QTech QSW-2900 User Manual
  1. Manuals
  2. Brands
  3. QTech Manuals
  4. Network Hardware
  5. QSW-2900
  6. User manual

QTech QSW-2900 User Manual

Ethernet switch
Hide thumbs Also See for QSW-2900:
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
Table of Contents

Advertisement

Quick Links

QTECH QSW-2900 Ethernet Switch
User's Manual
Command Line Reference Manual
1. Accessing Switch Command
2. PortConfiguration Command
3. VLAN Configuration Command
4. Multicast
Protocol
Command
5. ACL Configuration Command
6. QOS Configuration Command
7. STP Configuration Command
8. 802.1x Configuration Command
9. SNTP
Client
Command
10. Syslog Configuration Command
11. SSH Configuration Command
12. Switch
Maintenance Command
Configuration
Configuration
Management
and

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the QSW-2900 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for QTech QSW-2900

Summary of Contents for QTech QSW-2900

  • Page 1 QTECH QSW-2900 Ethernet Switch User’s Manual Command Line Reference Manual 1. Accessing Switch Command 2. PortConfiguration Command 3. VLAN Configuration Command 4. Multicast Protocol Configuration Command 5. ACL Configuration Command 6. QOS Configuration Command 7. STP Configuration Command 8. 802.1x Configuration Command 9.

  • Page 3: Table Of Contents

    C o n t e n t Chapter 1 Switch Logging in Command............1-1 1.1 Switch Logging in Command..............1-1 1.1.1 cls ....................1-1 1.1.2 configure terminal................ 1-2 1.1.3 enable..................1-3 1.1.4 end....................1-3 1.1.5 exit ....................1-5 1.1.6 help....................1-6 1.1.7 hostname..................
  • Page 4 2.1.7 priority..................2-9 2.1.8 show description................ 2-11 2.1.9 show interface ................2-12 2.1.10 show statistics interface ............2-13 2.1.11 shutdown ................. 2-14 2.1.12 speed..................2-15 2.1.13 bandwidth-control ..............2-17 2.1.14 show bandwidth-control............2-18 2.1.15 switchport access ..............2-19 2.1.16 switchport mode ..............2-20 2.1.17 switchport trunk allowed vlan ..........
  • Page 5 2.4.5 lacp port-priority................. 2-40 2.4.6 show lacp sys-id ................ 2-41 2.4.7 show lacp internal..............2-42 2.4.8 show lacp neighbor ..............2-43 2.5 Port Alarm Configuration Command............ 2-44 2.5.1 alarm all-packets ............... 2-44 2.5.2 alarm all-packets threshold ............2-45 2.5.3 show alarm all-packets .............. 2-46 2.5.4 show alarm all-packets interface ..........
  • Page 6 3.3.8 show rewrite-outer-vlan ............. 3-20 3.3.9 show vlan-swap................. 3-20 Chapter 4 Multicast Protocol Configuration Command ....... 4-1 4.1 Static Multicast Configuration Command ..........4-1 4.1.1 multicast mac-address ..............4-1 4.1.2 multicast mac-address vlan interface.......... 4-2 4.1.3 show multicast ................4-4 4.2 IGMP snooping and GMRP Configuration Command......
  • Page 7 4.3.1 cross-vlan multicast..............4-25 4.3.2 cross-vlan multicast..............4-26 4.3.3 show cross-vlan multicast ............4-27 Chapter 5 ACL Configuration Command ........... 5-29 5.1 ACL configuration command list ............5-29 5.1.1 absolute ..................5-29 5.1.2 access-group................5-32 5.1.3 access-list.................. 5-34 5.1.4 access-list extended..............5-42 5.1.5 access-list link ................
  • Page 8 6.1.7 storm-control................6-8 Chapter 7 STP Configuration Command............. 7-1 7.1 STP Configuration Command..............7-1 7.1.1 show spanning-tree interface ............7-1 7.1.2 spanning-tree................7-3 7.1.3 spanning-tree cost............... 7-4 7.1.4 spanning-tree forward-time ............7-5 7.1.5 spanning-tree hello-time.............. 7-6 7.1.6 spanning-tree max-age ............... 7-8 7.1.7 spanning-tree port-priority ............
  • Page 9 7.2.11 spanning-tree mst config-digest-snooping....... 7-30 Chapter 8 802.1X Configuration Command ..........8-1 8.1 Domain Configuration Command ............8-1 8.1.1 aaa....................8-1 8.1.2 access-limit.................. 8-2 8.1.3 default domain-name enbale............8-4 8.1.4 domain..................8-5 8.1.5 show domain ................8-7 8.1.6 radius host ................... 8-8 8.1.7 state.....................
  • Page 10 8.3.9 dot1x timeout re-authperiod ............8-34 8.3.10 dot1x user cut................8-36 8.3.11 show dot1x................8-37 8.3.12 show dot1x daemon ..............8-38 8.3.13 show dot1x interface ............... 8-38 8.3.14 show dot1x session ..............8-39 Chapter 9 SNTP Client Configuration Command ........9-1 9.1 SNTP client configuration command list..........
  • Page 11 10.1.7 logging sequence-numbers ............. 10-7 10.1.8 logging timestamps..............10-7 10.1.9 logging monitor................ 10-9 10.1.10 terminal monitor..............10-11 10.1.11 logging buffered ..............10-12 10.1.12 clear logging buffered............10-14 10.1.13 logging flash ................ 10-14 10.1.14 clear logging flash ............... 10-16 10.1.15 logging host ................. 10-17 10.1.16 logging facility..............
  • Page 12 12.1.4 copy running-config startup-config .......... 12-3 12.1.5 copy startup-config running-config .......... 12-4 12.1.6 show running-config ..............12-4 12.1.7 show startup-config ..............12-5 12.2 Online Loading Upgrade Program............. 12-6 12.2.1 load application ftp ..............12-7 12.2.2 load application tftp..............12-8 12.2.3 load application xmodem............12-9 12.2.4 load configuration ftp .............
  • Page 13 12.4.7 loopback ................12-33 12.4.8 vct run..................12-34 12.4.9 vct auto-run ................12-34 12.4.10 show vct auto-run ..............12-35 12.4.11 mac-address-table ............... 12-36 12.4.12 mac-address-table age-time..........12-38 12.4.13 mac-address-table learning..........12-39 12.4.14 mac-address-table learning mode........12-39 12.4.15 ping..................12-40 12.4.16 show broadcast-suppression ..........12-41 12.4.17 show clock ................
  • Page 14 12.5.6 show snmp engineID............. 12-57 12.5.7 show snmp group ..............12-58 12.5.8 show snmp user ..............12-58 12.5.9 show snmp view ..............12-59 12.5.10 snmp-server community ............12-60 12.5.11 snmp-server contact ............12-61 12.5.12 snmp-server host..............12-63 12.5.13 snmp-server location ............12-64 12.5.14 snmp-server name ..............
  • Page 15 13.1.3 lldp hold-time ................. 13-88 13.1.4 lldp { rx | tx | rxtx } ..............13-88 13.1.5 show lldp interface [ <interface-list> ]........13-89 XIII...

  • Page 17: Chapter 1 Switch Logging In Command

    Chapter 1 Switch Logging in Command 1.1 Switch Logging in Command Switch logging in command includes: configure terminal enable exit help hostname interface muser quit show muser show username stop timeout username username change-password 1.1.1 cls...

  • Page 18: Configure Terminal

    Use cls command to clear current screen displaying 【Command configuration mode】 Any configuration mode 【Example】 !Clear current screen displaying QTECH>cls 1.1.2 configure terminal Use configure terminal command to enter global configuration mode from privileged mode. configure terminal 【Command configuration mode】 Privileged mode 【Example】 QTECH#configure terminal QTECH(config)#...

  • Page 19: Enable

    Use enable command to enter privileged mode from user mode. enable 【Command configuration mode】 User mode 【Example】 !Enter from user mode to privileged mode QTECH>enable QTECH# 【Related command】 exit,end 1.1.4 end Use end command to be back from global configuration mode or other superior...
  • Page 20 mode to privileged mode. 【Command configuration mode】 Any configuration mode except user mode and privileged mode 【Usage】 5 levels of command line configuration mode, from inferior to superior are: User mode Privileged mode Global configuration mode Interface configuration mode, VLAN configuration mode, AAA configuration mode...

  • Page 21: Exit

    【Example】 !Back from global configuration mode to privileged mode QTECH(config-if-ethernet-0/0/1)#end QTECH# 【Related command】 exit 1.1.5 exit Use exit command to be back to inferior mode. For the user mode, exit. exit 【Command configuration mode】 Any configuration mode 【Usage】 Use exit command can be back to inferior mode 【Example】...

  • Page 22: Help

    QTECH(config-if-ethernet-0/0/1)#exit QTECH(config)# 【Related command】 1.1.6 help Use help command to display command help information. help 【Command configuration mode】 Any configuration mode 【Usage】 Use help command can display any command in current mode, and user can key in “?” at any moment.
  • Page 23 1 to 32, these strings can be printable, excluding such wildcards as etc. '/'、':'、'*'、'?'、'\\'、'<'、'>'、'|'、'"' 【Default】 Default hostname is QTECH 【Command configuration mode】 Global configuration mode 【Usage】 Modify system hostname. If the hostname is QSW-2900,the hostname in global configuration mode is QSW-2900(config)#. 【Example】...

  • Page 24: Interface

    !Configure hostname to be SWITCH-A QTECH(config)#hostname SWITCH-A SWITCH-A (config)# 1.1.8 interface Use interface command to enter interface configuration mode. interface ethernet interface-num 【Parameter】 interface-num:The number of the interface 【Command configuration mode】 Global configuration mode 【Usage】 Interface-number is in the form of slot-num/port-num, in which slot-num is in the range of 0 to 2, and port-num is in the range of 1 to 24.

  • Page 25: Muser

    QTECH(config)#interface ethernet 0/0/1 1.1.9 muser Use muser command to enable user’s RADIUS remote authentication. radiusname muser { local | { radius { pap | chap } [ local ] } } 【Parameter】 radiusname:RADIUS server configuration name 【Command configuration mode】 Global configuration mode 【Usage】...

  • Page 26: Quit

    “service-type”, and the value of it is “Administrative”, the user is administrator. 【Example】 !Enable RADIUS authentication with the way of PAP QTECH(config)#muser radius radiusserver1 pap 1.1.10 quit Use quit command to disconnect with switch and exit. quit 【Command configuration mode】...

  • Page 27: Show Muser

    【Command configuration mode】 Any configuration mode 【Example】 !Display user’s authentication QTECH(config)#show muser 1.1.12 show username Use show username command to display all the users or the user’s privilege or the existed user and his privilege. show username [ username ]...

  • Page 28: Stop

    Any configuration mode 【Example】 !Display the privilege of user “red” QTECH(config)#show username red 1.1.13 stop Use stop command to stop the session between user and telnet forcibly, that is, after using this command, telnet user with the username of “username” will force to disconnect with telnet.

  • Page 29: Timeout

    Only administrator can use this command 【Example】 !Force user “red” to disconnect with telnet QTECH#stop red 1.1.14 timeout Use timeout command to configure the overtime of user’s logging in. Use no timeout command to configure overtime to be non-over timing.

  • Page 30: Username Username Privilege

    2 hours. This command is effective for command line users. 【Example】 !Configure the overtime to be 30 minutes QTECH#timeout 30 !Configure user to be non-overtime QTECH#no timeout 1.1.15 username username privilege...
  • Page 31 Use username username privilege command to add a user or modify the privilege or password of the existed user. Use no username username privilege command to remove specified user. username username [ privilege level ] { password encryption-type password } no username username 【Parameter】...

  • Page 32: Username Change-Password

    ! Add a new administrator “red”, configure privilege to be 15,and password to be 123456 QTECH(config)#username red privilege 15 password 0 123456 !Modify the privilege of administrator “red” to be 1,and password to be 1234 QTECH(config)#username red privilege 1 password 0 1234 1.1.16 username change-password...
  • Page 33 Administrator “admin” can use username change-password to modify the password of him and others, and other users can use this command to modify his own password. After inputting this command, user will be asked to input as following: original password, the username of the password needs modifying, new password and confirm new password.
  • Page 34 !Modify the password of user “red” to be 123456 QTECH(config)#username change-password please input you login password : ****** please input username :red Please input user new password :****** Please input user comfirm password :****** chang user red password success. 1-18...

  • Page 35: Chapter 2 Port Configuration Command

    Chapter 2 Port Configuration Command 2.1 Ethernet Interface Configuration Command Ethernet interface configuration command includes: clear interface description duplex flow-control ingress acceptable-frame link-aggregation priority show description show interface show statistics interface shutdown speed switchport access switchport mode switchport trunk allowed vlan switchport trunk native vlan show statistics dynamic interface...

  • Page 36: Clear Interface

    show utilization interface 2.1.1 clear interface Use clear interface command to clear the information of the interface. clear interface [ interface-num | slot-num ] 【Parameter】 interface-num:Means Ethernet port. Interface-num is in the form of interface-type + interface-number. Interface-type is Ethernet and interface-number is slot-num/port-num, in which slot-num is in the range of 0 to 2, and port-num is in the range of 1 to 24.

  • Page 37: Description

    【Example】 !Clear information of all interfaces QTECH(config)#clear interface !Clear information of interface 5 in global and interface mode QTECH(config)#clear interface ethernet 0/0/5 QTECH(config-if-ethernet-0/0/5)#clear interface 2.1.2 description Use description command to configure a port description string. Use no description command to remove the port description string.

  • Page 38: Duplex

    【Parameter】 description-list:Port description string ranges from 1 to 32 characters 【Command configuration mode】 Interface configuration mode 【Example】 !Configure description string “red” for the Ethernet 0/0/3 QTECH(config-if-ethernet-0/0/3)#description red !Clear description of Ethernet 0/0/3 QTECH(config-if-ethernet-0/0/3)#no description 【Related command】 show description 2.1.3 duplex...
  • Page 39 duplex command to restore the default duplex mode, that is, auto-negotiation. duplex { half | full | auto } no duplex 【Parameter】 half:Half duplex mode full:Full duplex mode auto:Auto-negotiation mode 【Default】 auto 【Command configuration mode】 Interface configuration mode 【Usage】 When configuring duplex mode, full duplex means receiving and sending messages at the same time;...

  • Page 40: Flow-Control

    100 BASE-FX only supports full duplex. 【Example】 !Configure ethernet 0/5 port to full duplex QTECH(config-if-ethernet-0/0/5)#duplex full 2.1.4 flow-control Use flow-control command to enable flow control on the Ethernet port. Use no flow-control command to disable flow control on the port.

  • Page 41: Ingress Acceptable-Frame

    【Example】 !Enable flow control on Ethernet 0/5 QTECH(config-if-ethernet-0/0/5)#flow-control !Disable flow control on Ethernet 0/5 QTECH(config-if-ethernet-0/0/5)#no flow-control 2.1.5 ingress acceptable-frame Use ingress acceptable-frame command to configure ingress acceptable frame mode. Use no ingress acceptable-frame command to restore the default ingress acceptable frame.

  • Page 42: Ingress Filtering

    When ingress acceptable-frame enables, frame of other type are dropped. When ingress acceptable-frame disables, all types of frames are received. 【Example】 !Configure Ethernet 0/0/5 only to receive tagged frame QTECH(config-if-ethernet-0/0/5)#ingress acceptable-frame tagged !Restore default ingress acceptable-frame Ethernet 0/0/5 QTECH(config-if-ethernet-0/0/5)#no ingress accetable-frame 2.1.6 ingress filtering Use ingress filtering command to enable interface ingress filtering.

  • Page 43: Priority

    VLAN ID of the interface which the frame is received will be dropped; when interface ingress filtering disables, the frame will not be dropped. 【Example】 !Enable the ingress filtering of ethernet 0/0/5 QTECH(config-if-ethernet-0/0/5)#ingress filtering !Disable the ingress filtering of ethernet 0/0/5 QTECH(config-if-ethernet-0/0/5)#no ingress filtering 2.1.7 priority...
  • Page 44 Use priority command to assign priority of the port. Use no priority command to restore default priority. priority priority-value no priority 【Parameter】 priority-value:Ranges from 0 to 7 【Default】 Default priority-value is 0 【Command configuration mode】 Interface configuration mode 【Usage】 The larger priority-value is, the higher the priority is. 【Example】...

  • Page 45: Show Description

    QTECH(config-if-ethernet-0/0/3)#priority 1 2.1.8 show description Use show description command to display interface description. show description interface [ interface-list ] 【Parameter】 interface-list:List of interfaces means many Ethernet ports 【Command configuration mode】 Any configuration mode 【Usage】 When displaying interface description, if interface-list is not specified, description of all interfaces is displayed.

  • Page 46: Show Interface

    QTECH(config)#show description interface ethernet 0/0/3 【Related command】 description 2.1.9 show interface Use show interface command to display port configuration. show interface [ interface-num ] 【Parameter】 interface-num:Means Ethernet port. Interface-num is in the form of interface-type + interface-number. Interface-type is Ethernet and interface-number is slot-num/port-num, in which slot-num is in the range of 0 to 2, and port-num is in the range of 1 to 24.

  • Page 47: Show Statistics Interface

    If both port type and port number are specified, the command displays information about the specified port. 【Example】 !Display the configuration information of Ethernet 0/0/1 QTECH#show interface ethernet 0/0/1 2.1.10 show statistics interface Use show statistics interface command to display the statistic information of specified port or all ports.

  • Page 48: Shutdown

    If both port type and port number are specified, the command displays statistic information about the specified port. 【Example】 !Display statustic information of Ethernet 0/0/1 QTECH#show statistics interface ethernet 0/0/1 2.1.11 shutdown Use shutdown command to disable an Ethernet port. Use no shutdown command to enable an Ethernet port.

  • Page 49: Speed

    【Example】 !Disable Ethernet 0/0/1, then enable it. QTECH(config-if-ethernet-0/0/1)#shutdown QTECH(config-if-ethernet-0/0/1)#no shutdown 2.1.12 speed Use speed command to configure the port speed. Use no speed command to restore the port speed to the defaulting setting. speed { 10 | 10auto | 100 | 100auto | auto }...
  • Page 50 【Parameter】 10:Means the port speed is 10Mbps 100:Means the port speed is 100Mbps 10auto: means the maximum port speed is 10Mbps,and duplex mode is auto-negotiation 100auto: means the maximum port speed is 100Mbps,and duplex mode is auto-negotiation auto: means both port speed and duplex mode are auto-negotiation 【Default】...

  • Page 51: Bandwidth-Control

    100Mbps and the duplex mode of full duplex. 【Example】 !Configure the speed of Ethernet 0/0/1 to 100Mbps QTECH(config-if-ethernet-0/0/1)#speed 100 2.1.13 bandwidth-control Use bandwidth-control command to control the egress and ingress bandwidth and limit the total rate of receiving and sending messages. Use no bandwidth-control command to cancel ingress and egress bandwidth-control configuration.

  • Page 52: Show Bandwidth-Control

    【Usage】 Use this command to restrict the ingress and egress bandwidth-control. 【Example】 !Configure the bandwidth-control of ethernet to be 10Mbps QTECH(config-if-fastEthernet-1)# bandwidth-control ingress 10240 2.1.14 show bandwidth-control Use this command to display bandwidth control of all interfaces. show bandwidth-control 【Command configuration mode】...

  • Page 53: Switchport Access

    【Example】 QTECH(config)#show bandwidth-control 2.1.15 switchport access Use switchport access command to add current port to specified VLAN, and the default VLAN-ID is configured to be the specified VLAN. Use no switchport access command to remove current port from specified VLAN,...

  • Page 54: Switchport Mode

    【Example】 !Add Ethernet 0/0/1 to VLAN 2. VLAN 2 exists, and Ethernet 0/0/1 is not trunk port. QTECH(config-if-ethernet-0/0/1)#switchport access vlan 2 2.1.16 switchport mode Use switchport mode command to configure port type. Use no switchport mode command to restore default port type, that is, access port.

  • Page 55: Switchport Trunk Allowed Vlan

    In addition, configure a port to be a trunk one, then create a vlan, this port will automatically be added to the vlan. 【Example】 !Configure Ethernet 0/0/1 to be trunk port QTECH(config-if-ethernet-0/0/1)#switchport mode trunk 2.1.17 switchport trunk allowed vlan 2-21...
  • Page 56 Use switchport trunk allowed vlan command to add trunk port to specified VLAN. Use no switchport trunk allowed vlan command to remove trunk port from specified vlan. vlan-list switchport trunk allowed vlan { | all } vlan-list no switchport trunk allowed vlan { | all } 【Parameter】...

  • Page 57: Switchport Trunk Native Vlan

    QTECH(config-if-ethernet-0/0/1)#switchport trunk allowed vlan 3,4,70-150 2.1.18 switchport trunk native vlan Use switchport trunk native vlan command to configure the default vlan-id (pvid) of trunk port. Use no switchport trunk native vlan command to restore the default vlan-id. switchport trunk native vlan vlan-id no switchport trunk native 【Parameter】...

  • Page 58: Tag

    【Example】 !Configure default vlan id of trunk ethernet 0/0/1 to be 100 QTECH(config-if-ethernet-0/0/1)#switchport trunk native vlan 100 2.1.19 tag Use tag command to enable access port to send message with tag vlan. Use no tag command to disable.
  • Page 59 No tag vlan command has the same way of using, it can enable this port not to message with specified tag vlan. 【Example】 !Enable Ethernet 0/0/1 to send message with tag vlan 100, VLAN 200 to VLAN QTECH(config-if-ethernet-0/0/1)#tag vlan 100,200-220 2-25...

  • Page 60: Show Statistics Dynamic Interface

    Statistic information refreshes automatically every 3 seconds. 【Example】 !Display statistic information of the port QTECH#show statistics dynamic interface 2.1.21 show utilization interface Use show utilization interface command to display the utilization information of all ports, including receiving and sending speed, bandwidth utilization rate, etc.

  • Page 61: Interface Mirror Configuration Command

    Any configuration mode 【Usage】 Receiving and sending rate and bandwidth utilization rate refresh every 3 seconds. 【Example】 !Display utilization interface of the port QTECH#show utilization interface 2.2 Interface Mirror Configuration Command Interface Mirror configuration command includes: mirror destination-interface mirror source-interface show mirror 2.2.1 mirror destination-interface...

  • Page 62: Mirror Source-Interface

    0 to 2, and port-num is in the range of 1 to 24. 【Command configuration mode】 Global configuration mode 【Example】 !Configure Ethernet 0/0/1 to be mirror destination-interface QTECH(config)#mirror destination-interface ethernet 0/0/1 2.2.2 mirror source-interface Use mirror source-interface command to configure mirror source-interface. Use 2-28...
  • Page 63 no mirror source-interface command to remove mirror source-interface. mirror source-interface { interface-list | cpu } { both | egress | ingress } no mirror source-interface { interface-list | cpu } 【Parameter】 interface-list:List of interfaces provides in the form of interface-num [ to interface-num ], this can be repeated for 3 times.

  • Page 64: Show Mirror

    QTECH(config)#mirror source-interface ethernet 0/0/1 to ethernet 0/0/12 both 2.2.3 show mirror Use show mirror command to display system configuration of current mirror interface, including monitor port and mirrored port list. show mirror 【Command configuration mode】 Any configuration mode 【Example】 !Display monitor port and mirrored port list...

  • Page 65: Port Car Configuration Command

    2.3 Port CAR Configuration Command Port CAR configuration command includes: port-car port-car-open-time port-car-rate show port-car 2.3.1 port-car Use port-car command to enable port CAR of global system or port. Use no port-car command to disable port CAR of global system or port. port-car no port-car 【Default】...

  • Page 66: Port-Car-Open-Time

    !Enable port-car globally QTECH(config)#port-car !Enable port-car of Ethernet 0/0/8 QTECH(config-if-ethernet-0/0/8)#port-car 2.3.2 port-car-open-time Use port-car-open-time command to configure the reopen time of the port shutdown by port-car. Use no port-car-open-time command to restore the default port-car-open-time. port-car-open-time port-car-open-time no port-car-open-time 【Parameter】...

  • Page 67: Port-Car-Rate

    【Command configuration mode】 Global configuration mode 【Example】 !Configure port-car-open-time to be 10 seconds QTECH(config)#port-car-open-time 10 2.3.3 port-car-rate Use port-car-rate command to configure the port-car-rate. Use no port-car-rate command to restore the default port-car-rate. port-car-rate port-car-rate no port-car-rate 【Parameter】 port-car-rate:Port-car-rate ranges from 1 to 2600 【Default】...

  • Page 68: Show Port-Car

    【Command configuration mode】 Global configuration mode 【Example】 !Configure port-car-rate to be 100 packet/second QTECH(config)#port-car-rate 100 2.3.4 show port-car Use show port-car command to display port-car information. show port-car 【Command configuration mode】 Any configuration mode 【Example】 !Display port-car information QTECH(config)#show port-car...

  • Page 69: Port Lacp Configuration Command

    Port recover time(second): : 480 Port CAR rate(packet/second): : 300 Port CAR enable port : e0/1,e0/2,e0/3,e0/4,e0/5,e0/6,e0/7,e0/8,e1/1. 2.4 Port LACP Configuration Command Port LACP configuration command includes: channel-group channel-group mode channel-group load-balance lacp system-priority lacp port-priority show lacp sys-id show lacp internal show lacp neighbor 2.4.1 channel-group Use channel-group command to create channel group, but there is no member in...

  • Page 70: Channel-Group Mode

    【Default】 【Command configuration mode】 Global configuration mode 【Example】 !Create channel group 1 QTECH(config)#channel-group 1 2.4.2 channel-group mode Use channel-group mode command to add port members to the group, and specify the mode. channel-group channel-group-number mode {active | passive | on}...
  • Page 71 !Add Ethernet 0/0/3 to channel-group 3 and specify the port to be active mode QTECH(config-if-ethernet-0/0/3)#channel-group 3 mode active !Add Ethernet 0/0/6 to ethernet 0/0/8 to channel-group 2 and specify the ports to be on mode QTECH(config)#interface range ethernet 0/0/6 to ethernet 0/0/8 QTECH(config-if-range)#channel-group 2 mode on 2-37...

  • Page 72: Channel-Group Load-Balance

    {dst-ip|dst-mac|src-dst-ip|src-dst-mac|src-ip|src-mac} 【Parameter】 channel-group-number:Range from 0 to 5 【Default】 Source MAC mode 【Command configuration mode】 Global configuration mode 【Example】 !Specify load-balance of channel-group 0 is destination mac QTECH(config)#channel-group load-balance dst-mac 2.4.4 lacp system-priority 2-38...
  • Page 73 Use lacp system-priority command to configure lacp system priority. Use no lacp system-priority command to restore default priority. The redundancy influence made by LACP system and port priority shows: LACP providing redundancy system needs guarantee the consistency of the choosing redundancy for conterminous switches, and user can configure redundancy link, which is realized by system and port priority.

  • Page 74: Lacp Port-Priority

    【Command configuration mode】 Global configuration mode 【Example】 !Configure LACP system priority is 40000 QTECH(config)#lacp system-priority 40000 2.4.5 lacp port-priority Use lacp port-priority command to configure lacp port-priority. When the port backup exists, the inferior one backups. Use no lacp port-priority command to restore default lacp port-priority.

  • Page 75: Show Lacp Sys-Id

    Interface /Interface group configuration mode 【Example】 !Configure lacp port-priority of Ethernet 0/0/2 to be 12345 QTECH(config-if-ethernet-0/0/2)#lacp port-priority 12345 2.4.6 show lacp sys-id Use show lacp sys-id command to display lacp system id, which is in the form of 16 characters of system priority and 32 characters of system MAC address.

  • Page 76: Show Lacp Internal

    【Command configuration mode】 Any configuration mode 【Example】 !Display lacp system id QTECH(config)#show lacp sys-id 2.4.7 show lacp internal Use show lacp interval command to display the information of group members, if the there is no keywords, all groups are displayed.

  • Page 77: Show Lacp Neighbor

    Any configuration mode 【Example】 !Such as: QTECH#show lacp internal 2.4.8 show lacp neighbor Use show lacp neighbor command to display the information of the neighbour port in the group. If there is no keyword, the neighbor ports of all the groups are displayed.

  • Page 78: Port Alarm Configuration Command

    【Command configuration mode】 Any configuration mode 【Example】 !Such as: QTECH#show lacp neighbor 2.5 Port Alarm Configuration Command Port alarm configuration command includes: alarm all-packets alarm all-packets threshold show alarm all-packets 2.5.1 alarm all-packets Use alarm all-packets command to enable global or port all-packets alarm.

  • Page 79: Alarm All-Packets Threshold

    Alarm all-packets enable 【Command configuration mode】 Global/interface configuration mode 【Example】 ! Enable global alarm all-packets QTECH(config)#alarm all-packets !Enable alarm all-packets of Ethernet 0/0/8 QTECH(config-if-ethernet-0/0/8)#alarm all-packets 2.5.2 alarm all-packets threshold Use alarm all-packets threshold command to configure alarm all-packets exceed and normal threshold.

  • Page 80: Show Alarm All-Packets

    100 BASE default exceed threshold is 85,normal threshold is 60 【Command configuration mode】 Interface configuration mode 【Usage】 Exceed > normal 【Example】 !Configure alarm all-packets exceed threshold to be 50,and normal threshold to be 30 QTECH(config)#alarm all-packets threshold exceed 500 normal 300 2.5.3 show alarm all-packets 2-46...

  • Page 81: Show Alarm All-Packets Interface

    【Command configuration mode】 Any configuration mode 【Example】 !Display global alarm all-packets information QTECH(config)#show alarm all-packets Port alarm global status : enable Port alarm exceed port 2.5.4 show alarm all-packets interface Use show alarm all-packets interface command to display port alarm all-packets information.
  • Page 82 interface-num:List of Ethernet ports to be added to or removed from a VLAN. This keyword needed to be provided in the form of interface-type + interface-number. Interface-type is Ethernet and interface-number is slot-num/port-num, in which slot-num is in the range of 0 to 2, and port-num is in the range of 1 to 24.
  • Page 83 QTECH(config)#show alarm all-packets interface ethernet 0/0/1 e0/1 port alarm information Port alarm status : enable Port alarm exceed threshold(Mbps) : 85 Port alarm normal threshold(Mbps) : 60 Total entries: 1. 2-49...

  • Page 85: Chapter 3 Vlan Configuration Command

    Chapter 3 VLAN Configuration Command 3.1 VLAN Configuration VLAN(Virtual Local Area Network) configuration includes: description show vlan switchport vlan 3.1.1 description Use description command to assign a description string to the current VLAN. Use no description command to delete the description of the current VLAN. description string no description 【Parameter】...

  • Page 86: Show Vlan

    This command can assign a description to the current VLAN. 【Example】 !Specify the description string of the current VLAN as “market” QTECH (config-if-vlan)#description market 3.1.2 show vlan Use show vlan command to display the information about the specified VLAN show vlan [ vlan-id ] 【Parameter】...

  • Page 87: Switchport

    VLANs. 【Example】 !Display the information of all the existing VLANs QTECH(config)#show vlan 3.1.3 switchport Use switchport command to add a port or multiple ports to a VLAN. Use no switchport command to remove a port or multiple ports from a VLAN.
  • Page 88 interface-list:List of Ethernet ports to be added to or removed from a VLAN. This keyword needed to be provided in the form of interface-type + interface-number. Interface-type is Ethernet and interface-number is slot-num/port-num, in which slot-num is in the range of 0 to 2, and port-num is in the range of 1 to 24. Seriate interfaces with the same type can be linked by to keyword, but the port number to the right of the to keyword must be larger than the one to the left of the keyword, and this argument only can be repeated for up to 3 times.

  • Page 89: Vlan

    【Example】 !Add Ethernet 1, 3, 4, 5, 8 to current VLAN QTECH(config-if-vlan)#switchport ethernet 0/0/1 ethernet 0/0/3 to ethernet 0/0/5 ethernet 0/0/8 !Remove Ethernet 3, 4, 5, 8 from current VLAN QTECH(config-if-vlan)#no switchport ethernet 0/0/3 to ethernet 0/0/5 ethernet 0/0/8 3.1.4 vlan...
  • Page 90 vlan vlan-list no vlan { vlan-list | all } 【Parameter】 vlan-list:The VLAN which you want to create and whose view you want to enter. Each id ranges from 1 to 4094. all:Specifying all when removing VLAN, all created VLANs are removed except the default VLAN.

  • Page 91: Gvrp Configuration Command

    VLAN will become VLAN 1 after using the no vlan command. If the VLAN to be removed exists in the multicast group, remove the related multicast group first. 【Example】 !Enter VLAN 1 configuration view QTECH(config)#vlan 1 3.2 GVRP Configuration Command GVRP command includes: gvrp...

  • Page 92: Show Gvrp

    Globally configuration mode, Ethernet port configuration mode 【Usage】 You can enable GVRP only on trunk ports. 【Example】 !Enable GVRP globally QTECH(config)#gvrp !Enable GVRP on Ethernet port 8 QTECH(config-if-ethernet-0/0/8)#gvrp 3.2.2 show gvrp Use show gvrp command to display the information about GVRP globally.

  • Page 93: Show Gvrp Interface

    【Command configuration mode】 Any configuration mode 【Example】 !Display the information about GVRP globally QTECH(config)#show gvrp GVRP state : enable 3.2.3 show gvrp interface Use show gvrp interface command to display GVRP information on Ethernet port. show gvrp interface [ interface-list ] 【Parameter】...

  • Page 94: Garp Permit Vlan

    GVRP information on specified Ethernet port. 【Example】 !Display GVRP information on Ethernet port 3, 25, 26 QTECH(config)#show gvrp interface ethernet 0/0/3 ethernet 0/0/5 ethernet 0/0/6 3.2.4 garp permit vlan Use garp permit vlan command to add configured static vlan to GVRP module for...

  • Page 95: Show Garp Permit Vlan

    8, 10-20. 【Command configuration mode】 Global configuration mode 【Example】 !Add vlan 2, 3, 7 to GVRP QTECH(config)#garp permit vlan 2-3,7 3.2.5 show garp permit vlan Use show garp permit vlan command to display current static vlan permitted learning by GVRP 3-11...

  • Page 96: Qinq Command

    【Command configuration mode】 Global configuration mode 【Example】 Display current static vlan permitted learning by GVRP QTECH(config)#show garp permit vlan 3.3 QinQ command QinQ command includes: dtag dtag mode dtag insert dtag passth-rough vlan-swap show dtag show vlan-swap 3.3.1 dtag...
  • Page 97 no dtag 【Parameter】 dtag:This is defaulted static qinq mode and it cannot be configured to ignore tag head of ingress packet. If vlan protocol number is not the same as the port configuration value or the port is configured to ignore tag head, there will be a new tag head between the 12 and 13 flexible-qinq:Configure port vlan protocol number not the ignorance attribution of...

  • Page 98: Dtag Mode

    QTECH(config)dtag outer-tpid 9100 3.3.2 dtag mode Use dtag mode command to configure interface QinQ mode. dtag mode { customer | uplink } no dtag mode 【Parameter】 customer: In this mode, the original tag head will be ignored and a new one will be added.

  • Page 99: Dtag Insert

    QTECH(config-if-ethernet-0/1)#dtag mode customer 3.3.3 dtag insert Use this command to configure the vlan tag head added in global QinQ. dtag insert [start vlan of the series vlan] [end vlan of the series vlan] [destination vlan ] no dtag insert [start vlan of the series vlan ] [end vlan of the series vlan] 【Parameter】...

  • Page 100: Dtag Pass-Through

    QTECH(config)dtag insert vlan1 vlan2 vlan3 3.3.4 dtag pass-through Use this command to configure transparent transmission of dynamic QinQ. dtag pass-through [start vlan of the series vlan ] [end vlan of the series vlan] no dtag pass-through [start vlan of the series vlan ] [end vlan of the series vlan] 【Parameter】...

  • Page 101: Rewrite-Outer-Vlan

    3.3.5 rewrite-outer-vlan Use this command to configure interface outer vlan rewrite. start-inner-vid end-inner-vid outer-vid rewrite-outer-vlan [ outer-vlan new-outer-vid new-outer-vlan no rewrite-outer-vlan start-inner-vid end-inner-vid [ outer-vlan outer-vid ] 【Parameter】 start-inner-vid : start inner vlan ID end-inner-vid : end inner vlan ID. outer-vid : outer vlan ID.

  • Page 102: Vlan-Swap

    1~50,outer vlan ID being 3 and new outer vlan ID being 100 QTECH(config-if-ethernet-0/1)#rewrite-outer-vlan 1 50 outer-vlan 3 new-outer-vlan 100 3.3.6 vlan-swap Configure global vlan swap. vlan-swap no vlan-swap vlan-swap [source vlanID] [switching vlan ID ] 【Parameter】 source vlanID:the vlan ID to be replaces in tag.

  • Page 103: Show Dtag

    QTECH(config)#vlan-swap vlan1 vlan2 3.3.7 show dtag Display the QinQ configurationof the switch. show dtag show dtag insert show dtag pass-through 【Command configuration mode】 Global configuration mode 【Example】 !Display the QinQ configuration QTECH(config)#show dtag Display insert vlan of current QinQ QTECH(config)#show dtag insert...

  • Page 104: Show Rewrite-Outer-Vlan

    3.3.8 show rewrite-outer-vlan Use this command to display rewrite-outer-vlan show rewrite-outer-vlan 【Command configuration mode】 Global configuration mode 【Example】 Display rewrite-outer-vlan QTECH(config)#show rewrite-outer-vlan 3.3.9 show vlan-swap Display vlan-swap of current switch. show vlan-swap 【Command configuration mode】 Global configuration mode 【Example】 !Display vlan-swap of current switch...
  • Page 105 QTECH(config)#show vlan-swap 3-21...

  • Page 107: Chapter 4 Multicast Protocol Configuration Command

    Chapter 4 Multicast Protocol Configuration Command 4.1 Static Multicast Configuration Command Static multicast configuration command includes: multicast mac-address multicast mac-address vlan interface show multicast 4.1.1 multicast mac-address Use multicast mac-address command to create a multicast group. Use no multicast mac-address command to remove multicast group formed by specified mac address and related vlan-id.
  • Page 108 【Example】 !Create a multicast group QTECH(config)#multicast mac-address 01:00:5e:01:02:03 vlan 1 4.1.2 multicast mac-address vlan interface Use multicast mac-address vlan interface command to add interface to existed multicast group. Use no multicast mac-address vlan interface command to...
  • Page 109 remove interface. multicast mac-address mac vlan vlan-id interface { all | interface-list } no multicast mac-address mac vlan vlan-id interface { all | interface-list } 【Parameter】 mac:Means mac address of existed multicast which is in the form of multicast mac-address, such as: 01:00:5e:**:**:** vlan-id:Range from 1 to 4094.

  • Page 110: Show Multicast

    【Command configuration mode】 Global configuration mode 【Example】 !Remove ethernet 0/2 from existed multicast group. QTECH(config)#no multicast mac-address 01:00:5e:01:02:03 vlan 1 interface ethernet 0/2 4.1.3 show multicast Use show multicast command to display the information of the specified or all existed multicast group.
  • Page 111 If mac-address is not specified, information of the entire multicast group is displayed. 【Example】 !Display the information of multicast group with the MAC address to be 01:00:5e:01:02:03 QTECH(config)#show multicast mac-address 01:00:5e:01:02:03 show multicast table information ____________________________________________________________ MAC Address : 01:00:5e:01:02:03 VLAN ID Static port list : e0/2,e0/3.

  • Page 112: Igmp Snooping And Gmrp Configuration Command

    IGMP port list Dynamic port list Total entries: 1. 4.2 IGMP snooping and GMRP Configuration Command and GMRP configuration command includes: gmrp igmp-snooping igmp-snooping host-aging-time igmp-snooping max-response-time igmp-snooping fast-leave igmp-snooping group-limit igmp-snooping permit/deny group igmp-snooping route-port forward show gmrp show gmrp interface show igmp-snooping 4.2.1 gmrp Use gmrp command to enable GMRP globally or for a port.

  • Page 113: Igmp-Snooping

    【Default】 GMRP disables globally 【Command configuration mode】 Global configuration mode,Interface configuration mode 【Usage】 GMRP for a port must be enabling in trunk mode 【Example】 !Enable GMRP globally QTECH(config)#gmrp !Disable the GMRP of Ethernet 0/3 QTECH(config-if-ethernet-0/3)#no gmrp 4.2.2 igmp-snooping...

  • Page 114: Igmp-Snooping Host-Aging-Time

    【Command configuration mode】 Global configuration mode 【Example】 !Enable IGMP snooping QTECH (config)#igmp-snooping 4.2.3 igmp-snooping host-aging-time Use igmp-snooping host-aging-time command to configure the host-aging-time of dynamic multicast group learnt by igmp-snooping. Use no igmp-snooping host-aging-time command to restore the default host-aging-time.

  • Page 115: Igmp-Snooping Max-Response-Time

    【Example】 !Configure host-aging-time of the dynamic multicast group learnt by igmp-snooping to be 10 seconds QTECH(config)#igmp-snooping host-aging-time 10 4.2.4 igmp-snooping max-response-time When receiving a leave message, igmp-snooping will wait for some time to see whether to remove interface of igmp-snooping multicast group. The time is the response time.

  • Page 116: Igmp-Snooping Fast-Leave

    This command is effective when fast leave disables 【Example】 !Configure the max-response-time of igmp-snooping is 99 seconds QTECH(config)#igmp-snooping max-response-time 99 4.2.5 igmp-snooping fast-leave Use igmp-snooping fast-leave command to configure fast-leave of the interface. When fast-leave enables, if the fast-leave message is received, the interface leaves the aging group, or the time to leave is determined by the max-response-time.

  • Page 117: Igmp-Snooping Group-Limit

    【Command configuration mode】 Interface configuration mode 【Default】 Fast-leave disables 【Example】 !Enable igmp-snooping fast-leave QTECH(config-if-ethernet-0/1)#igmp-snooping fast-leave 4.2.6 igmp-snooping group-limit Use igmp-snooping group-limit command to configure the number of the multicast group allowed learning. igmp-snooping group-limit limit no igmp-snooping group-limit 【Command configuration mode】...

  • Page 118: Igmp-Snooping Permit/Deny Group

    【Example】 !Configure the igmp-snooping group-limit to be 99 QTECH(config-if-ethernet-0/1)#igmp-snooping group-limit 99 4.2.7 igmp-snooping permit/deny group Use igmp-snooping permit/deny group command to configure the permit and deny group, and the learning regulations of the group which is not permit or deny group (We call it default group).

  • Page 119: Igmp-Snooping Route-Port Forward

    !Configure the learning regulation of default group to allow all multicast group QTECH(config)#igmp-snooping permit group all !Configure Ethernet 0/3 not to learn multicast 01:00:5e:00:01:01 QTECH(config-if-ethernet-0/3)#igmp-snooping deny group 01:00:5e:00:01:01 4.2.8 igmp-snooping route-port forward Multicast routers interface is the interface received IGMP inquiring message (It is also called mix router interface.).

  • Page 120: Show Gmrp

    !Enable igmp-snooping route-port forward QTECH(config)#igmp-snooping route-port forward 4.2.9 show gmrp Use show gmrp command to display GMRP globally. show gmrp 【Command configuration mode】 Any configuration mode 【Example】 !Display GMRP information globally QTECH(config)#show gmrp GMRP state : enable 4.2.10 show gmrp interface Use show gmrp interface command to display GMRP information of an interface.
  • Page 121 interface-list:List of Ethernet ports to be added to or removed from a VLAN. This keyword needed to be provided in the form of interface-type + interface-number. Interface-type is Ethernet and interface-number is slot-num/port-num, in which slot-num is in the range of 0 to 2, and port-num is in the range of 1 to 24. Seriate(sequential?) interfaces with the same type can be linked by to keyword, but the port number to the right of the to keyword must be larger than the one to the left of the keyword, and this argument only can be repeated for up to 3 times.

  • Page 122: Garp Permit Multicast Mac-Address

    QTECH(config)#show gmrp interface ethernet 0/1 to ethernet 0/3 ethernet 2/1 port GMRP status e0/1 enable e0/2 enable e0/3 enable e2/1 enable Total entries: 4 4.2.11 garp permit multicast mac-address Use garp permit multicast mac-address command to add configured static multicast group to GMRP to be dynamic learned by other switches.

  • Page 123: Show Garp Permit Multicast

    Global configuration mode 【Example】 ! Add multicast group 01:00:5e:00:01:01 vlan 1 to GMRP QTECH(config)#garp permit multicast mac-address 01:00:5e:00:01:01 vlan 1 4.2.12 show garp permit multicast Use show garp permit multicast command to display static multicast group permitted learning by GMRP.

  • Page 124: Show Igmp-Snooping

    【Command configuration mode】 Any configuration mode 【Example】 !Display IGMP snooping information QTECH(config)#show igmp-snooping 4.2.14 igmp-snooping route-port vlan vlanID interface interface-list Added route port demonstrates the transferred port of leave or report packet of the host in the same multicast. vlanID...
  • Page 125 vlanID:ID of existed vlan (between 1~4094) interface-list:List of Ethernet ports to be added to or removed from a VLAN. This keyword needed to be provided in the form of interface-type + interface-number. Interface-type is Ethernet and interface-number is slot-num/port-num, in which slot-num is in the range of 0 to 2, and port-num is in the range of 1 to 24.

  • Page 126: No Igmp-Snooping Router-Port-Age

    igmp-snooping route-port vlan interface ethernet 0/1 4.2.15 no igmp-snooping router-port-age Configure the aging of route port. It is defaulted to be aging. no igmp-snooping router-port-age igmp-snooping router-port-age 【Command configuration mode】 Any configuration mode 【Usage】 It is defaulted to be aging, so uses no igmp-snooping router-port-age command to disable it.

  • Page 127: Igmp-Snooping Query-Max-Respon Seconds

    :ip address of ipv4 【Example】 !Configure IGMP query source IP to be 1.1.1.111 QTECH(config)# igmp-snooping general-query source-ip 1.1.1.111 4.2.17 igmp-snooping query-max-respon seconds Configure the max response after receiving query, that is the response value in IGMP query. It is defaulted to be 10s.

  • Page 128: Igmp-Snooping Querier-Vlan Vlanid

    Seconds:1-255 which is used for max response time of IGMP query packet. 【Example】 !Configure the max response after receiving query to be 150 QTECH(config)# igmp-snooping query-max-respon 150 4.2.18 igmp-snooping querier-vlan vlanID Configure vlan which IGMP query sent by querier to be sent to. It is defaulted to be vlan 1.

  • Page 129: Igmp-Snooping Query-Interval Seconds

    (between 1~4094) 【Command configuration mode】 Any configuration mode 【Example】 !Configure querier sending query to vlan 10 QTECH(config)# igmp-snooping querier-vlan 10 4.2.19 igmp-snooping query-interval seconds Configure interval of sending IGMP query. It is defaulted to be 60s. seconds igmp-snooping query-interval no igmp-snooping query-interval 【Command configuration mode】...

  • Page 130: Igmp-Snooping Querier

    【Parameter】 Seconds:1-30000s 【Example】 !Configure interval of sending IGMP query to be 90s QTECH(config)# igmp-snooping querier 90 4.2.20 igmp-snooping querier Enable or disable querier sending IGMP query packet. It is defaulted not to send. igmp-snooping querier no igmp-snooping querier 【Command configuration mode】...

  • Page 131: Cross-Vlan Multicast Configuration

    4.3 Cross-VLAN Multicast Configuration Cross-VLAN Multicast Configuration includes: cross-vlan multicast cross-vlan multicast [tag vlan vlanid| untag] cross-vlan multicast ! Caution: only in MAC address learning mode of SVL for layer 3 packet, the multicast can be correct. 4.3.1 cross-vlan multicast Use this command to enable Cross-VLAN multicast.

  • Page 132: Cross-Vlan Multicast

    【Example】 !enable Cross-VLAN multicast QTECH(config)#cross-vlan multicast 4.3.2 cross-vlan multicast Use this command to configure tag/untag attribution of interface transmitting multicast and vlan id of tagged interface. cross-vlan multicast [tag vlan vlanid| untag] 【Parameter】 tag/untag:configure tag/untag attribution of interface transmitting multicast which has nothing to do with 802.1Q configuration...

  • Page 133: Show Cross-Vlan Multicast

    Interface configuration mode 【Example】 !Configure interface 3 to add tag head when transmitting multicast packet and vlanid to be 5 QTECH(config-if-ethernet-0/5)#cross-vlan multicast tag vlan 5 4.3.3 show cross-vlan multicast Use this command to display cross vlan configuration and specified interface configuration.
  • Page 134 If interface is not specified, display cross vlan globally. 【Example】 !Display configuration of cross vlan multicast of e0/1 QTECH(config)#show cross-vlan multicast interface ethernet 0/1 cross-vlan multicast : enabled. port tag vlanid false 0 Total [1] item(s), printed [1] item(s). 4-28...

  • Page 135: Chapter 5 Acl Configuration Command

    Chapter 5 ACL Configuration Command 5.1 ACL configuration command list ACL command includes: absolute access-group access-list access-list extended access-list link access-list match-order access-list standard access-list user { permit | deny } periodic show access-list config show access-list config statistic show access-list runtime all show access-list runtime statistic show time-range time-range...
  • Page 136 Use absolute command to create absolute time range. Use no absolute command to delete the configuration of absolute time range. absolute [ start time date ] [ end time date ] no absolute [ start time date ] [ end time date ] 【Parameter】...
  • Page 137 【Example】 !The following time range will be effective from 0:0 Jan 1 , 2000. QTECH(config)#time-range tm1 QTECH(config-timerange-tm1)#absolute start 0:0 1-1-2000 QTECH(config-timerange-tm1)#exit !The following time range will be effective from 22:00 December 10, 2000 to 22:01 QTECH(config)#time-range tm2...

  • Page 138: Access-Group

    !The following time range will be effective from 14:00 to 16:00 in each weekend from 20:00 December 31, 1999 to 20:00 December 10, 2000.(The configuration of periodic time range refers to periodic command.) QTECH(config)# time-range testall QTECH(config-timerange-testall)#absolute start 20:00 12-31-1999 end 20:00 12-10-2000 QTECH(config-timerange-testall)#periodic weekend 14:00 to 16:00 QTECH(config-timerange-testall)#exit 5.1.2 access-group...
  • Page 139 no access-group { all | user-group { access-list-number | access-list-name } [ subitem subitem ] | { [ ip-group { access-list-number | access-list-name } [ subitem subitem ] ] [ link-group { access-list-number | access-list-name } [ subitem subitem ] ] } } 【Parameter】...

  • Page 140: Access-List

    Global configuration mode 【Example】 !Activate accessing control list 1 and 200 at the same time. QTECH(config)#access-group ip-group 1 link-group 200 5.1.3 access-list Use access-list command to configure a ACL with number ID, which can be: standard ACL, extended ACL, Layer 2 ACL and user-defined ACL. Use no access-list command to delete all the subitems or one subitem in one ACL with number ID or name ID or all ACLs.
  • Page 141 2. Define extended ACL with number ID. access-list access-list-number2 { permit | deny } [ protocol ] [ established ] { source-addr source-wildcard | any } [ port [ portmask ] ] { dest-addr dest-wildcard | any } [ port [ portmask ] ] [ icmp-type [ icmp-code ] | icmp-packet ] [ fragments ] { [ precedence precedence ] [ tos tos ] | [ dscp dscp ] } [ time-range time-range-name ] 3.
  • Page 142 access-list-number4:user-defined ACL rules in the range of 300~399 permit:permit the packet which satisfied the condition passing. deny:deny the packet which satisfied the condition passing. time-range-name time-range :the name of time range whichh is optional parameter, and it will be efective in this time period. Instruction:...
  • Page 143 numbers is in the range of 1~255;the name of names is in the range of icmp, igmp, tcp, udp, gre, ospf and ipinip. This parameter is used in extended ACL. established:means this rule is effective to the first SYN packet after the successful connection of TCP.
  • Page 144 dest-addr dest-wildcard dest-addr dest-wildcard | any: means destination IP address and destination address wildward which is in the form of decimal; any means all destination address. This parameter can be used in extended ACL. icmp-type icmp-code icmp-packet icmp-type icmp-code ]: ] specified 一...
  • Page 145 :optional parameter which can be categoried according to TOS, it is number or name which is in the range of 0~15. This parameter can be used in extended ACL. vlan-pri [ cos ]: 802.1p priority which is in the range of 0~7. This parameter can be used in layer 2 ACL.
  • Page 146 means destination MAC address and destination MAC address wildcard. These two parametes can determine the range of destination MAC address range, such as: when dest-mac-wildcard is 0:0:0:0:ff:ff,user is interested in the first 32 bit of source MAC address (that is the bit position corresponded to the number 0 in interface-num wildcard),interface means the layer 2 ports transferring this...
  • Page 147 name of layer 2 interface, interface-num means one interface, cpu means cpu interface. This parameter can be used in user-determined ACL. Instructions: Followings are the parameter of no command. all:means all accessing list will be deleted (including number ID and name ID). access-list-number:the ACL number to be deleted which is a number between 1~399 name access-list-name:the ACL name to be deleted which is character string...

  • Page 148: Access-List Extended

    QTECH(config)#access-list 1 deny 192.168.3.1 0 ! Configure ACL 100 to deny packet with the 0xff of TCP source port number to be QTECH(config)# access-list 100 deny tcp any 0 0xff any 5.1.4 access-list extended Use access-list extended command to create an extended ACL with name ID, then enter extended ACL configuration mode.
  • Page 149 config:means the configuration order of user when matching ACL. auto:means the configuration order of deep precedency when matching ACL. Instruction: Followings are the parameters of no command. all:means all accessing list will be deleted (including number ID and name ID). access-list-number:the ACL number to be deleted which is a number between 1~399 name access-list-name:the ACL name to be deleted which is character string...
  • Page 150 The default order is config order. 【Command configuration mode】 Global configuration mode 【Usage】 This command creates an extended ACL with the name of “name”. After entering the extended ACL configuration mode, use { permit | deny }command to add subitem of this ACL (use exit command to exit ACL mode). Each ACL consists of many subitems, and the specified range of the flow category rules of each subitem is different, and if a packet can match many rules, there must be a matching order.

  • Page 151: Access-List Link

    !Create an extended ACL with the name to be example and specify the order to be deep precedency. QTECH(config)#access-list extended example match-order auto 5.1.5 access-list link Use access-list link command to create a layer 2 ACL with a name ID and enter layer 2 ACL configuration mode.
  • Page 152 Followings are the parameters of no command. all:means all accessing list will be deleted (including number ID and name ID). access-list-number:the ACL number to be deleted which is a number between 1~399 name access-list-name:the ACL name to be deleted which is character string parameter with initial English letters (that is [a-z,A-Z]) with any kind, excluding space and quotation mark;...
  • Page 153 ACL, it cannot be changed, unless delete all subitems of this ACL before respecify the order. 【Example】 !Create a layer 2 ACL with the name to be example and specify the order to be deep precedency. QTECH(config)#access-list link example match-order auto 5-47...

  • Page 154: Access-List Match-Order

    5.1.6 access-list match-order Use access-list command to specify rule matching order of an ACL with number access-list access-list-number match-order { config | auto } 【Parameter】 access-list-number:the ACL number which is a number between 1~399 config:means the configuration order of user when matching ACL. auto:means the configuration order of deep precedency when matching ACL.

  • Page 155: Access-List Standard

    【Example】 !Specify the order to be deep precedency. QTECH(config)#access-list 1 match-order auto 5.1.7 access-list standard Use access-list standard command to create a standard ACL with a name ID and enter standard ACL configuration mode. Use no access-list standard command to delete one or all subitems of ACL with number ID or name ID or delete all ACL.
  • Page 156 subitem ] } 【Parameter】 name : character string parameter with initial English letters (that is [a-z,A-Z]) with any kind, excluding space and quotation mark; all、any are not allowed. config:means the configuration order of user when matching ACL. auto:means the configuration order of deep precedency when matching ACL. Instruction:...
  • Page 157 deletedinthe list. It is in the range of 0~127. If it is unspecified, all subitems will be deleted. 【Default】 The default order is config order. 【Command configuration mode】 Global configuration mode 【Usage】 This command creates a standard ACL with the name of “name”. After entering the standard ACL configuration mode, use { permit | deny }command to add subitem of this ACL (use exit command to exit ACL mode).

  • Page 158: Access-List User

    !Create a standard ACL with the name to be example and specify the order to be deep precedency. QTECH(config)#access-list standard example match-order auto 5.1.8 access-list user Use access-list user command to create a user-defined ACL with a name ID and enter user-defined ACL configuration mode.
  • Page 159 config:means the configuration order of user when matching ACL. auto:means the configuration order of deep precedency when matching ACL. Instruction: Followings are the parameters of no command. all:means all accessing list will be deleted (including number ID and name ID). access-list-number:the ACL number to be deleted which is a number between 1~399 name access-list-name:the ACL name to be deleted which is character string...
  • Page 160 The default order is config order. 【Command configuration mode】 Global configuration mode 【Usage】 This command creates a user-defined ACL with the name of “name”. After entering the user-defined ACL configuration mode, use { permit | deny }command to add subitem of this ACL (use exit command to exit ACL mode). Each ACL consists of many subitems, and the specified range of the flow category rules of each subitem is different, and if a packet can match many rules, there must be a matching order.

  • Page 161: Permit | Deny

    ! Create a user-defined ACL with the name to be example and specify the order to be deep precedency. QTECH(config)#access-list user example match-order auto 5.1.9 { permit | deny } Use this command to add a subitem to ACL with the name ID.
  • Page 162 { permit | deny } { rule-string rule-mask offset }&<1-20> [ ingress interface interface-num ] [ egress interface interface-num | cpu ] [ time-range time-range-name ] 【Parameter】 permit:permit the packet which satisfied the condition passing. deny:deny the packet which satisfied the condition passing. time-range-name time-range :the name of time range whichh is optional...
  • Page 163 packet will ignore this rule. This parameter is used in standard or extended ACL. protocol:the protocol with the name of numbers and names. The name of numbers is in the range of 1~255;the name of names is in the range of icmp, igmp, tcp, udp, gre, ospf and ipinip.
  • Page 164 support single port configuration which can support the configuration of larger or equal to the port range (accurate to 2 dest-addr dest-wildcard dest-addr dest-wildcard | any: means destination IP address and destination address wildward which is in the form of decimal; any means all destination address.
  • Page 165 dscp dscp :optional parameter which can be categoried according to DSCP, it is number or name which is in the range of 0~63. This parameter can be used in extended ACL. :optional parameter which can be categoried according to TOS, it is number or name which is in the range of 0~15.
  • Page 166 all packets received by all ports. This parameter can be used in layer 2 ACL. dest-mac-addr dest-mac-wildcard interface-num egress { { [ ] [ interface | cpu ] } | dest-mac-addr dest-mac-wildcard any }:destination information of packet. means destination MAC address and destination MAC address wildcard. These two parametes can determine the range of destination MAC address range, such as: when dest-mac-wildcard is 0:0:0:0:ff:ff,user is interested in the first 32 bit of source MAC address (that is the bit position corresponded to the number 0 in...
  • Page 167 rule-string character string distilled from packet with defined by user itself to find the matched packet before handling. &<1-20> means at most 20 rules can be interface-num interface-num defined. ingress interface 、egress interface :the name of layer 2 interface, interface-num means one interface, cpu means cpu interface.
  • Page 168 ACL. There can be 128 subitems in total. If this ACL has activated, add subitems are not allowed. 【Example】 !Create a standard ACL with the name to be example and specify the matching order to be deep precedency. QTECH(config)#access-list standard example match-order auto Create ACL item successfully! QTECH(config-std-nacl-example)#permit 192.168.3.1 0 5-62...

  • Page 169: Periodic

    Config ACL subitem successfully! QTECH(config-std-nacl-example)# 5.1.10 periodic Use periodic command to create periodic time range. Use no periodic command to delete periodic time range. periodic days-of-the-week hh:mm:ss to [ day-of-the-week ] hh:mm:ss no periodic days-of-the-week hh:mm:ss to [ day-of-the-week ] hh:mm:ss 【Parameter】...
  • Page 170 Friday); weekend(the time for rest, including Saturday and Sunday); daily(special character string which means all days, including 7 days of a week)。 day-of-the-week behind to: means the time period will not be effected in the day of week. It defines a time range with the day-of-the-week before to. The day-of-the-week before or after to can only have one value, that is, the day between Monday and Sunday, and the one chosen before to must be earlier than the day chosen after it, such as: if the first day-of-the-week is wed,...
  • Page 171 QTECH(config-timerange-test)#periodic Monday Tuesday Wednesday Thursday Friday 8:00 to 18:00 The configuration of 8:00 to 18:00 from Monday to Friday is: QTECH(config-timerange-test)#periodic Monday 8:00 to Friday 18:00 【Example】 !The time range is effective in 8:00 to 18:00 from Monday to Friday...
  • Page 172 QTECH(config-timerange-all_day)#periodic daily 8:00 to 18:00 QTECH(config-timerange-all_day)#exit !The time range is effective in 8:00 to 18:00 from every Monday to Friday QTECH(config)#time-range 1to5 QTECH(config-timerange-1to5)#periodic monday 8:00 to friday 18:00 QTECH(config-timerange-1to5)#exit !The time range is effective in every weekend QTECH(config)#time-range wend2 QTECH(config-timerange-wend2)#periodic weekend 0:0 to 23:59 QTECH(config-timerange-wend2)#exit !The time range is effective in every weekend afternoon...

  • Page 173: Show Access-List Config

    QTECH(config-timerange-wendafternoon)#periodic weekend 14:00 to 18:00 QTECH(config-timerange-wendafternoon)#exit 5.1.11 show access-list config Use show access-list config command display detaol configuration of ACL. show access-list config { all | access-list-number | name access-list-name } 【Parameter】 all means all ACL (including the one with number ID and name ID)
  • Page 174 { permit | deny } syntax, its sequence number and the number and bytes of packet matched this syntax. 【Example】 !Display all ACL QTECH#show access-list config all Standard IP Access List 10, 1 rule, 0 : permit 10.0.0.1 0 (0 times matched) Standard IP Access List 20, 1 rule, 0 : permit 20.0.0.1 0 (0 times matched)

  • Page 175: Show Access-List Config Statistic

    Use show access-list config statistic command to display statistics information of ACL. show access-list config statistic 【Command configuration mode】 Any configuration mode 【Example】 !Display statistics information of ACL. QTECH(config)#show access-list config statistic access-list 1 : 1 rules access-list 2 : 2 rules access-list 10 : 1 rules...

  • Page 176: Show Access-List Runtime

    access-list 200 : 1 rules access-list 202 : 2 rules access-list 210 : 1 rules total config rules : 10 rules 5.1.13 show access-list runtime Use show access-list runtime command to display runtime application information of ACL. show access-list runtime { all | access-list-number | name access-list-name } 【Parameter】...
  • Page 177 【Command configuration mode】 Any configuration mode 【Usage】 This command is used to display ACL runtime application information which includes ACL name, subitem name and deliver status. If ACL subitem has been delivered to hardware, the priority of ACL subitem will be diaplayed. Priority value is from 2 to 13, and there are 5 blocks, interface 1-8 of which belong to block 0, interface 9-16 of which belong to block 1, interface 17-24 of which belong to block 2, interface 25 belongs to block 3 and interface 26...

  • Page 178: Show Access-List Runtime Statistic

    8,/,/,/,/,/,/,/,/,/,/,/ 【Example】 !Display runtime application of ACL of all interfaces. QTECH#show access-list runtime all access-list std1 subitem 0 running (2,2,2,2,2,2,2,2,2,2,2,2) access-list std1 subitem 1 running (3,3,3,3,3,3,3,3,3,3,3,3) 5.1.14 show access-list runtime statistic Use show access-list runtime statistic command to display ACL statistics information.

  • Page 179: Show Time-Range

    QTECH(config)#show access-list runtime statistic access-list 1 access-list 200 : 1 rules access-list 2 : 2 rules access-list 202 : 2 rules access-list 10 access-list 210 : 1 rules access-list 11 access-list 210 : 1 rules access-list 12 access-list 210 : 1 rules...
  • Page 180 1 minute, and show time-range will judge it through current time, the fact that show time-range saw a time range has been activated, but its access-list hasn’t is normal. 【Example】 !Display all time range QTECH(config-timerange-tm2)#show time-range all !Display time range with the name of tm1 5-74...

  • Page 181: Time-Range

    QTECH(config)#show time-range name tm1 !Display statistic information of all time range: QTECH(config)#show time-range statistic 5.1.16 time-range Use time-range command to enter time-range configuration mode. Use no time-range command to delete configured time range. time-range time-range-name no time-range { all | name time-range-name } 【Parameter】...
  • Page 182 QTECH(config)#time-range tm1 QTECH(config-timerange-tm1)# 5-76...

  • Page 183: Chapter 6 Qos Configuration Command

    Chapter 6 QOS Configuration Command 6.1 QoS Configuration Command QoS configuration command includes: queue-scheduler queue-scheduler cos-map show queue-scheduler show queue-scheduler cos-map 6.1.1 queue-scheduler Use queue-scheduler command to configure queue-scheduler mode and parameter. Use no queue-scheduler command to disable queue-scheduler. queue-scheduler { sp-wrr queue1-weight queue2-weight queue3-weight | wrr queue1-weight queue2-weight queue3-weight queue4-weight } no queue-scheduler 【Parameter】...
  • Page 184 queue 1, that is the percentage of bandwidth of distribution;queue2-weight: means the weight of the queue 2, that is the percentage of bandwidth distribution; queue3-weight:means the weight of the queue 3, that is the percentage of bandwidth distribution. queue1-weight queue2-weight queue3-weight queue4-weight :Means the weighted round robin.

  • Page 185: Queue-Scheduler Cos-Map

    【Example】 !Configure queue-scheduler to be weighted round robin, and 4 weights to be 1, 3, 6, 9 QTECH(config)#queue-scheduler wrr 1 3 6 9 6.1.2 queue-scheduler cos-map Use queue-scheduler cos-map command to configure 4 queue numbers and cos-map to 8 packed-priority of IEEE802.1p.

  • Page 186: Show Queue-Scheduler

    There are 4 default packed-priorities from 0 to 3. 3 is superlative. The superlative data in the buffer is preferential to send. 【Example】 !Configure packed-priority 1 to mapped priority 6 of IEEE 802.1p QTECH(config)#queue-scheduler cos-map 1 6 6.1.3 show queue-scheduler Use show queue-scheduler command to display the mode and the parameter of queue-scheduler.

  • Page 187: Show Queue-Scheduler Cos-Map

    !Display the mode and parameter of the queue-scheduler QTECH#show queue-scheduler Queue scheduling mode: strict-priority 6.1.4 show queue-scheduler cos-map Use show queue-scheduler cos-map command to display the queue-scheduler cos-map. show queue-scheduler cos-map 【Command configuration mode】 Any configuration mode 【Example】 !Display the queue-scheduler cos-map QTECH(config)#show queue-scheduler cos-map...

  • Page 188: Port-Isolation

    6.1.5 port-isolation Use port-isolation command to add a or a group of descendent isolation port. Use no port-isolation command to remove a or a group of descendent isolation port. port-isolation { interface-list } no port-isolation { interface-list | all } 【Parameter】...

  • Page 189: Show Port-Isolation

    【Example】 !Add Ethernet 0/1, Ethernet 0/3, Ethernet 0/4, Ethernet 0/5, Ethernet 0/8 to be descendentisolation port. QTECH(config)#port-isolation ethernet 0/1 ethernet 0/3 to ethernet 0/5 ethernet !Remove ethernet 0/3, Ethernet 0/4, Ethernet 0/5, ethernet 0/8 from downlink isolation port. QTECH(config)#no port-isolation ethernet 0/3 to ethernet 0/5 ethernet 0/8 6.1.6 show port-isolation...

  • Page 190: Storm-Control

    !Display port-isolation information QTECH(config)#show port-isolation 6.1.7 storm-control Use storm-control command to configure broadcast/known multicast/unknown unicast/unknown multicast storm-control. Use show interface command to display storm-control information. target-rate storm-control rate storm-control { broadcast | multicast | dlf } no storm-control { broadcast | multicast | dlf } 【Parameter】...
  • Page 191 Interface configuration mode 【Example】 ! Configure storm-control rate of Ethernet 0/5 to be 1Mbps, and enable broadcast strom-control QTECH(config-if-ethernet-0/5)#storm-control rate 1024 QTECH(config-if-ethernet-0/5)#storm-control broadcast...

  • Page 193: Chapter 7 Stp Configuration Command

    Chapter 7 STP Configuration Command 7.1 STP Configuration Command STP(Spanning Tree protocol)configuration command includes: show spanning-tree interface spanning-tree spanning-tree cost spanning-tree forward-time spanning-tree hello-time spanning-tree max-age spanning-tree port-priority spanning-tree mcheck spanning-tree point-to-point spanning-tree portfast spanning-tree transmit spanning-tree priority spanning-tree mode clear spanning-tree 7.1.1 show spanning-tree interface Use show spanning-tree interface command to display the information of current...
  • Page 194 show spanning-tree interface [ interface-list ] show spanning-tree interface [ interface-list ] 【Parameter】 interface-list:List of Ethernet ports to be added to or removed from a VLAN. This keyword needed to be provided in the form of interface-type + interface-number. Interface-type is Ethernet and interface-number is slot-num/port-num, in which slot-num is in the range of 0 to 2, and port-num is in the range of 1 to 24.

  • Page 195: Spanning-Tree

    【Example】 !Display the information of spanning-tree QTECH#show spanning-tree interface ethernet 0/7 7.1.2 spanning-tree Use spanning-tree command to enable STP globally or on a port. Use no spanning-tree command disable STP globally or on a port. spanning-tree no spanning-tree 【Default】 STP is enabled globally 【Command configuration mode】...

  • Page 196: Spanning-Tree Cost

    QTECH(config)#spanning-tree !Disable STP on Ethernet 0/8 QTECH(config-if-ethernet-0/8)#no spanning-tree 7.1.3 spanning-tree cost Use spanning-tree cost command to configure the path cost of the current port in a specified spanning tree. Use no spanning-tree cost command to restore to the default path cost of the current port in the specified spanning tree.

  • Page 197: Spanning-Tree Forward-Time

    Default cost is suggested to use. 【Example】 !Configure path cost of Ethernet 0/8 to 20 QTECH(config-if-ethernet-0/8)#spanning-tree cost 20 7.1.4 spanning-tree forward-time Use spanning-tree forward-time command to configure the Forward delay of the switch. Use no spanning-tree forward-time command to restore to the default forward delay.

  • Page 198: Spanning-Tree Hello-Time

    The default forward delay time, 15 seconds is suggested to use. Caution:Forward Delay ≥ Hello Time + 2. 【Example】 !Configure forward delay to 20 seconds QTECH(config)#spanning-tree forward-time 20 7.1.5 spanning-tree hello-time...
  • Page 199 Use spanning-tree hello-time coammand to configure the hello time of the switch. Use no spanning-tree hello-time command to restore to the default hello time. spanning-tree hello-time seconds no spanning-tree hello-time 【Parameter】 seconds:Hello Time in seconds to be configured. This keyword ranges from 1 to 10 seconds.

  • Page 200: Spanning-Tree Max-Age

    Caution:Hello Time ≤ ForwardDelay – 2. 【Example】 !Configure Hello Time to 8 seconds QTECH(config)#spanning-tree hello-time 8 7.1.6 spanning-tree max-age Use spanning-tree max-age command to configure Max Age of the switch. Use no spanning-tree max-age command to restore to the default Max Age.

  • Page 201: Spanning-Tree Port-Priority

    Caution:2*(Hello Time + 1) ≤ Max Age ≤ 2*( ForwardDelay – 1) 【Example】 !Configure the Max Age to 10 seconds QTECH(config)#spanning-tree max-age 10 7.1.7 spanning-tree port-priority Use spanning-tree port-priority command to configure the port priority of the current port in the specified spanning tree. Use no spanning-tree port-priority...
  • Page 202 spanning tree. spanning-tree port-priority port-priority no spanning-tree port-priority 【Parameter】 port-priority:Configure the port priority. It ranges from 0 to 255 【Default】 The default port priority of a port in any spanning tree is 128 【Command configuration mode】 Interface configuration mode 【Usage】 The smaller the value of priority is, the superior the priority is, and the port is easier to be a root port.

  • Page 203: Spanning-Tree Mcheck

    QTECH(config-if-ethernet-0/1)#spanning-tree port-priority 64 7.1.8 spanning-tree mcheck When operation RSTP protocol, and port is in the compatible mode. Use spanning-tree mcheck command to force the port sent RSTP message. spanning-tree mcheck 【Command configuration mode】 Interface configuration mode 【Example】 !Configure Ethernet 0/7 to send RSTP message QTECH(config-if-ethernet-0/7)#spanning-tree mcheck 7.1.9 spanning-tree point-to-point...
  • Page 204 Specifies that the link connected to the current Ethernet port is a point-to-point link. 【Default】 Auto 【Command configuration mode】 Interface configuration mode 【Example】 !Configure the link connected to Ethernet 0/7 as a point-to-point link QTECH(config-if-ethernet-0/7)#spanning-tree point-to-point forcetrue 7-12...

  • Page 205: Spanning-Tree Portfast

    【Command configuration mode】 Interface configuration mode 【Usage】 Edge port can be in transmitting state in linkup in 3 seconds, and it changes into non-edge port after receiving STP message. 【Example】 !Configure Ethernet 0/7 as a non-edge port. QTECH(config-if-ethernet-0/7)#spanning-tree portfast 7-13...

  • Page 206: Spanning-Tree Transit-Limit

    BPDU ranges from 1 to 255。 【Default】 【Command configuration mode】 Interface configuration mode 【Example】 ! Configure the maximum number of configuration BPDUs that can be transmitted by the Ethernet 0/7 in each Hello time to 5 QTECH(config-if-ethernet-0/7)#spanning-tree transit-limit 5 7-14...

  • Page 207: Spanning-Tree Priority

    7.1.12 spanning-tree priority Use spanning-tree priority command to configure the priority of the switch in the specified spanning tree. Use no spanning-tree priority command to restore to the default priority in the specified spanning tree. spanning-tree priority bridge-priority no spanning-tree priority 【Parameter】...

  • Page 208: Spanning-Tree Mode

    【举例】 !Configure the priority of the switch in spanning tree to 4096 QTECH(config)#spanning-tree priority 4096 7.1.13 spanning-tree mode Use spanning-tree mode command to configure the STP operation mode. spanning-tree mode { rstp | stp } no spanning-tree mode 【Parameter】...

  • Page 209: Spanning-Tree Remote-Loop-Detect

    Global configuration mode 【Example】 !Configure the switch to operation in STP-compatible mode QTECH(config)#spanning-tree mode stp 7.1.14 spanning-tree remote-loop-detect Use spanning-tree remote-loop-detect command to enable remote loop detect. Use no spanning-tree remote-loop-detect command to disable remote loop detect. spanning-tree remote-loop-detect no spanning-tree remote-loop-detect 【Command configuration mode】...

  • Page 210: Clear Spanning-Tree

    !Enable spanning-tree remote-loop-detect interface of Ethernet 0/1, and ethernet QTECH(config)#spanning-tree remote-loop-detect interface ethernet 0/1 ethernet !Disable remote-loop-detect of Ethernet 0/1 QTECH(config-if-ethernet-0/1)#no spanning-tree remote-loop-detect 7.1.15 clear spanning-tree Use clear spanning-tree command to clear STP information clear spanning-tree clear spanning-tree interface interface-list 【Parameter】...

  • Page 211: Mstp Configuration Command

    3 times. 【Command configuration mode】 Global configuration mode 【Example】 !Clear spanning-tree information QTECH(config)#clear spanning-tree 7.2 MSTP Configuration command MSTP(Multiple spanning Tree protocol)Configuration command include: spanning-tree mst forward-time spanning-tree mst hello-time...

  • Page 212: Spanning-Tree Mst External Cost

    spanning-tree mst link-type spanning-tree mst external cost spanning-tree mst instance cost spanning-tree mst instance port-priority show spanning-tree mst config-id show spanning-tree mst instance interface Following commands: spanning-tree mst forward-time; spanning-tree mst hello-time; spanning-tree mst max-age; spanning-tree mst portfast; spanning-tree mst link-type Refer to corresponded commands of SST:...
  • Page 213 spanning-tree portfast; spanning-tree point-to-point 7.2.1 spanning-tree mst max-hops Use this command to configure max hop of MSTP packet. spanning-tree mst max-hops max-hops no spanning-tree mst max-hops 【Parameter】 max-hops:hops of MSTP packet which is in the range of 0-255. 【Default】 It is defaulted to be 20 【Command configuration mode】...
  • Page 214 MSTP which is a part of MSTP configuring mark is acharacter string of 32 bits. 【Default】 It is defaulted to be none. 【Command configuration mode】 Global configuration mode 【Example】 !Configure MSTP name to be QTECH QTECH(config)#spanning-tree mst name QTECH 7-22...
  • Page 215 MSTP and it is the integer number between 0 to 65535. 【Default】 The default value is 0. 【Command configuration mode】 Global configuration mode 【Example】 !Configure revision level of MSTP to be 10 QTECH(config)#spanning-tree mst revision 10 7.2.4 spanning-tree mst instance vlan 7-23...
  • Page 216 Use spanning-tree mst instance command to configure the mapping relations between MSTP instance and VLAN. spanning-tree mst instance instance-num vlan vlan-list no spanning-tree mst instance instance-num vlan vlan-list 【Parameter】 instance-num:MSTP instance number which is in the range of 1-15 vlan-list: vlan-list can be discrete number, a sequential number, and the mixture of both.
  • Page 217 QTECH(config)#spanning-tree mst instance 2 vlan 2-7 7.2.5 spanning-tree mst instance instance-num priority Use spanning-tree mst instance command to configure the priority of networkbridge in some MSTP instance. spanning-tree mst instance instance-num priority priority no spanning-tree mst instance instance-num priority 【Parameter】...
  • Page 218 !Configure the priority of network bridge in instance 2 is 4096 QTECH(config)#spanning-tree mst instance 2 priority 4096 7.2.6 spanning-tree mst external cost Use spanning-tree mst external cost command to configure external cost of port. spanning-tree mst external cost external-cost no spanning-tree mst external cost 【Parameter】...
  • Page 219 QTECH(config-if-ethernet-0/0/2)#spanning-tree mst external cost 200 7.2.7 spanning-tree mst instance cost Use spanning-tree mst instance command to configure cost for port in each instance. spanning-tree mst instance instance-num cost cost no spanning-tree mst instance instance-num cost 【Parameter】 instance-num:MSTP instance number which is in the range of 0-15 cost:port cost which is in the range of 1-200000000...
  • Page 220 !Configure the cost for port 2 in instance 1 to be 200 QTECH(config-if-ethernet-0/0/2)#spanning-tree mst instance 1 cost 200 7.2.8 spanning-tree mst instance port-priority Use spanning-tree mst instance port-priority command to configure the priority of port in STP instance. spanning-tree mst instance instance-num port-priority priority no spanning-tree mst instance instance-num port-priority 【Parameter】...
  • Page 221 !Configure the priority of port 2 in instance 1 to be 16 QTECH(config-if-ethernet-0/0/2)#spanning-tree mst instance 1 port-priority 16 7.2.9 show spanning-tree mst config-id Use show spanning-tree mst config-id command to display MSTP config-id. MSTP config-id includes: MSTP revision level, MSTP config-name and the mapping relations between STP instance and VLAN.

  • Page 222: Spanning-Tree Mst Config-Digest-Snooping

    Any configuration mode 【Example】 !Display the information of port 1 in MSTP instance 0 QTECH(config)#show spanning-tree mst instance 0 interface ethernet 0/0/1 7.2.11 spanning-tree mst config-digest-snooping Use this command to enable digest snooping to realize the interconnection with Cisco private MSTP protocol.
  • Page 223 【Default】 Disable 【Command configuration mode】 Interface configuration mode 【Example】 !Enable digest snooping of e0/0/1 QTECH(config-if-ethernet-0/1)#spanning-tree mst config-digest-snooping 7-31...

  • Page 225: Chapter 8 802.1X Configuration Command

    Chapter 8 802.1X Configuration Command 8.1 Domain Configuration Command Domainn configuration command includes: access-limit default domain-name enable domain show domain radius host state 8.1.1 aaa Use aaa command to enter AAA configuration mode 【Command configuration mode】...

  • Page 226: Access-Limit

    Global configuration mode 【Usage】 Enter AAA configuration mode to do related configuration 【Example】 !Enter AAA configuration mode QTECH(config)#aaa QTECH(config-aaa)# 8.1.2 access-limit Use access-limit enable command to configure the maximum number of access user that can be contained in current domain.
  • Page 227 【Default】 disable,means no limitation 【Command configuration mode】 Domain configuration mode 【Usage】 A domain can limit the maximum number of access user that can be contained in current domain. The related link with the domain is the domain name of the authenticate username must be the current domain and using its authentication, authorization and accounting.

  • Page 228: Default Domain-Name Enbale

    ! Configure the maximum number of access user that can be contained in domain red.com to 500 QTECH(config-aaa-red.com)#access-limit enable 500 8.1.3 default domain-name enbale Use default domain-name enable command to configure a existed domain to be default domain. If the domain doesn’t exist, the configuration fails. Use default domain-name disable command to disable the default domain.

  • Page 229: Domain

    To configure a default domain which must be existed, or the configuration fails. 【Example】 !Configure default domain name to be red.com and enable the default domain QTECH(config-aaa)#default domain-name enable red.com !Disable default domain name QTECH(config-aaa)#default domain-name disable 【Related command】...
  • Page 230 no domain domain-name 【Parameter】 domain-name: the name of the domain ranges from 1 to 24 charaters, no difference in upper-case type and lower case letters, and without space. 【Command configuration mode】 AAA configuration mode 【Usage】 Enter domain configuratuin mode to configure authtication and accounting. If the domain doesn’t exist, create it, and then enter it.

  • Page 231: Show Domain

    !Create domain with the name of red.com QTECH(config-aaa)#domain red.com QTECH(config-aaa-red.com)# !Remove domain with the name of red.com QTECH(config-aaa)#no domain red.com 【Related command】 radius host, state 8.1.5 show domain Use show domain command to display the configuration of the domain, such as: domain name, corresponding RADIUS server, and domain activation.

  • Page 232: Radius Host

    Any configuration mode 【Example】 !Display the configuration of red.com QTECH(config-aaa-red.com)#show domain 8.1.6 radius host Use radius host command to configure RADIUS authtication and accounting. radius host radius-scheme 【Parameter】 radius-scheme: the name of RADIUS authentication and accounting. It must be existed.

  • Page 233: State

    QTECH(config-aaa-red.com)#radius host red 【Related command】 radius host(RADIUS configuration mode) 8.1.7 state Use state command to configure the state of the domain to be active or block. state { active | block } 【Parameter】 active:active state,allow the authentication of the domain user.

  • Page 234: Radius Server Configuration Command

    Domain configuration mode 【Usage】 Use state active command to activate domain before used. 【Example】 !Activate red.com QTECH(config-aaa-red.com)#state active 【Related command】 domain 8.2 RADIUS Server Configuration Command RADIUS server configuration command includes: client-ip primary-ip radius host 8-10...

  • Page 235: Client-Ip

    realtime-account second-ip secret-key show radius host username-format 8.2.1 client-ip Use this command to configure client ip of current RADIUS server. Use the no command to remove the client ip. client-ip client-ip no client-ip 【Parameter】 client-ip:client IP address 【Default】 It is defaulted to be 0. 【Command configuration mode】...

  • Page 236: Primary-Ip

    RADIUS configuration mode 【Example】 !Configure RADIUS client IP address to be 192.168.0.100 QTECH(config-aaa-radius-red)#client-ip 192.168.0.100 !Remove RADIUS client IP address QTECH(config-aaa-radius-red)#no client-ip 【Related command】 radius host 8.2.2 primary-ip Use this command to configure primary IP address, authentication port and accounting port of current RADIUS server. Use the no command to remove the primary IP address.
  • Page 237 【Command configuration mode】 RADIUS configuration mode 【Example】 !Configure primary IP address of RADIUS server to be 192.168.0.100, authentication port to be 1812 and accounting port to be 1813 QTECH(config-aaa-radius-red)#primary-ip 192.168.0.100 1812 1813 !Remove primary IP address of RADIUS server QTECH(config-aaa-radius-red)#no primary-ip 8-13...
  • Page 238 【Related command】 radius host,second-ip 8.2.3 radius host Use radius host command to create or choose a RADIUS server for current domain. If RADIUS server exists, enter it. Use the no command to remove RADIUS server specified by radius-scheme. radius host radius-scheme no radius radius-scheme 【Parameter】...

  • Page 239: Realtime-Account

    QTECH(config-aaa)#radius host myScheme QTECH(config-aaa-radius-myScheme)# 【Related command】 radius host 8.2.4 realtime-account Use realtime-account command to configure the real-time account, and the accounting interval. Use no realtime-account command to disable the real-time account. realtime-account interval minute no realtime-account 【Parameter】 minute:Real-time accounting interval ranges from 1 to 255 minutes.

  • Page 240: Second-Ip

    RADIUS configuration mode 【Example】 !Configure the real-time accounting interval of the RADIUS server to be 30 minutes QTECH(config-aaa-radius-red)#realtime-account interval 30 !Disable the real-time accounting QTECH(config-aaa-radius-red)#no realtime-account 8.2.5 second-ip Use this command to configure second IP address, authentication port and accounting port of RADIUS server.

  • Page 241: Secret-Key

    RADIUS configuration mode 【Example】 !Configure the second IP address of RADIUS server to be 192.168.0.200, authentication port to be 1812 and accounting port to be 1813 QTECH(config-aaa-radius-red)#second-ip 192.168.0.200 1812 1813 !Remove the seconf IP address RADIUS server QTECH(config-aaa-radius-red)#no second-ip 【Related command】...
  • Page 242 Use secret-key command to configure a shared key for the RADIUS server. Use no secret-key command to restore the default shared key. secret-key key-string no secret-key 【Parameter】 key-string:Shared key of 1 to 16 characters of strings 【Default】 The default key is Switch 【Command configuration mode】...

  • Page 243: Show Radius Host

    !Configure the shared key for the RADIUS server with the name of red to be 12345 QTECH(config-aaa-radius-red)#secret-key 12345 【Related command】 radius host 8.2.7 show radius host Use show radius host command to display RADIUS server information, such as: primary ip address, second ip address, authentication port, accounting port, authentication key, etc.

  • Page 244: Username-Format

    【Example】 !Display RADIUS server information QTECH(config-aaa-radius-default)#show radius host 8.2.8 username-format Use username-format command to configure the format of the usernames to be sent to RADIUS servers. username-format with-domain username-format without-domain 【Parameter】 with-domain:User name with domain name without-domain:User name without domain name 【Default】...

  • Page 245: Configuration Command

    RADIUS server. 【Example】 !Configure the username sent to the RADIUS server with the name of red not to carry domain name. QTECH(config-aaa-radius-red)#username-format without-domain 【Related command】 radius host 8.3 802.1X Configuration Command 802.1X configuration command include:...

  • Page 246: Dot1X Eap-Transfer

    dot1x eap-transfer dot1x max-user dot1x port-control dot1x re-authenticate dot1x re-authentication dot1x timeout re-authperiod dot1x user cut show dot1x show dot1x daemon show dot1x interface show dot1x session 8.3.1 dot1x Use dot1x command to enable 802.1x. Use no dot1x command to disable 802.1x. dot1x no dot1x 8-22...
  • Page 247 802.1x configuration can be effective only after 802.1x is enable. Some command can be used after 802.1x enables. 【Example】 !Enable 802.1X QTECH(config)#dot1x !Disable 802.1X QTECH(config)#no dot1x 8.3.2 dot1x daemon When 802.1x enables, configure whether a port send 802.1x daemon and 8-23...
  • Page 248 sending period. dot1x daemon [ time time-value ] [interface interface-list] no dot1x daemon 【Parameter】 time-value:the intervals of 802.1x daemon sending ranges from 10 to 600 seconds. interface-list:List of Ethernet ports to be added to or removed from a VLAN. This keyword needed to be provided in the form of interface-type + interface-number.
  • Page 249 !Enable dot1x daemon on ethernet 0/5 with the period time of 20 seconds QTECH(config-if-ethernet-0/5)#dot1x daemon time 20 !Configure dot1x daemon of ethernet 0/5 globally with the period time of 20 seconds QTECH(config)#dot1x daemon time 20 interface ethernet 0/5 !Restore the default dot1x daemon configuration on ethernet 0/5 QTECH(config-if-fastethernet-5)#no dot1x daemon 8-25...
  • Page 250 !Restore the default dot1x daemon configuration of ethernet 0/5 globally QTECH(config)#no dot1x daemon interface ethernet 0/5 8.3.3 dot1x eap-finish After using dot1x eap-transfer command, 802.1 authentication message encapsulated by EAP frame from user is sent to RADIUS server after transfering to data frame encapsulated by other high level protocol.
  • Page 251 RADIUS server authentication message receiving way, authentication fails. 【Example】 !Configure authentication message tramsitting to be eap-finish QTECH(config)#dot1x eap-finish 【Related command 】 dot1x eap-transfer 8.3.4 dot1x eap-transfer After using dot1x eap-transfer command, 802.1 authentication message encapsulated by EAP frame from user is sent to RADIUS server without any changes.
  • Page 252 If authentication message transmitting way is different from RADIUS server authentication message receiving way, authentication fails. 【Example】 !Configure authentication message tramsitting to be eap-transfer QTECH(config)#dot1x eap-transfer 【Related command】 dot1x eap-finish 8.3.5 dot1x max-user Use dot1x max-user command to configure the maximum number of supplicant systems an ethernet port can accommodate.
  • Page 253 This command is effective after 802.1X authentication. After 802.1X enables, max-user of a port is determined by the real situation. The max-user of 100M ethernet port is 16 【Example】 !Configure the max-user of ethernet 0/5 is 10 in interface configuration mode QTECH(config-if-ethernet-0/5)#dot1x max-user 10 8-29...
  • Page 254 !Configure the max-user of ethernet 0/5 is 10 globally QTECH(config)#dot1x max-user 10 interface ethernet 0/5 !Restore the default max-user of ethernet 0/5 in interface configuration mode QTECH(config-if-fastethernet-5)#no dot1x max-user !Restore the default max-user of ethernet 0/5 globally QTECH(config)#no dot1x max-user interface ethernet 0/5 8.3.6 dot1x port-control...
  • Page 255 get the resource from the LAN without authentication. forceunauthorized:Means forcing unauthorization. User of this type of interface cannot get the resource from the LAN. 【Default】 Port control mode is auto by default. 【Command configuration mode】 Interface configuration mode or global configuration mode 【Usage】...
  • Page 256 !Ethernet 0/5 is RADIUS server port. Configure port-control mode of ethernet 0/5 to be forceauthorized in interface configuration mode QTECH(config-if-ethernet-0/5)#dot1x port-control forceauthorized !Configure port-control mode of ethernet 0/5 to be forceauthorized globally. QTECH(config)#dot1x port-control forceauthorized interface ethernet 0/5 【Related command】 dot1x 8.3.7 dot1x re-authenticate Use dot1x re-authenticate command to re-authenticate current interface.
  • Page 257 【Example】 !Re-authenticate ethernet 0/5 in interface configuration mode QTECH(config-if-ethernet-0/5)#dot1x re-authenticate !Re-authenticate ethernet 0/5 globally QTECH(config)#dot1x re-authenticate interface ethernet 0/5 8.3.8 dot1x re-authentication Use dot1x re-authentication command to enable 802.1x re-authentication. Use no dot1x re-authentication command to disable 802.1x re-authentication. dot1x re-authentication no dot1x re-authentication 【Default】...
  • Page 258 802.1X authentication only supports the message sending of dot1x eap-transfer. 【Example】 !Enable re-authentication of ethernet 0/5 QTECH(config-if-ethernet-0/5)#dot1x re-authentication QTECH(config)#dot1x re-authentication interface ethernet 0/5 【Related command】 dot1x、dot1x eap-finish、dot1x eap-transfer 8.3.9 dot1x timeout re-authperiod Use dot1x timeout re-authperiod command to configure 802.1x re-authperiod.
  • Page 259 re-authperiod. dot1x timeout re-authperiod seconds [ interface interface-num ] no dot1x timeout re-authperiod [ interface interface-num ] 【Parameter】 seconds: 802.1X re-authperiod ranges from 1 to 65535 seconds interface-num:Optional interface number 【Default】 The default 802.1X re-authperiod is 3600 seconds 【Command configuration mode】 Global configuration mode 【Usage】...

  • Page 260: Dot1X User Cut

    【Example】 !Configure 802.1x re-authperiod of ethernet 0/3 to be 1800 QTECH(config)#dot1x timeout re-authperiod 1800 interface ethernet 0/3 !Restore all the re-authperiod to the default of 802.1x re-authperiod QTECH(config)#no dot1x timeout re-authperiod 8.3.10 dot1x user cut Use dot1x user cut command to remove specified online user.

  • Page 261: Show Dot1X

    【Example】 !Remove user with username of aaa@qtech.com QTECH(config)#dot1x user cut username aaa@qtech.com 8.3.11 show dot1x Use show dot1x command to display 802.1x authentication information, such as: 802.1x authentication is enable or not, which authentication is used. show dot1x 【Command configuration mode】...

  • Page 262: Show Dot1X Daemon

    【Command configuration mode】 Any configuration mode 【Example】 !Display the 802.1x daemon of all the ports QTECH(config)#show dot1x daemon 8.3.13 show dot1x interface Use show dot1x interface command to display such configuration of interface as control mode, re-authenticate, re-authperiod, max-user, etc.

  • Page 263: Show Dot1X Session

    【Example】 ! Display port-control, re-authentication, re-authperiod and max-user configuration of ethernet 0/5 QTECH(config)#show dot1x interface ethernet 0/5 8.3.14 show dot1x session Use show dot1x session command to display 802.1x session, including online information: interface number, mac-address, username, etc.
  • Page 264 【Parameter】 interface-num:The interface number mac:The optioned mac-address 【Command configuration mode】 Any configuration mode 【Usage】 Use this command to display and detect the information of onlined user 【Example】 !Display all the onlined authentication users QTECH(config)#show dot1x session 8-40...

  • Page 265: Chapter 9 Sntp Client Configuration Command

    Chapter 9 SNTP Client Configuration Command 9.1 SNTP client configuration command list SNTP client configuration command includes: show sntp client sntp client sntp client authenticate sntp client authentication-key sntp client broadcastdelay sntp client mode sntp client multicast ttl sntp client poll-interval sntp client retransmit sntp client retransmit-interval sntp client valid-server...

  • Page 266: Sntp Client

    【Command configuration mode 】 Any configuration mode 【Example】 !Display the information about SNTP client configuration and running QTECH(config)#show sntp client 9.1.2 sntp client Use sntp client command to enable SNTP client. Use no sntp client command to disable SNTP client.

  • Page 267: Sntp Client Authenticate

    【Example】 !Enable SNTP client QTECH(config)#sntp client 9.1.3 sntp client authenticate Use sntp client authenticate command to enable MD5 authentication of SNTP client. Use no SNTP client authenticate command to disable MD5 authentication of SNTP client. sntp client authenticate no sntp client authenticate 【Default】...

  • Page 268: Sntp Client Authentication-Key

    QTECH(config)#sntp client authenticate 9.1.4 sntp client authentication-key Use sntp client authentication-key command to configure MD5 authentication-key. More than one authentication-key can be configured. sntp client authentication-key number md5 value no sntp client authentication-key number 【Parameter】 number:Authentication-key ID ranges from 1to 4294967295 value:...

  • Page 269: Sntp Client Broadcastdelay

    【Example】 !Configure SNTP client MD5 authentication-key, with the key ID being 12,and the key being abc QTECH(config)#sntp client authentication-key 12 md5 abc 9.1.5 sntp client broadcastdelay Use sntp client broadcastdelay command to configure the transmission delay of the SNTP client in broadcast or multicast. Use no sntp client broadcastdelay command to restore default transmission delay.

  • Page 270: Sntp Client Mode

    【Example】 !Configure broadcastdelay to be 1 second QTECH(config)#sntp client broadcastdelay 1000 9.1.6 sntp client mode Use sntp client mode command to configure the operation mode of SNTP client. Use no sntp client mode command to restore the default operation mode of SNTP...
  • Page 271 client. sntp client mode { unicast | broadcast | multicast | anycast [ key number ] } no sntp client mode 【Parameter】 unicast:Unicast mode broadcast:Broadcast mode multicast:Multicast mode anycast:Anycast mode number: ID of anycast ranges from 0 to 4294967295,0 means unauthentication. 【Default】...

  • Page 272: Sntp Client Multicast Ttl

    Global configuration mode 【Example】 !Configure SNTP client to operate in anycast QTECH(config)#sntp client mode anycast 9.1.7 sntp client multicast ttl Use sntp client multicast ttl command to configure ttl-value of multicast message. Use no sntp client multicast ttl command to restore default ttl-value.

  • Page 273: Sntp Client Poll-Interval

    TTL-value setting is suggested. 【Example】 !Configure TTTL-value of sending multicast message to be 5 QTECH(config)#sntp client multicast ttl 5 9.1.8 sntp client poll-interval Use sntp client poll-interval command to configure poll-interval of SNTP client in unicast or anycas. Use no sntp client poll-interval command to restore default poll-interval.

  • Page 274: Sntp Client Retransmit

    SNTP client sends requirement message regularly to the server in unicast and anycast operation mode. System time will be revised after receiving the message. 【Example】 !Configure poll-interval to be 100 seconds QTECH(config)#sntp client poll-interval 100 9.1.9 sntp client retransmit Use sntp client retransmit command to configure retransmit times inunicast and 9-10...
  • Page 275 anycast operation mode. Use no sntp client retransmit command to configure SNTP client not to retransmit requirement message. sntp client retransmit times no sntp client retransmit 【Parameter】 times:Times of retransmit ranges from 1 to 10 【Default】 non-retransmit(0) 【Command configuration mode】 Global configuration mode 【Usage】...

  • Page 276: Sntp Client Retransmit-Interval

    【Example】 !Configure overtime retransmission to be twice QTECH(config)#sntp client retransmit 2 9.1.10 sntp client retransmit-interval Use sntp client retransmit-interval command to configure retransmit-interval of SNTP client in unicast and anycast operation mode. sntp client retransmit-interval seconds no sntp client retransmit-interval 【Parameter】...

  • Page 277: Sntp Client Valid-Server

    【Example】 !Configure retransmit-interval to be 10 seconds. QTECH(config)#sntp client retransmit-interval 10 9.1.11 sntp client valid-server Use sntp client valid-server command to add a filtration list item of valid -server. Use no sntp client valid-server command to remove a filtration list item of valid-server.

  • Page 278: Sntp Server

    To solve this problem, a series of valid servers can be listed to filtrate source address of the message. 【Example】 !Add a valid-server list QTECH(config)#sntp client valid-server 10.1.0.2 0.0.255.255 9.1.12 sntp server Use sntp server command to configure server ip-address in unicast mode. Use no 9-14...
  • Page 279 sntp server command to remove server ip-address. sntp server ip-address [ key number ] no sntp server 【Parameter】 ip-address:Server ip-address. number: To encrypt message when sending requirement to server. Use the key-number to decipher the message when the reply is received. The key-number ranges from 0 to 4294967295.

  • Page 280: Sntp Trusted-Key

    QTECH(config)#sntp server 192.168.0.100 9.1.13 sntp trusted-key Use sntp trusted-key command to configure a trusted-key. sntp trusted-key number no sntp trusted-key number 【Parameter】 number:Key ID ranges from 1 to 4294967295 【Default】 All key number is reliable 【Usage】 In broadcast and multicast, the authentication is valid only when key-number is configured.
  • Page 281 【Example】 !Configure trusted-key to be 12 QTECH(config)#sntp trusted-key 12 9-17...

  • Page 283: Chapter 10 Syslog Configiration Command

    Chapter 10 Syslog Configiration Command 10.1 Syslog Configuration Command Syslog configuration command includes: show logging show logging buffered show logging flash show logging filter show debug logging on logging sequence-numbers logging timestamps logging monitor terminal monitor logging buffered clear logging buffered logging flash clear logging flash logging host...

  • Page 284: Show Logging

    Any configuration mode 【Example】 !Display Syslog configuration, state, and statistical information. QTECH(config)#show logging 10.1.2 show logging buffered Use show logging buffered command to display buffered log. show logging buffered [ level | level-list { level [ to level ] } &<1-8> ] [ module { xxx | …...

  • Page 285: Show Logging Flash

    【Example】 !Display the buffered log of level 7 QTECH(config)#show logging buffered level-list 7 10.1.3 show logging flash Use show logging flash command to display flash log.

  • Page 286: Show Logging Filter

    【Example】 !Display the flash log of module vlan QTECH(config)#show logging flash module vlan 10.1.4 show logging filter Use show logging filter command to display filter log.

  • Page 287: Show Debug

    【Command configuration mode】 Any configuration mode 【Example】 !Display buffered filter log QTECH(config)#show logging filter buffered 10.1.5 show debug Use show debug command to display the debug of the module. show debug 【Command configuration mode】...

  • Page 288: Logging

    【Example】 !Display the debug of module QTECH(config)#show debug 10.1.6 logging Use logging command to enable Syslog. Use no logging command to disable Syslog. logging no logging 【Default】 Syslog enables 【Command configuration mode】 Global configuration mode 【Example】 !Enable Syslog QTECH(config)#logging 10-6...

  • Page 289: Logging Sequence-Numbers

    Syslog. logging sequence-numbers no logging sequence-numbers 【Default】 Not display global sequence number 【Command configuration mode】 Global configuration mode 【Example】 !Configure global sequence number to be displayed in Syslog outputting information. QTECH(config)#logging sequence-numbers 10.1.8 logging timestamps 10-7...
  • Page 290 se logging timestamps command to configure the type of timestamps in Syslog. Use no logging timestamps command to restore the default type of timestamps. logging timestamps { notime | uptime | datetime } no logging timestamps 【Parameter】 notime:Timestamps are not displayed uptime:Uptime is the timestamps datetime:Datetime is the timestamps 【Default】...

  • Page 291: Logging Monitor

    QTECH(config)#logging timestamps datetime 10.1.9 logging monitor Use logging monitor command to enable monitor logging and configure filter regulation. Use no logging monitor command to disable monitor logging and restore default filter regulation. logging monitor { all | monitor-no } no logging monitor { all | monitor-no } logging monitor { all | monitor-no } { level | none | level-list { level [ to level ] } &<1-8>...
  • Page 292 “level-list” is not specified, the information of the higher level (The smaller the level number is, the higher the level is.) and the equal level will be displayed. 【Example】 !Enable monitor logging QTECH(config)#logging monitor 0 !Configure filter regulations of all terminals to allow all module of levels 0 to 6 to 10-10...

  • Page 293: Terminal Monitor

    QTECH(config)#logging monitor 0 6 10.1.10 terminal monitor Use terminal monitor command to enable current terminal information displaying. Use no terminal monitor command to disable current terminal information displaying. terminal monitor no terminal monitor 【Default】 Current terminal information displaying enables,all Telnetterminal information displaying disables.

  • Page 294: Logging Buffered

    【Example】 !Enable current terminal information displaying QTECH(config)#terminal monitor 10.1.11 logging buffered Use logging buffered command to enable buffered logging and configure filter regulations. Use no logging buffered command to disable buffered logging and restore to default filter regulations. logging buffered no logging buffered logging buffered { level | none | level-list { level [ to level ] } &<1-8>...
  • Page 295 “level-list” is not specified, the information of the higher level (The smaller the level number is, the higher the level is.) and the equal level will be displayed. 【Example】 !Disable buffered logging QTECH(config)#no logging buffered ! Configure filter regulations of all terminals to allow all module of level 0,1,2 and 6 10-13...

  • Page 296: Clear Logging Buffered

    QTECH(config)#logging buffered level-list 0 to 2 6 10.1.12 clear logging buffered Use clear logging buffered command to clear buffered logging. clear logging buffered 【Command configuration mode】 Any configuration mode 【Example】 !Clear buffered logging QTECH(config)#clear logging buffered 10.1.13 logging flash Use logging flash command to enable flash logging and configure filter regulations.
  • Page 297 no logging flash logging flash { level | none | level-list { level [ to level ] } &<1-8> } [ module { xxx | … } * ] no logging flash filter 【Parameter】 level:Level of information ranges from 0 to 7 none:Any level is not allowed.

  • Page 298: Clear Logging Flash

    QTECH(config)#no logging flash !Configure filter regulations of all terminals to allow all vlan module to output information QTECH(config)#logging flash none QTECH(config)#logging flash 7 module vlan 10.1.14 clear logging flash Use clear logging flash command to clear flash logging. clear logging flash 【Command configuration mode】...

  • Page 299: Logging Host

    【Example】 !Clear flash logging QTECH(config)#clear logging flash 10.1.15 logging host Use logging host command to configure host ip address, and enable host logging, and configure filter regulation of Syslog server. Use no logging host command to remove host ip address, disable host logging, and configure default filter regulation.
  • Page 300 ip-address:IP address of Syslog server level:Level of information ranges from 0 to 7 none:Any level is not allowed. xxx:Means the name of the module. … means other modules are omitted. 【Default】 All logging host enable. Filter regulations of all terminals are to allow all modules of levels 0 to 6 to output information 【Command configuration mode】...

  • Page 301: Logging Facility

    QTECH(config)#logging host 1.1.1.1 ! Configure filter regulations of logging host 1.1.1.1 to allow all module of level 0 to 6 to output information QTECH(config)#logging host 1.1.1.1 6 10.1.16 logging facility Use logging facility command to configure logging facility used by logging host.

  • Page 302: Logging Source

    Global configuration mode 【Example】 !Configure logging facility to be localuse0 QTECH(config)#logging facility localuse0 10.1.17 logging source Use logging source command to configure logging host to use fixed source ip address outputting. Use no logging source command to configure logging host not to use fixed source ip address outputting.

  • Page 303: Logging Snmp-Agent

    【Example】 !Configure the fixed source ip address of logging host to be 1.1.1.2 QTECH(config)#logging source 1.1.1.2 10.1.18 logging snmp-agent Use logging snmp-agent command to enable SNMP Agent logging and configure 10-21...
  • Page 304 filter configuration. Use no logging snmp-agent command to disable SNMP Agent logging and restore to default filter configuration. logging snmp-agent no logging snmp-agent logging snmp-agent { level | none | level-list { level [ to level ] } &<1-8> } [ module { xxx | …...
  • Page 305 Workstation by Trap message. (Refer to SNMP configuration) 【Example】 !Enable SNMP Agent logging QTECH(config)#logging snmp-agent !Configure filtrate rule to be permitting the information outputting of 0 to 3 levels of all modules of SNMP Agent QTECH(config)#logging snmp-agent 3 【Related command】 10-23...

  • Page 306: Debug

    snmp-server host 10.1.19 debug Use debug command to enable debug of a module. Use no debug command to disable debug of a module. debug { all | { xxx | … } * } no debug { all | { xxx | … } * } 【Parameter】...

  • Page 307: Upload Logging

    !Enable debug of module vlan QTECH(config)#debug vlan 10.1.20 upload logging Use upload logging command to upload Flash storage to ftp or tftp server. upload logging tftp ip-address file-name upload logging ftp ip-address file-name user-name password 【Parameter】 ip-address:IP address of server file-name:The filename saved to server...
  • Page 308 !Upload Flash storage to tftp server 1.1.1.1,and saved file is aaa.txt QTECH(config)#upload logging tftp 1.1.1.1 aaa.txt 10-26...

  • Page 309: Chapter 11 Ssh Configuration Command

    Chapter 11 SSH Configuration Command 11.1 SSH configuration command list SSH configuration command includes: show ssh show keyfile crypto key generate rsa crypto key zeroize rsa crypto key refresh load keyfile upload keyfile 11.1.1 show ssh Use show ssh command to display SSH configuration information, including version number, enabling/disabling SSH and SSH keyfile.

  • Page 310: Show Keyfile

    Use show keyfile command to display keyfile in Flash storage. show keyfile { public | private } 【Command configuration mode】 Privileged configuration mode 【Example】 !Display SSH keyfile QTECH#show keyfile public 11.1.3 ssh Use this command to enable/disable SSH. no ssh 【Default】 11-2...

  • Page 311: Crypto Key Generate Rsa

    11.1.4 crypto key generate rsa Use crypto key generate rsa command to configure SSH to be generate rsa. crypto key generate rsa 【Command configuration mode】 Privileged configuration mode 【Example】 !Configure SSH key to be generate rsa. QTECH#crypto key generate rsa 11-3...

  • Page 312: Crypto Key Zeroize Rsa

    【Command configuration mode】 Privileged configuration mode 【Example】 !Clear keyfile in Flash storage QTECH#crypto key zeroize rsa 11.1.6 crypto key refresh Use crypto key refresh command to load SSH key from Flash storage. crypto key refresh 【Command configuration mode】...

  • Page 313: Load Keyfile

    QTECH#crypto key refresh 11.1.7 load keyfile Use load keyfile command to download keyfile to device from tftp or ftp server. load keyfile { public | private } tftp server-ip filename load keyfile { public | private } ftp server-ip filename username passwd 【Parameter】...

  • Page 314: Upload Keyfile

    QTECH#load keyfile public tftp 1.1.1.1 pub.txt 11.1.8 upload keyfile Use upload keyfile command to upload keyfile to device from tftp or ftp server. upload keyfile { public | private } tftp server-ip filename upload keyfile { public | private } ftp server-ip filename username passwd 【Parameter】...
  • Page 315 QTECH#upload keyfile public tftp 1.1.1.1 pub.txt 11-7...

  • Page 317: Configuration Files Management

    Chapter 12 Switch Manage and Maintenance Command 12.1 Configuration Files Management Configuration files management includes: buildrun mode continue buildrun mode stop clear startup-config copy running-config startup-config copy startup-config running-config show running-config show startup-config 12.1.1 buildrun mode continue Use buildrun mode continue command to configure buildrun mode to be continune. 12-1...
  • Page 318 【acaommand configuration mode】 Privileged mode 【Example】 !Configure buildrun mode to be continune QTECH#buildrun mode continue 12.1.2 buildrun mode stop Use buildrun mode stop command to configure buildrun mode to be stop. buildrun mode stop 【Command configuration mode】...
  • Page 319 Use this command to clear saved configuration and reboot switch. The switch will restore to original configuration. 【Example】 !Restore the original configuration QTECH#clear startup-config 12.1.4 copy running-config startup-config Use copy running-config startup-config command to save current configuration. copy running-config startup-config 【Command configuration mode】...
  • Page 320 Privileged mode 【Example】 !Save current configuration QTECH#copy running-config startup-config 12.1.5 copy startup-config running-config Use copy startup-config running-config command to execute saved configuration, and executed configuration is the same as the saved one. copy startup-config running-config 【Command configuration mode】 Privileged mode 【Example】...
  • Page 321 【Command configuration mode】 Any configuration mode 【Example】 !Display all configurations QTECH#show running-config !Display configuration of GARP and OAM module QTECH#show running-config garp oam 12.1.7 show startup-config Use show startup-config command to display saved configuration. show startup-config [ module-list] 【Parameter】 12-5...

  • Page 322: Online Loading Upgrade Program

    Any configuration mode 【Example】 !Display all saved configuration QTECH#show running-config !Display saved configuration of GARP and OAM module QTECH#show running-config garp oam 12.2 Online Loading Upgrade Program Online Loading Upgrade Program includes: load application ftp load application tftp load application xmodem...

  • Page 323: Load Configuration Xmodem

    load configuration ftp load configuration tftp load configuration xmodem load whole-bootrom ftp load whole-bootrom tftp load whole-bootrom xmodem upload alarm ftp upload alarm tftp upload configuration ftp upload configuration tftp upload logging ftp upload logging tftp 12.2.1 load application ftp Use load application ftp command to load application program by FTP protocol.
  • Page 324 Open FTP server and set username, password and file download path before use this command. Reboot the switch after successful download and run new application program. 【Example】 !Download application program app.arj to 192.168.0.100 by FTP QTECH#load application ftp 192.168.0.100 app.arj username password 12.2.2 load application tftp 12-8...
  • Page 325 Open TFTP server and set file download path before use this command. Reboot the switch after successful download and run new application program. 【Example】 !Download application program app.arj to 192.168.0.100 by TFTP QTECH#load application tftp 192.168.0.100 app.arj 12.2.3 load application xmodem 12-9...
  • Page 326 Xmodem protocol in “protocol” , then click 【send】. Reboot the switch after successful download and run new application program. 【Example】 !Download application program by Xmodem protocol QTECH#load application xmodem 12.2.4 load configuration ftp 12-10...
  • Page 327 Use load configuration ftp command to load configuration program by FTP protocol. load configuration ftp ftpserver-ip filename username userpassword 【Parameter】 ftpserver-ip:IP address of FTP server filename:Filename to be loaded username、userpassword:Username and password of FTP server 【Command configuration mode】 Privileged mode 【Usage】...
  • Page 328 !Download configuration program abc to 192.168.0.100 by FTP QTECH#load configuration ftp 192.168.0.100 abc username password 12.2.5 load configuration tftp Use load configuration tftp command to load configuration program by TFTP protocol. load configuration tftp tftpserver-ip filename 【Parameter】 tftpserver-ip:IP address of TFTP server filename:Filename to be loaded...
  • Page 329 【Example】 !Download configuration program abc to 192.168.0.100 by TFTP QTECH#load configuration ftp 192.168.0.100 abc 12.2.6 load configuration xmodem Use load configuration xmodem command to load configuration program by Xmodem protocol. load configuration xmodem 【Command configuration mode】 Privileged mode 【Usage】 Choose “send” -> “send file” in super terminal, and input full path and filename of the file in filename dialog box, and choose Xmodem protocol in “protocol”, then...
  • Page 330 【Example】 !Download configuration program by Xmodem protocol QTECH#load configuration xmodem 12.2.7 load whole-bootrom ftp Use load whole-bootrom ftp command to load whole bootrom by FTP protocol. load whole-bootrom ftp ftpserver-ip filename username userpassword 【Parameter】 ftpserver-ip:IP address of FTP server filename:Filename to be loaded username、userpassword:Username and password of FTP server...
  • Page 331 【Example】 !Download whole-bootrom abc to 192.168.0.100 by FTP QTECH#load whole-bootrom ftp 192.168.0.100 abc username password 12.2.8 load whole-bootrom tftp Use load whole-bootrom tftp command to load whole bootrom by TFTP protocol. load whole-bootrom tftp tftpserver-ip filename 【Parameter】 tftpserver-ip:IP address of TFTP server filename:Filename to be loaded...
  • Page 332 【Example】 !Download whole-bootrom abc to 192.168.0.100 by TFTP QTECH#load whole-bootrom tftp 192.168.0.100 abc username password 12.2.9 load whole-bootrom xmodem Use load whole-bootrom xmodem command to load whole bootrom by xmodem protocol. load whole-bootrom xmodem 【Command configuration mode】 Privileged mode 【Usage】...
  • Page 333 !Download whole bootrom by Xmodem protocol QTECH#load whole-bootrom xmodem 12.2.10 upload alarm ftp Use upload alarm ftp command to upload alarm by FTP protocol. upload alarm ftp ftpserver-ip filename username userpassword 【Parameter】 ftpserver-ip:IP address of FTP server filename:Filename to be uploaded which cannot be system keyword (such as in windows operating system, con cannot be filename.)
  • Page 334 Alaram information saved when uploading is successful. 【Example】 !Upload alarm to 192.168.0.100 by FTP and saved as abc QTECH#upload alarm ftp 192.168.0.100 abc username password 12.2.11 upload alarm tftp Use upload alarm tftp command to upload alarm by TFTP protocol.
  • Page 335 Open TFTP server and set file upload path before using this command. Alaram information saved when uploading is successful. 【Example】 !Upload alarm to 192.168.0.100 by TFTP and saved as abc 12.2.12 upload configuration ftp Use upload configuration ftp command to upload configuration program by FTP protocol.
  • Page 336 Configuration information saved when uploading is successful. 【Example】 !Upload configuration to 192.168.0.100 by FTP and saved as abc QTECH#upload configuration ftp 192.168.0.100 abc username password 12.2.13 upload configuration tftp Use upload configuration tftp command to upload configuration program by TFTP protocol.
  • Page 337 Configuration information saved when uploading is successful. 【Example】 !Upload configuration to 192.168.0.100 by TFTP and saved as abc QTECH#upload configuration tftp 192.168.0.100 abc 12.2.14 upload logging ftp Use upload logging ftp command to upload logging by FTP protocol. upload logging ftp ftpserver-ip filename username userpassword 【Parameter】...
  • Page 338 Configuration information saved when uploading is successful. 【Example】 !Upload logging to 192.168.0.100 by FTP and saved as abc QTECH#upload logging ftp 192.168.0.100 abc username password 12.2.15 upload logging tftp Use upload logging tftp command to upload logging by TFTP protocol.

  • Page 339: Reboot Switch

    【Usage】 Open TFTP server and set file upload path before using this command. Logging information saved when uploading is successful. 【Example】 !Upload logging to 192.168.0.100 by TFTP and saved as abc QTECH#upload logging tftp 192.168.0.100 abc 12.3 Reboot Switch 12-23...

  • Page 340: Reboot

    Reboot switch command includes: reboot 12.3.1 reboot Use reboot command to reboot switch. reboot 【Command configuration mode】 Privileged mode 【Example】 !Reboot switch QTECH#reboot 12.4 Basic Configuration and Maintenance Basic configuration and mainenance includes: bootp broadcast-suppression clock set dhcp 12-24...

  • Page 341: Dlf-Forward

    discard-bpdu dlf-forward ipaddress ipaddress vlan loopback mac-address-table mac-address-table aging-time mac-address-table learning ping show broadcast-suppression show clock show cpu show discard-bpdu show dlf-forward show ip show mac-address-table show mac-address-table aging-time show mac-address-table learning show memory show system show users show version 12.4.1 bootp 12-25...
  • Page 342 Use bootp command to enable bootp way to obtaining ip address. Use no bootp command to disable bootp. bootp no bootp 【Default】 BOOTP disables 【Usage】 The way to obtain IP address are by BOOTP、DHCP、and manual operation. If BOOTP enables, the switch will obtainn the ip address by bootp, and DHCP or manual operation will be error.
  • Page 343 QTECH(config)#bootp 12.4.2 clock set Use clock set command to configure system clock. clock set 【Parameter】 HH:MM:SS:current time,HH ranges from 0 to 23,MM and SS range from 0 to 59 YYYY/MM/DD:Means current year, month, and date. YYYY ranges from 2000 to 2099,MM ranges from 1 to 12,and DD ranges from 1 to 31...
  • Page 344 【Example】 !Configure system clock to be 2001/01/01 0:0:0 QTECH#clock set 0:0:0 2001/01/01 【Related command】 show clock 12.4.3 dhcp Use dhcp command to configure to enable DHCP to obtain IP address. Use no dhcp command to disable DHCP to obtain IP address.
  • Page 345 If bootp is wanted, input no dhcp first,then input bootp. 【Example】 !Enable DHCP to obtainn IP address QTECH(config)#dhcp 12.4.4 dlf-forward Use dlf-forward command to enable dlf forword. Use no dlf-forward command to disable dlf forward.
  • Page 346 【Command configuration mode】 Global configuration mode, Interface configuration mode 【Example】 !Disable dlf forward for unicast QTECH(config)#no dlf-forward unicast 12.4.5 ipaddress Use ipaddress command to configuration ip address, netmask, and gateway by manual operation. ipaddress ip-address mask [ gateway ] 【Parameter】...
  • Page 347 ip-address:System ip address mask:Netmask gateway:If only IP address and netmask are configured, and gateway is not, the gateway will be default to be 0 【Default】 Not to obtain ip address by DHCP、BOOTP. 【Command configuration mode】 Global configuration mode 【Usage】 The way to obtain IP address are by BOOTP、DHCP、and manual operation. If dhcp or bootp enables, the switch will obtainn the ip address by dhcp or bootp, and manual operation will be error.
  • Page 348 !Original way to obtain IP address is by DHCP. Change IP address by manual operation to be 192.168.0.100 QTECH(config)#no dhcp QTECH(config)#ipaddress 192.168.0.100 255.255.0.0 12.4.6 ipaddress vlan Use ipaddress vlan command to configure and manage VLAN. ipaddress vlan vlan-id no ipaddress vlan vlan-id 【Parameter】...
  • Page 349 At most 26 manage VLANs can be configured. 【Example】 QTECH(config)#ipaddress vlan 2 12.4.7 loopback Use loopback command to loopback. External and internal can be chosed in global confuration or interface configurationmode. loopback { external | internal } 【Parameter】 external:External loopback internal:Internal loopback...

  • Page 350: Vct Run

    QTECH(config)#loopback external 12.4.8 vct run Use vct run command to port vct test. Vct test for all the ports in global configuration mode. Vct test for current port in interface configuration mode. vct run 【Command configuration mode】 Global configuration mode, interface configuration mode 【Example】...

  • Page 351: Show Vct Auto-Run

    【Command configuration mode】 Global configuration mode,Interface configuration mode 【Example】 !Enable VCT auto-run globally QTECH(config)#vct auto-run !Enable VCT auto-run on Ethernet 0/8 QTECH(config-if-ethernet-0/8)#vct auto-run 12.4.10 show vct auto-run Use show vct auto-run command to display vct auto-run.

  • Page 352: Mac-Address-Table

    【Example】 !Display vct auto-run. QTECH(config)#show vct auto-run 12.4.11 mac-address-table Use mac-address-table command to add mac address table. Use no mac-address-table command to remove mac address table. mac-address-table { dynamic | permanent | static } mac interface interface-num vlan vlan-id mac-address-table blackhole mac vlan vlan-id...
  • Page 353 All blackhole/static/dynamic/permanent address can add 500 totally. 【Command configuration mode】 Global configuration mode 【Example】 !Add mac address 00:01:02:03:04:05 to be permanent address table. QTECH(config)#mac-address-table permanent 00:01:02:03:04:05 interface 12-37...

  • Page 354: Mac-Address-Table Age-Time

    ethernet 0/1 vlan 1 12.4.12 mac-address-table age-time Use mac-address-table age-time command to configure MAC address aging time. Use no mac-address age-time command to restore it to default time. mac-address-table age-time [ agetime | disable ] no mac-address age-time 【Parameter】 agetime:Means MAC address aging time which ranges from 1 to 1048575 seconds disable:Means MAC address not aging.

  • Page 355: Mac-Address-Table Learning

    !Configure MAC address aging time to be 600 seconds QTECH(config)#mac-address-table age-time 600 12.4.13 mac-address-table learning Use mac-address-table learning command to enable MAC address learning. Use no mac-address-table learning command to disable MAC address learning. When disabling, the message from a port whose source address is not in this port, will not be transmitted.

  • Page 356: Ping

    【Command configuration mode】 Global configuration mode 【Example】 !Modify MAC address to be IVL QTECH(config)#mac-address-table learning mode ivl 12.4.15 ping Use ping command to check the network connection. ping [ -c count ] [ -s packetsize ] [ -t timeout ] host 【Parameter】...

  • Page 357: Show Broadcast-Suppression

    Use this command to test whether the facility in the same net is connected or not. 【Example】 !The ip address of current switch is 192.168.0.100. Test the connection of switch with the ip address of 192.168.0.200 QTECH#ping 192.168.0.200 12.4.16 show broadcast-suppression Use show broadcast-suppression command to display the number of the broadcast 12-41...

  • Page 358: Show Clock

    【Command configuration mode】 Any configuration mode 【Example】 !Display the max number of the broadcast flow allowed by switch per second. QTECH(config)#show broadcast-suppression 12.4.17 show clock Use show clock command to display system clock. show clock 【Command configuration mode】...

  • Page 359: Show Cpu

    Use show cpu command to display cpu use rate. The smaller the rate is, the busier the CPU is. show cpu 【Command configuration mode】 Any configuration mode 【Example】 !Display CPU busy rate QTECH(config)#show cpu 12.4.19 show dlf-forward Use show dlf-forward command to display configuration of message transmitting to unknown destination. 12-43...

  • Page 360: Show Ip

    【Command configuration mode】 Any configuration mode 【Example】 !Display onfiguration of message transmitting to unknown destination. QTECH(config)#show dlf-forward Status about dlf packets forwarding Forwarding unknown multicast packets : enable Forwarding unknown unicast packets : enable 12.4.20 show ip Use show ip command to display ip address and its obtaining mode, netmask, and gateway.

  • Page 361: Show Mac-Address-Table

    Any configuration mode 【Example】 !Display ip address information QTECH(config)#show ip 12.4.21 show mac-address-table show mac-address-table show mac-address-table { interface-num [ vlan vlan-id ] | cpu } show mac-address-table mac [ vlan vlan-id ] show mac-address-table { blackhole | dynamic | permanent | static } [ vlan...

  • Page 362: Show Mac-Address-Table Age-Time

    CPU: system mac address 【Command configuration mode】 Any configuration mode 【Example】 !Display all MAC address table QTECH(config)#show mac-address-table 12.4.22 show mac-address-table age-time 12-46...

  • Page 363: Show Mac-Address-Table Learning

    【Command configuration mode】 Any configuration mode 【Example】 !Display MAC address aging time. QTECH(config)#show mac-address-table aging-time 12.4.23 show mac-address-table learning Use show mac-address-table learning command to display MAC address learning. show mac-address-table learning 【Command configuration mode】 Any configuration mode 【Example】...

  • Page 364: Show Memory

    !Display MAC address learning. QTECH(config)#show mac-address-table learning 12.4.24 show memory Use show memory command to display memory usage. show memory 【Command configuration mode】 Any configuration mode 【Example】 !Display memory usage QTECH(config)#show memory 12.4.25 show system Use show system command to display system information.

  • Page 365: Show Users

    Use show users command to display the user information logged in. show users 【Command configuration mode】 Any configuration mode 【Example】 !Display the user information logged in. QTECH (config)#show users 12.4.27 show version Use show version command to display system version. show version 【Command configuration mode】 12-49...

  • Page 366: Login-Access-List Telnet-Limit

    【Usage】 The software information is different with different version. 【Example】 !Display system version QTECH# show version 12.4.28 login-access-list telnet-limit Use this command to restrict the number of Telnet user (0-5) to enter privileged mode at the same time. login-access-list telnet-limit limit-no no login-access-list telnet-limit 【Command configuration mode】...

  • Page 367: Tracert

    Telnet user to enter privileged mode (0~5) 【Default】 The max number is defaulted to be 5. 【Example】 !Configure only 1 Telnet users can enter privileged mode QTECH(config)# login-access-list telnet-limit 1 【Related command】 show users 12.4.29 tracert Use this command for routing detecting and network examination.
  • Page 368 udpport:destination interface address for sending udp packet which is in the range of 1 to 65535 and defaulted to be 62929; first_ttl:initial ttl of sending packet which is in the range of 1 to 255 and defaulted to be 1; maximum_hops:the max ttl of sending packet which is in the range of 1 to 255 and defaulted to be 30;...

  • Page 369: Snmp Configuration

    !The current IP address is 192.168.0.100 and tracert 192.168.0.200 QTECH#tracert 192.168.0.200 12.5 SNMP Configuration SNMP configuration command includes: show snmp community show snmp contact show snmp host show snmp notify show snmp location show snmp engineID show snmp group show snmp user...

  • Page 370: Snmp-Server Group

    【Command configuration mode】 Any configuration mode 【Example】 !Display SNMP community information QTECH(config)#show snmp community 12.5.2 show snmp contact Use show snmp contact command to display how to contact to administrator. show snmp contact 【Command configuration mode】 12-54...
  • Page 371 【Usage】 Use this command when you need to contact to administrator 【Example】 !Display how to contact with administrator QTECH(config)#show snmp contact 12.5.3 show snmp host Use show snmp host command to display Trap information of SNMP server show snmp host 【Command configuration mode】...
  • Page 372 Use show snmp notify command to display all notify information. show snmp notify 【Command configuration mode】 Any configuration mode 【Example】 !Display all notify information QTECH(config)#show snmp notify 12.5.5 show snmp location Use show snmp location command to display system location. show snmp location 【Command configuration mode】 Any configuration mode 【Usage】...
  • Page 373 Use show snmp engineID command to display engine id configuration. show snmp engineID [local | remote] 【Command configuration mode】 Any configuration mode 【Usage】 Choose “local” to display local engine, and choose “remote” to display remote engine. 【Example】 !Display local engine id QTECH(config)# show snmp engine id local 12-57...
  • Page 374 Any configuration mode 【Usage】 Use this command to display configured group. 【Example】 !Display configured group QTECH(config)# show snmp group 12.5.8 show snmp user Use show snmp user command to display user configuration. show snmp user 【Command configuration mode】 Any configuration mode...
  • Page 375 【Usage】 Use this command to display configured user. 【Example】 !Display configured user QTECH(config)# show snmp user 12.5.9 show snmp view Use show snmp view command to display view configuration. show snmp view 【Command configuration mode】 Any configuration mode 【Usage】 Use this command to display configured view.
  • Page 376 QTECH(config)# show snmp view 12.5.10 snmp-server community Use snmp-server community command to configure or modify community name and other information in community list. Use no snmp-server community command to remove community name in the list. snmp-server community community { ro | rw } { deny | permit } [ view...
  • Page 377 【Usage】 The community name in nosnmp-server community command should be existed. 【Example】 !Add community red,and configure privilege to be ro,and permit QTECH(config)#snmp-server community red ro permit !Remove community red QTECH(config)#no snmp-server community red 12.5.11 snmp-server contact Use snmp-server contact command to configure how to contact with administrator.
  • Page 378 Contact way to administrator ranges from 1 to 255 printable characters. 【Default】 “QTECH MOSCOW RUSSIA (http://www.qtech.ru)” 【Command configuration mode】 Global configuration mode 【Usage】 Use quotation mark to quote space in charater string. 【Example】 !Configure administrator contact way to be support@qtech.ru。 QTECH(config)#snmp-server contact support@qtech.ru 12-62...
  • Page 379 12.5.12 snmp-server host Use snmp-server host command to send notify by SNMP server. Use no snmp-server host command to remove SNMP server sending notifies. snmp-server host host-addr [version {1 | 2c | 3 [auth | noauth | priv]}] community-string [udp-port port] [ notify-type [ notifytype-list ] ] no snmp-server host ip-address community { 1 | 2c | 3 } 【Parameter】...
  • Page 380 【Example】 !Configure Trap in SNMP server, the IP address is configured to be 192.168.0.100,and SNMP version to be 2c,and community name to be user QTECH(config)#snmp-server host 192.168.0.100 version 2c user 12.5.13 snmp-server location Use snmp-server location command configuration system location.
  • Page 381 Use quotation mark to quote space in charater string. 【Example】 !Configure system location to be sample sysLocation factory。 QTECH(config)#snmp-server location “sample sysLocation factory” 12.5.14 snmp-server name Use snmp-server name command to configure system name. Use no snmp-server name command to restore default syastem name.
  • Page 382 Global configuration mode 【Usage】 Use quotation mark to quote space in charater string. 【Example】 !Configure system name to be QTECH QSW-2900 QTECH(config)#snmp-server name "QTECH QSW-2900" 12.5.15 snmp-server enable traps Use snmp-server enable traps command to enable traps. Use no snmp-server enable traps command to disable traps.
  • Page 383 snmp-server enable traps [ notificationtype-list ] no snmp-server enable traps [ notificationtype-list ] 【Parameter】 notificationtype-list:Notificationtype list defined by system. To enable or disable specified notification type by choose one or serval type. If the keyword is vacant, all types of notification are enabled or disabled. 【Default】...
  • Page 384 QTECH(config)# snmp-server enable traps gbn 12.5.16 snmp-server trap-source Use snmp-server trap-source command to configure vlan interface of trap sending source address. Use no snmp-server command to restore default trap sending source address. snmp-server trap-source { vlan-interface vlan-id | supervlan-interface supervlan-id } no snmp-server 【Parameter】...
  • Page 385 【Example】 !Configure trap source-address to be the ip address of interface 1 of vlan QTECH(config)# snmp-server trap-source vlan-interface 1 12.5.17 snmp-server engineID Use snmp-server engineID command to configure local engine-id or recognizable remote engine-id. Use no snmp-server engineID command to restore default local engine-id or remove remote engine-id.
  • Page 386 Local engine cannot be removed, and at most 32 remote engines can be configured. 【Example】 !Configure local engine id to be 12345 QTECH(config)# snmp-server engineid local 12345 ! Configure remote engine that can be recognized locally. Configure remote engine 12-70...
  • Page 387 1.1.1.1,and port number to be 888,and id to be 1234 QTECH(config)# snmp-server engineid remote 1.1.1.1 udp-port 888 1234 !Display local engine configuration QTECH(config)# show snmp engineid local 12.5.18 snmp-server view Use snmp-server view command to configure view.
  • Page 388 62. 【Example】 !Add view “view1”,and configure it to have a subtree “1.3.6.1” QTECH(config)# snmp-server view view1 1.3.6.1 include !Add a subtree “1.3.6.2” for existed view “view1” QTECH(config)# snmp-server view view1 1.3.6.2 include !Remove existed view “view1”...
  • Page 389 snmp-server group groupname { 1 | 2c | 3 [auth | noauth | priv] [context context-name]} [read readview] [ wrete writeview] [notify notifyview] no snmp-server group groupname {1 | 2c | 3 [auth | noauth | priv] [context context-name]} 【Parameter】 groupname means group name, which ranges from 1 to 32 characters,excluding space.
  • Page 390 【Example】 !Add group “group1” to local facility,using security model 1, and configure read, write, and notify view to be internet QTECH(config)# snmp-server group group1 1 read internet write internet notify Internet !Remove group “group1” from local facility QTECH(config)# no snmp-server group group1 1...
  • Page 391 !Display current group configuration. QTECH(config)# show snmp group 12.5.20 snmp-server user Use snmp-server user command to configure user in snmp v3. snmp-server user username groupname [ remote host [ udp-port port ] ] [ auth { md5 | sha } { authpassword { encrypt-authpassword authpassword |...
  • Page 392 Authpassword is authentication password. Unencrypted password ranges from 1 to 32 characters. To avoid disclosing, this password should be encrypted. To configured encrypted password needs client-side which supports encryption to encrypt password, and use encrypted cryptograph to do the configuration. Cryptograph is different by different encryption.
  • Page 393 !Add user “user1” for local engine to group “grp1”,and configure this user not to use authentication and encryption. QTECH(config)# snmp-server user user1 grp1 !Add user “user2” for local engine to group “grp2”,and configure this user to use md5 authentication and non-encryption with the auth-password to be 1234...

  • Page 394: Manage Ip Restriction Configuration

    !Add user “user3” for local engine to group “grp3”,and configure this user to use md5 authentication and des encryption with the auth-password to be 1234 and privpassword to be 4321 QTECH(config)# snmp-server user user3 grp3 auth md5 auth-password 1234 priv des priv-password 4321 12.6 Manage IP Restriction Configuration...
  • Page 395 no login-access-list { snmp | telnet | web } ip-address wildcard 【Parameter】 ip-address: IP address, 0.0.0.0 means any ip address is allowed to manage system except 127.*.*.* wildcard means mask wildcard which is in the form of mask in reverse. 0 means mask this bit, and 1 ,eams does not mask this bit.

  • Page 396: Cpu Alarm Configuration Command

    QTECH(config)#login-access-list telnet 192.168.0.100 0.0.0.0 QTECH(config)#no login-access-list telnet 0.0.0.0 255.255.255.255 12.6.2 show login-access-list Use show login-access-list command to display all ip address allowed by web, snmp, telnet management system. show login-access-list 【Command configuration mode】 Any configuration mode 【Example】 !Display all ip address allowed by web, snmp, telnet management system QTECH(config)#show login-access-list 12.7 CPU Alarm Configuration Command...

  • Page 397: Alarm Cpu

    【Command configuration mode】 Global configuration mode 【Example】 !Enable CPU alarm QTECH(config)#alarm cpu 12.7.2 alarm cpu threshold Use alarm cpu threshold command to configure CPU busy or unbusy threshold. alarm cpu threshold [ busy busy ] [ unbusy unbusy ] 12-81...
  • Page 398 Default CPU busy threshold is 90,and CPU unbusy threshold is 60 【Command configuration mode】 Global configuration mode 【Usage】 busy > unbusy 【Example】 !Configure CPU busy threshold to be 50,and CPU unbusy threshold to be 30 QTECH(config)#alarm cpu threshold busy 50 unbusy 30 12.7.3 show alarm cpu 12-82...

  • Page 399: Anti-Dos Attack

    Use show alarm cpu command to display cpu alarm information. show alarm cpu 【Command configuration mode】 Any configuration mode 【Example】 !Display CPU alarm information QTECH(config)#show alarm cpu CPU status alarm : enable CPU busy threshold(%) : 90 CPU unbusy threshold(%) : 60...
  • Page 400 【Parameter】 maximum:maximum number 【Default】 【Command configuration mode】 Global configuration mode 【Example】 !Configure maximum ip fragment message to be 30 QTECH(config)#anti-dos ip fragment 30 12.8.2 show anti-dos Use Show anti-dos command to display anti-dos information. Show anti-dos 12-84...
  • Page 401 【Command configuration mode】 Any configuration mode 【Example】 !Display related information QTECH(config)#show anti-dos 12-85...

  • Page 402: Chapter 13 Lldp Configuration Command

    Chapter 13 LLDP Configuration Command 13.1 LLDP Configuration Command LLDP(Link Layer Discovery Protocol)configuration command includes: lldp lldp hello-time lldp hold-time lldp { rx | tx | rxtx } show lldp interface [ <interface-list> ] 13.1.1 lldp Use lldp command to enable LLDP globally. Use no lldp command to disable LLDP globally.
  • Page 403 Global configuration mode 【Example】 !Enable global LLDP QTECH(config)#lldp 13.1.2 lldp hello-time Use lldp hello-time command to configure LLDP hello-time. Use no lldp hello -time command to restore to default LLDP hello-time. lldp hello-time <5-32768> no lldp hello -time 【Default】 Default LLDP hello-time is 30 seconds 【Command configuration mode】...

  • Page 404: Lldp Hold-Time

    !Configure LLDP hello-time to be 20 seconds QTECH(config)#lldp hello-time 13.1.3 lldp hold-time Use lldp hold-time command to configure LLDP hold-time. Use no lldp hold-time command to restore LLDP hold-time. lldp hold-time <2-10> no lldp hold-time 【Default】 Default LLDP hold-time is 4 【Command configuration mode】...

  • Page 405: Show Lldp Interface [

    Interface configuration mode 【Example】 !Configure e 0/1 only to send LLDP message QTECH(config-if-ethernet-0/1)#lldp tx 13.1.5 show lldp interface [ <interface-list> ] Use show lldp interface command to display LLDP information globally or on a port. show lldp interface [ <interface-list> ] 【Command configuration mode】...
  • Page 406 Any configuration mode 【Example】 !Display LLDP information of e 0/1 QTECH(config)#show lldp interface ethernet 0/1 13-90...

Table of Contents