Command Guide S6224-S2(S4) INTELLIGENT ACCESS SWITCH Manual version: Firmware version: 2.0.6 6.2.138.103 IP address: 192.168.1.1 Username: admin Password: admin FoxGate Corp.
Content Content CHAPTER 1 COMMANDS FOR BASIC SWITCH CONFIGURATION……………………………………………………34 1.1 COMMANDS FOR BASIC CONFIGURATION ................................................ 34 1.1.1 authentication line ...................................................................................... 34 1.1.2 banner ........................................................................................................ 35 1.1.3 boot img .................................................................................
Content 1.1.32 show cpu utilization .................................................................................. 46 1.1.33 show memory usage ................................................................................ 47 1.1.34 show privilege .......................................................................................... 47 1.1.35 show privilege mode LINE ....................................................................... 47 1.1.36 show tcam usage ..................................
Content 1.3.3 ip address ................................................................................................... 61 1.3.4 ipv6 address ............................................................................................... 62 1.3.5 ip bootp-client enable ................................................................................. 62 1.3.6 ip dhcp-client enable .................................................................................. 63 1.4 COMMANDS FOR SNMP...............
Content 1.5.11 tftp-server transmission-timeout ............................................................... 83 CHAPTER 2 COMMANDS FOR CLUSTER ................................ 84 2.1 CLEAR CLUSTER NODES......................................................................... 84 2.2 CLUSTER AUTO-ADD .............................................................................. 84 2.3 CLUSTER COMMANDER .......................................................................... 85 2.4 CLUSTER IP-POOL .....
Content 3.1.12 port-status query interval ....................................................................... 102 3.1.13 rate-violation ........................................................................................... 102 3.1.14 rate-violation control ............................................................................... 103 3.1.15 remote-statistics interval ........................................................................ 104 3.1.16 show interface ............................
Content 6.9 ULDP DISABLE..................................................................................... 121 6.10 ULDP HELLO-INTERVAL ...................................................................... 121 6.11 ULDP MANUAL-SHUTDOWN ................................................................. 122 6.12 ULDP RECOVERY-TIME ....................................................................... 122 6.13 ULDP RESET .....................................................................................
Content CHAPTER 9 COMMANDS FOR MTU ....................................... 139 9.1 MTU ................................................................................................... 139 CHAPTER 10 COMMANDS FOR EFM OAM ............................ 140 10.1 CLEAR ETHERNET-OAM ...................................................................... 140 10.2 DEBUG ETHERNET-OAM ERROR .......................................................... 140 10.3 DEBUG ETHERNET-OAM FSM ..................................
Content 11.2 SHOW PORT-SECURITY ...................................................................... 159 11.3 SWITCHPORT PORT-SECURITY ............................................................ 160 11.4 SWITCHPORT PORT-SECURITY AGING................................................... 160 11.5 SWITCHPORT PORT-SECURITY MAC-ADDRESS ...................................... 161 11.6 SWITCHPORT PORT-SECURITY MAC-ADDRESS STICKY ........................... 161 11.7 SWITCHPORT PORT-SECURITY MAXIMUM ..............
Content 14.3 BPDU-TUNNEL GVRP .......................................................................... 177 14.4 BPDU-TUNNEL ULDP .......................................................................... 178 14.5 BPDU-TUNNEL LACP .......................................................................... 178 14.6 BPDU-TUNNEL DOT1X ........................................................................ 179 CHAPTER 15 VLAN CONFIGURATION ................................... 180 15.
Content 15.1.32 switchport hybrid native vlan ................................................................ 194 15.1.33 switchport interface .............................................................................. 194 15.1.34 switchport mode ................................................................................... 195 15.1.35 switchport mode trunk allow-null .......................................................... 196 15.1.36 switchport trunk allowed vlan ..............................
Content 16.1.4 mac-address-learning cpu-control ......................................................... 207 16.1.5 mac-address-table aging-time ............................................................... 207 16.1.6 mac-address-table static | static-multicast | blackhole .......................... 208 16.1.7 showCollisionMacTable .......................................................................... 209 16.1.8 show mac-address-table .................................................................
Content 17.1.7 show ....................................................................................................... 223 17.1.8 spanning-tree ......................................................................................... 224 17.1.9 spanning-tree cost.................................................................................. 224 17.1.10 spanning-tree digest-snooping............................................................. 225 17.1.11 spanning-tree format ........................
Content 18.6 MATCH ............................................................................................. 245 18.7 MLS QOS AGGREGATE-POLICY ............................................................ 246 18.8 MLS QOS COS ................................................................................... 246 18.9 MLS QOS INTERNAL-PRIORITY............................................................. 247 18.10 MLS QOS MAP ................................................................................
Content 20.3 MATCH ............................................................................................. 262 20.4 SERVICE-POLICY ............................................................................... 263 20.5 SET ................................................................................................. 264 CHAPTER 21 COMMANDS FOR LAYER 3 MANAGEMENT .... 265 21.1 COMMANDS FOR LAYER 3 INTERFACE ................................................. 265 21.1.1 description .................
Content 21.2.29 show ipv6 neighbors ............................................................................ 280 21.2.30 show ipv6 traffic ................................................................................... 281 21.2.31 show ipv6 redirect ................................................................................ 282 21.3 COMMANDS FOR ARP CONFIGURATION .............................................. 282 21.3.1 arp .....................................................................
Content 23.8 CLEAR IPV6 ND DYNAMIC ................................................................... 295 CHAPTER 24 COMMAND FOR ARP GUARD .......................... 296 24.1 ARP-GUARD IP .................................................................................. 296 CHAPTER 25 COMMANDS FOR GRATUITOUS ARP CONFIGURATION .................................................................... 297 25.1 IP GRATUITOUS-ARP .......................................................................... 297 25.
Content 26.1.25 network-address................................................................................... 309 26.1.26 next-server ........................................................................................... 309 26.1.27 option.................................................................................................... 310 26.1.28 service dhcp ......................................................................................... 310 26.1.29 show ip dhcp binding .............
Content 27.22 PREFIX-DELEGATION POOL ............................................................... 327 27.23 SERVICE DHCPV6 ............................................................................ 327 27.24 SHOW IPV6 DHCP ............................................................................ 328 27.25 SHOW IPV6 DHCP BINDING ............................................................... 328 27.26 SHOW IPV6 DHCP CONFLICT ............................................................. 329 27.
Content CHAPTER 30 COMMANDS FOR DHCPV6 OPTION37, 38 ...... 344 30.1 COMMANDS FOR DHCPV6 OPTION37, 38........................................... 344 30.1.1 address range ........................................................................................ 344 30.1.2 class ....................................................................................................... 344 30.1.3 ipv6 dhcp class....................................................................................... 345 30.1.
Content 31.8 IP DHCP SNOOPING ACTION ................................................................ 359 31.9 IP DHCP SNOOPING ACTION MAXNUM.................................................. 360 31.10 IP DHCP SNOOPING BINDING ............................................................. 360 31.11 IP DHCP SNOOPING BINDING ARP ....................................................... 361 31.12 IP DHCP SNOOPING BINDING DOT1X .................................................. 361 31.
Content 33.1.2 access-list (Multicast Source Control) ................................................... 379 33.1.3 ip multicast destination-control............................................................... 380 33.1.4 ip multicast destination-control access-group........................................ 380 33.1.5 ip multicast destination-control access-group (sip)................................ 380 33.1.6 ip multicast destination-control access-group (vmac) ........................... 381 33.1.
Content 34.1 COMMANDS FOR MLD SNOOPING CONFIGURATION ............................. 397 34.1.1 clear ipv6 mld snooping vlan.................................................................. 397 34.1.2 clear ipv6 mld snooping vlan <1-4094> mrouter-port ............................ 397 34.1.3 debug mld snooping all/packet/event/timer/mfc .................................... 397 34.1.4 ipv6 mld snooping .................................................................................. 398 34.1.
Content 36.13 IP ACCESS STANDARD ...................................................................... 418 36.14 IPV6 ACCESS-LIST ........................................................................... 418 36.15 IPV6 ACCESS STANDARD .................................................................. 419 36.16 IPV6 ACCESS EXTENDED .................................................................. 419 36.17 {IP|IPV6|MAC|MAC-IP} ACCESS-GROUP .............................................. 419 36.
Content 38.9 DOT1X GUEST-VLAN .......................................................................... 442 38.10 DOT1X MACFILTER ENABLE .............................................................. 443 38.11 DOT1X MACBASED PORT-DOWN-FLUSH.............................................. 443 38.12 DOT1X MAX-REQ ............................................................................. 444 38.13 DOT1X USER ALLOW-MOVEMENT ...................................................... 444 38.
Content 40.1 AM ENABLE ....................................................................................... 458 40.2 AM PORT .......................................................................................... 458 40.3 AM IP-POOL ...................................................................................... 458 40.4 AM MAC-IP-POOL ............................................................................... 459 40.5 NO AM ALL ..............................................................
Content 43.12 RADIUS-SERVER AUTHENTICATION HOST ........................................... 473 43.13 RADIUS-SERVER DEAD-TIME ............................................................. 474 43.14 RADIUS-SERVER KEY ....................................................................... 475 43.15 RADIUS-SERVER RETRANSMIT .......................................................... 475 43.16 RADIUS-SERVER TIMEOUT ................................................................ 476 43.
Content 46.11 MAC-AUTHENTICATION-BYPASS TIMEOUT REAUTH-PERIOD ................... 489 46.12 MAC-AUTHENTICATION-BYPASS TIMEOUT STALE-PERIOD ..................... 490 46.13 MAC-AUTHENTICATION-BYPASS USERNAME-FORMAT ........................... 490 46.14 SHOW MAC-AUTHENTICATION-BYPASS ............................................... 491 CHAPTER 47 COMMANDS FOR PPPOE INTERMEDIATE AGENT .................................................................................................. 493 47.
Content 48.7 SHOW WEBPORTAL ............................................................................ 504 48.8 SHOW WEBPORTAL BINDING ............................................................... 505 48.9 WEBPORTAL BINDING-LIMIT ................................................................ 506 48.10 WEBPORTAL ENABLE ....................................................................... 506 48.11 WEBPORTAL ENABLE (PORT) ............................................................ 507 48.
Content 51.1 CONTROL-VLAN ................................................................................ 525 51.2 CLEAR MRPP STATISTICS .................................................................... 525 51.3 DEBUG MRPP .................................................................................... 526 51.4 ENABLE............................................................................................ 526 51.5 ERRP DOMAIN ......................................................................
Content 52.20 ULPP FLUSH DISABLE MAC................................................................ 541 52.21 ULPP FLUSH ENABLE ARP ................................................................. 541 52.22 ULPP FLUSH ENABLE MAC ................................................................ 542 52.23 ULPP GROUP .................................................................................. 542 52.24 ULPP GROUP MASTER ...................................................................... 542 52.
Content 56.5 SHOW SNTP ...................................................................................... 556 CHAPTER 57 COMMANDS FOR NTP...................................... 557 57.1 CLOCK TIMEZONE .............................................................................. 557 57.2 DEBUG NTP ADJUST ........................................................................... 557 57.3 DEBUG NTP AUTHENTICATION ............................................................. 558 57.4 DEBUG NTP EVENTS ...
Content 59.9 SHOW BOOT-FILES ............................................................................ 574 59.10 SHOW DEBUGGING .......................................................................... 575 59.11 SHOW FAN ...................................................................................... 575 59.12 SHOW FLASH .................................................................................. 575 59.13 SHOW HISTORY ........................................................................
Content 61.5 CPU-RX-RATELIMIT QUEUE-LENGTH .................................................... 588 61.6 CPU-RX-RATELIMIT TOTAL .................................................................. 588 61.7 DEBUG DRIVER ................................................................................. 588 61.8 PROTOCOL FILTER ............................................................................. 589 61.9 SHOW CPU-RX PROTOCOL..................................................................
Commands for Basic Switch Configuration Chapter 1 Commands for Basic Switch Configuration 1.1 Commands for Basic Configuration 1.1.1 authentication line Command: authentication line {console | vty | web} login {local | radius | tacacs} no authentication line {console | vty | web} login Function: Configure VTY (login with Telnet and SSH), Web and Console, so as to select the priority of the authentication mode for the login user. The no form command restores the default authentication mode.
Commands for Basic Switch Configuration 1.1.2 banner Command: banner motd no banner motd Function: This command is used to configure the information displayed when the login authentication of a telnet or console user is successful, the no command configures that the information is not displayed when the authentication is successful. Parameters: : The information displayed when the authentication is successful, length limit from 1 to 100 characters.
Commands for Basic Switch Configuration 1.1.4 boot startup-config Command: boot startup-config {NULL | } Function: Configure the CFG file used in the next booting of the switch. Parameters: The NULL keyword means to use the factory original configuration as the next booting configuration. Setting the CFG file used in the next booting as NULL equals to implementing set default and write commands. is the full path of CFG file used in the next booting.
Commands for Basic Switch Configuration 1.1.6 config Command: config [terminal] Function: Enter Global Mode from Admin Mode. Parameter: [terminal] indicates terminal configuration. Command mode: Admin Mode Example: Switch#config 1.1.7 debug ssh-server Command: debug ssh-server no debug ssh-server Function: Display SSH server debugging information; the “no debug ssh-server” command stops displaying SSH server debugging information. Default: This function is disabled by default. Command mode: Admin Mode.
Commands for Basic Switch Configuration Mode. If the correct Admin user password is entered, Admin Mode access is granted; if 3 consecutive entry of Admin user password are all wrong, it remains in the User Mode. When the user’s privilege is changed from the low level to the high level, it needs to authenticate the password of the corresponding level, or else it will not authenticate the password. Set the Admin user password under Global Mode with “enable password” command.
Commands for Basic Switch Configuration Command: exec-timeout [] no exec-timeout Function: Configure the timeout of exiting admin mode. The “no exec-timeout” command restores the default value. Parameters: is the time value shown in minute and ranges between 0~35791. is the time value shown in seconds and ranges between 0~59. Command mode: Global mode Default: Default timeout is 10 minutes.
Commands for Basic Switch Configuration anytime at the command line please press '?'. If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.g. 'show ?') and describes each possible argument. 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. 'show ve?'.) 1.1.
Commands for Basic Switch Configuration Example: Set IP address of a host with the hostname of “beijing” to 200.121.1.1. Switch(config)#ip host beijing 200.121.1.1 Command related: telnet, ping, traceroute 1.1.17 ipv6 host Command: ipv6 host no ipv6 host { | all} Function: Configure the mapping relationship between the IPv6 address and the host; the no command deletes this mapping relationship.
Commands for Basic Switch Configuration Command mode: Admin and Config Mode. Default: The default setting is English display. Usage Guide: Switch provides help information in two languages, the user can select the language according to their preference. After the system restart, the help information display will revert to English. 1.1.20 login Command: login no login Function: login enable password authentication, no login command cancels the login configuration.
Commands for Basic Switch Configuration no privilege mode level <1-15> LINE Function: Configure the level for the specified command, the no command restores the original level of the command. Parameters: mode: register mode of the command, ‘Tab’ or ‘?’ is able to show all register modes <1-15> is the level, its range between 1 and 15 LINE: the command needs to be configured, it supports the command abbreviation Command Mode: Global mode Usage Guide: This function cannot change the command itself.
Commands for Basic Switch Configuration command cancels the encryption. Command mode: Global Mode Default: No service password-encryption by system default Usage guide: The current unencrypted passwords as well as the coming passwords configured by password, enable password, ip ftp and username command will be encrypted by executed this command. no service password-encryption cancels this function however encrypted passwords remain unchanged.
Commands for Basic Switch Configuration Command: sysLocation no sysLocation Function: Set the factory address, the “no sysLocation” command reset the switch to factory settings. Parameter: is the prompt character string, range from 0 to 255 characters. Command mode: Global Mode Default: The factory settings. Usage guide: The user can set the factory address bases the fact instance. Example: Set the factory address to test. Switch(config)#sysLocation test 1.1.
Commands for Basic Switch Configuration Command mode: Admin and Configuration Mode. Usage Guide: If the system clock is inaccurate, user can adjust the time by examining the system date and clock. Example: Switch#show clock Current time is TUE AUG 22 11:00:01 2002 Command related: clock set 1.1.31 show cpu usage Command: show cpu usage [] Function: Show CPU usage rate. Command mode: Admin and configuration mode. Usage Guide: Check the current usage of CPU resource by show cpu usage command.
Commands for Basic Switch Configuration 1.1.33 show memory usage Command: show memory usage [] Function: Show memory usage rate. Command mode: Admin and configuration mode. Usage Guide: Check the current usage of memory resource by show memory usage command. Only the chassis switch uses slotno parameter which is used to show the memory usage rate of card on the specified slot, if there is no parameter, the default is current card. Example: Show the current usage rate of the memory.
Commands for Basic Switch Configuration Privilege is : 15 1.1.36 show tcam usage This command is not supported by the switch. 1.1.37 show temperature This command is not supported by the switch. 1.1.38 show tech-support Command: show tech-support [no-more] Function: Display the operational information and the task status of the switch. The technique specialist use this command to diagnose whether the switch operate normally.
Commands for Basic Switch Configuration is the maximum privilege level of the commands that the user is able to execute, its value is limited between 1 and 15, and 1 by default. is the password for the user. If input option 0 on password setting, the password is not encrypted; if input option 7, the password is encrypted (Use 32 bits password encrypted by MD5). Command Mode: Global Mode.
Commands for Basic Switch Configuration Function: Set the language for displaying the HTTP Server information. Parameter: chinese for Chinese display; english for English display. Command mode: Admin Mode Default: The default setting is English display. Usage Guide: The user can select the language according to their preference. 1.1.42 write Command: write Function: Save the currently configured parameters to the Flash memory. Command mode: Admin Mode.
Commands for Basic Switch Configuration method1 [method2…] no accounting line {console | vty} exec Function: Configure the list of the accounting method for the login user with VTY (login with Telnet and SSH) and Console. The no command restores the default accounting method.
Commands for Basic Switch Configuration whether command accounting configures start-stop method or stop-only method. Example: Configure the command accounting with the telnet method. Switch(config)#authorization line vty command 15 start-stop tacacs 1.2.3 authentication enable Command: authentication enable method1 [method2…] no authentication enable Function: Configure the list of the enable authentication method. The no command restores the default authentication method.
Commands for Basic Switch Configuration Command Mode: Global Mode. Example: Binding standard IP ACL protocol to access-class 1. Switch(config)#authentication ip access-class 1 in 1.2.5 authentication ipv6 access-class Command: authentication ipv6 access-class {|} no authentication ipv6 access-class Function: Binding standard IPv6 ACL protocol to login with Telnet/SSH/Web; the no form command will cancel the binding ACL.
Commands for Basic Switch Configuration next authentication method (Exception: if the local authentication method failed, it will attempt the next authentication method); it will attempt the next authentication method if it receives nothing. And AAA function RADIUS server should be configured before the RADIUS configuration method can be used. And TACACS server should be configured before the TACACS configuration method can be used.
Commands for Basic Switch Configuration Parameters: is the security IPv6 address which can login the switch. Default: No security IPv6 addresses are configured by default. Command Mode: Global Mode. Usage Guide: IPv6 address of the client which can login the switch is not restricted before the security IPv6 address is not configured. After the security IPv6 address is configured, only clients with security IPv6 addresses are able to login the switch.
Commands for Basic Switch Configuration 1.2.10 terminal length Command: terminal length <0-512> terminal no length Function: Set length of characters displayed in each screen on terminal; the “terminal no length” cancels the screen switching operation and display content once in all. Parameter: Length of characters displayed in each screen, ranging between 0-512 (0 refers to non-stop display). Command mode: Admin Mode. Default: Default Length is 25.
Commands for Basic Switch Configuration Usage Guide: This command is used when the switch is applied as Telnet client, for logging on remote host to configure. When a switch is applied as a Telnet client, it can only establish one TCP connection with the remote host. To connect to another remote host, the current TCP connection must be disconnected with a hotkey “CTRL+ \”. To telnet a host name, mapping relationship between the host name and the IP/IPv6 address should be previously configured.
Commands for Basic Switch Configuration Parameters: : the max connection number supported by the Telnet service, ranging from 5 to 16. The default option will restore the default configuration. Default: The system default value of the max connection number is 5. Command Mode: Global Mode Usage Guide: None. Example: Set the max connection number supported by the Telnet service as 10. Switch(config)#telnet-server max-connection 10 1.2.
Commands for Basic Switch Configuration Command: ssh-server host-key create rsa [modulus < modulus >] Function: Generate new RSA host key. Parameter: modulus is the modulus which is used to compute the host key; valid range is 768 to 2048. The default value is 1024. Command mode: Global Mode Default: The system uses the key generated when the ssh-server is started at the first time. Usage Guide: This command is used to generate the new host key.
Commands for Basic Switch Configuration command restores the default timeout value for SSH authentication. Parameter: is timeout value; valid range is 10 to 600 seconds. Command mode: Global Mode Default: SSH authentication timeout is 180 seconds by default. Usage Guide: This command is used to set SSH authentication timeout, the default timeout is 180 seconds. Example: Set SSH authentication timeout to 240 seconds. Switch(config)#ssh-server timeout 240 1.2.
Commands for Basic Switch Configuration Function: Show the current login users with vty. Parameter: None. Command Mode: All configuration modes Example: Show the current login users with vty. Switch#who Telnet user a login from 192.168.1.20 1.3 Commands for Configuring Switch IP 1.3.1 interface vlan Command: interface vlan no interface vlan Function: Enter the VLAN interface configuration mode; the no operation of this command will delete the existing VLAN interface.
Commands for Basic Switch Configuration address. Default: No IP address is configured upon switch shipment. Command mode: VLAN Interface Mode Usage Guide: A VLAN interface must be created first before the user can assign an IP address to the switch. Example: Set 10.1.128.1/24 as the IP address of VLAN1 interface. Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip address 10.1.128.1 255.255.255.
Commands for Basic Switch Configuration address through BootP negotiation; the “no ip bootp-client enable” command disables the BootP Client function and releases the IP address obtained in BootP. Default: BootP client function is disabled by default. Command mode: VLAN Interface Mode Usage Guide: Obtaining IP address through BootP, Manual configuration and DHCP are mutually exclusive, enabling any two methods for obtaining IP address is not allowed.
Commands for Basic Switch Configuration 1.4 Commands for SNMP 1.4.1 debug snmp mib Command: debug snmp mib no debug snmp mib Function: Enable the SNMP mib debugging; the "no debug snmp mib” command disables the debugging. Command Mode: Admin Mode. Usage Guide: When user encounters problems in applying SNMP, the SNMP debugging is available to locate the problem causes. Example: Switch#debug snmp mib 1.4.
Commands for Basic Switch Configuration 1.4.4 show private-mib oid Command: show private-mib oid Function: Show the original oid of the private mib. Command mode: Admin and configuration mode. Usage Guide: Check the beginning oid of the private mib by show private-mib oid command. Example: Show the original oid of the private mib. Switch#show private-mib oid Private MIB OID:1.3.6.1.4.1.6339 1.4.5 show snmp Command: show snmp Function: Display all SNMP counter information.
Commands for Basic Switch Configuration snmp packets input Total number of SNMP packet inputs. bad snmp version errors Number of version information error packets. unknown community name Number of community name error packets. illegal operation for community name Number of permission for community supplied name error packets. encoding errors Number of encoding error packets. number of requested variable Number of variables requested by NMS.
Commands for Basic Switch Configuration SNMP engineID Engine number Engine Boots Engine boot counts 1.4.7 show snmp group Command: show snmp group Function: Display the group information commands. Command Mode: Admin and Configuration Mode.
Commands for Basic Switch Configuration V3 Trap Host Information: Security IP Information: Displayed information Description Community string Community string Community access Community access permission Trap-rec-address IP address which is used to receive Trap. Trap enable Enable or disable to send Trap. SecurityIP IP address of the NMS which is allowed to access Agent 1.4.10 show snmp user Command: show snmp user Function: Display the user information commands.
Commands for Basic Switch Configuration 1.3. Excluded active Displayed Information Explanation View Name View name 1. and 1.3. OID number Included The view includes sub trees rooted by this OID Excluded The view does not include sub trees rooted by this OID active State 1.4.
Commands for Basic Switch Configuration Command mode: Global Mode Usage Guide: The switch supports up to 4 community strings. It can realize the access-control for specifically community view by binding the community name to specifically readable view or writable view. Example: Add a community string named “private” with read-write permission. Switch(config)#snmp-server community rw 0 private Add a community string named “public” with read-only permission.
Commands for Basic Switch Configuration Default: Forbid to send Trap message. Usage Guide: When Trap message is enabled, if Down/Up in device ports or of system occurs, the device will send Trap messages to NMS that receives Trap messages. Example: Enable to send Trap messages. Switch(config)#snmp-server enable traps Disable to send Trap messages. Switch(config)#no snmp-server enable traps 1.4.
Commands for Basic Switch Configuration AuthNopriv Applies the recognizing but non encrypting safety level AuthPriv Applies the recognizing and encrypting safety level read-string Name of readable view which includes 1-32 characters write-string Name of writable view which includes 1-32 characters notify-string Name of trappable view which includes 1-32 characters is the access-class number for standard numeric ACL, ranging between 1-99; is the access-class name for standard ACL, the chara
Commands for Basic Switch Configuration NoauthNopriv | AuthNopriv | AuthPriv is the safety level v3 trap is applied, which may be non encrypted and non authentication, non encrypted and authentication, encrypted and authentication. is the community character string applied when sending the Trap message at v1/v2, and will be the user name at v3. Usage Guide: The Community character string configured in this command is the default community string of the RMON event group.
Commands for Basic Switch Configuration 1.4.19 snmp-server securityip Command: snmp-server securityip {enable | disable} Function: Enable/disable the security IP address authentication on NMS management station. Command Mode: Global Mode Default: Enable the security IP address authentication function. Example: Disable the security IP address authentication function. Switch(config)#snmp-server securityip disable 1.4.
Commands for Basic Switch Configuration this user. Command Mode: Global Mode. Parameter: is the user name containing 1-32 characters. is the name of the group the user belongs to, containing 1-32 characters. authPriv use DES for the packet encryption. authNoPriv not use DES for the packet encryption. auth perform packet authentication. md5 packet authentication using HMAC MD5 algorithm. sha packet authentication using HMAC SHA algorithm.
Commands for Basic Switch Configuration Parameter: view name, containing 1-32 characters. is OID number or corresponding node name, containing 1-255 characters. include | exclude, include/exclude this OID. Usage Guide: The command supports not only the input using the character string of the variable OID as parameter. But also supports the input using the node name of the parameter. Example: Create a view, the name is readview, including iso node but not including the iso.
Commands for Basic Switch Configuration nos.img System files boot.rom System startup files stacking/nos.img As destination address, execute system files upgrade for Slave in stacking mode stacking/nos.rom As destination address, execute system startup files upgrade for Slave in stacking mode Command Mode: Admin Mode.
Commands for Basic Switch Configuration Parameter: is the location of the source files or directories to be copied; is the destination address to which the files or directories to be copied; forms of and vary depending on different locations of the files or directories. ascii indicates the ASCII standard will be adopted; binary indicates that the binary system will be adopted in the file transmission ( default transmission method).
Commands for Basic Switch Configuration (5) Save the running configuration files Switch#copy running-config startup-config Relevant Command: write 79
Commands for Basic Switch Configuration 1.5.3 ftp-dir Command: ftp-dir Function: Browse the file list on the FTP server. Parameter: The form of is : ftp://:@{ | }, amongst is the FTP user name, is the FTP user password, { | } is the IPv4 or IPv6 address of the FTP server.
Commands for Basic Switch Configuration Switch#config Switch(config)#ftp-server timeout 100 1.5.6 ip ftp Command: ip ftp username password [0 | 7] no ip ftp username Function: Configure the username and password for logging in to the FTP; the no operation of this command will delete the configured username and password simultaneously.
Commands for Basic Switch Configuration Command mode: Admin and Configuration Mode. Example: Switch#show tftp timeout : 60 Retry Times : 10 Displayed information Explanation Timeout Timeout time. Retry Times Retransmission times. 1.5.9 tftp-server enable Command: tftp-server enable no tftp-server enable Function: Start TFTP server, the “no ftp-server enable” command shuts down TFTP server and prevents TFTP user from logging in. Default: Disable TFTP Server.
Commands for Basic Switch Configuration 1.5.11 tftp-server transmission-timeout Command: tftp-server transmission-timeout Function: Set the transmission timeout value for TFTP server. Parameter: is the timeout value, the valid range is 5 to 3600s. Default: The system default timeout setting is 600 seconds. Command mode: Global Mode Example: Modify the timeout value to 60 seconds.
Commands for Cluster Chapter 2 Commands for Cluster 2.1 clear cluster nodes Command: clear cluster nodes [nodes-sn | mac-address ] Function: Clear the nodes in the candidate list found by the commander switch. Parameters: candidate-sn-list: sn of candidate switches, ranging from 1 to 256. More than one candidate can be specified. mac-address: mac address of the switches (including all candidates, members and other switches).
Commands for Cluster 2.3 cluster commander Command: cluster commander [] no cluster commander Function: Set the switch as a commander switch, and create a cluster. Parameter: is the cluster’s name, no longer than 32 characters. Command mode: Global Mode Default: Default setting is no commander switch. cluster_name is null by default.
Commands for Cluster 10.254.254.10 Switch(config)#cluster ip-pool 10.254.254.10 2.5 cluster keepalive interval Command: cluster keepalive interval no cluster keepalive interval Function: Configure the interval of keepalive messages within the cluster. Parameters: : keepalive interval, in seconds, ranging from 3 to 30. Default: The default value is 30 seconds. Command Mode: Global Configuration Mode.
Commands for Cluster After executing it on a non commander switch, the configuration value will be saved but not used until the switch becomes a commander. Before that, its loss-count value is the one distributed by its commander. commander calculates the loss-count after sending each DP message by adding 1 to the loss-count of each switch and clearing that of a switch after receiving a DR message from the latter.
Commands for Cluster or into the cluster it belongs to. One or more candidates are allowed at one time, linked with ‘-‘ or ‘;’. A switch can only be member or commander of one cluster, exclusively. Attempts to execute the command on a non commander switch will return error. The no operation of this command will delete the specified member switch, and turn it back to a candidate. Example: In the commander switch, add the candidate switch which has the sequence number as 1.
Commands for Cluster Switch#cluster reset member 1 2.10 cluster run Command: cluster run [key ] [vid ] no cluster run Function: Enable cluster function; the “no cluster run” command disables cluster function. Parameter: key:all keys in one cluster should be the same, no longer than 16 characters. vid:vlan id of the cluster, whose range is 1-4094. Command mode: Global Mode Default: Cluster function is disabled by default, key: NULL(\0) vid:1. Instructions: This command enables cluster function.
Commands for Cluster when src-url is a TFTP address, its form will be: tftp:///,in which is the IP address of the TFTP server is the name of the file to be downloaded via. Special keywords used in filename: Keywords source or destination address startup-config start the configuration file nos.
Commands for Cluster 2.13 debug cluster packets Command: debug cluster packets {DP | DR | CP} {receive | send} no debug cluster packets {DP | DR | CP} {receive | send} Function: Enable the debug; the no command disables the debug. Parameters: DP: discovery messages. DR: responsive messages. CP: command messages. receive: receive messages. send: send messages. Default: None. Command Mode: Admin Mode. Usage Guide: Enable the debug of cluster messages.
Commands for Cluster ----in a member ---------------------------Switch#show cluster Status: Enabled Cluster VLAN: 1 Role: Member Commander Ip Address: 10.254.254.1 Internal Ip Address: 10.254.254.2 Commamder Mac Address: 00-12-cf-39-1d-90 ---- a candidate ---------------------------Switch#show cluster Status: Enabled Cluster VLAN: 1 Role: Candidate ---- disabled ---------------------------Switch#show cluster Status: Disabled 2.
Commands for Cluster 2.16 show cluster candidates Command: show cluster candidates [nodes-sn | mac-address ] Function: Display the statistic information of the candidate member switches on the command switch Parameter: candidate-sn-list:candidate switch sn, ranging from 1 to 256. More than one switch can be specified. mac-address: mac address of the candidate switch Default: No parameters means to display information of all member switches.
Commands for Cluster Switch#show cluster topology Role: commander(CM);Member(M);Candidate(CA);Other commander(OC);Other member(OM) LV SN Description Hostname Role MAC_ADDRESS Upstream local-port 1 Upstream leaf remote-port node 1 ES4626H LAB_SWITCH_1 CM 01-02-03-04-05-01 -root- -root- - 2 ES4626H LAB_SWITCH_2 M 01-02-03-04-05-02 eth 1/1 eth 1/2 N 3 ES4626H LAB_SWITCH_3 CA 01-02-03-04-05-03 eth 1/1 eth 1/3 Y 4 ES4626H LAB_SWITCH_4 CA 01-02-03-04-05-04 eth 1/1 eth 1/4 Y
Commands for Cluster Upstream remote-port:eth 1/2 Upstream speed: 100full Switch# ---------------------------------------------Switch#show cluster topology mac-address 01-02-03-04-05-02 Toplogy role: Member Member status: Active member (user-config) SN: 2 MAC Address: 01-02-03-04-05-02 Description: ES4626H Hostname : LAB_SWITCH_2 Upstream local-port: eth 1/1 Upstream node: 01-02-03-04-05-01 Upstream remote-port: eth 1/2 Upstream speed: 100full 2.
Commands for Cluster member, whose range is 1~128. Default: None. Command mode: Admin Mode. Usage Guide: After executing this command, users will remotely login to a member switch and enter Admin Mode on the latter. Use exit to quit the configuration interface of the member. Because of the use of internal private IP, telnet authentication will be omitted on member switches. This command can only be executed on commander switches.
Commands for Network Port Configuration Chapter 3 Commands for Network Port Configuration 3.1 Commands for Ethernet Port Configuration 3.1.1 bandwidth Command: bandwidth control {transmit | receive | both} no bandwidth control Function: Enable the bandwidth limit function on the port; the no command disables this function.
Commands for Network Port Configuration 3.1.2 clear counters interface Command: clear counters [interface {ethernet | vlan | port-channel | }] Function: Clears the statistics of the specified port. Parameters: stands for the Ethernet port number; stands for the VLAN interface number; for trunk interface number; for interface name, such as port-channel 1.
Commands for Network Port Configuration Command mode: Port Mode. Default: Port flow control is disabled by default. Usage Guide: After the flow control function is enabled, the port will notify the sending device to slow down the sending speed to prevent packet loss when traffic received exceeds the capacity of port cache. Ports support IEEE802.3X flow control; the ports work in half-duplex mode, supporting back-pressure flow control.
Commands for Network Port Configuration normally. After loopback has been enabled, the port will assume a connection established to itself, and all traffic sent from the port will be received at the very same port. Example: Enabling loopback test in Ethernet ports 1/1-8. Switch(config)#interface ethernet 1/1-8 Switch(Config-If-Port-Range)#loopback 3.1.
Commands for Network Port Configuration can be active at a time, and only this port can send and receive data normally. For the determination of the active port in a combo port, see the table below. The headline row in the table indicates the combo mode of the combo port, while the first column indicates the connection conditions of the combo port, in which Note: 1. Combo port is a conception involving the physical layer and the LLC sublayer of the datalink layer.
Commands for Network Port Configuration 3.1.10 port-rate-statistics interval Command: port-rate-statistics interval Function: Set the interval of port-rate-statistics, ranging from 5 to 600. Parameter: interval-value: The interval of port-rate-statistics, unit is second, ranging from 5 to 600 with the configuration step of 5. Default: Only port-rate-statistics of 5 seconds and 5 minutes are displayed. Command Mode: Global Mode Usage Guide: None.
Commands for Network Port Configuration Command: rate-violation [broadcast | multicast | unicast | all] <200-2000000> no rate-violation Function: Set the max packet reception rate of a port. Any packet which violate the packet reception rate to process the control operation (currently shutdown and block operations are supported) of rate-violation. The no command will disable the rate-violation function of a port.
Commands for Network Port Configuration EAPS(MRPP), Loopback Detection, ULPP are mutually exclusive. If other modules set STP state, this function can not be set to block mode. <0-86400>: The interval of recovery after shutdown, the unit is s. recovery: After a period of time the port can recover Shutdown to UP again. <0-86400> is the timeout of recovery.
Commands for Network Port Configuration Usage Guide: While for vlan interfaces, the port MAC address, IP address and the statistic state of the data packet will be shown; As for Ethernet port, this command will show port speed rate, duplex mode, flow control switch state, broadcast storm suppression of the port and the statistic state of the data packets; for aggregated port, port speed rate, duplex mode, flow control switch state, broadcast storm suppression of the port and the statistic state of the data
Commands for Network Port Configuration Show the information of port 1/1: Switch#show interface e1/1 Ethernet1/1 is up, line protocol is down Ethernet1/1 is layer 2 port, alias name is (null), index is 1 Hardware is Gigabit-TX, address is 00-03-0f-02-fc-01 PVID is 1 MTU 1500 bytes, BW 10000 Kbit Encapsulation ARPA, Loopback not set Auto-duplex: Negotiation half-duplex, Auto-speed: Negotiation 10M bits FlowControl is off, MDI type is auto 5 minute input rate 0 bytes/sec, 0 packets/sec 5 minute output rate 0
Commands for Network Port Configuration Interface 1/1 Unicast(pkts) IN 12,345,678 OUT 23,456,789 1/2 1/3 1/4 BroadCast(pkts) 12,345,678,9 MultiCast(pkts) 12,345,678,9 34,567,890 Err(pkts) 4,567 5,678 0 IN 0 0 0 0 OUT 0 0 0 0 IN 0 0 0 0 OUT 0 0 0 0 IN 0 0 0 0 OUT 0 0 0 0 … Show the rate statistics information of all layer 2 ports: Switch#Show interface ethernet counter rate Interface 1/1 1/2 1/3 1/4 IN(pkts/s) IN(bytes/s) OUT(pkts/s) OUT(bytes/s) 5m 13,473 12,3
Commands for Network Port Configuration 3.1.
Commands for Network Port Configuration Switch2(Config-If-Ethernet1/1)#speed-duplex force100-half 3.1.19 storm-control Command: storm-control {unicast | broadcast | multicast} no storm-control {unicast | broadcast | multicast} Function: Sets the traffic limit for broadcasts, multicasts and unknown destination unicasts on all ports in the switch; the no command disables this traffic suppression function on all ports in the switch, i.e.
Commands for Network Port Configuration Parameter: : Port ID Command Mode: Admin Mode. Default Settings: No link test. Usage Guide: The RJ-45 port connected with the twisted pair under test should be in accordance with the wiring sequence rules of IEEE802.3, or the wire pairs in the test result may not be the actual ones. On a 100M port, only two pairs are used: (1, 2) and (3, 6), whose results are the only effective ones.
Commands for Network Port Configuration specified port; mcast: prevents that unknown multicast packets can not be transmitted to the specified port; ucast: prevents that unknown unicast packets can not be transmitted to the specified port. Command Mode: Port configuration mode. Default: Switch transmits broadcast, unknown multicast and unknown unicast packets to other port in broadcast domain.
Commands for Port Isolation Function Chapter 4 Commands for Port Isolation Function 4.1 isolate-port group Command: isolate-port group no isolate-port group Function: Set a port isolation group, which is the scope of isolating ports; the no operation of this command will delete a port isolation group and remove all ports out of it. Parameters: is the name identification of the group, no longer than 32 characters. Command Mode: Global Mode. Default: None.
Commands for Port Isolation Function into a port isolation group, and vice versa, a member of a port isolation group should not be added into an aggregation group. But one port can be a member of one or more port isolation groups. Parameters: is the name identification of the group, no longer than 32 characters.
Commands for Port Loopback Detection Function Chapter 5 Commands for Port Loopback Detection Function 5.1 debug loopback-detection Command: debug loopback-detection Function: After enabling the loopback detection debug on a port, BEBUG information will be generated when sending, receiving messages and changing states. Parameters: None. Command Mode: Admin Mode. Default: Disabled by default. Usage Guide: Display the message sending, receiving and state changes with this command.
Commands for Port Loopback Detection Function Usage Guide: If there is any loopback, the port will not recovery the state of be controlled after enabling control operation on the port. If the overtime is configured, the ports will recovery normal state when the overtime is time-out. If the control method is block, the corresponding relationship between instance and vlan id should be set manually by users, it should be noticed when be used.
Commands for Port Loopback Detection Function the detection interval if no loopback is found, ranging from 1 to 30, in seconds. Default: The default value is 5s with loopbacks existing and 3s otherwise. Command Mode: Global Mode. Usage Guide: When there is no loopback detection, the detection interval can be relatively shorter, for too short a time would be a disaster for the whole network if there is any loopback. So, a relatively longer interval is recommended when loopbacks exist.
Commands for Port Loopback Detection Function 5.6 show loopback-detection Command: show loopback-detection [interface ] Function: Display the state of loopback detection on all ports if no parameter is provided, or the state and result of the specified ports according to the parameters. Parameters: the list of ports to be displayed, for example: ethernet 1/1. Command Mode: Admin and Configuration Mode.
Commands for ULDP Chapter 6 Commands for ULDP 6.1 debug uldp Command: debug uldp (hello | probe | echo | unidir | all) [receive | send] interface [ethernet] IFNAME no debug uldp (hello | probe | echo | unidir | all) [receive | send] interface [ethernet] IFNAME Function: Enable the debugging for receiving and sending the specified packets or all ULDP packets on port. After enable the debugging, show the information of the received and sent packets in terminal. The no command disables the debugging.
Commands for ULDP 6.3 debug uldp event Command: debug uldp event no debug uldp event Function: Enable the message debug function to display the event; the no form command disables this function. Parameter: None. Command Mode: Admin Mode. Default: Disabled. Usage Guide: Use this command to display all kinds of event information. Example: Display event information. Switch#debug uldp event 6.
Commands for ULDP Default: Disabled. Usage Guide: Use this command to display the Hello packet details receiving on the interface Ethernet 1/1. Switch#debug uldp hello receive interface Ethernet 1/1 6.6 debug uldp packet Command: debug uldp packet [receive|send] no debug uldp packet [receive|send] Function: Enable receives and sends packet debug function, after that. Display the type and interface of the packet which receiving and sending on the client. The no form command disables this function.
Commands for ULDP 6.8 uldp enable Command: uldp enable Function: ULDP will be enabled after issuing this command. In global configuration mode, this command will enable ULDP for the global. In port configuration mode, this command will enable ULDP for the port. Parameters: None. Command Mode: Global Configuration Mode and Port Configuration Mode. Default: By default ULDP is not configured. Usage Guide: ULDP can be configured for the ports only if ULDP is enabled globally.
Commands for ULDP Default: 10 seconds by default. Usage Guide: Interval for hello messages can be configured only if ULDP is enabled globally, its value limited between 5 and 100 seconds. Example: To configure the interval of Hello messages to be 12 seconds. Switch(config)#uldp hello-interval 12 6.11 uldp manual-shutdown Command: uldp manual-shutdown no uldp manual-shutdown Function: To configure ULDP to work in manual shutdown mode. The no command will restore the automatic mode. Parameters: None.
Commands for ULDP 6.13 uldp reset Command: uldp reset Function: To reset the port when ULDP is shutdown. Parameters: None. Command Mode: Globally Configuration Mode and Port Configuration Mode. Default: None. Usage Guide: This command can only be effect only if the specified interface is disabled by ULDP. Example: To reset all the port which are disabled by ULDP. Switch(config)#uldp reset 6.
Commands for LLDP Function Chapter 7 Commands for LLDP Function 7.1 clear lldp remote-table Command: clear lldp remote-table Function: Clear the Remote-table on the port. Parameters: None. Default: Do not clear the entries. Command Mode: Port Configuration Mode. Usage Guide: Clear the Remote table entries on this port. Example: Clear the Remote table entries on this port. Switch(Config-If-Ethernet 1/1)# clear lldp remote-table 7.
Commands for LLDP Function Default: Disable the debug information on the port. Command Mode: Admin Mode. Usage Guide: When the debug switch is enabled, users can check the receiving and sending of packets and other information on the port. Example: Enable the debug switch of LLDP function on the switch. Switch#debug lldp packets interface ethernet 1/1 %Jan 01 00:02:40 2006 LLDP-PDU-TX PORT= ethernet 1/1 7.
Commands for LLDP Function 7.6 lldp mode Command: lldp mode Function: Configure the operating state of LLDP function of the port. Parameters: send: Configure the LLDP function as only being able to send messages. receive: Configure the LLDP function as only being able to receive messages. both: Configure the LLDP function as being able to both send and receive messages. disable: Configure the LLDP function as not being able to send or receive messages.
Commands for LLDP Function no lldp neighbors max-num Function: Set the maximum number of entries can be stored in Remote MIB. Parameters: is the configured number of entries, ranging from 5 to 500. Default: The maximum number of entries can be stored in Remote MIB is 100. Command Mode: Port Configuration Mode. Usage Guide: The maximum number of entries can be stored in Remote MIB. Example: Set the Remote as 200 on port ethernet 1/5 of the switch.
Commands for LLDP Function Switch(Config-If-Ethernet1/5)#lldp tooManyNeighbors delete 7.11 lldp transmit delay Command: lldp transmit delay no lldp transmit delay Function: Since local information might change frequently because of the variability of the network environment, there could be many update messages sent in a short time. So a delay is required to guarantee an accurate statistics of local information.
Commands for LLDP Function Switch(Config-If-Ethernet1/5)# lldp transmit optional tlv portDesc sysCap 7.13 lldp trap Command: lldp trap Function: enable: configure to enable the Trap function on the specified port; disable: configure to disable the Trap function on the specified port. Parameters: None. Default: The Trap function is disabled on the specified port by default. Command Mode: Port Configuration Mode. Usage Guide: The function of sending Trap messages is enabled on the port.
Commands for LLDP Function 7.15 show debugging lldp Command: show debugging lldp Function: Display all ports with lldp debug enabled. Parameters: None. Default: None. Command Mode: Admin and Configuration Mode. Usage Guide: With show debugging lldp, all ports with lldp debug enabled will be displayed. Example: Display all ports with lldp debug enabled.
Commands for LLDP Function LLDP interval :30 LLDP txTTL :120 LLDP txShutdownWhile :2 LLDP NotificationInterval :5 LLDP txDelay :20 -------------END------------------ 7.17 show lldp interface ethernet Command: show lldp interface ethernet Function: Display the configuration information of LLDP on the port, such as: the working state of LLDP Agent. Parameters: : Interface name. Default: Do not display the configuration information of LLDP on the port. Command Mode: Admin Mode, Global Mode.
Commands for LLDP Function Example: Check the LLDP neighbor information of the port after LLDP is enabled on the port. Switch(config)#show lldp neighbors interface ethernet 1/1 7.19 show lldp traffic Command: show lldp traffic Function: Display the statistics of LLDP data packets. Parameters: None. Default: Do not display the statistics of LLDP data packets. Command Mode: Admin Mode, Global Mode. Usage Guide: Users can check the statistics of LLDP data packets by using “show lldp traffic”.
Commands for Port Channel Chapter 8 Commands for Port Channel 8.1 debug port-channel Command: debug port-channel {all | event | fsm | packet | timer} no debug port-channel [] Function: Open the debug switch of port-channel.
Commands for Port Channel the initial user configuration will not be restored. If it is configuration for modules, such as shutdown configuration, then the configuration to current port will apply to all member ports in the corresponding port group. Example: Entering configuration mode for port-channel 1. Switch(config)#interface port-channel 1 Switch(Config-If-Port-Channel1)# 8.
Commands for Port Channel 8.5 lacp timeout Command: lacp timeout {short | long} no lacp timeout Function: Set the timeout mode of LACP protocol. Parameters: The timeout mode includes long and short. Command mode: Port Mode Default: Long. Usage Guide: Set the timeout mode of LACP protocol. Example: Set the timeout mode as short in LACP protocol. Switch(Config-If-Ethernet1/1)#lacp timeout short 8.
Commands for Port Channel 8.7 port-group Command: port-group no port-group Function: Creates a port group. The no command deletes that group. Parameters: is the group number of a port channel from 1~14. Default: There is no port-group. Command mode: Global Mode Example: Creating a port group. Switch(config)# port-group 1 Delete a port group. Switch(config)#no port-group 1 8.
Commands for Port Channel 8.9 show port-group Command: show port-group [] {brief | detail |} Function: Display the specified group number or the configuration information of all port-channel which have been configured. Parameters: is the group number of port channel to be displayed, from 1~14; brief displays summary information; detail displays detailed information. Command mode: All Configuration Mode.
Commands for Port Channel Ethernet1/2 Selected 32768 1 {ACDEF} Ethernet1/3 Selected 32768 1 {ACDEF} Ethernet1/4 Selected 32768 1 {ACDEF} Ethernet1/5 Selected 32768 1 {ACDEF} Ethernet1/6 Selected 32768 1 {ACDEF} Ethernet1/7 Selected 32768 1 {ACDEF} Ethernet1/8 Selected 32768 1 {ACDEF} Ethernet1/20 Unselected 32768 1 {ACG} Ethernet1/23 Standby 1 {AC} 32768 Remote: Actor Partner Priority Oper-Key SystemID Flag ----------------------------------------------------
Commands for MTU Chapter 9 Commands for MTU 9.1 mtu Command: mtu [] no mtu Function: Configure the MTU size of JUMBO frame, enable the jumbo receiving/sending function. The no command restores to the normal frame receiving function. Parameter: mtu-value: the MTU value of frames that can be received, in byte, ranging from <1500-9000>. The corresponding frame size is <1518/1522-9018/9022>. Without setting is parameter, the allowed max frame size is 9018/9022.
Commands for EFM OAM Chapter 10 Commands for EFM OAM 10.1 clear ethernet-oam Command: clear ethernet-oam [interface {ethernet |} ] Function: Clear the statistic information of packets and link event on specific or all ports for OAM. Parameters: , the name of the port needs to clear OAM statistic information Command Mode: Admin mode Default: N/A. Usage Guide: N/A. Example: Clear the statistic information of OAM packets and link event on all ports. Switch(config)#clear ethernet-oam 10.
Commands for EFM OAM Parameters: : name of the port that the debugging will be enabled or disabled Command Mode: Admin mode Default: Disable. Usage Guide: N/A. Example: Enable the debugging of Discovery state machine for ethernet1/1. Switch#debug ethernet-oam fsm Discovery interface ethernet1/1. 10.
Commands for EFM OAM Example: Enable the debugging of refreshing information for all timers of ethernet1/1. Switch#debug ethernet-oam timer all interface ethernet1/1 10.6 ethernet-oam Command: ethernet-oam no ethernet-oam Function: Enable ethernet-oam of ports, no command disables ethernet-oam of ports. Parameters: None. Command Mode: Port mode Default: Disable. Usage Guide: N/A. Example: Enable ethernet-oam of Ethernet 1/4.
Commands for EFM OAM 10.8 ethernet-oam errored-frame threshold low Command: ethernet-oam errored-frame threshold low no ethernet-oam errored-frame threshold low Function: Configure the low threshold of errored frame event, no command restores the default value. Parameters: , the low detection threshold of errored frame event, ranging from 1 to 4294967295. Command Mode: Port mode Default: 1.
Commands for EFM OAM 10.10 ethernet-oam errored-frame-period threshold high Command: ethernet-oam errored-frame-period threshold high { | none} no ethernet-oam errored-frame-period threshold high Function: Configure the high threshold of errored frame period event, no command restores the default value. Parameters: , the high detection threshold of errored frame period event, ranging from 2 to 4294967295. none, cancel the high threshold configuration.
Commands for EFM OAM Example: Configure the low threshold of errored frame period event on port 1/4 to be 100. Switch(Config-If-Ethernet1/4)#ethernet-oam errored-frame-period threshold low 100 10.12 ethernet-oam errored-frame-period window Command: ethernet-oam errored-frame-period window no ethernet-oam errored-frame-period window Function: Configure the detection period of errored frame period event, no command restores the default value.
Commands for EFM OAM Default: none. Usage Guide: During the specific detection period, serious link event is induced if the number of errored frame seconds is larger than or equal to the high threshold and the device notifies the peer by sending Information OAMPDU of which the value of Link Fault flag in Flags field is 1. Note that the high threshold should not be less than the low threshold. The definition of errored frame seconds is the second in which errored frame is received.
Commands for EFM OAM Function: Configure the detection period of errored frame seconds event, no command restores the default value. Parameters: is the time for counting the specified frame number, its range from 50 to 450, unit is 200ms. Command Mode: Port mode Default: 300. Usage Guide: Detect errored frame seconds of the port after the time of specific detection period.
Commands for EFM OAM 10.17 ethernet-oam errored-symbol-period threshold low Command: ethernet-oam errored-symbol-period threshold low no ethernet-oam errored-symbol-period threshold low Function: Configure the low threshold of errored symbol event, no command restores the default value. Parameters: , the low threshold of errored symbol event, ranging from 1 to 18446744073709551615 symbols. none, cancel the high threshold configuration. Command Mode: Port mode Default: 1.
Commands for EFM OAM 10.19 ethernet-oam link-monitor Command: ethernet-oam link-monitor no ethernet-oam link-monitor Function: Enable link monitor, no command disables the function. Parameters: None. Command Mode: Port mode Default: Enable. Usage Guide: Enable OAM to monitor local link errors. Generally link monitor is enabled when enabling OAM function of the port.
Commands for EFM OAM Command Mode: Port mode Default: 1s. Usage Guide: Use this command to configure the transmission interval of Information OAMPDU which keep OAM connection normally. Example: Set the transmission interval of Information OAMPDU for ethernet 1/4 to be 2s. Switch(Config-If-Ethernet1/4)# ethernet-oam period 2 10.
Commands for EFM OAM Function: Configure the timeout of OAM connection, no command restores the default value. Parameters: , the timeout ranging from 5 to 10 seconds. Command Mode: Port mode Default: 5s. Usage Guide: OAM connection will be disconnected if no OAMPDU is received after specified timeout. Example: Set the timeout of OAM connection for ethernet 1/4 to be 6 seconds. Switch(Config-If-Ethernet1/4)#ethernet-oam timeout 6 10.
Commands for EFM OAM L - Link Monitor, R - Remote Loopback U - Unidirection, V - Variable Retrieval Remote-MAC-Addr MAC address of the peer Remote-Mode OAM working mode of the peer Functions are supported by OAM of the peer Remote-Capability L - Link Monitor, R - Remote Loopback U - Unidirection, V - Variable Retrieval Show detailed information of local OAM entity for ethernet 1/2: Switch#show ethernet-oam local interface ethernet1/2 Ethernet1/2 oam local Information: oam_status=enable local _mode=ac
Commands for EFM OAM Field Description Status of Ethernet OAM: oam_status enable, OAM is enabled; disable, OAM is not enabled. Working mode of Ethernet OAM: local _mode active, the port is set as active mode; passive, the port is set as passive mode. Period Transmission period of packets Timeout Timeout of connection The way in which the local end processes Ethernet OAMPDUs: RX_INFO, the port only receives Information OAMPDUs and does not send any Ethernet OAMPDUs.
Commands for EFM OAM indication): YES for support and NO for not. Link Fault Whether occur a Link Fault event: 0 for no and 1 for yes. Dying Gasp Whether occur a Dying Gasp event: 0 for no and 1 for yes. Critical Event Whether occur a Critical Event: 0 for no and 1 for yes. Max_OAMPDU_Size The maximum length of OAMPDU is supported. Show the number of the OAMPDU packets sent and OAMPDU received which is the sum of three kinds of packets.
Commands for EFM OAM The way in which the local end processes Ethernet OAMPDUs: RX_INFO, the port only receives Information OAMPDUs and does not send any Ethernet OAMPDUs. local_pdu LF_INFO, the port only sends Information OAMPDU packets without Information TLV and with their link error flag bits being set. INFO, the port only sends and receives Information OAMPDU packets. ANY, the port sends and receives any OAMPDU packets.
Commands for EFM OAM ] Function: Shows the statistic information of link events on specified or all ports with OAM enabled, including general link events and severe link events.
Commands for EFM OAM 300 errored frame low threshold:1 errored frame:1200120 errored frame high threshold:none errored running total:2302512542 event running total:232 OAM_local_link-fault:0 OAM_local_dying gasp:0 OAM_local_critical event:0 Field OAM_local_errored-symbol-period-events OAM_local_errored-frame-period-events OAM_local_errored-frame-events Description Statistic information of the local errored symbol events Statistic information of the local errored frame period events Statistic informat
Commands for EFM OAM 10.28 show ethernet-oam link-events configuration Command: show ethernet-oam link-events configuration [interface {ethernet | } ] Function: Show configuration of link events on specified or all ports with OAM enabled, including detection period and threshold of the events and so on.
Commands for PORT SECURITY Chapter 11 Commands for PORT SECURITY 11.1 clear port-security Command: clear port-security {all | configured | dynamic | sticky} [[address | interface ] [vlan ]] Function: Clear the secure MAC entries for the interfaces.
Commands for PORT SECURITY 11.3 switchport port-security Command: switchport port-security no switchport port-security Function: Configure port-security function for the interface, the no command disables port-security. Parameter: None. Default: Disable. Command Mode: Port mode Usage Guide: Clear all dynamic MACs after the interface enabled port-security, and all MACs learnt from the FDB_TYPE_PORT_SECURITY_DYNAMIC.
Commands for PORT SECURITY Example: Configure the aging time of the secure MAC as 1 second on the interface. Switch (config-if- ethernet1/1)# switchport port-security aging time 1 11.5 switchport port-security mac-address Command: switchport port-security mac-address [vlan ] no switchport port-security mac-address [vlan ] Function: Configure the static secure MAC on the interface, the no command cancels the configuration.
Commands for PORT SECURITY the number of the current secure MAC whether exceed the maximum MAC limit allowed by the interface. If exceeding the maximum MAC limit, it will result in violation operation. Example: Configure the secure MAC address on the interface. Switch(config-if-ethernet1/1)#switchport port-security mac-address sticky 00-00-00-00-00-01 11.
Commands for PORT SECURITY Parameter: protect:Protect mode, it will trigger the action that do not learn the new MAC, drop the package and do not send the warning. restrict:Restrict mode, it will trigger the action that do not learn the new MAC, drop the package, send snmp trap and record the configuration in syslog. shutdown:Shutdown mode is the default mode. Under this condition, the interface is disabled directly, send snmp trap and record the configuration in syslog. Default: Shutdown.
Commands for DDM Chapter 12 Commands for DDM 12.1 clear transceiver threshold-violation Command: clear transceiver threshold-violation [interface ethernet ] Function: Clear the threshold violation of the transceiver monitoring. Parameter: interface ethernet : The interface list that the threshold violation of the transceiver monitoring needs to be cleared. Command Mode: Admin mode Default: None. Usage Guide: None.
Commands for DDM Command Mode: User mode, admin mode and global mode Default: None. Usage Guide: Temperature can be accurate to the integer, other values can be accurate to the second bit after the radix point. When the parameter exceeds the warning threshold, it is shown with ‘W+’ or ‘W-’, when the parameter exceeds the alarm threshold, it is shown with ‘A+’ or ‘A-’, no tagged parameter is normal. Example: Show the brief DDM information of all ports.
Commands for DDM RX Power(dBM) -30.54(A-) 9.00 -25.00(-34) 9.00 -25.00 TX Power(dBM) -1.01 9.00 -12.05 -10.00 9.00 Ethernet 1/22 transceiver threshold-violation information: Transceiver monitor is disabled. Monitor interval is set to 30 minutes. The last threshold-violation doesn’t exist. 12.5 transceiver-monitoring Command: transceiver-monitoring {enable | disable} Function: Enable/ disable the transceiver monitoring. Parameter: enable/ disable: Enable or disable the function.
Commands for DDM manufacturer. If the monitoring index is not specified, restore all thresholds, if the monitoring index is specified, restore the corresponding threshold only. temperature:The monitoring index—temperature voltage:The monitoring index—voltage bias:The monitoring index—bias current rx-power:The monitoring index—receiving power tx-power:The monitoring index—sending power high-alarm:High-alarm of the monitoring index, namely there is alarm with A+ if exceeding the threshold.
Commands for LLDP-MED Chapter 13 Commands for LLDP-MED 13.1 civic location Command: civic location {dhcp server | switch | endpointDev} no civic location Function: Configure device type and country code of the location with Civic Address LCI format and enter Civic Address LCI address mode. The no command cancels all configurations of the location with Civic Address LCI format.
Commands for LLDP-MED Parameters: description-language: language for describing location, such as ‘English’ province-state: state, canton, region, province prefecture, and so on, such as ‘clara’ city: city, such as ‘New York’ county: county, parish, such as ‘santa clara’ street: street, such as ‘1301 Shoreway Road’ locationNum: house number, such as ‘9’ location: name and occupant of a location, such as ‘Carrillo's Holiday Market’ floor: floor number, such as ‘13’ room: room number, such as ‘1308’ postal:
Commands for LLDP-MED 13.4 lldp med fast count Command: lldp med fast count no lldp med fast count Function: When the fast LLDP-MED startup mechanism is enabled, it needs to fast send LLDP packets with LLDP-MED TLV, this command sets the value of sending the packets fast, the no command restores the default value. Parameter: value: The number of sending the packets fast, its range from 1 to 10, unit is entries. Default: 4.
Commands for LLDP-MED Usage Guide: After configuring this command, if the port is able to send LLDP-MED TLV, the sent LLDP packets with LLDP-MED TLV supported by all switches. However, LLDP packets sent by the port without any LLDP-MED TLV after the switch configured the corresponding no command. Example: Port 19 enables the function for sending LLDP-MED TLV. Switch(Config-If-Ethernet1/19)# lldp transmit med tlv all 13.
Commands for LLDP-MED port after the switch configured the corresponding no command. Note: LLDP-MED Capability TLV sent by the port must be configured before sending LLDP-MED Extended Power-Via-MDI TLV, or else the configuration cannot be successful. If the device does not support PoE or PoE function of the port is disabled, although configuring this command, LLDP-MED Extended Power-Via-MDI TLV will not be sent. Example: Port 19 enables the function for sending LLDP-MED Extended Power-Via-MDI TLV.
Commands for LLDP-MED Default: The function is disabled for sending LLDP-MED Network Policy TLV. Command Mode: Port mode Usage Guide: After configuring this command, if the port is able to send LLDP-MED TLV, LLDP packets with LLDP-MED Network Policy TLV sent by the port. However, LLDP packets without LLDP-MED Network Policy TLV sent by the port after the switch configured the corresponding no command.
Commands for LLDP-MED fields (such as VLAN ID, Layer2 priority) are ignored, only DSCP value field takes effect. Untagged is the default value of VLAN method. vid: Configure VLAN ID that the specified application belongs to. When the peer sends the flow of the specified application, it will tag the notified VLAN ID, or else the vlan-id value is 1. vlan-id: Configure the value of VLAN ID, its range from 1 to 4094. dot1p: Configure the specified application to tag the flow by using 802.
Commands for LLDP-MED LLDP txTTL :20 LLDP NotificationInterval :5 LLDP txDelay :1 LLDP-MED FastStart Repeat Count :4 -------------END------------------ 13.13 show lldp [interface ethernet ] Command: show lldp [interface ethernet ] Function: Show LLDP and LLDP-MED configurations on the current port. Parameter: [interface ethernet ]: Port name Command Mode: Admin mode Default: None. Usage Guide: None. Example: Show LLDP and LLDP-MED configuration of the port 19.
Commands for LLDP-MED Default: None. Command Mode: Admin mode Usage Guide: With this command, checking LLDP and LLDP-MED information of the neighbors after the port received LLDP packets sent by the neighbors. Example: Show the neighbor information on port 1.
Commands for bpdu-tunnel Chapter 14 Commands for bpdu-tunnel 14.1 bpdu-tunnel dmac Command: bpdu-tunnel dmac no bpdu-tunnel dmac Function: Configure the tunnel MAC address globally, the no command restores the default tunnel MAC address. Parameter: : MAC address Command Mode: Global mode Default: Default MAC address. Usage Guide: Configure the tunnel MAC address globally, use the configured MAC (it must be multicast MAC address) to forward the specified protocol across the tunnel.
Commands for bpdu-tunnel command cancels the operation. Parameter: None. Command Mode: Port mode Default: Port does not forward any protocol packets across the tunnel. Usage Guide: Disable gvrp function on the port before configuring this command. Example: Configure Ethernet 4/5 to forward gvrp packets across the tunnel. Switch(Config)#in ethernet 4/5 Switch(Config-if-ethernet 4/5)#bpdu-tunnel gvrp 14.
Commands for bpdu-tunnel 14.6 bpdu-tunnel dot1x Command: bpdu-tunnel dot1x no bpdu-tunnel dot1x Function: Configure the specified port to forward dot1x packets across the tunnel, the no command cancels the operation. Parameter: None. Command Mode: Port mode Default: Port does not forward any protocol packets across the tunnel. Usage Guide: Disable dot1x function on the port before configuring this command. Example: Configure Ethernet 4/5 to forward dot1x packets across the tunnel.
VLAN Configuration Chapter 15 VLAN Configuration 15.1 Commands for VLAN Configuration 15.1.1 debug gvrp event Command: debug gvrp event interface (ethernet | port-channel |) IFNAME no debug gvrp event interface (ethernet | port-channel |) IFNAME Function: Enable/disable GVRP event debugging including the transfer of state machine and the expiration of timer.
VLAN Configuration Usage Guide: Use this command to enable the debugging of GVRP packet. Example: Show information of sending and receiving GVRP packet. Switch(config)#debug gvrp packet receive interface ethernet 1/1 Receive packet, smac 00-21-27-aa-0f-46, dmac 01-80-C2-00-00-21, length 90, protocol ID:1,attribute type:0x01, Attribute Index -------------------- Length Event --------- Value ------- ---------- 1 10 joinIn 100 2 10 joinEmpty 140 3 10 leaveIn 150 4 10 leaveEmpty 180 15.
VLAN Configuration 15.1.6 dot1q-tunnel selective s-vlan Command: dot1q-tunnel selective s-vlan c-vlan no dot1q-tunnel selective s-vlan c-vlan Function: Add the mapping relation between user’s VLAN ID list and SP VLAN ID for selective QinQ, the no command deletes the mapping. Parameters: s-vlan is SP VLAN ID, c-vid-list is the range of user’s VLAN ID. Command Mode: Global/ port mode Default: There is no mapping relation.
VLAN Configuration Command: garp timer leave <500-1200> Function: Set the value of garp leave timer, note that the value of leave timer must be double of join timer and less than leaveAll timer. Parameters: <500-1200>, the value of timer in millisecond Command Mode: Global mode Default: 600 ms. Usage Guide: Check whether the value satisfy the range. If so, modify the value of garp timer to the specified value, otherwise return a configuration error. Example: Set the value of garp leave timer as 600ms.
VLAN Configuration 15.1.12 gvrp (Port) Command: gvrp no gvrp Function: Enable/disable GVRP function on port. Notice: although GVRP can be enabled on port when GVRP is not enabled globally, it will not take effect until global GVRP is enabled. Parameters: None Command Mode: Port mode Default: Disabled Usage Guide: GVRP function can only be enabled on trunk and hybrid ports, and enabling GVRP will return an error on access port. After GVRP enabled on port, this port will be added to GVRP (i.e.
VLAN Configuration Default: The default VLAN name is vlanXXX, where xxx is VID. Usage Guide: The switch can specify names for different VLANs, making it easier for users to identify and manage VLANs. Examples: Specify the name of VLAN100 as TestVlan. Switch(Config-Vlan100)#name TestVlan 15.1.15 private-vlan Command: private-vlan {primary | isolated | community} no private-vlan Function: Configure current VLAN to Private VLAN. The no command cancels the Private VLAN configuration.
VLAN Configuration Switch(config)#vlan 300 Switch(Config-Vlan300)#private-vlan community Note:This will remove all the ports from vlan 300 Switch(Config-Vlan300)#exit 15.1.16 private-vlan association Command: private-vlan association no private-vlan association Function: Set Private VLAN association; the no command cancels Private VLAN association. Parameter: Sets Secondary VLAN list which is associated to Primary VLAN.
VLAN Configuration Default: 200|600|10000 milliseconds for join | leave | leaveAll timer respectively. Usage Guide: Show the corresponding value of the timer specified in the command. Example: Show the value of all garp timers currently. Switch#show garp timer join Garp join timer’s value is 200(ms) 15.1.
VLAN Configuration port-channel, aggregate port IFNAME, port name Command Mode: Admin mode Default: Passive. Usage Guide: Check the state of leaveAll state machine. Example: Show the state of leaveAll state machine on port. Switch#show gvrp leaveall fsm information interface ethernet 1/1 Interface ---------Ethernet1/1 leaveAll fsm -----------passive 15.1.
VLAN Configuration Default: GVRP is disabled on port. Usage Guide: Show all ports (enable GVRP) saved in GVRP. Example: Show all ports with GVRP enabled. Switch#show gvrp port member Ports which were enabled gvrp included: Ethernet1/3(T) Ethernet1/4(T) Ethernet1/5(T) Ethernet1/6(T) Ethernet1/7(T) Ethernet1/8(T) Ethernet1/9(T) Ethernet1/10(T) 15.1.
VLAN Configuration Parameters: join, join timer leaveall, leaveAll timer ethernet, physical port port-channel, aggregate port IFNAME, port name Command Mode: Admin mode Default: Join timer is disabled and leaveAll timer is enabled. Usage Guide: Check running state of join|leaveAll timer on port. Example: Show running state and expiration time of each timer.
VLAN Configuration Command mode: Admin Mode and Configuration Mode. Usage Guide: If no or is specified, then information for all VLANs in the switch will be displayed. Example: Display the status for the current VLAN; display statistics for the current VLAN.
VLAN Configuration Example: Display current VLAN translation state information. Switch#show vlan-translation Interface Ethernet1/1: vlan-translation is enable Interface Ethernet1/2: vlan-translation is enable Interface Ethernet1/3: vlan-translation is enable 15.1.28 switchport access vlan Command: switchport access vlan no switchport access vlan Function: Add the current Access port to the specified VLAN.
VLAN Configuration used to configure on trunk or hybrid ports and the port with GVRP not enabled. No command cancels the forbidden vlanlist for a port.
VLAN Configuration Usage Guide: The user can use this command to set the VLANs whose traffic allowed to pass through the Hybrid port, traffic of VLANs not included are prohibited. The difference between tag and untag mode by setting allowed vlan: set VLAN to untag mode, the frame sent via hybrid port without VLAN tag; set VLAN to tag mode, the frame sent via hybrid port with corresponding VLAN tag. The same VLAN can not be allowed with tag and untag mode by a Hybrid port at the same time.
VLAN Configuration ports from the specified VLAN. Parameter: ethernet is the Ethernet port to be added. portchannel means that the port to be added is a link-aggregation port. interface-name port name, such as e1/1. If this option is selected, ethernet or portchannel should not be. interface-list is the port list to be added or deleted, “;” and “-” are supported, for example: ethernet1/1;3;4-7;8. Command mode: VLAN Mode. Default: A newly created VLAN contains no port by default.
VLAN Configuration Switch(Config-If-Ethernet1/8)#exit Switch(config)#interface ethernet 1/10 Switch(Config-If-Ethernet1/10)#switchport mode hybrid Switch(Config-If-Ethernet1/10)#exit 15.1.35 switchport mode trunk allow-null Command: switchport mode trunk allow-null Function: Add a port as trunk mode. When enabling GVRP, the mode that adds the ports with trunk mode to all VLANs is not appropriate.
VLAN Configuration Switch(Config-If-Ethernet1/5)#switchport mode trunk Switch(Config-If-Ethernet1/5)#switchport trunk allowed vlan 1;3;5-20 Switch(Config-If-Ethernet1/5)#exit 15.1.37 switchport trunk native vlan Command: switchport trunk native vlan no switchport trunk native vlan Function: Set the PVID for Trunk port; the “no switchport trunk native vlan” command restores the default setting. Parameter: is the PVID for Trunk port. Command mode: Port Mode.
VLAN Configuration user. The maximal VLAN number is 4094. It should be noted that dynamic VLANs learnt by GVRP cannot be deleted by this command. Example: Create VLAN100 and enter the configuration mode for VLAN 100. Switch(config)#vlan 100 Switch(Config-Vlan100)# 15.1.39 vlan internal Command: vlan <2-4094> internal Function: Specify the internal VLAN ID. After an ID is specified as the internal VLAN ID, it is not allowed to be used by other VLAN.
VLAN Configuration 15.1.41 vlan-translation Command: vlan-translation to in no vlan-translation in Function: Add VLAN translation by creating a mapping between original VLAN ID and current VLAN ID; the no form of this command deletes corresponding mapping. Parameter: old-vlan-id is the original VLAN ID; new-vlan-id is the translated VLAN ID; in indicates ingress translation. Command Mode: Global/Port Mode. Default: There is no VLAN translation relation.
VLAN Configuration Switch(Config-If-Ethernet1/1)#vlan-translation enable 15.1.43 vlan-translation miss drop This command is not supported by the switch. 15.2 Commands for Multi-to-One VLAN Translation 15.2.1 vlan-translation n-to-1 Command: vlan-translation n-to-1 to no vlan-translation n-to-1 Function: Enable/disable Multi-to-One VLAN translation of the port. Parameters: WORD is the original VLAN ID, its range from 1 to 4094, connect them with ‘;’ and ‘-’.
VLAN Configuration Switch(Config-If-Ethernet1/5)# switchport mode trunk 15.2.2 show vlan-translation n-to-1 Command: show vlan-translation n-to-1 [] Function: Show the port configuration with Multi-to-One VLAN translation. Parameter: interface-name: Specify the name of the port which will be shown. If there is no parameter, show all port configurations with this function. Command Mode: Admin mode. Default: There is no Multi-to-One VLAN translation information.
VLAN Configuration XX-XX-XX-XX-XX-XX, vlan-id is the ID of the VLAN with a valid range of 1~4094; priority-id is the level of priority and is used in the VLAN tag with a valid range of 0~7; all refers to all the MAC addresses. Command Mode: Global Mode. Default: No MAC address joins the VLAN by default. Usage Guide: With this command user can add specified MAC address to specified VLAN.
VLAN Configuration Default: No protocol joined the VLAN by default. Usage Guide: The command adds specified protocol into specified VLAN. If there is any non VLAN label packet from specified protocol enters through the switch port, it will be assigned with specified VLAN ID and enter the specified VLAN. No matter which port the packets go through, their belonging VLAN is the same. The command will not interfere with VLAN labeled data packets.
VLAN Configuration Parameter: None. Command Mode: Admin Mode and other configuration Mode. Usage Guide: Display the ports of enabling MAC-based VLAN, the character in the bracket indicate the ports mode, A means Access port, T means Trunk port, H means Hybrid port. Example: Display the ports of enabling MAC-based VLAN currently. Switch#show mac-vlan interface Ethernet1/1(A) Ethernet1/2(A) Ethernet1/3(A) Ethernet1/4(A) Ethernet1/5(H) Ethernet1/6(T) 15.3.
VLAN Configuration Command: switchport mac-vlan enable no switchport mac-vlan enable Function: Enable the MAC-based VLAN function on the port; the no form of this command will disable the MAC-based VLAN function on the port. Parameter: None. Command Mode: Port Mode. Default: The MAC-base VLAN function is enabled on the port by default. Usage Guide: After adding a MAC address to specified VLAN, the MAC-based VLAN function will be globally enabled.
Commands for MAC Address Table Configuration Chapter 16 Commands for MAC Address Table Configuration 16.1 Commands for MAC Address Table Configuration 16.1.1 mac-address-table avoid-collision Command:mac-address-table avoid-collision no mac-address-table avoid-collision Function:Enable the function of the hash collision mac table that issued ffp, the no command recover to disable the function. Parameter:None. Command mode:Global Mode Default:Do not issue the hash collision mac table.
Commands for MAC Address Table Configuration name for forwarding the MAC packets; VLAN ID. Command mode: Admin mode. Usage Guide: Delete all dynamic address entries which exist in MAC address table, except application, system entries. MAC address entries can be classified according to different sources, the types are as follows: DYNAMIC, STATIC, APPLICATION, SYSTEM. DYNAMIC is the dynamic MAC address entries learned by switch, it can be aged by switch automatically.
Commands for MAC Address Table Configuration 16.1.
Commands for MAC Address Table Configuration will be forwarded to the specified port of the specified VLAN. Example: Port 1/1 belongs to VLAN200, and establishes address mapping with MAC address 00-03-0f-f0-00-18. Switch(config)#mac-address-table static address 00-03-0f-f0-00-18 vlan 200 interface ethernet 1/1 Configure a static multicast MAC 01-00-5e-00-00-01, the egress is ehernet 1/1. Switch(config)#mac-address-table static-multicast address 01-00-5e-00-00-01 vlan 1 interface ethernet1/1 16.1.
Commands for MAC Address Table Configuration 16.2 Commands for Mac Address Binding configuration 16.2.1 clear port-security dynamic Command: clear port-security dynamic [address | interface ] Function: Clear the Dynamic MAC addresses of the specified port. Command mode: Admin Mode. Parameter: stands MAC address; for specified port number. Usage Guide: The secure port must be locked before dynamic MAC clearing operation can be perform in specified port.
Commands for MAC Address Table Configuration Parameter: None. Command mode: Port Mode. Default: Disable. Usage Guide: Enable mac-address-table synchronizing and global mac notification trap, then enable mac-address-table mac trap and mac notification trap in port mode. This command takes effect as subcommand of mac-address-table synchronizing trap command after enable global mac-address-table synchronizing trap only.
Commands for MAC Address Table Configuration (count) (count) ----------------------------------------------------------------------------------------------------Ethernet1/1 1 1 Protect Ethernet1/3 10 1 Protect Ethernet1/5 1 0 Protect ----------------------------------------------------------------------------------------------------Max Addresses limit in System:128 Total Addresses in System:2 Displayed information Explanation Security Port Is port enabled as a secure port.
Commands for MAC Address Table Configuration Displayed information Explanation Vlan The VLAN ID for the secure MAC Address. Mac Address Secure MAC address. Type Secure MAC address type. Ports The port that the secure MAC address belongs to. Total Addresses Current secure MAC address number in the system. 16.2.7 show port-security interface Command: show port-security interface Function: Display the configuration of secure port. Command mode: Admin and Configuration Mode.
Commands for MAC Address Table Configuration Lock Timer Whether locking timer (timer timeout) is enabled for the port. Mac-Learning function Whether the MAC address learning function is enabled. 16.2.8 station-movement check This command is not supported by the switch. 16.2.9 switchport port-security Command: switchport port security no switchport port security Function: Enable MAC address binding function for the port; the no command disables the MAC address binding function for the port.
Commands for MAC Address Table Configuration 16.2.11 switchport port-security lock Command: switchport port-security lock no switchport port-security lock Function: Lock the port. After the port is locked, the MAC-address learning function will be shut down; the no operation of this command will reset the MAC-address learning function. Command Mode: Port Configuration Mode. Default: Ports are unlocked. Usage Guide: Ports can only be locked after the MAC-address binding function is enabled.
Commands for MAC Address Table Configuration Usage Guide: The MAC address binding function must be enabled before maximum secure MAC address number can be set. If secure static MAC address number of the port is larger than the maximum secure MAC address number set, the setting fails; extra secure static MAC addresses must be deleted, so that the secure static MAC address number is no larger than the maximum secure MAC address number for the setting to be successful.
Commands for MAC Address Table Configuration Default: The port violation mode is protect by default. Usage Guide: The port violation mode configuration is only available after the MAC address binding function is enabled. when the port secure MAC address exceeds the security MAC limit, if the violation mode is protect, the port only disable the dynamic MAC address learning function; while the port will be shut if at shutdown mode. Users can manually open the port with no shutdown command.
Commands for MAC Address Table Configuration Switch(Config)#mac-address-table notification 16.3.3 mac-address-table notification history-size Command: mac-address-table notification history-size <0-500> no mac-address-table notification history-size Function: Configure the maximum history-size for storing MAC changing message, the no command restores the default value. Parameter: history-size: data length of sending the notification, its range from 1 to 500. Default: 10.
Commands for MAC Address Table Configuration both: the added and the removed MAC addresses Default: No MAC address notification. Command Mode: Port mode Usage Guide: After the global switch is disabled, this command is also able to be configured sequentially. Example: Send the trap notification after the MAC address is added to Ethernet 1/5. Switch(Config)#in ethernet 1/5 Switch(Config-if-ethernet 1/5)#mac-notification added 16.3.
Commands for MAC Address Table Configuration Default: Disable trap notification globally. Command Mode: Global mode Usage Guide: This command is used with MAC notification switch. When the switch is disabled, other configuration can be shown, but the function is invalid. Example: Enable the trap notification of MAC address.
Commands for MSTP Chapter 17 Commands for MSTP 17.1 Commands for MSTP 17.1.1 abort Command: abort Function: Abort the current MSTP region configuration, quit MSTP region mode and return to global mode. Command mode: MSTP Region Mode. Usage Guide: This command is to quit MSTP region mode without saving the current configuration. The previous MSTP region configuration is valid. Example: Quit MSTP region mode without saving the current configuration. Switch(Config-Mstp-Region)#abort Switch(config)# 17.1.
Commands for MSTP VLANs and instances; the command “no instance [vlan ]” removes the specified instance and the specified mappings between the VLANs and instances. Parameter: Normally, sets the instance number. The valid range is from 0 to 64; in the command “no instance [vlan ]”, sets the instance number. The valid number is from 0 to 64. sets consecutive or non-consecutive VLAN numbers.
Commands for MSTP 17.1.5 no Command: no | | Function: Cancel one command or set it as initial value. Parameter: instance number, MSTP region name, is account the modify value of MST configuration caption. Command mode: MSTP Region Mode Default: The default revision level is 0. Usage Guide: This command deletes the specified instance and MSTP region name, restore the default of modify value is 0. Example: Delete instance 1.
Commands for MSTP 17.1.8 spanning-tree Command: spanning-tree no spanning-tree Function: Enable MSTP in global mode and in Port Mode; The command “no spanning-tree” is to disable MSTP. Command mode: Global Mode and Port Mode Default: MSTP is not enabled by default. Usage Guide: If the MSTP is enabled in global mode, the MSTP is enabled in all the ports except for the ports which are set to disable the MSTP explicitly. Example: Enable the MSTP in global mode, and disable the MSTP in the interface1/2.
Commands for MSTP instance. Example: On the port1/2, set the port cost is 3000000. Switch(Config-If-Ethernet1/2)#spanning-tree cost 3000000 17.1.10 spanning-tree digest-snooping Command: spanning-tree digest-snooping no spanning-tree digest-snooping Function: Configure the port to use the authentication string of partner port; the command “no spanning-tree digest-snooping” restores to use the port generated authentication string.
Commands for MSTP format of the received packets. Command Mode: Port Mode Default: Auto Packet Format. Usage Guide: As the CISCO has adopted the packet format different with the one provided by IEEE, while many companies also adopted the CISCO format to be CISCO compatible, we have to provide support to both formats. The standard format is originally the one provided by IEEE, and the privacy packet format is CISCO compatible.
Commands for MSTP co working with hello time and max age. The parameters should meet the following conditions. Otherwise, the MSTP may work incorrectly. 2 * (Bridge_Forward_Delay - 1.0 seconds) >= Bridge_Max_Age Bridge_Max_Age >= 2 * (Bridge_Hello_Time + 1.0 seconds) Example: In global mode, set MSTP forward delay time to 20 seconds. Switch(config)#spanning-tree forward-time 20 17.1.
Commands for MSTP 17.1.15 spanning-tree maxage Command: spanning-tree maxage
Commands for MSTP Command mode: Port Mode Default: The port is in the MSTP mode by default. Usage Guide: If a network which is attached to the current port is running IEEE 802.1D STP, the port converts itself to run in STP mode. The command is used to force the port to run in the MSTP mode. But once the port receives STP messages, it changes to work in the STP mode again. This command can only be used when the switch is running in IEEE802.1s MSTP mode. If the switch is running in IEEE802.
Commands for MSTP Instance There is only the instance 0. All the VLANs (1~4094) are mapped to the instance 0. Name MAC address of the bridge Revision 0 Usage Guide: Whether the switch is in the MSTP region mode or not, users can enter the MSTP mode, configure the attributes, and save the configuration. When the switch is running in the MSTP mode, the system will generate the MST configuration identifier according to the MSTP configuration.
Commands for MSTP Port Speed Port Type Port Cost 802.1D-2008 0 10Mbps 65535 802.
Commands for MSTP 17.1.21 spanning-tree cost-format Command: spanning-tree cost-format {dot1d | dot1t} Function: In global mode, users can select path-cost format with dot1d or dot1t, the default format is dot1t. Command Mode: Global mode. Default: count path-cost with dot1t format. Usage Guide: There are two formats about cost value: they are dot1d marked on IEEE802.1d-2008 and dot1t marked on IEEE802.
Commands for MSTP Function: Set the current port priority for the specified instance; the command “no spanning-tree mst port-priority” restores the default setting. Parameter: sets the instance ID. The valid range is from 0 to 64; sets port priority. The valid range is from 0 to 240. The value should be the multiples of 16, such as 0, 16, 32…240. Command mode: Port Mode Default: The default port priority is 128.
Commands for MSTP disable the rootguard function. Parameter: : MSTP instance ID. Command mode: Port Mode. Default: Disable rootguard function. Usage Guide: The command is used in Port Mode, if the port is configured to be a rootguand port, it is forbidden to be a MSTP root port. If superior BPDU packet is received from a rootguard port, MSTP did not recalculate spanning-tree, and just set the status of the port to be root_inconsistent (blocked).
Commands for MSTP 17.1.27 spanning-tree port-priority Command: spanning-tree port-priority no spanning-tree port-priority Function: Set the port priority; the command “no spanning-tree port-priority” restores the default setting. Parameter: sets port priority. The valid range is from 0 to 240. The value should be the multiples of 16, such as 0, 16, 32, 48…240. Command mode: Port Mode Default: The default port priority is 32768.
Commands for MSTP Function: Set the port is root port, “no spanning-tree rootguard” command sets the port is non-root port. Parameter: None. Command mode: Port Mode. Default: Port is non-root port. Usage Guide: The command is used in Port Mode, if the port is configured to be a rootguand port, it is forbidden to be a MSTP root port. If superior BPDU packet is received from a rootguard port, MSTP did not recalculate spanning-tree, and just set the status of the port to be root_inconsistent (blocked).
Commands for MSTP 17.1.31 spanning-tree tcflush (Port mode) Command: spanning-tree tcflush {enable| disable| protect} no spanning-tree tcflush Function: Configure the spanning-tree flush mode for port once the topology changes. “no spanning-tree tcflush” restores to default setting. Parameter: enable: The spanning-tree flush once the topology changes. disable: The spanning tree don’t flush when the topology changes. protect: the spanning-tree flush not more than one time every ten seconds.
Commands for MSTP 17.2 Commands for Monitor and Debug 17.2.1 debug spanning-tree Command: debug spanning-tree no debug spanning-tree Function: Enable the MSTP debugging information; the command “no debug spanning-tree” disables the MSTP debugging information. Command mode: Admin Mode Usage Guide: This command is the general switch for all the MSTP debugging. Users should enable the detailed debugging information, and then they can use this command to display the relevant debugging information.
Commands for MSTP 03 30 04 40 05 4094 ---------------------------------Switch(Config-Mstp-Region)# 17.2.3 show spanning-tree Command: show spanning-tree [mst []] [interface ] [detail] Function: Display the MSTP Information. Parameter: sets interface list; sets the instance ID. The valid range is from 0 to 64; detail sets the detailed spanning-tree information.
Commands for MSTP PortName ID ExtRPC IntRPC State Role DsgBridge DsgPort -------------- ------- --------- --------- --- ---- ------------------ ------Ethernet1/1 128.001 0 0 FWD ROOT 16384.00030f010f52 128.007 Ethernet1/2 128.002 0 0 BLK ALTR 16384.00030f010f52 128.011 ########################### Instance 3 ########################### Self Bridge Id Region Root Id : 0.00: 03: 0f: 01: 0e: 30 : this switch Int.
Commands for MSTP Force Version Version of STP Instance Information Self Bridge Id The priority and the MAC address of the current bridge for the current instance Root Id The priority and the MAC address of the root bridge for the current instance Ext.RootPathCost Total cost from the current bridge to the root of the entire network Int.
Commands for MSTP Name switch Revision 0 Instance Vlans Mapped ---------------------------------00 1-29, 31-39, 41-4094 03 30 04 40 242
Commands for QoS Chapter 18 Commands for QoS 18.1 accounting Command: accounting no accounting Function: Set statistic function for the classified traffic. Parameter: None. Command mode: Policy map configuration mode Default: Do not set statistic function. Usage Guide: After enable this function, add statistic function to the traffic of the policy class map, the messages can only red or green when passing policy. Example: Count the packets which satisfy c1 rule.
Commands for QoS and insert it to the front of c1. Switch(config)#policy-map p1 Switch(Config-PolicyMap-p1)#class c1 Switch(Config-PolicyMap-p1-Class-c1)#exit Switch(Config-PolicyMap-p1)#class c2 insert-before c1 Switch(Config-PolicyMap-p1-Class-c2)#exit 18.3 class-map Command: class-map no class-map Function: Creates a class map and enters class map mode; the no command deletes the specified class map. Parameters: is the class map name.
Commands for QoS 18.5 drop Command: drop no drop Function: Drop data package that match the class, the no command cancels the assigned action. Parameters: None. Default: Do not set the action. Command mode: Policy class map configuration mode Usage Guide: Drop the specified packet after configure this command. Example: Drop the packet which satisfy c1.
Commands for QoS ipv6 flowlabel match specified IPv6 flow label, the parameter is IPv6 flow label value, the ranging is 0~1048575; vlan match specified VLAN ID, the parameter is a VLAN ID list consisting of maximum 8 VLAN IDs, the ranging is 1~4094; cos match specified CoS value, the parameter is a CoS list consisting of maximum 8 CoS, the ranging is 0~7; c-vlan match specified Customer VLAN ID, the parameter is a VLAN ID list consisting of maximum 8 VLAN
Commands for QoS Usage Guide: Configure the default CoS value for switch port. In default configuration, the message ingress cos from this port are default value whether the message with tag. If the message without tag, the message cos value for tag is enactmented. Example: Setting the default CoS value of ethernet port 1/1 to 7, i.e., packets coming in through this port will be assigned a default CoS value of 7 if no CoS value present .
Commands for QoS 56 to 0 1 2 3 3 2 1 0. Switch(config)#mls qos map cos-intp 0 1 2 3 3 2 1 0 18.11 mls qos queue algorithm Command: mls qos queue algorithm {sp | wrr } no mls qos queue algorithm Function: After configure this command; the queue management algorithm is set. Parameters: sp: The strict priority, the queue number of bigger, then the priority is higher wrr: Select wrr algorithm Default: The default queue algorithm is wrr. Command mode: Global Mode.
Commands for QoS or two queues can be set as 0 and must be set at behind. Example: Configure the queue weight as 1 2 3 4. Switch(config)#mls qos queue weight 1 2 3 4 18.14 mls qos queue wred This command is not supported by switch. 18.15 mls qos queue wdrr weight This command is not supported by switch. 18.16 mls qos queue bandwidth This command is not supported by switch. 18.
Commands for QoS 18.19 pass-through-dscp This command is not supported by the switch. 18.20 policy Command: policy ({conform-action ACTION | exceed-action ACTION}) ACTION definition: drop | transmit | set-dscp-transmit | set-prec-transmit | set-cos-transmit | set-internal-priority | set-Drop-Precedence no policy Function: The non-aggregation policy command supporting two colors.
Commands for QoS set-cos-transmit sets the CoS value of the L2 packets Default: No policy action; the default action of conform-action is transmit, while that of exceed-action is drop. Command mode: Policy class map configuration Mode Usage Guide: “set” and “policy”(policy aggregate) are selected and have the same action in Policy Map, then the action selected by “policy” will cover the action of “set”.
Commands for QoS 18.23 service-policy input Command: service-policy input no service-policy input Function: Applies a policy map to the specified port; the no command deletes the specified policy map applied to the port. Parameters: input applies the specified policy map to the ingress direction of switch port. Default: No policy map is bound to port and VLAN interface by default. Command mode: Port Configuration Mode.
Commands for QoS 18.25 set Command: set {ip dscp | ip precedence | internal priority | drop precedence | cos } no set {ip dscp | ip precedence | internal priority | drop precedence | cos} Function: Assign a new DSCP, IP Precedence for the classified traffic; the no form of this command delete assigning the new values. Parameter: ip dscp new DSCP value, do not distinguish v4 and v6. ip precedence new IP Precedence.
Commands for QoS used by 1 times Used times match acl name:1 Classifying rule for the class map. 18.27 show policy-map Command: show policy-map [] Function: Displays policy map of QoS. Parameters: is the policy map name. Default: N/A. Command mode: Admin Mode. Usage Guide: Displays all configured policy-map or specified policy-map information.
Commands for QoS Switch#show mls qos interface ethernet 1/2 Ethernet 1/2 Default COS: 0 Trust: COS Attached Policy Map for Ingress: p1 Classmap classified in-profile out-profile (in packets) c1 20 10 10 c2 NA NA NA (If there is no Accounting for Class Map, show NA) Egress Internal-Priority-TO-Queue map: INTP: 0 1 2 3 ---------------------------Queue: 0 1 2 3 Queue Algorithm: WRR Queue weights: Queue 0 1 2 3 ------------------------------------WrrWeight 1 2 3 4 Display Informa
Commands for QoS NA Internal-Priority-TO-Queue map:: Internal-Priority to queue mapping Queue Algorithm: WRR or PQ queue out method Queue weights Queue weights configuration Bandwidth Guarantee Configuration Bandwidth guarantee configuration Switch(config)#show mls qos interface ethernet1/2 queuing Ethernet1/2: Egress Internal-Priority-TO-Queue map: INTP: 0 1 2 3 ---------------------------Queue: 0 1 2 3 Queue Algorithm: WRR Queue weights: Queue 0 1 2 3 ------------------------------
Commands for QoS classified Total data packets match this ClassMap. in-profile Total in-profile data packets match this ClassMap. out-profile Total out-profile data packets match this ClassMap. Switch #show mls qos vlan 100 Vlan 100: Attached Policy Map for Ingress: p1 Classmap classified in-profile out-profile (in packets) c1 20 10 10 c2 NA NA NA 18.29 show mls qos interface wred This command is not supported by switch. 18.
Commands for QoS 4: 2 2 2 2 2 2 2 2 3 3 5: 3 3 3 3 3 3 3 3 3 3 6: 3 3 3 3 18.31 show mls qos vlan Command: show mls qos vlan Parameters: v-id: the ranging from 1 to 4094. Command Mode: Admin mode. Default: None.
Commands for QoS Usage Guide: Send the packet directly after configure this command. Example: Send the packet which satisfy c1.
Commands for Flow-based Redirection Chapter 19 Commands for Flow-based Redirection 19.1 access-group redirect to interface ethernet Command: access-group redirect to interface [ethernet | ] no access-group redirect Function: Specify flow-based redirection; “no access-group redirect” command is used to delete flow-based redirection.
Commands for Flow-based Redirection redirection in the system/port.
Commands for Flexible QinQ Chapter 20 Commands for Flexible QinQ 20.1 add This command is not supported by switch. 20.2 delete This command is not supported by switch. 20.
Commands for Flexible QinQ cos match the specified CoS value, the parameter is a CoS list consisting of maximum 8 CoS values, the range is 0 to 7 c-vlan match the specified customer VLAN ID, the parameter is a VLAN ID list consisting of maximum 8 VLAN IDs, the range is 1 to 4094 c-cos match the specified customer CoS value, the parameter is a CoS list consisting of maximum 8 CoS values, the range is 0 to 7 Default: There is no match standard.
Commands for Flexible QinQ Apply policy-map p1 (p1 corresponds with the action that modify c-vid) to Ethernet port 1/1 for flexible QinQ. Switch(Config-If-Ethernet1/1)#service-policy p1 in 20.5 set Command: set {s-vid | c-vid } no set {s-vid | c-vid} Function: Assign the new cos and vid value to the packets which match the class map, no command cancels the operation.
Commands for Layer 3 Management Chapter 21 Commands for Layer 3 Management 21.1 Commands for Layer 3 Interface 21.1.1 description Command: description no description Function: Configure the description information of VLAN interface. The no command will cancel the description information of VLAN interface. Parameter: is the description information of VLAN interface, the length should not exceed 256 characters. Default: Do not configure.
Commands for Layer 3 Management configuration mode will be entered. After the creation of the VLAN interface (Layer 3 interface), interface vlan command can still be used to enter Layer 3 Port Mode. Configure 16 interface vlan to manage device that is supported by layer 2 switch, but layer 3 forward is not supported. Example: Create a VLAN interface (layer 3 interface). Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)# 21.1.
Commands for Layer 3 Management Nexthop Next-hop IP address Interface Next-hop pass-by layer 3 swtich interfaces Preference Route priority. If other types of route to the target network exists, the kernel route will only shows those with high priority. 21.2 Commands for IPv4/v6 configuration 21.2.1 clear ip traffic Command: clear ip traffic Function: Clear the statistic information of IP protocol. Parameter: None. Command mode: Admin Mode. Default: None.
Commands for Layer 3 Management 21.2.3 debug ip icmp Command: debug ip icmp no debug ip icmp Function: The debugging for receiving and sending ICMP packets. Parameter: None. Default: None. Command mode: Admin Mode Usage Guide: None. Example: Switch#debug ip icmp IP ICMP: sent, type 8, src 0.0.0.0, dst 20.1.1.1 Display Description IP ICMP: sent Send ICMP packets type 8 Type is 8(PING request) src 0.0.0.0 Source IPv4 address dst 20.1.1.1 Destination IPv4 address 21.2.
Commands for Layer 3 Management Command: debug ipv6 packet no debug ipv6 packet Function: IPv6 data packets receive/send debug message.
Commands for Layer 3 Management dst <2003::20a:ebff:fe26:8a49> Destination IPv6 address from Vlan1 Layer 3 port being sent 21.2.7 debug ipv6 nd Command: debug ipv6 nd [ns | na | rs | ra | redirect] no debug ipv6 nd [ ns | na | rs | ra | redirect ] Function: Enable the debug of receiving and sending operations for specified types of IPv6 ND messages.
Commands for Layer 3 Management mask, dotted decimal notation; [secondary] indicates that the IP address is configured as secondary IP address. Command Mode: VLAN interface configuration mode Default: The system default is no IP address configuration. Usage Guide: This command configures IP address on VLAN interface manually.
Commands for Layer 3 Management Function: Configure aggregately global unicast address, site-local address and link-local address for the interface. Parameter: Parameter is the prefix of IPv6 address, parameter is the prefix length of IPv6 address, which is between 3-128, eui-64 means IPv6 address is generated automatically based on eui64 interface identifier of the interface. Command Mode: Interface Configuration Mode. Default: None.
Commands for Layer 3 Management This command is not supported by the switch. 21.2.15 ipv6 nd dad attempts Command: ipv6 nd dad attempts no ipv6 nd dad attempts Function: Set Neighbor Solicitation Message number sent in succession by interface when setting Duplicate Address Detection. Parameter: is the Neighbor Solicitation Message number sent in succession by Duplicate Address Detection, and the value of must be in 0-10, NO command restores to default value 1.
Commands for Layer 3 Management 21.2.17 ipv6 nd suppress-ra This command is not supported by the switch. 21.2.18 ipv6 nd ra-lifetime This command is not supported by the switch. 21.2.19 ipv6 nd min-ra-interval This command is not supported by the switch. 21.2.20 ipv6 nd max-ra-interval This command is not supported by the switch. 21.2.21 ipv6 nd prefix This command is not supported by the switch. 21.2.22 ipv6 nd other-config-flag This command is not supported by the switch. 21.2.
Commands for Layer 3 Management address cannot be set as neighbor. Example: Set static neighbor 2001:1:2::4 on port E1/1, and the hardware MAC address is 00-03-0f-89-44-bc. Switch(Config-if-Vlan1)#ipv6 neighbor 2001:1:2::4 00-03-0f-89-44-bc interface Ethernet 1/1 21.2.25 show ip interface Command: show ip interface [ | vlan ] brief Function: Show the brief information of the configured layer 3 interface. Parameters: Interface name; VLAN ID.
Commands for Layer 3 Management 0 redirects, 0 unreachable, 0 echo, 0 echo replies 0 mask requests, 0 mask replies, 0 quench 0 parameter, 0 timestamp, 0 timestamp replies Sent: 0 total 0 errors 0 time exceeded 0 redirects, 0 unreachable, 0 echo, 0 echo replies 0 mask requests, 0 mask replies, 0 quench 0 parameter, 0 timestamp, 0 timestamp replies TCP statistics: TcpActiveOpens 0, TcpAttemptFails 0 TcpCurrEstab 0, TcpEstabResets 0 TcpInErrs 0, TcpInSegs 3180 TcpMaxConn 0, TcpOutRsts 3 TcpO
Commands for Layer 3 Management Rcvd: 0 total 0 errors 0 time exceeded Statistics of total ICMP packets 0 redirects, 0 unreachable, 0 echo, 0 received and classified information echo replies 0 mask requests, 0 mask replies, 0 quench 0 parameter, 0 timestamp, 0 timestamp replies Sent: 0 total 0 errors 0 time exceeded Statistics of total ICMP packets sent 0 redirects, 0 unreachable, 0 echo, 0 and classified information echo replies 0 mask requests, 0 mask replies, 0 quench 0 parameter, 0 timestamp, 0
Commands for Layer 3 Management ff02::1 ff02::16 ff02::2 ff02::5 ff02::6 ff02::9 ff02::d ff02::1:ff00:10 ff02::1:ff00:1 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts is 1 ND managed_config_flag is unset ND other_config_flag is unset ND NS interval is 1 second(s) ND router advertisements is disabled ND RA min-interval is 200 second(s) ND RA max-interval is 600 second(s) ND RA hoplimit is 64 ND RA lifetime is 1800 second(s) ND RA MTU is 0 ND advertised reachable time is 0 millisecond(s) ND ad
Commands for Layer 3 Management Command Mode: Admin and Configuration Mode. Usage Guide: show ipv6 route only shows IPv6 kernal routing table (routing table in tcpip), database shows all routers except the local router.
Commands for Layer 3 Management 21.2.29 show ipv6 neighbors Command: show ipv6 neighbors [{vlan|ethernet} interface-number | interface-name | address ] Function: Display neighbor table entry information. Parameter: Parameter {vlan|ethernet} interface-number|interface-name specify the lookup based on interface. Parameter ipv6-address specifies the lookup based on IPv6 address. It displays the whole neighbor table entry if without parameter.
Commands for Layer 3 Management 21.2.30 show ipv6 traffic Command: show ipv6 traffic Function: Display IPv6 transmission data packets statistics information.
Commands for Layer 3 Management 21.2.31 show ipv6 redirect This command is not supported by the switch. 21.3 Commands for ARP Configuration 21.3.1 arp Command: arp {interface [ethernet] } no arp Function: Configures a static ARP entry; the “no arp ” command deletes a ARP entry of the specified IP address.
Commands for Layer 3 Management 21.3.4 debug arp Command: debug arp {receive|send|state} no debug arp {receive|send|state} Function: Enables the ARP debugging function; the “no debug arp {receive|send|state}” command disables this debugging function. Parameter: receive the debugging-switch of receiving ARP packets of the switch; send the debugging-switch of sending ARP packets of the switch; state the debugging-switch of APR state changing of the switch. Default: ARP debug is disabled by default.
Commands for Layer 3 Management Command: show arp [] [] [] [type {static | dynamic}] [count] [vrf word] Function: Displays the ARP table. Parameters: is a specified IP address; stands for the entry for the identifier of specified VLAN; for entry of specified MAC address; static for static ARP entry; dynamic for dynamic ARP entry; count displays number of ARP entries; word is the specified vrf name.
Commands for Layer 3 Management 21.3.8 show arp traffic Command: show arp traffic Function: Display the statistic information of ARP messages of the switch. For box switches, this command will only show statistics of APP messages received and sent from the current boardcard. Command mode: Admin and Config Mode Usage Guide: Display statistics information of received and sent APP messages.
Commands for ARP Scanning Prevention Chapter 22 Commands for ARP Scanning Prevention 22.1 anti-arpscan enable Command: anti-arpscan enable no anti-arpscan enable Function: Globally enable ARP scanning prevention function; “no anti-arpscan enable” command globally disables ARP scanning prevention function. Parameters: None. Default Settings: Disable ARP scanning prevention function.
Commands for ARP Scanning Prevention /second. Switch(config)#anti-arpscan port-based threshold 10 22.3 anti-arpscan ip-based threshold Command: anti-arpscan ip-based threshold no anti-arpscan ip-based threshold Function: Set the threshold of received messages of the IP-based ARP scanning prevention. If the rate of received ARP messages exceeds the threshold, the IP messages from this IP will be blocked. The unit is packet/second.
Commands for ARP Scanning Prevention from being shutdown because of receiving too many ARP messages. After the anti-ARP-scan function is disabled, this port will be reset to its default attribute, that is, Untrust port. Example: Set port ethernet 4/5 of the switch as a trusted port. Switch(config)#in e4/5 Switch(Config-If-Ethernet4/5)# anti-arpscan trust port 22.
Commands for ARP Scanning Prevention 22.7 anti-arpscan recovery time Command: anti-arpscan recovery time no anti-arpscan recovery time Function: Configure automatic recovery time; “no anti-arpscan recovery time” command resets the automatic recovery time to default value. Parameters: Automatic recovery time, in second ranging from 5 to 86400. Default Settings: 300 seconds. Command Mode: Global configuration mode User Guide: Automatic recovery function should be enabled first.
Commands for ARP Scanning Prevention Command Mode: Global configuration mode User Guide: After enabling ARP scanning prevention SNMP Trap function, users will receive Trap message whenever a port is closed or recovered by ARP scanning prevention, and whenever IP t is closed or recovered by ARP scanning prevention. Example: Enable ARP scanning prevention SNMP Trap function of the switch. Switch(config)#anti-arpscan trap enable 22.
Commands for ARP Scanning Prevention Ethernet4/3 untrust N 0 Ethernet4/4 trust N 0 Ethernet4/5 untrust N 0 Ethernet4/6 supertrust N 0 Ethernet4/7 untrust Y 30 Ethernet4/8 trust N 0 Ethernet4/9 untrust N 0 Ethernet4/10 untrust N 0 Ethernet4/11 untrust N 0 Ethernet4/12 untrust N 0 Ethernet4/13 untrust N 0 Ethernet4/14 untrust N 0 Ethernet4/15 untrust N 0 Ethernet4/16 untrust N 0 Ethernet4/17 untrust N 0 Ethernet4/18 untrust N 0 Ethernet4/19 unt
Commands for ARP Scanning Prevention Default Settings: Disable the debug switch of ARP scanning prevention Command Mode: Admin Mode User Guide: After enabling debug switch of ARP scanning prevention users can check corresponding debug information or enable the port-based or IP-based debug switch separately whenever a port is closed by ARP scanning prevention or recovered automatically, and whenever IP t is closed or recovered . Example: Enable the debug function for ARP scanning prevention of the switch.
Commands for Preventing ARP Spoofing Chapter 23 Commands for Preventing ARP Spoofing 23.1 ip arp-security updateprotect Command: ip arp-security updateprotect no ip arp-security updateprotect Function: Forbid ARP table automatic update. The "no ip arp-security updateprotect” command re-enables ARP table automatic update. Parameter: None. Default: ARP table automatic update. Command Mode: Global Mode/ Interface configuration.
Commands for Preventing ARP Spoofing still be timeout even if the switch keeps sending Request/Reply messages. Example: Switch(Config-if-Vlan1)# ip arp-security learnprotect Switch(config)# ip arp-security learnprotect 23.4 ipv6 nd-security learnprotect This command is not supported by the switch. 23.5 ip arp-security convert Command: ip arp-security convert Function: Change all of dynamic ARP to static ARP.
Commands for Preventing ARP Spoofing 23.8 clear ipv6 nd dynamic This command is not supported by the switch.
Command for ARP GUARD Chapter 24 Command for ARP GUARD 24.1 arp-guard ip Command: arp-guard ip no arp-guard ip Function: Add an ARP GUARD address, the no command deletes ARP GUARD address. Parameters: is the protected IP address, in dotted decimal notation. Default: There is no ARP GUARD address by default. Command Mode: Port configuration mode Usage Guide: After configuring the ARP GUARD address, the ARP messages received from the ports configured ARP GUARD will be filtered.
Commands for Gratuitous ARP Configuration Chapter 25 Commands for Gratuitous ARP Configuration 25.1 ip gratuitous-arp Command: ip gratuitous-arp [] no ip gratuitous-arp Function: To enabled gratuitous ARP, and specify update interval for gratuitous ARP. The no form of this command will disable the gratuitous ARP configuration. Parameters: is the update interval for gratuitous ARP with its value limited between 5 and 1200 seconds and with default value as 300 seconds.
Commands for Gratuitous ARP Configuration 4094. Command Mode: All the Configuration Modes. Usage Guide: In all the configuration modes, the command show ip gratuitous arp will display information about the gratuitous ARP configuration in global and interface configuration mode. The command show ip gratuitous-arp interface vlan will display information about the gratuitous ARP configuration about the specified VLAN interface.
Commands for DHCP Chapter 26 Commands for DHCP 26.1 Commands for DHCP Server Configuration 26.1.1 bootfile Command: bootfile no bootfile Function: Sets the file name for DHCP client to import on boot up; the “no bootfile “command deletes this setting. Parameters: is the name of the file to be imported, up to 255 characters are allowed. Command Mode: DHCP Address Pool Mode Usage Guide: Specify the name of the file to be imported for the client.
Commands for DHCP be reallocated. Example: Removing all IP-hardware address binding records. Switch#clear ip dhcp binding all Related Command: show ip dhcp binding 26.1.3 clear ip dhcp conflict Command: clear ip dhcp conflict {
| all } Function: Deletes an address present in the address conflict log. Parameters: is the IP address that has a conflict record; all stands for all addresses that have conflict records. Command mode: Admin Mode.Commands for DHCP Command: client-identifier no client-identifier Function: Specifies the unique ID of the user when binding an address manually; the “no client-identifier” command deletes the identifier. Parameters: is the user identifier, in dotted Hex format. Command Mode: DHCP Address Pool Mode Usage Guide: This command is used with “host” when binding an address manually.
Commands for DHCP server. Default: Debug information is disabled by default. Command mode: Admin Mode. 26.1.9 default-router Command: default-router [[…]] no default-router Function: Configures default gateway(s) for DHCP clients; the “no default-router” command deletes the default gateway. Parameters: … are IP addresses, in decimal format. Default: No default gateway is configured for DHCP clients by default.
Commands for DHCP no domain-name Function: Configures the Domain name for DHCP clients; the “no domain-name” command deletes the domain name. Parameters: is the domain name, up to 255 characters are allowed. Command Mode: DHCP Address Pool Mode Default: None Usage Guide: Specifies a domain name for the client. Example: Specifying “foxgate.ua" as the DHCP clients’ domain name. Switch(dhcp-1-config)#domain-name foxgate.ua 26.1.
Commands for DHCP mask in decimal format; means mask is indicated by prefix. For example, mask 255.255.255.0 in prefix is “24”, and mask 255.255.255.252 in prefix is “30”. Command Mode: DHCP Address Pool Mode Default: None Usage Guide: If no mask or prefix is configured when configuring the IP address, and no information in the IP address pool indicates anything about the mask, the system will assign a mask automatically according to the IP address class.
Commands for DHCP Parameter: None. Default: Enable. Command Mode: Port mode. Usage Guide: After the port disables DHCP services, directly drop all DHCP packets sent by the port. Example: The port disables DHCP services. switch(config-if-ethernet1/3)#ip dhcp disable 26.1.
Commands for DHCP 26.1.18 ip dhcp conflict ping-detection enable Command: ip dhcp conflict ping-detection enable no ip dhcp conflict ping-detection enable Function: Enable Ping-detection of conflict on DHCP server; the no operation of this command will disable the function. Parameters: None. Default Settings: By default, Ping-detection of conflict is disabled. Command Mode: Global Configuration Mode.
Commands for DHCP Function: Set the timeout period (in ms) of waiting for a reply message (Echo Request) after each Ping request message (Echo Request) in Ping-detection of conflict on DHCP server, whose default value is 500ms. The no operation of this command will restore the default value. Parameters: is the timeout period of waiting for a reply message after each Ping request message in Ping-detection of conflict. Default Settings: The timeout period is 500ms by default.
Commands for DHCP Default: The default lease time is 1 day. Command Mode: DHCP Address Pool Mode Usage Guide: This command is used to DHCP request packets with option51. If the lease time (user requests the address) exceeds the maximum lease time configured, the lease that DHCP server assigns the address is the maximum lease time configured.
Commands for DHCP node type in Hex from 0 to FF. Default: No client node type is specified by default. Command Mode: DHCP Address Pool Mode Usage Guide: If client node type is to be specified, it is recommended to set the client node type to h-node that broadcasts after point-to-point communication. Example: Setting the node type for client of pool 1 to broadcasting node. Switch(dhcp-1-config)#netbios-node-type b-node 26.1.
Commands for DHCP files from the server on boot up. This command is used together with “bootfile”. Example: Setting the hosting server address as 10.1.128.4. Switch(dhcp-1-config)#next-server 10.1.128.4 26.1.27 option Command: option {ascii | hex | ipaddress } no option Function: Sets the network parameter specified by the option code; the “no option “command cancels the setting for option.
Commands for DHCP 26.1.29 show ip dhcp binding Command: show ip dhcp binding [[] [type {all | manual | dynamic}] [count] ] Function: Displays IP-MAC binding information. Parameters: is a specified IP address in decimal format; all stands for all binding types (manual binding and dynamic assignment); manual for manual binding; dynamic for dynamic assignment; count displays statistics for DHCP address binding entries. Command mode: Admin and Configuration Mode.
Commands for DHCP Command: show ip dhcp relay information option Function: Show the relative configuration for DHCP relay option82. Parameters: None. Command mode: Admin and configuration mode Default: None. Usage guide: None. Example: Set the admin mode timeout value to 6 minutes. Switch#show ip dhcp relay information option ip dhcp server relay information option(i.e. option 82) is enabled ip dhcp relay information option(i.e. option 82) is enabled 26.1.
Commands for DHCP DHCPRELAY 1907 DHCPFORWARD 0 Switch# Displayed information Address pools Explanation Number of DHCP address pools configured. Database agents Number of database agents. Automatic bindings Number of addresses assigned automatically Manual bindings Number of addresses bound manually Conflict bindings Number of conflicting addresses Expired bindings Number of addresses whose leases are expired Malformed message Message Received Number of error messages.
Commands for DHCP Parameter: None. Default: Disable. Command Mode: Global mode Usage Guide: Suppress the forwarding about DHCP broadcast packets, namely, drop or copy DHCP broadcast packets to CPU. Example: Enable DHCP broadcast suppress function. Switch(config)#ip dhcp broadcast suppress 26.2.
Commands for DHCP 26.2.4 ip helper-address Command: ip helper-address no ip helper-address Function: Specifies the destination address for the DHCP relay to forward UDP packets. The “no ip helper-address ” command cancels the setting. Default: None. Command mode: Interface Configuration Mode Usage Guide: The DHCP relay forwarding server address corresponds to the port forwarding UDP, i.e.
Commands for DHCPv6 Chapter 27 Commands for DHCPv6 27.1 clear ipv6 dhcp binding Command: clear ipv6 dhcp binding [] [pd ] Function: To clear one specified DHCPv6 assigned address binding record or all the IPv6 address binding records. Parameter: is the specified IPv6 address with binding record; is the specified IPv6 prefix with binding record; To clear all IPv6 address binding record if there is no specified record.
Commands for DHCPv6 address 2001::1 with the conflict record is not used, so its record will be cleared from address conflict files. Switch#clear ipv6 dhcp conflict 2001::1 27.3 clear ipv6 dhcp statistics Command: clear ipv6 dhcp statistics Function: Clear the statistic records of DHCPv6 packets, the statistic counter of DHCPv6 packets is cleared. Parameter: None.
Commands for DHCPv6 Command Mode: Admin Mode. Example: Switch# debug ipv6 dhcp detail 27.6 debug ipv6 dhcp relay packet Command: debug ipv6 dhcp relay packet no debug ipv6 dhcp relay packet Function: To enable the debugging information for protocol packets of DHCPv6 relay, the no form of this command will disable the debugging. Default: Disabled. Command Mode: Admin Mode. Example: Switch# debug ipv6 dhcp relay packet 27.
Commands for DHCPv6 Command Mode: DHCPv6 Address Pool Configuration Mode. Usage Guide: For each address pool, at most three DNS server can be configured, and the addresses of the DNS server must be valid IPv6 addresses. Example: To configure the DNS Server address of DHCPv6 client as 2001:da8::1. Switch(dhcp-1-config)#dns-server 2001:da8::1 27.
Commands for DHCPv6 27.11 ipv6 address Command: ipv6 address no ipv6 address Function: To configure the specified interface to use prefix delegation for address allocation. The no form of this command will disable the using of prefix delegation for address allocation.
Commands for DHCPv6 Usage Guide: This command is used to configure the prefix delegation client on the specified interface, an interface with prefix delegation client enabled will send SOLICIT packets to try to get address prefix from the server. If the prefix is retrieved correctly, the address prefix in the global address pool can be used by the ipv6 address command to generate a valid IPv6 address. This command is exclusive with ipv6 dhcp server and ipv6 dhcp relay destination.
Commands for DHCPv6 27.14 ipv6 dhcp pool Command: ipv6 dhcp pool no ipv6 dhcp pool Function: To configure the address pool for DHCPv6, and enter the DHCPv6 address pool configuration mode. In this mode, information such as the address prefix to be allocated, the DNS server addresses, and domain names, can be configured for the DHCPv6 client. The no form of this command will remove the configuration of the address pool.
Commands for DHCPv6 Command Mode: Interface Configuration Mode. Default: By default, destination address for DHCPv6 relay is not configured. Usage Guide: This command is used to configure the DHCPv6 relay for the specified interface, the address should be the address of another DHCPv6 relay or the address DHCPv6 server. At most three relay addresses can be configured for an interface. To be mentioned, the DHCPv6 relay stops working only if all the relay destination address configurations have been removed.
Commands for DHCPv6 27.17 ipv6 general-prefix Command: ipv6 general-prefix no ipv6 general-prefix Function: To define an IPv6 general prefix. The no form of this command will delete the configuration. Parameter: is a character string less than 32 characters, to use as IPv6 general prefix name. is defined as IPv6 general prefix. Command Mode: Global Mode.
Commands for DHCPv6 the associated “prefix delegation” command will be in-effective either. 27.19 lifetime Command: lifetime { | infinity} { | infinity} no lifetime Function: To configure the life time for the addresses or the address prefixes allocated by DHCPv6. The no form of this command will restore the default setting.
Commands for DHCPv6 Usage Guide: This command configures the address pool for the DHCPv6 server to allocate addresses, only one address range can be configured for each address pool. To be noticed, if the DHCPv6 server has been enabled, and the length of the IPv6 address prefix has been configured, the length of the prefix in the address pool should be no less than the length of the prefix of the IPv6 address of the respective layer three interfaces in the switch.
Commands for DHCPv6 0001000600000005000BBFAA240812 27.22 prefix-delegation pool Command: prefix-delegation pool [lifetime ] no prefix-delegation pool Function: To configure prefix delegation name used by DHCPv6 address pool. The no form of this command deletes the configuration. Parameters: is the name of the address prefix pool, the length name string should be less than 32.
Commands for DHCPv6 function, DHCPv6 prefix delegation function. All of the above services are configured on ports. Only when DHCPv6 server function is enabled, the IP address assignment of DHCPv6 client, DHCPv6 relay and DHCPv6 prefix delegation functions enabled can be configured on ports. Example: To enable DHCPv6 server. Switch(config)#service dhcpv6 27.24 show ipv6 dhcp Command: show ipv6 dhcp Function: To show the enable switch and DUID of DHCPv6 service. Command Mode: Admin and Configuration Mode.
Commands for DHCPv6 Lease expires at %Jan 31 01:34:44 1970 (2592000 seconds left) The number of DHCPv6 bindings is 1 27.26 show ipv6 dhcp conflict Command: show ipv6 dhcp conflict Function: Show the log for the address that have a conflict record. Command mode: Admin and Configuration Mode. Example: Switch# show ipv6 dhcp conflict 27.27 show ipv6 dhcp interface Command: show ipv6 dhcp interface [] Function: To show the information for DHCPv6 interface.
Commands for DHCPv6 Command Mode: Admin and Configuration Mode. Usage Guide: To display the configuration and dynamic assignment information for DHCPv6 address pool, include the name of DHCPv6 address pool, the prefix of DHCPv6 address pool, excluded address, DNS server configuration, relative prefix information and so on. To display assigned address binding number of address pool that is used as address assignment server.
Commands for DHCPv6 DHCP6SOLICIT 0 DHCP6ADVERTISE 0 DHCP6REQUEST 0 DHCP6REPLY 0 DHCP6RENEW 0 DHCP6REBIND 0 DHCP6RELEASE 0 DHCP6DECLINE 0 DHCP6CONFIRM 0 DHCP6RECONFIGURE 0 DHCP6INFORMREQ 0 DHCP6RELAYFORW 0 DHCP6RELAYREPLY 0 Show information Explanation Address pools To configure the number of DHCPv6 address pools; Active bindings The number of auto assign addresses; Expiried bindings The number of expiried bindings; Malformed message The number of malformed messages; Mess
Commands for DHCPv6 DHCP6RENEW The number of DHCPv6 RENEW packets. DHCP6REBIND The number of DHCPv6 REBIND packets. DHCP6RELEASE The number of DHCPv6 RELEASE packets. DHCP6DECLINE The number of DHCPv6 DECLINE packets. DHCP6CONFIRM The number of DHCPv6 CONFIRM packets. DHCP6RECONFIGURE The number of DHCPv6 RECONFIGURE packets. DHCP6INFORMREQ The number of DHCPv6 INFORMREQ packets. DHCP6RELAYFORW The number of DHCPv6 RELAYFORW packets. 27.
Commands for DHCP Option 82 Chapter 28 Commands for DHCP Option 82 28.1 debug ip dhcp relay packet Command: debug ip dhcp relay packet Function: This command is used to display the information of data packets processing in DHCP Relay Agent, including the “add” and “peel” action of option 82. Parameters: None Command Mode: Admin Mode.
Commands for DHCP Option 82 28.3 ip dhcp relay information option delimiter Command: ip dhcp relay information option delimiter [colon | dot | slash | space] no ip dhcp relay information option delimiter Function: Set the delimiter of each parameter for suboption of option82 in global mode, no command restores the delimiter as slash. Parameters: None. Default Settings: slash (“/”).
Commands for DHCP Option 82 Parameters: default means that remote-id is the VLAN MAC address with hexadecimal format, vs-hp means that remote-id is compatible with the remote-id format of HP manufacturer. Default: default. Command Mode: Global mode Usage Guide: The default remote-id format defined as below: Remote option Length type 2 6 MAC 1 byte 1 byte 6 byte MAC means VLAN MAC address.
Commands for DHCP Option 82 For mac, use the format such as 00-02-d1-2e-3a-0d if it is filled to packets with ascii format, but hex format occupies 6 bytes. Each option will be filled to packets according to the configured order of the commands and divide them with delimiter (delimiter is ip dhcp relay information option delimiter configuration). Example: Set self-defined method and character string of remote-id suboption are hostname and abc respectively for option82.
Commands for DHCP Option 82 interface, it will create circuit-id suboption for option82 according to self-defined method. Self-defined format of circuit-id: if self-defined format is ascii, the filled format of vlan such as “Vlan2”, the format of port such as “Ethernet1/1”, the format of mac and remote-mac such as “00-02-d1-2e-3a-0d”.
Commands for DHCP Option 82 is the circuit-id contents of option82 specified by users, which is a string no longer than 64 characters. The” no ip dhcp relay information option subscriber-id” command will set the format of added option82 sub-option1 (Circuit ID option) as standard format. Parameters: None Command Mode: Interface configuration mode. Default Settings: The system uses the standard format to set the circuit-id of option 82 by default.
Commands for DHCP Option 82 Slot is 1; default Module is 0; Port means port number which begins from 1. The compatible subscriber-id format with HP manufacturer defined as below: Suboption Length type 1 2 Port 1 byte 1 byte 2 byte Port means port number which begins from 1. Example: Set subscriber-id format of Relay Agent option82 as hexadecimal format. Switch(config)#ip dhcp relay information option subscriber-id format hex 28.
Commands for DHCP Option 82 28.13 ip dhcp server relay information enable Command: ip dhcp server relay information enable no ip dhcp server relay information enable Function: This command is used to enable the switch DHCP server to identify option82. The “no ip dhcp server relay information enable” command will make the server ignore the option 82. Parameters: None Command Mode: Global configuration mode Default Setting: The system disable the option82 identifying function by default.
Commands for DHCP option 60 and option 43 Chapter 29 Commands for DHCP option 60 and option 43 29.1 option 43 ascii LINE Command: option 43 ascii LINE no option 43 Function: Configure option 43 character string with ascii format in ip dhcp pool mode. The no command deletes the configured option 43. Parameter: LINE: The configured option 43 character string with ascii format, its length range between 1 and 255. Default: No option 43 character string is configured.
Commands for DHCP option 60 and option 43 29.3 option 43 ip A.B.C.D Command: option 43 ip A.B.C.D no option 43 Function: Configure option 43 character string with IP format in ip dhcp pool mode. The no command deletes the configured option 43. Parameter: A.B.C.D: The configured option 43 with IP format, such as 192.168.1.1. Default: No option 43 is configured. Command Mode: ip dhcp pool mode Usage Guide: Using this command to configure option 43, such as "192.168.1.
Commands for DHCP option 60 and option 43 a1241b. Default: No option 60 is configured. Command Mode: ip dhcp pool mode Usage Guide: None. Example: Configure option 60 with hex format to be "41502031303030". router(config)#ip dhcp pool a router(dhcp-a-config)#option 60 hex 41502031303030 29.6 option 60 ip A.B.C.D Command: option 60 ip A.B.C.D no option 60 Function: Configure option 60 character string with IP format in ip dhcp pool mode. The no command deletes the configured option 60. Parameter: A.B.C.
Commands for DHCPv6 option37, 38 Chapter 30 Commands for DHCPv6 option37, 38 30.1 Commands for DHCPv6 option37, 38 30.1.1 address range Command: address range no address range Function: This command is used to set address range for a DHCPv6 class in DHCPv6 address pool configuration mode, the no command is used to remove the address range. The prefix/plen form is not supported.
Commands for DHCPv6 option37, 38 Parameters: class-name, the name of DHCPv6 class. Default: None. Command Mode: DHCPv6 address pool configuration mode Usage Guide: It is recommended to define this class first using global command of IPv6 DHCP class. No class will be created if you input a class name which doesn’t exist. Example: Associate the DHCPv6 class named CLASS1 to dhcpv6 pool 1. Switch(Config)#ipv6 dhcp pool 1 Switch(dhcp-1-config)#class CLASS1 30.1.
Commands for DHCPv6 option37, 38 condition when default remote-id of the switch cannot satisfy the demand of server. The enterprise-number together with vlan MAC address is used as the remote-id by default. Example: Enable abc as the remote-id of DHCPv6 option 37. Switch(Config-if-vlan1)# ipv6 dhcp relay remote-id abc 30.1.
Commands for DHCPv6 option37, 38 Switch(Config-if-vlan1)# ipv6 dhcp relay subscriber-id abc 30.1.7 ipv6 dhcp relay subscriber-id option Command: ipv6 dhcp relay subscriber-id option no ipv6 dhcp relay subscriber-id option Function: This command enables switch relay to support the option 38, the no form of this command disables it. Parameters: None. Default: Disable the relay option 38.
Commands for DHCPv6 option37, 38 Switch(config)# ipv6 dhcp relay subscriber-id select sp delimiter # 30.1.9 ipv6 dhcp server remote-id option Command: ipv6 dhcp server remote-id option no ipv6 dhcp server remote-id option Function: This command enables DHCPv6 server to support the identification of option 37, the no form of this command disables it. Parameters: None. Default: Do not support option 37.
Commands for DHCPv6 option37, 38 38, the no operation of this command disables it. Parameters: None. Default: Do not support option 38. Command Mode: Global configuration mode Usage Guide: Configure this command if option 38 is expected to be identified and processed by DHCPv6 server, otherwise they will be ignored. option 38 is not supported by default. Example: Enable DHCPv6 server to support option 38. Switch(Config)# ipv6 dhcp server subscriber-id option 30.1.
Commands for DHCPv6 option37, 38 Command Mode: Global configuration mode Usage Guide: Only after this command is configured, DHCPv6 SNOOPING can add option 37 in DHCPv6 packets before sending it to server or relay agent. Make sure that DHCPv6 SNOOPING has been enabled before execute this command. The system disables option 37 of DHCPv6 SNOOPING by default. Example: Enable option 37 in DHCPv6 SNOOPING. Switch(Config)#ipv6 dhcp snooping enable Switch(Config)#ipv6 dhcp snooping remote-id option 30.1.
Commands for DHCPv6 option37, 38 name such as "Vlan2+Ethernet1/2". Parameters: subscriber-id, user-defined content of option 38 Default: Set subscriber-id in option 38 to vlan name together with port name. Command Mode: Port mode Usage Guide: Because option 38 information added by switch may associate with third-party DHCPv6 servers, users can specify subscriber-id content based on server condition when standard subscriber-id of the switch cannot satisfy the demand of server.
Commands for DHCPv6 option37, 38 packets with option 38 as replace. Parameters: None. Default: Using replace mode to replace option 38 of current packets with system’s own. Command Mode: Global configuration mode Usage Guide: Since DHCPv6 client packets may already include option 38 information, corresponding processing policy of DHCPv6 SNOOPING is requested to develop. If the reforward policy is set as replace, option 38 has to be enabled in advance.
Commands for DHCPv6 option37, 38 30.1.19 ipv6 dhcp use class Command: ipv6 dhcp use class no ipv6 dhcp use class Function: This command enables DHCPv6 server to support DHCPv6 class during address assignment, the no operation of this command disables it without removing the relative DHCPv6 class information that has been configured. Parameters: None. Default: DHCPv6 server supports DHCPv6 class during address assignment.
Commands for DHCPv6 option37, 38 CLASS1. Switch(Config)# ipv6 dhcp class CLASS1 Switch(Dhcpv6-class)#remote-id abc* subscriber-id bcd* Switch(Dhcpv6-class)#remote-id edf* Switch(Dhcpv6-class)#subscriber *mmn 30.2 Commands for Monitoring and Debugging 30.2.1 debug ipv6 dhcp detail Command: debug ipv6 dhcp detail Function: Display the debug about detailed content of various packets sent and received by DHCPv6. If packets with option 37 and option 38, they will also be displayed.
Commands for DHCPv6 option37, 38 30.2.2 debug ipv6 dhcp relay packet Command: debug ip dhcp relay packet Function: Display the information of relay packet processing. Parameters: None. Command Mode: Admin mode Usage Guide: This command is used to display the process of relay packet processed by relay agent together with the action information of option 37 and option 38.
Commands for DHCPv6 option37, 38 %Jan 05 00:26:40 2006 DHCP6SNP PACKET: to vlan 24 except port Ethernet1/23 (designPort flag 0) %Jan 05 00:26:40 2006 DHCP6SNP PACKET: and return packet to network stack switch# 30.2.4 show ipv6 dhcp relay option Command: show ipv6 dhcp relay option Function: Display the configuration of system relay agent, including the enable switch for option 37 and option 38. Parameters: None.
Commands for DHCP Snooping Chapter 31 Commands for DHCP Snooping 31.1 debug ip dhcp snooping binding Command: debug ip dhcp snooping binding no debug ip dhcp snooping binding Function: This command is use to enable the DHCP SNOOPING debug switch to debug the state of binding data of DHCP SNOOPING. Command Mode: Admin mode Usage Guide: This command is mainly used to debug the state of DHCP SNOOPING task when it adds ARP list entries, dot1x users and trusted user list entries according to binding data. 31.
Commands for DHCP Snooping option 82 and etc. 31.4 debug ip dhcp snooping packet interface Command: debug ip dhcp snooping packet interface {[ethernet] } no debug ip dhcp snooping packet {[ethernet] } Function: This command is used to enable the DHCP SNOOPING debug switch to debug the information that DHCP SNOOPING is receiving a packet. Parameters: : Interface name. Command Mode: Admin Mode.
Commands for DHCP Snooping Example: Enable encrypt or hash function of private message. Switch(config)# enable trustview key 0 switch 31.7 ip dhcp snooping Command: ip dhcp snooping enable no ip dhcp snooping enable Function: Enable the DHCP Snooping function. Parameters: None. Command Mode: Globe mode. Default Settings: DHCP Snooping is disabled by default. Usage Guide: When this function is enabled, it will monitor all the DHCP Server packets of non-trusted ports.
Commands for DHCP Snooping blackhole, and the recovery time is 30 seconds. switch(config)#interface ethernet 1/1 switch(Config-Ethernet1/1)#ip dhcp snooping action blackhole recovery 30 31.9 ip dhcp snooping action MaxNum Command: ip dhcp snooping action {|default} Function: Set the number of defense action that can be simultaneously took effect. Parameters: : the number of defense action on each port, the range of which is 1-200, and the value of which is 10 by default.
Commands for DHCP Snooping 31.11 ip dhcp snooping binding arp This command is not supported by the switch. 31.12 ip dhcp snooping binding dot1x Command: ip dhcp snooping binding dot1x no ip dhcp snooping binding dot1x Function: Enable the DHCP Snooping binding DOT1X funciton. Parameters: None Command Mode: Port mode Default Settings: By default, the binding DOT1X funciton is disabled on all ports.
Commands for DHCP Snooping Default Settings: DHCP Snooping has no static binding list entry by default. Usage Guide: The static binding users is deal in the same way as the dynamic binding users captured by DHCP SNOOPING; the follwoing actions are all allowed: notifying DOT1X to be a controlled user of DOT1X, adding a trusted user list entry directly, adding a bingding ARP list entry. The static binding uses will never be aged, and have a priority higher than dynamic binding users.
Commands for DHCP Snooping 31.15 ip dhcp snooping binding user-control max-user Command: ip dhcp snooping binding user-control max-user no ip dhcp snooping binding user-control max-user Function: Set the max number of users allowed to access the port when enabling DHCP Snooping binding user funciton; the no operation of this command will restore default value. Parameters: the max number of users allowed to access the port, from 0 to 1024. Command Mode: Port Configuration Mode.
Commands for DHCP Snooping in option 82 (Circuit ID option) is standard vlan name plus physical port name, like vlan1+ethernet1/12. That of option2 in option 82 (remote ID option) is CPU MAC of the switch, like 00030f023301. If a DHCP request message with option 82 options is received, DHCP Snooping will replace those options in the message with its own. If a DHCP reply message with option 82 options is received, DHCP Snooping will dump those options in the message and forward it.
Commands for DHCP Snooping Parameters: None. Default Settings: slash (“/”). Command Mode: Global mode Usage Guide: Divide parameters with the configured delimiters after users have defined them which are used to create suboption (remote-id, circuit-id) of option82 in global mode. Example: Set the parameter delimiters as dot (“.”) for suboption of option82. Switch(config)# ip dhcp snooping information option delimiter dot 31.
Commands for DHCP Snooping maximum length is 64. Command Mode: Global Mode Default: Using standard method. Usage Guide: After configure this command, if users do not configure ip dhcp snooping information option remote-id globally, it will create remote-id suboption for option82 according to self-defined method. For mac, use the format such as 00-02-d1-2e-3a-0d if it is filled to packets with ascii format, but hex format occpies 6 bytes.
Commands for DHCP Snooping circute-id suboption by themselves. Parameters: WORD the defined character string of circuit-id by themselves, the maximum length is 64. Command Mode: Global Mode Default: Using standard method. Usage Guide: After configure this command, if users do not configure circuit-id on port, it will create circuit-id suboption for option82 according to self-defined method.
Commands for DHCP Snooping 31.24 ip dhcp snooping information option subscriber-id Command: ip dhcp snooping information option subscriber-id {standard | } no ip dhcp snooping information option subscriber-id Function: Set the suboption1 (circuit ID option) content of option 82 added by DHCP request packets (they are received by the port). The no command sets the additive suboption1 (circuit ID option) format of option 82 as standard.
Commands for DHCP Snooping Suboption type Length Circuit ID type Length 1 8 0 6 VLAN Slot Module Port 1 byte 1 byte 1 byte 1 byte 2 byte 1 byte 1 byte 2 byte VLAN field fill in VLAN ID. For chassis switch, Slot means slot number, for box switch, Slot is 1; default Module is 0; Port means port number which begins from 1.
Commands for DHCP Snooping 31.27 ip dhcp snooping trust Command: ip dhcp snooping trust no ip dhcp snooping trust Function: Set or delete the DHCP Snooping trust attributes of a port. Parameters: None Command Mode: Port mode Default Settings: By default, all ports are non-trusted ports Usage Guide: Only when DHCP Snooping is globally enabled, can this command be set.
Commands for DHCP Snooping usage is described in the chapter of dot1x configuration. Two HELPER SERVER addresses are allowed, DHCP SNOOPING will try to connect to PRIMARY SERVER in the first place. Only when the PRIMARY SERVER is unreachable, will the switch c HELPER SERVER connects to SECONDARY SERVER. Please pay attention: source address is the effective management IP address of the switch, if the management IP address of the switch changes, this configuration should be updated in time.
Commands for DHCP Snooping Usage Guide: If there is no specific port, then display the current cofiguration information of dhcp snooping, otherwise, display the records of defense actions of the specific port. Example: switch#show ip dhcp snooping DHCP Snooping is enabled DHCP Snooping binding arp: disabled DHCP Snooping maxnum of action info:10 DHCP Snooping limit rate: 100(pps), switch ID: 0003.0F12.
Commands for DHCP Snooping Ethernet1/23 untrust none 0second 0 0 Ethernet1/24 untrust none 0second 0 0 Displayed Information Explanation DHCP Snooping is enable Whether the DHCP Snooping is globally enabled or disabled. DHCP Snooping binding arp Whether the ARP binding function is enabled.
Commands for DHCP Snooping switch#show ip dhcp snooping int Ethernet1/1 interface Ethernet1/1 user config: trust attribute: untrust action: none binding dot1x: disabled binding user: disabled recovery interval:0(s) Alarm info: 0 Binding info: 0 Expired Binding: 0 Request Binding: 0 Displayed Information Explanation interface The name of port trust attribute The truest attributes of the port action The automatic defense action of the port recovery interval The automatic recovery time of the port
Commands for DHCP Snooping Command Mode: Admin and Global Configuration Mode. Default Settings: None. Usage Guide: This command can check the global binding information of DHCP snooping, each table entry includes the corresponding MAC address, IP address, port name, VLAN ID and the flag of the binding state. Besides, DHCP Snooping must be enabled globally, this command can be configured.
Commands for DHCP Snooping Default: None. Usage Guide: This command can be used for debugging the communication messages between the switch and the TrustView server, messages such as protocol version notification, encryption negotiation, free resource and web URL redirection, and the number of forced log-off messages, as well as the number of forced accounting update messages, can be displayed. Example: Switch#show trustview status Primary TrustView Server 200.101.0.
Commands for DHCP Snooping option 82 Chapter 32 Commands for DHCP Snooping option 82 32.1 ip dhcp snooping information enable Command: ip dhcp snooping information enable no ip dhcp snooping information enable Function: This command will enable option 82 function of DHCP Snooping on the switch, the no operation of this command will disable that function. Parameters: None. Default Settings: Option 82 function is disabled in DHCP Snooping by default. Command Mode: Global Configuration Mode.
IPv4 Multicast Protocol Chapter 33 IPv4 Multicast Protocol 33.1 Commands for DCSCM 33.1.
IPv4 Multicast Protocol other ACLs, and use wildcard character to configure address range, and also specify a host address or all address. Remarkable, “all address” is 224.0.0.0/4 according to group IP address, not 0.0.0.0/0 in other access-list. Example: Switch(config)#access-list 6000 permit ip 10.1.1.0 0.0.0.255 232.0.0.0 0.0.0.255 Switch(config)# 33.1.
IPv4 Multicast Protocol address, not 0.0.0.0/0 in other access-list. Example: Switch(config)#access-list 5000 permit ip 10.1.1.0 0.0.0.255 232.0.0.0 0.0.0.255 33.1.3 ip multicast destination-control This command is not supported by the switch. 33.1.
IPv4 Multicast Protocol Parameter: : IP address and mask length; <6000-7999>: Destination control access-list number. Default: None Command Mode: Global Mode Usage Guide: The command is only working under global multicast destination-control enabled, after configuring the command, if IGMP-SPOOPING or IGMP is enabled, for adding the members to multicast group.
IPv4 Multicast Protocol 33.1.7 ip multicast policy Command: ip multicast policy cos no ip multicast policy cos Function: Configure multicast policy, the “no ip multicast policy cos” command deletes it. Parameter: : are multicast source address, mask length, destination address, and mask length separately.
IPv4 Multicast Protocol Function: Configure multicast source control access-list used on interface, the “no ip multicast source-control access-group <5000-5099>” command deletes the configuration. Parameter: <5000-5099>: Source control access-list number. Default: None Command Mode: Interface Configuration Mode Usage Guide: The command configures with only enabling global multicast source control.
IPv4 Multicast Protocol [detail] show ip multicast destination-control [detail] Function: Display multicast destination control Parameter: detail: expresses if it display information in detail or not.. : interface name or interface aggregation name, such as Ethernet1/1, port-channel 1 or ethernet1/1.
IPv4 Multicast Protocol 33.1.13 show ip multicast policy Command: show ip multicast policy Function: Display multicast policy of configuration Parameter: None Default: None Command Mode: Admin Mode and Global Mode Usage Guide: The command displays multicast policy of configuration Example: Switch#show ip multicast policy ip multicast-policy 10.1.1.0/24 225.0.0.0/8 cos 5 33.1.
IPv4 Multicast Protocol configuration Example: Switch#sh ip multicast source-control access-list access-list 5000 permit ip 10.1.1.0 0.0.0.255 232.0.0.0 0.0.0.255 access-list 5000 deny ip 10.1.1.0 0.0.0.255 233.0.0.0 0.255.255.255 33.2 Commands for IGMP Snooping 33.2.1 clear ip igmp snooping vlan Command: clear ip igmp snooping vlan <1-4094> groups [A.B.C.D] Function: Delete the group record of the specific VLAN. Parameters: <1-4094> the specific VLAN ID; A.B.C.D the specific group address.
IPv4 Multicast Protocol 33.2.3 debug igmp snooping all/packet/event/timer/mfc Command: debug igmp snooping all/packet/event/timer/mfc no debug igmp snooping all/packet/event/timer/mfc Function: Enable the IGMP Snooping switch of the switch; the “no debug igmp snooping all/packet/event/timer/mfc” disables the debugging switch. Command Mode: Admin Mode Default: IGMP Snooping debugging switch is disabled on the switch by default.
IPv4 Multicast Protocol 33.2.6 ip igmp snooping vlan Command: ip igmp snooping vlan no ip igmp snooping vlan Function: Enable the IGMP Snooping function for the specified VLAN; the “no ip igmp snooping vlan ” command disables the IGMP Snooping function for the specified VLAN. Parameter: is the VLAN number. Command mode: Global Mode Default: IGMP Snooping is disabled by default.
IPv4 Multicast Protocol Parameter: vlan-id: is ID number of the VLAN, ranging is <1-4094>. Command Mode: Global mode Default: VLAN is not as the IGMP Snooping layer 2 general querier. Usage Guide: It is recommended to configure a layer 2 general querier on a segment. IGMP Snooping function will be enabled by this command if not enabled on this VLAN before configuring this command, IGMP Snooping function will not be disabled when disabling the layer 2 general querier function.
IPv4 Multicast Protocol Default: version 3. Usage Guide: When the switch is connected to V1 and V2 capable environment, and for VLAN which has source of layer 2 query configuration, the VLAN can be queried only if the version number has been specified. This command is used to query the layer 2 version number. Example: Switch(config)#ip igmp snooping vlan 2 L2-general-query-version 2 33.2.
IPv4 Multicast Protocol Function: Configure static mrouter port of VLAN. The no form of the command cancels this configuration. Parameter: vlan-id: ranging between <1-4094> ehternet: Name of Ethernet port ifname: Name of interface port-channel: Port aggregation Command Mode: Global mode Default: No static mrouter port on VLAN by default. Usage Guide: When a port is a static mrouter port while also a dynamic mrouter port, it should be taken as a static mrouter port.
IPv4 Multicast Protocol port. To use this command, IGMP Snooping of this VLAN should be enabled previously. Example: Switch(config)#ip igmp snooping vlan 2 mrpt 100 33.2.15 ip igmp snooping vlan query-interval Command: ip igmp snooping vlan query-interval no ip igmp snooping vlan query-interval Function: Configure this query interval.
IPv4 Multicast Protocol query-robustness” command restores to the default value. Parameter: vlan-id: VLAN ID, ranging between <1-4094> value: ranging between <2-10> Command Mode: Global mode Default: 2 Usage Guide: It is recommended to use the default settings. Please keep this configure in accordance with IGMP configuration as possible if layer 3 IGMP is running. Example: Switch(config)#ip igmp snooping vlan 2 query- robustness 3 33.2.
IPv4 Multicast Protocol 1 to 25, default value is 1. Command Mode: Global mode Default: Enable the function. Usage Guide: After enable vlan snooping in global mode, input this command to configure the maximum query response time of the specific group. Example: Configure/cancel the specific-query-mrsp of vlan3 as 2s. Swith(config)#ip igmp snooping vlan 3 specific-query-mrsp 2 Swith(config)#no ip igmp snooping vlan 3 specific-query-mrspt 33.2.
IPv4 Multicast Protocol value: ranging between<1-65535> seconds Command Mode: Global mode Default: 255s Usage Guide: This command can only be configured on L2 general querier. The Suppression-query-time refers to the period of suppression state in which the querier enters when receives query from the layer 3 IGMP in the segments. Example: Switch(config)#ip igmp snooping vlan 2 suppression-query-time 270 33.2.
IPv4 Multicast Protocol Igmp snooping L2 general querier :Yes(COULD_QUERY) Igmp snooping query-interval :125(s) Igmp snooping max reponse time :10(s) Igmp snooping robustness :2 Igmp snooping mrouter port keep-alive time :255(s) Igmp snooping query-suppression time :255(s) IGMP Snooping Connect Group Membership Note:*-All Source, (S)- Include Source, [S]-Exclude Source Groups Sources Ports Exptime System Level 238.1.1.1 (192.168.0.1) Ethernet1/8 00:04:14 V2 (192.168.0.
Multicast Protocol Chapter 34 Multicast Protocol 34.1 Commands for MLD Snooping Configuration 34.1.1 clear ipv6 mld snooping vlan Command: clear ipv6 mld snooping vlan <1-4094> groups [X:X::X:X] Function: Delete the group record of the specific VLAN. Parameters: <1-4094> the specific VLAN ID; X:X::X:X the specific group address. Command Mode: Admin Configuration Mode Usage Guide: Use show command to check the deleted group record. Example: Delete all groups.
Multicast Protocol Default: The MLD Snooping Debugging of the switch is disabled by default Usage Guide: This command is used for enabling the switch MLD Snooping debugging, which displays the MLD data packet message processed by the switch——packet, event messages——event, timer messages——timer,messages of down streamed hardware entry——mfc,all debug messages——all. 34.1.
Multicast Protocol 34.1.6 ipv6 mld snooping vlan immediate-leave Command: ipv6 mld snooping vlan immediate-leave no ipv6 mld snooping vlan immediate-leave Function: Enable immediate-leave function of the MLD protocol in specified VLAN; the “no” form of this command disables the immediate-leave function of the MLD protocol Parameter: is the id number of specified VLAN, with valid range of <1-4094>.
Multicast Protocol 34.1.8 ipv6 mld snooping vlan limit Command: ipv6 mld snooping vlan < vlan-id > limit {group | source } no ipv6 mld snooping vlan < vlan-id > limit Function: Configure number of groups the MLD snooping can join and the maximum number of sources in each group.
Multicast Protocol Example: Switch(config)#ipv6 mld snooping vlan 2 mrouter-port interface ethernet1/13 34.1.10 ipv6 mld snooping vlan mrouter-port learnpim6 Command: ipv6 mld snooping vlan mrouter-port learnpim6 no ipv6 mld snooping vlan mrouter-port learnpim6 Function: Enable the function that the specified VLAN learns mrouter-port (according to pimv6 packets), the no command will disable the function. Parameter: : The specified VLAN ID, ranging from 1 to 4094.
Multicast Protocol Default: 125s Usage Guide: It is recommended to use default value and if layer 3 MLD is in operation, please make this configuration in accordance with the MLD configuration as possible. Example: Switch(config)#ipv6 mld snooping vlan 2 query-interval 130 34.1.13 ipv6 mld snooping vlan query-mrsp Command: ipv6 mld snooping vlan query-mrsp no ipv6 mld snooping vlan query-mrsp Function: Configure the maximum query response period.
Multicast Protocol 34.1.15 ipv6 mld snooping vlan static-group Command: ipv6 mld snooping vlan static-group [source< X:X::X:X>] interface [ethernet | port-channel] no ipv6 mld snooping vlan static-group [source< X:X::X:X>] interface [ethernet | port-channel] Function: Configure static-group on specified port of the VLAN. The no form of the command cancels this configuration.
Multicast Protocol Example: Switch(config)#ipv6 mld snooping vlan 2 suppression-query-time 270 34.1.
Multicast Protocol Mld snooping mrouter port keep-alive time :255(s) Mld snooping query-suppression time :255(s) MLD Snooping Connect Group Membership Note:*-All Source, (S)- Include Source, [S]-Exclude Source Groups Sources Ports Exptime System Level Ff1e::15 (2000::1) Ethernet1/8 00:04:14 V2 (2000::2) Ethernet1/8 00:04:14 V2 Mld snooping vlan 1 mrouter port Note:"!"-static mrouter port !Ethernet1/2 Displayed information Mld snooping Explanation L2 general querier whether or not l2-
Commands for Multicast VLAN Chapter 35 Commands for Multicast VLAN 35.1 multicast-vlan Command: multicast-vlan no multicast-vlan Function: Enable multicast VLAN function on a VLAN; the “no” form of this command disables the multicast VLAN function. Parameter: None. Command Mode: VLAN Configuration Mode. Default: Multicast VLAN function not enabled by default. Usage Guide: The multicast VLAN function can not be enabled on Private VLAN.
Commands for Multicast VLAN another VLAN after the multicast VLAN is enabled. Only one multicast VLAN can be enabled on a switch. Examples: Switch(config)#vlan 2 Switch(Config-Vlan2)# multicast-vlan association 3, 4 35.
Commands for Multicast VLAN 35.4 switchport association multicast-vlan Command: switchport association multicast-vlan out-tag no switchport association multicast-vlan Function: Associate a port with the specified multicast VLAN; the no command cancels the association. Parameter: : The multicast VLAN associates with the port. Each port can only be associated with one multicast VLAN, and the association will be successful only when the multicast VLAN is existent.
Commands for ACL Chapter 36 Commands for ACL 36.1 absolute-periodic/periodic Command: [no] absolute-periodic {Monday|Tuesday|Wednesday|Thursday|Friday |Saturday|Sunday}to{Monday|Tuesday|Wednesday|Thursday|Friday|S aturday| Sunday} [no]periodic{{Monday+Tuesday+Wednesday+Thursday+Friday+Satur day+Sunday}|daily| weekdays | weekend} to Functions: Define the time-range of different commands within one week, and every week to circulate subject to this time.
Commands for ACL during Tuesday to Saturday. Switch(config)#time-range admin_timer Switch(Config-Time-Range-admin_timer)#absolute-periodic Tuesday 9:15:30 to Saturday 12:30:00 Make configurations effective within the period from 14:30:00 to 16:45:00 on Monday, Wednesday, Friday and Sunday. Switch(Config-Time-Range-admin_timer)#periodic Monday Wednesday Friday Sunday 14:30:00 to 16:45:00 36.
Commands for ACL 36.3 access-list deny-preemption This command is not supported by the switch. 36.
Commands for ACL notation, attentive position o, ignored position1;,the type of igmp, 0-15; , the type of icmp, 0-255;, protocol No. of icmp, 0-255;, IP priority, 0-7; , to value, 0-15; , source port No., 0-65535; , the down boundary of source port; , the up boundary of source port; , the down boundary of destination port; , the up boundary of destination port; , destination port No.
Commands for ACL standard IP access-list. Parameters: is the No. of access-list, 100-199; is the source IP address, the format is dotted decimal notation; is the reverse mask of source IP, the format is dotted decimal notation. Command Mode: Global mode Default: No access-lists configured. Usage Guide: When the user assign specific for the first time, ACL of the serial number is created, then the lists are added into this ACL.
Commands for ACL Switch(config)#access-list 1100 permit any-source-mac any-destination-mac tagged-eth2 36.
Commands for ACL access-list {deny|permit}{any-source-mac| }|{ {any-destination-mac|{host-destination-mac {host-source-mac }|{ }} }} {eigrp|gre|igrp|ip|ipinip|ospf|{ }} {{ }|any-source|{host-source }} {{ }|any-destination| {host-destination }} [precedence ] [tos ][time-range ] F
Commands for ACL service type which ia number from 0-15; icmp-type (optional) ICMP packets can be filtered by packet type which is a number from 0-255; icmp-code (optional) ICMP packets can be filtered by packet code which is a number from 0-255; igmp-type (optional) ICMP packets can be filtered by IGMP packet name or packet type which is a number from 0-255; , name of time range Command Mode: Global mode Default Configuration: No access-list configured.
Commands for ACL 36.9 clear access-group statistic Command: clear access-group statistic [ethernet ] Functions: Empty packet statistics information of the specified interface. Parameters: : Interface name. Command Mode: Admin mode Default: None Examples: Empty packet statistics information of interface. Switch#clear access-group statistic 36.10 firewall Command: firewall {enable | disable} Functions: Enable or disable firewall.
Commands for ACL Usage Guide: When this command is issued for the first time, an empty access list will be created. Example: To create a extended IP access list name tcpFlow. Switch(config)#ip access-list extended tcpFlow 36.13 ip access standard Command: ip access standard no ip access standard Function: Create a named standard access list. The no prefix will remove the named standard access list including all the rules in the list. Parameters: is the name of the access list.
Commands for ACL from 2003:1:2:3::1/64 pass through the net, and deny all the other packet from the source address 2003:1:2::1/48 pass through. Switch (config)#ipv6 access-list 520 permit 2003:1:2:3::1/64 Switch (config)#ipv6 access-list 520 deny 2003:1:2:::1/48 36.
Commands for ACL Note: when a ACL has multiple rules, traffic-statistic can't configure. There are four kinds of packet head field based on concerned: MAC ACL, IP ACL, MAC-IP ACL and IPv6 ACL; to some extent, ACL filter behavior (permit, deny) has a conflict when a data packet matches multi types of four ACLs. The strict priorities are specified for each ACL based on outcome veracity. It can determine final behavior of packet filter through priority when the filter behavior has a conflict.
Commands for ACL Switch(Config-Mac-Ext-Nacl-mac_acl)# 36.20 mac-ip access extended Command: mac-ip-access-list extended no mac-ip-access-list extended Functions: Define a name-manner MAC-IP ACL or enter access-list configuration mode, “no mac-ip-access-list extended ” command deletes this ACL. Parameters: : name of access-list excluding blank or quotation mark, and it must start with letter, and the length cannot exceed 32 (remark: sensitivity on capital or small letter).
Commands for ACL range }] [precedence ] [tos ][time-range ] [no] {deny | permit} {eigrp | gre | igrp | ipinip | ip | ospf | } {{ } | any-source | {host-source }} {{ } | any-destination | {host-destination }} [precedence ] [tos ][time-range] Functions: Create a name extended IP access rule to match specific IP protocol or all IP protocol.
Commands for ACL is the reverse mask of source IP, the format is dotted decimal notation. Command Mode: Name standard IP access-list configuration mode Default: No access-list configured. Example: Permit packets with source address 10.1.1.0/24 to pass, and deny other packets with source address 10.1.1.0/16. Switch(config)# access-list ip standard ipFlow Switch(Config-Std-Nacl-ipFlow)# permit 10.1.1.0 0.0.0.255 Switch(Config-Std-Nacl-ipFlow)# deny 10.1.1.0 0.0.255.255 36.
Commands for ACL [vlanId [ ]] [ethertype [ ]] [no]{deny|permit} {any-source-mac|{host-source-mac }|{ }} {any-destination-mac|{host-destination-mac }|{ }} [untagged-eth2 [ethertype [protocol-mask]]] [no]{deny|permit}{any-source-mac|{host-source-mac }|{ }} {any-destination-mac|{host-destination-mac }|{ }} [untagged-802-3
Commands for ACL Command Mode: Name extended MAC access-list configuration mode Default configuration: No access-list configured. Example: The forward source MAC address is not permitted as 00-12-11-23-XX-XX of 802.3 data packet. Switch(config)# mac-access-list extended macExt Switch(Config-Mac-Ext-Nacl-macExt)#deny 00-12-11-23-00-00 00-00-00-00-ff-ff any-destination-mac untagged-802-3 Switch(Config-Mac-Ext-Nacl-macExt)#deny 00-12-11-23-00-00 00-00-00-00-ff-ff any tagged-802 36.
Commands for ACL [no]{deny|permit}{any-source-mac|{host-source-mac }|{ }}{any-destination-mac|{host-destination-mac }| { }}udp{{ }|any-source| {host-source }}[s-port{ | range }] {{ }|any-destination| {host-destination }} [d-port { | range }] [precedence ] [tos
Commands for ACL port; d-port(optional): means need to match TCP/UDP destination interface; port3(optional): value of TCP/UDP destination interface No., Interface No.
Commands for ACL access-list 100 deny tcp any any-destination access-list 1100(used 0 time(s)) access-list 1100 permit any-source-mac any-destination-mac tagged-eth2 14 2 0800 Displayed information Explanation access-list 10(used 1 time(s)) Number ACL10, 0 time to be used access-list 10 deny any-source Deny any IP packets to pass access-list 100(used 1 time(s)) Nnumber ACL100, 1 time to be used access-list 100 deny ip any-source Deny IP packet of any source IP address any-destination and destin
Commands for ACL 36.29 show firewall Command: show firewall Functions: Reveal configuration information of packet filtering functions. Parameters: None. Default: None. Command Mode: Admin and Configuration Mode. Examples: Switch#show firewall Firewall status: Enable. Firewall default rule: Permit Displayed information Explanation fire wall is enable Packet filtering function enabled the default action of firewall is permit Default packet filtering function is permit 36.
Commands for ACL ipv6 access-list 520(used 1 time(s)) ipv6 access-list 520 permit ip any-source any-destination 36.31 show time-range Command: show time-range Functions: Reveal configuration information of time range functions. Parameters: word assign name of time-range needed to be revealed. Default: None. Command Mode: Admin Mode Usage Guide: When not assigning time-range names, all time-range will be revealed.
Commands for Self-defined ACL Chapter 37 Commands for Self-defined ACL 37.
Commands for Self-defined ACL be modified if the standard self-defined ACL rule is configured with this window. But if the standard self-defined ACL rule is not configured, the window configuration can be modified with this command. The no command can delete one or more offset configuration of the window in the template or delete the whole template. The window in the template can be deleted successfully when it is not used by the self-defined ACL rule.
Commands for Self-defined ACL sOffset The configuration offset is from 0 to 31 (unit is 2Bytes) lOffset The configuration offset is from 0 to 15 (unit is 4Bytes) Command Mode: Global Mode Default: No Configuration Template Usage Guide: {l2start | l2endoftag | l3start | l4start} is used to configure the start offset position of a swindow, is used to configure the offset of a swindow, the range is <0-31>, unit is 2Bytes, namely, 0 means 0Bytes offset and 1 means 2Bytes offset.
Commands for Self-defined ACL standard self-defined ACL. Parameter: is the access-list No.
Commands for Self-defined ACL [swindow1 ] [swindow2 ] [lwindow1 < mask>] [lwindow2 < mask>] [lwindow3 < mask>] [lwindow4 < mask>] [lwindow5 < mask>] [lwindow6 < mask>] [lwindow7 < mask>] [lwindow8 < mask>] no userdefined-access-list Function: Create a numbered extended self-defined ACL. If the extended self-defined ACL exists, then a rule will be added to the ACL.
Commands for Self-defined ACL 37.5 userdefined access-group Command: userdefined access-group {in} [traffic-statistic] no userdefined access-group {in} Function: Apply userdefined-access-list to one direction of the port. Decide whether the statistical counter should be added to the ACL according to the options. The no command deletes the configuration bound to the port. Parameter: is the access-list name from 1200-1399 in decimal notation.
Commands for Self-defined ACL Default: userdefined-access-list is not bound to any VLAN Usage Guide: A self-defined access-list can be bound to the ingress of a VLAN and can be configured at the ingress of the same VLAN with other access-lists at the same time. The deny rule is precedent when different access-lists are matching, that means if there is a access-lists match the deny rule, the deny rule must be executed, the permit rule will be executed oppositely.
Commands for 802.1x Chapter 38 Commands for 802.1x 38.1 debug dot1x detail Command: debug dot1x detail {pkt-send | pkt-receive | internal | all | userbased} interface [ethernet] no debug dot1x detail { pkt-send | pkt-receive | internal | all | userbased} interface [ethernet] Function: Enable the debug information of dot1x details; the no operation of this command will disable that debug information.
Commands for 802.1x Example: Enable the debug information of dot1x about errors. Switch#debug dot1x error 38.3 debug dot1x fsm Command: debug dot1x fsm {all | aksm | asm | basm | ratsm} interface no debug dot1x fsm {all | aksm | asm | basm | ratsm} interface Function: Enable the debug information of dot1x state machine; the no operation of this command will disable that debug information. Command Mode: Admin Mode.
Commands for 802.1x receiving packets; : The name of the interface. Usage Guide: By enabling the debug information of dot1x about messages, users can check the negotiation process of dot1x protocol, which might help diagnose the cause of faults if there is any. Example: Enable the debug information of dot1x about messages. Switch#debug dot1x packet all interface ethernet1/1 38.
Commands for 802.1x Default: EAP relay authentication is used by default. Usage Guide: The switch and RADIUS may be connected via Ethernet or PPP. If an Ethernet connection exists between the switch and RADIUS server, the switch needs to authenticate the user by EAP relay (EAPoR authentication); if the switch connects to the RADIUS server by PPP, the switch will use EAP local end authentication (CHAP authentication).
Commands for 802.1x Usage Guide: The function can only be enabled when 802.1x function is enabled both globally and on the port, with userbased being the control access mode. After it is enabled, users can send IPv6 messages without authentication. Examples: Enable IPv6 passthrough function on port Ethernet1/12. Switch(config)#dot1x enable Switch(config)#interface ethernet 1/12 Switch(Config-If-Ethernet1/12)#dot1x enable Switch(Config-If-Ethernet1/12)#dot1x ipv6 passthrough 38.
Commands for 802.1x effect. If the access control mode of the port is macbased or userbased, the Guest VLAN can be successfully set without taking effect. Examples:Set Guest-VLAN of port Ethernet1/3 as VLAN 10. Switch(Config-If-Ethernet1/3)#dot1xguest-vlan 10 38.10 dot1x macfilter enable Command: dot1x macfilter enable no dot1x macfilter enable Function: Enables the dot1x address filter function in the switch; the "no dot1x macfilter enable" command disables the dot1x address filter function.
Commands for 802.1x 38.12 dot1x max-req Command: dot1x max-req no dot1x max-req Function: Sets the number of EAP request/MD5 frame to be sent before the switch re-initials authentication on no supplicant response; the “no dot1x max-req” command restores the default setting. Parameters: is the times to re-transfer EAP request/ MD5 frames, the valid range is 1 to 10. Command mode: Global Mode. Default: The default maximum for retransmission is 2.
Commands for 802.1x Parameter: is the segment for limited resource, in dotted decimal format; is the mask for limited resource, in dotted decimal format. Command Mode: Global Mode. Default: There is no free resource by default. Usage Guide: This command is available only if user based access control is applied. If user based access control has been applied, this command configures the limited resources which can be accessed by the un-authenticated users.
Commands for 802.1x when using user-based access control mode; the no command is used to reset the default value. Parameters: the maximum number of users allowed to access the network, ranging from 1 to 1~256. Command Mode: Port Mode. Default Settings: The maximum number of users allowed to access each port is 10 by default. User Guide: This command can only take effect when the port adopts user-based access control mode.
Commands for 802.1x 38.18 dot1x port-control Command: dot1x port-control {auto | force-authorized | force-unauthorized} no dot1x port-control Function: Sets the 802.1x authentication status; the “no dot1x port-control” command restores the default setting. Parameters: auto enable 802.
Commands for 802.1x access all the resources. When MAC based authentication is applied, multiple host which are connected to one port can access all the network resources after authentication. When either of the above two kinds of access control is applied, un-authenticated host cannot access any resources in the network. When user based access control is applied, un-authenticated users can only access limited resources of the network.
Commands for 802.1x disables the protect function. Parameter: None. Command mode: Global Mode Default: Disable the privateclient protect function. Usage Guide: Support the partial encryption of the privateclient protocol to advance the security of the privateclient. Example: Enable the privateclient protect function of the switch. Switch(config)#dot1x privateclient protect enable 38.22 dot1x re-authenticate Command: dot1x re-authenticate [interface ] Function: Enables real-time 802.
Commands for 802.1x 38.24 dot1x timeout quiet-period Command: dot1x timeout quiet-period no dot1x timeout quiet-period Function: Sets time to keep silent on supplicant authentication failure; the “no dot1x timeout quiet-period” command restores the default value. Parameters: is the silent time for the port in seconds, the valid range is 1 to 65535. Command mode: Global Mode. Default: The default value is 10 seconds. Usage Guide: Default value is recommended.
Commands for 802.1x seconds; the valid range is 1 to 65535. Command mode: Global Mode. Default: The default value is 30 seconds. Usage Guide: Default value is recommended. Example: Setting the EAP request frame re-transmission interval to 1200 seconds. Switch(config)#dot1x timeout tx-period 1200 38.27 dot1x unicast enable Command: dot1x unicast enable no dot1x unicast enable Function: Enable the 802.1x unicast passthrough function of switch; the no operation of this command will disable this function.
Commands for 802.1x 38.31 dot1x web redirect enable This command is not supported by switch. 38.32 show dot1x Command: show dot1x [interface ] Function: Displays dot1x parameter related information, if parameter information is added, corresponding dot1x status for corresponding port is displayed. Parameters: is the port list. If no parameter is specified, information for all ports is displayed. Command mode: Admin and Configuration Mode.
Commands for 802.1x Supplicant 00-03-0F-FE-2E-D3 Authenticator State Machine State Authenticated Backend State Machine State Idle Reauthentication State Machine State Stop Displayed information Explanation Global 802.1x Parameters Global 802.
Commands for 802.1x 38.34 user-control limit ipv6 This command is not supported by switch.
Commands for the Number Limitation Function of MAC in Port Chapter 39 Commands for the Number Limitation Function of MAC in Port 39.1 debug switchport mac count Command: debug switchport mac count no debug switchport mac count Function: When the number limitation function debug of MAC on the port, if the number of dynamic MAC and the number of MAC on the port is larger than the max number allowed, users will see debug information.
Commands for the Number Limitation Function of MAC in Port Parameters: display the specified VLAN ID. This option is not supported by switch. is the name of layer-2 port. Command Mode: Any mode Usage Guide: Use this command to display the number of dynamic MAC of corresponding port. Examples: Display the number of dynamic MAC of the port which are configured with number limitation function of MAC.
Commands for the Number Limitation Function of MAC in Port Disable the number limitation function of dynamic MAC address in port 1/2 mode Switch(Config-If-Ethernet1/2)#no switchport mac-address dynamic maximum 39.6 switchport mac-address violation Command: switchport mac-address violation {protect | shutdown} [recovery <5-3600>] no switchport mac-address violation Function: Set the violation mode of the port, the no command restores the violation mode to protect.
Commands for AM Configuration Chapter 40 Commands for AM Configuration 40.1 am enable Command: am enable no am enable Function: Globally enable/disable AM function. Parameters: None. Default: AM function is disabled by default. Command Mode: Global Mode. Usage Guide: None. Example: Enable AM function on the switch. Switch(config)#am enable Disable AM function on the switch. Switch(config)#no am enable 40.2 am port Command: am iport no am port Function: Enable/disable AM function on port. Parameters: None.
Commands for AM Configuration no am ip-pool Function: Set the AM IP segment of the interface, allow/deny the IP messages or APR messages from a source IP within that segment to be forwarded via the interface. Parameters: the starting address of an address segment in the IP address pool; is the number of consecutive addresses following ip-address, less than or equal with 32. Default: IP address pool is empty. Command Mode: Port Mode. Usage Guide: None.
Commands for AM Configuration no parameter means both address pools. Default: Both address pools are empty at the beginning. Command Mode: Global Mode Usage Guide: None. Example: Delete all configured IP address pools. Switch(config)#no am all ip-pool 40.6 show am Command: show am [interface ] Function: Display the configured AM entries. Parameters: is the name of the interface of which the configuration information will be displayed.
Commands for AM Configuration Interface Etherne1/5 am interface am ip-pool 50.10.10.1 30 am mac-ip-pool 00-02-04-06-08-09 20.10.10.5 am ip-pool 50.20.10.
Commands for Security Feature Chapter 41 Commands for Security Feature 41.1 dosattack-check srcip-equal-dstip enable Command: [no] dosattack-check srcip-equal-dstip enable Function: Enable the function by which the switch checks if the source IP address is equal to the destination IP address; the “no” form of this command disables this function. Parameter: None Default: Disable the function by which the switch checks if the source IP address is equal to the destination IP address.
Commands for Security Feature Example: Drop one or more types of above four packet types. Switch(config)#dosattack-check tcp-flags enable 41.4 dosattack-check srcport-equal-dstport enable Command: dosattack-check srcport-equal-dstport enable no dosattack-check srcport-equal-dstport enable Function: Enable the function by which the switch will check if the source port is equal to the destination port; the no command disables this function.
Commands for Security Feature Usage Guide: With this function enabled the switch will be protected from the ICMP fragment attacks, dropping the fragment ICMPv4/v6 data packets whose net length is smaller than the specified value. Example: Enable the ICMP fragment attack checking function. Switch(config)#dosattack-check icmp-attacking enable 41.
Commands for TACACS+ Chapter 42 Commands for TACACS+ 42.1 tacacs-server authentication host Command: tacacs-server authentication host [port ] [timeout ] [key {0 | 7} ] [primary] no tacacs-server authentication host Function: Configure the IP address, listening port number, the value of timeout timer and the key string of the TACACS+ server; the no form of this command deletes TACACS+ authentication server.
Commands for TACACS+ 42.2 tacacs-server key Command: tacacs-server key {0 | 7} no tacacs-server key Function: Configure the key of TACACS+ authentication server; the “no tacacs-server key” command deletes the TACACS+ server key. Parameter: is the key string of the TACACS+ server. If key option is set as 0, the key is not encrypted and its range should not exceed 64 characters, if key option is set as 7, the key is encrypted and its range should not exceed 64 characters.
Commands for TACACS+ 42.4 tacacs-server timeout Command: tacacs-server timeout no tacacs-server timeout Function: Configure a TACACS+ server authentication timeout timer; the “no tacacs-server timeout” command restores the default configuration. Parameter: is the value of TACACS+ authentication timeout timer, shown in seconds and the valid range is 1~60. Command Mode: Global Mode Default: 3 seconds by default.
Commands for RADIUS Chapter 43 Commands for RADIUS 43.1 aaa enable Command: aaa enable no aaa enable Function: Enables the AAA authentication function in the switch; the "no AAA enable" command disables the AAA authentication function. Command mode: Global Mode. Parameters: No. Default: AAA authentication is not enabled by default. Usage Guide: The AAA authentication for the switch must be enabled first to enable IEEE 802.1x authentication for the switch. Example: Enabling AAA function for the switch.
Commands for RADIUS 43.3 aaa-accounting update Command: aaa-accounting update {enable | disable} Function: Enable or disable the AAA update accounting function. Command Mode: Global Mode. Default: Enable the AAA update accounting function. Usage Guide: After the update accounting function is enabled, the switch will sending accounting message to each online user on time. Example: Disable the AAA update accounting function for switch. Switch(config)#aaa-accounting update disable 43.
Commands for RADIUS 43.5 debug aaa detail attribute Command: debug aaa detail attribute interface {ethernet | } no debug aaa detail attribute interface {ethernet | } Function: Enable the debug information of AAA about Radius attribute details; the no operation of this command will disable that debug information. Parameters: : the number of the interface. : the name of the interface.
Commands for RADIUS command will disable that debug information. Parameters: None. Command Mode: Admin Mode. Usage Guide: By enabling the debug information of aaa about events, users can check the information of all kinds of event generated in the operation process of Radius protocol, which might help diagnose the cause of faults if there is any. Example: Enable the debug information of aaa about events. Switch#debug aaa detail event 43.
Commands for RADIUS switch send RADIUS packet. We suggest using the IP address of loopback interface as source IP address, it avoids that the packets from RADIUS server are dropped when the interface link-down. Example: Configure the source ip address of RADIUS packet as 192.168.2.254. Switch#radius nas-ipv4 192.168.2.254 43.10 radius nas-ipv6 Command: radius nas-ipv6 no radius nas-ipv6 Function: Configure the source IPv6 address for RADIUS packet sent by the switch.
Commands for RADIUS is the key string. If key option is set as 0, the key is not encrypted and its range should not exceed 64 characters, if key option is set as 7, the key is encrypted and its range should not exceed 64 characters; primary for primary server. Multiple RADIUS sever can be configured and would be available. RADIUS server will be searched by the configured order if primary is not configured, otherwise, the specified RADIUS server will be used first.
Commands for RADIUS encrypted and its range should not exceed 64 characters; primary for primary server. Multiple RADIUS Sever can be configured and would be available. RADIUS Server will be searched by the configured order if primary is not configured, otherwise, the specified RADIUS server will be used last. [access-mode {dot1x|telnet}] designates the current RADIUS server only use 802.1x authentication or telnet authentication, all services can use current RADIUS server by default.
Commands for RADIUS Usage Guide: This command specifies the time to wait for the RADIUS server to recover from inaccessible to accessible. When the switch acknowledges a server to be inaccessible, it marks that server as having invalid status, after the interval specified by this command; the system resets the status for that server to valid. Example: Setting the down-restore time for RADIUS server to 3 minutes. Switch(config)#radius-server dead-time 3 43.
Commands for RADIUS retransmission count reaches the retransmission time threshold without the server responding, the server will be considered to as not work, the switch sets the server as invalid. Example: Setting the RADIUS authentication packet retransmission time to five times. Switch(config)#radius-server retransmit 5 43.
Commands for RADIUS RADIUS server at the configured interval. The interval of sending fee-counting update messages is relative to the maximum number of users supported by NAS. The smaller the interval, the less the maximum number of the users supported by NAS; the bigger the interval, the more the maximum number of the users supported by NAS.
Commands for RADIUS 43.19 show aaa authenticating-user Command: show aaa authenticating-user Function: Display the authenticating users. Command mode: Admin and Configuration Mode. Usage Guide: Usually the administrator concerns only information about the authenticating user, the other information displays is used for troubleshooting by the technical support.
Commands for RADIUS .Is Server Dead = 0 :The server whether dead .Socket No = 0 :The local socket number lead to this server authentication server[1].sock_addr = 10:2004:1:2::2.1812 .Is Primary = 0 .Is Server Dead = 0 .Socket No = 0 accounting server sum = 2 :Configure the number of the accounting server accounting server[0].sock_addr = 2:100.100.100.65.1813 :The address protocol group, IP and interface number of the accounting server .Is Primary = 1 :Is primary server .
Commands for RADIUS 43.22 show radius authenticating-user count Command: show radius authenticating-user count Function: Show the number of the authenticating-user. Parameter: None. Command mode: Admin and configuration mode. Default: None. Usage Guide: None. Example: Switch#show radius authenticating-user count The authenticating user num is: 10 43.
Commands for SSL Configuration Chapter 44 Commands for SSL Configuration 44.1 ip http secure-server Command: ip http secure-server no ip http secure-server Function: Enable/disable SSL function. Parameter: None. Command Mode: Global Mode. Default: Disabled. Usage Guide: This command is used for enable and disable SSL function. After enable SSL function, the users visit the switch through https client, switch and client use SSL connect, can form safety SSL connect channel.
Commands for SSL Configuration 44.3 ip http secure- ciphersuite Command: ip http secure-ciphersuite {des-cbc3-sha|rc4-128-sha| des-cbc-sha} no ip http secure-ciphersuite Function: Configure/delete secure cipher suite by SSL used. Parameter: des-cbc3-sha encrypted algorithm DES_CBC3, summary algorithm SHA. rc4-128-sha encrypted algorithm RC4_128, summary algorithm SHA. des-cbc-sha encrypted algorithm DES_CBC, summary algorithm SHA. default use is rc4-md5. Command Mode: Global Mode. Default: Not configure.
Commands for SSL Configuration Switch# debug ssl %Jan 01 01:02:05 2006 ssl will to connect to web server 127.0.0.
Commands for IPv6 Security RA Chapter 45 Commands for IPv6 Security RA 45.1 ipv6 security-ra enable Command: ipv6 security-ra enable no ipv6 security-ra enable Function: Globally enable IPv6 security RA function, all the RA advertisement messages will not be forwarded through hardware, but only sent to CPU to handle. The no operation of this command will globally disable IPv6 security RA function. Parameters: None. Command Mode: Global Configuration Mode.
Commands for IPv6 Security RA 45.3 show ipv6 security-ra Command: show ipv6 security-ra [interface ] Function: Display all the interfaces with IPv6 RA function enabled. Parameters: No parameter will display all distrust ports, entering a parameter will display the corresponding distrust port. Command Mode: Admin and Configuration Mode.
Commands for MAB Chapter 46 Commands for MAB 46.1 authentication mab Command: authentication mab {radius | none} no authentication mab Function: Configure the authentication mode and priority of MAC address authentication, the no command restores the default authentication mode. Parameters: radius means RADIUS authentication mode, none means the authentication is needless. Default: Using RADIUS authentication mode.
Commands for MAB Function: Enable the debugging of the packet information, event information or binding information for MAB authentication. Parameters: packet: Enable the debugging of the packet information for MAB authentication. event: Enable the debugging of the event information for MAB authentication. binding: Enable the debugging of the binding information for MAB authentication. Command Mode: Admin Mode Default: None. Usage Guide: None.
Commands for MAB Command Mode: Global Mode and Port Mode Default: Disable the global and port MAB function. Usage Guide: To process MAB authentication of a port, enable the global MAB function first, and then, enable the MAB function of the corresponding port. Example: Enable the global and port Eth1/1 MAB function. Switch(Config)#mac-authentication-bypass enable Switch(Config)#interface ethernet 1/1 Switch(Config-If-Ethernet1/1)#mac-authentication-bypass enable 46.
Commands for MAB 46.9 mac-authentication-bypass timeout offline-detect Command: mac-authentication-bypass timeout offline-detect (0 | <60-7200>) no mac-authentication-bypass timeout offline-detect Function: Configure offline-detect time. The no command restores the default value. Parameters: (0 | <60-7200>): offline-detect time, the range is 0 or 60 to 7200s. Command Mode: Global Mode Default: offline-detect time is 180s.
Commands for MAB 46.12 mac-authentication-bypass timeout stale-period Command: mac-authentication-bypass timeout stale-period <0-60> no mac-authentication-bypass timeout stale-period Function: Set the time that delete the binding user after MAB port is down. The no command restores the default value. Parameters: <1-60>: The time that delete the binding, ranging from 0 to 60s. Command Mode: Global Mode Default: 30s.
Commands for MAB 46.14 show mac-authentication-bypass Command: show mac-authentication-bypass {interface {ethernet IFNAME | IFNAME) |} Function: Show the binding information of MAB authentication. Parameters: interface {ethernet IFNAME|IFNAME}: The port name. Command Mode: Admin Mode Default: None. Usage Guide: None. Example: Show the binding information of all MAB users.
Commands for MAB Binding info: 1 -------------------------------------------------------MAB Binding built at SUN JAN 01 01:14:48 2006 VID 1, Port: Ethernet1/1 Client MAC: 00-0a-eb-6a-7f-8e Binding State: MAB_AUTHENTICATED Binding State Lease: 164 seconds left Displayed information Explanation MAB enable MAB function enabled or not Binding info The MAB binding number of the specified port MAB Binding built at The time when the user binding was created VID The VLAN that MAB user belongs Port The
Commands for PPPoE Intermediate Agent Chapter 47 Commands for PPPoE Intermediate Agent 47.1 debug pppoe intermediate agent packet {receive | send} interface ethernet Command: debug pppoe intermediate agent packet (receive | send|) interface ethernet no debug pppoe intermediate agent packet (receive | send|) interface ethernet Function: Enable PPPoE packet debug for the specified port, the no command disables it.
Commands for PPPoE Intermediate Agent Example: Enable global PPPoE intermediate agent function. Switch(config)#pppoe intermediate agent 47.3 pppoe intermediate-agent (Port) Command: pppoe intermediate-agent no pppoe intermediate-agent Function: Enable PPPoE intermediate agent function of the port. The no command disables PPPoE intermediate agent function of the port. Parameter: None. Command Mode: Port mode Default: Disable PPPoE intermediate agent function of the port.
Commands for PPPoE Intermediate Agent 47.5 pppoe intermediate-agent delimiter Command: pppoe intermediate-agent delimiter no pppoe intermediate-agent delimiter Function: Configure the delimiter among the fields in circuit-id and remote-id, the no command cancels the configuration. Parameter: : the delimiter, its range is (#|.|,|;|:|/|space). Command Mode: Global mode Default: The fields is comparted with ’\0’.
Commands for PPPoE Intermediate Agent Default: This configuration is null. Usage Guide: Configure remote-id for each port, if there is no configuration, use switch’s MAC as remote-id value. Example: Configure remote-id as abcd on port ethernet1/2. Switch(config-if-ethernet1/2)# pppoe intermediate-agent remote-id abcd 47.
Commands for PPPoE Intermediate Agent clear the corresponding configuration of type tr-101 circuit-id. Example: Configure the self-defined circuit-id as vlan port id switch-id hostname. Switch(config)#pppoe intermediate-agent type self-defined circuit-id vlan port id switch-id hostname 47.
Commands for PPPoE Intermediate Agent circuit-id value is access-node-id +” eth “+ Slot ID + delimiter + Port Index + delimiter + Vlan ID, access-node-id occupies n bytes (n<48), “ eth “ is space + e + t + h + space, it occupies 5 bytes, Slot ID occupies 2 bytes, Port Index occupies 3 bytes, Vlan ID occupies 4 bytes, delimiter occupies 1 byte. In default state, access-node-id value of circuit-id is switch’s MAC, it occupies 6 bytes.
Commands for PPPoE Intermediate Agent “#”between Slot ID and Port ID, delimiter with “/”between Port ID and Vlan ID.
Commands for PPPoE Intermediate Agent Switch#pppoe intermediate-agent access-node-id abcd Switch#show pppoe intermediate-agent access-node-id pppoe intermediate-agent access-node-id is : abcd 47.15 show pppoe intermediate-agent identifier-string option delimiter Command: show pppoe intermediate-agent identifier-string option delimiter Function: Show the configured identifier-string, the combination format and delimiter of slot, port and vlan. Parameter: None.
Commands for PPPoE Intermediate Agent Example: Show pppoe intermediate-agent configuration information of port ethernet1/2.
Commands for Web Portal Configuration Chapter 48 Commands for Web Portal Configuration 48.1 clear webportal binding Command: clear webportal binding {mac WORD | interface |} Function: Clear the binding information of web portal authentication. Parameter: mac: Clear the binding of the specific MAC address. IFNAME: Port ID list, divide the ports with “;”. If the parameter is null, delete all web portal binding. Command Mode: Admin Mode. Default: None.
Commands for Web Portal Configuration 0 packet binding debug is on 48.3 debug webportal error Command: debug webportal error no debug webportal error Function: Enable/ disable the error debugging of web portal authentication. Parameter: None. Command Mode: Admin Mode. Default: There is no limitation. Usage Guide: Enable the error debugging of web portal authentication, the no command disables the error debugging. Example: Enable the error debugging of web portal authentication.
Commands for Web Portal Configuration the local clock. Parameter: send: Enable the debugging that web portal sends the packet. receive: Enable the debugging that web portal receives the packet. all: Enable the debugging that web portal receives and sends the packet. : The port name. The port name is null that means to enable all ports. Command Mode: Admin Mode. Default: There is no limitation.
Commands for Web Portal Configuration Function: Show the parameter and enable information of web portal authentication. Parameter: : The port name, if the port name is null, show all port information. Command Mode: Admin Mode. Default: There is no limitation. Usage Guide: Show the parameter and enable information of web portal authentication according to the condition. Example: Show the parameter and enable information of web portal authentication.
Commands for Web Portal Configuration 48.9 webportal binding-limit Command: webportal binding-limit <1-256> no webportal binding-limit Function: Configure the max webportal binding number allowed by the port. Parameter: <1-256>: the max binding number allowed by the port, the max webportal binding number is 24 by default, ranging from 1 to 256. Command Mode: Port Mode. Default: 24. Usage Guide: Limit the max webportal binding number of the port.
Commands for Web Portal Configuration 48.11 webportal enable (Port) Command: webportal enable no webportal enable Function: Enable/disable web portal authentication of the port. Parameter: None. Command Mode: Port Mode. Default: Do not enable web portal authentication of the port. Usage Guide: Enable web portal authentication of the port. The no command disables web portal authentication of the port, it is mutually exclusive with 802.1x on port. Example: Enable/disable web portal authentication on port.
Commands for Web Portal Configuration 48.13 webportal redirect Command: webportal redirect no webportal redirect Function: Configure HTTP redirection address of web portal authentication. Parameter: is IP address of portal server. Command Mode: Global Mode. Default: There is no redirection address. Usage Guide: Enable web portal authentication globally before configuring its HTTP redirection address. The no command cancels the configured redirection address.
Commands for VLAN-ACL Chapter 49 Commands for VLAN-ACL 49.1 clear vacl statistic vlan Command: clear vacl [in | out] statistic vlan [<1-4094>] Function: This command can clear the statistic information of VACL. Parameter: in | out: Clear the traffic statistic of the ingress/egress. vlan <1-4094>: The VLAN which needs to clear the VACL statistic information. If do not input VLAN ID, then clear all VLAN statistic information. Command mode: Admin Mode. Default: None.
Commands for VLAN-ACL \w match the letter, the number or the underline \b match the beginning or the end of the words \W match any characters which are not alphabet letter, number and underline \B match the locations which are not the begin or end of the word [^x] match any characters except x [^aeiou] match any characters except including aeiou letters * repeat zero time or many times + repeat one time or many times (n) repeat n times (n,) repeat n or more times (n, m) repeat n to m times At present, the
Commands for VLAN-ACL 49.3 vacl ip access-group Command: vacl ip access-group {<1-299> | WORD} {in | out} [traffic-statistic] vlan WORD no vacl ip access-group {<1-299> | WORD} {in | out} vlan WORD Function: This command configure VACL of IP type on the specific VLAN. Parameter: <1-299> | WORD: Configure the numeric IP ACL (include: standard ACL rule <1-99>, extended ACL rule <100-299>) or the named ACL. in | out: Filter the ingress/egress traffic.
Commands for VLAN-ACL Switch(config)#vacl ipv6 access-group 600 in traffic-statistic vlan 5 49.5 vacl mac access-group Command: vacl mac access-group {<700-1199> | WORD} {in | out} [traffic-statistic] vlan WORD no vacl mac access-group {<700-1199> | WORD} {in | out} vlan WORD Function: This command configure VACL of MAC type on the specific VLAN. Parameter: <700-1199> | WORD: Configure the numeric IP ACL (include: <700-799> MAC standard access list, <1100-1199> MAC extended access list) or the named ACL.
Commands for VLAN-ACL Example: Configure the numeric MAC-IP ACL for Vlan 1, 2, 5.
Commands for SAVI Chapter 50 Commands for SAVI 50.1 Commands for SAVI 50.1.1 ipv6 cps prefix Command: ipv6 cps prefix vlan no ipv6 cps prefix Function: Configure IPv6 address prefix of the link manually, no command deletes IPv6 address prefix. Parameter: ipv6-address: the address prefix of link, like 2001::/64; vid: vlan ID of the current link. Command Mode: Global Mode. Default: None.
Commands for SAVI 50.1.3 ipv6 dhcp snooping trust Command: ipv6 dhcp snooping trust no ipv6 dhcp snooping trust Function: Configure the port as dhcpv6 trust port, it does not establish dynamic DHCPv6 binding again and allows all DHCPv6 protocol packets to pass; no command deletes the port trust function. Parameter: None. Command Mode: Port Mode. Default: Disable.
Commands for SAVI 50.1.5 savi check binding Command: savi check binding mode no savi check binding mode Function: Configure the check mode for conflict binding; the no command deletes the check mode. Parameter: simple mode: only check the port state for conflict binding, if the state is up, keep the conflict binding and do not set new binding.
Commands for SAVI 50.1.7 savi ipv6 binding num Command: savi ipv6 binding num no savi ipv6 binding num Function: Configure the number of the corresponding binding with the port, no command restores the default value. Parameter: limit-num: set the range from 0 to 65535, the default value of the port binding number is 65535. Command Mode: Port Mode. Default: 65535. Usage Guide: The configured binding number only include the dynamic binding type of slaac, dhcp.
Commands for SAVI still be shown. If the binding needs to take effect again, it should delete it first and configure a new binding again. When the binding type is static type, do not configure lifetime period, the lifetime period is infinite. Example: Configure the dynamic binding of slaac type for SAVI manually. Switch(config)#savi ipv6 check source binding ip 2001::10 mac 00-25-64-BB-8F-04 Interface ethernet1/1 type slaac lifetime 2010 Configure the static binding for SAVI manually.
Commands for SAVI Default: Disable SAVI application scene. Usage Guide: dhcp-only application scene only detects DHCPv6 packets and DAD NS packets of link-local ipv6 address to be IPv6 address with target field, it does not detect DAD NS packets of non-link-local address. slaac-only application scene detects DAD NS packets of all types. dhcp-slaac combination application scene detects all DHCPv6 and DAD NS packets. Disable all kinds of application scene detection function for SAVI by default.
Commands for SAVI 50.1.13 savi max-dad-prepare-delay Command: savi max-dad-prepare-delay no savi max-dad-prepare-delay Function: Configure lifetime period of redetection for the dynamic binding, no command restores the default value. Parameter: max-dad-prepare-delay: set the ranging between 1 and 65535 seconds, its default value is 1 second. Command Mode: Global Mode. Default: 1 second. Usage Guide: It is recommended to user the default value.
Commands for SAVI Usage Guide: After the configured lifetime period is overtime, the port is still at down state, the binding of this port will be deleted. If the port state is changed from down to up state during the configured lifetime period, the binding of the port will reset it as lifetime period of BOUND state. If the configured parameter is 0 second, all binding of the port will be deleted immediately. Example: Set bind-protect lifetime period to be 20 seconds.
Commands for SAVI 50.2.1.3 debug ipv6 dhcp snooping packet Command: debug ipv6 dhcp snooping packet no debug ipv6 dhcp snooping packet Function: Enable the debug of DHCPv6 packets, no command disables the debug. Parameter: None. Command Mode: Admin Mode. Default: None. Usage Guide: After enable packets debug, the relative DHCPv6 packtets will be print for misarranging. The no command disables this function. Example: Enable the debug of DHCPv6 packets. Switch#debug ipv6 dhcp snooping packet 50.2.1.
Commands for SAVI Switch#debug ipv6 nd snooping event 50.2.1.6 debug ipv6 nd snooping packet Command: debug ipv6 nd snooping packet no debug ipv6 nd snooping packet Function: Enable ND packets debug, no command disables ND packets debug. Parameter: None. Command Mode: Admin Mode. Default: None. Usage Guide: After enable packets debug, the relative ND packets will be print for misarranging. The no command disables this function. Example: Enable ND packets debug. Switch#debug ipv6 nd snooping packet 50.2.
Commands for SAVI MAC IP VLAN Port Type State Expires -------------------------------------------------------------------------------------------------------------00-25-64-bb-8f-04 fe80::225:64ff:febb:8f04 1 Ethernet1/5 slaac BOUND 14370 00-25-64-bb-8f-04 2001::13 1 Ethernet1/5 slaac BOUND 14370 00-25-64-bb-8f-04 2001::10 1 Ethernet1/5 slaac BOUND 14370 -------------------------------------------------------------------------------------------------------------- 524
Commands for MRPP Chapter 51 Commands for MRPP 51.1 control-vlan Command: control-vlan no control-vlan Function: Configure control VLAN ID of MRPP ring; the “no control-vlan” command deletes control VLAN ID. Parameter: expresses control VLAN ID, the valid range is from 1 to 4094. Command Mode: MRPP ring mode Default: None Usage Guide: The command specifies Virtual VLAN ID of MRPP ring, currently it can be any value in 1-4094.
Commands for MRPP 51.3 debug mrpp Command: debug mrpp no debug mrpp Function: Open MRPP debug information; “no description” command disables MRPP debug information. Command Mode: Admin Mode Parameter: None. Usage Guide: Enable MRPP debug information, and check message process of MRPP protocol and receive data packet process, it is helpful to monitor debug. Example: Enable debug information of MRPP protocol. Switch#debug mrpp 51.
Commands for MRPP Switch(config-If-Ethernet1/3)#mrpp ring 4000 secondary-port 51.5 errp domain Command: errp domain no errp domain Function: Create ERRP domain, the no command deletes the configured ERRP domain. Parameter: domain ID of ERRP, the range between 1 and 15. Command Mode: Global mode Usage Guide: If domain ID of ERRP needs to be configured, the compatible mode of ERRP should be enabled firstly.
Commands for MRPP 51.7 hello-timer Command: hello-timer no hello-timer Function: Configure timer interval of Hello packet from primary node of MRPP ring, the “no hello-timer” command restores timer interval of default. Parameter: valid range is from 1 to 100s. Command Mode: MRPP ring mode Default: Default configuration timer interval is 1s.
Commands for MRPP 51.9 mrpp enable Command: mrpp enable no mrpp enable Function: Enable MRPP protocol module, the “no mrpp enable” command disables MRPP protocol. Parameter: None. Command Mode: Global Mode. Default: The system doesn’t enable MRPP protocol module. Usage Guide: If it needs to configure MRPP ring, it enables MRPP protocol. Executing “no mrpp enable” command, it ensures to disable the switch enabled MRPP ring. Example: Globally enable MRPP. Switch(config)#mrpp enable 51.
Commands for MRPP 51.11 mrpp poll-time Command: mrpp poll-time <20-2000> Function: Configure the query interval of MRPP. Command mode: Global mode. Usage Guide: Configure the query time to adjust the query interval of MRPP, the default interval is 100ms. Example: Set the query time as 200ms. Switch(Config)# mrpp poll-time 200 51.
Commands for MRPP The mrpp enable command must be enabled before the control-vlan command be used. If primary port, secondary port, node-mode and enable commands all be configured after control-vlan, then the mrpp-ring function is enabled. Example: Configure the primary of MRPP ring 4000 to Ethernet 1/1. Switch(Config)#interface ethernet 1/1 Switch(config-If-Ethernet1/1)#mrpp ring 4000 primary-port 51.
Commands for MRPP 51.16 show mrpp Command: show mrpp [] Function: Display MRPP ring configuration. Parameter: is MRPP ring ID, the valid range is from 1 to 4096, if not specified ID, it display all of MRPP ring configuration. Command Mode: Admin and Configuration Mode. Default: None Usage Guide: None Example: Display configuration of MRPP ring 4000 of switch Switch# show mrpp 4000 51.
Commands for ULPP Chapter 52 Commands for ULPP 52.1 clear ulpp flush counter interface Command: clear ulpp flush counter interface Function: Clear the statistic information of the flush packets. Parameter: is the name of the port. Default: None. Command mode: Admin mode. Usage Guide: None. Example: Clear the statistic information of the flush packets for the port1/1. Switch#clear ulpp flush counter interface e1/1 ULPP flush counter has been reset. 52.
Commands for ULPP 52.3 debug ulpp error Command: debug ulpp error no debug ulpp error Function: Show the error information of ULPP. The no operation disables showing the error information of ULPP. Parameter: None. Default: Do not display. Command mode: Admin mode. Usage Guide: None. Example: Show the error information of ULPP. Switch# debug ulpp error Unrecognized Flush packet received. 52.4 debug ulpp event Command: debug ulpp event no debug ulpp event Function: Show the event information of ULPP.
Commands for ULPP Default: Do not display. Command mode: Admin mode. Usage Guide: None. Example: Show the contents of the receiving flush packets for the port1/1. Switch# debug ulpp flush content interface e1/1 Flush packet content: Destination MAC: 01-03-0f-cc-cc-cc Source MAC: 00-a0-cc-d7-5c-ea Type: 8100 Vlan ID: 1 Length: 518 Control Type: 2 Control Vlan: 10 MAC number:0 Vlan Bitmap: 52.
Commands for ULPP Parameter: is the name of ULPP group, the max number of the characters is 128. Default: Do not configure ULPP name by default. Command mode: ULPP group configuration mode. Usage Guide: None. Example: Configure the description of ULPP group as switch. Switch(config)# ulpp group 20 Switch(ulpp-group-20)# description switch 52.8 flush disable arp Command: flush disable arp Function: Disable sending the flush packets of deleting ARP. Parameter: None.
Commands for ULPP 52.10 flush enable arp Command: flush enable arp Function: Enable sending the flush packets of deleting ARP. Parameter: None. Default: By default, enable sending the flush packets of deleting ARP. Command mode: ULPP group configuration mode. Usage Guide: If enable this function, when the link is switched, it will actively send the flush packets to notify the upstream device, so as to delete the list entries of ARP. Example: Enable sending the flush packets of deleting ARP.
Commands for ULPP Usage Guide: The preemption delay is the delay time before the master port is preempted as the forwarding state, for avoiding the link oscillation in a short time. After the preemption mode is enabled, the preemption delay takes effect. Example: Configure the preemption delay as 50s for ULPP group. Switch(config)# ulpp group 20 Switch(ulpp-group-20)# preemption delay 50 52.
Commands for ULPP VLANs are not protected, the different ULPP groups can’t quote the same instance. Example: Configure the protective VLAN quoted from instance 1 for ULPP group. Switch(config)# ulpp group 20 Switch(ulpp-group-20)# protect vlan-reference-instance 1 52.15 show ulpp flush counter interface Command: show ulpp flush counter interface {ethernet | } Function: Show the statistic information of the flush packets. Parameter: is the name of the ports. Default: None.
Commands for ULPP 52.17 show ulpp group Command: show ulpp group [group-id] Function: Show the configuration information of the ULPP groups which have been configured. Parameter: [group-id]: Show the information of the specific ULPP group. Default: By default, show the information of all ULPP groups which have been configured. Command mode: Admin mode.
Commands for ULPP correspond the existent VLAN, after it is configured, this VLAN can’t be deleted. Example: Configure the receiving control VLAN as 10. Switch(config)# interface ethernet 1/1 Switch(config-If-Ethernet1/1)# ulpp control vlan 10 52.19 ulpp flush disable arp Command: ulpp flush disable arp Function: Disable receiving the flush packets of deleting ARP. Parameter: None. Default: By default, disable receiving the flush packets of deleting ARP. Command mode: Port mode.
Commands for ULPP Command mode: Port mode. Usage Guide: Enable this function to receive the flush packets which delete ARP. Example: Enable receiving of the flush packets of deleting ARP. Switch(config)# interface ethernet 1/1 Switch(config-If-Ethernet1/1)# ulpp flush enable arp 52.22 ulpp flush enable mac Command: ulpp flush enable mac Function: Enable receiving the flush packets of updating MAC address. Parameter: None. Default: By default, disable receiving the flush packets of updating MAC address.
Commands for ULPP master port. Parameter: is the ID of ULPP group, range from 1 to 48. Default: There is no master port configured by default. Command mode: Port mode. Usage Guide: There is no sequence requirement for the master and slave port configuration in a group, but the protective VLANs must be configured before the member ports. Each group has only one master port, if the master port exists, then the configuration fail. Example: Configure the master port of ULPP group.
Commands for ULSM Chapter 53 Commands for ULSM 53.1 debug ulsm event Command: debug ulsm event no debug ulsm event Function: Show the event information of ULSM. The no operation disables showing ULSM events. Parameter: None. Default: None. Command mode: Admin Mode. Usage Guide: None. Example: Show the event information of ULSM. Switch# debug ulsm event Downlink synchoronized with ULSM group, change state to Down. 53.
Commands for ULSM 53.3 ulsm group Command: ulsm group no ulsm group Function: Create a ULSM group. The no command deletes the ULSM group. Parameter: is the ID of ULSM group, range from 1 to 32. Default: There is no ULSM group configured by default. Command mode: Global Mode. Usage Guide: None. Example: Create ULSM group 10. Switch(config)# ulsm group 10 53.
Commands for Mirroring Configuration Chapter 54 Commands for Mirroring Configuration 54.1 monitor session source interface Command: monitor session source {interface | cpu} {rx| tx| both} no monitor session source {interface | cpu} Function: Specify the source interface for the mirror. The no form command will disable this configuration. Parameters: is the session number for the mirror. Currently only 1 is supported.
Commands for Mirroring Configuration access-list Function: Specify the access control for the source of the mirror. The no form command will disable this configuration. Parameters: is the session number for the mirror. Currently only 1 is supported. is the list of source interfaces of the mirror which can be separated by '-' and ';'. is the number of the access list. rx means to filter the datagram received by the interface.
Commands for Mirroring Configuration destination of the interface is re-configured. Example: Configure interface 1/7 as the destination of the mirror. Switch(config)#monitor session 1 destination interface ethernet 1/7 54.4 show monitor Command: show monitor Function: To display information about the source and destination ports of all the mirror sessions. Command Mode: Admin Mode Usage Guide: This command is used to display the source and destination ports for the configured mirror sessions.
Commands for sFlow Chapter 55 Commands for sFlow 55.1 sflow agent-address Command: sflow agent-address no sflow agent-address Function: Configure the sFlow sample proxy address. The “no” form of this command deletes the proxy address. Parameter: is the sample proxy IP address which is shown in dotted decimal notation. Command Mode: Global Mode. Default: None default value.
Commands for sFlow command deletes the statistic sampling interval value. Parameter: is the value of the interval with a valid range of 20~120 and shown in second. Command Mode: Port Mode Default: No default value Usage Guide: If no statistic sampling interval is configured, there will not be any statistic sampling on the interface. Example: Set the statistic sampling interval on the interface e1/1 to 20 seconds. Switch(Config-If-Ethernet1/1)#sflow counter-interval 20 55.
Commands for sFlow Usage Guide: If the analyzer address is configured at Port Mode, this IP address and port configured at Port Mode will be applied when sending the sample packet. Or else the address and port configured at global mode will be applied. The analyzer address should be configured to let the sFlow sample proxy work properly. Example: Configure the analyzer address and port at global mode. switch (config)#sflow destination 192.168.1.200 1025 55.
Commands for sFlow 55.8 sflow rate Command: sflow rate { input | output } no sflow rate [input | output] Function: Configure the sample rate of the sFlow hardware sampling. The “no” form of this command deletes the sampling rate value. Parameter: is the rate of ingress group sampling, the valid range is 1000~16383500. is the rate of egress group sampling, the valid range is 1000~16383500. Command Mode: Port Mode. Default: No default value.
Commands for sFlow Sample packet max len is 1400 Sample header max len is 50 Sample version is 4 Displayed Information Explanation Sflow version 1.2 Indicates the sFlow version is 1.2 Agent address is 172.16.1.100 Address of the sFlow sample proxy is 172.16.1.
Commands for SNTP Chapter 56 Commands for SNTP 56.1 clock timezone Command: clock timezone WORD {add | subtract} <0-23> [<0-59>] no clock timezone WORD Function: This command configures timezone in global mode, the no command deletes the configured timezone. Parameters: WORD: timezone name, the length should not exceed 16 add | subtract: the action of timezone <0-23>: the hour value <0-59>: the minute value Command Mode: Global mode Default: None.
Commands for SNTP 56.3 sntp polltime Command: sntp polltime no sntp polltime Function: Sets the interval for SNTP clients to send requests to NTP/SNTP; the “no sntp polltime” command cancels the polltime sets and restores the default setting. Parameters: is the interval value from 16 to 16284. Default: The default polltime is 64 seconds. Command Mode: Global Mode Example: Setting the client to send request to the server every 128 seconds.
Commands for SNTP address is vlan1: Switch(config)#no sntp server 1.1.1.1 source vlan 1 56.5 show sntp Command: show sntp Function: Displays current SNTP client configuration and server status. Parameters: N/A. Command Mode: Admin and Configuration Mode. Example: Displaying current SNTP configuration. Switch#show sntp SNTP server 2.1.0.
Commands for NTP Chapter 57 Commands for NTP 57.1 clock timezone Command: clock timezone WORD {add | subtract} <0-23> [<0-59>] no clock timezone WORD Function: This command configures timezone in global mode, the no command deletes the configured timezone. Parameters: WORD: timezone name, the length should not exceed 16 add | subtract: the action of timezone <0-23>: the hour value <0-59>: the minute value Command Mode: Global mode Default: None.
Commands for NTP 57.3 debug ntp authentication Command: debug ntp authentication no debug ntp authentication Function: To display NTP authentication information, the no form command disabled the switch of displaying NTP authentication information. Parameter: None. Default: Disabled. Command Mode: Admin Mode.
Commands for NTP If there is no parameter, that means should enable the sending and receiving switch of NTP packet in the same time. Default: Disabled. Command Mode: Admin Mode. Usage Guide: None. Example: To enable the debug switch of displaying NTP packet information. Switch# debug ntp packet 57.6 debug ntp sync Command: debug ntp sync no debug ntp sync Function: To enable/disable debug switch of displaying local time synchronization information. Parameter: None. Default: Disabled.
Commands for NTP 57.8 ntp authenticate Command: ntp authenticate no ntp authenticate Function: To enable/cancel NTP authentication function. Parameter: None. Default: Disabled. Command Mode: Global Mode. Usage Guide: None. Example: To enable NTP authentication function. Switch(config)#ntp authenticate 57.
Commands for NTP no ntp broadcast server count Function: Set the max number of broadcast or multicast servers supported by the NTP client. The no operation will cancel the configuration and restore the default value. Parameters: number:1-100, the max number of broadcast servers. Default: The default max number of broadcast servers is 50. Command Mode: Global Mode. Examples: Configure the max number of broadcast servers is 70 on the switch. Switch(config)#ntp broadcast server count 70 57.
Commands for NTP 57.14 ntp ipv6 multicast client Command: ntp ipv6 multicast client no ntp ipv6 multicast client Function: Configure the specified interface to receive IPv6 NTP multicast packets, the no command will cancels the specified interface to receive IPv6 NTP multicast packets. Parameter: None. Command mode: vlan mode Default: Interface does not receive IPv6 NTP multicast packets. Usage guide: None. Example: Enable the function for receiving IPv6 NTP multicast packets on vlan1 interface.
Commands for NTP Parameter: ip-address: IPv4 address of time server. ipv6-address: IPv6 address of time server. version: The version information configured for server. version_no: The version number of server, range is from 1 to 4, default is 4. key: To configure key for server. key-id: The key id. Default: Disabled. Command Mode: Global Mode. Usage Guide: None. Example: To configure time server address as 1.1.1.1 on switch. Switch(config)#ntp server 1.1.1.1 57.
Commands for NTP Reference clock server: 1.1.1.2 Clock offset: 0.010 s Root delay: 0.012 ms Root dispersion: 0.000 ms Reference time: TUE JAN 03 01:27:24 2006 57.19 show ntp session Command: show ntp session [ | ] Function: To display the information of all NTP session or one specific session, include server ID, server layer, and the local offset according to server.
Commands for Summer Time Chapter 58 Commands for Summer Time 58.1 clock summer-time absolute Command: clock summer-time absolute [] no clock summer-time Function: Configure summer time range, the time in this range is summer time. The no command deletes the configuration. Parameter: is the time zone name of summer time; is the start time, the format is hour (from 0 to 23):minute (from 0 to 59);
Commands for Summer Time [] no clock summer-time Function: Configure the recurrent summer time range, the time in this range is summer time. Parameter: is the time zone name of summer time; is the start time, the format is hour (from 0 to 23):minute (from 0 to 59); is the start date, the format is month(from 1 to 12).date(from 1 to 31); is the end time, the format is hour(from 0 to 23):minute(from 0 to 59);
Commands for Summer Time value, the value as “Sun”, “Mon”, “Tue”, “Wed”, “Thu”, “Fri”, “Sat”; is the month, the value as ”Jan”, “Feb”, “Mar”, “Apr”, “May”, ”Jun”, “Jul”, “Aug”, “Sep”, “Oct”, “Nov”, “Dec” is the time offset, the range from 1 to 1440, unit is minute, default value is 60 minutes. Default: There is no summer time range. Command Mode: Global Mode Usage Guide: This command sets the start and end time for the recurrent summer time flexibly.
Commands for Show Chapter 59 Commands for Show 59.1 clear history all-users Command: clear history all-users Function: Clear the command history of all users saved by the switch. Command Mode: Admin mode Usage Guide: Using this command can clear the command history of all users. Example: Switch#clear history all-users 59.2 clear logging Command: clear logging sdram Function: This command is used to clear all the information in the log buffer zone.
Commands for Show 59.4 logging Command: logging { | } [facility ] [level ] no logging { | } [facility ] Function: The command is used to configure the output channel of the log host. The “no” form of this command will disable the output at the log host output channel.
Commands for Show Parameter: None. Command Mode: Global mode. Default: Disable state. Usage Guide: After enable this command, the commands executed by user at the console, telnet or ssh terminal will record the log, so it should be used with the logging LOGHOST command. Example: Enable the command and send the commands executed by user into log host (10.1.1.1) Switch(Config)#logging 10.1.1.1 Switch(Config)#logging executed-commands enable 59.
Commands for Show Usage Guide: When the ping command is entered without any parameters, interactive configuration mode will be invoked. And ping parameters can be entered interactively. Example: Example 1: To ping with default parameters. Switch#ping 10.1.128.160 Type ^c to abort. Sending 5 56-byte ICMP Echos to 10.1.128.160, timeout is 2 seconds. ...!! Success rate is 40 percent (2/5), round-trip min/avg/max = 0/0/0 ms In the example above, the switch is made to ping the device at 10.1.128.160.
Commands for Show Datagram size in byte [56]:1000 Timeout in milli-seconds [2000]: 500 Extended commands [n]: n Display Information Explanation VRF name VRM name. If MPLS is not enabled, this field will be left empty. Target IP address: The IP address of the target device. Use source address option[n] Whether or not to use ping with source address. Source IP address To specify the source IP address for ping. Repeat count [5] Number of ping requests to be sent. The default value is 5.
Commands for Show Type ^c to abort. Sending 5 56-byte ICMP Echos to 2001:1:2::4, timeout is 2 seconds. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/320/1600 ms (2) To issue the ping6 command with source IPv6 address specified. switch>ping6 src 2001:1:2::3 2001:1:2::4 Type ^c to abort. Sending 5 56-byte ICMP Echos to 2001:1:2::4, using src address 2001:1:2::3, timeout is 2 seconds.
Commands for Show by default. Timeout in milli-seconds[2000] Timeout for ping command. 2 seconds by default. Extended commands[n] Extended configuration. Disabled by default. ! The network is reachable. . The network is unreachable. Success rate is 100 percent(8/8), Statistic information, success rate is 100 round-trip min/avg/max = 1/1/1ms percent of ping packet. 59.9 show boot-files Command: show boot-files Function: Display the first and second IMG files and the CFG file enabled by switch.
Commands for Show 59.10 show debugging Command: show debugging {l4 | l4drv | lldp | nsm | other | spanning-tree} Function: Display the debug switch status. Usage Guide: If the user needs to check what debug switches have been enabled, show debugging command can be executed. Command mode: Admin Mode Example: Check for currently nsm debug switch state. Switch#show debugging nsm NSM debugging status Relative command: debug 59.11 show fan This command is not supported by switch. 59.
Commands for Show Switch#show history enable config interface ethernet 1/3 enable dir show ftp 59.14 show history all-users Command: show history all-users [detail] Function: Show the recent command history of all users. Parameter: [detail] shows user name of the executing command. IP address of the user will be shown when logging in the executing command through Telnet or SSH.
Commands for Show Parameter:level {critical | warnings} means the level of critical information. is the index start value of the log message, the valid range is 1-65535, is the index end value of the log message, and the valid range is 1-65535. When only display logging buffered information of the line card must be added range parameter, but the main control has not the request. Command Mode: Admin and Configuration Mode.
Commands for Show information severity level) by show logging mstp command. Example: Show the log information source of MSTP. Switch#show logging source mstp system module log switch status: Channel Onoff Severity logbuff on warning loghost on warning terminal on warning 59.18 show memory Command: show memory [usage] Function: Display the contents in the memory. Parameter: usage means memory use information. Command mode: Admin Mode Usage Guide: This command is used for switch debug purposes.
Commands for Show Function: Display the current active configuration parameters for the switch. Default: If the active configuration parameters are the same as the default operating parameters, nothing will be displayed. Command mode: Admin Mode Usage Guide: When the user finishes a set of configuration and needs to verify the configuration, show running-config command can be used to display the current active parameters. Example: Switch#show running-config 59.
Commands for Show Type :Universal Mac addr num : No limit Mode :Trunk Port VID :1 Trunk allowed Vlan :ALL Displayed Information Description Ethernet1/1 Corresponding interface number of the Ethernet. Type Current interface type. Mac addr num Numbers of interfaces with MAC address learning ability. Mode: Trunk Current interface VLAN mode. Port VID :1 Current VLAN number the interface belongs. Trunk allowed Vlan :ALL VLAN permitted by Trunk. 59.
Commands for Show 59.23 show tcp ipv6 Command: show tcp ipv6 Function: Show the current TCP connection. Command mode: Admin and configuration mode.
Commands for Show 59.25 show temperature This command is not supported by the switch. 59.26 show tech-support Command: show tech-support Function: Display various information about the switch and the running tasks. This command is used to diagnose the switch by the technical support specialist. Command Mode: Admin mode and configuration mode Usage Guide: When failure occurred on the switch, this command can be used to get related information, in order to diagnose the problems.
Commands for Show 59.28 show udp ipv6 Command: show udp ipv6 Function: Show the current UDP connection. Command mode: Admin and configuration mode.
Commands for Show hostname for the remote host. is the maximum gateway number allowed by Traceroute command. Is the timeout value for test packets in milliseconds, between 100 -10000. Default: The default maximum gateway number is 30, timeout in 2000 ms. Command mode: Admin Mode Usage Guide: Traceroute is usually used to locate the problem for unreachable network nodes. 59.
Commands for Reload Switch after Specified Time Chapter 60 Commands for Reload Switch after Specified Time 60.1 reload after Command: reload after {[] [days ]} Function: Reload the switch after a specified period of time. Parameters: the specified time, HH (hours) ranges from 0 to 23, MM (minutes) and SS (seconds) range from 0 to 59. the specified days, unit is day, range from 1 to 30. time and day may be configured at the same time or configured solely.
Commands for Reload Switch after Specified Time Reload cancel successful. Related Commands: reload, reload after, show reload 60.3 show reload Command: show reload Function: Display the user’s configuration of command “reload after”. Parameters: None. Command Mode: Admin and configuration mode Usage Guide: With this command, users can view the configuration of command “reload after” and check how long a time is left before rebooting the switch. Example: View the configuration of command “reload after”.
Commands for Debugging and Diagnosis for Packets Received and Sent by CPU Chapter 61 Commands for Debugging and Diagnosis for Packets Received and Sent by CPU 61.1 clear cpu-rx-stat protocol Command: clear cpu-rx-stat protocol[ ] Function: Clear the statistics of the CPU received packets of the protocol type.
Commands for Debugging and Diagnosis for Packets Received and Sent by CPU telnet, http, dhcp, igmp, ssh; is the max rate of CPU receiving packets of the protocol type, its range is 1-2000 pps. Command Mode: Global Mode Default: A different default rate is set for the different type of protocol. Usage Guide: The rate limit set by this command have an effect on CPU receiving packets, so it is supposed to be used with the help of the technical support.
Commands for Debugging and Diagnosis for Packets Received and Sent by CPU 61.8 protocol filter This command is not supported by the switch. 61.9 show cpu-rx protocol Command: show cpu-rx protocol [ ] Function: Show the statistics of the CPU received packets of the specified protocol type. Parameter: is the protocol type of the packets, if do not input parameters, show all statistic packets. Command Mode: Admin and configuration mode Default: None.
