Administrator Guide
Table Of Contents
- Dell EMC Networking Command-Line Reference Guide for the C9010 Series Version 9.14.2.6
- About this Guide
- CLI Basics
- Control and Monitoring
- asf-mode
- banner exec
- banner login
- banner motd
- cam-acl
- cam-audit linecard
- clear alarms
- clear average-power
- clear line
- configure
- debug cpu-traffic-stats
- debug ftpserver
- disable
- do
- enable
- enable cpu-clock-monitor
- enable optic-info-update interval
- end
- exec-timeout
- exit
- ftp-server enable
- ftp-server topdir
- ftp-server username
- hostname
- ip ftp password
- ip ftp source-interface
- ip ftp username
- ip http source-interface
- ip telnet server enable
- ip telnet source-interface
- ip tftp source-interface
- line
- logging coredump server
- login concurrent-session
- login statistics
- ping
- power on
- reload
- send
- service timestamps
- show alarms
- show asf
- show chassis
- show command-history
- show console lp
- show cpu-traffic-stats
- show cpu-interface-stats
- show debugging
- show environment
- show inventory
- show linecard
- show login statistics
- show memory
- show processes cpu
- show processes ipc
- show processes ipc flow-control
- show processes memory
- show reset-reason
- show rpm
- show software ifm
- show system linecard
- show tech-support
- show util-threshold cpu
- show util-threshold memory
- show version
- telnet
- terminal length
- traceroute
- undebug all
- upload trace-log
- util-threshold cpu
- util-threshold memory
- virtual-ip
- write
- File Management
- 802.1X
- debug dot1x
- dot1x auth-fail-vlan
- dot1x auth-server
- dot1x auth-type mab-only
- dot1x authentication (Configuration)
- dot1x authentication (Interface)
- dot1x critical-vlan
- dot1x guest-vlan
- dot1x host-mode
- dot1x mac-auth-bypass
- dot1x max-eap-req
- dot1x max-supplicants
- dot1x port-control
- dot1x profile
- dot1x quiet-period
- dot1x reauthentication
- dot1x reauth-max
- dot1x server-timeout
- dot1x static-mab
- dot1x supplicant-timeout
- dot1x tx-period
- mac
- show dot1x cos-mapping interface
- show dot1x interface
- show dot1x profile
- Access Control Lists (ACL)
- Commands Common to all ACL Types
- Common IP ACL Commands
- Standard IP ACL Commands
- Extended IP ACL Commands
- ACL VLAN Group Commands
- Common MAC ACL Commands
- Standard MAC ACL Commands
- Extended MAC ACL Commands
- IP Prefix List Commands
- Route Map Commands
- continue
- description
- match as-path
- match community
- match interface
- match ip address
- match ip next-hop
- match ip route-source
- match metric
- match origin
- match route-type
- match tag
- route-map
- set as-path
- set automatic-tag
- set comm-list delete
- set community
- set level
- set local-preference
- set metric
- set metric-type
- set next-hop
- set origin
- set tag
- set weight
- show config
- show route-map
- AS-Path Commands
- IP Community List Commands
- Bidirectional Forwarding Detection (BFD)
- Border Gateway Protocol
- BGP IPv4 Commands
- address-family
- aggregate-address
- bgp add-path
- bgp always-compare-med
- bgp asnotation
- bgp bestpath as-path ignore
- bgp bestpath as-path multipath-relax
- bgp bestpath med confed
- bgp bestpath med missing-as-best
- bgp bestpath router-id ignore
- bgp client-to-client reflection
- bgp cluster-id
- bgp confederation identifier
- bgp confederation peers
- bgp dampening
- bgp default local-preference
- bgp dmzlink-bw
- bgp enforce-first-as
- bgp fast-external-fallover
- bgp four-octet-as-support
- bgp graceful-restart
- bgp log-neighbor-changes
- bgp non-deterministic-med
- bgp outbound-optimization
- bgp recursive-bgp-next-hop
- bgp regex-eval-optz-disable
- bgp router-id
- bgp soft-reconfig-backup
- capture bgp-pdu neighbor
- capture bgp-pdu max-buffer-size
- clear ip bgp
- clear ip bgp dampening
- clear ip bgp flap-statistics
- clear ip bgp peer-group
- debug ip bgp
- debug ip bgp dampening
- debug ip bgp events
- debug ip bgp keepalives
- debug ip bgp notifications
- debug ip bgp soft-reconfiguration
- debug ip bgp updates
- default-metric
- deny bandwidth
- description
- distance bgp
- maximum-paths
- neighbor activate
- neighbor add-path
- neighbor advertisement-interval
- neighbor advertisement-start
- neighbor allowas-in
- neighbor default-originate
- neighbor description
- neighbor distribute-list
- neighbor dmzlink-bw
- neighbor ebgp-multihop
- neighbor fall-over
- neighbor filter-list
- neighbor local-as
- neighbor maximum-prefix
- neighbor next-hop-self
- neighbor password
- neighbor peer-group (assigning peers)
- neighbor peer-group (creating group)
- neighbor peer-group passive
- neighbor remote-as
- neighbor remove-private-as
- neighbor route-map
- neighbor route-reflector-client
- neighbor send-community
- neighbor shutdown
- neighbor soft-reconfiguration inbound
- neighbor subnet
- neighbor timers
- neighbor timers extended
- neighbor update-source
- neighbor weight
- network
- network backdoor
- permit bandwidth
- redistribute
- redistribute ospf
- router bgp
- set extcommunity bandwidth
- shutdown all
- shutdown address-family-ipv4–multicast
- shutdown address-family-ipv4–unicast
- shutdown address-family-ipv6–unicast
- show capture bgp-pdu neighbor
- show config
- show ip bgp
- show ip bgp cluster-list
- show ip bgp community
- show ip bgp community-list
- show ip bgp dampened-paths
- show ip bgp detail
- show ip bgp extcommunity-list
- show ip bgp filter-list
- show ip bgp flap-statistics
- show ip bgp inconsistent-as
- show ip bgp neighbors
- show ip bgp next-hop
- show ip bgp paths
- show ip bgp paths as-path
- show ip bgp paths community
- show ip bgp peer-group
- show ip bgp regexp
- show ip bgp summary
- show running-config bgp
- timers bgp
- timers bgp extended
- MBGP Commands
- BGP Extended Communities (RFC 4360)
- IPv6 BGP Commands
- address-family
- address family ipv6 unicast
- aggregate-address
- bgp always-compare-med
- bgp bestpath as-path ignore
- bgp bestpath med confed
- bgp bestpath med missing-as-best
- bgp client-to-client reflection
- bgp cluster-id
- bgp confederation identifier
- bgp dampening
- bgp default local-preference
- bgp enforce-first-as
- bgp fast-external-fallover
- bgp four-octet-as-support
- bgp graceful-restart
- bgp log-neighbor-changes
- bgp non-deterministic-med
- bgp recursive-bgp-next-hop
- bgp regex-eval-optz-disable
- bgp router-id
- bgp soft-reconfig-backup
- capture bgp-pdu max-buffer-size
- capture bgp-pdu neighbor (ipv6)
- clear ip bgp ipv6-address
- clear ip bgp * (asterisk)
- clear ip bgp as-number
- clear ip bgp ipv6 dampening
- clear ip bgp ipv6 flap-statistics
- clear ip bgp ipv6 unicast
- clear ip bgp ipv6 unicast dampening
- clear ip bgp ipv6 unicast flap-statistics
- debug ip bgp keepalives
- debug ip bgp ipv6 dampening
- debug ip bgp ipv6 unicast peer-group updates
- debug ip bgp ipv6 unicast dampening
- debug ip bgp ipv6 unicast updates
- debug ip bgp notifications
- debug ip bgp updates
- default-metric
- description
- distance bgp
- ipv6 prefix-list
- maximum-paths
- neighbor activate
- neighbor advertisement-interval
- neighbor allowas-in
- neighbor default-originate
- neighbor description
- neighbor distribute-list
- neighbor ebgp-multihop
- neighbor fall-over
- neighbor filter-list
- neighbor maximum-prefix
- neighbor next-hop-self
- neighbor peer-group (assigning peers)
- neighbor peer-group (creating group)
- neighbor peer-group passive
- neighbor remote-as
- neighbor remove-private-as
- neighbor route-map
- neighbor route-reflector-client
- neighbor send-community
- neighbor soft-reconfiguration inbound
- neighbor subnet
- neighbor shutdown
- neighbor timers
- neighbor update-source
- neighbor weight
- neighbor X:X:X::X password
- network
- network backdoor
- redistribute
- redistribute ospf
- router bgp
- show capture bgp-pdu neighbor
- show config
- show ip bgp next-hop
- show ip bgp paths
- show ip bgp paths as-path
- show ip bgp paths community
- show ip bgp paths extcommunity
- show ip bgp regexp
- show ipv6 prefix-list
- show ip bgp ipv6 unicast
- show ip bgp ipv6 unicast cluster-list
- show ip bgp ipv6 unicast community
- show ip bgp ipv6 unicast community-list
- show ip bgp ipv6 unicast dampened-paths
- show ip bgp ipv6 unicast detail
- show ip bgp ipv6 unicast extcommunity-list
- show ip bgp ipv6 unicast filter-list
- show ip bgp ipv6 unicast flap-statistics
- show ip bgp ipv6 unicast inconsistent-as
- show ip bgp ipv6 unicast neighbors
- show ip bgp ipv6 unicast peer-group
- show ip bgp ipv6 unicast summary
- timers bgp
- IPv6 MBGP Commands
- BGP IPv4 Commands
- Content Addressable Memory (CAM)
- Control Plane Policing (CoPP)
- clear control-traffic protocol
- clear control-traffic queue
- control-plane-cpuqos
- service-policy rate-limit-cpu-queues
- service-policy rate-limit-protocols
- show control-traffic protocol
- show control-traffic queue
- show cpu-queue rate
- show ip protocol-queue-mapping
- show ipv6 protocol-queue-mapping
- show mac protocol-queue-mapping
- show protocol-queue-mapping
- Data Center Bridging (DCB)
- DCB Commands
- PFC Commands
- ETS Commands
- DCBX Commands
- dcb-map
- priority-pgid
- priority-group bandwidth pfc
- dcb-map stack-unit all stack-ports all
- dcb pfc-shared-buffer-size
- dcb-buffer-threshold
- priority
- qos-policy-buffer
- dcb-policy buffer-threshold (Interface Configuration)
- show qos dcb-buffer-threshold
- show hardware stack-unit buffer-stats-snapshot
- dcb pfc-total-buffer-size
- show running-config dcb-buffer-threshold
- dcb pfc-queues
- dcb {ets | pfc} enable
- Debugging and Diagnostics
- Dynamic Host Configuration Protocol (DHCP)
- Configure a DHCP Server and DHCP Clients
- clear ip dhcp
- debug ip dhcp client events
- debug ip dhcp client packets
- debug ip dhcp server
- default-router
- disable
- dns-server
- domain-name
- excluded-address
- hardware-address
- host-address
- ip address dhcp
- ip address dhcp relay information-option
- ip address dhcp vendor-class-identifier
- ip dhcp relay secondary-subnet
- ip dhcp server
- ip helper-address
- ipv6 helper-address
- lease
- netbios-name-server
- netbios-node-type
- network
- pool
- show ip dhcp client statistics
- show ip dhcp configuration
- show ip dhcp conflict
- show ip dhcp lease
- show ip dhcp server statistics
- Configure Secure DHCP and DHCP Relay
- arp inspection
- arp inspection-trust
- clear ip dhcp snooping
- ip dhcp relay information-option
- ip dhcp relay source-interface
- ipv6 dhcp relay source-interface
- ip dhcp snooping
- ip dhcp snooping binding
- ip dhcp snooping database
- ip dhcp snooping database renew
- ip dhcp snooping trust
- ip dhcp snooping verify mac-address
- ip dhcp snooping vlan
- ip dhcp source-address-validation
- show ip dhcp binding
- show ip dhcp snooping
- Configure a DHCP Server and DHCP Clients
- Equal Cost Multi-Path (ECMP)
- FCoE Transit
- clear fip-snooping database interface vlan
- clear fip-snooping statistics
- debug fip snooping
- debug fip snooping rx
- feature fip-snooping
- fip-snooping enable
- fip-snooping fc-map
- fip-snooping max-sessions-per-enodemac
- fip-snooping port-mode fcf
- fip-snooping port-mode fcoe-trusted
- show fip-snooping config
- show fip-snooping enode
- show fip-snooping fcf
- show fip-snooping sessions
- show fip-snooping statistics
- show fip-snooping system
- show fip-snooping vlan
- FIPS Cryptography
- Flex Hash and Optimized Boot-Up
- Force10 OS Resilient Ring Protocol (FRRP)
- GARP VLAN Registration (GVRP)
- High Availability (HA)
- ICMP Message Types
- Interfaces
- Basic Interface Commands
- clear counters
- clear dampening
- combo-port-type
- combo-port-type
- dampening
- description
- default interface
- encapsulation dot1q
- flowcontrol
- interface
- interface loopback
- interface ManagementEthernet
- interface null
- interface range
- interface range macro (define)
- interface range macro name
- interface vlan
- keepalive
- linecard portmode
- monitor interface
- mtu
- no port-delay-restore (Interface Mode)
- port-delay-restore (Configuration Mode)
- portmode hybrid
- rate-interval
- rate-interval (Configuration Mode)
- show config
- show config (from INTERFACE RANGE mode)
- show interfaces
- show interfaces configured
- show interfaces dampening
- show interfaces phy
- show interfaces status
- show interfaces switchport
- show interfaces transceiver
- show interfaces vlan
- show range
- show running-config ecmp-group
- shutdown
- speed (for 10/100/1000/10000 interfaces)
- speed (Management interface)
- switchport
- wavelength
- Egress Interface Selection (EIS) Commands
- Port Channel Commands
- HiGig Port Channel Commands
- Time Domain Reflectometer (TDR) Commands
- Basic Interface Commands
- Intermediate System to Intermediate System (IS-IS)
- adjacency-check
- advertise
- area-password
- clear isis
- clns host
- debug isis
- debug isis adj-packets
- debug isis graceful-restart
- debug isis local-updates
- debug isis snp-packets
- debug isis spf-triggers
- debug isis update-packets
- default-information originate
- description
- distance
- distribute-list in
- distribute-list out
- distribute-list redistributed-override
- domain-password
- graceful-restart ietf
- graceful-restart interval
- graceful-restart restart-wait
- graceful-restart t1
- graceful-restart t2
- graceful-restart t3
- hello padding
- hostname dynamic
- ignore-lsp-errors
- ip router isis
- ipv6 router isis
- isis circuit-type
- isis csnp-interval
- isis hello-interval
- isis hello-multiplier
- isis hello padding
- isis ipv6 metric
- isis metric
- isis network point-to-point
- isis password
- isis priority
- is-type
- log-adjacency-changes
- lsp-gen-interval
- lsp-mtu
- lsp-refresh-interval
- max-area-addresses
- max-lsp-lifetime
- maximum-paths
- metric-style
- multi-topology
- net
- passive-interface
- redistribute
- redistribute bgp
- redistribute ospf
- router isis
- set-overload-bit
- show config
- show isis database
- show isis graceful-restart detail
- show isis hostname
- show isis interface
- show isis neighbors
- show isis protocol
- show isis traffic
- spf-interval
- Internet Group Management Protocol (IGMP)
- IGMP Commands
- clear ip igmp groups
- debug ip igmp
- ip igmp access-group
- ip igmp group-join-limit
- ip igmp immediate-leave
- ip igmp last-member-query-interval
- ip igmp querier-timeout
- ip igmp query-interval
- ip igmp query-max-resp-time
- ip igmp ssm-map
- ip igmp static-group
- ip igmp version
- show ip igmp groups
- show ip igmp interface
- show ip igmp ssm-map
- IGMP Snooping Commands
- IGMP Commands
- Internet Protocol Security (IPSec)
- IPv4 Routing
- arp
- arp backoff-time
- arp learn-enable
- arp retries
- arp timeout
- clear arp-cache
- clear host
- clear ip fib linecard
- clear ip route
- clear ip traffic
- clear tcp statistics
- debug arp
- debug ip dhcp
- debug ip icmp
- debug ip packet
- deny arp (for Extended MAC ACLs)
- icmp6-redirect enable
- ip address
- ip directed-broadcast
- ip domain-list
- ip domain-lookup
- ip domain-name
- ip helper-address hop-count disable
- ip host
- ip max-frag-count
- ip name-server
- ip proxy-arp
- ip route
- ip source-route
- ip unreachables
- ipv4 unicast-host-route
- load-balance
- management route
- show arp
- show arp retries
- show hosts
- show ip cam linecard
- show ip fib linecard
- show ip flow
- show ip interface
- show ip management-route
- show ipv6 management-route
- show ip protocols
- show ip route
- show ip route list
- show ip route summary
- show ip traffic
- show tcp statistics
- IPv6 Access Control Lists (IPv6 ACLs)
- cam-acl
- cam-acl-egress
- clear counters ipv6 access-group
- deny (for IPv6 ACLs)
- deny icmp (for Extended IPv6 ACLs)
- deny tcp (for IPv6 ACLs)
- deny udp (for IPv6 ACLs)
- ipv6 access-list
- ipv6 control-plane egress-filter
- permit (for IPv6 ACLs)
- permit icmp (for IPv6 ACLs)
- permit tcp (for IPv6 ACLs)
- permit udp (for IPv6 ACLs)
- seq (for IPv6 ACLs)
- show cam-usage
- show ipv6 access-list
- show ipv6 accounting access-list
- show running-config
- IPv6 Basics
- cam-ipv6 extended-prefix
- clear ipv6 fib
- clear ipv6 mld_host
- clear ipv6 neighbors
- ipv6 address
- ipv6 address autoconfig
- ipv6 address eui64
- ipv6 control-plane icmp error-rate-limit
- ipv6 flowlabel-zero
- ipv6 host
- ipv6 name-server
- ipv6 nd dad attempts
- ipv6 nd disable-reachable-timer
- ipv6 nd dns-server
- ipv6 nd prefix
- ipv6 neighbor
- ipv6 route
- ipv6 unicast-host-route
- ipv6 unicast-routing
- show cam-ipv6 extended-prefix
- show ipv6 cam linecard
- show ipv6 control-plane icmp
- show ipv6 fib linecard
- show ipv6 flowlabel-zero
- show ipv6 interface
- show ipv6 mld_host
- show ipv6 neighbors
- show ipv6 route
- iSCSI Optimization
- Layer 2
- MAC Addressing Commands
- clear mac-address-table
- mac-address-table aging-time
- mac-address-table disable-learning
- mac-address-table static
- mac-address-table station-move refresh-arp
- mac-address-table station-move threshold
- mac learning-limit
- mac learning-limit learn-limit-violation
- mac learning-limit mac-address-sticky
- mac learning-limit station-move-violation
- mac learning-limit reset
- mac port-security
- show cam mac linecard (dynamic or static)
- show mac-address-table
- show mac-address-table aging-time
- show mac learning-limit
- Virtual LAN (VLAN) Commands
- Far-End Failure Detection (FEFD)
- MAC Addressing Commands
- Link Aggregation Control Protocol (LACP)
- Link Layer Discovery Protocol (LLDP)
- LLPD Commands
- advertise dot1-tlv
- advertise dot3-tlv
- advertise interface-port-desc
- advertise dot3-tlv
- advertise management-tlv
- advertise management-tlv (Interface)
- clear lldp counters
- clear lldp neighbors
- debug lldp interface
- disable
- hello
- management-interface
- mode
- multiplier
- pe-lldp-multiplier
- protocol lldp (Configuration)
- protocol lldp (Interface)
- show lldp neighbors
- show lldp statistics
- show management-interface
- show running-config lldp
- snmp-notification-interval
- LLDP-MED Commands
- LLPD Commands
- Multicast
- Multicast Listener Discovery Protocol
- Multicast Source Discovery Protocol (MSDP)
- clear ip msdp peer
- clear ip msdp sa-cache
- clear ip msdp statistic
- debug ip msdp
- ip msdp cache-rejected-sa
- ip msdp default-peer
- ip msdp log-adjacency-changes
- ip msdp mesh-group
- ip msdp originator-id
- ip msdp peer
- ip msdp redistribute
- ip msdp sa-filter
- ip msdp sa-limit
- ip msdp shutdown
- ip multicast-msdp
- show ip msdp
- show ip msdp sa-cache rejected-sa
- Multiple Spanning Tree Protocol (MSTP)
- Neighbor Discovery Protocol (NDP)
- Object Tracking
- Open Shortest Path First (OSPFv2 and OSPFv3)
- OSPFv2 Commands
- area default-cost
- area nssa
- area range
- area stub
- auto-cost
- clear ip ospf
- clear ip ospf statistics
- debug ip ospf
- default-information originate
- default-metric
- description
- distance
- distance ospf
- distribute-list in
- distribute-list out
- enable inverse-mask
- fast-convergence
- graceful-restart grace-period
- graceful-restart helper-reject
- graceful-restart mode
- graceful-restart role
- ip ospf auth-change-wait-time
- ip ospf authentication-key
- ip ospf cost
- ip ospf dead-interval
- ip ospf hello-interval
- ip ospf message-digest-key
- ip ospf mtu-ignore
- ip ospf network
- ip ospf priority
- ip ospf retransmit-interval
- ip ospf transmit-delay
- log-adjacency-changes
- maximum-paths
- network area
- passive-interface
- redistribute
- redistribute bgp
- redistribute isis
- router-id
- router ospf
- show config
- show ip ospf
- show ip ospf asbr
- show ip ospf database
- show ip ospf database asbr-summary
- show ip ospf database external
- show ip ospf database network
- show ip ospf database nssa-external
- show ip ospf database opaque-area
- show ip ospf database opaque-as
- show ip ospf database opaque-link
- show ip ospf database router
- show ip ospf database summary
- show ip ospf interface
- show ip ospf neighbor
- show ip ospf routes
- show ip ospf statistics
- show ip ospf timers rate-limit
- show ip ospf topology
- summary-address
- timers spf
- timers throttle lsa all
- timers throttle lsa arrival
- OSPFv3 Commands
- area authentication
- area encryption
- area nssa
- auto-cost
- clear ipv6 ospf process
- clear ipv6 route
- debug ipv6 ospf bfd
- debug ipv6 ospf events
- debug ipv6 ospf packet
- debug ipv6 ospf spf
- default-information originate
- graceful-restart grace-period
- graceful-restart mode
- ipv6 neighbor
- ipv6 ospf area
- ipv6 ospf authentication
- ipv6 ospf bfd all-neighbors
- ipv6 ospf cost
- ipv6 ospf dead-interval
- ipv6 ospf encryption
- ipv6 ospf graceful-restart helper-reject
- ipv6 ospf hello-interval
- ipv6 ospf mtu-ignore
- ipv6 ospf priority
- ipv6 router ospf
- maximum-paths
- passive-interface
- redistribute
- router-id
- show crypto ipsec policy
- show crypto ipsec sa ipv6
- show ipv6 ospf interface
- show ipv6 ospf database
- show ipv6 ospf neighbor
- snmp context
- OSPFv2 Commands
- PE Console Commands
- PE Stacking
- Per-VLAN Spanning Tree Plus (PVST+)
- PIM-Source Specific Mode (PIM-SSM)
- PIM-Sparse Mode (PIM-SM)
- IPv4 PIM-Sparse Mode Commands
- clear ip pim rp-mapping
- clear ip pim tib
- debug ip pim
- ip pim bsr-border
- ip pim bsr-candidate
- ip pim dr-priority
- ip pim graceful-restart
- ip pim join-filter
- ip pim ingress-interface-map
- ip pim neighbor-filter
- ip pim query-interval
- ip pim register-filter
- ip pim rp-address
- ip pim rp-candidate
- ip pim sparse-mode
- ip pim spt-threshold
- ip pim sparse-mode sg-expiry-timer
- show ip pim bsr-router
- show ip pim snooping neighbor
- show ip pim interface
- show ip pim neighbor
- show ip pim rp
- show ip pim snooping interface
- show ip pim summary
- show ip pim tib
- show running-config pim
- IPv6 PIM-Sparse Mode Commands
- clear ipv6 pim tib
- debug ipv6 pim
- ipv6 pim bsr-border
- ipv6 pim bsr-candidate
- ipv6 pim dr-priority
- ipv6 pim query-interval
- ipv6 pim rp-address
- ipv6 pim rp-candidate
- ipv6 pim sparse-mode
- ipv6 pim sparse-mode sg-expiry-timer
- ipv6 pim spt-threshold
- show ipv6 pim bsr-router
- show ipv6 pim interface
- show ipv6 pim neighbor
- show ipv6 pim rp
- show ipv6 pim summary
- show ipv6 pim tib
- IPv4 PIM-Sparse Mode Commands
- Policy-based Routing (PBR)
- Port Extenders (PE)
- Port Monitoring
- Private VLAN (PVLAN)
- Quality of Service (QoS)
- Global Configuration Commands
- Per-Port QoS Commands
- Policy-Based QoS Commands
- bandwidth-percentage
- buffer-stats-snapshot
- class-map
- clear qos statistics
- description
- match ip access-group
- match ip dscp
- match ip precedence
- match ip vlan
- match mac access-group
- match mac dot1p
- match mac vlan
- policy-aggregate
- policy-map-input
- policy-map-output
- qos-policy-input
- qos-policy-output
- rate-police
- rate-shape
- service-class buffer shared-threshold-weight
- service-policy input
- service-policy output
- service-queue
- set
- show qos class-map
- show qos policy-map
- show qos policy-map-input
- show qos policy-map-output
- show qos qos-policy-input
- show qos qos-policy-output
- show qos statistics
- show qos wred-profile
- threshold
- trust
- wred
- wred weight
- wred ecn
- wred-profile
- show hardware
- DSCP Color Map Commands
- Rapid Spanning Tree Protocol (RSTP)
- Remote Monitoring (RMON)
- Routing Information Protocol (RIP)
- auto-summary
- clear ip rip
- debug ip rip
- default-information originate
- default-metric
- description
- distance
- distribute-list in
- distribute-list out
- ip poison-reverse
- ip rip receive version
- ip rip send version
- ip split-horizon
- maximum-paths
- neighbor
- network
- offset-list
- output-delay
- passive-interface
- redistribute
- redistribute isis
- redistribute ospf
- router rip
- show config
- show ip rip database
- show running-config rip
- timers basic
- version
- Security
- Role-Based Access Control Commands
- AAA Accounting Commands
- Authorization and Privilege Commands
- Authentication and Password Commands
- aaa authentication enable
- aaa authentication login
- aaa reauthenticate enable
- access-class
- enable password
- enable sha256-password
- enable restricted
- enable secret
- login authentication
- password
- password-attributes
- service obscure-passwords
- service password-encryption
- secure-cli enable
- show privilege
- show users
- timeout login response
- username
- RADIUS Commands
- aaa radius auth-method
- client
- client-key
- coa-bounce-port
- coa-disable-port
- coa-reauthenticate
- debug radius
- da-rsp-timeout
- disconnect-user
- dynamic-auth-enable
- ip radius source-interface
- port
- radius dynamic-auth
- radius-server deadtime
- radius-server host
- radius-server key
- radius-server retransmit
- radius-server timeout
- rate-limit
- replay-protection-window
- terminate-session
- TACACS+ Commands
- Port Authentication (802.1X) Commands
- dot1x authentication (Configuration)
- dot1x authentication (Interface)
- dot1x auth-fail-vlan
- dot1x auth-server
- dot1x guest-vlan
- dot1x mac-auth-bypass
- dot1x max-eap-req
- dot1x port-control
- dot1x quiet-period
- dot1x reauthentication
- dot1x reauth-max
- dot1x server-timeout
- dot1x supplicant-timeout
- dot1x tx-period
- show dot1x interface
- SSH Server and SCP Commands
- crypto cert generate
- crypto key generate
- crypto key zeroize rsa
- debug ip ssh
- ip scp topdir
- ip ssh authentication-retries
- ip ssh challenge–response–authentication
- ip ssh cipher
- ip ssh connection-rate-limit
- ip ssh hostbased-authentication
- ip ssh key-size
- ip ssh mac
- ip ssh password-authentication
- ip ssh pub-key-file
- ip ssh mac
- ip ssh rekey
- ip ssh rhostsfile
- ip ssh rsa-authentication (Config)
- ip ssh rsa-authentication (EXEC)
- ip ssh server
- ip ssh server dns enable
- ip ssh source-interface
- show crypto
- show ip ssh
- show ip ssh client-pub-keys
- show ip ssh rsa-authentication
- ssh
- Secure DHCP Commands
- ICMP Vulnerabilities
- System Security Commands
- Service Provider Bridging
- sFlow
- Simple Network Management Protocol (SNMP) and Syslog
- SNMP Commands
- show snmp
- show snmp engineID
- show snmp group
- show snmp supported-mibs
- show snmp supported-traps
- show snmp user
- snmp context
- snmp ifmib ifalias long
- snmp mib community-map
- snmp-server contact
- snmp-server context
- snmp-server community
- snmp-server enable traps
- snmp-server engineID
- snmp-server group
- snmp-server host
- snmp-server location
- snmp-server packetsize
- snmp-server trap-source
- snmp-server user
- snmp-server view
- snmp-server vrf
- snmp trap link-status
- Syslog Commands
- clear logging
- clear logging auditlog
- default logging buffered
- default logging console
- default logging monitor
- default logging trap
- logging
- logging buffered
- logging console
- logging coredump stack-unit
- logging extended
- logging facility
- logging history
- logging history size
- logging monitor
- logging on
- logging source-interface
- logging synchronous
- logging trap
- logging version
- show logging
- show logging auditlog
- show logging driverlog
- show logging kernellog
- terminal monitor
- SNMP Commands
- SNMP Traps
- Spanning Tree Protocol (STP)
- Storm Control
- show storm-control broadcast
- show storm-control multicast
- show storm-control unknown-unicast
- storm-control broadcast (Configuration)
- storm-control broadcast (Interface)
- storm-control multicast (Configuration)
- storm-control multicast (Interface)
- storm-control pfc-llfc
- storm-control unknown-unicast (Configuration)
- storm-control unknown-unicast (Interface)
- SupportAssist
- System Time and Date
- clock set
- clock summer-time date
- clock summer-time recurring
- clock timezone
- debug ntp
- ntp authenticate
- ntp authentication-key
- ntp control-key-passwd
- ntp broadcast client
- ntp disable
- ntp master
- ntp offset-threshold
- ntp server
- ntp source
- ntp step-threshold
- ntp trusted-key
- show clock
- show ntp associations
- show ntp status
- show ntp vrf associations
- Tunneling Commands
- Uplink Failure Detection (UFD)
- Virtual Link Trunking (VLT)
- back-up destination
- clear vlt statistics
- delay-restore
- lacp ungroup member-independent
- multicast peer-routing timeout
- peer-link port-channel
- peer-routing
- peer-routing-timeout
- primary-priority
- show vlt brief
- show vlt backup-link
- show vlt counters
- show vlt detail
- show vlt inconsistency
- show vlt mismatch
- show vlt private-vlan
- show vlt role
- show vlt statistics
- system-mac
- unit-id
- vlt domain
- vlt-peer-lag port-channel
- VLT Proxy Gateway
- Virtual Router Redundancy Protocol (VRRP)
- Virtual Routing and Forwarding (VRF)
- VLAN Stacking
- X.509v3
● The order option takes precedence over seq sequence-number.
● If sequence-number is not configured, the rules with the same order value are ordered according to
their configuration order.
● If sequence-number is configured, the sequence-number is used as a tie breaker for rules with the
same order.
When you use the log option, the CP processor logs detail the packets that match. Depending on how
many packets match the log entry and at what rate, the CP may become busy as it has to log these
packets’ details.
Use the monitor option only when you are using flow-based monitoring. For more information, refer to
the Port Monitoring chapter of the C9000 Series Configuration Guide.
By default, 10 ACL logs are generated if you do not specify the threshold explicitly. The default frequency
at which ACL logs are generated is five minutes. By default, flow-based monitoring is not enabled.
NOTE: When ACL logging and byte counters are configured simultaneously, byte counters may
display an incorrect value. Configure packet counters with logging instead.
Related
Commands
deny — configures a filter to drop packets.
permit — configures a filter to forward packets.
ACL VLAN Group Commands
Use the commands in this section to configure ACL VLAN groups and CAM optimization for ACLs applied to VLAN groups.
acl-vlan-group
Create an ACL VLAN group.
C9000 Series
Term heading
Description heading
Syntax
acl-vlan-group group name
To remove an ACL VLAN group, use the no acl-vlan-group group name command.
Parameters
group-name
Enter the name of the ACL VLAN group (140 characters maximum).
Default None
Command Modes
ACL-VLAN-GROUP CONFIGURATION
CONFIGURATION TERMINAL BATCH
Command
History
Version Description
9.10(0.0) Introduced the Configuration Terminal Batch mode on C9010.
9.9(0.0) Introduced on the C9010.
9.5(0.1) Introduced on the Z9500.
9.3(0.0) Introduced on the S4810, S4820T, and Z9000.
Usage
Information
You can configure up to eight different ACL VLAN groups at a time on the switch. When you configure
an ACL VLAN group, you enter ACL VLAN Group configuration mode. You can also configure the ACL
VLAN group in Configuration Terminal Batch mode that applies the configurations to the chassis in a
dual-homing setup.
254 Access Control Lists (ACL)