Owner manual

ManualsBrandsAllied Telesis ManualsComputer HardwareAT-S62

Management

Software

AT-S62

◆

Command Line

User’s Guide

AT-8516F/SC, AT-8524M, AT-8524POE,

AT-8550GB and AT-8550SP LAYER 2+

FAST ETHERNET SWITCHES

VERSION 1.3.0

PN 613-50486-00 Rev E

Summary of content (573 pages)

PAGE 1
Management Software ® AT-S62 ◆ Command Line User’s Guide AT-8516F/SC, AT-8524M, AT-8524POE, AT-8550GB and AT-8550SP LAYER 2+ FAST ETHERNET SWITCHES VERSION 1.3.
PAGE 2
Copyright © 2005 Allied Telesyn, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn, Inc. Microsoft is a registered trademark of Microsoft Corporation, Netscape Navigator is a registered trademark of Netscape Communications Corporation. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners. Allied Telesyn, Inc.
PAGE 3
Table of Contents Preface ....................................................................................................................................................................................................................12 Document Conventions ....................................................................................................................................................................................14 Contacting Allied Telesyn ........................................
PAGE 4
Table of Contents ENABLE DHCP ....................................................................................................................................................................................................... 42 ENABLE IP REMOTEASSIGN .............................................................................................................................................................................. 43 ENABLE TELNET ...............................................................
PAGE 5
AT-S62 Command Line User’s Guide CLEAR SNMPV3 ACCESS ................................................................................................................................................................................. 103 CLEAR SNMPV3 COMMUNITY ....................................................................................................................................................................... 105 CLEAR SNMPV3 NOTIFY .............................................................
PAGE 6
Table of Contents RESET SWITCH FDB ...........................................................................................................................................................................................181 SET SWITCH AGINGTIMER|AGEINGTIMER .................................................................................................................................................182 SHOW SWITCH AGINGTIMER|AGEINGTIMER ...................................................................
PAGE 7
AT-S62 Command Line User’s Guide SET CONFIG ......................................................................................................................................................................................................... 232 SHOW FILE ...........................................................................................................................................................................................................
PAGE 8
Table of Contents DELETE QOS TRAFFICCLASS ..........................................................................................................................................................................326 DESTROY QOS FLOWGROUP .........................................................................................................................................................................327 DESTROY QOS POLICY .................................................................................
PAGE 9
AT-S62 Command Line User’s Guide SET SWITCH MULTICASTMODE .................................................................................................................................................................... 389 SHOW STP ............................................................................................................................................................................................................ 391 Chapter 26 RSTP Commands .........................................
PAGE 10
Table of Contents Chapter 30 Protected Ports VLAN Commands ..........................................................................................................................................................462 ADD VLAN GROUP ............................................................................................................................................................................................463 CREATE VLAN PORTPROTECTED .............................................................
PAGE 11
AT-S62 Command Line User’s Guide Chapter 36 Secure Sockets Layer (SSL) Commands ............................................................................................................................................... 531 SET SSL .................................................................................................................................................................................................................. 532 SHOW SSL ...................................................
PAGE 12
Preface This guide describes how to configure an AT-8500 Series switch using the AT-S62 command line interface.
PAGE 13
AT-S62 Command Line User’s Guide ❑ Chapter 16: File Download and Upload Commands on page 235 ❑ Chapter 17: Event Log and Syslog Server Commands on page 258 ❑ Chapter 18: Classifier Commands on page 286 ❑ Chapter 19: ACL Commands on page 298 ❑ Chapter 20: Quality of Service (QoS) Commands on page 306 ❑ Chapter 21: Class of Service (CoS) Commands on page 344 ❑ Chapter 22: Power Over Ethernet Commands on page 350 ❑ Chapter 23: IGMP Snooping Commands on page 359 ❑ Chapter 24: Denial of Service (DoS) Defense Co
PAGE 14
Preface A list of the commands appear on the first page of each chapter. The commands are described in alphabetical order. Caution The software described in this documentation contains certain cryptographic functionality and its export is restricted by U.S. law. As of this writing, it has been submitted for review as a “retail encryption item” in accordance with the Export Administration Regulations, 15 C.F.R. Part 730-772, promulgated by the U.S.
PAGE 15
AT-S62 Command Line User’s Guide Contacting Allied Telesyn This section provides Allied Telesyn contact information for technical support as well as sales or corporate information. Online Support You can request technical support online by accessing the Allied Telesyn Knowledge Base from the following web site: www.alliedtelesyn.com/kb. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
PAGE 16
Chapter 1 Starting a Command Line Management Session This chapter contains the following topics: ❑ Starting a Management Session on page 17 ❑ Command Line Interface Features on page 18 ❑ Command Formatting on page 19 16
PAGE 17
AT-S62 Command Line User’s Guide Starting a Management Session In order to manage an AT-8500 Series switch using command line commands, you must first start a local or Telnet management session. For instructions, refer to the AT-S62 Management Software Menus Interface User’s Guide. The default management interface is the command line. The prompt that you will see will differ depending on whether you logged in as Manager or Operator. If you logged in as Manager, you will see “#.
PAGE 18
Chapter 1: Starting a Command Line Management Session Command Line Interface Features The following features are supported in the command line interface: ❑ Command history - Use the up and down arrow keys. ❑ Context-specific help - Press the question mark key at any time to see a list of legal next parameters. ❑ Keyword abbreviations - Any keyword can be recognized by typing an unambiguous prefix (for example., “sh” for “show”). ❑ Tab key - Pressing the tab key fills in the rest of a keyword.
PAGE 19
AT-S62 Command Line User’s Guide Command Formatting The following formatting conventions are used in this manual: ❑ screen text font - This font illustrates the format of a command and command examples. ❑ screen text font - Italicized screen text indicates a variable for you to enter. ❑ [ ] - Brackets indicate optional parameters. ❑ | - Bar symbol separates parameter options for you to choose from.
PAGE 20
Chapter 2 Basic Command Line Commands This chapter contains the following commands: ❑ CLEAR SCREEN on page 21 ❑ EXIT on page 22 ❑ HELP on page 23 ❑ LOGOFF, LOGOUT, and QUIT on page 24 ❑ MENU on page 25 ❑ SAVE CONFIGURATION on page 26 ❑ SET PROMPT on page 27 ❑ SET SWITCH CONSOLEMODE on page 28 ❑ SHOW USER on page 29 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 21
AT-S62 Command Line User’s Guide CLEAR SCREEN Syntax clear screen Parameters None. Description This command clears the screen.
PAGE 22
Chapter 2: Basic Command Line Commands EXIT Syntax exit Parameters None. Description This command displays the AT-S62 Main Menu. It performs the same function as the MENU command. For instructions on how to use the management menus, refer to the AT-S62 Management Software Menus Interface User’s Guide.
PAGE 23
AT-S62 Command Line User’s Guide HELP Syntax help Parameters None. Description This command displays a list of the CLI keywords with a brief description for each keyword.
PAGE 24
Chapter 2: Basic Command Line Commands LOGOFF, LOGOUT, and QUIT Syntax logoff logout quit Parameters None. Description These three commands perform the same function: they end a management session. If you are managing a slave switch, the commands return you to the master switch from which you started the management session.
PAGE 25
AT-S62 Command Line User’s Guide MENU Syntax menu Parameters None. Description This command displays the AT-S62 Main Menu. This command performs the same function as the EXIT command. For instructions on how to use the management menus, refer to the AT-S62 Management Software Menus Interface User’s Guide.
PAGE 26
Chapter 2: Basic Command Line Commands SAVE CONFIGURATION Syntax save configuration Parameters None. Description This command saves your changes to the switch’s active boot configuration file for permanent storage. Whenever you make a change to an operating parameter of the switch, such as enter a new IP address or create a new VLAN, the change is stored in temporary memory. It will be lost the next time you reset the switch or power cycle the unit.
PAGE 27
AT-S62 Command Line User’s Guide SET PROMPT Syntax set prompt=”prompt” Parameter prompt Specifies the command line prompt. The prompt can be from one to 12 alphanumeric characters. Spaces and special characters are allowed. The prompt must be enclosed in double quotes. Description This command changes the command line prompt. Assigning each switch a different command line prompt can make it easier for you to identify the different switches in your network when you manage them.
PAGE 28
Chapter 2: Basic Command Line Commands SET SWITCH CONSOLEMODE Syntax set switch consolemode=menu|cli Parameter consolemode Specifies the mode you want management sessions to start in. Options are: menu Specifies the AT-S62 Main Menu. cli Specifies the command line prompt. This is the default. Description You use this command to specify whether you want your management sessions to start by displaying the command line interface or the AT-S62 Main Menu. The default is the command line interface.
PAGE 29
AT-S62 Command Line User’s Guide SHOW USER Syntax show user Parameter None. Description Displays the user account you used to log on to manage the switch.
PAGE 30
Chapter 3 Enhanced Stacking Commands This chapter contains the following commands: ❑ ACCESS SWITCH on page 31 ❑ SET SWITCH STACKMODE on page 33 ❑ SHOW REMOTELIST on page 35 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on enhanced stacking.
PAGE 31
AT-S62 Command Line User’s Guide ACCESS SWITCH Syntax access switch number=number|macaddress=macaddress Parameters number Specifies the number of the switch in an enhanced stack that you want to manage. You view this number using the SHOW REMOTELIST command. macaddress Specifies the MAC address of the switch you want to manage. This can also be displayed using the SHOW REMOTELIST command.
PAGE 32
Chapter 3: Enhanced Stacking Commands Examples The following command starts a management session on switch number 12: access switch number=12 The following command starts a management session on a switch with the MAC address 00:30:84:52:02:11 access switch macaddress=003084520211 32
PAGE 33
AT-S62 Command Line User’s Guide SET SWITCH STACKMODE Syntax set switch stackmode=master|slave|unavailable Parameter stackmode Specifies the enhanced stacking mode of the switch. Possible settings are: master Specifies the switch’s stacking mode as master. A master switch must be assigned an IP address and subnet mask. slave Specifies the switch’s stacking mode as slave. A slave does not need an IP address. This is the default setting for a switch.
PAGE 34
Chapter 3: Enhanced Stacking Commands Example The following command sets the switch’s stacking status to master: set switch stackmode=master 34
PAGE 35
AT-S62 Command Line User’s Guide SHOW REMOTELIST Syntax show remotelist [sorted by=macaddress|name] Parameter sorted Sorts the list either by MAC address or by name. The default is by MAC address. Description This command displays a list of the switches in an enhanced stack. This command can only be performed from a management session on a master switch. The list does not include the master switch on which you started the management session.
PAGE 36
Chapter 4 Basic Switch Commands This chapter contains the following commands: ❑ DISABLE DHCPBOOTP on page 38 ❑ DISABLE IP REMOTEASSIGN on page 39 ❑ DISABLE TELNET on page 40 ❑ ENABLE BOOTP on page 41 ❑ ENABLE DHCP on page 42 ❑ ENABLE IP REMOTEASSIGN on page 43 ❑ ENABLE TELNET on page 44 ❑ FORMAT DEVICE on page 45 ❑ PING on page 47 ❑ PURGE IP on page 48 ❑ RESET SWITCH on page 49 ❑ RESET SYSTEM on page 50 ❑ RESTART REBOOT on page 51 ❑ RESTART SWITCH on page 52 ❑ SET ASYN on page 54 ❑ SET IP INTERFACE on pag
PAGE 37
AT-S62 Command Line User’s Guide ❑ SET PASSWORD OPERATOR on page 59 ❑ SET SWITCH CONSOLETIMER on page 60 ❑ SET SYSTEM on page 61 ❑ SET USER PASSWORD on page 62 ❑ SHOW ASYN on page 63 ❑ SHOW CONFIG on page 64 ❑ SHOW DHCPBOOTP on page 65 ❑ SHOW IP INTERFACE on page 66 ❑ SHOW IP ROUTE on page 67 ❑ SHOW SWITCH on page 68 ❑ SHOW SYSTEM on page 69 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 38
Chapter 4: Basic Switch Commands DISABLE DHCPBOOTP Syntax disable dhcpbootp Parameters None. Description This command deactivates the DHCP and BOOTP client software on the switch. This command is equivalent to DISABLE IP REMOTEASSIGN on page 39. The default setting for the client software is disabled. To activate the DHCP and BOOTP client software, refer to ENABLE DHCP on page 42, ENABLE BOOTP on page 41, ENABLE IP REMOTEASSIGN on page 43, or SET IP INTERFACE on page 55.
PAGE 39
AT-S62 Command Line User’s Guide DISABLE IP REMOTEASSIGN Syntax disable ip remoteassign Parameters None. Description This command deactivates the DHCP and BOOTP client software on the switch. This command is equivalent to DISABLE DHCPBOOTP on page 38. The default setting for the client software is disabled. To activate the DHCP and BOOTP client software, refer to ENABLE DHCP on page 42, ENABLE BOOTP on page 41, ENABLE IP REMOTEASSIGN on page 43, or SET IP INTERFACE on page 55.
PAGE 40
Chapter 4: Basic Switch Commands DISABLE TELNET Syntax disable telnet Parameters None. Description This command disables the Telnet server software on the switch. You might disable the server software if you do not want anyone to manage the switch using the Telnet application protocol or if you plan to use the Secure Shell protocol. The default setting for the Telnet server is enabled.
PAGE 41
AT-S62 Command Line User’s Guide ENABLE BOOTP Syntax enable bootp Parameters None. Description This command activates the BOOTP client software on the switch. This command is equivalent to SET IP INTERFACE on page 55. The default setting for the BOOTP client software is disabled. Note When you activate BOOTP, the switch immediately begins to query the network for a BOOTP server. The switch continues to query the network for its IP configuration until it receives a response.
PAGE 42
Chapter 4: Basic Switch Commands ENABLE DHCP Syntax enable dhcp Parameters None. Description This command activates the DHCP client software on the switch. This command is equivalent to ENABLE IP REMOTEASSIGN on page 43 and the SET IP INTERFACE command. The default setting for the DHCP client software is disabled. Note When you activate DHCP, the switch immediately begins to query the network for a DHCP server. The switch continues to query the network for its IP configuration until it receives a response.
PAGE 43
AT-S62 Command Line User’s Guide ENABLE IP REMOTEASSIGN Syntax enable ip remoteassign Parameters None. Description This command activates the DHCP client software on the switch. This command is equivalent to ENABLE DHCP on page 42. The default setting for the DHCP client software is disabled. Note When you activate DHCP, the switch immediately begins to query the network for a DHCP server. The switch continues to query the network for its IP configuration until it receives a response.
PAGE 44
Chapter 4: Basic Switch Commands ENABLE TELNET Syntax enable telnet Parameters None. Description This command activates the Telnet server on the switch. With the server activated, you can manage the switch using the Telnet application protocol from any management workstation on your network. To disable the server, refer to DISABLE TELNET on page 40. The default setting for the Telnet server is enabled.
PAGE 45
AT-S62 Command Line User’s Guide FORMAT DEVICE Syntax format drive=flash Parameter drive Specifies the memory device to format. The AT-8500 Series switch supports only one memory device, flash memory. Description This command formats the switch’s flash memory. It deletes all files in a switch’s file system, including configuration files, encryption keys, and event logs, and returns the switch to its factory default settings.
PAGE 46
Chapter 4: Basic Switch Commands A confirmation prompt is displayed. Enter Y for yes to format the flash memory or N for no to cancel the command.
PAGE 47
AT-S62 Command Line User’s Guide PING Syntax ping ipaddress Parameter ipaddress Specifies the IP address of an end node you want the switch to ping. Description This command instructs the switch to ping an end node. You can use this command to determine whether a valid link exists between the switch and another device. Note The switch must have an IP address and subnet mask in order for you to use this command. Example The following command pings an end node with the IP address of 149.245.22.22 ping 149.
PAGE 48
Chapter 4: Basic Switch Commands PURGE IP Syntax purge ip [ipaddress] [netmask] [route] Parameters ipaddress Returns the switch’s IP address to the default setting 0.0.0.0. netmask Returns the subnet mask to the default setting 0.0.0.0. route Returns the gateway address to the default setting 0.0.0.0. Description This command returns the switch’s IP address, subnet mask, and default gateway address to the default settings. This command is similar in function to the RESET IP command.
PAGE 49
AT-S62 Command Line User’s Guide RESET SWITCH Syntax reset switch Parameters None. Description This command does all of the following: ❑ Performs a soft reset on all ports. The reset takes less than a second to complete. The ports retain their current operating parameter settings. To perform this function on individual ports, refer to RESET SWITCH PORT on page 165. ❑ Resets the statistics counters on all ports to zero.
PAGE 50
Chapter 4: Basic Switch Commands RESET SYSTEM Syntax reset system [name] [contact] [location] Parameters name Deletes the switch’s name. contact Deletes the switch’s contact. location Deletes the switch’s location. Description This command delete’s the switch’s name, the name of the network administrator responsible for managing the unit, and the location of the unit. To set these parameters, refer to SET SYSTEM on page 61. To view the current settings, refer to SHOW SYSTEM on page 69.
PAGE 51
AT-S62 Command Line User’s Guide RESTART REBOOT Syntax restart reboot Parameters None. Description This command resets the switch. The switch runs its internal diagnostics, loads the AT-S62 management software, and configures its parameter settings using the current boot configuration file. The reset will takes approximately 20 to 30 seconds to complete. The unit does not forward traffic during the time required to run its internal diagnostics and initialize its operating software.
PAGE 52
Chapter 4: Basic Switch Commands RESTART SWITCH Syntax restart switch config=none|filename.cfg Parameters config Specifies a configuration file. The file must already exist on the switch. The value NONE returns the switch to its default values. Description This command loads a different configuration file on the switch or returns the switch’s parameter settings to their default values.
PAGE 53
AT-S62 Command Line User’s Guide Note For a list of the default values, refer to Appendix A in the AT-S62 Management Software Menus Interface User’s Guide. Note The switch will not forward traffic during the reset process, which takes 20 to 30 seconds. Some network traffic may be lost. Your local or remote management session with the switch ends when the unit is reset. You must reestablish the session to continue managing the unit.
PAGE 54
Chapter 4: Basic Switch Commands SET ASYN Syntax set asyn speed=1200|2400|4800|9600|19200|38400| 57600|115200 [prompt=”prompt”] Parameter speed Sets the speed of the RS-232 terminal port on the switch. The default is 9600 bps. prompt Specifies the command line prompt. The prompt can be from one to 12 alphanumeric characters. Spaces and special characters are allowed. The prompt must be enclosed in double quotes. This parameter performs the same function as the command SET PROMPT on page 27.
PAGE 55
AT-S62 Command Line User’s Guide SET IP INTERFACE Syntax set ip interface=eth0 ipaddress=ipaddress|dhcp|bootp mask|netmask=subnetmask Parameters interface Specifies the interface number. This value is always “eth0”. ipaddress Specifies an IP address for the switch or activates the DHCP or BOOTP client software. Options are: mask netmask ipaddress Specifies a static IP address. DHCP Activates the DHCP client software. BOOTP Activates the BOOTP client software.
PAGE 56
Chapter 4: Basic Switch Commands Note You cannot manually assign an IP address to the switch if the DHCP or BOOTP client software is activated. To disable the client software, refer to the DISABLE DHCPBOOTP command. To display the current IP address and subnet mask, refer to SHOW IP INTERFACE on page 66. To return the IP address and subnet mask to their default values, refer to PURGE IP on page 48.
PAGE 57
AT-S62 Command Line User’s Guide SET IP ROUTE Syntax set ip route ipaddress=ipaddress Parameter ipaddress Specifies the IP address of the default gateway for the switch. Description This command specifies the IP address of the default gateway for the switch. This IP address is required if you intend to remotely manage the device from a remote management station that is separated from the unit by a router. Example The following command sets the default gateway to 140.35.22.12: set ip route ipaddress=140.
PAGE 58
Chapter 4: Basic Switch Commands SET PASSWORD MANAGER Syntax set password manager Parameters None. Description This command sets the manager’s password. Logging in as manager allows you to view and change all switch parameters. The default password is “friend”. A password can be from 1 to 16 alphanumeric characters. Allied Telesyn recommends avoiding special characters, such as spaces, asterisks or exclamation points, since some web browsers do not accept them in passwords. A password is case sensitive.
PAGE 59
AT-S62 Command Line User’s Guide SET PASSWORD OPERATOR Syntax set password operator Parameters None. Description This command sets the operator’s password. Logging in as operator allows you to only view the switch parameters. The default password is “operator”. The password can be from 1 to 16 alphanumeric characters. Allied Telesyn recommends avoiding special characters, such as spaces, asterisks or exclamation points, since some web browsers do not accept them in passwords.
PAGE 60
Chapter 4: Basic Switch Commands SET SWITCH CONSOLETIMER Syntax set switch consoletimer=value Parameter consoletimer Specifies the console timer in minutes. The range is 1 to 60 minutes. The default is 10 minutes. Description This command sets the console timer, which is used by the management software to end inactive management sessions.
PAGE 61
AT-S62 Command Line User’s Guide SET SYSTEM Syntax set system [name=”name”] [contact=”contact”] [location=”location”] Parameters name Specifies the name of the switch. The name can be from 1 to 39 alphanumeric characters in length and must be enclosed in double quotes (“ “). Spaces are allowed. contact Specifies the name of the network administrator responsible for managing the switch. The contact can be from 1 to 39 alphanumeric characters in length and must be enclosed in double quotes.
PAGE 62
Chapter 4: Basic Switch Commands SET USER PASSWORD Syntax show user manager|operator password=password Parameter password Specifies the new manager or operator password. Description This command changes the passwords for the manager and operator accounts. The default password for the manager account is “friend.” The default for the operator account is “operator.” A password can be from 1 to 16 alphanumeric characters.
PAGE 63
AT-S62 Command Line User’s Guide SHOW ASYN Syntax show asyn Parameters None. Description This command displays the settings for the RS-232 Terminal Port on the switch. To adjust the baud rate, which is the only setting on the port you can change, refer to SET ASYN on page 54.
PAGE 64
Chapter 4: Basic Switch Commands SHOW CONFIG Syntax show config [dynamic] [info] Parameters dynamic Displays the settings for all the switch and port parameters in their equivalent command line commands. info Displays all switch settings. Description This command, when used without any parameter, displays two pieces of information. The first is the “Boot configuration file.” This is the configuration file the switch uses the next time it is reset or power cycled.
PAGE 65
AT-S62 Command Line User’s Guide SHOW DHCPBOOTP Syntax show dhcpbootp Parameters None. Description This command displays the status of the DHCP and BOOTP client software on the switch. If neither is activated, the status will be “disabled.” The default setting is disabled. To enable the DHCP and BOOTP client software, refer to ENABLE BOOTP on page 41, ENABLE DHCP on page 42, or ENABLE IP REMOTEASSIGN on page 43.
PAGE 66
Chapter 4: Basic Switch Commands SHOW IP INTERFACE Syntax show ip interface=eth0 Parameters interface Specifies the switch’s interface number. This value is always “eth0”. Description This command displays the current values for the following switch parameters: ❑ IP address ❑ Subnet mask ❑ Default gateway To manually set the IP address and subnet mask, refer to SET IP INTERFACE on page 55. To manually set the default gateway address, refer to SET IP ROUTE on page 57.
PAGE 67
AT-S62 Command Line User’s Guide SHOW IP ROUTE Syntax show ip route Parameters None. Description This command displays the switch’s default gateway address. You can also display the gateway address using SHOW IP INTERFACE on page 66. To manually set the default gateway address, refer to SET IP ROUTE on page 57.
PAGE 68
Chapter 4: Basic Switch Commands SHOW SWITCH Syntax show switch Parameters None.
PAGE 69
AT-S62 Command Line User’s Guide SHOW SYSTEM Syntax show system Parameters None.
PAGE 70
Chapter 5 Simple Network Time Protocol (SNTP) Commands This chapter contains the following commands: ❑ ADD SNTPSERVER PEER|IPADDRESS on page 71 ❑ DELETE SNTPSERVER PEER|IPADDRESS on page 72 ❑ DISABLE SNTP on page 73 ❑ ENABLE SNTP on page 74 ❑ PURGE SNTP on page 75 ❑ SET DATE TIME on page 76 ❑ SET SNTP on page 77 ❑ SHOW SNTP on page 78 ❑ SHOW TIME on page 79 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 71
AT-S62 Command Line User’s Guide ADD SNTPSERVER PEER|IPADDRESS Syntax add sntpserver peer|ipaddress=ipaddress Parameter peer ipaddress Specifies the IP address of an SNTP server. These parameters are equivalent. Description This command adds the IP address of an SNTP server to the SNTP client software on the switch. The switch uses the SNTP server to set its date and time. If an IP address has already been assigned, the new address overwrites the old address.
PAGE 72
Chapter 5: Simple Network Time Protocol (SNTP) Commands DELETE SNTPSERVER PEER|IPADDRESS Syntax delete sntpserver peer|ipaddress=ipaddress Parameter peer ipaddress Specifies the IP address of an SNTP server. The parameters are equivalent. Description This command deletes the IP address of the SNTP server from the SNTP client software on the switch and returns the parameter to the default value of 0.0.0.0. To view the IP address, refer to SHOW SNTP on page 78.
PAGE 73
AT-S62 Command Line User’s Guide DISABLE SNTP Syntax disable sntp Parameters None. Description This command disables the SNTP client software on the switch. The default setting for SNTP is disabled.
PAGE 74
Chapter 5: Simple Network Time Protocol (SNTP) Commands ENABLE SNTP Syntax enable sntp Parameters None. Description This command enables the SNTP client software on the switch. The default setting for SNTP is disabled. Once enabled, the switch will obtain its date and time from an SNTP server, assuming that you have specified a server IP address with ADD SNTPSERVER PEER|IPADDRESS on page 71.
PAGE 75
AT-S62 Command Line User’s Guide PURGE SNTP Syntax purge sntp Parameters None. Description This command disables the SNTP client software and returns its parameters to the default values.
PAGE 76
Chapter 5: Simple Network Time Protocol (SNTP) Commands SET DATE TIME Syntax set date=dd-mm-yyyy time=hh:mm:ss Parameter date Specifies the date for the switch in day-month-year format. time Specifies the hour, minute, and second for the switch’s time in 24-hour format. Description This command sets the date and time on the switch. You can use this command to set the switch’s date and time if you are not using an SNTP server. To view the current time, refer to SHOW TIME on page 79.
PAGE 77
AT-S62 Command Line User’s Guide SET SNTP Syntax set sntp [dst=enabled|disabled] [pollinterval=value] [utcoffset=value] Parameters dst Enables or disables daylight savings time. pollinterval Specifies the time interval between two successive queries to the SNTP server. The range is 60 to 1200 seconds. The default is 600 seconds. utcoffset Specifies the time difference in hours between UTC and local time. The range is -12 to +12 hours. The default is 0 hours.
PAGE 78
Chapter 5: Simple Network Time Protocol (SNTP) Commands SHOW SNTP Syntax show sntp Parameters None. Description This command displays the following information: ❑ Status of the SNTP client software ❑ SNTP server IP address ❑ UTC Offset ❑ Daylight Savings Time (DST) - enabled or disabled ❑ Poll interval ❑ Last Delta - The last adjustment that had to be applied to the system time. It is the drift in the system clock between two successive queries to the SNTP server.
PAGE 79
AT-S62 Command Line User’s Guide SHOW TIME Syntax show time Parameters None. Description This command shows the switch’s current date and time. Example The following command shows the system’s date and time.
PAGE 80
Chapter 6 SNMPv1 and SNMPv2 Community Strings and Trap Commands This chapter contains the following commands: ❑ ADD SNMP COMMUNITY on page 81 ❑ CREATE SNMP COMMUNITY on page 83 ❑ DELETE SNMP COMMUNITY on page 86 ❑ DESTROY SNMP COMMUNITY on page 88 ❑ DISABLE SNMP on page 89 ❑ DISABLE SNMP AUTHENTICATETRAP on page 90 ❑ DISABLE SNMP COMMUNITY on page 91 ❑ ENABLE SNMP on page 92 ❑ ENABLE SNMP AUTHENTICATETRAP on page 93 ❑ ENABLE SNMP COMMUNITY on page 94 ❑ SET SNMP COMMUNITY on page 95 ❑ SHOW SNMP on page 97
PAGE 81
AT-S62 Command Line User’s Guide ADD SNMP COMMUNITY Syntax add snmp community=”community” [traphost=ipaddress] [manager=ipaddress] Parameters community Specifies an existing SNMP community string on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or special character, such as an exclamation point. Otherwise, the quotes are optional. traphost Specifies the IP address of a trap receiver.
PAGE 82
Chapter 6: SNMPv1 and SNMPv2 Community Strings and Trap Commands The following command adds the IP address 149.212.10.11 as a trap receiver to the “public” community string: add snmp community=public traphost=149.212.10.
PAGE 83
AT-S62 Command Line User’s Guide CREATE SNMP COMMUNITY Syntax create snmp community=”community” [access=read|write] [open=yes|no|on|off|true|false] [traphost=ipaddress] [manager=ipaddress] Parameters community Specifies a new community string. The maximum length of a community string is 15 characters. Spaces are allowed. The name must be enclosed in double quotes if it includes a space or special character, such as an exclamation point. Otherwise, the quotes are optional. The string is case sensitive.
PAGE 84
Chapter 6: SNMPv1 and SNMPv2 Community Strings and Trap Commands manager Specifies the IP address of a management station that can use the community string to access the switch. This option applies if you specify the status of the community string as closed. A community string can have up to eight IP addresses of management workstations, but only one can be assigned with this option. Description This command creates a new SNMP community string on the switch.
PAGE 85
AT-S62 Command Line User’s Guide Examples The following command creates the new community string “serv12” with read access level and an access status of open: create snmp community=serv12 access=read open=yes The following command creates the new community string “wind11” with read and write access level.
PAGE 86
Chapter 6: SNMPv1 and SNMPv2 Community Strings and Trap Commands DELETE SNMP COMMUNITY Syntax delete snmp community=”community” traphost=ipaddress manager=ipaddress Parameters community Specifies the SNMP community string on the switch to be modified. The community string must already exist on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or special character, such as an exclamation point. Otherwise, the quotes are optional.
PAGE 87
AT-S62 Command Line User’s Guide The following command deletes the IP address 149.212.44.45 of a trap receiver from the community string “public.” delete snmp community=public traphost=149.212.44.
PAGE 88
Chapter 6: SNMPv1 and SNMPv2 Community Strings and Trap Commands DESTROY SNMP COMMUNITY Syntax destroy snmp community=”community” Parameter community Specifies an SNMP community string to delete from the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or special character, such as an exclamation point. Otherwise, the quotes are optional. Description This command deletes an SNMP community string from the switch.
PAGE 89
AT-S62 Command Line User’s Guide DISABLE SNMP Syntax disable snmp Parameters None. Description This command disables SNMP on the switch. You cannot manage the unit from an SNMP management station when SNMP is disabled. The default setting for SNMP is disabled.
PAGE 90
Chapter 6: SNMPv1 and SNMPv2 Community Strings and Trap Commands DISABLE SNMP AUTHENTICATETRAP Syntax disable snmp authenticatetrap|authenticate_trap Parameters None. Description This command stops the switch from sending authentication failure traps to trap receivers. However, the switch will continue to send other system traps, such as alarm traps. The default setting for sending authentication failure traps is enabled. The AUTHENTICATETRAP and AUTHENTICATE_TRAP keywords are equivalent.
PAGE 91
AT-S62 Command Line User’s Guide DISABLE SNMP COMMUNITY Syntax disable snmp community=”community” Parameter community Specifies an SNMP community string to disable on the switch. This parameter is case sensitive. The string must be enclosed in double quotes if it contains a space or special character, such as an exclamation point. Otherwise, the quotes are optional. Description This command disables a community string on the switch, while leaving SNMP and all other community strings active.
PAGE 92
Chapter 6: SNMPv1 and SNMPv2 Community Strings and Trap Commands ENABLE SNMP Syntax enable snmp Parameters None. Description This command activates SNMP on the switch. Once activated, you can remotely manage the unit with an SNMP application program from a management station on your network. The default setting for SNMP on the switch is disabled.
PAGE 93
AT-S62 Command Line User’s Guide ENABLE SNMP AUTHENTICATETRAP Syntax enable snmp authenticatetrap|authenticate_trap Parameters None. Description This command configures the switch to send authentication failure traps to trap receivers. The switch sends an authentication failure trap whenever a SNMP management station attempts to access the switch using an incorrect or invalid community string, or the management station’s IP address has not been added to a community string that has a closed access status.
PAGE 94
Chapter 6: SNMPv1 and SNMPv2 Community Strings and Trap Commands ENABLE SNMP COMMUNITY Syntax enable snmp community=”community” Parameters community Specifies an SNMP community string. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or special character, such as an exclamation point. Otherwise, the quotes are optional. Description This command activates a community string on the switch. The default setting for a community string is enabled.
PAGE 95
AT-S62 Command Line User’s Guide SET SNMP COMMUNITY Syntax set snmp community=”community” [access=read|write] [open=yes|no] Parameters community Specifies the SNMP community string whose access level or access status is to be changed. This community string must already exist on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or special character, such as an exclamation point. Otherwise, the quotes are optional.
PAGE 96
Chapter 6: SNMPv1 and SNMPv2 Community Strings and Trap Commands The following command changes the access level for the SNMP community string “serv12” to read and write with open access: set snmp community=serv12 access=write open=yes 96
PAGE 97
AT-S62 Command Line User’s Guide SHOW SNMP Syntax show snmp [community=”community”] Parameter community Specifies a community string on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or special character, such as an exclamation point. Otherwise, the quotes are optional. Default community strings are “public” and “private.
PAGE 98
Chapter 6: SNMPv1 and SNMPv2 Community Strings and Trap Commands ❑ Management station IP addresses - These are the IP addresses of management stations that can access the switch through a community string that has a closed access status. (Management station IP addresses are displayed only when you specify a specific community string using the COMMUNITY parameter in this command.) To add IP addresses of management stations to a community string, refer to ADD SNMP COMMUNITY on page 81.
PAGE 99
Chapter 7 SNMPv3 Commands This chapter contains the following commands: ❑ ADD SNMPV3 USER on page 101 ❑ CLEAR SNMPV3 ACCESS on page 103 ❑ CLEAR SNMPV3 COMMUNITY on page 105 ❑ CLEAR SNMPV3 NOTIFY on page 106 ❑ CLEAR SNMPV3 TARGETADDR on page 107 ❑ CLEAR SNMPV3 VIEW on page 108 ❑ CREATE SNMPV3 ACCESS on page 109 ❑ CREATE SNMPV3 COMMUNITY on page 112 ❑ CREATE SNMPV3 GROUP on page 114 ❑ CREATE SNMPV3 NOTIFY on page 116 ❑ CREATE SNMPV3 TARGETADDR on page 118 ❑ CREATE SNMPV3 TARGETPARAMS on page 120 ❑ CREATE SN
PAGE 100
Chapter 7: SNMPv3 Commands ❑ DESTROY SNMPv3 TARGETADDR on page 130 ❑ DESTROY SNMPv3 TARGETPARMS on page 131 ❑ DESTROY SNMPV3 VIEW on page 132 ❑ SET SNMPV3 ACCESS on page 133 ❑ SET SNMPV3 COMMUNITY on page 135 ❑ SET SNMPV3 GROUP on page 137 ❑ SET SNMPV3 NOTIFY on page 139 ❑ SET SNMPV3 TARGETADDR on page 141 ❑ SET SNMPV3 TARGETPARAMS on page 143 ❑ SET SNMPV3 USER on page 145 ❑ SET SNMPV3 VIEW on page 147 ❑ SHOW SNMPV3 ACCESS on page 149 ❑ SHOW SNMPV3 COMMUNITY on page 150 ❑ SHOW SNMPv3 GROUP on page 151 ❑ SH
PAGE 101
AT-S62 Command Line User’s Guide ADD SNMPV3 USER Syntax add snmpv3 user=user [authentication=md5|sha] authpassword=password privpassword=password [storagetype=volatile|nonvolatile] Parameters user Specifies the name of an SNMPv3 user, up to 32 alphanumeric characters. authentication Specifies the authentication protocol that is used to authenticate this user with an SNMP entity (manager or NMS). If you do not specify an authentication protocol, this parameter is automatically set to None.
PAGE 102
Chapter 7: SNMPv3 Commands volatile Does not allow you to save the table entry to the configuration file on the switch. This is the default. nonvolatile Allows you to save the table entry to the configuration file on the switch. Description This command creates an SNMPv3 User Table entry.
PAGE 103
AT-S62 Command Line User’s Guide CLEAR SNMPV3 ACCESS Syntax clear snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] readview writeview notifyview Parameters access Specifies the name of the security group, up to 32 alphanumeric characters. securitymodel Specifies the security model. The options are: securitylevel v1 Associates the Security Name, or User Name, with the SNMPv1 protocol.
PAGE 104
Chapter 7: SNMPv3 Commands notifyview Specifies a Notify View Name that allows the users assigned to this security group to send traps permitted in the specified View. This is an optional parameter. Description This command clears the specified fields in an SNMPv3 Access Table entry. Examples The follow command clears the readview parameter in a security group called “Engineering” which has a security model of the SNMPv3 protocol and a security level of privacy.
PAGE 105
AT-S62 Command Line User’s Guide CLEAR SNMPV3 COMMUNITY Syntax clear snmpv3 community index=index transporttag Parameters index Specifies the name of an existing SNMPv3 Community Table entry, up to 32 alphanumeric characters. transporttag Specifies the transport tag, up to 32 alphanumeric characters. Description This command clears the transporttag parameter in an SNMPv3 Community Table entry.
PAGE 106
Chapter 7: SNMPv3 Commands CLEAR SNMPV3 NOTIFY Syntax clear snmpv3 notify=notify tag Parameters notify Specifies the name of an SNMPv3 Notify Table entry, up to 32 alphanumeric characters. tag Specifies the notify tag name, up to 32 alphanumeric characters. Description This command clears the value of the tag parameter in an SNMPv3 Notify Table entry. Examples The following command deletes the value of the tag parameter in an SNMPv3 Notify Table entry called “hwengtrap.
PAGE 107
AT-S62 Command Line User’s Guide CLEAR SNMPV3 TARGETADDR Syntax clear snmpv3 targetaddr=targetaddr taglist Parameters targetaddr Specifies the name of the SNMPv3 Target Address Table entry, up to 32 alphanumeric characters. taglist Specifies a tag or list of tags, up to 256 alphanumeric characters. Description This command clears the value of the taglist parameter in an SNMPv3 Target Address Table entry.
PAGE 108
Chapter 7: SNMPv3 Commands CLEAR SNMPV3 VIEW Syntax clear snmpv3 view=view [subtree=OID|text] mask Parameters view Specifies the name of the SNMPv3 view, up to 32 alphanumeric characters. subtree Specifies the view of the MIB Tree. Options are: mask OID A numeric value in hexadecimal format. text Text name of the view. Specifies the subtree mask, in hexadecimal format. Description This command clears the value of the mask parameter in an SNMPv3 View Table entry.
PAGE 109
AT-S62 Command Line User’s Guide CREATE SNMPV3 ACCESS Syntax create snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] readview=readview writeview=writeview notifyview=notifyview [storagetype=volatile|nonvolatile] Parameters access Specifies the name of the security group, up to 32 alphanumeric characters. securitymodel Specifies the security model.
PAGE 110
Chapter 7: SNMPv3 Commands writeview Specifies a Write View Name that allows the users assigned to this Security Group to write, or modify, the information in the specified View Table. This is an optional parameter. If you do not assign a value to this parameter, then the writeview parameter defaults to none. notifyview Specifies a Notify View Name that allows the users assigned to this Group Name to send traps permitted in the specified View. This is an optional parameter.
PAGE 111
AT-S62 Command Line User’s Guide In the following command, a security group is created called “hwengineering” with a security model of SNMPv3 and a security level of noauthentication. In addition, the security group has a read view named “internet.” create snmpv3 access=hwengineering securitymodel=v3 securitylevel=authentication readview=internet Note In the above example, the storage type has not been specified. As a result, the storage type for the hwengineering security group is volatile storage.
PAGE 112
Chapter 7: SNMPv3 Commands CREATE SNMPV3 COMMUNITY Syntax create snmpv3 community index=index communityname=communityname securityname=securityname transporttag=transporttag [storagetype=volatile|nonvolatile] Parameters index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. communityname Specifies a password for this community entry, up to 32 alphanumeric characters.
PAGE 113
AT-S62 Command Line User’s Guide The following command creates an SNMP community with an index of 95 and a community name of “12sacramento49.” The user is “regina” and the transport tag “trainingtag.” The storage type for this community is nonvolatile storage.
PAGE 114
Chapter 7: SNMPv3 Commands CREATE SNMPV3 GROUP Syntax create snmpv3 group username=username [securitymodel=v1|v2c|v3] groupname=groupname [storagetype=volatile|nonvolatile] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol.
PAGE 115
AT-S62 Command Line User’s Guide Example The following command creates the SNMPv3 SecurityToGroup Table entry for a user named Nancy. The security model is set to the SNMPv3 protocol. The group name, or security group, for this user is the “admin” group. The storage type is set to nonvolatile storage. create snmpv3 group username=Nancy securitymodel=v3 groupname=admin storagetype=nonvolatile The following command creates the SNMPv3 SecurityToGroup Table entry for a user named princess.
PAGE 116
Chapter 7: SNMPv3 Commands CREATE SNMPV3 NOTIFY Syntax create snmpv3 notify=notify tag=tag [type=trap|inform] [storagetype=volatile|nonvolatile] Parameters notify Specifies the name of an SNMPv3 Notify Table entry, up to 32 alphanumeric characters. tag Specifies the notify tag name, up to 32 alphanumeric characters. This is an optional parameter. type Specifies the message type. This is an optional parameter.
PAGE 117
AT-S62 Command Line User’s Guide Examples In the following command, the SNMPv3 Notify Table entry is called “testengtrap1” and the notify tag is “testengtag1.” The message type is defined as a trap message and the storage type for this entry is nonvolatile storage. create snmpv3 notify=testengtrap1 tag=testengtag1 type=trap storagetype=nonvolatile In the following command, the SNMPv3 Notify Table entry is called “testenginform5” and the notify tag is “testenginformtag5.
PAGE 118
Chapter 7: SNMPv3 Commands CREATE SNMPV3 TARGETADDR Syntax create snmpv3 targetaddr=targetaddr params=params ipaddress=ipaddress udpport=udpport timeout=timeout retries=retries taglist=taglist [storagetype=volatile|nonvolatile] Parameters targetaddr Specifies the name of the SNMP manager, or host, that manages the SNMP activity on the switch, up to 32 alphanumeric characters. params Specifies the target parameters name, up to 32 alphanumeric characters. ipaddress Specifies the IP address of the host.
PAGE 119
AT-S62 Command Line User’s Guide Examples In the following command, the name of the Target Address Table entry is “snmphost1.” In addition, the params parameter is assigned to “snmpv3manager” and the IP address is 198.1.1.1. The tag list consists of “swengtag,” “hwengtag,” and “testengtag.” The storage type for this table entry is nonvolatile storage. create snmpv3 targetaddr=snmphost1 params=snmpv3manager ipaddress=198.1.1.
PAGE 120
Chapter 7: SNMPv3 Commands CREATE SNMPV3 TARGETPARAMS Syntax create snmpv3 targetparams=targetparams username=username [securitymodel=v1|v2c|v3] [messageprocessing=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] [storagetype=volatile|nonvolatile] Parameters targetparams Specifies the name of the SNMPv3 Target Parameters Table entry, up to 32 alphanumeric characters. username Specifies a user name configured in the SNMPv3 User Table.
PAGE 121
AT-S62 Command Line User’s Guide securitylevel storagetype Specifies the security level. The options are: noauthentication This option provides no authentication protocol and no privacy protocol. authentication This option provides an authentication protocol, but no privacy protocol. privacy This option provides an authentication protocol and the privacy protocol. Specifies the storage type of this table entry. This is an optional parameter.
PAGE 122
Chapter 7: SNMPv3 Commands CREATE SNMPV3 VIEW Syntax create snmpv3 view=view [subtree=OID|text] mask=mask [type=included|excluded] [storagetype=volatile|nonvolatile] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view of the MIB Tree. The options are: OID A numeric value in hexadecimal format. text Text name of the view. mask Specifies the subtree mask, in hexadecimal format. type Specifies the view type. This is an optional parameter.
PAGE 123
AT-S62 Command Line User’s Guide Examples The following command creates an SNMPv3 View Table entry called “internet1” with a subtree value of the Internet MIBs and a view type of included. The storage type for this table entry is nonvolatile storage. create snmpv3 view=internet1 subtree=internet type=included storagetype=nonvolatile The following command creates an SNMPv3 View Table entry called “tcp1” with a subtree value of the TCP/IP MIBs and a view type of excluded.
PAGE 124
Chapter 7: SNMPv3 Commands DELETE SNMPV3 USER Syntax delete snmpv3 user=user Parameters user Specifies the name of an SNMPv3 user to delete from the switch. Description This command deletes an SNMPv3 User Table entry. After you delete an SNMPv3 user from the switch, you cannot recover it. Examples The following command deletes the user named “wilson890.” delete snmpv3 user=wilson890 The following command deletes the user named “75murthy75.
PAGE 125
AT-S62 Command Line User’s Guide DESTROY SNMPv3 ACCESS Syntax destroy snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] Parameter access Specifies an SNMPv3 Access Table entry. securitymodel Specifies the security model of the user name specified above. The options are: securitylevel v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol.
PAGE 126
Chapter 7: SNMPv3 Commands Examples The following command deletes the SNMPv3 Access Table entry called “swengineering” with a security model of the SNMPv3 protocol and a security level of authentication. destroy snmpv3 access=swengineering securitymodel=v3 securitylevel=authentication The following command deletes the SNMPv3 Access Table entry called “testengineering” with a security model of the SNMPv3 protocol and a security level of privacy.
PAGE 127
AT-S62 Command Line User’s Guide DESTROY SNMPv3 COMMUNITY Syntax destroy snmpv3 community index=index Parameter index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. Description This command deletes an SNMPv3 Community Table entry. After you delete an SNMPv3 Community Table entry, you cannot recover it. Examples The following command deletes an SNMPv3 Community Table entry with an index of 1001.
PAGE 128
Chapter 7: SNMPv3 Commands DESTROY SNMPv3 GROUP Syntax destroy snmpv3 group username=username [securitymodel=v1|v2c|v3] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol. v3 Associates the Security Name, or User Name, with the SNMPv3 protocol.
PAGE 129
AT-S62 Command Line User’s Guide DESTROY SNMPv3 NOTIFY Syntax destroy snmpv3 notify=notify Parameter notify Specifies an SNMPv3 Notify Table entry. Description This command deletes an SNMPv3 Notify Table entry. After you delete an SNMPv3 Notify Table entry, you cannot recover it. Examples The following command deletes an SNMPv3 Notify Table entry called “systemtestnotifytrap.” destroy snmpv3 notify=systemtestnotifytrap The following command deletes an SNMPv3 Notify Table entry called “engineeringinform1.
PAGE 130
Chapter 7: SNMPv3 Commands DESTROY SNMPv3 TARGETADDR Syntax destroy snmpv3 targetaddr=target Parameter targetaddr Specifies an SNMPv3 Target Address table entry. Description This command deletes an SNMPv3 Target Address Table entry. After you delete an SNMPv3 Target Address Table entry, you cannot recover it. Examples The following command deletes an SNMPv3 Address Table entry called “snmpv3host77.
PAGE 131
AT-S62 Command Line User’s Guide DESTROY SNMPv3 TARGETPARMS Syntax destroy snmpv3 targetparams=targetparams Parameter targetparams Specifies an SNMPv3 Target Parameters table entry. Description This command deletes an SNMPv3 Target Parameters Table entry. After you delete an SNMPv3 Target Parameters Table entry, you cannot recover it. Examples The following command deletes the SNMPv3 Target Parameters Table entry called “targetparameter1.
PAGE 132
Chapter 7: SNMPv3 Commands DESTROY SNMPV3 VIEW Syntax destroy snmpv3 view=view [subtree=OID|text] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view subtree view. The options are: OID A numeric value in hexadecimal format. text Text name of the view. Description This command deletes an SNMPv3 View Table entry. After you delete an SNMPv3 View Table entry, you cannot recover it.
PAGE 133
AT-S62 Command Line User’s Guide SET SNMPV3 ACCESS set snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] readview=readview writeview=writeview notifyview=notifyview [storagetype=volatile|nonvolatile] Parameters access Specifies the name of the group, up to 32 alphanumeric characters. securitymodel Specifies the security model. Options are: securitylevel v1 Associates the Security Name, or User Name, with the SNMPv1 protocol.
PAGE 134
Chapter 7: SNMPv3 Commands storagetype Specifies the storage type of this table entry. This is an optional parameter. The options are: volatile Does not allow you to save the table entry to the configuration file on the switch. This is the default. nonvolatile Allows you to save the table entry to the configuration file on the switch. Description This command modifies an SNMPv3 Access Table entry. Examples The following command modifies the group called engineering.
PAGE 135
AT-S62 Command Line User’s Guide SET SNMPV3 COMMUNITY Syntax set snmpv3 community index=index communityname=communityname securityname=securityname transporttag=transporttag [storagetype=volatile|nonvolatile] Parameters index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. communityname Specifies a password of this community, up to 32 alphanumeric characters. securityname Specifies the name of an SNMPv1 and SNMPv2 user, up to 32 alphanumeric characters.
PAGE 136
Chapter 7: SNMPv3 Commands The following command modifies the community table entry with an index of 52. The community has a password of “oldmiss71” and a security name of “jjhuser234.” The transport tag is set to “testtag40.
PAGE 137
AT-S62 Command Line User’s Guide SET SNMPV3 GROUP Syntax set snmpv3 group username=username [securitymodel=v1|v2c|v3] groupname=groupname [storagetype=volatile|nonvolatile] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol.
PAGE 138
Chapter 7: SNMPv3 Commands Examples The following command modifies the SecurityToGroup Table entry with a user name of “nancy28.” The security model is the SNMPv3 protocol. and the group name is set to engineering. set snmpv3 group username=nancy28 securitymodel=v3 groupname=engineering The following command modifies the SecurityToGroup Table entry with a user name of “nelvid.” The security model is the SNMPv3 protocol and the group name “systemtest.
PAGE 139
AT-S62 Command Line User’s Guide SET SNMPV3 NOTIFY Syntax set snmpv3 notify=notify tag=tag [type=trap|inform] [storagetype=volatile|nonvolatile] Parameters notify Specifies the name associated with the trap message, up to 32 alphanumeric characters. tag Specifies the notify tag name, up to 32 alphanumeric characters. type Specifies the message type. Options are: storagetype trap Trap messages are sent, with no response expected from the host.
PAGE 140
Chapter 7: SNMPv3 Commands The following command modifies an SNMPv3 Notify Table entry called “systemtestinform5.” The notify tag is “systemtestinform5tag” and the message type is an inform message.
PAGE 141
AT-S62 Command Line User’s Guide SET SNMPV3 TARGETADDR Syntax set snmpv3 targetaddr=targetaddr params=params ipaddress=ipaddress udpport=udpport timeout=timeout retries=retries taglist=taglist [storagetype=volatile|nonvolatile] Parameters targetaddr Specifies the name of the SNMP entity (NMS or manager) that manages the SNMP activity on the switch, up to 32 alphanumeric characters. params Specifies the target parameters name, up to 32 alphanumeric characters. This is an optional parameter.
PAGE 142
Chapter 7: SNMPv3 Commands Description This command modifies an SNMPv3 Target Address Table entry. Examples The following command modifies the Target Address Table entry with a value of “snmphost.” The params parameter is set to “targetparameter7” and the IP address is 198.1.1.1. The taglist is set to “systemtesttraptag” and “systemtestinformtag.” set snmpv3 targetaddr=snmphost params=targetparameter7 ipaddress=198.1.1.
PAGE 143
AT-S62 Command Line User’s Guide SET SNMPV3 TARGETPARAMS Syntax set snmpv3 targetparams=targetparams username=username [securitymodel=v1|v2c|v3] [messageprocessing=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] [storagetype=volatile|nonvolatile] Parameters targetparams Specifies the target parameters name, up to 32 alphanumeric characters. username Specifies the user name. securitymodel Specifies the security model of the above user name.
PAGE 144
Chapter 7: SNMPv3 Commands securitylevel storagetype Specifies the security level. The options are: noauthentication This option provides no authentication protocol and no privacy protocol. authentication This option provides an authentication protocol, but no privacy protocol. privacy This option provides an authentication protocol and the privacy protocol. Specifies the storage type of this table entry. This is an optional parameter.
PAGE 145
AT-S62 Command Line User’s Guide SET SNMPV3 USER Syntax set snmpv3 user=user [authentication=md5|sha] authpassword=password privpassword=password [storagetype=volatile|nonvolatile] Parameters user Specifies the name of an SNMPv3 user, up to 32 alphanumeric characters. authentication Specifies the authentication protocol that is used to authenticate this user with an SNMPv3 entity (or NMS). The default is no authentication. The options are: md5 The MD5 authentication protocol.
PAGE 146
Chapter 7: SNMPv3 Commands Examples The following command modifies a User Table entry called “atiuser104”. The authentication protocol is set to the MD5 protocol and the authentication password is “atlanta45denver.” The DES privacy protocol is on and the privacy password is “denvertoatlanta3.” set snmpv3 user=atiuser104 authentication=md5 authpassword=atlanta45denver privpassword=denvertoatlanta3 The following command modifies a User Table entry called “atiuser104.
PAGE 147
AT-S62 Command Line User’s Guide SET SNMPV3 VIEW Syntax set snmpv3 view=view [subtree=OID|text] mask=mask [type=included|excluded] [storagetype=volatile|nonvolatile] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view subtree view. Options are: OID A numeric value in hexadecimal format. text Text name of the view. mask Specifies the subtree mask, in hexadecimal format. type Specifies the view type.
PAGE 148
Chapter 7: SNMPv3 Commands Examples The following command modifies the view called “internet1.” The subtree is set to the Internet MIBs and the view type is included. set snmpv3 view=internet1 subtree=internet type=included The following command modifies the view called system. The subtree is set to 1.3.6.1.2.1 (System MIBs) and the view type is excluded. set snmpv3 view=system subtree=1.3.6.1.2.
PAGE 149
AT-S62 Command Line User’s Guide SHOW SNMPV3 ACCESS Syntax show snmpv3 access=access Parameter access Specifies an SNMPv3 Access Table entry. Description This command displays the SNMPv3 Access Table. You can display one or all of the table entries. Examples The following command displays the SNMPv3 Access Table entry called “production.
PAGE 150
Chapter 7: SNMPv3 Commands SHOW SNMPV3 COMMUNITY Syntax show snmpv3 community index=index Parameter index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. Description This command displays the SNMPv3 Community Table. You can display one or all of the SNMPv3 Community Table entries.
PAGE 151
AT-S62 Command Line User’s Guide SHOW SNMPv3 GROUP Syntax show snmpv3 group username=username [securitymodel=v1|v2c|v3] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol. v3 Associates the Security Name, or User Name, with the SNMPv3 protocol.
PAGE 152
Chapter 7: SNMPv3 Commands SHOW SNMPV3 NOTIFY Syntax show snmpv3 notify=notify Parameter notify Specifies an SNMPv3 Notify Table entry. Description This command displays SNMPv3 Notify Table entries. You can display one or all of the table entries.
PAGE 153
AT-S62 Command Line User’s Guide SHOW SNMPV3 TARGETADDR Syntax show snmpv3 targetaddr=targetaddr Parameter targetaddr Specifies an SNMPv3 Target Address Table entry. Description This command displays SNMPv3 Target Address Table entries. You can display one or all of the table entries.
PAGE 154
Chapter 7: SNMPv3 Commands SHOW SNMPV3 TARGETPARAMS Syntax show snmpv3 targetparams=targetparams Parameter targetparams Specifies an SNMPv3 Target Parameters Table entry. Description This command displays SNMPv3 Target Parameters Table entries. You can display one or all of the table entries.
PAGE 155
AT-S62 Command Line User’s Guide SHOW SNMPV3 USER Syntax show snmpv3 user=user Parameters user Specifies the name of an SNMPv3 user, up to 32 alphanumeric characters. Description This command displays SNMPv3 User Table entries. You can display one or all of the table entries.
PAGE 156
Chapter 7: SNMPv3 Commands SHOW SNMPV3 VIEW Syntax show snmpv3 view=view [subtree=OID|text] Parameter view Specifies an SNMPv3 View Table entry. subtree Specifies the view subtree view. Options are: OID A numeric value in hexadecimal format. text Text name of the view. Description This command displays the SNMPv3 View Table entries. You can display one or all of the table entries.
PAGE 157
Chapter 8 Port Parameter Commands This chapter contains the following commands: ❑ ACTIVATE SWITCH PORT on page 158 ❑ DISABLE INTERFACE LINKTRAP on page 159 ❑ DISABLE SWITCH PORT on page 160 ❑ DISABLE SWITCH PORT FLOW on page 161 ❑ ENABLE INTERFACE LINKTRAP on page 162 ❑ ENABLE SWITCH PORT on page 163 ❑ ENABLE SWITCH PORT FLOW on page 164 ❑ RESET SWITCH PORT on page 165 ❑ SET SWITCH PORT on page 166 ❑ SET SWITCH PORT RATELIMIT on page 171 ❑ SHOW INTERFACE on page 174 ❑ SHOW SWITCH PORT on page 176 Note Rem
PAGE 158
Chapter 8: Port Parameter Commands ACTIVATE SWITCH PORT Syntax activate switch port=port autonegotiate Parameter port Specifies a port. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description If a port is using Auto-Negotiation to set its speed and duplex mode, this command prompts the port to renegotiate its settings with its end node.
PAGE 159
AT-S62 Command Line User’s Guide DISABLE INTERFACE LINKTRAP Syntax disable interface=port linktrap Parameter port Specifies the port where you want to disable SNMP link traps. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command disables link traps on a port.
PAGE 160
Chapter 8: Port Parameter Commands DISABLE SWITCH PORT Syntax disable switch port=port Parameter port Specifies the port to disable. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command disables a port. Once disabled, a port stops forwarding traffic. The default setting for a port is enabled.
PAGE 161
AT-S62 Command Line User’s Guide DISABLE SWITCH PORT FLOW Syntax disable switch port=port flow=pause Parameter port Specifies the port where you want to deactivate flow control. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command deactivates flow control on a port. Flow control applies only to ports operating in full duplex mode.
PAGE 162
Chapter 8: Port Parameter Commands ENABLE INTERFACE LINKTRAP Syntax enable interface=port linktrap Parameter port Specifies the port on which you want to enable SNMP link traps. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command activates SNMP link traps on the port.
PAGE 163
AT-S62 Command Line User’s Guide ENABLE SWITCH PORT Syntax enable switch port=port Parameter port Specifies the port to enable. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command enables a port. Once enabled, a port begins to forward traffic. The default setting for a port is enabled.
PAGE 164
Chapter 8: Port Parameter Commands ENABLE SWITCH PORT FLOW Syntax enable switch port=port flow=pause Parameter port Specifies the port where you want to activate flow control. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command activates flow control on a port. Flow control only applies to ports operating in full duplex mode.
PAGE 165
AT-S62 Command Line User’s Guide RESET SWITCH PORT Syntax reset switch port=port Parameter port Specifies the port to reset. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command resets a port. The reset takes less that a second to complete. You might reset a port if it is experiencing a problem establishing a link with its end node. The port retains its current operating parameter settings.
PAGE 166
Chapter 8: Port Parameter Commands SET SWITCH PORT Syntax set switch port=port [description=”description”] [status=enabled|disabled] [speed=autonegotiate|10mhalf|10mfull|10mhauto|10m fauto|100mhalf|100mfull|100mhauto|100mfauto|1000m full|1000mfauto] [mdimode=mdi|mdix|auto] [flowcontrol=disable|enable|auto] [fctrllimit=auto|value] [backpressure=yes|no|on|off|true|false|enabled| disabled] [bplimit=auto|value] [bcastfiltering=yes|no|on|off|true|false|enabled| disabled] [holbplimit=value] [renegotiation=auto]
PAGE 167
AT-S62 Command Line User’s Guide speed Sets the speed and duplex mode of the port. Settings for this parameter are: autonegotiate The port Auto-Negotiates both speed and duplex mode.This is the default setting. 10mhalf 10 Mbps and half-duplex mode. 10mfull 10 Mbps and full-duplex mode. 10mhauto 10 Mbps and half-duplex mode with Auto-Negotiation. 10mfauto 10 Mbps and full-duplex mode with Auto-Negotiation. 100mhalf 100 Mbps and half-duplex mode. 100mfull 100 Mbps and full-duplex mode.
PAGE 168
Chapter 8: Port Parameter Commands When flow control is activated, a port sends out a PAUSE packet whenever it wants the end node to stop sending packets. Possible values are: disabled No flow control. enabled Flow control is activated. auto The switch sets flow control to match flow control on the end node connected to the port. If the end node is using flow control, the switch port also uses flow control. If the end node is not using flow control, neither will the switch port.
PAGE 169
AT-S62 Command Line User’s Guide renegotiation Prompts the port to renegotiate its speed and duplex mode with the end node. This parameter only works when the port is using Auto-Negotiation. The only value is: auto Renegotiates with the end node speed and duplex mode. softreset Resets the port. This parameter does not change any of a port’s operating parameters. priority Specifies the port’s 802.1p priority level.
PAGE 170
Chapter 8: Port Parameter Commands Description This command sets a port’s operating parameters. You can set more than one parameter at a time. For an explanation of the port parameters, refer to the AT-S62 Management Software Menus Interface User’s Guide. To configure the fiber optic port on a GBIC or SFP module in Port 49 or 50 of an AT-8550GB or AT-8550SP switch, the port must have a valid connection to an end node. Otherwise, specifying Ports 49 and 50 configure the twisted pair ports 49R and 50R.
PAGE 171
AT-S62 Command Line User’s Guide SET SWITCH PORT RATELIMIT Syntax set switch port=all [rate=value] [bcastratelimiting=yes|no|on|off|true|false| enabled|disabled] [mcastratelimiting=yes|no|on|off|true|false| enabled|disabled] [unkucastratelimiting=yes|no|on|off|true|false| enabled|disabled] Parameters port Specifies all ports on the switch. This feature cannot be configured on a per-port basis. You must specify ALL. rate Specifies the number of ingress packets the switch ports accept each second.
PAGE 172
Chapter 8: Port Parameter Commands table. Settings for this parameter are: yes, on, true, enabled Activates unknown unicast packet rate limit on the port. The values are equivalent. no, off, false, disabled Deactivates unknown unicast packet rate limit on the port. The values are equivalent. Description This command sets the maximum number of ingress multicast, broadcast, and unknown unicast packets the switch ports accept each second. Packets exceeding the threshold are discarded.
PAGE 173
AT-S62 Command Line User’s Guide This command changes the rate limit to 15,000 packets: set switch port=all rate=15000 The following command deactivates unicast rate filtering on all ports: set switch port=all unkucastratelimiting=disabled 173
PAGE 174
Chapter 8: Port Parameter Commands SHOW INTERFACE Syntax show interface=port Parameter port Specifies the port whose interface information you want to display. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command displays the contents of the interface MIB for a port and provides the following information: ❑ ifIndex - The port number.
PAGE 175
AT-S62 Command Line User’s Guide ❑ ifLinkUpDownTrapEnable - Whether or not link traps have been enabled for the port, one of the following: enabled - Link traps are enabled. The switch sends an SNMP link trap whenever there is a change to the status of the link on the port. To disable link traps, see DISABLE INTERFACE LINKTRAP on page 159. disabled - Link traps are disabled. To enable link traps, see ENABLE INTERFACE LINKTRAP on page 162.
PAGE 176
Chapter 8: Port Parameter Commands SHOW SWITCH PORT Syntax show switch port[=port] Parameter port Specifies the port whose parameter settings you want to view. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). All ports are displayed if you omit the port number. Description This command displays a port’s operating parameters, such as speed and duplex mode.
PAGE 177
Chapter 9 MAC Address Table Commands This chapter contains the following commands: ❑ ADD SWITCH FDB|FILTER on page 178 ❑ DELETE SWITCH FDB on page 180 ❑ RESET SWITCH FDB on page 181 ❑ SET SWITCH AGINGTIMER|AGEINGTIMER on page 182 ❑ SHOW SWITCH AGINGTIMER|AGEINGTIMER on page 183 ❑ SHOW SWITCH FDB on page 184 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on the MAC address table.
PAGE 178
Chapter 9: MAC Address Table Commands ADD SWITCH FDB|FILTER Syntax add switch fdb|filter destaddress|macaddress=macaddress port=port vlan=name|vid Note The FDB and FILTER keywords are equivalent. Parameters destaddress macaddress Specifies the static unicast or multicast address to be added to the switch’s MAC address table. The parameters are equivalent.
PAGE 179
AT-S62 Command Line User’s Guide Examples The following command adds the static MAC address 00:A0:D2:18:1A:11 to port 7. It assumes the port where the MAC address is to be assigned is a member of the Default_VLAN: add switch fdb macaddress=00A0D2181A11 port=7 vlan=default_vlan The following command adds the multicast MAC address 01:00:51:00:00 10 to ports 1 to 5.
PAGE 180
Chapter 9: MAC Address Table Commands DELETE SWITCH FDB Syntax delete switch fdb macaddress=macaddress vlan=name|vid Parameters macaddress Specifies the dynamic or static unicast or multicast MAC address to delete from the MAC address table. The address can be entered in either of the following formats: xxxxxxxxxxxx or xx:xx:xx:xx:xx:xx vlan Specifies the VLAN containing the port(s) where the address was learned or assigned. The VLAN can be specified by name or VID.
PAGE 181
AT-S62 Command Line User’s Guide RESET SWITCH FDB Syntax reset switch fdb port=port Parameters port Specifies the port whose dynamic MAC addresses you want to delete from the MAC address table. You can specify more than one port at a time. Description This command deletes the dynamic MAC addresses learned on a specified port. Once a port’s dynamic MAC addresses have been deleted, the port begins to learn new addresses.
PAGE 182
Chapter 9: MAC Address Table Commands SET SWITCH AGINGTIMER|AGEINGTIMER Syntax set switch agingtimer|ageingtimer=value Parameter agingtimer ageingtimer Specifies the aging timer for the MAC address table. The value is in seconds. The range is 0 to 1048575 seconds. The default is 300 seconds (5 minutes). Entering the value 0 (zero) disables the aging timer. The parameters are equivalent. Description The switch uses the aging timer to delete inactive dynamic MAC addresses from the MAC address table.
PAGE 183
AT-S62 Command Line User’s Guide SHOW SWITCH AGINGTIMER|AGEINGTIMER Syntax show switch agingtimer|ageingtimer Parameters None. Description This command displays the current setting for the aging timer. The switch uses the aging timer to delete inactive dynamic MAC addresses from the MAC address table. To set the aging timer, refer to SET SWITCH AGINGTIMER|AGEINGTIMER.
PAGE 184
Chapter 9: MAC Address Table Commands SHOW SWITCH FDB Syntax show switch fdb [address=macaddress] [port=port] [status=static|dynamic|multicast] [vlan=name] Parameters address Specifies a MAC address. Use this parameter to determine the port on the switch on which a particular MAC address was learned (dynamic) or assigned (static). The address can be entered in either of the following formats: xxxxxxxxxxxx or xx:xx:xx:xx:xx:xx port Specifies a port on the switch.
PAGE 185
AT-S62 Command Line User’s Guide The following command displays the static and dynamic multicast addresses: show switch fdb status=multicast The following command displays the port on which the MAC address 00:A0:D2:18:1A:11 was learned (dynamic) or added (static): show switch fdb address=00A0D2181A11 The following command displays the MAC addresses learned on port 2: show switch fdb port=2 The following command displays the MAC addresses learned on the ports in the Sales VLAN: show switch fdb vlan=sales Th
PAGE 186
Chapter 10 Port Trunking Commands This chapter contains the following commands: ❑ ADD SWITCH TRUNK on page 187 ❑ CREATE SWITCH TRUNK on page 188 ❑ DELETE SWITCH TRUNK on page 190 ❑ DESTROY SWITCH TRUNK on page 191 ❑ SET SWITCH TRUNK on page 192 ❑ SHOW SWITCH TRUNK on page 193 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information and guidelines on port trunking.
PAGE 187
AT-S62 Command Line User’s Guide ADD SWITCH TRUNK Syntax add switch trunk=name port=port Parameters trunk Specifies the name of the port trunk to be modified. port Specifies the port to be added to the port trunk. You can add more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-20), or both (for example, 1,14-16). Description This command adds ports to an existing port trunk.
PAGE 188
Chapter 10: Port Trunking Commands CREATE SWITCH TRUNK Syntax create switch trunk=name port=ports [select=macsrc|macdest|macboth|ipsrc|ipdest| ipboth] Parameters trunk Specifies the name of the trunk. The name can be up to 16 alphanumeric characters. No spaces or special characters are allowed. port Specifies the ports to be added to the port trunk. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22).
PAGE 189
AT-S62 Command Line User’s Guide Note Before creating a port trunk, examine the speed, duplex mode, and flow control settings of the lowest numbered port to be in the trunk. Check to be sure that the settings are correct for the end node to which the trunk will be connected. When you create the trunk, the AT-S62 management software copies the settings of the lowest numbered port in the trunk to the other ports so that all the settings are the same.
PAGE 190
Chapter 10: Port Trunking Commands DELETE SWITCH TRUNK Syntax delete switch trunk=name port=port Parameters trunk Specifies the name of the trunk to be modified. port Specifies the port to be removed from the existing port trunk. You can specify more than one port at a time. Description This command removes ports from a port trunk. To view the trunks on a switch, refer to SHOW SWITCH TRUNK on page 193. To completely remove a port trunk from a switch, see DESTROY SWITCH TRUNK on page 191.
PAGE 191
AT-S62 Command Line User’s Guide DESTROY SWITCH TRUNK Syntax destroy switch trunk=name Parameter trunk Specifies the name of the trunk to be deleted. Description This command deletes a port trunk from a switch. Once a port trunk has been deleted, the ports that made up the trunk can be connected to different end nodes. Caution Disconnect the cables from the port trunk on the switch before destroying the trunk.
PAGE 192
Chapter 10: Port Trunking Commands SET SWITCH TRUNK Syntax set switch trunk=name select=[macsrc|macdest|macboth|ipsrc|ipdest| ipboth] Parameters trunk Specifies the name of the port trunk. select Specifies the load distribution method. Options are: macsrc Source MAC address. macdest Destination MAC address. macboth Source address/destination MAC address. ipsrc Source IP address. ipdest Destination IP address. ipboth Source address/destination IP address.
PAGE 193
AT-S62 Command Line User’s Guide SHOW SWITCH TRUNK Syntax show switch trunk Parameters None. Description This command displays the names, ports, and load distribution methods of the port trunks on the switch.
PAGE 194
Chapter 11 Networking Stack Commands This chapter contains the following commands: DELETE IP ARP on page 195 DELETE TCP on page 196 RESET IP ARP on page 197 SET IP ARP on page 198 SHOW IP ARP on page 199 SHOW IP ROUTE on page 200 SHOW TCP on page 201 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information and guidelines on networking stack.
PAGE 195
AT-S62 Command Line User’s Guide DELETE IP ARP Syntax delete ip arp [ipaddress|all] Parameter ipaddress Specifies the IP address of the ARP entry you want to delete from the ARP table. all Specifies the deletion of all non-system ARP entries in the table. Description This command deletes specific or all ARP entries from the ARP table. Example The following command deletes the ARP entry with the IP address of 192.168.1.1: delete ip arp 192.168.1.
PAGE 196
Chapter 11: Networking Stack Commands DELETE TCP Syntax delete tcp indexnumber Parameter indexnumber Specifies the internal socket ID number assigned to the connection. Enter the index number of the TCP connection you want to delete. The range is 0 to 65535 with a default of 0. To display the index number, refer to SHOW TCP on page 201. Description This command deletes a TCP connection.
PAGE 197
AT-S62 Command Line User’s Guide RESET IP ARP Syntax reset ip arp Parameter None Description This command deletes all of the temporary entries in the ARP table.
PAGE 198
Chapter 11: Networking Stack Commands SET IP ARP Syntax set ip arp [timeout=integer] Parameter timeout The range is 1 to 260000 seconds. The default setting is 400 seconds. Description This command prevents the table from becoming full with inactive entries. It allows you to set the timer for removing temporary entries in the ARP table. Inactive temporary entries in the ARP table are timed out according to the ARP cache timeout value which is set with the timeout option.
PAGE 199
AT-S62 Command Line User’s Guide SHOW IP ARP Syntax show ip arp Parameters None Description This command displays the IP addresses in the ARP table. It includes the following fields: Interface The network interface of a table entry. The switch has two network interfaces. The “loopback” designation represents the interface used by the switch for internal diagnostics. The “eth0” designation represents the Ethernet network interface.
PAGE 200
Chapter 11: Networking Stack Commands SHOW IP ROUTE Syntax show ip route Parameter None Description This command displays the IP route table. It includes the following fields: Destination The IP address of a destination network, subnetwork, or end node. Mask A filter used to designate the active part of the destination IP address. A binary 1 in the mask indicates an active bit in the address while a binary 0 indicates that the corresponding bit in the address is not.
PAGE 201
AT-S62 Command Line User’s Guide SHOW TCP Syntax show tcp Parameter None Description This command displays the TCP connections and the TCP global information which is MIB variables defined in TCP group. It includes the following fields: RTO min (ms) and RTO max (min) Retransmit time algorithm parameters. Max connections The maximum number of TCP connections allowed. Active Opens The number of active TCP opens. Active opens initiate connections. Passive Opens The number of TCP passive opens.
PAGE 202
Chapter 11: Networking Stack Commands Out Segs with RST The number of segments transmitted with the RST bit set. Total Number of TCP Listening sockets The number of active listening sockets. There can be a maximum of three listening sockets. One is for the Telnet server, another for SSH, and the last for the web browser server. If a server is disabled, its listening socket does not appear in the table.
PAGE 203
AT-S62 Command Line User’s Guide Example The following command displays the TCP connections and the TCP global information: show tcp 203
PAGE 204
Chapter 12 LACP Commands This chapter contains the following commands: ADD LACP PORT on page 205 CREATE LACP AGGREGATOR on page 207 DELETE LACP PORT on page 209 DESTROY LACP AGGREGATOR on page 210 DISABLE LACP on page 211 ENABLE LACP on page 212 SET LACP AGGREGATOR on page 213 SET LACP PORT on page 214 SET LACP PRIORITY on page 216 SET LACP STATE on page 217 SHOW LACP on page 218 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 205
AT-S62 Command Line User’s Guide ADD LACP PORT Syntax add lacp port=port aggregator=name|adminkey=key priority=priority Parameters port Specifies the port to be added to the aggregator. You can add more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-20), or both (for example, 1,14-16). aggregator Specifies the name of the aggregator. The name is case-sensitive. adminkey Specifies the adminkey of the aggregator.
PAGE 206
Chapter 12: LACP Commands Example The following command adds ports 8 and 22 to an aggregator named “agg_1”: add lacp port=8,22 aggregator=agg_1 The following command adds port 6 to an aggregator with an adminkey number of 1A and assigns the port a priority of 0x10: add lacp port=6 adminkey=0x1a priority=0x10 206
PAGE 207
AT-S62 Command Line User’s Guide CREATE LACP AGGREGATOR Syntax create lacp aggregator=name adminkey=key port=port [distribution=macsrc|macdest|macboth|ipsrc|ipdest| ipboth] Parameters aggregator Specifies the name of the new aggregator. The name can be up to 20 alphanumeric characters. No spaces or special characters are allowed. adminkey Specifies an adminkey number for the aggregator. This is a hexadecimal number in the range of 0x1 to 0xffff.
PAGE 208
Chapter 12: LACP Commands Description This command creates an LACP aggregator. Caution Do not connect the cables to the ports of the aggregator on the switch until after you have configured the aggregator with the management software and enabled LACP. Connecting the cables before configuring the software and activating the protocol will create a loop in your network topology. Data loops can result in broadcast storms and poor network performance.
PAGE 209
AT-S62 Command Line User’s Guide DELETE LACP PORT Syntax delete lacp port=port [aggregator=name] Parameters port Specifies the port to delete from an aggregator. You can delete more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-20), or both (for example, 1,1416). aggregator Specifies the name of the aggregator. The name is case-sensitive. This parameter is optional. Description This command removes a port from an aggregator.
PAGE 210
Chapter 12: LACP Commands DESTROY LACP AGGREGATOR Syntax destroy lacp aggregator=name|adminkey=key Parameter aggregator Specifies the name of the aggregator. The name is case- sensitive. adminkey Specifies the adminkey number of the aggregator. This is a hexadecimal number between 0x1 and 0xffff. Description This command deletes an LACP aggregator from the switch. You can identify the aggregator by its name or adminkey number.
PAGE 211
AT-S62 Command Line User’s Guide DISABLE LACP Syntax disable lacp Parameters None. Description This command disables LACP on the switch. The default is disabled. This command is equivalent to SET LACP STATE on page 217. Caution Do not disable LACP if there are defined aggregators without first disconnecting all cables connected to the aggregate trunk ports. Otherwise, a network loop might occur, resulting in a broadcast storm and poor network performance.
PAGE 212
Chapter 12: LACP Commands ENABLE LACP Syntax enable lacp Parameters None. Description This command enables LACP. The default is disabled. This command is equivalent to SET LACP STATE on page 217.
PAGE 213
AT-S62 Command Line User’s Guide SET LACP AGGREGATOR Syntax set lacp aggregator=name [distribution=macsrc|macdest|macboth|ipsrc|ipdest| ipboth] [adminkey=key] Parameters aggregator Specifies the name of the aggregator. The name is case-sensitive. distribution Specifies one of the following load distribution methods: adminkey macsrc Source MAC address. macdest Destination MAC address. macboth Source address/destination MAC address. This is the default. ipsrc Source IP address.
PAGE 214
Chapter 12: LACP Commands SET LACP PORT Syntax set lacp port=port aggregator=name|adminkey=key priority=priority Parameters port Specifies the port to modify. You can modify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-20), or both (for example, 1,14-16). aggregator Specifies the name of the aggregator. The name is case-sensitive. adminkey Specifies the adminkey number of the aggregator.
PAGE 215
AT-S62 Command Line User’s Guide Note Before adding a port to an aggregator, verify that the port’s speed is set to Auto-Negotiation or 100 Mbps, full-duplex. Aggregate trunks do not support half-duplex mode.
PAGE 216
Chapter 12: LACP Commands SET LACP PRIORITY Syntax set lacp priority=priority Parameters priority Specifies the LACP system priority value for a switch. This is a hexadecimal value from 0x1 to 0xffff. The lower the number, the higher the priority. The default is 0x0080 Description This command sets the LACP priority of the switch. LACP uses the priority to resolve conflicts between two switches to decide which switch makes the decision about which ports to aggregate.
PAGE 217
AT-S62 Command Line User’s Guide SET LACP STATE Syntax set lacp state=enable|disable Parameters state Specifies the state of LACP on the switch. The options are: enable Enables LACP. This option performs the same function as ENABLE LACP on page 212. disable Disables LACP. This is the default. This option performs the same function as DISABLE LACP on page 211. Description This command enables or disables LACP on the switch.
PAGE 218
Chapter 12: LACP Commands SHOW LACP Syntax show lacp [port=port|all] [aggregator=name] [machine=port|all] Parameter port Specifies the port(s) to display. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-20), or both (for example, 1,14-16). aggregator Specifies the name of the aggregator. The name is case-sensitive. machine Specifies the LACP machine state for a port or ports on the system.
PAGE 219
Chapter 13 Port Mirroring Commands This chapter contains the following commands: ❑ SET SWITCH MIRROR on page 220 ❑ SET SWITCH PORT MIRROR on page 221 ❑ SHOW SWITCH MIRROR on page 222 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information and guidelines on port mirroring.
PAGE 220
Chapter 13: Port Mirroring Commands SET SWITCH MIRROR Syntax set switch mirror=port Parameter mirror Specifies the destination port for the port mirror. This is the port where the traffic from the source ports will be copied. You can specify only one port as the destination port. Specifying “0” (zero) disables port mirroring. Description This command enables mirroring and specifies the destination port, or disables mirroring. To select the source ports, refer to SET SWITCH PORT MIRROR on page 221.
PAGE 221
AT-S62 Command Line User’s Guide SET SWITCH PORT MIRROR Syntax set switch port=port mirror=none|rx|tx|both Parameters port Specifies the source ports of a port mirror. You can specify more than one port. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22). mirror Specifies which traffic on the source ports is to be mirrored to the destination port. The options are: rx Specifies ingress mirroring.
PAGE 222
Chapter 13: Port Mirroring Commands SHOW SWITCH MIRROR Syntax show switch mirror Parameters None. Description This command displays the source and destination ports of a port mirror on the switch.
PAGE 223
Chapter 14 Statistics Commands This chapter contains the following commands: ❑ RESET SWITCH PORT COUNTER on page 224 ❑ SHOW SWITCH COUNTER on page 225 ❑ SHOW SWITCH PORT COUNTER on page 226 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on statistics.
PAGE 224
Chapter 14: Statistics Commands RESET SWITCH PORT COUNTER Syntax reset switch port=port counter Parameter port Specifies the port whose statistics counters you want to return to zero. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command returns a port’s statistics counters to zero.
PAGE 225
AT-S62 Command Line User’s Guide SHOW SWITCH COUNTER Syntax show switch counter Parameters None. Description This command displays operating statistics, such as the number of packets received and transmitted, and the number of CRC errors, for the entire switch. For a list of and definitions for the statistics, refer to the AT-S62 Management Software Menus Interface User’s Guide.
PAGE 226
Chapter 14: Statistics Commands SHOW SWITCH PORT COUNTER Syntax show switch port=port counter Parameter port Specifies the port whose statistics you want to view. You can specify more than one port at a time. To view all ports, do not specify a port. Description This command displays the operating statistics for a port on the switch. Examples of the statistics include the number of packets transmitted and received, and the number of CRC errors.
PAGE 227
Chapter 15 File System Commands This chapter contains the following commands: ❑ COPY on page 228 ❑ CREATE CONFIG on page 229 ❑ DELETE FILE on page 230 ❑ RENAME on page 231 ❑ SET CONFIG on page 232 ❑ SHOW FILE on page 234 Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on the switch’s file system.
PAGE 228
Chapter 15: File System Commands COPY Syntax copy “filename1.ext” “filename2.ext” Parameters filename1.ext Specifies the name of the file to be copied. If the name contains spaces, it must be enclosed in double quotes. Otherwise, the quotes are optional. filename2.ext Specifies the name of the copy. If the name contains spaces, it must be enclosed in double quotes. Otherwise, the quotes are optional. Description This command creates a copy of an existing file.
PAGE 229
AT-S62 Command Line User’s Guide CREATE CONFIG Syntax create config=”filename.cfg” Parameter config Specifies the name of a new configuration file. If the filename contains spaces, it must be enclosed in double quotes. Otherwise, the quotes are optional. Description This command creates a new configuration file containing the commands required to recreate the current configuration of the switch. The CONFIG parameter specifies the name of the configuration file to create. The file extension must be “.
PAGE 230
Chapter 15: File System Commands DELETE FILE Syntax delete file=”filename” Parameter file Specifies the name of the file to be deleted. A name with spaces must be enclosed in double quotes. Otherwise, the quotes are optional. You cannot use wildcards. Description This command deletes a file from the file system. To list the files in the file system, refer to SHOW FILE on page 234.
PAGE 231
AT-S62 Command Line User’s Guide RENAME Syntax rename “filename1.ext” “filename2.ext” Parameters filename1.ext Specifies the name of the file to be renamed. If the name contains spaces, enclose it in double quotes. Otherwise, the quotes are optional. filename2.ext Specifies the new name for the file. The filename can be from 1 to 16 alphanumeric characters, not including the filename extension. Spaces are allowed. If the name contains spaces, it must be enclosed in double quotes.
PAGE 232
Chapter 15: File System Commands SET CONFIG Syntax set config=”filename.cfg” Parameter config Specifies the name of the configuration file to act as the active configuration file for the switch. The name can be from 1 to 16 alphanumeric characters, not including the extension “.cfg”. If the filename contains spaces, it must be enclosed in double quotes. Description This command sets the active configuration file for a switch.
PAGE 233
AT-S62 Command Line User’s Guide Example The following command sets the active boot configuration file to switch22.cfg: set config=switch22.cfg The switch uses the switch22.cfg configuration file to configure its settings the next time the unit is reset.
PAGE 234
Chapter 15: File System Commands SHOW FILE Syntax show file=”filename” Parameter file Specifies the name of the file to be displayed. Use double quotes to enclose the name if it contains spaces. Otherwise, the quotes are optional. Description This command displays a list of the files in the switch’s file system. You can use the wildcard “*” to replace any part of the filename to allow a more selective display. You can also use this command to display the contents of a configuration file.
PAGE 235
Chapter 16 File Download and Upload Commands This chapter contains the following commands: ❑ LOAD METHOD=LOCAL on page 236 ❑ LOAD METHOD=TFTP on page 238 ❑ LOAD METHOD=XMODEM on page 242 ❑ UPLOAD METHOD=LOCAL on page 246 ❑ UPLOAD METHOD=REMOTESWITCH on page 248 ❑ UPLOAD METHOD=TFTP on page 253 ❑ UPLOAD METHOD=XMODEM on page 256 Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on downloading and uploading software images and configuration files.
PAGE 236
Chapter 16: File Download and Upload Commands LOAD METHOD=LOCAL Syntax load method=local destfile=appblock srcfile|file=filename Parameters method Specifies a local download. destfile Specifies the application block (APPBLOCK) of the switch’s flash memory. This is the area of memory reserved for the switch’s active AT-S62 image file. srcfile or file Specifies the filename of the AT-S62 image file in the file system that you want to download into the application block.
PAGE 237
AT-S62 Command Line User’s Guide ❑ Once you have downloaded an image file from the file system to the application block, you can delete the image file from the file system to free up space for other files. Example This command downloads an AT-S62 image file already stored in the switch’s file system into the application block, which is the area of flash memory reserved for the active running image. This makes the file the active image file on the switch.
PAGE 238
Chapter 16: File Download and Upload Commands LOAD METHOD=TFTP Syntax load method=tftp destfile=appblock|filename server=ipaddress srcfile|file=filename Parameters method Specifies a TFTP download. destfile Specifies the destination filename for the file. This is the name given to the file when it is stored in the switch’s file system. The name can be from 1 to 15 alphanumeric characters, not including the three-letter extension. If the name includes spaces, enclose it in double quotes.
PAGE 239
AT-S62 Command Line User’s Guide Note In previous versions of the AT-S62 management software this command also performed switch to switch file transfers for copying files from a master switch to other switches in an enhanced stack. That function is now part of UPLOAD METHOD=REMOTESWITCH on page 248 The DESTFILE parameter specifies a name for the file as it will be stored in the file system on the switch. Enclose the name in double quotes if it contains a space.
PAGE 240
Chapter 16: File Download and Upload Commands ❑ There must be a node on your network that contains TFTP server software and the file to be downloaded must be stored on the server. ❑ You should start the TFTP server software before you perform the download command. ❑ The switch where you are downloading the file must have an IP address and subnet mask, such as a master switch.
PAGE 241
AT-S62 Command Line User’s Guide Examples The following command downloads a new configuration file into the switch’s file system using TFTP. The configuration file is stored as “sw 111.cfg” on the TFTP server and is given the name “sw56a.cfg” when stored in the switch’s file system. The TFTP server has the IP address 149.55.55.55: load method=tftp destfile=sw56a.cfg server=149.55.55.55 srcfile=”sw 111.cfg” The following command downloads an SSL certificate to the switch’s file system.
PAGE 242
Chapter 16: File Download and Upload Commands LOAD METHOD=XMODEM Syntax load method=xmodem destfile=appblock|filename Parameters method Specifies an Xmodem download. destfile Specifies the destination filename for the file. This is the name given to the file when it is stored in the switch’s file system. The name can be from 1 to 15 alphanumeric characters, not including the three-letter extension. If the name includes spaces, enclose it in double quotes.
PAGE 243
AT-S62 Command Line User’s Guide The APPBLOCK option of the DESTFILE parameter refers to the switch’s application block, which is the portion of flash memory reserved for the active AT-S62 image. This option downloads a new version of the AT-S62 image file into the application block, making it the active image file on the switch. Note The APPBLOCK option should only be used when downloading a new AT-S62 image file, and not with any other file type.
PAGE 244
Chapter 16: File Download and Upload Commands Note Downloading an AT-S62 image file into a switch’s file system rather than into the application block should be perform with care. The file will take up most of the 2 megabytes of space in the file system, leaving little room for other files, such as configuration files and SSL certificates. Examples The following command downloads a new configuration file onto the switch. The configuration file is given the name “switch12.
PAGE 245
AT-S62 Command Line User’s Guide The following command downloads a new version of the AT-S62 image file to the switch’s file system instead of the application block. It does this by replacing the APPBLOCK option with a filename, in this case “ats62v1_3_0.img”. The image file is stored in the switch’s file system with this name: load method=xmodem destfile=ats62v1_3_0.img Since the file is stored in the switch’s file system and not the application block, the switch does not use it as its active image file.
PAGE 246
Chapter 16: File Download and Upload Commands UPLOAD METHOD=LOCAL Syntax upload method=local destfile=filename srcfile|file=appblock Parameters method Specifies a local upload. destfile Specifies a filename for the AT-S62 image file. If the name contains spaces, enclose the name in quotes. srcfile or file Specifies the application block (APPBLOCK), where the active AT-S62 image file is stored.
PAGE 247
AT-S62 Command Line User’s Guide Example The following command uploads the active AT-S62 image from the switch’s application block to the file system and assigns it the name “sw12 s62 image.img”: upload method=local destfile=”sw12 s62 image.
PAGE 248
Chapter 16: File Download and Upload Commands UPLOAD METHOD=REMOTESWITCH Syntax upload method=remoteswitch srcfile|file=appblock|switchcfg|filename switchlist=switches [verbose=yes|no|on|off|true|false] Parameters method Specifies a switch to switch upload. srcfile or file Specifies the file to be uploaded from the master switch. Options are: filename Specifies the name of a configuration file in the master switch’s file system. appblock Uploads the master switch’s active AT-S62 image file.
PAGE 249
AT-S62 Command Line User’s Guide This command offers a simply means for updating multiple switches in a stack. For instance, to update switches with a new version of the AT-S62 image file, you can update the master switch first and then use a switch to switch upload to update the other switches in the stack. You can also have a master switch distribute a configuration file to the other switches.
PAGE 250
Chapter 16: File Download and Upload Commands system. To select the switch’s current configuration file, use the SWITCHCFG option of the SRCFILE or FILE parameter. To upload another configuration file, omit the SWITCHCFG option and instead specify the file’s name.
PAGE 251
AT-S62 Command Line User’s Guide Examples The following command uploads the active AT-S62 image file on a master switch to switch 2 in an enhanced stack. (Switch numbers are displayed with SHOW REMOTELIST on page 35.) upload method=remoteswitch srcfile=appblock switchlist=2 The active AT-S62 image file on the master switch is indicated with the APPBLOCK option of the SRCFILE parameter. Caution After a switch receives the AT-S62 image file, it resets itself and initializes the software.
PAGE 252
Chapter 16: File Download and Upload Commands The following command uploads the configuration file “sales_switches.cfg” from a master switch to switch 4: upload method=remoteswitch srcfile=sales_switches.cfg switchlist=4 After the switch receives the file, it marks the file as its active boot configuration file and automatically resets itself so that it starts running with the new settings. Since the configuration file was designated by its filename, the entire file without modifications is uploaded.
PAGE 253
AT-S62 Command Line User’s Guide UPLOAD METHOD=TFTP Syntax upload method=tftp destfile=filename server=ipaddress srcfile|file=switchcfg|filename|appblock Parameters method Specifies a TFTP upload. destfile Specifies a filename for the uploaded file. This is the name given the file when it is stored on the TFTP server. If the name contains spaces, enclose it in quotes. server Specifies the IP address of the network node containing the TFTP server software.
PAGE 254
Chapter 16: File Download and Upload Commands ❑ Start the TFTP server software before you perform the command. ❑ The switch from where you are uploading the file must have an IP address and subnet mask, such as a master switch of an enhanced stack. To upload a file from a switch that does not have an IP address, such as a slave switch, you can perform an Xmodem upload from a local management session. The DESTFILE parameter specifies a name for the file.
PAGE 255
AT-S62 Command Line User’s Guide The following command uses TFTP to upload the switch’s active configuration file from the file system to a TFTP server with the IP address 149.11.11.11. The active boot file is signified with the SWITCHCFG option rather than by its filename. This option is useful in situations where you do not know the name of the active boot configuration file. The file is stored as “master112.cfg” on the TFTP server: upload method=tftp destfile=master112.cfg server=149.11.11.
PAGE 256
Chapter 16: File Download and Upload Commands UPLOAD METHOD=XMODEM Syntax upload method=xmodem srcfile|file=switchcfg|filename|appblock Parameters method Specifies an Xmodem upload. srcfile or file Specifies the file to be uploaded. Options are: switchcfg Uploads the switch’s active boot configuration file. filename Specifies the name of a file in the switch’s file system. appblock Uploads the switch’s active AT-S62 image file.
PAGE 257
AT-S62 Command Line User’s Guide ❑ filename - Uploads a file from the switch’s file system. This differs from the SWITCHCFG parameter in that the latter uploads just the active boot configuration file, while this parameter can upload any file in the switch’s file system. ❑ APPBLOCK - Uploads the switch’s active AT-S62 image file. Examples The following command uses Xmodem to upload a configuration file called “sw22 boot.
PAGE 258
Chapter 17 Event Log and Syslog Server Commands This chapter contains the following commands: ❑ ADD LOG OUTPUT on page 259 ❑ CREATE LOG OUTPUT on page 262 ❑ DESTROY LOG OUTPUT on page 266 ❑ DISABLE LOG on page 267 ❑ DISABLE LOG OUTPUT on page 268 ❑ ENABLE LOG on page 269 ❑ ENABLE LOG OUTPUT on page 270 ❑ PURGE LOG on page 271 ❑ SAVE LOG on page 272 ❑ SET LOG FULLACTION on page 274 ❑ SET LOG OUTPUT on page 275 ❑ SHOW LOG on page 278 ❑ SHOW LOG OUTPUT on page 283 ❑ SHOW LOG STATUS on page 285 Note Remember t
PAGE 259
AT-S62 Command Line User’s Guide ADD LOG OUTPUT Syntax add log output=id_number module=all|module severity=all|severity Parameters output Specifies the ID number of a syslog server definition. module Specifies the AT-S62 modules whose events are to be sent to the syslog server. The available options are: severity all Sends events from all modules. module Sends events from selected module(s). To specify more than one module, separate them with commas, for example, MAC,PACCESS.
PAGE 260
Chapter 17: Event Log and Syslog Server Commands The second step is to customize the definition by specifying which event messages generated by the switch are to be sent to syslog server. This is accomplished with this command. You can customize the definition so that the switch sends all of its event messages to the server or limit it to just a selection of events from particular modules in the AT-S62 management software.
PAGE 261
AT-S62 Command Line User’s Guide The following command configures syslog server definition 5 to send warning and error event messages from the spanning tree protocol and VLAN modules to the syslog server: add log output=4 module=stp,vlan severity=e,w 261
PAGE 262
Chapter 17: Event Log and Syslog Server Commands CREATE LOG OUTPUT Syntax create log output=id_number destination=syslog server=ipaddress [facility=default|local1|local2|local3|local4|loc al5|local6|local7] [syslogformat=extended|normal] Parameters output Specifies an ID number for the new syslog server definition. The range is 2 to 20. Each definition must be given a unique ID number. destination Specifies the destination for the event messages.
PAGE 263
AT-S62 Command Line User’s Guide Description This command creates a new syslog server definition. The switch uses the definition to send event messages to a syslog server on your network. You can create up to nineteen syslog server definitions. After you create a new syslog server definition with this command, you must customize it by defining which event messages you want the switch to send to the server.
PAGE 264
Chapter 17: Event Log and Syslog Server Commands Table 2 Applicable RFC 3164 Numerical Code and AT-S62 Module Mappings Numerical Code 4 RFC 3164 Facility AT-S62 Module Security and authorization messages Security modules: - PSEC - PACCESS - ENCO - PKI - SSH - SSL - MGMTACL - DOS Authentication modules: - SYSTEM - RADIUS - TACACS+ 9 Clock daemon Time- based modules: - TIME (system time and SNTP) - RTC 22 Local use 6 Physical interface and data link modules: - PCFG - PMIRR - PTRUNK - STP - VLAN 23
PAGE 265
AT-S62 Command Line User’s Guide Another option is to assign all events from a switch the same numerical code using the LOCAL1 to LOCAL2 options. Each option represents a predefined RFC 3164 numerical code. The code mappings are listed in Table 3.
PAGE 266
Chapter 17: Event Log and Syslog Server Commands DESTROY LOG OUTPUT Syntax destroy log output=id_number Parameters output Specifies the ID number of the syslog server definition to be deleted. The range is 2 to 20. Description This command deletes a syslog server definition. You can delete only one definition at a time. To disable the definition without deleting it, refer to DISABLE LOG OUTPUT on page 268.
PAGE 267
AT-S62 Command Line User’s Guide DISABLE LOG Syntax disable log Parameters None. Description This command disables the event log module. When the log is disabled, the AT-S62 management software stops storing events in the log and sending events to the syslog servers. The default setting for the event log is enabled. Note The event log, even when disabled, logs all AT-S62 initialization events that occur when the switch is reset or power cycled.
PAGE 268
Chapter 17: Event Log and Syslog Server Commands DISABLE LOG OUTPUT Syntax disable log output[=id_number] Parameters output Specifies the ID number of the syslog server definition to disable. The range is 2 to 20. You can specify only one ID number at a time. Omitting an ID number disables all syslog server definitions. Description This command disables the specified syslog server definition and stops the switch from sending any further system events to the defined server.
PAGE 269
AT-S62 Command Line User’s Guide ENABLE LOG Syntax enable log Parameters None. Description This command activates the event log. The switch begins to add events in the log and send events to defined syslog servers. The default setting for the event log is enabled.
PAGE 270
Chapter 17: Event Log and Syslog Server Commands ENABLE LOG OUTPUT Syntax enable log output[=id_number] Parameters output Specifies the ID number of the syslog server definition you want to enable. The range is 2 to 20. You can specify only one ID number at a time. Omitting an ID number enables all syslog server definitions. Description This command enables the specified syslog server definition that was disabled using DISABLE LOG OUTPUT on page 268.
PAGE 271
AT-S62 Command Line User’s Guide PURGE LOG Syntax purge log=temporary Parameter log Specifies the location of the event log. There is only one option: temporary Specifies temporary memory. Deletes all events stored in the event log in temporary memory. The log has a storage capacity of 4,000 events. Description This command deletes all entries in the event log.
PAGE 272
Chapter 17: Event Log and Syslog Server Commands SAVE LOG Syntax save log=temporary filename=”filename.log” [full] [module=module] [reverse] [severity=severity] [overwrite] Parameters log Specifies the location of the event log whose messages you want to save. There is only one option: temporary Specifies temporary memory. The log has a storage capacity of 4,000 events. filename Specifies the filename for the log. The name can be up to 16 alphanumeric characters, followed by the extension ”.log.
PAGE 273
AT-S62 Command Line User’s Guide overwrite Overwrites the file if it already exists. Without this option, the command displays an error if a file with the same name already exists in the file system. Description This command saves the current entries in the event log to a file in the switch’s file system. The parameters in the command allow you to specify which events you want saved in the file.
PAGE 274
Chapter 17: Event Log and Syslog Server Commands SET LOG FULLACTION Syntax set log fullaction temporary=halt|wrap Parameter temporary Specifies the action of the event log when it reaches maximum capacity. The possible actions are: halt Stops storing new events. wrap Deletes the oldest entries when adding new ones. This is the default. Description This command controls the action of the event log when it reaches its maximum capacity of 4,000 events. You have two options.
PAGE 275
AT-S62 Command Line User’s Guide SET LOG OUTPUT Syntax set log output=id_number [destination=syslog} [server=ipaddress] [facility=default|local1|local2|local3|local4| local5|local6|local7] [syslogformat=extended|normal] [module=all|module] [severity=all|severity-list] Parameters output Specifies the ID number of the syslog server definition to be modified. The range is 2 to 20. destination Specifies the destination for the log messages.
PAGE 276
Chapter 17: Event Log and Syslog Server Commands syslogformat module severity Specifies the format of the event messages. The options are: extended Sends the severity, module, and description, date, time, and switch’s IP address for each event. This is the default. normal Sends only the severity, module, and description. Specifies the AT-S62 modules whose events are to be sent to the syslog server. The available options are: all Sends events from all modules.
PAGE 277
AT-S62 Command Line User’s Guide Examples The following command changes the IP address for syslog server definition 3 to 198.45.12.1: set log output=3 server=198.45.12.1 The following command changes the facility level and message format for syslog server definition 4.
PAGE 278
Chapter 17: Event Log and Syslog Server Commands SHOW LOG Syntax show log=temporary [full] [module=module] [reverse] [severity=severity] Parameters log Specifies the location of the event log. The only option is: temporary Displays the events stored in temporary memory which can contain up to 4,000 events. full Controls the format of the event log. Without this option, the log displays the time, module, severity, and description for each entry.
PAGE 279
AT-S62 Command Line User’s Guide Description This command displays the entries stored in the switch’s event log. An event log can display entries in two modes: normal and full. In the normal mode, a log displays the time, module, severity, and description for each entry. In the full mode, a log also displays the filename, line number, and event ID. If you want to view the entries in the full mode, use the FULL parameter. To view entries in the normal mode, omit the parameter.
PAGE 280
Chapter 17: Event Log and Syslog Server Commands Module Name Description MGMTACL Management access control list PACCESS 802.
PAGE 281
AT-S62 Command Line User’s Guide The SEVERITY parameter displays entries of a particular severity. Table 5 defines the different severity levels. You can specify more than one severity level at a time. The default is error, warning, and informational messages. Table 5 Event Log Severity Levels Value Severity Level Description ALL - Selects all severity levels. E Error Switch operation is severely impaired. W Warning An issue may require manager attention.
PAGE 282
Chapter 17: Event Log and Syslog Server Commands The columns in the log are described below: ❑ S (Severity) - The event’s severity. Table 5 on page 281 defines the different severity levels. ❑ Date/Time - The date and time the event occurred. ❑ Event - The module within the AT-S62 software that generated the event followed by a brief description of the event. For a list of the AT-S62 modules, see Table 4 on page 279. ❑ Event ID - A unique number that identifies the event.
PAGE 283
AT-S62 Command Line User’s Guide SHOW LOG OUTPUT Syntax show log output[=id_number] [full] Parameters output Specifies the ID number of the event log or a syslog server definition. If an output ID number is not specified, all output definitions currently configured on the switch are displayed. full Displays the details of the syslog server definition. If not specified, only a summary is displayed. Description This command displays output definition details.
PAGE 284
Chapter 17: Event Log and Syslog Server Commands Examples The following command lists all the output definitions on the switch: show log output The following command displays information about the event log: show log output=1 full The following command displays complete information about syslog server definition 5: show log output=5 full 284
PAGE 285
AT-S62 Command Line User’s Guide SHOW LOG STATUS Syntax show log status Parameter None. Description This command displays information about the event log feature. Following is an example of what is displayed with this command: Event Log Configuration: Event Logging .................... Enabled Number of Output Definitions ..... 4 The Event Logging field indicates whether the feature is enabled or disabled. When the log is enabled, the switch adds events to the log and sends events to syslog servers.
PAGE 286
Chapter 18 Classifier Commands This chapter contains the following commands: ❑ CREATE CLASSIFIER on page 287 ❑ DESTROY CLASSIFIER on page 291 ❑ PURGE CLASSIFIER on page 292 ❑ SET CLASSIFIER on page 293 ❑ SHOW CLASSIFIER on page 297 Note Remember to use the SAVE CONFIGURATION command to save your changes on the switch. Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on classifiers.
PAGE 287
AT-S62 Command Line User’s Guide CREATE CLASSIFIER Syntax create classifier=idnumber [description=”string”] [macdaddr=macaddress|any] [macsaddr=macaddress|any] [ethformat=ethii-untagged|ethii-tagged|802.2untagged|802.2-tagged|any] [priority=integer|any] [vlan=name|1..
PAGE 288
Chapter 18: Classifier Commands priority Specifies the user priority level in a tagged Ethernet frame. The value can be 0 to 7. vlan Specifies a tagged or port-based VLAN by its name or VID number. protocol Specifies a Layer 2 protocol. Options are: ❑ IP ❑ ARP ❑ RARP You can specify other Layer 2 protocols by entering the protocol number in either decimal or hexadecimal format. If you use the latter, precede the number with “0x”. iptos Specifies a Type of Service value. The range is 0 to 7.
PAGE 289
AT-S62 Command Line User’s Guide ipsaddr Specifies a source IP address. The address can be of a specific node or a subnet. If the latter, a mask must be included to indicate the subnet portion of the address. For an explanation of the mask, refer to the IPDADDR parameter. tcpsport Specifies a source TCP port. tcpdport Specifies a destination TCP port. udpsport Specifies a source UDP port. udpdport Specifies a destination UDP port. tcpflags Specifies a TCP flag.
PAGE 290
Chapter 18: Classifier Commands Examples This command creates a classifier for all IP traffic: create classifier=4 description=”IP flow” protocol=ip This command creates a classifier for all traffic originating from the subnet 149.22.22.0 destined to the device with the IP address 149.44.44.11: create classifier=4 description=”subnet flow” ipsaddr=149.22.22.0/24 ipdaddr=149.44.44.11 This command creates a classifier for all HTTPS web traffic going to the destination IP address 149.44.44.
PAGE 291
AT-S62 Command Line User’s Guide DESTROY CLASSIFIER Syntax destroy classifier=idnumber Parameters classifier Specifies the ID number of the classifier to be deleted. The number can be from 1 to 9999. You can delete more than one classifier at a time. You can specify the classifiers individually (e.g., 2,5,7) as a range (e.g., 1114), or both (e.g., 2,4-8,12). Description This command deletes a classifier from the switch. To delete a classifier, you need to know its ID number.
PAGE 292
Chapter 18: Classifier Commands PURGE CLASSIFIER Syntax purge classifier Parameters None. Description This command deletes all classifiers from the switch. You cannot delete a classifier if it belongs to an ACL or QoS policy that has already been assigned to a port. You must first remove the port assignments from the ACL or policy before you can delete the classifier.
PAGE 293
AT-S62 Command Line User’s Guide SET CLASSIFIER Syntax set classifier=idnumber [description=”string”] [macdaddr=macaddress|any] [macsaddr=macaddress|any] [priority=integer] [vlan=name|1..
PAGE 294
Chapter 18: Classifier Commands protocol Specifies a Layer 2 protocol. Options are: ❑ IP ❑ ARP ❑ RARP You can specify additional Layer 2 protocols by entering the protocol number in either decimal or hexadecimal format. For the latter, precede the number with “0x”. iptos Specifies a Type of Service value. The range is 0 to 7. ipdscp Specifies a DSCP value. The range is 0 to 63. ipprotocol Specifies a Layer 3 protocol.
PAGE 295
AT-S62 Command Line User’s Guide tcpsport Specifies a source TCP port. tcpdport Specifies a destination TCP port. udpsport Specifies a source UDP port. udpdport Specifies a destination UDP port. tcpflags Specifies a TCP flag. Options are ❑ URG - Urgent ❑ ACK - Acknowledgement ❑ RST - Reset ❑ PSH - Push ❑ SYN - Synchronization ❑ FIN - Finish Description This command modifies an existing classifier. The only setting of a classifier you cannot change is its ID number.
PAGE 296
Chapter 18: Classifier Commands This command removes the current setting for the UDP destination port variable from classifier ID 5 without assigning a new value: set classifier=5 udpdport=any 296
PAGE 297
AT-S62 Command Line User’s Guide SHOW CLASSIFIER Syntax show classifier[=idnumber] Parameters classifier Specifies the ID of the classifier you want to view. You can specify more than one classifier at a time. Description This command displays the classifiers on a switch.
PAGE 298
Chapter 19 ACL Commands This chapter contains the following commands: ❑ CREATE ACL on page 299 ❑ DESTROY ACL on page 301 ❑ PURGE ACL on page 302 ❑ SET ACL on page 303 ❑ SHOW ACL on page 305 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on access control lists (ACL).
PAGE 299
AT-S62 Command Line User’s Guide CREATE ACL Syntax create acl=integer [description=”string”] [action=deny|permit] classifierlist=integer [portlist=ports] Parameters acl Specifies an ID number for the ACL. The number can be from 0 to 255. Each ACL must have a unique ID number. description Specifies a description for the ACL. A description can be up to 15 alphanumeric characters. Spaces are allowed. If the description contains spaces, it must be enclosed in double quotes.
PAGE 300
Chapter 19: ACL Commands Example The following command creates an ACL that discards the ingress traffic flow specified in classifier ID 18 and applies the ACL to port 4: create acl=12 description=”IP flow deny” action=deny classifierlist=18 portlist=4 The following command creates an ACL that discards the ingress traffic flows specified in classifier ID 2 and 17 and applies the ACL to ports 2 and 6: create acl=6 description=”subnet flow deny” action=deny classifierlist=2,17 portlist=2,6 The following comma
PAGE 301
AT-S62 Command Line User’s Guide DESTROY ACL Syntax destroy acl=integer Parameters acl Specifies ID number of the ACL you want to delete. You can delete more than ACL at a time. Description This command deletes an ACL from the switch.
PAGE 302
Chapter 19: ACL Commands PURGE ACL Syntax purge acl Parameters None. Description This command deletes all ACLs on the switch.
PAGE 303
AT-S62 Command Line User’s Guide SET ACL Syntax set acl=integer [description=string] [action=deny|permit] [classifierlist=integer] [portlist=ports|none] Parameters acl Specifies the ID number of the ACL you want to modify. The number can be from 0 to 255. You can modify only one ACL at a time. description Specifies a new description for the ACL. A description can be up to 15 alphanumeric characters. Spaces are allowed. If the description contains a space, it must be enclosed in double quotes.
PAGE 304
Chapter 19: ACL Commands Description This command modifies an ACL. You can use the command to change the description, action, classifiers, and ports of an ACL.
PAGE 305
AT-S62 Command Line User’s Guide SHOW ACL Syntax show acl[=integer] Parameters acl Specifies the ID of the ACL you want to view. You can specify more than one ACL at a time. Description This command displays the ACLs on the switch.
PAGE 306
Chapter 20 Quality of Service (QoS) Commands This chapter contains the following commands: ❑ ADD QOS FLOWGROUP on page 308 ❑ ADD QOS POLICY on page 309 ❑ ADD QOS TRAFFICCLASS on page 310 ❑ CREATE QOS FLOWGROUP on page 311 ❑ CREATE QOS POLICY on page 314 ❑ CREATE QOS TRAFFICCLASS on page 320 ❑ DELETE QOS FLOWGROUP on page 324 ❑ DELETE QOS POLICY on page 325 ❑ DELETE QOS TRAFFICCLASS on page 326 ❑ DESTROY QOS FLOWGROUP on page 327 ❑ DESTROY QOS POLICY on page 328 ❑ DESTROY QOS TRAFFICCLASS on page 329 ❑ SET
PAGE 307
AT-S62 Command Line User’s Guide ❑ SHOW QOS POLICY on page 342 ❑ SHOW QOS TRAFFICCLASS on page 343 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on Quality of Service.
PAGE 308
Chapter 20: Quality of Service (QoS) Commands ADD QOS FLOWGROUP Syntax add qos flowgroup=integer classifierlist=integers Parameter flowgroup Specifies the ID number of the flow group you want to modify. You can modify only one flow group at a time. classifierlist Specifies the new classifiers for the flow group. The new classifiers are added to any classifiers already assigned to the flow group. Separate multiple classifiers with commas (e.g., 4,11,12).
PAGE 309
AT-S62 Command Line User’s Guide ADD QOS POLICY Syntax add qos policy=integer trafficclasslist=integers Parameter policy Specifies the ID number of the policy you want to modify. You can modify only one policy at a time. trafficclasslist Specifies the new traffic classes of the policy. Traffic classes already assigned to the policy are retained. Separate multiple traffic classes with commas (e.g., 4,11,12). Description This command adds traffic classes to an existing policy.
PAGE 310
Chapter 20: Quality of Service (QoS) Commands ADD QOS TRAFFICCLASS Syntax add qos trafficclass=integer flowgrouplist=integers Parameter trafficclass Specifies the ID number of the traffic class you want to modify. You can modify only one traffic class at a time. flowgrouplist Specifies the new flow groups of the traffic class. The new flow groups are added to any flow groups already assigned to the flow group. Separate multiple flow groups with commas (e.g., 4,11,12).
PAGE 311
AT-S62 Command Line User’s Guide CREATE QOS FLOWGROUP Syntax create qos flowgroup=integer [description=”string”] [markvalue=integer|none] [priority=integer|none] [remarkpriority=yes|no|on|off|true|false] [classifierlist=integers|none] Parameters flowgroup Specifies an ID number for the flow group. Each flow group on the switch must have a unique number. The range is 0 to 1023. The default is 0. This parameter is required. description Specifies a description for the flow group.
PAGE 312
Chapter 20: Quality of Service (QoS) Commands remarkpriority Replaces the user priority value in the packets with the new value specified with the PRIORITY parameter. This parameter is ignored if the PRIORITY parameter is omitted or set to NONE. Options are: yes, on, true Replaces the user priority value in the packets with the new value specified with the PRIORITY parameter.
PAGE 313
AT-S62 Command Line User’s Guide This command creates a flow group whose DSCP value is changed to 59. The MARKVALUE parameter overwrites the current DSCP value in the packets, meaning the packets leave the switch with the new value.
PAGE 314
Chapter 20: Quality of Service (QoS) Commands CREATE QOS POLICY Syntax create qos policy=integer [description=”string”] [indscpoverwrite=integer|none] [remarkindscp=all|none] [trafficclasslist=integers|none] [ingressport=port|all|none] [egressport=port|none] Parameters policy Specifies an ID number for the policy. Each policy on the switch must be assigned a unique number. The range is 0 to 255. The default is 0. This parameter is required. description Specifies a description for the policy.
PAGE 315
AT-S62 Command Line User’s Guide ingressport Specifies the ingress ports to which the policy is to be assigned. Ports can be identified individually (e.g., 5,7,22), as a range (e.g., 18-23), or both (e.g., 1,5,14-22). A port can be an ingress port of only one policy at a time. If a port is already an ingress port of a policy, you must remove the port from its current policy assignment before adding it to another policy. egressport Specifies the egress port to which the policy is to be assigned.
PAGE 316
Chapter 20: Quality of Service (QoS) Commands QoS Command Sequence Examples Creating a QoS policy involves a command sequence that creates one or more classifiers, a flow group, a traffic class, and finally the policy. The following sections contain examples of the command sequences for different types of policies. Example 1: Voice Application Voice applications typically require a small bandwidth but it must be consistent. They are sensitive to latency (interpacket delay) and jitter (delivery delay).
PAGE 317
AT-S62 Command Line User’s Guide of a policy concerning packets coming from the application. The classifier for Policy 11 specifies the address as a destination address since this classifier is part of a policy concerning packets going to the application. ❑ Flow Groups - Specify the new priority level of 7 for the packets. It should be noted that in this example the packets leave the switch with the same priority level they had when they entered.
PAGE 318
Chapter 20: Quality of Service (QoS) Commands create qos policy=17 description=”video flow” trafficclasslist=19 ingressport=1 Policy 32 Commands: create classifier=42 description=”video flow” ipdadddr=149.44.44.
PAGE 319
AT-S62 Command Line User’s Guide Policy 15 Commands: create classifier=42 description=database ipsadddr=149.44.44.44 create qos flowgroup=36 description=database classifierlist=42 create qos trafficclass=21 description=database maxbandwidth=50 flowgrouplist=36 create qos policy=15 description=database trafficclasslist=21 ingressport=1 Policy 17 Commands: create classifier=10 description=database ipdadddr=149.44.44.
PAGE 320
Chapter 20: Quality of Service (QoS) Commands CREATE QOS TRAFFICCLASS Syntax create qos trafficclass=integer [description=”string”] [exceedaction=drop|remark] [exceedremarkvalue=integer|none] [markvalue=integer|none] [maxbandwidth=integer|none] [burstsize=integer|none] [priority=integer|none] [remarkpriority=yes|no|on|off|true|false] [flowgrouplist=integers|none] Parameters trafficclass Specifies an ID number for the flow group. Each flow group on the switch must be assigned a unique number.
PAGE 321
AT-S62 Command Line User’s Guide A new DSCP value can be set at all three levels: flow group, traffic class, and policy. A DSCP value specified in a flow group overrides a DSCP value specified at the traffic class or policy level. A DSCP value specified at the traffic class level is used only if no value has been specified at the flow group level. It will override any value set at the policy level. maxbandwidth Specifies the maximum bandwidth available to the traffic class.
PAGE 322
Chapter 20: Quality of Service (QoS) Commands the traffic. However, no unused tokens will accumulate in the bucket. If the traffic increases, the excess traffic will be discarded since no tokens are available for handling the increase. If the traffic is below the maximum bandwidth, unused tokens will accumulate in the bucket since the actual bandwidth falls below the specified maximum. The unused tokens will be available for handling excess traffic should the traffic exceed the maximum bandwidth.
PAGE 323
AT-S62 Command Line User’s Guide yes, on, true Replaces the user priority value in the packets with the new value specified with the PRIORITY parameter. no, off, false flowgrouplist Does not replace the user priority value in the packets with the new value specified in with the PRIORITY parameter. This is the default. Specifies the flow groups to be assigned to the traffic class. The specified flow groups must already exist. Separate multiple IDs with commas (e.g., 4,11,13).
PAGE 324
Chapter 20: Quality of Service (QoS) Commands DELETE QOS FLOWGROUP Syntax delete qos flowgroup=integer classifierlist=integers Parameter flowgroup Specifies the ID number of the flow group you want to modify. You can modify only one flow group at a time. classifierlist Specifies the classifiers you want to remove from the flow group. Separate multiple classifiers with commas (e.g., 4,11,12). (The online help for this command includes a NONE option for this parameter.
PAGE 325
AT-S62 Command Line User’s Guide DELETE QOS POLICY Syntax delete qos policy=integer trafficclasslist=integers Parameter policy Specifies the ID number of the policy you want to modify. You can modify only one policy at a time. trafficclasslist Specifies the IDs of the traffic classes you want to remove from the policy. Separate multiple traffic class with commas (e.g., 4,11,12). (The online help for this command includes a NONE option for this parameter.
PAGE 326
Chapter 20: Quality of Service (QoS) Commands DELETE QOS TRAFFICCLASS Syntax delete qos trafficclass=integer flowgrouplist=integers Parameter flowgroup Specifies the ID number of the traffic class you want to modify. You can modify only one traffic class at a time. flowgrouplist Specifies the IDs of the flow groups you want to remove from the traffic class. Separate multiple flow groups with commas (e.g., 4,11,12). (The online help for this command includes a NONE option for this parameter.
PAGE 327
AT-S62 Command Line User’s Guide DESTROY QOS FLOWGROUP Syntax destroy qos flowgroup=integer Parameter flowgroup Specifies the ID number of the flow group you want to delete. You can delete more than one flow group at a time. You can specify the flow groups individually, as a range, or both. Description This command deletes flow groups.
PAGE 328
Chapter 20: Quality of Service (QoS) Commands DESTROY QOS POLICY Syntax destroy qos policy=integer Parameter flowgroup Specifies the ID number of the policy you want to delete. You can delete more than one policy at a time. You can specify the flow groups individually, as a range, or both. Description This command deletes QoS policies.
PAGE 329
AT-S62 Command Line User’s Guide DESTROY QOS TRAFFICCLASS Syntax destroy qos trafficclass=integer Parameter trafficclass Specifies the ID number of the traffic class you want to delete. You can delete more than one traffic class at a time. You can specify the flow groups individually, as a range, or both. Description This command deletes traffic classes.
PAGE 330
Chapter 20: Quality of Service (QoS) Commands SET QOS FLOWGROUP Syntax set qos flowgroup=integer [description=string] [markvalue=integer|none] [priority=integer|NONE] [remarkpriority=yes|no|on|off|true|false] [classifierlist=integers|none] Parameters flowgroup Specifies the ID number of the flow group you want to modify. The range is 0 to 1023. description Specifies a new description for the flow group. The description can be from 1 to 15 alphanumeric characters. Spaces are allowed.
PAGE 331
AT-S62 Command Line User’s Guide yes, on, true Replaces the user priority value in the packets with the new value specified with the PRIORITY parameter. no, off, false classifierlist Does not replace the user priority value in the packets with the new value specified in with the PRIORITY parameter. This is the default. Specifies the classifiers to be assigned to the flow group. The specified classifiers replace any classifiers already assigned to the flow group.
PAGE 332
Chapter 20: Quality of Service (QoS) Commands This command returns the MARKVALUE setting in flow group 41 back to the default setting of NONE.
PAGE 333
AT-S62 Command Line User’s Guide SET QOS POLICY Syntax set qos policy=integer [description=string] [indscpoverwrite=integer|none] [remarkindscp=[all|none]] [trafficclasslist=integers|none] [ingressport=port|all|none] [egressport=port|none] Parameters policy Specifies an ID number for the policy. Each policy on the switch must be assigned a unique number. The range is 0 to 255. The default is 0. This parameter is required. description Specifies a description for the policy.
PAGE 334
Chapter 20: Quality of Service (QoS) Commands ingressport Specifies the ingress ports to which the policy is to be assigned. Ports can be identified individually (e.g., 5,7,22), as a range (e.g., 18-23), or both (e.g., 1,5,14-22). The NONE option removes the policy from all ingress ports to which it has been assigned. The ALL option adds it to all ports. A port can be an ingress port of only one policy at a time.
PAGE 335
AT-S62 Command Line User’s Guide When modifying a policy, note the following: ❑ You cannot change a policy’s ID number. ❑ Specifying an invalid value for a parameter that already has a value causes the parameter to revert to its default value.
PAGE 336
Chapter 20: Quality of Service (QoS) Commands SET QOS PORT Syntax set qos port=integer type=ingress|egress policy=integer|none Parameter port Specifies the port to which the policy is to be assigned or removed. You can specify more than one port at a time if the port is an ingress port of the traffic flow. Ports can be identified individually (e.g., 5,7,22), as a range (e.g., 18-23), or both (e.g., 1,5,14-22). You can specify only one port if the port is functioning as an egress port for the flow.
PAGE 337
AT-S62 Command Line User’s Guide SET QOS TRAFFICCLASS Syntax set qos trafficclass=integer [description=”string”] [exceedaction=drop|remark] [exceedremarkvalue=integer|none] [markvalue=integer|none] [maxbandwidth=integer|none] [burstsize=integer|none] [priority=integer|none] [remarkpriority=yes|no|on|off|true|false] [flowgrouplist=integers|none] Parameters trafficclass Specifies an ID number for the flow group. Each flow group on the switch must be assigned a unique number. The range is 0 to 511.
PAGE 338
Chapter 20: Quality of Service (QoS) Commands A new DSCP value can be set at all three levels: flow group, traffic class, and policy. A DSCP value specified in a flow group overrides a DSCP value specified at the traffic class or policy level. A DSCP value specified at the traffic class level is used only if no value has been specified at the flow group level. It will override any value set at the policy level. maxbandwidth Specifies the maximum bandwidth available to the traffic class.
PAGE 339
AT-S62 Command Line User’s Guide the traffic. However, no unused tokens will accumulate in the bucket. If the traffic increases, the excess traffic will be discarded since no tokens are available for handling the increase. If the traffic is below the maximum bandwidth, unused tokens will accumulate in the bucket since the actual bandwidth falls below the specified maximum. The unused tokens will be available for handling excess traffic should the traffic exceed the maximum bandwidth.
PAGE 340
Chapter 20: Quality of Service (QoS) Commands flowgrouplist Specifies the flow groups to be assigned to the traffic class. Any flow groups already assigned to the traffic class are replaced. The specified flow groups must already exist. Separate multiple IDs with commas (e.g., 4,11,13). Description This command modifies an existing traffic class. To initially create a traffic class, refer to CREATE QOS TRAFFICCLASS on page 320. The only parameter you cannot change is a traffic classes ID number.
PAGE 341
AT-S62 Command Line User’s Guide SHOW QOS FLOWGROUP Syntax show qos flowgroup[=idnumber] Parameters flowgroup Specifies the ID of the flow group you want to view. You can specify more than one classifier at a time. Description This command displays the flow groups on a switch.
PAGE 342
Chapter 20: Quality of Service (QoS) Commands SHOW QOS POLICY Syntax show qos policy[=idnumber] Parameter policy Specifies the ID of the policy you want to view. You can specify more than one policy at a time. Separate multiple policies with commas (e.g., 4,5,10). Description This command displays the policies on a switch.
PAGE 343
AT-S62 Command Line User’s Guide SHOW QOS TRAFFICCLASS Syntax show qos trafficclass[=idnumber] Parameter trafficclass Specifies the ID of the traffic class you want to view. You can specify more than one traffic class at a time. Separate multiple traffic classes with commas (for example, 4,5,10). Description This command displays the traffic classes on a switch.
PAGE 344
Chapter 21 Class of Service (CoS) Commands This chapter contains the following commands: ❑ MAP QOS COSP on page 345 ❑ SET QOS COSP on page 347 ❑ SET QOS SCHEDULING on page 348 ❑ SHOW QOS CONFIG on page 349 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on Quality of Service.
PAGE 345
AT-S62 Command Line User’s Guide MAP QOS COSP Syntax map qos cosp=priority-number qid=queue-number Parameters cosp Specifies the Class of Service (CoS) priority level. The CoS priority levels are 0 through 7, with 0 as the lowest priority and 7 as the highest. You can assign more than one priority to an egress queue. qid Specifies the egress queue number. The egress queues are numbered 0 through 3, with queue 0 as the lowest priority and 3 as the highest. You can specify only one egress queue.
PAGE 346
Chapter 21: Class of Service (CoS) Commands Example The following command maps priorities 4 and 5, to egress queue 3: map qos cosp=4,5 qid=3 346
PAGE 347
AT-S62 Command Line User’s Guide SET QOS COSP Syntax set qos cosp=priority-number qid=queue-number Parameters cosp Specifies the Class of Service (CoS) priority level. The CoS priority levels are 0 through 7, with 0 as the lowest priority and 7 as the highest. You can assign more than one priority to an egress queue. qid Specifies the egress queue number. The egress queues are numbered 0 through 3, with queue 0 as the lowest priority and 3 as the highest. You can specify only one egress queue.
PAGE 348
Chapter 21: Class of Service (CoS) Commands SET QOS SCHEDULING Syntax set qos scheduling=strict|wrr weights=weights Parameters scheduling weights Specifies the type of scheduling. The options are: strict Strict priority. A port transmits all packets out of the higher priority queues before it transmits any from the low priority queues. This is the default. wrr Weighted round robin. A port transmits a set number of packets from each queue in a round robin manner.
PAGE 349
AT-S62 Command Line User’s Guide SHOW QOS CONFIG Syntax show qos config Parameters None. Description Displays the QoS priority queues and scheduling.
PAGE 350
Chapter 22 Power Over Ethernet Commands This chapter contains the following commands: ❑ DISABLE POE PORT on page 351 ❑ ENABLE POE PORT on page 352 ❑ SET POE PORT on page 353 ❑ SET POE THRESHOLD on page 355 ❑ SHOW POE CONFIG on page 356 ❑ SHOW POE STATUS on page 357 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on Power over Ethernet (PoE).
PAGE 351
AT-S62 Command Line User’s Guide DISABLE POE PORT Syntax disable poe port=port Parameters port Specifies a port. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command disables PoE on a port. The default setting for PoE on a port is enabled. The port continues to provide standard Ethernet connectivity even when PoE is disabled.
PAGE 352
Chapter 22: Power Over Ethernet Commands ENABLE POE PORT Syntax enable poe port=port Parameters port Specifies a port. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command activates PoE on a port. The default setting for PoE is enabled.
PAGE 353
AT-S62 Command Line User’s Guide SET POE PORT Syntax set poe port=port [poefunction=enable|disable] [priority=low|high|critical] [powerlimit=value] Parameters port Specifies a port. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). poefunction Enables and disables PoE on a port. The default setting is enabled.
PAGE 354
Chapter 22: Power Over Ethernet Commands Examples The following command disables PoE on ports 4 and 5: set poe port=4-5 poefunction=disable This command sets the priority on port 6 and 11 to high: set poe port=6,11 priority=high This commands sets the maximum power on port 14 to 12,500 mW: set poe port=14 powerlimit=12500 354
PAGE 355
AT-S62 Command Line User’s Guide SET POE THRESHOLD Syntax set poe threshold=value Parameters threshold Specifies the threshold as a percentage of the total amount of PoE available. The range is 1 to 100. Description The PoE threshold sends an SNMP trap to your management workstation and enters an event in the event log when the total power requirements of the powered devices exceeds the specified percentage of the total maximum power available on the switch.
PAGE 356
Chapter 22: Power Over Ethernet Commands SHOW POE CONFIG Syntax show poe config [port=port] Parameter port Specifies a port. You can specify more than one port at a time. You can specify the ports individually (e.g., 5,7,22), as a range (e.g., 18-23), or both (e.g., 1,5,14-22). Description Entering this command without specifying a port displays the following PoE information: ❑ Maximum available power - The total available power for PoE supplied by the switch.
PAGE 357
AT-S62 Command Line User’s Guide SHOW POE STATUS Syntax show poe status [port=port] Parameter port Specifies a port. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description Entering this command without specifying a port displays the following PoE information: ❑ Max Available Power - The total available power for PoE supplied by the switch.
PAGE 358
Chapter 22: Power Over Ethernet Commands Specifying a port in the command displays the following PoE information about the port: ❑ PoE Function - Whether PoE is enabled or disabled on the port. The default setting is enabled. To enable or disable PoE on a port, refer to ENABLE POE PORT on page 352 and DISABLE POE PORT on page 351. ❑ Power Status - Whether power is being supplied to the device. ON means that the port is providing power to a powered device.
PAGE 359
Chapter 23 IGMP Snooping Commands This chapter contains the following commands: ❑ DISABLE IGMPSNOOPING on page 360 ❑ ENABLE IGMPSNOOPING on page 361 ❑ SET IP IGMP on page 362 ❑ SHOW IGMPSNOOPING on page 364 ❑ SHOW IP IGMP on page 365 Note Remember to use the SAVE CONFIGURATION command to save your changes on the switch. Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on IGMP Snooping.
PAGE 360
Chapter 23: IGMP Snooping Commands DISABLE IGMPSNOOPING Syntax disable igmpsnooping Parameters None. Description This command deactivates IGMP snooping on the switch. This command performs the same function as the SNOOPINGSTATUS option in SET IP IGMP on page 362. The default setting for IGMP snooping is disabled.
PAGE 361
AT-S62 Command Line User’s Guide ENABLE IGMPSNOOPING Syntax enable igmpsnooping Parameters None. Description This command activates IGMP snooping on the switch. This command performs the same function as the SNOOPINGSTATUS option in the command SET IP IGMP on page 362. The default setting for IGMP snooping is disabled.
PAGE 362
Chapter 23: IGMP Snooping Commands SET IP IGMP Syntax set ip igmp [snoopingstatus=enabled|disabled] [hoststatus=singlehost|multihost] [timeout=value] [numbermulticastgroups=value] [routerport=port|all|none|auto] Parameters snoopingstatus hoststatus Activates and deactivates IGMP snooping on the switch. Possible settings are: enabled Activates IGMP snooping. disabled Deactivates IGMP snooping. This is the default setting Specifies the IGMP host node topology.
PAGE 363
AT-S62 Command Line User’s Guide numbermulticastgroups Specifies the maximum number of multicast addresses the switch learns. This parameter is useful with networks that contain a large number of multicast groups. You can use the parameter to prevent the switch’s MAC address table from filling up with multicast addresses, leaving no room for dynamic or static MAC addresses. The range is 1 to 256 addresses; the default is 64 addresses.
PAGE 364
Chapter 23: IGMP Snooping Commands SHOW IGMPSNOOPING Syntax show igmpsnooping Parameters None. Description This command displays the following IGMP parameters: ❑ IGMP snooping status ❑ Multicast host topology ❑ Host/router timeout interval ❑ Maximum multicast groups ❑ Multicast router ports Note To set the IGMP parameters, refer to SET IP IGMP on page 362.
PAGE 365
AT-S62 Command Line User’s Guide SHOW IP IGMP Syntax show ip igmp [hostlist] [routerlist] Parameters hostlist Displays a list of the multicast groups learned by the switch, as well as the ports on the switch that are connected to host nodes. This parameter displays information only there are active host nodes. routerlist Displays the ports on the switch where multicast routers are detected. This parameter displays information only when there are active multicast routers.
PAGE 366
Chapter 23: IGMP Snooping Commands The following command displays a list of active multicast routers: show ip igmp routerlist 366
PAGE 367
Chapter 24 Denial of Service (DoS) Defense Commands This chapter contains the following commands: ❑ SET DOS on page 368 ❑ SET DOS IPOPTION on page 369 ❑ SET DOS LAND on page 370 ❑ SET DOS PINGOFDEATH on page 371 ❑ SET DOS SMURF on page 373 ❑ SET DOS SYNFLOOD on page 374 ❑ SET DOS TEARDROP on page 375 ❑ SHOW DOS on page 377 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 368
Chapter 24: Denial of Service (DoS) Commands SET DOS Syntax set dos ipaddress=ipaddress subnet=mask uplinkport=port Parameters ipaddress Specifies the IP address of one of the devices connected to the switch, preferably the lowest IP address. subnet Specifies the subnet mask of the LAN. A binary “1” indicates the switch should filter on the corresponding bit of the address, while a “0” indicates that it should not. uplinkport Specifies the port on the switch that is connected to a device (e.g.
PAGE 369
AT-S62 Command Line User’s Guide SET DOS IPOPTION Syntax set dos ipoption port=port state=enable|disable [mirrorport=port] Parameters port Specifies the switch port on which you want to enable or disable the IP Option defense. You can specify more than one port at a time. state Specifies the state of the IP Option defense. The options are: mirrorport enable Activates the defense. disable Deactivates the defense. This is the default. Specifies a port where invalid traffic is copied.
PAGE 370
Chapter 24: Denial of Service (DoS) Commands SET DOS LAND Syntax set dos land port=port state=enable|disable [mirrorport=port] Parameters port Specifies the switch port on which you want to enable or disable the Land defense. You can specify more than one port at a time. state Specifies the state of the Land defense. The options are: mirrorport enable Activates the defense. disable Deactivates the defense. This is the default. Specifies a port where invalid traffic is copied.
PAGE 371
AT-S62 Command Line User’s Guide SET DOS PINGOFDEATH Syntax set dos pingofdeath port=port state=enable|disable [mirrorport=port] Parameters port Specifies the switch ports on which to enable or disable the Ping of Death defense. You can specify more than one port at a time. state Specifies the state of the IP Option defense. The options are: mirrorport enable Activates the defense. disable Deactivates the defense. This is the default. Specifies a port where invalid traffic is copied.
PAGE 372
Chapter 24: Denial of Service (DoS) Commands Note This defense mechanism requires some involvement by the switch’s CPU, though not as much as the Teardrop defense. This will not impact the forwarding of traffic between the switch ports, but it can affect the handling of CPU events, such as the processing of IGMP packets and spanning tree BPDUs. For this reason, Allied Telesyn recommends strictly limiting the use of this defense, activating it only on those ports where an attack is most likely to originate.
PAGE 373
AT-S62 Command Line User’s Guide SET DOS SMURF Syntax set dos smurf port=port state=enable|disable Parameters port Specifies the switch ports on which you want to enable or disable SMURF defense. You can select more than one port at a time. state Specifies the state of the SMURF defense. The options are: enable Activates the defense. disable Deactivates the defense. This is the default. Description This command activates and deactivates the SMURF DoS defense.
PAGE 374
Chapter 24: Denial of Service (DoS) Commands SET DOS SYNFLOOD Syntax set dos synflood port=port state=enable|disable Parameters port Specifies the switch ports on which you want to enable or disable this DoS defense. You can select more than one port at a time. state Specifies the state of the DoS defense. The options are: enable Activates the defense. disable Deactivates the defense. This is the default. Description This command activates and deactivates the SYN ACK Flood DoS defense.
PAGE 375
AT-S62 Command Line User’s Guide SET DOS TEARDROP Syntax set dos teardrop port=port state=enable|disable [mirrorport=auto|port] Parameters port Specifies the switch ports on which you want to enable or disable this DoS defense. You can select more than one port at a time. state Specifies the state of the DoS defense. The options are: mirrorport enable Activates the defense. disable Deactivates the defense. This is the default. Specifies a port where invalid traffic is copied.
PAGE 376
Chapter 24: Denial of Service (DoS) Commands Caution This defense is extremely CPU intensive and should be used with caution. Unrestricted use can cause a switch to halt operations should the CPU become overwhelmed with IP traffic. To prevent this, Allied Telesyn recommends activating this defense on only the uplink port and one other switch port at a time.
PAGE 377
AT-S62 Command Line User’s Guide SHOW DOS Syntax 1 show dos [ipaddress] [subnet] [uplinkport] Syntax 2 show dos defense port=port Parameters ipaddress Displays the IP address of the LAN. subnet Displays the subnet mask. uplinkport Displays the uplink port for the Land defense. defense Displays the status of a specified defense for a particular port.
PAGE 378
Chapter 24: Denial of Service (DoS) Commands This command displays the status of the SMURF defense on port 4: show dos smurf port=4 378
PAGE 379
Chapter 25 STP Commands This chapter contains the following commands: ❑ ACTIVATE STP on page 380 ❑ DISABLE STP on page 381 ❑ ENABLE STP on page 382 ❑ PURGE STP on page 383 ❑ SET STP on page 384 ❑ SET STP PORT on page 387 ❑ SET SWITCH MULTICASTMODE on page 389 ❑ SHOW STP on page 391 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on the Spanning Tree Protocol (STP).
PAGE 380
Chapter 25: STP Commands ACTIVATE STP Syntax activate stp Parameters None. Description Use this command to designate STP as the active spanning tree on the switch. You cannot enable STP or configure its parameters until you have designated it as the active spanning tree with this command. Only one spanning tree protocol, STP, RSTP or MSTP, can be active on the switch at a time.
PAGE 381
AT-S62 Command Line User’s Guide DISABLE STP Syntax disable stp Parameters None. Description This command disables the Spanning Tree Protocol on the switch. The default setting for STP is disabled. To view the current status of STP, refer to SHOW STP on page 391.
PAGE 382
Chapter 25: STP Commands ENABLE STP Syntax enable stp Parameters None. Description This command enables the Spanning Tree Protocol on the switch. The default setting for STP is disabled. To view the current status of STP, refer to SHOW STP on page 391. Note You cannot enable STP until after you have activated it with ACTIVATE STP on page 380.
PAGE 383
AT-S62 Command Line User’s Guide PURGE STP Syntax purge stp Parameters None. Description This command returns all STP bridge and port parameters to the default settings. STP must be disabled in order for you to use this command. To disable STP, refer to DISABLE STP on page 381.
PAGE 384
Chapter 25: STP Commands SET STP Syntax set stp [default] [priority=priority] [hellotime=hellotime] [forwarddelay=forwarddelay] [maxage=maxage] Parameters default Disables STP and returns all bridge and port STP settings to the default values. This parameter cannot be used with any other command parameter and can only be used when STP is disabled. (This parameter performs the same function as the PURGE STP command.) priority Specifies the priority number for the bridge.
PAGE 385
AT-S62 Command Line User’s Guide Table 1 Bridge Priority Value Increments (continued) Increment Bridge Priority Increment Bridge Priority 7 28672 15 61440 hellotime Specifies the time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds. forwarddelay Specifies the waiting period before a bridge changes to a new state, for example, becomes the new root bridge after the topology changes.
PAGE 386
Chapter 25: STP Commands Examples The following command sets the switch’s bridge priority value to 45,056 (increment 11): set stp priority=11 The following command sets the hello time to 7 seconds and the forwarding delay to 25 seconds: set stp hellotime=7 forwarddelay=25 The following command returns all STP parameters on the switch to the default values: set stp default 386
PAGE 387
AT-S62 Command Line User’s Guide SET STP PORT Syntax set stp port=port [pathcost|portcost=auto|portcost] [portpriority=portpriority] Parameters port Specifies the port you want to configure. You can configure more than one port at a time. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22). pathcost portcost Specifies the port’s cost. The parameters are equivalent.
PAGE 388
Chapter 25: STP Commands portpriority Specifies the port’s priority. This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge. The range is 0 to 240 in increments of 16. There are sixteen increments. The increments are listed in Table 4. You specify the increment of the desired value. The default is 128 (increment 8).
PAGE 389
AT-S62 Command Line User’s Guide SET SWITCH MULTICASTMODE Syntax set switch multicastmode=a|b|c|d Parameter multicastmode Specifies one of the following: a Discards all ingress spanning tree BPDU and 802.1x EAPOL packets on all ports. b Forwards ingress spanning tree BPDU and 802.1x EAPOL packets across all VLANs and ports. c Forwards ingress BPDU and EAPOL packets only among the untagged ports of the VLAN where the ingress port is a member.
PAGE 390
Chapter 25: STP Commands There are four possible states: A, B, C, and D. The states are described here: A - Discards all ingress spanning tree BPDU and 802.1x EAPOL packets on all ports. The switch behaves as follows: ❑ If STP, RSTP, and MSTP are disabled, all ingress BPDUs are discarded. ❑ If 802.1x port-based access control is disabled, all ingress EAPOL packets are discarded. B - Forwards ingress spanning tree BPDU and 802.1x EAPOL packets across all VLANs and ports. This is the default setting.
PAGE 391
AT-S62 Command Line User’s Guide SHOW STP Syntax show stp [port=port] Parameter port Specifies the port whose STP parameters you want to view. You can view more than one port at a time.You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22).
PAGE 392
Chapter 26 RSTP Commands This chapter contains the following commands: ❑ ACTIVATE RSTP on page 393 ❑ DISABLE RSTP on page 394 ❑ ENABLE RSTP on page 395 ❑ PURGE RSTP on page 396 ❑ SET RSTP on page 397 ❑ SET RSTP PORT on page 401 ❑ SHOW RSTP on page 404 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on the Rapid Spanning Tree Protocol (RSTP).
PAGE 393
AT-S62 Command Line User’s Guide ACTIVATE RSTP Syntax activate rstp Parameters None. Description Use this command to designate RSTP as the active spanning tree on the switch. Once you have selected RSTP, you can enable or disable it using the ENABLE RSTP and DISABLE RSTP commands. RSTP is active on a switch only after you have designated it as the active spanning tree with this command and enabled it with the ENABLE RSTP command.
PAGE 394
Chapter 26: RSTP Commands DISABLE RSTP Syntax disable rstp Parameters None. Description This command disables the Rapid Spanning Tree Protocol on the switch. To view the current status of RSTP, use SHOW RSTP on page 404.
PAGE 395
AT-S62 Command Line User’s Guide ENABLE RSTP Syntax enable rstp Parameters None. Description This command enables the Rapid Spanning Tree Protocol on the switch. The default setting for RSTP is disabled. To view the current status of RSTP, use SHOW RSTP on page 404. You cannot enable RSTP until you have activated it with the ACTIVATE RSTP command.
PAGE 396
Chapter 26: RSTP Commands PURGE RSTP Syntax purge rstp Parameters None. Description This command returns all RSTP bridge and port parameters to the default settings. RSTP must be disabled before you can use this command. To disable RSPT, refer to DISABLE RSTP on page 394.
PAGE 397
AT-S62 Command Line User’s Guide SET RSTP Syntax set rstp [default] [priority=priority] [hellotime=hellotime] [forwarddelay=forwarddelay] [maxage=maxage] [rstptype|forceversion=stpcompatible| forcestpcompatible|normalrstp] Parameters default Returns all bridge and port RSTP settings to the default values. This parameter cannot be used with any other command parameter and only when RSTP is disabled. (This parameter performs the same function as the PURGE RSTP command.
PAGE 398
Chapter 26: RSTP Commands Table 5 Bridge Priority Value Increments Increment Bridge Priority Increment Bridge Priority 7 28672 15 61440 hellotime Specifies the time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds. forwarddelay Specifies the waiting period before a bridge changes to a new state, for example, becomes the new root bridge after the topology changes.
PAGE 399
AT-S62 Command Line User’s Guide forcestpcompatible The bridge uses the RSTP parameter settings, but transmits only STP BPDU packets from the ports. This option is equivalent to the STPCOMPATIBLE option. normalrspt The bridge uses RSTP. It transmits RSTP BPDU packets, except on ports connected to bridges running STP. This is the default setting. Description This command configures the following RSTP parameter settings.
PAGE 400
Chapter 26: RSTP Commands The following command returns all RSTP parameter settings to their default values: set rstp default 400
PAGE 401
AT-S62 Command Line User’s Guide SET RSTP PORT Syntax set rstp port=port [pathcost|portcost=cost|auto] [portpriority=portpriority] [edgeport=yes|no|on|off|true|false] [ptp|pointtopoint=yes|no|on|off|true|false| autoupdate] [migrationcheck=yes|no|on|off|true|false] Parameters port Specifies the port you want to configure. You can specify more than one port at a time. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22).
PAGE 402
Chapter 26: RSTP Commands Table 7 lists the RSTP port costs with Auto-Detect when the port is part of a port trunk. Table 7 RSTP Auto-Detect Port Trunk Costs portpriority Port Speed Port Cost 10 Mbps 20,000 100 Mbps 20,000 1000 Mbps 2,000 Specifies the port’s priority. This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge. The range is 0 to 240 in increments of 16. There are sixteen increments.
PAGE 403
AT-S62 Command Line User’s Guide no, off, false ptp pointtopoint The port is not an edge port. The values are equivalent. Defines whether the port is functioning as a pointto-point port. The parameters are equivalent. This type of port is connected to a device operating at full-duplex mode. Values are: yes, on, true The port is an point-to-point port. The values are equivalent. no, off, false The port is not an point-to-point port. The parameters are equivalent. are equivalent.
PAGE 404
Chapter 26: RSTP Commands SHOW RSTP Syntax show rstp [portconfig=port|portstate=port] Parameters portconfig Displays the RSTP port settings. You can specify more than one port at a time. portstate Displays the RSTP port status. You can specify more than one port at a time. Description You can use this command to display the RSTP parameter settings.
PAGE 405
AT-S62 Command Line User’s Guide The following command displays RSTP port status for port 15: show rstp portstate=15 405
PAGE 406
Chapter 27 MSTP Commands This chapter contains the following commands: ❑ ACTIVATE MSTP on page 408 ❑ ADD MSTP on page 409 ❑ CREATE MSTP on page 410 ❑ DELETE MSTP on page 411 ❑ DESTROY MSTP MSTIID on page 412 ❑ DISABLE MSTP on page 413 ❑ ENABLE MSTP on page 414 ❑ PURGE MSTP on page 415 ❑ SET MSTP on page 416 ❑ SET MSTP CIST on page 419 ❑ SET MSTP MSTI on page 421 ❑ SET MSTP MSTIVLANASSOC on page 423 ❑ SET MSTP PORT on page 424 ❑ SHOW MSTP on page 429 Note Remember to save your changes with the SAVE CONFIGU
PAGE 407
AT-S62 Command Line User’s Guide Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on the Multiple Spanning Tree Protocol.
PAGE 408
Chapter 27: MSTP Commands ACTIVATE MSTP Syntax activate mstp Parameters None. Description This command designates MSTP as the active spanning tree on the switch. You cannot enable MSTP or configure its parameters until after you have designated it as the active spanning tree with this command. Only one spanning tree protocol can be active on the switch at a time.
PAGE 409
AT-S62 Command Line User’s Guide ADD MSTP Syntax add mstp mstiid=mstiid mstivlanassoc=vids Parameters mstiid Specifies the ID of the multiple spanning tree instance (MSTI) to which you want to associate VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. mstivlanassoc Specifies the VID of the VLAN you want to associate with the MSTI ID. You can specify more than one VID at a time (for example, 2,5,44). Description This command associates VLANs to a MSTI.
PAGE 410
Chapter 27: MSTP Commands CREATE MSTP Syntax create mstp mstiid=mstiid [mstivlanassoc=vids] Parameters mstiid Specifies the MSTI ID of the spanning tree instance you want to create. You can specify only one MSTI ID at a time. The range is 1 to 15. mstivlanassoc Specifies the VID of the VLAN you want to associate with the MSTI ID. You can specify more than one VID at a time (for example, 2,5,44). Description This command creates an MSTI ID and associates VLANs to the new spanning tree instance.
PAGE 411
AT-S62 Command Line User’s Guide DELETE MSTP Syntax delete mstp mstiid=mstiid mstivlanassoc=vids Parameters mstiid Specifies the MSTI ID of the spanning tree instance where you want to remove VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. mstivlanassoc Specifies the VID of the VLAN you want to remove from the spanning tree instance. You can specify more than one VID at a time (for example, 2,5,44). Description This command removes a VLAN from a spanning tree instance.
PAGE 412
Chapter 27: MSTP Commands DESTROY MSTP MSTIID Syntax destroy mstp mstiid=mstiid Parameter mstiid Specifies the MSTI ID of the spanning tree instance you want to delete. You can specify only one MSTI ID at a time. The range is 1 to 15. Description This command deletes a spanning tree instance. VLANs associated with a deleted MSTI are returned to CIST.
PAGE 413
AT-S62 Command Line User’s Guide DISABLE MSTP Syntax disable mstp Parameters None. Description This command disables the Multiple Spanning Tree Protocol on the switch. To view the current status of MSTP, refer to SHOW MSTP on page 429.
PAGE 414
Chapter 27: MSTP Commands ENABLE MSTP Syntax enable mstp Parameters None. Description This command enables Multiple Spanning Tree Protocol on the switch. To view the current status of MSTP, refer to SHOW MSTP on page 429. You must select MSTP as the active spanning tree on the switch before you can enable it with this command.
PAGE 415
AT-S62 Command Line User’s Guide PURGE MSTP Syntax purge mstp Parameters None. Description This command returns all MSTP bridge and port parameters settings to their default values. This command also deletes all multiple spanning tree instances and VLAN associations. In order for you to use this command, MSTP must be the active spanning tree protocol on the switch and the protocol must be disabled. To select MSTP as the active spanning tree protocol on the switch, see ACTIVATE MSTP on page 408.
PAGE 416
Chapter 27: MSTP Commands SET MSTP Syntax set mstp [default] [forceversion=stpcompatible|forcestpcompatible| normalmstp] [hellotime=hellotime] [forwarddelay=forwarddelay] [maxage=maxage] [maxhops=maxhops] [configname=”name”] [revisionlevel=number] Parameters default Disables MSTP and returns all bridge and port MSTP settings to the default values. This parameter cannot be used with any other parameter. (This parameter performs the same function as the RESET MSTP command.
PAGE 417
AT-S62 Command Line User’s Guide normalmspt The bridge uses MSTP. The bridge sends out MSTP BPDU packets from all ports except for those ports connected to bridges running STP. This is the default setting. hellotime Specifies the time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds.
PAGE 418
Chapter 27: MSTP Commands revisionlevel Specifies the revision level of an MSTP region. The range is 0 (zero) to 255. This is an arbitrary number that you assign to a region. The revision level must be the same on all bridges in a region. Different regions can have the same revision level without conflict. Description This command configures the following MSTP parameter settings.
PAGE 419
AT-S62 Command Line User’s Guide SET MSTP CIST Syntax set mstp cist priority=priority Parameter priority Specifies the CIST priority number for the switch. The range is 0 to 61,440 in increments of 4,096. The range is divided into sixteen increments, as shown in the following table. You specify the increment that represents the desired bridge priority value. The default value is 32,768, which is increment 8.
PAGE 420
Chapter 27: MSTP Commands Example The following command sets the CIST priority value to 45,056, which is increment 11: set mstp cist priority=11 420
PAGE 421
AT-S62 Command Line User’s Guide SET MSTP MSTI Syntax set mstp msti mstiid=mstiid priority=priority Parameters mstiid Specifies a MSTI ID. You can specify only one MSTI ID at a time. The range is 1 to 15. priority Specifies the MSTI priority value for the switch. The range is 0 to 61,440 in increments of 4,096. The range is divided into sixteen increments, as shown in the following table. You specify the increment that represents the desired bridge priority value.
PAGE 422
Chapter 27: MSTP Commands The PRIORITY parameter specifies the new MSTI priority value. The range is 0 (zero) to 61,440 in increments of 4,096, with 0 being the highest priority.
PAGE 423
AT-S62 Command Line User’s Guide SET MSTP MSTIVLANASSOC Syntax set mstp mstivlanassoc mstiid=mstiid vlanlist=vids Parameters mstiid Specifies the ID of the spanning tree instance where you want to associate VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. vlanlist Specifies the VID of the VLAN you want to associate with the MSTI ID. You can specify more than one VID at a time (for example, 2,5,44). If VLANs have already been associated with the MSTI, they are overwritten.
PAGE 424
Chapter 27: MSTP Commands SET MSTP PORT Syntax 1 set mstp port=port|all [extportcost=portcost] [edgeport=yes|no|no|on|off|true|false] [ptp|pointtopoint=yes|no|on|off|true|false| autoupdate] [migrationcheck=yes|no|on|off|true|false] Syntax 2 set mstp port=port|all [intportcost=auto|portcost] [portpriority=priority] [stpid=msti_id] Parameters port Specifies the port you want to configure. You can specify more than one port at a time. To configure all ports in the switch, enter ALL.
PAGE 425
AT-S62 Command Line User’s Guide Table 12 Auto External Path Trunk Costs edgeport ptp pointtopoint Port Speed Port Cost 100 Mbps 20,000 1000 Mbps 2,000 Defines whether the port is functioning as an edge port. An edge port is connected to a device operating at half-duplex mode and is not connected to any device running STP or MSTP. Selections are: yes, on, true The port is an edge port. These values are equivalent. This is the default. no, off, false The port is not an edge port.
PAGE 426
Chapter 27: MSTP Commands Note Each time a MSTP port is reset by receiving STP BPDUs, set the migrationcheck parameter to yes, allowing the port to send MSTP BPDUs. intportcost Specifies the cost of a port connected to a bridge that is part of the same MSTP region. This is referred to as an internal port cost. The range is 0 to 200,000,000. The default setting is Auto-detect (0), which sets port cost depending on the speed of the port.
PAGE 427
AT-S62 Command Line User’s Guide untagged and tagged ports whose VLANs belong to more than one MSTI. You can specify more than one MSTI at a time (e.g., 4,6,11). If the VLANs of a port belong to just one MSTI, you can omit this parameter. Description This command sets a port’s MSTP settings. The command is illustrated in two syntaxes to represent the two groups of MSTI port parameters. The first group is referred to as generic parameters.
PAGE 428
Chapter 27: MSTP Commands Syntax 2 Examples The following command sets the internal port cost to 500 for Ports 7 and 10. If the ports are members of more than one VLAN and the VLANs are assigned to more than one MSTI, the new internal port cost is assigned to all of their MSTI assignments: set mstp port=7,10 intportcost=500 This example illustrates the STPID parameter. This parameter is used when a port belongs to more than one VLAN and the VLANs are assigned to different MSTIs.
PAGE 429
AT-S62 Command Line User’s Guide SHOW MSTP Syntax show mstp [portconfig=ports] [portstate=ports] [stpid=msti_id] [mstistate] [cist] [mstivlanassoc] Parameters portconfig Displays the MSTP settings of a port. You can specify more than one port at a time. For a list of the MSTP information displayed by this parameter, refer to Description below. portstate Displays the MSTP state of a port. You can specify more than one port at a time.
PAGE 430
Chapter 27: MSTP Commands Entering SHOW MSTP without any parameters displays the following MSTP settings: ❑ MSTP status ❑ Force version ❑ Hello time ❑ Forwarding delay ❑ Maximum age ❑ Maximum hops ❑ Configuration name ❑ Reversion level ❑ Bridge identifier The PORTCONFIG parameter displays the following MSTP port parameter settings: ❑ Edge-port status ❑ Point-to-point status ❑ External and internal port costs ❑ Port priority The PORTSTATE parameter displays the following MSTP port status information: ❑ MSTP
PAGE 431
AT-S62 Command Line User’s Guide ❑ Path cost ❑ Associated VLANs The CIST parameter displays the following CIST information: ❑ CIST priority value ❑ Root ID ❑ Root path cots ❑ Regional root ID ❑ Regional root path cost ❑ Associated VLANs The MSTIVLANASSOC parameter displays the VLAN to MSTI associations.
PAGE 432
Chapter 28 VLANs and Multiple VLAN Mode Commands This chapter contains the following commands: ❑ ADD VLAN on page 433 ❑ CREATE VLAN on page 435 ❑ DELETE VLAN on page 439 ❑ DESTROY VLAN on page 442 ❑ SET SWITCH INFILTERING on page 443 ❑ SET SWITCH MANAGEMENTVLAN on page 444 ❑ SET SWITCH VLANMODE on page 445 ❑ SET VLAN on page 447 ❑ SHOW VLAN on page 448 Note Remember to use the SAVE CONFIGURATION command to save your changes on the switch.
PAGE 433
AT-S62 Command Line User’s Guide ADD VLAN Syntax 1 add vlan=name [vid=vid] port=ports|all frame=untagged|tagged Syntax 2 add vlan=name [vid=vid] taggedports=ports|all untaggedports=ports|all Parameters vlan Specifies the name of the VLAN you want to modify. vid Specifies the VID of the VLAN you want to modify. This parameter is optional. port Specifies the ports to be added to the VLAN.
PAGE 434
Chapter 28: VLANs and Multiple VLAN Commands This command has two syntaxes. You can use either command to add ports to a VLAN. The difference between the two is that Syntax 1 can add only one type of port, tagged or untagged, at a time to a VLAN, while Syntax 2 can add both in the same command. This is illustrated in Examples below. When you add untagged ports to a VLAN, the ports are automatically removed from their current untagged VLAN assignment.
PAGE 435
AT-S62 Command Line User’s Guide CREATE VLAN Syntax 1 create vlan=name vid=vid port=ports|all frame=untagged|tagged Syntax 2 create vlan=name vid=vid taggedports=ports|all untaggedports=ports|all Parameters vlan Specifies the name of the VLAN. You must assign a name to a VLAN. The name can be from 1 to 20 characters in length and should reflect the function of the nodes that will be a part of the VLAN (for example, Sales or Accounting).
PAGE 436
Chapter 28: VLANs and Multiple VLAN Commands port Specifies the ports on the switch that are either tagged or untagged members of the new VLAN. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22). To specify all ports on the switch, use ALL. This parameter must be followed by the FRAME parameter. frame Specifies whether the ports of the VLAN are to be tagged or untagged. This parameter must be used with the PORT parameter.
PAGE 437
AT-S62 Command Line User’s Guide Tagged ports of the new VLAN remain as tagged and untagged members of their current VLAN assignments. No change is made to a tagged port’s current VLAN assignments, other than its addition to the new VLAN. This is because a tagged port can belong to more than one VLAN at a time. For example, if you add port 6 as a tagged port to a new VLAN, port 6 remains a member of its other current untagged and tagged VLAN assignments.
PAGE 438
Chapter 28: VLANs and Multiple VLAN Commands Syntax 2 allows you to create a VLAN of both tagged and untagged ports all in one command. Here is the command that would create our example: create vlan=Service vid=16 untaggedports=1,4,5-7 taggedports=11-12 That’s the advantage of Syntax 2 over Syntax 1. You can create VLANs containing both types of ports with one rather than two commands.
PAGE 439
AT-S62 Command Line User’s Guide DELETE VLAN Syntax 1 delete vlan=name [vid=vid] port=ports frame=untagged|tagged Syntax 2 delete vlan=name [vid=vid] taggedports=ports untaggedports=ports Parameters vlan Specifies the name of the VLAN to be modified. vid Specifies the VID of the VLAN to be modified. This parameter is optional. port Specifies the ports to be removed from the VLAN. This parameter must be used with the FRAME parameter. frame Identifies the ports to be removed as tagged or untagged.
PAGE 440
Chapter 28: VLANs and Multiple VLAN Commands Note You cannot change a VLAN’s name or VID. When you remove an untagged port from a VLAN, the following happens: ❑ The port is returned to the Default_VLAN as an untagged port. ❑ If the port is also a tagged member of other VLANS, those VLAN assignments are not changed. The port remains a tagged member of the other VLANs. For example, if you remove Port 4 from a VLAN, the port is automatically returned as an untagged port to the Default VLAN.
PAGE 441
AT-S62 Command Line User’s Guide To delete both tagged and untagged ports from a VLAN using Syntax 1 takes two commands.
PAGE 442
Chapter 28: VLANs and Multiple VLAN Commands DESTROY VLAN Syntax destroy vlan vlan=name|all [vid=vid] Parameters vlan Specifies the name of the VLAN to be deleted. To delete all VLANs, use the ALL option. vid Specifies the VID of the VLAN to be deleted. This parameter is optional. Description You can use this command, when the switch is operating in the userconfigure VLAN mode, to delete port-based and tagged VLANs from a switch.
PAGE 443
AT-S62 Command Line User’s Guide SET SWITCH INFILTERING Syntax set switch infiltering=yes|no|on|off|true|false Parameters infiltering Specifies the operating status of ingress filtering. The options are: yes, on, true Activates ingress filtering. The values are equivalent. This is the default. no, off, false Deactivates ingress filtering. The values are equivalent. Description This command controls the status of ingress filtering.
PAGE 444
Chapter 28: VLANs and Multiple VLAN Commands SET SWITCH MANAGEMENTVLAN Syntax set switch managementvlan=name|VID Parameter managementvlan Specifies the management VLAN. You can specify the VLAN by name or by its VID. You can specify only one management VLAN. The default management VLAN is Default_VLAN (VID 1). Description This command sets the management VLAN. The switch uses this VLAN to watch for management packets from Telnet and web browser management sessions.
PAGE 445
AT-S62 Command Line User’s Guide SET SWITCH VLANMODE Syntax set switch vlanmode=userconfig|dotqmultiple| multiple [uplinkport=port] Parameters vlanmode uplinkport Controls the switch’s VLAN mode. Options are: userconfig This mode allows you to create your own port-based and tagged VLANs. This is the default setting. dotqmultiple This option configures the switch for the 802.1Q-compliant multiple VLAN mode. multiple This option configures the switch for the non-802.1Q compliant multiple VLAN mode.
PAGE 446
Chapter 28: VLANs and Multiple VLAN Commands The following command sets the switch so that you can create your own port-based and tagged VLANs: set switch vlanmode=userconfig 446
PAGE 447
AT-S62 Command Line User’s Guide SET VLAN Syntax set vlan=name [vid=vid] type=portbased Parameter vlan Specifies the name of the dynamic GVRP VLAN you want to convert into a static VLAN. To view VLAN names, refer to SHOW VLAN on page 448. vid Specifies the VID of the dynamic VLAN. To view VIDs, refer to SHOW VLAN on page 448. This parameter is optional. type Specifies the type of static VLAN to which the dynamic VLAN is to be converted. There is only one option: PORTBASED.
PAGE 448
Chapter 28: VLANs and Multiple VLAN Commands SHOW VLAN Syntax show vlan[=name|vid] Parameter vlan Specifies the name or VID of a VLAN.
PAGE 449
Chapter 29 GARP VLAN Registration Protocol Commands This chapter contains the following commands: ❑ DISABLE GARP on page 450 ❑ ENABLE GARP on page 451 ❑ PURGE GARP on page 452 ❑ SET GARP PORT on page 453 ❑ SET GARP TIMER on page 454 ❑ SHOW GARP on page 456 ❑ SHOW GARP COUNTER on page 457 ❑ SHOW GARP DATABASE on page 459 ❑ SHOW GARP GIP on page 460 ❑ SHOW GARP MACHINE on page 461 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 450
Chapter 29: GARP VLAN Registration Protocol Commands DISABLE GARP Syntax disable garp=gvrp [gip] Parameters garp Specifies the GARP application you want to disable. The only GARP application supported by AT-S62 management software is GVRP. gip Disables GARP Information Propagation (GIP). Note The online help for this command contains an STP option. The option is not supported. Description This command disables GVRP on the switch.
PAGE 451
AT-S62 Command Line User’s Guide ENABLE GARP Syntax enable garp=gvrp [gip] Parameters garp Specifies the GARP application you want to enable. The only GARP application supported by AT-S62 management software is GVRP. gip Enables GARP Information Propagation (GIP). Note The online help for this command contains an STP option. The option is not supported. Description This command enables GVRP on the switch. Once activated, the switch will learn dynamic GVRP VLANs and dynamic GVRP ports.
PAGE 452
Chapter 29: GARP VLAN Registration Protocol Commands PURGE GARP Syntax purge garp=gvrp Parameter garp Specifies the GARP application you want to reset. The only GARP application supported by AT-S62 management software is GVRP. Note The online help for this command contains an STP option. The option is not supported. Description This command disables GVRP on the switch and returns the GVRP timers values to their default settings. All GVRP-related statistics counters are returned to zero.
PAGE 453
AT-S62 Command Line User’s Guide SET GARP PORT Syntax set garp=gvrp port=port mode=normal|none Parameters garp Specifies the GARP application you want to configure. The only GARP application supported by AT-S62 management software is GVRP. port Specifies the port you want to configure on the switch. You can specify more than one port at a time. mode Specifies the GVRP mode of the port. Modes are: normal The port will participate in GVRP. The port will process GVRP information and transmit PDUs.
PAGE 454
Chapter 29: GARP VLAN Registration Protocol Commands SET GARP TIMER Syntax set garp=gvrp timer [default] [jointime=integer] [leavetime=integer] [leavealltime=integer] Parameters garp Specifies the GARP application you want to configure. The only GARP application supported by AT-S62 management software is GVRP. default Returns the GARP timers to their default settings. jointime Specifies the Join Timer in centi seconds, which are one hundredths of a second. The default is 20 centi seconds.
PAGE 455
AT-S62 Command Line User’s Guide Examples The following command sets the Join Period timer to 0.1 second, Leave Period timer to 0.
PAGE 456
Chapter 29: GARP VLAN Registration Protocol Commands SHOW GARP Syntax show garp=gvrp Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S62 management software is GVRP. Note The online help for this command contains an STP option. The option is not supported.
PAGE 457
AT-S62 Command Line User’s Guide SHOW GARP COUNTER Syntax show garp=gvrp counter Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S62 management software is GVRP.
PAGE 458
Chapter 29: GARP VLAN Registration Protocol Commands ❑ Transmit GARP Messages: LeaveEmpty ❑ Receive GARP Messages: LeaveIn ❑ Transmit GARP Messages: LeaveIn ❑ Receive GARP Messages: Empty ❑ Transmit GARP Messages: Empty ❑ Receive GARP Messages: Bad Message ❑ Receive GARP Messages: Bad Attribute Example The following command displays the above GARP counters: show garp=gvrp counter 458
PAGE 459
AT-S62 Command Line User’s Guide SHOW GARP DATABASE Syntax show garp=gvrp database Parameters garp Specifies the GARP application you want to display. The only GARP application supported by AT-S62 management software is GVRP. Description This command displays the following parameters for the internal database for the GARP application. Each attribute is represented by a GID index within the GARP application.
PAGE 460
Chapter 29: GARP VLAN Registration Protocol Commands SHOW GARP GIP Syntax show garp=gvrp gip Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S62 management software is GVRP.
PAGE 461
AT-S62 Command Line User’s Guide SHOW GARP MACHINE Syntax show garp=gvrp machine Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S62 management software is GVRP. Description This command displays the following parameters for the GID state machines for the GARP application. The output is shown on a per-GID index basis; each attribute is represented by a GID index within the GARP application.
PAGE 462
Chapter 30 Protected Ports VLAN Commands This chapter contains the following commands: ❑ ADD VLAN GROUP on page 463 ❑ CREATE VLAN PORTPROTECTED on page 466 ❑ DELETE VLAN on page 467 ❑ DESTROY VLAN on page 469 ❑ SET VLAN on page 470 ❑ SHOW VLAN on page 471 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on protected ports VLANs, refer to the AT-S62 Management Software Menus Interface User’s Guide.
PAGE 463
AT-S62 Command Line User’s Guide ADD VLAN GROUP Syntax 1 add vlan=name|vid ports=ports frame=tagged|untagged group=uplink|1..256 Syntax 2 add vlan=name|vid [taggedports=ports] [untaggedports=ports] group=uplink|1..256 Parameters vlan Specifies the name or VID of the protected ports VLAN where ports are to be added. You can identify the VLAN by either its name or VID. ports Specifies the uplink port(s) or the ports of a group.
PAGE 464
Chapter 30: IGMP Snooping Commands Note the following before using this command: ❑ You must first create the protected ports VLAN by giving it a name and a VID before you can add ports. Creating a VLAN is accomplished with CREATE VLAN PORTPROTECTED on page 466. ❑ Both command syntaxes perform the same function. The difference is that with syntax 1 you can add ports of only one type, tagged or untagged, at a time. With syntax 2, you can add both at the same time.
PAGE 465
AT-S62 Command Line User’s Guide The following command does the same thing using syntax 2: add vlan=InternetGroups untaggedports=5,6 group=4 465
PAGE 466
Chapter 30: IGMP Snooping Commands CREATE VLAN PORTPROTECTED Syntax create vlan=name vid=vid portprotected Parameters vlan Specifies the name of the new protected ports VLAN. The name can be from one to fifteen alphanumeric characters in length. The name should reflect the function of the nodes that will be a part of the protected ports VLAN (for example, InternetGroups). The name cannot contain spaces or special characters, such as an asterisk (*) or exclamation point (!).
PAGE 467
AT-S62 Command Line User’s Guide DELETE VLAN Syntax 1 delete vlan=name|vid ports=ports frame=tagged|untagged Syntax 2 delete vlan=name|vid [taggedports=ports] [untaggedports=ports] Parameters vlan Specifies the name or VID of the VLAN to be modified. You can specify the VLAN by its name or VID. port Specifies the port to be removed from the VLAN. You can specify more than one port at a time. This parameter must be used with the FRAME parameter.
PAGE 468
Chapter 30: IGMP Snooping Commands ❑ Deleted untagged ports are returned to the Default_VLAN as untagged. ❑ You can delete ports from only one group at a time.
PAGE 469
AT-S62 Command Line User’s Guide DESTROY VLAN Syntax destroy vlan=name|vid|all Parameters vlan Specifies the name or VID of the VLAN to be destroyed. To delete all tagged, port-based, and protected ports VLANs on the switch, use the ALL option. Description This command deletes VLANs from the switch. You can use this command to delete tagged, port-based, and protected port VLANs. All untagged ports in a deleted VLAN are automatically returned to the Default_VLAN. You cannot delete the Default_VLAN.
PAGE 470
Chapter 30: IGMP Snooping Commands SET VLAN Syntax set vlan=name|vid port=ports frame=tagged|untagged Parameters vlan Specifies the name or VID of the VLAN to be modified. ports Specifies the port whose VLAN type is to be changed. You can specify more than one port at a time. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-22), or both (for example, 1, 5, 14-22). frame Identifies the new VLAN type for the port. The type can be tagged or untagged.
PAGE 471
AT-S62 Command Line User’s Guide SHOW VLAN Syntax show vlan[=name|vid] Parameter vlan Specifies the name or VID of the VLAN you want to view. Omitting this displays all VLANs. Description This command displays information about the VLANs on the switch. The information includes the names and VIDs of the VLANs, and the tagged and untagged port members. If you are displaying a protected ports VLAN, the information also includes the group and port associations.
PAGE 472
Chapter 31 MAC Address Security Commands This chapter contains the following commands: ❑ SET SWITCH PORT INTRUSIONACTION on page 473 ❑ SET SWITCH PORT SECURITYMODE on page 474 ❑ SHOW SWITCH PORT INTRUSION on page 477 ❑ SHOW SWITCH PORT SECURITYMODE on page 478 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on port security.
PAGE 473
AT-S62 Command Line User’s Guide SET SWITCH PORT INTRUSIONACTION Syntax set switch port=port intrusionaction=discard|trap|disable Parameters port Specifies the port where you want to change the intrusion action. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). intrusionaction Specifies the intrusion action. Options are: discard Discards an invalid frame.
PAGE 474
Chapter 31: Port Security Commands SET SWITCH PORT SECURITYMODE Syntax set switch port=port [securitymode=automatic|limited|secured|locked] [intrusionaction=discard|trap|disable] [learn=integer] [participate=yes|no|on|off|true|false] Parameters port Specifies the port where you want to set security. You can specify more than one port at a time.You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22).
PAGE 475
AT-S62 Command Line User’s Guide intrusionaction Specifies the action taken by the port in the event port security is violated. This parameter applies only to the Limited security mode. Intrusion actions are: discard Discards invalid frames. This is the default setting. trap Discards invalid frames and sends a SNMP trap. disable Discards invalid frames, sends an SNMP trap, and disables the port. learn Specifies the maximum number of dynamic MAC addresses a port on the switch can learn.
PAGE 476
Chapter 31: Port Security Commands Examples This command sets the security level for port 8 to the Limited mode and specifies a limit of 5 dynamic MAC addresses. Since no intrusion action is specified, the discard action is assigned by default: set switch port=8 securitymode=limited learn=5 This command sets the security level for ports 9 and 12 to the Limited mode and specifies a limit of 15 dynamic MAC addresses per port.
PAGE 477
AT-S62 Command Line User’s Guide SHOW SWITCH PORT INTRUSION Syntax show switch port=port intrusion Parameters port Specifies the port where you want to view the number of intrusions that have occurred. You can specify more than one port at a time. Description This command displays the number of times a port has detected an intrusion violation.
PAGE 478
Chapter 31: Port Security Commands SHOW SWITCH PORT SECURITYMODE Syntax show switch port=port securitymode Parameters port Specifies the port whose security mode settings you want to view. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command displays the security mode settings for the ports on the switch.
PAGE 479
Chapter 32 802.
PAGE 480
Chapter 32: 802.1x Port-based Access Control Commands DISABLE PORTACCESS|PORTAUTH Syntax disable portaccess|portauth Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters None. Description This command disables 802.1x Port-based Access Control on your switch. This is the default setting. Example The following command disables 802.
PAGE 481
AT-S62 Command Line User’s Guide DISABLE RADIUSACCOUNTING Syntax disable radiusaccounting Parameters None Description This command disables RADIUS accounting on the switch. This command is equivalent to the SET RADIUSACCOUNTING STATUS=DISABLED command.
PAGE 482
Chapter 32: 802.1x Port-based Access Control Commands ENABLE PORTACCESS|PORTAUTH Syntax enable portaccess|portauth Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters None. Description This command activates 802.1x Port-based Access Control on the switch. The default setting for this feature is disabled. Note You should activate and configure the RADIUS client software on the switch before you activate port-based access control. Refer to SET AUTHENTICATION on page 551.
PAGE 483
AT-S62 Command Line User’s Guide ENABLE RADIUSACCOUNTING Syntax enable radiusaccounting Parameters None Description This command enables RADIUS accounting on the switch. This command is equivalent to the SET RADIUSACCOUNTING STATUS=ENABLED command.
PAGE 484
Chapter 32: 802.
PAGE 485
AT-S62 Command Line User’s Guide authentication messages between the client and the authentication server. Each client that attempts to access the network is uniquely identified by the switch by using the client's MAC address. This is the default setting. authorised forceauthenticate Disables 802.1X port-based authentication and causes the port to transition to the authorized state without any authentication exchange required. The port transmits and receives normal traffic without 802.
PAGE 486
Chapter 32: 802.1x Port-based Access Control Commands disabled Specifies that reauthentication by the client is not required after the initial authentication. Reauthentication is only required if there is a change to the status of the link between the supplicant and the switch or the switch is reset or power cycled. txperiod Sets the number of seconds that the switch waits for a response to an EAP-request/identity frame from the client before retransmitting the request. The default value is 30 seconds.
PAGE 487
AT-S62 Command Line User’s Guide You can use this selection to control how an Authenticator port will handle egress broadcast and multicast traffic when in the unauthorized state. You can instruct the port to forward this traffic to the client, even though the client has not logged on, or you can have the port discard the traffic. The two selections are: piggyback ingress An authenticator port, when in the unauthorized state, will discard all ingress broadcast and multicast packets from the client.
PAGE 488
Chapter 32: 802.1x Port-based Access Control Commands Examples This command sets ports 4 to 6 to the Authenticator role: set portaccess port=4-6 role=authenticator The following command sets port 7 to the Authenticator role.
PAGE 489
AT-S62 Command Line User’s Guide SET PORTACCESS|PORTAUTH PORT ROLE=SUPPLICANT Syntax set portaccess|portauth port=port type|role=supplicant|none [authperiod=value] [heldperiod=value] [maxstart=value] [startperiod=value] [username|name=name] [password=password] Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters port Specifies the port that you want to set to the Supplicant role or whose Supplicant settings you want to adjust. You can specify more than one port at a time.
PAGE 490
Chapter 32: 802.1x Port-based Access Control Commands startperiod Specifies the time period in seconds between successive attempts by the supplicant to establish contact with an authenticator when there is no reply. The range is 1 to 60. The default is 30. username name Specifies the username for the switch port. The parameters are equivalent. The port sends the name to the authentication server for verification when the port logs on to the network.
PAGE 491
AT-S62 Command Line User’s Guide SET RADIUSACCOUNTING Syntax set radiusaccounting [status=enabled|disabled] [serverport=value] [type=network] [trigger=start_stop|stop_only] [updateenable=enabled|disabled] [interval=value] Parameters status Activates and deactivate RADIUS accounting on the switch. Options are: enabled Activates RADIUS accounting. This option is equivalent to the ENABLE RADIUSACCOUNTING command. disabled Deactivates the feature. This is the default.
PAGE 492
Chapter 32: 802.1x Port-based Access Control Commands interval Specifies the intervals at which the switch is to send interim accounting updates to the RADIUS server. The range is 30 to 300 seconds. The default is 60 seconds. Description RADIUS accounting is supported on those switch ports operating in the Authenticator role.
PAGE 493
AT-S62 Command Line User’s Guide SHOW PORTACCESS|PORTAUTH Syntax show portaccess|portauth config|status Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters config Displays whether port-based access control is enabled or disabled on the switch. status Displays the role and status of each port. Description Use this command to display operating information for port-based access control.
PAGE 494
Chapter 32: 802.1x Port-based Access Control Commands SHOW PORTACCESS|PORAUTH PORT Syntax show portaccess|portauth port=port authenticator|supplicant config|status Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters port Specifies the port whose port-based access control settings you want to view. You can specify more than one port at a time. authenticator Indicates that the port is an authenticator. supplicant Indicates that the port is a supplicant.
PAGE 495
AT-S62 Command Line User’s Guide SHOW RADIUSACCOUNTING Syntax show radiusaccounting Parameters None. Description Use this command to display the current parameter settings for RADIUS accounting. For an explanation of the parameters, refer to SET RADIUSACCOUNTING on page 491.
PAGE 496
Chapter 33 Web Server Commands This chapter contains the following commands: ❑ DISABLE HTTP SERVER on page 497 ❑ ENABLE HTTP SERVER on page 498 ❑ PURGE HTTP SERVER on page 499 ❑ SET HTTP SERVER on page 500 ❑ SHOW HTTP SERVER on page 506 Note Remember to use the SAVE CONFIGURATION command to save your changes. Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on the web server.
PAGE 497
AT-S62 Command Line User’s Guide DISABLE HTTP SERVER Syntax disable http server Parameters None. Description This command disables the web server on the switch. When the server is disabled, you cannot manage the switch from a web browser. To view the current status of the web server, see SHOW HTTP SERVER on page 506. The default setting for the web server is enabled.
PAGE 498
Chapter 33: Web Server Commands ENABLE HTTP SERVER Syntax enable http server Parameters None. Description This command activates the web server on the switch. Activating the server allows you to manage the unit from a web browser. To view the current status of the web server, see SHOW HTTP SERVER on page 506. The default setting for the web server is enabled.
PAGE 499
AT-S62 Command Line User’s Guide PURGE HTTP SERVER Syntax purge http server Parameters None. Description This command resets the web server to its default values. Refer to the AT-S62 Management Software Menus Interface User’s Guide for the web server default values. To view the current web server settings, refer to SHOW HTTP SERVER on page 506.
PAGE 500
Chapter 33: Web Server Commands SET HTTP SERVER Syntax set http server [security=enabled|disabled] [sslkeyid=key-id] [port=port] Parameters security Specifies the security mode of the web server. Possible settings are: enabled Specifies that the web server is to function in the secure HTTPS mode. disabled Specifies that the web server is to function in the non-secure HTTP mode. This is the default. sslkeyid Specifies a key pair ID.
PAGE 501
AT-S62 Command Line User’s Guide Examples The following command configures the web server for the non-secure HTTP mode. Since no port is specified, the default HTTP port 80 is used: set http server security=disabled The following command configures the web server for the secure HTTPS mode. It specifies the key pair ID as 5.
PAGE 502
Chapter 33: Web Server Commands The certificate is assigned the filename “Sw12cert.cer. (The “.cer” extension is not included in the command because the management software adds it automatically.) The certificate is assigned the serial number 0 and a distinguished name of 149.11.11.11, which is the IP address of a master switch: create pki certificate=Sw12cert keypair=4 serialnumber=0 subject=”cn=149.11.11.11” 3. This command adds the new certificate to the certificate database.
PAGE 503
AT-S62 Command Line User’s Guide 8. Add the CA certificates to the certificate database using ADD PKI CERTIFICATE on page 516. 9. Disable the switch’s web server using the command DISABLE HTTP SERVER on page 497. 10. Configure the web server using SET HTTP SERVER on page 500.
PAGE 504
Chapter 33: Web Server Commands 11. Activate the web server using ENABLE HTTP SERVER on page 498 The following is an example of the command sequence for configuring the web server for a CA certificate. It explains how to create an encryption key pair and enrollment request, and how to download the CA certificates on the switch. (The example does not include step 1, setting the system time, nor the procedure for submitting the request to a CA, which will vary depending on the CA’s enrollment requirements.
PAGE 505
AT-S62 Command Line User’s Guide 8. This command configures the web server. It activates HTTPS and specifies the key created in step 1: set http server security=enabled sslkeyid=8 9.
PAGE 506
Chapter 33: Web Server Commands SHOW HTTP SERVER Syntax show http server Parameters None.
PAGE 507
Chapter 34 Encryption Key Commands This chapter contains the following commands: ❑ CREATE ENCO KEY on page 508 ❑ DESTROY ENCO KEY on page 512 ❑ SET ENCO KEY on page 513 ❑ SHOW ENCO on page 514 Note Remember to save your changes with the SAVE CONFIGURATION command. Note The feature is not available in all versions of the AT-S62 management software. Contact your Allied Telesyn sales representative to determine if this feature is available in your locale.
PAGE 508
Chapter 34: Encryption Key Commands CREATE ENCO KEY Syntax 1 create enco key=key-id type=rsa length=value [description=”description”] Syntax 2 create enco key=key-id type=rsa [description=”description”] [file=filename.key] [format=hex|ssh|ssh2] Parameters key Specifies a key ID. The range is 0 to 65,535. The default is 0. When creating a new key this value must be unique from all other key IDs on the switch. type Specifies the type of key, which can only be a random RSA key.
PAGE 509
AT-S62 Command Line User’s Guide hex Specifies a hexadecimal format used to transfer a key between devices other than switches. This is the default. ssh Specifies a format for Secure Shell version 1 users. ssh2 Specifies a format for Secure Shell version 2 users. Description This command serves two functions. One is to create encryption keys. The other is to import and export public encryption keys from the AT-S62 file system to the key database. Caution Key generation is a CPU-intensive process.
PAGE 510
Chapter 34: Encryption Key Commands server key is 768 bits and the recommended length for the host key is 1024 bits. The DESCRIPTION parameter is optional. You can use it to add a description to the key. This can help you identify the different keys on the switch. The description can be up to forty alphanumeric characters. It must be enclosed in quotes and spaces are allowed.
PAGE 511
AT-S62 Command Line User’s Guide If you are exporting a public key from the key database to the file system, the KEY parameter should specify the ID of the key that you want to export. Only the public key of a key pair is exported to the file system. You cannot export a private key. The TYPE parameter specifies the type of key to be imported or exported. The only option is RSA. The FILE parameter specifies the filename of the encryption key. The filename must include the “.key” extension.
PAGE 512
Chapter 34: Encryption Key Commands DESTROY ENCO KEY Syntax destroy enco key=key-id Parameter key Specifies the ID number of the key pair to be deleted from the key database. Description This command deletes an encryption key pair from the key database. This command also deletes a key’s corresponding ”.UKF” file from the file system. Once a key pair is deleted, any SSL certificate created using the public key of the key pair will be invalid and cannot be used to manage the switch.
PAGE 513
AT-S62 Command Line User’s Guide SET ENCO KEY Syntax set enco key=key-id description=”description” Parameters key Specifies the ID number of the key pair whose description you want to change. description Specifies the new description of the key. The description can contain up to 25 alphanumeric characters. Spaces are allowed. The description must be enclosed in double quotes. Description This command changes the description of a key pair.
PAGE 514
Chapter 34: Encryption Key Commands SHOW ENCO Syntax show enco key=key-id Parameters key Specifies the ID of a key whose information you want to display. Description This command displays information about encryption key pairs stored in the key database.
PAGE 515
Chapter 35 Public Key Infrastructure (PKI) Certificate Commands This chapter contains the following commands: ❑ ADD PKI CERTIFICATE on page 516 ❑ CREATE PKI CERTIFICATE on page 518 ❑ CREATE PKI ENROLLMENTREQUEST on page 521 ❑ DELETE PKI CERTIFICATE on page 523 ❑ PURGE PKI on page 524 ❑ SET PKI CERTIFICATE on page 525 ❑ SET PKI CERTSTORELIMIT on page 527 ❑ SET SYSTEM DISTINGUISHEDNAME on page 528 ❑ SHOW PKI on page 529 ❑ SHOW PKI CERTIFICATE on page 530 Note Remember to save your changes with the SAVE CONF
PAGE 516
Chapter 35: Public Key Infrastructure (PKI) Certificate Commands ADD PKI CERTIFICATE Syntax add pki certificate=”name” location=”filename.cer” [trusted=yes|no|on|off|true|false] [type=ca|ee|self] Parameters certificate Specifies a name for the certificate. This is the name for the certificate as it will appear in the certificate database list. The name can up to 40 alphanumeric characters. Spaces are allowed. If the name contains spaces, it must be enclosed in double quotes.
PAGE 517
AT-S62 Command Line User’s Guide Description This command adds a certificate to the certificate database from the AT-S62 file system. To view the certificate files in the file system, refer to SHOW FILE on page 234. To view the certificates already in the database, refer to SHOW PKI CERTIFICATE on page 530. The CERTIFICATE parameter assigns the certificate a name. The name can be from 1 to 40 alphanumeric characters. Each certificate in the database should be given a unique name.
PAGE 518
Chapter 35: Public Key Infrastructure (PKI) Certificate Commands CREATE PKI CERTIFICATE Syntax create pki certificate=name keypair=key-id serialnumber=value [format=der|pem] subject=”distinguished-name” Parameters certificate Specifies a name for the self-signed certificate. The name can be from one to eight alphanumeric characters. Spaces are allowed; if included, the name must be enclosed in double quotes. The management software automatically adds the “.cer” extension.
PAGE 519
AT-S62 Command Line User’s Guide Once you have created a new self-signed certificate, you need to load it into the certificate database. The switch cannot use the certificate for encrypted web browser management systems until it is loaded into the database. For instructions, refer to ADD PKI CERTIFICATE on page 516. Note For a review of the steps to configuring the web server for a selfsigned certificate, refer to SET HTTP SERVER on page 500.
PAGE 520
Chapter 35: Public Key Infrastructure (PKI) Certificate Commands Examples The following command creates a self-signed certificate. It assigns the certificate the filename “sw12.cer”. (The management software automatically adds the “.cer” extension.) The command uses the key pair with the ID 12 to create the certificate. The format is ASCII and the distinguished name is the IP address of a master switch: create pki certificate=sw12 keypair=12 serialnumber=0 format=pem subject=”cn=149.11.11.
PAGE 521
AT-S62 Command Line User’s Guide CREATE PKI ENROLLMENTREQUEST Syntax create pki enrollmentrequest=”name” keypair=keyid [format=der|pem] [type=pkcs10] Parameters enrollmentrequest Specifies a filename for the enrollment request. The filename can be from 1 to 8 alphanumeric characters. If the name contains spaces, it must be enclosed in double quotes. The management software automatically adds the “.csr” extension. keypair Specifies the key pair that you want to use to create the enrollment request.
PAGE 522
Chapter 35: Public Key Infrastructure (PKI) Certificate Commands Note For a review of all the steps to configuring the web server for a CA certificate, refer to SET HTTP SERVER on page 500. The ENROLLMENTREQUEST parameter specifies a filename for the request. The filename can contain from 1 to 8 alphanumeric characters. If spaces are used, the name must be enclosed in quotes. The management software automatically adds the “.csr” extension.
PAGE 523
AT-S62 Command Line User’s Guide DELETE PKI CERTIFICATE Syntax delete pki certificate=”name” Parameter certificate Specifies the name of the certificate you want to delete from the certificate database. The name is case sensitive. If the name contains spaces, it must be enclosed in double quotes. Wildcards are not allowed. Description This command deletes a certificate from the switch’s certificate database. To view the certificates in the database, refer to SHOW PKI CERTIFICATE on page 530.
PAGE 524
Chapter 35: Public Key Infrastructure (PKI) Certificate Commands PURGE PKI Syntax purge pki Parameters None. Description This command deletes all certificates from the certificate database and resets the certificate database storage limit to the default. This command does not delete the certificates from the file system. To delete files from the file system, refer to DELETE FILE on page 230.
PAGE 525
AT-S62 Command Line User’s Guide SET PKI CERTIFICATE Syntax set pki certificate=”name” [trusted=yes|no|on|off|true|false] [type=ca|ee|self] Parameters certificate Specifies the certificate name whose trust or type you want to change. The name is case sensitive. If the name contains spaces, it must be enclosed in quotes. trusted Specifies whether or not the certificate is from a trusted CA. Possible settings are: type yes, on, true Specifies that the certificate is from a trusted CA.
PAGE 526
Chapter 35: Public Key Infrastructure (PKI) Certificate Commands The TYPE parameter specifies the certificate type. If CA is specified, the switch tags this certificate as a CA certificate. If ENDENTITY or EE is specified, the switch tags the certificate to indicate that it belongs to an end entity. If SELF is specified, the switch tags the certificate as its own. The default is ENDENTITY. Note The TRUSTED and TYPE parameters have no affect on the operation of a certificate on the switch.
PAGE 527
AT-S62 Command Line User’s Guide SET PKI CERTSTORELIMIT Syntax set pki certstorelimit=value Parameter certstorelimit Specifies the maximum number of certificates that can be stored in the certificate database. The range is 12 and 256; the default is 256. Description This command sets the maximum number of certificates that can be stored in the switch’s certificate database.
PAGE 528
Chapter 35: Public Key Infrastructure (PKI) Certificate Commands SET SYSTEM DISTINGUISHEDNAME Syntax set system distinguishedname=”name” Parameter distinguishedname Specifies the distinguished name for the switch. The name must be enclosed in quotes. Description This command sets the distinguished name for the switch. The distinguished name is used to create a self signed certificate or enrollment request.
PAGE 529
AT-S62 Command Line User’s Guide SHOW PKI Syntax show pki Parameters None. Description This command displays the current setting for the maximum number of certificates the switch will allow you to store in the certificate database. To change this value, refer to SET PKI CERTSTORELIMIT on page 527.
PAGE 530
Chapter 35: Public Key Infrastructure (PKI) Certificate Commands SHOW PKI CERTIFICATE Syntax show pki certificate[=”name”] Parameter certificate Specifies the name of the certificate whose information you want to view. If the name contains spaces, it must be enclosed in double quotes. This parameter is case sensitive. Wildcards are not allowed. Description This command lists all of the certificates in the certificates database.
PAGE 531
Chapter 36 Secure Sockets Layer (SSL) Commands This chapter contains the following command: ❑ SET SSL on page 532 ❑ SHOW SSL on page 533 Note Remember to save your changes with the SAVE CONFIGURATION command. Note The feature is not available in all versions of the AT-S62 management software. Contact your Allied Telesyn sales representative to determine if this feature is available in your locale. Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on SSL.
PAGE 532
Chapter 36: Secure Sockets Layer (SSL) Commands SET SSL Syntax set ssl [cachetimeout=value] [maxsessions=value] Parameters cachetimeout Specifies the maximum time in seconds that a session will be retained in the cache The range is 1 to 600 seconds. The default is 300 second. maxsessions Specifies the maximum number of sessions that will be allowed in the session resumption cache. The range is 0 to 100 sessions. The default is 50 second. Description This command configures the SSL parameters.
PAGE 533
AT-S62 Command Line User’s Guide SHOW SSL Syntax show ssl Parameters None.
PAGE 534
Chapter 37 Secure Shell (SSH) Commands This chapter contains the following commands: ❑ DISABLE SSH SERVER on page 535 ❑ ENABLE SSH SERVER on page 536 ❑ SET SSH SERVER on page 539 ❑ SHOW SSH on page 541 Note Remember to save your changes with the SAVE CONFIGURATION command. Note The feature is not available in all versions of the AT-S62 management software. Contact your Allied Telesyn sales representative to determine if this feature is available in your locale.
PAGE 535
AT-S62 Command Line User’s Guide DISABLE SSH SERVER Syntax disable ssh server Parameters None. Description This command disables the Secure Shell server. When the Secure Shell server is disabled, connections from Secure Shell clients are not accepted. By default, the Secure Shell server is disabled.
PAGE 536
Chapter 37: Secure Shell (SSH) Commands ENABLE SSH SERVER Syntax enable ssh server hostkey=key-id serverkey=key-id [expirytime=hours] [logintimeout=seconds] Parameters hostkey Specifies the ID number of the encryption key pair to function as the host key. serverkey Specifies the ID number of the encryption key pair to function as the server key. expirytime Specifies the length of time, in hours, after which the server key pair is regenerated. The range is 0 to 5 hours.
PAGE 537
AT-S62 Command Line User’s Guide Note Before you enable SSH, disable the Telnet management session. Otherwise, the security provided by SSH is not active. See DISABLE TELNET on page 40. Example The following command activates the Secure Shell server and specifies encryption key pair 0 as the host key and key pair 1 as the server key: enable ssh server hostkey=0 serverkey=1 General Configuration Steps for SSH Operation Configuring the SSH server involves several commands.
PAGE 538
Chapter 37: Secure Shell (SSH) Commands Example The following is an example of the command sequence to configuring the SSH software on the server: 1. The first step is to create the two encryption key pairs. Each key must be created separately and the key lengths must be at least one increment (256 bits) apart.
PAGE 539
AT-S62 Command Line User’s Guide SET SSH SERVER Syntax set ssh server hostkey=key-id serverkey=key-id [expirytime=hours] [logintimeout=seconds] Parameters hostkey Specifies the ID number of the encryption key pair to function as the host key. serverkey Specifies the ID number of the encryption key pair to function as the server key. expirytime Specifies the length of time, in hours, after which the server key pair is regenerated. The range is 0 to 5 hours. Entering 0 never regenerates the key.
PAGE 540
Chapter 37: Secure Shell (SSH) Commands Example The following command sets the Secure Shell server key expiry time to 1 hour: set ssh server expirytime=1 540
PAGE 541
AT-S62 Command Line User’s Guide SHOW SSH Syntax show ssh Parameters None.
PAGE 542
Chapter 38 TACACS+ and RADIUS Commands This chapter contains the following commands: ❑ ADD RADIUSSERVER on page 543 ❑ ADD TACACSSERVER on page 545 ❑ DELETE RADIUSSERVER on page 546 ❑ DELETE TACACSSERVER on page 547 ❑ DISABLE AUTHENTICATION on page 548 ❑ ENABLE AUTHENTICATION on page 549 ❑ PURGE AUTHENTICATION on page 550 ❑ SET AUTHENTICATION on page 551 ❑ SHOW AUTHENTICATION on page 553 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 543
AT-S62 Command Line User’s Guide ADD RADIUSSERVER Syntax add radiusserver server|ipaddress=ipaddress order=value [secret=string] [port=value] [accport=value] Parameters server ipaddress Specifies an IP address of a RADIUS server. The parameters are equivalent. order Specifies the order that the RADIUS servers are queried by the switch. This value can be from 1 to 3. The servers are queried starting with 1. secret Specifies the encryption key used for this server.
PAGE 544
Chapter 38: TACACS+ and RADIUS Commands The following command adds the RADIUS server with the IP address 149.245.22.22. It specifies the order as 2 and the encryption key as tiger74. add radiusserver ipaddress=149.245.22.
PAGE 545
AT-S62 Command Line User’s Guide ADD TACACSSERVER Syntax add tacacsserver server|ipaddress=ipaddress order=value [secret=string] Parameters server ipaddress Specifies an IP address of a TACACS+ server. The parameters are equivalent. order Specifies the order that your TACACS+ servers are queried by the switch. You can assign order to up to 3 servers with 1 being the first server queried. secret Specifies the optional encryption key used on this server.
PAGE 546
Chapter 38: TACACS+ and RADIUS Commands DELETE RADIUSSERVER Syntax delete radiusserver server|ipaddress=ipaddress Parameter server ipaddress Specifies the IP address of a RADIUS server to be deleted from the management software. The parameters are equivalent. Description Use this command to delete the IP address of a RADIUS from your switch. Example The following command deletes the RADIUS server with the IP address 149.245.22.22: delete radiusserver ipaddress=149.245.22.
PAGE 547
AT-S62 Command Line User’s Guide DELETE TACACSSERVER Syntax delete tacacsserver server|ipaddress=ipaddress Parameter server ipaddress Specifies the IP address of a TACACS+ server to be deleted from the management software. The parameters are equivalent. Description Use this command to delete the IP address of a TACACS+ server from your switch. Example The following command deletes the TACACS+ server with the IP address 149.245.22.20: delete tacacsserver ipaddress=149.245.22.
PAGE 548
Chapter 38: TACACS+ and RADIUS Commands DISABLE AUTHENTICATION Syntax disable authentication Parameters None. Description Use this command to disable TACACS+ and RADIUS manager account authentication on your switch. When you disable authentication you retain your current authentication parameter settings. Note This command applies only to TACACS+ and RADIUS manager accounts. Once disabled, you must use the default manager accounts of “manager” and “operator” to manage the switch.
PAGE 549
AT-S62 Command Line User’s Guide ENABLE AUTHENTICATION Syntax enable authentication Parameters None. Description Use this command to activate TACACS+ or RADIUS manager account authentication on your switch. Once the feature is enabled, you can use the manager accounts you created on the authentication server to log on and manage the switch. Note This command does not affect 802.1x port-based access control.
PAGE 550
Chapter 38: TACACS+ and RADIUS Commands PURGE AUTHENTICATION Syntax purge authentication Parameters None. Description This command disables authentication, returns the authentication method to TACACS+, deletes any global secret, and returns the timeout value to its default setting of 10 seconds. This command does not delete the IP address or secret of any RADIUS or TACACS+ authentication servers you may have specified.
PAGE 551
AT-S62 Command Line User’s Guide SET AUTHENTICATION Syntax set authentication method=tacacs|radius [secret=string] [timeout=value] Parameters method Specifies which authenticator protocol, TACACS+ or RADIUS, is to be the active protocol on the switch. secret Specifies the global encryption key that is used by the TACACS+ or RADIUS servers.
PAGE 552
Chapter 38: TACACS+ and RADIUS Commands The following command selects RADIUS as the authentication protocol with a global encryption key of leopard09 and a timeout of 15 seconds: set authentication method=radius secret=leopard09 timeout=15 552
PAGE 553
AT-S62 Command Line User’s Guide SHOW AUTHENTICATION Syntax show authentication[=tacacs|radius] Parameters None. Description This command displays the following information about the authenticated protocols on the switch: ❑ Status - The status of the authenticated protocol: enabled or disabled. The default is disabled. ❑ Authentication Method - The authentication protocol activated on the switch: TACACS+ or RADIUS. The default is the TACACS+ protocol.
PAGE 554
Chapter 39 Management ACL Commands This chapter contains the following commands: ❑ ADD MGMTACL on page 555 ❑ DELETE MGMTACL on page 557 ❑ DISABLE MGMTACL on page 558 ❑ ENABLE MGMTACL on page 559 ❑ SET MGMTACL on page 560 ❑ SET MGMTACL STATE on page 562 ❑ SHOW MGMTACL on page 563 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software Menus Interface User’s Guide for background information on the Management ACL.
PAGE 555
AT-S62 Command Line User’s Guide ADD MGMTACL Syntax add mgmtacl ipddress=ipaddress mask=string protocol=tcp interface=telnet|web|all Parameters ipaddress Specifies the IP address of a specific management workstation or a subnet. mask Specifies the mask used by the switch to filter the IP address. A binary “1” indicates the switch should filter on the corresponding bit of the address, while a “0” indicates that it should not.
PAGE 556
Chapter 39: Management ACL Commands If you are filtering on a specific IP address, use the mask 255.255.255.255. For a subnet, the mask will depend on the subnet. For example, to allow all management workstations in the subnet 149.11.11.0 to manage the switch, you would enter the mask 255.255.255.0. The PROTOCOL parameter has only the one setting TCP. This is because Telnet and web browser management packets for an AT-8500 Series switch are exclusively TCP.
PAGE 557
AT-S62 Command Line User’s Guide DELETE MGMTACL Syntax delete mgmtacl ipaddress=ipaddress mask=string protocol=tcp interface=telnet|web|all Parameters ipaddress Specifies the IP address of the ACE to be deleted. mask Specifies the ACE’s mask. protocol Specifies the ACE’s protocol. There is only one option: tcp interface Transmission control protocol. Specifies the ACE’s management method. The options are: telnet Telnet management web Web management. all Both Telnet and web management.
PAGE 558
Chapter 39: Management ACL Commands DISABLE MGMTACL Syntax disable mgmtacl Parameters None Description This command disables the Management ACL. This command is equivalent to the SET MGMTACL STATE=DISABLE command. Example The following command disables the Management ACL.
PAGE 559
AT-S62 Command Line User’s Guide ENABLE MGMTACL Syntax enable mgmtacl Parameters None Description This command enables the Management ACL. This command is equivalent to the SET MGMTACL STATE=ENABLE command. Note Activating the Management ACL without entering any access control entries (ACEs) prohibits you from remotely managing the switch from a Telnet or web browser management session. Example The following command enables the Management ACL.
PAGE 560
Chapter 39: Management ACL Commands SET MGMTACL Syntax set mgmtacl ipaddress=ipaddress mask=string protocol=tcp interface=telnet|web|all Parameters ipaddress Specifies the IP address of the ACE to be modified. mask Specifies the ACE’s mask. protocol Specifies the ACE’s management protocol. This parameter supports only one option: tcp interface Transmission control protocol. Specifies the new management method for the ACE. The options are: telnet Telnet management web Web management.
PAGE 561
AT-S62 Command Line User’s Guide Example The following command changes an existing access control entry with an IP address of 169.254.134.247 and a subnet mask of 255.255.255.255 to permit web browser management only: set mgmtacl ipaddress=169.254.134.247 mask=255.255.255.
PAGE 562
Chapter 39: Management ACL Commands SET MGMTACL STATE Syntax set mgmtacl state=disable|enable Parameters state Sets the state of the Management ACL. The options are: enable Enables the Management ACL. disable Disables the Management ACL. This is the default setting. Description This command enables or disables the Management ACL. This command is equivalent to the ENABLE MGMTACL and DISABLE MGMTACL commands.
PAGE 563
AT-S62 Command Line User’s Guide SHOW MGMTACL Syntax show mgmtacl state|entries Parameters state Displays the status of the Management ACL as either enabled or disabled. entries Lists the entries in the Management ACL. Description This command shows the state of and entries in the Management ACL. You can specify only one parameter at a time. Examples The following command displays whether the Management ACL is enabled or disabled.
PAGE 564
Index Numerics 802.1Q multiple VLAN mode 445 802.
PAGE 565
AT-S62 Command Line User’s Guide AT-S62 software image downloading 236, 238, 242 uploading 246, 248, 253, 256 AT-S62 software updates downloading 15 obtaining 15 AT-S62 software, resetting to factory defaults 51 authentication disabling 548, 550 displaying 553 enabling 549 protocol, selecting 551 resetting 550 authentication failure traps disabling 90 enabling 93 authenticator port configuring 484 displaying 493, 494, 495 B back pressure 166 BOOTP disabling 38, 39 enabling 41, 43 status, displaying 65 BPDU
PAGE 566
Index DELETE IP ARP command 195 DELETE LACP PORT command 209 DELETE MGMTACL command 557 DELETE MSTP command 411 DELETE PKI CERTIFICATE command 523 DELETE QOS FLOWGROUP command 324 DELETE QOS POLICY command 325 DELETE QOS TRAFFICCLAS command 326 DELETE RADIUSSERVER command 546 DELETE SNMP COMMUNITY command 86 DELETE SNMPV3 USER command 124 DELETE SNTPSERVER PEER|IPADDRESS command 72 DELETE SWITCH FDB command 180 DELETE SWITCH TRUNK command 190 DELETE TACACSSERVER command 547 DELETE TCP command 196 DELETE VL
PAGE 567
AT-S62 Command Line User’s Guide ENABLE PORTACCESS|PORTAUTH command 482 ENABLE RADIUSACCOUNTING command 483 ENABLE RSTP command 395 ENABLE SNMP AUTHENTICATETRAP command 93 ENABLE SNMP command 92 ENABLE SNMP COMMUNITY command 94 ENABLE SNTP command 74 ENABLE SSH SERVER command 536 ENABLE STP command 382 ENABLE SWITCH PORT command 163 ENABLE SWITCH PORT FLOW command 164 ENABLE TELNET command 44 ENCO module, displaying 514 encryption key configuring 513 creating 508 destroying 512 enhanced stacking management
PAGE 568
Index ingress filtering 443 internal port cost 424 intrusion action 171, 474 IP address displaying 66 resetting to default 48 setting 55 IPOPTION denial of service prevention 369 K keyword abbreviations 18 L LACP disabling 211, 217 displaying status 218 enabling 212, 217 LACP aggregator adding ports 205 changing adminkey 213 changing load distribution method 213 creating 207 deleting ports 209 destroying 210 displaying status 218 setting ports 214 setting system priority 216 LAND denial of service preventi
PAGE 569
AT-S62 Command Line User’s Guide creating 518 deleting 523 displaying 530 downloading 238, 242 number of certificates 529 uploading 253, 256 PKI module information 529 point-to-point port 401, 424 policy creating 314 deleting 328 displaying 342 modifying 309, 325, 333, 336 port configuring 166 cost 387 disabling 160 displaying parameters 176 enabling 163 GVRP status, setting 453 negotiation 166 priority 166, 387 resetting 165 security 171, 473, 474, 477, 478 speed, setting 166 statistics counter displaying
PAGE 570
Index RESTART REBOOT command 51 RESTART SWITCH command 52 round robin QoS scheduling 348 RSTP activating 393 disabling 394 displaying 404 enabling 395 port, setting 401 resetting 396 setting 397 S SAVE CONFIGURATION command 26 SAVE LOG command 272 Secure Shell (SSH) configuration overview 537 serial port, speed displaying 63 setting 54 SET ACL command 303 SET ASYN command 54 SET AUTHENTICATION command 551 SET CLASSIFIER command 293 SET CONFIG command 232 SET DATE TIME command 76 SET DOS command 368 SET DOS
PAGE 571
AT-S62 Command Line User’s Guide SET SWITCH PORT command 166 SET SWITCH PORT INTRUSION command 473 SET SWITCH PORT MIRROR command 221 SET SWITCH PORT RATELIMIT command 171 SET SWITCH PORT SECURITYMODE command 474 SET SWITCH STACKMODE command 33 SET SWITCH TRUNK command 192 SET SWITCH VLANMODE command 445 SET SYSTEM command 61 SET SYSTEM DISTINGUISHEDNAME command 528 SET VLAN command 447, 470 SHOW ACL command 305 SHOW ASYN command 63 SHOW AUTHENTICATION command 553 SHOW CLASSIFIER command 297 SHOW CONFIG co
PAGE 572
Index destroying 88 disabling 91 enabling 92, 94 modifying 95 SNMPv3 Access Table entry clearing 103 creating 109 deleting 125 modifying 133 SNMPv3 Community Table entry clearing 105 creating 112 deleting 127 modifying 135 SNMPv3 Notify Table entry clearing 106 creating 116 deleting 129 modifying 139 SNMPv3 SecurityToGroup Table entry creating 114 deleting 128 modifying 137 SNMPv3 Target Address Table entry clearing 107 creating 118 deleting 130 modifying 141 SNMPv3 Target Parameters Table entry creating 1
PAGE 573
AT-S62 Command Line User’s Guide system files downloading 238, 242 uploading 248, 253, 256 system name, configuring 50, 61 system time displaying 79 deleting 439 destroying 442 displaying 448 multiple 445 VLAN ID 435 T TACACS+ server adding 545 deleting 547 tagged port adding 463 adding to VLAN 433 deleting 439, 467 specifying 435 TEARDROP denial of service prevention 375 Telnet server disabling 40 enabling 44 temperature, switch displaying 69 traffic class creating 320 deleting 329 displaying 343 modify