Part No. 212160-B November 2001 4401 Great America Parkway Santa Clara, CA 95054 Reference for the Business Policy Switch 2000 Command Line Interface Release 2.
Copyright © 2001 Nortel Networks All rights reserved. November 2001. The information in this document is subject to change without notice. The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty. Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks NA Inc.
USA requirements only Federal Communications Commission (FCC) Compliance Notice: Radio Frequency Notice Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy.
Japan/Nippon requirements only Voluntary Control Council for Interference (VCCI) statement Taiwan requirements Bureau of Standards, Metrology and Inspection (BSMI) Statement Canada requirements only Canadian Department of Communications Radio Interference Regulations This digital apparatus (Business Policy Switch 2000) does not exceed the Class A limits for radio-noise emissions from digital apparatus as set out in the Radio Interference Regulations of the Canadian Department of Communications.
rights other than those granted to you under this License Agreement. You are responsible for the selection of the Software and for the installation of, use of, and results obtained from the Software. 1. Licensed Use of Software. Nortel Networks grants Customer a nonexclusive license to use a copy of the Software on only one machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable.
e) The terms and conditions of this License Agreement form the complete and exclusive agreement between Customer and Nortel Networks. f) This License Agreement is governed by the laws of the country in which Customer acquires the Software. If the Software is acquired in the United States, then this License Agreement is governed by the laws of the state of New York.
Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Before you begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Text conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents enable command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 configure command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 interface command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 disable command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 end command . . . . . . . . . .
Contents 9 no ip default-gateway command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 show ip command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Assigning and clearing IP addresses for specific units . . . . . . . . . . . . . . . . . . . . . . . . 68 ip address unit command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 no ip address unit command . . . . . . . . . . . . . .
Contents snmp trap link-status command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 no snmp trap link-status command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 default snmp trap link-status command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Setting the system event log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 show logging . . . . . . . . . . . . . . . . . . . .
Contents 11 no rate-limit command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 default rate-limit command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 Chapter 3 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Using the IP manager list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents spanning-tree stp create command by STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 spanning-tree stp delete command by STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 spanning-tree stp enable command by STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 spanning-tree stp disable command by STG . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 spanning-tree command by STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents 13 vlan members command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 show vlan mac-address command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 vlan mac-address command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 no vlan mac-address command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168 Displaying multicast membership . . . . . . . . . . . . . . . . . .
Contents qos ip-filter command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 qos ip-filter-set command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 qos l2-filter command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 qos l2-filter-set command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 Configuring QoS actions . . . . . . . .
Figures Figure 1 CLI command mode hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Figure 2 BPS 2000 banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Figure 3 Main Menu for BPS 2000 console interface . . . . . . . . . . . . . . . . . . . . . . . 37 Figure 4 help command output in privExec mode . . . . . . . . . . . . . . . . . . . . . . . . . 42 Figure 5 show sys-info command output . . . . . . . . . . . . . . . . . .
Figures Figure 30 show mlt command output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Figure 31 show port-mirroring command output . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Figure 32 show vlan interface info output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Figure 33 show vlan interface vids output . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 Figure 34 show vlan mac-address command output . . . . . . . .
Tables Table 1 Command mode prompts and entrance/exit commands . . . . . . . . . . . . . 31 Table 2 cli password command parameters and variables . . . . . . . . . . . . . . . . . . 39 Table 3 Keystroke navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Table 4 configure command parameters and variables . . . . . . . . . . . . . . . . . . . . . 44 Table 5 interface command parameters and variables . . . . . . . . . . . . . . . . . . . . .
Tables Table 30 LED Indications during the software download process . . . . . . . . . . . . . 84 Table 31 show interfaces command parameters and variables . . . . . . . . . . . . . . . 88 Table 32 snmp-server command parameters and variables . . . . . . . . . . . . . . . . . . 91 Table 33 no snmp-server command parameters and variables . . . . . . . . . . . . . . . 92 Table 34 snmp trap link-status command parameters and variables . . . . . . . . . . .
Tables 19 Table 64 mac-security security-list command parameters and values . . . . . . . . . 125 Table 65 no mac-security mac-address-table command parameters and values . 126 Table 66 no mac-security security-list command parameters and values . . . . . . . 126 Table 67 mac-security command for a single port parameters and variables . . . . 127 Table 68 mac-security mac-da-filter command parameters and values . . . . . . . . 128 Table 69 eapol command parameters and variables . . . . . . . .
Tables Table 99 no vlan mac-address command parameters and variables . . . . . . . . . . 168 Table 100 show vlan multicast membership command parameters and variables . 169 Table 101 show igmp command parameters and variables . . . . . . . . . . . . . . . . . . 171 Table 102 vlan igmp command parameters and variables . . . . . . . . . . . . . . . . . . . 172 Table 103 default vlan igmp command parameters and variables . . . . . . . . . . . . .
Preface The Nortel Networks* Business Policy Switch 2000* command line interface (CLI) is one tool used to configure and manage a Business Policy Switch 2000. The CLI allows you to set up, configure, and manage your BPS 2000. You can also use the Java* Device Manager graphical user interface (GUI), the Web-based management system GUI, and the console interface (CI) menus to configure and manage the switch.
Preface Before using this guide, you must complete the procedures discussed in the Business Policy Switch 2000 Installation Instructions. Text conventions angle brackets (< >) Indicate that you choose the text to enter based on the description inside the brackets. Do not type the brackets when entering the command. Example: If the command syntax is ip default-gateway , you enter ip default-gateway 192.32.10.
Preface 23 Related publications For more information about managing or using Business Policy Switch 2000, refer to the following publications: • • • • • • • • • • • • • • • • • Release Notes for the Business Policy Switch 2000 Software Version 2.0 (part number 210676-F) Installing the Business Policy Switch 2000 (part number 209319-A) Using the Business Policy Switch 2000 Software Version 2.
Preface You can print selected technical manuals and release notes free, directly from the Internet. Go to the www.nortelnetworks.com/documentation URL. (The product family for the BPS 2000 is Data and Internet.) Find the product for which you need documentation. Then locate the specific category and model or version for your hardware or software product. Use Adobe* Acrobat Reader* to open the manuals and release notes, search for the sections you need, and print them on most standard printers.
Preface 25 Reference for the Business Policy Switch 2000 Command Line Interface
Preface 212160-B
25 Chapter 1 CLI Basics You can manage the BPS 2000 with a number of tools. You can use either graphical user interface (GUI), the Java Device Manager (DM) or the Web-based management system. You can use the console interface (CI menus), or you can use the command line interface (CLI). (For more information on using the DM, refer to Reference for the Business Policy Switch 2000 Management Software Version 2.0.
26 Chapter 1 CLI Basics • • • • • • • “Accessing the CLI” on page 35 “Setting the CLI password” on page 38 “Getting help” on page 39 “Basic navigation” on page 39 “Managing basic system information” on page 46 “Managing MAC address forwarding database table” on page 50 “Displaying and setting stack operational mode” on page 53 Stacking compatibility You can stack the BPS 2000 up to 8 units high. There are two types of stacks: • • Pure BPS 2000—This stack has only BPS 2000 switches.
Chapter 1 CLI Basics 27 • • Pure BayStack 450 stack—All units must be running the same software version. Hybrid stack: — All BPS 2000 units must be running the same software version. — All BayStack 410 units must be running the same software version. — All BayStack 450 units must be running the same software version. — All software versions must have the identical ISVN. Refer to Appendix B of Using the Business Policy Switch 2000 Software Version 2.
28 Chapter 1 CLI Basics You can use 256 port-, protocol-, and MAC SA-based VLANs for the stack with a Pure BPS 2000 stack running software version 1.2. (The maximum number of MAC SA-based VLANs available is 48). If you are working with a mixed, or hybrid, stack, you can use 64 VLANs for the entire stack. When you change from a Pure BPS 2000 Stack mode to a Hybrid Stack mode: • • If you have up to 64 VLANs on the Pure BPS 2000 Stack, they will be retained when you change to a Hybrid Stack.
Chapter 1 CLI Basics 29 — Configurable VID for tagged BPDU with multiple spanning tree groups (refer to Chapter 4) — Specifying multiple VLANs for QoS in a single layer 2 filter (refer to Chapter 6) CLI command modes Most CLI commands are available only under a certain command mode. The BPS 2000 has the following four command modes: • • • • User EXEC Privileged EXEC Global Configuration Interface Configuration The User EXEC mode is the default mode; it is also referred to as exec.
30 Chapter 1 CLI Basics The Interface Configuration commands allow you to configure parameters for each port, such as speed, duplex mode, and rate-limiting. The Interface Configuration mode is also referred to as config-if mode. Figure 1 provides an illustration of the hierarchy of BPS 2000 CLI command modes.
Chapter 1 CLI Basics 31 Table 1 Command mode prompts and entrance/exit commands Command mode Prompt Enter/exit command User EXEC (exec) BPS2000> • • Privileged EXEC (privExec) BPS2000# • Default mode, automatically enter logout or exit to quit CLI enable to enter from User EXEC mode Global Configuration (config) BPS2000(config)# • logout or exit to quit CLI • configure to enter from Privileged EXEC mode logout to quit CLI; end or exit to exit to Privileged EXEC mode • Interface Configurati
32 Chapter 1 CLI Basics • If you logged into the CI menus with read-write access, you enter the CLI in privExec mode and use the commands to move to the other command modes. Port numbering The BPS 2000 operates either in standalone mode or in stack mode. The BPS 2000 has 24 10/100 Mb/s ports on the front, as well as an uplink slot that allows you to attach a media dependent adapter (MDA). The MDAs available for the uplink can have up to 4 ports. Thus, you have a maximum of 28 ports on one BPS 2000.
Chapter 1 CLI Basics 33 • • • • • A single port number—an integer between 1 through 28 — Example: 7 means port 7 A range of port numbers—a pair of port numbers between 1 and 28 separated by a dash — Example: 1-3 means ports 1, 2, and 3 — Example: 5-27 means all ports from port 5 through port 27 A list of port numbers and/or port ranges, separated by commas — Example: 1,3,7 means ports 1, 3, and 7 — Example: 1-3,9-11 means ports 1, 2, 3, 9, 10, and 11 — Example: 1,3-5,9-11,15 means ports 1, 3, 4, 5, 9, 1
34 Chapter 1 CLI Basics • • • • • A unit with no ports specified—an integer for the unit, followed by /, and the word none (not case-sensitive) — 3/none means unit 3 with no ports A unit with all ports specified—an integer for the unit, followed by /, and the word all (not case-sensitive) — 3/all means unit 3 with all ports A list of port numbers, port ranges, and/or units with all ports or no ports— using the unit/port format—separated by commas — Example: 1/1,2/3,3/7 means unit 1 port 1; unit 2, port
Chapter 1 CLI Basics 35 Or, when you are specifying both an IP address and a netmask, you may alternatively enter XXX.XXX.XXX.XXX/0-32, where XXX.XXX.XXX.XXX is the IP address in dotted-decimal notation and the value 0-32 specifies the number of bits starting from the left in the mask (for example, a value of 8 is 255.0.0.0). Accessing the CLI You access the CI menus using Telnet or a a direct connection to the switch from a terminal or personal computer (PC).
36 Chapter 1 CLI Basics Figure 2 BPS 2000 banner ******************************************************** * Nortel Networks * Copyright (c) 1996,2000,2001 * All Rights Reserved * Business Policy Switch 2000 * Ver: HW:AB3 FW:1.1.0.1 SW:v2.0.0.00 ISVN:2 *************************************************************** Enter Ctrl-Y to begin. 2 212160-B Press [Ctrl]+Y, and the Main Menu appears on the console screen (Figure 3) with the top line highlighted.
Chapter 1 CLI Basics 37 Figure 3 Main Menu for BPS 2000 console interface Business Policy Switch 2000 Main Menu IP Configuration/Setup... SNMP Configuration... System Characteristics... Switch Configuration... Display Hardware Units... Spanning Tree Configuration... Applications Remote Access Setup... TELNET Configuration... Software Download... Configuration File...
38 Chapter 1 CLI Basics Setting the CLI password You can set passwords using the cli password command for selected types of access using the CLI, Telnet, or RADIUS security. For more information on Telnet access, refer to Chapter 3. For more information on using RADIUS security with the CLI, refer to Chapter 3.
Chapter 1 CLI Basics 39 Table 2 cli password command parameters and variables Parameters and variables switch|stack Description Specifies you are modifying the settings on the switch or on the stack. Note: If you omit this parameter, the system modifies the information for the current mode. ro|rw Specifies you are modifying the read-only (ro) password or the read-write (rw) password. Enter your username for the first variable, and your password for the second variable.
40 Chapter 1 CLI Basics • • • • • • • • • • • • “General navigation commands,” next “Keystroke navigation” on page 41 “help command” on page 42 “no command” on page 42 “default command” on page 43 “logout command” on page 43 “enable command” on page 43 “configure command” on page 44 “interface command” on page 44 “disable command” on page 45 “end command” on page 45 “exit command” on page 45 General navigation commands When you enter ? at any point in the CLI session, the system retrieves help informatio
Chapter 1 CLI Basics 41 Keystroke navigation You change the location of the cursor using the key combinations shown in Table 3.
42 Chapter 1 CLI Basics help command The help command is in all command modes and displays a brief message about using the CLI help system. The syntax for the help command is: help The help command has no parameters or variables. Figure 4 shows the output from the help command. Figure 4 help command output in privExec mode BPS2000#help Help may be requested at any point in a command by entering a question mark ’?’.
Chapter 1 CLI Basics 43 default command The default command is always used as a prefix to a configuration command, and it restores the configuration parameters to default values. The default values are specified by each command. Refer to Appendix A for an alphabetical listing of all default commands. Note: Not all commands support the default prefix command. logout command The logout command logs you out of the CLI session and returns you to the Main Menu of the console interface (CI) menus (Figure 3).
44 Chapter 1 CLI Basics Note: You must have read-write access to the BPS 2000 switch to be able to use the enable command. configure command The configure command moves you to the Global Configuration (config) command mode and identifies the source for the configuration commands. The syntax for the configure command is: configure {terminal|network|memory} The configure command is in the privExec command mode. Table 4 describes the parameters and variables for the configure command.
Chapter 1 CLI Basics 45 Table 5 describes the parameters and variables for the interface command. Table 5 interface command parameters and variables Parameters and variables Description Specifies the portlist you want to be affected by all the commands issued in the config-if command mode. disable command The disable command returns you to the User EXEC (exec) command mode. The syntax for the disable command is: disable The disable command is in the privExec command mode.
46 Chapter 1 CLI Basics • • In Global Configuration (config) mode, exit moves you back to the privExec command mode. In Interface Configuration (config-if) command mode, exit moves you back to the config mode. The syntax for the exit command is: exit The exit command has no parameters or variables. Managing basic system information This section shows you how to view basic system information, such as the current software version and the stack mode; you can renumber the units within a stack.
Chapter 1 CLI Basics 47 Figure 5 displays sample output from the show sys-info command. Figure 5 show sys-info command output BPS2000#show sys-info Operation Mode: Switch MAC Address: 01-6C-0F-8C-01-2E Reset Count: 16 Last Reset Type: Power Cycle Power Status: Primary Power Local MDA Type: None sysDescr: Business Policy Switch 2000 HW:AB3 FW:1.1.0.1 SW:v2.0.0.01 ISVN:2 sysObjectID: 1.3.6.1.4.1.45.3.40.
48 Chapter 1 CLI Basics Figure 6 show cpu-utilization command output BPS2000#show cpu-utilization From System Boot-Up: 36 % Last 10 Seconds: 38 % Last 1 Minute: 37 % Last 10 Minutes: 36 % Last 60 Minutes: 36 % Last 24 Hours: show memory-utilization command The show memory-utilization command displays the percentage of available memory, as well as the lowest memory available at any time since the last boot-up.
Chapter 1 CLI Basics 49 Figure 7 show memory-utilization command output BPS2000#show memory-utilization Available: 71 % Low Mark: 68 % show stack-info command The show stack-info command displays the current stack information, which includes unit numbers, MDA and cascade attachments, and software version for all units. The syntax for the show stack-info command is: show stack-info The show stack-info command is in the privExec command mode. The show stack-info command has no parameters or variables.
50 Chapter 1 CLI Basics The renumber unit command has no parameters or variables. Note: This command does not take effect until you reset the stack. Managing MAC address forwarding database table This section shows you how to view the contents of the MAC address forwarding database table, as well as setting the age-out time for the addresses.
Chapter 1 CLI Basics 51 Table 6 show mac-address-table command parameters and variables Parameters and variables Description vid <1-4094> Enter the number of the VLAN you want to display the forwarding database of. Default is to display the management VLAN’s database. aging-time Displays the time in seconds after which an unused entry is removed from the forwarding database. address Displays a specific MAC address if it exists in the database. Enter the MAC address you want displayed.
52 Chapter 1 CLI Basics Figure 9 show mac-address-table command output BPS2000#show mac-address-table MAC Address Port MAC Address ----------------- ----- ----------------00-60-fd-f8-68-48 2/2 00-80-2d-8c-2e-3f 00-80-2d-8f-66-de 2/2 00-80-2d-ca-93-57 00-90-27-3a-b4-be 2/2 00-90-27-9c-6e-78 2/2 00-a0-c9-04-ed-52 00-a0-cc-39-bf-39 2/2 00-a0-cc-5a-eb-17 2/2 00-a0-cc-5b-b2-9c 00-a0-cc-65-57-a8 2/2 00-a0-cc-d0-bd-f0 00-a0-cc-d1-4c-f8 2/2 00-a0-cc-d1-75-48 00-a0-cc-d1-7a-24 2/2 00-b0-d0-3d-ea-7a 2/2 00-b0-d0-b7-8
Chapter 1 CLI Basics 53 Table 7 mac-address-table aging-time command parameters and variables Parameters and variables time Description Enter the aging time in seconds that you want for MAC addresses before they are flushed. default mac-address-table aging-time command The default mac-address-table aging-time command sets the time that the switch retains unseen MAC addresses to 300 seconds.
54 Chapter 1 CLI Basics show stack-oper-mode command The show stack-oper-mode command displays the current operational mode of the stack and the mode set for the next switch reboot. The display shows either: • Pure BPS 2000 Stack or • Hybrid Stack The syntax for the show stack-oper-mode command is: show stack-oper-mode The show stack-oper-mode command is in the privExec command mode. The show stack-oper-mode command has no parameters or variables.
Chapter 1 CLI Basics 55 Table 8 stack oper-mode command parameters and variables Parameters and variables bps2000|hybrid Description Sets the stack operational mode for the next boot: • bps2000—Pure BPS 2000 Stack mode. This means only BPS 2000 switches either standalone or in a stack. • hybrid—Hybrid Stack mode. This means a mixture of BPS 2000 and BayStack 450 or 410 switches in a stack. Note: You must reboot the system for the stack operation mode you entered in the CLI to take effect.
56 Chapter 1 CLI Basics 212160-B
57 Chapter 2 General CLI commands In the BPS 2000, the Command Line Interface (CLI) commands allows you to display and modify the switch configuration while the switch is operating. This chapter includes information about general switch maintenance, such as setting up access parameters, upgrading the software, and setting the speed.
58 Chapter 2 General CLI commands Setting the terminal You can view the terminal settings, set them to default settings, or customize the terminal settings.This sections covers: • • • “show terminal command,” next “default terminal command” on page 58 “terminal command” on page 59 show terminal command The show terminal command displays the current serial port information, which includes connection speed, as well as the terminal width and length in number of characters.
Chapter 2 General CLI commands 59 default terminal {speed|width|length} The default terminal command is in the exec mode. Table 9 describes the parameters and variables for the default terminal command.
60 Chapter 2 General CLI commands Table 10 terminal command parameters and variables Parameters and variables Description speed Sets the transmit and receive baud rates for the terminal. You can {2400|4800|9600| set the speed at one of the five options shown; default is 9600. 19200|38400} length Sets the length of the terminal display in characters; default is 24. width Sets the width of the terminal displaying characters; default 79.
Chapter 2 General CLI commands 61 Table 11 ping command parameters and variables Parameters and variables XXX.XXX.XXX.XXX Description Specify the IP address of the target device in dotted-decimal notation. If the device receives the packet, it sends a ping reply. When the switch receives the reply, it displays a message indicating that the specified IP address is alive. If no reply is received, a message indicates that the address is not responding. Figure 12 displays sample ping responses.
62 Chapter 2 General CLI commands configure network [load-on-boot {disable|use-bootp|use-config}] [filename ] [address ] The configure network command is in the exec mode. Note: When you enter configure network with no parameters, the system prompts you for the script file name and TFTP server address and then downloads the script. Table 12 describes the parameters and variables for the configure network command.
Chapter 2 General CLI commands 63 Note: When you specify the file name or address, these parameters will be changed at the next reboot, even if you do not specify load-on-boot. show config-network command The show config-network command displays information regarding the automatic loading of the configuration file, including the current status of this feature, the file name, the TFTP server address, and the status of the previous automatic configuration command.
64 Chapter 2 General CLI commands • • “no ip default-gateway command” on page 66 “show ip command” on page 67 ip address command The ip address command sets the IP address and subnet mask for the switch or a stack. The syntax for the ip address command is: ip address [stack|switch] [netmask ] The ip address command is in the config command mode.
Chapter 2 General CLI commands 65 no ip address command The no ip address command clears the IP address and subnet mask. This command sets the IP address and subnet mask for a switch or a stack to all zeros (0). The syntax for the no ip address command is: no ip address {stack|switch} The no ip address command is in the config command mode. Table 14 describes the parameters and variables for the no ip address command.
66 Chapter 2 General CLI commands Table 15 describes the parameters and variables for the ip default-gateway command. Table 15 ip default-gateway command parameters and variables Parameters and variables Description XXX.XXX.XXX.XXX Enter the dotted-decimal IP address of the default IP gateway. Note: When you change the IP gateway, you may lose connection to Telnet and the Web. no ip default-gateway command The no ip default-gateway command sets the IP default gateway address to zeros (0).
Chapter 2 General CLI commands 67 show ip command The show ip command displays the IP configurations, specifically BootP mode, stack address, switch address, subnet mask, and gateway address.This command displays the these parameters for what is configured, what is in use, and the last BootP. The syntax for the show ip command is: show ip [bootp] [default-gateway] [address [stack|switch]] The show ip command is in the exec command mode.
68 Chapter 2 General CLI commands Figure 14 show ip command output BPS2000>show ip BootP Mode: BootP Disabled Configured --------------Stack IP Address: 10.10.40.29 Switch IP Address: 0.0.0.0 Subnet Mask: 255.255.255.0 Default Gateway: 10.10.40.1 BPS2000> In Use Last BootP --------------- --------------10.10.40.29 0.0.0.0 0.0.0.0 255.255.255.0 0.0.0.0 10.10.40.1 0.0.0.0 Assigning and clearing IP addresses for specific units Beginning with software version 2.
Chapter 2 General CLI commands 69 Table 17 ip address unit command parameters and variables Parameters and variables Description unit <1-8> Sets the unit you are assigning an IP address. A.B.C.D Enter IP address in dotted decimal notation. Note: When you change the IP address or subnet mask, you may lose connection to Telnet and the Web. no ip address unit command The no ip address unit command sets the IP address for the specified unit in a stack to all zeros (0).
70 Chapter 2 General CLI commands Note: When you change the IP address or subnet mask, you may lose connection to Telnet and the Web.You also disable any new Telnet connection, and you must connect to the serial console port to configure a new IP address. default ip address unit command The default ip address unit command sets the IP address for the specified unit in a stack to all zeros (0).
Chapter 2 General CLI commands 71 Setting Telnet access You can also access the CLI through a Telnet session. To access the CLI remotely, the management port must have an assigned IP address and remote access must be enabled. You can log on to the switch using Telnet from a terminal that has access to the BPS 2000. To open a Telnet session from Device Manager, click on the Telnet icon on the toolbar (Figure 15) or click Action > Telnet on the Device Manager toolbar.
72 Chapter 2 General CLI commands The show telnet-access command is in the privExec command mode. The show telnet-access command has no parameters or variables. Figure 16 displays sample output from the show telnet-access command.
Chapter 2 General CLI commands 73 Table 20 describes the parameters and variables for the telnet-access command. Table 20 telnet-access command parameters and variables Parameters and variables Description enable|disable Enables or disables Telnet connections. login-timeout <1-10> Specifies the time in minutes you want to wait between initial Telnet connection and accepted password before closing the Telnet connection; enter an integer between 1 and 10.
74 Chapter 2 General CLI commands Table 21 no telnet-access command parameters and variables Parameters and variables source-ip [<1-10>] Description Disables the Telnet access. When you do not use the optional parameter, the source-ip list is cleared, meaning the 1st index is set to 0.0.0.0./0.0.0.0. and the 2nd to 10th indexes are set to 255.255.255.255/255.255.255.255. When you do specify a source-ip value, the specified pair is set to 255.255.255.255/255.255.255.255.
Chapter 2 General CLI commands 75 web-server The web-server command enables or disables the Web server that you use for Web-based management. The syntax for the web-server command is: web-server {enable|disable} The web-server command is in the config mode Table 22 describes the parameters and variables for the web-server command. Table 22 web-server command parameters and variables Parameters and variables Description enable|disable Enables or disables the Web server.
76 Chapter 2 General CLI commands • • • “stack bootp-mac-addr-type command” on page 77 “no ip bootp server command” on page 78 “default ip bootp server command” on page 78 boot command The boot command performs a soft-boot of the switch or stack. The syntax for the boot command is: boot [default] [unit ] The boot command is in the privExec command mode. Table 23 describes the parameters and variables for the boot command.
Chapter 2 General CLI commands 77 ip bootp server command The ip bootp server command configures BootP on the current instance of the switch or server. The syntax for the ip bootp server command is: ip bootp server {last|needed|disable|always} The ip bootp server command is in the config command mode. Table 24 describes the parameters and variables for the ip bootp server command.
78 Chapter 2 General CLI commands Table 25 stack boot-mac-addr-type command parameters and variables Parameters and variables base-unit|stack Description Specifies location of BootP MAC address: • base-unit—use the base unit MAC address for BootP • stack—use the stack MAC address for BootP no ip bootp server command The no ip bootp server command disables the BootP server. The syntax for the no ip bootp server command is: no ip bootp server The no ip bootp server command is in the config command mode.
Chapter 2 General CLI commands 79 Setting TFTP parameters You can display the IP address of the TFTP server, assign an IP address you want to use for a TFTP server, copy a configuration file to the TFTP server, or copy a configuration file from the TFTP server to the switch to use to configure the switch.
80 Chapter 2 General CLI commands tftp-server command The tftp-server command assigns the address for the stack or switch to use for TFTP services. The syntax of the tftp-server command is: tftp-server The tftp-server command is in the config command mode. Table 26 describes the parameters and variables for the tftp-server command. Table 26 tftp-server command parameters and variables Parameters and variables XXX.XXX.XXX.
Chapter 2 General CLI commands 81 Table 27 describes the parameters and variables for the copy config tftp command. Table 27 copy config tftp command parameters and variables Parameters and variables Description address Specifies the TFTP server IP address; enter in dotted-decimal notation. filename Specifies that you want to copy the configuration file onto the TFTP server. Enter the name you want the configuration file to have on the TFTP server.
82 Chapter 2 General CLI commands Upgrading software You can download the BPS 2000 software image that is located in non-volatile flash memory. To download the BPS 2000 software image, a properly configured Trivial File Transfer Protocol (TFTP) server must be present in your network, and the policy switch must have an IP address. To learn how to configure the switch or stack IP address, refer to “Assigning and clearing IP addresses” on page 63.
Chapter 2 General CLI commands 83 Note: Beginning with software version 2.0, you can use the download command without parameters. The system displays the most recently used TFTP serve IP address and file name; if you still want to use these, press [Enter] You can also change these. Table 29 describes the parameters and variables for the download command. Table 29 download command parameters and variables Parameters and variables Description address Specifies the TFTP server you want to use.
84 Chapter 2 General CLI commands Figure 18 download message Download Image [/] Saving Image [-] Finishing Upgrading Image During the download process, the Business Policy Switch is not operational. You can monitor the progress of the download process by observing the LED indications. Observing LED indications Table 30 describes the LED indications during the software download process.
Chapter 2 General CLI commands 85 Table 30 LED Indications during the software download process (continued) Phase Description LED Indications 3 The switch programs the new software image into the flash memory. 100 Mb/s port status LEDs (ports 1 to 8 only): The LEDs begin to turn on in succession beginning with port 1, which indicates that the new software image is being programmed into the switch’s flash memory.
86 Chapter 2 General CLI commands The system resets and opens to the BPS2000 banner. Refer to “Accessing the CLI” on page 35 to return to the CLI. 2 Enter download [address ] diag bps2000diags.bin. The system resets and opens to the BPS2000 banner. Refer to “Accessing the CLI” on page 35 to return to the CLI. However, if you are currently using software version 1.0, 1.0.1, or 1.1, you must upgrade to software version 1.1.1 before upgrading to version 2.0.
Chapter 2 General CLI commands 87 Upgrading software when ISVN is 2 To upgrade a Hybrid stack to BPS 2000 software version 2.0 when the ISVN numbers of the units are 2: 1 Enter download [address ] image bps2000.img. The system resets and opens to the BPS2000 banner. Refer to “Accessing the CLI” on page 35 to return to the CLI. 2 Enter download [address ] diag bps2000diags.bin. The system resets and opens to the BPS2000 banner. Refer to “Accessing the CLI” on page 35 to return to the CLI.
88 Chapter 2 General CLI commands The system resets and opens to the BPS2000 banner. Refer to “Accessing the CLI” on page 35 to return to the CLI. 4 Validate that the ISVN on both the BPS 2000 and the BayStack are 2. Displaying interfaces You can view the status of all interfaces on the switch or stack, including MultiLink Trunk membership, link status, autonegotiation, and speed. show interfaces command The show interfaces command displays the current configuration and status of all interfaces.
Chapter 2 General CLI commands 89 Figure 19 show interfaces names command output BPS2000 SW 2.0 in SC2-02 LAB>show interfaces names 1-3 Port Name ---- ---------------------------------------------------------------1 LabBldg4 2 Testing 3 Floor1Bldg2 Figure 20 displays a sample output of the show interfaces command without the names variable.
90 Chapter 2 General CLI commands Figure 20 show interfaces command output BPS2000#show interfaces Port Trunk Status Link LinkTrap ---- ----- ------ ---- -------1 enable Down On 2 enable Up On 3 enable Down On 4 enable Down On 5 enable Down On 6 enable Down On 7 enable Down On 8 enable Down On 9 enable Down On 10 enable Down On 11 enable Down On 12 enable Down On 13 enable Down On 14 enable Down On 15 enable Down On 16 disableDown On 17 enable Down On 18 enable Down On 19 enable Down On 20 enable Down On 21
Chapter 2 General CLI commands 91 snmp-server command The snmp-server command configures various SNMP parameters. The syntax for the snmp-server command is: snmp-server {{enable|disable}|authentication-trap|community [ro|rw] contact |host |location |name } The snmp-server command is in the config command mode. Table 32 describes the parameters and variables for the snmp-server command.
92 Chapter 2 General CLI commands no snmp-server command The no snmp-server command disables SNMP or clears the configuration. If you omit the parameters, this command disables SNMP access. The syntax for the no snmp-server command is: no snmp-server [authentication-trap|community [ro|rw] contact|host [ ]|location |name] The no snmp-server command is in the config command mode. Table 33 describes the parameters and variables for the snmp-server command.
Chapter 2 General CLI commands 93 snmp trap link-status command The snmp trap link-status command enables the linkUp/linkDown traps for the port. The syntax of the command is: snmp trap link-status [port ] The snmp trap link-status command is in the config-if command mode. Table 34 describes the parameters and variables for the snmp trap link-status command.
94 Chapter 2 General CLI commands Table 35 no snmp trap link-status command parameters and variables Parameters and variables port Description Specifies the port numbers to disable the linkUp/linkDown traps on. Enter the port numbers or all. Note: If you omit this parameter, the system uses the port number you specified in the interface command. default snmp trap link-status command The default snmp trap link-status command disables the linkUp/ linkDown traps for the port.
Chapter 2 General CLI commands 95 Setting the system event log You can set the system event log to log different levels of events. This section covers: • • • • • “show logging,” next “set logging” on page 96 “no set logging” on page 97 “default set logging” on page 97 “clear logging command” on page 97 show logging The show logging command displays the current contents of the system event log.
96 Chapter 2 General CLI commands Figure 21 show logging command output BPS2000#show logging informational Type Unit Time Index Src ---- ---- ----------- --------- --I 1 00:00:01:52 1 I 1 00:00:01:52 2 I 1 00:00:01:57 3 I 1 00:00:01:57 4 I 1 00:00:01:57 5 I 1 00:00:01:57 6 Message ------Warm Start Trap Enterprise Specific Trap Link Up Trap Link Up Trap Link Up Trap Link Up Trap set logging The set logging command configures the system settings for the system event log.
Chapter 2 General CLI commands 97 no set logging The no set logging command disables the system event log. The syntax for the no set logging command is: no set logging The no set logging command is in the config command mode. The no set logging command has no parameters or values. default set logging The default set logging command configures the system settings as the factory default settings for the system event log.
98 Chapter 2 General CLI commands Table 39 clear logging command parameters and values Parameters and values Description nv Clears all log messages in both DRAM and NVRAM. Displaying port statistics You can display the statistics for a port for both received and transmitted traffic.
Chapter 2 General CLI commands 99 Figure 22 displays sample output from the show port-statistics command.
100 Chapter 2 General CLI commands clear-stats command The clear-stats command clears all statistical information for the specified port. All counters are set to zero (0). The syntax for the clear-stats command is: clear-stats [port ] The clear-stats command is in the config-if command mode. Table 41 describes the parameters and variables for the clear-stats command.
Chapter 2 General CLI commands 101 The shutdown command is in the config-if command mode. Table 42 describes the parameters and variables for the shutdown command. Table 42 shutdown command parameters and variables Parameters and variables port Description Specifies the port numbers to shut down or disable. Enter the port numbers you want to disable. Note: If you omit this parameter, the system uses the port number you specified in the interface command.
102 Chapter 2 General CLI commands Naming ports You can name a port using the CLI. This section covers the following commands: • • • “name command,” next “no name command” on page 102 “default name command” on page 103 name command The name command allows you to name ports or to change the name. The syntax for the name command is: name [port ] The name command is in the config-if command mode. Table 44 describes the parameters and variables for the name command.
Chapter 2 General CLI commands 103 Table 45 describes the parameters and variables for the no name command. Table 45 no name command parameters and variables Parameters and variables Description port Specifies the port numbers to clear of names. Note: If you omit this parameter, the system uses the port number you specified in the interface command. default name command The default name command clears the port names; it resets the field to an empty string.
104 Chapter 2 General CLI commands • • • • “speed command,” next “default speed command” on page 105 “duplex command” on page 105 “default duplex command” on page 106 speed command The speed command sets the speed of the port. The syntax for the speed command is: speed [port ] {10|100|1000|auto} The speed command is in the config-if command mode. Note: You cannot enable autonegotiation on fiber optic ports. You cannot disable autonegotiation on the BPS2000 1-GT and BPS2000 2-GT MDA ports.
Chapter 2 General CLI commands 105 Note: When you set the port speed for autonegotiation, ensure that the other side of the link is also set for autonegotiation. default speed command The default speed command sets the speed of the port to the factory default speed. The syntax for the default speed command is: default speed [port ] The default speed command is in the config-if command mode. Table 47 describes the parameters and variables for the default speed command.
106 Chapter 2 General CLI commands Note: You cannot enable autonegotiation on fiber optic ports. You cannot disable autonegotiation on the BPS2000 1-GT and BPS2000 2-GT MDA ports. Table 49 describes the parameters and variables for the duplex command. Table 49 duplex command parameters and variables Parameters and variables port Description Specifies the port number to configure the duplex mode. Enter the port number you want to configure, or all to configure all ports simultaneously.
Chapter 2 General CLI commands 107 Table 49 describes the parameters and variables for the default duplex command. Table 50 default duplex command parameters and variables Parameters and variables port Description Specifies the port numbers to reset the duplex mode to factory default values. Enter the port numbers you want to configure, or all to configure all ports simultaneously. The default value is autonegotiation.
108 Chapter 2 General CLI commands autotopology command The autotopology command enables the Autotopology protocol. The syntax for the autotopology command is: autotopology The autotopology command is in the config command mode. The autotopology command has no parameters or values. no autotopology command The no autotopology command disables the Autotopology protocol. The syntax for the no autotopology command is: no autotopology The no autotopology command is in the config command mode.
Chapter 2 General CLI commands 109 Enabling flow control If you use a Gigabit Ethernet MDA with the BPS 2000, you control traffic on this port using the flowcontrol command. This section covers the following commands: • • • “flowcontrol command,” next “no flowcontrol command” on page 110 “default flowcontrol command” on page 110 flowcontrol command The flowcontrol command is used only on Gigabit Ethernet ports and controls the traffic rates during congestion.
110 Chapter 2 General CLI commands no flowcontrol command The no flowcontrol command is used only on Gigabit Ethernet ports and disables flow control. The syntax for the no flowcontrol command is: no flowcontrol [port ] The no flowcontrol command is in the config-if mode. Table 52 describes the parameters and variables for the no flowcontrol command.
Chapter 2 General CLI commands 111 Table 53 default flowcontrol command parameters and variables Parameters and variables Description port Specifies the port numbers to default to auto flow control. Note: If you omit this parameter, the system uses the port number you specified in the interface command. Enabling rate-limiting You can limit the percentage of multicast traffic, or broadcast traffic, or both using the CLI.
112 Chapter 2 General CLI commands Figure 23 show rate-limit command output BPS2000#show rate-limit Unit/Port Packet Type --------- ----------1/1 None 1/2 None 1/3 None 1/4 None 1/5 None 1/6 None 1/7 None 1/8 None 1/9 None 1/10 None 1/11 None 1/12 None 1/13 None 1/14 None 1/15 None 1/16 None Limit ----0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% Last 5 Minutes -------------0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% Last Hour --------0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.
Chapter 2 General CLI commands 113 Table 54 rate-limit command parameters and variables Parameters and values Description port Specifies the port numbers to configure for rate-limiting. Enter the port numbers you want to configure. Note: If you omit this parameter, the system uses the port number you specified in the interface command. multicast |broadcast |both Applies rate-limiting to the type of traffic.
114 Chapter 2 General CLI commands default rate-limit command The default rate-limit command restores the rate-limiting value for the specified port to the default setting. The syntax for the default rate-limit command is: default rate-limit [port ] The default rate-limit command is in the config-if command mode. Table 56 describes the parameters and variables for the default rate-limit command.
115 Chapter 3 Security This chapter describes the security commands available with the CLI. There are four types of security available on the BPS 2000: • • • • “Using the IP manager list,” next “Using MAC address security” on page 120 “Using EAPOL-based security” on page 128 “Using RADIUS authentication” on page 131 Refer to Using the Business Policy Switch 2000 Software Version 2.0 for more information on these security features, as well as using the console interface (CI) menus.
116 Chapter 3 Security show ipmgr command The show ipmgr command displays whether Telnet, SNMP, and Web access are enabled; whether the IP manager list is being used to control access to Telnet, SNMP, and the Web-based management system; and the current IP manager list configuration. The syntax for the show ipmgr command is: show ipmgr The show ipmgr command is in the privExec command mode. The show ipmgr command has no parameters or variables. Figure 24 displays sample output from the show ipmgr command.
Chapter 3 Security 117 Figure 24 show ipmgr command output BPS2000#show ipmgr TELNET Access: Enabled SNMP Access: Enabled WEB Access: Enabled TELNET IP List Access Control: Enabled SNMP IP List Access Control: Enabled WEB IP List Access Control: Enabled Allowed Source IP Address Allowed Source Mask ------------------------- ------------------0.0.0.0 0.0.0.0 255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.255 255.255.255.255 255.255.
118 Chapter 3 Security Table 57 ipmgr command for system management parameters and variables Parameters and variables telnet|snmp|web Description Enables IP manager list checking for access to various management systems: • telnet—provides list access using Telnet access • snmp—provides list access using SNMP, including the DM • web—provides list access using the Web-based management system no ipmgr command for management system The no ipmgr command disables the IP manager list for Telnet, SNMP, or HTTP a
Chapter 3 Security 119 ipmgr command for source IP address The ipmgr command for source IP addresses allows you to enter the source IP addresses or address ranges that you allow to access the switch or the stack. The syntax for the ipmgr command for source IP addresses is: ipmgr {source-ip <1-10> [mask
120 Chapter 3 Security Table 60 no ipmgr command for source IP addresses parameters and variables Parameters and variables Description source-ip [<1-10>] When you specify an option, it sets the IP address and mask for the specified entry to 255.255.255.255 and 255.255.255.255. When you omit the optional parameter, it resets the list to factory defaults.
Chapter 3 Security 121 Table 61 describes the parameters and variables for the show mac-security command. Table 61 show mac-security command parameters and variables Parameters and variables Description config Displays general BaySecure configuration. mac-address-table [address ] Displays contents of BaySecure table of allowed MAC addresses: • address—specifies a single MAC address to display; enter the MAC address port Displays the BaySecure status of all ports.
122 Chapter 3 Security The show mac-security mac-da-filter command is in the privExec command mode. The show mac-security mac-da-filter command has no parameters or variables. Figure 25 displays sample output from the show mac-security mac-da-filter command. Figure 26 show mac-security mac-da-filter command output BPS2000#show mac-security mac-da-filter Index Mac Address _____ _________________ 1 00-60-AF-00-12-30 mac-security command The mac-security command modifies the BaySecure configuration.
Chapter 3 Security 123 Table 62 mac-security command parameters and values Parameters and variables Description disable|enable Disables or enables MAC address-based security. filtering {enable|disable} Enables or disables destination address (DA) filtering on intrusion detected.
124 Chapter 3 Security Note: In this command, portlist must specify only a single port The mac-security mac-address-table address command is in the config command mode. Table 63 describes the parameters and variables for the mac-security mac-address-table address command. Table 63 mac-security mac-address-table address command parameters and values Parameters and variables Description Enter the MAC address in the form of H.H.H.
Chapter 3 Security 125 Table 64 mac-security security-list command parameters and values Parameters and variables Description <1-32> Enter the number of the security list you want to use. Enter a list or range of port numbers. no mac-security command The no mac-security command disables MAC source address-based security. The syntax for the no mac-security command is: no mac-security The no mac-security command is in the config command mode.
126 Chapter 3 Security Table 65 no mac-security mac-address-table command parameters and values Parameters and variables Description address Enter the MAC address in the form of H.H.H. port Enter a list or range of port numbers. security-list <1-32> Enter the security list number. no mac-security security-list command The no mac-security security-list command clears the port membership of a security list.
Chapter 3 Security 127 The mac-security command for specific ports is in the config-if command mode Table 67 describes the parameters and variables for the mac-security command for specific ports. Table 67 mac-security command for a single port parameters and variables Parameters and variables Description port Enter the port numbers.
128 Chapter 3 Security Table 68 mac-security mac-da-filter command parameters and values Parameters and variables Description {add|delete} Add or delete the specified MAC address; enter the MAC address in the form of H.H.H. Note: Ensure that you do not enter the MAC address of the management unit.
Chapter 3 Security 129 eapol command The eapol command enables or disables EAPOL-based security. The syntax of the eapol command is: eapol {disable|enable} The eapol command is in the config command mode. Table 69 describes the parameters and variables for the eapol command. Table 69 eapol command parameters and variables Parameters and variables Description disable|enable Disables or enables EAPOL-based security.
130 Chapter 3 Security Table 70 describes the parameters and variables for the eapol command for modifying parameters Table 70 eapol command for modifying parameters and variables Parameters and variables Description port Specifies the ports to configure for EAPOL; enter the port numbers you want. Note: If you omit this parameter, the system uses the port number specified when you issued the interface command. init Re-initiates EAP authentication.
Chapter 3 Security 131 Table 70 eapol command for modifying parameters and variables Parameters and variables Description server-timeout Specifies a waiting period for response from the server. Enter the number of seconds you want to wait; range is 1-65535 max-request Enter the number of times to retry sending packets to supplicant. Using RADIUS authentication Using a the RADIUS protocol and a server, you can configure the BPS 2000 for authentication.
132 Chapter 3 Security Figure 27 show radius-server command output BPS2000#show radius-server host: 0.0.0.0 Secondary-host: 0.0.0.0 port: 1645 key: BPS2000# radius-server command The radius-server command changes the RADIUS server settings. The syntax for the radius-server command is: radius-server host
[secondary-host ] port key The radius-server command is in the config command mode. Table 71 describes the parameters and variables for the radius-server command.Chapter 3 Security 133 no radius-server command The no radius-server command clears the RADIUS server settings. The syntax for the no radius-server command is: no radius-server The no radius-server command is in the config command mode. The no radius-server command has no parameters or values.
134 Chapter 3 Security 212160-B
135 Chapter 4 Spanning Tree, MLT, and Port-Mirroring This chapter describes how to configure the Spanning Tree Protocol, spanning tree groups, Multi-Link Trunking (MLT), and port-mirroring. This chapter covers the following topics: • • • “Using spanning tree,” next “Using MLT” on page 148 “Using port-mirroring” on page 151 Refer to the Using the Business Policy Switch 2000 Software Version 2.
136 Chapter 4 Spanning Tree, MLT, and Port-Mirroring With the BPS 2000 with software version 1.2, you can configure multiple spanning tree groups (STGs). (Multiple spanning tree groups are available only when the Stack Operational Mode is set to Pure BPS 2000 Stack.) The CLI allows you to configure spanning tree groups, to add or remove VLANs to the spanning tree groups, and to configure the usual spanning tree parameters and FastLearn.
Chapter 4 Spanning Tree, MLT, and Port-Mirroring 137 Table 72 describes the parameters and variables for the show spanning-tree command. Table 72 show spanning-tree command parameters and variables Parameters and variables Description stp <1-8> Displays specified spanning tree group configuration; enter the number of the group you want displayed.
138 Chapter 4 Spanning Tree, MLT, and Port-Mirroring Figure 28 show spanning-tree command output by port BPS2000#show spanning-tree stp 1 port Unit ---1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 212160-B Port Trunk ---- ----1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 Participation --------------Normal Learning Normal Learning Normal Learning Normal Learning Normal Learning Normal Learning Normal Learning Normal Learning Normal Learning Normal Learning Normal Learning Normal Learni
Chapter 4 Spanning Tree, MLT, and Port-Mirroring 139 Figure 29 show spanning-tree command output for spanning tree group BPS2000#show spanning-tree config Bridge Priority: 8000 Designated Root: 8000000342f6de21 Root Port: 2 Root Path Cost: 30 Hello Time: 2 seconds Maximum Age Time: 20 seconds Forward Delay: 15 seconds Bridge Hello Time: 2 seconds Bridge Maximum Age Time: 20 seconds Bridge Forward Delay: 15 seconds spanning-tree stp create command by STG Note: For guidelines for configuring STGs, VLANs, an
140 Chapter 4 Spanning Tree, MLT, and Port-Mirroring Table 73 spanning-tree stp create command parameters and variables Parameters and variables <1-8> Description Enter the number of the spanning tree group you are creating (STG ID). You cannot create the default spanning tree group, which is number 1. spanning-tree stp delete command by STG The spanning-tree stp delete command allows you to delete a spanning tree group.
Chapter 4 Spanning Tree, MLT, and Port-Mirroring 141 Table 75 describes the parameters and variables for the spanning-tree stp enable command. Table 75 spanning-tree stp enable command parameters and variables Parameters and variables <1-8> Description Enter the number of the spanning tree group you want to enable (STG ID). You cannot enable the default spanning tree group, which is number 1; it is always enabled.
142 Chapter 4 Spanning Tree, MLT, and Port-Mirroring spanning-tree command by STG The spanning-tree command by STG sets STP values by STG. The syntax for the spanning-tree command by STG is: spanning-tree [stp <1-8>] [forward-time <4-30>] [hello-time <1-10>] [max-age <6-40>] [priority <0-65535>] [tagged-bpdu {enable|disable}] [tagged-bpdu-vid <1-4094] The spanning-tree command by STG is in the config command mode. Table 77 describes the parameters and variables for the spanning-tree command by STG.
Chapter 4 Spanning Tree, MLT, and Port-Mirroring 143 default spanning-tree command by STG The default spanning-tree command by STG restores the default spanning tree values for the spanning tree group. The syntax for the default spanning-tree command by STG is: default spanning-tree [stp <1-8>] [forward-time] [hello-time] [max-age] [priority] [tagged-bpdu] The default spanning-tree command by STG is in the config command mode.
144 Chapter 4 Spanning Tree, MLT, and Port-Mirroring The spanning-tree add-vlan command allows you to add a VLAN to a specified spanning tree group. The syntax for the spanning-tree add-vlan command is: spanning-tree [stp <1-8>] add-vlan <1-4094> The spanning-tree add-vlan command by port is in the config command mode. Table 79 describes the parameters and variables for the spanning-tree add-vlan command.
Chapter 4 Spanning Tree, MLT, and Port-Mirroring 145 The spanning-tree remove-vlan command by port is in the config command mode. Table 80 describes the parameters and variables for the spanning-tree remove-vlan command. Table 80 spanning-tree remove-vlan command parameters and variables Parameters and variables stp <1-8> Description Specifies the spanning tree group you want to remove the VLAN from; enter the STG ID. Note: If you omit this parameter, the system uses the default spanning tree group, 1.
146 Chapter 4 Spanning Tree, MLT, and Port-Mirroring The spanning-tree command by port sets Spanning Tree Protocol (STP) and multiple spanning tree group (STG) participation for the ports within the specified spanning tree group. The syntax for the spanning-tree command by port is: spanning-tree [port ] [stp <1-8>] [learning {disable|normal|fast}] [cost <1-65535>] [priority <0-255>] The spanning-tree command by port is in the config-if command mode.
Chapter 4 Spanning Tree, MLT, and Port-Mirroring 147 The default spanning-tree command by port is in the config-if command mode. Table 82 describes the parameters and variables for the default spanning-tree command by port. Table 82 default spanning-tree command by port parameters and variables Parameters and variables port Description Enables spanning tree for the specified port or ports; enter port or ports you want set to factory spanning tree default values.
148 Chapter 4 Spanning Tree, MLT, and Port-Mirroring Table 83 describes the parameters and variables for the no spanning-tree command by port. Table 83 no spanning-tree command by port parameters and variables Parameters and variables port Description Disables spanning tree for the specified port or ports; enter port or ports you want enabled for STP. Note: If you omit this parameter, the system uses the port number you specified when you issued the interface command.
Chapter 4 Spanning Tree, MLT, and Port-Mirroring 149 The show mlt command is in the privExec command mode. Table 84 describes the parameters and variables for the show mlt command. Table 84 show mlt command parameters and variables Parameters and variables utilization <1-6> Description Displays the utilization of the specified enabled MLT(s) in percentages. Figure 30 displays sample output from the show mlt command.
150 Chapter 4 Spanning Tree, MLT, and Port-Mirroring Table 85 mlt command parameters and variables Parameters and variables Description id Enter the trunk ID; range is 1 to 6. name Specifies a text name for the trunk; enter up to 16 alphanumeric characters. enable|disable Enables or disables the trunk. member Enter the ports that you want as members of the trunk. Note: You can modify an MLT when it is enabled or disabled.
Chapter 4 Spanning Tree, MLT, and Port-Mirroring 151 Using port-mirroring You use port-mirroring to monitor traffic. Refer to Using the Business Policy Switch 2000 Software Version 2.0 for configuration guidelines for port-mirroring. This section covers the following commands: • • • “show port-mirroring command,” next “port-mirroring command” on page 151 “no port-mirroring command” on page 153 show port-mirroring command The show port-mirroring command displays the port-mirroring configuration.
152 Chapter 4 Spanning Tree, MLT, and Port-Mirroring port-mirroring mode {disable | Xrx monitor-port mirror-port-X | Xtx monitor-port mirror-port-X | XrxOrXtx monitor-port mirror-port-X mirror-port-Y | XrxOrYtx monitor-port mirror-port-X mirror-port-Y | XrxYtx monitor-port mirror-port-X mirror-port-Y | XrxYtxOrYrxXtx monitor-port mirror-port-X mirror
Chapter 4 Spanning Tree, MLT, and Port-Mirroring 153 Table 87 port-mirroring command parameters and variables (continued) Parameters and variables Description portlist Enter the port numbers. Xrx Mirror packets received on port X. Xtx Mirror packets transmitted on port X. XrxOrXtx Mirror packets received or transmitted on port X. XrxYtx Mirror packets received on port X and transmitted on port Y. Note: Do not use this mode for mirroring broadcast and multicast traffic.
154 Chapter 4 Spanning Tree, MLT, and Port-Mirroring 212160-B
155 Chapter 5 VLANs and IGMP This chapter describes how to configure virtual LANs and IGMP snooping parameters. This chapter covers the following topics: • • • • “Increased VLAN support,” next “Configuring and displaying VLANs” on page 156 “Displaying multicast membership” on page 168 “Using IGMP snooping” on page 170 Refer to the Using the Business Policy Switch 2000 Software Version 2.
156 Chapter 5 VLANs and IGMP • • If you have up to 64 VLANs on the Pure BPS 2000 Stack, they will be retained when you change to a Hybrid Stack. If you have more than 64 VLANs on the Pure BPS 2000 Stack, you will lose them all. The Hybrid Stack will return to the default VLAN configuration. Also, a mixed, or hybrid, stack does not support multiple Spanning Tree Groups (STG). You have a single instance of STG when working with a mixed stack.
Chapter 5 VLANs and IGMP 157 • • “vlan mac-address command” on page 167 “no vlan mac-address command” on page 168 Refer to Appendix A for an alphabetical list of the VLAN commands. Note: For guidelines for configuring VLANs, spanning tree groups, and MLTs, refer to Chapter 1 of the Using the Business Policy Switch 2000 Software Version 2.0.
158 Chapter 5 VLANs and IGMP Figure 32 show vlan interface info output BPS2000(config-if)#show vlan interface info Filter Filter Filter Tagged Untagged Unregistered Unit/Port Frames Frames Frames PVID Priority Tagging Name --------- ------ -------- ------------ ---- -------- -------------------1/1 No No No 1 0 Disabled Unit 1, Port 1 1/2 No No No 2 0 Disabled Unit 1, Port 2 1/3 No No No 1 0 Disabled Unit 1, Port 3 1/4 No No No 1 0 Disabled Unit 1, Port 4 1/5 No No No 1 0 Disabled Unit 1, Port 5 1/6 No No No
Chapter 5 VLANs and IGMP 159 Table 89 show vlan command interface vids parameters and variables Parameters and variables Description Enter the list of ports you want the VLAN information for, or enter all to display all ports. Figure 33 displays sample output from the show vlan interface vids command.
160 Chapter 5 VLANs and IGMP Table 91 describes the parameters and variables for the vlan mgmt command. Table 90 vlan mgmt command parameters and variables Parameters and variables <1-4094> Description Enter the number of the VLAN you want to serve as the management VLAN. default vlan mgmt command The default vlan mgmt command resets the management VLAN to VLAN1. The syntax for the default vlan mgmt command is: default vlan mgmt The default vlan mgmt command is in the config command mode.
Chapter 5 VLANs and IGMP 161 The syntax for the vlan create command is: vlan create <1-4094>] [name ] type {macsa| port| protocol-ipEther2| protocol-ipx802.3| protocol-ipx802.2| protocol-ipxSnap| protocol-ipxEther2| protocol-ApltkEther2Snap| protocol-decEther2| protocol-decOtherEther2| protocol-sna802.
162 Chapter 5 VLANs and IGMP Table 91 vlan create command parameters and variables (continued) Parameters and variables Description protocol-ipxEther2 Specifies an ipxEther2 protocol-based VLAN. protocol-ApltkEther2Snap Specifies an ApltkEther2Sanp protocol-based VLAN. protocol-decEther2 Specifies a decEther2 protocol-based VLAN. protocol-decOtherEther2 Specifies a decOtherEther2 protocol-based VLAN. protocol-sna802.2 Specifies an sna802.2 protocol-based VLAN.
Chapter 5 VLANs and IGMP 163 Table 91 describes the parameters and variables for the vlan delete command. Table 92 vlan delete command parameters and variables Parameters and variables Description <1-4094> Enter the number of the VLAN to delete. no vlan command The no vlan command allows you to delete a VLAN. The syntax for the no vlan command is: no vlan <1-4094> The no vlan command is in the config command mode. Table 91 describes the parameters and variables for the no vlan command.
164 Chapter 5 VLANs and IGMP Table 91 describes the parameters and variables for the vlan name command. Table 94 vlan name command parameters and variables Parameters and variables Description <1-4094> Enter the number of the VLAN you want to change the name of. Enter the new name you want for the VLAN. auto-pvid command The auto-pvid command allows you to enable the automatic PVID feature.
Chapter 5 VLANs and IGMP 165 vlan ports command The vlan ports command configures the VLAN-related settings for a port.The syntax for the vlan ports command is: vlan ports [] [tagging {enable|disable}] [pvid <1-4094>] [filter-tagged-frame {enable|disable}] [filter-untagged-frame {enable|disable}] [filter-unregistered-frames {enable|disable}] [priority <0-7>] [name ] The vlan ports command is in the config command mode.
166 Chapter 5 VLANs and IGMP vlan members command The vlan members command adds a port to or deletes a port from a VLAN. The syntax for the vlan members command is: vlan members [add|remove] <1-4094> The vlan members command is in the config mode. Table 96 describes the parameters and variables for the vlan members command. Table 96 vlan members command parameters and variables Parameters and variables Description add|remove Adds a port to or removes a port from a VLAN.
Chapter 5 VLANs and IGMP 167 Table 97 show vlan mac-address command parameters and variables Parameters and variables Description <1-4094> Enter the number of the VLAN you want to display MAC source addresses for. address H.H.H Specifies a particular MAC address to display; enter the MAC address in the H.H.H. format. Note: If you omit this parameter, the system displays the entire table. Figure 34 displays sample output from the show vlan mac-address command.
168 Chapter 5 VLANs and IGMP Table 98 vlan mac-address command parameters and variables Parameters and variables Description <1-4094> Enter the number of the VLAN you want to add a MAC source address to. address Enter the MAC source address to assign to the VLAN. no vlan mac-address command The no vlan mac-address command removes MAC addresses from MAC source-address-based VLANs. The no vlan mac-address syntax is: no vlan mac-address <1-4094> address
Chapter 5 VLANs and IGMP 169 show vlan multicast membership command The show vlan multicast membership command displays the IP multicast sessions in the network. The syntax for the show vlan multicast membership command is: show vlan multicast membership <1-4094> The show vlan multicast membership command is in the privExec mode. Table 100 describes the parameters and variables for the show vlan multicast membership command.
170 Chapter 5 VLANs and IGMP Figure 35 show vlan multicast membership command output BPS2000#show multicast membership 1 Multicast Group Address Unit Port ----------------------- ---- ---2239.255.118.187 2239.255.118.187 2239.255.118.187 2239.255.29.77 2239.255.29.77 2239.255.118.187 2239.255.118.187 2239.255.29.77 1 2 2 2 2 3 3 3 19 17 19 17 19 17 18 17 Using IGMP snooping You can configure and display IGMP snooping parameters using the CLI.
Chapter 5 VLANs and IGMP 171 Table 101 show igmp command parameters and variables Parameters and variables Description <1-4094> Specifies the VLAN to display IGMP snooping configuration. Figure 36 displays sample output from the show vlan igmp command.
172 Chapter 5 VLANs and IGMP Table 102 vlan igmp command parameters and variables Parameters and variables Description <1-4094> Enter the VLAN to configure for IGMP. snooping {enable|disable} Enables or disables the VLAN for IGMP snooping. proxy {enable|disable} Enables or disables the VLAN for IGMP proxy. robust-value Enter the robust value you want for IGMP. query-interval
173 Chapter 6 Policy-enabled networks and QoS This chapter describes how to configure DiffServ and Quality of Service (QoS) parameters for policy-enabled networks. This chapter covers the following topics: • • • • • • • • • • • • “Displaying QoS parameters,” next “Resetting” on page 185 “Configuring COPS” on page 186 “Configuring QoS interface groups” on page 193 “Configuring DSCP and 802.
174 Chapter 6 Policy-enabled networks and QoS Displaying QoS parameters You can display QoS parameters using the CLI.
Chapter 6 Policy-enabled networks and QoS 175 Table 104 show qos command parameters and variables Parameters and variables Description agent Displays QoS agent configuration parameters. statistics Displays QoS policy statistics. Figure 37 displays sample output from the show qos interface-groups command.
176 Chapter 6 Policy-enabled networks and QoS Figure 38 show qos interface-assignments command output BPS2000#show qos interface-assignments Unit ____ 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Port IfIndex Role Combination ____ _______ _________________ 1 1 allBPSIfcs 2 2 Webbrowsing 3 3 Test1 4 4 allBPSIfcs 5 5 allBPSIfcs 6 6 allBPSIfcs 7 7 Test1 8 8 allBPSIfcs 9 9 allBPSIfcs 10 10 allBPSIfcs 11 11 Webbrowsing 12 12 allBPSIfcs 13 13 allBPSIfcs 14 14 allBPSIfcs 15 15 Test1 16 16 allBPSIfcs 17 17 Web
Chapter 6 Policy-enabled networks and QoS 177 Figure 39 show qos if-assign-lists command output BPS2000#show qos interface-assignments Unit ____ 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 Port IfIndex Role Combination ____ _______ _________________ 1 1 allBPSIfcs 2 2 Webbrowsing 3 3 Test1 4 4 allBPSIfcs 5 5 allBPSIfcs 6 6 allBPSIfcs 7 7 Test1 8 8 allBPSIfcs 9 9 allBPSIfcs 10 10 allBPSIfcs 11 11 Webbrowsing 12 12 allBPSIfcs 13 13 allBPSIfcs 14 14 allBPSIfcs 15 15 Test1 16 16 allBPSIfcs 17 17 Webbrowsi
178 Chapter 6 Policy-enabled networks and QoS Figure 40 show qos egressmap command output DSCP ____ 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 802.
Chapter 6 Policy-enabled networks and QoS 179 Figure 42 show qos ip-filters command output BPS2000#show qos ip-filters Id Destination Source DSCP Protocol Addr / Mask Addr / Mask ___ _______________ _______________ ______ ________ 1 Ignore Ignore Ignore Ignore Ignore Ignore 2 10.10.1.102 Ignore Ignore Ignore 255.255.255.255 Ignore Dest Src L4 Port L4 Port _______ _______ 0 0 0 0 Figure 43 displays sample output from the show qos ip-filter-sets command.
180 Chapter 6 Policy-enabled networks and QoS Figure 44 show qos l2-filters command output BPS2000#show qos l2-filters Id VLAN VLAN Tag Ether 802.
Chapter 6 Policy-enabled networks and QoS 181 Figure 46 show qos actions command output BPS2000#show qos actions Id Name Drop Update Set Drop DSCP Precedence _____ ________________ _____ ______ __________________ 65526 Drop_Traffic True Ignore Ignore 65527 Standard_Service False 0x0 Not Loss Sensitive 65528 Bronze_Service False 0xA Loss Sensitive 65529 Silver_Service False 0x12 Loss Sensitive 65530 Gold_Service False 0x1A Loss Sensitive 65531 Platinum_Service False 0x22 Loss Sensitive 65532 Premium_Service
182 Chapter 6 Policy-enabled networks and QoS Figure 48 show qos shapers command output BPS2000#show qos shapers Id Name Rate Burst Queue Size Size (Kbps) (Bytes) (Packets) ___ ___________________________ ___________ ________________ _________________ 1 shaper1 64000 5555 2 Figure 49 displays sample output from the show qos policies command.
Chapter 6 Policy-enabled networks and QoS 183 Figure 50 show qos queue-sets command output BPS2000#show qos queue-sets Set Queue General Extended Bandwidth Absolute Bandwith Service Size ID ID Discipline Discipline (%) Bandwidth Allocation Order (Bytes) (Kbps) ___ _____ ___________ __________ _________ _________ __________ _______ _______ 1 1 Priority 0.0 100 0 Relative 1 16384 1 2 Weight Round 0.0 50 0 Relative 2 24576 1 3 Weight Round 0.0 30 0 Relative 2 32768 1 4 Weight Round 0.
184 Chapter 6 Policy-enabled networks and QoS Figure 51 show qos queue-set-assignments command output BPS2000#show qos queue-set-assignment Queue Set 1 802.1p Priority _______________ 0 1 2 3 4 5 6 7 Queue Set 2 Queue _____ 4 4 3 3 2 2 1 1 802.1p Priority _______________ 0 1 2 3 4 5 6 7 Queue _____ 2 2 2 2 2 2 1 1 Figure 52 displays sample output from the show qos agent command.
Chapter 6 Policy-enabled networks and QoS 185 Figure 53 displays sample output from the show qos statistics command.
186 Chapter 6 Policy-enabled networks and QoS Configuring COPS You can enable COPS-PR, the dynamic management system, using the CLI.
Chapter 6 Policy-enabled networks and QoS 187 show cops retry command The show cops retry command displays COPS TCP retry settings. The syntax for the show cops retry command is: show cops retry The show cops retry command is in the privExec mode. The show cops retry command has no variables or parameters. Figure 54 displays sample output from the show cops retry command.
188 Chapter 6 Policy-enabled networks and QoS Figure 55 show cops server command output BPS2000#show cops server Addr.Type Address Tcp Port Client Type Auth Type Priority -------------------------------------------------------------IPv4 10.30.31.81 3288 COPS-PR None 0 show cops stats command The show cops stats command displays COPS statistics. The syntax for the show cops stats command is: show cops stats The show cops stats command is in the privExec mode.
Chapter 6 Policy-enabled networks and QoS 189 Figure 56 show cops stats command output (1 of 2) BPS2000#show cops stats --------------------------------------------PDP IPv4 Address: 47.130.100.
190 Chapter 6 Policy-enabled networks and QoS Figure 57 show cops stats command output (2 of 2) Accounting Time: 0 Messages Received: 21 Messages Sent: 3 Messages Syntax Errors: 0 Last Protocol Error: Open Attempts: 0 Open Failures: 0 Unsupported Client Types: 0 Unsupported Versions: 0 Length Mismatches: 0 Unknown Opcodes: 0 Unknown C-NUMs: 0 Bad C-TYPEs: 0 Bad Sends: 0 Wrong Objects: 0 Wrong Opcodes: 0 Client Keep-Alive Timeouts: 0 Authentication Failures: 0 Authentication Missings: 0 Client Type
Chapter 6 Policy-enabled networks and QoS 191 cops retry command The cops retry command sets the COPS TCP retry settings. The syntax for the cops retry command is: cops retry <0-32> <1-600> The cops retry command is in the config command mode. Table 106 describes the parameters and variables for the cops retry command. Table 106 cops retry command parameters and variables Parameters and variables Description retry <0-32> <1-500> Enter the number of retries and the retry interval (in seconds).
192 Chapter 6 Policy-enabled networks and QoS Table 107 cops server command parameters and variables Parameters and variables Description Enter the IP address of the COPS server you want to use. tcp-port <0-65535> Enter the number of the TCP port you want to use. The default port is 3288. priority <0-65535> Enter the priority you want this server to have. The default priority is 0. default cops retry command The default cops retry command restores the default COPS TCP retry settings.
Chapter 6 Policy-enabled networks and QoS 193 Table 108 default cops server command parameters and variables Parameters and variables Description Enter the IP address of the COPS server you want to use. tcp-port Restores the default TCP port. The default TCP port is 3288 priority <0-65535> Restores the default priority. The default priority is 0. no cops server command The no cops server command removes a COPS server configuration.
194 Chapter 6 Policy-enabled networks and QoS • • “qos if-group command” on page 194 “qos if-assign-list command” on page 195 qos if-assign command The qos if-assign command adds or deletes ports to or from a defined interface group. The syntax for the qos if-assign command is: qos if-assign name {add|del} [port ] The qos if-assign command is in the config-if command mode. Table 110 describes the parameters and variables for the qos if-assign command.
Chapter 6 Policy-enabled networks and QoS 195 Table 111 qos if-group command parameters and variables Parameters and variables Description name Enter the name of the interface group you are working with; maximum of 32 alphanumeric characters. create class Defines a new interface group and specifies the class of traffic received on interfaces associated with this interface group: • trusted • untrusted • unrestricted delete Deletes an existing interface group.
196 Chapter 6 Policy-enabled networks and QoS Note: You cannot delete interface groups that are referenced by an installed policy or associated with device interfaces. Configuring DSCP and 802.1p and queue associations You can configure the DSCP, IEEE 802.1p priority, and queue set association using the CLI.
Chapter 6 Policy-enabled networks and QoS 197 Table 113 qos egressmap command parameters and variables Parameters and variables Description ds Enter the DSCP value used as a lookup key for 802.1p priority and drop precedence at egress when appropriate; range is between 0 and 63. 1p Enter the 802.1p priority value associated with the DSCP; range is between 0 and 7.
198 Chapter 6 Policy-enabled networks and QoS qos queue-set-assignment command The qos queue-set-assignment command associates the 802.1p priority values with a specific queue within a specific queue set. This association determines the egress scheduling treatment that traffic with a specific 802.1p priority value receives.
Chapter 6 Policy-enabled networks and QoS 199 qos ip-filter command The qos ip-filter command adds or deletes IP filters. The syntax for the qos ip-filter command is: qos ip-filter {create [src-ip ] [dst-ip ] [ds-field ] [protocol ] [src-port ] [dst-port ]|delete} The qos ip-filter command is in the config command mode. Table 116 describes the parameters and variables for the qos ip-filter command.
200 Chapter 6 Policy-enabled networks and QoS Note: If you omit any parameter, the default value is used. You cannot delete an IP filter that is referenced by an IP filter set. qos ip-filter-set command The qos ip-filter-set command adds or deletes currently defined IP filters into an IP filter set.
Chapter 6 Policy-enabled networks and QoS 201 Note: You must define the filter before adding it to a filter set. You cannot delete an IP filter set that is referenced in an installed policy. You cannot delete the last IP filter in an IP filter set that is referenced in an installed policy. qos l2-filter command The qos l2-filter command adds and deletes layer 2 (L2) filters.
202 Chapter 6 Policy-enabled networks and QoS Table 118 qos l2-filter command parameters and variables (continued) Parameters and variables Description vlan Enter the number of the VLAN IDs, separated by commas. (Format: VLAN x-x, x, x) Default is ignore. vlan-tag Enter the type of VLAN tagging filter you want: • tagged • untagged • ignore Default is ignore. priority Enter the 802.1p priority values; range from 0 to 7.
Chapter 6 Policy-enabled networks and QoS 203 qos l2-filter-set command The qos l2-filter-set command adds and deletes Layer 2 filters into an L2 filter set. The syntax for the qos l2-filter-set command is: qos l2-filter-set {create set [name ] filter filter-prec |delete} The qos l2-filter-set command is in the config command mode. Table 119 describes the parameters and variables for the qos l2-filter-set command.
204 Chapter 6 Policy-enabled networks and QoS Configuring QoS actions You can configure QoS actions, which directs the BPS 2000 to take specific action on each packet, using the CLI. qos action command The qos action command creates or deletes a QoS action.
Chapter 6 Policy-enabled networks and QoS 205 Table 120 qos action command parameters and variables (continued) Parameters and variables Description update-1p Specifies whether 802.1p priority value should be updated or left unchanged; unchanged equals ignore: • ieee1p—enter the value you want; range is 0 to 7 • default—allows the value to be derived based on assignment of other action parameters • use-egress-map—uses the egress map to assign value Default is default.
206 Chapter 6 Policy-enabled networks and QoS The qos meter command is in the config command mode. Table 121 describes the parameters and variables for the qos meter command. Table 121 qos meter command parameters and variables Parameters and variables Description Enter an integer to specify the QoS meter; range is 1 to 65535. name Assigns a name to the QoS meter with the designated meter ID. Enter name for meter; maximum is 16 alphanumeric characters.
Chapter 6 Policy-enabled networks and QoS 207 Using the CLI, you set shapers. If you want to shape traffic at the egress point, configure the committed rate, burst rate, burst duration, and queue depth for each shaper. qos shaper command The qos shaper command creates or deletes a QoS shaper.
208 Chapter 6 Policy-enabled networks and QoS You cannot delete a shaper that is referenced in an installed policy. Gathering QoS statistics You can gather statistics on QoS, such as the number of in-profile octets and out-of-profile octets. These statistics can serve as an important method to evaluate the effectiveness of the installed policies. However, tracking these statistics requires additional system resources, which limits the number of filters for classification.
Chapter 6 Policy-enabled networks and QoS 209 Configuring QoS policies You configure QoS policies using the CLI. qos policy command The qos policy command creates or deletes a QoS policy.
210 Chapter 6 Policy-enabled networks and QoS Table 124 qos policy command parameters and variables (continued) Parameters and variables Description filter-set Enter the filter set ID associated with this policy; range is 1 to 65535. filter-set-name Enter the name of the filter set associated with this policy. in-profile-action Enter the action ID for in-profile traffic; range is 1 to 65535.
Chapter 6 Policy-enabled networks and QoS 211 Reordering packets Support for certain per-hop behaviors (PHBs) requires packets within a flow be reordered upon transmission. Using the CLI, you can assign packets to specified egress queues. qosagent packet-reordering command The qosagent packet-reordering command allows you to reorder packets for transmission.
212 Chapter 6 Policy-enabled networks and QoS 212160-B
213 Appendix A Command List This appendix provides the complete CLI command list in alphabetical order, with approximate page references for the beginning pages of further explanations. Note: This information is presented for reference only and should not be considered to be an exact representation. Table 126 CLI command list Command Page No.
214 Appendix A Command List Table 126 CLI command list (continued) Command Page No. default duplex [port ] page 106 default flowcontrol [port ] page 110 default ip address unit <1-8> page 70 default ip bootp server page 78 default mac-address-table aging-time page 53 default name [port
Appendix A Command List 215 Table 126 CLI command list (continued) Command Page No. ip bootp server {last|needed|disable|always} page 77 ip default-gateway page 65 ipmgr list {telnet|snmp|http} page 118 ipmgr list {source-ip <1-10> [mask
216 Appendix A Command List Table 126 CLI command list (continued) Command Page No.
Appendix A Command List 217 Table 126 CLI command list (continued) Command Page No.
218 Appendix A Command List Table 126 CLI command list (continued) Command Page No.
Appendix A Command List 219 Table 126 CLI command list (continued) Command Page No.
220 Appendix A Command List Table 126 CLI command list (continued) Command Page No.
Appendix A Command List 221 Table 126 CLI command list (continued) Command Page No.
222 Appendix A Command List Table 126 CLI command list (continued) Command Page No.
Appendix A Command List 223 Table 126 CLI command list (continued) Command Page No.
224 Appendix A Command List 212160-B
225 Index A CLI command list, alphabetical 213 access 35, 72, 115, 119, 120, 131 cli password command 38 accessing the CLI 35 CLI syntax 28, 32 actions 204 command modes 29, 44 age-out time 50 community string 90 allowed IP addresses 115 configuration 21, 57 alphabetical list of commands 213 configure command 44 ASCII config file 61 configure network command 61 authentication 131 connectivity 60 automatic configuration 61 console port 35 automatic PVID feature 156 conversation steering
226 Index default ipbootp server command 78 features 28 default mac-address-table aging-time command 53 filter groups 198 default name command 103 flowcontrol command 109 default rate-limit command 114 format 32, 34 default set logging command 97 forwarding table 50 flow control 109 default snmp trap link-status command 94 default spanning-tree command 143, 146 G default speed command 105 gateway 63 default telnet-access command 74 Gigabit Ethernet 109 default terminal command 58 default
Index L N layer 2 filter sets 198 name command 102 layer 2 filters 198 naming ports 102 link status 100 netmask 34, 64, 68 logging 95 network configuration 61 logout command 43 new features 28 227 no auto-pvid command 164 M no autotopology command 108 MAC address 46, 50 no command 40 MAC address forwarding database table 50 no cops server command 193 MAC DA filtering 28, 120 no flowcontrol command 110 MAC security DA filtering 120 MAC DA filtering 28 source-address based 120 no ip ad
228 Index P IP filters 198 layer 2 filter 29 layer 2 filters 198 meters 174, 205, 208 out-of-profile actions 209 packet reordering 211 policies 174, 209 policing statistics 208 queue depth 207 queue sets 174, 196 queues 211 rate shaping 28 reset 185 shapers 174, 207 statistics 174 passwords 38 ping command 60 policies 209 policy server 186 port number and port list 32 port statistics 98 port, enabling or disabling 100 portlist 32 port-mirroring 151 port-mirroring command 151 portnum 32 ports 103, 193 na
Index RADIUS authentication 131 show qos command 174 radius-server command 132 show radius-server command 131 rate-limit command 112 show rate-limit command 111 rate-limiting 111 show spanning-tree command 136 remote access requirements 71 show stack-info command 49 renumber unit command 49 show stack-oper-mode command 54 reordering packets 211 show sys-info command 46 requirements 35 accessing the CLI 35 remote access 71 terminal 35 show telnet-access command 71 S show vlan interface info
230 Index spanning-tree stp disable command 141 Gigabit Ethernet 109 rate-limiting 111 spanning-tree stp enable command 140 speed 88, 103 traffic policing 208 speed command 104 traps 90, 93 stack 88 troubleshooting 34, 53, 55, 124, 152 access 43, 65, 69, 71, 115, 120, 131 autonegotiation 104, 106, 107 mixed stack 27 ping 60 port numbers 32 port-mirroring 151 ports 44 QoS 206, 207, 208, 211 spanning tree 135, 136 spanning tree groups 136 stack 49 stacks 26 STG 136 VLANs 155, 156, 157, 162 stack boo
Index 231 VLANs 156 creating 160 learning 160 MAC SA-based 166 management VLAN 156 number of 155 ports 156 protocol-based 160 spanning tree groups 136 STGs 27 type 160 W Web-based management system 21, 117 web-server command 75 Reference for the Business Policy Switch 2000 Command Line Interface
