Network attached storage system business edition (120 pages)
Summary of Contents for NETGEAR M4100 Series ProSAFE
Page 1
M4100 Series ProSAFE Managed Switches CLI Com man d Reference M an ual Sof tware Version 1 0.0.2 April 2015 202-11166-04 350 East Plumeria Drive San Jose, CA 95134...
Note: Firmware updates with new features and bug fixes are made available from time to time at downloadcenter.netgear.com. Some products can regularly check the site and download new firmware, or you can check for and download new firmware manually. If the features or behavior of your product does not match what is described in this guide, you might need to update your firmware.
M4100 Series ProSAFE Managed Switches Command Syntax A command is one or more words that might be followed by one or more parameters. Parameters can be required or optional values. Some commands, such as show network and clear vlan, do not require parameters.
M4100 Series ProSAFE Managed Switches Table 1. Parameter Conventions (continued) Symbol Example Description Indicates that you must select a parameter from the { } curly braces {choice1 | choice2} list of choices. Separates the mutually exclusive choices. | Vertical bars choice1 | choice2 Indicates a choice within an optional element.
M4100 Series ProSAFE Managed Switches Slot/Port Naming Convention Managed switch software references physical entities such as cards and ports by using a slot/port naming convention. The software also uses this convention to identify certain logical entities, such as port-channel interfaces.
M4100 Series ProSAFE Managed Switches command without the keyword no to reenable a disabled feature or to enable a feature that is disabled by default. Only the configuration commands are available in the no form. Managed Switch Modules Managed switch software consists of flexible modules that can be applied in various combinations to develop advanced Layer 2/3/4+ products.
Page 12
M4100 Series ProSAFE Managed Switches Table 5. CLI Command Modes (continued) Command Mode Prompt Mode Description Global Config Groups general setup commands and Switch (Config)# permits you to make modifications to the running configuration. VLAN Config Groups all the VLAN commands.
Page 13
M4100 Series ProSAFE Managed Switches Table 6. CLI Mode Access and Exit (continued) Command Mode Access Method Exit or Access Previous Mode Global Config From the Privileged EXEC mode, To exit to the Privileged EXEC mode, enter exit, or enter configure.
M4100 Series ProSAFE Managed Switches Command Completion and Abbreviation Command completion finishes spelling the command when you type enough letters of a command to uniquely identify the command keyword. Once you have entered enough letters, press the SPACEBAR or TAB key to complete the word.
M4100 Series ProSAFE Managed Switches Table 8. CLI Editing Conventions (continued) Key Sequence Description Ctrl-D Delete current character Ctrl-U, X Delete to beginning of line Ctrl-K Delete to end of line Ctrl-W Delete previous word Ctrl-T Transpose previous character Ctrl-P...
M4100 Series ProSAFE Managed Switches Enter a question mark (?) after each word you enter to display available command keywords or parameters. (NETGEAR Switch) #network ? javamode Enable/Disable. mgmt_vlan Configure the Management VLAN ID of the switch. parms Configure Network Parameters of the router.
Switching Commands This chapter describes the switching commands available in the managed switch CLI. The chapter contains the following sections: • Port Configuration Commands • Loopback Interface Commands • Spanning Tree Protocol (STP) Commands • VLAN Commands • Switch Port Commands •...
Page 18
M4100 Series ProSAFE Managed Switches • MLD Snooping Querier Commands • Port Security Commands • LLDP (802.1AB) Commands • LLDP-MED Commands • Denial of Service Commands • MAC Database Commands • ISDP Commands The commands in this chapter are in three functional groups: •...
M4100 Series ProSAFE Managed Switches Port Configuration Commands This section describes the commands you use to view and configure port settings. interface This command gives you access to the Interface Config mode, which allows you to enable or modify the operation of an interface (port).
M4100 Series ProSAFE Managed Switches no auto-negotiate This command disables automatic negotiation on a port. Note: Automatic sensing is disabled when automatic negotiation is disabled. auto-negotiate all This command enables automatic negotiation on all ports. Default enabled Format auto-negotiate all...
M4100 Series ProSAFE Managed Switches Default 1518 (untagged) Format mtu <1518-9216> Mode Interface Config no mtu This command sets the default MTU size (in bytes) for the interface. Format no mtu Mode Interface Config shutdown This command disables a port.
M4100 Series ProSAFE Managed Switches Format shutdown all Mode Global Config no shutdown all This command enables all ports. Format no shutdown all Mode Global Config speed This command sets the speed and duplex setting for the interface. Format speed [auto] [{<100 | 10 | 10G> {<half-duplex | full-duplex>}}]...
M4100 Series ProSAFE Managed Switches Acceptable Definition Values 10BASE-T full duplex 10Gh 10GBase-T full duplex 10Gf 10Gbase-T half duplex show port advertise Use this command to display the local administrative link advertisement configuration, local operational link advertisement, and the link partner advertisement for an interface. It also displays priority Resolution for speed and duplex as per 802.3 Annex 28B.3.
M4100 Series ProSAFE Managed Switches Term Definition Group Name The group name of an entry in the Protocol-based VLAN table. Group ID The group identifier of the protocol group. Protocol(s) The type of protocol(s) for this group. VLAN The VLAN associated with this Protocol Group.
M4100 Series ProSAFE Managed Switches Loopback Interface Commands The commands in this section describe how to create, delete, and manage loopback interfaces. A loopback interface is always expected to be up. This interface can provide the source address for sent packets and can receive both local and remote packets. The loopback interface is typically used by routing protocols.
M4100 Series ProSAFE Managed Switches If you specify a loopback ID, the following information appears: Term Definition Interface Link Shows whether the link is up or down. Status IP Address The IPv4 address of the interface. IPv6 is enabled Shows whether IPv6 is enabled on the interface.
M4100 Series ProSAFE Managed Switches no spanning-tree auto-edge This command disables auto-edge on the interface or range of interfaces. Format no spanning-tree auto-edge Mode Interface Config spanning-tree bpdufilter Use this command to enable BPDU Filter on an interface or range of interfaces.
M4100 Series ProSAFE Managed Switches spanning-tree bpduflood Use this command to enable BPDU Flood on the interface. Default disabled Format spanning-tree bpduflood Mode Interface Config no spanning-tree bpduflood Use this command to disable BPDU Flood on the interface. Format no spanning-tree bpduflood...
M4100 Series ProSAFE Managed Switches spanning-tree configuration name This command sets the Configuration Identifier Name for use in identifying the configuration that this switch is currently using. The <name> is a string of up to 32 characters. Default base MAC address in hexadecimal notation Format spanning-tree configuration name <name>...
M4100 Series ProSAFE Managed Switches no spanning-tree edgeport This command specifies that this port is not an Edge Port within the Common and Internal Spanning Tree. Format no spanning-tree edgeport Mode Interface Config spanning-tree forceversion This command sets the Force Protocol Version parameter to a new value.
M4100 Series ProSAFE Managed Switches no spanning-tree forward-time This command sets the Bridge Forward Delay parameter for the Common and Internal Spanning Tree to the default value. Format no spanning-tree forward-time Mode Global Config spanning-tree guard This command selects whether loop guard or root guard is enabled on an interface. If neither is enabled, the port operates in accordance with the multiple spanning tree protocol.
M4100 Series ProSAFE Managed Switches spanning-tree max-age This command sets the Bridge Max Age parameter to a new value for the Common and Internal Spanning Tree. The max-age value is in seconds within a range of 6–40, with the value being less than or equal to 2 x (Bridge Forward Delay - 1).
Page 34
M4100 Series ProSAFE Managed Switches the <mstid> parameter. You can set the path cost as a number in the range of 1–200000000 or auto. If you select auto the path cost value is set based on Link Speed. If you specify the external-cost option, this command sets the external-path cost for MST instance 0 that is, CIST instance.
M4100 Series ProSAFE Managed Switches spanning-tree mst instance This command adds a multiple spanning tree instance to the switch. The parameter <mstid> is a number within a range of 1–4094, that corresponds to the new instance ID to be added. The maximum number of multiple instances supported by the switch is 4.
M4100 Series ProSAFE Managed Switches If 0 (defined as the default CIST ID) is passed as the <mstid>, this command sets the Bridge Priority parameter for the Common and Internal Spanning Tree to the default value. Format no spanning-tree mst priority <mstid>...
M4100 Series ProSAFE Managed Switches spanning-tree port mode all This command sets the Administrative Switch Port State for all ports to enabled. Default enabled Format spanning-tree port mode all Mode Global Config no spanning-tree port mode all This command sets the Administrative Switch Port State for all ports to disabled.
M4100 Series ProSAFE Managed Switches no spanning-tree bpduforwarding This command will cause the STP BPDU packets received from the network to be dropped if STP is disabled. Format no spanning-tree bpduforwarding Mode Global Config show spanning-tree This command displays spanning tree settings for the Common and Internal Spanning Tree.
M4100 Series ProSAFE Managed Switches Term Definition Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs). Bridge Max Hops Bridge max-hops count for the device. CST Regional Bridge Identifier of the CST Regional Root. It is made up using the bridge priority and the Root base MAC address of the bridge.
M4100 Series ProSAFE Managed Switches show spanning-tree interface This command displays the settings and parameters for a specific switch port within the Common and Internal Spanning Tree. The <slot/port> is the desired switch port. The following details are displayed on execution of the command.
M4100 Series ProSAFE Managed Switches show spanning-tree mst port detailed This command displays the detailed settings and parameters for a specific switch port within a particular multiple spanning tree instance. The parameter <mstid> is a number that corresponds to the desired existing multiple spanning tree instance. The <slot/port> is the desired switch port.
Page 42
M4100 Series ProSAFE Managed Switches Term Definition Transitions Into The number of times this interface has transitioned into loop inconsistent state. Loop Inconsistent State Transitions Out The number of times this interface has transitioned out of loop inconsistent state. of Loop...
M4100 Series ProSAFE Managed Switches Term Definition Edge Port Status The derived value of the edge port status. True if operating as an edge port; false otherwise. Point To Point Derived value indicating if this port is part of a point to point link.
M4100 Series ProSAFE Managed Switches Term Definition Port Role The role of the specified port within the spanning tree. Desc Indicates whether the port is in loop inconsistent state or not. This field is blank if the loop guard feature is not available.
M4100 Series ProSAFE Managed Switches Term Definition MST Instance ID List of multiple spanning trees IDs currently configured. List For each MSTID: • Associated • List of forwarding database identifiers associated with this instance. FIDs • List of VLAN IDs associated with this instance.
M4100 Series ProSAFE Managed Switches show spanning-tree vlan This command displays the association between a VLAN and a multiple spanning tree instance. The <vlanid> corresponds to an existing VLAN ID. Format show spanning-tree vlan <vlanid> Mode • Privileged EXEC •...
M4100 Series ProSAFE Managed Switches vlan This command creates a new VLAN and assigns it an ID. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). The vlan-list contains VlanId's in range <1-4093>. Separate non-consecutive IDs with ',' and no spaces and no zeros in between the range;...
M4100 Series ProSAFE Managed Switches vlan ingressfilter This command enables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN.
M4100 Series ProSAFE Managed Switches vlan participation This command configures the degree of participation for a specific interface in a VLAN. The ID is a valid VLAN identification number, and the interface is a valid interface number. Format vlan participation {exclude | include | auto} <1-4093>...
M4100 Series ProSAFE Managed Switches vlan port acceptframe all This command sets the frame acceptance mode for all interfaces. Default Format vlan port acceptframe all {vlanonly | all} Mode Global Config The modes defined as follows: Mode Definition VLAN Only Untagged frames or priority frames received on this interface are discarded.
M4100 Series ProSAFE Managed Switches no vlan port ingressfilter all This command disables ingress filtering for all ports. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN.
M4100 Series ProSAFE Managed Switches vlan protocol group This command adds protocol-based VLAN groups to the system. When it is created, the protocol group will be assigned a unique number (1-128) that will be used to identify the group in subsequent commands.
M4100 Series ProSAFE Managed Switches no vlan protocol group add protocol This command removes the <protocol> from this protocol-based VLAN group that is identified by this <groupid>. The possible values for protocol are ip, arp, and ipx. Format no vlan protocol group add protocol <groupid> <ethertype>...
M4100 Series ProSAFE Managed Switches no protocol vlan group This command removes the interface from this protocol-based VLAN group that is identified by this <groupid>. Format no protocol vlan group <groupid> Mode Interface Config protocol vlan group all This command adds all physical interfaces to the protocol-based VLAN identified by <groupid>.
M4100 Series ProSAFE Managed Switches vlan tagging This command configures the tagging behavior for a specific interface in a VLAN to enabled. If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is transmitted as untagged frames. The vlan-list contains VlanId's in range <1-4093>. Separate non-consecutive IDs with ',' and no spaces and no zeros in between the range;...
M4100 Series ProSAFE Managed Switches no vlan association mac This command removes the association of a MAC address to a VLAN. Format no vlan association mac <macaddr> Mode VLAN database remote-span This command identifies the VLAN as the RSPAN VLAN.
M4100 Series ProSAFE Managed Switches If you enter the optional <vlanid> parameter, the command output also displays detailed information, including interface information, for a specific VLAN. The ID is a valid VLAN identification number. Term Definition Interface Valid slot and port number separated by forward slashes. It is possible to set the parameters for all ports by using the selectors on the top line.
M4100 Series ProSAFE Managed Switches Term Definition Interface Valid slot and port number separated by forward slashes. It is possible to set the parameters for all ports by using the selectors on the top line. Port VLAN ID The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port.
M4100 Series ProSAFE Managed Switches Term Definition MAC Address A MAC address for which the switch has forwarding and or filtering information. The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes.
M4100 Series ProSAFE Managed Switches no switchport mode This command resets the switch port mode to its default value. Format no switchport mode Mode Interface Config switchport trunk allowed vlan Use this command to configure the list of allowed VLANs that can receive and send traffic on this interface in tagged format when in trunking mode.
M4100 Series ProSAFE Managed Switches The native VLAN must be in the allowed VLAN list for tagging of received untagged packets. Otherwise, untagged packets are discarded. Packets marked with the native VLAN are transmitted untagged from the trunk port. The default ID is 1, the default VLAN.
M4100 Series ProSAFE Managed Switches mode dvlan-tunnel Use this command to enable Double VLAN Tunneling on the specified interface. Note: When you use the mode dvlan-tunnel command on an interface, it becomes a service provider port. Ports that do not have double VLAN tunneling enabled are customer ports.
M4100 Series ProSAFE Managed Switches show dvlan-tunnel Use this command without the optional parameters to display all interfaces enabled for Double VLAN Tunneling. Use the optional parameters to display detailed information about Double VLAN Tunneling for the specified interface or all interfaces.
M4100 Series ProSAFE Managed Switches no voice vlan (Global Config) Use this command to disable the Voice VLAN capability on the switch. Format no voice vlan Mode Global Config voice vlan (Interface Config) Use this command to enable the Voice VLAN capability on the interface.
M4100 Series ProSAFE Managed Switches show voice vlan Format show voice vlan [interface {<slot/port> | all}] Mode Privileged EXEC When the interface parameter is not specified, only the global mode of the Voice VLAN is displayed. Term Definition Administrative The Global Voice VLAN mode.
M4100 Series ProSAFE Managed Switches vlan priority This command configures the default 802.1p port priority assigned for untagged packets for a specific interface. The range for the priority is 0–7. Default Format vlan priority <priority> Mode Interface Config Protected Ports Commands This section describes commands you use to configure and view protected ports on a switch.
M4100 Series ProSAFE Managed Switches no switchport protected (Global Config) Use this command to remove a protected port group. The <groupid> parameter identifies the set of protected ports. Use the name keyword to remove the name from the group. Format NO switchport protected <groupid>...
M4100 Series ProSAFE Managed Switches Term Definition Group ID The number that identifies the protected port group. Name An optional name of the protected port group. The name can be up to 32 alphanumeric characters long, including blanks. The default is blank.
M4100 Series ProSAFE Managed Switches Three types of port designations exist within a private VLAN: • Promiscuous Ports—An endpoint connected to a promiscuous port is allowed to communicate with any endpoint within the private VLAN. Multiple promiscuous ports can be defined for a single private VLAN domain.
M4100 Series ProSAFE Managed Switches switchport mode private-vlan This command is used to configure a port as a promiscuous or host private VLAN port. Note that the properties of each mode can be configured even when the switch is not in that mode.
M4100 Series ProSAFE Managed Switches no private-vlan This command is used to restore normal VLAN configuration. Format no private-vlan {association} Mode VLAN Config vlan (Private VLAN) Use this command to enter the private vlan configuration. The VLAN range is 1-4094.
M4100 Series ProSAFE Managed Switches Term Definition Private-vlan host-association Displays VLAN association for the private-VLAN host ports. Private-vlan mapping Displays VLAN mapping for the private-VLAN promiscuous ports GARP Commands This section describes the commands you use to configure Generic Attribute Registration Protocol (GARP) and view GARP status.
M4100 Series ProSAFE Managed Switches Default Format set garp timer leave <20-600> Mode • Interface Config • Global Config no set garp timer leave This command sets the GVRP leave time on all ports or a single port to the default and only has an effect when GVRP is enabled.
M4100 Series ProSAFE Managed Switches show garp This command displays GARP information. Format show garp Mode • Privileged EXEC • User EXEC Term Definition GMRP Admin Mode The administrative mode of GARP Multicast Registration Protocol (GMRP) for the system. GVRP Admin Mode The administrative mode of GARP VLAN Registration Protocol (GVRP) for the system.
M4100 Series ProSAFE Managed Switches set gvrp interfacemode This command enables GVRP on a single port (Interface Config mode) or all ports (Global Config mode). Default disabled Format set gvrp interfacemode Mode • Interface Config • Global Config no set gvrp interfacemode This command disables GVRP on a single port (Interface Config mode) or all ports (Global Config mode).
M4100 Series ProSAFE Managed Switches Term Definition LeaveAll Timer This Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to maintain registration. There is an instance of this timer on a per-Port, per-GARP participant basis.
M4100 Series ProSAFE Managed Switches disabled and port-channel (LAG) membership is removed from an interface that has GARP enabled. Default disabled Format set gmrp interfacemode Mode • Interface Config • Global Config no set gmrp interfacemode This command disables GARP Multicast Registration Protocol on a single interface or all interfaces.
M4100 Series ProSAFE Managed Switches Term Definition LeaveAll Timer This Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to maintain registration. There is an instance of this timer on a per-Port, per-GARP participant basis.
M4100 Series ProSAFE Managed Switches clear radius statistics This command is used to clear all RADIUS statistics. Format clear radius statistics Mode Privileged EXEC dot1x eapolflood Use this command to enable EAPOL flood support on the switch. Default Disabled Format...
M4100 Series ProSAFE Managed Switches dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is “auto” or “mac-based”. If the control mode is not “auto” or “mac-based,” an error is returned.
M4100 Series ProSAFE Managed Switches dot1x max-users Use this command to set the maximum number of clients supported on the port when MAC-based dot1x authentication is enabled on the port. The maximum users supported per port is dependent on the product. The <count> value is in the range 1 - 48.
M4100 Series ProSAFE Managed Switches authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant, authenticator, and the authentication server. If the mac-based option is specified, MAC-based dot1x authentication is enabled on the port.
M4100 Series ProSAFE Managed Switches dot1x system-auth-control Use this command to enable the dot1x authentication support on the switch. While disabled, the dot1x configuration is retained and can be changed, but is not activated. Default disabled Format dot1x system-auth-control Mode...
M4100 Series ProSAFE Managed Switches Tokens Definition quiet-period The value, in seconds, of the timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant. The quiet-period must be a value in the range 0 - 65535.
M4100 Series ProSAFE Managed Switches dot1x user This command adds the specified user to the list of users with access to the specified port or all ports. The <user> parameter must be a configured user. Format dot1x user <user> {<slot/port> | all}...
M4100 Series ProSAFE Managed Switches dot1x system-auth-control monitor Use this command to enable the 802.1X monitor mode on the switch. The purpose of Monitor mode is to help troubleshoot port-based authentication configuration issues without disrupting network access for hosts connected to the switch. In Monitor mode, a host is granted network access to an 802.1X-enabled port even if it fails the authentication process.
M4100 Series ProSAFE Managed Switches show authentication methods This command displays information about the authentication methods. Format show authentication methods Mode Privileged EXEC Command example: Login Authentication Method Lists ________________________________ Console_Default: None Network_Default:Local Enable Authentication Lists _____________________ Console_Default: Enable None...
Page 90
M4100 Series ProSAFE Managed Switches Term Definition Dynamic VLAN Indicates whether the switch can dynamically create a RADIUS-assigned VLAN if it does Creation Mode not currently exist on the switch. Monitor Mode Indicates whether the Dot1x Monitor mode on the switch is enabled or disabled.
Page 91
M4100 Series ProSAFE Managed Switches Term Definition Transmit Period The timer used by the authenticator state machine on the specified port to determine when to send an EAPOL EAP Request/Identity frame to the supplicant. The value is expressed in seconds and will be in the range of 1 and 65535.
Page 92
M4100 Series ProSAFE Managed Switches The show dot1x detail <slot/port> command displays the following MAC-based dot1x fields if the port-control mode for that specific port is MAC-based. For each client authenticated on the port, the show dot1x detail <slot/port> command displays the following MAC-based dot1x parameters if the port-control mode for that specific port is MAC-based.
M4100 Series ProSAFE Managed Switches Term Definition EAP Response The number of valid EAP response frames (other than resp/id frames) that have been Frames received by this authenticator. Received EAP Request/Id The number of EAP request/identity frames that have been transmitted by this Frames authenticator.
M4100 Series ProSAFE Managed Switches Term Definition VLAN Assigned The reason the VLAN identified in the VLAN ID field has been assigned to the port. Possible values are RADIUS, Unauthenticated VLAN, or Default. When the VLAN Assigned reason is Default, it means that the VLAN was assigned to the port because the PVID of the port was that VLAN ID.
M4100 Series ProSAFE Managed Switches Format dot1x supplicant port-control {auto | force-authorized | force_unauthorized} Mode Interface Config Parameter Description The port is in the Unauthorized state until it presents its user name and auto password credentials to an authenticator. If the authenticator authorizes the port, then it is placed in the Authorized state.
M4100 Series ProSAFE Managed Switches dot1x supplicant timeout start-period Use this command to configure the start period timer interval in seconds to wait for the EAP identity request from the authenticator. Default 30 seconds Format dot1x supplicant timeout start-period <1-65535>...
M4100 Series ProSAFE Managed Switches no dot1x supplicant timeout auth-period Use this command to set the auth-period value to the default value. Format no dot1x supplicant timeout auth-period Mode Interface Config dot1x supplicant user Use this command to map the user to the port.
M4100 Series ProSAFE Managed Switches storm-control broadcast (Interface Config) Use this command to enable broadcast storm recovery mode for a specific interface. If the mode is enabled, broadcast storm recovery is active and, if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped.
M4100 Series ProSAFE Managed Switches storm-control broadcast rate (Interface Config) Use this command to configure the broadcast storm recovery threshold for an interface in packets per second. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped.
M4100 Series ProSAFE Managed Switches the rate of broadcast traffic will be limited to the configured threshold. This command also enables broadcast storm recovery mode for all interfaces. If the ‘shutdown’ option is selected, and the broadcast traffic increases beyond the threshold, the interface shuts down instead of dropping packets.
M4100 Series ProSAFE Managed Switches storm-control multicast (Interface Config) This command enables multicast storm recovery mode for an interface. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold.
M4100 Series ProSAFE Managed Switches Default Format storm-control multicast rate <0-14880000> Mode Interface Config no storm-control multicast rate This command sets the multicast storm recovery threshold to the default value for an interface and disables multicast storm recovery. Format no storm-control multicast rate...
M4100 Series ProSAFE Managed Switches no storm-control multicast level This command sets the multicast storm recovery threshold to the default value for all interfaces and disables multicast storm recovery. Format no storm-control multicast level Mode Global Config storm-control multicast rate (Global Config) Use this command to configure the multicast storm recovery threshold for all interfaces in packets per second.
M4100 Series ProSAFE Managed Switches no storm-control unicast This command disables unicast storm recovery mode for an interface. Format no storm-control unicast Mode Interface Config storm-control unicast level (Interface Config) This command configures the unicast storm recovery threshold for an interface as a percentage of link speed, and enables unicast storm recovery.
M4100 Series ProSAFE Managed Switches no storm-control unicast rate This command sets the unicast storm recovery threshold to the default value for an interface and disables unicast storm recovery. Format no storm-control unicast rate Mode Interface Config storm-control unicast (Global Config) This command enables unicast storm recovery mode for all interfaces.
M4100 Series ProSAFE Managed Switches no storm-control unicast level This command sets the unicast storm recovery threshold to the default value and disables unicast storm recovery for all interfaces. Format no storm-control unicast level Mode Global Config storm-control unicast rate (Global Config) Use this command to configure the unicast storm recovery threshold for all interfaces in packets per second.
M4100 Series ProSAFE Managed Switches Use the all keyword to display the per-port configuration parameters for all interfaces, or specify the slot/port to display information about a specific interface. Format show storm-control [all | <slot/port>] Mode Privileged EXEC Term Definition Bcast Mode Shows whether the broadcast storm control mode is enabled or disabled.
M4100 Series ProSAFE Managed Switches no flowcontrol Format no flowcontrol Mode • Global Config • Interface Config show flowcontrol Use this command to display the IEEE 802.3 Annex 31B flow control settings and status for a specific interface or all interfaces. It also displays 802.3 Tx and Rx pause counts. Priority Flow Control frames counts are not displayed.
M4100 Series ProSAFE Managed Switches Port-Channel/LAG (802.3ad) Commands This section describes the commands you use to configure port-channels, which are also known as link aggregation groups (LAGs). Link aggregation allows you to combine multiple full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as if it were a single link, which increases fault tolerance and provides load sharing.
M4100 Series ProSAFE Managed Switches deleteport (Global Config) This command deletes all configured ports from the port-channel (LAG). The interface is a logical slot/port number of a configured port-channel. To clear the port channels, see clear port-channel on page 368 Format deleteport <logical slot/port>...
M4100 Series ProSAFE Managed Switches no lacp collector max delay Use this command to configure the default port-channel collector max delay. Format no lacp collector max-delay Mode Interface Config lacp actor admin key Use this command to configure the administrative value of the LACP actor admin key. The valid range for <key>...
M4100 Series ProSAFE Managed Switches lacp actor admin state longtimeout Use this command to set LACP actor admin state to longtimeout. Format lacp actor admin state longtimeout Mode Interface Config Note: This command is only applicable to physical interfaces. no lacp actor admin state longtimeout Use this command to set the LACP actor admin state to short timeout.
M4100 Series ProSAFE Managed Switches lacp actor port priority Use this command to configure the priority value assigned to the Aggregation Port. The valid range for <priority> is 0–255. Default 0x80 Format lacp actor port priority <priority> Mode Interface Config Note: This command is only applicable to physical interfaces.
M4100 Series ProSAFE Managed Switches lacp partner admin key Use this command to configure the administrative value of the key for the protocol partner. The valid range for <key> is 0–65535. Default Format lacp partner admin key <key> Mode Interface Config Note: This command is only applicable to physical interfaces.
M4100 Series ProSAFE Managed Switches lacp partner admin state longtimeout Use this command to set LACP partner admin state to longtimeout. Format lacp partner admin state longtimeout Mode Interface Config Note: This command is only applicable to physical interfaces. no lacp partner admin state longtimeout Use this command to set the LACP partner admin state to short timeout.
M4100 Series ProSAFE Managed Switches lacp partner port id Use this command to configure the LACP partner port id. The valid range for <port-id> is 0–65535. Default 0x80 Format lacp partner portid <port-id> Mode Interface Config Note: This command is only applicable to physical interfaces.
M4100 Series ProSAFE Managed Switches lacp partner system id Use this command to configure the 6-octet MAC Address value representing the administrative value of the Aggregation Port’s protocol Partner’s System ID. The valid range of <system-id> is 00:00:00:00:00:00 - FF:FF:FF:FF:FF.
M4100 Series ProSAFE Managed Switches port-channel local-preference This command enables the local-preference mode on a port-channel (LAG) interface or range of interfaces. By default, the local-preference mode for a port-channel is disabled. This command can be used only on port-channel interfaces.
M4100 Series ProSAFE Managed Switches no port lacpmode This command disables Link Aggregation Control Protocol (LACP) on a port. Format no port lacpmode Mode Interface Config port lacpmode enable all This command enables Link Aggregation Control Protocol (LACP) on all ports.
M4100 Series ProSAFE Managed Switches port lacptimeout (Global Config) This command sets the timeout for all interfaces of a particular device type (actor or partner) to either long or short time-out. Default long Format port lacptimeout {actor | partner} {long | short}...
M4100 Series ProSAFE Managed Switches Default enabled Format port-channel linktrap {<slot/port> | lag <lag-group-id> | all} Mode Global Config no port-channel linktrap This command disables link trap notifications for the port-channel (LAG). The interface is a logical slot and port for a configured port-channel. The option all disables link trap notifications for all the configured port-channels.
M4100 Series ProSAFE Managed Switches Parameter Definition Source MAC, VLAN, EtherType, and incoming port associated with the packet Destination MAC, VLAN, EtherType, and incoming port associated with the packet Source/Destination MAC, VLAN, EtherType, and incoming port associated with the packet...
M4100 Series ProSAFE Managed Switches no port-channel system priority Use this command to configure the default port-channel system priority value. Format no port-channel system priority Mode Global Config show lacp actor Use this command to display LACP actor attributes. The interface is a logical <slot/port> for a configured port-channel. The option all displays the configuration for all the configured port-channels.
M4100 Series ProSAFE Managed Switches The following output parameters are displayed. Term Description System Priority The administrative value of priority associated with the Partner’s System ID. System ID The value representing the administrative value of the Aggregation Port’s protocol Partner’s System ID.
M4100 Series ProSAFE Managed Switches Term Definition Logical Interface Valid slot and port number separated by forward slashes. Port-Channel The name of this port-channel (LAG). You may enter any string of up to 15 alphanumeric Name characters. Link State Indicates whether the Link is up or down.
Page 126
M4100 Series ProSAFE Managed Switches A VLAN can be configured as the source to a session (all member ports of that VLAN are monitored). Remote port mirroring is configured by adding the RSPAN VLAN ID. At the source switch, the destination is configured as the RSPAN VLAN and at the destination switch, the source is configured as the RSPAN VLAN.
Note: Because the current version of NETGEAR Managed Switch SMB software only supports one session, if you do not supply optional parameters, the behavior of this command is similar to the behavior of the no monitor command.
M4100 Series ProSAFE Managed Switches Format show monitor session <session-id> Mode Privileged EXEC Term Definition Session ID An integer value used to identify the session. Its value can be anything between 1 and the maximum number of mirroring sessions allowed on the platform.
M4100 Series ProSAFE Managed Switches Static MAC Filtering Commands The commands in this section describe how to configure static MAC filtering. Static MAC filtering allows you to configure destination ports for a static multicast MAC filter irrespective of the platform.
M4100 Series ProSAFE Managed Switches macfilter adddest Use this command to add the interface to the destination filter set for the MAC filter with the <macaddr> and VLAN of <vlanid>. The <macaddr> parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The <vlanid> parameter must identify a valid VLAN.
M4100 Series ProSAFE Managed Switches Format no macfilter adddest all <macaddr> <vlanid> Mode Global Config macfilter addsrc This command adds the interface to the source filter set for the MAC filter with the MAC address of <macaddr> and VLAN of <vlanid>. The <macaddr> parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6.
M4100 Series ProSAFE Managed Switches show mac-address-table static This command displays the static MAC filtering information for all static MAC filters. If you select all, all the static MAC filters in the system are displayed. If you supply a value for <macaddr>, you must also enter a value for <vlanid>, and the system displays static...
M4100 Series ProSAFE Managed Switches DHCP L2 Relay Agent Commands You can enable the switch to operate as a DHCP Layer 2 relay agent to relay DHCP requests from clients to a Layer 3 relay agent or server. The Circuit ID and Remote ID can be added to DHCP requests relayed from clients to a DHCP server.
M4100 Series ProSAFE Managed Switches dhcp l2relay remote-id vlan Use this parameter to set the DHCP Option-82 Remote ID for a VLAN and subscribed service (based on subscription-name). The vlan–list range is 1–4093. Separate non-consecutive IDs with a comma (,), and do not insert spaces or zeros between the range. Use a dash (–) for the range.
Use this command to display DHCP L2 relay configuration specific to interfaces. Format show dhcp l2relay interface {all | <slot/port>} Mode Privileged EXEC Command example: (NETGEAR Switch) #show dhcp l2relay interface all DHCP L2 Relay is Enabled. Interface L2RelayMode TrustMode ----------...
Page 136
Use this command to display statistics specific to DHCP L2 Relay configured interface. Format show dhcp l2relay stats interface {all | <slot/port>} Mode Privileged EXEC Command example: (NETGEAR Switch) #show dhcp l2relay stats interface all DHCP L2 Relay is Enabled. Interface UntrustedServer UntrustedClient TrustedServer...
M4100 Series ProSAFE Managed Switches DHCP Client Commands DHCP Client can include vendor and configuration information in DHCP client requests relayed to a DHCP server. This information is included in DHCP Option 60, Vendor Class Identifier. The information is a string of 128 octets.
M4100 Series ProSAFE Managed Switches show dhcp client vendor-id-option Use this command to display the configured administration mode of the vendor-id-option and the vendor-id string to be included in Option-43 in DHCP requests. Format show dhcp client vendor-id-option Mode Privileged EXEC...
M4100 Series ProSAFE Managed Switches no ip dhcp snooping vlan Use this command to disable DHCP Snooping on VLANs. Format no ip dhcp snooping vlan <vlan-list> Mode Global Config ip dhcp snooping verify mac-address Use this command to enable verification of the source MAC address with the client hardware address in the received DCHP message.
M4100 Series ProSAFE Managed Switches no ip dhcp snooping database write-delay Use this command to set the write delay value to the default value. Format no ip dhcp snooping database write-delay Mode Global Config ip dhcp snooping binding Use this command to configure static DHCP Snooping binding.
M4100 Series ProSAFE Managed Switches ip dhcp snooping limit Use this command to control the rate at which the DHCP Snooping messages come. The default rate is 15 pps with a range from 0 to 30 pps. The default burst level is 1 second with a range of 1–15 seconds.
M4100 Series ProSAFE Managed Switches no ip dhcp snooping trust Use this command to configure the port as untrusted. Format no ip dhcp snooping trust Mode Interface Config ip verify source Use this command to configure the IPSG source ID attribute to filter the data traffic in the hardware.
M4100 Series ProSAFE Managed Switches Command example: (NETGEAR Switch) #show ip dhcp snooping DHCP snooping is Disabled DHCP snooping source MAC verification is enabled DHCP snooping is enabled on the following VLANs: 11 - 30, 40 Interface Trusted Log Invalid Pkts...
M4100 Series ProSAFE Managed Switches Command example: (NETGEAR Switch) #show ip dhcp snooping binding Total number of bindings: 2 MAC Address IP Address VLAN Interface Type Lease (Secs) ------------------ ------------ ---- --------- ---- ------------- 00:02:B3:06:60:80 210.1.1.3 86400 00:0F:FE:00:13:04 210.1.1.4 86400...
Page 145
Represents the number of DHCP release and Deny messages received on the different Mismatch ports than learned previously. DHCP Server Represents the number of DHCP server messages received on Untrusted ports. Msgs Rec’d Command example: (NETGEAR Switch) #show ip dhcp snooping statistics Interface MAC Verify Client Ifc DHCP Server Failures Mismatch...
M4100 Series ProSAFE Managed Switches clear ip dhcp snooping binding Use this command to clear all DHCP Snooping bindings on all interfaces or on a specific interface. Format clear ip dhcp snooping binding [interface <slot/port>] Mode • Privileged EXEC •...
M4100 Series ProSAFE Managed Switches show ip source binding This command displays the IPSG bindings. Format show ip source binding [static | dynamic] [interface <slot/port>] [<vlan id>] Mode • Privileged EXEC • User EXEC Term Definition MAC Address The MAC address for the entry that is added.
M4100 Series ProSAFE Managed Switches ip arp inspection vlan Use this command to enable Dynamic ARP Inspection on a list of comma-separated VLAN ranges. Default disabled Format ip arp inspection vlan <vlan-list> Mode Global Config no ip arp inspection vlan Use this command to disable Dynamic ARP Inspection on a list of comma-separated VLAN ranges.
M4100 Series ProSAFE Managed Switches no ip arp inspection vlan logging Use this command to disable logging of invalid ARP packets on a list of comma-separated VLAN ranges. Format no ip arp inspection vlan <vlan-list> logging Mode Global Config ip arp inspection trust Use this command to configure an interface as trusted for Dynamic ARP Inspection.
M4100 Series ProSAFE Managed Switches no ip arp inspection limit Use this command to set the rate limit and burst interval values for an interface to the default values of 15 pps and 1 second, respectively. Format no ip arp inspection limit...
M4100 Series ProSAFE Managed Switches permit ip host mac host Use this command to configure a rule for a valid IP address and MAC address combination used in ARP packet validation. Format permit ip host <sender-ip> mac host <sender-mac> Mode...
Term Definition Rate Limit The configured rate limit value in packets per second. Burst Interval The configured burst interval value in seconds. Command example: (NETGEAR Switch) #show ip arp inspection interfaces Interface Trust State Rate Limit Burst Interval (pps) (seconds)
M4100 Series ProSAFE Managed Switches set igmp This command enables IGMP Snooping on the system (Global Config Mode) or an interface (Interface Config Mode). This command also enables IGMP snooping on a particular VLAN (VLAN Config Mode) and can enable IGMP snooping on all interfaces participating in a VLAN.
M4100 Series ProSAFE Managed Switches Default disabled Format set igmp interfacemode Mode Global Config no set igmp interfacemode This command disables IGMP Snooping on all interfaces. Format no set igmp interfacemode Mode Global Config set igmp fast-leave This command enables or disables IGMP Snooping fast-leave admin mode on a selected interface or VLAN.
M4100 Series ProSAFE Managed Switches set igmp groupmembership-interval This command sets the IGMP Group Membership Interval time on a VLAN, one interface, or all interfaces. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry.
M4100 Series ProSAFE Managed Switches no set igmp maxresponse This command sets the max response time (on the interface or VLAN) to the default value. Format no set igmp maxresponse Mode • Global Config • Interface Config Format no set igmp maxresponse <vlan id>...
M4100 Series ProSAFE Managed Switches set igmp mrouter This command configures the VLAN ID (<vlan id>) for which the multicast router mode enabled. Format set igmp mrouter <vlan id> Mode Interface Config no set igmp mrouter This command disables multicast router mode for a particular VLAN ID (<vlan id>).
M4100 Series ProSAFE Managed Switches no set igmp report-suppression Use this command to restore the system default. Format no set igmp report-suppression Mode VLAN Config set igmp header-validation If IGMP IP header validation is enabled, then 3 fields TTL (Time To Live), ToS (Type of Service), and Router Alert options are checked.
M4100 Series ProSAFE Managed Switches mac address-table multicast forward-unregistered vlan Use this command to enable forwarding unregistered multicast address (in other words, unknown multicast traffic) on a VLAN. Format mac address-table multicast forward-unregistered vlan <1-4093> Mode Global Config mac address-table multicast forward-all vlan Use this command to enable forwarding of all multicast packets on a VLAN.
M4100 Series ProSAFE Managed Switches If you specify the <slot/port> values, the command displays the information that is described in the following table. Term Definition IGMP Snooping Indicates whether IGMP Snooping is active on the interface. Admin Mode Fast Leave Indicates whether IGMP Snooping Fast-leave is active on the interface.
Use this command to display the multicast filtering details for a VLAN. Format show mac address-table multicast filtering <vlan-id> Mode Privileged EXEC Field Description A valid VLAN ID <vlan id> mode The filtering mode Command example: (NETGEAR Switch) #show mac address-table multicast filtering 1 VLAN-ID..1 Mode..Forward-Forbidden-Unregistered Switching Commands...
M4100 Series ProSAFE Managed Switches IGMP Snooping Querier Commands IGMP Snooping requires that one central switch or router periodically query all end-devices on the network to announce their multicast memberships. This central device is the “IGMP Querier”. The IGMP query responses, known as IGMP reports, keep the switch updated with the current multicast group membership on a port-by-port basis.
M4100 Series ProSAFE Managed Switches set igmp querier query-interval Use this command to set the IGMP Querier Query Interval time. It is the amount of time in seconds that the switch waits before sending another general query. Default disabled Format set igmp querier query-interval <1-18000>...
M4100 Series ProSAFE Managed Switches no set igmp querier version Use this command to set the IGMP Querier version to its default value. Format no set igmp querier version Mode Global Config set igmp querier election participate Use this command to enable the Snooping Querier to participate in the Querier Election process when it discovers the presence of another Querier in the VLAN.
Page 167
M4100 Series ProSAFE Managed Switches Term Description Querier Address The IP Address which will be used in the IPv4 header while sending out IGMP queries. It can be configured using the appropriate command. Query Interval The amount of time in seconds that a Snooping Querier waits before sending out the periodic general query.
M4100 Series ProSAFE Managed Switches MLD Snooping Commands This section describes commands used for MLD Snooping. In IPv4, Layer 2 switches can use IGMP Snooping to limit the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded only to those interfaces associated with IP multicast addresses.
M4100 Series ProSAFE Managed Switches set mld interfacemode Use this command to enable MLD Snooping on all interfaces. If an interface has MLD Snooping enabled and you enable this interface for routing or enlist it as a member of a port-channel (LAG), MLD Snooping functionality is disabled on that interface.
M4100 Series ProSAFE Managed Switches no set mld fast-leave Use this command to disable MLD Snooping fast-leave admin mode on a selected interface. Format no set mld fast-leave <vlan-id> Mode • Interface Config • VLAN Mode set mld groupmembership-interval Use this command to set the MLD Group Membership Interval time on a VLAN, one interface or all interfaces.
M4100 Series ProSAFE Managed Switches no set mld maxresponse Use this command to set the max response time (on the interface or VLAN) to the default value. Format no set mld maxresponse Mode • Global Config • Interface Config •...
M4100 Series ProSAFE Managed Switches no set mld mrouter Use this command to disable multicast router attached mode for a VLAN with a particular VLAN ID. Format no set mld mrouter <vlan-id> Mode Interface Config set mld mrouter interface Use this command to configure the interface as a multicast router-attached interface. When configured as a multicast router interface, the interface is treated as a multicast router-attached interface in all VLANs.
M4100 Series ProSAFE Managed Switches Term Definition MLD Control Displays the number of MLD Control frames that are processed by the CPU. Frame Count VLANs Enabled VLANs on which MLD Snooping is enabled. for MLD Snooping When you specify the <slot/port> values, the command output displays the information that is shown in the following table.
M4100 Series ProSAFE Managed Switches Term Definition Interface Shows the interface on which multicast router information is being displayed. Multicast Router Indicates whether multicast router is statically enabled on the interface. Attached VLAN ID Displays the list of VLANs of which the interface is a member.
M4100 Series ProSAFE Managed Switches MLD Snooping Querier Commands In an IPv6 environment, MLD Snooping requires that one central switch or router periodically query all end-devices on the network to announce their multicast memberships. This central device is the MLD Querier. The MLD query responses, known as MLD reports, keep the switch updated with the current multicast group membership on a port-by-port basis.
M4100 Series ProSAFE Managed Switches set mld querier query_interval Use this command to set the MLD Querier Query Interval time. This is the amount of time in seconds that the switch waits before sending another general query. Default disabled Format set mld querier query_interval <1-18000>...
M4100 Series ProSAFE Managed Switches no set mld querier election participate Use this command to set the snooping querier not to participate in querier election, but go into a non-querier mode as soon as it discovers the presence of another querier in the same VLAN.
M4100 Series ProSAFE Managed Switches Term Description Querier Election Indicates whether the MLD Snooping Querier participates in querier election if it Participate discovers the presence of a querier in the VLAN. Querier VLAN The IP address will be used in the IPv6 header while sending out MLD queries on this Address VLAN.
M4100 Series ProSAFE Managed Switches no port-security This command disables port locking for one (Interface Config) or all (Global Config) ports. Format no port-security Mode • Global Config • Interface Config port-security max-dynamic This command sets the maximum number of dynamically locked MAC addresses allowed on a specific port.
M4100 Series ProSAFE Managed Switches port-security mac-address This command adds a MAC address to the list of statically locked MAC addresses. The <vid> is the VLAN ID. Format port-security mac-address <mac-address> <vid> Mode Interface Config no port-security mac-address This command removes a MAC address from the list of statically locked MAC addresses.
M4100 Series ProSAFE Managed Switches no port-security mac-address sticky The no form removes the sticky mode. The sticky MAC address can be deleted by using the command no port-security mac-address <mac-address> <vid>. Format no port-security mac-address sticky [<mac-address> <vid>] Modes •...
M4100 Series ProSAFE Managed Switches show port-security static This command displays the statically locked MAC addresses for port. Format show port-security static [lag <lag-intf-num> | <slot/port>] Mode Privileged EXEC Term Definition MAC Address MAC Address of statically locked MAC. show port-security violation This command displays the source MAC address of the last packet discarded on a locked port.
M4100 Series ProSAFE Managed Switches lldp receive Use this command to enable the LLDP receive capability. Default enabled Format lldp receive Mode Interface Config no lldp receive Use this command to return the reception of LLDPDUs to the default value.
M4100 Series ProSAFE Managed Switches Use port-desc to transmit the port description TLV. To configure the port description, see description on page 20 Default all optional TLVs are included Format lldp transmit-tlv [sys-desc] [sys-name] [sys-cap] [port-desc] Mode Interface Config no lldp transmit-tlv Use this command to remove an optional TLV from the LLDPDUs.
M4100 Series ProSAFE Managed Switches no lldp notification Use this command to disable notifications. Default disabled Format no lldp notification Mode Interface Config lldp notification-interval Use this command to configure how frequently the system sends remote data change notifications. The <interval> parameter is the number of seconds to wait between sending notifications.
M4100 Series ProSAFE Managed Switches show lldp Use this command to display a summary of the current LLDP configuration. Format show lldp Mode Privileged Exec Term Definition Transmit Interval How frequently the system transmits local data LLDPDUs, in seconds. Transmit Hold The multiplier on the transmit interval that sets the TTL in local data LLDPDUs.
M4100 Series ProSAFE Managed Switches show lldp statistics Use this command to display the current LLDP traffic and remote table statistics for a specific interface or for all interfaces. Format show lldp statistics {<slot/port> | all} Mode Privileged Exec Term...
Page 188
M4100 Series ProSAFE Managed Switches show lldp remote-device Use this command to display summary information about remote devices that transmit current LLDP data to the system. You can show information about LLDP remote data received on all ports or on a specific port.
Time To Live The amount of time (in seconds) the remote device's information received in the LLDPDU should be treated as valid information. Command example: (NETGEAR Switch) #show lldp remote-device detail 0/7 LLDP Remote Device Detail Local Interface: 0/7 Remote Identifier: 2...
M4100 Series ProSAFE Managed Switches Chassis ID: 00:FC:E3:90:01:0F Port ID Subtype: MAC Address Port ID: 00:FC:E3:90:01:11 System Name: System Description: Port Description: System Capabilities Supported: System Capabilities Enabled: Time to Live: 24 seconds show lldp local-device Use this command to display summary information about the advertised LLDP local data.
M4100 Series ProSAFE Managed Switches Term Definition System Describes the local system by identifying the system name and versions of hardware, Description operating system, and networking software supported in the device. Port Description Describes the port in an alpha-numeric format.
M4100 Series ProSAFE Managed Switches lldp med confignotification Use this command to configure all the ports to send the topology change notification. Default enabled Format lldp med confignotification Mode Interface Config no ldp med confignotification Use this command to disable notifications.
M4100 Series ProSAFE Managed Switches no lldp med transmit-tlv Use this command to remove a TLV. Format no lldp med transmit-tlv [capabilities] [network-policy] [ex-pse] [ex-pd] [location] [inventory] Mode Interface Config lldp med all Use this command to configure LLDP-MED on all the ports.
M4100 Series ProSAFE Managed Switches no lldp med faststartrepeatcount Use this command to return to the factory default value. Format no lldp med faststartrepeatcount Mode Global Config lldp med transmit-tlv all Use this command to specify which optional Type Length Values (TLVs) in the LLDP MED set will be transmitted in the Link Layer Discovery Protocol Data Units (LLDPDUs).
Shows whether the interface sends optional TLVs in the LLDPDUs. The TLV codes can be 0 (Capabilities), 1 (Network Policy), 2 (Location), 3 (Extended PSE), 4 (Extended Pd), or 5 (Inventory). Command example: (NETGEAR Switch) #show lldp med interface all Interface Link configMED operMED...
Page 197
Mfg Name Shows the manufacture name. Model Name Shows the model name. Command example: (NETGEAR Switch) #show lldp med local-device detail 0/8 LLDP MED Local Device Detail Interface: 0/8 Network Policies Media Policy Application Type : voice Vlan ID: 10...
Telephone etc]). The fourth device is Network Connectivity Device, which is typically a LAN Switch/Router, IEEE 802.1 Bridge, IEEE 802.11 Wireless Access Point etc. Command example: (NETGEAR Switch) #show lldp med remote-device all LLDP MED Remote Device Summary Local Interface...
M4100 Series ProSAFE Managed Switches Not Defined 0/10 Class II 0/11 Class III 0/12 Network Con show lldp med remote-device detail Use this command to display detailed information about remote devices that transmit current LLDP MED data to an interface on the system.
Page 200
Source Shows the remote port’s PD power source. Priority Shows the remote port’s PD power priority. Command example: (NETGEAR Switch) #show lldp med remote-device detail 0/8 LLDP MED Remote Device Detail Local Interface: 0/8 Remote Identifier: 18 Capabilities MED Capabilities Supported: capabilities, networkpolicy, location, extendedpse...
M4100 Series ProSAFE Managed Switches • UDP Port: Source UDP Port = Destination UDP Port. • TCP Flag & Sequence: TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and TCP Sequence Number = 0 or TCP Flags SYN and FIN set.
M4100 Series ProSAFE Managed Switches no dos-control sipdip This command disables Source IP address = Destination IP address (SIP=DIP) Denial of Service prevention. Format no dos-control sipdip Mode Global Config dos-control firstfrag This command enables Minimum TCP Header Size Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack.
M4100 Series ProSAFE Managed Switches dos-control tcpflag This command enables TCP Flag Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attacks. If packets ingress having TCP Flag SYN set and a source port less than 1024 or having TCP Control Flags set to 0 and TCP...
M4100 Series ProSAFE Managed Switches no dos-control l4port This command disables L4 Port Denial of Service protections. Format no dos-control l4port Mode Global Config dos-control icmp This command enables Maximum ICMP Packet Size Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If ICMP Echo Request (PING) packets ingress having a size greater than the configured value, the packets will be dropped if the mode is enabled.
M4100 Series ProSAFE Managed Switches dos-control tcpport This command enables TCP L4 source = destination port number (Source TCP Port = Destination TCP Port) Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress with Source TCP Port = Destination TCP Port, the packets will be dropped if the mode is enabled.
M4100 Series ProSAFE Managed Switches TCP Sequence Number set to 0 or having TCP Flags SYN and FIN both set, the packets will be dropped if the mode is enabled. Default disabled Format dos-control tcpflagseq Mode Global Config no dos-control tcpflagseq This command sets disables TCP Flag and Sequence Denial of Service protection.
M4100 Series ProSAFE Managed Switches no dos-control tcpsyn This command sets disables TCP SYN and L4 source = 0-1023 Denial of Service protection. Format no dos-control tcpsyn Mode Global Config dos-control tcpsynfin This command enables TCP SYN and FIN Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack.
M4100 Series ProSAFE Managed Switches dos-control icmpv4 This command enables Maximum ICMPv4 Packet Size Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If ICMPv4 Echo Request (PING) packets ingress having a size greater than the configured value, the packets will be dropped if the mode is enabled.
M4100 Series ProSAFE Managed Switches Default disabled Format dos-control icmpfrag Mode Global Config no dos-control icmpfrag This command disabled ICMP Fragment Denial of Service protection. Format no dos-control icmpfrag Mode Global Config show dos-control This command displays Denial of Service configuration information.
M4100 Series ProSAFE Managed Switches Term Definition SMACDMAC May be enabled or disabled. The factory default is disabled. Mode TCP Flag Mode May be enabled or disabled. The factory default is disabled. TCP FIN&URG& May be enabled or disabled. The factory default is disabled.
M4100 Series ProSAFE Managed Switches show forwardingdb agetime This command displays the timeout for address aging. Default 300s Format show forwardingdb agetime Mode Privileged EXEC Term Definition Address Aging This parameter displays the address aging timeout for the associated forwarding Timeout database.
M4100 Series ProSAFE Managed Switches Term Definition Max MFDB The total number of entries that can possibly be in the Multicast Forwarding Database Table Entries table. Most MFDB The largest number of entries that have been present in the Multicast Forwarding Entries Since Database table.
M4100 Series ProSAFE Managed Switches isdp timer This command sets the period of time between sending new ISDP packets. You must enter the range in seconds. Default 30 seconds Format isdp timer <5-254> Mode Global Config isdp advertise-v2 This command enables the sending of ISDP version 2 packets from the device.
M4100 Series ProSAFE Managed Switches clear isdp counters This command clears ISDP counters. Format clear isdp counters Mode Privileged EXEC clear isdp table This command clears entries in the ISDP table. Format clear isdp table Mode Privileged EXEC show isdp This command displays global ISDP settings.
M4100 Series ProSAFE Managed Switches show isdp interface This command displays ISDP settings for the specified interface. Format show isdp interface {all | <slot/port>} Mode Privileged EXEC Term Definition Mode ISDP mode enabled/disabled status for the interface(s). show isdp entry This command displays ISDP entries.
M4100 Series ProSAFE Managed Switches Term Definition Device ID The device ID associated with the neighbor which advertised the information. IP Addresses The IP addresses associated with the neighbor. Capability ISDP functional capabilities advertised by the neighbor. Platform The hardware platform advertised by the neighbor.
M4100 Series ProSAFE Managed Switches Term Definition ISDPv1 Packets Received Total number of ISDPv1 packets received ISDPv1 Packets Transmitted Total number of ISDPv1 packets transmitted ISDPv2 Packets Received Total number of ISDPv2 packets received ISDPv2 Packets Transmitted Total number of ISDPv2 packets transmitted...
M4100 Series ProSAFE Managed Switches About MVR Internet Group Management Protocol (IGMP) Layer 3 is widely used for IPv4 network multicasting. In Layer 2 networks, IGMP uses resources inefficiently. For example, a Layer 2 switch sends multicast frames to all ports, even if there are receivers connected to only a few ports.
M4100 Series ProSAFE Managed Switches no mvr group This command removes the MVR membership group. Format no mvr group <A.B.C.D> [count] Mode Global Config mvr mode This command changes the MVR mode type. If the mode is set to compatible, the switch does not learn multicast groups;...
M4100 Series ProSAFE Managed Switches mvr vlan This command sets the MVR multicast VLAN. Default Format mvr vlan <1-4094> Mode Global Config no mvr vlan This command sets the MVR multicast VLAN to the default value. Format no mvr vlan...
M4100 Series ProSAFE Managed Switches mvr type This command sets the MVR port type. When a port is set as source, it is the port to which the multicast traffic flows using the multicast VLAN. When a port is set to receiver, it is the port where a listening host is connected to the switch.
M4100 Series ProSAFE Managed Switches The following table explains the output parameters. Term Definition MVR Running MVR running state. It can be enabled or disabled. MVR multicast VLAN Current MVR multicast VLAN. It can be in the range from 1 to 4094.
M4100 Series ProSAFE Managed Switches show mvr traffic This command displays global MVR statistics. Format show mvr traffic Mode Privileged EXEC The following table explains the output parameters. Term Definition IGMP Query Received Number of received IGMP queries IGMP Report V1 Received...
Routing Commands This chapter describes the routing commands. The chapter contains the following sections: • Address Resolution Protocol (ARP) Commands • IP Routing Commands • Virtual LAN Routing Commands • DHCP and BOOTP Relay Commands • IP Helper Commands • ICMP Throttling Commands The commands in this chapter are in three functional groups: •...
M4100 Series ProSAFE Managed Switches Address Resolution Protocol (ARP) Commands This section describes the commands you use to configure ARP and to view ARP information about the switch. ARP associates IP addresses with MAC addresses and stores the information as ARP entries in the ARP cache.
M4100 Series ProSAFE Managed Switches ip proxy-arp This command enables proxy ARP on a router interface. Without proxy ARP, a device only responds to an ARP request if the target IP address is an address configured on the interface where the ARP request arrived. With proxy ARP, the device might also respond if the target IP address is reachable.
M4100 Series ProSAFE Managed Switches no arp dynamicrenew This command prevents dynamic ARP entries from renewing when they age out. Format no arp dynamicrenew Mode Privileged EXEC arp purge This command causes the specified IP address to be removed from the ARP cache. Only entries of type dynamic or gateway are affected by this command.
M4100 Series ProSAFE Managed Switches no arp retries This command configures the default ARP count of maximum request for retries. Format no arp retries Mode Global Config arp timeout This command configures the ARP entry ageout time. The value for <seconds> is a valid positive integer, which represents the IP ARP entry ageout time in seconds.
M4100 Series ProSAFE Managed Switches show arp This command displays the Address Resolution Protocol (ARP) cache. The displayed results are not the total ARP entries. To view the total ARP entries, the operator should view the show arp results with the show arp switch results.
M4100 Series ProSAFE Managed Switches Term Definition Age Time The time it takes for an ARP entry to age out. This value is configurable. Age time is (seconds) measured in seconds. Response Time The time it takes for an ARP request timeout. This value is configurable. Response time (seconds) is measured in seconds.
M4100 Series ProSAFE Managed Switches IP Routing Commands This section describes the commands you use to enable and configure IP routing on the switch. routing This command enables IPv4 and IPv6 routing for an interface. You can view the current value for this function with the show ip brief command.
M4100 Series ProSAFE Managed Switches Note: The 31-bit subnet mask is only supported on routing interface. This feature is not supported on a network port because it acts as a host, not a router, on the management interface. Format ip address <ipaddr> {<subnetmask> | /<prefix-length>} [secondary]...
M4100 Series ProSAFE Managed Switches no ip address dhcp Use this command to release a leased address and disable DHCPv4 on an interface. Format no ip address dhcp Mode Interface Config ip default-gateway Use this command to manually configure a default gateway for the switch. Only one default gateway can be configured.
M4100 Series ProSAFE Managed Switches show dhcp lease Use this command to display a list of IPv4 addresses currently leased from a DHCP server on a specific in-band interface or all in-band interfaces. This command does not apply to service or network ports.
M4100 Series ProSAFE Managed Switches Default preference—1 Format ip route <ipaddr> <subnetmask> [<nexthopip> | Null0] [<preference>] Mode Global Config no ip route This command deletes a single next hop to a destination static route. If you use the <nexthopip> parameter, the next hop is deleted. If you use the <preference> value, the preference value of the static route is reset to its default.
M4100 Series ProSAFE Managed Switches Default Format ip route distance <1-255> Mode Global Config no ip route distance This command sets the default static route preference value in the router. Lower route preference values are preferred when determining the best route.
M4100 Series ProSAFE Managed Switches OSPF advertises the IP MTU in the Database Description packets it sends to its neighbors during database exchange. If two OSPF neighbors advertise different IP MTUs, they will not form an adjacency. (unless OSPF has been instructed to ignore differences in IP MTU with the ip ospf mtu-ignore command.)
M4100 Series ProSAFE Managed Switches Protocol Tells which protocol added the specified route. The possibilities are: local, static, OSPF, or RIP. Total Number The total number of routes. of Routes clear ip route counters This command resets to zero the IPv4 routing table counters reported in the output of the show ip route summary command.
M4100 Series ProSAFE Managed Switches Term Definition Link Speed Data An integer representing the physical link data rate of the specified interface. This is Rate measured in Megabits per second (Mbps). MAC Address The burned in physical address of the specified interface. The format is 6 two-digit hexadecimal numbers that are separated by colons.
M4100 Series ProSAFE Managed Switches Term Definition Interface Valid slot and port number separated by forward slashes. State Routing operational state of the interface. IP Address The IP address of the routing interface in 32-bit dotted decimal format. IP Mask The IP mask of the routing interface in 32-bit dotted decimal format.
M4100 Series ProSAFE Managed Switches Parameter Description Metric Type The metric type to advertise for redistributed routes of this type Subnets Whether OSPF redistributes subnets of classful addresses, or only classful prefixes Dist List A distribute list used to filter routes of this type. Only routes that pass the distribute...
Page 246
M4100 Series ProSAFE Managed Switches Note: If you use the connected keyword for <protocol>, the all option is not available because there are no best or non-best connected routes. Format show ip route [{<ip-address> [<protocol>] | {<ip-address> <mask> [longer-prefixes] [<protocol>] | <protocol>} [all] | all}] Modes •...
Page 247
M4100 Series ProSAFE Managed Switches Command example: (NETGEAR Switch) #show ip route Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static B - BGP Derived, IA - OSPF Inter Area E1 - OSPF External Type 1, E2 - OSPF External Type 2 N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2 C 1.1.1.0/24 [0/1] directly connected, 0/11...
M4100 Series ProSAFE Managed Switches show ip route summary Use this command to display the routing table summary. Use the optional all parameter to show the number of all routes, including best and non-best routes. To include only the number of best routes, do not use the optional parameter.
Page 249
M4100 Series ProSAFE Managed Switches Term Definition Unique Next The number of distinct next hops used among all routes currently in the routing table. Hops These include local interfaces for local routes and neighbors for indirect routes. Unique Next The highest count of unique next hops since the counters were last cleared.
M4100 Series ProSAFE Managed Switches ECMP Groups (High)......2 (3) ECMP Routes........1001 Truncated ECMP Routes......0 ECMP Retries........0 Routes with 1 Next Hop......31 Routes with 2 Next Hops......1 Routes with 4 Next Hops......1000 show ip route preferences This command displays detailed information about the route preferences.
M4100 Series ProSAFE Managed Switches show routing heap summary This command displays a summary of the memory allocation from the routing heap. The routing heap is a chunk of memory set aside when the system boots for use by the routing applications.
M4100 Series ProSAFE Managed Switches no vlan routing This command deletes routing on a VLAN. The <vlanid> value has a range from 1 to 4093. Format no vlan routing <vlan-id> Mode VLAN Config show ip vlan This command displays the VLAN routing information for all VLANs with routing enabled.
M4100 Series ProSAFE Managed Switches no bootpdhcprelay cidoptmode This command disables the circuit ID option mode for BootP/DHCP Relay on the system. Format no bootpdhcprelay cidoptmode Mode Global Config bootpdhcprelay maxhopcount This command configures the maximum allowable relay agent hops for BootP/DHCP Relay on the system.
M4100 Series ProSAFE Managed Switches show bootpdhcprelay This command displays the BootP/DHCP Relay information. Format show bootpdhcprelay Modes • Privileged EXEC • User EXEC Term Definition Maximum Hop The maximum allowable relay agent hops. Count Minimum Wait The minimum wait time.
M4100 Series ProSAFE Managed Switches ip helper-address (Global Config) Use the Global Configuration ip helper-address command to have the switch forward User Datagram Protocol (UDP) broadcasts received on an interface. To disable the forwarding of broadcast packets to specific addresses, use the no form of this command.
M4100 Series ProSAFE Managed Switches no ip helper-address (Global Config) Use this command to remove the IP address from the previously configured list. The no command without an <ip-address> argument removes the entire list of helper addresses on that interface.
M4100 Series ProSAFE Managed Switches Parameter Description The IPv4 unicast or directed broadcast address to which relayed UDP broadcast <ip-address> packets are sent. The IP address cannot be in a subnet on the interface where the relay entry is configured, and cannot be an IP address configured on any interface of the local router.
M4100 Series ProSAFE Managed Switches Parameter Description A destination UDP port number from 0 to 65535. <dest-udp-port> port name options The destination UDP port may be optionally specified by its name. Whether a port is specified by its number or its name has no effect on behavior. The names recognized are as follows: •...
M4100 Series ProSAFE Managed Switches show ip helper statistics Use this command to display the number of DHCP and other UDP packets processed and relayed by the UDP relay agent. Format show ip helper statistics Mode Privileged EXEC Term Definition DHCP client The number of valid messages received from a DHCP client.
M4100 Series ProSAFE Managed Switches ICMP Throttling Commands This section describes the commands you use to configure options for the transmission of various types of ICMP messages. ip unreachables Use this command to enable the generation of ICMP Destination Unreachable messages. By default, the generation of ICMP Destination Unreachable messages is enabled.
M4100 Series ProSAFE Managed Switches ip icmp echo-reply Use this command to enable the generation of ICMP Echo Reply messages by the router. By default, the generation of ICMP Echo Reply messages is enabled. Default enabled Format ip icmp echo-reply...
Quality of Service Commands This chapter describes the Quality of Service (QoS) commands available in the managed switch CLI. The chapter contains the following sections: • Class of Service (CoS) Commands • Differentiated Services (DiffServ) Commands • DiffServ Class Commands •...
M4100 Series ProSAFE Managed Switches Class of Service (CoS) Commands This section describes the commands you use to configure and view Class of Service (CoS) settings for the switch. The commands in this section allow you to control the priority and transmission rate of traffic.
M4100 Series ProSAFE Managed Switches no classofservice ip-dscp-mapping This command maps each IP DSCP value to its default internal traffic class value. Format no classofservice ip-dscp-mapping Modes Global Config classofservice trust This command sets the Class of Service trust mode of an interface. You can set the mode to trust one of the Dot1p (802.1p), IP DSCP, or IP Precedence packet markings.
M4100 Series ProSAFE Managed Switches no cos-queue min-bandwidth This command restores the default for each queue's minimum bandwidth value. Format no cos-queue min-bandwidth Modes • Global Config • Interface Config cos-queue strict This command activates the strict priority scheduler mode for each specified queue.
M4100 Series ProSAFE Managed Switches no cos-queue random-detect Use this command to disable WRED and restore the default tail drop operation for the specified queues on all interfaces or one interface. Format no cos-queue random-detect <queue-id-1> [<queue-id-2> … <queue-id-n>] Modes •...
M4100 Series ProSAFE Managed Switches Format random-detect queue-parms <queue-id-1> [<queue-id-2> … <queue-id-n>] minthresh <thresh-prec-1> … <thresh-prec-n> max-thresh <thresh-prec-1> … <threshprec-n> drop-probability <prob-prec-1> … <prob-prec-n> Modes • Global Config • Interface Config no random-detect queue-parms Use this command to set the WRED configuration back to the default.
M4100 Series ProSAFE Managed Switches Format show classofservice dot1p-mapping [<slot/port>] Mode Privileged EXEC The following information is repeated for each user priority. Term Definition User Priority The 802.1p user priority value. Traffic Class The traffic class internal queue identifier to which the user priority value is mapped.
M4100 Series ProSAFE Managed Switches show classofservice trust This command displays the current trust mode setting for a specific interface. The <slot/port> parameter is optional and is only valid on platforms that support independent per-port Class of Service mappings. If you specify an interface, the command displays the port trust mode of the interface.
M4100 Series ProSAFE Managed Switches If you specify the interface, the command also displays the following information. Term Definition Interface The slot/port of the interface. If displaying the global configuration, this output line is replaced with a Global Config indication.
Page 271
M4100 Series ProSAFE Managed Switches Policy a. Creating and deleting policies b. Associating classes with a policy c. Defining policy statements for a policy/class combination Service a. Adding and removing a policy to/from an inbound or outbound interface The DiffServ class defines the packet filtering criteria. The attributes of a DiffServ policy define the way the switch processes packets.
M4100 Series ProSAFE Managed Switches no diffserv This command sets the DiffServ operational mode to inactive. While disabled, the DiffServ configuration is retained and can be changed, but it is not activated. When enabled, DiffServ services are activated. Format no diffserv...
M4100 Series ProSAFE Managed Switches Note: The optional keywords [ipv4 | ipv6] specify the Layer 3 protocol for this class. If not specified, this parameter defaults to ipv4. This maintains backward compatibility for configurations defined on systems before IPv6 match items were supported.
M4100 Series ProSAFE Managed Switches Format match ethertype {<keyword> | custom <range>} Mode • Class-Map Config • Ipv6-Class-Map Config match any This command adds to the specified class definition a match condition whereby all packets are considered to belong to the class.
M4100 Series ProSAFE Managed Switches no match class-map This command removes from the specified class definition the set of match conditions defined for another class. The <refclassname> is the name of an existing DiffServ class whose match conditions are being referenced by the specified class definition.
M4100 Series ProSAFE Managed Switches 00:11:22:dd:ee:ff). The <macmask> parameter is a layer 2 MAC address bit mask, which need not to be contiguous, and is formatted as six, two-digit hexadecimal numbers separated by colons (for example, ff:07:23:ff:fe:dc). Default none Format match destination-address mac <macaddr>...
M4100 Series ProSAFE Managed Switches match ip dscp This command adds to the specified class definition a match condition based on the value of the IP DiffServ Code Point (DSCP) field in a packet, which is defined as the high-order six bits of the Service Type octet in the IP header (the low-order two bits are not checked).
M4100 Series ProSAFE Managed Switches denotes the bit positions in <tosbits> that are used for comparison against the IP TOS field in a packet. For example, to check for an IP TOS value having bits 7 and 5 set and bit 1 clear, where bit 7 is most significant, use a <tosbits>...
M4100 Series ProSAFE Managed Switches match source-address mac This command adds to the specified class definition a match condition based on the source MAC address of a packet. The <address> parameter is any layer 2 MAC address formatted as six, two-digit hexadecimal numbers separated by colons (for example, 00:11:22:dd:ee:ff).
M4100 Series ProSAFE Managed Switches Default none Format match srcl4port {<portkey> | <0-65535>} Mode • Class-Map Config • Ipv6-Class-Map Config match vlan This command adds to the specified class definition a match condition based on the value of the layer 2 VLAN Identifier field (the 802.1Q tag of a VLAN tagged packet). The VLAN is an integer from 0 to 4095.
Page 281
M4100 Series ProSAFE Managed Switches Note: The only way to remove an individual policy attribute from a class instance within a policy is to remove the class instance and re-add it to the policy. The values associated with an existing policy attribute can be changed without removing the class instance.
Page 282
M4100 Series ProSAFE Managed Switches redirect This command specifies that all incoming packets for the associated traffic stream are redirected to a specific egress interface (physical port or port-channel). Format redirect <slot/port> Mode Policy-Class-Map Config Incompatibilities Drop, Mirror conform-color Use this command to enable color-aware traffic policing and define the conform-color class map.
M4100 Series ProSAFE Managed Switches no class This command deletes the instance of a particular class and its defined treatment from the specified policy. <classname> is the names of an existing DiffServ class. Note: This command removes the reference to the class definition for the specified policy.
M4100 Series ProSAFE Managed Switches Format mark ip-dscp <dscpval> Mode Policy-Class-Map Config Incompatibilities Drop, Mark CoS, Mark IP Precedence, Police mark ip-precedence This command marks all packets for the associated traffic stream with the specified IP Precedence value. The IP Precedence value is an integer from 0 to 7.
M4100 Series ProSAFE Managed Switches no policy-map This command eliminates an existing DiffServ policy. The <policyname> parameter is the name of an existing DiffServ policy. This command might be issued at any time. If the policy is referenced by one or more interface service attachments, this delete attempt fails.
M4100 Series ProSAFE Managed Switches Note: This command fails if any attributes within the policy definition exceed the capabilities of the interface. Once a policy is successfully attached to an interface, any attempt to change the policy definition, that would result in a violation of the interface capabilities, causes the policy change attempt to fail.
M4100 Series ProSAFE Managed Switches show class-map This command displays all configuration information for the specified class. The <class-name> is the name of an existing DiffServ class. Format show class-map <class-name> Modes • Privileged EXEC • User EXEC If the class-name is specified, the fields that are shown in the following table are displayed.
M4100 Series ProSAFE Managed Switches show diffserv This command displays the DiffServ General Status Group information, which includes the current administrative mode setting as well as the current and maximum number of rows in each of the main DiffServ private MIB tables. This command provides no options.
Page 290
M4100 Series ProSAFE Managed Switches The information that is shown in the following table is repeated for each class that is associated with this policy (only the policy attributes that are configured are displayed). Term Definition Assign Queue Directs traffic stream to the specified QoS queue. This allows a traffic classifier to specify which one of the supported hardware queues are used for handling packets belonging to the class.
M4100 Series ProSAFE Managed Switches Term Definition Policing Style The style of policing, if any, used (simple). Redirect Forces a classified traffic stream to a specified egress port (physical or LAG). This can occur in addition to any marking or policing action. It might also be specified along with a QoS queue assignment.
M4100 Series ProSAFE Managed Switches Term Definition DiffServ Admin The current setting of the DiffServ administrative mode. An attached policy is only active Mode on an interface while DiffServ is in an enabled mode. The information that is shown in the following table is repeated for each interface and direction (only those interfaces configured with an attached policy are shown).
M4100 Series ProSAFE Managed Switches show service-policy This command displays a summary of policy-oriented statistics information for all interfaces in the specified direction. Format show service-policy {in | out} Mode Privileged EXEC The information that is shown in the following table is repeated for each interface and direction (only those interfaces configured with an attached policy are shown).
M4100 Series ProSAFE Managed Switches Format mac access-list extended <name> Mode Global Config no mac access-list extended This command deletes a MAC ACL identified by <name> from the system. Format no mac access-list extended <name> Mode Global Config mac access-list extended rename This command changes the name of a MAC access control list (ACL).
Page 295
M4100 Series ProSAFE Managed Switches ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, and rarp. Each of these translates into its equivalent Ethertype value or values. The time-range parameter allows imposing time limitation on the MAC ACL rule as defined by the parameter <time-range-name>.
M4100 Series ProSAFE Managed Switches Format {deny | permit} {<srcmac> | any} {<dstmac> | any} [<ethertypekey> | <0x0600-0xFFFF>] [vlan {eq <0-4095>}] [cos <0-7>] [[log] [time-range <time-range-name>] [assign-queue <queue-id>]] [{mirror | redirect} <slot/port>] Mode Mac-Access-List Config mac access-group This command either attaches a specific MAC access control list (ACL) identified by <name>...
M4100 Series ProSAFE Managed Switches show mac access-lists This command displays a MAC access list and all of the rules that are defined for the MAC ACL. Use the [<name>] parameter to identify a specific MAC ACL to display. Format show mac access-lists [<name>]...
Page 298
M4100 Series ProSAFE Managed Switches • Wildcard masking for ACLs operates differently from a subnet mask. A wildcard mask is in essence the inverse of a subnet mask. With a subnet mask, the mask has ones (1's) in the bit positions that are used for the network address, and has zeros (0's) for the bit positions that are not used.
Page 299
M4100 Series ProSAFE Managed Switches Parameter Description Note: This option is available only if the protocol is tcp or udp. eq {<portkey> | <0-65535>} When eq is specified, an IP ACL rule matches only if the Layer 4 port number is equal to the specified port number or port key.
M4100 Series ProSAFE Managed Switches ip access-list This command creates an extended IP access control list (ACL) identified by <name>, consisting of classification fields defined for the IP header of an IPv4 frame. The <name> parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the IP access list.
Page 301
M4100 Series ProSAFE Managed Switches Note: An implicit deny all IP rule always terminates the access list. Note: The mirror parameter allows traffic matching this rule to be copied to the specified <slot/port>, while the redirect parameter allows traffic matching this rule to be forwarded to the specified <slot/port>.
Page 302
M4100 Series ProSAFE Managed Switches Parameter Description Specifies whether the IP ACL rule permits or denies the {deny | permit} matching traffic. Match every packet. every Specifies the protocol to match for the IP ACL rule. {icmp | igmp | ip | tcp | udp | <number>}...
M4100 Series ProSAFE Managed Switches Parameter Description Specifies the assign-queue, which is the queue identifier to assign-queue <queue-id> which packets matching this rule are assigned. Specifies the mirror or redirect interface which is the [{mirror | redirect} [lag <lag-group-id> or <slot/port> to which packets <lag-group-id>...
M4100 Series ProSAFE Managed Switches no acl-trapflags This command disables the ACL trap mode. Format no acl-trapflags Mode Global Config show ip access-lists This command displays an IP ACL <accesslistnumber> is the number used to identify the IP ACL. Format show ip access-lists <accesslistnumber>...
M4100 Series ProSAFE Managed Switches Term Definition Displays when you enable logging for the rule. Assign Queue The queue identifier to which packets matching this rule are assigned. Mirror Interface The slot/port to which packets matching this rule are copied.
M4100 Series ProSAFE Managed Switches ipv6 access-list This command creates an IPv6 access control list (ACL) identified by <name>, consisting of classification fields defined for the IP header of an IPv6 frame. The <name> parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the IPv6 access list.
M4100 Series ProSAFE Managed Switches Note: An implicit deny all IPv6 rule always terminates the access list. A rule might either deny or permit traffic according to the specified classification fields. At a minimum, either the every keyword or the protocol, source address, and destination address values must be specified.
M4100 Series ProSAFE Managed Switches Global Config mode. The Interface Config mode command is only available on platforms that support independent per-port Class of Service queue configuration. Format ipv6 traffic-filter <name> {in | {vlan <vlan-id> in}} [sequence <1-4294967295>] Modes •...
M4100 Series ProSAFE Managed Switches Term Definition Displays when you enable logging for the rule. Assign Queue The queue identifier to which packets matching this rule are assigned. Mirror Interface The slot/port to which packets matching this rule are copied.
Page 310
M4100 Series ProSAFE Managed Switches absolute Use this command to add an absolute time entry to a time range. Only one absolute time entry is allowed per time-range. The <time> parameters are based on the currently configured time zone. The [start <time> <date>] parameters indicate the time and date at which the configuration that referenced the time range starts going into effect.
M4100 Series ProSAFE Managed Switches Format periodic <frequency> {<days-of-the-week> <time>} to {[<days-of-the-week>] <time>} Mode Time-Range Config no periodic Use this command to delete a periodic time entry from a time range. Format no periodic <frequency> {<days-of-the-week> <time>} to {[<days-of-the-week>] <time>}...
M4100 Series ProSAFE Managed Switches AutoVoIP Commands AutoVoIP detects the VoIP streams and put the VoIP streams in the specific VLAN (auto-voip VLAN) and provides higher Class of Service to the VoIP streams automatically (both data and signaling). It detects the VoIP streams in two modes.
M4100 Series ProSAFE Managed Switches auto-voip oui This command is used to configure an OUI for Auto VoIP. The traffic from the configured OUI will get the highest priority over the other traffic. Default A list of known OUIs is present Format auto-voip oui <oui-prefix>...
M4100 Series ProSAFE Managed Switches no auto-voip oui-based priority This command is used to set the priority to the default value. Format no auto-voip oui-based priority <priority-value> Mode Global Config auto-voip protocol-based This command is used to configure the global protocol based auto-VoIP remarking priority/traffic-class.
Page 315
The 802.1p priority. This field is valid for OUI auto VoIP. AutoVoIPMode The Auto VoIP mode on the interface. Command example: (NETGEAR Switch)# show auto-voip protocol-based interface all VoIP VLAN Id........2 Prioritization Type......traffic-class Class Value........7 Interface Auto VoIP...
M4100 Series ProSAFE Managed Switches show auto-voip oui-table This command lists all of the configured OUIs. Format show auto-voip oui-table Mode • Privileged EXEC • User EXEC Term Definition OUI of the source MAC address Status Default or Configured entry.
M4100 Series ProSAFE Managed Switches About PoE Power over Ethernet (PoE) describes a technology to pass electrical power safely along with data on existing Ethernet cabling. The PSE or power supply equipment is the device or switch that delivers electrical power, and the PD or powered device is the end device that powers up through the power delivered along the Ethernet cable.
M4100 Series ProSAFE Managed Switches poe detection Use this command to configure the detection type on a global basis or per interface. It is used to configure which types of PDs will be detected and powered by the switch. There are three options: •...
M4100 Series ProSAFE Managed Switches no poe high-power Use this command to disable the high-power mode. The port will support only IEEE 902.3af devices. This command works on a global basis or per interface. Format no poe high-power Mode Interface Config poe power limit Use this command to configure the type of power limit for a port.
M4100 Series ProSAFE Managed Switches Static and dynamic modes differ in how the available power is calculated, as follows: • Static Power Management Available power = power limit of the source - total allocated power where total allocated power is calculated as the power limit configured on the port.
M4100 Series ProSAFE Managed Switches Default Format poe priority {crit | high | low} Mode • Global Config • Interface Config no poe priority Use this command to set the priority to the default. Format no poe priority Mode •...
M4100 Series ProSAFE Managed Switches no poe timer schedule name Use this command to detach the schedule from the port. Format no poe timer schedule Mode Interface Config poe usagethreshold Use this command to set a threshold (as a percentage) for the total amount of power that can be delivered by the switch.
M4100 Series ProSAFE Managed Switches no poe traps Use this command to disable logging the PoE traps. Format no poe traps Mode Global Config show poe Use this command to get global information regarding the PoE status. Format show poe Mode •...
Format show poe port configuration [<port> | all] Mode • Privileged EXEC • User EXEC Command example: (NETGEAR Switch) #show poe port configuration all Admin Power Power Limit High Power Detection Intf Mode Priority...
Other Fault—The port has experienced problems other than compliance issues. When a port begins to deliver power, there is a trap indicating so. When a port stops delivering power, there is a trap indicating so. Command example: (NETGEAR Switch) #show poe port info all High Output Output...
M4100 Series ProSAFE Managed Switches Command example: (NETGEAR Switch) #show poe port info 0/33 High Output Output Intf Power Power Class Power Current Voltage Status Fault (mA) (volt) Status ------ ------- ----- ------- ------ ------- ------- ------------------ -------- 0/33 18.0 04.400...
Utility Commands This chapter describes the utility commands available in the CLI. The chapter contains the following sections: • Auto Install Commands • Dual Image Commands • System Information and Statistics Commands • Logging Commands • Email Alerting and Mail Server Commands •...
M4100 Series ProSAFE Managed Switches Auto Install Commands This section describes the Auto Install Commands. Auto Install is a software feature which provides for the configuration of a switch automatically when the device is initialized and no configuration file is found on the switch. The Auto Install process requires DHCP to be enabled by default in order for it to be completed.
M4100 Series ProSAFE Managed Switches boot host auto-save This command is used to enable automatically saving the downloaded configuration on the switch. Default Disabled Format boot host auto-save Mode Privileged EXEC no boot host auto-save This command is used to disable automatically saving the downloaded configuration on the switch.
M4100 Series ProSAFE Managed Switches no boot host retry-count This command is used to reset the number to the default. The default number is 3. Format no boot host retry-count Mode Privileged EXEC boot host dhcp This command is used to enable AutoInstall on the switch for the next reboot cycle. The command does not change the current behavior of AutoInstall and saves the command to NVRAM.
M4100 Series ProSAFE Managed Switches delete This command deletes the supplied image file from the permanent storage. The image to be deleted must be a backup image. If this image is the active image, or if this image is activated, an error message displays. The optional <unit> parameter is valid only on Stacks.
M4100 Series ProSAFE Managed Switches update bootcode This command updates the bootcode (boot loader) on the switch. The bootcode is read from the active-image for subsequent reboots. The optional <unit> parameter is valid only on Stacks. Error will be returned, if this parameter is provided, on Standalone systems. For Stacking, the <unit>...
M4100 Series ProSAFE Managed Switches Term Definition File The file in which the event originated. Line The line number of the event. Task Id The task ID of the event. Code The event code. Time The time this event occurred.
M4100 Series ProSAFE Managed Switches Term Definition Switch Text used to identify the product name of this switch. Description Machine Type The machine model as defined by the Vital Product Data. Machine Model The machine model as defined by the Vital Product Data Serial Number The unique box serial number for this switch.
M4100 Series ProSAFE Managed Switches Parameters Definition Collisions The best estimate of the total number of collisions on this Ethernet segment. Frames Time Since The elapsed time, in days, hours, minutes, and seconds since the statistics for this port Counters Last were last cleared.
M4100 Series ProSAFE Managed Switches Command example: (Routing) #show interface counters Port InOctets InUcastPkts InMcastPkts InBcastPkts --------- ---------------- ---------------- ---------------- ---------------- 15098 0/10 0/11 show interface ethernet This command displays detailed statistics for a specific interface or for all CPU traffic based upon the argument.
Page 338
M4100 Series ProSAFE Managed Switches Term Definition (continued) • Packets Received 512–1023 Octets - The total number of packets (including bad packets) received that were from 512 through 1023 octets in length inclusive (excluding framing bits but including FCS octets).
Page 339
M4100 Series ProSAFE Managed Switches Term Definition Receive Packets The number of inbound packets which were chosen to be discarded even though no errors had Discarded been detected to prevent their being deliverable to a higher-layer protocol. One possible reason for discarding such a packet could be to free up buffer space.
Page 340
M4100 Series ProSAFE Managed Switches Term Definition Packets • Total Packets Transmitted (Octets) - The total number of octets of data (including those Transmitted Octets in bad packets) received on the network (excluding framing bits but including FCS octets). This object can be used as a reasonable estimate of Ethernet utilization. If greater precision is desired, the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval.
Page 341
M4100 Series ProSAFE Managed Switches Term Definition Transmit Discards • Total Transmit Packets Discards - The sum of single collision frames discarded, multiple collision frames discarded, and excessive frames discarded. • Single Collision Frames - A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision.
Page 342
M4100 Series ProSAFE Managed Switches When you specify switchport, the command output displays the information that is shown in the following table. Term Definition Octets Received The total number of octets of data received by the processor (excluding framing bits but including FCS octets).
M4100 Series ProSAFE Managed Switches Term Definition VLAN Deletes The number of VLANs on this switch that have been created and then deleted since the last reboot. Time Since The elapsed time, in days, hours, minutes, and seconds since the statistics for this switch were Counters Last last cleared.
M4100 Series ProSAFE Managed Switches show fiber-ports optics-info This command displays the SFP vendor related information such as vendor name, serial number of the SFP, part number of the SFP. The values are derived from the SFP’s A0 table using the I C interface.
M4100 Series ProSAFE Managed Switches Field Description BR, nominal The nominal bit (signaling) rate (BR, nominal) is specified in units of 100 MBd, rounded off to the nearest 100 MBd. The bit rate includes those bits necessary to encode and delimit the signal as well as those bits carrying data information.
Page 346
M4100 Series ProSAFE Managed Switches The information that is shown in the following table displays if you do not enter a parameter, the keyword all, or the MAC address and VLAN ID. If you enter vlan <vlan-id>, only the Mac Address, Interface, and Status fields display.
M4100 Series ProSAFE Managed Switches Term Definition Total MAC Number of MAC addresses currently in the forwarding database. Addresses in use Total MAC Number of MAC addresses the forwarding database can handle. Addresses available process cpu threshold Use this command to configure the CPU utilization thresholds. The Rising and Falling thresholds are specified as a percentage of CPU resources.
M4100 Series ProSAFE Managed Switches Note: It is not necessarily the traffic to the CPU, but different tasks that keep the CPU busy. Format show process cpu Mode Privileged EXEC Command example: (NETGEAR Switch) #show process cpu Memory Utilization Report...
M4100 Series ProSAFE Managed Switches Total Rx High Alloc Attempts 384555 Total Tx Alloc Attempts 2478536 Total Rx Norm Alloc Failures Total Rx Mid2 Alloc Failures Total Rx Mid1 Alloc Failures Total Rx High Alloc Failures Total Tx Alloc Failures...
M4100 Series ProSAFE Managed Switches • If some, but not all, of the flags in that group are enabled, the command displays trapflags groupname flag-name. Format show running-config [all | <scriptname>] Mode Privileged EXEC show running-config interface This command shows the current configuration on a particular interface. The interface could be a physical port or a virtual port—like a LAG or VLAN.
M4100 Series ProSAFE Managed Switches • show version • show sysinfo • show port all • show isdp neighbors • show logging • show event log • show logging buffered • show trap log Format show tech-support Mode Privileged EXEC...
M4100 Series ProSAFE Managed Switches Format terminal length <number> Mode Privileged EXEC no terminal length Use this command to set the terminal length to the default value of 24 lines. Format no terminal length Mode Privileged EXEC show terminal length Use this command to display the value of the user-configured terminal length size.
M4100 Series ProSAFE Managed Switches Logging Commands This section describes the commands you use to configure system logging, and to view logs and the logging settings. logging buffered This command enables logging to an in-memory log that keeps up to 128 logs.
M4100 Series ProSAFE Managed Switches logging cli-command This command enables the CLI command logging feature, which enables logging of all CLI commands issued on the system. Default enabled Format logging cli-command Mode Global Config no logging cli-command This command disables the CLI command Logging feature.
M4100 Series ProSAFE Managed Switches Parameter Description The IP address or name of the logging host. <ipaddress> | <hostname> Indicates the type of address (IPv4, IPv6, or DNS). You can configure either an IPv4 <addresstype> or IPv6 address or a host name for a syslog collector among the list of servers.
M4100 Series ProSAFE Managed Switches Format logging syslog source-interface {<slot/port> | {loopback <loopback-id>} | {vlan <vlan-id>}} Mode Global Config Parameter Description VLAN or port-based routing interface. <slot/port> Configures the loopback interface to use as the source IP address. The range of loopback the loopback ID is 0 to 7.
M4100 Series ProSAFE Managed Switches show logging buffered This command displays buffered logging (system startup and system operation logs). Format show logging buffered Mode Privileged EXEC Term Definition Buffered Shows whether the In-Memory log is enabled or disabled. (In-Memory) Logging Buffered Logging The behavior of the In Memory log when faced with a log full situation.
M4100 Series ProSAFE Managed Switches Term Definition Number of Traps The number of traps since the last boot. Since Last Reset Trap Log The number of traps the system can retain. Capacity Number of Traps The number of new traps since the command was last executed.
M4100 Series ProSAFE Managed Switches Default Disabled; when enabled, log messages at or above severity warning (4) are emailed Format logging email [<severitylevel>] Mode Global Config no logging email This command disables email alerting. Format no logging email Mode Global Config...
M4100 Series ProSAFE Managed Switches no logging email message-type to-addr This command removes the configured to-addr field of email. Format no logging email message-type {urgent |non-urgent |both} to-addr <to-email-addr> Mode Global Config logging email from-addr This command configures the email address of the sender (that is, the switch).
M4100 Series ProSAFE Managed Switches logging email logtime This command configures how frequently non-urgent email messages are sent. Non-urgent messages are collected and sent in a batch email at the specified interval. The valid range is every 30- 440 minutes.
M4100 Series ProSAFE Managed Switches show logging email config This command displays information about the email alert configuration. Format show logging email config Mode Privileged EXEC Term Definition Email Alert Logging The administrative status of the feature: enabled or disabled Email Alert From Address The email address of the sender (the switch).
M4100 Series ProSAFE Managed Switches Term Definition No of Email Sent The number of email messages that were sent from the switch since the counter was cleared. Time Since Last Email The amount of time that has passed since the last email was sent from the Sent switch.
M4100 Series ProSAFE Managed Switches port (Mail Server Config) Use this command to configure the TCP port to use for communication with the SMTP server. For <portid>, you enter any nonstandard port in the range 1–65535. For TLSv1, the recommended port is number 465. If you do not use security, the recommended port is number 25.
M4100 Series ProSAFE Managed Switches Term Definition Email Alert The security protocol (TLS or none) the switch uses to authenticate with the SMTP Security Protocol server. Email Alert The username the switch uses to authenticate with the SMTP server. Username Email Alert The password the switch uses to authenticate with the SMTP server.
M4100 Series ProSAFE Managed Switches traceroute ipv6 Use the traceroute command to discover the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis. The IPv6 address or host name must be a valid. The optional <port> parameter is the UDP port used as the destination of packets sent as part of the traceroute.
M4100 Series ProSAFE Managed Switches clear counters This command clears the statistics for a specified <slot/port>, for all the ports, or for the entire switch based upon the argument. Format clear counters {<slot/port> | all} Mode Privileged EXEC clear igmpsnooping This command clears the tables managed by the IGMP Snooping function and attempts to delete these entries from the Multicast Forwarding Database.
M4100 Series ProSAFE Managed Switches enable password This command prompts you to change the Privileged EXEC password. Passwords are a maximum of 64 alphanumeric characters. The password is case-sensitive. The encrypted option allows you to transfer the enable password between devices without needing to know the password.
Page 370
(msec) min/avg/max = 274/279/276 Command example: The ping fails because the destination is unreachable: (NETGEAR Switch) # ping 192.168.254.222 count 3 interval 1 size 255 Pinging 192.168.254.222 with 255 bytes of data: Received Response: Unreachable Destination Received Response :Unreachable Destination Received Response :Unreachable Destination ----192.168.254.222...
Page 371
M4100 Series ProSAFE Managed Switches quit This command closes the current telnet connection or resets the current serial connection. The system asks you whether to save configuration changes before quitting. Format quit Modes • Privileged EXEC • User EXEC reload This command resets the switch without powering it off.
Page 372
M4100 Series ProSAFE Managed Switches You can use the copy command with the following options: copy {<url> | image1 | image2 | nvram:backup-config | nvram:clibanner | nvram:cpu-pkt-capture.pcap | nvram:errorlog | nvram:factory-defaults | nvram:log | nvram:script | nvram:startup-config | nvram:tech-support | nvram:traplog | system:running-config} {<url>...
Page 373
M4100 Series ProSAFE Managed Switches Parameters for the copy command are listed in the following table. Parameters for the copy command Table 1. Source Destination Description Uploads the Technical Support file. nvram:techsupport <url> Copies the backup configuration to the nvram:backup-config nvram:startup-config startup configuration.
M4100 Series ProSAFE Managed Switches Simple Network Time Protocol (SNTP) Commands This section describes the commands you use to automatically configure the system time and date by using SNTP. sntp broadcast client poll-interval This command sets the poll interval for SNTP broadcast clients in seconds as a power of two where <poll-interval>...
M4100 Series ProSAFE Managed Switches sntp client port This command sets the SNTP client port id to a value from 1-65,535. Default Format sntp client port <portid> Mode Global Config no sntp client port This command resets the SNTP client port back to its default value.
M4100 Series ProSAFE Managed Switches no sntp unicast client poll-timeout This command will reset the poll timeout for SNTP unicast clients to its default value. Format no sntp unicast client poll-timeout Mode Global Config sntp unicast client poll-retry This command will set the poll retry for SNTP unicast clients to a value from 0 to 10.
M4100 Series ProSAFE Managed Switches clock timezone When using SNTP/NTP time servers to update the switch’s clock, the time data received from the server is based on Coordinated Universal Time (UTC) which is the same as Greenwich Mean Time (GMT). This might not be the time zone in which the switch is located.
(Range: Up to four characters) Format clock summer-time date {<day> <month> <year> <hh:mm> <day> <month> <year> <hh:mm>} [offset <offset>] [zone <acronym>] Mode Global Config Command example: (NETGEAR Switch)(config)# clock summer-time date 1 Apr 2007 02:00 28 Oct 2007 offset 90 zone EST Utility Commands...
M4100 Series ProSAFE Managed Switches no clock summer-time Use this command to reset the summertime offset. Format no clock summer-time Mode Global Config Command example: (NETGEAR Switch)(config)#no clock summer-time show sntp This command is used to display SNTP settings and status.
M4100 Series ProSAFE Managed Switches Term Definition Port SNTP Client Port. Client Mode Configured SNTP Client Mode. show sntp server This command is used to display SNTP server settings and configured servers. Format show sntp server Mode Privileged EXEC Term...
M4100 Series ProSAFE Managed Switches Term Definition Total Unicast Number of requests to the server. Requests Failed Unicast Number of failed requests from server. Requests show clock Use the show clock command in Privileged EXEC or User EXEC mode to display the time and date from the system clock.
Page 383
M4100 Series ProSAFE Managed Switches no ip dhcp pool This command removes the DHCP address pool. The name should be previously configured pool name. Format no ip dhcp pool <name> Mode Global Config client-identifier This command specifies the unique identifier for a DHCP client. Unique-identifier is a valid notation in hexadecimal format.
Page 384
M4100 Series ProSAFE Managed Switches no client-name This command removes the client name. no client-name Format Mode DHCP Pool Config default-router This command specifies the default router list for a DHCP client. <address1> and <address2>…<address8> must be valid IP addresses, each made up of four decimal bytes ranging from 0 to 255.
Page 385
M4100 Series ProSAFE Managed Switches hardware-address This command specifies the hardware address of a DHCP client. Hardware-address is the MAC address of the hardware platform of the client consisting of 6 bytes in dotted hexadecimal format. Type indicates the protocol of the hardware platform. It is 1 for 10 MB Ethernet and 6 for IEEE 802.
M4100 Series ProSAFE Managed Switches Default 1 (day) Format lease [{<days> [<hours>] [<minutes>] | infinite}] Mode DHCP Pool Config no lease This command restores the default value of the lease time for DHCP Server. Format no lease Mode DHCP Pool Config...
M4100 Series ProSAFE Managed Switches no bootfile This command deletes the boot image name. Format no bootfile Mode DHCP Pool Config domain-name (DHCP Pool Config) This command specifies the domain name for a DHCP client. The <domain> argument specifies the domain name string of the client.
Page 388
M4100 Series ProSAFE Managed Switches netbios-node-type The command configures the NetBIOS node type for Microsoft Dynamic Host Configuration Protocol (DHCP) clients. The <type> parameter specifies the NetBIOS node type. Valid types are: • b-node—Broadcast • p-node—Peer-to-peer • m-node—Mixed • h-node—Hybrid (recommended)
M4100 Series ProSAFE Managed Switches option The option command configures DHCP server options. The <code> parameter specifies the DHCP option code and ranges from 1-254. The <ascii string> parameter specifies an NVT ASCII character string. ASCII character strings that contain white space must be delimited by quotation marks.
M4100 Series ProSAFE Managed Switches ip dhcp ping packets Use this command to specify the number of packets, in a range from 2-10, that a DHCP server sends to a pool address as part of a ping operation. By default, the number of packets sent to a pool address is 2, which is the smallest allowed number when sending packets.
M4100 Series ProSAFE Managed Switches no ip dhcp bootp automatic This command disables the allocation of the addresses to the bootp client. The address are from the automatic address pool. Format no ip dhcp bootp automatic Mode Global Config ip dhcp conflict logging This command enables conflict logging on DHCP server.
M4100 Series ProSAFE Managed Switches clear ip dhcp conflict The command is used to clear an address conflict from the DHCP Server database. The server detects conflicts using a ping. DHCP server clears all conflicts If the asterisk (*) character is used as the address parameter.
M4100 Series ProSAFE Managed Switches show ip dhcp pool configuration This command displays pool configuration. If all is specified, configuration for all the pools is displayed. Format show ip dhcp pool configuration {<name> | all} Modes • Privileged EXEC •...
M4100 Series ProSAFE Managed Switches Field Definition Automatic The number of IP addresses that have been automatically mapped to the MAC Bindings addresses of hosts that are found in the DHCP database. Expired Bindings The number of expired leases. Malformed The number of truncated or corrupted messages that were received by the DHCP server.
M4100 Series ProSAFE Managed Switches Term Definition Detection The manner in which the IP address of the hosts were found on the DHCP Server. Method Detection time The time when the conflict was found. DNS Client Commands These commands are used in the Domain Name System (DNS), an Internet directory service.
M4100 Series ProSAFE Managed Switches no ip domain name Use this command to remove the default domain name configured using the ip domain name command. Format no ip domain name Mode Global Config ip domain list Use this command to define a list of default domain names to complete unqualified names.
M4100 Series ProSAFE Managed Switches ip host Use this command to define static host name-to-address mapping in the host cache. The <name> parameter is the host name. The <ip address> parameter is the IP address of the host. Default none Format ip host <name>...
M4100 Series ProSAFE Managed Switches no ip domain retry Use this command to return to the default. Format no ip domain retry <number> Mode Global Config ip domain timeout Use this command to specify the amount of time to wait for a response to a DNS query. The <seconds>...
M4100 Series ProSAFE Managed Switches show hosts Use this command to display the default domain name, a list of name server hosts, the static and the cached list of host names and addresses <name> ranges from 1-255 characters. This command displays both IPv4 and IPv6 entries.
M4100 Series ProSAFE Managed Switches Packet Capture Commands Packet capture commands assist in troubleshooting protocol-related problems with the management CPU. The packets to and from the management CPU can be captured in an internally allocated buffer area for export to a PC host for protocol analysis. Public domain packet analysis tools like Ethereal can be used to decode and review the packets in detail.
M4100 Series ProSAFE Managed Switches Parameter Description In remote capture mode, the captured packets are redirected in real time to an remote ® ® external computer running the Wireshark tool for Microsoft Windows . A packet capture server runs on the switch side and sends the captured packets via a TCP connection to the Wireshark tool.
M4100 Series ProSAFE Managed Switches capture file size Use this command to configure file capture options. The command is persistent across a reboot cycle. The range is from 2 to 512 Kbytes. Default 512 Kbytes Format capture file size <file-size>...
M4100 Series ProSAFE Managed Switches Format show capture packets Mode Privileged EXEC Serviceability Packet Tracing Commands These commands improve the capability of network engineers to diagnose conditions affecting their managed switch product. CAUTION: The output of the debug commands can be long and might adversely affect system performance.
M4100 Series ProSAFE Managed Switches no debug auto-voip Use this command to disable Auto VoIP debug messages. Format no debug auto-voip Mode Privileged EXEC debug clear This command disables all previously enabled debug traces. Default disabled Format debug clear Mode...
M4100 Series ProSAFE Managed Switches • Event logging • Persistent logging • System Information (output of sysapiMbufDump) • Message Queue Debug Information • Memory Debug Information • Memory Debug Status • OS Information (output of osapiShowTasks) • /proc information (meminfo, cpuinfo, interrupts, version and net/sockstat) Format debug crashlog {[kernel] <crashlog-number>...
M4100 Series ProSAFE Managed Switches debug dot1x packet Use this command to enable dot1x packet debug trace. Default disabled Format debug dot1x Mode Privileged EXEC no debug dot1x packet Use this command to disable dot1x packet debug trace. Format no debug dot1x...
M4100 Series ProSAFE Managed Switches Command example: (NETGEAR Switch) #debug igmpsnooping packet transmit <15> JAN 01 02:45:06 192.168.17.29-1 IGMPSNOOP[185429992]: igmp_snooping_debug.c(116) 908 % Pkt TX - Intf: 0/20(20), Vlan_Id:1 Src_Mac: 00:03:0e:00:00:00 Dest_Mac: 01:00:5e:00:00:01 Src_IP: 9.1.1.1 Dest_IP: 225.0.0.1 Type: V2_Membership_Report Group: 225.0.0.1 The parameters that are shown in the following table are displayed in the trace message.
M4100 Series ProSAFE Managed Switches Command example: (NETGEAR Switch) #debug igmpsnooping packet receive <15> JAN 01 02:45:06 192.168.17.29-1 IGMPSNOOP[185429992]: igmp_snooping_debug.c(116) 908 % Pkt RX - Intf: 0/20(20), Vlan_Id:1 Src_Mac: 00:03:0e:00:00:10 Dest_Mac: 01:00:5e:00:00:05 Src_IP: 11.1.1.1 Dest_IP: 225.0.0.5 Type: Membership_Query Group: 225.0.0.5 The parameters that are shown in the following table are displayed in the trace message.
M4100 Series ProSAFE Managed Switches no debug ip acl Use this command to disable debug of IP Protocol packets matching the ACL criteria. Format no debug ip acl <acl-number> Mode Privileged EXEC debug ip dvmrp packet Use this command to trace DVMRP packet reception and transmission. If you use the receive option, only received DVMRP packets are traced.
M4100 Series ProSAFE Managed Switches no debug ip igmp packet Use this command to disable debug tracing of IGMP packet reception and transmission. Format no debug ip igmp packet [receive | transmit] Mode Privileged EXEC debug ip mcache packet Use this command for tracing MDATA packet reception and transmission. If you use the receive option, only received MDATA packets are traced.
M4100 Series ProSAFE Managed Switches no debug ip pimdm packet Use this command to disable debug tracing of PIMDM packet reception and transmission. Format no debug ip pimdm packet [receive | transmit] Mode Privileged EXEC debug ip pimsm packet Use this command to trace PIMSM packet reception and transmission. Use this command to trace PIMSM packet reception and transmission.
M4100 Series ProSAFE Managed Switches debug ipv6 dhcp Use this command to display debug information about DHCPv6 client activities and trace DHCPv6 packets to and from the local DHCPv6 client. Default disabled Format debug ipv6 dhcp Mode Privileged EXEC no ipv6 debug dhcp Use this command to disable the display of debug trace output for DHCPv6 client activity.
M4100 Series ProSAFE Managed Switches Default disabled Format debug ipv6 mld packet [receive | transmit] Mode Privileged EXEC no debug ipv6 mld packet Use this command to disable debug tracing of MLDv6 packet reception and transmission. Format no debug ipv6 mld packet [receive | transmit]...
M4100 Series ProSAFE Managed Switches Default disabled Format debug ipv6 pimsm packet [receive | transmit] Mode Privileged EXEC no debug ipv6 pimsm packet Use this command to disable debug tracing of PIMSMv6 packet reception and transmission. Format no debug ipv6 pimsm packet [receive | transmit]...
M4100 Series ProSAFE Managed Switches Default disabled Format debug mldsnooping packet [receive | transmit] Mode Privileged EXEC no debug mldsnooping packet Use this command to disable debug tracing of MLD snooping packet reception and transmission. Format no debug mldsnooping packet [receive | transmit]...
Page 416
M4100 Series ProSAFE Managed Switches The parameters that are shown in the following table are displayed in the trace message. Parameter Definition TX/RX TX refers to a packet transmitted by the device. RX refers to packets received by the device.
M4100 Series ProSAFE Managed Switches For LS_REQ packet field definitions, the parameter that is shown in the following table is displayed in the trace message. Field Definition Length Length of packet For LS_UPD packet field definitions, the parameter that is shown in the following table is displayed in the trace message.
M4100 Series ProSAFE Managed Switches debug ping packet This command enables tracing of ICMP echo requests and responses. The command traces pings on the network port or service port for switching packages. For routing packages, pings are traced on the routing ports as well.
M4100 Series ProSAFE Managed Switches debug rip packet This command turns on tracing of RIP requests and responses. This command takes no options. The output is directed to the log file. Default disabled Format debug rip packet Mode Privileged EXEC...
M4100 Series ProSAFE Managed Switches no debug rip packet This command disables tracing of RIP requests and responses. Format no debug rip packet Mode Privileged EXEC debug sflow packet Use this command to enable sFlow debug packet trace. Default disabled...
M4100 Series ProSAFE Managed Switches debug spanning-tree bpdu receive This command enables tracing of spanning tree BPDUs received by the switch. Spanning tree should be enabled on the device and on the interface in order to monitor packets for a particular interface.
M4100 Series ProSAFE Managed Switches debug spanning-tree bpdu transmit This command enables tracing of spanning tree BPDUs transmitted by the switch. Spanning tree should be enabled on the device and on the interface in order to monitor packets on a particular interface.
M4100 Series ProSAFE Managed Switches debug udld packet This command enables debugging on the received and transmitted UDLD PDUs. Default Disabled Format default udld packet receive Mode Privileged EXEC no debug udld packet This command disables debugging on the received and transmitted UDLD PDUs.
M4100 Series ProSAFE Managed Switches no debug udld packet transmit This command enables debugging on the transmitted UDLD PDUs. Format debug udld packet transmit Mode Privileged EXEC debug aaa accounting This command is useful for debugging accounting configuration and functionality in User Manager.
M4100 Series ProSAFE Managed Switches Cable Test Command The cable test feature enables you to determine the cable connection status on a selected port. Note: The cable test feature is supported only for copper cable. It is not supported for optical fiber cable. If the port has an active link while the cable test is run, the link can go down for the duration of the test.
M4100 Series ProSAFE Managed Switches sflow receiver Use this command to configure the sFlow collector parameters (owner string, receiver time-out, maximum datagram size, IP address, and port) for a poller. Format sflow receiver <rcvr_idx> {owner <owner-string> {timeout <rcvr_timeout> | notimeout} | maxdatagram <size> | ip <ip> | port <port>}...
M4100 Series ProSAFE Managed Switches sflow sampler A data source configured to collect flow samples is called a poller. Use this command to configure a new sFlow sampler instance for this data source if <rcvr-idx> is valid. Format sflow sampler {<rcvr-indx> | rate <sampling-rate> | maxheadersize <size>}...
M4100 Series ProSAFE Managed Switches sflow poller A data source configured to collect counter samples is called a poller. Use this command to enable a new sFlow poller instance for this data source if <rcvr-idx> is valid. Format sflow poller {<rcvr-indx> | interval <poll-interval>}...
M4100 Series ProSAFE Managed Switches Command example: (NETGEAR Switch) #show sflow agent sFlow Version........1.3;Netgear;1.0 IP Address........10.131.12.66 show sflow pollers Use this command to display the sFlow polling instances created on the switch. Use “-” for range. Format show sflow pollers...
M4100 Series ProSAFE Managed Switches Field Description Address Type The sFlow receiver IP address type. For an IPv4 address, the value is 1 and for an IPv6 address, the value is 2. Datagram The sFlow protocol version to be used while sending samples to sFlow receiver.
M4100 Series ProSAFE Managed Switches IP Address Conflict Commands ip address-conflict-detect run This command triggers the switch to run active address conflict detection by sending gratuitous ARP packets for IPv4 addresses on the switch. Note: This command takes effect only once after it is executed and cannot be saved across power cycles.
M4100 Series ProSAFE Managed Switches RMON Stats and History Commands The various MIBs within RFC 2819, 3273, and 3434 are arranged into groups. The managed switch supports some of the groups in these RFCs but not all. The managed switch complies with MODULE-COMPLIANCE and OBJECT-GROUP definitions within these RFCs for supporting individual groups.
M4100 Series ProSAFE Managed Switches Group 2 - High Capacity Alarm Capabilities Group Describes the high capacity alarm capabilities provided by the agent. Group 3 - High Capacity Alarm Notifications Group Provides new rising and falling threshold notifications for high capacity objects.
M4100 Series ProSAFE Managed Switches rmon hcalarm This command sets the RMON hcalarm entry in the High Capacity RMON alarm MIN group. Format rmon hcalarm <alarm-number> <variable> <sample-interval> <sampling-type> {rising-threshold high <value>} {rising-threshold low <value>} {falling-threshold high <value>} {falling-threshold low <value>} [startup {rising | falling | rising-falling}] [owner...
M4100 Series ProSAFE Managed Switches rmon event This command sets the RMON event entry in the RMON event MIB group. Format rmon event <event-number> [description <string> | log | owner <string> | trap <community>] Mode Global Config Parameter Description <event number> An index number that uniquely identifies an entry in the event table. Each such entry defines one event that is to be generated when the appropriate conditions occur.
This command displays the specified entry in the RMON history table. Format show rmon history <index> {errors | other | throughput} Mode Privileged Exec Command example: (NETGEAR Switch) # show rmon history 1 throughput Sample set: 1 Maximum table size: 270 Time Octets Packets...
M4100 Series ProSAFE Managed Switches UniDirectional Link Detection Commands The UDLD feature detects unidirectional links physical ports. A unidirectional link is a forwarding anomaly in a Layer 2 communication channel in which a bidirectional link stops passing traffic in one direction. UDLD must be enabled on both sides of the link in order to detect a unidirectional link.
M4100 Series ProSAFE Managed Switches udld enable (Interface Config) This command enables UDLD on the specified interface. Default disabled Format udld enable Mode Interface Config no udld enable (Interface Config) This command disables UDLD on the specified interface. Format no udld enable...
M4100 Series ProSAFE Managed Switches If you do not enter a value for the <slot/port> parameter, the command output displays the fields that are shown in the following table. Term Definition Admin Mode The global administrative mode of UDLD. Message Interval The time period (in seconds) between the transmission of UDLD probe packets.
M4100 Series ProSAFE Managed Switches Parameter Description Device Status This field specifies the current status of device. Following are possible device status states: • Active. Device is plugged in and the device is recognized if device is not mounted. •...
Page 442
M4100 Series ProSAFE Managed Switches Parameter Description Filename File name Filesize File size Total Size USB flash device storage size Bytes Used Indicates size of memory used on the device. Bytes Free Indicates size of memory free on the device...
Management Commands This chapter describes the management commands available in the managed switch CLI. The chapter contains the following sections: • Switch Management CPU Commands • Management Interface Commands • Console Port Access Commands • Telnet Commands • Secure Shell (SSH) Commands •...
M4100 Series ProSAFE Managed Switches Switch Management CPU Commands To manage the switch via the web GUI or telnet, an IP address needs to be assigned to the switch management CPU. Whereas there are CLI commands that can be used to do this, ezconfig simplifies the task.
Page 445
M4100 Series ProSAFE Managed Switches The following is an example of an ezconfig session. NETGEAR EZ Configuration Utility -------------------------------- Hello and Welcome! This utility will walk you thru assigning the IP address for the switch management CPU. It will allow you to save the changes at the end. After the session, simply use the newly assigned IP address to access the Web GUI using any public domain Web browser.
M4100 Series ProSAFE Managed Switches Management Interface Commands This section describes the commands you use to configure a logical interface for management access. enable (Privileged EXEC access) Use this command to access the Privileged EXEC mode. From the Privileged EXEC mode, you can configure the network interface.
M4100 Series ProSAFE Managed Switches A locally administered address must have bit 6 On (b'1') and bit 7 Off (b'0'). Format network mac-address <macaddr> Mode Privileged EXEC network mac-type Use this command to specify whether the switch uses the burned in MAC address or the locally administered MAC address.
M4100 Series ProSAFE Managed Switches show network Use this command to display configuration settings associated with the switch’s network interface. The network interface is the logical interface used for in-band connectivity with the switch via any of the switch's front panel ports. The configuration parameters associated with the switch's network interface do not affect the configuration of the front panel ports through which traffic is switched or routed.
M4100 Series ProSAFE Managed Switches Command example: This output is for the network port: (NETGEAR Switch) #show network Interface Status....... Always Up IP Address........10.250.3.1 Subnet Mask........255.255.255.0 Default Gateway........ 10.250.3.3 IPv6 Administrative Mode....... Enabled IPv6 Address/Length is ......FE80::210:18FF:FE82:337/64 IPv6 Address/Length is ......
M4100 Series ProSAFE Managed Switches serial baudrate Use this command to specify the communication rate of the terminal interface. The supported rates are 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200. Default 115200 Format serial baudrate {1200 | 2400 | 4800 | 9600 | 19200 | 38400 | 57600 |...
M4100 Series ProSAFE Managed Switches no login authentication Use this command to return to the default specified by the login authentication command. Format no login authentication {default | <list-name>} Mode Line Config enable authentication Use this command in line configuration mode to specify an authentication method list when the user accesses a higher privilege level in remote telnet or console.
M4100 Series ProSAFE Managed Switches Term Definition Stop Bits The number of Stop bits per character. The number of Stop bits is always 1. Parity Type The parity method used on the serial port. The parity method is always None.
M4100 Series ProSAFE Managed Switches transport input telnet Use this command to regulate new Telnet sessions. If enabled, new Telnet sessions can be established until there are no more sessions available. An established session remains active until the session is ended or an abnormal network error ends the session.
M4100 Series ProSAFE Managed Switches session-limit Use this command to specify the maximum number of simultaneous outbound Telnet sessions. A value of 0 indicates that no outbound Telnet session can be established. Default Format session-limit <0-5> Mode Line Config no session-limit Use this command to set the maximum number of simultaneous outbound Telnet sessions to the default value.
M4100 Series ProSAFE Managed Switches no telnetcon maxsessions Use this command to set the maximum number of Telnet connection sessions that can be established to the default value. Format no telnetcon maxsessions Mode Privileged EXEC telnetcon timeout Use this command to set the Telnet connection session time-out value, in minutes. A session is active as long as the session has not been idle for the value set.
M4100 Series ProSAFE Managed Switches show telnet Use this command to display the current outbound Telnet settings. In other words, these settings apply to Telnet connections initiated from the switch to a remote system. Format show telnet Modes • Privileged EXEC •...
M4100 Series ProSAFE Managed Switches Secure Shell (SSH) Commands This section describes the commands you use to configure SSH access to the switch. Use SSH to access the switch from a remote management host. Note: The system allows a maximum of five SSH sessions.
M4100 Series ProSAFE Managed Switches sshcon maxsessions Use this command to specify the maximum number of SSH connection sessions that can be established. A value of 0 indicates that no ssh connection can be established. The range is 0–5. Default Format sshcon maxsessions <0-5>...
M4100 Series ProSAFE Managed Switches show ip ssh Use this command to display the ssh settings. Format show ip ssh Mode Privileged EXEC Term Definition Administrative This field indicates whether the administrative mode of SSH is enabled or disabled. Mode...
M4100 Series ProSAFE Managed Switches no crypto certificate generate Use this command to delete the HTTPS certificate files from the device, regardless of whether they are self-signed or downloaded from an outside source. Format no crypto certificate generate Mode Global Config crypto key generate rsa Use this command to generate an RSA key pair for SSH.
M4100 Series ProSAFE Managed Switches ip http server Use this command to enable access to the switch through the Web interface. When access is enabled, the user can login to the switch from the Web interface. When access is disabled, the user cannot login to the switch’s web server.
M4100 Series ProSAFE Managed Switches no ip http java Use this command to disable the Web Java mode. The Java mode applies to both secure and unsecure web connections. Format no ip http java Mode Privileged EXEC ip http session hard-timeout Use this command to configure the hard time-out for unsecure HTTP sessions in hours.
M4100 Series ProSAFE Managed Switches Term Definition Tacacs Uses the list of all TACACS servers for authentication. None Uses no authentication. no ip http authentication Use this command to restore the authentication methods to the default. Format no ip http authentication <method1> [<method2> ...]...
M4100 Series ProSAFE Managed Switches no ip http session soft-timeout Use this command to reset the soft time-out for unsecure HTTP sessions to the default value. Format no ip http session soft-timeout Mode Privileged EXEC ip http secure-session maxsessions Use this command to limit the number of secure HTTP sessions. Zero is the configurable minimum.
M4100 Series ProSAFE Managed Switches ip http secure-session hard-timeout Use this command to configure the hard time-out for secure HTTP sessions in hours. When the time-out expires, the user must reauthenticate. This timer begins on initiation of the web session and is unaffected by the activity level of the connection. The secure session hard time-out cannot be set to zero (infinite).
M4100 Series ProSAFE Managed Switches ip http secure-port Use this command to set the SSL port where port can be 1-65535 and the default is port 443. Default Format ip http secure-port <portid> Mode Privileged EXEC no ip http secure-port Use this command to reset the SSL port to the default value.
M4100 Series ProSAFE Managed Switches Term Definition Secure Port The secure HTTP server port number. Secure Protocol Level(s) The protocol level might have the values of SSL3, TSL1, or both SSL3 and TSL1. Maximum Allowable HTTPS The number of allowable secure http sessions.
M4100 Series ProSAFE Managed Switches Field Definition Session Time Total time this session has been connected. Session Type Shows the type of session, which can be HTTP, HTTPS, telnet, serial, or SSH. User Account Commands This section describes the commands you use to add, manage, and delete system users.
M4100 Series ProSAFE Managed Switches Term Definition encrypted Encrypted password you enter, copied from another device configuration. override-complexity Disables the validation of the password strength. -check no username Use this command to remove a user account. Format no username <username>...
M4100 Series ProSAFE Managed Switches username snmpv3 accessmode Use this command to specify the SNMPv3 access privileges for the specified login user. The valid accessmode values are readonly and readwrite. The <username> is the login user name for which the specified access mode applies. The default is readwrite for the “admin”...
M4100 Series ProSAFE Managed Switches username snmpv3 encryption Use this command to specify the encryption protocol used for the specified user. The valid encryption protocols are des and none. If you select des, you can specify the required key on the command line. The encryption key must be 8–64 characters long.
M4100 Series ProSAFE Managed Switches Term Definition SNMPv3 The authentication protocol to be used for the specified login user. Authentication SNMPv3 The encryption protocol to be used for the specified login user. Encryption show users accounts Use this command to display the local user status about user account lockout and password aging.
M4100 Series ProSAFE Managed Switches Password Expiry........ --- Lockout........False Override Complexity Check...... Disable Password Strength......--- show users long Use this command to display the user’s full name. Format show users long Mode Privileged EXEC Term Definition User Name The full name of the user.
M4100 Series ProSAFE Managed Switches no passwords min-length Use this command to set the minimum password length to the default value. Format no passwords min-length Mode Global Config passwords history Use this command to set the number of previous passwords that shall be stored for each user account.
M4100 Series ProSAFE Managed Switches passwords lock-out Use this command to strengthen the security of the switch by locking user accounts that have failed login due to wrong passwords. When a lockout count is configured, a user that is logged in must enter the correct password within that count. Otherwise the user will be locked out from further switch access.
M4100 Series ProSAFE Managed Switches Default Format passwords strength minimum uppercase-letters <number> Mode Global Config no passwords strength minimum uppercase-letters Use this command to reset the minimum number of uppercase letters to the default value. Format no passwords strength minimum uppercase-characters...
M4100 Series ProSAFE Managed Switches no passwords strength minimum numeric-characters Use this command to reset the minimum number of numeric characters to the default value. Format no passwords strength minimum numeric-characters Mode Global Config passwords strength minimum special-characters Use this command to enforce a minimum number of special characters that a password should contain.
M4100 Series ProSAFE Managed Switches passwords strength maximum repeated-characters Use this command to enforce a maximum number of repeated characters that a password should contain. An example of repeated characters is aaaa. The valid range is 0-16. If a password has a repetition of characters more than the configured limit, it fails to configure.
M4100 Series ProSAFE Managed Switches no passwords strength exclude-keyword Use this command to reset the restriction for the specified keyword or all the keywords configured. Format no passwords strength exclude-keyword [<keyword>] Mode Global Config show passwords configuration Use this command to display the configured password management settings.
M4100 Series ProSAFE Managed Switches show passwords result Use this command to display the last password set result information. Format show passwords result Mode Privileged EXEC Term Definition Last User Whose Shows the name of the user with the most recently set password.
Uses the list of all RADIUS servers for authentication. • tacacs. Uses the list of all TACACS servers for authentication. Command example: (NETGEAR Switch)(config)# aaa authentication login default radius local enable none no aaa authentication login Use this command to remove authentication at login. Format no aaa authentication login {default | <list-name>}...
M4100 Series ProSAFE Managed Switches Parameter Description Uses the listed authentication methods that follow this argument as the default list of default methods, when using higher privilege levels. Character string used to name the list of authentication methods activated, when using <list-name>...
M4100 Series ProSAFE Managed Switches no aaa authentication dot1x Use this command to remove the authentication at login. Format no aaa authentication dot1x default Mode Global Config aaa accounting The command creates an accounting method list. This list is identified by the default keyword or by a user-specified <list-name>.
M4100 Series ProSAFE Managed Switches no aaa accounting This command deletes the accounting method list. Format no aaa accounting {exec | commands} {default | <list-name>} Mode Global Config accounting (console/Telnet/SSH) This command applies the accounting method list to a line configuration (console/Telnet/SSH).
M4100 Series ProSAFE Managed Switches Term Definition The default list of methods for authorization services. default Alphanumeric character string used to name the list of authorization methods. <list-name> no ip http/https accounting exec This command deletes the authorization method list.
M4100 Series ProSAFE Managed Switches Commands UserCmdAudit start-stop TACACS Line EXEC Method List Command Method List --------- -------------------- -------------------- Console none none Telnet none none none none HTTPS none none HTTP none none aaa authorization The command creates an authorization method list. This list is identified by the default keyword or by a user-specified <list-name>.
M4100 Series ProSAFE Managed Switches no aaa authorization This command deletes the authorization method list. Format no aaa authorization {exec | commands} {default | <list-name>} <method1> [<method2>…] Mode Global Config authorization (console/Telnet/SSH) To apply the command authorization method list to an access method (console/Telnet/SSH).
M4100 Series ProSAFE Managed Switches Exec Authorization List Method ---------------------------- ------------------------------ dfltExecAuthList none undefined undefined undefined Line Exec Method List --------- --------------------- Console dfltExecAuthList Telnet dfltExecAuthList dfltExecAuthList domain-name (Global Config) The managed switch supports authentication based on domain name, in addition to the user name and password.
M4100 Series ProSAFE Managed Switches no domain-name enable This command disables the domain name functionality. Format no domain-name enable Mode Global Config show domain-name This command displays the configured domain-name. Format show domain-name Mode Privileged EXEC Command example: (NETGEAR Switch) #show domain-name...
M4100 Series ProSAFE Managed Switches Parameter Definition Use the same session ID for all AAA Service types. common Use a unique session ID for AAA Service types. unique no aaa session-id This command resets the AAA session ID behavior to default.
M4100 Series ProSAFE Managed Switches show aaa ias-users Use this command to display configured IAS users and their attributes. Passwords configured are not shown in the show command output. Format show aaa ias-users Mode Privileged EXEC SNMP Commands This section describes the commands you use to configure Simple Network Management Protocol (SNMP) on the switch.
M4100 Series ProSAFE Managed Switches no snmp-server community Use this command to remove this community name from the table. The <name> is the community name to be deleted. Format no snmp-server community <name> Mode Global Config snmp-server community ipaddr Use this command to set a client IP address for an SNMP community. The address is the...
M4100 Series ProSAFE Managed Switches no snmp-server community ipmask Use this command to set a client IP mask for an SNMP community to 0.0.0.0. The name is the applicable community name. The community name might be up to 16 alphanumeric characters.
M4100 Series ProSAFE Managed Switches snmp-server community rw Use this command to restrict access to switch information. The access mode is read/write (also called private). Format snmp-server community rw <name> Mode Global Config snmp-server enable traps violation Use this command to enable sending new violation traps designating when a packet with a disallowed MAC address is received on a locked port.
M4100 Series ProSAFE Managed Switches snmp-server enable traps linkmode Use this command to enable Link Up/Down traps for the entire switch. When enabled, link traps are sent only if the Link Trap flag setting associated with the port is enabled. For more...
M4100 Series ProSAFE Managed Switches no snmp-server enable traps stpmode Use this command to disable sending new root traps and topology change notification traps. Format no snmp-server enable traps stpmode Mode Global Config snmptrap Use this command to add an SNMP trap receiver. The maximum length of <name> is 16 case-sensitive alphanumeric characters.
M4100 Series ProSAFE Managed Switches Note: This command does not support a no form. Default snmpv2 Format snmptrap snmpversion <name> {<ipaddr> | <hostname>} | {<ip6addr> | <hostname>} {snmpv1 | snmpv2} Mode Global Config snmptrap ipaddr Use this command to assign an IP address to a specified community name. The name can use up to 16 case-sensitive alphanumeric characters.
M4100 Series ProSAFE Managed Switches snmp trap link-status Use this command to enable link status traps by interface. Note: This command is valid only when the Link Up/Down Flag is enabled. For more information, see snmp-server enable traps linkmode page 495.
M4100 Series ProSAFE Managed Switches Format no snmp trap link-status all Mode Global Config show snmpcommunity Use this command to display SNMP community information. Six communities are supported. You can add, change, or delete communities. The switch does not need to be reset for changes to take effect.
M4100 Series ProSAFE Managed Switches Field Definition SNMP Trap The community string of the SNMP trap packet sent to the trap manager. The string is Name case-sensitive and can be up to 16 alphanumeric characters. IP Address The IPv4 address to receive SNMP traps from this device.
M4100 Series ProSAFE Managed Switches Field Definition OSPFv2 Traps Can be enabled or disabled. The factory default is disabled. Indicates whether OSPF traps are sent. If any of the OSPF trap flags are not enabled, the command displays disabled. Otherwise, the command shows all the enabled OSPF traps’ information.
Format no radius server attribute 4 [<ipaddr>] Mode Global Config Command example: (NETGEAR Switch) (Config) #radius server attribute 4 192.168.37.60 Command example: (NETGEAR Switch) (Config) #radius server attribute 4 radius server host This command configures the IP address or DNS name to use for communicating with the RADIUS server of a selected server type.
Page 503
M4100 Series ProSAFE Managed Switches default names, respectively. The same name can be configured for more than one authenticating servers and the name should be unique for accounting servers. The RADIUS client allows the configuration of a maximum 32 authenticating and accounting servers.
M4100 Series ProSAFE Managed Switches Parameter Description The IP address of the server. <ipaddr> The DNS name of the server. <dnsname> The password in encrypted format. <password> Command example: radius server key acct 10.240.4.10 encrypted <encrypt-string> radius server msgauth Use this command to enable the message authenticator attribute to be used for the specified RADIUS Authenticating server.
M4100 Series ProSAFE Managed Switches Parameter Description The IP address of the RADIUS Authenticating server. <ipaddr> The DNS name of the server. <dnsname> radius server retransmit Use this command to configure the global parameter for the RADIUS client that specifies the number of transmissions of the messages to be made before attempting the fall back server upon unsuccessful communication with the current RADIUS authenticating server.
M4100 Series ProSAFE Managed Switches no radius server timeout Use this command to set the timeout global parameter to the default value. Format no radius server timeout Mode Global Config show radius Use this command to display the values configured for the global parameters of the RADIUS client.
M4100 Series ProSAFE Managed Switches Time Duration........... 10 RADIUS Accounting Mode........Disable RADIUS Attribute 4 Mode......... Enable RADIUS Attribute 4 Value ....... 192.168.37.60 show radius servers Use this command to display the summary and details of RADIUS authenticating servers configured for the RADIUS client.
Page 509
Primary 192.168.37.202 Network3_RADIUS_Server Secondary 192.168.37.203 Network4_RADIUS_Server Primary Command example: (NETGEAR Switch) #show radius servers name Default_RADIUS_Server Server Name......Default_RADIUS_Server Host Address......192.168.37.58 Secret Configured...... No Message Authenticator ....Enable Number of Retransmits....4 Time Duration......10 RADIUS Accounting Mode....Disable RADIUS Attribute 4 Mode....
The number of RADIUS packets received from this server on the accounting port and dropped for some other reason. Command example: (NETGEAR Switch) #show radius accounting statistics 192.168.37.200 RADIUS Accounting Server Name....Default_RADIUS_Server Host Address........192.168.37.200 Round Trip Time....... 0.00 Requests........
M4100 Series ProSAFE Managed Switches no tacacs-server host Use this command to delete the specified TACACS+ server. The <ip-address> or <hostname> parameter is the IP address or host name of the TACACS+ server. Format no tacacs-server host {<ip-address> | <hostname>}...
M4100 Series ProSAFE Managed Switches tacacs-server source interface Use this command in Global Configuration mode to configure the global source interface (source IP selection) for all TACACS+ communications between the TACACS+ client and the server. Format tacacs-server source-interface {<slot/port> | loopback <loopback-id>...
M4100 Series ProSAFE Managed Switches key (TACACS Config) Use the key command in TACACS Configuration mode to specify the authentication and encryption key for all TACACS communications between the device and the TACACS server. This key must match the key used on the TACACS daemon. The <key-string> parameter specifies the key name.
M4100 Series ProSAFE Managed Switches show tacacs Use this command to display the configuration and statistics of a TACACS+ server. Format show tacacs [<ip-address> | <hostname>] Mode Privileged EXEC Field Definition Host Address The IP address or hostname of the configured TACACS+ server.
M4100 Series ProSAFE Managed Switches The following lines show an example of a script: ! Script file for displaying management access show telnet !Displays the information about remote connections ! Display information about direct connections show serial ! End of the script file! To specify a blank password for a user in the configuration script, you must specify it as a space within quotes.
M4100 Series ProSAFE Managed Switches Term Definition Configuration Script Name of the script. Size Privileged EXEC script show Use this command to display the contents of a script file, which is named <scriptname>. Format script show <scriptname> Mode Privileged EXEC...
M4100 Series ProSAFE Managed Switches Format copy <url> nvram:clibanner copy nvram:clibanner <url> Mode Privileged EXEC set prompt Use this command to change the name of the prompt. The length of name might be up to 64 alphanumeric characters. Format set prompt <prompt_string>...
Green Ethernet Commands This chapter describes the green Ethernet commands available in the managed switch CLI. The chapter contains the following sections: • Green Feature Support • Energy-Detect Mode • Energy Efficient Ethernet (EEE) • Green Ethernet Commands...
M4100 Series ProSAFE Managed Switches Green Feature Support The NETGEAR Managed switch supports the following green Ethernet power saving modes: • Energy Detect Mode • EEE Mode The green Ethernet commands supported depends on the switch model. Table 2. Green feature support...
M4100 Series ProSAFE Managed Switches Energy Efficient Ethernet (EEE) Energy Efficient Ethernet (EEE) combines MAC with ports that support operation in a Low-Power Mode. This feature is defined by the IEEE 802.3az Energy Efficient Ethernet Task Force. Lower Power Mode enables both send and receive sides of a link to disable some port functionality to save power when the port is lightly loaded.
M4100 Series ProSAFE Managed Switches green-mode eee This command enables EEE low-power idle mode on an interface or on all interfaces. It allows both send and receive sides of a link to disable some functionality for power savings when the port is lightly loaded. Transition to Low-Power Mode does not change the link status.
M4100 Series ProSAFE Managed Switches show green-mode This command displays the green mode configuration and operational status either for the whole system or for a port. This command can display the per-port configuration and operational status of the green mode. The status is shown only for the modes supported on the switch.
Page 527
M4100 Series ProSAFE Managed Switches Field Definition Reason for Energy-detect The energy detect mode might be administratively enabled, but the operational current operational status status might be inactive. The reasons for the same are: Port is currently operating in the fiber mode Link is up.
Page 528
M4100 Series ProSAFE Managed Switches Field Definition Remote Tw_sys_rx Integer that indicates the value of Tw_sys that the remote system requests from the (microsec) local system. This value maps from the aLldpXdot3RemRxTwSys attribute. Remote Tw_sys_rx Echo Integer that indicates the value of Receive Tw_sys echoed back by the remote (microsec) system.
M4100 Series ProSAFE Managed Switches Rx DLL enabled......Yes Rx DLL ready....... Yes Cumulative Energy Saving (W * H)..... XX Time Since Counters Last Cleared....1 day 20 hr 47 min 34 sec green-mode eee-lpi-history Configure the global EEE LPI history collection interval and buffer size using this command.
Page 531
M4100 Series ProSAFE Managed Switches Field Description Percentage LPI time per stack Percentage of Total time spent in LPI mode by all port in stack when compared to total time since reset. Sample No Sample Index Sample Time Time since last reset...
There is no specific action that can be taken per message. If a problem is being diagnosed, a set of these messages in the event log, along with an understanding of the system configuration and details of the problem, can assist NETGEAR technical support in determining the root cause of such a problem.
M4100 Series ProSAFE Managed Switches Core Table 3. BSP Log Messages Component Message Cause Event(0xaaaaaaaa) Switch has restarted. Starting code... BSP initialization complete, starting application. Table 4. NIM Log Messages Component Message Cause NIM: L7_ATTACH out of order for Interface creation out of order...
Page 534
M4100 Series ProSAFE Managed Switches Table 5. System Log Messages Component Message Cause SYSTEM Configuration file Switch CLI.cfg size is 0 The configuration file could not be read. (zero) bytes This message might occur on a system for which no configuration has ever been saved or for which configuration has been erased.
M4100 Series ProSAFE Managed Switches Utilities Table 6. Trap Mgr Log Message Component Message Cause Trap Mgr Link Up/Down: slot/port An interface changed link state. Table 7. DHCP Filtering Log Messages Component Message Cause DHCP Filtering Unable to create r/w lock for DHCP...
Page 536
M4100 Series ProSAFE Managed Switches Table 9. RADIUS Log Messages Component Message Cause RADIUS RADIUS: Invalid data length - xxx The RADIUS Client received an invalid message from the server. RADIUS RADIUS: Failed to send the request A problem communicating with the RADIUS server.
M4100 Series ProSAFE Managed Switches Table 10. TACACS+ Log Messages Component Message Cause TACACS+ TACACS+: authentication error, no server TACACS+ request needed, but no servers to contact are configured. TACACS+ TACACS+: connection failed to server TACACS+ request sent to server x.x.x.x x.x.x.x...
Page 538
M4100 Series ProSAFE Managed Switches Table 14. EmWeb Log Messages Component Message Cause EmWeb EMWEB (Telnet): Max number of Telnet A user attempted to connect via telnet login sessions exceeded when the maximum number of telnet sessions were already active.
Page 539
M4100 Series ProSAFE Managed Switches Table 16. WEB Log Messages Component Message Cause Max clients exceeded This message is shown when the maximum allowed java client connections to the switch is exceeded. Error on send to sockfd XXXX, closing Failed to send data to the java clients connection through the socket.
Page 540
M4100 Series ProSAFE Managed Switches Table 18. SSHD Log Messages Component Message Cause SSHD SSHD: Unknown UI event in message, Failed to dispatch the UI event to the event=XXXX appropriate SSHD function as it’s an invalid event. XXXX indicates the event to be dispatched.
M4100 Series ProSAFE Managed Switches Table 20. User_Manager Log Messages Component Message Cause User_Manager User Login Failed for XXXX Failed to authenticate user login. XXXX indicates the user name to be authenticated. User_Manager Access level for user XXXX could not be Invalid access level specified for the user.
Page 542
M4100 Series ProSAFE Managed Switches Table 22. IP Subnet VLANS Log Messages Component Message Cause IPsubnet vlans ERROR vlanIpSubnetSubnetValid :Invalid Occurs when an invalid pair of subnet and subnet netmask has come from the CLI IPsubnet vlans IP Subnet Vlans: failed to save...
Page 543
M4100 Series ProSAFE Managed Switches Table 23. Mac-based VLANs Log Messages Component Message Cause Mac based vlanMacVlanChangeCallback: Failed to Appears when a dtl fails to add an entry for VLANS add an entry a VLAN add notify event. Mac based...
Page 544
M4100 Series ProSAFE Managed Switches Table 25. IGMP Snooping Log Messages Component Message Cause IGMP Snooping Failed to set igmp mrouter mode %d for Failed to set VLAN multicast router mode interface xxx on VLAN yyy due to IGMP Snooping message queue...
Page 545
M4100 Series ProSAFE Managed Switches Table 27. 802.3ad Log Messages Component Message Cause 802.3ad dot3adReceiveMachine: received default Received a LAG PDU and the RX state event %x machine is ignoring this LAGPDU 802.3ad dot3adNimEventCompletionCallback, The event sent to NIM was not completed...
Page 546
M4100 Series ProSAFE Managed Switches Table 32. 802.1Q Log Messages Component Message Cause 802.1Q dot1qIssueCmd: Unable to send message dot1qMsgQueue is full. %d to dot1qMsgQueue for vlan %d - %d msgs in queue 802.1Q dot1qVlanCreateProcess: Attempt to Accommodates for reserved vlan ids. that create a vlan with an invalid vlan id %d ;...
M4100 Series ProSAFE Managed Switches Table 35. Protocol-based VLANs Log Messages Component Message Cause Protocol Based pbVlanCnfgrInitPhase2Process: Unable to Appears when nimRegisterIntfChange fails VLANs register NIM callback to register pbVlan for link state changes. Protocol Based pbVlanCnfgrInitPhase2Process: Unable to Appears when vlanRegisterForChange...
M4100 Series ProSAFE Managed Switches Table 38. DiffServ Log Messages Component Message Cause DiffServ diffserv.c 165: diffServRestore Failed to While attempting to clear the running reset DiffServ. Recommend resetting configuration an error was encountered in device removing the current settings. This might lead to an inconsistent state in the system and resetting is advised.
Page 549
M4100 Series ProSAFE Managed Switches Table 40. OSPFv2 Log Messages (continued) Component Message Cause OSPFv2 Warning: OSPF LSDB is 90% full (22648 OSPFv2 limits the number of Link State LSAs). Advertisements (LSAs) that can be stored in the link state database (LSDB). When the database becomes 90 or 95 percent full, OSPFv2 logs this warning.
Page 550
M4100 Series ProSAFE Managed Switches Table 42. Routing Table Manager Log Messages Component Message Cause Routing Table RTO is full. Routing table contains 8000 The routing table manager, also called Manager best routes, 8000 total routes. “RTO,” stores a limited number of best routes, based on hardware capacity.
M4100 Series ProSAFE Managed Switches Table 45. RIP Log Message Component Message Cause RIP : discard response from xxx via When RIP response is received with a unexpected interface source address not matching the incoming interface’s subnet. Table 46. DHCP6 Log Message...
Page 552
M4100 Series ProSAFE Managed Switches Table 49. IGMP-Proxy Log Messages Component Message Cause IGMP-Proxy Error getting memory for igmp host group When we are unable to allocate memory for record the IGMP group record in the Host (Proxy) table IGMP-Proxy...
M4100 Series ProSAFE Managed Switches Table 51. PIM-DM Log Messages Component Message Cause PIM-DM Out of memory when creating xxx This message is logged when there is insufficient memory to accommodate a new neighbor/(S,G) Entry, Prune, Graft, Join etc. PIM-DM Error entry->ll_xxx LL creation error...
Page 554
M4100 Series ProSAFE Managed Switches Technologies Table 54. System General Error Messages Component Message Cause Invalid USP unit = x, slot = x, port =x A port was not able to be translated correctly during the receive. In hapiBroadSystemMacAddress call to...
Page 555
M4100 Series ProSAFE Managed Switches Table 54. System General Error Messages Component Message Cause USL: A Trunk being created by bcmx Possible synchronization issue between already existed in USL the application, hardware, and sync layer USL: A Trunk being destroyed doesn't exist...
M4100 Series ProSAFE Managed Switches Table 54. System General Error Messages Component Message Cause USL: failed to sync L3 Route table on unit= Could not synchronize unit x due to a transport failure or API issue on remote unit. A synchronization retry will be issued...
Page 557
M4100 Series ProSAFE Managed Switches Table 55. OSAPI Log Messages (continued) Component Message Cause OSAPI osapiCleanupIf: NetIPGet During the call to remove the interface from the route table, the attempt to get an ipv4 interface address from the stack failed.