3Com Switch 4500 Family Manual
  1. Manuals
  2. Brands
  3. 3Com Manuals
  4. Switch
  5. Switch 4500 Family
  6. Manual

3Com Switch 4500 Family Manual

4500 series
Hide thumbs Also See for Switch 4500 Family:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual, Quick Reference Manual
3Com Switch 4500 Family

Command Reference Guide

Switch 4500 26-Port
Switch 4500 50-Port
Switch 4500 PWR 26-Port
Switch 4500 PWR 50-Port
Product Version: V03.03.00
Manual Version:
6W101-20090811
www.3com.com
3Com Corporation
350 Campus Drive, Marlborough,
MA, USA 01752 3064

Advertisement

Table of Contents
loading

Related Manuals for 3Com Switch 4500 Family

Summary of Contents for 3Com Switch 4500 Family

  • Page 1: Command Reference Guide

    3Com Switch 4500 Family Command Reference Guide Switch 4500 26-Port Switch 4500 50-Port Switch 4500 PWR 26-Port Switch 4500 PWR 50-Port Product Version: V03.03.00 Manual Version: 6W101-20090811 www.3com.com 3Com Corporation 350 Campus Drive, Marlborough, MA, USA 01752 3064...
  • Page 2 3Com Corporation. 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.

  • Page 3: About This Manual

    About This Manual Organization 3Com Switch 4500 Family Command Reference Guide is organized as follows: Part Contents Introduces the commands used for logging into the Ethernet 1 Login switch and the commands used for configuring CLI. Introduces the commands used for configuration file 2 Configuration File Management management.
  • Page 4 Part Contents 27 UDP Helper Introduces the commands used for configuring UDP helper 28 SNMP-RMON Introduces the SNMP-related and RMON-related commands. 29 NTP Introduces the NTP-related commands. 30 SSH Introduces the commands used for configuring SSH2.0 31 File System Management Introduces the commands used for file system management.

  • Page 5: Related Documentation

    3Com Switch 4500 Family Release information in this guide differs from information in the Notes release notes, use the information in the Release Notes. Obtaining Documentation You can access the most up-to-date 3Com product documentation on the World Wide Web at this URL: http://www.3com.com.

  • Page 6: Table Of Contents

    Table of Contents 1 Login Commands ······································································································································1-1 Login Commands ····································································································································1-1 authentication-mode ························································································································1-1 auto-execute command ···················································································································1-3 copyright-info enable ·······················································································································1-3 databits ············································································································································1-4 display telnet-server source-ip ········································································································1-5 display telnet source-ip····················································································································1-6 display user-interface ······················································································································1-6 display users····································································································································1-8 display web users ····························································································································1-9 free user-interface ·························································································································1-10 header ···········································································································································1-11 history-command max-size ···········································································································1-13 idle-timeout ····································································································································1-14 ip http shutdown ····························································································································1-14...
  • Page 7 ip http acl ·········································································································································2-2 snmp-agent community ···················································································································2-2 snmp-agent group ···························································································································2-3 snmp-agent usm-user······················································································································2-4...

  • Page 8: Login Commands

    Login Commands Login Commands authentication-mode Syntax authentication-mode { password | scheme [ command-authorization ] | none } View User interface view Parameters none: Specifies not to authenticate users. password: Authenticates users using the local password. scheme: Authenticates users locally or remotely using usernames and passwords. command-authorization: Performs command authorization on TACACS authentication server.
  • Page 9 To improve security and prevent attacks to the unused Sockets, TCP 23 and TCP 22, ports for Telnet and SSH services respectively, will be enabled or disabled after corresponding configurations. If the authentication mode is none, TCP 23 will be enabled, and TCP 22 will be disabled. If the authentication mode is password, and the corresponding password has been set, TCP 23 will be enabled, and TCP 22 will be disabled.

  • Page 10: Auto-Execute Command

    auto-execute command Syntax auto-execute command text undo auto-execute command View VTY user interface view Parameters text: Command to be executed automatically. Description Use the auto-execute command command to set the command that is executed automatically after a user logs in. Use the undo auto-execute command command to disable the specified command from being automatically executed.

  • Page 11: Databits

    Note that these two commands apply to users logging in through the console port and by means of Telnet. Examples # Disable copyright information displaying. ******************************************************************************** Copyright(c) 2004-2008 3Com Corp. and its licensors. All rights reserved. Without the owner's prior written consent, no decompiling or reverse-engineering shall be allowed. ******************************************************************************** <Sysname> system-view System View: return to User View with Ctrl+Z.

  • Page 12: Display Telnet-Server Source-Ip

    Use the undo databits command to revert to the default databits. The default databits is 8. This command takes effect on AUX user interfaces only. The databits setting on the terminal and that on the device user interface must be the same for communication.

  • Page 13: Display Telnet Source-Ip

    Examples # Display the source IP address configured for the switch operating as the Telnet server. <Sysname> display telnet-server source-ip The source IP you specified is 192.168.1.1 display telnet source-ip Syntax display telnet source-ip View Any view Parameters None Description Use the display telnet source-ip command to display the source IP address configured for the switch operating as the Telnet client.
  • Page 14 In absolute user interface number scheme, the type argument is not required. In this case, user interfaces are numbered from 0 to 12. summary: Displays the summary information about a user interface. Description Use the display user-interface command to display the information about a specified user interface or all user interfaces.

  • Page 15: Display Users

    # Display the summary information about the user interface. <Sysname> display user-interface summary User interface type : [AUX] 0:XXXX XXXX User interface type : [VTY] 8:UXXX X 1 character mode users. 12 UI never used. 1 total UI in use Table 1-2 display user-interface summary command output description Field Description...

  • Page 16: Display Web Users

    Examples # Display the user information about the current user interface. <Sysname> display users Delay Type Ipaddress Username Userlevel VTY 0 00:00:00 192.168.0.208 : Current operation user. : Current operation user work in async mode. Table 1-3 display users command output description Field Description The numbers in the left sub-column are the absolute user interface...

  • Page 17: Free User-Interface

    Table 1-4 display web users command output description Field Description ID of a Web user Name Name of a Web user Language Language a Web user uses Level Level of a Web user Login Time Time when a Web user logs in Last Req.

  • Page 18: Header

    : Current operation user. : Current operation user work in async mode. <Sysname> free user-interface vty 0 Are you sure you want to free user-interface vty0 [Y/N]? y [OK] After you perform the above operation, the user connection on user interface VTY0 is torn down. The user in it must log in again to connect to the switch.
  • Page 19 This command is valid to users logging in through AUX and VTY user interfaces, without affecting users logging in through the Web interface. Note the following: If you specify any one of the four keywords without providing the text argument, the specified keyword will be regarded as the login information.

  • Page 20: History-Command Max-Size

    ******************************************************************************** Copyright(c) 2004-2008 3Com Corp. and its licensors. All rights reserved. Without the owner's prior written consent, no decompiling or reverse-engineering shall be allowed. ******************************************************************************** Welcome to legal! Press Y or ENTER to continue, N to exit. Welcome to login!

  • Page 21: Idle-Timeout

    System View: return to User View with Ctrl+Z. [Sysname] user-interface aux 0 [Sysname-ui-aux0] history-command max-size 20 idle-timeout Syntax idle-timeout minutes [ seconds ] undo idle-timeout View User interface view Parameters minutes: Number of minutes. This argument ranges from 0 to 35,791. seconds: Number of seconds.

  • Page 22: Lock

    By default, the WEB Server is launched. To improve security and prevent attacks to the unused Sockets, TCP 80 port for HTTP service will be enabled or disabled after corresponding configurations. TCP 80 port is enabled only after you use the undo ip http shutdown command to enable the Web server.

  • Page 23: Parity

    To unlock a user interface, press Enter and then enter the password as prompted. Note that if you set a password containing more than 16 characters, the system matches only the first 16 characters of the password entered for unlocking the user interface. That is, the system unlocks the user interface as long as the first 16 characters of the password entered are correct.

  • Page 24: Protocol Inbound

    This command takes effect on AUX user interfaces only. The check mode on the terminal and that on the device user interface must be the same for communication. Examples # Set to perform even checks. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] user-interface aux 0 [Sysname-ui-aux0] parity even protocol inbound...

  • Page 25: Screen-Length

    To improve security and prevent attacks to the unused Sockets, TCP 23 and TCP 22 (ports for Telnet and SSH services respectively) will be enabled or disabled after corresponding configurations. If the authentication mode is none, TCP 23 will be enabled, and TCP 22 will be disabled. If the authentication mode is password, and the corresponding password has been set, TCP 23 will be enabled, and TCP 22 will be disabled.

  • Page 26: Send

    You can use the screen-length 0 command to disable the function to display information in pages. Examples # Set the number of lines the terminal screen can contain to 20. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] user-interface aux 0 [Sysname-ui-aux0] screen-length 20 send...

  • Page 27: Service-Type

    service-type Syntax service-type { ftp | lan-access | { ssh | telnet | terminal }* [ level level ] } undo service-type { ftp | lan-access | { ssh | telnet | terminal }* } View Local user view Parameters ftp: Specifies the users to be of FTP type.

  • Page 28: Set Authentication Password

    [Sysname-luser-zbr] service-type telnet level 0 # To verify the above configuration, you can quit the system, log in again using the user name of zbr, and then list the available commands, as listed in the following. <Sysname> ? User view commands: cluster Run cluster command display...

  • Page 29: Shell

    By default, password authentication is performed when a user logs in through a modem or Telnet. If no password is set, the user cannot establish a connection with the switch. Examples # Set the local password of VTY 0 to “123”. <Sysname>...

  • Page 30: Speed

    speed Syntax speed speed-value undo speed View AUX user interface view Parameters speed-value: Transmission speed (in bps). This argument can be 300, 600, 1200, 2400, 4800, 9600, 19,200, 38,400, 57,600, and 115,200. Description Use the speed command to set the transmission speed of the user interface. Use the undo speed command to revert to the default transmission speed.

  • Page 31: Telnet

    2: Sets the stopbits to 2. Description Use the stopbits command to set the stopbits of the user interface. Use the undo stopbits command to revert to the default stopbits. Execute these two commands in AUX user interface view only. By default, the stopbits is 1.

  • Page 32: Telnet Ipv6

    <Sysname> telnet ipv6 3001::1 Trying 3001::1 ... Press CTRL+K to abort Connected to 3001::1 ... ***************************************************************************** Copyright(c) 2004-2008 3Com Corp. and its licensors. All rights reserved. * Without the owner's prior written consent, no decompiling or reverse-engineering shall be allowed. ***************************************************************************** 1-25...

  • Page 33: Telnet Source-Interface

    <Sysname> telnet source-interface Syntax telnet source-interface interface-type interface-number undo telnet source-interface View System view Parameters interface-type interface-number: Interface type and interface number. Description Use the telnet source-interface command to specify the source interface for a Telnet client. Use the undo telnet source-interface command to remove the specified source interface. The source interface can be a loopback interface or a VLAN interface.

  • Page 34: Telnet-Server Source-Interface

    With the telnet source-ip command configured, the specified IP address functions as the source IP address when a device logs into a Telnet server as a Telnet client, and the login succeeds only when there is a route between the specified source IP address and the Telnet server. Note that when the telnet source-ip command is executed, if the IP address specified is not an IP address of the local device, your configuration fails.

  • Page 35: User-Interface

    View System view Parameters ip-address: Source IP address to be set. Description Use the telnet-server source-ip command to specify the source Telnet server IP address. Use the undo telnet-server source-ip command to remove the source Telnet server IP address. With the telnet-server source-ip command configured, the client can log in to the local device using the specified IP address only, and the login succeeds only when there is a route between the client and specified source IP address.

  • Page 36: User Privilege Level

    last-number: User interface number identifying the last user interface to be configured. The value of this argument must be larger than that of the first-number argument. Description Use the user-interface command to enter one or more user interface views to perform configuration. Examples # Enter VTY0 user interface.

  • Page 37: Cli Configuration Commands

    Command level to be set, in the range of 0 to 3. view view: CLI view. It can be any CLI view that the Ethernet switch supports. The 3com switch 4500 supports only the CLI views listed in...
  • Page 38 CLI view Description acl-ethernetframe Layer 2 ACL view acl-user User-defined ACL view Aux 1/0/0 port view, that is, console port view cluster Cluster view detect-group Detected group view ethernet 100M Ethernet port view ftp-client FTP client view gigabitethernet GigabitEthernet port view ISP domain view loopback Loopback interface view...
  • Page 39 The default levels of commands are described in the following table: Table 1-6 Default levels of commands Level Name Command Commands used to diagnose network, such as ping, tracert, and Visit level telnet commands. Commands used to maintain the system and diagnose service fault, Monitor level such as debugging, terminal and reset commands.

  • Page 40: Display History-Command

    # Restore the default level of the tftp get command. To restore the default levels of the commands starting with the tftp keyword, you only need to specify the tftp keyword. [Sysname] undo command-privilege view shell tftp display history-command Syntax display history-command View Any view...

  • Page 41: Super Password

    Executing this command without the level argument will switch the current user level to level 3 by default. Note that: Users logged into the switch fall into four user levels, which correspond to the four command levels respectively. Users at a specific level can only use the commands at the same level or lower levels. You can switch between user levels after logging into a switch successfully.
  • Page 42 Description Use the super password command to set a switching password for a specified user level, which will be used when users switch from a lower user level to the specified user level. Use the undo super password command to restore the default configuration. By default, no such password is set.

  • Page 43: Commands For User Control

    Commands for User Control Commands for Controlling Logging in Users Syntax acl acl-number { inbound | outbound } undo acl acl-number { inbound | outbound } View User interface view Parameters acl-number: ACL number. This argument can identify different types of ACLs, as listed below. 2000 to 2999, for basic ACLs 3000 to 3999, for advanced ACLs 4000 to 4999, for Layer 2 ACLs...

  • Page 44: Ip Http Acl

    Parameters all: Specifies all Web users. user-id: Web user ID, an eight-digit hexadecimal number. user-name: User name of the Web user. This argument can contain 1 to 80 characters. Description Use the free web-users command to disconnect a specified Web user or all Web users by force. Examples # Disconnect all Web users by force.
  • Page 45 Parameters read: Specifies that the community has read-only permission in the specified view. write: Specifies that the community has read/write permission in the specified view. community-name: Community name, a string of 1 to 32 characters. acl acl-number: Specifies an ACL number for the community. The acl-number argument ranges from 2000 to 2999.

  • Page 46: Snmp-Agent Usm-User

    group-name: Group name. This argument can be of 1 to 32 characters. authentication: Specifies to authenticate SNMP data without encrypting the data. privacy: Authenticates and encrypts packets. read-view: Name of the view to be set to read-only. This argument can be of 1 to 32 characters. write-view: Name of the view to be set to readable &...
  • Page 47 group-name: Name of the group to which the user corresponds. This argument is a string of 1 to 32 characters. cipher: Specifies the authentication or encryption password to be in ciphertext. authentication-mode: Requires authentication. If this keyword is not provided, neither authentication nor encryption is performed.
  • Page 48 Table of Contents 1 Configuration File Management Commands ··························································································1-1 File Attribute Configuration Commands ··································································································1-1 display current-configuration ···········································································································1-1 display current-configuration vlan····································································································1-5 display saved-configuration·············································································································1-6 display startup ·································································································································1-8 display this·······································································································································1-9 reset saved-configuration ··············································································································1-10 save ···············································································································································1-11 startup saved-configuration ···········································································································1-13...

  • Page 49: Configuration File Management Commands

    Configuration File Management Commands The 4500 series Ethernet switches support Expandable Resilient Networking (XRN), and allow you to access a file on the switch in one of the following ways: To access a file on the specified unit, you need to enter the file universal resource locator (URL) starting with unit[No.]>flash:/, where [No.] represents the unit ID of the switch.
  • Page 50 system: Indicates the system configuration. user-interface: Indicates the user interface configuration. interface: Displays port/interface configuration. interface-type: Port/interface type, which can be one of the following: Aux, Ethernet, GigabitEthernet, Loopback, NULL and VLAN-interface. interface-number: Port/interface number. by-linenum: Displays configuration information with line numbers. |: Uses a regular expression to filter the configuration of the switch to be displayed.
  • Page 51 After you finish a set of configurations, you can execute the display current-configuration command to display the parameters that take effect currently. Note that: Parameters that are the same as the default are not displayed. The configured parameter whose corresponding function does not take effect is not displayed. Related commands: save, reset saved-configuration, display saved-configuration.
  • Page 52 interface Ethernet1/0/16 interface Ethernet1/0/17 interface Ethernet1/0/18 interface Ethernet1/0/19 interface Ethernet1/0/20 interface Ethernet1/0/21 interface Ethernet1/0/22 interface Ethernet1/0/23 interface Ethernet1/0/24 interface GigabitEthernet1/0/25 interface GigabitEthernet1/0/26 interface GigabitEthernet1/0/27 shutdown interface GigabitEthernet1/0/28 shutdown interface NULL0 return # Display the lines that include the strings matching 10* in the configuration information. (The character * means that the character 0 in the string before it can appear multiple times or does not appear.) <Sysname>...

  • Page 53: Display Current-Configuration Vlan

    interface Ethernet1/0/9 interface Ethernet1/0/10 interface Ethernet1/0/11 interface Ethernet1/0/12 interface Ethernet1/0/13 interface Ethernet1/0/14 interface Ethernet1/0/15 interface Ethernet1/0/16 interface Ethernet1/0/17 interface Ethernet1/0/18 interface Ethernet1/0/19 interface Ethernet1/0/20 interface Ethernet1/0/21 interface Ethernet1/0/22 interface Ethernet1/0/23 interface Ethernet1/0/24 interface GigabitEthernet1/0/25 interface GigabitEthernet1/0/26 interface GigabitEthernet1/0/27 interface GigabitEthernet1/0/28 ip route-static 0.0.0.0 0.0.0.0 1.2.1.1 preference 60 # Display the configuration information starting with the string user.

  • Page 54: Display Saved-Configuration

    Examples # Display the VLAN configuration information of the current switch. <Sysname> display current-configuration vlan vlan 1 vlan 5 to 69 vlan 70 description Vlan 70 vlan 71 to 100 return display saved-configuration Syntax display saved-configuration [ unit unit-id ] [ by-linenum ] View Any view Parameters...
  • Page 55 domain system vlan 1 interface Vlan-interface1 ip address 192.168.0.39 255.255.255.0 #LOCCFG. MUST NOT DELETE interface Aux1/0/0 interface Ethernet1/0/1 interface Ethernet1/0/2 interface Ethernet1/0/3 interface Ethernet1/0/4 interface Ethernet1/0/5 interface Ethernet1/0/6 interface Ethernet1/0/7 interface Ethernet1/0/8 interface Ethernet1/0/9 interface Ethernet1/0/10 interface Ethernet1/0/11 interface Ethernet1/0/12 interface Ethernet1/0/13 interface Ethernet1/0/14 interface Ethernet1/0/15...

  • Page 56: Display Startup

    interface Ethernet1/0/20 interface Ethernet1/0/21 interface Ethernet1/0/22 interface Ethernet1/0/23 interface Ethernet1/0/24 interface GigabitEthernet1/0/25 interface GigabitEthernet1/0/26 interface GigabitEthernet1/0/27 shutdown interface GigabitEthernet1/0/28 shutdown #TOPOLOGYCFG. MUST NOT DELETE undo xrn-fabric authentication-mode #GLBCFG. MUST NOT DELETE interface NULL0 ip route-static 0.0.0.0 0.0.0.0 1.2.1.1 preference 60 user-interface aux 0 7 user-interface vty 0 4 authentication-mode none...

  • Page 57: Display This

    Parameters unit unit-id: Specifies the unit ID of a switch. With this keyword-argument combination specified, this command can display the startup configuration file information of the specified unit. Description Use the display startup command to display the startup configuration of a switch. Note that: If the switch is not a unit of a fabric, this command displays the startup configuration file information of the current switch no matter whether you have specified the unit-id argument or not.

  • Page 58: Reset Saved-Configuration

    View Any view Parameters by-linenum: Displays configuration information with line numbers. Description Use the display this command to display the current configuration performed in the current view. To verify the configuration performed in a view, you can use this command to display the parameters that are valid in the current view.

  • Page 59: Save

    View User view Parameters backup: Erases the backup configuration file. main: Erases the main configuration file. Description Use the reset saved-configuration command to erase the configuration file saved in the Flash of a switch. The following two situations exist: While the reset saved-configuration [ main ] command erases the configuration file with main attribute, it only erases the main attribute of a configuration file having both main and backup attribute.
  • Page 60 View Any view Parameters cfgfile: Path name or file name of a configuration file in the Flash, a string of 5 to 56 characters. safely: Saves the current configuration in the safe mode. backup: Saves the configuration to the backup configuration file. main: Saves the configuration to the main configuration file.

  • Page 61: Startup Saved-Configuration

    It is recommended to adopt the fast saving mode in the conditions of stable power and adopt the safe mode in the conditions of unstable power or remote maintenance. If you use the save command after a fabric is formed on the switch, the units in the fabric save their own startup configuration files automatically.
  • Page 62 Description Use the startup saved-configuration command to specify a configuration file to be the main configuration file or the backup configuration file to be used for the next startup of the switch. Use the undo startup saved-configuration command to specify a switch to use null configuration when it restarts.
  • Page 63 Table of Contents 1 VLAN Configuration Commands··············································································································1-1 VLAN Configuration Commands·············································································································1-1 description ·······································································································································1-1 display interface Vlan-interface ·······································································································1-1 display vlan······································································································································1-2 interface Vlan-interface····················································································································1-4 name················································································································································1-4 shutdown ·········································································································································1-5 vlan ··················································································································································1-6 Port-Based VLAN Configuration Commands··························································································1-7 display port ······································································································································1-7 port···················································································································································1-7 port access vlan·······························································································································1-8 port hybrid pvid vlan ························································································································1-9 port hybrid vlan ································································································································1-9 port link-type ··································································································································1-10 port trunk permit vlan·····················································································································1-11...

  • Page 64: Vlan Configuration Commands

    VLAN Configuration Commands VLAN Configuration Commands description Syntax description text undo description View VLAN view, VLAN interface view Parameter text: Case sensitive character string to describe the current VLAN or VLAN interface. Special characters and spaces are allowed. It has: 1 to 32 characters for a VLAN description.

  • Page 65: Display Vlan

    Parameter vlan-id: ID of the specific VLAN interface. Description Use the display interface Vlan-interface command to display the information about the VLAN interface. VLAN interface is a virtual interface in Layer 3 mode, used to realize the layer 3 communication between different VLANs.
  • Page 66 to: Specifies multiple contiguous VLAN IDs. The VLAN ID after to cannot be less than that before to. all: Displays the information about all the VLANs. dynamic: Displays information about the dynamic VLANs (which are registered through GVRP protocol). static: Displays information about the static VLANs (which are created through manual configuration). Description Use the display vlan command to display the information about the specified VLANs or all VLANs.

  • Page 67: Interface Vlan-Interface

    Field Description Name VLAN name Tagged Ports Ports through which packets are sent with VLAN tag kept. Untagged Ports Port through which packets are sent with VLAN tag stripped. interface Vlan-interface Syntax interface Vlan-interface vlan-id undo interface Vlan-interface vlan-id View System view Parameter vlan-id: ID of the VLAN interface, in the range of 1 to 4,094.

  • Page 68: Shutdown

    undo name View VLAN view Parameter text: VLAN name, in the range of 1 character to 32 characters. It can contain special characters and spaces. Parameter Use the name command to assign a name to the current VLAN. Use the undo name command to restore to the default VLAN name. By default, the name of a VLAN is its VLAN ID, such as “VLAN 0001”.

  • Page 69: Vlan

    You can use the undo shutdown command to enable a VLAN interface when its related parameters and protocols are configured. When a VLAN interface fails, you can use the shutdown command to disable the interface, and then use the undo shutdown command to enable this interface again, which may restore the interface.

  • Page 70: Port-Based Vlan Configuration Commands

    Example # Enter VLAN 1 view. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] vlan 1 [Sysname-vlan1] # Remove VLAN 5. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] undo vlan 5 Port-Based VLAN Configuration Commands display port Syntax display port { hybrid | trunk }...

  • Page 71: Port Access Vlan

    Parameters interface-list: List of Ethernet ports to be added to or removed from a VLAN. Provide this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where: interface-type is port type and interface-number is port number. The port number to the right of the to keyword must be larger than or equal to the one to the left of the keyword.

  • Page 72: Port Hybrid Pvid Vlan

    Examples # Assign GigabitEthernet 1/0/1 to VLAN 3. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] vlan 3 [Sysname-vlan3] quit [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port access vlan 3 [Sysname-GigabitEthernet1/0/1] port hybrid pvid vlan Syntax port hybrid pvid vlan vlan-id undo port hybrid pvid View Ethernet port view...

  • Page 73: Port Link-Type

    undo port hybrid vlan vlan-id-list View Ethernet port view Parameters vlan-id-list: VLAN range to which the hybrid port will be added. vlan-id-list = [ vlan-id1 [ to vlan-id2 ] ]&<1-10>, where, vlan-id is in the range of 1 to 4094 and can be discrete, and &<1-10> means you can input up to ten VLAN IDs/ID ranges.

  • Page 74: Port Trunk Permit Vlan

    Description Use the port link-type command to set the link type of the current Ethernet port. Use the undo port link-type command to restore the default link type. By default, the link type of an Ethernet port is access. The three types of ports can coexist on an Ethernet switch. You can change the link type of an Ethernet port.

  • Page 75: Port Trunk Pvid Vlan

    Please wait... Done. port trunk pvid vlan Syntax port trunk pvid vlan vlan-id undo port trunk pvid View Ethernet port view Parameters vlan-id: VLAN ID defined in IEEE802.1Q, in the range of 1 to 4094. It is 1 by default. Description Use the port trunk pvid vlan command to set the default VLAN ID for the trunk port.
  • Page 76 Table of Contents 1 IP Address Configuration Commands·····································································································1-1 IP Address Configuration Commands·····································································································1-1 display ip host··································································································································1-1 display ip interface···························································································································1-1 display ip interface brief···················································································································1-4 ip address ········································································································································1-5 ip host ··············································································································································1-6 2 IP Performance Optimization Configuration Commands ······································································2-1 IP Performance Optimization Configuration Commands ········································································2-1 display fib·········································································································································2-1 display fib ip-address·······················································································································2-2 display fib acl ···································································································································2-3...

  • Page 77: Ip Address Configuration Commands

    IP Address Configuration Commands IP Address Configuration Commands display ip host Syntax display ip host View Any view Parameters None Description Use the display ip host command to display mappings between host names and IP addresses in the static DNS database. Examples # Display mappings between host names and IP addresses in the static DNS database.
  • Page 78 View Any view Parameters interface-type interface-number: Specifies an interface by its type and number. Description Use the display ip interface command to display information about a specified or all Layer 3 interfaces. If no argument is specified, information about all Layer 3 interfaces is displayed. Examples # Display information about VLAN-interface 1.
  • Page 79 Table 1-2 Description on the fields of the display ip interface command Field Description Current physical state of the interface, which can Administrative DOWN: Indicates that the interface is administratively down; that is, the interface is shut down with the shutdown command.

  • Page 80: Display Ip Interface Brief

    display ip interface brief Syntax display ip interface brief [ interface-type [ interface-number ] ] View Any view Parameters interface-type: Interface type. interface-number: Interface number. Description Use the display ip interface brief command to display brief information about a specified or all Layer 3 interfaces.

  • Page 81: Ip Address

    Field Description Physical state of the interface, which can be *down: Indicates that the interface is administratively down; that is, the interface is shut down with the shutdown command. down: Indicates that the interface is administratively up but its Physical physical state is down, which may be caused by a connection or link failure.

  • Page 82: Ip Host

    A newly specified IP address overwrites the previous one if there is any. The IP address of a VLAN interface must not be on the same network segment as that of a loopback interface on a device. Related commands: display ip interface. Examples # Assign the IP address 129.12.0.1 to VLAN-interface 1 with subnet mask 255.255.255.0.

  • Page 83: Ip Performance Optimization Configuration Commands

    IP Performance Optimization Configuration Commands IP Performance Optimization Configuration Commands display fib Syntax display fib View Any view Parameters None Description Use the display fib command to display all forwarding information base (FIB) information. Examples # Display all FIB information. <Sysname>...

  • Page 84: Display Fib Ip-Address

    Table 2-1 Description on the fields of the display fib command Field Description Flags: U: Usable route. G: Gateway route H: Host route B: Blackhole route Flag D: Dynamic route S: Static route R: Rejected route E: Multi-path equal-cost route L: Route generated by ARP or ESIS Destination/Mask Destination address/mask length...

  • Page 85: Display Fib Acl

    Description Use the display fib ip-address command to view the FIB entries matching the specified destination IP address. If no mask or mask length is specified, the FIB entry that matches the destination IP address and has the longest mask will be displayed; if the mask is specified, the FIB entry that exactly matches the specified destination IP address and mask will be displayed.

  • Page 86: Display Fib

    <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule permit source 211.71.75.0 0.0.0.255 [Sysname-acl-basic-2001] display acl 2001 Basic ACL 2001, 1 rule Acl's step is 1 rule 0 permit source 211.71.75.0 0.0.0.255 # Display the FIB entries filtered by ACL 2001. <Sysname>...

  • Page 87: Display Fib Ip-Prefix

    display fib ip-prefix Syntax display fib ip-prefix ip-prefix-name View Any view Parameters ip-prefix-name: IP prefix list name, in the range of 1 to 19 characters. Description Use the display fib ip-prefix command to display the FIB entries matching a specific IP prefix list. For details about IP prefix list, refer to the part discussing IP routing in this manual.

  • Page 88: Display Icmp Statistics

    Description Use the display fib statistics command to display the total number of FIB entries. Examples # Display the total number of FIB entries. <Sysname> display fib statistics Route Entry Count : 8 display icmp statistics Syntax display icmp statistics View Any view Parameters...

  • Page 89: Display Ip Socket

    Field Description Number of received destination unreachable destination unreachable packets source quench Number of received source quench packets redirects Number of received redirection packets echo reply Number of received replies parameter problem Number of received parameter problem packets timestamp Number of received time stamp packets information request Number of received information request packets mask requests...
  • Page 90 Examples # Display the TCP socket information. <Sysname> display ip socket socktype 1 SOCK_STREAM: Task = VTYD(18), socketid = 1, Proto = 6, LA = 0.0.0.0:23, FA = 0.0.0.0:0, sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0, socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_SENDVPNID SO_SETKEEPALIVE, socket state = SS_PRIV SS_ASYNC Task = VTYD(18), socketid = 2, Proto = 6,...

  • Page 91: Display Ip Statistics

    display ip statistics Syntax display ip statistics View Any view Parameters None Description Use the display ip statistics command to display the statistics about IP packets. Related commands: display ip interface, reset ip statistics. Examples # Display the statistics about IP packets. <Sysname>...

  • Page 92: Display Tcp Statistics

    Field Description dropped Total number of IP packets discarded no route Total number of IP packets for which no route is available compress fails Total number of IP packets failed to compress input Total number of fragments received output Total number of fragments sent dropped Total number of fragments discarded Fragment:...
  • Page 93 duplicate ACK packets: 7, too much ACK packets: 0 Sent packets: Total: 665 urgent packets: 0 control packets: 5 (including 1 RST) window probe packets: 0, window update packets: 2 data packets: 618 (8770 bytes) data packets retransmitted: 0 (0 bytes) ACK-only packets: 40 (28 delayed) Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0 Keepalive timeout: 0, keepalive probe: 0, Keepalive timeout, so connections disconnected :...

  • Page 94: Display Tcp Status

    Field Description Number of window probe packets sent; in the window probe packets brackets are resent packets window update packets Number of window update packets sent data packets Number of data packets sent data packets retransmitted Number of data packets retransmitted Number of ACK packets sent;...

  • Page 95: Display Udp Statistics

    <Sysname> display tcp status *: TCP MD5 Connection TCPCB Local Add:port Foreign Add:port State 03e37dc4 0.0.0.0:4001 0.0.0.0:0 Listening 04217174 100.0.0.204:23 100.0.0.253:65508 Established Table 2-6 Description on the fields of the display tcp status command Field Description If there is an asterisk before a connection, it means that the TCP connection is authenticated through the MD5 algorithm.

  • Page 96: Icmp Redirect Send

    Table 2-7 Description on the fields of the display udp statistics command Field Description Total Total number of received UDP packets checksum error Total number of packets with incorrect checksum shorter than header Number of packets with data shorter than header data length larger than Number of packets with data longer than packet packet...

  • Page 97: Icmp Unreach Send

    icmp unreach send Syntax icmp unreach send undo icmp unreach send View System view Parameters None Description Use the icmp unreach send command to enable the device to send ICMP destination unreachable packets. After enabled with this feature, the switch, upon receiving a packet with an unreachable destination, discards the packet and then sends a destination unreachable packet to the source host.

  • Page 98: Reset Tcp Statistics

    reset tcp statistics Syntax reset tcp statistics View User view Parameters None Description Use the reset tcp statistics command to clear the statistics about TCP packets. You can use the display tcp statistics command to view the current TCP packet statistics. Examples # Clear the statistics about TCP packets.

  • Page 99: Tcp Timer Syn-Timeout

    Parameters time-value: TCP finwait timer, in seconds, with the value ranging from 76 to 3600. Description Use the tcp timer fin-timeout command to configure the TCP finwait timer. Use the undo tcp timer fin-timeout command to restore the default value of the TCP finwait timer. By default, the value of the TCP finwait timer is 675 seconds.

  • Page 100: Tcp Window

    tcp window Syntax tcp window window-size undo tcp window View System view Parameters window-size: Size of the send/receive buffer, in kilobytes (KB), in the range of 1 to 32. Description Use the tcp window command to configure the size of the TCP send/receive buffer,. Use the undo tcp window command to restore the default.
  • Page 101 Table of Contents 1 Voice VLAN Configuration Commands ···································································································1-1 Voice VLAN Configuration Commands···································································································1-1 display voice vlan error-info·············································································································1-1 display voice vlan oui·······················································································································1-1 display voice vlan status··················································································································1-2 display vlan······································································································································1-3 voice vlan·········································································································································1-4 voice vlan aging·······························································································································1-5 voice vlan enable·····························································································································1-6 voice vlan legacy ·····························································································································1-6 voice vlan mac-address···················································································································1-7 voice vlan mode·······························································································································1-8 voice vlan security enable ···············································································································1-9...

  • Page 102: Voice Vlan Configuration Commands

    Voice VLAN Configuration Commands Voice VLAN Configuration Commands display voice vlan error-info Syntax display voice vlan error-info View Any view Parameters None Description Use the display voice vlan error-info command to display the ports on which the voice VLAN function fails to be enabled.

  • Page 103: Display Voice Vlan Status

    H3C Aolynk phone 00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 00e0-7500-0000 ffff-ff00-0000 Polycom phone 00e0-bb00-0000 ffff-ff00-0000 3Com phone display voice vlan status Syntax display voice vlan status View Any view Parameters None Description Use the display voice vlan status command to display voice VLAN-related information.

  • Page 104: Display Vlan

    PORT MODE -------------------------------- Ethernet1/0/2 AUTO Ethernet1/0/3 MANUAL Table 1-1 Description on the fields of the display voice vlan status command Field Description The status of global voice VLAN function: Voice Vlan status enabled or disabled. The VLAN which is currently enabled with voice Voice Vlan ID VLAN.

  • Page 105: Voice Vlan

    VLAN Type: static Route Interface: not configured Description: VLAN 0006 Name: VLAN 0006 Tagged Ports: Ethernet1/0/5 Untagged Ports: Ethernet1/0/6 The output indicates that Ethernet 1/0/5 and Ethernet 1/0/6 are in the voice VLAN. voice vlan Syntax voice vlan vlan-id enable undo voice vlan enable View System view...

  • Page 106: Voice Vlan Aging

    Examples # Create VLAN 2, and enable the voice VLAN function on it. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] vlan 2 [Sysname-vlan2] quit [Sysname] voice vlan 2 enable # After the voice VLAN function of VLAN 2 is enabled, if you enable the voice VLAN function for other VLANs, the system will prompt that your configuration fails.

  • Page 107: Voice Vlan Enable

    recommended to set a small voice VLAN aging timer in a network with only a few voice applications. Related commands: display voice vlan status. Examples # Set the aging time of the voice VLAN to 100 minutes. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] voice vlan aging 100 voice vlan enable Syntax...

  • Page 108: Voice Vlan Mac-Address

    Parameters None Description Use the voice vlan legacy command to realize the communication between 3Com device and other vendors’ voice device by automatically adding the voice VLAN tag to the voice data coming from other vendors’ voice device. Use the undo voice vlan legacy command to disable the voice VLAN legacy function.

  • Page 109: Voice Vlan Mode

    00d0-1e00-0000 Pingtel phone 00e0-7500-0000 Polycom phone 00e0-bb00-0000 3Com phone Related commands: display voice vlan oui. Examples # Add MAC address 00aa-bb00-0000 to the OUI list and configure its description as ABC. <Sysname> system-view System View: return to User View with Ctrl+Z.

  • Page 110: Voice Vlan Security Enable

    Examples # Configure the voice VLAN assignment mode on Ethernet1/0/2 to manual. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface Ethernet 1/0/2 [Sysname-Ethernet1/0/2] undo voice vlan mode auto voice vlan security enable Syntax voice vlan security enable undo voice vlan security enable View System view...
  • Page 111 Table of Contents 1 Port Basic Configuration Commands······································································································1-1 Port Basic Configuration Commands······································································································1-1 broadcast-suppression ····················································································································1-1 copy configuration ···························································································································1-2 description ·······································································································································1-4 display brief interface·······················································································································1-4 display interface·······························································································································1-6 display link-delay ···························································································································1-10 display loopback-detection ············································································································1-10 display port combo ························································································································1-11 display unit·····································································································································1-12 duplex ············································································································································1-13 flow-control ····································································································································1-14 flow interval····································································································································1-15 giant-frame statistics enable··········································································································1-15 interface·········································································································································1-16...

  • Page 112: Port Basic Configuration Commands

    Port Basic Configuration Commands Port Basic Configuration Commands broadcast-suppression Syntax broadcast-suppression { ratio | pps max-pps } undo broadcast-suppression View System view, Ethernet port view Parameters ratio: Maximum ratio of the broadcast traffic allowed on a port to the total transmission capacity of the port.

  • Page 113: Copy Configuration

    The global broadcast suppression setting configured by the broadcast-suppression command in system view takes effect on all Ethernet ports in the system except for the reflection ports, stack ports and ports having their own broadcast suppression settings. If you configure broadcast-suppression command in both system view and Ethernet port view, the configuration in Ethernet port view will take effect.
  • Page 114 If you specify a source aggregation group ID, the system uses the port with the smallest port number in the aggregation group as the source. If you specify a destination aggregation group ID, the configuration of the source port will be copied to all ports in the aggregation group and all ports in the group will have the same configuration as that of the source port.

  • Page 115: Description

    Any aggregation group port you input in the destination port list will be removed from the list and the copy command will not take effect on the port. If you want an aggregation group port to have the same configuration with the source port, you can specify the aggregation group of the port as the destination (with the destination-agg-id argument).
  • Page 116 Parameters interface-type: Port type. interface-number: Port number. |: Specifies to use a regular expression to filter the configuration information entries to be displayed. begin: Each entry must begin with a specified character string. include: Each entry must include a specified character string. exclude: Each entry must not include a specified character string.

  • Page 117: Display Interface

    Table 1-2 Description on the fields of the display brief interface command Field Description Interface Port type Link Current link state: UP, DOWN or ADMINISTRATIVELY DOWN Speed Link rate Duplex Duplex attribute Type Link type: access, hybrid or trunk PVID Default VLAN ID Description Port description string...
  • Page 118 If you specify only port type, the command displays information about all ports of the specified type. If you specify both port type and port number, the command displays information about the specified port. Examples # Display the configuration information of Ethernet 1/0/1. <Sysname>...
  • Page 119 Field Description Media type Media type Port hardware type Port hardware type 100Mbps-speed mode, full-duplex mode Current speed mode and duplex mode Link speed type is force link, link duplex Link speed and duplex status ( force or type is force link auto-negotiation) Flow-control is enabled Status of flow-control on the port...
  • Page 120 Field Description The number of throttles that occurred on the port - throttles (A throttle occurs when a port is shut down due to buffer or memory overload.) The number of CRC error frames received in correct length The number of incoming CRC error frames with frame non-integer number of bytes The number of packets dropped because the receiving...

  • Page 121: Display Link-Delay

    Field Description The number of detected collisions collisions (Transmission of a frame will be aborted upon detection of a collision.) The number of detected late collisions (A late collision occurs if the transmission of a frame late collisions defers due to detection of collision after its first 512 bits have been transmitted.) The lost carrier counter applicable to serial WAN interfaces...

  • Page 122: Display Port Combo

    View Any view Parameters None Description Use the display loopback-detection command to display the loopback detection status on the port. If loopback detection is enabled, this information will also be displayed: time interval for loopback detection and the loopback ports. Examples # Display the loopback detection status on the port.

  • Page 123: Display Unit

    <Sysname> display port combo Combo-group Active Inactive GigabitEthernet1/0/25 GigabitEthernet1/0/27 GigabitEthernet1/0/26 GigabitEthernet1/0/28 Table 1-6 display port combo command output description Field Description Combo ports of the device, represented by Combo port number, which Combo-group is generated by the system. Active Ports of the Combo ports that are active Inactive Ports of the Combo ports that are inactive As for the optical port and the electrical port of a Combo port, the one with the smaller port number is...

  • Page 124: Duplex

    Multicast MAX-ratio: 100% Allow jumbo frame to pass PVID: 1 Mdi type: auto Port link-type: access Tagged VLAN ID : none Untagged VLAN ID : 1 Last 300 seconds input: 0 packets/sec 0 bytes/sec Last 300 seconds output: 0 packets/sec 0 bytes/sec Input(total): 0 packets, 0 bytes 0 broadcasts, 0 multicasts, 0 pauses...

  • Page 125: Flow-Control

    Description Use the duplex command to set the duplex mode of the current port. Use the undo duplex command to restore the default duplex mode, that is, auto-negotiation. By default, the port is in auto-negotiation mode. Related commands: speed. Examples # Set the Ethernet 1/0/1 port to auto-negotiation mode.

  • Page 126: Flow Interval

    flow interval Syntax flow-interval interval undo flow-interval View Ethernet port view Parameters Interval: Interval (in seconds) to perform statistics on port information. This argument ranges from 5 to 300 (in step of 5) and is 300 by default. Description Use the flow-interval command to set the interval to perform statistics on port information. Use the undo flow-interval command to restore the default interval.

  • Page 127: Interface

    Description Use the giant-frame statistics enable command to enable the giant-frame statistics function. Use the undo giant-frame statistics enable command to disable the giant-frame statistics function. By default, the giant-frame statistics function is not enabled. After enabling the giant-frame statistics function, you can use the display interface command to view the statistics about giant frames.

  • Page 128: Jumboframe Enable

    <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] jumboframe enable Syntax jumboframe enable undo jumboframe enable View Ethernet port view Parameters None Description Use the jumboframe enable command to set the maximum frame size allowed on a port to 9,216 bytes.

  • Page 129: Loopback

    By default, the port state change delay is 0 seconds, that is, the port state changes without any delay. During a short period after you connect your switch to another device, the connecting port may go up and down frequently due to hardware compatibility, resulting in service interruption. To avoid situations like this, you may set a port state change delay.

  • Page 130: Loopback-Detection Control Enable

    Description Use the loopback command to perform a loopback test on the current Ethernet port to check whether the Ethernet port works normally. The loopback test terminates automatically after running for a specific period. By default, no loopback test is performed on the Ethernet port. Examples # Perform an internal loop test on Ethernet 1/0/1.

  • Page 131: Loopback-Detection Enable

    <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface ethernet 1/0/1 [Sysname-Ethernet1/0/1] port link-type trunk [Sysname-Ethernet1/0/1] loopback-detection control enable loopback-detection enable Syntax loopback-detection enable undo loopback-detection enable View System view or Ethernet port view Parameters None Description Use the loopback-detection enable command to enable the loopback detection feature on ports to detect whether external loopback occurs on a port.

  • Page 132: Loopback-Detection Interval-Time

    loopback-detection interval-time Syntax loopback-detection interval-time time undo loopback-detection interval-time View System view Parameters time: Time interval for loopback detection, in the range of 5 to 300 (in seconds). It is 30 seconds by default. Description Use the loopback-detection interval-time command to set time interval for loopback detection. Use the undo loopback-detection interval-time command to restore the default time interval.

  • Page 133: Mdi

    System View: return to User View with Ctrl+Z. [Sysname] interface ethernet 1/0/1 [Sysname-Ethernet1/0/1] port link-type trunk [Sysname-Ethernet1/0/1] loopback-detection per-vlan enable Syntax mdi { across | auto | normal } undo mdi View Ethernet port view Parameters across: Sets the MDI mode to medium dependent interface (MDI). normal: Sets the MDI mode to media dependent interface-X mode (MDI-X).

  • Page 134: Reset Counters Interface

    undo multicast-suppression View Ethernet port view Parameters ratio: Maximum ratio of the multicast traffic allowed on the port to the total transmission capacity of the port. This argument ranges from 1 to 100 (in step of 1) and defaults to 100. The smaller the ratio, the less multicast traffic is allowed to be received.

  • Page 135: Shutdown

    Description Use the reset counters interface command to clear the statistics of the port, preparing for a new statistics collection. If you specify neither port type nor port number, the command clears statistics of all ports. If specify only port type, the command clears statistics of all ports of this type. If specify both port type and port number, the command clears statistics of the specified port.

  • Page 136: Speed

    %Apr 13 23:13:54:057 2000 Sysname IFNET/5/UPDOWN:- 1 -Line protocol on the interface Vlan-interface3 is DOWN # Enable Ethernet 1/0/1. [Sysname-Ethernet1/0/1] undo shutdown #Apr 13 23:14:54:454 2000 Sysname L2INF/2/PORT LINK STATUS CHANGE:- 1 - Trap 1.3.6.1.6.3.1.1.5.4(linkUp): portIndex is 4227650, ifAdminStatus is 1, ifOperStatus is 1 %Apr 13 23:14:54:657 2000 Sysname L2INF/5/PORT LINK STATUS CHANGE:- 1 - Ethernet1/0/4 is UP...

  • Page 137: Speed Auto

    speed auto Syntax speed auto [ 10 | 100 | 1000 ]* View Ethernet port view Parameters 10: Configures 10 Mbps as an auto-negotiation speed of the port. 100: Configures 100 Mbps as an auto-negotiation speed of the port. 1000: Configures 1,000 Mbps as an auto-negotiation speed of the port. Description Use the speed auto [ 10 | 100 | 1000 ]* command to configure auto-negotiation speed(s) for the current port.

  • Page 138: Virtual-Cable-Test

    Description Use the unicast-suppression command to limit the unknown unicast traffic allowed to be received on the current port. Use the undo broadcast-suppression command to restore the default unknown unicast suppression setting on the port. When incoming unknown unicast traffic exceeds the unknown unicast traffic threshold you set, the system drops the packets exceeding the threshold to reduce the unknown unicast traffic ratio to the reasonable range, so as to keep normal network service.
  • Page 139 If the cable is in normal state, the displayed length value is the total length of the cable. If the cable is in any other state, the displayed length value is the length from the port to the faulty point. Pair impedance mismatch Pair skew Pair swap...
  • Page 140 Table of Contents 1 Link Aggregation Configuration Commands··························································································1-1 Link Aggregation Configuration Commands ···························································································1-1 display link-aggregation interface····································································································1-1 display link-aggregation summary···································································································1-2 display link-aggregation verbose·····································································································1-3 display lacp system-id ·····················································································································1-4 lacp enable ······································································································································1-5 lacp port-priority·······························································································································1-5 lacp system-priority··························································································································1-6 link-aggregation group description ··································································································1-6 link-aggregation group mode···········································································································1-7 port link-aggregation group ·············································································································1-8 reset lacp statistics ··························································································································1-9...

  • Page 141: Link Aggregation Configuration Commands

    Link Aggregation Configuration Commands Link Aggregation Configuration Commands display link-aggregation interface Syntax display link-aggregation interface interface-type interface-number interface-type interface-number ] View Any view Parameters interface-type: Port type. interface-number: Port number. to: Specifies a port index range, with the two interface-type interface-number argument pairs around it as the two ends.

  • Page 142: Display Link-Aggregation Summary

    Table 1-1 Description on the fields of the display link-aggregation interface command Field Description ID of the aggregation group to which the Selected AggID specified port belongs Local Information about the local end Port-Priority Port priority Oper key Operation key Flag Protocol status flag Remote...

  • Page 143: Display Link-Aggregation Verbose

    -------------------------------------------------------------------------- 0x8000,0000-0000-0000 0 NonS Ethernet1/0/2 none NonS Ethernet1/0/3 Table 1-2 Description on the fields of the display link-aggregation summary command Field Description Aggregation group type: D for dynamic, S for Aggregation Group Type static, and M for manual Load sharing type: Shar for load sharing and Loadsharing Type NonS for non-load sharing Actor ID...

  • Page 144: Display Lacp System-Id

    Examples # Display the details about aggregation group 1. <Sysname> display link-aggregation verbose 1 Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing Flags: A -- LACP_Activity, B -- LACP_timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired Aggregation ID: 1, AggregationType: Manual,...

  • Page 145: Lacp Enable

    Parameters None Description Use the display lacp system-id command to display the device ID of the local system, including the system priority and the MAC address. Examples # Display the device ID of the local system. <Sysname> display lacp system-id Actor System ID: 0x8000, 000f-e20f-0100 The value of the Actor System ID field is the device ID.

  • Page 146: Lacp System-Priority

    Parameters port-priority: Port priority, ranging from 0 to 65,535. Description Use the lacp port-priority command to set the priority of the current port. Use the undo lacp port-priority command to restore the default port priority. By default, the port priority is 32,768. You can use the display link-aggregation verbose command or the display link-aggregation interface command to check the configuration result.

  • Page 147: Link-Aggregation Group Mode

    undo link-aggregation group agg-id description View System view Parameters agg-id: Aggregation group ID, in the range of 1 to 416. agg-name: Aggregation group name, a string of 1 to 32 characters. Description Use the link-aggregation group description command to set a description for an aggregation group. Use the undo link-aggregation group description command to remove the description of an aggregation group.

  • Page 148: Port Link-Aggregation Group

    Description Use the link-aggregation group mode command to create a manual or static aggregation group. Use the undo link-aggregation group command to remove the specified aggregation group. Related commands: display link-aggregation summary. Examples # Create manual aggregation group 22 <Sysname> system-view System View: return to User View with Ctrl+Z.

  • Page 149: Reset Lacp Statistics

    reset lacp statistics Syntax reset lacp statistics [ interface interface-type interface-number [ to interface-type interface-number ] ] View User view Parameters interface-type: Port type interface-number: Port number to: Specifies a port index range, with the two interface-type interface-number argument pairs around it as the two ends.
  • Page 150 Table of Contents 1 Port Isolation Configuration Commands ································································································1-1 Port Isolation Configuration Commands ·································································································1-1 display isolate port···························································································································1-1 port isolate ·······································································································································1-1...

  • Page 151: Port Isolation Configuration Commands

    Port Isolation Configuration Commands Port Isolation Configuration Commands display isolate port Syntax display isolate port View Any view Parameters None Description Use the display isolate port command to display the Ethernet ports assigned to the isolation group. Examples # Display the Ethernet ports added to the isolation group. <Sysname>...
  • Page 152 Assigning an isolated port to an aggregation group causes all the ports in the aggregation group on the local unit to join the isolation group. The Switch 4500 family support cross-device port isolation if XRN fabric is enabled. By default, the isolation group contains no port.
  • Page 153 Table of Contents 1 Port Security Commands··························································································································1-1 Port Security Commands ························································································································1-1 display mac-address security ··········································································································1-1 display port-security·························································································································1-2 mac-address security ······················································································································1-5 port-security authorization ignore ····································································································1-6 port-security enable ·························································································································1-7 port-security intrusion-mode ············································································································1-8 port-security max-mac-count·········································································································1-10 port-security ntk-mode···················································································································1-11 port-security oui ·····························································································································1-12 port-security port-mode ·················································································································1-13 port-security timer disableport ·······································································································1-16 port-security trap····························································································································1-17...

  • Page 154: Port Security Commands

    Port Security Commands Port Security Commands display mac-address security Syntax display mac-address security [ interface interface-type interface-number ] [ vlan vlan-id ] [ count ] View Any view Parameters Interface interface-type interface-number: Specify a port by its type and number, of which the security MAC address information is to be displayed.

  • Page 155: Display Port-Security

    MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s) 0000-0000-0001 Security Ethernet1/0/20 NOAGED 0000-0000-0002 Security Ethernet1/0/20 NOAGED 0000-0000-0003 Security Ethernet1/0/20 NOAGED 0000-0000-0004 Security Ethernet1/0/20 NOAGED 4 mac address(es) found on port Ethernet1/0/20 --- # Display the security MAC address entries for VLAN 1. <Sysname>...
  • Page 156 individual port takes the form of interface-type interface-number and a port range takes the form of interface-type interface-number1 to interface-type interface-number2, with interface-number2 taking a value greater than interface-number1. The total number of individual ports and port ranges defined in the list must not exceed 10.
  • Page 157 Port mode is AutoLearn NeedtoKnow mode is disabled Intrusion mode is no action Max mac-address num is not configured Stored mac-address num is 0 Authorization is ignore Ethernet1/0/3 is link-down Port mode is AutoLearn NeedtoKnow mode is disabled Intrusion mode is BlockMacaddress Max mac-address num is not configured Stored mac-address num is 0 Authorization is ignore...

  • Page 158: Mac-Address Security

    Field Description Authorization information delivered by the Authorization is ignore Remote Authentication Dial-In User Service (RADIUS) server will not be applied to the port. mac-address security Syntax In system view: mac-address security mac-address interface interface-type interface-number vlan vlan-id undo mac-address security [ [ mac-address [ interface interface-type interface-number ] ] vlan vlan-id ] In Ethernet port view: mac-address security mac-address vlan vlan-id...

  • Page 159: Port-Security Authorization Ignore

    Examples # Enable port security; configure the port security mode of Ethernet 1/0/1 as autolearn and create a security MAC address entry for 0001-0001-0001, setting the associated port to Ethernet 1/0/1 and assigning the MAC address to VLAN 1. <Sysname> system-view System View: return to User View with Ctrl+Z.

  • Page 160: Port-Security Enable

    After a RADIUS user passes authentication, the RADIUS server authorizes the attributes configured for the user account such as the dynamic VLAN configuration. For more information, refer to AAA Command. Examples # Configure Ethernet 1/0/2 to ignore the authorization information delivered by the RADIUS server. <Sysname>...

  • Page 161: Port-Security Intrusion-Mode

    Examples # Enable port security. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] port-security enable Notice: The port-control of 802.1x will be restricted to auto when port-security is enabled. Please wait... Done. port-security intrusion-mode Syntax port-security intrusion-mode { blockmac | disableport | disableport-temporarily } undo port-security intrusion-mode View Ethernet port view...
  • Page 162 After executing the port-security intrusion-mode blockmac command, you can only use the display port-security command to view blocked MAC addresses. Related commands: display port-security, port-security timer disableport. Examples # Configure the intrusion protection mode on Ethernet 1/0/1 as blockmac. <Sysname> system-view System View: return to User View with Ctrl+Z.

  • Page 163: Port-Security Max-Mac-Count

    # Configure the intrusion protection mode on Ethernet 1/0/1 as disableport. As a result, when intrusion protection is triggered, the port will be disconnected permanently. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] port-security intrusion-mode disableport You can bring up a port that has been permanently disabled by running the undo shutdown command or disabling port security on the port.

  • Page 164: Port-Security Ntk-Mode

    The port-security max-mac-count command is irrelevant to the maximum number of MAC addresses that can be learned on a port configured in MAC address management. When there are online users on a port, you cannot perform the port-security max-mac-count command on the port. Examples # Set the maximum number of MAC addresses allowed on the port to 100.

  • Page 165: Port-Security Oui

    By checking the destination MAC addresses of the data frames to be sent from a port, the NTK feature ensures that only successfully authenticated devices can obtain data frames from the port, thus preventing illegal devices from intercepting network data. Examples # Set the NTK feature to ntk-withbroadcasts on Ethernet 1/0/1.

  • Page 166: Port-Security Port-Mode

    By default, no OUI value is set for authentication. The OUI value set by this command takes effect only when the security mode of the port is set to userLoginWithOUI by the port-security port-mode command. The OUI value set by this command cannot be a multicast MAC address. Related commands: port-security port-mode.
  • Page 167 Keyword Security mode Description In this mode, users trying to assess the network through the port must first pass MAC address authentication and then 802.1x mac-and-userlogin-sec macAddressAndUser authentication. LoginSecure In this mode, only one user can access the network through the port at a time. This mode is similar to the macAddressAndUserLoginSecure mode, mac-and-userlogin-sec...
  • Page 168 Keyword Security mode Description This mode is similar to the userLoginSecure mode, except that in this mode, there can be userlogin-secure-ext userLoginSecureExt more than one 802.1x-authenticated user on the port. MAC address authentication and 802.1x authentication can coexist on a port, with 802.1x authentication having higher priority.

  • Page 169: Port-Security Timer Disableport

    Before setting the security mode to autolearn, you need to use the port-security max-mac-count command to configure the maximum number of MAC addresses allowed on the port. When a port operates in the autolearn mode, you cannot change the maximum number of MAC addresses allowed on the port.

  • Page 170: Port-Security Trap

    The port-security timer disableport command is used in conjunction with the port-security intrusion-mode disableport-temporarily command to set the length of time during which the port remains disabled. Related commands: port-security intrusion-mode. Examples # Set the intrusion protection mode on Ethernet 1/0/1 to disableport-temporarily. It is required that when intrusion protection is triggered, the port be shut down temporarily and then go up 30 seconds later.
  • Page 171 RADIUS authenticated login using MAC-address (RALM) refers to MAC-based RADIUS authentication. Description Use the port-security trap command to enable the sending of specified type(s) of trap messages. Use the undo port-security trap command to disable the sending of specified type(s) of trap messages.
  • Page 172 For description of the output information, refer to Table 1-2. 1-19...
  • Page 173 Table of Contents 1 DLDP Configuration Commands··············································································································1-1 DLDP Configuration Commands·············································································································1-1 display dldp······································································································································1-1 dldp ··················································································································································1-2 dldp authentication-mode ················································································································1-3 dldp interval ·····································································································································1-4 dldp reset·········································································································································1-5 dldp unidirectional-shutdown···········································································································1-5 dldp work-mode ·······························································································································1-6 dldp delaydown-timer ······················································································································1-7...

  • Page 174: Dldp Configuration Commands

    DLDP Configuration Commands DLDP Configuration Commands display dldp Syntax display dldp { unit-id | interface-type interface-number } View Any view Parameters unit-id: Unit number of a device, only can be set as 1 for switch 4500. interface-type: Port type. interface-number: Port number. Description Use the display dldp command to display the DLDP configuration of a unit or a port.

  • Page 175: Dldp

    Table 1-1 Description on the fields of the display dldp command Field Description Interval for sending DLDP advertisement packets (in dldp interval seconds) dldp work-mode DLDP work mode (enhance or normal) dldp authentication-mode DLDP authentication mode (none, simple, or md5) Password for DLDP authentication password DLDP action to be performed on detecting a...
  • Page 176 When you use the dldp enable/dldp disable command in system view to enable/disable DLDP on all optical ports of the switch, the configuration takes effect on the existing optical ports, instead of those added subsequently. Examples # Enable DLDP on all optical ports of the switch. <Sysname>...

  • Page 177: Dldp Interval

    When you configure a DLDP authentication mode and authentication password on a port, make sure that the same DLDP authentication mode and password are set on the ports connected with a fiber cable or copper twisted pair. Otherwise, DLDP authentication fails. DLDP cannot work before DLDP authentication succeeds.

  • Page 178: Dldp Reset

    unidirectional links. On the contrary, if too short an interval is set, network traffic increases, unnecessarily consuming port bandwidth. Examples # Set the interval between sending advertisement packets to 6 seconds for all DLDP-enabled ports in the advertisement state. <Sysname> system-view System View: return to User View with Ctrl+Z.

  • Page 179: Dldp Work-Mode

    Parameters auto: Disables automatically the corresponding port when DLDP detects an unidirectional link or finds in the enhanced mode that the peer port is down. manual: Generates log and traps and prompts the user to disable manually the corresponding port when DLDP detects an unidirectional link or finds in the enhanced mode that the peer port is down.

  • Page 180: Dldp Delaydown-Timer

    When DLDP works in normal mode, the system can identify only the unidirectional link caused by fiber cross-connection. When the DLDP protocol works in enhanced mode, the system can identify two types of unidirectional links: one is caused by fiber cross-connection and the other is caused by one fiber being not connected or being broken.
  • Page 181 Examples # Set the delaydown timer to 5 seconds. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] dldp delaydown-timer 5...
  • Page 182 Table of Contents 1 MAC Address Table Management Configuration Commands ······························································1-1 MAC Address Table Management Configuration Commands································································1-1 display mac-address aging-time······································································································1-1 display mac-address························································································································1-2 mac-address····································································································································1-3 mac-address aging destination-hit enable·······················································································1-5 mac-address max-mac-count··········································································································1-5 mac-address timer···························································································································1-6...

  • Page 183: Mac Address Table Management Configuration Commands

    MAC Address Table Management Configuration Commands This chapter describes the management of static, dynamic, and blackhole MAC address entries. For information about the management of multicast MAC address entries, refer to the “Multicast Protocol” part of the manual. MAC Address Table Management Configuration Commands display mac-address aging-time Syntax display mac-address aging-time...

  • Page 184: Display Mac-Address

    display mac-address Syntax display mac-address [ mac-address [ vlan vlan-id ] | [ [ dynamic | static | blackhole ] [ interface interface-type interface-number ] [ vlan vlan-id ] [ count ] ] [ unit unit-id ] View Any view Parameters mac-address: Displays MAC address entries in a specified MAC address, in the format of H-H-H.
  • Page 185 000d-88f6-44ba Learned GigabitEthernet1/0/4 AGING 000d-88f7-9f7d Learned GigabitEthernet1/0/4 AGING 000d-88f7-b094 Learned GigabitEthernet1/0/4 AGING 000f-e200-00cc Learned GigabitEthernet1/0/4 AGING 000f-e200-2201 Learned GigabitEthernet1/0/4 AGING 000f-e207-f2e0 Learned GigabitEthernet1/0/4 AGING 000f-e209-ecf9 Learned GigabitEthernet1/0/4 AGING 7 mac address(es) found on port GigabitEthernet1/0/4 --- # Display the total number of MAC address entries for VLAN 2. <Sysname>...
  • Page 186 dynamic: Specifies a dynamic MAC address entry. blackhole: Specifies a blackhole MAC address entry. mac-address: Specifies a MAC address, in the form of H-H-H. When entering the MAC address, you can omit the leading 0s in each segment. For example, you can input f-e2-1 for 000f-00e2-0001. interface-type interface-number: Specifies the outgoing port by its type and number for the MAC address.

  • Page 187: Mac-Address Aging Destination-Hit Enable

    System View: return to User View with Ctrl+Z. [Sysname] mac-address static 000f-e20f-0101 interface GigabitEthernet 1/0/1 vlan 2 mac-address aging destination-hit enable Syntax mac-address aging destination-hit enable undo mac-address aging destination-hit enable View System view Parameters None Description Use the mac-address aging destination-hit enable command to enable the destination MAC address triggered update function.

  • Page 188: Mac-Address Timer

    Use the undo mac-address max-mac-count command to cancel the limitation on the number of MAC addresses an Ethernet port can learn. By default, the number of MAC addresses an Ethernet port can learn is unlimited. When you use the mac-address max-mac-count command, the port stops learning MAC addresses after the number of MAC addresses it learned reaches the value of the count argument you provided.
  • Page 189 If the aging timer is set too long, MAC address entries may still exist even if they turn invalid. This causes the switch to be unable to update its MAC address table in time. In this case, the MAC address table cannot reflect the position changes of network devices in time. Examples # Set the aging time of MAC address entries to 500 seconds.
  • Page 190 Table of Contents 1 Auto Detect Configuration Commands ···································································································1-1 Auto Detect Configuration Commands ···································································································1-1 detect-group ····································································································································1-1 detect-list ·········································································································································1-2 display detect-group ························································································································1-3 ip route-static detect-group··············································································································1-4 option ···············································································································································1-5 retry··················································································································································1-6 standby detect-group·······················································································································1-6 timer loop·········································································································································1-7 timer wait ·········································································································································1-7...

  • Page 191: Auto Detect Configuration Commands

    Auto Detect Configuration Commands Auto Detect Configuration Commands Refer to the Routing Protocol part of the manual for information about static routing. Refer to the VRRP part of the manual for information about VRRP. detect-group Syntax detect-group group-number undo detect-group group-number View System view Parameters...

  • Page 192: Detect-List

    [Sysname-detect-group-10] detect-list Syntax detect-list list-number ip address ip-address [ nexthop ip-address ] undo detect-list list-number View Detected group view Parameters list-number: Sequence number of the IP address to be detected. This argument ranges from 1 to 10. ip address ip-address: Specifies the destination IP address (in dotted decimal notation) to be detected. nexthop ip-address: Specifies the next hop IP address (in dotted decimal notation) for Auto Detect.

  • Page 193: Display Detect-Group

    display detect-group Syntax display detect-group [ group-number ] View Any view Parameters group-number: Detected group number ranging from 1 to 25. Description Use the display detect-group command to display the configuration of the specified detected group or all detected groups. Examples # Display the configuration of detected group 1.

  • Page 194: Ip Route-Static Detect-Group

    Field Description ip address IP address to be detected next hop Next hop IP address ip route-static detect-group Syntax ip route-static ip-address { mask | mask-length } { interface-type interface-number | next-hop } [ preference preference-value ] [ reject | blackhole ] detect-group group-number undo ip route-static ip-address { mask | mask-length } [ interface-type interface-number | next-hop ] [ preference preference-value ] View...
  • Page 195 <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] ip route-static 192.168.1.5 24 192.168.0.2 detect-group 10 After the configuration, if detected group 10 is reachable, the static route is valid; if detected group 10 is unreachable, the static route is invalid. option Syntax option [ and | or ]...

  • Page 196: Retry

    retry Syntax retry retry-times undo retry View Detected group view Parameters retry-times: Maximum retry times during a detect operation. This argument ranges from 0 to 10 and defaults to 2. Description Use the retry command to set the maximum retry times during a detect operation. Use the undo retry command to restore the default times.

  • Page 197: Timer Loop

    Use the undo standby detect-group command to disable the interface backup function. Examples # Specify to enable VLAN-interface 2 (the backup interface) when the detected group 10 is unreachable. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface vlan-interface 2 [Sysname-Vlan-interface2] standby detect-group 10 After the configuration, if detected group 10 is reachable, the backup interface VLAN-interface 2 will be in the disabled state, and if detected group 10 is unreachable, VLAN-interface 2 will be enabled.
  • Page 198 undo timer wait View Detected group view Parameters seconds: Timeout waiting for an ICMP reply. This argument ranges from 1 to 30 (in seconds) and defaults to 2. Description Use the timer wait command to set a timeout waiting for an ICMP reply. Use the undo timer wait command to restore the default.
  • Page 199 Table of Contents 1 MSTP Configuration Commands ·············································································································1-1 MSTP Configuration Commands ············································································································1-1 active region-configuration ··············································································································1-1 check region-configuration ··············································································································1-1 display stp········································································································································1-3 display stp abnormalport ·················································································································1-6 display stp portdown························································································································1-7 display stp region-configuration·······································································································1-8 display stp root ································································································································1-9 instance ·········································································································································1-10 region-name ··································································································································1-10 reset stp·········································································································································1-11 revision-level··································································································································1-12 stp ··················································································································································1-12 stp bpdu-protection························································································································1-14...
  • Page 200 vlan-mapping modulo ····················································································································1-44...

  • Page 201: Mstp Configuration Commands

    MSTP Configuration Commands MSTP Configuration Commands active region-configuration Syntax active region-configuration View MST region view Parameters None Description Use the active region-configuration command to activate the settings of a multiple spanning tree (MST) region. Configuring MST region-related parameters (especially the VLAN-to-instance mapping table) can result in network topology jitter.
  • Page 202 MST region-related parameters mentioned above are not consistent with those of other switches in the region. The 3Com switches 4500 support only the MST region name, VLAN-to-instance mapping table, and revision level. Switches which have the settings of these parameters the same are assigned to the same MST region.

  • Page 203: Display Stp

    display stp Syntax display stp [ instance instance-id ] [ interface interface-list | slot slot-number ] [ brief ] View Any view Parameters instance-id: ID of the MSTI ranging from 0 to 16. The value of 0 refers to the common and internal spanning tree (CIST).
  • Page 204 MSTI port parameters: Port state, role, priority, path cost, designated bridge, designated port, remaining hops, and the number of VLANs mapped to the current MSTI. The statistical information includes: the numbers of the TCN BPDUs, the configuration BPDUs, the RST BPDUs, and the MST BPDUs transmitted/received by each port.
  • Page 205 BPDU-Protection :disabled TC-Protection :enabled / Threshold=6 Bridge Config Digest Snooping :disabled TC or TCN received Time since last TC :0 days 1h:33m:54s ----[Port2(Ethernet1/0/2)][DOWN]---- Port Protocol :enabled Port Role :CIST Disabled Port Port Priority :128 Port Cost(Legacy) :Config=auto / Active=200000 Desg. Bridge/Port :32768.00e0-fc12-4001 / 128.2 Port Edged :Config=disabled / Active=disabled...

  • Page 206: Display Stp Abnormalport

    Field Description Port Protocol Indicates whether STP is enabled on the port Port role, which can be Alternate, Backup, Root, Designated, Port Role Master, or Disabled Port Priority Port priority Path cost of the port. The field in the bracket indicates the standard used for port path cost calculation, which can be Port Cost(Legacy) legacy, dot1d-1998, or dot1t.

  • Page 207: Display Stp Portdown

    Parameters None Description Use the display stp abnormalport command to display the ports that are blocked by STP guard functions. Examples # Display the ports that are blocked by STP guard functions. <Sysname> display stp abnormalport MSTID Port Block Reason --------- -------------------- ------------- Ethernet1/0/20...

  • Page 208: Display Stp Region-Configuration

    Ethernet1/0/20 BPDU-Protection Table 1-5 Description on the fields of the display stp portdown command Field Description Port Port that has been shut down Reason that caused the port to be blocked. BPDU-Protected: BPDU attack guard function Down Reason Formatfrequency-Protected: MSTP BPDU format frequent change protection function display stp region-configuration Syntax...

  • Page 209: Display Stp Root

    Field Description Revision level of the MST region, which can be configured Revision level using the revision-level command and defaults to 0. Instance Vlans Mapped VLAN-to-instance mappings in the MST region display stp root Syntax display stp root View Any view Parameters None Description...

  • Page 210: Instance

    instance Syntax instance instance-id vlan vlan-list undo instance instance-id [ vlan vlan-list ] View MST region view Parameters instance-id: ID of an MSTI ranging from 0 to 16. The value of 0 refers to the CIST. vlan-list: List of VLANs. You need to provide this argument in the form of vlan-list = { vlan-id [ to vlan-id ] }&<1-10>, where &<1-10>...

  • Page 211: Reset Stp

    Parameters name: MST region name to be set for the switch, a string of 1 to 32 characters. Description Use the region-name command to set an MST region name for a switch. Use the undo region-name command to restore the MST region name to the default value. The default MST region name of a switch is its MAC address.

  • Page 212: Revision-Level

    Examples # Clear the spanning tree statistics on Ethernet 1/0/1 through Ethernet 1/0/3. <Sysname> reset stp interface Ethernet 1/0/1 to Ethernet 1/0/3 revision-level Syntax revision-level level undo revision-level View MST region view Parameters level: MSTP revision level to be set for the switch. This argument ranges from 0 to 65,535. Description Use the revision-level command to set the MSTP revision level for a switch.
  • Page 213 Parameters enable: Enables MSTP. disable: Disables MSTP. interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument. Description Use the stp command in system view to enable/disable MSTP globally.

  • Page 214: Stp Bpdu-Protection

    You are recommended to enable BPDU guard for devices with edge ports configured. As Gigabit ports of a 3Com switch 4500 cannot be shut down, the BPDU guard function is not applicable to these ports even if you enable the BPDU guard function and specify these ports to be MSTP edge ports.

  • Page 215: Stp Bridge-Diameter

    Examples # Enable the BPDU guard function. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] stp bpdu-protection stp bridge-diameter Syntax stp bridge-diameter bridgenum undo stp bridge-diameter View System view Parameters bridgenum: Network diameter to be set for a switched network. This argument ranges from 2 to 7. Description Use the stp bridge-diameter command to set the network diameter of a switched network.
  • Page 216 stp interface interface-list compliance { auto | legacy | dot1s } undo stp interface interface-list compliance View System view, Ethernet port view Parameters auto: Configures the port(s) to recognize the MSTP BPDU format automatically and accordingly determine the format of MSTP BPDUs to send. legacy: Configures the port(s) to receive and send only compatible-format MSTP BPDUs.

  • Page 217: Stp Config-Digest-Snooping

    # Configure Ethernet 1/0/2 to Ethernet 1/0/4 to recognize and send MSTP BPDUs in dot1s format. <Sysname> system-view [Sysname] stp interface Ethernet 1/0/2 to Ethernet1/0/4 compliance dot1s stp config-digest-snooping Syntax System view, Ethernet port view: stp config-digest-snooping undo stp config-digest-snooping System view: stp interface interface-list config-digest-snooping undo stp interface interface-list config-digest-snooping...
  • Page 218 As some other manufacturers' switches adopt proprietary spanning tree protocols, they cannot interwork with other switches in an MST region even if they are configured with the same MST region-related settings as other switches in the MST region. This kind of problem can be overcome by implementing the digest snooping feature. If a switch port is connected to another manufacturer’s switch that has the same MST region-related settings but adopts a proprietary spanning tree protocol, you can enable the digest snooping feature on the port that will be receiving BPDU packets from another manufacturer's switch.

  • Page 219: Stp Cost

    # Enable the digest snooping feature on Ethernet 1/0/2 to Ethernet 1/0/4. <Sysname> system-view [Sysname] stp interface Ethernet 1/0/2 to Ethernet1/0/4 config-digest-snooping [Sysname] stp config-digest-snooping stp cost Syntax Ethernet port view: stp [ instance instance-id ] cost cost undo stp [ instance instance-id ] cost System view: stp interface interface-list [ instance instance-id ] cost cost undo stp interface interface-list [ instance instance-id ] cost...

  • Page 220: Stp Dot1D-Trap

    If you specify the instance-id argument to be 0 or do not specify this argument, the stp cost command sets the path cost of the port in CIST. Changing the path cost of a port in an MSTI may change the role of the port in the instance and put it in state transition.

  • Page 221: Stp Edged-Port

    The switch becomes the root bridge of an MSTI. Network topology changes are detected. Examples # Enable a switch to send trap messages conforming to 802.1d standard to the network management device when the switch becomes the root bridge of MSTI 1. <Sysname>...

  • Page 222: Stp Loop-Protection

    recommended to configure the Ethernet ports directly connected to user terminals as edge ports to enable them to turn to the forwarding state rapidly. Normally, configuration BPDUs cannot reach an edge port because the port is not connected to another switch.
  • Page 223 Parameters interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument. Description Use the stp loop-protection command to enable the loop guard function on the current port.

  • Page 224: Stp Max-Hops

    # Enable the loop guard function on Ethernet 1/0/2 to Ethernet 1/0/4 in system view. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] stp interface Ethernet 1/0/2 to Ethernet 1/0/4 loop-protection stp max-hops Syntax stp max-hops hops undo stp max-hops View System view...
  • Page 225 stp mcheck System view: stp [ interface interface-list ] mcheck View System view, Ethernet port view Parameters interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10>...

  • Page 226: Stp Mode

    stp mode Syntax stp mode { stp | rstp | mstp } undo stp mode View System view Parameters stp: Specifies the STP-compatible mode. mstp: Specifies the MSTP mode. rstp: Specifies the RSTP-compatible mode. Description Use the stp mode command to set the operating mode of an MSTP-enabled switch. Use the undo stp mode command to restore the default operating mode of an MSTP-enabled switch.
  • Page 227 3Com switch 4500 running MSTP, the upstream designated port fails to change their states rapidly. The rapid transition feature aims to resolve this problem. When a 3Com switch 4500 running MSTP is connected in the upstream direction to another manufacture's switch adopting proprietary spanning tree protocols, you can enable the rapid transition feature on the ports of the switch 4500 operating as the downstream switch.

  • Page 228: Stp Pathcost-Standard

    <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname]stp interface Ethernet1/0/1 no-agreement-check stp pathcost-standard Syntax stp pathcost-standard { dot1d-1998 | dot1t } undo stp pathcost-standard View System view Parameters dot1d-1998: The device calculates the default path cost for ports based on IEEE 802.1d-1998. dot1t: The device calculates the default path cost for ports based on IEEE 802.1t.

  • Page 229: Stp Point-To-Point

    Link speed Operating mode (half-/full-duplex) 802.1D-1998 IEEE 802.1t Full-duplex 200,000 Aggregated link 2 ports 1,000 10 Gbps Aggregated link 3 ports Aggregated link 4 ports Normally, when a port operates in full-duplex mode, the corresponding path cost is slightly less than that when the port operates in half-duplex mode.
  • Page 230 interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument. Description Use the stp point-to-point command to specify whether the link connected to the current Ethernet port is a point-to-point link.

  • Page 231: Stp Port Priority

    stp port priority Syntax Ethernet port view: stp [ instance instance-id ] port priority priority undo stp [ instance instance-id ] port priority System view: stp interface interface-list instance instance-id port priority priority undo stp interface interface-list instance instance-id port priority View System view, Ethernet port view Parameters...

  • Page 232: Stp Portlog

    System View: return to User View with Ctrl+Z. [Sysname] stp interface Ethernet 1/0/1 instance 2 port priority 16 # Set the port priority of Ethernet 1/0/2 to Ethernet 1/0/4 in MSTI 2 to 16 in system view. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] stp interface Ethernet 1/0/2 to Ethernet 1/0/4 instance 2 port priority 16 stp portlog Syntax...

  • Page 233: Stp Priority

    Description Use the stp portlog all command to enable log and trap message output for the ports of all instances. Use the undo stp portlog all command to disable this function. By default, log and trap message output is disabled on the ports of all instances. Examples # Enable log and trap message output for the ports of all instances.

  • Page 234: Stp Root Primary

    undo stp region-configuration View System view Parameters None Description Use the stp region-configuration command to enter MST region view. Use the undo stp region-configuration command to restore the MST region-related settings to the default. MST region-related parameters include: region name, revision level, and VLAN-to-instance mapping table.

  • Page 235: Stp Root Secondary

    bridgenum: Network diameter of the specified spanning tree. This argument ranges from 2 to 7 and defaults to 7. centi-seconds: Hello time in centiseconds of the specified spanning tree. This argument ranges from 100 to 1,000 and defaults to 200. Description Use the stp root primary command to configure the current switch as the root bridge of a specified MSTI.

  • Page 236: Stp Root-Protection

    Parameters instance-id: MSTI ID ranging from 0 to 16. The value of 0 refers to the CIST. bridgenum: Network diameter of the specified spanning tree. This argument ranges from 2 to 7 and defaults to 7. centi-seconds: Hello time in centiseconds of the specified spanning tree. This argument ranges from 100 to 1,000 and defaults to 200.
  • Page 237 Parameters interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument. Description Use the stp root-protection command to enable the root guard function on the current port.

  • Page 238: Stp Tc-Protection

    <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] stp interface Ethernet 1/0/2 to Ethernet 1/0/4 root-protection stp tc-protection Syntax stp tc-protection enable stp tc-protection disable View System view Parameters None Description Use the stp tc-protection enable command to enable the TC-BPDU attack guard function. Use the stp tc-protection disable command to disable the TC-BPDU attack guard function.

  • Page 239: Stp Timer Forward-Delay

    Parameters number: Maximum number of times that a switch can remove the MAC address table and ARP entries within each 10 seconds, in the range of 1 to 255. Description Use the stp tc-protection threshold command to set the maximum number of times that a switch can remove the MAC address table and ARP entries within each 10 seconds.

  • Page 240: Stp Timer Hello

    Description Use the stp timer forward-delay command to set the forward delay of the switch. Use the undo stp timer forward-delay command to restore the forward delay to the default value. By default, the forward delay of the switch is 1,500 centiseconds. To prevent the occurrence of temporary loops, when a port changes its state from discarding to forwarding, it undergoes an intermediate state and waits for a specific period to synchronize with the state transition of the remote switches.

  • Page 241: Stp Timer Max-Age

    BPDUs at the interval specified by the hello time you have configured on it. The other none-root-bridge switches adopt the interval specified by the hello time. As for the configuration of the three time-related parameters (namely, the hello time, forward delay, and max age parameters), the following formulas must be met to prevent frequent network jitter.

  • Page 242: Stp Timer-Factor

    You are recommended to specify the network diameter of the switched network and the hello time parameter by using the stp root primary or stp root secondary command. After that, the three proper time-related parameters are automatically determined by MSTP. Related commands: stp timer forward-delay, stp timer hello, stp bridge-diameter.

  • Page 243: Stp Transmit-Limit

    stp transmit-limit Syntax Ethernet port view: stp transmit-limit packetnum undo stp transmit-limit System view: stp interface interface-list transmit-limit packetnum undo stp interface interface-list transmit-limit View System view, Ethernet port view Parameters packetnum: Maximum number of configuration BPDUs a port can transmit in each hello time. This argument ranges from 1 to 255.
  • Page 244 [Sysname] stp interface Ethernet 1/0/1 transmit-limit 15 # Set the maximum number of configuration BPDUs that can be transmitted through Ethernet 1/0/2, Ethernet 1/0/3 and Ethernet 1/0/4 in each hello time to 15 in system view. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] stp interface Ethernet 1/0/2 to Ethernet 1/0/4 transmit-limit 15 vlan-mapping modulo Syntax...
  • Page 245 [Sysname] stp region-configuration [Sysname-mst-region] vlan-mapping modulo 16 1-45...
  • Page 246 Table of Contents 1 IP Routing Table Commands····················································································································1-1 IP Routing Table Commands··················································································································1-1 display ip routing-table·····················································································································1-1 display ip routing-table acl···············································································································1-3 display ip routing-table ip-address···································································································1-5 display ip routing-table ip-address1 ip-address2·············································································1-7 display ip routing-table ip-prefix·······································································································1-7 display ip routing-table protocol·······································································································1-8 display ip routing-table radix············································································································1-9 display ip routing-table statistics····································································································1-10 display ip routing-table verbose·····································································································1-11 reset ip routing-table statistics protocol ·························································································1-12...
  • Page 247 traffic-share-across-interface·········································································································3-20 4 IP Routing Policy Configuration Commands··························································································4-1 IP Routing Policy Configuration Commands···························································································4-1 apply cost ········································································································································4-1 apply tag ··········································································································································4-2 display ip ip-prefix····························································································································4-2 display route-policy··························································································································4-3 if-match { acl | ip-prefix } ··················································································································4-4 if-match cost ····································································································································4-4 if-match interface ·····························································································································4-5 if-match ip next-hop ·························································································································4-6 if-match tag······································································································································4-6 ip ip-prefix ········································································································································4-7 route-policy ······································································································································4-8...

  • Page 248: Ip Routing Table Commands

    IP Routing Table Commands The term router in this chapter refers to a router in a generic sense or an Ethernet switch running a routing protocol. IP Routing Table Commands display ip routing-table Syntax display ip routing-table [ | { begin | exclude | include } regular-expression ] View Any view Parameters...

  • Page 249: Routing Table

    Examples # Display the summary of the current routing table. <Sysname> display ip routing-table Routing Table: public net Destination/Mask Protocol Pre Cost Nexthop Interface 1.1.1.0/24 DIRECT 1.1.1.1 Vlan-interface1 1.1.1.1/32 DIRECT 127.0.0.1 InLoopBack0 2.2.2.0/24 DIRECT 2.2.2.1 Vlan-interface2 2.2.2.1/32 DIRECT 127.0.0.1 InLoopBack0 3.3.3.0/24 DIRECT 3.3.3.1...

  • Page 250: Display Ip Routing-Table Acl

    Field Description Protocol Routing protocol Route preference Cost Route cost Nexthop Next hop address Output interface, through which the data packets Interface destined for the destination network segment are sent display ip routing-table acl Syntax display ip routing-table acl acl-number [ verbose ] View Any view Parameters...
  • Page 251 <Sysname> display ip routing-table acl 2100 verbose Routes matched by access-list 2100: + = Active Route, - = Last Active, # = Both * = Next hop in use Summary count: 3 **Destination: 192.168.1.0 Mask: 255.255.255.0 Protocol: #DIRECT Preference: 0 *NextHop: 192.168.1.2 Interface: 192.168.1.2(Vlan-interface2) State: <Int ActiveU Retain Unicast>...

  • Page 252: Display Ip Routing-Table Ip-Address

    Field Description Description of route state: ActiveU An active unicast route, where “U” represents unicast. A blackhole route is similar to a reject route, but no ICMP Blackhole unreachable message is sent to the source. Delete A route is to be deleted. Gateway An indirect route.
  • Page 253 Parameters ip-address: Destination IP address, in dotted decimal notation. mask: Subnet mask, in dotted decimal notation. mask-length: Length of a subnet mask, in the range of 0 to 32. longer-match: Specifies all the routes that lead to the destination address and match the specified mask.

  • Page 254: Display Ip Routing-Table Ip-Address1 Ip-Address2

    display ip routing-table ip-address1 ip-address2 Syntax display ip routing-table ip-address1 { mask1 | mask-length1 } ip-address2 { mask2 | mask-length2 } [ verbose ] View Any view Parameters ip-address1, ip-address2: Destination IP address in dotted decimal notation. ip-address1 {mask1 | mask-length1} and ip-address2 {mask2 | mask-length2} determine one address range together.

  • Page 255: Display Ip Routing-Table Protocol

    verbose: With this keyword specified, detailed information of routes in the active or inactive state that match the IP prefix list is displayed. With this keyword not specified, brief information of only the routes in the active state that match the prefix list is displayed. Description Use the display ip routing-table ip-prefix command to display the information of routes matching the specified IP prefix list.

  • Page 256: Display Ip Routing-Table Radix

    Parameters protocol: You can provide one of the following values for this argument. direct: Displays direct-connect route information rip: Displays RIP route information. static: Displays static route information. inactive: With this argument provided, this command displays the inactive route information. Without this argument provided, this command displays both active and inactive route information.

  • Page 257: Display Ip Routing-Table Statistics

    Examples <Sysname> display ip routing-table radix Radix tree for INET (2) inodes 7 routes 5: +-32+--{210.0.0.1 +--0+ | | +--8+--{127.0.0.0 | | | +-32+--{127.0.0.1 | +--1+ +--8+--{20.0.0.0 +-32+--{20.1.1.1 Table 1-3 Description on the fields of the display ip routing-table radix command Field Description INET...

  • Page 258: Display Ip Routing-Table Verbose

    Table 1-4 Description on the fields of the display ip routing-table statistics command Field Description Proto Routing protocol type Route Total number of routes Active Number of active routes Number of routes added after the router is rebooted or the routing table Added is cleared last time.

  • Page 259: Reset Ip Routing-Table Statistics Protocol

    Protocol: #DIRECT Preference: 0 *NextHop: 2.2.2.1 Interface: 2.2.2.1(Vlan-interface2) State: <Int ActiveU Retain Unicast> Age: 20:08:05 Cost: 0/0 For descriptions of route states, see Table 1-2. Table 1-5 lists the statistics of the routing table. Table 1-5 Description on the fields of the display ip routing-table verbose command Field Description Holddown...
  • Page 260 Routing tables: Proto route active added deleted DIRECT STATIC Total The above information shows that the routing statistics in the IP routing table is cleared. 1-13...

  • Page 261: Static Route Configuration Commands

    Static Route Configuration Commands The term router in this chapter refers to a router in a generic sense or an Ethernet switch running a routing protocol. Static Route Configuration Commands delete static-routes all Syntax delete static-routes all View System view Parameters None Description...

  • Page 262: Ip Route-Static

    ip route-static Syntax ip route-static ip-address { mask | mask-length } { interface-type interface-number | next-hop } [ preference preference-value ] [ reject | blackhole ] [ detect-group group number ] [ description text ] undo ip route-static ip-address { mask | mask-length } [ interface-type interface-number | next-hop ] [ preference preference-value ] View System view...
  • Page 263 By default, the system can obtain the subnet route directly connected to the router. When you configure a static route, if no preference is specified for the route, the preference defaults to 60, and if the route is not specified as reject or blackhole, the route will be reachable by default. When configuring a static route, note the following points: If the destination IP address and the mask are both 0.0.0.0, what you are configuring is a default route.

  • Page 264: Rip Configuration Commands

    RIP Configuration Commands The term router in this chapter refers to a router in a generic sense or an Ethernet switch running a routing protocol. RIP Configuration Commands checkzero Syntax checkzero undo checkzero View RIP view Parameters None Description Use the checkzero command to enable the must be zero field check for RIP-1 packets. Use the undo checkzero command to disable the must be zero field check for RIP-1 packets.

  • Page 265: Default Cost

    default cost Syntax default cost value undo default cost View RIP view Parameters value: Default cost, in the range of 1 to 16. Description Use the default cost command to set the default cost for redistributed routes. Use the undo default cost command to restore the default. By default, the default cost of a redistributed route is 1.

  • Page 266: Traffic-Share-Across-Interface

    <Sysname> display rip RIP is running Checkzero is on Default cost : 1 Summary is on Preference : 100 Traffic-share-across-interface is off Period update timer : 30 Timeout timer : 180 Garbage-collection timer : 120 No peer router Network : 202.38.168.0 Table 3-1 Description on the fields of the display rip command Field...

  • Page 267: Display Rip Interface

    display rip interface Syntax display rip interface View Any view Parameters None Description Use the display rip interface command to display RIP interface information. Examples # Display RIP interface information. <Sysname> display rip interface RIP Interface: public net Address Interface MetrIn/Out Input Output Split-horizon 1.0.0.1...

  • Page 268: Filter-Policy Export

    View Any view Parameters None Description Use the display rip routing command to display RIP routing information. Examples # Display the information of the RIP routing table. <Sysname> display rip routing RIP routing table: public net A = Active I = Inactive G = Garbage collection C = Change T = Trigger RIP...

  • Page 269: Filter-Policy Import

    View RIP view Parameters acl-number: Number of the basic or advanced ACL used to filter routing information by destination address, in the range of 2000 to 3999. ip-prefix-name: Name of the address ip-prefix list used to filter routing information by destination address, a string of 1 to 19 characters.

  • Page 270: Host-Route

    Parameters acl-number: Number of the ACL used to filter routing information by destination address, in the range of 2000 to 3999. ip-prefix-name: Name of the address prefix list used to filter routing information by destination address, a string of 1 to 19 characters. gateway ip-prefix-name: Name of the address prefix list used to filter routing information by the address of the neighbor router advertising the information, a string of 1 to 19 characters.

  • Page 271: Import-Route

    By default, RIP is enabled to receive host routes. In some special cases, RIP receives a great number of host routes from the same network segment. These routes are of little help to addressing but occupy a lot of resources. In this case, the undo host-route command can be used to disable RIP from receiving host routes to save network resources.

  • Page 272: Network

    network Syntax network network-address undo network network-address View RIP view Parameters network-address: Network/IP address of an interface, in dotted decimal notation. Description Use the network command to enable RIP on an interface attached to the specified network segment. Use the undo network command to disable RIP on the interface attached to the specified network segment.

  • Page 273: Preference

    Description Use the peer command to specify the IP address of a neighbor, where routing updates destined for the peer are unicast, rather than multicast or broadcast. Use the undo peer command to remove the IP address of a neighbor. By default, no neighbor is specified.

  • Page 274: Reset

    reset Syntax reset View RIP view Parameters None Description Use the reset command to reset the system configuration parameters of RIP. When you need to re-configure the parameters of RIP, you can use this command to restore the default. Examples # Reset the RIP system configuration.

  • Page 275: Rip Authentication-Mode

    Note that the interface-related parameters configured previously would be invalid after RIP is disabled. Examples # Enable RIP and enter RIP view. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] rip [Sysname-rip] rip authentication-mode Syntax rip authentication-mode { simple password | md5 { rfc2082 key-string key-id | rfc2453 key-string } } undo rip authentication-mode View Interface view...

  • Page 276: Rip Input

    Related commands: rip version. You can configure RIPv1 authentication mode in interface view, but the configuration will not take effect because RIPv1 does not support authentication. Examples # Specify the interface VLAN-interface 10 to use the simple authentication with the authentication key of aaa.

  • Page 277: Rip Metricin

    System View: return to User View with Ctrl+Z. [Sysname]interface Vlan-interface 10 [Sysname-Vlan-interface10] undo rip input rip metricin Syntax rip metricin value undo rip metricin View Interface view Parameters value: Additional metric of RIP routes received on an interface, in the range of 0 to 16. Description Use the rip metricin command to configure an additional metric for RIP routes received on an interface.

  • Page 278: Rip Output

    Description Use the rip metricout command to configure an additional metric for RIP routes sent out of an interface. Use the undo rip metricout command to restore the default. By default, the additional metric of RIP routes sent out of an interface is 1. With the command configured on an interface, the metric of RIP routes sent on the interface will be increased.

  • Page 279: Rip Split-Horizon

    rip split-horizon Syntax rip split-horizon undo rip split-horizon View Interface view Parameters None Description Use the rip split-horizon command to enable the split horizon function. Use the undo rip split-horizon command to disable the split horizon function. By default, the split horizon function is enabled. The split horizon function disables an interface from sending routes received from the interface to prevent routing loops between adjacent routers.

  • Page 280: Rip Work

    Use the undo rip version command to restore the default. By default, the version of RIP running on an interface is RIP-1 and RIP-1 packets are sent in the broadcast mode. If RIP-2 runs on an interface, RIP packets are sent in the multicast mode by default, which reduces resource consumption.

  • Page 281: Summary

    Use the undo rip work command to disable the interface from neither receiving nor sending RIP packets. By default, all interfaces except loopback interfaces are enabled to receive and send RIP packets. The differences between the rip work, rip input, and rip output commands are as follows: The rip work command controls the receiving and sending of RIP packets on an interface.

  • Page 282: Timers

    [Sysname] interface Vlan-interface 10 [Sysname-Vlan-interface10] rip version 2 [Sysname-Vlan-interface10] quit [Sysname] rip [Sysname-rip] undo summary timers Syntax timers { update update-timer | timeout timeout-timer } * undo timers { update | timeout } * View RIP view Parameters update-timer: Length of the Period Update timer in seconds, in the range of 1 to 3600. timeout-timer: Length of the Timeout timer in seconds, in the range of 1 to 3600.
  • Page 283 traffic-share-across-interface Syntax traffic-share-across-interface undo traffic-share-across-interface View RIP view Parameters None Description Use the traffic-share-across-interface command to enable traffic to be forwarded along multiple equivalent RIP routes. Use the undo traffic-share-across-interface command to disable this function. By default, this function is disabled. When the number of equivalent routes reaches the upper limit: If this function is enabled, the newly learned equivalent route replaces the existing equivalent route in the routing table.

  • Page 284: Ip Routing Policy Configuration Commands

    IP Routing Policy Configuration Commands The term router in this chapter refers to a router in a generic sense or an Ethernet switch running a routing protocol. IP Routing Policy Configuration Commands apply cost Syntax apply cost value undo apply cost View Route policy view Parameters...

  • Page 285: Apply Tag

    apply tag Syntax apply tag value undo apply tag View Route policy view Parameters value: Tag value of a route, in the range of 0 to 4294967295. Description Use the apply tag command to configure a tag for a route. Use the undo apply tag command to remove the configuration.

  • Page 286: Display Route-Policy

    Examples # Display the information about the address prefix list named p1. <Sysname> display ip ip-prefix p1 name index conditions ip-prefix / mask permit 10.1.0.0/16 Table 4-1 Description on the fields of the display ip ip-prefix command Field Description name Name of an IP-prefix index Internal sequence number of an IP-prefix...

  • Page 287: If-Match { Acl | Ip-Prefix

    Table 4-2 Description on the fields of the display route-policy command Field Description Route-policy Name of a routing policy Information about the routing policy with the matching mode configured as permit and the node as 10. Permit 10 if-match (ip-prefix) p1 Matching conditions Apply the cost 100 to the routes satisfying the apply cost 100...

  • Page 288: If-Match Interface

    View Route policy view Parameters value: Route cost, in the range of 0 to 4294967295. Description Use the if-match cost command to configure a cost matching rule for routing information. Use the undo if-match cost command to remove the configuration. By default, no cost matching rule is defined.

  • Page 289: If-Match Ip Next-Hop

    System View: return to User View with Ctrl+Z. [Sysname] route-policy policy permit node 1 %New sequence of this list [Sysname-route-policy] if-match interface Vlan-interface 1 if-match ip next-hop Syntax if-match ip next-hop { acl acl-number | ip-prefix ip-prefix-name } undo if-match ip next-hop [ ip-prefix ] View Route policy view Parameters...

  • Page 290: Ip Ip-Prefix

    Parameters value: Tag value, in the range of 0 to 4294967295. Description Use the if-match tag command to configure the tag matching rule for routing information. Use the undo if-match tag command to remove the matching rule. By default, no the tag matching rule for routing information is defined. Related commands: if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, route-policy, apply cost, apply tag.

  • Page 291: Route-Policy

    to", and the meaning of less-equal is "less than or equal to". The range is len <= greater-equal <= less-equal <= 32. When only greater-equal is used, it denotes the prefix range [greater-equal, 32]. When only less-equal is used, it denotes the prefix range [len, less-equal]. When both greater-equal and less-equal are specified, the prefix range is [ less-equal,greater-equal ].
  • Page 292 node: Specifies a node index in a routing policy. node-number: Index of the node in a routing policy, in the range 0 to 2047. When this routing policy is used, the node with smaller node-number will be matched first. Description Use the route-policy command to create a routing policy or enter the Route-policy view.
  • Page 293 Table of Contents 1 Common Multicast Configuration Commands ·······················································································1-1 Common Multicast Configuration Commands ························································································1-1 display mac-address multicast static·······························································································1-1 display multicast-source-deny ·········································································································1-2 mac-address multicast interface······································································································1-2 mac-address multicast vlan ·············································································································1-3 multicast-source-deny ·····················································································································1-4 unknown-multicast drop enable·······································································································1-5 2 IGMP Snooping Configuration Commands ····························································································2-1 IGMP Snooping Configuration Commands·····························································································2-1 display igmp-snooping configuration ·······························································································2-1 display igmp-snooping group ··········································································································2-2 display igmp-snooping statistics······································································································2-3...

  • Page 294: Common Multicast Configuration Commands

    Common Multicast Configuration Commands Common Multicast Configuration Commands display mac-address multicast static Syntax display mac-address multicast [ static [ [ mac-address ] vlan vlan-id ] [ count ] ] View Any view Parameters mac-address: Displays the static multicast MAC entry information for the specified MAC address. Without this argument provided, this command displays the information of all static multicast MAC entries in the specified VLAN.

  • Page 295: Display Multicast-Source-Deny

    Field Description State of the MAC address, which includes only STATE Config static, indicating that the table entry is manually added. Ports out which the multicast packets destined PORT INDEX for the multicast MAC address are forwarded State of the aging timer. The aging timer for static multicast MAC addresses has only one AGING TIME(s) state: NOAGED, indicating that the entry never...

  • Page 296: Mac-Address Multicast Vlan

    View System view Parameters mac-address: Multicast MAC address, in the form of H-H-H. interface interface-list: Specifies forwarding ports for the specified multicast MAC group address. With the interface-list argument, you can define one or more individual ports (in the form of interface-type interface-number) and/or one or more port ranges (in the form of interface-type interface-number1 to interface-type interface-number2, where interface-number2 must be greater than interface-number1).

  • Page 297: Multicast-Source-Deny

    Use the undo mac-address multicast vlan command to remove the specified multicast MAC address entry or all multicast MAC address entries on the current port. Each multicast MAC address entry contains the multicast address, forwarding port, and VLAN ID information. Related commands: display mac-address multicast static.

  • Page 298: Unknown-Multicast Drop Enable

    Examples # Enable the multicast source port suppression feature on all the ports of the switch. <Sysname>system-view System View: return to User View with Ctrl+Z. [Sysname] multicast-source-deny # Enable the multicast source port suppression feature on Ethernet 1/0/1 through Ethernet 1/0/10 and on Ethernet 1/0/12.

  • Page 299: Igmp Snooping Configuration Commands

    IGMP Snooping Configuration Commands IGMP Snooping Configuration Commands display igmp-snooping configuration Syntax display igmp-snooping configuration View Any view Parameters None Description Use the display igmp-snooping configuration command to display IGMP Snooping configuration information. If IGMP Snooping is disabled on this switch, this command displays a message showing that IGMP Snooping is not enabled.

  • Page 300: Display Igmp-Snooping Group

    display igmp-snooping group Syntax display igmp-snooping group [ vlan vlan-id ] View Any view Parameters vlan vlan-id: Specifies the VLAN in which the multicast group information is to be displayed, where vlan-id ranges from 1 to 4094.. If you do not specify a VLAN, this command displays the multicast group information of all VLANs.

  • Page 301: Display Igmp-Snooping Statistics

    Field Description Total number of MAC multicast groups in all Total 1 MAC Group(s). VLANs ID of the VLAN whose multicast group Vlan(id): information is displayed Total 1 IP Group(s). Total number of IP multicast groups in VLAN 100 Total number of MAC multicast groups in VLAN Total 1 MAC Group(s).

  • Page 302: Igmp-Snooping

    Examples # Display IGMP Snooping statistics. <Sysname> display igmp-snooping statistics Received IGMP general query packet(s) number:1. Received IGMP specific query packet(s) number:0. Received IGMP V1 report packet(s) number:0. Received IGMP V2 report packet(s) number:3. Received IGMP leave packet(s) number:0. Received error IGMP packet(s) number:0. Sent IGMP specific query packet(s) number:0.

  • Page 303: Igmp-Snooping Fast-Leave

    Although both Layer 2 and Layer 3 multicast protocols can run on the same switch simultaneously, they cannot run simultaneously in the same VLAN and on the corresponding VLAN interface. Before enabling IGMP Snooping in a VLAN, be sure to enable IGMP Snooping globally in system view;...

  • Page 304: Igmp-Snooping General-Query Source-Ip

    The fast leave processing function works for a port only if the host attached to the port runs IGMPv2 or IGMPv3. The configuration performed in system view takes effect on all ports of the switch if no VLAN is specified; if one or more VLANs are specified, the configuration takes effect on all ports in the specified VLAN(s).

  • Page 305: Igmp-Snooping Group-Limit

    By default, the Layer 2 multicast switch sends general query messages with the source IP address of 0.0.0.0. Related commands: igmp-snooping querier, igmp-snooping query-interval. Examples # Configure the switch to send general query messages with the source IP address 2.2.2.2 in VLAN 3. <Sysname>...

  • Page 306: Igmp-Snooping Group-Policy

    To prevent bursting traffic in the network or performance deterioration of the device caused by excessive multicast groups, you can set the maximum number of multicast groups that the switch should process. When the number of multicast groups exceeds the configured limit, the switch removes its multicast forwarding entries starting from the oldest one.
  • Page 307 The ACL rule defines a multicast address or a multicast address range (for example 224.0.0.1 to 239.255.255.255) and is used to: Allow the port(s) to join only the multicast group(s) defined in the rule by a permit statement. Inhibit the port(s) from joining the multicast group(s) defined in the rule by a deny statement. A port can belong to multiple VLANs, you can configure only one ACL rule per VLAN on a port.

  • Page 308: Igmp-Snooping Host-Aging-Time

    [Sysname-acl-basic-2001] quit Create VLAN 2 and add Ethernet1/0/2 to VLAN 2. [Sysname] vlan 2 [Sysname-vlan2] port Ethernet 1/0/2 [Sysname-vlan2] quit Configure ACL 2001 on Ethernet1/0/2 to it to join any IGMP multicast groups except those defined in the deny rule of ACL 2001. [Sysname] interface Ethernet 1/0/2 [Sysname-Ethernet1/0/2] igmp-snooping group-policy 2001 vlan 2 igmp-snooping host-aging-time...

  • Page 309: Igmp-Snooping Nonflooding-Enable

    Parameters seconds: Maximum response time in IGMP general queries, in the range of 1 to 25. Description Use the igmp-snooping max-response-time command to configure the maximum response time in IGMP general queries. Use the undo igmp-snooping max-response-time command to restore the default. By default, the maximum response time in IGMP general queries is 10 seconds.

  • Page 310: Igmp-Snooping Querier

    If the function of dropping unknown multicast packets or the XRN fabric function is enabled, you cannot enable the IGMP Snooping non-flooding function. The IGMP Snooping non-flooding function and the multicast source port suppression function cannot take effect at the same time. If both are configured, only the multicast source port suppression function takes effect.

  • Page 311: Igmp-Snooping Query-Interval

    <Sysname> system-view System view, return to user view with Ctrl+Z. [Sysname] igmp-snooping enable [Sysname] vlan 3 [Sysname-vlan3] igmp-snooping enable [Sysname-vlan3] igmp-snooping querier igmp-snooping query-interval Syntax igmp-snooping query-interval seconds undo igmp-snooping query-interval View VLAN view Parameters seconds: IGMP query interval, ranging from 1 to 300, in seconds. Description Use the igmp-snooping query-interval command to configure the IGMP query interval, namely the interval at which the switch sends IGMP general queries.

  • Page 312: Igmp-Snooping Version

    View System view Parameters seconds: Aging time of router ports, in the range of 1 to 1,000, in seconds. Description Use the igmp-snooping router-aging-time command to configure the aging time of router ports. Use the undo igmp-snooping router-aging-time command to restore the default aging time. By default, the aging time of router ports is 105 seconds.

  • Page 313: Igmp-Snooping Vlan-Mapping

    [Sysname] vlan 100 [Sysname -vlan100] igmp-snooping enable [Sysname -vlan100] igmp-snooping version 3 igmp-snooping vlan-mapping Syntax igmp-snooping vlan-mapping vlan vlan-id undo igmp-snooping vlan-mapping View System view Parameters vlan vlan-id: VLAN ID, in the range of 1 to 4094. Description Use the igmp-snooping vlan-mapping vlan command to configure to transmit IGMP general and group-specific query messages in a specific VLAN.

  • Page 314: Multicast Static-Group Interface

    Description Use the igmp host-join command to configure the current port as a specified multicast group or source and group member, namely configure the port as simulated member host for a specified multicast group or source and group member. Use the undo igmp host-join command to remove the current port as a simulated member host for the specified multicast group or source-group.

  • Page 315: Multicast Static-Group Vlan

    interface interface-list: Specifies a port list. With the interface-list argument, you can define one or more individual ports (in the form of interface-type interface-number) and/or one or more port ranges (in the form of interface-type interface-number1 to interface-type interface-number2, where interface-number2 must be greater than interface-number1).

  • Page 316: Multicast Static-Router-Port

    Description Use the multicast static-group vlan command to configure the current port as a static member port for the specified multicast group and specify the VLAN the port belongs to. Use the undo multicast static-group vlan command to remove the current port in the specified VLAN as a static member port for the specified multicast group.

  • Page 317: Multicast Static-Router-Port Vlan

    Description Use the multicast static-router-port command to configure the specified port in the current VLAN as a static router port. Use the undo multicast static-router-port command to remove the specified port in the current VLAN as a static router port. By default, a port is not a static router port.

  • Page 318: Reset Igmp-Snooping Statistics

    System View: return to User View with Ctrl+Z. [Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] multicast static-router-port vlan 10 reset igmp-snooping statistics Syntax reset igmp-snooping statistics View User view Parameters None Description Use the reset igmp-snooping statistics command to clear IGMP Snooping statistics. Related commands: display igmp-snooping statistics.
  • Page 319 One port belongs to only one multicast VLAN. The port connected to a user terminal must be a hybrid port. The multicast member port must be in the same multicast VLAN with the router port. Otherwise, the port cannot receive multicast packets. If a router port is in a multicast VLAN, the router port must be configured as a trunk port or a hybrid port that allows tagged packets to pass for the multicast VLAN.
  • Page 320 Table of Contents 1 802.1x Configuration Commands ············································································································1-1 802.1x Configuration Commands ···········································································································1-1 display dot1x····································································································································1-1 dot1x ················································································································································1-4 dot1x authentication-method ···········································································································1-5 dot1x dhcp-launch ···························································································································1-6 dot1x guest-vlan ······························································································································1-7 dot1x handshake ·····························································································································1-8 dot1x max-user································································································································1-9 dot1x port-control···························································································································1-10 dot1x port-method ·························································································································1-11 dot1x quiet-period··························································································································1-12 dot1x retry······································································································································1-12 dot1x retry-version-max·················································································································1-13 dot1x re-authenticate·····················································································································1-14 dot1x supp-proxy-check ················································································································1-15 dot1x timer·····································································································································1-17...
  • Page 321 system-guard l3err enable···············································································································4-6 system-guard tcn enable ·················································································································4-7 system-guard tcn rate-threshold······································································································4-7...

  • Page 322: 802.1X Configuration Commands

    802.1x Configuration Commands 802.1x Configuration Commands display dot1x Syntax display dot1x [ sessions | statistics ] [ interface interface-list ] View Any view Parameters sessions: Displays the information about 802.1x sessions. statistics: Displays the statistics on 802.1x. interface: Display the 802.1x-related information about a specified port. interface-list: Ethernet port list, in the form of interface-list= { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, in which interface-type specifies the type of an Ethernet port and interface-number is the number of the port.

  • Page 323: The Switch

    Configuration: Transmit Period 30 s, Handshake Period 15 s ReAuth Period 3600 s, ReAuth MaxTimes Quiet Period 60 s, Quiet Period Timer is disabled Supp Timeout 30 s, Server Timeout 100 s Interval between version requests is 30s Maximal request times for version information is 3 The maximal retransmitting times EAD Quick Deploy configuration: Url: http: //192.168.19.23...
  • Page 324 Field Description DHCP-triggered. 802.1x authentication is DHCP-launch is disabled disabled. The online user handshaking function is Handshake is enabled enabled. Whether or not to send Trap packets when detecting a supplicant system logs in through a proxy. Disable means the switch does not send Trap Proxy trap checker is disabled packets when it detects that a supplicant system logs in through a proxy.

  • Page 325: Dot1X

    Field Description 802.1X protocol is disabled 802.1x is disabled on the port Whether or not to send Trap packets when detecting a supplicant system in logging in through a proxy. Disable means the switch does not send Trap Proxy trap checker is disabled packets when it detects that a supplicant system logs in through a proxy.

  • Page 326: Dot1X Authentication-Method

    port and interface-number is the number of the port. The string “&<1-10>” means that up to 10 port lists can be provided. Description Use the dot1x command to enable 802.1x globally or for specified Ethernet ports. Use the undo dot1x command to disable 802.1x globally or for specified Ethernet ports. By default, 802.1x is disabled globally and also on all ports.

  • Page 327: Dot1X Dhcp-Launch

    View System view Parameters chap: Authenticates using challenge handshake authentication protocol (CHAP). pap: Authenticates using password authentication protocol (PAP). eap: Authenticates using extensible authentication protocol (EAP). Description Use the dot1x authentication-method command to set the 802.1x authentication method. Use the undo dot1x authentication-method command to revert to the default 802.1x authentication method.

  • Page 328: Dot1X Guest-Vlan

    Parameters None Description Use the dot1x dhcp-launch command to specify an 802.1x-enabled switch to launch the process to authenticate a supplicant system when the supplicant system applies for a dynamic IP address through DHCP. Use the undo dot1x dhcp-launch command to disable an 802.1x-enabled switch from authenticating a supplicant system when the supplicant system applies for a dynamic IP address through DHCP.

  • Page 329: Dot1X Handshake

    In system view, If you do not provide the interface-list argument, these two commands apply to all the ports of the switch. If you specify the interface-list argument, these two commands apply to the specified ports. In Ethernet port view, the interface-list argument is not available and these two commands apply to only the current Ethernet port.

  • Page 330: Dot1X Max-User

    To enable the proxy detecting function, you need to enable the online user handshaking function first. With the support of H3C proprietary clients, handshaking packets can be used to test whether or not a user is online. As clients that are not of H3C do not support the online user handshaking function, switches cannot receive handshaking acknowledgement packets from them in handshaking periods.

  • Page 331: Dot1X Port-Control

    In Ethernet port view, the interface-list argument is not available and the commands apply to only the current port. Related commands: display dot1x. Examples # Configure the maximum number of users that Ethernet 1/01 port can accommodate to be 32. <Sysname>...

  • Page 332: Dot1X Port-Method

    In Ethernet port view, the interface-list argument is not available and the commands apply to only the current Ethernet port. Related commands: display dot1x. Examples # Specify Ethernet 1/0/1 to operate in unauthorized-force access control mode. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] dot1x port-control unauthorized-force interface Ethernet 1/0/1 dot1x port-method Syntax...

  • Page 333: Dot1X Quiet-Period

    Use the undo dot1x quiet-period command to disable the quiet-period timer. When a user fails to pass the authentication, the authenticator system (such as a 3Com switch) will stay quiet for a period (determined by the quiet-period timer) before it performs another authentication.

  • Page 334: Dot1X Retry-Version-Max

    Parameters max-retry-value: Maximum number of times that a switch sends authentication request packets to a user. This argument ranges from 1 to 10. Description Use the dot1x retry command to specify the maximum number of times that a switch sends authentication request packets to a user.

  • Page 335: Dot1X Re-Authenticate

    Related commands: display dot1x, dot1x timer. Examples # Configure the maximum number of times that the switch sends version request packets to 6. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] dot1x retry-version-max 6 dot1x re-authenticate Syntax dot1x re-authenticate [ interface interface-list ] undo dot1x re-authenticate [ interface interface-list ] View...

  • Page 336: Dot1X Supp-Proxy-Check

    Examples # Enable 802.1x re-authentication on port Ethernet 1/0/1. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] dot1x 802.1X is enabled globally. [Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] dot1x 802.1X is enabled on port Ethernet1/0/1 already. [Sysname-Ethernet1/0/1] dot1x re-authenticate Re-authentication is enabled on port Ethernet1/0/1 dot1x supp-proxy-check Syntax...
  • Page 337 The proxy checking function takes effect on a port only when the function is enabled both globally and on the port. 802.1x proxy checking checks for: Users logging in through proxies Users logging in through IE proxies Whether or not a user logs in through multiple network adapters (that is, when the user attempts to log in, it contains more than one active network adapters.) A switch can optionally take the following actions in response to any of the above three cases: Only disconnects the user but sends no Trap packets, which can be achieved by using the dot1x...

  • Page 338: Dot1X Timer

    dot1x timer Syntax dot1x timer { handshake-period handshake-period-value | quiet-period quiet-period-value | server-timeout server-timeout-value | supp-timeout supp-timeout-value | tx-period tx-period-value | ver-period ver-period-value } undo dot1x timer { handshake-period | quiet-period | server-timeout | supp-timeout | tx-period | ver-period } View System view Parameters...

  • Page 339: Dot1X Timer Reauth-Period

    authenticates the 802.1x client who cannot request for authentication actively. The switch sends multicast request/identity packets periodically through the port enabled with 802.1x function. In this case, this timer sets the interval to send the multicast request/identity packets. The tx-period-value argument ranges from 1 to 120 (in seconds). By default, the transmission timer is set to 30 seconds.

  • Page 340: Dot1X Version-Check

    Use the undo dot1x timer reauth-period command to restore the default 802.1x re-authentication interval. By default, the 802.1x re-authentication interval is 3,600 seconds. Examples # Set the 802.1x re-authentication interval to 150 seconds. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] dot1x timer reauth-period 150 dot1x version-check Syntax...

  • Page 341: Reset Dot1X Statistics

    reset dot1x statistics Syntax reset dot1x statistics [ interface interface-list ] View User view Parameters interface-list: Ethernet port list, in the form of interface-list= { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, in which interface-type specifies the type of an Ethernet port and interface-number is the number of the port.

  • Page 342: Quick Ead Deployment Configuration Commands

    Quick EAD Deployment Configuration Commands Quick EAD Deployment Configuration Commands dot1x free-ip Syntax dot1x free-ip ip-address { mask-address | mask-length } undo dot1x free-ip [ ip-address { mask-address | mask-length } ] View System view Parameters ip-address: Free IP address, in dotted decimal notation. mask-address: Subnet mask of the free IP address, in dotted decimal notation.

  • Page 343: Dot1X Timer Acl-Timeout

    dot1x timer acl-timeout Syntax dot1x timer acl-timeout acl-timeout-value undo dot1x timer acl-timeout View System view Parameters acl-timeout-value: ACL timeout period (in minutes), in the range of 1 to 1440. Description Use the dot1x timer acl-timeout command to configure the ACL timeout period. Use the undo dot1x timer acl-timeout command to restore the default.
  • Page 344 System View: return to User View with Ctrl+Z. [Sysname] dot1x url http://192.168.19.23...

  • Page 345: Habp Configuration Commands

    HABP Configuration Commands HABP Configuration Commands display habp Syntax display habp View Any view Parameters None Description Use the display habp command to display HABP configuration and status. Examples # Display HABP configuration and status. <Sysname> display habp Global HABP information: HABP Mode: Server Sending HABP request packets every 20 seconds Bypass VLAN: 2...

  • Page 346: Display Habp Table

    display habp table Syntax display habp table View Any view Parameters None Description Use the display habp table command to display the MAC address table maintained by HABP. Examples # Display the MAC address table maintained by HABP. <Sysname> display habp table Holdtime Receive Port 001f-3c00-0030...

  • Page 347: Habp Enable

    HABP counters : Packets output: 0, Input: 0 ID error: 0, Type error: 0, Version error: 0 Sent failed: 0 Table 3-3 Description on the fields of the display habp traffic command Field Description Packets output Number of the HABP packets sent Input Number of the HABP packets received ID error...

  • Page 348: Habp Server Vlan

    habp server vlan Syntax habp server vlan vlan-id undo habp server View System view Parameters vlan-id: VLAN ID, ranging from 1 to 4094. Description Use the habp server vlan command to configure a switch to operate as an HABP server. This command also specifies the VLAN where HABP packets are broadcast.
  • Page 349 Examples # Configure the switch to send HABP request packets once in every 50 seconds <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] habp timer 50...

  • Page 350: System Guard Configuration Commands

    System Guard Configuration Commands System Guard Configuration Commands display system-guard ip state Syntax display system-guard ip state View Any view Parameters None Description Use the display system-guard ip state command to view the monitoring result and parameter settings of System Guard against IP attacks. Examples # View the monitoring result and parameter settings of System Guard against IP attacks.

  • Page 351: Display System-Guard Ip-Record

    display system-guard ip-record Syntax display system-guard ip-record View Any view Parameters None Description Use the display system-guard ip-record command to view the information about IP packets received by the CPU in the current monitoring cycle. Examples # View the information about IP packets received by the CPU in the current monitoring cycle. <Sysname>...

  • Page 352: Display System-Guard Tcn State

    Parameters None Description Use the display system-guard l3err state command to view the status of Layer 3 error control. Examples # View the status of Layer 3 error control. <Sysname> display system-guard l3err state System-guard l3err status: enabled display system-guard tcn state Syntax display system-guard tcn state View...

  • Page 353: System-Guard Ip Detect-Threshold

    Use the undo system-guard ip detect-maxnum command to restore the maximum number of infected hosts that can be monitored to the default setting. By default, System Guard can monitor a maximum of 30 infected hosts. Examples # Set the maximum number of infected hosts that can be concurrently monitored to 50. <Sysname>...

  • Page 354: System-Guard Ip Enable

    The correlations among the arguments of the system-guard ip detect-threshold command can be clearly described with this example: If you set ip-record-threshold, record-times-threshold and isolate-time to 30, 1 and 3 respectively, when the system detects successively three times that over 50 IP packets (destined for an address other that an IP address of the switch) from a source IP address are received within a period of 10 seconds, the system considers to be attacked —...

  • Page 355: System-Guard L3Err Enable

    System View: return to User View with Ctrl+Z. [Sysname] system-guard ip enable system-guard l3err enable Syntax system-guard l3err enable undo system-guard l3err enable View System view Parameters None Description Use the system-guard l3err enable command to enable Layer 3 error control. Use the undo system-guard l3err enable command to disable Layer 3 error control.

  • Page 356: System-Guard Tcn Enable

    system-guard tcn enable Syntax system-guard tcn enable undo system-guard tcn enable View System view Parameters None Description Use the system-guard tcn enable command to enable System Guard against TCN attacks. Use the undo system-guard tcn enable command to disable System Guard against TCN attacks. With this feature enabled, System Guard monitors the TCN/TC packet receiving rate on the ports.
  • Page 357 Use the undo system-guard tcn rate-threshold command to restore the default threshold of TCN/TC packet receiving rate. By default, the default threshold of TCN/TC packet receiving rate is 1 pps. As the system monitoring cycle is 10 seconds, the system sends trap or log information, by default, if more than 10 TCN/TC packets are received within 10 seconds.
  • Page 358 Table of Contents 1 AAA Configuration Commands················································································································1-1 AAA Configuration Commands ···············································································································1-1 access-limit······································································································································1-1 accounting ·······································································································································1-2 accounting optional··························································································································1-3 attribute············································································································································1-3 authentication ··································································································································1-5 authorization ····································································································································1-6 authorization vlan ····························································································································1-6 cut connection ·································································································································1-7 display connection ···························································································································1-8 display domain·······························································································································1-10 display local-user···························································································································1-11 domain ···········································································································································1-13 idle-cut ···········································································································································1-14 level ···············································································································································1-15 local-user ·······································································································································1-16 local-user password-display-mode································································································1-17 messenger·····································································································································1-18...
  • Page 359 primary authentication ···················································································································1-41 radius client ···································································································································1-42 radius nas-ip ··································································································································1-42 radius scheme ·······························································································································1-43 radius trap······································································································································1-44 reset radius statistics ·····················································································································1-45 reset stop-accounting-buffer··········································································································1-46 retry················································································································································1-46 retry realtime-accounting ···············································································································1-47 retry stop-accounting ·····················································································································1-49 secondary accounting····················································································································1-49 secondary authentication···············································································································1-50 server-type·····································································································································1-51 state ···············································································································································1-52 stop-accounting-buffer enable·······································································································1-53 timer···············································································································································1-53 timer quiet······································································································································1-54 timer realtime-accounting ··············································································································1-55 timer response-timeout··················································································································1-56 user-name-format ··························································································································1-57 2 EAD Configuration Commands················································································································2-1...

  • Page 360: Aaa Configuration Commands

    AAA Configuration Commands The maximum length of a domain name is changed from 24 characters to 128 characters. See domain. AAA Configuration Commands access-limit Syntax access-limit { disable | enable max-user-number } undo access-limit View ISP domain view Parameters disable: Specifies not to limit the number of access users that can be contained in current ISP domain. enable max-user-number: Specifies the maximum number of access users that can be contained in current ISP domain.

  • Page 361: Accounting

    [Sysname] domain aabbcc.net New Domain added. [Sysname-isp-aabbcc.net] access-limit enable 500 accounting Syntax accounting { none | radius-scheme radius-scheme-name } undo accounting View ISP domain view Parameters none: Specifies not to perform user accounting. radius-scheme radius-scheme-name: Specifies to use a RADIUS accounting scheme. Here, radius-scheme-name is the name of a RADIUS scheme;...

  • Page 362: Accounting Optional

    accounting optional Syntax accounting optional undo accounting optional View ISP domain view Parameters None Description Use the accounting optional command to open the accounting-optional switch. Use the undo accounting optional command to close the accounting-optional switch so that the system performs accounting for users unconditionally. By default, the system performs accounting for users unconditionally..
  • Page 363 View Local user view Parameters ip ip-address: Sets the IP address of the user. mac mac-address: Sets the MAC address of the user. Here, mac-address is in H-H-H format. idle-cut second: Enables the idle-cut function for the local user and sets the allowed idle time. Here, second is the allowed idle time, which ranges from 60 to 7,200 seconds.

  • Page 364: Authentication

    authentication Syntax authentication { radius-scheme radius-scheme-name [ local ] | local | none } undo authentication View ISP domain view Parameters radius-scheme radius-scheme-name: Specifies to use a RADIUS authentication scheme. Here, radius-scheme-name is a string of up to 32 characters. local: Specifies to use local authentication scheme.

  • Page 365: Authorization Vlan

    New Domain added. [Sysname-isp-aabbcc.net] authentication radius-scheme radius1 # Reference the RADIUS scheme "rd" as the authentication scheme and the local scheme as the secondary authentication scheme of the ISP domain aabbcc. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] domain aabbcc New Domain added.

  • Page 366: Cut Connection

    View Local user view Parameters string: Number or descriptor of the authorized VLAN for the current user, a string of 1 to 32 characters. If it is a numeral string and there is a VLAN with the number configured, it specifies the VLAN. If it is a numeral string but no VLAN is present with the number, it specifies the VLAN using it as the VLAN descriptor.

  • Page 367: Display Connection

    access-type { dot1x | mac-authentication }: Cuts down user connections of a specified access type. dot1x is used to cut down all 802.1x user connections, and mac-authentication is used to cut down all MAC authentication user connections. domain isp-name: Cuts down all user connections in a specified ISP domain. Here, isp-name is the name of an ISP domain, a string of up to 128 characters.
  • Page 368 Parameters access-type { dot1x | mac-authentication }: Displays user connections of a specified access type. Here, dot1x is used to display all 802.1x user connections, and mac-authentication is used to display all MAC authentication user connections. domain isp-name: Displays all user connections under specified ISP domain. Here, isp-name is the name of an ISP domain, a string of up to 128 characters.

  • Page 369: Display Domain

    ACL Group=Disable CAR=Disable Priority=Disable Start=2000-04-03 02:51:53 ,Current=2000-04-03 02:52:22 ,Online=00h00m29s On Unit 1:Total 1 connections matched, 1 listed. Total 1 connections matched, 1 listed. Here, Port NO=0x10003001 means (by the binary bits): Table 1-1 Description of the Port NO field 31 to 28 bit 27 to 24 bit 23 to 20 bit 19 to 12 bit...

  • Page 370: Display Local-User

    Default Domain Name: system Total 1 domain(s).1 listed. Table 1-2 Description on the fields of the display domain command Field Description Domain Domain name Status of the domain, which can be active or State block. Scheme AAA scheme that the domain uses Maximum number of local user connections in Access-Limit the domain...
  • Page 371 vlan vlan-id: Displays the local users belonging to a specified VLAN. Here, vlan-id ranges from 1 to 4094. service-type: Displays the local users of a specified type. You can specify one of the following user types: ftp, lan-access (generally, this type of users are Ethernet access users, for example, 802.1x users), ssh, telnet, and terminal (this type of user is a terminal user who logs into the switch through the Console port).

  • Page 372: Idle-Cut

    Field Description Service type mask: T means Telnet service. S means SSH service. ServiceType Mask C means client service. LM means lan-access service. F means FTP service. None means no defined service. Idle-cut Status of the idle-cut function Access-limit Limit on the number of access users Current AccessNum Number of current access users Bind location...
  • Page 373 Description Use the domain command to create an ISP domain and enter its view, or enter the view of an existing ISP domain, or configure the default ISP domain. Use the undo domain command to delete a specified ISP domain. The ISP domain "system"...
  • Page 374 Description Use the idle-cut command to set the user idle-cut function in current ISP domain. If a user’s traffic in the specified period of time is less than the specified amount, the system will disconnect the user. By default, this function is disabled. Note that if the authentication server assigns the idle-cut settings, the assigned ones take precedence over the settings configured here.

  • Page 375: Local-User

    using RSA shared key for authentication, the commands they can access are determined by the levels sets on their user interfaces. Related commands: local-user. Examples # Set the level of user1 to 3. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] local-user user1 New local user added.

  • Page 376: Local-User Password-Display-Mode

    Examples # Add a local user named user1. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] local-user user1 New local user added. [Sysname-luser-user1] # Add a local user named 01234567891234567 (note that it will appear as 012345678912345~0000 in the view prompt).

  • Page 377: Messenger

    Examples # Specify to display all local user passwords in cipher text in whatever cases. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] local-user password-display-mode cipher-force messenger Syntax messenger time { enable limit interval | disable } undo messenger time View ISP domain view...
  • Page 378 undo name View VLAN view Parameters string: Assigned VLAN name, a string of up to 32 characters. Description Use the name command to set a VLAN name, which will be used for VLAN assignment. Use the undo name command to cancel the VLAN name. By default, a VLAN uses its VLAN ID (like VLAN 0001) as its assigned VLAN name.

  • Page 379: Radius-Scheme

    Description Use the password command to set a password for the local user. Use the undo password command to cancel the password of the local user. Note that: With the local-user password-display-mode cipher-force command configured, the password is always displayed in cipher text, regardless of the configuration of the password command. With the cipher keyword specified, a password of up to 16 characters in plain text will be encrypted into a password of 24 characters in cipher text, and a password of 16 to 63 characters in plain text will be encrypted into a password of 88 characters in cipher text.

  • Page 380: Scheme

    <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] domain aabbcc.net New Domain added. [Sysname-isp-aabbcc.net] radius-scheme extended scheme Syntax scheme { local | none | radius-scheme radius-scheme-name [ local ] } undo scheme [ none | radius-scheme ] View ISP domain view Parameters...

  • Page 381: Self-Service-Url

    <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] domain aabbcc.net New Domain added. [Sysname-isp-aabbcc.net] scheme radius-scheme raduis1 local self-service-url Syntax self-service-url { disable | enable url-string } undo self-service-url View ISP domain view Parameters url-string: URL of the web page used to modify user password on the self-service server. It is a string of 1 to 64 characters.

  • Page 382: Service-Type

    [Sysname-isp-system] self-service-url enable http://10.153.89.94/selfservice/modPasswd1x.jsp|userName service-type Syntax service-type { ftp | lan-access | { telnet | ssh | terminal }* [ level level ] } undo service-type { ftp | lan-access | { telnet | ssh | terminal }* } View Local user view Parameters ftp: Specifies that this is an FTP user.

  • Page 383: State

    state Syntax state { active | block } View ISP domain view, local user view Parameters active: Activates the current ISP domain (in ISP domain view) or local user (in local user view), to allow users in current ISP domain or current local user to access the network. block: Blocks the current ISP domain (in ISP domain view) or local user (in local user view), to inhibit users in current ISP domain or current local user from accessing the network.

  • Page 384: Vlan-Assignment-Mode

    vlan-assignment-mode Syntax vlan-assignment-mode { integer | string } View ISP domain view Parameters integer: Sets the VLAN assignment mode to integer. string: Sets the VLAN assignment mode to string. Description Use the vlan-assignment-mode command to set the VLAN assignment mode (integer or string) on the switch.
  • Page 385 Table 1-4 Commonly used servers and their dynamic VLAN assignment modes Server Dynamic VLAN assignment mode Integer CAMS For the latest CAMS version, you can determine the assignment mode by attribute value. String You can determine the assignment mode by FreeRADIUS attribute value (for example, 100 is integer;...

  • Page 386: Radius Configuration Commands

    RADIUS Configuration Commands accounting optional Syntax accounting optional undo accounting optional View RADIUS scheme view Parameters None Description Use the accounting optional command to open the accounting-optional switch. Use the undo accounting optional command to close the accounting-optional switch so that the system performs accounting for users unconditionally.

  • Page 387: Accounting-On Enable

    accounting-on enable Syntax accounting-on enable [ send times | interval interval ] undo accounting-on { enable | send | interval } View RADIUS scheme view Parameters times: Maximum number of attempts to send an Accounting-On message, ranging from 1 to 256 and defaulting to 15.

  • Page 388: Calling-Station-Id Mode

    NAS-IP-address and session ID) contained in the message, and ends the accounting of the users based on the last accounting update message. Once the switch receives the response from the CAMS, it stops sending Accounting-On messages. If the switch does not receive any response from the CAMS after it has tried the configured maximum number of times to send the Accounting-On message, it will not send the Accounting-On message any more.

  • Page 389: Data-Flow-Format

    Parameters mode1: Sets the MAC address format to XXXX-XXXX-XXXX, where each X represents a hexadecimal number. mode2: Sets the MAC address format to XX-XX-XX-XX-XX-XX. lowercase: Uses lowercase letters in the MAC address. uppercase: Uses uppercase letters in the MAC address. Description Use the calling-station-id mode command to configure the MAC address format of the Calling-Station-Id (Type 31) field in RADIUS packets.

  • Page 390: Display Local-Server Statistics

    Note that the specified unit of data flows sent to the RADIUS server must be consistent with the traffic statistics unit of the RADIUS server. Otherwise, accounting cannot be performed correctly. Related commands: display radius scheme. Examples # Specify to measure data and packets in data flows to RADIUS servers in kilo-bytes and kilo-packets respectively in RADIUS scheme radius1.
  • Page 391 View Any view Parameters radius-scheme-name: Name of a RADIUS scheme, a string of up to 32 characters. Description Use the display radius scheme command to display configuration information about one specific or all RADIUS schemes Related commands: radius scheme. Examples # Display configuration information about all RADIUS schemes.
  • Page 392 Field Description Index Index number of the RADIUS scheme Type Type of the RADIUS servers address/port number primary Primary Auth IP/Port authentication server address/port number primary Primary Acct IP/Port accounting server IP address/port number of the secondary Second Auth IP/Port authentication server IP address/port number of the secondary Second Acct IP/Port...

  • Page 393: Display Radius Statistics

    display radius statistics Syntax display radius statistics View Any view Parameters None Description Use the display radius statistics command to display the RADIUS message statistics. Related commands: radius scheme. Examples # Display RADIUS message statistics. <Sysname> display radius statistics state statistic(total=2072): DEAD=2072 AuthProc=0 AuthSucc=0...

  • Page 394: Display Stop-Accounting-Buffer

    PORTAL access , Num=0 , Err=0 , Succ=0 Update ack , Num=0 , Err=0 , Succ=0 PORTAL access ack , Num=0 , Err=0 , Succ=0 Session ctrl pkt , Num=0 , Err=0 , Succ=0 Set policy result , Num=0 , Err=0 , Succ=0 RADIUS sent messages statistic: Auth accept...

  • Page 395: Key

    Description Use the display stop-accounting-buffer command to display the non-response stop-accounting requests buffered in the device. You can choose to display the buffered stop-accounting requests of a specified RADIUS scheme, session (by session ID), or user (by username). You can also specify a time range to display those generated within the specified time range.

  • Page 396: Local-Server

    Description Use the key command to set a shared key for RADIUS authentication/authorization messages or accounting messages. Use the undo key command to restore the corresponding default shared key setting. By default, no shared key exists. Note that: Both RADIUS client and server adopt MD5 algorithm to encrypt RADIUS messages before exchanging the messages with each other.

  • Page 397: Local-Server Nas-Ip

    Description Use the local-server enable command to enable the UDP ports for local RADIUS services. Use the undo local-server command to disable the UDP ports for local RADIUS services. By default, the UDP ports for local RADIUS services are enabled. In addition to functioning as a RADIUS client to provide remote RADIUS authentication, authorization, and accounting services, the switch can act as a local RADIUS server to provide simple RADIUS server functions locally.
  • Page 398 The message encryption key set by the local-server nas-ip ip-address key password command must be identical with the authentication/authorization message encryption key set by the key authentication command in the RADIUS scheme view of the RADIUS scheme on the specified NAS that uses this switch as its authentication server.

  • Page 399: Primary Accounting

    The nas-ip command in RADIUS scheme view has the same function as the radius nas-ip command in system view; and the configuration in RADIUS scheme view takes precedence over that in system view. You can set the source IP address of outgoing RADIUS messages to avoid messages returned from RADIUS server from being unable to reach their destination due to physical interface trouble.

  • Page 400: Primary Authentication

    Examples # Set the IP address and UDP port number of the primary accounting server for RADIUS scheme radius1 to 10.110.1.2 and 1813 respectively. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] radius scheme radius1 New Radius scheme [Sysname-radius-radius1] primary accounting 10.110.1.2 1813 primary authentication Syntax...

  • Page 401: Radius Client

    Related commands: key, radius scheme, state. Examples # Set the IP address and UDP port number of the primary authentication/authorization server for RADIUS scheme radius1 to 10.110.1.1 and 1812 respectively. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] radius scheme radius1 New Radius scheme [Sysname-radius-radius1] primary authentication 10.110.1.1 1812...

  • Page 402: Radius Scheme

    undo radius nas-ip View System view Parameters ip-address: Source IP address to be set, an IP address of this device. This address can neither be the all 0's address nor be a Class-D address. Description Use the radius nas-ip command to set the source IP address of outgoing RADIUS messages. Use the undo radius nas-ip command to restore the default setting.

  • Page 403: Radius Trap

    View System view Parameters radius-scheme-name: Name of the RADIUS scheme to be created, a string of up to 32 characters. Description Use the radius scheme command to create a RADIUS scheme and enter its view. Use the undo radius scheme command to delete a specified RADIUS scheme. By default, a RADIUS scheme named "system"...

  • Page 404: Reset Radius Statistics

    Parameters authentication-server-down: Enables/disables the switch to send trap messages when a RADIUS authentication server turns down. accounting-server-down: Enables/disables the switch to send trap messages when a RADIUS accounting server turns down. Description Use the radius trap command to enable the switch to send trap messages when a RADIUS server turns down.

  • Page 405: Reset Stop-Accounting-Buffer

    Examples # Clear RADIUS message statistics. <Sysname> reset radius statistics reset stop-accounting-buffer Syntax reset stop-accounting-buffer { radius-scheme radius-scheme-name | session-id session-id | time-range start-time stop-time | user-name user-name } View User view Parameters radius-scheme radius-scheme-name: Deletes the buffered stop-accounting requests of a specified RADIUS scheme.

  • Page 406: Retry Realtime-Accounting

    undo retry View RADIUS scheme view Parameters retry-times: Maximum number of transmission attempts of a RADIUS request, ranging from 1 to 20. Description Use the retry command to set the maximum number of transmission attempts of a RADIUS request. Use the undo retry command to restore the default maximum number of transmission attempts. By default, the maximum number of RADIUS request transmission attempts is 3.
  • Page 407 Parameters retry-times: Maximum allowed number of continuous real-time accounting failures, ranging from 1 to 255. Description Use the retry realtime-accounting command to set the maximum allowed number of continuous real-time accounting failures. Use the undo retry realtime-accounting command to restore the default maximum number of continuous real-time accounting failures.

  • Page 408: Retry Stop-Accounting

    [Sysname-radius-radius1] retry realtime-accounting 10 retry stop-accounting Syntax retry stop-accounting retry-times undo retry stop-accounting View RADIUS scheme view Parameters retry-times: Maximum number of transmission attempts of a buffered stop-accounting request, ranging from 10 to 65,535. Description Use the retry stop-accounting command to set the maximum number of transmission attempts of a stop-accounting request buffered due to no response.

  • Page 409: Secondary Authentication

    undo secondary accounting View RADIUS scheme view Parameters ip-address: IP address of the secondary accounting server to be used, in dotted decimal notation. port-number: UDP port number of the secondary accounting server, ranging from 1 to 65535. Description Use the secondary accounting command to set the IP address and port number of the secondary RADIUS accounting server to be used by the current scheme.

  • Page 410: Server-Type

    Use the undo secondary authentication command to restore the default IP address and port number of the secondary RADIUS authentication/authorization server, which is 0.0.0.0 and 1812 respectively. Related commands: key, radius scheme, state. Examples # Set the IP address and UDP port number of the secondary authentication/authorization server for RADIUS scheme radius1 to 10.110.1.2 and 1812 respectively.

  • Page 411: State

    [Sysname-radius-radius1] server-type extended state Syntax state { primary | secondary } { accounting | authentication } { block | active } View RADIUS scheme view Parameters primary: Specifies that the server to be set is a primary RADIUS server. secondary: Specifies that the server to be set is a secondary RADIUS server. accounting: Specifies that the server to be set is a RADIUS accounting server.

  • Page 412: Stop-Accounting-Buffer Enable

    [Sysname] radius scheme radius1 New Radius scheme [Sysname-radius-radius1] state secondary authentication active stop-accounting-buffer enable Syntax stop-accounting-buffer enable undo stop-accounting-buffer enable View RADIUS scheme view Parameters None Description Use the stop-accounting-buffer enable command to enable the switch to buffer the stop-accounting requests that get no response.

  • Page 413: Timer Quiet

    undo timer View RADIUS scheme view Parameters seconds: Response timeout time of RADIUS servers, ranging from 1 to 10 seconds. Description Use the timer command to set the response timeout time of RADIUS servers (that is, the timeout time of the response timeout timer of RADIUS servers). Use the undo timer command to restore the default response timeout timer of RADIUS servers.

  • Page 414: Timer Realtime-Accounting

    Parameters minutes: Wait time before primary server state restoration, ranging from 1 to 255 minutes. Description Use the timer quiet command to set the time that the switch waits before it tries to re-communicate with the primary server and restore the status of the primary server to active. Use the undo timer quiet command to restore the default wait time.

  • Page 415: Timer Response-Timeout

    The setting of the real-time accounting interval depends, to some degree, on the performance of the switch and the RADIUS server. The higher the performance of the switch and the RADIUS server is, the shorter the interval can be. It is recommended to set the interval as long as possible when the number of users is relatively great (≥1000).

  • Page 416: User-Name-Format

    After sending out a RADIUS request (authentication/authorization request or accounting request) to a RADIUS server, the switch waits for a response from the server. The maximum time that the switch can wait for the response is called the response timeout time of RADIUS servers, and the corresponding timer in the switch system is called the response timeout timer of RADIUS servers.
  • Page 417 designed for you to specify whether or not ISP domain names are carried in the usernames to be sent to the RADIUS server. For a RADIUS scheme, if you have specified to exclude ISP domain names from usernames, you should not use this RADIUS scheme in more than one ISP domain. Otherwise, such errors may occur: the RADIUS server regards two different users having the same name but belonging to different ISP domains as the same user (because the usernames sent to it are the same).

  • Page 418: Ead Configuration Commands

    EAD Configuration Commands EAD Configuration Commands security-policy-server Syntax security-policy-server ip-address undo security-policy-server { ip-address | all } View RADIUS scheme view Parameters ip-address: IP address of a security policy server. all: IP addresses of all security policy servers. Description Use the security-policy-server command to set the IP address of a security policy server. Use the undo security-policy-server command to remove one specified or all security policy server address settings.
  • Page 419 security-policy-server 192.168.0.1 user-name-format without-domain …...
  • Page 420 Table of Contents 1 MAC Address Authentication Configuration Commands ·····································································1-1 MAC Address Authentication Basic Function Configuration Commands ···············································1-1 display mac-authentication ··············································································································1-1 mac-authentication ··························································································································1-3 mac-authentication interface ···········································································································1-4 mac-authentication authmode usernameasmacaddress ································································1-5 mac-authentication authmode usernamefixed ················································································1-6 mac-authentication authpassword···································································································1-7 mac-authentication authusername ··································································································1-7 mac-authentication domain ·············································································································1-8 mac-authentication timer ·················································································································1-8 reset mac-authentication ·················································································································1-9 MAC Address Authentication Enhanced Function Configuration Commands······································1-10...

  • Page 421: Mac Address Authentication Basic Function Configuration Commands

    MAC Address Authentication Configuration Commands MAC Address Authentication Basic Function Configuration Commands display mac-authentication Syntax display mac-authentication [ interface interface-list ] View Any view Parameters interface interface-list: List of Ethernet ports. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10>...
  • Page 422 0016-e0be-e201 Ethernet1/0/2 1(vlan:1) --- 1 silent mac address(es) found. --- Ethernet1/0/1 is link-up MAC address authentication is Enabled max-auth-num is 256 Guest VLAN is 2 Authenticate success: 1, failed: 0 Current online user number is 1 MAC ADDR Authenticate state AuthIndex 000d-88f8-4e71 MAC_AUTHENTICATOR_SUCCESS...

  • Page 423: Mac-Authentication

    Field Description The maximum number of users supported by the Max allowed user number switch. It is 1,024 by default. Current user number amounts to The current number of users The current domain. It is not configured by Current domain default.

  • Page 424: Mac-Authentication Interface

    Parameters None Description Use the mac-authentication command to enable MAC address authentication globally or on the current port. Use the undo mac-authentication command to disable MAC address authentication globally or on the current port. By default, MAC address authentication is disabled both globally and on a port. When being executed in system view, the mac-authentication command enables MAC address authentication globally.

  • Page 425: Mac-Authentication Authmode Usernameasmacaddress

    Parameters interface-list: List of Ethernet ports. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where &<1-10> means that you can provide up to 10 port indexes/port index ranges for this argument.

  • Page 426: Mac-Authentication Authmode Usernamefixed

    Parameters usernameformat: Specifies the input format of the username and password. with-hyphen: Uses hyphened MAC addresses as usernames and passwords, for example, 00-05-e0-1c-02-e3. without-hyphen: Uses MAC addresses without hyphens as usernames and passwords, for example, 0005e01c02e3. lowercase: Uses lowercase MAC addresses as usernames and passwords. uppercase: Uses uppercase MAC addresses as usernames and passwords.

  • Page 427: Mac-Authentication Authpassword

    Examples # Use the user name in fixed mode for MAC address authentication. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] mac-authentication authmode usernamefixed mac-authentication authpassword Syntax mac-authentication authpassword password undo mac-authentication authpassword View System view Parameters password: Password to be set, a string comprising 1 to 63 characters.

  • Page 428: Mac-Authentication Domain

    By default, the user name in fixed mode is “mac”. Examples # Set the user name to vipuser in fixed mode. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] mac-authentication authusername vipuser mac-authentication domain Syntax mac-authentication domain isp-name undo mac-authentication domain View System view...

  • Page 429: Reset Mac-Authentication

    Parameters offline-detect-value: Offline detect timer (in seconds) setting. This argument ranges from 1 to 65,535 and defaults to 300. The offline detect timer sets the time interval for a switch to test whether a user goes offline. quiet-value: Quiet timer (in seconds) setting. This argument ranges from 1 to 3,600 and defaults to 60. After a user fails to pass the authentication performed by a switch, the switch quiets for a specific period (the quiet period) before it authenticates the user again.

  • Page 430: Mac Address Authentication Enhanced Function Configuration Commands

    <Sysname> reset mac-authentication statistics interface Ethernet 1/0/1 MAC Address Authentication Enhanced Function Configuration Commands mac-authentication guest-vlan Syntax mac-authentication guest-vlan vlan-id undo mac-authentication guest-vlan View Ethernet port view Parameters vlan-id: ID of the guest VLAN configured for the current port. This argument is in the range of 1 to 4,094. Description Use the mac-authentication guest-vlan command to configure a guest VLAN for the current port.

  • Page 431: Mac-Authentication Max-Auth-Num

    If more than one client are connected to a port, you cannot configure a Guest VLAN for this port. When a Guest VLAN is configured for a port, only one MAC address authentication user can access the port. Even if you set the limit on the number of MAC address authentication users to more than one, the configuration does not take effect.

  • Page 432: Mac-Authentication Timer Guest-Vlan-Reauth

    Use the undo mac-authentication max-auth-num command to restore the maximum number of MAC address authentication users allowed to access the port to the default value. By default, the maximum number of MAC address authentication users allowed to access a port is 256. If both the limit on the number of MAC address authentication users and the limit on the number of users configured in the port security function are configured for a port at the same time, the smaller value of the two configured limits is adopted as the maximum number of MAC address...
  • Page 433 Examples # Configure the switch to re-authenticate users in Guest VLANs at the interval of 60 seconds. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] mac-authentication timer guest-vlan-reauth 60 1-13...
  • Page 434 Table of Contents 1 ARP Configuration Commands················································································································1-1 ARP Configuration Commands···············································································································1-1 arp anti-attack valid-check enable···································································································1-1 arp check enable ·····························································································································1-1 arp static ··········································································································································1-2 arp timer aging·································································································································1-3 display arp ·······································································································································1-3 display arp | ·····································································································································1-4 display arp count ·····························································································································1-5 display arp timer aging ····················································································································1-6 gratuitous-arp period-resending enable ··························································································1-7 gratuitous-arp-learning enable ········································································································1-7 reset arp ··········································································································································1-8...

  • Page 435: Arp Configuration Commands

    ARP Configuration Commands ARP Configuration Commands arp anti-attack valid-check enable Syntax arp anti-attack valid-check enable undo arp anti-attack valid-check enable View System view Parameters None Description Use the arp anti-attack valid-check enable command to enable ARP source MAC address consistency check. Use the undo arp anti-attack valid-check enable command to disable this function.

  • Page 436: Arp Static

    Use the undo arp check enable command to disable the ARP entry checking function. With the ARP entry checking function enabled, the switch cannot learn any ARP entry with a multicast MAC address. Configuring such a static ARP entry is not allowed either; otherwise, the system prompts error information.

  • Page 437: Arp Timer Aging

    Related commands: reset arp, display arp. Examples # Create a static ARP mapping entry, with the IP address of 202.38.10.2, the MAC address of 000f-e20f-0000. The ARP mapping entry belongs to Ethernet 1/0/1 which belongs to VLAN 1. <Sysname> system-view System View: return to User View with Ctrl+Z.
  • Page 438 Description Use the display arp command to display specific ARP entries. If you execute this command with no keyword/argument specified, all the ARP entries are displayed. Related commands: arp static, reset arp. Examples # Display all the ARP entries. <Sysname> display arp Type: S-Static D-Dynamic IP Address...

  • Page 439: Display Arp Count

    View Any view Parameters dynamic: Displays dynamic ARP entries. static: Displays static ARP entries. |: Uses a regular expression to specify the ARP entries to be displayed. For detailed information about regular expressions, refer to Configuration File Management Command in this manual. begin: Displays the first ARP entry containing the specified string and all subsequent ARP entries.

  • Page 440: Display Arp Timer Aging

    Parameters dynamic: Counts the dynamic ARP entries. static: Counts the static ARP entries. |: Uses a regular expression as the match criterion. For detailed information about regular expressions, refer to Configuration File Management Command in this manual. begin: Displays the number of ARP entries counted from the first one containing the specified string. exclude: Displays the number of ARP entries that do not contain the specified string.

  • Page 441: Gratuitous-Arp Period-Resending Enable

    gratuitous-arp period-resending enable Syntax gratuitous-arp period-resending enable undo gratuitous-arp period-resending enable View VLAN interface view Parameters None Description Use the gratuitous-arp period-resending enable command to enable the VLAN interface to send gratuitous ARP packets periodically. Use the undo gratuitous-arp period-resending enable command to disable this function. By default, this function is enabled, the gratuitous ARP packets are sent at an interval of 30 seconds.

  • Page 442: Reset Arp

    in the packet to its own dynamic ARP table if it finds no corresponding ARP entry for the ARP packet in the cache. Use the undo gratuitous-arp-learning enable command to disable the gratuitous ARP packet learning function. By default, the gratuitous ARP packet learning function is disabled. Examples # Enable the gratuitous ARP packet learning function on a switch.
  • Page 443 Table of Contents 1 DHCP Relay Agent Configuration Commands ·······················································································1-1 DHCP Relay Agent Configuration Commands ·······················································································1-1 address-check ·································································································································1-1 dhcp-relay hand·······························································································································1-1 dhcp relay information enable ·········································································································1-2 dhcp relay information strategy ·······································································································1-3 dhcp-security static··························································································································1-4 dhcp-security tracker ·······················································································································1-4 dhcp-server······································································································································1-5 dhcp-server detect···························································································································1-6 dhcp-server ip··································································································································1-7 display dhcp-security ·······················································································································1-7 display dhcp-server ·························································································································1-8 display dhcp-server interface ········································································································1-10...

  • Page 444: Dhcp Relay Agent Configuration Commands

    DHCP Relay Agent Configuration Commands DHCP Relay Agent Configuration Commands address-check Syntax address-check enable address-check disable View VLAN interface view Parameters None Description Use the address-check enable command to enable IP address match checking on the DHCP relay agent. After this feature is enabled, the DHCP relay agent can cooperate with the ARP module to check whether a requesting client’s IP and MAC addresses match a binding on the DHCP relay agent;...

  • Page 445: Dhcp Relay Information Enable

    View System view Parameters None Description Use the dhcp relay hand enable command to enable the DHCP relay handshake function. With this feature enabled, the DHCP relay agent uses the IP address of a client and the MAC address of the DHCP relay interface to periodically send a handshake message to the DHCP server to determine whether or not to update the clent’s binding entry.

  • Page 446: Dhcp Relay Information Strategy

    By default, with the Option 82 support function enabled on the DHCP relay agent, the DHCP relay agent will adopt the replace strategy to process the request packets containing Option 82. However, if other strategies are configured before, then enabling the 82 supporting on the DHCP relay will not change the configured strategies.

  • Page 447: Dhcp-Security Static

    # Configure the DHCP relay agent handling strategy for messages containing Option 82 sent by the DHCP client as drop. [Sysname] dhcp relay information strategy drop dhcp-security static Syntax dhcp-security static ip-address mac-address undo dhcp-security { ip-address | all | dynamic | static } View System view Parameters...

  • Page 448: Dhcp-Server

    Parameters interval: Refreshing interval in seconds, in the range of 1 to 120. auto: Specifies the auto refreshing interval, which is automatically calculated according to the number of binding entries. Description The default handshake interval is auto, the value of 60 seconds divided by the number of binding entries.

  • Page 449: Dhcp-Server Detect

    To improve security and avoid malicious attack to the unused SOCKETs, S4500 Ethernet switches provide the following functions: UDP 67 and UDP 68 ports used by DHCP are enabled only when DHCP is enabled. UDP 67 and UDP 68 ports are disabled when DHCP is disabled. The corresponding implementation is as follows.

  • Page 450: Dhcp-Server Ip

    Related commands: dhcp server, display dhcp-server. Examples # Enter system view <Sysname> system-view System View: return to User View with Ctrl+Z. # Enable the unauthorized-DHCP server detection function on the DHCP relay agent. [Sysname] dhcp-server detect dhcp-server ip Syntax dhcp-server groupNo ip ip-address&<1-8> undo dhcp-server groupNo View System view...

  • Page 451: Display Dhcp-Server

    Parameters ip-address: IP address. This argument is used to display the user address entry with the specified IP address. dynamic: Displays the dynamic user address entries. static: Displays the static user address entries. tracker: Displays the interval to update the user address entries. Description Use the display dhcp-security command to display information about address binding entries on the DHCP relay agent.
  • Page 452 IP address of DHCP server group 0: 1.1.1.1 IP address of DHCP server group 0: 2.2.2.2 IP address of DHCP server group 0: 3.3.3.3 IP address of DHCP server group 0: 4.4.4.4 IP address of DHCP server group 0: 5.5.5.5 IP address of DHCP server group 0: 6.6.6.6 IP address of DHCP server group 0:...

  • Page 453: Display Dhcp-Server Interface

    Field Description Number of the DHCP-INFORM packets received DHCP_INFORM messages by the DHCP relay Number of the DHCP-RELEASE packets DHCP_RELEASE messages received by the DHCP relay BOOTP_REQUEST messages Number of the BOOTP request packets BOOTP_REPLY messages Number of the BOOTP response packets display dhcp-server interface Syntax display dhcp-server interface Vlan-interface vlan-id...
  • Page 454 Related commands: dhcp server, display dhcp-server. Examples # Clear the statistics information of DHCP server group 2. <Sysname> reset dhcp-server 2 1-11...

  • Page 455: Dhcp Snooping Configuration Commands

    DHCP Snooping Configuration Commands DHCP Snooping Configuration Commands dhcp-snooping Syntax dhcp-snooping undo dhcp-snooping View System view Parameters None Description Use the dhcp-snooping command to enable the DHCP snooping function. Use the undo dhcp-snooping command to disable the DHCP snooping function. After DHCP snooping is disabled, all the ports can forward DHCP replies from the DHCP server without recording the IP-to-MAC bindings of the DHCP clients.

  • Page 456: Dhcp-Snooping Information Format

    View System view Parameters None Description Use the dhcp-snooping information enable command to enable DHCP snooping Option 82. Use the undo dhcp-snooping information enable command to disable DHCP snooping Option 82. DHCP snooping Option 82 is disabled by default. Enable DHCP snooping before performing this configuration. Examples # Enable DHCP snooping Option 82.

  • Page 457: Dhcp-Snooping Information Packet-Format

    Examples # Configure the storage format of Option 82 as ASCII. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] dhcp-snooping information format ascii dhcp-snooping information packet-format Syntax dhcp-snooping information packet-format { extended | standard } View System view Parameters extended: Specifies the padding format for Option 82 as the extended format.

  • Page 458: Dhcp-Snooping Information Strategy

    Description Use the dhcp-snooping information remote-id command to configure the remote ID sub-option in Option 82. Use the undo dhcp-snooping information remote-id command to restore the default value of the remote ID sub-option in Option 82. By default, the remote ID sub-option in Option 82 is the MAC address of the DHCP Snooping device that received the DHCP client’s request.

  • Page 459: Dhcp-Snooping Information Vlan Circuit-Id

    Enable DHCP-snooping and DHCP-snooping Option 82 before performing this configuration. If a handling policy is configured on a port, this configuration overrides the globally configured handling policy for requests received on this port, while the globally configured handling policy applies on those ports where a handling policy is not natively configured. Examples # Configure the keep handling policy for DHCP requests that contain Option 82 on the DHCP snooping device.

  • Page 460: Dhcp-Snooping Information Vlan Remote-Id

    If you have configured a circuit ID with the vlan vlan-id argument specified, and the other one without the argument in Ethernet port view, the former circuit ID applies to the DHCP messages from the specified VLAN, while the latter one applies to DHCP messages from other VLANs. Examples # Set the circuit ID field in Option 82 of the DHCP messages sent through Ethernet 1/0/1 to abc.

  • Page 461: Dhcp-Snooping Trust

    Examples # Configure the remote ID of Option 82 in DHCP packets to abc on the port Ethernet 1/0/1. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface Ethernet1/0/1 [Sysname-Ethernet1/0/1] dhcp-snooping information remote-id string abc dhcp-snooping trust Syntax dhcp-snooping trust undo dhcp-snooping trust...

  • Page 462: Display Dhcp-Snooping

    display dhcp-snooping Syntax display dhcp-snooping [ unit unit-id ] View Any view Parameters unit unit-id: Displays the DHCP-snooping information on the specified device in the fabric. unit-id indicates the number of the device whose DHCP-snooping information needs to be viewed. If unit unit-id is not specified, DHCP snooping information of all units in the fabric is displayed.
  • Page 463 Examples # Display the state of the DHCP snooping function and the trusted ports. <Sysname> display dhcp-snooping trust DHCP-Snooping is enabled. DHCP-Snooping trust become effective. Interface Trusted ===================== ================= Ethernet1/0/10 Trusted The above display information indicates that the DHCP snooping function is enabled, and the Ethernet 1/0/10 port is a trusted port.

  • Page 464: Dhcp/Bootp Client Configuration

    DHCP/BOOTP Client Configuration DHCP Client Configuration Commands display dhcp client Syntax display dhcp client [ verbose ] View Any view Parameters verbose: Displays the detailed address allocation information. Description Use the display dhcp client command to display the information about the address allocation of DHCP clients.

  • Page 465: Ip Address Dhcp-Alloc

    Table 3-1 Description on the fields of the display dhcp client command Field Description VLAN interface operating as a DHCP client to Vlan-interface1 obtain an IP address dynamically Current machine state The state of the client state machine Allocated IP IP address allocated to the DHCP client lease Lease period...

  • Page 466: Bootp Client Configuration Commands

    To improve security and avoid malicious attacks to the unused sockets, S4500 Ethernet switches provide the following functions: UDP ports 67 and 68 used by DHCP are enabled/disabled only when DHCP is enabled/disabled. The implementation is as follows: After the DHCP client is enabled by executing the ip address dhcp-alloc command, UDP port 68 is enabled.

  • Page 467: Ip Address Bootp-Alloc

    Table 3-2 Description on the fields of the display bootp client command Field Description VLAN-interface 1 is configured to obtain an IP Vlan-interface1 address through BOOTP. Allocated IP IP address allocated to the VLAN interface Transaction ID Value of the XID field in BOOTP packets Mac Address MAC address of the BOOTP client Default router...
  • Page 468 Table of Contents 1 ACL Configuration Commands ················································································································1-1 ACL Configuration Commands ···············································································································1-1 acl ····················································································································································1-1 description ·······································································································································1-2 display acl········································································································································1-3 display drv qacl_resource················································································································1-4 display packet-filter··························································································································1-5 display time-range ···························································································································1-6 packet-filter ······································································································································1-7 packet-filter vlan ······························································································································1-9 rule (for Basic ACLs) ·····················································································································1-10 rule (for Advanced ACLs) ··············································································································1-12 rule (for Layer 2 ACLs) ··················································································································1-19 rule (for user-defined ACLs) ··········································································································1-22 rule comment·································································································································1-25...

  • Page 469: Acl Configuration Commands

    ACL Configuration Commands ACL Configuration Commands Syntax acl number acl-number [ match-order { auto | config } ] undo acl { all | number acl-number } View System view Parameters all: Specifies to remove all access control lists (ACLs). number acl-number: Specifies the number of an existing ACL or an ACL to be defined. ACL number identifies the type of an ACL as follows.

  • Page 470: Description

    Examples # Define ACL 2000 and specify “depth-first” as the match order. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] acl number 2000 match-order auto [Sysname-acl-basic-2000] # Add three rules with different numbers of zeros in the source wildcards. [Sysname-acl-basic-2000] rule 1 permit source 1.1.1.1 0.255.255.255 [Sysname-acl-basic-2000] rule 2 permit source 2.2.2.2 0.0.255.255 [Sysname-acl-basic-2000] rule 3 permit source 3.3.3.3 0.0.0.255...

  • Page 471: Display Acl

    Examples # Assign description string “This ACL is used for filtering all HTTP packets” to ACL 3000. <Sysname> system-view [Sysname] acl number 3000 [Sysname-acl-adv-3000] description This ACL is used for filtering all HTTP packets # Use the display acl command to view the configuration information of ACL 3000. [Sysname-acl-adv-3000] display acl 3000 Advanced ACL 3000, 0 rule...

  • Page 472: Display Drv Qacl_Resource

    Table 1-1 Description on the fields of the display acl command Field Description Basic ACL 2000 The displayed information is about the basic ACL 2000. 3 rules The ACL includes three rules. The match order of the ACL is depth-first. If this field is match-order is auto not displayed, the match order of the ACL is config.

  • Page 473: Display Packet-Filter

    Table 1-2 Description on the fields of the display drv qacl_resource command Field Description On the front panel, From left to right, every four columns of FE ports (total of eight FE ports) represents a block numbered starting from 0. That is, 0 indicates Ethernet 1/0/1 to Ethernet 1/0/4 and Ethernet 1/0/25 to Ethernet 1/0/28, 1 indicates Ethernet 1/0/5 to Ethernet 1/0/8 and Ethernet 1/0/29 to block...

  • Page 474: Display Time-Range

    Description Use the display packet-filter command to display information about packet filtering. Examples # Display information about packet filtering on all ports of a switch that is not in a fabric. <Sysname> display packet-filter unitid 1 Ethernet1/0/1 Inbound: Acl 2000 rule 0 running Ethernet1/0/2 Outbound:...

  • Page 475: Packet-Filter

    Examples # Display all time ranges. <Sysname> display time-range all Current time is 17:01:34 May/21/2007 Monday Time-range : tr ( Active ) 12:00 to 18:00 working-day Time-range : tr1 ( Inactive ) From 12:00 Jan/1/2008 to 12:00 Jun/1/2008 Table 1-4 Description on the fields of the display time-range command. Field Description Current time is 17:01:34 May/21/2007 Monday...
  • Page 476 Combination mode The acl-rule argument Apply all the rules of a Layer 2 ACL link-group acl-number Apply a rule of a Layer 2 ACL link-group acl-number rule rule-id Apply all the rules of a user-defined ACL user-group acl-number Apply a rule of a user-defined ACL user-group acl-number rule rule-id Apply a rule of an ACL that is of IP type and a rule ip-group acl-number rule rule-id link-group...

  • Page 477: Packet-Filter Vlan

    # Apply rule 1 of advanced ACL 3000 and rule 2 of Layer 2 ACL 4000 on Ethernet 1/0/4 to filter inbound packets. Here, it is assumed that the ACLs and their rules are already configured. [Sysname] interface Ethernet 1/0/4 [Sysname-Ethernet1/0/4] packet-filter inbound ip-group 3000 rule 1 link-group 4000 rule 2 After completing the above configuration, you can use the display packet-filter command to view information about packet filtering.

  • Page 478: Rule (For Basic Acls)

    # Apply rule 1 of advanced ACL 3000 and rule 2 of Layer 2 ACL 4000 on all ports in VLAN 40 to filter inbound packets. Here, it is assumed that the ACLs and their rules and the VLAN are already configured.
  • Page 479 sour-wildcard is the complement of the wildcard mask of the source subnet mask. For example, you need to input 0.0.255.255 to specify the subnet mask 255.255.0.0. Parameters of the undo rule command rule-id: Rule ID, which must the ID of an existing ACL rule. You can obtain the ID of an ACL rule by using the display acl command.

  • Page 480: Rule (For Advanced Acls)

    # Create basic ACL 2001 and define rule 1 to deny packets that are non-tail fragments. [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule 1 deny fragment [Sysname-acl-basic-2001] quit # Create basic ACL 2002 and define rule 1 to deny all packets during the period specified by time range trname.
  • Page 481 Table 1-7 Arguments/keywords available to the rule-string argument Arguments/Keyword Type Function Description The sour-addr sour-wildcard arguments specify the source address of the packets, expressed in dotted decimal notation. You can Specifies the source source { sour-addr specify the IP address Source address address information for sour-wildcard | any }...
  • Page 482 The sour-wildcard/dest-wildcard argument is the complement of the wildcard mask of the source/destination subnet mask. For example, you need to input 0.0.255.255 to specify the subnet mask 255.255.0.0. If you specify the dscp keyword, you can directly input a value ranging from 0 to 63 or input one of the keywords listed in Table 1-8 as DSCP.
  • Page 483 Table 1-9 IP precedence values and the corresponding keywords Keyword IP Precedence in decimal IP Precedence in binary routine priority immediate flash flash-override critical internet network If you specify the tos keyword, you can directly input a value ranging from 0 to 15 or input one of the keywords listed in Table 1-10 as the ToS value.
  • Page 484 Table 1-11 TCP/UDP-specific ACL rule information Parameters Type Function Description The value of operator can be lt (less than), gt (greater than), eq (equal to), neq (not Defines the source port source-port equal to) or range (within the Source port information of UDP/TCP operator port1 range of).
  • Page 485 Table 1-12 TCP or UDP port values Type Value CHARgen (19), bgp (179), cmd (514), daytime (13), discard (9), domain (53), echo (7), exec (512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname (101), irc (194), klogin (543), kshell (544), login (513), lpd (515), nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (111), tacacs (49), talk (517), telnet (23), time (37), uucp (540), whois (43), www (80) biff (512), bootpc (68), bootps (67), discard (9), dns (53), dnsix (90),...
  • Page 486 Name ICMP type ICMP code Type=3 Code=3 port-unreachable Type=3 Code=2 protocol-unreachable Type=11 Code=1 reassembly-timeout Type=4 Code=0 source-quench Type=3 Code=5 source-route-failed Type=14 Code=0 timestamp-reply Type=13 Code=0 timestamp-request Type=11 Code=0 ttl-exceeded Parameters of the undo rule command rule-id: Rule ID, which must the ID of an existing ACL rule. You can obtain the ID of an ACL rule by using the display acl command.

  • Page 487: Rule (For Layer 2 Acls)

    If you do not specify the rule-id argument when creating an ACL rule, the rule will be numbered automatically. If the ACL has no rules, the rule is numbered 0; otherwise, the number of the rule will be the greatest rule number plus one. If the current greatest rule number is 65534, however, the system will display an error message and you need to specify a number for the rule.
  • Page 488 Table 1-15 Layer 2 ACL rule information Parameters Type Function Description Specifies the link layer This argument can be Link layer encapsulation type in 802.3/802.2, 802.3, format-type encapsulation type the rule ether_ii, or snap. lsap-code: Encapsulation format of data frames, a 16-bit hexadecimal number.
  • Page 489 Parameters Type Function Description protocol-type: Protocol Specifies the protocol type. Protocol type of type protocol-type type of Ethernet Ethernet frames protocol-mask protocol-mask: frames for the ACL rule Protocol type mask. When layer 2 ACLs are applied to ports or VLANs of the Switch 4500 series, rules configured with the format-type argument and the lsap keyword are invalid.

  • Page 490: Rule (For User-Defined Acls)

    After completing the above configuration, you can use the display acl command to view the configuration information of the ACLs. rule (for user-defined ACLs) Syntax rule [ rule-id ] { deny | permit } [ rule-string rule-mask offset ] &<1-8> [ time-range time-name ] undo rule rule-id View User-defined ACL view...
  • Page 491 Offset unit 2 to 5 6 to 9 10 to 13 14 to 17 18 to 21 22 to 25 26 to 29 30 to 33 6 to 9 10 to 13 14 to 17 18 to 21 22 to 25 26 to 29 30 to 33 34 to 37...
  • Page 492 Protocol number Offset when VLAN-VPN is Offset when VLAN-VPN is Protocol in hexadecimal not enabled on any port enabled on a port RARP 0x8035 0x0800 0x8137 AppleTalk 0x809B ICMP 0x01 IGMP 0x02 0x06 0x11 Examples # Create user-defined ACL 5000 and define rule 1 to deny all TCP packets (it is assumed that no port is enabled with the VLAN-VPN function).

  • Page 493: Rule Comment

    In this example, the 32-byte rule string occupies eight offset units: 4 to 7 (Offset2), 8 to 11 (Offset3), 12 to 15 (Offset4), 16 to 19 (Offset5), 20 to 23 (Offset1), 24 to 27 (Offset7), 28 to 31 (Offset8), and 32 to 35 (Offset6), as shown in Table 1-16.

  • Page 494: Time-Range

    Examples # Define the comment “This rule is to be applied to Ethernet 1/0/1” for rule 0 of advanced ACL 3001. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] acl number 3001 [Sysname-acl-adv-3001] rule 0 comment This rule is to be applied to Ethernet 1/0/1 # Use the display acl command to view the configuration information of advanced ACL 3001.
  • Page 495 jointly define a period in which the absolute time range takes effect. If the start date is not specified, the time range starts from 1970/01/01 00:00. to end-time end-date: Specifies the end date of an absolute time range, in the form of hh:mm MM/DD/YYYY or hh:mm YYYY/MM/DD.
  • Page 496 From 12:00 Jan/1/2008 to 12:00 Jun/1/2008 1-28...
  • Page 497 Table of Contents 1 QoS Commands·········································································································································1-1 QoS Commands······································································································································1-1 display protocol-priority····················································································································1-1 display qos cos-local-precedence-map ···························································································1-2 display qos-interface all ···················································································································1-2 display qos-interface line-rate ·········································································································1-5 display qos-interface mirrored-to·····································································································1-6 display qos-interface traffic-limit ······································································································1-6 display qos-interface traffic-priority··································································································1-7 display qos-interface traffic-remark-vlanid·······················································································1-8 display queue-scheduler ·················································································································1-8 line-rate············································································································································1-9 mirrored-to ·····································································································································1-10 priority ············································································································································1-12 priority trust····································································································································1-13 protocol-priority protocol-type········································································································1-14...

  • Page 498: Qos Commands

    QoS Commands QoS Commands display protocol-priority Syntax display protocol-priority View Any view Parameters None Description Use the display protocol-priority command to display the list of protocol priorities you assigned with the protocol-priority command. A Switch 4500 supports setting priorities for certain protocol packets generated by it. The supported protocols are Telnet, SNMP, ICMP, and OSPF.

  • Page 499: Display Qos Cos-Local-Precedence-Map

    Field Description Indicate that a priority has been set for Telnet packets with the Protocol: telnet protocol-priority command. A DSCP precedence has been assigned to Telnet packets. The assigned value is 0, that is, be in words. DSCP: be(0) For information about the DSCP precedence range, refer to Table 1-7.
  • Page 500 View Any view Parameters interface-type interface-number: Specifies the type and number of a port, for which QoS configuration information is to be displayed. unit-id: Unit ID of the switch whose QoS-related configuration is to be displayed. Table 1-2 shows the value range for the unit-id argument.
  • Page 501 Mirrored to: monitor interface Ethernet1/0/1: line-rate Inbound: 64 Kbps Burst bucket size: 16 Kbyte Ethernet1/0/1: Queue scheduling mode: weighted round robin weight of queue 0: 1 weight of queue 1: 2 weight of queue 2: 3 weight of queue 3: 4 weight of queue 4: 5 weight of queue 5: 9 weight of queue 6: 13...

  • Page 502: Display Qos-Interface Line-Rate

    Field Description Priority marking action, which can be: cos: Sets 802.1p precedence for packets. Priority action dscp: Sets DSCP precedence for packets. ip-precedence: Sets IP precedence for packets. local-precedence: Sets local precedence for packets. “interface” indicates that the packets are redirected to the port.

  • Page 503: Display Qos-Interface Mirrored-To

    <Sysname> display qos-interface Ethernet 1/0/1 line-rate Ethernet1/0/1: line-rate Inbound: 128 Kbps Burst bucket size: 16 Kbyte Refer to Table 1-3 for the description on the output fields. display qos-interface mirrored-to Syntax display qos-interface { interface-type interface-number | unit-id } mirrored-to View Any view Parameters...

  • Page 504: Display Qos-Interface Traffic-Priority

    Parameters interface-type interface-number: Specifies the type and number of a port for which traffic policing configuration is to be displayed. unit-id: Unit ID of the switch whose traffic policing configuration is to be displayed. For the value range for the unit-id argument, refer to Table 1-2.

  • Page 505: Display Qos-Interface Traffic-Remark-Vlanid

    Related commands: traffic-priority. Examples # Display the priority marking configuration of Ethernet 1/0/1. <Sysname> display qos-interface Ethernet1/0/1 traffic-priority Ethernet1/0/1: traffic-priority Inbound: Matches: Acl 2000 rule 0 running Priority action: dscp ef Refer to Table 1-3 for the description on the output fields. display qos-interface traffic-remark-vlanid Syntax display qos-interface { interface-type interface-number | unit-id } traffic-remark-vlanid...

  • Page 506: Line-Rate

    View Any view Parameters None Description Use the display queue-scheduler command to display the global queue scheduling configuration. This command does not display the weight or bandwidth set for a queue in port view. To display the setting, you can perform the display this command in port view. Related commands: queue-scheduler.
  • Page 507 The granularity of port rate limit is 64 kbps. Assume that the value you provide for the target-rate argument is in the range N*64 to (N+1)*64 (N is a natural number), it will be rounded off to (N+1)*64. burst-bucket burst-bucket-size: Specifies the maximum burst traffic size (in KB). This is the buffer size provided for burst traffic while traffic is being forwarding or received at the rate of target-rate.
  • Page 508 acl-rule: ACL rules to be used for traffic classification. This argument can be a combination of multiple ACLs. For more information about this argument, refer to Table 1-4 Table 1-5. Note that the ACL rules referenced must be those defined with the permit keyword. Table 1-4 Ways of applying combined ACL rules ACL combination Form of the acl-rule argument...

  • Page 509: Priority

    If you mirror traffic to a port, you must configure a monitor port with the mirroring-group monitor-port command or the monitor-port command. For information about the two commands, refer to the part talking about mirroring. Traffic mirroring and local port mirroring share the same monitor port. Related commands: display qos-interface mirrored-to.

  • Page 510: Priority Trust

    View Ethernet port view Parameters priority-level: Port priority, ranging from 0 to 7. Description Use the priority command to configure trusting port priority and set the priority of the port. Use the undo priority command to restore the default. By default, port priority is trusted and the priority of an Ethernet port is 0. After you execute the priority command on a port, the port priority rather than the 802.1p priority of each inbound 802.1q-tagged packet is used to identify the matching local precedence for the packet (in the 802.1p-precedence-to-local precedence mapping table).

  • Page 511: Protocol-Priority Protocol-Type

    By default, port priority is trusted and the priority of a port is 0. After you execute the priority trust command on a port, the 802.1p priority of each inbound 802.1q-tagged packet is used to identify the matching local precedence for the packet (in the 802.1p-precedence-to-local precedence mapping table).
  • Page 512 IP precedence (in words) IP precedence (in digits) network dscp dscp-value: Specifies an DSCP precedence in digits for the specified protocol, in the range of 0 to 63. Alternatively, you can specify the DSCP precedence in words; available keywords are listed in Table 1-7.

  • Page 513: Qos Cos-Local-Precedence-Map

    By default, the IP precedence and the DSCP precedence are 0 for all protocol packets generated by the current switch. Related commands: display protocol-priority. On a Switch 4500, you can set priority for protocol packets of Telnet, SNMP, and ICMP. Examples # Set the IP precedence to 3 for SNMP protocol packets.

  • Page 514: Queue-Scheduler

    Description Use the qos cos-local-precedence-map command to configure the 802.1p priority-to-local precedence mapping. Use the undo qos cos-local-precedence-map command to restore the default settings. Table 1-8 lists the default 802.1p priority-to-local precedence mapping. Table 1-8 The default 802.1p priority-to-local precedence mapping 802.1p priority Local precedence Related commands: display qos cos-local-precedence-map.
  • Page 515 undo queue-scheduler In Ethernet port view queue-scheduler { wfq queue0-width queue1-width queue2-width queue3-width queue4-width queue5-width queue6-width queue7-width | wrr queue0-weight queue1-weight queue2-weight queue3-weight queue4-weight queue5-weight queue6-weight queue7-weight } undo queue-scheduler View System view, Ethernet port view Parameters strict-priority: Uses the Strict Priority (SP) algorithm for queue scheduling. wfq: Uses the Weighted Fair Queuing (WFQ) algorithm for queue scheduling.
  • Page 516 Queue ID Weight A port of a Switch 4500 supports eight output queues, to which these queue scheduling algorithms are applicable: SP, WRR, and WFQ. With WRR (or WFQ) adopted, if you set the weight or the bandwidth of one or multiple queues to 0, the device will add the queue or these queues to the SP group, where SP is adopted.
  • Page 517 [Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] queue-scheduler wrr 1 2 3 4 5 6 7 8 # Display the global queue scheduling configuration. [Sysname-Ethernet1/0/1] display queue-scheduler Queue scheduling mode: weighted round robin weight of queue 0: 2 weight of queue 1: 2 weight of queue 2: 4 weight of queue 3: 4 weight of queue 4: 6...
  • Page 518 On Ethernet 1/0/1, assume that the filter command is configured to filter packets destined to IP address 2.2.2.2 and the traffic-limit command is configured to limit the rate of packets sourced from IP address 1.1.1.1 within 128 kbps. Whether packets conforming to the rate limit of 128 kbps, sourced from IP address 1.1.1.1, and destined to IP address 2.2.2.2 (referred to as packets A later) will be dropped depends on the union-effect keyword of the traffic-limit command.

  • Page 519: Traffic-Priority

    <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] acl number 4000 [Sysname-acl-ethernetframe-4000] rule permit source 200 [Sysname-acl-ethernetframe-4000] quit [Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] traffic-limit inbound link-group 4000 128 burst-bucket 64 exceed drop traffic-priority Syntax traffic-priority { inbound | outbound } acl-rule { { dscp dscp-value | ip-precedence { pre-value | from-cos } } | cos { pre-value | from-ipprec } | local-precedence pre-value }* undo traffic-priority { inbound | outbound } acl-rule View...
  • Page 520 802.1p priority (in words) 802.1p priority (in digits) video voice network-management local-precedence pre-value: Sets the local precedence. The pre-value argument ranges from 0 to 7. Description Use the traffic-priority command to configure priority marking on a port. Use the undo traffic-priority command to remove the priority marking configuration. This command is used to set precedence for traffic matching a specified ACL rule: If 802.1p priority marking is configured, the traffic will be mapped to the local precedence corresponding to the re-marked 802.1p priority and assigned to the output queue corresponding to...

  • Page 521: Traffic-Priority Vlan

    <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] acl number 3000 [Sysname-acl-adv-3000] rule permit udp source-port eq dns [Sysname-acl-adv-3000] quit [Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] traffic-priority inbound ip-group 3000 dscp cs2 # Set the 802.1p priority of inbound packets sourced from IP address 1.1.1.1 to the value of their IP precedence on Ethernet 1/0/1.

  • Page 522: Traffic-Remark-Vlanid

    local-precedence pre-value: Sets the local precedence, which is in the range 0 to 7. Description Use the traffic-priority vlan command to configure priority marking for the packets received or transmitted by any ports in the specified VLAN. Use the undo traffic-priority vlan command to cancel the configuration. Related commands: traffic-priority, display qos-interface traffic-priority.

  • Page 523: Wred

    remark-vlan remark-vlanid: Specified the target VLAN ID, to which the VLAN IDs of the packets matching specific ACL rules are to be mapped. Description Use the traffic-remark-vlanid command to enable VLAN mapping and set the target VLAN ID for packets matching specific ACL rules. Use the undo traffic-remark-vlanid command to disable VLAN mapping for packets matching specific ACL rules.
  • Page 524 Examples # Enable the WRED function for queue 2 on Ethernet 1/0/1, specifying to drop packets at random when the number of packets in queue 2 exceeds 64 and setting the dropping probability to 20%. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface Ethernet1/0/1 [Sysname-Ethernet1/0/1] wred 2 64 20 1-27...
  • Page 525 Table of Contents 1 Mirroring Commands ···································································································· 1-1 Mirroring Commands ··································································································· 1-1 display mirroring-group ························································································· 1-1 mirroring-group····································································································· 1-3 mirroring-group mirroring-port ··············································································· 1-3 mirroring-group monitor-port ················································································· 1-4 mirroring-group reflector-port ················································································ 1-5 mirroring-group remote-probe vlan ········································································ 1-6 mirroring-port ······································································································· 1-7 monitor-port ········································································································· 1-8 remote-probe vlan enable ·····················································································...

  • Page 526: Mirroring Commands

    Mirroring Commands Mirroring Commands display mirroring-group Syntax display mirroring-group { group-id | all | local | remote-destination | remote-source } View Any view Parameters group-id: Specifies the mirroring group of which the configurations are to be displayed. The argument takes a value in the range of 1 to 20. all: Specifies to display the parameter settings of all mirroring groups.

  • Page 527: Mirroring-Group

    type: remote-source status: active mirroring port: Ethernet1/0/1 inbound reflector port: Ethernet1/0/2 remote-probe vlan: 10 # Display the configurations of a remote destination mirroring group on your Ethernet switch. <Sysname> display mirroring-group 3 mirroring-group 3: type: remote-destination status: active monitor port: Ethernet1/0/3 remote-probe vlan: 20 Table 1-1 Description on the fields of the display mirroring-group command Field...

  • Page 528: Mirroring-Group Mirroring-Port

    mirroring-group Syntax mirroring-group group-id { local | remote-destination | remote-source } undo mirroring-group { group-id | all | local | remote-destination | remote-source } View System view Parameters group-id: Number of a port mirroring group, in the range 1 to 20. all: Specifies to remove all mirroring groups.

  • Page 529: Mirroring-Group Monitor-Port

    View System view, Ethernet port view Parameters group-id: Number of a port mirroring group, in the range 1 to 20. mirroring-port mirroring-port-list: Specifies a list of source ports. mirroring-port-list is available in system view only, and there is no such argument in Ethernet port view. mirroring-port-list is provided in the format of mirroring-port-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-8>, where interface-type is the port type, and interface-number is the port number, and &<1-8>...

  • Page 530: Mirroring-Group Reflector-Port

    undo mirroring-group group-id monitor-port monitor-port View System view, Ethernet port view Parameters group-id: Number of a port mirroring group, in the range 1 to 20. monitor-port monitor-port: Specifies the destination port for port mirroring. monitor-port is available in system view only, and there is no such argument in Ethernet port view. Description Use the mirroring-group monitor-port command to configure the destination port for a local mirroring group or a remote destination mirroring group.

  • Page 531: Mirroring-Group Remote-Probe Vlan

    Parameters group-id: Number of a port mirroring group, in the range 1 to 20. reflector-port reflector-port: Specifies the reflector port. reflector-port is available in system view only, and there is no such argument in Ethernet port view. Description Use the mirroring-group reflector-port command to specify the reflector port for a remote source mirroring group.

  • Page 532: Mirroring-Port

    Description Use the mirroring-group remote-probe vlan command to specify the remote-probe VLAN for a remote source/destination mirroring group. Use the undo mirroring-group remote-probe vlan command to remove the configuration of remote-probe VLAN for a remote source/destination mirroring group. Note that, before configuring a VLAN as the remote-probe VLAN for a remote source/destination mirroring group, you need to use the remote-probe vlan enable command to configure the VLAN as a remote-probe VLAN first.

  • Page 533: Monitor-Port

    A copy of each packet passing through a source port will be sent to the corresponding destination port. Related commands: display mirroring-group. When you configure mirroring source port on an Ethernet port of a Switch 4500, if mirroring group 1 does not exist, the switch will automatically create local mirroring group 1 and add the source port to the group;...

  • Page 534: Remote-Probe Vlan Enable

    It is recommended that you use a destination port for port mirroring purpose only. Do not use a destination port to transmit other service packets. Related commands: display mirroring-group. When you configure mirroring destination port on an Ethernet port of a Switch 4500, if mirroring group 1 does not exist, the switch will automatically create local mirroring group 1 and add the destination port to the group;...
  • Page 535 Related commands: mirroring-group remote-probe vlan. Examples # Configure VLAN 5 as the remote-probe VLAN. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] vlan 5 [Sysname-vlan5] remote-probe vlan enable 1-10...
  • Page 536 Table of Contents 1 XRN Fabric Commands·····························································································································1-1 XRN Fabric Commands ··························································································································1-1 change self-unit ·······························································································································1-1 change unit-id ··································································································································1-2 display ftm ·······································································································································1-4 display xrn-fabric ·····························································································································1-7 fabric save-unit-id ····························································································································1-8 fabric-port enable···························································································································1-10 ftm fabric-vlan ································································································································1-11 xrn-fabric authentication-mode······································································································1-12 port link-type xrn-fabric ··················································································································1-12 reset ftm statistics··························································································································1-13 set unit name ·································································································································1-13 sysname ········································································································································1-14...

  • Page 537: Xrn Fabric Commands

    XRN Fabric Commands XRN Fabric Commands change self-unit Syntax change self-unit to { unit-id | auto-numbering } View System view Parameters unit-id: Changes the unit ID of the current switch to a specified value which is in the range of 1 to 8. auto-numbering: Changes the numbering mode of unit ID on the current switch to automatic numbering mode.

  • Page 538: Change Unit-Id

    If you do not bring up the fabric port, you cannot change the unit ID of a switch. After the unit ID of a device is changed, the unit ID-related information of this device in the configuration file of the fabric will be upgraded automatically. If the unit ID of a device changes from 2 to 4, the port description of this device in the configuration file automatically changes from 2/0/x to 4/0/x.
  • Page 539 Unit IDs in an XRN fabric are not always arranged in order of 1 to 8. Unit IDs in an XRN fabric can be inconsecutive. After the unit ID of a device is changed, the unit ID-related information of this device in the configuration file of the fabric will be upgraded automatically.

  • Page 540: Display Ftm

    From the above example, you can see the original unit ID of the device with MAC address 000f-cbb7-3264 is 6. After the configuration, this unit ID changes to 4, and the priority of the device changes to 5. display ftm Syntax display ftm { information | topology-database } View...
  • Page 541 Table 1-1 display ftm information command output description Field Description FTM State: DISC STATE: In the topology discovery state. FTM State LISTEN STATE: In the topology discovery state, and the FTM slave device is listening. HB STATE: The fabric operates normally. Unit ID: Unit ID FTM-Master...
  • Page 542 Field Description Numbers of various negotiation packets: Advertise Advertise ACK Heart Beat: Heat beat packet, which is used to advertise topology connections to the units by the FTM-Master after convergence. Left Check: Handshake packets between Advertise neighbors. They are sent from the left port Advertise ACK : and used to monitor the state of the Heart Beat...

  • Page 543: Display Xrn-Fabric

    Field Description Priority value: 10 means the switch adopts automatic numbering Priority means switch adopts manual numbering Manual numbering has a higher priority than automatic numbering. Fabric port, In a bus topology structure, the units Fabric-Port at both ends of the bus have only one fabric port connected, displayed as Left/ or /Right.

  • Page 544: Fabric Save-Unit-Id

    # Display the fabric port of the current device. <Sysname> display xrn-fabric port GigabitEthernet1/0/25 Fabric peer: Unknown Fabric Status: Unknown Fabric mode: Unknown-speed mode, Unknown-duplex mode input: 0 packets, 0 bytes, 0 input errors output: 7343 packets, 2250406 bytes, 0 output errors fabric save-unit-id Syntax fabric save-unit-id...
  • Page 545 ed UnitID(4) in flash! Unit 1 saved unit ID successfully. Unit 2 saved unit ID successfully. Unit 3 saved unit ID successfully. Unit 4 saved unit ID successfully. Unit 5 saved unit ID successfully. Unit 6 saved unit ID successfully. Unit 7 saved unit ID successfully.

  • Page 546: Fabric-Port Enable

    000f-cbb7-3264 10 Left/ 000f-cbb7-2260 10 /Right 1 000f-cbb7-2734 10 Left/ From the above example, you can see the priority of each unit restores to 10 and the numbering mode changes from M (manual numbering) to A (automatic numbering). fabric-port enable Syntax fabric-port interface-type interface-number enable undo fabric-port interface-type interface-number enable...

  • Page 547: Ftm Fabric-Vlan

    Establishing an XRN system requires a high consistency of the configuration of each device. Hence, before you bring up the fabric port, do not perform any configuration for the port, and do not enable some functions that affect the XRN for other ports or globally. Otherwise, you cannot bring up the fabric port.

  • Page 548: Xrn-Fabric Authentication-Mode

    [Sysname] ftm fabric-vlan 2 xrn-fabric authentication-mode Syntax xrn-fabric authentication-mode { simple password | md5 key } undo xrn-fabric authentication-mode View System view Parameters simple: Uses simple authentication mode. password: Password for fabric authentication, a string of 1 to 16 characters. md5: Uses MD5 encryption authentication mode.

  • Page 549: Reset Ftm Statistics

    Description Use the port link-type command to configure an Ethernet port as the fabric port. This command has the same function with the fabric-port enable command, and is available only in gigabit port view. By default, no port is configured as the fabric port. Note that: After you use the port link-type xrn-fabric command to specify a port as the fabric port, you cannot use the port link-type command to change the port to a port of other types.

  • Page 550: Sysname

    Parameters unit-id: Unit ID of a device. unit-name: Name of the specified unit, a string of 1 to 64 characters. Description Use the set unit name command to set a name for a device. Device name visually identifies a device by showing its location, role in the fabric, and connected networks, thus facilitating configuration and maintenance.
  • Page 551 By default, the fabric name of a Switch 4500 Series Ethernet switch is 4500. Examples # Change the fabric name of the device to hello. <Sysname> display xrn-fabric Fabric name is 4500, system mode is L3. Unit Name Unit ID First Second 2(*)
  • Page 552 Table of Contents 1 Cluster Configuration Commands ···········································································································1-1 NDP Configuration Commands···············································································································1-1 display ndp ······································································································································1-1 ndp enable·······································································································································1-3 ndp timer aging································································································································1-3 ndp timer hello ·································································································································1-4 reset ndp statistics···························································································································1-5 NTDP Configuration Commands ············································································································1-6 display ntdp ·····································································································································1-6 display ntdp device-list ····················································································································1-7 ntdp enable······································································································································1-9 ntdp explore·····································································································································1-9 ntdp hop·········································································································································1-10 ntdp timer·······································································································································1-11 ntdp timer hop-delay······················································································································1-11...
  • Page 553 reboot member ······························································································································1-40 snmp-host······································································································································1-41 tftp get············································································································································1-41 tftp put············································································································································1-42 tftp-server ······································································································································1-43 timer···············································································································································1-44 tracemac········································································································································1-44 Enhanced Cluster Feature Configuration Commands ··········································································1-45 black-list·········································································································································1-45 display cluster base-members·······································································································1-46 display cluster base-topology ········································································································1-47 display cluster black-list·················································································································1-48 display cluster current-topology·····································································································1-49 display ntdp single-device mac-address ·······················································································1-50 topology accept ·····························································································································1-52 topology restore-from ····················································································································1-53 topology save-to ····························································································································1-53...

  • Page 554: Display Ndp

    Cluster Configuration Commands NDP Configuration Commands display ndp Syntax display ndp [ interface interface-list ] View Any view Parameters interface interface-list: Specifies a port list. You need to provide the interface-list argument in the form of { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where to is used to specify a port range, and &<1-10>...
  • Page 555 Aging Time: 147(s) MAC Address : 000f-e20f-1234 Port Name : Ethernet1/0/1 Software Ver: 3Com OS V3.03.00s56c01 Device Name : Switch 4500 26-Port Port Duplex : AUTO Product Ver : Switch 4500 26-Port Table 1-1 Description on the fields of the two commands...

  • Page 556: Ndp Enable

    ndp enable Syntax ndp enable [ interface interface-list ] undo ndp enable [ interface interface-list ] View System view, Ethernet port view Parameters interface-list: Ethernet port list, in the format of { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where to is used to specify a port range, and &<1-10> means that you can provide up to ten port indexes/port index ranges for this argument.

  • Page 557: Ndp Timer Hello

    Description Use the ndp timer aging command to set the holdtime of the NDP information. This command specifies how long an adjacent device should hold the NDP neighbor information received from the local switch before discarding the information. Use the undo timer aging command to restore the default holdtime of NDP information. By default, the holdtime of NDP information is 180 seconds.

  • Page 558: Reset Ndp Statistics

    Examples # Set the interval between sending NDP packets to 80 seconds. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] ndp timer hello 80 reset ndp statistics Syntax reset ndp statistics [ interface interface-list ] View User view Parameters interface-list: Ethernet port list, in the format of { interface-type interface-number [ to interface-type interface-number ] } &<1-10>, where to is used to specify a port range, and &<1-10>...

  • Page 559: Ntdp Configuration Commands

    NTDP Configuration Commands display ntdp Syntax display ntdp View Any view Parameters None Description Use the display ntdp command to display the global NTDP information. The displayed information includes topology collection range (hop count), topology collection interval (NTDP timer), device/port forwarding delay of topology collection requests, and time used by the last topology collection.

  • Page 560: Display Ntdp Device-List

    Hostname : 4500 : 000f-e20f-1234 Platform : Switch 4500 : 100.100.1.1/24 Version: 3Com Corporation Switch 4500 26-Port Software Version 3Com OS V3.03.00s56c01 Copyright (c) 2004-2008 3Com Corporation and its licensors, All rights reserved. Switch 4500-26Port Switch 4500-V3.03.00s56c01 Cluster Candidate switch...
  • Page 561 Platform : Switch 4500 : 16.1.1.1/24 Version: 3Com Corporation Switch 4500 26-Port Software Version 3Com OS V3.03.00s56c01 Copyright (c) 2004-2008 3Com Corporation and its licensors, All rights reserved. Switch 4500-26Port Switch 4500-V3.03.00s56c01 Cluster Candidate switch Peer MAC Peer Port ID...

  • Page 562: Ntdp Enable

    Field Description Duplex Duplex mode of the neighbor device port ntdp enable Syntax ntdp enable undo ntdp enable View System view, Ethernet port view Parameters None Description Use the ntdp enable command to enable NTDP globally or on a port. Use the undo ntdp enable command to disable NTDP globally or on a port.

  • Page 563: Ntdp Hop

    information from all devices in a specific network range (which can be set through the ntdp hop command) as well as the connection information of all its neighbors. Through this information, the management device or the network management software knows the topology in the network range, and thus it can manage and monitor the devices in the range.

  • Page 564: Ntdp Timer

    ntdp timer Syntax ntdp timer interval-in-minutes undo ntdp timer View System view Parameters interval-in-minutes: Interval (in minutes) to collect topology information, ranging from 0 to 65,535. A value of 0 disables topology information collection. Description Use the ntdp timer command to configure the interval to collect topology information periodically. Use the undo ntdp timer command to restore the default interval.

  • Page 565: Ntdp Timer Port-Delay

    Parameters time: Device forwarding delay in milliseconds. This argument ranges from 1 to 1,000. Description Use the ntdp timer hop-delay command to set the delay for devices to forward topology collection requests. Use the undo ntdp timer hop-delay command to restore the default device forwarding delay. By default, the device forwarding delay is 200 ms.

  • Page 566: Cluster Configuration Commands

    You can use the command on a collecting switch. The delay value you set by the ntdp timer port-delay command is carried in the topology collection requests sent by the collecting switch, and is used by collected devices to determine the topology collection request forwarding delay between two ports. Examples # Set the port forwarding delay for collected switches to forward NTDP requests to 40 ms.

  • Page 567: Administrator-Address

    System View: return to User View with Ctrl+Z. [aaa_0.Sysname] cluster [aaa_0.Sysname-cluster] add-member 6 mac-address 000f-e20f-35e7 password 123456 administrator-address Syntax administrator-address mac-address name name undo administrator-address View Cluster view Parameters mac-address: MAC address of the management device to be specified. name: Name of an existing cluster, a string of up to 8 characters. Note that the name of a cluster can only contain alphanumeric characters, minus signs (-), and underscores (_).
  • Page 568 View Cluster view Parameters recover: Recovers all member devices. Description Use the auto-build command to start an automatic cluster building process. You can execute this command on a management device or on a switch to be configured as a management device. When you execute this command on a candidate device, you are prompted to enter a cluster name to build a cluster.
  • Page 569 Collecting candidate list, please wait... #Apr 3 08:12:32:832 2000 aaa_0.Sysname CLST/5/Cluster_Trap:- 1 - OID:1.3.6.1.4.1.2011.6.7.1.0.3(hgmpMemberStatusChange):member 00.00.00.00.00.12. a9.90.22.40 role change, NTDPIndex:0.00.00.00.00.00.12.a9.90.22.40, Role:1 Candidate list: Name Hops MAC Address Device 3Com 0016-e0c0-c201 Switch 4500-26Port 3Com 000f-e221-616e Switch 5500-EI-28Port FX 3Com 000f-e202-2180 Switch 4500-50Port SwitchA...

  • Page 570: Build

    build Syntax build name undo build View Cluster view Parameters name: Name to be set for the cluster, a string of up to 8 characters, which can only be alphanumeric characters, minus signs (-), and underscores (_). Description Use the build command to build a cluster with a cluster name or change the cluster name. Use the undo build command to remove the cluster.
  • Page 571 To reduce the risk of being attacked by malicious users against opened socket and enhance switch security, the Switch 4500 series Ethernet switches provide the following functions, so that a cluster socket is opened only when it is needed: Opening UDP port 40000 (used for cluster) only when the cluster function is implemented, Closing UDP port 40000 at the same time when the cluster function is closed.

  • Page 572: Cluster

    cluster Syntax cluster View System view Parameters None Description Use the cluster command to enter cluster view. Examples # Enter cluster view. <Sysname> system-view System View: return to User View with Ctrl+Z [Sysname] cluster [Sysname-cluster] cluster enable Syntax cluster enable undo cluster enable View System view...

  • Page 573: Cluster Switch-To

    When you execute undo cluster enable command on a device that does not belong to any cluster, the cluster function is disabled on the device, and thus you cannot create a cluster on the device or add the device to an existing cluster. Examples # Enable the cluster function on the switch.

  • Page 574: Cluster-Local-User

    When you execute this command on the management device with an inexistent member number or a MAC address that is not in the member list, an error will occur. In this case, you can enter quit to end the switching. Examples # Switch from the management device to number-6 member device and then switch back to the management device.

  • Page 575: Cluster-Mac

    <aaa_0.Sysname> system-view System View: return to User View with Ctrl+Z. [aaa_0.Sysname] cluster [aaa_0.Sysname-cluster] cluster-local-user public password simple 123 cluster-mac Syntax cluster-mac H-H-H undo cluster-mac View Cluster view Parameters H-H-H: Multicast MAC address to be set for the cluster, in hexadecimal format. This argument can be one of the following addresses: 0180-C200-0000, 0180-C200-000A, 0180-C200-0020 to 0180-C200-002F.

  • Page 576: Cluster-Mac Syn-Interval

    cluster-mac syn-interval Syntax cluster-mac syn-interval time-interval View Cluster view Parameters time-interval: Interval to send multicast MAC synchronization packets, ranging from 0 to 30 minutes. Description Use the cluster-mac syn-interval command to set the interval for the management device to send HGMP V2 multicast MAC synchronization packets periodically.

  • Page 577: Cluster-Snmp-Agent Group V

    write: Indicates that the community has read-write access right to MIB objects, that is, an SNMP NMS is capable of configuring the devices when it uses this community name to access the agent. community-name: Community name, a string of 1 to 27 characters. view-name: MIB view name, a string of 1 to 32 characters.

  • Page 578: Cluster-Snmp-Agent Mib-View Included

    authentication: Specifies the security model of the SNMP group as authentication only (without privacy). privacy: Specifies the security model of the SNMP group as authentication and privacy. read-view read-view: Read view, a string of 1 to 32 characters. The default read view is ViewDefault. write-view write-view: Write view, a string of 1 to 32 characters.

  • Page 579: Cluster-Snmp-Agent Usm-User V

    Parameters view-name: View name, a string of 1 to 32 characters. The default view is ViewDefault. oid-tree: MIB subtree, identified by the OID of the subtree root node or the name of the subtree root node. The value is a string of 1 to 255 characters. included: Indicates that all nodes of the MIB tree are included in the current view.

  • Page 580: Delete-Member

    groupname: Group name, a string of 1 to 32 characters. authentication-mode: Specifies the security model as authentication. If you do not provide this keyword, the security model defaults to no authentication no privacy. md5: Specifies the authentication protocol as MD5. MD5 generates a 128-bit message digest and it is faster than SHA.

  • Page 581: Display Cluster

    Parameters member-id: Member number of a member device, ranging from 1 to 255. to-black-list: Adds the device removed from a cluster to the blacklist to prevent it from being added to the cluster. Description Use the delete-member command to remove a member device from the cluster. Note that a cluster will collect the topology information at the topology collection interval.
  • Page 582 Description Use the display cluster command to display the status and statistics information of the cluster to which the current switch belongs. Executing this command on a member device will display the following information: cluster name, member number of the current switch, MAC address and status of the management device, holdtime, and interval to send handshake packets.

  • Page 583: Display Cluster Candidates

    Handshake timer:10 sec Handshake hold-time:60 sec Administrator device mac address:000f-e20f-3901 Administrator status:Up Table 1-5 Description on the fields of the display cluster command Field Description Name of the cluster, which can be configured Cluster name through the build command Role Role of this switch Number of the management VLAN, which can be Management-vlan...
  • Page 584 : 4500-3 : 000f-e20f-3190 Platform : Switch 4500 : 16.1.1.1/24 # Display detailed information about all candidate devices. <aaa_0.Sysname-cluster> display cluster candidates verbose Hostname : 3Com : 000f-e200-3334 Platform : Switch 4500 : 16.1.1.11/24 Hostname : 5500-EI-3 : 000f-e20f-3190 Platform : Switch 5500-EI : 16.1.1.1/24...

  • Page 585: Display Cluster Members

    Table 1-7 Description on the fields of display cluster candidates verbose Field Description Hostname Name of the candidate device MAC address of the candidate device Hops from the management device to the candidate device IP address of the candidate device Platform Platform of the candidate device display cluster members...
  • Page 586 Member status:Admin Hops to administrator device:0 IP: 100.100.1.1/24 Version: 3Com Corporation Switch 4500 26-Port Software Version 3Com OS V3.03.00s56c01 Copyright (c) 2004-2008 3Com Corporation and its licensors, All rights reserved. Switch 4500-26Port Switch 4500-V3.03.00s56c01 Member number:1 Name:aaa_1.Sysname Device:Switch 4500 MAC Address:000f-e200-3334...

  • Page 587: Ftp Cluster

    Field Description Name Device name Device Device type MAC Address Device MAC address Member status Device status Hops to administrator device Hops from the device to the management device Device IP address Version Software version of the device ftp cluster Syntax ftp cluster View...

  • Page 588: Ftp-Server

    User(none):hello 331 Password required for hello. Password: 230 User logged in. ftp-server Syntax ftp-server ip-address undo ftp-server View Cluster view Parameters ip-address: IP address of the FTP server to be configured for the cluster. Description Use the ftp-server command to configure a shared FTP server for the cluster on the management device.

  • Page 589: Ip-Pool

    View Cluster view Parameters seconds: Neighbor information holdtime in seconds, ranging from 1 to 255. Description Use the holdtime command to configure the neighbor information holdtime of the member switches. Use the undo holdtime command to restore the default holdtime value. By default, the neighbor information holdtime is 60 seconds.

  • Page 590: Logging-Host

    Description Use the ip-pool command to configure a private IP address pool on the management device. Use the undo ip-pool command to cancel the IP address pool configuration. Before creating a cluster, you must first configure a private IP address pool. When a candidate device joins a cluster, the management device dynamically assigns a private IP address in the pool to it, so that the candidate device can communicate with other devices in the cluster.

  • Page 591: Management-Vlan

    [aaa_0.Sysname-cluster] logging-host 10.10.10.9 management-vlan Syntax management-vlan vlan-id undo management-vlan View System view Parameters vlan-id: ID of the VLAN to be specified as the management VLAN. Description Use the management-vlan command to specify the management VLAN on the switch. Use the undo management-vlan command to restore the default management VLAN. By default, VLAN 1 is used as the management VLAN.

  • Page 592: Nm-Interface Vlan-Interface

    Parameters None Description Use the management-vlan synchronization enable command to enable the management VLAN synchronization function for the cluster. Use the undo management-vlan synchronization enable command to disable the function. By default, the management VLAN synchronization function is disabled. You can use this command only on the management device. By enabling the management VLAN synchronization function on the management device, you can enable the management device to send a management VLAN synchronization packet to the connected devices periodically.

  • Page 593: Reboot Member

    By default, the management VLAN interface is used as the NM interface. There is only one NM interface on a management device; any newly configured NM interface will overwrite the old one. Examples # Configure VLAN-interface 2 as the NM interface. <Sysname>...

  • Page 594: Snmp-Host

    snmp-host Syntax snmp-host ip-address undo snmp-host View Cluster view Parameters ip-address: IP address of a SNMP network management station (NMS) to be configured for the cluster. Description Use the snmp-host command to configure a shared SNMP NMS for the cluster on the management device.

  • Page 595: Tftp Put

    Description Use the tftp get command to download a file from a specific directory on the shared TFTP server to the switch. You can use the tftp-server command on the management device to configure the shared TFTP server of the cluster, which is used for software version update and configuration file backup of the cluster members.

  • Page 596: Tftp-Server

    Related commands: tftp get,tftp-server. You need to specify the cluster keyword completely in the command. Examples # Upload file config.cfg on the switch to the shared TFTP server of the cluster and save it as temp.cfg. <123_1.Sysname> tftp cluster put config.cfg temp.cfg tftp-server Syntax tftp-server ip-address...

  • Page 597: Timer

    timer Syntax timer interval undo timer View Cluster view Parameters interval: Interval (in seconds) to send handshake packets. This argument ranges from 1 to 255. Description Use the timer command to set the interval between sending handshake packets. Use the undo timer command to restore the default value of the interval. By default, the interval between sending handshake packets is 10 seconds.

  • Page 598: Enhanced Cluster Feature Configuration Commands

    Description Use the tracemac command to trace a device in a cluster through the specified destination MAC address or IP address, and to display the path from the current device to the destination device. When using the destination IP address to trace a device, the switch looks up the ARP entry corresponding to the IP address, and then looks up the MAC address entry according to the ARP entry.

  • Page 599: Display Cluster Base-Members

    Parameters mac-address: MAC address of the device to be added to the blacklist. The format is H-H-H, for example, 000f-e298-e001. all: Deletes all MAC address in the current cluster blacklist. Description Use the black-list add-mac command to add the specified MAC address to the cluster blacklist, so that the device with the specified MAC address cannot join the cluster.

  • Page 600: Display Cluster Base-Topology

    Description Use the display cluster base-members command to display the information about all the devices in the base cluster topology, such as member number, name, MAC address, and the current status of each device in a cluster. Examples # Display the information about all the devices in the base cluster topology. <aaa_0.Sysname>...

  • Page 601: Display Cluster Black-List

    <aaa_0.Sysname> display cluster base-topology -------------------------------------------------------------------- (PeerPort) ConnectFlag (NativePort) [SysName:DeviceMac] -------------------------------------------------------------------- [aaa_0.3Com:000f-e202-2180] ├-(P_0/40)<-->(P_0/6)[Sysname:000f-e200-2200] ├-(P_0/28)<-->(P_3/0/1)[Sysname:000f-e200-1774] ├-(P_0/22)<-->(P_1/0/2)[aaa_5.3Com:000f-e200-5111] ├-(P_0/18)<-->(P_3/0/2)[Sysname Switch 4500:000f-e218-d0d0] ├-(P_0/14)<-->(P_1/0/2)[Sysname:000f-e200-5601] └-(P_0/4)<-->(P_0/2)[Switch 4500-26Port:000f-e200-00cc] The output information of the display cluster base-topology command is in the following format: (peer port number)<-->(local port number)[peer device name:peer device MAC address] For example, (P_0/40)<-->(P_0/6)[Sysname:000f-e200-2200] means that the peer device uses its port...

  • Page 602: Display Cluster Current-Topology

    Table 1-11 Description on the fields of the display cluster black-list command Field Description ID of the device in the blacklist, expressed by the Device ID MAC address of the device ID of the device (in the cluster) that is connected Access Device ID with a device in the blacklist, expressed by the MAC address of the device...

  • Page 603: Display Ntdp Single-Device Mac-Address

    (PeerPort) ConnectFlag (NativePort) [SysName:DeviceMac] -------------------------------------------------------------------- ConnectFlag: <--> normal connect ---> odd connect **** in blacklist ???? lost device ++++ new device -┤├- STP discarding -------------------------------------------------------------------- [aaa_0.3Com:000f-e202-2180] ├-(P_0/40)<-->(P_0/6)[Sysname:000f-e200-2200] ├-(P_0/28)<-->(P_3/0/1)[Sysname:000f-e200-1774] ├-(P_0/24)****(P_1/0/6)[clie:000f-e200-5502] ├-(P_0/22)<-->(P_1/0/2)[aaa_5.3Com:000f-e200-5111] ├-(P_0/18)<-->(P_3/0/2)[Sysname:000f-e218-d0d0] ├-(P_0/14)<-->(P_1/0/2)[Sysname:000f-e200-5601] ├-(P_0/10)<-->(P_1/0/1)[aaa_7.Switch5500-EI:0012-a990-2241] ├-(P_0/4)<-->(P_0/2)[Switch 4500:000f-e200-00cc] └-(P_0/1)****(P_0/1)[Sysname:00e0-fd34-bc66] display ntdp single-device mac-address...
  • Page 604 : 000f-e200-3956 Platform : Switch 4500-26Port Version: 3Com Corporation Switch 4500 26-Port Software Version 3Com OS V3.03.00s56c01 Copyright (c) 2004-2008 3Com Corporation and its licensors, All rights reserved. Switch 4500-26Port Switch 4500-V3.03.00s56c01 Cluster Candidate switch Peer MAC Peer Port ID...

  • Page 605: Topology Accept

    topology accept Syntax topology accept { all [ save-to local-flash ] | mac-address mac-address | member-id member-id | administrator } View Cluster view Parameters all: Accepts the current cluster topology as the standard topology. save-to: Saves the standard topology of the current cluster to the local Flash or the cluster FTP server. local-flash: Saves the standard topology of the current cluster to the local Flash.

  • Page 606: Topology Restore-From

    topology restore-from Syntax topology restore-from local-flash View Cluster view Parameters local-flash: Restores the standard topology of the cluster from the local Flash memory. Description Use the topology restore-from command to restore the standard topology of the cluster from the Flash memory of the administrative device when errors occur to the topology, and advertise the topology to the member devices of the cluster to ensure normal operation of the cluster.
  • Page 607 This command is applicable to only the management device of a cluster. Related commands: topology restore-from. Examples # Enter Cluster view. <aaa_0.Sysname>system-view System View: return to User View with Ctrl+Z. [aaa_0.Sysname] cluster [aaa_0.Sysname-cluster] # Save the standard topology of the cluster to the local Flash. [aaa_0.Sysname-cluster] topology save-to local-flash Base topology backup to file OK 1-54...
  • Page 608 Table of Contents 1 PoE Configuration Commands ················································································································1-1 PoE Configuration Commands ···············································································································1-1 display poe disconnect ····················································································································1-1 display poe interface························································································································1-1 display poe interface power·············································································································1-3 display poe powersupply ·················································································································1-4 display poe temperature-protection·································································································1-5 poe disconnect ································································································································1-6 poe enable·······································································································································1-6 poe legacy enable ···························································································································1-7 poe max-power································································································································1-7 poe mode·········································································································································1-8 poe power-management··················································································································1-9 poe priority·······································································································································1-9...

  • Page 609: Display Poe Disconnect

    PoE Configuration Commands PoE Configuration Commands display poe disconnect Syntax display poe disconnect View Any view Parameters None Description Use the display poe disconnect command to view the current PD disconnection detection mode of the switch. Examples # Display the PD disconnection detection mode. <Sysname>...
  • Page 610 Examples # Display the PoE status of Ethernet 1/0/10. <Sysname> display poe interface Ethernet1/0/10 Port power enabled :enable Port power ON/OFF Port power status :Standard PD was detected Port power mode :signal Port PD class port power priority :low Port max power :15400 mW Port current power :460 mW...

  • Page 611: Display Poe Interface Power

    Ethernet1/0/1 enable signal Standard PD was detected Ethernet1/0/2 enable signal Standard PD was detected Ethernet1/0/3 enable signal detection is in process Ethernet1/0/4 enable signal detection is in process Ethernet1/0/5 enable signal detection is in process Ethernet1/0/6 enable signal detection is in process Ethernet1/0/7 enable signal...

  • Page 612: Display Poe Powersupply

    Description Use the display poe interface power command to view the power information of a specific port of the switch. If the interface-type interface-number argument is not specified, the command displays the power information of all ports of the switch. Examples # Display the power information of Ethernet 1/0/10.

  • Page 613: Display Poe Temperature-Protection

    PSE Software Version :290 PSE Hardware Version :000 PSE CPLD Version :078 PSE Power-Management mode :auto Table 1-3 display poe powersupply command output description Field Description PSE ID Identification of the PSE The enabled/disabled status of the nonstandard PSE Legacy Detection PD detection PSE Total Power Consumption Total power consumption of the PSE...

  • Page 614: Poe Disconnect

    <Sysname> display poe temperature-protection The temperature protection is enabled. poe disconnect Syntax poe disconnect { ac | dc } undo poe disconnect View System view Parameters ac: Specifies the PD disconnection detection mode as ac. dc: Specifies the PD disconnection detection mode as dc. Description Use the poe disconnect command to configure a PD disconnection detection mode.

  • Page 615: Poe Legacy Enable

    If you delete the default configuration file without specifying another one, the PoE function on a port will be disabled after you restart the device. You can use the display poe interface command to display whether PoE is enabled on a port. Examples # Enable the PoE feature on Ethernet 1/0/3.

  • Page 616: Poe Mode

    Parameters max-power: Maximum power distributed to the port, ranging from 1,000 to 15,400, in mW. Description Use the poe max-power command to configure the maximum power that can be supplied by the current port. Use the undo poe max-power command to restore the maximum power supplied by the current port to the default value.

  • Page 617: Poe Power-Management

    System View: return to User View with Ctrl+Z. [Sysname] interface Ethernet 1/0/3 [Sysname-Ethernet1/0/3] poe mode signal poe power-management Syntax poe power-management { auto | manual } undo poe power-management View System view Parameters auto: Adopts the auto mode, namely, a PoE management mode based on PoE priority of the port. manual: Adopts the manual mode.

  • Page 618: Poe Temperature-Protection

    Description Use the poe priority command to configure the PoE priority of a port. Use the undo poe priority command to restore the default PoE priority. By default, the PoE priority of a port is low. When the available power of the PSE is too small, the PoE priority and the PoE management mode are used together to determine how to allocate PoE power for the new PDs.

  • Page 619: Poe Update

    You can use the display poe temperature-protection command to display whether PoE over-temperature protection is enabled on the switch. Examples # Disable PoE over-temperature protection on the switch. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] undo poe temperature-protection enable The temperature protection is disabled.

  • Page 620: Update Fabric

    [Sysname] poe update refresh 0400_001.S19 Update PoE board successfully update fabric Syntax update fabric { file-url | device-name file-url } View User view Parameters file-url: File path + file name of the host software in the flash memory, a string of 1 to 64 characters. The specified PSE processing software is a file with the extension .s19.

  • Page 621: Apply Poe-Profile

    PoE Profile Configuration Commands PoE Profile Configuration Commands apply poe-profile Syntax In system view use the following commands: apply poe-profile profile-name interface interface-type interface-number [ to interface-type interface-number ] undo apply poe-profile profile-name interface interface-type interface-number [ to interface-type interface-number ] In Ethernet port view use the following commands: apply poe-profile profile-name undo apply poe-profile profile-name...

  • Page 622: Display Poe-Profile

    PoE profile is a set of PoE configurations. One PoE profile can contain multiple PoE features. When the apply poe-profile command is used to apply a PoE profile to a port, some PoE features can be applied successfully while some cannot. PoE profiles are applied to Switch 4500 according to the following rules: When the apply poe-profile command is used to apply a PoE profile to a port, the PoE profile is applied successfully only if one PoE feature in the PoE profile is applied properly.

  • Page 623: Poe-Profile

    <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] display poe-profile name profile-test Poe-profile: profile-test, 3 action poe enable poe max-power 5000 poe priority critical poe-profile Syntax poe-profile profile-name undo poe-profile profile-name View System view Parameters profile-name: Name of PoE profile, a string of 1 to 15 characters. It starts with a letter from a to z or from A to Z, and it cannot be any of reserved keywords like all, interface, user, undo, and mode.
  • Page 624 Table of Contents 1 UDP Helper Configuration Commands····································································································1-1 UDP Helper Configuration Commands ···································································································1-1 display udp-helper server ················································································································1-1 reset udp-helper packet···················································································································1-1 udp-helper enable····························································································································1-2 udp-helper port ································································································································1-2 udp-helper server ····························································································································1-4...

  • Page 625: Udp Helper Configuration Commands

    UDP Helper Configuration Commands UDP Helper Configuration Commands display udp-helper server Syntax display udp-helper server [ interface Vlan-interface vlan-id ] View Any view Parameters vlan-id: VLAN interface number. Description Use the display udp-helper server command to display the UDP broadcast relay forwarding information.
  • Page 626 View User view Parameters None Description Use the reset udp-helper packet command to clear UDP Helper statistics. Examples # Clear UDP Helper statistics. <Sysname> reset udp-helper packet udp-helper enable Syntax udp-helper enable undo udp-helper enable View System view Parameters None Description Use the udp-helper enable command to enable UDP Helper function.
  • Page 627 Parameters port-number: Number of the UDP port with which UDP packets are to be forwarded, in the range 0 to 65535 (except for 67 and 68). dns: Forwards Domain Name System (DNS) data packets. The corresponding UDP port number is 53. netbios-ds: Forwards NetBIOS data packets.
  • Page 628 udp-helper server Syntax udp-helper server ip-address undo udp-helper server [ ip-address ] View VLAN interface view Parameters ip-address: IP address of the destination server, in dotted decimal notation. Description Use the udp-helper server command to specify the destination server to which the UDP packets are to be forwarded.
  • Page 629 Table of Contents 1 SNMP Configuration Commands ·············································································································1-1 SNMP Configuration Commands············································································································1-1 display snmp-agent ·························································································································1-1 display snmp-agent community·······································································································1-1 display snmp-agent group ···············································································································1-3 display snmp-agent mib-view ··········································································································1-4 display snmp-agent statistics ··········································································································1-5 display snmp-agent sys-info ············································································································1-8 display snmp-agent trap-list ············································································································1-9 display snmp-agent usm-user ·········································································································1-9 enable snmp trap updown ·············································································································1-11 snmp-agent····································································································································1-11 snmp-agent calculate-password····································································································1-12...

  • Page 630: Snmp Configuration Commands

    SNMP Configuration Commands SNMP Configuration Commands display snmp-agent Syntax display snmp-agent { local-engineid | remote-engineid } View Any view Parameters local-engineid: Displays the local SNMP entity engine ID. remote-engineid: Displays all the remote SNMP entity engine IDs. At present, the device does not support application of the keyword.
  • Page 631 Parameters read: Displays the information about the SNMP communities with read-only permission. write: Displays the information about the SNMP communities with read-write permission. Description Use the display snmp-agent community command to display the information about the SNMPv1/SNMPv2c communities with the specific access permission. SNMPv1 and SNMPv2c use community name authentication.

  • Page 632: Display Snmp-Agent Group

    Field Description Storage type, which can be: volatile: Information will be lost if the system is rebooted nonVolatile: Information will not be lost if the system is rebooted Storage-type permanent: Modification is permitted, but deletion is forbidden readOnly: Read only, that is, no modification, no deletion other: Other storage types display snmp-agent group...

  • Page 633: Display Snmp-Agent Mib-View

    Table 1-2 display snmp-agent group command output description Field Description Group name SNMP group name of the user SNMP group security mode, which can be AuthPriv (authentication with privacy), Security model AuthnoPriv (authentication without privacy), and noAuthnoPriv (no authentication no privacy). Read-only MIB view corresponding to the SNMP Readview group...

  • Page 634: Display Snmp-Agent Statistics

    View name:ViewDefault MIB Subtree:iso Subtree mask: Storage-type: nonVolatile View Type:included View status:active View name:ViewDefault MIB Subtree:snmpUsmMIB Subtree mask: Storage-type: nonVolatile View Type:excluded View status:active View name:ViewDefault MIB Subtree:snmpVacmMIB Subtree mask: Storage-type: nonVolatile View Type:excluded View status:active View name:ViewDefault MIB Subtree:snmpModules.18 Subtree mask: Storage-type: nonVolatile View Type:excluded...
  • Page 635 Examples # Display the statistics on SNMP packets. <Sysname> display snmp-agent statistics 1276 Messages delivered to the SNMP entity 0 Messages which were for an unsupported version 0 Messages which used a SNMP community name not known 0 Messages which represented an illegal operation for the community supplied 0 ASN.1 or BER errors in the process of decoding 1291 Messages passed from the SNMP entity 0 SNMP PDUs which had badValue error-status...
  • Page 636 Field Description The total number of SNMP PDUs which were delivered to the SNMP protocol entity and for SNMP PDUs which had genErr error-status which the value of the error-status field is `genErr'. The total number of SNMP PDUs which were SNMP PDUs which had noSuchName delivered to the SNMP protocol entity and for error-status...

  • Page 637: Display Snmp-Agent Sys-Info

    For the detailed configuration, refer to the snmp-agent sys-info command. By default, the contact information of A Switch 4500 is "3Com Corporation.", the geographical location is " Marlborough, MA 01752 USA", and the SNMP version employed is SNMPv3.

  • Page 638: Display Snmp-Agent Trap-List

    SNMPv3 display snmp-agent trap-list Syntax display snmp-agent trap-list View Any view Parameters None Description Use the display snmp-agent trap-list command to display the modules that can generate traps and whether the sending of traps is enabled on the modules. If a module contains multiple submodules, the trap function of the entire module is displayed as enabled as long as the trap function of any of the submodules is enabled.
  • Page 639 Parameters engineid: Engine ID, a string of 10 to 64 hexadecimal digits. user-name: SNMPv3 username, a string of 1 to 32 characters. group-name: Name of an SNMP group, a string of 1 to 32 characters. Description Use the display snmp-agent usm-user command to display the information about a specific type of SNMPv3 users.

  • Page 640: Enable Snmp Trap Updown

    enable snmp trap updown Syntax enable snmp trap updown undo enable snmp trap updown View Ethernet port view, interface view Parameters None Description Use the enable snmp trap updown command to enable the sending of port/interface linkUp/linkDown traps. Use the undo enable snmp trap updown command to disable the sending of linkUp/linkDown traps. By default, the sending of port/interface linkUp/linkDown traps is enabled.

  • Page 641: Snmp-Agent Calculate-Password

    Description Use the snmp-agent command to enable the SNMP agent. Use the undo snmp-agent command to disable the SNMP agent. Execution of the snmp-agent command or any of the commands used to configure the SNMP agent, you can start the SNMP agent. By default, the SNMP agent is disabled.

  • Page 642: Snmp-Agent Community

    Description Use the snmp-agent calculate-password command to encrypt a plain-text password to generate a cipher-text one by using the specified encryption algorithm. When creating an SNMPv3 user, if you specify an authentication or privacy password as in cipher text, you need to use this command to generate a cipher text password by using the specified algorithm, and copy the generated cipher text password to use.

  • Page 643: Snmp-Agent Group

    Description Use the snmp-agent community command to create an SNMP community. SNMPv1 and SNMPv2c use community name to restrict access rights. You can use this command to configure a community name and configure read or write access right and ACL. Use the undo snmp-agent community command to remove an SNMP community.
  • Page 644 write-view: Read-write view name, a string of 1 to 32 characters. By default, no write view is configured, namely, the NMS cannot perform the write operation on the MIB objects of the device. notify-view: Notification view name in which traps can be sent, a string of 1 to 32 characters. By default, no notify view is configured, namely, the agent will not send traps to the NMS.

  • Page 645: Snmp-Agent Local-Engineid

    Group name: v3group Security model: v3 AuthPriv Readview: ViewDefault Writeview: <no specified> Notifyview :<no specified> Storage-type: nonVolatile Acl:2001 snmp-agent local-engineid Syntax snmp-agent local-engineid engineid undo snmp-agent local-engineid View System view Parameters engineid: Engine ID, an even number of hexadecimal characters, in the range 10 to 64. Description Use the snmp-agent local-engineid command to set an engine ID for the local SNMP entity.

  • Page 646: Snmp-Agent Mib-View

    Parameters set-operation: Logs the set operations. get-operation: Logs the get operations. all: Logs both the set operations and get operations. Description Use the snmp-agent log command to enable network management operation logging. Use the undo snmp-agent log command to disable network management operation logging. By default, network management operation logging is disabled.
  • Page 647 view-name: View name. oid-tree: OID MIB subtree of a MIB subtree. It can be the ID of a node in OID MIB subtree (such as 1.4.5.3.1) or an OID (such as “system”). mask mask-value: Mask of a MIB subtree, an even number of hexadecimal characters, in the range 2 to 32.

  • Page 648: Snmp-Agent Packet Max-Size

    <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname]snmp-agent community read rip2read mib-view rip2 [Sysname]snmp-agent community write rip2write mib-view rip2 # Create an SNMP MIB view with the name of view-a, MIB subtree of 1.3.6.1.5.4.3.4 and subtree mask of FE.
  • Page 649 Multiple SNMP versions can be running the on the device at the same time to allow access of different NMSs. By default, the contact information of a Switch 4500 is " 3Com Corporation.", the geographical location is " Marlborough, MA 01752 USA", and the SNMP version employed is SNMPv3.

  • Page 650: Snmp-Agent Target-Host

    snmp-agent target-host Syntax snmp-agent target-host trap address udp-domain ip-address [ udp-port port-number ] params securityname security-string [ v1 | v2c | v3 [authentication | privacy ] ] undo snmp-agent target-host ip-address securityname security-string View System view Parameters trap: Enables the host to receive SNMP traps. address: Specifies the destination for the SNMP traps.

  • Page 651: Snmp-Agent Trap Enable

    [Sysname] snmp-agent trap enable standard [Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public snmp-agent trap enable Syntax snmp-agent trap enable [ configuration | flash | standard [ authentication | coldstart | linkdown | linkup | warmstart ]* | system ] undo snmp-agent trap enable [ configuration | flash | standard [ authentication | coldstart | linkdown | linkup | warmstart ]* | system ] View...

  • Page 652: Snmp-Agent Trap Ifmib

    # Before the configuration of the extended trap function, the trap information is as follows when a link is down: #Apr 2 05:53:15:883 2000 3Com L2INF/2/PORT LINK STATUS CHANGE:- 1 - Trap 1.3.6.1.6.3.1.1.5.3(linkDown): portIndex is 4227634, ifAdminStatus is 2, ifOperStatus is 2 #Apr 2 05:53:16:094 2000 3Com IFNET/5/TRAP:- 1 -1.3.6.1.6.3.1.1.5.3(linkDown) Interface 31...

  • Page 653: Snmp-Agent Trap Life

    snmp-agent trap life Syntax snmp-agent trap life seconds undo snmp-agent trap life View System view Parameters seconds: SNMP trap aging time (in seconds) to be set, ranging from 1 to 2,592,000. Description Use the snmp-agent trap life command to set the SNMP trap aging time. SNMP traps exceeding the aging time will be discarded.

  • Page 654: Snmp-Agent Trap Source

    After a trap is generated, it will enter the trap queue to be sent. The length of a trap queue decides the maximum number of traps in the queue. When a trap queue reaches the configured length, the newly generated traps will enter the queue, and the traps generated the earliest will be discarded. Related commands: snmp-agent trap enable, snmp-agent target-host, and snmp-agent trap life.

  • Page 655: Snmp-Agent Usm-User { V1 | V2C

    Examples # Configure VLAN-interface 1 as the source interface for the SNMP traps sent. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] snmp-agent trap source Vlan-interface 1 snmp-agent usm-user { v1 | v2c } Syntax snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ] undo snmp-agent usm-user { v1 | v2c } user-name group-name View System view...

  • Page 656: Snmp-Agent Usm-User V3

    [Sysname] snmp-agent usm-user v2c userv2c readCom Specify the SNMP version of the NMS as SNMPv2c, fill the write community name field with userv2c. Then the NMS can access the agent. # Create an SNMPv2c user userv2c in group readCom, permitting only the NMS with an IP address 1.1.1.1 to access the agent, and denying the access of other NMSs.
  • Page 657 acl-number: Binds a user with an ACL, where acl-number represents ACL number, in the range 2000 to 2999. Using ACLs can restrict the source addresses of SNMP messages, namely, permitting or refusing the SNMP messages with specific source addresses, thus restricting access between the NMS and the agent.
  • Page 658 <Sysname> system-view [Sysname] snmp-agent group v3 testgroup privacy [Sysname] snmp-agent usm-user v3 testUser testGroup authentication-mode md5 authkey privacy-mode des56 prikey On the NMS, set the version to SNMPv3, the username to testUser, the authentication algorithm to MD5, the authentication password to authkey, the privacy algorithm to DES, and the privacy password to prikey, and establish a connection with the device.

  • Page 659: Rmon Configuration Commands

    RMON Configuration Commands RMON Configuration Commands display rmon alarm Syntax display rmon alarm [ entry-number ] View Any view Parameters entry-number: Alarm entry index, in the range 1 to 65535. Description Use the display rmon alarm command to display the configuration of a specified alarm entry or all the alarm entries.

  • Page 660: Display Rmon Event

    Field Description Sampling interval, in seconds. The system Sampling interval performs absolute or delta sampling on the sampled node at this interval. Rising threshold. When the sampled value Rising threshold equals or exceeds the rising threshold, an alarm is triggered. Falling threshold.

  • Page 661: Display Rmon Eventlog

    Event table 1 owned by user1 is VALID. Description: null. Will cause log-trap when triggered, last triggered at 0days 00h:02m:27s. Table 2-2 display rmon event command output description Field Description Event table Index of an entry in the RMON event table The status of the entry identified by the index is VALID valid.

  • Page 662: Display Rmon History

    less than(or =) 100 with alarm value 0. Alarm sample type is absolute. Table 2-3 display rmon eventlog command output description Field Description Event table Index of an entry in the RMON event table The status of the entry identified by the index is VALID valid.

  • Page 663: Display Rmon Prialarm

    History control entry 1 owned by user1 is VALID Samples interface : Ethernet1/0/1<ifIndex.4227625> Sampling interval : 5(sec) with 10 buckets max Latest sampled values : Dropevents , octets : 10035 packets : 64 , broadcast packets : 35 multicast packets : 8 , CRC alignment errors : 0 undersize packets : 0 , oversize packets...
  • Page 664 View Any view Parameters prialarm-entry-number: Extended alarm entry Index, in the range 1 to 65,535. Description Use the display rmon prialarm command to display the configuration of an RMON extended alarm entry. If you do not specify the prialarm-entry-number argument, the configuration of all the extended alarm entries is displayed.

  • Page 665: Display Rmon Statistics

    Field Description Linked with event Event index corresponding to an alarm The condition under which an alarm is triggered, which can be: risingOrFallingAlarm: An alarm is triggered when the rising or falling threshold is When startup enables: risingOrFallingAlarm reached. risingAlarm: An alarm is triggered when the rising threshold is reached.

  • Page 666: Rmon Alarm

    Interface : Ethernet1/0/1<ifIndex.4227625> etherStatsOctets : 30561 , etherStatsPkts : 217 etherStatsBroadcastPkts : 102 , etherStatsMulticastPkts : 25 etherStatsUndersizePkts , etherStatsOversizePkts etherStatsFragments , etherStatsJabbers etherStatsCRCAlignErrors : 0 , etherStatsCollisions etherStatsDropEvents (insufficient resources): 0 Packets received according to length: : 177 65-127 : 27 128-255 256-511: 0...
  • Page 667 Parameters entry-number: Index of the alarm entry to be added/removed, in the range 1 to 65535. alarm-variable: Alarm variable, a string comprising 1 to 256 characters in dotted node OID format (such as 1.3.6.1.2.1.2.1.10.1). Only the variables that can be resolved to ASN.1 INTEGER data type (that is, INTEGER, Counter, Gauge, or TimeTicks) can be used as alarm variables.

  • Page 668: Rmon Event

    Comparison Operation The sample value is smaller than the set lower Triggering the event identified by the threshold (threshold-value2) event-entry2 argument Before adding an alarm entry, you need to use the rmon event command to define the events to be referenced by the alarm entry.

  • Page 669: Rmon History

    description string: Specifies the event description, a string of 1 to 127 characters. log: Logs events. trap: Sends traps to the NMS. trap-community: Community name of the NMS that receives the traps, a string of 1 to 127 characters. log-trap: Logs the event and sends traps to the NMS. log-trapcommunity: Community name of the NMS that receives the traps, a character string of 1 to 127 characters.

  • Page 670: Rmon Prialarm

    Description Use the rmon history command to add an entry to the history control table. If you do not specify the owner text keyword/argument combination, the owner of the entry is displayed as “null”. Use the undo rmon history command to remove an entry from the history control table. You can use the rmon history command to sample a specific port.
  • Page 671 threshold-value2: Lower threshold, in the range 0 to 2147483647. event-entry2: Index of the event entry that corresponds to the falling threshold, in the range 0 to 65535. forever: Specifies the corresponding RMON alarm instance is valid permanently. cycle: Specifies the corresponding RMON alarm instance is valid periodically. cycle-period: Life time (in seconds) of the RMON alarm instance, in the range 0 to 2147483647.

  • Page 672: Rmon Statistics

    Falling threshold: 5 Event 1 is triggered when the change ratio is larger than the rising threshold. Event 2 is triggered when the change ratio is less than the falling threshold. The alarm entry is valid forever. Entry owner: user1 <Sysname>...
  • Page 673 For each port, only one RMON statistics entry can be created. That is, if an RMON statistics entry was already created for a given port, you will fail to create a statistics entry with a different index for the port. You can use the display rmon statistics command to display the information about the statistics entry.
  • Page 674 Table of Contents 1 NTP Configuration Commands ················································································································1-1 NTP Configuration Commands ···············································································································1-1 display ntp-service sessions············································································································1-1 display ntp-service status ················································································································1-3 display ntp-service trace··················································································································1-4 ntp-service access···························································································································1-5 ntp-service authentication enable····································································································1-6 ntp-service authentication-keyid······································································································1-7 ntp-service broadcast-client ············································································································1-7 ntp-service broadcast-server···········································································································1-8 ntp-service in-interface disable········································································································1-8 ntp-service max-dynamic-sessions ·································································································1-9 ntp-service multicast-client ············································································································1-10 ntp-service multicast-server ··········································································································1-10 ntp-service reliable authentication-keyid ·······················································································1-11...

  • Page 675: Ntp Configuration Commands

    NTP Configuration Commands To protect unused sockets against attacks by malicious users and improve security, 3Com S4500 series Ethernet switches provide the following functions: UDP port 123 is opened only when the NTP feature is enabled. UDP port 123 is closed as the NTP feature is disabled.
  • Page 676 Examples # View the brief information of all sessions maintained by NTP services. <Sysname> display ntp-service sessions source reference stra reach poll now offset delay disper ************************************************************************* [12345]3.0.1.32 LOCL -14.3 12.9 [25]3.0.1.31 127.127.1.0 1 4408.6 38.7 note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured Total associations : Table 1-1 display ntp-service sessions command output description Field...

  • Page 677: Display Ntp-Service Status

    Field Description Total associations Total number of associations An S4500 series switch does not establish a session with its client when it works in the NTP server mode, but does so when it works in other NTP implementation modes. display ntp-service status Syntax display ntp-service status View...

  • Page 678: Display Ntp-Service Trace

    Field Description Address of the remote server or ID of the reference clock after the local clock is Reference clock ID synchronized to a remote NTP server or a reference clock Nominal frequency of the local hardware clock, Nominal frequency in Hz.

  • Page 679: Ntp-Service Access

    Table 1-3 display ntp-service trace command output description Field Description server IP address of the NTP server The stratum level of the corresponding system stratum clock The clock offset relative to the upper-level clock, offset in milliseconds. The synchronization distance relative to the synch distance upper-level clock, in seconds Identifier of the primary reference source.

  • Page 680: Ntp-Service Authentication Enable

    NTP service access-control rights from the highest to the lowest are peer, server, synchronization, and query. When a local NTP server receives an NTP request, it will perform an access-control right match and will use the first matched right. The ntp-service access command only provides a minimal degree of security measure. A more secure way is to perform identity authentication.

  • Page 681: Ntp-Service Authentication-Keyid

    ntp-service authentication-keyid Syntax ntp-service authentication-keyid key-id authentication-mode md5 value undo ntp-service authentication-keyid key-id View System view Parameters key-id: Authentication key ID, in the range of 1 to 4294967295. You can configure up to 1024 keys. value: Authentication key string. You can input 1 to 16 simple text characters, or 24 cipher text characters.

  • Page 682: Ntp-Service Broadcast-Server

    Use the undo ntp-service broadcast-client command to remove the configuration. By default, no NTP operate mode is configured. Examples # Configure the switch to operate in the broadcast client mode and receive NTP broadcast packets through VLAN-interface 1. <Sysname> system-view System View: return to User View with Ctrl+Z.

  • Page 683: Ntp-Service Max-Dynamic-Sessions

    View VLAN interface view Parameters None Description Use the ntp-service in-interface disable command to disable the interface from receiving NTP packets. Use the undo ntp-service in-interface disable command to restore the default. By default, the interface can receive NTP packets. Examples # Disable VLAN-interface 1 from receiving NTP packets.

  • Page 684: Ntp-Service Multicast-Client

    ntp-service multicast-client Syntax ntp-service multicast-client [ ip-address ] undo ntp-service multicast-client [ ip-address ] View VLAN interface view Parameters ip-address: Multicast IP address, in the range of 224.0.1.0 to 224.0.1.255. The default IP address is 224.0.1.1. Description Use the ntp-service multicast-client command to configure an Ethernet switch to operate in the NTP multicast client mode and receive NTP multicast packets through the current interface.

  • Page 685: Ntp-Service Reliable Authentication-Keyid

    Description Use the ntp-service multicast-server command to configure an Ethernet switch to operate in the NTP multicast server mode and send NTP multicast packets through the current interface. Use the undo ntp-service multicast-server command to remove the configuration. By default, no NTP operate mode is configured. Examples # Configure the switch to send NTP multicast packets through VLAN-interface 1, and set the multicast group address to 224.0.1.2, keyid to 4, and the NTP version number to 2.

  • Page 686: Ntp-Service Source-Interface

    [Sysname] ntp-service reliable authentication-keyid 37 ntp-service source-interface Syntax ntp-service source-interface Vlan-interface vlan-id undo ntp-service source-interface View System view Parameters vlan-interface vlan-id: Specifies an interface. The IP address of the interface serves as the source IP address of sent NTP packets. The vlan-id argument indicates the ID of the specified VLAN interface. Description Use the ntp-service source-interface command to specify a VLAN interface through which NTP packets are to be sent.

  • Page 687: Ntp-Service Unicast-Server

    priority: Specifies the peer identified by the remote-ip argument as the preferred peer for synchronization. source-interface Vlan-interface vlan-id: Specifies an interface whose IP address serves as the source IP address of NTP packet sent to the peer. vlan-id is the VLAN interface number. version number: Specifies the NTP version number.
  • Page 688 authentication-keyid key-id: Specifies the key ID used for sending packets to the NTP server. The key-id argument ranges from 1 to 4294967295. priority: Specifies the server identified by the remote-ip or the server-name argument as the preferred server. source-interface Vlan-interface vlan-id: Specifies an interface whose IP address serves as the source IP address of NTP packets sent by the local switch to the server.
  • Page 689 Table of Contents 1 SSH Commands·········································································································································1-1 SSH Commands ·····································································································································1-1 display public-key local····················································································································1-1 display public-key peer ····················································································································1-2 display rsa local-key-pair public ······································································································1-3 display rsa peer-public-key··············································································································1-4 display ssh server····························································································································1-5 display ssh server-info·····················································································································1-6 display ssh user-information············································································································1-7 display ssh2 source-ip ·····················································································································1-7 display ssh-server source-ip············································································································1-8 peer-public-key end ·························································································································1-8 protocol inbound ······························································································································1-9 public-key local create ···················································································································1-10...

  • Page 690: Ssh Commands

    SSH Commands In this document, you can distinguish the local and peer as follows: if the local is an SSH server, the peer is an SSH client; if the local is an SSH client, the peer is an SSH server. SSH Commands display public-key local Syntax...

  • Page 691: Display Public-Key Peer

    30819F300D06092A864886F70D010101050003818D0030818902818100C7C4D2E1C59A75908417C660AD1D5E B172AB6EE9AAF994DB7A1C31EB87F750EE12A57832C6070FC008A5EE2B6675FD6A430575D97350E300A20FEB 773D93D7C3565467B0CA6B95C07D3338C523743B49D82C5EC2C9458D248955846F9C32F4D25CC92D0E831E56 4BBA6FAE794EEC6FCDEDB822909CC687BEBF51F3DFC5C30D590203010001 display public-key peer Syntax display public-key peer [ brief | name pubkey-name ] View Any view Parameters brief: Displays brief information about the locally saved public keys of all SSH peers. pubkey-name: Name of the public key, a string of 1 to 64 characters. Description Use the display public-key peer command to display information about locally saved public keys of the SSH peers.

  • Page 692: Display Rsa Local-Key-Pair Public

    --------------------------- 1023 idrsa 1024 # Display the information about the public key named pubkey-name. <Sysname> display public-key peer name pubkey-name ===================================== Key name : pubkey-name Key type : RSA Key module: 1024 ===================================== Key Code: 30819D300D06092A864886F70D010101050003818B00308187028181009C46A8710216CEC0C01C7CE136BA76 C79AA6040E79F9E305E453998C7ADE8276069410803D5974F708496947AB39B3F39C5CE56C95B6AB7442D563 93BF241F99A639DD02D9E29B1F5C1FD05CC1C44FBD6CFFB58BE6F035FAA2C596B27D1231D159846B7CB9A775 7C5800FADA9FD72F65672F4A549EE99F63095E11BD37789955020123 display rsa local-key-pair public Syntax display rsa local-key-pair public View...

  • Page 693: Display Rsa Peer-Public-Key

    9AA6651C 6066EF76 242DEAD1 DEFEA162 61677BD4 1A7BFAE7 668EDAA9 FB048C37 A0F1354D 5798C202 2253F4F5 0203 010001 display rsa peer-public-key Syntax display rsa peer-public-key [ brief | name keyname ] View Any view Parameters brief: Displays brief information about the public keys of all SSH peers. keyname: Specifies a key by its name, which is a string of 1 to 64 characters.

  • Page 694: Display Ssh Server

    ===================================== Key name : abcd Key type : RSA Key module: 1024 ===================================== Key Code: 30819F300D06092A864886F70D010101050003818D0030818902818100B0EEC8768E310AE2EE44D65A2F944E 2E6F32290D1ECBBFFF22AA11712151FC29F1C1CD6D7937723F77103576C41A03DB32F32C46DEDA68566E89B5 3CD4DF8F9899B138C578F7666BFB5E6FE1278A84EC8562A12ACBE2A43AF61394276CE5AAF5AF01DA8B0F33E0 8335E0C3820911B90BF4D19085CADCE0B50611B9F6696D31930203010001 display ssh server Syntax display ssh server { session | status } View Any view Parameters session: Displays SSH session information. status: Displays SSH status information.

  • Page 695: Display Ssh Server-Info

    Field Description SSH version Encry Encryption algorithm used by SSH State Session status Retry Number of connection retries SerType Service type Username User name display ssh server-info Syntax display ssh server-info View Any view Parameters None Description Use the display ssh server-info command on an SSH client to display the mappings between SSH servers and their public keys saved on the client.

  • Page 696: Display Ssh User-Information

    display ssh user-information Syntax display ssh user-information [ username ] View Any view Parameters username: SSH user name, a string of 1 to 184 characters. It cannot contain any of these characters: slash (/), backslash (\), colon (:), asterisk (*), question mark (?), less than sign (<), greater than sign (>), and the vertical bar sign (|).

  • Page 697: Display Ssh-Server Source-Ip

    Parameters None Description Use the display ssh2 source-ip command to display the current source IP address or the IP address of the source interface specified for the SSH client. If neither source IP address nor source interface is specified, the command displays 0.0.0.0. Related commands: ssh2 source-ip.

  • Page 698: Protocol Inbound

    Description Use the peer-public-key end command to return from public key view to system view. Related commands: rsa peer-public-key, public-key-code begin, public-key peer. Examples # Exit public key view. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] rsa peer-public-key Switch003 RSA public key view: return to System View with "peer-public-key end".

  • Page 699: Public-Key Local Create

    If you have configured a user interface to support SSH protocol, to ensure a successful login to the user interface, you must configure AAA authentication for the user interface by using the authentication-mode scheme command. For a user interface, if you have executed the authentication-mode password or authentication-mode none command, the protocol inbound ssh command cannot be executed;...

  • Page 700: Public-Key Local Destroy

    The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Input the bits in the modulus[default = 1024]: Generating keys..++++++ ..............++++++ ......++++++++ ..++++++++ ..# Display the public key information of the local RSA key pair.

  • Page 701: Public-Key Local Export Rsa

    public-key local export rsa Syntax public-key local export rsa { openssh | ssh1 | ssh2 } [ filename ] View System view Parameters rsa: Specifies the host public key of the current switch’s RSA key pair. openssh: Specifies the format of the exported public key as OpenSSH. ssh1: Specifies the format of the exported public key as SSH1.

  • Page 702: Public-Key Peer

    ....++++++++ ..++++++++ ..# Display the host public key in the OpenSSH format. [Sysname]public-key local export rsa openssh ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgMSPi+xIkHkAo6E9LwLKWN+eN9EqW/6FIYEIlVKcpIa0 6IT4eSyq4OldeiZ9WorOiDqX3ROo4FmaTR/QCSK3C9whE1qz/4soVL1eHDdgzQCumKKsJCVaM5OdZ2sdNbEnhLuc s8ZrfTgEkDB1hmbgzuDpWPokPfkQDD+8dC+hkFVV rsa-key # Export the host public key in the format of OpenSSH and save the public key file as pub_ssh_file2. [Sysname] public-key local export rsa openssh pub_ssh_file2 # Export the host public key in the format of SSH1 and save the public key file as pub_ssh_file3.

  • Page 703: Public-Key Peer Import Sshkey

    PKEY public key view: return to System View with "peer-public-key end". [Sysname-peer-public-key] public-key peer import sshkey Syntax public-key peer keyname import sshkey filename undo public-key peer keyname View System view Parameters keyname: Name of the public key , a string of 1 to 64 characters. filename: Name of a public key file, a string of 1 to 142 characters.

  • Page 704: Public-Key-Code Begin

    NOTES: If the key modulus is greater than 512, It will take a few minutes. Input the bits in the modulus[default = 1024]: Generating keys..........++++++ ..++++++ ....++++++++ ..++++++++ ..[Sysname] public-key local export rsa ssh2 pub # Send the public key file of the SSH client to the SSH using FTP or TFTP. The configuration is omitted. # On the SSH server, import the SSH client's public key from the public key file, and then assign the public key to the SSH client.

  • Page 705: Public-Key-Code End

    [Sysname-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913 [Sysname-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4 [Sysname-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC [Sysname-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16 [Sysname-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125 [Sysname-rsa-key-code] public-key-code end [Sysname-rsa-public-key] public-key-code end Syntax public-key-code end View Public key edit view Parameters None Description Use the public-key-code end command to return from public key edit view to public key view and save the public key you input.

  • Page 706: Rsa Local-Key-Pair Create

    rsa local-key-pair create Syntax rsa local-key-pair create View System view Parameters None Description Use the rsa local-key-pair create command to generate an RSA key pair for the current switch. Note that: After entering this command, you will be prompted to provide the length of the key modulus. The length is in the range 512 to 2048 bits and defaults to 1024 bits.

  • Page 707: Rsa Local-Key-Pair Destroy

    028180 F0C0EDA9 FA2E2FAC 4B16CA34 677F1861 A13E89BE 6AAAC326 4E17268D EFADED1A FCA39047 52F18422 B8C875DF 3626150D 4057EE12 371D5E62 57D34A16 5045A403 FA805F72 B2780C9A 041ED99E 2841F600 AB30DB10 821EF338 1FA54FE5 3DC79E46 74E45127 3D4CA70F 253645DA 57524DC3 513BAC53 2C1B7F8F 2481FA79 D4AA15C7 0203 010001 rsa local-key-pair destroy Syntax rsa local-key-pair destroy View System view Parameters...

  • Page 708: Rsa Peer-Public-Key Import Sshkey

    Parameters keyname: Name of the public key to be configured , a string of 1 to 64 characters. Description Use the rsa peer-public-key command to enter public key view. Use the undo rsa peer-public-key command to remove the setting. After using this command, you can use the public-key-code begin command to configure the peer public key.

  • Page 709: Ssh Authentication-Type Default

    After execution of this command, the system automatically transforms the public key file into PKCS format, and imports the peer public key. This requires that you get a copy of the public key file from the peer through FTP/TFTP. Only public key files in the format of SSH1 or SSH2 are supported. Currently, only public keys with the modulues being in the range 512 to 2048 bits can be imported to the switch.

  • Page 710: Ssh Client Assign

    Use the undo ssh authentication-type default command to remove the specified default authentication mode. That is, no default authentication mode is specified for SSH users. In this case, when an SSH user is added, you must specify an authentication mode for the user at the same time. By default, no default authentication mode is specified.

  • Page 711: Ssh Client First-Time Enable

    Both the publickey and rsa-key keywords indicate specifying the publickey key. They are implemented with the same method. Description Use the ssh client assign command to specify the name of the public key of the server on the client so that the client can authenticate whether the server to be accessed is reliable.

  • Page 712: Ssh Server Authentication-Retries

    Description Use the ssh client first-time enable command to enable the client to run first-time authentication for the SSH server it accesses for the first time. Use the undo ssh client first-time command to disable the client from running first-time authentication.

  • Page 713: Ssh Server Timeout

    If you have used the ssh user authentication-type command to configure the authentication type of a user to password-publickey, you must set the authentication retry times to a number greater than or equal to 2 (so that the user can access the switch). Related commands: display ssh server.
  • Page 714 View System view Parameters username: SSH user name, a string of 1 to 184 characters. It cannot contain any of these characters: slash (/), backslash (\), colon (:), asterisk (*), question mark (?), less than sign (<), greater than sign (>), and the vertical bar sign (|).

  • Page 715: Ssh User Assign

    [Sysname] display ssh user-information abc Username Authentication-type User-public-key-name Service-type password null stelnet ssh user assign Syntax ssh user username assign { publickey | rsa-key } keyname undo ssh user username assign { publickey | rsa-key } View System view Parameters username: SSH user name, a string of 1 to 184 characters.

  • Page 716: Ssh User Authentication-Type

    [Sysname] display ssh user-information 1 Username Authentication-type User-public-key-name Service-type publickey 127.0.0.1 stelnet ssh user authentication-type Syntax ssh user username authentication-type { all | password | password-publickey | publickey | rsa } undo ssh user username authentication-type View System view Parameters username: SSH user name, a string of 1 to 184 characters.

  • Page 717: Ssh User Service-Type

    After the configuration, the subsequent authentications are implemented automatically without asking you to enter the password. Password-publickey authentication takes the advantages of both the password authentication and publickey authentication. An SSH user must pass both types of authentication before logging in. The combination of password and publickey authentications eliminates the vulnerability of the SSH server caused by the clients.

  • Page 718: Ssh2

    Description Use the ssh user service-type command to configure service type for a user so that the user can access specified service(s). Use the undo ssh user service-type command to remove the service type specified for an SSH user. The default service type for an SSH user is stelnet. Related commands: display ssh user-information.

  • Page 719: Ssh2 Source-Interface

    aes128: AES_128 encryption algorithm. Specifies the preferred client-to-server HMAC (Hash-based message prefer_ctos_hmac: authentication code) algorithm, which is SHA1_96 by default. prefer_stoc_hmac: Specifies the preferred server-to-client HMAC algorithm, which is SHA1_96 by default. sha1: HMAC-SHA1 algorithm. sha1_96: HMAC-SHA1-96 algorithm. md5: HMAC-MD5 algorithm. md5_96: HMAC-MD5-96 algorithm.

  • Page 720: Ssh2 Source-Ip

    Description Use the ssh2 source-interface command to specify a source interface for the SSH client. If the specified interface does not exist, the command fails. Use the undo ssh2 source-interface command to cancel the source interface setting. You can configure an IP address by specifying the corresponding interface for the client to use to access the SSH server.

  • Page 721: Ssh-Server Source-Ip

    View System view Parameters interface-type: Source interface type. interface-number: Source interface number. Description Use the ssh-server source-interface command to specify a source interface for the SSH server. If the specified interface does not exist, the command fails. Use the undo ssh-server source-interface command to cancel the source interface setting. You can specify a source interface that corresponds to the IP address for the SSH server to provide SSH access services for the clients.
  • Page 722 <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] ssh-server source-ip 192.168.0.1 1-33...
  • Page 723 Table of Contents 1 File System Management Configuration Commands ············································································1-1 File System Configuration Commands ···································································································1-1 cd ·····················································································································································1-1 copy ·················································································································································1-2 delete ···············································································································································1-3 dir·····················································································································································1-4 execute ············································································································································1-6 file prompt········································································································································1-7 fixdisk···············································································································································1-8 format···············································································································································1-9 mkdir ················································································································································1-9 more···············································································································································1-10 move ··············································································································································1-11 pwd ················································································································································1-11 rename ··········································································································································1-12 reset recycle-bin ····························································································································1-12 rmdir···············································································································································1-15 undelete·········································································································································1-15 update fabric··································································································································1-16...

  • Page 724: File System Configuration Commands

    File System Management Configuration Commands The 3com 4500 series Ethernet switches support Expandable Resilient Networking (XRN), and allow you to access a file on a switch in one of the following ways: To access a file on the specified unit, you need to specify the file in universal resource locator (URL) format and starting with unit[No.]>flash:/, where [No.] represents the unit ID of the switch.

  • Page 725: Copy

    Parameters directory: Target directory. Description Use the cd command to enter a specified directory on the Ethernet switch. The default directory when a user logs onto the switch is the root directory of Flash memory. Examples # Enter the directory test from the root directory. <Sysname>...

  • Page 726: Delete

    %Copy file unit1>flash:/config.cfg to unit1>flash:/test/config.cfg...Done. delete Syntax delete [ /unreserved ] file-url delete { running-files | standby-files } [ /fabric ] [ /unreserved ] View User view Parameters /unreserved: Specifies to delete a file completely. file-url: Path name or file name of a file in the Flash memory. You can use the * character in this argument as a wildcard.

  • Page 727: Dir

    Delete the running config file? [Y/N]: Delete the running web file? [Y/N]: Delete the backup image file? [Y/N]: Delete the backup config file? [Y/N]: Delete the backup web file? [Y/N]: The corresponding files will be deleted after you choose yes. For deleted files whose names are the same, only the latest deleted file is stored in the recycle bin and can be restored.
  • Page 728 View User view Parameters /all: Specifies to display the information about all the files, including those stored in the recycle bin. /fabric: Specifies to display the information about all the specified files in the fabric. file-url: Path name or the name of a file in the Flash memory. You can use the * character as a wildcard. For example, the dir *.txt command displays the information about all the files with the extension of .txt in the current directory.

  • Page 729: Execute

    7239 KB total (1720 KB free) (*) -with main attribute (b) -with backup attribute (*b) -with both main and backup attribute # Display information about all the files (including the files in the recycle bin) in the root directory of the file system of the fabric.

  • Page 730: File Prompt

    Parameters filename: Batch file, with the extension .bat. Description Use the execute command to execute the specified batch file. Executing a batch file is to execute a set of commands in the batch file one by one. Note that: A batch file cannot contain any invisible character. If any invisible character is found, the system will abort the execution of the batch file, that is, the remaining commands in the batch file will not be executed, but the executed operations will not be cancelled.

  • Page 731: Fixdisk

    If the prompt mode is set to alert, the following messages will be displayed when you delete a file: <Sysname> delete unit1>flash:/te.txt Delete unit1>flash:/te.txt?[Y/N]:y ..%Delete file unit1>flash:/te.txt...Done. The system waits for you to confirm for 30 seconds. If you do not input any confirmation in 30 seconds, the system cancels this file operation, as shown in the following: <Sysname>...

  • Page 732: Format

    format Syntax format device View User view Parameters device: Name of a device. Description Use the format command to format the Flash memory. The format operation clears all the files on the Flash memory, and the operation is irretrievable. Examples # Format the Flash memory.

  • Page 733: More

    To use this command to create a subdirectory, the specified directory must exist. For instance, to create subdirectory flash:/test/mytest, the test directory must exist. Otherwise, you will fail to create the subdirectory. Examples # Create a directory in the current directory, with the name being test. <Sysname>...

  • Page 734: Move

    vlan 2 return <Sysname> move Syntax move fileurl-source fileurl-dest View User view Parameters fileurl-source: Name of the source file. fileurl-dest: Name of the target file. Description Use the move command to move a file to a specified directory. If the target file name is the same as an existing file, the existing file will be overwritten after the command is executed successfully.

  • Page 735: Rename

    View User view Parameters None Description Use the pwd command to display the current working path of the login user. Examples # Display the current working path. <Sysname> pwd unit1>flash: rename Syntax rename fileurl-source fileurl-dest View User view Parameters fileurl-source: Original path name or file name of a file in the Flash memory. fileurl-dest: Target path name or file name.
  • Page 736 Parameters file-url: Path name or file name of a file in the Flash memory. This argument supports the wildcard “*”. For example, *.txt means all the files with an extension of txt. /force: Specifies not to prompt for confirmation before deleting files. /fabric: Specifies to clear the recycle bins of all Flash memories in the fabric.
  • Page 737 7239 KB total (2730 KB free) //The above information indicates that in directory flash:, there are two files a.cfg and b.cfg in the recycle bin. Delete the files in directory flash: that are already in the recycle bin. <Sysname> reset recycle-bin Clear flash:/~/a.cfg ?[Y/N]:y Clearing files from flash may take a long time.

  • Page 738: Rmdir

    rmdir Syntax rmdir directory View User view Parameters directory: Name of a directory. Description Use the rmdir command to delete a directory. As only empty directories can be deleted, you need to clear a directory before deleting it. Examples # Delete the directory named dd. <Sysname>...

  • Page 739: Update Fabric

    update fabric Syntax update fabric file-name View User view Parameters file-name: Name of the file to be upgraded, a string comprising 1 to 64 characters. Description Use the update fabric command to use an app file, Boot ROM or Web file on a device in the fabric to upgrade all the units in the fabric.

  • Page 740: File Attribute Configuration Commands

    Fabric name is fab, system mode is L3. Fabric authentication : no authentication, number of units in stack: 1. Unit Name Unit ID First 1(*) First First <Sysname>update fabric test.bin This will update the Fabric. Continue? [Y/N] y The software is verifying ... The result of verification is : Unit ID Free space(bytes)

  • Page 741: Boot Boot-Loader

    The boot, web and configuration file's backup-attribute and main-attribute will exchange. Are you sure? [Y/N] y The boot, web and configuration file's backup-attribute and main-attribute successfully exchanged on unit 1! The boot, web and configuration file's backup-attribute and main-attribute successfully exchanged on unit 2! boot boot-loader Syntax...

  • Page 742: Boot Web-Package

    View User view Parameters file-url: Path or the name of the app file in the Flash memory, a string comprising 1 to 64 characters. fabric: Specifies to apply the configuration to the whole fabric. Description Use the boot boot-loader backup-attribute command to configure an app file of the fabric or of a device in the fabric to be with the backup attribute.

  • Page 743: Display Boot-Loader

    Description Use the boot web-package command to configure a Web file in the fabric to be with the main or backup attribute. Before configuring the main or backup attribute for a Web file in the fabric, make sure the file exists on all devices in the fabric.

  • Page 744: Display Web Package

    The main boot app is: test.bin The backup boot app is: testbak.bin display web package Syntax display web package View Any view Parameters None Description Use the display web package command to display information about the Web file used by the device, including the name of the currently used Web file, and the name of the Web files with the main and backup attributes used for next startup.

  • Page 745: Configuration File Backup And Restore Commands

    Examples # Specify to prompt users to use customized passwords to enter the BOOT menu. <Sysname> startup bootrom-access enable <Sysname> display startup unit 1 MainBoard: Current Startup saved-configuration file: flash:/config.cfg Next main startup saved-configuration file: flash:/config.cfg Next backup startup saved-configuration file: NULL Bootrom-access enable state: enabled...

  • Page 746: Restore Startup-Configuration

    # Back up the current configuration of the whole fabric to the file aaa.cfg on the TFTP server whose IP address is 1.1.1.253. <Sysname> backup fabric current-configuration to 1.1.1.253 aaa.cfg Backup current configuration to 1.1.1.253. Please wait... File will be transferred in binary mode. Copying file to remote tftp server.
  • Page 747 Unit 7: Restore startup current configuration finished! # Restore the startup configuration of the whole fabric from the file bbb.cfg on the TFTP server with the IP address 1.1.1.253. <Sysname> restore fabric startup-configuration from 1.1.1.253 bbb.cfg Restore startup configuration from 1.1.1.253. Please wait... File will be transferred in binary mode.
  • Page 748 Table of Contents 1 FTP and SFTP Configuration Commands·······························································································1-1 FTP Server Configuration Commands····································································································1-1 display ftp-server ·····························································································································1-1 display ftp-server source-ip ·············································································································1-2 display ftp-user ································································································································1-2 ftp disconnect ··································································································································1-3 ftp server enable······························································································································1-4 ftp timeout········································································································································1-5 ftp-server source-interface ··············································································································1-6 ftp-server source-ip··························································································································1-6 FTP Client Configuration Commands ·····································································································1-7 ascii··················································································································································1-7 binary ···············································································································································1-8 bye ···················································································································································1-8...
  • Page 749 SFTP Client Configuration Commands·································································································1-26 bye ·················································································································································1-26 cd ···················································································································································1-26 cdup ···············································································································································1-27 delete ·············································································································································1-27 dir···················································································································································1-28 display sftp source-ip·····················································································································1-29 exit ·················································································································································1-29 get··················································································································································1-30 help ················································································································································1-30 ls ····················································································································································1-31 mkdir ··············································································································································1-31 put··················································································································································1-32 pwd ················································································································································1-32 quit ·················································································································································1-33 remove···········································································································································1-33 rename ··········································································································································1-34 rmdir···············································································································································1-34 sftp ·················································································································································1-35 sftp source-interface ······················································································································1-36 sftp source-ip ·································································································································1-37 2 TFTP Configuration Commands ··············································································································2-1 TFTP Configuration Commands ·············································································································2-1 display tftp source-ip························································································································2-1...

  • Page 750: Ftp And Sftp Configuration Commands

    FTP and SFTP Configuration Commands FTP Server Configuration Commands display ftp-server Syntax display ftp-server View Any view Parameters None Description Use the display ftp-server command to display the FTP server-related settings of a switch when it operates as an FTP server, including startup status, number of users, and so on. You can use this command to verify FTP server-related configurations.

  • Page 751: Display Ftp-Server Source-Ip

    The 3com switch 4500 supports one user access at one time when it serves as the FTP server. display ftp-server source-ip Syntax display ftp-server source-ip View Any view Parameters None Description Use the display ftp-server source-ip command to display the source IP address set for an FTP server.

  • Page 752: Ftp Disconnect

    Description Use the display ftp-user command to display the information of the FTP users that have logged in to the switch, including the user name, host IP address, port number, idle timeout time, and authorized directory. For how to create an FTP user on an FTP server, refer to the AAA part of this manual. Examples # Display the information of the FTP users that have logged in to the switch.

  • Page 753: Ftp Server Enable

    Use the ftp disconnect command to terminate the connection between a specified user and the FTP server. With a 3com switch 4500 acting as the FTP server, if you attempt to disconnect a user that is uploading/downloading data to/from the FTP server, the switch 4500 will disconnect the user after the data transmission is completed.

  • Page 754: Ftp Timeout

    To protect unused sockets from being attacked by malicious users, the 3com switch 4500 provides the following functions: TCP 21 is enabled only when you start the FTP server. TCP 21 is disabled after you shut down the FTP server.

  • Page 755: Ftp-Server Source-Interface

    ftp-server source-interface Syntax ftp-server source-interface interface-type interface-number undo ftp-server source-interface View System view Parameters interface-type: Type of the interface serving as the source interface of an FTP server. The interface type can be a loopback interface or a VLAN interface. interface-number: Number of the source interface of an FTP server.

  • Page 756: Ftp Client Configuration Commands

    Use the undo ftp-server source-ip command to cancel the source IP address setting. By default, no source IP address is specified for an FTP server, and an FTP client can use any reachable address on the FTP server as the destination address to connect to an FTP server. Examples # Specify 192.168.1.1 as the source IP address of the FTP server.

  • Page 757: Binary

    200 Type set to A. binary Syntax binary View FTP client view Parameters None Description Use the binary command to specify that program files be transferred in binary mode, which is used for transferring program files. By default, files are transferred in ASCII mode. Related commands: ascii.

  • Page 758: Cdup

    Syntax cd path View FTP client view Parameters path: Path of the target directory. Description Use the cd command to change the working directory on the remote FTP server. Note that you can use this command to enter only authorized directories. Related commands: pwd.

  • Page 759: Close

    # Display the current directory. [ftp] pwd 257 "flash:" is current directory. close Syntax close View FTP client view Parameters None Description Use the close command to terminate an FTP connection without quitting FTP client view. This command has the same effect as that of the disconnect command. Examples # Terminate the FTP connection without quitting FTP client view.

  • Page 760: Dir

    Syntax dir [ filename [ localfile ] ] View FTP client view Parameters filename: Name of the file to be queried. localfile: Name of the local file where the query result is to be saved. Description Use the dir command to query specified files on a remote FTP server, or to display file information in the current directory.

  • Page 761: Disconnect

    -rwxrwxrwx 1 noone nogroup 5286666 Oct 18 2006 switch5.bin -rwxrwxrwx 1 noone nogroup 306 May 13 11:17 swithc001 226 Transfer complete. FTP: 1025 byte(s) received in 0.019 second(s) 53.00K byte(s)/sec. # Display information about file config.cfg and save the information to file temp1. [ftp] dir config.cfg temp1 227 Entering Passive Mode (192,168,0,152,4,3).

  • Page 762: Ftp

    for the FTP client, the configured source IP address will be displayed. If neither a source IP address nor source interface is specified for the FTP client, 0.0.0.0 will be displayed. If no source IP address is specified for the FTP client, the switch searches the entry with the destination as the subnet where the FTP server resides, and uses the IP address of the outbound interface in the entry as the source IP address.

  • Page 763: Ftp { Cluster | Remote-Server } Source-Ip

    View User view Parameters cluster: Connects to the configured FTP server of a cluster. For the configuration of the FTP server of a cluster, refer to the Cluster part of this manual. remote-server: Host name or IP address of an FTP server, a string of 1 to 20 characters. interface-type: Type of the source interface, which can be VLAN interface or loopback interface.

  • Page 764: Ftp Source-Interface

    ftp source-interface Syntax ftp source-interface interface-type interface-number undo ftp source-interface View System view Parameters interface-type: Type of the source interface, which can be VLAN interface or loopback interface. interface-number: Number of the source interface. Description Use the ftp source-interface command to specify a source interface as the source interface the switch uses every time it connects to an FTP server, and the configuration will be saved to the configuration file of the system.

  • Page 765: Get

    Description Use the ftp source-ip command to specify the source IP address of that the switch uses every time it connects to an FTP server, and the configuration will be saved to the configuration file of the system. The value of argument ip-address must be an IP address on the device where the configuration is performed.

  • Page 766: Lcd

    Examples # Download file temp.c. [ftp] get temp.c 227 Entering Passive Mode (2,2,2,2,4,12). 125 ASCII mode data connection already open, transfer starting for temp.c. ..226 Transfer complete. FTP: 15 byte(s) received in 2.568 second(s) 0.00 byte(s)/sec. Syntax View FTP client view Parameters None Description...

  • Page 767: Mkdir

    The ls command only displays file names on an FTP server. To query other file-related information, for example, file size, creation date and so on, use the dir command. Related commands: pwd. Examples # Display the names of all the files in the current directory on the remote FTP server. [ftp] ls 227 Entering Passive Mode (2,2,2,2,4,4).

  • Page 768: Open

    [ftp] mkdir flash:/lanswitch 257 "flash:/ lanswitch" new directory created. open Syntax open { ip-address | server-name } [ port ] View FTP client view Parameters ip-address: IP address of an FTP server. server-name: Host name of the FTP server, a string of 1 to 20 characters. port: Port number on the remote FTP server, in the range 0 to 65535.

  • Page 769: Put

    Description Use the passive command to set the data transfer mode to the passive mode. Use the undo passive command to set the data transfer mode to the active mode. By default, the passive mode is adopted. The differences between the passive mode and the active mode are: When working in the active mode, an FTP client advertises a random port Port1 to an FTP server through TCP port 21;...

  • Page 770: Pwd

    Syntax View FTP client view Parameters None Description Use the pwd command to display the working directory on an FTP server. Related commands: cd, cdup, dir, ls. Examples # Display the working directory on the FTP server. [ftp] pwd 257 "flash:/temp" is current directory. quit Syntax quit...

  • Page 771: Rename

    This command works only when the FTP server provides the help information about FTP protocol commands. This command is always valid when a 3com switch operates as the FTP server. If you use other FTP server software, refer to related instructions to know whether the FTP server provides help information about FTP protocol commands.

  • Page 772: Rmdir

    250 File renamed successfully rmdir Syntax rmdir pathname View FTP client view Parameters pathname: Name of a directory on an FTP server. Description Use the rmdir command to remove a specified directory on an FTP server. Note that you can only use this command to remove directories that are empty. Examples # Remove the directory flash:/temp1 on the FTP server.

  • Page 773: Verbose

    verbose Syntax verbose undo verbose View FTP client view Parameters None Description Use the verbose command to enable the verbose function, which displays execution information of user operations and all FTP responses. Use the undo verbose command to disable the verbose function. The verbose function is enabled by default.

  • Page 774: Sftp Timeout

    View System view Parameters None Description Use the sftp server enable command to enable the SFTP server. Use the undo sftp server command to disable the SFTP server. By default, the SFTP server is disabled. Examples # Enable the SFTP server. <Sysname>...

  • Page 775: Sftp Client Configuration Commands

    SFTP Client Configuration Commands Syntax View SFTP client view Parameters None Description Use the bye command to terminate a connection with the remote SFTP server and return to system view. This command has the same effect as that of the commands exit and quit. Examples # Terminate the connection with the remote SFTP server.

  • Page 776: Cdup

    Examples # Change the working path to new1. sftp-client>cd new1 Received status: Success Current Directory is: /new1 sftp-client> cdup Syntax cdup View SFTP client view Parameters None Description Use the cdup command to change the working path on the remote SFTP server and return to the parent directory.

  • Page 777: Dir

    Examples # Delete the file named test.txt on the server. sftp-client> delete test.txt The following files will be deleted: /test.txt Are you sure to delete it?(Y/N):y This operation may take a long time.Please wait... Received status: Success File successfully Removed Syntax dir [ -a | -l ] [ remote-path ] View...

  • Page 778: Display Sftp Source-Ip

    display sftp source-ip Syntax display sftp source-ip View Any view Parameters None Description Use the display sftp source-ip command to display the source IP address specified for the current SFTP client. If you have specified a source interface for the SFTP client, this command displays the IP address of the source interface;...

  • Page 779: Get

    Syntax get remote-file [ local-file ] View SFTP client view Parameters remote-file: Name of a file on the remote SFTP server. local-file: Name of a local file. Description Use the get command to download a file from the remote server. By default, the remote file name is used for the file saved locally if no local file name is specified.

  • Page 780: Mkdir

    Syntax ls [ -a | -l ] [ remote-path ] View SFTP client view Parameters -a: Displays the file and folder names in a specified directory. -l: Displays the details about files and folders in a specified directory in a list. remote-path: Name of the path where the files and folders to be queried reside.

  • Page 781: Put

    Examples # Create a directory named hj on the remote SFTP server. sftp-client>mkdir hj Received status: Success New directory created Syntax put local-file [ remote-file ] View SFTP client view Parameters local-file: Name of a local file. remote-file: Name of a file on the remote SFTP server. Description Use the put command to upload a local file to the remote SFTP server.

  • Page 782: Quit

    sftp-client> pwd quit Syntax quit View SFTP client view Parameters None Description Use the quit command to terminate a connection with the remote SFTP server and return to system view. This command has the same effect as that of the commands bye and exit. Examples # Terminate a connection with the remote SFTP server.

  • Page 783: Rename

    This operation may take a long time.Please wait... Received status: Success File successfully Removed rename Syntax rename oldname newname View SFTP client view Parameters oldname: Old file name. newname: New file name. Description Use the rename command to rename a specified file on the remote SFTP server. Examples # Change the file name temp.bat to temp.txt.

  • Page 784: Sftp

    This operation may take a long time.Please wait... Received status: Success Directory successfully removed sftp Syntax sftp { host-ip | host-name } [ port-num ] [identity-key { dsa | rsa } | prefer_kex { dh_group1 | dh_exchange_group } | prefer_ctos_cipher { 3des | des | aes128 } | prefer_stoc_cipher { 3des | des | aes128 } | prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } | prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ] * View...

  • Page 785: Sftp Source-Interface

    If you specify to authenticate a client through public key on the server, the client needs to read the local private key when logging in to the SFTP server. Since both RSA and DSA are available for public key authentication, you need to use the identity-key key word to specify the algorithms to get correct local private key;...

  • Page 786: Sftp Source-Ip

    sftp source-ip Syntax sftp source-ip ip-address undo sftp source-ip View System view Parameters ip-address: Source IP address to be set. Description Use the sftp source-ip command to specify a source IP address for the SFTP client. If the specified IP address is not the IP address of the local device, the system prompts that the configuration fails.

  • Page 787: Tftp Configuration Commands

    TFTP Configuration Commands TFTP Configuration Commands When accessing a TFTP server configured with an IPv6 address, use the tftp ipv6 command. For details, refer to the IPv6 Management part in this manual. display tftp source-ip Syntax display tftp source-ip View Any view Parameters None...

  • Page 788: Tftp Get

    View System view Parameters ascii: Transfers data in ASCII mode, which is used for transferring text files. binary: Transfers data in binary mode, which is used for transferring program files. Description Use the tftp { ascii | binary } command to set the TFTP data transfer mode. By default, the binary mode is adopted.

  • Page 789: Tftp Put

    TFTP server and relog in. The 3com switch 4500 supports the TFTP file size negotiation function, namely, before downloading a file, the switch requests the size of the file to be downloaded to the TFTP server, thus to ensure whether there is enough space on the Flash for file downloading.

  • Page 790: Tftp Tftp-Server Source-Interface

    Parameters tftp-server: IP address or the host name of a TFTP server, a string of 1 to 20 characters. If the switch belongs to a cluster, the value cluster means to connect to the TFTP server of the cluster. For the configuration of the TFTP server of a cluster, refer to the Cluster part in this manual.

  • Page 791: Tftp Tftp-Server Source-Ip

    Description Use the tftp tftp-server source-interface command to connect to a TFTP server through the specified source interface, and perform download or upload operations. If the specified source interface does not exist, a prompt appears to show the command fails to be executed. Examples # Connect to the remote TFTP server whose IP address is 192.168.8.8 through the source interface VLAN-interface 1, and download the file named test.bin from it.

  • Page 792: Tftp Source-Ip

    View System view Parameters interface-type interface-number: Source interface that the switch uses every time it connects to the TFTP server. Description Use the tftp source-interface command to specify the source interface of a TFTP client that the TFTP client uses every time it connects to a TFTP server. The system prompts that the configuration fails if the specified interface does not exist.

  • Page 793: Tftp-Server Acl

    Examples # Specify 192.168.0.1 as the source IP address that the TFTP client uses every time it connects to a TFTP server. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] tftp source-ip 192.168.0.1 tftp-server acl Syntax tftp-server acl acl-number undo tftp-server acl View System view...
  • Page 794 Table of Contents 1 Information Center Configuration Commands ·······················································································1-1 Information Center Configuration Commands ························································································1-1 display channel································································································································1-1 display info-center ···························································································································1-1 display logbuffer ······························································································································1-3 display logbuffer summary ··············································································································1-5 display trapbuffer ·····························································································································1-5 info-center channel name················································································································1-6 info-center console channel ············································································································1-7 info-center enable····························································································································1-7 info-center logbuffer·························································································································1-8 info-center loghost ···························································································································1-9 info-center loghost source ·············································································································1-10 info-center monitor channel ···········································································································1-10...

  • Page 795: Information Center Configuration Commands

    Information Center Configuration Commands Information Center Configuration Commands display channel Syntax display channel [ channel-number | channel-name ] View Any view Parameters channel-number: Channel number, ranging from 0 to 9, corresponding to the 10 channels of the system. channel-name: Channel name, by default, the name of channel 0 to channel 9 is (in turn) console, monitor, loghost, trapbuffer, logbuffer, snmpagent, channel6, channel7, channel8, channel9.
  • Page 796 Description Use the display info-center command to display the operation status of information center, the configuration of information channels, the format of time stamp and the information output in case of fabric. Related commands: info-center enable, info-center loghost, info-center logbuffer, info-center console channel, info-center monitor channel, info-center trapbuffer, info-center snmp channel, info-center timestamp Examples...

  • Page 797: Display Logbuffer

    Field Description Information about SNMP Agent, including name SNMP Agent and number of its information channel Information about the log buffer, including its state (enabled or disabled), its maximum size, Log buffer current size, current messages, information channel name and number, number of dropped messages, and number of overwritten messages Information about the trap buffer, including its state (enabled or disabled), maximum size,...
  • Page 798 Severity Severity value Description Information generated during debugging debugging size buffersize: Specifies the size of the log buffer (number of messages the log buffer holds) you want to display. The buffersize argument ranges from 1 to 1,024 and defaults to 512. |: Filters output log information with a regular expression.

  • Page 799: Display Logbuffer Summary

    Field Description The number of overwritten messages (when the buffer size is not big enough to hold all Overwritten messages messages, the latest messages overwrite the old ones). Current messages The number of the current messages display logbuffer summary Syntax display logbuffer summary [ level severity ] View Any view...

  • Page 800: Info-Center Channel Name

    Absence of the size buffersize argument indicates that all trap information is displayed. Examples # Display the status of the trap buffer and the records in the trap buffer. <Sysname> display trapbuffer Trapping Buffer Configuration and contents:enabled Allowed max buffer size : 1024 Actual buffer size : 256 Channel number : 3 , Channel name : trapbuffer Dropped messages : 0...

  • Page 801: Info-Center Console Channel

    Examples # Name channel 0 as “execconsole”. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] info-center channel 0 name execconsole info-center console channel Syntax info-center console channel { channel-number | channel-name } undo info-center console channel View System view Parameters channel-number: Channel number, ranging from 0 to 9, corresponding to the 10 channels of the...

  • Page 802: Info-Center Logbuffer

    Parameters None Description Use the info-center enable command to enable the information center. Use the undo info-center enable command to disable the information center. The switch can output system information to the log host, the console, and other destinations only when the information center is enabled.

  • Page 803: Info-Center Loghost

    Related commands: info-center enable, display info-center. Examples # Configure the system to output information to the log buffer with the size of 50. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] info-center logbuffer size 50 info-center loghost Syntax info-center loghost host-ip-addr [ channel { channel-number | channel-name } | facility local-number ]*...

  • Page 804: Info-Center Loghost Source

    Examples # Configure the system to output system information to the Unix log host whose IP address is 202.38.160.1. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] info-center loghost 202.38.160.1 info-center loghost source Syntax info-center loghost source interface-type interface-number undo info-center loghost source View System view...

  • Page 805: Info-Center Snmp Channel

    channel-name: Channel name, by default, the name of channel 0 to channel 9 is (in turn) console, monitor, loghost, trapbuffer, logbuffer, snmpagent, channel6, channel7, channel8, channel9. Description Use the info-center monitor channel command to set the channel through which information is output to user terminals.

  • Page 806: Info-Center Source

    [Sysname] info-center snmp channel 6 info-center source Syntax info-center source { modu-name | default } channel { channel-number | channel-name } [ { log | trap | debug } { level severity | state state } ]* undo info-center source { modu-name | default } channel { channel-number | channel-name } View System view Parameters...
  • Page 807 After you separately set the output rules for a module, you must use the module-name argument to modify or remove the rules. The new configuration by using the default keyword is invalid on the module. You can configure to output the log, trap and debugging information to the trap buffer, but the trap buffer only receives the trap information and discards the log and debugging information.

  • Page 808: Info-Center Synchronous

    # Set the output channel for the log information of VLAN module to snmpagent and to output information with severity being emergencies. Log information of other modules and all the other system information cannot be output to this channel. <Sysname> system-view [Sysname] info-center source default channel snmpagent debug state off log state off trap state off [Sysname] info-center source vlan channel snmpagent log level emergencies state on...

  • Page 809: Info-Center Switch-On

    info-center switch-on Syntax info-center switch-on { unit unit-id | master | all } [ debugging | logging | trapping ]* undo info-center switch-on { unit unit-id | master | all } [ debugging | logging | trapping ]* View System view Parameters unit unit-id: Specifies a switch in the fabric by its unit ID.

  • Page 810: Info-Center Timestamp

    info-center timestamp Syntax info-center timestamp { log | trap | debugging } { boot | date | none } undo info-center timestamp { log | trap | debugging } View System view Parameters log: Specifies log information. trap: Specifies trap information. debugging: Specifies debugging information.

  • Page 811: Info-Center Trapbuffer

    Parameters date: Specifies to adopt the current system date and time, in the format of Mmm dd hh:mm:ss:ms yyyy. no-year-date: Specifies to adopt the current system date and time excluding the year, in the format of Mmm dd hh:mm:ss:ms. none: Specifies not to include time stamp in the output information. Description Use the info-center timestamp loghost command to set the format of time stamp for the output information sent to the log host.

  • Page 812: Reset Logbuffer

    Related commands: info-center enable, display info-center. Examples # Enable the system to output trap information to the trap buffer, whose size is set to 30. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] info-center trapbuffer size 30 reset logbuffer Syntax reset logbuffer [ unit unit-id ]...

  • Page 813: Terminal Debugging

    terminal debugging Syntax terminal debugging undo terminal debugging View User view Parameters None Description Use the terminal debugging command to enable debugging terminal display. Use the undo terminal debugging command to disable debugging terminal display. By default, debugging terminal display is disabled. You can execute the terminal debugging command to display debugging information on a user terminal.

  • Page 814: Terminal Monitor

    terminal monitor Syntax terminal monitor undo terminal monitor View User view Parameters None Description Use the terminal monitor command to enable the debugging/log/trap information terminal display function. Use the undo terminal monitor command to disable the function. By default, this function is enabled for console users and terminal users. This command works only on the current terminal.
  • Page 815 By default, trap terminal display is enabled. Examples # Enable trap terminal display. <Sysname> terminal trapping 1-21...
  • Page 816 Table of Contents 1 Basic System Configuration and Debugging Commands·····································································1-1 Basic System Configuration Commands ································································································1-1 clock datetime··································································································································1-1 clock summer-time ··························································································································1-1 clock timezone·································································································································1-2 quit ···················································································································································1-3 return ···············································································································································1-4 sysname ··········································································································································1-4 system-view·····································································································································1-5 System Status and Information Display Commands ··············································································1-5 display clock ····································································································································1-5 display debugging····························································································································1-6 display version·································································································································1-7 System Debugging Commands ··············································································································1-8 debugging········································································································································1-8...

  • Page 818: Basic System Configuration Commands

    Basic System Configuration and Debugging Commands Basic System Configuration Commands clock datetime Syntax clock datetime HH:MM:SS { YYYY/MM/DD | MM/DD/YYYY } View User view Parameters HH:MM:SS: Current time, namely, hour:minute:second. HH ranges from 0 to 23, and MM and SS range from 0 to 59.

  • Page 819: Clock Timezone

    View User view Parameters zone-name: Name of the summer time, a string of 1 to 32 characters. one-off: Sets the summer time for only one year (the specified year). repeating: Sets the summer time for every year starting from the specified year. start-time: Start time of the summer time, in the form of HH:MM:SS.

  • Page 820: Quit

    Parameters zone-name: Name of the time zone, in length of 1 to 32 characters. add: Specifies to add a time value based on the universal time coordinated (UTC) time to generate a later time. minus: Specifies to subtract a time value based on the UTC time to generate an earlier time. HH:MM:SS: Time to be added or subtracted from the UTC time, in the form of HH:MM:SS.

  • Page 821: Return

    Examples # Return from system view to user view. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] quit <Sysname> # Return to system view from Ethernet port view. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface ethernet 1/0/1 [Sysname-Ethernet1/0/1] quit [Sysname]...

  • Page 822: System-View

    System view Parameters sysname: System name of the Ethernet switch. It is a string of 1 to 30 characters. By default, it is 3Com. Description Use the sysname command to set the system name of an Ethernet switch. Use the undo sysname command to restore the default system name of the Ethernet switch.

  • Page 823: Display Debugging

    View Any view Parameters None Description Use the display clock command to display the current date, time, timezone and summertime of the system, so that you can adjust them if they are wrong. The maximum date and time that can be displayed by this command is 23:59:59 9999/12/31. Related commands: clock datetime, clock timezone, clock summer-time.

  • Page 824: Display Version

    3Com Corporation Switch 4500 26-Port Software Version 3Com OS V3.03.00s56 Copyright (c) 2004-2008 3Com Corporation and its licensors, All rights reserved. Switch 4500 26-Port uptime is 0 week, 0 day, 6 hours, 35 minutes Switch 4500 26-Port with 1 Processor...

  • Page 825: Debugging

    System Debugging Commands debugging Syntax debugging module-name [ debugging-option ] undo debugging { all | module-name [ debugging-option ] } View User view Parameters module-name: Module name. debugging-option: Debugging option. all: Specifies to disable all debugging. Description Use the debugging command to enable system debugging. Use the undo debugging command to disable system debugging.

  • Page 826: Terminal Debugging

    Parameters None Description Use the display diagnostic-information command to display or save the running statistics of the system function modules. If you choose to save the statistics, the system will save the statistics to a file with the extension .diag in the Flash memory. Examples # Save the running statistics of the system function modules to the file default.diag.
  • Page 827 Note that: To display the debugging information on the terminal, you need to configure both the terminal debugging and terminal monitor commands. If you execute the undo terminal monitor command, you will disable the monitoring of the log, trap, and debugging information on the current terminal. Thereby, no log, trap, or debugging information will be displayed on the terminal.

  • Page 828: Ping

    Network Connectivity Test Commands Network Connectivity Test Commands ping Syntax ping [ -a ip-address ] [-c count ] [ -d ] [ -f ] [ -h ttl ] [ -i interface-type interface-number ] [ ip ] [ -n ] [ - p pattern ] [ -q ] [ -s packetsize ] [ -t timeout ] [ -tos tos ] [ -v ] string View Any view...
  • Page 829 -t timeout: Specifies the timeout time (in milliseconds) before an ICMP ECHO-REPLY packet is received after an ICMP ECHO-REQUEST packet is sent. The timeout argument ranges from 0 to 65535 ms and defaults to 2,000 ms. -tos tos: Specifies the ToS value of the ICMP ECHO-REQUEST packets in the range 0 to 255. By default, this value is 0.

  • Page 830: Tracert

    0% packet loss round-trip min/avg/max = 1/2/3 ms The above output information indicates that the destination host is reachable. Each probe packet from the source device has got a reply, with the minimum/average/maximum packet roundtrip time being 1ms/2ms/3ms. tracert Syntax tracert [ -a source-ip ] [ -f first-ttl ] [ -m max-ttl ] [ -p port ] [ -q num-packet ] [ -w timeout ] string View Any view...
  • Page 831 The executing procedure of the tracert command is as follows: First, the source sends a packet with the TTL of 1, and the first hop device returns an ICMP error message indicating that it cannot forward this packet because of TTL timeout. Then, the source resends a packet with the TTL of 2, and the second hop device also returns an ICMP TTL timeout message.

  • Page 832: Device Management Commands

    Device Management Commands Device Management Commands boot boot-loader Syntax boot boot-loader [ backup-attribute ] { file-url [ fabric ] | device-name } View User view Parameters backup-attribute: Specifies the backup attribute for a file. file-url: Path plus name of a host software file in the Flash, a string of 1 to 64 characters. fabric: Specifies the file path in fabric mode.
  • Page 833 Parameters file-ulr: Path plus name of a Boot ROM file (that is, a .btm file) in the Flash, a string of 1 to 64 characters. device-name: File name, beginning with a device name in the form of unit[NO.]>flash, used to indicates that the specified file is stored in the Flash memory of a specified switch.

  • Page 834: Display Cpu

    display cpu Syntax display cpu [ unit unit-id ] View Any view Parameters unit-id: Unit ID of a switch. Description Use the display cpu command to display the CPU usage. Examples # Display the CPU usage of this switch. <Sysname> display cpu Unit 1 Board 0 CPU busy status: 12% in last 5 seconds...

  • Page 835: Display Fan

    Description Use the display device command to display the information, such as the module type and operating status, about each board (main board and sub-board) of a specified switch. You can use this command to display the following information about each board, including slot number, sub-slot number, the number of ports, versions of PCB, FPGA, CPLD and Boot ROM software, address learning mode, interface board type, and so on.

  • Page 836: Display Memory

    Examples # Display the working states of the fans. <Sysname> display fan Unit 1 1 State: Normal The above information indicates that the fan works normally. display memory Syntax display memory [ unit unit-id ] View Any view Parameters unit-id: Unit ID of a switch. Description Use the display memory command to display the memory usage of a specified switch.

  • Page 837: Display Schedule Reboot

    Parameters unit-id: Unit ID of a switch. power-id: Power ID. Description Use the display power command to display the working state of the power supply of the switch. Examples # Display the working state of the power supply. <Sysname> display power Unit 1 power State...
  • Page 838 Description Use the display transceiver alarm interface command to display the current alarm information of a single or all transceivers. If no error occurs, None is displayed. Table 3-5 shows the alarm information that may occur for the four types of transceivers. Table 3-5 Description on the fields of display transceiver alarm interface Field Remarks...
  • Page 839 Field Remarks TX power low TX power is low. Module not ready Module is not ready. APD supply fault APD (Avalanche Photo Diode) supply fault TEC fault TEC (Thermoelectric Cooler) fault Wavelength of optical signal exceeds the Wavelength unlocked manufacturer’s tolerance. Temp high Temperature is high.
  • Page 840 Field Remarks Transceiver info I/O error Transceiver information read and write error Transceiver info checksum error Transceiver information checksum error Transceiver type and port configuration Transceiver type does not match port configuration. mismatch Transceiver type not supported by port Transceiver type is not supported on the port. hardware Examples # Display the alarm information of the transceiver on interface GigabitEthernet 1/0/25.
  • Page 841 Table 3-7 Description on the fields of display transceiver diagnosis interface Field Description Digital diagnosis information of the transceiver transceiver diagnostic information carried by an interface Current diagnostic parameters Current diagnostic parameters Digital diagnosis parameter-temperature, in °C, Temp.(°C) with the precision to 1°C. Digital diagnosis parameter-voltage, in V, with Voltage(V) the precision to 0.01 V.
  • Page 842 Table 3-8 Description on the fields of the display transceiver interface command Field Description transceiver information Transceiver information of the interface Transceiver Type Transceiver type Type of the connectors of the transceiver: Optical connectors, including connector, developed by NTT) and LC (LC Connector Type connector, 1.25 mm/RJ45 optical connector developed by Lucent).
  • Page 843 Description Use the display transceiver manuinfo interface command to display part of the electrical label information of a single or all anti-spoofing pluggable transceivers customized by H3C. Examples # Display part of the electrical label information of the anti-spoofing pluggable transceiver customized by H3C on interface GigabitEthernet 1/0/25.

  • Page 844: Schedule Reboot At

    Examples # Directly restart this switch without saving the current configuration. <Sysname> reboot Start to check configuration with next startup configuration file, please wait..This command will reboot the device. Current configuration will be lost in next startup if you continue. Continue? [Y/N] y This will reboot device.

  • Page 845: Schedule Reboot Delay

    After you execute the schedule reboot at command with a specified future date, the switch will reboot at the specified time with at most one minute delay. After you execute the schedule reboot at command without specifying a date, the switch will reboot at the specified time on the current day if the specified time is later than the current time, or reboot at the specified time on the next day if the specified time is earlier than the current time.

  • Page 846: Schedule Reboot Regularity

    After you execute the command, the system will prompt you to confirm. Enter "Y" or "y" for your setting to take effect. Your setting will overwrite the previous one (if there is a setting already exists). If you adjust the system time by the clock command after executing the schedule reboot delay command, the configured schedule reboot delay command will be invalid and the scheduled reboot will not happen.

  • Page 847: System-Monitor Enable

    After you execute the command, the system will prompt you to confirm. Enter "Y" or "y" for your setting to take effect. Your setting will overwrite the previous one (if available). If you adjust the system time by the clock command after executing the schedule reboot regularity command, the configured schedule reboot regularity command will be invalid.

  • Page 848: Update Fabric

    System View: return to User View with Ctrl+Z. [Sysname] undo system-monitor enable update fabric Syntax update fabric { file-url | device-name } View User view Parameters file-url: Path plus name of a host software file in the Flash, a string of 1 to 64 characters. device-name: File name, in the form of unit[NO.]>flash:, which is used to indicate that the specified file is stored in the Flash of a specified switch.
  • Page 849 device-name: File name, in the form of unit[NO.]>flash:, which is used to indicate that the specified file is stored in the Flash of a specified switch. Description Use the xmodem get command to download files from the local device connected with the Console port of a switch through XModem.
  • Page 850 Table of Contents 1 VLAN-VPN Configuration Commands ·····································································································1-1 VLAN-VPN Configuration Commands ····································································································1-1 display port vlan-vpn························································································································1-1 vlan-vpn enable ·······························································································································1-2 vlan-vpn inner-cos-trust ···················································································································1-3 vlan-vpn priority ·······························································································································1-3 vlan-vpn tpid ····································································································································1-5 2 Selective QinQ Configuration Commands ······························································································2-1 Selective QinQ Configuration Commands ······························································································2-1 mac-address-mapping·····················································································································2-1 raw-vlan-id inbound ·························································································································2-2 vlan-vpn vid ·····································································································································2-3...

  • Page 851: Vlan-Vpn Configuration Commands

    VLAN-VPN Configuration Commands VLAN-VPN Configuration Commands display port vlan-vpn Syntax display port vlan-vpn View Any view Parameters None Description Use the display port vlan-vpn command to display the information about VLAN-VPN configuration of the current system. Related commands: vlan-vpn enable, vlan-vpn inner-cos-trust, vlan-vpn tpid. Examples # Display the VLAN-VPN configuration of the current system.

  • Page 852: Vlan-Vpn Enable

    Field Description The status of the inner-to-outer tag priority replicating feature, enable (enabled) or disable (disabled). VLAN-VPN inner-cos-trust You can use the vlan-vpn inner-cos-trust command to configure the feature. TPID value of the port, which can be configured VLAN-VPN TPID through the vlan-vpn tpid command.

  • Page 853: Vlan-Vpn Inner-Cos-Trust

    Examples # Enable the VLAN-VPN feature for Ethernet 1/0/1 port. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] vlan-vpn enable vlan-vpn inner-cos-trust Syntax vlan-vpn inner-cos-trust enable undo vlan-vpn inner-cos-trust View Ethernet port view Parameters None Description...
  • Page 854 View Ethernet port view Parameters inner-priority: 802.1p priority of the inner VLAN tag in a packet. This argument can be in the range 0 to 7 or a keyword listed in Table 1-2. outer-priority: Priority for the outer VLAN tag in a packet. This argument can be in the range 0 to 7 or a keyword listed Table 1-2.

  • Page 855: Vlan-Vpn Tpid

    <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface Ethernet 1/0/1 [Sysname-Ethernet1/0/1] vlan-vpn priority 3 remark 5 vlan-vpn tpid Syntax vlan-vpn tpid value undo vlan-vpn tpid View Ethernet port view Parameters value: User-defined TPID value (in hexadecimal format), in the range 0x0001 to 0xFFFF. Description Use the vlan-vpn tpid command to set the TPID value for a port.
  • Page 856 Besides the default TPID value, you can configure only one TPID value on an Switch 4500 switch. Examples # Set the TPID value to 0x9100 for Ethernet 1/0/2 port. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface Ethernet 1/0/2 [Sysname-Ethernet1/0/2] vlan-vpn tpid 9100...

  • Page 857: Selective Qinq Configuration Commands

    Selective QinQ Configuration Commands Selective QinQ Configuration Commands mac-address-mapping Syntax mac-address-mapping index source-vlan source-vlan-list destination-vlan dest-vlan-id undo mac-address-mapping { index | all } View Ethernet port view Parameters index: Index of the inter-VLAN MAC address replicating configuration to be created or removed. This argument is in the range 0 to 7.

  • Page 858: Raw-Vlan-Id Inbound

    VLAN 4093 is a special VLAN reserved for the XRN fabric feature. It can not serve as the destination VLAN of the inter-VLAN MAC address replicating feature to receive MAC address entries from the other VLANs. Examples # Enable the inter-VLAN MAC address replicating feature for Ethernet1/0/1 to replicate the MAC address entries between the MAC address table of VLAN 4 (the default VLAN) and that of the outer VLAN 10.

  • Page 859: Vlan-Vpn Vid

    A packet cannot be tagged with different outer VLAN tags. To change the outer VLAN tag of a packet, you need to remove the existing outer VLAN tag configuration and configure a new outer VLAN tag. Before configuring this command in QinQ view, you need to use the vlan-vpn vid command to configure the outer VLAN tag to be used in the selective QinQ policy.
  • Page 860 If XRN fabric is enabled on a device, the selective QinQ policy cannot be configured on any port of the device. By default, no selective QinQ policy is configured on a port. After specifying an outer VLAN tag and enter QinQ view, you need to use the raw-vlan-id inbound command to specify which VLANs’...
  • Page 861 Table of Contents 1 remote-ping Commands ···························································································································1-1 remote-ping Commands··························································································································1-1 count ················································································································································1-1 destination-ip ···································································································································1-1 display remote-ping ·························································································································1-2 frequency·········································································································································1-4 remote-ping ·····································································································································1-5 remote-ping-agent enable ···············································································································1-6 test-enable·······································································································································1-6 test-type···········································································································································1-7 timeout·············································································································································1-8...

  • Page 862: Remote-Ping Commands

    remote-ping Commands remote-ping Commands count Syntax count times undo count View remote-ping test group view Parameter times: Number of the test packets to be sent in each test. It is in the range 1 to 15 and defaults to 1. Description Use the count command to configure the number of packets to be sent in each test.

  • Page 863: Remote-Ping

    View remote-ping test group view Parameter ip-address: Destination IP address in a test. Description Use the destination-ip command to configure the destination IP address in the test. Use the undo destination-ip command to remove the configured destination IP address. By default, no destination IP address is configured for any test. Example # Set the destination IP address in the test of the “administrator-icmp”...
  • Page 864 remote-ping entry(admin administrator, tag icmp) test result: Destination ip address:1.1.1.99 Send operation times: 10 Receive response times: 10 Min/Max/Average Round Trip Time: 2/5/2 Square-Sum of Round Trip Time: 66 Last complete test time: 2000-4-2 7:59:54.7 Extend result: SD Maximal delay: 0 DS Maximal delay: 0 Packet lost in test: 0% Disconnect operation number: 0...
  • Page 865 2004-11-25 16:28:55.0 2004-11-25 16:28:55.0 2004-11-25 16:28:55.0 2004-11-25 16:28:55.0 2004-11-25 16:28:55.0 2004-11-25 16:28:55.0 2004-11-25 16:28:55.0 2004-11-25 16:28:55.9 2004-11-25 16:28:55.9 Table 1-2 Description on the fields of the display remote-ping history command Field Description Index Index of the displayed information Round trip test time, in milliseconds, or the timeout time. 0 means Response the test fails.
  • Page 866 View remote-ping test group view Parameter interval: Automatic test interval. It ranges from 0 to 65535 seconds and defaults to 0 seconds which means no automatic test. Description Use the frequency command to configure an automatic test interval. Use the undo frequency command to disable automatic test. The system automatically tests at intervals specified by this command, where the argument interval is greater than 0.

  • Page 867: Test-Enable

    Example # Create an remote-ping test group, where the administrator name is “administrator” and the test operation tag is “icmp”. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] remote-ping administrator icmp [Sysname-remote-ping-administrator-icmp] remote-ping-agent enable Syntax remote-ping-agent enable undo remote-ping-agent enable View System view...

  • Page 868: Test-Type

    Description Use the test-enable command to execute an remote-ping test. Use the undo test-enable command to disable an remote-ping test. After you execute the test-enable command, the system does not display the test result. You may view the test result information by executing the display remote-ping command. Related command: display remote-ping.

  • Page 869: Timeout

    timeout Syntax timeout time undo timeout View remote-ping test group view Parameter time: Timeout time. It ranges from 1 to 60 seconds and defaults to 3 seconds. Description Use the timeout command to configure a timeout time for a test. Use the undo timeout command to restore to the default timeout time.
  • Page 870 Table of Contents 1 IPv6 Configuration Commands ················································································································1-1 Basic IPv6 Configuration Commands ·····································································································1-1 display ipv6 fib ·································································································································1-1 display ipv6 host ······························································································································1-2 display ipv6 interface ·······················································································································1-3 display ipv6 neighbors ·····················································································································1-5 display ipv6 neighbors count ···········································································································1-7 display ipv6 route-table····················································································································1-7 display ipv6 socket ··························································································································1-9 display ipv6 statistics ·····················································································································1-10 display tcp ipv6 statistics ···············································································································1-13 display tcp ipv6 status ···················································································································1-15...

  • Page 871: Ipv6 Configuration Commands

    IPv6 Configuration Commands Basic IPv6 Configuration Commands display ipv6 fib Syntax display ipv6 fib View Any view Parameters None Description Use the display ipv6 fib command to display all the IPv6 FIB entries. The switch looks up a matching IPv6 FIB entry for forwarding an IPv6 packet. Examples # Display all the IPv6 FIB entries.

  • Page 872: Display Ipv6 Host

    NextHop 2008::3610 Flag : GSU TimeStamp Date- 5/7/2006, Time- 14:35:32 Interface Vlan-interface1 Table 1-1 Description on the fields of the display ipv6 fib command Field Description Total number of Routes Total number of routes in the FIB Destination Destination address to which a packet is forwarded PrefixLength Prefix length of the destination address Next hop address when a packet is forwarded to the...

  • Page 873: Display Ipv6 Interface

    Table 1-2 Description on the fields of the display ipv6 host command Field Description Host Host name Time for the entry to live, displayed as 0 in the case of static configuration. Flag indicating whether the entry is configured statically or Flags acquired dynamically IPv6Address (es)
  • Page 874 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses Table 1-3 Description on the fields of the display ipv6 interface command Field Description VLAN interface link state: Administratively DOWN: Indicates the VLAN interface is administratively down;...

  • Page 875: Display Ipv6 Neighbors

    Table 1-4 Description on the fields of the display ipv6 interface brief command Field Description *down: administratively The interface is down, that is, the interface is disabled by using the down shutdown command. Spoofing attribute of the interface, that is, the link protocol state of the (s) : spoofing interface is up, but the link does not exist, or the link is established on demand, instead of being permanent.
  • Page 876 include: Displays the neighbor entries matching the specified regular expression. The regular expression supports various special characters. For details, refer to the display current-configuration command in Configuration File Management Command. Description Use the display ipv6 neighbors command to display neighbor information. You can use the reset ipv6 neighbors command to clear specific IPv6 neighbor information.

  • Page 877: Display Ipv6 Neighbors Count

    display ipv6 neighbors count Syntax display ipv6 neighbors { all | dynamic | static | interface interface-type interface-number | vlan vlan-id } count View Any view Parameters all: Displays the total number of all neighbor entries, including neighbor entries acquired dynamically and configured statically.
  • Page 878 Examples # Display summary information about the routing table. <Sysname> display ipv6 route-table Routing Table: Destinations : 4 Routes : 4 Destination: ::1/128 Protocol: Direct NextHop : ::1 Interface : InLoopBack0 Destination: 2008::/64 Protocol: Direct NextHop : 2008::32 Interface : Vlan-interface1 Destination: 2008::32/128 Protocol: Direct NextHop...

  • Page 879: Display Ipv6 Socket

    Interface : InLoopBack0 State : Active Table 1-7 Description on the fields of the display ipv6 route-table verbose command Field Description Destinations Number of reachable destination networks/hosts Routes Number of routing entries Destination Destination network/host IPv6 address. PrefixLength Prefix length of the destination IPv6 address NextHop Next hop address Protocol...

  • Page 880: Display Ipv6 Statistics

    socket state = SS_PRIV SS_ASYNC SOCK_DGRAM: SOCK_RAW: Table 1-8 Description on the fields of the display ipv6 socket command Field Description Socket type, which can be: SOCK_STREAM: Refers to TCP. SOCK_STREAM SOCK_DGRAM: Refers to UDP. SOCK_RAW: Refers to raw IP. Task Task name and ID of the created socket socketid...
  • Page 881 IPv6 Protocol: Sent packets: Total: Local sent out: forwarded: raw packets: discarded: routing failed: fragments: fragments failed: Received packets: Total: local host: hopcount exceeded: format error: option error: protocol error: fragments: reassembled: reassembly failed: reassembly timeout: ICMPv6 protocol: Sent packets: Total: unreached: too big:...
  • Page 882 Field Description Sent packets: Statistics of sent IPv6 packets, including: Total: 580 Total number of sent packets Local sent out: 550 Number of packets sent locally forwarded: Number of forwarded packets raw packets: Number of packets sent via raw socket discarded: Number of discarded packets Number of packets with routing failure...

  • Page 883: Display Tcp Ipv6 Statistics

    Field Description Received packets: Total: Statistics of received ICMPv6 packets, including: checksum error: Total number of received packets too short: Number of packets with checksum errors Number of too small packets bad code: Number of packets with error codes unreached: Number of packets whose destination is unreachable too big: Number of too large packets...
  • Page 884 window probe packets: 0, window update packets: 0 checksum error: 0, offset error: 0, short error: 0 duplicate packets: 0 (0 bytes), partially duplicate packets: 0 (0 bytes) out-of-order packets: 3 (0 bytes) packets with data after window: 0 (0 bytes) packets after close: 0 ACK packets: 239 (6141 bytes) duplicate ACK packets: 69, too much ACK packets: 0...

  • Page 885: Display Tcp Ipv6 Status

    Field Description Statistics of sent packets, including: Sent packets: Total number of packets Total: 331 Number of packets containing an urgent urgent packets: 0 indicator control packets: 5 (including 0 RST) Number of control packets window probe packets: 0, window update Number of window probe packets packets: 0 Number of window update packets...

  • Page 886: Display Udp Ipv6 Statistics

    Examples # View the IPv6 TCP connection status. <Sysname> display tcp ipv6 status TCP6CB Local Address Foreign Address State 83a9fba4 ::->23 ::->0 Listening Table 1-11 Description on the fields of the display tcp ipv6 status command Field Description TCP6CB IPv6 address of the TCP control block (hexadecimal) Local Address Local IPv6 address Foreign Address...

  • Page 887: Ipv6 Address

    By default, no site-local address or global unicast address is configured for an interface. Note that: A 3com switch 4500 can have IPv6 unicast addresses configured on only one VLAN interface. The total number of IPv6 global unicast addresses and site-local addresses configured on an interface can be up to four.

  • Page 888: Ipv6 Address Auto Link-Local

    Method I: <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface vlan-interface 1 [Sysname-Vlan-interface1] ipv6 address 2001::1/64 Method II: <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface Vlan-interface 1 [Sysname-Vlan-interface1] ipv6 address 2001::1 64 ipv6 address auto link-local Syntax ipv6 address auto link-local...

  • Page 889: Ipv6 Address Eui-64

    Examples # Configure the VLAN-interface 1 to automatically generate a link-local address. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface Vlan-interface 1 [Sysname-Vlan-interface1] ipv6 address auto link-local ipv6 address eui-64 Syntax ipv6 address ipv6-address/prefix-length eui-64 undo ipv6 address ipv6-address/prefix-length eui-64 View VLAN interface view Parameters...

  • Page 890: Ipv6 Address Link-Local

    IPv6 is enabled, link-local address is FE80::2E0:FCFF:FE00:3100 Global unicast address(es): 2001::2E0:FCFF:FE00:3100, subnet is 2001::/64 Joined group address(es): FF02::1:FF00:3100 FF02::1 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds Hosts use stateless autoconfig for addresses # Configure VLAN-interface 1 to generate an IPv6 address in the EUI-64 format based on the prefix 3001::/64.

  • Page 891: Ipv6 Host

    Examples # Configure a link-local address for the VLAN-interface 1. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface Vlan-interface 1 [Sysname-Vlan-interface1] ipv6 address fe80::1 link-local ipv6 host Syntax ipv6 host hostname ipv6-address undo ipv6 host hostname [ ipv6-address ] View System view Parameters...

  • Page 892: Ipv6 Nd Dad Attempts

    interval: Update period of the token bucket in milliseconds, in the range of 0 to 2,147,483,647. Description Use the ipv6 icmp-error command to configure the maximum number of IPv6 ICMP error packets sent within a specified time. Use the undo ipv6 icmp-error command to restore the update period and the capacity of the token bucket to the defaults.

  • Page 893: Ipv6 Nd Hop-Limit

    ipv6 nd hop-limit Syntax ipv6 nd hop-limit value undo ipv6 nd hop-limit View System view Parameters value: Number of hops, in the range of 0 to 255. Description Use the ipv6 nd hop-limit command to configure the hop limit of ICMPv6 reply packets. Use the undo ipv6 nd hop-limit command to restore the default.

  • Page 894: Ipv6 Nd Nud Reachable-Time

    System View: return to User View with Ctrl+Z. [Sysname] interface Vlan-interface 1 [Sysname-Vlan-interface1] ipv6 nd ns retrans-timer 10000 ipv6 nd nud reachable-time Syntax ipv6 nd nud reachable-time value undo ipv6 nd nud reachable-time View VLAN interface view Parameters value: Neighbor reachable time in milliseconds, in the range of 1 to 3,600,000. Description Use the ipv6 nd nud reachable-time command to configure the neighbor reachable time on an interface.

  • Page 895: Ipv6 Neighbors Max-Learning-Num

    interface-type interface-number: VLAN interface type and interface number corresponding to a static neighbor entry. Description Use the ipv6 neighbor command to configure a static neighbor entry. Use the undo ipv6 neighbor command to remove a static neighbor entry. Note that: You can configure a static neighbor entry in two ways: Mapping a VLAN interface to an IPv6 address and a link-layer address.

  • Page 896: Ipv6 Route-Static

    Examples # Set the maximum number of neighbors that can be dynamically learned on the interface VLAN-interface 1. <Sysname> system-view System View: return to User View with Ctrl+Z. [Sysname] interface Vlan-interface 1 [Sysname-Vlan-interface1] ipv6 neighbors max-learning-num 10 ipv6 route-static Syntax ipv6 route-static ipv6-address prefix-length [ interface-type interface-number] nexthop-address undo ipv6 route-static ipv6-address prefix-length View...

  • Page 897: Reset Ipv6 Neighbors

    reset ipv6 neighbors Syntax reset ipv6 neighbors [ all | dynamic | interface interface-type interface-number | static ] View User view Parameters all: Clears the static and dynamic neighbor information on all interfaces. dynamic: Clears the dynamic neighbor information on all interfaces. interface interface-type interface-number: Clears all neighbor information of a specified interface.

  • Page 898: Reset Tcp Ipv6 Statistics

    reset tcp ipv6 statistics Syntax reset tcp ipv6 statistics View User view Parameters None Description Use the reset tcp ipv6 statistics command to clear the statistics of all IPv6 TCP packets. You can use the display tcp ipv6 statistics command to display the statistics of IPv6 TCP packets. Examples # Clear the statistics of all IPv6 TCP packets.

  • Page 899: Tcp Ipv6 Timer Syn-Timeout

    Parameters wait-time: Length of the finwait timer of IPv6 TCP packets in seconds, in the range of 76 to 3,600. Description Use the tcp ipv6 timer fin-timeout command to set the finwait timer of IPv6 TCP packets Use the undo tcp ipv6 timer fin-timeout command to restore the finwait timer length to the default. By default, the length of the finwait timer is 675 seconds.
  • Page 900 Parameters size: size of IPv6 TCP receiving/sending buffer in KB (kilobyte), in the range of 1 to 32. Description Use the tcp ipv6 window command to set the size of IPv6 TCP receiving/sending buffer. Use the undo tcp ipv6 window command to restore the size of IPv6 TCP receiving/sending buffer to the default.

  • Page 901: Ipv6 Application Configuration Commands

    IPv6 Application Configuration Commands IPv6 Application Configuration Commands ping ipv6 Syntax ping ipv6 [ -a source-ipv6-address | -c count | -m interval | -s packet-size | -t timeout ]* remote-system [ -i interface-type interface-number ] View Any view Parameters -a source-ipv6-address: Specifies source IPv6 address. -c count: Specifies the number of packets sent for requesting ICMPv6 echo, ranging from 1 to 4294967295, with the default of 5.
  • Page 902 Examples # Test whether destination 2001::1 is accessible. <Sysname> ping ipv6 2001::1 PING 2001::1 : 56 data bytes, press CTRL_C to break Reply from 2001::1 bytes=56 Sequence=1 hop limit=64 time = 20 ms Reply from 2001::1 bytes=56 Sequence=2 hop limit=64 time = 0 ms Reply from 2001::1 bytes=56 Sequence=3 hop limit=64...

  • Page 903: Telnet Ipv6

    <Sysname> telnet ipv6 3001::1 Trying 3001::1 ... Press CTRL+K to abort Connected to 3001::1 ... ***************************************************************************** Copyright(c) 2004-2008 3Com Corp. and its licensors. All rights reserved.* Without the owner's prior written consent, no decompiling or reverse-engineering shall be allowed. ***************************************************************************** <Sysname>...

  • Page 904: Tracert Ipv6

    View User view Parameters remote-system: IPv6 address or host name (a string a 1 to 46 characters) of the destination device. -i interface-type interface-number: Specifies the type and number of an interface. This argument takes effect only when the address of the TFTP server is a link-local address and the specified outgoing interface has a link-local address.
  • Page 905 -w timeout: Specifies the timeout in milliseconds of waiting ICMPv6 echoes, ranging from 1 to 65,535, with the default of 5,000 milliseconds. remote-system: IPv6 address or host name (a string a 1 to 46 characters) of the destination device. Description Use the tracert ipv6 command to trace the route of the IPv6 packets from source to destination.
  • Page 906 Table of Contents 1 Access Management Configuration Commands ··························································· 1-1 Access Management Configuration Commands ···························································· 1-1 am enable ············································································································ 1-1 am ip-pool ············································································································ 1-1 am trap enable ····································································································· 1-2 display am ············································································································ 1-3...

  • Page 907: Access Management Configuration Commands

    Access Management Configuration Commands Access Management Configuration Commands am enable Syntax am enable undo am enable View System view Parameters None Description Use the am enable command to enable the access management function. Use the undo am enable command to disable the function. By default, Access management function is disabled.
  • Page 908 View Ethernet port view Parameters all: Specifies all the IP addresses (or IP address pools). address-list: IP address list. You need to provide this argument in the format of start-ip-address [ ip-address-number ] & < 1-10 >, where start-ip-address is the start IP address of an IP address range in the address pool, ip-address-number specifies the number of the successive IP addresses following start-ip-address in the range, and &...
  • Page 909 undo am trap enable View System view Parameters None Description Use the am trap enable command to enable the access management trap function. Use the undo am trap enable command to disable the access management trap function. By default, the access management trap function is disabled. Examples # Enable the access management trap.
  • Page 910 Ethernet1/0/2 Status : enabled IP Pools : (NULL) Table 1-1 Description on the fields of the display am command Field Description Status Access Management state of a port: enabled or disabled Access management IP pools. NULL means the access management IP pool is not configured. Each IP address range is IP Pools represented as X.X.X.X (number), among which “X.X.X.X”...

  • Page 911: Appendix A Command Index

    Appendix A Command Index The command index includes all the commands in the Command Manual, which are arranged alphabetically. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z access-limit 17-AAA Command accounting...
  • Page 912 authentication-mode 01-Login Command authorization 17-AAA Command authorization vlan 17-AAA Command auto-build 25-Cluster Command 1-14 auto-execute command 01-Login Command backup current-configuration 31-File System Management Command 1-22 binary 32-FTP-SFTP-TFTP Command black-list 25-Cluster Command 1-45 boot attribute-switch 31-File System Management Command 1-17 boot boot-loader 31-File System Management Command 1-18 boot boot-loader...
  • Page 913 checkzero 14-Routing Protocol Command clock datetime 34-System Maintenance and Debugging Command clock summer-time 34-System Maintenance and Debugging Command clock timezone 34-System Maintenance and Debugging Command close 32-FTP-SFTP-TFTP Command 1-10 cluster 25-Cluster Command 1-19 cluster enable 25-Cluster Command 1-19 cluster switch-to 25-Cluster Command 1-20 cluster-local-user...
  • Page 914 delete 32-FTP-SFTP-TFTP Command 1-27 delete static-routes all 14-Routing Protocol Command delete-member 25-Cluster Command 1-27 description 03-VLAN Command description 06-Port Basic Configuration Command description 21-ACL Command destination-ip 36-Remote-ping Command detect-group 12-Auto Detect Command detect-list 12-Auto Detect Command dhcp relay information enable 20-DHCP Commands dhcp relay information strategy 20-DHCP Commands...
  • Page 915 display am 38-Access Management Command display arp 19-ARP Commands display arp | 19-ARP Commands display arp count 19-ARP Commands display arp timer aging 19-ARP Commands display boot-loader 31-File System Management Command 1-20 display boot-loader 34-System Maintenance and Debugging Command display bootp client 20-DHCP Commands display brief interface 06-Port Basic Configuration Command...
  • Page 916 display dhcp-server 20-DHCP Commands display dhcp-server interface 20-DHCP Commands 1-10 display dhcp-snooping 20-DHCP Commands display dhcp-snooping trust 20-DHCP Commands display diagnostic-information 34-System Maintenance and Debugging Command display dldp 10-DLDP Command display domain 17-AAA Command 1-10 display dot1x 16-802.1x and System Guard Command display drv qacl_resource 21-ACL Command display fan...
  • Page 917 display icmp statistics 04-IP Address and Performance Optimization Command display igmp-snooping configuration 15-Multicast Command display igmp-snooping group 15-Multicast Command display igmp-snooping statistics 15-Multicast Command display info-center 33-Information Center Command display interface 06-Port Basic Configuration Command display interface Vlan-interface 03-VLAN Command display ip host 04-IP Address and Performance Optimization Command...
  • Page 918 display ipv6 route-table 37-IPv6 Management Command display ipv6 socket 37-IPv6 Management Command display ipv6 statistics 37-IPv6 Management Command 1-10 display isolate port 08-Port Isolation Command display lacp system-id 07-Link Aggregation Command display link-aggregation interface 07-Link Aggregation Command display link-aggregation summary 07-Link Aggregation Command display link-aggregation verbose 07-Link Aggregation Command...
  • Page 919 display packet-filter 21-ACL Command display poe disconnect 26-PoE-PoE Profile Command display poe interface 26-PoE-PoE Profile Command display poe interface power 26-PoE-PoE Profile Command display poe powersupply 26-PoE-PoE Profile Command display poe temperature-protection 26-PoE-PoE Profile Command display poe-profile 26-PoE-PoE Profile Command display port 03-VLAN Command display port combo...
  • Page 920 display rmon eventlog 28-SNMP-RMON Command display rmon history 28-SNMP-RMON Command display rmon prialarm 28-SNMP-RMON Command display rmon statistics 28-SNMP-RMON Command display route-policy 14-Routing Protocol Command display rsa local-key-pair public 30-SSH Command display rsa peer-public-key 30-SSH Command display saved-configuration 02-Configuration File Management Command display schedule reboot 34-System Maintenance and Debugging...
  • Page 921 display stp root 13-MSTP Command display system-guard ip state 16-802.1x and System Guard Command display system-guard ip-record 16-802.1x and System Guard Command display system-guard l3err state 16-802.1x and System Guard Command display system-guard tcn state 16-802.1x and System Guard Command display tcp ipv6 statistics 37-IPv6 Management Command 1-13...
  • Page 922 display version 34-System Maintenance and Debugging Command display vlan 03-VLAN Command display vlan 05-Voice VLAN Command display voice vlan error-info 05-Voice VLAN Command display voice vlan oui 05-Voice VLAN Command display voice vlan status 05-Voice VLAN Command display web package 31-File System Management Command 1-21 display web users...
  • Page 923 dot1x timer 16-802.1x and System Guard Command 1-17 dot1x timer acl-timeout 16-802.1x and System Guard Command dot1x timer reauth-period 16-802.1x and System Guard Command 1-18 dot1x url 16-802.1x and System Guard Command dot1x version-check 16-802.1x and System Guard Command 1-19 duplex 06-Port Basic Configuration Command 1-13...
  • Page 924 ftp source-interface 32-FTP-SFTP-TFTP Command 1-15 ftp source-ip 32-FTP-SFTP-TFTP Command 1-15 ftp timeout 32-FTP-SFTP-TFTP Command ftp-server 25-Cluster Command 1-35 ftp-server source-interface 32-FTP-SFTP-TFTP Command ftp-server source-ip 32-FTP-SFTP-TFTP Command 32-FTP-SFTP-TFTP Command 1-16 32-FTP-SFTP-TFTP Command 1-30 giant-frame statistics enable 06-Port Basic Configuration Command 1-15 gratuitous-arp period-resending enable 19-ARP Commands gratuitous-arp-learning enable...
  • Page 925 if-match interface 14-Routing Protocol Command if-match ip next-hop 14-Routing Protocol Command if-match tag 14-Routing Protocol Command igmp host-join 15-Multicast Command 2-15 igmp-snooping 15-Multicast Command igmp-snooping fast-leave 15-Multicast Command igmp-snooping general-query source-ip 15-Multicast Command igmp-snooping group-limit 15-Multicast Command igmp-snooping group-policy 15-Multicast Command igmp-snooping host-aging-time 15-Multicast Command 2-10...
  • Page 926 info-center trapbuffer 33-Information Center Command 1-17 instance 13-MSTP Command 1-10 interface 06-Port Basic Configuration Command 1-16 interface Vlan-interface 03-VLAN Command ip address 04-IP Address and Performance Optimization Command ip address bootp-alloc 20-DHCP Commands ip address dhcp-alloc 20-DHCP Commands ip host 04-IP Address and Performance Optimization Command ip http acl...
  • Page 927 17-AAA Command 1-36 lacp enable 07-Link Aggregation Command lacp port-priority 07-Link Aggregation Command lacp system-priority 07-Link Aggregation Command 32-FTP-SFTP-TFTP Command 1-17 level 17-AAA Command 1-15 line-rate 22-QoS Command link-aggregation group description 07-Link Aggregation Command link-aggregation group mode 07-Link Aggregation Command link-delay 06-Port Basic Configuration Command 1-17...
  • Page 928 mac-address max-mac-count 11-MAC Address Table Management Command mac-address multicast interface 15-Multicast Command mac-address multicast vlan 15-Multicast Command mac-address security 09-Port Security Command mac-address timer 11-MAC Address Table Management Command mac-address-mapping 35-VLAN-VPN Command mac-authentication 18-MAC Address Authentication Command mac-authentication authmode 18-MAC Address Authentication Command usernameasmacaddress mac-authentication authmode usernamefixed 18-MAC Address Authentication Command...
  • Page 929 mkdir 32-FTP-SFTP-TFTP Command 1-18 mkdir 32-FTP-SFTP-TFTP Command 1-31 monitor-port 23-Mirroring Command more 31-File System Management Command 1-10 move 31-File System Management Command 1-11 multicast static-group interface 15-Multicast Command 2-16 multicast static-group vlan 15-Multicast Command 2-17 multicast static-router-port 15-Multicast Command 2-18 multicast static-router-port vlan 15-Multicast Command 2-19...
  • Page 930 ntp-service in-interface disable 29-NTP Command ntp-service max-dynamic-sessions 29-NTP Command ntp-service multicast-client 29-NTP Command 1-10 ntp-service multicast-server 29-NTP Command 1-10 ntp-service reliable authentication-keyid 29-NTP Command 1-11 ntp-service source-interface 29-NTP Command 1-12 ntp-service unicast-peer 29-NTP Command 1-12 ntp-service unicast-server 29-NTP Command 1-13 open 32-FTP-SFTP-TFTP Command 1-19...
  • Page 931 poe update 26-PoE-PoE Profile Command 1-11 poe-profile 26-PoE-PoE Profile Command port 03-VLAN Command port access vlan 03-VLAN Command port hybrid pvid vlan 03-VLAN Command port hybrid vlan 03-VLAN Command port isolate 08-Port Isolation Command port link-aggregation group 07-Link Aggregation Command port link-type 03-VLAN Command 1-10...
  • Page 932 public-key local export rsa 30-SSH Command 1-12 public-key peer 30-SSH Command 1-13 public-key peer import sshkey 30-SSH Command 1-14 public-key-code begin 30-SSH Command 1-15 public-key-code end 30-SSH Command 1-16 32-FTP-SFTP-TFTP Command 1-20 32-FTP-SFTP-TFTP Command 1-32 31-File System Management Command 1-11 32-FTP-SFTP-TFTP Command 1-21 32-FTP-SFTP-TFTP Command...
  • Page 933 remote-probe vlan enable 23-Mirroring Command remove 32-FTP-SFTP-TFTP Command 1-33 rename 31-File System Management Command 1-12 rename 32-FTP-SFTP-TFTP Command 1-22 rename 32-FTP-SFTP-TFTP Command 1-34 reset 14-Routing Protocol Command 3-11 reset arp 19-ARP Commands reset counters interface 06-Port Basic Configuration Command 1-23 reset dhcp-server 20-DHCP Commands 1-10...
  • Page 934 reset udp statistics 2-16 04-IP Address and Performance Optimization Command reset udp-helper packet 27-UDP Helper Commands restore startup-configuration 31-File System Management Command 1-23 retry 12-Auto Detect Command retry 17-AAA Command 1-46 retry realtime-accounting 17-AAA Command 1-47 retry stop-accounting 17-AAA Command 1-49 return 34-System Maintenance and Debugging...
  • Page 935 rsa peer-public-key import sshkey 30-SSH Command 1-19 rule (for Advanced ACLs) 21-ACL Command 1-12 rule (for Basic ACLs) 21-ACL Command 1-10 rule (for Layer 2 ACLs) 21-ACL Command 1-19 rule (for user-defined ACLs) 21-ACL Command 1-22 rule comment 21-ACL Command 1-25 save 02-Configuration File Management...
  • Page 936 sftp timeout 32-FTP-SFTP-TFTP Command 1-25 shell 01-Login Command 1-22 shutdown 03-VLAN Command shutdown 06-Port Basic Configuration Command 1-24 snmp-agent 28-SNMP-RMON Command 1-11 snmp-agent calculate-password 28-SNMP-RMON Command 1-12 snmp-agent community 01-Login Command snmp-agent community 28-SNMP-RMON Command 1-13 snmp-agent group 01-Login Command snmp-agent group 28-SNMP-RMON Command 1-14...
  • Page 937 ssh server authentication-retries 30-SSH Command 1-23 ssh server timeout 30-SSH Command 1-24 ssh user 30-SSH Command 1-24 ssh user assign 30-SSH Command 1-26 ssh user authentication-type 30-SSH Command 1-27 ssh user service-type 30-SSH Command 1-28 ssh2 30-SSH Command 1-29 ssh2 source-interface 30-SSH Command 1-30 ssh2 source-ip...
  • Page 938 stp pathcost-standard 13-MSTP Command 1-28 stp point-to-point 13-MSTP Command 1-29 stp port priority 13-MSTP Command 1-31 stp portlog 13-MSTP Command 1-32 stp portlog all 13-MSTP Command 1-32 stp priority 13-MSTP Command 1-33 stp region-configuration 13-MSTP Command 1-33 stp root primary 13-MSTP Command 1-34 stp root secondary...
  • Page 939 system-view 34-System Maintenance and Debugging Command tcp ipv6 timer fin-timeout 37-IPv6 Management Command 1-28 tcp ipv6 timer syn-timeout 37-IPv6 Management Command 1-29 tcp ipv6 window 37-IPv6 Management Command 1-29 tcp timer fin-timeout 04-IP Address and Performance 2-16 Optimization Command tcp timer syn-timeout 04-IP Address and Performance 2-17 Optimization Command...
  • Page 940 tftp put 32-FTP-SFTP-TFTP Command tftp source-interface 32-FTP-SFTP-TFTP Command tftp source-ip 32-FTP-SFTP-TFTP Command tftp tftp-server source-interface 32-FTP-SFTP-TFTP Command tftp tftp-server source-ip 32-FTP-SFTP-TFTP Command tftp-server 25-Cluster Command 1-43 tftp-server acl 32-FTP-SFTP-TFTP Command timeout 36-Remote-ping Command timer 17-AAA Command 1-53 timer 25-Cluster Command 1-44 timer loop 12-Auto Detect Command...
  • Page 941 udp-helper port 27-UDP Helper Commands udp-helper server 27-UDP Helper Commands undelete 31-File System Management Command 1-15 unicast-suppression 06-Port Basic Configuration Command 1-26 unknown-multicast drop enable 15-Multicast Command update fabric 26-PoE-PoE Profile Command 1-12 update fabric 31-File System Management Command 1-16 update fabric 34-System Maintenance and Debugging 3-17...
  • Page 942 wred 22-QoS Command 1-26 xmodem get 34-System Maintenance and Debugging 3-17 Command xrn-fabric authentication-mode 24-XRN Fabric Command 1-12 A-32...

This manual is also suitable for:

4500 26-port4500 50-port4500 pwr 26-port

Table of Contents