User guide

ManualsBrandsAllied Telesis ManualsComputer HardwareAT-S63

613-001024 Rev. C

Management

Software

AT-S63

◆

Command Line

User’s Guide

For Stand-alone AT-9400 Switches

and AT-9400Ts Stacks

AT-S63 Version 2.2.0 for Layer 2+ AT-9400 Switches

AT-S63 Version 4.1.0 for Basic Layer 3 AT-9400 Switches

Summary of content (922 pages)

PAGE 1
Management Software AT-S63 ◆ Command Line User’s Guide For Stand-alone AT-9400 Switches and AT-9400Ts Stacks AT-S63 Version 2.2.0 for Layer 2+ AT-9400 Switches AT-S63 Version 4.1.0 for Basic Layer 3 AT-9400 Switches 613-001024 Rev.
PAGE 2
Copyright  2009 Allied Telesis, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesis, Inc. Allied Telesis and the Allied Telesis logo are trademarks of Allied Telesis, Incorporated. Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners. Allied Telesis, Inc.
PAGE 3
Contents Preface ............................................................................................................................................................ 21 How This Guide is Organized........................................................................................................................... 22 Product Documentation .................................................................................................................................... 25 Where to Go First ....
PAGE 4
Contents SAVE CONFIGURATION ................................................................................................................................. 59 AlliedWare Plus Command......................................................................................................................... 59 SET PROMPT................................................................................................................................................... 61 SET SWITCH CONSOLEMODE...................
PAGE 5
AT-S63 Management Software Command Line User’s Guide Chapter 6: Simple Network Time Protocol (SNTP) Commands .............................................................. 117 ADD SNTPSERVER PEER|IPADDRESS ...................................................................................................... 118 AlliedWare Plus Command ...................................................................................................................... 118 DELETE SNTPSERVER PEER|IPADDRESS...................
PAGE 6
Contents SET SWITCH PORT RATELIMITING.............................................................................................................173 AlliedWare Plus Command.......................................................................................................................175 SHOW INTERFACE .......................................................................................................................................177 SHOW SWITCH PORT.............................................
PAGE 7
AT-S63 Management Software Command Line User’s Guide Chapter 13: Port Mirroring Commands ..................................................................................................... 237 SET SWITCH MIRROR.................................................................................................................................. 238 AlliedWare Plus Command ......................................................................................................................
PAGE 8
Contents Chapter 17: Event Log and Syslog Client Commands .............................................................................303 ADD LOG OUTPUT ........................................................................................................................................304 CREATE LOG OUTPUT .................................................................................................................................306 AlliedWare Plus Command...........................................
PAGE 9
AT-S63 Management Software Command Line User’s Guide Chapter 21: Quality of Service (QoS) Commands .................................................................................... 373 ADD QOS FLOWGROUP .............................................................................................................................. 374 ADD QOS POLICY.........................................................................................................................................
PAGE 10
Contents Chapter 24: Power Over Ethernet Commands ..........................................................................................455 DISABLE POE PORT .....................................................................................................................................456 ENABLE POE PORT ......................................................................................................................................457 SET POE PORT ..............................................
PAGE 11
AT-S63 Management Software Command Line User’s Guide Section IV: SNMPv3 ............................................................................................... 507 Chapter 30: SNMPv3 Commands ............................................................................................................... 509 ADD SNMPV3 USER ..................................................................................................................................... 511 AlliedWare Plus Command .................
PAGE 12
Contents Section V: Spanning Tree Protocols ......................................................................571 Chapter 31: Spanning Tree Protocol (STP) Commands ...........................................................................573 ACTIVATE STP ..............................................................................................................................................574 AlliedWare Plus Command..................................................................................
PAGE 13
AT-S63 Management Software Command Line User’s Guide SET MSTP MSTIVLANASSOC ...................................................................................................................... 628 SET MSTP PORT........................................................................................................................................... 629 AlliedWare Plus Command ......................................................................................................................
PAGE 14
Contents DELETE VLAN MACADDRESS .....................................................................................................................698 DELETE VLAN PORT MACADDRESS ..........................................................................................................699 DESTROY VLAN ............................................................................................................................................700 SHOW VLAN .....................................................
PAGE 15
AT-S63 Management Software Command Line User’s Guide Chapter 40: Virtual Router Redundancy Protocol (VRRP) Commands .................................................. 765 ADD VRRP IPADDRESS ............................................................................................................................... 766 AlliedWare Plus Command ...................................................................................................................... 766 ADD VRRP MONITOREDINTERFACE...............
PAGE 16
Contents Section IX: Management Security .........................................................................833 Chapter 43: Web Server Commands ..........................................................................................................835 DISABLE HTTP SERVER...............................................................................................................................836 AlliedWare Plus Command..............................................................................
PAGE 17
AT-S63 Management Software Command Line User’s Guide PURGE AUTHENTICATION .......................................................................................................................... 892 SET AUTHENTICATION ................................................................................................................................ 893 AlliedWare Plus Command ......................................................................................................................
PAGE 18
Contents 18
PAGE 19
Tables Table 1. AlliedWare Plus Modes ..........................................................................................................................................38 Table 2. Command Line Syntax Conventions .....................................................................................................................51 Table 3. Module Variable ..................................................................................................................................................
PAGE 20
Tables 20
PAGE 21
Preface This guide describes the standard command line interface and the AlliedWare Plus™ command interface in the AT-S63 Management Software for the AT-9400 Gigabit Ethernet Switches.
PAGE 22
Preface How This Guide is Organized This guide has the following sections and chapters:  Section I: Basic Operations Chapter 1, “Overview” on page 31 Chapter 2, “Basic Command Line Commands” on page 53 Chapter 3, “Basic Switch Commands” on page 65 Chapter 4, “AT-9400Ts Stack Commands” on page 103 Chapter 5, “Enhanced Stacking Commands” on page 109 Chapter 6, “Simple Network Time Protocol (SNTP) Commands” on page 117 Chapter 7, “SNMPv1 and SNMPv2c Commands” on page 129 Chapter 8, “Port Parameter Commands”
PAGE 23
AT-S63 Management Software Command Line User’s Guide  Section III: Snooping Protocols Chapter 25, “Internet Group Management Protocol (IGMP) Snooping Commands” on page 467 Chapter 26, “Internet Group Management Protocol (IGMP) Snooping Querier Commands” on page 479 Chapter 27, “Multicast Listener Discovery (MLD) Snooping Commands” on page 485 Chapter 28, “Router Redundancy Protocol (RRP) Snooping Commands” on page 499 Chapter 29, “Ethernet Protection Switching Ring (EPSR) Snooping Commands” on page 503
PAGE 24
Preface  Section VIII: Port Security Chapter 41, “MAC Address-based Port Security Commands” on page 793 Chapter 42, “802.
PAGE 25
AT-S63 Management Software Command Line User’s Guide Product Documentation For overview information on the features of the AT-9400 Switches and the AT-S63 Management Software, refer to:  AT-S63 Management Software Features Guide (PN 613-001022) For instructions on how to start local or remote management sessions on stand-alone AT-9400 Switches or AT-9400Ts Stacks, refer to:  Starting an AT-S63 Management Session Guide (PN 613-001023) For instructions on how to install or manage stand-alone AT-9400 Sw
PAGE 26
Preface Where to Go First Allied Telesis recommends that you read Chapter 1, “Overview,” in the AT-S63 Management Software Features Guide before you begin to manage the switch for the first time. There you will find a variety of basic information about the unit and the management software, like the two levels of manager access levels and the different types of management sessions. The AT-S63 Management Software Features Guide is also your resource for background information on the features of the switch.
PAGE 27
AT-S63 Management Software Command Line User’s Guide Document Conventions This document uses the following conventions: Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
PAGE 28
Preface Contacting Allied Telesis This section provides Allied Telesis contact information for technical support and for sales and corporate information. Online Support You can request technical support online by accessing the Allied Telesis Knowledge Base: www.alliedtelesis.com/support/kb.aspx. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
PAGE 29
Section I Basic Operations This section contains the following chapters: Section I: Basic Operations  Chapter 1, “Overview” on page 31  Chapter 2, “Basic Command Line Commands” on page 53  Chapter 3, “Basic Switch Commands” on page 65  Chapter 4, “AT-9400Ts Stack Commands” on page 103  Chapter 5, “Enhanced Stacking Commands” on page 109  Chapter 6, “Simple Network Time Protocol (SNTP) Commands” on page 117  Chapter 7, “SNMPv1 and SNMPv2c Commands” on page 129  Chapter 8, “Port Par
PAGE 30
Section I: Basic Operations
PAGE 31
Chapter 1 Overview This chapter has the following sections:  “Command Line Interfaces” on page 32  “Stand-alone AT-9400 Switches and AT-9400Ts Stacks” on page 33  “Supported Features and Switches” on page 34  “Page Format” on page 35  “Standard Command Line Interface” on page 36  “AlliedWare Plus™ Command Line Interface” on page 37  “Port Numbers in Commands” on page 48  “Formatting Commands” on page 50 31
PAGE 32
Chapter 1: Overview Command Line Interfaces The AT-S63 Management Software has four management interfaces — menus, web browser windows, standard command line, and AlliedWare Plus™ command line. This guide explains the standard command interface and the AlliedWare Plus™ command interface. The standard command interface is the most comprehensive of all the interfaces because it gives you complete control over all the features and parameters on the switch.
PAGE 33
AT-S63 Management Software Command Line User’s Guide Stand-alone AT-9400 Switches and AT-9400Ts Stacks You can use the standard command interface and the AlliedWare Plus command line interface to manage stand-alone AT-9400 Switches and AT-9400Ts Stacks. Stacking is only supported on the AT-9424Ts, AT-9424Ts/XP, and AT-9448Ts/XP Switches, and requires the AT-StackXG Stacking Module. For further information, refer to the AT-S63 Management Software Features User’s Guide.
PAGE 34
Chapter 1: Overview Supported Features and Switches You’ll find this table on the first page of each chapter. It identifies the switches in the AT-9400 Series that support the feature of the chapter. For further information of the features of the switches, refer to the AT-S63 Management Software Features Guide.
PAGE 35
AT-S63 Management Software Command Line User’s Guide Page Format In this guide, standard commands that have equivalent AlliedWare Plus commands have this logo at the start of their descriptions. AlliedWare Plus Command Available Figure 2. AlliedWare Plus Command Available Logo The standard command is described first followed by the equivalent AlliedWare Plus command. In the example in Figure 3, the standard command is SET DATE and the equivalent AlliedWare Plus command is CLOCK SET. Figure 3.
PAGE 36
Chapter 1: Overview Standard Command Line Interface The standard command interface has a flat structure. You enter all the commands at one level. The account you use to log on determines the commands you can use. There is a manager account and an operator account. The manager account gives you access to all the commands while the operator account restricts you to commands for viewing the parameter settings. The command prompt indicates whether you logged on as a manager or an operator.
PAGE 37
AT-S63 Management Software Command Line User’s Guide AlliedWare Plus™ Command Line Interface The following sections describe the features and characteristics of the AlliedWare Plus™ interface. Command Modes The AlliedWare Plus interface has a very different structure from the standard command interface. Instead of a flat command structure, it has different modes that are arranged in the hierarchy illustrated in Figure 6.
PAGE 38
Chapter 1: Overview In some cases, you might find that you have to use commands in different modes to complete a management function. Creating new VLANs is an example of this because you first have to go to the VLAN Configuration mode to create the VLANs and then to the Port Interface mode to designate their ports. The modes, their command line prompts, and their functions are listed in Table 1. Table 1.
PAGE 39
AT-S63 Management Software Command Line User’s Guide Table 1. AlliedWare Plus Modes Mode Prompt Function Class-map Mode (config-cmap)#  Create classifiers and flow groups for Quality of Service policies Line Console mode (config-line)#  Set the console timer  Activate and deactivate the RADIUS or TACACS+ client for manager and operator accounts  Set the baud rate of the terminal port  Create multiple spanning tree instances  Specify a region’s name and revision level.
PAGE 40
Chapter 1: Overview Moving Down the Hierarchy To move down through the hierarchy, you have to move through the modes in sequence. Skipping modes is not allowed. There is a different command for each mode. To move from the User Exec mode to the Privileged Exec mode, for instance, use the ENABLE command. Some of the commands require a value, like the INTERFACE PORT command which must have one or more port numbers and which is used to enter the Port Interface mode.
PAGE 41
AT-S63 Management Software Command Line User’s Guide CONFIGURE TERMINAL Command You use this command to move from the Privileged Exec mode to the Configure Terminal mode. The format of the command is: configure terminal AlliedWare Plus (TM) AT-9448Ts/XP AT-S63 awplus> enable awplus# configure terminal awplus(config)# Figure 9.
PAGE 42
Chapter 1: Overview SPANNING-TREE MST CONFIGURATION Command You use this command to move from the Configure Terminal mode to the Multiple Spanning Tree mode to create multiple spanning tree instances. The format of the command is: spanning-tree mst configuration awplus(config)# spanning-tree mst configuration awplus(config-mst)# Figure 12.
PAGE 43
AT-S63 Management Software Command Line User’s Guide INTERFACE PORT Command You use this command to move from the Configure Terminal mode to the Port Interface mode where you configure the parameter settings of the ports and add ports to VLANs and Quality of Service policies. The format of the command is: interface port This example enters the Interface mode for port 21. awplus(config)# interface 21 awplus(config-if)# Figure 15.
PAGE 44
Chapter 1: Overview awplus(config)# vlan database awplus(config-vlan)# Figure 18. Moving from the Configure Terminal Mode to the VLAN DATABASE Mode with the LINE CONSOLE Command INTERFACE VLAN Command You use this command to move from the Configure Terminal mode to the VLAN Interface mode to create routing interfaces and to designate the local interface. You can specify only one VLAN and the VLAN must be indicated by its name and not by its VID.
PAGE 45
AT-S63 Management Software Command Line User’s Guide awplus(config)# interface sa2 awplus(config-if)# Figure 21. Moving from the Configure Terminal Mode to the Static Port Trunk Interface Mode with the INTERFACE TRUNK Command ROUTER RIP Command You use this command to move from the Configure Terminal mode to the Router mode, in which you add RIP to routing interfaces and configure the protocol settings.
PAGE 46
Chapter 1: Overview Standard Command Line exit User Executive Mode Privileged Executive Mode exit Configure Terminal Mode Class-Map Mode Line Console Mode Multiple Spanning Tree Mode exit Port Interface Mode Policy Map Mode VLAN Database Mode Other Modes exit Class Mode Figure 24.
PAGE 47
AT-S63 Management Software Command Line User’s Guide END Command After configuring a feature, you’ll probably want to use the SHOW commands in the User Exec mode or the Privileged Exec mode to verify your changes. While you could move back through the modes with the EXIT command, you may find the END command more convenient because it jumps you directly to the Privileged Exec mode from any of the modes below the Configure Terminal mode.
PAGE 48
Chapter 1: Overview Port Numbers in Commands Port numbers are identified the same way in both command line interfaces. Stand-alone AT-9400 Switches To identify ports on stand-alone switches, simply enter the port numbers. If the command supports it, you can specify more than one port. The ports can be entered individually, as a range or both. The numbers of a range are separated with a dash, and the individual ports and ranges are separated with commas.
PAGE 49
AT-S63 Management Software Command Line User’s Guide Ranges can span switches. For example: show switch port=1.1-2.24 Here’s another example using the AlliedWare Plus INTERFACE command: interface 2.15-3.11 Note All the command examples in this guide assume a stand-alone switch. If you are configuring ports on an AT-9400Ts Stack, remember to include the module ID numbers with the port numbers.
PAGE 50
Chapter 1: Overview Formatting Commands The standard command line interface and the AlliedWare Plus command line interface follow the same formatting conventions. In the case of the AlliedWare Plus command line interface, these conventions apply to all of the command modes. There are command line interface features which apply to the general use of the command line and command syntax conventions which apply when entering the commands. See the following sections.
PAGE 51
AT-S63 Management Software Command Line User’s Guide Command Line Syntax Conventions The following table describes the conventions used in the command interfaces. Table 2. Command Line Syntax Conventions Convention Section I: Basic Operations Description Example A.B.C.D/M Indicates an IP address and a subnet mask. 192.68.1.11/24 WORD Indicates a string of alphanumeric characters. Switch_28_bldg_11 IFNAME or IF_NAME Indicates a port number. 22,23 mask Indicates a subnet mask. 255.255.255.
PAGE 52
Chapter 1: Overview 52 Section I: Basic Operations
PAGE 53
Chapter 2 Basic Command Line Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes Section I: Basic Features  “CLEAR SCREEN” on page 54  “EXIT” on page 55  “HELP” on page 56  “LOGOFF, LOGOUT and QUIT” on page 57  “MENU” on page 58  “SAVE CONFIGURATION” on page 59  “
PAGE 54
Chapter 2: Basic Command Line Commands CLEAR SCREEN Syntax AlliedWare Plus Command Available clear screen Parameters None. Description This command clears the screen. Example The following command clears the screen: clear screen AlliedWare Plus Command Syntax clear screen Mode User Exec mode and Privileged Exec mode Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 55
AT-S63 Management Software Command Line User’s Guide EXIT Syntax AlliedWare Plus Command Available exit Parameters None. Description This command ends a management session. If you are managing a slave switch in an enhanced stack, the command returns you to the master switch from where you started the management session. Example The following command ends the current management session: exit Equivalent Commands logoff logout quit For information, see “LOGOFF, LOGOUT and QUIT” on page 57.
PAGE 56
Chapter 2: Basic Command Line Commands HELP Syntax AlliedWare Plus Command Available help Parameters None. Description This command displays a list of the CLI keywords with a brief description for each keyword. Example The following command displays the CLI keywords: help AlliedWare Plus Command Syntax ? Mode All modes Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 57
AT-S63 Management Software Command Line User’s Guide LOGOFF, LOGOUT and QUIT Syntax AlliedWare Plus Command Available logoff logout quit Parameters None. Description These commands all perform the same function. They end a management session. If you are managing a slave switch in an enhanced stack, the commands return you to the master switch.
PAGE 58
Chapter 2: Basic Command Line Commands MENU Syntax menu Parameters None. Description This command displays the AT-S63 Main Menu. For instructions on how to use the menus, refer to the AT-S63 Management Software Menus Interface User’s Guide.
PAGE 59
AT-S63 Management Software Command Line User’s Guide SAVE CONFIGURATION Syntax AlliedWare Plus Command Available save configuration Parameters None. Description This command is used to store the switch’s current configuration in the active boot configuration file for permanent storage. When you enter the command, the switch copies its entire configuration into the file as a series of commands.
PAGE 60
Chapter 2: Basic Command Line Commands Examples awplus# write awplus# copy running-config startup-config 60 Section I: Basic Features
PAGE 61
AT-S63 Management Software Command Line User’s Guide SET PROMPT Syntax set prompt="prompt" Parameter prompt Specifies the command line prompt. The prompt can be from one to 12 alphanumeric characters. Spaces and special characters are allowed. The prompt must be enclosed in quotes. Description This command changes the command prompt. Assigning each switch a different command prompt can make it easier for you to identify the different switches in your network when you manage them.
PAGE 62
Chapter 2: Basic Command Line Commands SET SWITCH CONSOLEMODE Syntax set switch consolemode=menu|cli|awplus Parameter consolemode Specifies the default management interface of your management sessions. Options are: menu Specifies the menus interface. cli Specifies the standard command line interface. This is the default value. awplus Specifies the AlliedWare Plus command line interface. Description You use this command to specify the default management interface of your management sessions.
PAGE 63
AT-S63 Management Software Command Line User’s Guide SHOW USER Syntax show user Parameter None. Description Displays the user account you used to log on to manage the switch.
PAGE 64
Chapter 2: Basic Command Line Commands 64 Section I: Basic Features
PAGE 65
Chapter 3 Basic Switch Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes* Yes* Yes* Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes (*The Layer 2+ switches do not support the AlliedWare Plus commands or the standard AWPLUS command.
PAGE 66
Chapter 3: Basic Switch Commands AWPLUS Syntax awplus Parameters None. Description This command is used to start the AlliedWare Plus command line management session. When you enter the command, the management software displays the prompt for the User Exec mode in Figure 26. AlliedWare Plus (TM) AT-9448T/SP AT-S63 awplus> Figure 26. AlliedWare Plus Command Prompt - User Exec Mode To enter the Privileged Exec mode, enter the ENABLE command, as shown in Figure 27.
PAGE 67
AT-S63 Management Software Command Line User’s Guide DISABLE TELNET Syntax AlliedWare Plus Command Available disable telnet Parameters None. Description This command disables the Telnet server on the switch. You might disable the server to prevent anyone from managing the switch with the Telnet application protocol or in the event you decide to use the Secure Shell protocol for remote management. The default setting for the Telnet server is enabled.
PAGE 68
Chapter 3: Basic Switch Commands ENABLE TELNET Syntax AlliedWare Plus Command Available enable telnet Parameters None. Description This command activates the Telnet server on the switch. When the server is active, you can use a Telnet client to remotely manage the switch. To disable the server, refer to “DISABLE TELNET” on page 67. The default setting for the Telnet server is enabled.
PAGE 69
AT-S63 Management Software Command Line User’s Guide PING Syntax AlliedWare Plus Command Available ping ipaddress Parameter ipaddress Specifies the IP address of an end node to be pinged. Description This command instructs the switch to ping an end node. You can use this command to determine whether an active link exists between the switch and another network device. Note The switch can only ping a device if there is a routing interface on the local subnet leading to the device.
PAGE 70
Chapter 3: Basic Switch Commands RESET SWITCH Syntax reset switch Parameters None. Description This command does the following:  Performs a soft reset on all ports. The reset takes less than a second to complete. The ports retain their current operating parameter settings. To perform this function on a per-port basis, refer to “RESET SWITCH PORT” on page 161.  Resets the statistics counters for all ports to zero.
PAGE 71
AT-S63 Management Software Command Line User’s Guide RESET SYSTEM Syntax AlliedWare Plus Command Available reset system [name] [contact] [location] Parameters name Deletes the switch’s name. contact Deletes the switch’s contact. location Deletes the switch’s location. Description This command is used to delete the switch’s name, the name of the network administrator responsible for managing the unit, and the location of the unit. To set these parameters, refer to “SET SYSTEM” on page 85.
PAGE 72
Chapter 3: Basic Switch Commands Example This example deletes the current name of the switch without assigning a new value: awplus> enable awplus# configure terminal awplus(config)# no hostname 72 Section I: Basic Operations
PAGE 73
AT-S63 Management Software Command Line User’s Guide RESTART REBOOT Syntax AlliedWare Plus Command Available restart reboot Parameters None. Description You use this command to reset stand-alone switches and stacks. You might reset a unit if it is experiencing a problem. The reset takes from twenty seconds to two minutes. Note Switches and stacks do not forward traffic while they are resetting. Some network traffic may be lost.
PAGE 74
Chapter 3: Basic Switch Commands Example awplus> enable awplus# system reboot 74 Section I: Basic Operations
PAGE 75
AT-S63 Management Software Command Line User’s Guide RESTART SWITCH Syntax 1 AlliedWare Plus Command Available restart switch Syntax 2 restart switch module=value|all Syntax 3 restart switch config=none Syntax 4 restart switch config=filename.cfg Parameters config Specifies one of the following: none Restores the default settings on a standalone switch or a stack. filename.cfg Specifies the filename of a new active configuration file for a stand-alone switch or a stack.
PAGE 76
Chapter 3: Basic Switch Commands Syntax 2 Description You use this command to reset individual switches in a stack. You can reset more than one switch at a time. When you reset a member switch, the remaining switches of a stack immediately perform the discovery process and resume forwarding traffic after the master switch configures the parameter settings. After a reset member switch has initialized its management software, a stack again performs the discovery process.
PAGE 77
AT-S63 Management Software Command Line User’s Guide Syntax 4 Description You use this command to configure a stand-alone switch or a stack with a different configuration file. You might do this to test the switch or stack with a different configuration. When you enter the command, the switch or stack automatically resets itself and afterwards configures its parameters according to the settings in the specified configuration file.
PAGE 78
Chapter 3: Basic Switch Commands Equivalent Command restart reboot For information, see “RESTART REBOOT” on page 73. AlliedWare Plus Command Syntax system factory-reset erase startup-config Mode Privileged Exec mode Description Both of these commands perform the same function. Analogous to Syntax 3 in the standard command, they are used to restore the default settings on stand-alone switches and stacks. Unlike the standard command, these commands display a confirmation prompt.
PAGE 79
AT-S63 Management Software Command Line User’s Guide SET ASYN Syntax AlliedWare Plus Command Available set asyn [speed=1200|2400|4800|9600|19200|38400| 57600|115200] [prompt=”prompt”] Parameters speed Sets the speed (baud rate) of the serial terminal port on the switch. The default is 9600 bps. prompt Specifies the command line prompt. The prompt can be from one to 12 alphanumeric characters. Spaces and special characters are allowed. The prompt must be enclosed in double quotes.
PAGE 80
Chapter 3: Basic Switch Commands AlliedWare Plus Command Syntax baud-rate 1200|2400|4800|9600|19200|38400|57600|115200 Mode Line Console mode Description You can use this command to set the speed of the terminal port, but not the command line prompt.
PAGE 81
AT-S63 Management Software Command Line User’s Guide SET DATE Syntax AlliedWare Plus Command Available set date=dd-mm-yyyy Parameter date Specifies the date for the switch in day-month-year format. Description You use this command to manually set the date on the switch if you are not using an SNTP server. The switch maintains the date even when the unit is powered off or reset.
PAGE 82
Chapter 3: Basic Switch Commands SET PASSWORD MANAGER Syntax set password manager Parameters None. Description This command sets the manager’s password. The manager account allows you to view and change all switch parameters. The default password is “friend.” The password can be from 0 to 16 alphanumeric characters. Allied Telesis recommends that you avoid special characters, such as spaces, asterisks, or exclamation points because some web browsers do not accept them in passwords.
PAGE 83
AT-S63 Management Software Command Line User’s Guide SET PASSWORD OPERATOR Syntax set password operator Parameters None. Description This command sets the operator’s password. Logging in as operator allows you to only view the switch parameters. The default password is “operator.” The password can be from 0 to 16 alphanumeric characters. Allied Telesis recommends that you avoid special characters, such as spaces, asterisks, or exclamation points because some web browsers do not accept them in passwords.
PAGE 84
Chapter 3: Basic Switch Commands SET SWITCH CONSOLETIMER Syntax AlliedWare Plus Command Available set switch consoletimer=value Parameter consoletimer Specifies the console timer in minutes. The range is 1 to 60 minutes. The default is 10 minutes. Description This command sets the console timer, which is used by the management software to end inactive management sessions.
PAGE 85
AT-S63 Management Software Command Line User’s Guide SET SYSTEM Syntax AlliedWare Plus Command Available set system [name="name"] [contact="contact"] [location="location"] [maxmanager=value] Parameters name Specifies the name of the switch. The name can be from 1 to 39 alphanumeric characters in length and must be enclosed in double quotes (“ “). Spaces are allowed. contact Specifies the name of the network administrator responsible for managing the switch.
PAGE 86
Chapter 3: Basic Switch Commands Note If you define the system name before you set up a system prompt, the switch uses the first 16 characters of the system name as the prompt. See “SET PROMPT” on page 61.
PAGE 87
AT-S63 Management Software Command Line User’s Guide Examples This example assigns the name “Switch12” to the switch: awplus> enable awplus# configure terminal awplus(config)# hostname Switch12 This example deletes the current name without assigning a new value: awplus> enable awplus# configure terminal awplus(config)# no hostname This example sets the maximum number of manager sessions to two: awplus> enable awplus# configure terminal awplus(config)# service terminal-length 2 This example returns the m
PAGE 88
Chapter 3: Basic Switch Commands SET TELNET INSERTNULL Syntax set telnet insertnull=on|off Parameters insertnull Controls whether a NULL character is inserted after each CR sent by the Telnet server to the remote client. Options are: on Sends a NULL character after each CR sent to the remote client. off Specifies that no NULL character is sent to the remote client. This is the default setting.
PAGE 89
AT-S63 Management Software Command Line User’s Guide SET TIME Syntax AlliedWare Plus Command Available set time=hh:mm:ss Parameter time Specifies the hour, minute, and second for the switch’s time in 24-hour format. Description This command is used to set the time on the switch if you are using an SNTP server. With its onboard battery, the AT-9400 Switch can maintain the time even when the unit is powered off or reset.
PAGE 90
Chapter 3: Basic Switch Commands SET USER PASSWORD Syntax set user manager|operator password=password Parameter password Specifies the password. Description This command sets the manager or operator’s password. The default manager password is “friend.” The default operator password is “operator.” The password can be from 0 to 16 alphanumeric characters.
PAGE 91
AT-S63 Management Software Command Line User’s Guide SHOW ASYN Syntax show asyn Parameters None. Description This command displays the settings for the serial terminal port on the switch, used for local management of the device. An example of the display is shown in Figure 28. Asynchronous Port (Console) Information: Baud Rate ................................. Parity .................................... Data bits ................................. Stop bits ................................. Prompt .......
PAGE 92
Chapter 3: Basic Switch Commands SHOW CONFIG DYNAMIC Syntax show config dynamic[=module] Parameters module Displays the settings of a specific switch module. You can specify only one module. For a list of modules, refer to Table 3. Description This command displays the settings of the switch parameters that have been changed from their default values, including those not yet saved to the active boot configuration file. The parameters are displayed in their command line command equivalents.
PAGE 93
AT-S63 Management Software Command Line User’s Guide Table 3.
PAGE 94
Chapter 3: Basic Switch Commands Table 3.
PAGE 95
AT-S63 Management Software Command Line User’s Guide SHOW CONFIG INFO Syntax AlliedWare Plus Command Available show config info Parameters None. Description This command displays the settings of all the switch parameters, including those not yet saved to the active boot configuration file.
PAGE 96
Chapter 3: Basic Switch Commands SHOW SWITCH MODULE Syntax show switch module=1 Parameters None. Description This command displays the same information for stand-alone switches and AT-9400Ts Stacks. An example of the display is shown in Figure 30. Switch Information: Application Software Version ......... Application Software Build Date ...... Bootloader Version ................... Bootloader Build Date ................ MAC Address .......................... VLAN Mode ............................
PAGE 97
AT-S63 Management Software Command Line User’s Guide  MAC address - The MAC address of the switch. This value cannot be changed.  VLAN mode - The switch’s VLAN mode. The three possible VLAN modes are:  User configured (for creating your own port-based and tagged VLANs)  802.1Q-compliant  Non-802.1Q-compliant. The default is user configured. To set a switch’s VLAN mode, refer to “SET SWITCH VLANMODE” on page 657.
PAGE 98
Chapter 3: Basic Switch Commands  Telnet server status - The status of the Telnet server. When the Telnet server is disabled, you cannot remotely manage the switch using the Telnet application protocol. The default setting is enabled. To enable or disable the server, refer to “ENABLE TELNET” on page 68 and “DISABLE TELNET” on page 67.  Telnet insert NULL - The status of the Telnet NULL parameter.
PAGE 99
AT-S63 Management Software Command Line User’s Guide SHOW SYSTEM Syntax AlliedWare Plus Command Available show system Parameters None. Description This command displays the following information:  MAC Address: The MAC address of the switch.  Model Name: The model name of the switch.  Serial Number: The serial number of the switch.  IP Address: The IP address of the local interface.  Subnet Mask: The subnet mask of the local interface.
PAGE 100
Chapter 3: Basic Switch Commands Example The following command displays the above information about the switch: show system AlliedWare Plus Command Syntax show system Modes User Exec mode and Privileged Exec mode Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 101
AT-S63 Management Software Command Line User’s Guide SHOW SYSTEM VERSION Syntax show system version module=id_number|all Parameters module Specifies the ID number of a switch in an AT-9400Ts Stack. You can specify more than one ID number at a time. To specify all of the switches in a stack, use the ALL option. None. Description This command is used to display the version numbers of the AT-S63 Management Software on the master and member switches in an AT-9400Ts Stacks.
PAGE 102
Chapter 3: Basic Switch Commands SHOW TIME Syntax AlliedWare Plus Command Available show time Parameters None. Description This command shows the system’s current date and time. Example The following command shows the system’s date and time. show time AlliedWare Plus Command Syntax show clock Modes User Exec mode and Privileged Exec mode Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 103
Chapter 4 AT-9400Ts Stack Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes AT-9400Ts Stacks Yes  “SET STACK” on page 104  “SHOW STACK” on page 106 Yes Yes 103
PAGE 104
Chapter 4: AT-9400Ts Stack Commands SET STACK Syntax set stack moduleid=value newmoduleid=auto|static|value priority=value Parameters mymoduleid Specifies the switch’s current ID number. To view this number, refer to “SHOW STACK” on page 106. newmoduleid Specifies a new stack ID number for the switch. Options are: priority auto Sets the switch for stand-alone operation. At this setting, the switch uses the BOOT.CFG file as its default configuration file.
PAGE 105
AT-S63 Management Software Command Line User’s Guide Note All of the switches of a stack must have the same type of stack ID number of static or dynamic. A stack will not function if one or more of the module ID numbers are dynamic and others are static. Examples This command assigns the static ID 1 to the switch. The command assumes that the switch’s current module ID number of 1 was set dynamically: set stack moduleid=1 newmoduleid=1 This command assigns to the switch the static ID 4.
PAGE 106
Chapter 4: AT-9400Ts Stack Commands SHOW STACK Syntax AlliedWare Plus Command Available show stack Parameters None. Description This command displays the module ID number of a switch. The command displays different information depending on whether the switch is a standalone unit or the master switch of a functioning stack. Figure 31 is an example of the information from a stand-alone switch.
PAGE 107
AT-S63 Management Software Command Line User’s Guide Figure 32 is an example of the command from the master switch of a functioning stack. The switches in the stack and their module ID numbers are displayed in a table.
PAGE 108
Chapter 4: AT-9400Ts Stack Commands  Priority - The priority number of a switch. The range is 1 to 16. The lower the number, the higher the priority. To set this value, refer to “SET STACK” on page 104. This value only applies when the ID numbers are set automatically.  Mac Address - The MAC address of a switch. Example show stack AlliedWare Plus Command Syntax show stack Modes User Exec mode and Privileged Exec mode Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 109
Chapter 5 Enhanced Stacking Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes  “ACCESS SWITCH” on page 110  “SET SWITCH STACKMODE” on page 112  “SHOW REMOTELIST” on page 114 AT-9400Ts Stacks 109
PAGE 110
Chapter 5: Enhanced Stacking Commands ACCESS SWITCH Syntax access switch number=number|macaddress=macaddress Parameters number Specifies the number of the switch in an enhanced stack that you want to manage. You view this number using the SHOW REMOTELIST command. macaddress Specifies the MAC address of the switch you want to manage. This can also be displayed using the SHOW REMOTELIST command.
PAGE 111
AT-S63 Management Software Command Line User’s Guide Examples The following command starts a management session on switch number 12: access switch number=12 The following command starts a management session on a switch with the MAC address 00:30:84:52:02:11 access switch macaddress=003084520211 Section I: Basic Operations 111
PAGE 112
Chapter 5: Enhanced Stacking Commands SET SWITCH STACKMODE Syntax set switch stackmode=master|slave|unavailable Parameter stackmode Specifies the enhanced stacking mode of the switch. The options are: master Specifies the switch’s stacking mode as master. A master switch must be assigned an IP address and subnet mask. slave Specifies the switch’s stacking mode as slave. A slave does not need an IP address. This is the default setting for a switch.
PAGE 113
AT-S63 Management Software Command Line User’s Guide Example The following command sets the switch’s stacking status to master: set switch stackmode=master Section I: Basic Operations 113
PAGE 114
Chapter 5: Enhanced Stacking Commands SHOW REMOTELIST Syntax show remotelist [sorted by=macaddress|name] Parameter sorted Sorts the list either by MAC address or by name. The default is by MAC address. Description This command displays the list of switches in an enhanced stack. The list does not include the master switch where you started the management session or switches with a stacking status of unavailable.
PAGE 115
AT-S63 Management Software Command Line User’s Guide The following command displays the switches sorted by name: show remotelist sorted by=name Section I: Basic Operations 115
PAGE 116
Chapter 5: Enhanced Stacking Commands 116 Section I: Basic Operations
PAGE 117
Chapter 6 Simple Network Time Protocol (SNTP) Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks  “ADD SNTPSERVER PEER|IPADDRESS” on page 118  “DELETE SNTPSERVER PEER|IPADDRESS” on page 120  “DISABLE SNTP” on page 121  “ENABLE SNTP” on page 122  “PURGE SNTP” on page 123  “
PAGE 118
Chapter 6: Simple Network Time Protocol (SNTP) Commands ADD SNTPSERVER PEER|IPADDRESS Syntax AlliedWare Plus Command Available add sntpserver peer|ipaddress=ipaddress Parameter peer or ipaddress Specifies the IP address of an SNTP server. These parameters are equivalent. Description This command adds the IP address of an SNTP or NTP server to the SNTP client on the switch. The switch uses the SNTP or NTP server to set its date and time. You can specify only one SNTP or NTP server.
PAGE 119
AT-S63 Management Software Command Line User’s Guide Description This command is used to identify the IP address of a SNTP server. The SNTP client is automatically activated after you enter this command. With the other management interfaces you have to use different commands to define the IP address of the server and to activate the client. Example This example defines the IP address of the SNTP server as 148.77.122.
PAGE 120
Chapter 6: Simple Network Time Protocol (SNTP) Commands DELETE SNTPSERVER PEER|IPADDRESS Syntax AlliedWare Plus Command Available delete sntpserver peer|ipaddress=ipaddress Parameter peer or ipaddress Specifies the IP address of an SNTP server. The parameters are equivalent. Description This command deletes the IP address of the SNTP server from the SNTP client software on the switch and returns the parameter to the default value of 0.0.0.0. To view the IP address, refer to “SHOW SNTP” on page 126.
PAGE 121
AT-S63 Management Software Command Line User’s Guide DISABLE SNTP Syntax AlliedWare Plus Command Available disable sntp Parameters None. Description This command is used to disable the SNTP client. The default setting for the SNTP client is disabled.
PAGE 122
Chapter 6: Simple Network Time Protocol (SNTP) Commands ENABLE SNTP Syntax AlliedWare Plus Command Available enable sntp Parameters None. Description This command is used to enable the SNTP client. When the SNTP client is enabled, the switch or stack obtains its date and time from an SNTP server whenever the unit is powered on or reset. To specify the IP address of an NTP server, refer to “ADD SNTPSERVER PEER|IPADDRESS” on page 118. The default setting for the SNTP client is disabled.
PAGE 123
AT-S63 Management Software Command Line User’s Guide PURGE SNTP Syntax purge sntp Parameters None. Description This command clears the SNTP configuration and disables the SNTP client. To disable the SNTP client and retain the configuration, see “DISABLE SNTP” on page 121.
PAGE 124
Chapter 6: Simple Network Time Protocol (SNTP) Commands SET SNTP Syntax AlliedWare Plus Command Available set sntp [dst=enabled|disabled] [pollinterval=value] [utcoffset=value] Parameters dst Enables or disables daylight savings time. pollinterval Specifies the time interval between two successive queries by the STNP client on the switch to the SNTP server. The range is 60 to 1200 seconds. The default is 600 seconds. utcoffset Specifies the time difference in hours between UTC and local time.
PAGE 125
AT-S63 Management Software Command Line User’s Guide To specify the time difference between UTC and local time, in the range 12 to +12 hours: clock timezone plus|minus value Mode Configure Terminal Description This command is used to enable and disable DST, and to specify the time difference between UTC and local time. There is no AlliedWare Plus command for setting the polling interval of the STNP client.
PAGE 126
Chapter 6: Simple Network Time Protocol (SNTP) Commands SHOW SNTP Syntax AlliedWare Plus Command Available show sntp Parameters None. Description This command displays the current settings for the client SNTP software on the switch. An example of the display is shown in Figure 34. SNTP Configuration: Status ........................ Server ........................ UTC Offset .................... Daylight Savings Time (DST) ... Poll Interval ................. Last Delta .................... Disabled 0.0.
PAGE 127
AT-S63 Management Software Command Line User’s Guide Example The following command displays SNTP client software information: show sntp AlliedWare Plus Command Syntax show ntp associations Modes User Exec mode and Privileged Exec mode Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 128
Chapter 6: Simple Network Time Protocol (SNTP) Commands SHOW TIME Syntax AlliedWare Plus Command Available show time Parameters None. Description This command shows the system’s current date and time. Example The following command shows the system’s date and time. show time AlliedWare Plus Command Syntax show clock Modes User Exec mode and Privileged Exec mode Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 129
Chapter 7 SNMPv1 and SNMPv2c Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes Section I: Basic Features  “ADD SNMP COMMUNITY” on page 130  “CREATE SNMP COMMUNITY” on page 133  “DELETE SNMP COMMUNITY” on page 136  “DESTROY SNMP COMMUNITY” on page 139  “DISABLE SNMP” o
PAGE 130
Chapter 7: SNMPv1 and SNMPv2c Commands ADD SNMP COMMUNITY Syntax AlliedWare Plus Command Available add snmp community="community" [traphost=ipaddress] [manager=ipaddress] Parameters community Specifies an existing SNMP community string on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or special character such as an exclamation point. Otherwise, the quotes are optional. traphost Specifies the IP address of a trap receiver.
PAGE 131
AT-S63 Management Software Command Line User’s Guide The following command adds the IP address 149.212.10.11 as a trap receiver to the “public” community string: add snmp community=public traphost=149.212.10.11 AlliedWare Plus Command Syntax snmp-server host ipaddress trap community_string| informs community_string Mode Configure mode Description The IPADDRESS parameter specifies the IP address of a network node to be assigned as a trap receiver or a manager of a community string on the switch.
PAGE 132
Chapter 7: SNMPv1 and SNMPv2c Commands awplus> enable awplus# configure terminal awplus(config)# snmp-server host 152.34.32.18 trap tlpaac awplus(config)# snmp-server host 152.34.32.
PAGE 133
AT-S63 Management Software Command Line User’s Guide CREATE SNMP COMMUNITY Syntax AlliedWare Plus Command Available create snmp community="community" [access=read|write] [open=yes|no|on|off|true|false] [traphost=ipaddress] [manager=ipaddress] Parameters community Specifies a new community string. The maximum length of a community string is 15 alphanumeric characters. Spaces are allowed.
PAGE 134
Chapter 7: SNMPv1 and SNMPv2c Commands Description This command creates a new SNMP community string on the switch. The switch comes with two default community strings, “public,” with an access of read only, and “private,” with an access level of read and write. A switch can support up to eight community strings. The COMMUNITY parameter specifies the new community string. The string can be up to 15 alphanumeric characters. The string is case sensitive.
PAGE 135
AT-S63 Management Software Command Line User’s Guide management station that will use the string: create snmp community=wind11 access=write open=no manager=149.35.24.22 (The OPEN=NO parameter can be omitted from the example because closed status is the default for a new community string.) This command creates a community string called “serv12” with a closed status.
PAGE 136
Chapter 7: SNMPv1 and SNMPv2c Commands DELETE SNMP COMMUNITY Syntax AlliedWare Plus Command Available delete snmp community=”community” traphost=ipaddress manager=ipaddress Parameters community Specifies the SNMP community string on the switch to be modified. The community string must already exist on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or special character, such as an exclamation point. Otherwise, the quotes are optional.
PAGE 137
AT-S63 Management Software Command Line User’s Guide The following command deletes the IP address 149.212.44.45 of a trap receiver from the community string “public.” delete snmp community=public traphost=149.212.44.45 AlliedWare Plus Command Syntax no snmp-server host ipaddress trap community_string| informs community_string Mode Configure mode Description The IPADDRESS parameter specifies the IP address of a network node to be removed as a trap receiver or a manager of a community string.
PAGE 138
Chapter 7: SNMPv1 and SNMPv2c Commands awplus(config)# no snmp-server host 121.172.21.14 trap wadt27 awplus(config)# no snmp-server host 121.172.21.
PAGE 139
AT-S63 Management Software Command Line User’s Guide DESTROY SNMP COMMUNITY Syntax AlliedWare Plus Command Available destroy snmp community="community" Parameter community Specifies an SNMP community string to delete from the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or special character, such as an exclamation point. Otherwise, the quotes are optional. Description This command deletes SNMP community strings from the switch.
PAGE 140
Chapter 7: SNMPv1 and SNMPv2c Commands DISABLE SNMP Syntax AlliedWare Plus Command Available disable snmp Parameters None. Description This command disables SNMP on the switch. You cannot manage the unit from an SNMP management station when SNMP is disabled. The default setting for SNMP is disabled. This command does not affect the status of authentication failure traps. To disable the traps, refer to “DISABLE SNMP AUTHENTICATETRAP” on page 141.
PAGE 141
AT-S63 Management Software Command Line User’s Guide DISABLE SNMP AUTHENTICATETRAP Syntax disable snmp authenticatetrap|authenticate_trap Parameters None. Description This command stops the switch from sending authentication failure traps to trap receivers. However, the switch will continue to send other system traps, such as alarm traps. The default setting for sending authentication failure traps is disabled. The AUTHENTICATETRAP and AUTHENTICATE_TRAP keywords are equivalent.
PAGE 142
Chapter 7: SNMPv1 and SNMPv2c Commands DISABLE SNMP COMMUNITY Syntax disable snmp community="community" Parameter community Specifies an SNMP community string to disable on the switch. This parameter is case sensitive. The string must be enclosed in double quotes if it contains a space or other special character such as an exclamation point. Otherwise, the quotes are optional. Description This command disables a community string on the switch, while leaving SNMP and all other community strings active.
PAGE 143
AT-S63 Management Software Command Line User’s Guide ENABLE SNMP Syntax AlliedWare Plus Command Available enable snmp Parameters None. Description This command activates SNMP on the switch so that you can remotely manage the unit with an SNMP application program from a management station on your network. It also enables the switch to send SNMP traps to trap receivers. The default setting for SNMP on the switch is disabled. This command does not affect the status of authentication failure traps.
PAGE 144
Chapter 7: SNMPv1 and SNMPv2c Commands ENABLE SNMP AUTHENTICATETRAP Syntax enable snmp authenticatetrap|authenticate_trap Parameters None. Description This command configures the switch to send authentication failure traps to trap receivers.
PAGE 145
AT-S63 Management Software Command Line User’s Guide ENABLE SNMP COMMUNITY Syntax enable snmp community="community" Parameter community Specifies an SNMP community string. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or other special character such as an exclamation point. Otherwise, the quotes are optional. Description This command activates a community string on the switch. The default setting for a new community string is enabled.
PAGE 146
Chapter 7: SNMPv1 and SNMPv2c Commands SET SNMP COMMUNITY Syntax set snmp community="community" [access=read|write] [open=yes|no|on|off|true|false] Parameters community Specifies the SNMP community string whose access level or access status is to be changed. This community string must already exist on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or other special character such as an exclamation point. Otherwise, the quotes are optional.
PAGE 147
AT-S63 Management Software Command Line User’s Guide Examples The following command changes the access status for the SNMP community string “sw44” to closed: set snmp community=sw44 open=no The following command changes the access level for the SNMP community string “serv12” to read and write with open access: set snmp community=serv12 access=write open=yes Section I: Basic Features 147
PAGE 148
Chapter 7: SNMPv1 and SNMPv2c Commands SHOW SNMP Syntax AlliedWare Plus Command Available show snmp [community="community"] Parameter community Specifies a community string on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or other special character such as an exclamation point. Otherwise, the quotes are optional. Default community strings are “public” and “private.
PAGE 149
AT-S63 Management Software Command Line User’s Guide string that has a closed access status. (Management station IP addresses are displayed only when you specify a specific community string using the COMMUNITY parameter in this command.) To add IP addresses of management stations to a community string, refer to “ADD SNMP COMMUNITY” on page 130.  Trap receiver IP addresses - These are the IP addresses of management stations to receive SNMP traps from the switch.
PAGE 150
Chapter 7: SNMPv1 and SNMPv2c Commands 150 Section I: Basic Features
PAGE 151
Chapter 8 Port Parameter Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “ACTIVATE SWITCH PORT” on page 152  “DISABLE INTERFACE LINKTRAP” on page 153  “DISABLE SWITCH PORT” on page 154  “DISABLE SWITCH PORT FLOW” on page 155  “ENABLE INTERFACE LINKTRAP” on page 157
PAGE 152
Chapter 8: Port Parameter Commands ACTIVATE SWITCH PORT Syntax activate switch port=port autonegotiate Parameter port Specifies a port. You can activate more than one port at a time. Description This command prompts a port that is using Auto-Negotiation to renegotiate its settings with its end node. The command can be helpful if you believe that a port and an end node have not successfully negotiated their settings.
PAGE 153
AT-S63 Management Software Command Line User’s Guide DISABLE INTERFACE LINKTRAP Syntax disable interface=port linktrap Parameter port Specifies the port on which you want to disable SNMP link traps. You can configure more than one port at a time. Description This command disables SNMP link traps on a port. When disabled, the switch does not send an SNMP link trap when there is a change to the status of a link on a port.
PAGE 154
Chapter 8: Port Parameter Commands DISABLE SWITCH PORT Syntax AlliedWare Plus Command Available disable switch port=port Parameter port Specifies the port to disable. You can disable more than one port at a time. Description This command disables a port. When a port is disabled, it stops forwarding traffic. The default setting for a port is enabled.
PAGE 155
AT-S63 Management Software Command Line User’s Guide DISABLE SWITCH PORT FLOW Syntax AlliedWare Plus Command Available disable switch port=port flow=pause Parameter port Specifies the port where you want to deactivate flow control. You can configure more than one port at a time. Description This command deactivates flow control on a port. Flow control only applies to ports operating in full duplex mode.
PAGE 156
Chapter 8: Port Parameter Commands This example deactivates flow control on port 19: awplus> enable awplus# configure terminal awplus(config)# interface 19 awplus(config-if)# flowcontrol receive off 156 Section I: Basic Operations
PAGE 157
AT-S63 Management Software Command Line User’s Guide ENABLE INTERFACE LINKTRAP Syntax enable interface=port linktrap Parameter port Specifies the port on which you want to enable SNMP link traps. You can configure more than one port at a time. Description This command activates SNMP link traps on the port. When enabled, the switch sends an SNMP link trap to an SNMP trap receiver whenever there is a change to the status of a link on a port.
PAGE 158
Chapter 8: Port Parameter Commands ENABLE SWITCH PORT Syntax AlliedWare Plus Command Available enable switch port=port Parameter port Specifies the port to enable. You can configure more than one port at a time. Description This command enables a port. When a port is enabled, it forwards traffic. The default setting for a port is enabled.
PAGE 159
AT-S63 Management Software Command Line User’s Guide ENABLE SWITCH PORT FLOW Syntax AlliedWare Plus Command Available enable switch port=port flow=pause Parameter port Specifies the port where you want to activate flow control. You can configure more than one port at a time. Description This command activates flow control on a port. Flow control only applies to ports operating in full duplex mode.
PAGE 160
Chapter 8: Port Parameter Commands PURGE SWITCH PORT Syntax purge switch port=port Parameters port Specifies the port whose parameter settings are to be returned to the default values. You can configure more than one port at a time. Description This command returns all of the parameter settings of a port to the factory default values. To reset a port and retain its settings, use “RESET SWITCH PORT” on page 161.
PAGE 161
AT-S63 Management Software Command Line User’s Guide RESET SWITCH PORT Syntax reset switch port=port Parameter port Specifies the port to reset. You can reset more than one port at a time. Description This command resets a port. The reset takes less that a second to complete. You might reset a port if it is experiencing a problem establishing a link with its end node. The port retains its current operating parameter settings.
PAGE 162
Chapter 8: Port Parameter Commands SET SWITCH PORT Syntax AlliedWare Plus Command Available set switch port=port [description=”description”] [status=enabled|disabled] [speed=autonegotiate|10mhalf|10mfull|100mhalf|100mfull| 1000mfull] [mdimode=mdi|mdix|auto] [flowcontrol=disable|enable|auto] [fctrllimit=value] [backpressure=yes|no|on|off|true|false|enabled| disabled] [bplimit=value] [holbplimit=value] [renegotiation=auto] [softreset] Parameters port Specifies the port to be configured.
PAGE 163
AT-S63 Management Software Command Line User’s Guide 10mfull 10 Mbps and full-duplex mode. 100mhalf 100 Mbps and half-duplex mode. 100mfull 100 Mbps and full-duplex mode. 1000mfull 1000 Mbps and full-duplex mode. (Applies only to 1000Base SFP and GBIC modules. This selection should not be used. An SFP or GBIC module should use Auto-Negotiation to set its speed and duplex mode.) Note A 10/100/1000Base-T twisted pair port must be set to Auto-Negotiation to operate at 1000 Mbps.
PAGE 164
Chapter 8: Port Parameter Commands yes, on, true, enabled Activates backpressure on the port. These options are equivalent. no, off, false, disabled Deactivates backpressure on the port. This is the default. These options are equivalent. bplimit Specifies the number of cells for backpressure. A cell represents 128 bytes. The range is 1 to 7935 cells. The default value is 7935 cells. holbplimit Specifies the threshold at which the switch signals a head of line blocking event on a port.
PAGE 165
AT-S63 Management Software Command Line User’s Guide The following command resets port 5: set switch port=5 softreset Equivalent Commands disable switch port=port For information, see “DISABLE SWITCH PORT” on page 154. disable switch port=port flow=pause For information, see “DISABLE SWITCH PORT FLOW” on page 155. enable switch port=port For information, see “ENABLE SWITCH PORT” on page 158. enable switch port=port flow=pause For information, see “ENABLE SWITCH PORT FLOW” on page 159.
PAGE 166
Chapter 8: Port Parameter Commands To enable or disable flow control: flowcontrol receive|send on|off To enable or disable backpressure: flowcontrol backpressure on|off To specify the threshold for flow control and backpressure: bplimit value or fctrllimit value To specify the threshold for head of line blocking events: holbplimit value To prompt a port set to Auto-Negotiation to renegotiate its speed and duplex mode with an end node.
PAGE 167
AT-S63 Management Software Command Line User’s Guide awplus(config-if)# speed auto This example sets the wiring configuration for port 28 to MDI: awplus> enable awplus# configure terminal awplus(config)# interface 28 awplus(config-if)# polarity mdi This example activates backpressure on port 15: awplus> enable awplus# configure terminal awplus(config)# interface 15 awplus(config-if)# flowcontrol backpressure on This example activates flow control on ports 11 and 18: awplus> enable awplus# configure term
PAGE 168
Chapter 8: Port Parameter Commands awplus# configure terminal awplus(config)# interface 3 awplus(config-if)# shutdown This example enables port 5: awplus> enable awplus# configure terminal awplus(config)# interface 5 awplus(config-if)# no shutdown This example sets the head of line blocking threshold on port 9 to 5,000 cells: awplus> enable awplus# configure terminal awplus(config)# interface 9 awplus(config-if)# holbplimit 5000 This example activates flow control on ports 18 to 21 and 24: awplus> enabl
PAGE 169
AT-S63 Management Software Command Line User’s Guide SET SWITCH PORT FILTERING Syntax AlliedWare Plus Command Available set switch port=port [bcastfiltering=yes|no|on|off|true|false|enabled| disabled] [bcastegressfiltering=yes|no|on|off|true|false|enabled| disabled] [unkmcastfiltering=yes|no|on|off|true|false] [unkmcastegressfiltering=yes|no|on|off|true|false] [unkucastfiltering=yes|no|on|off|true|false] [unkucastegressfiltering=yes|no|on|off|true|false] Parameters port Specifies the port you want to co
PAGE 170
Chapter 8: Port Parameter Commands unknown ingress multicast frames. These options are equivalent. no, off, false, disabled The port forwards all unknown ingress multicast frames. This is the default. These options are equivalent. unkmcastegressfiltering Controls the unknown egress multicast frame filter. The options are: yes, on, true, enabled The port discards all unknown egress multicast frames. These options are equivalent. no, off, false, disabled The port forwards all unknown egress multicast frames.
PAGE 171
AT-S63 Management Software Command Line User’s Guide Description This command discards ingress and egress broadcast packets as well as unknown unicast and multicast packets on a port. When you activate this feature on a port, the port discards all ingress or egress packets of the type specified. The default setting for each type of packet filter is disabled.
PAGE 172
Chapter 8: Port Parameter Commands Mode Port Interface mode Description These AlliedWare Plus commands are equivalent to the standard command. Examples This example activates the ingress broadcast filter on ports 18 and 21.
PAGE 173
AT-S63 Management Software Command Line User’s Guide SET SWITCH PORT RATELIMITING Syntax AlliedWare Plus Command Available set switch port=port [bcastratelimiting=yes|no|on|off|true|false|enabled| disabled] [bcastrate=value] [mcastratelimiting=yes|no|on|off|true|false|enabled| disabled] [mcastrate=value] [unkucastratelimiting=yes|no|on|off|true|false|enabled| disabled] [unkucastrate=value] Parameters port Specifies the port you want to configure.
PAGE 174
Chapter 8: Port Parameter Commands no, off, false, disabled mcastrate Deactivates multicast packet rate limit on the port. This is the default. The options are equivalent. Specifies the maximum number of ingress multicast packets a switch port accepts each second. The range is 0 to 262,143 packets. The default is 262,143 packets. unkucastratelimiting Enables or disables rate limit for unknown ingress unicast packets.
PAGE 175
AT-S63 Management Software Command Line User’s Guide set switch port=15,17 unkucastratelimiting=yes unkucastrate=150000 The following command disables the rate limiting feature for ingress broadcast packets on port 24: set switch port=24 bcastratelimiting=no AlliedWare Plus Command Syntax To activate rate limiting for broadcast packets: storm-control broadcast level value To activate rate limiting for multicast packets: storm-control multicast level value To activate rate limiting for unknown unicast
PAGE 176
Chapter 8: Port Parameter Commands awplus(config-if)# storm-control multicast level 100000 This example sets a threshold of 200,000 packets per second for ingress unknown unicast packets on ports 15 and 17: awplus> enable awplus# configure terminal awplus(config)# interface 15,17 awplus(config-if)# storm-control dlf level 200000 This example disables broadcast rate limiting on port 12: awplus> enable awplus# configure terminal awplus(config)# interface 12 awplus(config-if)# no storm-control broadcast Th
PAGE 177
AT-S63 Management Software Command Line User’s Guide SHOW INTERFACE Syntax show interface[=port] Parameter port Specifies the port whose interface information you want to display. You can display more than one port at a time. To display all of the ports, do not include a port number. Description This command displays the contents of the interface MIB for a specific port. An example of the information displayed by this command is shown in Figure 35. ifIndex.............................. ifMtu............
PAGE 178
Chapter 8: Port Parameter Commands unknown - The port status is unknown.  ifLinkUpDownTrapEnable - Whether or not link traps have been enabled for the port, one of the following: Enabled - Link traps are enabled. To disable link traps, see “DISABLE INTERFACE LINKTRAP” on page 153. Disabled - Link traps are disabled. To enable link traps, see “ENABLE INTERFACE LINKTRAP” on page 157.
PAGE 179
AT-S63 Management Software Command Line User’s Guide SHOW SWITCH PORT Syntax AlliedWare Plus Command Available show switch port[=port] Parameter port Specifies the port whose parameter settings you want to view. You can display more than one port at a time. To display all of the ports, do not include a port number. Description This command displays a port’s current operating specifications, such as speed and duplex mode. The command displays the following port information.
PAGE 180
Chapter 8: Port Parameter Commands 180  Actual Speed/Duplex - Displays the current operating speed and duplex mode of a port. This field displays no value (—) if the port does not have a link to an end node or has been disabled.  Actual MDI Crossover- Displays the current operating MDI/MDIX setting of a twisted pair port. This field displays no value (—) if the port does not have a link to an end node or has been disabled. This field does not apply to a fiber optic port.
PAGE 181
AT-S63 Management Software Command Line User’s Guide egress multicast packets. The default is disabled. To configure this parameter, refer to “SET SWITCH PORT FILTERING” on page 169. Section I: Basic Operations  Unknown Unicast Ingress Filtering - Displays the status of unknown ingress unicast filtering. If enabled, the port discards all unknown ingress unicast packets. The default is disabled. To configure this parameter, refer to “SET SWITCH PORT FILTERING” on page 169.
PAGE 182
Chapter 8: Port Parameter Commands queue for storing the packets. If this parameter is displaying Yes, the switch ignores the priority level in tagged packets and uses the priority level assigned to the port to determine the egress queue. The default setting is No. At the default setting the priority level in tagged packets is used to determine the appropriate egress queue. To set this parameter, refer to “SET SWITCH PORT PRIORITY OVERRIDEPRIORITY” on page 368.
PAGE 183
AT-S63 Management Software Command Line User’s Guide Port #11 Information: Port Description ..................... Port Type ............................ Status ............................... Link State ........................... Configured Speed/Duplex .............. Configured MDI Crossover ............. Actual Speed/Duplex .................. Actual MDI Crossover ................. Flow Control Status .................. Flow Control Threshold ............... Backpressure Status ..................
PAGE 184
Chapter 8: Port Parameter Commands Modes User Exec mode and Privileged Exec mode Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 185
Chapter 9 Port Statistics Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “RESET SWITCH PORT COUNTER” on page 186  “SHOW SWITCH MODULE COUNTER” on page 187  “SHOW SWITCH PORT COUNTER” on page 190 185
PAGE 186
Chapter 9: Port Statistics Commands RESET SWITCH PORT COUNTER Syntax reset switch port=port counter Parameter port Specifies the port whose statistics counters you want to return to zero. You can specify more than one port in the command. Description This command returns a port’s statistics counters to zero.
PAGE 187
AT-S63 Management Software Command Line User’s Guide SHOW SWITCH MODULE COUNTER Syntax show switch module=id_number counter Parameters module Specifies the stack ID number of a switch. For a stand-alone switch, this number is 1. You can specify only one ID number at a time. To determine the stack ID number of a switch, refer to “SHOW STACK” on page 106. Description This command is used to display the operating statistics for stand-alone switches and for master and member switches in an AT-9400Ts Stack.
PAGE 188
Chapter 9: Port Statistics Commands Bcast Frames Rx Number of broadcast frames received by the switch. Bcast Frames Tx Number of broadcast frames transmitted by the switch. Mcast Frames Rx Number of multicast frames received by the switch. Mcast Frames Tx Number of multicast frames transmitted by the switch. Frames 64 Frames 65-127 Frames 128-255 Frames 256-511 Frames 512-1023 Frames 1024-1518 Frames 1519-1522 Number of frames transmitted from the switch, grouped by size.
PAGE 189
AT-S63 Management Software Command Line User’s Guide Dropped Frames Number of frames successfully received and buffered by the switch, but discarded and not forwarded.
PAGE 190
Chapter 9: Port Statistics Commands SHOW SWITCH PORT COUNTER Syntax AlliedWare Plus Command Available show switch port=port counter Parameter port Specifies the port whose statistics you want to view. You can specify more than one port at a time. To view all ports, do not specify a port. Description This command displays the operating statistics for a port on the switch. Examples of the statistics include the number of packets transmitted and received, and the number of CRC errors.
PAGE 191
Chapter 10 MAC Address Table Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “ADD SWITCH FDB|FILTER” on page 192  “DELETE SWITCH FDB|FILTER” on page 194  “RESET SWITCH FDB” on page 197  “SET SWITCH AGINGTIMER|AGEINGTIMER” on page 198  “SHOW SWITCH AGINGTIMER|AGEINGT
PAGE 192
Chapter 10: MAC Address Table Commands ADD SWITCH FDB|FILTER Syntax AlliedWare Plus Command Available add switch fdb|filter destaddress|macaddress=macaddress port=port vlan=vlan-name|vid Note The FDB and FILTER keywords are equivalent. Parameters destaddress or macaddress Specifies the static unicast or multicast address to be added to the switch’s MAC address table. The parameters are equivalent.
PAGE 193
AT-S63 Management Software Command Line User’s Guide The following command adds the multicast MAC address 01:00:51:00:00 10 to ports 1 to 5 in the Engineering VLAN: add switch fdb macaddress=01:00:51:00:00:10 port=1-5 vlan=Engineering AlliedWare Plus Command Syntax mac address-table static macaddress port vlan-name|vid Mode Configure mode Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 194
Chapter 10: MAC Address Table Commands DELETE SWITCH FDB|FILTER Syntax 1 AlliedWare Plus Command Available delete switch fdb|filter macaddress|destaddress=macaddress vlan=name|vid Syntax 2 delete switch fdb|filter type|status=static|staticunicast|staticmulticast|dynamic| dynamicunicast|dynamicmulticast Note The FDB and FILTER keywords are equivalent. Parameters macaddress or Deletes a dynamic or static unicast or multicast MAC destaddress address from the MAC address table.
PAGE 195
AT-S63 Management Software Command Line User’s Guide dynamicmulticast Deletes all dynamic multicast addresses. Description This command is used to delete dynamic and static unicast and multicast addresses from the switch’s MAC address table. The command has two syntaxes. The first syntax is used to delete specific MAC addresses from the table and the second syntax is used to delete general types of addresses. Note You cannot delete a switch’s MAC address, an STP BPDU MAC address, or a broadcast address.
PAGE 196
Chapter 10: MAC Address Table Commands command, unlike the standard command, does not have options to delete specific types of MAC addresses.
PAGE 197
AT-S63 Management Software Command Line User’s Guide RESET SWITCH FDB Syntax reset switch fdb [port=port] Parameter port Specifies the port whose dynamic MAC addresses are to be deleted from the MAC address table. You can specify more than one port at a time. Description You use this command to delete all the dynamic MAC addresses in the MAC address table or the addresses learned on a specific port. After a port’s dynamic MAC addresses have been deleted, the port begins to learn new addresses.
PAGE 198
Chapter 10: MAC Address Table Commands SET SWITCH AGINGTIMER|AGEINGTIMER Syntax AlliedWare Plus Command Available set switch agingtimer|ageingtimer=value Parameter agingtimer or ageingtimer Specifies the aging timer for the MAC address table. The value is in seconds. The range is 0 to 1048575. The default is 300 seconds (5 minutes). The parameters are equivalent.
PAGE 199
AT-S63 Management Software Command Line User’s Guide Description These AlliedWare Plus commands are equivalent to the standard command.
PAGE 200
Chapter 10: MAC Address Table Commands SHOW SWITCH AGINGTIMER|AGEINGTIMER Syntax AlliedWare Plus Command Available show switch agingtimer|ageingtimer Parameters None. Description This command displays the current setting for the aging timer. The switch uses the aging timer to delete inactive dynamic MAC addresses from the MAC address table. To set the aging timer, refer to “SET SWITCH AGINGTIMER|AGEINGTIMER” on page 198. Figure 38 illustrates the information displayed by this command.
PAGE 201
AT-S63 Management Software Command Line User’s Guide SHOW SWITCH FDB Syntax AlliedWare Plus Command Available show switch fdb [macaddress|destaddress=macaddress] [port=port] [type|status=static|staticunicast| staticmulticast|dynamic|dynamicunicast|dynamicmulticast] [vlan=name] [module=value] Parameters address Specifies a MAC address. Use this parameter to determine the port on the switch on which a particular MAC address was learned (dynamic) or assigned (static).
PAGE 202
Chapter 10: MAC Address Table Commands Note You can specify more than one parameter in the command. Description This command displays the unicast and multicast MAC addresses learned or assigned to the ports on the switch and stored in the switch’s MAC address table. If you are managing an AT-9400 Stack, this command displays the MAC address table on the master switch. However, you can use the MODULE parameter to view the MAC address tables of member switches.
PAGE 203
AT-S63 Management Software Command Line User’s Guide Figure 40 is an example of a multicast address. Multicast Switch Forwarding Database Total Number of MCAST MAC Addresses: 1 MAC Address VLANID Type Port Maps (U:Untagged T:Tagged) ---------------------------------------------------------------01:00:51:00:00:01 1 Static U:1-4 T: Figure 40. SHOW SWITCH FDB Command - Multicast Addresses The columns are defined here:  MAC Address - The static or dynamic unicast MAC address.
PAGE 204
Chapter 10: MAC Address Table Commands The following command displays the MAC addresses learned on the ports in the Sales VLAN: show switch fdb vlan=sales The following command displays the static MAC addresses on port 17: show switch fdb port=17 type=static The following command displays the MAC address table for a switch with the stack ID 2 in an AT-9400 Stack: show switch fdb module=2 AlliedWare Plus Command Syntax show mac address-table Modes User Exec mode and Privileged Exec mode Description Th
PAGE 205
Chapter 11 Static Port Trunking Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “ADD SWITCH TRUNK” on page 206  “CREATE SWITCH TRUNK” on page 208  “DELETE SWITCH TRUNK” on page 212  “DESTROY SWITCH TRUNK” on page 214  “SET SWITCH TRUNK” on page 215  “SHOW SWITCH
PAGE 206
Chapter 11: Static Port Trunking Commands ADD SWITCH TRUNK Syntax AlliedWare Plus Command Available add switch trunk=name [tgid=id_number] port=port Parameters trunk Specifies the name of the static port trunk to be modified. tgid Specifies the ID number of the static port trunk to be modified. The range is 1 to 6. This parameter is optional. port Specifies the port to be added to the port trunk. You can add more than one port at a time.
PAGE 207
AT-S63 Management Software Command Line User’s Guide Example The following command adds port 5 to a port trunk called load22: add switch trunk=load22 port=5 AlliedWare Plus Command Section I: Basic Operations The AlliedWare Plus command used to add ports to static port trunks is the same command used to create new trunks. For instructions, refer to the AlliedWare Plus command in “CREATE SWITCH TRUNK” on page 208.
PAGE 208
Chapter 11: Static Port Trunking Commands CREATE SWITCH TRUNK Syntax AlliedWare Plus Command Available create switch trunk=name port=ports [select=macsrc|macdest|macboth|ipsrc|ipdest|ipboth] Parameters trunk Specifies the name of the trunk. The name can be up to 16 alphanumeric characters. No spaces or special characters are allowed. port Specifies the ports to be added to the port trunk. select Specifies the load distribution method. Options are: macsrc Source MAC address.
PAGE 209
AT-S63 Management Software Command Line User’s Guide AT-S63 Management Software copies the settings of the lowest numbered port in the trunk to the other ports so that all the settings are the same. You should also check to be sure that the ports are untagged members of the same VLAN. You cannot create a trunk of ports that are untagged members of different VLANs. Note All ports in a trunk must operate at the same speed.
PAGE 210
Chapter 11: Static Port Trunking Commands Modes To create a static port trunk or to add ports to an existing trunk: Port Interface mode To change the load distribution method: Static Port Trunk Interface mode Description These commands are used to create new static port trunks, to add ports to existing trunks, and to change the load distribution methods of trunks. If you specify an unused trunk ID number, the command creates a new static port trunk.
PAGE 211
AT-S63 Management Software Command Line User’s Guide Examples This example creates a new static port trunk of ports 11 and 12, with the ID number 2 and the load distribution method of source MAC addresses.
PAGE 212
Chapter 11: Static Port Trunking Commands DELETE SWITCH TRUNK Syntax AlliedWare Plus Command Available delete switch trunk=name port=port Parameters trunk Specifies the name of the static port trunk to be modified. port Specifies the port to be removed from the existing port trunk. You can remove more than one port at a time. Description This command removes ports from a static port trunk. To completely remove a port trunk from a switch, see “DESTROY SWITCH TRUNK” on page 214.
PAGE 213
AT-S63 Management Software Command Line User’s Guide Description This AlliedWare Plus command is used both to remove ports from static port trunks and to delete trunks. A trunk is automatically deleted when you remove all of its ports. Example These commands remove ports 22 and 23 from a port trunk that has the TGID number 4.
PAGE 214
Chapter 11: Static Port Trunking Commands DESTROY SWITCH TRUNK Syntax AlliedWare Plus Command Available destroy switch trunk=name Parameter trunk Specifies the name of the trunk to be deleted. Description This command deletes a static port trunk from a switch. After a port trunk has been deleted, the ports that made up the trunk can be connected to different end nodes. Caution Disconnect the cables from the port trunk on the switch before destroying the trunk.
PAGE 215
AT-S63 Management Software Command Line User’s Guide SET SWITCH TRUNK Syntax AlliedWare Plus Command Available set switch trunk=name select=macsrc|macdest|macboth|ipsrc|ipdest|ipboth Parameters trunk Specifies the name of the static port trunk. select Specifies the load distribution method. Options are: macsrc Source MAC address. macdest Destination MAC address. macboth Source address/destination MAC address. ipsrc Source IP address. ipdest Destination IP address.
PAGE 216
Chapter 11: Static Port Trunking Commands Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 217
AT-S63 Management Software Command Line User’s Guide SHOW SWITCH TRUNK Syntax AlliedWare Plus Command Available show switch trunk Parameters None. Description This command displays the names, ports, and load distribution methods of the static port trunks on the switch. An example of the command is shown in Figure 41. Trunk group ID ............ Trunk status ........... Trunk group name ....... Trunk method ........... Ports .................. 2 UP Server11 SRC/DST MAC 12-16 Figure 41.
PAGE 218
Chapter 11: Static Port Trunking Commands Example show switch trunk AlliedWare Plus Command Syntax show static-channel-group Modes User Exec mode and Privileged Exec mode Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 219
Chapter 12 LACP Port Trunking Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “ADD LACP PORT” on page 220  “CREATE LACP AGGREGATOR” on page 222  “DELETE LACP PORT” on page 224  “DESTROY LACP AGGREGATOR” on page 226  “DISABLE LACP” on page 227  “ENABLE LACP” on pa
PAGE 220
Chapter 12: LACP Port Trunking Commands ADD LACP PORT Syntax AlliedWare Plus Command Available add lacp aggregator=name port=port Parameters aggregator Specifies the name of the aggregator. The name is case-sensitive. port Specifies the port to add to the aggregator. You can add more than one port at a time. Description This command adds ports to an existing aggregator. You must identify the aggregator by its name.
PAGE 221
AT-S63 Management Software Command Line User’s Guide AlliedWare Plus Command Syntax channel-group integer Mode Port Interface mode Description This command is used to create new aggregators and to add ports to existing aggregators. This differs from the standard command line interface which has different commands for these two functions. If you specify an unused name, the command creates a new aggregator.
PAGE 222
Chapter 12: LACP Port Trunking Commands CREATE LACP AGGREGATOR Syntax AlliedWare Plus Command Available create lacp aggregator=name|adminkey=0xkey port=port [distribution=macsrc|macdest|macboth|ipsrc|ipdest|ipboth] Parameters aggregator Specifies a name for the new aggregator. The name can be up to 20 alphanumeric characters. No spaces or special characters are allowed. If no name is specified, the default name is DEFAULT_AGG followed by a number.
PAGE 223
AT-S63 Management Software Command Line User’s Guide  When you create a new aggregator by specifying a name, the adminkey is based on the operator key of the lowest numbered port in the aggregator.  When you create an aggregator by specifying an adminkey, the aggregator’s default name is DEFAULT_AGG followed by the port number of the lowest numbered port in the aggregator. For instance, an aggregator of ports 12 to 16 is given the name DEFAULT_AGG12.
PAGE 224
Chapter 12: LACP Port Trunking Commands DELETE LACP PORT Syntax AlliedWare Plus Command Available delete lacp aggregator=name port=port Parameters aggregator Specifies the name of the aggregator. The name is case-sensitive. port Specifies the port to delete from an aggregator. You can delete more than one port at a time. Description This command removes a port from an aggregator. You must identify the aggregator by its name.
PAGE 225
AT-S63 Management Software Command Line User’s Guide Mode Port Interface mode Description This command is used to remove ports from the aggregators and to delete the aggregators. You delete an aggregator by deleting all of its ports This differs from the other command line interface where there are different commands for removing ports and for deleting aggregators. Deleting the last aggregator on a switch deactivates LACP. Example These commands delete ports 11 and 12 from an aggregator named ‘po2’.
PAGE 226
Chapter 12: LACP Port Trunking Commands DESTROY LACP AGGREGATOR Syntax AlliedWare Plus Command Available destroy lacp aggregator=name|adminkey=0xkey Parameter aggregator Specifies the name of the aggregator. The name is case-sensitive. adminkey Specifies the adminkey number of the aggregator. This is a hexadecimal number between 0x1 and 0xffff. Description This command deletes an LACP aggregator from the switch. You can identify the aggregator by its name or adminkey number.
PAGE 227
AT-S63 Management Software Command Line User’s Guide DISABLE LACP Syntax AlliedWare Plus Command Available disable lacp Parameters None. Description This command disables LACP on the switch. The default is disabled. Caution Do not disable LACP if there are defined aggregators without first disconnecting all cables connected to the aggregate trunk ports. Otherwise, a network loop may occur, resulting in a broadcast storm and poor network performance.
PAGE 228
Chapter 12: LACP Port Trunking Commands ENABLE LACP Syntax AlliedWare Plus Command Available enable lacp Parameters None. Description This command activates LACP on the switch. The default is disabled. Example The following command activates LACP: enable lacp Equivalent Command set lacp state=enable For information, see “SET LACP STATE” on page 232. AlliedWare Plus Command 228 The AlliedWare Plus command interface does not have a separate command to enable LACP.
PAGE 229
AT-S63 Management Software Command Line User’s Guide SET LACP AGGREGATOR Syntax set lacp aggregator=name|adminkey=key [distribution=macsrc|macdest|macboth|ipsrc|ipdest|ipboth] Parameters aggregator Specifies the name of the aggregator you want to modify. The name is case-sensitive. adminkey Specifies the adminkey number of the aggregator you want to modify. This is a hexadecimal number between 0x1 and 0xffff.
PAGE 230
Chapter 12: LACP Port Trunking Commands The following command changes the load distribution method of an LACP aggregator with the adminkey 0x22 to the destination MAC address method: set lacp adminkey=0x22 distribution=macdest 230 Section I: Basic Operations
PAGE 231
AT-S63 Management Software Command Line User’s Guide SET LACP SYSPRIORITY Syntax set lacp syspriority=0xpriority Parameters syspriority Specifies the LACP system priority value for a switch. This is a hexadecimal value from 0x1 to 0xffff. The lower the number, the higher the priority. The default is 0x0080. Description This command sets the LACP priority of the switch.
PAGE 232
Chapter 12: LACP Port Trunking Commands SET LACP STATE Syntax AlliedWare Plus Command Available set lacp state=enable|disable Parameters state Specifies the state of LACP on the switch. The options are: enable Enables LACP. disable Disables LACP. This is the default. Description This command is used to enable or disable LACP on the switch. Caution If there are aggregators defined on the switch, do not disable LACP until you have disconnected all the cables from the aggregate trunk ports.
PAGE 233
AT-S63 Management Software Command Line User’s Guide SHOW LACP Syntax AlliedWare Plus Command Available show lacp [port=port] [aggregator] [machine=port] Parameter port Specifies the port(s) to display. aggregator Displays information about the aggregators. machine Specifies the LACP machine state for a port or ports on the system. Description This command is used to display the configuration and/or machine states of the ports, and/or the aggregators.
PAGE 234
Chapter 12: LACP Port Trunking Commands Port ............. 05 Aggregator ....... LACP sw22 ACTOR PARTNER ============================================ Actor Port ............. 05 Partner Port ......... Selected ............... SELECTED Partner System ....... Oper Key ............... 0xf705 Oper Key ............ Oper Port Priority .... 0x0005 Oper Port Priority ... Individual ............. NO Individual ........... Synchronized............ YES Synchronized.......... Collecting ............ YES Collecting ...
PAGE 235
AT-S63 Management Software Command Line User’s Guide The following command displays the LACP machine states for each port on the system: show lacp machine AlliedWare Plus Command Syntax show etherchannel Mode User Exec mode and Privileged Exec mode Description This AlliedWare Plus command displays a combination of the information of the SHOW LACP command without the optional parameters and the information from the AGGREGRATOR parameter.
PAGE 236
Chapter 12: LACP Port Trunking Commands 236 Section I: Basic Operations
PAGE 237
Chapter 13 Port Mirroring Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “SET SWITCH MIRROR” on page 238  “SET SWITCH PORT MIRROR” on page 239  “SHOW SWITCH MIRROR” on page 241 237
PAGE 238
Chapter 13: Port Mirroring Commands SET SWITCH MIRROR Syntax AlliedWare Plus Command Available set switch mirror=port Parameter mirror Specifies the destination port for the port mirror. This is the port where the traffic from the source ports is copied. You can specify only one port as the destination port. Specifying “0” (zero) stops port mirroring so that the destination port can again be used as a normal networking port.
PAGE 239
AT-S63 Management Software Command Line User’s Guide SET SWITCH PORT MIRROR Syntax AlliedWare Plus Command Available set switch port=port mirror=none|rx|tx|both Parameters port Specifies a source port of a port mirror. You can specify more than one port. For instructions, refer to “Port Numbers in Commands” on page 48. mirror Specifies the traffic on the source ports to be mirrored to the destination port. The options are: rx Specifies ingress mirroring. tx Specifies egress mirroring.
PAGE 240
Chapter 13: Port Mirroring Commands AlliedWare Plus Command Syntax To create a port mirror or to add ports to an existing port mirror: interface destination_port mirror interface source_ports direction receive|transmit|both To remove ports from a port mirror or to disable port mirroring: interface source_ports no mirror interface Mode Port Interface mode Description To stop port mirroring with the AlliedWare Plus commands and to return the destination port to normal network operations, remove all of th
PAGE 241
AT-S63 Management Software Command Line User’s Guide SHOW SWITCH MIRROR Syntax AlliedWare Plus Command Available show switch mirror Parameters None. Description This command displays the source and destination ports of the port mirror on the switch. An example is shown in Figure 45. Port Mirroring: Mirroring State ..................... Mirror-To (Destination) Port ........ Ingress (Rx) Mirror (Source) Ports .. Egress (Tx) Mirror (Source) Ports ... Enabled 22 1,3 1,3,11-13 Figure 45.
PAGE 242
Chapter 13: Port Mirroring Commands AlliedWare Plus Command Syntax show mirror Modes User Exec mode and Privileged Exec mode Description This AlliedWare Plus command displays the same information as the standard command, but in a different format. Here is an example. The Mirror Test Port is the destination port of the port mirror. The Monitored Ports are the source ports. awplus# show mirror Mirror Test Port Name: port1.22 Mirror option: Enabled Monitored Port Name: port1.
PAGE 243
Chapter 14 Link-flap Protection Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “ADD LINK-FLAP” on page 244  “DELETE LINK-FLAP” on page 246  “DISABLE LINK-FLAP” on page 247  “ENABLE LINK-FLAP” on page 248  “SET LINK-FLAP” on page 249  “SHOW LINK-FLAP” on page 251 243
PAGE 244
Chapter 14: Link-flap Protection Commands ADD LINK-FLAP Syntax AlliedWare Plus Command Available add link-flap port=port|all Parameters port Specifies a port for link-flap protection. You can configure more than one port at a time with this command. To specify all of the ports, use the ALL option. Description This command is used to designate ports for link-flap protection. If ports have already been designated for link-flap protection, this command adds the new ports to the existing ports.
PAGE 245
AT-S63 Management Software Command Line User’s Guide Example This example adds link-flap protection to ports 11 to15.
PAGE 246
Chapter 14: Link-flap Protection Commands DELETE LINK-FLAP Syntax AlliedWare Plus Command Available delete link-flap port=port|all Parameters port Specifies a port to remove link-flap protection. You can remove more than one port at a time with this command. To remove all of the ports from the feature, use the ALL option. Description This command is used to remove link-flap protection from ports.
PAGE 247
AT-S63 Management Software Command Line User’s Guide DISABLE LINK-FLAP Syntax AlliedWare Plus Command Available disable link-flap Parameters None. Description This command is used to disable link-flap protection on the switch. This is the default setting. Example disable link-flap AlliedWare Plus Command Section I: Basic Operations To disable link-flap protection with the AlliedWare Plus commands, use the NO LINK-FLAP PROTECTION command and remove all of the ports from the feature.
PAGE 248
Chapter 14: Link-flap Protection Commands ENABLE LINK-FLAP Syntax AlliedWare Plus Command Available enable link-flap [port=port|all] Parameter port Specifies the port on which link-flap protection is to be enabled. You can configure more than one port at a time with this command. To specify all of the ports, enter the ALL option. Description This command is used to activate link-flap protection on the switch. This feature protects the switch from unreliable or fluctuating links.
PAGE 249
AT-S63 Management Software Command Line User’s Guide SET LINK-FLAP Syntax AlliedWare Plus Command Available set link-flap rate=rate duration=duration Parameter rate Specifies the number of link changes that constitute a link flap event on a port. The range is 4 to 65535 changes. The default is 10 changes. duration Specifies the time period in which the changes must occur to constitute a link flap event. The range is 20 to 65535 seconds. The default is 60 seconds.
PAGE 250
Chapter 14: Link-flap Protection Commands Example This example set the rate to eight status changes and the duration to three minutes: awplus> enable awplus# configure terminal awplus(config)# link-flap rate 8 awplus(config)# link-flap duration 180 250 Section I: Basic Operations
PAGE 251
AT-S63 Management Software Command Line User’s Guide SHOW LINK-FLAP Syntax AlliedWare Plus Command Available show link-flap Parameter None. Description This command displays the status of link-flap protection on the switch, the ports of the feature, and the configuration settings. Here is an example of the information this command displays. Link Flap Protection ............ Link Flap Member(s) ............. Duration ........................ Rate ............................ On 1.1-1.17 60 8 Figure 47.
PAGE 252
Chapter 14: Link-flap Protection Commands 252 Section I: Basic Operations
PAGE 253
Section II Advanced Operations This section contains the following chapters: Section II: Advanced Operations  Chapter 15, “File System Commands” on page 255  Chapter 16, “File Download and Upload Commands” on page 275  Chapter 17, “Event Log and Syslog Client Commands” on page 303  Chapter 18, “Classifier Commands” on page 335  Chapter 19, “Access Control List Commands” on page 347  Chapter 20, “Class of Service (CoS) Commands” on page 361  Chapter 21, “Quality of Service (QoS) Comma
PAGE 254
Section II: Advanced Operations
PAGE 255
Chapter 15 File System Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “COPY” on page 256  “CREATE CONFIG” on page 259  “DELETE FILE” on page 260  “FORMAT DEVICE” on page 262  “RENAME” on page 263  “SET CFLASH DIR” on page 265  “SET CONFIG” on page 266  “SH
PAGE 256
Chapter 15: File System Commands COPY Syntax AlliedWare Plus Command Available copy [cflash:]sourcefile.ext [cflash:]destinationfile.ext Parameters sourcefile.ext Specifies the name of the source file. If the file is stored on a compact memory flash card, precede the name with “cflash:”. If the filename contains spaces, enclose it in double quotes. Otherwise, the quotes are optional. destinationfile.ext Specifies the name of the destination file.
PAGE 257
AT-S63 Management Software Command Line User’s Guide Table 4. File Extensions and File Types Extension File Type .cer Certificate file .csr Certificate enrollment request .key Public encryption key .log Event log Examples This command creates a copy of the configuration file “admin.cfg” in the switch’s file system and names the copy “admin2.cfg”: copy admin.cfg admin2.cfg This command creates a copy of the configuration file “switch 12.cfg” in the file system and names the copy “backup.
PAGE 258
Chapter 15: File System Commands awplus# cp unit12.cfg unit24.cfg This command copies the configuration file “9408switches.cfg” from the switch’s file system to a compact flash card: awplus# cp 9408switches.cfg cflash:9408switches.cfg This command copies the configuration file “sw12.cfg” from a compact flash card to the switch’s file system and renames the file “presales_4.cfg”: awplus# cp cflash:sw12.cfg presales_4.
PAGE 259
AT-S63 Management Software Command Line User’s Guide CREATE CONFIG Syntax create config=[cflash:]filename.cfg Parameter config Specifies the name of a new configuration file. If the filename contains spaces, enclose it in double quotes. Otherwise, the quotes are optional. To store the configuration file on a flash memory card, precede the name with “cflash:”. Description This command creates a new configuration file.
PAGE 260
Chapter 15: File System Commands DELETE FILE Syntax AlliedWare Plus Command Available delete file=[cflash:]filename Parameter file Specifies the name of the file to be deleted. A name with spaces must be enclosed in double quotes. Otherwise, the quotes are optional. If the file is stored on a compact memory flash card, precede the name with “cflash:”. Description This command deletes a file from the file system or from a compact flash memory card.
PAGE 261
AT-S63 Management Software Command Line User’s Guide The following command deletes the configuration file named “Switch 12.cfg” from a compact flash card: delete file=cflash:"Switch 12.cfg" AlliedWare Plus Command Syntax rm [cflash:]filename.ext Mode Privileged Exec mode Description This AlliedWare Plus command is equivalent to the standard command, except it does not accept spaces in the filenames. Example This command deletes the configuration file “unit12.cfg”: awplus# rm unit12.
PAGE 262
Chapter 15: File System Commands FORMAT DEVICE Syntax AlliedWare Plus Command Available format device=flash Parameter device Specifies the device to format. The only option is “Flash” for the switch’s file system. Description This command formats the flash memory in the switch. Caution This command deletes ALL of the files in the switch’s flash memory, including the active configuration file, encryption keys, and certificates.
PAGE 263
AT-S63 Management Software Command Line User’s Guide RENAME Syntax AlliedWare Plus Command Available rename [cflash:]filename1.ext [cflash:]filename2.ext Parameters filename1.ext Specifies the name of the file to be renamed. If the name contains spaces, enclose it in double quotes. Otherwise, the quotes are optional. If the file is stored on a compact memory card, precede the name with “cflash:”. filename2.ext Specifies the new name for the file.
PAGE 264
Chapter 15: File System Commands Examples The following command renames the file “Switch12.cfg” in the switch’s file system to “Sw 44a.cfg”: rename Switch12.cfg "Sw 44a.cfg" This command renames the file “sales_sw.cfg” on a flash memory card to “sales sw5.cfg”: rename cflash:sales_sw.cfg cflash:”sales sw5.cfg” AlliedWare Plus Command Syntax move filename1.ext filename2.ext Mode Privileged Exec mode Description This command has the following restrictions:  It does not accept spaces in the filenames.
PAGE 265
AT-S63 Management Software Command Line User’s Guide SET CFLASH DIR Syntax set cflash dir=directory Parameter dir Specifies the directory path. Description This command changes the current directory on the compact flash card. Note You cannot create directories on a compact flash card from the AT-S63 Management Software.
PAGE 266
Chapter 15: File System Commands SET CONFIG Syntax AlliedWare Plus Command Available set config=[cflash:]filename.cfg|none Parameter config Specifies the name of the configuration file to act as the active configuration file for the switch. The name can be from 1 to 16 alphanumeric characters, not including the extension “.cfg”. If the filename contains spaces, enclose it in double quotes. Description This command specifies the active configuration file on a switch.
PAGE 267
AT-S63 Management Software Command Line User’s Guide assign a new active boot configuration file.  For those systems that support a flash memory card, you can specify a configuration file on a flash card as the active boot configuration file for a switch. However, the configuration file is not copied to the switch’s file system, but is instead used and updated directly from the card. If you remove the card and reset the switch, the management software uses its default settings.
PAGE 268
Chapter 15: File System Commands  If you specify a new active configuration file for the switch, the command displays a confirmation prompt, asking if you want to overwrite the existing file. If you respond with yes, the existing file is overwritten with the switch’s current settings. If you respond with no, the file is not overwritten. In most cases, you will probably respond with no.
PAGE 269
AT-S63 Management Software Command Line User’s Guide SHOW CFLASH Syntax show cflash Parameter None Description This command displays information about the compact flash card including the current directory, the number of files, how much space is used, and amount of space available. An example is shown in Figure 48. Compact Flash: --------------------------------------------------Current Directory: \ Number of files ............ 6 Number of directories ...... 3 Bytes used .................
PAGE 270
Chapter 15: File System Commands SHOW CONFIG Syntax AlliedWare Plus Command Available show config [dynamic] Parameter dynamic Displays the settings for all the switch and port parameters in command line format. Description This command, when used without the DYNAMIC parameter, displays two pieces of information. The first is the “Boot configuration file.” This is the configuration file the switch uses the next time it is reset or power cycled.
PAGE 271
AT-S63 Management Software Command Line User’s Guide AlliedWare Plus Command Syntax show boot Mode User Exec mode and Privileged Exec mode Description This AlliedWare Plus command is equivalent to the standard command without the DYNAMIC parameter.
PAGE 272
Chapter 15: File System Commands SHOW FILE Syntax AlliedWare Plus Command Available show file[=[cflash:]filename.ext] Parameter file Specifies the name of the file to be displayed. Use double quotes to enclose the name if it contains spaces. Otherwise, the quotes are optional. To view a file on a flash memory card, precede the name with “cflash”. If you do not specify a file name, the command lists all the files in the flash memory as well as on a compact flash card, if one is installed in the switch.
PAGE 273
AT-S63 Management Software Command Line User’s Guide AlliedWare Plus Command Syntax ls [[cflash:]filename.ext] dir [[cflash:]filename.ext] Mode User Exec mode and Privileged Exec mode Description Both of these AlliedWare Plus commands are identical to the standard command. Example This example lists all the files in the file system: awplus> ls This example lists just the configuration files: awplus> ls *.cfg This example displays the contents of the “boot.cfg” file: awplus> ls boot.
PAGE 274
Chapter 15: File System Commands SHOW FLASH Syntax AlliedWare Plus Command Available show flash Parameter None Description This command displays information about the file system in the switch. The information includes the number of files stored in the file system, how much space is used, and the amount of space available. An example is shown in Figure 50. Flash: ----------------------------------------------------Files ............. 12288 bytes (5 files) Free ............. 8211456 bytes Total .........
PAGE 275
Chapter 16 File Download and Upload Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “LOAD METHOD=LOCAL” on page 276  “LOAD METHOD=TFTP” on page 278  “LOAD METHOD=XMODEM” on page 285  “UPLOAD METHOD=LOCAL” on page 290  “UPLOAD METHOD=REMOTESWITCH” on page 292  “UP
PAGE 276
Chapter 16: File Download and Upload Commands LOAD METHOD=LOCAL Syntax load method=local destfile=appblock srcfile|file=[cflash:]filename Parameters method Specifies a local download. destfile Specifies the application block (APPBLOCK) of the switch’s flash memory. This is the area of memory reserved for the switch’s active AT-S63 image file. srcfile or file Specifies the filename of the AT-S63 image file in the file system to be downloaded into the application block.
PAGE 277
AT-S63 Management Software Command Line User’s Guide  After downloading an image file into the application block, you can delete the image file from the file system or compact flash card to free up space for other files. Caution The switch, after downloading the AT-S63 image file into its application block, automatically resets to initialize the new management software. The entire process takes about a minute. The switch does not forward network traffic during the reset process.
PAGE 278
Chapter 16: File Download and Upload Commands LOAD METHOD=TFTP Syntax 1: Downloading Files to the File System AlliedWare Plus Command Available load method=tftp destfile=[cflash:]filename server=ipaddress srcfile|file=filename Syntax 2: Downloading New AT-S63 Management Software to a Stand-alone Switch load method=tftp destfile=appblock server=ipaddress srcfile|file=filename Syntax 3: Downloading New AT-S63 Management Software to an AT-9400 Stack load method=tftp destfile=appblock server=ipaddress srcfi
PAGE 279
AT-S63 Management Software Command Line User’s Guide module Specifies the switches in the AT-9400 Stack to receive the new AT-S63 Management Software. The range is 1 to 8. You can specify more than one switch (e.g., 1,2). To update all the switches, use ALL. General Description These commands are used to download files and new versions of the AT-S63 Management Software to stand-alone switches and stacks, using TFTP.
PAGE 280
Chapter 16: File Download and Upload Commands Syntax 2 Description This command is used to download new AT-S63 Management Software to stand-alone switches. The destination is APPBLOCK, the area in flash memory reserved for this file and called the application block. Caution This command will disrupt network operations. The switch will reset after writing the new AT-S63 Management Software to the application block portion of flash memory. The entire process can take a minute or so to complete.
PAGE 281
AT-S63 Management Software Command Line User’s Guide  There must be a node on your network with the TFTP server software and the file to be downloaded must be stored on the server.  You should start the TFTP server software before performing the download command.  For AT-9400 Switches running AT-S63 version 2.0.0 or later, the switch must have a routing interface on the local subnet from where it reaches the TFTP server.
PAGE 282
Chapter 16: File Download and Upload Commands application block so that its used by the switch as its active image file, refer to “UPLOAD METHOD=LOCAL” on page 290. Note Downloading an AT-S63 image file into a switch’s file system rather than into the application block should be perform with care. The file will take up 2 megabytes of space in the file system.
PAGE 283
AT-S63 Management Software Command Line User’s Guide load method=tftp destfile=cflash:ats63.img server=149.11.11.11 srcfile=ats63.img Syntax 2 Example This command downloads new AT-S63 Management Software to the application block of a stand-alone switch, making the software the active image file on the unit. The IP address of the TFTP server is 149.11.11.11 and the name of the image file on the server is “ats63v4.img”: load method=tftp destfile=appblock server=149.11.11.11 srcfile=ats63v4.
PAGE 284
Chapter 16: File Download and Upload Commands Example This example downloads the file “ats63_app.img” into the application block of a switch. The TFTP server has the IP address 149.22.121.45: awplus> enable awplus# download tftp 149.22.121.45 ats63_app.
PAGE 285
AT-S63 Management Software Command Line User’s Guide LOAD METHOD=XMODEM Syntax 1: Downloading Files to the File System AlliedWare Plus Command Available load method=xmodem destfile=[cflash:]filename Syntax 2: Downloading New AT-S63 Management Software to a Stand-alone Switch load method=xmodem destfile=appblock Syntax 3: Downloading New AT-S63 Management Software to an AT-9400 Stack load method=xmodem destfile=appblock module=value|all Parameters method Specifies a XMODEM download.
PAGE 286
Chapter 16: File Download and Upload Commands Note In earlier versions of the AT-S63 Management Software this command also performed switch to switch file transfers for copying files from a master switch to other switches in an enhanced stack. That function is now part of “UPLOAD METHOD=REMOTESWITCH” on page 292 Syntax 1 Description This command is used to download configuration files and SSL public key certificates to the file system on the switch.
PAGE 287
AT-S63 Management Software Command Line User’s Guide Note The MODULE parameter only works on switches with Version 4.0.0 or later of the AT-S63 Management Software. To update a stack that has an earlier version of the management software, remove the switches from the stack by disconnecting the stacking cables and update them as stand-alone units. For more information, refer to the software release notes. Caution This command will disrupt network operations.
PAGE 288
Chapter 16: File Download and Upload Commands  If you download a file onto a flash memory card in the switch and later want to copy the file from the card to a switch’s file system, refer to “COPY” on page 256.  If you are upgrading the AT-9400 Switch from AT-S63 version 1.3.0 or earlier and the switch has an IP address, the upgrade process automatically creates a routing interface on the switch to preserve the device’s IP configuration.
PAGE 289
AT-S63 Management Software Command Line User’s Guide Since the file is stored in the switch’s file system and not the application block, the switch does not use it as its active image file. If, at some point in the future, you want to make it the active image file, use “LOAD METHOD=LOCAL” on page 276.
PAGE 290
Chapter 16: File Download and Upload Commands UPLOAD METHOD=LOCAL Syntax upload method=local destfile=[cflash:]filename srcfile|file=appblock Parameters method Specifies a local upload. destfile Specifies a filename for the AT-S63 image file. If the name contains spaces, enclose the name in quotes. To upload the active image file to a flash memory card in the switch, precede the name with “cflash:”.
PAGE 291
AT-S63 Management Software Command Line User’s Guide upload method=local destfile=cflash:s63.
PAGE 292
Chapter 16: File Download and Upload Commands UPLOAD METHOD=REMOTESWITCH Syntax upload method=remoteswitch srcfile|file=filename|appblock|switchcfg switchlist=switches [verbose=yes|no|on|off|true|false] Parameters method Specifies a switch to switch upload. srcfile or file Specifies the file to be uploaded from the master switch. Options are: filename Uploads a configuration file from the master switch’s file system. appblock Uploads the master switch’s AT-S63 image file.
PAGE 293
AT-S63 Management Software Command Line User’s Guide You can also use this command to distribute a configuration file on the master switch to other switches when switches are to share a similar configuration. The equivalent SRCFILE and FILE parameters specify the name of the file to be uploaded from the switch. You have three options:  filename - Uploads a configuration file from the master switch’s file system. The filename must include the “.cfg” suffix.
PAGE 294
Chapter 16: File Download and Upload Commands with its DHCP or BOOTP client activated. The interface is given the interface number 0 and assigned to the preexisting management VLAN. Furthermore, the interface is designated as the local interface on the switch. For example, if the switch has the static IP address 149.44.44.44 and the management VLAN has a VID of 12, the upgrade process automatically creates a routing interface with the same IP address and names it VLAN12-0.
PAGE 295
AT-S63 Management Software Command Line User’s Guide You can upload the AT-S63 image file from the master switch to more than one switch at a time.
PAGE 296
Chapter 16: File Download and Upload Commands UPLOAD METHOD=TFTP Syntax upload method=tftp destfile=filename server=ipaddress srcfile|file=switchcfg|[cflash:]filename|appblock Parameters method Specifies a TFTP upload. destfile Specifies a filename for the uploaded file. This is the name given the file when it is stored on the TFTP server. If the name contains spaces, enclose it in quotes. server Specifies the IP address of the network node containing the TFTP server software.
PAGE 297
AT-S63 Management Software Command Line User’s Guide  Start the TFTP server software before you perform the command.  The AT-9400 Switch must have a routing interface on the local subnet from where it is reaching the TFTP server. The switch uses the interface’s IP address as its source address during the file transfer with the server. This rule applies equally to master and slave switches in an enhanced stack. The server can be located on any interface on the switch, not just the local interface.
PAGE 298
Chapter 16: File Download and Upload Commands Note It is unlikely you will ever need to upload the active AT-S63 image file from a switch to a TFTP server. If you need the image file to transfer to another switch, you can simplify the process with a switch to switch upload using “UPLOAD METHOD=REMOTESWITCH” on page 292. Alternatively, you can obtain the latest version of the image file from the Allied Telesis web site.
PAGE 299
AT-S63 Management Software Command Line User’s Guide UPLOAD METHOD=XMODEM Syntax upload method=xmodem srcfile|file=switchcfg|[cflash:]filename|appblock Parameters method Specifies an Xmodem upload. srcfile or file Specifies the file to be uploaded. Options are: switchcfg Uploads the switch’s active boot configuration file. filename Specifies the name of a file to upload from the switch’s file system or compact flash card.
PAGE 300
Chapter 16: File Download and Upload Commands The equivalent SRCFILE and FILE parameters specify the name of the file to upload from the switch. You have three options:  SWITCHCFG - Uploads the switch’s active boot configuration file.  filename - Uploads a file from the switch’s file system or a compact flash memory card. This differs from the SWITCHCFG parameter in that the latter can upload just the active boot configuration file, while this parameter can upload any file on the switch.
PAGE 301
AT-S63 Management Software Command Line User’s Guide The following command uploads the switch’s active AT-S63 image file to the workstation: upload method=xmodem srcfile=appblock Section II: Advanced Operations 301
PAGE 302
Chapter 16: File Download and Upload Commands 302 Section II: Advanced Operations
PAGE 303
Chapter 17 Event Log and Syslog Client Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “ADD LOG OUTPUT” on page 304  “CREATE LOG OUTPUT” on page 306  “DESTROY LOG OUTPUT” on page 311  “DISABLE LOG” on page 312  “DISABLE LOG OUTPUT” on page 313  “ENABLE LOG” on pa
PAGE 304
Chapter 17: Event Log and Syslog Client Commands ADD LOG OUTPUT Syntax add log output=output-id module=[all|module] severity=[all|severity] Parameters output Specifies the output definition ID number. module Specifies what AT-S63 events to filter. The available options are: severity all Sends events for all modules. This is the default. module Sends events for specific module(s). You can select more than one module at a time, for example, MAC,PACCESS.
PAGE 305
AT-S63 Management Software Command Line User’s Guide The second step is to customize the definition by specifying which event messages generated by the switch are to be sent. This is accomplished with this command. You can customize the definition so that the switch sends all of its event messages or limit it to just a selection of events from particular modules in the AT-S63 management software. An alternative method to configuring a definition is with “SET LOG OUTPUT” on page 322.
PAGE 306
Chapter 17: Event Log and Syslog Client Commands CREATE LOG OUTPUT Syntax AlliedWare Plus Command Available create log output=output-id destination=syslog server=ipaddress [facility=default|local1|local2|local3|local4|local5|local6 |local7] [syslogformat=extended|normal] Parameters output destination Specifies an ID number that identifies the output definition. The possible output IDs are: 0 Reserved for permanent (nonvolatile) storage. You cannot change or delete this ID.
PAGE 307
AT-S63 Management Software Command Line User’s Guide syslogformat Specifies the format of the generated messages. The possible options are: extended Messages include the date, time, and system name. This is the default. normal Messages do not include the date, time, and system name. Description This command creates a new output definition. The switch uses the definition to send event messages to a device on your network. You can create up to nineteen output definitions.
PAGE 308
Chapter 17: Event Log and Syslog Client Commands The FACILITY parameter adds a numerical code to the entries as they are sent to the syslog server. You can use this code to group entries on the syslog server according to the management module or switch that produced them. This is of particular value when a syslog server is collecting events from several difference network devices. You can specify only one facility level for a syslog server definition. There are two approaches to using this parameter.
PAGE 309
AT-S63 Management Software Command Line User’s Guide Table 8. Numerical Code and Facility Level Mappings Numerical Code Facility Level Setting 17 LOCAL1 18 LOCAL2 19 LOCAL3 20 LOCAL4 21 LOCAL5 22 LOCAL6 23 LOCAL7 For example, selecting LOCAL2 as the facility level assigns the numerical code of 18 to all events sent to the syslog server by the switch. The SYSLOGFORMAT parameter defines the content of the events.
PAGE 310
Chapter 17: Event Log and Syslog Client Commands definition ID number. You cannot specify a facility level or a message format. The default values are used for these parameters. Example This command creates a new syslog definition. The IP address of the server is 149.24.111.23 and the definition is assigned the ID number 2: awplus> enable awplus# configure terminal awplus(config)# log host 149.24.111.
PAGE 311
AT-S63 Management Software Command Line User’s Guide DESTROY LOG OUTPUT Syntax AlliedWare Plus Command Available destroy log output=output-id Parameters output Specifies the output definition ID number. Description This command deletes output definitions. To disable an output definition without deleting it, see “DISABLE LOG OUTPUT” on page 313.
PAGE 312
Chapter 17: Event Log and Syslog Client Commands DISABLE LOG Syntax disable log Parameters None. Description This command disables the event log module. When the log module is disabled, the AT-S63 management software stops storing events in the event logs and sending events to output definitions. The default setting for the event logs is enabled. Note The event log module, even when disabled, still logs all AT-S63 initialization events that occur when the switch is reset or power cycled.
PAGE 313
AT-S63 Management Software Command Line User’s Guide DISABLE LOG OUTPUT Syntax AlliedWare Plus Command Available disable log output[=output-id] Parameters output Specifies the output definition ID number to disable. Not specifying an output definition disables all definitions. Description This command disables an output definition. When disabled, no event messages are sent to the specified device, although the definition still exists.
PAGE 314
Chapter 17: Event Log and Syslog Client Commands awplus> enable awplus# configure terminal awplus(config)# no log enable 2 314 Section II: Advanced Operations
PAGE 315
AT-S63 Management Software Command Line User’s Guide ENABLE LOG Syntax enable log Parameters None. Description This command activates the event logs. The switch immediately starts to store the events in the logs and to send the events to the defined outputs. The default setting for the event logs is enabled.
PAGE 316
Chapter 17: Event Log and Syslog Client Commands ENABLE LOG OUTPUT Syntax AlliedWare Plus Command Available enable log output[=output-id] Parameters output Specifies the output definition ID number to enable. The range is 2 to 20. Description This command enables an output definition that was disabled using “DISABLE LOG OUTPUT” on page 313.
PAGE 317
AT-S63 Management Software Command Line User’s Guide PURGE LOG Syntax AlliedWare Plus Command Available purge log[=permanent|temporary] Parameter log Specifies the type of memory on the switch where the log file you want to purge is located. The options are: permanent Permanent (nonvolatile) memory. Deletes all events stored in nonvolatile memory, which can contain up to 2,000 events. temporary Temporary memory. Deletes all events stored in temporary memory, which can contain up to 4,000 events.
PAGE 318
Chapter 17: Event Log and Syslog Client Commands the logs individually.
PAGE 319
AT-S63 Management Software Command Line User’s Guide SAVE LOG Syntax save log[=permanent|temporary] filename=filename.log [full] [module=module] [reverse] [severity=all|severity] [overwrite] Parameters log Specifies the source of the events you want to save to the log file. The options are: permanent Permanent (nonvolatile) memory. Saves events stored in nonvolatile memory, which can contain up to 2,000 events. temporary Temporary memory.
PAGE 320
Chapter 17: Event Log and Syslog Client Commands severity overwrite Saves events of a particular severity. Choices are I for Informational, E for Error, W for Warning, and D for Debug. You can select more than one severity at a time (for example, E,W). For a definition of the severity levels, see Table 10, “Event Log Severity Levels” on page 329. The default is E, W, I. Overwrites the file if it already exists.
PAGE 321
AT-S63 Management Software Command Line User’s Guide SET LOG FULLACTION Syntax set log fullaction [temporary=halt|wrap] [permanent=halt|wrap] Parameters fullaction Specifies what happens when a log reaches maximum capacity. You can set the action separately for each log. The possible actions are: halt The log stops storing new events. wrap The log deletes the oldest entries as new ones are added. This is the default.
PAGE 322
Chapter 17: Event Log and Syslog Client Commands SET LOG OUTPUT Syntax AlliedWare Plus Command Available set log output=output-id [destination=syslog] server=ipaddress [facility=default|local1|local2|local3|local4|local5|local6 |local7] [syslogformat=extended|normal] [module=all|module] [severity=all|severity-list] Parameters output destination Specifies an ID number that identifies the output definition to be modified. The possible output IDs are: 0 Reserved for permanent (nonvolatile) storage.
PAGE 323
AT-S63 Management Software Command Line User’s Guide syslogformat module severity Specifies the format of the generated messages. The possible options are: extended Messages include the date, time, and system name. This is the default. normal Messages do not include the date, time, and system name. Specifies what AT-S63 events to filter. The available options are: all Sends events for all modules. This is the default. module Sends events for specific module(s).
PAGE 324
Chapter 17: Event Log and Syslog Client Commands Examples The following command changes the IP address for output definition number 5 to 149.55.55.55: set log output=5 server=149.55.55.55 The following command modifies output definition number 6 to only send messages from the RADIUS module of all severity levels: set log output=6 module=radius severity=all The following command changes the facility level and message format for output definition 4.
PAGE 325
AT-S63 Management Software Command Line User’s Guide awplus> enable awplus# configure terminal awplus(config)# log monitor facility local5 4 This command sets the severity level on output definition 2 to warning messages: awplus> enable awplus# configure terminal awplus(config)# log monitor level w 2 Section II: Advanced Operations 325
PAGE 326
Chapter 17: Event Log and Syslog Client Commands SHOW LOG Syntax AlliedWare Plus Command Available show log[=permanent|temporary] [full] [module=module] [reverse] [severity=severity] Parameters log 326 Specifies which of the two event logs you want to view. The options are: permanent Displays the events stored in permanent memory. temporary Displays the events stored in temporary memory. This is the default. full Specifies the amount of information displayed by the log.
PAGE 327
AT-S63 Management Software Command Line User’s Guide Description This command displays the entries stored in an event log. An event log can display entries in two modes: normal and full. In the normal mode, a log displays the time, module, severity, and description for each entry. In the full mode, a log also displays the filename, line number, and event ID. If you want to view the entries in the full mode, use the FULL parameter. To view entries in the normal mode, omit the parameter.
PAGE 328
Chapter 17: Event Log and Syslog Client Commands Table 9.
PAGE 329
AT-S63 Management Software Command Line User’s Guide Table 10. Event Log Severity Levels Value Severity Level Description E Error Switch operation is severely impaired. W Warning An issue may require manager attention. I Informational Useful information that can be ignored during normal operation. D Debug Messages intended for technical support and software development. An example of the event log is shown in Figure 51. The example uses the full display mode.
PAGE 330
Chapter 17: Event Log and Syslog Client Commands Examples The following command displays all the entries in the event log stored in permanent memory: show log=permanent The following command displays the events stored in temporary memory in the full display mode, which adds more information: show log=temporary full The following command displays only those entries stored in temporary memory and associated with the AT-S63 modules FILE and QOS: show log=permanent module=file,qos The following command disp
PAGE 331
AT-S63 Management Software Command Line User’s Guide SHOW LOG OUTPUT Syntax AlliedWare Plus Command Available show log output[=output-id] [full] Parameters output Specifies the output definition ID number. If an output ID number is not specified, all output definitions currently configured on the switch are displayed. full Displays the details of the output definition. If not specified, only a summary is displayed. Description This command displays output definition details.
PAGE 332
Chapter 17: Event Log and Syslog Client Commands An example of the information displayed by this command with the FULL parameter is shown in Figure 53. Output ID .................... Output Type .................. Status ....................... Server IP Address ............ Message Format ............... Facility Level ............... Event Severity ............... Event Module ................. 2 Syslog Enabled 149.88.88.88 Extended DEFAULT E,W,I All Figure 53.
PAGE 333
AT-S63 Management Software Command Line User’s Guide SHOW LOG STATUS Syntax show log status Parameter None. Description This command displays information about the event log feature. Figure 54 is an example of the information displayed by this command. Event Log Configuration: Event Logging .................... Enabled Number of Output Definitions ..... 4 Figure 54. SHOW LOG STATUS Command The Event Logging field indicates whether the feature is enabled or disabled.
PAGE 334
Chapter 17: Event Log and Syslog Client Commands 334 Section II: Advanced Operations
PAGE 335
Chapter 18 Classifier Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “CREATE CLASSIFIER” on page 336  “DESTROY CLASSIFIER” on page 340  “PURGE CLASSIFIER” on page 341  “SET CLASSIFIER” on page 342  “SHOW CLASSIFIER” on page 345 335
PAGE 336
Chapter 18: Classifier Commands CREATE CLASSIFIER Syntax AlliedWare Plus Command Available create classifier=idnumber [description=”string”] [macdaddr=macaddress|any] [macsaddr=macaddress|any] [ethformat=ethii-untagged|ethii-tagged|802.2untagged|802.2-tagged|any] [priority=integer|any] [vlan=name|1..
PAGE 337
AT-S63 Management Software Command Line User’s Guide vlan Defines a traffic flow of a tagged or port-based VLAN by its name or VID number. protocol Defines a traffic flow by the protocol specified in the Ethertype field of the MAC header in an Ethernet II frame. Options are: IP ARP RARP You can specify the protocol by entering the protocol number in either decimal or hexadecimal format. If the latter, precede the number with “0x”. The range is 1536 (0x600) to 65535 (0xFFFF).
PAGE 338
Chapter 18: Classifier Commands tcpsport Defines a traffic flow by a source TCP port. tcpdport Defines a traffic flow by a destination TCP port. udpsport Defines a traffic flow by a source UDP port. udpdport Defines a traffic flow by a destination UDP port. tcpflags Defines a traffic flow by a TCP flag. Options are URG - Urgent ACK - Acknowledgement RST - Reset PSH - Push SYN - Synchronization FIN - Finish Description This command is used to create classifiers.
PAGE 339
AT-S63 Management Software Command Line User’s Guide AlliedWare Plus Command Section II: Advanced Operations To create classifiers with the AlliedWare Plus commands, refer to the AlliedWare Plus sections in “CREATE ACL” on page 348 and “CREATE QOS FLOWGROUP” on page 377.
PAGE 340
Chapter 18: Classifier Commands DESTROY CLASSIFIER Syntax AlliedWare Plus Command Available destroy classifier=idnumber Parameters classifier Specifies the ID number of the classifier to be deleted. The number can be from 1 to 9999. You can delete more than one classifier at a time. You can specify the classifiers individually (e.g., 2,5,7) as a range (e.g., 11-14), or both (e.g., 2,4-8,12). Description This command deletes classifiers from the switch.
PAGE 341
AT-S63 Management Software Command Line User’s Guide PURGE CLASSIFIER Syntax purge classifier Parameters None. Description This command deletes all classifiers from the switch. You cannot delete the classifier if they are assigned to an ACL or QoS policy. You must first remove the classifiers from the ACL and policies before you can delete them.
PAGE 342
Chapter 18: Classifier Commands SET CLASSIFIER Syntax set classifier=idnumber [description=”string”] [macdaddr=macaddress|any] [macsaddr=macaddress|any] [priority=value] [vlan=name|1..
PAGE 343
AT-S63 Management Software Command Line User’s Guide iptos Specifies a Type of Service value. The range is 0 to 7. ipdscp Specifies a DSCP value. The range is 0 to 63. ipprotocol Specifies a Layer 3 protocol. Options are: TCP UDP ICMP IGMP You can specify other Layer 3 protocols by entering the protocol number in either decimal or hexadecimal format. If you use the latter, precede the number with “0x”. ipdaddr Specifies a destination IP address. The address can be of a specific node or a subnet.
PAGE 344
Chapter 18: Classifier Commands Description This command is used to modify classifiers. You can change all the parameters of a classifier except for the ID number. Specifying a new value for a variable that already has a value overwrites the current value with the new one. To remove a value from a variable without assigning a new value, use the ANY option. You cannot modify a classifier if it belongs to an ACL or QoS policy that is assigned to a port.
PAGE 345
AT-S63 Management Software Command Line User’s Guide SHOW CLASSIFIER Syntax AlliedWare Plus Command Available show classifier[=idnumber] Parameters classifier Specifies the ID of the classifier you want to view. You can specify more than one classifier at a time. Description This command displays the classifiers on a switch. Figure 55 is an example of the information displayed by this command. --------------------------------------------Classifier ID: .................. 1 Description: .................
PAGE 346
Chapter 18: Classifier Commands  Number of Active Associations - The number of active ACLs and QoS policy assignments where the classifier is currently assigned. An active ACL or policy is assigned to at least one switch port. You can use this number together with the Number of References to determine the number of inactive ACLs and policies for a classifier.
PAGE 347
Chapter 19 Access Control List Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “CREATE ACL” on page 348  “DESTROY ACL” on page 353  “PURGE ACL” on page 355  “SET ACL” on page 356  “SHOW ACL” on page 359 347
PAGE 348
Chapter 19: Access Control List Commands CREATE ACL Syntax AlliedWare Plus Command Available create acl=value [description=”string”] [action=deny|permit] classifierlist=value [portlist=ports] Parameters acl Specifies an ID number for the ACL. The number can be from 0 to 255. Each ACL must have a unique ID number. description Specifies a description for the ACL. A description can be up to 15 alphanumeric characters. Spaces are allowed.
PAGE 349
AT-S63 Management Software Command Line User’s Guide Examples The following command creates an ACL for port 4 that discards the ingress traffic flow specified in classifier ID 18: create acl=12 description=”IP flow deny” action=deny classifierlist=18 portlist=4 The following command creates an ACL that discards the ingress traffic flows specified in classifier ID 2 and 17 and applies the ACL to ports 2 and 6: create acl=6 description=”subnet flow deny” action=deny classifierlist=2,17 portlist=2,6 The follo
PAGE 350
Chapter 19: Access Control List Commands Modes For the ACCESS-LIST commands: Configure mode For the SERVICE-POLICY ACCESS commands: Port Interface mode Description As explained in the AT-S63 Management Software Features Guide, an access control list has two parts. There is the classifier, which defines the traffic flow, and the access control list itself, which defines the action that the ports should take when they receive packets that are members of the defined traffic flow.
PAGE 351
AT-S63 Management Software Command Line User’s Guide you manage this feature with the AlliedWare Plus commands. You are limited to these four criteria:  Source IP addresses  Destination IP addresses  IP protocols  Source MAC addresses If you are interested in controlling only these flow groups, then you can use the ACCESS-LIST commands to create the access control lists. But if you need to control other flow groups, you’ll have to use a different management interface.
PAGE 352
Chapter 19: Access Control List Commands This example removes the access control list 110 from port 22: awplus> enable awplus# configure terminal awplus(config)# interface 22 awplus(config-if)# no service-policy access 110 352 Section II: Advanced Operations
PAGE 353
AT-S63 Management Software Command Line User’s Guide DESTROY ACL Syntax AlliedWare Plus Command Available destroy acl=id_number Parameters acl Specifies ID number of the ACL you want to delete. You can delete more than ACL at a time. Description You use this command to delete ACLs. This command does not delete the classifiers of the ACLs. To delete classifiers using the standard command interface, refer to “DESTROY CLASSIFIER” on page 340 or “PURGE CLASSIFIER” on page 341.
PAGE 354
Chapter 19: Access Control List Commands Example This command deletes the classifier and the access control list with the ID number 5: awplus# no access-list 5 354 Section II: Advanced Operations
PAGE 355
AT-S63 Management Software Command Line User’s Guide PURGE ACL Syntax purge acl Parameters None. Description This command deletes all the ACLs.
PAGE 356
Chapter 19: Access Control List Commands SET ACL Syntax AlliedWare Plus Command Available set acl=value [description=string] [action=deny|permit] [classifierlist=value] [portlist=ports|none] Parameters acl Specifies the ID number of the ACL you want to modify. The number can be from 0 to 255. You can modify only one ACL at a time. description Specifies a new description for the ACL. A description can be up to 15 alphanumeric characters. Spaces are allowed.
PAGE 357
AT-S63 Management Software Command Line User’s Guide Description This command modifies ACLs. You can change the description, action, classifiers, and ports of an ACL.
PAGE 358
Chapter 19: Access Control List Commands This example removes port 23 from access control list 18: awplus> enable awplus# configure terminal awplus(config)# interface 23 awplus(config-if)# no service-policy access 18 358 Section II: Advanced Operations
PAGE 359
AT-S63 Management Software Command Line User’s Guide SHOW ACL Syntax AlliedWare Plus Command Available show acl[=id_number] Parameters acl Specifies the ID number of the ACL you want to view. You can specify more than one ACL at a time. Description This command displays the ACLs. An example of the information is shown in Figure 56. --------------------------------------------ACL ID .............. 1 Description ......... IP Action .............. Deny Classifier List ..... 1 Port List ...........
PAGE 360
Chapter 19: Access Control List Commands discards the packets provided that the packets do not also meet the criteria of a classifier of a Permit ACL assigned to the same port.  Classifier List - The classifiers assigned to the ACL.  Port List - The ports where the ACL is assigned.  Is Active - The status of the ACL. An ACL is active if it is assigned to at least one port, and inactive if it is not assigned to any ports.
PAGE 361
Chapter 20 Class of Service (CoS) Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “MAP QOS COSP” on page 362  “PURGE QOS” on page 364  “SET QOS COSP” on page 365  “SET QOS SCHEDULING” on page 366  “SET SWITCH PORT PRIORITY OVERRIDEPRIORITY” on page 368  “SHOW QOS
PAGE 362
Chapter 20: Class of Service (CoS) Commands MAP QOS COSP Syntax AlliedWare Plus Command Available map qos cosp=priority-number qid=queue-number Parameters cosp Specifies a Class of Service (CoS) priority level. The CoS priority levels are 0 through 7, with 0 as the lowest priority and 7 as the highest. You can specify more than one priority to assign to the same egress queue. qid Specifies the egress queue number.
PAGE 363
AT-S63 Management Software Command Line User’s Guide Example This command maps priorities 4 and 5, to queue 3: map qos cosp=4,5 qid=3 Equivalent Command set qos cosp=priority-number qid=queue-number For information, see “SET QOS COSP” on page 365. AlliedWare Plus Command Syntax mls qos map cos-queue priority-number queue-number or no mls qos map cos-queue priority-number queue-number Mode Configure mode Description These AlliedWare Plus commands are equivalent to the standard command.
PAGE 364
Chapter 20: Class of Service (CoS) Commands PURGE QOS Syntax purge qos Parameters None Description This command destroys all policies, traffic classes, and flow groups; resets the CoS priorities to port egress queues to the default values; and sets the scheduling mode and egress weight queues to their default values.
PAGE 365
AT-S63 Management Software Command Line User’s Guide SET QOS COSP Syntax AlliedWare Plus Command Available set qos cosp=priority-number qid=queue-number Parameters cosp Specifies a Class of Service (CoS) priority level. The CoS priority levels are 0 through 7, with 0 as the lowest priority and 7 as the highest. You can specify more than one priority to assign to the same egress queue. qid Specifies the egress queue number.
PAGE 366
Chapter 20: Class of Service (CoS) Commands SET QOS SCHEDULING Syntax AlliedWare Plus Command Available set qos scheduling=strict|wrr weights=weights Parameters scheduling weights Specifies the type of scheduling. The options are: strict Strict priority. The port transmits all packets out of the higher priority queues before it transmits any from the low priority queues. This is the default. wrr Weighted round robin. The port transmits a set number of packets from each queue in a round robin manner.
PAGE 367
AT-S63 Management Software Command Line User’s Guide This command sets the scheduling to weighted round robin and gives egress priority queues Q0 to Q3 a weight of 1, and Q4 to Q7 a weight of 15: set qos scheduling=wrr weights=1,1,1,1,15,15,15,15 AlliedWare Plus Command Syntax To set the scheduling method to strict priority: mls qos strict or no mls qos strict To set the scheduling method to weighted round robin: wrr-queue weight weights Mode Configure mode Description These AlliedWare Plus command a
PAGE 368
Chapter 20: Class of Service (CoS) Commands SET SWITCH PORT PRIORITY OVERRIDEPRIORITY Syntax AlliedWare Plus Command Available set switch port=port [priority=value] [overridepriority=yes|no|on|off|true|false] Parameters port Specifies the port you want to configure. You can specify more than one port at a time, but the ports must be of the same medium type. For example, you cannot configure twisted pair and fiber optic ports with the same command.
PAGE 369
AT-S63 Management Software Command Line User’s Guide This command allows you to override the priority level mappings at the port level by assigning the packets a temporary priority. Note that this assignment is made when a packet is received on the ingress port and before the frame is forwarded to the egress port. Consequently, you need to configure this feature on the ingress port.
PAGE 370
Chapter 20: Class of Service (CoS) Commands awplus> enable awplus# configure terminal awplus(config)# interface 4 awplus(config-if)# priority-queue 3 awplus(config-if)# override-priority enable 370 Section II: Advanced Operations
PAGE 371
AT-S63 Management Software Command Line User’s Guide SHOW QOS CONFIG Syntax AlliedWare Plus Command Available show qos config Parameters None. Description Displays the CoS priority queues and scheduling. Figure 57 is an example of the information displayed by this command. QoS Configuration information: Number of CoS Queues ..........
PAGE 372
Chapter 20: Class of Service (CoS) Commands using weighted round robin and specify how many packets a port transmits from a queue before moving to the next queue. Example The following command displays the CoS priority queues and scheduling: show qos config AlliedWare Plus Command Syntax show mls qos cos-queue Mode User Exec mode and Privileged Exec mode Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 373
Chapter 21 Quality of Service (QoS) Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “ADD QOS FLOWGROUP” on page 374  “ADD QOS POLICY” on page 375  “ADD QOS TRAFFICCLASS” on page 376  “CREATE QOS FLOWGROUP” on page 377  “CREATE QOS POLICY” on page 384  “CREATE QOS
PAGE 374
Chapter 21: Quality of Service (QoS) Commands ADD QOS FLOWGROUP Syntax add qos flowgroup=value classifierlist=values Parameter flowgroup Specifies the ID number of the flow group you want to modify. You can modify only one flow group at a time. classifierlist Specifies the new classifiers for the flow group. The new classifiers are added to any classifiers already assigned to the flow group. Separate multiple classifiers with commas (e.g., 4,11,12).
PAGE 375
AT-S63 Management Software Command Line User’s Guide ADD QOS POLICY Syntax add qos policy=value trafficclasslist=values Parameter policy Specifies the ID number of the policy you want to modify. You can modify only one policy at a time. trafficclasslist Specifies the new traffic classes of the policy. Traffic classes already assigned to the policy are retained. Separate multiple traffic classes with commas (e.g., 4,11,12). Description This command adds traffic classes to an existing policy.
PAGE 376
Chapter 21: Quality of Service (QoS) Commands ADD QOS TRAFFICCLASS Syntax add qos trafficclass=value flowgrouplist=values Parameter trafficclass Specifies the ID number of the traffic class you want to modify. You can modify only one traffic class at a time. flowgrouplist Specifies the new flow groups of the traffic class. The new flow groups are added to any flow groups already assigned to the flow group. Separate multiple flow groups with commas (e.g., 4,11,12).
PAGE 377
AT-S63 Management Software Command Line User’s Guide CREATE QOS FLOWGROUP Syntax AlliedWare Plus Command Available create qos flowgroup=value [description=”string”] [markvalue=value|none] [priority=value|none] [remarkpriority=yes|no|on|off|true|false] [tos=value|none] [movetostopriority=yes|no|on|off|true|false] [moveprioritytotos=yes|no|on|off|true|false] [classifierlist=values|none] Parameters flowgroup Specifies an ID number for the flow group. Each flow group on the switch must have a unique number.
PAGE 378
Chapter 21: Quality of Service (QoS) Commands remarkpriority Replaces the user priority value in the packets with the new value specified with the PRIORITY parameter. This parameter is ignored if the PRIORITY parameter is omitted or set to NONE. Options are: yes, on, true Replaces the user priority value in the packets with the new value specified with the PRIORITY parameter.
PAGE 379
AT-S63 Management Software Command Line User’s Guide Description This command is used to create new flow groups. Note For examples of the command sequences used to create entire QoS policies, refer to “CREATE QOS POLICY” on page 384. Examples This command creates a flow group with an ID of 10 and a description of “VoIP flow”. The flow group is assigned a priority level of 7 and defined by classifiers 15 and 17.
PAGE 380
Chapter 21: Quality of Service (QoS) Commands  IP protocols: class-map 256-1023 match access-group 156-199  Source MAC addresses: class-map 256-1023 match access-group 200-255 Group 2: To create flow groups with classifiers that filter ingress packets based on:  IP Type of Service values: class-map 256-1023 match ip-precedence 0-7  802.
PAGE 381
AT-S63 Management Software Command Line User’s Guide policies in the AT-S63 Management Software Features Guide before you read this description. Classifiers are an important component of Quality of Service policies because they define the traffic flows of the policies. Classifiers have a host of variables that you can choose from. You might, for instance, create classifiers that define traffic flows based on source or destination IP addresses, IP protocols, or Ethernet frame types.
PAGE 382
Chapter 21: Quality of Service (QoS) Commands FLOWGROUP command, you’ll see that there are different actions that the flow group can perform, such as replacing values in the Type of Service or priority fields of the packets. These parameters are not available in the AlliedWare Plus commands. In fact, the only parameters you can control in policies created with the AlliedWare Plus commands are the maximum bandwidth value and the replacement DSCP value, set when you create the traffic classes.
PAGE 383
AT-S63 Management Software Command Line User’s Guide This example creates a classifier and a flow group for TCP packets. The classifier is created with the AlliedWare Plus ACCESS LIST command and is assigned the ID number 182. Since The flow group is assigned the ID number 271.
PAGE 384
Chapter 21: Quality of Service (QoS) Commands CREATE QOS POLICY Syntax AlliedWare Plus Command Available create qos policy=value [description=“string”] [indscpoverwrite=value|none] [remarkindscp=all|none] [tos=value|none] [movetostopriority=yes|no|on|off|true|false] [moveprioritytotos=yes|no|on|off|true|false] [sendtomirror=yes|no|on|off|true|false] [trafficclasslist=values|none] [redirectport=value|none] [ingressport=port|all|none] [egressport=port|none] Parameters policy Specifies an ID number for the
PAGE 385
AT-S63 Management Software Command Line User’s Guide A new ToS value can be set at all three levels: flow group, traffic class, and policy. A ToS value specified in a flow group overrides a ToS value specified at the traffic class or policy level. movetostopriority Replaces the value in the 802.1p priority field with the value in the ToS priority field on IPv4 packets. Options are: yes, on, true Replaces the value in the 802.1p priority field with the value in the ToS priority field on IPv4 packets.
PAGE 386
Chapter 21: Quality of Service (QoS) Commands ingressport Specifies the ingress ports for the policy. For instructions on how to enter port numbers, refer to “Port Numbers in Commands” on page 48. A port can be an ingress port of only one policy at a time. If a port is already an ingress port of a policy, you must remove the port from its current policy assignment before adding it to another policy. egressport Specifies the egress port to which the policy is to be assigned.
PAGE 387
AT-S63 Management Software Command Line User’s Guide QoS Command Sequence Examples To create a QoS policy you have to create one or more classifiers, a flow group, a traffic class, and finally the policy. The following sections contain examples of the command sequences for different types of policies. Example 1: Voice Application Voice applications typically require a small bandwidth but it must be consistent. They are sensitive to latency (interpacket delay) and jitter (delivery delay).
PAGE 388
Chapter 21: Quality of Service (QoS) Commands The parts of the policies are:  Classifiers - Define the traffic flow by specifying the IP address of the node with the voice application. The classifier for Policy 6 specifies the address as a source address since this classifier is part of a policy concerning packets coming from the application. The classifier for Policy 11 specifies the address as a destination address since this classifier is part of a policy concerning packets going to the application.
PAGE 389
AT-S63 Management Software Command Line User’s Guide create qos trafficclass=19 description=”video flow” maxbandwidth=5 flowgrouplist=41 create qos policy=17 description=”video flow” trafficclasslist=19 ingressport=1 Policy 32 Commands: create classifier=42 description=”video flow” ipdadddr=149.44.44.
PAGE 390
Chapter 21: Quality of Service (QoS) Commands Policy 15 Commands: create classifier=42 description=database ipsadddr=149.44.44.44 create qos flowgroup=36 description=database classifierlist=42 create qos trafficclass=21 description=database maxbandwidth=50 flowgrouplist=36 create qos policy=15 description=database trafficclasslist=21 ingressport=1 Policy 17 Commands: create classifier=10 description=database ipdadddr=149.44.44.
PAGE 391
AT-S63 Management Software Command Line User’s Guide Interface mode, and the policy’s traffic class, which you identify with the ID_NUMBER parameter. Examples This example creates a new Quality of Service policy on ports 2 and 5. The traffic class for the policy has the ID number 12.
PAGE 392
Chapter 21: Quality of Service (QoS) Commands CREATE QOS TRAFFICCLASS Syntax AlliedWare Plus Command Available create qos trafficclass=value [description=”string”] [exceedaction=drop|remark] [exceedremarkvalue=value|none] [markvalue=value|none] [maxbandwidth=value|none] [burstsize=value|none] [priority=value|none] [remarkpriority=yes|no|on|off|true|false] [tos=value|none] [movetostopriority=yes|no|on|off|true|false] [moveprioritytotos=yes|no|on|off|true|false] [flowgrouplist=values|none] Parameters 392
PAGE 393
AT-S63 Management Software Command Line User’s Guide A new DSCP value can be set at all three levels: flow group, traffic class, and policy. A DSCP value specified in a flow group overrides a DSCP value specified at the traffic class or policy level. A DSCP value specified at the traffic class level is used only if no value has been specified at the flow group level. It will override any value set at the policy level. maxbandwidth Specifies the maximum bandwidth available to the traffic class.
PAGE 394
Chapter 21: Quality of Service (QoS) Commands If the traffic is below the maximum bandwidth, unused tokens will accumulate in the bucket since the actual bandwidth falls below the specified maximum. The unused tokens will be available for handling excess traffic should the traffic exceed the maximum bandwidth. Should an increase in traffic continue to the point where all the unused tokens are used up, packets will be discarded.
PAGE 395
AT-S63 Management Software Command Line User’s Guide parameter. This is the default. tos Specifies a replacement value to write into the Type of Service (ToS) field of IPv4 packets. The range is 0 to 7. A new ToS value can be set at all three levels: flow group, traffic class, and policy. A ToS value specified in a flow group overrides a ToS value specified at the traffic class or policy level. movetostopriority moveprioritytotos flowgrouplist Replaces the value in the 802.
PAGE 396
Chapter 21: Quality of Service (QoS) Commands Examples The following command creates a traffic class with an ID number of 25 and the description “Database flow”. The flow group of the traffic class has the ID 11: create qos trafficclass=25 description=”Database flow” flowgrouplist=11 This command creates a traffic class with the ID number of 41 and description “Video flow”.
PAGE 397
AT-S63 Management Software Command Line User’s Guide set tos-priority enable|disable set priority-tos enable|disable Mode To create a traffic class: Configure mode To map a flow group to a traffic class: Policy Map mode To configure the traffic class parameters: Class mode Description These commands have the following restrictions:  The flow group must already exist.  You cannot use the AlliedWare Plus commands to modify existing traffic classes.
PAGE 398
Chapter 21: Quality of Service (QoS) Commands DELETE QOS FLOWGROUP Syntax delete qos flowgroup=value classifierlist=values Parameter flowgroup Specifies the ID number of the flow group you want to modify. You can modify only one flow group at a time. classifierlist Specifies the classifiers you want to remove from the flow group. Separate multiple classifiers with commas (e.g., 4,11,12). (The online help for this command includes a NONE option for this parameter.
PAGE 399
AT-S63 Management Software Command Line User’s Guide DELETE QOS POLICY Syntax delete qos policy=value trafficclasslist=values Parameter policy Specifies the ID number of the policy you want to modify. You can modify only one policy at a time. trafficclasslist Specifies the IDs of the traffic classes you want to remove from the policy. Separate multiple traffic class with commas (e.g., 4,11,12). (The online help for this command includes a NONE option for this parameter.
PAGE 400
Chapter 21: Quality of Service (QoS) Commands DELETE QOS TRAFFICCLASS Syntax delete qos trafficclass=value flowgrouplist=values Parameter flowgroup Specifies the ID number of the traffic class you want to modify. You can modify only one traffic class at a time. flowgrouplist Specifies the IDs of the flow groups you want to remove from the traffic class. Separate multiple flow groups with commas (e.g., 4,11,12). (The online help for this command includes a NONE option for this parameter.
PAGE 401
AT-S63 Management Software Command Line User’s Guide DESTROY QOS FLOWGROUP Syntax AlliedWare Plus Command Available destroy qos flowgroup=id_number Parameter flowgroup Specifies the ID number of the flow group you want to delete. You can delete more than one flow group at a time. You can specify the flow groups individually, as a range, or both. Description This command deletes flow groups.
PAGE 402
Chapter 21: Quality of Service (QoS) Commands DESTROY QOS POLICY Syntax AlliedWare Plus Command Available destroy qos policy=value Parameter flowgroup Specifies the ID number of the policy you want to delete. You can delete more than one policy at a time. You can specify the flow groups individually, as a range, or both. Description This command deletes QoS policies.
PAGE 403
AT-S63 Management Software Command Line User’s Guide DESTROY QOS TRAFFICCLASS Syntax AlliedWare Plus Command Available destroy qos trafficclass=id_number Parameter trafficclass Specifies the ID number of the traffic class you want to delete. You can delete more than one traffic class at a time. You can specify the flow groups individually, as a range, or both. Description This command deletes traffic classes.
PAGE 404
Chapter 21: Quality of Service (QoS) Commands Example These commands delete traffic class 5: awplus> enable awplus# configure terminal awplus(conf)# no policy-map 5 404 Section II: Advanced Operations
PAGE 405
AT-S63 Management Software Command Line User’s Guide PURGE QOS Syntax purge qos Parameters None Description This command destroys all the policies, traffic classes, and flow groups; resets the CoS priorities to port egress queues to the default values; and sets the scheduling mode and egress weight queues to their default values.
PAGE 406
Chapter 21: Quality of Service (QoS) Commands SET QOS FLOWGROUP Syntax set qos flowgroup=value [description=string] [markvalue=value|none] [priority=value|NONE] [remarkpriority=yes|no|on|off|true|false] [tos=value|none] [movetostopriority=yes|no|on|off|true|false] [moveprioritytotos=yes|no|on|off|true|false] [classifierlist=values|none] Parameters flowgroup Specifies the ID number of the flow group you want to modify. The range is 0 to 1023. description Specifies a new description for the flow group.
PAGE 407
AT-S63 Management Software Command Line User’s Guide omitted or set to NONE. Options are: tos yes, on, true Replaces the user priority value in the packets with the new value specified with the PRIORITY parameter. no, off, false Does not replace the user priority value in the packets with the new value specified in with the PRIORITY parameter. This is the default. Specifies a replacement value to write into the Type of Service (ToS) field of IPv4 packets. The range is 0 to 7.
PAGE 408
Chapter 21: Quality of Service (QoS) Commands Description This command modifies the specifications of an existing flow group. The only parameter you cannot change is a flow group’s ID number. To initially create a flow group, refer to “CREATE QOS FLOWGROUP” on page 377. Note For examples of command sequences used to create entire QoS policies, refer to “CREATE QOS POLICY” on page 384. When modifying a flow group, note the following:  You cannot change a flow group’s ID number.
PAGE 409
AT-S63 Management Software Command Line User’s Guide SET QOS POLICY Syntax set qos policy=value [description=string] [indscpoverwrite=value|none] [remarkindscp=[all|none]] [tos=value|none] [movetostopriority=yes|no|on|off|true|false] [moveprioritytotos=yes|no|on|off|true|false] [sendtomirror=yes|no|on|off|true|false] [trafficclasslist=values|none] [redirectport=value|none] [ingressport=port|all|none] [egressport=port|none] Parameters policy Specifies an ID number for the policy.
PAGE 410
Chapter 21: Quality of Service (QoS) Commands a flow group overrides a ToS value specified at the traffic class or policy level. movetostopriority Replaces the value in the 802.1p priority field with the value in the ToS priority field on IPv4 packets. Options are: yes, on, true Replaces the value in the 802.1p priority field with the value in the ToS priority field on IPv4 packets. no, off, false Does not replace the preexisting 802.1p priority level This is the default.
PAGE 411
AT-S63 Management Software Command Line User’s Guide The ports specified by this parameter replace any ingress ports already assigned to the policy. To retain the current ingress ports, use the “SET QOS PORT” on page 413 instead of this command to add ingress ports to the policy. A port can be an ingress port of only one policy at a time. If a port is already an ingress port of a policy, you must remove the port from its current policy assignment before adding it to another policy.
PAGE 412
Chapter 21: Quality of Service (QoS) Commands Examples This command changes the ingress port for policy 8 to port 23: set qos policy=8 ingressport=8 This command changes the traffic classes assigned to policy 41: set qos policy=41 trafficclasslist=12,23 412 Section II: Advanced Operations
PAGE 413
AT-S63 Management Software Command Line User’s Guide SET QOS PORT Syntax set qos port=value type=ingress|egress policy=value|none Parameter port Specifies the port to be added to or removed from a policy. A policy can have more than one ingress port, but only one egress port. For instructions on how to enter port numbers, refer to “Port Numbers in Commands” on page 48. type Specifies whether the port is an ingress or egress port for the policy. The default is ingress.
PAGE 414
Chapter 21: Quality of Service (QoS) Commands SET QOS TRAFFICCLASS Syntax set qos trafficclass=value [description=”string”] [exceedaction=drop|remark] [exceedremarkvalue=value|none] [markvalue=value|none] [maxbandwidth=value|none] [burstsize=value|none] [priority=value|none] [remarkpriority=yes|no|on|off|true|false] [tos=value|none] [movetostopriority=yes|no|on|off|true|false] [moveprioritytotos=yes|no|on|off|true|false] [flowgrouplist=values|none] Parameters 414 trafficclass Specifies an ID number for
PAGE 415
AT-S63 Management Software Command Line User’s Guide markvalue Specifies a replacement value to write into the DSCP (TOS) field of the packets. The range is 0 to 63. A new DSCP value can be set at all three levels: flow group, traffic class, and policy. A DSCP value specified in a flow group overrides a DSCP value specified at the traffic class or policy level. A DSCP value specified at the traffic class level is used only if no value has been specified at the flow group level.
PAGE 416
Chapter 21: Quality of Service (QoS) Commands unused tokens will accumulate in the bucket. If the traffic increases, the excess traffic will be discarded since no tokens are available for handling the increase. If the traffic is below the maximum bandwidth, unused tokens will accumulate in the bucket since the actual bandwidth falls below the specified maximum. The unused tokens will be available for handling excess traffic should the traffic exceed the maximum bandwidth.
PAGE 417
AT-S63 Management Software Command Line User’s Guide A new ToS value can be set at all three levels: flow group, traffic class, and policy. A ToS value specified in a flow group overrides a ToS value specified at the traffic class or policy level. movetostopriority moveprioritytotos flowgrouplist Replaces the value in the 802.1p priority field with the value in the ToS priority field on IPv4 packets. Options are: yes, on, true Replaces the value in the 802.
PAGE 418
Chapter 21: Quality of Service (QoS) Commands Examples This command changes the exceed action in traffic class 18 to remark and specifies a remark value of 24.
PAGE 419
AT-S63 Management Software Command Line User’s Guide SHOW QOS FLOWGROUP Syntax AlliedWare Plus Command Available show qos flowgroup[=idnumber] Parameters flowgroup Specifies the ID of the flow group you want to view. You can specify more than one classifier at a time. Description This command displays the flow groups on a switch. An example is shown in Figure 58. Flow Group ID .............. Description ................ DSCP value ................. Priority ................... Remark Priority .........
PAGE 420
Chapter 21: Quality of Service (QoS) Commands set to No, which is the default, the packets retain their preexisting ToS priority level.  Classifier List - The classifiers assigned to the policy.  Parent Traffic Class ID - The ID number of the traffic class to which the flow group is assigned. A flow group can belong to only one traffic class at a time.  Is Active - The status of the flow group.
PAGE 421
AT-S63 Management Software Command Line User’s Guide SHOW QOS POLICY Syntax AlliedWare Plus Command Available show qos policy[=idnumber] Parameter policy Specifies the ID of the policy you want to view. You can specify more than one policy at a time. Separate multiple policies with commas (e.g., 4,5,10). Description This command displays the policies on a switch. An example is shown in Figure 59. Policy ID ................ Description .............. Remark DSCP .............. In DSCP overwrite ........
PAGE 422
Chapter 21: Quality of Service (QoS) Commands set to No, which is the default, the packets retain their preexisting 802.1p priority level.  Move Priority to ToS - If set to yes, replaces the value in the ToS priority field with the value in the 802.1p priority field on IPv4 packets. If set to No, which is the default, the packets retain their preexisting ToS priority level.  Send to Mirror Port - Copies the traffic that meets the criteria of the classifiers to a destination mirror port.
PAGE 423
AT-S63 Management Software Command Line User’s Guide Examples This command displays the details of all the policies: awplus# show service-policy This command displays policy 4: awplus# show service-policy 4 Section II: Advanced Operations 423
PAGE 424
Chapter 21: Quality of Service (QoS) Commands SHOW QOS TRAFFICCLASS Syntax AlliedWare Plus Command Available show qos trafficclass[=idnumber] Parameter trafficclass Specifies the ID of the traffic class you want to view. You can specify more than one traffic class at a time. Separate multiple traffic classes with commas (e.g., 4,5,10). Description This command displays the traffic classes on a switch. An example is shown in Figure 60. Traffic Class ID .......... Description ...............
PAGE 425
AT-S63 Management Software Command Line User’s Guide  Priority - The priority value in the IEEE 802.1p tag control field assigned to the traffic that belongs to this traffic class.  Remark Priority - Replaces the user priority value in the packets with the Priority value.  ToS - Specifies a replacement value to write into the Type of Service (ToS) field of IPv4 packets. The range is 0 to 7.  Move ToS to Priority - If set to yes, replaces the value in the 802.
PAGE 426
Chapter 21: Quality of Service (QoS) Commands Examples This command displays the details of all the traffic classes: awplus# show policy-map This command displays the traffic class with the ID number 12: awplus# show policy-map 12 426 Section II: Advanced Operations
PAGE 427
Chapter 22 Group Link Control Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “ADD GLC” on page 428  “CREATE GLC” on page 430  “DELETE GLC” on page 432  “DESTROY GLC” on page 434  “DISABLE GLC” on page 436  “ENABLE GLC” on page 437  “SHOW GLC” on page 438 427
PAGE 428
Chapter 22: Group Link Control Commands ADD GLC Syntax AlliedWare Plus Command Available add glc upstream|downstream group port Parameters upstream| downstream Specifies whether a port is to be an upstream port or a downstream port of a group. group Specifies a group for a port. You can specify only one group and the group must already exist. The range is 1 to 8. port Specifies a port to add to a group. You can specify more than one port.
PAGE 429
AT-S63 Management Software Command Line User’s Guide AlliedWare Plus Command Syntax group link control upstream|downstream group Mode Port Interface mode Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 430
Chapter 22: Group Link Control Commands CREATE GLC Syntax AlliedWare Plus Command Available create glc group [downstream_port] [upstream_port] Parameters group Specifies an ID number for a new group. The range is 1 to 8. downstream_ Specifies a downstream port. You can specify more than port one port. upstream_ port Specifies an upstream port. You can specify more than one port. Description This command is used to create new groups.
PAGE 431
AT-S63 Management Software Command Line User’s Guide Mode Configure mode Description There are several differences between this command and the standard command. First, this command automatically activates group link control when you create the first group. The standard commands have a separate command for activating the feature. Second, this command creates groups without any ports. You have to add the ports separately using the GROUP LINK CONTROL UPSTREAM|DOWNSTREAM command.
PAGE 432
Chapter 22: Group Link Control Commands DELETE GLC Syntax AlliedWare Plus Command Available delete glc upstream|downstream group port Parameters upstream| downstream Specifies whether a port is an upstream port or a downstream port of a group. group Specifies a group. You can specify only one group. The range is 1 to 8. port Specifies a port to remove from a group. You can specify more than one port. Description This command is used to remove ports from groups.
PAGE 433
AT-S63 Management Software Command Line User’s Guide Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 434
Chapter 22: Group Link Control Commands DESTROY GLC Syntax AlliedWare Plus Command Available destroy glc group Parameters group Specifies an ID number of a group to be deleted. You can delete only one group at a time. The range is 1 to 8. Description This command is used to delete groups from group link control. Here are a few guidelines:  You do not have to delete the upstream and downstream ports before deleting a group.
PAGE 435
AT-S63 Management Software Command Line User’s Guide awplus> enable awplus# configure terminal awplus(config)# no group link control 2 Section II: Advanced Operations 435
PAGE 436
Chapter 22: Group Link Control Commands DISABLE GLC Syntax AlliedWare Plus Command Available disable glc Parameters None. Description This command is used to disable group link control on a switch or a stack. Here are a few guidelines:  The defined groups remain, but the feature is disabled.  The ports of the groups forward traffic normally, including any disabled downstream ports.
PAGE 437
AT-S63 Management Software Command Line User’s Guide ENABLE GLC Syntax AlliedWare Plus Command Available enable glc Parameters None. Description This command is used to enable group link control on a switch or a stack. Example This command enables group link control: enable glc AlliedWare Plus Command Section II: Advanced Operations The AlliedWare Plus GROUP LINK CONTROL command automatically activates the feature when you create the first group on a switch or a stack.
PAGE 438
Chapter 22: Group Link Control Commands SHOW GLC Syntax AlliedWare Plus Command Available show glc [group] Parameters group Specifies an ID number of a group to display. The range is 1 to 8. You can specify only one group. The command displays all of the groups if you omit this parameter. Description This command is used to display the groups for group link control on a switch or a stack. Figure 61 is an example of the information the command displays. Group Link Control State ..............
PAGE 439
AT-S63 Management Software Command Line User’s Guide This command displays just group 2: show glc 2 AlliedWare Plus Command Syntax show group link control [group] Mode User Exec mode and Privileged Exec mode Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 440
Chapter 22: Group Link Control Commands 440 Section II: Advanced Operations
PAGE 441
Chapter 23 Denial of Service Defense Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks  “SET DOS” on page 442  “SET DOS IPOPTION” on page 443  “SET DOS LAND” on page 445  “SET DOS PINGOFDEATH” on page 446  “SET DOS SMURF” on page 448  “SET DOS SYNFLOOD” on page 449  “
PAGE 442
Chapter 23: Denial of Service Defense Commands SET DOS Syntax set dos ipaddress=ipaddress subnet=mask uplinkport=port Parameters ipaddress Specifies the IP address of one of the devices connected to the switch, preferably the lowest IP address. subnet Specifies the subnet mask of the LAN. A binary “1” indicates the switch should filter on the corresponding bit of the address, while a “0” indicates that it should not.
PAGE 443
AT-S63 Management Software Command Line User’s Guide SET DOS IPOPTION Syntax set dos ipoption port=port state=enable|disable [mirroring=yes|no|on|off|true|false|enabled|disabled] Parameters port Specifies the switch port where you want to enable or disable the IP Option defense. You can specify more than one port at a time. state Specifies the state of the IP Option defense. The options are: mirroring enable Activates the defense. disable Deactivates the defense. This is the default.
PAGE 444
Chapter 23: Denial of Service Defense Commands You can use the MIRRORING parameter to copy the examined traffic to a destination port mirror for analysis with a data analyzer. To define the destination port, refer to “SET SWITCH MIRROR” on page 238.
PAGE 445
AT-S63 Management Software Command Line User’s Guide SET DOS LAND Syntax set dos land port=port state=enable|disable [mirroring=yes|no|on|off|true|false|enabled|disabled] Parameters port Specifies the switch port on which you want to enable or disable the Land defense. You can specify more than one port at a time. state Specifies the state of the Land defense. The options are: mirroring enable Activates the defense. disable Deactivates the defense. This is the default.
PAGE 446
Chapter 23: Denial of Service Defense Commands SET DOS PINGOFDEATH Syntax set dos pingofdeath port=port state=enable|disable [mirroring=yes|no|on|off|true|false|enabled|disabled] Parameters port Specifies the switch ports on which to enable or disable the Ping of Death defense. You can specify more than one port at a time. state Specifies the state of the IP Option defense. The options are: mirroring enable Activates the defense. disable Deactivates the defense. This is the default.
PAGE 447
AT-S63 Management Software Command Line User’s Guide Note This defense mechanism requires some involvement by the switch’s CPU, though not as much as the Teardrop defense. This will not impact the forwarding of traffic between the switch ports, but it can affect the handling of CPU events, like the processing of IGMP packets and spanning tree BPDUs. For this reason, Allied Telesis recommends limiting the use of this defense to only those ports where an attack is likely to originate.
PAGE 448
Chapter 23: Denial of Service Defense Commands SET DOS SMURF Syntax set dos smurf port=port state=enable|disable Parameters port Specifies the switch ports on which you want to enable or disable SMURF defense. You can select more than one port at a time. state Specifies the state of the SMURF defense. The options are: enable Activates the defense. disable Deactivates the defense. This is the default. Description This command activates and deactivates the SMURF DoS defense.
PAGE 449
AT-S63 Management Software Command Line User’s Guide SET DOS SYNFLOOD Syntax set dos synflood port=port state=enable|disable Parameters port Specifies the switch ports on which you want to enable or disable this DoS defense. You can select more than one port at a time. state Specifies the state of the DoS defense. The options are: enable Activates the defense. disable Deactivates the defense. This is the default. Description This command activates and deactivates the SYN ACK Flood DoS defense.
PAGE 450
Chapter 23: Denial of Service Defense Commands SET DOS TEARDROP Syntax set dos teardrop port=port state=enable|disable [mirroring=yes|no|on|off|true|false|enabled|disabled] Parameters port Specifies the switch ports on which you want to enable or disable this DoS defense. You can select more than one port at a time. state Specifies the state of the DoS defense. The options are: mirroring enable Activates the defense. disable Deactivates the defense. This is the default.
PAGE 451
AT-S63 Management Software Command Line User’s Guide You can use the MIRRORING parameter to copy the offending traffic to a destination port mirror for analysis with a data analyzer. To define the destination port, refer to “SET SWITCH MIRROR” on page 238. Caution This defense is extremely CPU intensive and should be used with caution. Unrestricted use can cause a switch to halt operations if the CPU becomes overwhelmed with IP traffic.
PAGE 452
Chapter 23: Denial of Service Defense Commands SHOW DOS Syntax 1 show dos [ipaddress] [subnet] [uplinkport] Syntax 2 show dos defense port=port Parameters ipaddress Displays the IP address of the LAN. subnet Displays the subnet mask. uplinkport Displays the uplink port for the Land defense. defense Displays the status of a specified defense for a particular port.
PAGE 453
AT-S63 Management Software Command Line User’s Guide The following command displays the status of the SMURF defense on port 4: show dos smurf port=4 Section II: Advanced Operations 453
PAGE 454
Chapter 23: Denial of Service Defense Commands 454 Section II: Advanced Operations
PAGE 455
Chapter 24 Power Over Ethernet Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes  “DISABLE POE PORT” on page 456  “ENABLE POE PORT” on page 457  “SET POE PORT” on page 458  “SET POE POWERTHRESHOLD” on page 460  “SHOW POE CONFIG” on page 461  “SHOW POE STATUS” on page 462 AT-9400Ts Stack 455
PAGE 456
Chapter 24: Power Over Ethernet Commands DISABLE POE PORT Syntax disable poe port=port Parameters port Specifies a port. You can configure more than one port at a time. For instructions on how to enter port numbers, refer to “Port Numbers in Commands” on page 48. Description This command disables PoE on a port. The default setting for PoE on a port is enabled. Ports provide standard Ethernet connectivity even when PoE is disabled.
PAGE 457
AT-S63 Management Software Command Line User’s Guide ENABLE POE PORT Syntax enable poe port=port Parameters port Specifies a port. You can configure more than one port at a time. For instructions on how to enter port numbers, refer to “Port Numbers in Commands” on page 48. Description This command activates PoE on the ports. The default setting for PoE is enabled.
PAGE 458
Chapter 24: Power Over Ethernet Commands SET POE PORT Syntax set poe port=port [poefunction=enable|disable] [priority=low|high|critical] [powerlimit=value] Parameters port Specifies a port. You can configure more than one port at a time. For instructions on how to enter port numbers, refer to “Port Numbers in Commands” on page 48. poefunction Enables and disables PoE on a port. The default setting is enabled. This parameter is equivalent to the DISABLE POE PORT and DISABLE POE PORT commands.
PAGE 459
AT-S63 Management Software Command Line User’s Guide The Critical level is the highest priority level. Ports set to this level are guaranteed power before any ports assigned to the other two priority levels. Ports assigned to the other priority levels receive power only if all the Critical ports are receiving power. Your most critical powered devices should be assigned to this level.
PAGE 460
Chapter 24: Power Over Ethernet Commands SET POE POWERTHRESHOLD Syntax set poe powerthreshold=value Parameters threshold Specifies the threshold as a percentage of the total amount of PoE available. The range is 1 to 100. Description This command lets you specify a power threshold for the powered devices that are connected to the switch. If the total power requirements of the devices exceed the threshold, the switch enters an event in the event log and sends an SNMP trap to your management workstation.
PAGE 461
AT-S63 Management Software Command Line User’s Guide SHOW POE CONFIG Syntax show poe config [port=port] Parameter port Specifies a port. You can view more than one port at a time. For instructions on how to enter port numbers, refer to “Port Numbers in Commands” on page 48. Description Entering this command without specifying a port displays the following PoE information:  Maximum available power - The total amount of available power on the switch for powered devices.
PAGE 462
Chapter 24: Power Over Ethernet Commands SHOW POE STATUS Syntax show poe status [port=port] Parameter port Specifies a port. You can view more than one port at a time. For instructions on how to enter port numbers, refer to “Port Numbers in Commands” on page 48. Description Entering this command without specifying a port displays the following PoE information:  Max Available Power - The total available power for PoE supplied by the switch. This value is 380 W for the AT-9424T/POE switch.
PAGE 463
AT-S63 Management Software Command Line User’s Guide  Power Consumed - The amount of power in milliwatts currently consumed by the powered device connected to the port. If the port is not connected to a powered device, this value will be 0 (zero).  Power Limit - The maximum amount of power allowed by the port for the device. The default is 15,400 milliwatts (15.4 W). To adjust this value for a port, refer to “SET POE PORT” on page 458.  Power Priority - The port priority.
PAGE 464
Chapter 24: Power Over Ethernet Commands 464 Section II: Advanced Operations
PAGE 465
Section III Snooping Protocols This section has the following chapters: Section III: Snooping Protocols  Chapter 25, “Internet Group Management Protocol (IGMP) Snooping Commands” on page 467  Chapter 26, “Internet Group Management Protocol (IGMP) Snooping Querier Commands” on page 479  Chapter 27, “Multicast Listener Discovery (MLD) Snooping Commands” on page 485  Chapter 28, “Router Redundancy Protocol (RRP) Snooping Commands” on page 499  Chapter 29, “Ethernet Protection Switching Ring (
PAGE 466
Section III: Snooping Protocols
PAGE 467
Chapter 25 Internet Group Management Protocol (IGMP) Snooping Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “DISABLE IGMPSNOOPING” on page 468  “ENABLE IGMPSNOOPING” on page 469  “SET IP IGMP” on page 470  “SHOW IGMPSNOOPING” on page 474  “SHOW IP IGMP” on page 476
PAGE 468
Chapter 25: Internet Group Management Protocol (IGMP) Snooping Commands DISABLE IGMPSNOOPING Syntax AlliedWare Plus Command Available disable igmpsnooping Parameters None. Description This command deactivates IGMP snooping on the switch. This command also removes IGMP querier from its VLAN assignments. Example The following command deactivates IGMP snooping: disable igmpsnooping Equivalent Command set ip igmp snoopingstatus=disabled For information, refer to “SET IP IGMP” on page 470.
PAGE 469
AT-S63 Management Software Command Line User’s Guide ENABLE IGMPSNOOPING Syntax AlliedWare Plus Command Available enable igmpsnooping Parameters None. Description This command activates IGMP snooping on the switch. Example The following command activates IGMP snooping: enable igmpsnooping Equivalent Command set ip igmp snoopingstatus=enabled For information, refer to “SET IP IGMP” on page 470.
PAGE 470
Chapter 25: Internet Group Management Protocol (IGMP) Snooping Commands SET IP IGMP Syntax AlliedWare Plus Command Available set ip igmp [snoopingstatus=enabled|disabled] [hoststatus=singlehost|multihost] [timeout=value] [numbermulticastgroups=value] [routerport=port|all|none|auto] Parameters snoopingstatus hoststatus timeout Activates and deactivates IGMP snooping on the switch. The options are: enabled Activates IGMP snooping. disabled Deactivates IGMP snooping. This is the default setting.
PAGE 471
AT-S63 Management Software Command Line User’s Guide router during the specified time interval, the router is assumed to be no longer active on the port. The actual timeout may be ten seconds less that the specified value. For example, a setting of 25 seconds can result in the switch classifying a host node or multicast router as inactive after just 15 seconds. A setting of 10 seconds or less can result in the immediate timeout of an inactive host node or router.
PAGE 472
Chapter 25: Internet Group Management Protocol (IGMP) Snooping Commands Examples The following command activates IGMP snooping, sets the IGMP topology to Multi-Host, and sets the timeout value to 120 seconds: set ip igmp snoopingstatus=enabled hoststatus=multihost timeout=120 The following command changes the topology to Single-Host: set ip igmp hoststatus=singlehost The following command disables IGMP snooping: set ip igmp snoopingstatus=disabled Equivalent Commands disable igmpsnooping For informatio
PAGE 473
AT-S63 Management Software Command Line User’s Guide Examples This example sets the maximum number of multicast groups to 25: awplus> enable awplus# configure terminal awplus(config)# ip igmp limit 25 This example sets the timeout for inactive nodes to 400 seconds: awplus> enable awplus# configure terminal awplus(config)# ip igmp querier-timeout 400 This example sets the host node topology to multiple nodes: awplus> enable awplus# configure terminal awplus(config)# ip igmp status multiple This example s
PAGE 474
Chapter 25: Internet Group Management Protocol (IGMP) Snooping Commands SHOW IGMPSNOOPING Syntax AlliedWare Plus Command Available show igmpsnooping Parameters None. Description This command displays the IGMP parameters. Figure 62 illustrates the information. IGMP Snooping Configuration: IGMP Snooping Status ............... Querier Admin ...................... Host Topology ...................... Host/Router Timeout Interval ....... Maximum IGMP Multicast Groups ...... Router Port(s) ..................
PAGE 475
AT-S63 Management Software Command Line User’s Guide Example The following command displays the current IGMP parameter settings: show igmpsnooping Equivalent Command show ip igmp For information, see “SHOW IP IGMP” on page 476. show ip igmp querierlist For information, see “SHOW IP IGMP QUERIERLIST” on page 482. AlliedWare Plus Command Syntax show ip igmp snooping Mode User Exec mode and Privileged Exec mode Description This command is equivalent to the standard command.
PAGE 476
Chapter 25: Internet Group Management Protocol (IGMP) Snooping Commands SHOW IP IGMP Syntax show ip igmp [hostlist] [routerlist] Parameters hostlist Displays a list of the multicast groups learned by the switch, as well as the ports on the switch that are connected to host nodes. This parameter displays information only when there are active host nodes. routerlist Displays the ports on the switch where multicast routers are detected.
PAGE 477
AT-S63 Management Software Command Line User’s Guide Number of IGMP Multicast Groups: 4 VLAN Port/ IGMP Exp. MulticastGroup ID TrunkID HostIP Ver Time -----------------------------------------------------------01:00:5E:00:01:01 01:00:5E:7F:FF:FA 1 1 6/5/- 01:00:5E:00:00:02 01:00:5E:00:00:09 1 1 17/14/- 172.16.10.51 149.35.200.75 149.35.200.65 149.35.200.69 172.16.10.51 v2 v2 v2 v2 v2 21 11 65 34 32 Figure 64.
PAGE 478
Chapter 25: Internet Group Management Protocol (IGMP) Snooping Commands  Router IP - The IP address of the multicast router.
PAGE 479
Chapter 26 Internet Group Management Protocol (IGMP) Snooping Querier Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “SET IP IGMP QUERIER” on page 480  “SHOW IP IGMP QUERIERLIST” on page 482 479
PAGE 480
Chapter 26: Internet Group Management Protocol (IGMP) Snooping Querier Commands SET IP IGMP QUERIER Syntax AlliedWare Plus Command Available set ip igmp querier enable|disable vlan=vid Parameters vlan Specifies the ID of the VLAN where you want to add or remove IGMP querier. Description This command is used to add and remove IGMP snooping querier from a VLAN. The ENABLE option adds it to a VLAN and the DISABLE option removes it.
PAGE 481
AT-S63 Management Software Command Line User’s Guide Mode Configure mode Description These AlliedWare Plus commands are equivalent to the standard command.
PAGE 482
Chapter 26: Internet Group Management Protocol (IGMP) Snooping Querier Commands SHOW IP IGMP QUERIERLIST Syntax AlliedWare Plus Command Available show ip igmp querierlist Parameters None. Description This command displays the IGMP snooping querier parameters. Figure 66 illustrates the information. VLAN Querier Interface Exp. Query Version 1 ID Status IP Address Time Version Source Port -----------------------------------------------------------12 Querier 149.122.12.45 48 Ver 2 Figure 66.
PAGE 483
AT-S63 Management Software Command Line User’s Guide Description This command is equivalent to the standard command.
PAGE 484
Chapter 26: Internet Group Management Protocol (IGMP) Snooping Querier Commands 484 Section III: Snooping Protocols
PAGE 485
Chapter 27 Multicast Listener Discovery (MLD) Snooping Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes  “DISABLE MLDSNOOPING” on page 486  “ENABLE MLDSNOOPING” on page 487  “SET IPV6 MLDSNOOPING” on page 488  “SHOW MLDSNOOPING” on page 492  “SHOW IPV6 MLDSNOOPING” on page 495 AT-9400Ts Sta
PAGE 486
Chapter 27: Multicast Listener Discovery (MLD) Snooping Commands DISABLE MLDSNOOPING Syntax AlliedWare Plus Command Available disable mldsnooping Parameters None. Description This command deactivates MLD snooping on the switch. Example The following command deactivates MLD snooping: disable mldsnooping Equivalent Command set ipv6 mldsnooping snoopingstatus=disabled For information, refer to “SET IPV6 MLDSNOOPING” on page 488.
PAGE 487
AT-S63 Management Software Command Line User’s Guide ENABLE MLDSNOOPING Syntax AlliedWare Plus Command Available enable mldsnooping Parameters None. Description This command activates MLD snooping on the switch. Example The following command activates MLD snooping: enable mldsnooping Equivalent Command set ipv6 mldsnooping snoopingstatus=enabled For information, refer to “SET IPV6 MLDSNOOPING” on page 488.
PAGE 488
Chapter 27: Multicast Listener Discovery (MLD) Snooping Commands SET IPV6 MLDSNOOPING Syntax AlliedWare Plus Command Available set ipv6 mldsnooping [snoopingstatus=enabled|disabled] [hoststatus=singlehost|multihost] [timeout=value] [numbermulticastgroups=value] [routerport=port|all|none|auto] Parameters snoopingstatus hoststatus 488 Activates and deactivates MLD snooping on the switch. The options are: enabled Activates MLD snooping. disabled Deactivates MLD snooping. This is the default setting.
PAGE 489
AT-S63 Management Software Command Line User’s Guide static MAC addresses. The range is 1 to 255 addresses; the default is 64 addresses. Note The combined number of multicast address groups for IGMP and MLD snooping cannot exceed 255. routerport Specifies the port(s) on the switch connected to a multicast router. Options are: port Specifies the router port(s) manually. all Specifies all of the switch ports. none Sets the mode to manual without any router ports specified.
PAGE 490
Chapter 27: Multicast Listener Discovery (MLD) Snooping Commands AlliedWare Plus Command Syntax To enable MLD snooping: ip mld snooping To disable MLD snooping: no ip mld snooping To set the host node topology: ip mld status single|multiple To set the time-out period for inactive host nodes: ip mld querier-timeout timeout To set the maximum number of multicast addresses the switch can learn: ip mld limit numbermulticastgroups To specify a router port: ip mld router interface port Mode Configure mode
PAGE 491
AT-S63 Management Software Command Line User’s Guide This example sets the maximum number of multicast groups to 25: awplus> enable awplus# configure terminal awplus(config)# ip mld limit 25 This example sets the router port to port 14: awplus> enable awplus# configure terminal awplus(config)# ip mld router interface 14 Section III: Snooping Protocols 491
PAGE 492
Chapter 27: Multicast Listener Discovery (MLD) Snooping Commands SHOW MLDSNOOPING Syntax AlliedWare Plus Command Available show mldsnooping Parameters None. Description This command displays the following MLD parameters:  MLD snooping status  Multicast host topology  Host/router timeout interval  Maximum multicast groups  Host and router lists To set the MLD parameters, refer to “SET IPV6 MLDSNOOPING” on page 488. This command displays the information in Figure 67.
PAGE 493
AT-S63 Management Software Command Line User’s Guide The parameters in the MLD Snooping Configuration section are explained “SET IPV6 MLDSNOOPING” on page 488. The Host List section displays the following information:  Multicast Group - The multicast address of the group.  VLAN - The VID of the VLAN where the port is an untagged member.  Port/TrunkID - The port on the switch where the host node is connected.
PAGE 494
Chapter 27: Multicast Listener Discovery (MLD) Snooping Commands Example awplus# show ip mld snooping 494 Section III: Snooping Protocols
PAGE 495
AT-S63 Management Software Command Line User’s Guide SHOW IPV6 MLDSNOOPING Syntax show ipv6 mldsnooping [hostlist] [routerlist] Parameters hostlist Displays a list of the multicast groups learned by the switch, as well as the ports on the switch that are connected to host nodes. This parameter displays information only when there are active host nodes. routerlist Displays the ports on the switch where multicast routers are detected.
PAGE 496
Chapter 27: Multicast Listener Discovery (MLD) Snooping Commands Refer to “SET IPV6 MLDSNOOPING” on page 488 for an explanation of the parameters. The HOSTLIST option displays the information in Figure 69. Host List: Number of MLD Multicast Groups: 1 VLAN Port/ Exp. MulticastGroup ID TrunkID HostIP Time -------------------------------------------------------------------------------------------33:33:00:00:00:ab 1 6 fe80:0000:0000:0000:0208:74ff:feff:bf08 21 Figure 69.
PAGE 497
AT-S63 Management Software Command Line User’s Guide Examples The following command displays the current MLD parameter settings: show ipv6 mldsnooping The following command displays a list of active host nodes connected to the switch: show ipv6 mldsnooping hostlist The following command displays a list of active multicast routers: show ipv6 mldsnooping routerlist Equivalent Command show mldsnooping For information, see “SHOW MLDSNOOPING” on page 492.
PAGE 498
Chapter 27: Multicast Listener Discovery (MLD) Snooping Commands 498 Section III: Snooping Protocols
PAGE 499
Chapter 28 Router Redundancy Protocol (RRP) Snooping Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes  “DISABLE RRPSNOOPING” on page 500  “ENABLE RRPSNOOPING” on page 501  “SHOW RRPSNOOPING” on page 502 AT-9400Ts Stacks 499
PAGE 500
Chapter 28: Router Redundancy Protocol (RRP) Snooping Commands DISABLE RRPSNOOPING Syntax AlliedWare Plus Command Available disable rrpsnooping Parameters None. Description This command disables RRP snooping. This is the default setting. Example The following command disables RRP snooping: disable rrpsnooping AlliedWare Plus Command Syntax no ip rrp snooping Modes Configure mode Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 501
AT-S63 Management Software Command Line User’s Guide ENABLE RRPSNOOPING Syntax AlliedWare Plus Command Available enable rrpsnooping Parameters None. Description This command enables RRP snooping. Example The following command activates RRP snooping on the switch: enable rrpsnooping AlliedWare Plus Command Syntax ip rrp snooping Modes Configure mode Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 502
Chapter 28: Router Redundancy Protocol (RRP) Snooping Commands SHOW RRPSNOOPING Syntax AlliedWare Plus Command Available show rrpsnooping Parameter None. Description This command displays whether RRP snooping is enabled or disabled. Example The following command displays the status of RRP snooping: show rrpsnooping AlliedWare Plus Command Syntax show ip rrp snooping Modes User Exec mode and Privileged Exec mode Description This AlliedWare Plus command is equivalent to the standard command.
PAGE 503
Chapter 29 Ethernet Protection Switching Ring (EPSR) Snooping Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP  “DISABLE EPSRSNOOPING” on page 504  “ENABLE EPSRSNOOPING” on page 505  “SHOW EPSRSNOOPING” on page 506 Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks 503
PAGE 504
Chapter 29: Ethernet Protection Switching Ring (EPSR) Snooping Commands DISABLE EPSRSNOOPING Syntax disable epsrsnooping [controlvlan=vid|vlan_name|all] Parameter controlvlan Specifies the control VLAN where Ethernet Protected Switching Ring (EPSR) snooping is to be disabled. The VLAN can be identified by its VID or name. A VLAN name is case-sensitive. To disable EPSR snooping on all the control VLANs on the switch, either omit this parameter or specify ALL.
PAGE 505
AT-S63 Management Software Command Line User’s Guide ENABLE EPSRSNOOPING Syntax enable epsrsnooping controlvlan=vid|vlan_name Parameter controlvlan Specifies the control VLAN where Ethernet Protected Switching Ring (EPSR) snooping is to be enabled. The VLAN can be identified by its VID or name. A VLAN name is case-sensitive. You can specify only one control VLAN at a time with this command. Description This command activates EPSR snooping on a control VLAN.
PAGE 506
Chapter 29: Ethernet Protection Switching Ring (EPSR) Snooping Commands SHOW EPSRSNOOPING Syntax show epsrsnooping Parameter None. Description This command displays the status of EPSR snooping.
PAGE 507
Section IV SNMPv3 This section has the following chapter:  Section III: SNMPv3 Chapter 30, “SNMPv3 Commands” on page 509 507
PAGE 508
Section III: SNMPv3
PAGE 509
Chapter 30 SNMPv3 Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “ADD SNMPV3 USER” on page 511  “CREATE SNMPV3 ACCESS” on page 514  “CREATE SNMPV3 COMMUNITY” on page 517  “CREATE SNMPV3 GROUP” on page 519  “CREATE SNMPV3 NOTIFY” on page 521  “CREATE SNMPV3 TARGET
PAGE 510
Chapter 30: SNMPv3 Commands 510  “SHOW SNMPV3 ACCESS” on page 562  “SHOW SNMPV3 COMMUNITY” on page 563  “SHOW SNMPv3 GROUP” on page 564  “SHOW SNMPV3 NOTIFY” on page 565  “SHOW SNMPV3 TARGETADDR” on page 566  “SHOW SNMPV3 TARGETPARAMS” on page 567  “SHOW SNMPV3 USER” on page 568  “SHOW SNMPV3 VIEW” on page 569 Section IV: SNMPv3
PAGE 511
AT-S63 Management Software Command Line User’s Guide ADD SNMPV3 USER Syntax AlliedWare Plus Command Available add snmpv3 user=user [authentication=md5|sha] authpassword=password privpassword=password [storagetype=volatile|nonvolatile] Parameters user Specifies the name of an SNMPv3 user, up to 32 alphanumeric characters. authentication Specifies the authentication protocol that is used to authenticate this user with an SNMP entity (manager or NMS).
PAGE 512
Chapter 30: SNMPv3 Commands entry to the configuration file on the switch. This is the default. nonvolatile Allows you to save the table entry to the configuration file on the switch. Description This command creates an SNMPv3 User Table entry. Examples This command creates an SNMPv3 user with the name “steven142”, an authentication protocol of MD5, an authentication password of “99doublesecret12”, a privacy password of “encrypt178” and a storage type of nonvolatile.
PAGE 513
AT-S63 Management Software Command Line User’s Guide awplus> enable awplus# configure terminal awplus(config)# snmp-server user csmith auth md5 light224aq priv=pl567pe Section IV: SNMPv3 513
PAGE 514
Chapter 30: SNMPv3 Commands CREATE SNMPV3 ACCESS Syntax AlliedWare Plus Command Available create snmpv3 access=access securitymodel=v1|v2c|v3 securitylevel=noauthentication|authentication| privacy [readview=readview] [writeview=writeview] [notifyview=notifyview] [storagetype=volatile|nonvolatile] Parameters access Specifies the name of the security group, up to 32 alphanumeric characters. securitymodel Specifies the security model.
PAGE 515
AT-S63 Management Software Command Line User’s Guide defaults to none. notifyview Specifies a Notify View Name that allows the users assigned to this Group Name to send traps permitted in the specified View. This is an optional parameter. If you do not assign a value to this parameter, then the notifyview parameter defaults to none. storagetype Specifies the storage type of this table entry. This is an optional parameter.
PAGE 516
Chapter 30: SNMPv3 Commands Note In the above example, the storage type has not been specified. As a result, the storage type for the hwengineering security group is volatile storage. AlliedWare Plus Command Syntax snmp-server group access secure noauth|auth|priv read readview write writeview notify notifyview model=v1|v2c|v3 Mode Configure mode Description This command differs from the standard command as follows:  This command uses the keyword GROUP instead of ACCESS.
PAGE 517
AT-S63 Management Software Command Line User’s Guide CREATE SNMPV3 COMMUNITY Syntax create snmpv3 community index=index communityname=communityname securityname=securityname transporttag=transporttag [storagetype=volatile|nonvolatile] Parameters index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. communityname Specifies a password for this community entry, up to 32 alphanumeric characters.
PAGE 518
Chapter 30: SNMPv3 Commands The following command creates an SNMP community with an index of 95 and a community name of “12sacramento49.” The user is “regina” and the transport tag “trainingtag.” The storage type for this community is nonvolatile storage.
PAGE 519
AT-S63 Management Software Command Line User’s Guide CREATE SNMPV3 GROUP Syntax create snmpv3 group username=username [securitymodel=v1|v2c|v3] groupname=groupname [storagetype=volatile|nonvolatile] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol.
PAGE 520
Chapter 30: SNMPv3 Commands create snmpv3 group username=Nancy securitymodel=v3 groupname=admin storagetype=nonvolatile The following command creates the SNMPv3 SecurityToGroup Table entry for a user named princess. The security model is set to the SNMPv3 protocol. The group name, or security group, for this user is the “training” group. The storage type is set to nonvolatile storage.
PAGE 521
AT-S63 Management Software Command Line User’s Guide CREATE SNMPV3 NOTIFY Syntax AlliedWare Plus Command Available create snmpv3 notify=notify tag=tag [type=trap|inform] [storagetype=volatile|nonvolatile] Parameters notify Specifies the name of an SNMPv3 Notify Table entry, up to 32 alphanumeric characters. tag Specifies the notify tag name, up to 32 alphanumeric characters. This is an optional parameter. type Specifies the message type. This is an optional parameter.
PAGE 522
Chapter 30: SNMPv3 Commands The following command creates the SNMPv3 Notify Table entry called “testenginform5” and the notify tag is “testenginformtag5.” The message type is defined as an inform message and the storage type for this entry is nonvolatile storage.
PAGE 523
AT-S63 Management Software Command Line User’s Guide CREATE SNMPV3 TARGETADDR Syntax AlliedWare Plus Command Available create snmpv3 targetaddr=targetaddr params=params ipaddress=ipaddress udpport=udpport timeout=timeout retries=retries taglist=taglist [storagetype=volatile|nonvolatile] Parameters targetaddr Specifies the name of the SNMP manager, or host, that manages the SNMP activity on the switch, up to 32 alphanumeric characters.
PAGE 524
Chapter 30: SNMPv3 Commands Examples In the following command, the name of the Target Address Table entry is “snmphost1.” In addition, the params parameter is assigned to “snmpv3manager” and the IP address is 198.1.1.1. The tag list consists of “swengtag,” “hwengtag,” and “testengtag.” The storage type for this table entry is nonvolatile storage. create snmpv3 targetaddr=snmphost1 params=snmpv3manager ipaddress=198.1.1.
PAGE 525
AT-S63 Management Software Command Line User’s Guide awplus(config)# snmp-server targetaddr snmpv3host1 param snmpv3manager ipaddress 198.1.1.
PAGE 526
Chapter 30: SNMPv3 Commands CREATE SNMPV3 TARGETPARAMS Syntax AlliedWare Plus Command Available create snmpv3 targetparams=targetparams username=username [securitymodel=v1|v2c|v3] [messageprocessing=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] [storagetype=volatile|nonvolatile] Parameters targetparams Specifies the name of the SNMPv3 Target Parameters Table entry, up to 32 alphanumeric characters. username Specifies a user name configured in the SNMPv3 User Table.
PAGE 527
AT-S63 Management Software Command Line User’s Guide privacy storagetype This option provides an authentication protocol and the privacy protocol. Specifies the storage type of this table entry. This is an optional parameter. The options are: volatile Does not allow you to save the table entry to the configuration file on the switch. This is the default. nonvolatile Allows you to save the table entry to the configuration file on the switch.
PAGE 528
Chapter 30: SNMPv3 Commands  You cannot define the storage type. New entries are automatically assigned the storage type of nonvolatile.  You must include all of the parameters.  The parameters must be entered in the order shown above. Example In this example, the Target Parameters Table entry is called “snmpv3mgr24” and the user name is “user444.” The security level is set to authentication, the security model to the SNMPv3 protocol, and the message processing to SNMPv3.
PAGE 529
AT-S63 Management Software Command Line User’s Guide CREATE SNMPV3 VIEW Syntax AlliedWare Plus Command Available create snmpv3 view=view [subtree=OID|text] mask=mask [type=included|excluded] [storagetype=volatile|nonvolatile] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view of the MIB Tree. The options are: OID A numeric value in hexadecimal format. text Text name of the view. mask Specifies the subtree mask, in hexadecimal format.
PAGE 530
Chapter 30: SNMPv3 Commands create snmpv3 view=internet1 subtree=internet type=included storagetype=nonvolatile The following command creates an SNMPv3 View Table entry called “tcp1” with a subtree value of the TCP/IP MIBs and a view type of excluded. The storage type for this table entry is nonvolatile storage.
PAGE 531
AT-S63 Management Software Command Line User’s Guide DELETE SNMPV3 USER Syntax AlliedWare Plus Command Available delete snmpv3 user=user Parameters user Specifies the name of an SNMPv3 user to delete from the switch. Description This command deletes SNMPv3 User Table entries. After you delete an SNMPv3 user from the switch, you cannot recover it. Examples The following command deletes the user named “wilson890.” delete snmpv3 user=wilson890 The following command deletes the user named “75murthy75.
PAGE 532
Chapter 30: SNMPv3 Commands DESTROY SNMPv3 ACCESS Syntax destroy snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] Parameter access Specifies an SNMPv3 Access Table entry. securitymodel Specifies the security model of the user name specified above. The options are: securitylevel v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol.
PAGE 533
AT-S63 Management Software Command Line User’s Guide destroy snmpv3 access=swengineering securitymodel=v3 securitylevel=authentication The following command deletes the SNMPv3 Access Table entry called “testengineering” with a security model of the SNMPv3 protocol and a security level of privacy.
PAGE 534
Chapter 30: SNMPv3 Commands DESTROY SNMPv3 COMMUNITY Syntax destroy snmpv3 community index=index Parameter index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. Description This command deletes an SNMPv3 Community Table entry. After you delete an SNMPv3 Community Table entry, you cannot recover it. Examples The following command deletes an SNMPv3 Community Table entry with an index of 1001.
PAGE 535
AT-S63 Management Software Command Line User’s Guide DESTROY SNMPv3 GROUP Syntax destroy snmpv3 group username=username [securitymodel=v1|v2c|v3] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol.
PAGE 536
Chapter 30: SNMPv3 Commands DESTROY SNMPv3 NOTIFY Syntax AlliedWare Plus Command Available destroy snmpv3 notify=notify Parameter notify Specifies an SNMPv3 Notify Table entry. Description This command deletes SNMPv3 Notify Table entries. After you delete an SNMPv3 Notify Table entry, you cannot recover it. Examples The following command deletes an SNMPv3 Notify Table entry called “systemtestnotifytrap.
PAGE 537
AT-S63 Management Software Command Line User’s Guide DESTROY SNMPv3 TARGETADDR Syntax AlliedWare Plus Command Available destroy snmpv3 targetaddr=target Parameter targetaddr Specifies an SNMPv3 Target Address table entry. Description This command deletes an SNMPv3 Target Address Table entry. After you delete an SNMPv3 Target Address Table entry, you cannot recover it. Example The following command deletes an SNMPv3 Address Table entry called “snmpmanager.
PAGE 538
Chapter 30: SNMPv3 Commands DESTROY SNMPv3 TARGETPARMS Syntax AlliedWare Plus Command Available destroy snmpv3 targetparams=targetparams Parameter targetparams Specifies an SNMPv3 Target Parameters table entry. Description This command deletes SNMPv3 Target Parameters Table entries. After you delete an SNMPv3 Target Parameters Table entry, you cannot recover it. Examples The following command deletes an SNMPv3 Target Parameters Table entry called “targetparameter1.
PAGE 539
AT-S63 Management Software Command Line User’s Guide DESTROY SNMPV3 VIEW Syntax AlliedWare Plus Command Available destroy snmpv3 view=view [subtree=OID|text] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view subtree view. The options are: OID A numeric value in hexadecimal format. text Text name of the view. Description This command deletes SNMPv3 View Table entries. After you delete an SNMPv3 View Table entry, you cannot recover it.
PAGE 540
Chapter 30: SNMPv3 Commands a subtree value of the Internet MIBs: awplus> enable awplus# configure terminal awplus(config)# no snmp-server view internet1 subtree internet 540 Section IV: SNMPv3
PAGE 541
AT-S63 Management Software Command Line User’s Guide PURGE SNMPV3 ACCESS Syntax purge snmpv3 access Parameters None Description This command resets the SNMPv3 Access Table to its default value by removing all the access table entries. To remove a single entry, use “DESTROY SNMPv3 ACCESS” on page 532.
PAGE 542
Chapter 30: SNMPv3 Commands PURGE SNMPV3 COMMUNITY Syntax purge snmpv3 community Parameters None Description This command resets the SNMPv3 Community Table to its default value by removing all the community table entries. To remove a single entry, use “DESTROY SNMPv3 COMMUNITY” on page 534.
PAGE 543
AT-S63 Management Software Command Line User’s Guide PURGE SNMPV3 NOTIFY Syntax purge snmpv3 notify Parameters None Description This command resets the SNMPv3 Notify Table to its default value by removing all the notify table entries. To remove a single entry, use “DESTROY SNMPv3 NOTIFY” on page 536.
PAGE 544
Chapter 30: SNMPv3 Commands PURGE SNMPV3 TARGETADDR Syntax purge snmpv3 targetaddr Parameters None Description This command resets the SNMPv3 Target Address Table to its default values by removing all the target address table entries. To remove a single entry, use “DESTROY SNMPv3 TARGETADDR” on page 537.
PAGE 545
AT-S63 Management Software Command Line User’s Guide PURGE SNMPV3 VIEW Syntax purge snmpv3 view Parameters None Description This command resets the SNMPv3 View Table to its default values by removing all the view table entries. To remove a single entry, use “DESTROY SNMPV3 VIEW” on page 539.
PAGE 546
Chapter 30: SNMPv3 Commands SET SNMPV3 ACCESS Syntax set snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] readview=readview writeview=writeview notifyview=notifyview [storagetype=volatile|nonvolatile] Parameters access Specifies the name of the group, up to 32 alphanumeric characters. securitymodel Specifies the security model. Options are: securitylevel v1 Associates the Security Name, or User Name, with the SNMPv1 protocol.
PAGE 547
AT-S63 Management Software Command Line User’s Guide storagetype Specifies the storage type of this table entry. This is an optional parameter. The options are: volatile Does not allow you to save the table entry to the configuration file on the switch. This is the default. nonvolatile Allows you to save the table entry to the configuration file on the switch. Description This command modifies an SNMPv3 Access Table entry. Examples The following command modifies the group called engineering.
PAGE 548
Chapter 30: SNMPv3 Commands SET SNMPV3 COMMUNITY Syntax set snmpv3 community index=index communityname=communityname securityname=securityname transporttag=transporttag [storagetype=volatile|nonvolatile] Parameters index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. communityname Specifies a password of this community, up to 32 alphanumeric characters. securityname Specifies the name of an SNMPv1 and SNMPv2 user, up to 32 alphanumeric characters.
PAGE 549
AT-S63 Management Software Command Line User’s Guide set snmpv3 community index=52 communityname=oldmiss71 securityname=jjhuser234 transporttag=testtag40 Section IV: SNMPv3 549
PAGE 550
Chapter 30: SNMPv3 Commands SET SNMPV3 GROUP Syntax set snmpv3 group username=username [securitymodel=v1|v2c|v3] groupname=groupname [storagetype=volatile|nonvolatile] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol.
PAGE 551
AT-S63 Management Software Command Line User’s Guide The following command modifies the SecurityToGroup Table entry with a user name of “nelvid.” The security model is the SNMPv3 protocol and the group name “systemtest.
PAGE 552
Chapter 30: SNMPv3 Commands SET SNMPV3 NOTIFY Syntax set snmpv3 notify=notify tag=tag [type=trap|inform] [storagetype=volatile|nonvolatile] Parameters notify Specifies the name associated with the trap message, up to 32 alphanumeric characters. tag Specifies the notify tag name, up to 32 alphanumeric characters. type Specifies the message type. Options are: storagetype trap Trap messages are sent, with no response expected from the host.
PAGE 553
AT-S63 Management Software Command Line User’s Guide The following command modifies an SNMPv3 Notify Table entry called “systemtestinform5.” The notify tag is “systemtestinform5tag” and the message type is an inform message.
PAGE 554
Chapter 30: SNMPv3 Commands SET SNMPV3 TARGETADDR Syntax set snmpv3 targetaddr=targetaddr params=params ipaddress=ipaddress udpport=udpport timeout=timeout retries=retries taglist=taglist [storagetype=volatile|nonvolatile] Parameters 554 targetaddr Specifies the name of the SNMP entity (NMS or manager) that manages the SNMP activity on the switch, up to 32 alphanumeric characters. params Specifies the target parameters name, up to 32 alphanumeric characters. This is an optional parameter.
PAGE 555
AT-S63 Management Software Command Line User’s Guide Description This command modifies an SNMPv3 Target Address Table entry. Examples The following command modifies the Target Address Table entry with a value of “snmphost.” The params parameter is set to “targetparameter7” and the IP address is 198.1.1.1. The taglist is set to “systemtesttraptag” and “systemtestinformtag.” set snmpv3 targetaddr=snmphost params=targetparameter7 ipaddress=198.1.1.
PAGE 556
Chapter 30: SNMPv3 Commands SET SNMPV3 TARGETPARAMS Syntax set snmpv3 targetparams=targetparams username=username [securitymodel=v1|v2c|v3] [messageprocessing=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] [storagetype=volatile|nonvolatile] Parameters targetparams Specifies the target parameters name, up to 32 alphanumeric characters. username Specifies the user name. securitymodel Specifies the security model of the above user name.
PAGE 557
AT-S63 Management Software Command Line User’s Guide authentication This option provides an authentication protocol, but no privacy protocol. privacy storagetype This option provides an authentication protocol and the privacy protocol. Specifies the storage type of this table entry. This is an optional parameter. The options are: volatile Does not allow you to save the table entry to the configuration file on the switch. This is the default.
PAGE 558
Chapter 30: SNMPv3 Commands SET SNMPV3 USER Syntax set snmpv3 user=user [authentication=md5|sha] authpassword=password privpassword=password [storagetype=volatile|nonvolatile] Parameters user Specifies the name of an SNMPv3 user, up to 32 alphanumeric characters. authentication Specifies the authentication protocol that is used to authenticate this user with an SNMPv3 entity (or NMS). The default is no authentication. The options are: md5 The MD5 authentication protocol.
PAGE 559
AT-S63 Management Software Command Line User’s Guide Examples The following command modifies a User Table entry called “atiuser104”. The authentication protocol is set to the MD5 protocol and the authentication password is “atlanta45denver.” The DES privacy protocol is on and the privacy password is “denvertoatlanta3.” set snmpv3 user=atiuser104 authentication=md5 authpassword=atlanta45denver privpassword=denvertoatlanta3 The following command modifies a User Table entry called “atiuser104.
PAGE 560
Chapter 30: SNMPv3 Commands SET SNMPV3 VIEW Syntax set snmpv3 view=view [subtree=OID|text] mask=mask [type=included|excluded] [storagetype=volatile|nonvolatile] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view subtree view. Options are: OID A numeric value in hexadecimal format. text Text name of the view. mask Specifies the subtree mask, in hexadecimal format. type Specifies the view type.
PAGE 561
AT-S63 Management Software Command Line User’s Guide The following command modifies the view called system. The subtree is set to 1.3.6.1.2.1 (System MIBs) and the view type is excluded. set snmpv3 view=system subtree=1.3.6.1.2.
PAGE 562
Chapter 30: SNMPv3 Commands SHOW SNMPV3 ACCESS Syntax AlliedWare Plus Command Available show snmpv3 access[=access] Parameter access Specifies an SNMPv3 Access Table entry. Description This command displays the SNMPv3 Access Table. You can display one or all of the table entries. Examples The following command displays the SNMPv3 Access Table entry called “production.
PAGE 563
AT-S63 Management Software Command Line User’s Guide SHOW SNMPV3 COMMUNITY Syntax show snmpv3 community index=index Parameter index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. Description This command displays the SNMPv3 Community Table. You can display one or all of the SNMPv3 Community Table entries.
PAGE 564
Chapter 30: SNMPv3 Commands SHOW SNMPv3 GROUP Syntax show snmpv3 group [username=username] [securitymodel=v1|v2c|v3] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol. v3 Associates the Security Name, or User Name, with the SNMPv3 protocol.
PAGE 565
AT-S63 Management Software Command Line User’s Guide SHOW SNMPV3 NOTIFY Syntax AlliedWare Plus Command Available show snmpv3 notify[=notify] Parameter notify Specifies an SNMPv3 Notify Table entry. Description This command displays SNMPv3 Notify Table entries. You can display one or all of the table entries.
PAGE 566
Chapter 30: SNMPv3 Commands SHOW SNMPV3 TARGETADDR Syntax AlliedWare Plus Command Available show snmpv3 targetaddr[=targetaddr] Parameter targetaddr Specifies an SNMPv3 Target Address Table entry. Description This command displays SNMPv3 Target Address Table entries. You can display one or all of the table entries.
PAGE 567
AT-S63 Management Software Command Line User’s Guide SHOW SNMPV3 TARGETPARAMS Syntax AlliedWare Plus Command Available show snmpv3 targetparams[=targetparams] Parameter targetparams Specifies an SNMPv3 Target Parameters Table entry. Description This command displays SNMPv3 Target Parameters Table entries. You can display one or all of the table entries.
PAGE 568
Chapter 30: SNMPv3 Commands SHOW SNMPV3 USER Syntax AlliedWare Plus Command Available show snmpv3 user[=user] Parameters user Specifies the name of an SNMPv3 user, up to 32 alphanumeric characters. Description This command displays SNMPv3 User Table entries. You can display one or all of the table entries.
PAGE 569
AT-S63 Management Software Command Line User’s Guide SHOW SNMPV3 VIEW Syntax AlliedWare Plus Command Available show snmpv3 view[=view] [subtree=OID|text] Parameter view Specifies an SNMPv3 View Table entry. subtree Specifies the view subtree view. Options are: OID A numeric value in hexadecimal format. text Text name of the view. Description This command displays the SNMPv3 View Table entries. You can display one or all of the table entries.
PAGE 570
Chapter 30: SNMPv3 Commands 570 Section IV: SNMPv3
PAGE 571
Section V Spanning Tree Protocols This section has the following chapters: Section V: Spanning Tree Protocols  Chapter 31, “Spanning Tree Protocol (STP) Commands” on page 573  Chapter 32, “Rapid Spanning Tree Protocol (RSTP) Commands” on page 589  Chapter 33, “Multiple Spanning Tree Protocol (MSTP) Commands” on page 611 571
PAGE 572
Section V: Spanning Tree Protocols
PAGE 573
Chapter 31 Spanning Tree Protocol (STP) Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “ACTIVATE STP” on page 574  “DISABLE STP” on page 575  “ENABLE STP” on page 576  “PURGE STP” on page 577  “SET STP” on page 578  “SET STP PORT” on page 581  “SET SWITCH MULT
PAGE 574
Chapter 31: Spanning Tree Protocol (STP) Commands ACTIVATE STP Syntax AlliedWare Plus Command Available activate stp Parameters None. Description Use this command to designate STP as the active spanning tree. You cannot enable STP or configure its parameters until you have designated it as the active spanning tree with this command. Only one spanning tree protocol, STP, RSTP, or MSTP, can be active on a switch or a stack at a time.
PAGE 575
AT-S63 Management Software Command Line User’s Guide DISABLE STP Syntax AlliedWare Plus Command Available disable stp Parameters None. Description This command disables the Spanning Tree Protocol. To view the current status of STP, refer to “SHOW STP” on page 586. The default setting for STP is disabled.
PAGE 576
Chapter 31: Spanning Tree Protocol (STP) Commands ENABLE STP Syntax AlliedWare Plus Command Available enable stp Parameters None. Description This command enables the Spanning Tree Protocol. To view the current status of STP, refer to “SHOW STP” on page 586. The default setting for STP is disabled. Note You cannot enable STP until after you have activated it with “ACTIVATE STP” on page 574.
PAGE 577
AT-S63 Management Software Command Line User’s Guide PURGE STP Syntax purge stp Parameters None. Description This command returns all the STP bridge and port parameters to the default settings. STP must be disabled in order for you to use this command. To disable STP, see “DISABLE STP” on page 575. Example The following command resets the STP parameter settings to their default values: purge stp Equivalent Command set stp default For information, see “SET STP” on page 578.
PAGE 578
Chapter 31: Spanning Tree Protocol (STP) Commands SET STP Syntax AlliedWare Plus Command Available set stp [default] [priority=priority] [hellotime=hellotime] [forwarddelay=forwarddelay] [maxage=maxage] Parameters default Disables STP and returns all bridge and port STP settings to the default values. This parameter cannot be used with any other command parameter and can only be used when STP is disabled. (This parameter performs the same function as the PURGE STP command.
PAGE 579
AT-S63 Management Software Command Line User’s Guide hellotime Specifies the time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds. forwarddelay Specifies the waiting period before a bridge changes to a new state, for example, becomes the new root bridge after the topology changes. If the bridge transitions too soon, all links may not have had time to adapt to the change, resulting in network loops.
PAGE 580
Chapter 31: Spanning Tree Protocol (STP) Commands Examples The following command sets the switch’s bridge priority value to 45,056 (increment 11): set stp priority=11 The following command sets the hello time to 7 seconds and the forwarding delay to 25 seconds: set stp hellotime=7 forwarddelay=25 The following command returns all STP parameters on the switch to the default values: set stp default Equivalent Command purge stp For information, see “PURGE STP” on page 577.
PAGE 581
AT-S63 Management Software Command Line User’s Guide SET STP PORT Syntax AlliedWare Plus Command Available set stp port=port [pathcost|portcost=auto|portcost] [portpriority=portpriority] Parameters port Specifies the port you want to configure. You can configure more than one port at a time. For instructions, refer to “Port Numbers in Commands” on page 48. pathcost or portcost Specifies the port’s cost. The parameters are equivalent.
PAGE 582
Chapter 31: Spanning Tree Protocol (STP) Commands Table 15.
PAGE 583
AT-S63 Management Software Command Line User’s Guide Example The following commands assign port 2 a port cost of 15 and a port priority of 192 (increment 12): awplus> enable awplus# configure terminal awplus(config)# interface 2 awplus(config-if)# spanning-tree path-cost 15 awplus(config-if)# spanning-tree priority 12 Section V: Spanning Tree Protocols 583
PAGE 584
Chapter 31: Spanning Tree Protocol (STP) Commands SET SWITCH MULTICASTMODE Syntax set switch multicastmode=[a|b|c|d] Parameter multicast mode Specifies the multicast mode. The options are: a Discards all the ingress spanning tree BPDU and 802.1x EAPOL packets. b Forwards the ingress spanning tree BPDU and 802.1x EAPOL packets across all the VLANs and the ports. c Forwards ingress BPDU and EAPOL packets only among the untagged ports of a VLAN where an ingress port is a member.
PAGE 585
AT-S63 Management Software Command Line User’s Guide  If 802.1x port-based access control is disabled, all the ingress EAPOL packets are discarded. B - Forwards the ingress spanning tree BPDU and 802.1x EAPOL packets across all the VLANs and the ports. The switch or stack behaves as follows:  If STP, RSTP, and MSTP are disabled, the ingress BPDUs are flooded on all the ports.  If STP, RSTP, MSTP, and 802.1x are disabled, the BPDU and EAPOL packets are flooded on all the ports.
PAGE 586
Chapter 31: Spanning Tree Protocol (STP) Commands SHOW STP Syntax AlliedWare Plus Command Available show stp [port=port] Parameter port Specifies the port whose STP parameters you want to view. You can view more than one port at a time.For instructions, refer to “Port Numbers in Commands” on page 48 Description This command displays the current values for the STP parameters. An example of the display is shown in Figure 71. Status ...................... Bridge Priority ............. Bridge Hello Time ..
PAGE 587
AT-S63 Management Software Command Line User’s Guide The root bridge parameter specifies the bridge identifier of the root bridge of the spanning tree domain. The identifier consists of the bridge priority value and MAC address of the root switch, separated by a slash (/). This parameter only appears when STP is activated on the switch. The root path cost parameter displays the path cost from the switch to the root bridge of the spanning tree domain. If the switch is the root bridge, the path cost is 0.
PAGE 588
Chapter 31: Spanning Tree Protocol (STP) Commands AlliedWare Plus Command Syntax To display the bridge STP settings: show spanning-tree detail To display a port’s STP settings: show spanning-tree interface port Modes User Exec mode and Privileged Exec mode Description These AlliedWare Plus commands are identical to the standard command.
PAGE 589
Chapter 32 Rapid Spanning Tree Protocol (RSTP) Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “ACTIVATE RSTP” on page 590  “DISABLE BPDUGUARD” on page 591  “DISABLE RSTP” on page 592  “ENABLE BPDUGUARD” on page 593  “ENABLE RSTP” on page 594  “PURGE RSTP” on page
PAGE 590
Chapter 32: Rapid Spanning Tree Protocol (RSTP) Commands ACTIVATE RSTP Syntax AlliedWare Plus Command Available activate rstp Parameters None. Description Use this command to designate RSTP as the active spanning tree. After you activate RSTP, you can enable or disable it using the ENABLE RSTP and DISABLE RSTP commands. RSTP is active on a switch or stack only after you have designated it as the active spanning tree with this command and enabled it with the ENABLE RSTP command.
PAGE 591
AT-S63 Management Software Command Line User’s Guide DISABLE BPDUGUARD Syntax AlliedWare Plus Command Available disable bpduguard Parameters None. Description This command is used to disable the BPDU guard feature. To view the current status of the feature, use “SHOW BPDUGUARD” on page 605. Note An edge port that is disabled by the BPDU guard feature remains in that state until you enable it with the management software.
PAGE 592
Chapter 32: Rapid Spanning Tree Protocol (RSTP) Commands DISABLE RSTP Syntax AlliedWare Plus Command Available disable rstp Parameters None. Description This command disables the Rapid Spanning Tree Protocol. To view the current status of RSTP, use “SHOW RSTP” on page 606.
PAGE 593
AT-S63 Management Software Command Line User’s Guide ENABLE BPDUGUARD Syntax AlliedWare Plus Command Available enable bpduguard Parameters None. Description This command is used to enable the BPDU guard feature, which monitors edge ports and disables them if they receive BPDU packets. To view the current status of this feature, use “SHOW BPDUGUARD” on page 605. Note An edge port that is disabled by the BPDU guard feature remains in that state until you enable it with the management software.
PAGE 594
Chapter 32: Rapid Spanning Tree Protocol (RSTP) Commands ENABLE RSTP Syntax AlliedWare Plus Command Available enable rstp Parameters None. Description This command enables the Rapid Spanning Tree Protocol. To view the current status of RSTP, use “SHOW RSTP” on page 606. The default setting for RSTP is disabled. You cannot enable RSTP until you have activated it with the ACTIVATE RSTP command.
PAGE 595
AT-S63 Management Software Command Line User’s Guide PURGE RSTP Syntax purge rstp Parameters None. Description This command returns all the RSTP bridge and port parameters to the default settings. RSTP must be disabled before you use this command. To disable RSTP, refer to “DISABLE RSTP” on page 592. Example The following command resets RSTP: purge rstp Equivalent Command set rstp default For information, refer to “SET RSTP” on page 596.
PAGE 596
Chapter 32: Rapid Spanning Tree Protocol (RSTP) Commands SET RSTP Syntax AlliedWare Plus Command Available set rstp [default] [priority=priority] [hellotime=hellotime] [forwarddelay=forwarddelay] [maxage=maxage] [rstptype|forceversion=stpcompatible| forcestpcompatible|normalrstp] Parameters default Returns all bridge and port RSTP settings to the default values. This parameter cannot be used with any other command parameter and only when RSTP is disabled.
PAGE 597
AT-S63 Management Software Command Line User’s Guide hellotime Specifies the time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds. forwarddelay Specifies the waiting period before a bridge changes to a new state, for example, becomes the new root bridge after the topology changes. If the bridge transitions too soon, not all links may have yet adapted to the change, resulting in network loops.
PAGE 598
Chapter 32: Rapid Spanning Tree Protocol (RSTP) Commands  Forwarding delay  Maximum age time  Force version of STP or normal RSTP This command can also return the RSTP parameters to their default settings. Note You can use this command only if RSTP is the active spanning tree protocol on the switch. See “ACTIVATE RSTP” on page 590.
PAGE 599
AT-S63 Management Software Command Line User’s Guide Description These AlliedWare Plus commands are identical to the standard command. Examples The following commands set the hello time to 7 seconds and the forwarding delay to 25 seconds: awplus> enable awplus# configure terminal awplus(config)# spanning-tree hello-time 7 awplus(config)# spanning-tree forward-time 25 The FORCEVERSION parameter sets the RSTP mode. Settings 1 and 2 are STP compatible and force STP compatible, respectively.
PAGE 600
Chapter 32: Rapid Spanning Tree Protocol (RSTP) Commands SET RSTP PORT Syntax AlliedWare Plus Command Available set rstp port=port [pathcost|portcost=cost|auto] [portpriority=portpriority] [edgeport=yes|no|on|off|true|false] [ptp|pointtopoint=yes|no|on|off|true|false|autoupdate] [migrationcheck=yes|no|on|off|true|false] [loopguard=enabled|disabled] Parameters port Specifies the port you want to configure. You can specify more than one port at a time.
PAGE 601
AT-S63 Management Software Command Line User’s Guide Table 18. RSTP Auto-Detect Port Trunk Costs Port Speed 1000 Mbps portpriority Port Cost 2,000 Specifies the port’s priority. This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge. The range is 0 to 240 in increments of 16, for a total of 16 increments, as shown in Table 19. You specify the increment that corresponds to the desired value. The default is 128, which is increment 8. Table 19.
PAGE 602
Chapter 32: Rapid Spanning Tree Protocol (RSTP) Commands migrationcheck loopguard no, off, false The port is not an point-to-point port. The parameters are equivalent. are equivalent. autoupdate The port’s status is determined automatically. This is the default. Enables and disables migration check. The purpose of this feature is to change from the RSTP mode to the STP mode if STP BDPU packets are received on the selected port.
PAGE 603
AT-S63 Management Software Command Line User’s Guide Note The EDGEPORT and PORTFAST parameters are equivalent. Mode Port Interface mode Description These AlliedWare Plus commands are identical to the standard command.
PAGE 604
Chapter 32: Rapid Spanning Tree Protocol (RSTP) Commands This example activates the loop guard feature on ports 5 and11: awplus> enable awplus# configure terminal awplus(config)# interface 5,11 awplus(config-if)# spanning-tree loop-guard 604 Section V: Spanning Tree Protocols
PAGE 605
AT-S63 Management Software Command Line User’s Guide SHOW BPDUGUARD Syntax show bpduguard Parameters None. Description This command displays the status of BPDU guard on the switch. The status can be either enabled or disabled. Example This command displays the status of BPDU guard.
PAGE 606
Chapter 32: Rapid Spanning Tree Protocol (RSTP) Commands SHOW RSTP Syntax AlliedWare Plus Command Available show rstp [portconfig=port] [portstate=port] Parameters portconfig Displays the RSTP port settings. You can specify more than one port at a time. For instructions, refer to “Port Numbers in Commands” on page 48. portstate Displays the RSTP status of the ports. You can specify more than one port at a time. Description You use this command to display the RSTP parameter settings.
PAGE 607
AT-S63 Management Software Command Line User’s Guide The root bridge identifier parameter displays the bridge priority value and MAC address of the root switch of the spanning tree domain. The values are separated by a slash (/). This parameter only appears when RSTP is activated on the switch. The root path cost parameter displays the path cost from the switch to the root bridge of the spanning tree domain. If the switch is the root bridge, the path cost is 0.
PAGE 608
Chapter 32: Rapid Spanning Tree Protocol (RSTP) Commands The information displayed by the command is as follows:  Port — The port number.  State — The RSTP state of the port. The possible states for a port connected to another device running RSTP are Discarding and Forwarding. The possible states for a port connected to a device running STP are Listening, Learning, Forwarding, and Blocking. The possible states for a port not being used or where spanning tree is not activated is Disabled.
PAGE 609
AT-S63 Management Software Command Line User’s Guide AlliedWare Plus Command Syntax To display the bridge RSTP settings: show spanning-tree detail To display the RSTP status of the ports: show spanning-tree interface port Mode User Exec mode and Privileged Exec mode Description The first command is equivalent to the SHOW RSTP command without either of the parameters. The second command is equivalent to the PORTSTATE parameter. There is no equivalent AlliedWare Plus command for the PORTCONFIG parameter.
PAGE 610
Chapter 32: Rapid Spanning Tree Protocol (RSTP) Commands 610 Section V: Spanning Tree Protocols
PAGE 611
Chapter 33 Multiple Spanning Tree Protocol (MSTP) Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks  “ACTIVATE MSTP” on page 612  “ADD MSTP” on page 613  “CREATE MSTP” on page 614  “DELETE MSTP” on page 616  “DESTROY MSTP MSTIID” on page 617  “DISABLE MSTP” on page 618 
PAGE 612
Chapter 33: Multiple Spanning Tree Protocol (MSTP) Commands ACTIVATE MSTP Syntax AlliedWare Plus Command Available activate mstp Parameters None. Description This command designates MSTP as the active spanning tree on the switch. You cannot enable MSTP or configure its parameters until after you have designated it as the active spanning tree with this command. Only one spanning tree protocol can be active on the switch at a time.
PAGE 613
AT-S63 Management Software Command Line User’s Guide ADD MSTP Syntax add mstp mstiid=mstiid mstivlanassoc=vids Parameters mstiid Specifies the ID of the multiple spanning tree instance (MSTI) to which you want to associate VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. mstivlanassoc Specifies the VID of the VLAN you want to associate with the MSTI ID. You can specify more than one VID at a time (for example, 2,5,44). Description This command associates VLANs to MSTIs.
PAGE 614
Chapter 33: Multiple Spanning Tree Protocol (MSTP) Commands CREATE MSTP Syntax AlliedWare Plus Command Available create mstp mstiid=mstiid [mstivlanassoc=vids] Parameters mstiid Specifies the MSTI ID of the spanning tree instance you want to create. You can specify only one MSTI ID at a time. The range is 1 to 15. mstivlanassoc Specifies the VID of the VLAN you want to associate with the MSTI ID. You can specify more than one VID at a time (for example, 2,5,44).
PAGE 615
AT-S63 Management Software Command Line User’s Guide Description This AlliedWare Plus command has the following rules and restrictions:  This command differs from the CREATE MSTP MSTIID command in that it allows you to assign a priority number to a new MSTI. The priority number is applied to all of the ports that are members of the associated VLANs. You can specify only one priority number. For the priority values, refer to “SET MSTP PORT” on page 629. This parameter is optional.
PAGE 616
Chapter 33: Multiple Spanning Tree Protocol (MSTP) Commands DELETE MSTP Syntax delete mstp mstiid=mstiid mstivlanassoc=vids Parameters mstiid Specifies the MSTI ID of the spanning tree instance where you want to remove VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. mstivlanassoc Specifies the VID of the VLAN you want to remove from the spanning tree instance. You can specify more than one VID at a time (for example, 2,5,44).
PAGE 617
AT-S63 Management Software Command Line User’s Guide DESTROY MSTP MSTIID Syntax AlliedWare Plus Command Available destroy mstp mstiid=mstiid Parameter mstiid Specifies the MSTI ID of the spanning tree instance you want to delete. You can specify only one MSTI ID at a time. The range is 1 to 15. Description This command deletes multiple spanning tree instances and returns the VLANs of the deleted MSTIs to CIST.
PAGE 618
Chapter 33: Multiple Spanning Tree Protocol (MSTP) Commands DISABLE MSTP Syntax AlliedWare Plus Command Available disable mstp Parameters None. Description This command disables the Multiple Spanning Tree Protocol on the switch. To view the current status of MSTP, refer to “SHOW MSTP” on page 635.
PAGE 619
AT-S63 Management Software Command Line User’s Guide ENABLE MSTP Syntax AlliedWare Plus Command Available enable mstp Parameters None. Description This command enables Multiple Spanning Tree Protocol on the switch or stack. To view the current status of MSTP, refer to “SHOW MSTP” on page 635. You must select MSTP as the active spanning tree on the switch before you can enable it with this command. To activate MSTP, see “ACTIVATE MSTP” on page 612.
PAGE 620
Chapter 33: Multiple Spanning Tree Protocol (MSTP) Commands PURGE MSTP Syntax purge mstp Parameters None. This command returns all the MSTP bridge and port parameters settings to their default values. This command also deletes all multiple spanning tree instances and VLAN associations. In order for you to use this command, MSTP must be the active spanning tree protocol on the switch and the protocol must be disabled.
PAGE 621
AT-S63 Management Software Command Line User’s Guide SET MSTP Syntax AlliedWare Plus Command Available set mstp [default] [forceversion=stpcompatible|forcestpcompatible| normalmstp] [hellotime=hellotime] [forwarddelay=forwarddelay] [maxage=maxage] [maxhops=maxhops] [configname="name"] [revisionlevel=number] Parameters default Disables MSTP and returns all bridge and port MSTP settings to the default values. This parameter cannot be used with any other parameter.
PAGE 622
Chapter 33: Multiple Spanning Tree Protocol (MSTP) Commands hellotime Specifies the time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds. forwarddelay Specifies the waiting period before a bridge changes to a new state, for example, becomes the new root bridge after the topology changes. If the bridge transitions too soon, not all links may have yet adapted to the change, resulting in network loops.
PAGE 623
AT-S63 Management Software Command Line User’s Guide Description This command configures the following MSTP parameter settings.
PAGE 624
Chapter 33: Multiple Spanning Tree Protocol (MSTP) Commands To set a region’s name: region configname Mode For he FORCEVERSION command: Configure mode For the REVISION and REGION commands: Multiple spanning tree mode Description The AlliedWare Plus commands let you change only the MSTP parameters listed above. To change the other parameters, use the standard command or another management interface.
PAGE 625
AT-S63 Management Software Command Line User’s Guide SET MSTP CIST Syntax set mstp cist priority=priority Parameter priority Specifies the CIST priority number for the switch. The range is 0 to 61,440 in increments of 4,096. The range is divided into sixteen increments, as shown in Table 20. You specify the increment that represents the desired bridge priority value. The default value is 32,768, which is increment 8. Table 20.
PAGE 626
Chapter 33: Multiple Spanning Tree Protocol (MSTP) Commands SET MSTP MSTI Syntax set mstp msti mstiid=mstiid priority=priority Parameters mstiid Specifies a MSTI ID. You can specify only one MSTI ID at a time. The range is 1 to 15. priority Specifies the MSTI priority value for the switch. The range is 0 to 61,440 in increments of 4,096. The range is divided into sixteen increments, as shown in Table 21. You specify the increment that represents the desired bridge priority value.
PAGE 627
AT-S63 Management Software Command Line User’s Guide Examples The following command changes the MSTI priority value to 45,056 (increment 11) for the MSTI ID 4: set mstp msti mstiid=4 priority=11 The following command changes the MSTI priority value to 8,192 (increment 2) for the MSTI ID 6: set mstp msti mstiid=6 priority=2 Section V: Spanning Tree Protocols 627
PAGE 628
Chapter 33: Multiple Spanning Tree Protocol (MSTP) Commands SET MSTP MSTIVLANASSOC Syntax set mstp mstivlanassoc mstiid=mstiid vlanlist=vids Parameters mstiid Specifies the ID of the spanning tree instance where you want to associate VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. vlanlist Specifies the VID of the VLAN you want to associate with the MSTI ID. You can specify more than one VID at a time (for example, 2,5,44).
PAGE 629
AT-S63 Management Software Command Line User’s Guide SET MSTP PORT Syntax 1 AlliedWare Plus Command Available set mstp port=port|all [extportcost=auto|portcost] [edgeport=yes|no|no|on|off|true|false] [ptp|pointtopoint=yes|no|on|off|true|false|autoupdate] [migrationcheck=yes|no|on|off|true|false] Syntax 2 set mstp port=port|all [intportcost=auto|portcost] [portpriority=priority] [stpid=msti_id] Parameters port Specifies the port you want to configure. You can specify more than one port at a time.
PAGE 630
Chapter 33: Multiple Spanning Tree Protocol (MSTP) Commands edgeport ptp or pointtopoint migrationcheck Defines whether the port is functioning as an edge port. An edge port is connected to a device operating at halfduplex mode and is not connected to any device running STP or MSTP. Selections are: yes, on, true The port is an edge port. These values are equivalent. This is the default. no, off, false The port is not an edge port. These values are equivalent.
PAGE 631
AT-S63 Management Software Command Line User’s Guide portpriority Specifies the port’s priority. This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge. The range is 0 to 240 in increments of 16. There are sixteen increments, as shown in Table 24 on page 631. You specify the increment of the desired value. The default is 128, which is increment 8. Table 24.
PAGE 632
Chapter 33: Multiple Spanning Tree Protocol (MSTP) Commands Synax 1 Examples The following command sets the external port cost to 500 for Ports 14 and 23: set mstp port=14,23 extportcost=500 The following command sets the external port cost to 1,000,000 for Port 4 and designates it as an edge port: set mstp port=6-8 edgeport=yes The following command sets the external port cost for Ports 2 and 5 to Auto, which sets the port cost based on speed: set mstp port=2-5 extportcost=auto The following command de
PAGE 633
AT-S63 Management Software Command Line User’s Guide The following command sets the internal port cost for Ports 2 and 5 to Auto, which sets the port cost based on speed: set mstp port=2-5 intportcost=auto AlliedWare Plus Command Syntax spanning-tree spanning-tree spanning-tree spanning-tree path-cost path-cost priority priority edgeport|portfast link-type point-to-point|shared Mode Port Interface mode Description This AlliedWare Plus command has the following rules and restrictions:  The PATH-COST
PAGE 634
Chapter 33: Multiple Spanning Tree Protocol (MSTP) Commands These commands designate ports 17 and 23 as not edge ports: awplus> enable awplus# configure terminal awplus(config)# interface 17,23 awplus(config-if)# no spanning-tree edgeport These commands designate ports 11 to 23 as point-to-point ports: awplus> enable awplus# configure terminal awplus(config)# interface 11-23 awplus(config-if)# spanning-tree link-type point-to-point These commands designate ports 26 and 27 as not point-to-point ports: awp
PAGE 635
AT-S63 Management Software Command Line User’s Guide SHOW MSTP Syntax AlliedWare Plus Command Available show mstp [portconfig=ports] [portstate=ports] [stpid=msti_id] [mstistate] [cist] [mstivlanassoc] Parameters portconfig Displays the MSTP settings of a port. You can specify more than one port at a time. For a list of the MSTP information displayed by this parameter, refer to the Description below. portstate Displays the MSTP state of a port. You can specify more than one port at a time.
PAGE 636
Chapter 33: Multiple Spanning Tree Protocol (MSTP) Commands  Forwarding delay  Maximum age  Maximum hops  Configuration name  Reversion level  Bridge identifier  Root identifier The hello time, forwarding delay, and bridge max age parameters will have two values if MSTP is enabled on the switch (for example, Forwarding Delay .. 15/15).
PAGE 637
AT-S63 Management Software Command Line User’s Guide The MSTI parameter displays the following information for each spanning tree instance (excluding the CIST) on the switch:  MSTI ID  MSTI priority  Regional root ID  Path cost  Associated VLANs The CIST parameter displays the following CIST information:  CIST priority value  Root ID  Root path cots  Regional root ID  Regional root path cost  Associated VLANs The MSTIVLANASSOC parameter displays the VLAN to MSTI association
PAGE 638
Chapter 33: Multiple Spanning Tree Protocol (MSTP) Commands AlliedWare Plus Command Syntax show show show show show show spanning-tree spanning-tree spanning-tree spanning-tree spanning-tree spanning-tree detail interface [port] mst config [port] mst detail mst instance mst association Mode User Exec mode and Privileged Exec mode Description Table 25 lists the AlliedWare Plus SHOW SPANNING-TREE parameters and their equivalent standard command parameters. Table 25.
PAGE 639
AT-S63 Management Software Command Line User’s Guide This command displays the MSTP state of port 8: awplus# show spanning-tree interface 8 This command displays the configuration of port 4: awplus# show spanning-tree mst config 4 This command displays the CIST information: show spanning-tree mst instance This command displays the VLAN associations: show spanning-tree mst association Section V: Spanning Tree Protocols 639
PAGE 640
Chapter 33: Multiple Spanning Tree Protocol (MSTP) Commands 640 Section V: Spanning Tree Protocols
PAGE 641
Section VI Virtual LANs This section contains the following chapters: Section VI: Virtual LANs  Chapter 34, “Port-based VLAN, Tagged VLAN, and Multiple VLAN Mode Commands” on page 643  Chapter 35, “GARP VLAN Registration Protocol Commands” on page 663  Chapter 36, “Protected Ports VLAN Commands” on page 683  Chapter 37, “MAC Address-based VLAN Commands” on page 693 641
PAGE 642
Section VI: Virtual LANs
PAGE 643
Chapter 34 Port-based VLAN, Tagged VLAN, and Multiple VLAN Mode Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stack Yes* (*Stacks do not support the multiple VLAN modes.
PAGE 644
Chapter 34: Port-based VLAN, Tagged VLAN, and Multiple VLAN Mode Commands ADD VLAN Syntax 1 AlliedWare Plus Command Available add vlan=name [vid=vid] ports=ports|all frame=untagged|tagged Syntax 2 add vlan=name [vid=vid] taggedports=ports|all untaggedports=ports|all Parameters vlan Specifies the name of the VLAN to modify. vid Specifies the VID of the VLAN you want to modify. This parameter is optional. ports Specifies the ports to be added to the VLAN. You can add more than one port at a time.
PAGE 645
AT-S63 Management Software Command Line User’s Guide This command has two syntaxes. You can use either command to add ports to a VLAN. The difference between the two is that Syntax 1 can add only one type of port, tagged or untagged, at a time to a VLAN, while Syntax 2 can add both in the same command. This is illustrated in Examples below. When you add untagged ports to a VLAN, the ports are automatically removed from their current untagged VLAN assignment.
PAGE 646
Chapter 34: Port-based VLAN, Tagged VLAN, and Multiple VLAN Mode Commands add vlan=Service ports=7-8 frame=untagged Using Syntax 2, you can add both types of ports with just one command: add vlan=Service untaggedports=7-8 taggedports=5 AlliedWare Plus Command Syntax To add untagged ports: switchport access vlan vid To add tagged ports: switchport trunk allow vlan add vid Mode Port Interface mode Description This AlliedWare Plus command is identical to the standard command.
PAGE 647
AT-S63 Management Software Command Line User’s Guide CREATE VLAN Syntax 1 AlliedWare Plus Command Available create vlan=name vid=vid [type=port] ports=ports|all frame=untagged|tagged Syntax 2 create vlan=name vid=vid [type=port] taggedports=ports|all untaggedports=ports|all Parameters vlan Specifies the name of the VLAN. You must assign a name to a VLAN.
PAGE 648
Chapter 34: Port-based VLAN, Tagged VLAN, and Multiple VLAN Mode Commands type Specifies the type of VLAN to be created. The option PORT signifies a port-based or tagged VLAN. This parameter is optional. ports Specifies the ports of the VLAN. For instructions on how to enter port numbers, refer to “Port Numbers in Commands” on page 48. To specify all the ports, use ALL. This parameter must be followed by the FRAME parameter. frame Specifies whether the ports are to be tagged or untagged.
PAGE 649
AT-S63 Management Software Command Line User’s Guide If the switch is using 802.1x port-based network access control, a port set to the authenticator or supplicant role must be changed to the 802.1x none role before its untagged VLAN assignment can be changed. After the VLAN assignment is made, the port’s role can be changed back again to authenticator or supplicant, if necessary. Examples The following command uses Syntax 1 to create a port-based VLAN called Sales with a VID of 3.
PAGE 650
Chapter 34: Port-based VLAN, Tagged VLAN, and Multiple VLAN Mode Commands AlliedWare Plus Command Syntax vlan name vid vid Mode VLAN Configuration mode Description To create a new VLAN with the AlliedWare Plus commands, you perform two steps. In the first step you create the VLAN by assigning it a name and a VID with this command in the VLAN Configuration mode. Then you go to the Port Interface mode and assign the tagged and untagged ports.
PAGE 651
AT-S63 Management Software Command Line User’s Guide DELETE VLAN Syntax 1 AlliedWare Plus Command Available delete vlan=name [vid=vid] ports=ports frame=untagged|tagged Syntax 2 delete vlan=name [vid=vid] taggedports=ports untaggedports=ports Parameters vlan Specifies the name of the VLAN to be modified. vid Specifies the VID of the VLAN to be modified. This parameter is optional. ports Specifies the ports to be removed from the VLAN. This parameter must be used with the FRAME parameter.
PAGE 652
Chapter 34: Port-based VLAN, Tagged VLAN, and Multiple VLAN Mode Commands Note You cannot change a VLAN’s name or VID. When you remove an untagged port from a VLAN, the following happens:  The port is returned to the Default_VLAN as an untagged port.  If the port is also a tagged member of other VLANS, those VLAN assignments are not changed. The port remains a tagged member of the other VLANs.
PAGE 653
AT-S63 Management Software Command Line User’s Guide delete vlan=Service ports=2 frame=tagged delete vlan=Service ports=6-8 frame=untagged Using Syntax 2, you can do the whole thing with just one command: delete vlan=Service untaggedports=6-8 taggedports=2 AlliedWare Plus Command Syntax To remove untagged ports: no switchport access vlan To remove tagged ports: switchport trunk allow vlan remove vid Mode Port Interface mode Description This AlliedWare Plus command is identical to the standard command
PAGE 654
Chapter 34: Port-based VLAN, Tagged VLAN, and Multiple VLAN Mode Commands DESTROY VLAN Syntax AlliedWare Plus Command Available destroy vlan=name|vid|all Parameters vlan Specifies the name or VID of the VLAN to be deleted. To delete all VLANs, use the ALL option. Description This command deletes port-based, tagged, and MAC address-based VLANs from a switch. You can use the command to delete selected VLANs or all the VLANs on the switch.
PAGE 655
AT-S63 Management Software Command Line User’s Guide AlliedWare Plus Command Syntax no vlan name vid vid Mode VLAN Configuration mode Description This AlliedWare Plus command is identical to the standard command.
PAGE 656
Chapter 34: Port-based VLAN, Tagged VLAN, and Multiple VLAN Mode Commands SET SWITCH INFILTERING Syntax set switch infiltering=yes|no|on|off|true|false Parameters infiltering Specifies the operating status of ingress filtering. The options are: yes, on, true Activates ingress filtering. The options are equivalent. This is the default. no, off, false Deactivates ingress filtering. The options are equivalent. Description This command controls the status of ingress filtering.
PAGE 657
AT-S63 Management Software Command Line User’s Guide SET SWITCH VLANMODE Syntax set switch vlanmode=userconfig|dotqmultiple|multiple [uplinkport=port] Parameters vlanmode uplinkport Controls the switch’s VLAN mode. Options are: userconfig This mode allows you to create your own port-based and tagged VLANs. This is the default setting. dotqmultiple This option configures the switch for the 802.1Q-compliant multiple VLAN mode. multiple This option configures the switch for the non-802.
PAGE 658
Chapter 34: Port-based VLAN, Tagged VLAN, and Multiple VLAN Mode Commands SET VLAN Syntax set vlan=name [vid=vid] type=portbased Parameter vlan Specifies the name of the dynamic GVRP VLAN you want to convert into a static VLAN. To view VLAN names, refer to “SHOW VLAN” on page 659. vid Specifies the VID of the dynamic VLAN. To view VIDs, refer to “SHOW VLAN” on page 659. This parameter is optional. type Specifies the type of static VLAN to which the dynamic VLAN is to be converted.
PAGE 659
AT-S63 Management Software Command Line User’s Guide SHOW VLAN Syntax AlliedWare Plus Command Available show vlan[=name|vid] Parameter vlan Specifies the name or VID of the VLAN. Description This command displays the VLANs on the switch. An example of the information displayed by this command for port-based and tagged VLANs is shown in Figure 76. VLAN Name ............................ VLAN ID .............................. VLAN Type ............................ Protected Ports ......................
PAGE 660
Chapter 34: Port-based VLAN, Tagged VLAN, and Multiple VLAN Mode Commands – Actual: The current untagged ports of the VLAN. If you are not using 802.1x port-based network access control, both the Configured and Actual untagged ports of a VLAN will always be the same. If you are using 802.1x and you assigned a guest VLAN to an authenticator port or you associated an 802.
PAGE 661
AT-S63 Management Software Command Line User’s Guide The information displayed by the command is described here:  VLAN name - The name of the VLAN. The name is Client_VLAN followed by the port number.  VLAN ID - The ID number assigned to the VLAN.  VLAN Type - The type of VLAN. This will be Port Based for the VLANs of a multiple VLAN mode.  Protected Ports - The status of protected ports. Since the VLANs of a multiple VLAN mode are not protected ports VLANs, this will be No.
PAGE 662
Chapter 34: Port-based VLAN, Tagged VLAN, and Multiple VLAN Mode Commands This command displays the following columns of information for portbased and tagged VLANs:  VLAN name - The names of the VLANs.  VLAN ID - The ID numbers of the VLANs.  Type - The VLAN type. This will be Port Based for port-based VLANs and tagged VLANs.  State - The states of the VLANs. The states are Active for VLANs that have ports and Inactive for VLANs that do not have ports.
PAGE 663
Chapter 35 GARP VLAN Registration Protocol Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks  “DISABLE GARP” on page 664  “ENABLE GARP” on page 666  “PURGE GARP” on page 668  “SET GARP PORT” on page 669  “SET GARP TIMER” on page 671  “SHOW GARP” on page 673  “SHOW GARP
PAGE 664
Chapter 35: GARP VLAN Registration Protocol Commands DISABLE GARP Syntax AlliedWare Plus Command Available disable garp=gvrp [gip] Parameters garp Specifies the GARP application to be disabled. GVRP is the only GARP application supported by the AT-9400 Switch. gip Disables GARP Information Propagation (GIP). Note The online help for this command contains an STP option. The option is not supported. Description This command disables GVRP on the switch.
PAGE 665
AT-S63 Management Software Command Line User’s Guide or no gvrp dynamic-vlan-creation Mode Configure mode Description These AlliedWare Plus commands are identical to the standard command.
PAGE 666
Chapter 35: GARP VLAN Registration Protocol Commands ENABLE GARP Syntax AlliedWare Plus Command Available enable garp=gvrp [gip] Parameters garp Specifies the GARP application to be activated. GVRP is the only GARP application supported by the AT-9400 Switch. gip Enables GARP Information Propagation (GIP). Note The online help for this command contains an STP option. This option is not supported. Description This command enables GVRP on the switch.
PAGE 667
AT-S63 Management Software Command Line User’s Guide Mode Configure mode Description These AlliedWare Plus commands are identical to the standard command.
PAGE 668
Chapter 35: GARP VLAN Registration Protocol Commands PURGE GARP Syntax purge garp=gvrp Parameter garp Specifies the GARP application to be reset. GVRP is the only GARP application supported by the AT-9400 Switch. Note The online help for this command contains an STP option. This option is not supported. Description This command disables GVRP and returns all GVRP parameters to their default settings. All GVRP-related statistics counters are returned to zero.
PAGE 669
AT-S63 Management Software Command Line User’s Guide SET GARP PORT Syntax AlliedWare Plus Command Available set garp=gvrp port=port mode=normal|none Parameters garp Specifies the GARP application to be configured. GVRP is the only GARP application supported by the AT-9400 Switch. port Specifies the port to be configured. You can specify more than one port at a time. mode Specifies the GVRP mode of the port. Modes are: normal The port participates in GVRP.
PAGE 670
Chapter 35: GARP VLAN Registration Protocol Commands AlliedWare Plus Command Syntax gvrp registration normal|none Mode Port Interface mode Description This AlliedWare Plus command is identical to the standard command.
PAGE 671
AT-S63 Management Software Command Line User’s Guide SET GARP TIMER Syntax AlliedWare Plus Command Available set garp=gvrp timer [default] [jointime=value] [leavetime=value] [leavealltime=value] Parameters garp Specifies the GARP application to be configured. GVRP is the only GARP application supported by the AT-9400 Switch. default Returns the GARP timers to their default settings. jointime Specifies the Join Timer in centiseconds, which are one hundredths of a second.
PAGE 672
Chapter 35: GARP VLAN Registration Protocol Commands Examples This command sets the Join Timer to 0.1 second, Leave Timer to 0.
PAGE 673
AT-S63 Management Software Command Line User’s Guide SHOW GARP Syntax AlliedWare Plus Command Available show garp=gvrp Parameter garp Specifies the GARP application to display. GVRP is the only GARP application supported by the AT-9400 Switch. Note The online help for this command contains an STP option. This option is not supported.
PAGE 674
Chapter 35: GARP VLAN Registration Protocol Commands Description This AlliedWare Plus command is identical to the standard command.
PAGE 675
AT-S63 Management Software Command Line User’s Guide SHOW GARP COUNTER Syntax AlliedWare Plus Command Available show garp=gvrp counter Parameter garp Specifies the GARP application to be displayed. GVRP is the only GARP application supported by the AT-9400 Switch. Note The online help for this command contains an STP option. This option is not supported.
PAGE 676
Chapter 35: GARP VLAN Registration Protocol Commands  Receive GARP Messages: LeaveIn  Transmit GARP Messages: LeaveIn  Receive GARP Messages: Empty  Transmit GARP Messages: Empty  Receive GARP Messages: Bad Message  Receive GARP Messages: Bad Attribute Example The following command displays information for all GARP application counters: show garp=gvrp counter AlliedWare Plus Command Syntax show gvrp statistics Modes User Exec mode and Privileged Exec mode Description This AlliedWare P
PAGE 677
AT-S63 Management Software Command Line User’s Guide SHOW GARP DATABASE Syntax AlliedWare Plus Command Available show garp=gvrp db|database Parameters garp Specifies the GARP application to be displayed. GVRP is the only GARP application supported by the AT-9400 Switch. Note The online help for this command contains an STP option. This option is not supported. Description This command displays the following parameters for the internal database for the GARP application.
PAGE 678
Chapter 35: GARP VLAN Registration Protocol Commands Example awplus# show gvrp configuration 678 Section VI: Virtual LANs
PAGE 679
AT-S63 Management Software Command Line User’s Guide SHOW GARP GIP Syntax AlliedWare Plus Command Available show garp=gvrp gip Parameter garp Specifies the GARP application to be displayed. GVRP is the only GARP application supported by the AT-9400 Switch. Note The online help for this command contains an STP option. That option is not supported.
PAGE 680
Chapter 35: GARP VLAN Registration Protocol Commands SHOW GARP MACHINE Syntax AlliedWare Plus Command Available show garp=gvrp machine Parameter garp Specifies the GARP application to be displayed. GVRP is the only GARP application supported by the AT-9400 Switch. Note The online help for this command contains an STP option. This option is not supported. Description This command displays the following parameters for the GID state machines for the GARP application.
PAGE 681
AT-S63 Management Software Command Line User’s Guide Example awplus# show gvrp machine Section VI: Virtual LANs 681
PAGE 682
Chapter 35: GARP VLAN Registration Protocol Commands 682 Section VI: Virtual LANs
PAGE 683
Chapter 36 Protected Ports VLAN Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes  “ADD VLAN GROUP” on page 684  “CREATE VLAN PORTPROTECTED” on page 686  “DELETE VLAN” on page 687  “DESTROY VLAN” on page 689  “SET VLAN” on page 690  “SHOW VLAN” on page 691 AT-9400Ts Stacks 683
PAGE 684
Chapter 36: Protected Ports VLAN Commands ADD VLAN GROUP Syntax 1 add vlan=name|vid ports=ports frame=tagged|untagged group=uplink|1..256 Syntax 2 add vlan=name|vid [taggedports=ports] [untaggedports=ports] group=uplink|1..256 Parameters vlan Specifies the name or VID of the protected ports VLAN where ports are to be added. You can identify the VLAN by either its name or VID. ports Specifies the uplink port(s) or the ports of a group.
PAGE 685
AT-S63 Management Software Command Line User’s Guide  Both command syntaxes perform the same function. The difference is that with syntax 1 you can add ports of only one type, tagged or untagged, at a time. With syntax 2, you can add both at the same time.  If you are adding an untagged port to a group, the port cannot be an untagged member of another protected port VLAN. It must be an untagged member of the Default_VLAN or a port-based or tagged VLAN.
PAGE 686
Chapter 36: Protected Ports VLAN Commands CREATE VLAN PORTPROTECTED Syntax create vlan=name vid=vid portprotected Parameters vlan Specifies the name of the new protected ports VLAN. The name can be from one to fifteen alphanumeric characters in length. The name should reflect the function of the nodes that will be a part of the protected ports VLAN (for example, InternetGroups). The name cannot contain spaces or special characters, such as an asterisk (*) or exclamation point (!).
PAGE 687
AT-S63 Management Software Command Line User’s Guide DELETE VLAN Syntax 1 delete vlan=name|vid ports=ports frame=tagged|untagged Syntax 2 delete vlan=name|vid [taggedports=ports] [untaggedports=ports] Parameters vlan Specifies the name or VID of the VLAN to be modified. You can specify the VLAN by its name or VID. port Specifies the port to be removed from the VLAN. You can specify more than one port at a time. This parameter must be used with the FRAME parameter.
PAGE 688
Chapter 36: Protected Ports VLAN Commands Examples The following command uses Syntax 1 to delete untagged port 12 from the InternetGroups VLAN: delete vlan=InternetGroups port=12 frame=untagged The following command accomplishes the same thing using Syntax 2: delete vlan=InternetGroups untaggedports=12 688 Section VI: Virtual LANs
PAGE 689
AT-S63 Management Software Command Line User’s Guide DESTROY VLAN Syntax destroy vlan=name|vid|all Parameters vlan Specifies the name or VID of the VLAN to be destroyed. To delete all tagged, port-based, and protected ports VLANs on the switch, use the ALL option. Description This command deletes VLANs from the switch. You can use this command to delete tagged, port-based, and protected port VLANs. All untagged ports in a deleted VLAN are automatically returned to the Default_VLAN.
PAGE 690
Chapter 36: Protected Ports VLAN Commands SET VLAN Syntax set vlan=name|vid port=ports frame=tagged|untagged Parameters vlan Specifies the name or VID of the VLAN to be modified. ports Specifies the port whose VLAN type is to be changed. You can specify more than one port at a time. For instructions on how to enter port numbers, refer to “Port Numbers in Commands” on page 48. frame Identifies the new VLAN type for the port. The type can be tagged or untagged.
PAGE 691
AT-S63 Management Software Command Line User’s Guide SHOW VLAN Syntax show vlan[=name|vid] Parameter vlan Specifies the name or VID of the VLAN you want to view. Omitting this displays all VLANs. Description This command displays information about the VLANs on the switch. An example of the information displayed by this command for a protected ports VLAN is shown in Figure 78. VLAN Name ............................ VLAN ID .............................. VLAN Type ............................
PAGE 692
Chapter 36: Protected Ports VLAN Commands For an example of the information displayed by this command for a portbased or tagged VLAN, see Figure 76 on page 659. For an example of a MAC address-based VLAN, see Figure 79 on page 701.
PAGE 693
Chapter 37 MAC Address-based VLAN Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes  “ADD VLAN MACADDRESS” on page 694  “ADD VLAN PORT MACADDRESS” on page 695  “CREATE VLAN TYPE=MACADDRESS” on page 696  “DELETE VLAN MACADDRESS” on page 698  “DELETE VLAN PORT MACADDRESS” on page 699  “DESTROY VLAN” on p
PAGE 694
Chapter 37: MAC Address-based VLAN Commands ADD VLAN MACADDRESS Syntax add vlan=name|vid macaddress|destaddress=mac-address Parameters vlan Specifies the name or VID of the VLAN to be modified. macaddress or destaddress Specifies the MAC address to add to the VLAN. These parameters are equivalent. A MAC address can be entered in either of the following formats: xx:xx:xx:xx:xx:xx or xxxxxxxxxxxx Description This command adds a MAC address to a MAC address-based VLAN.
PAGE 695
AT-S63 Management Software Command Line User’s Guide ADD VLAN PORT MACADDRESS Syntax add vlan=name|vid port=ports macaddress|destaddress=mac- address Parameters vlan Specifies the name or VID of the VLAN to be modified. port Specifies the egress port(s) to assign to the MAC address. You can specify more than one egress port. macaddress or destaddress Specifies the MAC address to be assigned the egress port(s).
PAGE 696
Chapter 37: MAC Address-based VLAN Commands CREATE VLAN TYPE=MACADDRESS Syntax create vlan=name vid=vid type=macaddress Parameters vlan Specifies the name of the VLAN. You must assign a name to a VLAN. The name can be from 1 to 20 characters in length and should reflect the function of the nodes that will be a part of the VLAN (for example, Sales or Accounting). The name cannot contain spaces or special characters, such as asterisks (*) or exclamation points (!).
PAGE 697
AT-S63 Management Software Command Line User’s Guide Description This command is the first in the series to creating a MAC address-based VLAN. This command assigns the VLAN a name and a VID and sets the VLAN type. After you have initially created the VLAN with this command, you must assign the MAC addresses. These are the source addresses of the nodes that are to belong to the VLAN. The command for adding MAC addresses to a VLAN is “ADD VLAN MACADDRESS” on page 694.
PAGE 698
Chapter 37: MAC Address-based VLAN Commands DELETE VLAN MACADDRESS Syntax delete vlan=name|vid macaddress|destaddress=mac-address Parameters vlan Specifies the name or VID of the VLAN to be modified. macaddress or destaddress Specifies the MAC address to be removed from the VLAN. These parameters are equivalent. You can remove only one MAC address at a time.
PAGE 699
AT-S63 Management Software Command Line User’s Guide DELETE VLAN PORT MACADDRESS Syntax delete vlan=name|vid port=ports macaddress=mac-address Parameters vlan Specifies the name or VID of the VLAN to be modified. port Specifies the egress port to be removed for the MAC address. You can remove more than one egress port at a time. macaddress Specifies a MAC address to which the port is assigned.
PAGE 700
Chapter 37: MAC Address-based VLAN Commands DESTROY VLAN Syntax destroy vlan vlan=name|all [vid=vid] Parameters vlan Specifies the name of the VLAN to be deleted. To delete all VLANs, use the ALL option. vid Specifies the VID of the VLAN to be deleted. This parameter is optional. Description The command deletes port-based, tagged, and MAC address-based VLANs. You can use the command to deleted selected VLANS or to delete all VLANs, with the exception of the Default_VLAN.
PAGE 701
AT-S63 Management Software Command Line User’s Guide SHOW VLAN Syntax show vlan[=name|vid] Parameter vlan Specifies the name or VID of the VLAN. Description This command displays the VLANs on the switch. An example of the information displayed by this command for a MAC address-based VLAN is shown in Figure 79. VLAN Name ............................ VLAN ID .............................. VLAN Type ............................ Protected Ports ...................... Untagged Port(s) .....................
PAGE 702
Chapter 37: MAC Address-based VLAN Commands  MAC Address / Ports - The MAC addresses of the VLAN and the egress ports. For an example of the information displayed by this command for a portbased or tagged VLAN, see Figure 76 on page 659. For an example of a protected ports VLAN, see Figure 78 on page 691.
PAGE 703
Section VII Internet Protocol Routing This section contains the following chapters: Section VII: Internet Protocol Routing  Chapter 38, “Internet Protocol Version 4 Packet Routing Commands” on page 705  Chapter 39, “BOOTP Relay Commands” on page 757  Chapter 40, “Virtual Router Redundancy Protocol (VRRP) Commands” on page 765 703
PAGE 704
Section VII: Internet Protocol Routing
PAGE 705
Chapter 38 Internet Protocol Version 4 Packet Routing Commands This chapter has the following commands: Supported on:  “ADD IP ARP” on page 706  “ADD IP INTERFACE” on page 708  “ADD IP RIP” on page 711  “ADD IP ROUTE” on page 715  “DELETE IP ARP” on page 718  “DELETE IP INTERFACE” on page 720  “DELETE IP RIP” on page 722  “DELETE IP ROUTE” on page 724 (*The Layer 2+ switches support one routing interface as an IP address.
PAGE 706
Chapter 38: Internet Protocol Version 4 Packet Routing Commands ADD IP ARP Syntax AlliedWare Plus Command Available add ip arp=ipaddress interface=interface port=port ethernet=macaddress Parameters arp Specifies the IP address of the host. The IP address must be a member of a local subnet or network that has a routing interface on the switch. interface Specifies the name of the interface from where the host is reached.
PAGE 707
AT-S63 Management Software Command Line User’s Guide add ip arp=149.124.85.14 interface=vlan14-1 port=6 ethernet=00:06:7a:22:11:a4 AlliedWare Plus Command Syntax arp ipaddress macaddress port Mode Configure mode Description This command does not let you specify an interface number and assumes the ID 0. Thus, you can only use this command to add ARP entries to interfaces with the ID 0, like VLAN1-0 and VLAN2-0.
PAGE 708
Chapter 38: Internet Protocol Version 4 Packet Routing Commands ADD IP INTERFACE Syntax AlliedWare Plus Command Available add ip interface=interface ipaddress=ipaddress|dhcp|bootp [mask|netmask=subnetmask] [ripmetric=value] Parameters interface Specifies a name for the new routing interface. An interface name consists of “VLAN” followed by the name or ID (VID) of the VLAN and the interface number (e.g., vlan-Sales-0 or vlan4-0). The range of the interface number is 0 to 15.
PAGE 709
AT-S63 Management Software Command Line User’s Guide Description This command is used to create new interfaces for routing IPv4 packets to a local network or subnet. Note the following before using this command:  The VLAN of a routing interface must already exist on the switch.  You cannot assign more than one interface to the same local network or subnet on a switch.  When there are multiple interfaces within a VLAN, each must be assigned a unique interface number.
PAGE 710
Chapter 38: Internet Protocol Version 4 Packet Routing Commands AlliedWare Plus Command Syntax interface default_vlan ip address ipaddress/mask|dhcp|bootp rip-metric value Mode VLAN Interface mode Description This command has the following rules and restrictions:  You can use this command to add a routing interface only to the Default_VLAN. To add routing interfaces to other VLANs on the switch, use the standard command.  You cannot assign a name to a new routing interface.
PAGE 711
AT-S63 Management Software Command Line User’s Guide ADD IP RIP Syntax AlliedWare Plus Command Available add ip rip interface=interface [send=rip1|rip2] [receive=rip1|rip2|both] [authentication=pass|none] [password=password] [poisonreverse=yes|no|on|off|true|false] [autosummary=yes|no|on|off|true|false] Parameters interface Specifies the name of the routing interface where RIP is to be added. An interface name consists of “VLAN” followed by the name or ID (VID) of the VLAN and the interface number (e.g.
PAGE 712
Chapter 38: Internet Protocol Version 4 Packet Routing Commands Passwords are sent in plaintext. The AT-S63 Management Software does not support encrypted passwords. Passwords are not supported in RIP version 1. poisonreverse autosummary Specifies the status for split horizon and split horizon with poison reverse. The options are: yes, on, true Split horizon with poison reverse is enabled. These values are equivalent.
PAGE 713
AT-S63 Management Software Command Line User’s Guide This command adds RIP to the VLAN12-2 interface. It configures the protocol to send version 2 packets and accept packets of either version.
PAGE 714
Chapter 38: Internet Protocol Version 4 Packet Routing Commands Examples This example adds RIP to the VLAN2-0 interface and configures the routing protocol to send and accept only version 1 packets.
PAGE 715
AT-S63 Management Software Command Line User’s Guide ADD IP ROUTE Syntax AlliedWare Plus Command Available add ip route=ipaddress [interface=interface] nexthop=ipaddress [mask=subnetmask] [metric=value] [preference=value] Parameters route Specifies the IP address of the destination network, subnet, or node. The IP address for a default route is 0.0.0.0. interface Specifies the name of the routing interface where the static route is to be added.
PAGE 716
Chapter 38: Internet Protocol Version 4 Packet Routing Commands metric Specifies the cost of crossing the route. The range is 1 to 16. The default is 1. preference Assigns a preference value to the static route. The switch uses the preference values to select the active routes when there are more than eight static or dynamic routes in the routing table to the same remote destination. The range is 0 to 65535. The lower the value, the higher the preference. The default value for a static route is 60.
PAGE 717
AT-S63 Management Software Command Line User’s Guide AlliedWare Plus Command Syntax To create a static route: ip route destination_ip_address/mask nexthop_ip_address To create a default route: ip route 0.0.0.0 nexthop_ip_address Mode Configure mode Description This command does not allow you to specify metric values or preference values for static routes. The default values are used instead. Examples This command adds a static route to a remote subnet with the IP address 176.14.145.
PAGE 718
Chapter 38: Internet Protocol Version 4 Packet Routing Commands DELETE IP ARP Syntax AlliedWare Plus Command Available delete ip arp=ipaddress Parameters arp Specifies the IP address of the host to be deleted from the ARP cache. Description This command deletes static and dynamic ARP entries from the ARP cache. This command can delete only one ARP entry at a time. To view the entries in the cache, refer to “SHOW IP ARP” on page 741.
PAGE 719
AT-S63 Management Software Command Line User’s Guide This example deletes the ARP entry for the IP address 149.181.37.17: awplus> enable awplus# configure terminal awplus(config)# no arp 149.181.37.
PAGE 720
Chapter 38: Internet Protocol Version 4 Packet Routing Commands DELETE IP INTERFACE Syntax AlliedWare Plus Command Available delete ip interface=interface Parameters interface Specifies the name of the interface to be deleted from the switch. An interface name consists of “VLAN” followed by the name or ID (VID) of the VLAN and the interface number (e.g., vlan-Sales-0 or vlan4-0). Description This command is used to delete routing interfaces. You can only delete one interface at a time.
PAGE 721
AT-S63 Management Software Command Line User’s Guide AlliedWare Plus Command Syntax interface Default_VLAN no ip address Mode VLAN Interface mode Description This command can only be used to delete the VLAN1-0 interface in the Default VLAN. To delete any other interfaces in the Default VLAN or in any other VLAN,. use the standard command.
PAGE 722
Chapter 38: Internet Protocol Version 4 Packet Routing Commands DELETE IP RIP Syntax AlliedWare Plus Command Available delete ip rip interface=interface Parameters interface Specifies the name of the interface where RIP is to be removed. An interface name consists of “VLAN” followed by the name or ID (VID) of the VLAN and the interface number (e.g., vlan-Sales-0 or vlan4-0). Description This command removes RIP from interfaces, which stops the interfaces from routing packets with RIP.
PAGE 723
AT-S63 Management Software Command Line User’s Guide awplus(config)# router rip awplus(config-router)# no network vlan2-0 This example removes RIP from the VLAN5-2 interface: awplus> enable awplus# configure terminal awplus(config)# router rip awplus(config-router)# no network vlan5-2 Section VII: Internet Protocol Routing 723
PAGE 724
Chapter 38: Internet Protocol Version 4 Packet Routing Commands DELETE IP ROUTE Syntax AlliedWare Plus Command Available delete ip route=ipaddress [interface=interface] nexthop=ipaddress mask=subnetmask Parameters route Specifies the destination IP address of the static, dynamic, or default route to be deleted. The IP address for the default route is 0.0.0.0. interface Specifies the name of the interface where the static or dynamic route is assigned.
PAGE 725
AT-S63 Management Software Command Line User’s Guide AlliedWare Plus Command Syntax To delete a static route: no ip route destination_ip_address/mask nexthop_ip_address To delete the default route: no ip route 0.0.0.0/0 nexthop_ip_address Mode Configure mode Description These AlliedWare Plus commands are equivalent to the standard command. Examples This command deletes the static route to the remote subnet 172.23.144.0. The subnet mask is 255.255.255.0 and the next hop is 168.121.87.
PAGE 726
Chapter 38: Internet Protocol Version 4 Packet Routing Commands DISABLE IP ROUTE MULTIPATH Syntax disable ip route multipath Parameters None. Description This command disables the ECMP feature. When the feature is disabled, the routing table in the switch will route packets to a specific remote destination using only one route even in cases where the table contains multiple static or dynamic routes to the destination. Additional routes to the same destination are placed in a standby mode.
PAGE 727
AT-S63 Management Software Command Line User’s Guide ENABLE IP ROUTE MULTIPATH Syntax enable ip route multipath Parameters None. Description This command enables the ECMP feature. When this feature is enabled, the routing table in the switch routes packets to a specific remote destination using more than one route when the table contains multiple static or dynamic routes to the destination.
PAGE 728
Chapter 38: Internet Protocol Version 4 Packet Routing Commands PURGE IP Syntax purge ip Parameters None. Description This command deletes all routing interfaces on the switch. Note the following before performing this command:  All IPv4 packet routing on the switch ceases. The device, however, continues to switch packets among the ports within the VLANs (but not across the VLAN boundaries) using Layer 2.  All static routes are deleted from the route table.
PAGE 729
AT-S63 Management Software Command Line User’s Guide SET IP ARP Syntax set ip arp=ipaddress [interface=interface] [port=port] [ethernet=macaddress] Parameters arp Specifies the IP address of the static route entry to be modified. interface Specifies the interface where the host is located. An interface name consists of “VLAN” followed by the name or ID (VID) of the VLAN and the interface number (e.g., vlan-Sales-0 or vlan4-0). The interface must already exist on the switch.
PAGE 730
Chapter 38: Internet Protocol Version 4 Packet Routing Commands SET IP ARP TIMEOUT Syntax set ip arp timeout=integer Parameter timeout Specifies the ARP cache timeout value The range is 150 to 260000 seconds. The default setting is 600 seconds. Description This command sets the ARP cache timeout value. The timer prevents the ARP table from becoming full with inactive entries. An entry that is not used for the length of the timeout period is designated as inactive and deleted from the table.
PAGE 731
AT-S63 Management Software Command Line User’s Guide SET IP INTERFACE Syntax set ip interface=interface|eth0 [ipaddress=ipaddress|dhcp|bootp] [mask|netmask=subnetmask] [ripmetric=value] Parameters interface Specifies the name of the routing interface to be modified. An interface name consists of “VLAN” followed by the name or ID (VID) of the VLAN and the interface number (e.g., vlan-Sales-0 or vlan4-0). The “eth0” value can be used in place of the interface name to specify the local interface.
PAGE 732
Chapter 38: Internet Protocol Version 4 Packet Routing Commands Note the following before performing this command:  Modifying the IP address of a routing interface deletes all static routes assigned to the interface.  Modifying the IP address of a routing interface that has RIP removes the routing protocol from the interface and deletes all RIP routes learned on the interface from the routing table.  You cannot change the name of a routing interface.
PAGE 733
AT-S63 Management Software Command Line User’s Guide SET IP LOCAL INTERFACE Syntax AlliedWare Plus Command Available set ip local interface=interface|none Parameters interface Specifies the name of the interface to act as the local interface on the switch. An interface name consists of “VLAN” followed by the name or the ID (VID) of the VLAN and the interface number (e.g., vlan-Sales-0 or vlan4-0). Use the NONE option to remove the currently assigned local interface without assigning a new one.
PAGE 734
Chapter 38: Internet Protocol Version 4 Packet Routing Commands AlliedWare Plus Command Syntax interface Default_VLAN ifconfig eth0 Mode VLAN Interface mode Description This command can only be used to designate the VLAN1-0 interface in the Default VLAN as the local interface. To designate another interface as the local interface, use the standard command.
PAGE 735
AT-S63 Management Software Command Line User’s Guide SET IP RIP Syntax AlliedWare Plus Command Available set ip rip interface=interface [send=rip1|rip2] [receive=rip1|rip2|both] [authentication=pass|none] [password=password] [poisonreverse=yes|no|on|off|true|false] [autosummary=yes|no|on|off|true|false] Parameters interface Specifies the name of an interface whose RIP settings are to be modified.
PAGE 736
Chapter 38: Internet Protocol Version 4 Packet Routing Commands The interface must be configured for RIP version 2 in order for you to specify a password. Passwords are not supported in RIP version 1. Passwords are sent in plaintext. The AT-S63 Management Software does not support encrypted passwords. poisonreverse autosummary Specifies the status for split horizon and split horizon with poison reverse. The options are: yes, on, true Split horizon poison reverse is enabled. These values are equivalent.
PAGE 737
AT-S63 Management Software Command Line User’s Guide This command changes RIP on the VLAN11-0 interface to accept both RIP version 1 and version 2 packets: set ip rip interface=vlan11-0 receive=both This command changes RIP on the VLAN22-1 interface to send and receive RIP version 1 packets.
PAGE 738
Chapter 38: Internet Protocol Version 4 Packet Routing Commands Mode Router mode Description These AlliedWare Plus commands are equivalent to the standard command. Examples This example changes the settings for RIP on the VLAN2-0 interface. It configures the routing protocol to send and accept only version 2 packets.
PAGE 739
AT-S63 Management Software Command Line User’s Guide SET IP ROUTE Syntax set ip route=ipaddress [interface=interface] nexthop=ipaddress mask=subnetmask [metric=value] [preference=value] Parameters route Specifies the IP address of the remote destination of the static route to be modified. The IP address of the default route is 0.0.0.0. You cannot change the destination IP address of a static route. If the destination address changes, you must delete the old route and enter a new route.
PAGE 740
Chapter 38: Internet Protocol Version 4 Packet Routing Commands Note In version 2.0.0, the routing table supported only these three values for subnet masks. In all later versions, subnet masks can be of variable lengths, provided that the “1” bits are consecutive (e.g.,128, 192, 224, etc.). metric Specifies a new cost for crossing the route. The range is 1 to 16. The default is 1. preference Assigns a preference value to the static route.
PAGE 741
AT-S63 Management Software Command Line User’s Guide SHOW IP ARP Syntax AlliedWare Plus Command Available show ip arp Parameters None. Description This command displays the entries in the ARP cache. The ARP cache contains mappings of IP addresses to physical addresses for hosts where the switch has recently routed packets. Figure 80 is an example of the information displayed by this command. ARP Cache Timeout .........
PAGE 742
Chapter 38: Internet Protocol Version 4 Packet Routing Commands This command is not available on the AT-9408LC/SP, AT-9424T/GB, and AT-9424T/SP switches. Example This command displays the entries in the ARP cache: show ip arp AlliedWare Plus Command Syntax show arp Modes User Exec mode and Privileged Exec mode Description This AlliedWare Plus command is identical to the standard command.
PAGE 743
AT-S63 Management Software Command Line User’s Guide SHOW IP COUNTER Syntax show ip counter [port=ports|all] Parameters port Specifies the ports whose IP statistics you want to display. For instructions on how to enter port numbers, refer to “Port Numbers in Commands” on page 48. Omitting this parameter displays the statistics for all the ports. Description This command displays Layer 3 counters for the individual ports on a switch. Figure 81 is an example of the information displayed by this command.
PAGE 744
Chapter 38: Internet Protocol Version 4 Packet Routing Commands Examples This command displays the statistics for all the ports: show ip counter This command displays the statistics for ports 1 to 4: show ip counter port=1-4 744 Section VII: Internet Protocol Routing
PAGE 745
AT-S63 Management Software Command Line User’s Guide SHOW IP INTERFACE Syntax AlliedWare Plus Command Available show ip interface[=interface|eth0] Parameters interface Specifies the interface name. An interface name consists of “VLAN” followed by the name or ID (VID) of the VLAN and the interface number (e.g., vlanSales-0 or vlan4-0). If no interface value is specified, the switch displays all the interfaces. The “eth0” value can be used to designate the local interface.
PAGE 746
Chapter 38: Internet Protocol Version 4 Packet Routing Commands its IP configuration from a DHCP or BOOTP server, but the server has not responded.  NetMask - The interface’s subnet mask. The subnet mask is assigned manually to the interface or automatically by a DHCP or BOOTP server. If the mask is 0.0.0.0, the DHCP or BOOTP server has not responded.  RipMet - The hop count for this interface when routing packets with RIP.
PAGE 747
AT-S63 Management Software Command Line User’s Guide SHOW IP RIP COUNTER Syntax show ip rip counter Parameters counter Displays RIP packet statistics for all interfaces where RIP has been added. This parameter cannot be used with the INTERFACE parameter. Description This command displays RIP statistics for the entire switch. An example of the information displayed by this command is shown in Figure 83. IP RIP Counter Summary Input: inResponses......................5 inRequests.......................
PAGE 748
Chapter 38: Internet Protocol Version 4 Packet Routing Commands Example This command displays RIP packet statistics: show ip rip counter 748 Section VII: Internet Protocol Routing
PAGE 749
AT-S63 Management Software Command Line User’s Guide SHOW IP RIP INTERFACE Syntax AlliedWare Plus Command Available show ip rip interface[=interface] Parameters interface Specifies the interface name. An interface name consists of “VLAN” and the ID (VID) followed by the VLAN name or interface number, separated by a dash (e.g., vlan4-Sales or vlan4-0). If no interface value is specified, the switch displays all the interfaces with the routing protocol.
PAGE 750
Chapter 38: Internet Protocol Version 4 Packet Routing Commands  Auth - The form of authentication. Possible settings are: – NONE: no password authentication – PASS: plaintext password authentication  Password - The authentication password, displayed with asterisks. A value of NOT SET in this column indicates the interface does not have a password for RIP.  PoisonReverse - The status of split horizon and split horizon with poison reverse:  – OFF: The interface is using split horizon only.
PAGE 751
AT-S63 Management Software Command Line User’s Guide Example awplus# show router-rip Section VII: Internet Protocol Routing 751
PAGE 752
Chapter 38: Internet Protocol Version 4 Packet Routing Commands SHOW IP ROUTE Syntax AlliedWare Plus Command Available show ip route [general] [fdb] [full] Parameters general Displays general routing information, such as the total number of routes in the cache and the cache size. fdb Displays the status of the static and dynamic routes. full Displays both the routes and the general routing information.
PAGE 753
AT-S63 Management Software Command Line User’s Guide  NextHop - IP address of the next hop to the destination network or subnet.  RipMetric - RIP metric (cost) to reaching the destination.  Interface - Name of the interface where the next hop of the route is located. A hash symbol (#) following the name signifies that the route is physically “down,” meaning there are no active nodes in the VLAN of the interface.  Preference - The preference value of the route.
PAGE 754
Chapter 38: Internet Protocol Version 4 Packet Routing Commands  The interface with the next hop of the route is up (i.e., there is at least one active port in the VLAN)  There is a static or dynamic ARP entry for the next hop in the routing table. A route with a status of No has not been installed by the switch in its routing hardware and is not currently being used. Any one of the following conditions can cause a route to have this status:  The interface for the next hop of the route is down (i.
PAGE 755
AT-S63 Management Software Command Line User’s Guide Examples This command displays the IPv4 packet routes on the switch: show ip route This command displays general routing information: show ip route general This command displays both the routes and the general routing information: show ip route full AlliedWare Plus Command Syntax show ip route Modes User Exec mode and Privileged Exec mode Description This command is equivalent to entering the standard SHOW IP ROUTE command without any of the parame
PAGE 756
Chapter 38: Internet Protocol Version 4 Packet Routing Commands 756 Section VII: Internet Protocol Routing
PAGE 757
Chapter 39 BOOTP Relay Commands This chapter has the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “ADD BOOTP RELAY” on page 758  “DELETE BOOTP RELAY” on page 759  “DISABLE BOOTP RELAY” on page 760  “ENABLE BOOTP RELAY” on page 761  “PURGE BOOTP RELAY” on page 762  “SHOW BOOTP RELAY” on page 763 757
PAGE 758
Chapter 39: BOOTP Relay Commands ADD BOOTP RELAY Syntax add bootp relay=ipaddress Parameters ipaddress Specifies the IP address of a DHCP or BOOTP server. Description This command specifies the IP address of a DHCP or BOOTP server. The switch can store up to eight server IP addresses, but you can specify only one at a time with this command. Example This example adds the IP address 145.42.19.162 as a DHCP or BOOTP server: add bootp relay=145.42.19.
PAGE 759
AT-S63 Management Software Command Line User’s Guide DELETE BOOTP RELAY Syntax delete bootp relay=ipaddress Parameters ipaddress Specifies the IP address of a DHCP or BOOTP server to be deleted from the switch. Description This command deletes the IP address of a DHCP or BOOTP server from the switch. You can delete only one address one at a time with this command. Example This example deletes the server IP address 145.42.19.162: delete bootp relay=145.42.19.
PAGE 760
Chapter 39: BOOTP Relay Commands DISABLE BOOTP RELAY Syntax disable bootp relay Parameters None. Description This command deactivates the BOOTP relay agent on the switch. The routing interfaces stop forwarding BOOTP requests to DHCP or BOOTP servers from the clients on the local subnets of the switch.
PAGE 761
AT-S63 Management Software Command Line User’s Guide ENABLE BOOTP RELAY Syntax enable bootp relay Parameters None. Description This command activates the BOOTP relay agent on the switch. The routing interfaces act as relay agents for the clients of the local subnets on the switch.
PAGE 762
Chapter 39: BOOTP Relay Commands PURGE BOOTP RELAY Syntax purge bootp relay Parameters None. Description This command deactivates the BOOTP relay agent on the switch and deletes all DHCP and BOOTP server IP addresses.
PAGE 763
AT-S63 Management Software Command Line User’s Guide SHOW BOOTP RELAY Syntax show bootp relay Parameters None. Description This command displays the status of the BOOTP relay agent, the IP addresses of the servers, and packet statistics. An example of the display is shown in Figure 88. BOOTP Relaying Agent Configuration ----------------------------------------------------Status ............... Disabled Maximum hops .........
PAGE 764
Chapter 39: BOOTP Relay Commands The BOOTP statistics are:  InPackets: Total number of BOOTP packets received.  InRejects: Total number of incoming BOOTP packets rejected because of an error in the packet.  InRequests: Number of BOOTP requests received.  InReplies: Number of BOOTP replies received.  OutPackets: Total number of BOOTP packets transmitted.
PAGE 765
Chapter 40 Virtual Router Redundancy Protocol (VRRP) Commands This chapter has the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP AT-9400Ts Stacks Yes Yes Yes Yes Yes Yes  “ADD VRRP IPADDRESS” on page 766  “ADD VRRP MONITOREDINTERFACE” on page 768  “CREATE VRRP” on page 769  “DELETE VRRP IPADDRESS” on page 774  “DELETE VRRP MONITOREDINTERFACE” on page 776  “
PAGE 766
Chapter 40: Virtual Router Redundancy Protocol (VRRP) Commands ADD VRRP IPADDRESS Syntax AlliedWare Plus Command Available add vrrp=vrid ipaddress=ipaddress Parameters vrrp Specifies the ID of the virtual router, a number between 1 and 255. ipaddress Specifies a secondary IP address to be backed up by the specified virtual router. The IP address must be compatible with the IP address and subnet mask associated with the Ethernet interface over which the virtual router is operating.
PAGE 767
AT-S63 Management Software Command Line User’s Guide Description These AlliedWare Plus commands are equivalent to the standard command. Example This example adds the IP address 172.112.45.78 to a virtual router with a VRID 12: awplus> enable awplus# configure terminal awplus(config)# router vrrp 12 awplus(config-router)# interface 172.112.45.
PAGE 768
Chapter 40: Virtual Router Redundancy Protocol (VRRP) Commands ADD VRRP MONITOREDINTERFACE Syntax add vrrp=vrid monitoredinterface=interface [newpriority=1...254] Parameters vrrp Specifies the ID of the virtual router, a number between 1 and 255. monitoredinterface Specifies the name of the monitored interface from where the host is reached. An interface name consists of “VLAN” followed by the name or ID (VID) of the VLAN and the interface number (e.g., vlanSales-0 or vlan4-0).
PAGE 769
AT-S63 Management Software Command Line User’s Guide CREATE VRRP Syntax AlliedWare Plus Command Available create vrrp=vrid over=interface ipaddress=ipaddress [adinterval=1...255] [authentication=none|plaintext] [password=password] [portmonitoring=on|off] [portreset=on|off] [preempt=on|off] [priority=1..254] [stepvalue=1..254|proportional] [delay=0..3600] Parameters vrrp Specifies the ID of the virtual router, a number between 1 and 255.
PAGE 770
Chapter 40: Virtual Router Redundancy Protocol (VRRP) Commands passwords. You must configure all switches in the same virtual router with the same password. portmonitoring portreset preempt Specifies whether the VRRP should monitor the ports of the VLAN and alter the priority value if ports fail or are disabled. The options are: on Specifies that port monitoring should be on. If you choose not to specify a stepvalue, the stepvalue is set to proportional by default.
PAGE 771
AT-S63 Management Software Command Line User’s Guide stepvalue Specifies the value by which the priority of the virtual router should be decremented each time a VLAN port fails or is disabled when the portmonitoring parameter is set to ON. The options are: 1...254 Specifies a value to decrement the priority of the virtual router. proportional Specifies that the virtual router reduces the priority in proportion to the percentage of available ports.
PAGE 772
Chapter 40: Virtual Router Redundancy Protocol (VRRP) Commands AlliedWare Plus Command Syntax To assign an ID to a new virtual router: router vrrp vrid To assign the interface and a secondary IP address: virtual-ip ipaddress interface To assign the interval in seconds between advertisement packets: advertisement-interval value To set authentication to plaintext: password password To set authentication to none: no authentication To enable or disable port monitoring: port-monitor true|false To specify
PAGE 773
AT-S63 Management Software Command Line User’s Guide For all the other commands: Router mode Description These AlliedWare Plus commands are equivalent to the standard command. Examples This example creates a virtual router with the VRID 12 and the IP address 149.42.11.12 for the VLAN5-0 interface. The virtual router uses plaintext authentication with the password “wen52an” and port monitoring: awplus> enable awplus# configure terminal awplus(config)# router vrrp 12 awplus(config-router)# virtual-ip 149.
PAGE 774
Chapter 40: Virtual Router Redundancy Protocol (VRRP) Commands DELETE VRRP IPADDRESS Syntax AlliedWare Plus Command Available delete vrrp=vrid ipaddress=ipaddress Parameters vrrp Specifies the ID of the virtual router, a number between 1 and 255. ipaddress Specifies a secondary IP address to be deleted from the group of IP addresses backed up by the specified virtual router.
PAGE 775
AT-S63 Management Software Command Line User’s Guide Example This example removes the IP address 172.112.45.78 from a virtual router with the VRID 12: awplus> enable awplus# configure terminal awplus(config)# router vrrp 12 awplus(config-router)# no interface 172.112.45.
PAGE 776
Chapter 40: Virtual Router Redundancy Protocol (VRRP) Commands DELETE VRRP MONITOREDINTERFACE Syntax delete vrrp=vrid monitoredinterface=interface Parameters vrrp Specifies the ID of the virtual router, a number between 1 and 255. monitoredinterface Specifies the monitored interface to be deleted. An interface name consists of “VLAN” followed by the name or ID (VID) of the VLAN and the interface number (e.g., vlan-Sales-0 or vlan4-0). Description This command deletes a monitored interface.
PAGE 777
AT-S63 Management Software Command Line User’s Guide DESTROY VRRP Syntax AlliedWare Plus Command Available destroy vrrp=[vrid|all] Parameters vrrp Specifies the ID of the virtual router. The options are: vrid Specifies the ID of a single virtual router, a number between 1 and 255. all Specifies that the switch be removed from all the virtual routers in which it participates. Note To destroy a virtual router completely on the LAN, you must destroy it on all the switches participating in it.
PAGE 778
Chapter 40: Virtual Router Redundancy Protocol (VRRP) Commands Description These AlliedWare Plus commands are equivalent to the standard command.
PAGE 779
AT-S63 Management Software Command Line User’s Guide DISABLE VRRP Syntax AlliedWare Plus Command Available disable vrrp[=vrid|all] Parameters vrrp Specifies the ID of the virtual router. The options are: vrid Specifies the ID of a single virtual router, a number between 1 and 255. all Specifies that the switch be removed from all the virtual routers in which it participates. Description This command disables VRRP on the switch or disables a switch’s participation in the specified virtual router.
PAGE 780
Chapter 40: Virtual Router Redundancy Protocol (VRRP) Commands Description These AlliedWare Plus commands are used to disable individual virtual routers. To disable VRRP on the switch, use the standard DISABLE VRRP command.
PAGE 781
AT-S63 Management Software Command Line User’s Guide ENABLE VRRP Syntax AlliedWare Plus Command Available enable vrrp[=vrid|all] Parameters vrrp Specifies the ID of the virtual router. The options are: vrid Specifies the ID of a single virtual router, a number between 1 and 255. all Specifies that all the virtual routers in which the switch participates be enabled. Description This command enables VRRP on the switch, or enables the switch’s participation in a specific virtual router.
PAGE 782
Chapter 40: Virtual Router Redundancy Protocol (VRRP) Commands command.
PAGE 783
AT-S63 Management Software Command Line User’s Guide SET VRRP Syntax AlliedWare Plus Command Available set vrrp=vrid [adinterval=1...255] [authentication=none|plaintext] [password=password] [portnomitoring=on|off] [portreset=on|off] [preempt=on|off] [priority=1..254] [stepvalue=1..254|proportional] [delay=0..3600] Parameters vrrp Specifies the ID of the virtual router, a number between 1 and 255. adinterval Specifies the interval in seconds between advertisement packets.
PAGE 784
Chapter 40: Virtual Router Redundancy Protocol (VRRP) Commands off portreset preempt Specifies that port monitoring should be off.This is the default. Specifies that ports of a VLAN that has a virtual router be reset when a virtual router transitions from backup to master status. The options are: on Specifies that the VLAN ports be reset. off Specifies that the VLAN ports are not reset. Specifies whether a higher priority switch preempts a lower priority switch acting as the master.
PAGE 785
AT-S63 Management Software Command Line User’s Guide delay Specifies the number of seconds that a higher priority switch must wait before preempting a lower priority switch. This parameter is only valid when the preempt parameter is set to ON. After the switch assumes the highest priority, it waits the delay time and then assumes control. A delay ensures that there is enough time for the master to update its routing tables before taking over. The range is 0 to 3600 and the default is 0 (off).
PAGE 786
Chapter 40: Virtual Router Redundancy Protocol (VRRP) Commands To change the priority: priority value To change the step value: step-value value|proportional To change the delay value: delay value Mode For the ROUTER VRRP command: Configure mode For all the other commands: Router mode Description These AlliedWare Plus commands are equivalent to the standard command. Examples This example modifies the virtual router with the VRID 12.
PAGE 787
AT-S63 Management Software Command Line User’s Guide SHOW VRRP Syntax AlliedWare Plus Command Available show vrrp[=vrid|all] Parameters vrrp Specifies the ID of the virtual router. The options are: vrid Specifies an ID of a virtual router you want to display. The number can be from 1 and 255. all Displays all of the virtual routers. Description This command is used to display information about the virtual routers. You can display all of them or specific virtual routers.
PAGE 788
Chapter 40: Virtual Router Redundancy Protocol (VRRP) Commands The information in the display is described in Table 26. Table 26. SHOW VRRP Command Information Section Configuration 788 Parameter Description Virtual Router Identifier Virtual router identifier. VR MAC Address Virtual router’s MAC address, derived from the virtual router identifier. Interface LAN interface that the virtual router is operating on. Priority Priority of the switch for assuming the master role for the virtual router.
PAGE 789
AT-S63 Management Software Command Line User’s Guide Table 26. SHOW VRRP Command Information (Continued) Section Monitored Interfaces Counters Parameter Description Step Value If a number is displayed, this is the value by which the priority of the virtual router is reduced by each VLAN port that fails or is disabled. If “Proportional” is shown, the priority is reduced in proportion to the percentage of VLAN ports that are out of service. Port Reset Whether port reset is on.
PAGE 790
Chapter 40: Virtual Router Redundancy Protocol (VRRP) Commands Description This AlliedWare Plus command displays all of the virtual routers. Unlike the standard command, you cannot specify individual virtual routers.
PAGE 791
Section VIII Port Security This section contains the following chapters: Section VIII: Port Security  Chapter 41, “MAC Address-based Port Security Commands” on page 793  Chapter 42, “802.
PAGE 792
Section VIII: Port Security
PAGE 793
Chapter 41 MAC Address-based Port Security Commands This chapter contains the following command: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “SET SWITCH PORT INTRUSIONACTION” on page 794  “SET SWITCH PORT SECURITYMODE” on page 796  “SHOW SWITCH PORT INTRUSION” on page 800  “SHOW SWITCH PORT SECURITYMODE” on page 802 793
PAGE 794
Chapter 41: MAC Address-based Port Security Commands SET SWITCH PORT INTRUSIONACTION Syntax AlliedWare Plus Command Available set switch port=port intrusionaction=discard|trap|disable Parameters port Specifies the port where you want to change the intrusion action. You can specify more than one port at a time. For instructions on how to enter port numbers, refer to “Port Numbers in Commands” on page 48. intrusionaction Specifies the action the port takes when it receives an invalid frame.
PAGE 795
AT-S63 Management Software Command Line User’s Guide To set a port to discard invalid packets, to send SNMP traps, and to disable the port: switchport port-security violation shutdown Mode Port Interface mode Description These AlliedWare Plus commands are identical to the standard command.
PAGE 796
Chapter 41: MAC Address-based Port Security Commands SET SWITCH PORT SECURITYMODE Syntax AlliedWare Plus Command Available set switch port=port [securitymode=automatic|limited|secured|locked] [intrusionaction=discard|trap|disable] [learn=value] [participate=yes|no|on|off|true|false] Parameters port Specifies the port where you want to set security. You can specify more than one port at a time. For instructions on how to enter port numbers, refer to “Port Numbers in Commands” on page 48.
PAGE 797
AT-S63 Management Software Command Line User’s Guide intrusionaction Specifies the action taken by the port in the event port security is violated. This parameter applies only to the Limited security mode. Intrusion actions are: discard Discards invalid frames. This is the default setting. trap Discards invalid frames and sends a management trap. disable Discards invalid frames, sends a management trap, and disables the port.
PAGE 798
Chapter 41: MAC Address-based Port Security Commands Examples The following command sets the security level for port 8 to the Limited mode and specifies a limit of 5 dynamic MAC addresses. Because no intrusion action is specified, the discard action is assigned by default: set switch port=8 securitymode=limited learn=5 The following command sets the security level for ports 9 and 12 to the Limited mode and specifies a limit of 15 dynamic MAC addresses per port.
PAGE 799
AT-S63 Management Software Command Line User’s Guide Mode Port Interface mode Description This command lets you set ports to the limited security mode. You cannot use the AlliedWare Plus commands to set ports to the Secured or Locked security mode.
PAGE 800
Chapter 41: MAC Address-based Port Security Commands SHOW SWITCH PORT INTRUSION Syntax AlliedWare Plus Command Available show switch port=port intrusion Parameter port Specifies the port where you want to view the number of intrusions that have occurred. You can specify more than one port at a time. Description This command displays the number of times a port has detected an intrusion violation.
PAGE 801
AT-S63 Management Software Command Line User’s Guide Example awplus# show port-security intrusion interface 15 Section VIII: Port Security 801
PAGE 802
Chapter 41: MAC Address-based Port Security Commands SHOW SWITCH PORT SECURITYMODE Syntax AlliedWare Plus Command Available show switch port=port securitymode Parameters port Specifies the port whose security mode settings you want to view. You can display more than one port at a time. For instructions on how to enter port numbers, refer to “Port Numbers in Commands” on page 48. Description This command displays the security mode settings for the ports on the switch.
PAGE 803
AT-S63 Management Software Command Line User’s Guide Example The following command displays the security mode settings for ports 1 to 5: show switch port=1-5 securitymode AlliedWare Plus Command Syntax show port-security interface port Modes User Exec mode and Privileged Exec mode Description This AlliedWare Plus command is identical to the standard command.
PAGE 804
Chapter 41: MAC Address-based Port Security Commands 804 Section VIII: Port Security
PAGE 805
Chapter 42 802.
PAGE 806
Chapter 42: 802.1x Port-based Network Access Control Commands DISABLE PORTACCESS|PORTAUTH Syntax AlliedWare Plus Command Available disable portaccess|portauth Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters None. Description This command disables 802.1x Port-based Network Access Control on the switch. This is the default setting. Example The following command disables 802.
PAGE 807
AT-S63 Management Software Command Line User’s Guide DISABLE RADIUSACCOUNTING Syntax disable radiusaccounting Parameters None Description This command disables RADIUS accounting on the switch. Example The following command disables RADIUS accounting: disable radiusaccounting Equivalent Command set radiusaccounting status=disabled For information, see “SET RADIUSACCOUNTING” on page 824.
PAGE 808
Chapter 42: 802.1x Port-based Network Access Control Commands ENABLE PORTACCESS|PORTAUTH Syntax AlliedWare Plus Command Available enable portaccess|portauth Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters None. Description This command activates 802.1x Port-based Network Access Control on the switch. The default setting for this feature is disabled. Note You should activate and configure the RADIUS client software on the switch before activating port-based access control.
PAGE 809
AT-S63 Management Software Command Line User’s Guide ENABLE RADIUSACCOUNTING Syntax enable radiusaccounting Parameters None Description This command activates RADIUS accounting on the switch. Example The following command activates RADIUS accounting: enable radiusaccounting Equivalent Command set radiusaccounting status=enabled For information, see “SET RADIUSACCOUNTING” on page 824.
PAGE 810
Chapter 42: 802.
PAGE 811
AT-S63 Management Software Command Line User’s Guide type or role mode control Specifies the role of the port. The parameters are equivalent. The options are: authenticator Specifies the authenticator role. none Disables port-based access control on the port. Controls the operating mode of an authenticator port. The options are: single Configures the port to accept only one authentication. This authenticator mode should be used together with the piggyback mode.
PAGE 812
Chapter 42: 802.1x Port-based Network Access Control Commands and the authentication server. Each client that attempts to access the network is uniquely identified by the switch by using the client's MAC address. This is the default setting. 812 authorised or forceauthenticate Disables 802.1X port-based authentication and causes the port to transition to the authorized state without any authentication exchange required. The port transmits and receives normal traffic without 802.
PAGE 813
AT-S63 Management Software Command Line User’s Guide the switch or the switch is reset or power cycled. reauthperiod Enables periodic reauthentication of the client, which is disabled by default. The default value is 3600 seconds. The range is 1 to 65,535 seconds. supptimeout Sets the switch-to-client retransmission time for the EAP-request frame. The default value for this parameter is 30 seconds. The range is 1 to 600 seconds.
PAGE 814
Chapter 42: 802.1x Port-based Network Access Control Commands both An authenticator port, when in the unauthorized state, does not forward ingress or egress broadcast and multicast packets from or to the client until the client has logged on. This parameter is only available when the authenticator’s operating mode is set to single. When set to multiple, an authenticator port does not forward ingress or egress broadcast or multicast packets until at least one client has logged on.
PAGE 815
AT-S63 Management Software Command Line User’s Guide A Guest VLAN is only supported when the operating mode of the port is set to Single. The specified VLAN must already exist on the switch. vlanassignment securevlan Specifies whether to use the VLAN assignments entered in the user accounts on the RADIUS server. Options are: enabled Specifies that the authenticator port is to use the VLAN assignments returned by the RADIUS server when a supplicant logs on. This is the default setting.
PAGE 816
Chapter 42: 802.1x Port-based Network Access Control Commands Examples The following command sets ports 4 to 6 to the authenticator role. The authentication method is set to 802.1x, meaning that the supplicants must have 802.1x client software and provide a username and password, either automatically or manually, when logging on and during reauthentications. The operating mode is set to Single and the piggy back mode to disabled. With these settings, only one supplicant can use each port.
PAGE 817
AT-S63 Management Software Command Line User’s Guide The following command assigns the Guest VLAN “Product_show” to authenticator ports 5 and 12. The ports function as untagged members of the VLAN and allow any network user access to the VLAN without logging on. However, should a port start to receive EAPOL packets, it assumes that a supplicant is initiating a log on and changes to the unauthorized state.
PAGE 818
Chapter 42: 802.1x Port-based Network Access Control Commands AlliedWare Plus Commands Syntax for 802.1x Username and Password Authentication To set a port to the authenticator role for 802.
PAGE 819
AT-S63 Management Software Command Line User’s Guide no dot1x timeout server-timeout no dot1x max-req Syntax for 802.1x MAC Address-based Authentication To set a port to MAC address-based authentication: auth-mac enable To remove MAC address-based authentication from a port: auth-mac disable Mode Port Interface mode Description You cannot use the AlliedWare Plus commands to set the following authenticator port settings.
PAGE 820
Chapter 42: 802.
PAGE 821
AT-S63 Management Software Command Line User’s Guide SET PORTACCESS|PORTAUTH PORT ROLE=SUPPLICANT Syntax AlliedWare Plus Command Available set portaccess|portauth port=port type|role=supplicant|none [authperiod=value] [heldperiod=value] [maxstart=value] [startperiod=value] [username|name=name] [password=password] Note The PORTACCESS and PORTAUTH keywords are equivalent.
PAGE 822
Chapter 42: 802.1x Port-based Network Access Control Commands username or name Specifies the username for the switch port. The parameters are equivalent. The port sends the name to the authentication server for verification when the port logs on to the network. The username can be from 1 to 16 alphanumeric characters (A to Z, a to z, 1 to 9). Do not use spaces or special characters, such as asterisks or exclamation points. The username is case-sensitive.
PAGE 823
AT-S63 Management Software Command Line User’s Guide dot1x dot1x dot1x dot1x supplicant-params supplicant-params supplicant-params supplicant-params held-period 0-65535 max-start 1-10 username username password password Mode Port Interface mode Description These AlliedWare Plus commands are equivalent to the standard command. However, the STARTPERIOD parameter can not be set with the AlliedWare Plus commands.
PAGE 824
Chapter 42: 802.1x Port-based Network Access Control Commands SET RADIUSACCOUNTING Syntax set radiusaccounting [status=enabled|disabled] [serverport=value] [type=network] [trigger=start_stop|stop_only] [updateenable=enabled|disabled] [interval=value] Parameters status 824 Activates and deactivates RADIUS accounting on the switch. The options are: enabled Activates RADIUS accounting. This option is equivalent to “ENABLE RADIUSACCOUNTING” on page 809. disabled Deactivates the feature.
PAGE 825
AT-S63 Management Software Command Line User’s Guide Description RADIUS accounting is supported on those switch ports operating in the Authenticator role. The accounting information sent by the switch to a RADIUS server includes the date and time when clients log on and log off, as well as the number of packets sent and received by a switch port during a client session. This feature is disabled by default on the switch.
PAGE 826
Chapter 42: 802.1x Port-based Network Access Control Commands SHOW PORTACCESS|PORTAUTH Syntax AlliedWare Plus Command Available show portaccess|portauth[=8021x|macbased] [config] [status] Parameters portaccess or portauth Specifies the authenticator method of a port. Options are: 8021x Displays information on the 802.1x authenticator ports. macbased Displays information on the MAC address-based authenticator ports. config Displays the settings of the authenticator and supplicant ports.
PAGE 827
AT-S63 Management Software Command Line User’s Guide Examples The following command displays the 802.1x authenticator ports: show portaccess=8021x The following command displays the MAC address-based authenticator ports: show portaccess=macbased AlliedWare Plus Commands Syntax To display the settings of the RADIUS client: show dot1x statistics To display information about the 802.
PAGE 828
Chapter 42: 802.1x Port-based Network Access Control Commands SHOW PORTACCESS|PORTAUTH PORT Syntax AlliedWare Plus Command Available show portaccess|portauth[=8021x|macbased] port=port [authenticator|supplicant] Parameters portaccess or portauth Specifies the authenticator method of the port. Options are: 8021x Displays information for an 802.1x authenticator port. macbased Displays information for a MAC addressbased authenticator port.
PAGE 829
AT-S63 Management Software Command Line User’s Guide Port 1 PAE Type.................. Supplicant Mode........... AuthControlPortControl.... quietPeriod............... txPeriod.................. suppTimeout............... serverTimeout............. maxReq.................... reAuthPeriod.............. reAuthEnabled............. vlanAssignment............ secureVlan................ guestVlan................. adminControlDirection..... piggyBack.................
PAGE 830
Chapter 42: 802.
PAGE 831
AT-S63 Management Software Command Line User’s Guide SHOW RADIUSACCOUNTING Syntax AlliedWare Plus Command Available show radiusaccounting Parameters None. Description This command displays the current parameter settings for RADIUS accounting, which sends updates of supplicant activity on the switch’s authenticator ports to the RADIUS server. Figure 94 is an example of the information displayed by this command. Radius Accounting Configuration ------------------------------------Radius Accounting Status .
PAGE 832
Chapter 42: 802.1x Port-based Network Access Control Commands  Radius Accounting Update Interval - Specifies the interval at which the switch sends interim accounting updates to the RADIUS server. The default is 60 seconds.
PAGE 833
Section IX Management Security This section contains the following chapters: Section IX: Management Security  Chapter 43, “Web Server Commands” on page 835  Chapter 44, “Encryption Key Commands” on page 845  Chapter 45, “Public Key Infrastructure (PKI) Certificate Commands” on page 853  Chapter 46, “Secure Sockets Layer (SSL) Commands” on page 869  Chapter 47, “Secure Shell (SSH) Commands” on page 873  Chapter 48, “TACACS+ and RADIUS Commands” on page 881  Chapter 49, “Management Acc
PAGE 834
Section IX: Management Security
PAGE 835
Chapter 43 Web Server Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “DISABLE HTTP SERVER” on page 836  “ENABLE HTTP SERVER” on page 837  “PURGE HTTP SERVER” on page 838  “SET HTTP SERVER” on page 839  “SHOW HTTP SERVER” on page 844 835
PAGE 836
Chapter 43: Web Server Commands DISABLE HTTP SERVER Syntax AlliedWare Plus Command Available disable http server Parameters None. Description This command disables the web server on the switch. When the server is disabled, you cannot manage the switch from a web browser. To view the current status of the web server, see “SHOW HTTP SERVER” on page 844. The default setting for the web server is enabled.
PAGE 837
AT-S63 Management Software Command Line User’s Guide ENABLE HTTP SERVER Syntax AlliedWare Plus Command Available enable http server Parameters None. Description This command activates the web server on the switch. The web server is used to manage the unit with a web browser on a remote workstation. To view the current status of the web server, see “SHOW HTTP SERVER” on page 844. The default setting for the web server is enabled.
PAGE 838
Chapter 43: Web Server Commands PURGE HTTP SERVER Syntax purge http server Parameters None. Description This command resets the HTTP server to its default values, as specified in Appendix A, “AT-S63 Default Settings” in the AT-S63 Management Software Menus Interface User’s Guide. To view the current web server settings, refer to “SHOW HTTP SERVER” on page 844.
PAGE 839
AT-S63 Management Software Command Line User’s Guide SET HTTP SERVER Syntax set http server [security=enabled|disabled] [sslkeyid=keyid] [port=port] Parameters security Specifies the security mode of the web server. The options are: enabled Specifies that the web server is to function in the secure HTTPS mode. disabled Specifies that the web server is to function in the non-secure HTTP mode. This is the default. sslkeyid Specifies a key pair ID.
PAGE 840
Chapter 43: Web Server Commands Examples The following command configures the web server for the non-secure HTTP mode. Since no port is specified, the default HTTP port 80 is used: set http server security=disabled The following command configures the web server for the secure HTTPS mode. It specifies the key pair ID as 5.
PAGE 841
AT-S63 Management Software Command Line User’s Guide 2. This command creates a self-signed certificate using the key created in step 1. The certificate is assigned the filename “Sw12cert.cer. (The “.cer” extension is not included in the command because it is added automatically by the management software.) The certificate is assigned the serial number 0 and a distinguished name of 149.11.11.
PAGE 842
Chapter 43: Web Server Commands 5. Upload the enrollment request from the switch to a management station or TFTP server using “UPLOAD METHOD=XMODEM” on page 299 or “UPLOAD METHOD=TFTP” on page 296. 6. Submit the enrollment request to a CA. 7. After you have received the CA certificates, download them into the switch’s file system using “LOAD METHOD=XMODEM” on page 285 or “LOAD METHOD=TFTP” on page 278. 8. Add the CA certificates to the certificate database using “ADD PKI CERTIFICATE” on page 854. 9.
PAGE 843
AT-S63 Management Software Command Line User’s Guide 5. These commands download the CA certificates into the switch’s file system from the TFTP server. The commands assume that the IP address of the server is 149.88.88.88 and that the certificate names are “sw24cer.cer” and “ca.cer”. (This step could be performed using Xmodem.) load method=tftp destfile=sw24cer.cer server=149.88.88.88 file=c:sw24cer.cer load method=tftp destfile=ca.cer server=149.88.88.88 file=c:ca.cer 6.
PAGE 844
Chapter 43: Web Server Commands SHOW HTTP SERVER Syntax show http server Parameters None.
PAGE 845
Chapter 44 Encryption Key Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “CREATE ENCO KEY” on page 846  “DESTROY ENCO KEY” on page 850  “SET ENCO KEY” on page 851  “SHOW ENCO” on page 852 845
PAGE 846
Chapter 44: Encryption Key Commands CREATE ENCO KEY Syntax 1 AlliedWare Plus Command Available create enco key=key-id type=rsa length=value [description="description"] Syntax 2 create enco key=key-id type=rsa [description="description"] [file=filename.key] [format=hex|ssh|ssh2] Parameters key Specifies a key ID. The range is 0 to 65,535. The default is 0. When creating a new key this value must be unique from all other key IDs on the switch.
PAGE 847
AT-S63 Management Software Command Line User’s Guide ssh Specifies a format for Secure Shell version 1 users. ssh2 Specifies a format for Secure Shell version 2 users. Description This command serves two functions. One is to create encryption keys. The other is to import and export public encryption keys from the AT-S63 file system to the key database. Caution Key generation is a CPU-intensive process.
PAGE 848
Chapter 44: Encryption Key Commands Syntax 1 Examples This example creates a key with the ID of 12 and a length of 512 bits: create enco key=12 type=rsa length=512 This example creates a key with the ID of 4, a length of 1024 bits, and a description of “Switch12a encryption key”: create enco key=4 type=rsa length=1024 description="Switch12a encryption key" Syntax 2 Description Syntax 2 is used to import and export public encryption keys.
PAGE 849
AT-S63 Management Software Command Line User’s Guide when exporting a key. The description will appear next to the key when you view the key database. Descriptions can help you identify the different keys stored in the switch. The FORMAT parameter specifies the format of the key, which can be either Secure Shell format (SSH version 1 or 2) or hexadecimal format (HEX). The FORMAT parameter must be specified when importing or exporting keys. The default is HEX.
PAGE 850
Chapter 44: Encryption Key Commands DESTROY ENCO KEY Syntax AlliedWare Plus Command Available destroy enco key=key-id Parameter key Specifies the ID number of the key pair to be deleted from the key database. Description This command deletes an encryption key pair from the key database. This command also deletes a key’s corresponding ”.UKF” file from the file system.
PAGE 851
AT-S63 Management Software Command Line User’s Guide SET ENCO KEY Syntax set enco key=key-id description="description" Parameters key Specifies the ID number of the key pair whose description you want to change. description Specifies the new description of the key. The description can contain up to 25 alphanumeric characters. Spaces are allowed. The description must be enclosed in double quotes. Description This command changes the description of a key pair.
PAGE 852
Chapter 44: Encryption Key Commands SHOW ENCO Syntax AlliedWare Plus Command Available show enco key[=key-id] Parameters key Specifies the ID of a specific key whose information you want to display. Otherwise, all keys are displayed. Description This command displays information about encryption key pairs stored in the key database.
PAGE 853
Chapter 45 Public Key Infrastructure (PKI) Certificate Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “ADD PKI CERTIFICATE” on page 854  “CREATE PKI CERTIFICATE” on page 856  “CREATE PKI ENROLLMENTREQUEST” on page 859  “DELETE PKI CERTIFICATE” on page 861  “PURGE PKI
PAGE 854
Chapter 45: Public Key Infrastructure (PKI) Certificate Commands ADD PKI CERTIFICATE Syntax add pki certificate="name" location="filename.cer" [trusted=yes|no|on|off|true|false] [type=ca|ee|self] Parameters certificate Specifies a name for the certificate. This is the name for the certificate as it will appear in the certificate database list. The name can up to 40 alphanumeric characters. Spaces are allowed. If the name contains spaces, it must be enclosed in double quotes.
PAGE 855
AT-S63 Management Software Command Line User’s Guide The CERTIFICATE parameter assigns the certificate a name. The name can be from 1 to 40 alphanumeric characters. Each certificate in the database should be given a unique name. The LOCATION parameter specifies the filename of the certificate as stored in the switch’s file system. When specifying the filename, be sure to include the file extension “.cer”. The TRUSTED parameter specifies whether the certificate is from a trusted CA. The default is TRUE.
PAGE 856
Chapter 45: Public Key Infrastructure (PKI) Certificate Commands CREATE PKI CERTIFICATE Syntax create pki certificate=name keypair=key-id serialnumber=value [format=der|pem] subject="distinguished-name" Parameters certificate Specifies a name for the self-signed certificate. The name can be from one to eight alphanumeric characters. Spaces are allowed; if included, the name must be enclosed in double quotes. The management software automatically adds the “.cer” extension.
PAGE 857
AT-S63 Management Software Command Line User’s Guide encrypted web browser management systems until it is loaded into the database. For instructions, refer to “ADD PKI CERTIFICATE” on page 854. Note For a review of the steps to configuring the web server for a selfsigned certificate, refer to “SET HTTP SERVER” on page 839. The CERTIFICATE parameter assigns a file name to the certificate. This is the name under which the certificate will be stored as in the switch’s file system.
PAGE 858
Chapter 45: Public Key Infrastructure (PKI) Certificate Commands Examples The following command creates a self-signed certificate. It assigns the certificate the filename “sw12.cer”. (The management software automatically adds the “.cer” extension.) The command uses the key pair with the ID 12 to create the certificate. The format is ASCII and the distinguished name is the IP address of a master switch: create pki certificate=sw12 keypair=12 serialnumber=0 format=pem subject="cn=149.11.11.
PAGE 859
AT-S63 Management Software Command Line User’s Guide CREATE PKI ENROLLMENTREQUEST Syntax create pki enrollmentrequest="name" keypair=key-id [format=der|pem] [type=pkcs10] Parameters enrollmentrequest Specifies a filename for the enrollment request. The filename can be from 1 to 8 alphanumeric characters. If the name contains spaces, it must be enclosed in double quotes. The management software automatically adds the “.csr” extension.
PAGE 860
Chapter 45: Public Key Infrastructure (PKI) Certificate Commands The ENROLLMENTREQUEST parameter specifies a filename for the request. The filename can contain from 1 to 8 alphanumeric characters. If spaces are used, the name must be enclosed in quotes. The management software automatically adds the “.csr” extension. This is the filename under which the request will be stored in the file system. The KEYPAIR parameter specifies the key that you want to use to create the enrollment request.
PAGE 861
AT-S63 Management Software Command Line User’s Guide DELETE PKI CERTIFICATE Syntax delete pki certificate="name" Parameter certificate Specifies the name of the certificate you want to delete from the certificate database. The name is case sensitive. If the name contains spaces, it must be enclosed in double quotes. Wildcards are not allowed. Description This command deletes a certificate from the switch’s certificate database.
PAGE 862
Chapter 45: Public Key Infrastructure (PKI) Certificate Commands PURGE PKI Syntax purge pki Parameters None. Description This command deletes all certificates from the certificate database and resets the certificate database storage limit to the default. This command does not delete the certificates from the file system. To delete files from the file system, refer to “DELETE FILE” on page 260.
PAGE 863
AT-S63 Management Software Command Line User’s Guide SET PKI CERTIFICATE Syntax set pki certificate="name" [trusted=yes|no|on|off|true|false] [type=ca|ee|self] Parameters certificate Specifies the certificate name whose trust or type you want to change. The name is case sensitive. If the name contains spaces, it must be enclosed in quotes. trusted Specifies whether or not the certificate is from a trusted CA. The options are: type yes, on, true Specifies that the certificate is from a trusted CA.
PAGE 864
Chapter 45: Public Key Infrastructure (PKI) Certificate Commands Note The TRUSTED and TYPE parameters have no affect on the operation of a certificate. You can select any permitted value for either parameter. The parameters are included only as placeholders for information in the certificate database. Example The following command sets the certificate named “Switch 12 certificate” to be trusted.
PAGE 865
AT-S63 Management Software Command Line User’s Guide SET PKI CERTSTORELIMIT Syntax set pki certstorelimit=value Parameter certstorelimit Specifies the maximum number of certificates the certificate database can store. The range is 12 and 256; the default is 256. Description This command sets the maximum number of certificates the database can store.
PAGE 866
Chapter 45: Public Key Infrastructure (PKI) Certificate Commands SET SYSTEM DISTINGUISHEDNAME Syntax set system distinguishedname="name" Parameter distinguishedname Specifies the distinguished name for the switch. The name must be enclosed in quotes. Description This command sets the distinguished name for the switch. The distinguished name is used to create a self signed certificate or enrollment request.
PAGE 867
AT-S63 Management Software Command Line User’s Guide SHOW PKI Syntax show pki Parameters None. Description This command displays the current setting for the maximum number of certificates the switch will allow you to store in the certificate database. To change this value, refer to “SET PKI CERTSTORELIMIT” on page 865.
PAGE 868
Chapter 45: Public Key Infrastructure (PKI) Certificate Commands SHOW PKI CERTIFICATE Syntax show pki certificate[="name"] Parameter certificate Specifies the name of a certificate. If the name contains spaces, it must be enclosed in double quotes. This parameter is case sensitive. Wildcards are not allowed. Description This command lists all of the certificates in the certificates database. This command can also display information about a specific certificate in the database.
PAGE 869
Chapter 46 Secure Sockets Layer (SSL) Commands This chapter contains the following command: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “SET SSL” on page 870  “SHOW SSL” on page 871 869
PAGE 870
Chapter 46: Secure Sockets Layer (SSL) Commands SET SSL Syntax set ssl [cachetimeout=value] [maxsessions=value] Parameters cachetimeout Specifies the maximum time in seconds that a session will be retained in the cache The range is 1 to 600 seconds. The default is 300 seconds. maxsessions Specifies the maximum number of sessions that will be allowed in the session resumption cache. The range is 0 to 100 sessions. The default is 50 sessions. Description This command configures the SSL parameters.
PAGE 871
AT-S63 Management Software Command Line User’s Guide SHOW SSL Syntax show ssl Parameters None.
PAGE 872
Chapter 46: Secure Sockets Layer (SSL) Commands 872 Section IX: Management Security
PAGE 873
Chapter 47 Secure Shell (SSH) Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes  “DISABLE SSH SERVER” on page 874  “ENABLE SSH SERVER” on page 875  “SET SSH SERVER” on page 878  “SHOW SSH” on page 879 873
PAGE 874
Chapter 47: Secure Shell (SSH) Commands DISABLE SSH SERVER Syntax AlliedWare Plus Command Available disable ssh server Parameters None. Description This command disables the Secure Shell server. When the Secure Shell server is disabled, you cannot remotely manage the unit with a Secure Shell client. The default setting for the Secure Shell server is disabled.
PAGE 875
AT-S63 Management Software Command Line User’s Guide ENABLE SSH SERVER Syntax AlliedWare Plus Command Available enable ssh server hostkey=key-id serverkey=key-id [expirytime=hours] [logintimeout=seconds] Parameters hostkey Specifies the ID number of the encryption key pair to function as the host key. serverkey Specifies the ID number of the encryption key pair to function as the server key. expirytime Specifies the length of time, in hours, after which the server key pair is regenerated.
PAGE 876
Chapter 47: Secure Shell (SSH) Commands Note Before you enable SSH, disable the Telnet management session. Otherwise, the security provided by SSH is not active. See “DISABLE TELNET” on page 67. Example The following command activates the Secure Shell server and specifies encryption key pair 0 as the host key and key pair 1 as the server key: enable ssh server hostkey=0 serverkey=1 General Configuration Steps for SSH Operation Configuring the SSH server involves several commands.
PAGE 877
AT-S63 Management Software Command Line User’s Guide Example The following is an example of the command sequence to configuring the SSH software on the server: 1. The first step is to create the two encryption key pairs. Each key must be created separately and the key lengths must be at least one increment (256 bits) apart.
PAGE 878
Chapter 47: Secure Shell (SSH) Commands SET SSH SERVER Syntax set ssh server hostkey=key-id serverkey=key-id [expirytime=hours] [logintimeout=seconds] Parameters hostkey Specifies the ID number of the encryption key pair to function as the host key. serverkey Specifies the ID number of the encryption key pair to function as the server key. expirytime Specifies the length of time, in hours, after which the server key pair is regenerated. The range is 0 to 5 hours. Entering 0 never regenerates the key.
PAGE 879
AT-S63 Management Software Command Line User’s Guide SHOW SSH Syntax AlliedWare Plus Command Available show ssh Parameters None.
PAGE 880
Chapter 47: Secure Shell (SSH) Commands Description This AlliedWare Plus command is identical to the standard command.
PAGE 881
Chapter 48 TACACS+ and RADIUS Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks Yes* (*Stacks do not support the TACACS+ protocol.
PAGE 882
Chapter 48: TACACS+ and RADIUS Commands ADD RADIUSSERVER Syntax AlliedWare Plus Command Available add radiusserver server|ipaddress=ipaddress order=value [secret=string] [port=value] [accport=value] Parameters server or ipaddress Specifies an IP address of a RADIUS server. The parameters are equivalent. order Specifies the order that the RADIUS servers are queried by the switch. This value can be from 1 to 3. The servers are queried starting with 1.
PAGE 883
AT-S63 Management Software Command Line User’s Guide The following command adds the RADIUS server with the IP address 149.245.22.22. It specifies the server as the third RADIUS server to be queried by the switch and that it uses the UDP port 3: add radiusserver ipaddress=149.245.22.22 order=3 port=3 The following command adds a RADIUS server with an IP address of 149.245.22.22. It specifies the order as 2, the encryption key as tiger74, and the UDP port as 1811: add radiusserver ipaddress=149.245.22.
PAGE 884
Chapter 48: TACACS+ and RADIUS Commands ADD TACACSSERVER Syntax AlliedWare Plus Command Available add tacacsserver server|ipaddress=ipaddress order=value [secret=string] Parameters server or ipaddress Specifies the IP address of a TACACS+ server. The parameters are equivalent. order Specifies the order the switch queries the TACACS+ servers. The range is 1 to 3. The server assigned the order value of 1 is queried first. secret Specifies the optional encryption key used on this server.
PAGE 885
AT-S63 Management Software Command Line User’s Guide AlliedWare Plus Command Syntax tacacs-server host ipaddress order tacacs-server key secret Mode Configure mode Description These AlliedWare Plus commands are equivalent to the standard command. Examples This example adds a TACACS+ server with an IP address of 149.11.24.5, an order of 2, and an encryption key of garden124: awplus> enable awplus# configure terminal awplus(config)# tacacs-server host 149.11.24.
PAGE 886
Chapter 48: TACACS+ and RADIUS Commands DELETE RADIUSSERVER Syntax AlliedWare Plus Command Available delete radiusserver server|ipaddress=ipaddress Parameter server or ipaddress Specifies the IP address of a RADIUS server to be deleted from the management software. The parameters are equivalent. Description This command deletes the IP address of a RADIUS server from the management software. Example The following command deletes the RADIUS server with the IP address 149.245.22.
PAGE 887
AT-S63 Management Software Command Line User’s Guide DELETE TACACSSERVER Syntax AlliedWare Plus Command Available delete tacacsserver server|ipaddress=ipaddress Parameter server or ipaddress Specifies the IP address of a TACACS+ server to be deleted from the management software. The parameters are equivalent. Description This command is used to remove the IP addresses of TACACS+ servers from the switch. You can remove only one server at a time with this command.
PAGE 888
Chapter 48: TACACS+ and RADIUS Commands DISABLE AUTHENTICATION Syntax AlliedWare Plus Command Available disable authentication Parameters None. Description This command disables TACACS+ and RADIUS manager account authentication on a switch or stack. When you disable authentication you retain your current authentication parameter settings. Note This command applies only to the TACACS+ and RADIUS manager accounts.
PAGE 889
AT-S63 Management Software Command Line User’s Guide awplus(config)# line console 0 awplus(config-if)# login local Section IX: Management Security 889
PAGE 890
Chapter 48: TACACS+ and RADIUS Commands ENABLE AUTHENTICATION Syntax AlliedWare Plus Command Available enable authentication Parameters None. Description This command enables TACACS+ or RADIUS manager account authentication on a switch or stack. After you enable manager authentication, you must use the manager accounts you defined on the TACACS+ or RADIUS server to manage the device. To select an authenticator protocol, refer to “SET AUTHENTICATION” on page 893.
PAGE 891
AT-S63 Management Software Command Line User’s Guide awplus(config)# line console 0 awplus(config-if)# login remotelocal Section IX: Management Security 891
PAGE 892
Chapter 48: TACACS+ and RADIUS Commands PURGE AUTHENTICATION Syntax purge authentication Parameters None. Description This command disables authentication, returns the authentication method to TACACS+, deletes any global secret, and returns the timeout value to its default setting of 10 seconds. This command does not delete the IP addresses or secrets of any RADIUS or TACACS+ authentication servers you may have specified.
PAGE 893
AT-S63 Management Software Command Line User’s Guide SET AUTHENTICATION Syntax AlliedWare Plus Command Available set authentication method=tacacs|radius [secret=string] [timeout=value] Parameters method Specifies which authenticator protocol, TACACS+ or RADIUS, is to be the active protocol on the switch. secret Specifies the global encryption key of the TACACS+ or RADIUS servers.
PAGE 894
Chapter 48: TACACS+ and RADIUS Commands The following command selects RADIUS as the authentication protocol with a global encryption key of leopard09 and a timeout of 15 seconds: set authentication method=radius secret=leopard09 timeout=15 The following command removes the current global secret from the RADIUS client without assigning a new value: set authentication method=radius secret=none AlliedWare Plus Command Syntax To configure the RADIUS client: radius-server timeout timeout radius-server key se
PAGE 895
AT-S63 Management Software Command Line User’s Guide This example sets the RADIUS global encryption key to ‘key22a’: awplus> enable awplus# configure terminal awplus(config)# radius-server key key22a This example deletes the current RADIUS global encryption key without defining a new value: awplus> enable awplus# configure terminal awplus(config)# no radius-server key This example sets the TACACS+ timeout to 15 seconds: awplus> enable awplus# configure terminal awplus(config)# tacacs-server timeout 15 T
PAGE 896
Chapter 48: TACACS+ and RADIUS Commands SHOW AUTHENTICATION Syntax AlliedWare Plus Command Available show authentication[=tacacs|radius] Parameters None. Description This command displays the following information about the authenticated protocols:  Status - The status of your authenticated protocol: enabled or disabled.  Authentication Method - The active authentication protocol. Either TACACS+ or RADIUS protocol may be active. The TACACS+ protocol is the default.
PAGE 897
AT-S63 Management Software Command Line User’s Guide AlliedWare Plus Command Syntax To display the RADIUS client: show dot1x statistics To display the TACACS+ client: show tacacs Modes User Exec mode and Privileged Exec mode Description These AlliedWare Plus commands are equivalent to the standard command.
PAGE 898
Chapter 48: TACACS+ and RADIUS Commands 898 Section IX: Management Security
PAGE 899
Chapter 49 Management Access Control List Commands This chapter contains the following commands: Supported on: Layer 2+ Models AT-9408LC/SP AT-9424T/GB AT-9424T/SP Yes Yes Yes Basic Layer 3 Models AT-9424T AT-9424T/POE AT-9424Ts AT-9424Ts/XP AT-9448T/SP AT-9448Ts/XP Yes Yes Yes Yes Yes Yes AT-9400Ts Stacks  “ADD MGMTACL” on page 900  “CREATE MGMTACL” on page 901  “DESTROY MGMTACL” on page 903  “DISABLE MGMTACL” on page 904  “ENABLE MGMTACL” on page 905  “PURGE MGMTACL” on page 906 
PAGE 900
Chapter 49: Management Access Control List Commands ADD MGMTACL Syntax add mgmtacl id=value application=telnet|web|ping|all Parameters id Specifies the identification number of the access control entry (ACE) to be modified. The range is 1 to 256. To view the ID numbers of the existing entries, refer to “SHOW MGMTACL” on page 908. application Specifies the permitted applications of the ACE. The options are: telnet Permits Telnet management. web Permits web browser management.
PAGE 901
AT-S63 Management Software Command Line User’s Guide CREATE MGMTACL Syntax create mgmtacl id=value ipddress=ipaddress mask=string application=telnet|web|ping|all Parameters id Specifies the identification number for the new access control entry. The range is 1 to 256. Every ACE must have a unique identification number. ipaddress Specifies the IP address of a subnet or a specific management station. mask Specifies the mask used by the switch to filter the IP address.
PAGE 902
Chapter 49: Management Access Control List Commands An ACE is an implicit “permit” statement. A workstation that meets the criteria of the ACE is allowed to remotely manage the switch. The IPADDRESS parameter specifies the IP address of a specific management station or a subnet. The MASK parameter indicates the parts of the IP address the switch should filter on. A binary “1” indicates the switch should filter on the corresponding bit of the address, while a “0” indicates that it should not.
PAGE 903
AT-S63 Management Software Command Line User’s Guide DESTROY MGMTACL Syntax destroy mgmtacl id=value Parameters id Specifies the identification number of the ACE you want to delete. You can delete only one entry at a time. Description This command is used to delete ACEs from the Management ACL. You specify the ACEs by their identification numbers, displayed with “SHOW MGMTACL” on page 908.
PAGE 904
Chapter 49: Management Access Control List Commands DISABLE MGMTACL Syntax disable mgmtacl Parameters None Description This command disables the Management ACL.
PAGE 905
AT-S63 Management Software Command Line User’s Guide ENABLE MGMTACL Syntax enable mgmtacl Parameters None. Description This command activates the Management ACL. Note You will not be able to remotely manage the switch from a Telnet or web browser management session, or ping the device, if you activate the Management ACL before you enter the access control entries (ACEs).
PAGE 906
Chapter 49: Management Access Control List Commands PURGE MGMTACL Syntax purge mgmtacl Parameters None. Description This command deletes all the access control entries from the Management ACL. Note If you delete all the ACEs while remotely managing the unit from a Telnet management session, your management session will end and you will be unable to reestablish it if the Management ACL is active. To continue managing the unit, start a local management session or a remote SSH management session.
PAGE 907
AT-S63 Management Software Command Line User’s Guide SET MGMTACL Syntax set mgmtacl id=value [ipaddress=ipaddress] [mask=string] [application=telnet|web|ping|all] Parameters id The identification number of the ACE to be modified. To view the ID numbers of the ACEs, refer to “SHOW MGMTACL” on page 908. ipaddress Specifies a new IP address for the ACE. mask Specifies a new mask for the ACE. application Specifies the permitted type of remote management.
PAGE 908
Chapter 49: Management Access Control List Commands SHOW MGMTACL Syntax show mgmtacl [id=value] Parameters id Specifies the ID number of an ACE to view. Description This command displays the state of the Management ACL and ACL entries. Figure 95 is an example of the information displayed by this command. Management ACL Status ......................... Disable ID IP Address Mask Application ---------------------------------------------------------1 149.44.44.44 255.255.255.255 TELNET 2 149.55.55.0 255.
PAGE 909
Index Numerics 802.1Q multiple VLAN mode 657 802.
PAGE 910
Index displaying status and server IP addresses 763 enabling 761 BPDU guard disabling 591 displaying 605 enabling 593 BPLIMIT command (AW) 166 bridge priority Rapid Spanning Tree Protocol (RSTP) 596 Spanning Tree Protocol (STP) 578 broadcast filter 162 C cache timeout 870 certificate database 865 certificates name, changing 863 trust level, changing 863 CHANNEL-GROUP command (AW) 221 CIST priority number displaying 635 CLASS command (AW) 42, 396 Class of Service (CoS) configuring port priority settings 36
PAGE 911
AT-S63 Management Software Command Line User’s Guide DELETE GLC command 432 DELETE IP ARP command 718 DELETE IP INTERFACE command 720 DELETE IP RIP command 722 DELETE IP ROUTE command 724 DELETE LACP PORT command 224 DELETE LINK-FLAP command 246 DELETE MSTP command 616 DELETE PKI CERTIFICATE command 861 DELETE QOS FLOWGROUP command 398 DELETE QOS POLICY command 399 DELETE QOS TRAFFICCLASS command 400 DELETE RADIUSSERVER command 886 DELETE SNMP COMMUNITY command 136 DELETE SNMPV3 USER command 531 DELETE SNT
PAGE 912
Index DOT1X TIMEOUT SERVER-TIMEOUT command (AW) 818 DOT1X TIMEOUT SUPP-TIMEOUT command (AW) 818 DOT1X TIMEOUT TX-PERIOD command (AW) 818 DOWNLOAD SERIAL command (AW) 289 DOWNLOAD TFTP command (AW) 283 dynamic module ID numbers displaying 106 setting 104 E edge ports Multiple Spanning Tree Protocol (MSTP) 629 Rapid Spanning Tree Protocol (RSTP) 600 ENABLE AUTHENTICATION command 890 ENABLE BOOTP RELAY command 761 ENABLE BPDUGUARD command 593 ENABLE command (AW) 40, 781 ENABLE EPSRSNOOPING command 505 ENABLE
PAGE 913
AT-S63 Management Software Command Line User’s Guide database, displaying 677 disabling 664 displaying 673 enabling 666 GID state machines 680 GIP 679 resetting to defaults 668 setting GVRP status 669 timer, setting 671 GID state machines 680 GIP-connected ring 679 group link control adding ports to groups 428 creating groups 430 deleting groups 434 deleting ports from groups 432 disabling 436 displaying groups 438 enabling 437 GROUP LINK CONTROL command (AW) 430 GROUP LINK CONTROL UPSTREAM|DOWNSTREAM comm
PAGE 914
Index specifying 733 location, configuring 71, 85 LOG ENABLE command (AW) 316 LOG HOST command (AW) 309 LOG MONITOR FACILITY command (AW) 324 LOG MONITOR LEVEL command (AW) 324 log output adding 304 creating 306 destroying 311 disabling 313 displaying 331 enabling 316 modifying 322 LOGIN LOCAL command (AW) 888 LOGIN REMOTELOCAL command (AW) 890 LOGOFF command 57 LOGOUT command 57 LS command (AW) 273 M MAC address aging timer 198 MAC address table addresses adding 192 deleting 194, 197 displaying 201 aging
PAGE 915
AT-S63 Management Software Command Line User’s Guide NO AUTH-MAC command (AW) 819 NO AUTO-SUMMARY command (AW) 713, 737 NO CHANNEL-GROUP command (AW) 224 NO CLASS-MAP command (AW) 401 NO CLOCK SUMMER-TIME command (AW) 124 NO CRYPTO KEY PUBKEY-CHAIN KNOWNHOSTS command (AW) 850 NO DOT1X MAX-REQ command (AW) 818 NO DOT1X PIGGYBACK (AW) 818 NO DOT1X PORT-CONTROL 818 NO DOT1X PORT-CONTROL (AW) 822 NO DOT1X PORT-CONTROL command (AW) 818 NO DOT1X QUIET-PERIOD command (AW) 818 NO DOT1X REAUTHENTICATION command (AW
PAGE 916
Index PKI module information 867 PKI, resetting to defaults 862 point-to-point ports Multiple Spanning Tree Protocol (MSTP) 629 Rapid Spanning Tree Protocol (RSTP) 600 POISON-REVERSE command (AW) 713, 737 POLICY-MAP command (AW) 42, 396 port cost Multiple Spanning Tree Protocol (MSTP) 629 Rapid Spanning Tree Protocol (RSTP) 600 Spanning Tree Protocol (STP) 581 port mirror destination port, setting 238 displaying 241 setting 239 port numbers, entering 48 port priority Multiple Spanning Tree Protocol (MSTP)
PAGE 917
AT-S63 Management Software Command Line User’s Guide PURGE QOS command 364, 405 PURGE RSTP command 595 PURGE SNMPV3 ACCESS command 541 PURGE SNMPV3 COMMUNITY command 542 PURGE SNMPV3 NOTIFY command 543 PURGE SNMPV3 TARGETADDR command 544 PURGE SNMPV3 VIEW command 545 PURGE SNTP command 123 PURGE STP command 577 PURGE SWITCH PORT command 160 Q Quality of Service (QoS) restoring the default settings 405 Quality of Service (QoS) flow groups adding classifiers 374 adding, to traffic classes 376 creating 377 d
PAGE 918
Index disabling 874 displaying 879 enabling 875 SEND command (AW) 713, 737 serial terminal port settings, displaying 91 speed, setting 79 SERVICE HTTP command (AW) 837 SERVICE SSH HOSTKEY command (AW) 877 SERVICE TELNET command (AW) 68 SERVICE-POLICY ACCESS command (AW) 349, 357 SERVICE-POLICY INPUT command (AW) 390 SET ACL command 356 SET ASYN command 79 SET AUTHENTICATION command 893 SET BANDWIDTH command (AW) 396 SET BURSTSIZE command (AW) 396 SET CLASSIFIER command 342 SET CONFIG command 266 SET DATE T
PAGE 919
AT-S63 Management Software Command Line User’s Guide SHOW ACCESS-LIST command (AW) 346, 360 SHOW ACL command 359 SHOW ARP command (AW) 742 SHOW ASYN command 91 SHOW AUTHENTICATION command 896 SHOW AUTH-MAC INTERFACE command (AW) 827, 830 SHOW BOOT command (AW) 271 SHOW BOOTP RELAY command 763 SHOW BPDUGUARD command 605 SHOW CLASSIFIER command 345 SHOW CLASS-MAP command (AW) 420 SHOW CLOCK command (AW) 102, 128 SHOW CONFIG command 270 SHOW CONFIG DYNAMIC command 92 SHOW CONFIG INFO command 95 SHOW CRYPTO KE
PAGE 920
Index SHOW SPANNING-TREE MST CONFIG command (AW) 638 SHOW SPANNING-TREE MST DETAIL command (AW) 638 SHOW SPANNING-TREE MST INSTANCE command (AW) 638 SHOW SSH command 879 SHOW SSH SERVER command (AW) 879 SHOW SSL command 871 SHOW STACK command 106 SHOW STACK command (AW) 108 SHOW STATIC-CHANNEL-GROUP command (AW) 218 SHOW STATISTICS command (AW) 190 SHOW STP command 586 SHOW SWITCH AGINGTIMER|AGEINGTIMER command 200 SHOW SWITCH FDB command 201 SHOW SWITCH MIRROR command 241 SHOW SWITCH MODULE command 96 SHO
PAGE 921
AT-S63 Management Software Command Line User’s Guide SPANNING-TREE LINK-TYPE command (AW) 602, 633 SPANNING-TREE LOOP-GUARD command (AW) 602 SPANNING-TREE MAX-AGE command (AW) 580, 598 SPANNING-TREE MODE MSTP command (AW) 612 SPANNING-TREE MODE RSTP command (AW) 590 SPANNING-TREE MODE STP command (AW) 574 SPANNING-TREE MST CONFIGURATION command (AW) 42 SPANNING-TREE MSTP ENABLE command (AW) 619 SPANNING-TREE PATH-COST command (AW) 582, 602, 633 SPANNING-TREE PRIORITY command (AW) 580, 582, 598, 602, 633 SP
PAGE 922
Index VLAN. See 802.