Management Software AT-S63 Command Line Interface User’s Guide AT-9400 Series Layer 2+ Gigabit Ethernet Switches Version 1.1.0 613-50571-00 Rev.
Copyright © 2005 Allied Telesyn, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesyn, Inc. Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. Netscape Navigator is a registered trademark of Netscape Communications Corporation. All other product names, company names, logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners. Allied Telesyn, Inc.
Contents Preface ................................................................................................................................................................................13 Where to Find Web-based Guides .......................................................................................................................................14 Contacting Allied Telesyn ........................................................................................................................
Contents SHOW IP ROUTE.................................................................................................................................................................61 SHOW SWITCH....................................................................................................................................................................62 SHOW SYSTEM ........................................................................................................................................
AT-S63 Management Software Web Browser Interface User’s Guide ADD LACP PORT .............................................................................................................................................................. 136 CREATE LACP AGGREGATOR ....................................................................................................................................... 137 DELETE LACP PORT..............................................................................................
Contents Chapter 16: ACL Commands ..........................................................................................................................................219 CREATE ACL .....................................................................................................................................................................220 DESTROY ACL.................................................................................................................................................
AT-S63 Management Software Web Browser Interface User’s Guide CLEAR SNMPV3 NOTIFY ................................................................................................................................................. 306 CLEAR SNMPV3 TARGETADDR...................................................................................................................................... 307 CLEAR SNMPV3 VIEW ....................................................................................................
Contents CREATE MSTP ..................................................................................................................................................................392 DELETE MSTP ...................................................................................................................................................................393 DESTROY MSTP MSTIID ..............................................................................................................................
AT-S63 Management Software Web Browser Interface User’s Guide Chapter 31: MAC Address Table Commands ............................................................................................................... 477 ADD SWITCH FDB|FILTER ............................................................................................................................................... 478 DELETE SWITCH FDB|FILTER.....................................................................................................
Contents 10
Tables Table 1. File Name Extensions ..........................................................................................................................................168 Table 2. File Name Extensions ..........................................................................................................................................181 Table 3. Default Syslog Facilities .............................................................................................................................
Tables 12
Preface This guide contains instructions on how to use the command line interface of the AT-S63 management software and contains the following sections: “Where to Find Web-based Guides” on page 14 “Contacting Allied Telesyn” on page 15 13
Preface Where to Find Web-based Guides The installation and user guides for all Allied Telesyn products are available in portable document format (PDF) on our web site at www.alliedtelesyn.com. You can view the documents online or download them onto a local workstation or server.
AT-LX3800U Multi-Service Transport System Installation and Maintenance Guide Contacting Allied Telesyn This section provides Allied Telesyn contact information for technical support as well as sales and corporate information. Online Support You can request technical support online by accessing the Allied Telesyn Knowledge Base: http://kb.alliedtelesyn.com. You can use the Knowledge Base to submit questions to our technical support staff and review answers to previously asked questions.
Preface 16
Chapter 1 Starting a Command Line Management Session This chapter contains the following topics: “Starting a Command Line Management Session” on page 18 “Command Line Interface Features” on page 19 “Command Formatting” on page 20 17
Chapter 1: Starting a Command Line Management Session Starting a Command Line Management Session The default management session type is the command line interface (CLI). The prompt differs depending on whether you logged in as manager or operator. If you logged in as manager, you will see “#.” If you logged in as operator, you will see “$.” You can now manage the switch with the command line commands. Note Web browser management does not support the command line interface.
AT-S63 Management Software Command Line Interface User’s Guide Command Line Interface Features The following features are supported in the command line interface: Command history - Use the up and down arrow keys. Context-specific help - Press the question mark key at any time to see a list of legal next parameters. Keyword abbreviations - Any keyword can be recognized by typing an unambiguous prefix, for example, “sh” for “show”.
Chapter 1: Starting a Command Line Management Session Command Formatting The following formatting conventions are used in this manual: screen text font - This font illustrates the format of a command and command examples. 20 screen text font - Italicized screen text indicates a variable for you to enter. [ ] - Brackets indicate optional parameters. | - Vertical line separates parameter options for you to choose from.
Chapter 2 Basic Command Line Commands This chapter contains the following commands: “CLEAR SCREEN” on page 22 “EXIT” on page 23 “HELP” on page 24 “LOGOFF, LOGOUT and QUIT” on page 25 “MENU” on page 26 “SAVE CONFIGURATION” on page 27 “SET PROMPT” on page 28 “SET SWITCH CONSOLEMODE” on page 29 “SHOW USER” on page 30 Note Remember to save your changes with the SAVE CONFIGURATION command.
Chapter 2: Basic Command Line Commands CLEAR SCREEN Syntax clear screen Parameters None. Description This command clears the screen.
AT-S63 Management Software Menus Interface User’s Guide EXIT Syntax exit Parameters None. Description This command displays the AT-S63 Main Menu. It performs the same function as the MENU command.
Chapter 2: Basic Command Line Commands HELP Syntax help Parameters None. Description This command displays a list of the CLI keywords with a brief description for each keyword.
AT-S63 Management Software Menus Interface User’s Guide LOGOFF, LOGOUT and QUIT Syntax logoff logout quit Parameters None. Description These three commands all perform the same function: they end a management session. If you are managing a slave switch, the commands return you to the master switch from which you started the management session.
Chapter 2: Basic Command Line Commands MENU Syntax menu Parameters None. Description This command displays the AT-S63 Main Menu. For instructions on how to use the management menus, refer to Chapter 2, “Starting a Local or Remote Management Session” in the AT-S63 Management Software Menus Interface User’s Guide.
AT-S63 Management Software Menus Interface User’s Guide SAVE CONFIGURATION Syntax save configuration Parameters None. Description This command saves your changes to the switch’s active boot configuration file for permanent storage. Whenever you make a change to an operating parameter of the switch, such as enter a new IP address or create a new VLAN, the change is stored in temporary memory. It will be lost the next time you reset the switch or power cycle the unit.
Chapter 2: Basic Command Line Commands SET PROMPT Syntax set prompt="prompt" Parameter prompt Specifies the command line prompt. The prompt can be from one to 12 alphanumeric characters. Spaces and special characters are allowed. The prompt must be enclosed in quotes. Description This command changes the command prompt. Assigning each switch a different command prompt can make it easier for you to identify the different switches in your network when you manage them.
AT-S63 Management Software Menus Interface User’s Guide SET SWITCH CONSOLEMODE Syntax set switch consolemode=menu|cli Parameter consolemode Specifies the mode you want management sessions to start in. Options are: menu Specifies the AT-S63 Main Menu. cli Specifies the command line prompt. This is the default. Description You use this command to specify whether you want your management sessions to start by displaying the command line interface (CLI) or the AT-S63 Main Menu. The default is the CLI.
Chapter 2: Basic Command Line Commands SHOW USER Syntax show user Parameter None. Description Displays the user account you used to log on to manage the switch.
Chapter 3 Basic Switch Commands This chapter contains the following commands: “DISABLE DHCPBOOTP” on page 33 “DISABLE IP REMOTEASSIGN” on page 34 “DISABLE TELNET” on page 35 “ENABLE BOOTP” on page 36 “ENABLE DHCP” on page 37 “ENABLE IP REMOTEASSIGN” on page 38 “ENABLE TELNET” on page 39 “PING” on page 40 “PURGE IP” on page 41 “RESET SWITCH” on page 42 “RESET SYSTEM” on page 43 “RESTART REBOOT” on page 44 “RESTART SWITCH” on page 45 “SET ASYN” on page
Chapter 3: Basic Switch Commands Note Remember to save your changes with the SAVE CONFIGURATION command.
AT-S63 Management Software Command Line Interface User’s Guide DISABLE DHCPBOOTP Syntax disable dhcpbootp Parameters None. Description This command deactivates the DHCP and BOOTP client software on the switch. This command is equivalent to “DISABLE IP REMOTEASSIGN” on page 34. The default setting for the client software is disabled. To activate the DHCP and BOOTP client software, refer to “ENABLE BOOTP” on page 36 or “ENABLE IP REMOTEASSIGN” on page 38.
Chapter 3: Basic Switch Commands DISABLE IP REMOTEASSIGN Syntax disable ip remoteassign Parameters None. Description This command deactivates the DHCP and BOOTP client software on the switch. This command is equivalent to “DISABLE DHCPBOOTP” on page 33. The default setting for the client software is disabled. To activate the DHCP and BOOTP client software, refer to “ENABLE BOOTP” on page 36 or “ENABLE IP REMOTEASSIGN” on page 38.
AT-S63 Management Software Command Line Interface User’s Guide DISABLE TELNET Syntax disable telnet Parameters None. Description This command disables the Telnet server software on the switch. You might disable the server software if you do not want anyone to manage the switch using the Telnet application protocol or if you plan to use the Secure Shell protocol. The default setting for the Telnet server is enabled.
Chapter 3: Basic Switch Commands ENABLE BOOTP Syntax enable bootp Parameters None. Description This command activates the BOOTP client software on the switch. This command is equivalent to “SET IP INTERFACE” on page 48. The default setting for the BOOTP client software is disabled. Note When you activate BOOTP, the switch immediately begins to query the network for a BOOTP server. The switch continues to query the network for its IP configuration until it receives a response.
AT-S63 Management Software Command Line Interface User’s Guide ENABLE DHCP Syntax enable dhcp Parameters None. Description This command activates the DHCP client software on the switch. This command is equivalent to “SET IP INTERFACE” on page 48. The default setting for the DHCP client software is disabled. Note When you activate DHCP, the switch immediately begins to query the network for a DHCP server. The switch continues to query the network for its IP configuration until it receives a response.
Chapter 3: Basic Switch Commands ENABLE IP REMOTEASSIGN Syntax enable ip remoteassign Parameters None. Description This command activates the DHCP and BOOTP client software on the switch. This command is equivalent to “ENABLE BOOTP” on page 36. The default setting for the DHCP and BOOTP client software is disabled. Note When you activate BOOTP/DHCP, the switch immediately begins to query the network for a BOOTP or DHCP server.
AT-S63 Management Software Command Line Interface User’s Guide ENABLE TELNET Syntax enable telnet Parameters None. Description This command activates the Telnet server on the switch. With the server activated, you can manage the switch using the Telnet application protocol from any management station on your network. To disable the server, refer to “DISABLE TELNET” on page 35. The default setting for the Telnet server is enabled.
Chapter 3: Basic Switch Commands PING Syntax ping ipaddress Parameter ipaddress Specifies the IP address of an end node you want the switch to ping. Description This command instructs the switch to ping an end node. You can use this command to determine whether a valid link exists between the switch and another device. Note The switch must have an IP address and subnet mask in order for you to use this command. Example The following command pings an end node with the IP address of 149.245.22.
AT-S63 Management Software Command Line Interface User’s Guide PURGE IP Syntax purge ip [ipaddress] [netmask] [route] Parameters ipaddress Returns the switch’s IP address to the default setting 0.0.0.0. netmask Returns the subnet mask to the default setting 0.0.0.0. route Returns the gateway address to the default setting 0.0.0.0. Description This command returns the switch’s IP address, subnet mask, and default gateway address to the default settings.
Chapter 3: Basic Switch Commands RESET SWITCH Syntax reset switch Parameters None. Description This command does all of the following: Performs a soft reset on all ports. The reset takes less than a second to complete. The ports retain their current operating parameter settings. To perform this function on a per-port basis, refer to “RESET SWITCH PORT” on page 110. Resets the statistics counters for all ports to zero.
AT-S63 Management Software Command Line Interface User’s Guide RESET SYSTEM Syntax reset system [name] [contact] [location] Parameters name Deletes the switch’s name. contact Deletes the switch’s contact. location Deletes the switch’s location. Description This command delete’s the switch’s name, the name of the network administrator responsible for managing the unit, and the location of the unit. To set these parameters, refer to “SET SYSTEM” on page 56.
Chapter 3: Basic Switch Commands RESTART REBOOT Syntax restart reboot Parameters None. Description This command resets the switch. The switch runs its internal diagnostics, loads the AT-S63 management software, and configures its parameter settings using the current boot configuration file. The reset takes approximately 20 to 30 seconds to complete. The switch does not forward traffic during the time required to run its internal diagnostics and initialize its operating software.
AT-S63 Management Software Command Line Interface User’s Guide RESTART SWITCH Syntax restart switch config=none|filename.cfg Parameters config Specifies the configuration file. The file must already exist on the switch. The NONE option returns the switch to its default values. Description This command loads a different configuration file on the switch or returns the switch’s parameter settings to their default values.
Chapter 3: Basic Switch Commands configuration file, the configuration file the switch uses the next time it is reset. If you reset or power cycle the switch, the switch uses the previous configuration. To change the active boot configuration file, refer to “SET CONFIG” on page 173. Your local or remote management session with the switch ends when you reset the switch. You must reestablish the session to continue managing the switch.
AT-S63 Management Software Command Line Interface User’s Guide SET ASYN Syntax set asyn speed=1200|2400|4800|9600|19200|38400| 57600|115200 [prompt=”prompt”] Parameters speed Sets the speed (baud rate) of the serial terminal port on the switch. The default is 9600 bps. prompt Specifies the command line prompt. The prompt can be from one to 12 alphanumeric characters. Spaces and special characters are allowed. The prompt must be enclosed in double quotes.
Chapter 3: Basic Switch Commands SET IP INTERFACE Syntax set ip interface=eth0 ipaddress=ipaddress|BOOTP|DHCP mask|netmask=subnetmask Parameters interface Specifies the interface number. This value is always eth0. ipaddress Specifies an IP address for the switch or activates the BOOTP or DHCP client software. mask netmask Specifies the subnet mask for the switch. You must specify a subnet mask if you manually assigned the switch an IP address. These parameters are equivalent. The default is 0.0.0.0.
AT-S63 Management Software Command Line Interface User’s Guide set ip interface=eth0 ipaddress=140.35.22.22 netmask=255.255.255.0 The following command sets just the subnet mask: set ip interface=eth0 netmask=255.255.255.
Chapter 3: Basic Switch Commands SET IP ROUTE Syntax set ip route ipaddress=ipaddress Parameter ipaddress Specifies the IP address of the default gateway for the switch. Description This command specifies the IP address of the default gateway for the switch. This IP address is required if you intend to remotely manage the device from a remote management station that is separated from the unit by a router. Example The following command sets the default gateway to 140.35.22.
AT-S63 Management Software Command Line Interface User’s Guide SET PASSWORD MANAGER Syntax set password manager Parameters None. Description This command sets the manager’s password. Logging in as manager allows you to view and change all switch parameters. The default password is “friend.” The password can be from 0 to 16 alphanumeric characters.
Chapter 3: Basic Switch Commands SET PASSWORD OPERATOR Syntax set password operator Parameters None. Description This command sets the operator’s password. Logging in as operator allows you to only view the switch parameters. The default password is “operator.” The password can be from 0 to 16 alphanumeric characters. Allied Telesyn recommends that you avoid special characters, such as spaces, asterisks, or exclamation points because some web browsers do not accept them in passwords.
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH CONSOLETIMER Syntax set switch consoletimer=value Parameter consoletimer Specifies the console timer in minutes. The range is 1 to 60 minutes. The default is 10 minutes. Description This command sets the console timer, which is used by the management software to end inactive management sessions.
Chapter 3: Basic Switch Commands SET SWITCH MULTICASTMODE Syntax set switch multicastmode=[a|b|c|d] Parameter multicast mode Specifies the multicast mode. The options are: a Discards all ingress spanning tree BPDU and 802.1x EAPOL packets on all ports. b Forwards ingress spanning tree BPDU and 802.1x EAPOL packets across all VLANs and ports. c Forwards ingress BPDU and EAPOL packets only among the untagged ports of the VLAN where the ingress port is a member.
AT-S63 Management Software Command Line Interface User’s Guide discarded. If 802.1x port-based access control is disabled, all ingress EAPOL packets are discarded. B - Forwards ingress spanning tree BPDU and 802.1x EAPOL packets across all VLANs and ports. This is the default setting. The switch behaves as follows: If STP, RSTP, and MSTP are disabled, ingress BPDUs are flooded on all ports. If STP, RSTP, MSTP, and 802.
Chapter 3: Basic Switch Commands SET SYSTEM Syntax set system [name="name"] [contact="contact"] [location="location"] Parameters name Specifies the name of the switch. The name can be from 1 to 39 alphanumeric characters in length and must be enclosed in double quotes (“ “). Spaces are allowed. contact Specifies the name of the network administrator responsible for managing the switch. The contact can be from 1 to 39 alphanumeric characters in length and must be enclosed in double quotes.
AT-S63 Management Software Command Line Interface User’s Guide SET USER PASSWORD Syntax set user manager|operator password=password Parameter password Specifies the password. Description This command sets the manager or operator’s password. The default manager password is “friend.” The default operator password is “operator.” The password can be from 0 to 16 alphanumeric characters.
Chapter 3: Basic Switch Commands SHOW ASYN Syntax show asyn Parameters None. Description This command displays the settings for the serial terminal port on the switch. To configure the baud rate, refer to “SET ASYN” on page 47.
AT-S63 Management Software Command Line Interface User’s Guide SHOW DHCPBOOTP Syntax show dhcpbootp Parameters None. Description This command displays the status of the DHCP and BOOTP client software on the switch. The status will be either “enabled” or “disabled.” The default setting for DHCP and BOOTP is disabled. To enable the DHCP and BOOTP client software, refer to “ENABLE BOOTP” on page 36 or “ENABLE IP REMOTEASSIGN” on page 38.
Chapter 3: Basic Switch Commands SHOW IP INTERFACE Syntax show ip interface=eth0 Parameter interface Specifies the switch’s interface number. This value is always eth0. Description This command displays the current values for the following switch parameters: IP address Subnet mask Default gateway To manually set the IP address and subnet mask, refer to “SET IP INTERFACE” on page 48. To manually set the default gateway address, refer to “SET IP ROUTE” on page 50.
AT-S63 Management Software Command Line Interface User’s Guide SHOW IP ROUTE Syntax show ip route Parameters None. Description This command displays the switch’s default gateway address. You can also display the gateway address using “SHOW IP INTERFACE” on page 60. To manually set the default gateway address, refer to “SET IP ROUTE” on page 50.
Chapter 3: Basic Switch Commands SHOW SWITCH Syntax show switch Parameters None.
AT-S63 Management Software Command Line Interface User’s Guide SHOW SYSTEM Syntax show system Parameters None.
Chapter 3: Basic Switch Commands For instructions on how to set the name, contact, and location of the switch, see “SET SYSTEM” on page 56.
Chapter 4 SNMPv2 and SNMPv2c Commands This chapter contains the following commands: “ADD SNMP COMMUNITY” on page 66 “CREATE SNMP COMMUNITY” on page 68 “DESTROY SNMP COMMUNITY” on page 71 “DISABLE SNMP” on page 72 “DISABLE SNMP AUTHENTICATETRAP” on page 73 “DISABLE SNMP COMMUNITY” on page 74 “ENABLE SNMP” on page 75 “ENABLE SNMP AUTHENTICATETRAP” on page 76 “ENABLE SNMP COMMUNITY” on page 77 “SET SNMP COMMUNITY” on page 78 “SHOW SNMP” on page 80 Note Remember to s
Chapter 4: SNMPv2 and SNMPv2c Commands ADD SNMP COMMUNITY Syntax add snmp community="community" [traphost=ipaddress] [manager=ipaddress] Parameters community Specifies an existing SNMP community string on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or special character such as an exclamation point. Otherwise, the quotes are optional. traphost Specifies the IP address of a trap receiver.
AT-S63 Management Software Menus Interface User’s Guide The following command adds the IP address 149.212.10.11 as a trap receiver to the “public” community string: add snmp community=public traphost=149.212.10.
Chapter 4: SNMPv2 and SNMPv2c Commands CREATE SNMP COMMUNITY Syntax create snmp community="community" [access=read|write] [open=yes|no] [traphost=ipaddress] [manager=ipaddress] Parameters community Specifies a new community string. The maximum length of a community string is 15 alphanumeric characters. Spaces are allowed. The name must be enclosed in double quotes if it includes a space or other special character such as an exclamation point. Otherwise, the quotes are optional.
AT-S63 Management Software Menus Interface User’s Guide of read only, and “private,” with an access level of read and write. A switch can support up to eight community strings. The COMMUNITY parameter specifies the new community string. The string can be up to 15 alphanumeric characters. The string is case sensitive. The ACCESS parameter defines the access level for the new community string. The access level can be either read or read and write.
Chapter 4: SNMPv2 and SNMPv2c Commands (The OPEN=NO parameter could be omitted from the example because closed status is the default for a new community string.) This command creates a community string called “serv12” with a closed status. The command assigns the string the IP address of a management that can use the string and also receive SNMP traps: create snmp community=serv12 access=write open=no traphost=149.35.24.22 manager=149.35.24.
AT-S63 Management Software Menus Interface User’s Guide DESTROY SNMP COMMUNITY Syntax destroy snmp community="community" Parameter community Specifies an SNMP community string to delete from the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or special character, such as an exclamation point. Otherwise, the quotes are optional. Description This command deletes an SNMP community string from the switch.
Chapter 4: SNMPv2 and SNMPv2c Commands DISABLE SNMP Syntax disable snmp Parameters None. Description This command disables SNMP on the switch. You cannot manage the unit from an SNMP management station when SNMP is disabled. The default setting for SNMP is disabled.
AT-S63 Management Software Menus Interface User’s Guide DISABLE SNMP AUTHENTICATETRAP Syntax disable snmp authenticatetrap|authenticate_trap Parameters None. Description This command stops the switch from sending authentication failure traps to trap receivers. However, the switch will continue to send other system traps, such as alarm traps. The default setting for sending authentication failure traps is disabled. The AUTHENTICATETRAP and AUTHENTICATE_TRAP keywords are equivalent.
Chapter 4: SNMPv2 and SNMPv2c Commands DISABLE SNMP COMMUNITY Syntax disable snmp community="community" Parameter community Specifies an SNMP community string to disable on the switch. This parameter is case sensitive. The string must be enclosed in double quotes if it contains a space or other special character such as an exclamation point. Otherwise, the quotes are optional. Description This command disables a community string on the switch, while leaving SNMP and all other community strings active.
AT-S63 Management Software Menus Interface User’s Guide ENABLE SNMP Syntax enable snmp Parameters None. Description This command activates SNMP on the switch. After activated, you can remotely manage the unit with an SNMP application program from a management station on your network. The default setting for SNMP on the switch is disabled.
Chapter 4: SNMPv2 and SNMPv2c Commands ENABLE SNMP AUTHENTICATETRAP Syntax enable snmp authenticatetrap|authenticate_trap Parameters None. Description This command configures the switch to send authentication failure traps to trap receivers.
AT-S63 Management Software Menus Interface User’s Guide ENABLE SNMP COMMUNITY Syntax enable snmp community="community" Parameter community Specifies an SNMP community string. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or other special character such as an exclamation point. Otherwise, the quotes are optional. Description This command activates a community string on the switch. The default setting for a community string is enabled.
Chapter 4: SNMPv2 and SNMPv2c Commands SET SNMP COMMUNITY Syntax set snmp community="community" [access=read|write] [open=yes|no] Parameters community Specifies the SNMP community string whose access level or access status is to be changed. This community string must already exist on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or other special character such as an exclamation point. Otherwise, the quotes are optional.
AT-S63 Management Software Menus Interface User’s Guide The following command changes the access level for the SNMP community string “serv12” to read and write with open access: set snmp community=serv12 access=write open=yes Section I: Basic Features 79
Chapter 4: SNMPv2 and SNMPv2c Commands SHOW SNMP Syntax show snmp [community="community"] Parameter community Specifies a community string on the switch. This parameter is case sensitive. The name must be enclosed in double quotes if it contains a space or other special character such as an exclamation point. Otherwise, the quotes are optional. Default community strings are “public” and “private.
AT-S63 Management Software Menus Interface User’s Guide string that has a closed access status. (Management station IP addresses are displayed only when you specify a specific community string using the COMMUNITY parameter in this command.) To add IP addresses of management stations to a community string, refer to “ADD SNMP COMMUNITY” on page 66. Trap receiver IP addresses - These are the IP addresses of management stations to receive SNMP traps from the switch.
Chapter 4: SNMPv2 and SNMPv2c Commands 82 Section I: Basic Features
Chapter 5 Simple Network Time Protocol (SNTP) Commands This chapter contains the following commands: “ADD SNTPSERVER PEER|IPADDRESS” on page 84 “DELETE SNTPSERVER PEER|IPADDRESS” on page 85 “DISABLE SNTP” on page 86 “ENABLE SNTP” on page 87 “PURGE SNTP” on page 88 “SET DATE” on page 89 “SET SNTP” on page 90 “SET TIME” on page 91 “SHOW SNTP” on page 92 “SHOW TIME” on page 93 Note Remember to save your changes with the SAVE CONFIGURATION command.
Chapter 5: Simple Network Time Protocol (SNTP) Commands ADD SNTPSERVER PEER|IPADDRESS Syntax add sntpserver peer|ipaddress=ipaddress Parameter peer ipaddress Specifies the IP address of an SNTP server. These parameters are equivalent. Description This command adds the IP address of an SNTP server to the SNTP client software on the switch. The switch uses the SNTP server to set its date and time. If an IP address has already been assigned, the new address overwrites the old address.
AT-S63 Management Software Command Line Interface User’s Guide DELETE SNTPSERVER PEER|IPADDRESS Syntax delete sntpserver peer|ipaddress=ipaddress Parameter peer ipaddress Specifies the IP address of an SNTP server. The parameters are equivalent. Description This command deletes the IP address of the SNTP server from the SNTP client software on the switch and returns the parameter to the default value of 0.0.0.0. To view the IP address, refer to “SHOW SNTP” on page 92.
Chapter 5: Simple Network Time Protocol (SNTP) Commands DISABLE SNTP Syntax disable sntp Parameters None. Description This command disables the SNTP client software on the switch. The default setting for SNTP is disabled.
AT-S63 Management Software Command Line Interface User’s Guide ENABLE SNTP Syntax enable sntp Parameters None. Description This command enables the SNTP client software on the switch. The default setting for SNTP is disabled. After enabled, the switch will obtain its date and time from an SNTP server, assuming that you have specified a server IP address with “ADD SNTPSERVER PEER|IPADDRESS” on page 84.
Chapter 5: Simple Network Time Protocol (SNTP) Commands PURGE SNTP Syntax purge sntp Parameters None. Description This command clears the SNTP configuration and disables the SNTP server. To disable SNTP and retain the configuration, see “DISABLE SNTP” on page 86.
AT-S63 Management Software Command Line Interface User’s Guide SET DATE Syntax set date=dd-mm-yyyy Parameter date Specifies the date for the switch in day-month-year format. Description This command sets the date on the switch. You can use this command to set the switch’s date if you are not using an SNTP server. Note The system’ date, when set with this command, is lost whenever you power cycle or reset the switch.
Chapter 5: Simple Network Time Protocol (SNTP) Commands SET SNTP Syntax set sntp [dst=enabled|disabled] [pollinterval=value] [utcoffset=value] Parameters dst Enables or disables daylight savings time. pollinterval Specifies the time interval between two successive queries to the SNTP server. The range is 60 to 1200 seconds. The default is 600 seconds. utcoffset Specifies the time difference in hours between UTC and local time. The range is -12 to +12 hours. The default is 0 hours.
AT-S63 Management Software Command Line Interface User’s Guide SET TIME Syntax set time=hh:mm:ss Parameter time Specifies the hour, minute, and second for the switch’s time in 24-hour format. Description This command sets the time on the switch. You can use this command to set the switch’s time if you are not using an SNTP server. Note The system time, when set with this command, is lost whenever you power cycle or reset the switch.
Chapter 5: Simple Network Time Protocol (SNTP) Commands SHOW SNTP Syntax show sntp Parameters None. Description This command displays the following information: Status of the SNTP client software SNTP server IP address UTC Offset Daylight Savings Time (DST) - enabled or disabled Poll interval Last Delta - The last adjustment that had to be applied to the system time. It is the drift in the system clock between two successive queries to the SNTP server.
AT-S63 Management Software Command Line Interface User’s Guide SHOW TIME Syntax show time Parameters None. Description This command shows the system’s current date and time. Example The following command shows the system’s date and time.
Chapter 5: Simple Network Time Protocol (SNTP) Commands 94
Chapter 6 Enhanced Stacking Commands This chapter contains the following commands: “ACCESS SWITCH” on page 96 “SET SWITCH STACKMODE” on page 98 “SHOW REMOTELIST” on page 100 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on enhanced stacking, refer to Chapter 5, “Enhanced Stacking” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 6: Enhanced Stacking Commands ACCESS SWITCH Syntax access switch number=number|macaddress=macaddress Parameters number Specifies the number of the switch in an enhanced stack that you want to manage. You view this number using the SHOW REMOTELIST command. macaddress Specifies the MAC address of the switch you want to manage. This can also be displayed using the SHOW REMOTELIST command.
AT-S63 Management Software Menus Interface User’s Guide Examples The following command starts a management session on switch number 12: access switch number=12 The following command starts a management session on a switch with the MAC address 00:30:84:52:02:11 access switch macaddress=003084520211 97
Chapter 6: Enhanced Stacking Commands SET SWITCH STACKMODE Syntax set switch stackmode=master|slave|unavailable Parameter stackmode Specifies the enhanced stacking mode of the switch. The options are: master Specifies the switch’s stacking mode as master. A master switch must be assigned an IP address and subnet mask. slave Specifies the switch’s stacking mode as slave. A slave does not need an IP address. This is the default setting for a switch.
AT-S63 Management Software Menus Interface User’s Guide Example The following command sets the switch’s stacking status to master: set switch stackmode=master 99
Chapter 6: Enhanced Stacking Commands SHOW REMOTELIST Syntax show remotelist [sorted by=macaddress|name] Parameter sorted Sorts the list either by MAC address or by name. The default is by MAC address. Description This command displays a list of the switches in an enhanced stack. This command can only be performed from a management session on a master switch. The list does not include the master switch on which you started the management session.
Chapter 7 Port Parameter Commands This chapter contains the following commands: “ACTIVATE SWITCH PORT” on page 102 “DISABLE INTERFACE LINKTRAP” on page 103 “DISABLE SWITCH PORT” on page 104 “DISABLE SWITCH PORT FLOW” on page 105 “ENABLE INTERFACE LINKTRAP” on page 106 “ENABLE SWITCH PORT” on page 107 “ENABLE SWITCH PORT FLOW” on page 108 “PURGE SWITCH PORT” on page 109 “RESET SWITCH PORT” on page 110 “SET SWITCH PORT” on page 111 “SET SWITCH PORT RATELIMITING” on
Chapter 7: Port Parameter Commands ACTIVATE SWITCH PORT Syntax activate switch port=port autonegotiate Parameter port Specifies a port. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description If a port is using autonegotiation to set its speed and duplex mode, you can use this command to prompt the port to renegotiate its settings with its end node.
AT-S63 Management Software Command Line Interface User’s Guide DISABLE INTERFACE LINKTRAP Syntax disable interface=port linktrap Parameter port Specifies the port on which you want to disable link traps. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command disables link traps on the port.
Chapter 7: Port Parameter Commands DISABLE SWITCH PORT Syntax disable switch port=port Parameter port Specifies the port to disable. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command disables a port. After disabled, a port stops forwarding traffic. The default setting for a port is enabled.
AT-S63 Management Software Command Line Interface User’s Guide DISABLE SWITCH PORT FLOW Syntax disable switch port=port flow=pause Parameter port Specifies the port where you want to deactivate flow control. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command deactivates flow control on a port.
Chapter 7: Port Parameter Commands ENABLE INTERFACE LINKTRAP Syntax enable interface=port linktrap Parameter port Specifies the port on which you want to enable link traps. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command enables link traps on the port.
AT-S63 Management Software Command Line Interface User’s Guide ENABLE SWITCH PORT Syntax enable switch port=port Parameter port Specifies the port to enable. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command enables a port. After enabled, a port begins to forward traffic. The default setting for a port is enabled.
Chapter 7: Port Parameter Commands ENABLE SWITCH PORT FLOW Syntax enable switch port=port flow=pause Parameter port Specifies the port where you want to activate flow control. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command activates flow control on a port. Flow control only applies to ports operating in full duplex mode.
AT-S63 Management Software Command Line Interface User’s Guide PURGE SWITCH PORT Syntax purge switch port=port Parameters None Description This command resets all the port’s settings back to the factory default values. To reset a port and retain its settings, use “RESET SWITCH PORT” on page 110.
Chapter 7: Port Parameter Commands RESET SWITCH PORT Syntax reset switch port=port Parameter port Specifies the port to reset. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command resets a port. The reset takes less that a second to complete. You might reset a port if it is experiencing a problem establishing a link with its end node. The port retains its current operating parameter settings.
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH PORT Syntax set switch port=port [backpressure=yes|no|on|off|true|false|enabled|disabled] [bc=yes|no|on|off|true|false|enabled|disabled] [bplimit=value] [description=description] [fctrllimit=value] [flowcontrol=disabled|enabled] [holbplimit=value] [intrusionaction=discard|trap|disable] [mdimode=mdi|mdix] [mirror=none|rx|tx|both] [overridepriority=yes|no|on|off|true|false] [participate=yes|no|on|off|true|false] [priority=value] [reneg
Chapter 7: Port Parameter Commands ingress broadcast frames. These options are equivalent. bplimit Specifies the number of cells for back pressure. A cell represents 128 bytes. The range is 1 to 57,344 cells. The default value is 8192 cells. description A description for the port, from 1 to 15 alphanumeric characters. Spaces are allowed but do not use special characters. fctrllimit Specifies the number of cells for flow control. A cell represents 128 bytes. The range is 1 to 7935 cells.
AT-S63 Management Software Command Line Interface User’s Guide parameter. The options are: yes, on, true Overrides the priority level in tagged packets. The options are equivalent. no, off, false Does not override the priority in tagged packets. The options are equivalent. priority Specifies the port’s priority level. All ingress untagged packets will be stored in the egress queue on the egress port that corresponds to the priority level specified with this parameter.
Chapter 7: Port Parameter Commands Note When a transceiver is inserted into an uplink slot and a link is established on an AT-9424 switch, that slot becomes a primary uplink port and the corresponding backup port, 23R or 24R, automatically transitions to redundant uplink status. The speed and duplex mode of the redundant port automatically transitions to autonegotiate to match the speed of the primary uplink port and you cannot configure the MDI/MDIX crossover parameter.
AT-S63 Management Software Command Line Interface User’s Guide frames. These options are equivalent. no, off, false, disabled The port discards all unknown multicast frames. These options are equivalent. unkucastfiltering Controls the unknown unicast filter. The options are: yes, on, true, enabled The port forwards unknown unicast frames. These options are equivalent. no, off, false, disabled The port discards all unknown unicast frames. These options are equivalent.
Chapter 7: Port Parameter Commands set switch port=5 softreset 116
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH PORT RATELIMITING Syntax set switch port=port [bcastratelimiting=yes|no|on|off|true|false|enabled| disabled] [bcastrate=value] [mcastratelimiting=yes|no|on|off|true|false|enabled| disabled] [mcastrate=value] [unkucastratelimiting=yes|no|on|off|true|false|enabled| disabled] [unkucastrate=value] Parameters port Specifies the port you want to configure.
Chapter 7: Port Parameter Commands packet rate limit on the port. The options are equivalent. no, off, false, disabled unkucastratelimiting Deactivates multicast packet rate limit on the port. The options are equivalent. Enables or disables rate limit for ingress unicast packets. The options are: yes, on, true, enabled Activates unicast packet rate limit on the port. The options are equivalent. no, off, false, disabled Deactivates unicast packet rate limit on the port. The options are equivalent.
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command sets a rate limit of 40,000 ingress packets and activates broadcast and multicast rate limiting on all switch ports: set switch port=1 ratelimit=40000 bclimit=enabled mclimit=enabled The following command activates unicast rate filtering on all ports without changing the current rate limit: set switch port=1 uclimit=enabled The following command changes the rate limit to 15,000 packets: set switch port=1 ratelim
Chapter 7: Port Parameter Commands SHOW INTERFACE Syntax show interface=port Parameter port Specifies the port whose interface information you want to display. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22).
AT-S63 Management Software Command Line Interface User’s Guide Example The following command displays information about port 21: show interface 21 121
Chapter 7: Port Parameter Commands SHOW SWITCH PORT Syntax show switch port[=port] Parameter port Specifies the port whose parameter settings you want to view. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). All ports are displayed if you omit the port number. Description This command displays a port’s operating parameters, such as speed and duplex mode.
Chapter 8 Port Statistics Commands This chapter contains the following commands: “RESET SWITCH PORT COUNTER” on page 124 “SHOW SWITCH COUNTER” on page 125 “SHOW SWITCH PORT COUNTER” on page 126 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on port statistics, refer to Chapter 6, “Port Parameters” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 8: Port Statistics Commands RESET SWITCH PORT COUNTER Syntax reset switch port=port counter Parameter port Specifies the port whose statistics counters you want to return to zero. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). Description This command returns a port’s statistics counters to zero.
AT-S63 Management Software Command Line Interface User’s Guide SHOW SWITCH COUNTER Syntax show switch counter Parameters None. Description This command displays operating statistics, such as the number of packets received and transmitted, and the number of CRC errors, for the entire switch. For a list of and definitions for the statistics, refer to Chapter 3, “Basic Switch Parameters” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 8: Port Statistics Commands SHOW SWITCH PORT COUNTER Syntax show switch port=port counter Parameter port Specifies the port whose statistics you want to view. You can specify more than one port at a time. To view all ports, do not specify a port. Description This command displays the operating statistics for a port on the switch. Examples of the statistics include the number of packets transmitted and received, and the number of CRC errors.
Chapter 9 Static Port Trunking Commands This chapter contains the following commands: “ADD SWITCH TRUNK” on page 128 “CREATE SWITCH TRUNK” on page 129 “DELETE SWITCH TRUNK” on page 131 “DESTROY SWITCH TRUNK” on page 132 “SET SWITCH TRUNK” on page 133 “SHOW SWITCH TRUNK” on page 134 Note Remember to save your changes with the SAVE CONFIGURATION command.
Chapter 9: Static Port Trunking Commands ADD SWITCH TRUNK Syntax add switch trunk=name [tgid=id_number] port=port Parameters trunk Specifies the name of the static port trunk to be modified. tgid Specifies the ID number of the static port trunk to be modified. This parameter is optional. port Specifies the port to be added to the port trunk. You can add more than one port at a time.
AT-S63 Management Software Command Line Interface User’s Guide CREATE SWITCH TRUNK Syntax create switch trunk=name port=ports [tgid=id_number] [select=macsrc|macdest|macboth|ipsrc|ipdest|ipboth] Parameters trunk Specifies the name of the trunk. The name can be up to 16 alphanumeric characters. No spaces or special characters are allowed. port Specifies the ports to be added to the port trunk.
Chapter 9: Static Port Trunking Commands Caution Do not connect the cables to the trunk ports on the switches until after you have created the trunk in the management software. Connecting the cables before configuring the software will create a loop in your network topology. Data loops can result in broadcast storms and poor network performance. Examples The following command creates a static port trunk using ports 3 through 6.
AT-S63 Management Software Command Line Interface User’s Guide DELETE SWITCH TRUNK Syntax delete switch trunk=name [tgid=id_number] port=port Parameters trunk Specifies the name of the static port trunk to be modified. tgid Specifies the ID number of the static port trunk to be modified. This parameter is optional. port Specifies the port to be removed from the existing port trunk. You can specify more than one port at a time. Description This command removes ports from a static port trunk.
Chapter 9: Static Port Trunking Commands DESTROY SWITCH TRUNK Syntax destroy switch trunk=name [tgid=id_number] Parameter trunk Specifies the name of the trunk to be deleted. tgid Specifies the ID number of the static port trunk to be deleted. This parameter is optional. Description This command deletes a static port trunk from a switch. After a port trunk has been deleted, the ports that made up the trunk can be connected to different end nodes.
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH TRUNK Syntax set switch trunk=name [tgid=id_number] select=macsrc|macdest|macboth|ipsrc|ipdest|ipboth Parameters trunk Specifies the name of the static port trunk. tgid Specifies the ID number of the static port trunk to be modified. This parameter is optional. select Specifies the load distribution method. Options are: macsrc Source MAC address. macdest Destination MAC address.
Chapter 9: Static Port Trunking Commands SHOW SWITCH TRUNK Syntax show switch trunk Parameters None. Description This command displays the names, ports, and load distribution methods of the static port trunks on the switch.
Chapter 10 LACP Commands This chapter contains the following commands: “ADD LACP PORT” on page 136 “CREATE LACP AGGREGATOR” on page 137 “DELETE LACP PORT” on page 139 “DESTROY LACP AGGREGATOR” on page 140 “DISABLE LACP” on page 141 “ENABLE LACP” on page 142 “SET LACP AGGREGATOR” on page 143 “SET LACP PRIORITY” on page 144 “SET LACP STATE” on page 145 “SHOW LACP” on page 146 Note Remember to save your changes with the SAVE CONFIGURATION command.
Chapter 10: LACP Commands ADD LACP PORT Syntax add lacp port=port aggregator=name priority=priority adminkey=key Parameters port Specifies the port to be added to the aggregator. You can add more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-20), or both (for example, 1,14-16). aggregator Specifies the name of the aggregator. priority The priority level of the port, a hexadecimal number between 0x1 and 0xffff.
AT-S63 Management Software Command Line Interface User’s Guide CREATE LACP AGGREGATOR Syntax create lacp aggregator=name port=port [distribution=macsrc|macdest|macboth|ipsrc|ipdest|ipboth] adminkey=key Parameters aggregator Specifies the name of the aggregator. The name can be up to 20 alphanumeric characters. No spaces or special characters are allowed. port Specifies the port to be added to the aggregator. You can add more than one port at a time.
Chapter 10: LACP Commands distribution method: create lacp aggregator=agg_1 distribution=macsrc 138
AT-S63 Management Software Command Line Interface User’s Guide DELETE LACP PORT Syntax delete lacp port=port aggregator=name adminkey=key Parameters port Specifies the port to be deleted from the aggregator. You can delete more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-20), or both (for example, 1,1416). aggregator Specifies the name of the aggregator.
Chapter 10: LACP Commands DESTROY LACP AGGREGATOR Syntax destroy lacp [aggregator=name] [adminkey=key] Parameter aggregator Specifies the name of the aggregator. adminkey Specifies the ID for the aggregator, a hexadecimal number between 0x1 and 0xffff. Description This command deletes an LACP aggregator either by the aggregator name or the admin key.
AT-S63 Management Software Command Line Interface User’s Guide DISABLE LACP Syntax disable lacp Parameters None. Description This command disables LACP. The default is disabled. Another command that performs the same function is “SET LACP STATE” on page 145.
Chapter 10: LACP Commands ENABLE LACP Syntax enable lacp Parameters None. Description This command enables LACP. The default is disabled. Another command that performs the same function is “SET LACP STATE” on page 145.
AT-S63 Management Software Command Line Interface User’s Guide SET LACP AGGREGATOR Syntax set lacp aggregator=name [distribution=macsrc|macdest|macboth|ipsrc|ipdest|ipboth] adminkey=key Parameters aggregator Specifies the name of the aggregator. distribution Specifies the load distribution method, which can be one of the following: adminkey macsrc Source MAC address. macdest Destination MAC address. macboth Source address/destination MAC address. This is the default. ipsrc Source IP address.
Chapter 10: LACP Commands SET LACP PRIORITY Syntax set lacp priority=priority Parameters priority The priority level of the port, a hexadecimal number between 0x1 and 0xffff. The lower the number, the higher the priority. Description This command sets the priority of the switch. LACP uses the priority to resolve conflicts between two switches to decide which switch makes the decision about which ports to aggregate.
AT-S63 Management Software Command Line Interface User’s Guide SET LACP STATE Syntax set lacp state=[enable|disable] Parameters state The state of LACP on the switch. The options are: enable Enables LACP. This option performs the same function as “ENABLE LACP” on page 142. disable Disables LACP. This is the default. This option performs the same function as “DISABLE LACP” on page 141. Description This command enables or disables LACP.
Chapter 10: LACP Commands SHOW LACP Syntax show lacp [port=port] [aggregator=name] [machine] Parameter port Specifies the port(s) to display. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-20), or both (for example, 1,14-16). aggregator Specifies the name of the aggregator. Description This command displays the configuration and/or machine states of the ports, and/or the aggregators.
Chapter 11 Port Mirroring Commands This chapter contains the following commands: “SET SWITCH MIRROR” on page 148 “SET SWITCH PORT MIRROR” on page 149 “SHOW SWITCH MIRROR” on page 151 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information and guidelines on port mirroring, refer to Chapter 8, “Port Mirroring” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 11: Port Mirroring Commands SET SWITCH MIRROR Syntax set switch mirror=port Parameter mirror Specifies the destination port for the port mirror. This is the port to where the traffic from the source ports will be copied. You can specify only one port as the destination port. Specifying “0” (zero) disables port mirroring. Description This command enables mirroring and specifies the destination port, or disables mirroring. To select the source ports, refer to “SET SWITCH PORT MIRROR” on page 149.
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH PORT MIRROR Syntax set switch port=port mirror=none|rx|tx|both Parameters port Specifies the source port of a port mirror. You can specify more than one port. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22). mirror Specifies which traffic on the source ports is to be mirrored to the destination port.
Chapter 11: Port Mirroring Commands The following command removes ports 5, 7, and 10 as source ports of a port mirror: set switch port=5,7,10 mirror=none 150
AT-S63 Management Software Command Line Interface User’s Guide SHOW SWITCH MIRROR Syntax show switch mirror Parameters None. Description This command displays the source and destination ports of a port mirror on the switch.
Chapter 11: Port Mirroring Commands 152
Chapter 12 Networking Stack This chapter contains the following commands: “DELETE IP ARP” on page 154 “DELETE TCP” on page 155 “RESET IP ARP” on page 156 “SET IP ARP TIMEOUT” on page 157 “SHOW IP ARP” on page 158 “SHOW IP ROUTE” on page 159 “SHOW TCP” on page 160 Note Remember to save your changes with the SAVE CONFIGURATION command.
Chapter 12: Networking Stack DELETE IP ARP Syntax delete ip arp [ipaddress|all] Parameter ipaddress Specifies the IP address of the ARP entry you want to delete from the ARP table. all Specifies the deletion of all non-system ARP entries in the table. Description This command deletes specific or all ARP entries from the ARP table. Example The following command deletes the ARP entry with the IP address of 192.168.1.1: delete ip arp 192.168.1.
AT-S63 Management Software Menus Interface User’s Guide DELETE TCP Syntax delete tcp indexnumber Parameter indexnumber Specifies the internal socket ID number assigned to the connection. Enter the index number of the TCP connection you want to delete. The range is 0 to 65535 with a default of 0. To display the index number, refer to “SHOW TCP” on page 160. Description This command deletes a TCP connection.
Chapter 12: Networking Stack RESET IP ARP Syntax reset ip arp Parameter None Description This command resets the ARP table by clearing all entries except those created by the switch during initialization.
AT-S63 Management Software Menus Interface User’s Guide SET IP ARP TIMEOUT Syntax set ip arp timeout=integer Parameter timeout The range is 1 to 260000 seconds. The default setting is 400 seconds. Description This command prevents the table from becoming full with inactive entries. It allows you to set the timer for removing temporary entries in the ARP table. Inactive temporary entries in the ARP table are timed out according to the ARP cache timeout value which is set with the timeout option.
Chapter 12: Networking Stack SHOW IP ARP Syntax show ip arp Parameter None Description This command displays the ARP table. Example The following command displays the ARP table.
AT-S63 Management Software Menus Interface User’s Guide SHOW IP ROUTE Syntax show ip route Parameter None Description This command displays the IP route table.
Chapter 12: Networking Stack SHOW TCP Syntax show tcp Parameter None Description This command displays the TCP connections and the TCP global information which is MIB variables defined in TCP group.
Chapter 13 File System Commands This chapter contains the following commands: “COPY” on page 162 “CREATE CONFIG” on page 163 “DELETE FILE” on page 164 “FORMAT DEVICE” on page 165 “LOAD” on page 166 “RENAME” on page 171 “SET CFLASH DIR” on page 172 “SET CONFIG” on page 173 “SHOW CFLASH” on page 175 “SHOW CONFIG” on page 176 “SHOW FILE” on page 177 “SHOW FLASH” on page 178 “UPLOAD” on page 179 Note For background information on the switch’s file system, ref
Chapter 13: File System Commands COPY Syntax copy [flash:|cflash:]sourcefile.ext [flash:|cflash:]destinationfile.ext Parameters sourcefile.ext Specifies the name of the source file. destinationfile.ext Specifies the name of the destination file. Description This command creates a copy of an existing file. The new filename must be a valid filename from 1 to 16 alphanumeric characters. The name of the copy must be unique from the other files in the file system.
AT-S63 Management Software Command Line Interface User’s Guide CREATE CONFIG Syntax create config=[flash:|cflash:]filename.cfg Parameter config Specifies the name of a new configuration file. If the filename contains spaces, it must be enclosed in double quotes. Otherwise, the quotes are optional. Description This command creates a new configuration file containing the commands required to recreate the current configuration of the switch.
Chapter 13: File System Commands DELETE FILE Syntax delete file=[flash:|cflash:]filename Parameter file Specifies the name of the file to be deleted. A name with spaces must be enclosed in double quotes. Otherwise, the quotes are optional. Description This command deletes a file from the file system. You can also specify the location of the file, either in flash memory (flash:) or on a compact flash card (cflash:). The default is flash memory.
AT-S63 Management Software Command Line Interface User’s Guide FORMAT DEVICE Syntax format device=flash Parameter device Specifies the device to format. The only option is “Flash” for the flash memory in the switch. Description This command formats the flash memory in the switch and therefore removes all files including the configuration files. The image file (application block) is not deleted.
Chapter 13: File System Commands LOAD Syntax load method=[tftp|xmodem|local] [srcfile=[flash:|cflash:]filename|file=[flash:|cflash:] filename] destfile=appblock|[flash:|cflash:]filename server=ipaddress Parameters method tftp Specifies a TFTP download. To use this option, there must be a network node with TFTP server software. The file to download onto the switch must be stored on the TFTP server. You can use the TFTP option from either a local or Telnet management session.
AT-S63 Management Software Command Line Interface User’s Guide Description This command downloads files to the switch’s file system or onto a compact flash card or to the application block (image area). You can also use this command to download a new version of the AT-S63 management software onto a switch.
Chapter 13: File System Commands file name extensions are shown in Table 1. Table 1. File Name Extensions Extension File Type .img AT-S63 management software image .cfg AT-S63 configuration file .cer Public key certificate .csr Public key certificate enrollment request .key Encryption key file The equivalent SRCFILE and FILE parameters specify the name of the file that you want to download. This parameter is required only for TFTP and local downloads.
AT-S63 Management Software Command Line Interface User’s Guide Xmodem can download a file only onto the switch on which you started the local management session. You cannot use Xmodem to download a file onto a switch accessed through enhanced stacking. The new AT-S63 image file must be stored on the computer or terminal connected to the serial terminal port on the switch.
Chapter 13: File System Commands load method=xmodem destfile=ats63.img The following command uses Xmodem to download an AT-S63 configuration file to the switch’s file system and gives it the name sw12_boot.cfg: load method=xmodem destfile=sw12_boot.cfg Because this is another Xmodem transfer, it must be performed from a local management session. After entering this command, you must specify the location of the configuration file stored on your workstation using your terminal emulation program.
AT-S63 Management Software Command Line Interface User’s Guide RENAME Syntax rename filename1.ext filename2.ext Parameters filename1.ext Specifies the name of the file to be renamed. If the name contains spaces, enclose it in double quotes. Otherwise, the quotes are optional. filename2.ext Specifies the new name for the file. The filename can be from 1 to 16 alphanumeric characters, not including the filename extension. Spaces are allowed.
Chapter 13: File System Commands SET CFLASH DIR Syntax set cflash dir=directory Parameter dir The directory path. Description This command sets the current directory on the compact flash card.
AT-S63 Management Software Command Line Interface User’s Guide SET CONFIG Syntax set config=[flash:|cflash:]filename.cfg|none Parameter config Specifies the name of the configuration file to act as the active configuration file for the switch. The name can be from 1 to 16 alphanumeric characters, not including the extension “.cfg”. If the filename contains spaces, it must be enclosed in double quotes. Description This command sets the active configuration file for a switch.
Chapter 13: File System Commands Example The following command sets the boot configuration file to switch22.cfg: set config=switch22.cfg The switch uses the switch22.cfg configuration file the next time it is reset.
AT-S63 Management Software Command Line Interface User’s Guide SHOW CFLASH Syntax show cflash Parameter None Description This command displays information about the compact flash card including the current directory, the number of files, how much space is used, and amount of space available on the compact flash card.
Chapter 13: File System Commands SHOW CONFIG Syntax show config [dynamic] [info] Parameters dynamic Displays the settings for all the switch and port parameters in command line format. info Displays the settings for all the switch and port parameters. Description This command, when used without any parameter, displays two pieces of information. The first is the “Boot configuration file.” This is the configuration file the switch uses the next time it is reset or power cycled.
AT-S63 Management Software Command Line Interface User’s Guide SHOW FILE Syntax show file=[flash:|cflash:]filename.ext Parameter file Specifies the name of the file to be displayed. Use double quotes to enclose the name if it contains spaces. Otherwise, the quotes are optional. If you do not specify a file name, the command displays a list of all files in flash memory as well as on the compact flash card. Description This command displays a list of the files in the switch’s file system.
Chapter 13: File System Commands SHOW FLASH Syntax show flash Parameter None Description This command displays information about the flash memory including the current directory, the number of files, how much space is used, and amount of space available in the flash memory in the switch.
AT-S63 Management Software Command Line Interface User’s Guide UPLOAD Syntax upload method=[tftp|xmodem|remoteswitch|local] [[srcfile=[flash:|cflash:][appblock|switchcfg|filename]| [file=a[flash:|cflash:][appblock|switchcfg|filename]] destfile=[flash:|cflash:]filename server=ipaddress switchlist=switches verbose=[yes|no|on|off|true|false] Parameters method Specifies the method of the upload. The options are: tftp Specifies a TFTP download.
Chapter 13: File System Commands upload. switchlist Specifies the switches in an enhanced stack to which to upload the software image or configuration file from the master switch. To view the switches in an enhanced stack, see “SHOW REMOTELIST” on page 100. This parameter is used with the REMOTESWITCH parameter. You can specify more than one switch at a time (for example, 1,3,4). verbose Specifies whether to display details of the upload operation.
AT-S63 Management Software Command Line Interface User’s Guide The LOCAL upload method uploads the files from the switch’s appblock area to the switch’s file system, either flash memory or a compact flash card. A REMOTESWITCH upload method uploads a file through enhanced stacking. The DESTFILE parameter specifies a name for the file when stored on the TFTP server. This parameter is used for both TFTP and local uploads.
Chapter 13: File System Commands There must be a node on your network that contains the TFTP server software and the file to be downloaded must be stored on that server. Start the TFTP server software before you perform the download command. The switch to which you are uploading the file must have an IP address and subnet mask, such as a master switch of an enhanced stack. You cannot use TFTP on a slave switch because that type of switch typically does not have an IP address.
AT-S63 Management Software Command Line Interface User’s Guide flash card on a switch: upload method=local srcfile=switch.cfg cflash:destfile=switch.
Chapter 13: File System Commands 184
Chapter 14 Event Log Commands This chapter contains the following commands: “ADD LOG OUTPUT” on page 186 “CREATE LOG OUTPUT” on page 188 “DESTROY LOG OUTPUT” on page 190 “DISABLE LOG” on page 191 “DISABLE LOG OUTPUT” on page 192 “ENABLE LOG” on page 193 “ENABLE LOG OUTPUT” on page 194 “PURGE LOG” on page 195 “SAVE LOG” on page 196 “SET LOG FULLACTION” on page 198 “SET LOG OUTPUT” on page 199 “SHOW LOG” on page 201 “SHOW LOG OUTPUT” on page 206 “SHOW L
Chapter 14: Event Log Commands ADD LOG OUTPUT Syntax add log output=output-id module=[all|module] severity=[all|severity] Parameters output Specifies the output definition ID number. module Specifies what AT-S63 events to filter. The available options are: severity all Processes events for all modules. This is the default. module Processes events for specific module(s). You can select more than one module at a time, for example, MAC,PACCESS.
AT-S63 Management Software Command Line Interface User’s Guide add log output=3 module=estack severity=e 187
Chapter 14: Event Log Commands CREATE LOG OUTPUT Syntax create log output=output-id destination=output-type server=ipaddress [facility=default|local1|local2|local3|local4|local5|local6 |local7] [syslogformat=extended|normal] Parameters output destination Specifies an ID number that identifies the output definition. The possible output IDs are: 0 Permanent (nonvolatile) storage. You cannot change or delete this ID. 1 Temporary (dynamic) storage. You cannot change or delete this ID.
AT-S63 Management Software Command Line Interface User’s Guide Table 3. Default Syslog Facilities Facility Number Syslog Protocol Definition Mapped Event Log Modules and Events 16 Local use 0 All other modules and events. 22 Local use 6 Physical interface and data link events from the following modules: PCFG (port configuration), PMIRR (port mirroring), PTRUNK (port trunking), STP, and VLANs. 23 Local use 7 System events related to major exceptions.
Chapter 14: Event Log Commands DESTROY LOG OUTPUT Syntax destroy log output=output-id Parameters output Specifies the output definition ID number. Description This command deletes the specified output definition. To disable the output definition without deleting it, see “DISABLE LOG OUTPUT” on page 192.
AT-S63 Management Software Command Line Interface User’s Guide DISABLE LOG Syntax disable log Parameters None. Description This command disables the event log module. Note The event log, even when disabled, still logs all AT-S63 initialization events that occur when the switch is reset or power cycled. Any switch events that occur after AT-S63 initialization are recorded only if the event log is enabled.
Chapter 14: Event Log Commands DISABLE LOG OUTPUT Syntax disable log output[=output-id] Parameters output Specifies the output definition ID number to disable. Description This command disables the specified output definition and no log messages are processed by this definition although the definition still exists. To permanently remove an output definition, see “DESTROY LOG OUTPUT” on page 190. To enable the output definition again, see “ENABLE LOG OUTPUT” on page 194.
AT-S63 Management Software Command Line Interface User’s Guide ENABLE LOG Syntax enable log Parameters None. Description This command activates the event log. After the log is activated, the switch immediately starts to process events. The default setting for the event log is enabled.
Chapter 14: Event Log Commands ENABLE LOG OUTPUT Syntax enable log output[=output-id] Parameters output Specifies the output definition ID number to enable. Description This command enables the specified output definition that was disabled using “DISABLE LOG OUTPUT” on page 192.
AT-S63 Management Software Command Line Interface User’s Guide PURGE LOG Syntax purge log[=permanent|temporary] Parameter log Specifies the type of memory on the switch where the log file you want to purge is located. The options are: permanent Permanent (nonvolatile) memory. Deletes all events stored in nonvolatile memory, which can contain up to 2,000 events. temporary Temporary memory. Deletes all events stored in temporary memory, which can contain up to 4,000 events.
Chapter 14: Event Log Commands SAVE LOG Syntax save log[=permanent|temporary] filename=filename.log [full] [module=module] [reverse] [severity=all|severity] [overwrite] Parameters log Specifies the source of the events you want to save to the log file. The options are: permanent Permanent (nonvolatile) memory. Saves events stored in nonvolatile memory, which can contain up to 2,000 events. temporary Temporary memory. Saves events stored in temporary memory, which can contain up to 4,000 events.
AT-S63 Management Software Command Line Interface User’s Guide severity overwrite Saves events of a particular severity. Choices are I for Informational, E for Error, W for Warning, and D for Debug. You can select more than one severity at a time (for example, E,W). For a definition of the severity levels, see Table 5, “Event Log Severity Levels” on page 204. Overwrites the file if it already exists. Without this option, the command displays an error if the file already exists.
Chapter 14: Event Log Commands SET LOG FULLACTION Syntax set log fullaction [temporary=halt|wrap] [permanent=halt|wrap] Parameters fullaction Specifies what happens when the logs reach maximum capacity. You can set the action separately for events stored in temporary or permanent memory. The possible actions are: halt The logs stop storing new events. wrap The logs delete the oldest entries as new ones are added. This is the default.
AT-S63 Management Software Command Line Interface User’s Guide SET LOG OUTPUT Syntax set log log output=output-id destination=output-type server=ipaddress [facility=default|local1|local2|local3|local4|local5|local6 |local7] [syslogformat=extended|normal] [severity=all|severity-list] Parameters output destination Specifies an ID number that identifies the output definition. The possible output IDs are: 0 Permanent (nonvolatile) storage. You cannot change or delete this ID.
Chapter 14: Event Log Commands a definition of the severity levels, see Table 5 on page 204. Description This command modifies an existing event filter created with “CREATE LOG OUTPUT” on page 188.
AT-S63 Management Software Command Line Interface User’s Guide SHOW LOG Syntax show log=permanent|temporary [full] [module=module] [reverse] [severity=severity] Parameters log Specifies which of the two event logs you want to view. The options are: permanent Displays the events stored in permanent memory. temporary Displays the events stored in temporary memory. full Specifies the amount of information displayed by the log.
Chapter 14: Event Log Commands Description This command displays the entries stored in an event log. An event log can display entries in two modes: normal and full. In the normal mode, a log displays the time, module, severity, and description for each entry. In the full mode, a log also displays the filename, line number, and event ID. If you want to view the entries in the full mode, use the FULL parameter. To view entries in the normal mode, omit the parameter.
AT-S63 Management Software Command Line Interface User’s Guide Table 4.
Chapter 14: Event Log Commands informational messages. Table 5. Event Log Severity Levels Value Severity Level Description E Error Switch operation is severely impaired. W Warning An issue may require manager attention. I Informational Useful information that can be ignored during normal operation. D Debug Messages intended for technical support and software development. An example of the event log is shown in Figure 1. The example uses the full display mode.
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command displays all the entries in the event log stored in permanent memory: show log=permanent The following command displays the events stored in temporary memory in the full display mode, which adds more information: show log=temporary full The following command displays only those entries stored in temporary memory and associated with the AT-S63 modules FILE and QOS: show log=permanent module=file,qos The followin
Chapter 14: Event Log Commands SHOW LOG OUTPUT Syntax show log output[=output-id] [full] Parameters output Specifies the output definition ID number. If an output ID number is not specified, all output definitions currently configured on the switch are displayed. full Displays the details of the output definition. If not specified, only a summary is displayed. Description This command displays output definition details.
AT-S63 Management Software Command Line Interface User’s Guide SHOW LOG STATUS Syntax show log status Parameter None. Description This command displays information about the event log feature. Following is an example of what is displayed with this command: Event Log Configuration: Event Logging .................... Enabled Number of Output Definitions ..... 2 The Event Logging field indicates whether the feature is enabled or disabled.
Chapter 14: Event Log Commands 208
Chapter 15 Classifier Commands This chapter contains the following commands: “CREATE CLASSIFIER” on page 210 “DESTROY CLASSIFIER” on page 213 “PURGE CLASSIFIER” on page 214 “SET CLASSIFIER” on page 215 “SHOW CLASSIFIER” on page 218 Note Remember to use the SAVE CONFIGURATION command to save your changes on the switch. Note For background information on classifiers, refer to Chapter 13, “Classifiers” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 15: Classifier Commands CREATE CLASSIFIER Syntax create classifier=idnumber [description=“string”] [macdaddr=macaddress] [macsaddr=macaddress] [ethformat=ethI-untagged-ethII-tagged|802.2untagged|802.2-tagged] [priority=value] [vlan=name|1..
AT-S63 Management Software Menus Interface User’s Guide protocol Specifies a Layer 2 protocol. Options are: IP ARP RARP You can specify other Layer 2 protocols by entering the protocol number in either decimal or hexadecimal format. If you use the latter, precede the number with “0x”. iptos Specifies a Type of Service value. The range is 0 to 7. ipdscp Specifies a DSCP value. The range is 0 to 63. ipprotocol Specifies a Layer 3 protocol.
Chapter 15: Classifier Commands URG - Urgent ACK - Acknowledgement RST - Reset PSH - Push SYN - Synchronization FIN - Finish Description This command creates a classifier. A classifier defines a traffic flow. A traffic flow consists of packets that share one or more characteristics. A traffic flow can range from being very broad to being very specific. An example of the former might be all IP traffic while an example of the latter could be packets with specific source and destination MAC addresses.
AT-S63 Management Software Menus Interface User’s Guide DESTROY CLASSIFIER Syntax destroy classifier=idnumber Parameters classifier Specifies the ID number of the classifier to be deleted. The number can be from 1 to 9999. You can delete more than one classifier at a time. You can specify the classifiers individually (e.g., 2,5,7) as a range (e.g., 11-14), or both (e.g., 2,4-8,12). Description This command deletes a classifier from the switch. To delete a classifier, you need to know its ID number.
Chapter 15: Classifier Commands PURGE CLASSIFIER Syntax purge classifier Parameters None. Description This command deletes all classifiers from the switch. You cannot delete a classifier if it belongs to an ACL or QoS policy that has already been assigned to a port. You must first remove the port assignments from the ACL or policy before you can delete the classifier.
AT-S63 Management Software Menus Interface User’s Guide SET CLASSIFIER Syntax set classifier=idnumber [description=”string”] [macdaddr=macaddress|any] [macsaddr=macaddress|any] [priority=value] [vlan=name|1..
Chapter 15: Classifier Commands iptos Specifies a Type of Service value. The range is 0 to 7. ipdscp Specifies a DSCP value. The range is 0 to 63. ipprotocol Specifies a Layer 3 protocol. Options are: TCP UDP ICMP IGMP You can specify other Layer 3 protocols by entering the protocol number in either decimal or hexadecimal format. If you use the latter, precede the number with “0x”. ipdaddr Specifies a destination IP address. The address can be of a specific node or a subnet.
AT-S63 Management Software Menus Interface User’s Guide Description This command modifies an existing classifier. The only setting of a classifier you cannot change is its ID number. Specifying a new value for a variable that already has a value overwrites the current value with the new one. The ANY option removes a variable’s value without assigning it a new value. A classifier must contain a least one variable with a value, besides the classifier ID and description.
Chapter 15: Classifier Commands SHOW CLASSIFIER Syntax show classifier[=idnumber] Parameters classifier Specifies the ID of the classifier you want to view. You can specify more than one classifier at a time. Description This command displays the classifiers on a switch.
Chapter 16 ACL Commands This chapter contains the following commands: “CREATE ACL” on page 220 “DESTROY ACL” on page 222 “PURGE ACL” on page 223 “SET ACL” on page 224 “SHOW ACL” on page 226 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on access control lists (ACL), refer to Chapter 14, “Access Control Lists” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 16: ACL Commands CREATE ACL Syntax create acl=value [description=”string”] [action=deny|permit] classifierlist=value [portlist=ports] Parameters acl Specifies an ID number for the ACL. The number can be from 0 to 255. Each ACL must have a unique ID number. description Specifies a description for the ACL. A description can be up to 15 alphanumeric characters. Spaces are allowed. If the description contains spaces, it must be enclosed in double quotes. Otherwise, the quotes are optional.
AT-S63 Management Software Menus Interface User’s Guide Example The following command creates an ACL that discards the ingress traffic flow specified in classifier ID 18 and applies the ACL to port 4: create acl=12 description=”IP flow deny” action=deny classifierlist=18 portlist=4 The following command creates an ACL that discards the ingress traffic flows specified in classifier ID 2 and 17 and applies the ACL to ports 2 and 6: create acl=6 description=”subnet flow deny” action=deny classifierlist=2,17 p
Chapter 16: ACL Commands DESTROY ACL Syntax destroy acl=value Parameters acl Specifies ID number of the ACL you want to delete. You can delete more than ACL at a time. Description This command deletes an ACL from the switch.
AT-S63 Management Software Menus Interface User’s Guide PURGE ACL Syntax purge acl Parameters None. Description This command deletes all ACLs on the switch.
Chapter 16: ACL Commands SET ACL Syntax set acl=value [description=string] [action=deny|permit] [classifierlist=value] [portlist=ports|none] Parameters 224 acl Specifies the ID number of the ACL you want to modify. The number can be from 0 to 255. You can modify only one ACL at a time. description Specifies a new description for the ACL. A description can be up to 15 alphanumeric characters. Spaces are allowed. If the description contains a space, it must be enclosed in double quotes.
AT-S63 Management Software Menus Interface User’s Guide Description This command modifies an ACL. You can use the command to change the description, action, classifiers, and ports of an ACL.
Chapter 16: ACL Commands SHOW ACL Syntax show acl[=value] Parameters aclSpecifies the ID of the ACL you want to view. You can specify more than one ACL at a time. Description This command displays the ACLs on the switch.
Chapter 17 Denial of Service (DoS) Defense Commands This chapter contains the following command: “SET DOS” on page 228 “SET DOS IPOPTION” on page 229 “SET DOS LAND” on page 231 “SET DOS PINGOFDEATH” on page 232 “SET DOS SMURF” on page 234 “SET DOS SYNFLOOD” on page 235 “SET DOS TEARDROP” on page 237 “SHOW DOS” on page 239 Note Remember to save your changes with the SAVE CONFIGURATION command.
Chapter 17: Denial of Service (DoS) Defense Commands SET DOS Syntax set dos ipaddress=ipaddress subnet=mask uplinkport=port Parameters ipaddress Specifies the IP address of one of the devices connected to the switch, preferably the lowest IP address. subnet Specifies the subnet mask of the LAN. A binary “1” indicates the switch should filter on the corresponding bit of the address, while a “0” indicates that it should not.
AT-S63 Management Software Command Line Interface User’s Guide SET DOS IPOPTION Syntax set dos ipoption port=port state=enable|disable [mirrorport=port] Parameters port Specifies the switch port on which you want to enable or disable the IP Option defense. You can specify more than one port at a time. state Specifies the state of the IP Option defense. The options are: mirrorport enable Activates the defense. disable Deactivates the defense. This is the default.
Chapter 17: Denial of Service (DoS) Defense Commands Example The following command activates the IP Options defense on ports 5, 7, and 10: set dos ipoption port=5,7,10 state=enable 230
AT-S63 Management Software Command Line Interface User’s Guide SET DOS LAND Syntax set dos land port=port state=enable|disable [mirrorport=port] Parameters port Specifies the switch port on which you want to enable or disable the Land defense. You can specify more than one port at a time. state Specifies the state of the Land defense. The options are: mirrorport enable Activates the defense. disable Deactivates the defense. This is the default. Specifies a port where invalid traffic is copied.
Chapter 17: Denial of Service (DoS) Defense Commands SET DOS PINGOFDEATH Syntax set dos pingofdeath port=port state=enable|disable [mirrorport=port] Parameters port Specifies the switch ports on which to enable or disable the Ping of Death defense. You can specify more than one port at a time. state Specifies the state of the IP Option defense. The options are: mirrorport enable Activates the defense. disable Deactivates the defense. This is the default.
AT-S63 Management Software Command Line Interface User’s Guide Note This defense mechanism requires some involvement by the switch’s CPU, though not as much as the Teardrop defense. This will not impact the forwarding of traffic between the switch ports, but it can affect the handling of CPU events, such as the processing of IGMP packets and spanning tree BPDUs.
Chapter 17: Denial of Service (DoS) Defense Commands SET DOS SMURF Syntax set dos smurf port=port state=enable|disable Parameters port Specifies the switch ports on which you want to enable or disable SMURF defense. You can select more than one port at a time. state Specifies the state of the SMURF defense. The options are: enable Activates the defense. disable Deactivates the defense. This is the default. Description This command activates and deactivates the SMURF DoS defense.
AT-S63 Management Software Command Line Interface User’s Guide SET DOS SYNFLOOD Syntax set dos synflood port=port state=enable|disable Parameters port Specifies the switch ports on which you want to enable or disable this DoS defense. You can select more than one port at a time. state Specifies the state of the DoS defense. The options are: enable Activates the defense. disable Deactivates the defense. This is the default.
Chapter 17: Denial of Service (DoS) Defense Commands Example The following command activates the defense on ports 18 to 20: set dos synflood port=18-20 state=enable 236
AT-S63 Management Software Command Line Interface User’s Guide SET DOS TEARDROP Syntax set dos teardrop port=port state=enable|disable [mirrorport=auto|port] Parameters port Specifies the switch ports on which you want to enable or disable this DoS defense. You can select more than one port at a time. state Specifies the state of the DoS defense. The options are: mirrorport enable Activates the defense. disable Deactivates the defense. This is the default.
Chapter 17: Denial of Service (DoS) Defense Commands Telesyn recommends that you activate this defense on only one port at a time, and only on a port where ingress fragments comprise only a small percentage of its total traffic.
AT-S63 Management Software Command Line Interface User’s Guide SHOW DOS Syntax 1 show dos [ipaddress] [subnet] [uplinkport] Syntax 2 show dos defense port=port state Parameters ipaddress Displays the IP address of the LAN. subnet Displays the subnet mask. uplinkport Displays the uplink port for the Land defense. defense Displays the status of a specified defense for a particular port.
Chapter 17: Denial of Service (DoS) Defense Commands The following command displays the status of the SMURF defense on port 4: show dos smurf port=4 state 240
Chapter 18 Quality of Service (QoS) Commands This chapter contains the following commands: “ADD QOS FLOWGROUP” on page 242 “ADD QOS POLICY” on page 243 “ADD QOS TRAFFICCLASS” on page 244 “CREATE QOS FLOWGROUP” on page 245 “CREATE QOS POLICY” on page 247 “CREATE QOS TRAFFICCLASS” on page 253 “DELETE QOS FLOWGROUP” on page 257 “DELETE QOS POLICY” on page 258 “DELETE QOS TRAFFICCLASS” on page 259 “DESTROY QOS FLOWGROUP” on page 260 “DESTROY QOS POLICY” on page 261
Chapter 18: Quality of Service (QoS) Commands ADD QOS FLOWGROUP Syntax add qos flowgroup=value classifierlist=values Parameter flowgroup Specifies the ID number of the flow group you want to modify. You can modify only one flow group at a time. classifierlist Specifies the new classifiers for the flow group. The new classifiers are added to any classifiers already assigned to the flow group. Separate multiple classifiers with commas (e.g., 4,11,12).
AT-S63 Management Software Menus Interface User’s Guide ADD QOS POLICY Syntax add qos policy=value trafficclasslist=values Parameter policy Specifies the ID number of the policy you want to modify. You can modify only one policy at a time. trafficclasslist Specifies the new traffic classes of the policy. Traffic classes already assigned to the policy are retained. Separate multiple traffic classes with commas (e.g., 4,11,12). Description This command adds traffic classes to an existing policy.
Chapter 18: Quality of Service (QoS) Commands ADD QOS TRAFFICCLASS Syntax add qos trafficclass=value flowgrouplist=values Parameter trafficclass Specifies the ID number of the traffic class you want to modify. You can modify only one traffic class at a time. flowgrouplist Specifies the new flow groups of the traffic class. The new flow groups are added to any flow groups already assigned to the flow group. Separate multiple flow groups with commas (e.g., 4,11,12).
AT-S63 Management Software Menus Interface User’s Guide CREATE QOS FLOWGROUP Syntax create qos flowgroup=value [description=”string”] [markvalue=value|none] [priority=value|none] [remarkpriority=yes|no|on|off|true|false] [classifierlist=values|none] Parameters flowgroup Specifies an ID number for the flow group. Each flow group on the switch must have a unique number. The range is 0 to 1023. The default is 0. This parameter is required. description Specifies a description for the flow group.
Chapter 18: Quality of Service (QoS) Commands yes, on, true Replaces the user priority value in the packets with the new value specified with the PRIORITY parameter. no, off, false classifierlist Does not replace the user priority value in the packets with the new value specified in with the PRIORITY parameter. This is the default. Specifies the classifiers to be assigned to the flow group. Separate multiple classifiers with commas (e.g., 4,7,8). The classifiers must already exist.
AT-S63 Management Software Menus Interface User’s Guide CREATE QOS POLICY Syntax create qos policy=value [description=“string”] [indscpoverwrite=value|none] [remarkindscp=all|none] [trafficclasslist=values|none] [redirectport=value|none] [ingressport=port|all|none] [egressport=port|none] Parameters policy Specifies an ID number for the policy. Each policy on the switch must be assigned a unique number. The range is 0 to 255. The default is 0. This parameter is required.
Chapter 18: Quality of Service (QoS) Commands ingressport value Specifies a port number. none No redirect port specified. Specifies the ingress ports to which the policy is to be assigned. Ports can be identified individually (e.g., 5,7,22), as a range (e.g., 18-23), or both (e.g., 1,5,1422). A port can be an ingress port of only one policy at a time. If a port is already an ingress port of a policy, you must remove the port from its current policy assignment before adding it to another policy.
AT-S63 Management Software Menus Interface User’s Guide QoS Command Sequence Examples Creating a QoS policy involves a command sequence that creates one or more classifiers, a flow group, a traffic class, and finally the policy. The following sections contain examples of the command sequences for different types of policies. Example 1: Voice Application Voice applications typically require a small bandwidth but it must be consistent.
Chapter 18: Quality of Service (QoS) Commands Classifiers - Define the traffic flow by specifying the IP address of the node with the voice application. The classifier for Policy 6 specifies the address as a source address since this classifier is part of a policy concerning packets coming from the application. The classifier for Policy 11 specifies the address as a destination address since this classifier is part of a policy concerning packets going to the application.
AT-S63 Management Software Menus Interface User’s Guide Policy 32 Commands: create classifier=42 description=”video flow” ipdadddr=149.44.44.44 create qos flowgroup=36 description=”video flow” priority=4 classifierlist=42 create qos trafficclass=21 description=”video flow” maxbandwidth=5 flowgrouplist=36 create qos policy=32 description=”video flow” trafficclasslist=21 ingressport=8 The parts of the policies are: Classifiers - Specify the IP address of the node with a video application.
Chapter 18: Quality of Service (QoS) Commands create qos trafficclass=21 description=database maxbandwidth=50 flowgrouplist=36 create qos policy=15 description=database trafficclasslist=21 ingressport=1 Policy 17 Commands: create classifier=10 description=database ipdadddr=149.44.44.
AT-S63 Management Software Menus Interface User’s Guide CREATE QOS TRAFFICCLASS Syntax create qos trafficclass=value [description=”string”] [exceedaction=drop|remark] [exceedremarkvalue=value|none] [markvalue=value|none] [maxbandwidth=value|none] [burstsize=value|none] [priority=value|none] [remarkpriority=yes|no|on|off|true|false] [flowgrouplist=values|none] Parameters trafficclass Specifies an ID number for the flow group. Each flow group on the switch must be assigned a unique number.
Chapter 18: Quality of Service (QoS) Commands if no value has been specified at the flow group level. It will override any value set at the policy level. maxbandwidth Specifies the maximum bandwidth available to the traffic class. This parameter determines the maximum rate at which the ingress port accepts data belonging to this traffic class before either dropping or remarking occurs, depending on option 3, Exceed Action.
AT-S63 Management Software Menus Interface User’s Guide maximum bandwidth. Should an increase in traffic continue to the point where all the unused tokens are used up, packets will be discarded. Unused tokens accumulate in the bucket until the bucket reaches maximum capacity, set by this parameter. Once the maximum capacity of the bucket is reached, no extra tokens are added. The range is 4 to 512 Kbps. This parameter must be used with the MAXBANDWIDTH parameter.
Chapter 18: Quality of Service (QoS) Commands 4,11,13). Description This command creates a new traffic class. Note For examples of command sequences used to create entire QoS policies, refer to “CREATE QOS POLICY” on page 247. Examples The following command creates a traffic class with an ID number of 25 and the description “Database flow”.
AT-S63 Management Software Menus Interface User’s Guide DELETE QOS FLOWGROUP Syntax delete qos flowgroup=value classifierlist=values Parameter flowgroup Specifies the ID number of the flow group you want to modify. You can modify only one flow group at a time. classifierlist Specifies the classifiers you want to remove from the flow group. Separate multiple classifiers with commas (e.g., 4,11,12). (The online help for this command includes a NONE option for this parameter.
Chapter 18: Quality of Service (QoS) Commands DELETE QOS POLICY Syntax delete qos policy=value trafficclasslist=values Parameter policy Specifies the ID number of the policy you want to modify. You can modify only one policy at a time. trafficclasslist Specifies the IDs of the traffic classes you want to remove from the policy. Separate multiple traffic class with commas (e.g., 4,11,12). (The online help for this command includes a NONE option for this parameter.
AT-S63 Management Software Menus Interface User’s Guide DELETE QOS TRAFFICCLASS Syntax delete qos trafficclass=value flowgrouplist=values Parameter flowgroup Specifies the ID number of the traffic class you want to modify. You can modify only one traffic class at a time. flowgrouplist Specifies the IDs of the flow groups you want to remove from the traffic class. Separate multiple flow groups with commas (e.g., 4,11,12). (The online help for this command includes a NONE option for this parameter.
Chapter 18: Quality of Service (QoS) Commands DESTROY QOS FLOWGROUP Syntax destroy qos flowgroup=value Parameter flowgroup Specifies the ID number of the flow group you want to delete. You can delete more than one flow group at a time. You can specify the flow groups individually, as a range, or both. Description This command deletes flow groups.
AT-S63 Management Software Menus Interface User’s Guide DESTROY QOS POLICY Syntax destroy qos policy=value Parameter flowgroup Specifies the ID number of the policy you want to delete. You can delete more than one policy at a time. You can specify the flow groups individually, as a range, or both. Description This command deletes QoS policies.
Chapter 18: Quality of Service (QoS) Commands DESTROY QOS TRAFFICCLASS Syntax destroy qos trafficclass=value Parameter trafficclass Specifies the ID number of the traffic class you want to delete. You can delete more than one traffic class at a time. You can specify the flow groups individually, as a range, or both. Description This command deletes traffic classes.
AT-S63 Management Software Menus Interface User’s Guide PURGE QOS Syntax purge qos Parameters None Description This command destroys all policies, traffic classes, and flow groups; resets the CoS priorities to port egress queues to the default values; and sets the scheduling mode and egress weight queues to their default values.
Chapter 18: Quality of Service (QoS) Commands SET QOS FLOWGROUP Syntax set qos flowgroup=value [description=string] [markvalue=value|none] [priority=value|NONE] [remarkpriority=yes|no|on|off|true|false] [classifierlist=values|none] Parameters flowgroup Specifies the ID number of the flow group you want to modify. The range is 0 to 1023. description Specifies a new description for the flow group. The description can be from 1 to 15 alphanumeric characters. Spaces are allowed.
AT-S63 Management Software Menus Interface User’s Guide packets with the new value specified with the PRIORITY parameter. no, off, false classifierlist Does not replace the user priority value in the packets with the new value specified in with the PRIORITY parameter. This is the default. Specifies the classifiers to be assigned to the flow group. The specified classifiers replace any classifiers already assigned to the flow group. Separate multiple classifiers with commas (e.g., 4,7,8).
Chapter 18: Quality of Service (QoS) Commands set qos flowgroup=41 markvalue=none 266 Section I: Basic Features
AT-S63 Management Software Menus Interface User’s Guide SET QOS POLICY Syntax set qos policy=value [description=string] [indscpoverwrite=value|none] [remarkindscp=[all|none]] [trafficclasslist=values|none] [redirectport=value|none] [ingressport=port|all|none] [egressport=port|none] Parameters policy Specifies an ID number for the policy. Each policy on the switch must be assigned a unique number. The range is 0 to 255. The default is 0. This parameter is required.
Chapter 18: Quality of Service (QoS) Commands 5,7,22), as a range (e.g., 18-23), or both (e.g., 1,5,1422). The NONE option removes the policy from all ingress ports to which it has been assigned. The ALL option adds it to all ports. A port can be an ingress port of only one policy at a time. If a port is already an ingress port of a policy, you must remove the port from its current policy assignment before adding it to another policy.
AT-S63 Management Software Menus Interface User’s Guide set qos policy=41 trafficclasslist=12,23 Section I: Basic Features 269
Chapter 18: Quality of Service (QoS) Commands SET QOS PORT Syntax set qos port=value type=ingress|egress policy=value|none Parameter port Specifies the port to which the policy is to be assigned or removed. You can specify more than one port at a time if the port is an ingress port of the traffic flow. Ports can be identified individually (e.g., 5,7,22), as a range (e.g., 1823), or both (e.g., 1,5,14-22). You can specify only one port if the port is functioning as an egress port for the flow.
AT-S63 Management Software Menus Interface User’s Guide SET QOS TRAFFICCLASS Syntax set qos trafficclass=value [description=”string”] [exceedaction=drop|remark] [exceedremarkvalue=value|none] [markvalue=value|none] [maxbandwidth=value|none] [burstsize=value|none] [priority=value|none] [remarkpriority=yes|no|on|off|true|false] [flowgrouplist=values|none] Parameters trafficclass Specifies an ID number for the flow group. Each flow group on the switch must be assigned a unique number. The range is 0 to 511.
Chapter 18: Quality of Service (QoS) Commands flow group, traffic class, and policy. A DSCP value specified in a flow group overrides a DSCP value specified at the traffic class or policy level. A DSCP value specified at the traffic class level is used only if no value has been specified at the flow group level. It will override any value set at the policy level. maxbandwidth Specifies the maximum bandwidth available to the traffic class.
AT-S63 Management Software Menus Interface User’s Guide If the traffic is below the maximum bandwidth, unused tokens will accumulate in the bucket since the actual bandwidth falls below the specified maximum. The unused tokens will be available for handling excess traffic should the traffic exceed the maximum bandwidth. Should an increase in traffic continue to the point where all the unused tokens are used up, packets will be discarded.
Chapter 18: Quality of Service (QoS) Commands Description This command modifies an existing traffic class. To initially create a traffic class, refer to “CREATE QOS TRAFFICCLASS” on page 253. The only parameter you cannot change is a traffic classes ID number. Note For examples of command sequences used to create entire QoS policies, refer to “CREATE QOS POLICY” on page 247. When modifying a traffic class, note the following: You cannot change a traffic class’ ID number.
AT-S63 Management Software Menus Interface User’s Guide SHOW QOS FLOWGROUP Syntax show qos flowgroup[=idnumber] Parameters flowgroup Specifies the ID of the flow group you want to view. You can specify more than one classifier at a time. Description This command displays the flow groups on a switch.
Chapter 18: Quality of Service (QoS) Commands SHOW QOS POLICY Syntax show qos policy[=idnumber] Parameter policy Specifies the ID of the policy you want to view. You can specify more than one policy at a time. Separate multiple policies with commas (e.g., 4,5,10). Description This command displays the policies on a switch.
AT-S63 Management Software Menus Interface User’s Guide SHOW QOS TRAFFICCLASS Syntax show qos trafficclass[=idnumber] Parameter trafficclass Specifies the ID of the traffic class you want to view. You can specify more than one traffic class at a time. Separate multiple traffic classes with commas (e.g., 4,5,10). Description This command displays the traffic classes on a switch.
Chapter 18: Quality of Service (QoS) Commands 278 Section I: Basic Features
Chapter 19 Class of Service (CoS) Commands This chapter contains the following commands: “MAP QOS COSP” on page 280 “SET QOS COSP” on page 283 “SET QOS SCHEDULING” on page 284 “SHOW QOS CONFIG” on page 285 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on Class of Service, refer to Chapter 17, “Class of Service” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 19: Class of Service (CoS) Commands MAP QOS COSP Syntax map qos cosp=priority-number qid=queue-number Parameters cosp Specifies the Class of Service (CoS) priority level. The CoS priority levels are 0 through 7, with 0 as the lowest priority and 7 as the highest. You can specify more than one priority to assign to the same egress queue. qid Specifies the egress queue number. The egress queues are numbered 0 through 7, with queue 0 as the lowest priority and 7 as the highest.
AT-S63 Management Software Command Line Interface User’s Guide Example The following command maps priorities 4 and 5, to queue 3: map qos cosp=4,5 qid=3 281
Chapter 19: Class of Service (CoS) Commands PURGE QOS Syntax purge qos Parameters None Description This command destroys all policies, traffic classes, and flow groups; resets the CoS priorities to port egress queues to the default values; and sets the scheduling mode and egress weight queues to their default values.
AT-S63 Management Software Command Line Interface User’s Guide SET QOS COSP Syntax set qos cosp=priority-number qid=queue-number Parameters cosp Specifies the Class of Service (CoS) priority level. The CoS priority levels are 0 through 7, with 0 as the lowest priority and 7 as the highest. You can specify more than one priority to assign to the same egress queue. qid Specifies the egress queue number. The egress queues are numbered 0 through 7, with queue 0 as the lowest priority and 7 as the highest.
Chapter 19: Class of Service (CoS) Commands SET QOS SCHEDULING Syntax set qos scheduling=strict|wrr weights=weights Parameters scheduling weights Specifies the type of scheduling. The options are: strict Strict priority. The port transmits all packets out of the higher priority queues before it transmits any from the low priority queues. This is the default. wrr Weighted round robin. The port transmits a set number of packets from each queue in a round robin manner.
AT-S63 Management Software Command Line Interface User’s Guide SHOW QOS CONFIG Syntax show qos config Parameters None. Description Displays the QoS priority queues and scheduling.
Chapter 19: Class of Service (CoS) Commands 286
Chapter 20 IGMP Snooping Commands This chapter contains the following commands: “DISABLE IGMPSNOOPING” on page 288 “ENABLE IGMPSNOOPING” on page 289 “SET IP IGMP” on page 290 “SHOW IGMPSNOOPING” on page 292 “SHOW IP IGMP” on page 293 Note Remember to use the SAVE CONFIGURATION command to save your changes on the switch. Note For background information on IGMP Snooping, refer to Chapter 18, “IGMP Snooping” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 20: IGMP Snooping Commands DISABLE IGMPSNOOPING Syntax disable igmpsnooping Parameters None. Description This command deactivates IGMP snooping on the switch. This command performs the same function as the SNOOPINGSTATUS option in the command “SET IP IGMP” on page 290.
AT-S63 Management Software Command Line Interface User’s Guide ENABLE IGMPSNOOPING Syntax enable igmpsnooping Parameters None. Description This command activates IGMP snooping on the switch. This command performs the same function as the SNOOPINGSTATUS option in the command “SET IP IGMP” on page 290.
Chapter 20: IGMP Snooping Commands SET IP IGMP Syntax set ip igmp [snoopingstatus=enabled|disabled] [hoststatus=singlehost|multihost] [timeout=value] [numbermulticastgroups=value] [routerport=port|all|none|auto] Parameters snoopingstatus hoststatus timeout 290 Activates and deactivates IGMP snooping on the switch. The options are: enabled Activates IGMP snooping. disabled Deactivates IGMP snooping. This is the default setting Specifies the IGMP host node topology.
AT-S63 Management Software Command Line Interface User’s Guide numbermulticastgroups Specifies the maximum number of multicast addresses the switch learns. This parameter is useful with networks that contain a large number of multicast groups. You can use the parameter to prevent the switch’s MAC address table from filling up with multicast addresses, leaving no room for dynamic or static MAC addresses. The range is 1 to 256 addresses; the default is 64 addresses.
Chapter 20: IGMP Snooping Commands SHOW IGMPSNOOPING Syntax show igmpsnooping Parameters None. Description This command displays the following IGMP parameters: IGMP snooping status Multicast host topology Host/router timeout interval Maximum multicast groups Note For instructions on how to set the IGMP parameters, refer to “SET IP IGMP” on page 290.
AT-S63 Management Software Command Line Interface User’s Guide SHOW IP IGMP Syntax show ip igmp [hostlist] [routerlist] Parameters hostlist Displays a list of the multicast groups learned by the switch, as well as the ports on the switch that are connected to host nodes. This parameter displays information only there are active host nodes. routerlist Displays the ports on the switch where multicast routers are detected. This parameter displays information only when there are active multicast routers.
Chapter 20: IGMP Snooping Commands The following command displays a list of active multicast routers: show ip igmp routerlist 294
Chapter 21 RRP Snooping Commands This chapter contains the following commands: “DISABLE RRPSNOOPING” on page 296 “ENABLE RRPSNOOPING” on page 297 “SHOW RRPSNOOPING” on page 298 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on RRP snooping, refer to Chapter 19, “RRP Snooping” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 21: RRP Snooping Commands DISABLE RRPSNOOPING Syntax disable rrpsnooping Parameters None. Description This command disables RRP snooping. This is the default setting.
AT-S63 Management Software Command Line Interface User’s Guide ENABLE RRPSNOOPING Syntax enable rrpsnooping Parameters None. Description This command enables RRP snooping.
Chapter 21: RRP Snooping Commands SHOW RRPSNOOPING Syntax show rrpsnooping Parameter None. Description This command displays the status of RRP snooping, enabled or disabled.
Chapter 22 SNMPv3 Commands This chapter contains the following commands: “ADD SNMPV3 USER” on page 301 “CLEAR SNMPV3 ACCESS” on page 303 “CLEAR SNMPV3 COMMUNITY” on page 305 “CLEAR SNMPV3 NOTIFY” on page 306 “CLEAR SNMPV3 TARGETADDR” on page 307 “CLEAR SNMPV3 VIEW” on page 308 “CREATE SNMPV3 ACCESS” on page 309 “CREATE SNMPV3 COMMUNITY” on page 312 “CREATE SNMPV3 GROUP” on page 314 “CREATE SNMPV3 NOTIFY” on page 316 “CREATE SNMPV3 TARGETADDR” on page 318 “CRE
Chapter 22: SNMPv3 Commands “SET SNMPV3 NOTIFY” on page 344 “SET SNMPV3 TARGETADDR” on page 346 “SET SNMPV3 TARGETPARAMS” on page 348 “SET SNMPV3 USER” on page 350 “SET SNMPV3 VIEW” on page 352 “SHOW SNMPV3 ACCESS” on page 354 “SHOW SNMPV3 COMMUNITY” on page 355 “SHOW SNMPv3 GROUP” on page 356 “SHOW SNMPV3 NOTIFY” on page 357 “SHOW SNMPV3 TARGETADDR” on page 358 “SHOW SNMPV3 TARGETPARAMS” on page 359 “SHOW SNMPV3 USER” on page 360 “SHOW SNMPV3 VIEW” on pag
AT-S63 Management Software Command Line Interface User’s Guide ADD SNMPV3 USER Syntax add snmpv3 user=user [authentication=md5|sha] authpassword=password privpassword=password [storagetype=volatile|nonvolatile] Parameters user Specifies the name of an SNMPv3 user, up to 32 alphanumeric characters. authentication Specifies the authentication protocol that is used to authenticate this user with an SNMP entity (manager or NMS).
Chapter 22: SNMPv3 Commands configuration file on the switch. Description This command creates an SNMPv3 User Table entry. Examples The following command creates an SNMPv3 user with the name “steven142” with an authentication protocol of MD5, an authentication password of “99doublesecret12”, a privacy password of “encrypt178” and a storage type of nonvolatile.
AT-S63 Management Software Command Line Interface User’s Guide CLEAR SNMPV3 ACCESS Syntax clear snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] readview writeview notifyview Parameters access Specifies the name of the security group, up to 32 alphanumeric characters. securitymodel Specifies the security model. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol.
Chapter 22: SNMPv3 Commands parameter. Description This command clears the specified fields in an SNMPv3 Access Table entry. Examples The following command clears the readview parameter in a security group called “Engineering” which has a security model of the SNMPv3 protocol and a security level of privacy.
AT-S63 Management Software Command Line Interface User’s Guide CLEAR SNMPV3 COMMUNITY Syntax clear snmpv3 community index=index transporttag Parameters index Specifies the name of an existing SNMPv3 Community Table entry, up to 32 alphanumeric characters. transporttag Specifies the transport tag, up to 32 alphanumeric characters. Description This command clears the transporttag parameter in an SNMPv3 Community Table entry.
Chapter 22: SNMPv3 Commands CLEAR SNMPV3 NOTIFY Syntax clear snmpv3 notify=notify tag Parameters notify Specifies the name of an SNMPv3 Notify Table entry, up to 32 alphanumeric characters. tag Specifies the notify tag name, up to 32 alphanumeric characters. Description This command clears the value of the tag parameter in an SNMPv3 Notify Table entry.
AT-S63 Management Software Command Line Interface User’s Guide CLEAR SNMPV3 TARGETADDR Syntax clear snmpv3 targetaddr=targetaddr taglist Parameters targetaddr Specifies the name of the SNMPv3 Target Address Table entry, up to 32 alphanumeric characters. taglist Specifies a tag or list of tags, up to 256 alphanumeric characters. Description This command clears the value of the taglist parameter in an SNMPv3 Target Address Table entry.
Chapter 22: SNMPv3 Commands CLEAR SNMPV3 VIEW Syntax clear snmpv3 view=view [subtree=OID|text] mask Parameters view Specifies the name of the SNMPv3 view, up to 32 alphanumeric characters. subtree Specifies the view of the MIB Tree. Options are: mask OID A numeric value in hexadecimal format. text Text name of the view. Specifies the subtree mask, in hexadecimal format. Description This command clears the value of the mask parameter in an SNMPv3 View Table entry.
AT-S63 Management Software Command Line Interface User’s Guide CREATE SNMPV3 ACCESS Syntax create snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] readview=readview writeview=writeview notifyview=notifyview [storagetype=volatile|nonvolatile] Parameters access Specifies the name of the security group, up to 32 alphanumeric characters. securitymodel Specifies the security model.
Chapter 22: SNMPv3 Commands notifyview Specifies a Notify View Name that allows the users assigned to this Group Name to send traps permitted in the specified View. This is an optional parameter. If you do not assign a value to this parameter, then the notifyview parameter defaults to none. storagetype Specifies the storage type of this table entry. This is an optional parameter. The options are: volatile Does not allow you to save the table entry to the configuration file on the switch.
AT-S63 Management Software Command Line Interface User’s Guide Note In the above example, the storage type has not been specified. As a result, the storage type for the hwengineering security group is volatile storage.
Chapter 22: SNMPv3 Commands CREATE SNMPV3 COMMUNITY Syntax create snmpv3 community index=index communityname=communityname securityname=securityname transporttag=transporttag [storagetype=volatile|nonvolatile] Parameters index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. communityname Specifies a password for this community entry, up to 32 alphanumeric characters.
AT-S63 Management Software Command Line Interface User’s Guide nonvolatile storage.
Chapter 22: SNMPv3 Commands CREATE SNMPV3 GROUP Syntax create snmpv3 group username=username [securitymodel=v1|v2c|v3] groupname=groupname [storagetype=volatile|nonvolatile] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol.
AT-S63 Management Software Command Line Interface User’s Guide create snmpv3 group username=Nancy securitymodel=v3 groupname=admin storagetype=nonvolatile The following command creates the SNMPv3 SecurityToGroup Table entry for a user named princess. The security model is set to the SNMPv3 protocol. The group name, or security group, for this user is the “training” group. The storage type is set to nonvolatile storage.
Chapter 22: SNMPv3 Commands CREATE SNMPV3 NOTIFY Syntax create snmpv3 notify=notify tag=tag [type=trap|inform] [storagetype=volatile|nonvolatile] Parameters notify Specifies the name of an SNMPv3 Notify Table entry, up to 32 alphanumeric characters. tag Specifies the notify tag name, up to 32 alphanumeric characters. This is an optional parameter. type Specifies the message type. This is an optional parameter.
AT-S63 Management Software Command Line Interface User’s Guide The following command creates the SNMPv3 Notify Table entry called “testenginform5” and the notify tag is “testenginformtag5.” The message type is defined as an inform message and the storage type for this entry is nonvolatile storage.
Chapter 22: SNMPv3 Commands CREATE SNMPV3 TARGETADDR Syntax create snmpv3 targetaddr=targetaddr params=params ipaddress=ipaddress udpport=udpport timeout=timeout retries=retries taglist=taglist [storagetype=volatile|nonvolatile] Parameters targetaddr Specifies the name of the SNMP manager, or host, that manages the SNMP activity on the switch, up to 32 alphanumeric characters. params Specifies the target parameters name, up to 32 alphanumeric characters.
AT-S63 Management Software Command Line Interface User’s Guide Examples In the following command, the name of the Target Address Table entry is “snmphost1.” In addition, the params parameter is assigned to “snmpv3manager” and the IP address is 198.1.1.1. The tag list consists of “swengtag,” “hwengtag,” and “testengtag.” The storage type for this table entry is nonvolatile storage. create snmpv3 targetaddr=snmphost1 params=snmpv3manager ipaddress=198.1.1.
Chapter 22: SNMPv3 Commands CREATE SNMPV3 TARGETPARAMS Syntax create snmpv3 targetparams=targetparams username=username [securitymodel=v1|v2c|v3] [messageprocessing=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] [storagetype=volatile|nonvolatile] Parameters targetparams Specifies the name of the SNMPv3 Target Parameters Table entry, up to 32 alphanumeric characters. username Specifies a user name configured in the SNMPv3 User Table.
AT-S63 Management Software Command Line Interface User’s Guide no privacy protocol. storagetype authentication This option provides an authentication protocol, but no privacy protocol. privacy This option provides an authentication protocol and the privacy protocol. Specifies the storage type of this table entry. This is an optional parameter. The options are: volatile Does not allow you to save the table entry to the configuration file on the switch. This is the default.
Chapter 22: SNMPv3 Commands CREATE SNMPV3 VIEW Syntax create snmpv3 view=view [subtree=OID|text] mask=mask [type=included|excluded] [storagetype=volatile|nonvolatile] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view of the MIB Tree. The options are: OID A numeric value in hexadecimal format. text Text name of the view. mask Specifies the subtree mask, in hexadecimal format. type Specifies the view type. This is an optional parameter.
AT-S63 Management Software Command Line Interface User’s Guide create snmpv3 view=internet1 subtree=internet type=included storagetype=nonvolatile The following command creates an SNMPv3 View Table entry called “tcp1” with a subtree value of the TCP/IP MIBs and a view type of excluded. The storage type for this table entry is nonvolatile storage.
Chapter 22: SNMPv3 Commands DELETE SNMPV3 USER Syntax delete snmpv3 user=user Parameters user Specifies the name of an SNMPv3 user to delete from the switch. Description This command deletes an SNMPv3 User Table entry. After you delete an SNMPv3 user from the switch, you cannot recover it. Examples The following command deletes the user named “wilson890.” delete snmpv3 user=wilson890 The following command deletes the user named “75murthy75.
AT-S63 Management Software Command Line Interface User’s Guide DESTROY SNMPv3 ACCESS Syntax destroy snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] Parameter access Specifies an SNMPv3 Access Table entry. securitymodel Specifies the security model of the user name specified above. The options are: securitylevel v1 Associates the Security Name, or User Name, with the SNMPv1 protocol.
Chapter 22: SNMPv3 Commands destroy snmpv3 access=swengineering securitymodel=v3 securitylevel=authentication The following command deletes the SNMPv3 Access Table entry called “testengineering” with a security model of the SNMPv3 protocol and a security level of privacy.
AT-S63 Management Software Command Line Interface User’s Guide DESTROY SNMPv3 COMMUNITY Syntax destroy snmpv3 community index=index Parameter index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. Description This command deletes an SNMPv3 Community Table entry. After you delete an SNMPv3 Community Table entry, you cannot recover it. Examples The following command deletes an SNMPv3 Community Table entry with an index of 1001.
Chapter 22: SNMPv3 Commands DESTROY SNMPv3 GROUP Syntax destroy snmpv3 group username=username [securitymodel=v1|v2c|v3] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol.
AT-S63 Management Software Command Line Interface User’s Guide DESTROY SNMPv3 NOTIFY Syntax destroy snmpv3 notify=notify Parameter notify Specifies an SNMPv3 Notify Table entry. Description This command deletes an SNMPv3 Notify Table entry. After you delete an SNMPv3 Notify Table entry, you cannot recover it. Examples The following command deletes an SNMPv3 Notify Table entry called “systemtestnotifytrap.
Chapter 22: SNMPv3 Commands DESTROY SNMPv3 TARGETADDR Syntax destroy snmpv3 targetaddr=target Parameter targetaddr Specifies an SNMPv3 Target Address table entry. Description This command deletes an SNMPv3 Target Address Table entry. After you delete an SNMPv3 Target Address Table entry, you cannot recover it. Example The following command deletes an SNMPv3 Address Table entry called “snmpmanager.
AT-S63 Management Software Command Line Interface User’s Guide DESTROY SNMPv3 TARGETPARMS Syntax destroy snmpv3 targetparams=targetparams Parameter targetparams Specifies an SNMPv3 Target Parameters table entry. Description This command deletes an SNMPv3 Target Parameters Table entry. After you delete an SNMPv3 Target Parameters Table entry, you cannot recover it. Examples The following command deletes the SNMPv3 Target Parameters Table entry called “targetparameter1.
Chapter 22: SNMPv3 Commands DESTROY SNMPV3 VIEW Syntax destroy snmpv3 view=view [subtree=OID|text] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view subtree view. The options are: OID A numeric value in hexadecimal format. text Text name of the view. Description This command deletes an SNMPv3 View Table entry. After you delete an SNMPv3 View Table entry, you cannot recover it.
AT-S63 Management Software Command Line Interface User’s Guide PURGE SNMPV3 ACCESS Syntax purge snmpv3 access Parameters None Description This command resets the SNMPv3 Access Table to its default value by removing all the access table entries. To remove a single entry, use “DESTROY SNMPv3 ACCESS” on page 325.
Chapter 22: SNMPv3 Commands PURGE SNMPV3 COMMUNITY Syntax purge snmpv3 community Parameters None Description This command resets the SNMPv3 Community Table to its default value by removing all the community table entries. To remove a single entry, use “DESTROY SNMPv3 COMMUNITY” on page 327.
AT-S63 Management Software Command Line Interface User’s Guide PURGE SNMPV3 NOTIFY Syntax purge snmpv3 notify Parameters None Description This command resets the SNMPv3 Notify Table to its default value by removing all the notify table entries. To remove a single entry, use “DESTROY SNMPv3 NOTIFY” on page 329.
Chapter 22: SNMPv3 Commands PURGE SNMPV3 TARGETADDR Syntax purge snmpv3 targetaddr Parameters None Description This command resets the SNMPv3 Target Address Table to its default values by removing all the target address table entries. To remove a single entry, use “DESTROY SNMPv3 TARGETADDR” on page 330.
AT-S63 Management Software Command Line Interface User’s Guide PURGE SNMPV3 VIEW Syntax purge snmpv3 view Parameters None Description This command resets the SNMPv3 View Table to its default values by removing all the view table entries. To remove a single entry, use “DESTROY SNMPV3 VIEW” on page 332.
Chapter 22: SNMPv3 Commands SET SNMPV3 ACCESS Syntax set snmpv3 access=access [securitymodel=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] readview=readview writeview=writeview notifyview=notifyview [storagetype=volatile|nonvolatile] Parameters access Specifies the name of the group, up to 32 alphanumeric characters. securitymodel Specifies the security model. Options are: securitylevel v1 Associates the Security Name, or User Name, with the SNMPv1 protocol.
AT-S63 Management Software Command Line Interface User’s Guide storagetype Specifies the storage type of this table entry. This is an optional parameter. The options are: volatile Does not allow you to save the table entry to the configuration file on the switch. This is the default. nonvolatile Allows you to save the table entry to the configuration file on the switch. Description This command modifies an SNMPv3 Access Table entry.
Chapter 22: SNMPv3 Commands SET SNMPV3 COMMUNITY Syntax set snmpv3 community index=index communityname=communityname securityname=securityname transporttag=transporttag [storagetype=volatile|nonvolatile] Parameters index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. communityname Specifies a password of this community, up to 32 alphanumeric characters. securityname Specifies the name of an SNMPv1 and SNMPv2 user, up to 32 alphanumeric characters.
AT-S63 Management Software Command Line Interface User’s Guide set snmpv3 community index=52 communityname=oldmiss71 securityname=jjhuser234 transporttag=testtag40 341
Chapter 22: SNMPv3 Commands SET SNMPV3 GROUP Syntax set snmpv3 group username=username [securitymodel=v1|v2c|v3] groupname=groupname [storagetype=volatile|nonvolatile] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol.
AT-S63 Management Software Command Line Interface User’s Guide user name of “nelvid.” The security model is the SNMPv3 protocol and the group name “systemtest.
Chapter 22: SNMPv3 Commands SET SNMPV3 NOTIFY Syntax set snmpv3 notify=notify tag=tag [type=trap|inform] [storagetype=volatile|nonvolatile] Parameters notify Specifies the name associated with the trap message, up to 32 alphanumeric characters. tag Specifies the notify tag name, up to 32 alphanumeric characters. type Specifies the message type. Options are: trap Trap messages are sent, with no response expected from the host.
AT-S63 Management Software Command Line Interface User’s Guide set snmpv3 notify=systemtestinform5 tag=systemtestinform5tag type=inform 345
Chapter 22: SNMPv3 Commands SET SNMPV3 TARGETADDR Syntax set snmpv3 targetaddr=targetaddr params=params ipaddress=ipaddress udpport=udpport timeout=timeout retries=retries taglist=taglist [storagetype=volatile|nonvolatile] Parameters 346 targetaddr Specifies the name of the SNMP entity (NMS or manager) that manages the SNMP activity on the switch, up to 32 alphanumeric characters. params Specifies the target parameters name, up to 32 alphanumeric characters. This is an optional parameter.
AT-S63 Management Software Command Line Interface User’s Guide Description This command modifies an SNMPv3 Target Address Table entry. Examples The following command modifies the Target Address Table entry with a value of “snmphost.” The params parameter is set to “targetparameter7” and the IP address is 198.1.1.1. The taglist is set to “systemtesttraptag” and “systemtestinformtag.” set snmpv3 targetaddr=snmphost params=targetparameter7 ipaddress=198.1.1.
Chapter 22: SNMPv3 Commands SET SNMPV3 TARGETPARAMS Syntax set snmpv3 targetparams=targetparams username=username [securitymodel=v1|v2c|v3] [messageprocessing=v1|v2c|v3] [securitylevel=noauthentication|authentication| privacy] [storagetype=volatile|nonvolatile] Parameters targetparams Specifies the target parameters name, up to 32 alphanumeric characters. username Specifies the user name. securitymodel Specifies the security model of the above user name.
AT-S63 Management Software Command Line Interface User’s Guide authentication This option provides an authentication protocol, but no privacy protocol. privacy storagetype This option provides an authentication protocol and the privacy protocol. Specifies the storage type of this table entry. This is an optional parameter. The options are: volatile Does not allow you to save the table entry to the configuration file on the switch. This is the default.
Chapter 22: SNMPv3 Commands SET SNMPV3 USER Syntax set snmpv3 user=user [authentication=md5|sha] authpassword=password privpassword=password [storagetype=volatile|nonvolatile] Parameters user Specifies the name of an SNMPv3 user, up to 32 alphanumeric characters. authentication Specifies the authentication protocol that is used to authenticate this user with an SNMPv3 entity (or NMS). The default is no authentication. The options are: md5 The MD5 authentication protocol.
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command modifies a User Table entry called “atiuser104”. The authentication protocol is set to the MD5 protocol and the authentication password is “atlanta45denver.” The DES privacy protocol is on and the privacy password is “denvertoatlanta3.” set snmpv3 user=atiuser104 authentication=md5 authpassword=atlanta45denver privpassword=denvertoatlanta3 The following command modifies a User Table entry called “atiuser104.
Chapter 22: SNMPv3 Commands SET SNMPV3 VIEW Syntax set snmpv3 view=view [subtree=OID|text] mask=mask [type=included|excluded] [storagetype=volatile|nonvolatile] Parameters view Specifies the name of the view, up to 32 alphanumeric characters. subtree Specifies the view subtree view. Options are: OID A numeric value in hexadecimal format. text Text name of the view. mask Specifies the subtree mask, in hexadecimal format. type Specifies the view type.
AT-S63 Management Software Command Line Interface User’s Guide The following command modifies the view called system. The subtree is set to 1.3.6.1.2.1 (System MIBs) and the view type is excluded. set snmpv3 view=system subtree=1.3.6.1.2.
Chapter 22: SNMPv3 Commands SHOW SNMPV3 ACCESS Syntax show snmpv3 access=access Parameter access Specifies an SNMPv3 Access Table entry. Description This command displays the SNMPv3 Access Table. You can display one or all of the table entries. Examples The following command displays the SNMPv3 Access Table entry called “production.
AT-S63 Management Software Command Line Interface User’s Guide SHOW SNMPV3 COMMUNITY Syntax show snmpv3 community index=index Parameter index Specifies the name of this SNMPv3 Community Table entry, up to 32 alphanumeric characters. Description This command displays the SNMPv3 Community Table. You can display one or all of the SNMPv3 Community Table entries.
Chapter 22: SNMPv3 Commands SHOW SNMPv3 GROUP Syntax show snmpv3 group username=username [securitymodel=v1|v2c|v3] Parameter username Specifies a user name configured in the SNMPv3 User Table. securitymodel Specifies the security model of the above user name. The options are: v1 Associates the Security Name, or User Name, with the SNMPv1 protocol. v2c Associates the Security Name, or User Name, with the SNMPv2c protocol. v3 Associates the Security Name, or User Name, with the SNMPv3 protocol.
AT-S63 Management Software Command Line Interface User’s Guide SHOW SNMPV3 NOTIFY Syntax show snmpv3 notify=notify Parameter notify Specifies an SNMPv3 Notify Table entry. Description This command displays SNMPv3 Notify Table entries. You can display one or all of the table entries.
Chapter 22: SNMPv3 Commands SHOW SNMPV3 TARGETADDR Syntax show snmpv3 targetaddr=targetaddr Parameter targetaddr Specifies an SNMPv3 Target Address Table entry. Description This command displays SNMPv3 Target Address Table entries. You can display one or all of the table entries.
AT-S63 Management Software Command Line Interface User’s Guide SHOW SNMPV3 TARGETPARAMS Syntax show snmpv3 targetparams=targetparams Parameter targetparamsSpecifies an SNMPv3 Target Parameters Table entry. Description This command displays SNMPv3 Target Parameters Table entries. You can display one or all of the table entries.
Chapter 22: SNMPv3 Commands SHOW SNMPV3 USER Syntax show snmpv3 user=user Parameters userSpecifies the name of an SNMPv3 user, up to 32 alphanumeric characters. Description This command displays SNMPv3 User Table entries. You can display one or all of the table entries.
AT-S63 Management Software Command Line Interface User’s Guide SHOW SNMPV3 VIEW Syntax show snmpv3 view=view [subtree=OID|text] Parameter view Specifies an SNMPv3 View Table entry. subtree Specifies the view subtree view. Options are: OID A numeric value in hexadecimal format. text Text name of the view. Description This command displays the SNMPv3 View Table entries. You can display one or all of the table entries.
Chapter 22: SNMPv3 Commands 362
Chapter 23 STP Commands This chapter contains the following commands: “ACTIVATE STP” on page 364 “DISABLE STP” on page 365 “ENABLE STP” on page 366 “PURGE STP” on page 367 “SET STP” on page 368 “SET STP PORT” on page 371 “SHOW STP” on page 373 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on the Spanning Tree Protocol (STP).
Chapter 23: STP Commands ACTIVATE STP Syntax activate stp Parameters None. Description Use this command to designate STP as the active spanning tree on the switch. You cannot enable STP or configure its parameters until you have designated it as the active spanning tree with this command. Only one spanning tree protocol, STP, RSTP, or MSTP, can be active on the switch at a time.
AT-S63 Management Software Command Line Interface User’s Guide DISABLE STP Syntax disable stp Parameters None. Description This command disables the Spanning Tree Protocol on the switch. The default setting for STP is disabled. To view the current status of STP, refer to “SHOW STP” on page 373.
Chapter 23: STP Commands ENABLE STP Syntax enable stp Parameters None. Description This command enables the Spanning Tree Protocol on the switch. The default setting for STP is disabled. To view the current status of STP, refer to “SHOW STP” on page 373. Note You cannot enable STP until after you have activated it with “ACTIVATE STP” on page 364.
AT-S63 Management Software Command Line Interface User’s Guide PURGE STP Syntax purge stp Parameters None. Description This command returns all STP bridge and port parameters to the default settings. STP must be disabled in order for you to use this command. To disable STP, see “DISABLE STP” on page 365.
Chapter 23: STP Commands SET STP Syntax set stp [default] [priority=priority] [hellotime=hellotime] [forwarddelay=forwarddelay] [maxage=maxage] Parameters default Disables STP and returns all bridge and port STP settings to the default values. This parameter cannot be used with any other command parameter and can only be used when STP is disabled. (This parameter performs the same function as the PURGE STP command.) priority Specifies the priority number for the bridge.
AT-S63 Management Software Command Line Interface User’s Guide parameter can be from 1 to 10 seconds. The default is 2 seconds. forwarddelay Specifies the waiting period before a bridge changes to a new state, for example, becomes the new root bridge after the topology changes. If the bridge transitions too soon, all links may not have had time to adapt to the change, resulting in network loops. The range is 4 to 30 seconds. The default is 15 seconds.
Chapter 23: STP Commands The following command sets the hello time to 7 seconds and the forwarding delay to 25 seconds: set stp hellotime=7 forwarddelay=25 The following command returns all STP parameters on the switch to the default values: set stp default 370
AT-S63 Management Software Command Line Interface User’s Guide SET STP PORT Syntax set stp port=port [pathcost|portcost=auto|portcost] [portpriority=portpriority] Parameters port Specifies the port you want to configure. You can configure more than one port at a time. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22). pathcost portcost Specifies the port’s cost. The parameters are equivalent.
Chapter 23: STP Commands shown in Table 10. You specify the increment of the desired value. The default is 128 (increment 8). Table 10.
AT-S63 Management Software Command Line Interface User’s Guide SHOW STP Syntax show stp [port=port] Parameter port Specifies the port whose STP parameters you want to view. You can view more than one port at a time.You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22).
Chapter 23: STP Commands 374
Chapter 24 RSTP Commands This chapter contains the following commands: “ACTIVATE RSTP” on page 376 “DISABLE RSTP” on page 377 “ENABLE RSTP” on page 378 “PURGE RSTP” on page 379 “SET RSTP” on page 380 “SET RSTP PORT” on page 383 “SHOW RSTP” on page 386 Note Remember to save your changes with the SAVE CONFIGURATION command.
Chapter 24: RSTP Commands ACTIVATE RSTP Syntax activate rstp Parameters None. Description Use this command to designate RSTP as the active spanning tree on the switch. After you have selected RSTP, you can enable or disable it using the ENABLE RSTP and DISABLE RSTP commands. RSTP is active on a switch only after you have designated it as the active spanning tree with this command and enabled it with the ENABLE RSTP command.
AT-S63 Management Software Command Line Interface User’s Guide DISABLE RSTP Syntax disable rstp Parameters None. Description This command disables the Rapid Spanning Tree Protocol on the switch. To view the current status of RSTP, use “SHOW RSTP” on page 386.
Chapter 24: RSTP Commands ENABLE RSTP Syntax enable rstp Parameters None. Description This command enables the Rapid Spanning Tree Protocol on the switch. The default setting for RSTP is disabled. To view the current status of RSTP, use “SHOW RSTP” on page 386. You cannot enable RSTP until you have activated it with the ACTIVATE RSTP command.
AT-S63 Management Software Command Line Interface User’s Guide PURGE RSTP Syntax purge rstp Parameters None. Description This command returns all RSTP bridge and port parameters to the default settings. RSTP must be disabled before you can use this command. To disable RSTP, refer to “DISABLE RSTP” on page 377.
Chapter 24: RSTP Commands SET RSTP Syntax set rstp [default] [priority=priority] [hellotime=hellotime] [forwarddelay=forwarddelay] [maxage=maxage] [rstptype|forceversion=stpcompatible| forcestpcompatible|normalrstp] Parameters default Returns all bridge and port RSTP settings to the default values. This parameter cannot be used with any other command parameter and only when RSTP is disabled. (This parameter performs the same function as the PURGE RSTP command.
AT-S63 Management Software Command Line Interface User’s Guide parameter can be from 1 to 10 seconds. The default is 2 seconds. forwarddelay Specifies the waiting period before a bridge changes to a new state, for example, becomes the new root bridge after the topology changes. If the bridge transitions too soon, not all links may have yet adapted to the change, resulting in network loops. The range is 4 to 30 seconds. The default is 15 seconds.
Chapter 24: RSTP Commands Description This command configures the following RSTP parameter settings. Bridge priority Hello time Forwarding delay Maximum age time Port priority Force version of STP or normal RSTP This command can also return the RSTP parameters to their default settings. Note You can use this command only if RSTP is the active spanning tree protocol on the switch. See “ACTIVATE RSTP” on page 376.
AT-S63 Management Software Command Line Interface User’s Guide SET RSTP PORT Syntax set rstp port=port [pathcost|portcost=cost|auto] [portpriority=portpriority] [edgeport=yes|no|on|off|true|false] [ptp|pointtopoint=yes|no|on|off|true|false|autoupdate] [migrationcheck=yes|no|on|off|true|false] Parameters port Specifies the port you want to configure. You can specify more than one port at a time.
Chapter 24: RSTP Commands Table 13. RSTP Auto-Detect Port Trunk Costs portpriority Port Speed Port Cost 100 Mbps 20,000 1000 Mbps 2,000 Specifies the port’s priority. This parameter is used as a tie breaker when two or more ports are determined to have equal costs to the root bridge. The range is 0 to 240 in increments of 16, for a total of 16 increments, as shown in Table 14. You specify the increment that corresponds to the desired value. The default is 128, which is increment 8. Table 14.
AT-S63 Management Software Command Line Interface User’s Guide migrationcheck yes, on, true The port is an point-to-point port. The options are equivalent. no, off, false The port is not an point-to-point port. The parameters are equivalent. are equivalent. autoupdate The port’s status is determined automatically. This is the default. Enables and disables migration check.
Chapter 24: RSTP Commands SHOW RSTP Syntax show rstp [portconfig=port|portstate=port] Parameters portconfig Displays the RSTP port settings. You can specify more than one port at a time. portstate Displays the RSTP port status. You can specify more than one port at a time. Description You can use this command to display the RSTP parameter settings.
AT-S63 Management Software Command Line Interface User’s Guide The following command displays RSTP port status for port 15: show rstp portstate=15 387
Chapter 24: RSTP Commands 388
Chapter 25 MSTP Commands This chapter contains the following commands: “ACTIVATE MSTP” on page 390 “ADD MSTP” on page 391 “CREATE MSTP” on page 392 “DELETE MSTP” on page 393 “DESTROY MSTP MSTIID” on page 394 “DISABLE MSTP” on page 395 “ENABLE MSTP” on page 396 “PURGE MSTP” on page 397 “SET MSTP” on page 398 “SET MSTP CIST” on page 401 “SET MSTP MSTI” on page 402 “SET MSTP MSTIVLANASSOC” on page 404 “SET MSTP PORT” on page 405 “SHOW MSTP” on page 408 N
Chapter 25: MSTP Commands ACTIVATE MSTP Syntax activate mstp Parameters None. Description This command designates MSTP as the active spanning tree on the switch. You cannot enable MSTP or configure its parameters until after you have designated it as the active spanning tree with this command. Only one spanning tree protocol can be active on the switch at a time.
AT-S63 Management Software Command Line Interface User’s Guide ADD MSTP Syntax add mstp mstiid=mstiid mstivlanassoc=vids Parameters mstiid Specifies the ID of the multiple spanning tree instance (MSTI) to which you want to associate VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. mstivlanassoc Specifies the VID of the VLAN you want to associate with the MSTI ID. You can specify more than one VID at a time (for example, 2,5,44).
Chapter 25: MSTP Commands CREATE MSTP Syntax create mstp mstiid=mstiid [mstivlanassoc=vids] Parameters mstiid Specifies the MSTI ID of the spanning tree instance you want to create. You can specify only one MSTI ID at a time. The range is 1 to 15. mstivlanassoc Specifies the VID of the VLAN you want to associate with the MSTI ID. You can specify more than one VID at a time (for example, 2,5,44). Description This command creates an MSTI ID and associates VLANs to the new spanning tree instance.
AT-S63 Management Software Command Line Interface User’s Guide DELETE MSTP Syntax delete mstp mstiid=mstiid mstivlanassoc=vids Parameters mstiid Specifies the MSTI ID of the spanning tree instance where you want to remove VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. mstivlanassoc Specifies the VID of the VLAN you want to remove from the spanning tree instance. You can specify more than one VID at a time (for example, 2,5,44).
Chapter 25: MSTP Commands DESTROY MSTP MSTIID Syntax destroy mstp mstiid=mstiid Parameter mstiid Specifies the MSTI ID of the spanning tree instance you want to delete. You can specify only one MSTI ID at a time. The range is 1 to 15. Description This command deletes a spanning tree instance. VLANs associated with a deleted MSTI are returned to CIST.
AT-S63 Management Software Command Line Interface User’s Guide DISABLE MSTP Syntax disable mstp Parameters None. Description This command disables the Multiple Spanning Tree Protocol on the switch. To view the current status of MSTP, refer to “SHOW MSTP” on page 408.
Chapter 25: MSTP Commands ENABLE MSTP Syntax enable mstp Parameters None. Description This command enables Multiple Spanning Tree Protocol on the switch. To view the current status of MSTP, refer to “SHOW MSTP” on page 408. You must select MSTP as the active spanning tree on the switch before you can enable it with this command. To activate MSTP, see “ACTIVATE MSTP” on page 390.
AT-S63 Management Software Command Line Interface User’s Guide PURGE MSTP Syntax purge mstp Parameters None. This command returns all MSTP bridge and port parameters settings to their default values. In order for you to use this command, MSTP must be the active spanning tree protocol on the switch and the protocol must be disabled. To select MSTP as the active spanning tree protocol on the switch, see “ACTIVATE MSTP” on page 390. To disable MSTP, refer to “DISABLE MSTP” on page 395.
Chapter 25: MSTP Commands SET MSTP Syntax set mstp [default] [forceversion=stpcompatible|forcestpcompatible| normalmstp] [hellotime=hellotime] [forwarddelay=forwarddelay] [maxage=maxage] [maxhops=maxhops] [configname="name"] [revisionlevel=number] Parameters default Disables MSTP and returns all bridge and port MSTP settings to the default values. This parameter cannot be used with any other parameter. (This parameter performs the same function as the PURGE MSTP command.
AT-S63 Management Software Command Line Interface User’s Guide normalmspt The bridge uses MSTP. The bridge sends out MSTP BPDU packets from all ports except for those ports connected to bridges running STP. This is the default setting. hellotime Specifies the time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds.
Chapter 25: MSTP Commands same on all bridges in a region. Different regions can have the same version level without conflict. Description This command configures the following MSTP parameter settings.
AT-S63 Management Software Command Line Interface User’s Guide SET MSTP CIST Syntax set mstp cist priority=priority Parameter priority Specifies the CIST priority number for the switch. The range is 0 to 61,440 in increments of 4,096. The range is divided into sixteen increments, as shown in Table 15. You specify the increment that represents the desired bridge priority value. The default value is 32,768, which is increment 8. Table 15.
Chapter 25: MSTP Commands SET MSTP MSTI Syntax set mstp msti mstiid=mstiid priority=priority Parameters mstiid Specifies a MSTI ID. You can specify only one MSTI ID at a time. The range is 1 to 15. priority Specifies the MSTI priority value for the switch. The range is 0 to 61,440 in increments of 4,096. The range is divided into sixteen increments, as shown in Table 16. You specify the increment that represents the desired bridge priority value. The default value is 32,768, which is increment 8.
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command changes the MSTI priority value to 45,056 (increment 11) for the MSTI ID 4: set mstp msti mstiid=4 priority=11 The following command changes the MSTI priority value to 8,192 (increment 2) for the MSTI ID 6: set mstp msti mstiid=6 priority=2 403
Chapter 25: MSTP Commands SET MSTP MSTIVLANASSOC Syntax set mstp mstivlanassoc mstiid=mstiid vlanlist=vids Parameters mstiid Specifies the ID of the spanning tree instance where you want to associate VLANs. You can specify only one MSTI ID at a time. The range is 1 to 15. vlanlist Specifies the VID of the VLAN you want to associate with the MSTI ID. You can specify more than one VID at a time (for example, 2,5,44). If VLANs have already been associated with the MSTI, they are overwritten.
AT-S63 Management Software Command Line Interface User’s Guide SET MSTP PORT Syntax set mstp port=port|all [intportcost=auto|portcost] [extportcost=portcost] [portpriority=priority] [edgeport=yes|no|no|on|off|true|false] [ptp|pointtopoint=yes|no|on|off|true|false|autoupdate] [migrationcheck=yes|no|on|off|true|false] Parameters port Specifies the port you want to configure. You can specify more than one port at a time. To configure all ports in the switch, enter ALL.
Chapter 25: MSTP Commands Table 17. Port Priority Value Increments Port Priority Increment Port Priority 0 0 8 128 1 16 9 144 2 32 10 160 3 48 11 176 4 64 12 192 5 80 13 208 6 96 14 224 7 112 15 240 edgeport ptp pointtopoint 406 Increment Defines whether the port is functioning as an edge port. An edge port is connected to a device operating at halfduplex mode and is not connected to any device running STP or MSTP.
AT-S63 Management Software Command Line Interface User’s Guide migrationcheck This parameter resets a MSTP port, allowing it to send MSTP BPDUs. When a MSTP bridge receives STP BPDUs on an MSTP port, the port transmits STP BPDUs. The MSTP port continues to transmit STP BPDUs indefinitely. Set the migrationcheck parameter to yes to reset the MSTP port to transmit MSTP BPDUs. yes, on, true Enable migration check. The options are equivalent. no, off, false Disable migration check.
Chapter 25: MSTP Commands SHOW MSTP Syntax show mstp [portconfig=ports] [portstate=ports] [msti] [cist] [mstivlanassoc] Parameters portconfig Specifies a port. You can specify more than one port at a time. For a list of the MSTP information displayed by this parameter, refer to Description below. portstate Specifies a port. You can specify more than one port at a time. For a list of the MSTP information displayed by this parameter, refer to Description below.
AT-S63 Management Software Command Line Interface User’s Guide Reversion level Bridge identifier The PORTCONFIG parameter displays the following MSTP port parameter settings: Edge-port status Point-to-point status External and internal port costs Port priority The PORTSTATE parameter displays the following MSTP port status information: MSTP port state MSTI ID MSTP role Point-to-point status Spanning tree version Port cost The MSTI parameter displays the follo
Chapter 25: MSTP Commands 410
Chapter 26 VLANs and Multiple VLAN Mode Commands This chapter contains the following commands: “ADD VLAN” on page 412 “CREATE VLAN” on page 415 “DELETE VLAN” on page 418 “DESTROY VLAN” on page 421 “SET SWITCH INFILTERING” on page 422 “SET SWITCH MANAGEMENTVLAN” on page 423 “SET SWITCH VLANMODE” on page 424 “SET VLAN” on page 426 “SHOW VLAN” on page 427 Note Remember to use the SAVE CONFIGURATION command to save your changes on the switch.
Chapter 26: VLANs and Multiple VLAN Mode Commands ADD VLAN Syntax 1 add vlan=name [vid=vid] port=ports|all frame=untagged|tagged Syntax 2 add vlan=name [vid=vid] taggedports=ports|all untaggedports=ports|all Parameters vlan Specifies the name of the VLAN you want to modify. The name can be from 1 to 20 characters in length. vid Specifies the VID of the VLAN you want to modify. This parameter is optional. port Specifies the ports to be added to the VLAN.
AT-S63 Management Software Command Line Interface User’s Guide Note When a transceiver is inserted into an uplink slot and a link is established, that slot becomes a primary uplink port and the corresponding backup port, 23R or 24R, automatically transitions to redundant uplink status. Any VLAN settings remain intact when the backup port makes the transition to a redundant uplink state. This command has two syntaxes. You can use either command to add ports to a VLAN.
Chapter 26: VLANs and Multiple VLAN Mode Commands add vlan=Service port=5 frame=tagged add vlan=Service port=7-8 frame=untagged Using Syntax 2, you can add both types of ports with just one command: add vlan=Service untaggedports=7-8 taggedports=5 414
AT-S63 Management Software Command Line Interface User’s Guide CREATE VLAN Syntax 1 create vlan=name vid=vid port=ports|all frame=untagged|tagged Syntax 2 create vlan=name vid=vid taggedports=ports|all untaggedports=ports|all Parameters vlan Specifies the name of the VLAN. You must assign a name to a VLAN. The name can be from 1 to 20 characters in length and should reflect the function of the nodes that will be a part of the VLAN (for example, Sales or Accounting).
Chapter 26: VLANs and Multiple VLAN Mode Commands port Specifies the ports on the switch that are either tagged or untagged members of the new VLAN. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-23), or both (for example, 1, 5, 14-22). To specify all ports on the switch, use ALL. This parameter must be followed by the FRAME parameter. frame Specifies whether the ports of the VLAN are to be tagged or untagged.
AT-S63 Management Software Command Line Interface User’s Guide a member of its other current untagged and tagged VLAN assignments. Examples The following command uses Syntax 1 to create a port-based VLAN called Sales with a VID of 3. The VLAN will consist of ports 4 to 8 and ports 12 to 16.
Chapter 26: VLANs and Multiple VLAN Mode Commands DELETE VLAN Syntax 1 delete vlan=name [vid=vid] port=ports frame=untagged|tagged Syntax 2 delete vlan=name [vid=vid] taggedports=ports untaggedports=ports Parameters vlan Specifies the name of the VLAN to be modified. vid Specifies the VID of the VLAN to be modified. This parameter is optional. port Specifies the ports to be removed from the VLAN. This parameter must be used with the FRAME parameter.
AT-S63 Management Software Command Line Interface User’s Guide Note You cannot change a VLAN’s name or VID. When you remove an untagged port from a VLAN, the following happens: The port is returned to the Default_VLAN as an untagged port. If the port is also a tagged member of other VLANS, those VLAN assignments are not changed. The port remains a tagged member of the other VLANs.
Chapter 26: VLANs and Multiple VLAN Mode Commands delete vlan=Service untaggedports=6-8 taggedports=2 420
AT-S63 Management Software Command Line Interface User’s Guide DESTROY VLAN Syntax destroy vlan vlan=name|all [vid=vid] Parameters vlan Specifies the name of the VLAN to be deleted. To delete all VLANs, use the ALL option. vid Specifies the VID of the VLAN to be deleted. This parameter is optional. Description When the switch is operating in the user-configured VLAN mode, you can use this command to delete port-based and tagged VLANs from a switch.
Chapter 26: VLANs and Multiple VLAN Mode Commands SET SWITCH INFILTERING Syntax set switch infiltering=yes|no|on|off|true|false Parameters infiltering Specifies the operating status of ingress filtering. The options are: yes, on, true no, off, false Activates ingress filtering. The options are equivalent. This is the default. Deactivates ingress filtering. The options are equivalent. Description This command controls the status of ingress filtering.
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH MANAGEMENTVLAN Syntax set switch managementvlan=name|VID Parameter managementvlan Specifies the management VLAN. You can specify the VLAN by name or by its VID. You can specify only one management VLAN. The default management VLAN is Default_VLAN (VID 1). Description This command sets the management VLAN. The switch uses this VLAN to watch for management packets from Telnet and web browser management sessions.
Chapter 26: VLANs and Multiple VLAN Mode Commands SET SWITCH VLANMODE Syntax set switch vlanmode=userconfig|dotqmultiple| multiple [uplinkport=port] Parameters vlanmode uplinkport Controls the switch’s VLAN mode. Options are: userconfig This mode allows you to create your own port-based and tagged VLANs. This is the default setting. dotqmultiple This option configures the switch for the 802.1Q-compliant multiple VLAN mode. multiple This option configures the switch for the non-802.
AT-S63 Management Software Command Line Interface User’s Guide The following command sets the switch so that you can create your own port-based and tagged VLANs: set switch vlanmode=userconfig 425
Chapter 26: VLANs and Multiple VLAN Mode Commands SET VLAN Syntax set vlan=name [vid=vid] type=portbased Parameter vlan Specifies the name of the dynamic GVRP VLAN you want to convert into a static VLAN. To view VLAN names, refer to “SHOW VLAN” on page 427. vid Specifies the VID of the dynamic VLAN. To view VIDs, refer to “SHOW VLAN” on page 427. This parameter is optional. type Specifies the type of static VLAN to which the dynamic VLAN is to be converted. There is only one option: PORTBASED.
AT-S63 Management Software Command Line Interface User’s Guide SHOW VLAN Syntax show vlan[=name|vid] Parameter vlan Specifies the name or VID of the VLAN.
Chapter 26: VLANs and Multiple VLAN Mode Commands 428
Chapter 27 GARP VLAN Registration Protocol Commands This chapter contains the following commands: “DISABLE GARP” on page 430 “ENABLE GARP” on page 431 “PURGE GARP” on page 432 “SET GARP PORT” on page 433 “SET GARP TIMER” on page 434 “SHOW GARP” on page 436 “SHOW GARP COUNTER” on page 437 “SHOW GARP DATABASE” on page 439 “SHOW GARP GIP” on page 440 “SHOW GARP MACHINE” on page 441 Note Remember to save your changes with the SAVE CONFIGURATION command.
Chapter 27: GARP VLAN Registration Protocol Commands DISABLE GARP Syntax disable garp=gvrp [gip] Parameters garp Specifies the GARP application you want to disable. The only GARP application supported by AT-S63 management software is GVRP. gip Disables GARP Information Propagation (GIP). Note The online help for this command contains an STP option. The option is not supported. Description This command disables GVRP on the switch.
AT-S63 Management Software Command Line Interface User’s Guide ENABLE GARP Syntax enable garp=gvrp [gip] Parameters garp Specifies the GARP application you want to enable. The only GARP application supported by AT-S63 management software is GVRP. gip Enables GARP Information Propagation (GIP). Note The online help for this command contains an STP option. This option is not supported. Description This command enables GVRP on the switch.
Chapter 27: GARP VLAN Registration Protocol Commands PURGE GARP Syntax purge garp=gvrp Parameter garp Specifies the GARP application you want to reset. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported. Description This command disables GVRP and returns all GVRP parameters to their default settings. All GVRP-related statistics counters are returned to zero.
AT-S63 Management Software Command Line Interface User’s Guide SET GARP PORT Syntax set garp=gvrp port=port mode=normal|none Parameters garp Specifies the GARP application you want to configure. The only GARP application supported by AT-S63 management software is GVRP. port Specifies the port you want to configure on the switch. You can specify more than one port at a time. mode Specifies the GVRP mode of the port. Modes are: normal The port will participate in GVRP.
Chapter 27: GARP VLAN Registration Protocol Commands SET GARP TIMER Syntax set garp=gvrp timer [default] [jointime=value] [leavetime=value] [leavealltime=value] Parameters garp Specifies the GARP application you want to configure. The only GARP application supported by AT-S63 management software is GVRP. default Returns the GARP timers to their default settings. jointime Specifies the Join Timer in centiseconds, which are one hundredths of a second. The default is 20 centi seconds.
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command sets the Join Period timer to 0.1 second, Leave Period timer to 0.
Chapter 27: GARP VLAN Registration Protocol Commands SHOW GARP Syntax show garp=gvrp Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported.
AT-S63 Management Software Command Line Interface User’s Guide SHOW GARP COUNTER Syntax show garp=gvrp counter Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported.
Chapter 27: GARP VLAN Registration Protocol Commands Receive GARP Messages: LeaveIn Transmit GARP Messages: LeaveIn Receive GARP Messages: Empty Transmit GARP Messages: Empty Receive GARP Messages: Bad Message Receive GARP Messages: Bad Attribute Example The following command displays information for all GARP application counters: show garp=gvrp counter 438
AT-S63 Management Software Command Line Interface User’s Guide SHOW GARP DATABASE Syntax show garp=gvrp database Parameters garp Specifies the GARP application you want to display. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported. Description This command displays the following parameters for the internal database for the GARP application.
Chapter 27: GARP VLAN Registration Protocol Commands SHOW GARP GIP Syntax show garp=gvrp gip Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported.
AT-S63 Management Software Command Line Interface User’s Guide SHOW GARP MACHINE Syntax show garp=gvrp machine Parameter garp Specifies the GARP application you want to display. The only GARP application supported by AT-S63 management software is GVRP. Note The online help for this command contains an STP option. This option is not supported. Description This command displays the following parameters for the GID state machines for the GARP application.
Chapter 27: GARP VLAN Registration Protocol Commands 442
Chapter 28 Protected Ports VLAN Commands This chapter contains the following commands: “ADD VLAN GROUP” on page 444 “CREATE VLAN PORTPROTECTED” on page 446 “DELETE VLAN” on page 447 “DESTROY VLAN” on page 449 “SET VLAN” on page 450 “SHOW VLAN” on page 451 Note Remember to save your changes with the SAVE CONFIGURATION command.
Chapter 28: Protected Ports VLAN Commands ADD VLAN GROUP Syntax 1 add vlan=name|vid ports=ports frame=tagged|untagged group=uplink|1..256 Syntax 2 add vlan=name|vid [taggedports=ports] [untaggedports=ports] group=uplink|1..256 Parameters vlan Specifies the name or VID of the protected ports VLAN where ports are to be added. You can identify the VLAN by either its name or VID. ports Specifies the uplink port(s) or the ports of a group.
AT-S63 Management Software Command Line Interface User’s Guide Note the following before using this command: You must first create the protected ports VLAN by giving it a name and a VID before you can add ports. Creating a VLAN is accomplished with “CREATE VLAN PORTPROTECTED” on page 446. Both command syntaxes perform the same function. The difference is that with syntax 1 you can add ports of only one type, tagged or untagged, at a time. With syntax 2, you can add both at the same time.
Chapter 28: Protected Ports VLAN Commands CREATE VLAN PORTPROTECTED Syntax create vlan=name vid=vid portprotected Parameters vlan Specifies the name of the new protected ports VLAN. The name can be from one to fifteen alphanumeric characters in length. The name should reflect the function of the nodes that will be a part of the protected ports VLAN (for example, InternetGroups). The name cannot contain spaces or special characters, such as an asterisk (*) or exclamation point (!).
AT-S63 Management Software Command Line Interface User’s Guide DELETE VLAN Syntax 1 delete vlan=name|vid ports=ports frame=tagged|untagged Syntax 2 delete vlan=name|vid [taggedports=ports] [untaggedports=ports] Parameters vlan Specifies the name or VID of the VLAN to be modified. You can specify the VLAN by its name or VID. port Specifies the port to be removed from the VLAN. You can specify more than one port at a time. This parameter must be used with the FRAME parameter.
Chapter 28: Protected Ports VLAN Commands Examples The following command uses Syntax 1 to delete untagged port 12 from the InternetGroups VLAN: delete vlan=InternetGroups port=12 frame=untagged The following command accomplishes the same thing using Syntax 2: delete vlan=InternetGroups untagged=12 448
AT-S63 Management Software Command Line Interface User’s Guide DESTROY VLAN Syntax destroy vlan=name|vid|all Parameters vlan Specifies the name or VID of the VLAN to be destroyed. To delete all tagged, port-based, and protected ports VLANs on the switch, use the ALL option. Description This command deletes VLANs from the switch. You can use this command to delete tagged, port-based, and protected port VLANs. All untagged ports in a deleted VLAN are automatically returned to the Default_VLAN.
Chapter 28: Protected Ports VLAN Commands SET VLAN Syntax set vlan=name|vid port=ports frame=tagged|untagged Parameters vlan Specifies the name or VID of the VLAN to be modified. ports Specifies the port whose VLAN type is to be changed. You can specify more than one port at a time. You can specify the ports individually (for example, 5, 7, 22), as a range (for example, 18-22), or both (for example, 1, 5, 14-22). frame Identifies the new VLAN type for the port. The type can be tagged or untagged.
AT-S63 Management Software Command Line Interface User’s Guide SHOW VLAN Syntax show vlan[=name|vid] Parameter vlan Specifies the name or VID of the VLAN you want to view. Omitting this displays all VLANs. Description This command displays information about the VLANs on the switch. The information includes the names and VIDs of the VLANs, and the tagged and untagged port members. If you are displaying a protected ports VLAN, the information also includes the group and port associations.
Chapter 28: Protected Ports VLAN Commands 452
Chapter 29 Port Security Commands This chapter contains the following command: “SET SWITCH PORT INTRUSIONACTION” on page 454 “SET SWITCH PORT SECURITYMODE” on page 455 “SHOW SWITCH PORT INTRUSION” on page 458 “SHOW SWITCH PORT SECURITYMODE” on page 459 Note Remember to save your changes with the SAVE CONFIGURATION command. Note For background information on port security, refer to Chapter 27, “Port Security” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 29: Port Security Commands SET SWITCH PORT INTRUSIONACTION Syntax set switch port=port intrusionaction=discard|trap|disable Parameters port Specifies the port where you want to change the intrusion action. You can specify more than one port at a time. You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22). intrusionaction Specifies the action the port takes when it receives an invalid frame.
AT-S63 Management Software Command Line Interface User’s Guide SET SWITCH PORT SECURITYMODE Syntax set switch port=port [securitymode=automatic|limited|secured|locked] [intrusionaction=discard|trap|disable] [learn=value] [participate=yes|no|on|off|true|false] Parameters port Specifies the port where you want to set security. You can specify more than one port at a time.You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example, 1,5,14-22).
Chapter 29: Port Security Commands intrusionaction Specifies the action taken by the port in the event port security is violated. This parameter applies only to the Limited security mode. Intrusion actions are: discard Discards invalid frames. This is the default setting. trap Discards invalid frames and sends a management trap. disable Discards invalid frames, sends a management trap, and disables the port. learn Specifies the maximum number of dynamic MAC addresses a port on the switch can learn.
AT-S63 Management Software Command Line Interface User’s Guide Examples The following command sets the security level for port 8 to the Limited mode and specifies a limit of 5 dynamic MAC addresses. Because no intrusion action is specified, the discard action is assigned by default: set switch port=8 securitymode=limited learn=5 The following command sets the security level for ports 9 and 12 to the Limited mode and specifies a limit of 15 dynamic MAC addresses per port.
Chapter 29: Port Security Commands SHOW SWITCH PORT INTRUSION Syntax show switch port=port intrusion Parameter port Specifies the port where you want to view the number of intrusions that have occurred. You can specify more than one port at a time. Description This command displays the number of times a port has detected an intrusion violation.
AT-S63 Management Software Command Line Interface User’s Guide SHOW SWITCH PORT SECURITYMODE Syntax show switch port=port securitymode Parameters port Specifies the port whose security mode settings you want to view. You can specify the ports individually (for example, 5,7,22), as a range (for example, 1823), or both (for example, 1,5,14-22). Description This command displays the security mode settings for the ports on the switch.
Chapter 29: Port Security Commands 460
Chapter 30 802.
Chapter 30: 802.1x Port-based Network Access Control Commands DISABLE PORTACCESS|PORTAUTH Syntax disable portaccess|portauth Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters None. Description This command disables 802.1x Port-based Network Access Control on the switch. This is the default setting. Example The following command disables 802.
AT-S63 Management Software Command Line Interface User’s Guide DISABLE RADIUSACCOUNTING Syntax disable radiusaccounting Parameters None Description This command disables RADIUS accounting on the switch. This command is equivalent to the SET RADIUSACCOUNTING STATUS=DISABLED command.
Chapter 30: 802.1x Port-based Network Access Control Commands ENABLE PORTACCESS|PORTAUTH Syntax enable portaccess|portauth Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters None. Description This command activates 802.1x Port-based Network Access Control on the switch. The default setting for this feature is disabled. Note You should activate and configure the RADIUS client software on the switch before you activate port-based access control. Refer to “SET AUTHENTICATION” on page 542.
AT-S63 Management Software Command Line Interface User’s Guide ENABLE RADIUSACCOUNTING Syntax enable radiusaccounting Parameters None Description This command enables RADIUS accounting on the switch. This command is equivalent to the SET RADIUSACCOUNTING STATUS=ENABLED command.
Chapter 30: 802.
AT-S63 Management Software Command Line Interface User’s Guide identified by the switch by using the client's MAC address. This is the default setting. authorised or forceauthenticate Disables 802.1X port-based authentication and causes the port to transition to the authorized state without any authentication exchange required. The port transmits and receives normal traffic without 802.1X-based authentication of the client. The parameters are equivalent.
Chapter 30: 802.1x Port-based Network Access Control Commands 10 retransmissions and the default is 2. ctrldirboth Specifies how the port is to handle ingress and egress broadcast and multicast packets when in the unauthorized state. When a port is set to the authenticator role, it remains in the unauthorized state until the client logs on by providing a username and password combination. In the unauthorized state, the port accepts only EAP packets from the client.
AT-S63 Management Software Command Line Interface User’s Guide piggyback Controls who can use the switch port in cases where there are multiple clients using the port, for example the port is connected to an Ethernet hub. The options are: enabled Allows all clients on the port to piggyback onto the initial client’s authentication, causing the port to forward all packets after one client is authenticated. This is the default setting.
Chapter 30: 802.1x Port-based Network Access Control Commands SET PORTACCESS|PORTAUTH PORT ROLE=SUPPLICANT Syntax set portaccess|portauth port=port type|role=supplicant|none [authperiod=value] [heldperiod=value] [maxstart=value] [startperiod=value] [username|name=name] [password=password] Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters 470 port Specifies the port that you want to set to the supplicant role or whose supplicant settings you want to adjust.
AT-S63 Management Software Command Line Interface User’s Guide name parameters are equivalent. The port sends the name to the authentication server for verification when the port logs on to the network. The username can be from 1 to 16 alphanumeric characters (A to Z, a to z, 1 to 9). Do not use spaces or special characters, such as asterisks or exclamation points. The username is case-sensitive. password Specifies the password for the switch port.
Chapter 30: 802.1x Port-based Network Access Control Commands SET RADIUSACCOUNTING Syntax set radiusaccounting [status=enabled|disabled] [serverport=value] [type=network] [trigger=start_stop|stop_only] [updateenable=enabled|disabled] [interval=value] Parameters status 472 Activates and deactivates RADIUS accounting on the switch. The options are: enabled Activates RADIUS accounting. disabled Deactivates the feature. This is the default. serverport Specifies the UDP port for RADIUS accounting.
AT-S63 Management Software Command Line Interface User’s Guide Description RADIUS accounting is supported on those switch ports operating in the Authenticator role. The accounting information sent by the switch to a RADIUS server includes the date and time when clients log on and log off, as well as the number of packets sent and received by a switch port during a client session. This feature is disabled by default on the switch.
Chapter 30: 802.1x Port-based Network Access Control Commands SHOW PORTACCESS|PORTAUTH Syntax show portaccess|portauth config|status Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters config Displays whether port-based access control is enabled or disabled on the switch. status Displays the role and status of each port. Description Use this command to display operating information for port-based access control.
AT-S63 Management Software Command Line Interface User’s Guide SHOW PORTACCESS|PORTAUTH PORT Syntax show portaccess|portauth port=port authenticator|supplicant config|status Note The PORTACCESS and PORTAUTH keywords are equivalent. Parameters port Specifies the port whose port-based access control settings you want to view. You can specify more than one port at a time. authenticator Indicates that the port is an authenticator. supplicant Indicates that the port is a supplicant.
Chapter 30: 802.1x Port-based Network Access Control Commands SHOW RADIUSACCOUNTING Syntax show radiusaccounting Parameters None. Description Use this command to display the current parameter settings for RADIUS accounting. For an explanation of the parameters, refer to “SET RADIUSACCOUNTING” on page 472.
Chapter 31 MAC Address Table Commands This chapter contains the following commands: “ADD SWITCH FDB|FILTER” on page 478 “DELETE SWITCH FDB|FILTER” on page 480 “RESET SWITCH FDB” on page 481 “SET SWITCH AGINGTIMER|AGEINGTIMER” on page 482 “SHOW SWITCH FDB” on page 484 Note Remember to save your changes with the SAVE CONFIGURATION command.
Chapter 31: MAC Address Table Commands ADD SWITCH FDB|FILTER Syntax add switch fdb|filter destaddress|macaddress=macaddress port=port vlan=name|vid Note The FDB and FILTER keywords are equivalent. Parameters destaddress macaddress Specifies the static unicast or multicast address to be added to the switch’s MAC address table. The parameters are equivalent.
AT-S63 Management Software Command Line Interface User’s Guide add switch fdb macaddress=00A0D2181A11 port=7 vlan=default_vlan The following command adds the multicast MAC address 01:00:51:00:00 10 to ports 1 to 5.
Chapter 31: MAC Address Table Commands DELETE SWITCH FDB|FILTER Syntax delete switch fdb|filter macaddress=macaddress vlan=name|vid Note The FDB and FILTER keywords are equivalent. Parameters macaddress Specifies the dynamic or static unicast or multicast MAC address to delete from the MAC address table. The address can be entered in either of the following formats: xxxxxxxxxxxx or xx:xx:xx:xx:xx:xx vlan Specifies the VLAN containing the port(s) where the address was learned or assigned.
AT-S63 Management Software Command Line Interface User’s Guide RESET SWITCH FDB Syntax reset switch fdb port=port Parameter port Specifies the port whose dynamic MAC addresses you want to delete from the MAC address table. You can specify more than one port at a time. Description This command deletes the dynamic MAC addresses learned on a specified port. After a port’s dynamic MAC addresses have been deleted, the port begins to learn new addresses.
Chapter 31: MAC Address Table Commands SET SWITCH AGINGTIMER|AGEINGTIMER Syntax set switch agingtimer|ageingtimer=value Parameter agingtimer ageingtimer Specifies the aging timer for the MAC address table. The value is in seconds. The range is 0 to 1048575. The default is 300 seconds (5 minutes). The parameters are equivalent. Description The switch uses the aging timer to delete inactive dynamic MAC addresses from the MAC address table.
AT-S63 Management Software Command Line Interface User’s Guide SHOW SWITCH AGINGTIMER|AGEINGTIMER Syntax show switch agingtimer|ageingtimer Parameters None. Description This command displays the current setting for the aging timer. The switch uses the aging timer to delete inactive dynamic MAC addresses from the MAC address table. To set the aging timer, refer to “SET SWITCH AGINGTIMER|AGEINGTIMER” on page 482.
Chapter 31: MAC Address Table Commands SHOW SWITCH FDB Syntax show switch fdb [address=macaddress] [port=port] [status=static|dynamic|multicast] [vlan=name] Parameters address Specifies a MAC address. Use this parameter to determine the port on the switch on which a particular MAC address was learned (dynamic) or assigned (static). The address can be entered in either of the following formats: xxxxxxxxxxxx or xx:xx:xx:xx:xx:xx port Specifies a port on the switch.
AT-S63 Management Software Command Line Interface User’s Guide The following command displays the static and dynamic multicast addresses: show switch fdb status=multicast The following command displays the port on which the MAC address 00:A0:D2:18:1A:11 was learned (dynamic) or added (static): show switch fdb address=00A0D2181A11 The following command displays the MAC addresses learned on port 2: show switch fdb port=2 The following command displays the MAC addresses learned on the ports in the Sales VL
Chapter 31: MAC Address Table Commands 486
Chapter 32 Web Server Commands This chapter contains the following commands: “DISABLE HTTP SERVER” on page 488 “ENABLE HTTP SERVER” on page 489 “PURGE HTTP SERVER” on page 490 “SET HTTP SERVER” on page 491 “SHOW HTTP SERVER” on page 496 Note Remember to use the SAVE CONFIGURATION command to save your changes. Note For background information on the web server, refer to Chapter 30, “Web Server” in the AT-S63 Management Software Menus Interface User’s Guide.
Chapter 32: Web Server Commands DISABLE HTTP SERVER Syntax disable http server Parameters None. Description This command disables the web server on the switch. When the server is disabled, you cannot manage the switch from a web browser. To view the current status of the web server, see “SHOW HTTP SERVER” on page 496.
AT-S63 Management Software Command Line Interface User’s Guide ENABLE HTTP SERVER Syntax enable http server Parameters None. Description This command activates the web server on the switch. Activating the server allows you to manage the unit from a web browser. To view the current status of the web server, see “SHOW HTTP SERVER” on page 496.
Chapter 32: Web Server Commands PURGE HTTP SERVER Syntax purge http server Parameters None. Description This command resets the HTTP server to its default values. Refer to Appendix A, “AT-S63 Default Settings” in the AT-S63 Management Software Menus Interface User’s Guide or in the AT-S63 Management Software Web Browser Interface User’s Guide. To view the current web server settings, refer to “SHOW HTTP SERVER” on page 496.
AT-S63 Management Software Command Line Interface User’s Guide SET HTTP SERVER Syntax set http server [security=enabled|disabled] [sslkeyid=keyid] [port=port] Parameters security Specifies the security mode of the web server. The options are: enabled Specifies that the web server is to function in the secure HTTPS mode. disabled Specifies that the web server is to function in the non-secure HTTP mode. This is the default. sslkeyid Specifies a key pair ID.
Chapter 32: Web Server Commands set http server security=disabled The following command configures the web server for the secure HTTPS mode. It specifies the key pair ID as 5. Since no port is specified, the default HTTPS port 443 is used: set http server security=enabled sslkeyid=5 General Configuration Steps for a Self-signed Certificate Below are the steps to configuring the switch’s web server for a selfsigned certificate using the command line commands: 1. Set the switch’s date and time.
AT-S63 Management Software Command Line Interface User’s Guide create pki certificate=Sw12cert keypair=4 serialnumber=0 subject="cn=149.11.11.11" 3. This command adds the new certificate to the certificate database. The certificate is given a description of “Switch 12 certificate”: add pki certificate="Switch 12 certificate" location=Sw12cert.cer 4. This command disables the web server: disable http server 5.
Chapter 32: Web Server Commands 8. Add the CA certificates to the certificate database using “ADD PKI CERTIFICATE” on page 506. 9. Disable the switch’s web server using the command “DISABLE HTTP SERVER” on page 488. 10. Configure the web server using “SET HTTP SERVER” on page 491. 11. Activate the web server using “ENABLE HTTP SERVER” on page 489 The following is an example of the command sequence for configuring the web server for CA certificates.
AT-S63 Management Software Command Line Interface User’s Guide load method=tftp destfile=ca.cer server=149.88.88.88 file=c:ca.cer 6. These commands load the certificates into the certificate database: add pki certificate="Switch 24 certificate" location=sw24cert.cer add pki certificate="CA certificate" location=ca.cer 7. This command disables the web server: disable http server 8. This command configures the web server.
Chapter 32: Web Server Commands SHOW HTTP SERVER Syntax show http server Parameters None.
Chapter 33 Encryption Key Commands This chapter contains the following commands: “CREATE ENCO KEY” on page 498 “DESTROY ENCO KEY” on page 502 “SET ENCO KEY” on page 503 “SHOW ENCO” on page 504 Note Remember to save your changes with the SAVE CONFIGURATION command. Note The feature is not available in all versions of the AT-S63 management software. Contact your Allied Telesyn sales representative to determine if this feature is available in your locale.
Chapter 33: Encryption Key Commands CREATE ENCO KEY Syntax 1 create enco key=key-id type=rsa length=value [description="description"] Syntax 2 create enco key=key-id type=rsa [description="description"] [file=filename.key] [format=hex|ssh|ssh2] Parameters key Specifies a key ID. The range is 0 to 65,535. The default is 0. When creating a new key this value must be unique from all other key IDs on the switch. type Specifies the type of key, which can only be a random RSA key.
AT-S63 Management Software Command Line Interface User’s Guide ssh Specifies a format for Secure Shell version 1 users. ssh2 Specifies a format for Secure Shell version 2 users. Description This command serves two functions. One is to create encryption keys. The other is to import and export public encryption keys from the AT-S63 file system to the key database. Caution Key generation is a CPU-intensive process.
Chapter 33: Encryption Key Commands Syntax 1 Examples This example creates a key with the ID of 12 and a length of 512 bits: create enco key=12 type=rsa length=512 This example creates a key with the ID of 4, a length of 1024 bits, and a description of “Switch12a encryption key.”: create enco key=4 type=rsa length=1024 description="Switch12a encryption key" Syntax 2 Description Syntax 2 is used to import and export public encryption keys.
AT-S63 Management Software Command Line Interface User’s Guide The DESCRIPTION parameter specifies a user-defined description for the key. This parameter should be used only when importing a key and not when exporting a key. The description will appear next to the key when you view the key database. Descriptions can help you identify the different keys stored in the switch.
Chapter 33: Encryption Key Commands DESTROY ENCO KEY Syntax destroy enco key=key-id Parameter key Specifies the ID number of the key pair to be deleted from the key database. Description This command deletes an encryption key pair from the key database. This command also deletes a key’s corresponding ”.UKF” file from the file system. After a key pair is deleted, any SSL certificate created using the public key of the key pair will be invalid and cannot be used to manage the switch.
AT-S63 Management Software Command Line Interface User’s Guide SET ENCO KEY Syntax set enco key=key-id description="description" Parameters key Specifies the ID number of the key pair whose description you want to change. description Specifies the new description of the key. The description can contain up to 25 alphanumeric characters. Spaces are allowed. The description must be enclosed in double quotes. Description This command changes the description of a key pair.
Chapter 33: Encryption Key Commands SHOW ENCO Syntax show enco key=key-id Parameters key Specifies the ID of a specific key whose information you want to display. Otherwise, all keys are displayed. Description This command displays information about encryption key pairs stored in the key database.
Chapter 34 Public Key Infrastructure (PKI) Certificate Commands This chapter contains the following commands: “ADD PKI CERTIFICATE” on page 506 “CREATE PKI CERTIFICATE” on page 508 “CREATE PKI ENROLLMENTREQUEST” on page 511 “DELETE PKI CERTIFICATE” on page 513 “PURGE PKI” on page 514 “SET PKI CERTIFICATE” on page 515 “SET PKI CERTSTORELIMIT” on page 517 “SET SYSTEM DISTINGUISHEDNAME” on page 518 “SHOW PKI” on page 519 “SHOW PKI CERTIFICATE” on page 520 Note Remember t
Chapter 34: Public Key Infrastructure (PKI) Certificate Commands ADD PKI CERTIFICATE Syntax add pki certificate="name" location="filename.cer" [trusted=yes|no|on|off|true|false] [type=ca|ee|self] Parameters certificate Specifies a name for the certificate. This is the name for the certificate as it will appear in the certificate database list. The name can up to 40 alphanumeric characters. Spaces are allowed. If the name contains spaces, it must be enclosed in double quotes.
AT-S63 Management Software Command Line Interface User’s Guide database should be given a unique name. The LOCATION parameter specifies the filename of the certificate as stored in the switch’s file system. When specifying the filename, be sure to include the file extension “.cer”. The TRUSTED parameter specifies whether the certificate is from a trusted CA. The default is TRUE.
Chapter 34: Public Key Infrastructure (PKI) Certificate Commands CREATE PKI CERTIFICATE Syntax create pki certificate=name keypair=key-id serialnumber=value [format=der|pem] subject="distinguished-name" Parameters certificate Specifies a name for the self-signed certificate. The name can be from one to eight alphanumeric characters. Spaces are allowed; if included, the name must be enclosed in double quotes. The management software automatically adds the “.cer” extension.
AT-S63 Management Software Command Line Interface User’s Guide encrypted web browser management systems until it is loaded into the database. For instructions, refer to “ADD PKI CERTIFICATE” on page 506. Note For a review of the steps to configuring the web server for a selfsigned certificate, refer to “SET HTTP SERVER” on page 491. The CERTIFICATE parameter assigns a file name to the certificate. This is the name under which the certificate will be stored as in the switch’s file system.
Chapter 34: Public Key Infrastructure (PKI) Certificate Commands create pki certificate=sw12 keypair=12 serialnumber=0 format=pem subject="cn=149.11.11.11" The following command creates a self-signed certificate with a filename of “S45 cert”. The key pair used to create it has the ID 5. No format is specified, so the default binary format is used. The distinguished name is the IP address of another master switch: create pki certificate="S45 cert" keypair=5 serialnumber=0 subject="cn=149.22.22.
AT-S63 Management Software Command Line Interface User’s Guide CREATE PKI ENROLLMENTREQUEST Syntax create pki enrollmentrequest="name" keypair=key-id [format=der|pem] [type=pkcs10] Parameters enrollmentrequest Specifies a filename for the enrollment request. The filename can be from 1 to 8 alphanumeric characters. If the name contains spaces, it must be enclosed in double quotes. The management software automatically adds the “.csr” extension.
Chapter 34: Public Key Infrastructure (PKI) Certificate Commands Note For a review of the steps to configuring the web server for a CA certificate, refer to “SET HTTP SERVER” on page 491. The ENROLLMENTREQUEST parameter specifies a filename for the request. The filename can contain from 1 to 8 alphanumeric characters. If spaces are used, the name must be enclosed in quotes. The management software automatically adds the “.csr” extension.
AT-S63 Management Software Command Line Interface User’s Guide DELETE PKI CERTIFICATE Syntax delete pki certificate="name" Parameter certificate Specifies the name of the certificate you want to delete from the certificate database. The name is case sensitive. If the name contains spaces, it must be enclosed in double quotes. Wildcards are not allowed. Description This command deletes a certificate from the switch’s certificate database.
Chapter 34: Public Key Infrastructure (PKI) Certificate Commands PURGE PKI Syntax purge pki Parameters None. Description This command deletes all certificates from the certificate database and resets the certificate database storage limit to the default. This command does not delete the certificates from the file system. To delete files from the file system, refer to “DELETE FILE” on page 164.
AT-S63 Management Software Command Line Interface User’s Guide SET PKI CERTIFICATE Syntax set pki certificate="name" [trusted=yes|no|on|off|true|false] [type=ca|ee|self] Parameters certificate Specifies the certificate name whose trust or type you want to change. The name is case sensitive. If the name contains spaces, it must be enclosed in quotes. trusted Specifies whether or not the certificate is from a trusted CA.
Chapter 34: Public Key Infrastructure (PKI) Certificate Commands Note The TRUSTED and TYPE parameters have no affect on the operation of a certificate. You can select any permitted value for either parameter. The parameters are included only as placeholders for information in the certificate database. Example The following command sets the certificate named “Switch 12 certificate” to be trusted.
AT-S63 Management Software Command Line Interface User’s Guide SET PKI CERTSTORELIMIT Syntax set pki certstorelimit=value Parameter certstorelimit Specifies the maximum number of certificates that can be stored in the certificate database. The range is 12 and 256; the default is 256. Description This command sets the maximum number of certificates that can be stored in the switch’s certificate database.
Chapter 34: Public Key Infrastructure (PKI) Certificate Commands SET SYSTEM DISTINGUISHEDNAME Syntax set system distinguishedname="name" Parameter distinguishedname Specifies the distinguished name for the switch. The name must be enclosed in quotes. Description This command sets the distinguished name for the switch. The distinguished name is used to create a self signed certificate or enrollment request.
AT-S63 Management Software Command Line Interface User’s Guide SHOW PKI Syntax show pki Parameters None. Description This command displays the current setting for the maximum number of certificates the switch will allow you to store in the certificate database. To change this value, refer to “SET PKI CERTSTORELIMIT” on page 517.
Chapter 34: Public Key Infrastructure (PKI) Certificate Commands SHOW PKI CERTIFICATE Syntax show pki certificate[="name"] Parameter certificate Specifies the name of the certificate whose information you want to view. If the name contains spaces, it must be enclosed in double quotes. This parameter is case sensitive. Wildcards are not allowed. Description This command lists all of the certificates in the certificates database.
Chapter 35 Secure Sockets Layer (SSL) Commands This chapter contains the following command: “SET SSL” on page 522 “SHOW SSL” on page 523 Note Remember to save your changes with the SAVE CONFIGURATION command. Note The feature is not available in all versions of the AT-S63 management software. Contact your Allied Telesyn sales representative to determine if this feature is available in your locale.
Chapter 35: Secure Sockets Layer (SSL) Commands SET SSL Syntax set ssl [cachetimeout=value] [maxsessions=value] Parameters cachetimeout Specifies the maximum time in seconds that a session will be retained in the cache The range is 1 to 600 seconds. The default is 300 seconds. maxsessions Specifies the maximum number of sessions that will be allowed in the session resumption cache. The range is 0 to 100 sessions. The default is 50 sessions. Description This command configures the SSL parameters.
AT-S63 Management Software Command Line Interface User’s Guide SHOW SSL Syntax show ssl Parameters None.
Chapter 35: Secure Sockets Layer (SSL) Commands 524
Chapter 36 Secure Shell (SSH) Commands This chapter contains the following commands: “DISABLE SSH SERVER” on page 526 “ENABLE SSH SERVER” on page 527 “SET SSH SERVER” on page 530 “SHOW SSH” on page 532 Note Remember to save your changes with the SAVE CONFIGURATION command. Note The feature is not available in all versions of the AT-S63 management software. Contact your Allied Telesyn sales representative to determine if this feature is available in your locale.
Chapter 36: Secure Shell (SSH) Commands DISABLE SSH SERVER Syntax disable ssh server Parameters None. Description This command disables the Secure Shell server. When the Secure Shell server is disabled, connections from Secure Shell clients are not accepted. By default, the Secure Shell server is disabled.
AT-S63 Management Software Command Line Interface User’s Guide ENABLE SSH SERVER Syntax enable ssh server hostkey=key-id serverkey=key-id [expirytime=hours] [logintimeout=seconds] Parameters hostkey Specifies the ID number of the encryption key pair to function as the host key. serverkey Specifies the ID number of the encryption key pair to function as the server key. expirytime Specifies the length of time, in hours, after which the server key pair is regenerated. The range is 0 to 5 hours.
Chapter 36: Secure Shell (SSH) Commands Note Before you enable SSH, disable the Telnet management session. Otherwise, the security provided by SSH is not active. See “DISABLE TELNET” on page 35. Example The following command activates the Secure Shell server and specifies encryption key pair 0 as the host key and key pair 1 as the server key: enable ssh server hostkey=0 serverkey=1 General Configuration Steps for SSH Operation Configuring the SSH server involves several commands.
AT-S63 Management Software Command Line Interface User’s Guide Example The following is an example of the command sequence to configuring the SSH software on the server: 1. The first step is to create the two encryption key pairs. Each key must be created separately and the key lengths must be at least one increment (256 bits) apart.
Chapter 36: Secure Shell (SSH) Commands SET SSH SERVER Syntax set ssh server hostkey=key-id serverkey=key-id [expirytime=hours] [logintimeout=seconds] Parameters hostkey Specifies the ID number of the encryption key pair to function as the host key. serverkey Specifies the ID number of the encryption key pair to function as the server key. expirytime Specifies the length of time, in hours, after which the server key pair is regenerated. The range is 0 to 5 hours. Entering 0 never regenerates the key.
AT-S63 Management Software Command Line Interface User’s Guide Example The following command sets the Secure Shell server key expiry time to 1 hour: set ssh server expirytime=1 531
Chapter 36: Secure Shell (SSH) Commands SHOW SSH Syntax show ssh Parameters None.
Chapter 37 TACACS+ and RADIUS Commands This chapter contains the following commands: “ADD RADIUSSERVER” on page 534 “ADD TACACSSERVER” on page 536 “DELETE RADIUSSERVER” on page 537 “DELETE TACACSSERVER” on page 538 “DISABLE AUTHENTICATION” on page 539 “ENABLE AUTHENTICATION” on page 540 “PURGE AUTHENTICATION” on page 541 “SET AUTHENTICATION” on page 542 “SHOW AUTHENTICATION” on page 544 Note Remember to save your changes with the SAVE CONFIGURATION command.
Chapter 37: TACACS+ and RADIUS Commands ADD RADIUSSERVER Syntax add radiusserver server|ipaddress=ipaddress order=value [secret=string] [port=value] [accport=value] Parameters server ipaddress Specifies an IP address of a RADIUS server. The parameters are equivalent. order Specifies the order that the RADIUS servers are queried by the switch. This value can be from 1 to 3. The servers are queried starting with 1. secret Specifies the encryption key used for this server.
AT-S63 Management Software Command Line Interface User’s Guide add radiusserver ipaddress=149.245.22.
Chapter 37: TACACS+ and RADIUS Commands ADD TACACSSERVER Syntax add tacacsserver server|ipaddress=ipaddress order=value [secret=string] Parameters server ipaddress Specifies an IP address of a TACACS+ server. The parameters are equivalent. order Specifies the order that your TACACS+ servers are queried by the switch. You can assign order to up to 3 servers with 1 being the first server queried. secret Specifies the optional encryption key used on this server.
AT-S63 Management Software Command Line Interface User’s Guide DELETE RADIUSSERVER Syntax delete radiusserver server|ipaddress=ipaddress Parameter server ipaddress Specifies the IP address of a RADIUS server to be deleted from the management software. The parameters are equivalent. Description This command deletes the IP address of a RADIUS from your switch. Example The following command deletes the RADIUS server with the IP address 149.245.22.22: delete radiusserver ipaddress=149.245.22.
Chapter 37: TACACS+ and RADIUS Commands DELETE TACACSSERVER Syntax delete tacacsserver server|ipaddress=ipaddress Parameter server ipaddress Specifies the IP address of a TACACS+ server to be deleted from the management software. The parameters are equivalent. Description This command deletes the IP address of a TACACS+ server from your switch. Example The following command deletes the TACACS+ server with the IP address 149.245.22.20: delete tacacsserver ipaddress=149.245.22.
AT-S63 Management Software Command Line Interface User’s Guide DISABLE AUTHENTICATION Syntax disable authentication Parameters None. Description This command disables TACACS+ and RADIUS manager account authentication on your switch. When you disable authentication you retain your current authentication parameter settings. Note This command applies only to TACACS+ and RADIUS manager accounts.
Chapter 37: TACACS+ and RADIUS Commands ENABLE AUTHENTICATION Syntax enable authentication Parameters None. Description This command enables TACACS+ or RADIUS manager account authentication on your switch. To select an authenticator protocol, refer to “SET AUTHENTICATION” on page 542. Note If you are using the RADIUS authentication protocol for 802.1x Portbased Network Access Control but not for manager account authentication, you do not need to use this command.
AT-S63 Management Software Command Line Interface User’s Guide PURGE AUTHENTICATION Syntax purge authentication Parameters None. Description This command disables authentication, returns the authentication method to TACACS+, deletes any global secret, and returns the timeout value to its default setting of 10 seconds. This command does not delete the IP address or secret of any RADIUS or TACACS+ authentication servers you may have specified.
Chapter 37: TACACS+ and RADIUS Commands SET AUTHENTICATION Syntax set authentication method=tacacs|radius [secret=string] [timeout=value] Parameters method Specifies which authenticator protocol, TACACS+ or RADIUS, is to be the active protocol on the switch. secret Specifies the global encryption key that is used by the TACACS+ or RADIUS servers.
AT-S63 Management Software Command Line Interface User’s Guide with a global encryption key of leopard09 and a timeout of 15 seconds: set authentication method=radius secret=leopard09 timeout=15 543
Chapter 37: TACACS+ and RADIUS Commands SHOW AUTHENTICATION Syntax show authentication [=tacacs|radius] Parameters None. Description This command displays the following information about the authenticated protocols on the switch: Status - The status of your authenticated protocol: enabled or disabled. Authentication Method - The authentication protocol activated on your switch. Either TACACS+ or RADIUS protocol may be active. The TACACS+ protocol is the default.
Chapter 38 Management ACL Commands This chapter contains the following commands: “ADD MGMTACL” on page 546 “DELETE MGMTACL” on page 549 “DISABLE MGMTACL” on page 550 “ENABLE MGMTACL” on page 551 “SET MGMTACL STATE” on page 552 “SHOW MGMTACL” on page 554 Note Remember to save your changes with the SAVE CONFIGURATION command.
Chapter 38: Management ACL Commands ADD MGMTACL Syntax add mgmtacl ipddress=ipaddress mask=string protocol=tcp|udp|all interface=telnet|web|all Parameters ipaddress Specifies the IP address of a specific management station or of a subnet. mask Specifies the mask used by the switch to filter the IP address. A binary “1” indicates the switch should filter on the corresponding bit of the address, while a “0” indicates that it should not.
AT-S63 Management Software Command Line Interface User’s Guide There can be up to 256 ACEs in a Management ACL. An ACE is an implicit “permit” statement. A workstation that meets the criteria of the ACE will be allowed to remotely manage the switch. The IPADDRESS parameter specifies the IP address of a specific management station or a subnet. The MASK parameter indicates the parts of the IP address the switch should filter on.
Chapter 38: Management ACL Commands add mgmtacl ipaddress=169.24.144.128 mask=255.255.255.
AT-S63 Management Software Command Line Interface User’s Guide DELETE MGMTACL Syntax delete mgmtacl ipaddress=ipaddress mask=string protocol=tcp|udp|all interface=telnet|web|all Parameters ipaddress Specifies the IP address to be deleted. mask Specifies the mask of the IP address. protocol Specifies the protocol of the management packets. The options are: interface tcp Transmission control protocol. udp User datagram protocol. all Both TCP and UDP packets.
Chapter 38: Management ACL Commands DISABLE MGMTACL Syntax disable mgmtacl Parameters None Description This command disables the management ACL and performs the same function as the SETMGMTALL STATE=DISABLE command.
AT-S63 Management Software Command Line Interface User’s Guide ENABLE MGMTACL Syntax enable mgmtacl Parameters None Description This command enables the management ACL and performs the same function as the SETMGMTALL STATE=DISABLE command. Note Activating the Management ACL without entering any access control entries (ACEs) prohibits you from remotely managing the switch from a Telnet or web browser management session.
Chapter 38: Management ACL Commands SET MGMTACL STATE Syntax set mgmtacl [state=disable|enable] [ipaddress=ipaddress] [mask=mask] [protocol=tcp] [interface=telnet|web|all] Parameters state Sets the state of the Management ACL. The options are: enable Enables the Management ACL. disable Disables the Management ACL. This is the default setting. ipaddress The IP address of a specific management station or a subnet.
AT-S63 Management Software Command Line Interface User’s Guide Example The following command enables the Management ACL on a specific management station, sets the interface to TCP and allows both Telnet and web browser management sessions: set mgmtacl state=enable ipaddress=149.32.2.
Chapter 38: Management ACL Commands SHOW MGMTACL Syntax show mgmtacl state|entries Parameters state Displays the status of the Management ACL as either enabled or disabled. entries Lists the entries in the Management ACL. Description This command shows the state of and/or entries in the Management ACL.
Index Numerics 802.1Q multiple VLAN mode 424 802.1x Port-based Network Access Control 472 authenticator port configuring 466 displaying 474 disabling 462 displaying 474, 475 enabling 464 supplicant port configuring 470 displaying 474 A access control authenticator port, displaying 474 supplicant port, displaying 474 access control list (ACL) creating 220 deleting 222, 223 displaying 226 modifying 224 access control lists. See also Management ACL ACCESS SWITCH command 96 ACL.
Index CLEAR SNMPV3 NOTIFY command 306 CLEAR SNMPV3 TARGET ADDR command 307 CLEAR SNMPV3 VIEW command 308 command line prompt 28 commands, formatting 20 compact flash card 163 configuration file on 173 copying files 162 deleting files from 164 directory, selecting 172 displaying files 177 downloading files from 166 files on 175 renaming files 171 space available 175 uploading files to 179 configuration file creating 163 downloading 166 name 176 setting 173 uploading 179 console mode, setting 29 console time
AT-S63 Management Software Web Browser Interface User’s Guide DISABLE SNMP command 72 DISABLE SNMP COMMUNITY command 74 DISABLE SNTP command 86 DISABLE SSH SERVER command 526 DISABLE STP command 365 DISABLE SWITCH PORT command 104 DISABLE SWITCH PORT FLOW command 105 DISABLE TELNET command 35 distinguished name displaying 63 setting 518 DoS displaying 239 IP Option defense 229 LAND defense 228, 231 Ping of Death defense 232 SMURF defense 228, 234 SYN ACK Flood defense 235 Teardrop defense 237 downloading f
Index setting default 50 GID state machines 441 GIP-connected ring 440 modifying 199 LOGOFF command 25 LOGOUT command 25 H M head of line blocking 112 hello time 368, 380, 398 help, context-sensitive 19 HOL blocking 111 HTTP server configuring 491 disabling 488 displaying 496 enabling 489 resetting to defaults 490 MAC address aging timer 482 MAC address table addresses adding 478 deleting 480, 481 displaying 484 aging time 482 multicast groups 290 MAC addresses adding 478 deleting 480, 481 Management
AT-S63 Management Software Web Browser Interface User’s Guide uploading 179 PKI certificates adding 506 creating 508 deleting 513 displaying 520 downloading 166 number of certificates 519 uploading 179 PKI module information 519 PKI, resetting to defaults 514 point-to-point port 383, 405 policy adding traffic classes to 243 creating 247 port autonegotiation, setting 102 back pressure disabling 111 enabling 111 back pressure, limit 112 broadcast filter 111, 112 configuring 111 cost 371, 383 description, set
Index configuring 472 disabling 463 displaying 476 enabling 465 RADIUS server adding 534 deleting 537 rate limiting 117 RENAME command 171 RESET IP ARP command 156, 157 RESET SWITCH command 42 RESET SWITCH FDB command 481 RESET SWITCH PORT command 110 RESET SWITCH PORT COUNTER command 124 RESET SYSTEM command 43 RESTART REBOOT command 44 RESTART SWITCH command 45 round robin QoS scheduling 284 RRP snooping disabling 296 displaying 298 enabling 297 RSTP activating 376 disabling 377 displaying 386 enabling 3
AT-S63 Management Software Web Browser Interface User’s Guide SET VLAN command 426, 450 SHOW ACL command 226 SHOW ASYN command 58 SHOW AUTHENTICATION command 544 SHOW CLASSIFIER command 218 SHOW CONFIG command 176 SHOW DHCPBOOTP command 59 SHOW DOS command 239 SHOW ENCO command 504 SHOW FILE command 177 SHOW GARP command 436 SHOW GARP COUNTER command 437 SHOW GARP DATABASE command 439 SHOW GARP GIP command 440 SHOW GARP MACHINE command 441 SHOW HTTP SERVER command 496 SHOW IGMPSNOOPING command 292 SHOW INT
Index deleting 332 displaying 361 SNTP disabling 86 enabling 87 information, displaying 92 IP address deleting 85 specifying 84 resetting to defaults 88 SSH configuration, displaying 532 SSH server configuring 530 disabling 526 enabling 527 SSL configuring 522 displaying 523 static multicast address 478 static unicast address 478 STP activating 364 disabling 365 displaying 373 enabling 366 port, setting 371 resetting to defaults 367 setting 368 strict QoS scheduling 284 subnet mask displaying 60 resetting
