Management Software AT-S100 User’s Guide For use with the AT-9000/28 and AT-9000/28SP Managed Layer 2 GE ecoSwitches Version 1.0.3 613-001138 Rev.
Copyright 2009 Allied Telesis, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesis, Inc. Allied Telesis and the Allied Telesis logo are trademarks of Allied Telesis, Incorporated. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners. Allied Telesis, Inc.
Contents Preface ............................................................................................................................................................ 11 Document Conventions .................................................................................................................................... 12 Where to Find Web-based Guides ................................................................................................................... 13 Contacting Allied Telesis .
Contents Setting Port Speed and Duplex Mode ........................................................................................................ 44 Enabling and Disabling Ports ..................................................................................................................... 45 Setting MDI and MDIX................................................................................................................................ 45 Setting Port Security....................................
AT-S100 Management Software User’s Guide EXIT................................................................................................................................................................ 126 HELP .............................................................................................................................................................. 127 HOSTNAME ............................................................................................................................
Contents RADIUS-SERVER KEY ..................................................................................................................................202 SHOW DOT1X ................................................................................................................................................203 SHOW DOT1X ALL ........................................................................................................................................204 SHOW DOT1X INTERFACE ...............
Figures Figure 1: AT-S100 Command Modes ...................................................................................................................................17 Figure 2: Command Line Login Screen ................................................................................................................................23 Figure 3: SHOW MAC ADDRESS-TABLE Command..........................................................................................................
Figures 8
Tables Table 1: Command Modes ..................................................................................................................................................17 Table 2: Examples of Privileged Executive Mode Commands ............................................................................................19 Table 3: Examples of Configuration Terminal Mode Commands ........................................................................................
Tables 10
Preface The AT-S100 Management Software is the operating system for the AT-9000/28 and AT-9000/28SP Managed Layer 2 GE ecoSwitches. This guide describes the commands included in the management software that you use to control and monitor the operating parameters of both AT-9000 switches.
Preface Document Conventions This document uses the following conventions: Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
AT-100 Management Software User’s Guide Where to Find Web-based Guides The installation and user guides for all Allied Telesis products are available in portable document format (PDF) on our web site at www.alliedtelesis.com. You can view the documents online or download them onto a local workstation or server.
Preface Contacting Allied Telesis This section provides Allied Telesis contact information for technical support as well as sales and corporate information. Online Support You can request technical support online by accessing the Allied Telesis Knowledge Base: www.alliedtelesis.com/support/kb.aspx. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
Chapter 1 Getting Started with the Command Line Interface This chapter describes the command modes of the AT-S100 command line interface (CLI) and how to access them.
Chapter 1: Getting Started with the Command Line Interface Introducing the Command Modes This chapter describes the CLI command modes and how to access the command line interface. There are 5 command modes: Privileged Executive Configuration Terminal VLAN Configuration Interface Configuration Line In the AT-S100 software, the commands are accessed through a hierarchy of command modes. Each command mode contains a subset of commands that are available within that mode.
AT-S100 Management Software User’s Guide Privileged Executive mode configure terminal Command used to enter the next mode Configuration Terminal mode Commands used to enter the next mode VLAN database VLAN Configuration mode interface IFNAME line vty [FIRST] (LAST) Interface Configuration mode Line mode 1221 Figure 1. AT-S100 Command Modes See Table 1 for information about the commands used to access the modes and their respective prompts. Table 1.
Chapter 1: Getting Started with the Command Line Interface Table 1. Command Modes (Continued) Command Mode Interface Configuration VLAN Configuration Line Prompt Switch(config-if)# Switch(config-vlan)# Switch(config-line) Description To access interface 1, enter the following from the Configuration Terminal mode: interface ge1 Enter the EXIT command to return to the Configuration Terminal mode. From the Configuration Terminal mode, type the VLAN DATABASE command.
AT-S100 Management Software User’s Guide downloading new image files displaying Ethernet port statistics The prompt changes to “Switch#” to indicate the Privileged Executive mode. To access the Configuration Terminal mode from the Privileged Executive mode, enter the CONFIGURE TERMINAL command. To return to the Privileged Executive mode, enter the EXIT command. See Table 2 for a sample list of commands that can be access from the Privileged Executive command mode.
Chapter 1: Getting Started with the Command Line Interface See Table 3 for a sample list of commands that can be accessed from the Configuration Terminal mode. For more information about the commands in this mode, see the Chapter 4, “Configuration Terminal Mode Commands” on page 115. Table 3. Examples of Configuration Terminal Mode Commands Command Interface Configuration Command Mode Description IP-ACCESS-LIST Creates an access list. LINE CONSOLE Sets the console configuration.
AT-S100 Management Software User’s Guide After you have accessed the Interface Configuration mode, the commands you enter apply only to the interface specified in the Configuration Terminal mode. For example, if you enter “interface ge3” in the Configuration Terminal mode, all of the subsequent commands that you enter apply to interface 3 only.
Chapter 1: Getting Started with the Command Line Interface After you have accessed the VLAN Configuration mode, enter commands that apply to a specific VLAN. For a sample list of commands that can be accessed from the VLAN Configuration command mode, see Table 5 on page 22. For more detailed information about the commands in this mode, see Chapter 11, “Virtual Local Area Networks (VLAN) Commands” on page 257. The default VLAN has a VLAN ID of 1 and it includes all 28 ports.
AT-S100 Management Software User’s Guide Starting the Command Line Interface To start the command line interface, perform the following procedure: 1. Type the user id and password. There are two default user ids and passwords. For the system administrator login, the default user id is “manager” and the default password is “friend.” A command line prompt is displayed in Figure 2. Username:manager Password: (none)# Figure 2.
Chapter 1: Getting Started with the Command Line Interface Formatting Commands The AT-S100 software command line interface follows the same formatting conventions in all of the command modes. There are command line interface features which apply to the general use of the command line and command syntax conventions which apply when entering the commands. See the following sections.
AT-S100 Management Software User’s Guide Command Line Syntax Conventions The following table describes the conventions used in the AT-S100 command interface. Table 6. Command Line Syntax Conventions Convention Description Example A.B.C.D/M Indicates an IP address and a subnet mask. 192.68.1.11/24 line Indicates a line of text that accepts spaces without quotation marks.
Chapter 1: Getting Started with the Command Line Interface 26
Chapter 2 Configuring the AT-S100 Software This chapter provides configuration information about the AT-S100 software.The features are divided into three sections.
Chapter 2: Configuring the AT-S100 Software Setting the Switch The procedures in this section describe how to perform basic switch functions such as assigning an IP address, creating a user name and password, and downloading software.
AT-S100 Management Software User’s Guide For more information about this command, see “IP ADDRESS” on page 171. Setting DHCP The DHCP feature enables the switch to obtain an IP address from the DHCP server. You must assign the DHCP command to the default VLAN, VLAN 1, in the Interface mode. The syntax of the DHCP address command is: ip address dhcp The following example sets the DHCP feature on the switch.
Chapter 2: Configuring the AT-S100 Software Setting the NTP Server Address Setting an NTP server allows the switch to have an official time. The basic syntax of this command is: ntp server xxx.xxx.xxx.xxx To set the IP address of an NTP server to 198.10.1.1, enter the following commands: switch# configure terminal switch(config)# ntp server 198.10.1.1 For more information about this command, see “NTP SERVER” on page 148.
AT-S100 Management Software User’s Guide Increasing Frame Size (Jumbo Frames) The jumbo frame command allows an interface on the switch to accept large or jumbo frames which are Ethernet frames with greater than 1,500 bytes of payload (MTU).
Chapter 2: Configuring the AT-S100 Software LINE Specifies a password for an administrator or manager. Enter an alphanumeric value between 1 and 8 characters in length. The following commands set the user name to “faye,” the privilege to “15,” and the password to “friend:” switch#configure terminal switch(config)#username faye privilege 15 password friend For more information about this command, see “USERNAME” on page 162.
AT-S100 Management Software User’s Guide To display the full MAC address table, enter the following command: switch#show mac address-table For more information about this command, including a sample display see “SHOW MAC ADDRESS-TABLE” on page 92. Displaying the MAC Address Ageing Time As stated above, the MAC address aging time indicates the time interval when the MAC address table is flushed automatically.
Chapter 2: Configuring the AT-S100 Software switch(config)# mac address-table ageing-time 35 For more information about this command, see “MAC ADDRESS-TABLE AGEING-TIME” on page 138. Adding a Static MAC Address To add a static address to the MAC address table, specify the MAC address, the assigned port number, and the VLAN ID.
AT-S100 Management Software User’s Guide Rebooting the Switch To reboot the switch, enter the following command: switch# system reboot When you enter this command the switch temporarily loses power and will the current session is lost. To start a new session on the switch, log in again. For more information about this command, see “SYSTEM REBOOT” on page 112.
Chapter 2: Configuring the AT-S100 Software Application Version=1.0.3 Application BuildTime=12:47:47 Application BuildDate=Nov 21 2008 Serial Number= Model=AT-9000/28 Ethaddr= Baudrate=9600 Uptime= 16:01:02 up 1 min, load average: 0.21, 0.08, 0.02 HwRev=B 2. Assign an IP address and subnet mask to the switch with the IP ADDRESS A.B.C.D/mask command. The following commands set VLAN 1 with the primary IP address and mask of 192.0.0.1/8.
AT-S100 Management Software User’s Guide Erasing 88 Sectors ... Writing to flash ... 5. If you are downgrading the AT-S100 software to an earlier version, the following confirmation message is displayed: Current version of the image is newer. Download anyway? (y/n) 6. Type “y” to allow the download to proceed. 7.
Chapter 2: Configuring the AT-S100 Software For more information about this command, see “UPLOAD TFTP” on page 113. Displaying and Saving Configuration Files This section describes how to display and save configuration files. These files have a “.cfg” suffix. See the following sections: “Displaying the Current Configuration” on page 38 “Saving the Current Configuration” on page 38 Displaying the Current Configuration There are several ways to display the current configuration of the switch.
AT-S100 Management Software User’s Guide Copying Configuration Files You may want to make a copy of a configuration file in order to have a backup copy of the file. This section describes how you can make a copy a configuration file and save it on your switch. Copying a Configuration File Use the CP command to make a copy of a configuration file and save it in the current directory on the switch.
Chapter 2: Configuring the AT-S100 Software Enter the following command to upload a configuration file called “frank2.cfg” from the switch onto a TFTP server with an IP address of 192.58.48.1. The file on the TFTP server is called “at100v103.cfg:” switch# copy frank2.cfg 192.58.48.1 at100v103.cfg For more information about this command, see “COPY DEFAULT.CFG” on page 84. Downloading A Configuration File from an TFTP Server To download a configuration file from a TFTP sever to the switch, use the COPY A.B.
AT-S100 Management Software User’s Guide A port-based VLAN is a group of ports on a Gigabit Ethernet Switch that form a logical Ethernet segment. Each port of a port-based VLAN can belong to only one VLAN at a time. You need to specify which ports will be members of the VLAN. In the case of a tagged VLAN, it is usually a combination of both untagged ports and tagged ports. You specify which ports are tagged and which are untagged when you create the VLAN.
Chapter 2: Configuring the AT-S100 Software Adding Tagged Ports to a VLAN To add tagged ports to a VLAN, you must specify a VLAN that you have created already. You must specify a port in the Interface mode.
AT-S100 Management Software User’s Guide Setting the Ports See the following sections: Displaying Port Ethernet Statistics “Displaying Port Ethernet Statistics” on page 43 “Setting Port Mirroring” on page 43 “Setting Port Speed and Duplex Mode” on page 44 “Enabling and Disabling Ports” on page 45 “Setting MDI and MDIX” on page 45 “Setting Port Security” on page 46 “Creating Static Trunks” on page 49 “Enabling Backpressure” on page 50 “Enabling Flow Control” on page 50
Chapter 2: Configuring the AT-S100 Software switch(config)# interface ge5 switch(config-if)# mirror ge7 direction receive For more information about this command, see “MIRROR INTERFACE DIRECTION” on page 176. Setting Port Speed and Duplex Mode A twisted pair port can operate in either half- or full-duplex mode. (Fullduplex mode is the only mode available when a port is operating at 1000 Mbps.) The twisted pair ports are IEEE 802.3u-compliant and AutoNegotiate the duplex mode setting.
AT-S100 Management Software User’s Guide Enabling and Disabling Ports To enable or disable a port on the switch, use the SHUTDOWN command.
Chapter 2: Configuring the AT-S100 Software To set a port to MDIX, enter the following commands: switch# configure terminal switch(config)# interface ge12 switch(config-if)# mdix mdix For more information about this command, see “MDIX” on page 175. Setting Port Security The Port Security feature is based on assigning and limiting MAC addresses learned by a port.
AT-S100 Management Software User’s Guide Locked Mode A port set to the Locked mode security level immediately stops learning new dynamic MAC addresses and forwards frames using the dynamic MAC addresses it has already learned and any static MAC addresses assigned to it. Ingress frames with an unknown MAC address are discarded.
Chapter 2: Configuring the AT-S100 Software To set the maximum number of MAC addresses to 140 on port 8, enter the following commands: switch# configure terminal switch(config)# interface ge8 switch(config-if)#switchport port-security maximum 140 For more information about this command, see “” on page 189. Assigning Secure MAC Addresses Assigning the predefined MAC addresses that can be learn on a port, allows you to limit the devices that can access the port.
AT-S100 Management Software User’s Guide Setting Port Security Violation The Port Security Violation Feature determines how the AT-S100 software reacts when the number of port secure MAC addresses reaches the maximum value set in the SWITCHPORT PORT-SECURITY MAXIMUM command (see “Setting the Maximum Number of MAC Addresses” on page 47.
Chapter 2: Configuring the AT-S100 Software To display the static port trunk assigned to port 12, enter the following commands: switch# configure terminal switch(config)# interface ge12 switch(config-if)# show static-channel-group9 For more information about this command, see “STATIC-CHANNELGROUP” on page 184. Enabling Backpressure To maintain the orderly movement of data between the end nodes, an Ethernet switch may periodically need to signal an end node to stop sending data.
AT-S100 Management Software User’s Guide receive any more traffic, it notifies another port to stop sending traffic until the condition clears. When the local device detects congestion at its end, it notifies the remote device by sending a pause frame. After the remote device receives a pause frame, the remote device stops sending data packets. Flow control prevents the loss of data packets during the congestion period.
Chapter 2: Configuring the AT-S100 Software switch(config-if)#storm-control broadcast level (0.0100.0) To prevent multicast storms, enter the following commands: switch# configure terminal switch(config)# interface ge2 switch(config-if)# storm-control multicast level (0.0100.0) To configure for destination-lookup-failure traffic, enter the following commands: switch# configure terminal switch(config)# interface ge2 switch(config-if)# storm-control dlf level (0.0-100.
AT-S100 Management Software User’s Guide Configuring Protocols This section describes how to set the protocols that are supported by the AT-S100 Management Software. See the following sections: Setting GVRP “Setting GVRP” on page 53 “Enabling IGMP Snooping” on page 55 “Setting the Link Access Control Protocol (LACP)” on page 56 “Setting 802.
Chapter 2: Configuring the AT-S100 Software To disable the GVRP feature, enter the following commands: switch# configure terminal switch(config)# set gvrp disable For more information about this command, see “SET GVRP” on page 212. Setting the GVRP Applicant State By setting the GVRP applicant state, you permit a port to process GVRP information and transmit PDUs. The GVRP APPLICANT command sets the GID applicant state on a port to active or normal.
AT-S100 Management Software User’s Guide The following commands set GVRP registration to fixed on port 12: switch#configure terminal switch(config)#set gvrp registration fixed ge12 For more information about this command, see “SET GVRP REGISTRATION” on page 215. Setting Join and Leave Timers To set the GARP timers to join or leave a group, use the SET GVRP TIMER command. The syntax of this command is: set gvrp timer join|leave|leaveall <1-65535> ge<1-28> The following commands set the leave timer to 0.
Chapter 2: Configuring the AT-S100 Software Setting the Link Access Control Protocol (LACP) LACP (Link Aggregation Control Protocol) port trunks perform the same function as static trunks. They increase the bandwidth between network devices by distributing the traffic load over multiple physical links. The advantage of an LACP trunk over a static port trunk is its flexibility.
AT-S100 Management Software User’s Guide using an unattended workstation to access your network resources. Only those users designated as valid network users on the RADIUS server are permitted to use the switch to access the network. The switch implements the server side of the IEEE 802.1x Port-based and MAC-based Network Access Control. This feature allows only authorized users, or their network devices, access to network resources by establishing criteria for each interface on the switch.
Chapter 2: Configuring the AT-S100 Software For more information about the 802.1x commands, see Chapter 6, “802.1x Access Control Commands” on page 197. Configuring RADIUS Authentication For those networks managed by just one or two network managers, you might not need any additional accounts. In the case of larger networks that are managed by several network managers, you may want to give each manager his or her own management login account for a switch rather than have them share an account.
AT-S100 Management Software User’s Guide Setting RADIUS Authentication To set RADIUS authentication with a RADIUS-server host of 192.168.1.30, a shared secret key of “Encrypt112,” and RADIUS password checking turned on, enter the following commands: switch# configure terminal switch(config)# radius-server host 192.168.1.30 authport 1812 switch(config)# radius-server key Encrypt112 switch(config)# line console 0 switch(config-line)# login remotelocal For more information about the 802.
Chapter 2: Configuring the AT-S100 Software To disable the SNMP protocol, enter the following commands: switch# configure terminal switch(config)# no snmp-server enable For more information about this command, see “SNMP-SERVER ENABLE” on page 232. Creating an SNMP Contact Name The SNMP contact name is a person who is to be contacted in case of questions about your SNMP implementation, an email address, or an IP address for the SNMP system.
AT-S100 Management Software User’s Guide To create an SNMP community called public with an access level of Read only, enter the following commands: switch# configure terminal switch(config)# snmp-server community public ro For more information about this command, see “SNMP-SERVER COMMUNITY” on page 228. Adding Management and Trap Receiver Addresses A trap is a signal sent to one or more management workstations by the switch to indicate the occurrence of a particular operating event on the device.
Chapter 2: Configuring the AT-S100 Software Setting the Secure Shell Secure management is increasingly important in modern networks, as the ability to easily and effectively manage switches and the requirement for security are two universal requirements. Switches are often remotely managed using remote sessions via the Telnet protocol. This method, however, has a serious security problem—it is only protected by plaintext usernames and passwords which are vulnerable to wiretapping and password guessing.
AT-S100 Management Software User’s Guide blocked to prevent data loops, or activated to maintain communications between the various network segments. This is the process of convergence. With STP, convergence can take up to a minute to complete in a large network. This can result in the loss of communication between various parts of the network during the convergence process, and the subsequent lost of data packets. RSTP is much faster.
Chapter 2: Configuring the AT-S100 Software The syntax of this command is: show spanning-tree To display the current spanning tree settings for the STP mode, enter the following commands: switch# configure terminal switch(config)# spanning-tree mode stp switch(config)# show spanning-tree For more information about this command including a display, see “SHOW SPANNING-TREE” on page 244.
AT-S100 Management Software User’s Guide The following commands set the spanning-tree priority on the switch to 8,192: switch#configure terminal switch(config)#spanning-tree priority 8192 For more information about this command, see “SPANNING-TREE PRIORITY” on page 255. Setting the Max Age The max-age is the maximum time, in seconds, which a message is considered valid (if a bridge is the root bridge). This setting prevents the frames from looping indefinitely. This value is used by all instances.
Chapter 2: Configuring the AT-S100 Software occur, the current bridge must be the root bridge. A very low value of this command leads to excessive traffic on the network, while a higher value delays the detection of topology change. This value is used by all instances.
AT-S100 Management Software User’s Guide The syntax of this command is: spanning-tree portfast bpdu-guard default The following commands enable the BPDU Guard feature on a bridge: switch#configure terminal switch(config)#spanning-tree portfast bpdu-guard For more information about this command, see “SPANNING-TREE PORTFAST BPDU-GUARD DEFAULT” on page 254. Configuring 802.
Chapter 2: Configuring the AT-S100 Software switch(config)# interface ge18 switch(config-if)# user-priority 4 For more information about this command, see “USER-PRIORITY” on page 193. To assign a weight of 10 to queue 3, use the following commands: switch# configure terminal switch(config)# mls qos 0 0 0 0 0 0 10 0 0 0 0 0 0 0 0 0 Note Repeat the MLS QOS command for each queue. For more information about this command, see “MLS QOS” on page 143.
Section I Command Modes The chapters in this section provide information and procedures for basic switch setup using the AT-S100 Management Software.
Section I: Command Modes
Chapter 3 Privileged Executive Mode Commands This chapter describes the commands in the Privileged Executive mode which are used to perform general switch functions such as copying configuration file and displaying interface and MAC address table information.
Chapter 3: Privileged Executive Mode Commands Note For VLAN-specific commands, see Chapter 11, “Virtual Local Area Networks (VLAN) Commands” on page 257.
AT-S100 Management Software User’s Guide CLEAR MAC ADDRESS-TABLE DYNAMIC Syntax clear mac address-table dynamic|address HHHH.HHHH.HHHH |interface ge<1-28>|vlan VID Parameters address Specifies a MAC address in the following format: HHHH.HHHH.HHHH interface Specifies the name of an interface. There are 28 ports on the 9000/28 and 9000/28SP switches. To specify a port, precede the port number with “ge.” VID Specifies the VLAN ID. Use a value between 1 and 4094.
Chapter 3: Privileged Executive Mode Commands Related Commands “CLEAR MAC ADDRESS-TABLE MULTICAST” on page 75 “CLEAR MAC ADDRESS-TABLE STATIC” on page 77 74 Section I: Command Modes
AT-S100 Management Software User’s Guide CLEAR MAC ADDRESS-TABLE MULTICAST Syntax clear mac address-table multicast|address MACADDR |interface ge<1-28>|vlan VID Parameters address Specifies a multicast MAC address in the following format: HHHH.HHHH.HHHH interface Specifies the name of an interface. There are 28 ports on the 9000/28 and 9000/28SP switches. To specify a port, precede the port number with “ge.” VID Specifies the VLAN ID. Use a value between 1 and 4094.
Chapter 3: Privileged Executive Mode Commands Related Commands “CLEAR MAC ADDRESS-TABLE DYNAMIC” on page 73 “CLEAR MAC ADDRESS-TABLE STATIC” on page 77 76 Section I: Command Modes
AT-S100 Management Software User’s Guide CLEAR MAC ADDRESS-TABLE STATIC Syntax clear mac address-table static|address HHHH.HHHH.HHHH |interface ge<1-28>|vlan VID Parameters address Specifies a MAC address in the following format: HHHH.HHHH.HHHH interface Specifies the name of an interface. There are 28 ports on the 9000/28 and 9000/28SP switches. To specify a port, precede the port number with “ge.” VID Specifies the VLAN ID. Use a value between 1 and 4094.
Chapter 3: Privileged Executive Mode Commands Related Commands “CLEAR MAC ADDRESS-TABLE DYNAMIC” on page 73 “CLEAR MAC ADDRESS-TABLE MULTICAST” on page 75 78 Section I: Command Modes
AT-S100 Management Software User’s Guide CONFIGURE TERMINAL Syntax configure terminal Parameters none Description Use this command to enter the Configuration Terminal command mode. After you enter this command, the command prompt changes to “(config)#” to indicate the new mode. To exit the Configure Terminal command mode, enter EXIT or CTRL Z. For a description of the Configuration Terminal mode, see “Configuration Terminal Mode” on page 19.
Chapter 3: Privileged Executive Mode Commands To use the abbreviated form of the CONFIGURE TERMINAL command mode, enter the following command: switch#config t The prompt changes to: Switch(config)# Related Commands none 80 Section I: Command Modes
AT-S100 Management Software User’s Guide COPY Syntax copy running-config startup-config Parameters running-config Indicates the running configuration file. startup-config Indicates the start-up configuration file. Description Use the COPY command to save your current configuration to the start-up configuration file, called “startup-config,” on the switch.
Chapter 3: Privileged Executive Mode Commands COPY A.B.C.D Syntax copy A.B.C.D SCRFILENAME DESTFILENAME Parameters A.B.C.D Indicates an IP address in the following format: xxx.xxx.xxx.xxx SRCFILENAME Indicates the name of the source configuration file. This file name must end with the “.cfg” suffix. DESTFILENAME Indicates the name of the destination configuration file. This file name must end with the “.cfg” suffix. Description Use the COPY A.B.C.
AT-S100 Management Software User’s Guide “COPY DEFAULT.
Chapter 3: Privileged Executive Mode Commands COPY DEFAULT.CFG Syntax copy default.cfg A.B.C.D FILENAME Parameters default.cfg Indicates the name of the source configuration file. This file name must end with the “.cfg” suffix. A.B.C.D Indicates an IP address in the following format: xxx.xxx.xxx.xxx FILENAME Indicates the name of the destination configuration file. This file name must end with the “.cfg” suffix. Description Use the COPY DEFAULT.
AT-S100 Management Software User’s Guide “COPY A.B.C.
Chapter 3: Privileged Executive Mode Commands CP Syntax cp source-file new-file Parameters source-file Indicates the source configuration file. new-file Indicates the new file which becomes a copy of the source file. Description Use the CP command to make a copy of a configuration file and save it in the current directory on the switch.
AT-S100 Management Software User’s Guide DOWNLOAD TFTP Syntax download tftp A.B.C.D FILENAME Parameters A.B.C.D Indicates the IP address of an TFTP server. Specify the IP address in the following format: xxx.xxx.xxx.xxx FILENAME Specifies the filename of an image (.img) file. Description Use this command to download an image file from an TFTP server onto the switch. For example, you may want to use this command to download the latest version of the AT-S100 software onto your switch.
Chapter 3: Privileged Executive Mode Commands EXIT Syntax exit Parameters none Description Use the EXIT command to quit the Configuration Terminal mode and enter the Privileged Executive mode. After you enter this command, the prompt changes to “Switchname#” to indicate the Privileged Executive mode.
AT-S100 Management Software User’s Guide LOGOUT Syntax logout Parameters none Description Use the LOGOUT command to quit the Privileged Executive mode and log out of the software.
Chapter 3: Privileged Executive Mode Commands SHOW INTERFACE Syntax show interface IFNAME ge<1-28> Parameters IFNAME Specifies the name of an interface. There are 28 ports on the AT-9000/28 and AT-9000/28SP switches. To specify a port, precede the port number with “ge.” Description Use the SHOW INTERFACE command to display the configuration and status of an interface. If you do not specify an interface, this command displays the status of all the interfaces.
AT-S100 Management Software User’s Guide Related Commands “SHOW MAC ADDRESS-TABLE INTERFACE” on page 98 Section I: Command Modes 91
Chapter 3: Privileged Executive Mode Commands SHOW MAC ADDRESS-TABLE Syntax show mac address-table Parameters none Description Use the SHOW MAC ADDRESS-TABLE command to display the status of the static and dynamic MAC addresses assigned to the switch. For procedures to configure and display the MAC addresses, see “Displaying and Setting MAC Addresses” on page 32.
AT-S100 Management Software User’s Guide See Figure 3 for an example display. (switch3)# show mac address-table Mac Address Table --------------------------------------------------------------Vlan MAC Address Type Ports Forward --------------------------1 0100.5e7f.fffa STATIC ge1 1 1 0000.cd14.6448 DYNAMIC ge1 1 1 0000.f4d8.3534 DYNAMIC ge1 1 1 0004.5a5e.6fd3 DYNAMIC ge1 1 1 0006.5ba3.67d6 DYNAMIC ge1 1 5 0006.5bb2.6589 DYNAMIC ge8 1 5 0006.5bdd.6c69 DYNAMIC ge8 1 5 0008.749c.101a DYNAMIC ge8 1 5 0008.
Chapter 3: Privileged Executive Mode Commands SHOW MAC ADDRESS-TABLE AGEING-TIME Syntax show mac address-table ageing-time Parameters none Description Use the SHOW MAC ADDRESS-TABLE AGEING-TIME command to display the aging time of MAC addresses assigned to the switch. By default, this value is set to 300 seconds (5 minutes). The switch uses the aging timer to delete inactive dynamic MAC addresses from the MAC address table.
AT-S100 Management Software User’s Guide Related Commands “SHOW MAC ADDRESS-TABLE” on page 92 “SHOW MAC ADDRESS-TABLE DYNAMIC” on page 96 “SHOW MAC ADDRESS-TABLE INTERFACE” on page 98 “SHOW MAC ADDRESS-TABLE STATIC” on page 100 “SHOW MAC ADDRESS-TABLE VLAN” on page 102 Section I: Command Modes 95
Chapter 3: Privileged Executive Mode Commands SHOW MAC ADDRESS-TABLE DYNAMIC Syntax show mac address-table dynamic | begin|exclude|include|redirect Parameters dynamic Indicates the dynamic MAC addresses. | Specifies output variables. Choose from the following options: begin Indicates to begin with a line that matches. exclude Specifies to exclude lines that match. include Specifies to include lines that match. redirect Indicates to redirect the output.
AT-S100 Management Software User’s Guide See Figure 6 for a sample display. (switch3)# show mac address-table dynamic Mac Address Table --------------------------------------------------------------Vlan MAC Address Type Ports Forward --------------------------1 0000.cd14.6448 DYNAMIC ge3 1 1 0000.f4d8.3534 DYNAMIC ge3 1 1 0004.5a5e.6fd3 DYNAMIC ge3 1 1 0006.5ba3.67d6 DYNAMIC ge3 1 1 0006.5bb2.6589 DYNAMIC ge3 1 1 0006.5bdd.6c69 DYNAMIC ge3 1 1 0008.749c.101a DYNAMIC ge3 1 1 0008.74a2.
Chapter 3: Privileged Executive Mode Commands SHOW MAC ADDRESS-TABLE INTERFACE Syntax show mac address-table interface ge<1-28> Parameters interface Specifies the name of an interface. There are 28 ports on the 9000/28 and 9000/28SP switches. To specify a port, precede the port number with “ge.” Description Use the SHOW MAC ADDRESS-TABLE INTERFACE command to display the status of the static and dynamic MAC addresses assigned to a port.
AT-S100 Management Software User’s Guide See Figure 6 for an example display. (switch3)# show mac address-table interface ge3 Mac Address Table --------------------------------------------------------------Vlan MAC Address Type Ports Forward --------------------------1 0100.5e7f.fffa STATIC ge3 1 1 0000.cd14.6448 DYNAMIC ge3 1 1 0000.f4d8.3534 DYNAMIC ge3 1 1 0004.5a5e.6fd3 DYNAMIC ge3 1 1 0006.5ba3.67d6 DYNAMIC ge3 1 1 0006.5bb2.6589 DYNAMIC ge3 1 1 0006.5bdd.6c69 DYNAMIC ge3 1 1 0008.749c.
Chapter 3: Privileged Executive Mode Commands SHOW MAC ADDRESS-TABLE STATIC Syntax show mac address-table static | (begin|exclude|include|redirect) > WORD Parameters static Indicates the static MAC addresses. | Specifies output variables. Choose from the following options: > begin Indicates to begin with a line that matches. exclude Specifies to exclude lines that match. include Specifies to include lines that match. redirect Indicates to redirect the output.
AT-S100 Management Software User’s Guide See Figure 7 for an example display. (switch3)# show mac address-table static Mac Address Table --------------------------------------------------------------Vlan MAC Address Type Ports Forward --------------------------1 0100.5e7f.fffa STATIC ge3 1 (switch3)# Figure 7. SHOW MAC ADDRESS-TABLE STATIC The fields in Figure 8 are defined in the following list: vlan. This field indicates the VLAN ID. MAC Address.
Chapter 3: Privileged Executive Mode Commands SHOW MAC ADDRESS-TABLE VLAN Syntax show mac address-table vlan <1-4094> Parameters vlan Specifies a VLAN ID. Enter a value between 1 and 4094. Description Use the SHOW MAC ADDRESS-TABLE VLAN command to display the status of both the static and dynamic MAC addresses assigned to the switch. For procedures to configure and display the MAC addresses, see “Displaying and Setting MAC Addresses” on page 32.
AT-S100 Management Software User’s Guide (switch3)# show mac address-table vlan 1 Mac Address Table --------------------------------------------------------------Vlan MAC Address Type Ports Forward --------------------------1 0100.5e7f.fffa STATIC ge1 1 1 0000.cd14.6448 DYNAMIC ge1 1 1 0000.f4d8.3534 DYNAMIC ge1 1 1 0004.5a5e.6fd3 DYNAMIC ge1 1 1 0006.5ba3.67d6 DYNAMIC ge1 1 1 0006.5bb2.6589 DYNAMIC ge8 1 1 0006.5bdd.6c69 DYNAMIC ge8 1 1 0008.749c.101a DYNAMIC ge8 1 1 0008.74a2.04c2 DYNAMIC ge8 1 1 0008.
Chapter 3: Privileged Executive Mode Commands SHOW RUNNING-CONFIG INTERFACE Syntax show running-config interface INTERFACE Parameters IFNAME Specifies the name of an interface. There are 28 ports on the AT-9000/28 and AT-9000/28SP switches. To specify a port, precede the port number with “ge.” To specify a VLAN, use the VLAN ID. Note Do not mix interface types in a list. Also, the specified interfaces must exist.
AT-S100 Management Software User’s Guide To display the status of the current running configuration of a switch for VLAN 2: switch#show running-config interface vlan2 See Figure 13 for an example display. (switch3)# show running-config interface vlan2 ! interface vlan2 ! Figure 10.
Chapter 3: Privileged Executive Mode Commands SHOW SPANNING-TREE Syntax show spanning-tree interface INTERFACE Parameters IFNAME Specifies the name of an interface. There are 28 ports on the AT-9000/28 and AT-9000/28SP switches. To specify a port, precede the port number with “ge.” Description Use the SHOW SPANNING-TREE command to display the status of the active spanning tree protocol on the specified port. For procedures to configure the spanning tree protocols, see “Setting STP and RSTP” on page 62.
AT-S100 Management Software User’s Guide (switch3)# show spanning-tree interface ge1 % 1: Bridge up - Spanning Tree Disabled % 1: Root Path Cost 0 - Root Port 0 - Bridge Priority 32768 % 1: Forward Delay 15 - Hello Time 2 - Max Age 20 % 1: Root Id 80000012341212ab % 1: Bridge Id 80000012341212ab % 1: last topology change Sat Jan 1 00:00:18 2008 % 1: portfast bpdu-filter disabled % 1: portfast bpdu-guard disabled % 1: portfast errdisable timeout disabled % 1: portfast errdisable timeout interval 300 sec % 1
Chapter 3: Privileged Executive Mode Commands Related Commands See Chapter 10, “Spanning Tree Protocol (STP) Commands” on page 243.
AT-S100 Management Software User’s Guide SHOW STATIC-CHANNEL-GROUP Syntax show static-channel-group Parameters none Description Use the SHOW STATIC-CHANNEL-GROUP command to display the static-channel groups configured on the switch. For a procedure to set create static port trunks, see “Creating Static Trunks” on page 49.
Chapter 3: Privileged Executive Mode Commands SHOW USER-PRIORITY Syntax show user-priority interface INTERFACE Parameters IFNAME Specifies the name of an interface. There are 28 ports on the AT-9000/28 and AT-9000/28SP switches. To specify a port, precede the port number with “ge.” Description Use the SHOW USER-PRIORITY command to display the user priority value on the specified port.
AT-S100 Management Software User’s Guide SYSTEM FACTORY-RESET Syntax system factory-reset Parameters none Description Use the SYSTEM FACTORY-RESET command to reset the AT-S100 software to the factory default settings. When you enter this command, you will lose the running configuration. Caution Before you enter this command, you may want to copy your current configuration. See “COPY” on page 81.
Chapter 3: Privileged Executive Mode Commands SYSTEM REBOOT Syntax system reboot Parameters none Description Use the SYSTEM REBOOT command to reboot the switch.
AT-S100 Management Software User’s Guide UPLOAD TFTP Syntax upload tftp A.B.C.D WORD Parameters A.B.C.D Indicates an IP address in the following format: xxx.xxx.xxx.xxx WORD Indicates the file name of the image (.img) file on the TFTP server after you have set the UPLOAD command. Description Use the UPLOAD TFTP command to upload the image file from the switch onto an TFTP server. For example, you may want to use this command to create a backup copy of the AT-S100 software.
Chapter 3: Privileged Executive Mode Commands The switch displays the following which indicates a successful upload operation: TFTP IP 192.58.48.10, file name at100v103.img Related Commands “COPY” on page 81 “COPY DEFAULT.
Chapter 4 Configuration Terminal Mode Commands The commands in this chapter are accessed through the Configuration Terminal mode. The commands in this mode allow you to configure debugging, MAC addresses, and Network Time Protocol (NTP) commands.
Chapter 4: Configuration Terminal Mode Commands “SHOW RUNNING-CONFIG COMMUNITY-LIST” on page 158 “SHOW RUNNING-CONFIG INTERFACE” on page 160 “USERNAME” on page 162 Note For GVRP-specific commands, see Chapter 7, “GVRP Commands” on page 211 Note For VLAN-specific commands, see Chapter 11, “Virtual Local Area Networks (VLAN) Commands” on page 257.
AT-S100 Management Software User’s Guide CLOCK SUMMER-TIME RECURRING Syntax clock summer-time ZONENAME recurring START-WEEK STARTDAY START-MONTH START-TIME END-WEEK END-DAY END-MONTH END-TIME <1-180> no clock summer-time Parameters Section I: Command Modes ZONENAME Describes the summertime zone, up to 6 characters long. recurring Specifies that this summertime setting applies every year from now on. START-WEEK Indicates the week of the month when summertime starts in the range of 1 to 5.
Chapter 4: Configuration Terminal Mode Commands END-MONTH Specifies the month that summer time ends. Use the first three letters of each month to indicate the name of a month. Valid values are “jan, “feb,” “mar,” “apr,” “may,” “jun,” “apr,” “may,” “jun,” “jul,” “aug,” “sep,” “oct,” “nov,” and “dec.” END-TIME Indicates the time of day that summer time end in 24hour format: HH:MM where H represents hours and M represents minutes. <1-180> Indicates the time offset in minutes.
AT-S100 Management Software User’s Guide CLOCK TIMEZONE Syntax clock timezone minus|plus <0-12> no clock timezone Parameters timezone Specifies a description of the timezone up to 6 characters in length. minus Indicates the timezone is behind UTC. plus Indicates the timezone is ahead of UTC. <0-12> Specifies the offset, in hours, from UTC. Description Use the CLOCK TIMEZONE command to define the clock timezone in hours. The timezone is set as an offset to the UTC of up to 12 hours.
Chapter 4: Configuration Terminal Mode Commands To return the time zone to UTC with no offsets, use the following commands: switch#configure terminal switch(config)#no clock timezone Related Commands “CLOCK SUMMER-TIME RECURRING” on page 117 120 Section I: Command Modes
AT-S100 Management Software User’s Guide CRYPTO KEY GENERATE USERKEY Syntax crypto key generate userkey USERNAME rsa <768-32768> no crypto key generate userkey Parameters USERNAME Specifies the name of the user. This parameter must begin with a letter. Valid characters are all numbers, letters, and underscores, hyphens, and periods. rsa Creates an RSA userkey for SSH version 2 connections. <768-32768> The length, in bits, of the generated key. The default is 1,024 bits.
Chapter 4: Configuration Terminal Mode Commands To generate an RSA user key for a user named “lapo,” use the following commands: switch#configure terminal switch(config)#crypto key generate userkey lapo rsa Related Commands none 122 Section I: Command Modes
AT-S100 Management Software User’s Guide DOT1X SYSTEM-AUTH-CTRL Syntax dot1x system-auth-ctrl Parameters system-auth-ctrl Enable global interface authentication. Description Use the DOT1X SYSTEM-AUTH-CTRL command to enable authentication globally on interfaces 1 through 28. Global authentication is disabled by default. Command Mode Configuration Terminal mode Example The following commands enable 802.
Chapter 4: Configuration Terminal Mode Commands ENABLE PASSWORD Syntax enable password (8) LINE Parameters 8 Specifies a hidden password will follow. This is an optional parameter. LINE Specifies a password for the Privileged Executive Mode. Enter an alphanumeric value. Description Use the ENABLE PASSWORD command to assign a password for the commands in the Privileged Executive mode. By default, there is no password assigned for this mode.
AT-S100 Management Software User’s Guide ENABLE SECRET Syntax enable secret (8) LINE Parameters 8 Specifies a hidden password will follow. This is an optional parameter. LINE Specifies a password for the Privileged Executive Mode. Enter an alphanumeric value. Description Use the ENABLE SECRET command to assign a privileged-level password, or secret. By default, there is no secret assigned. For information about the Privileged Executive mode commands, see “Privileged Executive Command Mode” on page 18.
Chapter 4: Configuration Terminal Mode Commands EXIT Syntax exit Parameters none Description Use the EXIT command to quit the Configuration Terminal mode and enter the Privileged Executive mode. After you enter this command, the prompt changes to “Switchname#” to indicate the Privileged Executive mode.
AT-S100 Management Software User’s Guide HELP Syntax help Parameters none Description Use this command to display information about the CLI. The HELP command provides information about the current parameter. There are two forms of the HELP command: Full help is available when you enter a command followed by a space and the question mark (?). This displays all of the parameters for the command.
Chapter 4: Configuration Terminal Mode Commands HOSTNAME Syntax hostname NAME Parameters NAME Specifies the name of the switch. Enter a value between 1 and 63 alphanumeric characters. Names must start with a letter and end with a letter or digit. Within the interior of the name, there must only be letters, digits, and hyphens. Description Use the HOSTNAME command to assign a name to the switch. Enter a value between 1 and 63 alphanumeric characters. The name must follow the rules for ARPNET host names.
AT-S100 Management Software User’s Guide INTERFACE Syntax interface IFNAME Parameters IFNAME Specifies the name of an interface. There are 28 ports on the AT-9000/28 and AT-9000/28SP switches. To specify a port, precede the port number with “ge.” Description Use the INTERFACE command to access the Interface Configuration command mode for the interface specified. After you enter the INTERFACE command, “-if” is added to the prompt.
Chapter 4: Configuration Terminal Mode Commands switch(config)#interface vlan1 switch(config-if)# Related Commands “SHOW MAC ADDRESS-TABLE INTERFACE” on page 98 130 Section I: Command Modes
AT-S100 Management Software User’s Guide IP IGMP SNOOPING Syntax ip igmp snooping no ip igmp snooping Description Use the IP IGMP SNOOPING command to enable IGMP Snooping on the switch. When you enter this command at the Configuration Terminal mode, IGMP Snooping is enabled on the switch. By default, the IP IGMP Snooping feature is enabled. Use the no parameter with this command to globally disable IGMP Snooping for the specified interface.
Chapter 4: Configuration Terminal Mode Commands IP ROUTE Syntax ip route (GATEWAYIP|INTERFACE) no ip route (GATEWAYIP|INTERFACE) Parameters GATEWAYIP Indicates the IPV4 address and subnet mask of the gateway device in the following format: 000.000.000/0 INTERFACE Specifies a the name of the interface (in the range of ge1 through ge28) that connects your device to the network. Description Use the IP ROUTE command to add a gateway address to the switch.
AT-S100 Management Software User’s Guide IP SSH RSA KEYPAIR-NAME Syntax ip ssh rsa keypair-name WORD no ip ssh rsa keypair-name Parameters WORD Specifies a name of an RSA keypair. Description Use the IP SSH RSA KEYPAIR-NAME command to set the name of an RSA keypair. Use the no form of this command to remove an RSA keypair.
Chapter 4: Configuration Terminal Mode Commands IP SSH VERSION Syntax ip ssh version 1|2 no ip ssh version 1|2 Parameters version Indicates the SSH version number. Choose from the following options: 1 Specifies SSH version 1. 2 Specifies SSH version 2. Description Use the IP SSH VERSION command to set the SSH protocol version number. Use the no form of this command to set the SSH version number to its default value.
AT-S100 Management Software User’s Guide LINE CONSOLE Syntax line console 0 Parameters none Description The LINE CONSOLE command sets the console configuration and enters the Line mode. The primary terminal line is set to line number 0. After you enter this command, the prompt changes to “switch(config-line)#” to indicate the Line mode. For more information about the LINE mode, see “Line Mode Commands” on page 22.
Chapter 4: Configuration Terminal Mode Commands LINE VTY Syntax line vty FIRST <0-871> LAST <0-871> no line vty FIRST <0-871> LAST <0-871> Parameters FIRST Specifies the first line number. Enter a value between 0 and 871. LAST Specifies the last line number. Enter a value between 0 and 871. Description Use the LINE VTY command to Telnet from the serial port to the RTM or to any protocol daemon. This command is necessary for all Telnet sessions.
AT-S100 Management Software User’s Guide To disable Telnet and web server sessions, enter the following commands: switch#configure terminal switch(config)#line vty 0 4 Related Commands “LINE CONSOLE” on page 135 “SHOW RUNNING-CONFIG” on page 153 Section I: Command Modes 137
Chapter 4: Configuration Terminal Mode Commands MAC ADDRESS-TABLE AGEING-TIME Syntax mac address-table ageing-time <10-1000000> no mac address-table ageing-time Parameters ageing-time Indicates the ageing time in seconds. Choose a value between 10 and 1,000,000 seconds. The default is 300 seconds. Description Use the MAC ADDRESS-TABLE AGEING-TIME command to specify the ageing time for an entry in a MAC address table. Use the no form to reset this parameter.
AT-S100 Management Software User’s Guide MAC ADDRESS-TABLE STATIC DISCARD Syntax mac address-table static MAC discard interface IFNAME vlan VLANID no mac address-table static Parameters MAC Indicates the static MAC address in the following format: MMMM.MMMM.MMMM IFNAME Specifies the name of an interface. There are 28 ports on the AT-9000/28 and AT-9000/28SP switches. To specify a port, precede the port number with “ge.” VLANID Indicates the VLAN interface. Enter a value between 2 and 4,094.
Chapter 4: Configuration Terminal Mode Commands Related Commands “MAC ADDRESS-TABLE STATIC FORWARD” on page 141 “MAC ADDRESS-TABLE AGEING-TIME” on page 138 “SHOW MAC ADDRESS-TABLE” on page 92 140 Section I: Command Modes
AT-S100 Management Software User’s Guide MAC ADDRESS-TABLE STATIC FORWARD Syntax mac address-table static MAC forward interface IFNAME vlan VLANID no mac address-table static Parameters MAC Indicates the static MAC address in the following format: MMMM.MMMM.MMMM IFNAME Specifies the name of an interface. There are 28 ports on the AT-9000/28 and AT-9000/28SP switches. To specify a port, precede the port number with “ge.” VLANID Indicates the VLAN interface. Enter a value between 2 and 4094.
Chapter 4: Configuration Terminal Mode Commands Related Commands “MAC ADDRESS-TABLE AGEING-TIME” on page 138 “MAC ADDRESS-TABLE STATIC DISCARD” on page 139 “SHOW MAC ADDRESS-TABLE” on page 92 142 Section I: Command Modes
AT-S100 Management Software User’s Guide MLS QOS Syntax mls qos <0-10> <0-7>|<0-10> <0-7>|<0-10> <0-7>| <0-10> <0-7>|<0-10> <0-7>|0-10> <0-7>|<0-10> <0-7>|<010> <0-7>| Parameters Section I: Command Modes <0-10> Specifies the weight for queue 0, where 0 indicates strict priority. <0-7> Specifies the priority for queue 0, where 0 indicates strict priority. <0-10> Specifies the weight for queue 1, where 0 indicates strict priority.
Chapter 4: Configuration Terminal Mode Commands <0-7> Specifies the priority for queue 6, where 0 indicates strict priority. <0-10> Specifies the weight for queue 7, where 0 indicates strict priority. <0-7> Specifies the priority for queue 7, where 0 indicates strict priority. Description The MLS QOS command to define queues for the Quality of Service feature. This command configures the default queues for any packet arriving on the specified interface. You must configure all of the queues.
AT-S100 Management Software User’s Guide NTP AUTHENTICATE Syntax ntp authenticate no ntp authenticate Parameters none Description Use the NTP AUTHENTICATE command to enable authentication of the Network Time Protocol (NTP) time source. By default, this command is disabled. To disable NTP authentication on the switch, use the no form of this command. For procedures to configure NTP, see “Setting the Network Time” on page 29.
Chapter 4: Configuration Terminal Mode Commands NTP AUTHENTICATION-KEY Syntax ntp authentication-key KEYNUMBER <1-4294967295> md5 KEY no ntp authentication-key KEYNUMBER <1-4294967295> Parameters KEYNUMBER Specifies a key number. Choose a value between 1 and 4,294,967,295. This key indicates a trusted time source. MD5 Indicates MD5 (message digest algorithm 5) authentication. KEY Specifies the name of an authentication key.
AT-S100 Management Software User’s Guide Related Commands “NTP AUTHENTICATE” on page 145 “NTP TRUSTED-KEY” on page 150 Section I: Command Modes 147
Chapter 4: Configuration Terminal Mode Commands NTP SERVER Syntax ntp server WORD prefer|version <1-4>|key <14294967295> Parameters WORD Indicates the IP address of the NTP server. Use the following format: xxx.xxx.xxx.xxx prefer Specifies the software prefers this peer when possible. version Indicates the NTP version. Specify versions 1 through 4. key Indicates the peer key number that permits access to the specified NTP server.
AT-S100 Management Software User’s Guide switch(config)#ntp server 198.11.1.9 Translating “198.11.1.9”...
Chapter 4: Configuration Terminal Mode Commands NTP TRUSTED-KEY Syntax ntp trusted-key <1-4294967295> no ntp trusted-key <1-4294967295> Parameters none Description Use the NTP TRUSTED-KEY command to specify a key number for a trusted time source. You must first define a key number with the NTP AUTHENTICATION-KEY command. Enter a value between 1 and 4294967295. By default, no trusted keys are defined. To disable the authentication of a device, use the no form of this command.
AT-S100 Management Software User’s Guide SHOW LIST Syntax show list Parameters none Description Use the SHOW LIST command to display a list of all the commands available in the current mode. The display of the SHOW LIST command is often more than one page. To advance the display to the next line, press ENTER. To advance the display to the next page, press ESC.
Chapter 4: Configuration Terminal Mode Commands (switch3)#show list boot config-file WORD cat WORD clear arp-cache clear counters IFNAME clear gmrp statistics all clear gmrp statistics vlanid <1-4094> clear gvrp statistics IFNAME clear gvrp statistics all clear gvrp statistics all clear ipmg clear ipmg group * clear ipmg group A.B.C.D clear ipmg group A.B.C.D IFNAME --More-- Figure 14.
AT-S100 Management Software User’s Guide SHOW RUNNING-CONFIG Syntax show running-config Parameters none Description Use the SHOW RUNNING-CONFIG command to display information about the system. The display of the RUNNING-CONFIG command is often more than one page. To advance the display to the next line, press ENTER. To advance the display to the next page, press ESC.
Chapter 4: Configuration Terminal Mode Commands This command displays a variety of switch parameters. An example of page 1 of the display is shown in Figure 15.
AT-S100 Management Software User’s Guide See Figure 16 for page 2 of the SHOW RUNNING-CONFIG command display. interface ge4 static-channel-groups interface ge5 static-channel-group4 interface ge6 user-priority 7 interface ge7 mtu 1518 interface ge8 ! interface ge9 ! interface ge10 ! !interface ge11 ! interface ge12 ! interface ge13 ! interface ge14 --More-- Figure 16.
Chapter 4: Configuration Terminal Mode Commands See Figure 17 for page 3 of the SHOW RUNNING-CONFIG command display. interface ge15 ! interface ge16 ! interface ge17 ! interface ge18 ! interface ge19 ! interface ge20 ! interface ge21 ! !interface ge22 ! interface ge23 ! interface ge24 ! interface ge25 --More-- Figure 17.
AT-S100 Management Software User’s Guide See Figure 18 for page 4 of the SHOW RUNNING-CONFIG command display. interface ge26 ! interface ge27 ! interface lo ip address 127.0.0.1/8 shutdown ! interface vlan1 ip address 192.10.4.110/8 ! no snmp-server enable trap snmp auth no spanning-tree rstp enable forward ! clock summer-time PDT recurring 2 sun mar 02:00 1 sun nov 02:00 line con 0 login local line vty 0 4 login local ! end --More-- Figure 18.
Chapter 4: Configuration Terminal Mode Commands SHOW RUNNING-CONFIG COMMUNITY-LIST Syntax show running-config community-list Parameters show running-config ip igmp snooping (> WORD) | (|begin|exclude|include|redirect LINE) Parameters > Indicates the output redirection. Specify the following: WORD Indicates the name of the file that the output is redirected to. | Indicates the output redirection. Specify the following: begin Indicates to begin with a line that matches.
AT-S100 Management Software User’s Guide Related Commands “SHOW RUNNING-CONFIG” on page 153 “SNMP-SERVER VIEW” on page 241 Section I: Command Modes 159
Chapter 4: Configuration Terminal Mode Commands SHOW RUNNING-CONFIG INTERFACE Syntax show running-config interface INTERFACE Parameters IFNAME Specifies the name of an interface. There are 28 ports on the AT-9000/28 and AT-9000/28SP switches. To specify a port, precede the port number with “ge.” Note Do not mix interface types in a list. Also, the specified interfaces must exist.
AT-S100 Management Software User’s Guide See Figure 19 for an example display. (switch3)# show running-config interface vlan2 ! interface vlan1 ip address 192.10.8.1 Figure 20.
Chapter 4: Configuration Terminal Mode Commands USERNAME Syntax username WORD privilege <1-15> password LINE <8> Parameters WORD Specifies a user name. privilege Specifies a user privilege level. Enter a value between 1 and 15. Values 1 through 14 provide operator privileges. Value 15 provides an administrator, or manager, privileges. LINE Specifies a password for an administrator or manager. Enter an alphanumeric value between 1 and 8 characters in length.
Chapter 5 Interface Configuration Mode Commands This chapter provides descriptions of the commands in the Interface Configuration mode which can access either a port or a vlan interface. For more information about this mode, see “Interface Configuration Command Mode” on page 20.
Chapter 5: Interface Configuration Mode Commands Note For information about the port security commands which are also in the Interface Configuration mode, see Chapter 8, “Port Security Commands” on page 219.
AT-S100 Management Software User’s Guide CHANNEL-GROUP Syntax channel-group <1-10> mode active|passive no channel-group Parameters <1-10> Specifies a channel group. Enter a value between 1 and 10. mode Specifies the status of LACP negotiation on a port. Choose from the following: active Enables initiation of LACP negotiation on a port. passive Disables initiation of LACP negotiation on a port.
Chapter 5: Interface Configuration Mode Commands DOT1X PORT-CONTROL Syntax dot1x port-control auto|force-authorized|forceunauthorized dir=both|in no dot1x port-control Parameters force-authorized Forces an interface to an authorized state. force-unauthorized Forces an interface to an unauthorized state. auto Allows a client to negotiate authentication on an interface. dir Specifies the packet control direction, where: both Discards receive and transmit packets from the supplicant.
AT-S100 Management Software User’s Guide EXIT Syntax exit Parameters none Description Use the EXIT command to quit the Configuration Terminal mode and enter the Privileged Executive mode. After you enter this command, the prompt changes to “Switchname#” to indicate the Privileged Executive mode.
Chapter 5: Interface Configuration Mode Commands FLOW CONTROL BACKPRESSURE Syntax flow control backpressure on|off Parameters backpressure Specifies back-pressure flow-control in half-duplex mode. Choose from the following options. on Enables back pressure. off Disables back pressure. Description Use the FLOWCONTROL BACKPRESSURE command to enable or disable back-pressure flow-control on an interface.
AT-S100 Management Software User’s Guide FLOW CONTROL RECEIVE Syntax flow control receive on|off Parameters receive Controls flow control on traffic that is received by an interface. Choose from the following options: on Enables flow control. off Disables flow control. Description Use the FLOWCONTROL RECEIVE command to enable an interface to receive traffic using flow control.
Chapter 5: Interface Configuration Mode Commands FLOW CONTROL SEND Syntax flow control send on|off Parameters send Controls flow control on traffic that is sent by an interface. Choose from the following options: on Enables flow control. off Disables flow control. Description Use the FLOWCONTROL SEND command to enable an interface to send traffic using flow control.
AT-S100 Management Software User’s Guide IP ADDRESS Syntax ip address A.B.C.D/M label LABEL secondary Parameters A.B.C.D/M Specifies the IP address of the interface followed by a slash and a subnet mask. LABEL Specifies the label, or name, of the IP address. secondary Indicates that this IP address is a secondary IP address. Description Use the IP ADDRESS command to assign an IP address to a VLAN interface and label the address.
Chapter 5: Interface Configuration Mode Commands The following commands set VLAN 2 with the secondary IP address and mask of 192.10.0.5/8 and labels the IP address as “Sales2” to VLAN2: switch#configure terminal switch(config)#interface vlan2 switch(config-if)#ip address 192.10.0.
AT-S100 Management Software User’s Guide IP ADDRESS DHCP Syntax ip address DHCP Parameters DHCP Indicates the DHCP client is used to obtain an IP address for this interface. Description Use the IP ADDRESS DHCP command to allow an DHCP server to assign an IP address to an interface. You can enable DHCP on a port or on a VLAN.
Chapter 5: Interface Configuration Mode Commands LACP SYSTEM-PRIORITY Syntax lacp system-priority <1-65535> no lacp system-priority Parameters <1-65535> Specifies the LACP port priority. Lower numerical values have higher priorities. Description Use the LACP SYSTEM-PRIORITY command to set the system priority of a local system. This is used in determining the system responsible for resolving conflicts in the choice of aggregation groups. The default value is 32,768.
AT-S100 Management Software User’s Guide MDIX Syntax mdix mdi|mdix Parameters mdi Specifies the interface is forced to MDI mode. mdix Specifies the interface is forced to MDIX mode. Description Use the MDIX command to force an interface to the MDI or MDIX mode. This command only applies to copper ports 1-24 on the AT-9000/28 switch. The MDIX command does not apply to fiber ports.
Chapter 5: Interface Configuration Mode Commands MIRROR INTERFACE DIRECTION Syntax mirror interface ge<1-28> direction both|receive|transmit no mirror interface ge<1-28> direction both|receive|transmit Parameters interface Specifies the port-mirroring-destination port on the switch. direction Specifies the interface is forced to MDIX mode. Choose from the following options: both Mirror traffic in both directions. receive Mirror received traffic. transmit Mirror transmitted traffic.
AT-S100 Management Software User’s Guide The following commands turn off port mirroring on port 20: switch#configure terminal switch(config)#interface ge20 switch(config-if)#no mirror interface ge19 direction receive Related Commands “SHOW RUNNING-CONFIG” on page 153 Section I: Command Modes 177
Chapter 5: Interface Configuration Mode Commands MTU Syntax mtu <64-9216> Parameters none Description Use the MTU command to set the MTU value for the specified interface. Choose a value between 64 and 9,216.
AT-S100 Management Software User’s Guide SHOW RUNNING-CONFIG INTERFACE Syntax show running-config interface INTERFACE Parameters INTERFACE Indicates the interface or a list of interfaces. An interface list can consist of a port. Note Do not mix interface types in a list. Also, the specified interfaces must exist. Description Use the SHOW RUNNING-CONFIG INTERFACE command to display the current configuration of one or more interfaces on the device.
Chapter 5: Interface Configuration Mode Commands See Figure 21 for an example display. (switch3)# show running-config interface vlan2 ! interface vlan2 ! Figure 22.
AT-S100 Management Software User’s Guide SHUTDOWN Syntax shutdown no shutdown Parameters none Description Use the SHUTDOWN command to shut down the specified interface. Use the no form of this command to restore or reactivate a connection with the specified interface.
Chapter 5: Interface Configuration Mode Commands SPEED Syntax speed 10000mfull|1000mfull|100mfull|100mhalf|100fx|10mfull| 10mhalf|auto no speed Parameters 10000mfull Specifies the interface is forced to operate at a speed of 10,000 Mbps in full duplex mode. 1000mfull Specifies the interface is forced to operate at a speed of 1,000 Mbps in full duplex mode. 100mfull Specifies the interface is forced to operate at a speed of 100 Mbps in full duplex mode.
AT-S100 Management Software User’s Guide Note To display the current port speeds, use the SHOW INTERFACE command. See “SHOW INTERFACE” on page 90. Note For more information about the AT-9000 switches and their ports, see the AT-9000 Managed Layer 2 GE ecoSwitch Family Installation Guide.
Chapter 5: Interface Configuration Mode Commands STATIC-CHANNEL-GROUP Syntax static-channel-group <1-8> no static-channel-group Parameters <1-8> Specifies the static-channel-group number. Description Use the STATIC-CHANNEL-GROUP command to create a static-channel group. Use the no form of this command to remove a static-channel group.
AT-S100 Management Software User’s Guide STORM-CONTROL Syntax storm-control broadcast|dlf|multicast LEVEL <1-100> no storm-control broadcast|dlf|multicast Parameters broadcast Sets the broadcast rate limiting value for the interface. dlf Sets the destination lookup failure (DLF) for the interface. multicast Sets the multicast rate limiting value for the interface. LEVEL Specifies the percentage of the threshold or the percentage of the maximum speed (pps) of the interface.
Chapter 5: Interface Configuration Mode Commands Related Commands none 186 Section I: Command Modes
AT-S100 Management Software User’s Guide SWITCHPORT ACCESS VLAN Syntax switchport access vlan VLANID <2-4094> no switchport access vlan VLANID <2-4094> Parameters VLANID Specifies a VLAN ID. Enter a value from 2 to 4094. Description Use the SWITCHPORT ACCESS VLAN command to change the default VLAN for an interface. By default, all ports are assigned to VLAN 1. Use the no form of this command to remove a previously created VLAN with the specified VLAN ID.
Chapter 5: Interface Configuration Mode Commands SWITCHPORT MODE TRUNK Syntax switchport mode trunk ingress-filter enable|disable no switchport mode Parameters ingress-filter Sets the ingress filtering for the received frames. Choose from the following options: enable Sets the ingress filtering for received frames. Received frames that cannot be classified in the previous step based on the acceptable frame type parameter (access/trunk) are discarded.
AT-S100 Management Software User’s Guide Related Commands none Section I: Command Modes 189
Chapter 5: Interface Configuration Mode Commands SWITCHPORT TRUNK ALLOWED VLAN Syntax switchport trunk allowed vlan add|remove VLANID no switchport trunk vlan Parameters add Add a VLAN to transmit and receive through the Layer-2 interface. remove Remove a VLAN that transmits and receives through the Layer-2 interface. VLANID Specifies a VLAN ID or a list of VLAN IDs. Enter a value from 2 to 4094. Set a single VLAN, VLAN range, or a VLAN list.
AT-S100 Management Software User’s Guide switch(config-if)#switchport mode trunk switch(config-if)#switchport trunk allowed vlan add 2 The following commands add VLANs 2 through 6 to the member set of port 7: switch#configure terminal switch(config)#interface ge7 switch(config-if)#switchport mode trunk switch(config-if)#switchport trunk allowed vlan add 26 The following commands remove a list of VLANs from port 5: switch#configure terminal switch(config)#interface ge5 switch(config-if)#switchport mode trun
Chapter 5: Interface Configuration Mode Commands TRAFFIC-CLASS-TABLE USER-PRIORITY NUM-TRAFFICCLASSES Syntax traffic-class-table user-priority <0-7> num-trafficclasses <0-8> value <0-2?> Parameters user-priority Indicates the user priority associated with the traffic class table. Choose a value between 0 and 7. num-traffic-classes Indicates the number of supported traffic classes. Choose a value between 0 and 8.
AT-S100 Management Software User’s Guide USER-PRIORITY Syntax user-priority <0-7> Parameters none Description Use the USER-PRIORITY command to indicate a priority for the port specified. A tagged Ethernet frame contains a field that specifies its VLAN membership. Such frames also contain a user priority level used by the switch to determine the Quality of Service to apply to the frame and which egress queue on the egress port a packet should be stored in.
Chapter 5: Interface Configuration Mode Commands 194 Section I: Command Modes
Section II Advanced Configuration The chapters in this section provide information about configuring advanced features: Section II: Advanced Configuration Chapter 6, “802.
Section II: Advanced Configuration
Chapter 6 802.1x Access Control Commands The switch implements the server side of the IEEE 802.1x Port-based and MAC-based Network Access Control. This feature allows only authorized users, or their network devices, access to network resources by establishing criteria for each interface on the switch.
Chapter 6: 802.1x Access Control Commands DOT1X PORT-CONTROL Syntax dot1x port-control auto|force-authorized|forceunauthorized dir=both|in no dot1x port-control Parameters force-authorized Forces an interface to an authorized state. force-unauthorized Forces an interface to an unauthorized state. auto Allows a client to negotiate authentication on an interface. dir Specifies the packet control direction, where: both Discards receive and transmit packets from the supplicant.
AT-S100 Management Software User’s Guide DOT1X SYSTEM-AUTH-CTRL Syntax dot1x system-auth-ctrl Parameters system-auth-ctrl Enable global interface authentication. Description Use the DOT1X SYSTEM-AUTH-CTRL command to enable authentication globally on interfaces 1 through 28. Global authentication is disabled by default. Command Mode Configuration Terminal mode Example The following commands enable 802.
Chapter 6: 802.1x Access Control Commands LOGIN REMOTELOCAL Syntax login remotelocal no login Parameters none Description Use the LOGIN REMOTELOCAL command to enable password checking on the RADIUS server. To disable password checking, use the no form of the command. Command Mode Line mode Example The following commands enable password checking on a RADIUS server with an IP address of 192.168.1.30 and a key of “ATI:” switch# configure terminal switch(config)# radius-server host 192.168.1.
AT-S100 Management Software User’s Guide RADIUS-SERVER HOST Syntax radius-server host HOSTNAME auth-port=port|ALL <11812> no radius-server host Parameters hostname Sets the radius server to an IP address in the following format: xxx.xxx.xxx auth-port Specifies the port number of the radius client. The default port number is 1812. The range is from 1 to 1812. Description Use the RADIUS-SERVER HOST command to set the RADIUS server host name and port.
Chapter 6: 802.1x Access Control Commands RADIUS-SERVER KEY Syntax radius-server key KEY no radius-server key KEY Parameters KEY The secret key shared among the radius server and the 802.1x client. Special characters such as “*,” “_,” and “!” are permitted. Description Use the RADIUS-SERVER KEY command to set the shared secret key between a Radius server and a client. This command has no default value. To erase the current value of the secret key, use the no form of this command.
AT-S100 Management Software User’s Guide SHOW DOT1X Syntax show dot1x Parameters none Description Use this command to display the status of the 802.1x feature on the switch. To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > (output redirection token). Command Mode Privileged Executive mode Example The following example shows the SHOW DOT1X command and the resulting display: switch#show dot1x See Figure 23 for a sample display.
Chapter 6: 802.1x Access Control Commands SHOW DOT1X ALL Syntax show dot1x all Parameters none Description Use this command to display detailed 802.1x information about all of the interfaces. To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > (output redirection token).
AT-S100 Management Software User’s Guide Table 7 provides a description of the parameters of the SHOW DOT1X ALL and SHOW DOT1X INTERFACE commands. Table 7. SHOW DOT1X Parameter Description Parameter Description portEnabled Indicates the interface operational status (uptrue/down-false). portControl Indicates the current control status of the port for 802.1x control. portStatus Indicates the 802.1x status of the port (authorized or unauthorized).
Chapter 6: 802.1x Access Control Commands Table 7. SHOW DOT1X Parameter Description (Continued) Parameter Description maxReq Specifies the maximum number of requests that can be sent. CD Specifies the Controlled Directions State machine. adminControlledDire ctions Indicates the administrative value (Both/In). operControlledDirecti ons Indicates the operational Value (Both/In). KR Specifies the key receive state machine.
AT-S100 Management Software User’s Guide SHOW DOT1X INTERFACE Syntax show dot1x interface IFNAME Parameters IFNAME Specifies the name of an interface. There are 28 ports on the AT-9000/28 and AT-9000/28SP switches. To specify a port, precede the port number with “ge.” Description Use this command to display the state of a particular interface. To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > (output redirection token).
Chapter 6: 802.1x Access Control Commands See Table 7 on page 205 for a description of the command parameters shown in Figure 25 on page 207.
AT-S100 Management Software User’s Guide SHOW DOT1X STATISTICS INTERFACE Syntax show dot1x statistics interface IFNAME ge<1-28> Parameters IFNAME Specifies the name of an interface. There are 28 ports on the AT-9000/28 and AT-9000/28SP switches. To specify a port, precede the port number with “ge.” Description Use the SHOW DOT1X STATISTICS INTERFACE command to display the vital statistics of an interface.
Chapter 6: 802.
Chapter 7 GVRP Commands The GARP VLAN Registration Protocol (GVRP) allows network devices to share VLAN information. The main purpose of GVRP is to allow switches to automatically discover some of the VLAN information that would otherwise need to be manually configured in each switch. This is helpful in networks where VLANs span more than one switch. Without GVRP, you must manually configure your switches to ensure that the various parts of a VLAN can communicate across the different switches.
Chapter 7: GVRP Commands SET GVRP Syntax set gvrp enable|disable Parameters enable Enables GVRP on the switch. disable Disables GVRP on the switch. Description This command enables or disables GVRP globally on the switch. When GVRP is enabled, the switch learns GVRP VLANs and GVRP ports dynamically. When GVRP is disabled, the switch does not learn any new dynamic GVRP VLANs or dynamic GVRP ports.
AT-S100 Management Software User’s Guide SET GVRP APPLICANT Syntax set gvrp applicant state active|normal ge<1-28> Parameters active Indicates the active state. The port participates in GVRP. The port processes GVRP information and transmits PDUs. normal Indicates the normal state.The port does not participate in GVRP. The port neither processes GVRP information nor transmits PDUs. ge<1-28> Specifies the name of an interface. There are 28 ports on the AT-9000/28 and AT-9000/28SP switches.
Chapter 7: GVRP Commands SET GVRP DYNAMIC-VLAN-CREATION Syntax set gvrp dynamic-vlan-creation Parameters none Description The GVRP DYNAMIC-VLAN-CREATION command enables dynamic VLANs to be created on the switch.
AT-S100 Management Software User’s Guide SET GVRP REGISTRATION Syntax set gvrp registration fixed|forbidden|normal ge<1-28> Parameters fixed Allows manual creation and registration of VLANs and prevents VLAN deregistration. Also registers all know VLANs on other port on the tagged port. forbidden Unregisters all VLANs (except VLAN 1) and prevents any further VLAN creation or registration on the tagged port.
Chapter 7: GVRP Commands Related Commands “SET GVRP” on page 212 “SET GVRP APPLICANT” on page 213 “SET GVRP DYNAMIC-VLAN-CREATION” on page 214 “SET GVRP TIMER” on page 217 216 Section II: Advanced Configuration
AT-S100 Management Software User’s Guide SET GVRP TIMER Syntax set gvrp timer join|leave|leaveall <1-65535> ge<1-28> Parameters default Returns the GARP timers to their default settings. join Specifies the Join timer for joining the group. Enter a value in centiseconds, which are one hundredths of a second. The default is 20 centiseconds. leave Specifies the Leave timer for leaving a group. Enter a value in centiseconds, which are one hundredths of a second. The default is 60 centiseconds.
Chapter 7: GVRP Commands The following commands set the leave timer to 0.
Chapter 8 Port Security Commands The Port Security feature is based on assigning and limiting MAC addresses learned by a port. You can use the MAC-Address-based Port Security feature to enhance the security of your network by controlling which end nodes can forward frames through the switch, thereby preventing unauthorized individuals from accessing your network. This features uses a MAC address to determine whether the switch should forward a frame or discard it.
Chapter 8: Port Security Commands SWITCHPORT PORT-SECURITY MAC-ADDRESS Syntax switchport port-security mac-address sticky xxxx.xxxx.xxxx Vlan <2-4094> no switchport port-security mac-address sticky xxxx.xxxx.xxxx Vlan <2-4094> Parameters mac-address Sets a predefined MAC dress in the following format: xxxx.xxxx.xxxx vlan Sets the VLAN ID. Choose a value between 2 and 4,094. You may not choose the default VLAN which has a VLAN ID of 1.
AT-S100 Management Software User’s Guide switch(config)#interface ge7 switch(config-if)#switchport port-security mac-address 00A0.0490.
Chapter 8: Port Security Commands SWITCHPORT PORT-SECURITY MAXIMUM Syntax switchport port-security maximum <1-320> no switchport port-security maximum <1-320> Parameters maximum Sets the maximum number of MAC addresses that can be accepted by the port. Choose a value between 1 and 320. Description Use the SWITCHPORT PORT-SECURITY MAXIMUM command to set the maximum number of secure MAC addresses that can be learned by the specified port.
AT-S100 Management Software User’s Guide SWITCHPORT PORT-SECURITY MODE Syntax switchport port-security mode limited|locked|secured no switchport port-security mode limited|locked|secured Parameters mode Sets the security mode. Choose from the following options: limited Sets the port to the Limited security mode. The port learns a limited number of dynamic MAC addresses. This is the least secure option. locked Sets the switch to the Locked security mode.
Chapter 8: Port Security Commands Example The following commands set the security mode to “locked” on port 20: switch#configure terminal switch(config)#interface ge20 switch(config-if)#switchport port-security mode locked Related Commands “SWITCHPORT PORT-SECURITY MAC-ADDRESS” on page 220 “SWITCHPORT PORT-SECURITY MAXIMUM” on page 222 “SWITCHPORT TRUNK ALLOWED VLAN” on page 190 224 Section II: Advanced Configuration
AT-S100 Management Software User’s Guide SWITCHPORT PORT-SECURITY VIOLATION Syntax switchport port-security violation protect|restrict|shutdown no switchport port-security violation protect|restrict|shutdown Parameters violation Sets the security mode. Choose from the following options: protect Permits traffic from a secure port only. Drops packets from insecure ports. This is the least secure option. restrict Sends an alert when security violation is detected.
Chapter 8: Port Security Commands Example The following commands set port 4 to shutdown when the AT-S100 software detects a security violation: switch#configure terminal switch(config)#interface ge4 switch(config-if)#switchport port-security violation shutdown Related Commands “SWITCHPORT PORT-SECURITY MAC-ADDRESS” on page 220 “SWITCHPORT PORT-SECURITY MAXIMUM” on page 222 “SWITCHPORT TRUNK ALLOWED VLAN” on page 190 226 Section II: Advanced Configuration
Chapter 9 Simple Network Management Protocol (SNMP) Commands This chapter provides descriptions of SNMP v1 and v2c commands that are accessed through the Configuration Terminal mode.
Chapter 9: Simple Network Management Protocol (SNMP) Commands SNMP-SERVER COMMUNITY Syntax snmp-server community STRING view VIEWNAME ro|rw|view no snmp-server community Parameters STRING Specifies the name of the SNMP community. Choose an alphanumeric value between 1 and 255 characters. This name acts as a password and permits access to SNMP. VIEWNAME Indicates the name of a view that was defined with the SNMP-SERVER VIEW command.
AT-S100 Management Software User’s Guide Related Commands “SNMP-SERVER GROUP” on page 233 “SNMP-SERVER VIEW” on page 241 Section II: Advanced Configuration 229
Chapter 9: Simple Network Management Protocol (SNMP) Commands SNMP-SERVER CONTACT Syntax snmp-server contact LINE no snmp-server contact Parameters LINE Specifies an alphanumeric string including spaces. You do not have to use quotation marks to indicate spaces. Choose a value that is between 1 and 255 characters in length. Description Use the SNMP-SERVER CONTACT command to set a contact person, email address, or IP address for the SNMP system.
AT-S100 Management Software User’s Guide Related Commands “SNMP-SERVER USER” on page 237 Section II: Advanced Configuration 231
Chapter 9: Simple Network Management Protocol (SNMP) Commands SNMP-SERVER ENABLE Syntax snmp-server enable no snmp-server enable Parameters none Description Use the SNMP-SERVER ENABLE command to enable SNMP link and failure traps on the switch. Use the no form of this command to disable SNMP link and failure traps.
AT-S100 Management Software User’s Guide SNMP-SERVER GROUP Syntax snmp-server group GROUPNAME v1|v2c auth|noauth|priv |read[VIEWNAME]|write[VIEWNAME]|notify[VIEWNAME] no snmp-server group GROUPNAME v1|v2c Parameters GROUPNAME Specifies the group name. Choose an alphanumeric value between 1 and 255 characters. v1 Specifies a group that uses the SNMPv1 security mode. v2c Specifies a group that uses the SNMPv2c security mode. read Specifies the view that permits the user read access.
Chapter 9: Simple Network Management Protocol (SNMP) Commands Examples The following commands create an SNMPv1 group named “marcom” with write access to a view of the Internet which has an IP address of 1.3.6.1: switch#configure terminal switch(config)#snmp-server group marcom v1 write 1.3.6.
AT-S100 Management Software User’s Guide SNMP-SERVER HOST Syntax snmp-server host A.B.C.D informs|traps version 1|2c COMMUNITY-STRING no snmp-server host A.B.C.D informs|traps version 1|2c COMMUNITY-STRING Parameters A.B.C.D Specifies the name or the Internet address of the host. inform Sends SNMP inform messages to the host specified. traps Sends SNMP traps to the host specified. version Specifies the SNMP version used to send the traps.
Chapter 9: Simple Network Management Protocol (SNMP) Commands Examples The following commands create an SNMP v2c host with an IP address of 192.34.10.1, traps, and public notification: switch#configure terminal switch(config)#snmp-server host 192.34.10.1 traps version 2c public The following commands create an SNMP v1 host with an IP address of 192.34.10.1 that receives inform messages: switch#configure terminal switch(config)#snmp-server host 192.34.10.
AT-S100 Management Software User’s Guide SNMP-SERVER USER Syntax snmp-server user USERNAME GROUPNAME remote HOST udpport <1-65536> v1|v2 auth(md5|sha) auth-password no snmp-server user USERNAME Parameters USERNAME Specifies the name of the user. GROUPNAME Specifies the name of the SNMP group. The user listed in this command becomes a member of this group. HOST Specifies the IP address of the host that connects to the agent in the following format: xxx.xxx.xxx.
Chapter 9: Simple Network Management Protocol (SNMP) Commands Command Mode Configuration Terminal mode Examples The following commands add a user named Marla to the group called ati3 which is an SNMPv2c group connected to a host with an IP address of 192.168.9.1. In addition, the UDP port assigned is 170, the security mode is MD5, and the authorization password is “funnybusiness14:” switch#configure terminal switch(config)#snmp-server user Marla ati3 remote 192.168.9.
AT-S100 Management Software User’s Guide SNMP-SERVER USER REMOTE Syntax snmp-server user remote GROUPNAME remote A.B.C.D udpport PORT<1-65535> encrypted auth(md5|sha) password PASSWORD no snmp-server user USERNAME Parameters USERNAME Specifies the name of the user. GROUPNAME Specifies the name of the SNMP group. The user listed in this command becomes a member of this group. A.B.C.D Specifies the IP address of the host that connects to the agent in the following format: xxx.xxx.xxx.
Chapter 9: Simple Network Management Protocol (SNMP) Commands Command Mode Configuration Terminal mode Example The following commands add a user named Shufen to an SNMPv2c group called ati3 which is connected to a host with an IP address of 192.168.10.1. A password defined as “super1password” is used as an authorization password: switch#configure terminal switch(config)#snmp-server user shufen remote ati3 192.168.10.
AT-S100 Management Software User’s Guide SNMP-SERVER VIEW Syntax snmp-server view VIEWNAME WORD include|exclude no snmp-server view Parameters VIEWNAME Specifies the name of the user. WORD Specifies the MIB Tree. include Includes users in this view. exclude Excludes users from this view. Description Use the SNMP-SERVER VIEW command to create an SNMP view and determine if a user can access it. The MIB tree is defined by RFC 1155 Structure of Management Information.
Chapter 9: Simple Network Management Protocol (SNMP) Commands Related Commands “SNMP-SERVER GROUP” on page 233 242 Section II: Advanced Configuration
Chapter 10 Spanning Tree Protocol (STP) Commands The commands in this chapter can be used in the Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP) Protocol daemons. All of the spanning-tree commands are available in the Configuration Terminal mode.
Chapter 10: Spanning Tree Protocol (STP) Commands SHOW SPANNING-TREE Syntax show spanning-tree interface INTERFACE ge<1-28> Parameters INTERFACE Indicates the name of an interface. Specify ports ge1 through ge28 Description Use the SHOW SPANNING-TREE command to display the status of the active spanning tree protocol on the specified port.
AT-S100 Management Software User’s Guide This command displays a variety of parameters. An example of page 1 of the display is shown in Figure 27.
Chapter 10: Spanning Tree Protocol (STP) Commands Related Commands “SPANNING-TREE MODE” on page 252 246 Section II: Advanced Configuration
AT-S100 Management Software User’s Guide SPANNING-TREE ENABLE FORWARD Syntax spanning-tree stp|rstp enable forward no spanning-tree stp|rstp enable forward Parameters stp Specifies IEEE 801.Q Spanning-tree protocol (STP). rstp Specifies IEEE 801.w rapid Rapid Spanning-tree protocol (RSTP). enable Makes the current spanning tree protocol the active spanningtree protocol.
Chapter 10: Spanning Tree Protocol (STP) Commands Examples The following commands enable RSTP on the switch: switch#configure terminal switch(config)#spanning-tree rstp enable forward The following commands disable STP on the switch while still allowing the ports to transmit and receive traffic: switch#configure terminal switch(config)#no spanning-tree stp enable forward Related Commands “SPANNING-TREE MODE” on page 252 248 Section II: Advanced Configuration
AT-S100 Management Software User’s Guide SPANNING-TREE FORWARD-TIME Syntax spanning-tree forward-time <4-30> no spanning-tree forward-time Parameters none Description Use the SPANNING-TREE FORWARD-TIME command to set the time, (in seconds), after which (if this bridge is the root bridge) each interface changes to the learning and forwarding states. This value is used by all instances. The default value is 15 seconds. Use the no form of this command to restore the default value of 15 seconds.
Chapter 10: Spanning Tree Protocol (STP) Commands SPANNING-TREE HELLO-TIME Syntax spanning-tree hello-time <1-10> no spanning-tree hello-time Parameters none Description Use the SPANNING-TREE HELLO-TIME command to set the hello-time, the time in seconds after which (if this bridge is the root bridge) all the bridges in a bridged LAN exchange Bridge Protocol Data Units (BPDUs).
AT-S100 Management Software User’s Guide SPANNING-TREE MAX-AGE Syntax spanning-tree max-age <6-40> no spanning-tree max-age Parameters none Description Use the SPANNING-TREE MAX-AGE command to set the max-age for a bridge. Max-age is the maximum time, in seconds, for which (if a bridge is the root bridge) a message is considered valid. This prevents the frames from looping indefinitely. This value is used by all instances.
Chapter 10: Spanning Tree Protocol (STP) Commands SPANNING-TREE MODE Syntax spanning-tree mode stp|rstp no spanning-tree mode Parameters stp Specifies IEEE 801.Q Spanning-tree protocol (STP). rstp Specifies IEEE 801.w rapid Rapid Spanning-tree protocol (RSTP). Description Use the SPANNING-TREE MODE command to specify the active Spanning Tree Protocol and enable it on the switch. The default value is RSTP. Use the no form of this command to restore RSTP as the default value.
AT-S100 Management Software User’s Guide SPANNING-TREE PORTFAST BPDU-FILTER DEFAULT Syntax spanning-tree portfast bpdu-filter default no spanning-tree portfast bpdu-filter default Parameters none Description Use the SPANNING-TREE BPDU-FILTER DEFAULT command to globally enable the BPDU filter on a bridge. The Spanning Tree Protocol sends BPDUs from all interfaces. Enabling the BPDU filter ensures that portfast-enabled interfaces do not transmit or receive any BPDUs.
Chapter 10: Spanning Tree Protocol (STP) Commands SPANNING-TREE PORTFAST BPDU-GUARD DEFAULT Syntax spanning-tree portfast bpdu-guard default no spanning-tree portfast bpdu-guard default Parameters none Description Use the SPANNING-TREE BPDU-GUARD DEFAULT command to enable the BPDU (Bridge Protocol Data Unit) guard feature on a bridge. This command indicates the bridge level BPDU-Guard configuration takes effect.
AT-S100 Management Software User’s Guide SPANNING-TREE PRIORITY Syntax spanning-tree priority <0-61440> no spanning-tree priority Parameters <0-61440> Specifies the bridge priority value in increments of 4,096. For example, 4,096, 8,192, and 12,288 are all valid values. Description Use the SPANNING-TREE PRIORITY command to specify the interface priority. A lower priority value indicates a greater likelihood of becoming a root. The default value is 32,768.
Chapter 10: Spanning Tree Protocol (STP) Commands 256 Section II: Advanced Configuration
Chapter 11 Virtual Local Area Networks (VLAN) Commands This chapter provides descriptions of VLAN commands that are accessed through the Configuration Terminal mode.
Chapter 11: Virtual Local Area Networks (VLAN) Commands SHOW VLAN ALL Syntax show vlan all Parameters none Description Use the SHOW VLAN ALL command to display information about all of the VLANs, both static and dynamic, configured on the switch. Command Mode Privileged Executive mode Example The following example shows the SHOW VLAN ALL command and a sample of the output: switch3#show vlan all See Figure 29 for an example display.
AT-S100 Management Software User’s Guide “SHOW VLAN DYNAMIC” on page 262 “SHOW VLAN STATIC” on page 263 Section II: Advanced Configuration 259
Chapter 11: Virtual Local Area Networks (VLAN) Commands SHOW VLAN BRIEF Syntax show vlan brief Parameters none Description Use the SHOW VLAN BRIEF command to display information about all of the VLANs, both static and dynamic, configured on the switch. Command Mode Privileged Executive mode Example The following example shows the SHOW VLAN BRIEF command and a sample of the output: switch3#show vlan brief See Figure 30 for an example display.
AT-S100 Management Software User’s Guide Related Commands “SHOW MAC ADDRESS-TABLE VLAN” on page 102 “SHOW VLAN ALL” on page 258 “SHOW VLAN BRIEF” on page 260 “SHOW VLAN DYNAMIC” on page 262 “SHOW VLAN STATIC” on page 263 Section II: Advanced Configuration 261
Chapter 11: Virtual Local Area Networks (VLAN) Commands SHOW VLAN DYNAMIC Syntax show vlan dynamic Parameters none Description Use the SHOW VLAN DYNAMIC command to display information about dynamic VLANs on the switch. Command Mode Privileged Executive mode Example The following example shows the SHOW VLAN DYNAMIC command and a sample of the output: switch3#show vlan dynamic See Figure 31 for an sample display.
AT-S100 Management Software User’s Guide SHOW VLAN STATIC Syntax show vlan static Parameters none Description Use the SHOW VLAN STATIC command to display information about all of the VLANs, both static and dynamic, configured on the switch. Command Mode Privileged Executive mode Example The following example shows the SHOW VLAN STATIC command and a sample of the output: switch3#show vlan static See Figure 32 for an sample display.
Chapter 11: Virtual Local Area Networks (VLAN) Commands Related Commands “SHOW VLAN ALL” on page 258 “SHOW VLAN BRIEF” on page 260 “SHOW VLAN DYNAMIC” on page 262 264 Section II: Advanced Configuration
AT-S100 Management Software User’s Guide SWITCHPORT TRUNK ALLOWED VLAN Syntax switchport trunk allowed vlan add|remove VLANID no switchport trunk vlan Parameters add Add a VLAN to transmit and receive through the Layer-2 interface. remove Remove a VLAN that transmits and receives through the Layer2 interface. VLANID Specifies a VLAN ID or a list of VLAN IDs. Enter a value from 2 to 4094. Set a single VLAN, VLAN range, or a VLAN list.
Chapter 11: Virtual Local Area Networks (VLAN) Commands switch(config-if)#switchport mode trunk switch(config-if)#switchport trunk allowed vlan add 2 The following commands add VLANs 3 through 6 to the member set of port 7: switch#configure terminal switch(config)#interface ge7 switch(config-if)#switchport mode trunk switch(config-if)#switchport trunk allowed vlan add 36 The following commands remove a list of VLANs from port 5: switch#configure terminal switch(config)#interface ge5 switch(config-if)#switc
AT-S100 Management Software User’s Guide VLAN Syntax vlan <2-4094> name NAME state enable|disable Parameters <2-4094> Indicates the VLAN ID. Enter a value between 2 and 4094. name Indicates the name of the VLAN. Enter a text value. state Indicates the active state of the VLAN. Choose from the following: enable Activates the VLAN. disable Inactivates the VLAN. Caution You may not create a VLAN with a VLAN ID of 1. This is the default VLAN.
Chapter 11: Virtual Local Area Networks (VLAN) Commands VLAN ACCESS-MAP Syntax vlan access-map NAME <1-65535> Parameters NAME Specifies the name of the access map and the sequence to insert or delete it from an existing access-map entry. Command Mode Configuration Terminal mode Description Use the VLAN ACCESS-MAP command to create a VLAN access-map, name it, and determine the sequence to insert it to or delete it from an existing access map entry.
AT-S100 Management Software User’s Guide VLAN DATABASE Syntax vlan database Parameters none Command Mode Configuration Terminal mode Description Use the VLAN DATABASE command to enter the VLAN configuration mode. After you enter the VLAN mode, the prompt changes to indicate the new mode and you can enter commands to add, delete, or modify values associated with a single VLAN.
Chapter 11: Virtual Local Area Networks (VLAN) Commands 270 Section II: Advanced Configuration
Index Numerics 802.
Index FLOW CONTROL RECEIVE command 169 FLOW CONTROL SEND command 50, 170 G GARP timer, setting 217 gateway address setting 29 GVRP creating dynamic VLANs 214 disabling 53, 212 disabling ports 213 enabling 53, 212 enabling dynamic VLANs 54 enabling ports 213 setting GVRP registration 54 setting registration 215 setting the applicant state 54 setting the join and leave timers 55 H help selecting context-sensitive help 24 HELP command 127 HOSTNAME command 128 I IGMP enabling 55 interface assigning secure M
AT-S100 Management Software User’s Guide removing a static MAC address 34 setting 32 setting a maximum number 47 setting the aging time 33 MAC address table ageing time 138, 139 MAC ADDRESS-TABLE AGEING-TIME command 33, 138 MAC ADDRESS-TABLE STATIC DISCARD command 34, 139 MAC ADDRESS-TABLE STATIC FORWARD command 34, 141 MDI mode 45, 175 MDIX command 45, 175 MDIX mode 45, 175 MIRROR INTERFACE DIRECTION command 43, 176 MLS QOS command 143 MTU command 31, 178 N Network Time Protocol (NTP) specifying key numb
Index SHOW VLAN DYNAMIC command 262 SHOW VLAN STATIC command 263 SHUTDOWN command 45, 181 SNMP adding traps 61 creating communities 60 SNMP-SERVER COMMUNITY command 228 SNMP-SERVER CONTACT command 230 SNMP-SERVER ENABLE command 232 SNMP-SERVER GROUP command 233 SNMP-SERVER HOST command 235 SNMP-SERVER USER command 237, 239, 241 SNMP community strings access mode 60 default 60 name 60 trap receivers 61 SNMP-SERVER COMMUNITY command 228 SNMP-SERVER CONTACT command 230 SNMP-SERVER ENABLE command 232 SNMP-SERV
