Reference Guide

ManualsBrandsDell ManualsNetwork CardPowerConnect M8024

Dell PowerConnect

PCM6220, PCM6348, PCM8024,

PCM8024-k

CLI Reference Guide

Regulatory Model: PCM6220, PCM6348,

PCM8024, PCM8024-k

2CSPC4.XModular-SWUM204.book Page 1 Friday, March 15, 2013 9:24 AM

Summary of content (1836 pages)

PAGE 1
2CSPC4.XModular-SWUM204.
PAGE 2
CSPC4.XModular-SWUM204.book Page 2 Friday, March 15, 2013 9:24 AM Notes NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ____________________ Information in this publication is subject to change without notice. © 2013 Dell Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc.
PAGE 3
2CSPC4.XModular-SWUM204.book Page 3 Friday, March 15, 2013 9:24 AM Contents 1 Command Groups Introduction . . . . . . . . . . . . . . . . . . 77 . . . . . . . . . . . . . . . . . . . . . . . 77 Command Groups Mode Types . . . . . . . . . . . . . . . . . . . . 77 . . . . . . . . . . . . . . . . . . . . . . . 81 Layer 2 Commands . Data Center Technology Commands. . . . . . . . . . . 118 . . . . . . . . . . . . . . . . . . . 120 . . . . . . . . . . . . . . . . . . . . 147 Layer 3 Commands .
PAGE 4
2CSPC4.XModular-SWUM204.book Page 4 Friday, March 15, 2013 9:24 AM 3 Layer 2 Switching Commands . . . . . . . . 241 4 AAA Commands . . . . . . . . . . . . . . . . . . . 243 TACACS+ Accounting . . . . . . . . . . . . . . . . . . Commands in this Chapter . . . . . . . . . . . . . . . . aaa authentication dot1x default 246 . . . . . . . . . . . . . . . 247 . . . . . . . . . . . . . . . . 249 . . . . . . . . . . . . . . . . . . . . 250 aaa authentication login .
PAGE 5
2CSPC4.XModular-SWUM204.book Page 5 Friday, March 15, 2013 9:24 AM password (User EXEC) . . . . . . . . . . . . . . . . . . 264 show aaa ias-users . . . . . . . . . . . . . . . . . . . 265 show aaa statistics . . . . . . . . . . . . . . . . . . . 266 show authentication methods . . . . . . . . . . . . . . 267 . . . . . . . . . . . . . . 268 . . . . . . . . . . . . . . . . . . 270 show authorization methods show users accounts show users login-history username . . . . . . . . . . . . . . .
PAGE 6
2CSPC4.XModular-SWUM204.book Page 6 Friday, March 15, 2013 9:24 AM Commands in this Chapter . access-list . . . . . . . . . . . . . . . . 290 . . . . . . . . . . . . . . . . . . . . . . . 290 deny | permit (IP ACL) deny | permit (Mac-Access-List-Configuration) ip access-group . . . . 294 . . . . . . . . . . . . . . . . . . . . . 296 mac access-group . 298 . . . . . . . . . . . . . . . mac access-list extended rename service-acl input . 297 . . . . . . . . . . . . . . . . . . .
PAGE 7
2CSPC4.XModular-SWUM204.book Page 7 Friday, March 15, 2013 9:24 AM show mac address-table show mac address-table address . show mac address-table count 315 . . . . . . . . . . . . . 316 . . . . . . . . . . . 317 show mac address-table interface . . . . . . . . . . . 318 show mac address-table static . . . . . . . . . . . . . 319 show mac address-table vlan . . . . . . . . . . . . . . 320 . . . . . . . . . . . . . . . . . . .
PAGE 8
2CSPC4.XModular-SWUM204.book Page 8 Friday, March 15, 2013 9:24 AM isdp timer . . . . . . . . . . . . . . . . . . . . . . . . 335 show isdp . . . . . . . . . . . . . . . . . . . . . . . . 335 show isdp entry 336 . . . . . . . . . . . . . . . . . . . . . show isdp interface show isdp neighbors. show isdp traffic . 338 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 . . . . . . . . . . . . . . . . . . . .
PAGE 9
2CSPC4.XModular-SWUM204.book Page 9 Friday, March 15, 2013 9:24 AM show dhcp l2relay remote-id vlan . 355 . . . . . . . . . . . clear dhcp l2relay statistics interface 356 . . . . . . . . . 11 DHCP Management Interface Commands 357 Commands in this Chapter . . . . . . . . . . . . . . . . 357 . . . . . . . . . . . . . . . . . . . . . . 358 . . . . . . . . . . . . . . . . . . . . . . . 359 release dhcp . renew dhcp debug dhcp packet show dhcp lease . . . . . . . . . . . . . . . . . . . .
PAGE 10
2CSPC4.XModular-SWUM204.book Page 10 Friday, March 15, 2013 9:24 AM show ip dhcp snooping 374 . . . . . . . . . . . . . . . . . show ip dhcp snooping binding . 375 . . . . . . . . . . . . show ip dhcp snooping database . . . . . . . . . . . . 376 show ip dhcp snooping interfaces . . . . . . . . . . . 377 show ip dhcp snooping statistics . . . . . . . . . . . . 378 13 Dynamic ARP Inspection Commands Commands in this Chapter . arp access-list . . . 381 . . . . . . . . . . . . . . . 381 .
PAGE 11
2CSPC4.XModular-SWUM204.book Page 11 Friday, March 15, 2013 9:24 AM logging email logging email urgent . logging traps . . . . . . . . . . . . . . . . . . . 396 . . . . . . . . . . . . . . . . . . . . . . 397 logging email message-type to-addr logging email from-addr . . . . . . . . . . . 398 . . . . . . . . . . . . . . . . 399 logging email message-type subject logging email logtime . . . . . . . . . . 399 . . . . . . . . . . . . . . . . . . 400 logging email test message-type . . . . . .
PAGE 12
2CSPC4.XModular-SWUM204.book Page 12 Friday, March 15, 2013 9:24 AM flowcontrol . interface . . . . . . . . . . . . . . . . . . . . . . . 413 . . . . . . . . . . . . . . . . . . . . . . . . . 414 interface range . mtu . . . . . . . . . . . . . . . . . . . . . 415 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416 show interfaces advertise . . . . . . . . . . . . . . . . show interfaces configuration show interfaces counters 417 . . . . . . . . . . . . . 419 . . . . . . . . . . . .
PAGE 13
2CSPC4.XModular-SWUM204.book Page 13 Friday, March 15, 2013 9:24 AM 16 Ethernet CFM Commands Commands in this Chapter . 443 . . . . . . . . . . . . . . . 443 . . . . . . . . . . . . . . . . . . 444 . . . . . . . . . . . . . . . . . . . . . . . . . . 445 ethernet cfm domain . service . . . . . . . . . . . ethernet cfm cc level 446 . . . . . . . . . . . . . . . . . . ethernet cfm mep level 447 . . . . . . . . . . . . . . . . . ethernet cfm mep enable . . . . . . . . . . . . . . . .
PAGE 14
2CSPC4.XModular-SWUM204.book Page 14 Friday, March 15, 2013 9:24 AM clear gvrp statistics garp timer . . . . . . . . . . . . . . . . . . . 463 . . . . . . . . . . . . . . . . . . . . . . . . 464 gvrp enable (global) 465 . . . . . . . . . . . . . . . . . . . gvrp enable (interface) . . . . . . . . . . . . . . . . . 466 gvrp registration-forbid . . . . . . . . . . . . . . . . . 467 gvrp vlan-creation-forbid . . . . . . . . . . . . . . . . 468 show gvrp configuration . . . . . . . . . . . .
PAGE 15
2CSPC4.XModular-SWUM204.book Page 15 Friday, March 15, 2013 9:24 AM ip igmp snooping vlan mrouter 19 IGMP Snooping Querier Commands Commands in this Chapter . ip igmp snooping querier . . . 487 . . . . . . . . . . . . . . . 487 . . . . . . . . . . . . . . . . 487 ip igmp snooping querier election participate . . . . . 489 . . . . . . . . 490 . . . . . . . . . 490 . . . . . . . . . . . 491 . . . . . . . . . . . . .
PAGE 16
2CSPC4.XModular-SWUM204.book Page 16 Friday, March 15, 2013 9:24 AM ip host 504 . . . . . . . . . . . . . . . . . . . . . . . . . . ip name-server . ipv6 address (Interface Config) ipv6 address dhcp . . . . . . . . . . . . . 505 . . . . . . . . . . . . . . . . . . . . 507 ipv6 enable (Interface Config) . show hosts . 504 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508 . . . . . . . . . . . . . . . . . . . . . . . 508 show ip address-conflict show ip helper-address .
PAGE 17
2CSPC4.XModular-SWUM204.book Page 17 Friday, March 15, 2013 9:24 AM ipv6 mld snooping vlan immediate-leave . ipv6 mld snooping listener-message-suppression 527 . . . ipv6 mld snooping vlan last-listener-query-interval . . 528 . . . . . . . . 529 . . . . . . . . . . . . 530 . . . . . . . . . . . . . . . 530 . . . . . . . . . . . . . . . . 531 ipv6 mld snooping vlan mcrtexpiretime . ipv6 mld snooping vlan mrouter . ipv6 mld snooping (Global) show ipv6 mld snooping . 526 . . . . . . .
PAGE 18
2CSPC4.XModular-SWUM204.book Page 18 Friday, March 15, 2013 9:24 AM ip verify source ip verify source port-security ip verify binding . . . . . . . . . . . . . . 546 . . . . . . . . . . . . . . . . . . . . . 547 show ip verify interface show ip source binding . . . . . . . . . . . . 548 . . . . . . . . . . . . . . . . . 548 25 iSCSI Optimization Commands Commands in this Chapter . . . . . . . . 551 . . . . . . . . . . . . . . . 552 . . . . . . . . . . . . . . . . . . . . . 552 . . . . .
PAGE 19
2CSPC4.XModular-SWUM204.book Page 19 Friday, March 15, 2013 9:24 AM add port-channel . depends-on. . . . . . . . . . . . . . . . . . . . . 566 . . . . . . . . . . . . . . . . . . . . . . . 567 show link-dependency 27 LLDP Commands . . . . . . . . . . . . . . . . . . Commands in this Chapter . 571 . . . . . . . . . . . . . . . 572 . . . . . . . . . . . . . . . . . 572 . . . . . . . . . . . . . . . . . . . 573 . . . . . . . . . . . . . . . . . . . . . . . 574 . . . . . . . . . . . . . . . .
PAGE 20
2CSPC4.XModular-SWUM204.book Page 20 Friday, March 15, 2013 9:24 AM show lldp local-device show lldp med . . . . . . . . . . . . . . . . . 585 . . . . . . . . . . . . . . . . . . . . . . 586 show lldp med interface . . . . . . . . . . . . . . . . . show lldp med local-device detail . . . . . . . . . . . 588 . . . . . . . . . . . . . 591 . . . . . . . . . . . . . . . . 594 . . . . . . . . . . . . . . . . . . . 595 show lldp med remote-device .
PAGE 21
2CSPC4.XModular-SWUM204.book Page 21 Friday, March 15, 2013 9:24 AM 29 Port Aggregator Commands add interface . duplex . . . . . . . . . 615 . . . . . . . . . . . . . . . . . . . . . . 615 . . . . . . . . . . . . . . . . . . . . . . . . . . 616 lacp auto . lacp off . . . . . . . . . . . . . . . . . . . . . . . . . 617 . . . . . . . . . . . . . . . . . . . . . . . . . 618 lacp static 618 . . . . . . . . . . . . . . . . . . . . . . . . minimum active uplinks . . . . . . . . . . . . . . . . .
PAGE 22
2CSPC4.XModular-SWUM204.book Page 22 Friday, March 15, 2013 9:24 AM Enhanced LAG Hashing 630 . . . . . . . . . . . . . . . . . Manual Aggregation of LAGs . . . . . . . . . . . . . . 630 Manual Aggregation of LAGs . . . . . . . . . . . . . . 631 Flexible Assignment of Ports to LAGs . . . . . . . . . . 631 . . . . . . . . . . . . . . . 631 . . . . . . . . . . . . . . . . . . . . . . 631 Commands in this Chapter . channel-group interface port-channel .
PAGE 23
2CSPC4.XModular-SWUM204.book Page 23 Friday, March 15, 2013 9:24 AM 32 QoS Commands . . . . . . . . . . . . . . . . . . . Access Control Lists . Layer 2 ACLs . . . . . . . . . . . . . . . . . . 651 . . . . . . . . . . . . . . . . . . . . . . . 652 Layer 3/4 IPv4 ACLs . . . . . . . . . . . . . . . . . . . Class of Service (CoS) . Queue Mapping 652 . . . . . . . . . . . . . . . . . 652 . . . . . . . . . . . . . . . . . . . . . 653 PCM6220 Limitations. . . . . . . . . . . . . . . . . . .
PAGE 24
2CSPC4.XModular-SWUM204.book Page 24 Friday, March 15, 2013 9:24 AM mark cos . . . . . . . . . . . . . . . . . . . . . . . . . mark ip-dscp . . . . . . . . . . . . . . . . . . . . . . . mark ip-precedence . 672 . . . . . . . . . . . . . . . . . . 673 . . . . . . . . . . . . . . . . . . . . 673 . . . . . . . . . . . . . . . . . . . . . . . . 675 match class-map . match cos 671 match destination-address mac . . . . . . . . . . . . . 675 match dstip . . . . . . . . . . . . . . . . . . . . .
PAGE 25
2CSPC4.XModular-SWUM204.book Page 25 Friday, March 15, 2013 9:24 AM police-simple . . . . . . . . . . . . . . . . . . . . . . police-two-rate policy-map . . . . . . . . . . . . . . . . . . . . . . 689 . . . . . . . . . . . . . . . . . . . . . . . 691 random-detect queue-parms . . . . . . . . . . . . . . random-detect exponential-weighting-constant . redirect . 688 692 . . . 695 . . . . . . . . . . . . . . . . . . . . . . . . . 695 service-policy . . . . . . . . . . . . . . . . . . . . . .
PAGE 26
2CSPC4.XModular-SWUM204.book Page 26 Friday, March 15, 2013 9:24 AM 33 RADIUS Commands . . . . . . . . . . . . . . . . Commands in this Chapter . 717 . . . . . . . . . . . . . . . aaa accounting dot1x default start-stop 720 . . . . . . . . 721 . . . . . . . . . . . . . . . . . . . . . . . 723 acct-port . . . . . . . . . . . . . . . . . . . . . . . . . 724 auth-port . . . . . . . . . . . . . . . . . . . . . . . . . 725 accounting . deadtime . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 27
2CSPC4.XModular-SWUM204.book Page 27 Friday, March 15, 2013 9:24 AM show aaa servers show accounting methods . . . . . . . . . . . . . . . 740 . . . . . . . . . . . . . . . . . 741 . . . . . . . . . . . . . . . . . . . . . . . . 745 . . . . . . . . . . . . . . . . . . . . . . . . . 746 . . . . . . . . . . . . . . . . . . . . . . . . . . 746 show radius statistics . source-ip . timeout . usage . 738 . . . . . . . . . . . . . . . . . . . . 34 Spanning Tree Commands . Commands in this Chapter .
PAGE 28
2CSPC4.XModular-SWUM204.book Page 28 Friday, March 15, 2013 9:24 AM spanning-tree forward-time . spanning-tree guard . . . . . . . . . . . . . . . 765 . . . . . . . . . . . . . . . . . . 766 spanning-tree loopguard spanning-tree max-age . . . . . . . . . . . . . . . . 767 . . . . . . . . . . . . . . . . . 768 spanning-tree max-hops . spanning-tree mode . . . . . . . . . . . . . . . . 769 . . . . . . . . . . . . . . . . . . . 769 spanning-tree mst configuration spanning-tree mst cost . . . .
PAGE 29
2CSPC4.XModular-SWUM204.book Page 29 Friday, March 15, 2013 9:24 AM priority 783 . . . . . . . . . . . . . . . . . . . . . . . . . . show tacacs tacacs-server host . tacacs-server key . . . . . . . . . . . . . . . . . . . 785 . . . . . . . . . . . . . . . . . . . . 786 tacacs-server timeout timeout . 784 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 787 . . . . . . . . . . . . . . . . . . . . . . . . . 787 36 UDLD Commands . . . . . . . . . . . . . . . .
PAGE 30
2CSPC4.XModular-SWUM204.book Page 30 Friday, March 15, 2013 9:24 AM 37 VLAN Commands . Double VLAN Mode . . . . . . . . . . . . . . . . . 799 . . . . . . . . . . . . . . . . . . . Independent VLAN Learning . 799 . . . . . . . . . . . . . . 800 Protocol Based VLANs . . . . . . . . . . . . . . . . . . 800 IP Subnet Based VLANs . . . . . . . . . . . . . . . . . 801 . . . . . . . . . . . . . . . . . . . 801 MAC-Based VLANs Private VLAN Commands . . . . . . . . . . . . . . . .
PAGE 31
2CSPC4.XModular-SWUM204.book Page 31 Friday, March 15, 2013 9:24 AM show vlan association mac . . . . . . . . . . . . . . . show vlan association subnet . switchport access vlan 821 . . . . . . . . . . . . . 822 . . . . . . . . . . . . . . . . . 823 switchport general forbidden vlan . . . . . . . . . . . 824 switchport general acceptable-frame-type tagged-only 825 switchport general allowed vlan . . . . . . . . . . . . switchport general ingress-filtering disable . 826 . . . . . 827 . . .
PAGE 32
2CSPC4.XModular-SWUM204.book Page 32 Friday, March 15, 2013 9:24 AM switchport mode private-vlan . private-vlan . . . . . . . . . . . . . 841 . . . . . . . . . . . . . . . . . . . . . . . 842 show vlan private-vlan 38 Voice VLAN Commands . Commands in this Chapter . voice vlan 844 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847 . . . . . . . . . . . . . . . 848 . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 33
2CSPC4.XModular-SWUM204.book Page 33 Friday, March 15, 2013 9:24 AM dot1x max-users . . . . . . . . . . . . . . . . . . . . . 860 dot1x port-control . . . . . . . . . . . . . . . . . . . . 861 dot1x re-authenticate . . . . . . . . . . . . . . . . . . dot1x reauthentication . . . . . . . . . . . . . . . . . . dot1x system-auth-control . . . . . . . . . . . . . . . . dot1x system-auth-control monitor 863 863 . . . . . . . . . . . 864 . . . . . . . . . . . . 865 . . . . . . . . . . . . . . .
PAGE 34
2CSPC4.XModular-SWUM204.book Page 34 Friday, March 15, 2013 9:24 AM show dot1x advanced 40 Data Center Technology Commands 41 Data Center Bridging Commands . . . 885 . . . . . 887 NOTE: Data Center Bridging Exchange Protocol . . . . 887 . . . . . . . . . . . . 891 . . . . . . . . . . . . . . . . . . . . . . . . 891 Interoperability with IEEE DCBX Port Roles 882 . . . . . . . . . . . . . . . . . . Commands in this Chapter . . . . . . . . . . . . . . . .
PAGE 35
2CSPC4.XModular-SWUM204.book Page 35 Friday, March 15, 2013 9:24 AM show classofservice traffic-class-group show interfaces traffic-class-group 42 FIP Snooping Commands . Setting Up FIP Snooping . . . . . . . . . 914 . . . . . . . . . . 915 . . . . . . . . . . . 919 919 . . . . . . . . . . . . . . . . Commands in this Chapter . . . . . . . . . . . . . . . . 920 . . . . . . . . . . . . . . . . . . 921 fip-snooping enable . . . . . . . . . . . . . . . . . . . 922 fip-snooping fc-map . . . .
PAGE 36
2CSPC4.XModular-SWUM204.book Page 36 Friday, March 15, 2013 9:24 AM clear priority-flow-control statistics show interfaces priority-flow-control 44 Layer 3 Commands 45 ARP Commands ARP Aging 953 . . . . . . . . . . . . . . . . . . . . . . . . . 957 . . . . . . . . . . . . . . . . . . . 959 . . . . . . . . . . . . . . . . . . . . . . . . Commands in this Chapter . arp 953 . . . . . . . . . . 960 . . . . . . . . . . . . . . . 960 . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 37
2CSPC4.XModular-SWUM204.book Page 37 Friday, March 15, 2013 9:24 AM 46 DHCP Server and Relay Agent Commands 971 Commands in this Chapter . . . . . . . . . . . . . . . . 972 . . . . . . . . . . . . . . . . . . . . . . . 972 . . . . . . . . . . . . . . . . . . . . . . . . . 975 ip dhcp pool bootfile . clear ip dhcp binding . . . . . . . . . . . . . . . . . . 976 clear ip dhcp conflict . . . . . . . . . . . . . . . . . . 976 . . . . . . . . . . . . . . . . . . . . . 977 . . . . . . . . . . . .
PAGE 38
2CSPC4.XModular-SWUM204.book Page 38 Friday, March 15, 2013 9:24 AM next-server . option . . . . . . . . . . . . . . . . . . . . . . . . 990 . . . . . . . . . . . . . . . . . . . . . . . . . . 991 service dhcp sntp . . . . . . . . . . . . . . . . . . . . . . . . 995 . . . . . . . . . . . . . . . . . . . . . . . . . . . 996 show ip dhcp binding . . . . . . . . . . . . . . . . . . 997 show ip dhcp conflict . . . . . . . . . . . . . . . . . .
PAGE 39
2CSPC4.XModular-SWUM204.book Page 39 Friday, March 15, 2013 9:24 AM show ipv6 dhcp interface (Privileged EXEC) show ipv6 dhcp pool . . . . . . 1014 . . . . . . . . . . . . . . . . . 1018 show ipv6 dhcp statistics 48 DVMRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Commands in this Chapter . ip dvmrp 1018 1021 . . . . . . . . . . . . . . 1021 . . . . . . . . . . . . . . . . . . . . . . . . 1021 ip dvmrp metric show ip dvmrp . . . . . . . . . . . . . . . . . . . .
PAGE 40
2CSPC4.XModular-SWUM204.book Page 40 Friday, March 15, 2013 9:24 AM ip igmp . . . . . . . . . . . . . . . . . . . . . . . . . ip igmp last-member-query-count . . . . . . . . . . . ip igmp last-member-query-interval ip igmp query-interval . 1036 . . . . . . . . . . . . . . . . 1037 . . . . . . . . . . 1038 . . . . . . . . . . . . . . . . . . 1038 ip igmp startup-query-count . . . . . . . . . . . . . . ip igmp startup-query-interval . 1040 . . . . . . . . . . . . . . . . . . . . 1041 . . .
PAGE 41
2CSPC4.XModular-SWUM204.book Page 41 Friday, March 15, 2013 9:24 AM show ip igmp-proxy interface . show ip igmp-proxy groups . . . . . . . . . . . . 1053 . . . . . . . . . . . . . . 1054 show ip igmp-proxy groups detail . . . . . . . . . . 52 IP Helper/DHCP Relay Commands . Commands in this Chapter . . . . . . . . . . . . . . . bootpdhcprelay maxhopcount . 1057 1059 . . . . . . . . . . . . 1059 . . . . . . . . . . . . . 1060 . . . . . . . . . . . . . . .
PAGE 42
2CSPC4.XModular-SWUM204.book Page 42 Friday, March 15, 2013 9:24 AM Static Reject Routes . Default Routes . . . . . . . . . . . . . . . . . 1076 . . . . . . . . . . . . . . . . . . . . . 1076 Commands in this Chapter . . . . . . . . . . . . . . . 1076 . . . . . . . . . . . . . . . . . . . . . 1077 . . . . . . . . . . . . . . . . . . . . . . . 1077 . . . . . . . . . . . . . . . . . . . . . . . . . 1079 encapsulation ip address ip mtu . ip netdirbcast ip route . . . . . . . . . . . . . . . .
PAGE 43
2CSPC4.XModular-SWUM204.book Page 43 Friday, March 15, 2013 9:24 AM show routing heap summary . . . . . . . . . . . . . 54 IPv6 Routing Commands IPv6 Limitations & Restrictions . . . . . . . . . . . 1101 1105 . . . . . . . . . . . . 1105 . . . . . . . . . . . . . . 1105 . . . . . . . . . . . . . . . . . 1106 . . . . . . . . . . . . . . . . . . 1107 ipv6 address . . . . . . . . . . . . . . . . . . . . . . 1108 ipv6 enable . . . . . . . . . . . . . . . . . . . . . . .
PAGE 44
2CSPC4.XModular-SWUM204.book Page 44 Friday, March 15, 2013 9:24 AM ipv6 nd ns-interval . . . . . . . . . . . . . . . . . . . ipv6 nd other-config-flag ipv6 nd prefix. 1119 . . . . . . . . . . . . . . . 1120 . . . . . . . . . . . . . . . . . . . . . 1121 ipv6 nd ra-interval . . . . . . . . . . . . . . . . . . . 1122 ipv6 nd ra-lifetime . . . . . . . . . . . . . . . . . . . 1123 ipv6 nd reachable-time . . . . . . . . . . . . . . . . 1124 . . . . . . . . . . . . . . . . . . 1125 . . . . .
PAGE 45
2CSPC4.XModular-SWUM204.book Page 45 Friday, March 15, 2013 9:24 AM show ipv6 mld traffic . . . . . . . . . . . . . . . . . 1147 show ipv6 neighbors . . . . . . . . . . . . . . . . . . 1148 . . . . . . . . . . . . . . . . . . . . 1149 show ipv6 route show ipv6 route preferences . . . . . . . . . . . . . 1151 . . . . . . . . . . . . . . . 1152 . . . . . . . . . . . . . . . . . . . 1153 show ipv6 vlan . . . . . . . . . . . . . . . . . . . . . 1155 traceroute ipv6 . . . . . . . . . . . . .
PAGE 46
2CSPC4.XModular-SWUM204.book Page 46 Friday, March 15, 2013 9:24 AM ip pim bsr-candidate . ip pim dense . . . . . . . . . . . . . . . . . 1170 . . . . . . . . . . . . . . . . . . . . . . 1171 ip pim dr-priority . . . . . . . . . . . . . . . . . . . . ip pim hello-interval . . . . . . . . . . . . . . . . . . ip pim join-prune-interval . ip pim rp-address 1172 . . . . . . . . . . . . . . 1173 . . . . . . . . . . . . . . . . . . . 1174 ip pim rp-candidate . . . . . . . . . . . . . . . . . .
PAGE 47
2CSPC4.XModular-SWUM204.book Page 47 Friday, March 15, 2013 9:24 AM show ip pim rp mapping . . . . . . . . . . . . . . . . 57 IPv6 Multicast Commands . ipv6 pim (Global config) . . . . . . . . . . . . . . . . ipv6 pim (VLAN Interface config) ipv6 pim bsr-border 1193 1193 . . . . . . . . . . . 1194 . . . . . . . . . . . . . . . . . . 1195 ipv6 pim bsr-candidate ipv6 pim dense . . . . . . . . . . 1190 . . . . . . . . . . . . . . . . 1195 . . . . . . . . . . . . . . . . . . . .
PAGE 48
2CSPC4.XModular-SWUM204.book Page 48 Friday, March 15, 2013 9:24 AM show ipv6 pim neighbor . show ipv6 pim rphash . . . . . . . . . . . . . . . 1208 . . . . . . . . . . . . . . . . . 1209 show ipv6 pim rp mapping . 58 OSPF Commands Route Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OSPF Equal Cost Multipath (ECMP) . . . . . . . . . . 1210 1213 1214 1214 Forwarding of OSPF Opaque LSAs Enabled by Default 1215 Passive Interfaces .
PAGE 49
2CSPC4.XModular-SWUM204.book Page 49 Friday, March 15, 2013 9:24 AM area virtual-link authentication . . . . . . . . . . . . 1232 area virtual-link dead-interval . . . . . . . . . . . . 1233 area virtual-link hello-interval . . . . . . . . . . . . 1234 area virtual-link retransmit-interval . . . . . . . . . 1235 . . . . . . . . . . . 1236 auto-cost . . . . . . . . . . . . . . . . . . . . . . . . 1237 bandwidth . . . . . . . . . . . . . . . . . . . . . . .
PAGE 50
2CSPC4.XModular-SWUM204.book Page 50 Friday, March 15, 2013 9:24 AM ip ospf database-filter all out . . . . . . . . . . . . . 1251 ip ospf dead-interval . . . . . . . . . . . . . . . . . . 1251 ip ospf hello-interval. . . . . . . . . . . . . . . . . . 1252 . . . . . . . . . . . . . . . . . . . 1253 . . . . . . . . . . . . . . . . . . . . 1254 . . . . . . . . . . . . . . . . . . . . . 1255 ip ospf mtu-ignore ip ospf network ip ospf priority ip ospf retransmit-interval .
PAGE 51
2CSPC4.XModular-SWUM204.book Page 51 Friday, March 15, 2013 9:24 AM show ip ospf . . . . . . . . . . . . . . . . . . . . . . 1269 show ip ospf abr . . . . . . . . . . . . . . . . . . . . 1276 show ip ospf area . . . . . . . . . . . . . . . . . . . 1277 show ip ospf asbr . . . . . . . . . . . . . . . . . . . 1279 show ip ospf database . . . . . . . . . . . . . . . . . show ip ospf database database-summary . show ip ospf interface . 1280 . . . . . 1283 . . . . . . . . . . . . . . . .
PAGE 52
2CSPC4.XModular-SWUM204.book Page 52 Friday, March 15, 2013 9:24 AM area nssa (Router OSPFv3) . . . . . . . . . . . . . . 1307 area nssa default-info-originate (Router OSPFv3 Config) 1308 area nssa no-redistribute area nssa no-summary . . . . . . . . . . . . . . . . 1309 . . . . . . . . . . . . . . . . 1310 area nssa translator-role . . . . . . . . . . . . . . . area nssa translator-stab-intv . . . . . . . . . . . . . 1312 . . . . . . . . . . . . . 1313 . . . . . . . . . . . . . . . . . . .
PAGE 53
2CSPC4.XModular-SWUM204.book Page 53 Friday, March 15, 2013 9:24 AM ipv6 ospf area . . . . . . . . . . . . . . . . . . . . . 1327 ipv6 ospf cost . . . . . . . . . . . . . . . . . . . . . 1328 ipv6 ospf dead-interval . . . . . . . . . . . . . . . . 1328 ipv6 ospf hello-interval . . . . . . . . . . . . . . . . 1329 . . . . . . . . . . . . . . . . . 1330 ipv6 ospf network . . . . . . . . . . . . . . . . . . . 1331 ipv6 ospf priority . . . . . . . . . . . . . . . . . . . .
PAGE 54
2CSPC4.XModular-SWUM204.book Page 54 Friday, March 15, 2013 9:24 AM show ipv6 ospf area . . . . . . . . . . . . . . . . . . 1347 show ipv6 ospf asbr . . . . . . . . . . . . . . . . . . 1348 show ipv6 ospf border-routers. show ipv6 ospf database . . . . . . . . . . . . 1348 . . . . . . . . . . . . . . . 1349 show ipv6 ospf database database-summary . show ipv6 ospf interface . . . . 1352 . . . . . . . . . . . . . . . 1353 show ipv6 ospf interface brief . . . . . . . . . . . . .
PAGE 55
2CSPC4.XModular-SWUM204.book Page 55 Friday, March 15, 2013 9:24 AM ip irdp multicast . . . . . . . . . . . . . . . . . . . . ip irdp preference show ip irdp 1371 . . . . . . . . . . . . . . . . . . . 1371 . . . . . . . . . . . . . . . . . . . . . . 1372 61 Routing Information Protocol Commands 1375 Commands in this Chapter . auto-summary . . . . . . . . . . . . . . 1375 . . . . . . . . . . . . . . . . . . . . .
PAGE 56
2CSPC4.XModular-SWUM204.book Page 56 Friday, March 15, 2013 9:24 AM split-horizon . . . . . . . . . . . . . . . . . . . . . . 62 Tunnel Interface Commands Commands in this Chapter . interface tunnel 1391 . . . . . . . . . . . . . . 1391 . . . . . . . . . . . . . . . . . . . . 1392 show interfaces tunnel tunnel destination . . . . . . . . . . . . . . . . 1392 . . . . . . . . . . . . . . . . . . . 1393 tunnel mode ipv6ip . tunnel source . . . . . . . . 1389 . . . . . . . . . . . . . . . . . .
PAGE 57
2CSPC4.XModular-SWUM204.book Page 57 Friday, March 15, 2013 9:24 AM vrrp mode . . . . . . . . . . . . . . . . . . . . . . . 1404 vrrp preempt . . . . . . . . . . . . . . . . . . . . . . 1405 vrrp priority. . . . . . . . . . . . . . . . . . . . . . . 1406 vrrp timers advertise . vrrp timers learn . . . . . . . . . . . . . . . . . . 1407 . . . . . . . . . . . . . . . . . . . 1408 vrrp track interface . . . . . . . . . . . . . . . . . . 1409 . . . . . . . . . . . . . . . . . . . 1410 . . .
PAGE 58
2CSPC4.XModular-SWUM204.book Page 58 Friday, March 15, 2013 9:24 AM boot host dhcp . . . . . . . . . . . . . . . . . . . . . 1427 boot host retrycount . . . . . . . . . . . . . . . . . . 1428 show auto-copy-sw . . . . . . . . . . . . . . . . . . 1429 . . . . . . . . . . . . . . . . . . . . . . . 1430 show boot 66 Captive Portal Commands Commands in this Chapter . 1433 . . . . . . . . . . . . . . . . 1435 . . . . . . . . . . . . . . . . . . . . . 1435 . . . . . . . . . . . . . . . . . . .
PAGE 59
2CSPC4.XModular-SWUM204.book Page 59 Friday, March 15, 2013 9:24 AM redirect . . . . . . . . . . . . . . . . . . . . . . . . . redirect-url . . . . . . . . . . . . . . . . . . . . . . . session-timeout verification . 1446 . . . . . . . . . . . . . . . . . . . . 1446 . . . . . . . . . . . . . . . . . . . . . . 1447 captive-portal client deauthenticate show captive-portal client status . . . . . . . . . . 1448 . . . . . . . . . .
PAGE 60
2CSPC4.XModular-SWUM204.book Page 60 Friday, March 15, 2013 9:24 AM user group . . . . . . . . . . . . . . . . . . . . . . . user group moveusers . user group name . . . . . . . . . . . . . . . . . 1463 . . . . . . . . . . . . . . . . . . . 1464 67 CLI Macro Commands Commands in this Chapter . macro name 1463 . . . . . . . . . . . . . 1465 . . . . . . . . . . . . . . 1466 . . . . . . . . . . . . . . . . . . . . . . 1466 macro global apply . . . . . . . . . . . . . . . . . .
PAGE 61
2CSPC4.XModular-SWUM204.book Page 61 Friday, March 15, 2013 9:24 AM sntp authenticate . . . . . . . . . . . . . . . . . . . sntp authentication-key . . . . . . . . . . . . . . . . sntp broadcast client enable 1482 . . . . . . . . . . . . . . . . . 1482 . . . . . . . . . . . . . . . . . . . . . . 1483 sntp trusted-key . . . . . . . . . . . . . . . . . . . . sntp unicast client enable . . . . . . . . . . . . . . . clock timezone hours-offset . no clock timezone 1484 1485 . . . . . . . . . . .
PAGE 62
2CSPC4.XModular-SWUM204.book Page 62 Friday, March 15, 2013 9:24 AM 70 Configuration and Image File Commands 1499 File System Commands . . . . . . . . . . . . . . . . Command Line Interface Scripting 1499 . . . . . . . . . . 1499 . . . . . . . . . . . . . . 1499 boot system . . . . . . . . . . . . . . . . . . . . . . 1500 clear config . . . . . . . . . . . . . . . . . . . . . . 1501 . . . . . . . . . . . . . . . . . . . . . . . . . . 1501 Commands in this Chapter . copy delete . . . . .
PAGE 63
2CSPC4.XModular-SWUM204.book Page 63 Friday, March 15, 2013 9:24 AM 71 Denial of Service Commands Commands in this Chapter . . . . . . . . 1521 . . . . . . . . . . . . . . 1522 . . . . . . . . . . . . . . . . . . 1523 dos-control icmp . . . . . . . . . . . . . . . . . . . . 1523 dos-control l4port . . . . . . . . . . . . . . . . . . . 1524 dos-control sipdip . . . . . . . . . . . . . . . . . . . 1525 dos-control tcpflag . . . . . . . . . . . . . . . . . . 1526 dos-control tcpfrag . . .
PAGE 64
2CSPC4.XModular-SWUM204.book Page 64 Friday, March 15, 2013 9:24 AM show line . speed . . . . . . . . . . . . . . . . . . . . . . . . 1537 . . . . . . . . . . . . . . . . . . . . . . . . . 1538 73 Management ACL Commands Commands in this Chapter . deny (management) 1539 . . . . . . . . . . . . . . . . . . 1540 . . . . . . . . . . . . . . 1541 . . . . . . . . . . . . . . . 1542 . . . . . . . . . . . . . . . . .
PAGE 65
2CSPC4.XModular-SWUM204.book Page 65 Friday, March 15, 2013 9:24 AM Commands in this Chapter . passwords aging . . . . . . . . . . . . . . . 1553 . . . . . . . . . . . . . . . . . . . 1554 passwords history . . . . . . . . . . . . . . . . . . . 1554 passwords lock-out . . . . . . . . . . . . . . . . . . 1555 passwords min-length . . . . . . . . . . . . . . . . . passwords strength-check . . . . . . . . . . . . . . 1556 1557 passwords strength minimum uppercase-letters . . .
PAGE 66
2CSPC4.XModular-SWUM204.book Page 66 Friday, March 15, 2013 9:24 AM 77 RMON Commands . . . . . . . . . . . . . . . . Commands in this Chapter . rmon alarm . . . . . . . . . . . . . . . 1573 . . . . . . . . . . . . . . . . . . . . . . 1573 rmon collection history rmon event . . . . . . . . . . . . . . . . . 1576 . . . . . . . . . . . . . . . . . . . . . . 1577 show rmon alarm . . . . . . . . . . . . . . . . . . . show rmon alarms . . . . . . . . . . . . . . . . . . .
PAGE 67
2CSPC4.XModular-SWUM204.book Page 67 Friday, March 15, 2013 9:24 AM debug clear . . . . . . . . . . . . . . . . . . . . . . debug console debug dot1x . . . . . . . . . . . . . . . . . . . . . 1600 . . . . . . . . . . . . . . . . . . . . . . 1600 debug igmpsnooping. debug ip acl 1599 . . . . . . . . . . . . . . . . . 1601 . . . . . . . . . . . . . . . . . . . . . . 1602 debug ip dvmrp . debug ip igmp . . . . . . . . . . . . . . . . . . . . 1602 . . . . . . . . . . . . . . . . . . . . .
PAGE 68
2CSPC4.XModular-SWUM204.book Page 68 Friday, March 15, 2013 9:24 AM debug ping . debug rip . . . . . . . . . . . . . . . . . . . . . . . 1614 . . . . . . . . . . . . . . . . . . . . . . . 1615 debug sflow . . . . . . . . . . . . . . . . . . . . . . debug spanning-tree . debug vrrp 1616 . . . . . . . . . . . . . . . . . 1616 . . . . . . . . . . . . . . . . . . . . . . . 1617 show debugging . . . . . . . . . . . . . . . . . . . . 80 Sflow Commands . . . . . . . . . . . . . . . . .
PAGE 69
2CSPC4.XModular-SWUM204.book Page 69 Friday, March 15, 2013 9:24 AM show snmp engineID . . . . . . . . . . . . . . . . . 1633 show snmp filters . . . . . . . . . . . . . . . . . . . 1633 show snmp group . . . . . . . . . . . . . . . . . . . 1635 . . . . . . . . . . . . . . . . . . . . 1636 show snmp user show snmp views show trapflags . . . . . . . . . . . . . . . . . . . . 1637 . . . . . . . . . . . . . . . . . . . . 1638 snmp-server community . . . . . . . . . . . . . . . .
PAGE 70
2CSPC4.XModular-SWUM204.book Page 70 Friday, March 15, 2013 9:24 AM crypto key generate rsa . . . . . . . . . . . . . . . . crypto key pubkey-chain ssh . . . . . . . . . . . . . crypto key zeroize pubkey-chain 1662 . . . . . . . . . . . . . . 1663 . . . . . . . . . . . . . . . . . . . . . . . 1663 ip ssh pubkey-auth . . . . . . . . . . . . . . . . . . . 1664 . . . . . . . . . . . . . . . . . . . . . . 1665 . . . . . . . . . . . . . . . . . . . . . . .
PAGE 71
2CSPC4.XModular-SWUM204.book Page 71 Friday, March 15, 2013 9:24 AM logging . . . . . . . . . . . . . . . . . . . . . . . . . logging audit . . . . . . . . . . . . . . . . . . . . . . 1679 1681 logging buffered . . . . . . . . . . . . . . . . . . . . 1682 logging console . . . . . . . . . . . . . . . . . . . . 1683 logging facility . . . . . . . . . . . . . . . . . . . . . 1684 . . . . . . . . . . . . . . . . . . . . . . 1685 logging file . logging monitor logging on . . . . . . . . . . .
PAGE 72
2CSPC4.XModular-SWUM204.book Page 72 Friday, March 15, 2013 9:24 AM clear checkpoint statistics . . . . . . . . . . . . . . 1702 clear counters stack-ports . . . . . . . . . . . . . . 1702 . . . . . . . . . . . . . . . . . . . 1703 . . . . . . . . . . . . . . . . . . . . . . 1704 cut-through mode exec-banner hardware profile portmode hostname . . . . . . . . . . . . . . . 1704 . . . . . . . . . . . . . . . . . . . . . . . 1705 initiate failover . ip address . . . . . . . . . . . . . . . .
PAGE 73
2CSPC4.XModular-SWUM204.book Page 73 Friday, March 15, 2013 9:24 AM show cut-through mode . . . . . . . . . . . . . . . . 1720 show hardware profile . . . . . . . . . . . . . . . . 1720 show interfaces advanced firmware . . . . . . . . . 1721 . . . . . . . . . . . . 1722 . . . . . . . . . . . . . . . . . . . 1723 . . . . . . . . . . . . . . . . . . . . . . . . 1724 show ip interface out-of-band . show memory cpu show nsf show power-usage-history . . . . . . . . . . . . . . 1725 . . . . .
PAGE 74
2CSPC4.XModular-SWUM204.book Page 74 Friday, March 15, 2013 9:24 AM stack . . . . . . . . . . . . . . . . . . . . . . . . . . stack-port standby . . . . . . . . . . . . . . . . . . . . . . . . 1754 . . . . . . . . . . . . . . . . . . . . . . . . 1755 switch renumber . telnet . 1753 . . . . . . . . . . . . . . . . . . . 1756 . . . . . . . . . . . . . . . . . . . . . . . . . 1757 traceroute . . . . . . . . . . . . . . . . . . . . . . . 85 Telnet Server Commands . Telnet Client Behaviors . . .
PAGE 75
2CSPC4.XModular-SWUM204.book Page 75 Friday, March 15, 2013 9:24 AM 88 User Interface Commands . enable end . . . . . . . . . 1779 . . . . . . . . . . . . . . . . . . . . . . . . . 1779 . . . . . . . . . . . . . . . . . . . . . . . . . . . 1780 exit . . . . . . . . . . . . . . . . . . . . . . . . . . . mode simple quit . 1780 . . . . . . . . . . . . . . . . . . . . . . 1781 . . . . . . . . . . . . . . . . . . . . . . . . . . 1782 89 Web Server Commands . Web Sessions . . . . . . . . . . . .
PAGE 76
2CSPC4.XModular-SWUM204.book Page 76 Friday, March 15, 2013 9:24 AM key-generate . location . . . . . . . . . . . . . . . . . . . . . . 1794 . . . . . . . . . . . . . . . . . . . . . . . . 1794 organization-unit . . . . . . . . . . . . . . . . . . . . show crypto certificate mycertificate . show ip http server status . . . . . . . . 1796 . . . . . . . . . . . . . . . 1797 show ip http server secure status . state 1795 . . . . . . . . . . 1797 . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 77
2CSPC4.XModular-SWUM204.book Page 77 Friday, March 15, 2013 9:24 AM 1 Command Groups Introduction The Command Line Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, the user has greater configuration flexibility. The CLI is a basic command-line interpreter similar to the UNIX C shell.
PAGE 78
2CSPC4.XModular-SWUM204.book Page 78 Friday, March 15, 2013 9:24 AM Table 1-1. System Command Groups (continued) Command Group Description Administrative Profiles Configures and displays ACL information. Address Table Configures bridging address tables. Auto-VoIP Configures Auto VoIP for IP phones on a switch. CDP Interoperability Configures Cisco® Discovery Protocol (CDP). DHCP L2 Relay Enables the Layer 2 DHCP Relay agent for an interface.
PAGE 79
2CSPC4.XModular-SWUM204.book Page 79 Friday, March 15, 2013 9:24 AM Table 1-1. System Command Groups (continued) Command Group Description QoS Configures and displays QoS information. Radius Configures and displays RADIUS information. Spanning Tree Configures and reports on Spanning Tree protocol. TACACS+ Configures and displays TACACS+ information. VLAN Configures VLANs and displays VLAN information. 802.1x Configures and displays commands related to 802.1x security protocol.
PAGE 80
2CSPC4.XModular-SWUM204.book Page 80 Friday, March 15, 2013 9:24 AM Table 1-1. System Command Groups (continued) Command Group Description IP Helper/DHCP Relay Configures relay of UDP packets. IP Routing (IPv4) Configures IP routing and addressing. IPv6 Multicast Manages IPv6 Multicasting on the system. IPv6 Routing Configures IPv6 routing and addressing. Loopback Interface (IPv6) Manages Loopback configurations. Multicast (Mcast) Manages Multicasting on the system.
PAGE 81
2CSPC4.XModular-SWUM204.book Page 81 Friday, March 15, 2013 9:24 AM Table 1-1. System Command Groups (continued) Command Group Description Management ACL Configures and displays management access-list information. Password Management Provides password management. PHY Diagnostics Diagnoses and displays the interface status. RMON Can be configured through the CLI and displays RMON information. Serviceability Tracing Controls display of debug output to serial port or telnet console.
PAGE 82
2CSPC4.XModular-SWUM204.
PAGE 83
2CSPC4.XModular-SWUM204.
PAGE 84
2CSPC4.XModular-SWUM204.book Page 84 Friday, March 15, 2013 9:24 AM Command Description Modea login authentication Specifies the login authentication method list for a remote telnet or console. LC password (aaa IAS User Configuration) Configures a password for a user. AAA password (Line Configuration) Specifies a password on a line. LC password (User EXEC) Specifies a user password UE show aaa ias-users Displays configured IAS users and their attributes.
PAGE 85
2CSPC4.XModular-SWUM204.book Page 85 Friday, March 15, 2013 9:24 AM Modea Command Description show users Shows which administrative profiles have been PE assigned to local user accounts and to show which profiles are active for logged-in users. username Optionally allows the specification of an Administrative Profile for a local user. a. GC For the meaning of each Mode abbreviation, see Mode Types on page 81.
PAGE 86
2CSPC4.XModular-SWUM204.book Page 86 Friday, March 15, 2013 9:24 AM a. For the meaning of each Mode abbreviation, see Mode Typeson page 81. Address Table Command Description Modea clear mac address-table Removes any learned entries from the forwarding database. PE mac address-table agingtime Sets the address table aging time. GC mac address-table multicast Forbids adding a specific multicast address to forbidden address specific ports.
PAGE 87
2CSPC4.XModular-SWUM204.book Page 87 Friday, March 15, 2013 9:24 AM Command Modea Description show mac address-table vlan Displays all entries in the bridge-forwarding database for the specified VLAN. UE or PE show ports security Displays the port-lock status. PE show ports security addresses Displays current dynamic addresses in locked ports. PE a. For the meaning of each Mode abbreviation, see Mode Typeson page 81.
PAGE 88
2CSPC4.XModular-SWUM204.book Page 88 Friday, March 15, 2013 9:24 AM Command Description Modea show isdp entry Displays ISDP entries. PE show isdp neighbors Displays the list of neighboring devices. PE show isdp traffic Displays ISDP statistics. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 81. DHCP L2 Relay Command Description Modea dhcp l2relay (Global Configuration) Enables the Layer 2 DHCP Relay agent for an interface or globally.
PAGE 89
2CSPC4.XModular-SWUM204.book Page 89 Friday, March 15, 2013 9:24 AM Command Description Modea show dhcp lease Displays IPv4 addresses leased from a DHCP server. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 81. DHCP Snooping Command Description Modea clear ip dhcp snooping binding Clears all DHCP Snooping entries. PE clear ip dhcp snooping statistics Clears all DHCP Snooping statistics. PE ip dhcp snooping Enables DHCP snooping globally or on a specific VLAN.
PAGE 90
2CSPC4.XModular-SWUM204.book Page 90 Friday, March 15, 2013 9:24 AM Command Description Modea show ip dhcp snooping interfaces Displays the DHCP Snooping status of the interfaces. PE show ip dhcp snooping statistics Displays the DHCP snooping filtration statistics. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 81. Dynamic ARP Inspection Command Description Modea arp access-list Creates an ARP ACL.
PAGE 91
2CSPC4.XModular-SWUM204.book Page 91 Friday, March 15, 2013 9:24 AM Command Description Modea show ip arp inspection vlan Displays the Dynamic ARP Inspection configuration on all the VLANs in the given VLAN range. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 81. E-mail Alerting Command Description Modea logging email Enables e-mail alerting and sets the lowest severity level for which log messages are emailed.
PAGE 92
2CSPC4.XModular-SWUM204.book Page 92 Friday, March 15, 2013 9:24 AM Command Description Modea port (Mail Server Configuration Mode) Configures the TCP port to use for communication with the SMTP servers. MSC username (Mail Server Configuration Mode) Configures the username required by the authentication. MSC password (Mail Server Configuration Mode) Configures the password required to authenticate to the e-mail server.
PAGE 93
2CSPC4.XModular-SWUM204.book Page 93 Friday, March 15, 2013 9:24 AM Modea Command Description show interfaces status Displays the status for all configured interfaces. UE show statistics Displays statistics for one port or for the entire switch. show statistics switchport Displays detailed statistics for a specific port or PE for the entire switch. show storm-control Displays the storm control configuration. PE shutdown Disables interfaces.
PAGE 94
2CSPC4.XModular-SWUM204.book Page 94 Friday, March 15, 2013 9:24 AM Command Description Modea ethernet cfm mep enable Enables a MEP at the specified level and direction. IC ethernet cfm mep active Activates a MEP at the specified level and direction. IC ethernet cfm mep archivehold-time Maintains internal information on a missing MEP. IC ethernet cfm mip level Creates a Maintenance Intermediate Point (MIP) at the specified level.
PAGE 95
2CSPC4.XModular-SWUM204.book Page 95 Friday, March 15, 2013 9:24 AM Command Description Modea gvrp vlan-creation-forbid Enables or disables dynamic VLAN creation. IC show gvrp configuration Displays GVRP configuration information, PE show gvrp error-statistics Displays GVRP error statistics. UE show gvrp statistics Displays GVRP statistics. UE a. including timer values, whether GVRP and dynamic VLAN creation is enabled, and which ports are running GVRP.
PAGE 96
2CSPC4.XModular-SWUM204.book Page 96 Friday, March 15, 2013 9:24 AM Command Description Modea ip igmp snooping unregistered floodall Enables flooding of unregistered multicast traffic to all ports in the VLAN. GC ip igmp snooping vlan mrouter Statically configures a port as connected to a multicast router for a specified VLAN. GC a. For the meaning of each Mode abbreviation, see Mode Types on page 81.
PAGE 97
2CSPC4.XModular-SWUM204.book Page 97 Friday, March 15, 2013 9:24 AM Modea Command Description ip address-conflict-detect run Triggers the switch to run active address conflict GC detection by sending gratuitous ARP packets for IPv4 addresses on the switch. ip address dhcp (Interface Config) Acquires an IP address on an interface from the IC DHCP server. ip default-gateway Defines a default gateway (router). GC ip domain-lookup Enables IP DNS-based host name-to-address translation.
PAGE 98
2CSPC4.XModular-SWUM204.book Page 98 Friday, March 15, 2013 9:24 AM IPv6 ACL Command Description Modea deny | permit (IPv6 ACL) Creates a new rule for the current IPv6 access list. v6ACL ipv6 access-list Creates an IPv6 Access Control List (ACL) GC consisting of classification fields defined for the IP header of an IPv6 frame. ipv6 access-list rename Changes the name of an IPv6 ACL.
PAGE 99
2CSPC4.XModular-SWUM204.book Page 99 Friday, March 15, 2013 9:24 AM Command Description Modea show ipv6 mld snooping groups Displays the MLD Snooping entries in the MFDB table. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 81. IPv6 MLD Snooping Querier Modea Command Description ipv6 mld snooping querier Enables MLD Snooping Querier on the system GC or or on a VLAN.
PAGE 100
2CSPC4.XModular-SWUM204.book Page 100 Friday, March 15, 2013 9:24 AM Command Description Modea show ip source binding Displays all bindings (static and dynamic). PE a. For the meaning of each Mode abbreviation, see Mode Types on page 81. iSCSI Optimization Link Dependency Command Description Modea iscsi aging time Sets aging time for iSCSI sessions. GC iscsi cos Sets the quality of service profile that will be applied to iSCSI flows.
PAGE 101
2CSPC4.XModular-SWUM204.book Page 101 Friday, March 15, 2013 9:24 AM Command Description Modea depends-on Adds the dependent Ethernet ports or port channels list. LD show link-dependency Shows the link dependencies configured on a particular group. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 81. LLDP Command Description Modea clear lldp remote-data Deletes all data from the remote data table. PE clear lldp statistics Resets all LLDP statistics.
PAGE 102
2CSPC4.XModular-SWUM204.book Page 102 Friday, March 15, 2013 9:24 AM Multicast VLAN Registration Command Description Modea mvr Enables MVR. GC or IC mvr group Adds an MVR membership group. GC mvr mode Changes the MVR mode type. GC mvr querytime Sets the MVR query response time. GC mvr vlan Sets the MVR multicast VLAN. GC mvr immediate Enables MVR Immediate Leave mode. IC mvr type Sets the MVR port type. IC mvr vlan group Use to participate in the specific MVR group.
PAGE 103
2CSPC4.XModular-SWUM204.book Page 103 Friday, March 15, 2013 9:24 AM Command Description Modea lacp port-priority Configures the priority value for physical ports. IC lacp system-priority Configures the system LACP priority. GC lacp timeout Assigns an administrative LACP timeout. IC port-channel min-links Sets the minimum number of links that must IC be up in order for the port channel interface to be declared up. show interfaces portchannel Displays port-channel information.
PAGE 104
2CSPC4.XModular-SWUM204.book Page 104 Friday, March 15, 2013 9:24 AM Command Description Modea minimum active uplinks Sets the minimum number of uplinks to be active for the Group. PA mtu disable Sets the mtu size to default (1518) on all the member ports in the aggregator group/zone. PA negotiation Enables auto-negotiation of all member ports in the aggregator group/zone. PA no lacp Sets the LACP (Link Aggregation) PA mode to default for that Aggregator Group.
PAGE 105
2CSPC4.XModular-SWUM204.book Page 105 Friday, March 15, 2013 9:24 AM Modea Command Description class Creates an instance of a class definition within PMC the specified policy for the purpose of defining treatment of the traffic class through subsequent policy attribute statements. class-map Defines a new DiffServ class of type match-all, GC match-any, or match-access-group. For now, only match-all is available in the CLI. class-map rename Changes the name of a DiffServ class.
PAGE 106
2CSPC4.XModular-SWUM204.book Page 106 Friday, March 15, 2013 9:24 AM Command Description Modea mark ip-dscp Marks all packets for the associated traffic stream with the specified IP DSCP value. PCMC mark ip-precedence Marks all packets for the associated traffic PCMC stream with the specified IP precedence value. match class-map Adds add to the specified class definition the set of match conditions defined for another class.
PAGE 107
2CSPC4.XModular-SWUM204.book Page 107 Friday, March 15, 2013 9:24 AM Modea Command Description match protocol Adds to the specified class definition a match CMC condition based on the value of the IP Protocol field in a packet using a single keyword notation or a numeric value notation. match source-address mac Adds to the specified class definition a match CMC condition based on the source MAC address of the packet.
PAGE 108
2CSPC4.XModular-SWUM204.book Page 108 Friday, March 15, 2013 9:24 AM Modea Command Description redirect Specifies that all incoming packets for the PCMC associated traffic stream are redirected to a specific egress interface (physical port or portchannel). service-policy Attaches a policy to an interface in a particular GC or direction. IC show class-map Displays all configuration information for the specified class. show classofservice dot1pmapping Displays the current Dot1p (802.
PAGE 109
2CSPC4.XModular-SWUM204.book Page 109 Friday, March 15, 2013 9:24 AM Command Description Modea traffic-shape Specifies the maximum transmission bandwidth limit for the interface as a whole. GC or IC a. For the meaning of each Mode abbreviation, see Mode Types on page 81. Radius Command Description Modea aaa accounting dot1x default start-stop Creates an accounting method list GC accounting Applies an accounting method to a line config.
PAGE 110
2CSPC4.XModular-SWUM204.book Page 110 Friday, March 15, 2013 9:24 AM Modea Command Description radius-server deadtime Improves RADIUS response times when servers GC are unavailable. Causes the unavailable servers to be skipped. radius-server host Specifies a RADIUS server host. GC radius-server key Sets the authentication and encryption key for all RADIUS communications between the switch and the RADIUS daemon.
PAGE 111
2CSPC4.XModular-SWUM204.book Page 111 Friday, March 15, 2013 9:24 AM Spanning Tree Command Description Modea clear spanning-tree detected-protocols Restarts the protocol migration process on all interfaces or on the specified interface. PE exit (mst) Exits the MST configuration mode and applies MC configuration changes. instance (mst) Maps VLANs to an MST instance. MC name (mst) Defines the MST configuration name. MC revision (mst) Defines the configuration revision number.
PAGE 112
2CSPC4.XModular-SWUM204.book Page 112 Friday, March 15, 2013 9:24 AM Command Description Modea spanning-tree mode Configures the spanning tree protocol. GC spanning-tree mst configuration Enables configuring an MST region by entering GC the multiple spanning-tree (MST) mode. spanning-tree mst cost Configures the path cost for multiple spanning IC tree (MST) calculations. spanning-tree mst portpriority Configures port priority.
PAGE 113
2CSPC4.XModular-SWUM204.book Page 113 Friday, March 15, 2013 9:24 AM Command Description Modea show tacacs Displays TACACS+ server settings and statistics. PE tacacs-server host Specifies a TACACS+ server host. GC tacacs-server key Sets the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon. GC tacacs-server timeout Sets the interval for which the switch waits for a GC server host to reply.
PAGE 114
2CSPC4.XModular-SWUM204.book Page 114 Friday, March 15, 2013 9:24 AM Command Modea Description show dvlan-tunnel interface Displays detailed information about Double VLAN Tunneling for the specified interface. PE show interfaces switchport PE, Displays switchport configuration. IC show port protocol Displays the Protocol-Based VLAN information PE for either the entire system or for the indicated group.
PAGE 115
2CSPC4.XModular-SWUM204.book Page 115 Friday, March 15, 2013 9:24 AM Command Description Modea switchport private-vlan Defines a private-VLAN association for an isolated or community port or a mapping for a promiscuous port. IC switchport trunk Adds or removes VLANs from a trunk port. IC vlan Creates a VLAN. VC vlan (Global Config) Configures a VLAN. GC vlan association mac Associates a MAC address to a VLAN. VC vlan association subnet Associates an IP subnet to a VLAN.
PAGE 116
2CSPC4.XModular-SWUM204.book Page 116 Friday, March 15, 2013 9:24 AM Modea Command Description dot1x max-req Sets the maximum number of times the switch IC sends an EAP-request frame to the client before restarting the authentication process. dot1x max-users Sets the maximum number of clients supported IC on the port when MAC-based 802.1X authentication is enabled on the port. dot1x port-control Enables manual control of the authorization state of the port.
PAGE 117
2CSPC4.XModular-SWUM204.book Page 117 Friday, March 15, 2013 9:24 AM Command Modea Description show dot1x authentication- Displays the dot1x authentication events and PE history information during successful and unsuccessful dot1x authentication processes. show dot1x clients Displays detailed information about the users who have successfully authenticated on the system or on a specified port. PE show dot1x interface Shows the status of MAC Authentication Bypass.
PAGE 118
2CSPC4.XModular-SWUM204.book Page 118 Friday, March 15, 2013 9:24 AM Data Center Technology Commands Data Center Bridging Commands Command Description Modea datacenter-bridging Enters the Data Center Bridging mode. IC lldp dcbx version Enables the switch to support a specific version GC of the Data Center Bridging Capability Exchange (DCBX) protocol or to detect the peer version and match it.
PAGE 119
2CSPC4.XModular-SWUM204.book Page 119 Friday, March 15, 2013 9:24 AM Command Description Modea show fip-snooping enode Displays information about the interfaces connected to ENodes UE, PE show fip-snooping fcf Displays information about the interfaces connected to FCFs. UE, PE show fip-snooping sessions Displays information about the active FIP snooping sessions. UE, PE show fip-snooping statistics Displays the statistics of the FIP packets snooped in the VLAN or on an interface.
PAGE 120
2CSPC4.XModular-SWUM204.book Page 120 Friday, March 15, 2013 9:24 AM Layer 3 Commands ARP (IPv4) Command Description Modea arp Creates an Address Resolution Protocol (ARP) entry. GC arp cachesize Configures the maximum number of entries in the ARP cache. GC arp dynamicrenew Enables the ARP component to automatically renew dynamic ARP entries when they age out. GC arp purge Causes the specified IP address to be removed from the ARP cache.
PAGE 121
2CSPC4.XModular-SWUM204.book Page 121 Friday, March 15, 2013 9:24 AM DHCP Server and Relay Agent (IPv4) Modea Command Description ip dhcp pool Defines a DHCP address pool that can be used GC to supply addressing information to DHCP client. This command puts the user into DHCP Pool Configuration mode. bootfile Sets the name of the image for the DHCP client to load. DP clear ip dhcp binding Removes automatic DHCP server bindings. PE clear ip dhcp conflict Removes DHCP server address conflicts.
PAGE 122
2CSPC4.XModular-SWUM204.book Page 122 Friday, March 15, 2013 9:24 AM Command Description Modea netbios-name-server Configures the IPv4 address of the Windows® Internet Naming Service (WINS) for a Microsoft DHCP client. DP netbios-node-type Sets the NetBIOS node type for a Microsoft DHCP client. DP network Defines a pool of IPv4 addresses for distributing DP to clients. next-server Sets the IPv4 address of the TFTP server to be used during auto-install.
PAGE 123
2CSPC4.XModular-SWUM204.book Page 123 Friday, March 15, 2013 9:24 AM Command Modea Description domain-name (IPv6 DHCP Sets the DNS domain name which is provided Pool Config) to a DHCPv6 client by the DHCPv6 server. v6DP ipv6 dhcp pool Enters IPv6 DHCP Pool Configuration mode. GC ipv6 dhcp relay Configures an interface for DHCPv6 Relay functionality. IC ipv6 dhcp server Configures DHCPv6 server functionality on an IC interface.
PAGE 124
2CSPC4.XModular-SWUM204.book Page 124 Friday, March 15, 2013 9:24 AM Command Description Modea show ip dvmrp nexthop Displays the next hop information on outgoing interfaces for routing multicast datagrams. PE show ip dvmrp prune Displays the table that lists the router’s upstream prune information. PE show ip dvmrp route Displays the multicast routing information for DVMRP. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 81.
PAGE 125
2CSPC4.XModular-SWUM204.book Page 125 Friday, March 15, 2013 9:24 AM Command Modea Description ip igmp query-max-response- Configures the maximum response time time interval for the specified interface. IC ip igmp robustness Configures the robustness that allows tuning of the interface. IC ip igmp startup-query-count Sets the number of queries sent out on startup—at intervals equal to the startup query interval for the interface.
PAGE 126
2CSPC4.XModular-SWUM204.book Page 126 Friday, March 15, 2013 9:24 AM Modea Command Description show ip igmp-proxy Displays a summary of the host interface status PE parameters. show ip igmp-proxy interface Displays a detailed list of the host interface status parameters. show ip igmp-proxy groups Displays a table of information about multicast PE groups that IGMP Proxy reported. show ip igmp-proxy groups detail Displays complete information about multicast PE groups that IGMP Proxy has reported.
PAGE 127
2CSPC4.XModular-SWUM204.book Page 127 Friday, March 15, 2013 9:24 AM Command Description Modea ip helper-address (global configuration) Configures the relay of certain UDP broadcast packets received on any interface. GC ip helper-address (interface configuration) Configures the relay of certain UDP broadcast packets received on a specific interface. IC ip helper enable Enables relay of UDP packets. GC show ip helper-address Displays the IP helper address configuration.
PAGE 128
2CSPC4.XModular-SWUM204.book Page 128 Friday, March 15, 2013 9:24 AM Modea Command Description show ip interface Displays all pertinent information about the IP PE interface. show ip protocols Displays the parameters and current state of the PE active routing protocols. show ip route Displays the routing table. PE show ip route preferences Displays detailed information about the route preferences. PE show ip route summary Shows the number of all routes, including best and non-best routes.
PAGE 129
2CSPC4.XModular-SWUM204.book Page 129 Friday, March 15, 2013 9:24 AM Command Description Modea ipv6 host Defines static host name-to- ipv6 address mapping in the host cache. GC ipv6 mld last-memberquery-count Sets the number of listener-specific queries IC (VC) sent before the router assumes that there are no local members on the interface.
PAGE 130
2CSPC4.XModular-SWUM204.book Page 130 Friday, March 15, 2013 9:24 AM Command Description Modea ipv6 nd other-config-flag Sets the other stateful configuration flag in router advertisements sent from the interface. IC ipv6 nd prefix Sets the IPv6 prefixes to include in the router IC advertisement. ipv6 nd ra-interval Sets the transmission interval between router IC advertisements.
PAGE 131
2CSPC4.XModular-SWUM204.book Page 131 Friday, March 15, 2013 9:24 AM Modea Command Description show ipv6 mld-proxy groups Displays information about multicast groups PE that the MLD Proxy reported. show ipv6 mld-proxy groups detail Displays information about multicast groups PE that MLD Proxy reported. show ipv6 mld-proxy interface Displays a detailed list of the host interface status parameters. show ipv6 mld traffic Displays MLD statistical information for the PE router.
PAGE 132
2CSPC4.XModular-SWUM204.book Page 132 Friday, March 15, 2013 9:24 AM Multicast Command Description Modea ip mcast boundary Adds an administrative scope multicast boundary. IC ip mroute Creates a static multicast route for a source range. GC ip multicast Sets the administrative mode of the IP multicast forwarder in the router to active. GC ip multicast ttl-threshold Applies a ttlvalue to a routing interface.
PAGE 133
2CSPC4.XModular-SWUM204.book Page 133 Friday, March 15, 2013 9:24 AM Modea Command Description ip pim ssm Administratively configures PIM Source GC Specific Multicast (SSM) range of addresses for IP multicast routing. show ip multicast Displays the system-wide multicast information. PE show ip mcast boundary Displays the system-wide multicast information. PE show ip multicast interface Displays the multicast information for the specified interface.
PAGE 134
2CSPC4.XModular-SWUM204.book Page 134 Friday, March 15, 2013 9:24 AM IPv6 Multicast Command Description Modea ipv6 pim (Global config) Administratively enables PIMSM for IPv6 multicast routing GC ipv6 pim (VLAN Interface config) Administratively enables PIM-SM multicast routing mode on a particular IPv6 router interface. IC ipv6 pim bsr-border Prevents bootstrap router (BSR) messages from IC being sent or received through an interface.
PAGE 135
2CSPC4.XModular-SWUM204.book Page 135 Friday, March 15, 2013 9:24 AM Command Description Modea ipv6 pim ssm Defines the Source Specific Multicast (SSM) range of multicast addresses. GC show ipv6 pim Displays global status of IPv6 PIMSM and its IPv6 routing interfaces. PE or GC show ipv6 pim bsr Displays the bootstrap router (BSR) information. PE or GC show ipv6 pim bsr-router Display the bootstrap router (BSR) information.
PAGE 136
2CSPC4.XModular-SWUM204.book Page 136 Friday, March 15, 2013 9:24 AM Modea Command Description area nssa no-summary Configures the NSSA so that summary LSAs are ROSPF not advertised into the NSSA. area nssa translator-role Configures the translator role of the NSSA. area nssa translator-stabintv Configures the translator stability interval of the ROSPF NSSA. ROSPF area range (Router OSPF) Creates a specified area range for a specified NSSA.
PAGE 137
2CSPC4.XModular-SWUM204.book Page 137 Friday, March 15, 2013 9:24 AM Command Description Modea compatible rfc1583 Enables OSPF 1583 compatibility. ROSPF default-information originate (Router OSPF Configuration) Controls the advertisement of default routes. ROSPF default-metric Sets a default for the metric of distributed routes. ROSPF distance ospf Sets the route preference value of OSPF in the router.
PAGE 138
2CSPC4.XModular-SWUM204.book Page 138 Friday, March 15, 2013 9:24 AM Command Description Modea maximum-paths Sets the number of paths that OSPF can report for a given destination. ROSPF nsf Enables OSPF graceful restart. ROSPF nsf helper Allow OSPF to act as a helpful neighbor for a restarting router. ROSPF nsf helper strict-lsachecking Set an OSPF helpful neighbor exit helper mode whenever a topology change occurs.
PAGE 139
2CSPC4.XModular-SWUM204.book Page 139 Friday, March 15, 2013 9:24 AM Command Description Modea show ip ospf database database-summary Displays the number of each type of LSA in the database for each area and for the router. PE show ip ospf interface Displays the information for the IFO object or virtual interface tables. PE show ip ospf interface brief Displays brief information for the IFO object or virtual interface tables.
PAGE 140
2CSPC4.XModular-SWUM204.book Page 140 Friday, March 15, 2013 9:24 AM Command Description Modea area nssa default-infooriginate (Router OSPFv3 Config) Configures the metric value and type for the default route advertised into the NSSA. ROSV3 area nssa no-redistribute Configures the NSSA ABR so that learned external routes will not be redistributed to the NSSA. ROSV3 area nssa no-summary Configures the NSSA so that summary LSAs are ROSV3 not advertised into the NSSA.
PAGE 141
2CSPC4.XModular-SWUM204.book Page 141 Friday, March 15, 2013 9:24 AM Command Description Modea distance ospf Sets the route preference value of OSPF in the router. ROSV3 enable Resets the default administrative mode of OSPF ROSV3 in the router (active). exit-overflow-interval Configures the exit overflow interval for OSPF. ROSV3 external-lsdb-limit Configures the external LSDB limit for OSPF. ROSV3 ipv6 ospf Enables OSPF on a router interface or loopback interface.
PAGE 142
2CSPC4.XModular-SWUM204.book Page 142 Friday, March 15, 2013 9:24 AM Modea Command Description nsf helper strict-lsachecking Requires that an OSPF helpful neighbor exit ROSV3 helper mode whenever a topology change occurs. nsf restart-interval Configures the length of the grace period on the ROSV3 restarting router. passive-interface Sets the interface or tunnel as passive. passive-interface default Enables the global passive mode by default for all ROSV3 interfaces.
PAGE 143
2CSPC4.XModular-SWUM204.book Page 143 Friday, March 15, 2013 9:24 AM Command Description Modea show ipv6 ospf interface vlan Displays OSPFv3 configuration and status information for a specific VLAN. PE show ipv6 ospf neighbor Displays information about OSPF neighbors. PE show ipv6 ospf range Displays information about the area ranges for the specified area identifier. PE show ipv6 ospf stub table Displays the OSPF stub table.
PAGE 144
2CSPC4.XModular-SWUM204.book Page 144 Friday, March 15, 2013 9:24 AM Modea Command Description show ip irdp Displays the router discovery information for all PE interfaces, or for a specified interface. a. For the meaning of each Mode abbreviation, see Mode Types on page 81. Routing Information Protocol Command Description Modea auto-summary Enables the RIP auto-summarization mode. RIP default-information originate (Router RIP Configuration) Controls the advertisement of default routes.
PAGE 145
2CSPC4.XModular-SWUM204.book Page 145 Friday, March 15, 2013 9:24 AM Modea Command Description show ip rip interface Displays information related to a particular RIP PE interface. show ip rip interface brief Displays general information for each RIP interface. PE split-horizon Sets the RIP split horizon mode. RIP a. For the meaning of each Mode abbreviation, see Mode Types on page 81.
PAGE 146
2CSPC4.XModular-SWUM204.book Page 146 Friday, March 15, 2013 9:24 AM Command Description Modea vrrp authentication Sets the authentication details value for the virtual router configured on a specified interface. IC vrrp description Assigns a description to the VRRP group. IC vrrp ip Sets the virtual router IP address value for an interface. IC vrrp mode Enables the virtual router configured on an interface. Enabling the status field starts a virtual router.
PAGE 147
2CSPC4.XModular-SWUM204.book Page 147 Friday, March 15, 2013 9:24 AM Command Description Modea ip vrrp accept-mode Enables the VRRP Master to accept ping packets sent to one of the virtual router’s IP addresses. IC show ip vrrp interface Displays the configured value for Accept Mode. UE or PE a. For the meaning of each Mode abbreviation, see Mode Types on page 81. Utility Commands Auto-Install Command Description Modea boot auto-copy-sw Enables or disables Stack Firmware Synchronization.
PAGE 148
2CSPC4.XModular-SWUM204.book Page 148 Friday, March 15, 2013 9:24 AM Captive Portal Command Description Modea authentication timeout Configures the authentication timeout. CP captive-portal Enables the captive portal configuration mode. GC enable Globally enables captive portal. http port Configures an additional HTTP port for captive CP portal to monitor. https port Configures an additional HTTPS port for captive portal to monitor.
PAGE 149
2CSPC4.XModular-SWUM204.book Page 149 Friday, March 15, 2013 9:24 AM Command Description Modea verification Configures the verification mode for a captive portal configuration. CPI captive-portal client deauthenticate Deauthenticates a specific captive portal client. PE show captive-portal client status Displays client connection details or a connection summary for connected captive portal users.
PAGE 150
2CSPC4.XModular-SWUM204.book Page 150 Friday, March 15, 2013 9:24 AM Command Description Modea show captive-portal configuration interface Displays information about all interfaces assigned to a captive portal configuration or about a specific interface assigned to a captive portal configuration. PE show captive-portal configuration locales Displays locales associated with a specific captive portal configuration.
PAGE 151
2CSPC4.XModular-SWUM204.book Page 151 Friday, March 15, 2013 9:24 AM Command Description Modea show sntp status Displays the SNTP status. PE sntp authenticate Set to require authentication for received NTP GC traffic from servers. sntp authentication-key Defines an authentication key for SNTP. GC sntp broadcast client enable Enables SNTP Broadcast clients. GC sntp client poll timer Defines polling time for the SNTP client.
PAGE 152
2CSPC4.XModular-SWUM204.book Page 152 Friday, March 15, 2013 9:24 AM a. For the meaning of each Mode abbreviation, see Mode Types on page 81. Configuration and Image Files Modea Command Description boot system Specifies the system image that the switch loads PE at startup. clear config Restores switch to default configuration. PE copy Copies files from a source to a destination. PE delete Deletes a file from a flash memory. PE delete backup-image Deletes a file from a flash memory device.
PAGE 153
2CSPC4.XModular-SWUM204.book Page 153 Friday, March 15, 2013 9:24 AM Denial of Service Command Description Modea dos-control firstfrag Enables Minimum TCP Header Size Denial of Service protection. GC dos-control icmp Enables Maximum ICMP Packet Size Denial of Service protections. GC dos-control l4port Enables L4 Port Denial of Service protection. GC dos-control sipdip Enables Source IP Address = Destination IP GC Address (SIP=DIP) Denial of Service protection.
PAGE 154
2CSPC4.XModular-SWUM204.book Page 154 Friday, March 15, 2013 9:24 AM Command Description Modea history Enables the command history function. LC history size Changes the command history buffer size for a LC particular line. line Identifies a specific line for configuration and enters the line configuration command mode. GC show line Displays line parameters. UE speed Sets the line baud rate. LC a. For the meaning of each Mode abbreviation, see Mode Types on page 81.
PAGE 155
2CSPC4.XModular-SWUM204.book Page 155 Friday, March 15, 2013 9:24 AM a. For the meaning of each Mode abbreviation, see Mode Types on page 81. Password Management Command Description Modea passwords aging Implements aging on the passwords such that users are required to change passwords when they expire. GC passwords history Enables the administrator to set the number of GC previous passwords that are stored to ensure that users do not reuse their passwords too frequently.
PAGE 156
2CSPC4.XModular-SWUM204.book Page 156 Friday, March 15, 2013 9:24 AM Modea Command Description passwords strength minimum character-classes Enforces the minimum number of character GC classes (uppercase letters, lowercase letters, numeric characters and special characters) that a password must contain. passwords strength exclude- Enforces a maximum number of consecutive keyword characters that a password can contain.
PAGE 157
2CSPC4.XModular-SWUM204.book Page 157 Friday, March 15, 2013 9:24 AM Command Description Modea rmon collection history Enables a Remote Monitoring (RMON) MIB history statistics group on an interface. IC rmon event Configures an RMON event. GC show rmon alarm Displays alarm configurations. UE show rmon alarms Displays the alarms summary table. UE and PE show rmon collection history Displays the requested group of statistics. UE show rmon events Displays the RMON event table.
PAGE 158
2CSPC4.XModular-SWUM204.book Page 158 Friday, March 15, 2013 9:24 AM Command Description Modea debug dot1x Enables dot1x packet tracing. PE debug igmpsnooping Enables tracing of IGMP Snooping packets transmitted and/or received by the switch. PE debug ip acl Enables debug of IP Protocol packets matching PE the ACL criteria. debug ip dvmrp Traces DVMRP packet reception and transmission. PE debug ip igmp Traces IGMP packet reception and transmission.
PAGE 159
2CSPC4.XModular-SWUM204.book Page 159 Friday, March 15, 2013 9:24 AM Command Description Modea debug ospf Enables tracing of OSPF packets received and transmitted by the switch. PE debug ospfv3 Enables tracing of OSPFv3 packets received and PE transmitted by the switch. debug ping Enables tracing of ICMP echo requests and responses. PE debug rip Enables tracing of RIP requests and responses. PE debug sflow Enables sFlow debug packet trace.
PAGE 160
2CSPC4.XModular-SWUM204.book Page 160 Friday, March 15, 2013 9:24 AM Command Description Modea show sflow sampling Displays the sFlow sampling instances created on the switch. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 81. SNMP Command Description Modea show snmp Displays the SNMP status. PE show snmp engineID Displays the SNMP engine ID. PE show snmp filters Displays the configuration of filters. PE show snmp group Displays the configuration of groups.
PAGE 161
2CSPC4.XModular-SWUM204.book Page 161 Friday, March 15, 2013 9:24 AM Command Description Modea snmp-server view Creates or updates a Simple Network Management Protocol (SNMP) server view entry. GC snmp-server v3-host Specifies the recipient of Simple Network Management Protocol Version 3 (SNMPv3) notifications. GC a. For the meaning of each Mode abbreviation, see Mode Types on page 81. SSH Command Description Modea crypto key generate dsa Generates DSA key pairs for the switch.
PAGE 162
2CSPC4.XModular-SWUM204.book Page 162 Friday, March 15, 2013 9:24 AM Command Description Modea show ip ssh Displays the SSH server configuration. PE user-key Specifies which SSH public key is manually SP configured and enters the SSH public key-string configuration command. a. For the meaning of each Mode abbreviation, see Mode Types on page 81. Syslog Command Description Modea clear logging Clears messages from the internal logging buffer.
PAGE 163
2CSPC4.XModular-SWUM204.book Page 163 Friday, March 15, 2013 9:24 AM Command Description Modea show logging file Displays the state of logging and the syslog messages stored in the logging file. PE show syslog-servers Displays the syslog servers settings. PE terminal monitor Enables the display of logging messages on the PE terminal. a. For the meaning of each Mode abbreviation, see Mode Types on page 81. System Management Command Description Modea asset-tag Specifies the switch asset-tag.
PAGE 164
2CSPC4.XModular-SWUM204.book Page 164 Friday, March 15, 2013 9:24 AM Command Modea Description ip address {dhcp/bootp} Enables DHCP/BOOTP on the OOB port. IC (outof-band) login-banner Enables login banner on the console, telnet, or LC SSH connection. member Configures the switch. SG motd-banner Enables motd on the console, telnet, or SSH connection. LC nsf Specifies non-stop forwarding. GC ping Sends ICMP echo request packets to another node on the network.
PAGE 165
2CSPC4.XModular-SWUM204.book Page 165 Friday, March 15, 2013 9:24 AM Command Description Modea show sessions Displays a list of the open telnet sessions to remote hosts. PE show slot Displays information about all the slots in the system or for a specific slot. UE show supported cardtype Displays information about all card types supported in the system. UE show supported switchtype Displays information about all supported switch UE types.
PAGE 166
2CSPC4.XModular-SWUM204.book Page 166 Friday, March 15, 2013 9:24 AM Modea Command Description switch renumber Changes the identifier for a switch in the stack. GC telnet Logs into a host that supports Telnet. PE traceroute Discovers the IP routes that packets actually take when travelling to their destinations. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 81.
PAGE 167
2CSPC4.XModular-SWUM204.book Page 167 Friday, March 15, 2013 9:24 AM Command Description Modea show time-range Displays a time range and all the absolute/periodic time entries that are defined for the time range. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 81. User Interface Command Description Modea enable Enters the privileged EXEC mode. UE end Gets the CLI user control back to the privileged Any execution mode or user execution mode.
PAGE 168
2CSPC4.XModular-SWUM204.book Page 168 Friday, March 15, 2013 9:24 AM Modea Command Description ip http port Specifies the TCP port for use by a web browser GC to configure the switch. ip http server Enables the switch to be configured from a browser. GC ip http secure-certificate Configures the active certificate for HTTPS. GC ip http secure-port Configures a TCP port for use by a secure web browser to configure the switch.
PAGE 169
2CSPC4.XModular-SWUM204.book Page 169 Friday, March 15, 2013 9:24 AM 2 Using the CLI Introduction This chapter describes the basics of entering and editing the Dell PowerConnect 70xx Series Command Line Interface (CLI) commands and defines the command hierarchy. It also explains how to activate the CLI and implement its major functions.
PAGE 170
2CSPC4.XModular-SWUM204.book Page 170 Friday, March 15, 2013 9:24 AM Two instances where the help information can be displayed are: • Keyword lookup — The key is entered in place of a command. A list of all valid commands and corresponding help messages is displayed. • Partial keyword lookup — A command is incomplete and the key is entered in place of a parameter. The matched parameters for this command are displayed.
PAGE 171
2CSPC4.XModular-SWUM204.book Page 171 Friday, March 15, 2013 9:24 AM Table 2-1. History Buffer Keyword Source or Destination Up-arrow key Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall successively older commands. +
Down-arrow key + Returns to more recent commands in the history buffer after recalling commands with the up-arrow key. Repeating the key sequence recalls more recent commands in succession.
PAGE 172
2CSPC4.XModular-SWUM204.book Page 172 Friday, March 15, 2013 9:24 AM --------- ------------------------- ------ ------- ---- ------ -----------Gi1/0/1 N/A Unknown Auto Down Inactive Gi1/0/2 N/A Unknown Auto Down Inactive Gi1/0/3 N/A Unknown Auto Down Inactive Gi1/0/4 N/A Unknown Auto Down Inactive Gi1/0/5 N/A Unknown Auto Down Inactive Gi1/0/6 N/A Unknown Auto Down Inactive Command Completion CLI can complete partially entered commands when the user presses the or key.
PAGE 173
2CSPC4.XModular-SWUM204.book Page 173 Friday, March 15, 2013 9:24 AM Table 2-2. CLI Shortcuts Keyboard Key Description Delete previous character + Go to beginning of line + Go to end of line + Go forward one character + Go backward one character + Delete current character + Delete to beginning of line + Delete to the end of the line.
PAGE 174
2CSPC4.XModular-SWUM204.book Page 174 Friday, March 15, 2013 9:24 AM Operating on Multiple Objects (Range) The CLI allows the user to operate on the set of objects at the same time. The guidelines are as follows for range operation: • Operations on objects with four or more instances support the range operation, unless noted otherwise in the specific command documentation. • The range key word is used to identify the range of objects on which to operate.
PAGE 175
2CSPC4.XModular-SWUM204.book Page 175 Friday, March 15, 2013 9:24 AM • Some parameters must be configured individually for each port or interface. Command Scripting The CLI can be used as a programmable management interface. To facilitate this function, any characters entered after the character are treated as a comment and ignored by the CLI. Also, the CLI allows the user to disable session timeouts.
PAGE 176
2CSPC4.XModular-SWUM204.book Page 176 Friday, March 15, 2013 9:24 AM Interface Naming Conventions The conventions for naming interfaces in CLI commands are as follows: Ethernet Interfaces The gigabit Ethernet and ten-gigabit Ethernet ports are identified in the CLI by the variable unit/slot/port, where: • Unit#/Slot#/Port# — Identifies a specific interface by the interface type tag followed by the Unit# followed by a / symbol, then the Slot# followed by a / symbol, and then the Port#.
PAGE 177
2CSPC4.XModular-SWUM204.book Page 177 Friday, March 15, 2013 9:24 AM Table 2-4.
PAGE 178
2CSPC4.XModular-SWUM204.
PAGE 179
2CSPC4.XModular-SWUM204.book Page 179 Friday, March 15, 2013 9:24 AM CLI Command Modes Since the set of CLI commands is very large, the CLI is structured as a command-tree hierarchy, where related command sets are assigned to command modes for easier access. At each level, only the commands related to that level are available to the user and only those commands are shown in the context sensitive help for that level. In this guide, commands are organized into three categories: • Layer 2 (IEEE 802.
PAGE 180
2CSPC4.XModular-SWUM204.book Page 180 Friday, March 15, 2013 9:24 AM The Privileged EXEC mode provides access to commands that can not be executed in the User EXEC mode and permits access to the switch Configuration mode. The Global Configuration mode manages switch configuration on a global level. For specific interface configurations, command modes exist at a sublevel. Entering a at the system prompt displays a list of commands available for that particular command mode.
PAGE 181
2CSPC4.XModular-SWUM204.book Page 181 Friday, March 15, 2013 9:24 AM Global Configuration Mode Global Configuration commands apply to features that affect the system as a whole, rather than just a specific interface. The Privileged EXEC mode command configure is used to enter the Global Configuration mode. console(config)# The following are the Global Configuration modes: • SNMP v3 Host Configuration — Configures the parameters for the SNMP v3 server host.
PAGE 182
2CSPC4.XModular-SWUM204.book Page 182 Friday, March 15, 2013 9:24 AM • VLAN Database — Contains commands to create a VLAN as a whole. The Global Configuration mode command vlan database is used to enter the VLAN Database mode. • Router OSPF Configuration — Global configuration mode command router ospf is used to enter into the Router OSPF Configuration mode. • Router RIP Configuration — Global configuration mode command router rip is used to enter into the Router RIP Configuration mode.
PAGE 183
2CSPC4.XModular-SWUM204.book Page 183 Friday, March 15, 2013 9:24 AM member ports as a single entity. The Global Configuration mode command interface port-channel port-channel-number is used to enter the Port Channel mode. • Tunnel — Contains commands to manage tunnel interfaces. The Global Configuration mode command interface tunnel enters the Tunnel Configuration mode to configure an tunnel type interface. • Loopback — Contains commands to manage loopback interfaces.
PAGE 184
2CSPC4.XModular-SWUM204.book Page 184 Friday, March 15, 2013 9:24 AM Identifying the Switch and Command Mode from the System Prompt The system prompt provides the user with the name of the switch (hostname) and identifies the command mode. The following is a formal description of the system command prompt: [device name][([command mode-[object]])][# | >] [device name] — is the name of the managed switch, which is typically the user-configured hostname established by the hostname command.
PAGE 185
2CSPC4.XModular-SWUM204.book Page 185 Friday, March 15, 2013 9:24 AM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode console# Privileged EXEC Use the enable command to enter into this mode. This mode is password protected. Use the exit command, or press + to return to the User EXEC mode. Global Configuration From Privileged EXEC mode, use the configure command.
PAGE 186
2CSPC4.XModular-SWUM204.book Page 186 Friday, March 15, 2013 9:24 AM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Policy-Class-Map From Global Configuration mode, use the policy-map class command. Class-Map Command Prompt Exit or Access Previous Mode console(config-policy-map)# To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode. console(config-classmap)# From Global Configuration mode, use the classmap command.
PAGE 187
2CSPC4.XModular-SWUM204.book Page 187 Friday, March 15, 2013 9:24 AM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode SSH Public Key String console(config-pubkey-key)# To return to the From the SSH Public Key- Chain SSH Public keymode, use the userchain mode, use key the exit command, or {rsa | dsa} press command. + to Privileged EXEC mode.
PAGE 188
2CSPC4.XModular-SWUM204.book Page 188 Friday, March 15, 2013 9:24 AM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode SNMP v3 Host Configuration console(config-snmp)# From Global Configuration mode, use the snmp-server v3-host command. To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode.
PAGE 189
2CSPC4.XModular-SWUM204.book Page 189 Friday, March 15, 2013 9:24 AM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Stack console(config-stack)# From Global Configuration mode, use the stack command. To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode. Logging From Global Configuration mode, use the logging command.
PAGE 190
2CSPC4.XModular-SWUM204.book Page 190 Friday, March 15, 2013 9:24 AM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Router OSPF Conf From Global Configuration mode, use the router ospf command. console(config-router)# To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode Router RIP Config From Global Configuration mode, use the router rip command.
PAGE 191
2CSPC4.XModular-SWUM204.book Page 191 Friday, March 15, 2013 9:24 AM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Gigabit Ethernet From Global Configuration mode, use the interface gigabitethernet command. Or, use the abbreviation interface gi. console (config-ifGiunit/slot/port# To exit to Global Configuration mode, use the exit command, or press + to Privileged EXEC mode.
PAGE 192
2CSPC4.XModular-SWUM204.book Page 192 Friday, March 15, 2013 9:24 AM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Tunnel From Global Configuration mode, use the interface tunnel command. Or, use the abbreviation interface tu. console(config-tunneltunnel- To exit to Global id)# Configuration Loopback Exit or Access Previous Mode mode, use the exit command, or press + to Privileged EXEC mode.
PAGE 193
2CSPC4.XModular-SWUM204.book Page 193 Friday, March 15, 2013 9:24 AM Easy Setup Wizard The Easy Setup Wizard guides the user in the basic initial configuration of a newly installed switch so that it can be immediately deployed and functional in its basic operation and be completely manageable through the Web, CLI and the remote Dell Network Manager. After initial setup, the user may enter to the system to set up more advanced configurations.
PAGE 194
2CSPC4.XModular-SWUM204.book Page 194 Friday, March 15, 2013 9:24 AM If the user chooses not to use the wizard initially, the session defaults to the CLI mode with a warning to refer the documentation. During a subsequent login, the user may again elect not to run the setup wizard. Once the wizard has established configuration, however, the wizard is presented only if the user resets the switch to the factory default settings.
PAGE 195
2CSPC4.XModular-SWUM204.book Page 195 Friday, March 15, 2013 9:24 AM Figure 2-1.
PAGE 196
2CSPC4.XModular-SWUM204.book Page 196 Friday, March 15, 2013 9:24 AM Example Session This section describes an Easy Setup Wizard session. Refer to the state diagram in the previous section for general flow. The following values used by the example session are not the only possible ones: • IP address for the VLAN 1 is 192.168.1.2:255.255.255.0. This address is on a different subnet than the OOB interface and in the same subnet as the default gateway.
PAGE 197
2CSPC4.XModular-SWUM204.book Page 197 Friday, March 15, 2013 9:24 AM NOTE: In the following Easy Setup Wizard example, the possible user options are enclosed in [ ]. Also, where possible, default values are enclosed in []. If the user enters with no options defined, the default value is accepted. Help text is in parentheses.
PAGE 198
2CSPC4.XModular-SWUM204.book Page 198 Friday, March 15, 2013 9:24 AM Network Manager or other management interfaces to change this setting, and to add additional management system later. For more information on adding management systems, see the user documentation. To add a management station: Please enter the SNMP community string to be used. {public}: public Please enter the IP address of the Management System (A.B.C.D) or wildcard (0.0.0.0) to manage from any Management Station. {0.0.0.0}: 192.
PAGE 199
2CSPC4.XModular-SWUM204.book Page 199 Friday, March 15, 2013 9:24 AM Optionally you may request that the system automatically retrieve an IP address from the network via DHCP (this requires that you have a DHCP server running on the network). To setup an IP address: Please enter the IP address of the device (A.B.C.D) or enter "DHCP" (without the quotes) to automatically request an IP address from the network DHCP server. 192.168.1.2 Please enter the IP subnet mask (A.B.C.D or /nn): 255.255.255.
PAGE 200
2CSPC4.XModular-SWUM204.book Page 200 Friday, March 15, 2013 9:24 AM Thank you for using the Dell Easy Setup Wizard. You will now enter CLI mode. ..... console> Using CLI Functions and Tools The CLI has been designed to manage the switch’s configuration file system and to manage switch security. A number of resident tools exist to support these and other functions. Configuration Management All managed systems have software images and databases that must be configured, backed up and restored.
PAGE 201
2CSPC4.XModular-SWUM204.book Page 201 Friday, March 15, 2013 9:24 AM Copying Files The copy command not only provides a method for copying files within the file system, but also to and from remote servers. With the copy command and URLs to identify files, the user can back up images to local or remote systems or restore images from local or remote systems. To use the copy command, the user specifies the source file and the destination file.
PAGE 202
2CSPC4.XModular-SWUM204.book Page 202 Friday, March 15, 2013 9:24 AM • startup-config — This file refers to the special configuration image stored in flash memory which is loaded when the system next reboots. The user may copy a particular configuration file (remote or local) to this special file name and reboot the system to force it to use a particular configuration. • image1 & image2 — These files refer to software images. One of these will be loaded when the system next reboots.
PAGE 203
2CSPC4.XModular-SWUM204.book Page 203 Friday, March 15, 2013 9:24 AM User Accounts Management The CLI provides authentication for users either through remote authentication servers supporting TACACS+ or Radius or through a set of locally managed user accounts. The setup wizard asks the user to create the initial administrator account and password at the time the system is booted. The following rules and specifications apply: • The user may create five local user accounts.
PAGE 204
2CSPC4.XModular-SWUM204.book Page 204 Friday, March 15, 2013 9:24 AM If the user account is created and maintained locally, each user is given an access level at the time of account creation. If the user is authenticated through remote authentication servers, the authentication server is configured to pass the user access level to the CLI when the user is authenticated. When Radius is used, the Vendor-Specific Option field returns the access level for the user. Two vendor specific options are supported.
PAGE 205
2CSPC4.XModular-SWUM204.book Page 205 Friday, March 15, 2013 9:24 AM • If a log server is not specified by the user, the CLI maintains at most the last 1000 critical system events. In this case, less important events are not recorded. Security Logs Security logs are maintained to record all security events including the following: • User login. • User logout. • Denied login attempts. • User attempt to exceed security access level.
PAGE 206
2CSPC4.XModular-SWUM204.book Page 206 Friday, March 15, 2013 9:24 AM • SSH and the keying information to use for SSH. • HTTP. • HTTPS and the security certificate to be used. • SNMPv1/v2c and the read and read/write community strings to be used. • SNMPv3 and the security information for used this protocol. For each of these management profiles, the user defines the list of hosts or subnets from which the management profiles may be used.
PAGE 207
2CSPC4.XModular-SWUM204.book Page 207 Friday, March 15, 2013 9:24 AM Boot Menu 4.1.0.6 CPU Card ID: 0x508548 CFI Probe: Found 2x16 devices in x16 mode /DskVol// - disk check in progress ...
PAGE 208
2CSPC4.XModular-SWUM204.book Page 208 Friday, March 15, 2013 9:24 AM - # of FAT table copies: 2 - # of hidden sectors: 8 - first cluster is in sector # 260 - Update last access date for open-read-close = FALSE Boot Menu 4.1.0.6 Select an option. If no selection in 10 seconds then operational code will start. 1 - Start operational code. 2 - Start Boot Menu. Select (1, 2): Operational Code Date: Mon Feb 28 16:43:14 2011 Uncompressing.....
PAGE 209
2CSPC4.XModular-SWUM204.
PAGE 210
2CSPC4.XModular-SWUM204.book Page 210 Friday, March 15, 2013 9:24 AM Configuring CPUTRANS RX hpc - No stack ports. Starting in stand-alone mode. Instantiating /download as rawFs, device = 0x20001 Formatting /download for DOSFS Instantiating /download as rawFs, device = 0x20001 Formatting...OK. <186> NOV 15 09:34:53 0.0.0.0-1 General[1073741072]: bootos.
PAGE 211
2CSPC4.XModular-SWUM204.
PAGE 212
2CSPC4.XModular-SWUM204.book Page 212 Friday, March 15, 2013 9:24 AM File asciilog.bin Ready to SEND in binary mode Estimated File Size 0K, 12 Sectors, 89 Bytes Estimated transmission time 14 seconds Send several Control-X characters to cancel before transfer starts. [Boot Menu] 4 Ready to receive the file with XMODEM/CRC.... Ready to RECEIVE File xcode.bin in binary mode Send several Control-X characters to cancel before transfer starts.
PAGE 213
2CSPC4.XModular-SWUM204.book Page 213 Friday, March 15, 2013 9:24 AM Size...........................................0xc178 dc (12679388) Number of Components...........................3 Operational Code Size..........................0xa73af4 (10959604) Operational Code Offset........................0x74 (116) Operational Code FLASH flag....................1 Operational Code CRC...........................0x20E7 Operational Compression flag...................2 (lzma) Boot Code Version......................
PAGE 214
2CSPC4.XModular-SWUM204.book Page 214 Friday, March 15, 2013 9:24 AM [Boot Menu] 7 Do you wish to update Boot Code and reset? (y/n) y Validating image2....OK Extracting boot code from image...CRC valid Erasing Boot Flash.....Done. Wrote 0x10000 bytes. Wrote 0x20000 bytes. Wrote 0x30000 bytes. Wrote 0x40000 bytes. Wrote 0x50000 bytes. Wrote 0x60000 bytes. Wrote 0x70000 bytes. Wrote 0x80000 bytes. Wrote 0x90000 bytes. Wrote 0xa0000 bytes. Wrote 0xb0000 bytes. Wrote 0xc0000 bytes. Wrote 0xd0000 bytes.
PAGE 215
2CSPC4.XModular-SWUM204.book Page 215 Friday, March 15, 2013 9:24 AM Flash update completed. Rebooting... CPU Card ID: 0x508548 CFI Probe: Found 2x16 devices in x16 mode /DskVol// - disk check in progress ...
PAGE 216
2CSPC4.XModular-SWUM204.book Page 216 Friday, March 15, 2013 9:24 AM - bytes per sector: 512 - # of sectors per cluster: 4 - # of reserved sectors: - FAT entry size: 1 FAT16 - # of sectors per FAT copy: - # of FAT table copies: 122 2 - # of hidden sectors: 8 - first cluster is in sector # 260 - Update last access date for open-read-close = FALSE Boot Menu 4.1.0.6 Select an option. If no selection in 10 seconds then operational code will start. 1 - Start operational code. 2 - Start Boot Menu.
PAGE 217
2CSPC4.XModular-SWUM204.
PAGE 218
2CSPC4.XModular-SWUM204.book Page 218 Friday, March 15, 2013 9:24 AM [Boot Menu] 12 Operational Code Date: Mon Feb 28 16:43:14 2011 Uncompressing..... Bulk Class Driver Successfully Initialized Adding 0 symbols for standalone.
PAGE 219
2CSPC4.XModular-SWUM204.
PAGE 220
2CSPC4.XModular-SWUM204.book Page 220 Friday, March 15, 2013 9:24 AM Formatting...OK. <186> NOV 15 10:03:48 0.0.0.0-1 General[1073741072]: bootos.c(220) 1 %% Event(0xaaaaaaaa) Instantiating RamCP: as rawFs, device = 0x30001 Formatting RamCP: for DOSFS Instantiating RamCP: as rawFs, device = 0x30001 Formatting...OK. (Unit 1 - Waiting to select management unit)>USB Auto Configuration process is completed! Applying Global configuration, please wait ...
PAGE 221
2CSPC4.XModular-SWUM204.book Page 221 Friday, March 15, 2013 9:24 AM The setup wizard guides you through the initial switch configuration, and gets you up and running as quickly as possible. You can skip the setup wizard, and enter CLI mode to manually configure the switch. You must respond to the next question to run the setup wizard within 60 seconds, otherwise the system will continue with normal operation using the default system configuration.
PAGE 222
2CSPC4.XModular-SWUM204.book Page 222 Friday, March 15, 2013 9:24 AM Reloading all switches. Boot Menu 4.1.0.6 CPU Card ID: 0x508548 CFI Probe: Found 2x16 devices in x16 mode /DskVol// - disk check in progress ... /DskVol//files /DskVol//files/image2 /DskVol//files/boot.dim /DskVol//files/crashdump.ctl /DskVol//files/dh512.pem /DskVol//files/dh1024.pem /DskVol//files/sslt_cert1.pem /DskVol//files/sslt_key1.
PAGE 223
2CSPC4.XModular-SWUM204.
PAGE 224
2CSPC4.XModular-SWUM204.book Page 224 Friday, March 15, 2013 9:24 AM - first cluster is in sector # 260 - Update last access date for open-read-close = FALSE Boot Menu 4.1.0.6 Select an option. If no selection in 10 seconds then operational code will start. 1 - Start operational code. 2 - Start Boot Menu. Select (1, 2):2 Boot Menu 4.1.0.
PAGE 225
2CSPC4.XModular-SWUM204.book Page 225 Friday, March 15, 2013 9:24 AM 11 - Activate Backup Image 12 - Password Recovery Procedure 13 - Reformat and restore file system [Boot Menu] 13 Instantiating /RamDisk/ as rawFs, device = 0x20001 Formatting /RamDisk/ for DOSFS Instantiating /RamDisk/ as rawFs, device = 0x20001 Formatting.../RamDisk/: file system is marked clean, skipping check OK.
PAGE 226
2CSPC4.XModular-SWUM204.book Page 226 Friday, March 15, 2013 9:24 AM copying file /DskVol/files/ssh_host_key -> /RamDisk/ssh_host_key copying file /DskVol/files/ssh_host_dsa_key -> /RamDisk/ssh_host_dsa_key copying file /DskVol/files/ssh_host_rsa_key -> /RamDisk/ssh_host_rsa_key image2 9:30:36 12679504 11/15/113 hpc_broad.cfg 10:04:30 148 11/15/113 boot.dim 8:00:02 77 4/22/105 dh512.pem 0:20:24 156 5/30/113 dh1024.pem 0:20:24 245 5/30/113 sslt_cert1.pem 5:09:30 863 6/2/113 sslt_key1.
PAGE 227
2CSPC4.XModular-SWUM204.book Page 227 Friday, March 15, 2013 9:24 AM Erasing FFS: CFI Probe: Found 2x16 devices in x16 mode Formatted 1 of 251 units = 0.3 % Formatted 2 of 251 units = 0.7 % Formatted 3 of 251 units = 1.1 % Formatted 4 of 251 units = 1.5 % Formatted 5 of 251 units = 1.9 % Formatted 6 of 251 units = 2.3 % Formatted 7 of 251 units = 2.7 % Formatted 8 of 251 units = 3.1 % Formatted 9 of 251 units = 3.5 % Formatted 10 of 251 units = 3.9 % Formatted 11 of 251 units = 4.
PAGE 228
2CSPC4.XModular-SWUM204.book Page 228 Friday, March 15, 2013 9:24 AM Formatted 26 of 251 units = 10.3 % Formatted 27 of 251 units = 10.7 % Formatted 28 of 251 units = 11.1 % Formatted 29 of 251 units = 11.5 % Formatted 30 of 251 units = 11.9 % Formatted 31 of 251 units = 12.3 % Formatted 32 of 251 units = 12.7 % Formatted 33 of 251 units = 13.1 % Formatted 34 of 251 units = 13.5 % Formatted 35 of 251 units = 13.9 % Formatted 36 of 251 units = 14.3 % Formatted 37 of 251 units = 14.
PAGE 229
2CSPC4.XModular-SWUM204.book Page 229 Friday, March 15, 2013 9:24 AM Formatted 52 of 251 units = 20.7 % Formatted 53 of 251 units = 21.1 % Formatted 54 of 251 units = 21.5 % Formatted 55 of 251 units = 21.9 % Formatted 56 of 251 units = 22.3 % Formatted 57 of 251 units = 22.7 % Formatted 58 of 251 units = 23.1 % Formatted 59 of 251 units = 23.5 % Formatted 60 of 251 units = 23.9 % Formatted 61 of 251 units = 24.3 % Formatted 62 of 251 units = 24.7 % Formatted 63 of 251 units = 25.
PAGE 230
2CSPC4.XModular-SWUM204.book Page 230 Friday, March 15, 2013 9:24 AM Formatted 78 of 251 units = 31.0 % Formatted 79 of 251 units = 31.4 % Formatted 80 of 251 units = 31.8 % Formatted 81 of 251 units = 32.2 % Formatted 82 of 251 units = 32.6 % Formatted 83 of 251 units = 33.0 % Formatted 84 of 251 units = 33.4 % Formatted 85 of 251 units = 33.8 % Formatted 86 of 251 units = 34.2 % Formatted 87 of 251 units = 34.6 % Formatted 88 of 251 units = 35.0 % Formatted 89 of 251 units = 35.
PAGE 231
2CSPC4.XModular-SWUM204.book Page 231 Friday, March 15, 2013 9:24 AM Formatted 104 of 251 units = 41.4 % Formatted 105 of 251 units = 41.8 % Formatted 106 of 251 units = 42.2 % Formatted 107 of 251 units = 42.6 % Formatted 108 of 251 units = 43.0 % Formatted 109 of 251 units = 43.4 % Formatted 110 of 251 units = 43.8 % Formatted 111 of 251 units = 44.2 % Formatted 112 of 251 units = 44.6 % Formatted 113 of 251 units = 45.0 % Formatted 114 of 251 units = 45.4 % Formatted 115 of 251 units = 45.
PAGE 232
2CSPC4.XModular-SWUM204.book Page 232 Friday, March 15, 2013 9:24 AM Formatted 130 of 251 units = 51.7 % Formatted 131 of 251 units = 52.1 % Formatted 132 of 251 units = 52.5 % Formatted 133 of 251 units = 52.9 % Formatted 134 of 251 units = 53.3 % Formatted 135 of 251 units = 53.7 % Formatted 136 of 251 units = 54.1 % Formatted 137 of 251 units = 54.5 % Formatted 138 of 251 units = 54.9 % Formatted 139 of 251 units = 55.3 % Formatted 140 of 251 units = 55.7 % Formatted 141 of 251 units = 56.
PAGE 233
2CSPC4.XModular-SWUM204.book Page 233 Friday, March 15, 2013 9:24 AM Formatted 156 of 251 units = 62.1 % Formatted 157 of 251 units = 62.5 % Formatted 158 of 251 units = 62.9 % Formatted 159 of 251 units = 63.3 % Formatted 160 of 251 units = 63.7 % Formatted 161 of 251 units = 64.1 % Formatted 162 of 251 units = 64.5 % Formatted 163 of 251 units = 64.9 % Formatted 164 of 251 units = 65.3 % Formatted 165 of 251 units = 65.7 % Formatted 166 of 251 units = 66.1 % Formatted 167 of 251 units = 66.
PAGE 234
2CSPC4.XModular-SWUM204.book Page 234 Friday, March 15, 2013 9:24 AM Formatted 182 of 251 units = 72.5 % Formatted 183 of 251 units = 72.9 % Formatted 184 of 251 units = 73.3 % Formatted 185 of 251 units = 73.7 % Formatted 186 of 251 units = 74.1 % Formatted 187 of 251 units = 74.5 % Formatted 188 of 251 units = 74.9 % Formatted 189 of 251 units = 75.2 % Formatted 190 of 251 units = 75.6 % Formatted 191 of 251 units = 76.0 % Formatted 192 of 251 units = 76.4 % Formatted 193 of 251 units = 76.
PAGE 235
2CSPC4.XModular-SWUM204.book Page 235 Friday, March 15, 2013 9:24 AM Formatted 208 of 251 units = 82.8 % Formatted 209 of 251 units = 83.2 % Formatted 210 of 251 units = 83.6 % Formatted 211 of 251 units = 84.0 % Formatted 212 of 251 units = 84.4 % Formatted 213 of 251 units = 84.8 % Formatted 214 of 251 units = 85.2 % Formatted 215 of 251 units = 85.6 % Formatted 216 of 251 units = 86.0 % Formatted 217 of 251 units = 86.4 % Formatted 218 of 251 units = 86.8 % Formatted 219 of 251 units = 87.
PAGE 236
2CSPC4.XModular-SWUM204.book Page 236 Friday, March 15, 2013 9:24 AM Formatted 234 of 251 units = 93.2 % Formatted 235 of 251 units = 93.6 % Formatted 236 of 251 units = 94.0 % Formatted 237 of 251 units = 94.4 % Formatted 238 of 251 units = 94.8 % Formatted 239 of 251 units = 95.2 % Formatted 240 of 251 units = 95.6 % Formatted 241 of 251 units = 96.0 % Formatted 242 of 251 units = 96.4 % Formatted 243 of 251 units = 96.8 % Formatted 244 of 251 units = 97.2 % Formatted 245 of 251 units = 97.
PAGE 237
2CSPC4.XModular-SWUM204.
PAGE 238
2CSPC4.XModular-SWUM204.book Page 238 Friday, March 15, 2013 9:24 AM done . .. Filesystem size 63567872 Bytes used 0 Bytes free 63567872 copying file /RamDisk/image1 -> /DskVol/files/image1 copying file /RamDisk/image2 -> /DskVol/files/image2 copying file /RamDisk/startup-config -> /DskVol/files/startup-config copying file /RamDisk/vpd.bin -> /DskVol/files/vpd.bin copying file /RamDisk/hpc_broad.cfg -> /DskVol/files/hpc_broad.cfg copying file /RamDisk/boot.dim -> /DskVol/files/boot.
PAGE 239
2CSPC4.XModular-SWUM204.book Page 239 Friday, March 15, 2013 9:24 AM copying file /RamDisk/ssh_host_dsa_key -> /DskVol/files/ssh_host_dsa_key copying file /RamDisk/ssh_host_rsa_key -> /DskVol/files/ssh_host_rsa_key . .. image2 9:30:36 12679504 11/15/113 hpc_broad.cfg 10:04:30 148 11/15/113 boot.dim 8:00:02 77 4/22/105 dh512.pem 0:20:24 156 5/30/113 dh1024.pem 0:20:24 245 5/30/113 sslt_cert1.pem 5:09:30 863 6/2/113 sslt_key1.
PAGE 240
2CSPC4.XModular-SWUM204.book Page 240 Friday, March 15, 2013 9:24 AM [Boot Menu] Monitoring Traps from CLI It is possible to connect to the CLI session and monitor the events or faults that are being sent as traps from the system. This feature is equivalent to the alarm-monitoring window in a typical network management system. The user enables events or monitor traps from the CLI by entering the command logging console.
PAGE 241
2CSPC4.XModular-SWUM204.book Page 241 Friday, March 15, 2013 9:24 AM Layer 2 Switching Commands 3 The chapters that follow describe commands that conform to the OSI model data link layer (Layer 2). Layer 2 commands provide a logical organization for transmitting data bits on a particular medium. This layer defines the framing, addressing, and checksum functions for Ethernet packets.
PAGE 242
2CSPC4.XModular-SWUM204.
PAGE 243
2CSPC4.XModular-SWUM204.book Page 243 Friday, March 15, 2013 9:24 AM 4 AAA Commands Management access to the switch is via telnet, HTTP, SSH, or the serial console (SNMP access is discussed in SNMP Commands). To ensure that only authorized users can access and change the configuration of the switch, users must be authenticated.
PAGE 244
2CSPC4.XModular-SWUM204.book Page 244 Friday, March 15, 2013 9:24 AM support the concept of time-out, subsequent entries in the list are never attempted. For example, the local authentication method implementation does not supply a time-out value. If a list contains the local method, followed by the radius authentication method, the radius method is not attempted.
PAGE 245
2CSPC4.XModular-SWUM204.book Page 245 Friday, March 15, 2013 9:24 AM Accounting Method Lists An Accounting Method List (AML) is an ordered list of accounting methods that can be applied to the accounting types (exec or commands). Accounting Method Lists are identified by the default keyword or by a user-defined name. TACACS+ and RADIUS are supported as accounting methods. TACACS+ accounts all accounting types. RADIUS only accounts exec sessions.
PAGE 246
2CSPC4.XModular-SWUM204.
PAGE 247
2CSPC4.XModular-SWUM204.book Page 247 Friday, March 15, 2013 9:24 AM User Guidelines Only one authentication method may be specified in the command. For the RADIUS authentication method, if the RADIUS server cannot be contacted, the supplicant fails authentication. The none method always allows access. the ias method utilizes the internal authentication server. The internal authentication server only supports the EAP-MD5 method. Example The following example configures 802.
PAGE 248
2CSPC4.XModular-SWUM204.book Page 248 Friday, March 15, 2013 9:24 AM Keyword Source or destination enable Uses the enable password for authentication. line Uses the line password for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Configuration The default enable list is enableList. It is used by console, telnet, and SSH and only contains the method none.
PAGE 249
2CSPC4.XModular-SWUM204.book Page 249 Friday, March 15, 2013 9:24 AM Example The following example sets authentication when accessing higher privilege levels. console(config)# aaa authentication enable default enable aaa authentication login Use the aaa authentication login command in Global Configuration mode to set the authentication method required for user at login. To return to the default configuration, use the no form of this command.
PAGE 250
2CSPC4.XModular-SWUM204.book Page 250 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines The default and optional list names created with the aaa authentication login command are used with the login authentication command. Create a list by entering the aaa authentication login list-name method command for a particular protocol, where list-name is any character string used to name this list.
PAGE 251
2CSPC4.XModular-SWUM204.book Page 251 Friday, March 15, 2013 9:24 AM Syntax aaa authorization {commands|exec|network}{default|list-name} method1 [method2] no aaa authorization {commands|exec|network} {default|list-name} Parameter Description Parameter Description Authorization specifier: exec Provides EXEC authorization. All methods are supported. commands Performs authorization of user commands. Only none and tacacs methods are supported. network Performs RADIUS authorization of commands.
PAGE 252
2CSPC4.XModular-SWUM204.book Page 252 Friday, March 15, 2013 9:24 AM The following default Authorization Methods List is present by default: Default List Name Description Authorization Method dfltCmdAuthList Default Command List None dfltExecAuthList Default EXEC list None Command Mode Global Config mode User Guidelines A maximum of five authorization method lists may be created for command types.
PAGE 253
2CSPC4.XModular-SWUM204.book Page 253 Friday, March 15, 2013 9:24 AM aaa authorization network default radius Use the aaa authorization network default radius command in Global Configuration mode to enable the switch to accept VLAN assignment by the RADIUS server. Syntax aaa authorization network default radius no aaa authorization network default radius Default Configuration By default, the switch does not accept VLAN assignments by the RADIUS server.
PAGE 254
2CSPC4.XModular-SWUM204.book Page 254 Friday, March 15, 2013 9:24 AM Syntax aaa ias-user username user no aaa ias-user username user Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command has no user guidelines.
PAGE 255
2CSPC4.XModular-SWUM204.book Page 255 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures the switch to use the new model command set. (config)# aaa new-model clear (IAS) Use the clear aaa ias-users command in Privileged EXEC mode to delete all IAS users.
PAGE 256
2CSPC4.XModular-SWUM204.book Page 256 Friday, March 15, 2013 9:24 AM Example console#clear aaa ias-users authorization Use the authorization command to apply a command authorization method to a line config. Use the no form of the command to return the authorization for the line mode to the default. Syntax authorization {commands|exec } [default|list_name] no authorization {commands|exec } Parameter Description Parameter Description commands Perform authorization for each command entered by the user.
PAGE 257
2CSPC4.XModular-SWUM204.book Page 257 Friday, March 15, 2013 9:24 AM User Guidelines When command authorization is configured for a line-mode, the switch sends information about the entered command to the method specified in the command list. The authorization method validates the received command and responds with either a PASS or FAIL response. If approved, the command is executed. Otherwise, the command is denied and an error message is shown to the user.
PAGE 258
2CSPC4.XModular-SWUM204.book Page 258 Friday, March 15, 2013 9:24 AM Command Mode Line Configuration mode User Guidelines Use of the no form of the command does not disable authentication. Instead, it sets the authentication list to the default list (same as enable authentication default). Example The following example specifies the default authentication method when accessing a higher privilege level console.
PAGE 259
2CSPC4.XModular-SWUM204.book Page 259 Friday, March 15, 2013 9:24 AM User Guidelines The PowerConnect firmware emulates industry standard behavior for enable mode authentication over SSH and telnet. The default enable authentication method for telnet and SSH uses the enableNetList method, which requires an enable password. If users are unable to enter privileged mode when accessing the switch via telnet or SSH, the administrator will need to either change the enable authentication method, e.g.
PAGE 260
2CSPC4.XModular-SWUM204.book Page 260 Friday, March 15, 2013 9:24 AM Default Configuration The local user database is checked. This action has the same effect as the command ip http authentication local. Command Mode Global Configuration mode User Guidelines The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
PAGE 261
2CSPC4.XModular-SWUM204.book Page 261 Friday, March 15, 2013 9:24 AM Keyword Source or destination radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Configuration The local user database is checked. This action has the same effect as the command ip https authentication local.
PAGE 262
2CSPC4.XModular-SWUM204.book Page 262 Friday, March 15, 2013 9:24 AM • default — Uses the default list created with the aaa authentication login command. • list-name — Uses the indicated list created with the aaa authentication login command. Default Configuration Uses the default set with the command aaa authentication login. Command Mode Line Configuration mode User Guidelines This command has no user guidelines.
PAGE 263
2CSPC4.XModular-SWUM204.book Page 263 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode aaa IAS User Configuration User Guidelines This command has no user guidelines.
PAGE 264
2CSPC4.XModular-SWUM204.book Page 264 Friday, March 15, 2013 9:24 AM no password • password — Password for this level. (Range: 8- 64 characters) • encrypted — Encrypted password to be entered, copied from another switch configuration. Default Configuration No password is specified. Command Mode Line Configuration mode User Guidelines This command has no user guidelines. Example The following example specifies a password "mcmxxyyy" on a line.
PAGE 265
2CSPC4.XModular-SWUM204.book Page 265 Friday, March 15, 2013 9:24 AM Default Configuration There is no default configuration for this command. Command Mode User EXEC mode User Guidelines This command has no user guidelines. Example The following example shows the prompt sequence for executing the password command.
PAGE 266
2CSPC4.XModular-SWUM204.book Page 266 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example console#show aaa ias-users UserName ------------------Client-1 Client-2 Following are the IAS configuration commands shown in the output of the show running-config command. Passwords shown in the command output are always encrypted.
PAGE 267
2CSPC4.XModular-SWUM204.book Page 267 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 268
2CSPC4.XModular-SWUM204.book Page 268 Friday, March 15, 2013 9:24 AM Example The following example displays the authentication configuration.
PAGE 269
2CSPC4.XModular-SWUM204.book Page 269 Friday, March 15, 2013 9:24 AM Syntax show authorization methods Default Configuration This command has no default setting. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines Command authorization is supported only for the line, telnet, and SSH access methods.
PAGE 270
2CSPC4.XModular-SWUM204.book Page 270 Friday, March 15, 2013 9:24 AM show users accounts Use the show users accounts command in Privileged EXEC mode to display the local user status with respect to user account lockout and password aging. Syntax show users accounts Parameter Description The following fields are displayed by this command. Parameter Description User Name Local user account’s user name. Privilege User’s access level (read only or read/write).
PAGE 271
2CSPC4.XModular-SWUM204.
PAGE 272
2CSPC4.XModular-SWUM204.book Page 272 Friday, March 15, 2013 9:24 AM Example The following example show user login history outputs. console#show users login-history Login Time Username Protocol Location -------------------- --------- --------- ----------- Jan 19 2005 08:23:48 Bob Serial Jan 19 2005 08:29:29 Robert HTTP 172.16.0.8 Jan 19 2005 08:42:31 John SSH 172.16.0.1 Jan 19 2005 08:49:52 Betty Telnet 172.16.1.
PAGE 273
2CSPC4.XModular-SWUM204.book Page 273 Friday, March 15, 2013 9:24 AM Parameter Description password The authentication password for the user. Range: 8-64 characters. This value can be 0 [zero] if the no passwords min-length command has been executed. The special characters allowed in the password include ! # $ % & ‘ ( ) * + , - . / : ; < = > @ [ \ ] ^ _ ` { | } ~. level The user’s privilege level. Level 0 can be assigned by a level 15 user to another user to suspend that user’s access. Range: 0-15.
PAGE 274
2CSPC4.XModular-SWUM204.book Page 274 Friday, March 15, 2013 9:24 AM Message Type Message Description Successful Completion Message No message is displayed. Error Completion Message Could not set user password! Reason behind the failure 1 Exceeds Minimum Length of a Password. Password should be in the range of 8-64 characters in length. Set minimum password length to 0 by using the passwords min-length 0 command.
PAGE 275
2CSPC4.XModular-SWUM204.book Page 275 Friday, March 15, 2013 9:24 AM username unlock Use the username unlock command in Global Configuration mode to unlock a locked user account. Only a user with read/write access can re-activate a locked user account. Syntax username username unlock Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration.
PAGE 276
2CSPC4.XModular-SWUM204.
PAGE 277
2CSPC4.XModular-SWUM204.book Page 277 Friday, March 15, 2013 9:24 AM 5 Administrative Profiles Commands Overview The administrative profiles capability provides the network administrator control over which commands a user is allowed to execute. The administrator is able to group commands into a “profile” and assign a profile to a user upon authentication. This provides more granularity than simply allowing readonly and read-write users.
PAGE 278
2CSPC4.XModular-SWUM204.book Page 278 Friday, March 15, 2013 9:24 AM If the successful authentication method does not provide an Administrative Profile for a user, then the user is permitted access based upon the user’s privilege level (as in previous releases). This means that if a user successfully passes enable authentication, the user is permitted access to all commands. This is also true if none of the Administrative Profiles provided are configured on the switch.
PAGE 279
2CSPC4.XModular-SWUM204.book Page 279 Friday, March 15, 2013 9:24 AM admin-profile Use the admin-profile command in Global Config mode to create an administrative profile. The system-defined administrative profiles cannot be deleted. When creating a profile, the user is placed into Administrative Profile Configuration mode. Use the no form of the command to delete an administrative profile and all its rules.
PAGE 280
2CSPC4.XModular-SWUM204.book Page 280 Friday, March 15, 2013 9:24 AM description (Administrative Profile Config) Use the description command in Administrative Profile Configuration mode to add a description to an administrative profile. Use the no form of this command to delete the description. Syntax description text no description Parameter Description Parameter Description text A description of, or comment about, the administrative profile. To include white space, enclose the description in quotes.
PAGE 281
2CSPC4.XModular-SWUM204.book Page 281 Friday, March 15, 2013 9:24 AM rule Use the rule command to add a rule to an administrative profile. Use the no form of this command to delete a rule. Syntax rule number {deny|permit} {command command-string|mode mode-name} no rule number Parameter Description Parameter Description number The sequence number of the rule. Rules are applied from the highest sequence number to the lowest. Range: 1 to 256. command-string Specifies which commands to permit or deny.
PAGE 282
2CSPC4.XModular-SWUM204.book Page 282 Friday, March 15, 2013 9:24 AM show admin-profiles Use the show admin-profiles command in Privileged EXEC mode to show the administrative profiles. If the optional profile name parameter is used, only that profile will be shown. Syntax show admin-profiles [name profile-name] Parameter Description Parameter Description profile-name The name of the administrative profile to display. Default Configuration This command has no default configuration.
PAGE 283
2CSPC4.XModular-SWUM204.book Page 283 Friday, March 15, 2013 9:24 AM Example console#show admin-profiles name qos Profile: qos Description: This profile allows access to QoS commands.
PAGE 284
2CSPC4.XModular-SWUM204.book Page 284 Friday, March 15, 2013 9:24 AM Example console#show admin-profiles brief Profile: Profile: Profile: Profile: Profile: Profile: Profile: network-admin network-security router-admin multicast-admin dhcp-admin CP-admin network-operator show cli modes Use the show cli modes command in Privileged EXEC mode to list the names of all the CLI modes. Syntax show cli modes Default Configuration This command has no default configuration.
PAGE 285
2CSPC4.XModular-SWUM204.
PAGE 286
2CSPC4.XModular-SWUM204.
PAGE 287
2CSPC4.XModular-SWUM204.book Page 287 Friday, March 15, 2013 9:24 AM 6 ACL Commands Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria. Rules within an ACL are evaluated sequentially until a match is found, if any.
PAGE 288
2CSPC4.XModular-SWUM204.book Page 288 Friday, March 15, 2013 9:24 AM classifier rule. The ACL logging feature allows these hardware hit counts to be collected on a per-rule basis and reported periodically to the network administrator using the system logging facility and an SNMP trap. The PowerConnect ACL permit/deny rule specification supports a log parameter that enables hardware hit count collection and reporting.
PAGE 289
2CSPC4.XModular-SWUM204.book Page 289 Friday, March 15, 2013 9:24 AM Table 6-1. Common Ethertypes EtherType Protocol 0x0800 Internet Protocol version 4 (IPv4) 0x0806 Address Resolution Protocol (ARP) 0x0842 Wake-on LAN Packet 0x8035 Reverse Address Resolution Protocol (RARP) 0x8100 VLAN tagged frame (IEEE 802.1Q) 0x86DD Internet Protocol version 6 (IPv6) 0x8808 MAC Control 0x8809 Slow Protocols (IEEE 802.3) 0x8870 Jumbo frames 0x888E EAP over LAN (EAPOL – 802.
PAGE 290
2CSPC4.XModular-SWUM204.
PAGE 291
2CSPC4.XModular-SWUM204.book Page 291 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description list-name Access-list name up to 31 characters in length. deny | permit Specifies whether the IP ACL rule permits or denies an action. every Allows all protocols. eq Equal. Refers to the Layer 4 port number being used as match criteria. The first reference is source match criteria, the second is destination match criteria. number Standard protocol number.
PAGE 292
2CSPC4.XModular-SWUM204.book Page 292 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines Access list names can consist of any printable character. Names can be up to 31 characters in length. Examples The following examples create an ACL to discard any HTTP traffic from 192.168.77.171, but allow all other traffic from 192.168.77.171: console(config)#access-list alpha deny ip 192.168.77.171 0.0.0.0 0.0.0.0 255.255.255.
PAGE 293
2CSPC4.XModular-SWUM204.book Page 293 Friday, March 15, 2013 9:24 AM {deny | permit} {every | {{icmp | igmp | ip | tcp | udp | number} srcip srcmask [{eq {portkey | 0-65535} dstip dstmask [{eq {portkey| 0-65535}] [precedence precedence | tos tos tosmask | dscp dscp] [log] [time-range time-range-name] [assign-queue queue-id] [{mirror | redirect} interface-id] Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration.
PAGE 294
2CSPC4.XModular-SWUM204.book Page 294 Friday, March 15, 2013 9:24 AM Ethertype Protocol 0x8809 Slow Protocols (IEEE 802.3) 0x8870 Jumbo frames 0x888E EAP over LAN (EAPOL – 802.1x) 0x88CC Link Layer Discovery Protocol 0x8906 Fibre Channel over Ethernet 0x8914 FCoE Initialization Protocol 0x9100 Q in Q deny | permit (Mac-Access-List-Configuration) Use the deny command in Mac-Access-List Configuration mode to deny traffic if the conditions defined in the deny statement are matched.
PAGE 295
2CSPC4.XModular-SWUM204.book Page 295 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description srcmac Valid source MAC address in format xxxx.xxxx.xxxx. srcmacmask Valid MAC address bitmask for the source MAC address in format xxxx.xxxx.xxxx. any Packets sent to or received from any MAC address dstmac Valid destination MAC address in format xxxx.xxxx.xxxx. destmacmask Valid MAC address bitmask for the destination MAC address in format xxxx.xxxx.xxxx.
PAGE 296
2CSPC4.XModular-SWUM204.book Page 296 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Mac-Access-List Configuration mode User Guidelines The no form of this command is not supported, as the rules within an ACL cannot be deleted individually. Rather the entire ACL must be deleted and respecified. The assign-queue and redirect parameters are only valid for permit commands.
PAGE 297
2CSPC4.XModular-SWUM204.book Page 297 Friday, March 15, 2013 9:24 AM • direction — Direction of the ACL. (Range: in or out. Default is in.) • seqnum — Precedence for this interface and direction. A lower sequence number has higher precedence. Range: 1 – 4294967295. Default is1. Default Configuration This command has no default configuration.
PAGE 298
2CSPC4.XModular-SWUM204.book Page 298 Friday, March 15, 2013 9:24 AM • sequence — Order of access list relative to other access lists already assigned to this interface and direction. (Range: 1-4294967295) Default Configuration The default direction is in (in-bound).
PAGE 299
2CSPC4.XModular-SWUM204.book Page 299 Friday, March 15, 2013 9:24 AM no mac access-list extended name • name — Name of the access list. (Range: 1-31 characters) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Use this command to create a mac access control list. The CLI mode is changed to Mac-Access-List Configuration when this command is successfully executed.
PAGE 300
2CSPC4.XModular-SWUM204.book Page 300 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines Command fails if the new name is the same as the old one. Example The following example shows the mac access-list extended rename command. console(config)#mac access-list extended rename DELL1 DELL2 service-acl input Use the service-acl input command in Interface Configuration mode to block Link Local Protocol Filtering (LLPF) protocol(s) on a given port.
PAGE 301
2CSPC4.XModular-SWUM204.book Page 301 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet, Port-channel) User Guidelines To specify multiple protocols, enter the protocol parameters together on the command line, separated by spaces. This command can only be entered once per interface if no intervening no service-acl input command has been entered.
PAGE 302
2CSPC4.XModular-SWUM204.book Page 302 Friday, March 15, 2013 9:24 AM Example console#show service-acl interface gi1/0/1 Block CDP................................ Enable Block VTP.................................Enable Block DTP..................................Enable Block UDLD................................ Enable Block PAGP.................................Enable Block SSTP................................ Enable Block All.................................
PAGE 303
2CSPC4.XModular-SWUM204.book Page 303 Friday, March 15, 2013 9:24 AM Examples The following example displays IP ACLs configured on a device. console#show ip access-lists Current number of ACLs: 2 ACL Name Maximum number of ACLs: 100 Rules Interface(s) Vlan(s) ----------------------------------------------------ACL40 1 ACL41 1 show mac access-list Use the show mac access-list command in Privileged EXEC mode to display a MAC access list and all of the rules that are defined for the MAC ACL.
PAGE 304
2CSPC4.XModular-SWUM204.book Page 304 Friday, March 15, 2013 9:24 AM Example The following example displays a MAC access list and all associated rules. console#show mac access-list DELL123 The command output provides the following information: Fields Description MAC ACL Name The name of the MAC access list. Rules The number of user-configured rules defined for the MAC ACL. The implicit 'deny all' rule defined at the end of every MAC ACL is not included.
PAGE 305
2CSPC4.XModular-SWUM204.book Page 305 Friday, March 15, 2013 9:24 AM Address Table Commands 7 Static MAC Filtering allows the administrator to add a number of unicast or multicast MAC addresses directly to the forwarding database. This is typically a small number relative to the total size of the database. Associated with each static MAC address is a set of source ports, a set of destination ports and VLAN information.
PAGE 306
2CSPC4.XModular-SWUM204.
PAGE 307
2CSPC4.XModular-SWUM204.book Page 307 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example In this example, the mac address-table tables are cleared. console#clear mac address-table dynamic mac address-table aging-time Use the mac address-table aging-time command in Global Configuration mode to set the aging time of the address.
PAGE 308
2CSPC4.XModular-SWUM204.book Page 308 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example In this example the MAC Address Table aging time is set to 400. console(config)#mac address-table aging-time 400 mac address-table multicast forbidden address Use the mac address-table multicast forbidden address command in Global Configuration mode to forbid adding a specific Multicast address to specific ports.
PAGE 309
2CSPC4.XModular-SWUM204.book Page 309 Friday, March 15, 2013 9:24 AM Parameter Description interface-list Specify a comma separated list of interfaces, a range of interfaces, or a combination of both. Interfaces can be portchannel numbers or physical ports in unit/slot/port format. Default Configuration No forbidden addresses are defined. Command Mode Global Configuration mode User Guidelines Before defining forbidden ports, ensure that the Multicast group is registered.
PAGE 310
2CSPC4.XModular-SWUM204.book Page 310 Friday, March 15, 2013 9:24 AM Syntax Description Parameter Description mac-address A valid MAC address in the format xxxx.xxxx.xxxx or xx:xx:xx:xx:xx:xx vlan-id Valid VLAN ID (1-4093) interface-id The interface to which the received packet is forwarded. Default Configuration No static addresses are defined. The default mode for an added address is permanent.
PAGE 311
2CSPC4.XModular-SWUM204.book Page 311 Friday, March 15, 2013 9:24 AM Syntax port security [discard] no port security • discard — Discards frames with unlearned source addresses. This is the default if no option is indicated.
PAGE 312
2CSPC4.XModular-SWUM204.book Page 312 Friday, March 15, 2013 9:24 AM • max-addr — The maximum number of addresses that can be learning on the port. (Range: 0-600) Default Configuration The default value for this command is 100. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 313
2CSPC4.XModular-SWUM204.book Page 313 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines A MAC address can be displayed in IP format only if it is in the range 01:00:5e:00:00:00 through 01:00:5e:7f:ff:ff. Example In this example, Multicast MAC address table information is displayed. console#show mac address-table multicast Vlan MAC Address ----1 ------------------- Type ------- 0100.5E05.
PAGE 314
2CSPC4.XModular-SWUM204.book Page 314 Friday, March 15, 2013 9:24 AM Parameter Description This command has no arguments or keywords. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example In this example, all classes of entries in the mac address-table are displayed.
PAGE 315
2CSPC4.XModular-SWUM204.book Page 315 Friday, March 15, 2013 9:24 AM show mac address-table address Use the show mac address-table address command in User EXEC or Privileged EXEC mode to display all entries in the bridge-forwarding database for the specified MAC address. Syntax show mac address-table address mac-address [interface interface-id] [vlan vlan-id] Parameter Description Parameter Description mac-address A MAC address with the format xxxx.xxxx.xxxx.
PAGE 316
2CSPC4.XModular-SWUM204.book Page 316 Friday, March 15, 2013 9:24 AM ---- -------------- -------- ------------1 0000.E26D.2C2A Dynamic 1/0/1 show mac address-table count Use the show mac address-table count command in User EXEC or Privileged EXEC mode to display the number of addresses present in the Forwarding Database.
PAGE 317
2CSPC4.XModular-SWUM204.book Page 317 Friday, March 15, 2013 9:24 AM Secure addresses: 1 Dynamic addresses: 97 Internal addresses: 9 show mac address-table dynamic Use the show mac address-table command in User EXEC or Privileged EXEC mode to display all dynamic entries in the bridge-forwarding database. Syntax show mac address-table dynamic [address mac-address] [interface interfaceid] [vlan vlan-id] Parameter Description Parameter Description mac-address A MAC address with the format xxxx.xxxx.
PAGE 318
2CSPC4.XModular-SWUM204.book Page 318 Friday, March 15, 2013 9:24 AM Aging time is 300 Sec Vlan Mac Address Type Port ---- -------------- ------- ------------1 0000.0001.0000 Dynamic gi1/0/1 1 0000.8420.5010 Dynamic gi1/0/1 1 0000.E26D.2C2A Dynamic gi1/0/1 1 0000.E89A.596E Dynamic gi1/0/1 1 0001.02F1.0B33 Dynamic gi1/0/1 show mac address-table interface Use the show mac address-table command in User EXEC or Privileged EXEC mode to display all entries in the mac address-table.
PAGE 319
2CSPC4.XModular-SWUM204.book Page 319 Friday, March 15, 2013 9:24 AM Example In this example, all classes of entries in the bridge-forwarding database for gigabit Ethernet interface 1/0/1 are displayed. console#show mac address-table interface gigabitethernet 1/0/1 Aging time is 300 Sec Vlan Mac Address Type ---- -------------- ---- Port ------------- 1 0000.0001.0000 Dynamic gi1/0/1 1 0000.8420.5010 Dynamic gi1/0/1 1 0000.E26D.2C2A Dynamic gi1/0/1 1 0000.E89A.596E Dynamic gi1/0/1 1 0001.
PAGE 320
2CSPC4.XModular-SWUM204.book Page 320 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example In this example, all static entries in the bridge-forwarding database are displayed. console#show mac address-table static Vlan Mac Address Type Port ---- -------------- ----- ----- 1 gi1/0/1 0001.0001.
PAGE 321
2CSPC4.XModular-SWUM204.book Page 321 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example In this example, all classes of entries in the bridge-forwarding database are displayed.
PAGE 322
2CSPC4.XModular-SWUM204.book Page 322 Friday, March 15, 2013 9:24 AM Syntax show ports security [{gigabitethernet unit/slot/port| port-channel portchannel-number | tengigabitethernet unit/slot/port unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example In this example, all classes of entries in the port-lock status are displayed.
PAGE 323
2CSPC4.XModular-SWUM204.book Page 323 Friday, March 15, 2013 9:24 AM Field Description Maximum The maximum addresses that can be associated on this port in Static Learning mode or in Dynamic Learning mode. Trap Indicates if traps would be sent in case of violation. Frequency The minimum time between consecutive traps. show ports security addresses Use the show ports security addresses command in Privileged EXEC mode to display current dynamic addresses in locked ports.
PAGE 324
2CSPC4.XModular-SWUM204.
PAGE 325
2CSPC4.XModular-SWUM204.book Page 325 Friday, March 15, 2013 9:24 AM 8 Auto-VoIP Commands Voice over Internet Protocol (VoIP) allows network users to make telephone calls using a computer network over a data network like the Internet. With the increased prominence of delay-sensitive applications (voice, video, and other multimedia applications) deployed in networks today, proper QoS configuration ensures high-quality application performance.
PAGE 326
2CSPC4.XModular-SWUM204.book Page 326 Friday, March 15, 2013 9:24 AM show switchport voice Use the show switchport voice command to show the status of Auto-VoIP on an interface or all interfaces. Syntax show switchport voice [gigabitethernet unit/slot/port| port-channel portchannel-number | tengigabitethernet unit/slot/port ] Default Configuration There is no default configuration for this command.
PAGE 327
2CSPC4.XModular-SWUM204.
PAGE 328
2CSPC4.XModular-SWUM204.
PAGE 329
2CSPC4.XModular-SWUM204.book Page 329 Friday, March 15, 2013 9:24 AM Syntax switchport voice detect auto no switchport voice detect auto Default Configuration This feature is disabled by default.
PAGE 330
2CSPC4.XModular-SWUM204.
PAGE 331
2CSPC4.XModular-SWUM204.book Page 331 Friday, March 15, 2013 9:24 AM CDP Interoperability Commands 9 Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network protocol which inter-operates with Cisco network equipment and is used to share information between neighboring devices. PowerConnect switches participate in the ISDP protocol and are able to both discover and be discovered by devices that support the Cisco Discovery Protocol (CDP).
PAGE 332
2CSPC4.XModular-SWUM204.book Page 332 Friday, March 15, 2013 9:24 AM User Guidelines There are no user guidelines for this command. Example console#clear isdp counters clear isdp table The clear isdp table command clears entries in the ISDP table. Syntax clear isdp table Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
PAGE 333
2CSPC4.XModular-SWUM204.book Page 333 Friday, March 15, 2013 9:24 AM Default Configuration ISDP sends version 2 packets by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#isdp advertise-v2 isdp enable The isdp enable command enables ISDP on the switch. User the “no” form of this command to disable ISDP. Use this command in global configuration mode to enable the ISDP function on the switch.
PAGE 334
2CSPC4.XModular-SWUM204.book Page 334 Friday, March 15, 2013 9:24 AM Example The following example enables isdp on interface 1/0/1. console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#isdp enable isdp holdtime The isdp holdtime command configures the hold time for ISDP packets that the switch transmits. The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it. The range is given in seconds.
PAGE 335
2CSPC4.XModular-SWUM204.book Page 335 Friday, March 15, 2013 9:24 AM isdp timer The isdp timer command sets period of time between sending new ISDP packets. The range is given in seconds. Use the “no” form of this command to reset the timer to the default. Syntax isdp timer time no isdp timer Parameter Description Parameter Description time The time in seconds (range: 5–254 seconds). Default Configuration The default timer is 30 seconds.
PAGE 336
2CSPC4.XModular-SWUM204.book Page 336 Friday, March 15, 2013 9:24 AM Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command. Example console#show isdp Timer................................ 30 Hold Time............................ 180 Version 2 Advertisements............. Enabled Neighbors table last time changed.... 0 days 00:06:01 Device ID............
PAGE 337
2CSPC4.XModular-SWUM204.book Page 337 Friday, March 15, 2013 9:24 AM Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command. Example console#show isdp entry Switch Device ID Switch Address(es): IP Address: 172.20.1.18 IP Address: 172.20.1.
PAGE 338
2CSPC4.XModular-SWUM204.book Page 338 Friday, March 15, 2013 9:24 AM Compiled Wed 21-Mar-07 12:20 by tinhuang show isdp interface The show isdp interface command displays ISDP settings for the specified interface. Syntax show isdp interface {all | gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port} Default Configuration There is no default configuration for this command.
PAGE 339
2CSPC4.XModular-SWUM204.
PAGE 340
2CSPC4.XModular-SWUM204.book Page 340 Friday, March 15, 2013 9:24 AM Syntax show isdp neighbors {[gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | detail]} Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines The information displayed varies based upon the information received from the ISDP neighbor.
PAGE 341
2CSPC4.XModular-SWUM204.book Page 341 Friday, March 15, 2013 9:24 AM Interface 1/0/1 Port ID GigabitEthernet1/1 Holdtime 162 Advertisement Version 2 Entry last changed time 0 days 00:55:20 Version : Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9K91S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc.
PAGE 342
2CSPC4.XModular-SWUM204.book Page 342 Friday, March 15, 2013 9:24 AM ISDP Packets Transmitted....................... 127 ISDPv1 Packets Received........................ 0 ISDPv1 Packets Transmitted..................... 0 ISDPv2 Packets Received........................ 4253 ISDPv2 Packets Transmitted..................... 4351 ISDP Bad Header................................ 0 ISDP Checksum Error............................ 0 ISDP Transmission Failure...................... 0 ISDP Invalid Format...............
PAGE 343
2CSPC4.XModular-SWUM204.book Page 343 Friday, March 15, 2013 9:24 AM 10 DHCP Layer 2 Relay Commands In the majority of network configurations, DHCP clients and their associated servers do not reside on the same IP network or subnet. Therefore, some kind of third-party agent is required to transfer DHCP messages between clients and servers. Such an agent is known as a DHCP Relay agent. The DHCP Relay agent accepts DHCP requests from any routed interface, including VLANs.
PAGE 344
2CSPC4.XModular-SWUM204.book Page 344 Friday, March 15, 2013 9:24 AM Syntax dhcp l2relay no dhcp l2relay Default Configuration DHCP L2 Relay is disabled by default. Command Mode Global Configuration. User Guidelines There are no user guidelines for this command. Example console(config)#dhcp l2relay dhcp l2relay (Interface Configuration) Use the dhcp l2relay command to enable DHCP L2 Relay for an interface. Use the "no" form of this command to disable DHCP L2 Relay for an interface.
PAGE 345
2CSPC4.XModular-SWUM204.book Page 345 Friday, March 15, 2013 9:24 AM Example console(config-if-Gi1/0/1)#dhcp l2relay dhcp l2relay circuit-id Use the dhcp l2relay circuit-id command to enable setting the DHCP Option 82 Circuit ID for a VLAN. When enabled, the interface number is added as the Circuit ID in DHCP option 82. Use the "no" form of this command to disable setting the DHCP Option 82 Circuit ID.
PAGE 346
2CSPC4.XModular-SWUM204.book Page 346 Friday, March 15, 2013 9:24 AM dhcp l2relay remote-id Use the dhcp l2relay remote-id command to enable setting the DHCP Option 82 Remote ID for a VLAN. When enabled, the supplied string is used for the Remote ID in DHCP Option 82. Use the "no" form of this command to disable setting the DHCP Option 82 Remote ID.
PAGE 347
2CSPC4.XModular-SWUM204.book Page 347 Friday, March 15, 2013 9:24 AM Syntax dhcp l2relay trust no dhcp l2relay trust Default Configuration DHCP Option 82 is discarded by default. Configuration Mode Interface Configuration (Ethernet, Port-channel). User Guidelines There are no user guidelines for this command. Example console(config-if-Gi1/0/1)#dhcp l2relay trust dhcp l2relay vlan Use the dhcp l2relay vlan command to enable the L2 DHCP Relay agent for a set of VLANs.
PAGE 348
2CSPC4.XModular-SWUM204.book Page 348 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#dhcp l2relay vlan 10,340-345 show dhcp l2relay all Use the show dhcp l2relay all command in Privileged EXEC mode to display the summary of DHCP L2 Relay configuration. Syntax show dhcp l2relay all Default Configuration This command has no default configuration.
PAGE 349
2CSPC4.XModular-SWUM204.
PAGE 350
2CSPC4.XModular-SWUM204.book Page 350 Friday, March 15, 2013 9:24 AM Example console#show dhcp l2relay interface all DHCP L2 Relay is Enabled. Interface L2RelayMode ---------- TrustMode ----------- -------------- 0/2 Enabled untrusted 0/4 Disabled trusted show dhcp l2relay stats interface Use the show dhcp l2relay stats interface command in Privileged EXEC mode to display DHCP L2 Relay statistics specific to interfaces.
PAGE 351
2CSPC4.XModular-SWUM204.book Page 351 Friday, March 15, 2013 9:24 AM DHCP L2 Relay is Enabled.
PAGE 352
2CSPC4.XModular-SWUM204.book Page 352 Friday, March 15, 2013 9:24 AM Syntax show dhcp l2relay agent-option vlan vlan-range Parameter Description Parameter Description vlan-range Show information for the specified VLAN range. A range may be a single VLAN ID or two VLAN IDs separated by a single dash with no embedded spaces. Default Configuration This command has no default configuration.
PAGE 353
2CSPC4.XModular-SWUM204.book Page 353 Friday, March 15, 2013 9:24 AM show dhcp l2relay vlan Use the show dhcp l2relay vlan command in Privileged EXEC mode to display whether DHCP L2 Relay is globally enabled on the specified VLAN or VLAN range. Syntax show dhcp l2relay vlan vlan-range Parameter Description Parameter Description vlan-range Show information for the specified VLAN range. A range may be a single VLAN ID or two VLAN IDs separated by a single dash with no embedded spaces.
PAGE 354
2CSPC4.XModular-SWUM204.book Page 354 Friday, March 15, 2013 9:24 AM show dhcp l2relay circuit-id vlan Use the show dhcp l2relay circuit-id vlan command in Privileged EXEC mode to display whether DHCP L2 Relay is globally enabled and whether the DHCP Circuit-ID option is enabled on the specified VLAN or VLAN range. Syntax show dhcp l2relay circuit-id vlan vlan-range Parameter Description Parameter Description vlan-range Show information for the specified VLAN range.
PAGE 355
2CSPC4.XModular-SWUM204.book Page 355 Friday, March 15, 2013 9:24 AM show dhcp l2relay remote-id vlan Use the show dhcp l2relay remote-id vlan command in Privileged EXEC mode to display whether DHCP L2 Relay is globally enabled and shows the remote ID configured on the specified VLAN or VLAN range. Syntax show dhcp l2relay remote-id vlan vlan-range Parameter Description Parameter Description vlan-range Show information for the specified VLAN range.
PAGE 356
2CSPC4.XModular-SWUM204.book Page 356 Friday, March 15, 2013 9:24 AM clear dhcp l2relay statistics interface Use the show dhcp l2relay statistics interface command in Privileged EXEC mode to reset the DHCP L2 Relay counters to zero. Specify the port with the counters to clear, or use the all keyword to clear the counters on all ports. Syntax clear dhcp l2relay statistics interface {all | interface-id} Parameter Description Parameter Description all Show all interfaces.
PAGE 357
2CSPC4.XModular-SWUM204.book Page 357 Friday, March 15, 2013 9:24 AM DHCP Management Interface Commands 11 PowerConnect switches support an embedded DHCP client. Any IP interface can use DHCP to obtain an IP address. The DHCP client can run on multiple interfaces simultaneously. For IPv4, an IP interface can either use manually configured addresses or be enabled for DHCP. The options are mutually exclusive.
PAGE 358
2CSPC4.XModular-SWUM204.book Page 358 Friday, March 15, 2013 9:24 AM renew dhcp show dhcp lease release dhcp Use the release dhcp command in Privileged EXEC mode to force the DHCPv4 client to release a leased address. Syntax release dhcp interface-id Parameter Description Parameter Description interface-id Any valid VLAN interface. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration.
PAGE 359
2CSPC4.XModular-SWUM204.book Page 359 Friday, March 15, 2013 9:24 AM Example console#release dhcp vlan2 renew dhcp Use the renew dhcp command in Privileged EXEC mode to force the DHCP client to immediately renew an IPv4 address lease. Syntax renew dhcp {interface-id | out-of-band} Parameter Description Parameter Description interface-id Any valid routing interface. See Interface Naming Conventions for interface representation. out-of-band Keyword to identify the out-of-band interface.
PAGE 360
2CSPC4.XModular-SWUM204.book Page 360 Friday, March 15, 2013 9:24 AM Examples The first example is for routing interfaces. console#renew dhcp vlan 2 The second example is for out-of-band port. console#renew dhcp out-of-band debug dhcp packet Use the debug dhcp packet command in Privileged EXEC mode to display debug information about DHCPv4 client activities and to trace DHCPv4 packets to and from the local DHCPv4 client. To disable debugging, use the no form of this command.
PAGE 361
2CSPC4.XModular-SWUM204.book Page 361 Friday, March 15, 2013 9:24 AM console#debug dhcp packet transmit The third example is for receive flow. console#debug dhcp packet receive show dhcp lease Use the show dhcp lease command in Privileged EXEC mode to display IPv4 addresses leased from a DHCP server. Syntax show dhcp lease [interface interface-id] Parameter Description Parameter Description interface-id Any valid IP interface (VLAN only). See Interface Naming Conventions for interface representation.
PAGE 362
2CSPC4.XModular-SWUM204.book Page 362 Friday, March 15, 2013 9:24 AM Term Description DHCP Lease server The IPv4 address of the DHCP server that leased the address. State State of the DHCPv4 Client on this interface. DHCP transaction id The transaction ID of the DHCPv4 Client. Lease The time (in seconds) that the IP address was leased by the server. Renewal The time (in seconds) when the next DHCP renew Request is sent by DHCPv4 Client to renew the leased IP address.
PAGE 363
2CSPC4.XModular-SWUM204.book Page 363 Friday, March 15, 2013 9:24 AM DHCP Lease server: 10.1.20.
PAGE 364
2CSPC4.XModular-SWUM204.
PAGE 365
2CSPC4.XModular-SWUM204.book Page 365 Friday, March 15, 2013 9:24 AM DHCP Snooping Commands 12 DHCP Snooping is a security feature that monitors DHCP messages between DHCP clients and DHCP server to filter harmful DHCP messages and build a bindings database of {MAC address, IP address, VLAN ID, interface} tuples that are considered authorized. The DHCP snooping application processes incoming DHCP messages.
PAGE 366
2CSPC4.XModular-SWUM204.
PAGE 367
2CSPC4.XModular-SWUM204.book Page 367 Friday, March 15, 2013 9:24 AM User Guidelines There are no user guidelines for this command. clear ip dhcp snooping statistics Use the clear ip dhcp snooping statistics command to clear all DHCP Snooping statistics. Syntax clear ip dhcp snooping statistics Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC User Guidelines There are no user guidelines for this command.
PAGE 368
2CSPC4.XModular-SWUM204.book Page 368 Friday, March 15, 2013 9:24 AM Default Configuration DHCP Snooping is disabled by default. Command Mode Global Configuration mode User Guidelines In order to enable DHCP snooping, perform the following three steps: 1 Enable DHCP Snooping globally. 2 Enable DHCP Snooping per VLAN. 3 Set DHCP Snooping trusted port on the port in the DHCP server direction.
PAGE 369
2CSPC4.XModular-SWUM204.book Page 369 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description mac-address The client's MAC address. vlan-id The number of the VLAN the client is authorized to use. ip-address The IP address of the client. interface The interface on which the client is authorized. The form is unit/slot/port. Default Configuration There are no static DHCP snooping bindings by default.
PAGE 370
2CSPC4.XModular-SWUM204.book Page 370 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description hostIP The IP address of the remote host. filename The name of the file for the database on the remote host. The filename may contain any printable character and is checked only when attempting to open the file. Default Configuration The database is stored locally by default. Configuration Mode Global Configuration mode. User Guidelines There are no user guidelines for this command.
PAGE 371
2CSPC4.XModular-SWUM204.book Page 371 Friday, March 15, 2013 9:24 AM no ip dhcp snooping database write-delay Parameter Description Parameter Description seconds The write delay (Range: 15–86400 seconds). Default Configuration The write delay is 300 seconds by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
PAGE 372
2CSPC4.XModular-SWUM204.book Page 372 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines If DHCP packets are received on a port at a rate that exceeds the threshold for the specified time, the port will be diagnostically disabled. The threshold is configurable up to 300 pps, and the burst is configurable up to 15s long. The default is 15 pps. Use the no shut command to return a disabled port to service.
PAGE 373
2CSPC4.XModular-SWUM204.book Page 373 Friday, March 15, 2013 9:24 AM Example console(config-if-1/0/1)#ip dhcp snooping log-invalid console(config-if-1/0/1)#no ip dhcp snooping log-invalid ip dhcp snooping trust Use the ip dhcp snooping trust command to configure a port as trusted. Use the “no” form of this command to configure a port as untrusted. Syntax ip dhcp snooping trust no ip dhcp snooping trust Default Configuration Ports are untrusted by default.
PAGE 374
2CSPC4.XModular-SWUM204.book Page 374 Friday, March 15, 2013 9:24 AM Syntax ip dhcp snooping verify mac-address no ip dhcp snooping verify mac-address Default Configuration Source MAC address verification is enabled by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping verify mac-address show ip dhcp snooping Use the show ip dhcp snooping command to display the DHCP snooping global configuration.
PAGE 375
2CSPC4.XModular-SWUM204.book Page 375 Friday, March 15, 2013 9:24 AM User Guidelines There are no user guidelines for this command.
PAGE 376
2CSPC4.XModular-SWUM204.book Page 376 Friday, March 15, 2013 9:24 AM • vlan-id — The number of the VLAN for which to show bindings. Default Configuration There is no default configuration for this command. Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command.
PAGE 377
2CSPC4.XModular-SWUM204.book Page 377 Friday, March 15, 2013 9:24 AM Command Mode User EXEC, Privileged EXEC, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command. Example console#show ip dhcp snooping database agent url: /10.131.13.79:/sai1.txt write-delay: 5000 show ip dhcp snooping interfaces Use the show ip dhcp snooping interfaces command to show the DHCP Snooping status of the interfaces.
PAGE 378
2CSPC4.XModular-SWUM204.
PAGE 379
2CSPC4.XModular-SWUM204.book Page 379 Friday, March 15, 2013 9:24 AM User Guidelines The following fields are displayed by this command: Fields Description MAC Verify Failures The number of DHCP messages that were filtered on an untrusted interface because of source MAC address and client MAC address mismatch. Client Ifc Mismatch The number of DHCP release and Deny messages received on the different ports than previously learned.
PAGE 380
2CSPC4.XModular-SWUM204.
PAGE 381
2CSPC4.XModular-SWUM204.book Page 381 Friday, March 15, 2013 9:24 AM Dynamic ARP Inspection Commands 13 Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its neighbors. The miscreant sends ARP requests or responses mapping another station IP address to its own MAC address.
PAGE 382
2CSPC4.XModular-SWUM204.book Page 382 Friday, March 15, 2013 9:24 AM Default Configuration There are no ARP ACLs created by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#arp access-list tier1 clear ip arp inspection statistics Use the clear ip arp inspection statistics command in Privileged EXEC mode to reset the statistics for Dynamic Address Resolution Protocol (ARP) inspection on all VLANs.
PAGE 383
2CSPC4.XModular-SWUM204.book Page 383 Friday, March 15, 2013 9:24 AM Example console#clear ip arp inspection statistics ip arp inspection filter Use the ip arp inspection filter command to configure the ARP ACL to be used for a single VLAN or a range of VLANs to filter invalid ARP packets. If the static keyword is given, packets that do not match a permit statement are dropped without consulting the DHCP snooping bindings. Use the “no” form of this command to unconfigure the ARP ACL.
PAGE 384
2CSPC4.XModular-SWUM204.book Page 384 Friday, March 15, 2013 9:24 AM Configuring none for the limit means the interface is not rate limited for Dynamic ARP Inspection. Syntax ip arp inspection limit {none | rate pps [burst interval seconds]} no ip arp inspection limit • none — To set no rate limit. • pps — The number of packets per second (Range: 0–300). • seconds — The number of seconds (Range: 1–15). Default Configuration The default rate limit is 15 packets per second.
PAGE 385
2CSPC4.XModular-SWUM204.book Page 385 Friday, March 15, 2013 9:24 AM Syntax ip arp inspection trust no ip arp inspection trust Default Configuration Interfaces are configured as untrusted by default. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines There are no user guidelines for this command.
PAGE 386
2CSPC4.XModular-SWUM204.book Page 386 Friday, March 15, 2013 9:24 AM • ip —For validating the IP address of an ARP packet. Default Configuration There is no additional validation enabled by default.
PAGE 387
2CSPC4.XModular-SWUM204.book Page 387 Friday, March 15, 2013 9:24 AM User Guidelines There are no user guidelines for this command. Example console(config)#ip arp inspection vlan 200-300 console(config)#ip arp inspection vlan 200-300 logging permit ip host mac host Use the permit ip host mac host command to configure a rule for a valid IP address and MAC address combination used in ARP packet validation. Use the “no” form of this command to delete an ARP ACL rule.
PAGE 388
2CSPC4.XModular-SWUM204.book Page 388 Friday, March 15, 2013 9:24 AM show arp access-list Use the show arp access-list command to display the configured ARP ACLs with the rules. Giving an ARP ACL name as the argument would display only the rules in that ARP ACL. Syntax show arp access-list [acl-name] acl-name — A valid ARP ACL name (Range: 1–31 characters). Default Configuration There is no default configuration for this command.
PAGE 389
2CSPC4.XModular-SWUM204.book Page 389 Friday, March 15, 2013 9:24 AM Syntax show ip arp inspection [interfaces [interface-id] | statistics [vlan vlan-range] | vlan vlan-range] Parameter Description Parameter Description interfaces [interface-id] Display the Dynamic ARP Inspection configuration on all the DAI enabled interfaces. Giving an interface argument, it displays the values for that interface.
PAGE 390
2CSPC4.XModular-SWUM204.book Page 390 Friday, March 15, 2013 9:24 AM DHCP Drops The number of packets dropped due to DHCP Snooping binding database match failure. ACL Drops The number of packets dropped due to ARP ACL rule match failure. DHCP Permits The number of packets permitted due to DHCP snooping binding database match. ACL Permits The number of packets permitted due to ARP ACL rule match. Bad Src MAC The number of packets dropped due to Source MAC validation failure.
PAGE 391
2CSPC4.XModular-SWUM204.
PAGE 392
2CSPC4.XModular-SWUM204.book Page 392 Friday, March 15, 2013 9:24 AM Parameter Description Source Mac Validation If Source Mac validation of ARP frame is enabled. Destination Mac Validation If Destination Mac validation of ARP Response frame is enabled. IP Address Validation If IP address validation of ARP frame is enabled. The following fields are displayed for each VLAN: Field Description VLAN The VLAN-ID for each displayed row. Configuration Whether DAI is enabled on the VLAN.
PAGE 393
2CSPC4.XModular-SWUM204.book Page 393 Friday, March 15, 2013 9:24 AM E-mail Alerting Commands 14 E-mail Alerting is an extension of the logging system. The PowerConnect logging system allows the user to configure a variety of destinations for log messages. This feature adds e-mail configuration capabilities, by which the log messages are sent to a configured SMTP server such that an operator may receive the log in an e-mail account of their choice.
PAGE 394
2CSPC4.XModular-SWUM204.
PAGE 395
2CSPC4.XModular-SWUM204.book Page 395 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description severity If you specify a severity level, log messages at or above the severity level are e-mailed. The severity level may either be specified by keyword or as an integer from 0 to 7. The accepted keywords, and the numeric severity level each represents, are as follows.
PAGE 396
2CSPC4.XModular-SWUM204.book Page 396 Friday, March 15, 2013 9:24 AM logging email urgent Use the logging email urgent command in Global Configuration mode to set the lowest severity level at which log messages are e-mailed in an urgent manner. To revert the urgent severity level to its default value, use the no form of this command.
PAGE 397
2CSPC4.XModular-SWUM204.book Page 397 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines Log messages at or above this severity level are considered urgent. By default, Emergency and Alert log messages are considered urgent. Urgent log messages are e-mailed immediately, one log message per e-mail message, and do not wait for the log time to expire. Urgent log messages are not e-mailed unless you enable e-mail alerting with the logging email command.
PAGE 398
2CSPC4.XModular-SWUM204.book Page 398 Friday, March 15, 2013 9:24 AM Default Configuration The default severity level is info(6). Command Mode Global Configuration mode User Guidelines You can filter log messages that appear in the buffered log by severity level. You can specify the severity level of log messages that are e-mailed.
PAGE 399
2CSPC4.XModular-SWUM204.book Page 399 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration User Guidelines This command removes the configured to-addr field of e-mail. logging email from-addr Use the logging email from-addr command in Global Configuration mode to configure the From address of the e-mail. Use the no form of this command to remove the e-mail source address.
PAGE 400
2CSPC4.XModular-SWUM204.book Page 400 Friday, March 15, 2013 9:24 AM Syntax logging email message-type message-type subject subject no logging email message-type message-type subject Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The user must enter the message-type parameter manually as tab and space bar completion do not work for this parameter.
PAGE 401
2CSPC4.XModular-SWUM204.book Page 401 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration User Guidelines This command has no user guidelines. logging email test message-type Use the logging email test message-type command in Global Configuration mode to test whether or not an e-mail is being sent to an SMTP server.
PAGE 402
2CSPC4.XModular-SWUM204.book Page 402 Friday, March 15, 2013 9:24 AM show logging email statistics Use the show logging email statistics command in Privileged EXEC mode to show the statistics about the e-mails. The command displays information on how many e-mails are sent, how many e-mails failed, when the last e-mail was sent, how long it has been since the last e-mail was sent, how long it has been since the e-mail changed to disabled mode.
PAGE 403
2CSPC4.XModular-SWUM204.book Page 403 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines This command has no user guidelines. security Use the security command in Mail Server Configuration mode to set the email alerting security protocol. This enables and disables the switch to use TLS authentication with the SMTP Server.
PAGE 404
2CSPC4.XModular-SWUM204.book Page 404 Friday, March 15, 2013 9:24 AM mail-server ip-address | hostname Use the mail-server ip-address | hostname command in Global Configuration mode to configure the SMTP server IP address and change the mode to Mail Server Configuration mode. The server address can be in the IPv4, IPv6, or DNS name format. Use the no form of this command to remove the configured SMTP server address.
PAGE 405
2CSPC4.XModular-SWUM204.book Page 405 Friday, March 15, 2013 9:24 AM port (Mail Server Configuration Mode) Use the port command in Mail Server Configuration mode to configure the TCP port to use for communication with the SMTP server. Port can be set to 465 or 25. Use the no form of the command to revert the SMTP port to the default port. Syntax port port no port Parameter Description This command does not require a parameter description. Default Configuration The default value is 25.
PAGE 406
2CSPC4.XModular-SWUM204.book Page 406 Friday, March 15, 2013 9:24 AM Parameter Description This command does not require a parameter description. Default Configuration The default value for username is admin. Command Mode Mail Server Configuration User Guidelines This command has no user guidelines. password (Mail Server Configuration Mode) Use the password command in Mail Server Configuration mode to configure the password required to authenticate to the e-mail server.
PAGE 407
2CSPC4.XModular-SWUM204.book Page 407 Friday, March 15, 2013 9:24 AM show mail-server Use the show mail-server command in Privileged EXEC mode to display the configuration of all the mail servers or a particular mail server. Syntax show mail-server {ip-address | hostname | all} Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration.
PAGE 408
2CSPC4.XModular-SWUM204.book Page 408 Friday, March 15, 2013 9:24 AM SMTP server authentication details: Username: admin Mail server2 configuration: SMTP server IP Address: 10.131.1.31 SMTP server Port: 465 SMTP server security protocol: tls SMTP server authentication details: Username: admin console#show mail-server ip-address 10.131.1.11 SMTP server IP Address: 10.131.1.
PAGE 409
2CSPC4.XModular-SWUM204.book Page 409 Friday, March 15, 2013 9:24 AM 15 Ethernet Configuration Commands PowerConnect switches support a variety of configuration options to optimize network operations. Features such as flow-control and jumbo frames are supported along with a variety of commands to display traffic statistics as well as limit the effects of network loops or other network issues.
PAGE 410
2CSPC4.XModular-SWUM204.book Page 410 Friday, March 15, 2013 9:24 AM On a storm control enabled interface, if the ingress rate of that type of packet (L2 broadcast, multicast, or unicast) is greater than the configured threshold level (as a percentage of port speed or as an absolute packets-per-second rate), the switch forwarding-plane discards the excess traffic. The speed and duplex commands control interface link speeds and autonegotiation.
PAGE 411
2CSPC4.XModular-SWUM204.book Page 411 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode User Guidelines Use of the clear counters command with no parameters indicates that both switch and all interface statistics are to be cleared. Example In the following example, the counters for port 1/0/1 are cleared. console#clear counters gigabitethernet 1/0/1 description Use the description command in Interface Configuration mode to add a description to an interface.
PAGE 412
2CSPC4.XModular-SWUM204.book Page 412 Friday, March 15, 2013 9:24 AM Example The following example adds a description to the Ethernet port 5. console(config)#interface gigabitethernet 1/0/5 console(config-if-1/0/5)# description RD_SW#3 duplex Use the duplex command in Interface Configuration mode to configure the duplex operation of a given Ethernet interface. To restore the default, use the no form of this command.
PAGE 413
2CSPC4.XModular-SWUM204.book Page 413 Friday, March 15, 2013 9:24 AM parameter. Fiber ports do not support auto-negotiation and therefore require the operator to enter the duplex full command and the speed command with the desired operating bandwidth. Disabling auto-negotiation on 1G copper ports may lead to random frame loss as the clock master has not been arbitrated by the auto-negotiation process. Auto-negotiation is required on 10G/40G copper ports, and is recommended on all copper ports.
PAGE 414
2CSPC4.XModular-SWUM204.book Page 414 Friday, March 15, 2013 9:24 AM interface Use this command to configure parameters for the gigabit Ethernet and tengigabit Ethernet ports, and for port-channels. While in Global Configuration mode, enter the interface command (with a specific interface). To exit to Global Configuration mode, enter exit. To return to Privileged EXEC mode, press Ctrl-Z or enter end.
PAGE 415
2CSPC4.XModular-SWUM204.book Page 415 Friday, March 15, 2013 9:24 AM interface range Use the interface range command in Global Configuration mode to execute a command on multiple ports at the same time. NOTE: An additional form of this command enables configuring a range of VLANs. See interface range vlan. Syntax interface range {port-range | port-type all} Parameter Description port-range A list of valid ports to configure.
PAGE 416
2CSPC4.XModular-SWUM204.book Page 416 Friday, March 15, 2013 9:24 AM console(config-if-range)# The following example shows how all gigabitethernet ports can be configured at once.
PAGE 417
2CSPC4.XModular-SWUM204.book Page 417 Friday, March 15, 2013 9:24 AM User Guidelines Because the switch does not fragment frames, received frames that are larger than the MTU setting are dropped. Packets originated by the CPU are fragmented on transmission if the link MTU is smaller than the IP MTU. Setting the MTU less than the IPv4 MTU causes CPU-generated IPv4 packets to be fragmented. Setting the MTU less than the IPv6 MTU causes CPU-generated IPv6 packets to be dropped.
PAGE 418
2CSPC4.XModular-SWUM204.book Page 418 Friday, March 15, 2013 9:24 AM User Guidelines The priority resolution field indicates the auto-negotiated link speed and duplex. The clock field indicates whether the local interface has autonegotiated to clock master or clock slave. When the link is down, the field will show No link. When the link is down, the Oper Peer Advertisement and Priority Resolution fields will show dashes.
PAGE 419
2CSPC4.XModular-SWUM204.book Page 419 Friday, March 15, 2013 9:24 AM Port: Gi1/0/1 Type: Gigabit - Level Link State: Down Auto Negotiation: Enabled 802.
PAGE 420
2CSPC4.XModular-SWUM204.
PAGE 421
2CSPC4.XModular-SWUM204.book Page 421 Friday, March 15, 2013 9:24 AM Field Description Port Type The port designated IEEE shorthand identifier. For example 1000Base-T refers to 1000 Mbps baseband signaling including both Tx and Rx transmissions. Duplex Displays the port Duplex status. Speed Refers to the port speed. Neg Describes the Auto-negotiation status. Admin State Displays whether the port is enabled or disabled.
PAGE 422
2CSPC4.XModular-SWUM204.book Page 422 Friday, March 15, 2013 9:24 AM ---- ---------- --------- 1/0/1 183892 1289 3/0/1 123899 1788 Port OutOctets OutUcastPkts ---- ---------- --------- 1/0/1 9188 9 2/0/1 0 0 3/0/1 8789 27 Ch InOctets InUcastPkts ---- ---------- --------- 1 27889 928 Ch OutOctets OutUcastPkts ---- ---------- --------- 1 23739 882 The following example displays counters for Ethernet port 1/0/1.
PAGE 423
2CSPC4.XModular-SWUM204.book Page 423 Friday, March 15, 2013 9:24 AM FCS Errors: ................................... 0 Single Collision Frames: ...................... 0 Late Collisions: .............................. 0 Excessive Collisions: ......................... 0 Multiple Collisions: .......................... 0 Oversize Packets: ............................. 0 Internal MAC Rx Errors: ....................... 0 Received Pause Frames: ........................ 0 Transmitted Pause Frames: ................
PAGE 424
2CSPC4.XModular-SWUM204.book Page 424 Friday, March 15, 2013 9:24 AM Field Description Late Collisions Counted times that a collision is detected later than one slot time into the transmission of a packet. Excessive Collisions Counted frames for which transmission fails due to excessive collisions. Oversize Packets Counted frames received that exceed the maximum permitted frame size. Internal MAC Rx Errors A count of frames for which reception fails due to an internal MAC sublayer receive error.
PAGE 425
2CSPC4.XModular-SWUM204.book Page 425 Friday, March 15, 2013 9:24 AM Example The following example displays the description for all interfaces.
PAGE 426
2CSPC4.XModular-SWUM204.book Page 426 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example displays detailed status and configuration of the specified interface.
PAGE 427
2CSPC4.XModular-SWUM204.book Page 427 Friday, March 15, 2013 9:24 AM VLAN Name ---- --------------------------------- ----------- Egress rule Forbidden VLANS: VLAN Name ---- --------------------------------- Port Gi1/0/1 Enabled State: Disabled Role: Disabled Port id: 128.1 Port Fast: Port Cost: 0 No (Configured: no) Root Protection: No Designated bridge Priority: 32768 Address: 001E.C9AA.AF51 Designated port id: 128.
PAGE 428
2CSPC4.XModular-SWUM204.book Page 428 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines Port channels are only displayed if configured. Use the show interfaces portchannel command to display configured and unconfigured port channels. Interfaces configured as stacking ports will show as detached in the output of the show interfaces status command.
PAGE 429
2CSPC4.XModular-SWUM204.book Page 429 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description unit/slot/port A valid interface. See Interface Naming Conventions for interface representation. switchport Displays statistics for the entire switch. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 430
2CSPC4.XModular-SWUM204.book Page 430 Friday, March 15, 2013 9:24 AM Packets RX and TX 512-1023 Octets.............. 0 Packets RX and TX 1024-1518 Octets............. 0 Packets RX and TX 1519-2047 Octets............. 0 Packets RX and TX 2048-4095 Octets............. 0 Packets RX and TX 4096-9216 Octets............. 0 Total Packets Received Without Errors.......... 0 Unicast Packets Received....................... 0 Multicast Packets Received..................... 0 Broadcast Packets Received...............
PAGE 431
2CSPC4.XModular-SWUM204.book Page 431 Friday, March 15, 2013 9:24 AM Packets Transmitted > 1518 Octets.............. 0 Max Frame Size................................. 1518 Total Packets Transmitted Successfully......... 0 Unicast Packets Transmitted.................... 0 Multicast Packets Transmitted.................. 0 Broadcast Packets Transmitted.................. 0 Total Transmit Errors.......................... 0 Total Transmit Packets Discarded............... 0 Single Collision Frames.............
PAGE 432
2CSPC4.XModular-SWUM204.book Page 432 Friday, March 15, 2013 9:24 AM show statistics switchport Use the show statistics command in Privileged EXEC mode to display detailed statistics for a specific port or for the entire switch. Syntax show statistics {interface-id |switchport} Parameter Description Parameter Description interface-id Interface id. See Interface Naming Conventions for interface representation. switchport Displays statistics for the entire switch.
PAGE 433
2CSPC4.XModular-SWUM204.book Page 433 Friday, March 15, 2013 9:24 AM Broadcast Packets Received..................... 0 Receive Packets Discarded...................... 0 Octets Transmitted............................. 0 Packets Transmitted Without Errors............. 0 Unicast Packets Transmitted.................... 0 Multicast Packets Transmitted.................. 0 Broadcast Packets Transmitted.................. 0 Transmit Packets Discarded..................... 0 Most Address Entries Ever Used..........
PAGE 434
2CSPC4.XModular-SWUM204.book Page 434 Friday, March 15, 2013 9:24 AM show storm-control Use the show storm-control command in Privileged EXEC mode to display the configuration of storm control. Syntax show storm-control [all | {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 435
2CSPC4.XModular-SWUM204.book Page 435 Friday, March 15, 2013 9:24 AM shutdown Use the shutdown command in Interface Configuration mode to disable an interface. To restart a disabled interface, use the no form of this command. Syntax shutdown no shutdown Default Configuration The interface is enabled. Command Mode Interface Configuration (Ethernet, Port-Channel, Tunnel, Loopback) mode User Guidelines This command has no user guidelines.
PAGE 436
2CSPC4.XModular-SWUM204.book Page 436 Friday, March 15, 2013 9:24 AM Syntax speed {10 | 100 | 1000 | 10000 | auto [10 | 100 | 1000 | 10000]} no speed Parameter Description Parameter Description 10 Configures the port to 10 Mbps operation. 100 Configures the port to 100 Mbps operation. 1000 Configures the port to 1000 Mbps operation. 10000 Configures the port to 10 Gbps operation. 40000 Configures the port to 40 Gbps operation.
PAGE 437
2CSPC4.XModular-SWUM204.book Page 437 Friday, March 15, 2013 9:24 AM support all speeds, even if they are available in the command. Entering an unsupported speed will produce the following error message An invalid interface has been used for this function. Fiber ports do not support auto-negotiation. Both ends of fiber connections must be set to full-duplex and the same speed. Example The following example configures the speed operation of Ethernet port 1/0/5 to advertise 100-Mbps operation only.
PAGE 438
2CSPC4.XModular-SWUM204.book Page 438 Friday, March 15, 2013 9:24 AM Example console(config-if-1/0/1)#storm-control broadcast level 5 storm-control multicast Use the storm-control multicast command in Interface Configuration mode to enable multicast storm recovery mode for an interface. If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
PAGE 439
2CSPC4.XModular-SWUM204.book Page 439 Friday, March 15, 2013 9:24 AM storm-control unicast Use the storm-control unicast command in Interface Configuration mode to enable unknown unicast storm control for an interface. If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
PAGE 440
2CSPC4.XModular-SWUM204.book Page 440 Friday, March 15, 2013 9:24 AM switchport protected Use the switchport protected command in Interface Configuration mode to configure a protected port. The groupid parameter identifies the set of protected ports to which this interface is assigned. You can only configure an interface as protected in one group. You are required to remove an interface from one group before adding it to another group. Port protection occurs within a single switch.
PAGE 441
2CSPC4.XModular-SWUM204.book Page 441 Friday, March 15, 2013 9:24 AM switchport protected name Use the switchport protected name command in Global Configuration mode to adds the port to the protected group 1 and also sets the group name to "protected". Syntax switchport protected groupid name name no switchport protected groupid name • groupid — Identifies which group the port is to be protected in. (Range: 0–2) • name — Name of the group.
PAGE 442
2CSPC4.XModular-SWUM204.book Page 442 Friday, March 15, 2013 9:24 AM show switchport protected Use the show switchport protected command in Privileged EXEC mode to display the status of all the interfaces, including protected and unprotected interfaces. Syntax show switchport protected groupid • groupid — Identifies which group the port is to be protected in. (Range: 0–2) Default Configuration This command has no default configuration.
PAGE 443
2CSPC4.XModular-SWUM204.book Page 443 Friday, March 15, 2013 9:24 AM Ethernet CFM Commands 16 Connectivity Fault Management (CFM) is the OAM Protocol provision for end-to-end service layer OAM in carrier Ethernet networks. CFM provides mechanisms to support the operator in performing connectivity checks, fault detection, fault verification and isolation, and fault notification per service in the network domain of interest. Unlike Ethernet OAM defined in IEEE 802.
PAGE 444
2CSPC4.XModular-SWUM204.book Page 444 Friday, March 15, 2013 9:24 AM ethernet cfm mep archive-hold-time show ethernet cfm statistics ethernet cfm mip level debug cfm ethernet cfm domain Use the ethernet cfm domain command in Global Configuration mode to enter into maintenance domain config mode for an existing domain. Use the optional level parameter to create a domain and enter into maintenance domain config mode.
PAGE 445
2CSPC4.XModular-SWUM204.book Page 445 Friday, March 15, 2013 9:24 AM User Guidelines Each domain must have a unique name and level, for example, one cannot create a domain qwerty at level 2 if domain qwerty already exists at level 1. Likewise, one cannot create a domain dvorak at level 2 if a domain of any name exists at level 2. Example In this example, a domain vin is created at level 1.
PAGE 446
2CSPC4.XModular-SWUM204.book Page 446 Friday, March 15, 2013 9:24 AM Command Mode Maintenance domain config mode User Guidelines This command has no user guidelines. Example console(config-cfm-mdomain)#service serv1 vlan 10 ethernet cfm cc level Use the ethernet cfm cc level command in Global Configuration mode to initiate sending continuity checks (CCMs) at the specified interval and level on a VLAN monitored by an existing domain. Use the no form of the command to cease send CCMs.
PAGE 447
2CSPC4.XModular-SWUM204.book Page 447 Friday, March 15, 2013 9:24 AM Default Configuration CCMs are not sent by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)#ethernet cfm cc level 1 vlan 15 interval 10 ethernet cfm mep level Use the ethernet cfm mep level command in Interface Configuration mode to create a Maintenance End Point (MEP) on an interface at the specified level and direction.
PAGE 448
2CSPC4.XModular-SWUM204.book Page 448 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration User Guidelines This command has no user guidelines. Example The following example creates a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep level 1 direction up mpid 1010 vlan 10 ethernet cfm mep enable Use the ethernet cfm mep enable command in Interface Configuration mode to enable a MEP at the specified level and direction.
PAGE 449
2CSPC4.XModular-SWUM204.book Page 449 Friday, March 15, 2013 9:24 AM User Guidelines The maintenance domain must exist for it to be enabled. Example The following example enables a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep enable level 1 vlan 10 mpid 1010 ethernet cfm mep active Use the ethernet cfm mep active command in Interface Configuration mode to activate a MEP at the specified level and direction.
PAGE 450
2CSPC4.XModular-SWUM204.book Page 450 Friday, March 15, 2013 9:24 AM ethernet cfm mep archive-hold-time Use the ethernet cfm mep archive-hold-time command in Interface Configuration mode to maintain internal information on a missing MEP. Use the no form of the command to return the interval to the default value. Syntax ethernet cfm mep archive-hold-time hold-time Parameter Description Parameter Description hold-time The time in seconds to maintain the data for a missing MEP before removing the data.
PAGE 451
2CSPC4.XModular-SWUM204.book Page 451 Friday, March 15, 2013 9:24 AM Syntax ethernet cfm mip level 0-7 Parameter Description Parameter Description level Maintenance association level Default Configuration No MIPs are preconfigured. Command Mode Interface Configuration User Guidelines This command has no user guidelines.
PAGE 452
2CSPC4.XModular-SWUM204.book Page 452 Friday, March 15, 2013 9:24 AM Parameter Description mac-addr The destination MAC address for which the connectivity needs to be verified. Either MEP ID or the MAC address option can be used. remote-mpid The MEP ID for which connectivity is to be verified; i.e. the destination MEP ID. domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). vlan-id A VLAN associated with the maintenance domain. Range: 14094.
PAGE 453
2CSPC4.XModular-SWUM204.book Page 453 Friday, March 15, 2013 9:24 AM Syntax traceroute ethernet cfm {mac mac-addr| remote-mpid 1-8191} {domain domain name | level 0-7} vlan vlan-id mpid 1-8191 [ttl 1-255] Parameter Description Parameter Description level Maintenance association level mac-addr The destination MAC address for which the route needs to be traced. Either MEP ID or the MAC address option can be used. remote-mpid The MEP ID for which connectivity needs to be verified; i.e.
PAGE 454
2CSPC4.XModular-SWUM204.book Page 454 Friday, March 15, 2013 9:24 AM show ethernet cfm errors Use the show ethernet cfm errors command in Privileged EXEC mode to display the cfm errors. Syntax show ethernet cfm errors {domain domain-id | level 0-7} Parameter Description Parameter Description domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). level Maintenance association level Default Configuration This command has no default configuration.
PAGE 455
2CSPC4.XModular-SWUM204.book Page 455 Friday, March 15, 2013 9:24 AM Syntax show ethernet cfm domain {brief |domain-id} Parameter Description Parameter Description domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 456
2CSPC4.XModular-SWUM204.book Page 456 Friday, March 15, 2013 9:24 AM Syntax show ethernet cfm maintenance-points local {level 0-7 | interface interfaceid | domain domain-name} Parameter Description Parameter Description domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). level Maintenance association level interface-id Show all MPs associated with the interface. Default Configuration This command has no default configuration.
PAGE 457
2CSPC4.XModular-SWUM204.book Page 457 Friday, March 15, 2013 9:24 AM show ethernet cfm maintenance-points remote Use the show ethernet cfm maintenance-points remote command in Privileged EXEC mode to display the configured remote maintenance points.
PAGE 458
2CSPC4.XModular-SWUM204.book Page 458 Friday, March 15, 2013 9:24 AM MEP Id RMEP Id Level MAC VLAN Expiry Timer(sec) Service Id ------ ------- ----- ----------------- ---- ----------------- ----------1 2 1 00:11:22:33:44:55 10 25 serv1 show ethernet cfm statistics Use the show ethernet cfm maintenance-points remote command in Privileged EXEC mode to display the CFM statistics.
PAGE 459
2CSPC4.XModular-SWUM204.
PAGE 460
2CSPC4.XModular-SWUM204.book Page 460 Friday, March 15, 2013 9:24 AM Syntax debug cfm {event | {pdu {all | ccm | ltm | lbm |} {tx | rx}}} Parameter Description Parameter Description event CFM events pdu CFM PDUs ccm Continuity check messages ltm Link trace messages lbm Loopback messages tx Transmit only rx Receive only all Everything Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines This command has no user guidelines.
PAGE 461
2CSPC4.XModular-SWUM204.
PAGE 462
2CSPC4.XModular-SWUM204.
PAGE 463
2CSPC4.XModular-SWUM204.book Page 463 Friday, March 15, 2013 9:24 AM 17 GVRP Commands GARP VLAN Registration Protocol (GVRP) is used to propagate VLAN membership information throughout the network. GVRP is based on the Generic Attribute Registration Protocol (GARP), which defines a method of propagating a defined attribute (that is, VLAN membership) throughout the network. GVRP allows both end stations and the networking device to issue and revoke declarations relating to membership in VLANs.
PAGE 464
2CSPC4.XModular-SWUM204.book Page 464 Friday, March 15, 2013 9:24 AM Syntax clear gvrp statistics [{gigabitethernet unit/slot/port | port-channel portchannel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example clears all the GVRP statistics information on port 1/0/8.
PAGE 465
2CSPC4.XModular-SWUM204.book Page 465 Friday, March 15, 2013 9:24 AM Default Configuration The default timer values are as follows: • Join timer — 20 centiseconds • Leave timer — 60 centiseconds • Leaveall timer — 1000 centiseconds Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines The following relationships for the various timer values must be maintained: • Leave time must be greater than or equal to three times the join time.
PAGE 466
2CSPC4.XModular-SWUM204.book Page 466 Friday, March 15, 2013 9:24 AM Default Configuration GVRP is globally disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example globally enables GVRP on the device. console(config)#gvrp enable gvrp enable (interface) Use the gvrp enable command in Interface Configuration mode to enable GVRP on an interface. To disable GVRP on an interface, use the no form of this command.
PAGE 467
2CSPC4.XModular-SWUM204.book Page 467 Friday, March 15, 2013 9:24 AM Membership in untagged VLAN would be propagated in a same way as a tagged VLAN. In such cases it is the administrator’s responsibility to set the PVID to be the untagged VLAN VID. Example The following example enables GVRP on gigabit ethernet 1/0/8.
PAGE 468
2CSPC4.XModular-SWUM204.book Page 468 Friday, March 15, 2013 9:24 AM console(config-if-1/0/8)#gvrp registration-forbid gvrp vlan-creation-forbid Use the gvrp vlan-creation-forbid command in Interface Configuration mode to disable dynamic VLAN creation. To enable dynamic VLAN creation, use the no form of this command. Syntax gvrp vlan-creation-forbid no gvrp vlan-creation-forbid Default Configuration By default, dynamic VLAN creation is enabled.
PAGE 469
2CSPC4.XModular-SWUM204.book Page 469 Friday, March 15, 2013 9:24 AM Syntax show gvrp configuration [{gigabitethernet unit/slot/port | port-channel portchannel-number | tengigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 470
2CSPC4.XModular-SWUM204.book Page 470 Friday, March 15, 2013 9:24 AM show gvrp error-statistics Use the show gvrp error-statistics command in User EXEC mode to display GVRP error statistics. Syntax show gvrp error-statistics [{gigabitethernet unit/slot/port| port-channel portchannel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration.
PAGE 471
2CSPC4.XModular-SWUM204.book Page 471 Friday, March 15, 2013 9:24 AM ---- ------- ------- ------- ------- -------- 1/0/1 0 0 0 0 0 1/0/2 0 0 0 0 0 1/0/3 0 0 0 0 0 1/0/4 0 0 0 0 0 show gvrp statistics Use the show gvrp statistics command in User EXEC mode to display GVRP statistics. Syntax show gvrp statistics [{gigabitethernet unit/slot/port| port-channel portchannel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration.
PAGE 472
2CSPC4.XModular-SWUM204.
PAGE 473
2CSPC4.XModular-SWUM204.book Page 473 Friday, March 15, 2013 9:24 AM IGMP Snooping Commands 18 Snooping of Internet Group Management Protocol (IGMP) messages is a feature that allows PowerConnect switches to forward multicast traffic intelligently on the switch. Multicast traffic is traffic that is destined to a host group. Host groups are identified by the destination MAC address, i.e.
PAGE 474
2CSPC4.XModular-SWUM204.book Page 474 Friday, March 15, 2013 9:24 AM and thus not detectable by the switch. If a query is not received on an interface within a specified length of time (multicast router present expiration time), that interface is removed from the list of interfaces with multicast routers attached. The multicast router present expiration time is configurable using management.
PAGE 475
2CSPC4.XModular-SWUM204.book Page 475 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description vlan-id Specifies a VLAN ID value. Default Configuration IGMP snooping is enabled globally and on all VLANs by default. Command Mode Global Configuration mode User Guidelines Use this command without parameters to globally enable IGMP snooping. Use the no form of the command to disable IGMP snooping. Use the vlan parameter to enable IGMP snooping on a specific VLAN.
PAGE 476
2CSPC4.XModular-SWUM204.book Page 476 Friday, March 15, 2013 9:24 AM show ip igmp snooping Use the show ip igmp snooping command in Privileged EXEC mode to display the IGMP snooping configuration. Syntax show ip igmp snooping [vlan vlan-id] Parameter Description Parameter Description vlan-id Specifies a VLAN ID value (available only in Privileged EXEC mode). Default Configuration This command has no default configuration.
PAGE 477
2CSPC4.XModular-SWUM204.book Page 477 Friday, March 15, 2013 9:24 AM Vlan 10: --------IGMP Snooping Admin Mode.................... Enabled Fast Leave Mode............................. Disabled Group Membership Interval................... 260 Last Member Query Interval.................. 10 Multicast Router Expiry Time................ 300 Report Suppression Mode..................... Enabled Vlan 20: --------IGMP Snooping Admin Mode.................... Enabled Fast Leave Mode.............................
PAGE 478
2CSPC4.XModular-SWUM204.book Page 478 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode User EXEC mode, Config mode and all Config sub-modes User Guidelines To see the full Multicast address table (including static addresses) use the show mac address-table command. Example The example shows Multicast groups learned by IGMP snooping for all VLANs. console>show ip igmp snooping groups Vlan IP Address ---- ----------- Ports ------- 1 224-239.
PAGE 479
2CSPC4.XModular-SWUM204.book Page 479 Friday, March 15, 2013 9:24 AM Syntax show ip igmp snooping mrouter Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example shows IGMP snooping mrouter information.
PAGE 480
2CSPC4.XModular-SWUM204.book Page 480 Friday, March 15, 2013 9:24 AM Syntax ip igmp snooping vlan vlan-id immediate-leave no ip igmp snooping vlan vlan-id immediate-leave • vlan id — Number assigned to the VLAN. Default Configuration IGMP snooping immediate-leave mode is disabled on VLANs by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables IGMP snooping immediate-leave mode on VLAN 2.
PAGE 481
2CSPC4.XModular-SWUM204.book Page 481 Friday, March 15, 2013 9:24 AM • time — IGMP group membership interval time in seconds. (Range: 2–3600) Default Configuration The default group membership interval time is 260 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures an IGMP snooping group membership interval of 1500 seconds on VLAN 2.
PAGE 482
2CSPC4.XModular-SWUM204.book Page 482 Friday, March 15, 2013 9:24 AM Default Configuration The default maximum response time is 10 seconds. Command Mode Global Configuration mode User Guidelines When using IGMP Snooping Querier, this parameter should be less than the value for the IGMP Snooping Querier query interval. Example The following example sets the maximum response time to 7 seconds on VLAN 2.
PAGE 483
2CSPC4.XModular-SWUM204.book Page 483 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines The mcrexpiretime should be less than the group membership interval. Example The following example sets the multicast router present expiration time on VLAN 2 to 60 seconds. console(config)#ip igmp snooping vlan 2 mcrtexpiretime 1500 ip igmp snooping report-suppression This command enables IBMP report suppression on a specific VLAN.
PAGE 484
2CSPC4.XModular-SWUM204.book Page 484 Friday, March 15, 2013 9:24 AM Example The following example sets the multicast router present expiration time on VLAN 2 to 60 seconds. console(config)#ip igmp snooping report suppression vlan 10 ip igmp snooping unregistered floodall This command enables flooding of unregistered multicast traffic to all ports in the VLAN. Use the no form of this command to only flood unregistered multicast traffic to router ports.
PAGE 485
2CSPC4.XModular-SWUM204.book Page 485 Friday, March 15, 2013 9:24 AM Syntax ip igmp snooping vlan vlan-id mrouter interface interface-id no ip igmp snooping vlan mrouter • vlan id — The number assigned to the VLAN. • interface-id—The next-hop interface to the multicast router. Default Configuration There are no multicast router ports configured by default. Command Mode Global Configuration mode.
PAGE 486
2CSPC4.XModular-SWUM204.
PAGE 487
2CSPC4.XModular-SWUM204.book Page 487 Friday, March 15, 2013 9:24 AM 19 IGMP Snooping Querier Commands The IGMP/MLD Snooping Querier is an extension to the IGMP/MLD Snooping feature. IGMP/MLD Snooping Querier allows the switch to simulate an IGMP/MLD router in a Layer 2-only network, thus removing the need to have an IGMP/MLD Router to collect and refresh the multicast group membership information. The querier function simulates a small subset of the IGMP/MLD router functionality.
PAGE 488
2CSPC4.XModular-SWUM204.book Page 488 Friday, March 15, 2013 9:24 AM source address when generating periodic queries. The no form of this command disables IGMP Snooping Querier on the system. Use the optional address parameter to set or reset the querier address. If a VLAN has IGMP Snooping Querier enabled, and IGMP Snooping is operationally disabled on the VLAN, IGMP Snooping Querier functionality is disabled on that VLAN.
PAGE 489
2CSPC4.XModular-SWUM204.book Page 489 Friday, March 15, 2013 9:24 AM Example The following example enables IGMP snooping querier in Global Configuration mode. console(config)#ip igmp snooping querier vlan 1 address 10.19.67.1 ip igmp snooping querier election participate This command enables the Snooping Querier to participate in the Querier Election process when it discovers the presence of another Querier in the VLAN.
PAGE 490
2CSPC4.XModular-SWUM204.book Page 490 Friday, March 15, 2013 9:24 AM console(config)#ip igmp snooping querier election participate ip igmp snooping querier query-interval This command sets the IGMP Querier Query Interval time, which is the amount of time in seconds that the switch waits before sending another periodic query. The no form of this command sets the IGMP Querier Query Interval time to its default value.
PAGE 491
2CSPC4.XModular-SWUM204.book Page 491 Friday, March 15, 2013 9:24 AM Syntax ip igmp snooping querier timer expiry seconds no ip igmp snooping querier timer expiry • seconds — The time in seconds that the switch remains in Non-Querier mode after it has discovered that there is a multicast querier in the network. The range is 60–300 seconds. Default Configuration The query interval default is 60 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
PAGE 492
2CSPC4.XModular-SWUM204.book Page 492 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the IGMP version of the querier to 1. console(config)#ip igmp snooping querier version 1 show ip igmp snooping querier This command displays IGMP Snooping Querier information. Configured information is displayed whether or not IGMP Snooping Querier is enabled.
PAGE 493
2CSPC4.XModular-SWUM204.book Page 493 Friday, March 15, 2013 9:24 AM Parameter Description Source IP Address Shows the IP address that is used in the IPv4 header when sending out IGMP queries. It can be configured using the appropriate command. Query Interval Shows the amount of time in seconds that a Snooping Querier waits before sending out the periodic general query. Querier Timeout Displays the amount of time to wait in the Non-Querier operational state before moving to a Querier state.
PAGE 494
2CSPC4.XModular-SWUM204.book Page 494 Friday, March 15, 2013 9:24 AM When the optional argument detail is used, the command shows the global information and the information for all Querier enabled VLANs. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged Exec modes User Guidelines This command has no user guidelines. Example The following example shows querier information for VLAN 2.
PAGE 495
2CSPC4.XModular-SWUM204.book Page 495 Friday, March 15, 2013 9:24 AM IP Addressing Commands 20 Interfaces on the PowerConnect switches support a variety of capabilities to support management of the switch. In addition to performing switching and routing of network traffic, PowerConnect switches act as a host for management of the switch.
PAGE 496
2CSPC4.XModular-SWUM204.book Page 496 Friday, March 15, 2013 9:24 AM clear host Use the clear host command in Privileged EXEC mode to delete entries from the host name-to-address cache. Syntax clear host {name | *} • name — Host name to be deleted from the host name-to-address cache. (Range: 1-255 characters) • * — Deletes all entries in the host name-to-address cache. Default Configuration This command has no default configuration.
PAGE 497
2CSPC4.XModular-SWUM204.book Page 497 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console# console#configure console(config)#clear ip address-conflict-detect interface out-of-band Use the interface out-of-band command to enter into OOB interface configuration mode.
PAGE 498
2CSPC4.XModular-SWUM204.book Page 498 Friday, March 15, 2013 9:24 AM console(config-if)# ip address (Out-of-Band) Use the ip address command in Interface Configuration mode to set an IP address for the out-of-band interface. Use the no form of this command to return the ip address configuration to its default value. Syntax ip address {ip-address {mask | prefix-length} | dhcp} no ip address Parameter Description Parameter Description ip-address Specifies a valid IP address.
PAGE 499
2CSPC4.XModular-SWUM204.book Page 499 Friday, March 15, 2013 9:24 AM In order to ensure the security of the switches from intruders, it is strongly recommended that the out-of-band interface be isolated on a physically separate network from the in-band ports. Example The following examples configure the out-of-band interface with an IP address 131.108.1.27 and subnet mask 255.255.255.0 and the same IP address with prefix length of 24 bits.
PAGE 500
2CSPC4.XModular-SWUM204.book Page 500 Friday, March 15, 2013 9:24 AM console#configure console(config)#ip address-conflict-detect run ip address dhcp (Interface Config) Use the ip address dhcp command in Interface (VLAN) Configuration mode to enable the DHCPv4 client on an interface. Syntax ip address dhcp no ip address dhcp Parameter Description This command does not require a parameter description. Default Configuration DHCPv4 is disabled by default on routing interfaces.
PAGE 501
2CSPC4.XModular-SWUM204.book Page 501 Friday, March 15, 2013 9:24 AM • The IPv4 address of a default gateway. If the device learns different default gateways on different interfaces, the system uses the first default gateway learned. The system installs a default route in the routing table, with the default gateway’s address as the next hop address. This default route has a preference of 254. • The IPv4 address of a DNS server. The DNS client stores each DNS server address in its server list.
PAGE 502
2CSPC4.XModular-SWUM204.book Page 502 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines When the system does not have a more specific route to a packet’s destination, it sends the packet to the default gateway. The system installs a default IPv4 route with the gateway address as the next hop address. The route preference is 253.
PAGE 503
2CSPC4.XModular-SWUM204.book Page 503 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example enables the IP Domain Naming System (DNS)-based host name-to-address translation. console(config)#ip domain-lookup ip domain-name Use the ip domain-name command in Global Configuration mode to define a default domain name used to complete unqualified host names. To delete the default domain name, use the no form of this command.
PAGE 504
2CSPC4.XModular-SWUM204.book Page 504 Friday, March 15, 2013 9:24 AM ip host Use the ip host command in Global Configuration mode to define static host name-to-address mapping in the host cache. To delete the name-to-address mapping, use the no form of this command. Syntax ip host name address no ip host name • name — Host name. • address — IP address of the host. Default Configuration No host is defined. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
PAGE 505
2CSPC4.XModular-SWUM204.book Page 505 Friday, March 15, 2013 9:24 AM • server-address — Valid IPv4 or IPv6 addresses of the name server. (Range: 1–255 characters) Default Configuration No name server IP addresses are specified. Command Mode Global Configuration mode User Guidelines Server preference is determined by entry order. Up to eight servers can be defined in one command or by using multiple commands. Use the show hosts command on page 508 to display the configured name servers.
PAGE 506
2CSPC4.XModular-SWUM204.book Page 506 Friday, March 15, 2013 9:24 AM • autoconfig—Use this keyword to set the IPv6 address auto configuration mode. • dhcp—Use this keyword to obtain an IPv6 address via DHCP. Default Configuration There is no IPv6 address configured by default. Command Mode Interface Configuration mode (VLAN, loopback, port-channel) User Guidelines When setting the prefix length on an IPv6 address, no space can be present between the address and the mask.
PAGE 507
2CSPC4.XModular-SWUM204.book Page 507 Friday, March 15, 2013 9:24 AM console(config)#no ipv6 address ipv6 address dhcp Use the ipv6 address dhcp command in Interface (VLAN) Configuration mode to enable the DHCPv6 client on an IPv6 interface. Syntax ipv6 address dhcp no ipv6 address dhcp Parameter Description This command does not require a parameter description. Default Configuration DHCPv6 is disabled by default on routing interfaces.
PAGE 508
2CSPC4.XModular-SWUM204.book Page 508 Friday, March 15, 2013 9:24 AM console(config)#interface vlan2 console(config-if-vlan2)#ipv6 address dhcp ipv6 enable (Interface Config) Use the ipv6 enable command in Interface Config mode to enable IPv6 on a routing interface. Use the no form of this command to reset the IPv6 configuration to the defaults. Syntax ipv6 enable no ipv6 enable Default Configuration IPv6 is not enabled by default.
PAGE 509
2CSPC4.XModular-SWUM204.book Page 509 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode User EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays information about IP hosts. console>show hosts Host name: Default domain: gm.com, sales.gm.com, usa.sales.gm.com Name/address lookup is enabled Name servers (Preference order): 176.16.1.18 176.16.1.
PAGE 510
2CSPC4.XModular-SWUM204.book Page 510 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. The command provides the following information. Term Description Address Conflict Detection Status Whether the switch has detected an address conflict on any IP address.
PAGE 511
2CSPC4.XModular-SWUM204.book Page 511 Friday, March 15, 2013 9:24 AM Address Conflict Detection Status..No Conflict Detected show ip helper-address Use the show ip helper-address command in Privileged EXEC mode to display IP helper addresses configuration. Syntax show ip helper-address [intf-address] • intf-address — IP address of a routing interface. (Range: Any valid IP address) Default Configuration This command has no default configuration.
PAGE 512
2CSPC4.XModular-SWUM204.book Page 512 Friday, March 15, 2013 9:24 AM show ipv6 dhcp interface out-of-band statistics Use the show ipv6 dhcp interface out-of-band statistics command in Privileged EXEC mode to display IPv6 DHCP statistics for the out-of-band interface. Syntax show ipv6 dhcp interface out-of-band statistics Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 513
2CSPC4.XModular-SWUM204.book Page 513 Friday, March 15, 2013 9:24 AM DHCPv6 Request Packets Transmitted............. 0 DHCPv6 Renew Packets Transmitted............... 0 DHCPv6 Rebind Packets Transmitted.............. 0 DHCPv6 Release Packets Transmitted............. 0 Total DHCPv6 Packets Transmitted............... 8 show ipv6 interface out-of-band Use the show ipv6 interface out-of-band command in Privileged EXEC mode to show the IPv6 out-of-band port configuration.
PAGE 514
2CSPC4.XModular-SWUM204.book Page 514 Friday, March 15, 2013 9:24 AM ::/128 IPv6 Default Router.............FE80::A912:FEC2:A145:FEAD Configured IPv6 Protocol........None IPv6 AutoConfig Mode............Enabled Burned In MAC Address...........001E.C9AA.
PAGE 515
2CSPC4.XModular-SWUM204.book Page 515 Friday, March 15, 2013 9:24 AM IPv6 Access List Commands 21 Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
PAGE 516
2CSPC4.XModular-SWUM204.book Page 516 Friday, March 15, 2013 9:24 AM deny | permit (IPv6 ACL) This command creates a new rule for the current IPv6 access list. Each rule is appended to the list of configured rules for the list. A rule may either deny or permit traffic according to the specified classification fields. At a minimum, either the every keyword or the protocol, source address, and destination address values must be specified.
PAGE 517
2CSPC4.XModular-SWUM204.book Page 517 Friday, March 15, 2013 9:24 AM Parameter Description every Allows all protocols. icmpv6 | ipv6 | tcp Protocol to match, specified as keywords icmp, igmp, ipv6, tcp, | udp | udp or as a standard protocol number from 1–255. protocolnumber any | sourceipv6 prefix/ any matches any source IP address. Or, you can specify a source IPv6 addressed expressed as a prefix/prefixlength. eq {portnumber | portkey} eq matches a port number being used as a match criteria.
PAGE 518
2CSPC4.XModular-SWUM204.book Page 518 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode IPv6-Access-List Configuration mode User Guidelines Users are permitted to add rules, but if a packet does not match any userspecified rules, the packet is dropped by the implicit “deny all” rule. The 'no' form of this command is not supported, since the rules within an IPv6 ACL cannot be deleted individually.
PAGE 519
2CSPC4.XModular-SWUM204.book Page 519 Friday, March 15, 2013 9:24 AM no ipv6 access-list name • name — Alphanumeric string of 1 to 31 characters uniquely identifying the IPv6 access list. Default Configuration There is no default configuration for this command.
PAGE 520
2CSPC4.XModular-SWUM204.book Page 520 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(Config)#ipv6 access-list rename DELL_IP6 DELL_IP6_NEW_NAME ipv6 traffic-filter The ipv6 traffic-filter command either attaches a specific IPv6 Access Control List (ACL) to an interface or associates it with a VLAN ID in a given direction.
PAGE 521
2CSPC4.XModular-SWUM204.book Page 521 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Modes Global Configuration mode Interface Configuration (Ethernet, Port-channel, VLAN) mode User Guidelines This command specified in 'Interface Config' mode only affects a single interface, whereas the 'Global Config' mode setting is applied to all interfaces. Example The following example attaches an IPv6 access control list to an interface.
PAGE 522
2CSPC4.XModular-SWUM204.book Page 522 Friday, March 15, 2013 9:24 AM Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command. Example The following example displays configuration information for the IPv6 ACLs.
PAGE 523
2CSPC4.XModular-SWUM204.book Page 523 Friday, March 15, 2013 9:24 AM Rule Number The ordered rule number identifier defined within the IPv6 ACL. Action Displays the action associated with each rule. The possible values are Permit or Deny. Match All Indicates whether this access list applies to every packet. Possible values are True or False. Protocol This displays the protocol to filter for this rule. Source IP Address This displays the source IP address for this rule.
PAGE 524
2CSPC4.XModular-SWUM204.
PAGE 525
2CSPC4.XModular-SWUM204.book Page 525 Friday, March 15, 2013 9:24 AM 22 IPv6 MLD Snooping Commands In IPv6, Multicast Listener Discover (MLD) snooping performs functions similar to IGMP snooping in IPv4. With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN. This list is constructed by snooping IPv6 multicast control packets.
PAGE 526
2CSPC4.XModular-SWUM204.book Page 526 Friday, March 15, 2013 9:24 AM ipv6 mld snooping vlan groupmembershipinterval The ipv6 mld snooping vlan groupmembership-interval command sets the MLD Group Membership Interval time on a VLAN or interface. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry. This value must be greater than the MLDv2 Maximum Response time value.
PAGE 527
2CSPC4.XModular-SWUM204.book Page 527 Friday, March 15, 2013 9:24 AM You should enable immediate-leave admin mode only on VLANs where only one host is connected to each layer 2 LAN port. This prevents the inadvertent dropping of the other hosts that were connected to the same layer 2 LAN port, but were still interested in receiving multicast traffic directed to that group. Also, immediate-leave processing is supported only with MLD version 1 hosts.
PAGE 528
2CSPC4.XModular-SWUM204.book Page 528 Friday, March 15, 2013 9:24 AM Default Configuration Listener message suppression is enabled by default. Command Mode Global Configuration mode. User Guidelines MLD listener message suppression is equivalent to IGMP report suppression. When MLD listener message suppression is enabled, the switch only sends the first report received for a group in response to a query. Listener message suppression is only applicable to MLDv1.
PAGE 529
2CSPC4.XModular-SWUM204.book Page 529 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example console(config)#ipv6 mld snooping vlan 2 lastlistener-query-interval 7 ipv6 mld snooping vlan mcrtexpiretime The ipv6 mld snooping mcrtexpiretime command sets the Multicast Router Present Expiration time. The time is set for a particular interface or VLAN.
PAGE 530
2CSPC4.XModular-SWUM204.book Page 530 Friday, March 15, 2013 9:24 AM ipv6 mld snooping vlan mrouter This command statically configures a port as connected to a multicast router for a specified VLAN. The no form of this command removes the static binding. Syntax ipv6 mld snooping vlan vlan-id mrouter interface interface no ipv6 mld snooping vlan vlan-id mrouter interface interface • vlan-id — Specifies a valid VLAN ID. • interface-id— The next-hop interface to the Multicast router.
PAGE 531
2CSPC4.XModular-SWUM204.book Page 531 Friday, March 15, 2013 9:24 AM Default Configuration MLD Snooping is enabled globally and on all VLANs by default. Command Mode Global Configuration mode. User Guidelines Use this command without parameters to globally enable MLD Snooping. Use the no form of the command to disable MLD Snooping. Use the vlan parameter to enable MLD Snooping on a specific VLAN.
PAGE 532
2CSPC4.XModular-SWUM204.book Page 532 Friday, March 15, 2013 9:24 AM Syntax show ipv6 mld snooping [interface {{gigabitethernet unit/slot/port| portchannel port-channel-number | tengigabitethernet unit/slot/port }} | vlan vlan-id}] Default Configuration This command has no default configuration Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 533
2CSPC4.XModular-SWUM204.book Page 533 Friday, March 15, 2013 9:24 AM • Last Listener Query Interval—Displays the amount of time the switch waits after it sends a query on an interface, participating in the VLAN, because it did not receive a report for a particular group on that interface. This value may be configured.
PAGE 534
2CSPC4.XModular-SWUM204.book Page 534 Friday, March 15, 2013 9:24 AM Vlan Ipv6 Address Type Ports ---- ----------------------- ------- --------------------------- 1 3333.0000.0003 Dynamic 1/0/1,1/0/3 2 3333.0000.0004 Dynamic 1/0/1,1/0/3 2 3333.0000.
PAGE 535
2CSPC4.XModular-SWUM204.book Page 535 Friday, March 15, 2013 9:24 AM Syntax show ipv6 mld snooping mrouter Default configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 536
2CSPC4.XModular-SWUM204.
PAGE 537
2CSPC4.XModular-SWUM204.book Page 537 Friday, March 15, 2013 9:24 AM IPv6 MLD Snooping Querier Commands 23 IGMP/MLD Snooping Querier is an extension of the IGMP/MLD Snooping feature. IGMP/MLD Snooping Querier allows the switch to simulate an IGMP/MLD router in a Layer 2-only network, thus removing the need to have an IGMP/MLD Router to collect the multicast group membership information. The querier function simulates a small subset of the IGMP/MLD router functionality.
PAGE 538
2CSPC4.XModular-SWUM204.book Page 538 Friday, March 15, 2013 9:24 AM ipv6 mld snooping querier Use the ipv6 mld snooping querier command to enable MLD Snooping Querier on the system. Use the no form of this command to disable MLD Snooping Querier. Syntax ipv6 mld snooping querier no ipv6 mld snooping querier Default Configuration MLD Snooping Querier is disabled by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
PAGE 539
2CSPC4.XModular-SWUM204.book Page 539 Friday, March 15, 2013 9:24 AM Command Mode VLAN Database mode User Guidelines There are no user guidelines for this command. Example console(config-vlan)#ipv6 mld snooping querier 10 ipv6 mld snooping querier address Use the ipv6 mld snooping querier address command to set the global MLD Snooping Querier address. Use the no form of this command to reset the global MLD Snooping Querier address to the default.
PAGE 540
2CSPC4.XModular-SWUM204.book Page 540 Friday, March 15, 2013 9:24 AM ipv6 mld snooping querier election participate Use the ipv6 mld snooping querier election participate command to enable the Snooping Querier to participate in the Querier Election process when it discovers the presence of another Querier in the VLAN. When this mode is enabled, if the Snooping Querier finds that the other Querier's source address is numerically lower than the Snooping Querier's address, it stops sending periodic queries.
PAGE 541
2CSPC4.XModular-SWUM204.book Page 541 Friday, March 15, 2013 9:24 AM ipv6 mld snooping querier query-interval Use the ipv6 mld snooping querier query-interval command to set the MLD Querier Query Interval time. It is the amount of time in seconds that the switch waits before sending another general query. Use the "no" form of this command to reset the Query Interval to the default.
PAGE 542
2CSPC4.XModular-SWUM204.book Page 542 Friday, March 15, 2013 9:24 AM ipv6 mld snooping querier timer expiry • timer — The time that the switch remains in Non-Querier mode after it has discovered that there is a multicast querier in the network. (Range: 60–300 seconds) Default Configuration The default timer expiration period is 60 seconds. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
PAGE 543
2CSPC4.XModular-SWUM204.book Page 543 Friday, March 15, 2013 9:24 AM User Guidelines When the optional argument vlan vlan-id is not used, the command shows the following information: Parameter Description MLD Snooping Querier Mode Indicates whether or not MLD Snooping Querier is active on the switch. Querier Address Shows the IP Address which will be used in the IPv6 header while sending out MLD queries. MLD Version Indicates the version of MLD that will be used while sending out the queries.
PAGE 544
2CSPC4.XModular-SWUM204.book Page 544 Friday, March 15, 2013 9:24 AM Operational Version Indicates the version of MLD that will be used while sending out the queries. This is defaulted to MLD v1 and it can not be changed. When the optional argument detail is used, the command shows the global information and the information for all Querier enabled VLANs as well as the following information: Last Querier Address Indicates the IP address of the most recent Querier from which a Query was received.
PAGE 545
2CSPC4.XModular-SWUM204.book Page 545 Friday, March 15, 2013 9:24 AM IP Source Guard Commands 24 IP Source Guard (IPSG) is a security feature that filters IP packets based on source ID. The source ID may either be source IP address or a {source IP address, source MAC address} pair. The network administrator configures whether enforcement includes the source MAC address. The network administrator can configure static authorized source IDs.
PAGE 546
2CSPC4.XModular-SWUM204.book Page 546 Friday, March 15, 2013 9:24 AM Syntax ip verify source Default Configuration By default, IPSG is disabled on all interfaces. Command Mode Interface Configuration mode User Guidelines This command has no user guidelines.
PAGE 547
2CSPC4.XModular-SWUM204.book Page 547 Friday, March 15, 2013 9:24 AM ip verify binding Use the ip verify binding command in Global Configuration mode to configure static bindings. Use the no form of the command to remove the IPSG entry. Syntax ip verify binding macaddr vlan ipaddr interface Default Configuration By default, there will not be any static bindings configured. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
PAGE 548
2CSPC4.XModular-SWUM204.book Page 548 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example console#show ip verify interface gigabitethernet 1/0/1 show ip verify source interface Use the show ip verify source interface command in Privileged EXEC mode to display the bindings configured on a particular interface. Syntax show ip verify source interface Default Configuration There is no default configuration for this command.
PAGE 549
2CSPC4.XModular-SWUM204.book Page 549 Friday, March 15, 2013 9:24 AM Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 550
2CSPC4.XModular-SWUM204.
PAGE 551
2CSPC4.XModular-SWUM204.book Page 551 Friday, March 15, 2013 9:24 AM 25 iSCSI Optimization Commands iSCSI Optimization provides a means of performing configuration specific to storage traffic and optionally giving traffic between iSCSI initiator and target systems special Quality of Service (QoS) treatment. iSCSI Optimization is best applied to mixed-traffic networks where iSCSI packets constitutes a portion of overall traffic.
PAGE 552
2CSPC4.XModular-SWUM204.book Page 552 Friday, March 15, 2013 9:24 AM iSCSI Optimization borrows ACL lists from the global system pool. ACL lists allocated by iSCSI Optimization reduce the total number of ACLs available for use by the network operator. Enabling iSCSI Optimization uses one ACL list to monitor for iSCSI sessions. Each monitored iSCSI session utilizes two rules from additional ACL lists up to a maximum of two ACL lists.
PAGE 553
2CSPC4.XModular-SWUM204.book Page 553 Friday, March 15, 2013 9:24 AM • When aging time is increased, current sessions will be timed out according to the new value. • When aging time is decreased, any sessions that have been dormant for a time exceeding the new setting will be immediately deleted from the table. All other sessions will continue to be monitored against the new time out value. Example The following example sets the aging time for iSCSI sessions to 100 minutes.
PAGE 554
2CSPC4.XModular-SWUM204.book Page 554 Friday, March 15, 2013 9:24 AM Default Configuration By default, frames are not remarked. The default vpt setting for iSCSI is 4, which the default class of service dot1p mapping assigns to queue 2. Command Mode Global Configuration mode. User Guidelines The remark option only applies to DSCP values. Remarking is not available for vpt values. In general, the use of iSCSI CoS is not required.
PAGE 555
2CSPC4.XModular-SWUM204.book Page 555 Friday, March 15, 2013 9:24 AM console(config)#iscsi cos dscp 10 remark iscsi enable The iscsi enable command globally enables iSCSI optimization. To disable iSCSI optimization, use the no form of this command. Syntax iscsi enable no iscsi enable Default Configuration iSCSI is enabled by default. Command Mode Global Configuration mode User Guidelines This command modifies the running config to enable flow control on all interfaces.
PAGE 556
2CSPC4.XModular-SWUM204.book Page 556 Friday, March 15, 2013 9:24 AM AE Priority = priority configured for iSCSI PFC (the VPT value above). This TLV is sent in addition to any Application Priority TLV information received from the configuration source. If the configuration source is sending iSCSI or FCoE application priority information, it is not necessary to enable iscsi cos to send the iSCSI Application Priority TLV. Example In the following example, iSCSI is globally enabled.
PAGE 557
2CSPC4.XModular-SWUM204.book Page 557 Friday, March 15, 2013 9:24 AM Parameter Description targetname iSCSI name of the iSCSI target. The name can be statically configured; however, it can be obtained from iSNS or from sendTargets response. The initiator MUST present both its iSCSI Initiator Name and the iSCSI Target Name to which it wishes to connect in the first login request of a new session or connection.
PAGE 558
2CSPC4.XModular-SWUM204.book Page 558 Friday, March 15, 2013 9:24 AM Example The following example configures TCP Port 49154 to target IP address 172.16.1.20. console(config)#iscsi target port 49154 address 172.16.1.20 show iscsi Use the show iscsi command in Privileged EXEC mode to display the iSCSI configuration. Syntax show iscsi Default Configuration There is no default configuration for this command.
PAGE 559
2CSPC4.XModular-SWUM204.book Page 559 Friday, March 15, 2013 9:24 AM -----------------------------------------------iSCSI Static Rule Table -----------------------------------------------Index TCP Port IP Address IP Address Mask TCP Port Target IP AddressName show iscsi sessions Use the show iscsi sessions command in Privileged EXEC mode to display the iSCSI status. Syntax show iscsi sessions [detailed] • detailed — Displayed list has additional data when this option is used.
PAGE 560
2CSPC4.XModular-SWUM204.book Page 560 Friday, March 15, 2013 9:24 AM Target: iqn.103-1.com.storage-vendor:sn.43338. storage.tape:sys1.xyz Session 3: Initiator: iqn.1992-04.com.os-vendor.plan9:cdrom.12 Session 4: Initiator: iqn.1995-05.com.os-vendor.plan9:cdrom.10 Console# show iscsi sessions detailed Target: iqn.1993-11.com.disk-vendor:diskarrays.sn.45678 ----------------------------------------------------Session 1: Initiator: iqn.1992-04.com.os vendor.plan9:cdrom.12.storage:sys1.
PAGE 561
2CSPC4.XModular-SWUM204.book Page 561 Friday, March 15, 2013 9:24 AM Initiator Initiator Target Target IP address TCP port IP address IP port 172.16.1.30 49200 172.16.1.20 30001 172.16.1.30 49201 172.16.1.
PAGE 562
2CSPC4.XModular-SWUM204.
PAGE 563
2CSPC4.XModular-SWUM204.book Page 563 Friday, March 15, 2013 9:24 AM Link Dependency Commands 26 Link dependency allows the link status of a group of interfaces to be made dependent on the link status of other interfaces. The effect is that the link status of a group that depends on another interface either mirrors or inverts the link status of the depended-on interface.
PAGE 564
2CSPC4.XModular-SWUM204.book Page 564 Friday, March 15, 2013 9:24 AM Default Configuration The default configuration for a group is down, i.e. the group members will mirror the depended-on link status by going down when all depended-on interfaces are down. Command Mode Link Dependency mode User Guidelines The action up command will cause the group members to be up when no depended-on interfaces are up.
PAGE 565
2CSPC4.XModular-SWUM204.book Page 565 Friday, March 15, 2013 9:24 AM Example console(config)#link-dependency group 1 console(config-linkDep-group-1)# add gigabitethernet Use this command to add member gigabit Ethernet port(s) to the dependency list. Syntax add gigabitethernet intf-list • intf-list — List of Ethernet interfaces in unit/slot/port format. Separate nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports.
PAGE 566
2CSPC4.XModular-SWUM204.book Page 566 Friday, March 15, 2013 9:24 AM • intf-list — List of Ethernet interfaces in unit/slot/port format. Separate nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports. (Range: Valid Ethernet interface list or range) Default Configuration This command has no default configuration.
PAGE 567
2CSPC4.XModular-SWUM204.book Page 567 Friday, March 15, 2013 9:24 AM Command Mode Link Dependency mode User Guidelines No specific guidelines Example console(config-depend-1)#add port-channel 10-12 depends-on Use this command to add the dependent Ethernet ports or port channels list. Use the no depends-on command to remove the dependent Ethernet ports or port-channels list.
PAGE 568
2CSPC4.XModular-SWUM204.book Page 568 Friday, March 15, 2013 9:24 AM Examples console(config-linkDep-group-1)#depends-on gigabitethernet 1/0/10 console(config-linkDep-group-1)#depends-on port-channel 6 show link-dependency Use the show link-dependency command to show the link dependencies configured for a particular group. If no group is specified, then all the configured link-dependency groups are displayed.
PAGE 569
2CSPC4.XModular-SWUM204.book Page 569 Friday, March 15, 2013 9:24 AM 1 Gi4/0/2-3,Gi4/0/5 Gi4/0/10-12 Link Up Up/Down The following command shows link dependencies for group 1 only. console#show link-dependency group 1 GroupId Member Ports Ports Depended On Link Action Group State ------- ----------------------------------------------------1 Gi4/0/2-3,Gi4/0/5 Gi4/0/10-12 Link Up Up/Down The following command shows detailed information for group 1.
PAGE 570
2CSPC4.XModular-SWUM204.
PAGE 571
2CSPC4.XModular-SWUM204.book Page 571 Friday, March 15, 2013 9:24 AM LLDP Commands 27 The IEEE 802.1AB standard defines the Link Layer Discovery Protocol (LLDP). This protocol allows stations residing on an 802 LAN to advertise major capabilities, physical descriptions, and management information to physically adjacent devices, allowing a network management system (NMS) to access and display this information.
PAGE 572
2CSPC4.XModular-SWUM204.book Page 572 Friday, March 15, 2013 9:24 AM The receive function accepts incoming LLDPDU frames and stores information about the remote stations. Both local and remote data may be displayed by the user interface and retrieved using SNMP as defined in the LLDP MIB definitions. The component maintains one remote entry per physical network connection.
PAGE 573
2CSPC4.XModular-SWUM204.book Page 573 Friday, March 15, 2013 9:24 AM Default Configuration By default, data is removed only on system reset. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays how to clear the LLDP remote data. console#clear lldp remote-data clear lldp statistics Use the clear lldp statistics command in Privileged EXEC mode to reset all LLDP statistics.
PAGE 574
2CSPC4.XModular-SWUM204.book Page 574 Friday, March 15, 2013 9:24 AM dcb enable This command enables the sending of DCBX information in LLDP frames. Syntax Description dcb enable no dcb enable Command Mode Global Config mode Default Value The sending of DCBX information in enabled by default. Usage Guidelines Use this command to disable the sending of DCBX information when it is desirable to utilize legacy QoS and disable the automatic configuration of CNAs based on transmitted DCBX information.
PAGE 575
2CSPC4.XModular-SWUM204.book Page 575 Friday, March 15, 2013 9:24 AM Command Mode Interface (Ethernet) Configuration Default Value LLDP-MED is disabled on all supported interfaces. Usage Guidelines No specific guidelines. Example console(config)#interface gigabitethernet 1/0/1 console(config-if-1/0/1)#lldp med lldp med confignotification This command is used to enable sending the topology change notification.
PAGE 576
2CSPC4.XModular-SWUM204.book Page 576 Friday, March 15, 2013 9:24 AM Example console(config)#lldp med confignotification lldp med faststartrepeatcount This command is used to set the value of the fast start repeat count. Syntax Description lldp med faststartrepeatcount count no lldp med faststartrepeatcount • count — Number of LLDPPDUs that are transmitted when the protocol is enabled. (Range 1–10) Command Mode Global Configuration Default Value 3 Usage Guidelines No specific guidelines.
PAGE 577
2CSPC4.XModular-SWUM204.book Page 577 Friday, March 15, 2013 9:24 AM Syntax Description lldp med transmit-tlv [capabilities] [network-policy] [ex-pse] [ex-pd] [location] [inventory] no med lldp transmit-tlv [capabilities] [network-policy] [ex-pse] [ex-pd] [location] [inventory] Parameter Description Parameter Ranges Not applicable. Command accepts keywords only. Command Mode Interface (Ethernet) Configuration Default Value By default, the capabilities and network policy TLVs are included.
PAGE 578
2CSPC4.XModular-SWUM204.book Page 578 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example displays how to enable remote data change notifications. console(config-if-1/0/3)#lldp notification lldp notification-interval Use the lldp notification-interval command in Global Configuration mode to limit how frequently remote data change notifications are sent.
PAGE 579
2CSPC4.XModular-SWUM204.book Page 579 Friday, March 15, 2013 9:24 AM Example The following example displays how to set the interval value to 10 seconds. console(config)#lldp notification-interval 10 lldp receive Use the lldp receive command in Interface Configuration mode to enable the LLDP receive capability. To disable reception of LLDPDUs, use the no form of this command. Syntax lldp receive no lldp receive Default Configuration The default lldp receive mode is enabled.
PAGE 580
2CSPC4.XModular-SWUM204.book Page 580 Friday, March 15, 2013 9:24 AM Syntax lldp timers [interval transmit-interval] [hold hold-multiplier] [reinit reinitdelay] no lldp timers [interval] [hold] [reinit] • transmit-interval — The interval in seconds at which to transmit local data LLDPDUs. (Range: 5–32768 seconds) • hold-multiplier — Multiplier on the transmit interval used to set the TTL in local data LLDPDUs. (Range: 2–10) • reinit-delay — The delay in seconds before re-initialization.
PAGE 581
2CSPC4.XModular-SWUM204.book Page 581 Friday, March 15, 2013 9:24 AM lldp transmit Use the lldp transmit command in Interface Configuration mode to enable the LLDP advertise (transmit) capability. To disable local data transmission, use the no form of this command. Syntax lldp transmit no lldp transmit Default Configuration LLDP is enabled on all supported interfaces. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines.
PAGE 582
2CSPC4.XModular-SWUM204.book Page 582 Friday, March 15, 2013 9:24 AM Default Configuration By default, management address information is not included. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example displays how to include management information in the LLDPDU.
PAGE 583
2CSPC4.XModular-SWUM204.book Page 583 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example shows how to include the system description TLV in local data transmit. console(config-if-1/0/3)#lldp transmit-tlv sys-desc show lldp Use the show lldp command in Privileged EXEC mode to display the current LLDP configuration summary. Syntax show lldp Default Configuration This command has no default configuration.
PAGE 584
2CSPC4.XModular-SWUM204.book Page 584 Friday, March 15, 2013 9:24 AM console#show lldp LLDP transmit and receive disabled on all interfaces show lldp interface Use the show lldp interface command in Privileged EXEC mode to display the current LLDP interface state. Syntax show lldp interface {gigabitethernet unit/slot/port | tengigabitethernet | all} Default Configuration This command has no default configuration.
PAGE 585
2CSPC4.XModular-SWUM204.book Page 585 Friday, March 15, 2013 9:24 AM console# show lldp interface 1/0/1 Interface Link Transmit Receive Notify TLVs Mgmt --------- ---- -------- -------- -------- ------- ---1/0/1 Up Enabled Enabled Enabled 0,1,2,3 Y TLV Codes: 0 – Port Description, 1 – System Name, 2 – System Description, 3 – System Capability show lldp local-device Use the show lldp local-device command in Privileged EXEC mode to display the advertised LLDP local data.
PAGE 586
2CSPC4.XModular-SWUM204.
PAGE 587
2CSPC4.XModular-SWUM204.book Page 587 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC, Config mode and all Config sub-modes Default Value Not applicable Usage Guidelines No specific guidelines. Example console(config)#show lldp med LLDP MED Global Configuration Fast Start Repeat Count: 3 Device Class: Network Connectivity show lldp med interface This command displays a summary of the current LLDP MED configuration for a specific interface.
PAGE 588
2CSPC4.XModular-SWUM204.
PAGE 589
2CSPC4.XModular-SWUM204.
PAGE 590
2CSPC4.XModular-SWUM204.book Page 590 Friday, March 15, 2013 9:24 AM Inventory Hardware Rev: xxx xxx xxx Firmware Rev: xxx xxx xxx Software Rev: xxx xxx xxx Serial Num: xxx xxx xxx Mfg Name: xxx xxx xxx Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 watts Source: primary Priority: critical Extended POE PD Required: 0.
PAGE 591
2CSPC4.XModular-SWUM204.book Page 591 Friday, March 15, 2013 9:24 AM show lldp med remote-device This command displays the current LLDP MED remote data. This command can display summary information or detail for each interface. Syntax Description show lldp med remote-device {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | all} show lldp med remote-device detail {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port} • all — Indicates all valid LLDP interfaces.
PAGE 592
2CSPC4.XModular-SWUM204.
PAGE 593
2CSPC4.XModular-SWUM204.book Page 593 Friday, March 15, 2013 9:24 AM Priority: 1 DSCP: 2 Unknown: False Tagged: True Inventory Hardware Rev: xxx xxx xxx Firmware Rev: xxx xxx xxx Software Rev: xxx xxx xxx Serial Num: xxx xxx xxx Mfg Name: xxx xxx xxx Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.
PAGE 594
2CSPC4.XModular-SWUM204.book Page 594 Friday, March 15, 2013 9:24 AM Extended POE PD Required: 0.2 Watts Source: local Priority: low show lldp remote-device Use the lldp remote-device command in Privileged EXEC mode to display the current LLDP remote data. This command can display summary information or detail for each interface. Syntax show lldp remote-device {detail interface | interface | all} • detail — Includes detailed version of remote data.
PAGE 595
2CSPC4.XModular-SWUM204.
PAGE 596
2CSPC4.XModular-SWUM204.book Page 596 Friday, March 15, 2013 9:24 AM Examples The following examples shows an example of the display of current LLDP traffic statistics. console#show lldp statistics all LLDP Device Statistics Last Update.................................. 0 days 22:58:29 Total Inserts................................ 1 Total Deletes................................ 0 Total Drops.................................. 0 Total Ageouts................................
PAGE 597
2CSPC4.XModular-SWUM204.book Page 597 Friday, March 15, 2013 9:24 AM Fields Description Receive Total Total number of valid LLDP frames received on the indicated port. Discards Number of LLDP frames received on the indicated port and discarded for any reason. Errors Number of non-valid LLDP frames received on the indicated port. Ageouts Number of times a remote data entry on the indicated port has been deleted due to TTL expiration.
PAGE 598
2CSPC4.XModular-SWUM204.
PAGE 599
2CSPC4.XModular-SWUM204.book Page 599 Friday, March 15, 2013 9:24 AM Multicast VLAN Registration Commands 28 Multicast VLAN registration (MVR) is a method for consolidating multicast traffic from multiple VLANs onto a single VLAN. A typical usage scenario would be the distribution of a multicast group to a switch using a single VLAN where the switch has users in different VLANs subscribing to the multicast group.
PAGE 600
2CSPC4.XModular-SWUM204.book Page 600 Friday, March 15, 2013 9:24 AM Commands in this Chapter This chapter explains the following commands: mvr mvr type mvr group mvr vlan group mvr mode show mvr mvr querytime show mvr members mvr vlan show mvr interface mvr immediate show mvr traffic mvr Use the mvr command in Global Config and Interface Config modes to enable MVR. Use the no form of this command to disable MVR.
PAGE 601
2CSPC4.XModular-SWUM204.book Page 601 Friday, March 15, 2013 9:24 AM mvr group Use the mvr group command in Global Config mode to add an MVR membership group. Use the no form of the command to remove an MVR membership group. Syntax mvr group A.B.C.D [count] no mvr group A.B.C.D [count] Parameter Description Parameter Description A.B.C.D Specify a multicast group. count Specifies the number of multicast groups to configure. Groups are configured contiguously by incrementing the first group specified.
PAGE 602
2CSPC4.XModular-SWUM204.book Page 602 Friday, March 15, 2013 9:24 AM console(config)#mvr group 239.0.1.0 100 console(config)#mvr vlan 10 mvr mode Use the mvr mode command in Global Config mode to change the MVR mode type. Use the no form of the command to set the mode type to the default value. Syntax mvr mode {compatible | dynamic} no mvr mode Parameter Description Parameter Description compatible Do not allow membership joins on source ports.
PAGE 603
2CSPC4.XModular-SWUM204.book Page 603 Friday, March 15, 2013 9:24 AM Syntax mvr querytime 1–100 no mvr querytime Parameter Description Parameter Description querytime The query time is a maximum time to wait for an IGMP membership report on a receiver port before removing the port from the multicast group. The query time only applies to receiver ports. The query time is specified in tenths of a second. Default Configuration The default value is 5 tenths of a second.
PAGE 604
2CSPC4.XModular-SWUM204.book Page 604 Friday, March 15, 2013 9:24 AM mvr vlan Use the mvr vlan command in Global Config mode to set the MVR multicast VLAN. Use the no form of the command to set the MVR multicast VLAN to the default value. Syntax mvr vlan 1–4094 no mvr vlan Parameter Description Parameter Description vlan The VLAN specifies the port on which multicast data is expected to be received. Source ports should belong to this VLAN. Default Configuration The default value is 1.
PAGE 605
2CSPC4.XModular-SWUM204.book Page 605 Friday, March 15, 2013 9:24 AM Syntax mvr immediate no mvr immediate Parameter Description This command does not require a parameter description. Default Configuration The default value is Disabled. Command Mode Interface Config User Guidelines Immediate leave should only be configured on ports with a single receiver. When immediate leave is enabled, a receiver port will leave a group on receipt of a leave message.
PAGE 606
2CSPC4.XModular-SWUM204.book Page 606 Friday, March 15, 2013 9:24 AM Syntax mvr type {receiver | source} no mvr type Parameter Description Parameter Description receiver Configure the port as a receiver port. Receiver ports are ports over which multicast data will be sent but not received. source Configure the port as a source port. Source ports are ports over which multicast data is received or sent. Default Configuration The default value is None.
PAGE 607
2CSPC4.XModular-SWUM204.
PAGE 608
2CSPC4.XModular-SWUM204.book Page 608 Friday, March 15, 2013 9:24 AM User Guidelines This command statically configures a port to receive the specified multicast group on the specified VLAN. This command only applies to receiver ports in compatible mode. It also applies to source ports in dynamic mode. In dynamic mode, receiver ports can also join multicast groups using IGMP messages.
PAGE 609
2CSPC4.XModular-SWUM204.book Page 609 Friday, March 15, 2013 9:24 AM Parameter Description MVR Current Multicast groups The current number of MVR groups allocated. MVR Query Response Time The current MVR query response time. MVR Mode The current MVR mode. It can be compatible or dynamic. Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines The following table lists the completion messages.
PAGE 610
2CSPC4.XModular-SWUM204.book Page 610 Friday, March 15, 2013 9:24 AM Syntax show mvr members [A.B.C.D] Parameter Description The parameter is a valid multicast address in IPv4 dotted notation. The following table explains the output parameters. Parameter Description MVR Group IP MVR group multicast IP address. Status The status of the specific MVR group. It can be active or inactive. Members The list of ports which participates in the specific MVR group.
PAGE 611
2CSPC4.XModular-SWUM204.book Page 611 Friday, March 15, 2013 9:24 AM console#show mvr members 224.1.1.1 MVR Group IP Status Members ------------------ --------------- --------------------- 224.1.1.1 INACTIVE 1/0/1, 1/0/2, 1/0/3 show mvr interface Use the show mvr interface command in Privileged EXEC mode to display the MVR enabled interfaces configuration.
PAGE 612
2CSPC4.XModular-SWUM204.book Page 612 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines The following table lists the completion messages.
PAGE 613
2CSPC4.XModular-SWUM204.book Page 613 Friday, March 15, 2013 9:24 AM Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines The following table lists the completion messages.
PAGE 614
2CSPC4.XModular-SWUM204.book Page 614 Friday, March 15, 2013 9:24 AM console#show mvr traffic IGMP Query Received............................ 2 IGMP Report V1 Received........................ 0 IGMP Report V2 Received........................ 3 IGMP Leave Received............................ 0 IGMP Query Transmitted......................... 2 IGMP Report V1 Transmitted..................... 0 IGMP Report V2 Transmitted..................... 3 IGMP Leave Transmitted.........................
PAGE 615
2CSPC4.XModular-SWUM204.book Page 615 Friday, March 15, 2013 9:24 AM Port Aggregator Commands 29 Port aggregator commands are only available in simple mode. Use the mode simple command to clear the configuration and enter simple mode. Use the no mode simple command to clear the config and exit simple mode.
PAGE 616
2CSPC4.XModular-SWUM204.book Page 616 Friday, March 15, 2013 9:24 AM Command Mode Port Aggregator mode User Guidelines This command is only available in simple mode. Example console(config)#port-aggregator group 1 console(config-aggregator-1)#add interface te1/0/1 console(config-aggregator-1)# duplex Use the duplex command in port aggregator configuration mode to configure the full/half duplex operation of all member ports in the aggregator group/zone.
PAGE 617
2CSPC4.XModular-SWUM204.book Page 617 Friday, March 15, 2013 9:24 AM Example console(config)#port-aggregator group 1 console(config-aggregator-1)#speed 1000 console(config-aggregator-1)# lacp auto Use the lacp auto command to set the LACP (Link Aggregation) mode to dynamic for that Aggregator Group. This means that when more than one uplink port is in the Group, those uplink ports will be enabled automatically with dynamic LACP.
PAGE 618
2CSPC4.XModular-SWUM204.book Page 618 Friday, March 15, 2013 9:24 AM lacp off Use the lacp off command to set the LACP (Link Aggregation) mode to off for that Aggregator Group. This means that when more than one uplink port is in the Group, all the uplinks are shut down except the lowest numbered one. Syntax lacp off Default Configuration This command has no default configuration. Command Mode Port Aggregator mode User Guidelines This command is only available if simple mode is enabled.
PAGE 619
2CSPC4.XModular-SWUM204.book Page 619 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Port Aggregator mode User Guidelines This command is only available if simple mode is enabled. Example console(config)#port-aggregator group 2 console(config-aggregator-2)#lacp static console(config-aggregator-2)# minimum active uplinks Use the minimum active uplinks command to set the minimum number of uplinks to be active for the Group.
PAGE 620
2CSPC4.XModular-SWUM204.book Page 620 Friday, March 15, 2013 9:24 AM User Guidelines This command is only available in simple mode. Example console(config)#port-aggregator group 2 console(config-aggregator-2)#minimum active uplinks 2 console(config-aggregator-2)# mtu disable Use the mtu disable command to set the mtu size to default (1518) on all the member ports in the aggregator group/zone. To set the mtu size to the maximum value (9216), use the no form of this command.
PAGE 621
2CSPC4.XModular-SWUM204.book Page 621 Friday, March 15, 2013 9:24 AM negotiation Use the negotiation command in port aggregator mode to enable autonegotiation of all member ports in the aggregator group/zone. To disable negotiation, use the no form of this command. Syntax negotiation no negotiation Default Configuration This command has no default configuration. Command Mode Port Aggregator mode User Guidelines This command is only available in simple mode.
PAGE 622
2CSPC4.XModular-SWUM204.book Page 622 Friday, March 15, 2013 9:24 AM Command Mode Port Aggregator mode User Guidelines This command is only available if simple mode is enabled. Example console(config)#port-aggregator group 2 console(config-aggregator-2)#no lacp console(config-aggregator-2)# port-aggregator group Use the port-aggregator group command to enter the Port Aggregator mode to configure aggregator group attributes.
PAGE 623
2CSPC4.XModular-SWUM204.book Page 623 Friday, March 15, 2013 9:24 AM Example console(config)#port-aggregator group 1 console(config-aggregator-1)# show mac address-table Use the show mac address-table command to show the MAC address table for a particular aggregator group. [port-aggregator group is an optional parameter in the command, and if not specified, it shows all the MAC entries in all the Groups.
PAGE 624
2CSPC4.XModular-SWUM204.book Page 624 Friday, March 15, 2013 9:24 AM 1001 0006.2932.814B 1/g17 Static speed Use the speed command in port aggregator configuration mode to configure the speed of all member ports in the aggregator group/zone. To restore the default, use the no form of this command. Syntax speed [10 | 100 ] no speed • 10 — Configures the port to 10 Mbps operation. • 100 — Configures the port to 100 Mbps operation. Default Configuration This command has no default configuration.
PAGE 625
2CSPC4.XModular-SWUM204.book Page 625 Friday, March 15, 2013 9:24 AM Syntax vlan [add | remove] vlan-list — A list of VLANs. Separate nonconsecutive VLANs with a comma and no spaces. Use a hyphen to designate a range of VLANs. Default Configuration By default, the native VLAN is a member of the port aggregator group. Command Mode Port Aggregator mode User Guidelines VLANs that have not yet been created may be added to the port aggregator group. They will be made active after creation.
PAGE 626
2CSPC4.XModular-SWUM204.
PAGE 627
2CSPC4.XModular-SWUM204.book Page 627 Friday, March 15, 2013 9:24 AM Port Channel Commands 30 A port channel is a set of one or more links that can be aggregated together to form a bonded channel (Link Aggregation Group or LAG). Individual conversations in a particular direction always travel over a single link in the port channel, however, in aggregate, the bandwidth usage of all of the links is fairly evenly distributed.
PAGE 628
2CSPC4.XModular-SWUM204.book Page 628 Friday, March 15, 2013 9:24 AM an additional parameter static which makes this LAG not require a partner system running Link Aggregation Control Protocol (LACP) to be able to aggregate it's member ports. A static LAG does not transmit or process received LACPDUs, that is, the member ports do not transmit LACPDUs and all the LACPDUs it may receive are dropped. A dropped counter is maintained to count the number of such PDUs.
PAGE 629
2CSPC4.XModular-SWUM204.book Page 629 Friday, March 15, 2013 9:24 AM Port Channels Trunking, which is also called Port Channels or Link Aggregation, is initiated and maintained by the periodic exchanges of Link Aggregation Control PDUs (LACPDUs). From a system perspective, a LAG is treated as a physical port. A LAG and a physical port use the same configuration parameters for administrative enable/disable, port priority, and path cost.
PAGE 630
2CSPC4.XModular-SWUM204.book Page 630 Friday, March 15, 2013 9:24 AM • Source/Destination IP and source/destination TCP/UDP Port fields of the packet. Enhanced LAG Hashing PowerConnect devices based on Broadcom XGS-IV silicon support configuration of hashing algorithms for each LAG interface. The hashing algorithm is used to distribute traffic load among the physical ports of the LAG while preserving the per-flow packet order.
PAGE 631
2CSPC4.XModular-SWUM204.book Page 631 Friday, March 15, 2013 9:24 AM Manual Aggregation of LAGs PowerConnect switching supports the manual addition and deletion of links to aggregates. Flexible Assignment of Ports to LAGs Assignment of interfaces to dynamic LAGs is based upon a maximum of 144 interfaces assigned to dynamic LAGs, a maximum of 128 dynamic LAGs and a maximum of 8 interfaces per dynamic LAG. For example, 128 LAGs may be assigned 2 interfaces each or 18 LAGs may be assigned 8 interfaces each.
PAGE 632
2CSPC4.XModular-SWUM204.book Page 632 Friday, March 15, 2013 9:24 AM • port-channel-number — Number of a valid port-channel with which to associate the current interface. • on — Forces the port to join a channel without LACP (static LAG). • active — Forces the port to join a channel with LACP (dynamic LAG). Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines.
PAGE 633
2CSPC4.XModular-SWUM204.book Page 633 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enters the context of port-channel 1.
PAGE 634
2CSPC4.XModular-SWUM204.book Page 634 Friday, March 15, 2013 9:24 AM User Guidelines Commands in the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, it stops the execution of the command on subsequent interfaces. Example The following example shows how port-channels 1, 2 and 8 are grouped to receive the same command.
PAGE 635
2CSPC4.XModular-SWUM204.book Page 635 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (port-channel) User Guidelines No specific guidelines. Example console(config)#interface port-channel l console(config-if-po1)#hashing-mode 4 console(config-if-po1)#no hashing mode lacp port-priority Use the lacp port-priority command in Interface Configuration mode to configure the priority value for physical ports. To reset to default priority value, use the no form of this command.
PAGE 636
2CSPC4.XModular-SWUM204.book Page 636 Friday, March 15, 2013 9:24 AM console(config)#interface gigabitethernet 1/0/8 console(config-if-1/0/8)#lacp port-priority 247 lacp system-priority Use the lacp system-priority command in Global Configuration mode to configure the Link Aggregation system priority. To reset to default, use the no form of this command. Syntax lacp system-priority value no lacp system-priority • value — Port priority value.
PAGE 637
2CSPC4.XModular-SWUM204.book Page 637 Friday, March 15, 2013 9:24 AM no lacp timeout • long — Specifies a long timeout value. • short — Specifies a short timeout value. Default Configuration The default port timeout value is long. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example assigns an administrative LACP timeout for port 1/0/8 to a long timeout value.
PAGE 638
2CSPC4.XModular-SWUM204.book Page 638 Friday, March 15, 2013 9:24 AM Command Mode Interface Config (port-channel) mode User Guidelines For a LAG that contains links distributed across stacking units, the default behavior is to distribute locally received ingress traffic across all LAG links in the stack per the selected hashing algorithm. When enabled, this command disables forwarding of ingress unicast traffic across stacking links for a LAG that is comprised of links on multiple stack units.
PAGE 639
2CSPC4.XModular-SWUM204.book Page 639 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Interface Configuration (port-channel) mode User Guidelines This command has no user guidelines. show interfaces port-channel Use the show interfaces port-channel command to show port-channel information. Syntax Description show interfaces port-channel [port-channel-number] Parameter Description The command displays the following information.
PAGE 640
2CSPC4.XModular-SWUM204.book Page 640 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines.
PAGE 641
2CSPC4.XModular-SWUM204.book Page 641 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example shows how to display LACP Ethernet interface information.
PAGE 642
2CSPC4.XModular-SWUM204.
PAGE 643
2CSPC4.XModular-SWUM204.book Page 643 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example shows statistics about port-channel 1. console#show statistics port-channel 1 Total Packets Received (Octets)................ 0 Packets Received > 1522 Octets................. 0 Packets RX and TX 64 Octets.................... 1064 Packets RX and TX 65-127 Octets................ 140 Packets RX and TX 128-255 Octets...............
PAGE 644
2CSPC4.XModular-SWUM204.book Page 644 Friday, March 15, 2013 9:24 AM FCS Errors..................................... 0 Overruns....................................... 0 Total Received Packets Not Forwarded........... 0 Local Traffic Frames........................... 0 802.3x Pause Frames Received................... 0 Unacceptable Frame Type........................ 0 Multicast Tree Viable Discards................. 0 Reserved Address Discards...................... 0 Broadcast Storm Recovery..................
PAGE 645
2CSPC4.XModular-SWUM204.book Page 645 Friday, March 15, 2013 9:24 AM Excessive Collision Frames..................... 0 Port Membership Discards....................... 0 802.3x Pause Frames Transmitted................ 0 GVRP PDUs received............................. 0 GVRP PDUs Transmitted.......................... 0 GVRP Failed Registrations...................... 0 Time Since Counters Last Cleared...............
PAGE 646
2CSPC4.XModular-SWUM204.
PAGE 647
2CSPC4.XModular-SWUM204.book Page 647 Friday, March 15, 2013 9:24 AM Port Monitor Commands 31 PowerConnect switches allow the user to monitor traffic with an external network analyzer. The external network analyzer can use any of the Ethernet ports as a probe port. The probe port transmits a mirror copy of the traffic being probed. Network traffic transmission is always disrupted whenever a configuration change is made for port monitoring.
PAGE 648
2CSPC4.XModular-SWUM204.book Page 648 Friday, March 15, 2013 9:24 AM monitor session show monitor session monitor session Use the monitor session command in Global Configuration mode to configure a probe port and a monitored port for monitor session (port monitoring). Use the src-interface parameter to specify the interface to monitor. Use rx to monitor only ingress packets, or use tx to monitor only egress packets.
PAGE 649
2CSPC4.XModular-SWUM204.book Page 649 Friday, March 15, 2013 9:24 AM User Guidelines The source of a monitoring session must be configured before the destination can be configured. Only one session with a single destination is supported, however, that session supports multiple sources. Example The following examples show a simple port level configuration that mirrors both transmitted and received packet from one port to another.
PAGE 650
2CSPC4.XModular-SWUM204.
PAGE 651
2CSPC4.XModular-SWUM204.book Page 651 Friday, March 15, 2013 9:24 AM QoS Commands 32 Quality of Service (QoS) technologies are intended to provide guaranteed timely delivery of specific application data to a particular destination. In contrast, standard IP-based networks are designed to provide best effort data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee.
PAGE 652
2CSPC4.XModular-SWUM204.book Page 652 Friday, March 15, 2013 9:24 AM A user configures an ACL permit rule to force its matching traffic stream to a specific egress interface, bypassing any forwarding decision normally performed by the device. The interface can be a physical port or a LAG. The redirect interface rule action is independent of, but compatible with, the assign queue rule action. ACLs can be configured to apply to a VLAN instead of an interface.
PAGE 653
2CSPC4.XModular-SWUM204.book Page 653 Friday, March 15, 2013 9:24 AM – • Untrusted Port Default Priority Queue Configuration This enables PowerConnect switches to support a wide variety of delay sensitive video and audio multicast applications. CoS mapping tables, port default priority, and hardware queue parameters may be configured on LAG interfaces as well as physical port interfaces.
PAGE 654
2CSPC4.XModular-SWUM204.book Page 654 Friday, March 15, 2013 9:24 AM process is also used for cases where a trusted port mapping is unable to be honored, such as when a nonIP packet arrives at a port configured to trust the IP precedence or IP DSCP value. PCM6220 Limitations The PCM6220 switch does not support out-bound service policies or ACLs.
PAGE 655
2CSPC4.XModular-SWUM204.
PAGE 656
2CSPC4.XModular-SWUM204.book Page 656 Friday, March 15, 2013 9:24 AM Example The following example displays how to change the queue ID to 4 for the associated traffic stream. console(config-policy-classmap)#assign-queue 4 class Use the class command in Policy-Map Class Configuration mode to create an instance of a class definition within the specified policy for the purpose of defining treatment of the traffic class through subsequent policy attribute statements.
PAGE 657
2CSPC4.XModular-SWUM204.book Page 657 Friday, March 15, 2013 9:24 AM class-map Use the class-map command in Global Configuration mode to define a new DiffServ class of type match-all. To delete the existing class, use the no form of this command. Syntax class-map match-all class-map-name [{ipv4 | ipv6}] no class-map match-all class-map-name • class-map-name — a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying an existing DiffServ class.
PAGE 658
2CSPC4.XModular-SWUM204.book Page 658 Friday, March 15, 2013 9:24 AM • classname — The name of an existing DiffServ class. (Range: 1–31 characters) • newclassname — A case-sensitive alphanumeric string. (Range: 1–31 characters) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to change the name of a DiffServ class from "DELL" to "DELL1.
PAGE 659
2CSPC4.XModular-SWUM204.book Page 659 Friday, March 15, 2013 9:24 AM Default Configuration The default dot1p mapping is as follows: User Priority Traffic Class 0 1 1 0 2 0 3 1 4 2 5 2 6 3 7 3 Command Mode Global Configuration or Interface Configuration (Ethernet, Port-channel) mode User Guidelines None Example The following example configures mapping for user priority 1 and traffic class 2.
PAGE 660
2CSPC4.XModular-SWUM204.book Page 660 Friday, March 15, 2013 9:24 AM Syntax classofservice ip-dscp-mapping ipdscp trafficclass no classofservice ip-dscp-mapping ipdscp Parameter Description Parameter Description ipdscp Specifies the IP DSCP value to which you map the specified traffic class. (Range: 0–63 or an IP DSCP keyword – af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef).
PAGE 661
2CSPC4.XModular-SWUM204.
PAGE 662
2CSPC4.XModular-SWUM204.book Page 662 Friday, March 15, 2013 9:24 AM IP DSCP Traffic Class 42 2 43 2 44 2 45 2 46(ef) 2 47 2 48(cs6) 3 49 3 50 3 51 3 52 3 53 3 54 3 55 3 56(cs7) 3 57 3 58 3 59 3 60 3 61 3 62 3 63 3 Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
PAGE 663
2CSPC4.XModular-SWUM204.book Page 663 Friday, March 15, 2013 9:24 AM Example The following example displays mapping for IP DSCP 1 and traffic class 2. console(config)#classofservice ip-dscp-mapping 1 2 classofservice trust Use the classofservice trust command in either Global Configuration mode or Interface Configuration mode to set the class of service trust mode of an interface. To set the interface mode to untrusted, use the no form of this command.
PAGE 664
2CSPC4.XModular-SWUM204.book Page 664 Friday, March 15, 2013 9:24 AM Examples The following example displays how you set the class of service trust mode of an interface to trust dot1p (802.1p) packet markings when in Global Configuration mode.
PAGE 665
2CSPC4.XModular-SWUM204.book Page 665 Friday, March 15, 2013 9:24 AM • Secondary COS • DSCP • IP Precedence This includes both the input and color aware classes. The conform color class may not be the same as the input class, nor may the match criteria be of the same type. The input class map may have a match type of "any." The exceed color class may only be specified for the two-rate police algorithm.
PAGE 666
2CSPC4.XModular-SWUM204.book Page 666 Friday, March 15, 2013 9:24 AM cos-queue min-bandwidth Use the cos-queue min-bandwidth command in either Global Configuration mode or Interface Configuration mode to specify the minimum transmission bandwidth for each interface queue. To restore the default for each queue’s minimum bandwidth value, use the no form of this command.
PAGE 667
2CSPC4.XModular-SWUM204.book Page 667 Friday, March 15, 2013 9:24 AM lower numbered TCG, even when strict priority is enabled on a higher numbered TCG, will alter the normal scheduler behavior and cause the scheduler to process frames from the lower numbered TCG to conform to the min-bandwidth constraint. Example The following example displays how to specify the minimum transmission bandwidth guarantee for cos-queues 0 through 6.
PAGE 668
2CSPC4.XModular-SWUM204.book Page 668 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (physical or port-channel) mode or Global Configuration mode User Guidelines When used on a port-channel, this command will override the settings on the individual interfaces that are part of the port channel. Removing an interface from the port channel restores the individual interface settings. This command can be used in Interface Range mode.
PAGE 669
2CSPC4.XModular-SWUM204.book Page 669 Friday, March 15, 2013 9:24 AM cos-queue strict Use the cos-queue strict command in either Global Configuration mode or Interface Configuration mode to activate the strict priority scheduler mode for each specified queue. To restore the default weighted scheduler mode for each specified queue, use the no form of this command.
PAGE 670
2CSPC4.XModular-SWUM204.book Page 670 Friday, March 15, 2013 9:24 AM diffserv Use the diffserv command in Global Configuration mode to set the DiffServ operational mode to active. While disabled, the DiffServ configuration is retained and can be changed, but it is not activated. When enabled, DiffServ services are activated. To set the DiffServ operational mode to inactive, use the no form of this command. Syntax diffserv no diffserv Default Configuration This command default is enabled.
PAGE 671
2CSPC4.XModular-SWUM204.book Page 671 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to specify that matching packets are to be dropped at ingress.
PAGE 672
2CSPC4.XModular-SWUM204.book Page 672 Friday, March 15, 2013 9:24 AM Example The following example displays how to mark all packets with a CoS value. console(config-policy-classmap)#mark cos 7 mark ip-dscp Use the mark ip-dscp command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified IP DSCP value.
PAGE 673
2CSPC4.XModular-SWUM204.book Page 673 Friday, March 15, 2013 9:24 AM mark ip-precedence Use the mark ip-precedence command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified IP precedence value. Syntax mark ip-precedence prec-value • prec-value — Specifies the IP precedence value as an integer. (Range: 0–7) Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines.
PAGE 674
2CSPC4.XModular-SWUM204.book Page 674 Friday, March 15, 2013 9:24 AM Syntax match class-map refclassname no match class-map refclassname • refclassname — The name of an existing DiffServ class whose match conditions are being referenced by the specified class definition. Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines • The parameters refclassname and class-map-name can not be the same.
PAGE 675
2CSPC4.XModular-SWUM204.book Page 675 Friday, March 15, 2013 9:24 AM console(config-classmap)#no match class-map Dell match cos Use the match cos command in Class-Map Configuration mode to add a match condition for the class of service value (the only tag in a single-tagged packet or the first or outer 802.1Q tag of a double-VLAN tagged packet). Syntax match cos • cos-value — Specifies the CoS value as an integer (Range: 0–7) Default Configuration This command has no default configuration.
PAGE 676
2CSPC4.XModular-SWUM204.book Page 676 Friday, March 15, 2013 9:24 AM • macaddr — Specifies any valid layer 2 MAC address formatted as six twodigit hexadecimal numbers separated by colons. • macmask — Specifies a valid layer 2 MAC address bit mask formatted as six two-digit hexadecimal numbers separated by colons. This address bit mask does not need to be contiguous. Default Configuration This command has no default configuration.
PAGE 677
2CSPC4.XModular-SWUM204.book Page 677 Friday, March 15, 2013 9:24 AM Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition using the specified IP address and bit mask. console(config-classmap)#match dstip 10.240.1.1 10.240.0.0 match dstip6 The match dstip6 command adds a match condition based on the destination IPv6 address of a packet.
PAGE 678
2CSPC4.XModular-SWUM204.book Page 678 Friday, March 15, 2013 9:24 AM match dstl4port Use the match dstl4port command in Class-Map Configuration mode to add a match condition based on the destination layer 4 port of a packet using a single keyword or a numeric notation. Syntax match dstl4port {portkey | port-number} • portkey — Specifies one of the supported port name keywords. A match condition is specified by one layer 4 port number.
PAGE 679
2CSPC4.XModular-SWUM204.book Page 679 Friday, March 15, 2013 9:24 AM • keyword — Specifies either a valid keyword or a valid hexadecimal number. The supported keywords are appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp. (Range: 0x0600–0xFFFF) Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines.
PAGE 680
2CSPC4.XModular-SWUM204.book Page 680 Friday, March 15, 2013 9:24 AM User Guidelines There are no user guidelines for this command. Example The following example adds a rule to match packets whose IPv6 Flow Label equals 32312. console(config-classmap)#match ip6flowlbl 32312 match ip dscp Use the match ip dscp command in Class-Map Configuration mode to add to the specified class definition a match condition based on the value of the IP DiffServ Code Point (DSCP) field in a packet.
PAGE 681
2CSPC4.XModular-SWUM204.book Page 681 Friday, March 15, 2013 9:24 AM Example The following example displays how to add a match condition based on the DSCP field. console(config-classmap)# match ip dscp 3 match ip precedence Use the match ip precedence command in Class-Map Configuration mode to add to the specified class definition a match condition based on the value of the IP precedence field. Syntax match ip precedence precedence • precedence — Specifies the precedence field in a packet.
PAGE 682
2CSPC4.XModular-SWUM204.book Page 682 Friday, March 15, 2013 9:24 AM match ip tos Use the match ip tos command in Class-Map Configuration mode to add to the specified class definition a match condition based on the value of the IP TOS field in a packet. This field is defined as all eight bits of the Service Type octet in the IP header. Syntax match ip tos tosbits tosmask • tosbits — Specifies a two-digit hexadecimal number.
PAGE 683
2CSPC4.XModular-SWUM204.book Page 683 Friday, March 15, 2013 9:24 AM match protocol Use the match protocol command in Class-Map Configuration mode to add to the specified class definition a match condition based on the value of the IP Protocol field in a packet using a single keyword notation or a numeric value notation. Syntax match protocol {protocol-name | protocol-number} • protocol-name — Specifies one of the supported protocol name keywords. The supported values are icmp, igmp, ip, tcp, and udp.
PAGE 684
2CSPC4.XModular-SWUM204.book Page 684 Friday, March 15, 2013 9:24 AM Syntax match source-address mac address macmask • macaddr — Specifies any valid layer 2 MAC address formatted as six twodigit hexadecimal numbers separated by colons. • macmask — Specifies a layer 2 MAC address bit mask formatted as six two-digit hexadecimal numbers separated by colons. This bit mask does not need to be contiguous. Default Configuration This command has no default configuration.
PAGE 685
2CSPC4.XModular-SWUM204.book Page 685 Friday, March 15, 2013 9:24 AM • ipmask — Specifies a valid IP address bit mask. Note that although this IP address bit mask is similar to a subnet mask, it does not need to be contiguous. Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines Only one srcip matching criteria can be specified. To remove the matching criteria, delete the class map.
PAGE 686
2CSPC4.XModular-SWUM204.book Page 686 Friday, March 15, 2013 9:24 AM User Guidelines There are no user guidelines for this command. Example console(config-classmap)#match srcip6 2001:DB8::/32 match srcl4port Use the match srcl4port command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source layer 4 port of a packet using a single keyword or a numeric notation.
PAGE 687
2CSPC4.XModular-SWUM204.book Page 687 Friday, March 15, 2013 9:24 AM match vlan Use the match vlan command in Class-Map Configuration mode to add to the specified class definition a match condition based on the value of the layer 2 VLAN Identifier field. This field is the only tag in a single tagged packet or the first or outer tag of a double VLAN packet. Syntax match vlan vlan-id • vlan-id — Specifies a VLAN ID as an integer.
PAGE 688
2CSPC4.XModular-SWUM204.book Page 688 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines The port identified in this command is identical to the destination port of the monitor command. Example The following example displays how to copy all the data to port 1/0/5.
PAGE 689
2CSPC4.XModular-SWUM204.book Page 689 Friday, March 15, 2013 9:24 AM • dscpval — DSCP value. (Range: 0–63 or a keyword from this list, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef) Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines Only one style of police command (simple or two-rate) is allowed for a given class instance in a particular policy.
PAGE 690
2CSPC4.XModular-SWUM204.book Page 690 Friday, March 15, 2013 9:24 AM A packet is colored red if it exceeds the PIR, yellow if it exceeds the CIR, and green if it does not exceed either. A trTCM is useful when a peak rate needs to be enforced separately from a committed rate. Syntax police-two-rate datarate burstsize peak-data-rate excess-burstsize conformaction action exceed-action action violate-action action • datarate — Data rate in kilobits per second (kbps).
PAGE 691
2CSPC4.XModular-SWUM204.book Page 691 Friday, March 15, 2013 9:24 AM User Guidelines The CIR and PIR are measured in Kbps (not pps as indicated in the RFC), the CBS in Kbytes, and the PBS in Kbytes. It is recommended that the CBS and PBS be configured to be larger than the largest expected IP packet. A class command in policy-map mode must be issued for an existing class-map before entering this command.
PAGE 692
2CSPC4.XModular-SWUM204.book Page 692 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The CLI mode is changed to Policy-Class-Map Configuration when this command is successfully executed. The policy type dictates which of the individual policy attribute commands are valid within the policy definition. Example The following example shows how to establish a new ingress DiffServ policy named "DELL.
PAGE 693
2CSPC4.XModular-SWUM204.book Page 693 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description queue-id The class of service queue. Range 0 to 6. min-thresh The minimum threshold at which to begin dropping, based on the configured maximum drop probability for each color and for non-TCP packets. Range 0 to 100. max-thresh The maximum threshold to ene dropping at the configured maximum drop probability for each color and for non-TCP packets. Range 0 to 100.
PAGE 694
2CSPC4.XModular-SWUM204.book Page 694 Friday, March 15, 2013 9:24 AM User Guidelines The Green/Yellow/Red Ranges may overlap and are applied to each color independently. Within a color, the range from minimum to maximum is divided into eight (0...7) fixed probabilities at which packets are dropped based on the instantaneous egress queue size: 0 - 6.25% of maximum drop probability 1 - 18.75% of maximum drop probability 2 - 30.25% of maximum drop probability 3 - 43.75% of maximum drop probability 4 - 56.
PAGE 695
2CSPC4.XModular-SWUM204.book Page 695 Friday, March 15, 2013 9:24 AM random-detect exponential-weighting-constant Use the random-detect exponential-weighting-constant command to configure the decay in the calculation of the average queue size user for WRED on an interface or all interfaces.
PAGE 696
2CSPC4.XModular-SWUM204.book Page 696 Friday, March 15, 2013 9:24 AM • interface — Specifies any valid interface. Interface is Ethernet port or port-channel (Range: po1-po32 or gi1/0/1-gi1/0/24) Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example shows how to redirect incoming packets to port 1/0/1.
PAGE 697
2CSPC4.XModular-SWUM204.book Page 697 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Global Configuration mode (for all system interfaces) Interface Configuration (Ethernet, Port-channel) mode (for a specific interface) User Guidelines This command enables DiffServ on an interface. No separate interface administrative mode command for DiffServ is available. Use the policy-map command to configure the DiffServ policy.
PAGE 698
2CSPC4.XModular-SWUM204.book Page 698 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays all the configuration information for the class named "Dell".
PAGE 699
2CSPC4.XModular-SWUM204.book Page 699 Friday, March 15, 2013 9:24 AM ---------------------------- ------------------------------------Source IP Address 2001:DB8::/32 Source Layer 4 Port 80(http/www) show classofservice dot1p-mapping Use the show classofservice dot1p-mapping command in Privileged EXEC mode to display the current Dot1p (802.1p) priority mapping to internal traffic classes for a specific interface.
PAGE 700
2CSPC4.XModular-SWUM204.book Page 700 Friday, March 15, 2013 9:24 AM 3 4 4 3 5 4 6 5 7 6 The following table lists the parameters in the example and gives a description of each. Parameter Description User Priority The 802.1p user priority value. Traffic Class The traffic class internal queue identifier to which the user priority value is mapped.
PAGE 701
2CSPC4.XModular-SWUM204.
PAGE 702
2CSPC4.XModular-SWUM204.
PAGE 703
2CSPC4.XModular-SWUM204.book Page 703 Friday, March 15, 2013 9:24 AM 47 2 48(cs6) 3 49 3 50 3 51 3 52 3 53 3 54 3 55 3 56(cs7) 3 57 3 58 3 59 3 60 3 61 3 62 3 63 3 console# show classofservice trust Use the show classofservice trust command in Privileged EXEC mode to display the current trust mode setting for a specific interface.
PAGE 704
2CSPC4.XModular-SWUM204.book Page 704 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines If the interface is specified, the port trust mode of the interface is displayed. If omitted, the port trust mode for global configuration is shown. Example The following example displays the current trust mode settings for the specified port.
PAGE 705
2CSPC4.XModular-SWUM204.book Page 705 Friday, March 15, 2013 9:24 AM Example The following example displays the DiffServ information. console#show diffserv DiffServ Admin mode.......................... Enable Class Table Size Current/Max................. 5 / 25 Class Rule Table Size Current/Max............ 6 / 150 Policy Table Size Current/Max................ 2 / 64 Policy Instance Table Size Current/Max....... 2 / 640 Policy Attribute Table Size Current/Max...... 2 / 1920 Service Table Size Current/Max...
PAGE 706
2CSPC4.XModular-SWUM204.book Page 706 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example console#show diffserv service interface gigabitethernet 1/0/1 in DiffServ Admin Mode........................... Enable Interface..................................... 1/0/1 Direction..................................... In No policy is attached to this interface in this direction.
PAGE 707
2CSPC4.XModular-SWUM204.book Page 707 Friday, March 15, 2013 9:24 AM DiffServ Admin Mode........................... Enable Interface..................................... po1 Direction..................................... In No policy is attached to this interface in this direction show diffserv service brief Use the show diffserv service brief command in Privileged EXEC mode to display all interfaces in the system to which a DiffServ policy has been attached.
PAGE 708
2CSPC4.XModular-SWUM204.book Page 708 Friday, March 15, 2013 9:24 AM show interfaces cos-queue Use the show interfaces cos-queue command in Privileged EXEC mode to display the class-of-service queue configuration for the specified interface. Syntax show interfaces cos-queue [{gigabitethernet unit/slot/port | port-channel port-channel-number | tengigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
PAGE 709
2CSPC4.XModular-SWUM204.book Page 709 Friday, March 15, 2013 9:24 AM 5 0 Weighted Tail Drop 6 0 Weighted Tail Drop This example displays the COS configuration for the specified interface 1/0/1. console#show interfaces cos-queue gigabitethernet 1/0/1 Interface...................................... 1/0/1 Interface Shaping Rate......................... 0 Queue Id Min.
PAGE 710
2CSPC4.XModular-SWUM204.book Page 710 Friday, March 15, 2013 9:24 AM Parameter Description Minimum Bandwidth The minimum transmission bandwidth guarantee for the queue, expressed as a percentage. A value of 0 means bandwidth is not guaranteed and the queue operates using best-effort scheduling. This value is a configured value. Scheduler Type Indicates whether this queue is scheduled for transmission using a strict priority or a weighted scheme. This value is a configured value.
PAGE 711
2CSPC4.XModular-SWUM204.book Page 711 Friday, March 15, 2013 9:24 AM show policy-map Use the show policy-map command in Privileged EXEC mode to display all configuration information for the specified policy. Syntax show policy-map [policyname] • policyname — Specifies the name of a valid existing DiffServ policy. (Range: 1-31) Default Configuration This command has no default configuration.
PAGE 712
2CSPC4.XModular-SWUM204.book Page 712 Friday, March 15, 2013 9:24 AM Syntax show policy-map interface {gigabithethernet unit/slot/port| tengigabitethernet unit/slot/port port-channel port-channel number} {in|out} Parameter Description Parameter Description port-channel number A valid port-channel identifier. in Show inbound service policies. The offered value indicates the number of packets received by the classifier. out Show outbound service policies.
PAGE 713
2CSPC4.XModular-SWUM204.book Page 713 Friday, March 15, 2013 9:24 AM In Discarded Packets.......................... 11 show service-policy Use the show service-policy command in Privileged EXEC mode to display a summary of policy-oriented statistics information for all interfaces. Syntax show service-policy Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 714
2CSPC4.XModular-SWUM204.book Page 714 Friday, March 15, 2013 9:24 AM 1/0/7 Down DELL 1/0/8 Down DELL 1/0/9 Down DELL 1/0/10 Down DELL traffic-shape Use the traffic-shape command in Global Configuration mode and Interface Configuration mode to specify the maximum transmission bandwidth limit for the interface as a whole. This process, also known as rate shaping, has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded.
PAGE 715
2CSPC4.XModular-SWUM204.
PAGE 716
2CSPC4.XModular-SWUM204.
PAGE 717
2CSPC4.XModular-SWUM204.book Page 717 Friday, March 15, 2013 9:24 AM 33 RADIUS Commands Managing and determining the validity of users in a large network can be significantly simplified by making use of a single database of accessible information supplied by an Authentication Server. These servers commonly use the Remote Authentication Dial In User Service (RADIUS) protocol as defined by RFC 2865.
PAGE 718
2CSPC4.XModular-SWUM204.book Page 718 Friday, March 15, 2013 9:24 AM Table 33-1. RADIUS Attributes Supported by PowerConnect Switch Service Type RADIUS Attribute Name 802.
PAGE 719
2CSPC4.XModular-SWUM204.book Page 719 Friday, March 15, 2013 9:24 AM Table 33-1. RADIUS Attributes Supported by PowerConnect Switch Service Type RADIUS Attribute Name 802.
PAGE 720
2CSPC4.XModular-SWUM204.book Page 720 Friday, March 15, 2013 9:24 AM • FILTER-ID – • TUNNEL-TYPE – • Used to indicate that a VLAN is to be assigned to the user when set to tunnel type VLAN (13). TUNNEL-MEDIUM-TYPE – • Name of the filter list for this user. Used to indicate the tunnel medium type. Must be set to medium type 802 (6) to enable VLAN assignment. TUNNEL-PRIVATE-GROUP-ID – Used to indicate the VLAN to be assigned to the user.
PAGE 721
2CSPC4.XModular-SWUM204.book Page 721 Friday, March 15, 2013 9:24 AM aaa accounting dot1x default start-stop The aaa accounting network default start-stop group radius command has been migrated to the aaa accounting dot1x default start-stop {radius|none} command. Use the aaa accounting dot1x default start-stop command in Global Config mode to create an accounting method list. Use the no form of the command to delete a list. A list may be identified by the default keyword or a user-specified listname.
PAGE 722
2CSPC4.XModular-SWUM204.book Page 722 Friday, March 15, 2013 9:24 AM Parameter Description start-stop Issue a start accounting notice at the beginning and stop accounting notice at the end of the accounted method. Accounting notices are sent when the user logs into the switch and when the user logs out of the exec mode. Accounting notifications are also sent at the beginning and at the end of the user executed command.
PAGE 723
2CSPC4.XModular-SWUM204.book Page 723 Friday, March 15, 2013 9:24 AM The same list-name can be used for both exec and commands accounting types. AAA accounting for commands with RADIUS as the accounting method is not supported. TACACS+ supports both exec and commands accounting types. There is exactly one accounting method list for dot1x: default. accounting Use the accounting command in Line Config mode to apply an accounting method to a line config.
PAGE 724
2CSPC4.XModular-SWUM204.book Page 724 Friday, March 15, 2013 9:24 AM User Guidelines When enabling accounting for exec mode for the current line-configuration type, users logged in with that mode will be logged out. Examples Use the following command to enable exec type accounting for telnet. console(config)#line telnet console(config-telnet)# accounting exec default acct-port Use the acct-port command to set the port that connects to the RADIUS accounting server.
PAGE 725
2CSPC4.XModular-SWUM204.book Page 725 Friday, March 15, 2013 9:24 AM console(Config-acct-radius)#acct-port 56 auth-port Use the auth-port command in Radius mode to set the port number for authentication requests of the designated Radius server. Syntax auth-port auth-port-number • auth-port-number — Port number for authentication requests. (Range: 1 65535) Default Configuration The default value of the port number is 1812.
PAGE 726
2CSPC4.XModular-SWUM204.book Page 726 Friday, March 15, 2013 9:24 AM server will be used until it no longer responds. RADIUS servers whose deadtime interval has not expired are skipped when searching for a new RADIUS server to contact. Syntax deadtime deadtime • deadtime — The amount of time that the unavailable server is skipped over. (Range: 0-2000 minutes) Default Configuration The default deadtime interval is 0 minutes.
PAGE 727
2CSPC4.XModular-SWUM204.book Page 727 Friday, March 15, 2013 9:24 AM Default Configuration Debugging is disabled by default. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. key Use the key command to specify the encryption key which is shared with the RADIUS server. Use the "no" form of this command to remove the key. Syntax key key-string • key-string — A string specifying the encryption key (Range: 0 - 128 characters).
PAGE 728
2CSPC4.XModular-SWUM204.book Page 728 Friday, March 15, 2013 9:24 AM msgauth Use the msgauth command to enable the message authenticator attribute to be used for the RADIUS Authenticating server being configured. Use the “no” form of this command to disable the message authenticator attribute. Syntax msgauth no msgauth Default Configuration The message authenticator attribute is enabled by default. Command Mode Radius mode User Guidelines There are no user guidelines for this command.
PAGE 729
2CSPC4.XModular-SWUM204.book Page 729 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description servername The name for the RADIUS server (Range: 1 - 32 characters). Default Configuration The default RADIUS server name is Default-RADIUS-Server. Command Mode Radius Config mode User Guidelines Names may only be set for authentication servers, not for accounting servers. Names may consist of alphanumeric characters and the underscore, dash and blanks.
PAGE 730
2CSPC4.XModular-SWUM204.book Page 730 Friday, March 15, 2013 9:24 AM primary Use the primary command to specify that a configured server should be the primary server in the group of authentication servers which have the same server name. Multiple primary servers can be configured for each group of servers which have the same name.
PAGE 731
2CSPC4.XModular-SWUM204.book Page 731 Friday, March 15, 2013 9:24 AM Default Configuration The default priority is 0. Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command. Example The following example specifies a priority of 10 for the designated server. console(config)#radius-server host 192.143.120.
PAGE 732
2CSPC4.XModular-SWUM204.book Page 732 Friday, March 15, 2013 9:24 AM User Guidelines This command does not change the address in the IP header for the request sent to the RADIUS server. It only changes the address sent to the RADIUS server inside the RADIUS packet. Example The following example sets the NAS IP address in RADIUS attribute 4 to 192.168.10.22. console(config)#radius-server attribute 4 192.168.10.
PAGE 733
2CSPC4.XModular-SWUM204.book Page 733 Friday, March 15, 2013 9:24 AM User Guidelines If only one RADIUS server is configured, it is recommended that the deadtime interval be left at 0. Example The following example sets the minimum interval for a RADIUS server will not be contacted after becoming unresponsive. console(config)#radius-server deadtime 10 radius-server host Use the radius-server host command in Global Configuration mode to specify a RADIUS server host and enter RADIUS Configuration mode.
PAGE 734
2CSPC4.XModular-SWUM204.book Page 734 Friday, March 15, 2013 9:24 AM User Guidelines Radius servers are keyed by the host name, therefore it is advisable to use unique server host names. Example The following example specifies a Radius server host with the following characteristics: Server host IP address — 192.168.10.1 console(config)#radius-server host 192.168.10.
PAGE 735
2CSPC4.XModular-SWUM204.book Page 735 Friday, March 15, 2013 9:24 AM Example The following example sets the authentication and encryption key for all Radius communications between the device and the Radius server to “dellserver.” console(config)#radius-server key dell-server radius-server retransmit Use the radius-server retransmit command in Global Configuration mode to specify the number of times the Radius client will retransmit requests to the Radius server.
PAGE 736
2CSPC4.XModular-SWUM204.book Page 736 Friday, March 15, 2013 9:24 AM radius-server source-ip Use the radius-server source-ip command in Global Configuration mode to specify the source IP address used for communication with Radius servers. To return to the default, use the no form of this command. 0.0.0.0 is interpreted as a request to use the IP address of the outgoing IP interface. Syntax radius-server source-ip source no radius-server source-ip • source — Specifies the source IP address.
PAGE 737
2CSPC4.XModular-SWUM204.book Page 737 Friday, March 15, 2013 9:24 AM • timeout — Specifies the timeout value in seconds. (Range: 1–30) Default Configuration The default value is 3 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the interval for which a switch waits for a server host to reply to 5 seconds.
PAGE 738
2CSPC4.XModular-SWUM204.book Page 738 Friday, March 15, 2013 9:24 AM Example The following example of the retransmit command specifies five retries. console(config)#radius-server host 192.143.120.123 console(config-radius)#retransmit 5 show aaa servers Use the show aaa servers command to display the list of configured RADIUS servers and the values configured for the global parameters of the RADIUS client.
PAGE 739
2CSPC4.XModular-SWUM204.book Page 739 Friday, March 15, 2013 9:24 AM Field Description Configured Authentication Servers The number of RADIUS Authentication servers that have been configured. Configured Accounting Servers The number of RADIUS Accounting servers that have been configured. Named Authentication Server Groups The number of configured named RADIUS server groups. Named Accounting Server Groups The number of configured named RADIUS server groups.
PAGE 740
2CSPC4.XModular-SWUM204.book Page 740 Friday, March 15, 2013 9:24 AM Global values -------------------------------------------Number of Configured Authentication Servers.... Number of Configured Accounting Servers........ Number of Named Authentication Server Groups... Number of Named Accounting Server Groups....... Number of Retransmits.......................... Timeout Duration............................... Deadtime....................................... Source IP......................................
PAGE 741
2CSPC4.XModular-SWUM204.
PAGE 742
2CSPC4.XModular-SWUM204.book Page 742 Friday, March 15, 2013 9:24 AM Parameter Description hostname Host name of the Radius server host. (Range: 1–158 characters). The command allows spaces in the host name when specified in double quotes. For example, console(config)#snmp-server host "host name" servername The alias used to identify the server. Default Configuration There is no default configuration for this command.
PAGE 743
2CSPC4.XModular-SWUM204.book Page 743 Friday, March 15, 2013 9:24 AM Field Description Malformed Responses The number of malformed RADIUS Accounting Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators or signature attributes or unknown types are not included as malformed accounting responses. Bad Authenticators The number of RADIUS Accounting Response packets containing invalid authenticators received from this accounting server.
PAGE 744
2CSPC4.XModular-SWUM204.book Page 744 Friday, March 15, 2013 9:24 AM Field Description Malformed Access The number of malformed RADIUS Access Response packets Responses received from this server. Malformed packets include packets with an invalid length. Bad authenticators or signature attributes or unknown types are not included as malformed access responses.
PAGE 745
2CSPC4.XModular-SWUM204.book Page 745 Friday, March 15, 2013 9:24 AM Access Accepts................................ 0 Access Rejects................................ 0 Access Challenges............................. 0 Malformed Access Responses.................... 0 Bad Authenticators............................ 0 Pending Requests.............................. 0 Timeouts...................................... 0 Unknown Types................................. 0 Packets Dropped...............................
PAGE 746
2CSPC4.XModular-SWUM204.book Page 746 Friday, March 15, 2013 9:24 AM timeout Use the timeout command in Radius mode to set the timeout value in seconds for the designated Radius server. Syntax timeout timeout • timeout — Timeout value in seconds for the specified server. (Range: 1-30 seconds.) Default Configuration The default value is 3 seconds. Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command.
PAGE 747
2CSPC4.XModular-SWUM204.book Page 747 Friday, March 15, 2013 9:24 AM Default Configuration The default variable setting is all. Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command. Example The following example specifies usage type login. console(config)#radius-server host 192.143.120.
PAGE 748
2CSPC4.XModular-SWUM204.
PAGE 749
2CSPC4.XModular-SWUM204.book Page 749 Friday, March 15, 2013 9:24 AM Spanning Tree Commands 34 The Multiple Spanning Tree Protocol (MSTP) component complies with IEEE 802.1s by efficiently navigating VLAN traffic over separate interfaces for multiple instances of Spanning Tree. IEEE 802.1D, Spanning Tree and IEEE 802.1w, Rapid Spanning Tree are supported through the IEEE 802.1s implementation. The difference between the RSTP and STP (IEEE 802.
PAGE 750
2CSPC4.XModular-SWUM204.book Page 750 Friday, March 15, 2013 9:24 AM port. In this way, the root guard enforces the position of the root bridge. In MSTP scenario the port may be designated in one of the instances while being alternate in the CIST, and so on. Root guard is a per port (not a per port per instance command) configuration so all the MSTP instances this port participates in should not be in root role. STP BPDU Filtering - STP BPDU filtering applies to all operational edge ports.
PAGE 751
2CSPC4.XModular-SWUM204.
PAGE 752
2CSPC4.XModular-SWUM204.book Page 752 Friday, March 15, 2013 9:24 AM exit (mst) Use the exit command in MST mode to exit the MST configuration mode and apply all configuration changes. Syntax exit Default Configuration MST configuration. Command Mode MST mode User Guidelines This command has no user guidelines. Example The following example shows how to exit the MST configuration mode and save changes.
PAGE 753
2CSPC4.XModular-SWUM204.book Page 753 Friday, March 15, 2013 9:24 AM Default Configuration VLANs are mapped to the common and internal spanning tree (CIST) instance (instance 0). Command Mode MST mode User Guidelines Before mapping VLANs to an instance use the spanning-tree mst enable command to enable the instance. All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree (CIST) instance (instance 0) and cannot be unmapped from the CIST.
PAGE 754
2CSPC4.XModular-SWUM204.
PAGE 755
2CSPC4.XModular-SWUM204.book Page 755 Friday, March 15, 2013 9:24 AM console(config-mst)#name region1 revision (mst) Use the revision command in MST mode to identify the configuration revision number. To return to the default setting, use the no form of this command. Syntax revision version no revision • version — Configuration revision number. (Range: 0-65535) Default Configuration Revision number is 0. Command Mode MST mode User Guidelines This command has no user guidelines.
PAGE 756
2CSPC4.XModular-SWUM204.book Page 756 Friday, March 15, 2013 9:24 AM show spanning-tree [detail] [active | blockedports] | [instance instance-id] show spanning-tree mst-configuration Parameter Description Parameter Description detail Displays detailed information. active Displays active ports only. blockedports Displays blocked ports only. mst-configuration Displays the MST configuration identifier. instance -id ID of the spanning -tree instance.
PAGE 757
2CSPC4.XModular-SWUM204.book Page 757 Friday, March 15, 2013 9:24 AM Interfaces Name -----Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 State -------Enabled Enabled Enabled Enabled Prio.Nbr --------128.1 128.2 128.3 128.4 Cost --------20000 0 0 0 Sts ---FWD DIS DIS DIS Role ----Root Disb Disb Disb Restricted ---------No No No No console#show spanning-tree gigabitethernet 1/0/1 Port Gi1/0/1 Enabled State: Forwarding Port id: 128.1 Port Fast: No Designated bridge Priority: 32768 Designated port id: 128.
PAGE 758
2CSPC4.XModular-SWUM204.book Page 758 Friday, March 15, 2013 9:24 AM Port id: 128.1 Root Protection: No Designated bridge Priority: 32768 Designated port id: 128.48 CST Regional Root: 80:00:00:10:18:82:1C:53 BPDU: sent 24, received 500 Port Cost: 20000 Address: 0010.1882.
PAGE 759
2CSPC4.XModular-SWUM204.book Page 759 Friday, March 15, 2013 9:24 AM Regional Root Path Cost: 0 ROOT ID Priority 32768 Address 0010.1882.1C53 Path Cost 20000 Root Port Gi1/0/1 Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 Address 001E.C9AA.AD1B Hello Time 2 Sec Max Age 20 show spanning-tree summary Use the show spanning-tree summary command to display spanning tree settings and parameters for the switch.
PAGE 760
2CSPC4.XModular-SWUM204.book Page 760 Friday, March 15, 2013 9:24 AM Configuration Name Identifier used to identify the configuration currently being used. Configuration Revision Level Identifier used to identify the configuration currently being used. Configuration Digest Key A generated Key used in the exchange of the BPDUs. Configuration Format Selector Specifies the version of the configuration format being used in the exchange of BPDUs. The default value is zero.
PAGE 761
2CSPC4.XModular-SWUM204.book Page 761 Friday, March 15, 2013 9:24 AM no spanning-tree Default Configuration Spanning-tree is enabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables spanning-tree functionality. console(config)#spanning-tree spanning-tree auto-portfast Use the spanning-tree auto-portfast command to set the port to auto portfast mode.
PAGE 762
2CSPC4.XModular-SWUM204.book Page 762 Friday, March 15, 2013 9:24 AM Example The following example enables spanning-tree functionality on gigabit ethernet interface 4/0/1. console#config console(config)#interface gigabitethernet 4/0/1 console(config-if-4/0/1)#spanning-tree auto-portfast spanning-tree bpdu flooding The spanning-tree bpdu flooding command allows flooding of BPDUs received on non-spanning-tree ports to all other non-spanning-tree ports. Use the “no” form of the command to disable flooding.
PAGE 763
2CSPC4.XModular-SWUM204.book Page 763 Friday, March 15, 2013 9:24 AM For an access layer device, the access port is generally connected to the user terminal (such as a desktop computer) or file server directly and configured as an edge port to implement the fast transition. When the port receives a BPDU packet, the system sets it to non-edge port and recalculates the spanning tree, which causes network topology flapping. In normal cases, these ports do not receive any BPDU packets.
PAGE 764
2CSPC4.XModular-SWUM204.book Page 764 Friday, March 15, 2013 9:24 AM Syntax spanning-tree cost cost no spanning-tree cost • cost — The port path cost. (Range: 0–200,000,000) Default Configuration The default cost is 0, which signifies that the cost is automatically calculated based on port speed.
PAGE 765
2CSPC4.XModular-SWUM204.book Page 765 Friday, March 15, 2013 9:24 AM spanning-tree disable Use the spanning-tree disable command in Interface Configuration mode to disable spanning-tree on a specific port. To enable spanning-tree on a port, use the no form of this command. Syntax spanning-tree disable no spanning-tree disable Default Configuration By default, all ports are enabled for spanning-tree.
PAGE 766
2CSPC4.XModular-SWUM204.book Page 766 Friday, March 15, 2013 9:24 AM no spanning-tree forward-time • seconds — Time in seconds. (Range: 4–30) Default Configuration The default forwarding-time for IEEE Spanning-tree Protocol (STP) is 15 seconds. Command Mode Global Configuration mode. User Guidelines When configuring the Forward-Time the following relationship should be satisfied: 2*(Forward-Time - 1) >= Max-Age. Example The following example configures spanning-tree bridge forward time to 25 seconds.
PAGE 767
2CSPC4.XModular-SWUM204.book Page 767 Friday, March 15, 2013 9:24 AM Default Configuration Neither root nor loop guard is enabled. Command Mode Interface Configuration (Ethernet, Port Channel) mode. User Guidelines There are no user guidelines for this command. Example The following example disables spanning-tree guard functionality on gigabit ethernet interface 4/0/1.
PAGE 768
2CSPC4.XModular-SWUM204.book Page 768 Friday, March 15, 2013 9:24 AM Example The following example enables spanning-tree loopguard functionality on all ports. console(config)#spanning-tree loopguard default spanning-tree max-age Use the spanning-tree max-age command in Global Configuration mode to configure the spanning-tree bridge maximum age. To reset the default maximum age, use the no form of this command. Syntax spanning-tree max-age seconds no spanning-tree max-age • seconds -Time in seconds.
PAGE 769
2CSPC4.XModular-SWUM204.book Page 769 Friday, March 15, 2013 9:24 AM spanning-tree max-hops Use the spanning-tree max-hops command to set the MSTP Max Hops parameter to a new value for the common and internal spanning tree. Use the “no” form of this command to reset the Max Hops to the default. Syntax spanning-tree max-hops hops no spanning-tree max-hops • hops — The maximum number of hops to use (Range: 6 to 40). Default Configuration The maximum number of hops is 20 by default.
PAGE 770
2CSPC4.XModular-SWUM204.book Page 770 Friday, March 15, 2013 9:24 AM • mst — Multiple Spanning Tree Protocol (MSTP) is enabled. Default Configuration Rapid Spanning Tree Protocol (RSTP) is supported. Command Mode Global Configuration mode User Guidelines In RSTP mode, the switch would use STP when the neighbor switch is using STP. In MSTP mode, the switch would use RSTP when the neighbor switch is using RSTP and would use STP when the neighbor switch is using STP.
PAGE 771
2CSPC4.XModular-SWUM204.book Page 771 Friday, March 15, 2013 9:24 AM User Guidelines For two or more switches to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number and the same name. Example The following example configures an MST region.
PAGE 772
2CSPC4.XModular-SWUM204.book Page 772 Friday, March 15, 2013 9:24 AM • Port-Channel — 20,000 Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines MST instance id 0 is the common internal spanning tree instance (CIST). Example The following example configures the MSTP instance 1 path cost for interface 1/0/9 to 4.
PAGE 773
2CSPC4.XModular-SWUM204.book Page 773 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines The priority will be set to the nearest multiple of 4096 if not an exact multiple of 4096. Example The following example configures the port priority of gigabit Ethernet interface 1/0/5 to 144.
PAGE 774
2CSPC4.XModular-SWUM204.book Page 774 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines The priority value must be a multiple of 4096. The priority will be set to the nearest multiple of 4096 if not an exact multiple of 4096. The switch with the lowest priority is selected as the root of the spanning tree. Example The following example configures the spanning tree priority of instance 1 to 4096.
PAGE 775
2CSPC4.XModular-SWUM204.book Page 775 Friday, March 15, 2013 9:24 AM User Guidelines This command only applies to access ports. The command is to be used only with interfaces connected to end stations. Otherwise, an accidental topology loop could cause a data packet loop and disrupt switch and network operations. An interface with PortFast mode enabled is moved directly to the spanning tree forwarding state when linkup occurs without waiting the standard forward-time delay.
PAGE 776
2CSPC4.XModular-SWUM204.book Page 776 Friday, March 15, 2013 9:24 AM Example The following example discards BPDUs received on spanning-tree ports in portfast mode. console#spanning-tree portfast bpdufilter default spanning-tree portfast default Use the spanning-tree portfast default command to enable Portfast mode only on access ports. Use the no form of this command to disable Portfast mode on all ports.
PAGE 777
2CSPC4.XModular-SWUM204.book Page 777 Friday, March 15, 2013 9:24 AM spanning-tree port-priority Use the spanning-tree port-priority command in Interface Configuration mode to configure port priority. To reset the default port priority, use the no form of this command. Syntax spanning-tree port-priority priority no spanning-tree port-priority • priority — The port priority. (Range: 0–240) Default Configuration The default port-priority for IEEE STP is 128.
PAGE 778
2CSPC4.XModular-SWUM204.book Page 778 Friday, March 15, 2013 9:24 AM Syntax spanning-tree priority priority no spanning-tree priority • priority — Priority of the bridge. (Range: 0–61440) Default Configuration The default bridge priority for IEEE STP is 32768. Command Mode Global Configuration mode User Guidelines The priority value must be a multiple of 4096. The switch with the lowest priority is the root of the spanning tree. Example The following example configures spanning-tree priority to 12288.
PAGE 779
2CSPC4.XModular-SWUM204.book Page 779 Friday, March 15, 2013 9:24 AM User Guidelines There are no user guidelines for this command. Example The following example configures spanning-tree tcnguard on 4/0/1. console(config-if-4/0/1)#spanning-tree tcnguard spanning-tree transmit hold-count Use the spanning-tree transmit hold-count command to set the maximum number of BPDUs that a bridge is allowed to send within a hello time window (2 seconds).
PAGE 780
2CSPC4.XModular-SWUM204.
PAGE 781
2CSPC4.XModular-SWUM204.book Page 781 Friday, March 15, 2013 9:24 AM 35 TACACS+ Commands TACACS+ provides access control for networked devices via one or more centralized servers, similar to RADIUS this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network. TACACS+ is based on the TACACS protocol (described in RFC1492) but additionally provides for separate authentication, authorization and accounting services.
PAGE 782
2CSPC4.XModular-SWUM204.book Page 782 Friday, March 15, 2013 9:24 AM show tacacs timeout key Use the key command in TACACS Configuration mode to specify the authentication and encryption key for all TACACS communications between the device and the TACACS server. This key must match the key used on the TACACS daemon. Syntax key [key-string] • key-string — To specify the key name. (Range: 1–128 characters) Default Configuration If left unspecified, the key-string parameter defaults to the global value.
PAGE 783
2CSPC4.XModular-SWUM204.book Page 783 Friday, March 15, 2013 9:24 AM Default Configuration The default port number is 49. Command Mode TACACS Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to specify server port number 1200. console(tacacs)#port 1200 priority Use the priority command in TACACS Configuration mode to specify the order in which servers are used, where 0 (zero) is the highest priority.
PAGE 784
2CSPC4.XModular-SWUM204.book Page 784 Friday, March 15, 2013 9:24 AM console(tacacs)#priority 10000 show tacacs Use the show tacacs command in Privileged EXEC mode to display the configuration and statistics of a TACACS+ server. Syntax show tacacs [ip-address] • ip-address — The name or IP address of the host. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 785
2CSPC4.XModular-SWUM204.book Page 785 Friday, March 15, 2013 9:24 AM tacacs-server host Use the tacacs-server host command in Global Configuration mode to configure a TACACS+ server. This command enters into the TACACS+ configuration mode. To delete the specified hostname or IP address, use the no form of this command. Syntax tacacs-server host {ip-address | hostname} no tacacs-server host {ip-address | hostname} • ip-address — The IP address of the TACACS+ server.
PAGE 786
2CSPC4.XModular-SWUM204.book Page 786 Friday, March 15, 2013 9:24 AM tacacs-server key Use the tacacs-server key command in Global Configuration mode to set the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon. To disable the key, use the no form of this command.
PAGE 787
2CSPC4.XModular-SWUM204.book Page 787 Friday, March 15, 2013 9:24 AM tacacs-server timeout Use the tacacs-server timeout command in Global Configuration mode to set the interval during which a switch waits for a server host to reply. To restore the default, use the no form of this command. Syntax tacacs-server timeout [timeout] no tacacs-server timeout • timeout — The timeout value in seconds. (Range: 1–30) Default Configuration The default value is 5 seconds.
PAGE 788
2CSPC4.XModular-SWUM204.book Page 788 Friday, March 15, 2013 9:24 AM Default Configuration If left unspecified, the timeout defaults to the global value. Command Mode TACACS Configuration mode User Guidelines This command has no user guidelines. Example This example shows how to specify the timeout value.
PAGE 789
2CSPC4.XModular-SWUM204.book Page 789 Friday, March 15, 2013 9:24 AM UDLD Commands 36 The UDLD feature detects unidirectional links on physical ports. A unidirectional link is a forwarding anomaly in a Layer 2 communication channel in which a bi-directional link stops passing traffic in one direction. UDLD must be enabled on the both sides of the link in order to detect a unidirectional link. The UDLD protocol operates by exchanging packets containing information about neighboring devices.
PAGE 790
2CSPC4.XModular-SWUM204.book Page 790 Friday, March 15, 2013 9:24 AM recognize only the sending failures on unidirectional links. If all devices in the network support UDLD, this functionality is enough to detect all unidirectional links. Processing UDLD Traffic from Neighbors Every UDLD-capable device collects information about all other UDLDcapable devices. Each device populates UDLD echo packets with collected neighbor information to help neighbors identify unidirectional links.
PAGE 791
2CSPC4.XModular-SWUM204.book Page 791 Friday, March 15, 2013 9:24 AM UDLD will put the port into the shutdown state in the following cases: a When there is a loopback. The device ID and port ID sent out on a port is received back. b UDLD PDU is received from a partner does not have its own details (echo). c Bidirectional connection is established and no UDLD packets are received from the partner device within three times the message interval.
PAGE 792
2CSPC4.XModular-SWUM204.book Page 792 Friday, March 15, 2013 9:24 AM Command Mode Global Config mode User Guidelines This command globally enables UDLD. Interfaces which are not connected or enabled at the Ethernet layer at the time the command is issued will be enabled for UDLD when connected or enabled. udld reset Use the udld reset command in Privileged EXEC mode to reset (enable) all interfaces disabled by UDLD. Syntax udld reset Default Configuration This command has no default configuration.
PAGE 793
2CSPC4.XModular-SWUM204.book Page 793 Friday, March 15, 2013 9:24 AM udld message time Use the udld message time command in Global Config mode to configure the interval between the transmission of UDLD probe messages on ports that are in the advertisement phase. Use the no form of the command to return the message transmission interval to the default value.
PAGE 794
2CSPC4.XModular-SWUM204.book Page 794 Friday, March 15, 2013 9:24 AM Use the no form of the command to return the value to the default setting. Syntax udld timeout interval timeout-interval no udld timeout interval Parameter Description Parameter Description timeout-interval UDLD timeout interval. Range is 5 to 60 seconds. Default Configuration The default timeout interval is 5 seconds.
PAGE 795
2CSPC4.XModular-SWUM204.book Page 795 Friday, March 15, 2013 9:24 AM Command Mode Interface (physical) Config mode User Guidelines UDLD cannot be enabled on a port channel. Instead, enable UDLD on the physical interfaces of a port channel. udld port Use the udld port command in Interface (physical) Config mode to select the UDLD operating mode on a specific interface. Use the no form of the command to reset the operating mode to the default (normal).
PAGE 796
2CSPC4.XModular-SWUM204.book Page 796 Friday, March 15, 2013 9:24 AM show udld Use the show udld command in User EXEC or Privileged EXEC mode to display the global settings for UDLD. Syntax show udld [interface-id|all] Field Description When no interface is specified, the following fields are shown: Field Description Admin Mode The global administrative mode of UDLD. Message Interval The time period (in seconds) between the transmission of UDLD probe packets.
PAGE 797
2CSPC4.XModular-SWUM204.book Page 797 Friday, March 15, 2013 9:24 AM Field Description UDLD Status The status of the link as determined by UDLD. The options are: • Undetermined – UDLD has not collected enough information to determine the state of the port. • Not applicable – UDLD is disabled, either globally or on the port. • Shutdown – UDLD has detected a unidirectional link and shutdown the port. That is, the port is in an errDisabled state. • Bidirectional - UDLD has detected a bidirectional link.
PAGE 798
2CSPC4.XModular-SWUM204.book Page 798 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description Packet Display transmitted and received UDLD packets. Receive Debug packets received by the switch. Transmit Debug packets transmitted by the switch. Events Display UDLD events. Default Configuration By default, debugging is disabled. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
PAGE 799
2CSPC4.XModular-SWUM204.book Page 799 Friday, March 15, 2013 9:24 AM VLAN Commands 37 PowerConnect 802.1Q VLANs are an implementation of the Virtual Local Area Network, specification 802.1Q. Operating at Layer 2 of the OSI model, the VLAN is a means of parsing a single network into logical user groups or organizations as if they physically resided on a dedicated LAN segment of their own. In reality, this virtually defined community may have individual members scattered across a large, extended LAN.
PAGE 800
2CSPC4.XModular-SWUM204.book Page 800 Friday, March 15, 2013 9:24 AM two TPID values can be different or the same. VLAN normalization, source MAC learning, and forwarding are based on the S-TAG value in a received frame. PowerConnect supports configuring one outer VLAN TPID value per switch. The global default TPID is 0x88A8, which indicates a Virtual Metropolitan Area Network (VMAN).
PAGE 801
2CSPC4.XModular-SWUM204.book Page 801 Friday, March 15, 2013 9:24 AM its own VLAN. Additionally, protocol-based classification allows an administrator to assign nonrouting protocols, such as NetBIOS or DECnet, to larger VLANs than routing protocols like IPX or IP. This maximizes the efficiency gains that are possible with VLANs. In port-based VLAN classification, the Port VLAN Identifier (PVID) is associated with the physical ports. The VLAN ID (VID) for an untagged packet is equal to the PVID of the port.
PAGE 802
2CSPC4.XModular-SWUM204.book Page 802 Friday, March 15, 2013 9:24 AM • Isolated VLAN Is a secondary VLAN. It carries traffic from isolated ports to promiscuous ports. Only one isolated VLAN can be configured per private VLAN. • Community VLAN Is a secondary VLAN. It forwards traffic between ports which belong to the same community and to the promiscuous ports. There can be multiple community VLANs per private VLAN.
PAGE 803
2CSPC4.XModular-SWUM204.book Page 803 Friday, March 15, 2013 9:24 AM Figure 37-1. Private VLANs Isolated VLAN An endpoint connected over an isolated VLAN is allowed to communicate with endpoints connected to promiscuous ports only. Endpoints connected to adjacent endpoints over an isolated VLAN cannot communicate with each other.
PAGE 804
2CSPC4.XModular-SWUM204.book Page 804 Friday, March 15, 2013 9:24 AM In order to enable Private VLAN operation across multiple switches which are not stacked, the inter-switch links should carry VLANs which belong to a private VLAN. The trunk ports which connect neighbor switches have to be assigned to the primary, isolated, and community VLANs of a private VLAN. In regular VLANs, ports in the same VLAN switch traffic at L2.
PAGE 805
2CSPC4.XModular-SWUM204.
PAGE 806
2CSPC4.XModular-SWUM204.book Page 806 Friday, March 15, 2013 9:24 AM Default Configuration The default for this command is 802.1Q. The default S-TAG TPID, when double-tagging is enabled, is 0x88A8. The default C-TAG TPID when double vlan tagging is enabled is 0x8100. Command Mode Global Configuration, Interface Configuration mode User Guidelines This command configures the TPID value on the outer VLAN (S-VLAN).
PAGE 807
2CSPC4.XModular-SWUM204.book Page 807 Friday, March 15, 2013 9:24 AM Default Configuration By default, routing is enabled on VLAN 1. However, VLAN 1 does not route packets until an IP address is assigned to the VLAN. DHCP is not enabled on VLAN 1 by default. Command Mode VLAN Configuration or Global Configuration modes User Guidelines Assigning an IP address to a VLAN interface enables routing on the VLAN interface.
PAGE 808
2CSPC4.XModular-SWUM204.book Page 808 Friday, March 15, 2013 9:24 AM User Guidelines Commands used in the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, an error message is displayed and execution continues on other interfaces. Example The following example groups VLAN 221 through 228 and VLAN 889 to execute the commands entered in interface range mode.
PAGE 809
2CSPC4.XModular-SWUM204.book Page 809 Friday, March 15, 2013 9:24 AM Uplink Port Behavior If a single-tagged (SP tagged) or double-tagged (SP tag as outer tag) packet ingresses an uplink port, the switch passes it through unchanged to the respective access or uplink ports. If an untagged or single tagged (802.1Q tagged) packet ingresses an uplink port, the switch tags it with the configured ethertype and service provider VLAN ID taken from the ingress port PVID.
PAGE 810
2CSPC4.XModular-SWUM204.book Page 810 Friday, March 15, 2013 9:24 AM Default Configuration The default VLAN name is default. Command Mode VLAN Configuration mode User Guidelines The VLAN name may include any alphanumeric characters including a space, underscore, or dash. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name.
PAGE 811
2CSPC4.XModular-SWUM204.book Page 811 Friday, March 15, 2013 9:24 AM • groupid — The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command. • vlanid — A valid VLAN ID. Default Configuration This command has no default configuration.
PAGE 812
2CSPC4.XModular-SWUM204.book Page 812 Friday, March 15, 2013 9:24 AM Syntax protocol vlan group groupid no protocol vlan group groupid • groupid — The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command. Default Configuration This command has no default configuration.
PAGE 813
2CSPC4.XModular-SWUM204.book Page 813 Friday, March 15, 2013 9:24 AM Syntax protocol vlan group all groupid no protocol vlan group all groupid • groupid — The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command. Default Configuration This command has no default configuration.
PAGE 814
2CSPC4.XModular-SWUM204.book Page 814 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example shows how to display all interfaces for Double VLAN Tunneling. console#show dvlan-tunnel Interfaces Enabled for DVLAN Tunneling.........
PAGE 815
2CSPC4.XModular-SWUM204.book Page 815 Friday, March 15, 2013 9:24 AM console#show dvlan-tunnel interface 1/0/1 Interface Mode --------- ------- -------------- 1/0/1 Enable EtherType vMAN The following table describes the significant fields shown in the example. Field Description Mode This field specifies the administrative mode through which Double VLAN Tunneling can be enabled or disabled. The default value for this field is disabled. Interface Interface Number.
PAGE 816
2CSPC4.XModular-SWUM204.book Page 816 Friday, March 15, 2013 9:24 AM Parameter Description private-vlan mapping Displays VLAN mapping for the private-VLAN promiscuous ports. Default Configuration This command has no default configuration.
PAGE 817
2CSPC4.XModular-SWUM204.
PAGE 818
2CSPC4.XModular-SWUM204.
PAGE 819
2CSPC4.XModular-SWUM204.
PAGE 820
2CSPC4.XModular-SWUM204.book Page 820 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays the Protocol-Based VLAN information for either the entire system.
PAGE 821
2CSPC4.XModular-SWUM204.book Page 821 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays information for VLAN id 1, 2 and 3.
PAGE 822
2CSPC4.XModular-SWUM204.book Page 822 Friday, March 15, 2013 9:24 AM • mac-address — Specifies the MAC address to be entered in the list. (Range: Any valid MAC address) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example shows no entry in MAC address to VLAN crossreference.
PAGE 823
2CSPC4.XModular-SWUM204.book Page 823 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines The command has no user guidelines. Example The following example shows the case if no IP Subnet to VLAN association exists. console#show vlan association subnet IP Address IP Mask VLAN ID ---------------- ---------------- ------The IP Subnet to VLAN association does not exist.
PAGE 824
2CSPC4.XModular-SWUM204.book Page 824 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This command removes the port from the previous VLAN membership and adds it to the specified VLAN. The no form of the command sets the port VLAN membership to VLAN 1. Example The following example configures interface gi1/0/8 to operate in access mode with a VLAN membership of 23.
PAGE 825
2CSPC4.XModular-SWUM204.book Page 825 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This configuration only applies to ports configured in general mode. Example The following example forbids adding VLAN numbers 234 through 256 to port 1/0/8.
PAGE 826
2CSPC4.XModular-SWUM204.book Page 826 Friday, March 15, 2013 9:24 AM Example The following example configures 1/0/8 to discard untagged frames at ingress. console(config)#interface gigabitethernet 1/0/8 console(config-if-1/0/8)#switchport general acceptable-frame-type tagged-only switchport general allowed vlan Use the switchport general allowed vlan command in Interface Configuration mode to add VLANs to or remove VLANs from a general port.
PAGE 827
2CSPC4.XModular-SWUM204.book Page 827 Friday, March 15, 2013 9:24 AM User Guidelines You can use this command to change the egress rule (for example, from tagged to untagged) without first removing the VLAN from the list. Example The following example shows how to add VLANs 1, 2, 5, and 8 to the allowed list.
PAGE 828
2CSPC4.XModular-SWUM204.book Page 828 Friday, March 15, 2013 9:24 AM switchport general pvid Use the switchport general pvid command in Interface Configuration mode to configure the Port VLAN ID (PVID) when the interface is in general mode. Use the switchport mode general command to set the VLAN membership mode of a port to "general." To configure the default value, use the no form of this command. Syntax switchport general pvid vlan-id no switchport general pvid • vlan-id — PVID.
PAGE 829
2CSPC4.XModular-SWUM204.book Page 829 Friday, March 15, 2013 9:24 AM switchport mode Use the switchport mode command in Interface Configuration mode to configure the VLAN membership mode of a port. To reset the mode to the appropriate default for the switch, use the no form of this command. Syntax switchport mode {access | trunk | general} no switchport mode Parameter Description Parameter Description access An access port connects to a single end station belonging to a single VLAN.
PAGE 830
2CSPC4.XModular-SWUM204.book Page 830 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This command has no user guidelines. Example The following example configures 1/0/5 to access mode.
PAGE 831
2CSPC4.XModular-SWUM204.book Page 831 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description vlan–list Set the list of allowed VLANs that can receive and send traffic on this interface in tagged format when in trunking mode. The default is all. The vlan–list format is as follows: The vlan-list format is all | [add | remove | except] vlan–atom [, vlan–atom...] where: all specifies all VLANs from 1 to 4093.
PAGE 832
2CSPC4.XModular-SWUM204.book Page 832 Friday, March 15, 2013 9:24 AM User Guidelines Untagged traffic received on a trunk port is forwarded on the native VLAN, if configured. To drop untagged traffic on a trunk port, remove the native VLAN from the trunk port. (Ex. switchport trunk allowed vlan remove 1.) Management traffic is still allowed on the trunk port in this configuration. The no form of the command sets the trunk port back to the defaults.
PAGE 833
2CSPC4.XModular-SWUM204.book Page 833 Friday, March 15, 2013 9:24 AM User Guidelines Deleting the VLAN used by an access port will cause that port to become unusable until it is assigned a VLAN that exists. Creating a VLAN adds it to the allowed list for all trunk ports except for those where it is specifically excluded. Example The following example shows how to create (add) VLAN of IDs 22, 23, and 56.
PAGE 834
2CSPC4.XModular-SWUM204.book Page 834 Friday, March 15, 2013 9:24 AM User Guidelines Deleting the VLAN for an access port will cause that port to become unusable until it is assigned a VLAN that exists. Creating a VLAN adds it to the allowed list for all trunk ports except those where it is specifically excluded. Example The following example shows how to create (add) VLAN of IDs 22, 23, and 56.
PAGE 835
2CSPC4.XModular-SWUM204.book Page 835 Friday, March 15, 2013 9:24 AM console(config)# vlan 1 console(config-vlan-1)#vlan association mac 0001.0001.0001 vlan association subnet Use the vlan association subnet command in VLAN Config mode to associate a VLAN to a specific IP-subnet. Only packets with a matching source IP address are placed into the VLAN. Syntax vlan association subnet ip-address subnet-mask no vlan association subnet ip-address subnet-mask • ip-address — Source IP address.
PAGE 836
2CSPC4.XModular-SWUM204.book Page 836 Friday, March 15, 2013 9:24 AM Syntax vlan database Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enters the VLAN database mode.
PAGE 837
2CSPC4.XModular-SWUM204.book Page 837 Friday, March 15, 2013 9:24 AM User Guidelines The dynamic VLAN (created via GRVP) should exist prior to executing this command. See the Type column in output from the show vlan command to determine that the VLAN is dynamic. Example The following changes vlan 3 to a static VLAN. console(config-vlan)#vlan makestatic 3 vlan protocol group Use the vlan protocol group command in Global Configuration mode to add protocol-based groups to the system.
PAGE 838
2CSPC4.XModular-SWUM204.book Page 838 Friday, March 15, 2013 9:24 AM vlan protocol group add protocol Use the vlan protocol group add protocol command in Global Configuration mode to add a protocol to the protocol-based VLAN groups identified by groupid. A group may have more than one protocol associated with it. Each interface and protocol combination can be associated with one group only.
PAGE 839
2CSPC4.XModular-SWUM204.book Page 839 Friday, March 15, 2013 9:24 AM vlan protocol group name This is a new command for assigning a group name to vlan protocol group id. Syntax vlan protocol group name groupid groupName no vlan protocol group name groupid • groupid—The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command.
PAGE 840
2CSPC4.XModular-SWUM204.book Page 840 Friday, March 15, 2013 9:24 AM • groupid — The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
PAGE 841
2CSPC4.XModular-SWUM204.book Page 841 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description host-association Defines VLAN associations for community or host ports. mapping Defines the private VLAN mapping for promiscuous ports. primary-vlan-id Primary VLAN ID of a private VLAN. secondary-vlan-id Secondary (isolated or community) VLAN ID of a private VLAN. add Associates the secondary VLAN with the primary one.
PAGE 842
2CSPC4.XModular-SWUM204.book Page 842 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description host-association Configure the interface as a private VLAN host port. Host ports are community or isolated ports, depending on the VLAN to which they belong. promiscuous Configure the interface as a private VLAN promiscuous port. Promiscuous ports are members of the primary VLAN. Default Configuration This command has no default configuration.
PAGE 843
2CSPC4.XModular-SWUM204.book Page 843 Friday, March 15, 2013 9:24 AM no private-vlan [association] Parameter Description The command displays the following information: Parameter Description association Defines an association between the primary VLAN and secondary VLANs. primary Specify that the selected VLAN is the primary VLAN. community Specify that the selected VLAN is the community VLAN. isolated Specify that the selected VLAN is the isolated VLAN.
PAGE 844
2CSPC4.XModular-SWUM204.book Page 844 Friday, March 15, 2013 9:24 AM VLAN 1 cannot be configured in a private VLAN configuration.
PAGE 845
2CSPC4.XModular-SWUM204.book Page 845 Friday, March 15, 2013 9:24 AM Parameter Description The command displays the following information. Parameter Description Primary Primary VLAN ID. Secondary Secondary VLAN ID. Type Secondary VLAN type. Use the type parameter to display only private VLAN ID and its type. Ports Ports that are associated with a private VLAN. Default Configuration This command has no default setting.
PAGE 846
2CSPC4.XModular-SWUM204.
PAGE 847
2CSPC4.XModular-SWUM204.book Page 847 Friday, March 15, 2013 9:24 AM Voice VLAN Commands 38 The Voice VLAN feature enables switch ports to carry voice traffic with an administrator-defined priority so as to enable prioritization of voice traffic over data traffic. Using Voice VLAN helps to ensure that the sound quality of an IP phone is protected from deterioration when the data traffic utilization on the port is high.
PAGE 848
2CSPC4.XModular-SWUM204.book Page 848 Friday, March 15, 2013 9:24 AM Commands in this Chapter This chapter explains the following commands: voice vlan voice vlan data priority voice vlan (Interface) show voice vlan voice vlan This command is used to enable the voice vlan capability on the switch. Syntax voice vlan no voice vlan Parameter Ranges Not applicable Command Mode Global Configuration Usage Guidelines Not applicable Default Value This feature is disabled by default.
PAGE 849
2CSPC4.XModular-SWUM204.book Page 849 Friday, March 15, 2013 9:24 AM Syntax voice vlan {vlanid | dot1p priority | none | untagged | data priority {trust | untrust} | auth { enable | disable} | dscp dscp} no voice vlan Parameter Description Parameter Description auth Enables/disables authentication on the voice vlan port. data Observe the priority on received voice vlan traffic (trusted mode). dot1p Configure Voice VLAN 802.1p priority tagging for voice traffic.
PAGE 850
2CSPC4.XModular-SWUM204.book Page 850 Friday, March 15, 2013 9:24 AM Example console(config-if-Gi1/0/1)#voice vlan 1 console(config-if-Gi1/0/1)#voice vlan dot1p 1 console(config-if-Gi1/0/1)#voice vlan none console(config-if-Gi1/0/1)#voice vlan untagged voice vlan data priority This command is to either trust or not trust (untrust) the data traffic arriving on the voice VLAN port.
PAGE 851
2CSPC4.XModular-SWUM204.book Page 851 Friday, March 15, 2013 9:24 AM Syntax When the interface parameter is not specified, only the global mode of the voice VLAN is displayed. When the interface parameter is specified, the following is displayed: When the interface parameter is specified: Voice VLAN Mode The admin mode of the voice VLAN on the interface. Voice VLAN ID The voice VLAN ID. Voice VLAN Priority The Dot1p priority for the voice VLAN on the port.
PAGE 852
2CSPC4.XModular-SWUM204.
PAGE 853
2CSPC4.XModular-SWUM204.book Page 853 Friday, March 15, 2013 9:24 AM 39 802.1x Commands Local Area Networks (LANs) are often deployed in environments that permit the attachment of unauthorized devices. The networks also permit unauthorized users to attempt to access the LAN through existing equipment. In such environments, the administrator may desire to restrict access to the services offered by the LAN.
PAGE 854
2CSPC4.XModular-SWUM204.book Page 854 Friday, March 15, 2013 9:24 AM Whenever an operator configures a port in Dot1x authentication mode and selects the authentication method as internal, then the user credentials received from the Dot1x supplicant is validated against the IDAS by Dot1x component. The Dot1x application accesses the Dot1x user database to check whether the user credentials present in the authentication message corresponds to a valid user or not.
PAGE 855
2CSPC4.XModular-SWUM204.book Page 855 Friday, March 15, 2013 9:24 AM Guest VLAN The Guest VLAN feature allows a PowerConnect switch to provide a distinguished service to unauthenticated users (not rogue users who fail authentication). This feature provides a mechanism to allow visitors and contractors to have network access to reach external network with no ability to surf internal LAN. When a client that does not support 802.1X is connected to an unauthorized port that is 802.
PAGE 856
2CSPC4.XModular-SWUM204.book Page 856 Friday, March 15, 2013 9:24 AM client is authenticated and is undisturbed by the failure condition(s). The reasons for failure are logged and buffered into the local logging database such that the operator can track the failure conditions. Clients authenticated when monitor mode is enabled are always assigned to the default VLAN, regardless of the RADIUS assignment.
PAGE 857
2CSPC4.XModular-SWUM204.book Page 857 Friday, March 15, 2013 9:24 AM dot1x system-auth-control show dot1x authentication- – history 802.1x Advanced Features dot1x guest-vlan dot1x unauth-vlan show dot1x advanced dot1x dynamic-vlan enable Use the dot1x dynamic-vlan enable command in Global Configuration mode to enable the capability of creating VLANs dynamically when a RADIUS–assigned VLAN does not exist in the switch. Use the no form of the command to disable this capability.
PAGE 858
2CSPC4.XModular-SWUM204.book Page 858 Friday, March 15, 2013 9:24 AM dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is auto or mac-based. If the control mode is not auto or mac-based, an error will be returned. Syntax dot1x initialize [interface interface-id] Syntax Description Parameter Description interface-id The port to be initialized.
PAGE 859
2CSPC4.XModular-SWUM204.book Page 859 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (Ethernet) mode User Guidelines Authentication of a user via mac-auth-bypass will not occur until the "dot1x time-out guest-vlan-period" timer expires.
PAGE 860
2CSPC4.XModular-SWUM204.book Page 860 Friday, March 15, 2013 9:24 AM Example The following example sets the number of times that the switch sends an EAP-request/identity frame to 6. console(config)# interface gigabitethernet 1/0/16 console(config-if-1/0/16)# dot1x max-req 6 dot1x max-users Use the dot1x max-users command in Interface Configuration mode to set the maximum number of clients supported on the port when MAC-based 802.1X authentication is enabled on the port.
PAGE 861
2CSPC4.XModular-SWUM204.book Page 861 Friday, March 15, 2013 9:24 AM dot1x port-control Use the dot1x port-control command in Interface Configuration mode to enable the IEEE 802.1X operation on the port. Syntax dot1x port-control {force-authorized | force-unauthorized | auto | macbased} no dot1x port-control • auto — Enables 802.1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802.
PAGE 862
2CSPC4.XModular-SWUM204.book Page 862 Friday, March 15, 2013 9:24 AM When configuring a port to use MAC-based authentication, the port must be in switchport general mode. Example The following command enables MAC-based authentication on port 1/0/2 console(config)# interface gigabitethernet 1/0/2 console(config-if-1/0/2)# dot1x port-control mac-based dot1x re-authenticate Use the dot1x re-authenticate command in Privileged EXEC mode to enable manually initiating a re-authentication of all 802.
PAGE 863
2CSPC4.XModular-SWUM204.book Page 863 Friday, March 15, 2013 9:24 AM dot1x reauthentication Use the dot1x reauthentication command in Interface Configuration mode to enable periodic re-authentication of the client. To return to the default setting, use the no form of this command. Syntax dot1x reauthentication no dot1x reauthentication Default Configuration Periodic re-authentication is disabled. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines.
PAGE 864
2CSPC4.XModular-SWUM204.book Page 864 Friday, March 15, 2013 9:24 AM Default Configuration The default for this command is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables 802.1x globally. console(config)# dot1x system-auth-control dot1x system-auth-control monitor Use the dot1x system-auth-control monitor command in Global Configuration mode to enable 802.1x monitor mode globally.
PAGE 865
2CSPC4.XModular-SWUM204.book Page 865 Friday, March 15, 2013 9:24 AM Example The following example enables 802.1x globally. console(config)# dot1x system-auth-control monitor dot1x timeout guest-vlan-period Use the dot1x timeout guest-vlan-period command in Interface Configuration mode to set the number of seconds that the switch waits before authorizing the client if the client is a dot1x unaware client. Use the no form of the command to return the timeout to the default value.
PAGE 866
2CSPC4.XModular-SWUM204.book Page 866 Friday, March 15, 2013 9:24 AM dot1x timeout quiet-period Use the dot1x timeout quiet-period command in Interface Configuration mode to set the number of seconds that the switch remains in the quiet state following a failed authentication exchange (for example, the client provided an invalid password). To return to the default setting, use the no form of this command.
PAGE 867
2CSPC4.XModular-SWUM204.book Page 867 Friday, March 15, 2013 9:24 AM dot1x timeout re-authperiod Use the dot1x timeout re-authperiod command in Interface Configuration mode to set the number of seconds between re-authentication attempts. To return to the default setting, use the no form of this command. Syntax dot1x timeout re-authperiod seconds no dot1x timeout re-authperiod • seconds — Number of seconds between re-authentication attempts.
PAGE 868
2CSPC4.XModular-SWUM204.book Page 868 Friday, March 15, 2013 9:24 AM Syntax dot1x timeout server-timeout seconds no dot1x timeout server-timeout • seconds — Time in seconds that the switch waits for a response from the authentication server. (Range: 1–65535) Default Configuration The period of time is set to 30 seconds.
PAGE 869
2CSPC4.XModular-SWUM204.book Page 869 Friday, March 15, 2013 9:24 AM Default Configuration The period of time is set to 30 seconds. Command Mode Interface Configuration (Ethernet) mode User Guidelines Change the default value of this command only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers.
PAGE 870
2CSPC4.XModular-SWUM204.book Page 870 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (Ethernet) mode User Guidelines Change the default value of this command only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. Example The following command sets the number of seconds that the switch waits for a response to an EAP-request/identity frame to 3600 seconds.
PAGE 871
2CSPC4.XModular-SWUM204.book Page 871 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines If you do not use the optional parameters, the command displays the global dot1x mode and the VLAN Assignment mode. Field Description Administrative Mode Indicates whether authentication control on the switch is enabled or disabled.
PAGE 872
2CSPC4.XModular-SWUM204.book Page 872 Friday, March 15, 2013 9:24 AM Parameter Description The following table explains the output parameters. Parameter Description Time Stamp Exact time at which the event occurs. Interface Physical Port on which the event occurs. MAC-Address Supplicant/Client MAC Address VLAN assigned VLAN assigned to the client/port on authentication. VLAN assigned Reason Type of VLAN ID assigned i.
PAGE 873
2CSPC4.XModular-SWUM204.book Page 873 Friday, March 15, 2013 9:24 AM due to Guest VLAN Timer Expiry. ...... ......
PAGE 874
2CSPC4.XModular-SWUM204.book Page 874 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description interface–id Any valid interface. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines The following fields are displayed by this command.
PAGE 875
2CSPC4.XModular-SWUM204.book Page 875 Friday, March 15, 2013 9:24 AM Field Description Filter ID The Filter ID assigned to the client by the RADIUS server. This field is not applicable when the Filter-ID feature is disabled on the RADIUS server and client. VLAN Assigned The VLAN assigned to the client by the radius server. When VLAN assignments are disabled, RADIUS server does not assign any VLAN to the port, and this field is set to 0.
PAGE 876
2CSPC4.XModular-SWUM204.book Page 876 Friday, March 15, 2013 9:24 AM Session Termination Action..................... Default show dot1x interface This command shows the status of MAC Authentication Bypass. This feature is an extension of Dot1x Option 81 feature added in Power Connect Release 2.1. to accept a VLAN name as an alternative to a number when RADIUS indicates the Tunnel-Private-Group-ID for a supplicant.
PAGE 877
2CSPC4.XModular-SWUM204.book Page 877 Friday, March 15, 2013 9:24 AM Transmit Period................................ 30 Maximum Requests............................... 2 Max Users...................................... 16 VLAN Assigned.................................. Supplicant Timeout............................. 30 Guest-vlan Timeout............................. 30 Server Timeout (secs).......................... 30 MAB mode (configured).......................... Disabled MAB mode (operational)..........
PAGE 878
2CSPC4.XModular-SWUM204.book Page 878 Friday, March 15, 2013 9:24 AM EAPOL Frames Received.......................... 0 EAPOL Frames Transmitted....................... 0 EAPOL Start Frames Received.................... 0 EAPOL Logoff Frames Received................... 0 Last EAPOL Frame Version....................... 0 Last EAPOL Frame Source........................ 0000.0000.0000 EAP Response/Id Frames Received................ 0 EAP Response Frames Received...................
PAGE 879
2CSPC4.XModular-SWUM204.book Page 879 Friday, March 15, 2013 9:24 AM Field Description InvalidEapolFramesRx The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized. EapLengthErrorFramesRx The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid. LastEapolFrameVersion The protocol version number carried in the most recently received EAPOL frame.
PAGE 880
2CSPC4.XModular-SWUM204.book Page 880 Friday, March 15, 2013 9:24 AM --------- --------1/0/1 Bob 1/0/2 John Switch# show dot1x users username Bob Port Username --------- --------1/0/1 Bob The following table describes the significant fields shown in the display: Field Description Username The username representing the identity of the Supplicant. Port The port that the user is using.
PAGE 881
2CSPC4.XModular-SWUM204.book Page 881 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example console#clear dot1x authentication-history Purge all entries from the log. console#clear dot1x authentication-history gi1/0/1 Purge all entries for the specified interface from the log. 802.1x Advanced Features dot1x guest-vlan Use the dot1x guest-vlan command in Interface Configuration mode to set the guest VLAN on a port. The VLAN must already have been defined.
PAGE 882
2CSPC4.XModular-SWUM204.book Page 882 Friday, March 15, 2013 9:24 AM Example The following example sets the guest VLAN on port 1/0/2 to VLAN 10. console(config-if-1/0/2)#dot1x guest-vlan 10 dot1x unauth-vlan Use the dot1x unauth-vlan command in Interface Configuration mode to specify the unauthenticated VLAN on a port. The unauthenticated VLAN is the VLAN to which supplicants that fail 802.1X authentication are assigned.
PAGE 883
2CSPC4.XModular-SWUM204.book Page 883 Friday, March 15, 2013 9:24 AM Multiple Hosts column and add an Unauthenticated VLAN column, which indicates whether an unauthenticated VLAN is configured on a port. The command has also been updated to show the Guest VLAN ID (instead of the status) since it is now configurable per port. Syntax show dot1x advanced [{gigabitethernet unit/slot/port| tengigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
PAGE 884
2CSPC4.XModular-SWUM204.book Page 884 Friday, March 15, 2013 9:24 AM console#show dot1x advanced gigabitethernet 1/0/2 Port Guest Unauthenticated VLAN --------1/0/2 884 --------10 802.
PAGE 885
2CSPC4.XModular-SWUM204.book Page 885 Friday, March 15, 2013 9:24 AM 40 Data Center Technology Commands NOTE: Fiber Channel over Ethernet (FCoE) commands are only supported on the PCM8024-k switch. CLI commands and Dell OpenManage Switch Administrator pages are not available for other switch models.
PAGE 886
2CSPC4.XModular-SWUM204.
PAGE 887
2CSPC4.XModular-SWUM204.book Page 887 Friday, March 15, 2013 9:24 AM 41 Data Center Bridging Commands NOTE: Fiber Channel over Ethernet (FCoE) commands are only supported on the PCM8024-k switch. CLI commands and Dell OpenManage Switch Administrator pages are not available for other switch models. NOTE: Data Center Bridging Exchange Protocol The Data Center Bridging Exchange Protocol (DCBX) is used by DCB devices to exchange configuration information with directly connected peers.
PAGE 888
2CSPC4.XModular-SWUM204.book Page 888 Friday, March 15, 2013 9:24 AM Enhanced Transmission Selection Overview In a typical switch or router, each physical port supports one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria.
PAGE 889
2CSPC4.XModular-SWUM204.book Page 889 Friday, March 15, 2013 9:24 AM The CoS queue feature provides a method to configure Traffic Class Groups (TCGs) to extend the CoS queue management. Multiple CoS queues can be mapped to a single TCG. Each TCG can have a configured minimum guaranteed bandwidth allocation and a scheduling algorithm similar to the CoS queue configuration. The TCG scheduling and bandwidth enforcement occurs after the CoS queue scheduling and bandwidth enforcement is performed.
PAGE 890
2CSPC4.XModular-SWUM204.book Page 890 Friday, March 15, 2013 9:24 AM The mapping between the ingress port’s 802.1p priority and TCG is not direct. The mapping depends upon: • The CoS map defining the CoS queue that a packet is egress forwarded for the ingress 802.1p priority. • Traffic Class Group map defining the CoS queue to TCG mapping. The indirect mapping between the 802.1p priorities and the associated Traffic Class Group mapping is advertised by DCBX as part of ETS TLVs.
PAGE 891
2CSPC4.XModular-SWUM204.book Page 891 Friday, March 15, 2013 9:24 AM DCBX is used to learn about the capabilities of the peer device. It is a means to determine if the peer device supports a particular feature such as PFC. • DCB feature misconfiguration detection DCBX can be used to detect misconfiguration of a feature between the peers on a link. Misconfiguration detection is feature-specific because some features may allow asymmetric configuration.
PAGE 892
2CSPC4.XModular-SWUM204.book Page 892 Friday, March 15, 2013 9:24 AM 1 Manual 2 Auto-Upstream 3 Auto-Downstream 4 Configuration Source Manual Ports operating in the Manual role do not have their configuration affected by peer devices or by internal propagation of configuration. These ports have their operational mode and TC and bandwidth information specified explicitly by the operator. These ports will advertise their configuration to their peer if DCBX is enabled on that port.
PAGE 893
2CSPC4.XModular-SWUM204.book Page 893 Friday, March 15, 2013 9:24 AM propagate configuration to other ports internally. Auto-upstream ports that receive internally propagated information ignore their local configuration and utilize the internally propagated information. Peer configurations received on auto-upstream ports other than the configuration source result in one of two possibilities.
PAGE 894
2CSPC4.XModular-SWUM204.book Page 894 Friday, March 15, 2013 9:24 AM is desirable to receive configuration information, it is strongly recommended that the auto-up setting be used on the physical interfaces in the port channel in preference to the configuration source parameter. Configuration Source Port Selection Process When an auto-upstream or auto-downstream port receives a configuration from a peer, the DCBX client first checks if there is an active configuration source.
PAGE 895
2CSPC4.XModular-SWUM204.book Page 895 Friday, March 15, 2013 9:24 AM When a configuration source is selected, local ETS and PFC configuration for all auto-up, auto-down and config-source ports is overridden by the configuration received from the configuration source.
PAGE 896
2CSPC4.XModular-SWUM204.book Page 896 Friday, March 15, 2013 9:24 AM Data Center Bridging Capability Exchange Commands datacenter-bridging Use the datacenter-bridging command for an ethernet interface in order to enter the DataCenterBridging mode. Priority-Flow-Control is configurable from within the DataCenterBridging mode. Syntax datacenter-bridging Default Configuration This command has no default configuration.
PAGE 897
2CSPC4.XModular-SWUM204.book Page 897 Friday, March 15, 2013 9:24 AM lldp dcbx version Use the lldp dcbx version command in Global Configuration mode to configure the administrative version for the Data Center Bridging Capability Exchange (DCBX) protocol. This command enables the switch to support a specific version of the DCBX protocol or to detect the peer version and match it. DCBX can be configured to operate in IEEE mode or CEE mode or CIN mode.
PAGE 898
2CSPC4.XModular-SWUM204.book Page 898 Friday, March 15, 2013 9:24 AM User Guidelines In auto mode, the switch will attempt to jump start the exchange by sending an IEEE frame, followed by a CEE frame followed by a CIN frame. The switch will parse the received response and immediately switch to the peer version. Because LLDP is a link local protocol, it cannot be configured on a port channel or VLAN interface. It is recommended that all ports configured in a port channel utilize the same LLDP configuration.
PAGE 899
2CSPC4.XModular-SWUM204.book Page 899 Friday, March 15, 2013 9:24 AM Parameter Description Pfc Transmit the PFC configuration TLV. Application-priority Transmit the application priority TLV. Congestionnotification Transmit the congestion notification TLV. Default Configuration The default value is to transmit all DCBX TLVs as received from the autoconfiguration configuration source port. In manual mode, the default is to transmit all DCBX TLVs per the switch (global or interface) configuration.
PAGE 900
2CSPC4.XModular-SWUM204.book Page 900 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description Manual Ports operating in the ‘Manual’ role do not have their configuration affected by peer devices or by internal propagation of configuration. These ports will advertise their configuration to their peer if DCBX is enabled on that port. The willing bit is set to disabled on manual role ports.
PAGE 901
2CSPC4.XModular-SWUM204.book Page 901 Friday, March 15, 2013 9:24 AM User Guidelines In order to reduce configuration flapping, ports that obtain configuration information from a configuration source port will maintain that configuration for 2x the LLDP time out, even if the configuration source port becomes operationally disabled.
PAGE 902
2CSPC4.XModular-SWUM204.
PAGE 903
2CSPC4.XModular-SWUM204.book Page 903 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example #1 DCBX Status: console# show lldp dcbx interface all status Interface Status Role Version Config DCBX DCBX Rx Errors Dscrd Tx Frame TLV Dscrd ---------- ------- -------- -------- ------ ------ ------ ------ ----- te1/0/1 Enabled Auto-up CEE 1.06 Yes 32 37 0 0 te1/0/2 Enabled Auto-up IEEE 32 37 0 0 te2/0/1 Enabled Auto-dn CIN 1.
PAGE 904
2CSPC4.XModular-SWUM204.book Page 904 Friday, March 15, 2013 9:24 AM console# show lldp dcbx interface te1/0/1 Interface te1/0/1 DCBX Admin Status: Enabled Configured Version: Auto-detect Peer DCBX Version: CIN Version 1.0 Peer MAC: 00:23:24:A4:21:03 Peer Description: Cisco Nexus 5020 IOS Version 5.
PAGE 905
2CSPC4.XModular-SWUM204.
PAGE 906
2CSPC4.XModular-SWUM204.
PAGE 907
2CSPC4.XModular-SWUM204.book Page 907 Friday, March 15, 2013 9:24 AM Enhanced Transmission Selection (ETS) Commands NOTE: classofservice traffic-class-group This command maps the internal Traffic Class to an internal Traffic Class Group (TCG). The Traffic Class can range from 0-6, although the actual number of available traffic classes depends on the platform. Use the no form of this command to return system (Global Config mode) or interface (Interface Config mode) to the default mapping.
PAGE 908
2CSPC4.XModular-SWUM204.book Page 908 Friday, March 15, 2013 9:24 AM User Guidelines For a given Traffic Class, a value specified in Interface Config mode only affects a single interface, whereas a change in Global Config mode is applied to all interfaces. The Interface Config mode command is only available on platforms that support independent per-port class of service mappings. Ports that are configured to use the DCBX auto-configuration roles (auto-up or auto-down) have their ETS settings overridden.
PAGE 909
2CSPC4.XModular-SWUM204.book Page 909 Friday, March 15, 2013 9:24 AM Syntax traffic-class-group max-bandwidth … no traffic-class-group max-bandwidth Parameter Description Parameter Description bw-0..7 The maximum percentage bandwidth to be transmitted by the TCG. Range 0 to 100. Default Configuration The default maximum bandwidth for all TCGs is 0% (unlimited).
PAGE 910
2CSPC4.XModular-SWUM204.book Page 910 Friday, March 15, 2013 9:24 AM The maximum bandwidth limits may be used with either a weighted or strict priority scheduling scheme. Note that a value of 0 (the default) implies an unrestricted upper transmission limit, which is similar to 100%, although there may be subtle operational differences depending on how the device handles a no limit case versus limit to 100%.
PAGE 911
2CSPC4.XModular-SWUM204.book Page 911 Friday, March 15, 2013 9:24 AM User Guidelines This command specified in Global Config mode setting is applied to all interfaces. Each bw-x value is a percentage that ranges from 0 to 100 in increments of 1. All n bandwidth values must be specified with this command, and their combined sum must not exceed 100%.
PAGE 912
2CSPC4.XModular-SWUM204.book Page 912 Friday, March 15, 2013 9:24 AM no traffic-class-group strict Parameter Description Parameter Description tcg-id The TCG identifier. Range is 0 to 2. Default Configuration The default scheduling mode for all TCGs is weighted scheduling. Command Mode Global Config mode, Interface Config mode User Guidelines This command specified in Interface Config mode only affects a single interface, whereas the Global Config mode setting is applied to all interfaces.
PAGE 913
2CSPC4.XModular-SWUM204.book Page 913 Friday, March 15, 2013 9:24 AM Example The following example demonstrates how to set TCGs 1 and 2 to strict priority scheduling. console(config)# traffic-class-group strict 1 2 traffic-class-group weight Use the traffic-class-group weight command in Global Config or Interface Config mode to specify the scheduling weight for each TCG.
PAGE 914
2CSPC4.XModular-SWUM204.book Page 914 Friday, March 15, 2013 9:24 AM User Guidelines This command specified in Interface Config mode only affects a single interface, whereas the Global Config mode setting is applied to all interfaces. The Interface Config mode command is only available on platforms that support independent per-port class of service queue configuration. The weight percentage is not considered for Traffic Class Groups that are configured for strict priority scheduling.
PAGE 915
2CSPC4.XModular-SWUM204.book Page 915 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode User Guidelines The parameter is optional. If specified, the TCG mapping table of the interface is displayed. If omitted, the global configuration settings are displayed (these may have been subsequently overridden by per-port configuration). Traffic class group 7 is reserved by the system and is not shown.
PAGE 916
2CSPC4.XModular-SWUM204.book Page 916 Friday, March 15, 2013 9:24 AM Syntax show interfaces traffic-class-group [] Parameter Description Parameter Description interface-id A valid physical interface specifier. Default Configuration The default is to show the global traffic class group configuration. Command Mode Privileged EXEC mode User Guidelines The parameter is optional. If specified, the TCG mapping table of the interface is displayed.
PAGE 917
2CSPC4.XModular-SWUM204.book Page 917 Friday, March 15, 2013 9:24 AM Field Description Scheduler Type Indicates whether this queue is scheduled for transmission using a strict priority or a weighted scheme. Strict priority scheduler is to provide lower latency to the higher CoS classes of traffic. Weighted scheduling is a round robin mechanism with weights associated to each CoS class of traffic. This is a configured value. Weight Percentage The weight of the TCG used during non-strict scheduling.
PAGE 918
2CSPC4.XModular-SWUM204.
PAGE 919
2CSPC4.XModular-SWUM204.book Page 919 Friday, March 15, 2013 9:24 AM FIP Snooping Commands 42 NOTE: Fiber Channel over Ethernet (FCoE) commands are only supported on the PCM8024-kswitch. CLI commands and Dell OpenManage Switch Administrator pages are not available for other switch models. The FCoE Initialization Protocol (FIP) is used to perform the functions of FC_BB_E device discovery, initialization and maintenance.
PAGE 920
2CSPC4.XModular-SWUM204.book Page 920 Friday, March 15, 2013 9:24 AM feature fip-snooping 2 Configure a VLAN and enable it for FIP Snooping. The example below sets up ports 1 through 16 (CNA connected ports) and port 24 (FCF connected port) to use VLAN 100 and enables VLAN 100 for FIP snooping. VLAN 1 is used for the establishment of FIP sessions by default. This step disables routing on VLAN 1.
PAGE 921
2CSPC4.XModular-SWUM204.book Page 921 Friday, March 15, 2013 9:24 AM fip-snooping enable show fip-snooping sessions fip-snooping fc-map show fip-snooping statistics fip-snooping port-mode show fip-snooping vlan show fip-snooping clear fip-snooping statistics show fip-snooping enode – feature fip-snooping Use the feature fip-snooping command in Global Configuration mode to globally enable Fibre Channel over Ethernet Initialization Protocol (FIP) snooping on the switch.
PAGE 922
2CSPC4.XModular-SWUM204.book Page 922 Friday, March 15, 2013 9:24 AM When FIP snooping is enabled, FC-BB-5 Annex D ACLs are installed on the switch and FIP frames are snooped. FIP snooping will not allow FIP or Fiber Channel over Ethernet (FCoE) frames to be forwarded over a port until the port is operationally enabled for PFC. VLAN tagging must be enabled on the interface in order to carry the dot1p values through the network.
PAGE 923
2CSPC4.XModular-SWUM204.book Page 923 Friday, March 15, 2013 9:24 AM This command can only be entered after FIP snooping is enabled using the feature fip-snooping command. Otherwise, it does not appear in the CLI syntax tree. Example The following example enables FIP snooping on VLANs 2, 3,...8. s1(config)#vlan 2-8 s1(config-vlan)#fip-snooping enable fip-snooping fc-map Use the fip-snooping fc-map command in VLAN Configuration mode to configure the FP-MAP value on a VLAN.
PAGE 924
2CSPC4.XModular-SWUM204.book Page 924 Friday, March 15, 2013 9:24 AM This command can only be entered after FIP snooping is enabled using the feature fip-snooping command. Otherwise, it does not appear in the CLI syntax tree. Example The following example configures an FC map value of 0x100 on VLAN 208.
PAGE 925
2CSPC4.XModular-SWUM204.book Page 925 Friday, March 15, 2013 9:24 AM User Guidelines It is recommended that FCF-facing ports be placed into auto-upstream mode in order to receive DCBX information and propagate it to the CNAs on the downstream (host-facing) ports. Interfaces enabled for PFC should be configured in trunk or general mode and must be PFC-operationally enabled before FCoE traffic can pass over the port.
PAGE 926
2CSPC4.XModular-SWUM204.book Page 926 Friday, March 15, 2013 9:24 AM Parameter Description Global Mode FIP snooping configuration status on the switch. It displays Enable when FIP snooping is enabled on the switch and Disable when FIP snooping is disabled on the switch. FCoE VLAN List List of VLAN IDs on which FIP snooping is enabled. FCFs Number of FCFs discovered on the switch. ENodes Number of Enodes discovered on the switch. Sessions Total virtual sessions on the switch.
PAGE 927
2CSPC4.XModular-SWUM204.book Page 927 Friday, March 15, 2013 9:24 AM Sessions: 10 Max VLANs: 8 Max FCFs in VLAN: Max ENodes: 4 312 Max Sessions: 1024 show fip-snooping enode Use the show fip-snooping enode command in User EXEC or Privileged EXEC mode to display information about the interfaces connected to ENodes. Syntax show fip-snooping enode [enode-mac] Parameter Description Parameter Description enode-mac MAC address of the enode to display.
PAGE 928
2CSPC4.XModular-SWUM204.book Page 928 Friday, March 15, 2013 9:24 AM Parameter Description NameID Name of the ENode. FIP-MAC MAC address of the ENode. FCID Fiber channel ID number of the virtual port that was created by FCF when the ENode logged into the network. Sessions Established Number of successful virtual connections established. The following additional information is displayed when the optional argument is supplied.
PAGE 929
2CSPC4.XModular-SWUM204.book Page 929 Friday, March 15, 2013 9:24 AM The sample output of the command below displays with the optional argument supplied.
PAGE 930
2CSPC4.XModular-SWUM204.book Page 930 Friday, March 15, 2013 9:24 AM User Guidelines The following information is displayed when no FCF mac argument is supplied. Parameter Description Interface Interface to which the FCF is connected. VLAN ID number of the VLAN to which the FCF belongs. No. of ENodes Total number of ENodes that are connected to the FCF. FPMA/SPMA Type of the MAC address for ENode as negotiated by the FCF. FCMAP FCMAP value used by the FCF. FCF-MAC MAC address of the FCF.
PAGE 931
2CSPC4.XModular-SWUM204.book Page 931 Friday, March 15, 2013 9:24 AM Parameter Description Priority The Priority returned from the FCF in the Solicited Discovery Advertisement. This indicates the Priority that has been manually assigned to the FCF. FKA-ADV FIP keepalive interval (FKA_ADV_PERIOD) in seconds configured on the FCF multiplied by five. For example, if the FKA_ADV period configured on the FCF is 80 seconds, the value of this field is 400.
PAGE 932
2CSPC4.XModular-SWUM204.
PAGE 933
2CSPC4.XModular-SWUM204.book Page 933 Friday, March 15, 2013 9:24 AM Parameter Description FC-ID Fiber Channel ID of the virtual port that was created by the FCF when the ENode VN_Port did a FLOGI/NPIV/FDISC request. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command can only be entered after FIP snooping is enabled using the feature fip-snooping command.
PAGE 934
2CSPC4.XModular-SWUM204.book Page 934 Friday, March 15, 2013 9:24 AM Parameter Description ENodes Number of ENodes discovered. Sessions Total virtual sessions in FCoE VLAN. FCF Information Interface Interface on which the FCF is discovered. MAC MAC address of the FCF. ENodes Total number of ENodes that are connected to the FCF. Sessions Total number of virtual sessions accepted by FCF in the associated VLAN. ENode Information Interface Interface to which the ENode is connected.
PAGE 935
2CSPC4.XModular-SWUM204.book Page 935 Friday, March 15, 2013 9:24 AM Parameter Description State This is the state of the virtual session. The state is displayed as Tentative during the process of ENode login to FCF (using FLOGI or FDESC). It displays Active after ENode and FCF establish a successful virtual connection. Session-Time Time elapsed after this successful virtual session is established by ENode with FCF.
PAGE 936
2CSPC4.XModular-SWUM204.book Page 936 Friday, March 15, 2013 9:24 AM Example #2 The sample command output below displays when the detail option is specified.
PAGE 937
2CSPC4.XModular-SWUM204.book Page 937 Friday, March 15, 2013 9:24 AM 0e:fc:11:ad:00:03 FDESC(1,1) 232 FPMA ACTIVE 0d, 01h, 02m ----------------- FDESC(1,1) --- FPMA TENTATIVE ------------ Example #3 The sample command output below displays sessions between specified FCF and ENode.
PAGE 938
2CSPC4.XModular-SWUM204.book Page 938 Friday, March 15, 2013 9:24 AM show fip-snooping statistics Use the show fip-snooping statistics command in User EXEC or Privileged EXEC mode to display the statistics of the FIP packets snooped in the VLAN or on an interface. If the optional (VLAN or interface) argument is not given, this command displays the statistics for all of the FIP snooping enabled VLANs.
PAGE 939
2CSPC4.XModular-SWUM204.book Page 939 Friday, March 15, 2013 9:24 AM Packet Counter Description UDS Number of Unicast Discovery Solicitation messages snooped on the VLAN. FLOGI Number of Fabric Logins snooped on the VLAN. FDISC Number of fabric discovery logins snooped on the VLAN. LOGO Number of Fabric Logouts on the VLAN. VNPort-keep-alive Number of VN_Port keepalive messages snooped on the VLAN. MDA Number of Multicast Discovery Advertisement messages snooped on the VLAN.
PAGE 940
2CSPC4.XModular-SWUM204.book Page 940 Friday, March 15, 2013 9:24 AM Other Counters Description Number of Sessions Number of session create requests that are denied for the new denied with ENode ENode as the number of ENodes reached the maximum limit allowed in the system. Number of Sessions Number of sessions that are denied to be created as the number denied with System of sessions reached the maximum allowed in the system.
PAGE 941
2CSPC4.XModular-SWUM204.
PAGE 942
2CSPC4.XModular-SWUM204.
PAGE 943
2CSPC4.XModular-SWUM204.
PAGE 944
2CSPC4.XModular-SWUM204.book Page 944 Friday, March 15, 2013 9:24 AM Number of Sessions denied with System limit: 21 Example #3 Below is the sample command output with optional interface argument supplied.
PAGE 945
2CSPC4.XModular-SWUM204.
PAGE 946
2CSPC4.XModular-SWUM204.book Page 946 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command can only be entered after FIP snooping is enabled using the feature fip-snooping command. Otherwise, it does not appear in the CLI syntax tree.
PAGE 947
2CSPC4.XModular-SWUM204.book Page 947 Friday, March 15, 2013 9:24 AM Syntax clear fip-snooping statistics [vlan vlan-id] | [interface interface-id] Parameter Description Parameter Description vlan-id A VLAN on which FIP snooping is enabled. interface-id An interface belonging to a VLAN on which FIP snooping is enabled. Default Configuration This command has no default configuration.
PAGE 948
2CSPC4.XModular-SWUM204.
PAGE 949
2CSPC4.XModular-SWUM204.book Page 949 Friday, March 15, 2013 9:24 AM 43 Priority Flow Control Commands NOTE: Fiber Channel over Ethernet (FCoE) commands are only supported on the PCM8024-k switch. CLI commands and Dell OpenManage Switch Administrator pages are not available for other switch models. Priority Flow Control (PFC) provides a means of pausing frames based on individual priorities on a single physical link.
PAGE 950
2CSPC4.XModular-SWUM204.book Page 950 Friday, March 15, 2013 9:24 AM addition to the headroom. With two no-drop priorities per interface and static allocations, there is only about 30 percent of the buffer space available for normal forwarding behavior. The effective default behavior on an interface enabled for PFC without a nodrop priority is that no flow control (legacy or PFC) is enabled. If the user enables PFC but does not create any no-drop priorities, the interface will not be lossless.
PAGE 951
2CSPC4.XModular-SWUM204.book Page 951 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description on Enable PFC on the interface. off Disable PFC on the interface. Default Configuration Priority-flow-control mode is off (disabled) by default. Command Mode Datacenter-Bridging Config mode User Guidelines PFC must be enabled before FIP snooping can operate over the interface. Use the no form of the command to return the mode to the default (off).
PAGE 952
2CSPC4.XModular-SWUM204.book Page 952 Friday, March 15, 2013 9:24 AM priority-flow-control priority Use the priority-flow-control priority command in Datacenter-Bridging Config mode to enable the priority group for lossless (no-drop) or lossy (drop) behavior on the selected interface. Up to two lossless priorities can be enabled on an interface. Use the no form of the command to return all priorities to their default lossy behavior.
PAGE 953
2CSPC4.XModular-SWUM204.book Page 953 Friday, March 15, 2013 9:24 AM s1(config-if-Te1/0/1)#datacenter-bridging s1(config-if-dcb)#priority-flow-control mode on s1(config-if-dcb)#priority-flow-control priority 1 no-drop clear priority-flow-control statistics Use the clear priority-flow-control statistics command to clear all or interface Priority-Flow-Control statistics. Syntax clear priority-flow-control statistics [ethernet interface ] • interface — A valid Ethernet port.
PAGE 954
2CSPC4.XModular-SWUM204.book Page 954 Friday, March 15, 2013 9:24 AM Parameter Description This command uses an optional interface parameter. Parameter Description interface-id A valid Ethernet port identifier. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Examples The following examples show the priority flow control status and statistics.
PAGE 955
2CSPC4.XModular-SWUM204.
PAGE 956
2CSPC4.XModular-SWUM204.
PAGE 957
2CSPC4.XModular-SWUM204.book Page 957 Friday, March 15, 2013 9:24 AM 44 Layer 3 Commands The chapters that follow describe commands that conform to the OSI model’s Network Layer (Layer 3). Layer 3 commands perform a series of exchanges over various data links to deliver data between any two nodes in a network. These commands define the addressing and routing structure of the Internet.
PAGE 958
2CSPC4.XModular-SWUM204.
PAGE 959
2CSPC4.XModular-SWUM204.book Page 959 Friday, March 15, 2013 9:24 AM ARP Commands 45 When a host has an IP packet to send on an Ethernet network, it must encapsulate the IP packet in an Ethernet frame. The Ethernet header requires a destination MAC address. If the destination IP address is on the same network as the sender, the sender uses the Address Resolution Protocol (ARP) to determine the MAC address associated with destination IP address.
PAGE 960
2CSPC4.XModular-SWUM204.book Page 960 Friday, March 15, 2013 9:24 AM ARP Aging Dynamic entries in the ARP cache are aged. When an entry for a neighbor router reaches its maximum age, the system sends an ARP request to the neighbor router to renew the entry. Entries for neighbor routers should remain in the ARP cache as long as the neighbor continues to respond to ARP requests. ARP cache entries for neighbor hosts are renewed more selectively.
PAGE 961
2CSPC4.XModular-SWUM204.book Page 961 Friday, March 15, 2013 9:24 AM Syntax arp ip-address hardware-address no arp ip-address • ip-address — IP address of a device on a subnet attached to an existing routing interface. • hardware-address — A unicast MAC address for that device. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
PAGE 962
2CSPC4.XModular-SWUM204.book Page 962 Friday, March 15, 2013 9:24 AM – PCM6348 384–6144 – PCM8024/PCM8024-k 384–4096 Default Configuration The default value is always the upper limit. Command Mode Global Configuration mode User Guidelines The ARP cache size is dependant on the switching hardware used. Values different from the default given above may exist in a given switch model. Example The following example defines an arp cachesize of 500.
PAGE 963
2CSPC4.XModular-SWUM204.book Page 963 Friday, March 15, 2013 9:24 AM User Guidelines When an ARP entry reaches its maximum age, the system must decide whether to retain or delete the entry. If the entry has recently been used to forward data packets, the system will renew the entry by sending an ARP request to the neighbor. If the neighbor responds, the age of the ARP cache entry is reset to 0 without removing the entry from the hardware.
PAGE 964
2CSPC4.XModular-SWUM204.book Page 964 Friday, March 15, 2013 9:24 AM • ip-address — The IP address to be removed from ARP cache. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example removes the specified IP address from arp cache. console#arp purge 192.168.1.
PAGE 965
2CSPC4.XModular-SWUM204.book Page 965 Friday, March 15, 2013 9:24 AM Example The following example defines a response time-out of 5 seconds. console(config)#arp resptime 5 arp retries Use the arp retries command in Global Configuration mode to configure the ARP count of maximum requests for retries. To return to the default value, use the no form of this command. Syntax arp retries integer no arp retries • integer — The maximum number of requests for retries.
PAGE 966
2CSPC4.XModular-SWUM204.book Page 966 Friday, March 15, 2013 9:24 AM Syntax arp timeout integer no arp timeout • integer — The IP ARP entry ageout time. (Range: 15-21600 seconds) Default Configuration The default value is 1200 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines 900 seconds as the timeout.
PAGE 967
2CSPC4.XModular-SWUM204.book Page 967 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example clears all entries ARP of type dynamic, including gateway, from ARP cache. console#clear arp-cache gateway clear arp-cache management Use the clear arp-cache management command to clear all entries that show as management arp entries in the show arp command.
PAGE 968
2CSPC4.XModular-SWUM204.book Page 968 Friday, March 15, 2013 9:24 AM Dynamic Renew Mode....................... Disable Total Entry Count Current / Peak...... 0 / 0 Static Entry Count Configured / Active / Max.. 0 / 0 / 128 Type Age --------------- IP Address ----------------- MAC Address -------------- Interface -------- ----------- 10.27.20.241 001A.A0FF.F662 Management Dynamic n/a 10.27.20.243 0019.B9D1.
PAGE 969
2CSPC4.XModular-SWUM204.book Page 969 Friday, March 15, 2013 9:24 AM next hops in its route to the destination are through interfaces other than the interface that received the ARP request. Use the no form of the command to disable proxy ARP on a router interface. Syntax ip proxy-arp no ip proxy-arp Default Configuration Enabled is the default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines The ip proxy-arp command is not available in interface range mode.
PAGE 970
2CSPC4.XModular-SWUM204.book Page 970 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode User EXEC and Privileged EXEC modes, Config mode and all Config submodes User Guidelines The show arp command will display static (user-configured) ARP entries regardless of whether they are reachable over an interface or not. Example The following example shows show arp command output.
PAGE 971
2CSPC4.XModular-SWUM204.book Page 971 Friday, March 15, 2013 9:24 AM 46 DHCP Server and Relay Agent Commands DHCP is based on the Bootstrap Protocol (BOOTP). It also captures the behavior of BOOTP relay agents and DHCP participants can inter operate with BOOTP participants. The host RFC’s standardize the configuration parameters which can be supplied by the DHCP server to the client. After obtaining parameters via DHCP, a DHCP client should be able to exchange packets with any other host in the Internet.
PAGE 972
2CSPC4.XModular-SWUM204.book Page 972 Friday, March 15, 2013 9:24 AM • Internet access cost is greatly reduced by using automatic assignment as Static IP addresses are considerably more expensive to purchase than are automatically allocated IP addresses. • Using DHCP a centralized management policy can be implemented as the DHCP server keeps information about all the subnets. This allows a system operator to update a single server when configuration changes take place.
PAGE 973
2CSPC4.XModular-SWUM204.book Page 973 Friday, March 15, 2013 9:24 AM Syntax ip dhcp pool [pool-name] no ip dhcp pool [pool-name] Parameter Description Parameter Description pool-name The name of an existing or new DHCP address pool. The pool name can be up to 31 characters in length and can contain the following characters: a-z, A-Z, 0-9, ’-’, ’_’, ’ ’. Enclose the entire pool name in quotes if an embedded blank is to appear in the pool name.
PAGE 974
2CSPC4.XModular-SWUM204.book Page 974 Friday, March 15, 2013 9:24 AM • Client DNS server – dns-server • NetBIOS WINS Server – netbios-name-server • NetBIOS Node Type – netbios-node-type • Client default router – default-router • Client address lease time – lease Administrators may also configure manual bindings for clients using the host command in DHCP Pool Configuration mode.
PAGE 975
2CSPC4.XModular-SWUM204.book Page 975 Friday, March 15, 2013 9:24 AM console(config-dhcp-pool)#netbios-name-server 192.168.22.2 192.168.23.2 console(config-dhcp-pool)#netbios-node-type h-node console(config-dhcp-pool)#lease 2 12 console(config-dhcp-pool)#default-router 192.168.22.1 192.168.23.1 bootfile Use the bootfile command in DHCP Pool Configuration mode to set the name of the image for the DHCP client to load. Use the no form of the command to remove the bootfile configuration.
PAGE 976
2CSPC4.XModular-SWUM204.book Page 976 Friday, March 15, 2013 9:24 AM clear ip dhcp binding Use the clear ip dhcp binding command in Privileged EXEC mode to remove automatic DHCP server bindings. Syntax clear ip dhcp binding {ip-address | *} Parameter Description Parameter Description * Clear all automatic dhcp bindings. ip-address Clear a specific binding. Default Configuration The command has no default configuration.
PAGE 977
2CSPC4.XModular-SWUM204.book Page 977 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description * Clear all dhcp conflicts. ip-address Clear a specific address conflict. Default Configuration The command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
PAGE 978
2CSPC4.XModular-SWUM204.book Page 978 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode DHCP Pool Configuration mode User Guidelines For Microsoft DHCP clients, the identifier consists of the media type followed by the MAC address of the client. The media type 01 indicates Ethernet media. Use the show ip dhcp pool command to display pool configuration parameters.
PAGE 979
2CSPC4.XModular-SWUM204.book Page 979 Friday, March 15, 2013 9:24 AM Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The client name should not include the domain name as it is specified separately by the domain-name (IP DHCP Pool Config) command. It is not recommended to use embedded blanks in client names. Example console(config-dhcp-pool)#client-identifier 01:03:13:18:22:33:11 console(config-dhcp-pool)#host 192.168.
PAGE 980
2CSPC4.XModular-SWUM204.book Page 980 Friday, March 15, 2013 9:24 AM Command Mode DHCP Pool Configuration mode User Guidelines This command has no user guidelines. Example console(config-dhcp-pool)#default-router 192.168.22.1 192.168.23.1 dns-server (IP DHCP Pool Config) Use the dns-server command in IP DHCP Pool Configuration mode to set the IP DNS server address which is provided to a DHCP client by the DHCP server. DNS server address is configured for stateless server support.
PAGE 981
2CSPC4.XModular-SWUM204.book Page 981 Friday, March 15, 2013 9:24 AM domain-name (IP DHCP Pool Config) Use the domain-name command in IP DHCP Pool Configuration mode to set the DNS domain name which is provided to a DHCP client by the DHCP server. The DNS name is an alphanumeric string up to 255 characters in length. Use the no form of the command to remove the domain name. Syntax domain-name domain no domain-name domain • domain — DHCP domain name.
PAGE 982
2CSPC4.XModular-SWUM204.book Page 982 Friday, March 15, 2013 9:24 AM Default Configuration There are no default MAC address manual bindings. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. It may be necessary to use the no host command prior to executing the no hardware-address command. Example console(config-dhcp-pool)#hardware-address 00:23:12:43:23:54 console(config-dhcp-pool)#host 192.168.21.
PAGE 983
2CSPC4.XModular-SWUM204.book Page 983 Friday, March 15, 2013 9:24 AM Default Configuration The default is a 1 day lease. Command Mode DHCP Pool Configuration mode User Guidelines Use the client-identifier or hardware-address command prior to using this command for an address pool. Use the show ip dhcp pool command to display pool configuration parameters. Example console(config-dhcp-pool)#client-identifier 00:23:12:43:23:54 console(config-dhcp-pool)#host 192.168.21.
PAGE 984
2CSPC4.XModular-SWUM204.book Page 984 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console#ip dhcp bootp automatic ip dhcp conflict logging Use the ip dhcp conflict logging command in Global Configuration mode to enable DHCP address conflict detection. Use the no form of the command to disable DHCP conflict logging.
PAGE 985
2CSPC4.XModular-SWUM204.book Page 985 Friday, March 15, 2013 9:24 AM ip dhcp excluded-address Use the ip dhcp excluded-address command in Global Configuration mode to exclude one or more DHCP addresses from automatic assignment. Use the no form of the command to allow automatic address assignment for the specified address or address range.
PAGE 986
2CSPC4.XModular-SWUM204.book Page 986 Friday, March 15, 2013 9:24 AM ip dhcp ping packets Use the ip dhcp ping packets command in Global Configuration mode to configure the number of pings sent to detect if an address is in use prior to assigning an address from the DHCP pool. If neither ping is answered, the DHCP server presumes the address is not in use and assigns the selected IP address.
PAGE 987
2CSPC4.XModular-SWUM204.book Page 987 Friday, March 15, 2013 9:24 AM lease Use the lease command in DHCP Pool Configuration mode to set the period for which a dynamically assigned DHCP address is valid. Use the infinite parameter to indicate that addresses are to be automatically assigned. Use the no form of the command to return the lease configuration to the default. Use the show ip dhcp pool command to display pool configuration parameters.
PAGE 988
2CSPC4.XModular-SWUM204.book Page 988 Friday, March 15, 2013 9:24 AM Example console(config-dhcp-pool)#lease 1 12 59 netbios-name-server Use the netbios-name-server command in DHCP Pool Configuration mode to configure the IPv4 address of the Windows Internet Naming Service (WINS) for a Microsoft DHCP client. Use the no form of the command to remove the NetBIOS name server configuration. Syntax netbios-name-server ip-address [ip-address2...
PAGE 989
2CSPC4.XModular-SWUM204.book Page 989 Friday, March 15, 2013 9:24 AM netbios-node-type Use the netbios-node-type command in DHCP Pool Configuration mode to set the NetBIOS node type for a Microsoft DHCP client. Use the no form of the command to remove the netbios node configuration. Syntax netbios-node-type type no netbios-node-type Parameter Description Parameter Description type The NetBIOS node type can be b-node, h-node, m-node or pnode.
PAGE 990
2CSPC4.XModular-SWUM204.book Page 990 Friday, March 15, 2013 9:24 AM network Use the network command in IP DHCP Pool Configuration mode to define a pool of IPv4 addresses for distributing to clients. Syntax network network-number [mask | prefix-length] Parameter Description Parameter Description network-number A valid IPv4 address mask A valid IPv4 network mask with contiguous left-aligned bits.
PAGE 991
2CSPC4.XModular-SWUM204.book Page 991 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description ip-address The IPv4 address of the TFTP server to use during autoconfiguration. Default Configuration There is no default IPv4 next server configured. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters.
PAGE 992
2CSPC4.XModular-SWUM204.book Page 992 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description code The DHCP TLV option code. ascii string1 An ASCII character string. Strings with embedded blanks must be wholly contained in quotes. hex string1 A hexadecimal string containing the characters [0-9A-F]. The string should not begin with 0x. A hex string consists of two characters which are parsed to fill a single byte. Multiple values are separated by blanks.
PAGE 993
2CSPC4.XModular-SWUM204.book Page 993 Friday, March 15, 2013 9:24 AM Figure 46-1.
PAGE 994
2CSPC4.XModular-SWUM204.book Page 994 Friday, March 15, 2013 9:24 AM Figure 46-1.
PAGE 995
2CSPC4.XModular-SWUM204.book Page 995 Friday, March 15, 2013 9:24 AM Figure 46-1.
PAGE 996
2CSPC4.XModular-SWUM204.book Page 996 Friday, March 15, 2013 9:24 AM Default Configuration The service is disabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. sntp Use the sntp command in DHCP Pool Configuration mode to set the IPv4 address of the NTP server to be used for time synchronization of the client. Use the no form of the command to remove the NTP server configuration.
PAGE 997
2CSPC4.XModular-SWUM204.book Page 997 Friday, March 15, 2013 9:24 AM Example console(config-dhcp-pool)#sntp 192.168.21.2 show ip dhcp binding Use the show ip dhcp binding command in Privileged EXEC mode to display the configured DHCP bindings. Syntax show ip dhcp binding [address] Parameter Description Parameter Description address A valid IPv4 address Default Configuration The command has no default configuration.
PAGE 998
2CSPC4.XModular-SWUM204.book Page 998 Friday, March 15, 2013 9:24 AM show ip dhcp conflict Use the show ip dhcp conflict command in User EXEC mode to display DHCP address conflicts for all relevant interfaces or a specified interface. If an interface is specified, the optional statistics parameter is available to view statistics for the specified interface.
PAGE 999
2CSPC4.XModular-SWUM204.book Page 999 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example console#show ip dhcp server statistics show ip dhcp pool Use the show ip dhcp pool command in User EXEC or Privileged EXEC mode to display the configured DHCP pool or pools.
PAGE 1000
2CSPC4.XModular-SWUM204.book Page 1000 Friday, March 15, 2013 9:24 AM show ip dhcp server statistics Use the show ip dhcp server statistics command in Privileged EXEC mode to display the DHCP server binding and message counters. Syntax show ip dhcp server statistics Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration.
PAGE 1001
2CSPC4.XModular-SWUM204.book Page 1001 Friday, March 15, 2013 9:24 AM DHCP RELEASE................................... 32 DHCP INFORM.................................... 0 Messages Sent ---------- ------ DHCP OFFER..................................... 132 DHCP ACK....................................... 132 DHCP NACK......................................
PAGE 1002
2CSPC4.XModular-SWUM204.
PAGE 1003
2CSPC4.XModular-SWUM204.
PAGE 1004
2CSPC4.XModular-SWUM204.book Page 1004 Friday, March 15, 2013 9:24 AM Examples The following examples clears DHCPv6 statistics for VLAN 11. console#clear ipv6 dhcp interface vlan 11 statistics\ dns-server (IPv6 DHCP Pool Config) Use the dns-server command in IPv6 DHCP Pool Configuration mode to set the IPv6 DNS server address which is provided to a DHCPv6 client by the DHCPv6 server. DNS server address is configured for stateless server support.
PAGE 1005
2CSPC4.XModular-SWUM204.book Page 1005 Friday, March 15, 2013 9:24 AM Syntax domain-name domain no domain-name domain • domain — DHCPv6 domain name. (Range: 1–255 characters) Default Configuration This command has no default configuration. Command Mode IPv6 DHCP Pool Configuration mode User Guidelines DHCPv6 pool can have multiple number of domain names with maximum of 8. Example The following example sets the DNS domain name "test", which is provided to a DHCPv6 client by the DHCPv6 server.
PAGE 1006
2CSPC4.XModular-SWUM204.book Page 1006 Friday, March 15, 2013 9:24 AM • pool-name — DHCPv6 pool name. (Range: 1-31 characters) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enters IPv6 DHCP Pool Configuration mode.
PAGE 1007
2CSPC4.XModular-SWUM204.book Page 1007 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN, Tunnel) mode User Guidelines If relay-address is an IPv6 global address, then relay-interface is not required. If relay-address is a link-local or multicast address, then relay-interface is required.
PAGE 1008
2CSPC4.XModular-SWUM204.book Page 1008 Friday, March 15, 2013 9:24 AM • pref-value — Preference value —used by clients to determine preference between multiple DHCPv6 servers. (Range: 0-4294967295) Default Configuration The default preference value is 20. Rapid commit is not enabled by default. Command Mode Interface Configuration (VLAN, Tunnel) mode User Guidelines An IP interface (VLAN) can be configured in DHCP relay mode or DHCP server mode.
PAGE 1009
2CSPC4.XModular-SWUM204.book Page 1009 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description prefix/prefix-length Delegated IPv6 prefix. client-DUID Client DUID (e.g. 00:01:00:09:f8:79:4e:00:04:76:73:43:76'). hostname Client hostname used for logging and tracing. (Range: 0-31 characters.) The command allows spaces in the host name when specified in double quotes. For example, console(config)#snmp-server host "host name" valid-lifetime Valid lifetime for delegated prefix.
PAGE 1010
2CSPC4.XModular-SWUM204.book Page 1010 Friday, March 15, 2013 9:24 AM The following example defines a unique local address prefix with the MAC address 00:1D:BA:06:37:64 converted to EUI-64 format and a preferred lifetime of 5 days. console(config-dhcp6s-pool)#prefix-delegation fc00::/7 00:1D:BA:FF:FE:06:37:64 preferred-lifetime 43200 service dhcpv6 Use the service dhcpv6 command in Global Configuration mode to enable local IPv6 DHCP server on the switch.
PAGE 1011
2CSPC4.XModular-SWUM204.book Page 1011 Friday, March 15, 2013 9:24 AM show ipv6 dhcp Use the show ipv6 dhcp command in Privileged EXEC mode to display the DHCPv6 server name and status. Syntax show ipv6 dhcp Syntax Description This command has no arguments or keywords. Default Configuration This command has no default configuration.
PAGE 1012
2CSPC4.XModular-SWUM204.book Page 1012 Friday, March 15, 2013 9:24 AM • ipv6-address — Valid IPv6 address. Default Configuration This command has no default configuration. Command Mode Privileged EXEC and User EXEC modes, Config mode and all Config submodes User Guidelines This command has no user guidelines. Example The following example displays the configured DHCP pool based on the entered IPv6 address.
PAGE 1013
2CSPC4.XModular-SWUM204.book Page 1013 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config submodes User Guidelines Statistics are shown depending on the interface mode (relay, server, or client). Examples The following examples display DHCPv6 information for VLAN 11 when configured in relay mode. console> show ipv6 dhcp interface vlan 11 IPv6 Interface.................................
PAGE 1014
2CSPC4.XModular-SWUM204.book Page 1014 Friday, March 15, 2013 9:24 AM DHCPv6 Inform Packets Received................. 0 DHCPv6 Relay-forward Packets Received.......... 0 DHCPv6 Relay-reply Packets Received............ 0 DHCPv6 Malformed Packets Received.............. 0 Received DHCPv6 Packets Discarded.............. 0 Total DHCPv6 Packets Received.................. 0 DHCPv6 Advertisement Packets Transmitted....... 0 DHCPv6 Reply Packets Transmitted............... 0 DHCPv6 Reconfig Packets Transmitted......
PAGE 1015
2CSPC4.XModular-SWUM204.book Page 1015 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command shows the DHCP status. Information displayed depends on the mode. The command output provides the following information for an interface configured in client mode. Not all fields will be shown for an inactive client. Term Description Mode Displays whether the specified interface is in Client, Relay, or Server mode.
PAGE 1016
2CSPC4.XModular-SWUM204.book Page 1016 Friday, March 15, 2013 9:24 AM Term Description Expiry Time The time (in seconds) when the DHCPv6 leased address expires. Example The following example shows the output from this command when the device has leased an IPv6 address from the DHCPv6 server on interface 1/0/1. NOTE: Note that the interface is in client mode. console#show ipv6 dhcp interface vlan 2 IPv6 Interface................................. Vl2 Mode...........................................
PAGE 1017
2CSPC4.XModular-SWUM204.book Page 1017 Friday, March 15, 2013 9:24 AM Server Preference.............................. 20 Option Flags................................... console#show ipv6 dhcp interface vlan 10 statistics DHCPv6 Server Interface Vl10 Statistics DHCPv6 Solicit Packets Received................ 0 DHCPv6 Request Packets Received................ 0 DHCPv6 Confirm Packets Received................ 0 DHCPv6 Renew Packets Received.................. 0 DHCPv6 Rebind Packets Received.................
PAGE 1018
2CSPC4.XModular-SWUM204.book Page 1018 Friday, March 15, 2013 9:24 AM Total DHCPv6 Packets Transmitted...................... 0 show ipv6 dhcp pool Use the show ipv6 dhcp pool command in Privileged EXEC mode to display the configured DHCP pool. Syntax show ipv6 dhcp pool poolname • poolname — Name of the pool. (Range: 1-32 characters) Default Configuration This command has no default configuration.
PAGE 1019
2CSPC4.XModular-SWUM204.book Page 1019 Friday, March 15, 2013 9:24 AM Command Mode User EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays the DHCPv6 server name and status. console> show ipv6 dhcp statistics DHCPv6 Interface Global Statistics -----------------------------------DHCPv6 Solicit Packets Received................ 0 DHCPv6 Request Packets Received................ 0 DHCPv6 Confirm Packets Received..........
PAGE 1020
2CSPC4.XModular-SWUM204.book Page 1020 Friday, March 15, 2013 9:24 AM DHCPv6 Relay-forward Packets Transmitted....... 0 Total DHCPv6 Packets Transmitted...............
PAGE 1021
2CSPC4.XModular-SWUM204.book Page 1021 Friday, March 15, 2013 9:24 AM 48 DVMRP Commands Distance Vector Multicast Routing Protocol (DVMRP) is a dense mode multicast protocol and is most appropriate for use in networks where bandwidth is relatively plentiful and there is at least one multicast group member in each subnet. DVMRP assumes that all hosts are part of a multicast group until it is informed of multicast group changes.
PAGE 1022
2CSPC4.XModular-SWUM204.book Page 1022 Friday, March 15, 2013 9:24 AM Default Configuration Disabled is the default configuration. Command Mode Global Configuration Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets VLAN 15’s administrative mode of DVMRP to active.
PAGE 1023
2CSPC4.XModular-SWUM204.book Page 1023 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example configures a metric of 5 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip dvmrp metric 5 show ip dvmrp Use the show ip dvmrp command in Privileged EXEC mode to display the system-wide information for DVMRP. Syntax show ip dvmrp Default Configuration This command has no default condition.
PAGE 1024
2CSPC4.XModular-SWUM204.book Page 1024 Friday, March 15, 2013 9:24 AM DVMRP INTERFACE STATUS Interface Interface Mode Protocol State --------- -------------- -------------- show ip dvmrp interface Use the show ip dvmrp interface command in Privileged EXEC mode to display the interface information for DVMRP on the specified interface. Syntax show ip dvmrp interface vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default condition.
PAGE 1025
2CSPC4.XModular-SWUM204.book Page 1025 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default condition. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays the neighbor information for DVMRP. console(config)#show ip dvmrp neighbor No neighbors available.
PAGE 1026
2CSPC4.XModular-SWUM204.book Page 1026 Friday, March 15, 2013 9:24 AM Example The following example displays the next hop information on outgoing interfaces for routing multicast datagrams. console(config)#show ip dvmrp nexthop Next Hop Source IP Source Mask Interface Type -------------- -------------- --------- ------ show ip dvmrp prune Use the show ip dvmrp prune command in Privileged EXEC mode to display the table that lists the router’s upstream prune information.
PAGE 1027
2CSPC4.XModular-SWUM204.book Page 1027 Friday, March 15, 2013 9:24 AM show ip dvmrp route Use the show ip dvmrp route command in Privileged EXEC mode to display the multicast routing information for DVMRP. Syntax show ip dvmrp route Default Configuration This command has no default condition. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays the multicast routing information for DVMRP.
PAGE 1028
2CSPC4.XModular-SWUM204.
PAGE 1029
2CSPC4.XModular-SWUM204.book Page 1029 Friday, March 15, 2013 9:24 AM 44 GMRP Commands The GARP Multicast Registration Protocol provides a mechanism that allows networking devices to dynamically register (and de-register) Group membership information with the MAC networking devices attached to the same segment, and for that information to be disseminated across all networking devices in the bridged LAN that support Extended Filtering Services.
PAGE 1030
2CSPC4.XModular-SWUM204.book Page 1030 Friday, March 15, 2013 9:24 AM The registration and de-registration of membership results in the multicast table being updated with a new entry or the existing entry modified. This ensures that the networking device receives multicast frames from all ports but forwards them through only those ports for which GMRP has created Group registration entry (for that multicast address).
PAGE 1031
2CSPC4.XModular-SWUM204.book Page 1031 Friday, March 15, 2013 9:24 AM User Guidelines IGMP snooping is incompatible with GMRP and must be disabled on any VLANs running GMRP. Example In this example, GMRP is globally enabled. console(config)#gmrp enable show gmrp configuration Use the show gmrp configuration command in Global Configuration mode and Interface Configuration mode to display GMRP configuration.
PAGE 1032
2CSPC4.XModular-SWUM204.
PAGE 1033
2CSPC4.XModular-SWUM204.book Page 1033 Friday, March 15, 2013 9:24 AM IGMP Commands 45 Internet Group Management Protocol (IGMP) is the multicast group membership discovery protocol used for IPv4 multicast groups. Three versions of IGMP exist. Versions one and two are widely deployed. Since IGMP is used between end systems (often desktops) and the multicast router, the version of IGMP required depends on the end-user operating system being supported.
PAGE 1034
2CSPC4.XModular-SWUM204.book Page 1034 Friday, March 15, 2013 9:24 AM IGMPv2 introduced a Leave Group message, which is sent by a host when it leaves a multicast group for which it was the last host to send an IGMP Report message. Receipt of this message causes the Querier possibly to reduce the remaining lifetime of its state for the group, and to send a groupspecific IGMP Query message to the multicast group.
PAGE 1035
2CSPC4.XModular-SWUM204.book Page 1035 Friday, March 15, 2013 9:24 AM Syntax ip igmp no ip igmp Default Configuration Disabled is the default state. Command Mode Global Configuration mode User Guidelines A multicast routing protocol (e.g. PIM) should be enabled whenever IGMP is enabled. L3 IP multicast must be enabled for IGMP to operate. Example The following example globally enables IGMP.
PAGE 1036
2CSPC4.XModular-SWUM204.book Page 1036 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets 10 as the number of VLAN 2 Group-Specific Queries.
PAGE 1037
2CSPC4.XModular-SWUM204.book Page 1037 Friday, March 15, 2013 9:24 AM Example The following example configures 2 seconds as the Maximum Response Time inserted in VLAN 15’s Group-Specific Queries. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp last-member-query-interval 20 ip igmp query-interval Use the ip igmp query-interval command in Interface Configuration mode to configure the query interval for the specified interface.
PAGE 1038
2CSPC4.XModular-SWUM204.book Page 1038 Friday, March 15, 2013 9:24 AM ip igmp query-max-response-time Use the ip igmp query-max-response-time command in Internet Configuration mode to configure the maximum response time interval for the specified interface. It is the maximum query response time advertised in IGMPv2 queries on this interface. The time interval is specified in seconds. Syntax ip igmp query-max-response-time seconds no ip igmp query-max-response-time • seconds — Maximum response time.
PAGE 1039
2CSPC4.XModular-SWUM204.book Page 1039 Friday, March 15, 2013 9:24 AM Syntax ip igmp robustness robustness no ip igmp robustness • robustness — Robustness variable. (Range: 1-255) Default Configuration The default robustness value is 2. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example configures a robustness value of 10 for VLAN 15.
PAGE 1040
2CSPC4.XModular-SWUM204.book Page 1040 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets for VLAN 15 the number of queries sent out on startup at 10.
PAGE 1041
2CSPC4.XModular-SWUM204.book Page 1041 Friday, March 15, 2013 9:24 AM Example The following example sets at 10 seconds the interval between general queries sent at startup for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp startup-query-interval 10 ip igmp version Use the ip igmp version command in Interface Configuration mode to configure the version of IGMP for an interface. Syntax ip igmp version version • version — IGMP version.
PAGE 1042
2CSPC4.XModular-SWUM204.book Page 1042 Friday, March 15, 2013 9:24 AM Syntax show ip igmp Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays system-wide IGMP information. console#show ip igmp IGMP Admin Mode............................. Enabled IGMP Router-Alert check.....................
PAGE 1043
2CSPC4.XModular-SWUM204.book Page 1043 Friday, March 15, 2013 9:24 AM Syntax show ip igmp groups [interface-type interface-number] [detail] Syntax Description Parameter Description interface-type interface-number Interface type of VLAN and a valid VLAN ID. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 1044
2CSPC4.XModular-SWUM204.book Page 1044 Friday, March 15, 2013 9:24 AM Syntax Description Parameter Description interface-type interface-number Interface type of VLAN and a valid VLAN ID. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays IGMP information for VLAN 11. console#show ip igmp vlan 11 Interface........
PAGE 1045
2CSPC4.XModular-SWUM204.book Page 1045 Friday, March 15, 2013 9:24 AM show ip igmp membership Use the show ip igmp membership command in Privileged EXEC mode to display the list of interfaces that have registered in the multicast group. If detail is specified, this command displays detailed information about the listed interfaces. Syntax show ip igmp membership [groupaddr] [detail] • groupaddr — Group IP address Default Configuration This command has no default configuration.
PAGE 1046
2CSPC4.XModular-SWUM204.book Page 1046 Friday, March 15, 2013 9:24 AM • vlan-id — Valid VLAN ID Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Examples The following example displays the IGMP statistical information for VLAN 7. console#show ip igmp interface stats vlan 7 Querier Status............................... Querier Querier IP Address........................
PAGE 1047
2CSPC4.XModular-SWUM204.book Page 1047 Friday, March 15, 2013 9:24 AM Default Value The Router-Alert option is not required by default. Command Mode Global Configuration Usage Guidelines If the router alert check is enabled, IGMP frames without the router-alert option in the IP header are discarded early in the processing of IGMP packets.
PAGE 1048
2CSPC4.XModular-SWUM204.
PAGE 1049
2CSPC4.XModular-SWUM204.book Page 1049 Friday, March 15, 2013 9:24 AM IGMP Proxy Commands 46 IGMP Proxy is used by the router on IPv4 systems to enable the system to issue IGMP host messages on behalf of hosts that the system discovered through standard IGMP router interfaces, thus acting as proxy to all its hosts residing on its router interfaces. PowerConnect supports IGMP Version 3, Version 2 and Version 1.
PAGE 1050
2CSPC4.XModular-SWUM204.book Page 1050 Friday, March 15, 2013 9:24 AM Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example enables the IGMP Proxy on the VLAN 15 router.
PAGE 1051
2CSPC4.XModular-SWUM204.book Page 1051 Friday, March 15, 2013 9:24 AM Example The following example resets the host interface status parameters of the IGMP Proxy router. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp-proxy reset-status ip igmp-proxy unsolicit-rprt-interval Use the ip igmp-proxy unsolicit-rprt-interval command in Interface Configuration mode to set the unsolicited report interval for the IGMP Proxy router.
PAGE 1052
2CSPC4.XModular-SWUM204.book Page 1052 Friday, March 15, 2013 9:24 AM show ip igmp-proxy Use the show ip igmp-proxy command in Privileged EXEC mode to display a summary of the host interface status parameters. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp-proxy Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 1053
2CSPC4.XModular-SWUM204.book Page 1053 Friday, March 15, 2013 9:24 AM Proxy Start Frequency........................ 1 show ip igmp-proxy interface Use the show ip igmp-proxy interface command in Privileged EXEC mode to display a detailed list of the host interface status parameters. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp-proxy interface Default Configuration This command has no default configuration.
PAGE 1054
2CSPC4.XModular-SWUM204.book Page 1054 Friday, March 15, 2013 9:24 AM show ip igmp-proxy groups Use the show ip igmp-proxy groups command in Privileged EXEC mode to display a table of information about multicast groups that IGMP Proxy reported. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp-proxy groups Default Configuration This command has no default configuration.
PAGE 1055
2CSPC4.XModular-SWUM204.book Page 1055 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays complete information about multicast groups that IGMP Proxy has reported. console#show ip igmp-proxy groups detail Interface Index................................
PAGE 1056
2CSPC4.XModular-SWUM204.
PAGE 1057
2CSPC4.XModular-SWUM204.book Page 1057 Friday, March 15, 2013 9:24 AM 47 IP Helper/DHCP Relay Commands The IP Helper feature provides the ability for a router to forward configured UDP broadcast packets to a particular IP address. This allows applications to reach servers on non-local subnets. This is possible even when the application is designed to assume a server is always on a local subnet or when the application uses broadcast packets to reach the server (with the limited broadcast address 255.255.
PAGE 1058
2CSPC4.XModular-SWUM204.book Page 1058 Friday, March 15, 2013 9:24 AM Protocol UDP Port Number DNS 53 NetBIOS Name Server 137 NetBIOS Datagram Server 138 TACACS Server 49 Time Service 37 DHCP 67 Trivial File Transfer Protocol 69 Certain preexisting configurable DHCP relay options do not apply to relay of other protocols. These options are unchanged. The user may optionally set a DHCP maximum hop count or minimum wait time. The relay agent relays DHCP packets in both directions.
PAGE 1059
2CSPC4.XModular-SWUM204.book Page 1059 Friday, March 15, 2013 9:24 AM • The protocol field in the IP header must be UDP (17). • The destination UDP port must match a configured relay entry. DHCP relay cannot be enabled and disabled globally. IP helper can be enabled or disabled globally. Enabling IP helper enables DHCP relay.
PAGE 1060
2CSPC4.XModular-SWUM204.book Page 1060 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. Example The following example defines a maximum hopcount of 6. console(config)#bootpdhcprelay maxhopcount 6 bootpdhcprelay minwaittime Use the bootpdhcprelay minwaittime command in Global Configuration mode to configure the minimum wait time in seconds for BootP/DHCP Relay on the system.
PAGE 1061
2CSPC4.XModular-SWUM204.book Page 1061 Friday, March 15, 2013 9:24 AM Example The following example defines a minimum wait time of 10 seconds. console(config)#bootpdhcprelay minwaittime 10 clear ip helper statistics Use the clear ip helper statistics command to reset to 0 the statistics displayed in show ip helper statistics. Syntax clear ip helper statistics Default Configuration There is no default configuration for this command.
PAGE 1062
2CSPC4.XModular-SWUM204.book Page 1062 Friday, March 15, 2013 9:24 AM Parameter Description This command has no arguments or keywords. Default Configuration This is enabled by default for a DHCP relay agent. Command Mode Global Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. Interface configuration takes precedence over global configuration. However if there is no interface configuration then global configuration is followed. This check is enabled by default.
PAGE 1063
2CSPC4.XModular-SWUM204.book Page 1063 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description none (Optional) Disables the command function. Default Configuration This check is enabled by default. Command Mode Interface Configuration (VLAN) mode User Guidelines Enable DHCP Relay using the ip helper enable command. Use the global configuration command ip dhcp relay information option command to enable processing of DHCP circuit ID and remote agent ID options.
PAGE 1064
2CSPC4.XModular-SWUM204.book Page 1064 Friday, March 15, 2013 9:24 AM Default Configuration Disabled is the default configuration. Command Mode Global Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. Example The following example enables the circuit ID and remote agent ID options.
PAGE 1065
2CSPC4.XModular-SWUM204.book Page 1065 Friday, March 15, 2013 9:24 AM Command Mode Interface (VLAN) Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. The interface configuration always takes precedence over global configuration. However, if there is no interface configuration, then global configuration is followed. Example The following example enables the circuit ID and remote agent ID options on vlan 10.
PAGE 1066
2CSPC4.XModular-SWUM204.book Page 1066 Friday, March 15, 2013 9:24 AM (port 53), isakmp (port 500), mobile-ip (port 434), nameserver (port 42), netbios-dgm (port 138), netbios-ns (port 137), ntp (port 123), pim-autorp (port 496), rip (port 520), tacacs (port 49), tftp (port 69), and time (port 37). Other ports must be specified by number. Default Configuration No helper addresses are configured. Command Mode Global Configuration mode.
PAGE 1067
2CSPC4.XModular-SWUM204.book Page 1067 Friday, March 15, 2013 9:24 AM ip helper-address (interface configuration) Use the ip helper-address (interface configuration) command to configure the relay of certain UDP broadcast packets received on a specific interface. To delete a relay entry on an interface, use the no form of this command.
PAGE 1068
2CSPC4.XModular-SWUM204.book Page 1068 Friday, March 15, 2013 9:24 AM User Guidelines This command can be invoked multiple times on routing interface, either to specify multiple server addresses for a given port number or to specify multiple port numbers handled by a specific server. The command no ip helper-address with no arguments clears all helper addresses on the interface. Example To relay DHCP packets received on vlan 5 to two DHCP servers, 192.168.10.1 and 192.168.20.
PAGE 1069
2CSPC4.XModular-SWUM204.book Page 1069 Friday, March 15, 2013 9:24 AM console(config-if-vlan5)#ip helper-address 192.168.40.2 domain console(config-if-vlan5)#exit console(config)#interface 2/6 console(config-if-vlan6)#ip helper-address 192.168.23.1 162 console(config-if-vlan6)#ip helper-address discard dhcp ip helper enable Use the ip helper enable command to enable relay of UDP packets. To disable relay of all UDP packets, use the “no” form of this command.
PAGE 1070
2CSPC4.XModular-SWUM204.book Page 1070 Friday, March 15, 2013 9:24 AM Syntax show ip helper-address [interface] • interface — Optionally specify an interface to limit the output to the configuration of a single interface. The interface is identified as vlan vlanid. Default Configuration This command has no default configuration.
PAGE 1071
2CSPC4.XModular-SWUM204.book Page 1071 Friday, March 15, 2013 9:24 AM --------------vlan ----------- 100 -------- ---------- No 10 dhcp --------------10.100.1.254 10.100.2.254 vlan 101 any Yes any dhcp No 2 0 10.200.1.254 show ip dhcp relay Use the show ip dhcp relay command in User EXEC mode to display the BootP/DHCP Relay information. Syntax show ip dhcp relay Parameter Description This command has no arguments or keywords.
PAGE 1072
2CSPC4.XModular-SWUM204.book Page 1072 Friday, March 15, 2013 9:24 AM Circuit Id Option Mode....................... Disable Circuit Id Option Check Mode................. Enable show ip helper statistics Use the show ip helper statistics command to display the number of DHCP and other UDP packets processed and relayed by the UDP relay agent. Syntax show ip helper statistics Default Configuration This command has no default configuration.
PAGE 1073
2CSPC4.XModular-SWUM204.book Page 1073 Friday, March 15, 2013 9:24 AM UDP client messages relayed The number of UDP packets relayed. This count includes DHCP messages relayed as well as all other protocols. The count is incremented for each server to which a packet is sent. DHCP message hop count exceeded max The number of DHCP client messages received whose hop count is larger than the maximum allowed. The maximum hop count is a configurable value listed in show ip dhcp relay.
PAGE 1074
2CSPC4.XModular-SWUM204.book Page 1074 Friday, March 15, 2013 9:24 AM DHCP message hop count exceeded max............ 0 DHCP message with secs field below min......... 0 DHCP message with giaddr set to local address.. 0 Packets with expired TTL....................... 0 Packets that matched a discard entry...........
PAGE 1075
2CSPC4.XModular-SWUM204.book Page 1075 Friday, March 15, 2013 9:24 AM 48 IP Routing Commands The Routing Module provides the base Layer 3 support for Local Area Network (LAN) and Wide Area Network (WAN) environments. The PowerConnect switches allows the network operator to build a complete Layer 3+ configuration with advanced functionality. As the PowerConnect defaults to Layer 2 switching functionality, routing must be explicitly enabled on the PowerConnect to perform Layer 3 forwarding.
PAGE 1076
2CSPC4.XModular-SWUM204.book Page 1076 Friday, March 15, 2013 9:24 AM from different sources have the same preference, PowerConnect routing prefers a static route over a dynamic route. Static Reject Routes To administratively control the traffic destined to a particular network so that it is not forwarded through the router, PowerConnect enables configuring a static reject route for that network on the router.
PAGE 1077
2CSPC4.XModular-SWUM204.book Page 1077 Friday, March 15, 2013 9:24 AM encapsulation Use the encapsulation command in Interface Configuration (VLAN) mode to configure the Link Layer encapsulation type for the packet. Routed frames are always ethernet-encapsulated when a frame is routed to a VLAN. Syntax encapsulation {ethernet | snap} • ethernet — Specifies Ethernet encapsulation. • snap — Specifies SNAP encapsulation. Default Configuration Ethernet encapsulation is the default configuration.
PAGE 1078
2CSPC4.XModular-SWUM204.book Page 1078 Friday, March 15, 2013 9:24 AM Syntax ip address ip-address {subnet-mask | prefix-length} [secondary] no ip address ip-address {subnet-mask | prefix-length} [secondary] • ip-address — IP address of the interface. • subnet-mask — Subnet mask of the interface • prefix-length — Length of the prefix. Must be preceded by a forward slash (/). (Range: 1-30 bits) • secondary — Indicates the IP address is a secondary address.
PAGE 1079
2CSPC4.XModular-SWUM204.book Page 1079 Friday, March 15, 2013 9:24 AM ip mtu Use the ip mtu command in Interface Configuration mode to set the IP Maximum Transmission Unit (MTU) on a routing interface. The IP MTU is the size of the largest IP packet that can be transmitted on the interface without fragmentation. Packets forwarded in hardware ignore the IP MTU. Packets forwarded in software are dropped if they exceed the IP MTU of the outgoing interface.
PAGE 1080
2CSPC4.XModular-SWUM204.book Page 1080 Friday, March 15, 2013 9:24 AM Example The following example defines 1480 as the MTU for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip mtu 1480 ip netdirbcast Use the ip netdirbcast command in Interface Configuration mode to enable the forwarding of network-directed broadcasts. When enabled, network directed broadcasts are forwarded. When disabled they are dropped. Use the no form of the command to disable the broadcasts.
PAGE 1081
2CSPC4.XModular-SWUM204.book Page 1081 Friday, March 15, 2013 9:24 AM ip route Use the ip route command in Global Configuration mode to configure a static route. Use the no form of the command to delete the static route. The IP route command sets a value for the route preference. Among routes to the same destination, the route with the lowest preference value is the route entered into the forwarding database.
PAGE 1082
2CSPC4.XModular-SWUM204.book Page 1082 Friday, March 15, 2013 9:24 AM Example The following example identifies the ip-address subnet-mask, next-hop-ip and a preference value of 200. console(config)#ip route 192.168.10.10 255.255.255.0 192.168.20.1 metric 200 ip route default Use the ip route default command in Global Configuration mode to configure the next hop address of the default route. Use the no form of the command to delete the default route.
PAGE 1083
2CSPC4.XModular-SWUM204.book Page 1083 Friday, March 15, 2013 9:24 AM Using this command, the administrator may manually configure a single, global default gateway. The switch installs a default route for a configured default gateway with a preference of 253, making it more preferred than the default gateways learned via DHCP, but less preferred than a static default route. The preference of these routes is not configurable.
PAGE 1084
2CSPC4.XModular-SWUM204.book Page 1084 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines Lower route distance values are preferred when determining the best route. Example The following example sets the default route metric to 80. console(config)#ip route distance 80 ip routing Use the ip routing command in Global Configuration mode to globally enable IPv4 routing on the router. To disable IPv4 routing globally, use the no form of the command.
PAGE 1085
2CSPC4.XModular-SWUM204.book Page 1085 Friday, March 15, 2013 9:24 AM show ip brief Use the show ip brief command in Privileged EXEC mode to display all the summary information of the IP. Syntax show ip brief Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays IP summary information. console#show ip brief Default Time to Live..
PAGE 1086
2CSPC4.XModular-SWUM204.book Page 1086 Friday, March 15, 2013 9:24 AM Syntax Description Parameter Description type Interface type (loopback, out-of-band, or vlan) number Interface number. Valid only for loopback and VLAN types. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config sub-modes User Guidelines The Method field contains one of the following values.
PAGE 1087
2CSPC4.XModular-SWUM204.book Page 1087 Friday, March 15, 2013 9:24 AM console#show ip interface Default Gateway....................... 0.0.0.0 L3 MAC Address................. 001E.C9AA.AC84 Routing Interfaces: Interface State IP Address IP Mask ---------- ----- --------------- --------------- ------- Vl1 Down 0.0.0.0 0.0.0.0 Method None The Method field contains one of the following values: • DHCP — The address is leased from a DHCP server. • Manual — The address is manually configured.
PAGE 1088
2CSPC4.XModular-SWUM204.book Page 1088 Friday, March 15, 2013 9:24 AM Encapsulation Type................. Ethernet IP MTU............................. 1500 Bandwidth.......................... 100000 kbps Destination Unreachables........... Enabled ICMP Redirects..................... Enabled console#show ip interface out-of-band IP Address............................. 10.131.11.66 Subnet Mask............................ 255.255.255.0 Default Gateway........................ 10.131.11.
PAGE 1089
2CSPC4.XModular-SWUM204.book Page 1089 Friday, March 15, 2013 9:24 AM Parameter Description Local AS Number The AS number that the local router is in. BGP Admin Mode Whether BGP is globally enabled or disabled. Maximum Paths The maximum number of next hops in an internal or external BGP route. Distance The default administrative distance (or route preference) for external, internal, and locally-originated BGP routes.
PAGE 1090
2CSPC4.XModular-SWUM204.book Page 1090 Friday, March 15, 2013 9:24 AM Parameter Description Metric Type The metric type to advertise for redistributed routes of this type. Redist Source The type of routes OSPF is redistributing. Metric The metric to advertise for redistributed routes of this type. Metric Type The metric type to advertise for redistributed routes of this type. Subnets Whether OSPF redistributes subnets of classful addresses, or only classful prefixes.
PAGE 1091
2CSPC4.XModular-SWUM204.book Page 1091 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following shows example CLI display output for the command. console# show ip protocols Routing Protocol.......................... BGP Router ID................................. 6.6.6.6 Local AS Number........................... 65001 BGP Admin Mode............................ Enable Maximum Paths.............................
PAGE 1092
2CSPC4.XModular-SWUM204.book Page 1092 Friday, March 15, 2013 9:24 AM Maximum Paths............................. 32 Routing for Networks...................... 172.24.0.0 0.0.255.255 area 0 10.0.0.0 0.255.255.255 area 1 192.168.75.0 0.0.0.255 area 2 Distance.................................. Intra 110 Inter 110 Ext 110 Default Route Advertise................... Disabled Always.................................... FALSE Metric.................................... Not configured Metric Type.....................
PAGE 1093
2CSPC4.XModular-SWUM204.book Page 1093 Friday, March 15, 2013 9:24 AM Syntax show ip route [ip-address [mask | prefix-length] [longer-prefixes] | ospf | rip | static] Syntax Description Parameter Description ip-address Specifies the network for which the route is to be displayed and displays the best matching best-route for the address. mask Subnet mask of the IP address. prefix-length Length of prefix, in bits. Must be preceded with a forward slash (/). (Range: 0-32 bits.
PAGE 1094
2CSPC4.XModular-SWUM204.book Page 1094 Friday, March 15, 2013 9:24 AM Example The following example displays the IPv4 address of the default gateway and the default route associated with the gateway. console#show ip route Route Codes: R - RIP Derived, O - OSPF Derived, C Connected, S - Static B - BGP Derived, IA - OSPF Inter Area E1 - OSPF External Type 1, E2 - OSPF External Type 2 N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2 S 0.0.0.0/0 [254/0] via 10.1.20.1 C 10.1.20.
PAGE 1095
2CSPC4.XModular-SWUM204.book Page 1095 Friday, March 15, 2013 9:24 AM Route Codes: R - RIP Derived, Connected, S - Static B - BGP E1 - OSPF External Type 1, E2 OSPF NSSA External Type 1, N2 O - OSPF Derived, C Derived, IA - OSPF Inter Area - OSPF External Type 2 N1 - OSPF NSSA External Type 2 Default Gateway is not configured S 10.0.0.0/8 [1/0] via 1.2.3.5 show ip route connected Use the show ip route connected command in Privileged EXEC mode display connected routes.
PAGE 1096
2CSPC4.XModular-SWUM204.book Page 1096 Friday, March 15, 2013 9:24 AM E1 - OSPF External Type 1, E2 - OSPF External Type 2 N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2 IP Routing Commands 1009 Default Gateway is not configured S 10.0.0.0/8 [1/0] via 1.2.3.5 show ip route preferences Use the show ip route preferences command in Privileged EXEC mode displays detailed information about the route preferences. Route preferences are used in determining the best route.
PAGE 1097
2CSPC4.XModular-SWUM204.book Page 1097 Friday, March 15, 2013 9:24 AM Example The following example displays IP route preferences. console#show ip route preferences Local.......................................... 0 Static......................................... 1 OSPF Intra..................................... 110 OSPF Inter..................................... 110 OSPF External.................................. 110 RIP............................................ 120 Configured Default Gateway...........
PAGE 1098
2CSPC4.XModular-SWUM204.book Page 1098 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example displays the IP route summary. console#show ip route summary Connected Routes............................... 0 Static Routes.................................. 0 RIP Routes..................................... 0 OSPF Routes.................................... 0 Intra Area Routes.............................. 0 Inter Area Routes.............................
PAGE 1099
2CSPC4.XModular-SWUM204.book Page 1099 Friday, March 15, 2013 9:24 AM Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays IP route preferences. console>show ip traffic IpInReceives................................... 24002 IpInHdrErrors.................................. 1 IpInAddrErrors................................. 925 IpForwDatagrams................................
PAGE 1100
2CSPC4.XModular-SWUM204.book Page 1100 Friday, March 15, 2013 9:24 AM IcmpInErrors................................... 0 IcmpInDestUnreachs............................. 0 IcmpInTimeExcds................................ 0 IcmpInParmProbs................................ 0 IcmpInSrcQuenchs............................... 0 IcmpInRedirects................................ 0 IcmpInEchos.................................... 3 IcmpInEchoReps................................. 0 IcmpInTimestamps.........................
PAGE 1101
2CSPC4.XModular-SWUM204.book Page 1101 Friday, March 15, 2013 9:24 AM show ip vlan Use the show ip vlan command in Privileged EXEC mode to display the VLAN routing information for all VLANs with routing enabled. Syntax show ip vlan Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays VLAN routing information.
PAGE 1102
2CSPC4.XModular-SWUM204.book Page 1102 Friday, March 15, 2013 9:24 AM Syntax show routing heap summary Parameter Description The command displays the following information. Parameter Description Heap Size The amount of memory, in bytes, allocated at startup for the routing heap. Memory In Use The number of bytes currently allocated. Memory on Free List The number of bytes currently on the free list. When a chunk of memory from the routing heap is freed, it is placed on a free list for future reuse.
PAGE 1103
2CSPC4.XModular-SWUM204.book Page 1103 Friday, March 15, 2013 9:24 AM Memory on Free List............. 78721 bytes (0%) Memory Available in Heap........ 92365249 bytes (99%) In Use High Water Mark..........
PAGE 1104
2CSPC4.XModular-SWUM204.
PAGE 1105
2CSPC4.XModular-SWUM204.book Page 1105 Friday, March 15, 2013 9:24 AM IPv6 Routing Commands 49 The IPv6 version of the routing table manager provides a repository for IPv6 routes learned by dynamic routing protocols or static configuration. RTO6 manages dynamic and static IPv6 routes, redistributes routes to registered protocols, supports ECMP routes, and supports multiple routes to the same destination, sorted by preference. IPv6 routing only operates over VLAN interfaces.
PAGE 1106
2CSPC4.XModular-SWUM204.
PAGE 1107
2CSPC4.XModular-SWUM204.book Page 1107 Friday, March 15, 2013 9:24 AM Example The following example clears all entries in the IPv6 neighbor table. console(config)#clear ipv6 neighbors clear ipv6 statistics Use the clear ipv6 statistics command in Privileged EXEC mode to clear IPv6 statistics for all interfaces or for a specific interface, including loopback and tunnel interfaces. IPv6 statistics display in the output of the show ipv6 traffic command.
PAGE 1108
2CSPC4.XModular-SWUM204.book Page 1108 Friday, March 15, 2013 9:24 AM ipv6 address Use the ipv6 address command in Interface Configuration mode to configure an IPv6 address on an interface (including tunnel and loopback interfaces) and to enable IPv6 processing on this interface. Multiple globally reachable addresses can be assigned to an interface by using this command. There is no need to assign a link-local address by using this command since one is automatically created.
PAGE 1109
2CSPC4.XModular-SWUM204.book Page 1109 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example configures an IPv6 address and enables IPv6 processing. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 address 2020:1::1/64 ipv6 enable Use the ipv6 enable command in Interface Configuration mode to enable IPv6 routing on an interface (including tunnel and loopback interfaces) that has not been configured with an explicit IPv6 address.
PAGE 1110
2CSPC4.XModular-SWUM204.book Page 1110 Friday, March 15, 2013 9:24 AM console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 enable ipv6 hop-limit Use the ipv6 hop-limit command to configure the hop limit used in IPv6 PDUs originated by the router. Use the no form of the command to return the hop limit to the default setting. Syntax ipv6 hop-limit count no ipv6 hop-limit Parameter Description Parameter Description count The number of hops before the PDU expires (Range 0-255).
PAGE 1111
2CSPC4.XModular-SWUM204.book Page 1111 Friday, March 15, 2013 9:24 AM Default Configuration No IPv6 hosts are defined. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example console(config)#ipv6 host Dell 2001:DB8::/32 ipv6 mld last-member-query-count The ipv6 mld last-member-query-count command sets the number of listener-specific queries sent before the router assumes that there are no local members on the interface.
PAGE 1112
2CSPC4.XModular-SWUM204.book Page 1112 Friday, March 15, 2013 9:24 AM Example console(config-if-vlan3)#ipv6 mld last-member-query-count 5 ipv6 mld last-member-query-interval The ipv6 mld last-member-query-interval command sets the last member query interval for the MLD interface, which is the value of the maximum response time parameter in the group-specific queries sent out of this interface. Use the “no” form of this command to set the last member query interval to the default.
PAGE 1113
2CSPC4.XModular-SWUM204.book Page 1113 Friday, March 15, 2013 9:24 AM Syntax ipv6 mld-proxy no ipv6 mld-proxy Default Configuration MLD Proxy is disabled by default. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld-proxy ipv6 mld-proxy reset-status Use the ipv6 mld-proxy reset-status command to reset the host interface status parameters of the MLD Proxy router.
PAGE 1114
2CSPC4.XModular-SWUM204.book Page 1114 Friday, March 15, 2013 9:24 AM Example console(config-if-vlan3)#ipv6 mld-proxy reset-status ipv6 mld-proxy unsolicit-rprt-interval Use the ipv6 mld-proxy unsolicit-rprt-interval command to set the unsolicited report interval for the MLD Proxy router. This command is only valid when MLD Proxy is enabled on the interface. Use the “no” form of this command to reset the MLD Proxy router's unsolicited report interval to the default value.
PAGE 1115
2CSPC4.XModular-SWUM204.book Page 1115 Friday, March 15, 2013 9:24 AM Syntax ipv6 mld query-interval query-interval no ipv6 mld query-interval • query-interval — Query interval (Range: 1–3600). Default Configuration The default query interval is 125 seconds. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command.
PAGE 1116
2CSPC4.XModular-SWUM204.book Page 1116 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld query-max-response-time 4500 ipv6 mld router The ipv6 mld router command is used to enable MLD in the router in global configuration mode and for a specific interface in interface configuration mode. Use the “no” form of this command to disable MLD.
PAGE 1117
2CSPC4.XModular-SWUM204.book Page 1117 Friday, March 15, 2013 9:24 AM ipv6 mtu Use the ipv6 mtu command in Interface Configuration mode to set the maximum transmission unit (MTU) size, in bytes, of IPv6 packets on an interface. This command replaces the default MTU with a new MTU value. The IPv6 MTU is only observed for packets originating on the switch. Packets forwarded by the hardware ignore the IPv6 MTU.
PAGE 1118
2CSPC4.XModular-SWUM204.book Page 1118 Friday, March 15, 2013 9:24 AM ipv6 nd dad attempts Use the ipv6 nd dad attempts command in Interface Configuration mode to set the number of duplicate address detection probes transmitted while doing neighbor discovery. Duplicate address detection verifies that an IPv6 address on an interface is unique. Syntax ipv6 nd dad attempts no ipv6 nd dad attempts Parameter Description Parameter Description value Probes transmitted.
PAGE 1119
2CSPC4.XModular-SWUM204.book Page 1119 Friday, March 15, 2013 9:24 AM ipv6 nd managed-config-flag Use the ipv6 nd managed-config-flag command in Interface Configuration mode to set the “managed address configuration” flag in router advertisements. When the value is true, end nodes use DHCPv6. When the value is false, end nodes automatically configure addresses. Syntax ipv6 nd managed-config-flag no ipv6 nd managed-config-flag Default Configuration False is the default configuration.
PAGE 1120
2CSPC4.XModular-SWUM204.book Page 1120 Friday, March 15, 2013 9:24 AM no ipv6 nd ns-interval • milliseconds — Interval duration. (Range: 0, 1000–4294967295) Default Configuration 0 is the default value for milliseconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example sets the interval between router advertisements for advertised neighbor solicitations at 5000 ms.
PAGE 1121
2CSPC4.XModular-SWUM204.book Page 1121 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example sets to true the “other stateful configuration” flag in router advertisements console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd other-config-flag ipv6 nd prefix Use the ipv6 nd prefix command to configure parameters associated with prefixes that the router advertises in its router advertisements.
PAGE 1122
2CSPC4.XModular-SWUM204.book Page 1122 Friday, March 15, 2013 9:24 AM Default Configuration 604800 seconds is the default value for valid-lifetime, 2592000 seconds for preferred lifetime. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines The router advertises its global IPv6 prefixes in its router advertisements (RAs). An RA only includes the prefixes of the IPv6 addresses configured on the interface where the RA is transmitted.
PAGE 1123
2CSPC4.XModular-SWUM204.book Page 1123 Friday, March 15, 2013 9:24 AM no ipv6 nd ra-interval • maximum — The maximum interval duration (Range: 4–1800 seconds). • minimum — The minimum interval duration (Range: 3 – (0.75 * maximum) seconds). Default Configuration 600 is the default value for seconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines The minimum interval cannot be larger than 75% of the maximum interval.
PAGE 1124
2CSPC4.XModular-SWUM204.book Page 1124 Friday, March 15, 2013 9:24 AM Default Configuration 1800 is the default value for seconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example sets at 1000 seconds the value that is placed in the Router Lifetime field of the router advertisements.
PAGE 1125
2CSPC4.XModular-SWUM204.book Page 1125 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example sets the router advertisement time at 5000 milliseconds to consider a neighbor reachable after neighbor discovery confirmation.
PAGE 1126
2CSPC4.XModular-SWUM204.book Page 1126 Friday, March 15, 2013 9:24 AM ipv6 route Use the ipv6 route command in Global Configuration mode to configure an IPv6 static route. Use the no form of the command to remove a preference, an individual next hop, or all next hops for a route. Using the no ipv6 route distance form causes the system to use the system default administrative distance.
PAGE 1127
2CSPC4.XModular-SWUM204.book Page 1127 Friday, March 15, 2013 9:24 AM Default Configuration 1 is the default value for preference. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configure an IPv6 static route. console(config)#ipv6 route 2020:1::1/64 2030:1::2 ipv6 route distance Use the ipv6 route distance command in Global Configuration mode to set the default distance (preference) for static routes.
PAGE 1128
2CSPC4.XModular-SWUM204.book Page 1128 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines Lower route distance values are preferred when determining the best route. Example The following example sets the default distance to 80. console(config)#ipv6 route distance 80 ipv6 unicast-routing Use the ipv6 unicast-routing command in Global Configuration mode to enable forwarding of IPv6 unicast datagrams.
PAGE 1129
2CSPC4.XModular-SWUM204.book Page 1129 Friday, March 15, 2013 9:24 AM ping ipv6 Use ping ipv6 command in Privileged EXEC mode to determine whether another computer is on the network. To use the command, configure the switch for network (in-band) connection. The source and target devices must have the ping utility enabled and running on top of TCP/IP.
PAGE 1130
2CSPC4.XModular-SWUM204.book Page 1130 Friday, March 15, 2013 9:24 AM ping ipv6 interface Use ping ipv6 interface command in the Privileged EXEC mode to determine whether another computer is on the network. To use the command, configure the switch for network (in-band) connection. The source and target devices must have the ping utility enabled and running on top of TCP/IP.
PAGE 1131
2CSPC4.XModular-SWUM204.book Page 1131 Friday, March 15, 2013 9:24 AM console(config)#ping ipv6 interface loopback 1 FE80::202:BCFF:FE00:3068/128 Send count=3, Receive count=0 from FE80::202:BCFF:FE00:3068/128 Average round trip time = 0.00 ms show ipv6 brief Use the show ipv6 brief command in Privileged EXEC mode to display the IPv6 status of forwarding mode and IPv6 unicast routing mode. Syntax show ipv6 brief Default Configuration This command has no default configuration.
PAGE 1132
2CSPC4.XModular-SWUM204.book Page 1132 Friday, March 15, 2013 9:24 AM show ipv6 interface Use the show ipv6 interface command in Privileged EXEC mode to show the usability status of IPv6 interfaces. The output of the command includes the method of assignment for each IPv6 address that is either autoconfigured or leased from a DHCP server. Global addresses with no annotation are assumed to be manually configured.
PAGE 1133
2CSPC4.XModular-SWUM204.book Page 1133 Friday, March 15, 2013 9:24 AM Field Description TENT Tentative address. The long form of the command includes the same annotations and shows whether address autoconfiguration or DHCP client are enabled on the interface. When the interface acts as a host interface, the output also shows the default gateway on the interface, if one exists.
PAGE 1134
2CSPC4.XModular-SWUM204.book Page 1134 Friday, March 15, 2013 9:24 AM console#show ipv6 interface vlan2 IPv6 is enabled IPv6 Prefix is ................................ FE80::211:88FF:FE2A:3E3C/128 2017::A42A:26DB:1049:43DD/128 [DHCP] Routing Mode................................... Enabled Administrative Mode............................ Enabled IPv6 Routing Operational Mode.................. Enabled Bandwidth...................................... 100000 kbps Interface Maximum Transmit Unit................
PAGE 1135
2CSPC4.XModular-SWUM204.book Page 1135 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example console#show ipv6 interface management statistics DHCPv6 Client Statistics ------------------------DHCPv6 Advertisement Packets Received.......... 0 DHCPv6 Reply Packets Received.................. 0 Received DHCPv6 Advertisement Packets Discard.. 0 Received DHCPv6 Reply Packets Discarded........
PAGE 1136
2CSPC4.XModular-SWUM204.book Page 1136 Friday, March 15, 2013 9:24 AM Syntax show ipv6 mld groups {group-address | vlan vlan-id} • group-address — The group address to display. • vlan-id — A valid VLAN id. Default Configuration There is no default configuration for this command.
PAGE 1137
2CSPC4.XModular-SWUM204.book Page 1137 Friday, March 15, 2013 9:24 AM Uptime Time elapsed in seconds since the multicast group has been known. Expiry Time Time left in seconds before the entry is removed from the MLD membership table of this interface. Last Reporter The IP Address of the source of the last membership report received for this multicast group address on that interface. Filter Mode The filter mode of the multicast group on this interface. The values it can take are INCLUDE and EXCLUDE.
PAGE 1138
2CSPC4.XModular-SWUM204.book Page 1138 Friday, March 15, 2013 9:24 AM 4001::6 00:03:15 4001::7 00:03:15 4001::8 00:03:15 console#show ipv6 mld groups vlan 6 Group Address................................ FF1E::1 Interface..................................... vlan 6 Up Time (hh:mm:ss).......................... 00:04:23 Expiry Time (hh:mm:ss)........................ ------ Group Address................................ FF1E::2 Interface..................................... vlan 6 Up Time (hh:mm:ss)....
PAGE 1139
2CSPC4.XModular-SWUM204.book Page 1139 Friday, March 15, 2013 9:24 AM Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines The following information is displayed for the specified interface: Field Description Interface The interface number in unit/slot/port format. MLD Global Admin Mode This field displays the configured global administrative status of MLD.
PAGE 1140
2CSPC4.XModular-SWUM204.book Page 1140 Friday, March 15, 2013 9:24 AM Last Member Query Count This value indicates the configured number of Group-Specific Queries sent before the router assumes that there are no local members. The following information is displayed if the operational mode of the MLD interface is enabled: Field Description Querier Status This value indicates whether the interface is a MLD querier or non-querier on the subnet with which it is associated.
PAGE 1141
2CSPC4.XModular-SWUM204.book Page 1141 Friday, March 15, 2013 9:24 AM Query Interval (secs)....................... 100 Query Max Response Time(milli-secs)........ 1111 Robustness.................................. 2 Startup Query Interval (secs).............. 31 Startup Query Count......................... 2 Last Member Query Interval (milli-secs)..... 1111 Last Member Query Count.....................
PAGE 1142
2CSPC4.XModular-SWUM204.book Page 1142 Friday, March 15, 2013 9:24 AM Version The present MLD host version that is operational on the proxy interface. Number of Multicast Groups The number of multicast groups that are associated with the MLD-Proxy interface. Unsolicited Report The time interval at which the MLD-Proxy interface sends Interval unsolicited group membership reports.
PAGE 1143
2CSPC4.XModular-SWUM204.book Page 1143 Friday, March 15, 2013 9:24 AM Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines The following parameters are displayed by this command: Field Description Interface The MLD Proxy interface. Group Address The IP address of the multicast group.
PAGE 1144
2CSPC4.XModular-SWUM204.book Page 1144 Friday, March 15, 2013 9:24 AM show ipv6 mld-proxy groups detail Use the show ipv6 mld-proxy groups detail command to display information about multicast groups that MLD Proxy reported. Syntax show ipv6 mld-proxy groups detail Default Configuration There is no default configuration for this command.
PAGE 1145
2CSPC4.XModular-SWUM204.book Page 1145 Friday, March 15, 2013 9:24 AM Group Source List The list of IP addresses of the sources attached to the multicast group. Expiry Time The time left for a source to get deleted. Example console#show ipv6 igmp-proxy groups Interface................................ vlan 10 Group Address Last Reporter Sources Up Time Member State Filter Mode ------------- ---------------- --------- ----------------- ------------- -----FF1E::1 FE80::100:2.
PAGE 1146
2CSPC4.XModular-SWUM204.book Page 1146 Friday, March 15, 2013 9:24 AM Syntax show ipv6 mld-proxy interface Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines The following parameters are displayed only when MLD Proxy is enabled: Parameter Description Interface The MLD Proxy interface.
PAGE 1147
2CSPC4.XModular-SWUM204.book Page 1147 Friday, March 15, 2013 9:24 AM ----------------------------------------------------------1 2 0 0 0 2 2 3 0 4 ----- ----- show ipv6 mld traffic The show ipv6 mld traffic command is used to display MLD statistical information for the router. Syntax show ipv6 mld traffic Default Configuration There is no default configuration for this command.
PAGE 1148
2CSPC4.XModular-SWUM204.book Page 1148 Friday, March 15, 2013 9:24 AM Bad Checksum MLD Packets The number of bad checksum MLD packets received by the router. Malformed MLD Packets The number of malformed MLD packets received by the router. Example console#show ipv6 mld traffic Valid MLD Packets Received..................... 52 Valid MLD Packets Sent......................... 7 Queries Received............................... 0 Queries Sent................................... 7 Reports Received...........
PAGE 1149
2CSPC4.XModular-SWUM204.book Page 1149 Friday, March 15, 2013 9:24 AM Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays information about the IPv6 neighbors.
PAGE 1150
2CSPC4.XModular-SWUM204.book Page 1150 Friday, March 15, 2013 9:24 AM Parameter Description interface-type interface-number Valid IPv6 interface. Specifies that the routes with next-hops on the selected interface be displayed. Supported interface types are VLAN, Tunnel, and Loopback. best Specifies that only the best routes are displayed. If the connected keyword is selected for protocol, the best option is not available because there are no best or non-best connected routes.
PAGE 1151
2CSPC4.XModular-SWUM204.book Page 1151 Friday, March 15, 2013 9:24 AM show ipv6 route preferences Use the show ipv6 route preferences command in Privileged EXEC mode to show the preference value associated with the type of route. Lower numbers have a greater preference. Syntax show ipv6 route preferences Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 1152
2CSPC4.XModular-SWUM204.book Page 1152 Friday, March 15, 2013 9:24 AM show ipv6 route summary Use the show ipv6 route summary command in Privileged EXEC mode to display a summary of the routing table for all routes, including best and nonbest routes. Use best to display the count summary for only best routes. Syntax show ipv6 route summary [best] • best — Displays the count summary for only best routes. Default Configuration This command has no default configuration.
PAGE 1153
2CSPC4.XModular-SWUM204.book Page 1153 Friday, March 15, 2013 9:24 AM Number of Prefixes: show ipv6 traffic Use the show ipv6 traffic command in User EXEC mode to show traffic and statistics for IPv6 and ICMPv6. Syntax show ipv6 traffic [vlan vlan-id | tunnel tunnel-id | loopback loopback-id] • vlan-id — Valid VLAN ID, shows information about traffic on a specific interface or, without the optional parameter, shows information about traffic on all interfaces. • tunnel — Tunnel identifier.
PAGE 1154
2CSPC4.XModular-SWUM204.book Page 1154 Friday, March 15, 2013 9:24 AM Received Datagrams Discarded Due To MTU............ 0 Received Datagrams Discarded Due To No Route....... 0 Received Datagrams With Unknown Protocol........... 0 Received Datagrams Discarded Due To Invalid Address.0 Received Datagrams Discarded Due To Truncated Data. 0 Received Datagrams Discarded Other................. 0 Received Datagrams Reassembly Required............. 0 Datagrams Successfully Reassembled.................
PAGE 1155
2CSPC4.XModular-SWUM204.book Page 1155 Friday, March 15, 2013 9:24 AM Received Datagrams Discarded Other................. 0 Received Datagrams Reassembly Required............. 0 Datagrams Successfully Reassembled................. 0 Datagrams Failed To Reassemble..................... 0 Datagrams Forwarded................................ 0 Datagrams Locally Transmitted...................... 0 Datagrams Transmit Failed.......................... 0 Datagrams Successfully Fragmented..................
PAGE 1156
2CSPC4.XModular-SWUM204.book Page 1156 Friday, March 15, 2013 9:24 AM MAC Address used by Routing VLANs: 00:02:BC:00:30:68 VLAN ID IPv6 Address/Prefix Length ------- --------------------------------------- 1 traceroute ipv6 Use the traceroute ipv6 command in Privileged EXEC mode to discover the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis.
PAGE 1157
2CSPC4.XModular-SWUM204.
PAGE 1158
2CSPC4.XModular-SWUM204.
PAGE 1159
2CSPC4.XModular-SWUM204.book Page 1159 Friday, March 15, 2013 9:24 AM 50 Loopback Interface Commands PowerConnect provides for the creation, deletion, and management of loopback interfaces. They are dynamic interfaces that are created and deleted by user configuration. A loopback interface is always expected to be up. As such, it provides a means to configure a stable IP address on the device which may be referred to by other switches in the network.
PAGE 1160
2CSPC4.XModular-SWUM204.book Page 1160 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example enters the Interface Loopback 1 configuration mode. console(config)#interface loopback 1 console(config-if-loopback0)#ip address 192.168.22.1 255.255.255.255 console(config-if-loopback0)#exit console(config)#ex console#ping 192.168.22.1 Pinging 192.168.22.1 with 0 bytes of data: Reply From 192.168.22.1: icmp_seq = 0. time <10 msec. Reply From 192.168.22.
PAGE 1161
2CSPC4.XModular-SWUM204.book Page 1161 Friday, March 15, 2013 9:24 AM Examples The following examples display information about configured loopback interfaces. console# show interfaces loopback Loopback Id Interface IP Address Received Packets Sent Packets ----------- --------- ---------- ---------------- ------------ 1 loopback 1 0.0.0.0 0 0 console# show interfaces loopback 1 Interface Link Status.......................... Up IP Address..................................... 0.0.0.0 0.0.0.
PAGE 1162
2CSPC4.XModular-SWUM204.
PAGE 1163
2CSPC4.XModular-SWUM204.book Page 1163 Friday, March 15, 2013 9:24 AM Multicast Commands 51 The PowerConnect Multicast component is best suited for video and audio traffic requiring multicast packet control for optimal operation. The Multicast component includes support for IGMPv2, IGMPv3, PIM-DM, PIM-SM, and DVMRP. Communication from point to multipoint is called Multicasting.
PAGE 1164
2CSPC4.XModular-SWUM204.book Page 1164 Friday, March 15, 2013 9:24 AM • Applications used for datacasting: Since multimedia transmission has become increasingly popular, multicast transmission use has increased. Multicast transmission may be used to efficiently accommodate this type of communication. For instance, the audio and video signals are captured, compressed and transmitted to a group of receiving stations.
PAGE 1165
2CSPC4.XModular-SWUM204.book Page 1165 Friday, March 15, 2013 9:24 AM Syntax ip mcast boundary groupipaddr mask no ip mcast boundary groupipaddr mask • groupipaddr — IP address of multicast group. Valid range is 239.0.0.0 to 239.255.255.255. • mask — IP mask of multicast group. Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines.
PAGE 1166
2CSPC4.XModular-SWUM204.book Page 1166 Friday, March 15, 2013 9:24 AM Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode Usage Guidelines There are no user guidelines for this command. Example console(config)# console(config)#ip mroute 1.1.1.1 255.255.0.0 192.168.20.1 34 ip multicast Use the ip multicast command in Global Configuration mode to set the administrative mode of the IP multicast forwarder in the router to active.
PAGE 1167
2CSPC4.XModular-SWUM204.book Page 1167 Friday, March 15, 2013 9:24 AM User Guidelines Use of a multicast routing protocol is recommended (e.g., PIM, when ip multicast is enabled). Unless required, IGMP/MLD snooping should be disabled when ip multicast is enabled. If a multicast source is connected to a VLAN on which both L3 multicast and IGMP/MLD snooping are enabled, the multicast source is forwarded to the mrouter ports that have been discovered when the multicast source is first seen.
PAGE 1168
2CSPC4.XModular-SWUM204.book Page 1168 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example applies a ttlvalue of 5 to the VLAN 15 routing interface.
PAGE 1169
2CSPC4.XModular-SWUM204.book Page 1169 Friday, March 15, 2013 9:24 AM Example console(config)#ip routing console(config)#ip igmp console(config)#ip multicast console(config)#interface vlan 10 console(if-vlan-10)#ip pim ip pim bsr-border The ip pim bsr-border command is used in Interface (VLAN) Configuration mode to administratively disable bootstrap router (BSR) messages on the interface. Use the no form of this command to return the configuration to the default.
PAGE 1170
2CSPC4.XModular-SWUM204.book Page 1170 Friday, March 15, 2013 9:24 AM ip pim bsr-candidate The ip pim bsr-candidate command is used to configure the router to advertise itself as a bootstrap router (BSR). Use the no form of this command to return to the default configuration. This command replaces the ip pimsm bsr-candidate, ip pimsm cbsrhaskmasklength and ip pimsm cbsrpreference commands.
PAGE 1171
2CSPC4.XModular-SWUM204.book Page 1171 Friday, March 15, 2013 9:24 AM Example console(config)#ip pim bsr-candidate vlan 10 16 0 interval 30 ip pim dense Use the ip pim dense command in Global Configuration mode to administratively configure PIM dense mode for IP multicast routing. Use the no form of this command to disable PIM. Syntax ip pim dense no ip pim dense Default Configuration PIM is not enabled by default.
PAGE 1172
2CSPC4.XModular-SWUM204.book Page 1172 Friday, March 15, 2013 9:24 AM Syntax ip pim dr-priority priority no ip pim dr-priority • priority — The administratively configured priority (Range: 0–2147483647). Default Configuration The default election priority is 1. Command Mode Interface (VLAN) Configuration mode User Guidelines This command only has an effect if sparse mode is enabled. Lower values are preferred.
PAGE 1173
2CSPC4.XModular-SWUM204.book Page 1173 Friday, March 15, 2013 9:24 AM Default Configuration The default hello interval is 30 seconds. Command Mode Interface (VLAN) Configuration mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan10)#ip pim hello-interval 20 ip pim join-prune-interval The ip pim join-prune-interval command in Interface (VLAN) Configuration mode to administratively configure the frequency of join/prune messages on the specified interface.
PAGE 1174
2CSPC4.XModular-SWUM204.book Page 1174 Friday, March 15, 2013 9:24 AM Example console(if-vlan10)#ip pim join-prune-interval 30 ip pim rp-address Use the ip pim rp-address command in Global Configuration mode to define the address of a PIM Rendezvous point (RP) for a specific multicast group range. Use the no form of this command to remove a configured RP. This command replaces the ip pimsm rp-address command.
PAGE 1175
2CSPC4.XModular-SWUM204.book Page 1175 Friday, March 15, 2013 9:24 AM Example console(config)#ip pim rp-address 192.168.21.1 239.1.0.0 255.255.0.0 override ip pim rp-candidate Use the ip pim rp-candidate command in Global Configuration mode to configure the router to advertise itself to the bootstrap router (BSR) router as a PIM candidate rendezvous point (RP) for a specific multicast group range. Use the no form of this command to return to the default configuration.
PAGE 1176
2CSPC4.XModular-SWUM204.book Page 1176 Friday, March 15, 2013 9:24 AM User Guidelines There are no user guidelines for this command. Example console(config)#ip pim rp-candidate vlan 10 239.1.0.0 255.255.0.0 interval 30 ip pim sparse Use the ip pim sparse command in Global Configuration mode to administratively configure PIM sparse mode for IP multicast routing. Use the no form of this command to disable PIM. Syntax ip pim sparse no ip pim sparse Default Configuration PIM not enabled by default.
PAGE 1177
2CSPC4.XModular-SWUM204.book Page 1177 Friday, March 15, 2013 9:24 AM ip pim ssm Use the ip pim ssm command in Global Configuration mode to administratively configure PIM source specific multicast range of addresses for IP multicast routing. Use the no form of this command to remove configured ranges of addresses from the router.
PAGE 1178
2CSPC4.XModular-SWUM204.book Page 1178 Friday, March 15, 2013 9:24 AM Syntax show ip multicast Syntax Description This command has no arguments or keywords. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays system-wide multicast information. console#show ip multicast Admin Mode...........................
PAGE 1179
2CSPC4.XModular-SWUM204.book Page 1179 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays all the configured administrative scoped multicast boundaries.
PAGE 1180
2CSPC4.XModular-SWUM204.book Page 1180 Friday, March 15, 2013 9:24 AM Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays the multicast information for VLAN 15. console#show ip mcast interface vlan 15 Interface TTL --------- ----- show ip mcast mroute Use the show ip mcast mroute command in Privileged EXEC mode to display a summary or all the details of the multicast table.
PAGE 1181
2CSPC4.XModular-SWUM204.book Page 1181 Friday, March 15, 2013 9:24 AM console#show ip mcast mroute detail show ip mcast mroute group Use the show ip mcast mroute group command in Privileged EXEC mode to display the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces, RPF neighboring routers, and expiration times of all the entries in the multicast mroute table containing the groupipaddr value.
PAGE 1182
2CSPC4.XModular-SWUM204.book Page 1182 Friday, March 15, 2013 9:24 AM show ip mcast mroute source Use the show ip mcast mroute source command in Privileged EXEC mode to display the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces, RPF neighboring routers, and expiration times of all the entries in the multicast mroute table containing the sourceipaddr or sourceipaddr | groupipaddr pair value(s).
PAGE 1183
2CSPC4.XModular-SWUM204.book Page 1183 Friday, March 15, 2013 9:24 AM Syntax show ip mcast mroute static [sourceipaddr] • sourceipaddr — IP address of source. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays the static routes configured in the static mcast table.
PAGE 1184
2CSPC4.XModular-SWUM204.book Page 1184 Friday, March 15, 2013 9:24 AM Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines The following information is displayed: Field Description PIM Mode The routers that are enabled for PIM. Example console#show ip pim PIM Mode............................. None If no routers are enabled for PIM, the following message is displayed. None of the routing interfaces are enabled for PIM.
PAGE 1185
2CSPC4.XModular-SWUM204.book Page 1185 Friday, March 15, 2013 9:24 AM User Guidelines The following information is displayed: Field Description BSR address IP address of the BSR. BSR Priority The configured BSR priority. BSR Hash Mask Length The configured hash mask length (32 bits maximum). Next Bootstrap Message Time remaining (in hours, minutes, and seconds) until a in BSR message is sent.
PAGE 1186
2CSPC4.XModular-SWUM204.book Page 1186 Friday, March 15, 2013 9:24 AM Syntax show ip pim interface [vlan vlan-id] vlan-id — A valid VLAN ID for which multicast routing has been enabled.
PAGE 1187
2CSPC4.XModular-SWUM204.book Page 1187 Friday, March 15, 2013 9:24 AM Hello Interval (secs)30 Join Prune Interval (secs)60 DR Priority1 BSR BorderDisabled Neighbor Count1 Designated Router192.168.10.1 InterfaceVLAN0001 ModeSparse Hello Interval (secs)30 Join Prune Interval (secs)60 DR Priority1 BSR BorderDisabled Neighbor Count1 Designated Router192.168.10.
PAGE 1188
2CSPC4.XModular-SWUM204.book Page 1188 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 1189
2CSPC4.XModular-SWUM204.book Page 1189 Friday, March 15, 2013 9:24 AM 192.168.20.2 VLAN0010 00:03:50 00:02:10 If no neighbors are learned on any of the interfaces, the following message is displayed. No neighbors are learned on any interface. show ip pim rp hash The show ip pim rp hash command displays the rendezvous point (RP) selected for the specified group address. Syntax show ip pim rp hash group-address • group-address — A valid multicast address supported by RP.
PAGE 1190
2CSPC4.XModular-SWUM204.book Page 1190 Friday, March 15, 2013 9:24 AM No RP-Group mappings exist/learned on this router.ny interface. show ip pim rp mapping The show ip pim rp mapping command is used in User EXEC and Privileged EXEC modes to display the mappings for the PIM group to the active rendezvous points. This command deprecates the show ip pimsm rp candidate, show ip pimsm staticrp, show ip pimsm rp mapping commands.
PAGE 1191
2CSPC4.XModular-SWUM204.book Page 1191 Friday, March 15, 2013 9:24 AM Group Address.............................. 224.1.2.1 Group Mask................................. 255.255.0.0 Origin..................................... BSR C-RP Advertisement Interval (secs)......... 60 Next Candidate RP Advertisement (hh:mm:ss). 00:00:15 If no RP Group mapping exists on the router, the following message is displayed: No RP-Group mappings exist on this router.
PAGE 1192
2CSPC4.XModular-SWUM204.
PAGE 1193
2CSPC4.XModular-SWUM204.
PAGE 1194
2CSPC4.XModular-SWUM204.book Page 1194 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim ipv6 pim (VLAN Interface config) Use the ipv6 pim command in VLAN Interface configuration mode to administratively enable PIM-SM multicast routing mode on a particular IPv6 router interface. Use the no form of this command to disable PIM SM on an interface.
PAGE 1195
2CSPC4.XModular-SWUM204.book Page 1195 Friday, March 15, 2013 9:24 AM ipv6 pim bsr-border Use the ipv6 pim bsr-border command to prevent bootstrap router (BSR) messages from being sent or received through an interface. Use the no form of this command to disable the interface from being the BSR border. Syntax ipv6 pim bsr-border no ipv6 pim bsr-border Default Configuration BSR-border is disabled by default.
PAGE 1196
2CSPC4.XModular-SWUM204.book Page 1196 Friday, March 15, 2013 9:24 AM • hash-mask-len —The length of a mask that is to be ANDed with the group address before the hash function is called. All groups with the same seed hash correspond to the same RP. For example, if this value is 24, only the first 24 bits of the group addresses matter. This allows you to get one RP for multiple groups. (Range 0–128 bits). • priority —The priority of the candidate BSR. The BSR with the higher priority is preferred.
PAGE 1197
2CSPC4.XModular-SWUM204.book Page 1197 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines Only one of sparse or dense mode can be configured on a router. Example console(config)#ipv6 pim dense ipv6 pim dr-priority Use the ipv6 pim dr-priority command to set the priority value for which a router is elected as the designated router (DR). Use the no form of this command to set the priority to the default.
PAGE 1198
2CSPC4.XModular-SWUM204.book Page 1198 Friday, March 15, 2013 9:24 AM ipv6 pim hello-interval Use the ipv6 pim hello-interval command to configure the PIM-SM Hello Interval for the specified interface. Use the "no" form of this command to set the hello interval to the default. Syntax ipv6 pim hello-interval interval no ipv6 pim hello-interval • interval— The hello interval (Range: 0–65535 seconds). Default Configuration The default hello interval is 30 seconds.
PAGE 1199
2CSPC4.XModular-SWUM204.book Page 1199 Friday, March 15, 2013 9:24 AM Default Configuration The default join/prune interval is 60 seconds. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 pim join-prune-interval 90 ipv6 pim register-rate-limit Use the ipv6 pim register-rate-limit command to set a limit on the maximum number of PIM register messages sent per second for each (S,G) entry.
PAGE 1200
2CSPC4.XModular-SWUM204.book Page 1200 Friday, March 15, 2013 9:24 AM User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim register-rate-limit 10 ipv6 pim register-threshold Use the ipv6 pim register-threshold command to configure the Register Threshold rate for the RP router to switch to the shortest path. Use the "no" form of this command to set the register threshold rate to the default.
PAGE 1201
2CSPC4.XModular-SWUM204.book Page 1201 Friday, March 15, 2013 9:24 AM ipv6 pim rp-address Use the ipv6 pim rp-address command to statically configure the RP address for one or more multicast groups. The optional keyword override indicates that if there is a conflict, the RP configured with this command prevails over the RP learned by BSR. Use the "no" form of this command to remove the RP address for one or more multicast groups.
PAGE 1202
2CSPC4.XModular-SWUM204.book Page 1202 Friday, March 15, 2013 9:24 AM Syntax ipv6 pim rp-candidate vlan vlan-id group-address/prefixlength no ipv6 pim rp-candidate vlan vlan-id • vlan-id— A valid VLAN ID value. • group-address—The group address to display. • prefixlength—This parameter specifies the prefix length of the IP address for the media gateway. (Range: 1–32) Default Configuration The router does not advertise itself as a PIM candidate rendezvous point by default.
PAGE 1203
2CSPC4.XModular-SWUM204.book Page 1203 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines Only one of sparse or dense mode can be configured on a router. Example console(config)#ipv6 pim sparse ipv6 pim spt-threshold Use the ipv6 pim spt-threshold command to configure the Data Threshold rate for the last-hop router to switch to the shortest path. Use the "no" form of this command to set the data threshold to the default.
PAGE 1204
2CSPC4.XModular-SWUM204.book Page 1204 Friday, March 15, 2013 9:24 AM ipv6 pim ssm Use the ipv6 pim ssm command to define the Source Specific Multicast (SSM) range of multicast addresses. Syntax ipv6 pim ssm { default | group-address/prefixlength } • default—Defines the SSM range access list to 232/8. • group-address—Group IP address supported by RP. • prefixlength—This parameter specifies the prefix length of the IP address for the media gateway.
PAGE 1205
2CSPC4.XModular-SWUM204.book Page 1205 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command. Example console#show ipv6 pim Admin Mode..................................... Enabled Data Threshold Rate (Kbps)..................... 1000 Register Threshold Rate (Kbps).................
PAGE 1206
2CSPC4.XModular-SWUM204.book Page 1206 Friday, March 15, 2013 9:24 AM show ipv6 pim bsr Use the show ipv6 pim bsr command to display the bootstrap router (BSR) information. The output includes elected BSR information and information about the locally configured candidate rendezvous point (RP) advertisement. Syntax show ipv6 pim bsr Default Configuration There is no default configuration for this command.
PAGE 1207
2CSPC4.XModular-SWUM204.book Page 1207 Friday, March 15, 2013 9:24 AM Default Configuration There is no default configuration for this command. Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command. Field descriptions are shown in the following table.
PAGE 1208
2CSPC4.XModular-SWUM204.book Page 1208 Friday, March 15, 2013 9:24 AM show ipv6 pim interface Use the show ipv6 pim interface command to display interface config parameters. If no interface is specified, all interfaces are displayed. Syntax show ipv6 pim interface [ vlan vlan-id ] • vlan-id— A valid VLAN ID value. Default Configuration There is no default configuration for this command.
PAGE 1209
2CSPC4.XModular-SWUM204.book Page 1209 Friday, March 15, 2013 9:24 AM • vlan-id —A valid VLAN ID value. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command. Example console#show ipv6 pim neighbor all Slot/Port...................................... vlan 6 Neighbor Address............................... FE80::200:FF:FE00:33 Up Time (hh:mm:ss)........
PAGE 1210
2CSPC4.XModular-SWUM204.book Page 1210 Friday, March 15, 2013 9:24 AM Example console#show ipv6 pim rphash ff1e::/64 RP Type Address ------------------------ ----3001::1 BSR show ipv6 pim rp mapping Use the show ipv6 pim rp mapping command to display all group-to-RP mappings of which the router is aware (either configured or learned from the bootstrap router (BSR). If no RP is specified, all active RPs are displayed Syntax show ipv6 pim rp mapping [ rp-address ] • rp-address — IP address of RP.
PAGE 1211
2CSPC4.XModular-SWUM204.book Page 1211 Friday, March 15, 2013 9:24 AM origin......................................... Static Group Address.................................. FF1E::/64 RP Address..................................... 3001::1 origin.........................................
PAGE 1212
2CSPC4.XModular-SWUM204.
PAGE 1213
2CSPC4.XModular-SWUM204.book Page 1213 Friday, March 15, 2013 9:24 AM OSPF Commands 53 OSPF is a link-state protocol. PowerConnect OSPF supports variable-length subnet masks. PowerConnect OSPF only operates over VLAN interfaces. OSPF operates within a hierarchy. The largest entity within the hierarchy is the autonomous system (AS), a collection of networks under a common administration sharing a common routing strategy. This is sometimes called a routing domain.
PAGE 1214
2CSPC4.XModular-SWUM204.book Page 1214 Friday, March 15, 2013 9:24 AM Route Preferences Normally, OSPF select routes in the following order: • Local • Static • Intra-area • Inter-area • External • RIP PowerConnect OSPF allows the administrator to change the preference for selecting intra, inter, and external routes according to the following rules: a External route preferences apply to all ospf external routes like type1, type2, nssa-type1, nssa-type2 equally.
PAGE 1215
2CSPC4.XModular-SWUM204.book Page 1215 Friday, March 15, 2013 9:24 AM • Learned Dynamically: Routing protocols can learn ECMP routes. For example, if OSPF is configured on both links connecting Router A to Router B with interface addresses 10.1.1.2 and 10.1.2.2 respectively, and Router B advertises its connection to 20.0.0.0/ 8, then Router A computes an OSPF route to 20.0.0.0/8 with next hops of 10.1.1.2 and 10.1.2.2.
PAGE 1216
2CSPC4.XModular-SWUM204.book Page 1216 Friday, March 15, 2013 9:24 AM Graceful Restart The PowerConnect implementation of OSPFv2 supports graceful restart as specified in RFC 3623. Graceful restart works in concert with PowerConnect nonstop forwarding to enable the hardware to continue forwarding IPv4 packets using OSPFv2 routes while a backup unit takes over management unit responsibility.
PAGE 1217
2CSPC4.XModular-SWUM204.
PAGE 1218
2CSPC4.XModular-SWUM204.book Page 1218 Friday, March 15, 2013 9:24 AM • integer — The default cost for the stub area. (Range: 1–16777215) Default Configuration 10 is the default configuration for integer. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example identifies a stub area of 10 and default cost of 100.
PAGE 1219
2CSPC4.XModular-SWUM204.book Page 1219 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description area-id Identifies the OSPF stub area to configure. (Range: IP address or decimal from 0–4294967295) metric-value Specifies the metric of the default route advertised to the NSSA.
PAGE 1220
2CSPC4.XModular-SWUM204.book Page 1220 Friday, March 15, 2013 9:24 AM The following example configures the metric value and type for the default route advertised into the NSSA and configures the NSSA so that summary LSAs are not advertised into the NSSA.
PAGE 1221
2CSPC4.XModular-SWUM204.book Page 1221 Friday, March 15, 2013 9:24 AM Example The following example configures the metric value and type for the default route advertised into the NSSA. console(config-router)#area 20 nssa default-infooriginate 250 non-comparable area nssa no-redistribute Use the area nssa no-redistribute command in Router OSPF Configuration mode to configure the NSSA Area Border router (ABR) so that learned external routes are not redistributed to the NSSA.
PAGE 1222
2CSPC4.XModular-SWUM204.book Page 1222 Friday, March 15, 2013 9:24 AM area nssa no-summary Use the area nssa no-summary command in Router OSPF Configuration mode to configure the NSSA so that summary LSAs are not advertised into the NSSA. Syntax area area-id nssa no-summary no area area-id nssa no-summary • area-id — Identifies the OSPF NSSA to configure. (Range: 0–4294967295) Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode.
PAGE 1223
2CSPC4.XModular-SWUM204.book Page 1223 Friday, March 15, 2013 9:24 AM • always — The router assumes the role of the translator when it becomes a border router. • candidate — The router to participate in the translator election process when it attains border router status. Default Configuration The default role is candidate. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the translator role of the NSSA.
PAGE 1224
2CSPC4.XModular-SWUM204.book Page 1224 Friday, March 15, 2013 9:24 AM Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the translator stability interval of the area 20 NSSA. console(config-router)#area 20 nssa translator-stab-intv 2000 area range (Router OSPF) Use the area range command in Router OSPF Configuration mode to configure a summary prefix that an area border router advertises for a specific area.
PAGE 1225
2CSPC4.XModular-SWUM204.book Page 1225 Friday, March 15, 2013 9:24 AM Parameter Description summarylink When this keyword is given, the area range is used when summarizing prefixes advertised in type 3 summary LSAs. nssaexternallink When this keyword is given, the area range is used when translating type 7 LSAs to type 5 LSAs. advertise [Optional] When this keyword is given, the summary prefix is advertised when the area range is active. This is the default.
PAGE 1226
2CSPC4.XModular-SWUM204.book Page 1226 Friday, March 15, 2013 9:24 AM console (config-router)#area 1 range 10.0.0.0 255.0.0.0 summarylink !! Delete area range console (config-router)#no area 1 range 10.0.0.0 255.0.0.0 summarylink The no form may be used to revert the [advertise | not-advertise] option to its default without deleting the area range. Deleting and recreating the area range would cause OSPF to termporarily advertise the prefixes contained within the range.
PAGE 1227
2CSPC4.XModular-SWUM204.book Page 1227 Friday, March 15, 2013 9:24 AM If the network mask is invalid: console (config-router)#area 1 range 0.0.0.0 0.0.0.0 summarylink An area range mask must have contiguous ones and be no longer than 31 bits. If the prefix is not a valid area range prefix: console (config-router)#area 1 range 0.0.0.0 255.0.0.0 summarylink Cannot create this area range because it represents a default route. console (config-router)#area 1 range 225.0.0.0 255.0.0.0 summarylink 225.0.0.
PAGE 1228
2CSPC4.XModular-SWUM204.book Page 1228 Friday, March 15, 2013 9:24 AM console(config-router)#area 20 range 192.168.6.0 255.255.255.0 summarylink advertise area stub Use the area stub command in Router OSPF Configuration mode to create a stub area for the specified area ID. A stub area is characterized by the fact that AS External LSAs are not propagated into the area. Removing AS External LSAs and Summary LSAs can significantly reduce the link state database of routers within the stub area.
PAGE 1229
2CSPC4.XModular-SWUM204.book Page 1229 Friday, March 15, 2013 9:24 AM area stub no-summary Use the area stub no-summary command in Router OSPF Configuration mode to prevent Summary LSAs from being advertised into the NSSA. Use the no form of the command to return the Summary LSA mode to the default value. Syntax area area-id stub no-summary no area area-id stub no-summary • area-id — Identifies the OSPF area to configure.
PAGE 1230
2CSPC4.XModular-SWUM204.
PAGE 1231
2CSPC4.XModular-SWUM204.book Page 1231 Friday, March 15, 2013 9:24 AM Default Configuration Parameter Default area-id No area ID is predefined. router-id No router ID is predefined. hello-interval seconds 10 seconds retransmit-interval seconds 5 seconds transmit-delay seconds 1 second dead-interval seconds 40 seconds authentication-key key No key is predefined. message-digest-key key-id md5 key No key is predefined. Command Mode Router OSPF Configuration mode.
PAGE 1232
2CSPC4.XModular-SWUM204.book Page 1232 Friday, March 15, 2013 9:24 AM The following example establishes a virtual link with MD5 authentication: router ospf network 10.50.50.0 0.0.0.255 area 10 area 10.0.0.0 virtual-link 10.3.4.5 message-digest-key 100 md5 test123 area virtual-link authentication Use the area virtual-link authentication command in Router OSPF Configuration mode to configure the authentication type and key for the OSPF virtual interface identified by the area ID and neighbor ID.
PAGE 1233
2CSPC4.XModular-SWUM204.book Page 1233 Friday, March 15, 2013 9:24 AM User Guidelines Unauthenticated interfaces cannot be configured with an authentication key. If no parameters are specified after the authentication keyword, then plaintext password authentication is used. Example The following example configures the authentication type and key for the area 10 OSPF virtual interface and neighbor ID. console(config-router)#area 10 virtual-link 192.168.2.
PAGE 1234
2CSPC4.XModular-SWUM204.book Page 1234 Friday, March 15, 2013 9:24 AM Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the dead interval for the area 10 OSPF virtual interface on the virtual interface and neighbor router. console(config-router)#area 10 virtual-link 192.168.2.
PAGE 1235
2CSPC4.XModular-SWUM204.book Page 1235 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example configures a 50-second wait interval. console(config-router)#area 10 virtual-link 192.168.2.
PAGE 1236
2CSPC4.XModular-SWUM204.book Page 1236 Friday, March 15, 2013 9:24 AM Example The following example configures a 500-second retransmit wait interval. console(config-router)#area 10 virtual-link 192.168.2.2 retransmit-interval 500 area virtual-link transmit-delay Use the area virtual-link transmit-delay command in Router OSPF Configuration mode to configure the transmit delay for the OSPF virtual interface identified by the area ID and neighbor ID.
PAGE 1237
2CSPC4.XModular-SWUM204.book Page 1237 Friday, March 15, 2013 9:24 AM console(config-router)#area 10 virtual-link 192.168.2.2 transmit-delay 40 auto-cost By default, OSPF computes the link cost of each interface from the interface bandwidth. The link cost is computed as the ratio of a “reference bandwidth” to the interface bandwidth (ref_bw / interface bandwidth), where interface bandwidth is defined by the “bandwidth” command.
PAGE 1238
2CSPC4.XModular-SWUM204.book Page 1238 Friday, March 15, 2013 9:24 AM bandwidth By default, OSPF computes the link cost of an interface as the ratio of the reference bandwidth to the interface bandwidth. Reference bandwidth is specified with the auto-cost command. For the purpose of the OSPF link cost calculation, the bandwidth command specifies the interface bandwidth. The bandwidth is specified in kilobits per second.
PAGE 1239
2CSPC4.XModular-SWUM204.book Page 1239 Friday, March 15, 2013 9:24 AM no capability opaque Default Configuration Opaque Capability is enabled by default. Command Mode Router Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-router)#capability opaque clear ip ospf Use the clear ip ospf command to reset specific OSPF states. If no parameters are specified, OSPF is disabled and then re-enabled.
PAGE 1240
2CSPC4.XModular-SWUM204.book Page 1240 Friday, March 15, 2013 9:24 AM Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Example The following example shows the options for the clear ip ospf command. console#clear ip ospf ? Press enter to execute the command.
PAGE 1241
2CSPC4.XModular-SWUM204.book Page 1241 Friday, March 15, 2013 9:24 AM User Guidelines OSPF only exits stub router mode if it entered stub router mode because of a resource limitation or if it is in stub router mode at startup. This command has not effect is OSPF is configured to be in stub router mode permanently. compatible rfc1583 Use the compatible rfc1583 command in Router OSPF Configuration mode to enable OSPF 1583 compatibility. Use the no form of the command to disable it.
PAGE 1242
2CSPC4.XModular-SWUM204.book Page 1242 Friday, March 15, 2013 9:24 AM default-information originate (Router OSPF Configuration) Use the default-information originate command in Router OSPF Configuration mode to control the advertisement of default routes. Use the no form of the command to return the default route advertisement settings to the default value.
PAGE 1243
2CSPC4.XModular-SWUM204.book Page 1243 Friday, March 15, 2013 9:24 AM should also have a static default route configured with an upstream ISP router as the destination. The always keyword will cause the router to advertise a default route to its neighbors, even if no valid default route is known. Example The following example always advertises default routes.
PAGE 1244
2CSPC4.XModular-SWUM204.book Page 1244 Friday, March 15, 2013 9:24 AM distance ospf The distance ospf command sets the preference values of OSPF route types in the router. Lower route preference values are preferred when determining the best route. The type of OSPF route can be intra, inter, external. All the external type routes are given the same preference value. Use the no form of this command to reset the preference values to the default.
PAGE 1245
2CSPC4.XModular-SWUM204.book Page 1245 Friday, March 15, 2013 9:24 AM Examples The following examples set route preference values of OSPF in the router. console(config-router)#distance ospf intra 4 console(config-router)#distance ospf type1 19 distribute-list out Use the distribute-list out command in Router OSPF Configuration mode to specify the access list to filter routes received from the source protocol. Use the no form of the command to remove the specified source protocol from the access list.
PAGE 1246
2CSPC4.XModular-SWUM204.book Page 1246 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example specifies the access list to filter routes received from the RIP source protocol. console(config-router)#distribute-list ACL40 out rip enable Use the enable command in Router OSPF Configuration mode to reset the default administrative mode of OSPF in the router (active). Use the no form of the command to disable the administrative mode for OSPF.
PAGE 1247
2CSPC4.XModular-SWUM204.book Page 1247 Friday, March 15, 2013 9:24 AM exit-overflow-interval Use the exit-overflow-interval command in Router OSPF Configuration mode to configure the exit overflow interval for OSPF. When a router leaves the overflow state it can originate non-default AS-external-LSAs. When set to 0, the router will not leave Overflow State until restarted. Use the no form of the command to return the interval to the default value.
PAGE 1248
2CSPC4.XModular-SWUM204.book Page 1248 Friday, March 15, 2013 9:24 AM overflow state. The router never holds more than the external LSDB limit non-default AS-external-LSAs in it database. Use the no form of the command to return the limit to the default value. Syntax external-lsdb-limit integer no external-lsdb-limit • integer — Maximum number of non-default AS-external-LSAs allowed in the router's link-state database. (Range: –1 to 2147483647) Default Configuration -1 is the default configuration.
PAGE 1249
2CSPC4.XModular-SWUM204.book Page 1249 Friday, March 15, 2013 9:24 AM no ip ospf area [secondaries none] • area-id — The ID of the area (Range: IP address or decimal from 0 –4294967295). Default Configuration OSPFv2 is disabled by default. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example console(config-if-vlan1)#ip ospf area 192.168.1.
PAGE 1250
2CSPC4.XModular-SWUM204.book Page 1250 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines Unauthenticated interfaces do not need an authentication key or authentication key ID. Example The following example sets the OSPF Authentication Type and Key for VLAN 15.
PAGE 1251
2CSPC4.XModular-SWUM204.book Page 1251 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example configures the cost on the OSPF interface at 5. console(config-if-vlan15)#ip ospf cost 5 ip ospf database-filter all out Use the ip ospf database-filter all out command in Interface Configuration mode to prevent flooding of OSPF LSAs on an interface. Use the no form of the command to enable flooding of LSAs on an interface.
PAGE 1252
2CSPC4.XModular-SWUM204.book Page 1252 Friday, March 15, 2013 9:24 AM no ip ospf dead-interval • seconds — Number of seconds that a router's Hello packets have not been seen before its neighbor routers declare that the router is down. (Range: 1–65535) Default Configuration 40 is the default number of seconds. Command Mode Interface Configuration (VLAN) mode User Guidelines The value for the length of time must be the same for all routers attached to a common network.
PAGE 1253
2CSPC4.XModular-SWUM204.book Page 1253 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (VLAN) mode. User Guidelines The value for the length of time must be the same for all routers attached to a network. Example The following example sets the OSPF hello interval at 30 seconds. console(config-if-vlan15)#ip ospf hello-interval 30 ip ospf mtu-ignore Use the ip ospf mtu-ignore command in Interface Configuration mode to disable OSPF maximum transmission unit (MTU) mismatch detection.
PAGE 1254
2CSPC4.XModular-SWUM204.book Page 1254 Friday, March 15, 2013 9:24 AM Example The following example disables OSPF MTU mismatch detection on VLAN interface 15. console(config-if-vlan15)#ip ospf mtu-ignore ip ospf network Use the ip ospf network command to configure OSPF to treat an interface as a point-to-point rather than broadcast interface. To return to the default value, use the no form of this command.
PAGE 1255
2CSPC4.XModular-SWUM204.book Page 1255 Friday, March 15, 2013 9:24 AM broadcast Set the OSPF network type to Broadcast point-to-point Set the OSPF network type to Point-to-Point ip ospf priority Use the ip ospf priority command in Interface Configuration mode to set the OSPF priority for the specified router interface. Use the no form of the command to return the priority to the default value.
PAGE 1256
2CSPC4.XModular-SWUM204.book Page 1256 Friday, March 15, 2013 9:24 AM Syntax ip ospf retransmit-interval seconds no ip ospf retransmit-interval • seconds — Number of seconds between link-state advertisement retransmissions for adjacencies belonging to this router interface. This value is also used when retransmitting database description and link-state request packets. (Range: 0–3600 seconds) Default Configuration 5 is the default number of seconds. Command Mode Interface Configuration (VLAN) mode.
PAGE 1257
2CSPC4.XModular-SWUM204.book Page 1257 Friday, March 15, 2013 9:24 AM Default Configuration 1 is the default number of seconds. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example sets the OSPF Transit Delay for VLAN 15 at 20 seconds.
PAGE 1258
2CSPC4.XModular-SWUM204.book Page 1258 Friday, March 15, 2013 9:24 AM Command Mode OSPFv2 Router Configuration mode User Guidelines State changes are logged with INFORMATIONAL severity. max-metric router-lsa Use the max-metric router-lsa command in router OSPF Global Configuration mode to configure OSPF to enable stub router mode. To disable stub router mode, use the no max-metric router-lsa command in OSPFv2 Global Router Configuration mode.
PAGE 1259
2CSPC4.XModular-SWUM204.book Page 1259 Friday, March 15, 2013 9:24 AM User Guidelines When OSPF is in stub router mode, as defined by RFC 3137, OSPF sets the metric in the non-stub links in its router LSA to LsInfinity. Other routers therefore compute very long paths through the stub router, and prefer any alternate path. Doing so eliminates all transit traffic through the stub router, when alternate routes are available.
PAGE 1260
2CSPC4.XModular-SWUM204.book Page 1260 Friday, March 15, 2013 9:24 AM Syntax maximum-paths integer no maximum-paths • integer — Number of paths that OSPF can report for a given destination. (Range: 1–4.) Default Configuration 4 is the integer default value. Command Mode Router OSPF Configuration mode. User Guidelines OSPF is only enabled on an interface if the primary IPv4 address on the interface matches a network area range. Any individual interface can only be attached to a single area.
PAGE 1261
2CSPC4.XModular-SWUM204.book Page 1261 Friday, March 15, 2013 9:24 AM Syntax network ip-address wildcard-mask area area-id no network ip-address wildcard-mask area area-id • ip-address — Base IPv4 address of the network area. • wildcard-mask — The network mask indicating the subnet. • area-id — The ID of the area (Range: IP address or decimal from 0–4294967295). Default Configuration OSPFv2 is disabled Command Mode Router OSPF Configuration mode.
PAGE 1262
2CSPC4.XModular-SWUM204.book Page 1262 Friday, March 15, 2013 9:24 AM Use this command to enable OSPF graceful restart. Use the no form of this command to disable graceful restart. Syntax nsf [ietf] [planned-only] no nsf [ietf] ietf — This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations. Since the IETF implementation is the only one supported, this keyword is optional.
PAGE 1263
2CSPC4.XModular-SWUM204.book Page 1263 Friday, March 15, 2013 9:24 AM nsf helper Use the nsf-helper to allow OSPF to act as a helpful neighbor for a restarting router. Use the “no” form of this command to prevent OSPF from acting as a helpful neighbor. Syntax nsf [ietf] helper[planned-only] no nsf [ietf] helper • planned-only — This keyword indicates that OSPF should only help a restarting router performing a planned restart.
PAGE 1264
2CSPC4.XModular-SWUM204.book Page 1264 Friday, March 15, 2013 9:24 AM no nsf [ietf] helper strict-lsa-checking • ietf —This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations. Since the IETF implementation is the only one supported, this keyword is optional. Default Configuration A helpful neighbor exits helper mode when a topology change occurs.
PAGE 1265
2CSPC4.XModular-SWUM204.book Page 1265 Friday, March 15, 2013 9:24 AM • seconds — The number of seconds that the restarting router asks its neighbors to wait before exiting helper mode. The restarting router includes the restart interval in its grace LSAs (range 1–1800 seconds). Default Configuration The default restart interval is 120 seconds.
PAGE 1266
2CSPC4.XModular-SWUM204.book Page 1266 Friday, March 15, 2013 9:24 AM User Guidelines There are no user guidelines for this command. Example console(config-router)#passive-interface passive-interface Use the passive-interface command to set the interface as passive. It overrides the global passive mode that is currently effective on the interface. Use the “no” form of this command to set the interface as non-passive.
PAGE 1267
2CSPC4.XModular-SWUM204.book Page 1267 Friday, March 15, 2013 9:24 AM redistribute Use the redistribute command in Router OSPF Configuration mode to configure OSPF protocol to allow redistribution of routes from the specified source protocol/routers. Use the no version of the command to disable redistribution from the selected source or to reset options to their default values.
PAGE 1268
2CSPC4.XModular-SWUM204.book Page 1268 Friday, March 15, 2013 9:24 AM Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures OSPF protocol to allow redistribution of routes from the specified source protocol/routers.
PAGE 1269
2CSPC4.XModular-SWUM204.book Page 1269 Friday, March 15, 2013 9:24 AM router ospf Use the router ospf command in Global Configuration mode to enter Router OSPF mode. Syntax router ospf Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines The command prompt changes when the router ospf command executes. Example The following example enters into router OSPF mode.
PAGE 1270
2CSPC4.XModular-SWUM204.book Page 1270 Friday, March 15, 2013 9:24 AM Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config sub-modes User Guidelines Some of the information below displays only if you enable OSPF and configure certain features. The following fields may be displayed: Field Description Router ID A 32-bit integer in dotted decimal format identifying the router about which information is displayed. This is a configured value.
PAGE 1271
2CSPC4.XModular-SWUM204.book Page 1271 Friday, March 15, 2013 9:24 AM AutoCost Ref BW The configured autocost reference bandwidth. This value is used to determine the OSPF metric on its interfaces. The reference bandwidth is divided by the interface speed to compute the metric. Default Passive Setting When enabled, OSPF interfaces are passive by default. Maximum Paths Shows the maximum number of paths that OSPF can report for a given destination. Default Metric Default metric for redistributed routes.
PAGE 1272
2CSPC4.XModular-SWUM204.book Page 1272 Friday, March 15, 2013 9:24 AM Stub Router Reason One of Configured, Startup, or Resource Limitation. This row is only listed if stub router is active. Stub Router Time The remaining time until OSPF exits stub router mode. This Remaining row is only listed if OSPF is in startup stub router mode. External LSDB Overflow OSPF enters this state when the number of external LSAs exceeds a configured limit, as described in RFC 1765.
PAGE 1273
2CSPC4.XModular-SWUM204.book Page 1273 Friday, March 15, 2013 9:24 AM NSF Support Whether graceful restart is administratively enabled. Possible values are Support Always, Disabled, or Planned. NSF Restart Interval The number of seconds a helpful neighbor allows a restarting router to complete its graceful restart. NSF Restart Status Whether the router is currently performing a graceful restart. NSF Restart Age The number of seconds until a graceful restart expires.
PAGE 1274
2CSPC4.XModular-SWUM204.book Page 1274 Friday, March 15, 2013 9:24 AM Exit Overflow Interval................... 0 Spf Delay Time........................... 5 Spf Hold Time............................ 10 Opaque Capability........................ Disable AutoCost Ref BW.......................... 100 Mbps Default Passive Setting.................. Disabled Maximum Paths........................ 4 Default Metric....................... Not configured Default Route Advertise.............. Disabled Always.........
PAGE 1275
2CSPC4.XModular-SWUM204.book Page 1275 Friday, March 15, 2013 9:24 AM NSF Support........................... Disabled NSF Restart Interval.................. 120 NSF Restart Status.................... Not Restarting NSF Restart Age....................... 0 seconds NSF Restart Exit Reason............... Not Attempted NSF Helper Support.................... Always NSF Helper Strict LSA Checking........
PAGE 1276
2CSPC4.XModular-SWUM204.book Page 1276 Friday, March 15, 2013 9:24 AM Metric......................................... Not configured Metric Type.................................... External Type 2 Number of Active Areas......................... 2 (2 normal, 0 stub, 0 nssa) ABR Status..................................... Enable ASBR Status.................................... Disable Stub Router Status............................. Inactive Stub Router Reason.............................
PAGE 1277
2CSPC4.XModular-SWUM204.book Page 1277 Friday, March 15, 2013 9:24 AM Syntax show ip ospf abr Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command. Example console#show ip ospf abr Type Router Id Cost Area ID Next Hop Next Hop Intf ----- --------- ----- --------------- --------- -------- INTRA 3.3.3.3 1 0.0.0.1 10.1.23.3 vlan11 INTRA 4.4.4.
PAGE 1278
2CSPC4.XModular-SWUM204.book Page 1278 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example #1 The following example displays OSPF router information. console#show ip ospf area 10 AreaID......................................... 0.0.0.10 External Routing............................... Import External LSAs Spf Runs....................................... 0 Area Border Router Count..................
PAGE 1279
2CSPC4.XModular-SWUM204.book Page 1279 Friday, March 15, 2013 9:24 AM Default Metric................................. 250 Default Metric Type............................ NonComparable Translator Role................................ Candidate Translator Stability Interval.................. 2000 Translator State............................... Disabled Example #3 The following example shows the length of the area’s flood queue for LSAs waiting to be flooded within the area.
PAGE 1280
2CSPC4.XModular-SWUM204.book Page 1280 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example console#show ip ospf asbr Type Router Id Cost Area ID Next Hop Next Hop Intf ----- ---------- ---- -------- ----------- ----------- INTRA 1.1.1.1 1 0.0.0.1 10.1.12.1 vlan10 INTRA 4.4.4.4 10 0.0.0.1 10.1.24.
PAGE 1281
2CSPC4.XModular-SWUM204.book Page 1281 Friday, March 15, 2013 9:24 AM • ls-id — Specifies the link state ID (LSID). (Range: IP address or an integer in the range of 0–4294967295) • adv-router — Display the LSAs that are restricted by the advertising router. To specify a router, enter the IP address of the router. • self-originate — Display the LSAs in that are self-originated. • opaque-area— Display the area opaque LSAs. • opaque-as— Display AS opaque LSAs.
PAGE 1282
2CSPC4.XModular-SWUM204.book Page 1282 Friday, March 15, 2013 9:24 AM Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----2.2.2.2 20.20.20.20 1165 80000005 f86d -E--O- Network Summary States (Area 0.0.0.0) Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----5.2.0.0 0.0.0.0 1360 80000007 242e ------ Summary ASBR States (Area 0.0.0.
PAGE 1283
2CSPC4.XModular-SWUM204.book Page 1283 Friday, March 15, 2013 9:24 AM 5.2.0.0 0.0.0.0 1362 80000005 e166 ------ AS External States Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----6.0.0.0 5.2.0.0 1364 80000008 e35d AS Opaque States Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----5.2.0.0 0.0.0.
PAGE 1284
2CSPC4.XModular-SWUM204.book Page 1284 Friday, March 15, 2013 9:24 AM User Guidelines The following fields are displayed: Field Description Router Shows Total number of router LSAs in the OSPF link state database. Network Shows Total number of network LSAs in the OSPF link state database. Summary Net Shows Total number of summary network LSAs in the database. Summary ASBR Shows Number of summary ASBR LSAs in the database. Type-7 Ext Shows Total number of Type-7 external LSAs in the database.
PAGE 1285
2CSPC4.XModular-SWUM204.book Page 1285 Friday, March 15, 2013 9:24 AM Type-7 Ext..................................... 0 Self Originated Type-7......................... 0 Opaque Link.................................... 0 Opaque Area.................................... 0 Subtotal....................................... 0 Area 0.0.0.10 database summary Router......................................... 0 Network........................................ 0 Summary Net....................................
PAGE 1286
2CSPC4.XModular-SWUM204.book Page 1286 Friday, March 15, 2013 9:24 AM Total.......................................... 0 show ip ospf interface Use the show ip ospf interface command in Privileged EXEC mode to display the information for the VLAN or loopback interface. The long form of the command displays the configuration of flood blocking.
PAGE 1287
2CSPC4.XModular-SWUM204.book Page 1287 Friday, March 15, 2013 9:24 AM OSPF Admin Mode................................ Enable OSPF Area ID................................... 0.0.0.0 OSPF Network Type.............................. Broadcast Router Priority................................ 1 Retransmit Interval............................ 5 Hello Interval................................. 10 Dead Interval.................................. 40 LSA Ack Interval...............................
PAGE 1288
2CSPC4.XModular-SWUM204.book Page 1288 Friday, March 15, 2013 9:24 AM Dead Interval........................ 12 LSA Ack Interval..................... 1 Transmit Delay....................... 1 Authentication Type.................. None Metric Cost.......................... 100 (computed) Passive Status....................... Non-passive interface OSPF Mtu-ignore...................... Disable Flood Blocking....................... Disable State................................
PAGE 1289
2CSPC4.XModular-SWUM204.book Page 1289 Friday, March 15, 2013 9:24 AM console#show ip ospf interface brief Admin Interface Mode ------------ -------Vl10 Enable Vl20 Enable Vl100 Enable loopback 1 Enable Router Area ID Prior. ----------- -----0.0.0.10 1 0.0.0.1 1 0.0.0.111 1 0.0.0.0 1 Hello Int. Cost Val. ----- ----10 10 10 10 10 10 1 10 Dead Int. Val. ----40 40 40 40 Retrax Int. Val.
PAGE 1290
2CSPC4.XModular-SWUM204.book Page 1290 Friday, March 15, 2013 9:24 AM OSPF Interface Events.................................... 1 Virtual Events........................................... 0 Neighbor Events.......................................... 0 External LSA Count....................................... 0 show ip ospf neighbor Use the show ip ospf neighbor command in Privileged EXEC mode to display information about OSPF neighbors.
PAGE 1291
2CSPC4.XModular-SWUM204.book Page 1291 Friday, March 15, 2013 9:24 AM Interface...................................... 0/25 Neighbor IP Address............................ 172.20.25.3 Interface Index................................ 25 Area Id........................................ 0.0.0.0 Options........................................ 0x2 Router Priority................................ 1 Dead timer due in (secs)....................... 10 Up Time........................................
PAGE 1292
2CSPC4.XModular-SWUM204.book Page 1292 Friday, March 15, 2013 9:24 AM Field Description Events Incremented for the following events: • A DD is received from the neighbor with an MTU mismatch. • The neighbor sent an ACK for an LSA not on the neighbor's retransmit list. • The state of the adjacency changed. Retransmitted LSAs The number of LSAs retransmitted to a given neighbor. Retransmission Queue Length The number of LSAs on the neighbor's retransmit queue waiting for the neighbor to acknowledge.
PAGE 1293
2CSPC4.XModular-SWUM204.book Page 1293 Friday, March 15, 2013 9:24 AM Field Description Restart Helper Exit Reason One of the following values: • Restart Reason — When the router is in helpful neighbor mode, the output includes the restart reason the restarting router sent in its grace LSA. The Restart Reason is the value in the Graceful Restart Reason TLV in the grace LSA sent by the restarting router.
PAGE 1294
2CSPC4.XModular-SWUM204.book Page 1294 Friday, March 15, 2013 9:24 AM Syntax show ip ospf range area-id Field Descriptions Field Description area-id Identifies the OSPF area whose ranges are being displayed. (Range: IP address or decimal from 0–4294967295) Prefix The summary prefix. Subnet Mask The subnetwork mask of the summary prefix. Type S (Summary Link) or E (External Link) Action Advertise or Suppress Cost Metric to be advertised when the range is active.
PAGE 1295
2CSPC4.XModular-SWUM204.book Page 1295 Friday, March 15, 2013 9:24 AM show ip ospf statistics This command displays information about recent Shortest Path First (SPF) calculations. The SPF is the OSPF routing table calculation. The output lists the number of times the SPF has run for each OSPF area. A table follows this information. For each of the 15 most recent SPF runs, the table lists how long ago the SPF ran, how long the SPF took, and the reasons why the SPF was scheduled.
PAGE 1296
2CSPC4.XModular-SWUM204.book Page 1296 Friday, March 15, 2013 9:24 AM RIB Update The time from the completion of the routing table calculation until all changes have been made in the common routing table (the Routing Information Base, or RIB), in milliseconds. Reason The event or events that triggered the SPF.
PAGE 1297
2CSPC4.XModular-SWUM204.book Page 1297 Friday, March 15, 2013 9:24 AM Syntax show ip ospf stub table Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays the OSPF stub table. console(config)#show ip ospf stub table AreaId TypeofService Metric Val Import SummaryLSA ------------- ------------- ---------- ----------------- 0.0.
PAGE 1298
2CSPC4.XModular-SWUM204.book Page 1298 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description OSPFv2 Packet Statistics The number of packets of each type sent and received since OSPF counters were last cleared. LSAs Retransmitted The number of LSAs retransmitted by this router since OSPF counters were last cleared. LS Update Max Receive Rate The maximum rate of LS Update packets received during any 5-second interval since OSPF counters were last cleared.
PAGE 1299
2CSPC4.XModular-SWUM204.book Page 1299 Friday, March 15, 2013 9:24 AM OSPFv2 Packet Statistics Hello Database Desc LS Request LS Update LS ACK Total Recd: 600 500 10 20 50 20 Sent: 480 400 8 16 40 16 LSAs Retransmitted................0 LS Update Max Receive Rate........20 pps LS Update Max Send Rate...........10 pps Number of LSAs Received T1 (Router).......................10 T2 (Network)......................0 T3 (Net Summary)..................300 T4 (ASBR Summary).................
PAGE 1300
2CSPC4.XModular-SWUM204.book Page 1300 Friday, March 15, 2013 9:24 AM show ip ospf virtual-link Use the show ip ospf virtual-link command in Privileged EXEC mode to display the OSPF Virtual Interface information for a specific area and neighbor or for all. Syntax show ip ospf virtual-link [area-id neighbor-id] • area-id — Identifies the OSPF area whose ranges are being displayed. (Range: IP address or decimal from 0–4294967295) • neighbor-id — Identifies the neighbor’s router ID.
PAGE 1301
2CSPC4.XModular-SWUM204.book Page 1301 Friday, March 15, 2013 9:24 AM Metric......................................... 0 Neighbor State................................. down Authentication Type............................ MD5 Authentication Key............................. "test123" Authentication Key ID..........................
PAGE 1302
2CSPC4.XModular-SWUM204.book Page 1302 Friday, March 15, 2013 9:24 AM timers pacing flood Use the timers pacing flood command in router OSPF Global Configuration mode to adjust the rate at which OSPFv2 sends LS Update packets. Use the no form of the command to return the timer pacing to the default value. Syntax timers pacing flood milliseconds no timers pacing flood Parameter Description Parameter Description milliseconds The average time between transmission of LS Update packets.
PAGE 1303
2CSPC4.XModular-SWUM204.book Page 1303 Friday, March 15, 2013 9:24 AM Syntax timers pacing lsa-group seconds Parameter Description Parameter Description seconds Width of the window in which LSAs are refreshed. The range for the pacing group window is from 10 to 1800 seconds. Default Configuration The default timer pacing is 60 seconds. Command Mode OSPFv2 Global Configuration mode User Guidelines OSPF refreshes self-originated LSAs approximately once every 30 minutes.
PAGE 1304
2CSPC4.XModular-SWUM204.book Page 1304 Friday, March 15, 2013 9:24 AM • delay-time — SPF delay time. (Range: 0–65535 seconds) • hold-time — SPF hold time. (Range: 0–65535 seconds) Default Configuration The default value for delay-time is 5. The default value for hold-time is 10. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the SPF delay and hold time.
PAGE 1305
2CSPC4.XModular-SWUM204.
PAGE 1306
2CSPC4.XModular-SWUM204.book Page 1306 Friday, March 15, 2013 9:24 AM area virtual-link hello-interval ipv6 ospf mtuignore area virtual-link ipv6 ospf network retransmit-interval router-id show ipv6 ospf virtuallinks show ipv6 ospf show ipv6 ospf virtuallink brief area default-cost (Router OSPFv3) Use the area default-cost command in Router OSPFv3 Configuration mode to configure the monetary default cost for the stub area.
PAGE 1307
2CSPC4.XModular-SWUM204.book Page 1307 Friday, March 15, 2013 9:24 AM area nssa (Router OSPFv3) Use the area nssa command in Router OSPF Configuration mode to configure the specified area ID to function as an NSSA. If the area has not been previously created, this command creates the area and then applies the NSSA distinction. If the area already exists, the NSSA distinction is added or modified. Use the no form of the command to remove the NSSA distinction from the area.
PAGE 1308
2CSPC4.XModular-SWUM204.book Page 1308 Friday, March 15, 2013 9:24 AM Default Configuration If no metric is defined, 10 is the default configuration. The default role is candidate. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures not-so-stubby-area 10 as an NSSA.
PAGE 1309
2CSPC4.XModular-SWUM204.book Page 1309 Friday, March 15, 2013 9:24 AM • areaid — Valid OSPFv3 area identifier. • metric — Metric value for default route. (Range: 1-16777214) • comparable — Metric Type (nssa-external 1). • non-comparable — Metric Type (nssa-external 2). Default Configuration If no metric is defined, 10 is the default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines.
PAGE 1310
2CSPC4.XModular-SWUM204.book Page 1310 Friday, March 15, 2013 9:24 AM Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the area 1 NSSA ABR so that learned external routes will not be redistributed to the NSSA.
PAGE 1311
2CSPC4.XModular-SWUM204.book Page 1311 Friday, March 15, 2013 9:24 AM Example The following example configures the area 1 NSSA so that summary LSAs are not advertised into the NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 nssa no-summary area nssa translator-role Use the area nssa translator-role command in Router OSPFv3 Configuration mode to configure the translator role of the NSSA. Use the no form of the command to remove the configuration.
PAGE 1312
2CSPC4.XModular-SWUM204.book Page 1312 Friday, March 15, 2013 9:24 AM console(config-rtr)#area 1 nssa translator-role always area nssa translator-stab-intv Use the area nssa translator-stab-intv command in Router OSPFv3 Configuration mode to configure the translator stability interval of the NSSA. The stability interval is the period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router.
PAGE 1313
2CSPC4.XModular-SWUM204.book Page 1313 Friday, March 15, 2013 9:24 AM area range (Router OSPFv3) Use the area range command in Router OSPF Configuration mode to configure a summary prefix for routes learned in a given area. If the area has not been previously created, this command creates the area and then applies the range parameters. There are two types of area ranges. An area range can be configured to summarize intra-area routes.
PAGE 1314
2CSPC4.XModular-SWUM204.book Page 1314 Friday, March 15, 2013 9:24 AM User Guidelines The LSDB type must be specified by either summarylink or nssaexternallink, and the advertising of the area range can be allowed or suppressed. Example The following example creates an area range for the area 1 NSSA.
PAGE 1315
2CSPC4.XModular-SWUM204.book Page 1315 Friday, March 15, 2013 9:24 AM Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example creates a stub area for area 1. console(config)#ipv6 router ospf console(config-rtr)#area 1 stub area stub no-summary Use the area stub no-summary command in Router OSPFv3 Configuration mode disable the import of Summary LSAs for the stub area identified by area-id.
PAGE 1316
2CSPC4.XModular-SWUM204.book Page 1316 Friday, March 15, 2013 9:24 AM Example The following example prevents Summary LSAs from being advertised into the area 1 NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 stub no-summary area virtual-link Use the area virtual-link command in Router OSPFv3 Configuration mode to create the OSPF virtual interface for the specified area-id and neighbor router.
PAGE 1317
2CSPC4.XModular-SWUM204.book Page 1317 Friday, March 15, 2013 9:24 AM Default Configuration Parameter Default area-id No area ID is predefined. router-id No router ID is predefined. hello-interval seconds 10 seconds retransmit-interval seconds 5 seconds transmit-delay seconds 1 second dead-interval seconds 40 seconds Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines.
PAGE 1318
2CSPC4.XModular-SWUM204.book Page 1318 Friday, March 15, 2013 9:24 AM area virtual-link dead-interval Use the area virtual-link dead-interval command in Router OSPFv3 Configuration mode to configure the dead interval for the OSPF virtual interface on the virtual interface identified by areaid and neighbor. Syntax area areaid virtual-link neighbor dead-interval seconds no area areaid virtual-link neighbor dead-interval • areaid — Valid OSPFv3 area identifier. • neighbor — Router ID of neighbor.
PAGE 1319
2CSPC4.XModular-SWUM204.book Page 1319 Friday, March 15, 2013 9:24 AM Syntax area areaid virtual-link neighbor hello-interval seconds no area areaid virtual-link neighbor hello-interval • areaid — Valid OSPFv3 area identifier. • neighbor — Router ID of neighbor. • seconds — Hello interval. (Range: 1-65535) Default Configuration 10 is the default value for seconds. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines.
PAGE 1320
2CSPC4.XModular-SWUM204.book Page 1320 Friday, March 15, 2013 9:24 AM • seconds — Retransmit interval. (Range: 0-3600) Default Configuration 5 is the default value for seconds. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the retransmit interval of 20 seconds for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor.
PAGE 1321
2CSPC4.XModular-SWUM204.book Page 1321 Friday, March 15, 2013 9:24 AM Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures a 20-second transmit delay for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor.
PAGE 1322
2CSPC4.XModular-SWUM204.book Page 1322 Friday, March 15, 2013 9:24 AM Default Configuration The default metric is none and the default type is 2. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example controls the advertisement of default routes by defining a metric value of 100 and metric type 2.
PAGE 1323
2CSPC4.XModular-SWUM204.book Page 1323 Friday, March 15, 2013 9:24 AM Example The following example sets a default of 100 for the metric of distributed routes. console(config)#ipv6 router ospf console(config-rtr)#default-metric 100 distance ospf The distance ospf command sets the preference values of OSPF route types in the router. Lower route preference values are preferred when determining the best route. The type of OSPF route can be intra, inter, external.
PAGE 1324
2CSPC4.XModular-SWUM204.book Page 1324 Friday, March 15, 2013 9:24 AM console(config)#ipv6 router ospf console(config-rtr)#distance ospf intra 100 enable Use the enable command in Router OSPFv3 Configuration mode to enable administrative mode of OSPF in the router (active). Syntax enable no enable Default Configuration Enabled is the default state. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines.
PAGE 1325
2CSPC4.XModular-SWUM204.book Page 1325 Friday, March 15, 2013 9:24 AM Syntax exit-overflow-interval seconds no exit-overflow-interval • seconds — Exit overflow interval for OSPF (Range: 0-2147483647) Default Configuration 0 is the default value for seconds. Command Mode Router OSPFv3 Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the exit overflow interval for OSPF at 100 seconds.
PAGE 1326
2CSPC4.XModular-SWUM204.book Page 1326 Friday, March 15, 2013 9:24 AM • limit — External LSDB limit for OSPF (Range: -1-2147483647) Default Configuration -1 is the default value for limit. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets the external LSDB limit at 100 for OSPF.
PAGE 1327
2CSPC4.XModular-SWUM204.book Page 1327 Friday, March 15, 2013 9:24 AM Example The following example enables OSPF on VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf ipv6 ospf area Use the ipv6 ospf area areaid command in Interface Configuration mode to set the OSPF area to which the specified router interface belongs. Syntax ipv6 ospf area areaid no ipv6 ospf area areaid • areaid — Is a 32-bit integer, formatted as a 4-digit dotted-decimal number or a decimal value.
PAGE 1328
2CSPC4.XModular-SWUM204.book Page 1328 Friday, March 15, 2013 9:24 AM ipv6 ospf cost Use the ipv6 ospf cost command in Interface Configuration mode to configure the cost on an OSPF interface. Use the no form of the command to return the cost to the default value. Syntax ipv6 ospf cost interface-cost no ipv6 ospf cost • interface-cost — Specifies the cost (link-state metric) of the OSPF interface. (Range: 1–65535) Default Configuration 10 is the default link-state metric configuration.
PAGE 1329
2CSPC4.XModular-SWUM204.book Page 1329 Friday, March 15, 2013 9:24 AM • seconds — A valid positive integer, which represents the length of time in seconds that a router's Hello packets have not been seen before its neighbor routers declare that the router is down. The value for the length of time must be the same for all routers attached to a common network. This value should be some multiple of the Hello Interval (i.e. 4).
PAGE 1330
2CSPC4.XModular-SWUM204.book Page 1330 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines This command has no user guidelines. Example The following example sets the OSPF hello interval at 15 seconds.
PAGE 1331
2CSPC4.XModular-SWUM204.book Page 1331 Friday, March 15, 2013 9:24 AM Example The following example disables OSPF maximum transmission unit (MTU) mismatch detection. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf mtu-ignore ipv6 ospf network Use the ipv6 ospf network command in Interface Configuration mode to change the default OSPF network type for the interface. Use the no form of the command to return the network setting to the default value.
PAGE 1332
2CSPC4.XModular-SWUM204.book Page 1332 Friday, March 15, 2013 9:24 AM Example The following example changes the default OSPF network type to point-topoint. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf network point-topoint ipv6 ospf priority Use the ipv6 ospf priority command in Interface Configuration mode to set the OSPF priority for the specified router interface. Use the no form of the command to return the priority to the default value.
PAGE 1333
2CSPC4.XModular-SWUM204.book Page 1333 Friday, March 15, 2013 9:24 AM ipv6 ospf retransmit-interval Use the ipv6 ospf retransmit-interval command in Interface Configuration mode to set the OSPF retransmit interval for the specified interface. Syntax ipv6 ospf retransmit-interval seconds no ipv6 ospf retransmit-interval • seconds — The number of seconds between link-state advertisement retransmissions for adjacencies belonging to this router interface.
PAGE 1334
2CSPC4.XModular-SWUM204.book Page 1334 Friday, March 15, 2013 9:24 AM • seconds — OSPF transmit delay for the specified interface. In addition, it sets the estimated number of seconds it takes to transmit a link state update packet over this interface. (Range: 1 to 3600 seconds) Default Configuration No default value. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines This command has no user guidelines.
PAGE 1335
2CSPC4.XModular-SWUM204.book Page 1335 Friday, March 15, 2013 9:24 AM Example Use the following command to enable OSPFv3. console(config)#ipv6 router ospf maximum-paths Use the maximum-paths command in Router OSPFv3 Configuration mode to set the number of paths that OSPF can report for a given destination. Syntax maximum-paths maxpaths no maximum-paths • maxpaths — Number of paths that can be reported. (Range: 1-2) Default Configuration 2 is the default value for maxpaths.
PAGE 1336
2CSPC4.XModular-SWUM204.book Page 1336 Friday, March 15, 2013 9:24 AM Syntax nsf [ietf] [planned-only] no nsf [ietf] ietf — This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations. Since the IETF implementation is the only one supported, this keyword is optional. planned-only — This keyword indicates that OSPF should only perform a graceful restart when the restart is planned (i.e., when the restart is a result of the initiate failover command).
PAGE 1337
2CSPC4.XModular-SWUM204.book Page 1337 Friday, March 15, 2013 9:24 AM Syntax nsf helper[planned-only] no nsf helper • planned-only — This keyword indicates that OSPF should only help a restarting router performing a planned restart. Default Configuration OSPF may act as a helpful neighbor for both planned and unplanned restarts Command Mode Router OSPFv3 Configuration mode User Guidelines The grace LSA announcing the graceful restart includes a restart reason.
PAGE 1338
2CSPC4.XModular-SWUM204.book Page 1338 Friday, March 15, 2013 9:24 AM Default Configuration A helpful neighbor exits helper mode when a topology change occurs. Command Mode Router OSPFv3 Configuration mode User Guidelines The restarting router is unable to react to topology changes. In particular, the restarting router will not immediately update its forwarding table; therefore, a topology change may introduce forwarding loops or black holes that persist until the graceful restart completes.
PAGE 1339
2CSPC4.XModular-SWUM204.book Page 1339 Friday, March 15, 2013 9:24 AM Command Mode Router OSPFv3 Configuration mode User Guidelines The grace period must be set long enough to allow the restarting router to reestablish all of its adjacencies and complete a full database exchange with each of those neighbors. passive-interface Use the passive-interface command to set the interface or tunnel as passive. It overrides the global passive mode that is currently effective on the interface or tunnel.
PAGE 1340
2CSPC4.XModular-SWUM204.book Page 1340 Friday, March 15, 2013 9:24 AM passive-interface default The passive-interface default command enables the global passive mode by default for all interfaces. It overrides any interface level passive mode. Use the “no” form of this command to disable the global passive mode by default for all interfaces. Any interface previously configured to be passive reverts to nonpassive mode.
PAGE 1341
2CSPC4.XModular-SWUM204.book Page 1341 Friday, March 15, 2013 9:24 AM • tag — Tag. (Range: 0-4294967295) Default Configuration 2 is the default value for metric-type, 0 for tag. Command Mode Router OSPFv3 Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the OSPFv3 protocol to allow redistribution of routes from the specified source protocol/routers.
PAGE 1342
2CSPC4.XModular-SWUM204.book Page 1342 Friday, March 15, 2013 9:24 AM Example The following example sets a 4-digit dotted-decimal number identifying the Router OSPF ID as 2.3.4.5. console(config)#ipv6 router ospf console(config-rtr)#router-id 2.3.4.5 show ipv6 ospf Use the show ipv6 ospf command in Privileged EXEC mode to display information relevant to the OSPF router. Syntax show ipv6 ospf [area-id] area-id — Identifier for the OSPF area being displayed.
PAGE 1343
2CSPC4.XModular-SWUM204.book Page 1343 Friday, March 15, 2013 9:24 AM Exit Overflow Interval Shows the number of seconds that, after entering OverflowState, as defined by RFC 1765, a router will attempt to leave OverflowState. AutoCost Ref BW The configured autocost reference bandwidth. This value is used to determine the OSPF metric on its interfaces. The reference bandwidth is divided by the interface speed to compute the metric.
PAGE 1344
2CSPC4.XModular-SWUM204.book Page 1344 Friday, March 15, 2013 9:24 AM Stub Router OSPF enters stub router mode, as described in RFC 3137, when it encounters a resource limitation that prevents it from computing a complete routing table.
PAGE 1345
2CSPC4.XModular-SWUM204.book Page 1345 Friday, March 15, 2013 9:24 AM NSF Restart Interval The number of seconds a helpful neighbor allows a restarting router to complete its graceful restart. NSF Restart Status Whether the router is currently performing a graceful restart. NSF Restart Age The number of seconds until a graceful restart expires. Only non-zero when the router is in graceful restart. NSF Restart Exit Reason The reason the previous graceful restart ended.
PAGE 1346
2CSPC4.XModular-SWUM204.book Page 1346 Friday, March 15, 2013 9:24 AM New LSAs Originated............................ 0 LSAs Received.................................. 0 External LSDB Limit............................ No Limit Default Metric................................. Not Configured Maximum Paths.................................. 2 Default Route Advertise........................ Disabled Always......................................... FALSE Metric......................................... Metric Type.
PAGE 1347
2CSPC4.XModular-SWUM204.book Page 1347 Friday, March 15, 2013 9:24 AM ---- -------- ---- -------- ----------------------- ----- INTRA 3.3.3.3 10 0.0.0.1 FE80::211:88FF:FE2A:3CB3 vlan11 INTRA 4.4.4.4 10 0.0.0.1 FE80::210:18FF:FE82:8E1 vlan12 show ipv6 ospf area Use the show ipv6 ospf area command in Privileged EXEC mode to display information about the area. Syntax show ipv6 ospf area areaid • areaid — Identifier for the OSPF area being displayed.
PAGE 1348
2CSPC4.XModular-SWUM204.book Page 1348 Friday, March 15, 2013 9:24 AM show ipv6 ospf asbr The show ipv6 ospf asbr command displays the internal OSPFv3 routes to reach Autonomous System Boundary Routes (ASBR). This command takes no options. Syntax show ipv6 ospf asbr Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 1349
2CSPC4.XModular-SWUM204.book Page 1349 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes show ipv6 ospf database Use the show ipv6 ospf database command in Privileged EXEC mode to display information about the link state database when OSPFv3 is enabled. If no parameters are entered, the command displays the LSA headers.
PAGE 1350
2CSPC4.XModular-SWUM204.book Page 1350 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays information about the link state database when OSPFv3 is enabled. console#show ipv6 ospf database Router Link States (Area 0.0.0.
PAGE 1351
2CSPC4.XModular-SWUM204.book Page 1351 Friday, March 15, 2013 9:24 AM Adv Router Link Id Age Sequence Csum Options Rtr Opt -------------- --------------- ----- -------- ---- ------- ------1.1.1.1 634 700 80000008 2D89 V6E--R- 2.2.2.2 634 689 8000000A 6F82 V6E--R- 2.2.2.2 635 590 80000001 7782 V6E--R- Intra Prefix Adv Router States (Area 0.0.0.0) Link Id Age Sequence Csum Options Rtr Opt -------------- --------------- ----- -------- ---- ------- ------1.1.1.1 0 1 8000003C 9F31 2.2.
PAGE 1352
2CSPC4.XModular-SWUM204.book Page 1352 Friday, March 15, 2013 9:24 AM 1.1.1.1 634 441 80000003 B877 V6E--R- 2.2.2.2 634 433 80000003 FE6E V6E--R- Intra Prefix Adv Router States (Area 0.0.0.1) Link Id Age Sequence Csum Options Rtr Opt -------------- --------------- ----- -------- ---- ------- ------1.1.1.1 0 6 8000003A 37C4 2.2.2.2 0 1 8000004F 439A 1.1.1.
PAGE 1353
2CSPC4.XModular-SWUM204.book Page 1353 Friday, March 15, 2013 9:24 AM console#show ipv6 ospf database database-summary OSPF Router with ID (0.0.0.2) Router database summary Router......................................... 0 Network........................................ 0 Inter-area Prefix.............................. 0 Inter-area Router.............................. 0 Type-7 Ext..................................... 0 Link........................................... 0 Intra-area Prefix.....................
PAGE 1354
2CSPC4.XModular-SWUM204.book Page 1354 Friday, March 15, 2013 9:24 AM Parameter Description interface-number The valid interface number, a valid VLAN ID, tunnel identifier (Range: 0–7) or loopback identifier (Range: 0–7). Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 1355
2CSPC4.XModular-SWUM204.book Page 1355 Friday, March 15, 2013 9:24 AM show ipv6 ospf interface brief Use the show ipv6 ospf interface brief command in Privileged EXEC mode to display brief information for the IFO object or virtual interface tables. Syntax show ipv6 ospf interface brief Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 1356
2CSPC4.XModular-SWUM204.book Page 1356 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode User EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays the interface statistics for VLAN 5. console>show ipv6 ospf interface stats vlan 5 OSPFv3 Area ID................................. 0.0.0.1 Spf Runs.......................................
PAGE 1357
2CSPC4.XModular-SWUM204.book Page 1357 Friday, March 15, 2013 9:24 AM Invalid OSPF Packet Type....................... 0 Sent Received -------------------- Packet Type ---------- ---------- Hello 295 Database Description 10 LS Request 4 LS Update 521 398 LS Acknowledgement 209 282 219 14 4 show ipv6 ospf interface vlan Use the show ipv6 ospf interface vlan command in Privileged EXEC mode to display OSPFv3 configuration and status information for a specific vlan.
PAGE 1358
2CSPC4.XModular-SWUM204.book Page 1358 Friday, March 15, 2013 9:24 AM OSPF Admin Mode.......................... Enable OSPF Area ID............................. 0.0.0.1 Router Priority.......................... 1 Retransmit Interval...................... 5 Hello Interval........................... 10 Dead Interval............................ 40 LSA Ack Interval......................... 1 Iftransit Delay Interval................. 1 Authentication Type...................... None Metric Cost..................
PAGE 1359
2CSPC4.XModular-SWUM204.book Page 1359 Friday, March 15, 2013 9:24 AM Syntax Description Parameter Description interface-type Interface type, vlan or tunnel. interface-number A valid interface number, a valid VLAN ID or tunnel identifier. (Range is 0-7). neighbor-id Valid IP address of the neighbor about which information is displayed. Default Configuration This command has no default configuration.
PAGE 1360
2CSPC4.XModular-SWUM204.book Page 1360 Friday, March 15, 2013 9:24 AM Dead Interval.................................. 40 LSA Ack Interval............................... 1 Iftransit Delay Interval....................... 1 Authentication Type............................ None Metric Cost.................................... 1 (computed) OSPF Mtu-ignore................................ Disable OSPF cannot be initialized on this interface.
PAGE 1361
2CSPC4.XModular-SWUM204.book Page 1361 Friday, March 15, 2013 9:24 AM show ipv6 ospf stub table Use the show ipv6 ospf stub table command in Privileged EXEC mode to display the OSPF stub table. The information below will only be displayed if OSPF is initialized on the switch. Syntax show ipv6 ospf stub table Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 1362
2CSPC4.XModular-SWUM204.book Page 1362 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays the OSPF Virtual Interface information for area 1 and its neighbor. console#show ipv6 ospf virtual-link 1 1.1.1.1 Area ID........................................ 1 Neighbor Router ID................
PAGE 1363
2CSPC4.XModular-SWUM204.book Page 1363 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays the OSPF stub table.
PAGE 1364
2CSPC4.XModular-SWUM204.
PAGE 1365
2CSPC4.XModular-SWUM204.book Page 1365 Friday, March 15, 2013 9:24 AM Router Discovery Protocol Commands 55 Routers can be configured to periodically send router discovery messages to announce their presence to locally attached hosts. The router discovery message advertises one or more IP addresses on the router that hosts can use as their default gateway.
PAGE 1366
2CSPC4.XModular-SWUM204.book Page 1366 Friday, March 15, 2013 9:24 AM Syntax Description Parameter Description multicast Configure the address that the interface uses to send the router discovery advertisements to be 224.0.0.1, the all-hosts IP multicast address. Use the no form of the command to use 255.255.255.255, the limited broadcast address. holdtime seconds Integer value in seconds of the holdtime field of the router advertisement sent from this interface.
PAGE 1367
2CSPC4.XModular-SWUM204.book Page 1367 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example enables router discovery on the selected interface. console(config)#interface vlan 15 console(config-if-vlan15)#ip irdp ip irdp address Use the ip irdp address command in Interface Configuration mode to configure the address that the interface uses to send the router discovery advertisements.
PAGE 1368
2CSPC4.XModular-SWUM204.book Page 1368 Friday, March 15, 2013 9:24 AM Example The following example sets the limited broadcast address as the IP address for router discovery advertisements. console(config)#interface vlan 15 console(config-if-vlan15)#ip irdp address 255.255.255.255 ip irdp holdtime Use the ip irdp holdtime command in Interface Configuration mode to configure the value, in seconds, of the holdtime field of the router advertisement sent from this interface.
PAGE 1369
2CSPC4.XModular-SWUM204.book Page 1369 Friday, March 15, 2013 9:24 AM console(config-if-vlan15)#ip irdp holdtime 2000 ip irdp maxadvertinterval Use the ip irdp maxadvertinterval command in Interface Configuration mode to configure the maximum time, in seconds, allowed between sending router advertisements from the interface. Use the no form of the command to set the time to the default value.
PAGE 1370
2CSPC4.XModular-SWUM204.book Page 1370 Friday, March 15, 2013 9:24 AM Example The following example sets maximum advertisement interval at 600 seconds for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip irdp maxadvertinterval 600 ip irdp minadvertinterval Use the ip irdp minadvertinterval command in Interface Configuration mode to configure the minimum time, in seconds, allowed between sending router advertisements from the interface.
PAGE 1371
2CSPC4.XModular-SWUM204.book Page 1371 Friday, March 15, 2013 9:24 AM ip irdp multicast To send router advertisements as IP multicast packets, use the ip irdp multicast command in Interface Configuration mode. To send router advertisements to the limited broadcast address (255.255.255.255), use the no form of this command. Syntax ip irdp multicast no ip irdp multicast Default Configuration Router discovery packets are sent to the all hosts IP multicast address (224.0.0.1) by default.
PAGE 1372
2CSPC4.XModular-SWUM204.book Page 1372 Friday, March 15, 2013 9:24 AM Syntax ip irdp preference integer no ip irdp preference • integer — Preference of the address as a default router address, relative to other router addresses on the same subnet. (Range: -2147483648 to 2147483647) Default Configuration 0 is the default value. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines.
PAGE 1373
2CSPC4.XModular-SWUM204.book Page 1373 Friday, March 15, 2013 9:24 AM Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example shows router discovery information for VLAN 15. console#show ip irdp vlan 15 Interface Ad Mode --------- ------- vlan15 Enable Advertise Address Max Int Min Int Hold Time Preference ----------------- ------- ------- -------- ---------224.0.0.
PAGE 1374
2CSPC4.XModular-SWUM204.
PAGE 1375
2CSPC4.XModular-SWUM204.book Page 1375 Friday, March 15, 2013 9:24 AM Routing Information Protocol Commands 56 The Routing Information Protocol (RIP) has been a long-standing protocol used by routers for exchanging route information. RIP is a distance vector protocol whereby each route is characterized by the number of gateways, or hops, a packet must traverse to reach its intended destination. Categorized as an interior gateway protocol, RIP operates within the scope of an autonomous system.
PAGE 1376
2CSPC4.XModular-SWUM204.book Page 1376 Friday, March 15, 2013 9:24 AM Syntax auto-summary no auto-summary Default Configuration Disabled is the default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example console(config-router)#auto-summary default-information originate (Router RIP Configuration) Use the default-information originate command in Router RIP Configuration mode to control the advertisement of default routes.
PAGE 1377
2CSPC4.XModular-SWUM204.book Page 1377 Friday, March 15, 2013 9:24 AM User Guidelines Only routers that actually have Internet connectivity should advertise a default route. All other routers in the network should learn the default route from routers that have connections out to the Internet. Example console(config-router)#default-information originate default-metric Use the default-metric command in Router RIP Configuration mode to set a default for the metric of distributed routes.
PAGE 1378
2CSPC4.XModular-SWUM204.book Page 1378 Friday, March 15, 2013 9:24 AM distance rip Use the distance rip command in Router RIP Configuration mode to set the route preference value of RIP in the router. Lower route preference values are preferred when determining the best route. Use the no form of the command to return the preference to the default value. Syntax distance rip integer no distance rip • integer — RIP route preference. (Range: 1-255) Default Configuration 15 is the default configuration.
PAGE 1379
2CSPC4.XModular-SWUM204.book Page 1379 Friday, March 15, 2013 9:24 AM no distribute-list accesslistname out {ospf | static | connected} • accesslistname — The name used to identify the existing ACL. The range is 1-31 characters. • ospf — Apply the specific access list when OSPF is the source protocol. • static — Apply the specified access list when packets come through a static route. • connected — Apply the specified access list when packets come from a directly connected route.
PAGE 1380
2CSPC4.XModular-SWUM204.book Page 1380 Friday, March 15, 2013 9:24 AM Default Configuration Enabled is the default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example console(config-router)#enable hostroutesaccept Use the hostroutesaccept command in Router RIP Configuration mode to enable the RIP hostroutesaccept mode. Use the no form of the command to disable the RIP hostroutesaccept mode.
PAGE 1381
2CSPC4.XModular-SWUM204.book Page 1381 Friday, March 15, 2013 9:24 AM ip rip Use the ip rip command in Interface Configuration mode to enable RIP on a router interface. Use the no form of the command to disable RIP on the interface. Syntax ip rip no ip rip Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines.
PAGE 1382
2CSPC4.XModular-SWUM204.book Page 1382 Friday, March 15, 2013 9:24 AM • simple—Use simple authentication on the VLAN. • key — Authentication key for the VLAN. (Range: 16 bytes or less) • encrypt — Use MD5 encryption for the RIP interface. • key-id — Authentication key identifier for authentication type encrypt. (Range: 0-255) Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines.
PAGE 1383
2CSPC4.XModular-SWUM204.book Page 1383 Friday, March 15, 2013 9:24 AM Default Configuration Both is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example allows no RIP control packets to be received by VLAN 11.
PAGE 1384
2CSPC4.XModular-SWUM204.book Page 1384 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example allows no RIP control packets to be sent by VLAN 11. console(config-if-vlan11)#ip rip send version none redistribute The redistribute command configures RIP protocol to redistribute routes from the specified source protocol/routers. If the source protocol is OSPF, there are five possible match options.
PAGE 1385
2CSPC4.XModular-SWUM204.book Page 1385 Friday, March 15, 2013 9:24 AM • connected — Redistributes directly-connected routes. Default Configuration metric integer — not configured match — internal Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines.
PAGE 1386
2CSPC4.XModular-SWUM204.book Page 1386 Friday, March 15, 2013 9:24 AM console(config)#router rip console(config-router)# show ip rip Use the show ip rip command in Privileged EXEC mode to display information relevant to the RIP router. Syntax show ip rip Default Configuration The command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 1387
2CSPC4.XModular-SWUM204.book Page 1387 Friday, March 15, 2013 9:24 AM Metric......................................... 2 Distribute List................................ Not configured Redistributing................................. Source......................................... ospf Metric......................................... 10 Match Value.................................... 'nssa-external 1' Distribute List................................
PAGE 1388
2CSPC4.XModular-SWUM204.book Page 1388 Friday, March 15, 2013 9:24 AM Receive version................................ Both RIP Admin Mode................................. Disable Link State..................................... ----Authentication Type............................ MD5 Authentication Key............................. "pass123" Authentication Key ID.......................... 35 Bad Packets Received........................... ----Bad Routes Received............................ ----Updates Sent...
PAGE 1389
2CSPC4.XModular-SWUM204.book Page 1389 Friday, March 15, 2013 9:24 AM Example The following example displays general information for each RIP interface. console#show ip rip interface brief Interface IP Address Send Receive RIP Version Version Mode Link State ---------- ---------- -------- ----------- --------- ---------- vlan1 0.0.0.0 RIP-2 Both Disable Down vlan2 0.0.0.
PAGE 1390
2CSPC4.XModular-SWUM204.
PAGE 1391
2CSPC4.XModular-SWUM204.book Page 1391 Friday, March 15, 2013 9:24 AM Tunnel Interface Commands 57 PowerConnect provides for the creation, deletion, and management of tunnel interfaces. They are dynamic interfaces that are created and deleted by user configuration. Tunnel interfaces are used for the following purposes. • IPv4 tunnels • IPv6 tunnels Each router interface (port or VLAN interface) may have associated tunnel interfaces. Each interface can have multiple tunnel interfaces.
PAGE 1392
2CSPC4.XModular-SWUM204.book Page 1392 Friday, March 15, 2013 9:24 AM interface tunnel Use the interface tunnel command in Global Configuration mode to enter the interface configuration mode for a tunnel. Syntax interface tunnel tunnel-id no interface tunnel tunnel-id • tunnel-id — Tunnel identifier. (Range: 0–7) Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines.
PAGE 1393
2CSPC4.XModular-SWUM204.book Page 1393 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Examples The following examples show the parameters related to an individual tunnel and to all tunnel interfaces. console#show interfaces tunnel 1 Interface Link Status.......................... down MTU size.......................................
PAGE 1394
2CSPC4.XModular-SWUM204.book Page 1394 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (Tunnel) mode. User Guidelines This command has no user guidelines. Example The following example specifies the destination transport address of tunnel 1. console(config)#interface tunnel 1 console(config-if-tunnel1)#tunnel destination 10.1.1.1 tunnel mode ipv6ip Use the tunnel mode ipv6ip command in Interface Configuration mode to specify the mode of the tunnel.
PAGE 1395
2CSPC4.XModular-SWUM204.book Page 1395 Friday, March 15, 2013 9:24 AM console(config-if-tunnel1)#tunnel mode ipv6ip console(config-if-tunnel1)#tunnel mode ipv6ip 6to4 tunnel source Use the tunnel source command in Interface Configuration mode to specify the source transport address of the tunnel, either explicitly or by reference to an interface. Syntax tunnel source {ip-address | interface-type interface-number} no tunnel source Syntax Description Parameter Description ip-address Valid IPv4 address.
PAGE 1396
2CSPC4.XModular-SWUM204.
PAGE 1397
2CSPC4.XModular-SWUM204.book Page 1397 Friday, March 15, 2013 9:24 AM 58 Virtual Router Redundancy Protocol Commands An end station running IP needs to know the address of its first hop router. While some network administrators choose to install dynamic router discovery protocols such as DHCP, others prefer to statically allocate router addresses. If the router identified by such a statically allocated address goes down, the end station loses connectivity.
PAGE 1398
2CSPC4.XModular-SWUM204.book Page 1398 Friday, March 15, 2013 9:24 AM RFC defines a new configuration option that allows the router to accept any packet sent to a VRRP address, regardless of whether the VRRP Master is the address owner. The Pingable VRRP Interface feature, when enabled, allows the VRRP master to respond to both fragmented and unfragmented ICMP echo requests packets destined to a VRRP address (or addresses). A virtual router in backup state discards these.
PAGE 1399
2CSPC4.XModular-SWUM204.book Page 1399 Friday, March 15, 2013 9:24 AM Interface Tracking For interface tracking, VRRP is a routing event client. When a routing interface goes up or down (or routing is disabled globally, implying all routing interfaces are down), VRRP checks if the interface is tracked. If so, it adjusts the priority. Interface tracking is useful for tracking interfaces that are not configured for VRRP. Only IP interfaces are tracked.
PAGE 1400
2CSPC4.XModular-SWUM204.book Page 1400 Friday, March 15, 2013 9:24 AM Virtual Router Redundancy Protocol Commands ip vrrp Use the ip vrrp command in Global Configuration mode to enable the administrative mode of VRRP for the router. Use the no form of the command to disable the administrative mode of VRRP for the router. Syntax ip vrrp no ip vrrp Default Configuration VRRP is disabled by default. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines.
PAGE 1401
2CSPC4.XModular-SWUM204.book Page 1401 Friday, March 15, 2013 9:24 AM • vrid — Virtual router identification. (Range: 1-255) Default Configuration The default configuration is disabled. Command Mode Interface Configuration (VLAN) mode. User Guidelines The VRRP IP address is not pingable from within the switch. vrrp authentication Use the vrrp authentication command in Interface Configuration mode to set the authentication details value for the virtual router configured on a specified interface.
PAGE 1402
2CSPC4.XModular-SWUM204.book Page 1402 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example sets the authorization details value for VRRP router group 5 on VLAN 15.
PAGE 1403
2CSPC4.XModular-SWUM204.book Page 1403 Friday, March 15, 2013 9:24 AM User Guidelines This command accepts any printable characters for the name. Descriptions containing spaces must be wrapped with quotes. Example The following example creates virtual router group 5 on VLAN 15 and configures its description.
PAGE 1404
2CSPC4.XModular-SWUM204.book Page 1404 Friday, March 15, 2013 9:24 AM User Guidelines The virtual router IP addresses must be a valid host address on the local subnet based on the IP address and subnet mask configured on the VLAN interface. The VRRP IP address cannot be either the broadcast address or a network address. To configure vrrp, perform the following steps: 1 Enable ip routing in global configuration mode. 2 Enable ip vrrp globally.
PAGE 1405
2CSPC4.XModular-SWUM204.book Page 1405 Friday, March 15, 2013 9:24 AM Syntax vrrp vr-id mode no vrrp vr-id mode • vr-id — The virtual router identifier. (Range: 1-255) Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example enables the virtual router for VLAN 15.
PAGE 1406
2CSPC4.XModular-SWUM204.book Page 1406 Friday, March 15, 2013 9:24 AM Parameter Description seconds The number of seconds the VRRP router will wait before issuing an advertisement claiming master ownership. Default Configuration Enabled is the default configuration. Delay defaults to 0 seconds. Command Mode Interface Configuration (VLAN) mode. User Guidelines As per the VRRP RFC, when preemption is enabled, the backup router discards the advertisements until the masterdowntimer starts.
PAGE 1407
2CSPC4.XModular-SWUM204.book Page 1407 Friday, March 15, 2013 9:24 AM • level — Priority value for the interface. (Range: 1-254) Default Configuration Priority has a default value of 100. Command Mode Interface Configuration (VLAN) mode. User Guidelines The VRRP router with the highest numerical value for priority will become the VR master. When the VRRP priorities are equal, the router with the numerically highest IP address will win the election and become master.
PAGE 1408
2CSPC4.XModular-SWUM204.book Page 1408 Friday, March 15, 2013 9:24 AM Default Configuration Interval has a default value of 1. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example sets the frequency at which the VLAN 15 virtual router 5 sends a virtual router advertisement.
PAGE 1409
2CSPC4.XModular-SWUM204.book Page 1409 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following configures VLAN 15 virtual router to learn the advertisement interval used by the master virtual router. console(config-if-vlan15)#vrrp 5 timers learn vrrp track interface Use the vrrp track interface command in Interface Configuration mode to alter the priority of the VRRP router based on the availability of its interfaces.
PAGE 1410
2CSPC4.XModular-SWUM204.book Page 1410 Friday, March 15, 2013 9:24 AM Syntax Description Parameter Description group The virtual router identifier. (Range: 1-255) vlan vlan-id Valid VLAN ID. Priority decrement value for the tracked interface. (Range: 1- priority 254) Default Configuration No interfaces are tracked. The default decrement priority is 10. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines.
PAGE 1411
2CSPC4.XModular-SWUM204.book Page 1411 Friday, March 15, 2013 9:24 AM Use the no form of this command to remove the route from the tracked list or to restore the priority decrement to its default. When removing a tracked IP route from the tracked list, priority should be incremented by the decrement value if the route is not reachable.
PAGE 1412
2CSPC4.XModular-SWUM204.book Page 1412 Friday, March 15, 2013 9:24 AM show vrrp Use the show vrrp command in User EXEC or Privileged EXEC mode to display the global VRRP configuration and status as well as the brief or detailed status of one or all VRRP groups. Syntax show vrrp [brief | group] Syntax Description Parameter Description group The virtual router group identifier. Range 1-255. brief Provide a summary view of the VRRP group information.
PAGE 1413
2CSPC4.XModular-SWUM204.book Page 1413 Friday, March 15, 2013 9:24 AM Primary IP Address............................. 192.168.5.55 VMAC Address................................... 0000.5E00.0101 Authentication Type............................ None Priority....................................... 60 Configured Priority............................ 100 Advertisement Interval (secs).................. 10 Accept Mode.................................... Enable Pre-empt Mode..................................
PAGE 1414
2CSPC4.XModular-SWUM204.book Page 1414 Friday, March 15, 2013 9:24 AM Timers Learn Mode............................ Disable Description ..................................... Track Interface................................ vlan 3 Track Interface State ......................... Down Track Interface DecrementPriority ............. 20 Track Route (pfx/len) ......................... 10.10.10.0/24 Track Route Reachable ......................... False Track Route DecrementPriority .................
PAGE 1415
2CSPC4.XModular-SWUM204.book Page 1415 Friday, March 15, 2013 9:24 AM Default Configuration Show information for each group in the specified interface. Command Mode User EXEC, Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays all configuration information about the VLAN 15 virtual router. console#show vrrp interface vlan 7 Vlan 7 – Group 1 Primary IP Address........................... 192.168.5.
PAGE 1416
2CSPC4.XModular-SWUM204.book Page 1416 Friday, March 15, 2013 9:24 AM --------- ---- -------------- ------ ------------ vlan1 2 0.0.0.0 Disable Initialize vlan2 5 192.168.5.55 Enable Initialize The following example displays all statistical information about the VLAN 15 virtual router. console#show vrrp interface vlan 15 stats Vlan 15 – Group 5 UpTime........................... 0 days 0 hrs 0 mins 0 secs Protocol....................................... IP State Transitioned to Master.............
PAGE 1417
2CSPC4.XModular-SWUM204.book Page 1417 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays all configuration information about the virtual router on the selected interface.
PAGE 1418
2CSPC4.XModular-SWUM204.book Page 1418 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example displays all statistical information about the VLAN 15 virtual router. console#show vrrp interface stats vlan 15 5 UpTime..................... 0 days 0 hrs 0 mins 0 secs Protocol....................................... IP State Transitioned to Master................... 0 Advertisement Received......................... 0 Advertisement Interval Errors.......
PAGE 1419
2CSPC4.XModular-SWUM204.book Page 1419 Friday, March 15, 2013 9:24 AM Syntax ip vrrp vrid accept-mode no vrrp vrid accept-mode • vrid — Virtual router identification. (Range: 1-255) Default Configuration The default configuration is disabled. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. show ip vrrp interface Use the show ip vrrp interface command in User EXEC or Privileged EXEC mode to display the configured value for Accept Mode.
PAGE 1420
2CSPC4.XModular-SWUM204.book Page 1420 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example displays all configuration information about the VLAN 15 virtual router. console#show ip vrrp interface vlan2 1 Primary IP Address........................... 10.10.10.1 VMAC Address............................. 00:00:5E:00:01:01 Authentication Type............................ None Priority....................................... 100 Configured Priority....
PAGE 1421
2CSPC4.XModular-SWUM204.
PAGE 1422
2CSPC4.XModular-SWUM204.
PAGE 1423
2CSPC4.XModular-SWUM204.book Page 1423 Friday, March 15, 2013 9:24 AM Auto-Install Commands 60 Auto-Install provides automatic update of the image and configuration of PowerConnect devices on boot up from a TFTP server as controlled by received DHCP options. It plays a critical role in the PowerConnect offering of touchless or low-touch provisioning, in which configuration and imaging of a device is greatly simplified.
PAGE 1424
2CSPC4.XModular-SWUM204.book Page 1424 Friday, March 15, 2013 9:24 AM 4 Support for the Auto-Install process from a TFTP server operationally enabling the DHCP client on designated management interfaces during the Auto-Install process. The end user configuration remains unchanged. Management interfaces include the out-of-band interface or routing interfaces in a saved config.
PAGE 1425
2CSPC4.XModular-SWUM204.book Page 1425 Friday, March 15, 2013 9:24 AM Command Mode Global Config User Guidelines The configuration on the master switch controls the stack as if it is a single switch. No configuration steps need to be taken on the member switches to synchronize the firmware.
PAGE 1426
2CSPC4.XModular-SWUM204.book Page 1426 Friday, March 15, 2013 9:24 AM boot host autoreboot Use the boot host autoreboot command in Global Configuration mode to enable rebooting the device (no administrative intervention) when the autoimage is successfully downloaded. Use the no form of this command to disable rebooting the device (no administrative intervention) when the autoimage is successfully downloaded.
PAGE 1427
2CSPC4.XModular-SWUM204.book Page 1427 Friday, March 15, 2013 9:24 AM boot host autosave Use the boot host autosave command in Global Configuration mode to enable automatically saving the downloaded configuration on the switch. Use the no form of this command to disable automatically saving the downloaded configuration on the switch. Syntax boot host autosave no boot host autosave Parameter Description This command does not require a parameter description.
PAGE 1428
2CSPC4.XModular-SWUM204.book Page 1428 Friday, March 15, 2013 9:24 AM Install process is triggered. Use the no form of this command to disable AutoInstall on the next reboot if the reboot occurs with a saved startup configuration. If you give this command while the Auto-Install process is running, the Auto-Install process terminates. The Auto-Install process has an internal timer that retries failed installations for ten minutes.
PAGE 1429
2CSPC4.XModular-SWUM204.book Page 1429 Friday, March 15, 2013 9:24 AM Syntax boot host retrycount count no boot host retrycount • count —The number of attempts to download a configuration (Range: 1–6). Default Configuration The default number of configuration download attempts is three.
PAGE 1430
2CSPC4.XModular-SWUM204.book Page 1430 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines The show switch command also displays the switch firmware synchronization status.
PAGE 1431
2CSPC4.XModular-SWUM204.book Page 1431 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 1432
2CSPC4.XModular-SWUM204.
PAGE 1433
2CSPC4.XModular-SWUM204.book Page 1433 Friday, March 15, 2013 9:24 AM Captive Portal Commands 61 The Captive Portal feature is a software implementation that blocks both wired and wireless clients from accessing the network until user verification has been established. Verification can be configured to allow access for both guest and authenticated users. Authenticated users must be validated against a database of authorized Captive Portal users before access is granted.
PAGE 1434
2CSPC4.XModular-SWUM204.
PAGE 1435
2CSPC4.XModular-SWUM204.book Page 1435 Friday, March 15, 2013 9:24 AM Captive Portal Global Commands authentication timeout Use the authentication timeout command to configure the authentication timeout. If the user does not enter valid credentials within this time limit, the authentication page needs to be served again in order for the client to gain access to the network. Use the “no” form of this command to reset the authentication timeout to the default.
PAGE 1436
2CSPC4.XModular-SWUM204.book Page 1436 Friday, March 15, 2013 9:24 AM Syntax captive-portal Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#captive-portal console(config-CP)# enable Use the enable command to globally enable captive portal. Use the “no” form of this command to globally disable captive portal.
PAGE 1437
2CSPC4.XModular-SWUM204.book Page 1437 Friday, March 15, 2013 9:24 AM Example console(config-CP)#enable http port Use the http port command to configure an additional HTTP port for captive portal to monitor. Use the “no” form of this command to remove the additional HTTP port from monitoring. Syntax http port port-num no http port • port-num —The port number to monitor (Range: 1–65535). Default Configuration Captive portal only monitors port 80 by default.
PAGE 1438
2CSPC4.XModular-SWUM204.book Page 1438 Friday, March 15, 2013 9:24 AM no https port • port-num —The port number to monitor (Range: 1–65535). Default Configuration Captive portal only monitors port 443 by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
PAGE 1439
2CSPC4.XModular-SWUM204.book Page 1439 Friday, March 15, 2013 9:24 AM Example console#show captive-portal Administrative Mode....................... Disabled Operational Status........................ Disabled Disable Reason................ Administrator Disabled Captive Portal IP Address................. 1.2.3.4 show captive-portal status Use the show captive-portal status command to report the status of all captive portal instances in the system.
PAGE 1440
2CSPC4.XModular-SWUM204.book Page 1440 Friday, March 15, 2013 9:24 AM Configured Captive Portals..................... 1 Active Captive Portals......................... 0 Local Supported Users.......................... 128 Configured Local Users......................... 3 System Supported Users......................... 1024 Authenticated Users............................ 0 Captive Portal Configuration Commands The commands in this section are related to captive portal configurations.
PAGE 1441
2CSPC4.XModular-SWUM204.book Page 1441 Friday, March 15, 2013 9:24 AM configuration Use the configuration command to enter the captive portal instance mode. The captive portal configuration identified by CP ID 1 is the default CP configuration. The system supports a total of ten CP configurations. Use the “no” form of this command to delete a configuration. The default configuration (1) cannot be deleted. Syntax configuration cp-id no configuration cp-id • cp-id —Captive Portal ID (Range: 1–10).
PAGE 1442
2CSPC4.XModular-SWUM204.book Page 1442 Friday, March 15, 2013 9:24 AM Default Configuration Configurations are enabled by default Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-CP 2)#no enable group Use the group command to configure the group number for a captive portal configuration.
PAGE 1443
2CSPC4.XModular-SWUM204.book Page 1443 Friday, March 15, 2013 9:24 AM Example console(config-CP 2)#group 2 interface Use the interface command to associate an interface with a captive portal configuration. Use the “no” form of this command to remove an association. Syntax interface interface no interface interface interface —An interface or range of interfaces. Default Configuration No interfaces are associated with a configuration by default. Command Mode Captive Portal Instance Config mode.
PAGE 1444
2CSPC4.XModular-SWUM204.book Page 1444 Friday, March 15, 2013 9:24 AM • web-id — The locale number (Range: Only locale 1 is supported) Default Configuration Locale 1 is configured by default. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. name (Captive Portal) Use the name command to configure the name for a captive portal configuration. Use the “no” form of this command to remove a configuration name.
PAGE 1445
2CSPC4.XModular-SWUM204.book Page 1445 Friday, March 15, 2013 9:24 AM protocol Use the protocol command to configure the protocol mode for a captive portal configuration. Syntax protocol { http | https } Default Configuration The default protocols mode is https. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command.
PAGE 1446
2CSPC4.XModular-SWUM204.book Page 1446 Friday, March 15, 2013 9:24 AM User Guidelines There are no user guidelines for this command. Example console(config-CP 2)#redirect redirect-url Use the redirect-url command to configure the redirect URL for a captive portal configuration. Syntax redirect-url url • url —The URL for redirection (Range: 1–512 characters). Default Configuration There is no redirect URL configured by default. Command Mode Captive Portal Instance mode.
PAGE 1447
2CSPC4.XModular-SWUM204.book Page 1447 Friday, March 15, 2013 9:24 AM no session-timeout • timeout —Session timeout. 0 indicates timeout not enforced (Range: 0–86400 seconds). Default Configuration There is no session timeout by default. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command.
PAGE 1448
2CSPC4.XModular-SWUM204.book Page 1448 Friday, March 15, 2013 9:24 AM User Guidelines There are no user guidelines for this command. Example console(config-CP 2)#verification local Captive Portal Client Connection Commands captive-portal client deauthenticate Use the captive-portal client deauthenticate command to deauthenticate a specific captive portal client. Syntax captive-portal client deauthenticate macaddr • macaddr — Client MAC address.
PAGE 1449
2CSPC4.XModular-SWUM204.book Page 1449 Friday, March 15, 2013 9:24 AM Syntax show captive-portal client [ macaddr ] status • macaddr — Client MAC address. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command.
PAGE 1450
2CSPC4.XModular-SWUM204.book Page 1450 Friday, March 15, 2013 9:24 AM Syntax show captive-portal configuration [ cp-id ] client status cp-id —Captive Portal ID. • Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command.
PAGE 1451
2CSPC4.XModular-SWUM204.book Page 1451 Friday, March 15, 2013 9:24 AM Syntax show captive-portal interface {gigabitethernet unit/slot/port| tengigabitethernet unit/slot/port} client status Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command.
PAGE 1452
2CSPC4.XModular-SWUM204.book Page 1452 Friday, March 15, 2013 9:24 AM Captive Portal Interface Commands show captive-portal interface configuration status Use the show captive-portal interface configuration status command to display the interface to configuration assignments for all captive portal configurations or for a specific configuration. Syntax show captive-portal interface configuration [ cp-id ] status • cp-id —Captive Portal ID.
PAGE 1453
2CSPC4.XModular-SWUM204.book Page 1453 Friday, March 15, 2013 9:24 AM Captive Portal Local User Commands clear captive-portal users Use the clear captive-portal users command to delete all captive portal user entries. Syntax clear captive-portal users Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command.
PAGE 1454
2CSPC4.XModular-SWUM204.book Page 1454 Friday, March 15, 2013 9:24 AM Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-CP)#no user 1 show captive-portal user Use the show captive-portal user command to display all configured users or a specific user in the captive portal local user database. Syntax show captive-portal user [ user-id ] • user-id — User ID (Range: 1–128).
PAGE 1455
2CSPC4.XModular-SWUM204.book Page 1455 Friday, March 15, 2013 9:24 AM 2 group2 console#show captive-portal user 1 User ID........................................ 1 User Name...................................... user123 Password Configured............................ Yes Session Timeout................................ 0 Group ID Group Name -------- -------------------------------1 Default 2 group2 user group Use the user group command to associate a group with a captive portal user.
PAGE 1456
2CSPC4.XModular-SWUM204.book Page 1456 Friday, March 15, 2013 9:24 AM Example console(config-CP)#user 1 group 3 user-logout Use the user-logout command in Captive Portal Instance mode to enable captive portal users to log out of the portal (versus having the session time out). Use the no form of the command to return the user logout configuration to the default. Syntax user-logout no user-logout Parameter Description This command does not require a parameter description.
PAGE 1457
2CSPC4.XModular-SWUM204.book Page 1457 Friday, March 15, 2013 9:24 AM user name Use the user name command to modify the user name for a local captive portal user. Syntax user user-id name name • user-id — User ID (Range: 1–128). • name — user name (Range: 1–32 characters). Default Configuration There is no name for a user by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines.
PAGE 1458
2CSPC4.XModular-SWUM204.book Page 1458 Friday, March 15, 2013 9:24 AM Default Configuration There are no users configured by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command. Example console(Config-CP)#user 1 password Enter password (8 to 64 characters): ******** Re-enter password: ******** user session-timeout Use the user session-timeout command to set the session timeout value for a captive portal user.
PAGE 1459
2CSPC4.XModular-SWUM204.book Page 1459 Friday, March 15, 2013 9:24 AM User Guidelines There are no user guidelines for this command. Example console(config-CP)#user 1 session-timeout 86400 console(config-CP)#no user 1 session-timeout Captive Portal Status Commands show captive-portal configuration Use the show captive-portal configuration command to display the operational status of each captive portal configuration. Syntax show captive-portal configuration cp-id cp-id —Captive Portal ID.
PAGE 1460
2CSPC4.XModular-SWUM204.book Page 1460 Friday, March 15, 2013 9:24 AM Configured Locales........................ 1 Authenticated Users....................... 0 show captive-portal configuration interface Use the show captive-portal configuration interface command to display information about all interfaces assigned to a captive portal configuration or about a specific interface assigned to a captive portal configuration.
PAGE 1461
2CSPC4.XModular-SWUM204.book Page 1461 Friday, March 15, 2013 9:24 AM Interface Description..................... Unit: 1 Slot: 0 Port: 1 Gigab... Operational Status........................ Disabled Disable Reason............................ Interface Not Attached Block Status.............................. Not Blocked Authenticated Users.......................
PAGE 1462
2CSPC4.XModular-SWUM204.book Page 1462 Friday, March 15, 2013 9:24 AM Syntax show captive-portal configuration [ cp-id ] status • cp-id —Captive Portal ID. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines There are no user guidelines for this command.
PAGE 1463
2CSPC4.XModular-SWUM204.book Page 1463 Friday, March 15, 2013 9:24 AM Captive Portal User Group Commands user group Use the user group command to create a user group. Use the “no” form of this command to delete a user group. The default user group (1) cannot be deleted. Syntax user group group-id no user group group-id group-id —Group ID (Range: 1–10). Default Configuration User group 1 is created by default and cannot be deleted. Command Mode Captive Portal Configuration mode.
PAGE 1464
2CSPC4.XModular-SWUM204.book Page 1464 Friday, March 15, 2013 9:24 AM • new-group-id —Group ID (Range: 1–10). Default Configuration There is no default configuration for this command. Command Mode Captive Portal Configuration mode User Guidelines The new group-id must already exist. Example console(config-CP)#user group 2 moveusers 3 user group name Use the user group name command to configure a group name. Syntax user group group-id name name • group-id — Group ID (Range: 1–10).
PAGE 1465
2CSPC4.XModular-SWUM204.book Page 1465 Friday, March 15, 2013 9:24 AM CLI Macro Commands 62 CLI Macros provides a convenient way to save and distribute common configurations. A CLI macro is a set of the CLI commands having a unique name. When a CLI macro is applied, the CLI commands contained within the macro are executed and added to the Running Configuration File. When the macro is applied to an interface, the existing configuration is not lost; the new commands are added configuration.
PAGE 1466
2CSPC4.XModular-SWUM204.book Page 1466 Friday, March 15, 2013 9:24 AM • profile-wireless, the interface configuration, used when connecting the switch and a wireless access point. • profile-compellent-nas, the interface configuration, used when connecting the switch to a Dell Compellent NAS.
PAGE 1467
2CSPC4.XModular-SWUM204.book Page 1467 Friday, March 15, 2013 9:24 AM Macro Default Definition default global :profile-global default interface :profile-desktop default interface :profile-phone default interface :profile-switch default interface :profile-router default interface :profile-wireless default global :profile-compellent-nas Command Mode Global Configuration mode User Guidelines Macros consist of text commands with one command per line.
PAGE 1468
2CSPC4.XModular-SWUM204.book Page 1468 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description macro-name The name of the macro. parameter The name of the parameter recognized by the macro. The parameter must begin with a dollar sign ($). value The string to be substituted within the macro for the specified parameter name. Default Configuration No parameters are substituted unless supplied on the command line.
PAGE 1469
2CSPC4.XModular-SWUM204.book Page 1469 Friday, March 15, 2013 9:24 AM Parameter Description value The string to be substituted within the macro for the specified parameter name. Default Configuration No parameters are substituted unless supplied on the command line. Command Mode Global Configuration mode User Guidelines The line number of the first error encountered is printed. The script is aborted after the first error. Commands applied are additive in nature.
PAGE 1470
2CSPC4.XModular-SWUM204.book Page 1470 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines This command is intended to give the administrator an easy way to remember which macros have been applied globally. All text up to the new line is included in the description. The line is appended to the global description. macro apply Use the macro apply command in Interface Configuration mode to apply a macro.
PAGE 1471
2CSPC4.XModular-SWUM204.book Page 1471 Friday, March 15, 2013 9:24 AM macro trace Use the macro trace command in Interface Configuration mode to apply and trace a macro. The command will display each line of the macro as it is executed and list any errors encountered. Syntax macro trace macro-name [parameter value] [parameter value][parameter value] no macro name name Parameter Description Parameter Description macro-name The name of the macro.
PAGE 1472
2CSPC4.XModular-SWUM204.book Page 1472 Friday, March 15, 2013 9:24 AM macro description Use the macro description command in Interface Configuration mode to append a line to the macro description. Use the no form of the command to clear the description. Syntax macro description line Parameter Description Parameter Description line The macro description. All text up to the new line is included in the description. Default Configuration There is no description by default.
PAGE 1473
2CSPC4.XModular-SWUM204.book Page 1473 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description brief Shows the list of defined macros and their type. description Shows the macro descriptions. name Shows an individual macro, including its contents. macro The name of the macro to display. interface-id The interface for which to show the macro description. Default Configuration No parameters are substituted unless supplied on the command line.
PAGE 1474
2CSPC4.XModular-SWUM204.
PAGE 1475
2CSPC4.XModular-SWUM204.book Page 1475 Friday, March 15, 2013 9:24 AM 63 Clock Commands Real-time Clock The PowerConnect supports a real-time clock that maintains the system time across reboots. The system time is used to timestamp messages in the logging subsystem as well as for the application of time based ACLs. The administrator has the ability to configure and view the current time, time zone, and summer time settings. The earliest date that can be configured is Jan 1, 2010.
PAGE 1476
2CSPC4.XModular-SWUM204.book Page 1476 Friday, March 15, 2013 9:24 AM multicast address ff02::101 (reserved for SNTP) for server packets on port number 123. The client logic to handle packet contents doesn’t change with support for IPv6 networks.
PAGE 1477
2CSPC4.XModular-SWUM204.book Page 1477 Friday, March 15, 2013 9:24 AM Example The following example displays the current SNTP configuration of the device. console#show sntp configuration Polling interval: 64 seconds MD5 Authentication keys: Authentication is not required for synchronization. Trusted keys: No trusted keys. Unicast clients: Disable Unicast servers: Server Key Polling Priority --------- ----------- ----------- ---------- 10.27.128.
PAGE 1478
2CSPC4.XModular-SWUM204.book Page 1478 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Examples console#show sntp server Server Host Address: 2001::01 Server Type: IPv6 Server Stratum: 2 Server Reference Id: NTP Srv: 158.108.96.
PAGE 1479
2CSPC4.XModular-SWUM204.book Page 1479 Friday, March 15, 2013 9:24 AM --More-- or (q)uit Host Address: 3.north-america.pool.ntp.org Address Type: DNS Priority: 1 Version: 4 Port: 123 Last Update Time: Dec 22 07:30:31 2009 Last Attempt Time: Dec 22 07:32:41 2009 Last Update Status: Server Unsynchronized Total Unicast Requests: 157 Failed Unicast Requests: 2 show sntp status Use the show sntp status command in Privileged EXEC mode to show the status of the Simple Network Time Protocol (SNTP).
PAGE 1480
2CSPC4.XModular-SWUM204.book Page 1480 Friday, March 15, 2013 9:24 AM console#show sntp status Client Mode: Unicast Last Update Time: MAR 30 21:21:20 2009 Unicast servers: Server Status Last response --------- ----------- -------------------------- 192.168.0.1 Up 21:21:20 Mar 30 2009 sntp authenticate Use the sntp authenticate command in Global Configuration mode to require server authentication for received Network Time Protocol (NTP) traffic.
PAGE 1481
2CSPC4.XModular-SWUM204.book Page 1481 Friday, March 15, 2013 9:24 AM console(config)# sntp trusted-key 8 console(config)# sntp authenticate sntp authentication-key Use the sntp authentication-key command in Global Configuration mode to define an authentication key for Simple Network Time Protocol (SNTP). To remove the authentication key for SNTP, use the no form of this command.
PAGE 1482
2CSPC4.XModular-SWUM204.book Page 1482 Friday, March 15, 2013 9:24 AM sntp broadcast client enable Use the sntp broadcast client enable command in Global Configuration mode to enable a Simple Network Time Protocol (SNTP) Broadcast client. To disable an SNTP Broadcast client, use the no form of this command. Syntax sntp broadcast client enable no sntp broadcast client enable Default Configuration The SNTP Broadcast client is disabled.
PAGE 1483
2CSPC4.XModular-SWUM204.book Page 1483 Friday, March 15, 2013 9:24 AM Default Configuration The polling interval is 64 seconds. Command Mode Global Configuration mode User Guidelines If a user enters a value which is not an exact power of two, the nearest powerof-two value is applied. Example The following example sets the polling time for the Simple Network Time Protocol (SNTP) client to 1024 seconds.
PAGE 1484
2CSPC4.XModular-SWUM204.book Page 1484 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the device to accept Simple Network Time Protocol (SNTP) traffic from the server at IP address 192.1.1.1. console(config)# sntp server 192.1.1.
PAGE 1485
2CSPC4.XModular-SWUM204.book Page 1485 Friday, March 15, 2013 9:24 AM Example The following defines SNTP trusted-key. console(config)# sntp authentication-key 8 md5 ClkKey console(config)# sntp trusted-key 8 console(config)# sntp authenticate sntp unicast client enable Use the sntp unicast client enable command in Global Configuration mode to enable a client to use Simple Network Time Protocol (SNTP) predefined Unicast clients. To disable an SNTP Unicast client, use the no form of this command.
PAGE 1486
2CSPC4.XModular-SWUM204.book Page 1486 Friday, March 15, 2013 9:24 AM clock timezone hours-offset Use the clock timezone [ hours-offset ] [minutes minutes-offset] [zone acronym] command to set the offset to Coordinated Universal Time (UTC). If the optional parameters are not specified, they will be read as either '0' or '\0, as appropriate. Syntax clock timezone hours-offset [minutes minutes-offset] [zone acronym] • hours-offset — Hours difference from UTC.
PAGE 1487
2CSPC4.XModular-SWUM204.book Page 1487 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration User Guidelines This command has no specific user guidelines. Example console(config)#no clock timezone clock summer-time recurring Use the clock summer-time recurring {usa | eu | {week day month hh:mm week day month hh:mm}} [offset offset] [zone acronym] command to set the summertime offset to UTC recursively every year. If the optional parameters are not specified, they are read as either '0' or '\0
PAGE 1488
2CSPC4.XModular-SWUM204.book Page 1488 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration User Guidelines No specific guidelines Examples console(config)# clock summer-time recurring 1 sun jan 00:10 2 mon mar 10:00 offset 1 zone ABC clock summer-time date Use the clock summer-time date {date | month} {month | date} year hh:mm {date | month} {month | date} year hh:mm [offset offset] [zone acronym] command to set the summertime offset to UTC.
PAGE 1489
2CSPC4.XModular-SWUM204.book Page 1489 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration User Guidelines No specific guidelines Examples console(config)# clock summer-time date 1 Apr 2007 02:00 28 Oct 2007 offset 90 zone EST or console(config)# clock summer-time date Apr 1 2007 02:00 Oct 28 2007 offset 90 zone EST no clock summer-time Use the no clock summer-time command to reset the summertime configuration.
PAGE 1490
2CSPC4.XModular-SWUM204.book Page 1490 Friday, March 15, 2013 9:24 AM show clock Use the show clock command in Privileged EXEC or User EXEC mode to display the time and date from the system clock. Use the show clock detail command to show the time zone and summertime configuration. Syntax Description show clock [detail] Default Configuration This command has no default configuration.
PAGE 1491
2CSPC4.XModular-SWUM204.book Page 1491 Friday, March 15, 2013 9:24 AM Acronym is PDT Recurring every year. Begins at first Sunday of April at 2:00. Ends at last Sunday of October at 2:00. Offset is 60 minutes.
PAGE 1492
2CSPC4.XModular-SWUM204.
PAGE 1493
2CSPC4.XModular-SWUM204.book Page 1493 Friday, March 15, 2013 9:24 AM Command Line Configuration Scripting Commands 64 The Configuration Scripting feature allows the user to generate textformatted files representing the current system configuration. These configuration script files can be uploaded to a computer and edited, then downloaded to the system and applied to the system.
PAGE 1494
2CSPC4.XModular-SWUM204.book Page 1494 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example applies the config.scr script to the switch. console#script apply config.scr script delete Use the script delete command in Privileged EXEC mode to delete a specified script.
PAGE 1495
2CSPC4.XModular-SWUM204.book Page 1495 Friday, March 15, 2013 9:24 AM console#script delete all script list Use the script list command in Privileged EXEC mode to list all scripts present on the switch as well as the remaining available space. Syntax script list Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays all scripts present on the switch.
PAGE 1496
2CSPC4.XModular-SWUM204.book Page 1496 Friday, March 15, 2013 9:24 AM • scriptname — Name of the script file to be displayed. (Range: 1-31 characters) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the contents of the script file config.scr. console#script show config.scr interface gigabitethernet 1/0/1 ip address 176.242.100.100 255.255.255.
PAGE 1497
2CSPC4.XModular-SWUM204.book Page 1497 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example validates the contents of the script file config.scr. console#script validate config.
PAGE 1498
2CSPC4.XModular-SWUM204.
PAGE 1499
2CSPC4.XModular-SWUM204.book Page 1499 Friday, March 15, 2013 9:24 AM Configuration and Image File Commands 65 File System Commands CLI commands allow the user to show the contents of the current directory in the flash file system (dir command). These files may also be deleted from the flash using the delete command or renamed with the rename command. Also, the syntax of the copy command has been changed slightly to add additional flash targets and sources for the above commands.
PAGE 1500
2CSPC4.XModular-SWUM204.book Page 1500 Friday, March 15, 2013 9:24 AM delete backup-config show running-config delete backup-image show startup-config delete startup-config update bootcode dir write erase – boot system Use the boot system command in Privileged EXEC mode to specify the system image that the device loads at startup. Syntax boot system [unit-id][image1|image2] Parameter Description Parameter Description image1 Marks the given image as active for subsequent reboots.
PAGE 1501
2CSPC4.XModular-SWUM204.book Page 1501 Friday, March 15, 2013 9:24 AM Example #1 The following example loads system image image1 for the next device startup. console# boot system image1 clear config Use the clear config command in Privileged EXEC mode to restore the switch to the default configuration. Syntax clear config Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
PAGE 1502
2CSPC4.XModular-SWUM204.book Page 1502 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description source-url The location URL or or reserved keyword of the source file being copied. (Range: 1-160 characters.) List of valid source parameters for uploading from the switch: backup-config Uploads Backup Config file. image Uploads code file via tftp. operational-log Uploads Operational Log file. running-config Copies system config file. script Uploads Configuration Script file.
PAGE 1503
2CSPC4.XModular-SWUM204.book Page 1503 Friday, March 15, 2013 9:24 AM Parameter Description destination-url The URL or reserved keyword of the destination file. (Range: 1-160 characters. List of valid destination parameters for downloading to the switch: backup-config Downloads config file using sftp or tftp. image Downloads code file by ftp, sftp, or tftp. script Downloads configuration script by sftp or tftp. startup-config Downloads config file using tftp.
PAGE 1504
2CSPC4.XModular-SWUM204.book Page 1504 Friday, March 15, 2013 9:24 AM Reserved Keyword Description running-config Represents the current running configuration file. startup-config Represents the startup configuration file. startup-log Represents the startup syslog file. This can only be the source of a copy operation. operational-log Represents the operational syslog file. This can only be the source of a copy operation. script scriptname Represents a CLI script file.
PAGE 1505
2CSPC4.XModular-SWUM204.book Page 1505 Friday, March 15, 2013 9:24 AM User Guidelines When copying files from the switch, match a source parameter with a destination URL. When copying to the switch, match a source URL to a destination parameter. FTP is only supported for image download to the switch. URLs may not exceed 160 characters in length, including filename, file path, hostname, ip address, user, and reserved keywords.
PAGE 1506
2CSPC4.XModular-SWUM204.book Page 1506 Friday, March 15, 2013 9:24 AM File transfer operation completed successfully. console#show bootvar Image Descriptions image1 : default image image2 : Images currently available on Flash -----------------------------------------------------------------unit image1 image2 current-active next-active ------------------------------------------------------------------ 1 M.9.11.2 M.9.11.
PAGE 1507
2CSPC4.XModular-SWUM204.book Page 1507 Friday, March 15, 2013 9:24 AM Validating and updating the users to the IAS users database. Updated IAS users database successfully. Example – USB copy operations console#copy usb://start-config startup-config console#copy operational-log usb://olog.txt console#copy usb://backup-config.txt backup-config console#copy image usb://image1.stk console#copy flash://crashdump.0 usb://crashdump.0 delete Use the delete command to delete files from flash.
PAGE 1508
2CSPC4.XModular-SWUM204.book Page 1508 Friday, March 15, 2013 9:24 AM delete backup-config Use the delete backup-config command in Privileged EXEC mode to delete the backup-config file. Syntax delete backup-config Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example deletes the backup-config file.
PAGE 1509
2CSPC4.XModular-SWUM204.book Page 1509 Friday, March 15, 2013 9:24 AM User Guidelines NOTE: The active image cannote be deleted. Example The following example deletes test file in Flash memory. console#delete backup-image Delete: image2 (y/n)? delete startup-config Use the delete startup-config command in Privileged EXEC mode to delete the startup-config file. Syntax delete startup-config Default Configuration This command has no default configuration.
PAGE 1510
2CSPC4.XModular-SWUM204.book Page 1510 Friday, March 15, 2013 9:24 AM Syntax dir Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console#dir 0 drwx 2048 Jan 13 2031 17:19:54 . 0 drwx 2048 Jan 10 2031 15:58:10 .. 0 -rwx 0 -rwx 16380 Jan 10 2031 15:58:18 log2.bin 0 -rwx 72 Jan 10 2031 15:58:14 boot.dim 0 -rwx 0 -rwx 0 -rwx 0 -rwx 256 Jan 22 2005 08:00:48 vpd.
PAGE 1511
2CSPC4.XModular-SWUM204.book Page 1511 Friday, March 15, 2013 9:24 AM Syntax Description Parameter Description startup-config Erases the contents of the startup configuration file. backup-image Erase the backup image. backup-config Erases the backup configuration. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
PAGE 1512
2CSPC4.XModular-SWUM204.book Page 1512 Friday, March 15, 2013 9:24 AM User Guidelines The description accepts any printable characters except a double quote or question mark. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the description. The CLI does not filter illegal combinations of characters on entry and may accept entries up to the first illegal character or reject the entry entirely.
PAGE 1513
2CSPC4.XModular-SWUM204.book Page 1513 Friday, March 15, 2013 9:24 AM show backup-config Use the show backup-config command in Privileged EXEC mode to display the contents of the backup configuration file. Syntax show backup-config Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example shows backup-config data.
PAGE 1514
2CSPC4.XModular-SWUM204.book Page 1514 Friday, March 15, 2013 9:24 AM exit show bootvar Use the show bootvar command in User EXEC mode to display the active system image file that the device loads at startup. Syntax show bootvar [unit ] • unit —Unit number. Default Configuration This command has no default configuration. Command Mode User EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 1515
2CSPC4.XModular-SWUM204.book Page 1515 Friday, March 15, 2013 9:24 AM show running-config Use the show running-config command in Privileged EXEC mode to display the contents of the currently running configuration file, including banner configuration. The command only displays the configurations that are nondefault. NOTE: All non-default configurations for the Captve Portal branding images and encoded Unicode are not displayed via the standard show running-config command.
PAGE 1516
2CSPC4.XModular-SWUM204.book Page 1516 Friday, March 15, 2013 9:24 AM no exec-banner exit line telnet no login-banner exit banner exec "===exec=====" banner login "===login=====" banner motd "===motd=====" exit show startup-config Use the show startup-config command in Privileged EXEC mode to display the startup configuration file contents. Syntax show startup-config Default Configuration This command has no default configuration.
PAGE 1517
2CSPC4.XModular-SWUM204.book Page 1517 Friday, March 15, 2013 9:24 AM console#show startup-config 1 : !Current Configuration: 2 : !System Description "PowerConnect M8024, 1.0.0.0, VxWorks6.5" 3 : !System Software Version 1.0.0.
PAGE 1518
2CSPC4.XModular-SWUM204.book Page 1518 Friday, March 15, 2013 9:24 AM 33 : exit 34 : snmp-server community public rw 35 : exit update bootcode Use the update bootcode command in Privileged EXEC mode to update the bootcode on one or more switches. For each switch, the bootcode is extracted from the active image and programmed to flash. Syntax update bootcode [unit ] • unit —Unit number. Default Configuration This command has no default configuration.
PAGE 1519
2CSPC4.XModular-SWUM204.book Page 1519 Friday, March 15, 2013 9:24 AM Syntax write Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode Usage Guidelines This command is equivalent to the copy running-config startup-config command functionally.
PAGE 1520
2CSPC4.XModular-SWUM204.
PAGE 1521
2CSPC4.XModular-SWUM204.book Page 1521 Friday, March 15, 2013 9:24 AM Denial of Service Commands 66 The following list shows the DoS attack detection PowerConnect supports. Some platforms do not support detection for all of the DoS attack types in the list. • SIP=DIP: – • First Fragment: – • • – TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and – TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and – TCP Sequence Number = 0 or TCP Flags SYN and FIN set.
PAGE 1522
2CSPC4.XModular-SWUM204.book Page 1522 Friday, March 15, 2013 9:24 AM • – TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and – TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and – TCP Sequence Number = 0 or TCP Flags SYN and FIN set. TCP Offset: – • TCP SYN: – • TCP Flags FIN and URG and PSH set and TCP Sequence Number = 0. ICMP V6: – • TCP Flags SYN and FIN set. TCP FIN & URG & PSH: – • TCP Flag SYN set. TCP SYN & FIN: – • Checks for TCP header offset =1.
PAGE 1523
2CSPC4.XModular-SWUM204.book Page 1523 Friday, March 15, 2013 9:24 AM dos-control firstfrag Use the dos-control firstfrag command in Global Configuration mode to enable Minimum TCP Header Size Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having a TCP Header Size smaller than the configured value, the packets are dropped. Syntax dos-control firstfrag [size] no dos-control firstfrag • size —TCP header size.
PAGE 1524
2CSPC4.XModular-SWUM204.book Page 1524 Friday, March 15, 2013 9:24 AM Syntax dos-control icmp [size ] no dos-control icmp • size — Maximum ICMP packet size. (Range: 0-16376). If size is unspecified, the value is 512. Default Configuration Denial of Service is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates the Maximum ICMP Packet Denial of Service protection with a maximum packet size of 1023.
PAGE 1525
2CSPC4.XModular-SWUM204.book Page 1525 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates L4 Port Denial of Service protection. console(config)#dos-control l4port dos-control sipdip Use the dos-control sipdip command in Global Configuration mode to enable Source IP Address = Destination IP Address (SIP=DIP) Denial of Service protection.
PAGE 1526
2CSPC4.XModular-SWUM204.book Page 1526 Friday, March 15, 2013 9:24 AM dos-control tcpflag Use the dos-control tcpflag command in Global Configuration mode to enable TCP Flag Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack.
PAGE 1527
2CSPC4.XModular-SWUM204.book Page 1527 Friday, March 15, 2013 9:24 AM no dos-control tcpfrag Default Configuration Denial of Service is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates TCP Fragment Denial of Service protection. console(config)#dos-control tcpfrag ip icmp echo-reply Use the ip icmp echo-reply command to enable or disable the generation of ICMP Echo Reply messages.
PAGE 1528
2CSPC4.XModular-SWUM204.book Page 1528 Friday, March 15, 2013 9:24 AM Example console(config)#ip icmp echo-reply ip icmp error-interval Use the ip icmp error-interval command to limit the rate at which IPv4 ICMP error messages are sent. The rate limit is configured as a token bucket with two configurable parameters: Burst-size and burst-interval. To disable ICMP rate limiting, set burst-interval to zero. Use the no form of this command to return burst-interval and burst-size to their default values.
PAGE 1529
2CSPC4.XModular-SWUM204.book Page 1529 Friday, March 15, 2013 9:24 AM ip unreachables Use the ip unreachables command to enable the generation of ICMP Destination Unreachable messages. Use the no form of this command to prevent the generation of ICMP Destination Unreachable messages. Syntax ip unreachables no ip unreachables Default Configuration ICMP Destination Unreachable messages are enabled.
PAGE 1530
2CSPC4.XModular-SWUM204.book Page 1530 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan10)#ip redirects ipv6 icmp error-interval Use the icmp error-interval command to limit the rate at which ICMP error messages are sent. The rate limit is configured as a token bucket with two configurable parameters: Burst-size and burst interval.
PAGE 1531
2CSPC4.XModular-SWUM204.book Page 1531 Friday, March 15, 2013 9:24 AM User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 icmp error-interval 2000 20 ipv6 unreachables Use the ipv6 unreachables command to enable the generation of ICMPv6 Destination Unreachable messages. Use the no form of this command to prevent the generation of ICMPv6 Destination Unreachable messages.
PAGE 1532
2CSPC4.XModular-SWUM204.book Page 1532 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays Denial of Service configuration information. console#show dos-control SIPDIP Mode...............................Disable First Fragment Mode.......................Disable Min TCP Hdr Size.......................
PAGE 1533
2CSPC4.XModular-SWUM204.book Page 1533 Friday, March 15, 2013 9:24 AM 67 Line Commands This chapter explains the following commands: exec-timeout line history show line history size speed Authentication commands related to line configuration mode are in AAA Commands. exec-timeout Use the exec-timeout command in Line Configuration mode to set the interval that the system waits for user input before timeout. The exectimeout command is also used by the web for timing out web sessions.
PAGE 1534
2CSPC4.XModular-SWUM204.book Page 1534 Friday, March 15, 2013 9:24 AM User Guidelines To specify no timeout, enter the exec-timeout 0 command. Example The following example configures the interval that the system waits until user input is detected to 20 minutes. console(config)#line console console(config-line)#exec-timeout 20 history Use the history command in Line Configuration mode to enable the command history function. To disable the command history function, use the no form of this command.
PAGE 1535
2CSPC4.XModular-SWUM204.book Page 1535 Friday, March 15, 2013 9:24 AM history size Use the history size command in Line Configuration mode to change the command history buffer size for a particular line. To reset the command history buffer size to the default setting, use the no form of this command. Syntax history size number-of-commands no history size Parameter Description Parameter Description number-ofcommands Specifies the number of commands the system may record in its command history buffer.
PAGE 1536
2CSPC4.XModular-SWUM204.book Page 1536 Friday, March 15, 2013 9:24 AM Syntax line {console | telnet | ssh} • console — Console terminal line. • telnet — Virtual terminal for remote console access (Telnet). • ssh — Virtual terminal for secured remote console access (SSH). Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The default authentication list for telnet and SSH is enableNetList.
PAGE 1537
2CSPC4.XModular-SWUM204.book Page 1537 Friday, March 15, 2013 9:24 AM show line Use the show line command in User EXEC or Privileged EXEC modes to display line parameters. Syntax show line [console | telnet | ssh] • console — Console terminal line. • telnet — Virtual terminal for remote console access (Telnet). • ssh — Virtual terminal for secured remote console access (SSH). Default Configuration This command has no default configuration.
PAGE 1538
2CSPC4.XModular-SWUM204.book Page 1538 Friday, March 15, 2013 9:24 AM Telnet configuration: Interactive timeout: 10 minutes 10 seconds History: 10 SSH configuration: Interactive timeout: 10 minutes 10 seconds History: 10 speed Use the speed command in Line Configuration mode to set the line baud rate. Use the no form of the command to restore the default settings. Syntax speed {bps} no speed • bps — Baud rate in bits per second (bps). The options are 2400, 9600, 19200, 38400, 57600, and 115200.
PAGE 1539
2CSPC4.XModular-SWUM204.book Page 1539 Friday, March 15, 2013 9:24 AM Management ACL Commands 68 In order to ensure the security of the switch management features, the administrator may elect to configure a management access control list. The Management Access Control and Administration List (ACAL) component is used to ensure that only known and trusted devices are allowed to remotely manage the switch via TCP/IP.
PAGE 1540
2CSPC4.XModular-SWUM204.book Page 1540 Friday, March 15, 2013 9:24 AM deny (management) Use the deny command in Management Access-List Configuration mode to set conditions for the management access list.
PAGE 1541
2CSPC4.XModular-SWUM204.book Page 1541 Friday, March 15, 2013 9:24 AM User Guidelines Rules with gigabitethernet, tengigabitethernet, vlan, and port-channel parameters are valid only if an IP address is defined on the appropriate interface. Ensure that each rule has a unique priority. Example The following example shows how all ports are denied in the access-list called mlist.
PAGE 1542
2CSPC4.XModular-SWUM204.book Page 1542 Friday, March 15, 2013 9:24 AM Example The following example configures an access-list called mlist as the management access-list. console(config)# management access-class mlist management access-list Use the management access-list command in Global Configuration mode to define an access list for management, and enter the access-list for configuration.
PAGE 1543
2CSPC4.XModular-SWUM204.book Page 1543 Friday, March 15, 2013 9:24 AM Management access list names can consist of any printable character, including blanks. Enclose the name in quotes to embed blanks in the name. Examples The following example shows how to configure two management interfaces, gigabit Ethernet 1/0/1 and gigabit Ethernet 2/0/9.
PAGE 1544
2CSPC4.XModular-SWUM204.book Page 1544 Friday, March 15, 2013 9:24 AM • gigabitethernet unit/slot/port — A valid 1-gigabit Ethernet-routed port number. • vlan vlan-id — A valid VLAN number. • port-channel port-channel-number — A valid port channel number. • tengigabitethernet unit/slot/port — A valid 10-gigabit Ethernet-routed port number. • ip-address — Source IP address. • mask mask — Specifies the network mask of the source IP address.
PAGE 1545
2CSPC4.XModular-SWUM204.book Page 1545 Friday, March 15, 2013 9:24 AM console(config)# management access-class mlist The following example shows how to configure all the interfaces to be management interfaces except for two interfaces, gigabit Ethernet 1/0/1 and 2/0/9.
PAGE 1546
2CSPC4.XModular-SWUM204.book Page 1546 Friday, March 15, 2013 9:24 AM show management access-list Use the show management access-list command in Privileged EXEC mode to display management access-lists. Syntax show management access-list [name] • name — A valid access list name. (Range: 1–32 characters) Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 1547
2CSPC4.XModular-SWUM204.book Page 1547 Friday, March 15, 2013 9:24 AM 69 Mode Commands This chapter explains the following commands: configure terminal do configure terminal Use the configure terminal command to get to the configure line. This command is equivalent to the configure command. Syntax configure terminal Default Configuration This command has no default configuration.
PAGE 1548
2CSPC4.XModular-SWUM204.book Page 1548 Friday, March 15, 2013 9:24 AM using this command. When in modes other than Global Configuration mode, the do command will not appear in the list of commands shown in the help, nor will prompting be available. Syntax do line do ? • line — Command to be executed. It should be an unambiguous command from the Privileged EXEC mode. Commands such as configure are forbidden. Command line completion for the line parameter is supported.
PAGE 1549
2CSPC4.XModular-SWUM204.book Page 1549 Friday, March 15, 2013 9:24 AM copy Copy files to or from the switch. crypto Request a crypto certificate. debug Configure debug flags. delete Delete a file. dir Display directory information. disconnect Close active remote session(s). dot1x Initialize dot1x or re-authenticate clients. enable Enter into user privilege mode. erase Delete a file. exit Exit privileged exec mode. filedescr Set a text description for an image file.
PAGE 1550
2CSPC4.XModular-SWUM204.
PAGE 1551
2CSPC4.XModular-SWUM204.book Page 1551 Friday, March 15, 2013 9:24 AM 70 Password Management Commands The Password Management component supports the features below. Passwords are masked when entered by the user and in the running config. Configurable Minimum Password Length The administrator has the option of requiring user passwords to be a minimum length. The administrator can choose to have the switch enforce a minimum length between 8 and 64 characters.
PAGE 1552
2CSPC4.XModular-SWUM204.book Page 1552 Friday, March 15, 2013 9:24 AM The administrator can access the serial port even if he/she is locked out and reset the password or clear the config to regain control of the switch. This ensures that if a hacker tries to log in as admin and causes the account to be locked out, then the administrator with physical access to the switch can still log in and reactivate the admin account.
PAGE 1553
2CSPC4.XModular-SWUM204.book Page 1553 Friday, March 15, 2013 9:24 AM Configuring minimum value of 0 for the above parameters means no restriction on that set of characters and configuring maximum of 0 means disabling the restriction (or no limit on the maximum number of course limited by minimum password length). The Password strength feature applies to all login passwords (user, line and enable).
PAGE 1554
2CSPC4.XModular-SWUM204.book Page 1554 Friday, March 15, 2013 9:24 AM passwords aging Use the passwords aging command in Global Configuration mode to implement aging on passwords for local users. When a user’s password expires, the user is prompted to change it before logging in again. Use the no form of this command to set the password aging to the default value. Syntax passwords aging 1-365 no passwords aging Parameter Description This command does not require a parameter description.
PAGE 1555
2CSPC4.XModular-SWUM204.book Page 1555 Friday, March 15, 2013 9:24 AM Syntax passwords history 0-10 no passwords history Parameter Description This command does not require a parameter description. Default Configuration The default value is 0. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the number of previous passwords remembered by the system at 10.
PAGE 1556
2CSPC4.XModular-SWUM204.book Page 1556 Friday, March 15, 2013 9:24 AM Parameter Description This command does not require a parameter description. Default Behavior The default value is 0 or no lockout count is enforced. Command Mode Global Configuration mode. User Guidelines Password lockout only applies to users with authentication configured to local. RADIUS or TACACS authenticated users will use policies configured on the respective RADIUS/TACACS servers.
PAGE 1557
2CSPC4.XModular-SWUM204.book Page 1557 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures user bob with password xxxyymmmm and user level 15. (config)# username bob password xxxyyymmm level 15 passwords strength-check Use the passwords strength-check command in Global Configuration mode to enable the Password Strength feature.
PAGE 1558
2CSPC4.XModular-SWUM204.
PAGE 1559
2CSPC4.XModular-SWUM204.book Page 1559 Friday, March 15, 2013 9:24 AM Example console(config)#passwords strength minimum uppercase-letters 6 passwords strength minimum lowercase-letters Use this command to enforce a minimum number of lowercase letters that a password must contain. The valid range is 0–16. The default is 1. A setting of 0 means no restriction. Use the no form of this command to reset the minimum lowercase letters to the default value.
PAGE 1560
2CSPC4.XModular-SWUM204.book Page 1560 Friday, March 15, 2013 9:24 AM passwords strength minimum numericcharacters Use this command to enforce a minimum number of numeric numbers that a password should contain. The valid range is 0–16. The default is 1. A minimum of 0 means no restriction on that set of characters. Use the no form of this command to reset the minimum numeric characters to the default value.
PAGE 1561
2CSPC4.XModular-SWUM204.book Page 1561 Friday, March 15, 2013 9:24 AM passwords strength minimum special-characters Use this command to enforce a minimum number of special characters that a password may contain. The valid range is 0–16. The default is 1. A setting of 0 means no restriction. Special characters are one of the following characters (`! $ % ^ & * ( ) _ - + = { [ } ] : ; @ ' ~ # | \ < , > . / ) Use the no form of this command to reset the minimum special characters to the default value.
PAGE 1562
2CSPC4.XModular-SWUM204.book Page 1562 Friday, March 15, 2013 9:24 AM A maximum of 0 means there is no restriction on consecutive characters. Examples of consecutive characters are ABCDEF or 123456 or !”#$%&’(). Use the no form of this command to reset the maximum consecutive characters accepted to the default value.
PAGE 1563
2CSPC4.XModular-SWUM204.book Page 1563 Friday, March 15, 2013 9:24 AM Syntax passwords strength max-limit repeated-characters 0-15 no passwords strength max-limit repeated-characters Parameter Description This command does not require parameter descriptions. Default Behavior The default value is 0. Command Mode Global Configuration User Guidelines This command has no user guidelines.
PAGE 1564
2CSPC4.XModular-SWUM204.book Page 1564 Friday, March 15, 2013 9:24 AM Default Behavior The default value is 0. This limit is not enforced unless the passwords strength minimum character-classes command is configured with a value greater than 0.
PAGE 1565
2CSPC4.XModular-SWUM204.book Page 1565 Friday, March 15, 2013 9:24 AM Parameter Description This command does not require parameter descriptions. Default Behavior This command has no default configuration. Command Mode Global Configuration User Guidelines This command has no user guidelines.
PAGE 1566
2CSPC4.XModular-SWUM204.book Page 1566 Friday, March 15, 2013 9:24 AM show passwords configuration Use the show passwords configuration command in Privileged EXEC mode to display the configured password management settings. Syntax show passwords configuration Parameter Description The following fields are displayed by this command. Parameter Description Minimum Password Length Minimum number of characters required when changing passwords.
PAGE 1567
2CSPC4.XModular-SWUM204.book Page 1567 Friday, March 15, 2013 9:24 AM Parameter Description Minimum Password Character Classes Minimum number of character classes (uppercase, lowercase, numeric and special) required when configuring passwords. Password Exclude-Keywords Minimum number of character classes (uppercase, lowercase, numeric and special) required when configuring passwords. Default Configuration This command has no default configuration.
PAGE 1568
2CSPC4.XModular-SWUM204.book Page 1568 Friday, March 15, 2013 9:24 AM Maximum Password Repeated Characters........... 3 Minimum Password Character Classes............. 4 Password Exclude Keywords...................... brcm, brcm1,brcm2 show passwords result Use the show passwords result command in Privileged EXEC mode to display the last password set result information. Syntax show passwords result Parameter Description This command does not require a parameter description.
PAGE 1569
2CSPC4.XModular-SWUM204.book Page 1569 Friday, March 15, 2013 9:24 AM PHY Diagnostics Commands 71 This chapter explains the following commands: show copper-ports tdr test copper-port tdr show fiber-ports optical-transceiver – show copper-ports tdr Use the show copper-ports tdr command in Privileged EXEC mode to display the stored information regarding cable lengths. Syntax show copper-ports tdr [interface] • interface — A valid Ethernet port. The full syntax is unit / port.
PAGE 1570
2CSPC4.XModular-SWUM204.book Page 1570 Friday, March 15, 2013 9:24 AM Port Result Length [meters] ---- -------- --------------- Date --------------- 1/0/1 OK 1/0/2 Short 1/0/3 Test has not been performed 1/0/4 Open 128 1/0/5 Fiber - 50 13:32:00 23 July 2004 13:32:08 23 July 2004 - show fiber-ports optical-transceiver Use the show fiber-ports optical-transceiver command in Privileged EXEC mode to display the optical transceiver diagnostics.
PAGE 1571
2CSPC4.XModular-SWUM204.
PAGE 1572
2CSPC4.XModular-SWUM204.book Page 1572 Friday, March 15, 2013 9:24 AM This command takes the port offline to measure the cable length. Use the show copper-port tdr command to view the results.. Do you wish to continue and take the port offline (Y/N)?y The following example results in a failure to report on the cable attached to port te2/0/3.
PAGE 1573
2CSPC4.XModular-SWUM204.book Page 1573 Friday, March 15, 2013 9:24 AM 72 RMON Commands The PowerConnect SNMP component includes an RMON (remote monitoring) agent. RMON is a base technology used by network management applications to manage a network. Troubleshooting and network planning can be accomplished through the network management applications. The network monitor monitors traffic on a network and records selected portions of the network traffic and statistics.
PAGE 1574
2CSPC4.XModular-SWUM204.book Page 1574 Friday, March 15, 2013 9:24 AM Syntax rmon alarm number variable interval {delta | absolute} rising-threshold value [event-number] falling-threshold value [event-number] [owner string] [startup direction] no rmon alarm number Syntax Description Parameter Description number The alarm index. (Range: 1–65535) variable A fully qualified SNMP object identifier that resolves to a particular instance of a MIB object.
PAGE 1575
2CSPC4.XModular-SWUM204.book Page 1575 Friday, March 15, 2013 9:24 AM Parameter Description startup direction The alarm that may be sent when this entry is first set to valid. If the first sample (after this entry becomes valid) is greater than or equal to the rising-threshold, and direction is equal to rising or rising-falling, then a single rising alarm is generated.
PAGE 1576
2CSPC4.XModular-SWUM204.book Page 1576 Friday, March 15, 2013 9:24 AM rmon collection history Use the rmon collection history command in Interface Configuration mode to enable a Remote Monitoring (RMON) MIB history statistics group on an interface. To remove a specified RMON history statistics group, use the no form of this command. Also see the show rmon collection history command.
PAGE 1577
2CSPC4.XModular-SWUM204.book Page 1577 Friday, March 15, 2013 9:24 AM console(config)#interface gigabitethernet 1/0/8 console(config-if-1/0/8)#rmon collection history 1 interval 2400 rmon event Use the rmon event command in Global Configuration mode to configure an event. To remove an event, use the no form of this command. See also the show rmon events command.
PAGE 1578
2CSPC4.XModular-SWUM204.book Page 1578 Friday, March 15, 2013 9:24 AM Example The following example configures an event with the trap index of 10. console(config)#rmon event 10 log show rmon alarm Use the show rmon alarm command in User EXEC mode to display alarm configuration. Also see the rmon alarm command. Syntax show rmon alarm number • number — Alarm index. (Range: 1–65535) Default Configuration This command has no default configuration.
PAGE 1579
2CSPC4.XModular-SWUM204.book Page 1579 Friday, March 15, 2013 9:24 AM Rising Threshold: 8700000 Falling Threshold: 78 Rising Event: 1 Falling Event: 1 Owner: CLI The following table describes the significant fields shown in the display: Field Description Alarm Alarm index. OID Monitored variable OID. Last Sample Value The statistic value during the last sampling period. For example, if the sample type is delta, this value is the difference between the samples at the beginning and end of the period.
PAGE 1580
2CSPC4.XModular-SWUM204.book Page 1580 Friday, March 15, 2013 9:24 AM Field Description Falling Threshold A sampled statistic threshold. When the current sampled value is less than or equal to this threshold, and the value at the last sampling interval is greater than this threshold, a single event is generated. Rising Event The event index used when a rising threshold is crossed. Falling Event The event index used when a falling threshold is crossed. Owner The entity that configured this entry.
PAGE 1581
2CSPC4.XModular-SWUM204.book Page 1581 Friday, March 15, 2013 9:24 AM 3 1.3.6.1.2.1.2.2.1.10.9 CLI The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the entry. OID Monitored variable OID. Owner The entity that configured this entry. show rmon collection history Use the show rmon collection history command in User EXEC mode to display the requested group of statistics. Also see the rmon collection history command.
PAGE 1582
2CSPC4.XModular-SWUM204.book Page 1582 Friday, March 15, 2013 9:24 AM ---------------------------------------------------------1 1/0/1 30 50 50 CLI 2 1/0/1 1800 50 50 Manager The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the entry. Interface The sampled Ethernet interface. Interval The interval in seconds between samples. Requested Samples The requested number of samples to be saved.
PAGE 1583
2CSPC4.XModular-SWUM204.book Page 1583 Friday, March 15, 2013 9:24 AM console> show rmon events Index Description ----- ----------- Type ---Log Community Owner --------- ------ 1 Errors CLI 2 High Broadcast Log-Trap switch Last time sent ------------------Jan 18 2005 23:58:17 Manager Jan 18 2005 23:59:48 The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the event.
PAGE 1584
2CSPC4.XModular-SWUM204.book Page 1584 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode User EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Examples The following example displays RMON Ethernet Statistics history for "throughput" on index number 1.
PAGE 1585
2CSPC4.XModular-SWUM204.book Page 1585 Friday, March 15, 2013 9:24 AM Align ----------------------------------------------------09-Mar-2005110490 18:29:32 09-Mar-2005110270 18:29:42 The following example displays RMON Ethernet Statistics history for "other" on index number 1.
PAGE 1586
2CSPC4.XModular-SWUM204.book Page 1586 Friday, March 15, 2013 9:24 AM Field Description Multicast The number of good packets received during this sampling interval that were directed to a Multicast address. This number does not include packets addressed to the Broadcast address. % The best estimate of the mean physical layer network utilization on this interface during this sampling interval, in hundredths of a percent.
PAGE 1587
2CSPC4.XModular-SWUM204.book Page 1587 Friday, March 15, 2013 9:24 AM show rmon log Use the show rmon log command in User EXEC mode to display the RMON logging table. Syntax show rmon log [event] • event — Event index. (Range: 1–65535) Default Configuration This command has no default configuration. Command Mode User EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following examples display the RMON logging table.
PAGE 1588
2CSPC4.XModular-SWUM204.book Page 1588 Friday, March 15, 2013 9:24 AM 1 Errors Jan 18 2005 23:48:19 1 Errors Jan 18 2005 23:58:17 2 High Broadcast Jan 18 2005 23:59:48 The following table describes the significant fields shown in the display: Field Description Event An index that uniquely identifies the event. Description A comment describing this event. Time The time this entry was created.
PAGE 1589
2CSPC4.XModular-SWUM204.
PAGE 1590
2CSPC4.XModular-SWUM204.book Page 1590 Friday, March 15, 2013 9:24 AM Field Description Undersize Pkts The total number of packets received less than 64 octets long (excluding framing bits, but including FCS octets) and otherwise well formed. Oversize Pkts The total number of packets received longer than 1518 octets (excluding framing bits, but including FCS octets) and otherwise well formed.
PAGE 1591
2CSPC4.XModular-SWUM204.book Page 1591 Friday, March 15, 2013 9:24 AM SDM Templates Commands 73 On PowerConnect devices, the total available H/W route entries are divided statically (at compile-time) among IPV4 and IPv6 routes. If a switch is deployed in network environments where no IPv6 routes are needed, then H/W resources allocated for IPv6 routes are unused.
PAGE 1592
2CSPC4.XModular-SWUM204.book Page 1592 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description dual-ipv4-and-ipv6 This keyword filters subsequent template choices to those that support both IPv4 and IPv6. There is only one such template. It is selected using the keyword default. ipv4-routing This keyword filters subsequent template choices to those that support IPv4 and not IPv6.
PAGE 1593
2CSPC4.XModular-SWUM204.book Page 1593 Friday, March 15, 2013 9:24 AM Message Type Message Description Error Completion Message None show sdm prefer Use the show sdm prefer command in Privileged EXEC mode to view the currently active SDM template and its scaling parameters, or to view the scaling parameters for an inactive template.
PAGE 1594
2CSPC4.XModular-SWUM204.book Page 1594 Friday, March 15, 2013 9:24 AM Parameter Description IPv4 Multicast Routes The maximum number of IPv4 multicast forwarding table entries. IPv6 Multicast Routes The maximum number of IPv6 multicast forwarding table entries. Default Configuration This command has no default configuration.
PAGE 1595
2CSPC4.XModular-SWUM204.book Page 1595 Friday, March 15, 2013 9:24 AM The current template is the Dual IPv4 and IPv6 template. ARP Entries..................................6144 IPv4 Unicast Routes..........................8160 IPv6 NDP Entries.............................2560 IPv6 Unicast Routes..........................4096 ECMP Next Hops...............................4 IPv4 Multicast Routes........................1536 IPv6 Multicast Routes........................
PAGE 1596
2CSPC4.XModular-SWUM204.book Page 1596 Friday, March 15, 2013 9:24 AM IPv4 Multicast Routes........................1536 IPv6 Multicast Routes........................512 On the next reload, the template will be the IPv4-routing Default template. To list the scaling parameters for the data center template, invoke the command with the ipv4-routing data-center keywords. config# show sdm prefer ipv4-routing data-center Scaling parameters for the IPv4 data center template: ARP Entries........................
PAGE 1597
2CSPC4.XModular-SWUM204.book Page 1597 Friday, March 15, 2013 9:24 AM 74 Serviceability Tracing Packet Commands Debug commands cause the output of the enabled trace to display on a serial port or telnet console. Note that the output resulting from enabling a debug trace always displays on the serial port. The output resulting from enabling a debug trace displays on all login sessions for which any debug trace has been enabled.
PAGE 1598
2CSPC4.XModular-SWUM204.book Page 1598 Friday, March 15, 2013 9:24 AM debug console debug ip pimsm packet debug lacp debug dot1x debug ip vrrp debug mldsnooping show debugging debug igmpsnooping debug ipv6 dhcp debug ospf debug ip acl debug ipv6 mcache debug ospfv3 – debug ip dvmrp debug ipv6 mld – debug ping debug vrrp – NOTE: Debug commands are not persistent across resets. debug arp Use the debug arp command to enable tracing of ARP packets.
PAGE 1599
2CSPC4.XModular-SWUM204.book Page 1599 Friday, March 15, 2013 9:24 AM debug auto-voip Use the debug auto-voip command to enable Auto VOIP debug messages. Use the optional parameters to trace H323, SCCP, or SIP packets respectively. Use the “no” form of this command to disable Auto VOIP debug messages. Syntax debug auto-voip [ H323 | SCCP | SIP ] no debug auto-voip [ H323 | SCCP | SIP ] Default Configuration Auto VOIP tracing is disabled by default. Command Mode Privileged EXEC mode.
PAGE 1600
2CSPC4.XModular-SWUM204.book Page 1600 Friday, March 15, 2013 9:24 AM User Guidelines There are no usage guidelines for this command. Example console#debug clear debug console Use the debug console to enable the display of “debug” trace output on the login session in which it is executed. Debug console display must be enabled in order to view any trace output. The output of debug trace commands appears on all login sessions for which debug console has been enabled.
PAGE 1601
2CSPC4.XModular-SWUM204.book Page 1601 Friday, March 15, 2013 9:24 AM Syntax debug dot1x packet [ receive | transmit ] no debug dot1x packet [ receive | transmit ] Default Configuration Display of dot1x traces is disabled by default. Command Mode Privileged EXEC mode. User Guidelines There are no usage guidelines for this command. Example console#debug dot1x packet debug igmpsnooping Use the debug igmpsnooping to enable tracing of IGMP Snooping packets transmitted and/or received by the switch.
PAGE 1602
2CSPC4.XModular-SWUM204.book Page 1602 Friday, March 15, 2013 9:24 AM User Guidelines There are no usage guidelines for this command. Example console#debug igmpsnooping packet debug ip acl Use the debug ip acl command to enable debug of IP Protocol packets matching the ACL criteria. Use the “no” form of this command to disable IP ACL debugging. Syntax debug ip acl acl no debug ip acl acl • acl — The number of the IP ACL to debug. Default Configuration Display of IP ACL traces is disabled by default.
PAGE 1603
2CSPC4.XModular-SWUM204.book Page 1603 Friday, March 15, 2013 9:24 AM information such as source address, destination address, control packet type, packet length, and the interface on which the packet is received or transmitted is displayed on the console. Syntax debug ip dvmrp packet [ receive | transmit ] no debug ip dvmrp packet [ receive | transmit ] Default Configuration Display of DVMRP traces is disabled by default. Command Mode Privileged EXEC mode.
PAGE 1604
2CSPC4.XModular-SWUM204.book Page 1604 Friday, March 15, 2013 9:24 AM Default Configuration Display of IGMP traces is disabled by default. Command Mode Privileged EXEC mode. User Guidelines There are no usage guidelines for this command. Example console#debug ip igmp packet debug ip mcache Use the debug ip mcache command for tracing MDATA packet reception and transmission. The receive option traces only received data packets and the transmit option traces only transmitted data packets.
PAGE 1605
2CSPC4.XModular-SWUM204.book Page 1605 Friday, March 15, 2013 9:24 AM Example console#debug ip mcache packet debug ip pimdm packet Use the debug ip pimdm packet command to trace PIMDM packet reception and transmission. The receive option traces only received PIMDM packets and the transmit option traces only transmitted PIMDM packets. When neither keyword is used in the command, then all PIMDM packet traces are dumped.
PAGE 1606
2CSPC4.XModular-SWUM204.book Page 1606 Friday, March 15, 2013 9:24 AM debug ip pimsm packet Use the debug ip pimsm command to trace PIMSM packet reception and transmission. The receive option traces only received PIMSM packets and the transmit option traces only transmitted PIMSM packets. When neither keyword is used in the command, then all PIMSM packet traces are dumped.
PAGE 1607
2CSPC4.XModular-SWUM204.book Page 1607 Friday, March 15, 2013 9:24 AM Default Configuration Display of VRRP traces is disabled by default. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example console#debug ip vrrp debug ipv6 dhcp Use the debug ipv6 dhcp command in Privileged EXEC mode to display debug information about DHCPv6 client activities and to trace DHCPv6 packets to and from the local DHCPv6 client. To disable debugging, use the no form of the command.
PAGE 1608
2CSPC4.XModular-SWUM204.book Page 1608 Friday, March 15, 2013 9:24 AM Examples console#debug ipv6 dhcp debug ipv6 mcache Use the debug ipv6 mcache command to trace MDATAv6 packet reception and transmission. The receive option traces only received data packets and the transmit option traces only transmitted data packets. When neither keyword is used in the command, then all data packet traces are dumped.
PAGE 1609
2CSPC4.XModular-SWUM204.book Page 1609 Friday, March 15, 2013 9:24 AM is used in the command, then all MLD packet traces are dumped. Vital information such as source address, destination address, control packet type, packet length, and the interface on which the packet is received or transmitted is displayed on the console. Use the “no” form of this command to disable MLD tracing.
PAGE 1610
2CSPC4.XModular-SWUM204.book Page 1610 Friday, March 15, 2013 9:24 AM no debug ipv6 pimdm packet [ receive | transmit ] Default Configuration Display of PIMDMv6 traces is disabled by default. Command Mode Privileged EXEC mode. Usage Guidelines There are no usage guidelines for this command. Example console#debug ipv6 pimdm packet debug ipv6 pimsm Use the debug ipv6 pimsm command to trace PIMSMv6 packet reception and transmission.
PAGE 1611
2CSPC4.XModular-SWUM204.book Page 1611 Friday, March 15, 2013 9:24 AM Usage Guidelines There are no usage guidelines for this command. Example console#debug ipv6 pimsm packet debug isdp Use the debug isdp command to trace ISDP packet reception and transmission. The receive option traces only received ISDP packets and the transmit option traces only transmitted ISDP packets. When neither keyword is used in the command, then all ISDP packet traces are dumped.
PAGE 1612
2CSPC4.XModular-SWUM204.book Page 1612 Friday, March 15, 2013 9:24 AM debug lacp Use the debug lacp command to enable tracing of LACP packets received and transmitted by the switch. Use the “no” form of this command to disable tracing of LACP packets. Syntax debug lacp packet no debug lacp packet Default Configuration Display of LACP traces is disabled by default. Command Mode Privileged EXEC mode. Usage Guidelines There are no usage guidelines for this command.
PAGE 1613
2CSPC4.XModular-SWUM204.book Page 1613 Friday, March 15, 2013 9:24 AM no debug mldsnooping packet [ receive | transmit ] Default Configuration Display of MLD Snooping traces is disabled by default. Command Mode Privileged EXEC mode. Usage Guidelines There are no usage guidelines for this command. Example console#debug mldsnooping debug ospf Use the debug ospf command to enable tracing of OSPF packets received and transmitted by the switch.
PAGE 1614
2CSPC4.XModular-SWUM204.book Page 1614 Friday, March 15, 2013 9:24 AM debug ospfv3 Use the debug ospfv3 command to enable tracing of OSPFv3 packets received and transmitted by the switch. Use the “no” form of this command to disable tracing of OSPFv3 packets. Syntax debug ospfv3 packet no debug ospfv3 packet Default Configuration Display of OSPFv3 traces is disabled by default. Command Mode Privileged EXEC mode. Usage Guidelines There are no usage guidelines for this command.
PAGE 1615
2CSPC4.XModular-SWUM204.book Page 1615 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode. Usage Guidelines There are no usage guidelines for this command. Example The following example displays. console#debug ping packet debug rip Use the debug rip command to enable tracing of RIP requests and responses. Use the “no” form of this command to disable tracing of RIP requests and responses.
PAGE 1616
2CSPC4.XModular-SWUM204.book Page 1616 Friday, March 15, 2013 9:24 AM debug sflow Use the debug sflow command to enable sFlow debug packet trace. Use the “no” form of this command to disable sFlow packet tracing. Syntax debug sflow packet no debug sflow packet Default Configuration Display of sFlow traces is disabled by default. Command Mode Privileged EXEC mode. Usage Guidelines There are no usage guidelines for this command.
PAGE 1617
2CSPC4.XModular-SWUM204.book Page 1617 Friday, March 15, 2013 9:24 AM Default Configuration Display of spanning tree BPDU traces is disabled by default. Command Mode Privileged EXEC mode. Usage Guidelines There are no usage guidelines for this command. Example console#debug spanning-tree bpdu debug vrrp Use the debug vrrp command in Privileged EXEC mode to enable VRRP debug protocol messages. Use the no form of this command to disable VRRP debug protocol messages.
PAGE 1618
2CSPC4.XModular-SWUM204.book Page 1618 Friday, March 15, 2013 9:24 AM Syntax show debugging no show debugging Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes Usage Guidelines Enabled packet tracing configurations are displayed. Example console #debug arp Arp packet tracing enabled. console #show debugging Arp packet tracing enabled.
PAGE 1619
2CSPC4.XModular-SWUM204.book Page 1619 Friday, March 15, 2013 9:24 AM 75 Sflow Commands sFlow® is the standard for monitoring high-speed switched and routed networks. sFlow technology is built into network equipment and gives complete visibility into network activity, enabling effective management and control of network resources. The sFlow monitoring system consists of an sFlow Agent (embedded in a switch or router or in a stand-alone probe) and a central sFlow Collector.
PAGE 1620
2CSPC4.XModular-SWUM204.book Page 1620 Friday, March 15, 2013 9:24 AM Syntax sflow rcvr_index destination { ip-address [ port ] | maxdatagram size | owner "owner_string" {notimeout|timeout rcvr_timeout} no sflow rcvr_index destination [ip-address | maxdatagram | owner ] • rcvr_index — The index of this sFlow Receiver (Range: 1–8). • ip-address — The sFlow receiver IP address. If set to 0.0.0.0, no sFlow datagrams will be sent.
PAGE 1621
2CSPC4.XModular-SWUM204.book Page 1621 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode. User Guidelines An sflow destination entry must have an owner assigned in order for polling or sampling to be configured. The last set of command parameters are optional in the no form of the command. Sflow commands with a timeout value supplied do not show in the running config. Because the timer is actively running, the command is ephemeral and is therefore not shown in the running config.
PAGE 1622
2CSPC4.XModular-SWUM204.book Page 1622 Friday, March 15, 2013 9:24 AM Default Configuration There are no pollers configured by default. The default poll interval is 0. Command Mode Global Configuration mode. User Guidelines The sflow instance must be configured using the sflow destination owner command before this command can successfully execute.
PAGE 1623
2CSPC4.XModular-SWUM204.book Page 1623 Friday, March 15, 2013 9:24 AM Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example console(config-if-1/0/2)#sflow 1 polling 6055 sflow sampling Use the sflow sampling command to enable a new sflow sampler instance for this data source if rcvr_idx is valid. An sflow sampler collects flow samples to send to the receiver. Use the “no” form of this command to reset sampler parameters to the default.
PAGE 1624
2CSPC4.XModular-SWUM204.book Page 1624 Friday, March 15, 2013 9:24 AM The default size is 128. Command Mode Global Configuration mode. User Guidelines Lower sampling numbers cause more samples to be collected and increase the load on the CPU. Setting a sampling rate of 1024 on a large number of ports may tax the CPU beyond it's ability to deliver the packets to the receiver. Lowering the sampling rate (higher numerical value) will help to ensure that all collected samples can be sent to the receiver.
PAGE 1625
2CSPC4.XModular-SWUM204.book Page 1625 Friday, March 15, 2013 9:24 AM Default Configuration There are no samplers configured by default. The default sampling rate is 0. The default maximum header size is 128. Command Mode Interface Configuration (Ethernet) mode User Guidelines Lower sampling numbers cause more samples to be collected and increase the load on the CPU. Setting a sampling rate of 1024 on a large number of ports may tax the CPU beyond it's ability to deliver the packets to the receiver.
PAGE 1626
2CSPC4.XModular-SWUM204.book Page 1626 Friday, March 15, 2013 9:24 AM sFlow Version Uniquely identifies the version and implementation of this MIB. The version string must have the following structure: MIB Version; Organization; Software Revision where: MIB Version: 1.3, the version of this MIB. Organization: Dell Corp. Revision: 1.0 IP Address The IP address associated with this agent. Example console#show sflow agent sFlow Version.......................... 1.3;Dell Inc.;10.23.18.28 IP Address.......
PAGE 1627
2CSPC4.XModular-SWUM204.book Page 1627 Friday, March 15, 2013 9:24 AM Owner String The identity string for receiver, the entity making use of this sFlowRcvrTable entry. Time Out The time (in seconds) remaining before the receiver is released and stops sending samples to sFlow receiver. Max Datagram Size The maximum number of bytes that can be sent in a single sFlow datagram. Port The destination Layer4 UDP port for sFlow datagrams. Example console(config)#show sflow 1 destination Receiver Index...
PAGE 1628
2CSPC4.XModular-SWUM204.book Page 1628 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines The following fields are displayed: Poller Data Source The sFlowDataSource (unit/slot/port) for this sFlow sampler. This agent will support Physical ports only. Receiver Index The sFlowReceiver associated with this sFlow counter poller.
PAGE 1629
2CSPC4.XModular-SWUM204.book Page 1629 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines The following fields are displayed: Sampler Data Source The sFlowDataSource (unit/slot/port) for this sFlow sampler. This agent will support Physical ports only. Receiver Index The sFlowReceiver configured for this sFlow sampler. Packet Sampling Rate The statistical sampling rate for packet sampling from this source.
PAGE 1630
2CSPC4.XModular-SWUM204.
PAGE 1631
2CSPC4.XModular-SWUM204.book Page 1631 Friday, March 15, 2013 9:24 AM 76 SNMP Commands The SNMP component provides a machine-to-machine interface for the PowerConnect product family. This includes the ability to configure the network device, view settings and statistics, and upload or download code or configuration images.
PAGE 1632
2CSPC4.XModular-SWUM204.book Page 1632 Friday, March 15, 2013 9:24 AM Syntax show snmp Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays the SNMP communications status.
PAGE 1633
2CSPC4.XModular-SWUM204.book Page 1633 Friday, March 15, 2013 9:24 AM Version 3 notifications Target Address Type Username Security UDP Filter TO Retries Level Port name Sec -------------- ----- -------- -------- ---- ------ --- -----192.122.173.42 Inform Bob Priv 162 filt31 15 3 System Contact: Robert System Location: Marketing show snmp engineID Use the show snmp engineID command in Privileged EXEC mode to display the ID of the local Simple Network Management Protocol (SNMP) engine.
PAGE 1634
2CSPC4.XModular-SWUM204.book Page 1634 Friday, March 15, 2013 9:24 AM Syntax show snmp filters filtername filtername — Specifies the name of the filter. (Range: 1-30) • Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines Per RFC 2573, an implicit exclude all filter is present at the beginning of every filter list. This implicit filter is not shown in the output of this command.
PAGE 1635
2CSPC4.XModular-SWUM204.book Page 1635 Friday, March 15, 2013 9:24 AM show snmp group Use the show snmp group command in Privileged EXEC mode to display the configuration of groups. Syntax show snmp group [groupname] • groupname — Specifies the name of the group. (Range: 1-30) Default Configuration This command has no default configuration.
PAGE 1636
2CSPC4.XModular-SWUM204.book Page 1636 Friday, March 15, 2013 9:24 AM Model ----------------- -----user-group V3 Level -----Auth-Priv Read Write Notify -------- -------- ------Default "" "" The following table contains field descriptions. Field Description Name Name of the group Security Model SNMP model in use (v1, v2 or v3) Security Level Authentication of a packet with encryption. Applicable only to SNMP Version 3 security model.
PAGE 1637
2CSPC4.XModular-SWUM204.book Page 1637 Friday, March 15, 2013 9:24 AM User Guidelines The user name accepts any printable characters except a double quote or question mark. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may accept entries up to the first illegal character or reject the entry entirely.
PAGE 1638
2CSPC4.XModular-SWUM204.book Page 1638 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following examples display the configuration of views with and without a view name specified. console# show snmp views Name OID Tree Type ----------- ----------------------- --------- user-view1 1.3.6.1.2.1.1 Included user-view1 1.3.6.1.2.1.1.7 Excluded user-view2 1.3.6.1.2.1.2.2.1.*.
PAGE 1639
2CSPC4.XModular-SWUM204.book Page 1639 Friday, March 15, 2013 9:24 AM Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example #1 console#show trapflags Authentication Flag......................... Disable Auto-copy-sw Flag........................... Enable Dot1q Flag.................................. Enable Link Up/Down Flag...........................
PAGE 1640
2CSPC4.XModular-SWUM204.book Page 1640 Friday, March 15, 2013 9:24 AM bad packet.......................Enabled config error.....................Enabled virt authentication failure .....Disabled virt bad packet..................Disabled virt config error................Disabled if-rx: if-rxpacket...............Disabled lsa: lsamaxage...................Disabled lsaoriginate.....................Disabled overflow: lsdboverflow...........Enabled lsdb-approaching-overflow........Enabled retransmit: packets......
PAGE 1641
2CSPC4.XModular-SWUM204.book Page 1641 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description string Permits access to the SNMP protocol. (Range: 1-20 characters) ro Indicates read-only access. rw Indicates read-write access. su Indicates SNMP administrator access. ipaddress Specifies the IP address of the management station. If no IP address is specified, all management stations are permitted. view-name Specifies the name of a previously defined view.
PAGE 1642
2CSPC4.XModular-SWUM204.book Page 1642 Friday, March 15, 2013 9:24 AM The community name may include any printable characters except a double quote or question mark. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may accept entries up to the first illegal character or reject the entry entirely.
PAGE 1643
2CSPC4.XModular-SWUM204.book Page 1643 Friday, March 15, 2013 9:24 AM User Guidelines The group-name parameter can be used to restrict the access rights of a community string. When it is specified, the software: • Generates an internal security-name. • Maps the internal security-name for SNMPv1 and SNMPv2 security models to the group-name. Example The following example maps a community access string dell_community to group dell_group.
PAGE 1644
2CSPC4.XModular-SWUM204.book Page 1644 Friday, March 15, 2013 9:24 AM Example The following example displays setting up the system contact point as "Dell_Technical_Support". console(config)# snmp-server contact Dell_Technical_Support snmp-server enable traps Use the snmp-server enable traps command in Global Configuration mode to enable sending SNMP traps globally or to enable sending individual SNMP traps. Use the no form of this command to disable sending SNMP traps individually or globally.
PAGE 1645
2CSPC4.XModular-SWUM204.book Page 1645 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description acl Enable traps on ACL match events. all Enable all traps (not recommended). auto-copy-sw Enable traps on automatic download of switch software. captive-portal Enable captive-portal traps. dot1q Enable traps on VLAN configuration failures. dvmrp Enable dvmrp traps. maclock Enable traps on MAC locking violations. ospf Enable OSPF event traps. ospfv3 Enable OSPFv3 event traps.
PAGE 1646
2CSPC4.XModular-SWUM204.book Page 1646 Friday, March 15, 2013 9:24 AM Example The following example displays the options for the snmp-server enable traps command.
PAGE 1647
2CSPC4.XModular-SWUM204.book Page 1647 Friday, March 15, 2013 9:24 AM User Guidelines If you want to use SNMPv3, you need to specify an engine ID for the device. You can specify your own ID or use a default string that is generated using the MAC address of the device. If the SNMPv3 engine ID is deleted, or the configuration file is erased, then SNMPv3 cannot be used.
PAGE 1648
2CSPC4.XModular-SWUM204.book Page 1648 Friday, March 15, 2013 9:24 AM • oid-tree — Specifies the object identifier of the ASN.1 subtree to be included or excluded from the view. To identify the subtree, specify a text string consisting of numbers, such as 1.3.6.2.4, or a word, such as system. Replace a single subidentifier with the asterisk (*) wildcard to specify a subtree family; for example, 1.3.*.4. • included — Indicates that the filter type is included.
PAGE 1649
2CSPC4.XModular-SWUM204.book Page 1649 Friday, March 15, 2013 9:24 AM snmp-server group Use the snmp-server group command in Global Configuration mode to configure a new Simple Management Protocol (SNMP) group or a table that maps SNMP users to SNMP views. To remove a specified SNMP group, use the no form of this command.
PAGE 1650
2CSPC4.XModular-SWUM204.book Page 1650 Friday, March 15, 2013 9:24 AM • writeview — A string that is the name of the view that enables the user to enter data and configure the contents of the agent. If unspecified, nothing is defined for the write view. (Range: 1-30 characters.) Default Configuration No group entry exists. There will be some default groups for Read/Write/Super users. These groups cannot be deleted or modified by the user. This command is used only to configure the user-defined groups.
PAGE 1651
2CSPC4.XModular-SWUM204.book Page 1651 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description host-addr Specifies the IP address of the host (targeted recipient) or the name of the host. (Range:1-158 characters) community-string Specifies a password-like community string sent with the notification operation. (Range: 1-20 characters) traps Indicates that SNMP traps are sent to this host. version 1 Indicates that SNMPv1 traps will be used.
PAGE 1652
2CSPC4.XModular-SWUM204.book Page 1652 Friday, March 15, 2013 9:24 AM User Guidelines If a DNS host name is entered instead of an IP address, the switch attempts to resolve the host name immediately using DNS. Use the ip domain-lookup command on page 502 and the ip name-server command on page 504 to enable resolution of DNS host names. Example The following example enables SNMP traps for host 192.16.12.143. console(config)# snmp-server host 192.16.12.
PAGE 1653
2CSPC4.XModular-SWUM204.book Page 1653 Friday, March 15, 2013 9:24 AM snmp-server user Use the snmp-server user command in Global Configuration mode to configure a new SNMP Version 3 user. To delete a user, use the no form of this command.
PAGE 1654
2CSPC4.XModular-SWUM204.book Page 1654 Friday, March 15, 2013 9:24 AM • priv-des-key — The CBC-DES Symmetric Encryption privacy level. The user should enter a pregenerated MD5 or SHA key depending on the authentication level selected. • des-key — The pregenerated DES encryption key. Length is determined by authentication method selected —32 hex characters if MD5 Authentication is selected, 40 hex characters if SHA Authentication is selected. Default Configuration No user entry exists.
PAGE 1655
2CSPC4.XModular-SWUM204.book Page 1655 Friday, March 15, 2013 9:24 AM • view-name — Specifies the label for the view record that is being created or updated. The name is used to reference the record. (Range: 1-30 characters.) • oid-tree — Specifies the object identifier of the ASN.1 subtree to be included or excluded from the view. To identify the subtree, specify a text string consisting of numbers, such as 1.3.6.2.4, or a word, such as system.
PAGE 1656
2CSPC4.XModular-SWUM204.book Page 1656 Friday, March 15, 2013 9:24 AM snmp-server v3-host Use the snmp-server v3-host command in Global Configuration mode to specify the recipient of Simple Network Management Protocol Version 3 (SNMPv3) notifications. To remove the specified host, use the no form of this command.
PAGE 1657
2CSPC4.XModular-SWUM204.book Page 1657 Friday, March 15, 2013 9:24 AM Default Configuration Default configuration is 3 retries and 15 seconds timeout. Command Mode Global Configuration mode User Guidelines The username can include any printable characters except a double quote or question mark. Enclose the string in double quotes to include spaces within the key. The surrounding quotes are not used as part of the key.
PAGE 1658
2CSPC4.XModular-SWUM204.
PAGE 1659
2CSPC4.XModular-SWUM204.book Page 1659 Friday, March 15, 2013 9:24 AM 77 SSH Commands Management access to the switch is supported via telnet, SSH, or the serial console. The PowerConnect supports secure shell (SSH) and secure sockets layer (SSL) to help ensure the security of network transactions. Keys and certificates can be generated externally (that is, offline) and downloaded to the target or generated directly by the PowerConnect.
PAGE 1660
2CSPC4.XModular-SWUM204.book Page 1660 Friday, March 15, 2013 9:24 AM Default Configuration DSA key pairs do not exist. Command Mode Global Configuration mode User Guidelines DSA keys are generated in pairs: one public DSA key and one private DSA key. If your switch already has DSA keys when you issue this command, you are warned and prompted to replace the existing keys.
PAGE 1661
2CSPC4.XModular-SWUM204.book Page 1661 Friday, March 15, 2013 9:24 AM User Guidelines RSA keys are generated in pairs: one public RSA key and one private RSA key. If your switch already has RSA keys when you issue this command, you are warned and prompted to replace the existing keys. The keys are not saved in the switch configuration; they are saved in the file system and the private key is never displayed to the user.
PAGE 1662
2CSPC4.XModular-SWUM204.
PAGE 1663
2CSPC4.XModular-SWUM204.book Page 1663 Friday, March 15, 2013 9:24 AM crypto key zeroize {rsa|dsa} Use the crypto key zeroize {rsa|dsa} command in Global Configuration mode to delete the RSA or DSA keys from the switch. Syntax crypto key zeroize {rsa|dsa} Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines.
PAGE 1664
2CSPC4.XModular-SWUM204.book Page 1664 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines The SSH TCP port should not be set to a value that might conflict with other well-known protocol port numbers used on this switch. Example The following example specifies the port to be used by the SSH server as 8080.
PAGE 1665
2CSPC4.XModular-SWUM204.book Page 1665 Friday, March 15, 2013 9:24 AM console(config)#ip ssh pubkey-auth ip ssh server Use the ip ssh server command in Global Configuration mode to enable the switch to be configured from SSH. To disable this function, use the no form of this command. Syntax ip ssh server no ip ssh server Default Configuration The SSH server is disabled by default.
PAGE 1666
2CSPC4.XModular-SWUM204.book Page 1666 Friday, March 15, 2013 9:24 AM • key-string — The UU-encoded DER format is the same format as the authorized keys file used by OpenSSH. Default Configuration By default, the key-string is empty. Command Mode SSH Public Key Configuration mode User Guidelines Use the key-string row command to specify which SSH public key you will configure interactively next. To complete the interactive command, you must enter key-string row with no characters.
PAGE 1667
2CSPC4.XModular-SWUM204.book Page 1667 Friday, March 15, 2013 9:24 AM zNR4DYDvSzg0lDnwCAC8Qh Fingerprint: a4:16:46:23:5a:8d:1d:b5:37:59:eb:44:13:b9:33:e9 console(config)#crypto key pubkey-chain ssh console(config-pubkey-chain)#user-key bob rsa console(config-pubkey-key)#key-string row AAAAB3Nza console(config-pubkey-key)#key-string row C1yc2 no crypto certificate Use the no crypto certificate command in Global Configuration mode to display the SSH public keys of the switch.
PAGE 1668
2CSPC4.XModular-SWUM204.book Page 1668 Friday, March 15, 2013 9:24 AM show crypto key mypubkey Use the show crypto key mypubkey command in Privileged EXEC mode to display the SSH public keys of the switch. Syntax show crypto key mypubkey [rsa | dsa] • rsa — RSA key. • dsa — DSA key. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 1669
2CSPC4.XModular-SWUM204.book Page 1669 Friday, March 15, 2013 9:24 AM show crypto key pubkey-chain ssh Use the show crypto key pubkey-chain ssh command in Privileged EXEC mode to display SSH public keys stored on the switch. Syntax show crypto key pubkey-chain ssh [username username] [fingerprint bubblebabble | hex] • username — Specifies the remote SSH client username. (Range: 1–48 characters) • bubble-babble — Fingerprints in Bubble Babble format. • hex — Fingerprint in Hex format.
PAGE 1670
2CSPC4.XModular-SWUM204.book Page 1670 Friday, March 15, 2013 9:24 AM ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAywqRKTRnexccxVUVTeMl+Gkh imyUDhcTkgEfssLPMsgoXlTwzCE5+97UIIsSRKQQWR+pBNl45tCYd75LUofV 4LP6Lj1Q5Q0w5lBgiqC2MZ/iBHGSsHMAE0lpYtelZprDu4uiZHMuWezmdQp9 a1PU4jwQ22TlcfaUq3sqC3FMUoU= Fingerprint: 2f:09:e7:6f:c9:bf:ab:04:d4:6f:a0:eb:e8:df:7a:11 show ip ssh Use the show ip ssh command in Privileged EXEC mode to display the SSH server configuration.
PAGE 1671
2CSPC4.XModular-SWUM204.book Page 1671 Friday, March 15, 2013 9:24 AM user-key Use the user-key command in SSH Public Key Chain Configuration mode to specify which SSH public key you are configuring manually. To remove a SSH public key, use the no form of this command. Syntax user-key username {rsa | dsa} no user-key username • username — Specifies the remote SSH client username. (Range: 1 to 40 characters) • rsa — RSA key • dsa — DSA key Default Configuration By default, there are no keys.
PAGE 1672
2CSPC4.XModular-SWUM204.
PAGE 1673
2CSPC4.XModular-SWUM204.book Page 1673 Friday, March 15, 2013 9:24 AM 78 Syslog Commands The PowerConnect supports a centralized logging subsystem with support for local in memory logs, crash dump logs, and forwarding messages to syslog servers. All switch components use the logging subsystem.
PAGE 1674
2CSPC4.XModular-SWUM204.book Page 1674 Friday, March 15, 2013 9:24 AM <190> JAN 10 18:59:17 10.27.21.22-2 CLI_WEB[209809328]: cmd_logger_api.c(260) 369 %% [CLI:----:EIA-232] Access level of user admin has been set to 15 If enabled, the CLI command logger subsystem begins to log commands immediately after the user is authenticated. After authentication, the CLI generates an explicit message and invokes the command logger. The format of the message at login is: <189> JAN 10 18:58:56 10.27.21.
PAGE 1675
2CSPC4.XModular-SWUM204.book Page 1675 Friday, March 15, 2013 9:24 AM logging console – clear logging Use the clear logging command in Privileged EXEC mode to clear messages from the internal logging buffer. Syntax clear logging Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example clears messages from the internal syslog message logging buffer.
PAGE 1676
2CSPC4.XModular-SWUM204.book Page 1676 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC User Guidelines This command has no user guidelines. Example The following example shows the clear logging file command and confirmation response. console#clear logging file Clear logging file [y/n] description (Logging) Use the description command in Logging mode to describe the syslog server. Syntax description description • description — Sets the description of the syslog server.
PAGE 1677
2CSPC4.XModular-SWUM204.book Page 1677 Friday, March 15, 2013 9:24 AM level Use the level command in Logging mode to specify the severity level of syslog messages. To reset to the default value, use the no form of the command. Syntax level level no level Parameter Description Parameter Description level The severity level for syslog messages. (Range: emergency, alert, critical, error, warning, notice, info, debug) Default Configuration The default value for level is info.
PAGE 1678
2CSPC4.XModular-SWUM204.book Page 1678 Friday, March 15, 2013 9:24 AM Syntax logging cli-command no logging cli-command Default Configuration Disabled Command Mode Global Configuration User Guidelines See the CLI commands by using the show logging command. Example console(config)#logging cli-command console(config)#do show logging Logging is enabled Console Logging: level warnings. Console Messages: 384 Dropped. Buffer Logging: level informational.
PAGE 1679
2CSPC4.XModular-SWUM204.book Page 1679 Friday, March 15, 2013 9:24 AM <190> JAN 10 18:59:17 10.27.21.22-2 CLI_WEB[209809328]: cmd_logger_api.c(260) 369 %% [CLI:----:EIA-232] Access level of user admin has been set to 15 <189> JAN 10 18:59:19 10.27.21.22-2 CMDLOGGER[209809328]: cmd_logger_api.c(83) 370 %% CLI:EIA-232:----:exit <189> JAN 10 18:59:22 10.27.21.22-2 CMDLOGGER[209809328]: cmd_logger_api.c(83) 371 %% CLI:EIA-232:----:telnet 10.27.21.22 <189> JAN 10 18:59:27 10.27.21.
PAGE 1680
2CSPC4.XModular-SWUM204.book Page 1680 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration mode User Guidelines Up to eight syslog servers can be used. The Dell PowerConnect always uses the local7(23) facility in the syslog message. Syslog messages will not exceed 96 bytes in length. Syslog messages use the following format: <130> JAN 01 00:00:06 0.0.0.0-1 UNKN[0x800023]: bootos.
PAGE 1681
2CSPC4.XModular-SWUM204.book Page 1681 Friday, March 15, 2013 9:24 AM Component Name Component name for the logging component. Components must use the new APIs in order to enable identification of the logging component. Component UNKN is substituted for components that do not use the new logging APIs. Thread ID The thread ID of the logging component. File Name The name of the file containing the invoking macro. Line Number The line number which contains the invoking macro.
PAGE 1682
2CSPC4.XModular-SWUM204.book Page 1682 Friday, March 15, 2013 9:24 AM logging buffered Use the logging buffered command in Global Configuration mode to limit syslog messages displayed from an internal buffer based on severity. To cancel the buffer use, use the no form of this command. Syntax logging buffered [severity–level] no logging buffered Parameter Description Parameter Description severity–level (Optional) The number or name of the desired severity level.
PAGE 1683
2CSPC4.XModular-SWUM204.book Page 1683 Friday, March 15, 2013 9:24 AM Example The following example limits syslog messages collected in the internal buffer to those of severity level "error" and above (numerically lower). console(config)#logging buffered error logging console Use the logging console command in Global Configuration mode to limit messages logged to the console based on severity. To disable logging to the console terminal, use the no form of this command.
PAGE 1684
2CSPC4.XModular-SWUM204.book Page 1684 Friday, March 15, 2013 9:24 AM User Guidelines Messages at the selected level and above (numerically lower) are displayed on the console. Example The following example limits messages logged to the console based on severity level "alert". console(config)#logging console alert logging facility Use the logging facility command in Global Config mode to configure the facility to be used in log messages.
PAGE 1685
2CSPC4.XModular-SWUM204.book Page 1685 Friday, March 15, 2013 9:24 AM console(config)#logging facility local3 logging file Use the logging file command in Global Configuration mode to limit syslog messages sent to the logging file based on severity. To cancel the buffer, use the no form of this command. Syntax logging file [severity–level-number | type] no logging file Parameter Description Parameter Description severity–level–number (Optional) The number or name of the desired severity level.
PAGE 1686
2CSPC4.XModular-SWUM204.book Page 1686 Friday, March 15, 2013 9:24 AM Example The following example limits syslog messages stored in the logging file to severity level "warning" and above (numerically lower). console(config)#logging file warning logging monitor Use the logging monitor command in Global Config mode to enable logging messages to telnet and SSH sessions with the default severity level. Use the no logging monitor command to disable logging messages.
PAGE 1687
2CSPC4.XModular-SWUM204.book Page 1687 Friday, March 15, 2013 9:24 AM Command Mode Global Config mode User Guidelines Messages logged to the console are filtered based on severity. Selecting a severity level will log that severity and higher (numerically lower) level messages. logging on Use the logging on command in Global Configuration mode to control error messages logging. This command globally enables the sending of logging messages to the currently configured locations.
PAGE 1688
2CSPC4.XModular-SWUM204.book Page 1688 Friday, March 15, 2013 9:24 AM Example The following example shows how logging is enabled. console(config)#logging on logging snmp Use the logging snmp command in Global Configuration mode to enable SNMP Set command logging. To disable, use the no form of this command. Syntax logging snmp no logging snmp Default Configuration Disabled. Command Mode Global Configuration mode User Guidelines To see SNMP Set command logs use the show logging command.
PAGE 1689
2CSPC4.XModular-SWUM204.book Page 1689 Friday, March 15, 2013 9:24 AM Default Configuration Disabled. Command Mode Global Configuration mode User Guidelines To see web session logs use the show logging command. Example console(config)#logging web-session <133> MAR 24 07:46:07 10.131.7.165-2 UNKN[83102768]: cmd_logger_api.c(140) 764 %% WEB:10.131.7.67:<>:EwaSessionLookup : session[0] created <133> MAR 24 07:46:07 10.131.7.165-2 UNKN[83102768]: cmd_logger_api.c(140) 765 %% WEB:10.131.7.
PAGE 1690
2CSPC4.XModular-SWUM204.book Page 1690 Friday, March 15, 2013 9:24 AM Default Configuration The default port number is 514. Command Mode Logging mode User Guidelines After entering the view corresponding to a specific syslog server, the command can be executed to set the port number for the server. Example The following example sets the syslog message port to 300.
PAGE 1691
2CSPC4.XModular-SWUM204.book Page 1691 Friday, March 15, 2013 9:24 AM console#show logging Logging is enabled. Console Logging: level warnings. Console Messages: 1778 Dropped. Buffer Logging: level informational. Buffer Messages: 983 Logged, File Logging: level notActive. File Messages: 1783 Dropped. CLI Command Logging : disabled Switch Auditing : disabled Web Session Logging : disabled SNMP Set Command Logging : disabled 1141 Messages dropped due to lack of resources. Buffer Log: <190> JAN 10 16:26:53 0.
PAGE 1692
2CSPC4.XModular-SWUM204.book Page 1692 Friday, March 15, 2013 9:24 AM Example The following example displays the state of logging and syslog messages sorted in the logging file. console#show logging file Persistent Logging : enabled Persistent Log Count : 1 <186> JAN 01 00:00:05 0.0.0.0-1 UNKN[268434928]: bootos.c(382) 3 %% Event(0xaaaaaaaa) show syslog-servers Use the show syslog-servers command in Privileged EXEC mode to display the syslog servers settings.
PAGE 1693
2CSPC4.XModular-SWUM204.book Page 1693 Friday, March 15, 2013 9:24 AM 192.180.2.275 14 Info local7 7 192.180.2.285 14 Warning local7 7 terminal monitor Use the terminal monitor command in Privileged EXEC mode to enable the display of logging messages on the terminal for telnet and SSH sessions. Syntax terminal monitor no terminal monitor Default Configuration The default setting is terminal monitor.
PAGE 1694
2CSPC4.XModular-SWUM204.
PAGE 1695
2CSPC4.XModular-SWUM204.
PAGE 1696
2CSPC4.XModular-SWUM204.book Page 1696 Friday, March 15, 2013 9:24 AM Syntax asset-tag [unit] tag no asset-tag [unit] • unit — Switch number. (Range: 1–12) • tag — The switch asset tag. Default Configuration No asset tag is defined by default. Command Mode Global Configuration mode User Guidelines The asset-tag command accepts any printable characters for a tag name except a double quote or question mark. Enclose the string in double quotes to include spaces within the name.
PAGE 1697
2CSPC4.XModular-SWUM204.book Page 1697 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The exec message may consist of multiple lines. Enter a quote to complete the message and return to configuration mode. Up to 2000 characters may be entered into a banner. Each line entered will consume an extra two characters to account for the carriage return and line feed.
PAGE 1698
2CSPC4.XModular-SWUM204.book Page 1698 Friday, March 15, 2013 9:24 AM User Guidelines The login banner can consist of multiple lines. Enter a quote to end the banner text and return to the configuration prompt. Up to 2000 characters may be entered into a banner. Each line entered will consume an extra two characters to account for the carriage return and line feed. Different terminal emulators will exhibit different behaviors when logging in over SSH.
PAGE 1699
2CSPC4.XModular-SWUM204.book Page 1699 Friday, March 15, 2013 9:24 AM The motd banner is usually displayed prior to logging into the switch, although some protocols, for example SSH, may enforce different behavior. See the user guidelines for banner motd acknowledge for some examples. Example console(config)# banner motd “IMPORTANT: There is a power shutdown at 23:00hrs today, duration 1 hr 30 minutes.
PAGE 1700
2CSPC4.XModular-SWUM204.book Page 1700 Friday, March 15, 2013 9:24 AM telnet). See below for some examples where the MOTD prompt occurs either before or after the acknowledge prompt. The banner motd in this example is "If you need to utilize this device or otherwise make changes to the configuration, you may contact Kevin at x911. Please be advised this unit is under test by Kevin." and the banner login is "Welcome to the M6220 in the Bottom Chassis 192.168.12.190.
PAGE 1701
2CSPC4.XModular-SWUM204.book Page 1701 Friday, March 15, 2013 9:24 AM SSH (xterm): [root@kevin ~]# ssh 192.168.12.84 -l dellradius If you need to utilize this device or otherwise make changes to the configuration, you may contact Kevin at x911. Please, be advised this unit is under test by Kevin. dellradius@192.168.12.84's password: Press 'y' to continue (within 30 seconds) (y/n) Welcome to the M6220 in the Bottom Chassis - 192.168.12.190. This unit is located in A2 and is currently under test.
PAGE 1702
2CSPC4.XModular-SWUM204.book Page 1702 Friday, March 15, 2013 9:24 AM Press ‘y’ to continue If ‘y’ is entered, the following displays: console > If ‘n’ is entered, the session will get disconnected, unless it is a serial connection. clear checkpoint statistics Use the clear checkpoint statistics command to clear the statistics for the checkpointing process. Syntax clear checkpoint statistics Default Configuration This command has no default configuration.
PAGE 1703
2CSPC4.XModular-SWUM204.book Page 1703 Friday, March 15, 2013 9:24 AM Syntax clear counters stack-ports Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command resets all statistics shown by the show switch stack-ports counters and the show switch stack-ports diag commands. Example console#clear counters stack-ports cut-through mode Use the cut-through mode command to enable the cut-through mode on the switch.
PAGE 1704
2CSPC4.XModular-SWUM204.book Page 1704 Friday, March 15, 2013 9:24 AM Example console(config)#cut-through mode The mode (enable) is effective from the next reload of Switch/Stack. exec-banner Use the exec-banner command to enable exec banner on the console, telnet or SSH connection. To disable, use the no form of the command. Syntax exec-banner no exec-banner • MESSAGE — Quoted text Default Configuration This command has no default configuration.
PAGE 1705
2CSPC4.XModular-SWUM204.book Page 1705 Friday, March 15, 2013 9:24 AM Syntax hardware profile portmode {1x40g|4x10g} no hardware profile portmode Parameter Description Parameter Description 1x40g Configure the port as a single 40G port using 4 lanes. 4x10g Configure the port as four 10G ports, each on a separate lane. This mode requires the use of a suitable 4x10G to 1x40g pigtail cable. Default Configuration By default, 40G ports are configured in 1x40G mode.
PAGE 1706
2CSPC4.XModular-SWUM204.book Page 1706 Friday, March 15, 2013 9:24 AM • name — The name of the host. (Range: 1–255 characters) The command allows spaces in the host name when specified in double quotes. For example, #snmp-server v3-host “host name”. Default Configuration Host name not configured. Command Mode Global Configuration mode User Guidelines The hostname may include any printable characters except a double quote or question mark.
PAGE 1707
2CSPC4.XModular-SWUM204.book Page 1707 Friday, March 15, 2013 9:24 AM User Guidelines This command forces a warm restart of the stack. The backup unit takes over as the new management unit without clearing the hardware state on any of the stack members. The original management unit reboots. If the system is not ready for a warm restart, for example because no backup unit has been elected or one or more members of the stack do not support nonstop forwarding, the command fails with a warning message.
PAGE 1708
2CSPC4.XModular-SWUM204.book Page 1708 Friday, March 15, 2013 9:24 AM Example console(config-if)#ip address 10.240.4.115 255.255.255.0 10.240.4.1 ip address none Use the ip address none command to disable DHCP/BOOTP on the OOB port. Syntax ip address none Default Configuration This command has no default configuration. Command Mode Interface Configuration (out-of-band) User Guidelines No specific guidelines.
PAGE 1709
2CSPC4.XModular-SWUM204.book Page 1709 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. User Guidelines No specific guidelines. Example console(config)#interface out-of-band console(config-if)#ip address dhcp login-banner Use the login-banner command to enable login banner on the console, telnet or SSH connection. To disable, use the no form of the command.
PAGE 1710
2CSPC4.XModular-SWUM204.book Page 1710 Friday, March 15, 2013 9:24 AM member Use the member command in Stack Global Configuration mode to preconfigure a switch stack member. Execute this command on the Management Switch. To remove a stack-member configuration from the stack, use the no form of the command. The no form of the command may not be used if the member is present in the stack.
PAGE 1711
2CSPC4.XModular-SWUM204.book Page 1711 Friday, March 15, 2013 9:24 AM motd-banner Use the motd-banner command to enable motd on the console, telnet or SSH connection. To disable, use the no form of the command. Syntax motd-banner no motd-banner • MESSAGE — Quoted text Default Configuration This command has no default configuration. Command Mode Line Configuration User Guidelines This command has no user guidelines.
PAGE 1712
2CSPC4.XModular-SWUM204.book Page 1712 Friday, March 15, 2013 9:24 AM Command Mode Stack Global Configuration mode User Guidelines Nonstop forwarding allows the forwarding plane of stack units to continue to forward packets while the control and management planes restart as a result of a power failure, hardware failure, or software fault on the stack management unit. Example console(config)#nsf ping Use the ping command in User EXEC mode to check the accessibility of the desired node on the network.
PAGE 1713
2CSPC4.XModular-SWUM204.book Page 1713 Friday, March 15, 2013 9:24 AM Command Mode User EXEC mode, Privileged EXEC mode User Guidelines The local VRRP IP address is not pingable. Examples The following example displays a ping to IP address 10.27.65.60 console#ping 10.27.65.60 Pinging 10.27.65.60 with 0 bytes of data: Reply From 10.27.65.60: icmp_seq = 0. time <10 msec. Reply From 10.27.65.60: icmp_seq = 1. time <10 msec. Reply From 10.27.65.60: icmp_seq = 2. time <10 msec. Reply From 10.27.65.
PAGE 1714
2CSPC4.XModular-SWUM204.book Page 1714 Friday, March 15, 2013 9:24 AM 64 bytes from 10.1.1.1: icmp_seq=3. time=7 ms ----10.1.1.1 PING Statistics---4 packets transmitted, 4 packets received, 0% packet loss round-trip (ms) min/avg/max = 7/8/11 reload Use the reload command in Privileged EXEC mode to reload stack members. Syntax reload [stack–member–number] Parameter Description Parameter Description stack–member–number The stack member to be reloaded.
PAGE 1715
2CSPC4.XModular-SWUM204.book Page 1715 Friday, March 15, 2013 9:24 AM Are you sure you want to reload the switch? (y/n) y Reloading management switch 1. set description Use the set description command in Stack Global Configuration mode to associate a text description with a switch in the stack. Syntax set description unit description • unit — The switch identifier. (Range: 1–12) • description — The text description.
PAGE 1716
2CSPC4.XModular-SWUM204.book Page 1716 Friday, March 15, 2013 9:24 AM Use the slot command to configure a slot in the system. The unit/slot is the slot identifier of the slot located in the specified unit. The cardindex is the index to the database of the supported card types (see the command show supported cardtype) indicating the type of card being preconfigured in the specified slot. The card index is a 32-bit integer.
PAGE 1717
2CSPC4.XModular-SWUM204.book Page 1717 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration User Guidelines The card index (CID) can be obtained by executing the show supported cardtype command in User EXEC mode. show banner Use the show banner command to display banner information. Syntax show banner Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 1718
2CSPC4.XModular-SWUM204.book Page 1718 Friday, March 15, 2013 9:24 AM Banner:Login Line Console...................... Enable Line SSH.......................... Enable Line Telnet....................... Disable ===login===== Banner:MOTD Line Console...................... Enable Line SSH.......................... Enable Line Telnet....................... Enable ===motd===== show boot-version Use the show boot-version command to display the boot image version details.
PAGE 1719
2CSPC4.XModular-SWUM204.book Page 1719 Friday, March 15, 2013 9:24 AM Example console#show boot-version unit Boot Image Version 1 Thu Aug 30 12:01:04 2007 show checkpoint statistics Use the show checkpoint statistics command to display the statistics for the checkpointing process. Syntax show checkpoint statistics Default Configuration This command has no default configuration.
PAGE 1720
2CSPC4.XModular-SWUM204.book Page 1720 Friday, March 15, 2013 9:24 AM Last 10-second Message Rate...............0 msg/sec Highest 10-second Message Rate............8 msg/sec show cut-through mode Use the show cut-through mode command to show the cut-through mode on the switch. Syntax show cut-through mode Command Mode Privileged EXEC, Config mode and all Config sub-modes Default Configuration This command has no default configuration. User Guidelines No specific guidelines.
PAGE 1721
2CSPC4.XModular-SWUM204.book Page 1721 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default setting. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 1722
2CSPC4.XModular-SWUM204.book Page 1722 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description interface A 10G non-stacking physical interface. Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command is only applicable to 10G non-stacking interfaces.
PAGE 1723
2CSPC4.XModular-SWUM204.book Page 1723 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines No specific guidelines. Example console#show ip interface out-of-band IP Address............................ 10.240.4.115 Subnet Mask........................... 255.255.255.0 Default Gateway....................... 10.240.4.1 IPv6 Prefix is .......................
PAGE 1724
2CSPC4.XModular-SWUM204.book Page 1724 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC, Config mode and all Config sub-modes User Guidelines No specific guidelines. Example console#show memory cpu Total Memory........................... 262144 KBytes Available Memory Space................. 121181 KBytes show nsf Use the show nsf command to show the status of non-stop forwarding. Syntax show nsf Default Configuration This command has no default configuration.
PAGE 1725
2CSPC4.XModular-SWUM204.book Page 1725 Friday, March 15, 2013 9:24 AM Restart In Progress............................ No Warm Restart Ready............................. Yes Copy of Running Configuration to Backup Unit: Status...................................... Stale Time Since Last Copy........................ 0 days 4 hrs 53 mins 22 secs Time Until Next Copy........................
PAGE 1726
2CSPC4.XModular-SWUM204.book Page 1726 Friday, March 15, 2013 9:24 AM Example console#show power-usage-history unit 1 Sampling Interval (sec)........................ 30 Total No. of Samples to Keep................... 168 Current Power Consumption (mWatts)............. 56172 Sample No.
PAGE 1727
2CSPC4.XModular-SWUM204.book Page 1727 Friday, March 15, 2013 9:24 AM User Guidelines No specific guidelines. Example console#show process cpu Memory Utilization Report status bytes ------ ---------free 64022608 alloc 151568112 CPU Utilization: PID Name 5 Sec 1 Min 5 Min --------------------------------------------------------328bb20 tTffsPTask 0.00% 0.00% 0.02% 3291820 tNetTask 0.00% 0.00% 0.01% 3295410 tXbdService 0.00% 0.00% 0.03% 347dcd0 ipnetd 0.00% 0.00% 0.
PAGE 1728
2CSPC4.XModular-SWUM204.book Page 1728 Friday, March 15, 2013 9:24 AM 48a1250 osapiMonTask 0.00% 0.32% 0.17% 4969790 BootP 0.00% 0.00% 0.01% 4d71610 dtlTask 0.00% 0.06% 0.05% 4ed00e0 hapiRxTask 0.00% 0.06% 0.03% 562e810 DHCP snoop 0.00% 0.00% 0.06% 58e9bc0 Dynamic ARP Inspection 0.00% 0.06% 0.03% 62038a0 dot1s_timer_task 0.00% 0.00% 0.03% 687f360 dot1xTimerTask 0.00% 0.06% 0.07% 6e23370 radius_task 0.00% 0.00% 0.01% 6e2c870 radius_rx_task 0.00% 0.06% 0.
PAGE 1729
2CSPC4.XModular-SWUM204.book Page 1729 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays a list of open telnet sessions to remote hosts.
PAGE 1730
2CSPC4.XModular-SWUM204.book Page 1730 Friday, March 15, 2013 9:24 AM show slot Use the show slot command in User EXEC mode to display information about all the slots in the system or for a specific slot. Syntax show slot [slot/port] The following table explains the output parameters. Parameter Description Slot The slot identifier in a slot/port format. Slot Status The slot is empty, full, or has encountered an error. Admin State The slot administrative mode is enabled or disabled.
PAGE 1731
2CSPC4.XModular-SWUM204.book Page 1731 Friday, March 15, 2013 9:24 AM Parameter Description Configured Card Description The description of the card preconfigured in the slot. Default Configuration This command has no default configuration. Command Mode User EXEC, Config mode and all Config sub-modes User Guidelines The command has no user guidelines. Example The following example displays sample output of the show slot command.
PAGE 1732
2CSPC4.XModular-SWUM204.book Page 1732 Friday, March 15, 2013 9:24 AM • cardindex — Displays the index into the database of the supported card types. This index is used when preconfiguring a slot. The following table explains the output parameters. Parameter Description Card Index (CID) The index into the database of the supported card types. This index is used when preconfiguring a slot. Card Model Identifier The model identifier for the supported card type.
PAGE 1733
2CSPC4.XModular-SWUM204.book Page 1733 Friday, March 15, 2013 9:24 AM show supported switchtype Use the show supported switchtype command in User EXEC mode to display information about all supported switch types. Syntax show supported switchtype [switchindex] switchindex — Specifies the index into the database of the supported switch types, indicating the type of the switch being preconfigured. The switch index is a 32-bit integer.
PAGE 1734
2CSPC4.XModular-SWUM204.book Page 1734 Friday, March 15, 2013 9:24 AM Field Description Model Identifier This field displays the model identifier for the supported switch type. Management Preference This field indicates the management preference value of the switch type. Code Version This field displays the code load target identifier of the switch type. The following example displays the format of the show supported switchtype [switchindex] command.
PAGE 1735
2CSPC4.XModular-SWUM204.book Page 1735 Friday, March 15, 2013 9:24 AM show switch NOTE: The show switch stack-ports command in Stack Configuration mode is not supported by the PCM8024 switch. Use the show switch command in User EXEC mode to display information about units in the stack.
PAGE 1736
2CSPC4.XModular-SWUM204.book Page 1736 Friday, March 15, 2013 9:24 AM Parameter Description stack–member–number The stack member number. stack–ports Display summary stack-port information for all interfaces. counters Display summary data counter information for all interfaces. diag Display front panel stacking diagnostics for each port. stack–standby Display the configured or automatically selected standby unit number. Default Configuration This command has no default configuration.
PAGE 1737
2CSPC4.XModular-SWUM204.book Page 1737 Friday, March 15, 2013 9:24 AM CPLD Version...................... 4 Serial Number..................... CN2829826D0039 Up Time........................... 56 days 12 hrs 12 mins 27 secs console#show switch 2 Switch............................ 2 Management Status................. Management Switch Switch Type....................... 0xd8200002 Preconfigured Model Identifier.... PC8024F Plugged-in Model Identifier....... PC8024F Switch Status.....................
PAGE 1738
2CSPC4.XModular-SWUM204.book Page 1738 Friday, March 15, 2013 9:24 AM Unit Description Switch Type This field displays the 32-bit numeric switch type. Model Identifier This field displays the model identifier for this switch. Model Identifier is a 32-character field assigned by the switch manufacturer to identify the switch. Switch Status This field displays the switch status. Possible values are OK, Unsupported, Code Mismatch, Config Mismatch, or Not Present.
PAGE 1739
2CSPC4.XModular-SWUM204.book Page 1739 Friday, March 15, 2013 9:24 AM Different fields in the display are explained as follows: Unit Description Switch This field displays the unit identifier assigned to the switch. Management Status This field indicates whether the switch is the Management Switch, a stack member, or the status is unassigned. Preconfigured Model Identifier This field displays the model identifier of a preconfigured switch ready to join the stack.
PAGE 1740
2CSPC4.XModular-SWUM204.book Page 1740 Friday, March 15, 2013 9:24 AM Parameter Description Range Default Last Startup Reason The type of activation that caused the software to start the last time. There are four options. “Power-On” means that the switch rebooted. This could have been caused by a power cycle or an administrative “Reload” command. “Administrative Move” means that the administrator issued a command for the stand-by manager to take over.
PAGE 1741
2CSPC4.XModular-SWUM204.book Page 1741 Friday, March 15, 2013 9:24 AM Parameter Description Range Time Since Last Copy When the running configuration was last copied from the management unit to the backup unit. Time Stamp Time Until Next Copy The number of seconds until the running configuration will be copied to the backup unit. This line only appears when the running configuration on the backup unit is Stale.
PAGE 1742
2CSPC4.XModular-SWUM204.book Page 1742 Friday, March 15, 2013 9:24 AM Unit NSF Support ---- ----------- 1 Yes 2 Yes 3 Yes Per Unit Status Parameters are explained as follows: Parameter Description Range Default NSF Support Whether a unit supports NSF Yes or No — Example – Switch Firmware Stack Status The following example displays the Switch Firmware stack status information for the switch.
PAGE 1743
2CSPC4.XModular-SWUM204.book Page 1743 Friday, March 15, 2013 9:24 AM SFS Last Attempt Status........... None Serial Number..................... none Up Time........................... 0 days 2 hrs 14 mins 54 secs console# Example – SDM Templates This example shows the SDM Mismatch value in the Switch Status field.
PAGE 1744
2CSPC4.XModular-SWUM204.book Page 1744 Friday, March 15, 2013 9:24 AM console#show system System Description: Dell Ethernet Switch System Up Time: 0 days, 22h:27m:32s System Contact: System Name: System Location: Burned In MAC Address: 0006.2932.8120 System Object ID: 1.3.6.1.4.1.674.10895.
PAGE 1745
2CSPC4.XModular-SWUM204.book Page 1745 Friday, March 15, 2013 9:24 AM show system fan Use the show system fan command in User EXEC or Privileged EXEC mode to explicitly display the fan status. Syntax show system fan Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 1746
2CSPC4.XModular-SWUM204.book Page 1746 Friday, March 15, 2013 9:24 AM • unit — The unit number. Default Configuration This command has no default configuration. Command Mode User EXEC mode, Config mode and all Config sub-modes User Guidelines The tag information is on a switch by switch basis. Example The following example displays the system service tag information.
PAGE 1747
2CSPC4.XModular-SWUM204.book Page 1747 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC, Config mode and all Config sub-modes User Guidelines This command has no user guidelines.
PAGE 1748
2CSPC4.XModular-SWUM204.book Page 1748 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration.
PAGE 1749
2CSPC4.XModular-SWUM204.book Page 1749 Friday, March 15, 2013 9:24 AM 1 Fan 1 OK 1 Fan 2 OK 1 Fan 3 OK show tech-support Use the show tech-support command to display system and configuration information for use in debugging or contacting technical support.
PAGE 1750
2CSPC4.XModular-SWUM204.book Page 1750 Friday, March 15, 2013 9:24 AM Default Value Not applicable Example console#show tech-support ***************** Show Version ****************** Switch: 2 System Description............................. PowerConnect 6248P, 1.23.0.33 VxWorks 6.5 Machine Type................................... PowerConnect 6248P Machine Model.................................. PCT6248P Serial Number.................................. CN0PK4632829881C0067 FRU Number.....................
PAGE 1751
2CSPC4.XModular-SWUM204.book Page 1751 Friday, March 15, 2013 9:24 AM System Location................................ System Contact................................. System Object ID............................... 1.3.6.1.4.1.674.10895.3013 System Up Time................................. 0 days 0 hrs 11 mins 47 secs 10/100 Ethernet/802.3 interface(s)............. 4 Gig Ethernet/802.3 interface(s)................ 1 10Gig Ethernet/802.3 interface(s).............. 0 Virtual Ethernet/802.3 interface(s)........
PAGE 1752
2CSPC4.XModular-SWUM204.book Page 1752 Friday, March 15, 2013 9:24 AM Example The following example displays a list of active users and the information about them.
PAGE 1753
2CSPC4.XModular-SWUM204.book Page 1753 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. Example The following example displays a system version (this version number is only for demonstration purposes).
PAGE 1754
2CSPC4.XModular-SWUM204.book Page 1754 Friday, March 15, 2013 9:24 AM User Guidelines This command has no user guidelines. If not stack configuration appears in the saved config, it is built at runtime and appears in the running config. The operator can save the stack configuration. Stack members that do not match the saved config after a reboot will show a config mismatch and do not join the stack. Example The following example sets the mode to Stack Global Config.
PAGE 1755
2CSPC4.XModular-SWUM204.book Page 1755 Friday, March 15, 2013 9:24 AM The stack-port configuration mode does not appear in the running config. Use the show switch stack-port command to display configuration and status of stacking ports. Ports that are configured to operate as stacking ports will show as detached in the show interfaces status command output. The show switch stack-port command in Stack Configuration mode is not supported by the PCM8024 and PCM8024-k switches.
PAGE 1756
2CSPC4.XModular-SWUM204.book Page 1756 Friday, March 15, 2013 9:24 AM Command Mode Stack Global Configuration User Guidelines No specific guidelines. Examples console(config)#stack console(config-stack)#standby 2 switch renumber Use the switch renumber command in Global Configuration mode to change the identifier for a switch in the stack. Upon execution, the switch is configured with the configuration information for the new switch, if any is available.
PAGE 1757
2CSPC4.XModular-SWUM204.book Page 1757 Friday, March 15, 2013 9:24 AM telnet Use the telnet command in Privileged EXEC mode to log into a host that supports Telnet. Syntax telnet {ip-address | hostname} [port] [keyword1......] Parameter Description Parameter Description ip-address Valid IP address of the destination host. hostname Hostname of the destination host. (Range: 1–158 characters).
PAGE 1758
2CSPC4.XModular-SWUM204.
PAGE 1759
2CSPC4.XModular-SWUM204.book Page 1759 Friday, March 15, 2013 9:24 AM Keyword Description Port Number time Time 37 uucp Unix-to-Unix Copy Program 540 whois Nickname 43 www World Wide Web 80 Default Configuration port — Telnet port (decimal 23) on the host. Command Mode User EXEC, Privileged EXEC mode User Guidelines This command has no user guidelines. Example Following is an example of using the telnet command to connect to 176.213.10.50. console#telnet 176.213.10.
PAGE 1760
2CSPC4.XModular-SWUM204.book Page 1760 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description ipaddress Valid IP address of the destination host. hostname Hostname of the destination host. (Range: 1–158 characters). The command allows spaces in the host name when specified in double quotes. For example, console(config)#snmpserver host "host name" initTtl The initial time-to-live (TTL); the maximum number of router hops between the local and remote system (Range: 0–255).
PAGE 1761
2CSPC4.XModular-SWUM204.book Page 1761 Friday, March 15, 2013 9:24 AM The default port is 33434. The default initTtl is 1 hop. The default maxTtl is 30 hops. The default maxFail is 5 probes. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Examples The following example discovers the routes that packets will actually take when traveling to the destination specified in the command. console#traceroute 192.168.77.
PAGE 1762
2CSPC4.XModular-SWUM204.
PAGE 1763
2CSPC4.XModular-SWUM204.book Page 1763 Friday, March 15, 2013 9:24 AM Telnet Server Commands 80 The Telnet protocol (outlined in RFC 854) allows users (clients) to connect to multiuser computers (servers) on the network. Telnet is often employed when a user communicates with a remote login service. Telnet is the terminal emulation protocol in the TCP/IP suite. Telnet uses TCP as the transport protocol to initiate a connection between server and client.
PAGE 1764
2CSPC4.XModular-SWUM204.book Page 1764 Friday, March 15, 2013 9:24 AM Examples 1 SSH (putty): login as: dellradius If you need to utilize this device or otherwise make changes to the configuration, you may contact the owner at x38525. Please, be advised this unit is under test. dellradius@192.168.12.84's password: Press 'y' to continue (within 30 seconds) (y/n) Welcome to the M6220 in the Bottom Chassis 192.168.12.190. This unit is located in A2 and is currently under test.
PAGE 1765
2CSPC4.XModular-SWUM204.book Page 1765 Friday, March 15, 2013 9:24 AM 3 SSH (xterm): [root ~]# ssh 192.168.12.84 -l dellradius If you need to utilize this device or otherwise make changes to the configuration, you may contact the owner at x38525. Please, be advised this unit is under test. dellradius@192.168.12.84's password: Press 'y' to continue (within 30 seconds) (y/n) Welcome to the M6220 in the Bottom Chassis 192.168.12.190. This unit is located in A2 and is currently under test.
PAGE 1766
2CSPC4.XModular-SWUM204.book Page 1766 Friday, March 15, 2013 9:24 AM Commands in this Chapter This chapter explains the following commands: ip telnet server disable show ip telnet ip telnet port – ip telnet server disable The ip telnet server disable command is used to enable/disable the Telnet service on the switch. Syntax ip telnet server disable no ip telnet server disable Parameter Ranges Not applicable Command Mode Global Configuration Usage Guidelines No specific guidelines.
PAGE 1767
2CSPC4.XModular-SWUM204.book Page 1767 Friday, March 15, 2013 9:24 AM ip telnet port The ip telnet port command is used to configure the Telnet TCP port number on the switch. Syntax ip telnet port port number • port number — Telnet TCP port number (Range: 1–65535) Default Configuration The default value for the Telnet TCP port is 23.
PAGE 1768
2CSPC4.XModular-SWUM204.book Page 1768 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC, Config mode and all Config sub-modes Example (console)#show ip telnet Telnet Server is Enabled.
PAGE 1769
2CSPC4.XModular-SWUM204.book Page 1769 Friday, March 15, 2013 9:24 AM Terminal Length Commands 81 This chapter provides information about terminal length commands. terminal length Use the terminal length command to set the terminal length. Use the no form of the command to reset the terminal length to the default. Syntax terminal length value no terminal length • value — The length in number of lines. Range: 0–512 Default Configuration This default value is 24.
PAGE 1770
2CSPC4.XModular-SWUM204.
PAGE 1771
2CSPC4.XModular-SWUM204.book Page 1771 Friday, March 15, 2013 9:24 AM Time Ranges Commands 82 Time ranges are used with time-based ACLs to restrict their application due to specific time slots. This chapter explains the following commands: time-range periodic absolute show time-range time-range Use the time-range command in Global Configuration mode to create a time range identified by name, consisting of one absolute time entry and/or one or more periodic time entries.
PAGE 1772
2CSPC4.XModular-SWUM204.book Page 1772 Friday, March 15, 2013 9:24 AM Command Mode Global Configuration User Guidelines The CLI mode changes to Time-Range Configuration mode when you successfully execute this command. Example console(config)#time-range timeRange_1 absolute Use the absolute command in Time Range Configuration mode to add an absolute time entry to a time range. Use the no form of this command to delete the absolute time entry in the time range.
PAGE 1773
2CSPC4.XModular-SWUM204.book Page 1773 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Time Range Configuration User Guidelines Only one absolute time entry is allowed per time-range. The time parameter is referenced to the currently configured time zone. Example console#time-range timeRange_1 console(Config-time-range)#absolute end 12:00 16 Dec 2010 periodic Use the periodic command to add a periodic time entry to a time range.
PAGE 1774
2CSPC4.XModular-SWUM204.book Page 1774 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description days-of-the-week The first occurrence of this argument is the starting day or days from which the configuration that referenced the time range starts going into effect. The second occurrence is the ending day or days from which the configuration that referenced the time range is no longer in effect. If the end days-of-the-week are the same as the start, they can be omitted.
PAGE 1775
2CSPC4.XModular-SWUM204.book Page 1775 Friday, March 15, 2013 9:24 AM When both periodic and absolute time entries are specified within a time range, the periodic time entries limit the time range to only those times specified within the periodic time range and bounded by the absolute time range. In this case, the absolute time entry specifies the absolute start and end dates/times and the periodic entries specify the start/stop times within the limits of the absolute time entry dates and times.
PAGE 1776
2CSPC4.XModular-SWUM204.book Page 1776 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description Number of Time Ranges Number of time ranges configured in the system. Time Range Name Name of the time range. Time Range Status Status of the time range(active/inactive). Absolute start Start time and day for absolute time entry. Absolute end End time and day for absolute time entry. Periodic Entries Number of periodic entries in a time-range.
PAGE 1777
2CSPC4.XModular-SWUM204.book Page 1777 Friday, March 15, 2013 9:24 AM Periodic Entries: 4 Entry Number: 2 Periodic Start Time............................ MON 00:00 Periodic End Time.............................. TUE 12:30 Entry Number: 3 Periodic Start Time............................ TUE 13:00 Periodic End Time.............................. WED 12:00 Entry Number: 4 Periodic Start Time............................ WED 12:30 Periodic End Time..............................
PAGE 1778
2CSPC4.XModular-SWUM204.
PAGE 1779
2CSPC4.XModular-SWUM204.book Page 1779 Friday, March 15, 2013 9:24 AM User Interface Commands 83 This chapter explains the following commands: enable mode simple end quit exit – enable Use the enable command in User EXEC mode to enter the Privileged EXEC mode. Syntax enable Default Configuration The default privilege level is 15.
PAGE 1780
2CSPC4.XModular-SWUM204.book Page 1780 Friday, March 15, 2013 9:24 AM end Use the end command to get the CLI user control back to the privileged execution mode or user execution mode. Syntax end Default Configuration This command has no default configuration. Command Mode All command modes User Guidelines No specific guidelines.
PAGE 1781
2CSPC4.XModular-SWUM204.book Page 1781 Friday, March 15, 2013 9:24 AM Command Mode All command modes. In User EXEC mode, this command behaves identically with the quit command. User Guidelines There are no user guidelines for this command. Example The following example changes the configuration mode from Interface Configuration mode to User EXEC mode to the login prompt.
PAGE 1782
2CSPC4.XModular-SWUM204.book Page 1782 Friday, March 15, 2013 9:24 AM User Guidelines The selected mode is applied if the user confirms the selection. The selected mode is applied as the new operational mode after resetting the configuration to factory defaults. Simple mode offers a reduced port aggregator functionality suitable for modular switches that operate in environments where the network regime does not allow end users to modify switch settings such that network operations may be affected.
PAGE 1783
2CSPC4.XModular-SWUM204.book Page 1783 Friday, March 15, 2013 9:24 AM Web Server Commands 84 If enabled, the PowerConnect is manageable via industry standard web browsers. User privilege levels are the same as for the CLI. Over 95% of the management functions are available via the web interface, including configuration and firmware upgrades. Web Sessions The HTTP protocol does not provide support for persistent connections.
PAGE 1784
2CSPC4.XModular-SWUM204.
PAGE 1785
2CSPC4.XModular-SWUM204.book Page 1785 Friday, March 15, 2013 9:24 AM Default Configuration This command has no default configuration. Command Mode Crypto Certification mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command. Example The following example displays how to specify the name of "router.gm.com." console(config-crypto-cert)#common-name router.gm.
PAGE 1786
2CSPC4.XModular-SWUM204.book Page 1786 Friday, March 15, 2013 9:24 AM Example The following example displays how to specify the country as "us." console(config-crypto-cert)#country us crypto certificate generate Use the crypto certificate generate command in Global Configuration mode to generate a self-signed HTTPS certificate. Syntax crypto certificate number generate Parameter Description Parameter Description number Specifies the certificate number.
PAGE 1787
2CSPC4.XModular-SWUM204.book Page 1787 Friday, March 15, 2013 9:24 AM console(config)#crypto certificate 1 generate console(config-crypto-cert)#common-name DELL console(config-crypto-cert)#country US console(config-crypto-cert)#Duration 3650 console(config-crypto-cert)#email no-reply@dell.com console(config-crypto-cert)#location "Round Rock" console(config-crypto-cert)#organization-unit "PowerConnect Networking" console(config-crypto-cert)#organization-name "Dell, Inc.
PAGE 1788
2CSPC4.XModular-SWUM204.book Page 1788 Friday, March 15, 2013 9:24 AM This command is not saved in the router configuration; however, the certificate imported by this command is saved in the private configuration (which is never displayed to the user or backed up to another switch). Example The following example imports a certificate sighed by the Certification Authority for HTTPS.
PAGE 1789
2CSPC4.XModular-SWUM204.book Page 1789 Friday, March 15, 2013 9:24 AM Command Mode Privileged EXEC mode User Guidelines Use this command to export a certificate request to a Certification Authority. The certificate request is generated in Base64-encoded X.509 format. Before generating a certificate request, you must first generate a self-signed certificate using the crypto certificate generate command in Global Configuration mode in order to generate the keys.
PAGE 1790
2CSPC4.XModular-SWUM204.book Page 1790 Friday, March 15, 2013 9:24 AM User Guidelines This command mode is entered using the crypto certificate generate command. Example The following example displays how specify a duration of 50 days that a certification is valid. console(config-crypto-cert)#duration 50 ip http port Use the ip http port command in Global Configuration mode to specify the TCP port for use by a web browser to configure the switch.
PAGE 1791
2CSPC4.XModular-SWUM204.book Page 1791 Friday, March 15, 2013 9:24 AM ip http server Use the ip http server command in Global Configuration mode to enable the switch to be configured, monitored, or modified from a browser. To disable this function use the no form of this command. Syntax ip http server no ip http server Default Configuration The default mode is enabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
PAGE 1792
2CSPC4.XModular-SWUM204.book Page 1792 Friday, March 15, 2013 9:24 AM Parameter Description Parameter Description number Specifies the certificate number. (Range: 1–2) Default Configuration The default value of the certificate number is 1. Command Mode Global Configuration mode User Guidelines The HTTPS certificate is generated using the crypto certificate generate command in Global Configuration mode. Example The following example configures the active certificate for HTTPS.
PAGE 1793
2CSPC4.XModular-SWUM204.book Page 1793 Friday, March 15, 2013 9:24 AM Default Configuration This default port number is 443. Command Mode Global Configuration mode User Guidelines The HTTPS TCP port should not be set to a value that might conflict with other well known protocol port numbers used on this switch. Example The following example configures the HTTPS port number to 100.
PAGE 1794
2CSPC4.XModular-SWUM204.book Page 1794 Friday, March 15, 2013 9:24 AM Example The following example enables the switch to be configured from a browser. console(config)#ip http secure-server key-generate Use the key-generate command in Crypto Certificate Generation mode to specify the key-generate. Syntax key-generate [length] • length — Specifies the length of the SSL RSA key. If left unspecified, this parameter defaults to 1024.
PAGE 1795
2CSPC4.XModular-SWUM204.book Page 1795 Friday, March 15, 2013 9:24 AM Syntax location location • location — Specifies the location or city name. (Range: 1–64 characters) Default Configuration This command has no default configuration. Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command.
PAGE 1796
2CSPC4.XModular-SWUM204.book Page 1796 Friday, March 15, 2013 9:24 AM User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command. Example The following example displays how to specify the "generalmotors" organization-unit. console(config-crypto-cert)#organization-unit generalmotors show crypto certificate mycertificate Use the show crypto certificate mycertificate command in Privileged EXEC mode to view the SSL certificates of your switch.
PAGE 1797
2CSPC4.XModular-SWUM204.book Page 1797 Friday, March 15, 2013 9:24 AM -----END CERTIFICATE----Issued by: www.verisign.com Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 show ip http server status Use the show ip http server command in User EXEC or Privileged EXEC mode to display the HTTP server status information. Syntax show ip http server status Syntax Description This command has no arguments or keywords.
PAGE 1798
2CSPC4.XModular-SWUM204.book Page 1798 Friday, March 15, 2013 9:24 AM Syntax show ip http server secure status Syntax Description This command has no arguments or keywords. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Config mode and all Config sub-modes User Guidelines This command has no user guidelines. Example The following example displays an HTTPS server configuration with DH Key exchange enabled.
PAGE 1799
2CSPC4.XModular-SWUM204.book Page 1799 Friday, March 15, 2013 9:24 AM Finger print: 1873B936 88DC3411 BC8932EF 782134BA The following example displays the HTTPS server configuration with DH Key exchange disabled. console#show ip https HTTPS server enabled. Port: 443 DH Key exchange disabled, parameters are being generated. Certificate 1 is active Issued by: www.verisign.com Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.
PAGE 1800
2CSPC4.XModular-SWUM204.book Page 1800 Friday, March 15, 2013 9:24 AM Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command. Example The following example shows how to specify the state of "texas.
PAGE 1801
2CSPC4.XModular-SWUM204.book Page 1801 Friday, March 15, 2013 9:24 AM Appendix A: List of Commands A B C D E F G H I K L M N O P Q R S T U V W aaa accounting dot1x default start-stop. . . . . . . . . . . . . . . . . . . . . . . . . . 721 aaa authentication dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 aaa authentication enable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 aaa authentication login . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1802
2CSPC4.XModular-SWUM204.book Page 1802 Friday, March 15, 2013 9:24 AM add ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615 add gigabitethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565 add port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566 add tengigabitethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1803
2CSPC4.XModular-SWUM204.book Page 1803 Friday, March 15, 2013 9:24 AM arp purge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 963 arp resptime. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 964 arp retries. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 965 arp timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1804
2CSPC4.XModular-SWUM204.book Page 1804 Friday, March 15, 2013 9:24 AM clear (IAS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 clear arp-cache management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 967 clear arp-cache. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 966 clear captive-portal users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1805
2CSPC4.XModular-SWUM204.book Page 1805 Friday, March 15, 2013 9:24 AM clock timezone hours-offset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1486 common-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1784 compatible rfc1583 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1241 configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1806
2CSPC4.XModular-SWUM204.book Page 1806 Friday, March 15, 2013 9:24 AM debug ipv6 dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1607 debug ipv6 mcache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1608 debug ipv6 mld . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1608 debug ipv6 pimdm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1609 debug ipv6 pimsm.
PAGE 1807
2CSPC4.XModular-SWUM204.book Page 1807 Friday, March 15, 2013 9:24 AM dhcp l2relay trust. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346 dhcp l2relay vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347 diffserv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 670 dir. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1808
2CSPC4.XModular-SWUM204.book Page 1808 Friday, March 15, 2013 9:24 AM duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412 duplex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 616 duration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1789 dvlan-tunnel ethertype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1809
2CSPC4.XModular-SWUM204.book Page 1809 Friday, March 15, 2013 9:24 AM group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1442 gvrp enable (global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465 gvrp enable (interface) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466 gvrp registration-forbid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1810
2CSPC4.XModular-SWUM204.book Page 1810 Friday, March 15, 2013 9:24 AM ip arp inspection vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386 ip default-gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501 ip dhcp bootp automatic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 983 ip dhcp conflict logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1811
2CSPC4.XModular-SWUM204.book Page 1811 Friday, March 15, 2013 9:24 AM ip igmp query-max-response-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1038 ip igmp robustness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1038 ip igmp router-alert-optional . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1046 ip igmp snooping (global). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 474 ip igmp snooping (VLAN) . . . . . .
PAGE 1812
2CSPC4.XModular-SWUM204.book Page 1812 Friday, March 15, 2013 9:24 AM ip ospf area. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1248 ip ospf authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1249 ip ospf cost. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1250 ip ospf database-filter all out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1813
2CSPC4.XModular-SWUM204.book Page 1813 Friday, March 15, 2013 9:24 AM ip verify source port-security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 546 ip verify source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545 ip vrrp accept-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1418 ip vrrp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1814
2CSPC4.XModular-SWUM204.book Page 1814 Friday, March 15, 2013 9:24 AM ipv6 mld-proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1112 ipv6 mtu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1117 ipv6 nd dad attempts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1118 ipv6 nd managed-config-flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1815
2CSPC4.XModular-SWUM204.book Page 1815 Friday, March 15, 2013 9:24 AM ipv6 router ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1334 ipv6 traffic-filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520 ipv6 unicast-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1128 ipv6 unreachables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1816
2CSPC4.XModular-SWUM204.book Page 1816 Friday, March 15, 2013 9:24 AM lldp transmit-tlv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 582 locale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1443 location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1794 log adjacency-changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1817
2CSPC4.XModular-SWUM204.book Page 1817 Friday, March 15, 2013 9:24 AM mail-server ip-address | hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404 management access-class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1541 management access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1542 mark cos. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 671 mark ip-dscp . . . . . . .
PAGE 1818
2CSPC4.XModular-SWUM204.book Page 1818 Friday, March 15, 2013 9:24 AM mvr querytime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602 mvr type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605 mvr vlan group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607 mvr vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1819
2CSPC4.XModular-SWUM204.book Page 1819 Friday, March 15, 2013 9:24 AM passwords aging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1554 passwords history. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1554 passwords lock-out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1555 passwords min-length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1820
2CSPC4.XModular-SWUM204.book Page 1820 Friday, March 15, 2013 9:24 AM protocol vlan group all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 812 protocol vlan group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811 protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1445 quit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1821
2CSPC4.XModular-SWUM204.book Page 1821 Friday, March 15, 2013 9:24 AM security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403 service dhcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 995 service dhcpv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1010 service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1822
2CSPC4.XModular-SWUM204.book Page 1822 Friday, March 15, 2013 9:24 AM show captive-portal user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1454 show captive-portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1438 show checkpoint statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1719 show class-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1823
2CSPC4.XModular-SWUM204.book Page 1823 Friday, March 15, 2013 9:24 AM show ethernet cfm domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454 show ethernet cfm errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454 show ethernet cfm maintenance-points local . . . . . . . . . . . . . . . . . . . . . 455 show ethernet cfm maintenance-points remote . . . . . . . . . . . . . . . . . . . 457 show ethernet cfm statistics . . . . . . . . . . . . . . . . .
PAGE 1824
2CSPC4.XModular-SWUM204.book Page 1824 Friday, March 15, 2013 9:24 AM show ip dhcp conflict . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 998 show ip dhcp global configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 998 show ip dhcp pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 999 show ip dhcp relay. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1825
2CSPC4.XModular-SWUM204.book Page 1825 Friday, March 15, 2013 9:24 AM show ip mcast mroute source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1182 show ip mcast mroute static. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1182 show ip mcast mroute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1180 show ip multicast interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1179 show ip multicast . . . . . . . . . .
PAGE 1826
2CSPC4.XModular-SWUM204.book Page 1826 Friday, March 15, 2013 9:24 AM show ip traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1098 show ip verify interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547 show ip verify source interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548 show ip vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1827
2CSPC4.XModular-SWUM204.book Page 1827 Friday, March 15, 2013 9:24 AM show ipv6 ospf neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1358 show ipv6 ospf range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1360 show ipv6 ospf stub table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1361 show ipv6 ospf virtual-link brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1828
2CSPC4.XModular-SWUM204.book Page 1828 Friday, March 15, 2013 9:24 AM show logging file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1691 show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1690 show mac access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 show mac address-table address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1829
2CSPC4.XModular-SWUM204.book Page 1829 Friday, March 15, 2013 9:24 AM show routing heap summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1101 show running-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1515 show sdm prefer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1593 show service-acl interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301 show service-policy . . .
PAGE 1830
2CSPC4.XModular-SWUM204.book Page 1830 Friday, March 15, 2013 9:24 AM show tech-support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1749 show time-range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1775 show trapflags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1638 show udld. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1831
2CSPC4.XModular-SWUM204.book Page 1831 Friday, March 15, 2013 9:24 AM source-ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 745 spanning-tree auto-portfast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 761 spanning-tree bpdu flooding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762 spanning-tree bpdu-protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762 spanning-tree cost . . . .
PAGE 1832
2CSPC4.XModular-SWUM204.book Page 1832 Friday, March 15, 2013 9:24 AM switchport general acceptable-frame-type tagged-only. . . . . . . . . . . . . . 825 switchport general allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 826 switchport general ingress-filtering disable . . . . . . . . . . . . . . . . . . . . . . . 827 switchport general pvid. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 828 switchport mode private-vlan . . . . . . . . . . . . . .
PAGE 1833
2CSPC4.XModular-SWUM204.book Page 1833 Friday, March 15, 2013 9:24 AM udld reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 792 udld timeout interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793 update bootcode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1518 usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1834
2CSPC4.XModular-SWUM204.book Page 1834 Friday, March 15, 2013 9:24 AM vrrp track interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1409 vrrp track ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1410 write . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
PAGE 1835
2CSPC4.XModular-SWUM204.book Page 1 Friday, March 15, 2013 9:24 AM Printed in the U.S.A. w w w. del l . co m | s upp ort . del l .
PAGE 1836
2CSPC4.XModular-SWUM204.