Owner manual

ManualsBrandsAllied Telesis ManualsComputer HardwareAT-S63

Table Of Contents

613-50571-00 Rev. D

Management

Software

AT-S63

◆

Command Line Interface

User’s Guide

AT-9400 Series Layer 2+ Gigabit Ethernet Switches

Version 1.3.0

Summary of content (680 pages)

PAGE 1
Management Software AT-S63 ◆ Command Line Interface User’s Guide AT-9400 Series Layer 2+ Gigabit Ethernet Switches Version 1.3.0 613-50571-00 Rev.
PAGE 2
Copyright © 2005 Allied Telesyn, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn, Inc. Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. Netscape Navigator is a registered trademark of Netscape Communications Corporation. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners. Allied Telesyn, Inc.
PAGE 3
Contents Preface ............................................................................................................................................................ 15 How This Guide is Organized........................................................................................................................... 16 Document Conventions ....................................................................................................................................
PAGE 4
Contents RESTART SWITCH .......................................................................................................................................... 55 SET ASYN ........................................................................................................................................................ 57 SET IP INTERFACE ......................................................................................................................................... 58 SET IP ROUTE .........
PAGE 5
AT-S63 Management Software Command Line Interface User’s Guide ENABLE SWITCH PORT FLOW.................................................................................................................... 128 PURGE SWITCH PORT................................................................................................................................. 129 RESET SWITCH PORT .................................................................................................................................
PAGE 6
Contents Section II: Advanced Operations ...........................................................................207 Chapter 14: File System Commands ..........................................................................................................209 COPY ..............................................................................................................................................................210 CREATE CONFIG ...................................................................
PAGE 7
AT-S63 Management Software Command Line Interface User’s Guide Chapter 19: Class of Service (CoS) Commands ....................................................................................... 299 MAP QOS COSP............................................................................................................................................ 300 PURGE QOS..................................................................................................................................................
PAGE 8
Contents Chapter 24: RRP Snooping Commands .....................................................................................................389 DISABLE RRPSNOOPING .............................................................................................................................390 ENABLE RRPSNOOPING ..............................................................................................................................391 SHOW RRPSNOOPING ................................................
PAGE 9
AT-S63 Management Software Command Line Interface User’s Guide Section V: Spanning Tree Protocols ...................................................................... 459 Chapter 26: Spanning Tree Protocol Commands ..................................................................................... 461 ACTIVATE STP .............................................................................................................................................. 462 DISABLE STP ................................
PAGE 10
Contents SHOW GARP..................................................................................................................................................540 SHOW GARP COUNTER ...............................................................................................................................541 SHOW GARP DATABASE .............................................................................................................................543 SHOW GARP GIP ................................
PAGE 11
AT-S63 Management Software Command Line Interface User’s Guide Chapter 37: Public Key Infrastructure (PKI) Certificate Commands ...................................................... 621 ADD PKI CERTIFICATE................................................................................................................................. 622 CREATE PKI CERTIFICATE..........................................................................................................................
PAGE 12
Contents 12
PAGE 13
Tables Table 1. New Features in AT-S63 Version 1.3.0 .................................................................................................................20 Table 2. New Features in AT-S63 Version 1.2.0 .................................................................................................................21 Table 3. Module Variable .....................................................................................................................................................
PAGE 14
Tables 14
PAGE 15
Preface This guide contains instructions on how to configure and maintain an AT-9400 Series Layer 2+ Gigabit Ethernet switch using the command line interface in the AT-S63 management software. For instructions on how to manage the switch from the menus or web browser interface, refer to the AT-S63 Management Software Menus Interface User’s Guide or the AT-S63 Management Software Web Browser Interface User’s Guide. The guides are available from the Allied Telesyn web site.
PAGE 16
Preface How This Guide is Organized This guide is organized into the following sections Section I: Basic Operations The chapters in this section contain the commands for performing a variety of basic operations, such as configuring a switch’s IP configuration, setting port parameters, and using enhanced stacking.
PAGE 17
AT-S63 Management Software Command Line Interface User’s Guide Document Conventions This document uses the following conventions: Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
PAGE 18
Preface Where to Find Web-based Guides The installation and user guides for all Allied Telesyn products are available in portable document format (PDF) on our web site at www.alliedtelesyn.com. You can view the documents online or download them onto a local workstation or server.
PAGE 19
AT-S63 Management Software Command Line Interface User’s Guide Contacting Allied Telesyn This section provides Allied Telesyn contact information for technical support as well as sales and corporate information. Online Support You can request technical support online by accessing the Allied Telesyn Knowledge Base: http://kb.alliedtelesyn.com. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
PAGE 20
Preface New Features History AT-S63 Version 1.3.0 Table 1 lists the new features in version 1.3.0 of the AT-S63 management software. Table 1. New Features in AT-S63 Version 1.3.0 Change Chapter and Command Basic Switch Commands Modified the SHOW CONFIG DYN command to display the parameter settings of individual switch modules. Chapter 3, “Basic Switch Commands” on page 41 Modified command: “SHOW CONFIG DYNAMIC” on page 68 802.
PAGE 21
AT-S63 Management Software Command Line Interface User’s Guide AT-S63 Version 1.2.0 Table 2 lists the new features in version 1.2.0 of the AT-S63 management software. Table 2. New Features in AT-S63 Version 1.2.0 Change Chapter and Command MAC Address Table Added new parameters to the CLI commands for deleting and displaying specific types of MAC addresses in the MAC address table.
PAGE 22
Preface Table 2. New Features in AT-S63 Version 1.2.0 (Continued) Change Chapter and Command Quality of Service - Policies Added the following parameters to the commands for creating and modifying QoS policies: TOS, MOVETOSTOPRIORITY and MOVEPRIORITYTOTOS, as defined above. SENDTOMIRROR parameter for copying traffic to a destination mirror port. (This parameter applies only to QoS policies.
PAGE 23
Section I Basic Operations The chapters in this section provide information and procedures for basic switch setup using the AT-S63 management software.
PAGE 24
Section I: Basic Operations
PAGE 25
Chapter 1 Starting a Command Line Management Session This chapter contains the following topics: “Starting a Command Line Management Session” on page 26 “Command Line Interface Features” on page 27 “Command Formatting” on page 28 “Ports 23R and 24R on the AT-9424T/GB, AT-9424T/SP, and AT-9424Ti/SP Series Switches” on page 29 25
PAGE 26
Chapter 1: Starting a Command Line Management Session Starting a Command Line Management Session The command line interface is supported from a local, Telnet, or SSH management session of an AT-9400 Series switch. For instructions on how to start a local or remote management session, refer to the AT-S63 Management Software Menus Interface User’s Guide. The default management interface when you start a session is the command line interface (CLI).
PAGE 27
AT-S63 Management Software Command Line Interface User’s Guide Command Line Interface Features The following features are supported in the command line interface: Section I: Basic Operations Command history - Use the up and down arrow keys. Context-specific help - Press the question mark key at any time to see a list of legal next parameters. Keyword abbreviations - Any keyword can be recognized by typing an unambiguous prefix, for example, “sh” for “show”.
PAGE 28
Chapter 1: Starting a Command Line Management Session Command Formatting The following formatting conventions are used in this manual: screen text font - This font illustrates the format of a command and command examples. 28 screen text font - Italicized screen text indicates a variable for you to enter. [ ] - Brackets indicate optional parameters. | - Vertical line separates parameter options for you to choose from.
PAGE 29
AT-S63 Management Software Command Line Interface User’s Guide Ports 23R and 24R on the AT-9424T/GB, AT-9424T/SP, and AT-9424Ti/SP Series Switches This section applies to the twisted pair ports 23R and 24R and the SFP and GBIC slots on the AT-9424T/GB, AT-9424T/SP, and AT-9424Ti/SP Series switches. Note the following when configuring these ports: Twisted pair ports 23R and 24R change to the redundant status mode when an SFP or GBIC module is installed and establishes a link with its end node.
PAGE 30
Chapter 1: Starting a Command Line Management Session 30 Section I: Basic Operations
PAGE 31
Chapter 2 Basic Command Line Commands This chapter contains the following commands: “CLEAR SCREEN” on page 32 “EXIT” on page 33 “HELP” on page 34 “LOGOFF, LOGOUT and QUIT” on page 35 “MENU” on page 36 “SAVE CONFIGURATION” on page 37 “SET PROMPT” on page 38 “SET SWITCH CONSOLEMODE” on page 39 “SHOW USER” on page 40 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 32
Chapter 2: Basic Command Line Commands CLEAR SCREEN Syntax clear screen Parameters None. Description This command clears the screen.
PAGE 33
AT-S63 Management Software Command Line Interface User’s Guide EXIT Syntax exit Parameters None. Description This command ends a management session. If you are managing a slave switch, the command returns you to the master switch from where you started the management session. Example The following command ends the current management session: exit Equivalent Commands logoff logout quit For information, see “LOGOFF, LOGOUT and QUIT” on page 35.
PAGE 34
Chapter 2: Basic Command Line Commands HELP Syntax help Parameters None. Description This command displays a list of the CLI keywords with a brief description for each keyword.
PAGE 35
AT-S63 Management Software Command Line Interface User’s Guide LOGOFF, LOGOUT and QUIT Syntax logoff logout quit Parameters None. Description These three commands all perform the same function: they end a management session. If you are managing a slave switch, the commands return you to the master switch from which you started the management session.
PAGE 36
Chapter 2: Basic Command Line Commands MENU Syntax menu Parameters None. Description This command displays the AT-S63 Main Menu. For instructions on how to use the menus, refer to the AT-S63 Management Software Menus Interface User’s Guide. Example The following command displays the AT-S63 Main Menu: menu Equivalent Command exit For information, see “EXIT” on page 33.
PAGE 37
AT-S63 Management Software Command Line Interface User’s Guide SAVE CONFIGURATION Syntax save configuration Parameters None. Description This command saves your changes to the switch’s active boot configuration file for permanent storage. Whenever you make a change to an operating parameter of the switch, such as enter a new IP address or create a new VLAN, the change is stored in temporary memory. It will be lost the next time you reset the switch or power cycle the unit.
PAGE 38
Chapter 2: Basic Command Line Commands SET PROMPT Syntax set prompt="prompt" Parameter prompt Specifies the command line prompt. The prompt can be from one to 12 alphanumeric characters. Spaces and special characters are allowed. The prompt must be enclosed in quotes. Description This command changes the command prompt. Assigning each switch a different command prompt can make it easier for you to identify the different switches in your network when you manage them.
PAGE 39
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH CONSOLEMODE Syntax set switch consolemode=menu|cli Parameter consolemode Specifies the mode you want management sessions to start in. Options are: menu Specifies the AT-S63 Main Menu. cli Specifies the command line prompt. This is the default. Description You use this command to specify whether you want your management sessions to start by displaying the command line interface (CLI) or the AT-S63 Main Menu.
PAGE 40
Chapter 2: Basic Command Line Commands SHOW USER Syntax show user Parameter None. Description Displays the user account you used to log on to manage the switch.
PAGE 41
Chapter 3 Basic Switch Commands This chapter contains the following commands: “DISABLE DHCPBOOTP” on page 43 “DISABLE IP REMOTEASSIGN” on page 44 “DISABLE TELNET” on page 45 “ENABLE BOOTP” on page 46 “ENABLE DHCP” on page 47 “ENABLE IP REMOTEASSIGN” on page 48 “ENABLE TELNET” on page 49 “PING” on page 50 “PURGE IP” on page 51 “RESET SWITCH” on page 52 “RESET SYSTEM” on page 53 “RESTART REBOOT” on page 54 “RESTART SWITCH” on page 55 “SET ASYN” on page
PAGE 42
Chapter 3: Basic Switch Commands “SHOW SYSTEM” on page 79 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 43
AT-S63 Management Software Command Line Interface User’s Guide DISABLE DHCPBOOTP Syntax disable dhcpbootp Parameters None. Description This command deactivates the DHCP and BOOTP client software on the switch. The default setting for the DHCP and BOOTP client software is disabled. To activate the DHCP or BOOTP client software, refer to “ENABLE BOOTP” on page 46, “ENABLE DHCP” on page 47, “ENABLE IP REMOTEASSIGN” on page 48, or “SET IP INTERFACE” on page 58.
PAGE 44
Chapter 3: Basic Switch Commands DISABLE IP REMOTEASSIGN Syntax disable ip remoteassign Parameters None. Description This command deactivates the DHCP and BOOTP client software on the switch. The default setting for the DHCP and BOOTP client software is disabled. To activate the DHCP or BOOTP client software, refer to “ENABLE BOOTP” on page 46, “ENABLE DHCP” on page 47, “ENABLE IP REMOTEASSIGN” on page 48, or “SET IP INTERFACE” on page 58.
PAGE 45
AT-S63 Management Software Command Line Interface User’s Guide DISABLE TELNET Syntax disable telnet Parameters None. Description This command disables the Telnet server software on the switch. You can disable the server software if you do not want anyone to manage the switch using the Telnet application protocol or if you plan to use the Secure Shell protocol. The default setting for the Telnet server is enabled.
PAGE 46
Chapter 3: Basic Switch Commands ENABLE BOOTP Syntax enable bootp Parameters None. Description This command activates the BOOTP client software on the switch. The default setting for the BOOTP client software is disabled. When activating the BOOTP client software, note the following: The switch immediately begins to query the network for a BOOTP server after the command is entered. The switch continues to query the network for its IP configuration until it receives a response.
PAGE 47
AT-S63 Management Software Command Line Interface User’s Guide ENABLE DHCP Syntax enable dhcp Parameters None. Description This command activates the DHCP client software on the switch. The default setting for the DHCP client software is disabled. When activating the DHCP client software, note the following: The switch immediately begins to query the network for a DHCP server after the command is entered. The switch continues to query the network for its IP configuration until it receives a response.
PAGE 48
Chapter 3: Basic Switch Commands ENABLE IP REMOTEASSIGN Syntax enable ip remoteassign Parameters None. Description This command activates the DHCP client software on the switch. The default setting for the DHCP client software is disabled. When activating the DHCP client software, note the following: The switch immediately begins to query the network for a DHCP server after the command is entered. The switch continues to query the network for its IP configuration until it receives a response.
PAGE 49
AT-S63 Management Software Command Line Interface User’s Guide ENABLE TELNET Syntax enable telnet Parameters None. Description This command activates the Telnet server on the switch. With the server activated, you can manage the switch using the Telnet application protocol from any management station on your network. To disable the server, refer to “DISABLE TELNET” on page 45. The default setting for the Telnet server is enabled.
PAGE 50
Chapter 3: Basic Switch Commands PING Syntax ping ipaddress Parameter ipaddress Specifies the IP address of an end node you want the switch to ping. Description This command instructs the switch to ping an end node. You can use this command to determine whether a valid link exists between the switch and another device. Note The switch must have an IP address and subnet mask for this command. Example The following command pings an end node with the IP address of 149.245.22.22 ping 149.245.22.
PAGE 51
AT-S63 Management Software Command Line Interface User’s Guide PURGE IP Syntax purge ip [ipaddress] [netmask] [route] Parameters ipaddress Returns the switch’s IP address to the default setting 0.0.0.0. netmask Returns the subnet mask to the default setting 0.0.0.0. route Returns the gateway address to the default setting 0.0.0.0. Description This command returns the switch’s IP address, subnet mask, and default gateway address to the default settings.
PAGE 52
Chapter 3: Basic Switch Commands RESET SWITCH Syntax reset switch Parameters None. Description This command does the following: Performs a soft reset on all ports. The reset takes less than a second to complete. The ports retain their current operating parameter settings. To perform this function on a per-port basis, refer to “RESET SWITCH PORT” on page 130. Resets the statistics counters for all ports to zero.
PAGE 53
AT-S63 Management Software Command Line Interface User’s Guide RESET SYSTEM Syntax reset system [name] [contact] [location] Parameters name Deletes the switch’s name. contact Deletes the switch’s contact. location Deletes the switch’s location. Description This command delete’s the switch’s name, the name of the network administrator responsible for managing the unit, and the location of the unit. To set these parameters, refer to “SET SYSTEM” on page 64.
PAGE 54
Chapter 3: Basic Switch Commands RESTART REBOOT Syntax restart reboot Parameters None. Description This command resets the switch. The switch runs its internal diagnostics, loads the AT-S63 management software, and configures its parameter settings using the active boot configuration file. The reset can take from 20 seconds to two minutes to complete, depending on the number and complexity of the commands in the active boot configuration file. The switch does not forward traffic during the reset process.
PAGE 55
AT-S63 Management Software Command Line Interface User’s Guide RESTART SWITCH Syntax restart switch config=none|filename.cfg Parameters config Specifies the configuration file. The file must already exist on the switch. The NONE option returns the switch to its default values. Description This command loads a different configuration file on the switch or returns the switch’s parameter settings to their default values. This command can also be used to reset the switch.
PAGE 56
Chapter 3: Basic Switch Commands Note For a list of default values, refer to Appendix A, “AT-S63 Default Settings” in the AT-S63 Management Software Menus Interface User’s Guide. This command does not change the assignment of the active boot configuration file, the configuration file the switch uses the next time it is reset. If you reset or power cycle the switch, the switch uses the previous configuration. To change the active boot configuration file, refer to “SET CONFIG” on page 219.
PAGE 57
AT-S63 Management Software Command Line Interface User’s Guide SET ASYN Syntax set asyn [speed=1200|2400|4800|9600|19200|38400| 57600|115200] [prompt=”prompt”] Parameters speed Sets the speed (baud rate) of the serial terminal port on the switch. The default is 9600 bps. prompt Specifies the command line prompt. The prompt can be from one to 12 alphanumeric characters. Spaces and special characters are allowed. The prompt must be enclosed in double quotes.
PAGE 58
Chapter 3: Basic Switch Commands SET IP INTERFACE Syntax set ip interface=eth0 ipaddress=ipaddress|bootp|dhcp mask|netmask=subnetmask Parameters interface Specifies the interface number. This value is always eth0. ipaddress Specifies an IP address for the switch or activates the BOOTP or DHCP client software. mask or netmask Specifies the subnet mask for the switch. You must specify a subnet mask when you manually assign the switch an IP address. These parameters are equivalent. The default is 0.0.0.
PAGE 59
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command sets the switch’s IP address to 140.35.22.22 and the subnet mask to 255.255.255.0: set ip interface=eth0 ipaddress=140.35.22.22 netmask=255.255.255.0 The following command sets just the subnet mask: set ip interface=eth0 netmask=255.255.255.
PAGE 60
Chapter 3: Basic Switch Commands SET IP ROUTE Syntax set ip route ipaddress=ipaddress Parameter ipaddress Specifies the IP address of the default gateway for the switch. Description This command specifies the IP address of the default gateway for the switch. This IP address is required if you intend to remotely manage the device from a remote management station that is separated from the unit by a router. To display the current gateway address, refer to “SHOW IP INTERFACE” on page 74.
PAGE 61
AT-S63 Management Software Command Line Interface User’s Guide SET PASSWORD MANAGER Syntax set password manager Parameters None. Description This command sets the manager’s password. The manager account allows you to view and change all switch parameters. The default password is “friend.” The password can be from 0 to 16 alphanumeric characters.
PAGE 62
Chapter 3: Basic Switch Commands SET PASSWORD OPERATOR Syntax set password operator Parameters None. Description This command sets the operator’s password. Logging in as operator allows you to only view the switch parameters. The default password is “operator.” The password can be from 0 to 16 alphanumeric characters. Allied Telesyn recommends that you avoid special characters, such as spaces, asterisks, or exclamation points because some web browsers do not accept them in passwords.
PAGE 63
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH CONSOLETIMER Syntax set switch consoletimer=value Parameter consoletimer Specifies the console timer in minutes. The range is 1 to 60 minutes. The default is 10 minutes. Description This command sets the console timer, which is used by the management software to end inactive management sessions.
PAGE 64
Chapter 3: Basic Switch Commands SET SYSTEM Syntax set system [name="name"] [contact="contact"] [location="location"] Parameters name Specifies the name of the switch. The name can be from 1 to 39 alphanumeric characters in length and must be enclosed in double quotes (“ “). Spaces are allowed. contact Specifies the name of the network administrator responsible for managing the switch. The contact can be from 1 to 39 alphanumeric characters in length and must be enclosed in double quotes.
PAGE 65
AT-S63 Management Software Command Line Interface User’s Guide SET TELNET INSERTNULL Syntax set telnet insertnull=on|off Parameters insertnull Controls whether a NULL character is inserted after each CR sent by the Telnet server to the remote client. Options are: on Sends a NULL character after each CR sent to the remote client. off Specifies that no NULL character is sent to the remote client. This is the default setting.
PAGE 66
Chapter 3: Basic Switch Commands SET USER PASSWORD Syntax set user manager|operator password=password Parameter password Specifies the password. Description This command sets the manager or operator’s password. The default manager password is “friend.” The default operator password is “operator.” The password can be from 0 to 16 alphanumeric characters.
PAGE 67
AT-S63 Management Software Command Line Interface User’s Guide SHOW ASYN Syntax show asyn Parameters None. Description This command displays the settings for the serial terminal port on the switch, used for local management of the device. An example of the display is shown in Figure 1. Asynchronous Port (Console) Information: Baud Rate ................................. Parity .................................... Data bits ................................. Stop bits .................................
PAGE 68
Chapter 3: Basic Switch Commands SHOW CONFIG DYNAMIC Syntax show config dynamic[=module] Parameters module Displays the settings of a particular switch module. You can specify only one module at a time. For a list of modules, refer to Table 3. Description This command displays the settings of the switch parameters that have been changed from their default values, including those not yet saved to the active boot configuration file. The parameters are displayed in their command line command equivalents.
PAGE 69
AT-S63 Management Software Command Line Interface User’s Guide Table 3.
PAGE 70
Chapter 3: Basic Switch Commands Table 3.
PAGE 71
AT-S63 Management Software Command Line Interface User’s Guide SHOW CONFIG INFO Syntax show config info Parameters None. Description This command displays the settings of all the switch parameters, including those not yet saved to the active boot configuration file.
PAGE 72
Chapter 3: Basic Switch Commands SHOW DHCPBOOTP Syntax show dhcpbootp Parameters None. Description This command displays the status of the DHCP and BOOTP client software on the switch. If neither is activated on the switch, the command displays the message in Figure 3. DHCP/BOOTP Information: Status ............................... DISABLE Figure 3. SHOW DHCPBOOTP Command If DHCP is activated, the command displays the prompt in Figure 4. DHCP/BOOTP Information: Status ...............................
PAGE 73
AT-S63 Management Software Command Line Interface User’s Guide Example The following command displays the status of the DHCP and BOOTP client software: show dhcpbootp Section I: Basic Operations 73
PAGE 74
Chapter 3: Basic Switch Commands SHOW IP INTERFACE Syntax show ip interface=eth0 Parameter interface Specifies the switch’s interface number. This value is always eth0. Description This command displays the IP address, subnet mask, and default gateway address of the switch. Figure 6 is an example of the information displayed by this command. IP Interface Information: IP Address ........................... 149.44.44.44 Net Mask ............................. 255.255.255.0 Default Route ...................
PAGE 75
AT-S63 Management Software Command Line Interface User’s Guide SHOW IP ROUTE Syntax show ip route Parameters None. Description This command displays the switch’s default gateway address. To manually set the default gateway address, refer to “SET IP ROUTE” on page 60.
PAGE 76
Chapter 3: Basic Switch Commands SHOW SWITCH Syntax show switch Parameters None. Description This command displays a variety of switch parameters. An example of the display is shown in Figure 7. Switch Information: Application Software Version ......... Application Software Build Date ...... Bootloader Version ................... Bootloader Build Date ................ MAC Address .......................... VLAN Mode ............................ Management VLAN ...................... Ingress Filtering ...
PAGE 77
AT-S63 Management Software Command Line Interface User’s Guide VLAN mode - The switch’s VLAN mode. The three possible VLAN modes are: User configured (for creating your own port-based and tagged VLANs) 802.1Q-compliant Non-802.1Q-compliant. The default is user configured. To set a switch’s VLAN mode, refer to “SET SWITCH VLANMODE” on page 526. Section I: Basic Operations Management VLAN - The ID number of the management VLAN.
PAGE 78
Chapter 3: Basic Switch Commands To enable or disable the server, refer to “ENABLE HTTP SERVER” on page 605 and “DISABLE HTTP SERVER” on page 604. Telnet server status - The status of the Telnet server. When the Telnet server is disabled, you cannot remotely manage the switch using the Telnet application protocol. The default setting is enabled. To enable or disable the server, refer to “ENABLE TELNET” on page 49 and “DISABLE TELNET” on page 45.
PAGE 79
AT-S63 Management Software Command Line Interface User’s Guide SHOW SYSTEM Syntax show system Parameters None.
PAGE 80
Chapter 3: Basic Switch Commands For instructions on how to set the name, contact, and location of the switch, see “SET SYSTEM” on page 64.
PAGE 81
Chapter 4 Enhanced Stacking Commands This chapter contains the following commands: “ACCESS SWITCH” on page 82 “SET SWITCH STACKMODE” on page 84 “SHOW REMOTELIST” on page 86 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on this feature, refer to Chapter 4, “Enhanced Stacking” in the AT-S63 Management Software Menus Interface User’s Guide.
PAGE 82
Chapter 4: Enhanced Stacking Commands ACCESS SWITCH Syntax access switch number=number|macaddress=macaddress Parameters number Specifies the number of the switch in an enhanced stack that you want to manage. You view this number using the SHOW REMOTELIST command. macaddress Specifies the MAC address of the switch you want to manage. This can also be displayed using the SHOW REMOTELIST command.
PAGE 83
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command starts a management session on switch number 12: access switch number=12 The following command starts a management session on a switch with the MAC address 00:30:84:52:02:11 access switch macaddress=003084520211 Section I: Basic Operations 83
PAGE 84
Chapter 4: Enhanced Stacking Commands SET SWITCH STACKMODE Syntax set switch stackmode=master|slave|unavailable Parameter stackmode Specifies the enhanced stacking mode of the switch. The options are: master Specifies the switch’s stacking mode as master. A master switch must be assigned an IP address and subnet mask. slave Specifies the switch’s stacking mode as slave. A slave does not need an IP address. This is the default setting for a switch.
PAGE 85
AT-S63 Management Software Command Line Interface User’s Guide Example The following command sets the switch’s stacking status to master: set switch stackmode=master Section I: Basic Operations 85
PAGE 86
Chapter 4: Enhanced Stacking Commands SHOW REMOTELIST Syntax show remotelist [sorted by=macaddress|name] Parameter sorted Sorts the list either by MAC address or by name. The default is by MAC address. Description This command displays the list of switches in an enhanced stack. The list does not include the master switch where you started the management session or switches with a stacking status of unavailable.
PAGE 87
AT-S63 Management Software Command Line Interface User’s Guide The following command displays the switches sorted by name: show remotelist sorted by=name Section I: Basic Operations 87
PAGE 88
Chapter 4: Enhanced Stacking Commands 88 Section I: Basic Operations
PAGE 89
Chapter 5 Simple Network Time Protocol (SNTP) Commands This chapter contains the following commands: “ADD SNTPSERVER PEER|IPADDRESS” on page 90 “DELETE SNTPSERVER PEER|IPADDRESS” on page 91 “DISABLE SNTP” on page 92 “ENABLE SNTP” on page 93 “PURGE SNTP” on page 94 “SET DATE” on page 95 “SET SNTP” on page 96 “SET TIME” on page 97 “SHOW SNTP” on page 98 “SHOW TIME” on page 100 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 90
Chapter 5: Simple Network Time Protocol (SNTP) Commands ADD SNTPSERVER PEER|IPADDRESS Syntax add sntpserver peer|ipaddress=ipaddress Parameter peer or ipaddress Specifies the IP address of an SNTP server. These parameters are equivalent. Description This command adds the IP address of an SNTP server to the SNTP client software on the switch. The switch uses the SNTP server to set its date and time. If an IP address has already been assigned, the new address overwrites the old address.
PAGE 91
AT-S63 Management Software Command Line Interface User’s Guide DELETE SNTPSERVER PEER|IPADDRESS Syntax delete sntpserver peer|ipaddress=ipaddress Parameter peer or ipaddress Specifies the IP address of an SNTP server. The parameters are equivalent. Description This command deletes the IP address of the SNTP server from the SNTP client software on the switch and returns the parameter to the default value of 0.0.0.0. To view the IP address, refer to “SHOW SNTP” on page 98.
PAGE 92
Chapter 5: Simple Network Time Protocol (SNTP) Commands DISABLE SNTP Syntax disable sntp Parameters None. Description This command disables the SNTP client software on the switch. The default setting for SNTP is disabled.
PAGE 93
AT-S63 Management Software Command Line Interface User’s Guide ENABLE SNTP Syntax enable sntp Parameters None. Description This command enables the SNTP client software on the switch. The default setting for SNTP is disabled. With SNTP enabled, the switch will obtain its date and time from an SNTP server, assuming that you have specified a server IP address with “ADD SNTPSERVER PEER|IPADDRESS” on page 90.
PAGE 94
Chapter 5: Simple Network Time Protocol (SNTP) Commands PURGE SNTP Syntax purge sntp Parameters None. Description This command clears the SNTP configuration and disables the SNTP server. To disable SNTP and retain the configuration, see “DISABLE SNTP” on page 92.
PAGE 95
AT-S63 Management Software Command Line Interface User’s Guide SET DATE Syntax set date=dd-mm-yyyy Parameter date Specifies the date for the switch in day-month-year format. Description This command sets the date on the switch. You can use this command to set the switch’s date if you are not using an SNTP server. The AT-9400 Series switch has an onboard battery that maintains the date even when the unit is powered off or reset.
PAGE 96
Chapter 5: Simple Network Time Protocol (SNTP) Commands SET SNTP Syntax set sntp [dst=enabled|disabled] [pollinterval=value] [utcoffset=value] Parameters dst Enables or disables daylight savings time. pollinterval Specifies the time interval between two successive queries to the SNTP server. The range is 60 to 1200 seconds. The default is 600 seconds. utcoffset Specifies the time difference in hours between UTC and local time. The range is -12 to +12 hours. The default is 0 hours.
PAGE 97
AT-S63 Management Software Command Line Interface User’s Guide SET TIME Syntax set time=hh:mm:ss Parameter time Specifies the hour, minute, and second for the switch’s time in 24-hour format. Description This command sets the time on the switch. You can use this command to set the switch’s time if you are not using an SNTP server. The AT-9400 Series switch has an onboard battery that maintains the time even when the unit is powered off or reset.
PAGE 98
Chapter 5: Simple Network Time Protocol (SNTP) Commands SHOW SNTP Syntax show sntp Parameters None. Description This command displays the current settings for the client SNTP software on the switch. An example of the display is shown in Figure 9. SNTP Configuration: Status ........................ Server ........................ UTC Offset .................... Daylight Savings Time (DST) ... Poll Interval ................. Last Delta .................... Disabled 0.0.0.
PAGE 99
AT-S63 Management Software Command Line Interface User’s Guide Example The following command displays SNTP client software information: show sntp Section I: Basic Operations 99
PAGE 100
Chapter 5: Simple Network Time Protocol (SNTP) Commands SHOW TIME Syntax show time Parameters None. Description This command shows the system’s current date and time. Example The following command shows the system’s date and time.
PAGE 101
Chapter 6 SNMPv2 and SNMPv2c Commands This chapter contains the following commands: “ADD SNMP COMMUNITY” on page 102 “CREATE SNMP COMMUNITY” on page 104 “DELETE SNMP COMMUNITY” on page 107 “DESTROY SNMP COMMUNITY” on page 109 “DISABLE SNMP” on page 110 “DISABLE SNMP AUTHENTICATETRAP” on page 111 “DISABLE SNMP COMMUNITY” on page 112 “ENABLE SNMP” on page 113 “ENABLE SNMP AUTHENTICATETRAP” on page 114 “ENABLE SNMP COMMUNITY” on page 115 “SET SNMP COMMUNITY” on page
PAGE 102
Chapter 6: SNMPv2 and SNMPv2c Commands ADD SNMP COMMUNITY Syntax add snmp community="community" [traphost=ipaddress] [manager=ipaddress] Parameters community Specifies an existing SNMP community string on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or special character such as an exclamation point. Otherwise, the quotes are optional. traphost Specifies the IP address of a trap receiver.
PAGE 103
AT-S63 Management Software Command Line Interface User’s Guide The following command adds the IP address 149.212.10.11 as a trap receiver to the “public” community string: add snmp community=public traphost=149.212.10.
PAGE 104
Chapter 6: SNMPv2 and SNMPv2c Commands CREATE SNMP COMMUNITY Syntax create snmp community="community" [access=read|write] [open=yes|no|on|off|true|false] [traphost=ipaddress] [manager=ipaddress] Parameters community Specifies a new community string. The maximum length of a community string is 15 alphanumeric characters. Spaces are allowed. The name must be enclosed in double quotes if it includes a space or other special character such as an exclamation point. Otherwise, the quotes are optional.
PAGE 105
AT-S63 Management Software Command Line Interface User’s Guide Description This command creates a new SNMP community string on the switch. The switch comes with two default community strings, “public,” with an access of read only, and “private,” with an access level of read and write. A switch can support up to eight community strings. The COMMUNITY parameter specifies the new community string. The string can be up to 15 alphanumeric characters. The string is case sensitive.
PAGE 106
Chapter 6: SNMPv2 and SNMPv2c Commands station that will use the string: create snmp community=wind11 access=write open=no manager=149.35.24.22 (The OPEN=NO parameter can be omitted from the example because closed status is the default for a new community string.) This command creates a community string called “serv12” with a closed status.
PAGE 107
AT-S63 Management Software Command Line Interface User’s Guide DELETE SNMP COMMUNITY Syntax delete snmp community=”community” traphost=ipaddress manager=ipaddress Parameters community Specifies the SNMP community string on the switch to be modified. The community string must already exist on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or special character, such as an exclamation point. Otherwise, the quotes are optional.
PAGE 108
Chapter 6: SNMPv2 and SNMPv2c Commands The following command deletes the IP address 149.212.44.45 of a trap receiver from the community string “public.” delete snmp community=public traphost=149.212.44.
PAGE 109
AT-S63 Management Software Command Line Interface User’s Guide DESTROY SNMP COMMUNITY Syntax destroy snmp community="community" Parameter community Specifies an SNMP community string to delete from the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or special character, such as an exclamation point. Otherwise, the quotes are optional. Description This command deletes an SNMP community string from the switch.
PAGE 110
Chapter 6: SNMPv2 and SNMPv2c Commands DISABLE SNMP Syntax disable snmp Parameters None. Description This command disables SNMP on the switch. You cannot manage the unit from an SNMP management station when SNMP is disabled. The default setting for SNMP is disabled.
PAGE 111
AT-S63 Management Software Command Line Interface User’s Guide DISABLE SNMP AUTHENTICATETRAP Syntax disable snmp authenticatetrap|authenticate_trap Parameters None. Description This command stops the switch from sending authentication failure traps to trap receivers. However, the switch will continue to send other system traps, such as alarm traps. The default setting for sending authentication failure traps is disabled. The AUTHENTICATETRAP and AUTHENTICATE_TRAP keywords are equivalent.
PAGE 112
Chapter 6: SNMPv2 and SNMPv2c Commands DISABLE SNMP COMMUNITY Syntax disable snmp community="community" Parameter community Specifies an SNMP community string to disable on the switch. This parameter is case sensitive. The string must be enclosed in double quotes if it contains a space or other special character such as an exclamation point. Otherwise, the quotes are optional. Description This command disables a community string on the switch, while leaving SNMP and all other community strings active.
PAGE 113
AT-S63 Management Software Command Line Interface User’s Guide ENABLE SNMP Syntax enable snmp Parameters None. Description This command activates SNMP on the switch so that you can remotely manage the unit with an SNMP application program from a management station on your network. It also enables the switch to send SNMP traps to trap receivers. The default setting for SNMP on the switch is disabled.
PAGE 114
Chapter 6: SNMPv2 and SNMPv2c Commands ENABLE SNMP AUTHENTICATETRAP Syntax enable snmp authenticatetrap|authenticate_trap Parameters None. Description This command configures the switch to send authentication failure traps to trap receivers.
PAGE 115
AT-S63 Management Software Command Line Interface User’s Guide ENABLE SNMP COMMUNITY Syntax enable snmp community="community" Parameter community Specifies an SNMP community string. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or other special character such as an exclamation point. Otherwise, the quotes are optional. Description This command activates a community string on the switch. The default setting for a new community string is enabled.
PAGE 116
Chapter 6: SNMPv2 and SNMPv2c Commands SET SNMP COMMUNITY Syntax set snmp community="community" [access=read|write] [open=yes|no|on|off|true|false] Parameters community Specifies the SNMP community string whose access level or access status is to be changed. This community string must already exist on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or other special character such as an exclamation point. Otherwise, the quotes are optional.
PAGE 117
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command changes the access status for the SNMP community string “sw44” to closed: set snmp community=sw44 open=no The following command changes the access level for the SNMP community string “serv12” to read and write with open access: set snmp community=serv12 access=write open=yes Section I: Basic Features 117
PAGE 118
Chapter 6: SNMPv2 and SNMPv2c Commands SHOW SNMP Syntax show snmp [community="community"] Parameter community Specifies a community string on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or other special character such as an exclamation point. Otherwise, the quotes are optional. Default community strings are “public” and “private.
PAGE 119
AT-S63 Management Software Command Line Interface User’s Guide string that has a closed access status. (Management station IP addresses are displayed only when you specify a specific community string using the COMMUNITY parameter in this command.) To add IP addresses of management stations to a community string, refer to “ADD SNMP COMMUNITY” on page 102. Trap receiver IP addresses - These are the IP addresses of management stations to receive SNMP traps from the switch.
PAGE 120
Chapter 6: SNMPv2 and SNMPv2c Commands 120 Section I: Basic Features
PAGE 121
Chapter 7 Port Parameter Commands This chapter contains the following commands: “ACTIVATE SWITCH PORT” on page 122 “DISABLE INTERFACE LINKTRAP” on page 123 “DISABLE SWITCH PORT” on page 124 “DISABLE SWITCH PORT FLOW” on page 125 “ENABLE INTERFACE LINKTRAP” on page 126 “ENABLE SWITCH PORT” on page 127 “ENABLE SWITCH PORT FLOW” on page 128 “PURGE SWITCH PORT” on page 129 “RESET SWITCH PORT” on page 130 “SET SWITCH PORT” on page 131 “SET SWITCH PORT FILTERING” on pa
PAGE 122
Chapter 7: Port Parameter Commands ACTIVATE SWITCH PORT Syntax activate switch port=port autonegotiate Parameter port Specifies a port. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command prompts a port that is using Auto-Negotiation to renegotiate its settings with its end node.
PAGE 123
AT-S63 Management Software Command Line Interface User’s Guide DISABLE INTERFACE LINKTRAP Syntax disable interface=port linktrap Parameter port Specifies the port on which you want to disable SNMP link traps. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command disables SNMP link traps on a port.
PAGE 124
Chapter 7: Port Parameter Commands DISABLE SWITCH PORT Syntax disable switch port=port Parameter port Specifies the port to disable. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command disables a port. When a port is disabled, it stops forwarding traffic. The default setting for a port is enabled.
PAGE 125
AT-S63 Management Software Command Line Interface User’s Guide DISABLE SWITCH PORT FLOW Syntax disable switch port=port flow=pause Parameter port Specifies the port where you want to deactivate flow control. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command deactivates flow control on a port.
PAGE 126
Chapter 7: Port Parameter Commands ENABLE INTERFACE LINKTRAP Syntax enable interface=port linktrap Parameter port Specifies the port on which you want to enable SNMP link traps. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command activates SNMP link traps on the port.
PAGE 127
AT-S63 Management Software Command Line Interface User’s Guide ENABLE SWITCH PORT Syntax enable switch port=port Parameter port Specifies the port to enable. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command enables a port. When a port is enabled, it forwards traffic. The default setting for a port is enabled.
PAGE 128
Chapter 7: Port Parameter Commands ENABLE SWITCH PORT FLOW Syntax enable switch port=port flow=pause Parameter port Specifies the port where you want to activate flow control. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command activates flow control on a port. Flow control only applies to ports operating in full duplex mode.
PAGE 129
AT-S63 Management Software Command Line Interface User’s Guide PURGE SWITCH PORT Syntax purge switch port=port Parameters port Specifies the port to reset. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command resets all the port’s settings back to the factory default values. To reset a port and retain its settings, use “RESET SWITCH PORT” on page 130.
PAGE 130
Chapter 7: Port Parameter Commands RESET SWITCH PORT Syntax reset switch port=port Parameter port Specifies the port to reset. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command resets a port. The reset takes less that a second to complete. You might reset a port if it is experiencing a problem establishing a link with its end node. The port retains its current operating parameter settings.
PAGE 131
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH PORT Syntax set switch port=port [description=”description”] [status=enabled|disabled] [speed=autonegotiate|10mhalf|10mfull|100mhalf|100mfull| 1000mfull] [mdimode=mdi|mdix|auto] [flowcontrol=disable|enable|auto] [fctrllimit=value] [backpressure=yes|no|on|off|true|false|enabled| disabled] [bplimit=value] [holbplimit=value] [renegotiation=auto] [softreset] Parameters port Specifies the port you want to configure.
PAGE 132
Chapter 7: Port Parameter Commands 10mfull 10 Mbps and full-duplex mode. 100mhalf 100 Mbps and half-duplex mode. 100mfull 100 Mbps and full-duplex mode. 1000mfull 1000 Mbps and full-duplex mode. (Applicable only to 1000 Mbps fiber optic ports on SFP and GBIC modules.) Note A 10/100/1000Base-T twisted pair port operates at 1000 Mbps only when set to Auto-Negotiation. mdimode flowcontrol Sets the wiring configuration of the port.
PAGE 133
AT-S63 Management Software Command Line Interface User’s Guide no, off, false, disabled Deactivates back pressure on the port. This is the default. These options are equivalent. bplimit Specifies the number of cells for back pressure. A cell represents 128 bytes. The range is 1 to 7935 cells. The default value is 7935 cells. holbplimit Specifies the threshold at which the switch signals a head of line blocking event on a port. The threshold is specified in cells. A cell is 128 bytes.
PAGE 134
Chapter 7: Port Parameter Commands The following command resets port 5: set switch port=5 softreset Equivalent Commands disable switch port=port For information, see “DISABLE SWITCH PORT” on page 124. disable switch port=port flow=pause For information, see “DISABLE SWITCH PORT FLOW” on page 125. enable switch port=port For information, see “ENABLE SWITCH PORT” on page 127. enable switch port=port flow=pause For information, see “ENABLE SWITCH PORT FLOW” on page 128.
PAGE 135
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH PORT FILTERING Syntax set switch port=port [bcastfiltering=yes|no|on|off|true|false|enabled| disabled] [bcastegressfiltering=yes|no|on|off|true|false|enabled| disabled] [unkmcastfiltering=yes|no|on|off|true|false] [unkmcastegressfiltering=yes|no|on|off|true|false] [unkucastfiltering=yes|no|on|off|true|false] [unkucastegressfiltering=yes|no|on|off|true|false] Parameters port Specifies the port you want to configure.
PAGE 136
Chapter 7: Port Parameter Commands unkmcastfiltering Controls the unknown ingress multicast frame filter. The options are: yes, on, true, enabled The port discards all unknown ingress multicast frames. These options are equivalent. no, off, false, disabled The port forwards all unknown ingress multicast frames. This is the default. These options are equivalent. unkmcastegressfiltering Controls the unknown egress multicast frame filter.
PAGE 137
AT-S63 Management Software Command Line Interface User’s Guide frames. This is the default. These options are equivalent. Description This command discards ingress and egress broadcast packets as well as unknown unicast and multicast packets on a port. When you activate this feature on a port, the port discards all ingress or egress packets of the type specified. The default setting for each type of packet filter is disabled.
PAGE 138
Chapter 7: Port Parameter Commands SET SWITCH PORT RATELIMITING Syntax set switch port=port [bcastratelimiting=yes|no|on|off|true|false|enabled| disabled] [bcastrate=value] [mcastratelimiting=yes|no|on|off|true|false|enabled| disabled] [mcastrate=value] [unkucastratelimiting=yes|no|on|off|true|false|enabled| disabled] [unkucastrate=value] Parameters port Specifies the port you want to configure. You can specify more than one port at a time, but the ports must be of the same medium type.
PAGE 139
AT-S63 Management Software Command Line Interface User’s Guide mcastratelimiting mcastrate Enables or disables a rate limit for ingress multicast packets. The options are: yes, on, true, enabled Activates multicast packet rate limit on the port. The options are equivalent. no, off, false, disabled Deactivates multicast packet rate limit on the port. This is the default. The options are equivalent. Specifies the maximum number of ingress multicast packets a switch port accepts each second.
PAGE 140
Chapter 7: Port Parameter Commands Examples The following command activates rate limiting for ingress broadcast and multicast packets on port 6.
PAGE 141
AT-S63 Management Software Command Line Interface User’s Guide SHOW INTERFACE Syntax show interface[=port] Parameter port Specifies the port whose interface information you want to display. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). All ports are displayed if you omit the port number. Description This command displays the contents of the interface MIB for a specific port.
PAGE 142
Chapter 7: Port Parameter Commands Down - The port and the end node have not established a link. unknown - The port status is unknown. ifLinkUpDownTrapEnable - Whether or not link traps have been enabled for the port, one of the following: Enabled - Link traps are enabled. To disable link traps, see “DISABLE INTERFACE LINKTRAP” on page 123. Disabled - Link traps are disabled. To enable link traps, see “ENABLE INTERFACE LINKTRAP” on page 126.
PAGE 143
AT-S63 Management Software Command Line Interface User’s Guide SHOW SWITCH PORT Syntax show switch port[=port] Parameter port Specifies the port whose parameter settings you want to view. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). All ports are displayed if you omit the port number.
PAGE 144
Chapter 7: Port Parameter Commands field does not apply to a fiber optic port. To adjust a port’s MDI/MDIX setting, refer to “SET SWITCH PORT” on page 131. 144 Actual Speed/Duplex - Displays the current operating speed and duplex mode of a port. This field displays no value (—) if the port does not have a link to an end node or has been disabled. Actual MDI Crossover- Displays the current operating MDI/MDIX setting of a twisted pair port.
PAGE 145
AT-S63 Management Software Command Line Interface User’s Guide Section I: Basic Operations Unknown Multicast Egress Filtering - Displays the status of unknown egress multicast filtering. If enabled, the port discards all unknown egress multicast packets. The default is disabled. To configure this parameter, refer to “SET SWITCH PORT FILTERING” on page 135. Unknown Unicast Ingress Filtering - Displays the status of unknown ingress unicast filtering.
PAGE 146
Chapter 7: Port Parameter Commands Override Priority - Displays whether the Class of Service priority level in ingress tagged packets is ignored when determining the egress queue for storing the packets. If this parameter is displaying Yes, the switch ignores the priority level in tagged packets and uses the priority level assigned to the port to determine the egress queue. The default setting is No.
PAGE 147
AT-S63 Management Software Command Line Interface User’s Guide Port #11 Information: Port Description ..................... Port Type ............................ Status ............................... Link State ........................... Configured Speed/Duplex .............. Configured MDI Crossover ............. Actual Speed/Duplex .................. Actual MDI Crossover ................. Flow Control Status .................. Flow Control Threshold ............... Backpressure Status ................
PAGE 148
Chapter 7: Port Parameter Commands 148 Section I: Basic Operations
PAGE 149
Chapter 8 Port Statistics Commands This chapter contains the following commands: “RESET SWITCH PORT COUNTER” on page 150 “SHOW SWITCH COUNTER” on page 151 “SHOW SWITCH PORT COUNTER” on page 154 Note For background information on port statistics, refer to Chapter 6, “Port Parameters” in the AT-S63 Management Software Menus Interface User’s Guide.
PAGE 150
Chapter 8: Port Statistics Commands RESET SWITCH PORT COUNTER Syntax reset switch port=port counter Parameter port Specifies the port whose statistics counters you want to return to zero. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command returns a port’s statistics counters to zero.
PAGE 151
AT-S63 Management Software Command Line Interface User’s Guide SHOW SWITCH COUNTER Syntax show switch counter Parameters None. Description This command displays operating statistics, such as the number of packets received and transmitted, and the number of CRC errors, for the entire switch. An example of the display is shown in Figure 12. Port: All Bytes Rx ......... Frames Rx ........ Bcast Frames Rx... Mcast Frames Rx .. Frames 64 ........ Frames 128-255 ... Frames 512-1023 .. CRC Error ........ No.
PAGE 152
Chapter 8: Port Statistics Commands Bcast Frames Tx Number of broadcast frames transmitted by the switch. Mcast Frames Rx Number of multicast frames received by the switch. Mcast Frames Tx Number of multicast frames transmitted by the switch. Frames 64 Frames 65-127 Frames 128-255 Frames 256-511 Frames 512-1023 Frames 1024-1518 Frames 1519-1522 Number of frames transmitted from the port, grouped by size.
PAGE 153
AT-S63 Management Software Command Line Interface User’s Guide Example The following command displays the switch’s operating statistics: show switch counter Section I: Basic Operations 153
PAGE 154
Chapter 8: Port Statistics Commands SHOW SWITCH PORT COUNTER Syntax show switch port=port counter Parameter port Specifies the port whose statistics you want to view. You can specify more than one port at a time. To view all ports, do not specify a port. Description This command displays the operating statistics for a port on the switch. Examples of the statistics include the number of packets transmitted and received, and the number of CRC errors.
PAGE 155
Chapter 9 MAC Address Table Commands This chapter contains the following commands: “ADD SWITCH FDB|FILTER” on page 156 “DELETE SWITCH FDB|FILTER” on page 158 “RESET SWITCH FDB” on page 160 “SET SWITCH AGINGTIMER|AGEINGTIMER” on page 161 “SHOW SWITCH AGINGTIMER|AGEINGTIMER” on page 162 “SHOW SWITCH FDB” on page 163 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 156
Chapter 9: MAC Address Table Commands ADD SWITCH FDB|FILTER Syntax add switch fdb|filter destaddress|macaddress=macaddress port=port vlan=name|vid Note The FDB and FILTER keywords are equivalent. Parameters destaddress or macaddress Specifies the static unicast or multicast address to be added to the switch’s MAC address table. The parameters are equivalent.
PAGE 157
AT-S63 Management Software Command Line Interface User’s Guide The following command adds the multicast MAC address 01:00:51:00:00 10 to ports 1 to 5.
PAGE 158
Chapter 9: MAC Address Table Commands DELETE SWITCH FDB|FILTER Syntax delete switch fdb|filter macaddress|destaddress=macaddress vlan=name|vid type|status=static|staticunicast|staticmulticast|dynamic| dynamicunicast|dynamicmulticast Note The FDB and FILTER keywords are equivalent. Parameters macaddress or Deletes a specific dynamic or static unicast or multicast destaddress MAC address from the MAC address table.
PAGE 159
AT-S63 Management Software Command Line Interface User’s Guide Description This command deletes dynamic and static unicast and multicast addresses from the switch’s MAC address table. Note You cannot delete a switch’s MAC address, an STP BPDU MAC address, or a broadcast address. Examples The following command deletes the static MAC address 00:A0:D2:18:1A:11 from the table.
PAGE 160
Chapter 9: MAC Address Table Commands RESET SWITCH FDB Syntax reset switch fdb [port=port] Parameter port Specifies the port whose dynamic MAC addresses you want to delete from the MAC address table. You can specify more than one port at a time. Description This command deletes the dynamic MAC addresses learned by the switch. You can delete all the dynamic addresses of addresses learned on a specific port. After a port’s dynamic MAC addresses have been deleted, the port begins to learn new addresses.
PAGE 161
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH AGINGTIMER|AGEINGTIMER Syntax set switch agingtimer|ageingtimer=value Parameter agingtimer or ageingtimer Specifies the aging timer for the MAC address table. The value is in seconds. The range is 0 to 1048575. The default is 300 seconds (5 minutes). The parameters are equivalent. Description The switch uses the aging timer to delete inactive dynamic MAC addresses from the MAC address table.
PAGE 162
Chapter 9: MAC Address Table Commands SHOW SWITCH AGINGTIMER|AGEINGTIMER Syntax show switch agingtimer|ageingtimer Parameters None. Description This command displays the current setting for the aging timer. The switch uses the aging timer to delete inactive dynamic MAC addresses from the MAC address table. To set the aging timer, refer to “SET SWITCH AGINGTIMER|AGEINGTIMER” on page 161. Figure 13 illustrates the information displayed by this command. Aging interval: 300 second(s) Figure 13.
PAGE 163
AT-S63 Management Software Command Line Interface User’s Guide SHOW SWITCH FDB Syntax show switch fdb [macaddress|destaddress=macaddress] [port=port] [type|status=static|staticunicast| staticmulticast|dynamic|dynamicunicast|dynamicmulticast] [vlan=name] Parameters address Specifies a MAC address. Use this parameter to determine the port on the switch on which a particular MAC address was learned (dynamic) or assigned (static).
PAGE 164
Chapter 9: MAC Address Table Commands Description This command displays the unicast and multicast MAC addresses learned or assigned to the ports on the switch and stored in the switch’s MAC address table. Figure 14 is an example of the information displayed by this command for unicast addresses.
PAGE 165
AT-S63 Management Software Command Line Interface User’s Guide The columns are defined here: MAC Address - The static or dynamic unicast MAC address. VLAN ID - The ID number of the VLAN where the port is an untagged member. Type - The type of the address: static or dynamic. Port Maps - The tagged and untagged ports on the switch that are members of a multicast group. This column is useful in determining which ports belong to different groups.
PAGE 166
Chapter 9: MAC Address Table Commands 166 Section I: Basic Operations
PAGE 167
Chapter 10 Static Port Trunking Commands This chapter contains the following commands: “ADD SWITCH TRUNK” on page 168 “CREATE SWITCH TRUNK” on page 170 “DELETE SWITCH TRUNK” on page 172 “DESTROY SWITCH TRUNK” on page 173 “SET SWITCH TRUNK” on page 174 “SHOW SWITCH TRUNK” on page 175 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 168
Chapter 10: Static Port Trunking Commands ADD SWITCH TRUNK Syntax add switch trunk=name [tgid=id_number] port=port Parameters trunk Specifies the name of the static port trunk to be modified. tgid Specifies the ID number of the static port trunk to be modified. The range is 1 to 6. This parameter is optional. port Specifies the port to be added to the port trunk. You can add more than one port at a time.
PAGE 169
AT-S63 Management Software Command Line Interface User’s Guide Example The following command adds port 5 to a port trunk called load22: add switch trunk=load22 port=5 Section I: Basic Operations 169
PAGE 170
Chapter 10: Static Port Trunking Commands CREATE SWITCH TRUNK Syntax create switch trunk=name port=ports [select=macsrc|macdest|macboth|ipsrc|ipdest|ipboth] Parameters trunk Specifies the name of the trunk. The name can be up to 16 alphanumeric characters. No spaces or special characters are allowed. port Specifies the ports to be added to the port trunk. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22).
PAGE 171
AT-S63 Management Software Command Line Interface User’s Guide Note Before creating a static port trunk, examine the speed, duplex mode, and flow control settings of the lowest numbered port to be in the trunk. Check to be sure that the settings are correct for the end node to which the trunk will be connected. When you create the trunk, the AT-S63 management software copies the settings of the lowest numbered port in the trunk to the other ports so that all the settings are the same.
PAGE 172
Chapter 10: Static Port Trunking Commands DELETE SWITCH TRUNK Syntax delete switch trunk=name port=port Parameters trunk Specifies the name of the static port trunk to be modified. port Specifies the port to be removed from the existing port trunk. You can specify more than one port at a time. Description This command removes ports from a static port trunk. To completely remove a port trunk from a switch, see “DESTROY SWITCH TRUNK” on page 173.
PAGE 173
AT-S63 Management Software Command Line Interface User’s Guide DESTROY SWITCH TRUNK Syntax destroy switch trunk=name Parameter trunk Specifies the name of the trunk to be deleted. Description This command deletes a static port trunk from a switch. After a port trunk has been deleted, the ports that made up the trunk can be connected to different end nodes. Caution Disconnect the cables from the port trunk on the switch before destroying the trunk.
PAGE 174
Chapter 10: Static Port Trunking Commands SET SWITCH TRUNK Syntax set switch trunk=name select=macsrc|macdest|macboth|ipsrc|ipdest|ipboth Parameters trunk Specifies the name of the static port trunk. select Specifies the load distribution method. Options are: macsrc Source MAC address. macdest Destination MAC address. macboth Source address/destination MAC address. ipsrc Source IP address. ipdest Destination IP address. ipboth Source address/destination IP address.
PAGE 175
AT-S63 Management Software Command Line Interface User’s Guide SHOW SWITCH TRUNK Syntax show switch trunk Parameters None. Description This command displays the names, ports, and load distribution methods of the static port trunks on the switch. An example of the command is shown in Figure 16. Trunk group ID ............ Trunk status ........... Trunk group name ....... Trunk method ........... Ports .................. 2 UP Server11 SRC/DST MAC 12-16 Figure 16.
PAGE 176
Chapter 10: Static Port Trunking Commands Example The following command displays port trunking information: show switch trunk 176 Section I: Basic Operations
PAGE 177
Chapter 11 LACP Port Trunking Commands This chapter contains the following commands: “ADD LACP PORT” on page 178 “CREATE LACP AGGREGATOR” on page 179 “DELETE LACP PORT” on page 181 “DESTROY LACP AGGREGATOR” on page 182 “DISABLE LACP” on page 183 “ENABLE LACP” on page 184 “SET LACP AGGREGATOR” on page 185 “SET LACP SYSPRIORITY” on page 187 “SET LACP STATE” on page 188 “SHOW LACP” on page 189 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 178
Chapter 11: LACP Port Trunking Commands ADD LACP PORT Syntax add lacp aggregator=name port=port Parameters aggregator Specifies the name of the aggregator. The name is case-sensitive. port Specifies the port to be added to the aggregator. You can add more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-20), or both (for example, 1,14-16). Description This command adds ports to an existing aggregator.
PAGE 179
AT-S63 Management Software Command Line Interface User’s Guide CREATE LACP AGGREGATOR Syntax create lacp aggregator=name|adminkey=0xkey port=port [distribution=macsrc|macdest|macboth|ipsrc|ipdest|ipboth] Parameters aggregator Specifies a name for the new aggregator. The name can be up to 20 alphanumeric characters. No spaces or special characters are allowed. If no name is specified, the default name is DEFAULT_AGG followed by a number. adminkey Specifies an adminkey number for the aggregator.
PAGE 180
Chapter 11: LACP Port Trunking Commands Description This command creates an LACP aggregator. Note the following when creating a new aggregator: You can specify either a name or an adminkey but not both when creating a new aggregator. When you create a new aggregator by specifying a name, the adminkey is based on the operator key of the lowest numbered port in the aggregator.
PAGE 181
AT-S63 Management Software Command Line Interface User’s Guide DELETE LACP PORT Syntax delete lacp aggregator=name port=port Parameters aggregator Specifies the name of the aggregator. The name is case-sensitive. port Specifies the port to delete from an aggregator. You can delete more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-20), or both (for example, 1,14-16). Description This command removes a port from an aggregator.
PAGE 182
Chapter 11: LACP Port Trunking Commands DESTROY LACP AGGREGATOR Syntax destroy lacp aggregator=name|adminkey=0xkey Parameter aggregator Specifies the name of the aggregator. The name is case-sensitive. adminkey Specifies the adminkey number of the aggregator. This is a hexadecimal number between 0x1 and 0xffff. Description This command deletes an LACP aggregator from the switch. You can identify the aggregator by its name or adminkey number.
PAGE 183
AT-S63 Management Software Command Line Interface User’s Guide DISABLE LACP Syntax disable lacp Parameters None. Description This command disables LACP on the switch. The default is disabled. Caution Do not disable LACP if there are defined aggregators without first disconnecting all cables connected to the aggregate trunk ports. Otherwise, a network loop may occur, resulting in a broadcast storm and poor network performance.
PAGE 184
Chapter 11: LACP Port Trunking Commands ENABLE LACP Syntax enable lacp Parameters None. Description This command activates LACP on the switch. The default is disabled. Example The following command activates LACP: enable lacp Equivalent Command set lacp state=enable For information, see “SET LACP STATE” on page 188.
PAGE 185
AT-S63 Management Software Command Line Interface User’s Guide SET LACP AGGREGATOR Syntax set lacp aggregator=name|adminkey=key [distribution=macsrc|macdest|macboth|ipsrc|ipdest|ipboth] Parameters aggregator Specifies the name of the aggregator you want to modify. The name is case-sensitive. adminkey Specifies the adminkey number of the aggregator you want to modify. This is a hexadecimal number between 0x1 and 0xffff.
PAGE 186
Chapter 11: LACP Port Trunking Commands The following command changes the load distribution method of an LACP aggregator with the adminkey 0x22 to the destination MAC address method: set lacp adminkey=0x22 distribution=macdest 186 Section I: Basic Operations
PAGE 187
AT-S63 Management Software Command Line Interface User’s Guide SET LACP SYSPRIORITY Syntax set lacp syspriority=0xpriority Parameters syspriority Specifies the LACP system priority value for a switch. This is a hexadecimal value from 0x1 to 0xffff. The lower the number, the higher the priority. The default is 0x0080. Description This command sets the LACP priority of the switch.
PAGE 188
Chapter 11: LACP Port Trunking Commands SET LACP STATE Syntax set lacp state=enable|disable Parameters state Specifies the state of LACP on the switch. The options are: enable Enables LACP. disable Disables LACP. This is the default. Description This command enables or disables LACP on the switch. Caution Do not disable LACP if there are defined aggregators without first disconnecting all cables connected to the aggregate trunk ports.
PAGE 189
AT-S63 Management Software Command Line Interface User’s Guide SHOW LACP Syntax show lacp [port=port] [aggregator] [machine=port] Parameter port Specifies the port(s) to display. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-20), or both (for example, 1,14-16). aggregator Displays information about the aggregators. machine Specifies the LACP machine state for a port or ports on the system.
PAGE 190
Chapter 11: LACP Port Trunking Commands The PORT parameter displays LACP port information. Figure 18 illustrates the information displayed by this parameter. For definitions, refer to the IEEE 802.3ad standard. Port ............. 05 Aggregator ....... LACP sw22 ACTOR PARTNER ============================================ Actor Port ............. 05 Partner Port ......... Selected ............... SELECTED Partner System ....... Oper Key ............... 0xf705 Oper Key ............ Oper Port Priority ....
PAGE 191
AT-S63 Management Software Command Line Interface User’s Guide The following command displays the configuration of the aggregators on the system: show lacp aggregator The following command displays the LACP machine states for each port on the system: show lacp machine Section I: Basic Operations 191
PAGE 192
Chapter 11: LACP Port Trunking Commands 192 Section I: Basic Operations
PAGE 193
Chapter 12 Port Mirroring Commands This chapter contains the following commands: “SET SWITCH MIRROR” on page 194 “SET SWITCH PORT MIRROR” on page 195 “SHOW SWITCH MIRROR” on page 196 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on this feature, refer to Chapter 9, “Port Mirroring” in the AT-S63 Management Software Menus Interface User’s Guide.
PAGE 194
Chapter 12: Port Mirroring Commands SET SWITCH MIRROR Syntax set switch mirror=port Parameter mirror Specifies the destination port for the port mirror. This is the port where the traffic from the source ports will be copied. You can specify only one port as the destination port. Specifying “0” (zero) disables port mirroring. Description This command enables mirroring and specifies the destination port, or disables mirroring. To select the source ports, refer to “SET SWITCH PORT MIRROR” on page 195.
PAGE 195
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH PORT MIRROR Syntax set switch port=port mirror=none|rx|tx|both Parameters port Specifies the source port of a port mirror. You can specify more than one port. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22). mirror Specifies which traffic on the source ports is to be mirrored to the destination port.
PAGE 196
Chapter 12: Port Mirroring Commands SHOW SWITCH MIRROR Syntax show switch mirror Parameters None. Description This command displays the source and destination ports of a port mirror on the switch. An example is shown in Figure 20. Port Mirroring: Mirroring State ..................... Mirror-To (Destination) Port ........ Ingress (Rx) Mirror (Source) Ports .. Egress (Tx) Mirror (Source) Ports ... Enabled 22 1,3 1,3,11-13 Figure 20.
PAGE 197
Chapter 13 Networking Stack This chapter contains the following commands: “DELETE IP ARP” on page 198 “DELETE TCP” on page 199 “RESET IP ARP” on page 200 “SET IP ARP TIMEOUT” on page 201 “SHOW IP ARP” on page 202 “SHOW IP ROUTE” on page 203 “SHOW TCP” on page 204 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 198
Chapter 13: Networking Stack DELETE IP ARP Syntax delete ip arp [ipaddress|all] Parameter ipaddress Specifies the IP address of an ARP entry to delete from the ARP table. all Specifies the deletion of all temporary ARP entries in the table. Description This command deletes specific or all temporary ARP entries from the ARP table. Example The following command deletes the ARP entry with the IP address of 192.168.1.1: delete ip arp 192.168.1.
PAGE 199
AT-S63 Management Software Command Line Interface User’s Guide DELETE TCP Syntax delete tcp indexnumber Parameter indexnumber Specifies the internal socket ID number assigned to the connection. Enter the index number of the TCP connection you want to delete. The range is 0 to 65535 with a default of 0. To display the index numbers, refer to “SHOW TCP” on page 204. Description This command deletes a TCP connection. You can use the command to end a Telnet, SSH or web browser management session of a switch.
PAGE 200
Chapter 13: Networking Stack RESET IP ARP Syntax reset ip arp Parameter None Description This command resets the ARP table by deleting all of the temporary entries in the table.
PAGE 201
AT-S63 Management Software Command Line Interface User’s Guide SET IP ARP TIMEOUT Syntax set ip arp timeout=integer Parameter timeout The range is 1 to 260000 seconds. The default setting is 400 seconds. Description This command prevents the table from becoming full with inactive entries. It allows you to set the timer for removing temporary entries in the ARP table. Inactive temporary entries in the ARP table are timed out according to the ARP cache timeout value which is set with the timeout option.
PAGE 202
Chapter 13: Networking Stack SHOW IP ARP Syntax show ip arp Parameter None Description This command displays the IP addresses stored in the ARP table. An example is show in Figure 21. Interface IP Address MAC Address Type --------------------------------------------------------loopback 127.0.0.1 00:00:00:00:00:00 PERMANENT eth0 149.22.22.22 00:30:84:32:8A:5B TEMPORARY eth0 149.22.22.1 00:30:84:32:12:42 TEMPORARY eth0 149.22.22.101 00:30:84:32:8A:1B TEMPORARY eth0 149.22.22.
PAGE 203
AT-S63 Management Software Command Line Interface User’s Guide SHOW IP ROUTE Syntax show ip route Parameter None Description This command displays the switch’s IP route table. An example is shown in Figure 22. Destination Mask Next Hop Interface --------------------------------------------------------------127.0.0.0 255.0.0.0 127.0.0.1 loopback 169.254.0.0 255.255.0.0 169.254.37.1 eth0 169.254.37.1 255.255.255.255 127.0.0.1 loopback Figure 22.
PAGE 204
Chapter 13: Networking Stack SHOW TCP Syntax show tcp Parameter None Description This command displays the TCP connections and the TCP global information which is MIB variables defined in TCP group. An example is show in Figure 23.
PAGE 205
AT-S63 Management Software Command Line Interface User’s Guide Passive Opens - The number of TCP passive opens. Passive opens are issued to wait for a connection from another host. Attempt Fails - The number of failed connection attempts. Established Resets - The number of connections established but have not been reset. Current Established - The number of current connections. In Segs - The number of segments received. In Segs Error - The number of segments received with an error.
PAGE 206
Chapter 13: Networking Stack The entries for the listening sockets for the Telnet, SSH, and web browser servers are identified in the table with a TCP state of LISTEN. If you disable a server on the switch, its corresponding LISTEN entry is removed from the table. Disabling all the servers leaves the table empty. (The SSH server is disabled by default on the switch.
PAGE 207
Section II Advanced Operations The chapters in this section contain the commands for advanced switch setup using the AT-S63 management software.
PAGE 208
Section II: Advanced Operations
PAGE 209
Chapter 14 File System Commands This chapter contains the following commands: “COPY” on page 210 “CREATE CONFIG” on page 212 “DELETE FILE” on page 213 “FORMAT DEVICE” on page 215 “RENAME” on page 216 “SET CFLASH DIR” on page 218 “SET CONFIG” on page 219 “SHOW CFLASH” on page 221 “SHOW CONFIG” on page 222 “SHOW FILE” on page 223 “SHOW FLASH” on page 224 Note For background information on this feature, refer to Chapter 11, “File System” in the AT-S63 Management Sof
PAGE 210
Chapter 14: File System Commands COPY Syntax copy [cflash:]sourcefile.ext [cflash:]destinationfile.ext Parameters sourcefile.ext Specifies the name of the source file. If the file is stored on a compact memory flash card, precede the name with “cflash:”. If the filename contains spaces, enclose it in double quotes. Otherwise, the quotes are optional. destinationfile.ext Specifies the name of the destination file. To store the copy on a compact memory flash card, precede the name with “cflash:”.
PAGE 211
AT-S63 Management Software Command Line Interface User’s Guide Table 4. File Extensions and File Types Extension File Type .cer Certificate file .csr Certificate enrollment request .key Public encryption key .log Event log Examples The following command creates a copy of the configuration file “admin.cfg” in the switch’s file system and names the copy “admin2.cfg”: copy admin.cfg admin2.cfg The following command creates a copy of the configuration file “switch 12.
PAGE 212
Chapter 14: File System Commands CREATE CONFIG Syntax create config=[cflash:]filename.cfg Parameter config Specifies the name of a new configuration file. If the filename contains spaces, enclose it in double quotes. Otherwise, the quotes are optional. To store the configuration file on a flash memory card, precede the name with “cflash:”. Description This command creates a new configuration file. The file contains the commands necessary to recreate the current configuration of the switch.
PAGE 213
AT-S63 Management Software Command Line Interface User’s Guide DELETE FILE Syntax delete file=[cflash:]filename Parameter file Specifies the name of the file to be deleted. A name with spaces must be enclosed in double quotes. Otherwise, the quotes are optional. If the file is stored on a compact memory flash card, precede the name with “cflash:”. Description This command deletes a file from the file system or from a compact flash memory card.
PAGE 214
Chapter 14: File System Commands The following command deletes the configuration file named “Switch 12.cfg” on a compact flash card: delete file=cflash:"Switch 12.
PAGE 215
AT-S63 Management Software Command Line Interface User’s Guide FORMAT DEVICE Syntax format device=flash Parameter device Specifies the device to format. The only option is “Flash” for the switch’s file system. Description This command formats the flash memory in the switch. It deletes all files in the switch’s file system, as well as all encryption keys in the key database and security certificates in the PKI certificate database.
PAGE 216
Chapter 14: File System Commands RENAME Syntax rename [cflash:]filename1.ext [cflash:]filename2.ext Parameters filename1.ext Specifies the name of the file to be renamed. If the name contains spaces, enclose it in double quotes. Otherwise, the quotes are optional. If the file is stored on a compact memory card, precede the name with “cflash:”. filename2.ext Specifies the new name for the file. The filename can be from 1 to 16 alphanumeric characters, not including the filename extension.
PAGE 217
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command renames the file “Switch12.cfg” in the switch’s file system to “Sw 44a.cfg”: rename Switch12.cfg "Sw 44a.cfg" This command renames the file “sales_sw.cfg” on a flash memory card to “sales sw5.cfg”: rename cflash:sales_sw.cfg cflash:”sales sw5.
PAGE 218
Chapter 14: File System Commands SET CFLASH DIR Syntax set cflash dir=directory Parameter dir Specifies the directory path. Description This command changes the current directory on the compact flash card. Note You cannot create directories on a compact flash card from the AT-S63 management software.
PAGE 219
AT-S63 Management Software Command Line Interface User’s Guide SET CONFIG Syntax set config=[cflash:]filename.cfg|none Parameter config Specifies the name of the configuration file to act as the active configuration file for the switch. The name can be from 1 to 16 alphanumeric characters, not including the extension “.cfg”. If the filename contains spaces, enclose it in double quotes. Description This command changes the active configuration file on a switch.
PAGE 220
Chapter 14: File System Commands file directly from the card. If at some point you remove the card and reset the switch, the management software will not be able to find the file and will instead use the switch’s default settings. If the file is on a flash memory card, you must change to the directory where the file is stored before performing this command. The command does not accept a directory path. To change directories on a flash card, see “SET CFLASH DIR” on page 218.
PAGE 221
AT-S63 Management Software Command Line Interface User’s Guide SHOW CFLASH Syntax show cflash Parameter None Description This command displays information about the compact flash card including the current directory, the number of files, how much space is used, and amount of space available. An example is shown in Figure 25. Compact Flash: --------------------------------------------------Current Directory: \ Number of files ............ 6 Number of directories ...... 3 Bytes used .................
PAGE 222
Chapter 14: File System Commands SHOW CONFIG Syntax show config [dynamic] Parameter dynamic Displays the settings for all the switch and port parameters in command line format. Description This command, when used without the DYNAMIC parameter, displays two pieces of information. The first is the “Boot configuration file.” This is the configuration file the switch uses the next time it is reset or power cycled.
PAGE 223
AT-S63 Management Software Command Line Interface User’s Guide SHOW FILE Syntax show file[=[cflash:]filename.ext] Parameter file Specifies the name of the file to be displayed. Use double quotes to enclose the name if it contains spaces. Otherwise, the quotes are optional. To view a file on a flash memory card, precede the name with “cflash”. If you do not specify a file name, the command displays a list of all files in flash memory as well as on the compact flash card.
PAGE 224
Chapter 14: File System Commands SHOW FLASH Syntax show flash Parameter None Description This command displays information about the file system in the switch. The information includes the number of files stored in the file system, how much space is used, and the amount of space available. An example of the information displayed by this command is shown in Figure 27. Flash: --------------------------------------------------------Files .............. 12288 bytes (5 files) Free ..............
PAGE 225
Chapter 15 File Download and Upload Commands This chapter contains the following commands: “LOAD METHOD=LOCAL” on page 226 “LOAD METHOD=TFTP” on page 228 “LOAD METHOD=XMODEM” on page 232 “UPLOAD METHOD=LOCAL” on page 236 “UPLOAD METHOD=REMOTESWITCH” on page 238 “UPLOAD METHOD=TFTP” on page 243 “UPLOAD METHOD=XMODEM” on page 246 Note For background information on this feature, refer to Chapter 12, “File Downloads and Uploads” in the AT-S63 Management Software Menus Interface User
PAGE 226
Chapter 15: File Download and Upload Commands LOAD METHOD=LOCAL Syntax load method=local destfile=appblock srcfile|file=filename Parameters method Specifies a local download. destfile Specifies the application block (APPBLOCK) of the switch’s flash memory. This is the area of memory reserved for the switch’s active AT-S63 image file. srcfile or file Specifies the filename of the AT-S63 image file in the file system that you want to download into the application block.
PAGE 227
AT-S63 Management Software Command Line Interface User’s Guide Caution After downloading an AT-S63 image file into the application block from its file system, the switch resets and initializes its management software. The entire process can take a minute or so to complete. Do not interrupt the process by resetting or power cycling the switch. Some network traffic may be lost during the process.
PAGE 228
Chapter 15: File Download and Upload Commands LOAD METHOD=TFTP Syntax load method=tftp destfile=[cflash:]filename|appblock server=ipaddress srcfile|file=filename Parameters method Specifies a TFTP download. destfile Specifies the destination filename for the file. This is the name given to the file when it is stored in the switch’s file system. The name can be from 1 to 15 alphanumeric characters, not including the three-letter extension. If the name includes spaces, enclose it in double quotes.
PAGE 229
AT-S63 Management Software Command Line Interface User’s Guide Note In earlier versions of the AT-S63 management software this command also performed switch to switch file transfers for copying files from a master switch to other switches in an enhanced stack. That function is now part of “UPLOAD METHOD=REMOTESWITCH” on page 238 The DESTFILE parameter specifies a name for the file as it will be stored in the file system or a flash memory card in the switch.
PAGE 230
Chapter 15: File Download and Upload Commands There must be a node on your network that contains TFTP server software and the file to be downloaded must be stored on the server. You should start the TFTP server software before you perform the download command. The switch where you are downloading the file must have an IP address and subnet mask, such as a master switch.
PAGE 231
AT-S63 Management Software Command Line Interface User’s Guide The following command downloads an SSL certificate to the switch’s file system. The name of the file on the TFTP server is “sw12_ssl.cer”. The same name is used for the file in the switch’s file system: load method=tftp destfile=sw12_ssl.cer server=149.44.44.44 srcfile=sw12_ssl.
PAGE 232
Chapter 15: File Download and Upload Commands LOAD METHOD=XMODEM Syntax load method=xmodem destfile=[cflash:]filename|appblock Parameters method Specifies an Xmodem download. destfile Specifies the destination filename for the file. This is the name given to the file when it is stored in the switch’s file system. The name can be from 1 to 15 alphanumeric characters, not including the three-letter extension. If the name includes spaces, enclose it in double quotes.
PAGE 233
AT-S63 Management Software Command Line Interface User’s Guide downloaded file, you must be sure to give it the correct three-letter extension, depending on the file type. The extensions are shown in Table 5 on page 229. To download the file onto a flash memory card in the switch, precede the name with “cflash:”. The APPBLOCK option of the DESTFILE parameter refers to the switch’s application block, which is the portion of flash memory reserved for the active AT-S63 image.
PAGE 234
Chapter 15: File Download and Upload Commands Note Downloading an AT-S63 image file into a switch’s file system rather than into the application block should be perform with care. The file will take up 2 megabytes of space in the file system. If you download a file onto a flash memory card in the switch and later want to copy the file from the card to a switch’s file system, refer to “COPY” on page 210. Examples The following command downloads a new configuration file onto the switch.
PAGE 235
AT-S63 Management Software Command Line Interface User’s Guide The following command downloads a new version of the AT-S63 image file to the switch’s file system instead of the application block. It does this by replacing the APPBLOCK option with a filename, in this case “ats63v1_2_0.img”. The image file is stored in the switch’s file system with this name: load method=xmodem destfile=ats63v1_2_0.
PAGE 236
Chapter 15: File Download and Upload Commands UPLOAD METHOD=LOCAL Syntax upload method=local destfile=[cflash:]filename srcfile|file=appblock Parameters method Specifies a local upload. destfile Specifies a filename for the AT-S63 image file. If the name contains spaces, enclose the name in quotes. To upload the active image file to a flash memory card in the switch, precede the name with “cflash:”.
PAGE 237
AT-S63 Management Software Command Line Interface User’s Guide This command uploads the active AT-S63 image from the switch’s application block to a flash memory card in the switch and assigns the file the name “s63.img”: upload method=local destfile=cflash:s63.
PAGE 238
Chapter 15: File Download and Upload Commands UPLOAD METHOD=REMOTESWITCH Syntax upload method=remoteswitch srcfile|file=filename|appblock|switchcfg switchlist=switches [verbose=yes|no|on|off|true|false] Parameters method Specifies a switch to switch upload. srcfile or file Specifies the file to be uploaded from the master switch. Options are: filename Specifies the name of a configuration file in the master switch’s file system. appblock Uploads the master switch’s active AT-S63 image file.
PAGE 239
AT-S63 Management Software Command Line Interface User’s Guide You can also have a master switch distribute a configuration file to the other switches. This is useful in situations where the switches will share a similar configuration because it can save you from having to configure the switches individually. The equivalent SRCFILE and FILE parameters specify the name of the file that you want to upload from the switch.
PAGE 240
Chapter 15: File Download and Upload Commands 240 When uploading the master switch’s active AT-S63 image file to another switch, the file is copied directly to the application block on the other switch, automatically making it the active image file. It is not copied to the file system. This results in a switch reset of the unit that receives the image file. Some network traffic may be lost while the switch reloads its operating software.
PAGE 241
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command uploads the active AT-S63 image file on a master switch to switch 2 in an enhanced stack. (Switch numbers are displayed with “SHOW REMOTELIST” on page 86.) upload method=remoteswitch srcfile=appblock switchlist=2 The active AT-S63 image file on the master switch is indicated with the APPBLOCK option of the SRCFILE parameter.
PAGE 242
Chapter 15: File Download and Upload Commands After the switch receives the file, it marks the file as its active boot configuration file and automatically resets itself so that it starts running with the new settings. Since the configuration file was designated by its filename, the entire file without modifications is uploaded. This type of configuration file upload should be performed with care.
PAGE 243
AT-S63 Management Software Command Line Interface User’s Guide UPLOAD METHOD=TFTP Syntax upload method=tftp destfile=[cflash:]filename server=ipaddress srcfile|file=switchcfg|filename|appblock Parameters method Specifies a TFTP upload. destfile Specifies a filename for the uploaded file. This is the name given the file when it is stored on the TFTP server. If the name contains spaces, enclose it in quotes. server Specifies the IP address of the network node containing the TFTP server software.
PAGE 244
Chapter 15: File Download and Upload Commands Start the TFTP server software before you perform the command. The switch from where you are uploading the file must have an IP address and subnet mask, such as a master switch of an enhanced stack. To upload a file from a switch that does not have an IP address, such as a slave switch, you can perform an Xmodem upload from a local management session. The DESTFILE parameter specifies a name for the file.
PAGE 245
AT-S63 Management Software Command Line Interface User’s Guide the same name that it has on the switch: upload method=tftp destfile="sw22 boot.cfg" server=149.88.88.88 srcfile="sw22 boot.cfg" The following command uses TFTP to upload the switch’s active configuration file from the file system to a TFTP server with the IP address 149.11.11.11. The active boot file is signified with the SWITCHCFG option rather than by its filename.
PAGE 246
Chapter 15: File Download and Upload Commands UPLOAD METHOD=XMODEM Syntax upload method=xmodem srcfile|file=switchcfg|filename|appblock Parameters method Specifies an Xmodem upload. srcfile or file Specifies the file to be uploaded. Options are: switchcfg Uploads the switch’s active boot configuration file. filename Specifies the name of the file in the switch’s file system. If the file is stored on a compact flash card, precede the name with “cflash:”.
PAGE 247
AT-S63 Management Software Command Line Interface User’s Guide The equivalent SRCFILE and FILE parameters specify the name of the file that you want to upload from the switch. You have three options: SWITCHCFG - Uploads the switch’s active boot configuration file. filename - Uploads a file from the switch’s file system. This differs from the SWITCHCFG parameter in that the latter uploads just the active boot configuration file, while this parameter can upload any file in the switch’s file system.
PAGE 248
Chapter 15: File Download and Upload Commands Note It is unlikely you will ever have cause to upload an active image file from a switch to your workstation. If you are considering the upload so as to update the image file on another switch, you can simplify the process by instead performing a switch to switch upload using “UPLOAD METHOD=REMOTESWITCH” on page 238.
PAGE 249
Chapter 16 Event Log and Syslog Server Commands This chapter contains the following commands: “ADD LOG OUTPUT” on page 250 “CREATE LOG OUTPUT” on page 252 “DESTROY LOG OUTPUT” on page 256 “DISABLE LOG” on page 257 “DISABLE LOG OUTPUT” on page 258 “ENABLE LOG” on page 259 “ENABLE LOG OUTPUT” on page 260 “PURGE LOG” on page 261 “SAVE LOG” on page 262 “SET LOG FULLACTION” on page 264 “SET LOG OUTPUT” on page 265 “SHOW LOG” on page 268 “SHOW LOG OUTPUT” on pa
PAGE 250
Chapter 16: Event Log and Syslog Server Commands ADD LOG OUTPUT Syntax add log output=output-id module=[all|module] severity=[all|severity] Parameters output Specifies the output definition ID number. module Specifies what AT-S63 events to filter. The available options are: severity all Sends events for all modules. This is the default. module Sends events for specific module(s). You can select more than one module at a time, for example, MAC,PACCESS.
PAGE 251
AT-S63 Management Software Command Line Interface User’s Guide The second step is to customize the definition by specifying which event messages generated by the switch are to be sent. This is accomplished with this command. You can customize the definition so that the switch sends all of its event messages or limit it to just a selection of events from particular modules in the AT-S63 management software. An alternative method to configuring a definition is with “SET LOG OUTPUT” on page 265.
PAGE 252
Chapter 16: Event Log and Syslog Server Commands CREATE LOG OUTPUT Syntax create log output=output-id destination=syslog server=ipaddress [facility=default|local1|local2|local3|local4|local5|local6 |local7] [syslogformat=extended|normal] Parameters output destination Specifies an ID number that identifies the output definition. The possible output IDs are: 0 Reserved for permanent (nonvolatile) storage. You cannot change or delete this ID. 1 Reserved for temporary (dynamic) storage.
PAGE 253
AT-S63 Management Software Command Line Interface User’s Guide syslogformat Specifies the format of the generated messages. The possible options are: extended Messages include the date, time, and system name. This is the default. normal Messages do not include the date, time, and system name. Description This command creates a new output definition. The switch uses the definition to send event messages to a device on your network. You can create up to nineteen output definitions.
PAGE 254
Chapter 16: Event Log and Syslog Server Commands Table 7. Default Syslog Facilities Facility Number Syslog Protocol Definition Mapped Event Log Modules and Events 4 Security/ authorization messages Security and authorization messages from the following modules: DOS, ENCO, PACCESS (802.1x), PKI, PSEC (port security), RADIUS, SSH, SSL, TACACS+, and system events such as user login and logout. 9 Clock daemon Time-based activities and events from the following modules: TIME, SNTP, and RTC.
PAGE 255
AT-S63 Management Software Command Line Interface User’s Guide Table 8. Numerical Code and Facility Level Mappings (Continued) Numerical Code 23 Facility Level Setting LOCAL7 For example, selecting LOCAL2 as the facility level assigns the numerical code of 18 to all events sent to the syslog server by the switch. The SYSLOGFORMAT parameter defines the content of the events.
PAGE 256
Chapter 16: Event Log and Syslog Server Commands DESTROY LOG OUTPUT Syntax destroy log output=output-id Parameters output Specifies the output definition ID number. Description This command deletes the specified output definition. To disable the output definition without deleting it, see “DISABLE LOG OUTPUT” on page 258.
PAGE 257
AT-S63 Management Software Command Line Interface User’s Guide DISABLE LOG Syntax disable log Parameters None. Description This command disables the event log module. When the log module is disabled, the AT-S63 management software stops storing events in the event logs and sending events to output definitions. The default setting for the event logs is enabled. Note The event log module, even when disabled, still logs all AT-S63 initialization events that occur when the switch is reset or power cycled.
PAGE 258
Chapter 16: Event Log and Syslog Server Commands DISABLE LOG OUTPUT Syntax disable log output[=output-id] Parameters output Specifies the output definition ID number to disable. Not specifying an output definition disables all definitions. Description This command disables an output definition. When disabled, no event messages are sent to the specified device, although the definition still exists. To permanently remove an output definition, see “DESTROY LOG OUTPUT” on page 256.
PAGE 259
AT-S63 Management Software Command Line Interface User’s Guide ENABLE LOG Syntax enable log Parameters None. Description This command activates the event logs. After the log is activated, the switch immediately starts to store events in the event logs and send events to defined outputs. The default setting for the event log is enabled.
PAGE 260
Chapter 16: Event Log and Syslog Server Commands ENABLE LOG OUTPUT Syntax enable log output[=output-id] Parameters output Specifies the output definition ID number to enable. The range is 2 to 20. Description This command enables an output definition that was disabled using “DISABLE LOG OUTPUT” on page 258.
PAGE 261
AT-S63 Management Software Command Line Interface User’s Guide PURGE LOG Syntax purge log[=permanent|temporary] Parameter log Specifies the type of memory on the switch where the log file you want to purge is located. The options are: permanent Permanent (nonvolatile) memory. Deletes all events stored in nonvolatile memory, which can contain up to 2,000 events. temporary Temporary memory. Deletes all events stored in temporary memory, which can contain up to 4,000 events.
PAGE 262
Chapter 16: Event Log and Syslog Server Commands SAVE LOG Syntax save log[=permanent|temporary] filename=filename.log [full] [module=module] [reverse] [severity=all|severity] [overwrite] Parameters log Specifies the source of the events you want to save to the log file. The options are: permanent Permanent (nonvolatile) memory. Saves events stored in nonvolatile memory, which can contain up to 2,000 events. temporary Temporary memory.
PAGE 263
AT-S63 Management Software Command Line Interface User’s Guide severity overwrite Saves events of a particular severity. Choices are I for Informational, E for Error, W for Warning, and D for Debug. You can select more than one severity at a time (for example, E,W). For a definition of the severity levels, see Table 10, “Event Log Severity Levels” on page 271. The default is E, W, I. Overwrites the file if it already exists.
PAGE 264
Chapter 16: Event Log and Syslog Server Commands SET LOG FULLACTION Syntax set log fullaction [temporary=halt|wrap] [permanent=halt|wrap] Parameters fullaction Specifies what happens when the logs reach maximum capacity. You can set the action separately for events stored in temporary or permanent memory. The possible actions are: halt The logs stop storing new events. wrap The logs delete the oldest entries as new ones are added. This is the default.
PAGE 265
AT-S63 Management Software Command Line Interface User’s Guide SET LOG OUTPUT Syntax set log output=output-id [destination=syslog] server=ipaddress [facility=default|local1|local2|local3|local4|local5|local6 |local7] [syslogformat=extended|normal] [module=all|module] [severity=all|severity-list] Parameters output destination Specifies an ID number that identifies the output definition to be modified. The possible output IDs are: 0 Reserved for permanent (nonvolatile) storage.
PAGE 266
Chapter 16: Event Log and Syslog Server Commands syslogformat module severity Specifies the format of the generated messages. The possible options are: extended Messages include the date, time, and system name. This is the default. normal Messages do not include the date, time, and system name. Specifies what AT-S63 events to filter. The available options are: all Sends events for all modules. This is the default. module Sends events for specific module(s).
PAGE 267
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command changes the IP address for output definition number 5 to 149.55.55.55: set log output=5 server=149.55.55.55 The following command modifies output definition number 6 to only send messages from the RADIUS module of all severity levels: set log output=6 module=radius severity=all The following command changes the facility level and message format for output definition 4.
PAGE 268
Chapter 16: Event Log and Syslog Server Commands SHOW LOG Syntax show log=[permanent|temporary] [full] [module=module] [reverse] [severity=severity] Parameters log 268 Specifies which of the two event logs you want to view. The options are: permanent Displays the events stored in permanent memory. temporary Displays the events stored in temporary memory. This is the default. full Specifies the amount of information displayed by the log.
PAGE 269
AT-S63 Management Software Command Line Interface User’s Guide Description This command displays the entries stored in an event log. An event log can display entries in two modes: normal and full. In the normal mode, a log displays the time, module, severity, and description for each entry. In the full mode, a log also displays the filename, line number, and event ID. If you want to view the entries in the full mode, use the FULL parameter. To view entries in the normal mode, omit the parameter.
PAGE 270
Chapter 16: Event Log and Syslog Server Commands Table 9.
PAGE 271
AT-S63 Management Software Command Line Interface User’s Guide Table 10. Event Log Severity Levels Value Severity Level Description E Error Switch operation is severely impaired. W Warning An issue may require manager attention. I Informational Useful information that can be ignored during normal operation. D Debug Messages intended for technical support and software development. An example of the event log is shown in Figure 28. The example uses the full display mode.
PAGE 272
Chapter 16: Event Log and Syslog Server Commands Examples The following command displays all the entries in the event log stored in permanent memory: show log=permanent The following command displays the events stored in temporary memory in the full display mode, which adds more information: show log=temporary full The following command displays only those entries stored in temporary memory and associated with the AT-S63 modules FILE and QOS: show log=permanent module=file,qos The following command disp
PAGE 273
AT-S63 Management Software Command Line Interface User’s Guide SHOW LOG OUTPUT Syntax show log output[=output-id] [full] Parameters output Specifies the output definition ID number. If an output ID number is not specified, all output definitions currently configured on the switch are displayed. full Displays the details of the output definition. If not specified, only a summary is displayed. Description This command displays output definition details.
PAGE 274
Chapter 16: Event Log and Syslog Server Commands An example of the information displayed by this command with the FULL parameter is shown in Figure 30. Output ID .................... Output Type .................. Status ....................... Server IP Address ............ Message Format ............... Facility Level ............... Event Severity ............... Event Module ................. 2 Syslog Enabled 149.88.88.88 Extended DEFAULT E,W,I All Figure 30.
PAGE 275
AT-S63 Management Software Command Line Interface User’s Guide SHOW LOG STATUS Syntax show log status Parameter None. Description This command displays information about the event log feature. Figure 31 is an example of the information displayed by this command. Event Log Configuration: Event Logging .................... Enabled Number of Output Definitions ..... 4 Figure 31. SHOW LOG STATUS Command The Event Logging field indicates whether the feature is enabled or disabled.
PAGE 276
Chapter 16: Event Log and Syslog Server Commands 276 Section II: Advanced Operations
PAGE 277
Chapter 17 Classifier Commands This chapter contains the following commands: “CREATE CLASSIFIER” on page 278 “DESTROY CLASSIFIER” on page 282 “PURGE CLASSIFIER” on page 283 “SET CLASSIFIER” on page 284 “SHOW CLASSIFIER” on page 287 Note Remember to use the SAVE CONFIGURATION command to save your changes on the switch. Note For background information on this feature, refer to Chapter 14, “Classifiers” in the AT-S63 Management Software Menus Interface User’s Guide.
PAGE 278
Chapter 17: Classifier Commands CREATE CLASSIFIER Syntax create classifier=idnumber [description=”string”] [macdaddr=macaddress|any] [macsaddr=macaddress|any] [ethformat=ethii-untagged|ethii-tagged|802.2untagged|802.2-tagged|any] [priority=integer|any] [vlan=name|1..
PAGE 279
AT-S63 Management Software Command Line Interface User’s Guide vlan Specifies a tagged or port-based VLAN by its name or VID number. protocol Specifies a Layer 2 protocol. Options are: IP ARP RARP You can specify other Layer 2 protocols by entering the protocol number in either decimal or hexadecimal format. If you use the latter, precede the number with “0x”. iptos Specifies a Type of Service value. The range is 0 to 7. ipdscp Specifies a DSCP value. The range is 0 to 63.
PAGE 280
Chapter 17: Classifier Commands udpdport Specifies a destination UDP port. tcpflags Specifies a TCP flag. Options are URG - Urgent ACK - Acknowledgement RST - Reset PSH - Push SYN - Synchronization FIN - Finish Description This command creates a classifier. A classifier defines a traffic flow. A traffic flow consists of packets that share one or more characteristics. A traffic flow can range from being very broad to very specific.
PAGE 281
AT-S63 Management Software Command Line Interface User’s Guide create classifier=7 description=”HTTPS flow” ipdaddr=149.44.44.
PAGE 282
Chapter 17: Classifier Commands DESTROY CLASSIFIER Syntax destroy classifier=idnumber Parameters classifier Specifies the ID number of the classifier to be deleted. The number can be from 1 to 9999. You can delete more than one classifier at a time. You can specify the classifiers individually (e.g., 2,5,7) as a range (e.g., 11-14), or both (e.g., 2,4-8,12). Description This command deletes a classifier from the switch. To delete a classifier, you need to know its ID number.
PAGE 283
AT-S63 Management Software Command Line Interface User’s Guide PURGE CLASSIFIER Syntax purge classifier Parameters None. Description This command deletes all classifiers from the switch. You cannot delete the classifier if they are assigned to an ACL or QoS policy. You must first remove the classifiers from the ACL and policies before you can delete them.
PAGE 284
Chapter 17: Classifier Commands SET CLASSIFIER Syntax set classifier=idnumber [description=”string”] [macdaddr=macaddress|any] [macsaddr=macaddress|any] [priority=value] [vlan=name|1..
PAGE 285
AT-S63 Management Software Command Line Interface User’s Guide iptos Specifies a Type of Service value. The range is 0 to 7. ipdscp Specifies a DSCP value. The range is 0 to 63. ipprotocol Specifies a Layer 3 protocol. Options are: TCP UDP ICMP IGMP You can specify other Layer 3 protocols by entering the protocol number in either decimal or hexadecimal format. If you use the latter, precede the number with “0x”. ipdaddr Specifies a destination IP address.
PAGE 286
Chapter 17: Classifier Commands Description This command modifies an existing classifier. The only setting of a classifier you cannot change is its ID number. Specifying a new value for a variable that already has a value overwrites the current value with the new one. The ANY option removes a variable’s value without assigning it a new value. You cannot modify a classifier if it belongs to an ACL or QoS policy that is assigned to a port.
PAGE 287
AT-S63 Management Software Command Line Interface User’s Guide SHOW CLASSIFIER Syntax show classifier[=idnumber] Parameters classifier Specifies the ID of the classifier you want to view. You can specify more than one classifier at a time. Description This command displays the classifiers on a switch. Figure 32 is an example of the information displayed by this command. --------------------------------------------Classifier ID: .................. 1 Description: ....................
PAGE 288
Chapter 17: Classifier Commands Number of Active Associations - The number of active ACLs and QoS policy assignments where the classifier is currently assigned. An active ACL or policy is assigned to at least one switch port. You can use this number together with the Number of References to determine the number of inactive ACLs and policies for a classifier.
PAGE 289
Chapter 18 Access Control List Commands This chapter contains the following commands: “CREATE ACL” on page 290 “DESTROY ACL” on page 292 “PURGE ACL” on page 293 “SET ACL” on page 294 “SHOW ACL” on page 296 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on this feature, refer to Chapter 15, “Access Control Lists” in the AT-S63 Management Software Menus Interface User’s Guide.
PAGE 290
Chapter 18: Access Control List Commands CREATE ACL Syntax create acl=value [description=”string”] [action=deny|permit] classifierlist=value [portlist=ports] Parameters acl Specifies an ID number for the ACL. The number can be from 0 to 255. Each ACL must have a unique ID number. description Specifies a description for the ACL. A description can be up to 15 alphanumeric characters. Spaces are allowed. If the description contains spaces, it must be enclosed in double quotes.
PAGE 291
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command creates an ACL that discards the ingress traffic flow specified in classifier ID 18 and applies the ACL to port 4: create acl=12 description=”IP flow deny” action=deny classifierlist=18 portlist=4 The following command creates an ACL that discards the ingress traffic flows specified in classifier ID 2 and 17 and applies the ACL to ports 2 and 6: create acl=6 description=”subnet flow deny” action=deny classifierlis
PAGE 292
Chapter 18: Access Control List Commands DESTROY ACL Syntax destroy acl=value Parameters acl Specifies ID number of the ACL you want to delete. You can delete more than ACL at a time. Description This command deletes an ACL from the switch.
PAGE 293
AT-S63 Management Software Command Line Interface User’s Guide PURGE ACL Syntax purge acl Parameters None. Description This command deletes all ACLs on the switch.
PAGE 294
Chapter 18: Access Control List Commands SET ACL Syntax set acl=value [description=string] [action=deny|permit] [classifierlist=value] [portlist=ports|none] Parameters 294 acl Specifies the ID number of the ACL you want to modify. The number can be from 0 to 255. You can modify only one ACL at a time. description Specifies a new description for the ACL. A description can be up to 15 alphanumeric characters. Spaces are allowed. If the description contains a space, it must be enclosed in double quotes.
PAGE 295
AT-S63 Management Software Command Line Interface User’s Guide Description This command modifies an ACL. You can use the command to change the description, action, classifiers, and ports of an ACL.
PAGE 296
Chapter 18: Access Control List Commands SHOW ACL Syntax show acl[=id_number] Parameters acl Specifies the ID number of the ACL you want to view. You can specify more than one ACL at a time. Description This command displays the ACLs on the switch. An example of the information displayed by this command is shown in Figure 33. --------------------------------------------ACL ID .............. 1 Description ......... IP Action .............. Deny Classifier List ..... 1 Port List ...........
PAGE 297
AT-S63 Management Software Command Line Interface User’s Guide discards the packets provided that the packets do not also meet the criteria of a classifier of a Permit ACL assigned to the same port. Classifier List - The classifiers assigned to the ACL. Port List - The ports where the ACL is assigned. Is Active - The status of the ACL. An ACL is active if it is assigned to at least one port, and inactive if it is not assigned to any ports.
PAGE 298
Chapter 18: Access Control List Commands 298 Section II: Advanced Operations
PAGE 299
Chapter 19 Class of Service (CoS) Commands This chapter contains the following commands: “MAP QOS COSP” on page 300 “PURGE QOS” on page 302 “SET QOS COSP” on page 303 “SET QOS SCHEDULING” on page 304 “SET SWITCH PORT PRIORITY OVERRIDEPRIORITY” on page 305 “SHOW QOS CONFIG” on page 307 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 300
Chapter 19: Class of Service (CoS) Commands MAP QOS COSP Syntax map qos cosp=priority-number qid=queue-number Parameters cosp Specifies a Class of Service (CoS) priority level. The CoS priority levels are 0 through 7, with 0 as the lowest priority and 7 as the highest. You can specify more than one priority to assign to the same egress queue. qid Specifies the egress queue number. The egress queues are numbered 0 through 7, with queue 0 as the lowest priority and 7 as the highest.
PAGE 301
AT-S63 Management Software Command Line Interface User’s Guide Example The following command maps priorities 4 and 5, to queue 3: map qos cosp=4,5 qid=3 Equivalent Command set qos cosp=priority-number qid=queue-number For information, see “SET QOS COSP” on page 303.
PAGE 302
Chapter 19: Class of Service (CoS) Commands PURGE QOS Syntax purge qos Parameters None Description This command destroys all policies, traffic classes, and flow groups; resets the CoS priorities to port egress queues to the default values; and sets the scheduling mode and egress weight queues to their default values.
PAGE 303
AT-S63 Management Software Command Line Interface User’s Guide SET QOS COSP Syntax set qos cosp=priority-number qid=queue-number Parameters cosp Specifies a Class of Service (CoS) priority level. The CoS priority levels are 0 through 7, with 0 as the lowest priority and 7 as the highest. You can specify more than one priority to assign to the same egress queue. qid Specifies the egress queue number. The egress queues are numbered 0 through 7, with queue 0 as the lowest priority and 7 as the highest.
PAGE 304
Chapter 19: Class of Service (CoS) Commands SET QOS SCHEDULING Syntax set qos scheduling=strict|wrr weights=weights Parameters scheduling weights Specifies the type of scheduling. The options are: strict Strict priority. The port transmits all packets out of the higher priority queues before it transmits any from the low priority queues. This is the default. wrr Weighted round robin. The port transmits a set number of packets from each queue in a round robin manner.
PAGE 305
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH PORT PRIORITY OVERRIDEPRIORITY Syntax set switch port=port [priority=value] [overridepriority=yes|no|on|off|true|false] Parameters port Specifies the port you want to configure. You can specify more than one port at a time, but the ports must be of the same medium type. For example, you cannot configure twisted pair and fiber optic ports with the same command.
PAGE 306
Chapter 19: Class of Service (CoS) Commands This command allows you to override the priority level mappings at the port level by assigning the packets a temporary priority. Note that this assignment is made when a packet is received on the ingress port and before the frame is forwarded to the egress port. Consequently, you need to configure this feature on the ingress port.
PAGE 307
AT-S63 Management Software Command Line Interface User’s Guide SHOW QOS CONFIG Syntax show qos config Parameters None. Description Displays the CoS priority queues and scheduling. Figure 34 is an example of the information displayed by this command. QoS Configuration information: Number of CoS Queues .......... 8 CoS CoS CoS CoS CoS CoS CoS CoS 0 1 2 3 4 5 6 7 Priority Priority Priority Priority Priority Priority Priority Priority Queue Queue Queue Queue Queue Queue Queue Queue .......... ..........
PAGE 308
Chapter 19: Class of Service (CoS) Commands using weighted round robin and specify how many packets a port transmits from a queue before moving to the next queue.
PAGE 309
Chapter 20 Quality of Service (QoS) Commands This chapter contains the following commands: “ADD QOS FLOWGROUP” on page 310 “ADD QOS POLICY” on page 311 “ADD QOS TRAFFICCLASS” on page 312 “CREATE QOS FLOWGROUP” on page 313 “CREATE QOS POLICY” on page 316 “CREATE QOS TRAFFICCLASS” on page 323 “DELETE QOS FLOWGROUP” on page 328 “DELETE QOS POLICY” on page 329 “DELETE QOS TRAFFICCLASS” on page 330 “DESTROY QOS FLOWGROUP” on page 331 “DESTROY QOS POLICY” on page 332
PAGE 310
Chapter 20: Quality of Service (QoS) Commands ADD QOS FLOWGROUP Syntax add qos flowgroup=value classifierlist=values Parameter flowgroup Specifies the ID number of the flow group you want to modify. You can modify only one flow group at a time. classifierlist Specifies the new classifiers for the flow group. The new classifiers are added to any classifiers already assigned to the flow group. Separate multiple classifiers with commas (e.g., 4,11,12).
PAGE 311
AT-S63 Management Software Command Line Interface User’s Guide ADD QOS POLICY Syntax add qos policy=value trafficclasslist=values Parameter policy Specifies the ID number of the policy you want to modify. You can modify only one policy at a time. trafficclasslist Specifies the new traffic classes of the policy. Traffic classes already assigned to the policy are retained. Separate multiple traffic classes with commas (e.g., 4,11,12). Description This command adds traffic classes to an existing policy.
PAGE 312
Chapter 20: Quality of Service (QoS) Commands ADD QOS TRAFFICCLASS Syntax add qos trafficclass=value flowgrouplist=values Parameter trafficclass Specifies the ID number of the traffic class you want to modify. You can modify only one traffic class at a time. flowgrouplist Specifies the new flow groups of the traffic class. The new flow groups are added to any flow groups already assigned to the flow group. Separate multiple flow groups with commas (e.g., 4,11,12).
PAGE 313
AT-S63 Management Software Command Line Interface User’s Guide CREATE QOS FLOWGROUP Syntax create qos flowgroup=value [description=”string”] [markvalue=value|none] [priority=value|none] [remarkpriority=yes|no|on|off|true|false] [tos=value|none] [movetostopriority=yes|no|on|off|true|false] [moveprioritytotos=yes|no|on|off|true|false] [classifierlist=values|none] Parameters flowgroup Specifies an ID number for the flow group. Each flow group on the switch must have a unique number. The range is 0 to 1023.
PAGE 314
Chapter 20: Quality of Service (QoS) Commands remarkpriority Replaces the user priority value in the packets with the new value specified with the PRIORITY parameter. This parameter is ignored if the PRIORITY parameter is omitted or set to NONE. Options are: yes, on, true Replaces the user priority value in the packets with the new value specified with the PRIORITY parameter.
PAGE 315
AT-S63 Management Software Command Line Interface User’s Guide Description This command creates a new flow group. Note For examples of command sequences used to create entire QoS policies, refer to “CREATE QOS POLICY” on page 316. Examples This command creates a flow group with an ID of 10 and the description “VoIP flow”. The flow group is assigned a priority level of 7 and defined by classifiers 15 and 17.
PAGE 316
Chapter 20: Quality of Service (QoS) Commands CREATE QOS POLICY Syntax create qos policy=value [description=“string”] [indscpoverwrite=value|none] [remarkindscp=all|none] [tos=value|none] [movetostopriority=yes|no|on|off|true|false] [moveprioritytotos=yes|no|on|off|true|false] [sendtomirror=yes|no|on|off|true|false] [trafficclasslist=values|none] [redirectport=value|none] [ingressport=port|all|none] [egressport=port|none] Parameters policy Specifies an ID number for the policy.
PAGE 317
AT-S63 Management Software Command Line Interface User’s Guide A new ToS value can be set at all three levels: flow group, traffic class, and policy. A ToS value specified in a flow group overrides a ToS value specified at the traffic class or policy level. movetostopriority Replaces the value in the 802.1p priority field with the value in the ToS priority field on IPv4 packets. Options are: yes, on, true Replaces the value in the 802.
PAGE 318
Chapter 20: Quality of Service (QoS) Commands ingressport Specifies the ingress ports to which the policy is to be assigned. Ports can be identified individually (e.g., 5,7,22), as a range (e.g., 18-23), or both (e.g., 1,5,1422). A port can be an ingress port of only one policy at a time. If a port is already an ingress port of a policy, you must remove the port from its current policy assignment before adding it to another policy.
PAGE 319
AT-S63 Management Software Command Line Interface User’s Guide QoS Command Sequence Examples Creating a QoS policy involves a command sequence that creates one or more classifiers, a flow group, a traffic class, and finally the policy. The following sections contain examples of the command sequences for different types of policies. Example 1: Voice Application Voice applications typically require a small bandwidth but it must be consistent.
PAGE 320
Chapter 20: Quality of Service (QoS) Commands The parts of the policies are: Classifiers - Define the traffic flow by specifying the IP address of the node with the voice application. The classifier for Policy 6 specifies the address as a source address since this classifier is part of a policy concerning packets coming from the application. The classifier for Policy 11 specifies the address as a destination address since this classifier is part of a policy concerning packets going to the application.
PAGE 321
AT-S63 Management Software Command Line Interface User’s Guide create qos trafficclass=19 description=”video flow” maxbandwidth=5 flowgrouplist=41 create qos policy=17 description=”video flow” trafficclasslist=19 ingressport=1 Policy 32 Commands: create classifier=42 description=”video flow” ipdadddr=149.44.44.
PAGE 322
Chapter 20: Quality of Service (QoS) Commands Policy 15 Commands: create classifier=42 description=database ipsadddr=149.44.44.44 create qos flowgroup=36 description=database classifierlist=42 create qos trafficclass=21 description=database maxbandwidth=50 flowgrouplist=36 create qos policy=15 description=database trafficclasslist=21 ingressport=1 Policy 17 Commands: create classifier=10 description=database ipdadddr=149.44.44.
PAGE 323
AT-S63 Management Software Command Line Interface User’s Guide CREATE QOS TRAFFICCLASS Syntax create qos trafficclass=value [description=”string”] [exceedaction=drop|remark] [exceedremarkvalue=value|none] [markvalue=value|none] [maxbandwidth=value|none] [burstsize=value|none] [priority=value|none] [remarkpriority=yes|no|on|off|true|false] [tos=value|none] [movetostopriority=yes|no|on|off|true|false] [moveprioritytotos=yes|no|on|off|true|false] [flowgrouplist=values|none] Parameters Section II: Advanced O
PAGE 324
Chapter 20: Quality of Service (QoS) Commands A new DSCP value can be set at all three levels: flow group, traffic class, and policy. A DSCP value specified in a flow group overrides a DSCP value specified at the traffic class or policy level. A DSCP value specified at the traffic class level is used only if no value has been specified at the flow group level. It will override any value set at the policy level. maxbandwidth Specifies the maximum bandwidth available to the traffic class.
PAGE 325
AT-S63 Management Software Command Line Interface User’s Guide If the traffic is below the maximum bandwidth, unused tokens will accumulate in the bucket since the actual bandwidth falls below the specified maximum. The unused tokens will be available for handling excess traffic should the traffic exceed the maximum bandwidth. Should an increase in traffic continue to the point where all the unused tokens are used up, packets will be discarded.
PAGE 326
Chapter 20: Quality of Service (QoS) Commands parameter. This is the default. tos Specifies a replacement value to write into the Type of Service (ToS) field of IPv4 packets. The range is 0 to 7. A new ToS value can be set at all three levels: flow group, traffic class, and policy. A ToS value specified in a flow group overrides a ToS value specified at the traffic class or policy level. movetostopriority moveprioritytotos flowgrouplist Replaces the value in the 802.
PAGE 327
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command creates a traffic class with an ID number of 25 and the description “Database flow”. The only parameter in the traffic class is the identification of the flow group, which is 11: create qos trafficclass=25 description=”Database flow” flowgrouplist=11 This command creates a traffic class with the ID number of 41 and description “Video flow”.
PAGE 328
Chapter 20: Quality of Service (QoS) Commands DELETE QOS FLOWGROUP Syntax delete qos flowgroup=value classifierlist=values Parameter flowgroup Specifies the ID number of the flow group you want to modify. You can modify only one flow group at a time. classifierlist Specifies the classifiers you want to remove from the flow group. Separate multiple classifiers with commas (e.g., 4,11,12). (The online help for this command includes a NONE option for this parameter.
PAGE 329
AT-S63 Management Software Command Line Interface User’s Guide DELETE QOS POLICY Syntax delete qos policy=value trafficclasslist=values Parameter policy Specifies the ID number of the policy you want to modify. You can modify only one policy at a time. trafficclasslist Specifies the IDs of the traffic classes you want to remove from the policy. Separate multiple traffic class with commas (e.g., 4,11,12). (The online help for this command includes a NONE option for this parameter.
PAGE 330
Chapter 20: Quality of Service (QoS) Commands DELETE QOS TRAFFICCLASS Syntax delete qos trafficclass=value flowgrouplist=values Parameter flowgroup Specifies the ID number of the traffic class you want to modify. You can modify only one traffic class at a time. flowgrouplist Specifies the IDs of the flow groups you want to remove from the traffic class. Separate multiple flow groups with commas (e.g., 4,11,12). (The online help for this command includes a NONE option for this parameter.
PAGE 331
AT-S63 Management Software Command Line Interface User’s Guide DESTROY QOS FLOWGROUP Syntax destroy qos flowgroup=value Parameter flowgroup Specifies the ID number of the flow group you want to delete. You can delete more than one flow group at a time. You can specify the flow groups individually, as a range, or both. Description This command deletes flow groups.
PAGE 332
Chapter 20: Quality of Service (QoS) Commands DESTROY QOS POLICY Syntax destroy qos policy=value Parameter flowgroup Specifies the ID number of the policy you want to delete. You can delete more than one policy at a time. You can specify the flow groups individually, as a range, or both. Description This command deletes QoS policies.
PAGE 333
AT-S63 Management Software Command Line Interface User’s Guide DESTROY QOS TRAFFICCLASS Syntax destroy qos trafficclass=value Parameter trafficclass Specifies the ID number of the traffic class you want to delete. You can delete more than one traffic class at a time. You can specify the flow groups individually, as a range, or both. Description This command deletes traffic classes.
PAGE 334
Chapter 20: Quality of Service (QoS) Commands PURGE QOS Syntax purge qos Parameters None Description This command destroys all policies, traffic classes, and flow groups; resets the CoS priorities to port egress queues to the default values; and sets the scheduling mode and egress weight queues to their default values.
PAGE 335
AT-S63 Management Software Command Line Interface User’s Guide SET QOS FLOWGROUP Syntax set qos flowgroup=value [description=string] [markvalue=value|none] [priority=value|NONE] [remarkpriority=yes|no|on|off|true|false] [tos=value|none] [movetostopriority=yes|no|on|off|true|false] [moveprioritytotos=yes|no|on|off|true|false] [classifierlist=values|none] Parameters flowgroup Specifies the ID number of the flow group you want to modify. The range is 0 to 1023.
PAGE 336
Chapter 20: Quality of Service (QoS) Commands omitted or set to NONE. Options are: tos yes, on, true Replaces the user priority value in the packets with the new value specified with the PRIORITY parameter. no, off, false Does not replace the user priority value in the packets with the new value specified in with the PRIORITY parameter. This is the default. Specifies a replacement value to write into the Type of Service (ToS) field of IPv4 packets. The range is 0 to 7.
PAGE 337
AT-S63 Management Software Command Line Interface User’s Guide Description This command modifies the specifications of an existing flow group. The only parameter you cannot change is a flow group’s ID number. To initially create a flow group, refer to “CREATE QOS FLOWGROUP” on page 313. Note For examples of command sequences used to create entire QoS policies, refer to “CREATE QOS POLICY” on page 316. When modifying a flow group, note the following: You cannot change a flow group’s ID number.
PAGE 338
Chapter 20: Quality of Service (QoS) Commands SET QOS POLICY Syntax set qos policy=value [description=string] [indscpoverwrite=value|none] [remarkindscp=[all|none]] [tos=value|none] [movetostopriority=yes|no|on|off|true|false] [moveprioritytotos=yes|no|on|off|true|false] [sendtomirror=yes|no|on|off|true|false] [trafficclasslist=values|none] [redirectport=value|none] [ingressport=port|all|none] [egressport=port|none] Parameters policy Specifies an ID number for the policy.
PAGE 339
AT-S63 Management Software Command Line Interface User’s Guide a flow group overrides a ToS value specified at the traffic class or policy level. movetostopriority Replaces the value in the 802.1p priority field with the value in the ToS priority field on IPv4 packets. Options are: yes, on, true Replaces the value in the 802.1p priority field with the value in the ToS priority field on IPv4 packets. no, off, false Does not replace the preexisting 802.1p priority level This is the default.
PAGE 340
Chapter 20: Quality of Service (QoS) Commands A port can be an ingress port of only one policy at a time. If a port is already an ingress port of a policy, you must remove the port from its current policy assignment before adding it to another policy. Alternatively, you can use “SET QOS PORT” on page 341, which removes a port from a policy and adds it to another policy with one command. egressport Specifies the egress port to which the policy is to be assigned. You can enter only one egress port.
PAGE 341
AT-S63 Management Software Command Line Interface User’s Guide SET QOS PORT Syntax set qos port=value type=ingress|egress policy=value|none Parameter port Specifies the port to which the policy is to be assigned or removed. You can specify more than one port at a time if the port is an ingress port of the traffic flow. Ports can be identified individually (e.g., 5,7,22), as a range (e.g., 18-23), or both (e.g., 1,5,14-22).
PAGE 342
Chapter 20: Quality of Service (QoS) Commands SET QOS TRAFFICCLASS Syntax set qos trafficclass=value [description=”string”] [exceedaction=drop|remark] [exceedremarkvalue=value|none] [markvalue=value|none] [maxbandwidth=value|none] [burstsize=value|none] [priority=value|none] [remarkpriority=yes|no|on|off|true|false] [tos=value|none] [movetostopriority=yes|no|on|off|true|false] [moveprioritytotos=yes|no|on|off|true|false] [flowgrouplist=values|none] Parameters 342 trafficclass Specifies an ID number for
PAGE 343
AT-S63 Management Software Command Line Interface User’s Guide markvalue Specifies a replacement value to write into the DSCP (TOS) field of the packets. The range is 0 to 63. A new DSCP value can be set at all three levels: flow group, traffic class, and policy. A DSCP value specified in a flow group overrides a DSCP value specified at the traffic class or policy level. A DSCP value specified at the traffic class level is used only if no value has been specified at the flow group level.
PAGE 344
Chapter 20: Quality of Service (QoS) Commands unused tokens will accumulate in the bucket. If the traffic increases, the excess traffic will be discarded since no tokens are available for handling the increase. If the traffic is below the maximum bandwidth, unused tokens will accumulate in the bucket since the actual bandwidth falls below the specified maximum. The unused tokens will be available for handling excess traffic should the traffic exceed the maximum bandwidth.
PAGE 345
AT-S63 Management Software Command Line Interface User’s Guide A new ToS value can be set at all three levels: flow group, traffic class, and policy. A ToS value specified in a flow group overrides a ToS value specified at the traffic class or policy level. movetostopriority moveprioritytotos flowgrouplist Replaces the value in the 802.1p priority field with the value in the ToS priority field on IPv4 packets. Options are: yes, on, true Replaces the value in the 802.
PAGE 346
Chapter 20: Quality of Service (QoS) Commands Examples This command changes the exceed action in traffic class 18 to remark and specifies a remark value of 24.
PAGE 347
AT-S63 Management Software Command Line Interface User’s Guide SHOW QOS FLOWGROUP Syntax show qos flowgroup[=idnumber] Parameters flowgroup Specifies the ID of the flow group you want to view. You can specify more than one classifier at a time. Description This command displays the flow groups on a switch. An example is shown in Figure 35. Flow Group ID .............. Description ................ DSCP value ................. Priority ................... Remark Priority ............ ToS .................
PAGE 348
Chapter 20: Quality of Service (QoS) Commands set to No, which is the default, the packets retain their preexisting ToS priority level. Classifier List - The classifiers assigned to the policy. Parent Traffic Class ID - The ID number of the traffic class to which the flow group is assigned. A flow group can belong to only one traffic class at a time. Is Active - The status of the flow group.
PAGE 349
AT-S63 Management Software Command Line Interface User’s Guide SHOW QOS POLICY Syntax show qos policy[=idnumber] Parameter policy Specifies the ID of the policy you want to view. You can specify more than one policy at a time. Separate multiple policies with commas (e.g., 4,5,10). Description This command displays the policies on a switch. An example is shown in Figure 36. Policy ID ................ Description .............. Remark DSCP .............. In DSCP overwrite ........ ToS ....................
PAGE 350
Chapter 20: Quality of Service (QoS) Commands 802.1p priority level. Move Priority to ToS - If set to yes, replaces the value in the ToS priority field with the value in the 802.1p priority field on IPv4 packets. If set to No, which is the default, the packets retain their preexisting ToS priority level. Send to Mirror Port - Copies the traffic that meets the criteria of the classifiers to a destination mirror port.
PAGE 351
AT-S63 Management Software Command Line Interface User’s Guide SHOW QOS TRAFFICCLASS Syntax show qos trafficclass[=idnumber] Parameter trafficclass Specifies the ID of the traffic class you want to view. You can specify more than one traffic class at a time. Separate multiple traffic classes with commas (e.g., 4,5,10). Description This command displays the traffic classes on a switch. An example is shown in Figure 37. Traffic Class ID .......... Description ............... Exceed Action .............
PAGE 352
Chapter 20: Quality of Service (QoS) Commands Priority - The priority value in the IEEE 802.1p tag control field assigned to the traffic that belongs to this traffic class. Remark Priority - Replaces the user priority value in the packets with the Priority value. ToS - Specifies a replacement value to write into the Type of Service (ToS) field of IPv4 packets. The range is 0 to 7. Move ToS to Priority - If set to yes, replaces the value in the 802.
PAGE 353
Chapter 21 Denial of Service Defense Commands This chapter contains the following command: “SET DOS” on page 354 “SET DOS IPOPTION” on page 355 “SET DOS LAND” on page 357 “SET DOS PINGOFDEATH” on page 358 “SET DOS SMURF” on page 360 “SET DOS SYNFLOOD” on page 361 “SET DOS TEARDROP” on page 362 “SHOW DOS” on page 364 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 354
Chapter 21: Denial of Service Defense Commands SET DOS Syntax set dos ipaddress=ipaddress subnet=mask uplinkport=port Parameters ipaddress Specifies the IP address of one of the devices connected to the switch, preferably the lowest IP address. subnet Specifies the subnet mask of the LAN. A binary “1” indicates the switch should filter on the corresponding bit of the address, while a “0” indicates that it should not.
PAGE 355
AT-S63 Management Software Command Line Interface User’s Guide SET DOS IPOPTION Syntax set dos ipoption port=port state=enable|disable [mirroring=yes|no|on|off|true|false|enabled|disabled] Parameters port Specifies the switch port where you want to enable or disable the IP Option defense. You can specify more than one port at a time. state Specifies the state of the IP Option defense. The options are: mirroring enable Activates the defense. disable Deactivates the defense. This is the default.
PAGE 356
Chapter 21: Denial of Service Defense Commands You can use the MIRRORING parameter to copy the examined traffic to a destination port mirror for analysis with a data analyzer. To define the destination port, refer to “SET SWITCH MIRROR” on page 194.
PAGE 357
AT-S63 Management Software Command Line Interface User’s Guide SET DOS LAND Syntax set dos land port=port state=enable|disable [mirroring=yes|no|on|off|true|false|enabled|disabled] Parameters port Specifies the switch port on which you want to enable or disable the Land defense. You can specify more than one port at a time. state Specifies the state of the Land defense. The options are: mirroring enable Activates the defense. disable Deactivates the defense. This is the default.
PAGE 358
Chapter 21: Denial of Service Defense Commands SET DOS PINGOFDEATH Syntax set dos pingofdeath port=port state=enable|disable [mirroring=yes|no|on|off|true|false|enabled|disabled] Parameters port Specifies the switch ports on which to enable or disable the Ping of Death defense. You can specify more than one port at a time. state Specifies the state of the IP Option defense. The options are: mirroring enable Activates the defense. disable Deactivates the defense. This is the default.
PAGE 359
AT-S63 Management Software Command Line Interface User’s Guide Note This defense mechanism requires some involvement by the switch’s CPU, though not as much as the Teardrop defense. This will not impact the forwarding of traffic between the switch ports, but it can affect the handling of CPU events, such as the processing of IGMP packets and spanning tree BPDUs.
PAGE 360
Chapter 21: Denial of Service Defense Commands SET DOS SMURF Syntax set dos smurf port=port state=enable|disable Parameters port Specifies the switch ports on which you want to enable or disable SMURF defense. You can select more than one port at a time. state Specifies the state of the SMURF defense. The options are: enable Activates the defense. disable Deactivates the defense. This is the default. Description This command activates and deactivates the SMURF DoS defense.
PAGE 361
AT-S63 Management Software Command Line Interface User’s Guide SET DOS SYNFLOOD Syntax set dos synflood port=port state=enable|disable Parameters port Specifies the switch ports on which you want to enable or disable this DoS defense. You can select more than one port at a time. state Specifies the state of the DoS defense. The options are: enable Activates the defense. disable Deactivates the defense. This is the default.
PAGE 362
Chapter 21: Denial of Service Defense Commands SET DOS TEARDROP Syntax set dos teardrop port=port state=enable|disable [mirroring=yes|no|on|off|true|false|enabled|disabled] Parameters port Specifies the switch ports on which you want to enable or disable this DoS defense. You can select more than one port at a time. state Specifies the state of the DoS defense. The options are: mirroring enable Activates the defense. disable Deactivates the defense. This is the default.
PAGE 363
AT-S63 Management Software Command Line Interface User’s Guide You can use the MIRRORING parameter to copy the offending traffic to a destination port mirror for analysis with a data analyzer. To define the destination port, refer to “SET SWITCH MIRROR” on page 194. Caution This defense is extremely CPU intensive and should be used with caution. Unrestricted use can cause a switch to halt operations if the CPU becomes overwhelmed with IP traffic.
PAGE 364
Chapter 21: Denial of Service Defense Commands SHOW DOS Syntax 1 show dos [ipaddress] [subnet] [uplinkport] Syntax 2 show dos defense port=port Parameters ipaddress Displays the IP address of the LAN. subnet Displays the subnet mask. uplinkport Displays the uplink port for the Land defense. defense Displays the status of a specified defense for a particular port.
PAGE 365
AT-S63 Management Software Command Line Interface User’s Guide The following command displays the status of the SMURF defense on port 4: show dos smurf port=4 Section II: Advanced Operations 365
PAGE 366
Chapter 21: Denial of Service Defense Commands 366 Section II: Advanced Operations
PAGE 367
Section III IGMP Snooping, MLD Snooping, and RRP Snooping The chapters in this section contain the commands for IGMP, MLD, and RRP snooping.
PAGE 368
Section III: IGMP Snooping, MLD Snooping, and RRP Snooping
PAGE 369
Chapter 22 IGMP Snooping Commands This chapter contains the following commands: “DISABLE IGMPSNOOPING” on page 370 “ENABLE IGMPSNOOPING” on page 371 “SET IP IGMP” on page 372 “SHOW IGMPSNOOPING” on page 375 “SHOW IP IGMP” on page 376 Note Remember to use the SAVE CONFIGURATION command to save your changes on the switch. Note For background information on this feature, refer to Chapter 19, “IGMP Snooping” in the AT-S63 Management Software Menus Interface User’s Guide.
PAGE 370
Chapter 22: IGMP Snooping Commands DISABLE IGMPSNOOPING Syntax disable igmpsnooping Parameters None. Description This command deactivates IGMP snooping on the switch. Example The following command deactivates IGMP snooping: disable igmpsnooping Equivalent Command set ip igmp snoopingstatus=disabled For information, refer to “SET IP IGMP” on page 372.
PAGE 371
AT-S63 Management Software Command Line Interface User’s Guide ENABLE IGMPSNOOPING Syntax enable igmpsnooping Parameters None. Description This command activates IGMP snooping on the switch. Example The following command activates IGMP snooping: enable igmpsnooping Equivalent Command set ip igmp snoopingstatus=enabled For information, refer to “SET IP IGMP” on page 372.
PAGE 372
Chapter 22: IGMP Snooping Commands SET IP IGMP Syntax set ip igmp [snoopingstatus=enabled|disabled] [hoststatus=singlehost|multihost] [timeout=value] [numbermulticastgroups=value] [routerport=port|all|none|auto] Parameters snoopingstatus hoststatus timeout Activates and deactivates IGMP snooping on the switch. The options are: enabled Activates IGMP snooping. disabled Deactivates IGMP snooping. This is the default setting. Specifies the IGMP host node topology.
PAGE 373
AT-S63 Management Software Command Line Interface User’s Guide for queries from the router. If the switch does not detect any queries from a multicast router during the specified time interval, the router is assumed to be no longer active on the port. The actual timeout may be ten seconds less that the specified value. For example, a setting of 25 seconds can result in the switch classifying a host node or multicast router as inactive after just 15 seconds.
PAGE 374
Chapter 22: IGMP Snooping Commands Examples The following command activates IGMP snooping, sets the IGMP topology to Multi-Host, and sets the timeout value to 120 seconds: set ip igmp snoopingstatus=enabled hoststatus=multihost timeout=120 The following command changes the topology to Single-Host: set ip igmp hoststatus=singlehost The following command disables IGMP snooping: set ip igmp snoopingstatus=disabled Equivalent Commands disable igmpsnooping For information, refer to “DISABLE IGMPSNOOPING” on
PAGE 375
AT-S63 Management Software Command Line Interface User’s Guide SHOW IGMPSNOOPING Syntax show igmpsnooping Parameters None. Description This command displays the IGMP parameters. Figure 38 illustrates the information that is displayed by this command. IGMP Snooping Configuration: IGMP Snooping Status ............... Host Topology ...................... Host/Router Timeout Interval ....... Maximum IGMP Multicast Groups ...... Router Port(s) .....................
PAGE 376
Chapter 22: IGMP Snooping Commands SHOW IP IGMP Syntax show ip igmp [hostlist] [routerlist] Parameters hostlist Displays a list of the multicast groups learned by the switch, as well as the ports on the switch that are connected to host nodes. This parameter displays information only when there are active host nodes. routerlist Displays the ports on the switch where multicast routers are detected. This parameter displays information only when there are active multicast routers.
PAGE 377
AT-S63 Management Software Command Line Interface User’s Guide The HOSTLIST parameter displays the following information: Number of IGMP Multicast Groups - The number of IGMP multicast groups with active host nodes on the switch. Multicast Group - The multicast address of the group. VLAN - The VID of the VLAN where the port or trunk is an untagged member. Port/Trunk - The port on the switch where the host node is connected.
PAGE 378
Chapter 22: IGMP Snooping Commands Equivalent Command show igmpsnooping This command does not display the router and host lists. For information, see “SHOW IGMPSNOOPING” on page 375.
PAGE 379
Chapter 23 MLD Snooping Commands This chapter contains the following commands: “DISABLE MLDSNOOPING” on page 380 “ENABLE MLDSNOOPING” on page 381 “SET IPV6 MLDSNOOPING” on page 382 “SHOW MLDSNOOPING” on page 384 “SHOW IPV6 MLDSNOOPING” on page 386 Note Remember to use the SAVE CONFIGURATION command to save your changes on the switch. Note For background information on this feature, refer to Chapter 20, “MLD Snooping” in the AT-S63 Management Software Menus Interface User’s Guide.
PAGE 380
Chapter 23: MLD Snooping Commands DISABLE MLDSNOOPING Syntax disable mldsnooping Parameters None. Description This command deactivates MLD snooping on the switch. Example The following command deactivates MLD snooping: disable mldsnooping Equivalent Command set ipv6 mldsnooping snoopingstatus=disabled For information, refer to “SET IPV6 MLDSNOOPING” on page 382.
PAGE 381
AT-S63 Management Software Command Line Interface User’s Guide ENABLE MLDSNOOPING Syntax enable mldsnooping Parameters None. Description This command activates MLD snooping on the switch. Example The following command activates MLD snooping: enable mldsnooping Equivalent Command set ipv6 mldsnooping snoopingstatus=enabled For information, refer to “SET IPV6 MLDSNOOPING” on page 382.
PAGE 382
Chapter 23: MLD Snooping Commands SET IPV6 MLDSNOOPING Syntax set ipv6 mldsnooping [snoopingstatus=enabled|disabled] [hoststatus=singlehost|multihost] [timeout=value] [numbermulticastgroups=value] [routerport=port|all|none|auto] Parameters snoopingstatus hoststatus 382 Activates and deactivates MLD snooping on the switch. The options are: enabled Activates MLD snooping. disabled Deactivates MLD snooping. This is the default setting. Specifies the MLD host node topology.
PAGE 383
AT-S63 Management Software Command Line Interface User’s Guide static MAC addresses. The range is 1 to 255 addresses; the default is 64 addresses. Note The combined number of multicast address groups for IGMP and MLD snooping cannot exceed 255. routerport Specifies the port(s) on the switch connected to a multicast router. Options are: port Specifies the router port(s) manually. all Specifies all of the switch ports. none Sets the mode to manual without any router ports specified.
PAGE 384
Chapter 23: MLD Snooping Commands SHOW MLDSNOOPING Syntax show mldsnooping Parameters None. Description This command displays the following MLD parameters: MLD snooping status Multicast host topology Host/router timeout interval Maximum multicast groups Host and router lists To set the MLD parameters, refer to “SET IPV6 MLDSNOOPING” on page 382. This command displays the information in Figure 42. MLD Snooping Configuration: MLD Snooping Status ................ Host Topology ..........
PAGE 385
AT-S63 Management Software Command Line Interface User’s Guide The Host List section displays the following information: Multicast Group - The multicast address of the group. VLAN - The VID of the VLAN where the port is an untagged member. Port/TrunkID - The port on the switch where the host node is connected. If the host node is connected to the switch through a trunk, the trunk ID number, not the port number, is displayed. HostIP - The IP address of the host node connected to the port.
PAGE 386
Chapter 23: MLD Snooping Commands SHOW IPV6 MLDSNOOPING Syntax show ipv6 mldsnooping [hostlist] [routerlist] Parameters hostlist Displays a list of the multicast groups learned by the switch, as well as the ports on the switch that are connected to host nodes. This parameter displays information only when there are active host nodes. routerlist Displays the ports on the switch where multicast routers are detected. This parameter displays information only when there are active multicast routers.
PAGE 387
AT-S63 Management Software Command Line Interface User’s Guide Refer to “SET IPV6 MLDSNOOPING” on page 382 for an explanation of the parameters. The HOSTLIST option displays the information in Figure 44. Host List: Number of MLD Multicast Groups: 1 VLAN Port/ Exp. MulticastGroup ID TrunkID HostIP Time -------------------------------------------------------------------------------------------33:33:00:00:00:ab 1 6 fe80:0000:0000:0000:0208:74ff:feff:bf08 21 Figure 44.
PAGE 388
Chapter 23: MLD Snooping Commands The following command displays a list of active host nodes connected to the switch: show ipv6 mldsnooping hostlist The following command displays a list of active multicast routers: show ipv6 mldsnooping routerlist Equivalent Command show mldsnooping For information, see “SHOW MLDSNOOPING” on page 384.
PAGE 389
Chapter 24 RRP Snooping Commands This chapter contains the following commands: “DISABLE RRPSNOOPING” on page 390 “ENABLE RRPSNOOPING” on page 391 “SHOW RRPSNOOPING” on page 392 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on this feature, refer to Chapter 21, “RRP Snooping” in the AT-S63 Management Software Menus Interface User’s Guide.
PAGE 390
Chapter 24: RRP Snooping Commands DISABLE RRPSNOOPING Syntax disable rrpsnooping Parameters None. Description This command disables RRP snooping. This is the default setting.
PAGE 391
AT-S63 Management Software Command Line Interface User’s Guide ENABLE RRPSNOOPING Syntax enable rrpsnooping Parameters None. Description This command enables RRP snooping.
PAGE 392
Chapter 24: RRP Snooping Commands SHOW RRPSNOOPING Syntax show rrpsnooping Parameter None. Description This command displays the status of RRP snooping, enabled or disabled.
PAGE 393
Section IV SNMPv3 The chapter in this section contains the commands for SNMPv3.
PAGE 394
Section III: SNMPv3
PAGE 395
Chapter 25 SNMPv3 Commands This chapter contains the following commands: “ADD SNMPV3 USER” on page 397 “CLEAR SNMPV3 ACCESS” on page 399 “CLEAR SNMPV3 COMMUNITY” on page 401 “CLEAR SNMPV3 NOTIFY” on page 402 “CLEAR SNMPV3 TARGETADDR” on page 403 “CLEAR SNMPV3 VIEW” on page 404 “CREATE SNMPV3 ACCESS” on page 405 “CREATE SNMPV3 COMMUNITY” on page 408 “CREATE SNMPV3 GROUP” on page 410 “CREATE SNMPV3 NOTIFY” on page 412 “CREATE SNMPV3 TARGETADDR” on page 414 “CRE
PAGE 396
Chapter 25: SNMPv3 Commands “SET SNMPV3 NOTIFY” on page 440 “SET SNMPV3 TARGETADDR” on page 442 “SET SNMPV3 TARGETPARAMS” on page 444 “SET SNMPV3 USER” on page 446 “SET SNMPV3 VIEW” on page 448 “SHOW SNMPV3 ACCESS” on page 450 “SHOW SNMPV3 COMMUNITY” on page 451 “SHOW SNMPv3 GROUP” on page 452 “SHOW SNMPV3 NOTIFY” on page 453 “SHOW SNMPV3 TARGETADDR” on page 454 “SHOW SNMPV3 TARGETPARAMS” on page 455 “SHOW SNMPV3 USER” on page 456 “SHOW SNMPV3 VIEW” on pag
PAGE 397
AT-S63 Management Software Command Line Interface User’s Guide ADD SNMPV3 USER Syntax add snmpv3 user=user [authentication=md5|sha] authpassword=password privpassword=password [storagetype=volatile|nonvolatile] Parameters user Specifies the name of an SNMPv3 user, up to 32 alphanumeric characters. authentication Specifies the authentication protocol that is used to authenticate this user with an SNMP entity (manager or NMS).
PAGE 398
Chapter 25: SNMPv3 Commands entry to the configuration file on the switch. This is the default. nonvolatile Allows you to save the table entry to the configuration file on the switch. Description This command creates an SNMPv3 User Table entry. Examples The following command creates an SNMPv3 user with the name “steven142” with an authentication protocol of MD5, an authentication password of “99doublesecret12”, a privacy password of “encrypt178” and a storage type of nonvolatile.
PAGE 399
AT-S63 Management Software Command Line Interface User’s Guide CLEAR SNMPV3 ACCESS Syntax clear snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] readview writeview notifyview Parameters access Specifies the name of the security group, up to 32 alphanumeric characters. securitymodel Specifies the security model. The options are: securitylevel v1 Associates the Security Name, or User Name, with the SNMPv1 protocol.
PAGE 400
Chapter 25: SNMPv3 Commands notifyview Specifies a Notify View Name that allows the users assigned to this security group to send traps permitted in the specified View. This is an optional parameter. Description This command clears the specified fields in an SNMPv3 Access Table entry. Examples The following command clears the readview parameter in a security group called “Engineering” which has a security model of the SNMPv3 protocol and a security level of privacy.
PAGE 401
AT-S63 Management Software Command Line Interface User’s Guide CLEAR SNMPV3 COMMUNITY Syntax clear snmpv3 community index=index transporttag Parameters index Specifies the name of an existing SNMPv3 Community Table entry, up to 32 alphanumeric characters. transporttag Specifies the transport tag, up to 32 alphanumeric characters. Description This command clears the transporttag parameter in an SNMPv3 Community Table entry.
PAGE 402
Chapter 25: SNMPv3 Commands CLEAR SNMPV3 NOTIFY Syntax clear snmpv3 notify=notify tag Parameters notify Specifies the name of an SNMPv3 Notify Table entry, up to 32 alphanumeric characters. tag Specifies the notify tag name, up to 32 alphanumeric characters. Description This command clears the value of the tag parameter in an SNMPv3 Notify Table entry.
PAGE 403
AT-S63 Management Software Command Line Interface User’s Guide CLEAR SNMPV3 TARGETADDR Syntax clear snmpv3 targetaddr=targetaddr taglist Parameters targetaddr Specifies the name of the SNMPv3 Target Address Table entry, up to 32 alphanumeric characters. taglist Specifies a tag or list of tags, up to 256 alphanumeric characters. Description This command clears the value of the taglist parameter in an SNMPv3 Target Address Table entry.
PAGE 404
Chapter 25: SNMPv3 Commands CLEAR SNMPV3 VIEW Syntax clear snmpv3 view=view [subtree=OID|text] mask Parameters view Specifies the name of the SNMPv3 view, up to 32 alphanumeric characters. subtree Specifies the view of the MIB Tree. Options are: mask OID A numeric value in hexadecimal format. text Text name of the view. Specifies the subtree mask, in hexadecimal format. Description This command clears the value of the mask parameter in an SNMPv3 View Table entry.
PAGE 405
AT-S63 Management Software Command Line Interface User’s Guide CREATE SNMPV3 ACCESS Syntax create snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] readview=readview writeview=writeview notifyview=notifyview [storagetype=volatile|nonvolatile] Parameters access Specifies the name of the security group, up to 32 alphanumeric characters. securitymodel Specifies the security model.
PAGE 406
Chapter 25: SNMPv3 Commands notifyview Specifies a Notify View Name that allows the users assigned to this Group Name to send traps permitted in the specified View. This is an optional parameter. If you do not assign a value to this parameter, then the notifyview parameter defaults to none. storagetype Specifies the storage type of this table entry. This is an optional parameter. The options are: volatile Does not allow you to save the table entry to the configuration file on the switch.
PAGE 407
AT-S63 Management Software Command Line Interface User’s Guide Note In the above example, the storage type has not been specified. As a result, the storage type for the hwengineering security group is volatile storage.
PAGE 408
Chapter 25: SNMPv3 Commands CREATE SNMPV3 COMMUNITY Syntax create snmpv3 community index=index communityname=communityname securityname=securityname transporttag=transporttag [storagetype=volatile|nonvolatile] Parameters index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. communityname Specifies a password for this community entry, up to 32 alphanumeric characters.
PAGE 409
AT-S63 Management Software Command Line Interface User’s Guide The following command creates an SNMP community with an index of 95 and a community name of “12sacramento49.” The user is “regina” and the transport tag “trainingtag.” The storage type for this community is nonvolatile storage.
PAGE 410
Chapter 25: SNMPv3 Commands CREATE SNMPV3 GROUP Syntax create snmpv3 group username=username [securitymodel=v1|v2c|v3] groupname=groupname [storagetype=volatile|nonvolatile] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol.
PAGE 411
AT-S63 Management Software Command Line Interface User’s Guide create snmpv3 group username=Nancy securitymodel=v3 groupname=admin storagetype=nonvolatile The following command creates the SNMPv3 SecurityToGroup Table entry for a user named princess. The security model is set to the SNMPv3 protocol. The group name, or security group, for this user is the “training” group. The storage type is set to nonvolatile storage.
PAGE 412
Chapter 25: SNMPv3 Commands CREATE SNMPV3 NOTIFY Syntax create snmpv3 notify=notify tag=tag [type=trap|inform] [storagetype=volatile|nonvolatile] Parameters notify Specifies the name of an SNMPv3 Notify Table entry, up to 32 alphanumeric characters. tag Specifies the notify tag name, up to 32 alphanumeric characters. This is an optional parameter. type Specifies the message type. This is an optional parameter.
PAGE 413
AT-S63 Management Software Command Line Interface User’s Guide The following command creates the SNMPv3 Notify Table entry called “testenginform5” and the notify tag is “testenginformtag5.” The message type is defined as an inform message and the storage type for this entry is nonvolatile storage.
PAGE 414
Chapter 25: SNMPv3 Commands CREATE SNMPV3 TARGETADDR Syntax create snmpv3 targetaddr=targetaddr params=params ipaddress=ipaddress udpport=udpport timeout=timeout retries=retries taglist=taglist [storagetype=volatile|nonvolatile] Parameters targetaddr Specifies the name of the SNMP manager, or host, that manages the SNMP activity on the switch, up to 32 alphanumeric characters. params Specifies the target parameters name, up to 32 alphanumeric characters.
PAGE 415
AT-S63 Management Software Command Line Interface User’s Guide Examples In the following command, the name of the Target Address Table entry is “snmphost1.” In addition, the params parameter is assigned to “snmpv3manager” and the IP address is 198.1.1.1. The tag list consists of “swengtag,” “hwengtag,” and “testengtag.” The storage type for this table entry is nonvolatile storage. create snmpv3 targetaddr=snmphost1 params=snmpv3manager ipaddress=198.1.1.
PAGE 416
Chapter 25: SNMPv3 Commands CREATE SNMPV3 TARGETPARAMS Syntax create snmpv3 targetparams=targetparams username=username [securitymodel=v1|v2c|v3] [messageprocessing=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] [storagetype=volatile|nonvolatile] Parameters targetparams Specifies the name of the SNMPv3 Target Parameters Table entry, up to 32 alphanumeric characters. username Specifies a user name configured in the SNMPv3 User Table.
PAGE 417
AT-S63 Management Software Command Line Interface User’s Guide securitylevel Specifies the security level. The options are: noauthentication This option provides no authentication protocol and no privacy protocol. storagetype authentication This option provides an authentication protocol, but no privacy protocol. privacy This option provides an authentication protocol and the privacy protocol. Specifies the storage type of this table entry. This is an optional parameter.
PAGE 418
Chapter 25: SNMPv3 Commands CREATE SNMPV3 VIEW Syntax create snmpv3 view=view [subtree=OID|text] mask=mask [type=included|excluded] [storagetype=volatile|nonvolatile] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view of the MIB Tree. The options are: OID A numeric value in hexadecimal format. text Text name of the view. mask Specifies the subtree mask, in hexadecimal format. type Specifies the view type. This is an optional parameter.
PAGE 419
AT-S63 Management Software Command Line Interface User’s Guide create snmpv3 view=internet1 subtree=internet type=included storagetype=nonvolatile The following command creates an SNMPv3 View Table entry called “tcp1” with a subtree value of the TCP/IP MIBs and a view type of excluded. The storage type for this table entry is nonvolatile storage.
PAGE 420
Chapter 25: SNMPv3 Commands DELETE SNMPV3 USER Syntax delete snmpv3 user=user Parameters user Specifies the name of an SNMPv3 user to delete from the switch. Description This command deletes an SNMPv3 User Table entry. After you delete an SNMPv3 user from the switch, you cannot recover it. Examples The following command deletes the user named “wilson890.” delete snmpv3 user=wilson890 The following command deletes the user named “75murthy75.
PAGE 421
AT-S63 Management Software Command Line Interface User’s Guide DESTROY SNMPv3 ACCESS Syntax destroy snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] Parameter access Specifies an SNMPv3 Access Table entry. securitymodel Specifies the security model of the user name specified above. The options are: securitylevel v1 Associates the Security Name, or User Name, with the SNMPv1 protocol.
PAGE 422
Chapter 25: SNMPv3 Commands destroy snmpv3 access=swengineering securitymodel=v3 securitylevel=authentication The following command deletes the SNMPv3 Access Table entry called “testengineering” with a security model of the SNMPv3 protocol and a security level of privacy.
PAGE 423
AT-S63 Management Software Command Line Interface User’s Guide DESTROY SNMPv3 COMMUNITY Syntax destroy snmpv3 community index=index Parameter index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. Description This command deletes an SNMPv3 Community Table entry. After you delete an SNMPv3 Community Table entry, you cannot recover it. Examples The following command deletes an SNMPv3 Community Table entry with an index of 1001.
PAGE 424
Chapter 25: SNMPv3 Commands DESTROY SNMPv3 GROUP Syntax destroy snmpv3 group username=username [securitymodel=v1|v2c|v3] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol.
PAGE 425
AT-S63 Management Software Command Line Interface User’s Guide DESTROY SNMPv3 NOTIFY Syntax destroy snmpv3 notify=notify Parameter notify Specifies an SNMPv3 Notify Table entry. Description This command deletes an SNMPv3 Notify Table entry. After you delete an SNMPv3 Notify Table entry, you cannot recover it. Examples The following command deletes an SNMPv3 Notify Table entry called “systemtestnotifytrap.
PAGE 426
Chapter 25: SNMPv3 Commands DESTROY SNMPv3 TARGETADDR Syntax destroy snmpv3 targetaddr=target Parameter targetaddr Specifies an SNMPv3 Target Address table entry. Description This command deletes an SNMPv3 Target Address Table entry. After you delete an SNMPv3 Target Address Table entry, you cannot recover it. Example The following command deletes an SNMPv3 Address Table entry called “snmpmanager.
PAGE 427
AT-S63 Management Software Command Line Interface User’s Guide DESTROY SNMPv3 TARGETPARMS Syntax destroy snmpv3 targetparams=targetparams Parameter targetparams Specifies an SNMPv3 Target Parameters table entry. Description This command deletes an SNMPv3 Target Parameters Table entry. After you delete an SNMPv3 Target Parameters Table entry, you cannot recover it. Examples The following command deletes the SNMPv3 Target Parameters Table entry called “targetparameter1.
PAGE 428
Chapter 25: SNMPv3 Commands DESTROY SNMPV3 VIEW Syntax destroy snmpv3 view=view [subtree=OID|text] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view subtree view. The options are: OID A numeric value in hexadecimal format. text Text name of the view. Description This command deletes an SNMPv3 View Table entry. After you delete an SNMPv3 View Table entry, you cannot recover it.
PAGE 429
AT-S63 Management Software Command Line Interface User’s Guide PURGE SNMPV3 ACCESS Syntax purge snmpv3 access Parameters None Description This command resets the SNMPv3 Access Table to its default value by removing all the access table entries. To remove a single entry, use “DESTROY SNMPv3 ACCESS” on page 421.
PAGE 430
Chapter 25: SNMPv3 Commands PURGE SNMPV3 COMMUNITY Syntax purge snmpv3 community Parameters None Description This command resets the SNMPv3 Community Table to its default value by removing all the community table entries. To remove a single entry, use “DESTROY SNMPv3 COMMUNITY” on page 423.
PAGE 431
AT-S63 Management Software Command Line Interface User’s Guide PURGE SNMPV3 NOTIFY Syntax purge snmpv3 notify Parameters None Description This command resets the SNMPv3 Notify Table to its default value by removing all the notify table entries. To remove a single entry, use “DESTROY SNMPv3 NOTIFY” on page 425.
PAGE 432
Chapter 25: SNMPv3 Commands PURGE SNMPV3 TARGETADDR Syntax purge snmpv3 targetaddr Parameters None Description This command resets the SNMPv3 Target Address Table to its default values by removing all the target address table entries. To remove a single entry, use “DESTROY SNMPv3 TARGETADDR” on page 426.
PAGE 433
AT-S63 Management Software Command Line Interface User’s Guide PURGE SNMPV3 VIEW Syntax purge snmpv3 view Parameters None Description This command resets the SNMPv3 View Table to its default values by removing all the view table entries. To remove a single entry, use “DESTROY SNMPV3 VIEW” on page 428.
PAGE 434
Chapter 25: SNMPv3 Commands SET SNMPV3 ACCESS Syntax set snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] readview=readview writeview=writeview notifyview=notifyview [storagetype=volatile|nonvolatile] Parameters access Specifies the name of the group, up to 32 alphanumeric characters. securitymodel Specifies the security model. Options are: securitylevel v1 Associates the Security Name, or User Name, with the SNMPv1 protocol.
PAGE 435
AT-S63 Management Software Command Line Interface User’s Guide storagetype Specifies the storage type of this table entry. This is an optional parameter. The options are: volatile Does not allow you to save the table entry to the configuration file on the switch. This is the default. nonvolatile Allows you to save the table entry to the configuration file on the switch. Description This command modifies an SNMPv3 Access Table entry.
PAGE 436
Chapter 25: SNMPv3 Commands SET SNMPV3 COMMUNITY Syntax set snmpv3 community index=index communityname=communityname securityname=securityname transporttag=transporttag [storagetype=volatile|nonvolatile] Parameters index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. communityname Specifies a password of this community, up to 32 alphanumeric characters. securityname Specifies the name of an SNMPv1 and SNMPv2 user, up to 32 alphanumeric characters.
PAGE 437
AT-S63 Management Software Command Line Interface User’s Guide set snmpv3 community index=52 communityname=oldmiss71 securityname=jjhuser234 transporttag=testtag40 Section IV: SNMPv3 437
PAGE 438
Chapter 25: SNMPv3 Commands SET SNMPV3 GROUP Syntax set snmpv3 group username=username [securitymodel=v1|v2c|v3] groupname=groupname [storagetype=volatile|nonvolatile] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol.
PAGE 439
AT-S63 Management Software Command Line Interface User’s Guide The following command modifies the SecurityToGroup Table entry with a user name of “nelvid.” The security model is the SNMPv3 protocol and the group name “systemtest.
PAGE 440
Chapter 25: SNMPv3 Commands SET SNMPV3 NOTIFY Syntax set snmpv3 notify=notify tag=tag [type=trap|inform] [storagetype=volatile|nonvolatile] Parameters notify Specifies the name associated with the trap message, up to 32 alphanumeric characters. tag Specifies the notify tag name, up to 32 alphanumeric characters. type Specifies the message type. Options are: storagetype trap Trap messages are sent, with no response expected from the host.
PAGE 441
AT-S63 Management Software Command Line Interface User’s Guide The following command modifies an SNMPv3 Notify Table entry called “systemtestinform5.” The notify tag is “systemtestinform5tag” and the message type is an inform message.
PAGE 442
Chapter 25: SNMPv3 Commands SET SNMPV3 TARGETADDR Syntax set snmpv3 targetaddr=targetaddr params=params ipaddress=ipaddress udpport=udpport timeout=timeout retries=retries taglist=taglist [storagetype=volatile|nonvolatile] Parameters 442 targetaddr Specifies the name of the SNMP entity (NMS or manager) that manages the SNMP activity on the switch, up to 32 alphanumeric characters. params Specifies the target parameters name, up to 32 alphanumeric characters. This is an optional parameter.
PAGE 443
AT-S63 Management Software Command Line Interface User’s Guide Description This command modifies an SNMPv3 Target Address Table entry. Examples The following command modifies the Target Address Table entry with a value of “snmphost.” The params parameter is set to “targetparameter7” and the IP address is 198.1.1.1. The taglist is set to “systemtesttraptag” and “systemtestinformtag.” set snmpv3 targetaddr=snmphost params=targetparameter7 ipaddress=198.1.1.
PAGE 444
Chapter 25: SNMPv3 Commands SET SNMPV3 TARGETPARAMS Syntax set snmpv3 targetparams=targetparams username=username [securitymodel=v1|v2c|v3] [messageprocessing=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] [storagetype=volatile|nonvolatile] Parameters targetparams Specifies the target parameters name, up to 32 alphanumeric characters. username Specifies the user name. securitymodel Specifies the security model of the above user name.
PAGE 445
AT-S63 Management Software Command Line Interface User’s Guide authentication This option provides an authentication protocol, but no privacy protocol. privacy storagetype This option provides an authentication protocol and the privacy protocol. Specifies the storage type of this table entry. This is an optional parameter. The options are: volatile Does not allow you to save the table entry to the configuration file on the switch. This is the default.
PAGE 446
Chapter 25: SNMPv3 Commands SET SNMPV3 USER Syntax set snmpv3 user=user [authentication=md5|sha] authpassword=password privpassword=password [storagetype=volatile|nonvolatile] Parameters user Specifies the name of an SNMPv3 user, up to 32 alphanumeric characters. authentication Specifies the authentication protocol that is used to authenticate this user with an SNMPv3 entity (or NMS). The default is no authentication. The options are: md5 The MD5 authentication protocol.
PAGE 447
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command modifies a User Table entry called “atiuser104”. The authentication protocol is set to the MD5 protocol and the authentication password is “atlanta45denver.” The DES privacy protocol is on and the privacy password is “denvertoatlanta3.” set snmpv3 user=atiuser104 authentication=md5 authpassword=atlanta45denver privpassword=denvertoatlanta3 The following command modifies a User Table entry called “atiuser104.
PAGE 448
Chapter 25: SNMPv3 Commands SET SNMPV3 VIEW Syntax set snmpv3 view=view [subtree=OID|text] mask=mask [type=included|excluded] [storagetype=volatile|nonvolatile] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view subtree view. Options are: OID A numeric value in hexadecimal format. text Text name of the view. mask Specifies the subtree mask, in hexadecimal format. type Specifies the view type.
PAGE 449
AT-S63 Management Software Command Line Interface User’s Guide The following command modifies the view called system. The subtree is set to 1.3.6.1.2.1 (System MIBs) and the view type is excluded. set snmpv3 view=system subtree=1.3.6.1.2.
PAGE 450
Chapter 25: SNMPv3 Commands SHOW SNMPV3 ACCESS Syntax show snmpv3 access=access Parameter access Specifies an SNMPv3 Access Table entry. Description This command displays the SNMPv3 Access Table. You can display one or all of the table entries. Examples The following command displays the SNMPv3 Access Table entry called “production.
PAGE 451
AT-S63 Management Software Command Line Interface User’s Guide SHOW SNMPV3 COMMUNITY Syntax show snmpv3 community index=index Parameter index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. Description This command displays the SNMPv3 Community Table. You can display one or all of the SNMPv3 Community Table entries.
PAGE 452
Chapter 25: SNMPv3 Commands SHOW SNMPv3 GROUP Syntax show snmpv3 group username=username [securitymodel=v1|v2c|v3] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol. v3 Associates the Security Name, or User Name, with the SNMPv3 protocol.
PAGE 453
AT-S63 Management Software Command Line Interface User’s Guide SHOW SNMPV3 NOTIFY Syntax show snmpv3 notify=notify Parameter notify Specifies an SNMPv3 Notify Table entry. Description This command displays SNMPv3 Notify Table entries. You can display one or all of the table entries.
PAGE 454
Chapter 25: SNMPv3 Commands SHOW SNMPV3 TARGETADDR Syntax show snmpv3 targetaddr=targetaddr Parameter targetaddr Specifies an SNMPv3 Target Address Table entry. Description This command displays SNMPv3 Target Address Table entries. You can display one or all of the table entries.
PAGE 455
AT-S63 Management Software Command Line Interface User’s Guide SHOW SNMPV3 TARGETPARAMS Syntax show snmpv3 targetparams=targetparams Parameter targetparams Specifies an SNMPv3 Target Parameters Table entry. Description This command displays SNMPv3 Target Parameters Table entries. You can display one or all of the table entries.
PAGE 456
Chapter 25: SNMPv3 Commands SHOW SNMPV3 USER Syntax show snmpv3 user=user Parameters userSpecifies the name of an SNMPv3 user, up to 32 alphanumeric characters. Description This command displays SNMPv3 User Table entries. You can display one or all of the table entries.
PAGE 457
AT-S63 Management Software Command Line Interface User’s Guide SHOW SNMPV3 VIEW Syntax show snmpv3 view=view [subtree=OID|text] Parameter view Specifies an SNMPv3 View Table entry. subtree Specifies the view subtree view. Options are: OID A numeric value in hexadecimal format. text Text name of the view. Description This command displays the SNMPv3 View Table entries. You can display one or all of the table entries.
PAGE 458
Chapter 25: SNMPv3 Commands 458 Section IV: SNMPv3
PAGE 459
Section V Spanning Tree Protocols The chapters in this section contain the commands for the spanning tree protocols.
PAGE 460
Section V: Spanning Tree Protocols
PAGE 461
Chapter 26 Spanning Tree Protocol Commands This chapter contains the following commands: “ACTIVATE STP” on page 462 “DISABLE STP” on page 463 “ENABLE STP” on page 464 “PURGE STP” on page 465 “SET STP” on page 466 “SET STP PORT” on page 469 “SET SWITCH MULTICASTMODE” on page 471 “SHOW STP” on page 473 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 462
Chapter 26: Spanning Tree Protocol Commands ACTIVATE STP Syntax activate stp Parameters None. Description Use this command to designate STP as the active spanning tree on the switch. You cannot enable STP or configure its parameters until you have designated it as the active spanning tree with this command. Only one spanning tree protocol, STP, RSTP, or MSTP, can be active on the switch at a time.
PAGE 463
AT-S63 Management Software Command Line Interface User’s Guide DISABLE STP Syntax disable stp Parameters None. Description This command disables the Spanning Tree Protocol on the switch. The default setting for STP is disabled. To view the current status of STP, refer to “SHOW STP” on page 473.
PAGE 464
Chapter 26: Spanning Tree Protocol Commands ENABLE STP Syntax enable stp Parameters None. Description This command enables the Spanning Tree Protocol on the switch. The default setting for STP is disabled. To view the current status of STP, refer to “SHOW STP” on page 473. Note You cannot enable STP until after you have activated it with “ACTIVATE STP” on page 462.
PAGE 465
AT-S63 Management Software Command Line Interface User’s Guide PURGE STP Syntax purge stp Parameters None. Description This command returns all STP bridge and port parameters to the default settings. STP must be disabled in order for you to use this command. To disable STP, see “DISABLE STP” on page 463. Example The following command resets the STP parameter settings to their default values: purge stp Equivalent Command set stp default For information, see “SET STP” on page 466.
PAGE 466
Chapter 26: Spanning Tree Protocol Commands SET STP Syntax set stp [default] [priority=priority] [hellotime=hellotime] [forwarddelay=forwarddelay] [maxage=maxage] Parameters default Disables STP and returns all bridge and port STP settings to the default values. This parameter cannot be used with any other command parameter and can only be used when STP is disabled. (This parameter performs the same function as the PURGE STP command.) priority Specifies the priority number for the bridge.
PAGE 467
AT-S63 Management Software Command Line Interface User’s Guide hellotime Specifies the time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds. forwarddelay Specifies the waiting period before a bridge changes to a new state, for example, becomes the new root bridge after the topology changes.
PAGE 468
Chapter 26: Spanning Tree Protocol Commands Examples The following command sets the switch’s bridge priority value to 45,056 (increment 11): set stp priority=11 The following command sets the hello time to 7 seconds and the forwarding delay to 25 seconds: set stp hellotime=7 forwarddelay=25 The following command returns all STP parameters on the switch to the default values: set stp default Equivalent Command purge stp For information, see “PURGE STP” on page 465.
PAGE 469
AT-S63 Management Software Command Line Interface User’s Guide SET STP PORT Syntax set stp port=port [pathcost|portcost=auto|portcost] [portpriority=portpriority] Parameters port Specifies the port you want to configure. You can configure more than one port at a time. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22). pathcost or portcost Specifies the port’s cost. The parameters are equivalent.
PAGE 470
Chapter 26: Spanning Tree Protocol Commands shown in Table 15. You specify the increment of the desired value. The default is 128 (increment 8). Table 15.
PAGE 471
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH MULTICASTMODE Syntax set switch multicastmode=[a|b|c|d] Parameter multicast mode Specifies the multicast mode. The options are: a Discards all ingress spanning tree BPDU and 802.1x EAPOL packets on all ports. b Forwards ingress spanning tree BPDU and 802.1x EAPOL packets across all VLANs and ports. c Forwards ingress BPDU and EAPOL packets only among the untagged ports of the VLAN where the ingress port is a member.
PAGE 472
Chapter 26: Spanning Tree Protocol Commands If 802.1x port-based access control is disabled, all ingress EAPOL packets are discarded. B - Forwards ingress spanning tree BPDU and 802.1x EAPOL packets across all VLANs and ports. This is the default setting. The switch behaves as follows: If STP, RSTP, and MSTP are disabled, ingress BPDUs are flooded on all ports. If STP, RSTP, MSTP, and 802.1x are disabled on the switch, BPDUs and EAPOL packets are flooded on all ports.
PAGE 473
AT-S63 Management Software Command Line Interface User’s Guide SHOW STP Syntax show stp [port=port] Parameter port Specifies the port whose STP parameters you want to view. You can view more than one port at a time.You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22). Description This command displays the current values for the STP parameters. An example of the display is shown in Figure 46. Status ......................
PAGE 474
Chapter 26: Spanning Tree Protocol Commands The root bridge parameter specifies the bridge identifier of the root bridge of the spanning tree domain. The identifier consists of the bridge priority value and MAC address of the root switch, separated by a slash (/). This parameter only appears when STP is activated on the switch. The root path cost parameter displays the path cost from the switch to the root bridge of the spanning tree domain. If the switch is the root bridge, the path cost is 0.
PAGE 475
Chapter 27 Rapid Spanning Tree Protocols Commands This chapter contains the following commands: “ACTIVATE RSTP” on page 476 “DISABLE RSTP” on page 477 “ENABLE RSTP” on page 478 “PURGE RSTP” on page 479 “SET RSTP” on page 480 “SET RSTP PORT” on page 483 “SHOW RSTP” on page 486 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 476
Chapter 27: Rapid Spanning Tree Protocols Commands ACTIVATE RSTP Syntax activate rstp Parameters None. Description Use this command to designate RSTP as the active spanning tree on the switch. After you have selected RSTP, you can enable or disable it using the ENABLE RSTP and DISABLE RSTP commands. RSTP is active on a switch only after you have designated it as the active spanning tree with this command and enabled it with the ENABLE RSTP command.
PAGE 477
AT-S63 Management Software Command Line Interface User’s Guide DISABLE RSTP Syntax disable rstp Parameters None. Description This command disables the Rapid Spanning Tree Protocol on the switch. To view the current status of RSTP, use “SHOW RSTP” on page 486.
PAGE 478
Chapter 27: Rapid Spanning Tree Protocols Commands ENABLE RSTP Syntax enable rstp Parameters None. Description This command enables the Rapid Spanning Tree Protocol on the switch. The default setting for RSTP is disabled. To view the current status of RSTP, use “SHOW RSTP” on page 486. You cannot enable RSTP until you have activated it with the ACTIVATE RSTP command.
PAGE 479
AT-S63 Management Software Command Line Interface User’s Guide PURGE RSTP Syntax purge rstp Parameters None. Description This command returns all RSTP bridge and port parameters to the default settings. RSTP must be disabled before you can use this command. To disable RSTP, refer to “DISABLE RSTP” on page 477. Example The following command resets RSTP: purge rstp Equivalent Command set rstp default For information, refer to “SET RSTP” on page 480.
PAGE 480
Chapter 27: Rapid Spanning Tree Protocols Commands SET RSTP Syntax set rstp [default] [priority=priority] [hellotime=hellotime] [forwarddelay=forwarddelay] [maxage=maxage] [rstptype|forceversion=stpcompatible| forcestpcompatible|normalrstp] Parameters default Returns all bridge and port RSTP settings to the default values. This parameter cannot be used with any other command parameter and only when RSTP is disabled. (This parameter performs the same function as the PURGE RSTP command.
PAGE 481
AT-S63 Management Software Command Line Interface User’s Guide hellotime Specifies the time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds. forwarddelay Specifies the waiting period before a bridge changes to a new state, for example, becomes the new root bridge after the topology changes. If the bridge transitions too soon, not all links may have yet adapted to the change, resulting in network loops.
PAGE 482
Chapter 27: Rapid Spanning Tree Protocols Commands Forwarding delay Maximum age time Port priority Force version of STP or normal RSTP This command can also return the RSTP parameters to their default settings. Note You can use this command only if RSTP is the active spanning tree protocol on the switch. See “ACTIVATE RSTP” on page 476.
PAGE 483
AT-S63 Management Software Command Line Interface User’s Guide SET RSTP PORT Syntax set rstp port=port [pathcost|portcost=cost|auto] [portpriority=portpriority] [edgeport=yes|no|on|off|true|false] [ptp|pointtopoint=yes|no|on|off|true|false|autoupdate] [migrationcheck=yes|no|on|off|true|false] Parameters port Specifies the port you want to configure. You can specify more than one port at a time.
PAGE 484
Chapter 27: Rapid Spanning Tree Protocols Commands Table 18. RSTP Auto-Detect Port Trunk Costs portpriority Port Speed Port Cost 100 Mbps 20,000 1000 Mbps 2,000 Specifies the port’s priority. This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge. The range is 0 to 240 in increments of 16, for a total of 16 increments, as shown in Table 19. You specify the increment that corresponds to the desired value.
PAGE 485
AT-S63 Management Software Command Line Interface User’s Guide migrationcheck yes, on, true The port is an point-to-point port. The options are equivalent. no, off, false The port is not an point-to-point port. The parameters are equivalent. are equivalent. autoupdate The port’s status is determined automatically. This is the default. Enables and disables migration check.
PAGE 486
Chapter 27: Rapid Spanning Tree Protocols Commands SHOW RSTP Syntax show rstp [portconfig=port|portstate=port] Parameters portconfig Displays the RSTP port settings. You can specify more than one port at a time. portstate Displays the RSTP port status. You can specify more than one port at a time. Description You can use this command to display the RSTP parameter settings. An example of the display is shown in Figure 48. Status ....................... Force Version ................ Bridge Priority ...
PAGE 487
AT-S63 Management Software Command Line Interface User’s Guide The root bridge identifier parameter displays the bridge priority value and MAC address of the root switch of the spanning tree domain. The values are separated by a slash (/). This parameter only appears when RSTP is activated on the switch. The root path cost parameter displays the path cost from the switch to the root bridge of the spanning tree domain. If the switch is the root bridge, the path cost is 0.
PAGE 488
Chapter 27: Rapid Spanning Tree Protocols Commands The information displayed by the command is as follows: Port — The port number. State — The RSTP state of the port. The possible states for a port connected to another device running RSTP are Discarding and Forwarding. The possible states for a port connected to a device running STP are Listening, Learning, Forwarding, and Blocking. The possible states for a port not being used or where spanning tree is not activated is Disabled.
PAGE 489
Chapter 28 Multiple Spanning Tree Protocol Commands This chapter contains the following commands: “ACTIVATE MSTP” on page 490 “ADD MSTP” on page 491 “CREATE MSTP” on page 492 “DELETE MSTP” on page 493 “DESTROY MSTP MSTIID” on page 494 “DISABLE MSTP” on page 495 “ENABLE MSTP” on page 496 “PURGE MSTP” on page 497 “SET MSTP” on page 498 “SET MSTP CIST” on page 501 “SET MSTP MSTI” on page 502 “SET MSTP MSTIVLANASSOC” on page 504 “SET MSTP PORT” on page 505
PAGE 490
Chapter 28: Multiple Spanning Tree Protocol Commands ACTIVATE MSTP Syntax activate mstp Parameters None. Description This command designates MSTP as the active spanning tree on the switch. You cannot enable MSTP or configure its parameters until after you have designated it as the active spanning tree with this command. Only one spanning tree protocol can be active on the switch at a time.
PAGE 491
AT-S63 Management Software Command Line Interface User’s Guide ADD MSTP Syntax add mstp mstiid=mstiid mstivlanassoc=vids Parameters mstiid Specifies the ID of the multiple spanning tree instance (MSTI) to which you want to associate VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. mstivlanassoc Specifies the VID of the VLAN you want to associate with the MSTI ID. You can specify more than one VID at a time (for example, 2,5,44).
PAGE 492
Chapter 28: Multiple Spanning Tree Protocol Commands CREATE MSTP Syntax create mstp mstiid=mstiid [mstivlanassoc=vids] Parameters mstiid Specifies the MSTI ID of the spanning tree instance you want to create. You can specify only one MSTI ID at a time. The range is 1 to 15. mstivlanassoc Specifies the VID of the VLAN you want to associate with the MSTI ID. You can specify more than one VID at a time (for example, 2,5,44).
PAGE 493
AT-S63 Management Software Command Line Interface User’s Guide DELETE MSTP Syntax delete mstp mstiid=mstiid mstivlanassoc=vids Parameters mstiid Specifies the MSTI ID of the spanning tree instance where you want to remove VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. mstivlanassoc Specifies the VID of the VLAN you want to remove from the spanning tree instance. You can specify more than one VID at a time (for example, 2,5,44).
PAGE 494
Chapter 28: Multiple Spanning Tree Protocol Commands DESTROY MSTP MSTIID Syntax destroy mstp mstiid=mstiid Parameter mstiid Specifies the MSTI ID of the spanning tree instance you want to delete. You can specify only one MSTI ID at a time. The range is 1 to 15. Description This command deletes a spanning tree instance. VLANs associated with a deleted MSTI are returned to CIST.
PAGE 495
AT-S63 Management Software Command Line Interface User’s Guide DISABLE MSTP Syntax disable mstp Parameters None. Description This command disables the Multiple Spanning Tree Protocol on the switch. To view the current status of MSTP, refer to “SHOW MSTP” on page 509.
PAGE 496
Chapter 28: Multiple Spanning Tree Protocol Commands ENABLE MSTP Syntax enable mstp Parameters None. Description This command enables Multiple Spanning Tree Protocol on the switch. To view the current status of MSTP, refer to “SHOW MSTP” on page 509. You must select MSTP as the active spanning tree on the switch before you can enable it with this command. To activate MSTP, see “ACTIVATE MSTP” on page 490.
PAGE 497
AT-S63 Management Software Command Line Interface User’s Guide PURGE MSTP Syntax purge mstp Parameters None. This command returns all MSTP bridge and port parameters settings to their default values. This command also deletes all multiple spanning tree instances and VLAN associations. In order for you to use this command, MSTP must be the active spanning tree protocol on the switch and the protocol must be disabled.
PAGE 498
Chapter 28: Multiple Spanning Tree Protocol Commands SET MSTP Syntax set mstp [default] [forceversion=stpcompatible|forcestpcompatible| normalmstp] [hellotime=hellotime] [forwarddelay=forwarddelay] [maxage=maxage] [maxhops=maxhops] [configname="name"] [revisionlevel=number] Parameters default Disables MSTP and returns all bridge and port MSTP settings to the default values. This parameter cannot be used with any other parameter. (This parameter performs the same function as the PURGE MSTP command.
PAGE 499
AT-S63 Management Software Command Line Interface User’s Guide forwarddelay Specifies the waiting period before a bridge changes to a new state, for example, becomes the new root bridge after the topology changes. If the bridge transitions too soon, not all links may have yet adapted to the change, resulting in network loops. The default is 15 seconds. This parameter effects only those ports operating in the STP compatible mode.
PAGE 500
Chapter 28: Multiple Spanning Tree Protocol Commands Maximum hop count Force version of STP or normal MSTP Configuration name Revision level Examples The following command disables MSTP and returns all MSTP parameter settings to their default values: set mstp default The following command sets the hop count to 10, the configuration name to Engineering Region, and the reversion level to 2: set mstp maxhops=10 configname="Engineering Region" revisionlevel=2 The following command uses the FO
PAGE 501
AT-S63 Management Software Command Line Interface User’s Guide SET MSTP CIST Syntax set mstp cist priority=priority Parameter priority Specifies the CIST priority number for the switch. The range is 0 to 61,440 in increments of 4,096. The range is divided into sixteen increments, as shown in Table 20. You specify the increment that represents the desired bridge priority value. The default value is 32,768, which is increment 8. Table 20.
PAGE 502
Chapter 28: Multiple Spanning Tree Protocol Commands SET MSTP MSTI Syntax set mstp msti mstiid=mstiid priority=priority Parameters mstiid Specifies a MSTI ID. You can specify only one MSTI ID at a time. The range is 1 to 15. priority Specifies the MSTI priority value for the switch. The range is 0 to 61,440 in increments of 4,096. The range is divided into sixteen increments, as shown in Table 21. You specify the increment that represents the desired bridge priority value.
PAGE 503
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command changes the MSTI priority value to 45,056 (increment 11) for the MSTI ID 4: set mstp msti mstiid=4 priority=11 The following command changes the MSTI priority value to 8,192 (increment 2) for the MSTI ID 6: set mstp msti mstiid=6 priority=2 Section V: Spanning Tree Protocols 503
PAGE 504
Chapter 28: Multiple Spanning Tree Protocol Commands SET MSTP MSTIVLANASSOC Syntax set mstp mstivlanassoc mstiid=mstiid vlanlist=vids Parameters mstiid Specifies the ID of the spanning tree instance where you want to associate VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. vlanlist Specifies the VID of the VLAN you want to associate with the MSTI ID. You can specify more than one VID at a time (for example, 2,5,44).
PAGE 505
AT-S63 Management Software Command Line Interface User’s Guide SET MSTP PORT Syntax 1 set mstp port=port|all [extportcost=portcost] [edgeport=yes|no|no|on|off|true|false] [ptp|pointtopoint=yes|no|on|off|true|false|autoupdate] [migrationcheck=yes|no|on|off|true|false] Syntax 2 set mstp port=port|all [intportcost=auto|portcost] [portpriority=priority] [stpid=msti_id] Parameters port Specifies the port you want to configure. You can specify more than one port at a time.
PAGE 506
Chapter 28: Multiple Spanning Tree Protocol Commands edgeport ptp or pointtopoint migrationcheck Defines whether the port is functioning as an edge port. An edge port is connected to a device operating at halfduplex mode and is not connected to any device running STP or MSTP. Selections are: yes, on, true The port is an edge port. These values are equivalent. This is the default. no, off, false The port is not an edge port. These values are equivalent.
PAGE 507
AT-S63 Management Software Command Line Interface User’s Guide portpriority Specifies the port’s priority. This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge. The range is 0 to 240 in increments of 16. There are sixteen increments, as shown in Table 24 on page 507. You specify the increment of the desired value. The default is 128, which is increment 8. Table 24.
PAGE 508
Chapter 28: Multiple Spanning Tree Protocol Commands Synax 1 Examples The following command sets the external port cost to 500 for Ports 14 and 23: set mstp port=14,23 extportcost=500 The following command sets the external port cost to 1,000,000 for Port 4 and designates it as an edge port: set mstp port=6-8 edgeport=yes The following command sets the external port cost for Ports 2 and 5 to Auto, which sets the port cost based on speed: set mstp port=2-5 extportcost=auto The following command designate
PAGE 509
AT-S63 Management Software Command Line Interface User’s Guide SHOW MSTP Syntax show mstp [portconfig=ports] [portstate=ports] [stpid=msti_id] [mstistate] [cist] [mstivlanassoc] Parameters portconfig Displays the MSTP settings of a port. You can specify more than one port at a time. For a list of the MSTP information displayed by this parameter, refer to Description below. portstate Displays the MSTP state of a port. You can specify more than one port at a time.
PAGE 510
Chapter 28: Multiple Spanning Tree Protocol Commands Entering SHOW MSTP without any parameters displays the following MSTP settings: MSTP status Force version Hello time Forwarding delay Maximum age Maximum hops Configuration name Reversion level Bridge identifier Root identifier The hello time, forwarding delay, and bridge max age parameters will have two values if MSTP is enabled on the switch (for example, Forwarding Delay .. 15/15).
PAGE 511
AT-S63 Management Software Command Line Interface User’s Guide Point-to-point status Spanning tree version Internal and external port costs The MSTI parameter displays the following information for each spanning tree instance (excluding the CIST) on the switch: MSTI ID MSTI priority Regional root ID Path cost Associated VLANs The CIST parameter displays the following CIST information: CIST priority value Root ID Root path cots Regional root ID Regional roo
PAGE 512
Chapter 28: Multiple Spanning Tree Protocol Commands 512 Section V: Spanning Tree Protocols
PAGE 513
Section VI Virtual LANs The chapters in this section contain the commands for managing virtual LANs using the AT-S63 management software.
PAGE 514
Section VI: Virtual LANs
PAGE 515
Chapter 29 Port-based, Tagged, and Multiple Mode VLAN Commands This chapter contains the following commands: “ADD VLAN” on page 516 “CREATE VLAN” on page 518 “DELETE VLAN” on page 521 “DESTROY VLAN” on page 523 “SET SWITCH INFILTERING” on page 524 “SET SWITCH MANAGEMENTVLAN” on page 525 “SET SWITCH VLANMODE” on page 526 “SET VLAN” on page 528 “SHOW VLAN” on page 529 Note Remember to use the SAVE CONFIGURATION command to save your changes on the switch.
PAGE 516
Chapter 29: Port-based, Tagged, and Multiple Mode VLAN Commands ADD VLAN Syntax 1 add vlan=name [vid=vid] ports=ports|all frame=untagged|tagged Syntax 2 add vlan=name [vid=vid] taggedports=ports|all untaggedports=ports|all Parameters vlan Specifies the name of the VLAN to modify. vid Specifies the VID of the VLAN you want to modify. This parameter is optional. ports Specifies the ports to be added to the VLAN.
PAGE 517
AT-S63 Management Software Command Line Interface User’s Guide This command has two syntaxes. You can use either command to add ports to a VLAN. The difference between the two is that Syntax 1 can add only one type of port, tagged or untagged, at a time to a VLAN, while Syntax 2 can add both in the same command. This is illustrated in Examples below. When you add untagged ports to a VLAN, the ports are automatically removed from their current untagged VLAN assignment.
PAGE 518
Chapter 29: Port-based, Tagged, and Multiple Mode VLAN Commands CREATE VLAN Syntax 1 create vlan=name vid=vid [type=port] ports=ports|all frame=untagged|tagged Syntax 2 create vlan=name vid=vid [type=port] taggedports=ports|all untaggedports=ports|all Parameters vlan Specifies the name of the VLAN. You must assign a name to a VLAN. The name can be from 1 to 20 characters in length and should reflect the function of the nodes that will be a part of the VLAN (for example, Sales or Accounting).
PAGE 519
AT-S63 Management Software Command Line Interface User’s Guide type Specifies the type of VLAN to be created. The option PORT signifies a port-based or tagged VLAN. This parameter is optional. ports Specifies the ports on the switch that are either tagged or untagged members of the new VLAN. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22). To specify all ports on the switch, use ALL.
PAGE 520
Chapter 29: Port-based, Tagged, and Multiple Mode VLAN Commands Tagged ports of the new VLAN remain as tagged and untagged members of their current VLAN assignments. No change is made to a tagged port’s current VLAN assignments, other than its addition to the new VLAN. This is because a tagged port can belong to more than one VLAN at a time. For example, if you add port 6 as a tagged port to a new VLAN, port 6 remains a member of its other current untagged and tagged VLAN assignments.
PAGE 521
AT-S63 Management Software Command Line Interface User’s Guide DELETE VLAN Syntax 1 delete vlan=name [vid=vid] ports=ports frame=untagged|tagged Syntax 2 delete vlan=name [vid=vid] taggedports=ports untaggedports=ports Parameters vlan Specifies the name of the VLAN to be modified. vid Specifies the VID of the VLAN to be modified. This parameter is optional. ports Specifies the ports to be removed from the VLAN. This parameter must be used with the FRAME parameter.
PAGE 522
Chapter 29: Port-based, Tagged, and Multiple Mode VLAN Commands Note You cannot change a VLAN’s name or VID. When you remove an untagged port from a VLAN, the following happens: The port is returned to the Default_VLAN as an untagged port. If the port is also a tagged member of other VLANS, those VLAN assignments are not changed. The port remains a tagged member of the other VLANs.
PAGE 523
AT-S63 Management Software Command Line Interface User’s Guide DESTROY VLAN Syntax destroy vlan=name|vid|all Parameters vlan Specifies the name or VID of the VLAN to be deleted. To delete all VLANs, use the ALL option. Description This command deletes port-based, tagged, and MAC address-based VLANs from a switch. You can use the command to deleted selected VLANs or all VLANs, with the exception of the Default_VLAN.
PAGE 524
Chapter 29: Port-based, Tagged, and Multiple Mode VLAN Commands SET SWITCH INFILTERING Syntax set switch infiltering=yes|no|on|off|true|false Parameters infiltering Specifies the operating status of ingress filtering. The options are: yes, on, true Activates ingress filtering. The options are equivalent. This is the default. no, off, false Deactivates ingress filtering. The options are equivalent. Description This command controls the status of ingress filtering.
PAGE 525
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH MANAGEMENTVLAN Syntax set switch managementvlan=name|VID Parameter managementvlan Specifies the management VLAN. You can specify the VLAN by name or by its VID. You can specify only one management VLAN. The default management VLAN is Default_VLAN (VID 1). Description This command sets the management VLAN. The switch uses this VLAN to watch for management packets from remote Telnet, SSH, and web browser management sessions.
PAGE 526
Chapter 29: Port-based, Tagged, and Multiple Mode VLAN Commands SET SWITCH VLANMODE Syntax set switch vlanmode=userconfig|dotqmultiple|multiple [uplinkport=port] Parameters vlanmode uplinkport Controls the switch’s VLAN mode. Options are: userconfig This mode allows you to create your own port-based and tagged VLANs. This is the default setting. dotqmultiple This option configures the switch for the 802.1Q-compliant multiple VLAN mode. multiple This option configures the switch for the non-802.
PAGE 527
AT-S63 Management Software Command Line Interface User’s Guide The following command sets the switch so that you can create your own port-based and tagged VLANs: set switch vlanmode=userconfig Section VI: Virtual LANs 527
PAGE 528
Chapter 29: Port-based, Tagged, and Multiple Mode VLAN Commands SET VLAN Syntax set vlan=name [vid=vid] type=portbased Parameter vlan Specifies the name of the dynamic GVRP VLAN you want to convert into a static VLAN. To view VLAN names, refer to “SHOW VLAN” on page 529. vid Specifies the VID of the dynamic VLAN. To view VIDs, refer to “SHOW VLAN” on page 529. This parameter is optional. type Specifies the type of static VLAN to which the dynamic VLAN is to be converted.
PAGE 529
AT-S63 Management Software Command Line Interface User’s Guide SHOW VLAN Syntax show vlan[=name|vid] Parameter vlan Specifies the name or VID of the VLAN. Description This command displays the VLANs on the switch. An example of the information displayed by this command for port-based and tagged VLANs is shown in Figure 51. VLAN Name ............................ VLAN ID .............................. VLAN Type ............................ Protected Ports ......................
PAGE 530
Chapter 29: Port-based, Tagged, and Multiple Mode VLAN Commands – Actual: The current untagged ports of the VLAN. If you are not using 802.1x port-based network access control, both the Configured and Actual untagged ports of a VLAN will always be the same. If you are using 802.1x and you assigned a guest VLAN to an authenticator port or you associated an 802.
PAGE 531
AT-S63 Management Software Command Line Interface User’s Guide The information displayed by the command is described here: VLAN name - The name of the VLAN. The name is Client_VLAN followed by the port number. VLAN ID - The ID number assigned to the VLAN. VLAN Type - The type of VLAN. This will be Port Based for the VLANs of a multiple VLAN mode. Protected Ports - The status of protected ports. Since the VLANs of a multiple VLAN mode are not protected ports VLANs, this will be No.
PAGE 532
Chapter 29: Port-based, Tagged, and Multiple Mode VLAN Commands 532 Section VI: Virtual LANs
PAGE 533
Chapter 30 GARP VLAN Registration Protocol Commands This chapter contains the following commands: “DISABLE GARP” on page 534 “ENABLE GARP” on page 535 “PURGE GARP” on page 536 “SET GARP PORT” on page 537 “SET GARP TIMER” on page 538 “SHOW GARP” on page 540 “SHOW GARP COUNTER” on page 541 “SHOW GARP DATABASE” on page 543 “SHOW GARP GIP” on page 544 “SHOW GARP MACHINE” on page 545 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 534
Chapter 30: GARP VLAN Registration Protocol Commands DISABLE GARP Syntax disable garp=gvrp [gip] Parameters garp Specifies the GARP application you want to disable. The only GARP application supported by AT-S63 management software is GVRP. gip Disables GARP Information Propagation (GIP). Note The online help for this command contains an STP option. The option is not supported. Description This command disables GVRP on the switch.
PAGE 535
AT-S63 Management Software Command Line Interface User’s Guide ENABLE GARP Syntax enable garp=gvrp [gip] Parameters garp Specifies the GARP application you want to enable. The only GARP application supported by AT-S63 management software is GVRP. gip Enables GARP Information Propagation (GIP). Note The online help for this command contains an STP option. This option is not supported. Description This command enables GVRP on the switch.
PAGE 536
Chapter 30: GARP VLAN Registration Protocol Commands PURGE GARP Syntax purge garp=gvrp Parameter garp Specifies the GARP application you want to reset. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported. Description This command disables GVRP and returns all GVRP parameters to their default settings. All GVRP-related statistics counters are returned to zero.
PAGE 537
AT-S63 Management Software Command Line Interface User’s Guide SET GARP PORT Syntax set garp=gvrp port=port mode=normal|none Parameters garp Specifies the GARP application you want to configure. The only GARP application supported by AT-S63 management software is GVRP. port Specifies the port you want to configure on the switch. You can specify more than one port at a time. mode Specifies the GVRP mode of the port. Modes are: normal The port will participate in GVRP.
PAGE 538
Chapter 30: GARP VLAN Registration Protocol Commands SET GARP TIMER Syntax set garp=gvrp timer [default] [jointime=value] [leavetime=value] [leavealltime=value] Parameters garp Specifies the GARP application you want to configure. The only GARP application supported by AT-S63 management software is GVRP. default Returns the GARP timers to their default settings. jointime Specifies the Join Timer in centiseconds, which are one hundredths of a second. The default is 20 centi seconds.
PAGE 539
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command sets the Join Period timer to 0.1 second, Leave Period timer to 0.
PAGE 540
Chapter 30: GARP VLAN Registration Protocol Commands SHOW GARP Syntax show garp=gvrp Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported.
PAGE 541
AT-S63 Management Software Command Line Interface User’s Guide SHOW GARP COUNTER Syntax show garp=gvrp counter Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported.
PAGE 542
Chapter 30: GARP VLAN Registration Protocol Commands Receive GARP Messages: LeaveIn Transmit GARP Messages: LeaveIn Receive GARP Messages: Empty Transmit GARP Messages: Empty Receive GARP Messages: Bad Message Receive GARP Messages: Bad Attribute Example The following command displays information for all GARP application counters: show garp=gvrp counter 542 Section VI: Virtual LANs
PAGE 543
AT-S63 Management Software Command Line Interface User’s Guide SHOW GARP DATABASE Syntax show garp=gvrp db|database Parameters garp Specifies the GARP application you want to display. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported. Description This command displays the following parameters for the internal database for the GARP application.
PAGE 544
Chapter 30: GARP VLAN Registration Protocol Commands SHOW GARP GIP Syntax show garp=gvrp gip Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported.
PAGE 545
AT-S63 Management Software Command Line Interface User’s Guide SHOW GARP MACHINE Syntax show garp=gvrp machine Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported. Description This command displays the following parameters for the GID state machines for the GARP application.
PAGE 546
Chapter 30: GARP VLAN Registration Protocol Commands 546 Section VI: Virtual LANs
PAGE 547
Chapter 31 Protected Ports VLAN Commands This chapter contains the following commands: “ADD VLAN GROUP” on page 548 “CREATE VLAN PORTPROTECTED” on page 550 “DELETE VLAN” on page 551 “DESTROY VLAN” on page 553 “SET VLAN” on page 554 “SHOW VLAN” on page 555 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on this feature, refer to Chapter 28, “Protected Ports VLANs” in the AT-S63 Management Software Menus Interface User’s Guide.
PAGE 548
Chapter 31: Protected Ports VLAN Commands ADD VLAN GROUP Syntax 1 add vlan=name|vid ports=ports frame=tagged|untagged group=uplink|1..256 Syntax 2 add vlan=name|vid [taggedports=ports] [untaggedports=ports] group=uplink|1..256 Parameters vlan Specifies the name or VID of the protected ports VLAN where ports are to be added. You can identify the VLAN by either its name or VID. ports Specifies the uplink port(s) or the ports of a group.
PAGE 549
AT-S63 Management Software Command Line Interface User’s Guide Note the following before using this command: You must first create the protected ports VLAN by giving it a name and a VID before you can add ports. Creating a VLAN is accomplished with “CREATE VLAN PORTPROTECTED” on page 550. Both command syntaxes perform the same function. The difference is that with syntax 1 you can add ports of only one type, tagged or untagged, at a time. With syntax 2, you can add both at the same time.
PAGE 550
Chapter 31: Protected Ports VLAN Commands CREATE VLAN PORTPROTECTED Syntax create vlan=name vid=vid portprotected Parameters vlan Specifies the name of the new protected ports VLAN. The name can be from one to fifteen alphanumeric characters in length. The name should reflect the function of the nodes that will be a part of the protected ports VLAN (for example, InternetGroups). The name cannot contain spaces or special characters, such as an asterisk (*) or exclamation point (!).
PAGE 551
AT-S63 Management Software Command Line Interface User’s Guide DELETE VLAN Syntax 1 delete vlan=name|vid ports=ports frame=tagged|untagged Syntax 2 delete vlan=name|vid [taggedports=ports] [untaggedports=ports] Parameters vlan Specifies the name or VID of the VLAN to be modified. You can specify the VLAN by its name or VID. port Specifies the port to be removed from the VLAN. You can specify more than one port at a time. This parameter must be used with the FRAME parameter.
PAGE 552
Chapter 31: Protected Ports VLAN Commands Examples The following command uses Syntax 1 to delete untagged port 12 from the InternetGroups VLAN: delete vlan=InternetGroups port=12 frame=untagged The following command accomplishes the same thing using Syntax 2: delete vlan=InternetGroups untaggedports=12 552 Section VI: Virtual LANs
PAGE 553
AT-S63 Management Software Command Line Interface User’s Guide DESTROY VLAN Syntax destroy vlan=name|vid|all Parameters vlan Specifies the name or VID of the VLAN to be destroyed. To delete all tagged, port-based, and protected ports VLANs on the switch, use the ALL option. Description This command deletes VLANs from the switch. You can use this command to delete tagged, port-based, and protected port VLANs. All untagged ports in a deleted VLAN are automatically returned to the Default_VLAN.
PAGE 554
Chapter 31: Protected Ports VLAN Commands SET VLAN Syntax set vlan=name|vid port=ports frame=tagged|untagged Parameters vlan Specifies the name or VID of the VLAN to be modified. ports Specifies the port whose VLAN type is to be changed. You can specify more than one port at a time. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-22), or both (for example, 1, 5, 14-22). frame Identifies the new VLAN type for the port. The type can be tagged or untagged.
PAGE 555
AT-S63 Management Software Command Line Interface User’s Guide SHOW VLAN Syntax show vlan[=name|vid] Parameter vlan Specifies the name or VID of the VLAN you want to view. Omitting this displays all VLANs. Description This command displays information about the VLANs on the switch. An example of the information displayed by this command for a protected ports VLAN is shown in Figure 53. VLAN Name ............................ VLAN ID .............................. VLAN Type ............................
PAGE 556
Chapter 31: Protected Ports VLAN Commands For an example of the information displayed by this command for a portbased or tagged VLAN, see Figure 51 on page 529. For an example of a MAC address-based VLAN, see Figure 54 on page 565.
PAGE 557
Chapter 32 MAC Address-based VLAN Commands This chapter contains the following commands: “ADD VLAN MACADDRESS” on page 558 “ADD VLAN PORT MACADDRESS” on page 559 “CREATE VLAN TYPE=MACADDRESS” on page 560 “DELETE VLAN MACADDRESS” on page 562 “DELETE VLAN PORT MACADDRESS” on page 563 “DESTROY VLAN” on page 564 “SHOW VLAN” on page 565 Note Remember to use the SAVE CONFIGURATION command to save your changes on the switch.
PAGE 558
Chapter 32: MAC Address-based VLAN Commands ADD VLAN MACADDRESS Syntax add vlan=name|vid macaddress|destaddress=mac-address Parameters vlan Specifies the name or VID of the VLAN to be modified. macaddress or destaddress Specifies the MAC address to add to the VLAN. These parameters are equivalent. A MAC address can be entered in either of the following formats: xx:xx:xx:xx:xx:xx or xxxxxxxxxxxx Description This command adds a MAC address to a MAC address-based VLAN.
PAGE 559
AT-S63 Management Software Command Line Interface User’s Guide ADD VLAN PORT MACADDRESS Syntax add vlan=name|vid port=ports macaddress|destaddress=mac- address Parameters vlan Specifies the name or VID of the VLAN to be modified. port Specifies the egress port(s) to assign to the MAC address. You can specify more than one egress port. macaddress or destaddress Specifies the MAC address to be assigned the egress port(s).
PAGE 560
Chapter 32: MAC Address-based VLAN Commands CREATE VLAN TYPE=MACADDRESS Syntax create vlan=name vid=vid type=macaddress Parameters vlan Specifies the name of the VLAN. You must assign a name to a VLAN. The name can be from 1 to 20 characters in length and should reflect the function of the nodes that will be a part of the VLAN (for example, Sales or Accounting). The name cannot contain spaces or special characters, such as asterisks (*) or exclamation points (!).
PAGE 561
AT-S63 Management Software Command Line Interface User’s Guide Description This command is the first in the series to creating a MAC address-based VLAN. This command assigns the VLAN a name and a VID and sets the VLAN type. After you have initially created the VLAN with this command, you must assign the MAC addresses. These are the source addresses of the nodes that are to belong to the VLAN. The command for adding MAC addresses to a VLAN is “ADD VLAN MACADDRESS” on page 558.
PAGE 562
Chapter 32: MAC Address-based VLAN Commands DELETE VLAN MACADDRESS Syntax delete vlan=name|vid macaddress|destaddress=mac-address Parameters vlan Specifies the name or VID of the VLAN to be modified. macaddress or destaddress Specifies the MAC address to be removed from the VLAN. These parameters are equivalent. You can remove only one MAC address at a time.
PAGE 563
AT-S63 Management Software Command Line Interface User’s Guide DELETE VLAN PORT MACADDRESS Syntax delete vlan=name|vid port=ports macaddress=mac-address Parameters vlan Specifies the name or VID of the VLAN to be modified. port Specifies the egress port to be removed for the MAC address. You can remove more than one egress port at a time. macaddress Specifies a MAC address to which the port is assigned.
PAGE 564
Chapter 32: MAC Address-based VLAN Commands DESTROY VLAN Syntax destroy vlan vlan=name|all [vid=vid] Parameters vlan Specifies the name of the VLAN to be deleted. To delete all VLANs, use the ALL option. vid Specifies the VID of the VLAN to be deleted. This parameter is optional. Description The command deletes port-based, tagged, and MAC address-based VLANs. You can use the command to deleted selected VLANS or to delete all VLANs, with the exception of the Default_VLAN.
PAGE 565
AT-S63 Management Software Command Line Interface User’s Guide SHOW VLAN Syntax show vlan[=name|vid] Parameter vlan Specifies the name or VID of the VLAN. Description This command displays the VLANs on the switch. An example of the information displayed by this command for a MAC address-based VLAN is shown in Figure 54. VLAN Name ............................ VLAN ID .............................. VLAN Type ............................ Protected Ports ...................... Untagged Port(s) .............
PAGE 566
Chapter 32: MAC Address-based VLAN Commands MAC Address / Ports - The MAC addresses of the VLAN and the egress ports. For an example of the information displayed by this command for a portbased or tagged VLAN, see Figure 51 on page 529. For an example of a protected ports VLAN, see Figure 53 on page 555.
PAGE 567
Section VII Port Security The chapters in this section provide the commands for configuring port security using the AT-S63 management software. The chapters include: Section IV: Port Security Chapter 33, “MAC Address-based Port Security Commands” on page 569 Chapter 34, “802.
PAGE 568
Section IV: Port Security
PAGE 569
Chapter 33 MAC Address-based Port Security Commands This chapter contains the following command: “SET SWITCH PORT INTRUSIONACTION” on page 570 “SET SWITCH PORT SECURITYMODE” on page 571 “SHOW SWITCH PORT INTRUSION” on page 574 “SHOW SWITCH PORT SECURITYMODE” on page 575 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 570
Chapter 33: MAC Address-based Port Security Commands SET SWITCH PORT INTRUSIONACTION Syntax set switch port=port intrusionaction=discard|trap|disable Parameters port Specifies the port where you want to change the intrusion action. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). intrusionaction Specifies the action the port takes when it receives an invalid frame.
PAGE 571
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH PORT SECURITYMODE Syntax set switch port=port [securitymode=automatic|limited|secured|locked] [intrusionaction=discard|trap|disable] [learn=value] [participate=yes|no|on|off|true|false] Parameters port Specifies the port where you want to set security. You can specify more than one port at a time.You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22).
PAGE 572
Chapter 33: MAC Address-based Port Security Commands intrusionaction Specifies the action taken by the port in the event port security is violated. This parameter applies only to the Limited security mode. Intrusion actions are: discard Discards invalid frames. This is the default setting. trap Discards invalid frames and sends a management trap. disable Discards invalid frames, sends a management trap, and disables the port.
PAGE 573
AT-S63 Management Software Command Line Interface User’s Guide The management software displays a confirmation prompt whenever you perform this command. Responding with Y for yes completes your command, while N for no cancels the command. Examples The following command sets the security level for port 8 to the Limited mode and specifies a limit of 5 dynamic MAC addresses.
PAGE 574
Chapter 33: MAC Address-based Port Security Commands SHOW SWITCH PORT INTRUSION Syntax show switch port=port intrusion Parameter port Specifies the port where you want to view the number of intrusions that have occurred. You can specify more than one port at a time. Description This command displays the number of times a port has detected an intrusion violation.
PAGE 575
AT-S63 Management Software Command Line Interface User’s Guide SHOW SWITCH PORT SECURITYMODE Syntax show switch port=port securitymode Parameters port Specifies the port whose security mode settings you want to view. You can specify the ports individually (for example, 5,7,22), as a range (for example, 1823), or both (for example, 1,5,14-22). Description This command displays the security mode settings for the ports on the switch.
PAGE 576
Chapter 33: MAC Address-based Port Security Commands Example The following command displays the security mode settings for ports 1 to 5: show switch port=1-5 securitymode 576 Section VII: Port Security
PAGE 577
Chapter 34 802.
PAGE 578
Chapter 34: 802.1x Port-based Network Access Control Commands DISABLE PORTACCESS|PORTAUTH Syntax disable portaccess|portauth Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters None. Description This command disables 802.1x Port-based Network Access Control on the switch. This is the default setting. Example The following command disables 802.
PAGE 579
AT-S63 Management Software Command Line Interface User’s Guide DISABLE RADIUSACCOUNTING Syntax disable radiusaccounting Parameters None Description This command disables RADIUS accounting on the switch. Example The following command disables RADIUS accounting: disable radiusaccounting Equivalent Command set radiusaccounting status=disabled For information, see “SET RADIUSACCOUNTING” on page 592.
PAGE 580
Chapter 34: 802.1x Port-based Network Access Control Commands ENABLE PORTACCESS|PORTAUTH Syntax enable portaccess|portauth Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters None. Description This command activates 802.1x Port-based Network Access Control on the switch. The default setting for this feature is disabled. Note You should activate and configure the RADIUS client software on the switch before activating port-based access control. Refer to “SET AUTHENTICATION” on page 658.
PAGE 581
AT-S63 Management Software Command Line Interface User’s Guide ENABLE RADIUSACCOUNTING Syntax enable radiusaccounting Parameters None Description This command activates RADIUS accounting on the switch. Example The following command activates RADIUS accounting: enable radiusaccounting Equivalent Command set radiusaccounting status=enabled For information, see “SET RADIUSACCOUNTING” on page 592.
PAGE 582
Chapter 34: 802.
PAGE 583
AT-S63 Management Software Command Line Interface User’s Guide type or role mode control Specifies the role of the port. The parameters are equivalent. The options are: authenticator Specifies the authenticator role. none Disables port-based access control on the port. Controls the operating mode of an authenticator port. The options are: single Configures the port to accept only one authentication. This authenticator mode should be used together with the piggyback mode.
PAGE 584
Chapter 34: 802.1x Port-based Network Access Control Commands and the authentication server. Each client that attempts to access the network is uniquely identified by the switch by using the client's MAC address. This is the default setting. 584 authorised or forceauthenticate Disables 802.1X port-based authentication and causes the port to transition to the authorized state without any authentication exchange required. The port transmits and receives normal traffic without 802.
PAGE 585
AT-S63 Management Software Command Line Interface User’s Guide of the link between the supplicant and the switch or the switch is reset or power cycled. reauthperiod Enables periodic reauthentication of the client, which is disabled by default. The default value is 3600 seconds. The range is 1 to 65,535 seconds. supptimeout Sets the switch-to-client retransmission time for the EAP-request frame. The default value for this parameter is 30 seconds. The range is 1 to 600 seconds.
PAGE 586
Chapter 34: 802.1x Port-based Network Access Control Commands both An authenticator port, when in the unauthorized state, does not forward ingress or egress broadcast and multicast packets from or to the client until the client has logged on. This parameter is only available when the authenticator’s operating mode is set to single. When set to multiple, an authenticator port does not forward ingress or egress broadcast or multicast packets until at least one client has logged on.
PAGE 587
AT-S63 Management Software Command Line Interface User’s Guide A Guest VLAN is only supported when the operating mode of the port is set to Single. The specified VLAN must already exit on the switch. vlanassignment securevlan Specifies whether to use the VLAN assignments entered in the user accounts on the RADIUS server. Options are: enabled Specifies that the authenticator port is to use the VLAN assignments returned by the RADIUS server when a supplicant logs on. This is the default setting.
PAGE 588
Chapter 34: 802.1x Port-based Network Access Control Commands Examples The following command sets ports 4 to 6 to the authenticator role. The authentication method is set to 802.1x, meaning that the supplicants must have 802.1x client software and provide a username and password, either automatically or manually, when logging on and during reauthentications. The operating mode is set to Single and the piggy back mode to disabled. At these settings, only one supplicant can use each port.
PAGE 589
AT-S63 Management Software Command Line Interface User’s Guide set portaccess=8021x port=22 role=authenticator mode=multi The following command assigns the Guest VLAN “Product_show” to authenticator ports 5 and 12. The ports function as untagged members of the VLAN and allow any network user access to the VLAN without logging on. However, should a port start to receive EAPOL packets, it assumes that a supplicant is initiating a log on and changes to the unauthorized state.
PAGE 590
Chapter 34: 802.1x Port-based Network Access Control Commands SET PORTACCESS|PORTAUTH PORT ROLE=SUPPLICANT Syntax set portaccess|portauth port=port type|role=supplicant|none [authperiod=value] [heldperiod=value] [maxstart=value] [startperiod=value] [username|name=name] [password=password] Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters 590 port Specifies the port that you want to set to the supplicant role or whose supplicant settings you want to adjust.
PAGE 591
AT-S63 Management Software Command Line Interface User’s Guide username or name Specifies the username for the switch port. The parameters are equivalent. The port sends the name to the authentication server for verification when the port logs on to the network. The username can be from 1 to 16 alphanumeric characters (A to Z, a to z, 1 to 9). Do not use spaces or special characters, such as asterisks or exclamation points. The username is case-sensitive.
PAGE 592
Chapter 34: 802.1x Port-based Network Access Control Commands SET RADIUSACCOUNTING Syntax set radiusaccounting [status=enabled|disabled] [serverport=value] [type=network] [trigger=start_stop|stop_only] [updateenable=enabled|disabled] [interval=value] Parameters status 592 Activates and deactivates RADIUS accounting on the switch. The options are: enabled Activates RADIUS accounting. This option is equivalent to “ENABLE RADIUSACCOUNTING” on page 581. disabled Deactivates the feature.
PAGE 593
AT-S63 Management Software Command Line Interface User’s Guide Description RADIUS accounting is supported on those switch ports operating in the Authenticator role. The accounting information sent by the switch to a RADIUS server includes the date and time when clients log on and log off, as well as the number of packets sent and received by a switch port during a client session. This feature is disabled by default on the switch.
PAGE 594
Chapter 34: 802.1x Port-based Network Access Control Commands SHOW PORTACCESS|PORTAUTH Syntax show portaccess|portauth=8021x|macbased Parameters portaccess or portauth Specifies the authenticator method of the port. Options are: 8021x Displays information for an 802.1x authenticator port. macbased Displays information for a MAC addressbased authenticator port. config Displays whether port-based access control is enabled or disabled on the switch. status Displays the role and status of each port.
PAGE 595
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command displays the port roles of all the ports. show portaccess The following command displays just the 802.
PAGE 596
Chapter 34: 802.1x Port-based Network Access Control Commands SHOW PORTACCESS|PORTAUTH PORT Syntax show portaccess|portauth=8021x|macbased port=port authenticator|supplicant [config] [status] Parameters portaccess or portauth Specifies the authenticator method of the port. Options are: 8021x Displays information for an 802.1x authenticator port. macbased Displays information for a MAC addressbased authenticator port. port Specifies the port whose port-based access control settings you want to view.
PAGE 597
AT-S63 Management Software Command Line Interface User’s Guide Port 1 PAE Type.................. Supplicant Mode........... AuthControlPortControl.... quietPeriod............... txPeriod.................. suppTimeout............... serverTimeout............. maxReq.................... reAuthPeriod.............. reAuthEnabled............. vlanAssignment............ secureVlan................ guestVlan................. adminControlDirection..... piggyBack.................
PAGE 598
Chapter 34: 802.
PAGE 599
AT-S63 Management Software Command Line Interface User’s Guide SHOW RADIUSACCOUNTING Syntax show radiusaccounting Parameters None. Description This command displays the current parameter settings for RADIUS accounting, which sends updates of supplicant activity on the switch’s authenticator ports to the RADIUS server. Figure 59 is an example of the information displayed by this command. Radius Accounting Configuration ------------------------------------Radius Accounting Status ...........
PAGE 600
Chapter 34: 802.1x Port-based Network Access Control Commands Radius Accounting Update Interval - Specifies the interval at which the switch sends interim accounting updates to the RADIUS server. The default is 60 seconds.
PAGE 601
Section VIII Management Security The chapters in this section contain the commands for configuring management security using the AT-S63 management software.
PAGE 602
Section VIII: Management Security
PAGE 603
Chapter 35 Web Server Commands This chapter contains the following commands: “DISABLE HTTP SERVER” on page 604 “ENABLE HTTP SERVER” on page 605 “PURGE HTTP SERVER” on page 606 “SET HTTP SERVER” on page 607 “SHOW HTTP SERVER” on page 612 Note Remember to use the SAVE CONFIGURATION command to save your changes. Note For background information on this feature, refer to Chapter 32, “Web Server” in the AT-S63 Management Software Menus Interface User’s Guide.
PAGE 604
Chapter 35: Web Server Commands DISABLE HTTP SERVER Syntax disable http server Parameters None. Description This command disables the web server on the switch. When the server is disabled, you cannot manage the switch from a web browser. To view the current status of the web server, see “SHOW HTTP SERVER” on page 612. The default setting for the web server is enabled.
PAGE 605
AT-S63 Management Software Command Line Interface User’s Guide ENABLE HTTP SERVER Syntax enable http server Parameters None. Description This command activates the web server on the switch. Activating the server allows you to manage the unit from a web browser. To view the current status of the web server, see “SHOW HTTP SERVER” on page 612. The default setting for the web server is enabled.
PAGE 606
Chapter 35: Web Server Commands PURGE HTTP SERVER Syntax purge http server Parameters None. Description This command resets the HTTP server to its default values, as specified in Appendix A, “AT-S63 Default Settings” in the AT-S63 Management Software Menus Interface User’s Guide. To view the current web server settings, refer to “SHOW HTTP SERVER” on page 612.
PAGE 607
AT-S63 Management Software Command Line Interface User’s Guide SET HTTP SERVER Syntax set http server [security=enabled|disabled] [sslkeyid=keyid] [port=port] Parameters security Specifies the security mode of the web server. The options are: enabled Specifies that the web server is to function in the secure HTTPS mode. disabled Specifies that the web server is to function in the non-secure HTTP mode. This is the default. sslkeyid Specifies a key pair ID.
PAGE 608
Chapter 35: Web Server Commands Examples The following command configures the web server for the non-secure HTTP mode. Since no port is specified, the default HTTP port 80 is used: set http server security=disabled The following command configures the web server for the secure HTTPS mode. It specifies the key pair ID as 5.
PAGE 609
AT-S63 Management Software Command Line Interface User’s Guide 2. This command creates a self-signed certificate using the key created in step 1. The certificate is assigned the filename “Sw12cert.cer. (The “.cer” extension is not included in the command because it is added automatically by the management software.) The certificate is assigned the serial number 0 and a distinguished name of 149.11.11.
PAGE 610
Chapter 35: Web Server Commands 5. Upload the enrollment request from the switch to a management station or FTP server using “UPLOAD METHOD=XMODEM” on page 246 or “UPLOAD METHOD=TFTP” on page 243. 6. Submit the enrollment request to a CA. 7. After you have received the CA certificates, download them into the switch’s file system using “LOAD METHOD=XMODEM” on page 232 or “LOAD METHOD=TFTP” on page 228. 8. Add the CA certificates to the certificate database using “ADD PKI CERTIFICATE” on page 622. 9.
PAGE 611
AT-S63 Management Software Command Line Interface User’s Guide 5. These commands download the CA certificates into the switch’s file system from the TFTP server. The commands assume that the IP address of the server is 149.88.88.88 and that the certificate names are “sw24cer.cer” and “ca.cer”. (This step could be performed using Xmodem.) load method=tftp destfile=sw24cer.cer server=149.88.88.88 file=c:sw24cer.cer load method=tftp destfile=ca.cer server=149.88.88.88 file=c:ca.cer 6.
PAGE 612
Chapter 35: Web Server Commands SHOW HTTP SERVER Syntax show http server Parameters None.
PAGE 613
Chapter 36 Encryption Key Commands This chapter contains the following commands: “CREATE ENCO KEY” on page 614 “DESTROY ENCO KEY” on page 618 “SET ENCO KEY” on page 619 “SHOW ENCO” on page 620 Note Remember to save your changes with the SAVE CONFIGURATION command. Note The feature is not available in all versions of the AT-S63 management software. Contact your Allied Telesyn sales representative to determine if this feature is available in your locale.
PAGE 614
Chapter 36: Encryption Key Commands CREATE ENCO KEY Syntax 1 create enco key=key-id type=rsa length=value [description="description"] Syntax 2 create enco key=key-id type=rsa [description="description"] [file=filename.key] [format=hex|ssh|ssh2] Parameters key Specifies a key ID. The range is 0 to 65,535. The default is 0. When creating a new key this value must be unique from all other key IDs on the switch. type Specifies the type of key, which can only be a random RSA key.
PAGE 615
AT-S63 Management Software Command Line Interface User’s Guide ssh Specifies a format for Secure Shell version 1 users. ssh2 Specifies a format for Secure Shell version 2 users. Description This command serves two functions. One is to create encryption keys. The other is to import and export public encryption keys from the AT-S63 file system to the key database. Caution Key generation is a CPU-intensive process.
PAGE 616
Chapter 36: Encryption Key Commands Syntax 1 Examples This example creates a key with the ID of 12 and a length of 512 bits: create enco key=12 type=rsa length=512 This example creates a key with the ID of 4, a length of 1024 bits, and a description of “Switch12a encryption key”: create enco key=4 type=rsa length=1024 description="Switch12a encryption key" Syntax 2 Description Syntax 2 is used to import and export public encryption keys.
PAGE 617
AT-S63 Management Software Command Line Interface User’s Guide key. This parameter should be used only when importing a key and not when exporting a key. The description will appear next to the key when you view the key database. Descriptions can help you identify the different keys stored in the switch. The FORMAT parameter specifies the format of the key, which can be either Secure Shell format (SSH version 1 or 2) or hexadecimal format (HEX).
PAGE 618
Chapter 36: Encryption Key Commands DESTROY ENCO KEY Syntax destroy enco key=key-id Parameter key Specifies the ID number of the key pair to be deleted from the key database. Description This command deletes an encryption key pair from the key database. This command also deletes a key’s corresponding ”.UKF” file from the file system. After a key pair is deleted, any SSL certificate created using the public key of the key pair will be invalid and cannot be used to manage the switch.
PAGE 619
AT-S63 Management Software Command Line Interface User’s Guide SET ENCO KEY Syntax set enco key=key-id description="description" Parameters key Specifies the ID number of the key pair whose description you want to change. description Specifies the new description of the key. The description can contain up to 25 alphanumeric characters. Spaces are allowed. The description must be enclosed in double quotes. Description This command changes the description of a key pair.
PAGE 620
Chapter 36: Encryption Key Commands SHOW ENCO Syntax show enco key=[key-id] Parameters key Specifies the ID of a specific key whose information you want to display. Otherwise, all keys are displayed. Description This command displays information about encryption key pairs stored in the key database.
PAGE 621
Chapter 37 Public Key Infrastructure (PKI) Certificate Commands This chapter contains the following commands: “ADD PKI CERTIFICATE” on page 622 “CREATE PKI CERTIFICATE” on page 624 “CREATE PKI ENROLLMENTREQUEST” on page 627 “DELETE PKI CERTIFICATE” on page 629 “PURGE PKI” on page 630 “SET PKI CERTIFICATE” on page 631 “SET PKI CERTSTORELIMIT” on page 633 “SET SYSTEM DISTINGUISHEDNAME” on page 634 “SHOW PKI” on page 635 “SHOW PKI CERTIFICATE” on page 636 Note Remember t
PAGE 622
Chapter 37: Public Key Infrastructure (PKI) Certificate Commands ADD PKI CERTIFICATE Syntax add pki certificate="name" location="filename.cer" [trusted=yes|no|on|off|true|false] [type=ca|ee|self] Parameters certificate Specifies a name for the certificate. This is the name for the certificate as it will appear in the certificate database list. The name can up to 40 alphanumeric characters. Spaces are allowed. If the name contains spaces, it must be enclosed in double quotes.
PAGE 623
AT-S63 Management Software Command Line Interface User’s Guide The CERTIFICATE parameter assigns the certificate a name. The name can be from 1 to 40 alphanumeric characters. Each certificate in the database should be given a unique name. The LOCATION parameter specifies the filename of the certificate as stored in the switch’s file system. When specifying the filename, be sure to include the file extension “.cer”. The TRUSTED parameter specifies whether the certificate is from a trusted CA.
PAGE 624
Chapter 37: Public Key Infrastructure (PKI) Certificate Commands CREATE PKI CERTIFICATE Syntax create pki certificate=name keypair=key-id serialnumber=value [format=der|pem] subject="distinguished-name" Parameters certificate Specifies a name for the self-signed certificate. The name can be from one to eight alphanumeric characters. Spaces are allowed; if included, the name must be enclosed in double quotes. The management software automatically adds the “.cer” extension.
PAGE 625
AT-S63 Management Software Command Line Interface User’s Guide encrypted web browser management systems until it is loaded into the database. For instructions, refer to “ADD PKI CERTIFICATE” on page 622. Note For a review of the steps to configuring the web server for a selfsigned certificate, refer to “SET HTTP SERVER” on page 607. The CERTIFICATE parameter assigns a file name to the certificate. This is the name under which the certificate will be stored as in the switch’s file system.
PAGE 626
Chapter 37: Public Key Infrastructure (PKI) Certificate Commands Examples The following command creates a self-signed certificate. It assigns the certificate the filename “sw12.cer”. (The management software automatically adds the “.cer” extension.) The command uses the key pair with the ID 12 to create the certificate. The format is ASCII and the distinguished name is the IP address of a master switch: create pki certificate=sw12 keypair=12 serialnumber=0 format=pem subject="cn=149.11.11.
PAGE 627
AT-S63 Management Software Command Line Interface User’s Guide CREATE PKI ENROLLMENTREQUEST Syntax create pki enrollmentrequest="name" keypair=key-id [format=der|pem] [type=pkcs10] Parameters enrollmentrequest Specifies a filename for the enrollment request. The filename can be from 1 to 8 alphanumeric characters. If the name contains spaces, it must be enclosed in double quotes. The management software automatically adds the “.csr” extension.
PAGE 628
Chapter 37: Public Key Infrastructure (PKI) Certificate Commands Note For a review of the steps to configuring the web server for a CA certificate, refer to “SET HTTP SERVER” on page 607. The ENROLLMENTREQUEST parameter specifies a filename for the request. The filename can contain from 1 to 8 alphanumeric characters. If spaces are used, the name must be enclosed in quotes. The management software automatically adds the “.csr” extension.
PAGE 629
AT-S63 Management Software Command Line Interface User’s Guide DELETE PKI CERTIFICATE Syntax delete pki certificate="name" Parameter certificate Specifies the name of the certificate you want to delete from the certificate database. The name is case sensitive. If the name contains spaces, it must be enclosed in double quotes. Wildcards are not allowed. Description This command deletes a certificate from the switch’s certificate database.
PAGE 630
Chapter 37: Public Key Infrastructure (PKI) Certificate Commands PURGE PKI Syntax purge pki Parameters None. Description This command deletes all certificates from the certificate database and resets the certificate database storage limit to the default. This command does not delete the certificates from the file system. To delete files from the file system, refer to “DELETE FILE” on page 213.
PAGE 631
AT-S63 Management Software Command Line Interface User’s Guide SET PKI CERTIFICATE Syntax set pki certificate="name" [trusted=yes|no|on|off|true|false] [type=ca|ee|self] Parameters certificate Specifies the certificate name whose trust or type you want to change. The name is case sensitive. If the name contains spaces, it must be enclosed in quotes. trusted Specifies whether or not the certificate is from a trusted CA.
PAGE 632
Chapter 37: Public Key Infrastructure (PKI) Certificate Commands Note The TRUSTED and TYPE parameters have no affect on the operation of a certificate. You can select any permitted value for either parameter. The parameters are included only as placeholders for information in the certificate database. Example The following command sets the certificate named “Switch 12 certificate” to be trusted.
PAGE 633
AT-S63 Management Software Command Line Interface User’s Guide SET PKI CERTSTORELIMIT Syntax set pki certstorelimit=value Parameter certstorelimit Specifies the maximum number of certificates that can be stored in the certificate database. The range is 12 and 256; the default is 256. Description This command sets the maximum number of certificates that can be stored in the switch’s certificate database.
PAGE 634
Chapter 37: Public Key Infrastructure (PKI) Certificate Commands SET SYSTEM DISTINGUISHEDNAME Syntax set system distinguishedname="name" Parameter distinguishedname Specifies the distinguished name for the switch. The name must be enclosed in quotes. Description This command sets the distinguished name for the switch. The distinguished name is used to create a self signed certificate or enrollment request.
PAGE 635
AT-S63 Management Software Command Line Interface User’s Guide SHOW PKI Syntax show pki Parameters None. Description This command displays the current setting for the maximum number of certificates the switch will allow you to store in the certificate database. To change this value, refer to “SET PKI CERTSTORELIMIT” on page 633.
PAGE 636
Chapter 37: Public Key Infrastructure (PKI) Certificate Commands SHOW PKI CERTIFICATE Syntax show pki certificate[="name"] Parameter certificate Specifies the name of the certificate whose information you want to view. If the name contains spaces, it must be enclosed in double quotes. This parameter is case sensitive. Wildcards are not allowed. Description This command lists all of the certificates in the certificates database.
PAGE 637
Chapter 38 Secure Sockets Layer (SSL) Commands This chapter contains the following command: “SET SSL” on page 638 “SHOW SSL” on page 639 Note Remember to save your changes with the SAVE CONFIGURATION command. Note The feature is not available in all versions of the AT-S63 management software. Contact your Allied Telesyn sales representative to determine if this feature is available in your locale.
PAGE 638
Chapter 38: Secure Sockets Layer (SSL) Commands SET SSL Syntax set ssl [cachetimeout=value] [maxsessions=value] Parameters cachetimeout Specifies the maximum time in seconds that a session will be retained in the cache The range is 1 to 600 seconds. The default is 300 seconds. maxsessions Specifies the maximum number of sessions that will be allowed in the session resumption cache. The range is 0 to 100 sessions. The default is 50 sessions. Description This command configures the SSL parameters.
PAGE 639
AT-S63 Management Software Command Line Interface User’s Guide SHOW SSL Syntax show ssl Parameters None.
PAGE 640
Chapter 38: Secure Sockets Layer (SSL) Commands 640 Section VIII: Management Security
PAGE 641
Chapter 39 Secure Shell (SSH) Commands This chapter contains the following commands: “DISABLE SSH SERVER” on page 642 “ENABLE SSH SERVER” on page 643 “SET SSH SERVER” on page 646 “SHOW SSH” on page 648 Note Remember to save your changes with the SAVE CONFIGURATION command. Note The feature is not available in all versions of the AT-S63 management software. Contact your Allied Telesyn sales representative to determine if this feature is available in your locale.
PAGE 642
Chapter 39: Secure Shell (SSH) Commands DISABLE SSH SERVER Syntax disable ssh server Parameters None. Description This command disables the Secure Shell server. When the Secure Shell server is disabled, connections from Secure Shell clients are not accepted. By default, the Secure Shell server is disabled.
PAGE 643
AT-S63 Management Software Command Line Interface User’s Guide ENABLE SSH SERVER Syntax enable ssh server hostkey=key-id serverkey=key-id [expirytime=hours] [logintimeout=seconds] Parameters hostkey Specifies the ID number of the encryption key pair to function as the host key. serverkey Specifies the ID number of the encryption key pair to function as the server key. expirytime Specifies the length of time, in hours, after which the server key pair is regenerated. The range is 0 to 5 hours.
PAGE 644
Chapter 39: Secure Shell (SSH) Commands Note Before you enable SSH, disable the Telnet management session. Otherwise, the security provided by SSH is not active. See “DISABLE TELNET” on page 45. Example The following command activates the Secure Shell server and specifies encryption key pair 0 as the host key and key pair 1 as the server key: enable ssh server hostkey=0 serverkey=1 General Configuration Steps for SSH Operation Configuring the SSH server involves several commands.
PAGE 645
AT-S63 Management Software Command Line Interface User’s Guide Example The following is an example of the command sequence to configuring the SSH software on the server: 1. The first step is to create the two encryption key pairs. Each key must be created separately and the key lengths must be at least one increment (256 bits) apart.
PAGE 646
Chapter 39: Secure Shell (SSH) Commands SET SSH SERVER Syntax set ssh server hostkey=key-id serverkey=key-id [expirytime=hours] [logintimeout=seconds] Parameters hostkey Specifies the ID number of the encryption key pair to function as the host key. serverkey Specifies the ID number of the encryption key pair to function as the server key. expirytime Specifies the length of time, in hours, after which the server key pair is regenerated. The range is 0 to 5 hours. Entering 0 never regenerates the key.
PAGE 647
AT-S63 Management Software Command Line Interface User’s Guide Example The following command sets the Secure Shell server key expiry time to 1 hour: set ssh server expirytime=1 Section VIII: Management Security 647
PAGE 648
Chapter 39: Secure Shell (SSH) Commands SHOW SSH Syntax show ssh Parameters None.
PAGE 649
Chapter 40 TACACS+ and RADIUS Commands This chapter contains the following commands: “ADD RADIUSSERVER” on page 650 “ADD TACACSSERVER” on page 652 “DELETE RADIUSSERVER” on page 653 “DELETE TACACSSERVER” on page 654 “DISABLE AUTHENTICATION” on page 655 “ENABLE AUTHENTICATION” on page 656 “PURGE AUTHENTICATION” on page 657 “SET AUTHENTICATION” on page 658 “SHOW AUTHENTICATION” on page 660 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 650
Chapter 40: TACACS+ and RADIUS Commands ADD RADIUSSERVER Syntax add radiusserver server|ipaddress=ipaddress order=value [secret=string] [port=value] [accport=value] Parameters server or ipaddress Specifies an IP address of a RADIUS server. The parameters are equivalent. order Specifies the order that the RADIUS servers are queried by the switch. This value can be from 1 to 3. The servers are queried starting with 1. secret Specifies the encryption key used for this server.
PAGE 651
AT-S63 Management Software Command Line Interface User’s Guide The following command adds a RADIUS server with an IP address of 149.245.22.22. It specifies the order is 2, the encryption key is tiger74, and the UDP port is 1811: add radiusserver ipaddress=149.245.22.
PAGE 652
Chapter 40: TACACS+ and RADIUS Commands ADD TACACSSERVER Syntax add tacacsserver server|ipaddress=ipaddress order=value [secret=string] Parameters server or ipaddress Specifies an IP address of a TACACS+ server. The parameters are equivalent. order Specifies the order that your TACACS+ servers are queried by the switch. You can assign order to up to 3 servers with 1 being the first server queried. secret Specifies the optional encryption key used on this server. The maximum length is 39 characters.
PAGE 653
AT-S63 Management Software Command Line Interface User’s Guide DELETE RADIUSSERVER Syntax delete radiusserver server|ipaddress=ipaddress Parameter server or ipaddress Specifies the IP address of a RADIUS server to be deleted from the management software. The parameters are equivalent. Description This command deletes the IP address of a RADIUS from your switch. Example The following command deletes the RADIUS server with the IP address 149.245.22.22: delete radiusserver ipaddress=149.245.22.
PAGE 654
Chapter 40: TACACS+ and RADIUS Commands DELETE TACACSSERVER Syntax delete tacacsserver server|ipaddress=ipaddress Parameter server or ipaddress Specifies the IP address of a TACACS+ server to be deleted from the management software. The parameters are equivalent. Description This command deletes the IP address of a TACACS+ server from your switch. Example The following command deletes the TACACS+ server with the IP address 149.245.22.20: delete tacacsserver ipaddress=149.245.22.
PAGE 655
AT-S63 Management Software Command Line Interface User’s Guide DISABLE AUTHENTICATION Syntax disable authentication Parameters None. Description This command disables TACACS+ and RADIUS manager account authentication on your switch. When you disable authentication you retain your current authentication parameter settings. Note This command applies only to TACACS+ and RADIUS manager accounts.
PAGE 656
Chapter 40: TACACS+ and RADIUS Commands ENABLE AUTHENTICATION Syntax enable authentication Parameters None. Description This command enables TACACS+ or RADIUS manager account authentication on your switch. You must use the manager accounts you defined on the TACACS+ or RADIUS server to manage the switch when you enable manager authentication. To select an authenticator protocol, refer to “SET AUTHENTICATION” on page 658. Note If you are using the RADIUS authentication protocol for 802.
PAGE 657
AT-S63 Management Software Command Line Interface User’s Guide PURGE AUTHENTICATION Syntax purge authentication Parameters None. Description This command disables authentication, returns the authentication method to TACACS+, deletes any global secret, and returns the timeout value to its default setting of 10 seconds. This command does not delete the IP address or secret of any RADIUS or TACACS+ authentication servers you may have specified.
PAGE 658
Chapter 40: TACACS+ and RADIUS Commands SET AUTHENTICATION Syntax set authentication method=tacacs|radius [secret=string] [timeout=value] Parameters method Specifies which authenticator protocol, TACACS+ or RADIUS, is to be the active protocol on the switch. secret Specifies the global encryption key of the TACACS+ or RADIUS servers.
PAGE 659
AT-S63 Management Software Command Line Interface User’s Guide The following command selects RADIUS as the authentication protocol with a global encryption key of leopard09 and a timeout of 15 seconds: set authentication method=radius secret=leopard09 timeout=15 The following command removes the current global secret from the RADIUS client without assigning a new value: set authentication method=radius secret=none Section VIII: Management Security 659
PAGE 660
Chapter 40: TACACS+ and RADIUS Commands SHOW AUTHENTICATION Syntax show authentication[=tacacs|radius] Parameters None. Description This command displays the following information about the authenticated protocols on the switch: Status - The status of your authenticated protocol: enabled or disabled. Authentication Method - The authentication protocol activated on your switch. Either TACACS+ or RADIUS protocol may be active. The TACACS+ protocol is the default.
PAGE 661
Chapter 41 Management ACL Commands This chapter contains the following commands: “ADD MGMTACL” on page 662 “CREATE MGMTACL” on page 663 “DESTROY MGMTACL” on page 665 “DISABLE MGMTACL” on page 666 “ENABLE MGMTACL” on page 667 “PURGE MGMTACL” on page 668 “SET MGMTACL” on page 669 “SHOW MGMTACL” on page 670 Note Remember to save your changes with the SAVE CONFIGURATION command.
PAGE 662
Chapter 41: Management ACL Commands ADD MGMTACL Syntax add mgmtacl id=value application=telnet|web|ping|all Parameters id Specifies the identification number of the access control entry to be modified. The range is 1 to 256. To view the ID numbers of the existing ACEs, refer to “SHOW MGMTACL” on page 670. application Specifies the permitted applications of the ACE. The options are: telnet Permits Telnet management. web Permits web browser management.
PAGE 663
AT-S63 Management Software Command Line Interface User’s Guide CREATE MGMTACL Syntax create mgmtacl id=value ipddress=ipaddress mask=string application=telnet|web|ping|all Parameters id Specifies an identification number for the new access control entry. The range is 1 to 256. Every ACE must have a unique identification number. ipaddress Specifies the IP address of a subnet or a specific management station. mask Specifies the mask used by the switch to filter the IP address.
PAGE 664
Chapter 41: Management ACL Commands An ACE is an implicit “permit” statement. A workstation that meets the criteria of the ACE is allowed to remotely manage the switch. The IPADDRESS parameter specifies the IP address of a specific management station or a subnet. The MASK parameter indicates the parts of the IP address the switch should filter on. A binary “1” indicates the switch should filter on the corresponding bit of the address, while a “0” indicates that it should not.
PAGE 665
AT-S63 Management Software Command Line Interface User’s Guide DESTROY MGMTACL Syntax destroy mgmtacl id=value Parameters id Specifies the identification number of the ACE to be deleted. Description This command deletes an ACE from the Management ACL. You specify the ACE by its identification number, which is displayed with “SHOW MGMTACL” on page 670.
PAGE 666
Chapter 41: Management ACL Commands DISABLE MGMTACL Syntax disable mgmtacl Parameters None Description This command disables the Management ACL.
PAGE 667
AT-S63 Management Software Command Line Interface User’s Guide ENABLE MGMTACL Syntax enable mgmtacl Parameters None. Description This command activates the Management ACL. Note Activating the Management ACL without entering any access control entries (ACEs) prohibits you from remotely managing the switch from a Telnet or web browser management session, or pinging the device.
PAGE 668
Chapter 41: Management ACL Commands PURGE MGMTACL Syntax purge mgmtacl Parameters None. Description This command deletes all access control entries from the Management ACL. Note If you are remotely managing the switch from a Telnet management session and the Management ACL is active, your management session will end and you will be unable to reestablish it if you delete all ACEs.
PAGE 669
AT-S63 Management Software Command Line Interface User’s Guide SET MGMTACL Syntax set mgmtacl id=value [ipaddress=ipaddress] [mask=string] [application=telnet|web|ping|all] Parameters id The identification number of the ACE to be modified. To view the ID numbers of the existing ACEs, refer to “SHOW MGMTACL” on page 670. ipaddress Specifies a new IP address for the ACE. mask Specifies a new mask for the ACE. application Specifies the permitted type of remote management.
PAGE 670
Chapter 41: Management ACL Commands SHOW MGMTACL Syntax show mgmtacl [id=value] Parameters id Specifies the ID number of an ACE to view. Description This command displays the state of the Management ACL and ACL entries. Figure 60 is an example of the information displayed by this command. Management ACL Status ......................... Disable ID IP Address Mask Application ---------------------------------------------------------1 149.44.44.44 255.255.255.255 TELNET 2 149.55.55.0 255.255.255.
PAGE 671
Index Numerics 802.1Q multiple VLAN mode 526 802.
PAGE 672
Index Class of Service.
PAGE 673
AT-S63 Management Software Web Browser Interface User’s Guide DISABLE IP REMOTEASSIGN command 44 DISABLE LACP command 183 DISABLE LOG command 257 DISABLE LOG OUTPUT command 258 DISABLE MGMTACL command 666 DISABLE MLDSNOOPING command 380 DISABLE MSTP command 495 DISABLE PORTACCESS|PORTAUTH command 578 DISABLE RADIUSACCOUNTING command 579 DISABLE RRPSNOOPING command 390 DISABLE RSTP command 477 DISABLE SNMP AUTHENTICATETRAP command 111 DISABLE SNMP command 110 DISABLE SNMP COMMUNITY command 112 DISABLE SNTP
PAGE 674
Index GIP 544 port GVRP status 537 resetting to defaults 536 timer, setting 538 gateway address displaying 75 resetting to default 51 setting default 60 GID state machines 545 GIP-connected ring 544 log output adding 250 creating 252 destroying 256 disabling 258 displaying 273 enabling 260 modifying 265 LOGOFF command 35 LOGOUT command 35 H M head of line blocking 133 hello time 466, 480, 498 help, context-sensitive 27 HOL blocking 131 HTTP server configuring 607 disabling 604 displaying 612 enabling 6
PAGE 675
AT-S63 Management Software Web Browser Interface User’s Guide MSTI priority 502 MSTP activating 490 disabling 495 displaying 509 enabling 496 returning to defaults 497 setting 498 VLAN association 504 multicast router port 372, 382 multiple VLAN mode 526 N NULL character 65, 78 O operator password, setting 62, 66 P packet filtering 135 PING command 50 PING OF DEATH denial of service defense 358 PKI certificate database 633 PKI certificate enrollment request creating 627 PKI certificates adding 622 creat
PAGE 676
Index PURGE SNTP command 94 PURGE STP command 465 Q QoS resetting to defaults 302, 334 QoS configuration, displaying 307 QoS flow group adding 310 creating 313 deleting 331 displaying 347 modifying 328, 335 QoS policy adding 311 creating 316 deleting 332 displaying 349 modifying 329, 338, 341 QoS traffic class adding 312 creating 323 deleting 333 displaying 351 modifying 330, 342 Quality of Service.
PAGE 677
AT-S63 Management Software Web Browser Interface User’s Guide SET RSTP PORT command 483 SET SNMP COMMUNITY command 116 SET SNMPV3 ACCESS command 434 SET SNMPV3 COMMUNITY command 436 SET SNMPV3 GROUP command 438 SET SNMPV3 NOTIFY command 440 SET SNMPV3 TARGETADDR command 442 SET SNMPV3 TARGETPARAMS command 444 SET SNMPV3 VIEW command 448 SET SNTP command 96 SET SSH SERVER command 646 SET SSL command 638 SET STP command 466 SET STP PORT command 469 SET SWITCH AGINGTIMER|AGEINGTIMER command 161 SET SWITCH CON
PAGE 678
Index disabling 112 enabling 113, 115 modifying 116 SNMP management access 102 SNMPv3 Access Table entry clearing 399 creating 405 deleting 421 modifying 434 SNMPv3 Community Table entry clearing 401 creating 408 deleting 423 modifying 436 SNMPv3 Notify Table entry clearing 402 creating 412 deleting 425 modifying 440 SNMPv3 SecurityToGroup Table entry creating 410 deleting 424 modifying 438 SNMPv3 Target Address Table entry clearing 403 creating 414 deleting 426 modifying 442 SNMPv3 Target Parameters Table
PAGE 679
AT-S63 Management Software Web Browser Interface User’s Guide trap receiver 102 U untagged port adding 548 deleting 551 UPLOAD METHOD=LOCAL command 236 UPLOAD METHOD=REMOTESWITCH command 238 UPLOAD METHOD=TFTP command 243 UPLOAD METHOD=XMODEM command 246 uploading files 238, 243, 246 UTC offset, setting 96 V VLAN. See 802.
PAGE 680
Index 680