Owner manual

ManualsBrandsAllied Telesis ManualsComputer HardwareAT-S62

Management

Software

AT-S62

◆

Command Line

User’s Guide

AT-8524M LAYER 2+

FAST ETHERNET SWITCH

VERSION 1.1.1

PN 613-50486-00 Rev C

Summary of content (420 pages)

PAGE 1
Management Software ® AT-S62 ◆ Command Line User’s Guide AT-8524M LAYER 2+ FAST ETHERNET SWITCH VERSION 1.1.
PAGE 2
Copyright © 2004 Allied Telesyn, Inc. 960 Stewart Drive Suite B, Sunnyvale, CA 94085 USA All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn, Inc. Microsoft is a registered trademark of Microsoft Corporation, Netscape Navigator is a registered trademark of Netscape Communications Corporation.
PAGE 3
Table of Contents Preface ....................................................................................................................................................................................................................10 Document Conventions ....................................................................................................................................................................................12 Contacting Allied Telesyn ........................................
PAGE 4
Table of Contents ENABLE TELNET .................................................................................................................................................................................................... 42 PING .......................................................................................................................................................................................................................... 43 PURGE IP ...........................................
PAGE 5
AT-S62 Command Line User’s Guide CREATE SNMPV3 ACCESS ............................................................................................................................................................................... 102 CREATE SNMPV3 COMMUNITY .................................................................................................................................................................... 105 CREATE SNMPV3 GROUP ................................................................
PAGE 6
Table of Contents Chapter 10 Port Trunking Commands ...........................................................................................................................................................................178 ADD SWITCH TRUNK ........................................................................................................................................................................................179 CREATE SWITCH TRUNK ...........................................................
PAGE 7
AT-S62 Command Line User’s Guide SHOW IGMPSNOOPING .................................................................................................................................................................................. 234 SHOW IP IGMP .................................................................................................................................................................................................... 235 Chapter 18 Denial of Service (DoS) Defense Commands ...........
PAGE 8
Table of Contents Chapter 22 VLANs and Multiple VLAN Mode Commands ....................................................................................................................................295 ADD VLAN ............................................................................................................................................................................................................296 CREATE VLAN ...............................................................................
PAGE 9
AT-S62 Command Line User’s Guide Chapter 27 Encryption Key Commands ........................................................................................................................................................................ 358 CREATE ENCO KEY ............................................................................................................................................................................................. 359 DESTROY ENCO KEY ...........................................
PAGE 10
Preface This guide describes how to configure an AT-8524M switch using the AT-S62 command line interface.
PAGE 11
AT-S62 Command Line User’s Guide ❑ Chapter 16: Quality of Service (QoS) Commands on page 225 ❑ Chapter 17: IGMP Snooping Commands on page 229 ❑ Chapter 18: Denial of Service (DoS) Defense Commands on page 237 ❑ Chapter 19: STP Commands on page 249 ❑ Chapter 20: RSTP Commands on page 260 ❑ Chapter 21: MSTP Commands on page 274 ❑ Chapter 22: VLANs and Multiple VLAN Mode Commands on page 295 ❑ Chapter 23: GARP VLAN Registration Protocol Commands on page 312 ❑ Chapter 24: MAC Address Security Commands on page
PAGE 12
Preface transfer this software outside the United States or Canada, please contact your local Allied Telesyn sales representative for current information on this product’s export status. Document Conventions This document uses the following conventions: Note Notes provide additional information. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
PAGE 13
AT-S62 Command Line User’s Guide Contacting Allied Telesyn This section provides Allied Telesyn contact information for technical support as well as sales or corporate information. Online Support Email and Telephone Support For Sales or Corporate Information You can request technical support online by accessing the Allied Telesyn Knowledge Base from the following web site: http://kb.alliedtelesyn.com.
PAGE 14
Preface Obtaining Management Software Updates New releases of management software for our managed products can be downloaded from either of the following Internet sites: ❑ Allied Telesyn web site: http://www.alliedtelesyn.com ❑ Allied Telesyn FTP server: ftp://ftp.alliedtelesyn.com To download new software from your workstation’s command prompt, you will need FTP client software and you will be asked to log in to the server. Enter ‘anonymous’ as the user name and your email address for the password.
PAGE 15
Chapter 1 Starting a Command Line Management Session This chapter contains the following topics: ❑ Starting a Management Session on page 16 ❑ Command Line Interface Features on page 17 ❑ Command Formatting on page 18 15
PAGE 16
Chapter 1: Starting a Command Line Management Session Starting a Management Session In order to manage an AT-8524M switch using command line commands, you must first start a local or Telnet management session. For instructions, refer to the AT-S62 Software Management User’s Guide. Once you have started the management session, you will see the AT-S62 Main Menu, which contains the following option: C - Command Line Interface Type C to display the command line prompt.
PAGE 17
AT-S62 Command Line User’s Guide Command Line Interface Features The following features are supported in the command line interface: ❑ Command history - Use the up and down arrow keys. ❑ Context-specific help - Press the question mark key at any time to see a list of legal next parameters. ❑ Keyword abbreviations - Any keyword can be recognized by typing an unambiguous prefix (for example., “sh” for “show”). ❑ Tab key - Pressing the tab key fills in the rest of a keyword.
PAGE 18
Chapter 1: Starting a Command Line Management Session Command Formatting The following formatting conventions are used in this manual: ❑ screen text font - This font illustrates the format of a command and command examples. ❑ screen text font - Italicized screen text indicates a variable for you to enter. ❑ [ ] - Brackets indicate optional parameters. ❑ | - Bar symbol separates parameter options for you to choose from.
PAGE 19
Chapter 2 Basic Command Line Commands This chapter contains the following commands: ❑ CLEAR SCREEN on page 20 ❑ EXIT on page 21 ❑ HELP on page 22 ❑ LOGOFF, LOGOUT and QUIT on page 23 ❑ MENU on page 24 ❑ SAVE CONFIGURATION on page 25 ❑ SET PROMPT on page 26 ❑ SET SWITCH CONSOLEMODE on page 27 ❑ SHOW USER on page 28 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 20
Chapter 2: Basic Command Line Commands CLEAR SCREEN Syntax clear screen Parameters None. Description This command clears the screen.
PAGE 21
AT-S62 Command Line User’s Guide EXIT Syntax exit Parameters None. Description This command displays the AT-S62 Main Menu. It performs the same command as the MENU command. For instructions on how to use the management menus, refer to the AT-S62 Management Software User’s Guide.
PAGE 22
Chapter 2: Basic Command Line Commands HELP Syntax help Parameters None. Description This command displays a list of the CLI keywords with a brief description for each keyword.
PAGE 23
AT-S62 Command Line User’s Guide LOGOFF, LOGOUT and QUIT Syntax logoff logout quit Parameters None. Description These three commands perform the same function: they end a management session. If you are managing a slave switch, the commands return you to the master switch from which you started the management session.
PAGE 24
Chapter 2: Basic Command Line Commands MENU Syntax menu Parameters None. Description This command displays the AT-S62 Main Menu. This command performs the same function as the EXIT command. For instructions on how to use the management menus, refer to the AT-S62 Management Software User’s Guide.
PAGE 25
AT-S62 Command Line User’s Guide SAVE CONFIGURATION Syntax save configuration Parameters None. Description This command saves your changes to the switch’s active boot configuration file for permanent storage. Whenever you make a change to an operating parameter of the switch, such as enter a new IP address or create a new VLAN, the change is stored in temporary memory. It will be lost the next time you reset the switch or power cycle the unit. To permanently save your changes, you must use this command.
PAGE 26
Chapter 2: Basic Command Line Commands SET PROMPT Syntax set prompt=”prompt” Parameter prompt Specifies the command line prompt. The prompt can be from one to 12 alphanumeric characters. Spaces and special characters are allowed. The prompt must be enclosed in double quotes. Description This command changes the command prompt. Assigning each switch a different command prompt can make it easier for you to identify the different switches in your network when you manage them.
PAGE 27
AT-S62 Command Line User’s Guide SET SWITCH CONSOLEMODE Syntax set switch consolemode=menu|cli Parameter consolemode Specifies the mode you want management sessions to start in. Options are: menu Specifies the AT-S62 Main Menu. cli Specifies the command line prompt. This is the default. Description You use this command to specify whether you want your management sessions to start by displaying the command line interface or the AT-S62 Main Menu. The default is the command line interface.
PAGE 28
Chapter 2: Basic Command Line Commands SHOW USER Syntax show user Parameter None. Description Displays the user account you used to log on to manage the switch.
PAGE 29
Chapter 3 Enhanced Stacking Commands This chapter contains the following commands: ❑ ACCESS SWITCH on page 30 ❑ SET SWITCH STACKMODE on page 32 ❑ SHOW REMOTELIST on page 34 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software User’s Guide for background information on enhanced stacking.
PAGE 30
Chapter 3: Enhanced Stacking Commands ACCESS SWITCH Syntax access switch number=number|macaddress=macaddress Parameters number Specifies the number of the switch in an enhanced stack that you want to manage. You view this number using the SHOW REMOTELIST command. macaddress Specifies the MAC address of the switch you want to manage. This can also be displayed using the SHOW REMOTELIST command.
PAGE 31
AT-S62 Command Line User’s Guide Examples The following command starts a management session on switch number 12: access switch number=12 The following command starts a management session on a switch with the MAC address 00:30:84:52:02:11 access switch macaddress=003084520211 31
PAGE 32
Chapter 3: Enhanced Stacking Commands SET SWITCH STACKMODE Syntax set switch stackmode=master|slave|unavailable Parameter stackmode Specifies the enhanced stacking mode of the switch. Possible settings are: master Specifies the switch’s stacking mode as master. A master switch must be assigned an IP address and subnet mask. slave Specifies the switch’s stacking mode as slave. A slave does not need an IP address. This is the default setting for a switch.
PAGE 33
AT-S62 Command Line User’s Guide Example The following command sets the switch’s stacking status to master: set switch stackmode=master 33
PAGE 34
Chapter 3: Enhanced Stacking Commands SHOW REMOTELIST Syntax show remotelist [sorted by=macaddress|name] Parameter sorted Sorts the list either by MAC address or by name. The default is by MAC address. Description This command displays a list of the switches in an enhanced stack. This command can only be performed from a management session on a master switch. The list does not include the master switch on which you started the management session.
PAGE 35
Chapter 4 Basic Switch Commands This chapter contains the following commands: ❑ DISABLE DHCPBOOTP on page 37 ❑ DISABLE IP REMOTEASSIGN on page 38 ❑ DISABLE TELNET on page 39 ❑ ENABLE DHCPBOOTP on page 40 ❑ ENABLE IP REMOTEASSIGN on page 41 ❑ ENABLE TELNET on page 42 ❑ PING on page 43 ❑ PURGE IP on page 44 ❑ RESET SWITCH on page 45 ❑ RESET SYSTEM on page 46 ❑ RESTART REBOOT on page 47 ❑ RESTART SWITCH on page 48 ❑ SET ASYN on page 50 ❑ SET IP INTERFACE on page 51 ❑ SET IP ROUTE on page 53 ❑ SET PASSWORD MA
PAGE 36
Chapter 4: Basic Switch Commands ❑ SET SYSTEM on page 57 ❑ SHOW CONFIG on page 58 ❑ SHOW DHCPBOOTP on page 59 ❑ SHOW IP INTERFACE on page 60 ❑ SHOW IP ROUTE on page 61 ❑ SHOW SWITCH on page 62 ❑ SHOW SYSTEM on page 63 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 37
AT-S62 Command Line User’s Guide DISABLE DHCPBOOTP Syntax disable dhcpbootp Parameters None. Description This command deactivates the DHCP and BOOTP client software on the switch. This command is equivalent to DISABLE IP REMOTEASSIGN on page 38. The default setting for the client software is disabled. To activate the DHCP and BOOTP client software, refer to ENABLE DHCPBOOTP on page 40 or ENABLE IP REMOTEASSIGN on page 41.
PAGE 38
Chapter 4: Basic Switch Commands DISABLE IP REMOTEASSIGN Syntax disable ip remoteassign Parameters None. Description This command deactivates the DHCP and BOOTP client software on the switch. This command is equivalent to DISABLE DHCPBOOTP on page 37. The default setting for the client software is disabled. To activate the DHCP and BOOTP client software, refer to ENABLE DHCPBOOTP on page 40 or ENABLE IP REMOTEASSIGN on page 41.
PAGE 39
AT-S62 Command Line User’s Guide DISABLE TELNET Syntax disable telnet Parameters None. Description This command disables the Telnet server software on the switch. You might disable the server software if you do not want anyone to manage the switch using the Telnet application protocol or if you plan to use the Secure Shell protocol. The default setting for the Telnet server is enabled.
PAGE 40
Chapter 4: Basic Switch Commands ENABLE DHCPBOOTP Syntax enable dhcpbootp Parameters None. Description This command activates the DHCP and BOOTP client software on the switch. This command is equivalent to ENABLE IP REMOTEASSIGN on page 41. The default setting for the DHCP and BOOTP client software is disabled. Note When you activate BOOTP/DHCP, the switch immediately begins to query the network for a BOOTP or DHCP server.
PAGE 41
AT-S62 Command Line User’s Guide ENABLE IP REMOTEASSIGN Syntax enable ip remoteassign Parameters None. Description This command activates the DHCP and BOOTP client software on the switch. This command is equivalent to ENABLE DHCPBOOTP on page 40. The default setting for the DHCP and BOOTP client software is disabled. Note When you activate BOOTP/DHCP, the switch immediately begins to query the network for a BOOTP or DHCP server.
PAGE 42
Chapter 4: Basic Switch Commands ENABLE TELNET Syntax enable telnet Parameters None. Description This command activates the Telnet server on the switch. With the server activated, you can manage the switch using the Telnet application protocol from any management workstation on your network. To disable the server, refer to DISABLE TELNET on page 39. The default setting for the Telnet server is enabled.
PAGE 43
AT-S62 Command Line User’s Guide PING Syntax ping ipaddress Parameter ipaddress Specifies the IP address of an end node you want the switch to ping. Description This command instructs the switch to ping an end node. You can use this command to determine whether a valid link exists between the switch and another device. Note The switch must have an IP address and subnet mask in order for you to use this command. Example The following command pings an end node with the IP address of 149.245.22.22 ping 149.
PAGE 44
Chapter 4: Basic Switch Commands PURGE IP Syntax purge ip [ipaddress] [netmask] [route] Parameters ipaddress Returns the switch’s IP address to the default setting 0.0.0.0. netmask Returns the subnet mask to the default setting 0.0.0.0. route Returns the gateway address to the default setting 0.0.0.0. Description This command returns the switch’s IP address, subnet mask, and default gateway address to the default settings. This command is similar in function to the RESET IP command.
PAGE 45
AT-S62 Command Line User’s Guide RESET SWITCH Syntax reset switch Parameters None. Description This command does all of the following: ❑ Performs a soft reset on all ports. The reset takes less than a second to complete. The ports retain their current operating parameter settings. To perform this function on individual ports, refer to RESET SWITCH PORT on page 158. ❑ Resets the statistics counters on all ports to zero.
PAGE 46
Chapter 4: Basic Switch Commands RESET SYSTEM Syntax reset system [name] [contact] [location] Parameters name Deletes the switch’s name. contact Deletes the switch’s contact. location Deletes the switch’s location. Description This command delete’s the switch’s name, the name of the network administrator responsible for managing the unit, and the location of the unit. To set these parameters, refer to SET SYSTEM on page 57. To view the current settings, refer to SHOW SYSTEM on page 63.
PAGE 47
AT-S62 Command Line User’s Guide RESTART REBOOT Syntax restart reboot Parameters None. Description This command resets the switch. The switch runs its internal diagnostics, loads the AT-S62 management software, and configures its parameter settings using the current boot configuration file. The reset will takes approximately 20 to 30 seconds to complete. The unit does not forward traffic during the time required to run its internal diagnostics and initialize its operating software.
PAGE 48
Chapter 4: Basic Switch Commands RESTART SWITCH Syntax restart switch config=none|filename.cfg Parameters config Specifies a configuration file. The file must already exist on the switch. The value NONE returns the switch to its default values. Description This command loads a different configuration file on the switch or returns the switch’s parameter settings to their default values.
PAGE 49
AT-S62 Command Line User’s Guide Note For a list of the default values, refer to Appendix A in the AT-S62 Management Software User’s Guide. Note The switch will not forward traffic during the reset process, which takes 20 to 30 seconds. Some network traffic may be lost. Your local or remote management session with the switch ends when the unit is reset. You must reestablish the session to continue managing the unit. Example The following command configures the switch using the configuration file SWITCH12.
PAGE 50
Chapter 4: Basic Switch Commands SET ASYN Syntax set asyn speed=1200|2400|4800|9600|19200|38400| 57600|115200 [prompt=”prompt”] Parameter speed Sets the speed of the RS-232 terminal port on the switch. The default is 9600 bps. prompt Specifies the command line prompt. The prompt can be from one to 12 alphanumeric characters. Spaces and special characters are allowed. The prompt must be enclosed in double quotes. This parameter performs the same function as the command SET PROMPT on page 26.
PAGE 51
AT-S62 Command Line User’s Guide SET IP INTERFACE Syntax set ip interface=1 ipaddress=ipaddress|DHCP mask|netmask=subnetmask Parameters interface Specifies the interface number. This value is always 1. ipaddress Specifies an IP address for the switch or activates the DHCP and BOOTP client software. mask netmask Specifies the subnet mask for the switch. You must specify a subnet mask if you manually assigned the switch an IP address. These parameters are equivalent.
PAGE 52
Chapter 4: Basic Switch Commands Examples The following command sets the switch’s IP address to 140.35.22.22 and the subnet mask to 255.255.255.0: set ip interface=1 ipaddress=140.35.22.22 netmask=255.255.255.0 The following command sets just the subnet mask: set ip interface=1 netmask=255.255.255.
PAGE 53
AT-S62 Command Line User’s Guide SET IP ROUTE Syntax set ip route ipaddress=ipaddress Parameter ipaddress Specifies the IP address of the default gateway for the switch. Description This command specifies the IP address of the default gateway for the switch. This IP address is required if you intend to remotely manage the device from a remote management station that is separated from the unit by a router. Example The following command sets the default gateway to 140.35.22.12: set ip route ipaddress=140.
PAGE 54
Chapter 4: Basic Switch Commands SET PASSWORD MANAGER Syntax set password manager Parameters None. Description This command sets the manager’s password. Logging in as manager allows you to view and change all switch parameters. The default password is “friend”. The password can be from 1 to 16 alphanumeric characters. Allied Telesyn recommends avoiding special characters, such as spaces, asterisks or exclamation points, since some web browsers do not accept them in passwords.
PAGE 55
AT-S62 Command Line User’s Guide SET PASSWORD OPERATOR Syntax set password operator Parameters None. Description This command sets the operator’s password. Logging in as operator allows you to only view the switch parameters. The default password is “operator”. The password can be from 1 to 16 alphanumeric characters. Allied Telesyn recommends avoiding special characters, such as spaces, asterisks or exclamation points, since some web browsers do not accept them in passwords.
PAGE 56
Chapter 4: Basic Switch Commands SET SWITCH CONSOLETIMER Syntax set switch consoletimer=value Parameter consoletimer Specifies the console timer in minutes. The range is 1 to 60 minutes. The default is 10 minutes. Description This command sets the console timer, which is used by the management software to end inactive management sessions.
PAGE 57
AT-S62 Command Line User’s Guide SET SYSTEM Syntax set system [name=”name”] [contact=”contact”] [location=”location”] Parameters The parameters are defined below: name Specifies the name of the switch. The name can be from 1 to 15 alphanumeric characters in length and must be enclosed in double quotes (“ “). Spaces are allowed. contact Specifies the name of the network administrator responsible for managing the switch.
PAGE 58
Chapter 4: Basic Switch Commands SHOW CONFIG Syntax show config [dynamic] [info] Parameters dynamic Displays the settings for all the switch and port parameters in their equivalent command line commands. info Displays all switch settings. Description This command, when used without any parameter, displays two pieces of information. The first is the “Boot configuration file.” This is the configuration file the switch uses the next time it is reset or power cycled.
PAGE 59
AT-S62 Command Line User’s Guide SHOW DHCPBOOTP Syntax show dhcpbootp Parameters None. Description This command displays the status of the DHCP and BOOTP client software on the switch. The status will be either “enabled” or “disabled.” The default setting is disabled. To enable the DHCP and BOOTP client software, refer to ENABLE DHCPBOOTP on page 40 or ENABLE IP REMOTEASSIGN on page 41. To disable the client software, refer to DISABLE DHCPBOOTP on page 37 or DISABLE IP REMOTEASSIGN on page 38.
PAGE 60
Chapter 4: Basic Switch Commands SHOW IP INTERFACE Syntax show ip interface=1 Parameters interface Specifies the switch’s interface number. This value is always 1. Description This command displays the current values for the following switch parameters: ❑ IP address ❑ Subnet mask ❑ Default gateway To manually set the IP address and subnet mask, refer to SET IP INTERFACE on page 51. To manually set the default gateway address, refer to SET IP ROUTE on page 53.
PAGE 61
AT-S62 Command Line User’s Guide SHOW IP ROUTE Syntax show ip route Parameters None. Description This command displays the switch’s default gateway address. You can also display the gateway address using SHOW IP INTERFACE on page 60. To manually set the default gateway address, refer to SET IP ROUTE on page 53.
PAGE 62
Chapter 4: Basic Switch Commands SHOW SWITCH Syntax show switch Parameters None.
PAGE 63
AT-S62 Command Line User’s Guide SHOW SYSTEM Syntax show system Parameters None.
PAGE 64
Chapter 5 Simple Network Time Protocol (SNTP) Commands This chapter contains the following commands: ❑ ADD SNTPSERVER PEER|IPADDRESS on page 65 ❑ DELETE SNTPSERVER PEER|IPADDRESS on page 66 ❑ DISABLE SNTP on page 67 ❑ ENABLE SNTP on page 68 ❑ PURGE SNTP on page 69 ❑ SET DATE TIME on page 70 ❑ SET SNTP on page 71 ❑ SHOW SNTP on page 72 ❑ SHOW TIME on page 73 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 65
AT-S62 Command Line User’s Guide ADD SNTPSERVER PEER|IPADDRESS Syntax add sntpserver peer|ipaddress=ipaddress Parameter peer ipaddress Specifies the IP address of an SNTP server. These parameters are equivalent. Description This command adds the IP address of an SNTP server to the SNTP client software on the switch. The switch uses the SNTP server to set its date and time. If an IP address has already been assigned, the new address overwrites the old address.
PAGE 66
Chapter 5: Simple Network Time Protocol (SNTP) Commands DELETE SNTPSERVER PEER|IPADDRESS Syntax delete sntpserver peer|ipaddress=ipaddress Parameter peer ipaddress Specifies the IP address of an SNTP server. The parameters are equivalent. Description This command deletes the IP address of the SNTP server from the SNTP client software on the switch and returns the parameter to the default value of 0.0.0.0. To view the IP address, refer to SHOW SNTP on page 72.
PAGE 67
AT-S62 Command Line User’s Guide DISABLE SNTP Syntax disable sntp Parameters None. Description This command disables the SNTP client software on the switch. The default setting for SNTP is disabled.
PAGE 68
Chapter 5: Simple Network Time Protocol (SNTP) Commands ENABLE SNTP Syntax enable sntp Parameters None. Description This command enables the SNTP client software on the switch. The default setting for SNTP is disabled. Once enabled, the switch will obtain its date and time from an SNTP server, assuming that you have specified a server IP address with ADD SNTPSERVER PEER|IPADDRESS on page 65.
PAGE 69
AT-S62 Command Line User’s Guide PURGE SNTP Syntax purge sntp Parameters None. Description This command disables the SNTP client software and returns its parameters to the default values.
PAGE 70
Chapter 5: Simple Network Time Protocol (SNTP) Commands SET DATE TIME Syntax set date=dd-mm-yyyy time=hh:mm:ss Parameter date Specifies the date for the switch in day-month-year format. time Specifies the hour, minute, and second for the switch’s time in 24-hour format. Description This command sets the date and time on the switch. You can use this command to set the switch’s date and time if you are not using an SNTP server. To view the current time, refer to SHOW TIME on page 73.
PAGE 71
AT-S62 Command Line User’s Guide SET SNTP Syntax set sntp [dst=enabled|disabled] [pollinterval=value] [utcoffset=value] Parameters dst Enables or disables daylight savings time. pollinterval Specifies the time interval between two successive queries to the SNTP server. The range is 60 to 1200 seconds. The default is 600 seconds. utcoffset Specifies the time difference in hours between UTC and local time. The range is -12 to +12 hours. The default is 0 hours.
PAGE 72
Chapter 5: Simple Network Time Protocol (SNTP) Commands SHOW SNTP Syntax show sntp Parameters None. Description This command displays the following information: ❑ Status of the SNTP client software ❑ SNTP server IP address ❑ UTC Offset ❑ Daylight Savings Time (DST) - enabled or disabled ❑ Poll interval ❑ Last Delta - The last adjustment that had to be applied to the system time. It is the drift in the system clock between two successive queries to the SNTP server.
PAGE 73
AT-S62 Command Line User’s Guide SHOW TIME Syntax show time Parameters None. Description This command shows the switch’s current date and time. Example The following command shows the system’s date and time.
PAGE 74
Chapter 6 SNMPv1 and SNMPv2 Community Strings and Trap Commands This chapter contains the following commands: ❑ ADD SNMP COMMUNITY on page 75 ❑ CREATE SNMP COMMUNITY on page 77 ❑ DELETE SNMP COMMUNITY on page 80 ❑ DESTROY SNMP COMMUNITY on page 81 ❑ DISABLE SNMP on page 82 ❑ DISABLE SNMP AUTHENTICATETRAP on page 83 ❑ DISABLE SNMP COMMUNITY on page 84 ❑ ENABLE SNMP on page 85 ❑ ENABLE SNMP AUTHENTICATETRAP on page 86 ❑ ENABLE SNMP COMMUNITY on page 87 ❑ SET SNMP COMMUNITY on page 88 ❑ SHOW SNMP on page 90
PAGE 75
AT-S62 Command Line User’s Guide ADD SNMP COMMUNITY Syntax add snmp community=”community” [traphost=ipaddress] [manager=ipaddress] Parameters community Specifies an existing SNMP community string on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space. Otherwise, the quotes are optional. traphost Specifies the IP address of a trap receiver.
PAGE 76
Chapter 6: SNMPv1 and SNMPv2 Community Strings and Trap Commands The following command adds the IP address 149.212.10.11 as a trap receiver to the “public” community string: add snmp community=public traphost=149.212.10.
PAGE 77
AT-S62 Command Line User’s Guide CREATE SNMP COMMUNITY Syntax create snmp community=”community” [access=read|write] [open=yes|no] [traphost=ipaddress] [manager=ipaddress] Parameters community Specifies a new community string. The maximum length of a community string is 15 alphanumeric characters. Spaces are allowed. The name must be enclosed in double quotes if it includes a space. Otherwise, the quotes are optional. The string is case sensitive.
PAGE 78
Chapter 6: SNMPv1 and SNMPv2 Community Strings and Trap Commands manager Specifies the IP address of a management station that can use the community string to access the switch. This option applies if you specify the status of the community string as closed. A community string can have up to eight IP addresses of management workstations, but only one can be assigned with this option. Description This command creates a new SNMP community string on the switch.
PAGE 79
AT-S62 Command Line User’s Guide A community string can have up to eight manager IP addresses, but only one can be assigned when a community string is created. To add IP addresses of management stations to an existing community string, see ADD SNMP COMMUNITY on page 75.
PAGE 80
Chapter 6: SNMPv1 and SNMPv2 Community Strings and Trap Commands DELETE SNMP COMMUNITY Syntax delete snmp community=”community” traphost=ipaddress manager=ipaddress Parameters community Specifies the SNMP community string on the switch to be modified. The community string must already exist on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space. Otherwise, the quotes are optional.
PAGE 81
AT-S62 Command Line User’s Guide DESTROY SNMP COMMUNITY Syntax destroy snmp community=”community” Parameter community Specifies an SNMP community string to delete from the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space. Otherwise, the quotes are optional. Description This command deletes an SNMP community string from the switch. IP addresses of management stations and SNMP trap receivers assigned to the community string are deleted as well.
PAGE 82
Chapter 6: SNMPv1 and SNMPv2 Community Strings and Trap Commands DISABLE SNMP Syntax disable snmp Parameters None. Description This command disables SNMP on the switch. You cannot manage the unit from an SNMP management station when SNMP is disabled. The default setting for SNMP is disabled.
PAGE 83
AT-S62 Command Line User’s Guide DISABLE SNMP AUTHENTICATETRAP Syntax disable snmp authenticatetrap|authenticate_trap Parameters None. Description This command stops the switch from sending authentication failure traps to trap receivers. However, the switch will continue to send other system traps, such as alarm traps. The default setting for sending authentication failure traps is enabled. The AUTHENTICATETRAP and AUTHENTICATE_TRAP keywords are equivalent.
PAGE 84
Chapter 6: SNMPv1 and SNMPv2 Community Strings and Trap Commands DISABLE SNMP COMMUNITY Syntax disable snmp community=”community” Parameters community Specifies an SNMP community string to disable on the switch. This parameter is case sensitive. The string must be enclosed in double quotes if it contains a space. Otherwise, the quotes are optional. Description This command disables a community string on the switch, while leaving SNMP and all other community strings active.
PAGE 85
AT-S62 Command Line User’s Guide ENABLE SNMP Syntax enable snmp Parameters None. Description This command activates SNMP on the switch. Once activated, you can remotely manage the unit with an SNMP application program from a management station on your network. The default setting for SNMP on the switch is disabled.
PAGE 86
Chapter 6: SNMPv1 and SNMPv2 Community Strings and Trap Commands ENABLE SNMP AUTHENTICATETRAP Syntax enable snmp authenticatetrap|authenticate_trap Parameters None. Description This command configures the switch to send authentication failure traps to trap receivers.
PAGE 87
AT-S62 Command Line User’s Guide ENABLE SNMP COMMUNITY Syntax enable snmp community=”community” Parameters community Specifies an SNMP community string. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space. Otherwise, the quotes are optional. Description This command activates a community string on the switch. The default setting for a community string is enabled.
PAGE 88
Chapter 6: SNMPv1 and SNMPv2 Community Strings and Trap Commands SET SNMP COMMUNITY Syntax set snmp community=”community” [access=read|write] [open=yes|no] Parameters community Specifies the SNMP community string whose access level or access status is to be changed. This community string must already exist on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space. Otherwise, the quotes are optional. access Specifies the new access level.
PAGE 89
AT-S62 Command Line User’s Guide The following command changes the access level for the SNMP community string “serv12” to read and write with open access: set snmp community=serv12 access=write open=yes 89
PAGE 90
Chapter 6: SNMPv1 and SNMPv2 Community Strings and Trap Commands SHOW SNMP Syntax show snmp [community=”community”] Parameter community Specifies a community string on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space. Otherwise, the quotes are optional. Default community strings are “public” and “private.” Description This command displays the following SNMP information: ❑ SNMP status - The status will be enabled or disabled.
PAGE 91
AT-S62 Command Line User’s Guide ❑ Management station IP addresses - These are the IP addresses of management stations that can access the switch through a community string that has a closed access status. (Management station IP addresses are displayed only when you specify a specific community string using the COMMUNITY parameter in this command.) To add IP addresses of management stations to a community string, refer to ADD SNMP COMMUNITY on page 75.
PAGE 92
Chapter 7 SNMPv3 Commands This chapter contains the following commands: ❑ ADD SNMPV3 USER on page 94 ❑ CLEAR SNMPV3 ACCESS on page 96 ❑ CLEAR SNMPV3 COMMUNITY on page 98 ❑ CLEAR SNMPV3 NOTIFY on page 99 ❑ CLEAR SNMPV3 TARGETADDR on page 100 ❑ CLEAR SNMPV3 VIEW on page 101 ❑ CREATE SNMPV3 ACCESS on page 102 ❑ CREATE SNMPV3 COMMUNITY on page 105 ❑ CREATE SNMPV3 GROUP on page 107 ❑ CREATE SNMPV3 NOTIFY on page 109 ❑ CREATE SNMPV3 TARGETADDR on page 111 ❑ CREATE SNMPV3 TARGETPARAMS on page 113 ❑ CREATE SNMPV3
PAGE 93
AT-S62 Command Line User’s Guide ❑ DESTROY SNMPv3 TARGETADDR on page 123 ❑ DESTROY SNMPv3 TARGETPARMS on page 124 ❑ DESTROY SNMPV3 VIEW on page 125 ❑ SET SNMPV3 ACCESS on page 126 ❑ SET SNMPV3 COMMUNITY on page 128 ❑ SET SNMPV3 GROUP on page 130 ❑ SET SNMPV3 NOTIFY on page 132 ❑ SET SNMPV3 TARGETADDR on page 134 ❑ SET SNMPV3 TARGETPARAMS on page 136 ❑ SET SNMPV3 USER on page 138 ❑ SET SNMPV3 VIEW on page 140 ❑ SHOW SNMPV3 ACCESS on page 142 ❑ SHOW SNMPV3 COMMUNITY on page 143 ❑ SHOW SNMPv3 GROUP on page 14
PAGE 94
Chapter 7: SNMPv3 Commands ADD SNMPV3 USER Syntax add snmpv3 user=user [authentication=md5|sha] authpassword=password privpassword=password [storagetype=volatile|nonvolatile] Parameters user Specifies the name of an SNMPv3 user, up to 32 alphanumeric characters. authentication Specifies the authentication protocol that is used to authenticate this user with an SNMP entity (manager or NMS). If you do not specify an authentication protocol, this parameter is automatically set to None.
PAGE 95
AT-S62 Command Line User’s Guide volatile Does not allow you to save the table entry to the configuration file on the switch. This is the default. nonvolatile Allows you to save the table entry to the configuration file on the switch. Description This command creates an SNMPv3 User Table entry.
PAGE 96
Chapter 7: SNMPv3 Commands CLEAR SNMPV3 ACCESS Syntax clear snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] readview writeview notifyview Parameters access Specifies the name of the security group, up to 32 alphanumeric characters. securitymodel Specifies the security model. The options are: securitylevel v1 Associates the Security Name, or User Name, with the SNMPv1 protocol.
PAGE 97
AT-S62 Command Line User’s Guide notifyview Specifies a Notify View Name that allows the users assigned to this security group to send traps permitted in the specified View. This is an optional parameter. Description This command clears the specified fields in an SNMPv3 Access Table entry. Examples The follow command clears the readview parameter in a security group called “Engineering” which has a security model of the SNMPv3 protocol and a security level of privacy.
PAGE 98
Chapter 7: SNMPv3 Commands CLEAR SNMPV3 COMMUNITY Syntax clear snmpv3 community index=index transporttag Parameters index Specifies the name of an existing SNMPv3 Community Table entry, up to 32 alphanumeric characters. transporttag Specifies the transport tag, up to 32 alphanumeric characters. Description This command clears the transporttag parameter in an SNMPv3 Community Table entry.
PAGE 99
AT-S62 Command Line User’s Guide CLEAR SNMPV3 NOTIFY Syntax clear snmpv3 notify=notify tag Parameters notify Specifies the name of an SNMPv3 Notify Table entry, up to 32 alphanumeric characters. tag Specifies the notify tag name, up to 32 alphanumeric characters. Description This command clears the value of the tag parameter in an SNMPv3 Notify Table entry. Examples The following command deletes the value of the tag parameter in an SNMPv3 Notify Table entry called “hwengtrap.
PAGE 100
Chapter 7: SNMPv3 Commands CLEAR SNMPV3 TARGETADDR Syntax clear snmpv3 targetaddr=targetaddr taglist Parameters targetaddr Specifies the name of the SNMPv3 Target Address Table entry, up to 32 alphanumeric characters. taglist Specifies a tag or list of tags, up to 256 alphanumeric characters. Description This command clears the value of the taglist parameter in an SNMPv3 Target Address Table entry.
PAGE 101
AT-S62 Command Line User’s Guide CLEAR SNMPV3 VIEW Syntax clear snmpv3 view=view [subtree=OID|text] mask Parameters view Specifies the name of the SNMPv3 view, up to 32 alphanumeric characters. subtree Specifies the view of the MIB Tree. Options are: mask OID A numeric value in hexadecimal format. text Text name of the view. Specifies the subtree mask, in hexadecimal format. Description This command clears the value of the mask parameter in an SNMPv3 View Table entry.
PAGE 102
Chapter 7: SNMPv3 Commands CREATE SNMPV3 ACCESS Syntax create snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] readview=readview writeview=writeview notifyview=notifyview [storagetype=volatile|nonvolatile] Parameters access Specifies the name of the security group, up to 32 alphanumeric characters. securitymodel Specifies the security model.
PAGE 103
AT-S62 Command Line User’s Guide writeview Specifies a Write View Name that allows the users assigned to this Security Group to write, or modify, the information in the specified View Table. This is an optional parameter. If you do not assign a value to this parameter, then the writeview parameter defaults to none. notifyview Specifies a Notify View Name that allows the users assigned to this Group Name to send traps permitted in the specified View. This is an optional parameter.
PAGE 104
Chapter 7: SNMPv3 Commands In the following command, a security group is created called “hwengineering” with a security model of SNMPv3 and a security level of noauthentication. In addition, the security group has a read view named “internet.” create snmpv3 access=hwengineering securitymodel=v3 securitylevel=authentication readview=internet Note In the above example, the storage type has not been specified. As a result, the storage type for the hwengineering security group is volatile storage.
PAGE 105
AT-S62 Command Line User’s Guide CREATE SNMPV3 COMMUNITY Syntax create snmpv3 community index=index communityname=communityname securityname=securityname transporttag=transporttag [storagetype=volatile|nonvolatile] Parameters index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. communityname Specifies a password for this community entry, up to 32 alphanumeric characters.
PAGE 106
Chapter 7: SNMPv3 Commands The following command creates an SNMP community with an index of 95 and a community name of “12sacramento49.” The user is “regina” and the transport tag “trainingtag.” The storage type for this community is nonvolatile storage.
PAGE 107
AT-S62 Command Line User’s Guide CREATE SNMPV3 GROUP Syntax create snmpv3 group username=username [securitymodel=v1|v2c|v3] groupname=groupname [storagetype=volatile|nonvolatile] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol.
PAGE 108
Chapter 7: SNMPv3 Commands Example The following command creates the SNMPv3 SecurityToGroup Table entry for a user named Nancy. The security model is set to the SNMPv3 protocol. The group name, or security group, for this user is the “admin” group. The storage type is set to nonvolatile storage. create snmpv3 group username=Nancy securitymodel=v3 groupname=admin storagetype=nonvolatile The following command creates the SNMPv3 SecurityToGroup Table entry for a user named princess.
PAGE 109
AT-S62 Command Line User’s Guide CREATE SNMPV3 NOTIFY Syntax create snmpv3 notify=notify tag=tag [type=trap|inform] [storagetype=volatile|nonvolatile] Parameters notify Specifies the name of an SNMPv3 Notify Table entry, up to 32 alphanumeric characters. tag Specifies the notify tag name, up to 32 alphanumeric characters. This is an optional parameter. type Specifies the message type. This is an optional parameter.
PAGE 110
Chapter 7: SNMPv3 Commands Examples In the following command, the SNMPv3 Notify Table entry is called “testengtrap1” and the notify tag is “testengtag1.” The message type is defined as a trap message and the storage type for this entry is nonvolatile storage. create snmpv3 notify=testengtrap1 tag=testengtag1 type=trap storagetype=nonvolatile In the following command, the SNMPv3 Notify Table entry is called “testenginform5” and the notify tag is “testenginformtag5.
PAGE 111
AT-S62 Command Line User’s Guide CREATE SNMPV3 TARGETADDR Syntax create snmpv3 targetaddr=targetaddr params=params ipaddress=ipaddress udpport=udpport timeout=timeout retries=retries taglist=taglist [storagetype=volatile|nonvolatile] Parameters targetaddr Specifies the name of the SNMP manager, or host, that manages the SNMP activity on the switch, up to 32 alphanumeric characters. params Specifies the target parameters name, up to 32 alphanumeric characters.
PAGE 112
Chapter 7: SNMPv3 Commands Examples In the following command, the name of the Target Address Table entry is “snmphost1.” In addition, the params parameter is assigned to “snmpv3manager” and the IP address is 198.1.1.1. The tag list consists of “swengtag,” “hwengtag,” and “testengtag.” The storage type for this table entry is nonvolatile storage. create snmpv3 targetaddr=snmphost1 params=snmpv3manager ipaddress=198.1.1.
PAGE 113
AT-S62 Command Line User’s Guide CREATE SNMPV3 TARGETPARAMS Syntax create snmpv3 targetparams=targetparams username=username [securitymodel=v1|v2c|v3] [messageprocessing=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] [storagetype=volatile|nonvolatile] Parameters targetparams Specifies the name of the SNMPv3 Target Parameters Table entry, up to 32 alphanumeric characters. username Specifies a user name configured in the SNMPv3 User Table.
PAGE 114
Chapter 7: SNMPv3 Commands securitylevel storagetype Specifies the security level. The options are: noauthentication This option provides no authentication protocol and no privacy protocol. authentication This option provides an authentication protocol, but no privacy protocol. privacy This option provides an authentication protocol and the privacy protocol. Specifies the storage type of this table entry. This is an optional parameter.
PAGE 115
AT-S62 Command Line User’s Guide CREATE SNMPV3 VIEW Syntax create snmpv3 view=view [subtree=OID|text] mask=mask [type=included|excluded] [storagetype=volatile|nonvolatile] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view of the MIB Tree. The options are: OID A numeric value in hexadecimal format. text Text name of the view. mask Specifies the subtree mask, in hexadecimal format. type Specifies the view type.
PAGE 116
Chapter 7: SNMPv3 Commands Examples The following command creates an SNMPv3 View Table entry called “internet1” with a subtree value of the Internet MIBs and a view type of included. The storage type for this table entry is nonvolatile storage. create snmpv3 view=internet1 subtree=internet type=included storagetype=nonvolatile The following command creates an SNMPv3 View Table entry called “tcp1” with a subtree value of the TCP/IP MIBs and a view type of excluded.
PAGE 117
AT-S62 Command Line User’s Guide DELETE SNMPV3 USER Syntax delete snmpv3 user=user Parameters user Specifies the name of an SNMPv3 user to delete from the switch. Description This command deletes an SNMPv3 User Table entry. After you delete an SNMPv3 user from the switch, you cannot recover it. Examples The following command deletes the user named “wilson890.” delete snmpv3 user=wilson890 The following command deletes the user named “75murthy75.
PAGE 118
Chapter 7: SNMPv3 Commands DESTROY SNMPv3 ACCESS Syntax destroy snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] Parameter access Specifies an SNMPv3 Access Table entry. securitymodel Specifies the security model of the user name specified above. The options are: securitylevel v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol.
PAGE 119
AT-S62 Command Line User’s Guide Examples The following command deletes the SNMPv3 Access Table entry called “swengineering” with a security model of the SNMPv3 protocol and a security level of authentication. destroy snmpv3 access=swengineering securitymodel=v3 securitylevel=authentication The following command deletes the SNMPv3 Access Table entry called “testengineering” with a security model of the SNMPv3 protocol and a security level of privacy.
PAGE 120
Chapter 7: SNMPv3 Commands DESTROY SNMPv3 COMMUNITY Syntax destroy snmpv3 community index=index Parameter index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. Description This command deletes an SNMPv3 Community Table entry. After you delete an SNMPv3 Community Table entry, you cannot recover it. Examples The following command deletes an SNMPv3 Community Table entry with an index of 1001.
PAGE 121
AT-S62 Command Line User’s Guide DESTROY SNMPv3 GROUP Syntax destroy snmpv3 group username=username [securitymodel=v1|v2c|v3] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol.
PAGE 122
Chapter 7: SNMPv3 Commands DESTROY SNMPv3 NOTIFY Syntax destroy snmpv3 notify=notify Parameter notify Specifies an SNMPv3 Notify Table entry. Description This command deletes an SNMPv3 Notify Table entry. After you delete an SNMPv3 Notify Table entry, you cannot recover it. Examples The following command deletes an SNMPv3 Notify Table entry called “systemtestnotifytrap.” destroy snmpv3 notify=systemtestnotifytrap The following command deletes an SNMPv3 Notify Table entry called “engineeringinform1.
PAGE 123
AT-S62 Command Line User’s Guide DESTROY SNMPv3 TARGETADDR Syntax destroy snmpv3 targetaddr=target Parameter targetaddr Specifies an SNMPv3 Target Address table entry. Description This command deletes an SNMPv3 Target Address Table entry. After you delete an SNMPv3 Target Address Table entry, you cannot recover it. Examples The following command deletes an SNMPv3 Address Table entry called “snmpv3host77.
PAGE 124
Chapter 7: SNMPv3 Commands DESTROY SNMPv3 TARGETPARMS Syntax destroy snmpv3 targetparams=targetparams Parameter targetparams Specifies an SNMPv3 Target Parameters table entry. Description This command deletes an SNMPv3 Target Parameters Table entry. After you delete an SNMPv3 Target Parameters Table entry, you cannot recover it. Examples The following command deletes the SNMPv3 Target Parameters Table entry called “targetparameter1.
PAGE 125
AT-S62 Command Line User’s Guide DESTROY SNMPV3 VIEW Syntax destroy snmpv3 view=view [subtree=OID|text] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view subtree view. The options are: OID A numeric value in hexadecimal format. text Text name of the view. Description This command deletes an SNMPv3 View Table entry. After you delete an SNMPv3 View Table entry, you cannot recover it.
PAGE 126
Chapter 7: SNMPv3 Commands SET SNMPV3 ACCESS set snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] readview=readview writeview=writeview notifyview=notifyview [storagetype=volatile|nonvolatile] Parameters access Specifies the name of the group, up to 32 alphanumeric characters. securitymodel Specifies the security model. Options are: securitylevel v1 Associates the Security Name, or User Name, with the SNMPv1 protocol.
PAGE 127
AT-S62 Command Line User’s Guide storagetype Specifies the storage type of this table entry. This is an optional parameter. The options are: volatile Does not allow you to save the table entry to the configuration file on the switch. This is the default. nonvolatile Allows you to save the table entry to the configuration file on the switch. Description This command modifies an SNMPv3 Access Table entry. Examples The following command modifies the group called engineering.
PAGE 128
Chapter 7: SNMPv3 Commands SET SNMPV3 COMMUNITY Syntax set snmpv3 community index=index communityname=communityname securityname=securityname transporttag=transporttag [storagetype=volatile|nonvolatile] Parameters index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. communityname Specifies a password of this community, up to 32 alphanumeric characters. securityname Specifies the name of an SNMPv1 and SNMPv2 user, up to 32 alphanumeric characters.
PAGE 129
AT-S62 Command Line User’s Guide The following command modifies the community table entry with an index of 52. The community has a password of “oldmiss71” and a security name of “jjhuser234.” The transport tag is set to “testtag40.
PAGE 130
Chapter 7: SNMPv3 Commands SET SNMPV3 GROUP Syntax set snmpv3 group username=username [securitymodel=v1|v2c|v3] groupname=groupname [storagetype=volatile|nonvolatile] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol.
PAGE 131
AT-S62 Command Line User’s Guide Examples The following command modifies the SecurityToGroup Table entry with a user name of “nancy28.” The security model is the SNMPv3 protocol. and the group name is set to engineering. set snmpv3 group username=nancy28 securitymodel=v3 groupname=engineering The following command modifies the SecurityToGroup Table entry with a user name of “nelvid.” The security model is the SNMPv3 protocol and the group name “systemtest.
PAGE 132
Chapter 7: SNMPv3 Commands SET SNMPV3 NOTIFY Syntax set snmpv3 notify=notify tag=tag [type=trap|inform] [storagetype=volatile|nonvolatile] Parameters notify Specifies the name associated with the trap message, up to 32 alphanumeric characters. tag Specifies the notify tag name, up to 32 alphanumeric characters. type Specifies the message type. Options are: storagetype trap Trap messages are sent, with no response expected from the host.
PAGE 133
AT-S62 Command Line User’s Guide The following command modifies an SNMPv3 Notify Table entry called “systemtestinform5.” The notify tag is “systemtestinform5tag” and the message type is an inform message.
PAGE 134
Chapter 7: SNMPv3 Commands SET SNMPV3 TARGETADDR Syntax set snmpv3 targetaddr=targetaddr params=params ipaddress=ipaddress udpport=udpport timeout=timeout retries=retries taglist=taglist [storagetype=volatile|nonvolatile] Parameters targetaddr Specifies the name of the SNMP entity (NMS or manager) that manages the SNMP activity on the switch, up to 32 alphanumeric characters. params Specifies the target parameters name, up to 32 alphanumeric characters. This is an optional parameter.
PAGE 135
AT-S62 Command Line User’s Guide Description This command modifies an SNMPv3 Target Address Table entry. Examples The following command modifies the Target Address Table entry with a value of “snmphost.” The params parameter is set to “targetparameter7” and the IP address is 198.1.1.1. The taglist is set to “systemtesttraptag” and “systemtestinformtag.” set snmpv3 targetaddr=snmphost params=targetparameter7 ipaddress=198.1.1.
PAGE 136
Chapter 7: SNMPv3 Commands SET SNMPV3 TARGETPARAMS Syntax set snmpv3 targetparams=targetparams username=username [securitymodel=v1|v2c|v3] [messageprocessing=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] [storagetype=volatile|nonvolatile] Parameters targetparams Specifies the target parameters name, up to 32 alphanumeric characters. username Specifies the user name. securitymodel Specifies the security model of the above user name.
PAGE 137
AT-S62 Command Line User’s Guide securitylevel storagetype Specifies the security level. The options are: noauthentication This option provides no authentication protocol and no privacy protocol. authentication This option provides an authentication protocol, but no privacy protocol. privacy This option provides an authentication protocol and the privacy protocol. Specifies the storage type of this table entry. This is an optional parameter.
PAGE 138
Chapter 7: SNMPv3 Commands SET SNMPV3 USER Syntax set snmpv3 user=user [authentication=md5|sha] authpassword=password privpassword=password [storagetype=volatile|nonvolatile] Parameters user Specifies the name of an SNMPv3 user, up to 32 alphanumeric characters. authentication Specifies the authentication protocol that is used to authenticate this user with an SNMPv3 entity (or NMS). The default is no authentication. The options are: md5 The MD5 authentication protocol.
PAGE 139
AT-S62 Command Line User’s Guide Examples The following command modifies a User Table entry called “atiuser104”. The authentication protocol is set to the MD5 protocol and the authentication password is “atlanta45denver.” The DES privacy protocol is on and the privacy password is “denvertoatlanta3.” set snmpv3 user=atiuser104 authentication=md5 authpassword=atlanta45denver privpassword=denvertoatlanta3 The following command modifies a User Table entry called “atiuser104.
PAGE 140
Chapter 7: SNMPv3 Commands SET SNMPV3 VIEW Syntax set snmpv3 view=view [subtree=OID|text] mask=mask [type=included|excluded] [storagetype=volatile|nonvolatile] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view subtree view. Options are: OID A numeric value in hexadecimal format. text Text name of the view. mask Specifies the subtree mask, in hexadecimal format. type Specifies the view type.
PAGE 141
AT-S62 Command Line User’s Guide Examples The following command modifies the view called “internet1.” The subtree is set to the Internet MIBs and the view type is included. set snmpv3 view=internet1 subtree=internet type=included The following command modifies the view called system. The subtree is set to 1.3.6.1.2.1 (System MIBs) and the view type is excluded. set snmpv3 view=system subtree=1.3.6.1.2.
PAGE 142
Chapter 7: SNMPv3 Commands SHOW SNMPV3 ACCESS Syntax show snmpv3 access=access Parameter access Specifies an SNMPv3 Access Table entry. Description This command displays the SNMPv3 Access Table. You can display one or all of the table entries. Examples The following command displays the SNMPv3 Access Table entry called “production.
PAGE 143
AT-S62 Command Line User’s Guide SHOW SNMPV3 COMMUNITY Syntax show snmpv3 community index=index Parameter index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. Description This command displays the SNMPv3 Community Table. You can display one or all of the SNMPv3 Community Table entries.
PAGE 144
Chapter 7: SNMPv3 Commands SHOW SNMPv3 GROUP Syntax show snmpv3 group username=username [securitymodel=v1|v2c|v3] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol. v3 Associates the Security Name, or User Name, with the SNMPv3 protocol.
PAGE 145
AT-S62 Command Line User’s Guide SHOW SNMPV3 NOTIFY Syntax show snmpv3 notify=notify Parameter notify Specifies an SNMPv3 Notify Table entry. Description This command displays SNMPv3 Notify Table entries. You can display one or all of the table entries.
PAGE 146
Chapter 7: SNMPv3 Commands SHOW SNMPV3 TARGETADDR Syntax show snmpv3 targetaddr=targetaddr Parameter targetaddr Specifies an SNMPv3 Target Address Table entry. Description This command displays SNMPv3 Target Address Table entries. You can display one or all of the table entries.
PAGE 147
AT-S62 Command Line User’s Guide SHOW SNMPV3 TARGETPARAMS Syntax show snmpv3 targetparams=targetparams Parameter targetparams Specifies an SNMPv3 Target Parameters Table entry. Description This command displays SNMPv3 Target Parameters Table entries. You can display one or all of the table entries.
PAGE 148
Chapter 7: SNMPv3 Commands SHOW SNMPV3 USER Syntax show snmpv3 user=user Parameters user Specifies the name of an SNMPv3 user, up to 32 alphanumeric characters. Description This command displays SNMPv3 User Table entries. You can display one or all of the table entries.
PAGE 149
AT-S62 Command Line User’s Guide SHOW SNMPV3 VIEW Syntax show snmpv3 view=view [subtree=OID|text] Parameter view Specifies an SNMPv3 View Table entry. subtree Specifies the view subtree view. Options are: OID A numeric value in hexadecimal format. text Text name of the view. Description This command displays the SNMPv3 View Table entries. You can display one or all of the table entries.
PAGE 150
Chapter 8 Port Parameter Commands This chapter contains the following commands: ❑ ACTIVATE SWITCH PORT on page 151 ❑ DISABLE INTERFACE LINKTRAP on page 152 ❑ DISABLE SWITCH PORT on page 153 ❑ DISABLE SWITCH PORT FLOW on page 154 ❑ ENABLE INTERFACE LINKTRAP on page 155 ❑ ENABLE SWITCH PORT on page 156 ❑ ENABLE SWITCH PORT FLOW on page 157 ❑ RESET SWITCH PORT on page 158 ❑ SET SWITCH PORT on page 159 ❑ SET SWITCH PORT RATELIMIT on page 164 ❑ SHOW INTERFACE on page 167 ❑ SHOW SWITCH PORT on page 169 Note Rem
PAGE 151
AT-S62 Command Line User’s Guide ACTIVATE SWITCH PORT Syntax activate switch port=port autonegotiate Parameter port Specifies a port. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description If a port is using Auto-Negotiation to set its speed and duplex mode, this command prompts the port to renegotiate its settings with its end node.
PAGE 152
Chapter 8: Port Parameter Commands DISABLE INTERFACE LINKTRAP Syntax disable interface=port linktrap Parameter port Specifies the port where you want to disable SNMP link traps. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command disables link traps on a port.
PAGE 153
AT-S62 Command Line User’s Guide DISABLE SWITCH PORT Syntax disable switch port=port Parameter port Specifies the port to disable. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command disables a port. Once disabled, a port stops forwarding traffic. The default setting for a port is enabled.
PAGE 154
Chapter 8: Port Parameter Commands DISABLE SWITCH PORT FLOW Syntax disable switch port=port flow=pause Parameter port Specifies the port where you want to deactivate flow control. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command deactivates flow control on a port. Flow control only applies to ports operating in full duplex mode.
PAGE 155
AT-S62 Command Line User’s Guide ENABLE INTERFACE LINKTRAP Syntax enable interface=port linktrap Parameter port Specifies the port on which you want to enable SNMP link traps. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command activates SNMP link traps on the port.
PAGE 156
Chapter 8: Port Parameter Commands ENABLE SWITCH PORT Syntax enable switch port=port Parameter port Specifies the port to enable. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command enables a port. Once enabled, a port begins to forward traffic. The default setting for a port is enabled.
PAGE 157
AT-S62 Command Line User’s Guide ENABLE SWITCH PORT FLOW Syntax enable switch port=port flow=pause Parameter port Specifies the port where you want to activate flow control. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command activates flow control on a port. Flow control only applies to ports operating in full duplex mode.
PAGE 158
Chapter 8: Port Parameter Commands RESET SWITCH PORT Syntax reset switch port=port Parameter port Specifies the port to reset. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command resets a port. The reset takes less that a second to complete. You might reset a port if it is experiencing a problem establishing a link with its end node. The port retains its current operating parameter settings.
PAGE 159
AT-S62 Command Line User’s Guide SET SWITCH PORT Syntax set switch port=port [description=”description”] [status=enabled|disabled] [speed=autonegotiate|10mhalf|10mfull|10mhauto|10m fauto|100mhalf|100mfull|100mhauto|100mfauto|1000m full|1000mfauto] [mdimode=mdi|mdix|auto] [flowcontrol=disable|enable|auto] [fctrllimit=auto|value] [backpressure=yes|no|on|off|true|false|enabled| disabled] [bplimit=auto|value] [bcastfiltering=yes|no|on|off|true|false|enabled| disabled] [holbplimit=value] [renegotiation=auto] [s
PAGE 160
Chapter 8: Port Parameter Commands speed Sets the speed and duplex mode of the port. Settings for this parameter are: autonegotiate The port Auto-Negotiates both speed and duplex mode.This is the default setting. 10mhalf 10 Mbps and half-duplex mode. 10mfull 10 Mbps and full-duplex mode. 10mhauto 10 Mbps and half-duplex mode with Auto-Negotiation. 10mfauto 10 Mbps and full-duplex mode with Auto-Negotiation. 100mhalf 100 Mbps and half-duplex mode. 100mfull 100 Mbps and full-duplex mode.
PAGE 161
AT-S62 Command Line User’s Guide parameter are: disabled No flow control. enabled Flow control is activated. auto The switch sets flow control to match flow control on the end node connected to the port. If the end node is using flow control, the switch port also uses flow control. If the end node is not using flow control, neither will the switch port. fctrllimit Specifies the number of cells for flow control. A cell represents 64 bytes. The range is 1 to 57,344 cells. The default is 8192.
PAGE 162
Chapter 8: Port Parameter Commands renegotiation Prompts the port to renegotiate its speed and duplex mode with the end node. This parameter only works when the port is using Auto-Negotiation. The only value is: auto Renegotiates with the end node speed and duplex mode. softreset Resets the port. This parameter does not change any of a port’s operating parameters. priority Specifies the port’s priority level.
PAGE 163
AT-S62 Command Line User’s Guide The following command sets the speed to 100 Mbps, the duplex mode to full duplex, the wiring configuration to MDI-X, and flow control to enabled for ports 2 to 6: set switch port=2-6 speed=100mfull mdimode=mdix flowcontrol=enable The following command sets port priority to 5 and activates the broadcast filter for ports 5, 8, and 12: set switch port=5,8,12 priority=5 bcastfiltering=enabled The following command resets port 5: set switch port=5 softreset 163
PAGE 164
Chapter 8: Port Parameter Commands SET SWITCH PORT RATELIMIT Syntax set switch port=all [rate=value] [bcastratelimiting=yes|no|on|off|true|false| enabled|disabled] [mcastratelimiting=yes|no|on|off|true|false| enabled|disabled] [unkucastratelimiting=yes|no|on|off|true|false| enabled|disabled] Parameters port Specifies all ports on the switch. This feature cannot be configured on a per-port basis. You must specify ALL. rate Specifies the number of ingress packets the switch ports accept each second.
PAGE 165
AT-S62 Command Line User’s Guide table. Settings for this parameter are: yes, on, true, enabled Activates unknown unicast packet rate limit on the port. The values are equivalent. no, off, false, disabled Deactivates unknown unicast packet rate limit on the port. The values are equivalent. Description This command sets the maximum number of ingress multicast, broadcast, and unknown unicast packets the switch ports accept each second. Packets exceeding the threshold are discarded.
PAGE 166
Chapter 8: Port Parameter Commands This command changes the rate limit to 15,000 packets: set switch port=all rate=15000 The following command deactivates unicast rate filtering on all ports: set switch port=all unkucastratelimiting=disabled 166
PAGE 167
AT-S62 Command Line User’s Guide SHOW INTERFACE Syntax show interface=port Parameter port Specifies the port whose interface information you want to display. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command displays the contents of the interface MIB for a port and provides the following information: ❑ ifIndex - The port number.
PAGE 168
Chapter 8: Port Parameter Commands enabled - Link traps are enabled. The switch sends an SNMP link trap whenever there is a change to the status of the link on the port. To disable link traps, see DISABLE INTERFACE LINKTRAP on page 152. disabled - Link traps are disabled. To enable link traps, see ENABLE INTERFACE LINKTRAP on page 155.
PAGE 169
AT-S62 Command Line User’s Guide SHOW SWITCH PORT Syntax show switch port[=port] Parameters port Specifies the port whose parameter settings you want to view. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). All ports are displayed if you omit the port number. Description This command displays a port’s operating parameters, such as speed and duplex mode.
PAGE 170
Chapter 9 MAC Address Table Commands This chapter contains the following commands: ❑ ADD SWITCH FDB|FILTER on page 171 ❑ DELETE SWITCH FDB on page 173 ❑ RESET SWITCH FDB on page 174 ❑ SET SWITCH AGINGTIMER|AGEINGTIMER on page 175 ❑ SHOW SWITCH FDB on page 176 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software User’s Guide for background information on the MAC address table.
PAGE 171
AT-S62 Command Line User’s Guide ADD SWITCH FDB|FILTER Syntax add switch fdb|filter destaddress|macaddress=macaddress port=port vlan=name|vid Note The FDB and FILTER keywords are equivalent. Parameters destaddress macaddress Specifies the static unicast or multicast address to be added to the switch’s MAC address table. The parameters are equivalent.
PAGE 172
Chapter 9: MAC Address Table Commands add switch fdb macaddress=00A0D2181A11 port=7 vlan=default_vlan The following command adds the multicast MAC address 01:00:51:00:00 10 to ports 1 to 5.
PAGE 173
AT-S62 Command Line User’s Guide DELETE SWITCH FDB Syntax delete switch fdb macaddress=macaddress vlan=name|vid Parameters macaddress Specifies the dynamic or static unicast or multicast MAC address to delete from the MAC address table. The address can be entered in either of the following formats: xxxxxxxxxxxx or xx:xx:xx:xx:xx:xx vlan Specifies the VLAN containing the port(s) where the address was learned or assigned. The VLAN can be specified by name or VID.
PAGE 174
Chapter 9: MAC Address Table Commands RESET SWITCH FDB Syntax reset switch fdb port=port Parameters port Specifies the port whose dynamic MAC addresses you want to delete from the MAC address table. You can specify more than one port at a time. Description This command deletes the dynamic MAC addresses learned on a specified port. Once a port’s dynamic MAC addresses have been deleted, the port begins to learn new addresses.
PAGE 175
AT-S62 Command Line User’s Guide SET SWITCH AGINGTIMER|AGEINGTIMER Syntax set switch agingtimer|ageingtimer=value Parameter agingtimer ageingtimer Specifies the aging timer for the MAC address table. The value is in seconds. The range is 1 to 512. The default is 300 seconds (5 minutes). The parameters are equivalent. Description The switch uses the aging timer to delete inactive dynamic MAC addresses from the MAC address table.
PAGE 176
Chapter 9: MAC Address Table Commands SHOW SWITCH FDB Syntax show switch fdb [address=macaddress] [port=port] [status=static|dynamic|multicast] [vlan=name] Parameters address Specifies a MAC address. Use this parameter to determine the port on the switch on which a particular MAC address was learned (dynamic) or assigned (static). The address can be entered in either of the following formats: xxxxxxxxxxxx or xx:xx:xx:xx:xx:xx port Specifies a port on the switch.
PAGE 177
AT-S62 Command Line User’s Guide The following command displays the static and dynamic multicast addresses: show switch fdb status=multicast The following command displays the port on which the MAC address 00:A0:D2:18:1A:11 was learned (dynamic) or added (static): show switch fdb address=00A0D2181A11 The following command displays the MAC addresses learned on port 2: show switch fdb port=2 The following command displays the MAC addresses learned on the ports in the Sales VLAN: show switch fdb vlan=sales Th
PAGE 178
Chapter 10 Port Trunking Commands This chapter contains the following commands: ❑ ADD SWITCH TRUNK on page 179 ❑ CREATE SWITCH TRUNK on page 180 ❑ DELETE SWITCH TRUNK on page 182 ❑ DESTROY SWITCH TRUNK on page 183 ❑ SET SWITCH TRUNK on page 184 ❑ SHOW SWITCH TRUNK on page 185 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software User’s Guide for background information and guidelines on port trunking.
PAGE 179
AT-S62 Command Line User’s Guide ADD SWITCH TRUNK Syntax add switch trunk=name port=port Parameters trunk Specifies the name of the port trunk to be modified. port Specifies the port to be added to the port trunk. You can add more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-20), or both (for example, 1,14-16). Description This command adds ports to an existing port trunk.
PAGE 180
Chapter 10: Port Trunking Commands CREATE SWITCH TRUNK Syntax create switch trunk=name port=ports [select=macsrc|macdest|macboth|ipsrc|ipdest| ipboth] Parameters trunk Specifies the name of the trunk. The name can be up to 10 alphanumeric characters. No spaces or special characters are allowed. port Specifies the ports to be added to the port trunk. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22).
PAGE 181
AT-S62 Command Line User’s Guide Note Before creating a port trunk, examine the speed, duplex mode, and flow control settings of the lowest numbered port to be in the trunk. Check to be sure that the settings are correct for the end node to which the trunk will be connected. When you create the trunk, the AT-S62 management software copies the settings of the lowest numbered port in the trunk to the other ports so that all the settings are the same.
PAGE 182
Chapter 10: Port Trunking Commands DELETE SWITCH TRUNK Syntax delete switch trunk=name port=port Parameters trunk Specifies the name of the trunk to be modified. port Specifies the port to be removed from the existing port trunk. You can specify more than one port at a time. Description This command removes ports from a port trunk. To view the trunks on a switch, refer to SHOW SWITCH TRUNK on page 185. To completely remove a port trunk from a switch, see DESTROY SWITCH TRUNK on page 183.
PAGE 183
AT-S62 Command Line User’s Guide DESTROY SWITCH TRUNK Syntax destroy switch trunk=name Parameter trunk Specifies the name of the trunk to be deleted. Description This command deletes a port trunk from a switch. Once a port trunk has been deleted, the ports that made up the trunk can be connected to different end nodes. Caution Disconnect the cables from the port trunk on the switch before destroying the trunk.
PAGE 184
Chapter 10: Port Trunking Commands SET SWITCH TRUNK Syntax set switch trunk=name select=[macsrc|macdest|macboth|ipsrc|ipdest| ipboth] Parameters trunk Specifies the name of the port trunk. select Specifies the load distribution method. Options are: macsrc Source MAC address. macdest Destination MAC address. macboth Source address/destination MAC address. ipsrc Source IP address. ipdest Destination IP address. ipboth Source address/destination IP address.
PAGE 185
AT-S62 Command Line User’s Guide SHOW SWITCH TRUNK Syntax show switch trunk Parameters None. Description This command displays the names, ports, and load distribution methods of the port trunks on the switch.
PAGE 186
Chapter 11 Port Mirroring Commands This chapter contains the following commands: ❑ SET SWITCH MIRROR on page 187 ❑ SET SWITCH PORT MIRROR on page 188 ❑ SHOW SWITCH MIRROR on page 189 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software User’s Guide for background information and guidelines on port mirroring.
PAGE 187
AT-S62 Command Line User’s Guide SET SWITCH MIRROR Syntax set switch mirror=port Parameter mirror Specifies the destination port for the port mirror. This is the port where the traffic from the source ports will be copied. You can specify only one port as the destination port. Specifying “0” (zero) disables port mirroring. Description This command enables mirroring and specifies the destination port, or disables mirroring. To select the source ports, refer to SET SWITCH PORT MIRROR on page 188.
PAGE 188
Chapter 11: Port Mirroring Commands SET SWITCH PORT MIRROR Syntax set switch port=port mirror=none|rx|tx|both Parameters port Specifies the source ports of a port mirror. You can specify more than one port. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22). mirror Specifies which traffic on the source ports is to be mirrored to the destination port. The options are: rx Specifies ingress mirroring.
PAGE 189
AT-S62 Command Line User’s Guide SHOW SWITCH MIRROR Syntax show switch mirror Parameters None. Description This command displays the source and destination ports of a port mirror on the switch.
PAGE 190
Chapter 12 Statistics Commands This chapter contains the following commands: ❑ RESET SWITCH PORT COUNTER on page 191 ❑ SHOW SWITCH COUNTER on page 192 ❑ SHOW SWITCH PORT COUNTER on page 193 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software User’s Guide for background information on statistics.
PAGE 191
AT-S62 Command Line User’s Guide RESET SWITCH PORT COUNTER Syntax reset switch port=port counter Parameter port Specifies the port whose statistics counters you want to return to zero. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command returns a port’s statistics counters to zero.
PAGE 192
Chapter 12: Statistics Commands SHOW SWITCH COUNTER Syntax show switch counter Parameters None. Description This command displays operating statistics, such as the number of packets received and transmitted, and the number of CRC errors, for the entire switch. For a list of and definitions for the statistics, refer to the AT-S62 Management Software User’s Guide.
PAGE 193
AT-S62 Command Line User’s Guide SHOW SWITCH PORT COUNTER Syntax show switch port=port counter Parameter port Specifies the port whose statistics you want to view. You can specify more than one port at a time. To view all ports, do not specify a port. Description This command displays the operating statistics for a port on the switch. Examples of the statistics include the number of packets transmitted and received, and the number of CRC errors.
PAGE 194
Chapter 13 File System Commands This chapter contains the following commands: ❑ COPY on page 195 ❑ CREATE CONFIG on page 196 ❑ DELETE FILE on page 197 ❑ RENAME on page 198 ❑ SET CONFIG on page 199 ❑ SHOW FILE on page 201 Note Refer to the AT-S62 Management Software User’s Guide for background information on the switch’s file system.
PAGE 195
AT-S62 Command Line User’s Guide COPY Syntax copy “filename1.ext” “filename2.ext” Parameters filename1.ext Specifies the name of the file to be copied. If the name contains spaces, it must be enclosed in double quotes. Otherwise, the quotes are optional. filename2.ext Specifies the name of the copy. If the name contains spaces, it must be enclosed in double quotes. Otherwise, the quotes are optional. Description This command creates a copy of an existing file.
PAGE 196
Chapter 13: File System Commands CREATE CONFIG Syntax create config=”filename.cfg” Parameter config Specifies the name of a new configuration file. If the filename contains spaces, it must be enclosed in double quotes. Otherwise, the quotes are optional. Description This command creates a new configuration file containing the commands required to recreate the current configuration of the switch. The CONFIG parameter specifies the name of the configuration file to create. The file extension must be “.
PAGE 197
AT-S62 Command Line User’s Guide DELETE FILE Syntax delete file=”filename” Parameter file Specifies the name of the file to be deleted. A name with spaces must be enclosed in double quotes. Otherwise, the quotes are optional. You cannot use wildcards. Description This command deletes a file from the file system. To list the files in the file system, refer to SHOW FILE on page 201.
PAGE 198
Chapter 13: File System Commands RENAME Syntax rename “filename1.ext” “filename2.ext” Parameters filename1.ext Specifies the name of the file to be renamed. If the name contains spaces, enclose it in double quotes. Otherwise, the quotes are optional. filename2.ext Specifies the new name for the file. The filename can be from 1 to 15 alphanumeric characters, not including the filename extension. Spaces are allowed. If the name contains spaces, it must be enclosed in double quotes.
PAGE 199
AT-S62 Command Line User’s Guide SET CONFIG Syntax set config=”filename.cfg” Parameter config Specifies the name of the configuration file to act as the active configuration file for the switch. The name can be from 1 to 15 alphanumeric characters, not including the extension “.cfg”. If the filename contains spaces, it must be enclosed in double quotes. Description This command sets the active configuration file for a switch.
PAGE 200
Chapter 13: File System Commands Example The following command sets the active boot configuration file to switch22.cfg: set config=switch22.cfg The switch uses the switch22.cfg configuration file the next time it is reset.
PAGE 201
AT-S62 Command Line User’s Guide SHOW FILE Syntax show file=”filename” Parameter file Specifies the name of the file to be displayed. Use double quotes to enclose the name if it contains spaces. Otherwise, the quotes are optional. Description This command displays a list of the files in the switch’s file system. You can use the wildcard “*” to replace any part of the filename to allow a more selective display. You can also use this command to display the contents of a configuration file.
PAGE 202
Chapter 14 File Download and Upload Commands This chapter contains the following commands: ❑ LOAD on page 203 ❑ UPLOAD on page 209 Note Refer to the AT-S62 Management Software User’s Guide for background information on downloading and uploading software images and configuration files.
PAGE 203
AT-S62 Command Line User’s Guide LOAD Syntax load method=tftp|xmodem|remoteswitch destfile=filename server=ipaddress srcfile|file=filename switchlist=switches verbose=yes|no|on|off|true|false Parameters method Specifies the method of download. Options are: tftp Specifies a TFTP download. To use this option, there must be a network node with TFTP server software. The file to download onto the switch must be stored on the TFTP server.
PAGE 204
Chapter 14: File Download and Upload Commands srcfile file Specifies the filename of the file you are downloading onto the switch. The filename is required for a TFTP download. If the filename contains a space, enclose the name in double quotes. These parameters are equivalent. switchlist Specifies the switches in an enhanced stack to which to download the software image or file from the master switch. To view the switches in an enhanced stack, see SHOW REMOTELIST on page 34.
PAGE 205
AT-S62 Command Line User’s Guide The METHOD parameter states the type of download. There are three possible types of downloads. A TFTP download uses the TFTP client software on the switch to download a file from a TFTP server on your network. The file that you are downloading must be stored on the TFTP server. You can perform this type of download from either a local or Telnet management session of a slave or master switch.
PAGE 206
Chapter 14: File Download and Upload Commands The VERBOSE parameter can be used when you are downloading a file switch to switch to monitor the progress of the download process. The parameter is viable only when teamed with the REMOTESWITCH parameter. Before downloading files, note the following: ❑ To download a new version of the AT-S62 management software image, you must specify the DESTFILE filename as “ATS62.IMG”. Do not give the image file any other name.
PAGE 207
AT-S62 Command Line User’s Guide For an Xmodem download, note the following: ❑ Xmodem can download a file only onto the switch on which you started the local management session. You cannot use Xmodem to download a file onto a switch accessed through enhanced stacking. ❑ The new AT-S62 image file must be stored on the computer or terminal connected to the RS232 Terminal Port on the switch.
PAGE 208
Chapter 14: File Download and Upload Commands The following command uses Xmodem to download an AT-S62 configuration file to the switch’s file system and gives it the name sw12_boot.cfg: load method=xmodem destfile=sw12_boot.cfg Since this is another Xmodem transfer, it must be performed from a local management session. After entering this command, you must specify the location of the configuration file stored on your workstation using your terminal emulation program.
PAGE 209
AT-S62 Command Line User’s Guide UPLOAD Syntax upload method=tftp|xmodem destfile=filename server=ipaddress file=filename Parameters method Specifies the method of the upload. The options are: tftp Specifies a TFTP upload. To use this option, there must be TFTP server software on a network node. You can use this option from either a local or Telnet management session. xmodem Indicates that the upload will be performed using Xmodem. This option is supported only from a local management session.
PAGE 210
Chapter 14: File Download and Upload Commands ❑ Encryption key The METHOD parameter states the type of upload. There are two possible types of uploads. A TFTP upload uses the TFTP client software on the switch to upload a file from the switch to a TFTP server on your network. You can perform this type of upload from either a local or Telnet management session.
PAGE 211
AT-S62 Command Line User’s Guide For an Xmodem upload, note the following: ❑ Xmodem can upload a file only from the switch on which you started the local management session. You cannot use Xmodem to upload a file from a switch accessed through enhanced stacking. For a TFTP upload, note the following: ❑ There must be a node on your network that contains the TFTP server software. ❑ You should start the TFTP server software before you begin the download procedure.
PAGE 212
Chapter 15 Event Log Commands This chapter contains the following commands: ❑ DISABLE LOG on page 213 ❑ ENABLE LOG on page 214 ❑ PURGE LOG on page 215 ❑ SAVE LOG on page 216 ❑ SET LOG FULLACTION on page 218 ❑ SHOW LOG on page 219 ❑ SHOW LOG STATUS on page 224 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 213
AT-S62 Command Line User’s Guide DISABLE LOG Syntax disable log Parameters None. Description This command disables the event log. The default setting for the event log is enabled. Note The event log, even when disabled, will log all AT-S62 initialization events that occur when the switch is reset or power cycled. Any switch events that occur after AT-S62 initialization are recorded only if the event log is enabled.
PAGE 214
Chapter 15: Event Log Commands ENABLE LOG Syntax enable log Parameters None. Description This command activates the event log. Once the log is activated, the switch immediately starts to store events. The default setting for the event log is enabled.
PAGE 215
AT-S62 Command Line User’s Guide PURGE LOG Syntax purge log[=temporary] Parameter temporary Specifies temporary memory. Description This command deletes all entries in the event log. This command produces exactly the same result with or without the TEMPORARY parameter.
PAGE 216
Chapter 15: Event Log Commands SAVE LOG Syntax save log filename=”filename.log” [full] [module=module] [reverse] [severity=severity] [overwrite] Parameters filename Specifies the filename for the log. The name can be up to 16 alphanumeric characters, followed by the extension “.log”. Spaces are allowed. The filename must be enclosed in quotes if it contains spaces. Otherwise, the quotes are optional. full Specifies the amount of information stored in the log.
PAGE 217
AT-S62 Command Line User’s Guide Examples This command stores all informational, error, and warning messages in a file called “switch 12.log”: save log filename=”switch 12.log” This command stores the error messages of the VLAN module in a file called “sw14.log”: save log filename=sw14.log module=vlan severity=e This command stores all informational messages in a file called “sw56.log”, and overwrites the file of the same name that already exists in the file system: save log filename=sw56.
PAGE 218
Chapter 15: Event Log Commands SET LOG FULLACTION Syntax set log fullaction=halt|wrap Parameters fullaction Defines what the log will do when it reaches maximum capacity of 4,000 entries. Actions are: halt The log stops storing new events. wrap The log deletes the oldest entries as new ones are added. This is the default. Description This command defines what the event log will do once it has stored the maximum number of 4,000 entries. The HALT action instructs the log to stop storing new entries.
PAGE 219
AT-S62 Command Line User’s Guide SHOW LOG Syntax show log [full] [module=module] [reverse] [severity=severity] Parameters full Specifies the amount of information displayed by the log. Without this option, the log displays the time, module, severity, and description for each entry. With it, the log also displays the filename, line number, and event ID. module Displays events associated with a particular AT-S62 module. For a list of modules, refer to Table 1 on page 220.
PAGE 220
Chapter 15: Event Log Commands The MODULE parameter displays entries generated by a particular AT-S62 module. You can specify more than one module at a time. If you omit this parameter, the log displays the entries for all the modules. Table 1 lists the modules and their abbreviations.
PAGE 221
AT-S62 Command Line User’s Guide Table 1 AT-S62 Modules Module Name Description SSH Secure Shell protocol SSL Secure Sockets Layer protocol STP Spanning Tree, Rapid Spanning, and Multiple Spanning Tree protocols SYSTEM Hardware status; Manager and Operator log in and log off events.
PAGE 222
Chapter 15: Event Log Commands An example of the event log in full display mode is shown in Figure 1. S Date Time EventID Source File:Line Number Event -----------------------------------------------------------------I 2/01/04 09:11:02 073001 garpmain.c:259 garp: GARP initialized I 2/01/04 09:55:15 083001 portconfig.c:961 pcfg: PortConfig initialized I 2/01/04 10:22:11 063001 vlanapp.c:444 vlan: VLAN initialization succeeded I 2/01/04 12:24:12 093001 mirrorapp.
PAGE 223
AT-S62 Command Line User’s Guide This example displays the error and warning entries for the AT-S62 module VLAN: show log module=vlan severity=e,w 223
PAGE 224
Chapter 15: Event Log Commands SHOW LOG STATUS Syntax show log status Parameter None. Description This command displays information about the error log. It displays whether the log is enabled or disabled, and what the log will do when it reaches maximum capacity. Here is an example of what you will see with this command: Event Log Configuration: Event Logging ........... Enabled Log Full Action ............ Wrap The Event Logging field indicates whether the feature is enabled or disabled.
PAGE 225
Chapter 16 Quality of Service (QoS) Commands This chapter contains the following commands: ❑ MAP QOS COSP on page 226 ❑ SET QOS SCHEDULING on page 227 ❑ SHOW QOS CONFIG on page 228 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software User’s Guide for background information on Quality of Service.
PAGE 226
Chapter 16: Quality of Service (QoS) Commands MAP QOS COSP Syntax map qos cosp=priority-number qid=queue-number Parameters cosp Specifies the Class of Service (CoS) priority level. The CoS priority levels are 0 through 7, with 0 as the lowest priority and 7 as the highest. You can assign more than one priority to an egress queue. qid Specifies the egress queue number. The egress queues are numbered 0 through 3, with queue 0 as the lowest priority and 3 as the highest.
PAGE 227
AT-S62 Command Line User’s Guide SET QOS SCHEDULING Syntax set qos scheduling=strict|wrr weights=weights Parameters scheduling weights Specifies the type of scheduling. The options are: strict Strict priority. The port transmits all packets out of the higher priority queues before it transmits any from the low priority queues. This is the default. wrr Weighted round robin. The port transmits a set number of packets from each queue in a round robin manner.
PAGE 228
Chapter 16: Quality of Service (QoS) Commands SHOW QOS CONFIG Syntax show qos config Parameters None. Description Displays the QoS priority queues and scheduling.
PAGE 229
Chapter 17 IGMP Snooping Commands This chapter contains the following commands: ❑ DISABLE IGMPSNOOPING on page 230 ❑ ENABLE IGMPSNOOPING on page 231 ❑ SET IP IGMP on page 232 ❑ SHOW IGMPSNOOPING on page 234 ❑ SHOW IP IGMP on page 235 Note Remember to use the SAVE CONFIGURATION command to save your changes on the switch. Note Refer to the AT-S62 Management Software User’s Guide for background information on IGMP Snooping.
PAGE 230
Chapter 17: IGMP Snooping Commands DISABLE IGMPSNOOPING Syntax disable igmpsnooping Parameters None. Description This command deactivates IGMP snooping on the switch. This command performs the same function as the SNOOPINGSTATUS option in SET IP IGMP on page 232. The default setting for IGMP snooping is disabled.
PAGE 231
AT-S62 Command Line User’s Guide ENABLE IGMPSNOOPING Syntax enable igmpsnooping Parameters None. Description This command activates IGMP snooping on the switch. This command performs the same function as the SNOOPINGSTATUS option in the command SET IP IGMP on page 232. The default setting for IGMP snooping is disabled.
PAGE 232
Chapter 17: IGMP Snooping Commands SET IP IGMP Syntax set ip igmp [snoopingstatus=enabled|disabled] [hoststatus=singlehost|multihost] [timeout=value] [numbermulticastgroups=value] [routerport=port|all|none|auto] Parameters snoopingstatus hoststatus Activates and deactivates IGMP snooping on the switch. Possible settings are: enabled Activates IGMP snooping. disabled Deactivates IGMP snooping. This is the default setting Specifies the IGMP host node topology.
PAGE 233
AT-S62 Command Line User’s Guide numbermulticastgroups Specifies the maximum number of multicast addresses the switch learns. This parameter is useful with networks that contain a large number of multicast groups. You can use the parameter to prevent the switch’s MAC address table from filling up with multicast addresses, leaving no room for dynamic or static MAC addresses. The range is 1 to 256 addresses; the default is 64 addresses.
PAGE 234
Chapter 17: IGMP Snooping Commands SHOW IGMPSNOOPING Syntax show igmpsnooping Parameters None. Description This command displays the following IGMP parameters: ❑ IGMP snooping status ❑ Multicast host topology ❑ Host/router timeout interval ❑ Maximum multicast groups ❑ Multicast router ports Note To set the IGMP parameters, refer to SET IP IGMP on page 232.
PAGE 235
AT-S62 Command Line User’s Guide SHOW IP IGMP Syntax show ip igmp [hostlist] [routerlist] Parameters hostlist Displays a list of the multicast groups learned by the switch, as well as the ports on the switch that are connected to host nodes. This parameter displays information only there are active host nodes. routerlist Displays the ports on the switch where multicast routers are detected. This parameter displays information only when there are active multicast routers.
PAGE 236
Chapter 17: IGMP Snooping Commands The following command displays a list of active multicast routers: show ip igmp routerlist 236
PAGE 237
Chapter 18 Denial of Service (DoS) Defense Commands This chapter contains the following commands: ❑ SET DOS on page 238 ❑ SET DOS IPOPTION on page 239 ❑ SET DOS LAND on page 240 ❑ SET DOS PINGOFDEATH on page 241 ❑ SET DOS SMURF on page 243 ❑ SET DOS SYNFLOOD on page 244 ❑ SET DOS TEARDROP on page 245 ❑ SHOW DOS on page 247 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 238
Chapter 18: Denial of Service (DoS) Commands SET DOS Syntax set dos ipaddress=ipaddress subnet=mask uplinkport=port Parameters ipaddress Specifies the IP address of one of the devices connected to the switch, preferably the lowest IP address. subnet Specifies the subnet mask of the LAN. A binary “1” indicates the switch should filter on the corresponding bit of the address, while a “0” indicates that it should not. uplinkport Specifies the port on the switch that is connected to a device (e.g.
PAGE 239
AT-S62 Command Line User’s Guide SET DOS IPOPTION Syntax set dos ipoption port=port state=enable|disable [mirrorport=port] Parameters port Specifies the switch port on which you want to enable or disable the IP Option defense. You can specify more than one port at a time. state Specifies the state of the IP Option defense. The options are: mirrorport enable Activates the defense. disable Deactivates the defense. This is the default. Specifies a port where invalid traffic is copied.
PAGE 240
Chapter 18: Denial of Service (DoS) Commands SET DOS LAND Syntax set dos land port=port state=enable|disable [mirrorport=port] Parameters port Specifies the switch port on which you want to enable or disable the Land defense. You can specify more than one port at a time. state Specifies the state of the Land defense. The options are: mirrorport enable Activates the defense. disable Deactivates the defense. This is the default. Specifies a port where invalid traffic is copied.
PAGE 241
AT-S62 Command Line User’s Guide SET DOS PINGOFDEATH Syntax set dos pingofdeath port=port state=enable|disable [mirrorport=port] Parameters port Specifies the switch ports on which to enable or disable the Ping of Death defense. You can specify more than one port at a time. state Specifies the state of the IP Option defense. The options are: mirrorport enable Activates the defense. disable Deactivates the defense. This is the default. Specifies a port where invalid traffic is copied.
PAGE 242
Chapter 18: Denial of Service (DoS) Commands Note This defense mechanism requires some involvement by the switch’s CPU, though not as much as the Teardrop defense. This will not impact the forwarding of traffic between the switch ports, but it can affect the handling of CPU events, such as the processing of IGMP packets and spanning tree BPDUs. For this reason, Allied Telesyn recommends strictly limiting the use of this defense, activating it only on those ports where an attack is most likely to originate.
PAGE 243
AT-S62 Command Line User’s Guide SET DOS SMURF Syntax set dos smurf port=port state=enable|disable Parameters port Specifies the switch ports on which you want to enable or disable SMURF defense. You can select more than one port at a time. state Specifies the state of the SMURF defense. The options are: enable Activates the defense. disable Deactivates the defense. This is the default. Description This command activates and deactivates the SMURF DoS defense.
PAGE 244
Chapter 18: Denial of Service (DoS) Commands SET DOS SYNFLOOD Syntax set dos synflood port=port state=enable|disable Parameters port Specifies the switch ports on which you want to enable or disable this DoS defense. You can select more than one port at a time. state Specifies the state of the DoS defense. The options are: enable Activates the defense. disable Deactivates the defense. This is the default. Description This command activates and deactivates the SYN ACK Flood DoS defense.
PAGE 245
AT-S62 Command Line User’s Guide SET DOS TEARDROP Syntax set dos teardrop port=port state=enable|disable [mirrorport=auto|port] Parameters port Specifies the switch ports on which you want to enable or disable this DoS defense. You can select more than one port at a time. state Specifies the state of the DoS defense. The options are: mirrorport enable Activates the defense. disable Deactivates the defense. This is the default. Specifies a port where invalid traffic is copied.
PAGE 246
Chapter 18: Denial of Service (DoS) Commands Caution This defense is extremely CPU intensive and should be used with caution. Unrestricted use can cause a switch to halt operations should the CPU become overwhelmed with IP traffic. To prevent this, Allied Telesyn recommends activating this defense on only the uplink port and one other switch port at a time.
PAGE 247
AT-S62 Command Line User’s Guide SHOW DOS Syntax 1 show dos [ipaddress] [subnet] [uplinkport] Syntax 2 show dos defense port=port Parameters ipaddress Displays the IP address of the LAN. subnet Displays the subnet mask. uplinkport Displays the uplink port for the Land defense. defense Displays the status of a specified defense for a particular port.
PAGE 248
Chapter 18: Denial of Service (DoS) Commands This command displays the status of the SMURF defense on port 4: show dos smurf port=4 248
PAGE 249
Chapter 19 STP Commands This chapter contains the following commands: ❑ ACTIVATE STP on page 250 ❑ DISABLE STP on page 251 ❑ ENABLE STP on page 252 ❑ PURGE STP on page 253 ❑ SET STP on page 254 ❑ SET STP PORT on page 257 ❑ SHOW STP on page 259 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software User’s Guide for background information on the Spanning Tree Protocol (STP).
PAGE 250
Chapter 19: STP Commands ACTIVATE STP Syntax activate stp Parameters None. Description Use this command to designate STP as the active spanning tree on the switch. You cannot enable STP or configure its parameters until you have designated it as the active spanning tree with this command. Only one spanning tree protocol, STP, RSTP or MSTP, can be active on the switch at a time.
PAGE 251
AT-S62 Command Line User’s Guide DISABLE STP Syntax disable stp Parameters None. Description This command disables the Spanning Tree Protocol on the switch. The default setting for STP is disabled. To view the current status of STP, refer to SHOW STP on page 259.
PAGE 252
Chapter 19: STP Commands ENABLE STP Syntax enable stp Parameters None. Description This command enables the Spanning Tree Protocol on the switch. The default setting for STP is disabled. To view the current status of STP, refer to SHOW STP on page 259. Note You cannot enable STP until after you have activated it with ACTIVATE STP on page 250.
PAGE 253
AT-S62 Command Line User’s Guide PURGE STP Syntax purge stp Parameters None. Description This command returns all STP bridge and port parameters to the default settings. STP must be disabled in order for you to use this command. To disable STP, refer to DISABLE STP on page 251.
PAGE 254
Chapter 19: STP Commands SET STP Syntax set stp [default] [priority=priority] [hellotime=hellotime] [forwarddelay=forwarddelay] [maxage=maxage] Parameters default Disables STP and returns all bridge and port STP settings to the default values. This parameter cannot be used with any other command parameter and can only be used when STP is disabled. (This parameter performs the same function as the PURGE STP command.) priority Specifies the priority number for the bridge.
PAGE 255
AT-S62 Command Line User’s Guide Table 4 Bridge Priority Value Increments Increment Bridge Priority Increment Bridge Priority 7 28672 15 61440 hellotime Specifies the time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds. forwarddelay Specifies the waiting period before a bridge changes to a new state, for example, becomes the new root bridge after the topology changes.
PAGE 256
Chapter 19: STP Commands Examples The following command sets the switch’s bridge priority value to 45,056 (increment 11): set stp priority=11 The following command sets the hello time to 7 seconds and the forwarding delay to 25 seconds: set stp hellotime=7 forwarddelay=25 The following command returns all STP parameters on the switch to the default values: set stp default 256
PAGE 257
AT-S62 Command Line User’s Guide SET STP PORT Syntax set stp port=port [pathcost|portcost=auto|portcost] [portpriority=portpriority] Parameters port Specifies the port you want to configure. You can configure more than one port at a time. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22). pathcost portcost Specifies the port’s cost. The parameters are equivalent.
PAGE 258
Chapter 19: STP Commands portpriority Specifies the port’s priority. This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge. The range is 0 to 240 in increments of 16. There are sixteen increments. The increments are listed in Table 7. You specify the increment of the desired value. The default is 128 (increment 8).
PAGE 259
AT-S62 Command Line User’s Guide SHOW STP Syntax show stp [port=port] Parameter port Specifies the port whose STP parameters you want to view. You can view more than one port at a time.You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22).
PAGE 260
Chapter 20 RSTP Commands This chapter contains the following commands: ❑ ACTIVATE RSTP on page 261 ❑ DISABLE RSTP on page 262 ❑ ENABLE RSTP on page 263 ❑ PURGE RSTP on page 264 ❑ SET RSTP on page 265 ❑ SET RSTP PORT on page 269 ❑ SHOW RSTP on page 272 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software User’s Guide for background information on the Rapid Spanning Tree Protocol (RSTP).
PAGE 261
AT-S62 Command Line User’s Guide ACTIVATE RSTP Syntax activate rstp Parameters None. Description Use this command to designate RSTP as the active spanning tree on the switch. Once you have selected RSTP, you can enable or disable it using the ENABLE RSTP and DISABLE RSTP commands. RSTP is active on a switch only after you have designated it as the active spanning tree with this command and enabled it with the ENABLE RSTP command.
PAGE 262
Chapter 20: RSTP Commands DISABLE RSTP Syntax disable rstp Parameters None. Description This command disables the Rapid Spanning Tree Protocol on the switch. To view the current status of RSTP, use SHOW RSTP on page 272.
PAGE 263
AT-S62 Command Line User’s Guide ENABLE RSTP Syntax enable rstp Parameters None. Description This command enables the Rapid Spanning Tree Protocol on the switch. The default setting for RSTP is disabled. To view the current status of RSTP, use SHOW RSTP on page 272. You cannot enable RSTP until you have activated it with the ACTIVATE RSTP command.
PAGE 264
Chapter 20: RSTP Commands PURGE RSTP Syntax purge rstp Parameters None. Description This command returns all RSTP bridge and port parameters to the default settings. RSTP must be disabled before you can use this command. To disable RSPT, refer to DISABLE RSTP on page 262.
PAGE 265
AT-S62 Command Line User’s Guide SET RSTP Syntax set rstp [default] [priority=priority] [hellotime=hellotime] [forwarddelay=forwarddelay] [maxage=maxage] [rstptype|forceversion=stpcompatible| forcestpcompatible|normalrstp] Parameters default Returns all bridge and port RSTP settings to the default values. This parameter cannot be used with any other command parameter and only when RSTP is disabled. (This parameter performs the same function as the PURGE RSTP command.
PAGE 266
Chapter 20: RSTP Commands Table 8 Bridge Priority Value Increments Increment Bridge Priority Increment Bridge Priority 7 28672 15 61440 hellotime Specifies the time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds. forwarddelay Specifies the waiting period before a bridge changes to a new state, for example, becomes the new root bridge after the topology changes.
PAGE 267
AT-S62 Command Line User’s Guide forcestpcompatible The bridge uses the RSTP parameter settings, but transmits only STP BPDU packets from the ports. This option is equivalent to the STPCOMPATIBLE option. normalrspt The bridge uses RSTP. It transmits RSTP BPDU packets, except on ports connected to bridges running STP. This is the default setting. Description This command configures the following RSTP parameter settings.
PAGE 268
Chapter 20: RSTP Commands The following command returns all RSTP parameter settings to their default values: set rstp default 268
PAGE 269
AT-S62 Command Line User’s Guide SET RSTP PORT Syntax set rstp port=port [pathcost|portcost=cost|auto] [portpriority=portpriority] [edgeport=yes|no|on|off|true|false] [ptp|pointtopoint=yes|no|on|off|true|false| autoupdate] [migrationcheck=yes|no|on|off|true|false] Parameters port Specifies the port you want to configure. You can specify more than one port at a time. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22).
PAGE 270
Chapter 20: RSTP Commands Table 10 lists the RSTP port costs with Auto-Detect when the port is part of a port trunk. Table 10 RSTP Auto-Detect Port Trunk Costs portpriority Port Speed Port Cost 10 Mbps 20,000 100 Mbps 20,000 1000 Mbps 2,000 Specifies the port’s priority. This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge. The range is 0 to 240 in increments of 16. There are sixteen increments.
PAGE 271
AT-S62 Command Line User’s Guide no, off, false ptp pointtopoint The port is not an edge port. The values are equivalent. Defines whether the port is functioning as a pointto-point port. The parameters are equivalent. This type of port is connected to a device operating at full-duplex mode. Values are: yes, on, true The port is an point-to-point port. The values are equivalent. no, off, false The port is not an point-to-point port. The parameters are equivalent. are equivalent.
PAGE 272
Chapter 20: RSTP Commands SHOW RSTP Syntax show rstp [portconfig=port|portstate=port] Parameters portconfig Displays the RSTP port settings. You can specify more than one port at a time. portstate Displays the RSTP port status. You can specify more than one port at a time. Description You can use this command to display the RSTP parameter settings.
PAGE 273
AT-S62 Command Line User’s Guide The following command displays RSTP port status for port 15: show rstp portstate=15 273
PAGE 274
Chapter 21 MSTP Commands This chapter contains the following commands: ❑ ACTIVATE MSTP on page 275 ❑ ADD MSTP on page 276 ❑ CREATE MSTP on page 277 ❑ DELETE MSTP on page 278 ❑ DESTROY MSTP MSTIID on page 279 ❑ DISABLE MSTP on page 280 ❑ ENABLE MSTP on page 281 ❑ PURGE MSTP on page 282 ❑ SET MSTP on page 283 ❑ SET MSTP CIST on page 286 ❑ SET MSTP MSTI on page 287 ❑ SET MSTP MSTIVLANASSOC on page 289 ❑ SET MSTP PORT on page 290 ❑ SHOW MSTP on page 293 Note Remember to save your changes with the SAVE CONFIGU
PAGE 275
AT-S62 Command Line User’s Guide ACTIVATE MSTP Syntax activate mstp Parameters None. Description This command designates MSTP as the active spanning tree on the switch. You cannot enable MSTP or configure its parameters until after you have designated it as the active spanning tree with this command. Only one spanning tree protocol can be active on the switch at a time.
PAGE 276
Chapter 21: MSTP Commands ADD MSTP Syntax add mstp mstiid=mstiid mstivlanassoc=vids Parameters mstiid Specifies the ID of the multiple spanning tree instance (MSTI) to which you want to associate VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. mstivlanassoc Specifies the VID of the VLAN you want to associate with the MSTI ID. You can specify more than one VID at a time (for example, 2,5,44). Description This command associates VLANs to a MSTI.
PAGE 277
AT-S62 Command Line User’s Guide CREATE MSTP Syntax create mstp mstiid=mstiid [mstivlanassoc=vids] Parameters mstiid Specifies the MSTI ID of the spanning tree instance you want to create. You can specify only one MSTI ID at a time. The range is 1 to 15. mstivlanassoc Specifies the VID of the VLAN you want to associate with the MSTI ID. You can specify more than one VID at a time (for example, 2,5,44). Description This command creates an MSTI ID and associates VLANs to the new spanning tree instance.
PAGE 278
Chapter 21: MSTP Commands DELETE MSTP Syntax delete mstp mstiid=mstiid mstivlanassoc=vids Parameters mstiid Specifies the MSTI ID of the spanning tree instance where you want to remove VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. mstivlanassoc Specifies the VID of the VLAN you want to remove from the spanning tree instance. You can specify more than one VID at a time (for example, 2,5,44). Description This command removes a VLAN from a spanning tree instance.
PAGE 279
AT-S62 Command Line User’s Guide DESTROY MSTP MSTIID Format destroy mstp mstiid=mstiid Parameter mstiid Specifies the MSTI ID of the spanning tree instance you want to delete. You can specify only one MSTI ID at a time. The range is 1 to 15. Description This command deletes a spanning tree instance. VLANs associated with a deleted MSTI are returned to CIST.
PAGE 280
Chapter 21: MSTP Commands DISABLE MSTP Syntax disable mstp Parameters None. Description This command disables the Multiple Spanning Tree Protocol on the switch. To view the current status of MSTP, refer to SHOW MSTP on page 293.
PAGE 281
AT-S62 Command Line User’s Guide ENABLE MSTP Syntax enable mstp Parameters None. Description This command enables Multiple Spanning Tree Protocol on the switch. To view the current status of MSTP, refer to SHOW MSTP on page 293. You must select MSTP as the active spanning tree on the switch before you can enable it with this command.
PAGE 282
Chapter 21: MSTP Commands PURGE MSTP Syntax purge mstp Parameters None. Description This command returns all MSTP bridge and port parameters settings to their default values. This command also deletes all multiple spanning tree instances and VLAN associations. In order for you to use this command, MSTP must be the active spanning tree protocol on the switch and the protocol must be disabled. To select MSTP as the active spanning tree protocol on the switch, see ACTIVATE MSTP on page 275.
PAGE 283
AT-S62 Command Line User’s Guide SET MSTP Syntax set mstp [default] [forceversion=stpcompatible|forcestpcompatible| normalmstp] [hellotime=hellotime] [forwarddelay=forwarddelay] [maxage=maxage] [maxhops=maxhops] [configname=”name”] [revisionlevel=number] Parameters default Disables MSTP and returns all bridge and port MSTP settings to the default values. This parameter cannot be used with any other parameter. (This parameter performs the same function as the RESET MSTP command.
PAGE 284
Chapter 21: MSTP Commands normalmspt The bridge uses MSTP. The bridge sends out MSTP BPDU packets from all ports except for those ports connected to bridges running STP. This is the default setting. hellotime Specifies the time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds.
PAGE 285
AT-S62 Command Line User’s Guide revisionlevel Specifies the revision level of an MSTP region. The range is 0 (zero) to 255. This is an arbitrary number that you assign to a region. The revision level must be the same on all bridges in a region. Different regions can have the same revision level without conflict. Description This command configures the following MSTP parameter settings.
PAGE 286
Chapter 21: MSTP Commands SET MSTP CIST Syntax set mstp cist priority=priority Parameter priority Specifies the CIST priority number for the switch. The range is 0 to 61,440 in increments of 4,096. The range is divided into sixteen increments, as shown in the following table. You specify the increment that represents the desired bridge priority value. The default value is 32,768, which is increment 8.
PAGE 287
AT-S62 Command Line User’s Guide SET MSTP MSTI Syntax set mstp msti mstiid=mstiid priority=priority] Parameters mstiid Specifies a MSTI ID. You can specify only one MSTI ID at a time. The range is 1 to 15. priority Specifies the MSTI priority value for the switch. The range is 0 to 61,440 in increments of 4,096. The range is divided into sixteen increments, as shown in the following table. You specify the increment that represents the desired bridge priority value.
PAGE 288
Chapter 21: MSTP Commands Examples This command changes the MSTI priority value to 45,056 (increment 11) for the MSTI ID 4: set mstp msti mstiid=4 priority=11 This command changes the MSTI priority value to 8,192 (increment 2) for the MSTI ID 6: set mstp msti mstiid=6 priority=2 288
PAGE 289
AT-S62 Command Line User’s Guide SET MSTP MSTIVLANASSOC Syntax set mstp mstivlanassoc mstiid=mstiid vlanlist=vids Parameters mstiid Specifies the ID of the spanning tree instance where you want to associate VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. vlanlist Specifies the VID of the VLAN you want to associate with the MSTI ID. You can specify more than one VID at a time (for example, 2,5,44). If VLANs have already been associated with the MSTI, they are overwritten.
PAGE 290
Chapter 21: MSTP Commands SET MSTP PORT Syntax set mstp port=port|all [intportcost=auto|portcost] [extportcost=portcost] [portpriority=priority] [edgeport=yes|no|no|on|off|true|false] [ptp|pointtopoint=yes|no|on|off|true|false| autoupdate] [migrationcheck=yes|no|on|off|true|false] Parameters port Specifies the port you want to configure. You can specify more than one port at a time. To configure all ports in the switch, enter ALL.
PAGE 291
AT-S62 Command Line User’s Guide Table 14 Port Priority Value Increments edgeport ptp pointtopoint Increment Port Priority Increment Port Priority 2 32 10 160 3 48 11 176 4 64 12 192 5 80 13 208 6 96 14 224 7 112 15 240 Defines whether the port is functioning as an edge port. An edge port is connected to a device operating at half-duplex mode and is not connected to any device running STP or MSTP. Selections are: yes, on, true The port is an edge port.
PAGE 292
Chapter 21: MSTP Commands no, off, false Disable migration check. The values are equivalent. Note Each time a MSTP port is reset by receiving STP BPDUs, set the migrationcheck parameter to yes, allowing the port to send MSTP BPDUs. Description This command sets a port’s MSTP settings.
PAGE 293
AT-S62 Command Line User’s Guide SHOW MSTP Syntax show mstp [portconfig=ports] [portstate=ports] [msti] [cist] [mstivlanassoc] Parameters portconfig Specifies a port. You can specify more than one port at a time. For a list of the MSTP information displayed by this parameter, refer to Description below. portstate Specifies a port. You can specify more than one port at a time. For a list of the MSTP information displayed by this parameter, refer to Description below.
PAGE 294
Chapter 21: MSTP Commands ❑ Configuration name ❑ Reversion level ❑ Bridge identifier The PORTCONFIG parameter displays the following MSTP port parameter settings: ❑ Edge-port status ❑ Point-to-point status ❑ External and internal port costs ❑ Port priority The PORTSTATE parameter displays the following MSTP port status information: ❑ MSTP port state ❑ MSTI ID ❑ MSTP role ❑ Point-to-point status ❑ Spanning tree version ❑ Port cost The MSTI parameter displays the following information for each spanning tree
PAGE 295
Chapter 22 VLANs and Multiple VLAN Mode Commands This chapter contains the following commands: ❑ ADD VLAN on page 296 ❑ CREATE VLAN on page 298 ❑ DELETE VLAN on page 302 ❑ DESTROY VLAN on page 305 ❑ SET SWITCH INFILTERING on page 306 ❑ SET SWITCH MANAGEMENTVLAN on page 307 ❑ SET SWITCH VLANMODE on page 308 ❑ SET VLAN on page 310 ❑ SHOW VLAN on page 311 Note Remember to use the SAVE CONFIGURATION command to save your changes on the switch.
PAGE 296
Chapter 22: VLANs and Multiple VLAN Commands ADD VLAN Syntax 1 add vlan=name [vid=vid] port=ports|all frame=untagged|tagged Syntax 2 add vlan=name [vid=vid] taggedports=ports|all untaggedports=ports|all Parameters vlan Specifies the name of the VLAN you want to modify. vid Specifies the VID of the VLAN you want to modify. This parameter is optional. port Specifies the ports to be added to the VLAN.
PAGE 297
AT-S62 Command Line User’s Guide This command has two syntaxes. You can use either command to add ports to a VLAN. The difference between the two is that Syntax 1 can add only one type of port, tagged or untagged, at a time to a VLAN, while Syntax 2 can add both in the same command. This is illustrated in Examples below. When you add untagged ports to a VLAN, the ports are automatically removed from their current untagged VLAN assignment.
PAGE 298
Chapter 22: VLANs and Multiple VLAN Commands CREATE VLAN Syntax 1 create vlan=name vid=vid port=ports|all frame=untagged|tagged Syntax 2 create vlan=name vid=vid taggedports=ports|all untaggedports=ports|all Parameters vlan Specifies the name of the VLAN. You must assign a name to a VLAN. The name can be from 1 to 20 characters in length and should reflect the function of the nodes that will be a part of the VLAN (for example, Sales or Accounting).
PAGE 299
AT-S62 Command Line User’s Guide port Specifies the ports on the switch that are either tagged or untagged members of the new VLAN. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22). To specify all ports on the switch, use ALL. This parameter must be followed by the FRAME parameter. frame Specifies whether the ports of the VLAN are to be tagged or untagged. This parameter must be used with the PORT parameter.
PAGE 300
Chapter 22: VLANs and Multiple VLAN Commands Tagged ports of the new VLAN remain as tagged and untagged members of their current VLAN assignments. No change is made to a tagged port’s current VLAN assignments, other than its addition to the new VLAN. This is because a tagged port can belong to more than one VLAN at a time. For example, if you add port 6 as a tagged port to a new VLAN, port 6 remains a member of its other current untagged and tagged VLAN assignments.
PAGE 301
AT-S62 Command Line User’s Guide Syntax 2 allows you to create a VLAN of both tagged and untagged ports all in one command. Here is the command that would create our example: create vlan=Service vid=16 untaggedports=1,4,5-7 taggedports=11-12 That’s the advantage of Syntax 2 over Syntax 1. You can create VLANs containing both types of ports with one rather than two commands.
PAGE 302
Chapter 22: VLANs and Multiple VLAN Commands DELETE VLAN Syntax 1 delete vlan=name [vid=vid] port=ports frame=untagged|tagged Syntax 2 delete vlan=name [vid=vid] taggedports=ports untaggedports=ports Parameters vlan Specifies the name of the VLAN to be modified. vid Specifies the VID of the VLAN to be modified. This parameter is optional. port Specifies the ports to be removed from the VLAN. This parameter must be used with the FRAME parameter.
PAGE 303
AT-S62 Command Line User’s Guide Note You cannot change a VLAN’s name or VID. When you remove an untagged port from a VLAN, the following happens: ❑ The port is returned to the Default_VLAN as an untagged port. ❑ If the port is also a tagged member of other VLANS, those VLAN assignments are not changed. The port remains a tagged member of the other VLANs. For example, if you remove Port 4 from a VLAN, the port is automatically returned as an untagged port to the Default VLAN.
PAGE 304
Chapter 22: VLANs and Multiple VLAN Commands delete vlan=Service port=6-8 frame=untagged Using Syntax 2, you can do the whole thing with just one command: delete vlan=Service untaggedports=6-8 taggedports=2 304
PAGE 305
AT-S62 Command Line User’s Guide DESTROY VLAN Syntax destroy vlan vlan=name|all [vid=vid] Parameters vlan Specifies the name of the VLAN to be deleted. To delete all VLANs, use the ALL option. vid Specifies the VID of the VLAN to be deleted. This parameter is optional. Description You can use this command, when the switch is operating in the userconfigure VLAN mode, to delete port-based and tagged VLANs from a switch.
PAGE 306
Chapter 22: VLANs and Multiple VLAN Commands SET SWITCH INFILTERING Syntax set switch infiltering=yes|no|on|off|true|false Parameters infiltering Specifies the operating status of ingress filtering. The options are: yes, on, true Activates ingress filtering. The values are equivalent. This is the default. no, off, false Deactivates ingress filtering. The values are equivalent. Description This command controls the status of ingress filtering.
PAGE 307
AT-S62 Command Line User’s Guide SET SWITCH MANAGEMENTVLAN Syntax set switch managementvlan=name|VID Parameter managementvlan Specifies the management VLAN. You can specify the VLAN by name or by its VID. You can specify only one management VLAN. The default management VLAN is Default_VLAN (VID 1). Description This command sets the management VLAN. The switch uses this VLAN to watch for management packets from Telnet and web browser management sessions.
PAGE 308
Chapter 22: VLANs and Multiple VLAN Commands SET SWITCH VLANMODE Syntax set switch vlanmode=userconfig|dotqmultiple| multiple [uplinkport=port] Parameters vlanmode uplinkport Controls the switch’s VLAN mode. Options are: userconfig This mode allows you to create your own port-based and tagged VLANs. This is the default setting. dotqmultiple This option configures the switch for the 802.1Q-compliant multiple VLAN mode. multiple This option configures the switch for the non-802.
PAGE 309
AT-S62 Command Line User’s Guide The following command sets the switch so that you can create your own port-based and tagged VLANs: set switch vlanmode=userconfig 309
PAGE 310
Chapter 22: VLANs and Multiple VLAN Commands SET VLAN Syntax set vlan=name [vid=vid] type=portbased Parameter vlan Specifies the name of the dynamic GVRP VLAN you want to convert into a static VLAN. To view VLAN names, refer to SHOW VLAN on page 311. vid Specifies the VID of the dynamic VLAN. To view VIDs, refer to SHOW VLAN on page 311. This parameter is optional. type Specifies the type of static VLAN to which the dynamic VLAN is to be converted. There is only one option: PORTBASED.
PAGE 311
AT-S62 Command Line User’s Guide SHOW VLAN Syntax show vlan[=name|vid] Parameter vlan Specifies the name or VID of the VLAN.
PAGE 312
Chapter 23 GARP VLAN Registration Protocol Commands This chapter contains the following commands: ❑ DISABLE GARP on page 313 ❑ ENABLE GARP on page 314 ❑ PURGE GARP on page 315 ❑ SET GARP PORT on page 316 ❑ SET GARP TIMER on page 317 ❑ SHOW GARP on page 319 ❑ SHOW GARP COUNTER on page 320 ❑ SHOW GARP DATABASE on page 322 ❑ SHOW GARP GIP on page 323 ❑ SHOW GARP MACHINE on page 324 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 313
AT-S62 Command Line User’s Guide DISABLE GARP Syntax disable garp=gvrp [gip] Parameters garp Specifies the GARP application you want to disable. The only GARP application supported by AT-S62 management software is GVRP. gip Disables GARP Information Propagation (GIP). Note The online help for this command contains an STP option. The option is not supported. Description This command disables GVRP on the switch. Once disabled, the switch will not learn any new dynamic GVRP VLANs or dynamic GVRP ports.
PAGE 314
Chapter 23: GARP VLAN Registration Protocol Commands ENABLE GARP Syntax enable garp=gvrp [gip] Parameters garp Specifies the GARP application you want to enable. The only GARP application supported by AT-S62 management software is GVRP. gip Enables GARP Information Propagation (GIP). Note The online help for this command contains an STP option. The option is not supported. Description This command enables GVRP on the switch.
PAGE 315
AT-S62 Command Line User’s Guide PURGE GARP Syntax purge garp=gvrp Parameter garp Specifies the GARP application you want to reset. The only GARP application supported by AT-S62 management software is GVRP. Note The online help for this command contains an STP option. The option is not supported. Description This command disables GVRP on the switch and returns the GVRP timers values to their default settings. All GVRP-related statistics counters are returned to zero.
PAGE 316
Chapter 23: GARP VLAN Registration Protocol Commands SET GARP PORT Syntax set garp=gvrp port=port [mode=normal|none] Parameters garp Specifies the GARP application you want to configure. The only GARP application supported by AT-S62 management software is GVRP. port Specifies the port you want to configure on the switch. You can specify more than one port at a time. mode Specifies the GVRP mode of the port. Modes are: normal The port will participate in GVRP.
PAGE 317
AT-S62 Command Line User’s Guide SET GARP TIMER Syntax set garp=gvrp timer [default] [jointime=integer] [leavetime=integer] [leavealltime=integer] Parameters garp Specifies the GARP application you want to configure. The only GARP application supported by AT-S62 management software is GVRP. default Returns the GARP timers to their default settings. jointime Specifies the Join Timer in centi seconds, which are one hundredths of a second. The default is 20 centi seconds.
PAGE 318
Chapter 23: GARP VLAN Registration Protocol Commands Examples The following command sets the Join Period timer to 0.1 second, Leave Period timer to 0.
PAGE 319
AT-S62 Command Line User’s Guide SHOW GARP Syntax show garp=gvrp Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S62 management software is GVRP. Note The online help for this command contains an STP option. The option is not supported.
PAGE 320
Chapter 23: GARP VLAN Registration Protocol Commands SHOW GARP COUNTER Syntax show garp=gvrp counter Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S62 management software is GVRP.
PAGE 321
AT-S62 Command Line User’s Guide ❑ Transmit GARP Messages: LeaveEmpty ❑ Receive GARP Messages: LeaveIn ❑ Transmit GARP Messages: LeaveIn ❑ Receive GARP Messages: Empty ❑ Transmit GARP Messages: Empty ❑ Receive GARP Messages: Bad Message ❑ Receive GARP Messages: Bad Attribute Example The following command displays the above GARP counters: show garp=gvrp counter 321
PAGE 322
Chapter 23: GARP VLAN Registration Protocol Commands SHOW GARP DATABASE Syntax show garp=gvrp database Parameters garp Specifies the GARP application you want to display. The only GARP application supported by AT-S62 management software is GVRP. Description This command displays the following parameters for the internal database for the GARP application. Each attribute is represented by a GID index within the GARP application.
PAGE 323
AT-S62 Command Line User’s Guide SHOW GARP GIP Syntax show garp=gvrp gip Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S62 management software is GVRP.
PAGE 324
Chapter 23: GARP VLAN Registration Protocol Commands SHOW GARP MACHINE Syntax show garp=gvrp machine Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S62 management software is GVRP. Description This command displays the following parameters for the GID state machines for the GARP application. The output is shown on a per-GID index basis; each attribute is represented by a GID index within the GARP application.
PAGE 325
Chapter 24 MAC Address Security Commands This chapter contains the following commands: ❑ SET SWITCH PORT INTRUSIONACTION on page 326 ❑ SET SWITCH PORT SECURITYMODE on page 327 ❑ SHOW SWITCH PORT INTRUSION on page 330 ❑ SHOW SWITCH PORT SECURITYMODE on page 331 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software User’s Guide for background information on port security.
PAGE 326
Chapter 24: Port Security Commands SET SWITCH PORT INTRUSIONACTION Syntax set switch port=port intrusionaction=discard|trap|disable Parameters port Specifies the port where you want to change the intrusion action. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). intrusionaction Specifies the intrusion action. Options are: discard Discards an invalid frame.
PAGE 327
AT-S62 Command Line User’s Guide SET SWITCH PORT SECURITYMODE Syntax set switch port=port [securitymode=automatic|limited|secured|locked] [intrusionaction=discard|trap|disable] [learn=integer] [participate=yes|no|on|off|true|false] Parameters port Specifies the port where you want to set security. You can specify more than one port at a time.You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22).
PAGE 328
Chapter 24: Port Security Commands intrusionaction Specifies the action taken by the port in the event port security is violated. This parameter applies only to the Limited security mode. Intrusion actions are: discard Discards invalid frames. This is the default setting. trap Discards invalid frames and sends a SNMP trap. disable Discards invalid frames, sends an SNMP trap, and disables the port. learn Specifies the maximum number of dynamic MAC addresses a port on the switch can learn.
PAGE 329
AT-S62 Command Line User’s Guide Examples This command sets the security level for port 8 to the Limited mode and specifies a limit of 5 dynamic MAC addresses. Since no intrusion action is specified, the discard action is assigned by default: set switch port=8 securitymode=limited learn=5 This command sets the security level for ports 9 and 12 to the Limited mode and specifies a limit of 15 dynamic MAC addresses per port.
PAGE 330
Chapter 24: Port Security Commands SHOW SWITCH PORT INTRUSION Syntax show switch port=port intrusion Parameters port Specifies the port where you want to view the number of intrusions that have occurred. You can specify more than one port at a time. Description This command displays the number of times a port has detected an intrusion violation.
PAGE 331
AT-S62 Command Line User’s Guide SHOW SWITCH PORT SECURITYMODE Syntax show switch port=port securitymode Parameters port Specifies the port whose security mode settings you want to view. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command displays the security mode settings for the ports on the switch.
PAGE 332
Chapter 25 802.
PAGE 333
AT-S62 Command Line User’s Guide DISABLE PORTACCESS|PORTAUTH Syntax disable portaccess|portauth Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters None. Description This command disables 802.1x Port-based Access Control on your switch. This is the default setting. Example The following command disables 802.
PAGE 334
Chapter 25: 802.1x Port-based Access Control Commands DISABLE RADIUSACCOUNTING Syntax disable radiusaccounting Parameters None Description This command disables RADIUS accounting on the switch. This command is equivalent to the SET RADIUSACCOUNTING STATUS=DISABLED command.
PAGE 335
AT-S62 Command Line User’s Guide ENABLE PORTACCESS|PORTAUTH Syntax enable portaccess|portauth Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters None. Description This command activates 802.1x Port-based Access Control on the switch. The default setting for this feature is disabled. Note You should activate and configure the RADIUS client software on the switch before you activate port-based access control. Refer to SET AUTHENTICATION on page 401.
PAGE 336
Chapter 25: 802.1x Port-based Access Control Commands ENABLE RADIUSACCOUNTING Syntax enable radiusaccounting Parameters None Description This command enables RADIUS accounting on the switch. This command is equivalent to the SET RADIUSACCOUNTING STATUS=ENABLED command.
PAGE 337
AT-S62 Command Line User’s Guide SET PORTACCESS|PORTAUTH PORT ROLE=AUTHENTICATOR Syntax set portaccess|portauth port=port type|role=authenticator|none [control=auto|authorised|forceauthenticate| unauthorised|forceunauthenticate] [quietperiod=value] [txperiod=value] [reauthperiod=value] [supptimeout=value] [servertimeout|servtimeout=value] [maxreq=value] [ctrldirboth=ingress|both] Note The PORTACCESS and PORTAUTH keywords are equivalent.
PAGE 338
Chapter 25: 802.1x Port-based Access Control Commands between the client and the authentication server. Each client that attempts to access the network is uniquely identified by the switch by using the client's MAC address. This is the default setting. authorised forceauthenticate Disables 802.1X port-based authentication and causes the port to transition to the authorized state without any authentication exchange required. The port transmits and receives normal traffic without 802.
PAGE 339
AT-S62 Command Line User’s Guide supptimeout Sets the switch-to-client retransmission time for the EAP-request frame. The default value for this parameter is 30 seconds. The range is 1 to 600 seconds. servertimeout servtimeout Sets the timer used by the switch to determine authentication server timeout conditions. The default value is 30 seconds. The range is 1 to 65,535 seconds. The parameters are equivalent.
PAGE 340
Chapter 25: 802.1x Port-based Access Control Commands Description This command sets ports to the Authenticator role and configures the Authenticator role parameters. This command also disables port-based access control on a port. Example This command sets ports 4 to 6 to the Authenticator role: set portaccess port=4-6 role=authenticator The following command sets port 7 to the Authenticator role.
PAGE 341
AT-S62 Command Line User’s Guide SET PORTACCESS|PORTAUTH PORT ROLE=SUPPLICANT Syntax set portaccess|portauth port=port type|role=supplicant|none [authperiod=value] [heldperiod=value] [maxstart=value] [startperiod=value] [username|name=name] [password=password] Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters port Specifies the port that you want to set to the Supplicant role or whose Supplicant settings you want to adjust. You can specify more than one port at a time.
PAGE 342
Chapter 25: 802.1x Port-based Access Control Commands startperiod Specifies the time period in seconds between successive attempts by the supplicant to establish contact with an authenticator when there is no reply. The range is 1 to 60. The default is 30. username name Specifies the username for the switch port. The parameters are equivalent. The port sends the name to the authentication server for verification when the port logs on to the network.
PAGE 343
AT-S62 Command Line User’s Guide SET RADIUSACCOUNTING Syntax set radiusaccounting [status=enabled|disabled] [serverport=value] [type=network] [trigger=start_stop|stop_only] [updateenable=enabled|disabled] [interval=value] Parameters status Activates and deactivate RADIUS accounting on the switch. Options are: enabled Activates RADIUS accounting. This option is equivalent to the ENABLE RADIUSACCOUNTING command. disabled Deactivates the feature. This is the default.
PAGE 344
Chapter 25: 802.1x Port-based Access Control Commands interval Specifies the intervals at which the switch is to send interim accounting updates to the RADIUS server. The range is 30 to 300 seconds. The default is 60 seconds. Description RADIUS accounting is supported on those switch ports operating in the Authenticator role.
PAGE 345
AT-S62 Command Line User’s Guide SHOW PORTACCESS|PORTAUTH Syntax show portaccess|portauth config|status Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters config Displays whether port-based access control is enabled or disabled on the switch. status Displays the role and status of each port. Description Use this command to display operating information for port-based access control.
PAGE 346
Chapter 25: 802.1x Port-based Access Control Commands SHOW PORTACCESS|PORAUTH PORT Syntax show portaccess|portauth port=port authenticator|supplicant config|status Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters port Specifies the port whose port-based access control settings you want to view. You can specify more than one port at a time. authenticator Indicates that the port is an authenticator. supplicant Indicates that the port is a supplicant.
PAGE 347
AT-S62 Command Line User’s Guide SHOW RADIUSACCOUNTING Syntax show radiusaccounting Parameters None. Description Use this command to display the current parameter settings for RADIUS accounting. For an explanation of the parameters, refer to SET RADIUSACCOUNTING on page 343.
PAGE 348
Chapter 26 Web Server Commands This chapter contains the following commands: ❑ DISABLE HTTP SERVER on page 349 ❑ ENABLE HTTP SERVER on page 350 ❑ PURGE HTTP SERVER on page 351 ❑ SET HTTP SERVER on page 352 ❑ SHOW HTTP SERVER on page 357 Note Remember to use the SAVE CONFIGURATION command to save your changes. Note Refer to the AT-S62 Management Software User’s Guide for background information on the web server.
PAGE 349
AT-S62 Command Line User’s Guide DISABLE HTTP SERVER Syntax disable http server Parameters None. Description This command disables the web server on the switch. When the server is disabled, you cannot manage the switch from a web browser. To view the current status of the web server, see SHOW HTTP SERVER on page 357. The default setting for the web server is enabled.
PAGE 350
Chapter 26: Web Server Commands ENABLE HTTP SERVER Syntax enable http server Parameters None. Description This command activates the web server on the switch. Activating the server allows you to manage the unit from a web browser. To view the current status of the web server, see SHOW HTTP SERVER on page 357. The default setting for the web server is enabled.
PAGE 351
AT-S62 Command Line User’s Guide PURGE HTTP SERVER Syntax purge http server Parameters None. Description This command resets the web server to its default values. Refer to the AT-S62 Management Software User’s Guide for the web server default values. To view the current web server settings, refer to SHOW HTTP SERVER on page 357.
PAGE 352
Chapter 26: Web Server Commands SET HTTP SERVER Syntax set http server [security=enabled|disabled] [sslkeyid=key-id] [port=port] Parameters security Specifies the security mode of the web server. Possible settings are: enabled Specifies that the web server is to function in the secure HTTPS mode. disabled Specifies that the web server is to function in the non-secure HTTP mode. This is the default. sslkeyid Specifies a key pair ID.
PAGE 353
AT-S62 Command Line User’s Guide Examples The following command configures the web server for the non-secure HTTP mode. Since no port is specified, the default HTTP port 80 is used: set http server security=disabled The following command configures the web server for the secure HTTPS mode. It specifies the key pair ID as 5.
PAGE 354
Chapter 26: Web Server Commands create pki certificate=Sw12cert keypair=4 serialnumber=0 subject=”cn=149.11.11.11” 3. This command adds the new certificate to the certificate database. The certificate is given a description of “Switch 12 certificate”: add pki certificate=”Switch 12 certificate” location=Sw12cert.cer 4. This command disables the web server: disable http server 5.
PAGE 355
AT-S62 Command Line User’s Guide 11. Activate the web server using ENABLE HTTP SERVER on page 350 The following is an example of the command sequence for configuring the web server for a CA certificate. It explains how to create an encryption key pair and enrollment request, and how to download the CA certificates on the switch. (The example does not include step 1, setting the system time, nor the procedure for submitting the request to a CA, which will vary depending on the CA’s enrollment requirements.
PAGE 356
Chapter 26: Web Server Commands 8. This command configures the web server. It activates HTTPS and specifies the key created in step 1: set http server security=enabled sslkeyid=8 9.
PAGE 357
AT-S62 Command Line User’s Guide SHOW HTTP SERVER Syntax show http server Parameters None.
PAGE 358
Chapter 27 Encryption Key Commands This chapter contains the following commands: ❑ CREATE ENCO KEY on page 359 ❑ DESTROY ENCO KEY on page 363 ❑ SET ENCO KEY on page 364 ❑ SHOW ENCO on page 365 Note Remember to save your changes with the SAVE CONFIGURATION command. Note The feature is not available in all versions of the AT-S62 management software. Contact your Allied Telesyn sales representative to determine if this feature is available in your locale.
PAGE 359
AT-S62 Command Line User’s Guide CREATE ENCO KEY Syntax 1 create enco key=key-id type=rsa length=value [description=”description”] Syntax 2 create enco key=key-id type=rsa [description=”description”] [file=filename.key] [format=hex|ssh|ssh2] Parameters key Specifies a key ID. The range is 0 to 65,535. The default is 0. When creating a new key this value must be unique from all other key IDs on the switch. type Specifies the type of key, which can only be a random RSA key.
PAGE 360
Chapter 27: Encryption Key Commands hex Specifies a hexadecimal format used to transfer a key between devices other than switches. This is the default. ssh Specifies a format for Secure Shell version 1 users. ssh2 Specifies a format for Secure Shell version 2 users. Description This command serves two functions. One is to create encryption keys. The other is to import and export public encryption keys from the AT-S62 file system to the key database. Caution Key generation is a CPU-intensive process.
PAGE 361
AT-S62 Command Line User’s Guide server key is 768 bits and the recommended length for the host key is 1024 bits. The DESCRIPTION parameter is optional. You can use it to add a description to the key. This can help you identify the different keys on the switch. The description can be up to forty alphanumeric characters. It must be enclosed in quotes and spaces are allowed.
PAGE 362
Chapter 27: Encryption Key Commands If you are exporting a public key from the key database to the file system, the KEY parameter should specify the ID of the key that you want to export. Only the public key of a key pair is exported to the file system. You cannot export a private key. The TYPE parameter specifies the type of key to be imported or exported. The only option is RSA. The FILE parameter specifies the filename of the encryption key. The filename must include the “.key” extension.
PAGE 363
AT-S62 Command Line User’s Guide DESTROY ENCO KEY Syntax destroy enco key=key-id Parameter key Specifies the ID number of the key pair to be deleted from the key database. Description This command deletes an encryption key pair from the key database. This command also deletes a key’s corresponding ”.UKF” file from the file system. Once a key pair is deleted, any SSL certificate created using the public key of the key pair will be invalid and cannot be used to manage the switch.
PAGE 364
Chapter 27: Encryption Key Commands SET ENCO KEY Syntax set enco key=key-id description=”description” Parameters key Specifies the ID number of the key pair whose description you want to change. description Specifies the new description of the key. The description can contain up to 25 alphanumeric characters. Spaces are allowed. The description must be enclosed in double quotes. Description This command changes the description of a key pair.
PAGE 365
AT-S62 Command Line User’s Guide SHOW ENCO Syntax show enco key=key-id Parameters key Specifies the ID of a key whose information you want to display. Description This command displays information about encryption key pairs stored in the key database.
PAGE 366
Chapter 28 Public Key Infrastructure (PKI) Certificate Commands This chapter contains the following commands: ❑ ADD PKI CERTIFICATE on page 367 ❑ CREATE PKI CERTIFICATE on page 369 ❑ CREATE PKI ENROLLMENTREQUEST on page 372 ❑ DELETE PKI CERTIFICATE on page 374 ❑ PURGE PKI on page 375 ❑ SET PKI CERTIFICATE on page 376 ❑ SET PKI CERTSTORELIMIT on page 378 ❑ SET SYSTEM DISTINGUISHEDNAME on page 379 ❑ SHOW PKI on page 380 ❑ SHOW PKI CERTIFICATE on page 381 Note Remember to save your changes with the SAVE CONF
PAGE 367
AT-S62 Command Line User’s Guide ADD PKI CERTIFICATE Syntax add pki certificate=”name” location=”filename.cer” [trusted=yes|no|on|off|true|false] [type=ca|ee|self] Parameters certificate Specifies a name for the certificate. This is the name for the certificate as it will appear in the certificate database list. The name can up to 40 alphanumeric characters. Spaces are allowed. If the name contains spaces, it must be enclosed in double quotes. Each certificate must be given a unique name.
PAGE 368
Chapter 28: Public Key Infrastructure (PKI) Certificate Commands Description This command adds a certificate to the certificate database from the AT-S62 file system. To view the certificate files in the file system, refer to SHOW FILE on page 201. To view the certificates already in the database, refer to SHOW PKI CERTIFICATE on page 381. The CERTIFICATE parameter assigns the certificate a name. The name can be from 1 to 40 alphanumeric characters.
PAGE 369
AT-S62 Command Line User’s Guide CREATE PKI CERTIFICATE Syntax create pki certificate=name keypair=key-id serialnumber=value [format=der|pem] subject=”distinguished-name” Parameters certificate Specifies a name for the self-signed certificate. The name can be from one to eight alphanumeric characters. Spaces are allowed; if included, the name must be enclosed in double quotes. The management software automatically adds the “.cer” extension.
PAGE 370
Chapter 28: Public Key Infrastructure (PKI) Certificate Commands Once you have created a new self-signed certificate, you need to load it into the certificate database. The switch cannot use the certificate for encrypted web browser management systems until it is loaded into the database. For instructions, refer to ADD PKI CERTIFICATE on page 367. Note For a review of the steps to configuring the web server for a selfsigned certificate, refer to SET HTTP SERVER on page 352.
PAGE 371
AT-S62 Command Line User’s Guide Examples The following command creates a self-signed certificate. It assigns the certificate the filename “sw12.cer”. (The management software automatically adds the “.cer” extension.) The command uses the key pair with the ID 12 to create the certificate. The format is ASCII and the distinguished name is the IP address of a master switch: create pki certificate=sw12 keypair=12 serialnumber=0 format=pem subject=”cn=149.11.11.
PAGE 372
Chapter 28: Public Key Infrastructure (PKI) Certificate Commands CREATE PKI ENROLLMENTREQUEST Syntax create pki enrollmentrequest=”name” keypair=keyid [format=der|pem] [type=pkcs10] Parameters enrollmentrequest Specifies a filename for the enrollment request. The filename can be from 1 to 8 alphanumeric characters. If the name contains spaces, it must be enclosed in double quotes. The management software automatically adds the “.csr” extension.
PAGE 373
AT-S62 Command Line User’s Guide Note For a review of all the steps to configuring the web server for a CA certificate, refer to SET HTTP SERVER on page 352. The ENROLLMENTREQUEST parameter specifies a filename for the request. The filename can contain from 1 to 8 alphanumeric characters. If spaces are used, the name must be enclosed in quotes. The management software automatically adds the “.csr” extension. This is the filename under which the request will be stored in the file system.
PAGE 374
Chapter 28: Public Key Infrastructure (PKI) Certificate Commands DELETE PKI CERTIFICATE Syntax delete pki certificate=name Parameter certificate Specifies the name of the certificate you want to delete from the certificate database. The name is case sensitive. If the name contains spaces, it must be enclosed in double quotes. Wildcards are not allowed. Description This command deletes a certificate from the switch’s certificate database.
PAGE 375
AT-S62 Command Line User’s Guide PURGE PKI Syntax purge pki Parameters None. Description This command deletes all certificates from the certificate database and resets the certificate database storage limit to the default. This command does not delete the certificates from the file system. To delete files from the file system, refer to DELETE FILE on page 197.
PAGE 376
Chapter 28: Public Key Infrastructure (PKI) Certificate Commands SET PKI CERTIFICATE Syntax set pki certificate=”name” [trusted=yes|no|on|off|true|false] [type=ca|ee|self] Parameters certificate Specifies the certificate name whose trust or type you want to change. The name is case sensitive. If the name contains spaces, it must be enclosed in quotes. trusted Specifies whether or not the certificate is from a trusted CA.
PAGE 377
AT-S62 Command Line User’s Guide The TYPE parameter specifies the certificate type. If CA is specified, the switch tags this certificate as a CA certificate. If ENDENTITY or EE is specified, the switch tags the certificate to indicate that it belongs to an end entity. If SELF is specified, the switch tags the certificate as its own. The default is ENDENTITY. Note The TRUSTED and TYPE parameters have no affect on the operation of a certificate on the switch.
PAGE 378
Chapter 28: Public Key Infrastructure (PKI) Certificate Commands SET PKI CERTSTORELIMIT Syntax set pki certstorelimit=value Parameter certstorelimit Specifies the maximum number of certificates that can be stored in the certificate database. The range is 12 and 256; the default is 256. Description This command sets the maximum number of certificates that can be stored in the switch’s certificate database.
PAGE 379
AT-S62 Command Line User’s Guide SET SYSTEM DISTINGUISHEDNAME Syntax set system distinguishedname=”name” Parameter distinguishedname Specifies the distinguished name for the switch. The name must be enclosed in quotes. Description This command sets the distinguished name for the switch. The distinguished name is used to create a self signed certificate or enrollment request. For a explanation of distinguished names, refer to the AT-S62 Management Software User’s Guide.
PAGE 380
Chapter 28: Public Key Infrastructure (PKI) Certificate Commands SHOW PKI Syntax show pki Parameters None. Description This command displays the current setting for the maximum number of certificates the switch will allow you to store in the certificate database. To change this value, refer to SET PKI CERTSTORELIMIT on page 378.
PAGE 381
AT-S62 Command Line User’s Guide SHOW PKI CERTIFICATE Syntax show pki certificate[=”name”] Parameter certificate Specifies the name of the certificate whose information you want to view. If the name contains spaces, it must be enclosed in double quotes. This parameter is case sensitive. Wildcards are not allowed. Description This command lists all of the certificates in the certificates database. This command can also display information about a specific certificate in the database.
PAGE 382
Chapter 29 Secure Sockets Layer (SSL) Command This chapter contains the following command: ❑ SET SSL on page 383 ❑ SHOW SSL on page 384 Note Remember to save your changes with the SAVE CONFIGURATION command. Note The feature is not available in all versions of the AT-S62 management software. Contact your Allied Telesyn sales representative to determine if this feature is available in your locale. Refer to the AT-S62 Management Software User’s Guide for background information on SSL.
PAGE 383
AT-S62 Command Line User’s Guide SET SSL Syntax set ssl [cachetimeout=value] [maxsessions=value] Parameters cachetimeout Specifies the maximum time in seconds that a session will be retained in the cache The range is 1 to 600 seconds. The default is 300 second. maxsessions Specifies the maximum number of sessions that will be allowed in the session resumption cache. The range is 0 to 100 sessions. The default is 50 second. Description This command configures the SSL parameters.
PAGE 384
Chapter 29: Secure Sockets Layer (SSL) Commands SHOW SSL Syntax show ssl Parameters None.
PAGE 385
Chapter 30 Secure Shell (SSH) Commands This chapter contains the following commands: ❑ DISABLE SSH SERVER on page 386 ❑ ENABLE SSH SERVER on page 387 ❑ SET SSH SERVER on page 390 ❑ SHOW SSH on page 392 Note Remember to save your changes with the SAVE CONFIGURATION command. Note The feature is not available in all versions of the AT-S62 management software. Contact your Allied Telesyn sales representative to determine if this feature is available in your locale.
PAGE 386
Chapter 30: Secure Shell (SSH) Commands DISABLE SSH SERVER Syntax disable ssh server Parameters None. Description This command disables the Secure Shell server. When the Secure Shell server is disabled, connections from Secure Shell clients are not accepted. By default, the Secure Shell server is disabled.
PAGE 387
AT-S62 Command Line User’s Guide ENABLE SSH SERVER Syntax enable ssh server hostkey=key-id serverkey=key-id [expirytime=hours] [logintimeout=seconds] Parameters hostkey Specifies the ID number of the encryption key pair to function as the host key. serverkey Specifies the ID number of the encryption key pair to function as the server key. expirytime Specifies the length of time, in hours, after which the server key pair is regenerated. The range is 0 to 5 hours. Entering 0 never regenerates the key.
PAGE 388
Chapter 30: Secure Shell (SSH) Commands Note Before you enable SSH, disable the Telnet management session. Otherwise, the security provided by SSH is not active. See DISABLE TELNET on page 39. Example The following command activates the Secure Shell server and specifies encryption key pair 0 as the host key and key pair 1 as the server key: enable ssh server hostkey=0 serverkey=1 General Configuration Steps for SSH Operation Configuring the SSH server involves several commands.
PAGE 389
AT-S62 Command Line User’s Guide Example The following is an example of the command sequence to configuring the SSH software on the server: 1. The first step is to create the two encryption key pairs. Each key must be created separately and the key lengths must be at least one increment (256 bits) apart.
PAGE 390
Chapter 30: Secure Shell (SSH) Commands SET SSH SERVER Syntax set ssh server hostkey=key-id serverkey=key-id [expirytime=hours] [logintimeout=seconds] Parameters hostkey Specifies the ID number of the encryption key pair to function as the host key. serverkey Specifies the ID number of the encryption key pair to function as the server key. expirytime Specifies the length of time, in hours, after which the server key pair is regenerated. The range is 0 to 5 hours. Entering 0 never regenerates the key.
PAGE 391
AT-S62 Command Line User’s Guide Example The following command sets the Secure Shell server key expiry time to 1 hour: set ssh server expirytime=1 391
PAGE 392
Chapter 30: Secure Shell (SSH) Commands SHOW SSH Syntax show ssh Parameters None.
PAGE 393
Chapter 31 TACACS+ and RADIUS Commands This chapter contains the following commands: ❑ ADD RADIUSSERVER on page 394 ❑ ADD TACACSSERVER on page 395 ❑ DELETE RADIUSSERVER on page 396 ❑ DELETE TACACSSERVER on page 397 ❑ DISABLE AUTHENTICATION on page 398 ❑ ENABLE AUTHENTICATION on page 399 ❑ PURGE AUTHENTICATION on page 400 ❑ SET AUTHENTICATION on page 401 ❑ SHOW AUTHENTICATION on page 403 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 394
Chapter 31: TACACS+ and RADIUS Commands ADD RADIUSSERVER Syntax add radiusserver server|ipaddress=ipaddress order=value [secret=string] [port|accport=value] [accport=value] Parameters server ipaddress Specifies an IP address of a RADIUS server. The parameters are equivalent. order Specifies the order that the RADIUS servers are queried by the switch. This value can be from 1 to 3. The servers are queried starting with 1. secret Specifies the encryption key used for this server.
PAGE 395
AT-S62 Command Line User’s Guide ADD TACACSSERVER Syntax add tacacsserver server|ipaddress=ipaddress order=value [secret=string] Parameters server ipaddress Specifies an IP address of a TACACS+ server. The parameters are equivalent. order Specifies the order that your TACACS+ servers are queried by the switch. You can assign order to up to 3 servers with 1 being the first server queried. secret Specifies the optional encryption key used on this server.
PAGE 396
Chapter 31: TACACS+ and RADIUS Commands DELETE RADIUSSERVER Syntax delete radiusserver server|ipaddress=ipaddress Parameter server ipaddress Specifies the IP address of a RADIUS server to be deleted from the management software. The parameters are equivalent. Description Use this command to delete the IP address of a RADIUS from your switch. Example The following command deletes the RADIUS server with the IP address 149.245.22.22: delete radiusserver ipaddress=149.245.22.
PAGE 397
AT-S62 Command Line User’s Guide DELETE TACACSSERVER Syntax delete tacacsserver server|ipaddress=ipaddress Parameter server ipaddress Specifies the IP address of a TACACS+ server to be deleted from the management software. The parameters are equivalent. Description Use this command to delete the IP address of a TACACS+ server from your switch. Example The following command deletes the TACACS+ server with the IP address 149.245.22.20: delete tacacsserver ipaddress=149.245.22.
PAGE 398
Chapter 31: TACACS+ and RADIUS Commands DISABLE AUTHENTICATION Syntax disable authentication Parameters None. Description Use this command to disable TACACS+ and RADIUS manager account authentication on your switch. When you disable authentication you retain your current authentication parameter settings. Note This command applies only TACACS+ and RADIUS manager accounts. Disabling authentication means that you must use the default manager accounts of “manager” and “operator” to manage the switch.
PAGE 399
AT-S62 Command Line User’s Guide ENABLE AUTHENTICATION Syntax enable authentication Parameters None. Description Use this parameter to activate TACACS+ or RADIUS manager account authentication on your switch. To select an authenticator protocol, refer to SET AUTHENTICATION on page 401. Note If you are using the RADIUS authentication protocol for 802.1x portbased access control, but not for manager account authentication, you do not need to use this command.
PAGE 400
Chapter 31: TACACS+ and RADIUS Commands PURGE AUTHENTICATION Syntax purge authentication Parameters None. Description This command disables authentication, returns the authentication method to TACACS+, deletes any global secret, and returns the timeout value to its default setting of 10 seconds. This command does not delete the IP address or secret of any RADIUS or TACACS+ authentication server you may have specified.
PAGE 401
AT-S62 Command Line User’s Guide SET AUTHENTICATION Syntax set authentication method=tacacs|radius [secret=string] [timeout=value] Parameters method Specifies which authenticator protocol, TACACS+ or RADIUS, is to be the active protocol on the switch. secret Specifies the global encryption key that is used by the TACACS+ or RADIUS servers.
PAGE 402
Chapter 31: TACACS+ and RADIUS Commands The following command selects RADIUS as the authentication protocol with a global encryption key of leopard09 and a timeout of 15 seconds: set authentication method=radius secret=leopard09 timeout=15 402
PAGE 403
AT-S62 Command Line User’s Guide SHOW AUTHENTICATION Syntax show authentication Parameters None. Description Use this command to display the following information about the authenticated protocols on the switch: ❑ Status - The status of your authenticated protocol: enabled or disabled. ❑ Authentication Method - The authentication protocol activated on your switch. Either TACACS+ or RADIUS protocol may be active. The TACACS+ protocol is the default. ❑ The IP addresses of up to three authentication servers.
PAGE 404
Chapter 32 Management ACL Commands This chapter contains the following commands: ❑ ADD MGMTACL on page 405 ❑ DELETE MGMTACL on page 408 ❑ DISABLE MGMTACL on page 409 ❑ ENABLE MGMTACL on page 410 ❑ SET MGMTACL STATE on page 411 ❑ SHOW MGMTACL on page 412 Note Remember to save your changes with the SAVE CONFIGURATION command. Note Refer to the AT-S62 Management Software User’s Guide for background information on the Management ACL.
PAGE 405
AT-S62 Command Line User’s Guide ADD MGMTACL Syntax add mgmtacl ipddress=ipaddress mask=string protocol=tcp|udp|all interface=telnet|web|all Parameters ipaddress Specifies the IP address of a specific management workstation or of a subnet. mask Specifies the mask used by the switch to filter the IP address. A binary “1” indicates the switch should filter on the corresponding bit of the address, while a “0” indicates that it should not.
PAGE 406
Chapter 32: Management ACL Commands Description This command adds an access control entry to the Management ACL. There can be up to 256 ACEs in a Management ACL. An ACE is an implicit “permit” statement. A workstation that meets the criteria of the ACE will be allowed to remotely manage the switch. The IPADDRESS parameter specifies the IP address of a specific management workstation or a subnet. The MASK parameter indicates the parts of the IP address the switch should filter on.
PAGE 407
AT-S62 Command Line User’s Guide The following command allows all management workstations in the Class A subnet 169.24.144.128 to manage the switch using a Telnet protocol application: set mgmtacl add ipaddress=169.24.144.128 mask=255.255.255.
PAGE 408
Chapter 32: Management ACL Commands DELETE MGMTACL Syntax delete mgmtacl ipaddress=ipaddress mask=string protocol=tcp|udp|all interface=telnet|web|all Parameters ipaddress Specifies the IP address to be deleted. mask Specifies the mask of the IP address. protocol Specifies the protocol of the management packets. The options are: interface tcp Transmission control protocol. udp User datagram protocol. all Both TCP and UDP packets. Specifies the method of remote management.
PAGE 409
AT-S62 Command Line User’s Guide DISABLE MGMTACL Syntax disable mgmtacl Parameters None Description This command disables the Management ACL. This command is equivalent to the SET MGMTACL STATE=DISABLE command. Example The following command disables the Management ACL.
PAGE 410
Chapter 32: Management ACL Commands ENABLE MGMTACL Syntax enable mgmtacl Parameters None Description This command enables the Management ACL. This command is equivalent to the SET MGMTACL STATE=ENABLE command. Note Activating the Management ACL without entering any access control entries (ACEs) will prohibit you from remotely managing the switch from a Telnet or web browser management session. Example The following command enables the Management ACL.
PAGE 411
AT-S62 Command Line User’s Guide SET MGMTACL STATE Syntax set mgmtacl state=disable|enable Parameters state Sets the state of the Management ACL. The options are: enable Enables the Management ACL. disable Disables the Management ACL. This is the default setting. Description This command enables or disables the Management ACL. This command is equivalent to the ENABLE MGMTACL and DISABLE MGMTACL commands.
PAGE 412
Chapter 32: Management ACL Commands SHOW MGMTACL Syntax show mgmtacl state|entries Parameters state Displays the status of the Management ACL as either enabled or disabled. entries Lists the entries in the Management ACL. Description This command shows the state of and entries in the Management ACL. You can specify only one parameter at a time. Examples The following command displays whether the Management ACL is enabled or disabled.
PAGE 413
Index Numerics 802.1Q multiple VLAN mode 308 802.1x port-based access control authenticator port configuring 337 displaying 345 disabling 333 displaying 345, 346, 347 enabling 335 RADIUS accounting 343 supplicant port configuring 341 displaying 345 A access control authenticator port displaying 345 supplicant port displaying 345 access control lists. See Management ACL ACCESS SWITCH command 30 ACL.
PAGE 414
Index BPDU 266, 284 bridge forwarding delay 254, 265, 283 bridge hello time 254, 265, 283 bridge max age 254, 265, 283 bridge priority 254 broadcast filter 159 C cache timeout 383 certificate database 378 CIST priority 286 Class of Service.
PAGE 415
AT-S62 Command Line User’s Guide DISABLE PORTACCESS|PORTAUTH command 333 DISABLE RADIUSACCOUNTING command 334 DISABLE RSTP command 262 DISABLE SNMP AUTHENTICATETRAP command 83 DISABLE SNMP command 82 DISABLE SNMP COMMUNITY command 84 DISABLE SNTP command 67 DISABLE SSH SERVER command 386 DISABLE STP command 251 DISABLE SWITCH PORT command 153 DISABLE SWITCH PORT FLOW command 154 DISABLE TELNETcommand 39 distinguished name displaying 63 setting 379 document conventions 12 DoS 237 downloading files 203 encr
PAGE 416
Index resetting 315 timer, setting 317 gateway address displaying 61 resetting to default 44 setting 53 GID state machines 324 GIP-connected ring 323 H hello time 254, 265, 283 HELP command 22 help, context-sensitive 17 HOL blocking 159 HTTP server disabling 349 displaying 357 enabling 350 resetting 351 security, configuring 352 I IGMP snooping configuring 232 disabling 230 displaying 234, 235 enabling 231 ingress filtering 306 internal port cost 290 intrusion action 164, 327 IP address displaying 60 reset
PAGE 417
AT-S62 Command Line User’s Guide PKI certificate database 378 PKI certificate enrollment request creating 372 downloading 203 uploading 209 PKI certificates adding 367 creating 369 deleting 374 displaying 381 downloading 203 number of certificates 380 uploading 209 PKI module information 380 point-to-point port 269, 290 port configuring 159 cost 257 disabling 153 displaying parameters 169 enabling 156 GVRP status, setting 316 negotiation 159 priority 159, 257 resetting 158 security 164, 326, 327, 330, 331
PAGE 418
Index S SAVE CONFIGURATION command 25 SAVE LOG command 216 Secure Shell (SSH) configuration overview 388 serial port, speed setting 50 SET ASYN command 50 SET AUTHENTICATION command 401 SET CONFIG command 199 SET DATE TIME command 70 SET DOS command 238 SET DOS IPOPTION command 239 SET DOS LAND command 240 SET DOS PINGOFDEATH command 241 SET DOS SMURF command 243 SET DOS SYNFLOOD command 244 SET DOS TEARDROP command 245 SET ENCO KEY command 364 SET GARP PORT command 316 SET GARP TIMER command 317 SET HTTP
PAGE 419
AT-S62 Command Line User’s Guide SHOW LOG STATUS command 224 SHOW MGMTACL command 412 SHOW MSTP command 293 SHOW PKI CERTIFICATE command 381 SHOW PKI command 380 SHOW PORTACCESS|PORTAUTH command 345 SHOW PORTACCESS|PORTAUTH PORT command 346 SHOW QOS CONFIG command 228 SHOW RADIUSACCOUNTING command 347 SHOW REMOTELIST command 34 SHOW RSTP command 272 SHOW SNMP command 90 SHOW SNMPV3 ACCESS command 142 SHOW SNMPV3 COMMUNITY command 143 SHOW SNMPV3 GROUP command 144 SHOW SNMPV3 NOTIFY command 145 SHOW SNMPV3
PAGE 420
Index SNTP disabling 67 enabling 68 information, displaying 72 IP address deleting 66 specifying 65 resetting 69 SSH configuration, displaying 392 SSH server configuring 390 disabling 386 enabling 387 SSL, configuring 383 STP activating 250 disabling 251 displaying 259 enabling 252 port, setting 257 resetting 253 setting 254 strict QoS scheduling 227 subnet mask displaying 60 resetting to default 44 setting 51 supplicant port configuring 341 displaying 345, 346 switch accessing via enhanced stacking 30 con