Page 1 AT-9000 Series Gigabit Ethernet Switches AT-9000/12PoE  AT-9000/28  AT-9000/28PoE  AT-9000/28SP  AT-9000/52  Management Software Command Line Interface User’s Guide AlliedWare Plus Version 2.1.8.0 613-001823 Rev. B...
Page 2 * Neither the name of Allied Telesis, Inc. nor the names of the respective companies above may be used to endorse or promote products derived from this software without specific prior written permission.
Page 3 Telesis, Inc. be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesis, Inc. has been advised of, known, or should have known, the possibility of such damages.
Page 5: Table Of Contents
Contents Document Conventions..........................38 Where to Find Web-based Guides......................39 Contacting Allied Telesis..........................40 Section I: Getting Started ..................41 Chapter 1: AlliedWare Plus Command Line Interface ................43 Management Sessions..........................44 Local Management ..........................44 Remote Management .......................... 44 Management Interfaces ..........................
Page 6 Contents Ending a Management Session........................75 Chapter 3: Basic Command Line Management ................... 77 Clearing the Screen............................ 78 Displaying the On-line Help ........................79 Saving Your Configuration Changes ......................81 Ending a Management Session........................82 Chapter 4: Basic Command Line Management Commands ..............83 ? (Question Mark Key)..........................
Page 7 AT-9000 Switch Command Line User’s Guide ERASE STARTUP-CONFIG ........................141 EXEC-TIMEOUT ............................142 HELP................................ 144 HOSTNAME............................. 145 LINE CONSOLE............................146 LINE VTY ..............................147 NO HOSTNAME ............................148 PING ................................ 149 PING IPv6 ..............................151 REBOOT ..............................152 RELOAD ..............................153 SERVICE MAXMANAGER ........................
Page 8 Contents NO SHUTDOWN ............................211 NO SNMP TRAP LINK-STATUS......................212 NO STORM-CONTROL ...........................213 POLARITY..............................214 PURGE..............................216 RENEGOTIATE............................217 RESET..............................218 SHOW FLOWCONTROL INTERFACE ....................219 SHOW INTERFACE ..........................221 SHOW INTERFACE BRIEF ........................225 SHOW INTERFACE STATUS........................227 SHOW PLATFORM TABLE PORT COUNTERS ..................229 SHOW RUNNING-CONFIG INTERFACE ....................232 SHOW STORM-CONTROL........................233 SHOW SYSTEM PLUGGABLE........................235 SHOW SYSTEM PLUGGABLE DETAIL ....................236 SHUTDOWN ............................237...
Page 9 AT-9000 Switch Command Line User’s Guide SHOW POWER-INLINE INTERFACE ..................... 279 SHOW POWER-INLINE INTERFACE DETAIL..................280 SNMP-SERVER ENABLE TRAP POWER-INLINE.................. 283 Chapter 13: IPv4 and IPv6 Management Addresses ................285 Overview ..............................286 Assigning an IPv4 Management Address and Default Gateway.............. 289 Adding an IPv4 Management Address ....................
Page 10 Contents Deleting MAC Addresses .........................348 Setting the Aging Timer ..........................350 Displaying the MAC Address Table......................351 Chapter 18: MAC Address Table Commands ....................353 CLEAR MAC ADDRESS-TABLE......................354 MAC ADDRESS-TABLE AGEING-TIME....................356 MAC ADDRESS-TABLE STATIC......................358 NO MAC ADDRESS-TABLE STATIC ......................360 SHOW MAC ADDRESS-TABLE ......................362 Chapter 19: Enhanced Stacking .........................365 Overview..............................366 Command and Member Switches ......................366...
Page 11 AT-9000 Switch Command Line User’s Guide Single-host Per Port .......................... 426 Multiple-hosts Per Port ........................426 Enabling IGMP Snooping......................... 427 Configuring the IGMP Snooping Commands ................... 428 Disabling IGMP Snooping ........................430 Displaying IGMP Snooping ........................431 Chapter 24: IGMP Snooping Commands ....................433 CLEAR IP IGMP............................
Page 12 Contents SHOW BOOT ............................484 SHOW STARTUP-CONFIG ........................486 WRITE ..............................487 Chapter 30: File Transfer ..........................489 Overview..............................490 Uploading or Downloading Files with TFTP .....................491 Downloading New Management Software with TFTP................491 Downloading Files to the Switch with TFTP..................492 Uploading Files from the Switch with TFTP ..................493 Uploading or Downloading Files with Zmodem ..................495 Downloading Files to the Switch with Zmodem..................495 Uploading Files from the Switch with Zmodem ..................496...
Page 13 AT-9000 Switch Command Line User’s Guide Creating New Static Port Trunks or Adding Ports To Existing Trunks ............. 550 Specifying the Load Distribution Method....................551 Removing Ports from Static Port Trunks or Deleting Trunks ..............552 Displaying Static Port Trunks ........................553 Chapter 37: Static Port Trunk Commands ....................
Page 14 Contents Displaying STP Settings ...........................618 Chapter 42: STP Commands ........................619 NO SPANNING-TREE STP ENABLE ......................621 SHOW SPANNING-TREE........................622 SPANNING-TREE FORWARD-TIME.......................624 SPANNING-TREE GUARD ROOT......................625 SPANNING-TREE HELLO-TIME ......................626 SPANNING-TREE MAX-AGE ........................627 SPANNING-TREE MODE STP ........................628 SPANNING-TREE PATH-COST ......................629 SPANNING-TREE PORTFAST........................630 SPANNING-TREE PORTFAST BPDU-GUARD..................631 SPANNING-TREE PRIORITY (Bridge Priority) ..................632 SPANNING-TREE Priority (Port Priority)....................633 SPANNING-TREE STP ENABLE......................634...
Page 15 AT-9000 Switch Command Line User’s Guide Chapter 45: Multiple Spanning Tree Protocol (MSTP) ................671 Overview ..............................672 Multiple Spanning Tree Instance (MSTI)....................673 MSTI Guidelines............................675 VLAN and MSTI Associations ........................676 Ports in Multiple MSTIs ..........................677 Multiple Spanning Tree Regions ......................678 Region Guidelines ..........................
Page 16 Contents Tagged VLAN Example........................728 Creating VLANs............................731 Adding Untagged Ports to VLANs ......................732 Adding Tagged Ports to VLANs........................734 Removing Untagged Ports from VLANs ....................736 Removing Tagged Ports from VLANs ......................737 Deleting VLANs ............................738 Displaying the VLANs..........................739 Chapter 48: Port-based and Tagged VLAN Commands ................741 NO SWITCHPORT ACCESS VLAN......................742 NO SWITCHPORT TRUNK........................743 NO SWITCHPORT TRUNK NATIVE VLAN .....................744...
Page 17 AT-9000 Switch Command Line User’s Guide SHOW GVRP TIMER..........................799 Chapter 51: MAC Address-based VLANs ....................801 Overview ..............................802 Egress Ports ............................802 VLANs that Span Switches........................ 805 VLAN Hierarchy..........................806 Guidelines ..............................807 General Steps ............................808 Creating MAC Address-based VLANs ..................... 809 Adding MAC Addresses to VLANs and Designating Egress Ports ............
Page 18 Contents Example of VLAN Stacking ........................856 Chapter 57: VLAN Stacking Commands ....................861 NO SWITCHPORT VLAN-STACKING .....................862 PLATFORM VLAN-STACKING-TPID.......................863 SHOW VLAN VLAN-STACKING ......................864 SWITCHPORT VLAN-STACKING ......................865 Section VIII: Port Security ..................867 Chapter 58: MAC Address-based Port Security ..................869 Overview..............................870 Static Versus Dynamic Addresses .....................870 Intrusion Actions..........................870 Guidelines ............................871 Configuring Ports............................872...
Page 19 AT-9000 Switch Command Line User’s Guide Removing Ports from the Authenticator Role................... 914 Disabling 802.1x Port-Based Network Access Control on the Switch............915 Displaying Authenticator Ports ......................... 916 Displaying EAP Packet Statistics ......................917 Chapter 61: 802.1x Port-based Network Access Control Commands ............ 919 AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUS ..............
Page 20 Contents NO SNMP-SERVER ENABLE TRAP AUTH ....................980 NO SNMP-SERVER HOST........................981 NO SNMP-SERVER VIEW........................983 NO SNMP TRAP LINK-STATUS......................984 SHOW RUNNING-CONFIG SNMP ......................985 SHOW SNMP-SERVER ...........................986 SHOW SNMP-SERVER COMMUNITY....................987 SHOW SNMP-SERVER VIEW.........................989 SNMP-SERVER ............................990 SNMP-SERVER COMMUNITY ........................991 SNMP-SERVER ENABLE TRAP ......................992 SNMP-SERVER ENABLE TRAP AUTH....................993 SNMP-SERVER HOST ..........................994 SNMP-SERVER VIEW ..........................996 SNMP TRAP LINK-STATUS ........................998...
Page 21 AT-9000 Switch Command Line User’s Guide SFLOW ENABLE ........................... 1041 SFLOW POLLING-INTERVAL ....................... 1042 SFLOW SAMPLING-RATE ........................1044 SHOW SFLOW ............................1046 Chapter 67: LLDP and LLDP-MED ......................1049 Overview ..............................1050 Mandatory LLDP TLVs ........................1051 Optional LLDP TLVs........................1051 Optional LLDP-MED TLVs.......................
Page 22 Contents SHOW LLDP INTERFACE ........................1123 SHOW LLDP LOCAL-INFO INTERFACE ....................1125 SHOW LLDP NEIGHBORS DETAIL ...................... 1127 SHOW LLDP NEIGHBORS INTERFACE ....................1132 SHOW LLDP STATISTICS........................1134 SHOW LLDP STATISTICS INTERFACE ....................1136 SHOW LOCATION ..........................1138 Chapter 69: Address Resolution Protocol (ARP) ..................1141 Overview..............................
Page 23 AT-9000 Switch Command Line User’s Guide Chapter 73: Advanced Access Control Lists (ACLs) ................1195 Overview ..............................1196 Filtering Criteria ..........................1196 Actions............................. 1197 ID Numbers ............................. 1197 How Ingress Packets are Compared Against ACLs ................ 1197 Guidelines............................1198 Creating ACLs............................1199 Creating Numbered IPv4 ACLs .......................
Page 24 Contents SHOW MLS QOS MAPS DSCP-QUEUE....................1283 WRR-QUEUE WEIGHT.......................... 1285 Section XI: Management Security ...............1287 Chapter 76: Local Manager Accounts ...................... 1289 Overview..............................1290 Privilege Levels ..........................1290 Command Mode Restriction......................1290 Password Encryption ........................1291 Creating Local Manager Accounts ......................1293 Deleting Local Manager Accounts......................
Page 25 AT-9000 Switch Command Line User’s Guide Chapter 83: SSH Server Commands ......................1341 CRYPTO KEY DESTROY HOSTKEY ....................1342 CRYPTO KEY GENERATE HOSTKEY ....................1344 NO SERVICE SSH..........................1346 SERVICE SSH ............................1347 SHOW CRYPTO KEY HOSTKEY......................1348 SHOW SSH SERVER..........................1349 Chapter 84: Non-secure HTTP Web Browser Server ................
Page 26 Contents Adding IP Addresses of TACACS+ Servers ..................1400 Specifying TACACS+ Accounting ....................1401 Removing the Accounting Method List..................... 1401 Deleting IP Addresses of TACACS+ Servers .................. 1402 Displaying the TACACS+ Client.......................1402 Configuring Remote Authentication of Manager Accounts..............1403 Chapter 89: RADIUS and TACACS+ Client Commands ................. 1407 AAA ACCOUNTING LOGIN ........................
Page 27 AT-9000 Switch Command Line User’s Guide sFlow Agent ............................1466 Simple Network Management Protocol (SNMPv1, SNMPv2c and SNMPv3) ........1467 Simple Network Time Protocol....................... 1468 Spanning Tree Protocols (STP, RSTP and MSTP)................1469 Spanning Tree Status........................1469 Spanning Tree Protocol........................1469 Rapid Spanning Tree Protocol ......................
Page 28 Contents...
Page 29 Figures Figure 1: Command Modes ..............................49 Figure 2: ENABLE Command.............................. 52 Figure 3: CONFIGURE TERMINAL Command ........................52 Figure 4: LINE CONSOLE Command ..........................52 Figure 5: LINE VTY Command ............................53 Figure 6: INTERFACE TRUNK Command .......................... 53 Figure 7: INTERFACE PORT Command - Single Port......................
Page 30 List of Figures Figure 50: SHOW INTERFACE Command........................222 Figure 51: SHOW INTERFACE BRIEF Command ......................225 Figure 52: SHOW INTERFACE STATUS Command ......................227 Figure 53: SHOW RUNNING-CONFIG INTERFACE Command..................232 Figure 54: SHOW STORM-CONTROL Command ......................233 Figure 55: SHOW SYSTEM PLUGGABLE Command ...................... 235 Figure 56: SHOW SYSTEM PLUGGABLE DETAIL Command..................
Page 31 AT-9000 Switch Command Line User’s Guide Figure 110: Edge Port ............................... 599 Figure 111: Point-to-Point and Edge Port.......................... 599 Figure 112: VLAN Fragmentation ............................601 Figure 113: Loop Guard Example 1 ..........................605 Figure 114: Loop Guard Example 2 ..........................606 Figure 115: Loop Guard Example 3 ..........................
Page 32 List of Figures Figure 170: SHOW SNMP-SERVER Command........................ 986 Figure 171: SHOW SNMP-SERVER COMMUNITY Command ..................987 Figure 172: SHOW SNMP-SERVER VIEW Command ..................... 989 Figure 173: SHOW SNMP-SERVER Command......................1008 Figure 174: SHOW SFLOW Command ........................... 1033 Figure 175: SHOW SFLOW Command ........................... 1046 Figure 176: SHOW LLDP Command ..........................
Page 33 Tables Table 1. Remote Software Tool Settings ..........................44 Table 2. AlliedWare Plus Modes ............................50 Table 3. Adding a Management Address: Example 1 ......................73 Table 4. Adding a Management IP Address: Example 2 ....................73 Table 5. Basic Command Line Commands ........................83 Table 6.
Page 34 Tables Table 50. Event Log Commands ............................515 Table 51. Event Message Severity Levels ........................517 Table 52. SHOW LOG Command .............................521 Table 53. Management Software Modules ........................522 Table 54. SHOW LOG CONFIG Command ........................524 Table 55. Event Message Severity Levels ........................531 Table 56.
Page 35 AT-9000 Switch Command Line User’s Guide Table 110. Deleting ARP Entries ............................ 1144 Table 111. ARP Commands ............................1147 Table 112. SHOW ARP Command ..........................1152 Table 113. Abbreviated List of MIB Object Names and OID Numbers ................1164 Table 114. RMON Commands ............................1171 Table 115.
Page 36 Tables...
Page 37  Caution The customer, re-seller, sub-contractor, distributor, software developer or any buyer of an Allied Telesis “ATI” product known as “customer”, hereby agrees to have all licenses required by any governmental agency and to comply with all applicable laws and regulations in its performance under this Agreement, including export control, maintained by U.S.
Page 38: Document Conventions
Document Conventions This document uses the following conventions: Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
Page 39: Where To Find Web-Based Guides
AT-9000 Switch Command Line User’s Guide Where to Find Web-based Guides The installation and user guides for all of the Allied Telesis products are available for viewing in portable document format (PDF) from our web site at www.alliedtelesis.com/support/documentation.
Page 40: Contacting Allied Telesis
Contacting Allied Telesis If you need assistance with this product, you may contact Allied Telesis technical support by going to the Support & Services section of the Allied Telesis web site at www.alliedtelesis.com/support. You can find links for the following services on this page: 24/7 Online Support—...
Page 41: Section I: Getting Started
Section I Getting Started This section contains the following chapters: Chapter 1, “AlliedWare Plus Command Line Interface” on page 43  Chapter 2, “Starting a Management Session” on page 65  Chapter 3, “Basic Command Line Management” on page 77 ...
Page 43: Chapter 1: Alliedware Plus Command Line Interface
Chapter 1 AlliedWare Plus Command Line Interface This chapter has the following sections: “Management Sessions” on page 44  “Management Interfaces” on page 47  “Local Manager Account” on page 48  “AlliedWare Plus Command Modes” on page 49  “Moving Down the Hierarchy”...
Page 44: Management Sessions
Chapter 1: AlliedWare Plus Command Line Interface Management Sessions You can manage the switch locally or remotely. Local management is conducted through the Console port on the switch. Remote management is possible with a variety of management tools from workstations on your network.
Page 45 If an intruder captures the packet with your login name and password, the security of the switch will be compromised. For secure remote management, Allied Telesis recommends Secure Shell (SSH) or secure web browser (HTTPS).
Page 46 RFC 2096 IP Forwarding Table MIB  RFC 2790 Host MIB  RFC 2863 Interface Group MIB  RFC 3176 sFlow MIB  IEEE 802.1x 2010 MIB  The Allied Telesis managed switch MIBs (atistackinfo.mib and atiEdgeSwitch.mib) are available from the Allied Telesis web site.
Page 47: Management Interfaces
AT-9000 Switch Command Line User’s Guide Management Interfaces The switch has two management interfaces: AlliedWare Plus command line  Web browser windows  The AlliedWare Plus command line is available from local management sessions, and remote Telnet and Secure Shell management sessions. The web browser windows are available from remote web browser management sessions.
Page 48: Local Manager Account
Chapter 1: AlliedWare Plus Command Line Interface Local Manager Account You must log on to manage the switch. This requires a valid user name and password. The switch comes with one local manager account. The user name of the account is “manager” and the default password is “friend.”...
Page 49: Alliedware Plus Command Modes
AT-9000 Switch Command Line User’s Guide AlliedWare Plus Command Modes The AlliedWare Plus command line interface consists of a series of modes that are arranged in the hierarchy shown in Figure 1. Figure 1. Command Modes The modes have different commands and support different management functions.
Page 50: Table 2. Alliedware Plus Modes
Chapter 1: AlliedWare Plus Command Line Interface Note By default, the mode prompts are prefixed with the “awplus” string. To change this string, use the HOSTNAME command. See “What to Configure First” on page 70. Table 2. AlliedWare Plus Modes Mode Prompt Function...
Page 51 AT-9000 Switch Command Line User’s Guide Table 2. AlliedWare Plus Modes (Continued) Mode Prompt Function Console Line mode awplus (config-line)# Sets the session timer for local  management sessions. Activates and deactivates remote  manager authentication. Virtual Terminal Line mode awplus (config-line)# Sets the session timers for remote ...
Page 52: Moving Down The Hierarchy
Chapter 1: AlliedWare Plus Command Line Interface Moving Down the Hierarchy To move down the mode hierarchy, you have to step through each mode in sequence. Skipping modes is not permitted. Each mode has a different command. For instance, to move from the User Exec mode to the Privileged Exec mode, you use the ENABLE command.
Page 53: Line Vty Command
AT-9000 Switch Command Line User’s Guide LINE VTY You use this command to move from the Global Configuration mode to the Virtual Terminal Line mode to set the management session timer and to Command activate or deactivate remote authentication of manager accounts. The format of the command is: line_id line vty...
Page 54: Interface Command - Static Port Trunk
Chapter 1: AlliedWare Plus Command Line Interface awplus(config)# interface port1.0.11-port1.0.15,port1.0.22 awplus(config-if)# Figure 8. INTERFACE PORT Command - Multiple Ports The INTERFACE PORT command is also located in the Port Interface mode itself, so that you do not have to return to the Global Configuration mode to configure different ports.
Page 55: Vlan Database Command
AT-9000 Switch Command Line User’s Guide Note A VLAN must be identified in this command by its VID and not by its name. VLAN You use this command to move from the Global Configuration mode to the VLAN Configuration mode, which has the commands for creating VLANs. DATABASE The format of the command is: Command...
Page 56: Moving Up The Hierarchy
Chapter 1: AlliedWare Plus Command Line Interface Moving Up the Hierarchy There are four commands for moving up the mode hierarchy. They are the EXIT, QUIT, END and DISABLE commands. EXIT and QUIT These commands, which are functionally identical, are found in nearly all the modes.
Page 57: Disable Command
AT-9000 Switch Command Line User’s Guide Figure 16. Returning to the Privileged Exec Mode with the END Command DISABLE To return to the User Exec mode from the Privileged Exec mode, use the DISABLE command. Command Figure 17. Returning to the User Exec Mode with the DISABLE Command...
Page 58: Port Numbers In Commands
Chapter 1: AlliedWare Plus Command Line Interface Port Numbers in Commands The ports on the switch are identified in the commands with the PORT parameter. The parameter has the format shown in Figure 18. Figure 18. PORT Parameter in the Command Line Interface The variables in the parameter are defined here: Switch ID: This number is used if the switch supports stacking.
Page 59 AT-9000 Switch Command Line User’s Guide You can also combine individual ports and port ranges in the same command, as illustrated in these commands, which enter the Port Interface mode for ports 5 to 11 and ports 16 and 18: awplus>...
Page 60: Combo Ports 25 To 28
Chapter 1: AlliedWare Plus Command Line Interface Combo Ports 25 to 28 Ports 25 to 28 on the AT-9000/28, AT-9000/28POE, and AT-9000/28SP Managed Layer 2 ecoSwitches are combo ports. Each combo consists of one 10/100/1000Base-T port and one SFP slot. The twisted pair ports have the letter R for Redundant as part of their port numbers on the front faceplates of the units.
Page 61: Command Format
AT-9000 Switch Command Line User’s Guide Command Format The following sections describe the command line interface features and the command syntax conventions. Command Line The command line interface has these features: Interface Command history - Use the up and down arrow keys. ...
Page 62: Startup Messages
Loading: 0x80001000/42538636 0x8289268c/96724 Entry at 0x80230860 Starting program at 0x80230860 Starting... ______________ ____ /\ \ / /______\ \ \_ __/ /| ______ | | ______ | \ ____ / /______/\____\ \/ /____________/ Allied Telesis Inc.Mounting Filesystems... Starting SNMP... Starting MainTask... Figure 19. Startup Messages...
Page 63: Figure 20: Startup Messages (Continued)
AT-9000 Switch Command Line User’s Guide Initializing System ......... done! Initializing Board ........done! Initializing Serial Interface ....... done! Initializing Timer Library ......done! Initializing IPC ........done! Initializing Event Log ......done! Initializing Switch Models ......done! Initializing File System ......done! Initializing Database .......
Page 64: Figure 21: Startup Messages (Continued)
Chapter 1: AlliedWare Plus Command Line Interface Initializing FTAB ........done! Initializing FTABV6 ......... done! Initializing ACM ........done! Initializing Filter ......... done! Initializing L3_MGMT ........ done! Initializing L3APP_MGMT ......done! Initializing SFLOW ........done! Initializing NTP ........done! Initializing CPU_HIST ....... done! Initializing EStacking ......
Page 65: Chapter 2: Starting A Management Session
Chapter 2 Starting a Management Session This chapter has the following sections: “Starting a Local Management Session” on page 66  “Starting a Remote Telnet or SSH Management Session” on page 68  “What to Configure First” on page 70 ...
Page 66: Starting A Local Management Session
1. Connect the RJ-45 connector on the management cable that comes with the switch to the Console port, as shown in Figure 22. The Console port is located on the front panels on the AT-9000/12POE, AT-9000/28, AT-9000/28POE, and AT-9000/28SP Switches and on the back panel on the AT-9000/52 Switch.
Page 67: Figure 23: Alliedware Plus Command Line Prompt
AT-9000 Switch Command Line User’s Guide 5. Enter a user name and password. If this is the initial management session of the switch, enter “manager” as the user name “friend” as the password. The user name and password are case sensitive. The local management session has started when the AlliedWare Plus command line prompt, shown in Figure 23 is displayed.
Page 68: Starting A Remote Telnet Or Ssh Management Session
Chapter 2: Starting a Management Session Starting a Remote Telnet or SSH Management Session Here are the requirements for remote management of the switch from a Telnet or SSH client on your network: You must assign the switch a management IP address. To initially ...
Page 69: Vty Lines
AT-9000 Switch Command Line User’s Guide VTY Lines The switch has ten VTY (virtual teletypewriter) lines. Each line supports one remote Telnet or SSH management session. The switch allocates the lines, which are numbered 0 to 9, in ascending order, beginning with line 0, as remote sessions are initiated.
Page 70: What To Configure First
Chapter 2: Starting a Management Session What to Configure First Here are a few suggestions on what to configure during your initial management session of the switch. The initial management session must be a local management session from the Console port on the switch. For instructions on how to start a local management session, refer to “Starting a Local Management Session”...
Page 71: Changing The Login Password
If you forget the manager password, you cannot manage the switch if there are no other management accounts on the unit. In this case, contact Allied Telesis Technical Support for assistance. For instructions on how to create additional management accounts, refer to Chapter 76, “Local Manager Accounts”...
Page 72: Adding A Management Ip Address
Chapter 2: Starting a Management Session This example assigns the name “Engineering_sw2” to the switch: awplus> enable awplus# configure terminal awplus(config)# hostname Engineering_sw2 Engineering_sw2(config)# Adding a You must assign the switch a management IP address to use the features in Table 26 on page 286. Here are the requirements: Management IP Address The switch can have one management IPv4 address and one...
Page 73: Table 3. Adding A Management Address: Example 1
AT-9000 Switch Command Line User’s Guide Table 3. Adding a Management Address: Example 1 Move to the Privileged Exec mode. awplus> enable Move to the Global Configuration mode. awplus# configure terminal Use the INTERFACE VLAN command to awplus(config)# interface vlan1 move to the VLAN Interface mode of the Default_VLAN.
Page 74: Saving Your Changes
Chapter 2: Starting a Management Session Table 4. Adding a Management IP Address: Example 2 Add the ports as untagged ports to the awplus(config-if)# switchport access vlan 5 VLAN with the SWITCHPORT ACCESS VLAN command. Return to the Global Configuration mode. awplus(config-if)# exit Use the INTERFACE VLAN command to awplus(config)# interface vlan5...
Page 75: Ending A Management Session
AT-9000 Switch Command Line User’s Guide Ending a Management Session To end a management session, go to either the Privileged Exec mode or the User Exec mode. From the Privileged Exec mode, enter either the EXIT or LOGOUT to end a management session: awplus# exit awplus# logout From the User Exec mode, enter either the EXIT or LOGOUT command to...
Page 76 Chapter 2: Starting a Management Session...
Page 77: Chapter 3: Basic Command Line Management
Chapter 3 Basic Command Line Management This chapter contains the following sections: “Clearing the Screen” on page 78  “Displaying the On-line Help” on page 79  “Saving Your Configuration Changes” on page 81  “Ending a Management Session” on page 82 ...
Page 78: Clearing The Screen
Chapter 3: Basic Command Line Management Clearing the Screen If your screen becomes cluttered with commands, you can start fresh by entering the CLEAR SCREEN command in the User Exec or Privileged Exec mode. If you are in a lower mode, you have to move up the mode hierarchy to one of these modes to use the command.
Page 79: Displaying The On-Line Help
AT-9000 Switch Command Line User’s Guide Displaying the On-line Help The command line interface has an on-line help system to assist you with the commands. The help system is displayed by typing a question mark. Typing a question mark at a command line prompt displays all the keywords in the current mode.
Page 80: Figure 27: Displaying The Class Of A Parameter
Chapter 3: Basic Command Line Management awplus> enable awplus> enable awplus# configure terminal awplus# configure terminal awplus(config)# hostname ? awplus(config)# hostname ? <STRING:sysName> <STRING:sysName> Figure 27. Displaying the Class of a Parameter...
Page 81: Saving Your Configuration Changes
AT-9000 Switch Command Line User’s Guide Saving Your Configuration Changes To permanently save your changes to the parameter settings on the switch, you must update the active boot configuration file. This is accomplished with either the WRITE command or the COPY RUNNING- CONFIG STARTUP-CONFIG command, both of which are found in the Privileged Exec mode.
Page 82: Ending A Management Session
Chapter 3: Basic Command Line Management Ending a Management Session To end a management session, go to either the Privileged Exec mode or the User Exec mode. From the Privileged Exec mode, enter either the EXIT or LOGOUT to end a management session: awplus# exit awplus# logout From the User Exec mode, enter either the EXIT or LOGOUT command to...
Page 83: Chapter 4: Basic Command Line Management Commands
Chapter 4 Basic Command Line Management Commands The basic command line commands are summarized in Table 5. Table 5. Basic Command Line Commands Command Mode Description “? (Question Mark Key)” on page 85 All modes Displays the on-line help. “CLEAR SCREEN” on page 87 User Exec and Clears the screen.
Page 84 Chapter 4: Basic Command Line Management Commands Table 5. Basic Command Line Commands (Continued) Command Mode Description “QUIT” on page 98 All modes Moves you up one mode. except the User Exec and Privileged Exec “WRITE” on page 99 Privileged Exec Updates the active boot configuration file with the current settings of the switch.
Page 85: (Question Mark Key)
AT-9000 Switch Command Line User’s Guide ? (Question Mark Key) Syntax Parameters None Modes All modes Description Use the question mark key to display on-line help messages. Typing the key at different points in a command displays different messages: Typing “?” at a command line prompt displays all the keywords in ...
Page 86 Chapter 4: Basic Command Line Management Commands This example displays the class of the value for the SPANNING-TREE HELLO-TIME command in the Global Configuration mode: awplus> enable awplus# configure terminal awplus(config)# spanning-tree hello-time ?
Page 87: Clear Screen
AT-9000 Switch Command Line User’s Guide CLEAR SCREEN Syntax clear screen Parameters None Modes User Exec and Privileged Exec modes Description Use this command to clear the screen. Example awplus# clear screen...
Page 88: Configure Terminal
Chapter 4: Basic Command Line Management Commands CONFIGURE TERMINAL Syntax configure terminal Parameters None Mode Privileged Exec mode Description Use this command to move from the Privileged Exec mode to the Global Configuration mode. Example awplus# configure terminal awplus(config)#...
Page 89: Copy Running-Config Startup-Config
AT-9000 Switch Command Line User’s Guide COPY RUNNING-CONFIG STARTUP-CONFIG Syntax copy running-config startup-config Parameters None Mode Privileged Exec mode Description Use this command to update the active boot configuration file with the switch’s current configuration, for permanent storage. When you enter the command, the switch copies its parameter settings into the active boot configuration file.
Page 90: Disable
Chapter 4: Basic Command Line Management Commands DISABLE Syntax disable Parameters None Mode Privileged Exec mode Description Use this command to return to the User Exec mode from the Privileged Exec mode. Example The following command returns the software to the User Exec mode: awplus# disable awplus>...
Page 91 AT-9000 Switch Command Line User’s Guide Syntax command Parameter command Specifies the Privileged Exec mode command to perform. Mode Global Configuration mode Description Use this command to perform Privileged Exec mode commands from the Global Configuration mode. You may use the command to perform some, but not all, of the Privileged Exec mode commands.
Page 92: Enable
Chapter 4: Basic Command Line Management Commands ENABLE Syntax enable Parameters None Mode User Exec mode Description Use this command to move from the User Exec mode to the Privileged Exec mode. Example The following command moves the prompt from the User Exec mode to the Privileged Exec mode: awplus>...
Page 93: End
AT-9000 Switch Command Line User’s Guide Syntax Parameters None Mode All modes below the Global Configuration mode. Description Use this command to return to the Privileged Exec mode. Example The following command returns the prompt to the Privileged Exec mode: awplus(config-if)# end awplus#...
Page 94: Exit
Chapter 4: Basic Command Line Management Commands EXIT Syntax exit Parameters None Mode All modes Description Use this command to move down one mode in the mode hierarchy in all modes except the User Exec and Privileged Exec modes. Using the EXIT command in the User Exec and Privileged Exec modes terminates the management session.
Page 95: Length
AT-9000 Switch Command Line User’s Guide LENGTH Syntax value length Parameters value Specifies the maximum number of lines that the SHOW commands display at one time on the screen. The range is 0 to 512 lines. Use the value 0 if you do not want the SHOW commands to pause. Mode Console Line and Virtual Terminal Line modes Description...
Page 96 Chapter 4: Basic Command Line Management Commands This example returns the number of lines to the default setting for local management sessions: awplus> enable awplus# configure terminal awplus(config)# line console 0 awplus(config-line)# no length...
Page 97: Logout
AT-9000 Switch Command Line User’s Guide LOGOUT Syntax logout Parameters None Mode User Exec and Privileged Exec modes Description Use this command to end a management session. Note Entering the EXIT command in either the User Exec or Privileged Exec mode also ends a management session. Example This example shows the sequence of commands to logout starting from the Global Configuration mode:...
Page 98: Quit
Chapter 4: Basic Command Line Management Commands QUIT Syntax quit Parameters None Mode All modes except the User Exec and Privileged Exec modes. Description Use this command to move up one mode in the mode hierarchy. This command is almost identical to the EXIT command. The difference is that unlike the EXIT command, the QUIT command cannot be used to end a management session.
Page 99: Write
AT-9000 Switch Command Line User’s Guide WRITE Syntax write Parameters None Mode Privileged Exec mode Description Use this command to update the active boot configuration file with the switch’s current configuration, for permanent storage. When you enter the command, the switch copies its parameter settings into the active boot configuration file.
Page 100 Chapter 4: Basic Command Line Management Commands...
Page 101: Chapter 5: Temperature And Fan Control Overview
Chapter 5 Temperature and Fan Control Overview “Overview” on page 102  “Displaying the System Environmental Status” on page 103  “Controlling Eco-Mode LED” on page 104 ...
Page 102: Overview
Chapter 5: Temperature and Fan Control Overview Overview The switch monitors the environmental status, such as temperature and voltage, and the status of fan modules. Checking this information helps you to identify potential hardware issues before they become problems. To check the switch’s environmental and saving energy status, and turn on and off the port LEDs, use the following commands: “ECOFRIENDLY LED”...
Page 103: Displaying The System Environmental Status
AT-9000 Switch Command Line User’s Guide Displaying the System Environmental Status The switch monitors the environmental status of the switch and any attached PSU, XEM, or expansion option. The environmental status covers information about temperatures, fans, and voltage. To display this information, go to User Exec or Privileged Exec mode and enter the command: awplus# show system environment...
Page 104: Controlling Eco-Mode Led
Chapter 5: Temperature and Fan Control Overview Controlling Eco-Mode LED AlliedWare Plus products provide an Eco-Mode LED control to conserve additional power on the port LEDs. The Eco-Mode LED is an eco-friendly feature that turns off the port LEDs when they are not necessary. To enable Eco-Mode LED control, enter the command: awplus(config)# ecofriendly led To disable Eco-Mode LED control,...
Page 105: Chapter 6: Temperature And Fan Control Commands
Chapter 6 Temperature and Fan Control Commands The temperature and fan control commands are summarized in Table 6. Table 6. Temperature and Fan Control Commands Command Mode Description “ECOFRIENDLY LED” on page 106 Global Turns off the port LEDs on the switch Configuration to save power.
Page 106: Ecofriendly Led
Chapter 6: Temperature and Fan Control Commands ECOFRIENDLY LED Syntax ecofriendly led Parameters None Mode Global Configuration mode Description Use this command to turn off the port LEDs on the switch to save power. Confirmation Command “SHOW ECOFRIENDLY” on page 108 Example awplus# ecofriendly led...
Page 107: No Ecofriendly Led
AT-9000 Switch Command Line User’s Guide NO ECOFRIENDLY LED Syntax no ecofriendly led Parameters None Mode Global Configuration mode Description Use this command to turn on the port LEDs on the switch. Confirmation Command “SHOW ECOFRIENDLY” on page 108 Example The following command turns on the port LEDs on the switch: awplus# no ecofriendly led...
Page 108: Show Ecofriendly
Chapter 6: Temperature and Fan Control Commands SHOW ECOFRIENDLY Syntax show ecofriendly Parameters None Mode Privileged Exec mode Description Use this command to display the power saving status of the port LEDs. An example of the information the command displays is shown in Figure 29. Front panel port LEDs: on Figure 29.
Page 109: Show System Environment
AT-9000 Switch Command Line User’s Guide SHOW SYSTEM ENVIRONMENT Syntax show system environment Parameters None Mode Privileged Exec mode Description Use this command to display the environmental information for the switch. Figure 30 shows an example of the information that the command displays.
Page 110 Chapter 6: Temperature and Fan Control Commands Table 7. SHOW SYSTEM ENVIRONMENT Command Parameter Description Reading Indicates the current reading of the item. Status Indicates the status of the item. Example The following example displays environmental information for the switch: awplus# show system environment...
Page 111: Section Ii: Basic Operations
Section II Basic Operations This section contains the following chapters: Chapter 7, “Basic Switch Management” on page 113  Chapter 8, “Basic Switch Management Commands” on page 131  Chapter 9, “Port Parameters” on page 171  Chapter 10, “Port Parameter Commands” on page 191 ...
Page 113: Chapter 7: Basic Switch Management
Chapter 7 Basic Switch Management This chapter contains the following: “Adding a Name to the Switch” on page 114  “Adding Contact and Location Information” on page 115  “Displaying Parameter Settings” on page 116  “Manually Setting the Date and Time” on page 117 ...
Page 114: Adding A Name To The Switch
Chapter 7: Basic Switch Management Adding a Name to the Switch The switch will be easier to identify if you assign it a name. The switch displays its name in the command line prompt, in place of the default prefix “awplus.” To assign the switch a name, use the HOSTNAME command in the Global Configuration mode.
Page 115: Adding Contact And Location Information
AT-9000 Switch Command Line User’s Guide Adding Contact and Location Information The commands for assigning the switch contact and location information are the SNMP-SERVER CONTACT and SNMP-SERVER LOCATION commands, both of which are found in the Global Configuration mode. Here are the formats of the commands: contact snmp-server contact location...
Page 116: Displaying Parameter Settings
Chapter 7: Basic Switch Management Displaying Parameter Settings To display the current parameter settings on the switch, use the SHOW RUNNING-CONFIG command in the Privileged Exec mode. The settings, which are displayed in their equivalent command line commands, are limited to just those parameters that have been changed from their default values.
Page 117: Manually Setting The Date And Time
AT-9000 Switch Command Line User’s Guide Manually Setting the Date and Time To manually set the date and time on the switch, use the CLOCK SET command in the Privileged Exec mode. Here is the format of the command: hh:mm:ss dd mmm yyyy clock set Here are the variables: : Use this variable to specify the hour, minute, and second...
Page 118: Pinging Network Devices
Chapter 7: Basic Switch Management Pinging Network Devices If the switch is unable to communicate with a network device, such as a syslog server or a TFTP server, you can test for an active link between the two devices by instructing the switch to send ICMP Echo Requests and to listen for replies sent back from the other device.
Page 119: Resetting The Switch
AT-9000 Switch Command Line User’s Guide Resetting the Switch To reset the switch, use either the REBOOT or RELOAD command in the Privileged Exec mode. You might reset the switch if it is experiencing a problem or if you want to reconfigure its settings after designating a new active boot configuration file.
Page 120: Restoring The Default Settings To The Switch
Chapter 7: Basic Switch Management Restoring the Default Settings to the Switch To restore the default settings to the switch, delete or rename the active boot configuration file and then reset the unit. Without an active boot configuration file, the switch will use the default parameter settings after it initializes the management software.
Page 121 AT-9000 Switch Command Line User’s Guide Another way to delete the file is with the ERASE STARTUP-CONFIG command, also in the Privileged Exec mode. The advantage of this command over the DELETE command is that you do not have to know the name of the active boot configuration file.
Page 122: Setting The Baud Rate Of The Console Port
Chapter 7: Basic Switch Management Setting the Baud Rate of the Console Port The Console port is used for local management of the switch. To set its baud rate, use the BAUD-RATE SET command in the Global Configuration mode. Note If you change the baud rate of the Console port during a local management session, your session is interrupted.
Page 123 AT-9000 Switch Command Line User’s Guide Note The baud rate is the only adjustable parameter on the Console port. For reference information, refer to “BAUD-RATE SET” on page 139 and “SHOW BAUD-RATE” on page 156.
Page 124: Configuring The Management Session Timers
Chapter 7: Basic Switch Management Configuring the Management Session Timers You should always conclude a management session by logging off so that if you leave your workstation unattended, someone cannot use it to change the switch’s configuration. If you forget to log off, the switch has management session timers that detect and log off inactive local and remote management sessions automatically.
Page 125 AT-9000 Switch Command Line User’s Guide Both the first_line_id and the last_line_id parameters have value of 0 to 9. You can specify one VTY line or a range of VTY lines. This example sets the management session timer to 8 minutes on VTY line 2: awplus>...
Page 126: Setting The Maximum Number Of Manager Sessions
Chapter 7: Basic Switch Management Setting the Maximum Number of Manager Sessions The switch supports up to three manager sessions simultaneously so that more than one person can manage the unit at a time. You set the maximum number of sessions with the SERVICE MAXMANAGER command in the Global Configuration mode.
Page 127: Configuring The Banners
AT-9000 Switch Command Line User’s Guide Configuring the Banners The switch has banner messages you may use to identify the switch or to display other information about the unit. The banners are listed here: Message-of-the-day banner  Login banner  User Exec and Privileged Exec modes banner ...
Page 128 Chapter 7: Basic Switch Management The commands for setting the banners are located in the Global Configuration mode with the exception of the SHOW BANNER LOGIN command which you access in the Privileged Exec mode. After you enter the BANNER EXEC, BANNER LOGIN, or BANNER MOTD command, the “Type CTRL/D to finish”...
Page 129 AT-9000 Switch Command Line User’s Guide To remove messages without assigning new messages, use the NO versions of the commands. This example removes the message-of-the- day banner: awplus> enable awplus# configure terminal awplus(config)# no banner motd This example removes the login banner: awplus>...
Page 130 Chapter 7: Basic Switch Management...
Page 131: Chapter 8: Basic Switch Management Commands
Chapter 8 Basic Switch Management Commands The basic switch management commands are summarized in Table 8. Table 8. Basic Switch Management Commands Command Mode Description “BANNER EXEC” on page 133 Global Creates a User Exec and Privileged Configuration Exec modes banner. “BANNER LOGIN”...
Page 132 Chapter 8: Basic Switch Management Commands Table 8. Basic Switch Management Commands Command Mode Description “REBOOT” on page 152 Privileged Exec Resets the switch. “RELOAD” on page 153 Privileged Exec Resets the switch. “SERVICE MAXMANAGER” on Global Sets the maximum number of page 154 Configuration permitted manager sessions.
Page 133: Banner Exec
AT-9000 Switch Command Line User’s Guide BANNER EXEC Syntax banner exec Parameters None Mode Global Configuration mode Description Use this command to create a banner for the User Exec and Privilege Exec modes. The message is displayed above the command line prompt when you log on or clear the screen with the CLEAR SCREEN command, in local, Telnet, and SSH management sessions.
Page 134: Table 8. Basic Switch Management Commands
Chapter 8: Basic Switch Management Commands This example deletes the banner: awplus> enable awplus# configure terminal awplus(config)# no banner exec...
Page 135: Banner Login
AT-9000 Switch Command Line User’s Guide BANNER LOGIN Syntax banner login Parameters None Mode Global Configuration mode Description Use this command to configure the login banner. The message is displayed prior to the login user name and password prompts for local, Telnet, and SSH management sessions.
Page 136 Chapter 8: Basic Switch Management Commands This example removes the login banner: awplus> enable awplus# configure terminal awplus(config)# no banner login...
Page 137: Banner Motd
AT-9000 Switch Command Line User’s Guide BANNER MOTD Syntax banner motd Parameters None Mode Global Configuration mode Description Use this command to create a message-of-the-day banner. The message is displayed prior to the login user name and password prompts for local, Telnet, and SSH management sessions.
Page 138 Chapter 8: Basic Switch Management Commands This example removes the message-of-the-day banner: awplus> enable awplus# configure terminal awplus(config)# no banner motd...
Page 139: Baud-Rate Set
AT-9000 Switch Command Line User’s Guide BAUD-RATE SET Syntax baud-rate set 1200|2400|4800|9600|19200|38400|57600|115200 Parameters None Mode Global Configuration mode Description Use this command to set the baud rate of the Console port, which is used for local management sessions of the switch. Note If you change the baud rate of the serial terminal port during a local management session, your session will be interrupted.
Page 140: Clock Set
Chapter 8: Basic Switch Management Commands CLOCK SET Syntax hh:mm:ss dd mmm yyyy clock set Parameters hh:mm:ss Specifies the hour, minute, and second for the switch’s time in 24- hour format. Specifies the day of the month. Specifies the month. The month is specified by its first three letters. For example, June is Jun.
Page 141: Erase Startup-Config
AT-9000 Switch Command Line User’s Guide ERASE STARTUP-CONFIG Syntax erase startup-config Parameters None Mode Privileged Exec mode Description Use this command to delete the active boot configuration file to restore the default settings to all the parameters on the switch. After entering this command, enter the REBOOT command to reset the switch and restore the default settings.
Page 142: Exec-Timeout
Chapter 8: Basic Switch Management Commands EXEC-TIMEOUT Syntax value exec-timeout Parameters exec-timeout Specifies the session timer in minutes. The range is 0 to 35,791 minutes. The default value is 10 minutes. Mode Line Console and Virtual Terminal Line modes Description Use this command to set the management session timers.
Page 143 AT-9000 Switch Command Line User’s Guide This example sets the session timer for the first (vty 0) Telnet or SSH session to 5 minutes: awplus> enable awplus# configure terminal awplus(config)# line vty 0 awplus(config-line)# exec-timeout 5...
Page 144: Help
Chapter 8: Basic Switch Management Commands HELP Syntax help Parameters None Mode All modes Description Use this command to learn how to use on-line help. Entering this command at a command line displays how to use the on-line help system. See Figure 34 for the description displayed on the screen.
Page 145: Hostname
AT-9000 Switch Command Line User’s Guide HOSTNAME Syntax name hostname Parameters name Specifies a name of up to 39 alphanumeric characters for the switch. Spaces, punctuation, special characters, and quotation marks are not permitted. Mode Global Configuration mode Description Use this command to assign the switch a name. The switch displays the name in the command line prompt, in place of the default prefix “awplus.”...
Page 146: Line Console
Chapter 8: Basic Switch Management Commands LINE CONSOLE Syntax line console 0 Parameters None Mode Global Configuration mode Description Use this command to enter the Line Console mode to set the session timer and to activate or deactivate remote authentication for local management sessions.
Page 147: Line Vty
AT-9000 Switch Command Line User’s Guide LINE VTY Syntax first_line_id [last_line_id] line vty Parameters first_line_id Specifies the number of a VTY line. The range is 0 to 9. last_line_id Specifies the number of a VTY line. The range is 0 to 9. This is an optional parameter.
Page 148: No Hostname
Chapter 8: Basic Switch Management Commands NO HOSTNAME Syntax no hostname Parameters None Mode Global Configuration mode Description Use this command to delete the switch’s name without assigning a new name. Example This example deletes the current name of the switch without assigning a new value: Bld2_Shipping>...
Page 149: Ping
AT-9000 Switch Command Line User’s Guide PING Syntax ipaddress|hostname ping Parameters ipaddress Specifies the IP address of the network device to receive the ICMP Echo Requests from the switch. You can specify only one IP address. hostname Specifies the host name of the network device to receive the ICMP Echo Requests from the switch.
Page 150 Chapter 8: Basic Switch Management Commands Example This command instructs the switch to ping a network device with the IP address 149.122.14.15: awplus> enable awplus# ping 149.122.14.15 The results of the ping are displayed on the screen.
Page 151: Ping Ipv6
AT-9000 Switch Command Line User’s Guide PING IPv6 Syntax ipv6-address 1-99> 36-18024> ping ipv6 < > repeat < size < Parameters ipv6-address Indicates the destination IPv6 address. The IPv6 address uses the format: nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn Where N is a hexadecimal digit from 0 to F. The eight groups of digits have to be separated by colons.
Page 152: Reboot
Chapter 8: Basic Switch Management Commands REBOOT Syntax reboot Parameters None Mode Privileged Exec mode Description Use this command to reset the switch. You might reset the unit if it is experiencing a problem or if you want to reconfigure its settings after you designate a new active boot configuration file.This command is identical to “RELOAD”...
Page 153: Reload
AT-9000 Switch Command Line User’s Guide RELOAD Syntax reload Parameters None Mode Privileged Exec mode Description Use this command to reset the switch. You might reset the unit if it is experiencing a problem or if you want to reconfigure its settings after you designate a new active boot configuration file.
Page 154: Service Maxmanager
Chapter 8: Basic Switch Management Commands SERVICE MAXMANAGER Syntax value service maxmanager Parameters value Specifies the maximum number of manager sessions the switch will allow at one time. The range is 1 to 3. The default is 3. Mode Global Configuration mode Description Use this command to set the maximum number of manager sessions that can be open on the switch simultaneously.
Page 155: Show Banner Login
AT-9000 Switch Command Line User’s Guide SHOW BANNER LOGIN Syntax show banner login Parameters None Mode Privileged Exec mode Description Use this command to display the contents of the banner login file configured with the BANNER LOGIN command. A sample of the display is shown below.
Page 156: Show Baud-Rate
Chapter 8: Basic Switch Management Commands SHOW BAUD-RATE Syntax show baud-rate Parameters None Mode User Exec mode and Privileged Exec mode Description Use this command to display the settings of the Console port, used for local management sessions of the switch. Here is an example of the information.
Page 157: Show Clock
AT-9000 Switch Command Line User’s Guide SHOW CLOCK Syntax show clock Parameters None Modes User Exec mode Description Use this command to display the system’s current date and time. Example This example displays the system’s current date and time: awplus# show clock...
Page 158: Show Running-Config
Chapter 8: Basic Switch Management Commands SHOW RUNNING-CONFIG Syntax show running-config Parameters None Modes Privileged Exec mode Description Use this command to display the settings of the switch, in their equivalent command line commands. The command displays only the settings that have been changed from their default values and includes those values that have not yet been saved in the active boot configuration file.
Page 159: Show Switch
Table 9. SHOW SWITCH Command Parameter Description Application Software The version number of the management Version software. Application Software Build The date and time when Allied Telesis Date released this version of the management software. MAC Address The MAC address of the switch.
Page 160 Chapter 8: Basic Switch Management Commands Table 9. SHOW SWITCH Command (Continued) Parameter Description Active Spanning Tree The active spanning tree protocol on the version switch. The protocol can be STP, RSTP, or MSTP. The active spanning tree protocol is set with “SPANNING-TREE MODE STP”...
Page 161: Show System
AT-9000 Switch Command Line User’s Guide SHOW SYSTEM Syntax show system Parameters None Modes User Exec and Privileged Exec modes Description Use this command to view general information about the switch. Figure 38 is an example of the information. Switch System StatusFri, 18 Nov 2011 00:37:26 BoardBoard NameRevSerial Number ---------------------------------------------------------------- BaseAT-9000/28 R1S05525A090200007...
Page 162: Show System Serialnumber
Chapter 8: Basic Switch Management Commands SHOW SYSTEM SERIALNUMBER Syntax show system serialnumber Parameters None Mode User Exec and Privileged Exec modes Description Use this command to display the serial number of the switch. Figure 39 is an example of the output. S05525A023600001 Figure 39.
Page 163: Show Users
AT-9000 Switch Command Line User’s Guide SHOW USERS Syntax show users Parameters None Modes Privileged Exec mode Description Use this command to display the managers who are currently managing the switch locally through the Console port and remotely from Telnet and SSH sessions.
Page 164 Chapter 8: Basic Switch Management Commands Table 10. SHOW USERS Command (Continued) Parameter Description Idle The number of hours, minutes, and seconds since the manager using the account entered a command on the switch. The value is always zero for your account because you just entered the SHOW USERS command.
Page 165: Show Version
AT-9000 Switch Command Line User’s Guide SHOW VERSION Syntax show version Parameters None Mode User Exec and Privileged Exec modes Description Use this command to display the software version number and build date of the management software. Figure 41 displays an example of the information.
Page 166: Snmp-Server Contact
Chapter 8: Basic Switch Management Commands SNMP-SERVER CONTACT Syntax contact snmp-server contact Parameters contact Specifies the name of the person responsible for managing the switch. The name can be up to 255 alphanumeric characters in length. Spaces and special characters are allowed. Mode Global Configuration mode Description...
Page 167: Snmp-Server Location
AT-9000 Switch Command Line User’s Guide SNMP-SERVER LOCATION Syntax location snmp-server location Parameters location Specifies the location of the switch. The location can be up to 255 alphanumeric characters. Spaces and special characters are allowed. Mode Global Configuration mode Description Use this command to add location information to the switch.
Page 168: System Territory
Chapter 8: Basic Switch Management Commands SYSTEM TERRITORY Syntax territory system territory Parameters territory Specifies the territory of the switch. The switch can have only one territory. You may choose from the following: australia china europe japan korea nz (New Zealand) Mode Global Configuration mode Description...
Page 169 AT-9000 Switch Command Line User’s Guide This example removes the current territory information: awplus> enable awplus# configure terminal awplus(config)# no system territory...
Page 170 Chapter 8: Basic Switch Management Commands...
Page 171: Chapter 9: Port Parameters
Chapter 9 Port Parameters This chapter contains the following: “Adding Descriptions” on page 172  “Setting the Speed and Duplex Mode” on page 173  “Setting the MDI/MDI-X Wiring Configuration” on page 175  “Enabling or Disabling Ports” on page 176 ...
Page 172: Adding Descriptions
Chapter 9: Port Parameters Adding Descriptions The ports will be easier to identify if you give them descriptions. The descriptions are viewed with the SHOW INTERFACE command in the Privileged Exec mode. The command for adding descriptions is the DESCRIPTION command in the Port Interface mode.
Page 173: Setting The Speed And Duplex Mode
AT-9000 Switch Command Line User’s Guide Setting the Speed and Duplex Mode The twisted pair ports on the switch can operate at 10, 100, or 1000 Mbps, in either half-duplex or full-duplex mode. You may set the speeds and duplex modes yourself or, since the ports support Auto-Negotiation, you may let the switch configure the ports automatically.
Page 174 Chapter 9: Port Parameters This example sets the speeds of ports 11 and 17 to 100Mbps: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.11,port1.0.17 awplus(config-if)# speed 100 This example configures port 1 to half-duplex: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.1 awplus(config-if)# duplex half This example configures ports 2 to 4 to 10 Mbps, full-duplex: awplus>...
Page 175: Setting The Mdi/Mdi-X Wiring Configuration
AT-9000 Switch Command Line User’s Guide Setting the MDI/MDI-X Wiring Configuration The wiring configurations of twisted pair ports that operate at 10 or 100 Mbps are MDI (medium dependent interface) and MDI-X (medium dependent interface crossover). A port on the switch and a port on a link partner must have different settings.
Page 176: Enabling Or Disabling Ports
Chapter 9: Port Parameters Enabling or Disabling Ports Disabling ports turns off their receivers and transmitters so that they cannot forward traffic. You might disable unused ports on the switch to protect them from unauthorized use, or if there is a problem with a cable or a network device.
Page 177: Enabling Or Disabling Backpressure
AT-9000 Switch Command Line User’s Guide Enabling or Disabling Backpressure Ports use backpressure during periods of packet congestion, to prevent packet overruns. They use it to stop their link partners from sending any further packets to enable them to process the packets already in their buffers.
Page 178: Enabling Or Disabling Flow Control
Chapter 9: Port Parameters Enabling or Disabling Flow Control When a port that is operating in full-duplex mode needs to temporarily stop its local or remote counterpart from sending any further packets, it initiates flow control by sending what are known as pause packets. Pause packets instruct the link partner to stop sending packets to allow the sender of the packets time to process the packets already stored in its buffers.
Page 179: Figure 42: Show Flowcontrol Interface Command
AT-9000 Switch Command Line User’s Guide This example configures port 21 not to send pause packets during periods of packet congestion: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.21 awplus(config-if)# speed 100 awplus(config-if)# duplex full awplus(config-if)# flowcontrol send off This example enables both the receive and send portions of flow control on port 7: awplus>...
Page 180 Chapter 9: Port Parameters If flow control is not configured on a port, this message is displayed: Flow control is not set on interface port1.0.2...
Page 181: Resetting Ports
AT-9000 Switch Command Line User’s Guide Resetting Ports If a port is experiencing a problem, you may be able to correct it with the RESET command in the Port Interface mode. This command performs a hardware reset. The port parameter settings are retained. The reset takes just a second or two to complete.
Page 182: Configuring Threshold Limits For Ingress Packets
Chapter 9: Port Parameters Configuring Threshold Limits for Ingress Packets You can set threshold limits for the ingress packets on the ports. The threshold limits control the number of packets the ports accept each second. Packets that exceed the limits are discarded by the ports. You can set different limits for broadcast, multicast, and unknown unicast traffic.
Page 183 AT-9000 Switch Command Line User’s Guide To remove threshold limits from the ports, use the NO STORM-CONTROL command, also in the Port Interface mode. This example removes the threshold limit for broadcast packets on port 12: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.12 awplus(config-if)# no storm-control broadcast This example disables unknown unicast rate limiting on port 5, 6, and 15:...
Page 184: Displaying Threshold Limit Settings On Ports
Chapter 9: Port Parameters Displaying Threshold Limit Settings on Ports To display the threshold settings for the ingress packets on the ports, use the SHOW STORM-CONTROL command in the Privileged Exec mode. Here is the format: port show storm-control [ This example of the command displays the broadcast, multicast and dif levels on ports 18: awplus# show storm-control port1.0.18...
Page 185: Reinitializing Auto-Negotiation
AT-9000 Switch Command Line User’s Guide Reinitializing Auto-Negotiation If you believe that a port set to Auto-Negotiation is not using the highest possible common speed and duplex-mode between itself and a network device, you can instruction it to repeat Auto-Negotiation. This is accomplished with the RENEGOTIATE command in the Port Interface mode.
Page 186: Restoring The Default Settings
Chapter 9: Port Parameters Restoring the Default Settings To restore the default settings on a port, use the PURGE command in the Port Interface mode. This example returns ports 12, 13 and 15 to their default settings: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.12,port1.0.13,port1.0.15 awplus(config-if)# purge For reference information, refer to “PURGE”...
Page 187: Displaying Port Settings
AT-9000 Switch Command Line User’s Guide Displaying Port Settings There are several ways to display port settings. See the following: “Displaying Speed and Duplex Settings” on page 187  “Displaying Port Status” on page 187  “Displaying Port Configuration” on page 188 ...
Page 188: Displaying Port Configuration
Chapter 9: Port Parameters Interface port1.0.1 Link is UP, administrative state is UP Address is 0015.77cc.e243 index 1 mtu 9198 SNMP link-status traps: Enabled (Suppressed in 0 sec.) Bandwidth 1g input packets 0, bytes 0, dropped 0, multicast packets 0 output packets 0, bytes 0, multicast packets 0 broadcast packets 0 Interface port1.0.2 Link is UP, administrative state is UP...
Page 189: Displaying Or Clearing Port Statistics
AT-9000 Switch Command Line User’s Guide Displaying or Clearing Port Statistics To view packet statistics for the individual ports, use the SHOW PLATFORM TABLE PORT COUNTERS command in the Privileged Exec mode. Here is the format of the command: port show platform table port [ ] counters This example displays the statistics for ports 23 and 24:...
Page 190: Displaying Sfp Information
Chapter 9: Port Parameters Displaying SFP Information To view information on a plugged SFP on the switch, use the SHOW SYSTEM PLUGGABLE command in the Privileged Exec mode. Here is the format of the command: show system pluggable For more information about this command, see “SHOW SYSTEM PLUGGABLE”...
Page 191: Chapter 10: Port Parameter Commands
Chapter 10 Port Parameter Commands The port parameter commands are summarized in Table 11. Table 11. Port Parameter Commands Command Mode Description “BACKPRESSURE” on page 194 Port Interface Enables or disables backpressure on ports that are operating in half-duplex mode. “BPLIMIT”...
Page 192 Chapter 10: Port Parameter Commands Table 11. Port Parameter Commands (Continued) Command Mode Description “NO STORM-CONTROL” on Port Interface Removes threshold limits for page 213 broadcast, multicast, or unknown unicast packets. “POLARITY” on page 214 Port Interface Sets the MDI/MDI-X settings on twisted pair ports.
Page 193 Table 11. Port Parameter Commands (Continued) Command Mode Description “STORM-CONTROL” on page 241 Port Interface Sets a maximum limit of the number of broadcast, multicast, or unknown unicast packets forwarded by a port.
Page 194: Backpressure
Chapter 10: Port Parameter Commands BACKPRESSURE Syntax backpressure on|off Parameters Activates backpressure on the ports. Deactivates backpressure on the ports. Mode Port Interface mode Description Use this command to enable or disable backpressure on ports that are operating at 10 or 100 Mbps in half-duplex mode. Backpressure is used by ports during periods of packet congestion to temporarily stop their network counterparts from transmitting more packets.
Page 195 AT-9000 Switch Command Line User’s Guide This example configures ports 8 and 21 to 100 Mbps, half-duplex mode, with backpressure disabled: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.8,port1.0.21 awplus(config-if)# speed 100 awplus(config-if)# duplex half awplus(config-if)# backpressure off...
Page 196: Bplimit
Chapter 10: Port Parameter Commands BPLIMIT Syntax bplimit bplimit Parameters bplimit Specifies the number of cells for backpressure. A cell represents 128 bytes. The range is 1 to 7935 cells. The default value is 7935 cells. Mode Port Interface mode Description Use this command to specify a threshold level for backpressure on a port.
Page 197: Clear Port Counter
AT-9000 Switch Command Line User’s Guide CLEAR PORT COUNTER Syntax port clear port counter Parameters port Specifies the port whose packet counters you want to clear. You can specify more than one port at a time in the command. Mode User Exec mode and Privileged Exec mode Description Use this command to clear the packet counters of the ports.
Page 198: Description
Chapter 10: Port Parameter Commands DESCRIPTION Syntax description description Parameters description Specifies a description of 1 to 240 alphanumeric characters for a port. Spaces and special characters are allowed. Mode Port Interface mode Description Use this command to add descriptions to the ports on the switch. The ports will be easier to identify if they have descriptions.
Page 199 AT-9000 Switch Command Line User’s Guide This example removes the current name from port 11 without assigning a new name: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.11 awplus(config-if)# no description...
Page 200: Duplex
Chapter 10: Port Parameter Commands DUPLEX Syntax duplex auto|half|full Parameters auto Activates Auto-Negotiation for the duplex mode, so that the duplex mode is set automatically. half Specifies half-duplex mode. full Specifies full-duplex mode. Mode Port Interface mode Description Use this command to set the duplex modes of the twisted pair ports. Ports operating in half-duplex mode can either receive packets or transmit packets, but not both at the same time, while ports operating in full-duplex can both send and receive packets, simultaneously.
Page 201 AT-9000 Switch Command Line User’s Guide Examples This example sets the duplex mode on port 11 half-duplex: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.11 awplus(config-if)# duplex half This example configures the duplex mode with Auto-Negotiation on port awplus> enable awplus# configure terminal awplus(config)# interface port1.0.15 awplus(config-if)# duplex auto...
Page 202: Egress-Rate-Limit
Chapter 10: Port Parameter Commands EGRESS-RATE-LIMIT Syntax value egress-rate-limit Parameters value Specifies the maximum amount of traffic that can be transmitted from the port. The value is kilobits per second. The range is 64 to 1,000,000 kilobits per second. Mode Port Interface mode Description Use this command to set a limit on the amount of traffic that can be...
Page 203: Fctrllimit
AT-9000 Switch Command Line User’s Guide FCTRLLIMIT Syntax fctrllimit fctrllimit Parameters fctrllimit Specifies the number of cells for flow control. A cell represents 128 bytes. The range is 1 to 7935 cells. The default value is 7935 cells. Mode Port Interface mode Description Use this command to specify threshold levels for flow control on the ports.
Page 204: Flowcontrol
Chapter 10: Port Parameter Commands FLOWCONTROL Syntax flowcontrol send|receive|both on|off Parameter send Controls whether a port sends pause packets during periods of packet congestion, to initiate flow control. receive Controls whether a port, when it receives pause packets from its network counterpart, stops sending packets.
Page 205 AT-9000 Switch Command Line User’s Guide partner. If it is off, a port does not respond to pause packets and continues to transmit packets. At the default setting, the receive portion of flow control is off. The SEND parameter determines whether a port sends pause packets when it experiences traffic congestion.
Page 206 Chapter 10: Port Parameter Commands This example configures port 1 and 2 to 10 Mbps, full-duplex mode. The send portion of flow control is disabled so that the ports do not send pause packets during periods of traffic congestion. But the receive portion is enabled so that the ports respond to pause packets from their network counterparts by temporarily ceasing transmission: awplus>...
Page 207: Holbplimit
AT-9000 Switch Command Line User’s Guide HOLBPLIMIT Syntax holbplimit holbplimit Parameter holbplimit Specifies the threshold at which a port signals a head of line blocking event. The threshold is specified in cells. A cell is 128 bytes. The range is 1 to 8,191 cells; the default is 7,168 cells. Mode Port Interface mode Description...
Page 208: Figure 48: Head Of Line Blocking
Chapter 10: Port Parameter Commands Figure 48. Head of Line Blocking The HOL Limit parameter can help prevent this problem from occurring. It sets a threshold on the utilization of a port’s egress queue. When the threshold for a port is exceeded, the switch signals other ports to discard packets to the oversubscribed port.
Page 209: No Egress-Rate-Limit
AT-9000 Switch Command Line User’s Guide NO EGRESS-RATE-LIMIT Syntax no egress-rate-limit Parameters None Mode Port Interface mode Description Use this command to disable egress rate limiting on the ports. Confirmation Command “SHOW RUNNING-CONFIG” on page 158 Example This example disable egress rate limiting on the ports 4 and 5: awplus>...
Page 210: No Flowcontrol
Chapter 10: Port Parameter Commands NO FLOWCONTROL Syntax no flowcontrol Parameter None Mode Port Interface mode Description Use this command to disable flow control on ports. Confirmation Command “SHOW FLOWCONTROL INTERFACE” on page 219 Example This example disables flow control on port 16: awplus>...
Page 211: No Shutdown
AT-9000 Switch Command Line User’s Guide NO SHUTDOWN Syntax no shutdown Parameters None Mode Port Interface mode Description Use this command to enable ports so that they forward packets again. This is the default setting for a port. Confirmation Command “SHOW RUNNING-CONFIG”...
Page 212: No Snmp Trap Link-Status
Chapter 10: Port Parameter Commands NO SNMP TRAP LINK-STATUS Syntax no snmp trap link-status Parameter None Mode Port Interface mode Description Use this command to deactivate SNMP link traps on the ports of the switch. The switch does not send traps when a port on which link trap is disabled experiences a change in its link state (i.e., goes up or down).
Page 213: No Storm-Control
AT-9000 Switch Command Line User’s Guide NO STORM-CONTROL Syntax no storm-control broadcast|multicast|dlf Parameters broadcast Specifies broadcast packets. multicast Specifies multicast packets. Specifies unknown unicast packets. Description Use this command to remove packet threshold levels that were set on the ports with “STORM-CONTROL” on page 241. Confirmation Command “SHOW RUNNING-CONFIG”...
Page 214: Polarity
Chapter 10: Port Parameter Commands POLARITY Syntax polarity auto|mdi|mdix Parameters auto Activates auto-MDI/MDIX. Sets a port’s wiring configuration to MDI. mdix Sets a port’s wiring configuration to MDI-X. Mode Port Interface mode Description Use this command to set the wiring configuration of twisted pair ports that are operating at 10 or 100 Mbps, in half- or full-duplex mode.
Page 215 AT-9000 Switch Command Line User’s Guide This example sets ports 4 and 18 to the MDI-X wiring configuration: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.4,port1.0.18 awplus(config-if)# polarity mdix This example activates auto-MDI/MDIX on ports 1 to 3: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.1-port1.0.3 awplus(config-if)# polarity auto...
Page 216: Purge
Chapter 10: Port Parameter Commands PURGE Syntax purge Parameters None Mode Port Interface mode Description Use this command to restore the default settings to these port parameters: Enabled status (NO SHUTDOWN)  Description  Speed  Duplex mode  MDI/MDI-X ...
Page 217: Renegotiate
AT-9000 Switch Command Line User’s Guide RENEGOTIATE Syntax renegotiate Parameters None Mode Port Interface mode Description Use this command to prompt a port that is set to Auto-Negotiation to renegotiate its speed and duplex mode with its network device. You might use this command if you believe that a port and a network device did not establish the highest possible common settings during the Auto- Negotiation process.
Page 218: Reset
Chapter 10: Port Parameter Commands RESET Syntax reset Parameters None Mode Port Interface mode Description Use this command to perform a hardware reset on the ports. The ports retain their parameter settings. The reset takes only a second or two to complete.
Page 219: Show Flowcontrol Interface
AT-9000 Switch Command Line User’s Guide SHOW FLOWCONTROL INTERFACE Syntax port show flowcontrol interface Parameter port Specifies the port whose flow control setting you want to view. You can specify just one port at a time. Modes Privileged Exec mode Description Use this command to display the current settings for flow control on the ports.
Page 220 Chapter 10: Port Parameter Commands Table 12. SHOW FLOWCONTROL INTERFACE Command (Continued) Parameter Description RxPause The number of received pause packets. TxPause The number of transmitted pause packets. Example This command displays the flow control settings for port 2: awplus# show flowcontrol interface port1.0.2...
Page 221: Show Interface
AT-9000 Switch Command Line User’s Guide SHOW INTERFACE Syntax port show interface [ Parameter port Specifies the port whose current status you want to view. You can display more than one port at a time. To display all the ports, do not include this parameter.
Page 222: Figure 50: Show Interface Command
Chapter 10: Port Parameter Commands Interface port1.0.1 Link is UP, administrative state is UP Address is 0015.77cc.e243 Description: index 1 mtu 9198 Unknown Ingress Multicast Blocking: Disabled Unknown Egress Multicast Blocking: Disabled SNMP link-status traps: Enabled (Suppressed in 0 sec.) Bandwidth 1g input packets 0, bytes 0, dropped 0, multicast packets 0 output packets 0, bytes 0, multicast packets 0 broadcast packets 0...
Page 223 AT-9000 Switch Command Line User’s Guide Table 13. SHOW INTERFACE Command (Continued) Parameter Description Link is The status of the link on the port. This field is UP when the port has a link with a network device, and DOWN when the port does not have a link.
Page 224 Chapter 10: Port Parameter Commands Examples This command displays the current operational state of all the ports: awplus# show interface This command displays the current operational state of ports 1 to 4: awplus# show interface port1.0.1-port1.0.4...
Page 225: Show Interface Brief
AT-9000 Switch Command Line User’s Guide SHOW INTERFACE BRIEF Syntax show interface brief Parameter None Modes Privileged Exec mode Description Use this command to display the administrative and link statuses of all of the ports on the switch. An example of the information is shown in Figure 51.
Page 226 Chapter 10: Port Parameter Commands Table 14. SHOW INTERFACE BRIEF Command (Continued) Field Description Protocol Indicates the status of the link on the port. This field is UP when the port has a link with a network device, and DOWN when the port does not have a link.
Page 227: Show Interface Status
AT-9000 Switch Command Line User’s Guide SHOW INTERFACE STATUS Syntax port show interface [ ] status Parameter port Specifies the port whose parameter settings you want to view. You can display more than one port at a time. To display all the ports, do not include a port number.
Page 228 Chapter 10: Port Parameter Commands Table 15. SHOW INTERFACE STATUS Command (Continued) Parameter Description Duplex The duplex mode setting of the port. The setting can be half, full or auto for Auto- Negotiation. To set the duplex mode, refer to “DUPLEX” on page 200. Speed The speed of the port.
Page 229: Show Platform Table Port Counters
AT-9000 Switch Command Line User’s Guide SHOW PLATFORM TABLE PORT COUNTERS Syntax port show platform table port [ ] counters Parameter port Specifies the port whose statistics you want to view. You can specify more than one port at a time in the command. To view all the ports, omit this parameter.
Page 230 Chapter 10: Port Parameter Commands Table 16. SHOW PLATFORM TABLE PORT COUNTERS Command Parameter Description MulticastPkts Number of received and transmitted multicast packets. BroadcastPkts Number of received and transmitted broadcast packets PauseMACCtrlFrms Number of received and transmitted flow control pause packets. OversizePkts Number of received packets that exceeded the maximum size as specified...
Page 231 AT-9000 Switch Command Line User’s Guide Table 16. SHOW PLATFORM TABLE PORT COUNTERS Command Parameter Description ifOutErrors Number of packets that were discarded prior to transmission because of an error. ipInHdrErrors Number of ingress packets that were discarded because of a hardware error. Miscellaneous Counters MAC TxErr Number of frames not transmitted...
Page 232: Show Running-Config Interface
Chapter 10: Port Parameter Commands SHOW RUNNING-CONFIG INTERFACE Syntax port show running-config interface Parameters port Specifies a port, multiple ports, or a range of ports. For a detailed explanation on how to specify ports, see “Port Numbers in Commands” on page 58. Modes Privileged Exec mode Description...
Page 233: Show Storm-Control
AT-9000 Switch Command Line User’s Guide SHOW STORM-CONTROL Syntax port show storm-control [ Parameters port Specifies the port whose storm-control, threshold limit settings you want to view. You can specify more than one port at a time. To display all the ports, do not include this parameter. Mode Privileged Exec mode Description...
Page 234 Chapter 10: Port Parameter Commands Table 17. SHOW STORM-CONTROL Command (Continued) Column Description DlfLevel Indicates the maximum number of unknown unicast packets, destination lookup failure (DLF) packets per second for the port. DLF packets beyond this number are discarded. Examples This command displays the settings of all the ports: awplus# show storm-control This command displays the settings of ports 15 and 18:...
Page 235: Show System Pluggable
AT-9000 Switch Command Line User’s Guide SHOW SYSTEM PLUGGABLE Syntax show system pluggable Parameters None Mode Privileged Exec mode Description Use this command to display information about the SFP modules in the switch. System Pluggable Information PortVendorDevice Serial NumberDatecode Type --------------------------------------------------------- 1.0.49ATIAT-SPSX A03240R08420074120081018...
Page 236: Show System Pluggable Detail
Chapter 10: Port Parameter Commands SHOW SYSTEM PLUGGABLE DETAIL Syntax show system pluggable detail Parameters None Mode Privileged Exec mode Description Use this command to display information about the SFP modules in the switch. See Figure 56. The SHOW SYSTEM PLUGGABLE DETAIL command provides more detailed information than the SHOW SYSTEM PLUGGABLE command.
Page 237: Shutdown
AT-9000 Switch Command Line User’s Guide SHUTDOWN Syntax shutdown Parameter None Mode Port Interface mode Description Use this command to disable ports. Ports that are disabled do not forward traffic. You might disable ports that are unused to secure them from unauthorized use or that are having problems with network cables or their link partners.
Page 238: Snmp Trap Link-Status
Chapter 10: Port Parameter Commands SNMP TRAP LINK-STATUS Syntax snmp trap link-status Parameter None Mode Port Interface mode Description Use this command to activate SNMP link traps on the ports. The switch sends an SNMP trap to an SNMP trap receiver on your network whenever a port experiences a change in its link state.
Page 239: Speed
AT-9000 Switch Command Line User’s Guide SPEED Syntax speed auto|10|100|1000 Parameters auto Activates Auto-Negotiation so that the speed is configured automatically. Specifies 10 Mbps. Specifies 100 Mbps. 1000 Specifies 1000 Mbps. This setting should not be used on twisted pair ports. For 1000Mbps, full duplex operation, a twisted pair port must be set to Auto-Negotiation.
Page 240 Chapter 10: Port Parameter Commands This example activates Auto-Negotiation on port 15: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.15 awplus(config-if)# speed auto...
Page 241: Storm-Control
AT-9000 Switch Command Line User’s Guide STORM-CONTROL Syntax value storm-control broadcast|multicast|dlf level Parameters broadcast Specifies broadcast packets. multicast Specifies multicast packets. Specifies unknown unicast packets. level Specifies the maximum number of ingress packets per second of the designated type the port will forward. The range is 0 to 33,554,431 packets.
Page 242 Chapter 10: Port Parameter Commands Examples This example sets the maximum threshold level of 5,000 packets per second for ingress broadcast packets on port 12: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.12 awplus(config-if)# storm-control broadcast level 5000 This example sets the maximum threshold level of 100,000 packets per second for ingress multicast packets on port 4: awplus>...
Page 243: Chapter 11: Power Over Ethernet
Chapter 11 Power Over Ethernet “Overview” on page 244  “Enabling and Disabling PoE” on page 246  “Adding PD Descriptions to Ports” on page 248  “Prioritizing Ports” on page 249  “Managing the Maximum Power Limit on Ports” on page 250 ...
Page 244: Overview
Chapter 11: Power Over Ethernet Overview The AT-9000/12PoE and AT-9000/28PoE switches feature Power over Ethernet (PoE) on the 10/100Base-Tx ports. PoE is used to supply power to network devices over the same twisted pair cables that carry the network traffic.
Page 245: Port Prioritization
AT-9000 Switch Command Line User’s Guide The AT-9000/12POE switch has a power budget of 125 watts. The AT-9000/28POE switch has a power budget of 370 watts. These are the maximum amounts of power the switches can provide at one time to the powered devices.
Page 246: Enabling And Disabling Poe
Chapter 11: Power Over Ethernet Enabling and Disabling PoE Enabling PoE on ports allows the switch to supply power to PDs connected to the ports. In order for PDs to receive power, PoE must be enabled on the ports. By default, PoE is enabled on all the ports on the PoE switch.
Page 247 AT-9000 Switch Command Line User’s Guide This example disables PoE individually on port 5 to port 8: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.5-port1.0.8 awplus(config-if)# no power-inline enable...
Page 248: Adding Pd Descriptions To Ports
Chapter 11: Power Over Ethernet Adding PD Descriptions to Ports PDs connected to the ports are easier to identify if you give them descriptions. To add descriptions to PDs, use the POWER-INLINE DESCRIPTION command in the Port Interface mode. Here is the format: description power-inline description The description parameter can consist of up to 256 alphanumeric...
Page 249: Prioritizing Ports
AT-9000 Switch Command Line User’s Guide Prioritizing Ports When the total power requirements of the PDs exceed the total available power of the switch, the switch denies power to one or more ports based on port prioritization.To guarantee power to the most critical PDs before any other PDs, the switch allows you to prioritize the ports for power supply.
Page 250: Managing The Maximum Power Limit On Ports
Chapter 11: Power Over Ethernet Managing the Maximum Power Limit on Ports To manage the switch’s power and optimize its power distribution, the switch allows you to adjust the power limit that the switch provides to each port. The switch automatically sets a default power limit to the port where a PD is connected and allows you to change the default settings.
Page 251: Managing Legacy Pds
AT-9000 Switch Command Line User’s Guide Managing Legacy PDs The PoE switch automatically detects whether or not a device plugged into the PoE-enabled port is a valid PD. The switch supports PDs compliant with the IEEE 802.3af and IEEE 802.3at PoE standards. In addition, the switch supports legacy PDs that were designed before the IEEE standards were finalized.
Page 252: Monitoring Power Consumption
Chapter 11: Power Over Ethernet Monitoring Power Consumption You can monitor the power consumption of the switch and PDs by configuring the unit to transmit an SNMP power-inline trap if their combined power requirements exceed a defined threshold. The threshold is specified as a percentage of the switch’s nominal power, which is the total available power of the switch.
Page 253: Displaying Poe Information
AT-9000 Switch Command Line User’s Guide Displaying PoE Information The switch allows you to display PoE information using three commands. Each command displays a different set of PoE information as described in Table 21. Table 21. PoE Show Commands Command Description SHOW POWER-INLINE Displays PoE information about the switch...
Page 254: Figure 58: Show Power-Inline Interface Command
Chapter 11: Power Over Ethernet This example displays the PoE information of port 1 through port 4: awplus# show power inline interface port1.0.1-port1.0.4 Figure 58 shows an example of the information the command displays. The columns are described in Table 23 on page 275. Interface Admin Oper...
Page 255: Chapter 12: Power Over Ethernet Commands
Chapter 12 Power Over Ethernet Commands The Power over Ethernet (PoE) commands are summarized in Table 22. These commands are only supported on the PoE switches. Table 22. Power over Ethernet Commands Command Mode Description “CLEAR POWER-INLINE Privileged Exec Clears the PoE event counters on the COUNTERS INTERFACE”...
Page 256 Chapter 12: Power Over Ethernet Commands Table 22. Power over Ethernet Commands (Continued) Command Mode Description “POWER-INLINE PRIORITY” on Port Interface Assigns a PoE priority level to a port. page 270 “POWER-INLINE USAGE- Global Sets the power threshold for the THRESHOLD”...
Page 257: Clear Power-Inline Counters Interface
AT-9000 Switch Command Line User’s Guide CLEAR POWER-INLINE COUNTERS INTERFACE Syntax clear power-inline counters interface [ port Parameter port Specifies a port. You can specify more than one port and clear event counters for multiple ports. Mode Privileged Exec mode Description Use this command to clear the PoE port event counters.
Page 258: No Power-Inline Allow-Legacy
Chapter 12: Power Over Ethernet Commands NO POWER-INLINE ALLOW-LEGACY Syntax no power-inline allow-legacy Parameters None Mode Port Interface mode Description Use this command to configure the ports to deny power to legacy PDs. Legacy PDs are PoE devices that were designed before the IEEE 802.3af and IEEE 802.3at PoE standards were finalized.
Page 259: No Power-Inline Description
AT-9000 Switch Command Line User’s Guide NO POWER-INLINE DESCRIPTION Syntax no power-inline description Parameters None Mode Port Interface mode Description Use this command to delete PD descriptions from the ports. Confirmation Commands “SHOW POWER-INLINE” on page 274 “SHOW POWER-INLINE INTERFACE” on page 279 “SHOW POWER-INLINE INTERFACE DETAIL”...
Page 260: No Power-Inline Enable
Chapter 12: Power Over Ethernet Commands NO POWER-INLINE ENABLE Syntax no power-inline enable Parameters None Mode Port Interface mode Description Use this command to disable PoE on the ports. Ports do not transmit power when PoE is disabled, but they do forward network traffic. Confirmation Commands “SHOW POWER-INLINE”...
Page 261: No Power-Inline Max
AT-9000 Switch Command Line User’s Guide NO POWER-INLINE MAX Syntax no power-inline max Parameters None Mode Port Interface mode Description Use this command to restore the default maximum power limits on the ports. The default power limits are based on the power classes of the PDs. See “Managing the Maximum Power Limit on Ports”...
Page 262: No Power-Inline Priority
Chapter 12: Power Over Ethernet Commands NO POWER-INLINE PRIORITY Syntax no power-inline priority Parameters None Mode Port Interface mode Description Use this command to restore the default Low priority setting to the ports. Confirmation Commands “SHOW POWER-INLINE” on page 274 “SHOW POWER-INLINE INTERFACE”...
Page 263: No Power-Inline Usage-Threshold
AT-9000 Switch Command Line User’s Guide NO POWER-INLINE USAGE-THRESHOLD Syntax no power-inline usage-threshold Parameters None Mode Global Configuration mode Description Use this command to reset the power usage threshold to the default 80%. The switch sends an SNMP power-inline trap if the power requirements of the switch and PDs exceed the defined threshold.
Page 264: No Service Power-Inline
Chapter 12: Power Over Ethernet Commands NO SERVICE POWER-INLINE Syntax no service power-inline Parameters None Mode Global Configuration mode Description Use this command to disable PoE on the switch. The ports do not transmit power to the PDs when PoE is disabled, but they do forward network traffic.
Page 265: No Snmp-Server Enable Trap Power-Inline
AT-9000 Switch Command Line User’s Guide NO SNMP-SERVER ENABLE TRAP POWER-INLINE Syntax no snmp-server enable trap power-inline Parameters None Mode Global Configuration mode Description Use this command to disable the transmission of SNMP power-inline traps. The switch sends this trap if the power requirements of the switch and PDs exceed the threshold set with “POWER-INLINE USAGE- THRESHOLD”...
Page 266: Power-Inline Allow-Legacy
Chapter 12: Power Over Ethernet Commands POWER-INLINE ALLOW-LEGACY Syntax power-inline allow-legacy Parameters None Mode Port Interface mode Description Use this command to configure the ports to support legacy PDs. Legacy PDs are PoE devices that were designed before the IEEE 802.3af and IEEE 802.3at PoE standards were finalized.
Page 267: Power-Inline Description
AT-9000 Switch Command Line User’s Guide POWER-INLINE DESCRIPTION Syntax power-inline description description Parameters description Specifies a PD description of up to 256 alphanumeric characters. Spaces and special characters are allowed. Mode Port Interface mode Description Use this command to add PD descriptions to the ports to make the ports and PDs easier to identify.
Page 268: Power-Inline Enable
Chapter 12: Power Over Ethernet Commands POWER-INLINE ENABLE Syntax power-inline enable Parameters None Mode Port Interface mode Description Use this command to enable PoE on the ports. This is the default setting. Confirmation Commands “SHOW POWER-INLINE” on page 274 “SHOW POWER-INLINE INTERFACE” on page 279 “SHOW POWER-INLINE INTERFACE DETAIL”...
Page 269: Power-Inline Max
AT-9000 Switch Command Line User’s Guide POWER-INLINE MAX Syntax power-inline max max_power Parameters max_power Specifies the maximum power limit of the ports in milliwatts (mW). The range is 4000 to 30000 mW. Mode Port Interface mode Description Use this command to set the maximum power limits on the ports. The maximum power limit is the maximum amount of power a port may transmit to a PD.
Page 270: Power-Inline Priority
Chapter 12: Power Over Ethernet Commands POWER-INLINE PRIORITY Syntax power-inline priority critical|high|low Parameters critical Sets ports to the Critical priority level for PoE ports. Ports set to the Critical level are guaranteed power before any of the ports assigned to the other priority levels. high Sets ports to the High priority level.
Page 271 AT-9000 Switch Command Line User’s Guide Example This example assigns the Critical priority level to port 5: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.5 awplus(config-if)# power-inline priority critical...
Page 272: Power-Inline Usage-Threshold
Chapter 12: Power Over Ethernet Commands POWER-INLINE USAGE-THRESHOLD Syntax power-inline usage-threshold threshold Parameters threshold Specifies the power usage threshold in a percentage of the switch’s total available system and PoE power. The range is 1 to 99%. Mode Global Configuration mode Description Use this command to set a threshold of the switch’s total available system and PoE power.
Page 273: Service Power-Inline
AT-9000 Switch Command Line User’s Guide SERVICE POWER-INLINE Syntax service power-inline Parameters None Mode Global Configuration mode Description Use this command to enable PoE on the switch. This is the default setting. Confirmation Commands “SHOW POWER-INLINE” on page 274 “SHOW POWER-INLINE INTERFACE” on page 279 “SHOW POWER-INLINE INTERFACE DETAIL”...
Page 274: Show Power-Inline
Chapter 12: Power Over Ethernet Commands SHOW POWER-INLINE Syntax show power-inline Parameter None Mode Privileged Exec mode Description Use this command to display operational information about PoE. An example is shown in Figure 60. The fields are described in Table 23 on page 275.
Page 275: Table 23. Show Power-Inline Command
AT-9000 Switch Command Line User’s Guide Table 23. SHOW POWER-INLINE Command Field Description Nominal Power The switch’s total available power in watts (W). Power Allocated The available power in watts (W) for PDs. This value is updated every 5 seconds. Actual Power The current power consumption in watts (W) of the Consumption...
Page 276 Chapter 12: Power Over Ethernet Commands Table 23. SHOW POWER-INLINE Command (Continued) Field Description Oper The PoE operating status of the port. The possible status are listed here: Powered: The port is transmitting power to the  Denied: The port is not transmitting power to ...
Page 277: Show Power-Inline Counters Interface
AT-9000 Switch Command Line User’s Guide SHOW POWER-INLINE COUNTERS INTERFACE Syntax show power-inline counters interface port Parameter port Specifies a port. You can specify and display more than one port at a time. Omit this parameter to display all of the ports. Mode Privileged Exec mode Description...
Page 278 Chapter 12: Power Over Ethernet Commands Table 24. SHOW POWER-INLINE COUNTERS INTERFACE Command Field Description Denied The number of times the port had to deny power to the PD because the switch had reached its maximum power capacity. Example This command displays the PoE event counters for ports 4 to 6: awplus# show power-inline counters interface port1.0.4- port1.0.6...
Page 279: Show Power-Inline Interface
AT-9000 Switch Command Line User’s Guide SHOW POWER-INLINE INTERFACE Syntax show power-inline interface port Parameter port Specifies a port. You can display more than one port at a time. Mode Privileged Exec mode Description Use this command to display the PoE information on the ports. An example is shown in Figure 62.
Page 280: Show Power-Inline Interface Detail
Chapter 12: Power Over Ethernet Commands SHOW POWER-INLINE INTERFACE DETAIL Syntax show power-inline interface port detail Parameter port Specifies a port. You can display more than one port at a time. Mode Privileged Exec mode Description Use this command to display additional information about the ports. An example is shown in Figure 63.
Page 281 AT-9000 Switch Command Line User’s Guide Table 25. SHOW POWER-INLINE INTERFACE DETAIL Command Field Description PoE admin The status of PoE on the port. The status can be one of the following: Enabled: PoE is enabled. The port can transmit ...
Page 282 Chapter 12: Power Over Ethernet Commands Table 25. SHOW POWER-INLINE INTERFACE DETAIL Command Field Description Detection of The status of support for a legacy PD on the port: legacy devices Enabled: The port supports legacy devices.  Disabled: The port does not support legacy ...
Page 283: Snmp-Server Enable Trap Power-Inline
AT-9000 Switch Command Line User’s Guide SNMP-SERVER ENABLE TRAP POWER-INLINE Syntax snmp-server enable trap power-inline Parameters None Mode Global Configuration mode Description Use this command to activate the transmission of the SNMP power-inline trap. The trap is sent if the power requirements of the switch and PDs exceed the power limit threshold set with “POWER-INLINE USAGE- THRESHOLD”...
Page 284 Chapter 12: Power Over Ethernet Commands...
Page 285: Chapter 13: Ipv4 And Ipv6 Management Addresses
Chapter 13 IPv4 and IPv6 Management Addresses This chapter contains the following information: “Overview” on page 286  “Assigning an IPv4 Management Address and Default Gateway” on  page 289 “Assigning an IPv6 Management Address and Default Gateway” on  page 294...
Page 286: Overview
Chapter 13: IPv4 and IPv6 Management Addresses Overview This chapter explains how to assign the switch an IP address. The switch must have an IP address to perform the features in Table 26. It uses the address as its source address when it communicates with other network devices, such as TFTP servers, and Telnet management workstations.
Page 287 AT-9000 Switch Command Line User’s Guide Table 26. Features Requiring an IP Management Address on the Switch (Continued) Supported Supported Feature Description by IPv4 by IPv6 Address Address SNMPv1, v2c, and v3 Used to remotely manage the switch with SNMP. SNTP client Used to set the date and time on the switch from an NTP or...
Page 288 Chapter 13: IPv4 and IPv6 Management Addresses If you assign both IPv4 and IPv6 addresses to the switch, they  must be assigned to the same VLAN. An IPv4 management address can be assigned manually or from a  DHCP server on your network. (To learn the switch’s MAC address to add to a DHCP server, refer to “SHOW SWITCH”...
Page 289: Assigning An Ipv4 Management Address And Default Gateway
AT-9000 Switch Command Line User’s Guide Assigning an IPv4 Management Address and Default Gateway This section covers the following topics: “Adding an IPv4 Management Address” next  “Adding an IPv4 Default Gateway Address” on page 291  “Deleting an IPv4 Management Address and Default Gateway” on ...
Page 290 Chapter 13: IPv4 and IPv6 Management Addresses Here are several examples of the command. The first example assigns the switch the management IPv4 address 149.121.43.56/24 to the Default_VLAN, which has the VID number 1. Note By default, the switch is configured with the Default_VLAN which has a VID number of 1 and includes all ports on the switch.
Page 291: Adding An Ipv4 Default Gateway Address
AT-9000 Switch Command Line User’s Guide The next series of commands assigns the management address 143.24.55.67 and subnet mask 255.255.255.0 to the new VLAN. Enter the Global Configuration awplus# configure terminal mode. Use the INTERFACE VLAN awplus(config)# interface vlan17 command to move to the VLAN Interface.
Page 292: Deleting An Ipv4 Management Address And Default Gateway
Chapter 13: IPv4 and IPv6 Management Addresses Note If an IPv4 default gateway is already assigned to the switch, you must delete it prior to entering the new address. For instructions, refer to “Deleting an IPv4 Management Address and Default Gateway”...
Page 293: Displaying An Ipv4 Management Address And Default Gateway
AT-9000 Switch Command Line User’s Guide awplus> enable awplus# configure terminal awplus(config)# no ip route 0.0.0.0/0 149.121.43.23 Displaying an The easiest way to view the IPv4 management address and default gateway address of the switch is with the SHOW IP ROUTE command. It IPv4 displays both addresses at the same time.
Page 294: Assigning An Ipv6 Management Address And Default Gateway
Chapter 13: IPv4 and IPv6 Management Addresses Assigning an IPv6 Management Address and Default Gateway This section covers the following topics: “Adding an IPv6 Management Address” next  “Adding an IPv6 Default Gateway Address” on page 295  “Deleting an IPv6 Management Address and Default Gateway” on ...
Page 295: Adding An Ipv6 Default Gateway Address
AT-9000 Switch Command Line User’s Guide Note If there is a management IPv6 address already assigned to the switch, you must delete it prior to entering the new address. For instructions, refer to “Deleting an IPv6 Management Address and Default Gateway” on page 296. Here are several examples of the command.
Page 296: Deleting An Ipv6 Management Address And Default Gateway
Chapter 13: IPv4 and IPv6 Management Addresses The IPADDDRESS parameter is the default gateway to be assigned the switch. The address must be an IPv6 address and it must be a member of the same subnet as the management IPv6 address. Note This configuration is different in the AT-8000GS switch where the gateway is specified as the Link Local address.
Page 297: Displaying An Ipv6 Management Address And Default Gateway
AT-9000 Switch Command Line User’s Guide Displaying an There are two commands for displaying a management IPv6 address and default gateway. If the switch has both an IPv6 address and default IPv6 gateway, you can display both of them with the SHOW IPV6 ROUTE Management command, in the Privileged Exec mode, as shown here: Address and...
Page 298 Chapter 13: IPv4 and IPv6 Management Addresses...
Page 299: Chapter 14: Ipv4 And Ipv6 Management Address Commands
Chapter 14 IPv4 and IPv6 Management Address Commands The IPv4 and IPv6 management address commands are summarized in Table 27. Table 27. Management IP Address Commands Command Mode Description “CLEAR IPV6 NEIGHBORS” on Privileged Exec Clears all dynamic IPv6 neighbor page 301 entries.
Page 300 Chapter 14: IPv4 and IPv6 Management Address Commands Table 27. Management IP Address Commands (Continued) Command Mode Description “SHOW IPV6 INTERFACE” on Privileged Exec Displays the IPv4 management page 320 address. “SHOW IPV6 ROUTE” on page 321 Privileged Exec Displays the IPv6 management address and default gateway.
Page 301: Clear Ipv6 Neighbors
AT-9000 Switch Command Line User’s Guide CLEAR IPV6 NEIGHBORS Syntax clear ipv6 neighbors Parameters None Mode Privileged Exec mode Description Use this command to clear all of the dynamic IPv6 neighbor entries. Example This example clears all of the dynamic IPv6 neighbor entries: awplus>...
Page 302: Ip Address
Chapter 14: IPv4 and IPv6 Management Address Commands IP ADDRESS Syntax ip address ipaddress/mask Parameters ipaddress Specifies a management IPv4 address for the switch. The address is specified in the following format: nnn.nnn.nnn.nnn Where each NNN is a decimal number from 0 to 255. The numbers must be separated by periods.
Page 303 AT-9000 Switch Command Line User’s Guide Examples This example assigns the switch the IPv4 management address 142.35.78.21 and subnet mask 255.255.255.0. The address is assigned to the Default_VLAN, which has the VID 1: awplus> enable awplus# configure terminal awplus(config)# interface vlan1 awplus(config-if)# ip address 142.35.78.21/24 This example assigns the switch the IPv4 management address 116.152.173.45 and subnet mask 255.255.255.0.
Page 304: Ip Address Dhcp
Chapter 14: IPv4 and IPv6 Management Address Commands IP ADDRESS DHCP Syntax ip address dhcp Parameters None Mode VLAN Interface mode Description Use this command to assign the switch an IPv4 management address from a DHCP server. This command activates the DHCP client, which automatically queries the network for a DHCP server.
Page 305 AT-9000 Switch Command Line User’s Guide Example This example activates the DHCP client so that the switch obtains its IPv4 management address from a DHCP server on your network. The address is applied to a VLAN with the VID 4: awplus>...
Page 306: Ip Route
Chapter 14: IPv4 and IPv6 Management Address Commands IP ROUTE Syntax ip route 0.0.0.0/0 ipaddress Parameters ipaddress Specifies an IPv4 default gateway address. Mode Global Configuration mode Description Use this command to assign the switch an IPv4 default gateway address. A default gateway is an address of an interface on a router or other Layer 3 device.
Page 307 AT-9000 Switch Command Line User’s Guide Example This example assigns the switch the IPv4 default gateway address 143.87.132.45: awplus> enable awplus# configure terminal awplus(config)# ip route 0.0.0.0/0 143.87.132.45...
Page 308: Ipv6 Address
Chapter 14: IPv4 and IPv6 Management Address Commands IPV6 ADDRESS Syntax ipv6 address ipaddress/mask Parameters ipaddress Specifies an IPv6 management address for the switch. The address is entered in this format: nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn Where N is a hexadecimal digit from 0 to F. The eight groups of digits have to be separated by colons.
Page 309 AT-9000 Switch Command Line User’s Guide and syslog servers). The VLAN must already exist on the switch before you use this command. Confirmation Commands “SHOW IPV6 INTERFACE” on page 320 and “SHOW IPV6 ROUTE” on page 321 Examples This example assigns the IPv6 management address 4c57:17a9:11::190:a1d4/64 to the Default_VLAN, which has the VID 1: awplus>...
Page 310: Ipv6 Route
Chapter 14: IPv4 and IPv6 Management Address Commands IPV6 ROUTE Syntax ipv6 route ::/0 ipaddress Parameters ipaddress Specifies an IPv6 address of a default gateway. The address is entered in this format: nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn Where N is a hexadecimal digit from 0 to F. The eight groups of digits have to be separated by colons.
Page 311 AT-9000 Switch Command Line User’s Guide Example This example assigns the switch the IPv6 default gateway address 45ab:672:934c::78:17cb: awplus> enable awplus# configure terminal awplus(config)# ipv6 route ::/0 45ab:672:934c::78:17cb...
Page 312: No Ip Address
Chapter 14: IPv4 and IPv6 Management Address Commands NO IP ADDRESS Syntax no ip address Parameters None Mode VLAN Interface mode Description Use this command to delete the current IPv4 management address from the switch if the address was assigned manually. If a DHCP server supplied the address, refer to “NO IP ADDRESS DHCP”...
Page 313: No Ip Address Dhcp
AT-9000 Switch Command Line User’s Guide NO IP ADDRESS DHCP Syntax no ip address dhcp Parameters None Mode VLAN Interface mode Description Use this command to delete the current IPv4 management address from the switch if the address was assigned by a DHCP server. You must perform this command from the VLAN Interface mode of the VLAN to which the address is attached.
Page 314: No Ip Route
Chapter 14: IPv4 and IPv6 Management Address Commands NO IP ROUTE Syntax no ip route 0.0.0.0/0 ipaddress Parameters ipaddress Specifies the current default gateway. Mode Global Configuration mode Description Use this command to delete the current IPv4 default gateway. The command must include the current default gateway.
Page 315: No Ipv6 Address
AT-9000 Switch Command Line User’s Guide NO IPV6 ADDRESS Syntax no ipv6 address Parameters None Mode VLAN Interface mode Description Use this command to delete the current IPv6 management address from the switch. You must perform this command from the VLAN Interface mode of the VLAN to which the address is attached.
Page 316: No Ipv6 Route
Chapter 14: IPv4 and IPv6 Management Address Commands NO IPV6 ROUTE Syntax no ipv6 route ::/0 ipaddress Parameters ipaddress Specifies the current IPv6 default gateway. Mode Global Configuration mode Description Use this command to delete the current IPv6 default gateway from the switch.
Page 317: Show Ip Interface
AT-9000 Switch Command Line User’s Guide SHOW IP INTERFACE Syntax show ip interface Parameters None Mode Privileged Exec mode Description Use this command to display the management IP address on the switch. Figure 68 is an example of the information. Interface IP Address VLAN14-0...
Page 318: Show Ip Route
Chapter 14: IPv4 and IPv6 Management Address Commands SHOW IP ROUTE Syntax show ip route Parameters None Mode Privileged Exec mode Description Use this command to display the routes on the switch. Figure 69 displays an example of the information. ----------------------------------------- Mask NextHop...
Page 319 AT-9000 Switch Command Line User’s Guide Example The following example displays the routes on the switch: awplus# show ip route...
Page 320: Show Ipv6 Interface
Chapter 14: IPv4 and IPv6 Management Address Commands SHOW IPV6 INTERFACE Syntax show ipv6 interface Parameters None Mode Privileged Exec mode Description Use this command to display the IPv6 management address on the switch. Figure 70 is an example of the information. Interface IPv6-Address VLAN3-0...
Page 321: Show Ipv6 Route
AT-9000 Switch Command Line User’s Guide SHOW IPV6 ROUTE Syntax show ipv6 route Parameters None Mode Privileged Exec mode Description Use this command to display the IPv6 management address and default gateway on the switch. Figure 71 is an example of the information. The default route is display first, followed by the management address.
Page 322 Chapter 14: IPv4 and IPv6 Management Address Commands...
Page 323: Chapter 15: Simple Network Time Protocol (Sntp) Client
Chapter 15 Simple Network Time Protocol (SNTP) Client This chapter contains the following information: “Overview” on page 324  “Activating the SNTP Client and Specifying the IP Address of an NTP  or SNTP Server” on page 325 “Configuring Daylight Savings Time and UTC Offset” on page 326 ...
Page 324: Overview
Chapter 15: Simple Network Time Protocol (SNTP) Client Overview The switch has a Simple Network Time Protocol (SNTP) client for setting its date and time from an SNTP or NTP server on your network or the Internet. The date and time are added to the event messages that are stored in the event log and sent to syslog servers.
Page 325: Activating The Sntp Client And Specifying The Ip Address Of An Ntp Or Sntp Server
AT-9000 Switch Command Line User’s Guide Activating the SNTP Client and Specifying the IP Address of an NTP or SNTP Server To activate the SNTP client on the switch and to specify the IP address of an NTP or SNTP server, use the NTP PEER command in the Global Configuration mode.
Page 326: Configuring Daylight Savings Time And Utc Offset
Chapter 15: Simple Network Time Protocol (SNTP) Client Configuring Daylight Savings Time and UTC Offset If the time that the NTP or SNTP server provides to the switch is in Coordinated Universal Time (UTC), it has to be converted into local time. To do that, the switch needs to know whether to use Standard Time (ST) or Daylight Savings Time (DST), and the number of hours and minutes it is ahead of or behind UTC, referred to as the UTC offset.
Page 327 AT-9000 Switch Command Line User’s Guide In this example, the client is configured for ST and a UTC offset of +2 hours and 45 minutes: awplus> enable awplus# configure terminal awplus(config)# no clock summer-time awplus(config)# clock timezone +02:45...
Page 328: Disabling The Sntp Client
Chapter 15: Simple Network Time Protocol (SNTP) Client Disabling the SNTP Client To disable the SNTP client so that the switch does not obtain its date and time from an NTP or SNTP server, use the NO PEER command in the Global Configuration mode: awplus>...
Page 329: Displaying The Sntp Client
AT-9000 Switch Command Line User’s Guide Displaying the SNTP Client To display the settings of the SNTP client on the switch, use the SHOW NTP ASSOCIATIONS command in the Privileged Exec mode. awplus# show ntp associations The following is displayed: SNTP Configuration: Status ......
Page 330: Displaying The Date And Time
Chapter 15: Simple Network Time Protocol (SNTP) Client Displaying the Date and Time To display the date and time, use the SHOW CLOCK command in the User Exec mode or Privileged Exec mode: awplus# show clock...
Page 331: Chapter 16: Sntp Client Commands
Chapter 16 SNTP Client Commands The SNTP commands are summarized in Table 31. Table 31. Simple Network Time Protocol Commands Command Mode Description “CLOCK SUMMER-TIME” on Global Activates Daylight Savings Time on page 332 Configuration the SNTP client. “CLOCK TIMEZONE” on page 333 Global Sets the UTC offset value, the time Configuration...
Page 332: Clock Summer-Time
Chapter 16: SNTP Client Commands CLOCK SUMMER-TIME Syntax clock summer-time Parameters None Mode Global Configuration mode Description Use this command to enable Daylight Savings Time (DST) on the SNTP client. Note The switch does not set the DST automatically. If the switch is in a locale that uses DST, you must remember to enable this when DST begins and disable when DST ends.
Page 333: Clock Timezone
AT-9000 Switch Command Line User’s Guide CLOCK TIMEZONE Syntax +hh:mm -hh:mm clock timezone Parameters hh:mm Specifies the number of hours and minutes difference between Coordinated Universal Time (UTC) and local time. HH are hours in the range of -12 to +12, and MM are minutes in the range of increments of 15.
Page 334: No Clock Summer-Time
Chapter 16: SNTP Client Commands NO CLOCK SUMMER-TIME Syntax no clock summer-time Parameters None Mode Global Configuration mode Description Use this command to disable Daylight Savings Time (DST) and activate Standard Time (ST) on the SNTP client. Confirmation Command “SHOW NTP ASSOCIATIONS” on page 339 Examples The following example disables Daylight Savings Time (DST) and activates Standard Time (ST) on the SNTP client:...
Page 335: No Ntp Peer
AT-9000 Switch Command Line User’s Guide NO NTP PEER Syntax no ntp server Parameter None Mode Global Configuration mode Description Use this command to deactivate the SNTP client on the switch. When the client is disabled, the switch does not obtain its date and time from an SNTP or NTP server the next time it is reset or power cycled.
Page 336: Ntp Peer
Chapter 16: SNTP Client Commands NTP PEER Syntax ipaddress ntp peer Parameter ipaddress Specifies an IP address of an SNTP or NTP server. Mode Global Configuration mode Description Use this command to activate the NTP client on the switch and to specify the IP address of the SNTP or NTP server from which it is to obtain its date and time.
Page 337: Purge Ntp
AT-9000 Switch Command Line User’s Guide PURGE NTP Syntax purge ntp Parameter None Mode Global Configuration mode Description Use this command to disable the SNTP client, delete the IP address of the SNTP or NTP server, and restore the client settings to the default values. Confirmation Command “SHOW NTP ASSOCIATIONS”...
Page 338: Show Clock
Chapter 16: SNTP Client Commands SHOW CLOCK Syntax show clock Parameters None Modes User Exec mode and Privileged Exec mode Description Use this command to display the switch’s date and time. Example The following example displays the switch’s date and time. awplus# show clock...
Page 339: Show Ntp Associations
AT-9000 Switch Command Line User’s Guide SHOW NTP ASSOCIATIONS Syntax show ntp associations Parameters None Mode Privileged Exec mode Description Use this command to display the settings of the SNTP client. The information the command displays is shown in Figure 74. NTP Configuration: Status ......
Page 340 Chapter 16: SNTP Client Commands Table 32. SHOW NTP ASSOCIATIONS Command (Continued) Parameter Description UTC Offset The time difference in hours between UTC and local time. The range is -12 to +12 hours. The default is 0 hours. This value is set with “CLOCK TIMEZONE” on page 333.
Page 341: Show Ntp Status
AT-9000 Switch Command Line User’s Guide SHOW NTP STATUS Syntax show ntp status Parameters None Mode Privileged Exec mode Description Use this command to display the status of an NTP or SNTP server assigned to the switch. The display states whether or not the switch has synchronized its time with an NTP or SNTP server.
Page 342 Chapter 16: SNTP Client Commands...
Page 343: Chapter 17: Mac Address Table
Chapter 17 MAC Address Table This chapter discusses the following topics: “Overview” on page 344  “Adding Static MAC Addresses” on page 346  “Deleting MAC Addresses” on page 348  “Setting the Aging Timer” on page 350  “Displaying the MAC Address Table” on page 351 ...
Page 344: Overview
Chapter 17: MAC Address Table Overview The MAC address table stores the MAC addresses of all the network devices that are connected to the switch’s ports. Each entry in the table consists of a MAC address, a port number where an address was learned by the switch, and an ID number of a VLAN where a port is a member.
Page 345 AT-9000 Switch Command Line User’s Guide The period of time the switch waits before purging inactive dynamic MAC addresses is called the aging time. This value is adjustable on the switch. The default value is 300 seconds (5 minutes). You can also enter addresses manually into the table. These addresses are referred to as static addresses.
Page 346: Adding Static Mac Addresses
Chapter 17: MAC Address Table Adding Static MAC Addresses The command for adding static unicast MAC addresses to the switch is MAC ADDRESS-TABLE STATIC in the Global Configuration mode. Here is the format of the command: macaddress mac address-table static forward|discard interface port...
Page 347 AT-9000 Switch Command Line User’s Guide awplus> enable awplus# configure terminal awplus(config)# mac address-table static 00:a0:d2:18:1a:11 discard interface port1.0.7...
Page 348: Deleting Mac Addresses
Chapter 17: MAC Address Table Deleting MAC Addresses To delete MAC addresses from the switch, use the CLEAR MAC ADDRESS-TABLE command in the Privileged Exec mode. The format of the command is: clear mac address-table dynamic|static [address macaddress ]|[interface port ]|[vlan Here are the variables: dynamic - This variable lets you delete dynamic addresses.
Page 349 AT-9000 Switch Command Line User’s Guide This example deletes all of the dynamic addresses learned on port 20: awplus> enable awplus# clear mac address-table dynamic interface port1.0.20 This example deletes all of the static addresses added to ports 2 to 5: awplus>...
Page 350: Setting The Aging Timer
Chapter 17: MAC Address Table Setting the Aging Timer The aging timer defines the length of time that inactive dynamic MAC addresses remain in the table before they are deleted by the switch. The switch deletes inactive addresses to insure that the table contains only active and current addresses.
Page 351: Displaying The Mac Address Table
AT-9000 Switch Command Line User’s Guide Displaying the MAC Address Table To view the aging time or the MAC address table, use the SHOW MAC ADDRESS-TABLE command in the Privileged Exec mode. Here is its format: port show mac address-table [interface ]|[vlan An example of the table is shown in Figure 76.
Page 352 Chapter 17: MAC Address Table This example displays the addresses learned on the ports in a VLAN with the VID 8: awplus# show mac address-table vlan 8...
Page 353: Chapter 18: Mac Address Table Commands
Chapter 18 MAC Address Table Commands The MAC address table commands are summarized in Table 33. Table 33. MAC Address Table Commands Command Mode Description “CLEAR MAC ADDRESS-TABLE” on Privileged Exec Deletes MAC addresses from the page 354 MAC address table. “MAC ADDRESS-TABLE AGEING- Global Sets the aging timer, which is used by...
Page 354: Clear Mac Address-Table
Chapter 18: MAC Address Table Commands CLEAR MAC ADDRESS-TABLE Syntax clear mac address-table dynamic|static [address macaddress ]|[interface port ]|[vlan Parameters dynamic Deletes dynamic MAC addresses. static Deletes static addresses. address Deletes a specific address. macaddress Specifies the address to be deleted. The address must be specified in either one of the following formats: xx:xx:xx:xx:xx:xx or xxxx.xxxx.xxxx interface...
Page 355 AT-9000 Switch Command Line User’s Guide Examples This example deletes all of the dynamic addresses from the table: awplus> enable awplus# clear mac address-table dynamic This example deletes all of the static addresses: awplus> enable awplus# clear mac address-table static This example deletes a single dynamic address: awplus>...
Page 356: Mac Address-Table Ageing-Time
Chapter 18: MAC Address Table Commands MAC ADDRESS-TABLE AGEING-TIME Syntax value none mac address-table ageing-time Parameter ageing-time Specifies the aging timer in seconds for the MAC address table. The range is 10 to 1000000 seconds. The default is 300 seconds (5 minutes).
Page 357 AT-9000 Switch Command Line User’s Guide This example disables the aging timer so that the switch does not delete inactive dynamic MAC addresses from the table: awplus> enable awplus# configure terminal awplus(config)# mac address-table ageing-time none This example returns the aging timer to its default setting of 300 seconds: awplus>...
Page 358: Mac Address-Table Static
Chapter 18: MAC Address Table Commands MAC ADDRESS-TABLE STATIC Syntax macaddress mac address-table static forward|discard interface port [vlan vlan-name Parameters macaddress Specifies the static unicast address you want to add to the switch’s MAC address table. The address must be specified in either one of the following formats: xx:xx:xx:xx:xx:xx or xxxx.xxxx.xxxx forward Forwards packets containing the designated source MAC address.
Page 359 AT-9000 Switch Command Line User’s Guide Confirmation Command “SHOW MAC ADDRESS-TABLE” on page 362 Examples This example adds the static MAC address 44:c3:22:17:62:a4 to port 4 in the Production VLAN. The port forwards the packets from the specified node: awplus> enable awplus# configure terminal awplus(config)# mac address-table static 44:c3:22:17:62:a4 forward interface port1.0.4 vlan Production...
Page 360: No Mac Address-Table Static
Chapter 18: MAC Address Table Commands NO MAC ADDRESS-TABLE STATIC Syntax macaddress forward|discard no mac address-table static interface port [vlan vlan-name Parameters macaddress Specifies the static unicast address you want to delete from the switch’s MAC address table. The address must be specified in either one of the following formats: xx:xx:xx:xx:xx:xx or xxxx.xxxx.xxxx forward...
Page 361 AT-9000 Switch Command Line User’s Guide Confirmation Command “SHOW MAC ADDRESS-TABLE” on page 362 Examples This example deletes the MAC address 00:A0:D2:18:1A:11 from port 12 in the Default_VLAN, which has the VID 1. The port is forwarding packets of the owner of the address: awplus>...
Page 362: Show Mac Address-Table
Chapter 18: MAC Address Table Commands SHOW MAC ADDRESS-TABLE Syntax show mac address-table begin|exclude|include [interface port ]|[vlan Parameters begin Specifies the first line that matches the MAC address is displayed. The address must be specified in either one of the following formats: xx:xx:xx:xx:xx:xx or xxxx.xxxx.xxxx exclude Indicates the specified MAC address is excluded from the display.
Page 363: Figure 77: Show Mac Address-Table Command
AT-9000 Switch Command Line User’s Guide An example of the table is shown in Figure 77. Aging Interval: 300 second(s) Switch Forwarding Database ------------------------------------------------------------ VLAN Port ------------------------------------------------------------ 1.0.1 00a0.d218.1ac8 Forward Dynamic 1.0.2 00a0.c416.3b80 Forward Dynamic 1.0.3 00a0.12c2.10c6 Forward Dynamic 1.0.4 00a0.c209.10d8 Forward Dynamic...
Page 364: Table 35. Show Mac Address-Table Command - Multicast Addresses
Chapter 18: MAC Address Table Commands Table 34. SHOW MAC ADDRESS-TABLE Command - Unicast Addresses Parameter Description The status of the address. MAC addresses have the status of Forward, meaning that they are used by the switch to forward packets. (unlabeled) The type of address: static or dynamic.
Page 365: Chapter 19: Enhanced Stacking
Chapter 19 Enhanced Stacking This chapter discusses the following topics: “Overview” on page 366  “Configuring the Command Switch” on page 369  “Configuring a Member Switch” on page 372  “Managing the Member Switches of an Enhanced Stack” on page 374 ...
Page 366: Overview
Chapter 19: Enhanced Stacking Overview Enhanced stacking is a management tool that allows you to manage different AT-9000 Switches from one management session. With enhanced stacking you can start a management session on one switch and then redirect the session to any of the other switches in the stack, without having to start a new session.
Page 367: Guidelines
VLANs. The enhanced stacking feature on the AT-9000 Switch is not  compatible with the same feature on other Allied Telesis switches, such as the AT-8400, AT-8500, and AT-9400 Series switches. Remote Telnet, SSH, or web browser management of an ...
Page 368 Chapter 19: Enhanced Stacking 2. On the switch chosen to be the command switch, activate enhanced stacking and change its stacking status to command switch. The commands are ESTACK RUN and ESTACK COMMAND-SWITCH, both in the Global Configuration mode. 3. On the member switches, activate enhanced stacking. You do not have to set the enhanced stacking mode on the member switch because the member mode is the default setting.
Page 369: Configuring The Command Switch
AT-9000 Switch Command Line User’s Guide Configuring the Command Switch Here is an example on how to configure the switch as the command switch of the enhanced stack. The example creates a common VLAN and assigns it a management IP address. Here are the specifications for this command switch: Common VLAN name: Tech_Support ...
Page 370 Chapter 19: Enhanced Stacking 2. After creating the common VLAN on the switch, assign it the management IP address and default gateway: Enter the Global Configuration awplus# configure terminal mode. From the Global Configuration awplus(config)# interface vlan12 mode, enter the VLAN Interface mode for the Tech_Support VLAN.
Page 371 AT-9000 Switch Command Line User’s Guide Save the configuration. awplus# write...
Page 372: Configuring A Member Switch
Chapter 19: Enhanced Stacking Configuring a Member Switch This example shows you how to configure the switch as a member switch of an enhanced stack. It configures the switch to be part of the same enhanced stack with the same common VLAN as the command switch in the previous example.
Page 373 AT-9000 Switch Command Line User’s Guide Activate enhanced stacking on the awplus(config)# estack run switch. Return to the Privileged Exec awplus(config)# exit mode. Confirm the stack mode of the awplus# show estack switch. 3. To save the configuration, enter the WRITE command in the Privileged Executive mode.
Page 374: Managing The Member Switches Of An Enhanced Stack
Chapter 19: Enhanced Stacking Managing the Member Switches of an Enhanced Stack Here are the steps on how to manage the member switches of an enhanced stack. 1. Start a local or remote management session on the command switch of the enhanced stack. After logging on, you can view and configure the settings of just the command switch.
Page 375 AT-9000 Switch Command Line User’s Guide 6. When you are finished managing the member switch, enter the EXIT command from the User Exec mode or Privileged Exec mode to return the management session to the command switch. 7. To manage another member switch in the enhanced stack, repeat this procedure starting with Step 2.
Page 376: Changing The Enhanced Stacking Mode
Chapter 19: Enhanced Stacking Changing the Enhanced Stacking Mode If you want to change the enhanced stacking mode of a switch from command to member, all you have to do is enter the NO ESTACK COMMAND-SWITCH command in the Global Configuration mode, as shown here: awplus>...
Page 377 AT-9000 Switch Command Line User’s Guide 2. On the member switch, change its mode from member to command with the ESTACK COMMAND-SWITCH command. 3. On the original command switch, restart enhanced stacking with the ESTACK RUN command and, if desired, reestablish its command mode with the ESTACK COMMAND-SWITCH command.
Page 378: Uploading Boot Configuration Files From The Command Switch To Member Switches
Chapter 19: Enhanced Stacking Uploading Boot Configuration Files from the Command Switch to Member Switches You may use the enhanced stacking feature to transfer boot configuration files from the file system in the command switch of the enhanced stack to member switches.
Page 379 AT-9000 Switch Command Line User’s Guide The second prompt is shown here: Enter the list of switches -> At the prompt, enter the enhanced stack numbers of the member switches to receive the file. You may upload a file to more than one member switch at a time by separating the numbers with commas.
Page 380 Chapter 19: Enhanced Stacking Here are the steps to perform on the command switch to upload the configuration file from its file system to the member switch: Enter the Privileged Executive awplus> enable mode from the User Executive mode. Display the member switches of awplus# show estack remotelist the enhanced stack with the SHOW ESTACK REMOTELIST...
Page 381 AT-9000 Switch Command Line User’s Guide Here is another example of the feature. This example uploads a configuration file to a new switch in an enhanced stack, such as a replacement switch for a failed unit. This example is more complicated than the previous example because the stack is not using the Default VLAN as the common VLAN, and the new switch will not be using BOOT.CFG as the name of its active boot configuration file.
Page 382 Chapter 19: Enhanced Stacking Return to the Privileged Exec awplus(config-if)# mode. Verify the new VLAN. awplus# show vlan 12 3. Use the ESTACK RUN command in the Global Configuration mode to activate enhanced stacking on the switch. It is not necessary to set the switch to the member mode because that is the default setting.
Page 383 AT-9000 Switch Command Line User’s Guide List the files in the file system of awplus# dir the command switch to confirm that it has the configuration file you want to upload to the member switch. In this example, the filename is Eng12c.cfg file. Enter the Global Configuration awplus# configure terminal mode.
Page 384 Chapter 19: Enhanced Stacking Reconfirm the enhanced stacking awplus# show estack remotelist ID number of the replacement member switch. Enter the Global Configuration awplus# configure terminal mode. Use the RCOMMAND command awplus(config)# rcommand 3 to start a remote management session on the replacement member switch.
Page 385: Uploading The Management Software From The Command Switch To Member Switches
AT-9000 Switch Command Line User’s Guide Uploading the Management Software from the Command Switch to Member Switches You may use enhanced stacking to install new releases of the management software on the member switches from the command switch. After you update the command switch with the new management software, you can instruct it to upload the software to the member switches for you.
Page 386 Chapter 19: Enhanced Stacking Caution A member switch stops forwarding network traffic after it receives the management software from the command switch and begins writing it to flash memory. Some network traffic may be lost. Caution Do not power off a member switch while it is writing the software to flash memory.
Page 387: Disabling Enhanced Stacking
AT-9000 Switch Command Line User’s Guide Disabling Enhanced Stacking The command that disables enhanced stacking on a switch is the NO ESTACK RUN command in the Global Configuration mode, and the confirmation command is the SHOW ESTACK command in the Privileged Exec mode.
Page 388 Chapter 19: Enhanced Stacking...
Page 389: Chapter 20: Enhanced Stacking Commands
Chapter 20 Enhanced Stacking Commands The enhanced stacking commands are summarized in Table 36. Table 36. Enhanced Stacking Commands Command Mode Description “ESTACK COMMAND-SWITCH” on Global Designates the switch as the page 391 Configuration command switch. “ESTACK RUN” on page 392 Global Activates enhanced stacking on the Configuration...
Page 390 Chapter 20: Enhanced Stacking Commands Table 36. Enhanced Stacking Commands Command Mode Description “UPLOAD IMAGE REMOTELIST” on Global Uploads the management software on page 404 Configuration the command switch of an enhanced stack to the member switches.
Page 391: Estack Command-Switch
AT-9000 Switch Command Line User’s Guide ESTACK COMMAND-SWITCH Syntax estack command-switch Parameter None Mode Global Configuration mode Description Use this command to set the enhanced stacking mode on the  switch to the command mode. This command has the following guidelines: Enhanced stacking must be activated on the switch.
Page 392: Estack Run
Chapter 20: Enhanced Stacking Commands ESTACK RUN Syntax estack run Parameter None Mode Global Configuration mode Description Use this command to activate enhanced stacking on the switch. Confirmation Command “SHOW ESTACK” on page 398 Example The following example activates enhanced stacking on the switch: awplus>...
Page 393: No Estack Command-Switch
AT-9000 Switch Command Line User’s Guide NO ESTACK COMMAND-SWITCH Syntax no estack command-switch Parameter None Mode Global Configuration mode Description Use this command to return the enhanced stacking mode on the switch to member switch from command switch. This command has the following guidelines: The default setting for the enhanced stacking mode on the switch ...
Page 394: No Estack Run
Chapter 20: Enhanced Stacking Commands NO ESTACK RUN Syntax no estack run Parameter None Mode Global Configuration mode Description Use this command to disable enhanced stacking on the switch. The switch cannot use enhanced stacking when the feature is disabled. If you disable enhanced stacking on the command switch, you cannot use that switch to manage the switches in the stack.
Page 395: Rcommand
AT-9000 Switch Command Line User’s Guide RCOMMAND Syntax switch_id rcommand Parameters switch_id Specifies the ID number of a member switch you want to manage in the enhanced stack. This number is displayed with “SHOW ESTACK REMOTELIST” on page 401. You can enter only one ID number.
Page 396: Reboot Estack Member
Chapter 20: Enhanced Stacking Commands REBOOT ESTACK MEMBER Syntax id_number reboot estack member | all Parameters id_number Specifies the enhanced stack ID number of a switch. The number is displayed with “SHOW ESTACK REMOTELIST” on page 401. You may specify the ID number of only one switch. Specifies all of the switches of the enhanced stack, except the command switch.
Page 397 AT-9000 Switch Command Line User’s Guide Examples This example reboots a member switch that has the ID number 3: awplus> enable awplus# configure terminal awplus(config)# reboot estack member 3 This example reboots all of the member switches of the enhanced stack: awplus>...
Page 398: Show Estack
Chapter 20: Enhanced Stacking Commands SHOW ESTACK Syntax show estack Parameters None Mode Privileged Exec mode Description Use this command to display whether enhanced stacking is enabled or disabled on the switch and whether the switch’s mode is command or member.
Page 399 AT-9000 Switch Command Line User’s Guide Table 37. SHOW ESTACK Command (Continued) Parameter Description Enhanced Stacking mode Member [1] - Enhanced stacking is  (Continued) enabled on the switch, and the switch is set to the member mode. If there is a number in the brackets, the switch detected a command switch on the common VLAN of the enhanced stack.
Page 400: Show Estack Command-Switch
Chapter 20: Enhanced Stacking Commands SHOW ESTACK COMMAND-SWITCH Syntax show estack command-switch Parameters None Mode Privileged Exec mode Description Use this command on a member switch in an enhanced stack to display the enhanced stacking information about the command switch. This command is equivalent to issuing the SHOW ESTACK command on the command switch.
Page 401: Show Estack Remotelist
AT-9000 Switch Command Line User’s Guide SHOW ESTACK REMOTELIST Syntax show estack remotelist [name] [series] Parameters name Sorts the list of switches by the host name. series Sorts the list of switches by the model name. Mode Privileged Exec mode Description Use this command on the command switch to display the member switches of an enhanced stack.
Page 402 Chapter 20: Enhanced Stacking Commands This example sorts the switches by host name: awplus> enable awplus# configure terminal awplus(config)# show estack remotelist name This example sorts the switches by model series: awplus> enable awplus# configure terminal awplus(config)# show estack remotelist series...
Page 403: Upload Config Remotelist
AT-9000 Switch Command Line User’s Guide UPLOAD CONFIG REMOTELIST Syntax upload config remotelist Parameters None Mode Global Configuration mode Description Use this command to upload boot configuration files from the file system in the command switch of an enhanced stack to the member switches. The member switches store the files in their file systems as BOOT.CFG.
Page 404: Upload Image Remotelist
Chapter 20: Enhanced Stacking Commands UPLOAD IMAGE REMOTELIST Syntax upload image remotelist Parameters None Mode Global Configuration mode Description Use this command to upload the management software on the command switch of an enhanced stack to the member switches. The command displays the following prompt: Remote switches will reboot after load is complete...
Page 405 AT-9000 Switch Command Line User’s Guide Caution The member switches stop forwarding network traffic after they receive the management software from the command switch and as they write the file to their flash memory. Some network traffic may be lost. Caution Do not power off the member switches while they are writing the software to their flash memory.
Page 406 Chapter 20: Enhanced Stacking Commands...
Page 407: Chapter 21: Port Mirror
Chapter 21 Port Mirror This chapter discusses the following topics: “Overview” on page 408  “Creating the Port Mirror or Adding New Source Ports” on page 409  “Removing Source Ports or Deleting the Port Mirror” on page 410  “Combining the Port Mirror with Access Control Lists”...
Page 408: Overview
Chapter 21: Port Mirror Overview The port mirror is a management tool that allows you to monitor the traffic on one or more ports on the switch. It works by copying the traffic from designated ports to another port where the traffic can be monitored with a network analyzer.
Page 409: Creating The Port Mirror Or Adding New Source Ports
AT-9000 Switch Command Line User’s Guide Creating the Port Mirror or Adding New Source Ports The command to create the port mirror is the MIRROR INTERFACE command. You must perform this command from the Port Interface mode of the destination port of the port mirror. The command has this format: source_ports mirror interface direction...
Page 410: Removing Source Ports Or Deleting The Port Mirror
Chapter 21: Port Mirror Removing Source Ports or Deleting the Port Mirror To remove source ports from the port mirror, enter the Port Interface mode of the destination port and issue the NO MIRROR INTERFACE command. Here is the format of the command: source_ports no mirror interface This example removes source port 2 from the port mirror.
Page 411: Combining The Port Mirror With Access Control Lists
AT-9000 Switch Command Line User’s Guide Combining the Port Mirror with Access Control Lists You may combine the port mirror with an access control list to monitor a subset of the ingress traffic on a port. The access control list is used to specify the ingress traffic to be coped to the destination port of the port mirror.
Page 412 Chapter 21: Port Mirror Enter the Port Interface modes for awplus(config)# interface port1.0.14,port1.0.15 ports 14 and 15. Assign the access control list to awplus(config-if)# access-group 3008 the ports. Return to the Privileged Exec awplus(config-if)# end mode. Use the SHOW MIRROR awplus# show mirror command to confirm that port 18 is the destination port of the port...
Page 413: Displaying The Port Mirror
AT-9000 Switch Command Line User’s Guide Displaying the Port Mirror To display the port mirror, go to the Privileged Exec mode and enter the SHOW MIRROR command: awplus# show mirror In this example of the information, the port mirror is enabled, and the ingress and egress packets on ports 1 and 3, as well as the egress traffic on ports 11 to 13, are being copied to destination port 22.
Page 414 Chapter 21: Port Mirror...
Page 415: Chapter 22: Port Mirror Commands
Chapter 22 Port Mirror Commands The port mirror commands are summarized in Table 38. Table 38. Port Mirror Commands Command Mode Description “MIRROR” on page 416 Port Interface Designates the destination port for access control lists that use the copy- to-mirror action.
Page 416: Mirror
Chapter 22: Port Mirror Commands MIRROR Syntax mirror Parameters None Mode Port Interface mode Description Use this command to designate the destination port for the copy-to-mirror action in access control lists. You can designate only one destination port. Confirmation Command “SHOW MIRROR”...
Page 417: Mirror Interface
AT-9000 Switch Command Line User’s Guide MIRROR INTERFACE Syntax source_ports mirror interface direction receive|transmit|both Parameters source_ports Specifies a source port for the port mirror. You can specify more than one source port. direction Specifies the traffic to be mirrored from a source port to the destination port.
Page 418 Chapter 22: Port Mirror Commands Example This example configures the port mirror to copy the ingress traffic on ports 3 and 4, the source ports, to port 5, the destination port. If port 5 is already acting as the destination port of the port mirror, the commands add ports 3 and 4 to the port mirror: awplus>...
Page 419: No Mirror Interface
AT-9000 Switch Command Line User’s Guide NO MIRROR INTERFACE Syntax source_ports no mirror interface Parameters source_ports Specifies a source port of the port mirror. You can specify more than one source port at a time in the command. Mode Port Interface mode Description Use this command to remove source ports from the port mirror or to delete the port mirror.
Page 420: Show Mirror
Chapter 22: Port Mirror Commands SHOW MIRROR Syntax show mirror Parameters None Modes Privileged Exec mode Description Use this command to display the source and destination ports of the port mirror on the switch. An example is shown in Figure 85. Destination Port Mirror Test Port Name: port1.0.22 Mirror option: Enabled...
Page 421: Figure 86: Show Mirror Command And Access Control Lists
AT-9000 Switch Command Line User’s Guide Table 39. SHOW MIRROR Command (Continued) Parameter Description Mirror direction The packets to be mirrored to the destination port. The states are listed here: Receive - The ingress packets of the  source port are mirrored to the destination port.
Page 422 Chapter 22: Port Mirror Commands...
Page 423: Chapter 23: Internet Group Management Protocol (Igmp) Snooping
Chapter 23 Internet Group Management Protocol (IGMP) Snooping This chapter discusses the following topics: “Overview” on page 424  “Host Node Topology” on page 426  “Enabling IGMP Snooping” on page 427  “Configuring the IGMP Snooping Commands” on page 428 ...
Page 424: Overview
Chapter 23: Internet Group Management Protocol (IGMP) Snooping Overview IGMP snooping allows the switch to control the flow of multicast packets from its ports. It enables the switch to forward packets of multicast groups to only ports that have host nodes that want to join the multicast groups. IGMP is used by IPv4 routers to create lists of nodes that are members of multicast groups.
Page 425: Understanding Multicast Traffic Settings
AT-9000 Switch Command Line User’s Guide improves switch performance and network security by restricting the flow of multicast packets to only those switch ports that are connected to host nodes. If the switch is not using IGMP snooping and receives multicast packets, it floods the packets out all its ports, except the port on which it received the packets.
Page 426: Host Node Topology
Chapter 23: Internet Group Management Protocol (IGMP) Snooping Host Node Topology The switch has a host node topology setting. You use this setting to define whether there is more than one host node on each port on the switch. The switch refers to the topology to determine whether or not to continue transmitting multicast packets from ports that receive leave requests or where host nodes time out due to inactivity.
Page 427: Enabling Igmp Snooping
AT-9000 Switch Command Line User’s Guide Enabling IGMP Snooping The command to enable IGMP Snooping on the switch is the IP IGMP SNOOPING command in the Global Configuration mode. After you enter the command, the switch begins to build its multicast table as queries from the multicast router and reports from the host nodes arrive on its ports.
Page 428: Configuring The Igmp Snooping Commands
Chapter 23: Internet Group Management Protocol (IGMP) Snooping Configuring the IGMP Snooping Commands This table lists the IGMP Snooping commands with the exception of the enable, disable, and display commands which are described in other sections of this chapter. Table 40. IGMP Snooping Commands Use This Command Range Clear all IGMP group membership...
Page 429 AT-9000 Switch Command Line User’s Guide This example limits the switch to two multicast groups and specifies that there is only one host node per port: awplus> enable awplus# configure terminal awplus(config)# ip igmp limit 2 awplus(config)# ip igmp status single For more information about these commands, see “IP IGMP LIMIT”...
Page 430: Disabling Igmp Snooping
Chapter 23: Internet Group Management Protocol (IGMP) Snooping Disabling IGMP Snooping The command to disable IGMP Snooping on the switch is the NO IP IGMP SNOOPING command in the Global Configuration mode. To disable IGMP Snooping: awplus> enable awplus# configure terminal awplus(config)# no ip igmp snooping When IGMP Snooping is disabled, the switch floods the multicast packets on all ports, except on ports that receive the packets.
Page 431: Displaying Igmp Snooping
AT-9000 Switch Command Line User’s Guide Displaying IGMP Snooping To display the settings of IGMP Snooping and its status, use the SHOW IP IGMP SNOOPING command in the User Exec mode or Privileged Exec mode: awplus# show ip igmp snooping Here is an example of the information the command displays: IGMP Snooping Configuration: IGMP Snooping Status ....
Page 432 Chapter 23: Internet Group Management Protocol (IGMP) Snooping...
Page 433: Chapter 24: Igmp Snooping Commands
Chapter 24 IGMP Snooping Commands The IGMP snooping commands are summarized in Table 41 and are described in detail within the chapter. Table 41. Internet Group Management Protocol Snooping Commands Command Mode Description “CLEAR IP IGMP” on page 434 Privileged Exec Clears all IGMP group membership records.
Page 434: Clear Ip Igmp
Chapter 24: IGMP Snooping Commands CLEAR IP IGMP Syntax clear ip igmp Parameters None Mode Privileged Exec mode Description Use this command to clear all IGMP group membership records on all VLANs. Example This example clears all IGMP group membership records on all VLANs: awplus>...
Page 435: Ip Igmp Limit
AT-9000 Switch Command Line User’s Guide IP IGMP LIMIT Syntax multicastgroups ip igmp limit Parameter multicastgroups Specifies the maximum number of multicast addresses the switch is allowed to learn. The range is 0 to 255 multicast addresses; the default is 64 addresses. Mode Global Configuration mode Description...
Page 436: Ip Igmp Querier-Timeout
Chapter 24: IGMP Snooping Commands IP IGMP QUERIER-TIMEOUT Syntax timeout ip igmp querier-timeout Parameters timeout Specifies the time period in seconds used by the switch to identify inactive host nodes and multicast routers. The range is from 0 to 65535 seconds. The default is 255 seconds. Setting the timeout to zero (0) disables the timer.
Page 437: Ip Igmp Snooping
AT-9000 Switch Command Line User’s Guide IP IGMP SNOOPING Syntax ip igmp snooping Parameters None Mode Global Configuration mode Description Use this command to activate IGMP snooping on the switch. Caution The IP IGMP SNOOPING FLOOD-UNKNOWN-MCAST command is enabled by default when IGMP Snooping is activated. This may cause a slow-down of network data.
Page 438: Ip Igmp Snooping Flood-Unknown-Mcast
Chapter 24: IGMP Snooping Commands IP IGMP SNOOPING FLOOD-UNKNOWN-MCAST Syntax ip igmp snooping flood-unknown-mcast Parameter None Mode Global Configuration mode Description This command disables the automatic suppression of unknown multicast traffic on the switch. By default, IGMP Snooping does not suppress all unknown multicast traffic except for IPv4 reserved addresses 224.0.0.1 through 224.0.0.255.
Page 439 AT-9000 Switch Command Line User’s Guide awplus> enable awplus# configure terminal awplus(config)# ip igmp snooping awplus(config)# ip igmp snooping flood-unknown-mcast This example enables the automatic suppression of unknown multicast traffic on the switch: awplus> enable awplus# configure terminal awplus(config)# no ip igmp snooping flood-unknown-mcast...
Page 440: Ip Igmp Snooping Mrouter
Chapter 24: IGMP Snooping Commands IP IGMP SNOOPING MROUTER Syntax port ip igmp snooping mrouter interface Parameter port Specifies a port connected to a multicast router. You can specify more than one port. Mode Global Configuration mode Description Use this command to manually specify ports that are connected to multicast routers.
Page 441: Ip Igmp Status
AT-9000 Switch Command Line User’s Guide IP IGMP STATUS Syntax ip igmp status single | multiple Parameters single Activates the single-host per port setting, which is used when the ports on the switch have only one host node each. multiple Activates the multiple-host per port setting, which is used when the ports have more than one host node.
Page 442: No Ip Igmp Snooping
Chapter 24: IGMP Snooping Commands NO IP IGMP SNOOPING Syntax no ip igmp snooping Parameters None Mode Global Configuration mode Description Use this command to deactivate IGMP snooping on the switch. When IGMP snooping is disabled, the switch floods multicast packets on all ports, except on ports that receive the packets.
Page 443: No Ip Igmp Snooping Mrouter
AT-9000 Switch Command Line User’s Guide NO IP IGMP SNOOPING MROUTER Syntax port no ip igmp snooping mrouter interface Parameter port Specifies a multicast router port. Mode Global Configuration mode Description Use this command to remove static multicast router ports. Removing all multicast router ports activates auto-detect.
Page 444: Show Ip Igmp Snooping
Chapter 24: IGMP Snooping Commands SHOW IP IGMP SNOOPING Syntax show ip igmp snooping Parameters None Mode Privileged Exec mode Description Use this command to display the IGMP snooping parameters. Figure 88 illustrates the information. IGMP Snooping Configuration: IGMP Snooping Status ....Enabled Host Topology ......
Page 445: Table 42. Show Ip Igmp Snooping Command
AT-9000 Switch Command Line User’s Guide The information the command displays is explained in Table 42. Table 42. SHOW IP IGMP SNOOPING Command Parameter Description IGMP Snooping Configuration IGMP Snooping Status The status of IGMP snooping on the switch. To enable or disable the feature, refer to “IP IGMP SNOOPING”...
Page 446 Chapter 24: IGMP Snooping Commands Table 42. SHOW IP IGMP SNOOPING Command (Continued) Parameter Description Port/Trunk ID The port of a multicast router. If the switch learned a router on a port trunk, the trunk ID number, instead of a port number, is displayed.
Page 447: Chapter 25: Multicast Commands
Chapter 25 Multicast Commands The multicast commands are summarized in Table 43. Table 43. Multicast Commands Command Mode Description “NO SWITCHPORT BLOCK Port Interface Resumes forwarding egress multicast EGRESS-MULTICAST” on page 448 packets on ports. “NO SWITCHPORT BLOCK Port Interface Resumes forwarding ingress multicast INGRESS-MULTICAST”...
Page 448: No Switchport Block Egress-Multicast
Chapter 25: Multicast Commands NO SWITCHPORT BLOCK EGRESS-MULTICAST Syntax no switchport block egress-multicast Parameters None Mode Port Interface mode Description Use this command to resume forwarding of egress multicast packets on ports. By default, this is the default setting on all of the ports on the switch. Confirmation Command “SHOW INTERFACE”...
Page 449: No Switchport Block Ingress-Multicast
AT-9000 Switch Command Line User’s Guide NO SWITCHPORT BLOCK INGRESS-MULTICAST Syntax no switchport block ingress-multicast Parameters None Mode Port Interface mode Description Use this command to resume forwarding of ingress multicast packets on ports. Confirmation Command “SHOW INTERFACE” on page 221 Example This example resumes forwarding of ingress multicast packets on ports 2 and 8:...
Page 450: Switchport Block Egress-Multicast
Chapter 25: Multicast Commands SWITCHPORT BLOCK EGRESS-MULTICAST Syntax switchport block egress-multicast Parameters None Mode Port Interface mode Description Use this command to block egress multicast packets on ports. By default, all ports on the switch are set to allow multicast packets. Note This feature does not block multicast packets that have reserved multicast addresses in the range of 01:80:C2:00:00:00 to...
Page 451: Switchport Block Ingress-Multicast
AT-9000 Switch Command Line User’s Guide SWITCHPORT BLOCK INGRESS-MULTICAST Syntax switchport block ingress-multicast Parameters None Mode Port Interface mode Description Use this command to block ingress multicast packets on ports. Note This feature does not block multicast packets that have reserved multicast addresses in the range of 01:80:C2:00:00:00 to 01:80:C2:00:00:0F.
Page 452 Chapter 25: Multicast Commands...
Page 453: Section Iii: File System
Section III File System This section contains the following chapters: Chapter 26, “File System” on page 455  Chapter 27, “File System Commands” on page 463  Chapter 28, “Boot Configuration Files” on page 471  Chapter 29, “Boot Configuration File Commands” on page 477 ...
Page 455: Chapter 26: File System
Chapter 26 File System This chapter discusses the following topics: “Overview” on page 456  “Copying Boot Configuration Files” on page 457  “Renaming Boot Configuration Files” on page 458  “Deleting Boot Configuration Files” on page 459  “Displaying the Specifications of the File System” on page 460 ...
Page 456: Overview
Chapter 26: File System Overview The file system in the switch stores the following types of files: Boot configuration files  Encryption key pairs  The file system has a flat directory structure. All the files are stored in the root directory.
Page 457: Copying Boot Configuration Files
“unit24.cfg”: awplus# copy unit12.cfg unit24.cfg Note Allied Telesis recommends that you periodically upload the active boot configuration file of the switch to a network device, so that if the switch should fail and become inoperable, the uploaded files will be available to quickly configure its replacement.
Page 458: Renaming Boot Configuration Files
Chapter 26: File System Renaming Boot Configuration Files To rename boot configuration files in the file system, use the MOVE command, found in the Privileged Exec mode. Here is the format: move filename1 .cfg filename2 .cfg The FILENAME1 variable is the name of the file to be renamed and the FILENAME2 variable is the file’s new name.
Page 459: Deleting Boot Configuration Files
AT-9000 Switch Command Line User’s Guide Deleting Boot Configuration Files If the file system becomes cluttered with unnecessary configuration files, you use the DELETE command in the Privileged Exec mode to delete them. The format of the command is: filename.ext delete This example deletes the configuration file “unit2a.cfg”: awplus# delete unit2a.cfg...
Page 460: Displaying The Specifications Of The File System
Chapter 26: File System Displaying the Specifications of the File System The User Exec mode and the Privileged Exec mode have a command that lets you display the size of the file system, the amount of free space, and the amount of space used by the files currently stored in the file system. It is the SHOW FILE SYSTEMS command.
Page 461: Listing The Files In The File System
AT-9000 Switch Command Line User’s Guide Listing the Files in the File System To view the names of the files in the file system of the switch, use the DIR command in the Privileged Exec mode: awplus# dir The command does not accept wildcards.
Page 462 Chapter 26: File System...
Page 463: Chapter 27: File System Commands
Chapter 27 File System Commands The file system commands are summarized in Table 45. Table 45. File System Commands Command Mode Description “COPY” on page 464 Privileged Exec Copies boot configuration files. “DELETE” on page 465 Privileged Exec Deletes boot configuration files from the file system.
Page 464: Copy
Chapter 27: File System Commands COPY Syntax sourcefile destinationfile copy .cfg .cfg Parameters sourcefile.cfg Specifies the name of the boot configuration file you want to copy. destinationfile.cfg Specifies the name of the new copy of the file. The filename can be from 1 to 16 alphanumeric characters.
Page 465: Delete
AT-9000 Switch Command Line User’s Guide DELETE Syntax filename delete .cfg Parameter filename.cfg Specifies the name of the boot configuration file to be deleted. You can use the wildcard “*” to replace any part of a filename to delete multiple configuration files. Mode Privileged Exec mode Description...
Page 466: Delete Force
Chapter 27: File System Commands DELETE FORCE Syntax filename.ext delete force Parameter filename.ext Specifies the name of the boot configuration file to be deleted. You can use the wildcard “*” to replace any part of a filename to delete multiple configuration files. Mode Privileged Exec mode Description...
Page 467: Dir
AT-9000 Switch Command Line User’s Guide Syntax Parameter None Mode Privileged Exec mode Description Use this command to list the names of the files stored in the file system on the switch. Example The following command lists the file names stored in the file system: awplus# dir...
Page 468: Move
Chapter 27: File System Commands MOVE Syntax filename1 filename2 move .cfg .cfg Parameters filename1.cfg Specifies the name of the boot configuration file to be renamed. filename2.cfg Specifies the new name for the file. The filename can be from 1 to 16 alphanumeric characters, not including the filename extension, which must be “.cfg”.
Page 469: Show File Systems
AT-9000 Switch Command Line User’s Guide SHOW FILE SYSTEMS Syntax show file systems Parameter None Mode Privileged Exec mode Description Use this command to display the specifications of the file system in the switch. An example is shown in Figure 90. Size (b) Free (b) Type...
Page 470 Chapter 27: File System Commands Table 46. SHOW FILE SYSTEMS Command (Continued) Parameter Description S/D/V The memory type: static, dynamic, or virtual. Lcl/Ntwk Whether the memory is located locally or via a network connection. This is always Local. Whether the memory is accessible: Y (yes), N (no), - (not appropriate) Example The following example displays the specifications of the file system:...
Page 471: Chapter 28: Boot Configuration Files
Chapter 28 Boot Configuration Files This chapter discusses the following topics: “Overview” on page 472  “Specifying the Active Boot Configuration File” on page 473  “Creating a New Boot Configuration File” on page 475  “Displaying the Active Boot Configuration File” on page 476 ...
Page 472: Overview
Chapter 28: Boot Configuration Files Overview The changes that you make to the parameters settings of the switch are saved as a series of commands in a special file in the file system. The file is referred to as the active boot configuration file. This file is updated by the switch with your latest changes whenever you issue the WRITE command or the COPY RUNNING-CONFIG STARTUP-CONFIG command in the Privileged Exec mode.
Page 473: Specifying The Active Boot Configuration File
AT-9000 Switch Command Line User’s Guide Specifying the Active Boot Configuration File To create or designate a new active boot configuration file for the switch, use the BOOT CONFIG-FILE command in the Global Configuration mode. Here is the format of the command; filename boot config-file .cfg...
Page 474 Chapter 28: Boot Configuration Files Here are a couple examples of the command. The first example creates a new active boot configuration file called “sw_product4.cfg”: awplus> enable awplus# configure terminal awplus(config)# boot config-file sw_product4.cfg After you enter the command, the switch creates the file in its file system, updates it with the current parameter settings, and finally marks it as the active boot configuration file.
Page 475: Creating A New Boot Configuration File
AT-9000 Switch Command Line User’s Guide Creating a New Boot Configuration File It is a good idea to periodically make copies of the current configuration of the switch so that you can return the switch to an earlier configuration, if necessary.
Page 476: Displaying The Active Boot Configuration File
Chapter 28: Boot Configuration Files Displaying the Active Boot Configuration File To display the name of the active boot configuration file on the switch, go to the Privileged Exec mode and enter the SHOW BOOT command. Here is the command: awplus# show boot Here is an example of the information.
Page 477: Chapter 29: Boot Configuration File Commands
Chapter 29 Boot Configuration File Commands The boot configuration file commands are summarized in Table 47 and described in detail within the chapter. Table 47. Boot Configuration File Commands Command Mode Description “BOOT CONFIG-FILE” on page 478 Global Designates or creates a new active Configuration boot configuration file for the switch.
Page 478: Boot Config-File
Chapter 29: Boot Configuration File Commands BOOT CONFIG-FILE Syntax filename boot config-file .cfg Parameter filename Specifies the name of a boot configuration file that is to act as the active boot configuration file on the switch. The filename can be from 1 to 16 alphanumeric characters.
Page 479 AT-9000 Switch Command Line User’s Guide Confirmation Command “SHOW BOOT” on page 484. Examples This example designates a file called “region2asw.cfg” as the switch’s active configuration file. This example assumes that the file is completely new. The switch creates the file, with its current parameter settings, and then designates it as the active boot configuration file: awplus>...
Page 480: Copy Running-Config
Chapter 29: Boot Configuration File Commands COPY RUNNING-CONFIG Syntax filename copy running-config .cfg Parameter filename Specifies a name for a new boot configuration file. The name can be from 1 to 16 alphanumeric characters. The extension must be “.cfg”. Mode Privileged Exec mode Description Use this command to create new boot configuration files.
Page 481: Copy Running-Config Startup-Config
AT-9000 Switch Command Line User’s Guide COPY RUNNING-CONFIG STARTUP-CONFIG Syntax copy running-config startup-config Parameters None Mode Privileged Exec mode Description Use this command to update the active boot configuration file with the switch’s current configuration, for permanent storage. When you enter the command, the switch copies its parameter settings into the active boot configuration file.
Page 482: Erase Startup-Config
Chapter 29: Boot Configuration File Commands ERASE STARTUP-CONFIG Syntax erase startup-config Parameters None Mode Privileged Exec mode Description Use this command to restore the default settings to all the parameters on the switch. Review the following information before using this command: This command does not delete the files in the switch’s file system ...
Page 483: No Boot Config-File
AT-9000 Switch Command Line User’s Guide NO BOOT CONFIG-FILE Syntax no boot config-file Parameter None Mode Global Configuration mode Description Use this command to configure the switch with the settings in the default BOOT.CFG file. Caution This command causes the switch to reset. It does not forward network traffic while it initializes the management software.
Page 484: Show Boot
Chapter 29: Boot Configuration File Commands SHOW BOOT Syntax show boot Parameter None Mode Privileged Exec mode Description Use this command to display the name of the active boot configuration file and the version numbers of the management software and bootloader. Figure 92 is an example of the information.
Page 485 AT-9000 Switch Command Line User’s Guide Example This command displays the name of the active boot configuration file and the version numbers of the management software and bootloader. awplus# show boot...
Page 486: Show Startup-Config
Chapter 29: Boot Configuration File Commands SHOW STARTUP-CONFIG Syntax show startup-config Parameters None Mode Privileged Exec mode Description Use this command to display the contents of the active boot configuration file. Example The following example displays the contents of the active boot configuration file: awplus# show startup-config...
Page 487: Write
AT-9000 Switch Command Line User’s Guide WRITE Syntax write Parameters None Mode Privileged Exec mode Description Use this command to update the active boot configuration file with the switch’s current configuration, for permanent storage. When you enter the command, the switch copies its parameter settings into the active boot configuration file.
Page 488 Chapter 29: Boot Configuration File Commands...
Page 489: Chapter 30: File Transfer
Chapter 30 File Transfer This chapter discusses the following topics: “Overview” on page 490  “Uploading or Downloading Files with TFTP” on page 491  “Uploading or Downloading Files with Zmodem” on page 495  “Downloading Files with Enhanced Stacking” on page 498 ...
Page 490: Overview
Chapter 30: File Transfer Overview This chapter discusses how to download files onto the switch and upload files onto the switch. You can download the following file types to the switch: New versions of the management software  Boot configuration files (Refer to Chapter 28, “Boot Configuration ...
Page 491: Uploading Or Downloading Files With Tftp
Some network traffic may be lost. 1. Obtain the new management software from the Allied Telesis web site and store it on the TFTP server on your network. For information on how to obtain management software from Allied Telesis, refer to “Contacting Allied Telesis”...
Page 492: Downloading Files To The Switch With Tftp
Chapter 30: File Transfer The IPADDRESS parameter is the IP address of the TFTP server, and the FILENAME parameter is the name of the new management software file to be downloaded to the switch from the TFTP server. The filename must include the “.img” extension and cannot contain spaces. In this example of the command, the IP address of the TFTP server is 149.11.124.5 and the filename of the new management software to be downloaded from the server is “at-9000_sw.img”:...
Page 493: Uploading Files From The Switch With Tftp
AT-9000 Switch Command Line User’s Guide In this example of the command, the IP address of the TFTP server is 152.34.67.8, and the filename of the boot configuration to be downloaded from the server is “switch2a.cfg”: awplus# copy tftp flash 152.34.67.8 switch2a.cfg After receiving the entire file, the switch stores it in the file system.
Page 494 Chapter 30: File Transfer To upload a file from the file system of the switch using TFTP: 1. Start a local or remote management session on the switch. 2. Use the DIR command in the Privileged Exec mode to confirm the name of the file you want to upload from the file system in the switch.
Page 495: Uploading Or Downloading Files With Zmodem
AT-9000 Switch Command Line User’s Guide Uploading or Downloading Files with Zmodem “Downloading Files to the Switch with Zmodem” next  “Uploading Files from the Switch with Zmodem” on page 496  Note You may not use Zmodem to download new versions of the management software to the switch.
Page 496: Uploading Files From The Switch With Zmodem
Chapter 30: File Transfer 7. At this point, do one of the following: To configure the switch using the settings in the newly designated  active boot configuration file, reset the switch with the REBOOT command in the Privileged Exec mode. Caution The switch does not forward packets while it is initializing its management software.
Page 497 AT-9000 Switch Command Line User’s Guide After you enter the command, the switch displays this message: Waiting to send ... 4. Use your terminal or terminal emulator program to begin the upload. The upload must be Zmodem. The upload should take only a few moments.
Page 498: Downloading Files With Enhanced Stacking
Chapter 30: File Transfer Downloading Files with Enhanced Stacking If you are using the enhanced stacking feature, you can automate the process of updating the management software in the switches by having the command switch download its management software to the other switches in the stack.
Page 499 AT-9000 Switch Command Line User’s Guide 4. Enter the ID numbers of the switches to receive the management software from the command switch. The ID numbers are the numbers in the Num column in the SHOW ESTACK REMOTELIST command. You can update more than one switch at a time. For example, to update switches 1 and 2 in Figure 93 on page 498, you would enter: Remote switches will reboot after load is complete.
Page 500 Chapter 30: File Transfer...
Page 501: Chapter 31: File Transfer Commands
Chapter 31 File Transfer Commands The file transfer commands are summarized in Table 49 and described in detail within the chapter. Table 49. File Transfer Commands Command Mode Description “COPY FILENAME ZMODEM” on Privileged Exec Uses Zmodem to upload files from the page 502 file system in the switch.
Page 502: Copy Filename Zmodem
Chapter 31: File Transfer Commands COPY FILENAME ZMODEM Syntax: filename copy .cfg zmodem Parameters filename Specifies the filename of a configuration file to upload from the file system in the switch. The filename cannot contain spaces and include the extension “.cfg”. You can specify one filename. Mode Privileged Exec mode Description...
Page 503: Copy Flash Tftp
AT-9000 Switch Command Line User’s Guide COPY FLASH TFTP Syntax ipaddress filename copy flash tftp Parameters ipaddress Specifies the IP address of a TFTP server on your network. filename Specifies the filename of a configuration file to upload from the file system in the switch to a TFTP server.
Page 504: Copy Tftp Flash
Chapter 31: File Transfer Commands COPY TFTP FLASH Syntax ipaddress filename copy tftp flash Parameters ipaddress Specifies the IP address of a TFTP server on your network. filename Specifies the filename of the file on the TFTP server to download to the switch.
Page 505 AT-9000 Switch Command Line User’s Guide Examples This example downloads the new management software file “at9000_app.img” to the switch from a TFTP server that has the IP address 149.22.121.45: awplus> enable awplus# copy tftp flash 149.22.121.45 at9000_app.img This example downloads the boot configuration file “sw12a.cfg” to the switch from a TFTP server with the IP address 112.141.72.11: awplus>...
Page 506: Copy Zmodem
Chapter 31: File Transfer Commands COPY ZMODEM Syntax copy zmodem Parameters None Mode Privileged Exec mode Description Use this command together with a Zmodem utility to download boot configuration files or CA certificates to the file system in the switch. This command must be performed from a local management session.
Page 507: Upload Image Remotelist
AT-9000 Switch Command Line User’s Guide UPLOAD IMAGE REMOTELIST Syntax upload image remotelist Parameters None Mode Global Configuration mode Description Use this command to download the management software on the command switch to other switches in an enhanced stack. For background information on enhanced stacking, refer to Chapter 19, “Enhanced Stacking”...
Page 508 Chapter 31: File Transfer Commands...
Page 509: Section Iv: Event Messages
Section IV Event Messages This section contains the following chapters: Chapter 32, “Event Log” on page 511  Chapter 33, “Event Log Commands” on page 515  Chapter 34, “Syslog Client” on page 529  Chapter 35, “Syslog Client Commands” on page 537 ...
Page 511: Chapter 32: Event Log
Chapter 32 Event Log This chapter covers the following topics: “Overview” on page 512  “Displaying the Event Log” on page 513  “Clearing the Event Log” on page 514 ...
Page 512: Overview
Chapter 32: Event Log Overview A managed switch is a complex piece of computer equipment that includes both hardware and software components. Multiple software features operate simultaneously, inter-operating with each other and processing large amounts of network traffic. It is often difficult to determine exactly what is happening when a switch appears not to be operating normally, or what happened when a problem occurred.
Page 513: Displaying The Event Log
AT-9000 Switch Command Line User’s Guide Displaying the Event Log There are two commands to display the messages stored in the event log. Both display the same messages and both are found in the Privileged Exec mode. The only difference is that one displays the messages from oldest to newest and the other from newest to oldest.
Page 514: Clearing The Event Log
Chapter 32: Event Log Clearing the Event Log To clear all the messages from the event log, use the CLEAR LOG BUFFERED command in the Privileged Exec mode. Here is the command: awplus# clear log buffered...
Page 515: Chapter 33: Event Log Commands
Chapter 33 Event Log Commands The event log commands are summarized in Table 50 and described in detail within this chapter. Table 50. Event Log Commands Command Mode Description “CLEAR LOG BUFFERED” on Privileged Exec Deletes all entries in the event log. page 516 “LOG BUFFERED”...
Page 516: Clear Log Buffered
Chapter 33: Event Log Commands CLEAR LOG BUFFERED Syntax clear log buffered Parameters None. Mode Privileged Exec mode Description Use this command to delete the event messages in the event log. Confirmation Command “NO LOG BUFFERED” on page 519 Example The following command deletes the event messages in the event log: awplus>...
Page 517: Log Buffered
AT-9000 Switch Command Line User’s Guide LOG BUFFERED Syntax level program log buffered level program Parameters level Specifies the minimum severity level of the event messages to be stored in the event log. The log stores the messages of the specified level and all higher levels.
Page 518 Chapter 33: Event Log Commands Confirmation Command “SHOW LOG CONFIG” on page 524 Examples This example configures the log to save event messages that have the severity level 0 or 4: awplus> enable awplus# configure terminal awplus(config)# log buffered level 4 This example configures the event log to save event messages that are generated by IGMP snooping (IGMPSNOOP), LACP (LACP) and port configuration (PCFG):...
Page 519: No Log Buffered
AT-9000 Switch Command Line User’s Guide NO LOG BUFFERED Syntax level program no log buffered [level ]|[program [msgtext msgtext Parameters level Specifies the severity level setting. program Specifies the management software module setting. To specify more than one module, separate the modules with commas. msgtext Specifies a text string setting.
Page 520 Chapter 33: Event Log Commands OUtputID Type Status Details --------------------------------------------------------------------------------------------------------------------------- Temporary Enabled Wrap on Full. Filter: Level 4 program MAC, IP awplus# configure terminal awplus(config)# no log buffered Program mac...
Page 521: Show Log
AT-9000 Switch Command Line User’s Guide SHOW LOG Syntax show log Parameters None Mode Privileged Exec mode Description Use this command to display the messages in the buffered event log. The event messages are displayed from oldest to newest, one screen at a time.
Page 522: Table 53. Management Software Modules
Chapter 33: Event Log Commands Table 52. SHOW LOG Command Parameter Description Severity (continued) Warning: The issue reported by the  message may require manager attention. Debug: Messages intended for  technical support and software development. Program The module listed in Table 53 that generated the event message.
Page 523 AT-9000 Switch Command Line User’s Guide Table 53. Management Software Modules Module Name Description Public Key Infrastructure PMIRR Port mirroring PSEC MAC address-based port security PTRUNK Static port trunking Quality of Service RADIUS RADIUS authentication protocol Real-time clock SNMP SNMP Secure Shell protocol Secure Sockets Layer protocol Spanning Tree and Rapid Spanning protocols...
Page 524: Show Log Config
Chapter 33: Event Log Commands SHOW LOG CONFIG Syntax show log config Parameters None Modes Privileged Exec mode Description Use this command to display the configuration of the event log. awplus# show log config Permanent log: Status ....Enable Filter: Level ....
Page 525 AT-9000 Switch Command Line User’s Guide Table 54. SHOW LOG CONFIG Command Field Description Program The software module messages to be stored in the log. The modules are listed in Table 53 on page 522. The default is all modules. Message Text Text that identifies the messages to be stored in the log.
Page 526: Show Log Reverse
Chapter 33: Event Log Commands SHOW LOG REVERSE Syntax show log reverse Parameters None Mode Privileged Exec mode Description Use this command to display the event messages in the buffered log from newest to oldest. This command and the SHOW LOG command display the same messages, but in different order.
Page 527: Show Log Tail
AT-9000 Switch Command Line User’s Guide SHOW LOG TAIL Syntax number show log tail [ Parameter number Specifies the number of event messages to display. The range is 10 to 250 messages. The default is 10 messages. Mode Privileged Exec mode Description Use this command to display the most recent event messages in the buffered event log.
Page 528 Chapter 33: Event Log Commands...
Page 529: Chapter 34: Syslog Client
Chapter 34 Syslog Client This chapter covers the following topics: “Overview” on page 530  “Creating Syslog Server Definitions” on page 531  “Deleting Syslog Server Definitions” on page 534  “Displaying the Syslog Server Definitions” on page 535 ...
Page 530: Overview
Chapter 34: Syslog Client Overview The switch has a syslog client. The client enables the switch to send its event messages to syslog servers on your network, for permanent storage. To store the switch’s event messages on a syslog server, you have to create a syslog server definition.
Page 531: Creating Syslog Server Definitions
AT-9000 Switch Command Line User’s Guide Creating Syslog Server Definitions To configure the switch to send event messages to a syslog server, create a syslog server definition with the LOG HOST command in the Global Configuration mode. Here is the format of the command: ipaddress level program...
Page 532 Chapter 34: Syslog Client Table 56. Program Abbreviations Abbreviation Program ENCO Encryption keys ESTACK Enhanced stacking EVTLOG Event log FILE File system GARP GARP GVRP HTTP Web server IGMPSNOOP IGMP snooping System IP configuration LACP Link Aggregation Control Protocol LLDP LLDP and LLDP-MED MAC address table PACCESS...
Page 533 AT-9000 Switch Command Line User’s Guide Table 56. Program Abbreviations Abbreviation Program TACACS TACACS+ authentication protocol TELNET Telnet TFTP TFTP TIME System time and SNTP VLAN Port-based and tagged VLANs, and multiple VLAN modes WATCHDOG Watchdog timer This example of the command creates a new syslog definition for a syslog server that has the IP address 149.24.111.23.
Page 534: Deleting Syslog Server Definitions
Chapter 34: Syslog Client Deleting Syslog Server Definitions To delete syslog server definitions from the switch, use the NO LOG HOST command in the Global Configuration mode. The format of the command is: ipaddress no log host To view the IP addresses of the syslog servers of the definitions, use the SHOW LOG CONFIG command.
Page 535: Displaying The Syslog Server Definitions
AT-9000 Switch Command Line User’s Guide Displaying the Syslog Server Definitions To view the IP addresses of the syslog servers use the SHOW LOG CONFIG command in the Privileged Exec mode: awplus# show log config Here is an example of the information. Permanent log: Status ....
Page 536 Chapter 34: Syslog Client...
Page 537: Chapter 35: Syslog Client Commands
Chapter 35 Syslog Client Commands The syslog client commands are summarized in Table 57 and described in detail within the chapter. Table 57. Syslog Client Commands Command Mode Description “LOG HOST” on page 538 Global Creates syslog server definitions. Configuration “NO LOG HOST”...
Page 538: Log Host
Chapter 35: Syslog Client Commands LOG HOST Syntax ipaddress level program log host [level ] [program Parameters ipaddress Specifies the IP address of a syslog server. You can specify one address. level Specifies the minimum severity level of the messages to be sent to the designated syslog server.
Page 539 AT-9000 Switch Command Line User’s Guide This example creates a new syslog definition for a syslog server that has the IP address 149.152.122.143. The definition sends only those messages that have a minimum severity level of 4 and that are generated by the RADIUS client (RADIUS) and static port trunks (PTRUNK): awplus>...
Page 540: No Log Host
Chapter 35: Syslog Client Commands NO LOG HOST Syntax ipaddress no log host Parameters ipaddress Specifies an IP address of a syslog server. Mode Global Configuration mode Description Use this command to delete syslog server definitions from the switch. Confirmation Command “SHOW LOG CONFIG”...
Page 541: Show Log Config
AT-9000 Switch Command Line User’s Guide SHOW LOG CONFIG Syntax show log config Parameters None Modes Privileged Exec mode Description Use this command to display the syslog server definitions on the switch. Here is an example of the information. Figure 98 is an example of the information displayed. Permanent log: Status ....
Page 542 Chapter 35: Syslog Client Commands Example This example displays the configurations of the syslog server entries: awplus# show log config...
Page 543: Section V: Port Trunks
Section V Port Trunks This section contains the following chapters: Chapter 36, “Static Port Trunks” on page 545  Chapter 37, “Static Port Trunk Commands” on page 555  Chapter 38, “Link Aggregation Control Protocol (LACP)” on page 563  Chapter 39, “LACP Commands”...
Page 545: Chapter 36: Static Port Trunks
Chapter 36 Static Port Trunks This chapter covers the following topics: “Overview” on page 546  “Creating New Static Port Trunks or Adding Ports To Existing Trunks”  on page 550 “Specifying the Load Distribution Method” on page 551  “Removing Ports from Static Port Trunks or Deleting Trunks”...
Page 546: Overview
Chapter 36: Static Port Trunks Overview Static port trunks are groups of two to eight ports that act as single virtual links between the switch and other network devices. Static port trunks are commonly used to improve network performance by increasing the available bandwidth between the switch and other network devices and to enhance the reliability of the connections between network devices.
Page 547 AT-9000 Switch Command Line User’s Guide Source MAC Address / Destination MAC Address (Layer 2)  Source IP Address (Layer 3)  Destination IP Address (Layer 3)  Source IP Address / Destination IP Address (Layer 3)  The load distribution methods examine the last three bits of a packet’s MAC or IP address and compare the bits against mappings assigned to the ports in the trunk.
Page 548: Guidelines
Chapter 36: Static Port Trunks For example, assume you selected source and destination MAC addresses for the load distribution method in our previous example, and that a packet for transmission over the trunk had a source MAC address that ended in 9 and a destination address that ended in 3. The binary values are: 9 = 1001 3 = 0011...
Page 549 For this reason, Allied Telesis recommends using this feature only between Allied Telesis network devices.
Page 550: Creating New Static Port Trunks Or Adding Ports To Existing Trunks
Chapter 36: Static Port Trunks Creating New Static Port Trunks or Adding Ports To Existing Trunks The command to create new static port trunks or to add ports to existing trunks is the STATIC-CHANNEL-GROUP command. Here is the format of the command: id_number static-channel-group...
Page 551: Specifying The Load Distribution Method
AT-9000 Switch Command Line User’s Guide Specifying the Load Distribution Method The load distribution method defines how the switch distributes the traffic among the ports of a trunk. The command for this is the PORT-CHANNEL LOAD-BALANCE command, in the Static Port Trunk Interface mode. The command’s format is shown here: port-channel load-balance dst-ip|dst-mac|src-dst-ip| src-dst-mac|src-ip|src-mac...
Page 552: Removing Ports From Static Port Trunks Or Deleting Trunks
Chapter 36: Static Port Trunks Removing Ports from Static Port Trunks or Deleting Trunks To remove ports from a static port trunk, enter the Port Interface mode of the ports to be removed and issue the NO STATIC-CHANNEL-GROUP command. This example removes ports 4 and 5 from their current static port trunk assignment: awplus>...
Page 553: Displaying Static Port Trunks
AT-9000 Switch Command Line User’s Guide Displaying Static Port Trunks To display the member ports of static port trunks, use the SHOW STATIC- CHANNEL-GROUP command in the User Exec mode or Privileged Exec mode: awplus# show static-channel-group Here is an example of the information. % Static Aggregator: sa1 % Member: port1.0.5...
Page 554 Chapter 36: Static Port Trunks...
Page 555: Chapter 37: Static Port Trunk Commands
Chapter 37 Static Port Trunk Commands The static port trunk commands are summarized in Table 58 and described in detail within the chapter. Table 58. Static Port Trunk Commands Command Mode Description “NO STATIC-CHANNEL-GROUP” on Port Interface Removes ports from existing static page 556 port trunks and deletes trunks from the switch.
Page 556: No Static-Channel-Group
Chapter 37: Static Port Trunk Commands NO STATIC-CHANNEL-GROUP Syntax no static-channel-group Parameters None Mode Port Interface mode Description Use this command to remove ports from static port trunks and to delete trunks. To delete a trunk, remove all its ports. Caution To prevent the formation of loops in your network topology, do not remove ports from a static port trunk without first disconnecting their...
Page 557: Port-Channel Load-Balance
AT-9000 Switch Command Line User’s Guide PORT-CHANNEL LOAD-BALANCE Syntax port-channel load-balance src-mac|dst-mac|src-dst-mac|src- ip|dst-ip|src-dst-ip Parameters src-mac Specifies source MAC address as the load distribution method. dst-mac Specifies destination MAC address. src-dst-mac Specifies source address/destination MAC address. src-ip Specifies source IP address. dst-ip Specifies destination IP address.
Page 558: Table 58. Static Port Trunk Commands
Chapter 37: Static Port Trunk Commands Example This example sets the load distribution method to destination MAC address for a trunk with an ID number 4: awplus> enable awplus# configure terminal awplus(config)# interface sa4 awplus(config-if)# port-channel load-balance dst-mac...
Page 559: Show Static-Channel-Group
AT-9000 Switch Command Line User’s Guide SHOW STATIC-CHANNEL-GROUP Syntax show static-channel-group Parameters None Modes User Exec mode and Privileged Exec mode Description Use this command to display the member ports of static port trunks on the switch. An example of the command is shown in Figure 101. % Static Aggregator: sa1 % Member: port1.0.5...
Page 560: Static-Channel-Group
Chapter 37: Static Port Trunk Commands STATIC-CHANNEL-GROUP Syntax id_number static-channel-group Parameters id_number Specifies an ID number of a static port trunk. The range is 1 to 32. You can specify just one ID number. Mode Port Interface mode Description Use this command to create new static port trunks and to add ports to existing trunks.
Page 561 To remove ports from static port trunks, see “NO STATIC-CHANNEL- GROUP” on page 556. Allied Telesis does not recommend using twisted pair ports 25R to  28R on the AT-9000/28 and AT-9000/28SP Managed Layer 2 ecoSwitches in static port trunks.
Page 562 Chapter 37: Static Port Trunk Commands...
Page 563: Chapter 38: Link Aggregation Control Protocol (Lacp)
Chapter 38 Link Aggregation Control Protocol (LACP) This chapter covers the following topics: “Overview” on page 564  “Creating New Aggregators” on page 567  “Setting the Load Distribution Method” on page 568  “Adding Ports to Aggregators” on page 569 ...
Page 564: Overview
Chapter 38: Link Aggregation Control Protocol (LACP) Overview The Link Aggregation Control Protocol (LACP) is used to increase the bandwidth between the switch and other LACP-compatible devices by grouping ports together to form single virtual links. LACP trunks are similar in function to static port trunks, but they are more flexible.
Page 565: Base Port
AT-9000 Switch Command Line User’s Guide Base Port The lowest numbered port in an aggregator is referred to as the base port. You cannot change the base port of an aggregator. You can neither delete it from an aggregator nor add any ports that are below it. For example, if an aggregator consists of ports 5 to 12, you cannot delete port 5 because it is the base port, and you are not allowed to add ports 1 to 4 to the aggregator.
Page 566 The port with the highest priority in an aggregate trunk carries  broadcast packets and packets with an unknown destination. Prior to creating an aggregate trunk between an Allied Telesis  device and another vendor’s device, refer to the vendor’s documentation to determine the maximum number of active ports the device supports.
Page 567: Creating New Aggregators
AT-9000 Switch Command Line User’s Guide Creating New Aggregators To create a new aggregator, move to the Port Interface mode of the aggregator’s member ports and issue the CHANNEL-GROUP command, which has this format: id_number channel-group The ID_NUMBER parameter has a range of 1 to 32. Each aggregator must be assigned a unique ID number.
Page 568: Setting The Load Distribution Method
Chapter 38: Link Aggregation Control Protocol (LACP) Setting the Load Distribution Method The load distribution method determines the manner in which the switch distributes the egress packets among the active ports of an aggregator. The packets can be distributed by source MAC or IP address, destination MAC or IP address, or by both source and destination addresses.
Page 569: Adding Ports To Aggregators
AT-9000 Switch Command Line User’s Guide Adding Ports to Aggregators The command to add ports to existing aggregators is the same command to create new aggregators, the CHANNEL-GROUP command in the Port Interface mode. To use the command, move to the Port Interface mode of the ports you want to add to an aggregator and issue the command.
Page 570: Removing Ports From Aggregators
Chapter 38: Link Aggregation Control Protocol (LACP) Removing Ports from Aggregators To remove ports from an aggregator, use the NO CHANNEL-GROUP command, in the Port Interface mode. Move to the Port Interface mode for those ports you want to remove from an aggregator and enter the command.
Page 571: Deleting Aggregators
AT-9000 Switch Command Line User’s Guide Deleting Aggregators To delete an aggregator, remove all its ports with the NO CHANNEL- GROUP command, in the Port Interface mode. Caution Do not delete an aggregator without first disconnecting the network cables from its ports. Leaving the network cables connected may result in a network loop, which can cause a broadcast storm.
Page 572: Displaying Aggregators
Chapter 38: Link Aggregation Control Protocol (LACP) Displaying Aggregators There are five SHOW commands for LACP. Two of them are mentioned here. For descriptions of all the commands, refer to Chapter 39, “LACP Commands” on page 575. The first command is the SHOW ETHERCHANNEL DETAIL command in the Privileged Exec mode.
Page 573: Figure 103: Show Lacp Sys-Id Command
AT-9000 Switch Command Line User’s Guide Here is an example of the information. System Priority: 0x0080 (32768) Mac Address: EC-CD-6D-1E-52-28 Figure 103. SHOW LACP SYS-ID Command It should be mentioned that while the system priority value is set as an integer with the LACP SYSTEM-PRIORITY command, this command displays it in hexadecimal format.
Page 574 Chapter 38: Link Aggregation Control Protocol (LACP)
Page 575: Chapter 39: Lacp Commands
Chapter 39 LACP Commands The LACP port trunk commands are summarized in Table 59 and described in detail within the chapter. Table 59. LACP Port Trunk Commands Command Mode Description “CHANNEL-GROUP” on page 576 Port Interface Creates new aggregators and adds ports to existing aggregators.
Page 576: Channel-Group
Chapter 39: LACP Commands CHANNEL-GROUP Syntax id_number channel-group Parameters id_number Specifies the ID number of a new or an existing aggregator. The range is 1 to 32. Mode Port Interface mode Description Use this command to create new aggregators or to add ports to existing aggregators.
Page 577 AT-9000 Switch Command Line User’s Guide Examples These commands create a new aggregator consisting of ports 11 to 16. The ID number of the aggregator is 2. awplus> enable awplus# configure terminal awplus(config)# interface port1.0.11-port1.0.16 awplus(config-if)# channel-group 2 This example adds port 15 to an existing aggregator that has the ID number 4: awplus>...
Page 578: Lacp System-Priority
Chapter 39: LACP Commands LACP SYSTEM-PRIORITY Syntax priority lacp system-priority Parameters priority Specifies the LACP system priority value for the switch. The range is 1 to 65535. Mode Global Configuration mode Description Use this command to set the LACP priority of the switch. The switch uses the LACP priority to resolve conflicts with other network devices when it creates aggregate trunks.
Page 579: No Channel-Group
AT-9000 Switch Command Line User’s Guide NO CHANNEL-GROUP Syntax no channel-group Parameters None Mode Port Interface mode Description Use this command to remove ports from aggregators and to delete aggregators. To delete an aggregator, remove all its ports. You cannot remove the base port of the aggregator. Changing the base port requires deleting and recreating the aggregator.
Page 580: Port-Channel Load-Balance
Chapter 39: LACP Commands PORT-CHANNEL LOAD-BALANCE Syntax src-mac|dst-mac|src-dst-mac| port-channel load-balance src-ip|dst-ip|src-dst-ip Parameters src-mac Specifies source MAC address as the load distribution method. dst-mac Specifies destination MAC address. src-dst-mac Specifies source address/destination MAC address. src-ip Specifies source IP address. dst-ip Specifies destination IP address. src-dst-ip Specifies source address/destination IP address.
Page 581 AT-9000 Switch Command Line User’s Guide Confirmation Command “SHOW ETHERCHANNEL DETAIL” on page 583 Example This example sets the load distribution method to source MAC address for the LACP trunk that has the ID number 22: awplus> enable awplus# configure terminal awplus(config)# interface po22 awplus(config-if)# port-channel load-balance src-mac...
Page 582: Show Etherchannel
Chapter 39: LACP Commands SHOW ETHERCHANNEL Syntax id_number show etherchannel Parameters id_number Specifies the ID number of the aggregator. Mode Privileged Exec mode Description Use this command to display the ports of specific aggregators on the switch. Figure 104 illustrates the information. Aggregator #2 ..
Page 583: Show Etherchannel Detail
AT-9000 Switch Command Line User’s Guide SHOW ETHERCHANNEL DETAIL Syntax show etherchannel detail Parameters None Mode Privileged Exec mode Description Use this command to display detailed information about the aggregators on the switch. Figure 105 illustrates the information. Aggregator # 1 ..po1 Mac address: (00-15-77-d8-43-60,0000) Admin Key: 0xff01 - Oper Key: 0x0101 Receive link count: 4 - Transmit link count: 4...
Page 584 Chapter 39: LACP Commands Example This example displays detailed information about aggregators: awplus# show etherchannel detail...
Page 585: Show Etherchannel Summary
AT-9000 Switch Command Line User’s Guide SHOW ETHERCHANNEL SUMMARY Syntax show etherchannel summary Parameters None Mode Privileged Exec mode Description Use this command to display the states of the member ports of the aggregators. Figure 106 illustrates the information. Aggregator #2 ..po2 Admin Key: 0xff01 - Oper Key: 0x0101 Link: Port1.0.2 sync...
Page 586: Show Lacp Sys-Id
Chapter 39: LACP Commands SHOW LACP SYS-ID Syntax show lacp sys-id Parameters None Mode Privileged Exec mode Description Use this command to display the LACP priority value and MAC address of the switch. Figure 107 provides an example of the display. System Priority: 0x0080 (32768) Mac Address: EC-CD-6D-1E-52-28 Figure 107.
Page 587: Show Port Etherchannel
AT-9000 Switch Command Line User’s Guide SHOW PORT ETHERCHANNEL Syntax show port etherchannel [interface port] Parameters port Specifies the port of an aggregator. You can display more than one port at a time. Mode Privileged Exec mode Description Use this command to display the LACP port information. Figure 108 illustrates the information.
Page 588 Chapter 39: LACP Commands...
Page 589: Section Vi: Spanning Tree Protocols
Section VI Spanning Tree Protocols This section contains the following chapters: Chapter 40, “STP, RSTP and MSTP Protocols” on page 591  Chapter 41, “Spanning Tree Protocol (STP) Procedures” on page 611  Chapter 42, “STP Commands” on page 619 ...
Page 591: Chapter 40: Stp, Rstp And Mstp Protocols
Chapter 40 STP, RSTP and MSTP Protocols This chapter covers the following topics: “Overview” on page 592  “Bridge Priority and the Root Bridge” on page 593  “Path Costs and Port Costs” on page 594  “Port Priority” on page 595 ...
Page 592: Overview
Chapter 40: STP, RSTP and MSTP Protocols Overview The Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP) guard against the formation of loops in an Ethernet network topology. A topology has a loop when two or more nodes can transmit packets to each other over more than one data path.
Page 593: Bridge Priority And The Root Bridge
AT-9000 Switch Command Line User’s Guide Bridge Priority and the Root Bridge The first task that bridges perform when a spanning tree protocol is activated on a network is the selection of a root bridge. A root bridge distributes network topology information to the other network bridges and is used by the other bridges to determine if there are redundant paths in the network.
Page 594: Path Costs And Port Costs
Chapter 40: STP, RSTP and MSTP Protocols Path Costs and Port Costs After the root bridge has been selected, the bridges determine if the network contains redundant paths and, if one is found, select a preferred path while placing the redundant paths in a backup or blocking state. A bridge that has only one path between itself and the root bridge is referred to as the designated bridge.
Page 595: Port Priority
AT-9000 Switch Command Line User’s Guide Port Priority If two paths have the same port cost, the bridges must select a preferred path. In some instances this can involve the use of the port priority parameter. This parameter is used as a tie breaker when two paths have the same cost.
Page 596: Forwarding Delay And Topology Changes
Chapter 40: STP, RSTP and MSTP Protocols Forwarding Delay and Topology Changes If there is a change in the network topology due to a failure, removal, or addition of any active components, the active topology also changes. This may trigger a change in the state of some blocked ports. However, a change in a port state is not activated immediately.
Page 597: Hello Time And Bridge Protocol Data Units (Bpdu)
AT-9000 Switch Command Line User’s Guide Hello Time and Bridge Protocol Data Units (BPDU) The bridges that are part of a spanning tree domain communicate with each other using a bridge broadcast frame that contains a special section devoted to carrying STP or RSTP information. This portion of the frame is referred to as the bridge protocol data unit (BPDU).
Page 598: Point-To-Point And Edge Ports
Chapter 40: STP, RSTP and MSTP Protocols Point-to-Point and Edge Ports Part of the task of configuring RSTP or MSTP is defining the port types on the switch. This relates to the devices connected to the ports. With the port types defined, RSTP or MSTP can reconfigure a network much quicker than STP when a change in network topology is detected.
Page 599: Figure 110: Edge Port
AT-9000 Switch Command Line User’s Guide Edge Port Figure 110. Edge Port A port can be both a point-to-point and an edge port at the same time. It operates in full-duplex and has no spanning tree devices connected to it. Figure 111 illustrates a port functioning as both a point-to-point and edge port.
Page 600: Mixed Stp And Rstp Networks
Chapter 40: STP, RSTP and MSTP Protocols Mixed STP and RSTP Networks RSTP IEEE 802.1w is fully compliant with STP IEEE 802.1d. A network can have both protocols. If both RSTP and STP are present in a network, they operate together to create a single spanning tree domain. Given this, if you decide to activate spanning tree on the switch, there is no reason not to use RSTP, even if the other switches are running STP.
Page 601: Spanning Tree And Vlans
AT-9000 Switch Command Line User’s Guide Spanning Tree and VLANs STP and RSTP support a single-instance spanning tree that encompasses all the ports on the switch. If the ports are divided into different VLANs, the spanning tree protocol crosses the VLAN boundaries. This point can pose a problem in networks that contain multiple VLANs that span different switches and that are connected with untagged ports.
Page 602: Rstp And Mstp Bpdu Guard
Chapter 40: STP, RSTP and MSTP Protocols RSTP and MSTP BPDU Guard This feature monitors the RSTP or MSTP edge ports on the switch for BPDU packets. Edge ports that receive BPDU packets are disabled by the switch. The benefit of this feature is that it prevents the use of edge ports by RSTP or MSTP devices.
Page 603 AT-9000 Switch Command Line User’s Guide Here are the guidelines to this feature: BPDU guard is configured for each port and has only two possible  settings: enabled or disabled. The default setting is disabled. This feature is supported on the base ports of the switch and any ...
Page 604: Stp, Rstp, Mstp Loop Guard
Chapter 40: STP, RSTP and MSTP Protocols STP, RSTP, MSTP Loop Guard Although spanning tree is designed to detect and prevent the formation of loops in a network topology, it is possible in certain circumstances for the protocol to inadvertently create loops. This can happen in the unlikely situation where a link between two spanning tree devices remains active when there is an cessation of BPDUs because of a hardware or software problem.
Page 605: Figure 113: Loop Guard Example 1
AT-9000 Switch Command Line User’s Guide If you configured the SNMP community strings on the switch, an SNMP trap is sent to your management workstations to notify you of the event. However, this event does not generate an entry in the switch’s log. This feature is supported on the base ports of the switch as well as on any fiber optic transceivers installed in the unit.
Page 606: Figure 114: Loop Guard Example 2
Chapter 40: STP, RSTP and MSTP Protocols Switch 2 Port 17 Switch 1 Stops transmitting BDPUs Root bridge Port 14 Transitions to the forwarding state from the blocking state Switch 3 Figure 114. Loop Guard Example 2 But if loop guard is enabled on port 14 on switch 3, the port, instead of changing to the forwarding state, stays in the blocking state, preventing the formation of the loop.
Page 607: Figure 116: Loop Guard Example 4
AT-9000 Switch Command Line User’s Guide In the first example, the root bridge stops transmitting BPDUs. If switch 3 is not using loop guard, it continues to forward traffic on port 4. But since no BPDUs are received on the port, it assumes that the device connected to the port is not an RSTP device.
Page 608: Figure 117: Loop Guard Example 5
Chapter 40: STP, RSTP and MSTP Protocols Switch 2 New root bridge Switch 1 Old root bridge RSTP stops operating Port 14 Transitions from the blocking state to the forwarding state Port 4 Loop guard changes the port to the blocking state from the forwarding state Switch 3 Figure 117.
Page 609: Stp And Rstp Root Guard
AT-9000 Switch Command Line User’s Guide STP and RSTP Root Guard The Root Guard feature enforces the root bridge placement in a network. It ensures the port that you have configured with the Root Guard feature is a designated port. Normally, root bridge ports are all designated ports, unless two or more ports of the root bridge are connected.
Page 610 Chapter 40: STP, RSTP and MSTP Protocols...
Page 611: Chapter 41: Spanning Tree Protocol (Stp) Procedures
Chapter 41 Spanning Tree Protocol (STP) Procedures This chapter provides the following procedures: “Designating STP as the Active Spanning Tree Protocol” on page 612  “Enabling the Spanning Tree Protocol” on page 613  “Setting the Switch Parameters” on page 614 ...
Page 612: Designating Stp As The Active Spanning Tree Protocol
Chapter 41: Spanning Tree Protocol (STP) Procedures Designating STP as the Active Spanning Tree Protocol Before you can configure the STP parameters or enable the protocol on the switch, you have to designate STP as the active spanning tree protocol. The switch supports other spanning tree protocols in addition to STP, but only one of them can be active at a time on the device.
Page 613: Enabling The Spanning Tree Protocol
AT-9000 Switch Command Line User’s Guide Enabling the Spanning Tree Protocol To enable STP on the switch, use the SPANNING-TREE STP ENABLE command in the Global Configuration mode. Here is the command: awplus> enable awplus# configure terminal awplus(config)# spanning-tree stp enable The switch immediately begins to send BPDUs from its ports to participate in the spanning tree domain.
Page 614: Setting The Switch Parameters
Chapter 41: Spanning Tree Protocol (STP) Procedures Setting the Switch Parameters This table lists the STP functions that are controlled at the switch level. These commands are located in the Global Configuration mode and apply to the entire switch. Table 60. STP Switch Parameter Commands Use This Command Range Specify how long the ports remain in...
Page 615 AT-9000 Switch Command Line User’s Guide This example of the command sets the switch’s priority value to 8,192: awplus> enable awplus# configure terminal awplus(config)# spanning-tree priority 8192...
Page 616: Setting The Port Parameters
Chapter 41: Spanning Tree Protocol (STP) Procedures Setting the Port Parameters This table lists the STP functions that are controlled at the port level. You set these parameters in the Port Interface mode of the individual ports. Table 61. STP Port Parameter Commands Use This Command Range Specify the cost of a port to the root...
Page 617: Disabling The Spanning Tree Protocol
AT-9000 Switch Command Line User’s Guide Disabling the Spanning Tree Protocol To disable STP on the switch, use the NO SPANNING-TREE STP ENABLE command in the Global Configuration mode. Here is the command: awplus> enable awplus# configure terminal awplus(config)# no spanning-tree stp enable Note Before disabling the spanning tree protocol on the switch, display the STP states of the ports and disconnect the network cables from...
Page 618: Displaying Stp Settings
Chapter 41: Spanning Tree Protocol (STP) Procedures Displaying STP Settings To view the STP settings on the switch, use the SHOW SPANNING-TREE in the Privileged Exec mode. The command has this format: show spanning-tree [interface port Use the INTERFACE parameter to view the settings of the specified ports. Otherwise, omit the parameter to view all the ports.
Page 619: Chapter 42: Stp Commands
Chapter 42 STP Commands The STP commands are summarized in Table 62 and described in detail within the chapter. Table 62. Spanning Tree Protocol Commands Command Mode Description “NO SPANNING-TREE STP Global Disables STP on the switch. ENABLE” on page 621 Configuration “SHOW SPANNING-TREE”...
Page 620 Chapter 42: STP Commands Table 62. Spanning Tree Protocol Commands (Continued) Command Mode Description “SPANNING-TREE PORTFAST Port Interface Enables the BPDU guard feature on a BPDU-GUARD” on page 631 port so that the switch monitors edge ports and disables them if they receive BPDUs.
Page 621: No Spanning-Tree Stp Enable
AT-9000 Switch Command Line User’s Guide NO SPANNING-TREE STP ENABLE Syntax no spanning-tree stp enable Parameters None Mode Global Configuration mode Description Use this command to disable STP on the switch. To view the current status of STP, refer to “SHOW SPANNING-TREE” on page 622. The default setting is disabled.
Page 622: Show Spanning-Tree
Chapter 42: STP Commands SHOW SPANNING-TREE Syntax port show spanning-tree [interface Parameters port Specifies a port. You can specify more than one port at a time in the command. The switch displays the STP settings for all the ports if you omit this parameter. Modes Privileged Exec mode Description...
Page 623 AT-9000 Switch Command Line User’s Guide Examples This command displays the STP settings for all the ports: awplus# show spanning-tree This command displays the STP settings for ports 1 and 4: awplus# show spanning-tree interface port1.0.1,port1.0.4...
Page 624: Spanning-Tree Forward-Time
Chapter 42: STP Commands SPANNING-TREE FORWARD-TIME Syntax forwardtime spanning-tree forward-time Parameters forwardtime Specifies the forward time. The range is 4 to 30 seconds. The default is 15 seconds. Mode Global Configuration mode Description Use this command to set the forward time parameter on the switch. This parameter specifies how long the ports remain in the listening and learning states before they transition to the forwarding state.
Page 625: Spanning-Tree Guard Root
AT-9000 Switch Command Line User’s Guide SPANNING-TREE GUARD ROOT Syntax spanning-tree guard root Parameters None Mode Port Interface mode Description Use this command to enable the Root Guard feature on the specified port. The Root Guard feature ensures that the port on which it is enabled is a designated port.
Page 626: Spanning-Tree Hello-Time
Chapter 42: STP Commands SPANNING-TREE HELLO-TIME Syntax hellotime spanning-tree hello-time Parameters hellotime Specifies the hello time. The range is 1 to 10 seconds. The default is 2 seconds. Mode Global Configuration mode Description Use this command to set the hello time parameter on the switch. This parameter controls how frequently the switch sends spanning tree configuration information when it is the root bridge or is trying to become the root bridge.
Page 627: Spanning-Tree Max-Age
AT-9000 Switch Command Line User’s Guide SPANNING-TREE MAX-AGE Syntax maxage spanning-tree max-age Parameters maxage Specifies the max-age parameter. The range is 6 to 40 seconds. The default is 20 seconds. Mode Global Configuration mode Description Use this command to set the maximum age parameter. This parameter determines how long bridge protocol data units (BPDUs) are stored by the switch before they are deleted.
Page 628: Spanning-Tree Mode Stp
Chapter 42: STP Commands SPANNING-TREE MODE STP Syntax spanning-tree mode stp Parameters None Mode Global Configuration mode Description Use this command to designate STP as the active spanning tree protocol on the switch. You must select STP as the active spanning tree protocol before you can enable it or configure its parameters.
Page 629: Spanning-Tree Path-Cost
AT-9000 Switch Command Line User’s Guide SPANNING-TREE PATH-COST Syntax path-cost spanning-tree path-cost Parameters path-cost Specifies the cost of a port to the root bridge. The range is 1 to 200000000. Mode Port Interface mode Description Use this command to specify the cost of a port to the root bridge. This cost is combined with the costs of the other ports in the path to the root bridge, to determine the total path cost.
Page 630: Spanning-Tree Portfast
Chapter 42: STP Commands SPANNING-TREE PORTFAST Syntax spanning-tree portfast Parameters None Mode Port Interface mode Description Use this command to designate an edge port on the switch. Edge ports are not connected to spanning tree devices or to LANs that have spanning tree devices.
Page 631: Spanning-Tree Portfast Bpdu-Guard
AT-9000 Switch Command Line User’s Guide SPANNING-TREE PORTFAST BPDU-GUARD Syntax spanning-tree portfast bpdu-guard Parameters None Mode Port Interface mode Description Use this command to enable the BPDU guard feature so that the switch monitors edge ports and disables them if they receive BPDU packets. To disable an edge port that was disabled by the BPDU guard feature, use the NO SPANNING-TREE PORTFAST BPDU-GUARD command.
Page 632: Spanning-Tree Priority (Bridge Priority)
Chapter 42: STP Commands SPANNING-TREE PRIORITY (Bridge Priority) Syntax priority spanning-tree priority Parameters priority Specifies a priority number for the switch. Mode Global Configuration mode Description Use this command to assign the switch a priority number. The device that has the lowest priority number in the spanning tree domain becomes the root bridge.
Page 633: Spanning-Tree Priority (Port Priority)
AT-9000 Switch Command Line User’s Guide SPANNING-TREE Priority (Port Priority) Syntax priority spanning-tree priority Parameters priority Specifies the priority value for a port. The range is 0 to 240, in increments of 16. Mode Port Interface mode Description Use this command to set the priority value of a port. This parameter is used as a tie breaker when two or more ports have equal costs to the root bridge.
Page 634: Spanning-Tree Stp Enable
Chapter 42: STP Commands SPANNING-TREE STP ENABLE Syntax spanning-tree stp enable Parameters None Mode Global Configuration mode Description Use this command to enable STP on the switch. You must designate STP as the active spanning tree protocol on the switch before you can enable it or configure its parameters.
Page 635: Chapter 43: Rapid Spanning Tree Protocol (Rstp) Procedures
Chapter 43 Rapid Spanning Tree Protocol (RSTP) Procedures This chapter provides the following procedures: “Designating RSTP as the Active Spanning Tree Protocol” on page 636  “Enabling the Rapid Spanning Tree Protocol” on page 637  “Configuring the Switch Parameters” on page 638 ...
Page 636: Designating Rstp As The Active Spanning Tree Protocol
Chapter 43: Rapid Spanning Tree Protocol (RSTP) Procedures Designating RSTP as the Active Spanning Tree Protocol The first step to using RSTP on the switch is to designate it as the active spanning tree protocol. This is accomplished with the SPANNING-TREE MODE RSTP command in the Global Configuration mode.
Page 637: Enabling The Rapid Spanning Tree Protocol
AT-9000 Switch Command Line User’s Guide Enabling the Rapid Spanning Tree Protocol To enable RSTP on the switch, use the SPANNING-TREE RSTP ENABLE command in the Global Configuration mode. Here is the command: awplus> enable awplus# configure terminal awplus(config)# spanning-tree rstp enable After you enter the command, the switch immediately begins to participate in the spanning tree domain.
Page 638: Configuring The Switch Parameters
Chapter 43: Rapid Spanning Tree Protocol (RSTP) Procedures Configuring the Switch Parameters This table lists the RSTP parameters that are set in the Global Configuration mode and apply to all the ports on the switch. Table 63. RSTP Switch Parameters Use This Command Range Specify how long the ports remain in...
Page 639: Setting The Bridge Priority
AT-9000 Switch Command Line User’s Guide This example increases the forward time to 25 seconds and the hello time to 8 seconds. The forward time controls the amount of time the ports remain in the listening and learning states, and the hello time controls how frequently the switch sends spanning tree configuration information: awplus>...
Page 640 Chapter 43: Rapid Spanning Tree Protocol (RSTP) Procedures To disable the BPDU guard feature on the switch, use the NO SPANNING-TREE BPDU-GUARD command in the Global Configuration mode. Here is the command: awplus> enable awplus# configure terminal awplus(config)# no spanning-tree portfast bpdu-guard...
Page 641: Configuring The Port Parameters
AT-9000 Switch Command Line User’s Guide Configuring the Port Parameters This table lists the RSTP port parameters. These parameters are set on the individual ports in the Port Interface mode. Table 64. RSTP Port Parameters Use This Command Range Specify port costs. SPANNING-TREE PATH-COST path- 1 to 200000000 cost...
Page 642: Configuring Port Priorities
Chapter 43: Rapid Spanning Tree Protocol (RSTP) Procedures Configuring Port If RSTP discovers a loop in the topology, but the two paths that constitute the loop have the same path cost, the spanning tree protocol uses port Priorities priorities to determine which path to make active and which to place in the blocking state.
Page 643: Enabling Or Disabling Rstp Loop-Guard
AT-9000 Switch Command Line User’s Guide This example uses the NO SPANNING-TREE command to remove port 21 as an edge port: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.21 awplus(config-if)# no spanning-tree portfast Enabling or The RSTP loop guard feature disables ports if they stop receiving spanning tree BPDUs from their link partners when there is no change to Disabling RSTP the link state.
Page 644 Chapter 43: Rapid Spanning Tree Protocol (RSTP) Procedures Edge ports that are disabled by the feature remain disabled until you manually enable them again with the NO SHUTDOWN command. As an alternative, you can activate the BPDU guard timer so that the switch automatically reactivates disabled ports after the specified period of time.
Page 645: Disabling The Rapid Spanning Tree Protocol
AT-9000 Switch Command Line User’s Guide Disabling the Rapid Spanning Tree Protocol To disable RSTP on the switch, use the NO SPANNING-TREE RSTP ENABLE command in the Global Configuration mode. Here is the command: awplus> enable awplus# configure terminal awplus(config)# no spanning-tree rstp enable To view the current status of RSTP, refer to “Displaying RSTP Settings”...
Page 646: Displaying Rstp Settings
Chapter 43: Rapid Spanning Tree Protocol (RSTP) Procedures Displaying RSTP Settings To view the RSTP settings on the switch, use the SHOW SPANNING- TREE in the Privileged Exec mode. The command has this format: show spanning-tree [interface port Use the INTERFACE parameter to view the settings of the specified ports. Otherwise, omit the parameter to view all the ports.
Page 647: Chapter 44: Rstp Commands
Chapter 44 RSTP Commands The RSTP commands are summarized in Table 65 and described in detail within the chapter. Table 65. Rapid Spanning Tree Protocol Commands Command Mode Description “NO SPANNING-TREE PORTFAST” Port Interface Removes ports as edge ports on the on page 649 switch.
Page 648 Chapter 44: RSTP Commands Table 65. Rapid Spanning Tree Protocol Commands (Continued) Command Mode Description “SPANNING-TREE LINK-TYPE” on Port Interface Designates point-to-point ports and page 661 shared ports. “SPANNING-TREE LOOP-GUARD” Port Interface Enables the BPDU loop-guard feature on page 662 on the ports.
Page 649: No Spanning-Tree Portfast
AT-9000 Switch Command Line User’s Guide NO SPANNING-TREE PORTFAST Syntax no spanning-tree portfast Parameters None Mode Port Interface mode Description Use this command to remove ports as edge ports on the switch. Confirmation Command “SHOW RUNNING-CONFIG” on page 158 Example This example removes port 21 as an edge port: awplus>...
Page 650: No Spanning-Tree Errdisable-Timeout Enable
Chapter 44: RSTP Commands NO SPANNING-TREE ERRDISABLE-TIMEOUT ENABLE Syntax no spanning-tree errdisable-timeout enable Parameters None Mode Global Configuration mode Description Use this command to deactivate the timer for the RSTP BPDU guard feature. When the timer is deactivated, ports that the feature disables because they receive BPDU packets remain disabled until you manually activate them again with the NO SHUTDOWN command.
Page 651: No Spanning-Tree Loop-Guard
AT-9000 Switch Command Line User’s Guide NO SPANNING-TREE LOOP-GUARD Syntax no spanning-tree loop-guard Parameters None Mode Port Interface mode Description Use this command to disable the BPDU loop-guard feature on the ports. The default setting is disabled. Note Ports that are disabled by the loop-guard feature do not forward traffic again when you disable the feature.
Page 652: No Spanning-Tree Portfast Bpdu-Guard
Chapter 44: RSTP Commands NO SPANNING-TREE PORTFAST BPDU-GUARD Syntax no spanning-tree portfast bpdu-guard Parameters None Mode Port Interface mode Description Use this command to disable the BPDU guard feature on a port. Note Edge ports disabled by the BPDU guard feature remain disabled until you enable them with the management software.
Page 653: No Spanning-Tree Rstp Enable
AT-9000 Switch Command Line User’s Guide NO SPANNING-TREE RSTP ENABLE Syntax no spanning-tree rstp enable Parameters None Mode Global Configuration mode Description Use this command to disable RSTP on the switch. Note Before disabling the spanning tree protocol on the switch, display the RSTP states of the ports and disconnect the network cables from any ports that are in the discarding state.
Page 654: Show Spanning-Tree
Chapter 44: RSTP Commands SHOW SPANNING-TREE Syntax show spanning-tree Parameters None Modes Privileged Exec mode Description Use this command to display the RSTP settings on the switch. An example of the display is shown in Figure 121. % Default: Bridge up - Spanning Tree Disabled % Default: Bridge Priority 32768 % Default: Forward Delay 15 - Hello Time 2 - Max Age 20 % Default: Root Id 8000:eccd6d4d5bf9...
Page 655 AT-9000 Switch Command Line User’s Guide Example This example displays the RSTP settings on the switch: awplus# show spanning-tree...
Page 656: Spanning-Tree Errdisable-Timeout Enable
Chapter 44: RSTP Commands SPANNING-TREE ERRDISABLE-TIMEOUT ENABLE Syntax spanning-tree errdisable-timeout enable Parameters None Mode Global Configuration mode Description Use this command to activate the timer for the RSTP BPDU guard feature. The BPDU guard feature prevents unnecessary RSTP domain convergences by disabling edge ports if they receive BPDUs. When the timer is activated, the switch will automatically reactivate disabled ports.
Page 657: Spanning-Tree Errdisable-Timeout Interval
AT-9000 Switch Command Line User’s Guide SPANNING-TREE ERRDISABLE-TIMEOUT INTERVAL Syntax interval spanning-tree errdisable-timeout interval Parameters interval Specifies the number of seconds that ports remain disabled by the RSTP BPDU guard feature. The range is 10 to 1000000 seconds. The default is 300 seconds. Mode Global Configuration mode Description...
Page 658: Spanning-Tree Forward-Time
Chapter 44: RSTP Commands SPANNING-TREE FORWARD-TIME Syntax forwardtime spanning-tree forward-time Parameters forwardtime Specifies the forward time. The range is 4 to 30 seconds. The default is 15 seconds. Mode Global Configuration mode Description Use this command to set the forward time parameter to control how fast the ports change their spanning tree states when moving towards the forwarding state.
Page 659: Spanning-Tree Guard Root
AT-9000 Switch Command Line User’s Guide SPANNING-TREE GUARD ROOT Syntax spanning-tree guard root Parameters None Mode Port Interface mode Description Use this command to enable the Root Guard feature on the specified port. The Root Guard feature ensures that the port on which it is enabled is a designated port.
Page 660: Spanning-Tree Hello-Time
Chapter 44: RSTP Commands SPANNING-TREE HELLO-TIME Syntax hellotime spanning-tree hello-time Parameters hellotime Specifies the hello time. The range is 1 to 10 seconds. The default is 2 seconds. Mode Global Configuration mode Description Use this command to set the hello time parameter on the switch. This parameter controls how frequently the switch sends spanning tree configuration information when it is the root bridge or is trying to become the root bridge.
Page 661: Spanning-Tree Link-Type
AT-9000 Switch Command Line User’s Guide SPANNING-TREE LINK-TYPE Syntax spanning-tree link-type point-to-point|shared Parameters point-to-point Allows for rapid transition of a port to the forwarding state during the convergence process of the spanning tree domain. shared Disables rapid transition of a port. You may want to set link type to shared if a port is connected to a hub with multiple switches connected to it.
Page 662: Spanning-Tree Loop-Guard
Chapter 44: RSTP Commands SPANNING-TREE LOOP-GUARD Syntax spanning-tree loop-guard Parameters None Mode Port Interface mode Description Use this command to enable the BPDU loop-guard feature on the ports. If a port that has this feature activated stops receiving BPDU packets, the switch automatically disables it.
Page 663: Spanning-Tree Max-Age
AT-9000 Switch Command Line User’s Guide SPANNING-TREE MAX-AGE Syntax maxage spanning-tree max-age Parameters maxage Specifies the maximum age parameter. The range is 6 to 40 seconds. The default is 20 seconds. Mode Global Configuration mode Description Use this command to set the maximum age parameter on the switch. This parameter determines how long the switch retains bridge protocol data units (BPDUs) before it deletes them.
Page 664: Spanning-Tree Mode Rstp
Chapter 44: RSTP Commands SPANNING-TREE MODE RSTP Syntax spanning-tree mode rstp Parameters None Mode Global Configuration mode Description Use this command to designate RSTP as the active spanning tree protocol on the switch. After activating the protocol, you can enable or disable the spanning tree protocol and set the switch or port parameters.
Page 665: Spanning-Tree Path-Cost
AT-9000 Switch Command Line User’s Guide SPANNING-TREE PATH-COST Syntax path-cost spanning-tree path-cost Parameters path-cost Specifies the cost of a port to the root bridge. The range is 1 to 200000000. Mode Port Interface mode Description Use this command to specify the cost of a port to the root bridge. This cost is combined with the costs of the other ports in the path to the root bridge, to determine the total path cost.
Page 666: Spanning-Tree Portfast
Chapter 44: RSTP Commands SPANNING-TREE PORTFAST Syntax spanning-tree portfast Parameters None Mode Port Interface mode Description Use this command to designate edge ports on the switch. Edge ports are not connected to spanning tree devices or to LANs that have spanning tree devices.
Page 667: Spanning-Tree Portfast Bpdu-Guard
AT-9000 Switch Command Line User’s Guide SPANNING-TREE PORTFAST BPDU-GUARD Syntax spanning-tree portfast bpdu-guard Parameters None Mode Port Interface mode Description Use this command to enable the BPDU guard feature so that the switch monitors edge ports and disables them if they receive BPDU packets. To disable an edge port that was disabled by the BPDU guard feature, use the NO SPANNING-TREE PORTFAST BPDU-GUARD command.
Page 668: Spanning-Tree Priority (Bridge Priority)
Chapter 44: RSTP Commands SPANNING-TREE PRIORITY (Bridge Priority) Syntax priority spanning-tree priority Parameters priority Specifies a priority number for the switch. The range is 0 to 61440, in increments of 4096. Mode Global Configuration mode Description Use this command to assign the switch a priority number. The device that has the lowest priority number in the spanning tree domain becomes the root bridge.
Page 669: Spanning-Tree Priority (Port Priority)
AT-9000 Switch Command Line User’s Guide SPANNING-TREE PRIORITY (Port Priority) Syntax priority spanning-tree priority Parameters priority Specifies the priority value for a port. The range is 0 to 240, in increments of 16. Mode Port Interface mode Description Use this command to set the priority value of a port. This parameter is used as a tie breaker when two or more ports have equal costs to the root bridge.
Page 670: Spanning-Tree Rstp Enable
Chapter 44: RSTP Commands SPANNING-TREE RSTP ENABLE Syntax spanning-tree rstp enable Parameters None Mode Global Configuration mode Description Use this command to enable the Rapid Spanning Tree Protocol on the switch. You cannot enable RSTP until you have activated it with “SPANNING-TREE MODE RSTP”...
Page 671: Chapter 45: Multiple Spanning Tree Protocol (Mstp)
Chapter 45 Multiple Spanning Tree Protocol (MSTP) This chapter provides background information about the Multiple Spanning Tree Protocol (MSTP). It covers the following topics: “Overview” on page 672  “Multiple Spanning Tree Instance (MSTI)” on page 673  “MSTI Guidelines” on page 675 ...
Page 672: Overview
MSTP. If you are not familiar with spanning tree or RSTP, review “Overview” on page 592. Note Do not activate MSTP on an AT-9000 Allied Telesis Switch without first familiarizing yourself with the following concepts and guidelines. Unlike STP and RSTP, you cannot activate this spanning tree protocol on a switch without first configuring the protocol parameters.
Page 673: Multiple Spanning Tree Instance (Msti)
AT-9000 Switch Command Line User’s Guide Multiple Spanning Tree Instance (MSTI) The individual spanning trees in MSTP are referred to as Multiple Spanning Tree Instances (MSTIs). An MSTI can span any number of AT- 9000 Switches. The switch can support up to 15 MSTIs at a time. To create an MSTI, you first assign it a number, referred to as the MSTI ID.
Page 674: Figure 123: Mstp Example Of Two Spanning Tree Instances
Chapter 45: Multiple Spanning Tree Protocol (MSTP) Figure 123. MSTP Example of Two Spanning Tree Instances An MSTI can contain more than one VLAN. This is illustrated in Figure 124 where there are two AT-9000 Switches with four VLANs. There are two MSTIs, each containing two VLANs.
Page 675: Msti Guidelines
AT-9000 Switch Command Line User’s Guide MSTI Guidelines Following are several guidelines to keep in mind about MSTIs: The AT-9000 Switch can support up to 15 spanning tree instances,  including the Common and Internal Spanning Tree (CIST). An MSTI can contain any number of VLANs. ...
Page 676: Vlan And Msti Associations
Chapter 45: Multiple Spanning Tree Protocol (MSTP) VLAN and MSTI Associations Part of the task to configuring MSTP involves assigning VLANs to spanning tree instances. The mapping of VLANs to MSTIs is called associations. A VLAN, either port-based or tagged, can belong to only one instance at a time, but an instance can contain any number of VLANs.
Page 677: Ports In Multiple Mstis
AT-9000 Switch Command Line User’s Guide Ports in Multiple MSTIs A port can be a member of more than one MSTI at a time if it is a tagged member of one or more VLANs assigned to different MSTIs. In this circumstance, a port might be have to operate in different spanning tree states simultaneously, depending on the requirements of the MSTIs.
Page 678: Multiple Spanning Tree Regions
Chapter 45: Multiple Spanning Tree Protocol (MSTP) Multiple Spanning Tree Regions Another important concept of MSTP is regions. An MSTP region is defined as a group of bridges that share exactly the same MSTI characteristics. These characteristics are: Configuration name ...
Page 679: Table 66. Mstp Region
AT-9000 Switch Command Line User’s Guide Table 66 illustrates the concept of regions. It shows one MSTP region consisting of two AT-9000 Switches. Each switch in the region has the same configuration name and revision level. The switches also have the same five VLANs, and the VLANs are associated with the same MSTIs.
Page 680: Region Guidelines
Chapter 45: Multiple Spanning Tree Protocol (MSTP) Region Following are several points to remember about regions. Guidelines A network can contain any number of regions, and a region can  contain any number of AT-9000 Switches. The AT-9000 Switch can belong to only one region at a time. ...
Page 681: Common And Internal Spanning Tree (Cist)
AT-9000 Switch Command Line User’s Guide Common and MSTP has a default spanning tree instance called the Common and Internal Spanning Tree (CIST). This instance has an MSTI ID of 0. Internal Spanning Tree This instance has unique features and functions that make it different from (CIST) the MSTIs that you create yourself.
Page 682 Chapter 45: Multiple Spanning Tree Protocol (MSTP) An MSTP region can be considered as a virtual bridge. The implication is that other MSTP regions and STP and RSTP single-instance spanning trees cannot discern the topology or constitution of an MSTP region. The only bridge they are aware of is the regional root of the CIST instance.
Page 683: Summary Of Guidelines
AT-9000 Switch Command Line User’s Guide Summary of Guidelines Careful planning is essential for the successful implementation of MSTP. This section reviews all the rules and guidelines mentioned in earlier sections, and contains a few new ones: The AT-9000 Switch can support up to 15 spanning tree instances, ...
Page 684 Chapter 45: Multiple Spanning Tree Protocol (MSTP) Note The AlliedWare Plus MSTP implementation complies fully with the new IEEE 802.1s standard. Any other vendor’s fully compliant 802.1s implementation is interoperable with the AlliedWare Plus implementation.
Page 685: Associating Vlans To Mstis
AT-9000 Switch Command Line User’s Guide Associating VLANs to MSTIs Allied Telesis recommends that you assign all VLANs on a switch to an MSTI. You should not leave a VLAN assigned to just the CIST, including the Default_VLAN. This is to prevent the blocking of a port that should be in the forwarding state.
Page 686: Figure 126: Cist And Vlan Guideline - Example 2
Chapter 45: Multiple Spanning Tree Protocol (MSTP) Figure 126. CIST and VLAN Guideline - Example 2 When port 4 on switch B receives a BPDU, the switch notes the port sending the packet belongs only to CIST. Therefore, switch B uses CIST in determining whether a loop exists.
Page 687: Connecting Vlans Across Different Regions
AT-9000 Switch Command Line User’s Guide Connecting VLANs Across Different Regions Special consideration needs to be taken into account when you connect different MSTP regions or an MSTP region and a single-instance STP or RSTP region. Unless planned properly, VLAN fragmentation can occur between the VLANS of your network.
Page 688: Figure 128: Spanning Regions Without Blocking
Chapter 45: Multiple Spanning Tree Protocol (MSTP) There are several ways to address this issue. The first is to have only one MSTP region for each subnet in your network. Another approach is to group those VLANs that need to span regions into the same MSTI.
Page 689: Mstp Root Guard
AT-9000 Switch Command Line User’s Guide MSTP Root Guard The Root Guard feature enforces the root bridge placement in a network. It ensures the port that you have configured with the Root Guard feature is a designated port. Normally, root bridge ports are all designated ports, unless two or more ports of the root bridge are connected.
Page 690 Chapter 45: Multiple Spanning Tree Protocol (MSTP)
Page 691: Chapter 46: Mstp Commands
Chapter 46 MSTP Commands The MSTP commands are summarized in Table 68 and described in detail within the chapter. Table 68. Multiple Spanning Tree Protocol Commands Command Mode Description “INSTANCE MSTI-ID PRIORITY” on Interface Sets the port priority for an MST page 693 Configuration instance (MSTI).
Page 692 Chapter 46: MSTP Commands Table 68. Multiple Spanning Tree Protocol Commands (Continued) Command Mode Description “SPANNING-TREE MSTP ENABLE” Global Designates the MSTP mode on the on page 707 Configuration switch. “SPANNING-TREE MST Global Enters the MST Configuration mode. CONFIGURATION” on page 708 Configuration “SPANNING-TREE MST INSTANCE”...
Page 693: Instance Msti-Id Priority
AT-9000 Switch Command Line User’s Guide INSTANCE MSTI-ID PRIORITY Syntax priority instance msti-id priority Parameters priority Specifies a port priority. The range is 0 to 61440, in increments of 4096. Mode Interface Configuration mode Description Use this command to set the port priority for an MST instance (MSTI). This command sets the value of the priority field contained in the port identifier.
Page 694 Chapter 46: MSTP Commands Table 69. MSTP Bridge Priority Value Increments (Continued) Bridge Bridge Increment Increment Priority Priority 28672 61440 Use the no command, NO INSTANCE MSTI-ID PRIORITY, to restore the default priority value of 32768. Confirmation Command “SHOW RUNNING-CONFIG” on page 158 Example This example assigns MSTI ID 3 a priority of 4096 to port 4: awplus>...
Page 695: Instance Msti-Id Vlan
AT-9000 Switch Command Line User’s Guide INSTANCE MSTI-ID VLAN Syntax vidlist instance msti-id vlan Parameters Specifies a VLAN ID. vidlist Specifies a list of VLAN IDs. Mode Port Interface mode Description Use this command to permit MSTP to create an instance and associate an instance with one or more VLANs.
Page 696: No Spanning-Tree Errdisable-Timeout Enable
Chapter 46: MSTP Commands NO SPANNING-TREE ERRDISABLE-TIMEOUT ENABLE Syntax spanning-tree errdisable-timeout enable Parameters None Mode Global Configuration mode Description Use this command to deactivate the timer for the MSTP BPDU guard feature. When the timer is deactivated, ports that the feature disables because they receive BPDU packets remain disabled until you manually activate them again with the NO SHUTDOWN command.
Page 697: No Spanning-Tree Portfast
AT-9000 Switch Command Line User’s Guide NO SPANNING-TREE PORTFAST Syntax no spanning-tree portfast Parameters None Mode Port Interface mode Description Use this command to remove ports as edge ports on the switch. This command is equivalent to “NO SPANNING-TREE PORTFAST” on page 649.
Page 698: No Spanning-Tree Mstp Enable
Chapter 46: MSTP Commands NO SPANNING-TREE MSTP ENABLE Syntax no spanning-tree mstp enable Parameters None Mode Global Configuration mode Description Use this command to disable MSTP on the switch. Note Before disabling the spanning tree protocol on the switch, display the MSTP states of the ports and disconnect the network cables from any ports that are in the discarding state.
Page 699: Show Spanning-Tree
AT-9000 Switch Command Line User’s Guide SHOW SPANNING-TREE Syntax show spanning-tree Parameters None Modes Privileged Exec mode Description Use this command to display the MSTP settings on the switch. An example of the display is shown in Figure 129. % Default: Bridge up - Spanning Tree Enabled % Default: CIST Root Path Cost 0 - CIST Root Port 0 - CIST Bridge Priority 32768 % Default: Forward Delay 15 - Hello Time 2 - Max Age 20 - Max-hops 20 % Default: CIST Root Id 8000:eccd6d1e5228...
Page 700: Show Spanning-Tree Mst Config
Chapter 46: MSTP Commands SHOW SPANNING-TREE MST CONFIG Syntax show spanning-tree mst config Parameters None Mode Privileged Executive Mode Description Use this command to display the MSTP configuration information for a bridge. Use the display to check that the digest is the same on this device as for all other devices in the same region.
Page 701: Show Spanning-Tree Mst
AT-9000 Switch Command Line User’s Guide SHOW SPANNING-TREE MST Syntax show spanning-tree mst Parameters None Mode Privileged Executive Mode Description Use this command to display the MST to VLAN port mapping. Example This example displays the MST to VLAN port mappings: awplus>...
Page 702: Show Spanning-Tree Mst Instance
Chapter 46: MSTP Commands SHOW SPANNING-TREE MST INSTANCE Syntax msti-id show spanning-tree mst instance < > Parameters instance Specifies an instance ID. The range is from 1 to 15. Mode Privileged Executive Mode Description Use this command to display detailed information for a particular instance and all switch ports associated with that instance.
Page 703: Spanning-Tree Errdisable-Timeout Enable
AT-9000 Switch Command Line User’s Guide SPANNING-TREE ERRDISABLE-TIMEOUT ENABLE Syntax spanning-tree errdisable-timeout enable Parameters None Mode Global Configuration mode Description Use this command to activate the timer for the BPDU guard feature. The BPDU guard feature prevents unnecessary domain convergences by disabling edge ports if they receive BPDUs.
Page 704: Spanning-Tree Errdisable-Timeout Interval
Chapter 46: MSTP Commands SPANNING-TREE ERRDISABLE-TIMEOUT INTERVAL Syntax interval spanning-tree errdisable-timeout interval Parameters interval Specifies the number of seconds that ports remain disabled by the BPDU guard feature. The range is 10 to 1000000 seconds. The default is 300 seconds. Mode Global Configuration mode Description...
Page 705: Spanning-Tree Guard Root
AT-9000 Switch Command Line User’s Guide SPANNING-TREE GUARD ROOT Syntax spanning-tree guard root Parameters None Mode Port Interface mode Description Use this command to enable the Root Guard feature on the specified port. The Root Guard feature ensures that the port on which it is enabled is a designated port.
Page 706: Spanning-Tree Mode Mstp
Chapter 46: MSTP Commands SPANNING-TREE MODE MSTP Syntax spanning-tree mode mstp Parameters None Mode Global Configuration mode Description Use this command to set MSTP as the spanning tree protocol mode. Confirmation Command “SHOW RUNNING-CONFIG” on page 158 Example This example sets MSTP as the spanning tree protocol mode: awplus>...
Page 707: Spanning-Tree Mstp Enable
AT-9000 Switch Command Line User’s Guide SPANNING-TREE MSTP ENABLE Syntax spanning-tree mstp enable Parameters None Mode Global Configuration mode Description Use this command to designate MSTP as the active spanning tree protocol on the switch. After activating the protocol, you can enable or disable the spanning tree protocol and set the switch or port parameters.
Page 708: Spanning-Tree Mst Configuration
Chapter 46: MSTP Commands SPANNING-TREE MST CONFIGURATION Syntax spanning-tree mst configuration Parameters None Mode Global Configuration mode Description Use this command to enter the MST mode. Note Only one spanning tree protocol, STP, RSTP, or MSTP, can be active on the switch. Confirmation Command “SHOW SPANNING-TREE”...
Page 709: Spanning-Tree Mst Instance
AT-9000 Switch Command Line User’s Guide SPANNING-TREE MST INSTANCE Syntax instance spanning-tree mst <1-15> Parameters instance Specifies an instance ID. The range is from 1 to 15. Mode Interface Configuration mode Description Use this command to associate a Multiple Spanning Tree instance (MSTI) with a port.
Page 710: Spanning-Tree Path-Cost
Chapter 46: MSTP Commands SPANNING-TREE PATH-COST Syntax path-cost spanning-tree path-cost Parameters path-cost Specifies the cost of a port to the root bridge. The range is 1 to 200000000. Mode Port Interface mode Description Use this command to specify the cost of a port to the root bridge. This cost is combined with the costs of the other ports in the path to the root bridge, to determine the total path cost.
Page 711: Spanning-Tree Portfast
AT-9000 Switch Command Line User’s Guide SPANNING-TREE PORTFAST Syntax spanning-tree portfast Parameters None Mode Port Interface mode Description Use this command to designate edge ports on the switch. Edge ports are not connected to spanning tree devices or to LANs that have spanning tree devices.
Page 712: Spanning-Tree Portfast Bpdu-Guard
Chapter 46: MSTP Commands SPANNING-TREE PORTFAST BPDU-GUARD Syntax spanning-tree portfast bpdu-guard Parameters None Mode Global Configuration mode Description Use this command to enable the Root Guard feature on the switch which protects the switch from receiving superior BPDUs. Use the no version of this command, NO SPANNING-TREE PORTFAST BPDU-GUARD, to disable the root guard feature on a switch.
Page 713: Region
AT-9000 Switch Command Line User’s Guide REGION Syntax <region-name> region Parameters region-name Specifies the name of an MST region. Up to 32 characters. Mode MSTP Configuration mode Description Use this command to name the MSTP Region. Confirmation Command “SHOW RUNNING-CONFIG” on page 158 or “SHOW SPANNING-TREE” on page 699 Example This example names the MSTP region “santa clara county:”...
Page 714: Revision
Chapter 46: MSTP Commands REVISION Syntax <revision-number> revision Parameters revision-number Specifies the revision number. The range is 0 to 255. Mode MST Configuration mode Description Use this command to specify the revision number of the current MST configuration. This value is an arbitrary value that you assign to an MST region.
Page 715: Section Vii: Virtual Lans
Section VII Virtual LANs This section contains the following chapters: Chapter 47, “Port-based and Tagged VLANs” on page 717  Chapter 48, “Port-based and Tagged VLAN Commands” on page 741  Chapter 49, “GARP VLAN Registration Protocol” on page 761 ...
Page 717: Chapter 47: Port-Based And Tagged Vlans
Chapter 47 Port-based and Tagged VLANs This chapter covers the following topics: “Overview” on page 718  “Port-based VLAN Overview” on page 720  “Tagged VLAN Overview” on page 726  “Creating VLANs” on page 731  “Adding Untagged Ports to VLANs” on page 732 ...
Page 718: Overview
Chapter 47: Port-based and Tagged VLANs Overview A VLAN is a group of ports that form a logical Ethernet segment on an Ethernet switch. The ports of a VLAN form an independent traffic domain in which the traffic generated by the nodes remains within the VLAN. VLANs let you segment your network through the switch’s management software so that you can group nodes with related functions into their own separate, logical LAN segments.
Page 719 AT-9000 Switch Command Line User’s Guide Virtual LANs can also span more than one switch. This makes it possible to create VLANs of end nodes that are connected to switches located in different physical locations. The switch supports the following types of VLANs you can create yourself: Port-based VLANs ...
Page 720: Port-Based Vlan Overview
Chapter 47: Port-based and Tagged VLANs Port-based VLAN Overview As the “Overview” on page 718 explains, a VLAN consists of a group of ports that form an independent traffic domain on one or more Ethernet switches. Traffic generated by the end nodes remain within their respective VLANs and does not cross over to the end nodes of other VLANs unless there is an interconnection device, such as a router or Layer 3 switch.
Page 721: Port Vlan Identifier
AT-9000 Switch Command Line User’s Guide For example, if you had a port-based VLAN named Marketing that spanned three switches, assign the Marketing VLAN on each switch the same VID. You can assign this number manually or allow the management software to do it automatically.
Page 722: Guidelines To Creating A Port-Based Vlan
Chapter 47: Port-based and Tagged VLANs Guidelines to Below are the guidelines to creating a port-based VLAN. Creating a Port- Each port-based VLAN must be assigned a unique VID. If a  based VLAN particular VLAN spans multiples switches, each part of the VLAN on the different switches should be assigned the same VID.
Page 723: Port-Based Example 1
AT-9000 Switch Command Line User’s Guide Port-based Figure 132 illustrates an example of one AT-9000 switch with three port- based VLANs. (The Default VLAN is not shown in the following examples.) Example 1 Engineering VLAN (VID 3) Sales VLAN Production VLAN (VID 2) (VID 4) AT-9000/28 Gigabit...
Page 724: Port-Based Example 2
Chapter 47: Port-based and Tagged VLANs Port-based Figure 133 on page 724 illustrates more port-based VLANs. In this example, two VLANs, Sales and Engineering, span two switches. Example 2 Engineering VLAN (VID 3) Sales VLAN (VID 2) Production VLAN (VID 4) AT-9000/28 Gigabit Ethernet Switch Router...
Page 725 AT-9000 Switch Command Line User’s Guide The table below lists the port assignments for the Sales, Engineering, and Production VLANs on the switches: Switch Sales VLAN Engineering VLAN Production VLAN (VID 2) (VID 3) (VID 4) AT-9000 Switch Ports 1 - 6 Ports 9 - 13 Ports 17, 19 - 21 (top)
Page 726: Tagged Vlan Overview
Chapter 47: Port-based and Tagged VLANs Tagged VLAN Overview The second type of VLAN is the tagged VLAN. VLAN membership in a tagged VLAN is determined by information within the frames that are received on a port. This differs from a port-based VLAN, where the PVIDs assigned to the ports determine VLAN membership.
Page 727: Tagged And Untagged Ports
AT-9000 Switch Command Line User’s Guide Note For explanations of VLAN name and VLAN identifier, refer back to “VLAN Name” on page 720 and “VLAN Identifier” on page 720. Tagged and You need to specify which ports will be members of the VLAN. In the case of a tagged VLAN, it is usually a combination of both untagged ports and Untagged Ports tagged ports.
Page 728: Tagged Vlan Example
Chapter 47: Port-based and Tagged VLANs Tagged VLAN Figure 134 illustrates how tagged ports can be used to interconnect IEEE 802.1q based products. Example Engineering VLAN (VID 3) Sales VLAN (VID 2) Production VLAN (VID 4) Legacy Server AT-9000/28 Gigabit Ethernet Switch IEEE 802.1Q-compliant Server...
Page 729: Table 70. Vlan Port Assignments
AT-9000 Switch Command Line User’s Guide The port assignments for the VLANs are described in Table 70. Table 70. VLAN Port Assignments Switch Engineering VLAN Production VLAN Sales VLAN (VID 2) (VID 3) (VID 4) Untagged Tagged Untagged Tagged Untagged Tagged Ports Ports...
Page 730 Chapter 47: Port-based and Tagged VLANs This example is nearly identical to the “Port-based Example 2” on page 724. Tagged ports have been added to simplify network implementation and management. One of the tagged ports is port 2 on the top switch. This port has been made a tagged member of the three VLANs.
Page 731: Creating Vlans
AT-9000 Switch Command Line User’s Guide Creating VLANs To create VLANs, use the VLAN command in the VLAN Configuration mode. You must specify a name and a VID for a new VLAN in the command. A name can have up to 20 characters. Giving the VLANs unique names make them easier to identify.
Page 732: Adding Untagged Ports To Vlans
Chapter 47: Port-based and Tagged VLANs Adding Untagged Ports to VLANs To add a port to a VLAN as an untagged port, it may be necessary to first set its mode with the SWITCHPORT MODE ACCESS command in the Port Interface mode. Once a port’s mode is set to access, it functions as an untagged port.
Page 733 AT-9000 Switch Command Line User’s Guide This example designates ports 11 to 18 as untagged ports of a VLAN with the VID 4. The SWITCHPORT MODE ACCESS command is omitted because the example assumes the ports are already designated as untagged ports: awplus>...
Page 734: Adding Tagged Ports To Vlans
Chapter 47: Port-based and Tagged VLANs Adding Tagged Ports to VLANs There are three steps to adding ports as tagged ports to VLANs: 1. Set the mode of the ports to trunk so that they function as tagged ports. This is performed with the SWITCHPORT MODE TRUNK command.
Page 735 AT-9000 Switch Command Line User’s Guide This example adds ports 18 to 21 as tagged members to VLANs with the VIDs 7 and 13: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.18-port1.0.21 awplus(config-if)# switchport mode trunk awplus(config-if)# switchport trunk allowed vlan add 7,13 Although tagged ports are primarily intended to handle tagged packets, they may also handle untagged packets.
Page 736: Removing Untagged Ports From Vlans
Chapter 47: Port-based and Tagged VLANs Removing Untagged Ports from VLANs To remove untagged ports from their current VLAN assignments and return them back to the Default VLAN, use the NO SWITCHPORT ACCESS VLAN command in the Port Interface mode. You do not specify a VLAN ID number in the command because a port can be an untagged member of just one VLAN at a time.
Page 737: Removing Tagged Ports From Vlans
AT-9000 Switch Command Line User’s Guide Removing Tagged Ports from VLANs Use the SWITCHPORT TRUNK ALLOWED VLAN command to remove ports as tagged members from VLANs. This command is actually used for both adding and removing tagged ports. The format of the command when it is used to remove ports is shown here: none|remove vid switchport trunk allowed vlan...
Page 738: Deleting Vlans
Chapter 47: Port-based and Tagged VLANs Deleting VLANs To delete VLANs from the switch, use the NO VLAN command in the VLAN Configuration mode. You cannot delete the Default_VLAN. The untagged ports of deleted VLANs are automatically returned back to the Default_VLAN.
Page 739: Displaying The Vlans
AT-9000 Switch Command Line User’s Guide Displaying the VLANs To display the VLANs on the switch, use the SHOW VLAN ALL command in the User Exec mode and Privileged Exec mode: awplus# show vlan all An example of the information is shown in Figure 135. VLAN ID Name Type...
Page 740 Chapter 47: Port-based and Tagged VLANs...
Page 741: Chapter 48: Port-Based And Tagged Vlan Commands
Chapter 48 Port-based and Tagged VLAN Commands The VLAN commands are summarized in Table 71 and described in detail within the chapter. Table 71. Port-based and Tagged VLAN Commands Command Mode Description “NO SWITCHPORT ACCESS VLAN” Port Interface Removes untagged ports from on page 742 VLANs.
Page 742: No Switchport Access Vlan
Chapter 48: Port-based and Tagged VLAN Commands NO SWITCHPORT ACCESS VLAN Syntax no switchport access vlan Parameters None Mode Port Interface mode Description Use this command to return untagged ports to the Default_VLAN. Note You cannot return ports to the Default_VLAN if they are set to the authenticator role for 802.1x port-based network access control.
Page 743: No Switchport Trunk
AT-9000 Switch Command Line User’s Guide NO SWITCHPORT TRUNK Syntax no switchport trunk Parameters None Mode Port Interface mode Description Use this command to remove the trunk mode from ports. Ports cannot be assigned as tagged ports to VLANs once the trunk mode has been removed.
Page 744: No Switchport Trunk Native Vlan
Chapter 48: Port-based and Tagged VLAN Commands NO SWITCHPORT TRUNK NATIVE VLAN Syntax no switchport trunk native vlan Parameters None Mode Port Interface mode Description Use this command to reestablish the Default_VLAN as the native VLAN of tagged ports. The native VLAN of a tagged port specifies the appropriate VLAN for ingress and egress untagged packets.
Page 745: No Vlan
AT-9000 Switch Command Line User’s Guide NO VLAN Syntax no vlan Parameters Specifies the VID of the VLAN you want to delete. Mode VLAN Configuration mode Description Use this command to delete port-based or tagged VLANs from the switch. Here are the guidelines to this command: You cannot delete the Default_VLAN.
Page 746: Show Vlan
Chapter 48: Port-based and Tagged VLAN Commands SHOW VLAN Syntax show vlan |all Parameters Specifies the VID of the VLAN you want to display. Specifies all the VLANs on the switch to display. Modes User Exec mode and Privileged Exec mode Description Use this command to display all the tagged and untagged VLANs on the switch.
Page 747 AT-9000 Switch Command Line User’s Guide Table 72. SHOW VLAN Command (Continued) Parameter Description State The states of the VLANs. A VLAN has an Active state if it has at least one tagged or untagged port and an Inactive state if it does not have any ports.
Page 748: Switchport Access Vlan
Chapter 48: Port-based and Tagged VLAN Commands SWITCHPORT ACCESS VLAN Syntax switchport access vlan Parameters Specifies the ID number of the VLAN to which you want to add untagged ports. You can specify only one VID. Mode Port Interface mode Description Use this command to add untagged ports to VLANs.
Page 749 AT-9000 Switch Command Line User’s Guide Examples This example adds ports 5 and 7 as untagged ports to a VLAN with the VID 12: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.5,port1.0.7 awplus(config-if)# switchport access vlan 12 This example returns port 15 as an untagged port to the Default_VLAN, which has the VID 1: awplus>...
Page 750: Switchport Mode Access
Chapter 48: Port-based and Tagged VLAN Commands SWITCHPORT MODE ACCESS Syntax switchport mode access [ingress-filter enable|disable] Parameters enable Activates ingress filtering. disable Disables ingress filtering. Mode Port Interface mode Description Use this command to designate ports as untagged ports. This is the first command to adding ports as untagged ports to VLANs.
Page 751: Switchport Mode Trunk
AT-9000 Switch Command Line User’s Guide SWITCHPORT MODE TRUNK Syntax switchport mode trunk [ingress-filter enable|disable] Parameters enable Activates ingress filtering so the tagged port accepts only tagged packets that have one of its tagged VIDs. disable Disables ingress filtering so the tagged port accepts all tagged packets.
Page 752 Chapter 48: Port-based and Tagged VLAN Commands This example designates port 18 as a tagged port and disables ingress filtering so that it accepts all tagged packets: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.18 awplus(config-if)# switchport mode trunk ingress-filter disable...
Page 753: Switchport Trunk Allowed Vlan
AT-9000 Switch Command Line User’s Guide SWITCHPORT TRUNK ALLOWED VLAN Syntaxes for Adding Tagged Ports to VLANs switchport trunk allowed vlan all switchport trunk allowed vlan add switchport trunk allowed vlan except Syntaxes for Removing Tagged Ports from VLANs switchport trunk allowed vlan remove switchport trunk allowed vlan none Parameters vlan all...
Page 754 Chapter 48: Port-based and Tagged VLAN Commands Ports can be tagged members of more than one VLAN at a time.  The specified VLANs must already exist. To create VLANs, see  “VLAN” on page 758. Adding a port as a tagged member of a VLAN does not change its ...
Page 755 AT-9000 Switch Command Line User’s Guide This example adds ports 22 to 24 as tagged ports to all the VLANs, except for the VLAN with a VID of 11. The example assumes that the ports are already designated as tagged ports: awplus>...
Page 756: Switchport Trunk Native Vlan
Chapter 48: Port-based and Tagged VLAN Commands SWITCHPORT TRUNK NATIVE VLAN Syntax switchport trunk native vlan |none Parameters Specifies the VID of the VLAN that will act as the default VLAN for all ingress and egress untagged packets on the tagged port. You can enter just one VID.
Page 757 AT-9000 Switch Command Line User’s Guide This example reestablishes the Default_VLAN as the native VLAN for tagged ports 18 and 20: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.18,port1.0.20 awplus(config-if)# switchport trunk native vlan none...
Page 758: Vlan
Chapter 48: Port-based and Tagged VLAN Commands VLAN Syntax name vlan [name Parameters Specifies a VLAN identifier. The range is 2 to 4094. The VID 1 is reserved for the Default_VLAN. The VID cannot be the same as the VID of an existing VLAN on the switch. You can specify more than one VID to create more than one VLAN at a time.
Page 759 AT-9000 Switch Command Line User’s Guide Description Use this command to create port-based and tagged VLANs. You can create just one VLAN at a time. Confirmation Command “SHOW VLAN” on page 746 Examples This example creates a new VLAN with the VID 5 and the name Engineering: awplus>...
Page 760 Chapter 48: Port-based and Tagged VLAN Commands...
Page 761: Chapter 49: Garp Vlan Registration Protocol
Chapter 49 GARP VLAN Registration Protocol This chapter covers the following topics: “Overview” on page 762  “Guidelines” on page 765  “GVRP and Network Security” on page 766  “GVRP-inactive Intermediate Switches” on page 767  “Enabling GVRP on the Switch” on page 768 ...
Page 762: Overview
Chapter 49: GARP VLAN Registration Protocol Overview The GARP VLAN Registration Protocol (GVRP) allows network devices to share VLAN information and to use the information to modify existing VLANs or create new VLANs, automatically. This makes it easier to manage VLANs that span more than one switch. Without GVRP, you have to manually configure your switches to ensure that the various parts of the VLANs can communicate with each other across the different switches.
Page 763: Figure 137: Gvrp Example
AT-9000 Switch Command Line User’s Guide Figure 137 provides an example of how GVRP works. Port 1 Switch #1 Switch #3 Port 4 Static VLAN Static VLAN Sales VID 11 Sales VID 11 Port 3 Switch #2 Port 2 Figure 137. GVRP Example The example consists of three switches.
Page 764 Chapter 49: GARP VLAN Registration Protocol Without GVRP, you would have to manually add the Sales VLAN to switch #2. But with GVRP, the VLAN is added automatically. Here is how GVRP would resolve the problem in the example. 1. Port 1 on switch #1 sends to port 2 on switch #2 a PDU that contains the VIDs of all the VLANs on the switch, including VID 11 for the Sales VLAN.
Page 765: Guidelines
VLANs and static port assignments. The default port settings on the switch for GVRP are active,  meaning that the ports participate in GVRP. Allied Telesis recommends disabling GVRP on those ports that are connected to GVRP-inactive devices, meaning devices that do not feature GVRP.
Page 766: Gvrp And Network Security
Chapter 49: GARP VLAN Registration Protocol GVRP and Network Security GVRP should be used with caution because it can expose your network to unauthorized access. If a network intruder were to connect to a switch port running GVRP and transmit a bogus GVRP PDU containing VIDs of restricted VLANs, GVRP would make the port a member of the VLANs, giving the intruder access to restricted areas of your network.
Page 767: Gvrp-Inactive Intermediate Switches
AT-9000 Switch Command Line User’s Guide GVRP-inactive Intermediate Switches If two GVRP-active devices are separated by a GVRP-inactive switch, the GVRP-active devices may not be able to share VLAN information. There are two issues involved. The first is whether the intermediate switch forwards the GVRP PDUs that it receives from the GVRP-active switches.
Page 768: Enabling Gvrp On The Switch
Chapter 49: GARP VLAN Registration Protocol Enabling GVRP on the Switch The command for enabling GVRP on the switch is found in the Global Configuration mode. It is the GVRP ENABLE command. After the command is entered, the switch immediately begins to transmit PDUs from those ports where GVRP is enabled and to learn dynamic GVRP VLANs.
Page 769: Enabling Gip On The Switch
AT-9000 Switch Command Line User’s Guide Enabling GIP on the Switch The GARP Information Propagation (GIP) component can be enabled separately from GVRP on the switch. GIP must be enabled if the switch is using GVRP. The command for activating GIP is the GVRP APPLICANT STATE ACTIVE command in the Global Configuration mode.
Page 770: Enabling Gvrp On The Ports
Chapter 49: GARP VLAN Registration Protocol Enabling GVRP on the Ports To activate GVRP on the ports so that they transmit GVRP PDUs, use the GVRP REGISTRATION NORMAL command in the Port Interface mode. Because the default setting for GVRP on the ports is enabled, you should only need to use this command if you want to enable GVRP after disabling it on a port.
Page 771: Setting The Gvrp Timers
AT-9000 Switch Command Line User’s Guide Setting the GVRP Timers The switch has a Join Timer, a Leave Timer, and a Leave All Timer. You should not change the timers unless you understand their functions. (Refer to the IEEE 802.1p standard for the definitions.) The timers have to be set the same on all GARP-active network devices, and the Join Timer and Leave Timer have to be set according to the following equation: Join Timer <= (2 x (Leave Timer))
Page 772: Disabling Gvrp Timers On The Switch
Chapter 49: GARP VLAN Registration Protocol Disabling GVRP Timers on the Switch To disable GVRP timer configurations, use the NO GVRP TIMER commands in the Global Configuration mode. They are: no gvrp timer join no gvrp timer leave no gvrp timer leaveall Use these commands to reset GVRP timers to the default values for each individual parameter.
Page 773: Disabling Gvrp On The Ports
AT-9000 Switch Command Line User’s Guide Disabling GVRP on the Ports To disable GVRP on the ports, use the GVRP REGISTRATION NONE command in the Port Interface mode. This example of the command deactivates GVRP on ports 4 and 5: awplus>...
Page 774: Disabling Gip On The Switch
Chapter 49: GARP VLAN Registration Protocol Disabling GIP on the Switch You can disable the GARP Information Propagation (GIP) component separately from GVRP on the switch. GIP must be enabled if the switch is using GVRP. There is never any reason to disable GIP. Even if the switch is not performing GVRP, you can still leave GIP enabled.
Page 775: Disabling Gvrp On The Switch
AT-9000 Switch Command Line User’s Guide Disabling GVRP on the Switch To disable GVRP to stop the switch from learning any further dynamic VLANs or GVRP ports, use the NO GVRP ENABLE command in the Global Configuration mode. Here is the command. awplus>...
Page 776: Restoring The Gvrp Default Settings
Chapter 49: GARP VLAN Registration Protocol Restoring the GVRP Default Settings To disable GVRP and to return the timers to their default settings, use the PURGE GVRP command in the Global Configuration mode: awplus> enable awplus# configure terminal awplus(config)# purge gvrp For reference information, refer to “PURGE GVRP”...
Page 777: Displaying Gvrp
AT-9000 Switch Command Line User’s Guide Displaying GVRP Although there are five commands that display GVRP information, you will probably only need the SHOW GVRP TIMER command in the Privileged Exec mode. This command displays the status of GVRP and GIP on the switch and the three timer settings.
Page 778 Chapter 49: GARP VLAN Registration Protocol...
Page 779: Chapter 50: Garp Vlan Registration Protocol Commands
Chapter 50 GARP VLAN Registration Protocol Commands The GARP VLAN registration protocol commands are summarized in Table 73 and described in detail within the chapter. Table 73. GARP VLAN Registration Protocol Commands Command Mode Description “CONVERT DYNAMIC VLAN” on VLAN Converts dynamic GVRP VLANs and page 781 Configuration...
Page 780 Chapter 50: GARP VLAN Registration Protocol Commands Table 73. GARP VLAN Registration Protocol Commands (Continued) Command Mode Description “SHOW GVRP APPLICANT” on User Exec and Displays parameters for the GIP- page 794 Privileged Exec connected ring for the GARP application: “SHOW GVRP CONFIGURATION”...
Page 781: Convert Dynamic Vlan
AT-9000 Switch Command Line User’s Guide CONVERT DYNAMIC VLAN Syntax convert dynamic vlan Parameters None Mode VLAN Configuration mode Description Use this command to convert dynamic GVRP VLANs and dynamic GVRP port assignments to static VLANs and static port assignments. Example This example converts dynamic GVRP VLANs and dynamic GVRP port assignments to static VLANs and static port assignments on the switch:...
Page 782: Gvrp Applicant State Active
Chapter 50: GARP VLAN Registration Protocol Commands GVRP APPLICANT STATE ACTIVE Syntax gvrp applicant state active Parameters None Mode Global Configuration mode Description Use this command to enable GIP on the switch. GIP must be enabled for GVRP to operate properly. Example This example enables GIP on the switch: awplus>...
Page 783: Gvrp Applicant State Normal
AT-9000 Switch Command Line User’s Guide GVRP APPLICANT STATE NORMAL Syntax gvrp applicant state normal Parameters None Mode Global Configuration mode Description Use this command to disable GIP on the switch. Note Do not disable GIP if the switch is running GVRP. GIP is required for proper GVRP operation.
Page 784: Gvrp Enable
Chapter 50: GARP VLAN Registration Protocol Commands GVRP ENABLE Syntax gvrp enable Parameters None Mode Global Configuration mode Description Use this command to enable GVRP on the switch. Example This example enables GVRP on the switch: awplus> enable awplus# configure terminal awplus(config)# gvrp enable...
Page 785: Gvrp Registration
AT-9000 Switch Command Line User’s Guide GVRP REGISTRATION Syntax normal|none gvrp registration Parameters normal Enables GVRP on a port. This is the default setting. none Disables GVRP on a port. Mode Port Interface mode Description Use this command to enable or disable GVRP on a port. A port where GVRP is enabled transmits GVRP PDUs.
Page 786: Gvrp Timer Join
Chapter 50: GARP VLAN Registration Protocol Commands GVRP TIMER JOIN Syntax value gvrp timer join Parameters value Specifies the Join Timer in centiseconds, which are one hundredths of a second. The range is 20 to 60 centiseconds. The default is 20 centiseconds. Mode Global Configuration mode Description...
Page 787: Gvrp Timer Leave
AT-9000 Switch Command Line User’s Guide GVRP TIMER LEAVE Syntax value gvrp timer leave Parameters value Specifies the Leave Timer in centiseconds, which are one hundredths of a second. The range is 30 to 180 centiseconds. The default is 60 centiseconds. Mode Global Configuration mode Description...
Page 788: Gvrp Timer Leaveall
Chapter 50: GARP VLAN Registration Protocol Commands GVRP TIMER LEAVEALL Syntax value gvrp timer leaveall Parameters value Specifies the Leave All Timer in centiseconds. The range is 500 to 3000 centiseconds. The default is 1000 centiseconds. Mode Global Configuration mode Description Use this command to set the GARP Leave All timer.
Page 789: No Gvrp Enable
AT-9000 Switch Command Line User’s Guide NO GVRP ENABLE Syntax no gvrp enable Parameters None Mode Global Configuration mode Description Use this command to disable GVRP on the switch. Example This example disables GVRP on the switch: awplus> enable awplus# configure terminal awplus(config)# no gvrp enable...
Page 790: No Gvrp Timer Join
Chapter 50: GARP VLAN Registration Protocol Commands NO GVRP TIMER JOIN Syntax no gvrp timer join Parameters None Mode Global Configuration mode Description Use this command to disable GVRP Join Timer configurations and return the GVRP Join Timer to its default value. This timer must only be disabled in relation to the GVRP Leave Timer according to the following equation: Join Timer <= (2 x (GVRP Leave Timer)) Note...
Page 791: No Gvrp Timer Leave
AT-9000 Switch Command Line User’s Guide NO GVRP TIMER LEAVE Syntax no gvrp timer leave value Parameters None Mode Global Configuration mode Description Use this command to disable the GARP Leave Timer and return the GVRP Leave Timer to its default value. This timer must only be disabled in relation to the GVRP Join Timer according to the following equation: Join Timer <= (2 x (GVRP Leave Timer)) Note...
Page 792: No Gvrp Timer Leaveall
Chapter 50: GARP VLAN Registration Protocol Commands NO GVRP TIMER LEAVEALL Syntax no gvrp timer leaveall Parameters None Mode Global Configuration mode Description Use this command to disable the GARP Leave All timer and return the GVRP Leave All timer to its default value. Note The settings for this timer must be the same on all GVRP-active network devices.
Page 793: Purge Gvrp
AT-9000 Switch Command Line User’s Guide PURGE GVRP Syntax purge gvrp Parameters None Mode Global Configuration mode Description Use this command to disable GVRP on the switch and to return the timers to their default values. Example This example disables GVRP on the switch and returns the timers to their default values: awplus>...
Page 794: Show Gvrp Applicant
Chapter 50: GARP VLAN Registration Protocol Commands SHOW GVRP APPLICANT Syntax show gvrp applicant Parameter None Mode Privileged Exec mode Description Use this command to display the following parameters for the GIP- connected ring for the GARP application: GARP Application ...
Page 795: Show Gvrp Configuration
AT-9000 Switch Command Line User’s Guide SHOW GVRP CONFIGURATION Syntax show gvrp configuration Parameters None Mode Privileged Exec mode Description Use this command to display the following parameters for the internal database for the GARP application. Each attribute is represented by a GID index within the GARP application.
Page 796: Show Gvrp Machine
Chapter 50: GARP VLAN Registration Protocol Commands SHOW GVRP MACHINE Syntax show gvrp machine Parameter None Mode Privileged Exec mode Description Use this command to display the following parameters for the GID state machines for the GARP application. The output is shown on a per-GID index basis;...
Page 797: Show Gvrp Statistics
AT-9000 Switch Command Line User’s Guide SHOW GVRP STATISTICS Syntax show gvrp statistics Parameter None Mode Privileged Exec mode Description Use this command to display the current values of the following GARP packet and message counters: GARP application  Receive: Total GARP Packets ...
Page 798 Chapter 50: GARP VLAN Registration Protocol Commands Receive GARP Messages: Empty  Transmit GARP Messages: Empty  Receive GARP Messages: Bad Message  Receive GARP Messages: Bad Attribute  Example This example displays the values of GARP packet and message counters: awplus# show gvrp statistics...
Page 799: Show Gvrp Timer
AT-9000 Switch Command Line User’s Guide SHOW GVRP TIMER Syntax show gvrp timer Parameter None Mode Privileged Exec mode Description Use this command to display the current values for the following GARP application parameters: GARP application protocol  GVRP status ...
Page 800 Chapter 50: GARP VLAN Registration Protocol Commands...
Page 801: Chapter 51: Mac Address-Based Vlans
Chapter 51 MAC Address-based VLANs This chapter contains the following topics: “Overview” on page 802  “Guidelines” on page 807  “General Steps” on page 808  “Creating MAC Address-based VLANs” on page 809  “Adding MAC Addresses to VLANs and Designating Egress Ports” on ...
Page 802: Overview
Chapter 51: MAC Address-based VLANs Overview As explained in Chapter 47, “Port-based and Tagged VLANs” on page 717, VLANs are used to create independent LAN segments within a network and are typically employed to improve network performance or security. The AT-9000 Switch offers several different types of VLANs, including port-based, tagged, and private VLANs.
Page 803: Table 74. Mappings Of Mac Addresses To Egress Ports Example
AT-9000 Switch Command Line User’s Guide Table 74. Mappings of MAC Addresses to Egress Ports Example Switch Egress MAC address End Node Port 00:30:84:54:1A:45 Workstation 1 (Port 1) 5, 6 00:30:84:C3:5A:11 Workstation 2 (Port 2) 5, 6 00:30:84:22:67:17 Workstation 3 (Port 3) 5, 6 00:30:84:78:75:1C Workstation 4 (Port 4)
Page 804: Table 75. Revised Example Of Mappings Of Mac Addresses To Egress Ports
Chapter 51: MAC Address-based VLANs Table 75. Revised Example of Mappings of MAC Addresses to Egress Ports MAC Address End Node Egress Port 00:30:84:54:1A:45 Workstation 1 (Port 1) 00:30:84:C3:5A:11 Workstation 2 (Port 2) 00:30:84:22:67:17 Workstation 3 (Port 3) 00:30:84:78:75:1C Workstation 4 (Port 4) 00:30:79:7A:11:10 Server (Port 5) 00:30:42:53:10:3A...
Page 805: Vlans That Span Switches
AT-9000 Switch Command Line User’s Guide If the packet’s destination MAC address is in the MAC address  table, but the port where the address was learned is not one of the VLAN’s egress ports, the switch discards the packet. VLANs that Span To create a MAC address-based VLAN that spans switches, you must replicate the MAC addresses of the VLAN nodes on all the switches where...
Page 806: Vlan Hierarchy
Chapter 51: MAC Address-based VLANs Table 76. Example of a MAC Address-based VLAN Spanning Switches Switch A Switch B VLAN Name: Sales VLAN Name: Sales MAC Address Egress Ports MAC Address Egress Ports Address_1 1,3,4,5 Address_1 11,12,14,16 Address_2 Address_2 Address_3 Address_3 Address_4 Address_4...
Page 807: Guidelines
AT-9000 Switch Command Line User’s Guide Guidelines Here are the guidelines to MAC address-based VLANs: The switch can support up to a total of 4094 port-based, tagged,  private, and MAC address-based VLANs. The egress ports of a MAC address-based VLAN function as a ...
Page 808: General Steps
Chapter 51: MAC Address-based VLANs General Steps There are three main steps to creating a MAC address-based VLAN: 1. Use the VLAN MACADDRESS command in the VLAN Configuration mode to assign a name and a VID to the new VLAN, and to designate the VLAN as a MAC address-based VLAN.
Page 809: Creating Mac Address-Based Vlans
AT-9000 Switch Command Line User’s Guide Creating MAC Address-based VLANs The VLAN MACADDRESS command in the VLAN Configuration mode is the first command to creating this type of VLAN. This command assigns a new VLAN a name and a VID. Here is the format of the command: name macaddress vlan...
Page 810: Adding Mac Addresses To Vlans And Designating Egress Ports
Chapter 51: MAC Address-based VLANs Adding MAC Addresses to VLANs and Designating Egress Ports The MAC addresses and egress ports are specified with the VLAN SET MACADDRESS command in the Global Configuration mode and Port Interface mode. Enter the command in the Global Configuration mode when you want to add MAC addresses to VLANs.
Page 811: Removing Mac Addresses
AT-9000 Switch Command Line User’s Guide Removing MAC Addresses To remove MAC addresses from egress ports in a MAC address-based VLAN, use the NO VLAN MACADDRESS command in the Port Interface mode. This example of the command removes the MAC address 11:8A:92:CE:76:28 from ports 6 to 8, in a VLAN that has the VID 23: awplus>...
Page 812: Deleting Vlans
Chapter 51: MAC Address-based VLANs Deleting VLANs To delete MAC address-based VLANs from the switch, use the NO VLAN command in the VLAN Configuration mode. You can delete only one VLAN at a time. Here is the format of the command: no vlan This example deletes the VLAN with the VID 23: awplus>...
Page 813: Displaying Vlans
AT-9000 Switch Command Line User’s Guide Displaying VLANs To display the MAC address-based VLANS on the switch, use the SHOW VLAN MACADDRESS command in the Privileged Exec mode: awplus# show vlan macaddress An example is shown in Figure 140. VLAN 5 MAC Associations: Total number of associated MAC addresses: 5 ------------------------------------------------- MAC Address...
Page 814: Example Of Creating A Mac Address-Based Vlan
Chapter 51: MAC Address-based VLANs Example of Creating a MAC Address-based VLAN Here is an example of how to create this type of VLAN. This example creates the VLAN detailed in Table 75 on page 804. The example is named Sales and given the VID 21: Enter the Privileged Executive awplus>...
Page 815 AT-9000 Switch Command Line User’s Guide Use the VLAN SET MACADDRESS command in the Port Interface mode to designate port 1 as an egress port of all the MAC addresses. awplus(config-if)# vlan set 21 macaddress 00:30:84:54:1a:45 awplus(config-if)# vlan set 21 macaddress 00:30:84:c3:5a:11 awplus(config-if)# vlan set 21 macaddress 00:30:84:22:67:17 awplus(config-if)# vlan set 21 macaddress 00:30:84:78:75:1c awplus(config-if)# vlan set 21 macaddress 00:30:79:7a:11:10...
Page 816 Chapter 51: MAC Address-based VLANs...
Page 817: Chapter 52: Mac Address-Based Vlan Commands
Chapter 52 MAC Address-based VLAN Commands The MAC address-based VLAN commands are summarized in Table 77 and described in detail within the chapter. Table 77. MAC Address-based VLAN Commands Command Mode Description “NO VLAN” on page 818 VLAN Deletes VLANs from the switch. Configuration “NO VLAN MACADDRESS (Global Global...
Page 818: No Vlan
Chapter 52: MAC Address-based VLAN Commands NO VLAN Syntax no vlan Parameters Specifies the VID of the VLAN you want to delete. You can specify just one VID. Mode VLAN Configuration mode Description Use this command to delete MAC address-based VLANs from the switch. You can delete only one VLAN at a time with this command.
Page 819: No Vlan Macaddress (Global Configuration Mode)
AT-9000 Switch Command Line User’s Guide NO VLAN MACADDRESS (Global Configuration Mode) Syntax mac-address no vlan macaddress|destaddress Parameters Specifies the VID of the VLAN to be modified. mac-address Specifies the MAC address to be removed from the VLAN. The MAC address must be entered in this format: xx:xx:xx:xx:xx:xx Note The MACADDRESS and DESTADDRESS keywords are equivalent.
Page 820: No Vlan Macaddress (Port Interface Mode)
Chapter 52: MAC Address-based VLAN Commands NO VLAN MACADDRESS (Port Interface Mode) Syntax mac-address no vlan macaddress|destaddress Parameters Specifies the VID of the VLAN to be modified. mac-address Specifies the MAC address to be removed from the VLAN. The MAC address must be entered in this format: xx:xx:xx:xx:xx:xx Note The MACADDRESS and DESTADDRESS keywords are equivalent.
Page 821 AT-9000 Switch Command Line User’s Guide This example removes the MAC address 00:30:84:75:11:B2 from the egress port 11 to 14 in a VLAN with the VID 24: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.11-port1.0.14 awplus(config)# no vlan 24 macaddress 00:30:84:75:11:b2...
Page 822: Show Vlan Macaddress
Chapter 52: MAC Address-based VLAN Commands SHOW VLAN MACADDRESS Syntax show vlan macaddress Parameters None Mode Privileged Exec mode Description Use this command to display the MAC addresses and the egress ports of the MAC address-based VLANs on the switch. An example is shown in Figure 141.
Page 823: Table 78. Show Vlan Macaddress Command
AT-9000 Switch Command Line User’s Guide The information is described here. Table 78. SHOW VLAN MACADDRESS Command Parameter Description VLAN VID MAC The VID of the MAC address-based Associations VLAN. Total Number of Associate Total number of MAC addresses that are MAC Addresses assigned to the VLAN.
Page 824: Vlan Macaddress
Chapter 52: MAC Address-based VLAN Commands VLAN MACADDRESS Syntax name vlan name type macaddress Parameters Specifies a VLAN identifier in the range of 2 to 4094. VID 1 is reserved for the Default_VLAN. You can specify only one VID. The VID of a VLAN should be unique from all other VLANs in a network, unless a VLAN spans multiple switches, in which case its VID should be the same on all switches on which the VLAN resides.
Page 825 AT-9000 Switch Command Line User’s Guide Example This example creates a MAC address-based VLAN that has the name Sales and the VID 3: awplus> enable awplus# configure terminal awplus(config)# vlan database awplus(config-vlan)# vlan 3 name Sales type macaddress...
Page 826: Vlan Set Macaddress (Global Configuration Mode)
Chapter 52: MAC Address-based VLAN Commands VLAN SET MACADDRESS (Global Configuration Mode) Syntax mac-address vlan set macaddress|destaddress Parameters Specifies the VID of the VLAN to be modified. mac-address Specifies the MAC address to be added to the VLAN. The MAC address must be entered in this format: xx:xx:xx:xx:xx:xx Note...
Page 827 AT-9000 Switch Command Line User’s Guide This example adds the MAC address 00:30:84:32:76:1A to a MAC address-based VLAN with the VID 12: awplus> enable awplus# configure terminal awplus(config)# vlan set 12 macaddress 00:30:84:32:76:1a...
Page 828: Vlan Set Macaddress (Port Interface Mode)
Chapter 52: MAC Address-based VLAN Commands VLAN SET MACADDRESS (Port Interface Mode) Syntax mac-address vlan set macaddress|destaddress Parameters Specifies the VID of the VLAN to be modified. mac-address Specifies the MAC address to assign to an egress port. The MAC address must be entered in this format: xx:xx:xx:xx:xx:xx Note...
Page 829 AT-9000 Switch Command Line User’s Guide This example assigns the MAC address 00:30:84:75:11:B2 to ports 11 to 14 in a VLAN that has the VID 24: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.1,port1.0.4 awplus(config-if)# vlan set 24 macaddress 00:30:84:75:11:b2...
Page 830 Chapter 52: MAC Address-based VLAN Commands...
Page 831: Chapter 53: Private Port Vlans
Chapter 53 Private Port VLANs This chapter provides the following topics: “Overview” on page 832  “Guidelines” on page 834  “Creating Private VLANs” on page 835  “Adding Host and Uplink Ports” on page 836  “Deleting VLANs” on page 837 ...
Page 832: Overview
Chapter 53: Private Port VLANs Overview Private VLANs (also called private port VLANs) create special broadcast domains in which the traffic of the member ports is restricted to just uplink ports. Ports in a private VLAN are only allowed to forward traffic to and receive traffic from a designated uplink port, and are prohibited from forwarding traffic to each other.
Page 833: Private Vlan Functionality
AT-9000 Switch Command Line User’s Guide Private VLAN The following describes host and uplink port functionality in a private VLAN, and how private VLANs can be configured. Functionality Host ports: Cannot communicate with each other.  Can communicate with uplink ports. ...
Page 834: Guidelines
Chapter 53: Private Port VLANs Guidelines Here are the guidelines to private VLANs: A private VLAN can have any number of host ports, up to all the  ports on the switch, minus the uplink port. A promiscuous port can be an uplink port of just one private VLAN ...
Page 835: Creating Private Vlans
AT-9000 Switch Command Line User’s Guide Creating Private VLANs The command to initially create private VLANs is the PRIVATE-VLAN command in the VLAN Configuration mode. Here is the command’s format: private-vlan The VID number has the range of 2 to 4094. The VID of a private VLAN must be unique from all other VLANs on the switch.
Page 836: Adding Host And Uplink Ports
Chapter 53: Private Port VLANs Adding Host and Uplink Ports Private VLANs have host ports and uplink ports. A private VLAN can have more than one uplink port. The devices connected to the hosts ports of a private VLAN can only communicate with the uplink port, and not with each other.
Page 837: Deleting Vlans
AT-9000 Switch Command Line User’s Guide Deleting VLANs To delete private VLANs from the switch, use the NO VLAN command in the VLAN Configuration mode. The host and uplink ports of deleted private VLANs are automatically returned by the switch to the Default_VLAN. Here is the format of the command: no vlan The VID parameter is the VID of the private VLAN you want to delete.
Page 838: Displaying Private Vlans
Chapter 53: Private Port VLANs Displaying Private VLANs The SHOW VLAN PRIVATE-VLAN command in the Privileged Exec mode displays the private VLANs currently existing on the switch, along with their host and uplink ports. Here is the command: awplus# show vlan private-vlan Here is an example of the display.
Page 839: Chapter 54: Private Port Vlan Commands
Chapter 54 Private Port VLAN Commands The private port VLAN commands are summarized in Table 79 and described in detail within the chapter. Table 79. Private Port VLAN Commands Command Mode Description “NO VLAN” on page 840 VLAN Deletes VLANs from the switch. Configuration “PRIVATE-VLAN”...
Page 840: No Vlan
Chapter 54: Private Port VLAN Commands NO VLAN Syntax no vlan Parameters Specifies the VID of the VLAN you want to delete. You can specify just one VID. Mode VLAN Configuration mode Description Use this command to delete private port VLANs from the switch. You can delete one VLAN at a time with this command.
Page 841: Private-Vlan
AT-9000 Switch Command Line User’s Guide PRIVATE-VLAN Syntax private-vlan Parameters Specifies a VLAN identifier. The range is 2 to 4094. The VID 1 is reserved for the Default_VLAN. The VID must be unique from all VIDs of VLANs that currently exist on the switch. You can specify only one VID.
Page 842: Show Vlan Private-Vlan
Chapter 54: Private Port VLAN Commands SHOW VLAN PRIVATE-VLAN Syntax show vlan private-vlan Parameters None Mode Privileged Exec mode Description Use this command to display the private-port VLANs on the switch. Here is an example of the information. Private VLANs: Ports ------------------------------------------------- 17-24...
Page 843: Switchport Mode Private-Vlan Host
AT-9000 Switch Command Line User’s Guide SWITCHPORT MODE PRIVATE-VLAN HOST Syntax switchport mode private-vlan host Parameters Specifies the VID of a private port VLAN to which ports are to be added as hosts. Specify a value between 1 and 4094. Mode Port Interface mode Description...
Page 844: Switchport Mode Private-Vlan Promiscuous
Chapter 54: Private Port VLAN Commands SWITCHPORT MODE PRIVATE-VLAN PROMISCUOUS Syntax switchport mode private-vlan promiscuous Parameters Specifies the VID of a private port VLAN to which you are adding a promiscuous uplink port. Mode Port Interface mode Description Use this command to add a promiscuous uplink port to a private port VLAN.
Page 845: Chapter 55: Voice Vlan Commands
Chapter 55 Voice VLAN Commands The voice VLAN commands are summarized in Table 80 and described in detail within the chapter. Table 80. Voice VLAN Commands Command Mode Description “NO SWITCHPORT VOICE VLAN” on Port Interface Removes ports from voice VLANs. page 846 “SWITCHPORT VOICE DSCP”...
Page 846: No Switchport Voice Vlan
Chapter 55: Voice VLAN Commands NO SWITCHPORT VOICE VLAN Syntax no switchport voice vlan Parameters None Mode Port Interface mode Description Use this command to remove a port from a voice VLAN. A port retains the CoS priority and DSCP values that were assigned to it when it was a voice VLAN member.
Page 847: Switchport Voice Dscp
AT-9000 Switch Command Line User’s Guide SWITCHPORT VOICE DSCP Syntax value switchport voice dscp Parameters value Specifies a DSCP value of 0 to 63. Mode Port Interface mode Description Use this command to assign a DSCP value to be advertised on a voice VLAN enabled port.
Page 848: Switchport Voice Vlan
Chapter 55: Voice VLAN Commands SWITCHPORT VOICE VLAN Syntax <vid>|priority <value> switchport voice vlan Parameters Specifies the ID number (VID) of the VLAN that functions as the voice VLAN for ports. You can specify only one VID. The range is 1 to 4094.
Page 849 AT-9000 Switch Command Line User’s Guide SWITCHPORT VOICE VLAN PRIORITY command. If the ports have been set to be edge ports by the SWITCHPORT VOICE VLAN command, the NO form of this command will leave them unchanged as edge ports. To set them back to their default non-edge port configuration, use the NO SPANNING-TREE PORTFAST command (refer to “NO SPANNING-TREE PORTFAST”...
Page 850 Chapter 55: Voice VLAN Commands...
Page 851: Chapter 56: Vlan Stacking
Chapter 56 VLAN Stacking This chapter provides the following topics: “Overview” on page 852  “Components” on page 854  “VLAN Stacking Process” on page 855  “Example of VLAN Stacking” on page 856 ...
Page 852: Overview
Chapter 56: VLAN Stacking Overview VLAN stacking is a way to label tagged and untagged packets with new 802.1Q headers. In the case of tagged packets, which already contain 802.1Q headers, VLAN stacking adds the new headers so that they coexist with the native headers in the packets.
Page 853: Figure 144: Metro Provider 802.1Q Header In Tagged Packets
AT-9000 Switch Command Line User’s Guide when they exit the network. The inner VID is native to the packets, but is ignored by the metro provider network. Figure 144. Metro Provider 802.1Q Header in Tagged Packets VLAN stacking may also be used with untagged ports, which do not contain 802.1Q headers.
Page 854: Components
Chapter 56: VLAN Stacking Components There are four components to VLAN stacking: VLAN  Customer ports  Provider port  EtherType/Length value  VLAN The boundary between the customer’s network and the metro provider’s network is marked by a VLAN. In cases where the switch is connected to more than one customer, there has to be a different VLAN for each customer.
Page 855: Vlan Stacking Process
AT-9000 Switch Command Line User’s Guide VLAN Stacking Process Figure 146 illustrates the VLAN stacking process. Figure 146. VLAN Stacking Process The actions are described in Table 81. Table 81. VLAN Stacking Process Step Action A tagged or an untagged packet from the customer network is received by the customer port on switch A.
Page 856: Example Of Vlan Stacking
Chapter 56: VLAN Stacking Example of VLAN Stacking Here is an example of how to configure VLAN stacking. In the example, the customer’s network is connected to ports 5 and 6 on the switch, and the provider’s network is connected to port 7. Thus, ports 5 and 6 will be designated as customer ports and port 7 as the provider port.
Page 857 AT-9000 Switch Command Line User’s Guide The next steps add the customer ports to the VLAN. Enter the Global Configuration awplus# configure terminal mode. Enter the Port Interface mode for awplus(config)# interface port1.0.5-port1.0.6 ports 5 and 6. Use the SWITCHPORT MODE awplus(config-if)# switchport mode access ACCESS command to designate the ports as untagged ports.
Page 858 Chapter 56: VLAN Stacking Add the port to the VLAN with the awplus(config-if)# switchport trunk allowed vlan SWITCHPORT TRUNK add 79 ALLOWED VLAN command. Use the SWITCHPORT VLAN- awplus(config-if)# switchport vlan-stacking STACKING command to provider-port designate it as a provider port. Return to the Privileged Exec awplus(config-if)# end mode.
Page 859 AT-9000 Switch Command Line User’s Guide Change the EtherType/Length awplus(config)# platform vlan-stacking-tpid 8100 value to 0x8100 with the PLATFORM VLAN-STACKING- TPID command. Return to the Privileged Exec awplus# exit mode. Use the SHOW VLAN VLAN- awplus# show vlan vlan-stacking STACKING command to confirm the change to the EtherType/ Length (TPID) value.
Page 860 Chapter 56: VLAN Stacking Section III: File System...
Page 861: Chapter 57: Vlan Stacking Commands
Chapter 57 VLAN Stacking Commands The VLAN stacking commands are summarized in Table 82. Table 82. VLAN Stacking Commands Command Mode Description “NO SWITCHPORT VLAN- Port Interface Removes ports from VLAN stacking. STACKING” on page 862 “PLATFORM VLAN-STACKING-TPID” Global Specifies the Tag Protocol Identifier on page 863 Configuration (TPID) value.
Page 862: No Switchport Vlan-Stacking
Chapter 57: VLAN Stacking Commands NO SWITCHPORT VLAN-STACKING Syntax no switchport vlan-stacking Parameters None. Mode Port Interface mode Description Use this command to remove ports from VLAN stacking. Confirmation Command “SHOW VLAN VLAN-STACKING” on page 864 Example This example removes ports 3 to 16 and 21 from VLAN stacking: awplus>...
Page 863: Platform Vlan-Stacking-Tpid
AT-9000 Switch Command Line User’s Guide PLATFORM VLAN-STACKING-TPID Syntax tpid platform vlan-stacking-tpid Parameters tpid Specifies the Tag Protocol Identifier (TPID) value that applies to all frames carrying double tagged VLANs. The range is 0x0 to 0xFFFF. The switch can have just one TPID value.
Page 864: Show Vlan Vlan-Stacking
Chapter 57: VLAN Stacking Commands SHOW VLAN VLAN-STACKING Syntax show vlan vlan-stacking Parameters None. Mode Port Interface mode Description Use this command to display the port assignments of VLAN stacking. Here is an example of the information. TPID INTERFACES (c)-Customer-Edge Port, (p)-Provider Port ==== ========= 0x9000...
Page 865: Switchport Vlan-Stacking
AT-9000 Switch Command Line User’s Guide SWITCHPORT VLAN-STACKING Syntax switchport vlan-stacking customer-edge-port|provider-port Parameters None. Mode Port Interface mode Description Use this command to enable VLAN stacking on a port and designate it as a customer-edge-port or provider-port. This is sometimes referred to as VLAN double-tagging, nested VLANs, or QinQ.
Page 866 Chapter 57: VLAN Stacking Commands Section III: File System...
Page 867: Section Viii: Port Security
Section VIII Port Security This section contains the following chapters: Chapter 58, “MAC Address-based Port Security” on page 869  Chapter 59, “MAC Address-based Port Security Commands” on page  Chapter 60, “802.1x Port-based Network Access Control” on page 893 ...
Page 869: Chapter 58: Mac Address-Based Port Security
Chapter 58 MAC Address-based Port Security This chapter contains the following topics: “Overview” on page 870  “Configuring Ports” on page 872  “Enabling MAC Address-based Security on Ports” on page 874  “Disabling MAC Address-based Security on Ports” on page 875 ...
Page 870: Overview
Chapter 58: MAC Address-based Port Security Overview This feature lets you control access to the ports on the switch based on the source MAC addresses of the network devices. You specify the maximum number of source MAC addresses that ports can learn. Ports that learn their maximum number of addresses discard packets that have new, unknown addresses, preventing access to the switch by any further devices.
Page 871: Guidelines
AT-9000 Switch Command Line User’s Guide after learning three addresses. The switch also sends an SNMP trap. Guidelines Here are the guidelines to MAC address-based port security: The filtering of a packet occurs on the ingress port, not on the ...
Page 872: Configuring Ports
Chapter 58: MAC Address-based Port Security Configuring Ports There are three things you need to decide before you configure MAC address-based port security on the ports. They are: What is the maximum number of source MAC addresses the ports  can learn? Should the source MAC addresses learned by the ports be stored ...
Page 873 AT-9000 Switch Command Line User’s Guide awplus> enable awplus# configure terminal awplus(config)# interface port1.0.4,port1.0.5 awplus(config-if)# switchport port-security maximum 25 awplus(config-if)# no switchport port-security aging awplus(config-if)# switchport port-security violation protect This example configures port 16 to learn 45 MAC addresses. The addresses are stored as dynamic addresses in the table so that inactive addresses are deleted, permitting the port to learn new addresses.
Page 874: Enabling Mac Address-Based Security On Ports
Chapter 58: MAC Address-based Port Security Enabling MAC Address-based Security on Ports After you have configured a port for MAC address-based security, as explained in “Configuring Ports” on page 872, and confirmed the settings, as explained in “Displaying Port Settings” on page 876, you are ready to activate the feature on the ports.
Page 875: Disabling Mac Address-Based Security On Ports
AT-9000 Switch Command Line User’s Guide Disabling MAC Address-based Security on Ports To remove MAC address-based security from ports, use the NO SWITCHPORT PORT-SECURITY command in the Port Interface mode. This example of the command removes port security from port 23: awplus>...
Page 876: Displaying Port Settings
Chapter 58: MAC Address-based Port Security Displaying Port Settings There are two commands that display information about the MAC address-based port security on the ports on the switch. The one that you are likely to use the most often is the SHOW PORT-SECURITY INTERFACE command in the Privileged Exec mode.
Page 877: Figure 149: Example Of Show Port-Security Intrusion Interface Command
AT-9000 Switch Command Line User’s Guide Figure 149 is an example of the information. Port Security Intrusion List (Last 256 Intrusions) -------------------------------------------------------- Interface: Port 1.0.17 2 intrusion(s) detected 0015.77b1.8510 eccd.6d48.4488 Figure 149. Example of SHOW PORT-SECURITY INTRUSION INTERFACE Command...
Page 878 Chapter 58: MAC Address-based Port Security...
Page 879: Chapter 59: Mac Address-Based Port Security Commands
Chapter 59 MAC Address-based Port Security Commands The MAC address-based port security commands are summarized in Table 84 and described in detail within the chapter. Table 84. MAC Address-based Port Security Commands Command Mode Description “NO SWITCHPORT PORT- Port Interface Removes MAC address-based SECURITY”...
Page 880: No Switchport Port-Security
Chapter 59: MAC Address-based Port Security Commands NO SWITCHPORT PORT-SECURITY Syntax no switchport port-security Parameters None Mode Port Interface mode Description Use this command to remove MAC address-based security from the ports. Note To activate ports that were disabled by the shutdown intrusion action, refer to “NO SHUTDOWN”...
Page 881: No Switchport Port-Security Aging
AT-9000 Switch Command Line User’s Guide NO SWITCHPORT PORT-SECURITY AGING Syntax no switchport port-security aging Parameters None Mode Port Interface mode Description Use this command to configure ports to add source MAC addresses as static addresses in the MAC address table. Because static addresses are never deleted from the table, ports that learn their maximum numbers of source MAC addresses cannot learn new addresses, even when the source nodes of the learned addresses are inactive.
Page 882: Show Port-Security Interface
Chapter 59: MAC Address-based Port Security Commands SHOW PORT-SECURITY INTERFACE Syntax port show port-security interface Parameters port Specifies the port whose security mode settings you want to view. You can display more than one port at a time. Mode Privileged Exec mode Description Use this command to display the security settings of the ports on the switch.
Page 883 AT-9000 Switch Command Line User’s Guide Table 85. SHOW PORT-SECURITY INTERFACE Command (Continued) Field Description Port Status The status of the port. The status can be Enabled or Disabled. A port that has a status of Enabled can forward network traffic.
Page 884 Chapter 59: MAC Address-based Port Security Commands Table 85. SHOW PORT-SECURITY INTERFACE Command (Continued) Field Description Maximum MAC Addresses The maximum number of dynamic MAC addresses the port is allowed to learn. To set this parameter, refer to “SWITCHPORT PORT-SECURITY MAXIMUM”...
Page 885: Show Port-Security Intrusion Interface
AT-9000 Switch Command Line User’s Guide SHOW PORT-SECURITY INTRUSION INTERFACE Syntax port show port-security intrusion interface Parameter port Specifies a port. You can specify more than one port at a time. Modes Privileged Exec mode Description Use this command to display the number of packets the ports have had to discard because the packets had unknown source MAC addresses.
Page 886: Figure 152: Example Of Show Port-Security Intrusion Interface Command
Chapter 59: MAC Address-based Port Security Commands Port Security Intrusion List Port Security Intrusion List (Last 10 Intrusions) -------------------------------------------------------- Interface: Port 1.0.5 132 intrusion(s) detected 000:0900:127E 000:0900:127F 000:0900:027D 000:0900:027E 000:0900:027F 000:0900:1279 000:0900:127A 000:0900:127B 000:0900:127C 000:0900:127D Figure 152. Example of SHOW PORT-SECURITY INTRUSION INTERFACE Command...
Page 887: Switchport Port-Security
AT-9000 Switch Command Line User’s Guide SWITCHPORT PORT-SECURITY Syntax switchport port-security Parameters None Mode Port Interface mode Description Use this command to activate MAC address-based security on ports. Confirmation Command “SHOW PORT-SECURITY INTERFACE” on page 882 Example This example activates MAC address-based security on port 3 and ports 16 to 18: awplus>...
Page 888: Switchport Port-Security Aging
Chapter 59: MAC Address-based Port Security Commands SWITCHPORT PORT-SECURITY AGING Syntax switchport port-security aging Parameters None Mode Port Interface mode Description Use this command to configure the ports to add the source MAC addresses as dynamic MAC address in the MAC address table. Ports that learn their maximum numbers of addresses can learn new addresses as inactive addresses are deleted from the table.
Page 889: Switchport Port-Security Maximum
AT-9000 Switch Command Line User’s Guide SWITCHPORT PORT-SECURITY MAXIMUM Syntax value switchport port-security maximum Parameters value Specifies the maximum number of dynamic MAC addresses ports can learn. The range is 0 to 255 addresses. The default is 0 addresses. Mode Port Interface mode Description Use this command to specify the maximum number of dynamic MAC...
Page 890: Switchport Port-Security Violation
Chapter 59: MAC Address-based Port Security Commands SWITCHPORT PORT-SECURITY VIOLATION Syntax protect|restrict| switchport port-security violation shutdown Parameters protect Discards invalid frames. This is the default setting. restrict Discards invalid frames and sends SNMP traps. shutdown Sends SNMP traps and disables the ports. Mode Port Interface mode Description...
Page 891 AT-9000 Switch Command Line User’s Guide This example sets the intrusion action for ports 22 to 24 to restrict. After learning their maximum numbers of MAC addresses, the ports discard packets with unknown source MAC addresses, and the switch sends SNMP traps: awplus>...
Page 892 Chapter 59: MAC Address-based Port Security Commands...
Page 893: Chapter 60: 802.1X Port-Based Network Access Control
Chapter 60 802.1x Port-based Network Access Control This chapter contains the following topics: “Overview” on page 894  “Authentication Process” on page 895  “Port Roles” on page 896  “Authentication Methods for Authenticator Ports” on page 897  “Operational Settings for Authenticator Ports” on page 898 ...
Page 894: Overview
Chapter 60: 802.1x Port-based Network Access Control Overview This chapter explains 802.1x port-based network access control. This port security feature lets you control who can send traffic through and receive traffic from the individual switch ports. The switch does not allow an end node to send or receive traffic through a port until the user of the node has been authenticated by a RADIUS server.
Page 895: Authentication Process
AT-9000 Switch Command Line User’s Guide Authentication Process Below is a brief overview of the authentication process that occurs between a supplicant, authenticator, and authentication server. For further details, refer to the IEEE 802.1x standard. Either the authenticator (that is, a switch port) or the supplicant ...
Page 896: Port Roles
Chapter 60: 802.1x Port-based Network Access Control Port Roles Part of the task to implementing this feature is specifying the roles of the ports on the switch. The roles are listed here: None  Authenticator  None Role Switch ports in the none role do not participate in port-based access control.
Page 897: Authentication Methods For Authenticator Ports
AT-9000 Switch Command Line User’s Guide Authentication Methods for Authenticator Ports Authenticator ports support two authentication methods: 802.1x username and password combination  This authentication mode requires that the supplicants be assigned unique username and password combinations or digital certificates on the RADIUS server.
Page 898: Operational Settings For Authenticator Ports
Chapter 60: 802.1x Port-based Network Access Control Operational Settings for Authenticator Ports An authenticator port can have one of three possible operational settings: Auto - Activates port-based authentication. The port begins in the  unauthorized state, forwarding only EAPOL frames and discarding all other traffic.
Page 899: Operating Modes For Authenticator Ports
AT-9000 Switch Command Line User’s Guide Operating Modes for Authenticator Ports Authenticator ports have three modes: Single-host mode  Multi-host mode  Multi-supplicant mode  Single-Host Mode An authenticator port set to the single-host mode permits only one supplicant to log on and forwards only the traffic of that supplicant. After one supplicant has logged on, the port discards packets from any other supplicant.
Page 900: Figure 154: Multi-Host Operating Mode
Chapter 60: 802.1x Port-based Network Access Control Note, however, that should the supplicant who performed the initial logon fail to periodically reauthenticate or log out, the authenticator port reverts to the unauthenticated state. It bars all further traffic to and from all the supplicants until the initial supplicant or another supplicant logs on.
Page 901: Multi-Supplicant Mode
AT-9000 Switch Command Line User’s Guide As mentioned earlier, should the supplicant who performed the initial logon fail to reauthenticate when necessary or log out, the port reverts to the unauthenticated state, blocking all traffic to and from all supplicants. Another supplicant must be authenticated in order for all remaining supplicants to continue to forward traffic through the port.
Page 902: Figure 155: Multi-Supplicant Mode
Chapter 60: 802.1x Port-based Network Access Control RADIUS Port 1.0.6 Authentication Role: Authenticator Server Operating Mode: Multi-Supplicant Mode Ethernet Hub or Non-802.1x-compliant Switch Authenticated Supplicants Figure 155. Multi-Supplicant Mode...
Page 903: Supplicant And Vlan Associations
AT-9000 Switch Command Line User’s Guide Supplicant and VLAN Associations One of the challenges to managing a network is accommodating end users who roam. These are individuals whose work requires that they access the network resources from different points at different times. The difficulty arises in providing them with access to the same network resources and, conversely, restricting them from unauthorized areas, regardless of the workstation from where they access the network.
Page 904: Single-Host Mode
Chapter 60: 802.1x Port-based Network Access Control Single-Host Mode Here are the operating characteristics for the switch when an authenticator port is set to the single-host mode: If the switch receives a valid VLAN ID from the RADIUS server, it ...
Page 905: Supplicant Vlan Attributes On The Radius Server
AT-9000 Switch Command Line User’s Guide If dynamic VLAN creation is enabled by issuing AUTH DYNAMIC-VLAN- CREATION MULTI, each supplicant that successfully authenticates will be placed in its own VLAN. Supplicant VLAN The following information must be entered as part of a supplicant’s account on the RADIUS server when associating a supplicant to an Attributes on the untagged VLAN.
Page 906: Guest Vlan
Chapter 60: 802.1x Port-based Network Access Control Guest VLAN An authenticator port in the unauthorized state typically accepts and transmits only 802.1x packets while waiting to authenticate a supplicant. However, you can configure an authenticator port to be a member of a guest VLAN when no supplicant is logged on or when a supplicant has failed authentication.
Page 907: Guidelines
AT-9000 Switch Command Line User’s Guide Guidelines Here are the general guidelines to this feature: Ports operating under port-based access control do not support  dynamic MAC address learning. A port that is connected to a RADIUS authentication server must ...
Page 908 Chapter 60: 802.1x Port-based Network Access Control remove the authenticator designation. You can reapply the authenticator role to the port after moving it to its new VLAN assignment. Dynamic VLANs are supported only if the native VLAN is the default (that is, 1). To use the Guest VLAN feature, you have to manually create the ...
Page 909: Enabling 802.1X Port-Based Network Access Control On The Switch
AT-9000 Switch Command Line User’s Guide Enabling 802.1x Port-Based Network Access Control on the Switch To activate 802.1x Port-based Network Access Control on the switch, go to the Global Configuration mode and enter the AAA AUTHENTICATION DOT1X DEFAUT GROUP RADIUS command. The command has no parameters.
Page 910: Configuring Authenticator Ports
Chapter 60: 802.1x Port-based Network Access Control Configuring Authenticator Ports Designating You have to designate ports as authenticator ports before you can configure their settings. There are three DOT1X PORT-CONTROL Authenticator commands for designating authenticator ports. Ports The DOT1X PORT-CONTROL AUTO command designates ports such that they immediately begin to function as authenticator ports, blocking all traffic until supplicants successfully authenticate.
Page 911: Configuring The Operating Modes
AT-9000 Switch Command Line User’s Guide awplus> enable awplus# configure terminal awplus(config)# interface port1.0.12 awplus(config-if)# no auth-mac enable awplus(config-if)# dotx port-control auto Configuring the As explained in “Operating Modes for Authenticator Ports” on page 899, authenticator ports have three operating modes: Operating Modes Single-host mode - For authenticator ports that are connected to a ...
Page 912 Chapter 60: 802.1x Port-based Network Access Control This example configures port 1.0.8 to use the multi-host mode so that it forwards traffic from all supplicants after just one supplicant logs on: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.8 awplus(config-if)# dot1x port-control auto awplus(config-if)# auth host-mode multi-host This example configures ports 1.0.16 to 1.0.19 to use the MAC address authentication method and the multi-supplicant mode so that the nodes...
Page 913: Configuring Reauthentication
AT-9000 Switch Command Line User’s Guide Configuring Reauthentication Table 86 lists the commands in the Port Interface mode for configuring reauthentication on authenticator ports. Reauthentication causes authenticator ports to periodically re-initiate authentication of supplicants. This is an additional security feature that protects your network by having supplicants periodically repeat the authentication process.
Page 914: Removing Ports From The Authenticator Role
Chapter 60: 802.1x Port-based Network Access Control Removing Ports from the Authenticator Role To remove ports from the authenticator role so that they forward traffic without authenticating supplicants, go to the Port Interface mode of the ports and enter the NO DOT1X PORT-CONTROL command. This example removes the authenticator role from ports 1.0.1 to 1.0.4 and 1.0.18: awplus>...
Page 915: Disabling 802.1X Port-Based Network Access Control On The Switch
AT-9000 Switch Command Line User’s Guide Disabling 802.1x Port-Based Network Access Control on the Switch To disable 802.1x port-based network access control on the switch so that the ports forward packets without authentication, go to the Global Configuration mode and enter the NO AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUS command.
Page 916: Displaying Authenticator Ports
Chapter 60: 802.1x Port-based Network Access Control Displaying Authenticator Ports To view the settings of authenticator ports on the switch, use the SHOW DOT1X INTERFACE command in the Privileged Exec mode. This example displays the authenticator settings for port 1.0.2: awplus# show dot1x interface port1.0.2 Figure 156 is an example of what you will see.
Page 917: Displaying Eap Packet Statistics
AT-9000 Switch Command Line User’s Guide Displaying EAP Packet Statistics To display EAP packet statistics of authenticator ports, use the SHOW DOT1X STATISTICS INTERFACE command. Here is an example of the information. This example displays the authenticator settings for port 1.0.2: awplus>...
Page 918 Chapter 60: 802.1x Port-based Network Access Control...
Page 919: Chapter 61: 802.1X Port-Based Network Access Control Commands
Chapter 61 802.1x Port-based Network Access Control Commands The 802.1x port-based network access control commands are summarized in Table 87 and described in detail within the chapter. Table 87. 802.1x Port-based Network Access Control Commands Command Mode Description “AAA AUTHENTICATION DOT1X Global Activates 802.1x port-based network DEFAULT GROUP RADIUS”...
Page 920 Chapter 61: 802.1x Port-based Network Access Control Commands Table 87. 802.1x Port-based Network Access Control Commands (Continued) Command Mode Description “AUTH-MAC REAUTH- Port Interface Sets the MAC address learning of the RELEARNING” on page 934 supplicant (client device) to relearning for re-authentication on the interface specified in the Interface command mode.
Page 921 AT-9000 Switch Command Line User’s Guide Table 87. 802.1x Port-based Network Access Control Commands (Continued) Command Mode Description “NO AUTH REAUTHENTICATION” on Port Interface Removes reauthentication from page 948 authenticator ports. “NO AUTH-MAC ENABLE” on Port Interface Deactivates MAC address-based page 949 authentication on authenticator ports.
Page 922: Aaa Authentication Dot1X Default Group Radius
Chapter 61: 802.1x Port-based Network Access Control Commands AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUS Syntax aaa authentication dot1x default group radius Parameters None Mode Global Configuration mode Description Use this command to activate 802.1x port-based network access control on the switch. The default setting for this feature is disabled. Note You should activate and configure the RADIUS client software on the switch before activating port-based access control.
Page 923: Auth Dynamic-Vlan-Creation
AT-9000 Switch Command Line User’s Guide AUTH DYNAMIC-VLAN-CREATION Syntax single| multi auth dynamic-vlan-creation Parameters single Single dynamic VLAN. multi Multiple dynamic VLAN. Mode Port Interface mode Description Use this command to dynamically assign a supplicant to a VLAN as instructed by the RADIUS Server. Use the NO AUTH DYNAMIC-VLAN-CREATION to disable this feature (refer to “NO AUTH DYNAMIC-VLAN-CREATION”...
Page 924 Chapter 61: 802.1x Port-based Network Access Control Commands This example activates multiple dynamic VLAN assignment on authenticator port 1.0.4. awplus> enable awplus# configure terminal awplus(config)# interface port1.0.4 awplus(config-if)# dot1x port-control auto awplus(config-if)# auth dynamic-vlan-creation multiple...
Page 925: Auth Guest-Vlan
AT-9000 Switch Command Line User’s Guide AUTH GUEST-VLAN Syntax auth guest-vlan Parameters Specifies the ID number of a VLAN that is the guest VLAN of an authenticator port. You can enter just one VID. Mode Port Interface mode Description Use this command to specify the VID of the VLAN that acts as the guest VLAN of an authenticator port.
Page 926: Auth Host-Mode
Chapter 61: 802.1x Port-based Network Access Control Commands AUTH HOST-MODE Syntax single-host| multi-host| multi-supplicant auth host-mode Parameters single-host Specifies the single-host operating mode. An authenticator port set to this mode forwards packets only from the one supplicant who initially logs on. This is the default setting. multi-host Specifies the multi-host operating mode.
Page 927 AT-9000 Switch Command Line User’s Guide This example configures authenticator port 1.0.8 to the multi-host operating mode, so that networks users can use the port after just one user logs on: awplus> enable awplus# configure terminal awplus(config)# interface port1.0.8 awplus(config-if)# auth host-mode multi-host This example configures authenticator ports 1.0.12 and 1.0.13 to the multi- supplicant operating mode, which requires that all networks users on the ports log on:...
Page 928: Auth Reauthentication
Chapter 61: 802.1x Port-based Network Access Control Commands AUTH REAUTHENTICATION Syntax auth reauthentication Parameters None Mode Port Interface mode Description Use this command to activate reauthentication on the authenticator ports. The supplicants must periodically reauthenticate according to the time interval set with “AUTH TIMEOUT REAUTH-PERIOD” on page 930. Confirmation Command “SHOW AUTH-MAC INTERFACE”...
Page 929: Auth Timeout Quiet-Period
AT-9000 Switch Command Line User’s Guide AUTH TIMEOUT QUIET-PERIOD Syntax value auth timeout quiet-period Parameters quiet-period Sets the number of seconds that an authenticator port remains in the quiet state following a failed authentication exchange with a supplicant. The range is 1 to 65,535 seconds. The default value is 60 seconds.
Page 930: Auth Timeout Reauth-Period
Chapter 61: 802.1x Port-based Network Access Control Commands AUTH TIMEOUT REAUTH-PERIOD Syntax value auth timeout reauth-period Parameters reauth-period Specifies the time interval that an authenticator port requires a supplicant to reauthenticate. The range is 1 to 65,535 seconds. The default value is 3600 seconds. Mode Port Interface mode Description...
Page 931: Auth Timeout Server-Timeout
AT-9000 Switch Command Line User’s Guide AUTH TIMEOUT SERVER-TIMEOUT Syntax value auth timeout server-timeout Parameters server-timeout Sets the timer used by the switch to determine authentication server timeout conditions. The range is 1 to 65535 seconds. The default value is 30 seconds. Mode Port Interface mode Description...
Page 932: Auth Timeout Supp-Timeout
Chapter 61: 802.1x Port-based Network Access Control Commands AUTH TIMEOUT SUPP-TIMEOUT Syntax value auth timeout supp-timeout Parameters supp-timeout Sets the switch-to-supplicant retransmission time for EAP-request frames. The range is 1 to 65,535 seconds. The default value is 30 seconds. Mode Port Interface mode Description Use this command to set the retransmission time for EAP-request frames...
Page 933: Auth-Mac Enable
AT-9000 Switch Command Line User’s Guide AUTH-MAC ENABLE Syntax auth-mac enable Parameters None Mode Port Interface mode Description Use this command to activate MAC address-based authentication on authenticator ports. An authenticator port that uses this type of authentication extracts the source MAC address from the initial frames from a supplicant and automatically sends it as the supplicant’s username and password to the authentication server.
Page 934: Auth-Mac Reauth-Relearning
Chapter 61: 802.1x Port-based Network Access Control Commands AUTH-MAC REAUTH-RELEARNING Syntax auth-mac reauth-relearning Parameters None Mode Port Interface mode Description Use this command to set the MAC address of the supplicant (client device) to re-learning for re-authentication on the interface specified in the INTERFACE command.
Page 935: Dot1X Control-Direction
AT-9000 Switch Command Line User’s Guide DOT1X CONTROL-DIRECTION Syntax both dot1x control-direction Parameters Discard received packets from the supplicant (ingress packets). both Discard received packets from the supplicant (ingress packets) and transmitted packets to the supplicant (egress packets). Default value. Mode Port Interface mode Description...
Page 936 Chapter 61: 802.1x Port-based Network Access Control Commands awplus> enable awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# dot1x control-direction in...
Page 937: Dot1X Eap
AT-9000 Switch Command Line User’s Guide DOT1X EAP Syntax discard forward forward-untagged-vlan dot1x eap forward-vlan Parameters discard Discards all ingress EAP packets on all ports. forward Forwards ingress EAP packets across all VLANs and ports. forward-untagged-vlan Forwards ingress EAP packets only to untagged ports in the same VLAN as the ingress port.
Page 938 Chapter 61: 802.1x Port-based Network Access Control Commands This example configures the switch to discard all EAP packets when 802.1x authentication is disabled: awplus> enable awplus# configure terminal awplus(config)# dot1x eap discard This example configures the switch to forward EAP packets only to untagged ports in the VLANs of the ingress ports: awplus>...
Page 939: Dot1X Initialize Interface
AT-9000 Switch Command Line User’s Guide DOT1X INITIALIZE INTERFACE Syntax port dot1x initialize interface Parameters port Specifies a port. You can enter more than one port. Mode Privileged Exec mode Description Use this command to force authenticator ports into the unauthorized state. You might use this command to force supplicants on authenticator ports to reauthenticate themselves again by logging in with their usernames and passwords.
Page 940: Dot1X Max-Reauth-Req
Chapter 61: 802.1x Port-based Network Access Control Commands DOT1X MAX-REAUTH-REQ Syntax value dot1x max-reauth-req Parameters max-reauth-req Specifies the maximum number of times the switch retransmits EAP Request packets to a supplicant before it times out an authentication session. The range is 1 to 10 retransmissions. The default value is 2.
Page 941: Dot1X Port-Control Auto
AT-9000 Switch Command Line User’s Guide DOT1X PORT-CONTROL AUTO Syntax dot1x port-control auto Parameters None Mode Port Interface mode Description Use this command to set the ports to the 802.1x port-based authenticator role. Ports begin in the unauthorized state, forwarding only EAPOL frames, until a supplicant has successfully logged on.
Page 942: Dot1X Port-Control Force-Authorized
Chapter 61: 802.1x Port-based Network Access Control Commands DOT1X PORT-CONTROL FORCE-AUTHORIZED Syntax dot1x port-control force-authorized Parameters None Mode Port Interface mode Description Use this command to configure ports to the 802.1x authenticator role, in the force-authorized state. Ports that are set to the force-authorized state transition to the authorized state without any authentication exchanges required.
Page 943: Dot1X Port-Control Force-Unauthorized
AT-9000 Switch Command Line User’s Guide DOT1X PORT-CONTROL FORCE-UNAUTHORIZED Syntax dot1x port-control force-unauthorized Parameters None Mode Port Interface mode Description Use this command to configure the ports to the 802.1x authenticator role, in the unauthorized state. Although the ports are in the authenticator role, the switch blocks all traffic on the ports.
Page 944: Dot1X Timeout Tx-Period
Chapter 61: 802.1x Port-based Network Access Control Commands DOT1X TIMEOUT TX-PERIOD Syntax value dot1x timeout tx-period Parameters value Sets the number of seconds an authenticator port waits for a response to an EAP-request/identity frame from a supplicant before retransmitting the request. The default value is 30 seconds. The range is 1 to 65,535 seconds.
Page 945: No Aaa Authentication Dot1X Default Group Radius
AT-9000 Switch Command Line User’s Guide NO AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUS Syntax no aaa authentication dot1x default group radius Parameters None Mode Global Configuration mode Description Use this command to disable 802.1x port-based network access control on the switch. All ports forward packets without any authentication. This is the default setting.
Page 946: No Auth Dynamic-Vlan-Creation
Chapter 61: 802.1x Port-based Network Access Control Commands NO AUTH DYNAMIC-VLAN-CREATION Syntax no auth dynamic-vlan-creation Parameters None Mode Port Interface mode Description Use this command to disable dynamic VLAN assignments of authentication ports. For background information, refer to “Supplicant and VLAN Associations”...
Page 947: No Auth Guest-Vlan
AT-9000 Switch Command Line User’s Guide NO AUTH GUEST-VLAN Syntax no auth guest-vlan Parameters None Mode Port Interface mode Description Use this command to disable the Guest VLAN feature on an authenticator port. Confirmation Command “SHOW AUTH-MAC INTERFACE” on page 951 “SHOW DOT1X INTERFACE”...
Page 948: No Auth Reauthentication
Chapter 61: 802.1x Port-based Network Access Control Commands NO AUTH REAUTHENTICATION Syntax no auth reauthentication Parameters None Mode Port Interface mode Description Use this command to remove reauthentication from authenticator ports so that supplicants do not have to periodically reauthenticate after the initial authentication.
Page 949: No Auth-Mac Enable
AT-9000 Switch Command Line User’s Guide NO AUTH-MAC ENABLE Syntax no auth-mac enable Parameters None Mode Port Interface mode Description Use this command to deactivate MAC address-based authentication on authenticator ports. Confirmation Command “SHOW DOT1X SUPPLICANT INTERFACE” on page 958 Example This example removes MAC address-based authentication from port 1.0.23:...
Page 950: No Dot1X Port-Control
Chapter 61: 802.1x Port-based Network Access Control Commands NO DOT1X PORT-CONTROL Syntax no dot1x port-control Parameters None Mode Port Interface mode Description Use this command to remove ports from the authenticator role so that they forward traffic without authentication. Confirmation Command “SHOW AUTH-MAC INTERFACE”...
Page 951: Show Auth-Mac Interface
AT-9000 Switch Command Line User’s Guide SHOW AUTH-MAC INTERFACE Syntax port show auth-mac interface Parameters port Specifies a port. You can display more than one port at a time. Modes Privileged Exec mode Description Use this command to display the parameter settings of the authenticator ports.
Page 952: Show Auth-Mac Sessionstatistics Interface
Chapter 61: 802.1x Port-based Network Access Control Commands SHOW AUTH-MAC SESSIONSTATISTICS INTERFACE Syntax port show auth-mac sessionstatistics interface Parameters port Specifies a port. You can enter more than one port. Mode Privileged Exec mode Description Use this command to display session statistics of the authenticator ports. An example is shown in Figure 159.
Page 953: Show Auth-Mac Statistics Interface
AT-9000 Switch Command Line User’s Guide SHOW AUTH-MAC STATISTICS INTERFACE Syntax port show auth-mac statistics interface Parameters port Specifies a port. You can enter more than one port. Mode Privileged Exec mode Description Use this command to display EAP packet statistics of authenticator ports. This command is equivalent to “SHOW DOT1X STATISTICS INTERFACE Command”...
Page 954: Show Auth-Mac Supplicant Interface
Chapter 61: 802.1x Port-based Network Access Control Commands SHOW AUTH-MAC SUPPLICANT INTERFACE Syntax port show auth-mac supplicant interface Parameters port Specifies a port. You can enter more than one port. Mode Privileged Exec mode Description Use this command to display the supplicant state of the authentication mode set for the interface on authenticator ports.
Page 955: Show Dot1X
AT-9000 Switch Command Line User’s Guide SHOW DOT1X Syntax show dot1x Parameters None Mode Privileged Exec mode Description Use this command to display whether 802.1x port-based network access control is enabled or disabled on the switch and the IP addresses of the RADIUS servers.
Page 956: Show Dot1X Interface
Chapter 61: 802.1x Port-based Network Access Control Commands SHOW DOT1X INTERFACE Syntax port show dot1x interface Parameters port Specifies a port. You can display more than one port at a time. Modes Privileged Exec mode Description Use this command to display the parameter settings of authenticator ports. This command is equivalent to “SHOW AUTH-MAC INTERFACE”...
Page 957: Show Dot1X Statistics Interface
AT-9000 Switch Command Line User’s Guide SHOW DOT1X STATISTICS INTERFACE Syntax port show dot1x statistics interface Parameters port Specifies a port. You can enter more than one port. Mode Privileged Exec mode Description Use this command to display EAP packet statistics of authenticator ports. This command is equivalent to “SHOW AUTH-MAC STATISTICS INTERFACE”...
Page 958: Show Dot1X Supplicant Interface
Chapter 61: 802.1x Port-based Network Access Control Commands SHOW DOT1X SUPPLICANT INTERFACE Syntax port [brief] show dot1x supplicant interface Parameters port Specifies a port. You can enter more than one port. [brief] Displays an abbreviated form of this window. This is an optional parameter.
Page 959 AT-9000 Switch Command Line User’s Guide Example This example displays the supplicant state of the authentication mode on ports 1.0.21 to 1.0.23: awplus> enable awplus# show dot1x supplicant interface port1.0.21- port1.0.23...
Page 960 Chapter 61: 802.1x Port-based Network Access Control Commands...
Page 961: Section Ix: Simple Network Management Protocols
Section IX Simple Network Management Protocols This section contains the following chapters: Chapter 62, “SNMPv1 and SNMPv2c” on page 963  Chapter 63, “SNMPv1 and SNMPv2c Commands” on page 975  Chapter 64, “SNMPv3 Commands” on page 999 ...
Page 963: Chapter 62: Snmpv1 And Snmpv2C
Chapter 62 SNMPv1 and SNMPv2c This chapter contains the following topics: “Overview” on page 964  “Enabling SNMPv1 and SNMPv2c” on page 966  “Creating Community Strings” on page 967  “Adding or Removing IP Addresses of Trap or Inform Receivers” on ...
Page 964: Overview
 public and private strings.) For instructions, refer to “Creating Community Strings” on page 967. Load the Allied Telesis MIBs for the switch onto your SNMP  management workstation. The MIBs are available from the Allied Telesis web site at www.alliedtelesis.com.
Page 965 AT-9000 Switch Command Line User’s Guide To configure the switch to send trap or inform messages, you have to add to one or more of the community strings the IP addresses of the trap and inform receivers on your network. For trap messages, you must also specify the format in which the switch should send the messages.
Page 966: Enabling Snmpv1 And Snmpv2C
Chapter 62: SNMPv1 and SNMPv2c Enabling SNMPv1 and SNMPv2c To enable SNMP on the switch, use the SNMP-SERVER command, found in the Global Configuration mode. The command has no parameters. The switch begins to send trap and inform messages to the receivers and permits remote management from SNMP workstations as soon as you enter the command.
Page 967: Creating Community Strings
AT-9000 Switch Command Line User’s Guide Creating Community Strings To create SNMPv1 and SNMPv2c community strings, use the SNMP- SERVER COMMUNITY command. This command is found in the Global Configuration mode. Here is the format of the command: community snmp-server community rw|ro You can create only one string at a time with the command.
Page 968: Adding Or Removing Ip Addresses Of Trap Or Inform Receivers
Chapter 62: SNMPv1 and SNMPv2c Adding or Removing IP Addresses of Trap or Inform Receivers The command to add IP addresses of trap or inform receivers to community strings is the SNMP-SERVER HOST command. Here is the format: ipaddress snmp-server host traps|informs version 1|2c community The IPADDRESS parameter is the IP address of a receiver.
Page 969 AT-9000 Switch Command Line User’s Guide This example assigns the IP address 143.154.76.17 as an inform message receiver to the community string “st_bldg2.” Inform messages must be sent in SNMPv2c format: awplus> enable awplus# configure terminal awplus(config)# snmp-server host 143.154.76.17 informs version 2c st_bldg2 To remove IP addresses of trap or inform receivers from community strings, use the NO form of the command.
Page 970: Deleting Community Strings
Chapter 62: SNMPv1 and SNMPv2c Deleting Community Strings To delete community strings, use the NO SNMP-SERVER COMMUNITY command. Here is the format: no snmp-server community community You can delete only one community string at a time with the command, which is found in the Global Configuration mode. The COMMUNITY parameter is case sensitive.
Page 971: Disabling Snmpv1 And Snmpv2C
AT-9000 Switch Command Line User’s Guide Disabling SNMPv1 and SNMPv2c To disable SNMP on the switch, use the NO SNMP-SERVER command. You cannot remotely manage the switch with an SNMP application when SNMP is disabled. Furthermore, the switch stops transmitting trap and inform messages to your SNMP applications.
Page 972: Displaying Snmpv1 And Snmpv2C
Chapter 62: SNMPv1 and SNMPv2c Displaying SNMPv1 and SNMPv2c To learn whether SNMP is enabled or disabled on the switch, go to the Privileged Exec mode and issue the SHOW SNMP-SERVER command: awplus# show snmp-server Here is an example of what is displayed. SNMP Server ..
Page 973: Figure 168: Show Running-Config Snmp Command
AT-9000 Switch Command Line User’s Guide To view the trap and inform receivers assigned to the community strings, use the SHOW RUNNING-CONFIG SNMP command in the Privileged Exec mode: awplus# show running-config snmp Here is an example of command display: snmp-server no snmp-server enable trap auth snmp-server community sw12eng1 rw...
Page 974 Chapter 62: SNMPv1 and SNMPv2c...
Page 975: Chapter 63: Snmpv1 And Snmpv2C Commands
Chapter 63 SNMPv1 and SNMPv2c Commands The SNMPv1 and SNMPv2c commands are summarized in Table 88 and described in detail within the chapter. Table 88. SNMPv1 and SNMPv2c Commands Command Mode Description “NO SNMP-SERVER” on page 977 Global Disables SNMPv1 and SNMPv2c on Configuration the switch.
Page 976 Chapter 63: SNMPv1 and SNMPv2c Commands Table 88. SNMPv1 and SNMPv2c Commands (Continued) Command Mode Description “SHOW SNMP-SERVER VIEW” on Privileged Exec Displays the SNMP views. page 989 “SNMP-SERVER” on page 990 Global Enables SNMPv1 and SNMPv2c on Configuration the switch. “SNMP-SERVER COMMUNITY”...
Page 977: No Snmp-Server
AT-9000 Switch Command Line User’s Guide NO SNMP-SERVER Syntax no snmp-server Parameters None Mode Global Configuration mode Description Use this command to disable SNMPv1, SNMPv2c and SNMPv3 on the switch. The switch does not permit remote management from SNMP applications when SNMP is disabled. It also does not send SNMP trap or inform messages.
Page 978: No Snmp-Server Community
Chapter 63: SNMPv1 and SNMPv2c Commands NO SNMP-SERVER COMMUNITY Syntax community no snmp-server community Parameter community Specifies an SNMP community string to be deleted from the switch. This parameter is case sensitive. Mode Global Configuration mode Description Use this command to delete SNMPv1 and SNMPv2c community strings from the switch.
Page 979: No Snmp-Server Enable Trap
AT-9000 Switch Command Line User’s Guide NO SNMP-SERVER ENABLE TRAP Syntax no snmp-server enable trap Parameters None Mode Global Configuration mode Description Use this command to disable the transmission of SNMP traps, except for the link status and authentication traps, which are disabled separately. Confirmation Command “SHOW RUNNING-CONFIG SNMP”...
Page 980: No Snmp-Server Enable Trap Auth
Chapter 63: SNMPv1 and SNMPv2c Commands NO SNMP-SERVER ENABLE TRAP AUTH Syntax no snmp-server enable trap auth Parameters None Mode Global Configuration mode Description Use this command to disable the transmission of SNMP traps. Confirmation Command “SHOW RUNNING-CONFIG SNMP” on page 985 Example This example disables the transmission of SNMP traps: awplus>...
Page 981: No Snmp-Server Host
AT-9000 Switch Command Line User’s Guide NO SNMP-SERVER HOST Syntax ipaddress traps|informs version 1|2c no snmp-server host community_string Parameters ipaddress Specifies the IPv4 or IPv6 address of a trap or inform receiver to be removed from a community string. You can specify only one IP address.
Page 982 Chapter 63: SNMPv1 and SNMPv2c Commands Examples This example removes the IPv4 address 115.124.187.4 of a trap receiver from the private community string: awplus> enable awplus# configure terminal awplus(config)# no snmp-server host 115.124.187.4 traps version 1 private This example removes the IPv4 address 171.42.182.102 of a trap receiver from the community string “station12a”: awplus>...
Page 983: No Snmp-Server View
AT-9000 Switch Command Line User’s Guide NO SNMP-SERVER VIEW Syntax viewname oid no snmp-server view Parameters viewname Specifies the name of the view to be deleted. The name is case sensitive. Specifies the OID of the view. Mode Global Configuration mode Description Use this command to delete SNMP views.
Page 984: No Snmp Trap Link-Status
Chapter 63: SNMPv1 and SNMPv2c Commands NO SNMP TRAP LINK-STATUS Syntax no snmp trap link-status Parameters None Mode Port Interface mode Description Use this command to disable the transmission of SNMP link status notifications (traps) when ports establish links (linkUp) or lose links (linkDown) to network devices.
Page 985: Show Running-Config Snmp
AT-9000 Switch Command Line User’s Guide SHOW RUNNING-CONFIG SNMP Syntax show running-config snmp Parameters None Mode Privileged Exec mode Description Use this command to display the SNMPv1 and SNMPv2c community strings and the IP addresses of trap and inform receivers. An example is shown in Figure 169.
Page 986: Show Snmp-Server
Chapter 63: SNMPv1 and SNMPv2c Commands SHOW SNMP-SERVER Syntax show snmp-server Parameters None Mode Privileged Exec mode Description Use this command to display the current status of SNMP on the switch. An example is shown in Figure 170. The first field displays whether SNMP is enabled or disabled on the switch.
Page 987: Show Snmp-Server Community
AT-9000 Switch Command Line User’s Guide SHOW SNMP-SERVER COMMUNITY Syntax show snmp-server community Parameters None Mode Privileged Exec mode Description Use this command to display the SNMPv1 and SNMPv2c community strings on the switch. Here is an example of the display. SNMP community information: Community Name .....
Page 988 Chapter 63: SNMPv1 and SNMPv2c Commands Example This example displays the SNMPv1 and SNMPv2c community strings: awplus# show snmp-server community...
Page 989: Show Snmp-Server View
AT-9000 Switch Command Line User’s Guide SHOW SNMP-SERVER VIEW Syntax show snmp-server view Parameters None Mode Privileged Exec mode Description Use this command to display the SNMPv1 and SNMPv2c views on the switch. Here is an example of the display. SNMP View information: View Name .....
Page 990: Snmp-Server
Chapter 63: SNMPv1 and SNMPv2c Commands SNMP-SERVER Syntax snmp-server Parameters None Mode Global Configuration mode Description Use this command to activate SNMPv1, SNMPv2c and SNMPv3 on the switch. The switch permits remote management from SNMP applications when SNMP is enabled. The switch also sends SNMP messages to trap and inform receivers.
Page 991: Snmp-Server Community
AT-9000 Switch Command Line User’s Guide SNMP-SERVER COMMUNITY Syntax community rw|ro snmp-server community Parameters community Specifies a new community string. The maximum length is 40 alphanumeric and/or special characters, such as, !@#$%^&*?<>. The name is case sensitive. Spaces are not allowed. rw|ro Specifies the access level of a new community string, of read-write (RW) or read-only (RO).
Page 992: Snmp-Server Enable Trap
Chapter 63: SNMPv1 and SNMPv2c Commands SNMP-SERVER ENABLE TRAP Syntax snmp-server enable trap Parameters None Mode Global Configuration mode Description Use this command to activate the transmission of all SNMP traps, except for power-inline, link status, and authentication traps, which are activated separately.
Page 993: Snmp-Server Enable Trap Auth
AT-9000 Switch Command Line User’s Guide SNMP-SERVER ENABLE TRAP AUTH Syntax snmp-server enable trap auth Parameters None Mode Global Configuration mode Description Use this command to activate the transmission of SNMP authentication failure traps. Confirmation Command “SHOW RUNNING-CONFIG” on page 158 Example This example activates the transmission of SNMP authentication failure traps:...
Page 994: Snmp-Server Host
Chapter 63: SNMPv1 and SNMPv2c Commands SNMP-SERVER HOST Syntax ipaddress traps|informs version 1|2c snmp-server host community Parameters ipaddress Specifies the IPv4 or IPv6 address of a network device to receive trap or inform messages from the switch. traps|informs Specifies the type of messages. 1|2c Specifies the format of the traps sent by the switch.
Page 995 AT-9000 Switch Command Line User’s Guide Examples This example assigns the IPv4 address 149.44.12.44 of a trap receiver to the private community string. The traps are sent in the SNMPv2c format: awplus> enable awplus# configure terminal awplus(config)# snmp-server host 149.44.12.44 traps version 2c private This example assigns the IPv4 address 152.34.32.18 as a trap receiver to the community string “tlpaac78”.
Page 996: Snmp-Server View
Chapter 63: SNMPv1 and SNMPv2c Commands SNMP-SERVER VIEW Syntax viewname oid excluded|included snmp-server view Parameters viewname Specifies the name of a new view. The maximum length is 64 alphanumeric and/or special characters. The string is case sensitive. Spaces are not allowed. Specifies the OID of the view.
Page 997 AT-9000 Switch Command Line User’s Guide This example creates the new view “AlliedTelesis” that limits the available MIB objects to those in the OID 1.3.6.1.4.1.207: awplus> enable awplus# configure terminal awplus(config)# snmp-server view AlliedTelesis 1.3.6.1 excluded awplus(config)# snmp-server view AlliedTelesis 1.3.6.1.4.1.207 included...
Page 998: Snmp Trap Link-Status
Chapter 63: SNMPv1 and SNMPv2c Commands SNMP TRAP LINK-STATUS Syntax snmp trap link-status Parameters None Mode Port Interface mode Description Use this command to enable SNMP to transmit link status notifications (traps) when ports establish links (linkUp) or lose links (linkDown) to network devices.
Page 999: Chapter 64: Snmpv3 Commands
Chapter 64 SNMPv3 Commands The SNMPv3 commands are summarized in Table 91 and described in detail within the chapter. Table 91. SNMPv3 Commands Command Mode Description “NO SNMP-SERVER” on page 1001 Global Disables SNMPv1, v2c and v3 on the Configuration switch.
Page 1000 Chapter 64: SNMPv3 Commands Table 91. SNMPv3 Commands (Continued) Command Mode Description “SNMP-SERVER GROUP” on Global Creates SNMPv3 groups. page 1015 Configuration “SNMP-SERVER HOST” on Global Creates SNMPv3 host entries. page 1017 Configuration “SNMP-SERVER USER” on Global Creates SNMPv3 users. page 1019 Configuration “SNMP-SERVER VIEW”...
Page 1001: No Snmp-Server
AT-9000 Switch Command Line User’s Guide NO SNMP-SERVER Syntax no snmp-server Parameters None Mode Global Configuration mode Description Use this command to disable SNMPv1, SNMPv2c, and SNMPv3 on the switch. The switch does not permit remote management from SNMP applications when SNMP is disabled. It also does not send SNMP trap or inform messages.
Page 1002: No Snmp-Server Engineid Local
Chapter 64: SNMPv3 Commands NO SNMP-SERVER ENGINEID LOCAL Syntax no snmp-server engineid local Parameters None Mode Global Configuration mode Description Use this command to return the SNMP engine ID value to the default value. Confirmation Command “SHOW SNMP-SERVER” on page 1008 Example This example returns the SNMP engine ID value to the default value: awplus>...
Page 1003: No Snmp-Server Group
AT-9000 Switch Command Line User’s Guide NO SNMP-SERVER GROUP Syntax name noauth|auth|priv no snmp-server group Parameters name Specifies the name of a group you want to delete from the switch. The name is case sensitive. auth/noauth/priv Specifies the minimum security level of the group to be deleted. The options are: auth: Indicates authentication, but no privacy.
Page 1004: No Snmp-Server Host
Chapter 64: SNMPv3 Commands NO SNMP-SERVER HOST Syntax ipaddress informs|traps no snmp-server host auth|noauth|priv username Parameters ipaddress Specifies the IP address of a trap receiver. The address can be IPv4 or IPv6. You can specify just one address. informs/trap Specifies the type of message the switch sends. The options are: informs: Sends inform messages.
Page 1005 AT-9000 Switch Command Line User’s Guide Example This example deletes the host entry with the IPv4 address 187.87.165.12. The user name associated with this entry is “jones:” awplus> enable awplus# configure terminal awplus(config)# snmp-server host 187.87.165.12 traps v3 auth jones 1005...
Page 1006: No Snmp-Server User
Chapter 64: SNMPv3 Commands NO SNMP-SERVER USER Syntax user no snmp-server user Parameters user Specifies the name of a user you want to delete from the switch. The name is case sensitive. Mode Global Configuration mode Description Use this command to delete SNMPv3 users. You can delete just one user at a time with this command.
Page 1007: No Snmp-Server View
AT-9000 Switch Command Line User’s Guide NO SNMP-SERVER VIEW Syntax view OID no snmp-server view Parameters view Specifies the name of a view to be deleted from the switch. The name is case sensitive. Specifies the OID of the subtree of the view to be deleted. Mode Global Configuration mode Description...
Page 1008: Show Snmp-Server
Chapter 64: SNMPv3 Commands SHOW SNMP-SERVER Syntax show snmp-server Parameters None Mode Privileged Exec mode Description Use this command to display the current status of SNMP on the switch. An example is shown in Figure 173. The first field displays whether SNMP is enabled or disabled on the switch.
Page 1009: Show Snmp-Server Group
AT-9000 Switch Command Line User’s Guide SHOW SNMP-SERVER GROUP Syntax show snmp-server group Parameters None Mode Privileged Exec mode Description Use this command to display the SNMPv3 groups. Example This example displays the SNMPv3 groups: awplus# show snmp-server group 1009...
Page 1010: Show Snmp-Server Host
Chapter 64: SNMPv3 Commands SHOW SNMP-SERVER HOST Syntax show snmp-server host Parameters None Mode Privileged Exec mode Description Use this command to display the SNMPv3 host entries. Example This example displays the SNMPv3 host entries: awplus# show snmp-server host 1010...

This manual is also suitable for:

At-9000/28 At-9000/28poe At-9000/28sp At-9000/52

Allied Telesis AT-9000/12PoE User Manual

Section I: Getting Started

Chapter 1: Alliedware Plus Command Line Interface

Chapter 2: Starting a Management Session

Chapter 3: Basic Command Line Management

Chapter 4: Basic Command Line Management Commands

Chapter 5: Temperature and Fan Control Overview

Chapter 6: Temperature and Fan Control Commands

Section II: Basic Operations

Chapter 7: Basic Switch Management

Chapter 8: Basic Switch Management Commands

Chapter 9: Port Parameters

Chapter 10: Port Parameter Commands

Chapter 11: Power over Ethernet

Chapter 12: Power over Ethernet Commands

Chapter 13: Ipv4 and Ipv6 Management Addresses

Quick Links

Related Manuals for Allied Telesis AT-9000/12PoE

Summary of Contents for Allied Telesis AT-9000/12PoE