Page 1 Series ENTERPRISE EDGE SWITCHES AT-x210-9GT AT-x210-16GT AT-x210-24GT Command Reference for AlliedWare Plus™ Version 5.4.5 C613-50054-01 REV A...
Page 2 If you would like a copy of the GPL source code contained in Allied Telesis products, please send us a request by registered mail including a check for US$15 to cover production and shipping costs and a CD with the GPL code will be mailed to you.
Page 3: Table Of Contents
Contents Chapter 1: CLI Navigation Commands ......52 Introduction .........52 configure terminal .
Page 4 service password-encryption ......89 service telnet ........90 service terminal-length (deleted) .
Page 5 show version ........150 write file ........152 write memory .
Page 6 system territory (deprecated) ......225 terminal monitor ....... . 226 undebug all .
Page 7 show interface brief ......296 show interface status ......297 shutdown .
Page 8 switchport port-security ......363 switchport port-security aging ..... . . 364 switchport port-security maximum .
Page 9 show spanning-tree brief ......432 show spanning-tree mst ......433 show spanning-tree mst config .
Page 10 lacp timeout ........500 show debugging lacp ......502 show diagnostic channel-group .
Page 11 show ip route summary ......561 Chapter 17: Multicast Commands ....... . 562 Introduction .
Page 12 ipv6 mld limit ........619 ipv6 mld snooping ....... 621 ipv6 mld snooping fast-leave .
Page 13 match cos ........706 match dscp ........707 match eth-format protocol .
Page 14 show dot1x diagnostics ......770 show dot1x interface ......772 show dot1x sessionstatistics .
Page 15 auth-web-server ping-poll interval ..... 845 auth-web-server ping-poll reauth-timer-refresh ... . 846 auth-web-server ping-poll timeout .
Page 16 login authentication ......914 show aaa local user locked ......915 show debugging aaa .
Page 17 ssh ......... 974 ssh client .
Page 18 epsr ........1039 epsr configuration .
Page 19 atmf provision node locate ......1110 atmf reboot-rolling ......1111 atmf recover .
Page 20 show ntp status ....... . 1206 Chapter 35: Dynamic Host Configuration Protocol (DHCP) Commands ..1207 Introduction .
Page 21 snmp-server enable trap ......1268 snmp-server engineID local ......1270 snmp-server engineID local reset .
Page 22 debug mail ........1345 delete mail ........1346 mail .
Page 23 description (ping-polling) ......1406 fail-count ........1407 ip (ping-polling) .
Page 24 Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 25 List of Commands (access-list hardware ICMP filter) .........655 (access-list hardware IP protocol filter).
Page 26 access-list (standard numbered)......... . 678 access-list hardware (named) .
Page 27 atmf management vlan ..........1094 atmf master .
Page 28 auth two-step enable ........... . 814 auth-mac enable .
Page 29 auth-web-server ssl ............852 auth-web-server sslport (deleted) .
Page 30 clear ipv6 mroute ............566 clear ipv6 neighbors .
Page 31 critical-interval ............1404 crypto key destroy hostkey.
Page 32 default log buffered ........... . . 234 default log console .
Page 33 egress-rate-limit ............703 enable (Privileged Exec mode) .
Page 34 ip dhcp option............1219 ip dhcp pool.
Page 35 ipv6 mld access-group ........... 618 ipv6 mld limit.
Page 36 lldp tx-delay ............1307 location civic-location configuration .
Page 37 mail from............. . .1348 mail smtpserver .
Page 38 ntp source............. .1199 ntp trusted-key .
Page 39 script..............1374 security-password forced-change .
Page 40 show atmf backup area ..........1148 show atmf backup .
Page 41 show counter dhcp-client ..........1224 show counter dhcp-server .
Page 42 show diagnostic channel-group......... . 503 show dot1x diagnostics .
Page 43 show ip dhcp server summary ......... .1236 show ip dhcp snooping acl.
Page 44 show lacp-counter............509 show license brief .
Page 45 show platform classifier statistics utilization brief ......351 show platform port ............352 show platform.
Page 46 show running-config ........... . 136 show security-password configuration .
Page 47 show system mac............210 show system pluggable detail.
Page 48 source-ip ............. . .1420 spanning-tree autoedge (RSTP and MSTP) .
Page 49 ssh server authentication ..........982 ssh server deny-users .
Page 50 switchport voice vlan ........... . 402 system territory (deprecated) .
Page 51 undebug dot1x............784 undebug epsr .
Page 52: Cli Navigation Commands
CLI Navigation Commands Introduction Overview This chapter provides an alphabetical reference for the commands used to navigate between different modes. This chapter also provides a reference for the help and show commands used to help navigate within the CLI. Command List •...
Page 53: Configure Terminal
CLI N AVIGATION OMMANDS CONFIGURE TERMINAL configure terminal Overview This command enters the Global Configuration command mode. Syntax configure terminal Mode Privileged Exec Example To enter the Global Configuration command mode (note the change in the command prompt), enter the command: awplus# configure terminal awplus(config)#...
Page 54: Disable (Privileged Exec Mode)
CLI N AVIGATION OMMANDS DISABLE RIVILEGED XEC MODE disable (Privileged Exec mode) Overview This command exits the Privileged Exec mode, returning the prompt to the User Exec mode. To end a session, use the exit command. Syntax disable Mode Privileged Exec Example To exit the Privileged Exec mode, enter the command: awplus#...
Page 55 CLI N AVIGATION OMMANDS Overview This command lets you to run User Exec and Privileged Exec mode commands when you are in any configuration mode. Syntax do <command> Parameter Description Specify the command and its parameters. <command> Mode Any configuration mode Example awplus# configure terminal...
Page 56: Enable (Privileged Exec Mode)
CLI N AVIGATION OMMANDS ENABLE RIVILEGED XEC MODE enable (Privileged Exec mode) Overview This command enters the Privileged Exec mode and optionally changes the privilege level for a session. If a privilege level is not specified then the maximum privilege level (15) is applied to the session. If the optional privilege level is omitted then only users with the maximum privilege level can access Privileged Exec mode without providing the password as specified by the enable password...
Page 57 CLI N AVIGATION OMMANDS ENABLE RIVILEGED XEC MODE Privilege Exec mode. Use the enable password command or the enable secret commands to set the password to enable access to Privileged Exec mode. awplus> enable 7 awplus# Related disable (Privileged Exec mode) Commands enable password enable secret...
Page 58: End
CLI N AVIGATION OMMANDS Overview This command returns the prompt to the Privileged Exec command mode from any other advanced command mode. Syntax Mode All advanced command modes, including Global Configuration and Interface Configuration modes. Example The following example shows the use of the end command to return to the Privileged Exec mode directly from Interface mode.
Page 59: Exit
CLI N AVIGATION OMMANDS EXIT exit Overview This command exits the current mode, and returns the prompt to the mode at the previous level. When used in User Exec mode, the exit command terminates the session. Syntax exit Mode All command modes, including Global Configuration and Interface Configuration modes.
Page 60: Help
CLI N AVIGATION OMMANDS HELP help Overview This command displays a description of the AlliedWare Plus™ OS help system. Syntax help Mode All command modes Example To display a description on how to use the system help, use the command: awplus# help Output...
Page 61: Logout
CLI N AVIGATION OMMANDS LOGOUT logout Overview This command exits the User Exec or Privileged Exec modes and ends the session. Syntax logout Mode User Exec and Privileged Exec Example To exit the User Exec mode, use the command: awplus# logout C613-50054-01 REV A Command Reference for x210 Series Edge Switches...
Page 62: Show History
CLI N AVIGATION OMMANDS SHOW HISTORY show history Overview This command lists the commands entered in the current session. The history buffer is cleared automatically upon reboot. The output lists all command line entries, including commands that returned an error. For information on filtering and saving command output, see “Controlling “show”...
Page 63: User Access Commands
User Access Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure user access. Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 64 CCESS OMMANDS Command List • “clear line console” on page 65 • “clear line vty” on page 66 • “enable password” on page 67 • “enable secret” on page 70 • “exec-timeout” on page 73 • “flowcontrol hardware (asyn/console)” on page 75 •...
Page 65: Clear Line Console
CCESS OMMANDS CLEAR LINE CONSOLE clear line console Overview This command resets a console line. If a terminal session exists on the line then the terminal session is terminated. If console line settings have changed then the new settings are applied. Syntax clear line console 0 Mode...
Page 66: Clear Line Vty
CCESS OMMANDS CLEAR LINE VTY clear line vty Overview This command resets a VTY line. If a session exists on the line then it is closed. Syntax clear line vty <0-32> Parameter Description Line number <0-32> Mode Privileged Exec Example To reset the first vty line, use the command: awplus# clear line vty 1...
Page 67: Enable Password
CCESS OMMANDS ENABLE PASSWORD enable password Overview To set a local password to control access to various privilege levels, use the enable password Global Configuration command. Use the enable password command to modify or create a password to be used, and use the no enable password command to remove the password.
Page 68 CCESS OMMANDS ENABLE PASSWORD Note that the enable password command is an alias for the enable secret command and one password per privilege level is allowed using these commands. Do not assign one password to a privilege level with enable password and another password to a privilege level with enable...
Page 69 CCESS OMMANDS ENABLE PASSWORD this method. The output in the configuration file will show only the encrypted string, and not the text string. awplus# configure terminal awplus(config)# enable password 8 fU7zHzuutY2SA awplus(config)# This results in the following show output: awplus#show run Current configuration: hostname awplus enable password 8 fU7zHzuutY2SA...
Page 70: Enable Secret
CCESS OMMANDS ENABLE SECRET enable secret Overview To set a local password to control access to various privilege levels, use the enable secret Global Configuration command. Use the enable secret command to modify or create a password to be used, and use the no enable secret command to remove the password.
Page 71 CCESS OMMANDS ENABLE SECRET Do not assign one password to a privilege level with enable password and another password to a privilege level with enable secret. Use enable password enable secret commands. Do not use both on the same level. Using plain The plain password is a clear text string that appears in the configuration file as passwords...
Page 72: Privilege Level
CCESS OMMANDS ENABLE SECRET This results in the following show output: awplus#show run Current configuration: hostname awplus enable password 8 fU7zHzuutY2SA interface lo Related enable (Privileged Exec mode) Commands enable secret service password-encryption privilege level show privilege username show running-config Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 73: Exec-Timeout
CCESS OMMANDS EXEC TIMEOUT exec-timeout Overview This command sets the interval your device waits for user input from either a console or VTY connection. Once the timeout interval is reached, the connection is dropped. This command sets the time limit when the console or VTY connection automatically logs off after no activity.
Page 74 CCESS OMMANDS EXEC TIMEOUT Related line Commands service telnet Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 75: Flowcontrol Hardware (Asyn/Console)
CCESS OMMANDS FLOWCONTROL HARDWARE ASYN CONSOLE flowcontrol hardware (asyn/console) Overview Use this command to enable RTS/CTS (Ready To Send/Clear To Send) hardware flow control on a terminal console line (asyn port) between the DTE (Data Terminal Equipment) and the DCE (Data Communications Equipment). Syntax flowcontrol hardware no flowcontrol hardware...
Page 76 CCESS OMMANDS FLOWCONTROL HARDWARE ASYN CONSOLE Examples To enable hardware flow control on terminal console line asyn0, use the commands: awplus# configure terminal awplus(config)# line console 0 awplus(config-line)# flowcontrol hardware To disable hardware flow control on terminal console line asyn0, use the commands: awplus# configure terminal...
Page 77: Length (Asyn)
CCESS OMMANDS LENGTH ASYN length (asyn) Overview Use this command to specify the number of rows of output that the device will display before pausing, for the console or VTY line that you are configuring. The no variant of this command restores the length of a line (terminal session) attached to a console port or to a VTY to its default length of 22 rows.
Page 78: Line
CCESS OMMANDS LINE line Overview Use this command to enter line configuration mode for the specified VTYs or the console. The command prompt changes to show that the device is in Line Configuration mode. Syntax line vty <first-line> [<last-line>] Parameter Description <first-line>...
Page 79: Login Authentication
CCESS OMMANDS LINE Related accounting login Commands clear line console clear line vty flowcontrol hardware (asyn/console) length (asyn) login authentication privilege level speed (asyn) C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 80: Privilege Level
CCESS OMMANDS PRIVILEGE LEVEL privilege level Overview This command sets a privilege level for VTY or console connections. The configured privilege level from this command overrides a specific user’s initial privilege level at the console login. Syntax privilege level <1-15> Mode Line Configuration Usage...
Page 81: Security-Password History
CCESS OMMANDS SECURITY PASSWORD HISTORY security-password history Overview This command specifies the number of previous passwords that are unable to be reused. A new password is invalid if it matches a password retained in the password history. The no security-password history command disables the security password history functionality.
Page 82: Security-Password Forced-Change
CCESS OMMANDS SECURITY PASSWORD FORCED CHANGE security-password forced-change Overview This command specifies whether or not a user is forced to change an expired password at the next login. If this feature is enabled, users whose passwords have expired are forced to change to a password that must comply with the current password security rules at the next login.
Page 83: Security-Password Lifetime
CCESS OMMANDS SECURITY PASSWORD LIFETIME security-password lifetime Overview This command enables password expiry by specifying a password lifetime in days. Note that when the password lifetime feature is disabled, it also disables the security-password forced-change command and the security-password warning command.
Page 84: Security-Password Minimum-Categories
CCESS OMMANDS SECURITY PASSWORD MINIMUM CATEGORIES security-password minimum-categories Overview This command specifies the minimum number of categories that the password must contain in order to be considered valid. The password categories are: • uppercase letters: A to Z • lowercase letters: a to z •...
Page 85: Security-Password Minimum-Length
CCESS OMMANDS SECURITY PASSWORD MINIMUM LENGTH security-password minimum-length Overview This command specifies the minimum allowable password length. This value is checked against when there is a password change or a user account is created. Syntax security-password minimum-length <1-23> Parameter Description Minimum password length in the range from 1 to 23.
Page 86: Security-Password Reject-Expired-Pwd
CCESS OMMANDS SECURITY PASSWORD REJECT EXPIRED security-password reject-expired-pwd Overview This command specifies whether or not a user is allowed to login with an expired password. Users with expired passwords are rejected at login if this functionality is enabled. Users then have to contact the Network Administrator to change their password.
Page 87: Security-Password Warning
CCESS OMMANDS SECURITY PASSWORD WARNING security-password warning Overview This command specifies the number of days before the password expires that the user will receive a warning message specifying the remaining lifetime of the password. Note that the warning period cannot be set unless the lifetime feature is enabled with the security-password lifetime command.
Page 88: Service Advanced-Vty
CCESS OMMANDS SERVICE ADVANCED service advanced-vty Overview This command enables the advanced-vty help feature. This allows you to use TAB completion for commands. Where multiple options are possible, the help feature displays the possible options. The no service advanced-vty command disables the advanced-vty help feature. Syntax service advanced-vty no service advanced-vty...
Page 89: Service Password-Encryption
CCESS OMMANDS SERVICE PASSWORD ENCRYPTION service password-encryption Overview Use this command to enable password encryption. This is enabled by default. When password encryption is enabled, the device displays passwords in the running config in encrypted form instead of in plain text. Use the no service password-encryption command to stop the device from displaying newly-entered passwords in encrypted form.
Page 90: Service Telnet
CCESS OMMANDS SERVICE TELNET service telnet Overview Use this command to enable the telnet server. The server is enabled by default. Enabling the telnet server starts the device listening for incoming telnet sessions on the configured port. The server listens on port 23, unless you have changed the port by using the privilege level command.
Page 91: C613-50054-01 Rev A Command Reference For X210 Series Edge Switches
CCESS OMMANDS SERVICE TERMINAL LENGTH DELETED service terminal-length (deleted) Overview This command has been deleted. C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 92: Show Privilege
CCESS OMMANDS SHOW PRIVILEGE show privilege Overview This command displays the current user privilege level, which can be any privilege level in the range <1-15>. Privilege levels <1-6> allow limited user access (all User Exec commands), privilege levels <7-14> allow restricted user access (all User Exec commands plus Privileged Exec show commands).
Page 93: Show Security-Password Configuration
CCESS OMMANDS SHOW SECURITY PASSWORD CONFIGURATION show security-password configuration Overview This command displays the configuration settings for the various security password rules. Syntax show security-password configuration Mode Privileged Exec Example To display the current security-password rule configuration settings, use the command: awplus# show security-password configuration...
Page 94: Show Security-Password User
CCESS OMMANDS SHOW SECURITY PASSWORD USER show security-password user Overview This command displays user account and password information for all users. Syntax show security-password user Mode Privileged Exec Example To display the system users’ remaining lifetime or last password change, use the command: awplus# show security-password user...
Page 95: Show Telnet
CCESS OMMANDS SHOW TELNET show telnet Overview This command shows the Telnet server settings. Syntax show telnet Mode User Exec and Privileged Exec Example To show the Telnet server settings, use the command: awplus# show telnet Output Figure 2-4: Example output from the show telnet command Telnet Server Configuration ------------------------------------------------------------ Telnet server...
Page 96: Show Users
CCESS OMMANDS SHOW USERS show users Overview This command shows information about the users who are currently logged into the device. Syntax show users Mode User Exec and Privileged Exec Example To show the users currently connected to the device, use the command: awplus# show users Output...
Page 97: Telnet
CCESS OMMANDS TELNET telnet Overview Use this command to open a telnet session to a remote device. Syntax telnet {<hostname>|[ip] <ipv4-addr>|[ipv6] <ipv6-addr>} [<port>] Parameter Description The host name of the remote system. <hostname> Keyword used to specify the IPv4 address or host name of a remote system.
Page 98: Telnet Server
CCESS OMMANDS TELNET SERVER telnet server Overview This command enables the telnet server on the specified TCP port. If the server is already enabled then it will be restarted on the new port. Changing the port number does not affect the port used by existing sessions. Syntax telnet server {<1-65535>|default} Parameter...
Page 99: Terminal Length
CCESS OMMANDS TERMINAL LENGTH terminal length Overview Use the terminal length command to specify the number of rows of output that the device will display before pausing, for the currently-active terminal only. Use the terminal no length command to remove the length specified by this command.
Page 100: Terminal Resize
CCESS OMMANDS TERMINAL RESIZE terminal resize Overview Use this command to automatically adjust the number of rows of output on the console, which the device will display before pausing, to the number of rows configured on the user’s terminal. Syntax terminal resize Mode User Exec and Privileged Exec...
Page 101: Username
CCESS OMMANDS USERNAME username Overview This command creates or modifies a user to assign a privilege level and a password. : The default username privilege level of 1 is not shown in running-config output. NOTE Any username privilege level that has been modified from the default is shown. Syntax username <name>...
Page 102 CCESS OMMANDS USERNAME Usage An intermediate CLI security level (privilege level 7 to privilege level 14) allows a CLI user access to the majority of show commands, including the platform show commands that are available at privilege level 1 to privilege level 6). Note that some show commands, such as show running-configuration and show startup-configuration, are only available at privilege level 15.
Page 103: Chapter 3: File Management Commands
File Management Commands Introduction This chapter provides an alphabetical reference of AlliedWare Plus™ OS file management commands. Filename Syntax Many of the commands in this chapter use the placeholder “filename” to represent and Keyword the name and location of the file that you want to act on. The following table Usage explains the syntax of the filename for each different type of file location.
Page 104 ANAGEMENT OMMANDS Valid characters The filename and path can include characters from up to four categories. The categories are: uppercase letters: A to Z lowercase letters: a to z digits: 0 to 9 special symbols: all printable ASCII characters not included in the previous three categories.
Page 105 ANAGEMENT OMMANDS Command List • “boot config-file” on page 107 • “boot config-file backup” on page 108 • “boot system” on page 109 • “boot system backup” on page 110 • “cd” on page 111 • “copy current-software” on page 112 •...
Page 106 ANAGEMENT OMMANDS • “show running-config security-password” on page 148 • “show startup-config” on page 149 • “show version” on page 150 • “write file” on page 152 • “write memory” on page 153 • “write terminal” on page 154 Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 107: Boot Config-File
ANAGEMENT OMMANDS BOOT CONFIG FILE boot config-file Overview Use this command to set the configuration file to use during the next boot cycle. Use the no variant of this command to remove the configuration file. Syntax boot config-file <filepath-filename> no boot config-file Parameter Description Filepath and name of a configuration file.
Page 108: Boot Config-File Backup
ANAGEMENT OMMANDS BOOT CONFIG FILE BACKUP boot config-file backup Overview Use this command to set a backup configuration file to use if the main configuration file cannot be accessed. Use the no variant of this command to remove the backup configuration file. Syntax boot config-file backup <filepath-filename>...
Page 109: Boot System
ANAGEMENT OMMANDS BOOT SYSTEM boot system Overview Use this command to set the release file to load during the next boot cycle. Use the no variant of this command to remove the release file as the boot file. Syntax boot system <filepath-filename> no boot system Parameter Description...
Page 110: Boot System Backup
ANAGEMENT OMMANDS BOOT SYSTEM BACKUP boot system backup Overview Use this command to set a backup release file to load if the main release file cannot be loaded. Use the no variant of this command to remove the backup release file as the backup boot file.
Page 111 ANAGEMENT OMMANDS Overview This command changes the current working directory. Syntax cd <directory-name> Parameter Description <directory-name> Name and path of the directory. Mode Privileged Exec Example To change to the directory called images, use the command: awplus# cd images Related Commands show file systems C613-50054-01 REV A...
Page 112: Copy Current-Software
ANAGEMENT OMMANDS COPY CURRENT SOFTWARE copy current-software Overview Syntax copy current-software <destination-name> Parameter Description The filename and path where you would like the current <destination-name> running-release saved. This command creates a file if no file exists with the specified filename. If a file already exists, then the CLI prompts you before overwriting the file.
Page 113: Copy Debug
ANAGEMENT OMMANDS COPY DEBUG copy debug Overview Syntax copy debug {<destination-name>|debug|flash|nvs|scp|tftp} {<source-name>|debug|flash|nvs|scp|tftp} Parameter Description The filename and path where you would like the debug <destination-name> output saved. See Introduction on page 103 for valid syntax. The filename and path where the debug output originates. <source-namee>...
Page 114: Copy Running-Config
ANAGEMENT OMMANDS COPY RUNNING CONFIG copy running-config Overview This command copies the running-config to a destination file, or copies a source file into the running-config. Commands entered in the running-config do not survive a device reboot unless they are saved in a configuration file. Syntax copy <source-name>...
Page 115: Copy Startup-Config
ANAGEMENT OMMANDS COPY STARTUP CONFIG copy startup-config Overview Syntax copy <source-name> startup-config copy startup-config <destination-name> Parameter Description The filename and path of a configuration file. This must be <source-name> a valid configuration file with a . cfg filename extension. Specify this to copy the script in the file into the startup- config file.
Page 116: Copy (Filename)
ANAGEMENT OMMANDS COPY FILENAME copy (filename) Overview This command copies a file. This allows you to: • copy files from your device to a remote device • copy files from a remote device to your device • create two copies of the same file on your device Syntax copy <source-name>...
Page 117 ANAGEMENT OMMANDS COPY FILENAME Examples To use TFTP to copy the file bob.key into the current directory from the remote server at 10.0.0.1, use the command: awplus# copy tftp://10.0.0.1/bob.key bob.key To use SFTP to copy the file new.cfg into the current directory from a remote server at 10.0.1.2, use the command: awplus# copy sftp://10.0.1.2/new.cfg bob.key...
Page 118: Copy Zmodem
ANAGEMENT OMMANDS COPY ZMODEM copy zmodem Overview This command allows you to copy files using ZMODEM using Minicom. ZMODEM works over a serial connection and does not need any interfaces configured to do a file transfer. Syntax copy <source-name> zmodem copy zmodem Parameter Description...
Page 119: Delete
ANAGEMENT OMMANDS DELETE delete Overview This command deletes files or directories. Syntax delete [force] [recursive] <filename> Parameter Description Ignore nonexistent filenames and never prompt before deletion. force Remove the contents of directories recursively. recursive <filename> The filename and path of the file to delete. See Introduction on page 103 for valid syntax.
Page 120: Delete Debug
ANAGEMENT OMMANDS DELETE DEBUG delete debug Overview Use this command to delete a specified debug output file. Syntax delete debug <source-name> Parameter Description The filename and path where the debug output originates. <source-name> Introduction on page 103 for valid URL syntax. Mode Privileged Exec Example...
Page 121: Dir
ANAGEMENT OMMANDS Overview This command lists the files on a filesystem. If no directory or file is specified then this command lists the files in the current working directory. Syntax dir [all] [recursive] [sort [reverse] [name|size|time]] [<filename>|debug|flash|nvs] Parameter Description List all files. List the contents of directories recursively.
Page 122 ANAGEMENT OMMANDS To sort the files by modification time, oldest to newest, use the command: awplus# dir sort reverse time Related Commands Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 123: Edit
ANAGEMENT OMMANDS EDIT edit Overview This command opens a text file in the AlliedWare Plus™ text editor. Once opened you can use the editor to alter to the file. If a filename is specified and it already exists, then the editor opens it in the text editor.
Page 124: Edit (Filename)
ANAGEMENT OMMANDS EDIT FILENAME edit (filename) Overview This command opens a remote text file as read-only in the AlliedWare Plus™ text editor. Before starting the editor make sure your terminal, terminal emulation program, or Telnet client is 100% compatible with a VT100 terminal. The editor uses VT100 control sequences to display text on the terminal.
Page 125: Show File
ANAGEMENT OMMANDS EDIT FILENAME Example To view the file bob.key stored in the security directory of a TFTP server, use the command: awplus# edit tftp://security/bob.key Related copy (filename) Commands edit show file C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™...
Page 126: Erase Startup-Config
ANAGEMENT OMMANDS ERASE STARTUP CONFIG erase startup-config Overview This command deletes the file that is set as the startup-config file, which is the configuration file that the system runs when it boots up. At the next restart, the device loads the default configuration file, default.cfg. If default.cfg no longer exists, then the device loads with the factory default configuration.
Page 127: Mkdir
ANAGEMENT OMMANDS MKDIR mkdir Overview This command makes a new directory. Syntax mkdir <name> Parameter Description The name and path of the directory that you are creating. <name> Mode Privileged Exec Usage You cannot name a directory or subdirectory flash, nvs, usb, card, tftp, scp, sftp or http.
Page 128: Move
ANAGEMENT OMMANDS MOVE move Overview This command renames or moves a file. Syntax move <source-name> <destination-name> Parameter Description The filename and path of the source file. See Introduction <source-name> on page 103 for valid syntax. The filename and path of the destination file. See <destination-name>...
Page 129: Move Debug
ANAGEMENT OMMANDS MOVE DEBUG move debug Overview This command moves a specified debug file to a destination debug file. Syntax move debug {<destination-name>|debug|flash|nvs} {<source-name>|debug|flash|nvs} Parameter Description The filename and path where you would like the debug <destination-name> output moved to. See Introduction on page 103 for valid syntax.
Page 130: Pwd
ANAGEMENT OMMANDS Overview This command prints the current working directory. Syntax Mode Privileged Exec Example To print the current working directory, use the command: awplus# Related Commands Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 131: Rmdir
ANAGEMENT OMMANDS RMDIR rmdir Overview This command removes a directory. The directory must be empty for the command to work unless the optional force keyword is used to remove all subdirectories or files in a directory. Syntax rmdir [force] <name> Parameter Description Optional keyword that allows you to delete any directories...
Page 132: Show Boot
ANAGEMENT OMMANDS SHOW BOOT show boot Overview This command displays the current boot configuration. Syntax show boot Mode Privileged Exec Example To show the current boot configuration, use the command: awplus# show boot Output Figure 3-4: Example output from the show boot command awplus#show boot Boot configuration ----------------------------------------------------------------...
Page 133: Show File
ANAGEMENT OMMANDS SHOW FILE show file Overview This command displays the contents of a specified file. Syntax show file <filename> Parameter Description Name of a file on the local Flash filesystem, or name and <filename> directory path of a file. Mode Privileged Exec Example...
Page 134: Show File Systems
ANAGEMENT OMMANDS SHOW FILE SYSTEMS show file systems Overview This command lists the filesystems and their utilization information where appropriate. Syntax show file systems Mode Privileged Exec Examples To display the filesystems, use the command: awplus# show file systems Output Figure 3-5: Example output from the show file systems command awplus#show file systems...
Page 135 ANAGEMENT OMMANDS SHOW FILE SYSTEMS Table 3-2: Parameters in the output of the show file systems command (cont.) Parameter Description The prefixes used when entering commands to access the Prefixes filesystems; one of: flash system tftp sftp http. The memory type: static, virtual, dynamic. S/V/D Whether the memory is located locally or via a network Lcl / Ntwk...
Page 136: Show Running-Config
ANAGEMENT OMMANDS SHOW RUNNING CONFIG show running-config Overview This command displays the current configuration of the device. The output includes all non-default configuration; default settings are not displayed. You can control the output in any one of the following ways: •...
Page 137 ANAGEMENT OMMANDS SHOW RUNNING CONFIG Output Figure 3-6: Example output from the show running-config command awplus#show running-config service password-encryption username manager privilege 15 password 8 $1$bJoVec4D$JwOJGPr7YqoExA0GVasdE0 service telnet no clock timezone ip domain-lookup spanning-tree mode rstp no platform e2efc interface port1.0.1-1.0.6 switchport switchport mode access service telnet...
Page 138: Show Running-Config Access-List
ANAGEMENT OMMANDS SHOW RUNNING CONFIG ACCESS LIST show running-config access-list Overview Use this command to show the running system status and configuration details for access-list. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus”...
Page 139: Show Running-Config As-Path Access-List
ANAGEMENT OMMANDS SHOW RUNNING CONFIG AS PATH ACCESS LIST show running-config as-path access-list Overview Use this command to show the running system status and configuration details for as-path access-list. Syntax show running-config as-path access-list Mode Privileged Exec and Global Configuration Example To display the running system status and configuration details for as-path access-list, use the command:...
Page 140: Show Running-Config Dhcp
ANAGEMENT OMMANDS SHOW RUNNING CONFIG DHCP show running-config dhcp Overview Use this command to display the running configuration for DHCP server, DHCP snooping, and DHCP relay. Syntax show running-config dhcp Mode Privileged Exec and Global Configuration Example To display to display the running configuration for DHCP server, DHCP snooping, and DHCP relay: awplus# show running-config dhcp...
Page 141: Show Running-Config Full
ANAGEMENT OMMANDS SHOW RUNNING CONFIG FULL show running-config full Overview Use this command to show the complete status and configuration of the running system. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 142: Show Running-Config Interface
ANAGEMENT OMMANDS SHOW RUNNING CONFIG INTERFACE show running-config interface Overview This command displays the current configuration of one or more interfaces on the device. Syntax show running-config interface [<interface-list>] [dot1x|ip igmp|lacp|mstp|rstp|stp] Parameter Description The interfaces or ports to display information about. An <interface-list>...
Page 143 ANAGEMENT OMMANDS SHOW RUNNING CONFIG INTERFACE To display the current running configuration of a device for VLAN 1, use the command: awplus# show running-config interface vlan1 To display the current running configuration of a device for VLANs 1 and 3-5, use the command: awplus# show running-config interface vlan1,vlan3-vlan5...
Page 144: Show Running-Config Ipv6 Access-List
ANAGEMENT OMMANDS SHOW RUNNING CONFIG IPV ACCESS LIST show running-config ipv6 access-list Overview Use this command to show the running system status and configuration for IPv6 ACLs. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus”...
Page 145: Show Running-Config Key Chain
ANAGEMENT OMMANDS SHOW RUNNING CONFIG KEY CHAIN show running-config key chain Overview Use this command to show the running system key-chain related configuration. Syntax show running-config key chain Mode Privileged Exec and Global Configuration Example To display the running system key-chain related configuration, use the command: awplus# show running-config key chain Output...
Page 146: Show Running-Config Lldp
ANAGEMENT OMMANDS SHOW RUNNING CONFIG LLDP show running-config lldp Overview This command shows the current running configuration of LLDP. Syntax show running-config lldp Mode Privileged Exec and Global Configuration Example To display the current configuration of LLDP, use the command: awplus# show running-config lldp Output...
Page 147: Show Running-Config Router-Id
ANAGEMENT OMMANDS SHOW RUNNING CONFIG ROUTER show running-config router-id Overview Use this command to show the running system global router ID configuration. Syntax show running-config router-id Mode Privileged Exec and Global Configuration Example To display the running system global router ID configuration, use the command: awplus# show running-config router-id Output...
Page 148: Show Running-Config Security-Password
ANAGEMENT OMMANDS SHOW RUNNING CONFIG SECURITY PASSWORD show running-config security-password Overview This command displays the configuration settings for the various security-password rules. If a default parameter is used for a security-password rule, therefore disabling that rule, no output is displayed for that feature. Syntax show running-config security-password Mode...
Page 149: Show Startup-Config
ANAGEMENT OMMANDS SHOW STARTUP CONFIG show startup-config Overview This command displays the contents of the start-up configuration file, which is the file that the device runs on start-up. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus”...
Page 150: Show Version
ANAGEMENT OMMANDS SHOW VERSION show version Overview This command displays the version number and copyright details of the current AlliedWare Plus™ OS your device is running. Syntax show version Mode User Exec and Privileged Exec Example To display the version details of your currently installed software, use the command: awplus# show version...
Page 151 ANAGEMENT OMMANDS SHOW VERSION Output Figure 3-19: Example output from the show version command awplus#show version AlliedWare Plus (TM) 5.4.3 19/11/12 13:22:32 Build name : x210-5.4.5-01.rel Build date : Fri Jun 6 13:22:32 NZST 2014 Build type : RELEASE NET-SNMP SNMP agent software (c) 1996, 1998-2000 The Regents of the University of California.
Page 152: Write File
ANAGEMENT OMMANDS WRITE FILE write file Overview This command copies the running-config into the file that is set as the current startup-config file. This command is a synonym of the write memory and copy running-config startup-config commands. Syntax write [file] Mode Privileged Exec Example...
Page 153: Write Memory
ANAGEMENT OMMANDS WRITE MEMORY write memory Overview This command copies the running-config into the file that is set as the current startup-config file. This command is a synonym of the write file and copy running-config startup-config commands. Syntax write [memory] Mode Privileged Exec Example...
Page 154: Write Terminal
ANAGEMENT OMMANDS WRITE TERMINAL write terminal Overview This command displays the current configuration of the device. This command is a synonym of the show running-config command. Syntax write terminal Mode Privileged Exec Example To display the current configuration of your device, use the command: awplus# write terminal Related...
Page 155: Chapter 4: Licensing Commands
Licensing Commands Introduction Overview This chapter provides an alphabetical reference for each of the License commands. Command List • “license” on page 156 • “show license” on page 157 • “show license brief” on page 159 Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 156: License
ICENSING OMMANDS LICENSE license Overview This command activates the licensed software feature set on a device. Use the no variant of this command to deactivate the licensed software feature set on a device. For feature licenses, contact your authorized distributor or reseller. If a license key expires or is incorrect so the license key is invalid, then some software features will be unavailable.
Page 157: Show License
ICENSING OMMANDS SHOW LICENSE show license Overview This command displays information about a specific software feature license, or all enabled software feature licenses on the device. Syntax show license [feature] [<label>|index <index-number>] Parameter Description Only display license information for any applied feature licenses. feature The license name of the software featureto show information <label>...
Page 158 ICENSING OMMANDS SHOW LICENSE Related license Commands show license brief Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 159: Show License Brief
ICENSING OMMANDS SHOW LICENSE BRIEF show license brief Overview This command displays information about a specific software feature license, or all enabled software feature licenses on the device. Syntax show license [feature] [<label>|index <index-number>] brief Parameter Description Only display license information for any applied feature licenses. feature The license name of the software feature to show information <label>...
Page 160: Chapter 5: System Configuration And Monitoring Commands
System Configuration and Monitoring Commands Introduction Overview This chapter provides an alphabetical reference of commands for configuring and monitoring the system. Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 161: Command List
YSTEM ONFIGURATION AND ONITORING OMMANDS Command List • “banner exec” on page 163 • “banner login (system)” on page 165 • “banner motd” on page 167 • “clock set” on page 169 • “clock summer-time date” on page 170 • “clock summer-time recurring”...
Page 162 YSTEM ONFIGURATION AND ONITORING OMMANDS • “show system pluggable diagnostics” on page 217 • “show system serialnumber” on page 220 • “show tech-support” on page 221 • “speed (asyn)” on page 223 • “system territory (deprecated)” on page 225 • “terminal monitor”...
Page 163: Banner Exec
YSTEM ONFIGURATION AND ONITORING OMMANDS BANNER EXEC banner exec Overview This command configures the User Exec mode banner that is displayed on the console after you login. The banner exec default command restores the User Exec banner to the default banner. Use the no banner exec command to disable the User Exec banner and remove the default User Exec banner.
Page 164: Banner Motd
YSTEM ONFIGURATION AND ONITORING OMMANDS BANNER EXEC awplus#configure terminal awplus(config)#banner exec default awplus(config)#exit awplus#exit awplus login: manager Password: AlliedWare Plus (TM) 5.4.5 03/31/14 13:03:59 awplus> To remove the User Exec mode banner after login, enter the following commands: awplus#configure terminal awplus(config)#no banner exec awplus(config)#exit awplus#exit...
Page 165: Banner Login (System)
YSTEM ONFIGURATION AND ONITORING OMMANDS BANNER LOGIN SYSTEM banner login (system) Overview This command configures the login banner that is displayed on the console when you login. The login banner is displayed on all connected terminals. The login banner is displayed after the MOTD (Message-of-the-Day) banner and before the login username and password prompts.
Page 166 YSTEM ONFIGURATION AND ONITORING OMMANDS BANNER LOGIN SYSTEM awplus#configure terminal awplus(config)#no banner login awplus(config)#exit awplus#exit awplus login: manager Password: awplus> Related banner exec Commands banner motd Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 167: Banner Motd
YSTEM ONFIGURATION AND ONITORING OMMANDS BANNER MOTD banner motd Overview Use this command to change the text MOTD (Message-of-the-Day) banner displayed before login. The MOTD banner is displayed on all connected terminals. The MOTD banner is useful for sending messages that affect all network users, for example, any imminent system shutdowns.
Page 168 YSTEM ONFIGURATION AND ONITORING OMMANDS BANNER MOTD awplus>enable awplus#configure terminal awplus(config)#no banner motd awplus(config)#exit awplus#exit awplus login: manager Password: AlliedWare Plus (TM) 5.4.5 03/31/14 13:03:59 awplus> Related banner exec Commands banner login (system) Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 169: Clock Set
YSTEM ONFIGURATION AND ONITORING OMMANDS CLOCK SET clock set Overview This command sets the time and date for the system clock. Syntax clock set <hh:mm:ss> <day> <month> <year> Parameter Description Local time in 24-hour format <hh:mm:ss> Day of the current month <1-31> <day>...
Page 170: Clock Summer-Time Date
YSTEM ONFIGURATION AND ONITORING OMMANDS CLOCK SUMMER TIME DATE clock summer-time date Overview This command defines the start and end of summertime for a specific year only, and specifies summertime’s offset value to Standard Time for that year. The no variant of this command removes the device’s summertime setting. This clears both specific summertime dates and recurring dates (set with the clock summer-time recurring...
Page 171: Clock Timezone
YSTEM ONFIGURATION AND ONITORING OMMANDS CLOCK SUMMER TIME DATE Related clock summer-time recurring Commands clock timezone C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 172: Clock Summer-Time Recurring
YSTEM ONFIGURATION AND ONITORING OMMANDS CLOCK SUMMER TIME RECURRING clock summer-time recurring Overview This command defines the start and end of summertime for every year, and specifies summertime’s offset value to Standard Time. The no variant of this command removes the device’s summertime setting. This clears both specific summertime dates (set with the clock summer-time date command) and recurring dates.
Page 173 YSTEM ONFIGURATION AND ONITORING OMMANDS CLOCK SUMMER TIME RECURRING Examples To set a summertime definition for New Zealand using NZST (UTC+12:00) as the standard time, and NZDT (UTC+13:00) as summertime, with summertime set to start on the 1st Sunday in October, and end on the 3rd Sunday in March, use the command: awplus(config)# clock summer-time NZDT recurring 1 sun oct 2:00...
Page 174: Clock Timezone
YSTEM ONFIGURATION AND ONITORING OMMANDS CLOCK TIMEZONE clock timezone Overview This command defines the device’s clock timezone. The timezone is set as a offset to the UTC. The no variant of this command resets the system time to UTC. By default, the system time is set to UTC. Syntax clock timezone <timezone-name>...
Page 175: Ecofriendly Led
YSTEM ONFIGURATION AND ONITORING OMMANDS ECOFRIENDLY LED ecofriendly led Overview Use this command to enable the eco-friendly LED (Light Emitting Diode) feature, which turns off power to the port LEDs. Power to the system status LED is not disabled. Use the no variant of this command to disable the eco-friendly LED feature. Syntax ecofriendly led no ecofriendly led...
Page 176: Findme
YSTEM ONFIGURATION AND ONITORING OMMANDS FINDME findme Overview Use this command to physically locate a specific device from a group of similar devices. Activating the command causes a selected number of port LEDs to alternately flash green then amber (if that device has amber LEDs) at a rate of 1 Hz. Use the no variant of this command to deactivate the Find Me feature prior to the timeout expiring.
Page 177: Hostname
YSTEM ONFIGURATION AND ONITORING OMMANDS HOSTNAME hostname Overview This command sets the name applied to the device as shown at the prompt. The hostname is: • displayed in the output of the show system command • displayed in the CLI prompt so you know which device you are configuring •...
Page 178 YSTEM ONFIGURATION AND ONITORING OMMANDS HOSTNAME : When AMF is configured, running the no hostname command will apply a NOTE hostname that is based on the MAC address of the device node, for example, node_0000_5e00_5301. Related show system Commands Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 179: Max-Fib-Routes
YSTEM ONFIGURATION AND ONITORING OMMANDS ROUTES max-fib-routes Overview This command enables you to control the maximum number of FIB routes configured. It operates by providing parameters that enable you to configure preset maximums and warning message thresholds. The operation of these parameters is explained in the Parameter / Description table shown below.
Page 180: Max-Static-Routes
YSTEM ONFIGURATION AND ONITORING OMMANDS STATIC ROUTES max-static-routes Overview Use this command to set the maximum number of static routes, excluding FIB (Forwarding Information Base) routes. Note that FIB routes are set and reset using max-fib-routes. Use the no variant of this command to set the maximum number of static routes to the default of 1000 static routes.
Page 181: No Debug All
YSTEM ONFIGURATION AND ONITORING OMMANDS NO DEBUG ALL no debug all Overview This command disables the debugging facility for all features on your device. This stops the device from generating any diagnostic debugging messages. The debugging facility is disabled by default. Syntax no debug all [dot1x|ipv6|nsm] Parameter...
Page 182: Reboot
YSTEM ONFIGURATION AND ONITORING OMMANDS REBOOT reboot Overview This command halts the device and performs a cold restart (also known as reload). It displays a confirmation request before restarting. Syntax reboot reload Mode Privileged Exec Usage The reboot and reload commands perform the same action. Examples To restart the device, use the command: awplus#...
Page 183: Reload
YSTEM ONFIGURATION AND ONITORING OMMANDS RELOAD reload Overview This command performs the same function as the reboot command. C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 184: Show Clock
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW CLOCK show clock Overview This command displays the system’s current configured local time and date. It also displays other clock related information such as timezone and summertime configuration. Syntax show clock Mode User Exec and Privileged Exec Example To display the system’s current local time, use the command: awplus#...
Page 185 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW CLOCK Related clock set Commands clock summer-time date clock summer-time recurring clock timezone C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 186: Show Cpu
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW CPU show cpu Overview This command displays a list of running processes with their CPU utilization. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 187 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW CPU Output Figure 5-2: Example output from the show cpu command CPU averages: 1 second: 12%, 20 seconds: 2%, 60 seconds: 2% System load averages: 1 minute: 0.03, 5 minutes: 0.02, 15 minutes: 0.00 Current CPU load: userspace: 6%, kernel: 4%, interrupts: 1% iowaits: 0% user processes...
Page 188 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW CPU Table 5-2: Parameters in the output of the show cpu command (cont.) Parameter Description Identifier number of the process. A shortened name for the process name Number of threads in the process. thrds Percentage of CPU utilization that this process is consuming.
Page 189: Show Cpu History
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW CPU HISTORY show cpu history Overview This command prints a graph showing the historical CPU utilization. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 190 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW CPU HISTORY Output Figure 5-3: Example output from the show cpu history command Per second CPU load history 10 ************************************************************ |..|..|..|..|..|..|..|..|..|..|..|..Oldest Newest CPU load% per second (last 60 seconds) * = average CPU load% Per minute CPU load history **************************************************** |..|..|..|..|..|..|..|..|..|..|..|..
Page 191: Show Process
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW CPU HISTORY Related show memory Commands show memory allocations show memory pools show process C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 192: Show Debugging
User Exec and Privileged Exec Usage This command displays all debugging information, similar to the way the show tech-support command displays all show output for use by Allied Telesis authorized service personnel only. Example To display all debugging information, use the command: awplus#...
Page 193: Show Ecofriendly
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW ECOFRIENDLY show ecofriendly Overview This command displays the switch’s eco-friendly configuration status. The ecofriendly led configuration status are shown in the show ecofriendly output. Syntax show ecofriendly Mode Privileged Exec and Global Configuration Example To display the switch’s eco-friendly configuration status, use the following command: awplus#...
Page 194: Show Interface Memory
This command displays the shared memory used by either all interfaces, or the specified interface or interfaces. The output is useful for diagnostic purposes by Allied Telesis authorized service personnel. For information on filtering and saving command output, see “Controlling “show”...
Page 195 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW INTERFACE MEMORY Figure 5-7: Example output from the show interface memory command awplus#show interface memory Vlan blocking state shared memory usage --------------------------------------------- Interface shmid Bytes Used nattch Status port1.0.1 393228 port1.0.2 458766 port1.0.3 360459 port1.0.4 524304 port1.0.5...
Page 196: Show Memory
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW MEMORY show memory Overview This command displays the memory used by each process that is currently running For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 197 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW MEMORY Table 5-4: Parameters in the output of the show memory command Parameter Description Total amount of RAM memory free. RAM total Available memory size. free Memory allocated kernel buffers. buffers Identifier number for the process. Short name used to describe the process.
Page 198: Show Memory Allocations
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW MEMORY ALLOCATIONS show memory allocations Overview This command displays the memory allocations used by processes. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 199: Show Memory History
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW MEMORY ALLOCATIONS Related show memory Commands show memory history show memory pools show memory shared show tech-support C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 200: Show Memory History
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW MEMORY HISTORY show memory history Overview This command prints a graph showing the historical memory usage. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 201: Show Memory Pools
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW MEMORY POOLS show memory pools Overview This command shows the memory pools used by processes. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 202: Show Memory Shared
Overview This command displays shared memory allocation information. The output is useful for diagnostic purposes by Allied Telesis authorized service personnel. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 203: Show Process
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW PROCESS show process Overview This command lists a summary of the current running processes. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 204 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW PROCESS Table 5-5: Parameters in the output from the show process command Parameter Description Average CPU load for the given period. CPU load Total memory size. RAM total Available memory. free Memory allocated to kernel buffers. buffers Identifier for the process.
Page 205: Show Reboot History
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW REBOOT HISTORY show reboot history Overview Use this command to display the device’s reboot history. Syntax show reboot history Mode User Exec and Privileged Exec Example To show the reboot history, use the command: awplus# show reboot history Output...
Page 206: Show Router-Id
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW ROUTER show router-id Overview Use this command to show the Router ID of the current system. Syntax show router-id Mode User Exec and Privileged Exec Example To display the Router ID of the current system, use the command: awplus# show router-id Output...
Page 207: Show System
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW SYSTEM show system Overview This command displays general system information about the device, including the hardware installed, memory, and software versions loaded. It also displays location and contact details when these have been set. For information on filtering and saving command output, see “Controlling “show”...
Page 208: Show System Environment
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW SYSTEM ENVIRONMENT show system environment Overview This command displays the current environmental status of your device and any attached PSU, XEM, or other expansion option. The environmental status covers information about temperatures, fans, and voltage. For information on filtering and saving command output, see “Controlling “show”...
Page 209: Show System Interrupts
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW SYSTEM INTERRUPTS show system interrupts Overview Use this command to display the number of interrupts for each IRQ (Interrupt Request) used to interrupt input lines on a PIC (Programmable Interrupt Controller) on your device. For information on filtering and saving command output, see “Controlling “show”...
Page 210: Show System Mac
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW SYSTEM MAC show system mac Overview This command displays the physical MAC address of the device. Syntax show system mac Mode User Exec and Privileged Exec Example To display the physical MAC address enter the following command: awplus# show system mac Output...
Page 211: Show System Pluggable
Different types of pluggable transceivers are supported in different models of device. See your Allied Telesis dealer for more information about the models of pluggables that your device supports.
Page 212 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW SYSTEM PLUGGABLE Output Figure 5-21: Example output from the show system pluggable port1.0.1 command System Pluggable Information Port Manufacturer Device Serial Number Datecode Type -------------------------------------------------------------------------------- 1.0.1 AGILENT HFBR-5710L 0401312315461272 040131 1000BASE-SX -------------------------------------------------------------------------------- Related show system environment Commands show system pluggable detail show system pluggable diagnostics...
Page 213: Show System Pluggable Detail
Different types of pluggable transceivers are supported in different models of device. See your Allied Telesis dealer for more information about the models of pluggables that your device supports.
Page 214 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW SYSTEM PLUGGABLE DETAIL manufacturing datecode, and type information), the show system pluggable detail command displays the following information: • SFP Laser Wavelength: Specifies the laser wavelength of the installed pluggable transceiver • Single mode Fiber: Specifies the link length supported by the pluggable transceiver using single mode fiber •...
Page 215 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW SYSTEM PLUGGABLE DETAIL Output Figure 5-22: Example output from the show system pluggable detail command on a device awplus#show system pluggable port1.0.24 detail System Pluggable Information Detail Port1.0.24 ========== Vendor Name: AGILENT Device Name: HFCT-5710L Device Type: 1000BASE-LX...
Page 216 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW SYSTEM PLUGGABLE DETAIL Table 5-7: Parameters in the output from the show system pluggables detail command: (cont.) Parameter Description OM1 (62.5um) Fiber Specifies the link length (in μm - micron) supported by the pluggable transceiver using 62.5 micron multi-mode fiber. OM2 (50um) Fiber Specifies the link length (in μm - micron) supported by the pluggable transceiver using 50 micron multi-mode fiber.
Page 217: Show System Pluggable Diagnostics
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW SYSTEM PLUGGABLE DIAGNOSTICS show system pluggable diagnostics Overview This command displays diagnostic information about SFP pluggable transceivers, which support Digital Diagnostic Monitoring (DDM). Different types of pluggable transceivers are supported in different models of device.
Page 218 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW SYSTEM PLUGGABLE DIAGNOSTICS Output Figure 5-23: Example output from the show system pluggable diagnostics command on a device awplus#show system pluggable diagnostics System Pluggable Information Diagnostics Port1.0.21 Status Alarms Warnings Reading Alarm Warning Temp: (Degrees C) 29.387 100.00 -40.00...
Page 219 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW SYSTEM PLUGGABLE DIAGNOSTICS Table 5-8: Parameters in the output from the show system pluggables diagnostics command (cont.) Parameter Description Rx Power (mW) Shows the amount of light received in the transceiver. Rx LOS Shows when the received optical level falls below a preset threshold.
Page 220: Show System Serialnumber
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW SYSTEM SERIALNUMBER show system serialnumber Overview This command shows the serial number information for the device. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 221: Show Tech-Support
YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW TECH SUPPORT show tech-support Overview This command generates system and debugging information for the device and saves it to a file. You can optionally limit the command output to display only information for a given protocol or feature. The command generates a large amount of output, which is saved to a file in compressed format.
Page 222 YSTEM ONFIGURATION AND ONITORING OMMANDS SHOW TECH SUPPORT By default the output is saved to the file ‘tech-support.txt.gz’ in the current directory. If this file already exists in the current directory then a new file is generated with the time stamp appended to the file name, for example ‘tech-support20080109.txt.gz’, so the last saved file is retained.
Page 223: Speed (Asyn)
YSTEM ONFIGURATION AND ONITORING OMMANDS SPEED ASYN speed (asyn) Overview This command changes the console speed from the device. Note that a change in console speed is applied for subsequent console sessions. Exit the current session to enable the console speed change using the clear line console command.
Page 224 YSTEM ONFIGURATION AND ONITORING OMMANDS SPEED ASYN Related clear line console Commands line show running-config show startup-config speed Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 225: C613-50054-01 Rev A Command Reference For X210 Series Edge Switches
YSTEM ONFIGURATION AND ONITORING OMMANDS SYSTEM TERRITORY DEPRECATED system territory (deprecated) Overview This command has been deprecated in version 5.4.4-0.1. It now has no effect. C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 226: Terminal Monitor
YSTEM ONFIGURATION AND ONITORING OMMANDS TERMINAL MONITOR terminal monitor Overview Use this command to display debugging output on a terminal. To display the cursor after a line of debugging output, press the Enter key. Use the command terminal no monitor to stop displaying debugging output on the terminal, or use the timeout option to stop displaying debugging output on the terminal after a set time.
Page 227: Undebug All
YSTEM ONFIGURATION AND ONITORING OMMANDS UNDEBUG ALL undebug all Overview This command applies the functionality of the no debug all command. C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 228: Logging Commands
Logging Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure logging. Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 229 OGGING OMMANDS Command List • “clear exception log” on page 230 • “clear log” on page 231 • “clear log buffered” on page 232 • “clear log permanent” on page 233 • “default log buffered” on page 234 • “default log console”...
Page 230: Clear Exception Log
OGGING OMMANDS CLEAR EXCEPTION LOG clear exception log Overview This command resets the contents of the exception log, but does not remove the associated core files. Syntax clear exception log Mode Privileged Exec Example awplus# clear exception log Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 231: Clear Log
OGGING OMMANDS CLEAR LOG clear log Overview This command removes the contents of the buffered and permanent logs. Syntax clear log Mode Privileged Exec Example To delete the contents of the buffered and permanent log use the command: awplus# clear log Validation show log Commands...
Page 232: Clear Log Buffered
OGGING OMMANDS CLEAR LOG BUFFERED clear log buffered Overview This command removes the contents of the buffered log. Syntax clear log buffered Mode Privileged Exec Example To delete the contents of the buffered log use the following commands: awplus# clear log buffered Validation show log Commands...
Page 233: Clear Log Permanent
OGGING OMMANDS CLEAR LOG PERMANENT clear log permanent Overview This command removes the contents of the permanent log. Syntax clear log permanent Mode Privileged Exec Example To delete the contents of the permanent log use the following commands: awplus# clear log permanent Validation show log Commands...
Page 234: Default Log Buffered
OGGING OMMANDS DEFAULT LOG BUFFERED default log buffered Overview This command restores the default settings for the buffered log stored in RAM. By default the size of the buffered log is 50 kB and it accepts messages with the severity level of “warnings” and above. Syntax default log buffered Default...
Page 235: Default Log Console
OGGING OMMANDS DEFAULT LOG CONSOLE default log console Overview This command restores the default settings for log messages sent to the terminal when a log console command is issued. By default all messages are sent to the console when a log console command is issued. Syntax default log console Mode...
Page 236: Default Log Email
OGGING OMMANDS DEFAULT LOG EMAIL default log email Overview This command restores the default settings for log messages sent to an email address. By default no filters are defined for email addresses. Filters must be defined before messages will be sent. This command also restores the remote syslog server time offset value to local (no offset).
Page 237: Default Log Host
OGGING OMMANDS DEFAULT LOG HOST default log host Overview This command restores the default settings for log sent to a remote syslog server. By default no filters are defined for remote syslog servers. Filters must be defined before messages will be sent. This command also restores the remote syslog server time offset value to local (no offset).
Page 238: Default Log Monitor
OGGING OMMANDS DEFAULT LOG MONITOR default log monitor Overview This command restores the default settings for log messages sent to the terminal when a terminal monitor command is used. Syntax default log monitor Default All messages are sent to the terminal when a terminal monitor command is used.
Page 239: Default Log Permanent
OGGING OMMANDS DEFAULT LOG PERMANENT default log permanent Overview This command restores the default settings for the permanent log stored in NVS. By default, the size of the permanent log is 50 kB and it accepts messages with the severity level of warnings and above. Syntax default log permanent Default...
Page 240: Log Buffered
OGGING OMMANDS LOG BUFFERED log buffered Overview This command configures the device to store log messages in RAM. Messages stored in RAM are not retained on the device over a restart. Once the buffered log reaches its configured maximum allowable size old messages will be deleted to make way for new ones.
Page 241: Log Buffered (Filter)
OGGING OMMANDS LOG BUFFERED FILTER log buffered (filter) Overview Use this command to create a filter to select messages to be sent to the buffered log. Selection can be based on the priority/ severity of the message, the program that generated the message, the logging facility used, a sub-string within the message or a combination of some or all of these.
Page 242 OGGING OMMANDS LOG BUFFERED FILTER Parameter Description The name of a program to log messages from, either one of the following predefined program <program- names (not case-sensitive), or another program name (case-sensitive) that you find in the log name>facil output: ity<facili ty>...
Page 243 OGGING OMMANDS LOG BUFFERED FILTER Mode Global Configuration Examples To add a filter to send all messages generated by EPSR that have a severity of notices or higher to the buffered log use the following commands: awplus# configure terminal awplus(config)# log buffered level notices program epsr To add a filter to send all messages containing the text Bridging initialization, to the buffered log use the following commands:...
Page 244: Log Buffered Size
OGGING OMMANDS LOG BUFFERED SIZE log buffered size Overview This command configures the amount of memory that the buffered log is permitted to use. Once this memory allocation has been filled old messages will be deleted to make room for new messages. Syntax log buffered size <50-250>...
Page 245: Log Console
OGGING OMMANDS LOG CONSOLE log console Overview This command configures the device to send log messages to consoles. The console log is configured by default to send messages to the devices main console port. Use the no variant of this command to configure the device not to send log messages to consoles.
Page 246: Log Console (Filter)
OGGING OMMANDS LOG CONSOLE FILTER log console (filter) Overview This command creates a filter to select messages to be sent to all consoles when the log console command is given. Selection can be based on the priority/severity of the message, the program that generated the message, the logging facility used, a sub-string within the message or a combination of some or all of these.
Page 247 OGGING OMMANDS LOG CONSOLE FILTER Parameter Description The name of a program to log messages from, either one of the following predefined program <program- names (not case-sensitive), or another program name (case-sensitive) that you find in the log name>facil output: ity<facili ty>...
Page 248 OGGING OMMANDS LOG CONSOLE FILTER command. This filter may be removed and replaced by filters that are more selective. Mode Global Configuration Examples To create a filter to send all messages generated by MSTP that have a severity of info or higher to console instances where the log console command has been given, remove the default filter that includes everything use the following commands: awplus#...
Page 249: Log Email
OGGING OMMANDS LOG EMAIL log email Overview This command configures the device to send log messages to an email address. The email address is specified in this command. Syntax log email <email-address> Parameter Description The email address to send log messages to <email-address>...
Page 250: Log Email (Filter)
OGGING OMMANDS LOG EMAIL FILTER log email (filter) Overview This command creates a filter to select messages to be sent to an email address. Selection can be based on the priority/ severity of the message, the program that generated the message, the logging facility used, a sub-string within the message or a combination of some or all of these.
Page 251 OGGING OMMANDS LOG EMAIL FILTER Parameter Description The name of a program to log messages from, either one of the following predefined program <program- names (not case-sensitive), or another program name (case-sensitive) that you find in the log name>facil output: ity<facili ty>...
Page 252 OGGING OMMANDS LOG EMAIL FILTER Examples To create a filter to send all messages generated by EPSR that have a severity of notices or higher to the email address admin@homebase.com use the following commands: awplus# configure terminal awplus(config)# log email admin@homebase.com level notices program epsr To create a filter to send all messages containing the text “Bridging initialization”, to the email address admin@homebase.com use the...
Page 253: Log Email Time
OGGING OMMANDS LOG EMAIL TIME log email time Overview This command configures the time used in messages sent to an email address. If the syslog server is in a different time zone to your device then the time offset can be configured using either the utc-offset parameter option keyword or the local-offset parameter option keyword, where utc-offset is the time difference from UTC (Universal Time, Coordinated) and local-offset is the difference from...
Page 254 OGGING OMMANDS LOG EMAIL TIME Examples To send messages to the email address test@home.com in the same time zone as the device’s local time zone, use the following commands: awplus# configure terminal awplus(config)# log email admin@base.com time local 0 To send messages to the email address admin@base.com with the time information converted to the time zone of the email recipient, which is 3 hours ahead of the device’s local time zone, use the following commands: awplus#...
Page 255: Log Host
OGGING OMMANDS LOG HOST log host Overview This command configures the device to send log messages to a remote syslog server via UDP port 514. The IP address of the remote server must be specified. By default no filters are defined for remote syslog servers. Filters must be defined before messages will be sent.
Page 256: Log Host (Filter)
OGGING OMMANDS LOG HOST FILTER log host (filter) Overview This command creates a filter to select messages to be sent to a remote syslog server. Selection can be based on the priority/severity of the message, the program that generated the message, the logging facility used, a substring within the message or a combination of some or all of these.
Page 257 OGGING OMMANDS LOG HOST FILTER Parameter Description The name of a program to log messages from, either one of the following predefined program <program- names (not case-sensitive), or another program name (case-sensitive) that you find in the log name>facil output: ity<facili ty>...
Page 258 OGGING OMMANDS LOG HOST FILTER Examples To create a filter to send all messages generated by EPSR that have a severity of notices or higher to a remote syslog server with IP address 10.32.16.21 use the following commands: awplus# configure terminal awplus(config)# log host 10.32.16.21 level notices program epsr To create a filter to send all messages containing the text “Bridging...
Page 259: Log Host Time
OGGING OMMANDS LOG HOST TIME log host time Overview This command configures the time used in messages sent to a remote syslog server. If the syslog server is in a different time zone to your device then the time offset can be configured using either the utc-offset parameter option keyword or the local-offset parameter option keyword, where utc-offset is the time difference from UTC (Universal Time, Coordinated) and local-offset is the difference from local time.
Page 260 OGGING OMMANDS LOG HOST TIME To send messages to the remote syslog server with the IP address 10.32.16.12 with the time information converted to the time zone of the remote syslog server, which is 3 hours ahead of the device’s local time zone, use the following commands: awplus# configure terminal...
Page 261: Log Monitor (Filter)
OGGING OMMANDS LOG MONITOR FILTER log monitor (filter) Overview This command creates a filter to select messages to be sent to the terminal when the terminal monitor command is given. Selection can be based on the priority/severity of the message, the program that generated the message, the logging facility used, a sub-string within the message or a combination of some or all of these.
Page 262 OGGING OMMANDS LOG MONITOR FILTER Parameter Description The name of a program to log messages from, either one of the following predefined program <program- names (not case-sensitive), or another program name (case-sensitive) that you find in the log name>facil output: ity<facili ty>...
Page 263 OGGING OMMANDS LOG MONITOR FILTER Mode Global Configuration Examples To create a filter to send all messages generated by MSTP that have a severity of info or higher to terminal instances where the terminal monitor command has been given use the following commands: awplus# configure terminal awplus(config)#...
Page 264: Log Permanent
OGGING OMMANDS LOG PERMANENT log permanent Overview This command configures the device to send permanent log messages to non-volatile storage (NVS) on the device. The content of the permanent log is retained over a reboot. Once the permanent log reaches its configured maximum allowable size old messages will be deleted to make way for new messages.
Page 265: Log Permanent (Filter)
OGGING OMMANDS LOG PERMANENT FILTER log permanent (filter) Overview This command creates a filter to select messages to be sent to the permanent log. Selection can be based on the priority/ severity of the message, the program that generated the message, the logging facility used, a sub-string within the message or a combination of some or all of these.
Page 266 OGGING OMMANDS LOG PERMANENT FILTER Parameter Description The name of a program to log messages from, either one of the following predefined program <program- names (not case-sensitive), or another program name (case-sensitive) that you find in the log name>facil output: ity<facili ty>...
Page 267 OGGING OMMANDS LOG PERMANENT FILTER Mode Global Configuration Examples To create a filter to send all messages generated by EPSR that have a severity of notices or higher to the permanent log use the following commands: awplus# configure terminal awplus(config)# log permanent level notices program epsr To create a filter to send all messages containing the text “Bridging initialization”, to the permanent log use the following commands:...
Page 268: Log Permanent Size
OGGING OMMANDS LOG PERMANENT SIZE log permanent size Overview This command configures the amount of memory that the permanent log is permitted to use. Once this memory allocation has been filled old messages will be deleted to make room for new messages. Syntax log permanent size <50-250>...
Page 269: Log-Rate-Limit Nsm
OGGING OMMANDS RATE LIMIT NSM log-rate-limit nsm Overview This command limits the number of log messages generated by the device for a given interval. Use the no variant of this command to revert to the default number of log messages generated by the device of up to 200 log messages per second. Syntax log-rate-limit nsm messages <message-limit>...
Page 270 OGGING OMMANDS RATE LIMIT NSM To return the device the default setting, to generate up to 200 log messages per second, use the following commands: awplus# configure terminal awplus(config)# no log-rate-limit nsm Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 271: Show Counter Log
OGGING OMMANDS SHOW COUNTER LOG show counter log Overview This command displays log counter information. Syntax show counter log Mode User Exec and Privileged Exec Example To display the log counter information, use the command: awplus# show counter log Output Figure 6-1: Example output from the show counter log command Log counters...
Page 272: Show Exception Log
OGGING OMMANDS SHOW EXCEPTION LOG show exception log Overview This command displays the contents of the exception log. Syntax show exception log Mode User Exec and Privileged Exec Example To display the exception log, use the command: awplus# show exception log Output Figure 6-2: Example output from the show exception log command on a...
Page 273: Show Log
OGGING OMMANDS SHOW LOG show log Overview This command displays the contents of the buffered log. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 274 OGGING OMMANDS SHOW LOG Output Figure 6-3: Example output from the show log command awplus#show log <date> <time> <facility>.<severity> <program[<pid>]>: <message> -------------------------------------------------------------------- 2011 Aug 29 07:55:22 kern.notice awplus kernel: Linux version 2.6.32.12-at1 (mak er@awpmaker03-dl) (gcc version 4.3.3 (Gentoo 4.3.3-r3 p1.2, pie-10.1.5) ) #1 Wed Dec 8 11:53:40 NZDT 2010 2011 Aug 29 07:55:22 kern.warning awplus kernel: No pci config register base in dev tree, using default...
Page 275 OGGING OMMANDS SHOW LOG Figure 6-4: Example output from the show log tail command awplus#show log tail <date> <time> <facility>.<severity> <program[<pid>]>: <message> -------------------------------------------------------------------- 2006 Nov 10 13:30:01 cron.notice crond[116]: USER manager pid 469 cmd logrotate / etc/logrotate.conf 2006 Nov 10 13:30:01 cron.notice crond[116]: USER manager pid 471 cmd nbqueue -- wipe 2006 Nov 10 13:35:01 cron.notice crond[116]: USER manager pid 472 cmd nbqueue -- wipe...
Page 276: Show Log Config
OGGING OMMANDS SHOW LOG CONFIG show log config Overview This command displays information about the logging system. This includes the configuration of the various log destinations, buffered, permanent, syslog servers (hosts) and email addresses. This also displays the latest status information for each of these destinations.
Page 277 OGGING OMMANDS SHOW LOG CONFIG Output Figure 6-5: Example output from the show log config command Buffered log: Status ..enabled Maximum size ... 100kb Filters: *1 Level ..notices Program ..any Facility ..any Message text . any 2 Level ..
Page 278: Show Log Permanent
OGGING OMMANDS SHOW LOG CONFIG Related show counter log Commands show log show log permanent Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 279: Show Log Permanent
OGGING OMMANDS SHOW LOG PERMANENT show log permanent Overview This command displays the contents of the permanent log. Syntax show log permanent [tail [<10-250>]] Parameter Description Display only the latest log entries. tail Specify the number of log entries to display. <10-250>...
Page 280: Show Running-Config Log
OGGING OMMANDS SHOW RUNNING CONFIG LOG show running-config log Overview This command displays the current running configuration of the Log utility. Syntax show running-config log Mode Privileged Exec and Global Configuration Example To display the current configuration of the log utility, use the command: awplus# show running-config log Related...
Page 281: Scripting Commands
Scripting Commands Introduction Overview This chapter provides commands used for command scripts. Command List • “activate” on page 282 • “echo” on page 283 • “wait” on page 284 Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 282: Activate
CRIPTING OMMANDS ACTIVATE activate Overview This command activates a script file. Syntax activate [background] <script> Parameter Description background Activate a script to run in the background. A process that is running in the background will operate as a separate task, and will not interrupt foreground processing.
Page 283: Echo
CRIPTING OMMANDS ECHO echo Overview This command echoes a string to the terminal, followed by a blank line. Syntax echo <line> Parameter Description The string to echo <line> Mode User Exec and Privileged Exec Usage This command may be useful in CLI scripts, to make the script print user-visible comments.
Page 284: Wait
CRIPTING OMMANDS WAIT wait Overview This command pauses execution of the active script for the specified period of time. Syntax wait <delay> Parameter Description <1-65335> Specify the time delay in seconds <delay> Default No wait delay is specified by default to pause script execution. Mode Privileged Exec (when executed from a script not directly from the command line) Usage...
Page 285: Interface Commands
Interface Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure and display interfaces. Command List • “description (interface)” on page 286 • “interface (to configure)” on page 287 • “mru” on page 289 • “mtu” on page 291 •...
Page 286: Description (Interface)
NTERFACE OMMANDS DESCRIPTION INTERFACE description (interface) Overview Use this command to add a description to a specific port or interface. Syntax description <description> Parameter Description Text describing the specific interface. <description> Mode Interface Configuration Example The following example uses this command to describe the device that a switch port is connected to.
Page 287: Interface (To Configure)
NTERFACE OMMANDS INTERFACE TO CONFIGURE interface (to configure) Overview Use this command to select one or more interfaces to configure. Syntax interface <interface-list> interface lo Parameter Description The interfaces or ports to configure. <interface-list> An interface-list can be: • an interface such as a VLAN (e.g. vlan2), a switch port (e.g. port1.0.6), a static channel group (e.g.
Page 288: Loopback Interface
NTERFACE OMMANDS INTERFACE TO CONFIGURE The following example shows how to enter Interface mode to configure the local loopback interface. awplus# configure terminal awplus(config)# interface lo awplus(config-if)# Related ip address Commands show interface show interface brief Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 289: Mru
NTERFACE OMMANDS Overview Use this command to set the Maximum Receive Unit (MRU) size for switch ports, where MRU is the maximum frame size (excluding headers) that switch ports can receive. For more information, see the Switching Feature Overview and Configuration Guide.
Page 290 NTERFACE OMMANDS To restore the MRU size of 1500 bytes on port1.0.2, use the commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# no mru Related show interface Commands Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 291: Mtu
NTERFACE OMMANDS Overview Use this command to set the Maximum Transmission Unit (MTU) size for VLANs, where MTU is the maximum packet size that VLANs can transmit. The MTU size setting is applied to both IPv4 and IPv6 packet transmission. Use the no variant of this command to remove a previously specified Maximum Transmission Unit (MTU) size for VLANs, and restore the default MTU size (1500 bytes) for VLANs.
Page 292 NTERFACE OMMANDS To restore the MTU size to the default MTU size of 1500 bytes on vlan2 and vlan4, use the commands awplus# configure terminal awplus(config)# interface vlan2-vlan4 awplus(config-if)# no mtu Related show interface Commands Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 293: Show Interface
NTERFACE OMMANDS SHOW INTERFACE show interface Overview Use this command to display interface configuration and status. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 294 NTERFACE OMMANDS SHOW INTERFACE Figure 8-1: Example output from the show interface command awplus#show interface Interface port1.0.1 Scope: both Link is DOWN, administrative state is UP Thrash-limiting Status Not Detected, Action learn-disable, Timeout 1(s) Hardware is Ethernet, address is 001a.eb54.f3ae index 5001 metric 1 mru 1500 configured duplex auto, configured speed auto, configured polarity auto <UP,BROADCAST,MULTICAST>...
Page 295 NTERFACE OMMANDS SHOW INTERFACE To display configuration and status information for interfaces vlan1 and vlan2, use the command: awplus# show interface vlan1,vlan2 Figure 8-3: Example output from the show interface vlan1,vlan2 command awplus#show interface vlan1,vlan2 Interface vlan1 Scope: both Link is UP, administrative state is UP Hardware is VLAN, address is 0015.77e9.5c50 IPv4 address 192.168.1.1/24 broadcast 192.168.1.255 index 201 metric 1 mtu 1500...
Page 296: Show Interface Brief
NTERFACE OMMANDS SHOW INTERFACE BRIEF show interface brief Overview Use this command to display brief interface, configuration, and status information, including provisioning information. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 297: Show Interface Status
NTERFACE OMMANDS SHOW INTERFACE STATUS show interface status Overview Use this command to display the status of the specified interface or interfaces. Note that when no interface or interfaces are specified then the status of all interfaces on the device are shown. Syntax show interface [<port-list>] status Parameter...
Page 298 NTERFACE OMMANDS SHOW INTERFACE STATUS Table 8-3: Example output from the show interface status command awplus#sho int status Port Name Status Vlan Duplex Speed Type port1.0.1 Trunk_Net connected trunk a-full a-1000 1000BaseTX port1.0.2 Access_Net1 connected 5 full 100 1000BaseTX port1.0.3 Access_Net1 disabled 5 auto auto 1000BaseTX...
Page 299 NTERFACE OMMANDS SHOW INTERFACE STATUS Table 8-4: Parameters in the output from the show interface status command Parameter Description The actual link speed of the interface, preceded by a- if it has Speed autonegotiated this speed. If the port is disabled or not connected, it displays the configured speed setting.
Page 300: Shutdown
NTERFACE OMMANDS SHUTDOWN shutdown Overview This command shuts down the selected interface. This administratively disables the link and takes the link down at the physical (electrical) layer. Use the no variant of this command to disable this function and therefore to bring the link back up again.
Page 301: Chapter 9: Interface Testing Commands
Interface Testing Commands Introduction Overview This chapter provides an alphabetical reference of commands used for testing interfaces. Command List • “clear test interface” on page 302 • “service test” on page 303 • “test interface” on page 304 Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 302: Clear Test Interface
NTERFACE ESTING OMMANDS CLEAR TEST INTERFACE clear test interface Overview This command clears test results and counters after issuing a test interface command. Test results and counters must be cleared to issue subsequent test interface commands later on. Syntax clear test interface {<port-list>|all} Parameter Description <port-list>...
Page 303: Service Test
NTERFACE ESTING OMMANDS SERVICE TEST service test Overview This command puts the device into the interface testing state, ready to begin testing. After entering this command, enter Interface Configuration mode for the desired interfaces and enter the command test interface. Do not test interfaces on a device that is part of a live network—disconnect the device first.
Page 304: Test Interface
NTERFACE ESTING OMMANDS TEST INTERFACE test interface Overview This command starts a test on a port or all ports or a selected range or list of ports. Use the no variant of this command to disable this function. The test duration can be configured by specifying the time in minutes after specifying a port or ports to test.
Page 305 NTERFACE ESTING OMMANDS TEST INTERFACE To see the output, use the commands: awplus# show test awplus# show test count To start the test on all interfaces for 1 minute use the command: awplus# test interface all time 1 Related clear test interface Commands C613-50054-01 REV A Command Reference for x210 Series Edge Switches...
Page 306: Chapter 10: Switching Commands
Switching Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure switching. For more information, see the Switching Feature Overview and Configuration Guide. Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 307 WITCHING OMMANDS Command List • “backpressure” on page 309 • “clear loop-protection counters” on page 311 • “clear mac address-table static” on page 312 • “clear mac address-table dynamic” on page 313 • “clear port counter” on page 315 • “debug loopprot”...
Page 308 WITCHING OMMANDS • “show port-security interface” on page 356 • “show port-security intrusion” on page 357 • “show storm-control” on page 358 • “speed” on page 360 • “storm-control level” on page 362 • “switchport port-security” on page 363 • “switchport port-security aging”...
Page 309: Backpressure
WITCHING OMMANDS BACKPRESSURE backpressure Overview This command provides a method of applying flow control to ports running in half duplex mode. The setting will only apply when the link is in the half-duplex state. You can disable backpressure on an interface using the off parameter or the no variant of this command.
Page 310 WITCHING OMMANDS BACKPRESSURE To disable back pressure flow control on interface port1.0.2 enter the following commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# backpressure off Validation show running-config Commands show interface Related duplex Commands Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 311: Clear Loop-Protection Counters
WITCHING OMMANDS CLEAR LOOP PROTECTION COUNTERS clear loop-protection counters Overview Use this command to clear the counters for the Loop Protection counters. Syntax clear loop-protection [interface <port-list>] counters Parameters Description The interface whose counters are to be cleared. interface A port, a port range, or an aggregated link. <port-list>...
Page 312: Clear Mac Address-Table Static
WITCHING OMMANDS CLEAR MAC ADDRESS TABLE STATIC clear mac address-table static Overview Use this command to clear the filtering database of all statically configured entries for a selected MAC address, interface, or VLAN. Syntax clear mac address-table static [address <mac-address>|interface <port>|vlan <vid>] Parameter Description...
Page 313: Clear Mac Address-Table Dynamic
WITCHING OMMANDS CLEAR MAC ADDRESS TABLE DYNAMIC clear mac address-table dynamic Overview Use this command to clear the filtering database of all entries learned for a selected MAC address, an MSTP instance, a switch port interface or a VLAN interface. Syntax clear mac address-table dynamic [address <mac-address>|interface <port>...
Page 314: Interface Port
WITCHING OMMANDS CLEAR MAC ADDRESS TABLE DYNAMIC This example shows how to clear all dynamically learned filtering database entries when learned through device operation for a given MAC address. awplus# clear mac address-table dynamic address 0202.0202.0202 This example shows how to clear all dynamically learned filtering database entries when learned through device operation for a given MSTP instance 1 on switch port interface port1.0.2.
Page 315: Clear Port Counter
WITCHING OMMANDS CLEAR PORT COUNTER clear port counter Overview Use this command to clear the packet counters of the port. Syntax clear port counter [<port>] Parameter Description The port number or range <port> Mode Privileged Exec Example To clear the packet counter for port1.0.1, use the command: awplus# clear port counter port1.0.1 Related...
Page 316: Debug Loopprot
WITCHING OMMANDS DEBUG LOOPPROT debug loopprot Overview This command enables Loop Protection debugging. The no variant of this command disables Loop Protection debugging. Syntax debug loopprot {info|msg|pkt|state|nsm|all} no debug loopprot {info|msg|pkt|state|nsm|all} Parameter Description General Loop Protection information. info Received and transmitted Loop Detection Frames (LDFs). Echo raw ASCII display of received and transmitted LDF packets to the console.
Page 317: Debug Platform Packet
WITCHING OMMANDS DEBUG PLATFORM PACKET debug platform packet Overview This command enables platform to CPU level packet debug functionality on the device. Use the no variant of this command to disable platform to CPU level packet debug. If the result means both send and receive packet debug are disabled, then any active timeout will be canceled.
Page 318 WITCHING OMMANDS DEBUG PLATFORM PACKET To enable packet debug for sFlow packets only for the default timeout of 5 minutes, enter: awplus# debug platform packet sflow To enable send packet debug with no timeout, enter: awplus# debug platform packet send timeout 0 To enable VLAN packet debug for VLAN 2 with a timeout duration of 3 minutes, enter: awplus#...
Page 319: Duplex
WITCHING OMMANDS DUPLEX duplex Overview This command changes the duplex mode for the specified port. To see the currently-negotiated duplex mode for ports whose links are up, use the command show interface. To see the configured duplex mode (when different from the default), use the command show running-config.
Page 320: Flowcontrol (Switch Port)
WITCHING OMMANDS FLOWCONTROL SWITCH PORT flowcontrol (switch port) Overview Use this command to enable flow control, and configure the flow control mode for the switch port. Use the no variant of this command to disable flow control for the specified switch port.
Page 321 WITCHING OMMANDS FLOWCONTROL SWITCH PORT Examples awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# flowcontrol receive on awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# flowcontrol send on awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# flowcontrol receive off awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# flowcontrol send off...
Page 322: Linkflap Action
WITCHING OMMANDS LINKFLAP ACTION linkflap action Overview Use this command to detect flapping on all ports. If more than 15 flaps occur in less than 15 seconds the flapping port will shut down. Use the no variant of this command to disable flapping detection at this rate. Syntax linkflap action [shutdown] no linkflap action...
Page 323: Loop-Protection
WITCHING OMMANDS LOOP PROTECTION loop-protection Overview Use this command to enable the loop-protection loop-detection feature, and configure the detection mechanism parameters. Use the no variant of this command to disable the loop-protection loop-detection feature. Syntax loop-protection loop-detect [ldf-interval <period>] [ldf-rx-window <frames>] [fast-block] no loop-protection [loop-detect] Parameter Description...
Page 324 WITCHING OMMANDS LOOP PROTECTION Related loop-protection action Commands loop-protection timeout show loop-protection thrash-limiting Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 325: Loop-Protection Action
WITCHING OMMANDS LOOP PROTECTION ACTION loop-protection action Overview Use this command to specify the protective action to apply when a network loop is detected on an interface. Use the no variant of this command to reset the loop protection actions to the default action, vlan-disable, on an interface.
Page 326: Loop-Protection Action-Delay-Time
WITCHING OMMANDS LOOP PROTECTION ACTION DELAY TIME loop-protection action-delay-time Overview Use this command to sets the loop protection action delay time for an interface to specified values in seconds. The action delay time specifies the waiting period for the action. Use the no variant of this command to reset the loop protection action delay time for an interface to default.
Page 327: Loop-Protection Timeout
WITCHING OMMANDS LOOP PROTECTION TIMEOUT loop-protection timeout Overview Use this command to specify the Loop Protection recovery action duration on an interface. Use the no variant of this command to set the loop protection timeout to the default. Syntax loop-protection timeout <duration> no loop-protection timeout Parameter Description...
Page 328: Mac Address-Table Acquire
WITCHING OMMANDS MAC ADDRESS TABLE ACQUIRE mac address-table acquire Overview Use this command to enable MAC address learning on the device. Use the no variant of this command to disable learning. Syntax mac address-table acquire no mac address-table acquire Default Learning is enabled by default for all instances.
Page 329: Mac Address-Table Ageing-Time
WITCHING OMMANDS MAC ADDRESS TABLE AGEING TIME mac address-table ageing-time Overview Use this command to specify an ageing-out time for a learned MAC address. The learned MAC address will persist for at least the specified time. The no variant of this command will reset the ageing-out time back to the default of 300 seconds (5 minutes).
Page 330: Mac Address-Table Static
WITCHING OMMANDS MAC ADDRESS TABLE STATIC mac address-table static Overview Use this command to statically configure the MAC address-table to forward or discard frames with a matching destination MAC address. Syntax mac address-table static <mac-addr> {forward|discard} interface <port> [vlan <vid>] no mac address-table static <mac-addr>...
Page 331: Mac Address-Table Thrash-Limit
WITCHING OMMANDS MAC ADDRESS TABLE THRASH LIMIT mac address-table thrash-limit Overview Use this command to set the thrash limit on the device. Thrashing occurs when a MAC address table rapidly “flips” its mapping of a single MAC address between two subnets, usually as a result of a network loop. Use the no variant of this command to disable thrash limiting.
Page 332: Mirror Interface
WITCHING OMMANDS MIRROR INTERFACE mirror interface Overview Use this command to define a mirror port and mirrored (monitored) ports and direction of traffic to be mirrored. The port for which you enter interface mode will be the mirror port. The destination port is removed from all VLANs, and no longer participates in other switching.
Page 333 WITCHING OMMANDS MIRROR INTERFACE Usage Use this command to send traffic to another device connected to the mirror port for monitoring. See the “Port Mirroring” section in the Switching Feature Overview and Configuration Guide for more information. A mirror port cannot be associated with a VLAN. If a switch port is configured to be a mirror port, it is automatically removed from any VLAN it was associated with.
Page 334: Platform Load-Balancing
WITCHING OMMANDS PLATFORM LOAD BALANCING platform load-balancing Overview This command selects which address fields are used as inputs into the load balancing algorithm for aggregated links. The output from this algorithm is used to select which individual path a given packet will traverse within an aggregated link.
Page 335: Platform Stop-Unreg-Mc-Flooding
WITCHING OMMANDS PLATFORM STOP UNREG FLOODING platform stop-unreg-mc-flooding Overview This command stops multicast packets flooding out of all the ports in the VLAN until these packets are registered. This command does this by sending unregistered multicast packets to the switch processor, so there is no flooding of the multicast traffic onto the VLAN.
Page 336 WITCHING OMMANDS PLATFORM STOP UNREG FLOODING See these sample console messages when the Group Membership interval timer expires, which happens when the switch does not get replies from Group Membership queries: awplus: [MLD-EVENTS] Grp - Rec Liveness Timer: Expiry for Grp ff0e::1 on port1.2.7 awplus: [IGMP-EVENTS] : Expiry (Unreg MC Timer) for Grp 224.2.2.2 on vlan4 Examples To enable this feature and stop multicast packet flooding, use the following...
Page 337: Polarity
WITCHING OMMANDS POLARITY polarity Overview This command sets the MDI/MDIX polarity on a copper-based switch port. Syntax polarity {auto|mdi|mdix} Parameter Description Sets the polarity to MDI (medium dependent interface). Sets the polarity to MDI-X (medium dependent interface crossover). mdix The switch port sets the polarity automatically. This is the default option. auto Default By default, switch ports set the polarity automatically (auto).
Page 338: Show Debugging Loopprot
WITCHING OMMANDS SHOW DEBUGGING LOOPPROT show debugging loopprot Overview This command shows Loop Protection debugging information. Syntax show debugging loopprot Mode User Exec and Privileged Exec Example To display the enabled Loop Protection debugging modes, use the command: awplus# show debugging loopprot Related debug loopprot Commands...
Page 339: Show Debugging Platform Packet
WITCHING OMMANDS SHOW DEBUGGING PLATFORM PACKET show debugging platform packet Overview This command shows platform to CPU level packet debugging information. Syntax show debugging platform packet Mode User Exec and Privileged Exec Example To display the platform packet debugging information, use the command: awplus# show debugging platform packet Related...
Page 340: Show Flowcontrol Interface
WITCHING OMMANDS SHOW FLOWCONTROL INTERFACE show flowcontrol interface Overview Use this command to display flow control information. Syntax show flowcontrol interface <port> Parameter Description Specifies the name of the port to be displayed. <port> Mode User Exec and Privileged Exec Example To display the flow control for the port1.0.5, use the command: awplus#...
Page 341: Show Interface Err-Disabled
WITCHING OMMANDS SHOW INTERFACE ERR DISABLED show interface err-disabled Overview Use this command to show the ports which have been dynamically shut down by protocols running on the device and the protocols responsible for the shutdown. Syntax show interface [<IFRANGE> err-disabled] Parameter Description Interface range...
Page 342: Show Interface Switchport
WITCHING OMMANDS SHOW INTERFACE SWITCHPORT show interface switchport Overview Use this command to show VLAN information about each switch port. Syntax show interface switchport Mode User Exec and Privileged Exec Example To display VLAN information about each switch port, enter the command: awplus# show interface switchport Output...
Page 343: Show Loop-Protection
WITCHING OMMANDS SHOW LOOP PROTECTION show loop-protection Overview Use this command to display the current loop protection setup for the device. Syntax show loop-protection [interface <port-list>] [counters] Parameter Description The interface selected for display. interface A port, a port range, or an aggregated link. <port-list>...
Page 344 WITCHING OMMANDS SHOW LOOP PROTECTION Figure 10-5: Example output from the show loop-protection interface counters command for port1.0.1 Interface: port1.0.1 Vlan: LDF Tx: LDF Rx: Invalid LDF Rx: Action: Vlan: LDF Tx: LDF Rx: Invalid LDF Rx: Action: Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 345: Show Mac Address-Table
WITCHING OMMANDS SHOW MAC ADDRESS TABLE show mac address-table Overview Use this command to display the mac address-table for all configured VLANs. Syntax show mac address-table Mode User Exec and Privileged Exec Usage The show mac address-table command is only applicable to view a mac address-table for Layer 2 switched traffic within VLANs.
Page 346 WITCHING OMMANDS SHOW MAC ADDRESS TABLE Also note manually configured static mac-addresses are shown to the right of the type column: awplus(config)#mac address-table static 0000.1111.2222 for int port1.0.3 vlan 2 awplus(config)#end awplus# awplus#show mac address-table VLAN Port State unknown 0000.cd28.0752 static port1.0.2 0030.846e.bac7...
Page 347: Show Mac Address-Table Thrash-Limit
WITCHING OMMANDS SHOW MAC ADDRESS TABLE THRASH LIMIT show mac address-table thrash-limit Overview Use this command to display the current thrash limit set for all interfaces on the device. Syntax show mac address-table thrash-limit Mode User Exec and Privileged Exec Example To display the current, use the following command: awplus#...
Page 348: Show Mirror
WITCHING OMMANDS SHOW MIRROR show mirror Overview Use this command to display the status of all mirrored ports. Syntax show mirror Mode User Exec and Privileged Exec Example To display the status of all mirrored ports, use the following command: awplus# show mirror Output...
Page 349: Show Mirror Interface
WITCHING OMMANDS SHOW MIRROR INTERFACE show mirror interface Overview Use this command to display port mirroring configuration for a mirrored (monitored) switch port. Syntax show mirror interface <port> Parameter Description The monitored switch port to display information about. <port> Mode User Exec, Privileged Exec and Interface Configuration Example To display port mirroring configuration for the port1.0.4, use the following...
Page 350: Show Platform
WITCHING OMMANDS SHOW PLATFORM show platform Overview This command displays the settings configured by using the platform commands. Syntax show platform Mode Privileged Exec Usage This command displays the settings in the running config. For changes in some of these settings to take effect, the device must be rebooted with the new settings in the startup config.
Page 351: Show Platform Classifier Statistics Utilization Brief
WITCHING OMMANDS SHOW PLATFORM CLASSIFIER STATISTICS UTILIZATION BRIEF show platform classifier statistics utilization brief Overview This command displays the number of used entries available for various platform functions, and the percentage that number of entries represents of the total available. Syntax show platform classifier statistics utilization brief Mode...
Page 352: Show Platform Port
WITCHING OMMANDS SHOW PLATFORM PORT show platform port Overview This command displays the various port registers or platform counters for specified switchports. Syntax show platform port [<port-list>|counters] Parameter Description The ports to display information about. A port-list can be: <port-list> •...
Page 353 WITCHING OMMANDS SHOW PLATFORM PORT Output Figure 10-11: Example output from the show platform port command awplus#show platform port port1.0.1 Phy register value for port1.0.1 (ifindex: 5001) 00:1140 01:7949 02:0020 03:60B1 04:01E1 05:0000 06:0004 07:2001 08:0000 09:0600 10:0000 11:0000 12:0000 13:0000 14:0000 15:0000...
Page 354 WITCHING OMMANDS SHOW PLATFORM PORT Table 10-2: Parameters in the output from the show platform port command Parameter Description Number of packets received and transmitted with 1024 - MaxPktSz size 1024 octets to the maximum packet length. Number of 1519 - 1522 octet packets received and 1519 - 1522 transmitted.
Page 355 WITCHING OMMANDS SHOW PLATFORM PORT Table 10-2: Parameters in the output from the show platform port command Parameter Description Number of octets transmitted. Octets Number of packets transmitted. Pkts Number of unicast packets transmitted. UnicastPkts Number of multicast packets transmitted. MulticastPkts Number of broadcast packets transmitted.
Page 356: Show Port-Security Interface
WITCHING OMMANDS SHOW PORT SECURITY INTERFACE show port-security interface Overview Use this command to show the current port-security configuration and the switch port status. Syntax show port-security interface <port> Parameter Description The port to display information about. The port may be a switch <port>...
Page 357: Show Port-Security Intrusion
WITCHING OMMANDS SHOW PORT SECURITY INTRUSION show port-security intrusion Overview Shows the intrusion list. If the port is not specified, the entire intrusion table is shown. Syntax show port-security intrusion [interface <port>] Parameter Description Specify a port interface The port to display information about. The port may be a switch <port>...
Page 358: Show Storm-Control
WITCHING OMMANDS SHOW STORM CONTROL show storm-control Overview Use this command to display storm-control information for all interfaces or a particular interface. Syntax show storm-control [<port>] Parameter Description The port to display information about. The port may be a switch port <port>...
Page 359 WITCHING OMMANDS SHOW STORM CONTROL Output Figure 10-15: Example output from the show storm-control command for all ports awplus#show storm-control Port BcastLevel McastLevel DlfLevel port1.0.1 100.0% 100.0% 100.0% port1.0.2 100.0% 100.0% 100.0% port1.0.3 100.0% 100.0% 100.0% port1.0.4 100.0% 100.0% 100.0% port1.0.5 100.0% 100.0%...
Page 360: Speed
WITCHING OMMANDS SPEED speed Overview This command changes the speed of the specified port. You can optionally specify the speed or speeds that get autonegotiated, so autonegotiation is only attempted at the specified speeds. To see the currently-negotiated speed for ports whose links are up, use the show interface command.
Page 361 WITCHING OMMANDS SPEED To return the port to auto-negotiating its speed, enter the following commands: awplus# configure terminal awplus(config)# interface port1.0.4 awplus(config-if)# speed auto To set a port to auto-negotiate its speed at 100Mbps and 1000Mbps, enter the following commands: awplus# configure terminal awplus(config)#...
Page 362: Storm-Control Level
WITCHING OMMANDS STORM CONTROL LEVEL storm-control level Overview Use this command to specify the threshold level for broadcasting, multicast, or destination lookup failure (DLF) traffic for the port. Storm-control limits the specified traffic type to the specified threshold. Use the no variant of this command to disable storm-control for broadcast, multicast or DLF traffic.
Page 363: Switchport Port-Security
WITCHING OMMANDS SWITCHPORT PORT SECURITY switchport port-security Overview Enables the port-security feature. This feature is also known as the port-based learn limit. It allows the user to set the maximum number of MAC addresses that each port can learn. Use the no variant of this command to disable the port-security feature. Syntax switchport port-security no switchport port-security...
Page 364: Switchport Port-Security Aging
WITCHING OMMANDS SWITCHPORT PORT SECURITY AGING switchport port-security aging Overview Sets the port-security MAC to time out. Use the no variant of this command to set the port-security to not time out. Syntax switchport port-security aging no switchport port-security aging Mode Interface Configuration Examples...
Page 365: Switchport Port-Security Maximum
WITCHING OMMANDS SWITCHPORT PORT SECURITY MAXIMUM switchport port-security maximum Overview Sets the maximum MAC address that each port can learn. Use the no variant of this command to unset the maximum number of MAC addresses that each port can learn. This is same as setting the maximum number to 0.
Page 366: Switchport Port-Security Violation
WITCHING OMMANDS SWITCHPORT PORT SECURITY VIOLATION switchport port-security violation Overview Sets the violation action for a switch port when the port exceeds the learning limits. The port action can be either shutdown, restrict or protect. If shutdown is set, the physical link will be disabled and “shutdown” will be shown in the config. If restrict is set, the packet from the un-authorized MAC will be discarded and SNMP TRAP will be generated to alert management.
Page 367: Thrash-Limiting
WITCHING OMMANDS THRASH LIMITING thrash-limiting Overview Sets and configures the thrash limit action that will be applied to any port on the device when a thrashing condition is detected. The thrash-limiting timeout specifies the time, in seconds, for which the thrash action is employed. Syntax thrash-limiting {[action {learn-disable|link-down|port-disable|vlan-disable|none}]...
Page 368 WITCHING OMMANDS THRASH LIMITING To set the thrash limiting action to its default, use the following command: awplus(config-if)# no thrash-limiting action To set the thrash limiting timeout to its default, use the following command: awplus(config-if)# no thrash-limiting timeout Related loop-protection Commands loop-protection action loop-protection timeout...
Page 369: C613-50054-01 Rev A Command Reference For X210 Series Edge Switches
WITCHING OMMANDS UNDEBUG LOOPPROT undebug loopprot Overview This command applies the functionality of the no debug loopprot command. C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 370: Undebug Platform Packet
WITCHING OMMANDS UNDEBUG PLATFORM PACKET undebug platform packet Overview This command applies the functionality of the no debug platform packet command. Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 371: Chapter 11: Vlan Commands
VLAN Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure VLANs. For more information see the VLAN Feature Overview and Configuration Guide. Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 372 VLAN C OMMANDS Command List • “port-vlan-forwarding-priority” on page 373 • “private-vlan” on page 376 • “private-vlan association” on page 377 • “show port-vlan-forwarding-priority” on page 378 • “show vlan” on page 379 • “show vlan classifier group” on page 380 •...
Page 373: Port-Vlan-Forwarding-Priority
VLAN C OMMANDS PORT VLAN FORWARDING PRIORITY port-vlan-forwarding-priority Overview Use this command to set the highest priority protocol to control transitions from blocking to forwarding traffic. This command prioritizes switch port forwarding mode control, when more than one of EPSR, Loop Protection, and MAC thrashing protection protocols are used on the switch.
Page 374 VLAN C OMMANDS PORT VLAN FORWARDING PRIORITY could set a port to forwarding for a VLAN, sometimes overriding the previous setting by another protocol to block the port. This could sometimes lead to unexpected broadcast storms. Now, when a protocol is set to have the highest priority over a data VLAN on a port, it will not allow other protocols to put that port-vlan into a forwarding state if the highest priority protocol blocked it.
Page 375 VLAN C OMMANDS PORT VLAN FORWARDING PRIORITY To prioritize Loop Protection over EPSR or MAC Thrashing protection settings, so that EPSR or MAC Thrashing protection cannot set a port to the forwarding state a VLAN if Loop Protection has set it to the blocking state, use the commands: awplus# configure terminal awplus(config)#...
Page 376: Private-Vlan
VLAN C OMMANDS PRIVATE VLAN private-vlan Overview Use this command to a create a private VLAN. Private VLANs can be either primary or secondary. Secondary VLANs can be ether community or isolated. Use the no variant of this command to remove the specified private VLAN. For more information, see the VLAN Feature Overview and Configuration Guide.
Page 377: Private-Vlan Association
VLAN C OMMANDS PRIVATE VLAN ASSOCIATION private-vlan association Overview Use this command to associate a secondary VLAN to a primary VLAN. Only one isolated VLAN can be associated to a primary VLAN. Multiple community VLANs can be associated to a primary VLAN. Use the no variant of this command to remove association of all the secondary VLANs to a primary VLAN.
Page 378: Show Port-Vlan-Forwarding-Priority
VLAN C OMMANDS SHOW PORT VLAN FORWARDING PRIORITY show port-vlan-forwarding-priority Overview Use this command to display the highest priority protocol that controls port-vlan forwarding or blocking traffic. This command displays whether EPSR or Loop Protection is set as the highest priority for determining whether a port forwards a VLAN, as set by the port-vlan-forwarding-priority command.
Page 379: Show Vlan
VLAN C OMMANDS SHOW VLAN show vlan Overview Use this command to display information about a particular VLAN by specifying the VLAN ID. It displays information for all the VLANs configured. Syntax show vlan {all|brief|dynamic|static|auto|static-ports<1-4094>} Parameter Description Display information about the VLAN specified by the VLAN ID. <1-4094>...
Page 380: Show Vlan Classifier Group
VLAN C OMMANDS SHOW VLAN CLASSIFIER GROUP show vlan classifier group Overview Use this command to display information about all configured VLAN classifier groups or a specific group. Syntax show vlan classifier group [<1-16>] Parameter Description VLAN classifier group identifier <1-16>...
Page 381: Show Vlan Classifier Group Interface
VLAN C OMMANDS SHOW VLAN CLASSIFIER GROUP INTERFACE show vlan classifier group interface Overview Use this command to display information about a single switch port interface for all configured VLAN classifier groups. Syntax show vlan classifier group interface <switch-port> Parameter Description Specify the switch port interface classifier group identifier <switch-port>...
Page 382: Show Vlan Classifier Interface Group
VLAN C OMMANDS SHOW VLAN CLASSIFIER INTERFACE GROUP show vlan classifier interface group Overview Use this command to display information about all interfaces configured for a VLAN group or all the groups. Syntax show vlan classifier interface group [<1-16>] Parameter Description VLAN classifier interface group identifier <1-16>...
Page 383: Show Vlan Classifier Rule
VLAN C OMMANDS SHOW VLAN CLASSIFIER RULE show vlan classifier rule Overview Use this command to display information about all configured VLAN classifier rules or a specific rule. Syntax show vlan classifier rule [<1-256>] Parameter Description VLAN classifier rule identifier <1-256>...
Page 384: Show Vlan Private-Vlan
VLAN C OMMANDS SHOW VLAN PRIVATE VLAN show vlan private-vlan Overview Use this command to display the private VLAN configuration and associations. Syntax show vlan private-vlan Mode User Exec and Privileged Exec Example To display the private VLAN configuration and associations, enter the command: awplus# show vlan private-vlan Output...
Page 385: Switchport Access Vlan
VLAN C OMMANDS SWITCHPORT ACCESS VLAN switchport access vlan Overview Use this command to change the port-based VLAN of the current port. Use the no variant of this command to change the port-based VLAN of this port to the default VLAN, vlan1. Syntax switchport access vlan <vlan-id>...
Page 386: Switchport Enable Vlan
VLAN C OMMANDS SWITCHPORT ENABLE VLAN switchport enable vlan Overview This command enables the VLAN on the port manually once disabled by certain actions, such as QSP (QoS Storm Protection) or EPSR (Ethernet Protection Switching Ring). Note that if the VID is not given, all disabled VLANs are re-enabled. Syntax switchport enable vlan [<1-4094>] Parameter...
Page 387: Switchport Mode Access
VLAN C OMMANDS SWITCHPORT MODE ACCESS switchport mode access Overview Use this command to set the switching characteristics of the port to access mode. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria. Syntax switchport mode access [ingress-filter {enable|disable}] Parameter...
Page 388: Switchport Mode Private-Vlan
VLAN C OMMANDS SWITCHPORT MODE PRIVATE VLAN switchport mode private-vlan Overview Use this command to make a Layer 2 port a private VLAN host port or a promiscuous port. Use the no variant of this command to remove the configuration. Syntax switchport mode private-vlan {host|promiscuous} no switchport mode private-vlan {host|promiscuous}...
Page 389: Switchport Mode Private-Vlan Trunk Promiscuous
VLAN C OMMANDS SWITCHPORT MODE PRIVATE VLAN TRUNK PROMISCUOUS switchport mode private-vlan trunk promiscuous Overview Use this command to enable a port in trunk mode to be promiscuous port for isolated VLANs. : Private VLAN trunk ports are not supported by the current AlliedWare Plus GVRP NOTE implementation.
Page 390 VLAN C OMMANDS SWITCHPORT MODE PRIVATE VLAN TRUNK PROMISCUOUS To create the isolated VLANs 2, 3 and 4 and then enable port1.1.2 in trunk mode as a promiscuous port for these VLANs with the group ID of 3, use the following commands: awplus# configure terminal...
Page 391: Switchport Mode Private-Vlan Trunk Secondary
VLAN C OMMANDS SWITCHPORT MODE PRIVATE VLAN TRUNK SECONDARY switchport mode private-vlan trunk secondary Overview Use this command to enable a port in trunk mode to be a secondary port for isolated VLANs. : Private VLAN trunk ports are not supported by the current AlliedWare Plus GVRP NOTE implementation.
Page 392 VLAN C OMMANDS SWITCHPORT MODE PRIVATE VLAN TRUNK SECONDARY To create isolated private VLAN 2 and then enable port1.1.3 in trunk mode as a secondary port for the this VLAN with the group ID of 3, use the following commands: awplus# configure terminal awplus(config)#...
Page 393: Switchport Mode Trunk
VLAN C OMMANDS SWITCHPORT MODE TRUNK switchport mode trunk Overview Use this command to set the switching characteristics of the port to trunk. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria. Syntax switchport mode trunk [ingress-filter {enable|disable}] Parameter...
Page 394: Switchport Private-Vlan Host-Association
VLAN C OMMANDS SWITCHPORT PRIVATE VLAN HOST ASSOCIATION switchport private-vlan host-association Overview Use this command to associate a primary VLAN and a secondary VLAN to a host port. Only one primary and secondary VLAN can be associated to a host port. Use the no variant of this command to remove the association.
Page 395: Switchport Private-Vlan Mapping
VLAN C OMMANDS SWITCHPORT PRIVATE VLAN MAPPING switchport private-vlan mapping Overview Use this command to associate a primary VLAN and a set of secondary VLANs to a promiscuous port. Use the no variant of this to remove all the association of secondary VLANs to primary VLANs for a promiscuous port.
Page 396: Switchport Trunk Allowed Vlan
VLAN C OMMANDS SWITCHPORT TRUNK ALLOWED VLAN switchport trunk allowed vlan Overview Use this command to add VLANs to be trunked over this switch port. Traffic for these VLANs can be sent and received on the port. Use the no variant of this command to reset switching characteristics of a specified interface to negate a trunked configuration specified with switchport trunk allowed vlan command.
Page 397 VLAN C OMMANDS SWITCHPORT TRUNK ALLOWED VLAN : Only use the add or the remove parameters with this command if a list of VLANs NOTE are configured on a port. Only use the except parameter to remove VLANs after either the except or the all parameters have first been used to add a list of VLANs to a port.
Page 398 VLAN C OMMANDS SWITCHPORT TRUNK ALLOWED VLAN awplus#show running-config interface port1.0.5 switchport switchport mode trunk switchport trunk allowed vlan except 3,5 Examples The following shows adding a single VLAN to the port’s member set. awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# switchport trunk allowed vlan add 2 The following shows adding a range of VLANs to the port’s member set.
Page 399: Switchport Trunk Native Vlan
VLAN C OMMANDS SWITCHPORT TRUNK NATIVE VLAN switchport trunk native vlan Overview Use this command to configure the native VLAN for this port. The native VLAN is used for classifying the incoming untagged packets. Use the none parameter with this command to remove the native VLAN from the port and set the acceptable frame types to vlan-tagged only.
Page 400 VLAN C OMMANDS SWITCHPORT TRUNK NATIVE VLAN The following commands revert the native VLAN to the default VLAN 1 for interface port1.0.2: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# no switchport trunk native vlan Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 401: Switchport Voice Dscp
VLAN C OMMANDS SWITCHPORT VOICE DSCP switchport voice dscp Overview Use this command to configure the Layer 3 DSCP value advertised when the transmission of LLDP-MED Network Policy TLVs for voice devices is enabled. When LLDP-MED capable IP phones receive this network policy information, they transmit voice data with the specified DSCP value.
Page 402: Switchport Voice Vlan
VLAN C OMMANDS SWITCHPORT VOICE VLAN switchport voice vlan Overview Use this command to configure the Voice VLAN tagging advertised when the transmission of LLDP-MED Network Policy TLVs for voice endpoint devices is enabled. When LLDP-MED capable IP phones receive this network policy information, they transmit voice data with the specified tagging.
Page 403 VLAN C OMMANDS SWITCHPORT VOICE VLAN If the Voice VLAN details are to be assigned by RADIUS, then the RADIUS server must be configured to send the attribute “Egress-VLANID (56)” or “Egress-VLAN-Name (58)” in the RADIUS Accept message when authenticating a phone attached to this port.
Page 404: Switchport Voice Vlan Priority
VLAN C OMMANDS SWITCHPORT VOICE VLAN PRIORITY switchport voice vlan priority Overview Use this command to configure the Layer 2 user priority advertised when the transmission of LLDP-MED Network Policy TLVs for voice devices is enabled. This is the priority in the User Priority field of the IEEE 802.1Q VLAN tag, also known as the Class of Service (CoS), or 802.1p priority.
Page 405: Vlan
VLAN C OMMANDS VLAN vlan Overview This command creates VLANs, assigns names to them, and enables or disables them. Specifying the disable state causes all forwarding over the specified VLAN ID to cease. Specifying the enable state allows forwarding of frames on the specified VLAN.
Page 406: Vlan Classifier Activate
VLAN C OMMANDS VLAN CLASSIFIER ACTIVATE vlan classifier activate Overview Use this command in Interface Configuration mode to associate a VLAN classifier group with the switch port. Use the no variant of this command to remove the VLAN classifier group from the switch port.
Page 407: Vlan Classifier Group
VLAN C OMMANDS VLAN CLASSIFIER GROUP vlan classifier group Overview Use this command to create a group of VLAN classifier rules. The rules must already have been created. Use the no variant of this command to delete a group of VLAN classifier rules. Syntax vlan classifier group <1-16>...
Page 408: Vlan Classifier Rule Ipv4
VLAN C OMMANDS VLAN CLASSIFIER RULE IPV vlan classifier rule ipv4 Overview Use this command to create an IPv4 subnet-based VLAN classifier rule and map it to a specific VLAN. Use the no variant of this command to delete the VLAN classifier rule.
Page 409: Vlan Classifier Rule Proto
VLAN C OMMANDS VLAN CLASSIFIER RULE PROTO vlan classifier rule proto Overview Use this command to create a protocol type-based VLAN classifier rule, and map it to a specific VLAN. See the published IANA EtherType IEEE 802 numbers here: www.iana.org/assignments/ieee-802-numbers/ieee-802-numbers.txt. Instead of a protocol name the decimal value of the protocol's EtherType can be entered.
Page 410 VLAN C OMMANDS VLAN CLASSIFIER RULE PROTO Parameter Description DEC LAT protocol [declat|24580] DEC Systems Comms [decsyscomm|24583] Arch protocol G8BPQ AX.25 protocol [g8bpqx25|2303] Xerox IEEE802.3 PUP [ieeeaddrtrans|2561] Address Xerox IEEE802.3 PUP [ieeepup|2560] protocol IP protocol [ip|2048] IPv6 protocol [ipv6|34525] IPX protocol [ipx|33079] IBM NETBIOS/NETBEUI [netbeui|61680]...
Page 411 VLAN C OMMANDS VLAN CLASSIFIER RULE PROTO Examples awplus# configure terminal awplus(config)# vlan classifier rule 1 proto x25 encap ethv2 vlan 2 awplus(config)# vlan classifier rule 2 proto 512 encap ethv2 vlan 2 awplus(config)# vlan classifier rule 3 proto 2056 encap ethv2 vlan 2 awplus(config)# vlan classifier rule 4 proto 2054 encap ethv2...
Page 412: Vlan Database
VLAN C OMMANDS VLAN DATABASE vlan database Overview Use this command to enter the VLAN Configuration mode. Syntax vlan database Mode Global Configuration Usage Use this command to enter the VLAN configuration mode. You can then add or delete a VLAN, or modify its values. Example In the following example, note the change to VLAN configuration mode from Configure mode:...
Page 413: Chapter 12: Spanning Tree Commands
Spanning Tree Commands Introduction Overview This chapter provides an alphabetical reference for commands used to configure RSTP, STP or MSTP. For information about spanning trees, including configuration procedures, see the STP Feature Overview and Configuration Guide. Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 414 PANNING OMMANDS Command List • “clear spanning-tree statistics” on page 416 • “clear spanning-tree detected protocols (RSTP and MSTP)” on page 417 • “debug mstp (RSTP and STP)” on page 418 • “instance priority (MSTP)” on page 422 • “instance vlan (MSTP)”...
Page 415 PANNING OMMANDS • “spanning-tree max-age” on page 468 • “spanning-tree max-hops (MSTP)” on page 469 • “spanning-tree mode” on page 470 • “spanning-tree mst configuration” on page 471 • “spanning-tree mst instance” on page 472 • “spanning-tree mst instance path-cost” on page 473 •...
Page 416: Clear Spanning-Tree Statistics
PANNING OMMANDS CLEAR SPANNING TREE STATISTICS clear spanning-tree statistics Overview Use this command to clear all the STP BPDU (Bridge Protocol Data Unit) statistics. Syntax clear spanning-tree statistics clear spanning-tree statistics [instance <mstp-instance>] clear spanning-tree statistics [interface <port> [instance <mstp-instance>]] Parameter Description The port to clear STP BPDU statistics for.
Page 417: Clear Spanning-Tree Detected Protocols (Rstp And Mstp)
PANNING OMMANDS (RSTP MSTP) CLEAR SPANNING TREE DETECTED PROTOCOLS clear spanning-tree detected protocols (RSTP and MSTP) Overview Use this command to clear the detected protocols for a specific port, or all ports. Use this command in RSTP or MSTP mode only. Syntax clear spanning-tree detected protocols [interface <port>] Parameter...
Page 418: Debug Mstp (Rstp And Stp)
PANNING OMMANDS (RSTP STP) DEBUG MSTP debug mstp (RSTP and STP) Overview Use this command to enable debugging for the configured spanning tree mode, and echo data to the console, at various levels. Note that although this command uses the keyword mstp it displays debugging output for RSTP and STP protocols as well the MSTP protocol.
Page 419 PANNING OMMANDS (RSTP STP) DEBUG MSTP command. The default terminal monitor filter will select and display these messages. Alternatively, the messages can be directed to any of the other log outputs by adding a filter for the MSTP application using log buffered (filter) command: awplus#...
Page 420 PANNING OMMANDS (RSTP STP) DEBUG MSTP awplus#terminal monitor awplus#debug mstp packet rx decode interface port1.0.4 17:23:42 awplus MSTP[1417]: port1.0.4 xSTP BPDU rx - start 17:23:42 awplus MSTP[1417]: Protocol version: MSTP, BPDU type: RST 17:23:42 awplus MSTP[1417]: CIST Flags: Agree Forward Learn role=Desig 17:23:42 awplus MSTP[1417]: CIST root id : 0000:0000cd1000fe 17:23:42 awplus MSTP[1417]: CIST ext pathcost : 0...
Page 421 PANNING OMMANDS (RSTP STP) DEBUG MSTP awplus#terminal monitor awplus#debug mstp packet rx decode interface port1.0.4 awplus#17:30:17 awplus MSTP[1417]: port1.0.4 xSTP BPDU rx - start 17:30:17 awplus MSTP[1417]: Protocol version: RSTP, BPDU type: RST 17:30:17 awplus MSTP[1417]: CIST Flags: Forward Learn role=Desig 17:30:17 awplus MSTP[1417]: CIST root id : 8000:0000cd1000fe 17:30:17 awplus MSTP[1417]: CIST ext pathcost : 0...
Page 422: Instance Priority (Mstp)
PANNING OMMANDS (MSTP) INSTANCE PRIORITY instance priority (MSTP) Overview Use this command to set the priority for this device to become the root bridge for the specified MSTI (Multiple Spanning Tree Instance). Use this command for MSTP only. Use the no variant of this command to restore the root bridge priority of the device for the instance to the default.
Page 423 PANNING OMMANDS (MSTP) INSTANCE PRIORITY Related region (MSTP) Commands revision (MSTP) show spanning-tree mst config spanning-tree mst instance spanning-tree mst instance priority C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 424: Instance Vlan (Mstp)
PANNING OMMANDS (MSTP) INSTANCE VLAN instance vlan (MSTP) Overview Use this command to create an MST Instance (MSTI), and associate the specified VLANs with it. An MSTI is a spanning tree instance that exists within an MST region (MSTR). An MSTR can contain up to 15 MSTIs. When a VLAN is associated with an MSTI the member ports of the VLAN are automatically configured to send and receive spanning-tree information for the associated MSTI.
Page 425 PANNING OMMANDS (MSTP) INSTANCE VLAN Related region (MSTP) Commands revision (MSTP) show spanning-tree mst config spanning-tree mst instance vlan C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 426: Region (Mstp)
PANNING OMMANDS (MSTP) REGION region (MSTP) Overview Use this command to assign a name to the device’s MST Region. MST Instances (MSTI) of a region form different spanning trees for different VLANs. Use this command for MSTP only. Use the no variant of this command to remove this region name and reset it to the default.
Page 427: Revision (Mstp)
PANNING OMMANDS (MSTP) REVISION revision (MSTP) Overview Use this command to specify the MST revision number to be used in the configuration identifier. Use this command for MSTP only. Syntax revision <revision-number> Parameter Description <0-65535> Revision number. <revision-number> Default The default of revision number is 0. Mode MST Configuration Usage...
Page 428: Show Debugging Mstp
PANNING OMMANDS SHOW DEBUGGING MSTP show debugging mstp Overview Use this command to show the MSTP debugging options set. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 429: Show Spanning-Tree
PANNING OMMANDS SHOW SPANNING TREE show spanning-tree Overview Use this command to display detailed spanning tree information on the specified port or on all ports. Use this command for RSTP, MSTP or STP. For information on filtering and saving command output, see “Controlling “show” Command Output”...
Page 430 PANNING OMMANDS SHOW SPANNING TREE Output Figure 12-2: Example output from the show spanning-tree command % 1: Bridge up - Spanning Tree Enabled % 1: Root Path Cost 0 - Root Port 0 - Bridge Priority 32768 % 1: Forward Delay 15 - Hello Time 2 - Max Age 20 % 1: Root Id 80000000cd20f093 % 1: Bridge Id 80000000cd20f093 % 1: last topology change Sun Nov 20 12:24:24 1977...
Page 431 PANNING OMMANDS SHOW SPANNING TREE awplus#show spanning-tree % 1: Bridge up - Spanning Tree Enabled % 1: Root Path Cost 0 - Root Port 0 - Bridge Priority 32768 % 1: Forward Delay 15 - Hello Time 2 - Max Age 20 % 1: Root Id 80000000cd24ff2d % 1: Bridge Id 80000000cd24ff2d % 1: last topology change Thu Jul 26 02:06:26 2007...
Page 432: Show Spanning-Tree Brief
PANNING OMMANDS SHOW SPANNING TREE BRIEF show spanning-tree brief Overview Use this command to display a summary of spanning tree status information on all ports. Use this command for RSTP, MSTP or STP. Syntax show spanning-tree brief Parameter Description A brief summary of spanning tree information. brief Mode User Exec and Privileged Exec...
Page 433: Show Spanning-Tree Mst
PANNING OMMANDS SHOW SPANNING TREE MST show spanning-tree mst Overview This command displays bridge-level information about the CIST and VLAN to MSTI mappings. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 434: Show Spanning-Tree Mst Config
PANNING OMMANDS SHOW SPANNING TREE MST CONFIG show spanning-tree mst config Overview Use this command to display MSTP configuration identifier for the device. Syntax show spanning-tree mst config Mode User Exec, Privileged Exec and Interface Configuration Usage The region name, the revision number, and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region.
Page 435: Show Spanning-Tree Mst Detail
PANNING OMMANDS SHOW SPANNING TREE MST DETAIL show spanning-tree mst detail Overview This command displays detailed information about each instance, and all interfaces associated with that particular instance. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus”...
Page 436 PANNING OMMANDS SHOW SPANNING TREE MST DETAIL % 1: Bridge up - Spanning Tree Enabled % 1: CIST Root Path Cost 0 - CIST Root Port 0 - CIST Bridge Priority 32768 % 1: Forward Delay 15 - Hello Time 2 - Max Age 20 - Max-hops 20 % 1: CIST Root Id 80000000cd24ff2d % 1: CIST Reg Root Id 80000000cd24ff2d % 1: CIST Bridge Id 80000000cd24ff2d...
Page 437: Show Spanning-Tree Mst Detail Interface
PANNING OMMANDS SHOW SPANNING TREE MST DETAIL INTERFACE show spanning-tree mst detail interface Overview This command displays detailed information about the specified switch port, and the MST instances associated with it. For information on filtering and saving command output, see “Controlling “show” Command Output”...
Page 438 PANNING OMMANDS SHOW SPANNING TREE MST DETAIL INTERFACE % 1: Bridge up - Spanning Tree Enabled % 1: CIST Root Path Cost 0 - CIST Root Port 0 - CIST Bridge Priority 32768 % 1: Forward Delay 15 - Hello Time 2 - Max Age 20 - Max-hops 20 % 1: CIST Root Id 80000000cd24ff2d % 1: CIST Reg Root Id 80000000cd24ff2d % 1: CIST Bridge Id 80000000cd24ff2d...
Page 439: Show Spanning-Tree Mst Instance
PANNING OMMANDS SHOW SPANNING TREE MST INSTANCE show spanning-tree mst instance Overview This command displays detailed information for the specified instance, and all switch ports associated with that instance. A topology change counter has been included for RSTP and MSTP. You can see the topology change counter for RSTP by using the show spanning-tree command.
Page 440: Show Spanning-Tree Mst Instance Interface
PANNING OMMANDS SHOW SPANNING TREE MST INSTANCE INTERFACE show spanning-tree mst instance interface Overview This command displays detailed information for the specified MST (Multiple Spanning Tree) instance, and the specified switch port associated with that MST instance. For information on filtering and saving command output, see “Controlling “show” Command Output”...
Page 441: Show Spanning-Tree Mst Interface
PANNING OMMANDS SHOW SPANNING TREE MST INTERFACE show spanning-tree mst interface Overview This command displays the number of instances created, and VLANs associated with it for the specified switch port. For information on filtering and saving command output, see “Controlling “show” Command Output”...
Page 442: Show Spanning-Tree Mst Detail Interface
PANNING OMMANDS SHOW SPANNING TREE MST DETAIL INTERFACE show spanning-tree mst detail interface Overview This command displays detailed information about the specified switch port, and the MST instances associated with it. For information on filtering and saving command output, see “Controlling “show” Command Output”...
Page 443 PANNING OMMANDS SHOW SPANNING TREE MST DETAIL INTERFACE % 1: Bridge up - Spanning Tree Enabled % 1: CIST Root Path Cost 0 - CIST Root Port 0 - CIST Bridge Priority 32768 % 1: Forward Delay 15 - Hello Time 2 - Max Age 20 - Max-hops 20 % 1: CIST Root Id 80000000cd24ff2d % 1: CIST Reg Root Id 80000000cd24ff2d % 1: CIST Bridge Id 80000000cd24ff2d...
Page 444: Show Spanning-Tree Statistics
PANNING OMMANDS SHOW SPANNING TREE STATISTICS show spanning-tree statistics Overview This command displays BPDU (Bridge Protocol Data Unit) statistics for all spanning-tree instances, and all switch ports associated with all spanning-tree instances. For information on filtering and saving command output, see “Controlling “show” Command Output”...
Page 445 PANNING OMMANDS SHOW SPANNING TREE STATISTICS Port number = 915 Interface = port1.0.6 ================================ % BPDU Related Parameters % ----------------------- % Port Spanning Tree : Disable % Spanning Tree Type : Rapid Spanning Tree Protocol % Current Port State : Discarding % Port ID : 8393 % Port Number...
Page 446: Show Spanning-Tree Statistics Instance
PANNING OMMANDS SHOW SPANNING TREE STATISTICS INSTANCE show spanning-tree statistics instance Overview This command displays BPDU (Bridge Protocol Data Unit) statistics for the specified MST (Multiple Spanning Tree) instance, and all switch ports associated with that MST instance. For information on filtering and saving command output, see “Controlling “show” Command Output”...
Page 447 PANNING OMMANDS SHOW SPANNING TREE STATISTICS INSTANCE Output Figure 12-14: Example output from the show spanning-tree statistics instance command: % % INST_PORT port1.0.3 Information & Statistics % ---------------------------------------- % Config Bpdu's xmitted (port/inst) : (0/0) % Config Bpdu's received (port/inst) : (0/0) % TCN Bpdu's xmitted (port/inst) : (0/0)
Page 448: Show Spanning-Tree Statistics Instance Interface
PANNING OMMANDS SHOW SPANNING TREE STATISTICS INSTANCE INTERFACE show spanning-tree statistics instance interface Overview This command displays BPDU (Bridge Protocol Data Unit) statistics for the specified MST (Multiple Spanning Tree) instance and the specified switch port associated with that MST instance. For information on filtering and saving command output, see “Controlling “show”...
Page 449 PANNING OMMANDS SHOW SPANNING TREE STATISTICS INSTANCE INTERFACE Output Figure 12-15: Example output from the show spanning-tree statistics instance interface command awplus#sh spanning-tree statistics interface port1.0.2 instance 1 Spanning Tree Enabled for Instance : 1 ================================== % INST_PORT port1.0.2 Information & Statistics % ---------------------------------------- % Config Bpdu's xmitted (port/inst) : (0/0)
Page 450: Show Spanning-Tree Statistics Interface
PANNING OMMANDS SHOW SPANNING TREE STATISTICS INTERFACE show spanning-tree statistics interface Overview This command displays BPDU (Bridge Protocol Data Unit) statistics for the specified switch port, and all MST instances associated with that switch port. For information on filtering and saving command output, see “Controlling “show” Command Output”...
Page 451 PANNING OMMANDS SHOW SPANNING TREE STATISTICS INTERFACE Output Figure 12-16: Example output from the show spanning-tree statistics interface command awplus#show spanning-tree statistics interface port1.0.2 Port number = 906 Interface = port1.0.2 ================================ % BPDU Related Parameters % ----------------------- % Port Spanning Tree : Disable % Spanning Tree Type : Multiple Spanning Tree Protocol...
Page 452 PANNING OMMANDS SHOW SPANNING TREE STATISTICS INTERFACE % Other Bridge information & Statistics -------------------------------------- % STP Multicast Address : 01:80:c2:00:00:00 % Bridge Priority : 32768 % Bridge Mac Address : ec:cd:6d:20:c0:ed % Bridge Hello Time % Bridge Forward Delay : 15 % Topology Change Initiator : 5023 % Last Topology Change Occured...
Page 453: Show Spanning-Tree Vlan Range-Index
PANNING OMMANDS SHOW SPANNING TREE VLAN RANGE INDEX show spanning-tree vlan range-index Overview Use this command to display information about MST (Multiple Spanning Tree) instances and the VLANs associated with them including the VLAN range-index value for the device. Syntax show spanning-tree vlan range-index Mode Privileged Exec...
Page 454: Spanning-Tree Autoedge (Rstp And Mstp)
PANNING OMMANDS (RSTP MSTP) SPANNING TREE AUTOEDGE spanning-tree autoedge (RSTP and MSTP) Overview Use this command to enable the autoedge feature on the port. The autoedge feature allows the port to automatically detect that it is an edge port. If it does not receive any BPDUs in the first three seconds after linkup, enabling, or entering RSTP or MSTP mode, it sets itself to be an edgeport and enters the forwarding state.
Page 455: Spanning-Tree Bpdu
PANNING OMMANDS SPANNING TREE BPDU spanning-tree bpdu Overview Use this command in Global Configuration mode to configure BPDU (Bridge Protocol Data Unit) discarding or forwarding, with STP (Spanning Tree Protocol) disabled on the switch. See the Usage note about disabling Spanning Tree before using this command, and using this command to forward unsupported BPDUs unchanged for unsupported STP Protocols.
Page 456 PANNING OMMANDS SPANNING TREE BPDU Examples To enable STP BPDU discard in Global Configuration mode with STP disabled, which discards all ingress STP BPDU frames, enter the commands: awplus# configure terminal awplus(config)# no spanning-tree stp enable awplus(config)# spanning-tree bpdu discard To enable STP BPDU forward in Global Configuration mode with STP disabled, which forwards any ingress STP BPDU frames to all ports regardless of any VLAN membership, enter the commands:...
Page 457: Spanning-Tree Cisco-Interoperability (Mstp)
PANNING OMMANDS (MSTP) SPANNING TREE CISCO INTEROPERABILITY spanning-tree cisco-interoperability (MSTP) Overview Use this command to enable/disable Cisco-interoperability for MSTP. Use this command for MSTP only. Syntax spanning-tree cisco-interoperability {enable|disable} Parameter Description Enable Cisco interoperability for MSTP. enable Disable Cisco interoperability for MSTP. disable Default If this command is not used, Cisco interoperability is disabled.
Page 458: Spanning-Tree Edgeport (Rstp And Mstp)
PANNING OMMANDS (RSTP MSTP) SPANNING TREE EDGEPORT spanning-tree edgeport (RSTP and MSTP) Overview Use this command to set a port as an edge-port. Use this command for RSTP or MSTP. This command has the same effect as the spanning-tree portfast (STP) command, but the configuration displays differently in the output of some show commands.
Page 459: Spanning-Tree Enable
PANNING OMMANDS SPANNING TREE ENABLE spanning-tree enable Overview Use this command in Global Configuration mode to enable the specified spanning tree protocol for all switch ports. Note that this must be the spanning tree protocol that is configured on the device by the spanning-tree mode command.
Page 460 PANNING OMMANDS SPANNING TREE ENABLE To disable RSTP in Global Configuration mode, enter the below commands: awplus# configure terminal awplus(config)# no spanning-tree rstp enable Related spanning-tree bpdu Commands spanning-tree mode Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 461: Spanning-Tree Errdisable-Timeout Enable
PANNING OMMANDS SPANNING TREE ERRDISABLE TIMEOUT ENABLE spanning-tree errdisable-timeout enable Overview Use this command to enable the errdisable-timeout facility, which sets a timeout for ports that are disabled due to the BPDU guard feature. Use this command for RSTP or MSTP. Use the no variant of this command to disable the errdisable-timeout facility.
Page 462: Spanning-Tree Errdisable-Timeout Interval
PANNING OMMANDS SPANNING TREE ERRDISABLE TIMEOUT INTERVAL spanning-tree errdisable-timeout interval Overview Use this command to specify the time interval after which a port is brought back up when it has been disabled by the BPDU guard feature. Use this command for RSTP or MSTP. Syntax spanning-tree errdisable-timeout interval <10-1000000>...
Page 463: Spanning-Tree Force-Version
PANNING OMMANDS SPANNING TREE FORCE VERSION spanning-tree force-version Overview Use this command in Interface Configuration mode for a switch port interface only to force the protocol version for the switch port. Use this command for RSTP or MSTP only. Syntax spanning-tree force-version <version>...
Page 464: Spanning-Tree Forward-Time
PANNING OMMANDS SPANNING TREE FORWARD TIME spanning-tree forward-time Overview Use this command to set the forward delay value. Use the no variant of this command to reset the forward delay value to the default setting of 15 seconds. The forward delay sets the time (in seconds) to control how fast a port changes its spanning tree state when moving towards the forwarding state.
Page 465: Spanning-Tree Guard Root
PANNING OMMANDS SPANNING TREE GUARD ROOT spanning-tree guard root Overview Use this command in Interface Configuration mode for a switch port only to enable the Root Guard feature for the switch port. The root guard feature disables reception of superior BPDUs. You can use this command for RSTP, STP or MSTP. Use the no variant of this command to disable the root guard feature for the port.
Page 466: Spanning-Tree Hello-Time
PANNING OMMANDS SPANNING TREE HELLO TIME spanning-tree hello-time Overview Use this command to set the hello-time. This sets the time in seconds between the transmission of device spanning tree configuration information when the device is the Root Bridge of the spanning tree or is trying to become the Root Bridge. Use this command for RSTP, STP or MSTP.
Page 467: Spanning-Tree Link-Type
PANNING OMMANDS SPANNING TREE LINK TYPE spanning-tree link-type Overview Use this command in Interface Configuration mode for a switch port interface only to enable or disable point-to-point or shared link types on the switch port. Use this command for RSTP or MSTP only. Use the no variant of this command to return the port to the default link type.
Page 468: Spanning-Tree Max-Age
PANNING OMMANDS SPANNING TREE MAX spanning-tree max-age Overview Use this command to set the max-age. This sets the maximum age, in seconds, that dynamic spanning tree configuration information is stored in the device before it is discarded. Use this command for RSTP, STP or MSTP. Use the no variant of this command to restore the default of max-age.
Page 469: Spanning-Tree Max-Hops (Mstp)
PANNING OMMANDS (MSTP) SPANNING TREE MAX HOPS spanning-tree max-hops (MSTP) Overview Use this command to specify the maximum allowed hops for a BPDU in an MST region. This parameter is used by all the instances of the MST region. Use the no variant of this command to restore the default. Use this command for MSTP only.
Page 470: Spanning-Tree Mode
PANNING OMMANDS SPANNING TREE MODE spanning-tree mode Overview Use this command to change the spanning tree protocol mode on the device. The spanning tree protocol mode on the device can be configured to either STP, RSTP or MSTP. Syntax spanning-tree mode {stp|rstp|mstp} Default The default spanning tree protocol mode on the device is RSTP.
Page 471: Spanning-Tree Mst Configuration
PANNING OMMANDS SPANNING TREE MST CONFIGURATION spanning-tree mst configuration Overview Use this command to enter the MST Configuration mode to configure the Multiple Spanning-Tree Protocol. Syntax spanning-tree mst configuration Mode Global Configuration Examples The following example uses this command to enter MST Configuration mode. Note the change in the command prompt.
Page 472: Spanning-Tree Mst Instance
PANNING OMMANDS SPANNING TREE MST INSTANCE spanning-tree mst instance Overview Use this command in Interface Configuration mode to assign a Multiple Spanning Tree instance (MSTI) to a switch port or channel group. Note that ports are automatically configured to send and receive spanning-tree information for the associated MSTI when VLANs are assigned to MSTIs using the instance vlan (MSTP) command.
Page 473: Spanning-Tree Mst Instance Path-Cost
PANNING OMMANDS SPANNING TREE MST INSTANCE PATH COST spanning-tree mst instance path-cost Overview Use this command in Interface Configuration mode for a switch port interface only to set the cost of a path associated with a switch port, for the specified MSTI (Multiple Spanning Tree Instance) identifier.
Page 474 PANNING OMMANDS SPANNING TREE MST INSTANCE PATH COST Examples awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# spanning-tree mst instance 3 path-cost 1000 awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# no spanning-tree mst instance 3 path-cost Related instance vlan (MSTP) Commands spanning-tree mst instance spanning-tree mst instance priority spanning-tree mst instance restricted-role...
Page 475: Spanning-Tree Mst Instance Priority
PANNING OMMANDS SPANNING TREE MST INSTANCE PRIORITY spanning-tree mst instance priority Overview Use this command in Interface Configuration mode for a switch port interface only to set the port priority for an MST instance (MSTI). Use the no variant of this command to restore the default priority value (128). Syntax spanning-tree mst instance <instance-id>...
Page 476: Spanning-Tree Mst Instance Restricted-Role
PANNING OMMANDS SPANNING TREE MST INSTANCE RESTRICTED ROLE spanning-tree mst instance restricted-role Overview Use this command in Interface Configuration mode for a switch port interface only to enable the restricted role for an MSTI (Multiple Spanning Tree Instance) on a switch port.
Page 477: Spanning-Tree Mst Instance Restricted-Tcn
PANNING OMMANDS SPANNING TREE MST INSTANCE RESTRICTED spanning-tree mst instance restricted-tcn Overview Use this command in Interface Configuration mode for a switch port interface only to set the restricted TCN (Topology Change Notification) value to TRUE for the specified MSTI (Multiple Spanning Tree Instance). Use the no variant of this command in Interface Configuration mode to reset the restricted TCN for the specified MSTI to the default value of FALSE.
Page 478 PANNING OMMANDS SPANNING TREE MST INSTANCE RESTRICTED Related instance vlan (MSTP) Commands spanning-tree priority (port priority) spanning-tree mst instance spanning-tree mst instance path-cost spanning-tree mst instance restricted-role Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 479: Spanning-Tree Path-Cost
PANNING OMMANDS SPANNING TREE PATH COST spanning-tree path-cost Overview Use this command in Interface Configuration mode for a switch port interface only to set the cost of a path for the specified port. This value then combines with others along the path to the root bridge in order to determine the total cost path value from the particular port, to the root bridge.
Page 480: Spanning-Tree Portfast (Stp)
PANNING OMMANDS (STP) SPANNING TREE PORTFAST spanning-tree portfast (STP) Overview Use this command in Interface Configuration mode for a switch port interface only to set a port as an edge-port. The portfast feature enables a port to rapidly move to the forwarding state, without having first to pass through the intermediate spanning tree states.
Page 481 PANNING OMMANDS (STP) SPANNING TREE PORTFAST Example awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# spanning-tree portfast Related spanning-tree edgeport (RSTP and MSTP) Commands show spanning-tree spanning-tree portfast bpdu-filter spanning-tree portfast bpdu-guard C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™...
Page 482: Spanning-Tree Portfast Bpdu-Filter
PANNING OMMANDS SPANNING TREE PORTFAST BPDU FILTER spanning-tree portfast bpdu-filter Overview This command sets the bpdu-filter feature and applies a filter to any BPDUs (Bridge Protocol Data Units) received. Enabling this feature ensures that configured ports will not transmit any BPDUs and will ignore (filter out) any BPDUs received. BPDU Filter is not enabled on a port by default.
Page 483 PANNING OMMANDS SPANNING TREE PORTFAST BPDU FILTER To enable STP BPDU filtering in Interface Configuration mode, enter the commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# spanning-tree portfast bpdu-filter enable Related spanning-tree edgeport (RSTP and MSTP) Commands show spanning-tree spanning-tree portfast (STP) spanning-tree portfast bpdu-guard C613-50054-01 REV A Command Reference for x210 Series Edge Switches...
Page 484: Spanning-Tree Portfast Bpdu-Guard
PANNING OMMANDS SPANNING TREE PORTFAST BPDU GUARD spanning-tree portfast bpdu-guard Overview This command applies a BPDU (Bridge Protocol Data Unit) guard to the port. A port with the bpdu-guard feature enabled will block all traffic (BPDUs and user data), if it starts receiving BPDUs.
Page 485 PANNING OMMANDS SPANNING TREE PORTFAST BPDU GUARD Use the show spanning-tree command to display the device and port configurations for the BPDU Guard feature. It shows both the administratively configured and currently running values of bpdu-guard. Example To enable STP BPDU guard in Global Configuration mode, enter the below commands: awplus# configure terminal...
Page 486: Spanning-Tree Priority (Bridge Priority)
PANNING OMMANDS SPANNING TREE PRIORITY BRIDGE PRIORITY spanning-tree priority (bridge priority) Overview Use this command to set the bridge priority for the device. A lower priority value indicates a greater likelihood of the device becoming the root bridge. Use this command for RSTP, STP or MSTP. When MSTP mode is configured, this will apply to the CIST.
Page 487: Spanning-Tree Priority (Port Priority)
PANNING OMMANDS SPANNING TREE PRIORITY PORT PRIORITY spanning-tree priority (port priority) Overview Use this command in Interface Configuration mode for a switch port interface only to set the port priority for port. A lower priority value indicates a greater likelihood of the port becoming part of the active topology.
Page 488: Spanning-Tree Restricted-Role
PANNING OMMANDS SPANNING TREE RESTRICTED ROLE spanning-tree restricted-role Overview Use this command in Interface Configuration mode for a switch port interface only to restrict the port from becoming a root port. Use the no variant of this command to disable the restricted role functionality. Syntax spanning-tree restricted-role no spanning-tree restricted-role...
Page 489: Spanning-Tree Restricted-Tcn
PANNING OMMANDS SPANNING TREE RESTRICTED spanning-tree restricted-tcn Overview Use this command in Interface Configuration mode for a switch port interface only to prevent TCN (Topology Change Notification) BPDUs (Bridge Protocol Data Units) from being sent on a port. If this command is enabled, after a topology change a bridge is prevented from sending a TCN to its designated bridge.
Page 490: Spanning-Tree Transmit-Holdcount
PANNING OMMANDS SPANNING TREE TRANSMIT HOLDCOUNT spanning-tree transmit-holdcount Overview Use this command to set the maximum number of BPDU transmissions that are held back. Use the no variant of this command to restore the default transmit hold-count value. Syntax spanning-tree transmit-holdcount no spanning-tree transmit-holdcount Default Transmit hold-count default is 3.
Page 491: Undebug Mstp
PANNING OMMANDS UNDEBUG MSTP undebug mstp Overview This command applies the functionality of the no debug mstp (RSTP and STP) command. C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 492: Chapter 13: Link Aggregation Commands
Link Aggregation Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure a static channel group (static aggregator) and dynamic channel group (LACP channel group, etherchannel or LACP aggregator). Link aggregation is also sometimes referred to as channeling. : AlliedWare Plus™...
Page 493: Command List
GGREGATION OMMANDS Command List • “channel-group” on page 494 • “clear lacp counters” on page 496 • “debug lacp” on page 497 • “lacp port-priority” on page 498 • “lacp system-priority” on page 499 • “lacp timeout” on page 500 •...
Page 494: Channel-Group
GGREGATION OMMANDS CHANNEL GROUP channel-group Overview Use this command to add the device port to a dynamic channel group specified by the dynamic channel group number, and set its mode. This command enables LACP link aggregation on the device port, so that it may be selected for aggregation by the local system.
Page 495 GGREGATION OMMANDS CHANNEL GROUP Examples To add device port1.0.6 to a newly created LACP channel group 2 use the commands below: awplus# configure terminal awplus(config)# interface port1.0.6 awplus(config-if)# channel-group 2 mode active To remove device port1.0.6 from any created LACP channel groups use the command below: awplus# configure terminal...
Page 496: Clear Lacp Counters
GGREGATION OMMANDS CLEAR LACP COUNTERS clear lacp counters Overview Use this command to clear all counters of all present LACP aggregators (channel groups) or a given LACP aggregator. Syntax clear lacp [<1-4>] counters Parameter Description Channel-group number. <1-4> Mode Privileged Exec Example awplus# clear lacp 2 counters...
Page 497: Debug Lacp
GGREGATION OMMANDS DEBUG LACP debug lacp Overview Use this command to enable all LACP troubleshooting functions. Use the no variant of this command to disable this function. Syntax debug lacp {all|cli|event|ha|packet|sync|timer[detail]} no debug lacp {all|cli|event|ha|packet|sync|timer[detail]} Parameter Description Turn on all debugging for LACP. Specifies debugging for CLI messages.
Page 498: Lacp Port-Priority
GGREGATION OMMANDS LACP PORT PRIORITY lacp port-priority Overview Use this command to set the priority of a device port. Ports are selected for aggregation based on their priority, with the higher priority (numerically lower) ports selected first. Use the no variant of this command to reset the priority of port to the default. Syntax lacp port-priority <1-65535>...
Page 499: Lacp System-Priority
GGREGATION OMMANDS LACP SYSTEM PRIORITY lacp system-priority Overview Use this command to set the system priority of a local system. This is used in determining the system responsible for resolving conflicts in the choice of aggregation groups. Use the no variant of this command to reset the system priority of the local system to the default.
Page 500: Lacp Timeout
GGREGATION OMMANDS LACP TIMEOUT lacp timeout Overview Use this command to set the short or long timeout on a port. Ports will time out of the aggregation if three consecutive updates are lost. Syntax lacp timeout {short|long} Parameter Description Number of seconds before invalidating a received LACP data unit timeout (DU).
Page 501: C613-50054-01 Rev A Command Reference For X210 Series Edge Switches
GGREGATION OMMANDS LACP TIMEOUT The following commands set the LACP short timeout for 1 second on port1.0.2. awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# lacp timeout short C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 502: Show Debugging Lacp
GGREGATION OMMANDS SHOW DEBUGGING LACP show debugging lacp Overview Use this command to display the LACP debugging option set. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 503: Show Diagnostic Channel-Group
Overview This command displays dynamic and static channel group interface status information. The output of this command is useful for Allied Telesis authorized service personnel for diagnostic purposes. For information on filtering and saving command output, see “Controlling “show”...
Page 504 GGREGATION OMMANDS SHOW DIAGNOSTIC CHANNEL GROUP Output Figure 13-2: Example output from the show diagnostic channel-group command awplus#show diagnostic channel-group Channel Group Info based on NSM: Note: Pos - position in hardware table ------------------------------------------------------------- Interface IfIndex Member port IfIndex Active ------------------------------------------------------------- 4503 port1.0.15...
Page 505: Show Etherchannel
GGREGATION OMMANDS SHOW ETHERCHANNEL show etherchannel Overview Use this command to display information about a LACP channel specified by the channel group number. The command output also shows the thrash limiting status. If thrash limiting is detected and the thrash limiting parameter of the thrash-limiting command is set to vlan disable, the output will also show the VLANs on which thrashing is...
Page 506: Show Etherchannel Detail
GGREGATION OMMANDS SHOW ETHERCHANNEL DETAIL show etherchannel detail Overview Use this command to display detailed information about all LACP channels. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 507: Show Etherchannel Summary
GGREGATION OMMANDS SHOW ETHERCHANNEL SUMMARY show etherchannel summary Overview Use this command to display a summary of all LACP channels. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 508: Show Lacp Sys-Id
GGREGATION OMMANDS SHOW LACP SYS show lacp sys-id Overview Use this command to display the LACP system ID and priority. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 509: Show Lacp-Counter
GGREGATION OMMANDS SHOW LACP COUNTER show lacp-counter Overview Use this command to display the packet traffic on all ports of all present LACP aggregators, or a given LACP aggregator. For information on filtering and saving command output, see “Controlling “show” Command Output”...
Page 510: Show Port Etherchannel
GGREGATION OMMANDS SHOW PORT ETHERCHANNEL show port etherchannel Overview Use this command to show LACP details of the device port specified. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 511 GGREGATION OMMANDS SHOW PORT ETHERCHANNEL Link: port1.0.1 (5001) Aggregator: po1 (4501) Receive machine state: Current Periodic Transmission machine state: Fast periodic Mux machine state: Collecting/Distributing Actor Information: Partner Information: Selected ....Selected Partner Sys Priority .... 0 Physical Admin Key ..... 1 Partner System ..
Page 512: Show Static-Channel-Group
GGREGATION OMMANDS SHOW STATIC CHANNEL GROUP show static-channel-group Overview Use this command to display all configured static channel groups and their corresponding member ports. Note that a static channel group is the same as a static aggregator. The command output also shows the thrash limiting status. If thrash limiting is detected and the thrash limiting parameter of the thrash-limiting command is set...
Page 513: Static-Channel-Group
GGREGATION OMMANDS STATIC CHANNEL GROUP static-channel-group Overview Use this command to create a static channel group, also known as a static aggregator, or add a member port to an existing static channel group. You can create up to 4 static channel groups (and up to 4 dynamic channel groups).
Page 514 GGREGATION OMMANDS STATIC CHANNEL GROUP To reference the pre-defined static channel group 2 as an interface apply the example commands as below: awplus# configure terminal awplus(config)# interface port1.0.6 awplus(config-if)# static-channel-group 2 awplus(config-if)# exit awplus(config)# interface port.1.0.8 awplus(config-if)# static-channel-group 2 awplus(config-if)# exit awplus(config)# interface sa2...
Page 515: Undebug Lacp
GGREGATION OMMANDS UNDEBUG LACP undebug lacp Overview This command applies the functionality of the no debug lacp command. C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 516: Chapter 14: Ip Addressing And Protocol Commands
IP Addressing and Protocol Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure the following protocols: • Address Resolution Protocol (ARP) • Domain Name Service (DNS) For more information, see the IP Feature Overview and Configuration Guide.
Page 517: Arp-Aging-Timeout
IP A DDRESSING AND ROTOCOL OMMANDS AGING TIMEOUT arp-aging-timeout Overview This command sets a timeout period on dynamic ARP entries associated with a specific interface. If your device stops receiving traffic for the host specified in a dynamic ARP entry, it deletes the ARP entry from the ARP cache after this timeout is reached.
Page 518: Arp-Mac-Disparity
IP A DDRESSING AND ROTOCOL OMMANDS DISPARITY arp-mac-disparity Overview Use this command in Interface Configuration mode for a VLAN interface to enable the reception of ARP packets that contain a multicast MAC address in the sender field. By default, ARP packets that contain a multicast MAC address in the sender field are dropped.
Page 519: Arp (Ip Address Mac)
IP A DDRESSING AND ROTOCOL OMMANDS MAC) ADDRESS arp (IP address MAC) Overview This command adds a static ARP entry to the ARP cache. This is typically used to add entries for hosts that do not support ARP or to speed up the address resolution function for a host.
Page 520: Arp Log
IP A DDRESSING AND ROTOCOL OMMANDS ARP LOG arp log Overview This command enables the logging of dynamic and static ARP entries in the ARP cache. The ARP cache contains mappings of device ports, VLAN IDs, and IP addresses to physical MAC addresses for hosts. This command can display the MAC addresses in the ARP log either using the default hexadecimal notation (HHHH.HHHH.HHHH), or using the IEEE standard hexadecimal notation (HH-HH-HH-HH-HH-HH).
Page 521 IP A DDRESSING AND ROTOCOL OMMANDS ARP LOG Examples To enable ARP logging and use the default hexadecimal notation (HHHH.HHHH.HHHH), use the following commands: awplus# configure terminal awplus(config)# arp log To disable ARP logging on the device of MAC addresses displayed using the default hexadecimal notation (HHHH.HHHH.HHHH), use the following commands: awplus# configure terminal...
Page 522 IP A DDRESSING AND ROTOCOL OMMANDS ARP LOG Table 14-1: Example output from the show log | include ARP_LOG command awplus#configure terminal awplus(config)#arp log mac-address-format ieee awplus(config)#exit awplus#show log | include ARP_LOG 2010 Apr 6 06:25:28 user.notice awplus HSL[1007]: ARP_LOG port1.0.6 vlan1 add 00- 17-9a-b6-03-69 (192.168.2.12) 2010 Apr 6 06:25:30 user.notice awplus HSL[1007]: ARP_LOG port1.0.6 vlan1 add 00-...
Page 523: Clear Arp-Cache
IP A DDRESSING AND ROTOCOL OMMANDS CLEAR ARP CACHE clear arp-cache Overview This command deletes dynamic ARP entries from the ARP cache. You can optionally specify the IPv4 address of an ARP entry to be cleared from the ARP cache. Syntax clear arp-cache [<ip-address>] Mode...
Page 524: Debug Ip Packet Interface
IP A DDRESSING AND ROTOCOL OMMANDS DEBUG IP PACKET INTERFACE debug ip packet interface Overview The debug ip packet interface command enables IP packet debug and is controlled by the terminal monitor command. If the optional icmp keyword is specified then ICMP packets are shown in the output.
Page 525 IP A DDRESSING AND ROTOCOL OMMANDS DEBUG IP PACKET INTERFACE Examples To turn on ARP packet debugging on vlan1, use the command: awplus# debug ip packet interface vlan1 arp To turn on all packet debugging on all interfaces on the device, use the command: awplus# debug ip packet interface all To turn on TCP packet debugging on vlan1 and IP address 192.168.2.4, use...
Page 526: Ip Address
IP A DDRESSING AND ROTOCOL OMMANDS IP ADDRESS ip address Overview This command sets a static IP address on an interface. To set the primary IP address on the interface, specify only ip address<ip-address/m>. This overwrites any configured primary IP address. To add additional IP addresses on this interface, use the secondary parameter.
Page 527 IP A DDRESSING AND ROTOCOL OMMANDS IP ADDRESS To add the IP address 10.10.11.50/24 to the local loopback interface lo, use the following commands: awplus# configure terminal awplus(config)# interface lo awplus(config-if)# ip address 10.10.11.50/24 Related interface (to configure) Commands show ip interface show running-config interface C613-50054-01 REV A Command Reference for x210 Series Edge Switches...
Page 528: Ip Gratuitous-Arp-Link
IP A DDRESSING AND ROTOCOL OMMANDS IP GRATUITOUS LINK ip gratuitous-arp-link Overview This command sets the Gratuitous ARP time limit for all switchports. The time limit restricts the sending of Gratuitous ARP packets to one Gratuitous ARP packet within the time in seconds. : This command specifies time between sequences of Gratuitous ARP packets, and NOTE time between individual Gratuitous ARP packets occurring in a sequence, to allow...
Page 529 IP A DDRESSING AND ROTOCOL OMMANDS IP GRATUITOUS LINK To restrict the sending of Gratuitous ARP packets to one every 20 seconds, use the commands: awplus# configure terminal awplus(config)# ip gratuitous-arp-link 20 Validation show running-config Commands C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™...
Page 530: Ping
IP A DDRESSING AND ROTOCOL OMMANDS PING ping Overview This command sends a query to another IPv4 host (send Echo Request messages). Syntax ping [ip] <host> [broadcast] [df-bit {yes|no}] [interval <0-128>] [pattern <hex-data-pattern>] [repeat {<1-2147483647>|continuous}] [size <36-18024>] [source <ip-addr>] [timeout <1-65535>] [tos <0-255>] Parameter Description The destination IP address or hostname.
Page 531: Show Arp
IP A DDRESSING AND ROTOCOL OMMANDS SHOW ARP show arp Overview Use this command to display entries in the ARP routing and forwarding table—the ARP cache contains mappings of IP addresses to physical addresses for hosts. To have a dynamic entry in the ARP cache, a host must have used the ARP protocol to access another host.
Page 532 IP A DDRESSING AND ROTOCOL OMMANDS SHOW ARP Related arp (IP address MAC) Commands clear arp-cache Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 533: Show Debugging Ip Packet
IP A DDRESSING AND ROTOCOL OMMANDS SHOW DEBUGGING IP PACKET show debugging ip packet Overview Use this command to show the IP interface debugging status. IP interface debugging is set using the debug ip packet interface command. For information on filtering and saving command output, see “Controlling “show” Command Output”...
Page 534 IP A DDRESSING AND ROTOCOL OMMANDS SHOW DEBUGGING IP PACKET Related debug ip packet interface Commands terminal monitor Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 535: Show Ip Interface
IP A DDRESSING AND ROTOCOL OMMANDS SHOW IP INTERFACE show ip interface Overview Use this command to display information about interfaces and the IP addresses assigned to them. To display information about a specific interface, specify the interface name with the command. For information on filtering and saving command output, see “Controlling “show”...
Page 536: Show Ip Sockets
IP A DDRESSING AND ROTOCOL OMMANDS SHOW IP SOCKETS show ip sockets Overview Use this command to display information about the IP or TCP sockets that are present on the device. It includes TCP, UDP listen sockets, displaying associated IP address and port.
Page 537 IP A DDRESSING AND ROTOCOL OMMANDS SHOW IP SOCKETS Table 14-4: Parameters in the output of the show ip sockets command Parameter Description This field refers to established sessions between processes internal Not showing to the device, that are used in its operation and management. <number>...
Page 538 IP A DDRESSING AND ROTOCOL OMMANDS SHOW IP SOCKETS Table 14-4: Parameters in the output of the show ip sockets command (cont.) Parameter Description For TCP and UDP listening sockets this shows the source IP address Remote (either IPv4 or IPv6) and source TCP or UDP port number for which Address the socket will accept packets.
Page 539: Tcpdump
IP A DDRESSING AND ROTOCOL OMMANDS TCPDUMP tcpdump Overview GW, Feb 2015 AR3040S and AR4050S don't support VRF Lite for 5.4.5 GA. Use this command to start a tcpdump, which gives the same output as the Unix-like tcpdump command to display TCP/IP traffic. Press <ctrl> + c to stop a running tcpdump.
Page 540: Traceroute
IP A DDRESSING AND ROTOCOL OMMANDS TRACEROUTE traceroute Overview Use this command to trace the route to the specified IPv4 host. Syntax traceroute {<ip-addr>|<hostname>} Parameter Description The destination IPv4 address. The IPv4 address uses the <ip-addr> format A.B.C.D. The destination hostname. <hostname>...
Page 541: Undebug Ip Packet Interface
IP A DDRESSING AND ROTOCOL OMMANDS UNDEBUG IP PACKET INTERFACE undebug ip packet interface Overview This command applies the functionality of the no debug ip packet interface command. C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 542: Chapter 15: Ipv6 Commands
IPv6 Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure IPv6. For more information, see the IPv6 Feature Overview and Configuration Guide. Command List • “clear ipv6 neighbors” on page 543 • “ipv6 address” on page 544 •...
Page 543: Clear Ipv6 Neighbors
OMMANDS CLEAR IPV NEIGHBORS clear ipv6 neighbors Overview Use this command to clear all dynamic IPv6 neighbor entries. Syntax clear ipv6 neighbors Mode Privileged Exec Example awplus# clear ipv6 neighbors C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™...
Page 544: Ipv6 Address
OMMANDS ADDRESS ipv6 address Overview Use this command to set the IPv6 address of a VLAN interface and enable IPv6. Use the no variant of this command to remove the IPv6 address assigned and disable IPv6. Note that if no global addresses are left after removing the IPv6 address then IPv6 is disabled.
Page 545: Ipv6 Forwarding
OMMANDS FORWARDING ipv6 forwarding Overview Use this command to turn on IPv6 unicast routing for IPv6 packet forwarding. Use this no variant of this command to turn off IPv6 unicast routing for IPv6 packet forwarding. Note IPv6 unicast routing for IPv6 packet forwarding is disabled by default.
Page 546: Ipv6 Neighbor
OMMANDS NEIGHBOR ipv6 neighbor Overview Use this command to add a static IPv6 neighbor entry. Use the no variant of this command to remove a specific IPv6 neighbor entry. Syntax ipv6 neighbor <ipv6-address> <vlan-name> <mac-address> <port-list> no ipv6 neighbor <ipv6-address> <vlan-name> <port-list> Parameter Description Specify the neighbor’s IPv6 address in formatX:X::X:X.
Page 547: Ipv6 Route
OMMANDS ROUTE ipv6 route Overview Use this command to establish the distance for static routes of a network prefix. Use the no variant of this command to disable the distance for static routes of the network prefix. Syntax ipv6 route <dest-prefix> <dest-prefix/length> {<gateway-ip>|<gateway-name>} [<distvalue>] no ipv6 route <dest-prefix>...
Page 548: Ping Ipv6
OMMANDS PING IPV ping ipv6 Overview This command sends a query to another IPv6 host (send Echo Request messages). : Use of the interface parameter keyword, plus an interface or an interface range, NOTE with this command is only valid when pinging an IPv6 link local address. Syntax ping ipv6 {<host>|<ipv6-address>} [repeat {<1-2147483647>|continuous}] [size <10-1452>] [interface...
Page 549: Show Ipv6 Forwarding
OMMANDS SHOW IPV FORWARDING show ipv6 forwarding Overview Use this command to display IPv6 forwarding status. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 550: Show Ipv6 Interface Brief
OMMANDS SHOW IPV INTERFACE BRIEF show ipv6 interface brief Overview Use this command to display brief information about interfaces and the IPv6 address assigned to them. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus”...
Page 551: Show Ipv6 Neighbors
OMMANDS SHOW IPV NEIGHBORS show ipv6 neighbors Overview Use this command to display all IPv6 neighbors. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 552: Show Ipv6 Route
OMMANDS SHOW IPV ROUTE show ipv6 route Overview Use this command to display the IPv6 routing table for a protocol or from a particular table. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus”...
Page 553 OMMANDS SHOW IPV ROUTE Example 2 To display all database entries for an IP route, use the following command: awplus# show ipv6 route database Output Figure 15-4: Example output of the show ipv6 route database command IPv6 Routing Table Codes: C - connected> - selected route, * - FIB route, p - stale info Timers: Uptime ::/0 [1/0] via 2001::a:0:0:c0a8:a01 inactive, 6d22h12m...
Page 554: Show Ipv6 Route Summary
OMMANDS SHOW IPV ROUTE SUMMARY show ipv6 route summary Overview Use this command to display the summary of the current NSM RIB entries. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 555: Traceroute Ipv6
OMMANDS TRACEROUTE IPV traceroute ipv6 Overview Use this command to trace the route to the specified IPv6 host. Syntax traceroute ipv6 {<ipv6-addr>|<hostname>} Parameter Description The destination IPv6 address. The IPv6 address uses the format <ipv6-addr> X:X::X:X. The destination hostname. <hostname> Mode User Exec and Privileged Exec Example...
Page 556: Chapter 16: Static Routing Commands For Management Purposes
Static Routing Commands for Management Purposes Introduction Overview This chapter provides an alphabetical reference of static routing commands that are used to direct management packets to appropriate VLANs. Command List • “ip route” on page 557 • “show ip route” on page 558 •...
Page 557: Ip Route
TATIC OUTING OMMANDS FOR ANAGEMENT URPOSES IP ROUTE ip route Overview This command lets you creates a static route, in order to send management packets to the appropriate VLAN. Your switch does not use static routes to route traffic from one VLAN to another VLAN, even if the VLANs have IP addresses.
Page 558: Show Ip Route
TATIC OUTING OMMANDS FOR ANAGEMENT URPOSES SHOW IP ROUTE show ip route Overview Use this command to display routing entries in the FIB (Forwarding Information Base). The FIB contains the best routes to a destination, and your device uses these routes when forwarding traffic.
Page 559 TATIC OUTING OMMANDS FOR ANAGEMENT URPOSES SHOW IP ROUTE Figure 16-1: Example output from the show ip route command Codes: C - connected, S - static, R - RIP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 * - candidate default 3.3.3.0/24 is directly connected, vlan1...
Page 560: Show Ip Route Database
TATIC OUTING OMMANDS FOR ANAGEMENT URPOSES SHOW IP ROUTE DATABASE show ip route database Overview This command displays the routing entries in the RIB (Routing Information Base). When multiple entries are available for the same prefix, RIB uses the routes’ administrative distances to choose the best route.
Page 561: Show Ip Route Summary
TATIC OUTING OMMANDS FOR ANAGEMENT URPOSES SHOW IP ROUTE SUMMARY show ip route summary Overview This command displays a summary of the current RIB (Routing Information Base) entries. To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the >...
Page 562: Multicast Commands
Multicast Commands Introduction Overview This chapter provides an alphabetical reference of generic multicast commands. For commands for particular multicast protocols, see: • IGMP Snooping Commands. • MLD Snooping Commands : The IPv6 Multicast addresses shown can be derived from IPv6 unicast prefixes as NOTE per RFC 3306.The IPv6 unicast prefix reserved for documentation is 2001:0db8::/32 as per RFC 3849.
Page 563 ULTICAST OMMANDS Command List • “clear ip mroute” on page 564 • “clear ip mroute statistics” on page 565 • “clear ipv6 mroute” on page 566 • “clear ipv6 mroute statistics” on page 567 • “debug nsm mcast” on page 568 •...
Page 564: Clear Ip Mroute
ULTICAST OMMANDS CLEAR IP MROUTE clear ip mroute Overview Use this command to delete entries from the IPv4 multicast routing table. : If you use this command, you should also use the clear ip igmp group command NOTE to clear IGMP group membership records. Syntax clear ip mroute {*|<ipv4-group-address>...
Page 565: Clear Ip Mroute Statistics
ULTICAST OMMANDS CLEAR IP MROUTE STATISTICS clear ip mroute statistics Overview Use this command to delete multicast route statistics entries from the IP multicast routing table. Syntax clear ip mroute statistics {*|<ipv4-group-addr> [<ipv4-source-addr>]} Parameter Description All multicast route entries. Group IPv4 address, in dotted decimal notation in <ipv4-group-addr>...
Page 566: Clear Ipv6 Mroute
ULTICAST OMMANDS CLEAR IPV MROUTE clear ipv6 mroute Overview Use this command to delete one or more dynamically-added route entries from the IPv6 multicast routing table. You need to do this, for example, if you want to create a static route instead of an existing dynamic route. Syntax clear ipv6 mroute {*|<ipv6-group-address>...
Page 567: Clear Ipv6 Mroute Statistics
ULTICAST OMMANDS CLEAR IPV MROUTE STATISTICS clear ipv6 mroute statistics Overview Use this command to delete multicast route statistics entries from the IPv6 multicast routing table. : Static IPv6 multicast routes take priority over dynamic IPv6 multicast routes. Use NOTE clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes can take over from previous static IPv6 multicast routes.
Page 568: Debug Nsm Mcast
ULTICAST OMMANDS DEBUG NSM MCAST debug nsm mcast Overview Use this command to debug IPv4 events in the Multicast Routing Information Base (MRIB). Syntax debug nsm mcast {all|fib-msg|mrt|mtrace|mtrace-detail|register|stats|vif} Parameter Description All IPv4 multicast debugging. Forwarding Information Base (FIB) messages. fib-msg Multicast routes.
Page 569: Debug Nsm Mcast6
ULTICAST OMMANDS DEBUG NSM MCAST debug nsm mcast6 Overview Use this command to debug IPv6 events in the Multicast Routing Information Base (MRIB). Syntax debug nsm mcast6 {all|fib-msg|mrt|mtrace|mtrace-detail|register|stats|vif} Parameter Description All IPv4 multicast debugging. Forwarding Information Base (FIB) messages. fib-msg Multicast interfaces.
Page 570: Ip Mroute
ULTICAST OMMANDS IP MROUTE ip mroute Overview Use this command to inform multicast of the RPF (Reverse Path Forwarding) route to a given IPv4 multicast source. Use the no variant of this command to delete a route to an IPv4 multicast source. Syntax ip mroute <ipv4-source-address/mask-length>...
Page 571 ULTICAST OMMANDS IP MROUTE Note that in this context the term “multicast route” does not imply a route via which the current router will forward multicast; instead it refers to the route the multicast will have traversed in order to arrive at the current router. Examples The following example creates a static multicast IPv4 route back to the sources in the 10.10.3.0/24 subnet.
Page 572: Ip Multicast Forward-First-Packet
ULTICAST OMMANDS IP MULTICAST FORWARD FIRST PACKET ip multicast forward-first-packet Overview Use this command to enable multicast to forward the first multicast packets coming to the device. Use the no variant of this command to disable this feature. Syntax ip multicast forward-first-packet no ip multicast forward-first-packet Default By default, this feature is disabled.
Page 573: Ip Multicast Route
ULTICAST OMMANDS IP MULTICAST ROUTE ip multicast route Overview Use this command to add an IPv4 static multicast route for a specific multicast source and group IPv4 address to the multicast Routing Information Base (RIB). This IPv4 multicast route is used to forward multicast traffic from a specific source and group ingressing on an upstream VLAN to a single or range of downstream VLANs.
Page 574 ULTICAST OMMANDS IP MULTICAST ROUTE To remove a specific downstream VLAN from an existing static multicast route entry, specify the VLAN you want to remove with the <downstream-vlan-id> parameter when entering the no variant of this command. Examples To create a static multicast route for the multicast source IPv4 address 2.2.2.2 and group IPv4 address 224.9.10.11, specifying the upstream VLAN interface as vlan10 and the downstream VLAN interface as vlan20, use the following commands:...
Page 575: Ip Multicast Route-Limit
ULTICAST OMMANDS IP MULTICAST ROUTE LIMIT ip multicast route-limit Overview Use this command to limit the number of multicast routes that can be added to an IPv4 multicast routing table. Use the no variant of this command to return the IPv4 route limit to the default. Syntax ip multicast route-limit <limit>...
Page 576: Ip Multicast Wrong-Vif-Suppression
ULTICAST OMMANDS IP MULTICAST WRONG SUPPRESSION ip multicast wrong-vif-suppression Overview Use this command to prevent unwanted multicast packets received on an unexpected VLAN being trapped to the CPU. Use the no variant of this command to disable wrong VIF suppression. Syntax ip ip multicast wrong-vif-suppression no ip multicast wrong-vif-suppression...
Page 577: Ip Multicast-Routing
ULTICAST OMMANDS IP MULTICAST ROUTING ip multicast-routing Overview Use this command to turn on/off IPv4 multicast routing on the router; when turned off the device does not perform multicast functions. Use the no variant of this command to disable IPv4 multicast routing after enabling it.
Page 578: Ipv6 Multicast Route
ULTICAST OMMANDS MULTICAST ROUTE ipv6 multicast route Overview Use this command to add an IPv6 static multicast route for a specific multicast source and group IPv6 address to the multicast Routing Information Base (RIB). This IPv6 multicast route is used to forward IPv6 multicast traffic from a specific source and group ingressing on an upstream VLAN to a single or range of downstream VLANs.
Page 579 ULTICAST OMMANDS MULTICAST ROUTE you attempt to update an existing static multicast route entry with an additional VLAN or VLANs an error message is displayed and logged. To remove a specific downstream VLAN from an existing static multicast route entry, specify the VLAN you want to remove with the <downstream-vlan-id> parameter when entering the no variant of this command.
Page 580 ULTICAST OMMANDS MULTICAST ROUTE To remove the downstream VLAN 23 from the IPv6 static multicast route created with the above command, use the following commands: awplus# configure terminal awplus(config)# no ipv6 multicast route 2001::1 ff08::1 vlan10 vlan23 To delete an IPv6 static multicast route for the multicast source IPv6 address 2001::1 and group IPv6 address ff08::1, use the following commands: awplus# configure terminal...
Page 581: Ipv6 Multicast Route-Limit
ULTICAST OMMANDS MULTICAST ROUTE LIMIT ipv6 multicast route-limit Overview Use this command to limit the number of multicast routes that can be added to an IPv6 multicast routing table. Use the no variant of this command to return the IPv6 route limit to the default. Syntax ipv6 multicast route-limit <limit>...
Page 582: Ipv6 Multicast-Routing
ULTICAST OMMANDS MULTICAST ROUTING ipv6 multicast-routing Overview Use this command to turn on/off IPv6 multicast routing on the router; when turned off the device does not perform multicast functions. Use the no variant of this command to disable IPv6 multicast routing after enabling it.
Page 583: Multicast
ULTICAST OMMANDS MULTICAST multicast Overview Use this command to enable a device port to route multicast packets that ingress the port. Use the no variant of this command to stop the device port from routing multicast packets that ingress the port. Note that this does not affect Layer 2 forwarding of multicast packets.
Page 584: Show Ip Mroute
ULTICAST OMMANDS SHOW IP MROUTE show ip mroute Overview Use this command to display the contents of the IPv4 multicast routing (mroute) table. Syntax show ip mroute [<ipv4-group-addr>] [<ipv4-source-addr>] [{dense|sparse}] [{count|summary}] Parameter Description Group IPv4 address, in dotted decimal notation in the <ipv4-group-addr>...
Page 585 ULTICAST OMMANDS SHOW IP MROUTE Figure 17-3: Example output from the show ip mroute command with the source and group IPv4 address specified awplus# show ip mroute 10.10.1.52 224.0.1.3 IP Multicast Routing Table Flags: I - Immediate Stat, T - Timed Stat, F - Forwarder installed Timers: Uptime/Stat Expiry Interface State: Interface (TTL)
Page 586: Show Ip Mvif
ULTICAST OMMANDS SHOW IP MVIF show ip mvif Overview Use this command to display the contents of the IPv4 Multicast Routing Information Base (MRIB) VIF table. Syntax show ip mvif [<interface>] Parameter Description The interface to display information about. <interface> Mode User Exec and Privileged Exec Example...
Page 587: Show Ip Rpf
ULTICAST OMMANDS SHOW IP RPF show ip rpf Overview Use this command to display Reverse Path Forwarding (RPF) information for the specified IPv4 source address. Syntax show ip rpf <source-addr> Parameter Description Source IPv4 address, in dotted decimal notation in the <ipv4-source- addr>...
Page 588: Show Ipv6 Mroute
ULTICAST OMMANDS SHOW IPV MROUTE show ipv6 mroute Overview Use this command to display the contents of the IPv6 multicast routing (mroute) table. Syntax show ipv6 mroute [<ipv6-group-addr>] [<ipv6-source-addr>] [{count|summary}] Parameter Description Group IPv6 address, in hexadecimal notation in the format <ipv6-group-addr>...
Page 589 ULTICAST OMMANDS SHOW IPV MROUTE Figure 17-9: Example output from the show ipv6 mroute count command awplus#show ipv6 mroute count IPv6 Multicast Statistics Total 1 routes using 152 bytes memory Route limit/Route threshold: 1024/1024 Total NOCACHE/WRONGmif/WHOLEPKT recv from fwd: 6/0/0 Total NOCACHE/WRONGmif/WHOLEPKT sent to clients: 6/0/0 Immediate/Timed stat updates sent to clients: 0/0 Reg ACK recv/Reg NACK recv/Reg pkt sent: 0/0/0...
Page 590: Show Ipv6 Mif
ULTICAST OMMANDS SHOW IPV show ipv6 mif Overview Use this command to display the contents of the IPv6 Multicast Routing Information Base (MRIB) MIF table. Syntax show ipv6 mif [<interface>] Parameter Description The interface to display information about. <interface> Mode User Exec and Privileged Exec Example awplus#...
Page 591: Igmp Snooping Commands
IGMP Snooping Commands Introduction Overview The Internet Group Management Protocol (IGMP) module includes IGMP Snooping functionality. Some of the following commands may have commonalities and restrictions. These are described under the Usage section for each command. Command List • “clear ip igmp”...
Page 592: Clear Ip Igmp
IGMP S NOOPING OMMANDS CLEAR IP IGMP clear ip igmp Overview Use this command to clear all IGMP group membership records on all VLAN interfaces. Syntax clear ip igmp Mode Privileged Exec Usage This command applies to VLAN interfaces configured for IGMP Snooping. Example awplus# clear ip igmp...
Page 593: Clear Ip Igmp Group
IGMP S NOOPING OMMANDS CLEAR IP IGMP GROUP clear ip igmp group Overview Use this command to clear IGMP group membership records for a specific group on either all VLAN interfaces, a single VLAN interface, or for a range of VLAN interfaces.
Page 594: Clear Ip Igmp Interface
IGMP S NOOPING OMMANDS CLEAR IP IGMP INTERFACE clear ip igmp interface Overview Use this command to clear IGMP group membership records on a particular VLAN interface. Syntax clear ip igmp interface <interface> Parameter Description Specifies the name of the VLAN interface. All groups learned on this <interface>...
Page 595: Debug Igmp
IGMP S NOOPING OMMANDS DEBUG IGMP debug igmp Overview Use this command to enable debugging of either all IGMP or a specific component of IGMP. Use the no variant of this command to disable all IGMP debugging, or debugging of a specific component of IGMP. Syntax debug igmp {all|decode|encode|events|fsm|tib} no debug igmp {all|decode|encode|events|fsm|tib}...
Page 596: Ip Igmp Snooping
IGMP S NOOPING OMMANDS IP IGMP SNOOPING ip igmp snooping Overview Use this command to enable IGMP Snooping. When this command is used in the Global Configuration mode, IGMP Snooping is enabled at the device level. When this command is used in Interface Configuration mode, IGMP Snooping is enabled for the specified VLANs.
Page 597: Ip Igmp Snooping Fast-Leave
IGMP S NOOPING OMMANDS IP IGMP SNOOPING FAST LEAVE ip igmp snooping fast-leave Overview Use this command to enable IGMP Snooping fast-leave processing. Fast-leave processing is analogous to immediate-leave processing. The IGMP group-membership entry is removed as soon as an IGMP leave group message is received, without sending out a group-specific query.
Page 598: Ip Igmp Snooping Querier
IGMP S NOOPING OMMANDS IP IGMP SNOOPING QUERIER ip igmp snooping querier Overview Use this command to enable IGMP querier operation when no multicast routing protocol is configured. When enabled, the IGMP Snooping querier sends out periodic IGMP queries for all interfaces. This command applies to interfaces configured for IGMP Snooping.
Page 599: Ip Igmp Snooping Report-Suppression
IGMP S NOOPING OMMANDS IP IGMP SNOOPING REPORT SUPPRESSION ip igmp snooping report-suppression Overview Use this command to enable report suppression for IGMP versions 1 and 2. This command applies to interfaces configured for IGMP Snooping. Report suppression stops reports being sent to an upstream multicast router port when there are already downstream ports for this group on this interface.
Page 600: Ip Igmp Snooping Tcn Query Solicit
IGMP S NOOPING OMMANDS IP IGMP SNOOPING TCN QUERY SOLICIT ip igmp snooping tcn query solicit Overview Use this command to enable IGMP (Internet Group Management Protocol) Snooping TCN (Topology Change Notification) Query Solicitation feature. When this command is used in the Global Configuration mode, Query Solicitation is enabled.
Page 601 IGMP S NOOPING OMMANDS IP IGMP SNOOPING TCN QUERY SOLICIT Command issued from Device is STP Root Command issued Global Bridge or the from Interface IGMP Query Solicit Configuration EPSR Master Node Configuration message sent on VLAN See the IGMP Feature Overview and Configuration Guide for introductory information about the Query Solicitation feature.
Page 602: Ip Igmp Static-Group
IGMP S NOOPING OMMANDS IP IGMP STATIC GROUP ip igmp static-group Overview Use this command to statically configure multicast group membership entries on a VLAN interface, or to statically forward a multicast channel out a particular port or port range. To statically add only a group membership, do not specify any parameters.
Page 603 IGMP S NOOPING OMMANDS IP IGMP STATIC GROUP Example The following example show how to statically add group and source records for IGMP on the VLAN interface vlan3: awplus# configure terminal awplus(config)# interface vlan3 awplus(config-if)# ip igmp awplus(config-if)# ip igmp static-group 226.1.2.4 source 10.2.3.4 C613-50054-01 REV A Command Reference for x210 Series Edge Switches...
Page 604: Ip Igmp Version
IGMP S NOOPING OMMANDS IP IGMP VERSION ip igmp version Overview Use this command to set the current IGMP version (IGMP version 1, 2 or 3) on an interface. Use the no variant of this command to return to the default version. Syntax ip igmp version <1-3>...
Page 605: Show Debugging Igmp
IGMP S NOOPING OMMANDS SHOW DEBUGGING IGMP show debugging igmp Overview Use this command to display the IGMP debugging options set. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 606: Show Ip Igmp Groups
IGMP S NOOPING OMMANDS SHOW IP IGMP GROUPS show ip igmp groups Overview Use this command to display the multicast groups with receivers directly connected to the router, and learned through IGMP. For information on filtering and saving command output, see “Controlling “show” Command Output”...
Page 607 IGMP S NOOPING OMMANDS SHOW IP IGMP GROUPS Table 18-1: Parameters in the output of the show ip igmp groups command Parameter Description Time (in hours, minutes, and seconds) until the entry expires. Expires Last host to report being a member of the multicast group. Last Reporter C613-50054-01 REV A...
Page 608: Show Ip Igmp Interface
IGMP S NOOPING OMMANDS SHOW IP IGMP INTERFACE show ip igmp interface Overview Use this command to display the state of IGMP Snooping for a specified VLAN, or all VLANs. IGMP is shown as Active or Disabled in the show output. For information on filtering and saving command output, see “Controlling “show”...
Page 609 IGMP S NOOPING OMMANDS SHOW IP IGMP INTERFACE awplus#configure terminal Enter configuration commands, one per line. End with CNTL/Z. awplus(config)#interface vlan2 awplus(config-if)#no ip igmp snooping awplus(config-if)#exit awplus(config)#exit awplus#show ip igmp interface vlan2 Interface vlan2 (Index 202) IGMP Disabled, Inactive, Version 3 (default) IGMP interface has 0 group-record states IGMP activity: 0 joins, 0 leaves IGMP robustness variable is 2...
Page 610 IGMP S NOOPING OMMANDS SHOW IP IGMP INTERFACE Use the show ip igmp interface command to validate that Query Solicitation is enabled and to show the number of query-solicit message packets sent and received on a VLAN. Related clear ip igmp Commands clear ip igmp group clear ip igmp interface...
Page 611: Show Ip Igmp Snooping Statistics
IGMP S NOOPING OMMANDS SHOW IP IGMP SNOOPING STATISTICS show ip igmp snooping statistics Overview Use this command to display IGMP Snooping statistics data. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 612: Undebug Igmp
IGMP S NOOPING OMMANDS UNDEBUG IGMP undebug igmp Overview This command applies the functionality of the no debug igmp command. Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 613: Mld Snooping Commands
MLD Snooping Commands Introduction Overview This chapter provides an alphabetical reference of configuration, clear, and show commands related to MLD Snooping. NOTE Command List • “clear ipv6 mld” on page 614 • “clear ipv6 mld group” on page 615 • “clear ipv6 mld interface”...
Page 614: Clear Ipv6 Mld
MLD S NOOPING OMMANDS CLEAR IPV clear ipv6 mld Overview Use this command to clear all MLD local memberships on all interfaces. Syntax clear ipv6 mld Mode Privileged Exec Example awplus# clear ipv6 mld Related clear ipv6 mld group Commands clear ipv6 mld interface Command Reference for x210 Series Edge Switches C613-50054-01 REV A...
Page 615: Clear Ipv6 Mld Group
MLD S NOOPING OMMANDS CLEAR IPV MLD GROUP clear ipv6 mld group Overview Use this command to clear MLD specific local-membership(s) on all interfaces, for a particular group. Syntax clear ipv6 mld group {*|<ipv6-address>} Parameter Description Clears all groups on all interfaces. This is an alias to the clear ipv6 mld command.
Page 616: Clear Ipv6 Mld Interface
MLD S NOOPING OMMANDS CLEAR IPV MLD INTERFACE clear ipv6 mld interface Overview Use this command to clear MLD interface entries. Syntax clear ipv6 mld interface <interface> Parameter Description Specifies name of the interface; all groups learned from this interface <interface>...
Page 617: Debug Mld
MLD S NOOPING OMMANDS DEBUG MLD debug mld Overview Use this command to enable all MLD debugging modes, or a specific MLD debugging mode. Use the no variant of this command to disable all MLD debugging modes, or a specific MLD debugging mode. Syntax debug mld {all|decode|encode|events|fsm|tib} no debug mld {all|decode|encode|events|fsm|tib}...
Page 618: Ipv6 Mld Access-Group
MLD S NOOPING OMMANDS MLD ACCESS GROUP ipv6 mld access-group Overview Use this command to control the multicast local-membership groups learned on an interface. Use the no variant of this command to disable this access control. Syntax ipv6 mld access-group <IPv6-access-list-name> no ipv6 mld access-group Parameter Description...
Page 619: Ipv6 Mld Limit
MLD S NOOPING OMMANDS MLD LIMIT ipv6 mld limit Overview Use this command to configure a limit on the maximum number of group memberships that may be learned. The limit may be set for the device as a whole, or for a specific interface. Once the specified group membership limit is reached, all further local-memberships will be ignored.
Page 620 MLD S NOOPING OMMANDS MLD LIMIT The following example configures an MLD limit of 100 group-membership states on the VLAN interface vlan2: awplus# configure terminal awplus(config)# ipv6 forwarding awplus(config)# ipv6 multicast-routing awplus(config)# interface vlan2 awplus(config-if)# ipv6 enable awplus(config-if)# ipv6 mld limit 100 The following example configures an MLD limit of 100 group-membership states on the VLAN interfaces vlan2-vlan4: awplus#...
Page 621: Ipv6 Mld Snooping
MLD S NOOPING OMMANDS MLD SNOOPING ipv6 mld snooping Overview Use this command to enable MLD Snooping. When this command is issued in the Global Configuration mode, MLD Snooping is enabled globally for the device. When this command is issued in Interface mode for a VLAN then MLD Snooping is enabled for the specified VLAN.
Page 622 MLD S NOOPING OMMANDS MLD SNOOPING To configure MLD Snooping on the VLAN interfaces vlan2-vlan4, enter the following commands: awplus# configure terminal awplus(config)# interface vlan2-vlan4 awplus(config-if)# ipv6 mld snooping To disable MLD Snooping for the VLAN interface vlan2, enter the following commands: awplus# configure terminal...
Page 623: Ipv6 Mld Snooping Fast-Leave
MLD S NOOPING OMMANDS MLD SNOOPING FAST LEAVE ipv6 mld snooping fast-leave Overview Use this command to enable MLD Snooping fast-leave processing. Fast-leave processing is analogous to immediate-leave processing; the MLD group-membership is removed as soon as an MLD leave group message is received, without sending out a group-specific query.
Page 624: Ipv6 Mld Snooping Mrouter
MLD S NOOPING OMMANDS MLD SNOOPING MROUTER ipv6 mld snooping mrouter Overview Use this command to statically configure the specified port as a Multicast Router interface for MLD Snooping within the specified VLAN. See detailed usage notes below to configure static multicast router ports when using static IPv6 multicast routes with EPSR, and the destination VLAN is an EPSR data VLAN.
Page 625 MLD S NOOPING OMMANDS MLD SNOOPING MROUTER Examples This example shows how to specify the next-hop interface to the multicast router for VLAN interface vlan2: awplus# configure terminal awplus(config)# interface vlan2 awplus(config-if)# ipv6 mld snooping mrouter interface port1.0.5 This example shows how to specify the next-hop interface to the multicast router for VLAN interfaces vlan2-vlan4: awplus# configure terminal...
Page 626: Ipv6 Mld Snooping Querier
MLD S NOOPING OMMANDS MLD SNOOPING QUERIER ipv6 mld snooping querier Overview Use this command to enable MLD querier operation on a subnet (VLAN) when no multicast routing protocol is configured in the subnet (VLAN). When enabled, the MLD Snooping querier sends out periodic MLD queries for all interfaces on that VLAN.
Page 627: Ipv6 Mld Snooping Report-Suppression
MLD S NOOPING OMMANDS MLD SNOOPING REPORT SUPPRESSION ipv6 mld snooping report-suppression Overview Use this command to enable report suppression from hosts for Multicast Listener Discovery version 1 (MLDv1) on a VLAN in Interface Configuration mode. Use the no variant of this command to disable report suppression on a VLAN in Interface Configuration mode.
Page 628 MLD S NOOPING OMMANDS MLD SNOOPING REPORT SUPPRESSION This example shows how to disable report suppression for MLD reports on VLAN interfaces vlan2-vlan4: awplus# configure terminal awplus(config)# interface vlan2-vlan4 awplus(config-if)# no ipv6 mld snooping report-suppression Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 629: Ipv6 Mld Static-Group
MLD S NOOPING OMMANDS MLD STATIC GROUP ipv6 mld static-group Overview Use this command to statically configure IPv6 group membership entries on an interface. To statically add only a group membership, do not specify any parameters. Use the no variant of this command to delete static group membership entries. Syntax ipv6 mld static-group <ipv6-group-address>...
Page 630 MLD S NOOPING OMMANDS MLD STATIC GROUP Examples The following examples show how to statically add group and/or source records for MLD: awplus# configure terminal awplus(config)# interface vlan2 awplus(config-if)# ipv6 mld static-group ff1e::10 awplus# configure terminal awplus(config)# interface vlan2 awplus(config-if)# ipv6 mld static-group ff1e::10 source fe80::2fd:6cff:fe1c:b awplus#...
Page 631: Show Debugging Mld
MLD S NOOPING OMMANDS SHOW DEBUGGING MLD show debugging mld Overview Use this command to display the MLD debugging modes enabled with the debug command. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus”...
Page 632: Show Ipv6 Mld Groups
MLD S NOOPING OMMANDS SHOW IPV MLD GROUPS show ipv6 mld groups Overview Use this command to display the multicast groups with receivers directly connected to the router, and learned through MLD. For information on filtering and saving command output, see “Controlling “show” Command Output”...
Page 633: Show Ipv6 Mld Interface
MLD S NOOPING OMMANDS SHOW IPV MLD INTERFACE show ipv6 mld interface Overview Use this command to display the state of MLD and MLD Snooping for a specified interface, or all interfaces. For information on filtering and saving command output, see “Controlling “show” Command Output”...
Page 634: Show Ipv6 Mld Snooping Mrouter
MLD S NOOPING OMMANDS SHOW IPV MLD SNOOPING MROUTER show ipv6 mld snooping mrouter Overview Use this command to display the multicast router interfaces, both configured and learned, in a VLAN. If you do not specify a VLAN interface then all the VLAN interfaces are displayed.
Page 635: Show Ipv6 Mld Snooping Statistics
MLD S NOOPING OMMANDS SHOW IPV MLD SNOOPING STATISTICS show ipv6 mld snooping statistics Overview Use this command to display MLD Snooping statistics data. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 636: Chapter 20: Ipv4 Hardware Access Control List (Acl) Commands
IPv4 Hardware Access Control List (ACL) Commands Introduction Overview This chapter provides an alphabetical reference of IPv4 Hardware Access Control List (ACL) commands. It contains detailed command information and command examples about IPv4 hardware ACLs, which are applied directly to interfaces using access-group command To apply ACLs to an LACP channel group, apply it to all the individual switch ports...
Page 637 (ACL) C ARDWARE CCESS ONTROL OMMANDS Table 20-1: IPv4 Hardware Access List Commands and Prompts (cont.) Command Name Command Mode Prompt access-group Global Configuration awplus(config)# access-list (hardware IP numbered) Global Configuration awplus(config)# access-list (hardware MAC numbered) Global Configuration awplus(config)# access-list hardware (named) Global Configuration awplus(config)# access-group...
Page 638: Access-Group
(ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS GROUP access-group Overview This command adds or removes a hardware-based access-list to or from a switch port interface. The number of hardware numbered and named access-lists that can be added to a switch port interface is determined by the available memory in hardware-based packet classification tables.
Page 639 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS GROUP To add the named hardware access-list hw-acl to switch port interface port1.0.2, enter the following commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# access-group hw-acl To apply an ACL to static channel group 2 containing switch port1.0.5 and port1.0.6, use the commands: awplus# configure terminal...
Page 640: Access-List (Hardware Ip Numbered)
(ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE NUMBERED access-list (hardware IP numbered) Overview This command creates an access-list for use with hardware classification, such as QoS. The access-list will match on either TCP or UDP type packets that have the specified source and destination IP addresses and Layer 4 port values or ranges.
Page 641 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE NUMBERED Table 20-2: Parameters in the access-list (hardware IP numbered) command - ip|icmp (cont.) Parameter Description The source address of the packets. You can specify a single host, <source> a subnet, or all sources. The following are the valid formats for specifying the source: Matches any source IP address.
Page 642 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE NUMBERED Table 20-2: Parameters in the access-list (hardware IP numbered) command - ip|icmp (cont.) Parameter Description The ICMP type, as defined in RFC792 and RFC950. Specify one of <type-number> the following integers to create a filter for the ICMP message type: Echo replies.
Page 643 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE NUMBERED Table 20-3: Parameters in the access-list (hardware IP numbered) command - tcp|udp (cont.) Parameter Description The access-list matches only UDP packets. The source address of the packets. You can specify a single host, a <source>...
Page 644 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE NUMBERED Table 20-3: Parameters in the access-list (hardware IP numbered) command - tcp|udp (cont.) Parameter Description Port number at end of range <0-65535>. <end-range> The destination (TCP or UDP) port number, specified as an <destport>...
Page 645 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE NUMBERED Table 20-4: Parameters in the access-list (hardware IP numbered) command - proto (cont.) Parameter Description The source address of the packets. You can specify a single host, <source> a subnet, or all sources. The following are the valid formats for specifying the source: Matches any source IP address.
Page 646 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE NUMBERED Table 20-4: Parameters in the access-list (hardware IP numbered) command - proto (cont.) Parameter Description The IP protocol number, as defined by IANA (Internet Assigned <ip-protocol> Numbers Authority www.iana.org/assignments/protocol-numbers) Protocol Number Protocol Description [RFC Reference] Internet Control Message [RFC792] Internet Group Management [RFC1112]...
Page 647 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE NUMBERED Table 20-4: Parameters in the access-list (hardware IP numbered) command - proto (cont.) Parameter Description Bulk Data Transfer Protocol [RFC969] <ip-protocol>( cont.) DCCP (Datagram Congestion Control Protocol) [RFC4340] DSR (Dynamic Source Routing Protocol) [RFC4728] ESP (Encap Security Payload) [RFC2406] AH (Authentication Header) [RFC2402]...
Page 648 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE NUMBERED Usage This command creates an access-list for use with hardware classification, such as when applying QoS. This command can be used to match ICMP packets, IP protocols, or TCP/ UDP packets. For ICMP packets, the <3000-3699>...
Page 649 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE NUMBERED copy-to-mirror To create an access-list that will copy-to-mirror TCP packets with a destination Example address of 192.168.1.1, a destination port of 80 and any source address and source port for use with the mirror interface command, enter the commands: awplus#...
Page 650: Access-List (Hardware Mac Numbered)
(ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE NUMBERED access-list (hardware MAC numbered) Overview This command creates an access-list for use with hardware classification, such as QOS. The access-list will match on packets that have the specified source and destination MAC addresses.
Page 651 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE NUMBERED Parameter Description The mask that will be applied to the destination MAC <destination-mac- addresses. mask> Enter this in the format <HHHH.HHHH.HHHH> where each H is a hexadecimal number that represents a 4 bit binary number.
Page 652 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE NUMBERED To create an access-list that will copy-to-mirror packets with an initial MAC address component of 0000.00ab and any destination address for use with the mirror interface command, enter the commands: awplus# configure terminal awplus(config)#...
Page 653: Access-List Hardware (Named)
(ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE NAMED access-list hardware (named) Overview This command creates a named hardware access-list that can be applied to a switch port interface. ACL filters for a named hardware ACL are created in the IPv4 Hardware ACL Configuration mode.
Page 654 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE NAMED Related access-group Commands (access-list hardware ICMP filter) (access-list hardware IP protocol filter) (access-list hardware TCP UDP filter) (access-list standard named filter) show access-list (IPv4 Hardware ACLs) Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 655: (Access-List Hardware Icmp Filter)
(ACL) C ARDWARE CCESS ONTROL OMMANDS ICMP ACCESS LIST HARDWARE FILTER (access-list hardware ICMP filter) Overview Use this ACL filter to add a new ICMP filter entry to the current hardware access-list. The filter will match on any ICMP packet that has the specified source and destination IP addresses and ICMP type.
Page 656 (ACL) C ARDWARE CCESS ONTROL OMMANDS ICMP ACCESS LIST HARDWARE FILTER Parameter Description The source address of the packets. You can specify a single host, a <source> subnet, or all sources. The following are the valid formats for specifying the source: An IPv4 address, followed by a <ip-addr>/ forward slash, then the prefix length.
Page 657 (ACL) C ARDWARE CCESS ONTROL OMMANDS ICMP ACCESS LIST HARDWARE FILTER An ACL can be configured with multiple ACL filters using sequence numbers. If the sequence number is omitted, the next available multiple of 10 will be used as the sequence number for the new filter.
Page 658: (Access-List Hardware Ip Protocol Filter)
(ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE PROTOCOL FILTER (access-list hardware IP protocol filter) Overview Use this ACL filter to add an IP protocol type filter entry to the current hardware access-list. The filter will match on any IP packet that has the specified source and destination IP addresses and IP protocol type, or has the optionally specified source and destination MAC addresses.
Page 659 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE PROTOCOL FILTER Parameter Description The IP protocol number, as defined by IANA (Internet <ip-protocol> Assigned Numbers Authority www.iana.org/assignments/protocol-numbers) Protocol Number Protocol Description [RFC Reference] Internet Control Message [RFC792] Internet Group Management [RFC1112] Gateway-to-Gateway [RFC823] IP in IP [RFC2003]...
Page 660 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE PROTOCOL FILTER Parameter Description NARP (NBMA Address Resolution <ip-protocol>(cont. Protocol) [RFC1735] ICMP for IPv6 [RFC1883] No Next Header for IPv6 [RFC1883] Destination Options for IPv6 [RFC1883] EIGRP (Enhanced Interior Gateway Routing Protocol) OSPFIGP [RFC1583] Ethernet-within-IP Encapsulation / RFC3378...
Page 661 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE PROTOCOL FILTER Parameter Description The source address of the packets. You can specify a <source> single host, a subnet, or all sources. The following are the valid formats for specifying the source: Matches any source IP address.
Page 662 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE PROTOCOL FILTER Parameter Description The destination host’s MAC address, entered in <mac-destination- HHHH.HHHH.HHHH format. address> The destination host’s wildcard mask entered in <mac-destination- HHHH.HHHH.HHHH format. mask> where Hex FF = Ignore, and Hex 00 = Match. Matches any destination MAC address.
Page 663 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE PROTOCOL FILTER To add an access-list filter entry to the access-list named my-list a filter that will deny all IGMP packets (protocol 2) from the 192.168.0.0 network with sequence number 50 in access-list, use the commands: awplus# configure terminal awplus(config)#...
Page 664: (Access-List Hardware Mac Filter)
(ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE FILTER (access-list hardware MAC filter) Overview Use this ACL filter to add a MAC filter entry to the current hardware access-list. The filter will match on any IP packet that has the specified source and destination MAC addresses.
Page 665 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE FILTER Parameter Description Any source MAC host. The destination MAC address of the packets. <destination-mac- Enter this in the format <HHHH.HHHH.HHHH> address> where each H is a hexadecimal number that represents a 4 bit binary number. The mask that will be applied to the destination <destination-mac-mask>...
Page 666 (ACL) C ARDWARE CCESS ONTROL OMMANDS ACCESS LIST HARDWARE FILTER Related access-group Commands access-list hardware (named) show running-config Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 667: (Access-List Hardware Tcp Udp Filter)
(ACL) C ARDWARE CCESS ONTROL OMMANDS TCP UDP ACCESS LIST HARDWARE FILTER (access-list hardware TCP UDP filter) Overview Use this ACL filter to add a TCP or UDP filter entry to the current hardware access-list. The filter will match on any TCP or UDP type packet that has the specified source and destination IP addresses.
Page 668 (ACL) C ARDWARE CCESS ONTROL OMMANDS TCP UDP ACCESS LIST HARDWARE FILTER Parameter Description The source address of the packets. You can specify a <source> single host, a subnet, or all sources. The following are the valid formats for specifying the source: Matches any source IP address.
Page 669 (ACL) C ARDWARE CCESS ONTROL OMMANDS TCP UDP ACCESS LIST HARDWARE FILTER Parameter Description The source TCP or UDP port number, specified as an <destport> integer between 0 and 65535. Specify the range of port numbers between 0 and range 65535.
Page 670: Commit (Ipv4)
(ACL) C ARDWARE CCESS ONTROL OMMANDS COMMIT commit (IPv4) Overview Use this command to commit the IPv4 ACL filter configuration entered at the console to the hardware immediately without exiting the IPv4 Hardware ACL Configuration mode. This command forces the associated hardware and software IPv4 ACLs to synchronize.
Page 671: Show Access-List (Ipv4 Hardware Acls)
(ACL) C ARDWARE CCESS ONTROL OMMANDS SHOW ACCESS LIST ARDWARE show access-list (IPv4 Hardware ACLs) Overview Use this command to display the specified access-list, or all access-lists if none have been specified. Note that only defined access-lists are displayed. An error message is displayed for an undefined access-list.
Page 672 (ACL) C ARDWARE CCESS ONTROL OMMANDS SHOW ACCESS LIST ARDWARE Related access-list (hardware MAC numbered) Commands access-list hardware (named) Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 673: Show Interface Access-Group
(ACL) C ARDWARE CCESS ONTROL OMMANDS SHOW INTERFACE ACCESS GROUP show interface access-group Overview Use this command to display the access groups attached to a port. If an access group is specified, then the output only includes the ports that the specified access group is attached to.
Page 674: Chapter 21: Ipv4 Software Access Control List (Acl) Commands
IPv4 Software Access Control List (ACL) Commands Introduction Overview This chapter provides an alphabetical reference for the IPv4 Software Access Control List (ACL) commands, and contains detailed command information and command examples about IPv4 software ACLs as applied to Routing and Multicasting, which are not applied to interfaces.
Page 675 (ACL) C OFTWARE CCESS ONTROL OMMANDS Table 21-1: IPv4 Software Access List Commands and Prompts Command Name Command Mode Prompt show ip access-list Privileged Exec awplus# access-group Global Configuration awplus(config)# access-list (standard named) Global Configuration awplus(config)# access-list (standard numbered) Global Configuration awplus(config)# maximum-access-list Global Configuration...
Page 676: Access-List Standard (Named)
(ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NAMED access-list standard (named) Overview This command configures a standard named access-list that permits or denies packets from a specific source IP address. You can either create a standard named ACL together with an ACL filter entry in the Global Configuration mode, or you can use the IPv4 Standard ACL Configuration mode for sequenced ACL filter entry after first entering an access-list name.
Page 677 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NAMED Usage Use this command when configuring a standard named access-list for filtering IP software packets. For backwards compatibility you can either create the access-list from within this command, or you can enter this command followed by only the standard access-list name then enter.
Page 678: Access-List (Standard Numbered)
(ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NUMBERED access-list (standard numbered) Overview This command configures a standard numbered access-list that permits or denies packets from a specific source IP address. You can either create a standard numbered ACL together with an ACL filter entry in the Global Configuration mode, or you can use the IPv4 Standard ACL Configuration mode for sequenced ACL filter entry after first entering an access-list number.
Page 679 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NUMBERED only the standard access-list name. This moves you to the IPv4 Standard ACL Configuration mode for the selected standard numbered access-list, and from here you can configure the deny or permit filters for this selected standard numbered access-list.
Page 680: (Access-List Standard Named Filter)
(ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NAMED FILTER (access-list standard named filter) Overview This ACL filter adds a source IP address filter entry to a current named standard access-list. If the sequence number is specified, the new filter entry is inserted at the specified location.
Page 681 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NAMED FILTER Usage An ACL can be configured with multiple ACL filters using sequence numbers. If the sequence number is omitted, the next available multiple of 10 will be used as the sequence number for the new filter.
Page 682: (Access-List Standard Numbered Filter)
(ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NUMBERED FILTER (access-list standard numbered filter) Overview This ACL filter adds a source IP address filter entry to a current standard numbered access-list. If a sequence number is specified, the new filter entry is inserted at the specified location.
Page 683: C613-50054-01 Rev A Command Reference For X210 Series Edge Switches
(ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NUMBERED FILTER Usage An ACL can be configured with multiple ACL filters using sequence numbers. If the sequence number is omitted, the next available multiple of 10 will be used as the sequence number for the new filter.
Page 684: Maximum-Access-List
(ACL) C OFTWARE CCESS ONTROL OMMANDS MAXIMUM ACCESS LIST maximum-access-list Overview Sets the maximum number of filters that can be added to any access-list. These are access-lists within the ranges <1-199> and <1300-1999>, and named standard access-lists. The no variant of this command removes the limit on the number of filters that can be added to a software access-list Syntax maximum-access-list <1-4294967294>...
Page 685: Show Access-List (Ipv4 Software Acls)
(ACL) C OFTWARE CCESS ONTROL OMMANDS SHOW ACCESS LIST OFTWARE show access-list (IPv4 Software ACLs) Overview Use this command to display the specified access-list, or all access-lists if none have been specified. Note that only defined access-lists are displayed. An error message is displayed for an undefined access-list Syntax show access-list...
Page 686 (ACL) C OFTWARE CCESS ONTROL OMMANDS SHOW ACCESS LIST OFTWARE % Can't find access-list 2 Related access-list standard (named) Commands access-list (standard numbered) Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 687: Show Ip Access-List
(ACL) C OFTWARE CCESS ONTROL OMMANDS SHOW IP ACCESS LIST show ip access-list Overview Use this command to display IP access-lists. Syntax show ip access-list [<1-99>|<1300-1999>|<access-list-name>] Parameter Description IP standard access-list. <1-99> IP standard access-list (expanded range). <1300-1999> IP named access-list. <access-list-name>...
Page 688: Chapter 22: Ipv6 Software Access Control List (Acl) Commands
IPv6 Software Access Control List (ACL) Commands Introduction Overview This chapter provides an alphabetical reference for the IPv6 Software Access Control List (ACL) commands, and contains detailed command information and command examples about IPv6 software ACLs as applied to Routing and Multicasting, which are not applied to interfaces.
Page 689 (ACL) C OFTWARE CCESS ONTROL OMMANDS Table 22-1: IPv6 Software Access List Commands and Prompts Command Name Command Mode Prompt show ipv6 access-list (IPv6 Software Privileged Exec awplus# ACLs) ipv6 access-list standard (named) Global Configuration awplus(config)# (ipv6 access-list standard filter) IPv6 Standard ACL awplus(config-ipv6-std-acl)# Configuration...
Page 690: Ipv6 Access-List Standard (Named)
(ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NAMED ipv6 access-list standard (named) Overview This command configures an IPv6 standard access-list for filtering frames that permit or deny IPv6 packets from a specific source IPv6 address. The no variant of this command removes a specified IPv6 standard access-list. Syntax ipv6 access-list standard <ipv6-acl-list-name>...
Page 691 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD NAMED For backwards compatibility you can either create IPv6 standard access-lists from within this command, or you can enter ipv6 access-list standard followed by only the IPv6 standard access-list name. This latter (and preferred) method moves you to the (config-ipv6-std-acl) prompt for the selected IPv6 standard access-list, and from here you can configure the filters for this selected IPv6 standard access-list.
Page 692: (Ipv6 Access-List Standard Filter)
(ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD FILTER (ipv6 access-list standard filter) Overview Use this ACL filter to add a filter entry for an IPv6 source address and prefix length to the current standard IPv6 access-list. If a sequence number is specified, the new entry is inserted at the specified location.
Page 693 (ACL) C OFTWARE CCESS ONTROL OMMANDS ACCESS LIST STANDARD FILTER To remove the ACL filter entry that will deny any IPv6 packets from the standard IPv6 access-list named my-list, enter the commands: awplus# configure terminal awplus(config)# ipv6 access-list standard my-list awplus(config-ipv6-std-acl)# no deny any Alternately, to remove the ACL filter entry with sequence number 5 to the...
Page 694: Show Ipv6 Access-List (Ipv6 Software Acls)
(ACL) C OFTWARE CCESS ONTROL OMMANDS SHOW IPV ACCESS LIST OFTWARE show ipv6 access-list (IPv6 Software ACLs) Overview Use the show ipv6 access-list standard command to display a specified standard named IPv6 access-list that has been defined using the ipv6 access-list standard (named) command.
Page 695: Chapter 23: Qos Commands
QoS Commands Introduction Overview This chapter provides an alphabetical reference for Quality of Service commands. For more information, see the QoS Feature Overview and Configuration Guide ACL Feature Overview and Configuration Guide. Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 696 OMMANDS Command List • “class” on page 698 • “class-map” on page 699 • “clear mls qos interface policer-counters” on page 700 • “default-action” on page 701 • “description (QoS policy-map)” on page 702 • “egress-rate-limit” on page 703 • “match access-group”...
Page 697 OMMANDS • “storm-action” on page 742 • “storm-downtime” on page 743 • “storm-protection” on page 744 • “storm-rate” on page 745 • “storm-window” on page 746 • “trust dscp” on page 747 • “wrr-queue disable queues” on page 748 • “wrr-queue egress-rate-limit queues”...
Page 698: Class
OMMANDS CLASS class Overview Use this command to associate an existing class-map to a policy or policy-map (traffic classification), and to enter Policy Map Class Configuration mode to configure the class- map. Use the no variant of this command to delete an existing class-map. For more information on class-maps and policy-maps, see the the QoS Feature Overviewand Configuration...
Page 699: Class-Map
OMMANDS CLASS class-map Overview Use this command to create a class-map. Use the no variant of this command to delete the named class-map. Syntax class-map <name> no class-map <name> Parameter Description Name of the class-map to be created. <name> Mode Global Configuration Example This example creates a class-map called cmap1, use the commands:...
Page 700: Clear Mls Qos Interface Policer-Counters
OMMANDS CLEAR MLS QOS INTERFACE POLICER COUNTERS clear mls qos interface policer-counters Overview Resets an interface’s policer counters to zero. You can either clear a specific class-map, or you can clear all class-maps by not specifying a class map. Syntax clear mls qos interface <port>...
Page 701: Default-Action
OMMANDS DEFAULT ACTION default-action Overview Sets the action for the default class-map belonging to a particular policy-map. The action for a non-default class-map depends on the action of any ACL that is applied to the policy-map. The default action can therefore be thought of as specifying the action that will be applied to any data that does not meet the criteria specified by the applied matching commands.
Page 702: Description (Qos Policy-Map)
OMMANDS DESCRIPTION POLICY description (QoS policy-map) Overview Adds a textual description of the policy-map. This can be up to 80 characters long. Use the no variant of this command to remove the current description from the policy-map. Syntax description <line> no description Parameter Description...
Page 703: Egress-Rate-Limit
OMMANDS EGRESS RATE LIMIT egress-rate-limit Overview Sets a limit on the amount of traffic that can be transmitted per second from this port. Use the no variant of this command to disable the limiting of traffic egressing on the interface. Syntax egress-rate-limit <bandwidth>...
Page 704: Match Access-Group
OMMANDS MATCH ACCESS GROUP match access-group Overview Use this command to define match criterion for a class-map. Syntax match access-group {<hw-IP-ACL>|<hw-MAC-ACL>|<hw-named-ACL>} no match access-group {<hw-IP-ACL>|<hw-MAC-ACL>|<hw-named-ACL>} Parameter Description Specify a hardware IP ACL number in the range <3000-3699>. <hw-IP-ACL> Specify a hardware MAC ACL number in the range <4000-4699>. <hw-MAC-ACL>...
Page 705 OMMANDS MATCH ACCESS GROUP To configure a class-map named cmap3 with one match criterion: access-list hw_acl, which allows IP traffic from any source to any destination, use the commands: awplus# configure terminal awplus(config)# access-list hardware hw_acl awplus(config-ip-hw-acl)# permit ip any any awplus(config)# class-map cmap3 awplus(config-cmap)#...
Page 706: Match Cos
OMMANDS MATCH COS match cos Overview Use this command to define a COS to match against incoming packets. Use the no variant of this command to remove CoS. Syntax match cos <0-7> no match cos Parameter Description Specify the CoS value. <0-7>...
Page 707: Match Dscp
OMMANDS MATCH DSCP match dscp Overview Use this command to define the DSCP to match against incoming packets. Use the no variant of this command to remove a previously defined DSCP. Syntax match dscp <0-63> no match dscp Parameter Description Specify DSCP value (only one value can be specified).
Page 708: Match Eth-Format Protocol
OMMANDS MATCH ETH FORMAT PROTOCOL match eth-format protocol Overview This command sets the Ethernet format and the protocol for a class-map to match Select one Layer 2 format and one Layer 3 protocol when you issue this command. Use the no variant of this command to remove the configured Ethernet format and protocol from a class-map.
Page 709 OMMANDS MATCH ETH FORMAT PROTOCOL Parameter Description Protocol Number F0 (enter the parameter name or its netbeui number). Protocol Number FE (enter the parameter name or its iso-clns-is number). Protocol Number 0801(enter the parameter name or its xdot75-internet number). Protocol Number 0802 (enter the parameter name or its nbs-internet number).
Page 710 OMMANDS MATCH ETH FORMAT PROTOCOL Parameter Description Protocol Number 809B (enter the parameter name or its appletalk number). Protocol Number 80D5 (enter the parameter name or ibm-sna its number). Protocol Number 80F3 (enter the parameter name or its appletalk-aarp number). Protocol Number 814CV.
Page 711: Match Ip-Precedence
OMMANDS MATCH IP PRECEDENCE match ip-precedence Overview Use this command to identify IP precedence values as match criteria. Use the no variant of this command to remove IP precedence values from a class-map. Syntax match ip-precedence <0-7> no match ip-precedence Parameter Description The precedence value to be matched.
Page 712: Match Mac-Type
OMMANDS MATCH MAC TYPE match mac-type Overview Use this command to set the MAC type for a class-map to match on. Use no variant of this command to remove the MAC type match entry. Syntax match mac-type {l2bcast|l2mcast|l2ucast} no match mac-type Parameter Description Layer 2 Broadcast traffic.
Page 713: Match Tcp-Flags
OMMANDS MATCH TCP FLAGS match tcp-flags Overview Sets one or more TCP flags (control bits) for a class-map to match on. Use the no variant of this command to remove one or more TCP flags for a class-map to match on. Syntax match tcp-flags {[ack][fin][psh][rst][syn][urg]} no match tcp-flags {[ack][fin][rst][syn][urg]}...
Page 714: Match Vlan
OMMANDS MATCH VLAN match vlan Overview Use this command to define the VLAN ID as match criteria. Use the no variant of this command to disable the VLAN ID used as match criteria. Syntax match vlan <1-4094> no match vlan Parameter Description The VLAN number.
Page 715: Mls Qos Cos
OMMANDS MLS QOS COS mls qos cos Overview This command assigns a CoS (Class of Service) user-priority value to untagged frames entering a specified interface. By default, all untagged frames are assigned a CoS value of 0. Use the no variant of this command to return the interface to the default CoS setting for untagged frames entering the interface.
Page 716: Mls Qos Enable
OMMANDS MLS QOS ENABLE mls qos enable Overview Use this command to globally enable QoS on the switch. Use the no variant of this command to globally disable QoS and remove all QoS configuration. The no variant of this command removes all class-maps, policy-maps, and policers that have been created.
Page 717: Mls Qos Map Cos-Queue To
OMMANDS MLS QOS MAP COS QUEUE TO mls qos map cos-queue to Overview Use this command to set the default CoS to egress queue mapping. This is the default queue mapping for packets that do not get assigned an egress queue via any other QoS functionality.
Page 718: Mls Qos Map Premark-Dscp To
OMMANDS MLS QOS MAP PREMARK DSCP TO mls qos map premark-dscp to Overview This command configures the premark-dscp map. It is used when traffic is classified by a class-map that has trust dscp configured. Based on a lookup DSCP, the map determines new QoS settings for the traffic. The no variant of this command resets the premark-dscp map to its defaults.
Page 719 OMMANDS MLS QOS MAP PREMARK DSCP TO Example To set the entry for DSCP 1 to use a new DSCP of 2, a new CoS of 3, and a new bandwidth class of yellow, use the command: awplus# configure terminal awplus(config)# mls qos map premark-dscp 1 to new-dscp 2 new-cos 3 new-bandwidth-class yellow...
Page 720: No Police
OMMANDS NO POLICE no police Overview Use this command to disable any policer previously configured on the class-map. Syntax no police Mode Policy Map Class Configuration Usage This command disables any policer previously configured on the class-map. Example To disable policing on a class-map use the command: awplus# configure terminal awplus(config)#...
Page 721: Police Single-Rate Action
OMMANDS POLICE SINGLE RATE ACTION police single-rate action Overview Configures a single-rate policer for a class-map. Syntax police single-rate <cir> <cbs> <ebs> action {drop-red|remark-transmit} Parameter Description Specify the Committed Information Rate (CIR) (1-40000000 kbps). <cir> Specify the Committed Burst Size (CBS) (0-16777216 bytes). <cbs>...
Page 722 OMMANDS POLICE SINGLE RATE ACTION to green- colored and yellow-colored traffic irrespective of the value configured on the action parameter of the policer. So, even if action is configured to drop-red, the remark-map will be applied to green and yellow traffic. So, the action parameter only applies to red- colored traffic.
Page 723: Police Twin-Rate Action
OMMANDS POLICE TWIN RATE ACTION police twin-rate action Overview Configures a twin-rate policer for a class-map. Syntax police twin-rate <cir> <pir> <cbs> <pbs> action {drop-red|remark-transmit} Parameter Description Specify the Committed Information Rate (CIR) (1-40000000 kbps). <cir> Specify the Peak Information Rate (PIR) (1-40000000 kbps). <pir>...
Page 724 OMMANDS POLICE TWIN RATE ACTION Using an action of remark-transmit means that the packet will be remarked with the values configured in the policed-dscp map. The index into this map is determined by the DSCP in the packet. Note that the remark-map does not only apply to red traffic.
Page 725: Policy-Map
OMMANDS POLICY policy-map Overview Use this command to create a policy-map and to enter Policy Map Configuration mode to configure the specified policy-map. Use the no variant of this command to delete an existing policy-map. Syntax policy-map <name> no policy-map <name> Parameter Description Name of the policy-map.
Page 726: Priority-Queue
OMMANDS PRIORITY QUEUE priority-queue Overview Configures strict priority based scheduling on the specified egress queues. You must specify at least one queue. Syntax priority-queue [0][1][2][3] Parameter Description Specify the queues that will use strict priority scheduling. With [0][1][2][3] strict priority scheduling, the switch will empty the highest numbered queue first, then start processing the next lowest numbered queue.
Page 727: Remark-Map
OMMANDS REMARK remark-map Overview Use this command to configure the remark map. If a re-mark map is applied to a class, and a policer is also applied to the same class, then: • green and yellow traffic will all be acted upon by the remark-map, and •...
Page 728 OMMANDS REMARK To remark the policed green traffic to a new DSCP of 2, use the commands: awplus# configure terminal awplus(config)# policy-map pmap1 awplus(config-pmap)# class cmap1 awplus(config-pmap-c)# remark-map bandwidth-class green to new-dscp 2 To reset the DSCP for all bandwidth classes, use the commands: awplus# configure terminal awplus(config)#...
Page 729: Remark New-Cos
OMMANDS REMARK NEW remark new-cos Overview This command enables you to configure and remark either or both of: • the CoS flag in the data packet • the input into the CoS to queue map, thus changing the destination egress queue.
Page 730 OMMANDS REMARK NEW Figure 23-1: Remarking and the CoS to Q map CoS Flag in Packet Remark new-cos <0-3> external Existing CoS value Remark new-cos <0-3> both Cos to Queue Remark new-cos <0-3> internal Mapping Egress queue value CoS Value New-CoS internal Egress Queue The above mapping is set by the command mls qos map cos-queue to, and displayed by the command...
Page 731: Service-Policy Input
OMMANDS SERVICE POLICY INPUT service-policy input Overview Use this command to apply a policy-map to the input of an interface. Use the no variant of this command to remove a policy-map and interface association. Syntax service-policy input <policy-map> no service-policy input <policy-map> Parameter Description Policy map name that will be applied to the input.
Page 732: Show Class-Map
OMMANDS SHOW CLASS show class-map Overview Use this command to display the QoS class-maps’ criteria for classifying traffic. Syntax show class-map [<class-map-name>] Parameter Description Name of the class-map. <class-map-name> Mode User Exec and Privileged Exec Example To display a QoS class-map’s match criteria for classifying traffic, use the command: awplus# show class-map cmap1 Output...
Page 733: Show Mls Qos
OMMANDS SHOW MLS QOS show mls qos Overview Use this command to display whether QoS is enabled or disabled on the switch. Syntax show mls qos Mode User Exec and Privileged Exec Example To display whether QoS is enabled or disabled, use the command: awplus# show mls qos Output...
Page 734: Show Mls Qos Interface
OMMANDS SHOW MLS QOS INTERFACE show mls qos interface Overview Displays the current settings for the interface. This includes its default CoS and queue, scheduling used for each queue, and any policies/maps that are attached. Syntax show mls qos interface [<port>] Parameter Description Switch port.
Page 735: Show Mls Qos Interface Policer-Counters
OMMANDS SHOW MLS QOS INTERFACE POLICER COUNTERS show mls qos interface policer-counters Overview This command displays an interface’s policer counters. This can either be for a specific class-map or for all class-maps attached to the interface. If no class-map is specified then all class-map policer counters attached to the interface are displayed.
Page 736 OMMANDS SHOW MLS QOS INTERFACE POLICER COUNTERS This output shows a policer configured with remarking through ‘action remark- transmit’, so although bytes are marked as Red, none are dropped. Therefore, the ‘Non-dropped Bytes’ field shows a summation of Green/Yellow and Red bytes. Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 737: Show Mls Qos Interface Queue-Counters
OMMANDS SHOW MLS QOS INTERFACE QUEUE COUNTERS show mls qos interface queue-counters Overview This command displays an interface’s egress queue counters. This can either be for a specific queue or for all queues on the interface. If no queue is specified all queue counters on the interface will be displayed.
Page 738: Show Mls Qos Interface Storm-Status
OMMANDS SHOW MLS QOS INTERFACE STORM STATUS show mls qos interface storm-status Overview Show the current configuration and status of the QoS Storm Protection (QSP) on the given port. Syntax show mls qos interface <port> storm-status Parameter Description Switch port. <port>...
Page 739: Show Mls Qos Maps Cos-Queue
OMMANDS SHOW MLS QOS MAPS COS QUEUE show mls qos maps cos-queue Overview Show the current configuration of the cos-queue map. Syntax show mls qos maps cos-queue Mode User Exec and Privileged Exec Example To display the current configuration of the cos-queue map, use the command: awplus# show mls qos maps cos-queue Output...
Page 740: Show Mls Qos Maps Premark-Dscp
OMMANDS SHOW MLS QOS MAPS PREMARK DSCP show mls qos maps premark-dscp Overview This command displays the premark-dscp map. This map is used when the trust dscp command has been specified for a policy-map’s class-map to replace the DSCP, CoS and/or bandwidth class of a packet matching the class-map based on a lookup DSCP value.
Page 741: Show Policy-Map
OMMANDS SHOW POLICY show policy-map Overview Displays the policy-maps configured on the switch. The output also shows whether or not they are connected to a port (attached / detached) and shows their associated class-maps. Syntax show policy-map [<name>] Parameter Description The name of a specific policy-map.
Page 742: Storm-Action
OMMANDS STORM ACTION storm-action Overview Sets the action to be taken when triggered by QoS Storm Protection (QSP). There are three available options: • portdisable will disable the port in software. • vlandisable will disable the port from the VLAN matched by the class-map in class-map.
Page 743: Storm-Downtime
OMMANDS STORM DOWNTIME storm-downtime Overview Sets the time to re-enable a port that has been disabled by QoS Storm Protection (QSP). The time is given in seconds, from a minimum of one second to maximum of 86400 seconds (i.e. one day). The no variant of this command resets the time to the default value of 10 seconds.
Page 744: Storm-Protection
OMMANDS STORM PROTECTION storm-protection Overview Use this command to enable Policy Based Storm Protection (such as QSP - QoS Storm Protection). Storm protection is activated as soon as a port is enabled. However, it will only be functional after storm-rate storm-window have been set.
Page 745: Storm-Rate
OMMANDS STORM RATE storm-rate Overview Sets the data rate that triggers the storm-action. The rate is in kbps and the range is from 1kbps to 40Gbps. Note that this setting is made in conjunction with the storm-window command. Use the no variant of this command to negate the storm-rate command. Syntax storm-rate <1-40000000>...
Page 746: Storm-Window
OMMANDS STORM WINDOW storm-window Overview Sets the window size of QoS Storm Protection (QSP). This sets the time to poll the data-rate every given milliseconds. Minimum window size is 100 ms and the maximum size is 60 sec. Use the no variant of this command to negate the storm-window command. Syntax storm-window <100-60000>...
Page 747: Trust Dscp
OMMANDS TRUST DSCP trust dscp Overview This command enables the premark-dscp map to replace the bandwidth-class, CoS, DSCP, and queue of classified traffic based on a lookup DSCP value. With the no variant of this command, no premark-dscp mapping function will be applied for the selected class-map.QoS components of the packet existing either at ingress, or applied by the class-map, will pass unchanged.
Page 748: Wrr-Queue Disable Queues
OMMANDS QUEUE DISABLE QUEUES wrr-queue disable queues Overview Use this command to disable an egress queue from transmitting traffic. The no variant of this command enables an egress queue to transmit traffic. Syntax wrr-queue disable queues [0][1][2][3][4][5][6][7] no wrr-queue disable queues [0][1][2][3][4][5][6][7] Parameter Description Selects one or more queues numbered 0 to 3.
Page 749: Wrr-Queue Egress-Rate-Limit Queues
OMMANDS QUEUE EGRESS RATE LIMIT QUEUES wrr-queue egress-rate-limit queues Overview Sets a limit on the amount of traffic that can be transmitted per second from these queues. The default unit is in Kb, but Mb or Gb can also be specified. The minimum is 651Kb.
Page 750: Wrr-Queue Weight Queues
OMMANDS QUEUE WEIGHT QUEUES wrr-queue weight queues Overview This command configures weighted round-robin based scheduling on the specified egress queues on switch port interfaces only. The weights are specified as ratios relative to each other. Syntax wrr-queue weight <1-15> queues [0][1][2][3] Parameter Description Weight (the higher the number the greater will be the queue...
Page 751 OMMANDS QUEUE WEIGHT QUEUES Related priority-queue Commands show mls qos interface C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 752: Chapter 24: 802.1X Commands
802.1X Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure 802.1X port access control. Command List • “debug dot1x” on page 753 • “dot1x control-direction” on page 754 • “dot1x eap” on page 755 • “dot1x eapol-version”...
Page 753: Debug Dot1X
802.1X C OMMANDS DEBUG DOT debug dot1x Overview Use this command to enable 802.1X IEEE Port-Based Network Access Control troubleshooting functions. Use the no variant of this command to disable this function. Syntax debug dot1x [all|auth-web|event|nsm|packet|timer] no debug all dot1x no debug dot1x [all|auth-web|event|nsm|packet|timer] Parameter Description...
Page 754: Dot1X Control-Direction
802.1X C OMMANDS X CONTROL DIRECTION dot1x control-direction Overview This command sets the direction of the filter for the unauthorized interface. If the optional in parameter is specified with this command then packets entering the specified port are discarded. The in parameter discards the ingress packets received from the supplicant.
Page 755: Dot1X Eap
802.1X C OMMANDS X EAP dot1x eap Overview This command selects the transmit mode for the EAP packet. If the authentication feature is not enabled then EAP transmit mode is not enabled. The default setting discards EAP packets. Syntax dot1x eap {discard|forward|forward-untagged-vlan|forward-vlan} Parameter Description Discard.
Page 756: Dot1X Eapol-Version
802.1X C OMMANDS X EAPOL VERSION dot1x eapol-version Overview This command sets the EAPOL protocol version for EAP packets when 802.1X port authentication is applied. Use the no variant of this command to set the EAPOL protocol version to 1. The default EAPOL protocol version is version 1.
Page 757: Dot1X Initialize Interface
802.1X C OMMANDS X INITIALIZE INTERFACE dot1x initialize interface Overview This command removes authorization for a connected interface with the specified<interface-list>. The connection will attempt to re-authorize when the specified port attempts to make use of the network connection. : Reauthentication could be a long time after the use of this command because NOTE the reauthorization attempt is not triggered by this command.
Page 758: Dot1X Initialize Supplicant
802.1X C OMMANDS X INITIALIZE SUPPLICANT dot1x initialize supplicant Overview This command removes authorization for a connected supplicant with the specified MAC address or username. The connection will attempt to re-authorize when the specified supplicant attempts to make use of the network connection. : Reauthentication could be a long time after the use of this command because NOTE the reauthorization attempt is not triggered by this command.
Page 759: Dot1X Keytransmit
802.1X C OMMANDS X KEYTRANSMIT dot1x keytransmit Overview This command enables key transmission on the interface specified previously in Interface mode. The no variant of this command disables key transmission on the interface specified. Syntax dot1x keytransmit no dot1x keytransmit Default Key transmission for port authentication is enabled by default.
Page 760: Dot1X Max-Auth-Fail
802.1X C OMMANDS X MAX AUTH FAIL dot1x max-auth-fail Overview Use this command to configure the maximum number of login attempts for a supplicant (client device) using the auth-fail vlan feature, when using 802.1X port authentication on an interface. The no variant of this command resets the maximum login attempts for a supplicant (client device) using the auth-fail vlan feature, to the default configuration of 3 login attempts.
Page 761 802.1X C OMMANDS X MAX AUTH FAIL Validation show running-config Commands Related auth auth-fail vlan Commands dot1x max-reauth-req show dot1x interface C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 762: Dot1X Max-Reauth-Req
802.1X C OMMANDS X MAX REAUTH dot1x max-reauth-req Overview This command sets the number of reauthentication attempts before an interface is unauthorized. The no variant of this command resets the reauthentication delay to the default. Syntax dot1x max-reauth-req <1-10> no dot1x max-reauth-req Parameter Description Specify the maximum number of reauthentication attempts for...
Page 763: Dot1X Port-Control
802.1X C OMMANDS X PORT CONTROL dot1x port-control Overview This command enables 802.1X port authentication on the interface specified, and sets the control of the authentication port. When port-control is set to auto, the 802.1X authentication feature is executed on the interface, but only if the aaa authentication dot1x command has been issued.
Page 764 802.1X C OMMANDS X PORT CONTROL To disable port authentication on the interface port1.0.2, use the commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# no dot1x port-control Validation show dot1x interface Commands Related aaa authentication dot1x Commands Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 765: Dot1X Timeout Tx-Period
802.1X C OMMANDS X TIMEOUT TX PERIOD dot1x timeout tx-period Overview This command sets the transmit timeout for the authentication request on the specified interface. The no variant of this command resets the transmit timeout period to the default (30 seconds). Syntax dot1x timeout tx-period <1-65535>...
Page 766: Show Debugging Dot1X
802.1X C OMMANDS SHOW DEBUGGING DOT show debugging dot1x Overview Use this command to display the 802.1X debugging option set. For information on filtering and saving command output, see “Controlling “show” Command Output” in the “Getting Started with AlliedWare Plus” Feature Overview and Configuration Guide.
Page 767: Show Dot1X
802.1X C OMMANDS SHOW DOT show dot1x Overview This command shows authentication information for dot1x (802.1X) port authentication. If you specify the optional all parameter then this command also displays all authentication information for each port available on the switch. For information on filtering and saving command output, see “Controlling “show”...
Page 768 802.1X C OMMANDS SHOW DOT Table 24-1: Example output from the show dot1x command awplus# show dot1x all 802.1X Port-Based Authentication Enabled RADIUS server address: 150.87.18.89:1812 Next radius message id: 5 RADIUS client address: not configured Authentication info for interface port1.0.6 portEnabled: true - portControl: Auto portStatus: Authorized reAuthenticate: disabled...
Page 769: C613-50054-01 Rev A Command Reference For X210 Series Edge Switches
802.1X C OMMANDS SHOW DOT Table 24-1: Example output from the show dot1x command (cont.) supplicantMac: none Supplicant name: manager Supplicant address: 00d0.59ab.7037 authenticationMethod: 802.1X Authentication portStatus: Authorized - currentId: 1 abort:F fail:F start:F timeout:F success:T PAE: state: Authenticated - portMode: Auto PAE: reAuthCount: 0 - rxRespId: 0 PAE: quietPeriod: 60 - maxReauthReq: 2 - txPeriod: 30 BE: state: Idle - reqCount: 0 - idFromServer: 0...
Page 770: Show Dot1X Diagnostics
802.1X C OMMANDS SHOW DOT X DIAGNOSTICS show dot1x diagnostics Overview This command shows 802.1X authentication diagnostics for the specified interface (optional), which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. If no interface is specified then authentication diagnostics are shown for all interfaces.
Page 771 802.1X C OMMANDS SHOW DOT X DIAGNOSTICS Output Figure 24-1: Example output from the show dot1x diagnostics command Authentication Diagnostics for interface port1.0.5 Supplicant address: 00d0.59ab.7037 authEnterConnecting: 2 authEaplogoffWhileConnecting: 1 authEnterAuthenticating: 2 authSuccessWhileAuthenticating: 1 authTimeoutWhileAuthenticating: 1 authFailWhileAuthenticating: 0 authEapstartWhileAuthenticating: 0 authEaplogoggWhileAuthenticating: 0 authReauthsWhileAuthenticated: 0 authEapstartWhileAuthenticated: 0...
Page 772: Show Dot1X Interface
802.1X C OMMANDS SHOW DOT X INTERFACE show dot1x interface Overview This command shows the status of 802.1X port-based authentication on the specified interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. Use the optional diagnostics parameter to show authentication diagnostics for the specified interfaces.
Page 773 802.1X C OMMANDS SHOW DOT X INTERFACE Table 24-2: Example output from the show dot1x interface command for a port awplus#show dot1x interface port1.0.6Authentication info for interface port1.0.6 portEnabled: true - portControl: Auto portStatus: Authorized reAuthenticate: disabled reAuthPeriod: 3600 PAE: quietPeriod: 60 - maxReauthReq: 2 - txPeriod: 30 PAE: connectTimeout: 30 BE: suppTimeout: 30 - serverTimeout: 30 CD: adminControlledDirections: in...
Page 774 802.1X C OMMANDS SHOW DOT X INTERFACE awplus#show dot1x interface port1.0.6 diagnostics Authentication Diagnostics for interface port1.0.6 Supplicant address: 00d0.59ab.7037 authEnterConnecting: 2 authEaplogoffWhileConnecting: 1 authEnterAuthenticating: 2 authSuccessWhileAuthenticating: 1 authTimeoutWhileAuthenticating: 1 authFailWhileAuthenticating: 0 authEapstartWhileAuthenticating: 0 authEaplogoggWhileAuthenticating: 0 authReauthsWhileAuthenticated: 0 authEapstartWhileAuthenticated: 0 authEaplogoffWhileAuthenticated: 0 BackendResponses: 2 BackendAccessChallenges: 1...
Page 775 802.1X C OMMANDS SHOW DOT X INTERFACE awplus#show dot1x statistics interface port1.0.6802.1X statistics for interface port1.0.6 EAPOL Frames Rx: 5 - EAPOL Frames Tx: 16 EAPOL Start Frames Rx: 0 - EAPOL Logoff Frames Rx: 0 EAP Rsp/Id Frames Rx: 3 - EAP Response Frames Rx: 2 EAP Req/Id Frames Tx: 8 - EAP Request Frames Tx: 2 Invalid EAPOL Frames Rx: 0 - EAP Length Error Frames Rx: 0 EAPOL Last Frame Version Rx: 1 - EAPOL Last Frame...
Page 776 802.1X C OMMANDS SHOW DOT X INTERFACE Table 24-3: Parameters in the output of show dot1x interface (cont.) Parameter Description Server timeout. serverTimeout Maximum requests to be sent. maxReq Controlled Directions State machine. Administrative value (Both/In). adminControlledDi r ections Operational Value (Both/In). operControlledDir e ctions Key receive state machine.
Page 777: Show Dot1X Sessionstatistics
802.1X C OMMANDS SHOW DOT X SESSIONSTATISTICS show dot1x sessionstatistics Overview This command shows authentication session statistics for the specified interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. For information on filtering and saving command output, see “Controlling “show”...
Page 778: Show Dot1X Statistics Interface
802.1X C OMMANDS SHOW DOT X STATISTICS INTERFACE show dot1x statistics interface Overview This command shows the authentication statistics for the specified interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. For information on filtering and saving command output, see “Controlling “show”...
Page 779: Show Dot1X Supplicant
802.1X C OMMANDS SHOW DOT X SUPPLICANT show dot1x supplicant Overview This command shows the supplicant state of the authentication mode set for the switch. This command shows a summary when the optional brief parameter is used. For information on filtering and saving command output, see “Controlling “show” Command Output”...
Page 780 802.1X C OMMANDS SHOW DOT X SUPPLICANT See sample output below showing the supplicant on the switch using the brief parameter: awplus# show dot1x supplicant 00d0.59ab.7037 brief Interface port1.0.6 authenticationMethod: dot1x totalSupplicantNum: 1 authorizedSupplicantNum: 1 macBasedAuthenticationSupplicantNum: 0 dot1xAuthenticationSupplicantNum: 1 webBasedAuthenticationSupplicantNum: 0 Interface VID Mode MAC Address Status...
Page 781: Show Dot1X Supplicant Interface
802.1X C OMMANDS SHOW DOT X SUPPLICANT INTERFACE show dot1x supplicant interface Overview This command shows the supplicant state of the authentication mode set for the interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port.
Page 782 802.1X C OMMANDS SHOW DOT X SUPPLICANT INTERFACE Interface port1.0.6 authenticationMethod: dot1x totalSupplicantNum: 1 authorizedSupplicantNum: 1 macBasedAuthenticationSupplicantNum: 0 dot1xAuthenticationSupplicantNum: 1 webBasedAuthenticationSupplicantNum: 0 otherAuthenticationSupplicantNum: 0 Supplicant name: VCSPCVLAN10 Supplicant address: 0000.cd07.7b60 authenticationMethod: 802.1X Two-Step Authentication: firstAuthentication: Pass - Method: mac secondAuthentication: Pass - Method: dot1x portStatus: Authorized - currentId: 3 abort:F fail:F start:F timeout:F success:T PAE: state: Authenticated - portMode: Auto...
Page 783 802.1X C OMMANDS SHOW DOT X SUPPLICANT INTERFACE awplus#show dot1x interface sa1 supplicant brief Interface sa1 authenticationMethod: dot1x Two-Step Authentication: firstMethod: mac secondMethod: dot1x totalSupplicantNum: 1 authorizedSupplicantNum: 1 macBasedAuthenticationSupplicantNum: 0 dot1xAuthenticationSupplicantNum: 1 webBasedAuthenticationSupplicantNum: 0 otherAuthenticationSupplicantNum: 0 Interface Mode MAC Address Status IP Address Username...
Page 784: Undebug Dot1X
802.1X C OMMANDS UNDEBUG DOT undebug dot1x Overview This command applies the functionality of the no variant of the debug dot1x command. Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 785: Chapter 25: Authentication Commands
Authentication Commands Introduction Overview This chapter provides an alphabetical reference for authentication commands. Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 786 UTHENTICATION OMMANDS Command List • “auth auth-fail vlan” on page 789 • “auth critical” on page 791 • “auth dynamic-vlan-creation” on page 792 • “auth guest-vlan” on page 795 • “auth host-mode” on page 797 • “auth log” on page 799 •...
Page 787 UTHENTICATION OMMANDS • “auth-web-server mode (deleted)” on page 837 • “auth-web-server page logo” on page 838 • “auth-web-server page sub-title” on page 839 • “auth-web-server page success-message” on page 840 • “auth-web-server page title” on page 841 • “auth-web-server page welcome-message”...
Page 788 UTHENTICATION OMMANDS • “show auth-web supplicant” on page 879 • “show auth-web supplicant interface” on page 880 • “show auth-web-server” on page 881 • “show auth-web-server page” on page 882 • “show proxy-autoconfig-file” on page 883 Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 789: Auth Auth-Fail Vlan
UTHENTICATION OMMANDS AUTH AUTH FAIL VLAN auth auth-fail vlan Overview Use this command to enable the auth-fail vlan feature on the specified vlan interface. This feature assigns supplicants (client devices) to the specified VLAN if they fail port authentication. Use the no variant of this command to disable the auth-fail vlan feature for a specified VLAN interface.
Page 790 UTHENTICATION OMMANDS AUTH AUTH FAIL VLAN as a supplicant on the Guest VLAN. For more information about ACL concepts, and configuring ACLs see the ACL Feature Overview and Configuration Guide. For more information about ACL commands see: Examples To enable auth-fail vlan for port1.0.2and assign VLAN 100, use the following commands: awplus# configure terminal...
Page 791: Auth Critical
UTHENTICATION OMMANDS AUTH CRITICAL auth critical Overview This command enables the critical port feature on the interface. When the critical port feature is enabled on an interface, and all the RADIUS servers are unavailable, then the interface becomes authorized. The no variant of this command disables critical port feature on the interface. Syntax auth critical no auth critical...
Page 792: Auth Dynamic-Vlan-Creation
UTHENTICATION OMMANDS AUTH DYNAMIC VLAN CREATION auth dynamic-vlan-creation Overview This command enables and disables the Dynamic VLAN assignment feature. The Dynamic VLAN assignment feature allows a supplicant (client device) to be placed into a specific VLAN based on information returned from the RADIUS server during authentication, on a given interface.
Page 793 UTHENTICATION OMMANDS AUTH DYNAMIC VLAN CREATION If you issue an auth dynamic-vlan-creation command without an optional rule parameter and a required deny or permit keyword value then a second supplicant with a different VLAN ID is rejected. It is not assigned to the first supplicant’s VLAN. Issuing an a uth dynamic-vlan-creation command without an optional rule parameter has the same effect as issuing an auth dynamic-vlan-creation rule deny command rejecting supplicants with differing VIDs.
Page 794 UTHENTICATION OMMANDS AUTH DYNAMIC VLAN CREATION To disable the Dynamic VLAN assignment feature on interface port1.0.2, use the commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# no auth dynamic-vlan-creation Validation show dot1x Commands show dot1x interface show running-config Related auth host-mode Commands Command Reference for x210 Series Edge Switches C613-50054-01 REV A...
Page 795: Auth Guest-Vlan
UTHENTICATION OMMANDS AUTH GUEST VLAN auth guest-vlan Overview This command enables and configures the Guest VLAN feature on the interface specified by associating a Guest VLAN with an interface. This command does not start authentication. The supplicant's (client device’s) traffic is associated with the native VLAN of the interface if its not already associated with another VLAN.
Page 796 UTHENTICATION OMMANDS AUTH GUEST VLAN The Guest VLAN routing mode in this release overcomes these issues. With the Guest VLAN routing mode, the switch can lease DHCP addresses and accept access to a limited network. Note that Guest VLAN can use only untagged ports and tagged ports cannot be used for Guest VLAN.
Page 797: Auth Host-Mode
UTHENTICATION OMMANDS AUTH HOST MODE auth host-mode Overview This command selects host mode on the interface. Multi-host is an extension to IEEE802.1X. Use the no variant of this command to set host mode to the default setting (single host). Syntax auth host-mode {single-host|multi-host|multi-supplicant} no auth host-mode Parameter...
Page 798 UTHENTICATION OMMANDS AUTH HOST MODE Examples To set the host mode to multi-supplicant on interface port1.0.2, use the following commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# auth host-mode multi-supplicant To set the host mode to default (single host) on interface port1.0.2, use the following commands: awplus# configure terminal...
Page 799: Auth Log
UTHENTICATION OMMANDS AUTH LOG auth log Overview Use this command to configure the types of authentication feature log messages that are output to the log file. Use the no variant of this command to remove either specified types or all types of authentication feature log messages that are output to the log file.
Page 800 UTHENTICATION OMMANDS AUTH LOG To configure the logging of all types of authentication log messages to the log file for supplicants (client devices) connected to interface port1.0.2, use the following commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# no auth log all Validation show running-config Commands...
Page 801: Auth Max-Supplicant
UTHENTICATION OMMANDS AUTH MAX SUPPLICANT auth max-supplicant Overview This command sets the maximum number of supplicants (client devices) on the interface that can be authenticated. After this value is exceeded supplicants are not authenticated. The no variant of this command resets the maximum supplicant number to the default (1024).
Page 802: Auth Reauthentication
UTHENTICATION OMMANDS AUTH REAUTHENTICATION auth reauthentication Overview This command enables re-authentication on the interface specified in the Interface mode, which may be a static channel group (or static aggregator) or a dynamic (or LACP) channel group or a switch port. Use the no variant of this command to disables reauthentication on the interface.
Page 803: Auth Roaming Disconnected
UTHENTICATION OMMANDS AUTH ROAMING DISCONNECTED auth roaming disconnected Overview This command enables the Roaming Authentication feature on an authenticated interface that is link down. A supplicant (a client device) is not reauthenticated when moved between authenticated interfaces, providing both interfaces have the Roaming Authentication feature enabled before the supplicant is moved.
Page 804 UTHENTICATION OMMANDS AUTH ROAMING DISCONNECTED Examples To enable Roaming Authentication disconnected feature for port1.0.2, after enabling 802.1X-Authentication and enabling Roaming Authentication enable, use the commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# dot1x port-control auto awplus(config-if)# auth roaming enable awplus(config-if)# auth roaming disconnected To disable Roaming Authentication disconnected feature for port1.0.2, use the commands:...
Page 805: Auth Roaming Enable
UTHENTICATION OMMANDS AUTH ROAMING ENABLE auth roaming enable Overview This command enables the Roaming Authentication feature on an authenticated interface that is link up. A supplicant (a client device) is not reauthenticated when moved between authenticated interfaces, providing both interfaces have the Roaming Authentication feature enabled before the supplicant is moved.
Page 806 UTHENTICATION OMMANDS AUTH ROAMING ENABLE Examples To enable the Roaming Authentication enable feature for interface port1.0.4, after enabling 802.1X-Authentication, since an authentication method is required, use the following commands: awplus# configure terminal awplus(config)# interface port1.0.4 awplus(config-if)# dot1x port-control auto awplus(config-if)# auth roaming enable To disable Roaming Authentication enable for port1.0.4, use the following commands:...
Page 807: Auth Supplicant-Mac
UTHENTICATION OMMANDS AUTH SUPPLICANT auth supplicant-mac Overview This command adds a supplicant (client device) MAC address on a given interface with the parameters as specified in the table below. Use the no variant of this command to delete the supplicant MAC address added by the auth supplicant-mac command, and resets to the default for the supplicant parameter.
Page 808 UTHENTICATION OMMANDS AUTH SUPPLICANT Default No supplicant MAC address for port authentication exists by default until first created with the auth supplicant-mac command. The defaults for parameters applied are as shown in the table. Mode Interface Configuration for a static channel, a dynamic (LACP) channel group, or a switch port.
Page 809: Auth Timeout Connect-Timeout
UTHENTICATION OMMANDS AUTH TIMEOUT CONNECT TIMEOUT auth timeout connect-timeout Overview This command sets the connect-timeout period for the interface. Use the no variant of this command to reset the connect-timeout period to the default (30 seconds). Syntax auth timeout connect-timeout <1-65535> no auth timeout connect-timeout Parameter Description...
Page 810: Auth Timeout Quiet-Period
UTHENTICATION OMMANDS AUTH TIMEOUT QUIET PERIOD auth timeout quiet-period Overview This command sets the time period for which the authentication request is not accepted on a given interface, after the authentication request has failed an authentication. Use the no variant of this command to reset quiet period to the default (60 seconds).
Page 811: Auth Timeout Reauth-Period
UTHENTICATION OMMANDS AUTH TIMEOUT REAUTH PERIOD auth timeout reauth-period Overview This command sets the timer for reauthentication on a given interface. The re-authentication for the supplicant (client device) is executed at this timeout. The timeout is only applied if the auth reauthentication command is applied. Use the no variant of this command to reset the reauth-period parameter to the default (3600 seconds).
Page 812: Auth Timeout Server-Timeout
UTHENTICATION OMMANDS AUTH TIMEOUT SERVER TIMEOUT auth timeout server-timeout Overview This command sets the timeout for the waiting response from the RADIUS server on a given interface. The no variant of this command resets the server-timeout to the default (30 seconds).
Page 813: Auth Timeout Supp-Timeout
UTHENTICATION OMMANDS AUTH TIMEOUT SUPP TIMEOUT auth timeout supp-timeout Overview This command sets the timeout of the waiting response from the supplicant (client device) on a given interface. The no variant of this command resets the supplicant timeout to the default (30 seconds).
Page 814: Auth Two-Step Enable
UTHENTICATION OMMANDS AUTH TWO STEP ENABLE auth two-step enable Overview This command enables a two-step authentication feature on an interface. When this feature is enabled, the supplicant is authorized in a two-step process. If authentication succeeds, the supplicant becomes authenticated. This command will apply the two-step authentication method based on 802.1X-, MAC- or Web-Authentication.
Page 815 UTHENTICATION OMMANDS AUTH TWO STEP ENABLE To enable MAC-Authentication followed by 802.1X-Authentication, use the following commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# switchport mode access awplus(config-if)# auth-mac enable awplus(config-if)# dot1x port-control auto awplus(config-if)# auth dynamic-vlan-creation awplus(config-if)# auth two-step enable To enable MAC-Authentication followed by Web-Authentication, use the following commands: awplus#...
Page 816 UTHENTICATION OMMANDS AUTH TWO STEP ENABLE Related show auth two-step supplicant brief Commands show auth-mac show auth-mac interface show auth-mac supplicant show auth-web show auth-web interface show auth-web supplicant show dot1x show dot1x interface show dot1x supplicant Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 817: Auth-Mac Enable
UTHENTICATION OMMANDS AUTH MAC ENABLE auth-mac enable Overview This command enables MAC-based authentication on the interface specified in the Interface command mode. Use the no variant of this command to disable MAC-based authentication on an interface. Syntax auth-mac enable no auth-mac enable Default MAC-Authentication is disabled by default.
Page 818 UTHENTICATION OMMANDS AUTH MAC ENABLE Related aaa accounting auth-mac default Commands aaa authentication auth-mac spanning-tree edgeport (RSTP and MSTP) switchport mode access Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 819: Auth-Mac Method
UTHENTICATION OMMANDS AUTH MAC METHOD auth-mac method Overview This command sets the type of authentication method for MAC-Authentication that is used with RADIUS on the interface specified in the Interface command mode. The no variant of this command resets the authentication method used to the default method (PAP) as the RADIUS authentication method used by the MAC-Authentication.
Page 820: Auth-Mac Password
UTHENTICATION OMMANDS AUTH MAC PASSWORD auth-mac password Overview This command changes the password for MAC-based authentication. Use the no variant of this command to return the password to its default. Syntax auth-mac [encrypted] password <password> no auth-mac password Parameter Description MAC-based authentication auth-mac Specify an encrypted password...
Page 821: Auth-Mac Reauth-Relearning
UTHENTICATION OMMANDS AUTH MAC REAUTH RELEARNING auth-mac reauth-relearning Overview This command sets the MAC address learning of the supplicant (client device) to re-learning for re-authentication on the interface specified in the Interface command mode. Use the no variant of this command to disable the auth-mac re-learning option. Syntax auth-mac reauth-relearning no auth-mac reauth-relearning...
Page 822: Auth-Web Enable
UTHENTICATION OMMANDS AUTH WEB ENABLE auth-web enable Overview This command enables Web-based authentication in Interface mode on the interface specified. Use the no variant of this command to disable Web-based authentication on an interface. Syntax auth-web enable no auth-web enable Default Web-Authentication is disabled by default.
Page 823: Auth-Web Forward
UTHENTICATION OMMANDS AUTH WEB FORWARD auth-web forward Overview This command enables the Web-Authentication packet forwarding feature on the interface specified. This command also enables ARP forwarding, and adds forwarded packets to the tcp or udp port number specified. The no variant of this command disables or deletes the packet forwarding feature on the interface.
Page 824 UTHENTICATION OMMANDS AUTH WEB FORWARD To add the TCP forwarding port 137 on interface port1.0.2, use the following commands: awplus# configure terminal awplus(config)# interface port1.0.2 awplus(config-if)# auth-web forward tcp 137 To add the DNS Server IP address 192.168.1.10 on interface port1.0.2, use the following commands: awplus# configure terminal...
Page 825: Auth-Web Max-Auth-Fail
UTHENTICATION OMMANDS AUTH WEB MAX AUTH FAIL auth-web max-auth-fail Overview This command sets the number of authentication failures allowed before rejecting further authentication requests. When the supplicant (client device) fails more than has been set to the maximum number of authentication failures then login requests are refused during the quiet period.
Page 826: Auth-Web Method
UTHENTICATION OMMANDS AUTH WEB METHOD auth-web method Overview This command sets the authentication method of Web-Authentication that is used with RADIUS on the interface specified. The no variant of this command sets the authentication method to PAP for the interface specified when Web-Authentication is also used with the RADIUS authentication method.
Page 827: Auth-Web-Server Blocking-Mode
UTHENTICATION OMMANDS AUTH SERVER BLOCKING MODE auth-web-server blocking-mode Overview Use this command to enable blocking mode for the Web-Authentication server. The blocking mode displays an authentication success or failure screen immediately from the response result from a RADIUS server. Use the no variant of this command to disable blocking mode for the Web-Authentication server.
Page 828: Auth-Web-Server Dhcp Ipaddress
UTHENTICATION OMMANDS AUTH SERVER DHCP IPADDRESS auth-web-server dhcp ipaddress Overview Use this command to assign an IP address and enable the DHCP service on the Web-Authentication server for supplicants (client devices). Use the no variant of this command to remove an IP address and disable the DHCP service on the Web-Authentication server for supplicants.
Page 829: Auth-Web-Server Dhcp Lease
UTHENTICATION OMMANDS AUTH SERVER DHCP LEASE auth-web-server dhcp lease Overview Use this command to set the DHCP lease time for supplicants (client devices) using the DHCP service on the Web-Authentication server. Use the no variant of this command to reset to the default DHCP lease time for supplicants using the DHCP service on the Web-Authentication server.
Page 830: Auth-Web-Server Dhcp-Wpad-Option
UTHENTICATION OMMANDS AUTH SERVER DHCP WPAD OPTION auth-web-server dhcp-wpad-option Overview This command sets the DHCP WPAD (Web Proxy Auto-Discovery) option for the Web-Authentication temporary DHCP service. For more information and examples, see the “Web Auth Proxy” section in the Alliedware Plus Technical Tips and Tricks. Use the no variant of this command to disable the DHCP WPAD function.
Page 831: Auth-Web-Server Gateway (Deleted)
UTHENTICATION OMMANDS AUTH SERVER GATEWAY DELETED auth-web-server gateway (deleted) Overview This command has been deleted. C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 832: Auth-Web-Server Host-Name
UTHENTICATION OMMANDS AUTH SERVER HOST NAME auth-web-server host-name Overview This command assigns a hostname to the web authentication server. Use the no variant of this command to remove the hostname from the web authentication server. Syntax auth-web-server host-name <hostname> no auth-web-server host-name Parameter Description URL string of the hostname...
Page 833: Auth-Web-Server Http-Redirect (Deleted)
UTHENTICATION OMMANDS AUTH SERVER HTTP REDIRECT DELETED auth-web-server http-redirect (deleted) Overview This command has been deleted. C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 834: Auth-Web-Server Intercept-Port
UTHENTICATION OMMANDS AUTH SERVER INTERCEPT PORT auth-web-server intercept-port Overview This command specifies any additional TCP port numbers that the Web-Authentication server is to intercept. Use the no variant of this command to stop intercepting the TCP port numbers. Syntax auth-web-server intercept-port <1-65535> no auth-web-server intercept-port <1-65535>...
Page 835: Auth-Web-Server Ipaddress
UTHENTICATION OMMANDS AUTH SERVER IPADDRESS auth-web-server ipaddress Overview This command sets the IP address for the Web-Authentication server. Use the no variant of this command to delete the IP address for the Web-Authentication server. Syntax auth-web-server ipaddress <ip-address> no auth-web-server ipaddress Parameter Description Web-Authentication server dotted decimal IP address in...
Page 836: Auth-Web-Server Login-Url
UTHENTICATION OMMANDS AUTH SERVER LOGIN auth-web-server login-url Overview This command sets the web-authentication login page URL. Use the no variant of this command to delete the set URL. Syntax auth-web-server login-url <URL> no auth-web-server login-url Parameter Description Set login page URL <URL>...
Page 837: Auth-Web-Server Mode (Deleted)
UTHENTICATION OMMANDS AUTH SERVER MODE DELETED auth-web-server mode (deleted) Overview This command has been deleted. C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 838: Auth-Web-Server Page Logo
UTHENTICATION OMMANDS AUTH SERVER PAGE LOGO auth-web-server page logo Overview This command sets the type of logo that will be displayed on the web authentication page. Use the no variant of this command to set the logo type to auto. Syntax auth-web-server page logo {auto|default|hidden} no auth-web-server page logo...
Page 839: Auth-Web-Server Page Sub-Title
UTHENTICATION OMMANDS AUTH SERVER PAGE SUB TITLE auth-web-server page sub-title Overview This command sets the custom sub-title on the web authentication page. Use the no variant of this command to reset the sub-title to its default. Syntax auth-web-server page sub-title {hidden|text <sub-title>} no auth-web-server page sub-title Parameter Description...
Page 840: Auth-Web-Server Page Success-Message
UTHENTICATION OMMANDS AUTH SERVER PAGE SUCCESS MESSAGE auth-web-server page success-message Overview This command sets the success message on the web-authentication page. Use the no variant of this command to remove the success message. Syntax auth-web-server page success-message text <success-message> no auth-web-server page success-message Parameter Description Text string of the success message...
Page 841: Auth-Web-Server Page Title
UTHENTICATION OMMANDS AUTH SERVER PAGE TITLE auth-web-server page title Overview This command sets the custom title on the web authentication page. Use the no variant of this command to remove the custom title. Syntax auth-web-server page title {hidden|text <title>} no auth-web-server page title Parameter Description Hide the title...
Page 842: Auth-Web-Server Page Welcome-Message
UTHENTICATION OMMANDS AUTH SERVER PAGE WELCOME MESSAGE auth-web-server page welcome-message Overview This command sets the welcome message on the web-authentication page. Use the no variant of this command to remove the welcome message. Syntax auth-web-server page welcome-message text <welcome-message> no auth-web-server page welcome-message Parameter Description Text string of the welcome message...
Page 843: Auth-Web-Server Ping-Poll Enable
UTHENTICATION OMMANDS AUTH SERVER PING POLL ENABLE auth-web-server ping-poll enable Overview This command enables the ping polling to the supplicant (client device) that is authenticated by Web-Authentication. The no variant of this command disables the ping polling to the supplicant that is authenticated by Web-Authentication.
Page 844: Auth-Web-Server Ping-Poll Failcount
UTHENTICATION OMMANDS AUTH SERVER PING POLL FAILCOUNT auth-web-server ping-poll failcount Overview This command sets a fail count for the ping polling feature when used with Web-Authentication. The failcount parameter specifies the number of unanswered pings. A supplicant (client device) is logged off when the number of unanswered pings are greater than the failcount set with this command.
Page 845: Auth-Web-Server Ping-Poll Interval
UTHENTICATION OMMANDS AUTH SERVER PING POLL INTERVAL auth-web-server ping-poll interval Overview This command is used to change the ping poll interval. The interval specifies the time period between pings when the supplicant (client device) is reachable. Use the no variant of this command to reset to the default period for ping polling (30 seconds).
Page 846: Auth-Web-Server Ping-Poll Reauth-Timer-Refresh
UTHENTICATION OMMANDS AUTH SERVER PING POLL REAUTH TIMER REFRESH auth-web-server ping-poll reauth-timer-refresh Overview This command modifies the reauth-timer-refresh parameter for the Web-Authentication feature. The reauth-timer-refresh parameter specifies whether a re-authentication timer is reset and when the response from a supplicant (a client device) is received. Use the no variant of this command to reset the reauth-timer-refresh parameter to the default setting (disabled).
Page 847: Auth-Web-Server Ping-Poll Timeout
UTHENTICATION OMMANDS AUTH SERVER PING POLL TIMEOUT auth-web-server ping-poll timeout Overview This command modifies the ping poll timeout parameter for the Web-Authentication feature. The timeout parameter specifies the time in seconds to wait for a response to a ping packet. Use the no variant of this command to reset the timeout of ping polling to the default (1 second).
Page 848: Auth-Web-Server Port
UTHENTICATION OMMANDS AUTH SERVER PORT auth-web-server port Overview This command sets the HTTP port number for the Web-Authentication server. Use the no variant of this command to reset the HTTP port number to the default (80). Syntax auth-web-server port <port-number> no auth-web-server port Parameter Description...
Page 849: Auth-Web-Server Redirect-Delay-Time
UTHENTICATION OMMANDS AUTH SERVER REDIRECT DELAY TIME auth-web-server redirect-delay-time Overview Use this command to set the delay time in seconds before redirecting the supplicant to a specified URL when the supplicant is authorized. Use the variant no to reset the delay time set previously. Syntax auth-web-server redirect-delay-time <5-60>...
Page 850: Auth-Web-Server Redirect-Url
UTHENTICATION OMMANDS AUTH SERVER REDIRECT auth-web-server redirect-url Overview This command sets a URL for supplicant (client device) authentication. When a supplicant is authorized it will be automatically redirected to the specified URL. Note that if the http redirect feature is used then this command is ignored. Use the no variant of this command to delete the URL string set previously.
Page 851: Auth-Web-Server Session-Keep
UTHENTICATION OMMANDS AUTH SERVER SESSION KEEP auth-web-server session-keep Overview This command enables the session-keep feature to jump to the original URL after being authorized by Web-Authentication. Use the no variant of this command to disable the session keep feature. Syntax auth-web-server session-keep no auth-web-server session-keep Default...
Page 852: Auth-Web-Server Ssl
UTHENTICATION OMMANDS AUTH SERVER SSL auth-web-server ssl Overview This command enables HTTPS functionality for the Web-Authentication server feature. Use the no variant of this command to disable HTTPS functionality for the Web-Authentication server. Syntax auth-web-server ssl no auth-web-server ssl Default HTTPS functionality for the Web-Authentication server feature is disabled by default.
Page 853: Auth-Web-Server Sslport (Deleted)
UTHENTICATION OMMANDS AUTH SERVER SSLPORT DELETED auth-web-server sslport (deleted) Overview This command has been deleted. C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 854: Auth-Web-Server Ssl Intercept-Port
UTHENTICATION OMMANDS AUTH SERVER SSL INTERCEPT PORT auth-web-server ssl intercept-port Overview Use this command to register HTTPS intercept port numbers when the HTTPS server uses custom port number (not TCP port number 443). Note that you need to use the auth-web-server intercept-port command to register HTTP intercept port numbers.
Page 855: Copy Proxy-Autoconfig-File
UTHENTICATION OMMANDS COPY PROXY AUTOCONFIG FILE copy proxy-autoconfig-file Overview Use this command to download the proxy auto configuration (PAC) file to your switch. The Web-Authentication supplicant can get the downloaded file from the system web server. Syntax copy <filename> proxy-autoconfig-file Parameter Description The URL of the PAC file.
Page 856: Copy Web-Auth-Https-File
UTHENTICATION OMMANDS COPY WEB AUTH HTTPS FILE copy web-auth-https-file Overview Use this command to download the SSL server certificate for web-based authentication. The file must be in PEM (Privacy Enhanced Mail) format, and contain the private key and the server certificate. Syntax copy <filename>...
Page 857: Erase Proxy-Autoconfig-File
UTHENTICATION OMMANDS ERASE PROXY AUTOCONFIG FILE erase proxy-autoconfig-file Overview Use this command to remove the proxy auto configuration file. Syntax erase proxy-autoconfig-file Mode Privileged Exec Example To remove the proxy auto configuration file, use the command: awplus# erase proxy-autoconfig-file Related show proxy-autoconfig-file Commands copy proxy-autoconfig-file...
Page 858: Erase Web-Auth-Https-File
UTHENTICATION OMMANDS ERASE WEB AUTH HTTPS FILE erase web-auth-https-file Overview Use this command to remove the SSL server certificate for web-based authentication. Syntax erase web-auth-https-file Mode Privileged Exec Example To remove the SSL server certificate file for web-based authentication use the command: awplus# erase web-auth-https-file...
Page 859: Show Auth Two-Step Supplicant Brief
UTHENTICATION OMMANDS SHOW AUTH TWO STEP SUPPLICANT BRIEF show auth two-step supplicant brief Overview This command displays the supplicant state of the two-step authentication feature on the interface. Syntax show auth two-step supplicant [interface <ifrange>] brief Parameter Description The interface selected for display. interface The interface types which can be specified as <ifrange>...
Page 860: Show Auth-Mac
UTHENTICATION OMMANDS SHOW AUTH show auth-mac Overview This command shows authentication information for MAC-based authentication. Syntax show auth-mac [all] Parameter Description Display all authentication information for each interface available on the switch. Mode Privileged Exec Example To display all MAC-based authentication information, enter the command: awplus# show auth-mac all Output...
Page 861: Show Auth-Mac Diagnostics
UTHENTICATION OMMANDS SHOW AUTH MAC DIAGNOSTICS show auth-mac diagnostics Overview This command shows MAC-Authentication diagnostics, optionally for the specified interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. If no interface is specified then authentication diagnostics are shown for all interfaces.
Page 862: Show Auth-Mac Interface
UTHENTICATION OMMANDS SHOW AUTH MAC INTERFACE show auth-mac interface Overview This command shows the status for MAC-based authentication on the specified interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. Use the optional diagnostics parameter to show authentication diagnostics for the specified interface.
Page 863 UTHENTICATION OMMANDS SHOW AUTH MAC INTERFACE Authentication Diagnostics for interface port1.0.2 Supplicant address: 00d0.59ab.7037 authEnterConnecting: 2 authEaplogoffWhileConnecting: 1 authEnterAuthenticating: 2 authSuccessWhileAuthenticating: 1 authTimeoutWhileAuthenticating: 1 authFailWhileAuthenticating: 0 authEapstartWhileAuthenticating: 0 authEaplogoggWhileAuthenticating: 0 authReauthsWhileAuthenticated: 0 authEapstartWhileAuthenticated: 0 authEaplogoffWhileAuthenticated: 0 BackendResponses: 2 BackendAccessChallenges: 1 BackendOtherrequestToSupplicant: 3 BackendAuthSuccess: 1 To display authentication session statistics for port1.0.6, enter the command:...
Page 864: Show Auth-Mac Sessionstatistics
UTHENTICATION OMMANDS SHOW AUTH MAC SESSIONSTATISTICS show auth-mac sessionstatistics Overview This command shows authentication session statistics for the specified interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. Syntax show auth-mac sessionstatistics [interface <interface-list>] Parameter...
Page 865: Show Auth-Mac Statistics Interface
UTHENTICATION OMMANDS SHOW AUTH MAC STATISTICS INTERFACE show auth-mac statistics interface Overview This command shows the authentication statistics for the specified interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. Syntax show auth-mac statistics [interface <interface-list>] Parameter...
Page 866: Show Auth-Mac Supplicant
UTHENTICATION OMMANDS SHOW AUTH MAC SUPPLICANT show auth-mac supplicant Overview This command shows the supplicant (client device) state when MAC-Authentication is configured for the switch. This command shows a summary when the optional brief parameter is used. Syntax show auth-mac supplicant [<macadd>] [brief] Parameter Description Mac (hardware) address of the Supplicant.
Page 867: Show Auth-Mac Supplicant Interface
UTHENTICATION OMMANDS SHOW AUTH MAC SUPPLICANT INTERFACE show auth-mac supplicant interface Overview This command shows the supplicant (client device) state for the MAC authenticated interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. This command shows a summary when the optional brief parameter is used.
Page 868: Show Auth-Web
UTHENTICATION OMMANDS SHOW AUTH show auth-web Overview This command shows authentication information for Web-based authentication. Syntax show auth-web [all] Parameter Description Display all authentication information for each authenticated interface. This can be a static channel (or static aggregator), or a dynamic (or LACP) channel group, or a switch port.
Page 869 UTHENTICATION OMMANDS SHOW AUTH Output Figure 25-5: Example output from the show auth-web command C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 870 UTHENTICATION OMMANDS SHOW AUTH awplus# show auth-web all 802.1X Port-Based Authentication Enabled MAC-based Port Authentication Disabled WEB-based Port Authentication Enabled RADIUS server address (auth): 150.87.17.192:1812 Last radius message id: 4 Authentication Info for interface port1.0.1 portEnabled: true - portControl: Auto portStatus: Authorized reAuthenticate: disabled reAuthPeriod: 3600...
Page 871 UTHENTICATION OMMANDS SHOW AUTH CD: adminControlledDirections: in - operControlledDirections: in CD: bridgeDetected: false KR: rxKey: false KT: keyAvailable: false - keyTxEnabled: false Related show dot1x Commands show auth-mac C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 872: Show Auth-Web Diagnostics
UTHENTICATION OMMANDS SHOW AUTH WEB DIAGNOSTICS show auth-web diagnostics Overview This command shows Web-Authentication diagnostics, optionally for the specified interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. If no interface is specified then authentication diagnostics are shown for all interfaces.
Page 873 UTHENTICATION OMMANDS SHOW AUTH WEB DIAGNOSTICS Related show dot1x interface Commands C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 874: Show Auth-Web Interface
UTHENTICATION OMMANDS SHOW AUTH WEB INTERFACE show auth-web interface Overview This command shows the status for Web based authentication on the specified interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. Use the optional diagnostics parameter to show authentication diagnostics for the specified interface.
Page 875 UTHENTICATION OMMANDS SHOW AUTH WEB INTERFACE To display the Web based authentication status for port1.0.1, enter the command: awplus# show auth-web interface port1.0.1 awplus# show auth-web interface port1.0.1 Authentication Info for interface port1.0.1 portEnabled: true - portControl: Auto portStatus: Authorized reAuthenticate: disabled reAuthPeriod: 3600 PAE: quietPeriod: 60 - maxReauthReq: 2 - txPeriod: 30...
Page 876 UTHENTICATION OMMANDS SHOW AUTH WEB INTERFACE To display Web-Authentication session statistics for port1.0.6, enter the command: awplus# show auth-web interface port1.0.6 sessionstatistics Authentication session statistics for interface port1.0.6 session user name: manager session authentication method: Remote server session time: 19440 secs session terminat cause: Not terminated yet To display Web-Authentication statistics for port1.0.6, enter the command: awplus#...
Page 877: Show Auth-Web Sessionstatistics
UTHENTICATION OMMANDS SHOW AUTH WEB SESSIONSTATISTICS show auth-web sessionstatistics Overview This command shows authentication session statistics for the specified interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. Syntax show auth-web sessionstatistics [interface <interface-list>] Parameter...
Page 878: Show Auth-Web Statistics Interface
UTHENTICATION OMMANDS SHOW AUTH WEB STATISTICS INTERFACE show auth-web statistics interface Overview This command shows the authentication statistics for the specified interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. Syntax show auth-web statistics interface <interface-list>...
Page 879: Show Auth-Web Supplicant
UTHENTICATION OMMANDS SHOW AUTH WEB SUPPLICANT show auth-web supplicant Overview This command shows the supplicant (client device) state when Web-Authentication is configured for the switch. This command shows a summary when the optional brief parameter is used. Syntax show auth-web supplicant [<macadd>] [brief] Parameter Description Mac (hardware) address of the supplicant.
Page 880: Show Auth-Web Supplicant Interface
UTHENTICATION OMMANDS SHOW AUTH WEB SUPPLICANT INTERFACE show auth-web supplicant interface Overview This command shows the supplicant (client device) state for the Web authenticated interface, which may be a static channel (or static aggregator) or a dynamic (or LACP) channel group or a switch port. This command shows a summary when the optional brief parameter is used.
Page 881: Show Auth-Web-Server
UTHENTICATION OMMANDS SHOW AUTH SERVER show auth-web-server Overview This command shows the Web-Authentication server configuration and status on the switch. Syntax show auth-web-server Mode Privileged Exec Example To display Web-Authentication server configuration and status, enter the command: awplus# show auth-web-server Output Figure 25-8: Example output from the show auth-web-server command Web authentication server...
Page 882: Show Auth-Web-Server Page
UTHENTICATION OMMANDS SHOW AUTH SERVER PAGE show auth-web-server page Overview This command displays the web-authentication page configuration and status. Syntax show auth-web-server page Mode Privileged Exec Examples To show the web-authentication page information, use the command: awplus# show auth-web-server page Table 25-1: Example output from the show auth-web-server page command on the console.
Page 883: Show Proxy-Autoconfig-File
UTHENTICATION OMMANDS SHOW PROXY AUTOCONFIG FILE show proxy-autoconfig-file Overview This command displays the contents of the proxy auto configuration (PAC) file. Syntax show proxy-autoconfig-file Mode Privileged Exec Example To display the contents of the proxy auto configuration (PAC) file, enter the command: awplus# show auth proxy-autoconfig-file...
Page 884: Chapter 26: Aaa Commands
AAA Commands Introduction Overview This chapter provides an alphabetical reference for AAA commands for Authentication, Authorization and Accounting. For more information, see the Feature Overview and Configuration Guide. Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 885 AAA C OMMANDS Command List • “aaa accounting auth-mac default” on page 886 • “aaa accounting auth-web default” on page 888 • “aaa accounting commands” on page 890 • “aaa accounting dot1x” on page 892 • “aaa accounting login” on page 894 •...
Page 886: Aaa Accounting Auth-Mac Default
AAA C OMMANDS AAA ACCOUNTING AUTH MAC DEFAULT aaa accounting auth-mac default Overview This command configures a default accounting method list for MAC-based Authentication. The default accounting method list specifies what type of accounting messages are sent and specifies which RADIUS Servers the accounting messages are sent to.
Page 887 AAA C OMMANDS AAA ACCOUNTING AUTH MAC DEFAULT Examples To enable RADIUS accounting for MAC-based Authentication, and use all available RADIUS Servers, use the commands: awplus# configure terminal awplus(config)# aaa accounting auth-mac default start-stop group radius To disable RADIUS accounting for MAC-based Authentication, use the commands: awplus# configure terminal awplus(config)#...
Page 888: Aaa Accounting Auth-Web Default
AAA C OMMANDS AAA ACCOUNTING AUTH WEB DEFAULT aaa accounting auth-web default Overview This command configures a default accounting method list for Web-based Port Authentication. The default accounting method list specifies what type of accounting messages are sent and specifies which RADIUS Servers the accounting messages are sent to.
Page 889 AAA C OMMANDS AAA ACCOUNTING AUTH WEB DEFAULT To disable RADIUS accounting for Web-based Authentication, use the commands: awplus# configure terminal awplus(config)# no aaa accounting auth-web default Related aaa authentication auth-web Commands C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™...
Page 890: Aaa Accounting Commands
AAA C OMMANDS AAA ACCOUNTING COMMANDS aaa accounting commands Overview Use this command to configure and enable TACACS+ command accounting. When command accounting is enabled, information about a command entered at a specified privilege level on a device is sent to a TACACS+ server. To account for all commands entered on a device you need to configure command accounting for each discrete privilege level.
Page 891: Accounting Login
AAA C OMMANDS AAA ACCOUNTING COMMANDS Examples To configure command accounting for privilege level 15 commands, use the following commands: awplus# configure terminal awplus(config)# aaa accounting commands 15 default stop-only group tacacs+ To disable command accounting for privilege level 15 commands, use the following commands: awplus# configure terminal...
Page 892: Aaa Accounting Dot1X
AAA C OMMANDS AAA ACCOUNTING DOT aaa accounting dot1x Overview This command configures the default accounting method list for IEEE 802.1X-based Authentication. The default accounting method list specifies what type of accounting messages are sent and specifies which RADIUS Servers the accounting messages are sent to.
Page 893 AAA C OMMANDS AAA ACCOUNTING DOT Examples To enable RADIUS accounting for 802.1X-based Authentication, and use all available RADIUS Servers, use the commands: awplus# configure terminal awplus(config)# aaa accounting dot1x default start-stop group radius To disable RADIUS accounting for 802.1X-based Authentication, use the commands: awplus# configure terminal...
Page 894: Aaa Accounting Login
AAA C OMMANDS AAA ACCOUNTING LOGIN aaa accounting login Overview This command configures RADIUS and TACACS+ accounting for login shell sessions. The specified method list name can be used by the accounting login command in the Line Configuration mode. If the default parameter is specified, then this creates a default method list that is applied to every console and vty line, unless another accounting method list is applied on that line.
Page 895 AAA C OMMANDS AAA ACCOUNTING LOGIN Usage This command enables you to define a named accounting method list. The items that you define in the accounting options are: • the types of accounting packets that will be sent • the set of servers to which the accounting packets will be sent You can define a default method list with the name default and any number of other named method lists.
Page 896 AAA C OMMANDS AAA ACCOUNTING LOGIN Related aaa accounting commands Commands aaa authentication login aaa accounting login aaa accounting update accounting login radius-server host tacacs-server host Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 897: Aaa Accounting Update
AAA C OMMANDS AAA ACCOUNTING UPDATE aaa accounting update Overview This command enables periodic accounting reporting to either the RADIUS or TACACS+ accounting server(s) wherever login accounting has been configured. Note that unlimited RADIUS servers and up to four TACACS+ servers can be configured and consulted for accounting.
Page 898 AAA C OMMANDS AAA ACCOUNTING UPDATE To disable periodic accounting update wherever accounting has been configured, use the following commands: awplus# configure terminal awplus(config)# no aaa accounting update Related aaa accounting auth-mac default Commands aaa accounting auth-web default aaa accounting dot1x aaa accounting login Command Reference for x210 Series Edge Switches C613-50054-01 REV A...
Page 899: Aaa Authentication Auth-Mac
AAA C OMMANDS AAA AUTHENTICATION AUTH aaa authentication auth-mac Overview This command enables MAC-based Port Authentication globally and allows you to specify an authentication method list. It is automatically applied to every interface running MAC-based Port Authentication. Use the no variant of this command to globally disable MAC-based Port Authentication.
Page 900: Aaa Authentication Auth-Web
AAA C OMMANDS AAA AUTHENTICATION AUTH aaa authentication auth-web Overview This command enables Web-based Port Authentication globally and allows you to enable an authentication method list (in this case, a list of RADIUS Servers). It is automatically applied to every interface running Web-based Port Authentication. Use the no variant of this command to globally disable Web-based Port Authentication.
Page 901: Aaa Authentication Dot1X
AAA C OMMANDS AAA AUTHENTICATION DOT aaa authentication dot1x Overview This command enables 802.1X-based Port Authentication globally and allows you to enable an authentication method list. It is automatically applied to every interface running 802.1X-based Port Authentication. Use the no variant of this command to globally disable 802.1X-based Port Authentication.
Page 902: Aaa Authentication Enable Default Group Tacacs
AAA C OMMANDS AAA AUTHENTICATION ENABLE DEFAULT GROUP TACACS aaa authentication enable default group tacacs+ Overview This command enables AAA authentication to determine the privilege level a user can access for passwords authenticated against the TACACS+ server. Use the no variant of this command to disable privilege level authentication. Syntax aaa authentication enable default group tacacs+ [local] [none] no aaa authentication enable default...
Page 903 AAA C OMMANDS AAA AUTHENTICATION ENABLE DEFAULT GROUP TACACS then the enable authentication will fail until the TACACS+ server becomes available again. • aaa authentication enable default group tacacs+ none then the user is granted access to Privileged Exec mode with no authentication.
Page 904: Aaa Authentication Enable Default Local
AAA C OMMANDS AAA AUTHENTICATION ENABLE DEFAULT LOCAL aaa authentication enable default local Overview This command enables AAA authentication to determine the privilege level a user can access for passwords authenticated locally. Syntax aaa authentication enable default local Default Local privilege level authentication is enabled by default. Mode Global Configuration Usage...
Page 905: Aaa Authentication Login
AAA C OMMANDS AAA AUTHENTICATION LOGIN aaa authentication login Overview Use this command to create an ordered list of methods to use to authenticate user login, or to replace an existing method list with the same name. Specify one or more of the options local or group, in the order you want them to be applied.
Page 906 AAA C OMMANDS AAA AUTHENTICATION LOGIN Usage When a user attempts to log in, the switch sends an authentication request to the first authentication server in the method list. If the first server in the list is reachable and it contains a username and password matching the authentication request, the user is authenticated and the login succeeds.
Page 907: Aaa Group Server
AAA C OMMANDS AAA GROUP SERVER aaa group server Overview This command configures a RADIUS server group. A server group can be used to specify a subset of RADIUS servers in aaa commands. The group name radius is predefined, which includes all RADIUS servers configured by the radius-server host command.
Page 908 AAA C OMMANDS AAA GROUP SERVER Related aaa accounting auth-mac default Commands aaa accounting auth-web default aaa accounting dot1x aaa accounting login aaa authentication auth-mac aaa authentication auth-web aaa authentication dot1x aaa authentication login radius-server host server (Server Group) Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 909: Aaa Local Authentication Attempts Lockout-Time
AAA C OMMANDS AAA LOCAL AUTHENTICATION ATTEMPTS LOCKOUT TIME aaa local authentication attempts lockout-time Overview This command configures the duration of the user lockout period. Use the no variant of this command to restore the duration of the user lockout period to its default of 300 seconds (5 minutes).
Page 910: Aaa Local Authentication Attempts Max-Fail
AAA C OMMANDS AAA LOCAL AUTHENTICATION ATTEMPTS MAX FAIL aaa local authentication attempts max-fail Overview This command configures the maximum number of failed login attempts before a user account is locked out. Every time a login attempt fails the failed login counter is incremented.
Page 911: Accounting Login
AAA C OMMANDS ACCOUNTING LOGIN accounting login Overview This command applies a login accounting method list to console or vty lines for user login. When login accounting is enabled using this command, logging events generate an accounting record to the accounting server. The accounting method list must be configured first using this command.
Page 912: Clear Aaa Local User Lockout
AAA C OMMANDS CLEAR AAA LOCAL USER LOCKOUT clear aaa local user lockout Overview Use this command to clear the lockout on a specific user account or all user accounts. Syntax clear aaa local user lockout {username <username>|all} Parameter Description Clear lockout for the specified user.
Page 913: Debug Aaa
AAA C OMMANDS DEBUG AAA debug aaa Overview This command enables AAA debugging. Use the no variant of this command to disable AAA debugging. Syntax debug aaa [accounting|all|authentication|authorization] no debug aaa [accounting|all|authentication|authorization] Parameter Description Accounting debugging. accounting All debugging options are enabled. Authentication debugging.
Page 914: Login Authentication
AAA C OMMANDS LOGIN AUTHENTICATION login authentication Overview Use this command to apply an AAA server for authenticating user login attempts from a console or remote logins on these console or VTY lines. The authentication method list must be specified by the aaa authentication login command. If the method list has not been configured by the aaa authentication login command, login authentication will fail on these lines.
Page 915: Show Aaa Local User Locked
AAA C OMMANDS SHOW AAA LOCAL USER LOCKED show aaa local user locked Overview This command displays the current number of failed attempts, last failure time and location against each user account attempting to log into the device. Note that once the lockout count has been manually cleared by another privileged account using the clear aaa local user lockout command or a locked account...
Page 916: Show Debugging Aaa
AAA C OMMANDS SHOW DEBUGGING AAA show debugging aaa Overview This command displays the current debugging status for AAA (Authentication, Authorization, Accounting). Syntax show debugging aaa Mode User Exec and Privileged Exec Example To display the current debugging status of AAA, use the command: awplus# show debug aaa Output...
Page 917: C613-50054-01 Rev A Command Reference For X210 Series Edge Switches
AAA C OMMANDS UNDEBUG AAA undebug aaa Overview This command applies the functionality of the no debug aaa command. C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 918: Radius Commands
RADIUS Commands Introduction Overview This chapter provides an alphabetical reference for commands used to configure the device to use RADIUS servers. Command List • “deadtime (RADIUS server group)” on page 919 • “debug radius” on page 920 • “ip radius source-interface”...
Page 919: Deadtime (Radius Server Group)
RADIUS C OMMANDS (RADIUS DEADTIME SERVER GROUP deadtime (RADIUS server group) Overview Use this command to configure the deadtime parameter for the RADIUS server group. This command overrides the global dead-time configured by the radius-server deadtime command. The configured deadtime is the time period in minutes to skip a RADIUS server for authentication or accounting requests if the server is “dead”.
Page 920: Debug Radius
RADIUS C OMMANDS DEBUG RADIUS debug radius Overview This command enables RADIUS debugging. If no option is specified, all debugging options are enabled. Use the no variant of this command to disable RADIUS debugging. If no option is specified, all debugging options are disabled. Syntax debug radius [packet|event|all] no debug radius [packet|event|all]...
Page 921: Ip Radius Source-Interface
RADIUS C OMMANDS IP RADIUS SOURCE INTERFACE ip radius source-interface Overview This command configures the source IP address of every outgoing RADIUS packet to use a specific IP address or the IP address of a specific interface. If the specified interface is down or there is no IP address on the interface, then the source IP address of outgoing RADIUS packets depends on the interface the packets leave.
Page 922: Radius-Server Deadtime
RADIUS C OMMANDS RADIUS SERVER DEADTIME radius-server deadtime Overview Use this command to specify the global deadtime for all RADIUS servers. If a RADIUS server is considered dead, it is skipped for the specified deadtime. This command specifies for how many minutes a RADIUS server that is not responding to authentication requests is passed over by requests for RADIUS authentication.
Page 923: Radius-Server Host
RADIUS C OMMANDS RADIUS SERVER HOST radius-server host Overview Use this command to specify a remote RADIUS server host for authentication or accounting, and to set server-specific parameters. The parameters specified with this command override the corresponding global parameters for RADIUS servers. This command specifies the IP address or host name of the remote RADIUS server host and assigns authentication and accounting destination UDP port numbers.
Page 924 RADIUS C OMMANDS RADIUS SERVER HOST Parameter Description Time in seconds to wait for a server reply <1-1000> (timeout is set to 5 seconds by default) The time interval (in seconds) to wait for the RADIUS server to reply before retransmitting a request or considering the server dead.
Page 925 RADIUS C OMMANDS RADIUS SERVER HOST included in the predefined RADIUS server group radius, which may be used by AAA authentication, authorization and accounting commands. The client transmits (and retransmits, according to the retransmit and timeout parameters) RADIUS authentication or accounting requests to the servers in the order you specify them, until it gets a response.
Page 926: Radius-Server Key
RADIUS C OMMANDS RADIUS SERVER KEY radius-server key Overview This command sets a global secret key for RADIUS authentication on the device. The shared secret text string is used for RADIUS authentication between the device and a RADIUS server. Note that if no secret key is explicitly specified for a RADIUS server, the global secret key will be used for the shared secret for the server.
Page 927: Radius-Server Retransmit
RADIUS C OMMANDS RADIUS SERVER RETRANSMIT radius-server retransmit Overview This command sets the retransmit counter to use RADIUS authentication on the device. This command specifies how many times the device transmits each RADIUS request to the RADIUS server before giving up. This command configures the retransmit parameter for RADIUS servers globally.
Page 928: Show Radius Statistics
RADIUS C OMMANDS RADIUS SERVER RETRANSMIT Related radius-server deadtime Commands radius-server host show radius statistics Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 929: Radius-Server Timeout
RADIUS C OMMANDS RADIUS SERVER TIMEOUT radius-server timeout Overview Use this command to specify the RADIUS global timeout value. This is how long the device waits for a reply to a RADIUS request before retransmitting the request, or considering the server to be dead. If no timeout is specified for the particular RADIUS server by the radius-server host command, it uses this global timeout value.
Page 930 RADIUS C OMMANDS RADIUS SERVER TIMEOUT To reset the global timeout period for RADIUS servers to the default, use the following command: awplus# configure terminal awplus(config)# no radius-server timeout Related radius-server deadtime Commands radius-server host radius-server retransmit show radius statistics Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 931: Server (Server Group)
RADIUS C OMMANDS SERVER ERVER ROUP server (Server Group) Overview This command adds a RADIUS server to a server group in Server-Group Configuration mode. The RADIUS server should be configured by the radius-server host command. The server is appended to the server list of the group and the order of configuration determines the precedence of servers.
Page 932 RADIUS C OMMANDS SERVER ERVER ROUP Default The default Authentication port number is 1812 and the default Accounting port number is 1813. Mode Server Group Configuration Usage The RADIUS server to be added must be configured by the radius-server host command.
Page 933: Show Debugging Radius
RADIUS C OMMANDS SHOW DEBUGGING RADIUS show debugging radius Overview This command displays the current debugging status for the RADIUS servers. Syntax show debugging radius Mode User Exec and Privileged Exec Example To display the current debugging status of RADIUS servers, use the command: awplus# show debugging radius Output...
Page 934: Show Radius
RADIUS C OMMANDS SHOW RADIUS show radius Overview This command displays the current RADIUS server configuration and status. Syntax show radius Mode User Exec and Privileged Exec Example To display the current status of RADIUS servers, use the command: awplus# show radius Output Figure 27-2: Example output from the show radius command showing RADIUS...
Page 935 RADIUS C OMMANDS SHOW RADIUS Output Figure 27-3: Example output from the show radius command showing RADIUS client status RADIUS global interface name: awplus Secret key: Timeout: 5 Retransmit count: 3 Deadtime: 0 Server Address: 150.87.18.89 Auth destination port: 1812 Accounting port: 1813 Secret key: swg Timeout: 5...
Page 936: Show Radius Statistics
RADIUS C OMMANDS SHOW RADIUS STATISTICS show radius statistics Overview This command shows the RADIUS client statistics for the device. Syntax show radius statistics Mode User Exec and Privileged Exec Example See the sample output below showing RADIUS client statistics and RADIUS configuration: awplus# show radius statistics...
Page 937: Undebug Radius
RADIUS C OMMANDS UNDEBUG RADIUS undebug radius Overview This command applies the functionality of the no debug radius command. C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 938: Tacacs+ Commands
TACACS+ Commands Introduction Overview This chapter provides an alphabetical reference for commands used to configure the device to use TACACS+ servers. For more information about TACACS+, see the TACACS+ Feature Overview and Configuration Guide. Command List • “show tacacs+” on page 939 •...
Page 939: Show Tacacs
TACACS+ C OMMANDS SHOW TACACS show tacacs+ Overview This command displays the current TACACS+ server configuration and status. Syntax show tacacs+ Mode User Exec and Privileged Exec Example To display the current status of TACACS+ servers, use the command: awplus# show tacacs+ Output Figure 28-1: Example output from the show tacacs+ command...
Page 940: Tacacs-Server Host
TACACS+ C OMMANDS TACACS SERVER HOST tacacs-server host Overview Use this command to specify a remote TACACS+ server host for authentication, authorization and accounting, and to set the shared secret key to use with the TACACS+ server. The parameters specified with this command override the corresponding global parameters for TACACS+ servers.
Page 941 TACACS+ C OMMANDS TACACS SERVER HOST server fails, not if a login authentication attempt is rejected. The reasons a server would fail are: • it is not network reachable • it is not currently TACACS+ capable • it cannot communicate with the switch properly due to the switch and the server having different secret keys Examples To add the server tac1.company.com as the TACACS+ server host, use the...
Page 942: Tacacs-Server Key
TACACS+ C OMMANDS TACACS SERVER KEY tacacs-server key Overview This command sets a global secret key for TACACS+ authentication, authorization and accounting. The shared secret text string is used for TACACS+ communications between the switch and all TACACS+ servers. Note that if no secret key is explicitly specified for a TACACS+ server with the tacacs-server host command, the global secret key will be used for the shared secret for the server.
Page 943: Tacacs-Server Timeout
TACACS+ C OMMANDS TACACS SERVER TIMEOUT tacacs-server timeout Overview Use this command to specify the TACACS+ global timeout value. The timeout value is how long the device waits for a reply to a TACACS+ request before considering the server to be dead. Note that this command configures the timeout parameter for TACACS+ servers globally.
Page 944: Secure Shell (Ssh) Commands
Secure Shell (SSH) Commands Introduction Overview This chapter provides an alphabetical reference for commands used to configure Secure Shell (SSH). For more information, see the SSH Feature Overview and Configuration Guide. Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™...
Page 945 (SSH) C ECURE HELL OMMANDS Command List • “banner login (SSH)” on page 946 • “clear ssh” on page 947 • “crypto key destroy hostkey” on page 948 • “crypto key destroy userkey” on page 949 • “crypto key generate hostkey”...
Page 946: Banner Login (Ssh)
(SSH) C ECURE HELL OMMANDS (SSH) BANNER LOGIN banner login (SSH) Overview This command configures a login banner on the SSH server. This displays a message on the remote terminal of the SSH client before the login prompt. SSH client version 1 does not support this banner. To add a banner, first enter the command banner login, and hit [Enter].
Page 947: Clear Ssh
(SSH) C ECURE HELL OMMANDS CLEAR SSH clear ssh Overview This command deletes Secure Shell sessions currently active on the device. This includes both incoming and outgoing sessions. The deleted sessions are closed. You can only delete an SSH session if you are a system manager or the user who initiated the session.
Page 948: Crypto Key Destroy Hostkey
(SSH) C ECURE HELL OMMANDS CRYPTO KEY DESTROY HOSTKEY crypto key destroy hostkey Overview This command deletes the existing public and private keys of the SSH server. Note that for an SSH server to operate it needs at least one set of hostkeys configured before an SSH server is started.
Page 949: Crypto Key Destroy Userkey
(SSH) C ECURE HELL OMMANDS CRYPTO KEY DESTROY USERKEY crypto key destroy userkey Overview This command destroys the existing public and private keys of an SSH user configured on the device. Syntax crypto key destroy userkey <username> {dsa|rsa|rsa1} Parameters Description Name of the user whose userkey you are destroying.
Page 950: Crypto Key Generate Hostkey
(SSH) C ECURE HELL OMMANDS CRYPTO KEY GENERATE HOSTKEY crypto key generate hostkey Overview This command generates public and private keys for the SSH server using either an RSA or DSA cryptography algorithm. You must define a host key before enabling the SSH server.
Page 951: Crypto Key Generate Userkey
(SSH) C ECURE HELL OMMANDS CRYPTO KEY GENERATE USERKEY crypto key generate userkey Overview This command generates public and private keys for an SSH user using either an RSA or DSA cryptography algorithm. To use public key authentication, copy the public key of the user onto the remote SSH server.
Page 952: Crypto Key Pubkey-Chain Knownhosts
(SSH) C ECURE HELL OMMANDS CRYPTO KEY PUBKEY CHAIN KNOWNHOSTS crypto key pubkey-chain knownhosts Overview This command adds a public key of the specified SSH server to the known host database on your device. The SSH client on your device uses this public key to verify the remote SSH server.
Page 953 (SSH) C ECURE HELL OMMANDS CRYPTO KEY PUBKEY CHAIN KNOWNHOSTS Examples To add the RSA host key of the remote SSH host IPv4 address 192.0.2.11 to the known host database, use the command: awplus# crypto key pubkey-chain knownhosts 192.0.2.11 To delete the second entry in the known host database, use the command: awplus# no crypto key pubkey-chain knownhosts 2 Validation...
Page 954: Crypto Key Pubkey-Chain Userkey
(SSH) C ECURE HELL OMMANDS CRYPTO KEY PUBKEY CHAIN USERKEY crypto key pubkey-chain userkey Overview This command adds a public key for an SSH user on the SSH server. This allows the SSH server to support public key authentication for the SSH user. When configured, the SSH user can access the SSH server without providing a password from the remote host.
Page 955 (SSH) C ECURE HELL OMMANDS CRYPTO KEY PUBKEY CHAIN USERKEY nUC768EoWhyPW6FZ2t5360O5M29EpKBmGqlkQaz5V0mU9IQe66+5YyD4UxOKSD tTI+7jtjDcoGWHb2u4sFwRpXwJZcgYrXW16+6NvNbk+h+c/pqGDijj4SvfZZfe ITzvvyZW4/I4pbN8= awplus# configure terminal awplus(config)# crypto key pubkey-chain userkey joeType CNTL/D finish:AAAAB3NzaC1yc2EAAAABIwAAAIEAr1s7SokW5aW2fcOw1TStpb9J20b WluhnUC768EoWhyPW6FZ2t5360O5M29EpKBmGqlkQaz5V0mU9IQe66+5YyD4Ux OKSDtTI+7jtjDcoGWHb2u4sFwRpXwJZcgYrXW16+6NvNbk+h+c/pqGDijj4Svf ZZfeITzvvyZW4/I4pbN8=control-D awplus(config)# To add a public key for the user graydon from the file key.pub, use the commands: awplus# configure terminal...
Page 956: Debug Ssh Client
(SSH) C ECURE HELL OMMANDS DEBUG SSH CLIENT debug ssh client Overview This command enables the SSH client debugging facility. When enabled, any SSH, SCP and SFTP client sessions send diagnostic messages to the login terminal. The no variant of this command disables the SSH client debugging facility. This stops the SSH client from generating diagnostic debugging message.
Page 957: Debug Ssh Server
(SSH) C ECURE HELL OMMANDS DEBUG SSH SERVER debug ssh server Overview This command enables the SSH server debugging facility. When enabled, the SSH server sends diagnostic messages to the system log. To display the debugging messages on the terminal, use the terminal monitor command. The no variant of this command disables the SSH server debugging facility.
Page 958: Service Ssh
(SSH) C ECURE HELL OMMANDS SERVICE SSH service ssh Overview This command enables the Secure Shell server on the device. Once enabled, connections coming from SSH clients are accepted. SSH server needs a host key before it starts. If an SSHv2 host key does not exist, then this command fails.
Page 959 (SSH) C ECURE HELL OMMANDS SERVICE SSH Related crypto key generate hostkey Commands show running-config ssh show ssh server ssh server allow-users ssh server deny-users C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 960: Show Banner Login
(SSH) C ECURE HELL OMMANDS SHOW BANNER LOGIN show banner login Overview This command displays the banner message configured on the device. The banner message is displayed to the remote user before user authentication starts. Syntax show banner login Mode User Exec, Privileged Exec, Global Configuration, Interface Configuration, Line Configuration Example...
Page 961: Show Crypto Key Hostkey
(SSH) C ECURE HELL OMMANDS SHOW CRYPTO KEY HOSTKEY show crypto key hostkey Overview This command displays the SSH host keys generated by RSA and DSA algorithm. A host key pair (public and private keys) is needed to enable SSH server. The private key remains on the device secretly.
Page 962: Show Crypto Key Pubkey-Chain Knownhosts
(SSH) C ECURE HELL OMMANDS SHOW CRYPTO KEY PUBKEY CHAIN KNOWNHOSTS show crypto key pubkey-chain knownhosts Overview This command displays the list of public keys maintained in the known host database on the device. Syntax show crypto key pubkey-chain knownhosts [<1-65535>] Parameter Description Key identifier for a specific key.
Page 963: Show Crypto Key Pubkey-Chain Userkey
(SSH) C ECURE HELL OMMANDS SHOW CRYPTO KEY PUBKEY CHAIN USERKEY show crypto key pubkey-chain userkey Overview This command displays the public keys registered with the SSH server for SSH users. These keys allow remote users to access the device using public key authentication.
Page 964: Show Crypto Key Userkey
(SSH) C ECURE HELL OMMANDS SHOW CRYPTO KEY USERKEY show crypto key userkey Overview This command displays the public keys created on this device for the specified SSH user. Syntax show crypto key userkey <username> [dsa|rsa|rsa1] Parameter Description User name of the local SSH user whose keys you wish to display. The <username>...
Page 965: Show Running-Config Ssh
(SSH) C ECURE HELL OMMANDS SHOW RUNNING CONFIG SSH show running-config ssh Overview This command displays the current running configuration of Secure Shell (SSH). Syntax show running-config ssh Mode Privileged Exec and Global Configuration Example To display the current configuration of SSH, use the command: awplus# show running-config ssh Output...
Page 966 (SSH) C ECURE HELL OMMANDS SHOW RUNNING CONFIG SSH Table 29-5: Parameters in the output of the show running-config ssh command Parameter Description Add the user (and hostname) to the allow list. ssh server allow-users Add the user (and hostname) to the deny list. ssh server deny-users Related service ssh...
Page 967: Show Ssh
(SSH) C ECURE HELL OMMANDS SHOW SSH show ssh Overview This command displays the active SSH sessions on the device, both incoming and outgoing. Syntax show ssh Mode User Exec, Privileged Exec and Global Configuration Example To display the current SSH sessions on the device, use the command: awplus# show ssh Output...
Page 968 (SSH) C ECURE HELL OMMANDS SHOW SSH Table 29-6: Parameters in the output of the show ssh command (cont.) Parameter Description The current state of the SSH session. One of: State The device is looking for a remote server. connecting The device is connected to the remote server.
Page 969: Show Ssh Client
(SSH) C ECURE HELL OMMANDS SHOW SSH CLIENT show ssh client Overview This command displays the current configuration of the Secure Shell client. Syntax show ssh client Mode User Exec, Privileged Exec and Global Configuration Example To display the current configuration for SSH clients on the login shell, use the command: awplus# show ssh client...
Page 970: Show Ssh Server
(SSH) C ECURE HELL OMMANDS SHOW SSH SERVER show ssh server Overview This command displays the current configuration of the Secure Shell server. Note that changes to the SSH configuration affects only new SSH sessions coming from remote hosts, and does not affect existing sessions. Syntax show ssh server Mode...
Page 971 (SSH) C ECURE HELL OMMANDS SHOW SSH SERVER Table 29-8: Parameters in the output of the show ssh server command (cont.) Parameter Description The maximum number of concurrent connections that are Maximum waiting authentication. The default is 10. Startups Whether debugging is active on the server. Debug Related show ssh...
Page 972: Show Ssh Server Allow-Users
(SSH) C ECURE HELL OMMANDS SHOW SSH SERVER ALLOW USERS show ssh server allow-users Overview This command displays the user entries in the allow list of the SSH server. Syntax show ssh server allow-users Mode User Exec, Privileged Exec and Global Configuration Example To display the user entries in the allow list of the SSH server, use the command: awplus#...
Page 973: Show Ssh Server Deny-Users
(SSH) C ECURE HELL OMMANDS SHOW SSH SERVER DENY USERS show ssh server deny-users Overview This command displays the user entries in the deny list of the SSH server. The user in the deny list is rejected to access the SSH server. If a user is not included in the access list of the SSH server, the user is also rejected.
Page 974: Ssh
(SSH) C ECURE HELL OMMANDS Overview This command initiates a Secure Shell connection to a remote SSH server. If the server requests a password for the user login, the user needs to type in the correct password on “Password:” prompt. SSH client identifies the remote SSH server by its public key registered on the client device.
Page 975 (SSH) C ECURE HELL OMMANDS Mode User Exec and Privileged Exec Examples To login to the remote SSH server at 192.0.2.5, use the command: awplus# ssh ip 192.0.2.5 To login to the remote SSH server at 192.0.2.5 as user manager, use the command: awplus# ssh ip user manager 192.0.2.5 To login to the remote SSH server at 192.0.2.5 that is listening TCP port 2000, use...
Page 976: Ssh Client
(SSH) C ECURE HELL OMMANDS SSH CLIENT ssh client Overview This command modifies the default configuration parameters of the Secure Shell (SSH) client. The configuration is used for any SSH client on the device to connect to remote SSH servers. Any parameters specified on SSH client explicitly override the default configuration parameters.
Page 977 (SSH) C ECURE HELL OMMANDS SSH CLIENT Mode Privileged Exec Examples To configure the default TCP port for SSH clients to 2200, and the session timer to 10 minutes, use the command: awplus# ssh client port 2200 session-timeout 600 To configure the connect timeout of SSH client to 10 seconds, use the command: awplus# ssh client connect-timeout 10 To restore the connect timeout to its default, use the command:...
Page 978: Ssh Server
(SSH) C ECURE HELL OMMANDS SSH SERVER ssh server Overview This command modifies the configuration of the SSH server. Changing these parameters affects new SSH sessions connecting to the device. The no variant of this command restores the configuration of a specified parameter to its default.
Page 979 (SSH) C ECURE HELL OMMANDS SSH SERVER Examples To configure the session timer of SSH server to 10 minutes (600 seconds), use the commands: awplus# configure terminal awplus(config)# ssh server login-timeout 600 To configure the login timeout of SSH server to 30 seconds, use the commands: awplus# configure terminal awplus(config)#...
Page 980: Ssh Server Allow-Users
(SSH) C ECURE HELL OMMANDS SSH SERVER ALLOW USERS ssh server allow-users Overview This command adds a username pattern to the allow list of the SSH server. If the user of an incoming SSH session matches the pattern, the session is accepted. When there are no registered users in the server’s database of allowed users, the SSH server does not accept SSH sessions even when enabled.
Page 981 (SSH) C ECURE HELL OMMANDS SSH SERVER ALLOW USERS To delete the existing user entry john 192.168.1.* in the allow list, use the commands: awplus# configure terminal awplus(config)# no ssh server allow-users john 192.168.1.* Related show running-config ssh Commands show ssh server allow-users ssh server deny-users C613-50054-01 REV A Command Reference for x210 Series Edge Switches...
Page 982: Ssh Server Authentication
(SSH) C ECURE HELL OMMANDS SSH SERVER AUTHENTICATION ssh server authentication Overview This command enables RSA public-key or password user authentication for SSH Server. Apply the password keyword with the ssh server authentication command to enable password authentication for users. Apply the publickey keyword with the ssh server authentication command to enable RSA public-key authentication for users.
Page 983 (SSH) C ECURE HELL OMMANDS SSH SERVER AUTHENTICATION To disable password authentication for users connecting through SSH, use the commands: awplus# configure terminal awplus(config)# no ssh server authentication password To disable publickey authentication for users connecting through SSH, use the commands: awplus# configure terminal...
Page 984: Ssh Server Deny-Users
(SSH) C ECURE HELL OMMANDS SSH SERVER DENY USERS ssh server deny-users Overview This command adds a username pattern to the deny list of the SSH server. If the user of an incoming SSH session matches the pattern, the session is rejected. SSH server also maintains the allow list.
Page 985 (SSH) C ECURE HELL OMMANDS SSH SERVER DENY USERS To delete the existing user entry john 192.168.2.* in the deny list, use the commands: awplus# configure terminal awplus(config)# no ssh server deny-users john 192.168.2.* Related show running-config ssh Commands show ssh server deny-users ssh server allow-users C613-50054-01 REV A Command Reference for x210 Series Edge Switches...
Page 986: Ssh Server Resolve-Host
(SSH) C ECURE HELL OMMANDS SSH SERVER RESOLVE HOST ssh server resolve-host Overview This command enables resolving an IP address from a host name using a DNS server for client host authentication. The no variant of this command disables this feature. Syntax ssh server resolve-hosts no ssh server resolve-hosts...
Page 987: Ssh Server Scp
(SSH) C ECURE HELL OMMANDS SSH SERVER SCP ssh server scp Overview This command enables the Secure Copy (SCP) service on the SSH server. Once enabled, the server accepts SCP requests from remote clients. You must enable the SSH server as well as this service before the device accepts SCP connections.
Page 988: Ssh Server Sftp
(SSH) C ECURE HELL OMMANDS SSH SERVER SFTP ssh server sftp Overview This command enables the Secure FTP (SFTP) service on the SSH server. Once enabled, the server accepts SFTP requests from remote clients. You must enable the SSH server as well as this service before the device accepts SFTP connections.
Page 989: Undebug Ssh Client
(SSH) C ECURE HELL OMMANDS UNDEBUG SSH CLIENT undebug ssh client Overview This command applies the functionality of the no debug ssh client command. C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 990: Undebug Ssh Server
(SSH) C ECURE HELL OMMANDS UNDEBUG SSH SERVER undebug ssh server Overview This command applies the functionality of the no debug ssh server command. Command Reference for x210 Series Edge Switches C613-50054-01 REV A AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 991: Dhcp Snooping Commands
DHCP Snooping Commands Introduction Overview This chapter gives detailed information about the commands used to configure DHCP snooping. For detailed descriptions of related ACL commands, see IPv4 Hardware Access Control List (ACL) Commands. For more information about DHCP snooping, see the DHCP Snooping Feature Overview and Configuration Guide.
Page 992 DHCP S NOOPING OMMANDS Command List • “arp security” on page 993 • “arp security violation” on page 994 • “clear arp security statistics” on page 996 • “clear ip dhcp snooping binding” on page 997 • “clear ip dhcp snooping statistics”...
Page 993: Arp Security
DHCP S NOOPING OMMANDS ARP SECURITY arp security Overview Use this command to enable ARP security on untrusted ports in the VLANs, so that the switch only responds to/forwards ARP packets if they have recognized IP and MAC source addresses. Use the no variant of this command to disable ARP security on the VLANs.
Page 994: Arp Security Violation
DHCP S NOOPING OMMANDS ARP SECURITY VIOLATION arp security violation Overview Use this command to specify an additional action to perform if an ARP security violation is detected on the ports. ARP security must also be enabled (arp security command). Use the no variant of this command to remove the specified action, or all actions.
Page 995: Show Arp Security Interface
DHCP S NOOPING OMMANDS ARP SECURITY VIOLATION Related arp security Commands show arp security interface show arp security statistics show log snmp-server enable trap C613-50054-01 REV A Command Reference for x210 Series Edge Switches AlliedWare Plus™ Operating System - Version 5.4.5-0.x...
Page 996: Clear Arp Security Statistics
DHCP S NOOPING OMMANDS CLEAR ARP SECURITY STATISTICS clear arp security statistics Overview Use this command to clear ARP security statistics for the specified ports, or for all ports. Syntax clear arp security statistics [interface <port-list>] Parameter Description The ports to clear statistics for. If no ports are specified, statistics are <port-list>...
Page 997: Clear Ip Dhcp Snooping Binding
DHCP S NOOPING OMMANDS CLEAR IP DHCP SNOOPING BINDING clear ip dhcp snooping binding Overview Use this command to remove one or more DHCP Snooping dynamic entries from the DHCP Snooping binding database. If no options are specified, all entries are removed from the database.
Page 998: Clear Ip Dhcp Snooping Statistics
DHCP S NOOPING OMMANDS CLEAR IP DHCP SNOOPING STATISTICS clear ip dhcp snooping statistics Overview Use this command to clear DHCP snooping statistics for the specified ports, or for all ports. Syntax clear ip dhcp snooping statistics [interface <port-list>] Parameter Description The ports to clear statistics for.
Page 999: Debug Arp Security
DHCP S NOOPING OMMANDS DEBUG ARP SECURITY debug arp security Overview Use this command to enable ARP security debugging. Use the no variant of this command to disable debugging for ARP security. Syntax debug arp security no debug arp security Default Disabled Mode...
Page 1000: Debug Ip Dhcp Snooping
DHCP S NOOPING OMMANDS DEBUG IP DHCP SNOOPING debug ip dhcp snooping Overview Use this command to enable the specified types of debugging for DHCP snooping. Use the no variant of this command to disable the specified types of debugging. Syntax debug ip dhcp snooping {all|acl|db|packet [detail]} no debug ip dhcp snooping {all|acl|db|packet [detail]}...

This manual is also suitable for:

At-x210-16gt At-x210-24gt

Allied Telesis AT-x210-9GT Command Reference Manual

Chapter 1 CLI Navigation Commands

Chapter 2 User Access Commands

Chapter 3: File Management Commands

Chapter 4: Licensing Commands

Chapter 5: System Configuration and Monitoring Commands

Chapter 6: Logging Commands

Logging Commands

Chapter 7: Scripting Commands

Scripting Commands

Chapter 8: Interface Commands

Interface Commands

Chapter 9: Interface Testing Commands

Chapter 10: Switching Commands

Chapter 11: VLAN Commands

Chapter 12: Spanning Tree Commands

Quick Links

Related Manuals for Allied Telesis AT-x210-9GT

Summary of Contents for Allied Telesis AT-x210-9GT