User’s Guide PRIMERGY BX900/BX400 Blade Server Systems Ethernet Connection Blade Module SB6 / SB11a / SB11 IBP Version English
PRIMERGY BX400/BX900 Connection Blades Ethernet Connection Blades PY CB Eth Switch/IBP 1Gb 18/6 (SB6) PY CB Eth Switch/IBP 1Gb 36/12 (SB11a) PY CB Eth Switch/IBP 1Gb 36/8+2 (SB11) User’s Guide IBP version
Edition July 2011 Comments… Suggestions… Corrections… The User documentation Department would like to know your opinion on this manual. Your feedback helps us to optimize our documentation to suit your individual needs. Fax forms for sending us your comments are included at the back of the manual. There you will also find the addresses of the relevant User documentation Department.
Copyright and Trademarks Copyright © 2011 Fujitsu Technology Solutions GmbH. All rights reserved. Delivery subject to availability; right of technical modifications reserved.
Document History Revision 0.1 Date 12/22/2008 02. 0.3 0.4 1/9/2009 3/12/2009 1/20/2011 0.5 7/29/2011 Editor Switch Team Moore C. J. Lee Moore C. J. Lee Moore C. J. Lee Switch Team Moore C. J. Lee Moore C. J. Lee 0.55 1/19/2012 E.
Contents 1 1.1 1.2 Important Notes.......................................................................................................11 Information About Boards..........................................................................................11 Compliance Statements ............................................................................................12 2 2.1 2.1.1 2.1.2 2.1.3 2.1.4 2.1.5 2.2 2.2.1 2.2.2 2.2.3 2.2.4 2.2.5 2.2.6 2.2.7 2.2.8 2.3 2.4 2.5 Introduction ......................
6.5 6.6 6.7 6.7.1 6.7.2 6.8 Powering Considerations ..........................................................................................63 Provisioning Stack Members .....................................................................................66 Naming Scheme .......................................................................................................68 IBP Name .................................................................................................................
9.1 9.2 9.3 9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.3.6 9.3.7 9.3.8 9.3.9 9.3.10 9.4 9.4.1 9.4.2 9.4.3 9.4.4 9.4.5 9.4.6 9.4.7 9.4.8 9.5 9.5.1 9.5.2 9.5.3 9.5.4 9.5.5 9.5.6 9.5.7 9.5.8 9.5.9 9.5.10 9.5.11 9.5.12 9.5.13 9.5.14 9.5.15 9.5.16 9.5.17 9.6 9.6.1 9.6.2 9.6.3 9.6.4 9.7 9.7.1 9.7.2 9.7.3 9.7.4 9.8 9.8.1 9.8.2 9.8.3 9.8.4 9.8.5 9.8.6 Command Reference ............................................................................................ 283 CLI Command Format ........................................
9.8.7 9.8.8 9.8.9 9.8.10 9.8.11 9.8.12 9.8.13 9.8.14 9.8.15 9.8.16 9.8.17 9.8.18 9.9 9.9.1 9.9.2 9.10 9.10.1 9.10.2 9.11 9.11.1 9.11.2 9.12 9.12.1 9.12.2 9.13 9.13.1 9.13.2 9.14 9.14.1 9.14.2 9.15 9.15.1 9.15.2 9.16 9.16.1 9.17 9.17.1 9.17.2 9.17.3 9.17.4 9.18 9.18.1 9.18.2 9.19 9.19.1 9.19.2 9.20 9.20.1 9.20.2 9.21 9.21.1 9.21.2 9.21.3 9.21.4 9.21.5 9.21.6 9.21.7 9.21.8 classic-view ............................................................................................................. 473 ping .....
9.22 9.22.1 9.22.2 9.22.3 9.22.4 9.22.5 9.23 9.23.1 9.23.2 9.24 9.24.1 9.24.2 9.25 9.25.1 9.25.2 Differentiated Service Commands ...........................................................................564 General Commands ................................................................................................ 565 Class Commands .................................................................................................... 567 Policy Commands .................................................
© 2011 Fujitsu Technology Solutions 10
1 Important Notes Store this manual close to the device. If you pass the device on to third parties, you should pass this manual on with it. Be sure to read this page carefully and note the information before you open the device. You cannot access the switch blade without first opening the device. Please observe the safety information provided in the “Important Notes” chapter in this user’s guide. Components can become very hot during operation. Ensure you do not touch components when handling the device.
1.2 Compliance Statements FCC Class A Compliance This equipment has been tested and found to comply with the limits for a “Class A” digital device, pursuant to Part 15 of the FCC rules and meets all requirements of the Canadian Interference-Causing Equipment Regulations. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
Japan VCCI Class A CE Mark Declaration of Conformance for EMI and Safety (EEC) This information technology equipment complies with the requirements of the Council Directive 89/336/EEC on the Approximation of the laws of the Member States relating to Electromagnetic Compatibility and 73/23/EEC for electrical equipment used within certain voltage limits and the Amendment Directive 93/68/EEC.
Taiwan BSMI Class A Australia AS/NZS 3548 (1995) - Class A © 2011 Fujitsu Technology Solutions 14
2 Introduction The PRIMERGY BX400 Blade Server system is a modular server system that can integrate up to 8 server modules, 4 Connection Blade Modules and two Management Modules (MMB). The Ethernet Connection Blade Module provides networking and Switch functions to PRIMERGY BX400 Blade Server system. The Management Module provides a single point of control for the PRIMERGY BX400 Blade Server system.
Ethernet Connection Blade Module are designed for the Primergy new generation Blade Sever System. There are three type connection blades as follow: a) SB11 is a 46-port 1GbE with 2 10GbE SFP+ uplinks Layer-2+ stackable Ethernet Connection Blade. The Ethernet Connection Blade configuration is 36 downlink ports to mid-plane and 8 1GbE with RJ45 connectors and 2 10GbE SFP+ for uplink ports. In the BX400 Blade Server System only up to 32 of the 36 downlink ports are utilized.
2.1 Features of the Ethernet Connection Blade The Ethernet Connection Blade provides a wide range of advanced performance-enhancing features. Multicast filtering provides support for real-time network applications. Port-based and tagged VLANs, plus support for automatic GVRP VLAN registration provide traffic security and efficient use of network bandwidth. QoS priority queuing ensures the minimum delay for moving real-time multi-media data across the network.
2.1.1 MAC Address Supported Features MAC Address Capacity Support The Ethernet Connection Blade Module supports up to 8K/32 MAC addresses for SB11a/SB11. The Ethernet Connection Blade Module reserves specific MAC addresses for system use. Static MAC Entries MAC entries can be manually entered in the Bridging Table, as an alternative to learning them from incoming frames. These user-defined entries are not subject to aging, and are preserved across resets and reboots.
2.1.2 Layer 2+ Features IGMP Snooping/MLD Snooping IGMP Snooping examines IGMP frame contents, when they are forwarded by the Ethernet Connection Blade Module from work stations to an upstream Multicast router. From the frame, the Ethernet Connection Blade Module identifies work stations configured for Multicast sessions, and which Multicast routers are sending Multicast frames. Port Mirroring The mirror port mirrors both transmitted and received packets of the probe ports.
Link Aggregation and LACP LACP uses peer exchanges across links to determine, on an ongoing basis, the aggregation capability of various links, and continuously provides the maximum level of aggregation capability achievable between a given pair of systems. LACP automatically determines, configures, binds and monitors the port binding to aggregators within the system.
Uplink Sets The group definition is divided into two independent parts. At first the external / uplink ports are defined in so-called Uplink Sets. In the then following group definitions these Uplinks Sets are used to define the external connection. An “Uplink Set” is defined as a set of 1 to n external (uplink) ports, which is be used in port group definitions to connect a group of server blades to the customer’s LAN. An uplink set has two properties: Port backup, and Link state.
VLAN Port Groups with Native VLAN option Within the set of VLAN Port Groups sharing the same Uplink Set one VLAN can be optionally defined as “native VLAN”. This changes the tagging behavior at the uplink port for this native VLAN Id to the following: Incoming untagged packets are not dropped, but are tagged with the native VLAN Id and forwarded to all the downlinks of this VLAN group. Incoming packets tagged with the native VLAN ID are dropped at the uplink.
aggregation link, and the other is defined as backup aggregation group. As the active aggregation group is link down, the backup aggregation group will be activated for transmission. After the active aggregation group is link up again, the backup aggregation group will be deactivated.
2.1.3 Management Features of Ethernet Connection Blade Module The PRIMERGY BX900 Ethernet Connection Blade can either be managed through the console port or through the network (in-band/out-of-band management) with SNMP, TELNET or HTTP protocols. Various Files of Management Operation: a) There are three types of files for the PRIMERGY BX900 Ethernet Connection Blade: • BootROM Image: The images brought up by loader when power up. Also known as POST (Power On Self-Test).
b) Runtime: Users can choose a new configuration file to reconfigure the system while system running, system rebooting is necessary and applied automatically. This function is available for CLI only. SNMP Alarms and Trap Logs The system logs events with severity codes and timestamps. Events are sent as SNMP traps to a Trap Recipient List. SNMP Version 1, Version 2, and Version 3 Simple Network Management Protocol (SNMP) over the UDP/IP protocol.
SNTP The Simple Network Time Protocol (SNTP) assures accurate network Ethernet Connection Blade Module clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. Time sources are established by Stratums. Stratums define the distance from the reference clock. The higher the stratum (where zero is the highest), the more accurate the clock.
Default Gateway for management ports Only one default gateway is supported in the system. User could assign the default gateway for in-band management or out-of-band management interface, but not simultaneously. If the gateway for the in-band management is set it is only valid for the in-band management.
2.1.4 Security Feature SSL Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data through privacy, authentication, and data integrity. It relies upon certificates and public and private keys. SSL version 3 and TLS version 1 are currently supported. SSH Secure Shell (SSH) is a protocol that provides a secure, remote connection to an Ethernet Connection Blade Module. SSH version 1 and version 2 are currently supported.
MAC Address Authentication (MAC Address Filter) Locked Port increases network security by limiting access on a specific port only to users with specific MAC addresses. These addresses are either manually defined or learned on that port. When a frame is seen on a locked port, and the frame source MAC address is not tied to that port, the protection mechanism is invoked.
2.1.5 Quality of Service Features The PRIMERGY BX900 support the mapping of DSCP (Differentiated Service Code Point) to CoS queues. Therefore, packet with different DSCP value can be scheduled to separated CoS queues for different services. DSCP definition is backward compatible with TOS definition. Hence PRIMERGY BX900 also support the mapping of TOS to CoS queues. And packet with difference precedence can be scheduled to different prioritized CoS queues. 802.
Standard ACLs are the oldest type of ACL. Standard ACLs control traffic by comparing the source address of the IP packets to the addresses configured in the ACLs. Extended ACLs control traffic by comparing the source and destination addresses of the IP packets to the addresses configured in the ACLs. Rules can be configured to inspect up to six fields of a packet: Source IP, Destination IP, Source L4 Port, Destination L4 Port, TOS Byte, and Protocol Number.
2.2 Description of Hardware 2.2.1 Port Configurations of Ethernet Connection Blade Module The PRIMERGY BX400/BX900 Ethernet Connection Blade Module contains a) SB11: 8 Gigabit Ethernet ports and two 10G SFP+ Ethernet ports for connecting to the network and one internal CX4 HiGig/HiGig+ port and one external CX4 HiGig/HiGig+ ports for stacking purpose, b) SB11a: 8 RJ45 Gigabit Ethernet ports and 4 SFP Gigabit Ethernet ports for connecting to network.
Physical Ports for SB6 • 18 1-Gigabit downlink ports • 6 1-Gigabit RJ-45 ports for uplink ports Figure: PRIMERGY BX400 GbE Connection Blade 18/6 (SB6) Front Panel The RJ-45 Gigabit Ethernet ports can operate at 10, 100 or 1000 Mbps. These ports support auto negotiation, duplex mode (Half or Full duplex), and flow control. The 36 downlink 1 Gigabit Ethernet ports that connect to server modules can only operate at 1000 Mbps, full-duplex.
2.2.2 Ethernet Ports Uplink Ports Eight external RJ-45 ports support IEEE 802.3x auto-negotiation of speed, duplex mode, and flow control. Each port can operate at 10 Mbps, 100 Mbps and 1000 Mbps, full and half duplex, and control the data stream to prevent buffers from overflowing. The uplink ports can be connected to other IEEE 802.3ab 1000BASE-T compliant devices up to 100 m (328 ft.) away using Category 5 twisted-pair cable.
2.2.3 Status of LEDs The front panel contains light emitting diodes (LED) that indicate the status of links, and Ethernet Connection Blade diagnostics. Port LEDs Each of uplink port has two LED indicators.
General LED (SB6 / SB11a) There is one Ethernet Connection Blade Module system LED with dual functions, controlled by MMB for error status reporting and blade identification. Different flashing frequencies are used to indicate the different functions. There are two functions, identification and error reporting, with identification having a higher priority than error reporting.
2.2.4 Supported SFP and SFP+ Vendor List Supported SFP Modules: Vendor Device Type Order No. FTS Part No.
2.2.5 Features and Benefits 2.2.6 Connectivity • 36 internal Gigabit ports for easy network integration of your server cards (SB6: 18 ports). • 8 external 1000BASE-T Gigabit ports for uplinking to the corporate network (SB6: 6 ports). • 4 SFP Gigabit ports for uplinking to the corporate network. (SB11a) • 2 SFP+ 10Gigabit ports for uplinking to the corporate network.
2.3 Notational Conventions The meanings of the symbols and fonts used in this manual are as follows: ! CAUTION “Quotation marks” i 2.4 Pay particular attention to texts marked with this symbol. Failure to observe this warning endangers your life, destroys the system, or may lead to loss of data. Indicate names of chapters and terms that are being emphasized. This symbol is followed by supplementary information, remarks and tips.
2.5 Technical Data Electrical data Operating voltage +12 VDC @ 2.5 A max (SB11a) +12 VDC @ 3.5 A max (SB11) +12 VDC @ 2.5 A max (SB6) Maximum current 7.52 A max @ 3.3 VDC 11.8 A max @ 2.5 VDC 24 A max @ 1.25 VDC 7.76 A max @ 1 VDC National and international standards Product safety IEC 60950 / EN 60950 / UL 60950, CSA 22.2 No.
Condensation while operating must be avoided. 3 Network Planning 3.1 Introduction to IBP The Intelligent Blade Panel Module (IBP) provides a simple Ethernet interface option for connecting the PRIMERGY BX900 Blade Server system to the network infrastructure. The administrative effort and network skills required to connect to the network are minimized.
3.2 Sample Applications The Ethernet Connection Blade is designed to consolidate your network core providing high-bandwidth connections between the server chassis and workgroup switches. Some typical applications are described in this section. 3.2.1 Backbone Connection The IBP can connect to the network backbone or other key sites over high-speed Gigabit Ethernet links, increasing overall bandwidth and throughput.
3.2.2 Making IBP Connections The IBP supports Port Groups which can be used to organize any group of server blade nodes into separate broadcast domains. Port groups confine broadcast traffic to the originating group, and can eliminate broadcast storms in large networks. The communication between Port Groups is not possible, nor is traffic from one group visible in another group. This provides a more secure and cleaner network environment.
4 Making Network Connections The Ethernet Connection Blade connects server boards installed inside the system to a common switch fabric and also provides several external ports for uplinking to external IEEE 802.3ab compliant devices. For most applications, the external ports on the Ethernet Connection Blade will be connected to other switches in the network backbone. It may also be connected directly to Gigabit Ethernet network cards in PCs or servers. 4.
! 4.2 For 1000 Mbps operation, all four wire pairs in the cable must be connected. When auto-negotiation is enabled, the 1000BASE-T ports support the auto MDI/MDI-X feature, which means that at any operating speed (10, 100, or 1000 Mbps), either straight-through device. Make sure each twisted-pair cable does not exceed 100 meters (328 feet). Note that auto-negotiation must be enabled to support auto MDI/MDI-X.
4.2.3 1000BASE-T Pin Assignments 1000BAST-T ports support automatic MDI/MDI-X operation, so you can use straight-through cables for all network connections to PCs or servers, or to other switches. (Auto-negotiation must be enabled to support MDI/MDI-X.) The table below shows the 1000BASE-T MDI and MDI-X port pin outs. These ports require that all four pairs of wires be connected. Note that for 1000BASE-T operation, all four pairs of wires are used for both transmit and receive.
5 Configuring Ethernet Connection Blade Module This section contains information about Ethernet Connection Blade Module unpacking, installation, and cable connections. 5.1 Overview The Ethernet Connection Blade Module is inserted in the PRIMERGY BX900 Blade Server which is a modular server system that can integrates up to 18 processor blades and eight Ethernet Connection Blade Modules.
5.2 Connecting the Ethernet Connection Blade Module Before configuring the Ethernet Connection Blade Module, PRIMERGY BX900 Blade Server console port must be connected to the Ethernet Connection Blade Module. To connect PRIMERGY BX900 Blade Server console port to Ethernet Connection Blade Module, perform the following: 1. Mount the Ethernet Connection Blade Module One the console monitor the MMB application displays a login screen. The Ethernet Connection Blade Module bootup screen is displayed.
3. Select (3) Console Redirection. The Console Redirection Table is displayed. +-----------------------------------------------------------------------------+ | Console Redirection Table page_3 +-----------------------------------------------------------------------------+ (1) Console Redirect Connection Blade (2) Set Return Hotkey , Ctrl+(a character) : Q (3) Set Console Redirection Timeout : 900 Enter selection or type (0) to quit: 1 4. Select (1) Console Redirection Connection Blade.
5.3 Start up and Configuration the Ethernet Connection Blade Module It’s important to understand the Ethernet Connection Blade Module architecture when configuring the Ethernet Connection Blade Module. The Ethernet Connection Blade Module has two types of ports. One type is for interfacing the Ethernet Connection Blade Module with PRIMERGY BX900 Blade Server, and the other type are regular Ethernet ports used for connecting PRIMERGY BX900 Blade Server to the external network.
Figure: Installation and Configuration Flow © 2011 Fujitsu Technology Solutions 51
5.4 Configuring the Terminal To configure the device, the station must be running terminal emulation software. Ensure that Ethernet Connection Blade Module is correctly mounted and is connected to the chassis serial port. Ensure that the terminal emulation software is set as follows: Connect to the serial port of PRIMERGY BX900 Management Blade and use console redirection function to get the console access of Ethernet Connection Blade. i 1.
5.5 Booting Device When the Ethernet Connection Blade Module is connected to the local terminal, the Ethernet Connection blade Module goes through Power On Self Test (POST). POST runs every time the device is initialized and checks hardware components to determine if the device is fully operational before completely booting. If a critical problem is detected, the program flow stops. If POST displayed on the terminal and indicate test success or failure.
5.6 Software Download 5.6.1 In BootROM Back Door CLI Software Download Using Xmodem Protocol The software download procedure is performed when a new version must be downloaded to replace the corrupted files, update or upgrade the system software (system and boot images). To download software from the BootROM CLI: 1. Form the BootROM CLI prompt input the following command: xmodem –rb 2. When using the HyperTerminal, click Transfer on the HyperTerminal Menu Bar. 3.
runtime gzip yes 2008/12/10 0.5 sb11a-ibp-r-0.5.1210.biz Total: 3 files. 3. From the BootROM CLI prompt input the following command: xmodem –rb 4. When using the HyperTerminal, click Transfer on the HyperTerminal Menu Bar. 5. In the Filename field, enter the file path for the file to be downloaded. 6. Ensure that the Xmodem protocol is selected in the Protocol filed. 7. Press Send. The software is downloaded. 8. Enter the reset command.
5.6.2 In Operation Code CLI Software Download through TFTP/FTP Server This section contains instructions for downloading device software through a TFTP/FTP server. The TFTP/FTP server must be configured before beginning to download the software. System Image Download The device boots and runs when decompressing the system image from the flash memory area where a copy of the system image is stored. When a new image is downloaded, it is saved in the other area allocated for the other system image copy.
5. Enter (CB)#copy tftp://{tftp address}/{file name} image {file name} or copy ftp://{ftp address}/{file name} image {file name} command to copy a new system image to the device. The following message is displayed: (CB) #copy tftp://192.168.2.1/sb11a-sw-r-0.40.0227.img image sb11a-sw-r-0.04.0227.biz Mode........................................... TFTP Set TFTP Server IP............................. 192.168.2.1 TFTP Path...................................... ./ TFTP Filename.................................
5.7 Switching the Software Booting Mode In Ethernet Connection Blade, it has bundled two kinds of firmware version with three operational modes, including switch, End-Host-Mode and IBP mode. It could only be running in one mode at a time. In order to run the other mode, you have to change the booting mode and reboot the Ethernet Connection Blade. To change the software mode: 1. Enter (CB)#boot-system mode command to specify which software version running on the device after next reboot. 2.
6 Understanding Stacking Feature 6.1 Introduction A stacking function is a group set of IBP(s) connected through Infiniband CX4 interface of the HiGig/HiGig+ ports. One of the IBP(s) controlled the operation of the stack modules is called the stack master. Other IBP(s) are belonging to the stack members of the stack group system. Stacking feature provides high port density while simplifying management by providing a single point of management for all IBP(s) in the stack.
6.2 Stacking Function Features Overview PRIMERGY BX900 GbE Connection Blade 36/8+2 Stacking (SB11) provides the following stacking function features: 1. Only stacking with ring topology will be supported for redundant configuration. The redundant configuration function must keep the ring topology stacking system to backup maintenance. 2. A stack contains at most eight member switches. 3. Stack is managed as a single switch and has a single IP address. 4.
6.3 Stack Master Election Processes The stacking function of SB11 is done through the two dedicated 12-Gigabit HiGig+ ports. One dedicated is connected to mid-plane (called internal stacking link), and the other is connected to front panel (called external stacking link). For easy management as a single object, a unique configuration entry should be supported. Therefore, a unit will be elected to act as a stack master.
6.4 Firmware Upgrade/Distribution Processes SB11 provides two kinds of methods for firmware upgrade, one is using XMODEM, and the other is using TFTP/FTP. The firmware upgrade is only possible to be performed on the stack master. Upgrade Processes After the firmware upgrade operations are finished on stack master, the stack master will distribute the downloaded code automatically to all stack members to keep all members in the stack are running with the same firmware version.
6.5 Powering Considerations Stack members that are powered on within the same 20-second time frame participate in the stack master election and have a chance to become the stack master. If the stack members that are powered on after the 20-second time frame do not participate in this initial election and a re-election process will be issued, all of the stack members must participate in the re-election process. The new stack master becomes available after a few seconds.
Scenario 1: Stack two IBP(s) using the internal stacking link in the same fabric For instance, CB1 and CB2 are to be stacked. If you want the CB1 be the stack master, you need to plug-in the CB1 first, after 20 more seconds, you plug-in the CB2. Scenario 2: Stack two IBP(s) using the external stacking link in the different fabric For instance, CB1 and CB3 are to be stacked.
Scenario 4: Replace a defect stack member from the stack For instance, CB1, CB2, CB3, and CB4 form a stack system, and CB1 is the stack master and the others are the stack members, and the CB4 is the defect one. You could remove CB4 directly without affecting the functionality of the stack system. Then, plug-in the new CB to the previous position of CB4, and connect the external stacking cable between CB2 and CB4. After CB4 is booted, it will become stack member.
6.6 Provisioning Stack Members This function provides users to do the offline configuration for an IBP before it joins to the stack. The switch ID is automatically assigned from lowest unused number in the range of 1 to 8. Usually, the stack master will have the lowest switch ID unless you configure the stack with move management command or the re-election process was executed.
the provisioned name has been used in the configuration there should be no occurrences of the previous switch id in the running config. − If not found but there is a provisioned entry for the switch id of the new member it depends on the provisioned name of this entry. If there is no provisioned name defined the master should use this provisioned entry for the new member.
6.7 Naming Scheme The naming scheme for the stack member is described in this section. It will provide an easy way for user to identify and manipulate the specific IBP module, and port of an IBP module. The MMB has to provide the following information via ISMIC to be read by IBP: 1. Rack Name (read only): reserved for future use, will be empty. 2. Enclosure Name (read only): MMB will retrieve the Serial No. from the FRU data of the enclosure and make it as the Enclosure Name. (This name MUST be unique.
6.8 Persistent MAC Address The switch stack MAC address is determined by the MAC address of the stack master. When a stack master is removed from the stack and a new stack master takes over, the default is for the MAC address of the previous stack master will be still the MAC address of the new stack. That is, the stack MAC address never changes to the new stack master MAC address.
7 E-Keying Function Feature This chapter provides information of E-Keying function including the overall mechanism and the requirements for Ethernet Connection Blade Modules. The MMB is the central management entity having the overview of the entire blade chassis configuration. Therefore the MMB is running the central e-keying application which is controlling the e-keying enable/disable functions of the Ethernet Connection Blade Modules, mezzanines and CPU Blades.
8 Web-based Management Interface 8.1 Overview The BX900 Ethernet Connection Blade provides a built-in browser software interface that lets you configure and manage it remotely using a standard Web browser such as Microsoft Internet Explorer or Firefox. This software interface also allows for system monitoring and management of the Ethernet Connection Blade.
8.1.1 Menu Options The menu options available are: Management, Group Administration, Security, QoS, and Stacking. 1. Management Menu: This section provides information for configuring SNMP and trap manager, Ping, DHCP client, SNTP, system time, defining system parameters including telnet session and console baud rate, etc, downloading IBP module software, and resetting the IBP module, IBP statistics and Layer 2 MAC address. Figure : Management Menu 2.
3. Security Menu: This section provides users to configure IBP securities including 802.1x, RADIUS, TACACS+, LDAP, Access Control Lists, IP Filter, Secure HTTP, Secure Shell. Figure : Security Menu 4. QoS Menu: This section provides users to configure Differentiated Service, and Class of Service. Figure : QoS Menu 5. Stacking Menu (in Stackable Ethernet Connection Blade): This section provides users to configure stacking units and update runtime code of stacking units.
8.2 Management Menu This section provides information for configuring SNMP and trap manager, Ping, DHCP client, SNTP, system time, defining system parameters including telnet session and console baud rate, etc, downloading IBP module software, and resetting the IBP module, IBP statistics and Layer 2 MAC address. 8.2.1 Information 8.2.1.1 Inventory Info Figure : Inventory Information Use this panel to display the IBP's Vital Product Data, stored in non-volatile memory at the factory.
Operational MAC Address - The operational MAC address of this IBP. Hardware Version - The hardware version of this IBP. The first byte is the major version and the second byte represents the minor version. Loader Version - The release version maintenance number of the loader code currently running on the IBP. For example, if the release was 1 and the version was 2, the format would be '1.2'. Boot Rom Version - The release version maintenance number of the boot rom code currently running on the IBP.
8.2.2 Configuration 8.2.2.1 System Description Figure : System Description Configurable Data System Name - Enter the name you want to use to identify this IBP. You may use up to 31 alpha-numeric characters. The factory default is blank. System Location - Enter the location of this IBP. You may use up to 31 alpha-numeric characters. The factory default is blank. System Contact - Enter the contact person for this IBP. You may use up to 31 alpha-numeric characters. The factory default is blank.
8.2.2.2 In-Band Mgmt The In-Band Mgmt is the logical interface used for in-band connectivity with the IBP via any of the IBP's front panel ports. The configuration parameters associated with the IBP's In-Band Mgmt do not affect the configuration of the front panel ports through which traffic is switched or routed To access the IBP over a network you must first configure it with IP information (IP address, subnet mask, and default gateway).
Web Mode - Specify whether the IBP may be accessed from a web browser. If you choose to enable web mode you will be able to manage the IBP from a web browser. The factory default is enabled. Java Mode - Enable or disable the java applet that displays a picture of the IBP at the top right of the screen. If you run the applet you will be able to click on the picture of the IBP to select configuration screens instead of using the navigation tree at the left side of the screen. The factory default is enabled.
8.2.2.3 Out-of-Band Mgmt Out-of-Band Mgmt interface provides a network access connection via MMB’s service port. Figure : Out-of-Band Mgmt Config You use this panel to specify the parameters needed to communicate with the IBP over a network using the Out-of-Band Mgmt. Selection Criteria IPv6 Mode - Enable/Disable IPv6 stack for out-of-band mgmt interface.
Burned-in MAC Address - The burned-in MAC address used for out-of-band connectivity. (Only used in non-stackable module) Operational MAC Address - The operational MAC address of this IBP. (Only used in stackable module) IPv6 Address - Display IPv6 address. IPv6 Default Router - Display IPv6 Default Router Address. Command Buttons Apply - Update the IBP with the values on the screen. If you want the IBP to retain the new values across a power cycle you must perform a save.
8.2.2.4 Telnet Session Figure : Telnet Session Config Selection Criteria Maximum Number of Telnet Sessions - Use the pull down menu to select how many simultaneous telnet sessions will be allowed. The maximum is 5, which is also the factory default. Allow New Telnet Sessions - If you set this to no, new telnet sessions will not be allowed. The factory default is yes. Telnet Server Admin Mode - Administrative mode for inbound telnet sessions. Setting this value to disable shuts down the telnet port.
8.2.2.5 Telnet Client Config Figure : Telnet Client Config Selection Criteria Admin Mode - Specifies if the Outbound Telnet service is Enabled or Disabled. Default value is Enabled. Maximum Sessions - Specifies the maximum number of Outbound Telnet Sessions allowed. Default value is 5. Valid Range is (0 to 5). Configurable Data Session Timeout - Specifies the Outbound Telnet login inactivity timeout. Default value is 5. Valid Range is (1 to 160).
8.2.2.6 SSH Client Config Figure : SSH Client Config Selection Criteria Admin Mode - Specifies if the Outbound SSH service is Enabled or Disabled. Default value is Enabled. Maximum Sessions - Specifies the maximum number of Outbound SSH Sessions allowed. Default value is 5. Valid Range is (0 to 5). Configurable Data Session Timeout - Specifies the Outbound SSH login inactivity timeout. Default value is 5. Valid Range is (1 to 160). Command Buttons Submit - Sends the updated configuration to the switch.
8.2.2.7 Serial Port Figure : Serial Port Config Selection Criteria Baud Rate (bps) - Select the default baud rate for the serial port connection from the pull-down menu. You may choose from 1200, 2400, 4800, 9600, 19200, 38400, 57600, and 115200 baud. The factory default is 9600 baud. ! If you change the baud rate, the console redirection via MMB doesn’t work anymore.
Command Buttons Apply - Update the IBP with the values on the screen. If you want the IBP to retain the new values across a power cycle you must perform a save.
8.2.2.8 HTTP Config Figure : HTTP Config Configurable Data HTTP Session Soft Timeout - This field is used to set the inactivity timeout for HTTP sessions. The value must be in the range of (0 to 60) minutes. A value of zero corresponds to an infinite timeout. The default value is 15 minutes. The currently configured value is shown when the web page is displayed. HTTP Session Hard Timeout - This field is used to set the hard timeout for HTTP sessions.
8.2.2.9 DDNS Config Figure : DDNS Config Selection Criteria DDNS Host - Selects the DDNS Host for which data is to be displayed or configured. If the add item is selected, a new DDNS Host can be configured. Server Type - Selects the server type of DDNS server. You can choose any of the following type : • EASYDNS • DYNDNS • DHS • ODS • DYNS • ZONEEDIT • TZO Configurable Data Host Name - The host name of DDNS server. User Name - The user name for DDNS server.
8.2.3 System Utilities 8.2.3.1 Save All Changes Figure : Save All Changes Command Buttons Save - Click this button to have configuration changes you have made saved across a system reboot. All changes submitted since the previous save or system reboot will be retained by the IBP. 8.2.3.2 System Reset Figure : System Reset Command Buttons Reset - Select this button to reboot the IBP. Any configuration changes you have made since the last time you issued a save will be lost.
8.2.3.3 Set Config to Defaults Figure : Set Config to Defaults Command Buttons Reset - Select this button to have all configuration parameters reset to their factory default values. All changes you have made will be lost, even if you have issued a save. You will be shown a confirmation screen after you select the button. 8.2.3.
8.2.3.5 Traceroute Use this screen to tell the IBP to send a TraceRoute request to a specified IP address. You can use this to discover the paths packets take to a remote destination. Once you click the Apply button, the IBP will send traceroute and the results will be displayed below the configurable data. If a reply to the traceroute is you will see 1 x.y.z.w 1 ms 2 ms 3 ms 2 0.0.0.0 0 ms 0 ms 0 ms 3 0.0.0.
8.2.3.6 Ping Use this screen to tell the IBP to send a Ping request to a specified IP address. You can use this to check whether the IBP can communicate with a particular IP station. Once you click the Apply button, the IBP will send three pings and the results will be displayed below the configurable data. If a reply to the ping is not received, you will see No Reply Received from IP xxx.xxx.xxx.xxx , otherwise you will see Reply received from IP xxx.xxx.xxx.xxx : (send count = 3, receive count = n).
Link Local Address - Enter the link local address of the station you want the IBP to ping. The initial value is blank. Datagram Size - Enter the datagram size. The valid range is 48 to 2048. None Configurable Data Ping Output - The reply result received from IBP. Command Buttons Apply - This will initiate the ping.
8.2.4 File Management 8.2.4.1 Download To IBP Use this menu to download a file to the IBP. Figure : File Download To IBP Selection Criteria File Type - Specify what type of file you want to download: (Default value of file type is code.) i • Script - specify configuration script when you want to update the IBP's script file. • CLI Banner - The Banner of CLI interface. • Code - specify code when you want to upgrade the operational flash.
Protocol Mode - Specify the protocol of mode to download. The available options are FTP, TFTP and HTTP. Configurable Data FTP/TFTP Server IPv4 Address - Enter the IPv4 address of the FTP/TFTP server. The factory default is 0.0.0.0. FTP/TFTP Server Host Name - Enter the Host Name of the FTP/TFTP server. FTP/TFTP Server IPv6 Address - Enter the IPv6 address of the FTP/TFTP server. FTP User - Enter the user name on the FTP server. FTP Password - Enter the password of the FTP user.
8.2.4.2 Upload From IBP Use this menu to upload a code, configuration or log file from the IBP. Figure : File Upload From IBP Selection Criteria File Type - Specify the type of file you want to upload. The available options are Script, Code, CLI Banner, Configuration, Error Log, Buffered Log, and Trap Log. The factory default is Code. Protocol Mode - Specify the protocol of mode to upload. The available options are FTP and TFTP.
Command Buttons Apply - Send the updated screen to the IBP perform the file upload.
8.2.4.3 Start-Up File Specify the file used for starting up the system. Figure : Start-Up File Config Selection Criteria Configuration File - Configuration files. Runtime File - Run-time operation codes. Non-Configurable Data Current Configuration File - Current Configuration files. Current Runtime File - Current Run-time operation codes. Command Buttons Apply - Send the updated screen to the IBP and specify the file start-up.
8.2.4.4 Remove File Delete files in flash. If the file is used for system startup, then this file cannot be deleted. Figure : Remove File Selection Criteria Configuration File - Configuration files . Runtime File - Run-time operation codes. Script File - Configuration script files. Command Buttons Remove - Send the updated screen to the IBP and perform the file remove.
8.2.4.5 Copy File Use this menu to copy a start-up configuration file from the running configuration file on IBP. Figure : Copy File Configurable Data File Name - Enter the name you want to give the file being copied. You may enter up to 30 characters. The factory default is blank. Non-Configurable Data The last row of the table is used to display information about the progress of the file copy. The screen will refresh automatically until the file copy completes.
8.2.5 User Management 8.2.5.1 User Accounts By default, two user accounts exist: • admin, with 'Read/Write' privileges • guest, with 'Read Only' privileges By default, password of admin user is “admin” and guest’s is blank. The names are not case sensitive. If you logon with a user account with 'Read/Write' privileges (i.e.
Configurable Data Password Minimum Length - You can use this screen to set minimum password length and this configured only support user account setting. User Name - Enter the name you want to give to the new account. (You can only enter data in this field when you are creating a new account.) User names are up to eight characters in length and are not case sensitive. Valid characters include all the alphanumeric characters as well as the dash ('-') and underscore ('_') characters.
8.2.5.2 Authorization List Config You use this screen to configure login lists. A login list specifies the authorization method(s) you want used to validate switch or port access for the users associated with the list. The pre-configured users, admin and guest, are assigned to a pre-configured list named defaultList, which you may not delete. All newly created users are also assigned to the defaultList until you specifically assign them to a different list.
Authorization List Name - If you are creating a new login list, enter the name you want to assign. It can be up to 15 alphanumeric characters long and is not case sensitive. Command Buttons Apply - Send the updated screen to the switch and cause the changes to take effect on the switch. These changes will not be retained across a power cycle unless you perform a save. Delete - Remove the selected authorization login list from the configuration.
8.2.5.4 User Login Each configured user is assigned to a login list that specifies how the user should be authenticated when attempting to access the IBP or a port on the IBP. After creating a new user account on the User Account screen, you should assign that user to a login list for the IBP using this screen and, if necessary, to a login list for the ports using the Port Access Control User Login Configuration screen.
8.2.5.5 Login Session This page will display the login session information including user name, connection from, idle time, session time, and session type. Figure : Login Session Non-Configurable Data ID - Identifies the ID of this row. User Name - Shows the user name of user made the session. Connection From - Shows the user is connected from which machine. Idle Time - Shows the idle session time. Session Time - Shows the total session time.
8.2.6 Logging 8.2.6.1 Configuring Buffered Log This log stores messages in memory based upon the settings for message component and severity. On stackable systems, this log exists only on the top of stack platform. Other platforms in the stack forward their messages to the top of stack log. Figure : Buffered Log Config Configurable Data Admin Status - A log that is "Disabled" shall not log messages. A log that is "Enabled" shall log messages.
8.2.6.2 Configuring Command Logger Figure : Command Logger Config Selection Criteria Admin Mode - Enable/Disable the operation of the CLI Command logging by selecting the corresponding pull down field and clicking Apply. Hide Password - Hide password if showing logging entries. Enable/Disable the operation by selecting the corresponding pulldown field and clicking Apply. Command Buttons Apply - Update the IBP with the values you entered.
8.2.6.3 Configuring Console Log This allows the messages logging to any serial device attached to the host. Figure : Console Log Config Selection Criteria Admin Status - A log that is "Disabled" shall not log messages. A log that is "Enabled" shall log messages. Enable or Disable logging by selecting the corresponding line on the pull down entry field. Severity Filter - A log records messages equal to or above a configured severity threshold.
8.2.6.4 Configuring Hosts This allows to configure to send the logged messages to a host. Figure : Logging Hosts Config Selection Criteria Host - This is a list of the hosts that have been configured for syslog. Select a host for changing the configuration or choose to add a new hosts from the drop down list. Severity Filter - A log records messages equal to or above a configured severity threshold. Select the severity option by selecting the corresponding line on the pull down entry field.
Apply - Update the IBP with the values you entered. Refresh - Refetch the database and display it again starting with the first entry in the table. Delete - Delete a configured host.
8.2.6.5 Configuring Syslog To enable the syslog system on the system, the logged messages will be sent to the host specified on the “Hosts“ page. Figure : Syslog Config Selection Criteria Admin Status -For Enabling and Disabling logging to configured syslog hosts. Setting this to disable stops logging to all syslog hosts. Disable means no messages will be sent to any collector/relay. Enable means messages will be sent to configured collector/relays using the values configured for each collector/relay.
8.2.6.6 Configuring Terminal Log This allows logging to any terminal client connected to the switch via telnet or SSH. To receive the log messages, terminals have to enable "terminal monitor" via CLI command. Selection Criteria Admin Status -A log that is "Disabled" shall not log messages to connected terminals. A log that is "Enabled" shall log messages to connected terminals. Enable or Disable logging by selecting the corresponding line on the pulldown entry field.
8.2.6.7 Viewing Buffered Log This help message applies to the format of all logged messages which are displayed for the buffered log, persistent log or console log. Figure : Viewing Buffered Log Format of the messages Messages logged to a collector or relay via syslog have an identical format: <15>Aug 24 05:34:05 0.0.0.0-1 MSTP[2110]: mspt_api.
8.2.6.8 Viewing Event Log Use this panel to display the event log, which is used to hold error messages for catastrophic events. After the event is logged and the updated log is saved in FLASH memory, the IBP will be reset. The log can hold at least 10080 entries (the actual number depends on the platform and OS), and is erased when an attempt is made to add an entry after it is full. The event log is preserved across system resets.
8.2.7 Statistics 8.2.7.1 Switch Summary Figure : IBP Summary Statistics Non-Configurable Data ifIndex - This object indicates the ifIndex of the interface table entry associated with the Processor of this IBP. CPU Utilization(5 secs,1 min,5 mins) - This value indicates the CPU Utilization for five seconds, one minute and five minutes. Total Packets Received Without Errors - The total number of packets (including broadcast packets and multicast packets) received by the processor.
Clear Counters - Clear all the counters, resetting all summary and IBP detailed statistics to defaults. The discarded packets count cannot be cleared. Refresh - Refresh the data on the screen with the present state of the data in the IBP.
8.2.7.2 Switch Detailed Figure : IBP Detailed Statistics Non-Configurable Data ifIndex - This object indicates the ifIndex of the interface table entry associated with the Processor of this IBP. Octets Received - The total number of octets of data received by the processor (excluding framing bits but including FCS octets). Packets Received Without Errors - The total number of packets (including broadcast packets and multicast packets) received by the processor.
Multicast Packets Transmitted - The total number of packets that higher-level protocols requested be transmitted to a Multicast address, including those that were discarded or not sent. Broadcast Packets Transmitted - The total number of packets that higher-level protocols requested be transmitted to the Broadcast address, including those that were discarded or not sent.
8.2.7.3 Port Summary Figure : Port Summary Statistics Selection Criteria Unit/Slot/Port - Selects the interface for which data is to be displayed or configured. Non-Configurable Data ifIndex - This object indicates the ifIndex of the interface table entry associated with this port on an adapter. Total Packets Received Without Errors - The total number of packets received that were without errors.
8.2.7.4 Port Detailed Figure : Port Detailed Statistics Selection Criteria Unit/Slot/Port - Selects the interface for which data is to be displayed or configured. Non-Configurable Data ifIndex - This object indicates the ifIndex of the interface table entry associated with this port on an adapter. Packets RX and TX 64 Octets - The total number of packets (including bad packets) received or transmitted that were 64 octets in length (excluding framing bits but including FCS octets).
Packets RX and TX 2048-4095 Octets - The total number of packets (including bad packets) received or transmitted that were between 2048 and 4095 octets in length inclusive (excluding framing bits but including FCS octets). Packets RX and TX 4096-9216 Octets - The total number of packets (including bad packets) received or transmitted that were between 4096 and 9216 octets in length inclusive (excluding framing bits but including FCS octets).
Fragments Received - The total number of packets received that were less than 64 octets in length with ERROR CRC(excluding framing bits but including FCS octets). Alignment Errors - The total number of packets received that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had a bad Frame Check Sequence (FCS) with a non-integral number of octets.
Total Transmit Packets Discarded - The sum of single collision frames discarded, multiple collision frames discarded, and excessive frames discarded. Single Collision Frames - A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision. Multiple Collision Frames - A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by more than one collision.
8.2.8 SNMP 8.2.8.1 Community Config By default, two SNMP Communities exist: • private, with 'Read/Write' privileges and status set to enable • public, with 'Read Only' privileges and status set to enable These are well-known communities, you can use this menu to change the defaults or to add other communities. Only the communities that you define using this menu will have access to the IBP using the SNMPv1 and SNMPv2c protocols.
SNMP Community Name - The Snmp Community Name, it identifies each SNMP community. Community names in the SNMP community must be unique. A valid entry is a case-sensitive string of up to 16 characters. Client IP Address - Taken together, the Client IP Address and Client IP Mask denote a range of IP addresses from which SNMP clients may use that community to access this device. If either (IP Address or IP Mask) value is 0.0.0.0, access is allowed from any IP address.
8.2.8.2 SNMP User Config This menu will display an entry for every SNMP user. Figure : SNMP User Config Selection Criteria User - You can use this screen to reconfigure an existing SNMP user, or to create a new one. Use this pulldown menu to select one of the existing SNMP user, or select 'Create' to add a new one. Authentication Protocol - Specify the SNMPv3 Authentication Protocol setting for the selected user account. The valid Authentication Protocols are None, MD5 or SHA.
8.2.8.3 SNMP EngineID Config This menu will display an entry for configuring remote Engine ID. Figure : SNMP EngineID Config Selection Criteria Protocol - Select IPv4 or IPv6 to configure the corresponding attributes. IP Address - You can use this screen to reconfigure an existing host, or to create a new one. Use this pulldown menu to select one of the existing host, or select 'Create' to add a new one.
8.2.8.4 Trap Receiver Config This menu will display an entry for every active Trap Receiver. Figure : SNMP Trap Receiver Config Selection Criteria Community/User - You can use this screen to reconfigure an existing community or SNMP user, or to create a new one. Use this pulldown menu to select one of the existing community names or SNMP user, or select 'Create' to add a new one.
Apply - Update the IBP with the values on this screen. If you want the IBP to retain the new values across a power cycle, you must perform a save. Delete - Delete the currently selected Community Name. If you want the IBP to retain the new values across a power cycle, you must perform a save.
8.2.8.5 Inform Receiver Config This menu will display an entry for every active SNMP Inform Receiver. Figure : Inform Recevier Config Selection Criteria Admin Mode - You can use this screen to enable or disable the inform function. Community/User - You can use this screen to reconfigure an existing community or SNMP user, or to create a new one. Use this pulldown menu to select one of the existing community names or SNMP user, or select 'Create' to add a new one.
Inform Retries - Specify how many times to resend the inform. The valid retry value is 0 to 100. Default retry value is 3 times. Inform Timeout - Specify how many seconds does the switch to wait for the inform ACK. If the inform ACK is not received within the configured timeout value, switch will resend the infrom according to the retry setting. The valid timeout value is 0 to 1000 seconds. Default timeout value is 15 seconds.
8.2.8.6 Trap Flags Use this menu to specify which traps you want to enable. When the condition identified by an active trap is encountered by the IBP a trap message will be sent to any enabled SNMP Trap Receivers, and a message will be written to the trap log. Figure : SNMP Trap Flags Selection Criteria Authentication - Enable or disable activation of authentication failure traps by selecting the corresponding line on the pull down entry field. The factory default is enabled.
8.2.8.7 Trap Log This screen lists the entries in the trap log. The information can be retrieved as a file by using System Utilities, Upload File from IBP. Figure : SNMP Trap Log Non-Configurable Data Number of Traps Since Last Reset - The number of traps generated since the trap log entries were last cleared. Trap Log Capacity - The maximum number of traps stored in the log. If the number of traps exceeds the capacity, the entries will overwrite the oldest entries.
8.2.8.8 Supported MIBs This is a list of all the MIBs supported by the IBP. Figure : SNMP Supported MIBs Non-configurable Data Name - The RFC number if applicable and the name of the MIB. Description - The RFC title or MIB description. Command Buttons Refresh - Update the data.
8.2.9 SNTP 8.2.9.1 Global Config Figure : SNTP Global Config Selection Criteria Client Mode - Specifies the mode of operation of SNTP Client. An SNTP client may operate in one of the following modes. Default value is “Disable”. • Disable- SNTP is not operational. No SNTP requests are sent from the client nor are any received SNTP messages processed. • Unicast- SNTP operates in a point to point fashion.
Unicast Poll Timeout - Specifies the number of seconds to wait for an SNTP response when configured in unicast mode. Allowed range is (1 to 30). Default value is 5. Unicast Poll Retry - Specifies the number of times to retry a request to an SNTP server after the first time-out before attempting to use the next configured server when configured in unicast mode. Allowed range is (0 to 10). Default value is 1. Command Buttons Apply - Sends the updated configuration to the IBP.
8.2.9.2 Global Status Figure : SNTP Global Status Non-Configurable Data Version - Specifies the SNTP Version the client supports. Supported Mode - Specifies the SNTP modes the client supports. Multiple modes may be supported by a client. Last Update Time - Specifies the local date and time (UTC) the SNTP client last updated the system clock. Last Attempt Time - Specifies the local date and time (UTC) of the last SNTP request or receipt of an unsolicited message.
Server Stratum - Specifies the claimed stratum of the server for the last received valid packet. Reference Clock Id - Specifies the reference clock identifier of the server for the last received valid packet. Server Mode - Specifies the mode of the server for the last received valid packet. Unicast Sever Max Entries - Specifies the maximum number of unicast server entries that can be configured on this client.
8.2.9.3 Server Config Figure : SNTP Server Config Selection Criteria Server - Specifies all the existing Server Addresses along with an additional option "Create". When the user selects "Create" another text box "Address" appears where the user may enter Address for Server to be configured. Address Type - Specifies the address type of the configured SNTP Server address.
Delete - Deletes the SNTP Server entry. Sends the updated configuration to the IBP. Configuration changes take effect immediately.
8.2.9.4 Server Status Figure : SNTP Server Status Non-Configurable Data Address - Specifies all the existing Server Addresses. If no Server configuration exists, a message saying "No SNTP server exists" flashes on the screen. Last Update Time - Specifies the local date and time (UTC) that the response from this server was used to update the system clock. Last Attempt Time - Specifies the local date and time (UTC) that this SNTP server was last queried.
8.2.9.5 Current Time Figure : SNTP Current Time Configurable Data Year - Year (4-digit). (Range: 2000 - 2099). Month - Month. (Range: 1 - 12). Day - Day of month. (Range: 1 - 31). Hour - Hour in 24-hour format. (Range: 0 - 23). Minute - Minute. (Range: 0 - 59). Second - Second. (Range: 0 - 59). Command Buttons Apply - Send the updated screen to the IBP. Changes take effect on the IBP but these changes will not be retained across a power cycle unless a save is performed.
8.2.9.6 Time Zone Settings Simple Network Time Protocol (SNTP) allows the IBP to set its internal clock based on periodic updates from a time server. Maintaining an accurate time on the IBP enables the system log to record meaningful dates and times for event entries. You can also manually set the clock using the CLI. If the clock is not set, the IBP will only record the time from the factory default set at the last bootup.
8.2.10 UDLD 8.2.10.1 UDLD Config Figure : UDLD Config Selection Criteria Global Port Mode - Specifies the UDLD Global Port mode. It has three options : Disable, Normal and Aggressive. Interface - Specifies the list of all the physical ports on which UDLD can be configured. Port Mode - Specifies the UDLD Port mode for the selected interface. It has three options : Disable, Normal and Aggressive. Configurable Data Message - Specifies the Message Interval in seconds to send of messages in steday state.
8.2.10.2 Device Info Figure : UDLD Device Info Selection Criteria Interface - Specifies the list of all the physical ports on which UDLD can be configured. Non-Configurable Data Port Enable Operational State - Specifies the Port Enable Operational State of the selected port. Current Bidirectional State - Specifies the Bidirectional State of the selected port. Current Operational State - Specifies the runtime Operational State of the selected port.
8.2.11 LLDP 8.2.11.1 Global Config Figure : LLDP Global Config Configurable Data Transmit Interval - Specifies the interval in seconds to transmit LLDP frames. The range is from (1 to 32768) . Default value is 30 seconds. Transmit Delay - Specifies the transmit delay in seconds. The range is from (1 to 8192) . Default value is 2 seconds. Hold Multiplier - Specifies the multiplier on Transmit Interval to assign TTL. The range is from (2 to 10). Default value is 4.
8.2.11.2 Interface Config Figure : LLDP Interface Config Selection Criteria Interface - Specifies the list of ports on which LLDP - 802.1AB can be configured. Transmit - Specifies the LLDP - 802.1AB transmit mode for the selected interface. Receive - Specifies the LLDP - 802.1AB receive mode for the selected interface. Notify - Specifies the LLDP - 802.1AB notification mode for the selected interface.
8.2.11.3 Viewing Interface Summary Figure : LLDP Interface Summary Non-Configurable Data Interface - Specifies all the ports on which LLDP - 802.1AB can be configured. Link Status - Specifies the Link Status of the ports whether it is Up/Down. Transmit - Specifies the LLDP - 802.1AB transmit mode of the interface. Receive - Specifies the LLDP - 802.1AB receive mode of the interface. Notify - Specifies the LLDP - 802.1AB notification mode of the interface. Optional TLV(s) - Specifies the LLDP - 802.
8.2.11.4 Viewing Statistics Figure : LLDP Statistics Non-Configurable Data Last Update - Specifies the time when an entry was created, modified or deleted in the tables associated with the remote system. Total Inserts - Specifies the number of times the complete set of information advertised by a particular MAC Service Access Point (MSAP) has been inserted into tables associated with the remote systems.
TLV Unknowns - Specifies the number of LLDP TLVs received on the local ports which were not recognized by the LLDP agent on the corresponding port. Command Buttons Refresh - Updates the information on the page. Clear - Clears LLDP Statistics of all the interfaces.
8.2.11.5 Viewing Local Info Figure : LLDP Local Info Selection Criteria Interface - Specifies the list of all the ports on which LLDP - 802.1AB frames can be transmitted. Non-Configurable Data Chassis ID Subtype - Specifies the string that describes the source of the chassis identifier.
Chassis ID - Specifies the string value used to identify the chassis component associated with the local system. Port ID Subtype - Specifies the string describes the source of the port identifier. Port ID - Specifies the string that describes the source of the port identifier. System Name - Specifies the system name of the local system. System Description - Specifies the description of the selected port associated with the local system.
8.2.11.6 Viewing Local Summary Figure : LLDP Local Summary Non-Configurable Data Interface - Specifies the ports on which LLDP - 802.1AB frames can be transmitted. Port ID - Specifies the string describes the source of the port identifier. Port Description - Specifies the description of the port associated with the local system. Command Buttons Refresh - Updates the information on the page.
8.2.11.7 Viewing Remote Info Figure : LLDP Remote Info Selection Criteria Local Interface - Specifies all the local ports which can receive LLDP frames. Non-Configurable Data Chassis ID Subtype - Specifies the source of the chassis identifier.
Chassis ID - Specifies the chassis component associated with the remote system. Port ID Subtype - Specifies the source of port identifier. Port ID - Specifies the port component associated with the remote system. System Name - Specifies the system name of the remote system. System Description - Specifies the description of the given port associated with the remote system. Port Description - Specifies the description of the given port associated with the remote system.
8.2.11.8 Viewing Remote Summary Figure : LLDP Remote Summary Non-Configurable Data Local Interface - Specifies the local port which can receive LLDP frames advertised by a remote system. Chassis ID - Specifies the chassis component associated with the remote system. Port ID - Specifies the port component associated with the remote system. System Name - Specifies the system name of the remote system. Command Buttons Refresh - Updates the information on the page.
8.2.12 DHCP Client 8.2.12.1 DHCP Client-Identifier Specify the DCHP client identifier for the IBP. The DCHP client identifier is used to include a client identifier in all communications with the DHCP server. The identifier type depends on the requirements of your DHCP server. The DHCP client identifier will be changed immediately on the configuration if the hostname is changed.
8.2.12.2 DHCP Restart This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command. DHCP requires the server to reassign the client's last address if available. If the BOOTP or DHCP server has been moved to a different domain, the network portion of the address provided to the client will be based on this new domain.
8.2.13 DNS Relay 8.2.13.1 DNS Relay Config The DNS protocol controls the Domain Name System (DNS), a distributed database with which you can map host names to IPv4/IPv6 addresses. When you configure DNS on your IBP, you can substitute the host name for the IPv4/IPv6 address with all IP commands, such as ping, telnet, traceroute, and related Telnet support operations.
8.2.13.2 Domain Name Config You can use this screen to change the configuration parameters for the domain names that can be appended to incomplete host names (i.e., host names passed from a client that are not formatted with dotted notation). You can also use this screen to display the contents of the table. Figure : DNS Relay Domain Name Config Selection Criteria Domain - Specifies all the existing domain names along with an additional option "Create".
8.2.13.3 Name Server Config You can use this screen to change the configuration parameters for the domain name servers. You can also use this screen to display the contents of the table. Figure : DNS Relay Name Server Config Selection Criteria Protocol – Specify the IP version, IPv4 or IPv6. Name Server - Specifies all the existing domain name servers along with an additional option "Create".
8.2.13.4 DNS Cache Summary The Domain Name System (DNS) dynamically maps domain name to Internet (IP) addresses. This panel displays the current contents of the DNS cache. Figure : DNS Cache Summary Non-Configurable Data Domain Name List - The domain name associated with this record. IP address - The IPv4/IPv6 address associated with this record. TTL - The time to live reported by the name server. Flag - The flag of the record.
8.2.13.5 Hosts Config You can use this screen to change the configuration parameters for the static entry in the DNS table. You can also use this screen to display the contents of the table. Figure : DNS Relay Hosts Config Selection Criteria Protocol – Specify the IP version, IPv4 or IPv6. Domain - Specifies all the existing hosts along with an additional option "Create". When the user selects "Create" another text box "Domain Name" appears where the user may enter host to be configured.
8.2.14 IPv6 8.2.14.1 Statistics Figure : IPv6 Statistics Selection Criteria Management Type - Selects the port type to be configured. When the selection is changed, a screen refresh will occur causing all fields to be updated for the newly selected port type. Non-Configurable Data IPv6 Statistics Total Datagrams Received - The total number of input datagrams received by the interface, including those received in error.
Received Datagrams With Unknown Protocol - The number of locally-addressed datagrams received successfully but discarded because of an unknown or unsupported protocol. This counter is incremented at the interface to which these datagrams were addressed which might not be necessarily the input interface for some of the datagrams.
ICMPv6 Statistics Total ICMPv6 Messages Received - The total number of ICMP messages received by the interface which includes all those counted by ipv6IfIcmpInErrors. Note that this interface is the interface to which the ICMP messages were addressed which may not be necessarily the input interface for the messages. ICMPv6 Messages With Errors Received - The number of ICMP messages which the interface received but determined as having ICMP-specific errors (bad ICMP checksums, bad length, etc.
ICMPv6 Messages Prohibited Administratively Transmitted - Number of ICMP destination unreachable/communication administratively prohibited messages sent. ICMPv6 Time Exceeded Messages Transmitted - The number of ICMP Time Exceeded messages sent by the interface. ICMPv6 Parameter Problem Messages Transmitted - The number of ICMP Parameter Problem messages sent by the interface. ICMPv6 Packet Too Big Messages Transmitted - The number of ICMP Packet Too Big messages sent by the interface.
8.2.15 sFlow 8.2.15.1 Summary Figure : sFlow Summary Non-Configurable Data Version - Uniquely identifies the version and implementation of this MIB. The version string must have the following structure: MIB Version;Organization;Software Revision where: z MIB Version: '1.3', the version of this MIB. z Organization: Broadcom Corp. z Revision: 3.0. Agent Address - The IP address associated with this agent. Command Buttons Refresh - Refresh the data on the screen with present state of data in the switch.
8.2.15.2 Receiver Config Figure : sFlow Receiver Config Selection Criteria Receiver Index - Selects the receiver for which data is to be displayed or configured. Allowed range is (1 to 8 ). Address Type - The type of Receiver Address.(IPv4/IPv6). Configurable Data Receiver Owner String - The entity making use of this sFlowRcvrTable entry. The empty string indicates that the entry is currently unclaimed and the receiver configuration is reset to default values.
Timeout - The time (in seconds) remaining before the sampler is released and stops sampling. Maximum Datagram Size - The maximum number of data bytes that can be sent in a single sample datagram. Address - The IP address of the sFlow collector. Port - The destination port for sFlow datagrams. Datagram Version - The version of sFlow datagrams that should be sent. Command Buttons Apply - Send the updated data to the switch and cause the changes to take effect on the switch.
8.2.15.3 Poller Config sFlow agent collects time-based sampling of network interface statistics and sends them to the configured sFlow receivers. A data source configured to collect counter samples is called a poller. Figure : sFlow Poller Config Selection Criteria Interface - sFlowDataSource for this sFlow poller. This Agent will support Physical ports only. Configurable Data Receiver Index - The sFlowReceiver associated with this counter poller. Allowed range is (1 to 8 ).
8.2.15.4 Sampler Config sFlow agent collects statistical packet-based sampling of switched flows and sends them to the configured receivers. A data source configured to collect flow samples is called a sampler. Figure : sFlow Sampler Config Selection Criteria Interface - sFlowDataSource for this flow sampler. This Agent will support Physical ports only. Configurable Data Receiver Index - The sFlow Receiver for this flow sampler. Only active receivers can be set.
8.3 Group Administration Menu This section provides users to configure Uplink Set, Port Group, VLAN Port Group, Service LAN, Service VLAN, Port, Port Channel and Port Backup. 8.3.1 Group List 8.3.1.1 Summary This page displays the summary of all currently configured group of port. Figure : Group List Summary Non-Configurable Data Unit/Slot/Port - Identifies the port. Uplink Sets - The group name of Uplink Sets. Port Groups - The group name of Port Groups.
Service VLAN - The group name of Service VLAN. Command Buttons Refresh - Re-fetch the configuration value again.
8.3.2 Uplink Sets An "Uplink Set" is defined as a set of 1 to n external (uplink) ports, which is be used in port group definitions to connect a group of server blades to the customer's LAN. The purpose of the uplink set configuration is to create groups, and to add or modify the existing external ports to groups. Link state, port backup, and IGMP snooping of the uplink set groups can be configured in this page. 8.3.2.
Configurable Data Uplink Set Name - Input the uplink set name to create a new group. Non-Configurable Data Unit/Slot/Port - The interface. Type - The interface type. Type should be External. Status - The interface is belong to this uplink set or not. Command Buttons Apply - Update the IBP with the values on this screen. If you want the IBP to retain the new values across a power cycle, you must perform a save. Delete - Delete the Uplink Set. You are not allowed to delete the "default" uplink set.
8.3.2.2 Status This page displays the status of all currently configured Uplink Set. Figure : Uplink Sets Status Non-Configurable Data Uplink Set Name - The name of the uplink set. External Active Ports - List the external active port members. External Backup Ports - List the external backup port members. Logical Interface - List the logical interfaces. Link State - The status of link state. Port Backup - The status of backup. IGMP Snooping - The status of IGMP Snooping. LACP - The status of LACP.
8.3.3 Port Groups The purpose of the port group configuration is to create port groups, and to modify the existing port groups. Only the internal ports could be defined to be the member of the port groups. The external connection is defined by specifying an Uplink Set. 8.3.3.1 Config Figure : Port Groups Config Selection Criteria Group Name - Use this pull-down menu to select one of the existing groups. Uplink Set Name - Use this pull-down menu to specify the external connection.
Group Name - Input the group name to create a new port group. Non-Configurable Data Unit/Slot/Port - The interface. Type - The interface type. Type should be Internal or Port Channel. Status - The interface is belong to this port group or not. Command Buttons Apply - Update the IBP with the values on this screen. If you want the IBP to retain the new values across a power cycle, you must perform a save. Delete - Delete the port group. You are not allowed to delete the "default" port group.
8.3.3.2 Status This page displays the status of all currently configured port group. Figure : Port Groups Status Non-Configurable Data Port Group Name - The group name of the port group. Internal Ports - List the internal port members. Uplink Set Name - The name of the uplink set. External Ports - List the external ports of the port group. Command Buttons Refresh - Re-fetch the configuration value again.
8.3.4 VLAN Port Groups 8.3.4.1 Config Figure : VLAN Port Groups Config Selection Criteria VLAN Port Group Name - You can use this screen to configure an existing VLAN Port Group, or to create a new one. Use this pull down menu to select one of the existing VLAN Port Groups, or select 'Create' to add a new one. Uplink Set Name - Specify the uplink set for the external connection. If the pull down menu shows "----------", it means that there is no available uplink set.
Configurable Data VLAN Port Group Name - Specify the name for the new VLAN Port Group. VLAN ID - Specify the VLAN Identifier for the VLAN Port Group. The range of the VLAN ID is (1 to 4093) . Non-Configurable Data Unit/Slot/Port - The interface. Type - The interface type. Type should be Internal or Port Channel. Status - Indicates the current value of the participation parameter for the interface. Command Buttons Apply - Update the IBP with the values on this screen.
8.3.4.2 Status Figure : VLAN Port Groups Status This page displays the status of all currently configured VLAN Port Groups. Non-Configurable Data VLAN Port Group Name - The name for the VLAN Port Group. VLAN ID - The VLAN Identifier of the VLAN Port Group. The range of the VLAN ID is (1 to 4093) . Internal Ports - Internal interface, member of that VLAN Port Group. Uplink Set Name - Specify the Uplink Set for the external connection.
8.3.5 Service LAN 8.3.5.1 Config Figure : Service LAN Config Selection Criteria Service LAN Name - You can use this screen to configure an existing Service LAN, or to create a new one. Use this pull down menu to select one of the existing Service LAN, or select 'Create' to add a new one. Uplink Set Name - Specify the uplink set for the external connection. If the pull down menu shows "----------", it means that there is no available uplink set.
Unit/Slot/Port - The interface. Type - The interface type. Type should be Internal or Port Channel. Status - Indicates the current value of the participation parameter for the interface. Command Buttons Apply - Update the IBP with the values on this screen. If you want the IBP to retain the new values across a power cycle, you must perform a save. Delete - Delete a Service LAN. 8.3.5.2 Status Figure : Service LAN Status This page displays the status of all currently configured Service LAN.
8.3.6 Service VLAN 8.3.6.1 Config Figure : Service VLAN Config Selection Criteria Service VLAN Name - You can use this screen to configure an existing Service VLAN, or to create a new one. Use this pull down menu to select one of the existing Service VLAN, or select 'Create' to add a new one. Uplink Set Name - Specify the uplink set for the external connection. If the pull down menu shows "----------", it means that there is no available uplink set.
Unit/Slot/Port - The interface. Type - The interface type. Type should be Internal or Port Channel. Status - Indicates the current value of the participation parameter for the interface. Command Buttons Apply - Update the IBP with the values on this screen. If you want the IBP to retain the new values across a power cycle, you must perform a save. Delete - Delete a Service VLAN. 8.3.6.2 Status Figure : Service VLAN Status This page displays the status of all currently configured Service VLAN.
8.3.7 Auto VLAN 8.3.7.1 Config Figure : Auto VLAN Config Selection Criteria Global Port Mode - Specifies the Auto VLAN Global Port mode. It has two options : Disable and Enable. Interface - Specifies the list of all the physical ports on which Auto VLAN can be configured. Port Mode - Specifies the Auto VLAN Port mode for the selected interface. It has two options : Disable and Enable. Configurable Data Aging Time - Specifies the Aging Time in seconds. The range is from (10 to 1000000).
8.3.7.2 Status Figure : Auto VLAN Status This page displays the status of all currently configured Auto VLAN. Non-Configurable Data Internal Ports - Specifies the list of all the physical ports. VLAN ID - Specifies the VLAN ID that the interface learned. Command Buttons Refresh - Updates the information on the page.
8.3.8 Port 8.3.8.1 Config Figure : Port Config Selection Criteria Class View - Use pulldown menu to enable Classic View for port-identifiers. Example for Classic View: enabled:"interface 1/0/1" | disabled:"interface BX900S1123456-CB1/0/1". When Unit/Slot/Port is "All" and Classic View is changed, the other modifications will not be applied. Unit/Slot/Port - Selects the interface for which data is to be displayed or configured.
Physical Mode - Use the pull down menu to select the port's speed and duplex mode. If you select auto the duplex mode and speed will be set by the auto-negotiation process. Note that the port's maximum capability (full duplex and 100 Mbps) will be advertised. Otherwise, your selection will determine the port's duplex mode and transmission rate. The factory default is auto. The selection when applied against the "All" option in Slot/Port is applied to all applicable interfaces only.
• bps - bit per second. • K bps - 1000(Kilo) bits per second • M bps - 1,000,000(Mega) bits per second • G bps - 1,000,000,000(Giga) bits per second • pps - packet per second • K pps - 1000(Kilo) packets per second • M pps - 1,000,000(Mega) packets per second • G pps - 1,000,000,000(Giga) packets per second Example : If Unicast Rate=128, Unicast Unit Type=bps. It means the speed of the interface will restrict to 128bps.
8.3.8.2 Summary Figure : Port Summary This screen displays the status for all ports in the box. Non-Configurable Port Status Data Unit/Slot/Port - Identifies the port Port Type - For normal ports this field will be blank. Otherwise the possible values are: • Source - the port is a monitoring port. Look at the Port Monitoring screens for more information. • Destination - the port is a monitoring port. Look at the Port Monitoring screens for more information.
Admin Mode - The Port control administration state. The port must be enabled in order for it to be allowed into the network. The factory default is enabled. E-Keying Status - Indicates the E-Keying status of the port. Physical Mode - Indicates The port speed and duplex mode. In auto-negotiation mode the duplex mode and speed are set from the auto-negotiation process. Physical Status - Indicates the port speed and duplex mode. Link Status - Indicates whether the Link is up or down.
8.3.8.3 Mirroring Figure : Port Mirroring Selection Criteria Session ID - Select a port mirroring session from the list. The number of sessions allowed is platform specific. By default the First Session is selected. Up to 1 sessions are supported. Mode - Specifies the Session Mode for a selected session ID. The default Session Mode is disabled. Destination Port - Acts as a probe port and will receive all the traffic from configured mirrored port(s). Default value is blank.
8.3.8.4 Error Disable Recovery Figure : Port Error Disable Recovery Selection Criteria storm-control - Enables or disables the specify Error Disable Recovery Cause by storm-control. The factory default is disabled. udld - Enables or disables the specify Error Disable Recovery Cause by udld. The factory default is disabled. Configurable Data Error Disable Recovery Interval - This Specifies the interval value for Error Disable Recovery. The factory default is 300 seconds.
8.3.9 Port Channel 8.3.9.1 Config Figure : Port Channel Config Selection Criteria Port Channel Name – You can use this screen to reconfigure an existing Port Channel, or to create a new one. Use this pull down menu to select one of the existing Port Channels, or select 'Create' to add a new one. There can be a maximum of 64 Port Channels. Link Trap - Specify whether you want to have a trap sent when link status changes. The factory default is enable, which will cause the trap to be sent.
• Source IP address - Sets the mode on the source IP address. • Destination IP address - Sets the mode on the destination IP address. • Source and destination IP address - Sets the mode on the source and destination IP addresses. Participation - For each port specify whether it is to be included as a member of this Port Channel or not. The default is exclude. There can be a maximum of 8 ports assigned to a Port Channel.
8.3.9.2 Status Figure : Port Channel Status Non-Configurable Data Port Channel - The Slot/Port identification of the Port Channel. Port Channel Name - The name of the Port Channel. Port Channel Type - The type of this Port Channel. Admin Mode - The Administrative Mode of the Port Channel, enable or disable. Static Capability Mode - The Static Capability Mode of the Port Channel, enable or disable Link Status - Indicates whether the Link is up or down.
8.3.10 Port Backup Two link aggregation groups are associated with one port group as the port group is created. Two link aggregation groups are defined as active and backup port internally. One of two link aggregation groups will be activated at a time. For example, as active link aggregation group is link up, the backup aggregation group will be blocked (no traffic could be sent or received).
8.3.10.2 Status This page displays the status of all currently configured port-backup. Figure : Port Backup Status Non-Configurable Data Uplink Set Name - The name of the Uplink Set. External Active Ports - The configured external active port. External Backup Ports - The configured external backup port. Port Backup - Current port backup setting for the Uplink Set. (Enable or Disable) MAC Move Update – The status of MAC Move Update mode.
8.4 Security Menu This section provides users to configure IBP securities including 802.1x, RADIUS, TACACS+, LDAP, Access Control Lists, IP Filter, Secure HTTP, Secure Shell. 8.4.1 Port Access Control 8.4.1.1 Config Figure : Port Access Control Config Selection Criteria Administrative Mode - This selector lists the two options for administrative mode: enable and disable. The default value is disable.
8.4.1.2 Port Config Figure : Port Access Control Port Config Selection Criteria Port - Selects the port to be configured. When the selection is changed, a screen refresh will occur causing all fields to be updated for the newly selected port. All physical interfaces are valid. Control Mode - This selector lists the options for control mode. The control mode is only set if the link status of the port is link up.
machine on the specified port to determine when to send an EAPOL EAP Request/Identity frame to the supplicant. The transmit period must be a number in the range of 1 and 65535. The default value is 30. Changing the value will not change the configuration until the Apply button is pressed. Supplicant Timeout - This input field allows the user to enter the supplicant timeout for the selected port.
8.4.1.3 Port Status Figure : Port Access Control Port Status Selection Criteria Port - Selects the port to be displayed. When the selection is changed, a screen refresh will occur causing all fields to be updated for the newly selected port. All physical interfaces are valid. Non-Configurable Data Control Mode - Displays the configured control mode for the specified port.
Server Timeout - This field displays the configured server timeout for the selected port. The server timeout is the value, in seconds, of the timer used by the authenticator on this port to timeout the authentication server. The server timeout is a value in the range of 1 and 65535. Maximum Requests - This field displays the configured maximum requests for the selected port.
Command Buttons Refresh - Update the information on the page. 8.4.1.4 Port Summary Figure : Port Access Control Port Summary Non-Configurable Data Port - Specifies the port whose settings are displayed in the current table row. Control Mode - This field indicates the configured control mode for the port.
Port Status - This field shows the authorization status of the specified port. The possible values are 'Authorized', 'Unauthorized' and 'N/A'. If the port is in detached state, the value will be 'N/A' since the port cannot participate in port access control. Command Buttons Refresh - Update the information on the page. 8.4.1.5 Statistics Figure : Port Access Control Statistics Selection Criteria Port - Selects the port to be displayed.
EAP Response/Id Frames Received - This displays the number of EAP response/identity frames that have been received by this authenticator. EAP Response Frames Received - This displays the number of valid EAP response frames (other than resp/id frames) that have been received by this authenticator. EAP Request/Id Frames Transmitted - This displays the number of EAP request/identity frames that have been transmitted by this authenticator.
8.4.1.6 Login Figure : Port Access Control Login Selection Criteria Users - Selects the user name that will use the selected login list for 802.1x port security. Configurable Data Login - Selects the login to apply to the specified user. All configured logins are displayed. Command Buttons Apply - Send the updated screen to the IBP and cause the changes to take effect on the IBP but these changes will not be retained across a power cycle unless a save is performed.
8.4.1.7 Access Privileges Figure : Port Access Control Access Privileges Selection Criteria Port - Selects the port to configure. Configurable Data Users - Selects the users that have access to the specified port or ports. Command Buttons Apply - Send the updated screen to the IBP and cause the changes to take effect on the IBP but these changes will not be retained across a power cycle unless a save is performed. Refresh - Update the information on the page.
8.4.1.8 Access Summary Figure : Port Access Control Access Summary Non-Configurable Data Port - Displays the port in Unit/Slot/Port format. Users - Displays the users that have access to the port. Command Buttons Refresh - Update the information on the page.
8.4.2 Port Security 8.4.2.1 Config Figure : Port Security Config Configurable Data Port Security Mode - Enables or disables the Port Security feature. Command Buttons Apply - Applies the new configuration and causes the changes to take effect. These changes will not be retained across a power cycle unless a save configuration is performed.
8.4.2.2 Interface Config Figure : Port Security Interface Config Selection Criteria Unit/Slot/Port - Selects the interface to be configured. Port Security - Enables or disables the Port Security feature for the selected interface. Enable Violation Traps - Enables or disables the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port.
Apply - Applies the new configuration and causes the changes to take effect. These changes will not be retained across a power cycle unless a save configuration is performed. 8.4.2.3 Static MAC Addresses Figure : Port Security Static MAC Addresses Selection Criteria Slot/Port - Select the physical interface for which you want to display data. Configurable Data Delete a static MAC Address - Accepts user input for the MAC address to be deleted.
8.4.2.4 Dynamic MAC Addresses Figure : Port Security Dynamic MAC Addresses Selection Criteria Unit/Slot/Port - Select the physical interface for which you want to display data. Non-configurable data MAC Address - Displays the MAC addresses learned on a specific port. VLAN ID - Displays the VLAN ID corresponding to the MAC address. Number of Dynamic MAC addresses learned - Displays the number of dynamically learned MAC addresses on a specific port.
8.4.2.5 Violation Status Figure : Port Security Dynamic Violation Status Selection Criteria Unit/Slot/Port - Select the physical interface for which you want to display data. Non-configurable data Last Violation MAC Address - Displays the source MAC address of the last packet that was discarded at a locked port. VLAN ID - Displays the VLAN ID corresponding to the Last Violation MAC address.
8.4.3 RADIUS Configuration 8.4.3.1 Config Figure : RADIUS Config Selection Criteria Accounting Mode - Selects if the RADIUS accounting mode is enabled or disabled. Configurable Data Max Number of Retransmits - The value of the maximum number of times a request packet is retransmitted. The valid range is 1 - 15. Consideration to maximum delay time should be given when configuring RADIUS maxretransmit and RADIUS timeout.
Address to the Radius servers. If not mentioned, then the outgoing interface IP address that is used to send the packet to the Radius server is added as NAS-IP Address. Radius Attribute 95 (NAS-IPv6 Address) - Select if the Radius Attribute 95 (NAS-IPv6 Address) inclusion in Radius Requests is enabled or disabled. Mention explicitly the IPv6 address to be sent as NAS-IPv6 Address to the Radius servers.
8.4.3.2 Server Config Figure : RADIUS Server Config Selection Criteria RADIUS Server - Selects the RADIUS server to be configured. Select add to add a server in type of IPv4/IPv6 Address or Host Name. Primary Server - Sets the selected server to the Primary or Secondary server. Message Authenticator - Enable or disable the message authenticator attribute for the selected server. Configurable Data IPv4 Address - - The IPv4 address of the server being added. You cannot define these IPv4 addresses: − 0.0.
Current - Indicates if this server is currently in use as the authentication server. Secret Configured - Indicates if the shared secret for this server has been configured. Command Buttons Apply - Send the updated screen to the IBP and cause the changes to take effect on the IBP but these changes will not be retained across a power cycle unless a save is performed. Remove - Remove the selected server from the configuration. This button is only available to READWRITE users.
8.4.3.3 Accounting Server Config Figure : RADIUS Accounting Server Config Selection Criteria Accounting Server - Selects the accounting server for which data is to be displayed or configured. If the add item is selected, a new accounting server can be configured. Configurable Data IP Address - The IPv4 address of the accounting server to add. This field is only configurable if the add item is selected. You cannot define these IPv4 addresses: − 0.0.0.0 − 255.255.255.255 − 224.xxx.xxx.xxx − 127.0.
Command Buttons Apply - Send the updated screen to the IBP and cause the changes to take effect on the IBP but these changes will not be retained across a power cycle unless a save is performed. Remove - Remove the selected accounting server from the configuration. This button is only available to READWRITE users. These changes will not be retained across a power cycle unless a save is performed. Refresh - Update the information on the page.
8.4.4 RADIUS Statistics 8.4.4.1 Radius Statistics Figure : Radius Statistics Non-Configurable Data Invalid Server Addresses - The number of RADIUS Access-Response packets received from unknown addresses. Command Buttons Refresh - Update the information on the page.
8.4.4.2 Server Statistics Figure : Radius Server Statistics Selection Criteria RADIUS Server - Selects the IPv4/IPv6 address or host name of the RADIUS server for which to display statistics. Non-Configurable Data Round Trip Time (secs) - The time interval, in hundredths of a second, between the most recent Access-Reply/Access-Challenge and the Access-Request that matched it from this RADIUS authentication server. Access Requests - - The number of RADIUS Access-Request packets sent to this server.
Timeouts - - The number of authentication timeouts to this server. Unknown Types - - The number of RADIUS packets of unknown type which were received from this server on the authentication port. Packets Dropped - - The number of RADIUS packets received from this server on the authentication port and dropped for some other reason. Command Buttons Refresh - Update the information on the page.
8.4.4.3 Accounting Server Statistics Figure : Radius Accounting Server Statistics Non-Configurable Statistics Accounting Server - Identifies the accounting server associated with the statistics. Round Trip Time (secs) - Displays the time interval, in hundredths of a second, between the most recent Accounting-Response and the Accounting-Request that matched it from this RADIUS accounting server.
Refresh - Update the information on the page. 8.4.4.4 Clear Statistics Figure : Radius Clear Statistics Command Buttons Clear All RADIUS Statistics - This button will clear the accounting server, authentication server and RADIUS statistics.
8.4.5 TACACS+ 8.4.5.1 Config Figure : TACACS+ Config Configurable Data Key String - Specifies the authentication and encryption key for TACACS+ communications between the device and the TACACS+ server. The valid range is 0-128 characters. The key must match the key configured on the TACACS+ server. Encrypted - When the key string is encrypted, this box need to be checked. This field is only displayed if the user has READWRITE access.
8.4.5.2 Server Config Figure : TACACS+ Server Config Selection Criteria TACACS+ Server - Selects the TACACS+ server for which data is to be displayed or configured. If the add item is selected, a new TACACS server can be configured. Configurable Data IPv4 Address - Specifies the TACACS+ Server IPv4 address. You cannot define these IPv4 addresses: − 0.0.0.0 − 255.255.255.255 − 224.xxx.xxx.xxx − 127.0.0.1 IPv6 Address - - The IPv6 address of the server being added.
Apply - Send the updated screen to the IBP and cause the changes to take effect on the IBP but these changes will not be retained across a power cycle unless a save is performed. Remove - Remove the selected server from the configuration.
8.4.6 LDAP 8.4.6.1 Config Figure : LDAP Config Operation If RDN(Relative Distinguished Name) attribute is "cn"(common name), and bind DN(Distinguished Name) without RDN is "dc=test,dc=com". User name is "root", and password is "1234".Then the bind DN is "cn=root,dc=test,dc=com", and password is "1234". (OU stands for "Organization Unit". DC stands for "Domain Component".) Configurable Data IP Address - LDAP server IP, default is 0.0.0.0. Port - LDAP server TCP port, default is 389.
8.4.7 Access Control Lists 8.4.7.1 IP Config An IP ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match. On this menu the interfaces to which an IP ACL applies must be specified, as well as whether it applies to inbound or outbound traffic. Rules for the IP ACL are specified/created using the IP ACL Rule Configuration menu.
8.4.7.2 IP Summary Figure : Access Control Lists IP Summary Non-Configurable Data IP ACL ID/Name - The IP ACL identifier. Rules - The number of rules currently configured for the IP ACL. Direction - The direction of packet traffic affected by the IP ACL. Direction can only be one of the following: • Inbound Slot/Port(s) - The interfaces to which the IP ACL applies. Command Buttons Refresh - Refresh the data on the screen to the latest state.
8.4.7.3 IP Rule Config Use these screens to configure the rules for the IP Access Control Lists created using the IP Access Control List Configuration screen. What is shown on this screen varies depending on the current step in the rule configuration process. A Standard/Extended/Name IP ACL must first be selected to configure rules for. The rule identification, and the 'Action' and 'Match Every' parameters must be specified next.
Mirror Interface - Specifies the specific egress interface where the matching traffic stream is copied in addition to being forwarded normally by the device. This field cannot be set if a Redirect Interface is already configured for the ACL rule. This field is visible for a 'Permit' Action. Redirect Interface - Specifies the specific egress interface where the matching traffic stream is forced, bypassing any forwarding decision normally performed by the device.
• IP Precedence Configuration The IP Precedence field in a packet is defined as the high-order three bits of the Service Type octet in the IP header. This is an optional configuration. Enter an integer from 0 to 7. • IP TOS Configuration The IP TOS field in a packet is defined as all eight bits of the Service Type octet in the IP header. The TOS Bits value is a hexadecimal number from 00 to FF. The TOS Mask value is a hexadecimal number from 00 to FF.
8.4.7.4 MAC Config Figure : Access Control Lists MAC Config A MAC ACL consists of a set of rules which are matched sequentially against a packet. When a packet meets the match criteria of a rule, the specified rule action (Permit/Deny) is taken and the additional rules are not checked for a match. On this menu the interfaces to which an MAC ACL applies must be specified, as well as whether it applies to inbound or outbound traffic.
8.4.7.5 MAC Summary Figure : Access Control Lists MAC Summary Non-Configurable Data MAC ACL Name - MAC ACL identifier. Rules - The number of rules currently configured for the MAC ACL. Direction - The direction of packet traffic affected by the MAC ACL. Valid Directions • Inbound Slot/Port(s) - The interfaces to which the MAC ACL applies. Command Buttons Refresh - Refresh the data on the screen to the latest state.
8.4.7.6 MAC Rule Config Figure : Access Control Lists MAC Rule Config Selection Criteria MAC ACL - Select the MAC ACL for which to create or update a rule. Rule - Select an existing rule or select 'Create New Rule' to add a new Rule. New rules cannot be created if the maximum number of rules has been reached. For each rule, a packet must match all the specified criteria in order to be true against that rule and for the specified rule action (Permit/Deny) to take place.
CoS - Specifies the 802.1p user priority to compare against an Ethernet frame. Valid range of values is (0 to 7). Secondary CoS - Specifies the Secondary 802.1p user priority to compare against an Ethernet frame. Valid range of values is (0 to 7). Destination MAC - Specifies the destination MAC address to compare against an Ethernet frame. Valid format is (xx:xx:xx:xx:xx:xx). The BPDU keyword may be specified using a Destination MAC address of 01:80:C2:xx:xx:xx.
Apply - Send the updated configuration to the IBP. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. Delete - Remove the currently selected Rule from the selected ACL. These changes will not be retained across a power cycle unless a save configuration is performed.
8.4.7.7 Port Config Figure : Access Control Lists Port Config Selection Criteria Slot/Port - Specifies list of all available valid interfaces for ACL mapping. All non-routing physical interfaces and interfaces participating in LAGs are listed. Direction - Specifies the packet filtering direction for ACL. Valid Directions • Inbound ACL Type - Specifies the type of ACL. Valid ACL Types • IP ACL • MAC ACL IP ACL - Specifies list of all IP ACLs.
ACL Identifier - Displays the ACL Number(in case of IP ACL) or ACL Name(in case of MAC ACL) identifying the ACL assigned to selected interface and direction. Sequence Number - Displays the Sequence Number signifying the order of specified ACL relative to other ACLs assigned to selected interface and direction. Command Buttons Apply - Send the updated configuration to the IBP. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
8.4.8 IP Filter 8.4.8.1 Config Management IP filter designates stations that are allowed to make configuration changes to the IBP. Select up to five IPv4 and five IPv6 management stations used to manage the IBP. If you choose to define one or more designated management stations, only the chosen stations, as defined by IPv4/IPv6 address, will be allowed management privilege through the web manager, Telnet session, Secure Shell (SSH) or Secure Socket Layer (SSL) for secure HTTP.
the mask, as is the Client IP Address, and, if the values are equal, access is allowed. For example, if the Client IP Address and Client IP Mask parameters are 192.168.1.0/255.255.255.0, then any client whose IP address is 192.168.1.0 through 192.168.1.255 (inclusive) will be allowed access. To allow access from only one station, use a Client IP Mask value of 255.255.255.255, and use that machine's IP address for Client IP Address.
8.4.9 Secure HTTP 8.4.9.1 Config Figure : Secure HTTP Config Configurable Data HTTPS Admin Mode - This select field is used to Enable or Disable the Administrative Mode of Secure HTTP. The currently configured value is shown when the web page is displayed. The default value is Disable. TLS Version 1 - This select field is used to Enable or Disable Transport Layer Security Version 1.0. The currently configured value is shown when the web page is displayed. The default value is Enable.
Download Certificates - Link to the File Transfer page for the SSL Certificate download. Note that to download SSL Certificate files SSL must be administratively disabled.
8.4.10 Secure Shell 8.4.10.1 Config Figure : Secure Shell Config Configurable Data Admin Mode - This select field is used to Enable or Disable the administrative mode of SSH. The currently configured value is shown when the web page is displayed. The default value is Disable. SSH Version 1 - This select field is used to Enable or Disable Protocol Level 1 for SSH. The currently configured value is shown when the web page is displayed. The default value is Enable.
8.4.11 Denial-of-Service 8.4.11.1 Config Figure : Denial-of-Service Config Configurable Data SIP=DIP - Enable or disable this option by selecting the corresponding line on the pull down entry field. Enabling SIP=DIP DoS prevention causes the IBP to drop packets that have a source IP address equal to the destination IP address. The factory default is disabled. First Fragment - Enable or disable this option by selecting the corresponding line on the pull down entry field.
Max ICMP Pkt Size - Specify the Max ICMP Pkt Size allowed. If ICMP DoS prevention is enabled, the IBP will drop ICMP ping packets that have a size greater then this configured Max ICMP Pkt Size. The factory default is disabled. Max ICMPv6 Pkt Size - Specify the Max ICMPv6 Pkt Size allowed. If ICMP DoS prevention is enabled, the IBP will drop ICMPv6 ping packets that have a size greater then this configured Max ICMPv6 Pkt Size. The factory default is disabled.
8.5 QoS Menu This section provides users to configure Differentiated Services, and Class of Service. 8.5.1 Differentiated Services 8.5.1.1 Global Config Packets are filtered and processed based on defined criteria. The filtering criteria is defined by a class. The processing is defined by a policy's attributes. Policy attributes may be defined on a per-class instance basis, and it is these attributes that are applied when a match occurs.
Policy Instance table - Displays the number of configured policy class instances out of the total allowed on the IBP. Policy Attributes table - Displays the number of configured policy attributes (attached to the policy class instances) out of the total allowed on the IBP. Service table - Displays the number of configured services (attached to the policies on specified interfaces) out of the total allowed on the IBP.
8.5.1.2 DiffServ Wizard The DiffServ Wizard enables DiffServ on the IBP by creating a traffic class, adding the traffic class to a policy, and then adding the policy to the ports selected on DiffServ Wizard page. The DiffServ Wizard will: − Create a DiffServ Class and define match criteria used as a filter to determine if incoming traffic meets the requirements to be a member of the class.
Selection Criteria Traffic Type - Traffic type is used to define the DiffServ Class. Traffic type options: VOIP, HTTP, FTP, Telnet, and Every. Policing - Enabling policing will add policing to the DiffServ Policy and the policing rate will be applied. Outbound Priority - When Policing is enabled, Outbound Priority defines the type of policing conform action where: High sets action to markdscp ef, Med sets action to markdscp af31, and Low sets action to send.
8.5.1.3 Class Config Figure : Differentiated Services Class Config Selection Criteria Class Selector - Along with an option to create a new class, this lists all the existing DiffServ class names, from which one can be selected. The content of this screen varies based on the selection of this field. If an existing class is selected then the screen will display the configured class. If '--create--' is selected, another screen appears to facilitate creation of a new class.
Values - Displays the values of the configured match criteria. Command Buttons Apply - Send the updated screen to the IBP and cause the changes to take effect on the IBP but these changes will not be retained across a power cycle unless a save is performed. Cancel - Cancel the currently selected filter. Delete - Delete the currently selected filter. Rename - Allows to rename a specified class. Add Match Criteria - Only one match criterion can be specified each time this button is invoked.
8.5.1.4 Class Summary Figure : Differentiated Services Class Summary Non-Configurable Data Class Name - Displays names of the configured DiffServ classes. Class Type - Displays types of the configured classes.Class types are platform dependent. Reference Class - Displays name of the configured class of type • All referenced by the specified class of the same type. Command Buttons Refresh - Refresh the currently selected filter.
8.5.1.5 Policy Config Figure : Differentiated Services Policy Config Selection Criteria Policy Selector - Along with an option to create a new policy, this lists all the existing DiffServ policy names, from which one can be selected. The content of this screen varies based on the selection of this field. If an existing policy is selected then the screen will display Member Classes for that DiffServ policy. If 'create' is selected, another screen appears to facilitate creation of a new policy.
Command Buttons Apply - Send the updated screen to the IBP and cause the changes to take effect on the IBP but these changes will not be retained across a power cycle unless a save is performed. Delete - Delete the currently selected filter. Rename - Allows to rename a specified policy. Add Selected Class - Creates a policy class instance by attaching the policy to the specified class. Remove Selected Class - Removes a policy class instance by detaching the policy from the specified class.
8.5.1.6 Policy Summary Figure : Differentiated Services Policy Summary Non-Configurable Data Policy Name - Displays name of the DiffServ policy. Policy Type - Displays type of the policy as In Member Classes - Displays name of each class instance within the policy. Command Buttons Refresh - Refresh the currently selected filter.
8.5.1.7 Policy Class Definition Figure : Differentiated Services Policy Class Definition Selection Criteria Policy Selector - This lists all the existing DiffServ policy names, from which one can be selected. Member Class List - This lists all existing DiffServ classes currently defined as members of the specified Policy, from which one can be selected. This list is automatically updated as a new class is added to or removed from the policy.
8.5.1.8 Policy Attribute Summary Figure : Differentiated Services Policy Attribute Summary Non-Configurable Data Policy Name - Displays name of the specified DiffServ policy. Policy Type - Displays type of the specified policy as In. Class Name - Displays name of the DiffServ class to which this policy is attached. Attribute - Displays the attributes attached to the policy class instances. Attribute Details - Displays the configured values of the attached attributes.
8.5.1.9 Service Config Figure : Differentiated Services Service Config Selection Criteria Slot/Port - Select the Slot/Port that uniquely specifies an interface. This is a list of all valid slot number and port number combinations in the system. For Read/Write users where 'All' appears in the list, select it to specify all interfaces. Direction - Select the traffic direction of this service interface. This selection is only available to Read/Write users when Slot/Port is specified as 'All'.
8.5.1.10 Service Summary Figure : Differentiated Services Service Summary Non-Configurable Data Slot/Port - Shows the Slot/Port that uniquely specifies an interface. Direction - Shows that the traffic direction of this service interface In. Oper. Status - Shows the operational status of this service interface, either Up or Down. Policy Name - Shows the name of the attached policy. Command Buttons Refresh - Refresh the displayed data.
8.5.1.11 Service Statistics Figure : Differentiated Services Service Statistics This screen displays service-level statistical information in tabular form for all interfaces in the system to which a DiffServ policy has been attached in the inbound traffic directions. Use the 'Counter Mode Selector' to specify the counter display mode as either octets or packets. Non-Configurable Data Slot/Port - Shows the Slot/Port that uniquely specifies an interface.
8.5.1.12 Service Detailed Statistics This screen displays class-oriented statistical information for the policy, which is specified by the interface and direction. The 'Member Classes' drop down list is populated on the basis of the specified interface and direction and hence the attached policy (if any). Highlighting a member class name displays the statistical information for the policy-class instance for the specified interface and direction.
8.5.2 Class of Service 8.5.2.1 Trust Mode Figure : Class of Service Trust Mode Selection Criteria Slot/Port - Specifies all CoS configurable interfaces. The option "Global" represents the most recent global configuration settings. These may be overridden on a per-interface basis. Interface Trust Mode - Specifies whether or not to trust a particular packet marking at ingress.
Apply - Send the updated configuration to the IBP. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed. Restore Defaults - Restores default settings.
8.5.2.2 IP DSCP Mapping Figure : Class of Service IP DSCP Mapping Selection Criteria Slot/Port - Specifies all CoS configurable interfaces. The option "Global" represents the most recent global configuration settings. Configurable Data IP DSCP Traffic Class - Specify which internal traffic class to map the corresponding IP DSCP value. Valid Range is (0 to 7) . Non-Configurable Data IP DSCP Value - Specify the IP DiffServ Code Point (DSCP) Value.
8.5.2.3 Priority Mapping Figure : Class of Service Priority Mapping Selection Criteria Slot/Port - Select the physical interface for which you want to display or configure data. Select 'All' to set the parameters for all ports to the same values. Configurable Data Traffic Class - Specify which internal traffic class to map the corresponding 802.1p priority. Non-Configurable Data 802.1p Priority - Displays the 802.1p priority to be mapped.
8.5.2.4 Interface Figure : Class of Service Interface Config Selection Criteria Slot/Port - Specifies all CoS configurable interfaces. The option "Global" represents the most recent global configuration settings. These may be overridden on a per-interface basis. Configurable Data Interface Shaping Rate - Specifies the maximum bandwidth allowed, typically used to shape the outbound transmission rate. This value is controlled independently of any per-queue maximum bandwidth configuration.
8.5.2.5 Interface Queue Figure : Class of Service Interface Queue Config Selection Criteria Slot/Port - Specifies all CoS configurable interfaces. The option "Global" represents the most recent global configuration settings. These may be overridden on a per-interface basis. Queue ID - Specifies all the available queues per interface(platform based). Scheduler Type - Specifies the type of scheduling used for this queue.
Apply - Send the updated configuration to the IBP. Configuration changes take effect immediately. These changes will not be retained across a power cycle unless a save is performed.
8.5.2.6 Interface Queue Status Figure : Class of Service Interface Queue Status Selection Criteria Unit/Slot/Port - Specifies all CoS configurable interfaces. The option "Global" represents the most recent global configuration settings. These may be overridden on a per-interface basis. Non-Configurable Data Queue ID - Specifies the queue ID. Minimum Bandwidth - Specifies the minimum guaranteed bandwidth allotted to this queue. The value 0 means no guaranteed minimum.
8.6 i Stacking Menu Functions in this menu are provided in stackable Ethernet Connection Blade. 8.6.1 Configuration 8.6.1.1 Unit Config Figure : Stacking Unit Config Selection Criteria Switch ID - Displays the list of units of the stack. Details of the selected unit are displayed. There is also a Create option visible only to Admin users which can be used to pre-configure new members of the stack. Standby Switch - Select a unit in the stack to be the Standby switch.
Switch ID - Displays the switch ID of the selected IBP in the stack. This can be altered to renumber the switch ID of the selected IBP by admin users. This field is non-configurable for users with read-only access. Switch Name - Displays the identifier of the selected unit in the stack. This field is non-configurable if this unit is presented. Non-Configurable Data Serial Number - Displays the unique box serial number for the IBP. Role - Displays whether the selected IBP is the master or a slave.
8.6.1.2 Stack MAC Config Figure : Stack MAC Config Selection Criteria Admin Mode - Select enable or disable from the pull down menu. When you select 'enable', the Stack MAC Persistent Timer function will be enabled. Configurable Data Persistent Timer(Minutes) - Set the time period in minutes before the stack MAC address changes to that of the new stack master. The valid range is from 0 to 60. Command Buttons Apply - Send the updated configuration to the switch.
8.6.1.3 Archive Copy Figure : Stacking Archive Copy Selection Criteria Unit - Displays the list of all units of the stack other than the management unit. Command Buttons Apply - Copies the code from the management Unit to stack unit(s) specified by the unit selector. Download Archive - Downloads an archive file to the IBP.
8.6.2 Information 8.6.2.1 Summary Figure : Stacking Summary Non-Configurable Data ID# - Displays the ID of the unit. The maximum number of units allowed in the stack is 8. Name - Displays the identifier of the unit. Role - This field indicates whether the unit is a stack master or stack member. Standby Status - This field indicates the unit that is configured as the Standby unit.
8.6.2.2 Port Summary Shows the statistics for all the stackable interfaces in the given stack. Figure : Stacking Port Summary Non-Configurable Data Unit - Displays the unit. Name – Display the unit name. Stack Interface - Displays the stackable interfaces on the given unit. Neighbor Unit - Displays the neighbor unit. Neighbor Name - Displays the neighbor unit name. Link Status - Displays the link status (UP/DOWN) of the port. Link Speed (Gb/s) - Displays the maximum speed of the stacking port.
8.6.2.3 Port Counters Displays the counters for all the stackable interfaces in the given stack. Figure : Stacking Port Counters Non-Configurable Data Unit - Displays the unit. Interface - Displays the stackable interfaces on the given unit. Transmit and Receive statistics • Data Rate (Mb/s) - Displays the approximate rate on the stacking port. • Error Rate (Errors/s) - Displays an approximate error rate on the stack port. • Total Errors - Displays the total number of errors since boot.
9 Command Reference The Command Line Interface (CLI) syntax, conventions, and terminology are described in this section. Each CLI command is illustrated using the structure outlined below. 9.1 CLI Command Format Commands are followed by values, parameters, or both. Example 1 IP address [] • IP address is the command name. • are the required values for the command. • [] is the optional value for the command.
9.2 CLI Mode-based Topology Parameters Parameters are order dependent. The text in bold italics should be replaced with a name or number. To use spaces as part of a name parameter, enclose it in double quotes like this: "System Name with Spaces". Parameters may be mandatory values, optional values, choices, or a combination. − . The <> angle brackets indicate that a mandatory parameter must be entered in place of the brackets and text inside them. − [parameter].
Conventions Network addresses are used to define a link to a remote host, workstation, or network. Network addresses are shown using the following syntax: Address Type IPAddr MacAddr Format A.B.C.D YY:YY:YY:YY:YY:YY Range 0.0.0.0 to 255.255.255.255 hexidecimal digit pairs Table : Network Address Syntax Double quotation marks such as "System Name with Spaces" set off user defined strings. If the operator wishes to use spaces as part of a name parameter then it must be enclosed in double quotation marks.
9.3 System Information and Statistic Commands 9.3.1 show arp This command displays connectivity between the IBP and other devices. The Address Resolution Protocol (ARP) cache identifies the MAC addresses of the IP stations communicating with the IBP. Syntax show arp Default Setting None Command Mode Privileged Exec Display Message MAC Address: A unicast MAC address for which the IBP has forwarding and/or filtering information. The format is 6 two-digit hexadecimal numbers that are separated by colons.
9.3.3 show eventlog This command displays the event log, which contains error messages from the system. The event log will not be cleared on a system reset. Syntax show eventlog Default Setting None Command Mode Privileged Exec Display Message File: The file in which the event originated. Line: The line number of the event. Task Id: The task ID of the event. Code: The event code. Time: The time this event occurred. Note: Event log information is retained across an IBP reset. 9.3.
Default Setting None Command Mode Privileged Exec 9.3.5 show sysinfo This command displays IBP brief information and MIBs supported. Syntax show sysinfo Default Setting None Command Mode Privileged Exec Display Message System Description: The text used to identify this IBP. System Name: The name used to identify the IBP. System Location: The text used to identify the location of the IBP. May be up to 31 alpha-numeric characters. The factory default is blank.
9.3.6 show system This command displays IBP system information. Syntax show system Default Setting None Command Mode Privileged Exec Display Message System Description: Text used to identify this IBP. System Object ID: The manufacturing ID System Information System Up Time: The time in days, hours and minutes since the last IBP reboot. System Name: Name used to identify the IBP. System Location: Text used to identify the location of the IBP. May be up to 31 alpha-numeric characters.
9.3.7 show hardware This command displays inventory information for the IBP. Syntax show hardware Default Setting None Command Mode Privileged Exec Display Message System Description: Text used to identify the product name of this IBP. Machine Type: Specifies the machine model as defined by the Vital Product Data. Machine Model: Specifies the machine model as defined by the Vital Product Data. Serial Number: The unique box serial number for this IBP.
Additional Packages: This displays the additional packages that are incorporated into this system. 9.3.8 show version This command displays version information for the IBP. Syntax show version Default Setting None Command Mode Privileged Exec Display Message Serial Number: The unique box serial number for this IBP. Hardware Version: The hardware version of this IBP. It is divided into four parts. The first byte is the major version and the second byte represents the minor version.
9.3.9 show tech-support This command displays IBP information needed for trouble-shooting. Syntax show tech-support Default Setting None Command Mode Privileged Exec 9.3.10 show loginsession This command displays current telnet and serial port connections to the IBP. Syntax show loginsession Default Setting None Command Mode Privileged Exec Display Message ID: Login Session ID User Name: The name the user will use to login using the serial port or Telnet.
9.4 Device Configuration Commands 9.4.1 Interface 9.4.1.1 show interface status This command displays the Port monitoring information for the system. Syntax show interface status { | all} - is the desired interface number. all - This parameter displays information for all interfaces. Default Setting None Command Mode Privileged Exec Display Message Intf: The physical slot and physical port. Type: If not blank, this field indicates that this port is a special type of port.
9.4.1.2 show interface counters This command displays a summary of statistics for a specific interface or all interfaces. Syntax show interface counters { | all} - is the desired interface number. all - This command displays statistics information for all interfaces.
Packets Transmitted Without Error: The total number of packets transmitted. Transmit Packets Errors: The number of outbound packets that could not be transmitted because of errors. Transmit Packets Discarded: The best estimate of the total number of collisions on this Ethernet segment.
This command displays detailed statistics for a specific port or for all CPU traffic based upon the argument. Syntax show interface counters detailed { | switchport} - is the desired interface number. switchport - This parameter specifies whole IBP or all interfaces.
Packets RX and TX 65-127 Octets: The total number of packets (including bad packets) received that were between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets). Packets RX and TX 128-255 Octets: The total number of packets (including bad packets) received that were between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets).
FCS Errors: The total number of packets received that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had a bad FCS with an integral number of octets Overruns: The total number of frames discarded as this port was overloaded with incoming packets, and could not keep up with the inflow. MTU Errors: The total number of frames discarded as this port was bigger than MTU with incoming packets.
Total Transmit Errors FCS Errors: The total number of packets transmitted that had a length (excluding framing bits, but including FCS octets) of between 64 and 1518 octets, inclusive, but had a bad FCS with an integral number of octets Underrun Errors: The total number of frames discarded because the transmit FIFO buffer became empty during frame transmission.
Most Address Entries Ever Used: The highest number of Forwarding Database Address Table entries that have been learned by this IBP since the most recent reboot. Address Entries Currently in Use: The number of Learned and static entries in the Forwarding Database Address Table for this IBP. Maximum VLAN Entries: The maximum number of Virtual LANs (VLANs) allowed on this IBP. Most VLAN Entries Ever Used: The largest number of VLANs that have been active on this IBP since the last reboot.
9.4.1.3 show interface IBP This command displays a summary of statistics for all CPU traffic. Syntax show interface IBP Default Setting None Command Mode Privileged Exec Display Message Packets Received Without Error: The total number of packets (including broadcast packets and multicast packets) received by the processor. Broadcast Packets Received: The total number of packets received that were directed to the broadcast address. Note that this does not include multicast packets.
9.4.1.4 interface This command is used to enter Interface configuration mode. Syntax interface - is the desired interface number. Default Setting None Command Mode Global Config 9.4.1.5 interface range This command is used to enter Interface range configuration mode.
9.4.1.6 speed-duplex This command is used to set the speed and duplex mode for the interface. Syntax speed-duplex {10 | 100} {full-duplex | half-duplex} 100 - 100BASE-T 10 - 10BASE-T full-duplex - Full duplex half-duplex - Half duplex Default Setting None Command Mode Interface Config This command is used to set the speed and duplex mode for all interfaces.
9.4.1.7 negotiate This command enables automatic negotiation on a port. The default value is enabled. Syntax negotiate no negotiate no - This command disables automatic negotiation on a port. Default Setting Enable Command Mode Interface Config This command enables automatic negotiation on all interfaces. The default value is enabled. Syntax negotiate all no negotiate all all - This command represents all interfaces. no - This command disables automatic negotiation on all interfaces.
9.4.1.8 capabilities This command is used to set the capabilities on specific interface. Syntax capabilities {{10 | 100 } {full-duplex | half-duplex}} | {1000 full-duplex } no capabilities {{10 | 100 } {full-duplex | half-duplex}} | {1000 full-duplex } 10 - 10BASE-T 100 - 100BASE-T 1000 - 1000BASE-T full-duplex - Full duplex half-duplex - Half duplex no - This command removes the advertised capability with using parameter.
9.4.1.9 storm-control flowcontrol This command enables 802.3x flow control for the IBP. Note: This command only applies to full-duplex mode ports. Syntax storm-control flowcontrol no storm-control flowcontrol no - This command disables 802.3x flow control for the IBP. Default Setting Disabled Command Mode Global Config This command enables 802.3x flow control for the specific interface. Note: This command only applies to full-duplex mode ports.
9.4.1.10 shutdown This command is used to disable a port. Syntax shutdown no shutdown no - This command enables a port. Default Setting Enabled Command Mode Interface Config This command is used to disable all ports. Syntax shutdown all no shutdown all all - This command represents all ports. no - This command enables all ports.
9.4.1.11 MDI/MDIX This command is used to configure the MDI/MDIX mode of the physical port. Syntax mdi {auto | across | normal} no mdi auto - MDI force-auto mode across - MDI across mode normal - MDI normal mode no - This command restore mdi to default setting.
9.4.2 L2 MAC Address and Multicast Forwarding Database Tables 9.4.2.1 show mac-addr-table This command displays the forwarding database entries. If the command is entered with no parameter, the entire table is displayed. This is the same as entering the optional all parameter. Alternatively, the administrator can enter a MAC Address to display the table entry for the requested MAC address and all entries following the requested MAC address.
9.4.2.2 show mac-addr-table count This command displays the total forwarding database entries, the number of static and learnning MAC address, and the max address available on the IBP. Syntax show mac-addr-table count Default Setting None Command Mode Privileged Exec Display Message Dynamic Address count: The total learning MAC addresses on the L2 MAC address Table. Static Address (User-defined) count: The total user-defined addresses on the L2 MAC address Table.
VLAN ID: The VLAN ID of that MAC address. Status: The status of this entry. The meanings of the values are: Static - The value of the corresponding instance was added by the system or a user when a static MAC filter was defined. It cannot be relearned. Learned - The value of the corresponding instance was learned by observing the source MAC addresses of incoming traffic, and is currently in use.
Learned - The value of the corresponding instance was learned by observing the source MAC addresses of incoming traffic, and is currently in use. Management - The value of the corresponding instance (system MAC address) is also the value of an existing instance of dot1dStaticAddress. It is identified with interface 3/1 and is currently used when enabling VLANs for routing. Self - The value of the corresponding instance is the address of one of the IBP’s physical interfaces (the system’s own MAC address).
9.4.2.7 show mac-address-table multicast This command displays the MFDB information. If the command is entered with no parameter, the entire table is displayed. This is the same as entering the all parameter. The user can display the table entry for one MAC Address by specifying the MAC address as an optional parameter.
9.4.2.8 show mac-address-table stats This command displays the MFDB statistics. Syntax show mac-address-table stats Default Setting None Command Mode Privileged Exec Display Message Max MFDB Table Entries: This displays the total number of entries that can possibly be in the MFDB. Most MFDB Entries Since Last Reset: This displays the largest number of entries that have been present in the Multicast Forwarding Database table. This value is also known as the MFDB high-water mark.
9.4.3 IGMP / MLD Snooping 9.4.3.1 Show Commands 9.4.3.1.1 show igmpsnooping This command displays IGMP / MLD Snooping information. Configured information is displayed whether or not IGMP Snooping is enabled. Status information is only displayed when IGMP Snooping is enabled. Syntax show igmpsnooping [] - The name of uplink set which user want to display.
9.4.3.2 Configuration Commands 9.4.3.2.1 igmpsnooping To enable the igmp snooping function for the uplink set and its associated groups. Syntax igmpsnooping no igmpsnooping - The name of uplink set which user want to configure. no – This command disables IGMP snooping on specified uplink set.
9.4.4 Port Channel 9.4.4.1 show port-channel This command displays the static capability of all downlink port-channels (LAGs) on the device as well as a summary of individual port-channels. Syntax show port-channel Default Setting None Command Mode Privileged Exec Display Message Static Capability: This field displays whether or not the device has static capability enabled.
Port-Channel Name: The name of this port-channel (LAG). You may enter any string of up to 15 alphanumeric characters. Link : Indicates whether the Link is up or down. Admin Mode: May be enabled or disabled. The factory default is enabled. Link Trap Mode: This object determines whether or not to send a trap when link status changes. The factory default is enabled. Mbr Ports: A listing of the ports that are members of this port-channel (LAG), in slot/port notation.
9.4.4.2 show lacp This command displays the static capability of all uplink set on the IBP. Syntax show lacp [] Default Setting None Command Mode Privileged Exec Display Message Uplink Set Name: This field displays the name of a uplink set. LACP: This field displays whether or not the port-channel of the uplink set has static capability enabled.
9.4.4.3 show lacp interface This command displays a summary of LACP states for a specific interface or all interfaces. Syntax show lacp interface { | all} Default Setting None Command Mode Privileged Exec Display Message Intf: Display interface number. Role: Role played by the interface. It can be one of the following: • Actor: Local device participating in LACP negotiation. • Partner: Remote device participating in LACP negotiation. Exp: Expired state.
9.4.4.4 port-channel This command configures a new port-channel (LAG) and generates a logical slot and port number for it. Note: Before including a port in a port-channel, set the port physical mode. See ‘speed-duplex’ command. Syntax port-channel no port-channel { | all} - Port-Channel Interface number. - Port-Channel name (up to 15 alphanumeric characters). all - all Port-Channel interfaces. no - This command removes that Port-Channel.
9.4.4.5 port-channel adminmode all This command sets every configured port-channel with the same administrative mode setting. Syntax port-channel adminmode all no port-channel adminmode all no - This command disables a port-channel (LAG). The option all sets every configured port-channel with the same administrative mode setting.
9.4.4.6 port-channel linktrap This command enables link trap notifications for the port-channel (LAG). The interface is a logical slot and port for a configured port-channel. The option all sets every configured port-channel with the same administrative mode setting. Syntax port-channel linktrap { | all} no port-channel linktrap { | all} - Port-Channel Interface number. all - all Port-Channel interfaces.
9.4.4.8 port-channel load-balance This command for CLI will configured the mode of load balance on the all Port Channels. The parameter “src-mac | dst-mac | dst-src-mac | src-ip | dst-ip| dst-src-ip” represent the mode used to be set for port-channel load balance. Syntax port-channel load-balance all { src-mac| dst-mac | dst-src-mac | src-ip | dst-ip| dst-src-ip } no port-channel load-balance all src-mac - Sets the mode on the source MAC address. dst-mac - Sets the mode on the destination MAC address.
9.4.4.10 staticcapability This command enables the support of static port-channels (static link aggregations - LAGs). By default, the static capability for all port-channels is disabled. The interface is a logical slot and port for a configured port-channel. Syntax staticcapability no staticcapability no - This command disables the support of static port-channels. Default Setting Disabled Command Mode Interface Config 9.4.4.
9.4.4.12 channel-group This command adds one port to the port-channel (LAG). The first interface is a logical slot and port number of a configured port-channel. Note: Before adding a port to a port-channel, set the physical mode of the port. See ‘speed-duplex’ command. Syntax channel-group - Port-Channel Interface number. Default Setting None Command Mode Interface Config Command Usage The maximum number of members for each Port-Channel is 8.
9.4.4.13 delete-channel-group This command deletes the port from the port-channel (LAG). The interface is a logical slot and port number of a configured port-channel. Syntax delete-channel-group - Port-Channel Interface number. Default Setting None Command Mode Interface Config This command deletes all configured ports from the port-channel (LAG). The interface is a logical slot and port number of a configured port-channel.
9.4.5 Storm Control 9.4.5.1 show storm-control This command is used to display broadcast storm control information. Syntax show storm-control broadcast Default Setting None Command Mode Privileged Exec Display Message Intf: Displays interface number. Mode: Displays status of storm control broadcast. Rate: Displays rate for storm control broadcast. Unit: Displays unit of rate for storm control broadcast. Action: Display the configured action for interfaces when broadcast storm occurs.
This command is used to display unicast storm control information Syntax show storm-control unicast Default Setting None Command Mode Privileged Exec Display Message Intf: Displays interface number. Mode: Displays status of storm control unicast. Rate: Displays rate for storm control unicast. Unit: Displays unit of rate for storm control unicast. Action: Display the configured action for interfaces when unicast storm occurs.
9.4.5.2 storm-control broadcast This command enables broadcast storm recovery mode on the selected interface. If the mode is enabled, broadcast storm recovery with high threshold is implemented. The threshold implementation follows bit per second and packet per second pattern. If the broadcast traffic on any Ethernet port exceeds the high threshold rate, the switch discards the broadcasts traffic until the broadcast traffic returns to the threshold rate or less.
9.4.5.3 storm-control multicast This command enables multicast storm recovery mode on the selected interface. Syntax storm-control multicast no storm-control multicast no - This command disables multicast storm recovery mode on the selected interface. Default Setting Disabled Command Mode Interface Config This command enables multicast storm recovery mode on all interfaces.
9.4.5.4 storm-control unicast This command enables unicast storm recovery mode on the selected interface. Syntax storm-control unicast no storm-control unicast no - This command disables unicast storm recovery mode on the selected interface. Default Setting Enabled Command Mode Interface Config This command enables unicast storm recovery mode on all interfaces. Syntax storm-control unicast no storm-control unicast no - This command disables unicast storm recovery mode on all interfaces.
9.4.5.5 switchport broadcast {bps|pps} <1-4294967295> [k|m|g] This command will protect your network from broadcast storms by setting a threshold rate for broadcast traffic on each port. Syntax switchport broadcast {bps|pps} <1-4294967295> [k|m|g] no switchport broadcast bps: bit per second, specify the rising threshold bit rate for broadcast storm. pps: packet per second, specify the rising threshold packet rate for broadcast storm. <1-4294967295>: threshold rate range is from 1 to 4294967295.
9.4.5.6 switchport multicast {bps|pps} <1-4294967295> [k|m|g] This command will protect your network from multicast storms by setting a threshold rate for multicast traffic on each port. Syntax switchport multicast {bps|pps} <1-4294967295> [k|m|g] no switchport multicast bps: bit per second, specify the rising threshold bit rate for multicast storm. pps: packet per second, specify the rising threshold packet rate for multicast storm. <1-4294967295>: threshold rate range is from 1 to 4294967295.
9.4.5.7 switchport unicast {bps|pps} <1-4294967295> [k|m|g] This command will protect your network from unicast storms by setting a threshold rate for unicast traffic on each port. Syntax switchport unicast {bps|pps} <1-4294967295> [k|m|g] no switchport unicast bps: bit per second, specify the rising threshold bit rate for unicast storm. pps: packet per second, specify the rising threshold packet rate for unicast storm. <1-4294967295>: threshold rate range is from 1 to 4294967295.
9.4.5.8 storm-control action Specify the action to be taken when a storm control detected on the selected port. Syntax storm-control action {shutdown|trap} no storm-control action {shutdown|trap} shutdown: disable admin mode of the seleted port when strom control is detected. trap: send a snmp trap when storm control is detected. no - This command disable action on selected port.
9.4.6 Error Disable Recovery 9.4.6.1 show errdisable recovery This command displays the reason of error disable, timer status and error disable information of port status. Syntax show errdisable recovery Default Setting None Command Mode Privileged Exec Display Message ErrDisable Reason: The cause reason for error disable occurring. Timer Status: Admin mode of error disable reason. Timer Interval: The error disable recovery interval. Interface: Port number of error disable occurring port.
Syntax errdisable recovery cause udld no errdisable recovery cause udld no - This command set the admin mode of error disable cause by udld to default. Default Setting Disable Command Mode Global Config 9.4.6.3 errdisable recovery interval The command set error disable recovery timer interval. Syntax errdisable recovery interval <30-86400> no errdisable recovery interval no - This command set the error disable recovey interval to default.
9.4.7 L2 Priority 9.4.7.1 show queue cos-map This command displays the class of service priority map on a specific interface. Syntax show queue cos-map [] - Interface number. Default Setting None Command Mode Privileged Exec Display Message User Priority: Displays the 802.1p priority to be mapped. Traffic Class: Displays internal traffic class to map the corresponding 802.1p priority.
9.4.7.2 queue cos-map This command is used to assign class of service (CoS) value to the CoS priority queue. Syntax queue cos-map no queue cos-map - The queue id of the CoS priority queue (Range: 0 - 7 ). - The CoS value that is mapped to the queue id (Range: 0 - 7 ). no - Sets the CoS map to the default values.
9.4.8 Port Mirror 9.4.8.1 show port-monitor session This command displays the Port monitoring information for the specified session. Syntax show port-monitor session Default Setting None Command Mode Privileged Exec Display Message Session ID: indicates the session ID. Admin Mode: indicates whether the Port Monitoring feature is enabled or disabled. The possible values are enabled and disabled. Dest. Port: is the slot/port that is configured as the destination port.
9.4.8.2 port-monitor session This command configures a probe port and a monitored port for monitor session (port monitoring). Use the source interface parameter to specify the interface to monitor. Use rx to monitor only ingress packets, or use tx to monitor only egress packets. If you do not specify an {rx | tx} option, the destination port monitors both ingress and egress packets. Use the destination interface to specify the interface to receive the monitored traffic.
9.4.8.3 port-monitor session mode This command configures the administration mode of port-monitoring function for a monitor session. Syntax port-monitor session mode no port-monitor session mode - Session ID. no - This command disables port-monitoring function for a monitor session.
9.5 Management Commands 9.5.1 Network Commands 9.5.1.1 show ip interface This command displays configuration settings associated with the IBP 's network interface. The network interface is the logical interface used for in-band connectivity with the IBP via any of the IBP 's front panel ports. The configuration parameters associated with the IBP 's network interface do not affect the configuration of the front panel ports through which traffic is switched or routed.
9.5.1.3 show ip filter This command displays management IP filter status and all designated management stations. Syntax show ip filter Default Setting None Command Mode Privileged Exec Display Message Name: The name of IPv4/IPv6 stations. IP Address/Prefix: The IPv4 address and IPv6 Prefix of stations that are allowed to make configuration changes to the Switch. IP Mask/Prefix Length: The IPv4 mask address and IPv6 Prefix length of stations that are allowed to make configuration changes to the Switch.
9.5.1.4 mtu This command sets the maximum transmission unit (MTU) size (in bytes) for physical and port-channel (LAG) interfaces. For the standard implementation, the range of <1518-9216> is a valid integer between 1518-9216. Syntax mtu <1518-9216> no mtu <1518-9216> - Max frame size (Range: 1518 - 9216). no - This command sets the default maximum transmission unit (MTU) size (in bytes) for the interface. Default Setting 1518 Command Mode Interface Config 9.5.1.
9.5.1.6 ip default-gateway This command sets the IP address of the default gateway. Syntax ip default-gateway no ip default-gateway < gateway > - IP address of the default gateway no - Restore the default IP address of the default gateway i The gateway of in-band and out-of-band (oob) management interface can’t be set at the same time. If the gateway of oob has been set, you have to remove it before you configure the gateway of in-band management interface. Default Setting IP address : 0.0.
9.5.1.7 ip address protocol This command specifies the network configuration protocol to be used. If you modify this value, the change is effective immediately. Syntax ip address protocol {bootp | dhcp | none} - Obtains IP address from BOOTP. - Obtains IP address from DHCP. - Obtains IP address by setting configuration. Both of in-band and out-of-band management interfaces could be configured to use DHCP to get the IP address from DHCP server at a time, but not simultaneously.
9.5.1.9 enable ip filter This command is used to enable the IP filter function. Syntax ip filter no ip filter no – Disable IP filter.
9.5.1.10 ip filter This command is used to create an IPv4/IPv6 address to be a filter. Syntax ip filter ipv4 [] no ip filter - The name of the ip filter. - Configure a IPv4 address to be filtered. - Configure a IPv4 netmask to be filtered. no - Remove a filter by filter name. Default Setting None Command Mode Global Config Syntax ip filter < name> ipv6 no ip filter < name> - The name of the ip filter.
9.5.1.11 show oob This command displays configuration settings associated with the out-of-band (OOB) interface. Syntax show oob Default Setting None Command Mode Privileged Exec Display Message IP Address: The IP address of the interface. The factory default value is 0.0.0.0 Subnet Mask: The IP subnet mask for this interface. The factory default value is 0.0.0.0 Default Gateway: The IP address of the default gateway. IPv6 Address: The IPv6 address of the OOB interface.
9.5.1.12 oob ip This command sets the IP address, and subnet mask of oob interface. The IP address and the gateway must be on the same subnet. Syntax oob ip - IP address - Subnet Mask Default Setting IP address : 0.0.0.0 Subnet Mask : 0.0.0.
9.5.1.13 oob gateway This command sets the IP address of the default gateway for out-of-band interface. Syntax oob gateway no oob gateway < gateway > - IP address of the default gateway no - Restore the default IP address of the default gateway i The gateway of in-band and out-of-band (oob) management interface can’t be set at the same time. If the gateway of oob has been set, you have to remove it before you configure the gateway of in-band management interface.
9.5.1.14 oob protocol This command specifies the oob configuration protocol to be used. If you modify this value, the change is effective immediately. Syntax oob protocol {bootp | dhcp | dhcp6 | none} - Obtains IP address from BOOTP. - Obtains IP address from DHCP. - Obtains IPv6 address from DHCPv6. - Obtains IP address by setting configuration.
9.5.2 Serial Interface Commands 9.5.2.1 show line console This command displays serial communication settings for the IBP. Syntax show line console Default Setting None Command Mode User Exec, Privileged Exec Display Message Serial Port Login Timeout (minutes): Specifies the time, in minutes, of inactivity on a Serial port connection, after which the IBP will close the connection. Any numeric value between 0 and 160 is allowed, the factory default is 5. A value of 0 disables the timeout.
9.5.2.2 line console This command is used to enter Line configuration mode Syntax line console Default Setting None Command Mode Global Config 9.5.2.3 baudrate This command specifies the communication rate of the terminal interface. The supported rates are 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200. Syntax baudrate {1200 | 2400 | 4800 | 9600 | 19200 | 38400 | 57600 | 115200} no baudrate no - This command sets the communication rate of the terminal interface to 9600.
9.5.2.4 exec-timeout This command specifies the maximum connect time (in minutes) without console activity. A value of 0 indicates that a console can be connected indefinitely. The time range is 0 to 160. Syntax exec-timeout <0-160> <0-160> - max connect time (Range: 0 -160). no - This command sets the maximum connect time (in minutes) without console activity to 5. Default Setting 5 Command Mode Line Config 9.5.2.
9.5.2.6 silent-time This command uses to set the amount of time the management console is inaccessible after the number of unsuccessful logon tries exceeds the threshold value. Syntax silent-time <0-65535> <0-65535> - silent time (Range: 0 - 65535) in seconds. no - This command sets the maximum value to the default. Default Setting 0 Command Mode Line Config 9.5.2.7 login local This command is used to enable password checking at login.
9.5.2.8 terminal-length This command is used to sets the terminal-length of the CLI console terminal. Syntax terminal-length <10-100> no terminal-length - max threshold (Range: 10 - 100). no - This command sets the length to the default.
9.5.2.9 show pager This command displays pager settings. Syntax show pager Default Setting None Command Mode Privileged Exec 9.5.2.10 pager This command is used to enable/disable pager mode. If the pager mode is enabled, the displayed data on terminal will be displayed one page at a time. Syntax pager no pager no - This command sets pager mode to disable.
9.5.2.11 show displaymode This command displays extended display settings. Syntax show displaymode Default Setting None Command Mode Privileged Exec 9.5.2.12 displaymode This command is used to enable/disable extended display mode. In the extended display mode, the displayed information will have more than 80 characters per line. Syntax displaymode no displaymode no - This command sets extended display mode to disable.
9.5.3 Telnet Session Commands 9.5.3.1 telnet This command establishes a new outbound telnet connection to a remote host. Syntax telnet [port] [debug] [line] [echo] - A hostname or a valid IP address. [port] - A valid decimal integer in the range of 0 to 65535, where the default value is 23. [debug] - Display current enabled telnet options. [line] - Set the outbound telnet operational mode as ‘linemode’, where by default, the operational mode is ‘character mode’.
9.5.3.2 show line vty This command displays telnet settings. Syntax show line vty Default Setting None Command Mode Privileged Exec Display Message Remote Connection Login Timeout (minutes): This object indicates the number of minutes a remote connection session is allowed to remain inactive before being logged off. A zero means there will be no timeout. May be specified as a number from 0 to 160. The factory default is 5.
9.5.3.4 server enable This command is used to enable or disable telnet server. Syntax server enable no server enable no - This command sets to disable. Default Setting Disabled Command Mode Line Vty 9.5.3.5 exec-timeout This command sets the remote connection session timeout value, in minutes. A session is active as long as the session has been idle for the value set. A value of 0 indicates that a session remains active indefinitely. The time is a decimal value from 0 to 160.
9.5.3.6 password-threshold This command is used to set the password instruction threshold limited for the number of failed login attempts. Syntax password-threshold <0-120> no password-threshold - max threshold (Range: 0 - 120). no - This command sets the maximum value to the default. Default Setting 3 Command Mode Line Vty 9.5.3.7 maxsessions This command specifies the maximum number of remote connection sessions that can be established.
9.5.3.8 sessions This command regulates new telnet sessions. If sessions are enabled, new telnet sessions can be established until there are no more sessions available. If sessions are disabled, no new telnet sessions are established. An established session remains active until the session is ended or an abnormal network error ends it. Syntax sessions no sessions no - This command disables telnet sessions. If sessions are disabled, no new telnet sessions are established.
9.5.3.10 telnet sessions This command regulates new outbound telnet connections. If enabled, new outbound telnet sessions can be established until it reaches the maximum number of simultaneous outbound telnet sessions allowed. If disabled, no new outbound telnet session can be established. An established session remains active until the session is ended or an abnormal network error ends it. Syntax telnet sessions no telnet sessions no - This command disables new outbound telnet connections.
9.5.3.12 telnet exec-timeout This command sets the outbound telnet session timeout value in minute. Syntax telnet exec-timeout <1-160> no telnet exec-timeout <1-160> - max connect time (Range: 1 -160). no - This command sets the remote connection session timeout value, in minutes, to the default. Changing the timeout value for active sessions does not become effective until the session is reaccessed. Any keystroke will also activate the new timeout duration.
9.5.4 SSH Client Session Commands 9.5.4.1 ssh This command establishes a new outbound ssh connection to a remote host. Syntax ssh { [port <1-65535>] [protocol ] | [protocol ] [port <1-65535>]} - A hostname or a valid IP address. - user account. [port] - A valid decimal integer in the range of 1 to 65535, where the default value is 22. [protocol] - SSH Protocol Level (Version) 1 or 2.
9.5.4.3 sshc maxsessions This command specifies the maximum number of simultaneous outbound ssh sessions. A value of 0 indicates that no outbound ssh session can be established. Syntax sshc maxsession <0-5> no sshc maxsession <0-5> - max sessions (Range: 0 - 5). no - This command sets the maximum value to be 5. Default Setting 5 Command Mode Global Config 9.5.4.4 sshc exec-timeout This command sets the outbound ssh session timeout value in minute.
9.5.4.5 show sshc This command displays the current outbound sshc settings. Syntax show sshc Default Setting None Command Mode User Exec, Privileged Exec Display Message Outbound SSH Login Timeout (in minutes) Indicates the number of minutes an outbound ssh session is allowed to remain inactive before being logged off. A value of 0, which is the default, results in no timeout. Maximum Number of Outbound SSH Sessions Indicates the number of simultaneous outbound ssh connections allowed.
9.5.5 SNMP Server Commands 9.5.5.1 show snmp This command displays SNMP community information. Six communities are supported. You can add, change, or delete communities. The IBP does not have to be reset for changes to take effect. The SNMP agent of the IBP complies with SNMP versions 1, 2c, and 3 (for more about the SNMP specification, see the SNMP RFCs).
9.5.5.2 show snmp user This command displays SNMP user information. Syntax show snmp user Default Setting None Command Mode Privileged Exec Display Message User Name: The user to which this entry grants access. A valid entry is a case-sensitive alphanumeric string of up to 8 characters. Authentication: Specify the SNMPv3 Authenticatiion Protocol setting for the selected user account. Encryption: Specify the SNMPv3 Encryption Protocol setting for the selected user account. 9.5.5.
9.5.5.4 show trapflags This command displays trap conditions. Configure which traps the IBP should generate by enabling or disabling the trap condition. If a trap condition is enabled and the condition is detected, the IBP 's SNMP agent sends the trap to all enabled trap receivers. The IBP does not have to be reset to implement the changes. Cold and warm start traps are always generated and cannot be disabled.
9.5.5.6 snmp-server location This command sets the physical location of the IBP. The range for name is from 1 to 31 alphanumeric characters. Syntax snmp-server location - range is from 1 to 31 alphanumeric characters. Default Setting None Command Mode Global Config 9.5.5.7 snmp-server contact This command sets the organization responsible for the network. The range for contact is from 1 to 31 alphanumeric characters.
9.5.5.8 snmp-server community This command adds (and names) a new SNMP community. A community name is a name associated with the IBP and with a set of SNMP managers that manage it with a specified privilege level. The length of the name can be up to 64 case-sensitive characters. Note: Community names in the SNMP community table must be unique. If you make multiple entries using the same community name, the first entry is kept and processed and all duplicate entries are ignored.
This command activates an SNMP community. If a community is enabled, an SNMP manager associated with this community manages the IBP according to its access right. If the community is disabled, no SNMP requests using this community are accepted. In this case the SNMP manager associated with this community cannot manage the IBP until the Status is changed back to Enable. Syntax snmp-server community mode no snmp-server community mode - community name.
9.5.5.9 snmp-server host This command sets a client IP or IPv6 address for an SNMP community. The address is the associated community SNMP packet sending address and is used along with the client IP mask value to denote a range of IP addresses from which SNMP clients may use that community to access the device. A value of 0.0.0.0 allows access from any IP address. Otherwise, this value is ANDed with the mask to determine the range of allowed client IP addresses. The name is the applicable community name.
9.5.5.11 snmp-server enable traps This command enables the ACL trap. Syntax snmp-server enable traps acl-trapflags no snmp-server enable traps acl-trapflags no - This command disables the ACL trap. Default Setting Disabled Command Mode Global Config This command enables the authentication trap. Syntax snmp-server enable traps authentication no snmp-server enable traps authentication no - This command disables the Authentication trap.
This command enables Link Up/Down traps for the entire IBP. When enabled, link traps are sent only if the Link Trap flag setting associated with the port is enabled (see 'snmp trap link-status' command). Syntax snmp-server enable traps linkmode no snmp-server enable traps linkmode no - This command disables Link Up/Down traps for the entire IBP. Default Setting Enabled Command Mode Global Config This command enables Multiple User traps.
9.5.5.12 snmp-server enable informs This command enables the snmp informs for SNMPv2 and SNMPv3. Syntax snmp-server enable informs no snmp-server enable informs no - This command disables the sending of snmp informs. Default Setting Disabled Command Mode Global Config 9.5.5.13 snmp-server inform retries This command set how many times to resend the inform.
9.5.5.14 snmp-server inform timeout This command set how many seconds does the switch to wait for the inform acknowledgement. Syntax snmp-server inform timeout no snmp-server inform timeout no - This command restore the default setting of snmp inform timeout value. Default Setting 15 seconds. Command Mode Global Config 9.5.5.15 snmp-server user This command create an snmp user.
9.5.5.16 snmp-server engineID This command create an snmp engineID. Syntax snmp-server engineID remote no snmp-server engineID remote - IPv4 or IPv6 address of SNMP host which will receive SNMP trap/inform from this switch. - Engin ID for the selected host. The Engined ID are up to 24 hexadecimal characters in length no - This command delete an snmp engineID.
9.5.6 SNMP Trap Commands 9.5.6.1 show snmptrap This command displays SNMP trap receivers. Trap messages are sent across a network to an SNMP Network Manager. These messages alert the manager to events occurring within the IBP or on the network. Six trap receivers are simultaneously supported. Syntax show snmptrap Default Setting None Command Mode Privileged Exec Display Message SNMP Trap Name: The community string of the SNMP trap packet sent to the trap manager.
9.5.6.2 snmp trap link-status This command enables link status traps by interface. Note: This command is valid only when the Link Up/Down Flag is enabled. See 'snmp-server enable traps linkmode' command. Syntax snmp trap link-status no snmp trap link-status no - This command disables link status traps by interface. Default Setting Disabled Command Mode Interface Config This command enables link status traps for all interfaces.
9.5.6.3 snmptrap This command adds an SNMP trap name. The maximum length of the name is 16 case-sensitive alphanumeric characters. Syntax snmptrap no snmptrap - SNMP trap name (Range: up to 64 case-sensitive alphanumeric characters). - an IP or IPv6 address of the trap receiver. no - This command deletes trap receivers for a community. Default Setting None Command Mode Global Config 9.5.6.
9.5.6.5 snmptrap mode This command activates or deactivates an SNMP trap. Enabled trap receivers are active (able to receive traps). Disabled trap receivers are inactive (not able to receive traps). Syntax snmptrap mode no snmptrap mode - SNMP trap name. - an IP or IPv6 address. no - This command deactivates an SNMP trap. Trap receivers are inactive (not able to receive traps).
9.5.7 SNMP Inform Commands 9.5.7.1 show snmpinform This command displays SNMP inform receivers. Inform messages are sent across a network to an SNMP Network Manager. These messages alert the manager to events occurring within the switch or on the network. Syntax show snmpinform Default Setting None Command Mode Privileged Exec Display Message SNMP Inform Flags: Admin mode of SNMP inform function. SNMP Inform Retries: How many times to resend the inform.
9.5.7.2 snmpinform This command adds an SNMP inform name. The maximum length of the name is 64 case-sensitive alphanumeric characters. Syntax snmpinform [version snmpv2 | version snmpv3 ] no snmpinform - SNMP inform name (Range: up to 64 case-sensitive alphanumeric characters). - an IPv4 or IPv6 address of the inform receiver.
9.5.7.4 snmpinform mode This command activates or deactivates an SNMP inform. Enabled inform receivers are active (able to receive inform). Disabled inform receivers are inactive (not able to receive inform). Syntax snmpinform mode no snmpinform mode - SNMP inform name. - an IPv4 or IPv6 address. no - This command deactivates an SNMP inform. Inform receivers are inactive (not able to receive inform).
9.5.8 HTTP commands 9.5.8.1 show ip http This command displays the http settings for the IBP. Syntax show ip http Default Setting None Command Mode Privileged Exec Display Message HTTP Mode (Unsecure): This field indicates whether the HTTP mode is enabled or disabled. HTTP Port: This field specifies the port configured for HTTP. HTTP Mode (Secure): This field indicates whether the administrative mode of secure HTTP is enabled or disabled.
9.5.8.3 ip http port This command is used to set the http port where port can be 1-65535 and the default is port 80. Syntax ip http port <1-65535> no ip http port <1-65535> - HTTP Port value. no - This command is used to reset the http port to the default value. Default Setting 80 Command Mode Global Config 9.5.8.4 ip http server This command enables access to the IBP through the Web interface. When access is enabled, the user can login to the IBP from the Web interface.
9.5.8.5 ip http secure-port This command is used to set the secure HTTP port where port can be 1-65535 and the default is port 443. Syntax ip http secure-port no ip http secure-port - secure HTTP Port value. no - This command is used to reset the secure HTTP port to the default value. Default Setting 443 Command Mode Global Config 9.5.8.6 ip http secure-server This command is used to enable the secure socket layer for secure HTTP.
9.5.8.7 ip http secure-protocol This command is used to set protocol levels (versions). The protocol level can be set to TLS1, SSL3 or to both TLS1 and SSL3. Syntax ip http secure-protocol [protocollevel2] no ip http secure-protocol [protocollevel2] - The protocol level can be set to TLS1, SSL3 or to both TLS1 and SSL3. no - This command is used to remove protocol levels (versions) for secure HTTP.
9.5.8.9 ip http secure-session This command is used to set secure http hard-timeout, maxsessions and soft-timeout parameters. Syntax ip http secure-session { hard-timeout <0-168> | maxsessions <0-16> | soft-timeout <0-60> } no ip http secure-session { hard-timeout | maxsessions | soft-timeout } hard-timeout <0-168>: Configure the hard timeout (in hours) for Secure HTTP sessions. maxsessions <0-16>: Configure Maximum allowable number of Secure HTTP sessions.
9.5.9 Secure Shell (SSH) Commands 9.5.9.1 show ip ssh This command displays the SSH settings. Syntax show ip ssh Default Setting None Command Mode Privileged Exec Display Message Administrative Mode: This field indicates whether the administrative mode of SSH is enabled or disabled. Protocol Levels: The protocol level may have the values of version 1, version 2, or both versions. SSH Sessions Currently Active: This field specifies the current number of SSH connections.
9.5.9.3 ip ssh protocol This command is used to set or remove protocol levels (or versions) for SSH. Either SSH1 (1), SSH2 (2), or both SSH 1 and SSH 2 (1 and 2) can be set. Syntax ip ssh protocol [protocollevel2] - The protocol level can be set to SSH1, SSH2 or to both SSH 1 and SSH 2. Default Setting SSH2 Command Mode Global Config 9.5.9.4 ip ssh maxsessions This command specifies the maximum number of SSH connection sessions that can be established.
9.5.9.5 ip ssh timeout This command sets the SSH connection session timeout value, in minutes. A session is active as long as the session has been idle for the value set. A value of 0 indicates that a session remains active indefinitely. The time is a decimal value from 0 to 160. Changing the timeout value for active sessions does not become effective until the session is reaccessed. Any keystroke will also activate the new timeout duration.
9.5.10 DHCP Client Commands 9.5.10.1 ip dhcp restart This command is used to initiate a BOOTP or DHCP client request. Syntax ip dhcp restart Default Setting None Command Mode Global Config 9.5.10.2 ip dhcp client-identifier This command is used to specify the DHCP client identifier for this IBP. Use the no form to restore to default value. Syntax ip dhcp client-identifier {text | hex } no ip dhcp client-identifier - A text string. (Range: 1-15 characters).
9.5.11 9.5.11.1 DHCPv6 Client Commands ipv6 address protocol This command specifies the network of IPv6 configuration protocol to be used . If you modify this value, the change is effective immediately. Syntax ipv6 address protocol {dhcp6 | none} - Obtains IP address from DHCPv6. - Obtains IP address by setting configuration. Default Setting None. Command Mode Interface-Vlan Config 9.5.11.
9.5.11.3 oob protocol This command specifies the oob configuration protocol to be used. If you modify this value, the change is effective immediately. Syntax oob protocol {bootp | dhcp | dhcp6 | none} - Obtains IP address from BOOTP. - Obtains IP address from DHCP. - Obtains IPv6 address from DHCPv6. - Obtains IP address by setting configuration. Default Setting DHCP. Command Mode Global Config 9.5.11.
9.5.12 Domain Name Server Relay Commands 9.5.12.1 Show Commands 9.5.12.1.1 show hosts This command displays the static host name-to-address mapping table. Syntax show hosts Default Setting None Command Mode Privileged Exec Display Message Domain Name List: Domain Name. IP Address: IPv4/IPv6 address of the Host. 9.5.12.1.2 show dns This command displays the configuration of the DNS server.
Name Server List: A list of domain name servers, including IPv4 and IPv6. Request: Number of the DNS query packets been sent. Response: Number of the DNS response packets been received. 9.5.12.2 show dns cache This command displays all entries in the DNS cache table. Syntax show dns cache Default Setting None Command Mode Privileged Exec Display Message Domain Name List: Domain Name IP Address: IPv4/IPv6 address of the corresponding domain name.
9.5.12.3 Configuration Commands 9.5.12.3.1 ip hosts This command creates a static entry in the DNS table that maps a host name to an IPv4/IPv6 address. Syntax ip host no ip host - Host name. - IPv4/IPv6 address of the host. - Remove the corresponding name to IPv4/IPv6 address mapping entry. Default Setting None Command Mode Privileged Exec 9.5.12.3.2 clear hosts This command clears the entire static host name-to-address mapping table.
9.5.12.3.3 ip domain-name This command defines the default domain name to be appended to incomplete host names (i.e., host names passed from a client are not formatted with dotted notation). Syntax ip domain-name no ip domain-name - Default domain name used to complete unqualified host names. Do not include the initial period that separates an unqualified name from the domain name.
9.5.12.3.4 ip domain-list This command defines the domain name that can be appended to incomplete host names (i.e., host names passed from a client are not formatted with dotted notation). The domain name table can contain maximum 6 entries. Syntax ip domain-list no ip domain-list - Default domain name used to complete unqualified host names. Do not include the initial period that separates an unqualified name from the domain name.
9.5.12.3.5 ip name-server This command specifies the address of one or more domain name servers to use for name-to-address resolution. There are maximum 6 entries in the Domain Name Server Table. Syntax ip name-server no ip name-server < ipaddr > - IPv4/IPv6 address of the Domain Name Servers. - Remove the corresponding Domain Name Server entry from the table.
9.5.12.3.7 clear domain-list This command clears all entries in the domain name list table. Syntax clear domain-list Default Setting None Command Mode Privileged Exec 9.5.12.3.8 clear dns This command sets the DNS configuration to default value.
9.5.12.3.9 clear dns cache This command clears all entries in the DNS cache table. Syntax clear dns cache Default Setting None Command Mode Privileged Exec 9.5.12.3.10 clear dns counter This command clears the statistics of all entries in the DNS cache table.
9.5.13 9.5.13.1 Dynamic DNS Client Commands ddns client This command is DDNS (Dynamic DNS) updating that notify ddns provider update the domain record. If update success, save there parameter in ddns list.
9.5.13.2 show ddns This command displays display DDNS configuration list. Syntax Show ddns Default Setting None. Command Mode Privileged Exec Display Message Server Name: The provider’s name of DDNS server. User Name: The user name for DDNS server. Password: The password for the account. Host: The domain name to be mapped with your IP address. IP Address: The IP address to be mapped with your domain name.
9.5.14 9.5.14.1 IPv6 Commands show ipv6 interface This command displays the IBP’s IPv6 network configuration. Syntax show ipv6 interface Default Setting None. Command Mode User Exec, Privileged Exec Display Message IPv6 Address: The IPv6 address of the interface. Address mode: The network configuration of the IPv6 protocol to be used. The factory default is None.
9.5.14.2 show ipv6 traffic Use this command to show traffic and statistics for IPv6 and ICMPv6. Specify a interface to view information about traffic on a specific interface. Syntax show ipv6 traffic {oob | switchport} Default Setting None. Command Mode User Exec, Privileged Exec Display Message Total Datagrams Received: Total number of input datagrams received by the interface, including those received in error.
Datagrams Failed To Reassemble: Number of failures detected by the IPv6 reassembly algorithm (for whatever reason: timed out, errors, etc.). Note that this is not necessarily a count of discarded IPv6 fragments since some algorithms (notably the algorithm in by combining them as they are received. This counter increments at the interface to which these fragments were addressed, which might not be necessarily the input interface for some of the fragments.
ICMPv6 Neighbor Solicit Messages Received: Number of ICMP Neighbor Solicit messages received by the interface. ICMPv6 Neighbor Advertisement Messages Received: Number of ICMP Neighbor Advertisement messages received by the interface. ICMPv6 Redirect Messages Received: Number of Redirect messages received by the interface. ICMPv6 Group Membership Query Messages Received: Number of ICMPv6 Group Membership Query messages received.
ICMPv6 Duplicate Address Detects: Number of duplicate addresses detected by the interface 9.5.14.3 clear ipv6 statistics This command clear IPv6 statistics for a specific interface. IPv6 statistics display in the output of the show ipv6 traffic command. Syntax clear ipv6 statistics {oob | switchport} Default Setting None.
9.5.14.4 enable ipv6 stack for oob This command is used to enable the IPv6 stack for out-of-band mgmt interface. Syntax oob ipv6 enable no oob ipv6 enable no – Disable IPv6 stack. Default Setting Enabled Command Mode Global Config 9.5.14.5 enable ipv6 stack for switchport This command is used to enable the IPv6 stack for in-band mgmt interface. Syntax ipv6 enable no ipv6 enable no – Disable IPv6 stack.
9.5.15 UDLD Commands 9.5.15.1 show udld This command uses to display the current UDLD configuration and the information of receiving neighbors for all interfaces or a specific interface. Syntax show udld {slot/port} - Configs a specific interface. Default Setting None Command Mode Privileged Exec Display Message Port enable operational state: Show the Port Enable Operational State of the selected port. Current bidirectional state: Show the Bidirectional State of the selected port.
9.5.15.2 udld aggressive This command enables global udld aggressive mode and will work on all fiber ports except where locally configured. Syntax udld aggressive no udld aggressive no - This command is used to disable global udld aggressive mode Default Setting Disabled Command Mode Global Config 9.5.15.3 udld enable This command enables global udld normal mode and will work on all fiber ports except where locally configured.
9.5.15.4 udld message time This command sets udld message time in the range <7-90>.
9.5.15.5 udld port This command is used to enable port udld normal mode. Syntax udld port no udld port no - This command is used to disable port udld normal mode Default Setting Disabled Command Mode Interface Config This command is used to enable port udld aggressive mode.
9.5.16 LLDP Commands 9.5.16.1 show lldp This command uses to display a summary of the current LLDP configuration. Syntax show lldp Default Setting None Command Mode Privileged Exec Display Message Transmit Interval: Shows how frequently the system transmits local data LLDP frames, in seconds. Transmit Hold Multiplier: Shows the multiplier on the transmit interval that sets the TTL in local data LLDP frames. Re-initialization Delay: Shows the delay before re-initialization, in seconds.
9.5.16.2 show lldp interface This command uses to display a summary of the current LLDP configuration for a specific interface or for all interfaces. Syntax show lldp interface { | all} - Configures a specific interface. Default Setting None Command Mode Privileged Exec Display Message Interface: Shows the interface in a slot/port format. Link: Shows whether the link is up or down. Transmit: Shows whether the interface transmits LLDP frames.
9.5.16.3 show lldp statistics This command uses to display the current LLDP traffic and remote table statistics for a specific interface or for all interfaces. Syntax show lldp statistics { | all} - Configures a specific interface. Default Setting None Command Mode Privileged Exec Display Message Last Update: Shows the amount of time since the last update to the remote table in days, hours, minutes, and seconds. Total Inserts: Total number of inserts to the remote data table.
9.5.16.4 show lldp remote-device This command uses to display summary information about remote devices that transmit current LLDP data to the system. You can show information about LLDP remote data received on all ports or on a specific port. Syntax show lldp remote-device { | all} - Displays a specific interface. Default Setting None Command Mode Privileged Exec Display Message Local Interface: Identifies the interface that received the LLDP frame from the remote device.
9.5.16.5 show lldp remote-device detail This command uses to display detailed information about remote devices that transmit current LLDP data to an interface on the system. Syntax show lldp remote-device detail - Displays a specific interface. Default Setting None Command Mode Privileged Exec Display Message Local Interface: Identifies the interface that received the LLDP frame from the remote device.
• Power Class - Specifies the required power level required. Link Aggregation Status - Specifies the capability and current aggregation status of the link. Link Aggregation Port Id - Specifies the aggregated port identifier. Maximum Frame Size - Specifies the maximum supported IEEE 802.3 frame size. Port VLAN Identity - Specifies the VLAN ID of the port. Protocol VLAN - Specifies the Protocol VLAN ID and status. VLAN Name - Specifies the VLAN name.
9.5.16.6 show lldp local-device This command uses to display summary information about the advertised LLDP local data. This command can display summary information or detail for each interface. Syntax show lldp local-device { | all} - Displays a specific interface. Default Setting None Command Mode Privileged Exec Display Message Interface: Identifies the interface in a slot/port format. Port ID: Shows the port ID associated with this interface.
9.5.16.7 show lldp local-device detail This command uses to display detailed information about the LLDP data a specific interface transmits. Syntax show lldp local-device detail - Displays a specific interface. Default Setting None Command Mode Privileged Exec Display Message Interface: Identifies the interface that sends the LLDP frame. Chassis ID Subtype: Shows the type of identification used in the Chassis ID field. Chassis ID: Identifies the chassis of the local device.
9.5.16.8 lldp notification This command uses to enable remote data change notifications. Syntax lldp notification no lldp notification no - This command is used to disable notifications.
9.5.16.9 lldp notification-interval This command is used to configure how frequently the system sends remote data change notifications. The parameter is the number of seconds to wait between sending notifications. The valid interval range is 5-3600 seconds. Syntax lldp notification-interval no lldp notification-interval - Configures the number of seconds to wait between sending notifications.
9.5.16.11 lldp transmit This command uses to enable the LLDP advertise capability. Syntax lldp transmit no lldp transmit no - This command is used to return the local data transmission capability to the default. Default Setting Disable Command Mode Interface Config 9.5.16.12 lldp transmit-mgmt This command uses to include transmission of the local system management address information in the LLDP PDUs.
9.5.16.13 lldp transmit-tlv This command is used to specify which optional type length values (TLVs) in the 802.1AB basic management set are transmitted in the LLDP frames. Use sys-name to transmit the system name TLV. To configure the system name, please refer to “snmp-server” command. Use sys-descto transmit the system description TLV. Use sys-cap to transmit the system capabilities TLV. Use port-desc to transmit the port description TLV.
9.5.16.14 lldp timers This command is used to set the timing parameters for local data transmission on ports enabled for LLDP. The determines the number of seconds to wait between transmitting local data LLDP frames. The range is 1-32768 seconds. The is the multiplier on the transmit interval that sets the TTL in local data LLDP frames. The multiplier range is 2-10. The is the delay before re-initialization, and the range is 1-0 seconds.
Command Mode Global Config © 2011 Fujitsu Technology Solutions 435
9.5.17 sFlow Commands 9.5.17.1 show sflow agent The sFlow agent collects time-based sampling of network interface statistics and flow-based samples. These are sent to the configured sFlow receivers. Use this command to display the sFlow agent information. Syntax show sflow agent Default Setting None Command Mode Privileged Exec Display Message sFlow Version: Uniquely identifies the version and implementation of this MIB.
9.5.17.2 show sflow pollers Use this command to display the sFlow polling instances created on the switch. Syntax show sflow pollers Default Setting None Command Mode Privileged Exec Display Message Poller Data Source: The sFlowDataSource (slot/port) for this sFlow poller. This agent will support Physical ports only. Receiver Index: The sFlowReceiver associated with this sFlow counter poller.
9.5.17.3 show sflow receivers Use this command to display configuration information related to the sFlow receivers. Syntax show sflow receivers [] - Receiver index. Default Setting None Command Mode Privileged Exec Display Message Receiver Index: The sFlow Receiver associated with the sampler/poller. Owner String: The identity string for receiver, the entity making use of this sFlowRcvrTable entry.
9.5.17.4 show sflow samplers Use this command to display the sFlow sampling instances created on the switch. Syntax show sflow samplers Default Setting None Command Mode Privileged Exec Display Message Sampler Data Source: The sFlowDataSource (slot/port) for this sFlow sampler. This agent will support Physical ports only. Receiver Index: The sFlowReceiver configured for this sFlow sampler. Packet Sampling Rate: The statistical sampling rate for packet sampling from this source.
9.5.17.5 sflow receiver Use this command to configure the sFlow collector parameters (owner string, receiver timeout, max datagram size, IP address, and port). Syntax sflow receiver {owner timeout } | {maxdatagram } | {ip } | {port } no sflow receiver [ ip | maxdatagram | port ] - Receiver Index. The range is 1-8. - The identity string for the receiver, the entity making use of this sFlowRcvrTable entry.
9.5.17.6 sflow sampler A data source configured to collect flow samples is called a poller. Use this command to configure a new sFlow sampler instance for this data source if is valid. Syntax sflow sampler { | rate | maxheadersize } no sflow sampler [rate | maxheadersize] - The sFlow Receiver for this sFlow sampler to which flow samples are to be sent. A value of zero (0) means that no receiver is configured, no packets will be sampled.
9.5.17.7 sflow poller A data source configured to collect counter samples is called a poller. Use this command to enable a new sFlow poller instance for this data source if is valid. Syntax sflow poller { | interval } no sflow poller [ interval ] - Enter the sFlow Receiver associated with the sampler/poller. A value of zero (0) means that no receiver is configured. The range is 1-8. The default is 0.
9.6 System Log Management Commands 9.6.1 Show Commands 9.6.1.1 show logging This command displays logging. Syntax show logging Default Setting None Command Mode Privileged Exec Display Message Logging Client Local Port: The port on the collector/relay to which syslog messages are sent CLI Command Logging: The mode for CLI command logging. Hide Password: The mode for hiding password command logging. Console Logging: The mode for console logging.
9.6.2 show logging buffered This command displays the message log maintained by the IBP. The message log contains system trace information. Syntax show logging buffered Default Setting None Command Mode Privileged Exec Display Message Buffered (In-Memory) Logging: Display the message log is enabled or disabled. Buffered Logging Wrapping Behavior: Display the wrapping behavior is enabled or not. Buffered Log Count: Display how many messages have been logged. Message: The message that has been logged.
9.6.3 show logging traplog This command displays the trap log maintained by the IBP. The trap log contains a maximum of 256 entries that wrap. Syntax show logging traplogs Default Setting None Command Mode Privileged Exec Display Message Number of Traps since last reset: The number of traps that have occurred since the last reset of this device. Trap Log Capacity: The maximum number of traps that could be stored in the IBP. Log: The sequence number of this trap.
9.6.3.1 show logging hosts This command displays all configured logging hosts. Syntax show logging hosts Default Setting None Command Mode Privileged Exec Display Message Index (used for deleting) IP Address/Hostname: IPv4/IPv6 address or Hostname of the configured server. Type: Logging Host Address Type (ipv4, ipv6, dns or dnsv6). Severity: The minimum severity to log to the specified address. Port: This is the port on the local host from which syslog messages are sent.
9.6.4 Configuration Commands 9.6.4.1 logging buffered This command enables logging to in-memory log where up to 128 logs are kept. Syntax logging buffered no logging buffered no - This command disables logging to in-memory log. Default Setting None Command Mode Global Config This command enables wrapping of in-memory logging when full capacity reached. Otherwise when full capacity is reached, logging stops.
9.6.4.2 logging console This command enables logging to the console. Syntax logging console [ | <0-7>] no logging console [ | <0-7>] - The value is specified as either an integer from 0 to 7 or symbolically through one of the following keywords: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), informational (6), debug (7). no - This command disables logging to the console. Default Setting None Command Mode Global Config 9.6.4.
9.6.4.4 terminal monitor This command enable logging for terminal session. Syntax terminal monitor no terminal monitor no - This command disables logging to the terminal session. Default Setting None Command Mode Privileged Exec 9.6.4.5 logging host This command enables logging to a host where up to eight hosts can be configured. Syntax logging host [] [[ | <0-7>]] - IPv4/IPv6 address or Hostname of the log server.
This command disables logging to hosts. Syntax logging host remove - Index of the log server. Default Setting None Command Mode Global Config This command reconfigures the IP address of the log server. Syntax logging host reconfigure {host | port | severitylevel } - Index of the log server. host - Change New Logging Host IP Address.
9.6.4.6 logging syslog This command enables syslog logging. Syntax logging syslog no logging syslog no - Disables syslog logging. Default Setting None Command Mode Global Config This command sets the local port number of the LOG client for logging messages. . Syntax logging syslog port no logging syslog port no - Resets the local logging port to the default.
9.6.4.7 logging cli-command The command enable cli command logging. Syntax logging cli-command [hidepwd] no logging cli-command [hidepwd] hidepwd- enable hide password in cli command logging. no - Disables syslog logging. Default Setting None Command Mode Global Config 9.6.4.8 clear logging buffered This command clears all in-memory log.
9.7 Script Management Commands 9.7.1 script apply This command applies the commands in the configuration script to the IBP. The apply command backs up the running configuration and then starts applying the commands in the script file. Application of the commands stops at the first failure of a command. Syntax script apply - The name of the script to be applied. Default Setting None Command Mode Privileged Exec 9.7.
9.7.3 script list This command lists all scripts present on the IBP as well as the total number of files present. Syntax script list Default Setting None Command Mode Privileged Exec The maximum combined size of all script files can not exceed 2 MByte. ! 9.7.4 script show This command displays the content of a script file. Syntax script show - Name of the script file.
9.8 System Utilities 9.8.1 clear 9.8.1.1 clear arp This command causes all ARP entries of type dynamic to be removed from the ARP cache. Syntax clear arp Default Setting None Command Mode Privileged Exec 9.8.1.2 clear traplog This command clears the trap log.
9.8.1.3 clear eventlog This command is used to clear the event log, which contains error messages from the system. Syntax clear eventlog Default Setting None Command Mode Privileged Exec 9.8.1.4 clear logging buffered This command is used to clear the message log maintained by the IBP. The message log contains system trace information.
9.8.1.5 clear config This command resets the configuration to the factory defaults without powering off the IBP. The IBP is automatically reset when this command is processed. You are prompted to confirm that the reset should proceed. Syntax clear config Default Setting None Command Mode Privileged Exec 9.8.1.6 clear config interface This command resets the interface configuration to the factory defaults without powering off the switch. You are prompted to confirm that the reset should proceed.
9.8.1.7 clear pass This command resets all user passwords to the factory defaults without powering off the IBP. You are prompted to confirm that the password reset should proceed. Syntax clear pass Default Setting None Command Mode Privileged Exec 9.8.1.8 clear counters This command clears the stats for a specified or for all the ports or for the entire IBP based upon the argument. Syntax clear counters [ | all] - is the desired interface number.
9.8.1.9 clear dns counter This command clears the DNS statistics. Syntax clear dns counter Default Setting None Command Mode Privileged Exec 9.8.1.10 clear dns cache This command clears all entries from the DNS cache.
9.8.1.11 enable passwd This command changes Privileged EXEC password. Syntax enable passwd {0 | 7} 0 - Specifies password in plain text. 7 - Specifies password in encrypted form. Default Setting None Command Mode Global Config. 9.8.1.12 clear igmp snooping This command clears the tables managed by the IGMP Snooping function and will attempt to delete these entries from the Multicast Forwarding Database.
9.8.1.13 clear mld snooping This command clears the tables managed by the MLD Snooping function and will attempt to delete these entries from the Multicast Forwarding Database. Syntax clear mld snooping Default Setting None Command Mode Privileged Exec 9.8.1.14 clear port-channel This command clears all port-channels (LAGs).
9.8.1.15 clear port-security dynamic This command clears all port-security dynamic information. Syntax clear port-security dynamic {address | interface } address - Clear dynamic address by MAC address. - MAC address. interface - Clear dynamic address by interface. - is the desired interface number. Default Setting None Command Mode Privileged Exec 9.8.1.16 clear ip filter This command is used to clear all ip filter entries.
9.8.1.17 clear ipv6 statistics This command resets the IPv6 statistics. Syntax clear ipv6 statistics {oob | switchport} oob - Clear the IPv6 Statistics of out-of-bound. switchport - Clear the IPv6 Statistics of inbound.
9.8.1.18 clear dot1x statistics This command resets the 802.1x statistics for the specified port or for all ports. Syntax clear dot1x statistics {all | } - is the desired interface number. all - All interfaces. Default Setting None Command Mode Privileged Exec 9.8.1.19 clear radius statistics This command is used to clear all RADIUS statistics.
9.8.1.20 clear tacacs This command is used to clear TACACS+ configuration. Syntax clear tacacs Default Setting None Command Mode Privileged Exec 9.8.1.21 clear lldp This command is used to clear LLDP statistics. Syntax clear lldp {remote-data | statistics} remote-data - Clear the lldp remote-data. statistics - Clear the lldp statistics.
9.8.2 copy This command uploads and downloads to/from the IBP. Local URLs can be specified using tftp or xmodem. The following can be specified as the source file for uploading from the IBP: startup config (startup-config), event log (eventlog), message log (msglog) and trap log (traplog). A URL is specified for the destination. The command can also be used to download the startup config or code image by specifying the source as a URL and destination as startup-config or image respectively.
9.8.2.2 Files download from PC to board Syntax copy boot-rom copy startup-config copy image copy {sshkey-rsa1 | sshkey-rsa2 | sshkey-dsa} copy {sslpem-root | sslpem-server | sslpem-dhweak | sslpem-dhstrong} copy script where ={xmodem | tftp://ipaddr/path/file | ftp://user:pass@ipaddr/path/file} - name of the image file or the script file.
9.8.2.3 Write running configuration file into flash Syntax copy running-config startup-config [filename] - name of the configuration file. Default Setting None Command Mode Privileged Exec 9.8.2.4 This command upload or download the pre-login banner file Syntax copy clibanner copy clibanner no clibanner - xmodem or tftp://ipaddr/path/file or ftp://user:pass@ipaddr/path/file. no - Delete CLI banner.
9.8.2.
9.8.3 delete This command is used to delete a configuration or image file. Syntax delete - name of the configuration or image file.
9.8.4 dir This command is used to display a list of files in Flash memory. Syntax dir [boot-rom | config | opcode [] ] - name of the configuration or image file. boot-rom - bootrom. config - configuration file. opcode - run time operation code. Default Setting None Command Mode Privileged Exec Display Message Column Heading date file name file type startup size Description The date that the file was created. The name of the file.
9.8.5 whichboot This command is used to display which files were booted when the system powered up. Syntax whichboot Default Setting None Command Mode Privileged Exec Display Message Boot-System: Current boot mode. Next Booting Mode: Next boot mode after reboot. file name: name of the configuration or image file. file type: Boot-Rom image, Operation Code or Configuration file. startup: use in booting size (byte): size of the configuration or image file.
9.8.6 boot-system This command is used to specify the file or image used to start up the system. Syntax boot-system {boot-rom | config | opcode | auto-copy-sw} boot-system mode {switch | IBP} - name of the configuration or image file. boot-rom - bootrom. config - configuration file. opcode - run time operation code. mode - switch to Switch or IBP. (*)auto-copy-sw - Configure auto-upgrade function for the stack system. Note: (*) is the stacking command.
9.8.8 ping This command checks if another computer is on the network and listens for connections. To use this command, configure the IBP for network (in-band) connection. The source and target devices must have the ping utility enabled and running on top of TCP/IP. The IBP can be pinged from any IP workstation with which the IBP is connected through the default VLAN (VLAN 1), as long as there is a physical path between the IBP and the workstation.
9.8.8.2 Ping an IPv6 address Syntax ping ipv6 - IPv6 address or Hostname. Default Setting None Command Mode Privileged Exec 9.8.8.3 Ping a Link-local address to use interface keyword Syntax ping ipv6 interface {oob | switchport} [size ] oob - interface of out-of-band. switchport - interface of in-band. - a link-loacl address. - Datagram size (Range: 48-2048).
9.8.9 traceroute This command is used to discover the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis. should be a valid IP address. [port] should be a valid decimal integer in the range of 0(zero) to 65535. The default value is 33434. The optional port parameter is the UDP port used as the destination of packets sent as part of the traceroute. This port should be an unused port on the destination system.
9.8.10 logging cli-command This command enables the CLI command Logging feature. The Command Logging component enables the IBP to log all Command Line Interface (CLI) commands issued on the system. Syntax logging cli-command Default Setting None Command Mode Global Config 9.8.11 calendar set This command is used to set the system clock. Syntax calendar set - Month. (Range: 1 - 12), Day of month. (Range: 1 - 31),Year (4-digit). (Range: 2000 2099).
9.8.12 reload This command resets the IBP without powering it off. Reset means that all network connections are terminated and the boot code executes. The IBP uses the stored configuration to initialize the IBP. You are prompted to confirm that the reset should proceed. A successful reset is indicated by the LEDs on the IBP. Syntax reload [slot ] (*)slot - Reload stack or an IBP in the stack. (*) - switch ID in the range of 1 to 8 or CB name. Note: (*) is the stacking commands.
9.8.14 disconnect This command is used to close a telnet session. Syntax disconnect {<0-42> | all} <0-42> - remote session ID. all - all remote sessions. Default Setting None Command Mode Privileged Exec 9.8.15 hostname This command is used to set the prompt string. Syntax hostname < prompt_string > - Prompt string.
9.8.16 pager This command is used to enable/disable pager setting. Syntax pager no pager no - This command disable pager function.
9.8.17 do This command is used to execute Privileged EXEC-level command from global configuration mode or any configuration sub-mode. Syntax do [EXEC-level command] [EXEC-level command] - Privileged EXEC-level command in Privileged Exec Command Mode. Default Setting None Command Mode Global Config, any configuration submode 9.8.18 quit This command is used to exit a CLI session.
9.9 User Account Management Commands 9.9.1 Show Commands 9.9.1.1 show users This command displays the configured user names and their settings. This command is only available for users with readwrite privileges. The SNMPv3 fields will only be displayed if SNMP is available on the system. Syntax show users Default Setting None Command Mode Privileged Exec Display Message User Name: The name the user will use to login using the serial port, Telnet or Web.
9.9.1.2 show users authorization This command displays all users and all authorization login information. It also displays the authorization login list assigned to the default user. Syntax show users authorization Default Setting None Command Mode Privileged Exec Display Message User: This field lists every user that has an authorization login list assigned. System Login: This field displays the authorization login list assigned to user for system login. 802.
9.9.1.3 show password configuration Use this command to display the configuration password management settings. Syntax show password configuration Default Setting None Command Mode Privileged Exec Display Message Minimum Password Length: Minimum number of characters required when changing passwords.
9.9.2 Configuration Commands 9.9.2.1 username This command adds a new user (account) if space permits. The account can be up to eight characters in length. The name may be comprised of alphanumeric characters as well as the dash (‘-’) and underscore (‘_’). The is not case-sensitive. Six user names can be defined. This command changes the password of an existing operator. User password should not be more than eight characters in length.
9.9.2.2 username snmpv3 authentication This command specifies the authentication protocol to be used for the specified login user. The valid authentication protocols are none, md5 or sha. If md5 or sha are specified, the user login password will be used as the snmpv3 authentication password. The is the login user name for which the specified authentication protocol will be used.
9.9.2.3 username snmpv3 encryption This command specifies the encryption protocol and key to be used for the specified login user. The valid encryption protocols are none or des. The des protocol requires a key, which can be specified on the command line. The key may be up to 16 characters. If the des protocol is specified but a key is not provided, the user will be prompted to enter the key. If none is specified, a key must not be provided.
9.9.2.5 username login This command assigns the specified authorization login list to the specified user for system login. The must be a configured and the must be a configured login list. If the user is assigned a login list that requires remote authorization, all access to the interface from all CLI, Web, and telnet sessions will be blocked until the authorization is complete.
9.10 Privilege Level Command By default, the command-line interface (CLI) has two levels of access to commands: user EXEC mode (level 1) and privileged EXEC mode (level 15). However, you can configure additional levels of access to commands, called privilege levels, to meet the needs of your users while protecting the system from unauthorized access. Up to 16 privilege levels can be configured, from level 0, which is the most restricted level, to level 15, which is the least restricted level.
9.10.1 Show commands 9.10.1.1 show privilege-level This command displays current session’s privilege level. Syntax show privilege-level Default Setting None Command Mode User Exec Display Message Current Privilege levels: current session’s privilege level.
9.10.2 Configuration Commands Each command in a privilege level had to be specified with a separate privilege command. This feature introduces a “wildcard” option that allows you to configure access to multiple commands with only one privilege command. By using the all keyword, you can specify a privilege level for all commands which begin with the string you enter. In other words, the all keyword allows you to grant access to all command-line options and suboptions for a specified command. 9.10.2.
9.10.2.2 enable secret This command allow user to set specified privilege level password. Syntax enable secrect level <1-15> {0|7} no enable secrect level <1-15> no – This command sets the specified privilege level password to none. Default Setting None Command Mode Global Config 9.10.2.3 enable This command allow user to access specified privilege level. Syntax enable [<0-15>] Note - If user want to access higher privilege level, it need to authentic specified password.
9.10.2.4 disable This command allow user to access specified privilege level Syntax disable [<0-15>] Note – This command only allow user to access lower privilege level then current privilege level.
9.11 Uplink Set Commands 9.11.1 Show Commands This command display the Uplink Set information. Syntax show uplink-set [] - The name of uplink set which user want to display. Default Setting None Command Mode Privileged Exec Display Message Uplink Set Name: This indicates the name of uplink set. Logical Interface: Logical interface of this Pplink Set for Active Ports and Backup Ports. External Ports: The member of the uplink set. The member should be the external ports.
9.11.2 Configuration Commands This command is used to create or delete an uplink set and also used to enable or disable the MAC move update feature for a uplink set. Syntax uplink-set [mac-move-update] no uplink-set [mac-move-update] - A string associated with uplink set as a convenience. It can be up to 32 alphanumeric characters, and can not be blank. mac-move-update - the MAC address-table move update feature on uplink set.
9.12 Port Group Commands 9.12.1 Show Commands This command display the port group information. Syntax show port-group [] - The name of a port group which user want to display. Default Setting None Command Mode Privileged Exec Display Message Port Group Name: This indicates the name of port group. Internal Ports: List the internal port members Uplink Set Name: The name of the uplink set. External Ports: List the external ports of the port group.
9.12.2 Configuration Commands This command is used to create or delete an port group. Syntax port-group [] no port-group [] - A string associated with uplink set as a convenience. It should be an existing uplink set. - A string associated with port group as a convenience. It can be up to 32 alphanumeric characters, and can not be blank. no - This command deletes an existing port group.
This command is used to add or remove a port to/form a port group. Syntax port-group no port-group - A string associated with port group as a convenience. It should be an existing port group. no - This command removes a port from a port group.
9.13 VLAN Port Group Commands 9.13.1 Show Commands This command display the VLAN group information. Syntax show vlan-group [] - The name of a VLAN group which user want to display. Default Setting None Command Mode Privileged Exec Display Message VLAN port group name: This indicates the name of VLAN group VLAN ID: The VLAN Identifier of the VLAN group. The range of the VLAN ID is from 1 to 4094 Internal Ports: Internal interface, member of that VLAN group.
9.13.2 Configuration Commands This command is used to create or destroy a VLAN group. Syntax vlan-group <1-4094> no vlan-group - A string associated with VLAN group as a convenience. <1-4094> - VLAN ID - which uplink set to be the external connection for this VLAN group. no - This command disables linkstate for an existing VLAN group. i The range of VLAN ID is 1 to 4093 for the stackable connection blade.
This command is used to add/remove a port to/from VLAN group. Syntax vlan-group [] no vlan-group - A string associated with VLAN group as a convenience. - Assigned a tagged VLAN group for a port. The tagged packets received on the port will be sent to corresponding uplink ports as VLAN tagged packets. no - This command removes a port from the specified VLAN group.
This command is used to set the native VLAN option for a specific VLAN group. Syntax vlan-group-nativeVLAN no vlan-group-nativeVLAN - A string associated with VLAN group as a convenience. no - This command sets the native VLAN option back to default value..
9.14 Service LAN Commands 9.14.1 Show Commands This command display the Service LAN information. Syntax show svc-lan [] - The name of Service LAN which user want to display. Default Setting None Command Mode Privileged Exec Display Message Service LAN name: This indicates the name of Service LAN VLAN ID: The VLAN Identifier of the Service LAN. The range of the VLAN ID is from 1 to 4094 Internal Ports: Internal interface, member of that Service LAN.
9.14.2 Configuration Commands This command is used to create or destroy a Service LAN. Syntax svc-lan <1-4094> no svc-lan - A string associated with Service LAN as a convenience. <1-4094> - VLAN ID - which uplink set to be the external connection for this service LAN. no - This command destroies the specified Service LAN. Default Setting None Command Mode Global Config This command is used to add/remove a port to/from Service LAN.
9.15 Service VLAN Commands 9.15.1 Show Commands This command display the Service VLAN information. Syntax show svc-vlan [] - The name of Service VLAN which user want to display. Default Setting None Command Mode Privileged Exec Display Message Service VLAN name: This indicates the name of Service VLAN VLAN ID: The VLAN Identifier of the Service VLAN. The range of the VLAN ID is from 1 to 4094. Internal Ports: Internal interface, member of that Service VLAN.
9.15.2 Configuration Commands This command is used to create or destroy a Service VLAN. Syntax svc-vlan <1-4094> no svc-vlan - A string associated with Service VLAN as a convenience. <1-4094> - VLAN ID - which uplink set to be the external connection for this service VLAN. no - This command destroies the existing Service VLAN.
9.16 Isolation Commands 9.16.1 Configuration Commands This command is used to enable or disable isolation mode for an interface. In general, the communication between all interfaces in the same port group is possible. You could make an interface invisible for other member of this port group, and the packets received on this interface will not be forwarded to the other member of this port group, but the uplink ports.
9.17 Lock Commands 9.17.1 lock This command locks the http access to the IBP and registers the passed “lock_identifier” with this lock. When the lock is set, the Web-GUI presents a message that access to this IBP is currently not possible, because it is managed by another application. Use the no form to restore to default value. Syntax lock [EXCLUSIVE] no lock {|ALL} < lock_identifier > - A alphanumeric string. (Range: 1-32 characters).
9.17.2 lock_message This command allows specification of the displayed message in the Web-GUI of IBP when a lock is set. It must be possible to specify any HTML string. Use “lock_message default” to restore default value. Syntax lock_message {| default} < message_string > - A specify HTML string. (Range: 1-512 characters). lock_message default - This command is used to restore to default value.
9.17.4 show lock This command displays the information which contented the lock status and the list of lock identifiers that are registered. And displays the current lock message. Syntax show lock Default Setting None Command Mode Privileged Exec Display Message Lock Status: This field indicates the current lock status. Lock Message: This field displays the message in the Web-GUI of the IBP when a lock is set. Identifier: This field specifies the registered “lock_identifier” with this lock.
9.18 Port Backup Two link aggregation groups are associated with one port group as the port group is created. Two link aggregation groups are defined as active and backup port internally. One of two link aggregation groups will be activated at a time. For example, as active link aggregation group is link up, the backup aggregation group will be blocked (no traffic could be sent or received).
9.18.2 Configuration Commands This command is used to enable or disable port backup for a uplink set. Syntax port-backup no port-backup - A string associated with uplink set as a convenience. It should be an existing uplink set. no - This command disables port backup for an existing port group. Default Setting None Command Mode Global Config This command is used to set the failback time of port backup for a uplink set.
This command is used to move a port from active-port list to backup-port list. Syntax port-backup no port-backup no - This command moves the port to active-port list. Restriction: users are not allowed to move the last member of active port to backup port.
9.19 Link State Commands The purpose of this feature is to allow the connection blade to disable the server-blade ports when all of its uplink ports are inactive. It could improve the switching time and realize the “rapid” failover of redundant LAN ports of server blades. This section will describe how to configure the link state for an uplink set. 9.19.1 Show Commands This command display the linkstate information.
9.19.2 Configuration Commands This command is used to enable or disable linkstate for a uplink set Syntax linkstate no linkstate - A string associated with uplink set as a convenience. It should be an existing uplink set. no - This command disables linkstate for an existing uplink set.
9.20 SNTP Commands 9.20.1 Show Commands 9.20.1.1 show sntp This command displays the current time and configuration settings for the SNTP client, and indicates whether the local time has been properly updated. Syntax show sntp Default Setting None Command Mode User Exec, Privileged Exec Display Message Last Update Time: The time of last clock update. Last Unicast Attempt Time: The time of last transmit query (in unicast mode).
9.20.1.2 show sntp client This command displays SNTP client settings. Syntax show sntp client Default Setting None Command Mode Privileged Exec Display Message Client Supported Modes: Supported SNTP Modes (Broadcast, Unicast, or Multicast). SNTP Version: The highest SNTP version the client supports. Port : SNTP Client Port Client Mode: Configured SNTP Client Mode. Unicast Poll Interval: Poll interval value for SNTP clients in seconds as a power of two.
9.20.1.3 show sntp server This command displays configured SNTP servers and SNTP server settings. Syntax show sntp server Default Setting None Command Mode Privileged Exec Display Message Server IP Address: IP address of configured SNTP Server Server Type: Address Type of Server. Server Stratum: Claimed stratum of the server for the last received valid packet. Server Reference ID: Reference clock identifier of the server for the last received valid packet. Server Mode: SNTP Server mode.
9.20.2 Configuration Commands 9.20.2.1 sntp broadcast client poll-interval This command will set the poll interval for SNTP broadcast clients in seconds as a power of two where can be a value from 6 to 16. Syntax sntp broadcast client poll-interval no sntp broadcast client poll-interval - The range is 6 to 16. no - This command will reset the poll interval for SNTP broadcast client back to its default value. Default Setting The default value is 6.
9.20.2.2 sntp client mode This command will enable Simple Network Time Protocol (SNTP) client mode and optionally setting the mode to either broadcast, multicast, or unicast. Syntax sntp client mode [broadcast | unicast | multicast] no sntp client mode no - This command will disable Simple Network Time Protocol (SNTP) client mode. The SNTP IPv4 multicast address is 224.0.1.1. i The SNTP IPv6 multicast address is ff05::101. IPv6 address doesn’t support broadcast mode.
9.20.2.4 sntp unicast client poll-interval This command will set the poll interval for SNTP unicast clients in seconds. Syntax sntp unicast client poll-interval no sntp unicast client poll-interval - Polling interval. It's 2^(value) seconds where value is 6 to 10. no - This command will reset the poll interval for SNTP unicast clients to its default value. Default Setting The default value is 6. Command Mode Global Config 9.20.2.
9.20.2.6 sntp unicast client poll-retry This command will set the poll retry for SNTP unicast clients in seconds. Syntax sntp unicast client poll-retry no sntp unicast client poll-retry < poll-retry> - Polling retry in seconds. The range is 0 to 10. no - This command will reset the poll retry for SNTP unicast clients to its default value. Default Setting The default value is 1. Command Mode Global Config 9.20.2.
9.20.2.8 sntp clock timezone This command sets the time zone for the IBP’s internal clock. Syntax sntp clock timezone <0-12> <0-59> {before-utc | after-utc} - Name of the time zone, usually an acronym. (Range: 1-15 characters) <0-12> - Number of hours before/after UTC. (Range: 0-12 hours) <0-59> - Number of minutes before/after UTC. (Range: 0-59 minutes) before-utc - Sets the local time zone before (east) of UTC. after-utc - Sets the local time zone after (west) of UTC.
9.20.2.9 sntp multicast client poll-internal This command will set the poll interval for SNTP multicast clients in seconds. Syntax sntp multicast client poll-interval no sntp multicast client poll-interval - Polling interval. It’s 2^(value) seconds where the range of value is 6 to 10. no – This command will reset the poll interval for SNTP multicast client to its default value. Default Setting The default value is 6.
9.21 Security Commands 9.21.1 Show Commands 9.21.1.1 show users authentication This command displays all users and all authentication login information. It also displays the authentication login list assigned to the default user. Syntax show users authentication Default Setting None Command Mode Privileged Exec Display Message User: This field lists every user that has an authentication login list assigne.
9.21.1.3 show authentication users This command displays information about the users assigned to the specified authentication login list. If the login is assigned to non-configured users, the user “default” will appear in the user column. Syntax show authentication users - the authentication login listname. Default Setting None Command Mode Privileged Exec Display Message User Name: This field displays the user assigned to the specified authentication login list.
9.21.1.5 show dot1x detail This command is used to show a summary of the global dot1x configuration and the detailed dot1x configuration for a specified port. Syntax show dot1x detail - is the desired interface number. Default Setting None Command Mode Privileged Exec Display Message Port: The interface whose configuration is displayed Protocol Version: The protocol version associated with this port.
Control Direction: Indicates the control direction for the specified port or ports. Possible values are both or in. 9.21.1.6 show dot1x statistics This command is used to show a summary of the global dot1x configuration and the dot1x statistics for a specified port. Syntax show dot1x statistics - is the desired interface number. Default Setting None Command Mode Privileged Exec Display Message Port: The interface whose statistics are displayed.
9.21.1.7 show dot1x summary This command is used to show a summary of the global dot1x configuration and summary information of the dot1x configuration for a specified port or all ports. Syntax show dot1x summary { | all} - is the desired interface number. all - All interfaces. Default Setting None Command Mode Privileged Exec Display Message Interface: The interface whose configuration is displayed. Control Mode: The configured control mode for this port.
9.21.1.9 show radius-servers This command is used to display items of the configured RADIUS servers. Syntax show radius-servers Default Setting None Command Mode Privileged Exec Display Message Host Address: IPv4/IPv6 Address of the configured RADIUS server Port: The port in use by this server Type: Primary or secondary Secret Configured: Yes / No Message Authenticator: The message authenticator attribute configured for the radius server. 9.21.1.
RADIUS Attribute 4 Value: RADIUS NAS-IP value. RADIUS Attribute 95 Mode: Disable or Enable RADIUS NAS-IPv6 attribute. RADIUS Attribute 95 Value: RADIUS NAS-IPv6 value. 9.21.1.11 show radius accounting This command is used to display the configured RADIUS accounting mode, accounting server, and the statistics for the configured accounting server. Syntax show radius accounting [statistics ] - is an IPv4/IPv6 Address or Host Name.
Malformed Responses: The number of malformed RADIUS Accounting-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators and unknown types are not included as malformed accounting responses. Bad Authenticators: The number of RADIUS Accounting-Response packets containing invalid authenticators received from this accounting server.
Malformed Access Responses: The number of malformed RADIUS Access-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators or signature attributes or unknown types are not included as malformed access responses. Bad Authenticators: The number of RADIUS Access-Response packets containing invalid authenticators or signature attributes received from this server.
9.21.1.14 show port-security This command shows the port-security settings for the entire system. Syntax show port-security Default Setting None Command Mode Privileged Exec Display Message Port Security Administration Mode: Port lock mode for the entire system. This command shows the port-security settings for a particular interface or all interfaces. Syntax show port-security { | all } Default Setting None Command Mode Privileged Exec Display Message Intf: Interface Number.
This command shows the dynamically locked MAC addresses for port. Syntax show port-security dynamic Default Setting None Command Mode Privileged Exec Display Message MAC address: Dynamically locked MAC address. This command shows the statically locked MAC addresses for port. Syntax show port-security static Default Setting None Command Mode Privileged Exec Display Message MAC address: Statically locked MAC address.
9.21.2 Configuration Commands 9.21.2.1 authentication login This command creates an authentication login list. The is up to 15 alphanumeric characters and is not case sensitive. Up to 10 authentication login lists can be configured on the IBP. When a list is created, the authentication method “local” is set as the first method. When the optional parameters “method1”, “method 2”, and/or “method 3” are used, an ordered list of methods are set in the authentication login list.
9.21.2.2 username defaultlogin This command assigns the authentication login list to use for non-configured users when attempting to log in to the system. This setting is overridden by the authentication login list assigned to a specific user if the user is configured locally. If this value is not configured, users will be authenticated using local authentication only. Syntax username defaultlogin - an authentication login list. Default Setting None Command Mode Global Config 9.
9.21.3 Dot1x Configuration Commands 9.21.3.1 dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'. If the control mode is not 'auto' an error will be returned. Syntax dot1x initialize - is the desired interface number. Default Setting None Command Mode Privileged Exec 9.21.3.
9.21.3.3 dot1x login This command assigns the specified authentication login list to the specified user for 802.1x port security. The parameter must be a configured user and the parameter must be a configured authentication login list. Syntax dot1x login - is the login user name. - an authentication login list. Default Setting None Command Mode Global Config 9.21.3.
9.21.3.5 dot1x user This command adds the specified user to the list of users with access to the specified port or all ports. The parameter must be a configured user. Syntax dot1x user { | all} no dot1x user { | all} - Is the login user name. - Is the desired interface number. all - All interfaces. no - This command removes the user from the list of users with access to the specified port or all ports.
This command sets the authentication mode to be used on the specified port. The control mode may be one of the following. force-unauthorized: The authenticator PAE unconditionally sets the controlled port to unauthorized. force-authorized: The authenticator PAE unconditionally sets the controlled port to authorized. auto: The authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant, authenticator, and the authentication server.
9.21.3.8 dot1x re-authentication This command enables re-authentication of the supplicant for the specified port. Syntax dot1x re-authentication no dot1x re-authentication no - This command disables re-authentication of the supplicant for the specified port. Default Setting Disabled Command Mode Interface Config 9.21.3.9 dot1x re-reauthenticate This command begins the re-authentication sequence on the specified port. This command is only valid if the control mode for the specified port is 'auto'.
9.21.3.10 dot1x timeout This command sets the value, in seconds, of the timer used by the authenticator state machine on this port. Depending on the token used and the value (in seconds) passed; various timeout configurable parameters are set. The following tokens are supported. reauth-period: Sets the value, in seconds, of the timer used by the authenticator state machine on this port to determine when re-authentication of the supplicant takes place.
9.21.4 Radius Configuration Commands 9.21.4.1 radius accounting mode This command is used to enable the RADIUS accounting function. Syntax radius accounting mode no radius accounting mode no - This command is used to set the RADIUS accounting function to the default value - that is, the RADIUS accounting function is disabled.
9.21.4.2 radius-server host This command is used to configure the RADIUS authentication and accounting server. If the 'auth' token is used, the command configures the IPv4/IPv6 address or Hostname to use to connect to a RADIUS authentication server. Up to 3 servers can be configured per RADIUS client. If the maximum number of configured servers is reached, the command will fail until one of the servers is removed by executing the no form of the command.
9.21.4.3 radius-sever key This command is used to configure the shared secret between the RADIUS client and the RADIUS accounting / authentication server. Depending on whether the 'auth' or 'acct' token is used, the shared secret will be configured for the RADIUS authentication or RADIUS accounting server. The IP address provided must match a previously configured server. When this command is executed, the secret will be prompted. The secret must be an alphanumeric value not exceeding 20 characters.
9.21.4.5 radius-server timeout This command sets the timeout value (in seconds) after which a request must be retransmitted to the RADIUS server if no response is received. The timeout value is an integer in the range of 1 to 30. Syntax radius-server timeout no radius-server timeout - the maximum timeout (Range: 1 - 30).
9.21.4.7 radius-server primary This command is used to configure the primary RADIUS authentication server for this RADIUS client. The primary server is the one that is used by default for handling RADIUS requests. The remaining configured servers are only used if the primary server cannot be reached. A maximum of three servers can be configured on each client. Only one of these servers can be configured as the primary.
9.21.5 TACACS+ Configuration Commands 9.21.5.1 tacacs host This command is used to configure the TACACS server. When this command executes, the Command Mode will change to TACACS mode to configure specified values for the host. Syntax tacacs host no tacacs host - is a IPv4/IPv6 address or Host Name. no - This command is used to remove the configured TACACS server.
This command is used to configure the TACACS server’s service port. Syntax port [<0-65535>] If this command without any parameter, the port value will be reset to default value. <0-65535> - TACACS service port (Range: 0 to 65535). Default Setting 49 Command Mode TACACS mode This command is used to configure the TACACS server’s priority. Syntax Priority [<0-65535>] If this command without any parameter, the priority value will be reset to default value.
This command is used to configure specified connection timeout value of TACACS. Syntax timeout [] If this command without any parameter, the timeout value will be removed and use global timeout. - The connection timeout value of TACACS (Range: 1 – 30). Default Setting None Command Mode TACACS mode 9.21.5.2 tacacs key This command is used to configure global authentication and encryption key of TACACS server.
9.21.5.3 tacacs timeout This command is used to configure global connection timeout value of TACACS. Syntax tacacs timeout no tacacs timeout - The connection timeout value of TACACS (Range: 1 – 30). no - This command is used to reset the timeout value to the default value.
9.21.6 Port Security Configuration Commands 9.21.6.1 port-security This command enables port locking at the system level (Global Config) or port level (Interface Config). Syntax port-security no port-security Default Setting None Command Mode Global Config, Interface Config 9.21.6.2 port-security max-dynamic This command sets the maximum of dynamically locked MAC addresses allowed on a specific port.
9.21.6.3 port-security max-static This command sets the maximum number of statically locked MAC addresses allowed on a specific port. Syntax port-security max-static [<0-20>] no port-security max-static no - This command resets the maximum number of statically locked MAC addresses allowed on a specific port to its default value. Default Setting 20 Command Mode Interface Config 9.21.6.4 port-security mac-address This command adds a MAC address to the list of statically locked MAC addresses.
9.21.6.5 port-security mac-address move This command converts dynamically locked MAC addresses to statically locked addresses. Syntax port-security mac-address move Default Setting None Command Mode Interface Config 9.21.6.6 port-security violation shutdown This command enables violation shutdown attribute of port-security. Syntax port-security violation shutdown no port-security violation shutdown no - This command disables violation shutdown attribute of port-security.
9.21.7 LDAP Commands 9.21.7.1 show ldap This command is used to display the current LDAP configuration. Syntax show ldap Default Setting None Command Mode Privileged Exec Display Message Server IP: LDAP server IP, default is 0.0.0.0. Server Port: LDAP server TCP port, default is 389. baseDN: Base distinguished name, default is empty string. racName: RDN attribute of bind DN, default is empty string. racDomain: Partial bind DN exclude RDN with it, default is empty string. 9.21.7.
9.21.7.3 ldap port This command is used to configure LDAP server port. Syntax ldap port no ldap port - 1-65535 no - This command is used to return the LDAP server port to the default value. Default Setting 389 Command Mode Global Config 9.21.7.4 ldap baseDN This command is used to configure baseDN. Syntax ldap baseDN no ldap baseDN - string. no - This command is used to return the baseDN to the default.
9.21.7.5 ldap racName This command is used to configure racName. Syntax ldap racName no ldap racName - string. no - This command is used to return the racName to the default. Default Setting None Command Mode Global Config 9.21.7.6 ldap racDomain This command is used to configure racDomain. Syntax ldap racDomain no ldap racDomain - string. no - This command is used to return the racDomain to the default.
9.21.8 Denial of Service (DoS) Commands 9.21.8.1 show dos-control This command displays Denial of Service configuration information. Syntax show dos-control Default Setting None Command Mode Privileged Exec Display Message SIPDIP Mode: May be enabled or disabled. The factory default is disabled. First Fragment Mode: May be enabled or disabled. The factory default is disabled. Min TCP Hdr Size: The range is 0 - 255. The factory default is 20. TCP Fragment Mode: May be enabled or disabled.
9.21.8.2 dos-control firstfrag This command enables Minimum TCP Header Size Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having a TCP Header Size smaller then the configured value, the packets will be dropped if the mode is enabled.The default is disabled. If you enable dos-control firstfrag, but do not provide a Minimum TCP Header Size, the system sets that value to 20.
9.21.8.4 dos-control icmpv6 This command enables Maximum ICMPv6 Packet Size Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If ICMPv6 Echo Request (PING) packets ingress having a size greater than the configured value, the packets will be dropped if the mode is enabled. Syntax dos-control icmpv6 <0-1023> no dos-control icmpv6 <0-1023> - Configures maximum ICMPv6 packet size.
9.21.8.6 dos-control sipdip This command enables Source IP address = Destination IP address (SIP=DIP) Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress with SIP=DIP, the packets will be dropped if the mode is enabled. Syntax dos-control sipdip no dos-control sipdip no - This command disables Source IP address = Destination IP address (SIP=DIP) Denial of Service prevention.
9.21.8.8 dos-control tcpfrag This command enables TCP Fragment Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having IP Fragment Offset equal to one (1), the packets will be dropped if the mode is enabled. Syntax dos-control tcpfrag no dos-control tcpfrag no - This command disabled TCP Fragment Denial of Service protection.
9.22 Differentiated Service Commands This chapter contains the CLI commands used for the QOS Differentiated Services (DiffServ) package. The user configures DiffServ in several stages by specifying: 1. Class • creating and deleting classes • defining match criteria for a class Note: The only way to remove an individual match criterion from an existing class definition is to delete the class and re-create it. 2.
• access list matched by reference only, and must be sole criterion in a class • that is, ACL rules copied as class match criteria at time of class creation, with class type 'any' • implicit ACL 'deny all' rule also copied • no nesting of class type 'acl' Regarding nested classes, referred to here as class references, a given class definition can contain at most one reference to another class, which can be combined with other match criteria.
9.22.1.2 no diffserv This command sets the DiffServ operational mode to inactive. While disabled, the DiffServ configuration is retained and can be changed, but it is not activated. When enabled, Diffserv services are activated.
9.22.2 Class Commands The 'class' command set is used in DiffServ to define: Traffic Classification specifies Behavior Aggregate (BA) based on DSCP, and Multi- Field (MF) classes of traffic (name, match criteria) Service Levels specifies the BA forwarding classes / service levels. Conceptually, DiffServ is a two-level hierarchy of classes: 1. Service/PHB, 2.
Note: The CLI mode is changed to Class-Map Config when this command is successfully executed. Command Mode Global Config 9.22.2.2 no class-map This command eliminates an existing DiffServ class. Syntax no class-map is the name of an existing DiffServ class. Note: The class name 'default' is reserved and is not allowed here.
9.22.2.3 class-map rename This command changes the name of a DiffServ class. Syntax class-map rename is the name of an existing DiffServ class. is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the class. Note: The class name ‘default’ is reserved and must not be used here. Default None Command Mode Global Config 9.22.2.
9.22.2.5 match class-map This command adds to the specified class definition the set of match conditions defined for another class. Syntax match class-map is the name of an existing DiffServ class whose match conditions are being referenced by the specified class definition. Note: There is no [not] option for this match command.
9.22.2.6 no match class-map This command removes from the specified class definition the set of match conditions defined for another class. Syntax no match class-map is the name of an existing DiffServ class whose match conditions are being referenced by the specified class definition. Note: There is no [not] option for this match command. Default None Command Mode Class-Map Config 9.22.2.
9.22.2.8 match dstl4port This command adds to the specified class definition a match condition based on the destination layer 4 port of a packet using a single keyword or numeric notation or a numeric range notation. Syntax match dstl4port { | <0-65535>} To specify the match condition as a single keyword, the value for is one of the supported port name keywords. The currently supported values are: domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, www.
9.22.2.9 match ip dscp This command adds to the specified class definition a match condition based on the value of the IP DiffServ Code Point (DSCP) field in a packet, which is defined as the high-order six bits of the Service Type octet in the IP header (the low-order two bits are not checked).
9.22.2.10 match ip precedence This command adds to the specified class definition a match condition based on the value of the IP Precedence field in a packet, which is defined as the high-order three bits of the Service Type octet in the IP header (the low-order five bits are not checked). The precedence value is an integer from 0 to 7.
9.22.2.11 match ip tos This command adds to the specified class definition a match condition based on the value of the IP TOS field in a packet, which is defined as all eight bits of the Service Type octet in the IP header. Syntax match ip tos is a two-digit hexadecimal number from 00 to ff. is a two-digit hexadecimal number from 00 to ff. The denotes the bit positions in that are used for comparison against the IP TOS field in a packet.
9.22.2.12 match protocol This command adds to the specified class definition a match condition based on the value of the IP Protocol field in a packet using a single keyword notation or a numeric value notation. Syntax match protocol { | <0-255>} is one of the supported protocol name keywords. The currently supported values are: icmp, igmp, ip, tcp, udp. Note that a value of ip is interpreted to match all protocol number values.
9.22.2.14 match srcl4port This command adds to the specified class definition a match condition based on the source layer 4 port of a packet using a single keyword or numeric notation or a numeric range notation. Syntax match srcl4port { | <0-65535>} is one of the supported port name keywords (listed below). The currently supported values are: domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, www.
9.22.2.15 match cos This command adds to the specified class definition a match condition for the Class of Service value (the only tag in a single tagged packet or the first or outer 802.1Q tag of a double VLAN tagged packet). The value may be from 0 to 7. NOTE: This command is not available on the Broadcom 5630x platform. Syntax match cos <0-7> Default Setting None Command Mode Class-Map Config 9.22.2.
9.22.2.17 match ethertype This command adds to the specified class definition a match condition based on the value of the ethertype. The value is specified as one of the following keywords: appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp or as a custom ethertype value in the range of 0x0600-0xFFFF. NOTE: This command is not available on the Broadcom 5630x platform.
9.22.2.19 match vlan This command adds to the specified class definition a match condition based on the value of the layer 2 VLAN Identifier field (the only tag in a single tagged packet or the first or outer tag of a double VLAN tagged packet). The VLAN ID is an integer from 0 to 4093. NOTE: This command is not available on the Broadcom 5630x platform.
9.22.3 Policy Commands The 'policy' command set is used in DiffServ to define: Traffic Conditioning Specify traffic conditioning actions (policing, marking, shaping) to apply to traffic classes Service Provisioning Specify bandwidth and queue depth management requirements of service levels (EF, AF, etc.) The policy commands are used to associate a traffic class, which was defined by the class command set, with one or more QoS policy attributes.
9.22.3.1 assign-queue This command modifies the queue id to which the associated traffic stream is assigned. The queueid is an integer from 0 to n-1, where n is the number of egress queues supported by the device. Syntax assign-queue <0-7> <0-7> - Queue ID. (*)<0-6> - Queue ID. Note: (*) is the stacking command.
9.22.3.2 drop This command specifies that all packets for the associated traffic stream are to be dropped at ingress. Syntax drop Command Mode Policy-Class-Map Config Incompatibilities Assign Queue, Mark (all forms), Mirror, Police, Redirect 9.22.3.3 mirror This command specifies that all incoming packets for the associated traffic stream are copied to a specific egress interface (physical port or LAG). NOTE: This command is not available on the Broadcom 5630x platform.
9.22.3.4 redirect This command specifies that all incoming packets for the associated traffic stream are redirected to a specific egress interface (physical port or port-channel). Syntax redirect Command Mode Policy-Class-Map Config Incompatibilities Drop, Mirror 9.22.3.5 conform-color This command is used to enable color-aware traffic policing and define the conform-color class maps used.
9.22.3.6 mark ip-dscp This command marks all packets for the associated traffic stream with the specified IP DSCP value. Syntax mark ip-dscp is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef. Command Mode Policy-Class-Map Config Policy Type In Incompatibilities Drop, Mark CoS, IP Precedence, Police 9.22.3.
9.22.3.8 police-simple This command is used to establish the traffic policing style for the specified class.
9.22.3.9 class This command creates an instance of a class definition within the specified policy for the purpose of defining treatment of the traffic class through subsequent policy attribute statements. Syntax class is the name of an existing DiffServ class. Note that this command causes the specified policy to create a reference to the class definition. Command Mode Policy-Class-Map Config 9.22.3.
9.22.3.11 policy-map This command establishes a new DiffServ policy. The parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the policy. The type of policy is specific to the inbound traffic direction as indicated by the in parameter. Syntax policy-map [ in ] no policy-map Command Mode Global Config Policy Type In 9.22.3.12 policy-map rename This command changes the name of a DiffServ policy.
9.22.4 Service Commands The 'service' command set is used in DiffServ to define: Traffic Conditioning Assign a DiffServ traffic conditioning policy (as specified by the policy commands) to an interface in the incoming direction. Service Provisioning Assign a DiffServ service provisioning policy (as specified by the policy commands) to an interface in the outgoing direction The service commands attach a defined policy to a directional interface.
9.22.4.1 service-policy This command attaches a policy to an interface in a particular direction. Syntax service-policy in The command can be used in the Interface Config mode to attach a policy to a specific interface. Alternatively, the command can be used in the Global Config mode to attach this policy to all system interfaces. The direction value is either in or out. is the name of an existing DiffServ policy, whose type must match the interface direction.
9.22.4.2 no service-policy This command detaches a policy from an interface in a particular direction. Syntax no service-policy in The command can be used in the Interface Config mode to detach a policy from a specific interface. Alternatively, the command can be used in the Global Config mode to detach this policy from all system interfaces to which it is currently attached. The direction value is either in or out. is the name of an existing DiffServ policy.
9.22.5 Show Commands The 'show' command set is used in DiffServ to display configuration and status information for: • Classes • Policies • Services This information can be displayed in either summary or detailed formats. The status information is only shown when the DiffServ administrative mode is enabled; it is suppressed otherwise. There is also a 'show' command for general DiffServ information that is available at any time. 9.22.5.
9.22.5.2 show diffserv service This command displays policy service information for the specified interface and direction. Syntax show diffserv service in specifies a valid slot number and port number for the system. The direction parameter indicates the interface direction of interest. Default Setting None Command Mode Privileged EXEC Display Message DiffServ Admin Mode: The current setting of the DiffServ administrative mode.
9.22.5.3 show diffserv service brief This command displays all interfaces in the system to which a DiffServ policy has been attached. The direction parameter is optional; if specified, only services in the indicated direction are shown. Syntax show diffserv service brief [ in ] Default Setting None Command Mode Privileged EXEC Display Message DiffServ Admin Mode: The current setting of the DiffServ administrative mode.
9.22.5.4 show class-map This command displays all configuration information for the specified class. Syntax show class-map [] is the name of an existing DiffServ class. Default Setting None Command Mode Privileged EXEC and User EXEC Display Message Class Name: The name of this class. Class Type: The class type (all, any, or acl) indicating how the match criteria are evaluated for this class.
9.22.5.5 show policy-map This command displays all configuration information for the specified policy. Syntax show policy-map [] is the name of an existing DiffServ policy. Default Setting None Command Mode Privileged EXEC Display Message Policy Name: The name of this policy. Policy Type: The policy type, namely whether it is an inbound or outbound policy definition.
Drop: Drop a packet upon arrival. This is useful for emulating access control list operation using DiffServ, especially when DiffServ and ACL cannot co-exist on the same interface. Mirror: Copies a classified traffic stream to a specified egress port (physical port or LAG). This can occur in addition to any marking or policing action. It may also be specified along with a QoS queue assignment. Redirect: Forces a classified traffic stream to a specified egress port (physical port or LAG).
9.22.5.6 show policy-map interface This command displays policy-oriented statistics information for the specified interface and direction. Syntax show policy-map interface in specifies a valid slot number and port number for the system. The direction parameter indicates the interface direction of interest. Command Mode Privileged EXEC Display Message Interface: The slot number and port number of the interface (slot/port).
next functional element in the data path, such as the switching or routing function or an outbound link transmission element. Only displayed for the 'out' direction. Note: None of the counters listed here are guaranteed to be supported on all platforms. Only supported counters are shown in the display output.
9.22.5.7 show service-policy This command displays a summary of policy-oriented statistics information for all interfaces in the specified direction. The direction parameter indicates the interface direction of interest. This command enables or disables the route reflector client. A route reflector client relies on a route reflector to re-advertise its routes to the entire AS. The possible values for this field are enable and disable.
9.23 ACL Commands 9.23.1 Show Commands 9.23.1.1 show mac access-lists This command displays a MAC access list and all of the rules that are defined for the ACL. The parameter is used to identify a specific MAC ACL to display. Syntax show mac access-list ACL name which uniquely identifies the MAC ACL to display. Default Setting None Command Mode Privileged EXEC Display Message MAC ACL Name: The name of the MAC ACL rule.
9.23.1.2 show mac access-lists This command displays a summary of all defined MAC access lists in the system. Syntax show mac access-list Default Setting None Command Mode Privileged EXEC Display Message Current number of all ACLs: The number of user-configured rules defined for this ACL. Maximum number of all ACLs: The maximum number of ACL rules. MAC ACL Name: The name of the MAC ACL rule. Rules: The number of rule in this ACL.
9.23.1.3 show ip access-lists This command displays an Access Control List (ACL) and all of the rules that are defined for the ACL. Syntax show ip access-lists [<1-199> | ] <1-199> is the number used to identify the ACL. is the name used to identify the ACL. Default Setting None Command Mode Privileged EXEC Display Message Current number of ACLs: The number of user-configured rules defined for this ACL. Maximum number of ACLs: The maximum number of ACL rules.
9.23.1.4 show access-lists interface This command displays Access List information for a particular interface and the 'in' direction. Syntax show access-lists interface in is the interface number. Default Setting None Command Mode Privileged EXEC Display Message ACL Type: This displays ACL type is IP or MAC. ACL ID/Name: This displays the ACL ID/Name.
9.23.2 Configuration Commands 9.23.2.1 mac access-list extended This command creates a MAC Access Control List (ACL) identified by , consisting of classification fields defined for the Layer 2 header of an Ethernet frame. The parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the MAC access list. If a MAC ACL by this name already exists, this command enters Mac-Access-List config mode to allow updating the existing ACL.
9.23.2.3 mac access-list This command creates a new rule for the current MAC access list. Each rule is appended to the list of configured rules for the list. Note that an implicit 'deny all' MAC rule always terminates the access list. Note: The 'no' form of this command is not supported, as the rules within an ACL cannot be deleted individually. Rather, the entire ACL must be deleted and re-specified. A rule may either deny or permit traffic according to the specified classification fields.
9.23.2.4 mac access-group in This command attaches a specific MAC Access Control List (ACL) identified by to an interface in a given direction. The parameter must be the name of an exsiting MAC ACL. An optional sequence number may be specified to indicate the order of this access list relative to other access lists already assigned to this interface and direction. A lower number indicates higher precedence order.
9.23.2.5 access-list This command creates an Access Control List (ACL) that is identified by the parameter.
9.23.2.6 no access-list This command deletes an ACL that is identified by the parameter from the system or remove an ACL rule that is identified by the parameter <1-10> from the an IP ACL . Syntax no access-list {<1-99> | <100-199>} [] - To remove a Rule ID. Note: The ACL number is an integer from 1 to 199. The range 1 to 99 is for the normal ACL List and 100 to 199 is for the extended ACL List.
9.23.2.7 ip access-group This command attaches a specified access-control list to an interface. The parameter is the name of the Access Control List. An optional sequence number may be specified to indicate the order of this IP access list relative to other IP access lists already assigned to this interface and direction. A lower number indicates higher precedence order.
9.23.2.8 ip access-list Use this command to create an extended IP Access Control List (ACL) identified by , consisting of classification fields defined for the IP header of an IPv4 frame. The parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the IP access list. If an IP ACL by this name already exists, this command enters IPv4-Access_List config mode to allow updating the existing IP ACL.
9.24 CoS Commands 9.24.1 Show Commands 9.24.1.1 show queue cos-map This command displays the current Dot1p (802.1p) priority mapping to internal traffic classes for a specific interface. The slot/port parameter is optional and is only valid on platforms that support independent per-port class of service mappings. If specified, the 802.1p mapping table of the interface is displayed. If omitted, the most recent global configuration settings are displayed.
9.24.1.2 show queue ip-dscp-mapping This command maps an IP DSCP value to an internal traffic class. The value is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef. The values can range from 0-6, although the actual number of available traffic classes depends on the platform.
9.24.1.3 show queue trust This command displays the current trust mode setting for a specific interface. The slot/port parameter is optional and is only valid on platforms that support independent per-port class of service mappings. If specified, the port trust mode of the interface is displayed. If omitted, the port trust mode of each interface in the system is shown.
9.24.1.4 show queue cos-queue This command displays the class-of-service queue configuration for the specified interface. The slot/port parameter is optional and is only valid on platforms that support independent per-port class of service mappings. If specified, the class-of-service queue configuration of the interface is displayed. If omitted, the most recent global configuration settings are displayed. Syntax show queue cos-queue [] The interface number.
9.24.2 Configuration Commands 9.24.2.1 queue cos-map This command maps an 802.1p priority to an internal traffic class on a "per-port" basis. Syntax queue cos-map < priority > < queue-id > no queue cos-map < priority > - The range of queue priority is 0 to 7. < queue-id> - The range of mapped traffic class is 0 to 7. no - Reset to the default mapping of the queue priority and the mapped traffic class. i The range of mapped traffic class is 0 to 6 for the stackable connection blade.
This command maps an 802.1p priority to an internal traffic class for a device. Syntax queue cos-map all no queue cos-map all - The range of queue priority is 0 to 7. - The range of mapped traffic class is 0 to 7. no - Reset to the default mapping of the queue priority and the mapped traffic class. i The range of mapped traffic class is 0 to 6 for the stackable connection blade. Default Setting None Command Mode Global Config.
9.24.2.2 queue ip-dscp-mapping This command maps an IP precedence value to an internal traffic class for a device. Syntax queue ip-dscp-mapping no queue ip-dscp-mapping - The IP DSCP value in the range of 0 to 63 or an IP DSCP keyword (af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef). - The range of mapped traffic class is 0 to 7.
9.24.2.3 queue trust This command sets the class of service trust mode of an interface. The mode can be set to trust one of the Dot1p (802.1p), IP Precedence. Syntax queue trust {dot1p | ip-dscp | untrusted} no queue trust no - This command sets the interface mode to default. Default Setting None Command Mode Interface Config. This command sets the class of service trust mode for all interfaces. The mode can be set to trust one of the Dot1p (802.1p), IP Precedence.
9.24.2.4 queue cos-queue min-bandwidth This command specifies the minimum transmission bandwidth guarantee for each interface queue. Syntax queue cos-queue min-bandwidth … no queue cos-queue min-bandwidth … - Each Valid range is (0 to 100) in increments of 5 and the total sum is less than or equal to 100. no - This command restores the default for each queue's minimum bandwidth value. Default Setting None Command Mode Interface Config.
This command specifies the minimum transmission bandwidth guarantee for each interface queue in the device. Syntax queue cos-queue min-bandwidth all … no queue cos-queue min-bandwidth all … - Each Valid range is (0 to 100) in increments of 5 and the total sum is less than or equal to 100. no - This command restores the default for each queue's minimum bandwidth value in the device. Default Setting None Command Mode Global Config. 9.24.2.
This command activates the strict priority scheduler mode for each specified queue on a device. Syntax queue cos-queue strict all [ … ] no queue cos-queue strict all [ … ] no - This command restores the default weighted scheduler mode for each specified queue on a device. i The range of mapped traffic class is 0 to 6 for the stackable connection blade. Default Setting None Command Mode Global Config. 9.24.2.
This command specifies the maximum transmission bandwidth limit for all interfaces. Also known as rate shaping, this has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded. Syntax queue cos-queue traffic-shape all no queue cos-queue traffic-shape all - Valid range is (0 to 100) in increments 5. no - This command restores the default shaping rate value for all interfaces. Default Setting None Command Mode Global Config.
9.25 Stacking Commands 9.25.1 Show Commands 9.25.1.1 show switch This command displays information of the stack members in the stack system. This command is only available for Ethernet Connection Blade with stacking feature. Syntax show switch [] Default Setting None Command Mode Privileged Exec Display Message SW#: Displays the ID of the unit. The maximum number of units allowed in the stack is 8. ID: Displays the identifier of the unit which is used to identify an interface on that IBP.
9.25.1.2 show switch stack port This command displays information of the stack port of stack members in the stack system. This command is only available for Ethernet Connection Blade with stacking feature. Syntax show switch stack-port Default Setting None Command Mode Privileged Exec Display Message Unit: Displays the unit. Interface: Displays the stackable interfaces on the given unit. Configured Stack Mode: Displays the configured mode for the given interface. Currently, only N/A is displayed.
9.25.1.3 show stack port counter statistic This command displays statistic of the stacking port. This command is only available for Ethernet Connection Blade with stacking feature. Syntax show switch stack-port counters [detailed] Default Setting None Command Mode Privileged Exec Display Message Unit: Displays the unit. Interface: Displays the stackable interfaces on the given unit. Transmit and Receive statistics Data Rate (Mb/s): Displays the approximate rate on the stacking port.
9.25.2 Configuration Commands 9.25.2.1 Configure priority of a switch This command uses to configure the priority of an IBP. IBP has higher priority will have a better chance to become stack master in a stack system. Syntax switch priority <0-15> no switch priority - unit number of an IBP which is range from 1 to 8. <0-15> - priority value is range from 0 to 15. no - This command resets the priority value to unassigned. Default Setting Unassigned Command Mode Global Config 9.25.
9.25.2.3 Moving management control from one IBP to another This command is used to move the management IBP from one to another. Syntax switch movemanagement - unit number of an IBP which is range from 1 to 8. - unit number of an IBP which is range from 1 to 8. Default Setting None Command Mode Global Config 9.25.2.4 Configuring a standby switch This command is used to configure a standby switch for a stack.
9.25.2.5 Performing a failover to the standby switch This command is used to perform a failover and transfer the stack master to the standby switch. Syntax switch failover Default Setting None Command Mode Global Config i The original stack master will be reloaded after performing a failover and rejoin to the stack.
10 Using SNMP SNMP (Simple Network Management Protocol) is a communication protocol designed specifically for managing devices or other elements on a network. Equipment commonly managed with SNMP includes IBP(s), routers and host computers. SNMP is typically used to configure these devices for proper operation in a network environment, as well as to monitor them to evaluate performance or detect potential problems. To access this IBP from a network management station using SNMP, follow these steps: 1.
10.1 Supported MIBs The standard MIBs are listed in the following table. Specifications Public MIB NAME MIB FIles IEEE 802.1x IEEE8021-PAE-MIB dot1x.my IEEE 802.3ad LAG-MIB dot3ad.my RFC 1213 RFC1213-MIB mib-2.my RFC 2011 IP-MIB RFC2011 ip-icmp.my RFC 1493 BRIDGE-MIB bridge.my RFC 1643 ETHERLIKE-MIB etherlike.my RFC 1907 SNMPv2-MIB v2-mib.my RFC 2233 IF-MIB if.my RFC 2571 SNMP-FRAMEWORK-MIB v3-arch.my RFC 2572 SNMP-MPD-MIB v3-mpd.my RFC 2573 SNMP-TARGET-MIB v3-tgt.
The private enterprise MIB is listed below. Private MIB names MIB files FSC-SWITCH-MIB fscref.my OUTBOUNDTELNET-PRIVATE-MIB telnet.my MGMT-SECURITY-MIB mgmt_security.my DENIALOFSERVICE-PRIVATE-MIB dos.my COS-MIB qos_cos.my QOS-MIB qos.my QOS-ACL-MIB qos_acl.my QOS-DIFFSERV-EXTENSIONS-MIB qos_diffserv_extensions.my QOS-DIFFSERV-PRIVATE-MIB qos_diffserv_private.my RADIUS-CLIENT-PRIVATE-MIB radius.my RADIUS-ACC-CLIENT-MIB radius_acc_client.my RADIUS-AUTH-CLIENT-MIB radius_auth_client.
10.2 Accessing MIB Objects MIB objects represent features of the IBP that an SNMP application can control and manage. One example is the RFC-2233 IF-MIB group which you can use to get or set the port configuration by reading or writing to different variables in this MIB group. The variables supported by this group are listed in the following table.
ifHCInOctets Yes RO ifHCInUcastPkts Yes RO ifHCInMulticastPkts Yes RO ifHCInBroadcastPkts Yes RO ifHCOutOctets Yes RO ifHCOutUcastPkts Yes RO ifHCOutMulticastPkts Yes RO ifHCOutBroadcastPkts Yes RO ifLinkUpDownTrapEnable Yes RW ifHighSpeed Yes RO ifPromiscuousMode Yes RO ifConnectorPresent Yes RO ifAlias No RW ifCounterDiscontinuityTime Yes RO ifStackTable Indicies: ifStackStatus No ifStackHigherLayer, ifStackLowerLayer *RC ifRcvAddressTable Indicies: ifRcvAd
10.
