View Ethernet port view Parameters None Description Use the jumboframe enable command to set the maximum frame size allowed on a port to 9,216 bytes.
  • Page 129: Loopback

    By default, the port state change delay is 0 seconds, that is, the port state changes without any delay. During a short period after you connect your switch to another device, the connecting port may go up and down frequently due to hardware compatibility, resulting in service interruption. To avoid situations like this, you may set a port state change delay.
  • Page 130: Loopback-detection Control Enable

    Description Use the loopback command to perform a loopback test on the current Ethernet port to check whether the Ethernet port works normally. The loopback test terminates automatically after running for a specific period. By default, no loopback test is performed on the Ethernet port. Examples # Perform an internal loop test on Ethernet 1/0/1.
  • Page 131: Loopback-detection Enable

    <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface ethernet 1/0/1 [Sysname-Ethernet1/0/1] port link-type trunk [Sysname-Ethernet1/0/1] loopback-detection control enable loopback-detection enable Syntax loopback-detection enable undo loopback-detection enable View System view or Ethernet port view Parameters None Description Use the loopback-detection enable command to enable the loopback detection feature on ports to detect whether external loopback occurs on a port.
  • Page 132: Loopback-detection Interval-time

    loopback-detection interval-time Syntax loopback-detection interval-time time undo loopback-detection interval-time View System view Parameters time: Time interval for loopback detection, in the range of 5 to 300 (in seconds). It is 30 seconds by default. Description Use the loopback-detection interval-time command to set time interval for loopback detection. Use the undo loopback-detection interval-time command to restore the default time interval.
  • Page 133: Mdi

    System View: return to User View with Ctrl+Z. [Sysname] interface ethernet 1/0/1 [Sysname-Ethernet1/0/1] port link-type trunk [Sysname-Ethernet1/0/1] loopback-detection per-vlan enable Syntax mdi { across | auto | normal } undo mdi View Ethernet port view Parameters across: Sets the MDI mode to medium dependent interface (MDI). normal: Sets the MDI mode to media dependent interface-X mode (MDI-X).
  • Page 134: Reset Counters Interface

    undo multicast-suppression View Ethernet port view Parameters ratio: Maximum ratio of the multicast traffic allowed on the port to the total transmission capacity of the port. This argument ranges from 1 to 100 (in step of 1) and defaults to 100. The smaller the ratio, the less multicast traffic is allowed to be received.
  • Page 135: Shutdown

    Description Use the reset counters interface command to clear the statistics of the port, preparing for a new statistics collection. If you specify neither port type nor port number, the command clears statistics of all ports. If specify only port type, the command clears statistics of all ports of this type. If specify both port type and port number, the command clears statistics of the specified port.
  • Page 136: Speed

    %Apr 13 23:13:54:057 2000 Sysname IFNET/5/UPDOWN:- 1 -Line protocol on the interface Vlan-interface3 is DOWN # Enable Ethernet 1/0/1. [Sysname-Ethernet1/0/1] undo shutdown #Apr 13 23:14:54:454 2000 Sysname L2INF/2/PORT LINK STATUS CHANGE:- 1 - Trap 1.3.6.1.6.3.1.1.5.4(linkUp): portIndex is 4227650, ifAdminStatus is 1, ifOperStatus is 1 %Apr 13 23:14:54:657 2000 Sysname L2INF/5/PORT LINK STATUS CHANGE:- 1 - Ethernet1/0/4 is UP...
  • Page 137: Speed Auto

    speed auto Syntax speed auto [ 10 | 100 | 1000 ]* View Ethernet port view Parameters 10: Configures 10 Mbps as an auto-negotiation speed of the port. 100: Configures 100 Mbps as an auto-negotiation speed of the port. 1000: Configures 1,000 Mbps as an auto-negotiation speed of the port. Description Use the speed auto [ 10 | 100 | 1000 ]* command to configure auto-negotiation speed(s) for the current port.
  • Page 138: Virtual-cable-test

    Description Use the unicast-suppression command to limit the unknown unicast traffic allowed to be received on the current port. Use the undo broadcast-suppression command to restore the default unknown unicast suppression setting on the port. When incoming unknown unicast traffic exceeds the unknown unicast traffic threshold you set, the system drops the packets exceeding the threshold to reduce the unknown unicast traffic ratio to the reasonable range, so as to keep normal network service.
  • Page 139 If the cable is in normal state, the displayed length value is the total length of the cable. If the cable is in any other state, the displayed length value is the length from the port to the faulty point. Pair impedance mismatch Pair skew Pair swap...
  • Page 140 Table of Contents 1 Link Aggregation Configuration Commands··························································································1-1 Link Aggregation Configuration Commands ···························································································1-1 display link-aggregation interface····································································································1-1 display link-aggregation summary···································································································1-2 display link-aggregation verbose·····································································································1-3 display lacp system-id ·····················································································································1-4 lacp enable ······································································································································1-5 lacp port-priority·······························································································································1-5 lacp system-priority··························································································································1-6 link-aggregation group description ··································································································1-6 link-aggregation group mode···········································································································1-7 port link-aggregation group ·············································································································1-8 reset lacp statistics ··························································································································1-9...
  • Page 141: Link Aggregation Configuration Commands

    Link Aggregation Configuration Commands Link Aggregation Configuration Commands display link-aggregation interface Syntax display link-aggregation interface interface-type interface-number interface-type interface-number ] View Any view Parameters interface-type: Port type. interface-number: Port number. to: Specifies a port index range, with the two interface-type interface-number argument pairs around it as the two ends.
  • Page 142: Display Link-aggregation Summary

    Table 1-1 Description on the fields of the display link-aggregation interface command Field Description ID of the aggregation group to which the Selected AggID specified port belongs Local Information about the local end Port-Priority Port priority Oper key Operation key Flag Protocol status flag Remote...
  • Page 143: Display Link-aggregation Verbose

    -------------------------------------------------------------------------- 0x8000,0000-0000-0000 0 NonS Ethernet1/0/2 none NonS Ethernet1/0/3 Table 1-2 Description on the fields of the display link-aggregation summary command Field Description Aggregation group type: D for dynamic, S for Aggregation Group Type static, and M for manual Load sharing type: Shar for load sharing and Loadsharing Type NonS for non-load sharing Actor ID...
  • Page 144: Display Lacp System-id

    Examples # Display the details about aggregation group 1. <Sysname> display link-aggregation verbose 1 Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Flags: A -- LACP_Activity, B -- LACP_timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired Aggregation ID: 1, AggregationType: Manual,...
  • Page 145: Lacp Enable

    Parameters None Description Use the display lacp system-id command to display the device ID of the local system, including the system priority and the MAC address. Examples # Display the device ID of the local system. <Sysname> display lacp system-id Actor System ID: 0x8000, 000f-e20f-0100 The value of the Actor System ID field is the device ID.
  • Page 146: Lacp System-priority

    Parameters port-priority: Port priority, ranging from 0 to 65,535. Description Use the lacp port-priority command to set the priority of the current port. Use the undo lacp port-priority command to restore the default port priority. By default, the port priority is 32,768. You can use the display link-aggregation verbose command or the display link-aggregation interface command to check the configuration result.
  • Page 147: Link-aggregation Group Mode

    undo link-aggregation group agg-id description View System view Parameters agg-id: Aggregation group ID, in the range of 1 to 416. agg-name: Aggregation group name, a string of 1 to 32 characters. Description Use the link-aggregation group description command to set a description for an aggregation group. Use the undo link-aggregation group description command to remove the description of an aggregation group.
  • Page 148: Port Link-aggregation Group

    Description Use the link-aggregation group mode command to create a manual or static aggregation group. Use the undo link-aggregation group command to remove the specified aggregation group. Related commands: display link-aggregation summary. Examples # Create manual aggregation group 22 <Sysname> system-view System View: return to User View with Ctrl+Z.
  • Page 149: Reset Lacp Statistics

    reset lacp statistics Syntax reset lacp statistics [ interface interface-type interface-number [ to interface-type interface-number ] ] View User view Parameters interface-type: Port type interface-number: Port number to: Specifies a port index range, with the two interface-type interface-number argument pairs around it as the two ends.
  • Page 150 Table of Contents 1 Port Isolation Configuration Commands ································································································1-1 Port Isolation Configuration Commands ·································································································1-1 display isolate port···························································································································1-1 port isolate ·······································································································································1-1...
  • Page 151: Port Isolation Configuration Commands

    Port Isolation Configuration Commands Port Isolation Configuration Commands display isolate port Syntax display isolate port View Any view Parameters None Description Use the display isolate port command to display the Ethernet ports assigned to the isolation group. Examples # Display the Ethernet ports added to the isolation group. <Sysname>...
  • Page 152 Assigning an isolated port to an aggregation group causes all the ports in the aggregation group on the local unit to join the isolation group. The Switch 4500 family support cross-device port isolation if XRN fabric is enabled. By default, the isolation group contains no port.
  • Page 153 Table of Contents 1 Port Security Commands··························································································································1-1 Port Security Commands ························································································································1-1 display mac-address security ··········································································································1-1 display port-security·························································································································1-2 mac-address security ······················································································································1-5 port-security authorization ignore ····································································································1-6 port-security enable ·························································································································1-7 port-security intrusion-mode ············································································································1-8 port-security max-mac-count·········································································································1-10 port-security ntk-mode···················································································································1-11 port-security oui ·····························································································································1-12 port-security port-mode ·················································································································1-13 port-security timer disableport ·······································································································1-16 port-security trap····························································································································1-17...
  • Page 154: Port Security Commands

    Port Security Commands Port Security Commands display mac-address security Syntax display mac-address security [ interface interface-type interface-number ] [ vlan vlan-id ] [ count ] View Any view Parameters Interface interface-type interface-number: Specify a port by its type and number, of which the security MAC address information is to be displayed.
  • Page 155: Display Port-security

    MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s) 0000-0000-0001 Security Ethernet1/0/20 NOAGED 0000-0000-0002 Security Ethernet1/0/20 NOAGED 0000-0000-0003 Security Ethernet1/0/20 NOAGED 0000-0000-0004 Security Ethernet1/0/20 NOAGED 4 mac address(es) found on port Ethernet1/0/20 --- # Display the security MAC address entries for VLAN 1. <Sysname>...
  • Page 156 individual port takes the form of interface-type interface-number and a port range takes the form of interface-type interface-number1 to interface-type interface-number2, with interface-number2 taking a value greater than interface-number1. The total number of individual ports and port ranges defined in the list must not exceed 10.
  • Page 157 Port mode is AutoLearn NeedtoKnow mode is disabled Intrusion mode is no action Max mac-address num is not configured Stored mac-address num is 0 Authorization is ignore Ethernet1/0/3 is link-down Port mode is AutoLearn NeedtoKnow mode is disabled Intrusion mode is BlockMacaddress Max mac-address num is not configured Stored mac-address num is 0 Authorization is ignore...
  • Page 158: Mac-address Security

    Field Description Authorization information delivered by the Authorization is ignore Remote Authentication Dial-In User Service (RADIUS) server will not be applied to the port. mac-address security Syntax In system view: mac-address security mac-address interface interface-type interface-number vlan vlan-id undo mac-address security [ [ mac-address [ interface interface-type interface-number ] ] vlan vlan-id ] In Ethernet port view: mac-address security mac-address vlan vlan-id...
  • Page 159: Port-security Authorization Ignore

    Examples # Enable port security; configure the port security mode of Ethernet 1/0/1 as autolearn and create a security MAC address entry for 0001-0001-0001, setting the associated port to Ethernet 1/0/1 and assigning the MAC address to VLAN 1. <Sysname> system-view System View: return to User View with Ctrl+Z.
  • Page 160: Port-security Enable

    After a RADIUS user passes authentication, the RADIUS server authorizes the attributes configured for the user account such as the dynamic VLAN configuration. For more information, refer to AAA Command. Examples # Configure Ethernet 1/0/2 to ignore the authorization information delivered by the RADIUS server. <Sysname>...
  • Page 161: Port-security Intrusion-mode

    Examples # Enable port security. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] port-security enable Notice: The port-control of 802.1x will be restricted to auto when port-security is enabled. Please wait... Done. port-security intrusion-mode Syntax port-security intrusion-mode { blockmac | disableport | disableport-temporarily } undo port-security intrusion-mode View Ethernet port view...
  • Page 162 After executing the port-security intrusion-mode blockmac command, you can only use the display port-security command to view blocked MAC addresses. Related commands: display port-security, port-security timer disableport. Examples # Configure the intrusion protection mode on Ethernet 1/0/1 as blockmac. <Sysname> system-view System View: return to User View with Ctrl+Z.
  • Page 163: Port-security Max-mac-count

    # Configure the intrusion protection mode on Ethernet 1/0/1 as disableport. As a result, when intrusion protection is triggered, the port will be disconnected permanently. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] port-security intrusion-mode disableport You can bring up a port that has been permanently disabled by running the undo shutdown command or disabling port security on the port.
  • Page 164: Port-security Ntk-mode

    The port-security max-mac-count command is irrelevant to the maximum number of MAC addresses that can be learned on a port configured in MAC address management. When there are online users on a port, you cannot perform the port-security max-mac-count command on the port. Examples # Set the maximum number of MAC addresses allowed on the port to 100.
  • Page 165: Port-security Oui

    By checking the destination MAC addresses of the data frames to be sent from a port, the NTK feature ensures that only successfully authenticated devices can obtain data frames from the port, thus preventing illegal devices from intercepting network data. Examples # Set the NTK feature to ntk-withbroadcasts on Ethernet 1/0/1.
  • Page 166: Port-security Port-mode

    By default, no OUI value is set for authentication. The OUI value set by this command takes effect only when the security mode of the port is set to userLoginWithOUI by the port-security port-mode command. The OUI value set by this command cannot be a multicast MAC address. Related commands: port-security port-mode.
  • Page 167 Keyword Security mode Description In this mode, users trying to assess the network through the port must first pass MAC address authentication and then 802.1x mac-and-userlogin-sec macAddressAndUser authentication. LoginSecure In this mode, only one user can access the network through the port at a time. This mode is similar to the macAddressAndUserLoginSecure mode, mac-and-userlogin-sec...
  • Page 168 Keyword Security mode Description This mode is similar to the userLoginSecure mode, except that in this mode, there can be userlogin-secure-ext userLoginSecureExt more than one 802.1x-authenticated user on the port. MAC address authentication and 802.1x authentication can coexist on a port, with 802.1x authentication having higher priority.
  • Page 169: Port-security Timer Disableport

    Before setting the security mode to autolearn, you need to use the port-security max-mac-count command to configure the maximum number of MAC addresses allowed on the port. When a port operates in the autolearn mode, you cannot change the maximum number of MAC addresses allowed on the port.
  • Page 170: Port-security Trap

    The port-security timer disableport command is used in conjunction with the port-security intrusion-mode disableport-temporarily command to set the length of time during which the port remains disabled. Related commands: port-security intrusion-mode. Examples # Set the intrusion protection mode on Ethernet 1/0/1 to disableport-temporarily. It is required that when intrusion protection is triggered, the port be shut down temporarily and then go up 30 seconds later.
  • Page 171 RADIUS authenticated login using MAC-address (RALM) refers to MAC-based RADIUS authentication. Description Use the port-security trap command to enable the sending of specified type(s) of trap messages. Use the undo port-security trap command to disable the sending of specified type(s) of trap messages.
  • Page 172 For description of the output information, refer to Table 1-2. 1-19...
  • Page 173 Table of Contents 1 DLDP Configuration Commands··············································································································1-1 DLDP Configuration Commands·············································································································1-1 display dldp······································································································································1-1 dldp ··················································································································································1-2 dldp authentication-mode ················································································································1-3 dldp interval ·····································································································································1-4 dldp reset·········································································································································1-5 dldp unidirectional-shutdown···········································································································1-5 dldp work-mode ·······························································································································1-6 dldp delaydown-timer ······················································································································1-7...
  • Page 174: Dldp Configuration Commands

    DLDP Configuration Commands DLDP Configuration Commands display dldp Syntax display dldp { unit-id | interface-type interface-number } View Any view Parameters unit-id: Unit number of a device, only can be set as 1 for switch 4500. interface-type: Port type. interface-number: Port number. Description Use the display dldp command to display the DLDP configuration of a unit or a port.
  • Page 175: Dldp

    Table 1-1 Description on the fields of the display dldp command Field Description Interval for sending DLDP advertisement packets (in dldp interval seconds) dldp work-mode DLDP work mode (enhance or normal) dldp authentication-mode DLDP authentication mode (none, simple, or md5) Password for DLDP authentication password DLDP action to be performed on detecting a...
  • Page 176 When you use the dldp enable/dldp disable command in system view to enable/disable DLDP on all optical ports of the switch, the configuration takes effect on the existing optical ports, instead of those added subsequently. Examples # Enable DLDP on all optical ports of the switch. <Sysname>...
  • Page 177: Dldp Interval

    When you configure a DLDP authentication mode and authentication password on a port, make sure that the same DLDP authentication mode and password are set on the ports connected with a fiber cable or copper twisted pair. Otherwise, DLDP authentication fails. DLDP cannot work before DLDP authentication succeeds.
  • Page 178: Dldp Reset

    unidirectional links. On the contrary, if too short an interval is set, network traffic increases, unnecessarily consuming port bandwidth. Examples # Set the interval between sending advertisement packets to 6 seconds for all DLDP-enabled ports in the advertisement state. <Sysname> system-view System View: return to User View with Ctrl+Z.
  • Page 179: Dldp Work-mode

    Parameters auto: Disables automatically the corresponding port when DLDP detects an unidirectional link or finds in the enhanced mode that the peer port is down. manual: Generates log and traps and prompts the user to disable manually the corresponding port when DLDP detects an unidirectional link or finds in the enhanced mode that the peer port is down.
  • Page 180: Dldp Delaydown-timer

    When DLDP works in normal mode, the system can identify only the unidirectional link caused by fiber cross-connection. When the DLDP protocol works in enhanced mode, the system can identify two types of unidirectional links: one is caused by fiber cross-connection and the other is caused by one fiber being not connected or being broken.
  • Page 181 Examples # Set the delaydown timer to 5 seconds. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] dldp delaydown-timer 5...
  • Page 182 Table of Contents 1 MAC Address Table Management Configuration Commands ······························································1-1 MAC Address Table Management Configuration Commands································································1-1 display mac-address aging-time······································································································1-1 display mac-address························································································································1-2 mac-address····································································································································1-3 mac-address aging destination-hit enable·······················································································1-5 mac-address max-mac-count··········································································································1-5 mac-address timer···························································································································1-6...
  • Page 183: Mac Address Table Management Configuration Commands

    MAC Address Table Management Configuration Commands This chapter describes the management of static, dynamic, and blackhole MAC address entries. For information about the management of multicast MAC address entries, refer to the “Multicast Protocol” part of the manual. MAC Address Table Management Configuration Commands display mac-address aging-time Syntax display mac-address aging-time...
  • Page 184: Display Mac-address

    display mac-address Syntax display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | static | blackhole ] [ interface interface-type interface-number ] [ vlan vlan-id ] [ count ] ] [ unit unit-id ] View Any view Parameters mac-address: Displays MAC address entries in a specified MAC address, in the format of H-H-H.
  • Page 185 000d-88f6-44ba Learned GigabitEthernet1/0/4 AGING 000d-88f7-9f7d Learned GigabitEthernet1/0/4 AGING 000d-88f7-b094 Learned GigabitEthernet1/0/4 AGING 000f-e200-00cc Learned GigabitEthernet1/0/4 AGING 000f-e200-2201 Learned GigabitEthernet1/0/4 AGING 000f-e207-f2e0 Learned GigabitEthernet1/0/4 AGING 000f-e209-ecf9 Learned GigabitEthernet1/0/4 AGING 7 mac address(es) found on port GigabitEthernet1/0/4 --- # Display the total number of MAC address entries for VLAN 2. <Sysname>...
  • Page 186 dynamic: Specifies a dynamic MAC address entry. blackhole: Specifies a blackhole MAC address entry. mac-address: Specifies a MAC address, in the form of H-H-H. When entering the MAC address, you can omit the leading 0s in each segment. For example, you can input f-e2-1 for 000f-00e2-0001. interface-type interface-number: Specifies the outgoing port by its type and number for the MAC address.
  • Page 187: Mac-address Aging Destination-hit Enable

    System View: return to User View with Ctrl+Z. [Sysname] mac-address static 000f-e20f-0101 interface GigabitEthernet 1/0/1 vlan 2 mac-address aging destination-hit enable Syntax mac-address aging destination-hit enable undo mac-address aging destination-hit enable View System view Parameters None Description Use the mac-address aging destination-hit enable command to enable the destination MAC address triggered update function.
  • Page 188: Mac-address Timer

    Use the undo mac-address max-mac-count command to cancel the limitation on the number of MAC addresses an Ethernet port can learn. By default, the number of MAC addresses an Ethernet port can learn is unlimited. When you use the mac-address max-mac-count command, the port stops learning MAC addresses after the number of MAC addresses it learned reaches the value of the count argument you provided.
  • Page 189 If the aging timer is set too long, MAC address entries may still exist even if they turn invalid. This causes the switch to be unable to update its MAC address table in time. In this case, the MAC address table cannot reflect the position changes of network devices in time. Examples # Set the aging time of MAC address entries to 500 seconds.
  • Page 190 Table of Contents 1 Auto Detect Configuration Commands ···································································································1-1 Auto Detect Configuration Commands ···································································································1-1 detect-group ····································································································································1-1 detect-list ·········································································································································1-2 display detect-group ························································································································1-3 ip route-static detect-group··············································································································1-4 option ···············································································································································1-5 retry··················································································································································1-6 standby detect-group·······················································································································1-6 timer loop·········································································································································1-7 timer wait ·········································································································································1-7...
  • Page 191: Auto Detect Configuration Commands

    Auto Detect Configuration Commands Auto Detect Configuration Commands Refer to the Routing Protocol part of the manual for information about static routing. Refer to the VRRP part of the manual for information about VRRP. detect-group Syntax detect-group group-number undo detect-group group-number View System view Parameters...
  • Page 192: Detect-list

    [Sysname-detect-group-10] detect-list Syntax detect-list list-number ip address ip-address [ nexthop ip-address ] undo detect-list list-number View Detected group view Parameters list-number: Sequence number of the IP address to be detected. This argument ranges from 1 to 10. ip address ip-address: Specifies the destination IP address (in dotted decimal notation) to be detected. nexthop ip-address: Specifies the next hop IP address (in dotted decimal notation) for Auto Detect.
  • Page 193: Display Detect-group

    display detect-group Syntax display detect-group [ group-number ] View Any view Parameters group-number: Detected group number ranging from 1 to 25. Description Use the display detect-group command to display the configuration of the specified detected group or all detected groups. Examples # Display the configuration of detected group 1.
  • Page 194: Ip Route-static Detect-group

    Field Description ip address IP address to be detected next hop Next hop IP address ip route-static detect-group Syntax ip route-static ip-address { mask | mask-length } { interface-type interface-number | next-hop } [ preference preference-value ] [ reject | blackhole ] detect-group group-number undo ip route-static ip-address { mask | mask-length } [ interface-type interface-number | next-hop ] [ preference preference-value ] View...
  • Page 195 <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] ip route-static 192.168.1.5 24 192.168.0.2 detect-group 10 After the configuration, if detected group 10 is reachable, the static route is valid; if detected group 10 is unreachable, the static route is invalid. option Syntax option [ and | or ]...
  • Page 196: Retry

    retry Syntax retry retry-times undo retry View Detected group view Parameters retry-times: Maximum retry times during a detect operation. This argument ranges from 0 to 10 and defaults to 2. Description Use the retry command to set the maximum retry times during a detect operation. Use the undo retry command to restore the default times.
  • Page 197: Timer Loop

    Use the undo standby detect-group command to disable the interface backup function. Examples # Specify to enable VLAN-interface 2 (the backup interface) when the detected group 10 is unreachable. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] standby detect-group 10 After the configuration, if detected group 10 is reachable, the backup interface VLAN-interface 2 will be in the disabled state, and if detected group 10 is unreachable, VLAN-interface 2 will be enabled.
  • Page 198 undo timer wait View Detected group view Parameters seconds: Timeout waiting for an ICMP reply. This argument ranges from 1 to 30 (in seconds) and defaults to 2. Description Use the timer wait command to set a timeout waiting for an ICMP reply. Use the undo timer wait command to restore the default.
  • Page 199 Table of Contents 1 MSTP Configuration Commands ·············································································································1-1 MSTP Configuration Commands ············································································································1-1 active region-configuration ··············································································································1-1 check region-configuration ··············································································································1-1 display stp········································································································································1-3 display stp abnormalport ·················································································································1-6 display stp portdown························································································································1-7 display stp region-configuration·······································································································1-8 display stp root ································································································································1-9 instance ·······································································&#