Content CHAPTER 1 COMMANDS FOR BASIC SWITCH CONFIGURATION ...................................................................... 31 1.1 COMMANDS FOR BASIC CONFIGURATION ............................................... 31 1.1.1 authentication line ................................................................................... 31 1.1.2 banner ....................................................................................................... 31 1.1.3 boot img .....................................
1.1.30 show memory usage ............................................................................. 42 1.1.31 show temperature .................................................................................. 42 1.1.32 show tech-support ................................................................................. 42 1.1.33 show version .......................................................................................... 43 1.1.34 username ........................................................
1.4.5 show snmp................................................................................................ 57 1.4.6 show snmp engineid ............................................................................... 58 1.4.7 show snmp group .................................................................................... 58 1.4.8 show snmp mib ........................................................................................ 59 1.4.9 show snmp status ............................................
2.6 CLUSTER KEEPALIVE LOSS-COUNT ......................................................... 76 2.7 CLUSTER MEMBER ................................................................................ 77 2.8 CLUSTER MEMBER AUTO-TO-USER ......................................................... 78 2.9 CLUSTER RESET MEMBER ...................................................................... 78 2.10 CLUSTER RUN .................................................................................... 79 2.
3.1.19 virtual-cable-test .................................................................................... 98 3.2 COMMANDS FOR PORT ISOLATION FUNCTION ....................................... 100 3.2.1 isolate-port group .................................................................................. 100 3.2.2 isolate-port group switchport interface ............................................... 100 3.2.3 isolate-port apply .............................................................................
3.5.11 lldp transmit delay................................................................................ 114 3.5.12 lldp transmit optional tlv ..................................................................... 115 3.5.13 lldp trap ................................................................................................. 115 3.5.14 lldp tx-interval ....................................................................................... 116 3.5.15 show debugging lldp ...............................
3.8.17 ethernet-oam errored-symbol-period threshold low ........................ 134 3.8.18 ethernet-oam errored-symbol-period window .................................. 134 3.8.19 ethernet-oam link-monitor .................................................................. 135 3.8.20 ethernet-oam mode .............................................................................. 135 3.8.21 ethernet-oam period ............................................................................ 136 3.8.
4.1.24 show gvrp vlan registerd port ............................................................ 156 4.1.25 show vlan .............................................................................................. 156 4.1.26 show vlan-translation .......................................................................... 157 4.1.27 switchport access vlan........................................................................ 158 4.1.28 switchport dot1q-tunnel .................................................
5.1 COMMANDS FOR MAC ADDRESS TABLE CONFIGURATION ..................... 171 5.1.1 clear mac-address-table dynamic ........................................................ 171 5.1.2 mac-address-table aging-time .............................................................. 171 5.1.3 mac-address-table static | static-multicast | blackhole ..................... 172 5.1.4 show mac-address-table ....................................................................... 173 5.
6.1.15 spanning-tree maxage ......................................................................... 188 6.1.16 spanning-tree max-hop ....................................................................... 188 6.1.17 spanning-tree mcheck ......................................................................... 188 6.1.18 spanning-tree mode ............................................................................. 189 6.1.19 spanning-tree mst configuration ................................................
7.14 MLS QOS QUEUE BANDWIDTH ............................................................. 207 7.15 MLS QOS TRUST ............................................................................... 207 7.16 PASS-THROUGH-COS ........................................................................ 207 7.17 PASS-THROUGH-DSCP ....................................................................... 207 7.18 POLICY ............................................................................................ 207 7.
10.2.1 clear ipv6 neighbor .............................................................................. 224 10.2.2 debug ip packet .................................................................................... 225 10.2.3 debug ipv6 packet ................................................................................ 225 10.2.4 debug ipv6 icmp ................................................................................... 226 10.2.5 debug ipv6 nd ................................................
CHAPTER 11 COMMANDS FOR ARP SCANNING PREVENTION .................................................................................................. 243 11.1 ANTI-ARPSCAN ENABLE ..................................................................... 243 11.2 ANTI-ARPSCAN PORT-BASED THRESHOLD ........................................... 243 11.3 ANTI-ARPSCAN IP-BASED THRESHOLD ................................................ 244 11.4 ANTI-ARPSCAN TRUST .............................................................
CHAPTER 15 COMMANDS FOR DHCP .................................. 255 15.1 COMMANDS FOR DHCP SERVER CONFIGURATION .............................. 255 15.1.1 bootfile .................................................................................................. 255 15.1.2 clear ip dhcp binding ........................................................................... 256 15.1.3 clear ip dhcp conflict ........................................................................... 256 15.1.
16.1 CLEAR IPV6 DHCP BINDING ................................................................ 271 16.2 CLEAR IPV6 DHCP SERVER STATISTICS ................................................ 271 16.3 DEBUG IPV6 DHCP CLIENT PACKET ..................................................... 272 16.4 DEBUG IPV6 DHCP DETAIL .................................................................. 272 16.5 DEBUG IPV6 DHCP RELAY PACKET ...................................................... 272 16.6 DEBUG IPV6 DHCP SERVER .........
17.6 IP DHCP RELAY INFORMATION OPTION SELF-DEFINED REMOTE-ID ........... 290 17.7 IP DHCP RELAY INFORMATION OPTION SELF-DEFINED REMOTE-ID FORMAT .............................................................................................................. 291 17.8 IP DHCP RELAY INFORMATION OPTION SELF-DEFINED SUBSCRIBER-ID .... 291 17.9 IP DHCP RELAY INFORMATION OPTION SELF-DEFINED SUBSCRIBER-ID FORMAT ...................................................................................................
18.2.3 debug ipv6 dhcp snooping packet ..................................................... 308 18.2.4 show ipv6 dhcp relay option............................................................... 309 18.2.5 show ipv6 dhcp snooping option....................................................... 309 CHAPTER 19 COMMANDS FOR DHCP SNOOPING .............. 311 19.1 DEBUG IP DHCP SNOOPING BINDING .................................................... 311 19.2 DEBUG IP DHCP SNOOPING EVENT ...............................
19.30 SHOW IP DHCP SNOOPING ................................................................ 325 19.31 SHOW IP DHCP SNOOPING BINDING ALL ............................................. 328 19.32 SHOW TRUSTVIEW STATUS ............................................................... 329 CHAPTER 20 COMMANDS FOR DHCP SNOOPING OPTION 82 .................................................................................................. 331 20.1 IP DHCP SNOOPING INFORMATION ENABLE ....................................
21.2.11 ip igmp snooping vlan limit............................................................... 344 21.2.12 ip igmp snooping vlan mrouter-port interface................................ 344 21.2.13 ip igmp snooping vlan mrouter-port learnpim................................ 345 21.2.14 ip igmp snooping vlan mrpt .............................................................. 345 21.2.15 ip igmp snooping vlan query-interval .............................................. 346 21.2.
CHAPTER 24 COMMANDS FOR ACL ..................................... 361 24.1 ABSOLUTE-PERIODIC/PERIODIC .......................................................... 361 24.2 ABSOLUTE START ............................................................................. 362 24.3 ACCESS-LIST (IP EXTENDED) .............................................................. 363 24.4 ACCESS-LIST (IP STANDARD).............................................................. 364 24.5 ACCESS-LIST(MAC EXTENDED) ...................
25.3 DEBUG DOT1X FSM ........................................................................... 385 25.4 DEBUG DOT1X PACKET ...................................................................... 385 25.5 DOT1X ACCEPT-MAC ......................................................................... 386 25.6 DOT1X EAPOR ENABLE ...................................................................... 386 25.7 DOT1X ENABLE ................................................................................ 387 25.
26.6 SWITCHPORT MAC-ADDRESS VIOLATION.............................................. 401 26.7 VLAN MAC-ADDRESS DYNAMIC MAXIMUM ............................................ 401 CHAPTER 27 COMMANDS FOR AM CONFIGURATION ........ 402 27.1 AM ENABLE ...................................................................................... 402 27.2 AM PORT .......................................................................................... 402 27.3 AM IP-POOL ....................................................
30.7 DEBUG AAA DETAIL EVENT ................................................................. 414 30.8 DEBUG AAA ERROR ........................................................................... 415 30.9 RADIUS NAS-IPV4 ............................................................................. 415 30.10 RADIUS NAS-IPV6 ........................................................................... 416 30.11 RADIUS-SERVER ACCOUNTING HOST ................................................. 416 30.
33.7 MAC-AUTHENTICATION-BYPASS SPOOFING-GARP-CHECK ..................... 431 33.8 MAC-AUTHENTICATION-BYPASS TIMEOUT LINKUP-PERIOD ..................... 431 33.9 MAC-AUTHENTICATION-BYPASS TIMEOUT OFFLINE-DETECT ................... 432 33.10 MAC-AUTHENTICATION-BYPASS TIMEOUT QUIET-PERIOD ..................... 432 33.11 MAC-AUTHENTICATION-BYPASS TIMEOUT REAUTH-PERIOD .................. 432 33.12 MAC-AUTHENTICATION-BYPASS TIMEOUT STALE-PERIOD .................... 433 33.
35.8 SHOW WEBPORTAL BINDING .............................................................. 446 35.9 WEBPORTAL BINDING-LIMIT ............................................................... 447 35.10 WEBPORTAL ENABLE ...................................................................... 447 35.11 WEBPORTAL ENABLE (PORT) ........................................................... 448 35.12 WEBPORTAL NAS-IP ........................................................................ 448 35.13 WEBPORTAL REDIRECT....
38.1 CONTROL-VLAN ................................................................................ 465 38.2 CLEAR MRPP STATISTICS ................................................................... 465 38.3 DEBUG MRPP.................................................................................... 466 38.4 ENABLE ........................................................................................... 466 38.5 FAIL-TIMER ..................................................................................
39.22 ULPP FLUSH ENABLE MAC ............................................................... 481 39.23 ULPP GROUP .................................................................................. 481 39.24 ULPP GROUP MASTER ..................................................................... 481 39.25 ULPP GROUP SLAVE ........................................................................ 482 CHAPTER 40 COMMANDS FOR ULSM .................................. 483 40.1 DEBUG ULSM EVENT........................
CHAPTER 44 COMMANDS FOR NTP ..................................... 496 44.1 CLOCK TIMEZONE ............................................................................. 496 44.2 DEBUG NTP ADJUST .......................................................................... 496 44.3 DEBUG NTP AUTHENTICATION............................................................. 496 44.4 DEBUG NTP EVENTS .......................................................................... 497 44.5 DEBUG NTP PACKET .....................
46.10 SHOW DEBUGGING .......................................................................... 512 46.11 SHOW FLASH .................................................................................. 512 46.12 SHOW HISTORY ............................................................................... 513 46.13 SHOW HISTORY ALL-USERS .............................................................. 513 46.14 SHOW LOGGING BUFFERED .............................................................. 514 46.
48.6 CPU-RX-RATELIMIT TOTAL .................................................................. 526 48.7 DEBUG DRIVER ................................................................................. 526 48.8 SHOW CPU-RX PROTOCOL ................................................................. 527 CHAPTER 49 DETAILED INFORMATION ON CHANGES .......
Chapter 1 Commands for Basic Switch Configuration 1.1 Commands for Basic Configuration 1.1.1 authentication line Command: authentication line {console | vty | web} login {local | radius | tacacs} no authentication line {console | vty | web} login Function: Configure VTY (login with Telnet and SSH), Web and Console, so as to select the priority of the authentication mode for the login user. The no form command restores the default authentication mode.
Command: banner motd no banner motd Function: This command is used to configure the information displayed when the login authentication of a telnet or console user is successful, the no command configures that the information is not displayed when the authentication is successful. Parameters: : The information displayed when the authentication is successful, length limit from 1 to 100 characters. Default: Do not show the information when the authentication is successful.
to implementing set default and write commands. is the full path of CFG file used in the next booting. The format of which is as follows: 1. The file path comprises of three parts: device prefix used as the root directory (flash:/), sub-directory, and the file name. No space is allowed in each part or between two parts. 2. The suffix of all file names should be .cfg. 3.
1.1.7 debug ssh-server Command: debug ssh-server no debug ssh-server Function: Display SSH server debugging information; the ―no debug ssh-server‖ command stops displaying SSH server debugging information. Default: This function is disabled by default. Command mode: Admin Mode. 1.1.8 enable Command: enable disable Function: Use enable command to enter Admin Mode from User Mode, disable command exits admin mode. Command mode: User Mode/ Admin Mode. Default: None.
recommended to exit Admin Mode with ―exit‖ command when the administrator needs to leave the terminal for a long time. 1.1.10 end Command: end Function: Quit current mode and return to Admin mode when not at User Mode/ Admin Mode. Command mode: Except User Mode/ Admin Mode Example: Quit VLAN mode and return to Admin mode. Switch(config-vlan1)#end Switch# 1.1.11 exec-timeout Command: exec-timeout [] no exec-timeout Function: Configure the timeout of exiting admin mode.
Usage Guide: This command is to quit current mode and return to it‘s previous mode. Example: Quit global mode to it‘s previous mode Switch#exit Switch# 1.1.13 help Command: help Function: Output brief description of the command interpreter help system. Command mode: All configuration modes. Usage Guide: An instant online help provided by the switch. Help command displays information about the whole help system, including complete help and partial help. The user can type in ? any time to get online help.
according to their own requirements. Example: Set the prompt to ―Test‖. Switch(config)#hostname Test Test(config)# 1.1.15 ip host Command: ip host no ip host {|all} Function: Set the mapping relationship between the host and IP address; the ―no ip host‖ parameter of this command will delete the mapping.
Command: ip http server no ip http server Function: Enable Web configuration; the ―no ip http server‖ command disables Web configuration Command mode: Global mode Usage guide: Web configuration is for supplying an interface configured with HTTP for the user, which is straight and visual, easy to understand. Example: Enable Web Server function and enable Web configurations. Switch(config)#ip http server 1.1.
―no password‖ command deletes this password. Parameter: password is the password for the user. If input option 0 on password setting, the password is not encrypted; if input option 7, the password is encrypted. Command mode: Global mode Default: This password is empty by system default Usage guide: When both this password and login command are configured, users have to enter the password set by password command to enter normal user mode on console.
The ―no service terminal-length‖ command cancels the screen shifting operation. Parameter: Columns of characters displayed on each screen of vty, ranging between 0-512. Command mode: Global Mode Usage guide: Configure the columns of characters displayed on each screen of the terminal. The columns of characters displayed on each screen on the telent.ssh client and the Console will be following this configuration. Example: Set the number of vty threads to 20. Switch(config)#service terminal-length 20 1.1.
Command: set default Function: Reset the switch to factory settings. Command mode: Admin Mode. Usage Guide: Reset the switch to factory settings. That is to say, all configurations made by the user to the switch will disappear. When the switch is restarted, the prompt will be the same as when the switch was powered on for the first time. Note: After the command, ―write‖ command must be executed to save the operation. The switch will reset to factory settings after restart.
Command mode: Admin and configuration mode. Usage Guide: Check the current usage of CPU resource by show cpu usage command. Only the chassis switch uses slotno parameter which is used to show the CPU usage rate of the card on specified slot, if there is no parameter, the default is current card. Example: Show the current usage rate of CPU. Switch#show cpu usage Last 5 second CPU IDLE: 87% Last 30 second CPU IDLE: 89% Last 5 minute CPU IDLE: 89% From running CPU IDLE: 89% 1.1.
Example: Switch#show tech-support 1.1.33 show version Command: show version Function: Display the version information of the switch. Command mode: Admin and Configuration Mode. Usage Guide: This command is used to show the version of the switch, it includes the hardware version and the software version information. Example: Switch#show version. 1.1.
switch, users with preference level other than 15 will be denied. Example: Configure an administrator account named admin, with the preference level as 15. And configure two normal accounts with its preference level as 1. Then enable local authentication method. Above all the configurations, only the admin user is able to login the switch in privileged mode through Telnet or Console login method, user1 and user2 can only login the switch in normal user mode through the telnet and console login method.
1.2 Commands for Telnet 1.2.1 authentication ip access-class Command: authentication ip access-class {|} no authentication ip access-class Function: Binding standard IP ACL protocol to login with Telnet/SSH/Web; the no form command will cancel the binding ACL. Parameters: is the access-class number for standard numeric ACL, ranging between 1-99; is the access-class name for standard ACL, the character string length is ranging between 1 and 32.
authentication is enabled for the VTY and Web login method by default. Command Mode: Global Mode. Usage Guide: The authentication method for Console, VTY and Web login can be configured respectively. And authentication method can be any one or combination of Local, RADIUS. When login method is configuration in combination, the preference goes from left to right. If the users have passed the authentication method, authentication method of lower preferences will be ignored.
Switch(config)# authentication securityip 192.168.1.21 1.2.5 authentication securityipv6 Command: authentication securityipv6 no authentication securityipv6 Function: To configure the security IPv6 address for Telnet and HTTP login method. The no form of this command will remove the specified configuration. Parameters: is the security IPv6 address which can login the switch. Default: No security IPv6 addresses are configured by default. Command Mode: Global Mode.
is not configured, the users login the switch via RADIUS/TACACS method and works under common mode. Example: Configure the telnet authentication mode to RADIUS. Switch(config)#authorization line vty exec radius 1.2.7 terminal length Command: terminal length <0-512> terminal no length Function: Set columns of characters displayed in each screen on terminal; the ―terminal no length‖ cancels the screen switching operation and display content once in all.
Function: Login on the remote host by Telnet Parameter: is the specific VRF name; is the IP address of the remote host, shown in dotted decimal notation; is the IPv6 address of the remote host; is the name of the remote host, containing max 64 characters; is the port number, ranging between 0 and 65535. Command Mode: Admin Mode. Usage Guide: This command is used when the switch is applied as Telnet client, for logging on remote host to configure.
Command: telnet-server max-connection { | default} Function: Configure the max connection number supported by the Telnet service of the switch. Parameters: : the max connection number supported by the Telnet service, ranging from 5 to 16. The default option will restore the default configuration. Default: The system default value of the max connection number is 5. Command Mode: Global Mode Usage Guide: None.
Switch(config)#ssh-server enable 1.2.14 ssh-server host-key create rsa Command: ssh-server host-key create rsa [modulus < modulus >] Function: Generate new RSA host key. Parameter: modulus is the modulus which is used to compute the host key; valid range is 768 to 2048. The default value is 1024. Command mode: Global Mode Default: The system uses the key generated when the ssh-server is started at the first time. Usage Guide: This command is used to generate the new host key.
command restores the default timeout value for SSH authentication. Parameter: is timeout value; valid range is 10 to 600 seconds. Command mode: Global Mode Default: SSH authentication timeout is 180 seconds by default. Usage Guide: This command is used to set SSH authentication timeout, the default timeout is 180 seconds. Example: Set SSH authentication timeout to 240 seconds. Switch(config)#ssh-server timeout 240 1.2.
1.3 Commands for Configuring Switch IP 1.3.1 interface vlan Command: interface vlan no interface vlan Function: Enter the VLAN interface configuration mode; the no operation of this command will delete the existing VLAN interface. Parameters: is the VLAN ID of an existing VLAN, ranging from 1 to 4094. Command Mode: Global Configuration Mode. Usage Guide: Users should first make sure the existence of a VLAN before configuring it.
Switch(Config-if-Vlan1)#exit Switch(config)# Relative Command: ip bootp-client enable, ip dhcp-client enable 1.3.4 ipv6 address Command: ipv6 address [eui-64] no ipv6 address [eui-64] Function: Configure aggregatable global unicast address, site-local address and link-local address for the interface.
Example: Get IP address through BootP. Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip bootp-client enable Switch (Config-if-Vlan1)#exit Switch(config)# Relative command: ip address, ip dhcp-client enable 1.3.
Example: Switch#debug snmp mib 1.4.2 debug snmp kernel Command: debug snmp kernel no debug snmp kernel Function: Enable the SNMP kernel debugging; the ―no debug snmp kernel‖ command disables the debugging function. Command Mode: Admin Mode. Usage Guide: When user encounters problems in applying SNMP, the SNMP debugging is available to locate the problem causes. Example: Switch#debug snmp kernel 1.4.
1.4.5 show snmp Command: show snmp Function: Display all SNMP counter information. Command mode: Admin and Configuration Mode.
Number of packets received by ―getnext‖ get-next PDUs requests. Number of packets received by ―set‖ set-request PDUs requests. snmp packets output Total number of SNMP packet outputs. too big errors Number of ―Too_ big‖ error SNMP packets. maximum packet size Maximum length of SNMP packets. no such name errors Number of packets requesting for non-existent MIB objects. Number of ―Bad_values‖ error SNMP bad values errors packets.
Read View:one Write View: Notify View:one Displayed Information Explanation Group Name Group name Security level Security level Read View Read view name Write View Write view name Notify View Notify view name No view name specified by the user 1.4.8 show snmp mib Command: show snmp mib Function: Display all MIB supported by the switch. Command Mode: Admin and Configuration Mode. 1.4.
1.4.10 show snmp user Command: show snmp user Function: Display the user information commands. Command Mode: Admin and Configuration Mode. Example: Switch#show snmp user User name: initialsha Engine ID: 1234567890 Auth Protocol:MD5 Priv Protocol:DES-CBC Row status:active Displayed Information Explanation User name User name Engine ID Engine ID Priv Protocol Employed encryption algorithm Auth Protocol Employed identification algorithm Row status User state 1.4.
Command: snmp-server community {ro | rw} [access {|}] [ipv6-access {|}] [read ] [write ] no snmp-server community [access {|}] [ipv6-access {|}] Function: Configure the community string for the switch; the no command deletes the configured community string.
―pvieww‖. Switch(config)#snmp-server community rw private read pviewr write pvieww 1.4.13 snmp-server enable Command: snmp-server enable no snmp-server enable Function: Enable the SNMP proxy server function on the switch. The ―no snmp-server enable‖ command disables the SNMP proxy server function Command mode: Global mode Default: SNMP proxy server function is disabled by system default.
Command Mode: Global mode Parameter: is the engine ID shown in 1-32 digit hex characters. Default: Default value is the company ID plus local MAC address. Usage Guide: None Example: Set current engine ID to A66688999F Switch(config)#snmp-server engineid A66688999F Restore the default engine ID Switch(config)#no snmp-server engineid 1.4.
Example: Create a group CompanyGroup, with the safety level of recognizing andencrypting, the read viewname isreadview, and the writing is disabled. Switch (config)#snmp-server group CompanyGroup AuthPriv read readview Delete group Switch (config)#no snmp-server group CompanyGroup AuthPriv 1.4.
Switch(config)#snmp-server host 1.1.1.5 v1 usertrap Delete an IPv6 address to receive Trap. Switch(config)#no snmp-server host 2001::1 v1 usertrap 1.4.18 snmp-server securityip Command: snmp-server securityip { | } no snmp-server securityip { | } Function: Configure security IPv4 or IPv6 address allowed to access NMS management station; the no command deletes security IPv4 or IPv6 address configured. Command Mode: Global Mode.
no snmp-server trap-source { | } Function: Set the source IPv4 or IPv6 address which is used to send trap packet, the no command deletes the configuration. Parameter: : IPv4 address is used to send trap packet in dotted decimal notation : IPv6 address is used to send trap packet in colon hexadecimal. Command Mode: Global Mode.
is the access-class name for standard ACL, the character string length is ranging between 1-32; is the access-class number for standard numeric IPv6 ACL, ranging between 500-599; is the access-class name for standard IPv6 ACL, the character string length is ranging between 1-32. Usage Guide: If the encryption and authentication is not selected, the default settings will be no encryption and no authentication. If the encryption is selected, the authentication must be done.
1.5 Commands for Switch Upgrade 1.5.1 copy(FTP) Command: copy [ascii | binary] Function: Download files to the FTP client. Parameter: is the location of the source files or directories to be copied; is the destination address to which the files or directories to be copied; forms of and vary depending on different locations of the files or directories.
Requesting for FTP server address, user name, password and file name Examples: (1) Save images in the FLASH to the FTP server of 10.1.1.1, FTP server username is Switch, password is superuser: Switch#copy nos.img ftp://Switch:superuser@10.1.1.1/nos.img (2) Obtain system file nos.img from the FTP server 10.1.1.1, the username is Switch, password is superuser Switch#copy ftp://Switch:superuser@10.1.1.1/nos.img nos.img (3) Save images in the FLASH to the FTP server of 2004:1:2:3::6 Switch#copy nos.
startup-config It means the reboot configuration files when using copy running-config startup-config command nos.img System files boot.rom System startup files Command Mode: Admin Mode. Usage Guide: This command supports command line hints, namely if the user can enter commands in following forms: copy tftp:// or copy tftp:// and press Enter, following hints will be provided by the system: tftp server ip/ipv6 address[x.x.x.
―Switch‖, the password is ―superuser‖. Switch#ftp-dir ftp://Switch:superuser @10.1.1.1. 1.5.4 ftp-server enable Command: ftp-server enable no ftp-server enable Function: Start FTP server, the ―no ftp-server enable‖ command shuts down FTP server and prevents FTP user from logging in. Default: FTP server is not started by default. Command mode: Global Mode Usage Guide: When FTP server function is enabled, the switch can still perform ftp client functions. FTP server is not started by default.
simultaneously. Parameters: is the username of the FTP link, no longer than 16 characters; is the password of the FTP link, if input option 0 on password setting, the password is not encrypted; if input option 7, the password is encrypted. Default Settings: The system uses anonymous FTP links by default. Command Mode: Global Configuration Mode. Examples: Configure the username as Switch and the password as superuser.
1.5.9 tftp-server enable Command: tftp-server enable no tftp-server enable Function: Start TFTP server, the ―no ftp-server enable‖ command shuts down TFTP server and prevents TFTP user from logging in. Default: Disable TFTP Server. Command mode: Global Mode Usage Guide: When TFTP server function is enabled, the switch can still perform TFTP client functions. TFTP server is not started by default. Example: Enable TFTP server service.
Chapter 2 Commands for Cluster 2.1 clear cluster nodes Command: clear cluster nodes [nodes-sn | mac-address ] Function: Clear the nodes in the candidate list found by the commander switch. Parameters: candidate-sn-list: sn of candidate switches, ranging from 1 to 256. More than one candidate can be specified. mac-address: mac address of the switches (including all candidates, members and other switches). Default: No parameter means to clear information of all switches.
2.3 cluster commander Command: cluster commander [] no cluster commander Function: Set the switch as a commander switch, and create a cluster. Parameter: is the cluster‘s name, no longer than 32 characters. Command mode: Global Mode Default: Default setting is no commander switch. cluster_name is null by default. Usage Guide: This command sets the role of a switch as commander switch and creates a cluster, which can only be executed on non commander switches.
10.254.254.10 Switch(config)#cluster ip-pool 10.254.254.10 2.5 cluster keepalive interval Command: cluster keepalive interval no cluster keepalive interval Function: Configure the interval of keepalive messages within the cluster. Parameters: : keepalive interval, in seconds, ranging from 3 to 30. Default: The default value is 30 seconds. Command Mode: Global Configuration Mode.
After executing it on a non commander switch, the configuration value will be saved but not used until the switch becomes a commander. Before that, its loss-count value is the one distributed by its commander. commander calculates the loss-count after sending each DP message by adding 1 to the loss-count of each switch and clearing that of a switch after receiving a DR message from the latter.
Usage Guide: After executing this command, the switch will add those identified in or into the cluster it belongs to. One or more candidates are allowed at one time, linked with ‗-‗ or ‗;‘. A switch can only be member or commander of one cluster, exclusively. Attempts to execute the command on a non commander switch will return error. The no operation of this command will delete the specified member switch, and turn it back to a candidate.
Example: In the commander switch, reset the member switch 1. Switch#cluster reset member 1 2.10 cluster run Command: cluster run [key ] [vid ] no cluster run Function: Enable cluster function; the ―no cluster run‖ command disables cluster function. Parameter: key:all keys in one cluster should be the same, no longer than 16 characters. vid:vlan id of the cluster, whose range is 1-4094. Command mode: Global Mode Default: Cluster function is disabled by default, key: NULL(\0) vid:1.
when src-url is a TFTP address, its form will be: tftp:///,in which is the IP address of the TFTP server is the name of the file to be downloaded via. Special keywords used in filename: Keywords source or destination address startup-config start the configuration file nos.
no debug cluster packets {DP | DR | CP} {receive | send} Function: Enable the debug; the no command disables the debug. Parameters: DP: discovery messages. DR: responsive messages. CP: command messages. receive: receive messages. send: send messages. Default: None. Command Mode: Admin Mode. Usage Guide: Enable the debug of cluster messages. After enabling classification, all DP, DR and CP messages sent or received in the cluster will be printed. Example: Enable the debug of receiving DP messages.
Cluster VLAN: 1 Role: Member Commander Ip Address: 10.254.254.1 Internal Ip Address: 10.254.254.2 Commamder Mac Address: 00-12-cf-39-1d-90 ---- a candidate ---------------------------Switch#show cluster Status: Enabled Cluster VLAN: 1 Role: Candidate ---- disabled ---------------------------Switch#show cluster Status: Disabled 2.15 show cluster members Command: show cluster members [id | mac-address ] Function: Display member information of a cluster.
Switch#show cluster members id 1 Cluster Members: ID: 1 Member status: Inactive member (user_config) IP Address: 10.254.254.2 MAC Address: 00-01-02-03-04-06 Description: S9820 Hostname: DSW102 2.16 show cluster candidates Command: show cluster candidates [nodes-sn | mac-address ] Function: Display the statistic information of the candidate member switches on the command switch Parameter: candidate-sn-list:candidate switch sn, ranging from 1 to 256.
Parameters: starting-node-sn:the starting node of the topology. node-sn-list:the switch node sn. mac-addr:the CPU mac address of the switch. No parameters means to display all topology information. Command Mode: Admin and Configuration Mode. Usage Guide: Executing this command on the commander switch will display the topology information with its starting node specified. Example: Execute this command on the commander switch to display the topology information under different conditions.
* 2 ES4626H LAB_SWITCH_2 M 01-02-03-04-05-02 eth 1/1 eth 1/2 - 5 ES3528M LAB_SWITCH_1 OC 01-02-03-04-05-13 eth 1/1 eth 1/2 Y 6 ES3528M LAB_SWITCH_1 OM 01-02-03-04-05-14 eth 1/1 eth 1/3 Y ---------------------------------------------- Switch#show cluster topology nodes-sn 2 Toplogy role: Member Member status: Active member (user-config) SN: 2 MAC Address: 01-02-03-04-05-02 Description: ES4626H Hostname : LAB_SWITCH_2 Upstream local-port: eth 1/1 Upstream node: 01-02-03-04-05-01 Upstream re
Instructions: This command is used to configure the commander switch remotely. Users have to telnet the commander switch by passing the authentication. The command ―exit‖ is used to quit the configuration interface of the commander switch. This command can only be executed on member switches. Example: In the member switch, enter the configuration interface of the commander switch. Switch#rcommand commander 2.
Function: Enable the bandwidth limit function on the port; the no command disables this function. Parameter: is the bandwidth limit, which is shown in kbps ranging between 1-1000000K; both refers to the bandwidth limit when the port receives and sends data, receive refers to the bandwidth limit will only performed when the switch receives data from out side, while transmit refers to the function will be perform on sending only. Command mode: Port Mode.
copper cable port while the negotiation command applies to the fiber cable port, they should not conflict. For combo ports, only one, a fiber cable port or a copper cable port, can be active at a time, and only this port can send and receive data normally. For the determination of the active port in a combo port, see the table below.
Parameters: stands for the Ethernet port number; stands for the VLAN interface number; for trunk interface number; for interface name, such as port-channel 1. Command mode: Admin Mode. Default: Port statistics are not cleared by default. Usage Guide: If no port is specified, then statistics of all ports will be cleared. Example: Clearing the statistics for Ethernet port1/1. Switch#clear counters interface ethernet 1/1 3.1.
Usage Guide: Run the exit command to exit the Ethernet Port Mode to Global Mode. Example: Entering the Ethernet Port Mode for ports1/1, 1/4-5, 1/8. Switch(config)#interface ethernet 1/1; 1/4-5; 1/8. Switch(Config-If-Port-Range)# 3.1.6 loopback Command: loopback no loopback Function: Enables the loopback test function in an Ethernet port; the no command disables the loopback test on an Ethernet port. Command mode: Port Mode. Default: Loopback test is disabled in Ethernet port by default.
3.1.8 name Command: name no name Function: Set name for specified port; the no command cancels this configuration. Parameter: is a character string, which should not exceeds 200 characters. Command mode: Port Mode. Default: No port name by default. Usage Guide: This command is for helping the user manage switches, such as the user assign names according to the port application, e.g.
Command: port-rate-statistics interval [] Function: Set the interval of port-rate-statistics, ranging from 5 to 600. Parameter: interval-value: The interval of port-rate-statistics, unit is second, ranging from 5 to 600 with the configuration step of 5. Default: Only port-rate-statistics of 5 seconds and 5 minutes are displayed. Command mode: Global Mode Usage Guide: None. Example: Count the interval of port-rate-statistics as 20 seconds. Switch(config)#port-rate-statistics interval 20 3.1.
Parameters: use dlf to limit unicast traffic for unknown destination; multicast to limit multicast traffic; broadcast to limit broadcast traffic. means the number of packets allowed to pass per second, the ranging from 1 to 1000000. Command mode: Port Mode. Default: No limit is set by default. So, broadcasts, multicasts and unknown destination unicasts are allowed to pass at line speed. Usage Guide: All ports in the switch belong to a same broadcast domain if no VLAN has been set.
Command mode: Interface Mode Default: There is no control operation for rate-violation. Usage Guide: This command is mainly used to detect the abnormal port flow. For example, when there are a large number of broadcast messages caused by a loopback, which affect the processing of other tasks, the port will be shut down to ensure the normal processing of the switch. Example: Set the rate-violation of port 8-10 (GB ports) of the switch as 10000pps and the port recovery time as 1200 seconds.
speed rate, duplex mode, flow control switch state, broadcast storm suppression of the port and the statistic state of the data packets will be displayed. The information of all ports on the switch will be shown if no port is specified. Using [detail] to show the detail information for ethernet port and port-channel port, the information is related with the type of switch, board card. For ethernet port, using status to show important information of all the layer 2 ports by list format.
Hardware is Gigabit-TX, address is 00-03-0f-02-fc-01 PVID is 1 MTU 1500 bytes, BW 10000 Kbit Encapsulation ARPA, Loopback not set Auto-duplex: Negotiation half-duplex, Auto-speed: Negotiation 10M bits FlowControl is off, MDI type is auto 5 minute input rate 0 bytes/sec, 0 packets/sec 5 minute output rate 0 bytes/sec, 0 packets/sec The last 5 second input rate 0 bytes/sec, 0 packets/sec The last 5 second output rate 0 bytes/sec, 0 packets/sec Input packets statistics: 0 input packets, 0 bytes, 0 no buffer 0
1/3 1/4 IN 0 0 0 0 OUT 0 0 0 0 IN 0 0 0 0 OUT 0 0 0 0 … Show the rate statistics information of all layer 2 ports: Switch#Show interface ethernet counter rate Interface 1/1 1/2 IN(pkts/s) IN(bytes/s) OUT(pkts/s) OUT(bytes/s) 5m 13,473 12,345,678 12,345 1,234,567 5s 135 65,800 245 92,600 5m 0 0 0 5s 1/3 5m 0 0 5s 1/4 5m 5s 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 … 3.1.
no speed-duplex Function: Sets the speed and duplex mode for 1000Base-TX, 100Base-TX or 100Base-FX ports; the no command restores the default speed and duplex mode setting, i.e., auto speed negotiation and duplex.
of the error will be displayed (how many meters it is away from the port). Command mode: Port Configuration Mode. Default Settings: No link test. Usage Guide: The RJ-45 port connected with the twisted pair under test should be in accordance with the wiring sequence rules of IEEE802.3, or the wire pairs in the test result may not be the actual ones. On a 100M port, only two pairs are used: (1, 2) and (3, 6), whose results are the only effective ones.
3.2 Commands for Port Isolation Function 3.2.1 isolate-port group Command: isolate-port group no isolate-port group Function: Set a port isolation group, which is the scope of isolating ports; the no operation of this command will delete a port isolation group and remove all ports out of it. Parameters: is the name identification of the group, no longer than 32 characters. Command mode: Global Mode. Default: None.
Parameters: is the name identification of the group, no longer than 32 characters. If there is no such group with the specified name, create one; ethernet means that the ports to be isolated is Ethernet ones, followed by a list of Ethernet ports, supporting symbols like ‖;‖ and ‖-‖. For Example: ―ethernet 1/1;3;4-7;8‖; is the name of the interface, such as e1/1. If users use interface name, the parameter of ethernet will not be required. Command mode: Global Mode. Default: None.
3.3 Commands for Port Loopback Detection Function 3.3.1 debug loopback-detection Command: debug loopback-detection Function: After enabling the loopback detection debug on a port, BEBUG information will be generated when sending, receiving messages and changing states. Parameters: None. Command mode: Admin Mode. Default: Disabled by default. Usage Guide: Display the message sending, receiving and state changes with this command.
corresponding relationship between instance and vlan id should be set manually by users, it should be noticed when be used. Example: Enable the function of loopback detection control under port1/2 mode. Switch(config)#interface ethernet 1/2 Switch(Config-If-Ethernet1/2)#loopback-detection control shutdown Switch(Config-If-Ethernet1/2)#no loopback-detection control 3.3.
Usage Guide: When there is no loopback detection, the detection interval can be relatively shorter, for too short a time would be a disaster for the whole network if there is any loopback. So, a relatively longer interval is recommended when loopbacks exist. Example: Set the loopback diction interval as 35, 15. Switch(config)#loopback-detection interval-time 35 15 3.3.
command. Example: Display the state of loopback detection on port 4.
3.4 Commands for ULDP 3.4.1 debug uldp error Command: debug uldp error no debug uldp error Function: Enable the error message debug function, the no form command disable the function. Parameter: None. Command mode: Admin Mode. Default: Disabled. Usage Guide: Use this command to display the error message. Example: Display the error message. Switch#debug uldp error 3.4.
Usage Guide: This command can be used to display the information about state transitions of the specified interfaces. Example: Print the information about state transitions of interface ethernet 1/1. Switch#debug uldp fsm interface ethernet 1/1 3.4.
will restore the normal mode. Parameters: None. Command mode: Global Configuration Mode and Port Configuration Mode. Default: Normal mode. Usage Guide: The ULDP working mode can be configured only if it is enabled globally. When ULDP aggressive mode is enabled globally, all the existing fiber ports will work in aggressive mode. For the copper ports and fiber ports which are available after the configuration is available, aggressive mode should be enabled in port configuration mode.
3.4.9 uldp hello-interval Command: uldp hello-interval no uldp hello-interval Function: To configure the interval for ULDP to send hello messages. The no form of this command will restore the default interval for the hello messages. Parameters: The interval for the Hello messages, with its value limited between 5 and 100 seconds, 10 seconds by default. Command mode: Global Configuration Mode. Default: 10 seconds by default.
Usage Guide: If an interface is shutdown by ULDP, and the recovery timer times out, the interface will be reset automatically. If the recovery timer is set to 0, the interface will not be reset. Example: To set the recovery timer to be 600 seconds. Switch(config)#uldp recovery-time 600 3.4.12 uldp reset Command: uldp reset Function: To reset the port when ULDP is shutdown. Parameters: None. Command mode: Globally Configuration Mode and Port Configuration Mode. Default: None.
3.5 Commands for LLDP Function 3.5.1 clear lldp remote-table Command: clear lldp remote-table Function: Clear the Remote-table on the port. Parameters: None. Default: Do not clear the entries. Command mode: Port Configuration Mode. Usage Guide: Clear the Remote table entries on this port. Example: Clear the Remote table entries on this port. Switch(Config-If-Ethernet 1/1)# clear lldp remote-table 3.5.
sending of packets and other information on the port. Example: Enable the debug switch of LLDP function on the switch. Switch#debug lldp packets interface ethernet 1/1 %Jan 01 00:02:40 2006 LLDP-PDU-TX PORT= ethernet 1/1 3.5.4 lldp enable Command: lldp enable lldp disable Function: Globally enable LLDP function; disable command globally disables LLDP function. Parameters: None. Default: Disable LLDP function. Command mode: Global Mode.
Parameters: send: Configure the LLDP function as only being able to send messages. receive: Configure the LLDP function as only being able to receive messages. both: Configure the LLDP function as being able to both send and receive messages. disable: Configure the LLDP function as not being able to send or receive messages. Default: The operating state of the port is ―both‖. Command mode: Port Configuration Mode. Usage Guide: Choose the operating state of the lldp Agent on the port.
3.5.9 lldp notification interval Command: lldp notification interval no lldp notification interval Function: When the time interval ends, the system is set to check whether the Remote Table has been changed. If it has, the system will send Trap to the SNMP management end. Parameters: is the time interval, ranging from 5 to 3600 seconds. Default: The time interval is 5 seconds. Command mode: Global Mode.
Parameters: is the time interval, ranging from 1 to 8192 seconds. Default: The interval is 2 seconds by default. Command mode: Global Mode. Usage Guide: When the messages are being sent continuously, a sending delay is set to prevent the Remote information from being updated repeatedly due to sending messages simultaneously. Example: Set the delay of sending messages as 3 seconds. Switch(config)#lldp transmit delay 3 3.5.
3.5.14 lldp tx-interval Command: lldp tx-interval no lldp tx-interval Function: Set the interval of sending update messages on all the ports with LLDP function enabled, the value of which ranges from 5 to 32768 seconds and is 30 seconds by default. Parameters: is the interval of sending updating messages, ranging from 5 to 32768 seconds. Default: 30 seconds. Command Settings: Global Mode.
debug lldp packets interface Ethernet1/3 debug lldp packets interface Ethernet1/4 debug lldp packets interface Ethernet1/5 =============END OF DEBUG SETTINGS=============== 3.5.
using ―show lldp interface ethernet XXX‖. Example: Check the configuration information of LLDP on the port after LLDP is enabled on the switch. Switch(config)#show lldp interface ethernet 1/1 Port name: ethernet 1/1 LLDP Agent Adminstatus: Both LLDP Operation TLV: portDecs sysName sysDesc sysCap LLDP Trap Status: disable LLDP maxRemote: 100 LLDP Overflow handle: discard LLDP interface remote status : Full 3.5.
-------------Ethernet1/1 0 -------0 --------- ------------- 0 ---------------0 0 119 0 7
3.6 Commands for Port Channel 3.6.1 debug port-channel Command: debug port-channel {all | event | fsm | packet | timer} no debug port-channel [] Function: Open the debug switch of port-channel. Parameters: is the group number of port channel, ranging from 1~14 all: all debug information event: debug event information fsm: debug the state machine packet: debug LACP packet information timer: debug the timer information Command mode: Admin mode.
initial user configuration will not be restored. If it is configuration for modules, such as shutdown configuration, then the configuration to current port will apply to all member ports in the corresponding port group. Example: Entering configuration mode for port-channel 1. Switch(config)#interface port-channel 1 Switch(Config-If-Port-Channel1)# 3.6.3 lacp port-priority Command: lacp port-priority no lacp port-priority Function: Set the port priority of LACP protocol.
Function: Set the timeout mode of LACP protocol. Parameters: The timeout mode includes long and short. Command mode: Port Mode Default: Long. Usage Guide: Set the timeout mode of LACP protocol. Example: Set the timeout mode as short in LACP protocol. Switch(Config-If-Ethernet1/1)#lacp timeout short 3.6.6 load-balance Command: load-balance {src-mac | dst-mac | dst-src-mac | src-ip | dst-ip | dst-src-ip } Function: Set load-balance mode for port-group.
Command mode: Global Mode Example: Creating a port group. Switch(config)# port-group 1 Delete a port group. Switch(config)#no port-group 1 3.6.8 port-group mode Command: port-group mode {active | passive | on} no port-group Function: Add a physical port to port channel, the no operation removes specified port from the port channel.
from 1~14; brief displays summary information; detail displays detailed information. Command mode: All Configuration Mode. Usage Guide: If the user does not input port-group-number, that means the information of all the existent port-group are showed; if the port channel corresponds to port-group-number parameter and is not exist, then print a error message, otherwise display the current port-channel information of the specified group number. Example: 1. Display summary information for port-group 1.
Ethernet1/20 Unselected 32768 1 {ACG} Ethernet1/23 Standby 1 {AC} 32768 Remote: Actor Partner Priority Oper-Key SystemID Flag ----------------------------------------------------------------------------Ethernet1/1 1 32768 1 0x8000,00-03-0f-01-02-04 {CDEF} Ethernet1/2 2 32768 1 0x8000,00-03-0f-01-02-04 {CDEF} Ethernet1/3 3 32768 1 0x8000,00-03-0f-01-02-04 {CDEF} Ethernet1/4 4 32768 1 0x8000,00-03-0f-01-02-04 {CDEF} Ethernet1/5 5 32768 1 0x8000,00-03-0f-01-02-04 {CDEF
3.7 Commands for Jumbo 3.7.1 jumbo enable Command: jumbo enable [] no jumbo enable Function: Configure the MTU size of JUMBO frame, enable the jumbo receiving/sending function. The no command restores to the normal frame receiving function. Parameter: mtu-value: the MTU value of jumbo frame that can be received, in byte, ranging from <1500-9000>. The corresponding frame size is <1518/1522-9018/9022>. Without setting is parameter, the allowed max frame size is 9018/9022.
3.8 Commands for EFM OAM 3.8.1 clear ethernet-oam Command: clear ethernet-oam [interface {ethernet |} ] Function: Clear the statistic information of packets and link event on specific or all ports for OAM. Parameters: , the name of the port needs to clear OAM statistic information Command mode: Admin mode Default: N/A. Usage Guide: N/A. Example: Clear the statistic information of OAM packets and link event on all ports. Switch(config)#clear ethernet-oam 3.8.
Example: Enable the debugging of Discovery state machine for ethernet1/1. Switch#debug ethernet-oam fsm Discovery interface ethernet1/1. 3.8.4 debug ethernet-oam packet Command: debug ethernet-oam packet [detail] {all | send | receive} [interface {ethernet |} ] no debug ethernet-oam packet [detail] {all | send | receive} interface {ethernet |} Function: Enable the debugging of packets received or sent by OAM, no command disables the debugging.
Parameters: None. Command mode: Port mode Default: Disable. Usage Guide: N/A. Example: Enable ethernet-oam of Ethernet 1/4. Switch(config)#interface ethernet 1/4 Switch(Config-If-Ethernet1/4)#ethernet-oam 3.8.7 ethernet-oam errored-frame threshold high Command: ethernet-oam errored-frame threshold high { | none} no ethernet-oam errored-frame threshold high Function: Configure the high threshold of errored frame event, no command restores the default value.
the peer by sending event notification OAMPDU. Note that the low threshold can not be larger than the high threshold. Example: Configure the low threshold of errored frame event on Ethernet 1/4 to 100. Switch(Config-If-Ethernet1/4)#ethernet-oam errored-frame threshold low 100 3.8.9 ethernet-oam errored-frame window Command: ethernet-oam errored-frame window no ethernet-oam errored-frame window Function: Configure the detection period of errored frame event, no command restores the default value.
Flags field is 1. Note that the high threshold can not be less than the low threshold. Example: Configure the high threshold of errored frame period event on port 1/4 to 3000. Switch(Config-If-Ethernet1/4)#ethernet-oam errored-frame-period threshold high 3000 3.8.
detection period of errored frame period event(s)÷(64×8), of which the detection period is the number of seconds in window of the configuration. Example: Configure the detection period of errored frame period event on port 1/4 to 10s. Switch(Config-If-Ethernet1/4)#ethernet-oam errored-frame-period window 10 3.8.
Command mode: Port mode Default: 1. Usage Guide: During the specific detection period, errored frame seconds event is induced if the number of errored frame seconds is larger than or equal to the low threshold and the device notifies the peer by sending event notification OAMPDU. Note that the low threshold should not be larger than the high threshold. The definition of errored frame seconds is the second in which errored frame is received.
none, cancel the high threshold configuration. Command mode: Port mode Default: none. Usage Guide: During the specific detection period, serious link event is induced if the number of errored symbols is larger than or equal to the high threshold and the device notifies the peer by sending Information OAMPDU of which the value of Link Fault flag in Flags field is 1. Note that the high threshold should not be less than the low threshold.
Command mode: Port mode Default: 1. Usage Guide: Detect errored symbols of the port after the time of specific detection period. If the number of errored symbols is larger than or equal to the threshold, corresponding event is induced and the device notified the peer through OAMPDU. Example: Set the detection period of errored symbol event on port 1/4 to be 2s. Switch(Config-If-Ethernet1/4)#ethernet-oam errored-symbol-period window 2 3.8.
3.8.21 ethernet-oam period Command: ethernet-oam period no ethernet-oam mode Function: Configure the transmission period of Information OAMPDU, no command restores the default value. Parameters: , sending period, ranging from 1 to 2 seconds. Command mode: Port mode Default: 1s. Usage Guide: Use this command to configure the transmission interval of Information OAMPDU which keep OAM connection normally. Example: Set the transmission interval of Information OAMPDU for ethernet 1/4 to be 2s.
Function: Configure the timeout of OAM connection, no command restores the default value. Parameters: , the timeout ranging from 5 to 10 seconds. Command mode: Port mode Default: 5s. Usage Guide: OAM connection will be disconnected if no OAMPDU is received after specified timeout. Example: Set the timeout of OAM connection for ethernet 1/4 to 6 seconds. Switch(Config-If-Ethernet1/4)#ethernet-oam timeout 6 3.8.
L - Link Monitor, R - Remote Loopback U - Unidirection, V - Variable Retrieval Remote-MAC-Addr MAC address of the peer Remote-Mode OAM working mode of the peer Functions are supported by OAM of the peer Remote-Capability L - Link Monitor, R - Remote Loopback U - Unidirection, V - Variable Retrieval Show detailed information of local OAM entity for ethernet 1/2: Switch#show ethernet-oam local interface ethernet1/2 Ethernet1/2 oam local Information: oam_status=enable local _mode=active period=1s timeout
Status of Ethernet OAM: oam_status enable, OAM is enabled; disable, OAM is not enabled. Working mode of Ethernet OAM: local _mode active, the port is set as active mode; passive, the port is set as passive mode. Period Transmission period of packets Timeout Timeout of connection The way in which the local end processes Ethernet OAMPDUs: RX_INFO, the port only receives Information OAMPDUs and does not send any Ethernet OAMPDUs.
Link Fault Whether occur a Link Fault event: 0 for no and 1 for yes. Dying Gasp Whether occur a Dying Gasp event: 0 for no and 1 for yes. Critical Event Whether occur a Critical Event: 0 for no and 1 for yes. Max_OAMPDU_Size The maximum length of OAMPDU is supported. Show the number of the OAMPDU packets sent and OAMPDU received which is the sum of three kinds of packets.
OAMPDUs: RX_INFO, the port only receives Information OAMPDUs and does not send any Ethernet OAMPDUs. LF_INFO, the port only sends Information OAMPDU packets without Information TLV and with their link error flag bits being set. INFO, the port only sends and receives Information OAMPDU packets. ANY, the port sends and receives any OAMPDU packets. Working mode of the local transmitter: local_mux_action FWD, the port can send any packets; DISCARD, the port only sends OAMPDU packets and discards others.
] Function: Shows the statistic information of link events on specified or all ports with OAM enabled, including general link events and severe link events. Parameters: local, show the detailed information of the local events; remote, show the detailed information of the remote events; , the port that the statistic information of OAM link events needs to be shown, the statistic information of OAM link events for all ports will be shown if this parameter is not specified.
errored frame low threshold:1 errored frame:1200120 errored frame high threshold:none errored running total:2302512542 event running total:232 OAM_local_link-fault:0 OAM_local_dying gasp:0 OAM_local_critical event:0 Field Description Statistic information of the local errored OAM_local_errored-symbol-period-events symbol events Statistic information of the local errored OAM_local_errored-frame-period-events frame period events Statistic information of the local errored OAM_local_errored-frame-event
] Function: Show configuration of link events on specified or all ports with OAM enabled, including detection period and threshold of the events and so on. Parameters: , the port that the statistic information of OAM link events needs to be shown, the statistic information of OAM link events for all ports will be shown if this parameter is not specified. Command mode: Admin mode Default: N/A. Usage Guide: N/A. Example: Show configuration of link events on ethernet 1/1.
Chapter 4 VLAN Configuration 4.1 Commands for VLAN Configuration 4.1.1 debug gvrp event Command: debug gvrp event interface (ethernet | port-channel |) IFNAME no debug gvrp event interface (ethernet | port-channel |) IFNAME Function: Enable/disable GVRP event debugging including the transfer of state machine and the expiration of timer. Parameters: ethernet, physical port port-channel, aggregate port IFNAME, port name Command Mode: Admin mode Default: GVRP event debugging is disabled.
Switch(config)#debug gvrp packet receive interface ethernet 1/1 Receive packet, smac 00-21-27-aa-0f-46, dmac 01-80-C2-00-00-21, length 90, protocol ID:1,attribute type:0x01, Attribute Index Length -------------------- --------- Event Value ------- ------- 1 10 joinIn 100 2 10 joinEmpty 140 3 10 leaveIn 4 10 leaveEmpty 150 180 4.1.
4.1.4 dot1q-tunnel selective enable Command: dot1q-tunnel selective enable no dot1q-tunnel selective enable Function: Specify a port to enable selective QinQ, the no command restores the default value. Parameter: None. Command Mode: Port mode Default: Do not enable selective QinQ. Usage Guide: Enable selective QinQ command should associates with hybrid mode, and it should not be used with dot1q-tunnel enable synchronously. Example: Enable dot1q-tunnel selective enable of port1.
Command: dot1q-tunnel tpid {0x8100|0x9100|0x9200| <1-65535> } Function: Configure the global protocol type (TPID) of the switch. Parameter: None. Command Mode: Global Mode. Default: TPID on global is defaulted at 0x8100. Usage Guide: This function is to facilitate internetworking with equipments of other manufacturers.
Switch(config)#garp timer leave 600 4.1.9 garp timer leaveAll Command: garp timer leaveall <5000-60000> Function: Set the value of garp leaveAll timer, note that the value of leaveAll timer must be larger than leave timer. Parameters: <5000-60000>, the value of timer in millisecond Command Mode: Global mode Default: 10000 ms. Usage Guide: Check whether the value satisfy the range. If so, modify the value of garp leaveAll timer to the specified value, otherwise return a configuration error.
Usage Guide: GVRP function can only be enabled on trunk and hybrid ports, and enabling GVRP will return an error on access port. After GVRP enabled on port, this port will be added to GVRP (i.e. adding corresponding state machine to GVRP of the port). Example: Enable GVRP of port. Switch(config-if-ethernet1/1)#gvrp 4.1.12 no garp timer Command: no garp timer (join | leave | leaveall) Function: Restore garp join | leave | leaveAll timer to the default value.
no private-vlan Function: Configure current VLAN to Private VLAN. The no command cancels the Private VLAN configuration. Parameter: primary set current VLAN to Primary VLAN, isolated set current VLAN to Isolated VLAN, community set current VLAN to Community VLAN. Command Mode: VLAN mode Default: Private VLAN is not configured by default. Usage Guide: There are three Private VLANs: Primary VLAN, Isolated VLAN and Community VLAN.
no private-vlan association Function: Set Private VLAN association; the no command cancels Private VLAN association. Parameter: Sets Secondary VLAN list which is associated to Primary VLAN. There are two types of Secondary VLAN: Isolated VLAN and Community VLAN. Users can set multiple Secondary VLANs by ';'. Command mode: VLAN Mode. Default: There is no Private VLAN association by default. Usage Guide: This command can only used for Private VLAN.
Parameters: join, join timer leave, leave timer leaveAll, leaveAll timer Command Mode: Admin mode Default: 200|600|10000 milliseconds for join | leave | leaveAll timer respectively. Usage Guide: Show the corresponding value of the timer specified in the command. Example: Show the value of all garp timers currently. Switch#show garp timer join Garp join timer‘s value is 200(ms) 4.1.
IFNAME Function: Show the state of leaveAll state machine on specified or all ports. Parameters: ethernet, physical port port-channel, aggregate port IFNAME, port name Command Mode: Admin mode Default: Passive. Usage Guide: Check the state of leaveAll state machine. Example: Show the state of leaveAll state machine on port. Switch#show gvrp leaveall fsm information interface ethernet 1/1 Interface ---------Ethernet1/1 leaveAll fsm -----------passive 4.1.
Parameters: active means the port is in active state Command Mode: Admin mode Default: GVRP is disabled on port. Usage Guide: Show all ports (enable GVRP) saved in GVRP. Example: Show all ports with GVRP enabled. Switch#show gvrp port member Ports which were enabled gvrp included: Ethernet1/3(T) Ethernet1/4(T) Ethernet1/5(T) Ethernet1/6(T) Ethernet1/7(T) Ethernet1/8(T) Ethernet1/9(T) Ethernet1/10(T) 4.1.
Command: show gvrp timer (join | leaveall) running information interface (ethernet | port-channel |) IFNAME Function: Show running of all join|leaveAll timer on current port. Parameters: join, join timer leaveall, leaveAll timer ethernet, physical port port-channel, aggregate port IFNAME, port name Command Mode: Admin mode Default: Join timer is disabled and leaveAll timer is enabled. Usage Guide: Check running state of join|leaveAll timer on port.
is the VLAN name for the VLAN to display status information, valid length is 1 to 11 characters. Command mode: Admin Mode and Configuration Mode. Usage Guide: If no or is specified, then information for all VLANs in the switch will be displayed. Example: Display the status for the current VLAN; display statistics for the current VLAN.
Usage Guide: Display the information of all the ports at VLAN-translation state. Example: Display current VLAN translation state information. Switch#show vlan-translation Interface Ethernet1/1: vlan-translation is enable Interface Ethernet1/2: vlan-translation is enable Interface Ethernet1/3: vlan-translation is enable 4.1.27 switchport access vlan Command: switchport access vlan no switchport access vlan Function: Add the current Access port to the specified VLAN.
Function: Configure the forbidden vlan for a port. Note that this command can only be used to configure on trunk or hybrid ports and the port with GVRP not enabled. No command cancels the forbidden vlanlist for a port.
Usage Guide: The user can use this command to set the VLANs whose traffic allowed to pass through the Hybrid port, traffic of VLANs not included are prohibited. The difference between tag and untag mode by setting allowed vlan: set VLAN to untag mode, the frame sent via hybrid port without VLAN tag; set VLAN to tag mode, the frame sent via hybrid port with corresponding VLAN tag. The same VLAN can not be allowed with tag and untag mode by a Hybrid port at the same time.
Function: Specify Ethernet port to VLAN; the no command deletes one or one set of ports from the specified VLAN. Parameter: ethernet is the Ethernet port to be added. portchannel means that the port to be added is a link-aggregation port. interface-name port name, such as e1/1. If this option is selected, ethernet or portchannel should not be. interface-list is the port list to be added or deleted, ―;‖ and ―-‖ are supported, for Example: ethernet1/1;3;4-7;8. Command mode: VLAN Mode.
Switch(config)#interface ethernet 1/8 Switch(Config-If-Ethernet1/8)#switchport mode access Switch(Config-If-Ethernet1/8)#exit Switch(config)#interface ethernet 1/10 Switch(Config-If-Ethernet1/10)#switchport mode hybrid Switch(Config-If-Ethernet1/10)#exit 4.1.34 switchport mode trunk allow-null Command: switchport mode trunk allow-null Function: Add a port as trunk mode. When enabling GVRP, the mode that adds the ports with trunk mode to all VLANs is not appropriate.
passthrough the Trunk port; traffic of VLANs not included are prohibited. Example: Set Trunk port to allow traffic of VLAN1, 3, 5-20. Switch(config)#interface ethernet 1/5 Switch(Config-If-Ethernet1/5)#switchport mode trunk Switch(Config-If-Ethernet1/5)#switchport trunk allowed vlan 1;3;5-20 Switch(Config-If-Ethernet1/5)#exit 4.1.
Usage Guide: VLAN1 is the default VLAN and cannot be configured or deleted by the user. The maximal VLAN number is 4094. It should be noted that dynamic VLANs learnt by GVRP cannot be deleted by this command. Example: Create VLAN100 and enter the configuration mode for VLAN 100. Switch(config)#vlan 100 Switch(Config-Vlan100)# 4.1.38 vlan internal Command: vlan <2-4094> internal Function: Specify the internal VLAN ID.
4.1.40 vlan-translation Command: vlan-translation to in no vlan-translation in Function: Add VLAN translation by creating a mapping between original VLAN ID and current VLAN ID; the no form of this command deletes corresponding mapping. Parameter: old-vlan-id is the original VLAN ID; new-vlan-id is the translated VLAN ID; in indicates ingress translation. Command Mode: Global/Port Mode. Default: There is no VLAN translation relation.
Switch(Config-If-Ethernet1/1)#vlan-translation enable 4.1.42 vlan-translation miss drop This command is not supported by the switch. 4.2 Commands for Dynamic VLAN Configuration 4.2.1 dynamic-vlan mac-vlan prefer This command is not supported by this switch. 4.2.2 dynamic-vlan subnet-vlan prefer This command is not supported by this switch. 4.2.
4.2.4 mac-vlan vlan Command: mac-vlan vlan no mac-vlan vlan Function: Configure the specified VLAN to MAC VLAN; the ―no mac-vlan vlan ‖ command cancels the MAC VLAN configuration of this VLAN. Parameter: is the number of the specified VLAN. Command Mode: Global Mode. Default: No MAC VLAN is configured by default. Usage Guide: Set specified VLAN for MAC VLAN. Example: Set VLAN100 to MAC VLAN. Switch#config Switch(config)#mac-vlan vlan 100 4.2.
This command is not supported by this switch. 4.2.7 show mac-vlan Command: show mac-vlan Function: Display the configuration of MAC-based VLAN on the switch. Parameter: None. Command Mode: Admin Mode and other configuration Mode. Usage Guide: Display the configuration of MAC-based VLAN on the switch. Example: Display the configuration of the current MAC-based VLAN.
Usage Guide: Display the configuration of Protocol-based VLAN on the switch. Example: Display the configuration of the current Protocol-based VLAN. Switch#show protocol-vlan Protocol_Type VLAN_ID Priority ------------------- ------------- --------- etype 0x800 200 4 etype 0x860 200 4 etype 0xabc 100 5 4.2.10 show subnet-vlan This command is not supported by this switch. 4.2.11 show subnet-vlan interface This command is not supported by this switch. 4.2.
This command is not supported by this switch.
Chapter 5 Commands for MAC Address Table Configuration 5.1 Commands for MAC Address Table Configuration 5.1.1 clear mac-address-table dynamic Command: clear mac-address-table dynamic [address ] [vlan ] [interface [ethernet | portchannel] ] Function: Clear the dynamic address table. Parameter: : MAC address will be deleted; the port name for forwarding the MAC packets; VLAN ID. Command mode: Admin mode.
5.1.3 mac-address-table static | static-multicast | blackhole Command: mac-address-table {static | static-multicast | blackhole} address vlan [interface ethernet ] | [source | destination | both] no mac-address-table {static | static-multicast | blackhole | dynamic} [address ] [vlan ] [interface ethernet ] Function: Add or modify static address entries, static multicast entries and filter address entries.
After configure the static multicast MAC by this command, the multicast MAC traffic will be forwarded to the specified port of the specified VLAN. Example: Port 1/1 belongs to VLAN200, and establishes address mapping with MAC address 00-03-0f-f0-00-18. Switch(config)#mac-address-table static address 00-03-0f-f0-00-18 vlan 200 interface ethernet 1/1 Configure a static multicast MAC 01-00-5e-00-00-01, the egress is ehernet 1/1.
can be perform in specified port. If no ports and MAC are specified, then all dynamic MAC in all locked secure ports will be cleared; if only port but no MAC address is specified, then all MAC addresses in the specified port will be cleared. Example: Delete all dynamic MAC in port1. Switch#clear port-security dynamic interface Ethernet 1/1 5.2.
5.2.4 mac-address-table synchronizing enable Command: mac-address-table synchronizing enable no mac-address-table synchronizing enable Function: Enable the monitor function for MAC, if a MAC is added or deleted, the system will report this monitored event; the no command will cancel this function. Parameter: None. Command mode: Global Mode. Default: Disable. Usage Guide: The user enables this function to obtain the status of the MAC changing or the accessed user.
CurrentAddr The current secure MAC address number of the security port. Security Action The violation mode of the port configuration. Total Addresses in System The current secure MAC address number of the system. Max Addresses limit in The maximum secure MAC address number of the system. System 5.2.6 show port-security address Command: show port-security address [interface ] Function: Display the secure MAC addresses of the port. Command mode: Admin and Configuration Mode.
Function: Display the configuration of secure port. Command mode: Admin and Configuration Mode. Parameter: stands for the port to be displayed. Default: Configuration of secure ports is not displayed by default. Usage Guide: This command displays the detailed configuration information for the secure port.
the MAC address binding function for the port. Command mode: Port Mode. Default: MAC address binding is not enabled by default. Usage Guide: The MAC address binding function and Port Aggregation functions are mutually exclusive. Therefore, if MAC binding function for a port is to be enabled, the Port Aggregation functions must be disabled, and the port enabling MAC address binding must not be a Trunk port. Example: Enable MAC address binding function for port 1.
Switch(Config-If-Ethernet1/1)#switchport port-security lock 5.2.11 switchport port-security mac-address Command: switchport port-security mac-address no switchport port-security mac-address Function: Add a static secure MAC address; the no command deletes a static secure MAC address. Command mode: Port Mode. Parameters: stands for the MAC address to be added or deleted.
Command: switchport port-security timeout no switchport port-security timeout Function: Set the timer for port locking; the no command restores the default setting. Parameter: is the timeout value, the valid range is 0 to 300s. Command mode: Port Mode. Default: Port locking timer is not enabled by default. Usage Guide: The port locking timer function is a dynamic MAC address locking function.
Chapter 6 Commands for MSTP 6.1 Commands for MSTP 6.1.1 abort Command: abort Function: Abort the current MSTP region configuration, quit MSTP region mode and return to global mode. Command mode: MSTP Region Mode. Usage Guide: This command is to quit MSTP region mode without saving the current configuration. The previous MSTP region configuration is valid. Example: Quit MSTP region mode without saving the current configuration. Switch(Config-Mstp-Region)#abort Switch(config)# 6.1.
instances. Parameter: Normally, sets the instance number. The valid range is from 0 to 64; in the command ―no instance [vlan ]‖, sets the instance number. The valid number is from 0 to 64. sets consecutive or non-consecutive VLAN numbers. ―-‖ refers to consecutive numbers, and ―;‖ refers to non-consecutive numbers.
Function: Cancel one command or set it as initial value. Parameter: instance number, MSTP region name, is account the modify value of MST configuration caption. Command mode: MSTP Region Mode Default: The default revision level is 0. Usage Guide: This command deletes the specified instance and MSTP region name, restore the default of modify value is 0. Example: Delete instance 1. Switch(Config-Mstp-Region)#no instance 1 6.1.
no spanning-tree Function: Enable MSTP in global mode and in Port Mode; The command ―no spanning-tree‖ is to disable MSTP. Command mode: Global Mode and Port Mode Default: MSTP is not enabled by default. Usage Guide: If the MSTP is enabled in global mode, the MSTP is enabled in all the ports except for the ports which are set to disable the MSTP explicitly. Example: Enable the MSTP in global mode, and disable the MSTP in the interface1/2.
Switch(Config-If-Ethernet1/2)#spanning-tree cost 3000000 6.1.10 spanning-tree digest-snooping Command: spanning-tree digest-snooping no spanning-tree digest-snooping Function: Configure the port to use the authentication string of partner port; the command ―no spanning-tree digest-snooping‖ restores to use the port generated authentication string. Parameter: None Command mode: Port Mode Default: Don‘t use the authentication string of partner port.
Default: Auto Packet Format. Usage Guide: As the CISCO has adopted the packet format different with the one provided by IEEE, while many companies also adopted the CISCO format to be CISCO compatible, we have to provide support to both formats. The standard format is originally the one provided by IEEE, and the privacy packet format is CISCO compatible.
conditions. Otherwise, the MSTP may work incorrectly. 2 * (Bridge_Forward_Delay - 1.0 seconds) >= Bridge_Max_Age Bridge_Max_Age >= 2 * (Bridge_Hello_Time + 1.0 seconds) Example: In global mode, set MSTP forward delay time to 20 seconds. Switch(config)#spanning-tree forward-time 20 6.1.13 spanning-tree hello-time Command: spanning-tree hello-time
6.1.15 spanning-tree maxage Command: spanning-tree maxage
Command mode: Port Mode Default: The port is in the MSTP mode by default. Usage Guide: If a network which is attached to the current port is running IEEE 802.1D STP, the port converts itself to run in STP mode. The command is used to force the port to run in the MSTP mode. But once the port receives STP messages, it changes to work in the STP mode again. This command can only be used when the switch is running in IEEE802.1s MSTP mode. If the switch is running in IEEE802.1D STP mode, this command is invalid.
mapped to the instance 0. Name MAC address of the bridge Revision 0 Usage Guide: Whether the switch is in the MSTP region mode or not, users can enter the MSTP mode, configure the attributes, and save the configuration. When the switch is running in the MSTP mode, the system will generate the MST configuration identifier according to the MSTP configuration. Only if the switches with the same MST configuration identifier are considered as in the same MSTP region. Example: Enter MSTP region mode.
Example: On the port1/2, set the MSTP port cost in the instance 2 to 3000000. Switch(Config-If-Ethernet1/2)#spanning-tree mst 2 cost 3000000 6.1.21 spanning-tree mst loopguard Command: spanning-tree [mst ] loopguard no spanning-tree [mst ] loopguard Function: Enable the loopguard function for specified instance, the no command disables this function. Parameter: : MSTP instance ID. Command mode: Port Mode. Default: Disable loopguard function.
Switch(Config-If-Ethernet1/2)#spanning-tree mst 1 port-priority 32 6.1.23 spanning-tree mst priority Command: spanning-tree mst priority no spanning-tree mst priority Function: Set the bridge priority for the specified instance; the command ―no spanning-tree mst priority‖ restores the default setting. Parameter: sets instance ID. The valid range is from 0 to 64; sets the switch priority.
Switch(config)#interface ethernet 1/2 Switch(Config-If-Ethernet1/2)#spanning-tree mst 0 rootguard Switch(Config-If-Ethernet1/2)# 6.1.25 spanning-tree portfast Command: spanning-tree portfast [bpdufilter | bpduguard] [recovery <30-3600>] no spanning-tree portfast Function: Set the current port as boundary port, and BPDU filter、BPDU guard as specified mode or default mode; the command ―no spanning-tree portfast‖ sets the current port as non-boundary port.
port priority is, the higher the priority is. Example: Set the port priority as 4096 on the port 1. Switch(Config-If-Ethernet1/1)#spanning-tree port-priority 4096 6.1.27 spanning-tree priority Command: spanning-tree priority no spanning-tree priority Function: Configure the spanning-tree priority; the ―no spanning-tree priority‖ command restores the default priority. Parameter: is the priority of the bridging switch.
Switch(Config-If-Ethernet1/1)#spanning-tree rootguard 6.1.29 spanning-tree tcflush (Global mode) Command: spanning-tree tcflush {enable| disable| protect} no spanning-tree tcflush Function: Configure the spanning-tree flush mode once the topology changes. ―no spanning-tree tcflush‖ restores to default setting. Parameter: enable: The spanning-tree flush once the topology changes. disable: The spanning tree don‘t flush when the topology changes.
environment to do FLUSH with every topology change. At the same time, as a method to avoid network assault, we allow the network administrator to configure FLUSH mode by the command Note: For the complicated network, especially need to switch from one spanning tree branch to another rapidly, the disable mode is not recommended. Example: Configure the spanning-tree flush mode once the topology change is not flush to TC.
Example: Enable to receive the debugging information of BPDU messages on the port1/1. Switch#debug spanning-tree Switch#debug spanning-tree bpdu rx interface e1/1 6.2.2 show mst-pending Command: show mst-pending Function: In the MSTP region mode, display the configuration of the current MSTP region. Command mode: Admin Mode Usage Guide: In the MSTP region mode, display the configuration of the current MSTP region such as MSTP name, revision, VLAN and instance mapping.
valid range is from 0 to 64; detail sets the detailed spanning-tree information. Command mode: Admin and Configuration Mode Usage Guide: This command can display the MSTP information of the instances in the current bridge. Example: Display the bridge MSTP. Switch#sh spanning-tree -- MSTP Bridge Config Info -Standard : IEEE 802.
PortName ID IntRPC State Role DsgBridge DsgPort -------------- ------- --------- --- ---- ------------------ ------Ethernet1/1 128.001 0 FWD MSTR Ethernet1/2 128.002 0 BLK ALTR 0.00030f010e30 128.001 0.00030f010e30 128.002 ########################### Instance 4 ########################### Self Bridge Id : 32768.00: 03: 0f: 01: 0e: 30 Region Root Id : this switch Int.
ID Port priority and port index ExtRPC Port cost to the root of the entire network IntRPC Cost from the current port to the region root of the current instance State Port status of the current instance Role Port role of the current instance DsgBridge Upward designated bridge of the current port in the current instance DsgPort Upward designated port of the current port in the current instance 6.2.
Chapter 7 Commands for QoS 7.1 accounting Command: accounting no accounting Function: Set statistic function for the classified traffic. Parameter: None. Command mode: Policy map configuration mode Default: Do not set statistic function. Usage Guide: After enable this function, add statistic function to the traffic of the policy class map, the messages can only red or green when passing policy. Example: Count the packets which satisfy c1 rule.
Switch(Config-PolicyMap-p1)#class c1 Switch(Config-PolicyMap-p1-Class-c1)#exit Switch(Config-PolicyMap-p1)#class c2 insert-before c1 Switch(Config-PolicyMap-p1-Class-c2)#exit 7.3 class-map Command: class-map no class-map Function: Creates a class map and enters class map mode; the no command deletes the specified class map. Parameters: is the class map name. Default: No class map is configured by default.
7.5 drop Command: drop no drop Function: Drop data package that match the class, the no command cancels the assigned action. Parameters: None. Default: Do not set the action. Command mode: Policy class map configuration mode Usage Guide: Drop the specified packet after configure this command. Example: Drop the packet which satisfy c1.
parameter is the number or name of the IPv6 ACL; ipv6 flowlabel match specified IPv6 flow label, the parameter is IPv6 flow label value, the ranging is 0~1048575; vlan match specified VLAN ID, the parameter is a VLAN ID list consisting of maximum 8 VLAN IDs, the ranging is 1~4094; cos match specified CoS value, the parameter is a CoS list consisting of maximum 8 CoS, the ranging is 0~7; c-vlan match specified Customer VLAN ID, the parameter is a VLAN ID li
Command mode: Port Configuration Mode. Usage Guide: Configure the default CoS value for switch port. In default configuration, the message ingress cos from this port are default value whether the message with tag. If the message without tag, the message cos value for tag is enactmented. Example: Setting the default CoS value of ethernet port 1/1 to 7, i.e., packets coming in through this port will be assigned a default CoS value of 7 if no CoS value present.
Example: 1. Setting the CoS-to-INTP mapping value to the default 0 8 16 24 32 40 48 56 to 0 1 2 3 3 2 1 0. Switch(config)#mls qos map cos-intp 0 1 2 3 3 2 1 0 7.11 mls qos queue algorithm Command: mls qos queue algorithm {sp | wrr} no mls qos queue algorithm Function: After configure this command, the queue management algorithm is set. Parameters: sp: The strict priority, the queue number of bigger, then the priority is higher wrr: Select wrr algorithm Default: The default queue algorithm is wrr.
7.13 mls qos queue wrr weight This command is not supported by the switch. 7.14 mls qos queue bandwidth This command is not supported by switch. 7.15 mls qos trust Command: mls qos trust dscp no mls qos trust dscp Function: Configures port trust; the no command disables the current trust status of the port. Parameters: dscp configures the port to trust DSCP value. Default: Trust CoS value. Command mode: Port Configuration Mode. Usage Guide: trust dscp mode: Set the intp field based dscp-to-intp mapping.
exceed-action ACTION} ) ACTION definition: drop | transmit | set-dscp-transmit | set-prec-transmit | set-cos-transmit | set-internal-priority | set-Drop-Precedence no policy Function: The non-aggregation policy command supporting two colors. Set the corresponding action to the different color packets. The no command will delete the mode configuration.
Switch(config-classmap-cm)#match cos 0 Switch(config-classmap-cm)#exit Switch(config)#policy-map 1 Switch(config-policymap-1)#class cm Switch(config-policymap-1-class-cm)#policy 1000 2000 exceed-action transmit 7.19 policy aggregate This command is not supported by switch. 7.20 policy-map Command: policy-map no policy-map Function: Creates a policy map and enters the policy map mode; the ―no policy-map ‖ command deletes the specified policy map.
Default: Not assigning by default. Command Mode: Policy Class-map Mode Usage Guide: Only the classified traffic which matches the matching standard will be assigned with the new values. Example: Set the IP Precedence of the packets matching c1 class rule to 3. Switch(config)#policy-map p1 Switch(Config-PolicyMap-p1)#class c1 Switch(Config-PolicyMap-p1-Class-c1)#set ip precedence 3 Switch(Config-PolicyMap-p1-Class-c1)#exit Switch(Config-PolicyMap-p1)#exit 7.
Function: Applies a policy map to the specified VLAN interface; the no command deletes the specified policy map applied to the VLAN interface. Parameters: input applies the specified policy map to the ingress direction of switch VLAN interface. Default: No policy map is bound to VLAN interface by default. Command mode: Global Configuration Mode. Usage Guide: Only one policy map can be applied to each direction of each port or VLAN interface.
Default: N/A. Command mode: Admin Mode. Usage Guide: Displays all configured policy-map or specified policy-map information. Example: Switch#show policy -map Policy Map p1, used by 0 port Class Map name: c1 policy 20000 2000 Displayed information Explanation Policy Map p1 Name of policy map Class map name:c1 Name of the class map referred to policy 20000 2000 Policy implemented used by 0 port Number of port that use the policy 7.
Egress Internal-Priority-TO-Queue map: INTP: 0 1 2 3 ---------------------------Queue: 0 1 2 3 Queue Algorithm: WRR Queue weights: Queue 0 1 2 3 ------------------------------------WrrWeight 1 2 3 4 Display Information Explanation Ethernet1/2 Port name default cos:0 Default CoS value of the port Trust: COS The trust state of the port Attached Policy Map for Ingress: p1 Policy name bound to port ClassMap ClassMap name classified Total data packets match this ClassMap.
Ethernet1/2: Egress Internal-Priority-TO-Queue map: INTP: 0 1 2 3 ---------------------------Queue: 0 1 2 3 Queue Algorithm: WRR Queue weights: Queue 0 1 2 3 ------------------------------------WrrWeight 1 2 3 4 Display Information Explanation Internal-Priority-TO-Queue map:: Internal-Priority to queue mapping Queue Algorithm: WRR or PQ queue out method Queue weights Queue weights configuration Switch # show mls qos interface ethernet 1/2 policy Ethernet1/2: Attached Policy Map for
Attached Policy Map for Ingress: p1 Classmap classified c1 20 c2 in-profile out-profile (in packets) 10 NA 10 NA NA 7.27 show mls qos maps Command: show mls qos maps [cos-intp | dscp-intp] | [begin | include | exclude ] Function: Display the configuration of QoS mapping. Parameters: cos-intp: The mapping from ingress L2 CoS to internal priority dscp-intp: The mapping from ingress DSCP to internal priority Default: None. Command mode: Admin and Configuration Mode.
Parameters: v-id: the ranging from 1 to 4094. Command Mode: Admin mode. Default: None. Example: Switch#show mls qos vlan 1 Vlan 1: Attached Policy Map for Ingress: 1 Classmap classified 1 NA in-profile out-profile (in packets) NA NA Switch(config)#show mls qos vlan 7 Vlan 7: Attached Policy Map for Ingress: 7 Classmap classified in-profile 7 0 0 out-profile (in packets) 0 7.29 show mls qos aggregate-policy This command is not supported by the switch. 7.
Switch(Config-PolicyMap-p1)#exit 217
Chapter 8 Commands for Flow-based Redirection 8.1 access-group redirect to interface ethernet Command: access-group redirect to interface [ethernet | ] no access-group redirect Function: Specify flow-based redirection; ―no access-group redirect‖ command is used to delete flow-based redirection.
Usage Guide: This command is used to display the information of current flow-based redirection in the system/port.
Chapter 9 Commands for Flexible QinQ 9.1 add This command is not supported by switch. 9.2 delete This command is not supported by switch. 9.
cos match the specified CoS value, the parameter is a CoS list consisting of maximum 8 CoS values, the ranging is 0 to 7 c-vlan match the specified customer VLAN ID, the parameter is a VLAN ID list consisting of maximum 8 VLAN IDs, the ranging is 1 to 4094 c-cos match the specified customer CoS value, the parameter is a CoS list consisting of maximum 8 CoS values, the ranging is 0 to 7 Default: There is no match standard.
Apply policy-map p1 (p1 corresponds with the action that modify c-vid) to Ethernet port 1/1 for flexible QinQ. Switch(Config-If-Ethernet1/1)#service-policy p1 in 9.5 set Command: set {s-vid | c-vid } no set {s-vid | c-vid} Function: Assign the new cos and vid value to the packets which match the class map, no command cancels the operation. Parameters: s-vid specifies VID of an external VLAN Tag c-vid specifies VID of a inner VLAN Tag Default: Do not assign the value.
cancel the description information of VLAN interface. Parameter: is the description information of VLAN interface, the length should not exceed 256 characters. Default: Do not configure. Command Mode: VLAN interface mode Usage Guide: The description information of VLAN interface behind description and shown under the configured VLAN. Example: Configure the description information of VLAN interface as test vlan. Switch(config)#interface vlan 2 Switch(config-if-vlan2)#description test vlan 10.1.
Usage Guide: Show kernal routing table, include: routing type, destination network, mask, next-hop address, interface, etc. Example: Switch#show ip route Codes: C - connected, S - static, R - RIP derived, O - OSPF derived A - OSPF ASE, B - BGP derived Destination Mask Nexthop Interface Pref C 2.2.2.0 255.255.255.0 0.0.0.0 vlan2 0 C 4.4.4.0 255.255.255.0 0.0.0.0 vlan4 0 S 6.6.6.0 255.255.255.0 9.9.9.
Parameter: None Command Mode: Admin Mode Default: None Usage Guide: This command can not clear static neighbor. Example: Clear neighbor list. Switch#clear ipv6 neighbors 10.2.2 debug ip packet Command: debug ip packet no debug ip packet Function: Enable the IP packet debug Function: the ―no debug IP packet‖ command disables this debug function. Parameter: None Default: IP packet debugging information is disabled by default.
Src Source IPv6 address Dst Destination IPv6 address size <64> Size of data report proto <58> Protocol field in IPv6 header from Vlan1 IPv6 data report is collected from Layer 3 port vlan1 10.2.4 debug ipv6 icmp Command: debug ipv6 icmp no debug ipv6 icmp Function: ICMP data packets receive/send debug message.
for specified types of IPv6 ND messages, while no specification means to disable that for all five types of ND message. Parameter: None. Default: The debug of receiving and sending operations for all five types of IPv6 ND messages is disabled by default. Command Mode: Admin Mode Usage Guide: The ND protocol is an essential part of IPv6. This command can display the ND message of a specified type for troubleshooting.
Switch(Config-if-Vlan1)#ip address 192.168.1.10 255.255.255.0 10.2.7 ip default-gateway Command: ip default-gateway no ip default-gateway Function: Configure the default gateway of the router. The no command cancels the configuration. Parameter: is gateway address, for example 10.1.1.10. Command mode: Global mode. Default: There is no default gateway.
site-local address and link-local address, the length of the prefix must be greater than or equal to 10. Example: Configure an IPv6 address on VLAN1 Layer 3 interface: the prefix is 2001:3f:ed8::99 and the length of the prefix is 64. Switch(Config-if-Vlan1)#ipv6 address 2001:3f:ed8::99/64 10.2.10 ipv6 default-gateway Command: ipv6 default-gateway no ipv6 default-gateway Function: Configure IPv6 default gateway of the router. The no command cancels the configuration.
Duplicate Address Detection, and the value of must be in 0-10, NO command restores to default value 1. Command Mode: Interface Configuration Mode Default: The default request message number is 1. Usage Guide: When configuring an IPv6 address, it is required to process IPv6 Duplicate Address Detection, this command is used to configure the ND message number of Duplicate Address Detection to be sent, value being 0 means no Duplicate Address Detection is executed.
This command is not supported by the switch. 10.2.18 ipv6 nd max-ra-interval This command is not supported by the switch. 10.2.19 ipv6 nd prefix This command is not supported by the switch. 10.2.20 ipv6 nd other-config-flag This command is not supported by the switch. 10.2.21 ipv6 nd managed-config-flag This command is not supported by the switch. 10.2.
Function: Show the brief information of the configured layer 3 interface. Parameters: Interface name; VLAN ID. Default: Show all brief information of the configured layer 3 interface when no parameter is specified. Command mode: All modes. Usage Guide: None. Example: Restarter#show ip interface vlan1 brief Index Interface IP-Address Protocol 3001 Vlan1 192.168.2.11 up 10.2.24 show ip traffic Command: show ip traffic Function: Display statistics for IP packets.
TcpActiveOpens 0, TcpAttemptFails TcpCurrEstab 0, TcpEstabResets 0 0 TcpInErrs 0, TcpInSegs 3180 TcpMaxConn 0, TcpOutRsts 3 TcpOutSegs 0, TcpPassiveOpens 8 0, TcpRtoAlgorithm 0 TcpRetransSegs TcpRtoMax 0, TcpRtoMin 0 UDP statics: UdpInDatagrams 0, UdpInErrors 0 UdpNoPorts 0, UdpOutDatagrams 0 Displayed information Explanation IP statistics: IP packet statistics.
Sent: 0 total 0 errors 0 time exceeded Statistics of total ICMP packets sent 0 redirects, 0 unreachable, 0 echo, 0 and classified information echo replies 0 mask requests, 0 mask replies, 0 quench 0 parameter, 0 timestamp, 0 timestamp replies TCP statistics: TCP packet statistics. UDP statistics: UDP packet statistics. 10.2.25 show ipv6 interface Command: show ipv6 interface {brief|} Function: Show interface IPv6 parameters.
ff02::1:ff00:10 ff02::1:ff00:1 MTU is 1500 bytes ND DAD is enabled, number of DAD attempts is 1 ND managed_config_flag is unset ND other_config_flag is unset ND NS interval is 1 second(s) ND router advertisements is disabled ND RA min-interval is 200 second(s) ND RA max-interval is 600 second(s) ND RA hoplimit is 64 ND RA lifetime is 1800 second(s) ND RA MTU is 0 ND advertised reachable time is 0 millisecond(s) ND advertised retransmit time is 0 millisecond(s) Displayed information Explanation Vlan1 L
I - IS-IS, B - BGP S 2001:2::/32 via fe80::789, Vlan2 S 2001:2:3:4::/64 O 2002:ca60:c801:1::/64 C 2003:1::/64 S 2004:1:2:3::/64 O 2006:1::/64 S 2008:1:2:3::/64 C 2008:2005:5:8::/64 S 2009:1::/64 via fe80::250:baff:fef2:a4f4, C 2022:1::/64 via ::, O 3333:1:2:3::/64 C 3ffe:501:ffff:1::/64 O 3ffe:501:ffff:100::/64 O 3ffe:3240:800d:1::/64 via ::, Vlan1 1024 O 3ffe:3240:800d:2::/64 via ::, Vlan2 1024 O 3ffe:3240:800d:10::/64 via ::, O 3ffe:3240:800d:20::/64 via fe80::
| address ] Function: Display neighbor table entry information. Parameter: Parameter {vlan|ethernet} interface-number|interface-name specify the lookup based on interface. Parameter ipv6-address specifies the lookup based on IPv6 address. It displays the whole neighbor table entry if without parameter.
IPv6 Addres Neighbor IPv6 address Hardware Addr Neighbor MAC address Interface Exit interface name Port Exit interface name State Neighbor status (reachable、statle、delay、 probe、permanent、incomplete、unknow) 10.2.28 show ipv6 traffic Command: show ipv6 traffic Function: Display IPv6 transmission data packets statistics information.
0 fragment rcvd, 0 fragment dropped0 fragmented, 0 couldn't fragment, 0 fragment sent Sent: 110 generated, 0 forwarded IPv6 sent packets statistics 0 dropped, 0 no route 10.2.29 show ipv6 redirect This command is not supported by the switch. 10.3 Commands for ARP Configuration 10.3.
10.3.3 clear arp traffic Command: clear arp traffic Function: Clear the statistic information of ARP messages of the switch. For box switches, this command will only clear statistics of APP messages received and sent from the current boardcard. Command mode: Admin Mode Example: Switch#clear arp traffic 10.3.
10.3.6 l3 hashselect This command is not supported by the switch. 10.3.7 show arp Command: show arp [] [] [] [type {static | dynamic}] [count] [vrf word] Function: Displays the ARP table.
Interface Layer 3 interface corresponding to the ARP entry. Port Physical (Layer2) port corresponding to the ARP entry. Flag Describes whether ARP entry is dynamic or static. 10.3.8 show arp traffic Command: show arp traffic Function: Display the statistic information of ARP messages of the switch. For box switches, this command will only show statistics of APP messages received and sent from the current boardcard.
Chapter 11 Commands for ARP Scanning Prevention 11.1 anti-arpscan enable Command: anti-arpscan enable no anti-arpscan enable Function: Globally enable ARP scanning prevention function; ―no anti-arpscan enable‖ command globally disables ARP scanning prevention function. Parameters: None. Default Settings: Disable ARP scanning prevention function.
Example: Set the threshold of port-based ARP scanning prevention as 10 packets /second. Switch(config)#anti-arpscan port-based threshold 10 11.3 anti-arpscan ip-based threshold Command: anti-arpscan ip-based threshold no anti-arpscan ip-based threshold Function: Set the threshold of received messages of the IP-based ARP scanning prevention. If the rate of received ARP messages exceeds the threshold, the IP messages from this IP will be blocked. The unit is packet/second.
port as a Super Trust port before enabling anti-ARP-scan function, preventing the port from being shutdown because of receiving too many ARP messages. After the anti-ARP-scan function is disabled, this port will be reset to its default attribute, that is, Untrust port. Example: Set port ethernet 4/5 of the switch as a trusted port. Switch(config)#in e4/5 Switch(Config-If-Ethernet4/5)# anti-arpscan trust port 11.
Switch(config)#anti-arpscan recovery enable 11.7 anti-arpscan recovery time Command: anti-arpscan recovery time no anti-arpscan recovery time Function: Configure automatic recovery time; ―no anti-arpscan recovery time‖ command resets the automatic recovery time to default value. Parameters: Automatic recovery time, in second ranging from 5 to 86400. Default Settings: 300 seconds. Command Mode: Global configuration mode User Guide: Automatic recovery function should be enabled first.
enable‖ command disable ARP scanning prevention SNMP Trap function. Parameters: None. Default Settings: Disable ARP scanning prevention SNMP Trap function. Command Mode: Global configuration mode User Guide: After enabling ARP scanning prevention SNMP Trap function, users will receive Trap message whenever a port is closed or recovered by ARP scanning prevention, and whenever IP t is closed or recovered by ARP scanning prevention. Example: Enable ARP scanning prevention SNMP Trap function of the switch.
Ethernet1/11 untrust N 0 Ethernet1/12 untrust N 0 Ethernet4/1 untrust N 0 Ethernet4/2 untrust N 0 Ethernet4/3 untrust N 0 Ethernet4/4 trust N 0 Ethernet4/5 untrust N 0 Ethernet4/6 supertrust N 0 Ethernet4/7 untrust Y 30 Ethernet4/8 trust N 0 Ethernet4/9 untrust N 0 Ethernet4/10 untrust N 0 Ethernet4/11 untrust N 0 Ethernet4/12 untrust N 0 Ethernet4/13 untrust N 0 Ethernet4/14 untrust N 0 Ethernet4/15 untrust N 0 Ethernet4/16 untrust N 0
11.11 debug anti-arpscan Command: debug anti-arpscan [port | ip] no debug anti-arpscan [port | ip] Function: Enable the debug switch of ARP scanning prevention; ‖no debug anti-arpscan [port | ip]‖ command disables the switch. Parameters: None.
Chapter 12 Commands for Preventing ARP Spoofing 12.1 ip arp-security updateprotect Command: ip arp-security updateprotect no ip arp-security updateprotect Function: Forbid ARP table automatic update. The "no ip arp-security updateprotect‖ command re-enables ARP table automatic update. Parameter: None. Default: ARP table automatic update. Command Mode: Global Mode/ Interface configuration. User Guide: Forbid ARP table automatic update, the ARP packets conflicting with current ARP item (e.g.
ARP. Unlike ip arp-security updateprotect, once this command implemented, there will still be timeout even if the switch keeps sending Request/Reply messages. Example: Switch(Config-if-Vlan1)# ip arp-security learnprotect Switch(config)# ip arp-security learnprotect 12.4 ipv6 nd-security learnprotect This command is not supported by the switch. 12.5 ip arp-security convert Command: ip arp-security convert Function: Change all of dynamic ARP to static ARP.
Example: Switch(Config-if-Vlan1)#clear ip arp dynamic 12.8 clear ipv6 nd dynamic This command is not supported by the switch.
Chapter 13 Command for ARP GUARD 13.1 arp-guard ip Command: arp-guard ip no arp-guard ip Function: Add an ARP GUARD address, the no command deletes ARP GUARD address. Parameters: is the protected IP address, in dotted decimal notation. Default: There is no ARP GUARD address by default. Command Mode: Port configuration mode Usage Guide: After configuring the ARP GUARD address, the ARP messages received from the ports configured ARP GUARD will be filtered.
Chapter 14 Commands for Gratuitous ARP Configuration 14.1 ip gratuitous-arp Command: ip gratuitous-arp [] no ip gratuitous-arp Function: To enabled gratuitous ARP, and specify update interval for gratuitous ARP. The no form of this command will disable the gratuitous ARP configuration. Parameters: is the update interval for gratuitous ARP with its value limited between 5 and 1200 seconds and with default value as 300 seconds.
Parameters: is the VLAN ID. The valid range for is between 1 and 4094. Command Mode: All the Configuration Modes. Usage Guide: In all the configuration modes, the command show ip gratuitous arp will display information about the gratuitous ARP configuration in global and interface configuration mode. The command show ip gratuitous-arp interface vlan will display information about the gratuitous ARP configuration about the specified VLAN interface.
Function: Sets the file name for DHCP client to import on boot up; the ―no bootfile ―command deletes this setting. Parameters: is the name of the file to be imported, up to 255 characters are allowed. Command Mode: DHCP Address Pool Mode Usage Guide: Specify the name of the file to be imported for the client. This is usually used for diskless workstations that need to download a configuration file from the server on boot up. This command is together with the ―next sever‖.
Command mode: Admin Mode. Usage Guide: ―show ip dhcp conflict‖ command can be used to check which IP addresses are conflicting for use. The “clear ip dhcp conflict” command can be used to delete the conflict record for an address. If "all‖ is specified, then all conflict records in the log will be removed. When records are removed from the log, the addresses are available for allocation by the DHCP server. Example: The network administrator finds 10.1.128.
Switch(dhcp-1-config)#client-identifier 00-10-5a-60-af-12 Switch(dhcp-1-config)#host 10.1.128.160 24 Related Command: host 15.1.6 debug ip dhcp server Command: debug ip dhcp server { events | linkage | packets } no debug ip dhcp server { events | linkage | packets } Function: Enables DHCP server debug information: the ―no debug ip dhcp server {events | linkage | packets}‖ command disables the debug information for DHCP server. Default: Debug information is disabled by default. Command mode: Admin Mode.
Command Mode: DHCP Address Pool Mode Usage Guide: Up to 8 DNS server addresses can be configured. The DNS server address assigned first has the highest priority, therefore address 1 has the highest priority, and address 2 has the second, and so on. Example: Set 10.1.128.3 as the DNS server address for DHCP clients. Switch(dhcp-1-config)#dns-server 10.1.128.3 15.1.
Switch(dhcp-1-config)#host 10.1.128.160 24 Related Command: host 15.1.11 host Command: host
[ | ] no host Function: Specifies the IP address to be assigned to the user when binding addresses manually; the ―no host‖ command deletes the IP address. Parameters: is the IP address in decimal format; is the subnet mask in decimal format; means mask is indicated by prefix. For example, mask 255.255.255.0 in prefix is ―24‖, and mask 255.255.255.are deleted. Example: Disable logging for DHCP server. Switch(config)#no ip dhcp conflict logging Related Command: clear ip dhcp conflict 15.1.13 ip dhcp disable Command: ip dhcp disbale no ip dhcp disable Function: The port disables DHCP services, the no command enables DHCP services. Parameter: None. Default: Enable. Command Mode: Port mode. Usage Guide: After the port disables DHCP services, directly drop all DHCP packets sent by the port. Example: The port disables DHCP services.
no ip dhcp pool Function: Configures a DHCP address pool and enter the pool mode; the ―no ip dhcp pool ―command deletes the specified address pool. Parameters: is the address pool name, up to 32 characters are allowed. Command mode: Global Mode Usage Guide: This command is used to configure a DHCP address pool under Global Mode and enter the DHCP address configuration mode. Example: Defining an address pool named ―1‖. Switch(config)#ip dhcp pool 1 Switch(dhcp-1-config)# 15.1.
Ping-detection of conflict. Default Settings: No more than 2 Ping request messages will be sent by default. Command Mode: Global Configuration Mode. Examples: Set the max number of Ping request (Echo Request) message to be sent in Ping-detection of conflict on DHCP server as 3. Switch(config)#ip dhcp ping packets 3 Related Command: ip dhcp conflict ping-detection enable, ip dhcp ping timeout 15.1.
too short duration results in increased network traffic and overhead. The default lease duration of switch is 1 day. Example: Setting the lease of DHCP pool ―1‖ to 3 days 12 hours and 30 minutes. Switch(dhcp-1-config)#lease 3 12 30 15.1.20 netbios-name-server Command: netbios-name-server [[…]] no netbios-name-server Function: Configures WINS servers‘ address; the ―no netbios-name-server‖ command deletes the WINS server.
15.1.22 network-address Command: network-address [ | ] no network-address Function: Sets the scope for assignment for addresses in the pool; the ―no network-address‖ command cancels the setting. Parameters: is the network number; is the subnet mask in the decimal format; stands for mask in prefix form. For example, mask 255.255.255.0 in prefix is ―24‖, and mask 255.255.255.252 in prefix is ―30‖.
no option Function: Sets the network parameter specified by the option code; the ―no option ―command cancels the setting for option. Parameters: is the code for network parameters; is the ASCII string up to 255 characters; is a value in Hex that is no greater than 510 and must be of even length; is the IP address in decimal format, up to 63 IP addresses can be configured.
dynamic for dynamic assignment; count displays statistics for DHCP address binding entries. Command mode: Admin and Configuration Mode. Example: Switch# show ip dhcp binding IP address Hardware address 10.1.1.233 00-00-E2-3A-26-04 10.1.1.
Database agents 0 Automatic bindings 2 Manual bindings 0 Conflict bindings 0 Expired bindings 0 Malformed message 0 Message Received BOOTREQUEST 3814 DHCPDISCOVER 1899 DHCPREQUEST 6 DHCPDECLINE 0 DHCPRELEASE 1 DHCPINFORM 1 Message Send BOOTREPLY 1911 DHCPOFFER 6 DHCPACK 6 DHCPNAK 0 DHCPRELAY 1907 DHCPFORWARD 0 Switch# Displayed information Address pools Explanation Number of DHCP address pools configured. Database agents Number of database agents.
DHCPREQUEST Number of DHCPREQUEST packets DHCPDECLINE Number of DHCPDECLINE packets DHCPRELEASE Number of DHCPRELEASE packets DHCPINFORM Number of DHCPINFORM packets Message Send Statistics for DHCP packets sent BOOTREPLY Total packets sent DHCPOFFER Number of DHCPOFFER packets DHCPACK Number of DHCPACK packets DHCPNAK Number of DHCPNAK packets DHCPRELAY Number of DHCPRELAY packets DHCPFORWARD Number of DHCPFORWARD packets 15.2 Commands for DHCP Relay Configuration 15.2.
Parameter: bootps forwarding UDP port as 67 DHCP broadcast packets. Default: Not forward UPD broadcast packets by default. Command mode: Global Mode Usage Guide: The forwarding destination address is set in the ―ip helper-address‖ command and described later. Example: Setting DHCP packets to be forwarded to 192.168.1.5. Switch(config)#ip forward-protocol udp boots Switch(config)#interface vlan 1 Switch(Config-if-Vlan1)#ip helper-address 192.168.1.5 15.2.
Chapter 16 Commands for DHCPv6 16.1 clear ipv6 dhcp binding Command: clear ipv6 dhcp binding [] [pd ] Function: To clear one specified DHCPv6 assigned address binding record or all the IPv6 address binding records. Parameter: is the specified IPv6 address with binding record; is the specified IPv6 prefix with binding record; To clear all IPv6 address binding record if there is no specified record.
16.3 debug ipv6 dhcp client packet Command: debug ipv6 dhcp client {event | packet} no debug ipv6 dhcp client {event | packet} Function: To enable the debugging messages for protocol packets of DHCPv6 prefix delegation client, the no form of this command will disable the debugging information. Default: Disabled. Command Mode: Admin Mode. Example: Switch# debug ipv6 dhcp client packet 16.
no debug ipv6 dhcp server { event | packet } Function: To enable the debugging information of DHCPv6 server, the no form of this command will disable the debugging. Parameter: event is to enable debugging messages for DHCPv6 server events, such as address allocation; packet is for debugging messages of protocol packets of DHCPv6 server. Default: Disabled. Command Mode: Admin Mode. Example: Switch#debug ipv6 dhcp server packet 16.
16.9 excluded-address Command: excluded-address no excluded-address Function: To configure the specified IPv6 address to be excluded from the address pool, the excluded address will not be allocated to any hosts; the no form of this command will remove the configuration. Parameter: is the IPv6 address to be excluded from being allocated to hosts in the address pool. Default: Disabled Command Mode: DHCPv6 address pool configuration mode.
Switch(Config-if-Vlan1)# ipv6 address my-prefix 0:0:0:2008::2008/64 16.11 ipv6 dhcp client pd Command: ipv6 dhcp client pd [rapid-commit] no ipv6 dhcp client pd Function: To configure DHCPv6 prefix delegation client for the specified interface. The no form of this command will disable the DHCPv6 prefix delegation client and remove the allocated address prefix. Parameters: is the string with its length no more than 32, which designates the name of the address prefix.
length. Command Mode: Interface Configure Mode. Default Settings: There is no such configuration in the system by default. Usage Guide: The system designates a prefix and its length on the interface for a client. If client prefix-proxy demanding function is enabled on the interface and hint function is enabled on the switch, the user will have prior claim to the prefix it demands and the prefix length when the server allocates them. Only one hint prefix is allowed in the system.
requests from the clients, the destination should be the address of an external DHCPv6 relay or the DHCPv6 server. The no form of this command will remove the configuration. Parameters: is the address of the destination to which the DHCPv6 relay forwards; or VLAN is the interface name or VLAN id which is used for forwarding of DHCPv6 requests, should be a lay three VLAN name, and the VLAN id is limited between 1 and 4096.
Command Mode: Interface Configuration Mode. Default: DHCPv6 address pool based on port is not configured by default. Usage Guide: This command configure the DHCPv6 address pool which is applied by the DHCPv6 server for the specified interface, as well as optional parameters. One VLAN can bind many DHCPv6 address pools and assign the address for DHCPv6 request packet from direct-link and relay delegation. Example: Switch(Config-if-Vlan1)#ipv6 dhcp server PoolA preference 80 rapid-commit allow-hint 16.
Parameters: is the name for the IPv6 address pool of the prefix delegation, the length name string should be less than 32. is the address prefix and its length of the prefix delegation. is the length of the prefix in the address pool which can be retrieved by the client, the assigned prefix length should be no less than the value of Command Mode: Global Mode. Default: No IPv6 prefix delegation address pool is configured by default.
the address prefix, which is allowed to be between 3 and 128, and 64 by default, the size of the pool will be determined by if it has been specified. and alternative options to determine the size of the IPv6 address pool. If is 64 and the eui-64 option has been configured, the DHCPv6 server will allocate IPv6 addresses according to the EUI-64 standard, or the DHCPv6 server will be allocating addresses sequentially.
Command Mode: DHCPv6 Address Pool Configuration Mode. Default: Disabled. Usage Guide: This command configures the specified IPv6 address prefix to bind with the specified client. If no IAID is configured, any IA of any clients will be able get this address prefix. At most eight static binding address prefix can be configured for each address pool. For prefix delegation, static binding is of higher priority than the prefix address pool.
16.22 service dhcpv6 Command: service dhcpv6 no service dhcpv6 Function: To enable DHCPv6 server function; the no form of this command disables the configuration. Parameter: None. Default: Disabled. Command Mode: Global Mode. Usage Guide: The DHCPv6 services include DHCPv6 server function, DHCPv6 relay function, DHCPv6 prefix delegation function. All of the above services are configured on ports.
DHCPv6 address bindings. Command Mode: Admin and Configuration Mode. Usage Guide: To show all the address and prefix binding information of DHCPv6, include type, DUID, IAID, prefix, valid time and so on.
Using pool: poolv6 Preference value: 20 Rapid-Commit is disabled 16.27 show ipv6 dhcp pool Command: show ipv6 dhcp pool [] Function: To show the DHCPv6 address pool information. Parameter: is the DHCPv6 address pool name which configured already, and the length less than 32 characters. If the parameter is not provided, then all the DHCPv6 address pool information will be shown., Command Mode: Admin and Configuration Mode.
DHCP6REPLY 0 DHCP6RENEW 0 DHCP6REBIND 0 DHCP6RELEASE 0 DHCP6DECLINE 0 DHCP6CONFIRM 0 DHCP6RECONFIGURE 0 DHCP6INFORMREQ 0 DHCP6RELAYFORW 0 DHCP6RELAYREPLY 0 Message Send DHCP6SOLICIT 0 DHCP6ADVERTISE 0 DHCP6REQUEST 0 DHCP6REPLY 0 DHCP6RENEW 0 DHCP6REBIND 0 DHCP6RELEASE 0 DHCP6DECLINE 0 DHCP6CONFIRM 0 DHCP6RECONFIGURE 0 DHCP6INFORMREQ 0 DHCP6RELAYFORW 0 DHCP6RELAYREPLY 0 Show information Explanation Address pools To configure the number of DHCPv6 address pool
DHCP6REBIND The number of DHCPv6 REBIND packets. DHCP6RELEASE The number of DHCPv6 RELEASE packets. DHCP6DECLINE The number of DHCPv6 DECLINE packets. DHCP6CONFIRM The number of DHCPv6 CONFIRM packets. DHCP6RECONFIGURE The number of DHCPv6 RECONFIGURE packets. DHCP6INFORMREQ The number of DHCPv6 INFORMREQ packets. DHCP6RELAYFORW The number of DHCPv6 RELAYFORW packets. DHCP6RELAYREPLY The number of DHCPv6 RELAYREPLY packets.
Function: To show the statistic information of DHCPv6 prefix pool. Command Mode: Admin and Configuration Mode. Usage Guide: To show the statistic information of DHCPv6 prefix pool, include the name of prefix pool, the prefix and prefix length as well as assigned prefix length, the number of assigned prefix and information in DHCPv6 address pool.
Chapter 17 Commands for DHCP Option 82 17.1 debug ip dhcp relay packet Command: debug ip dhcp relay packet Function: This command is used to display the information of data packets processing in DHCP Relay Agent, including the ―add‖ and ―peel‖ action of option 82. Parameters: None Command Mode: Admin Mode. User Guide: Use this command during the operation to display the procedure of data packets processing of the server and to display the corresponding option82 operation information.
Switch(config)# ip dhcp relay information option 17.3 ip dhcp relay information option delimiter Command: ip dhcp relay information option delimiter [colon | dot | slash | space] no ip dhcp relay information option delimiter Function: Set the delimiter of each parameter for suboption of option82 in global mode, no command restores the delimiter as slash. Parameters: None. Default Settings: slash (―/‖).
17.5 ip dhcp relay information option remote-id format Command: ip dhcp relay information option remote-id format {default | vs-hp} Function: Set remote-id format of Relay Agent option82. Parameters: default means that remote-id is the VLAN MAC address with hexadecimal format, vs-hp means that remote-id is compatible with the remote-id format of HP manufacturer. Default: default.
maximum length is 64. Command Mode: Global Mode Default: Using standard method. Usage Guide: After configure this command, if users do not configure remote-id on interface, it will create remote-id suboption for option82 according to self-defined method. For mac, use the format such as 00-02-d1-2e-3a-0d if it is filled to packets with ascii format, but hex format occupies 6 bytes.
suboption by themselves. Parameters: WORD the defined character string of circuit-id by themselves, the maximum length is 64. Command Mode: Global Mode Default: Using standard method. Usage Guide: After configure this command, if users do not configure circuit-id on interface, it will create circuit-id suboption for option82 according to self-defined method.
no ip dhcp relay information option subscriber-id Function: This command is used to set the format of option82 sub-option1(Circuit ID option) added to the DHCP request messages from interface, standard means the standard vlan name and physical port name format, like‖Vlan2+Ethernet1/12‖, is the circuit-id contents of option82 specified by users, which is a string no longer than 64 characters.
Suboption type Length Circuit ID type Length 1 8 0 6 VLAN Slot Module Port 1 byte 1 byte 1 byte 1 byte 2 byte 1 byte 1 byte 2 byte VLAN field fills in VLAN ID. For chassis switch, Slot means slot number, for box switch, Slot is 1; default Module is 0; Port means port number which begins from 1. The compatible subscriber-id format with HP manufacturer defined as below: Suboption Length type 1 2 Port 1 byte 1 byte 2 byte Port means port number which begins from 1.
selection of option 82 retransmitting policies should take the configuration policy of the DHCP server into account. Example: Set the retransmitting policy of DHCP messages option 82 as keep. Switch(Config-if-Vlan1)# ip dhcp relay information policy keep 17.13 ip dhcp server relay information enable Command: ip dhcp server relay information enable no ip dhcp server relay information enable Function: This command is used to enable the switch DHCP server to identify option82.
ip dhcp relay information option subscriber-id standard Vlan3: ip dhcp relay information policy replace ip dhcp relay information option subscriber-id foobar 296
Chapter 18 Commands for DHCPv6 option37, 38 18.1 Commands for DHCPv6 option37, 38 18.1.1 address range Command: address range no address range Function: This command is used to set address range for a DHCPv6 class in DHCPv6 address pool configuration mode, the no command is used to remove the address range. The prefix/plen form is not supported.
command to remove the link. Parameters: class-name, the name of DHCPv6 class. Default: None. Command Mode: DHCPv6 address pool configuration mode Usage Guide: It is recommended to define this class first using global command of IPv6 DHCP class. No class will be created if you input a class name which doesn‘t exist. Example: Associate the DHCPv6 class named CLASS1 to dhcpv6 pool 1. Switch(Config)#ipv6 dhcp pool 1 Switch(dhcp-1-config)#class CLASS1 18.1.
Usage Guide: Because the option 37 information added by switch may associate with third-party DHCPv6 servers, users can specify the remote-id content based on server condition when default remote-id of the switch cannot satisfy the demand of server. The enterprise-number together with vlan MAC address is used as the remote-id by default. Example: Enable abc as the remote-id of DHCPv6 option 37. Switch(Config-if-vlan1)# ipv6 dhcp relay remote-id abc 18.1.
condition when standard subscriber-id of the switch cannot satisfy the demand of server. The vlan name together with physical port name is used as the subscriber-id in option 38 by default. Example: Enable abc as the subscriber-id of DHCPv6 option 38. Switch(Config-if-vlan1)# ipv6 dhcp relay subscriber-id abc 18.1.
Command Mode: Global configuration mode Usage Guide: The command has no effect on ports with self-defined subscriber-id. If user redefines the subscriber-id of the port after using the command, the user-defined one prevails. This configuration is null by default. Example: Switch(config)# ipv6 dhcp relay subscriber-id select sp delimiter # 18.1.
18.1.11 ipv6 dhcp server subscriber-id option Command: ipv6 dhcp server subscriber-id option no ipv6 dhcp server subscriber-id option Function: This command enables DHCPv6 server to support the identification of option 38, the no operation of this command disables it. Parameters: None. Default: Do not support option 38. Command Mode: Global configuration mode Usage Guide: Configure this command if option 38 is expected to be identified and processed by DHCPv6 server, otherwise they will be ignored.
Function: This command enables DHCPv6 SNOOPING to support option 37, the no form of this command disables it. Parameters: None. Default: Disable. Command Mode: Global configuration mode Usage Guide: Only after this command is configured, DHCPv6 SNOOPING can add option 37 in DHCPv6 packets before sending it to server or relay agent. Make sure that DHCPv6 SNOOPING has been enabled before execute this command. The system disables option 37 of DHCPv6 SNOOPING by default.
no ipv6 dhcp snooping subscriber-id Function: This command is used to set the form of adding option 38 in received DHCPv6 request packets, of which is the content of subscriber-id in user-defined option 38 and it is a string with a length of less than 128. The no operation of this command restores subscriber-id in option 38 to vlan name together with port name such as "Vlan2+Ethernet1/2".
Function: This command is used to set the reforward policy of the system when receiving DHCPv6 packets with option 38, among which the drop mode means that the system simply discards it with option 38, keep mode means that the system keeps option 38 unchanged and forwards the packets to the server and replace mode means that the system replaces option 38 of current packets with its own before forwarding it to the server.
one prevails. This configuration is null by default. Example: Swithc(config)# ipv6 dhcp snooping subscriber-id select sv delimiter # 18.1.19 ipv6 dhcp use class Command: ipv6 dhcp use class no ipv6 dhcp use class Function: This command enables DHCPv6 server to support DHCPv6 class during address assignment, the no operation of this command disables it without removing the relative DHCPv6 class information that has been configured. Parameters: None.
is ignored and no mode configured in IPv6 DHCP Class mode, any remote-id or subscriber-id is considered to match with the DHCPv6 class, however, remote-id or subscriber-id must exist in DHCPv6 packet. Example: Configure some remote-id or subscriber-id belonging to DHCPv6 class named CLASS1. Switch(Config)# ipv6 dhcp class CLASS1 Switch(Dhcpv6-class)#remote-id abc* subscriber-id bcd* Switch(Dhcpv6-class)#remote-id edf* Switch(Dhcpv6-class)#subscriber *mmn 18.2 Commands for Monitoring and Debugging 18.2.
%Jan 01 01:38:45 2006 %Jan 01 01:38:45 2006 %Jan 01 01:38:45 2006 %Jan 01 01:38:45 2006 %Jan 01 01:38:45 2006 requested-option: vendor specific info remote-id option(37), option-len 14 remote-id : 0x0a0b0c subscriber-id option(38), option-len 16 subscriber-id : 0x0a0b0c0d 18.2.2 debug ipv6 dhcp relay packet Command: debug ip dhcp relay packet Function: Display the information of relay packet processing. Parameters: None.
%Jan 05 00:26:40 2006 DHCP6SNP PACKET: Receive DHCPv6 packet SOLICIT from fe80::200:ff:fe00:1 src MAC 00-00-00-00-00-01, dst MAC 33-33-00-01-00-02, interface Ethernet1/23 vlan 24, transaction-ID 6137412, smac host flag 0, dmac host flag 0 %Jan 05 00:26:40 2006 DHCP6SNP PACKET: Forward packet SOLICIT (protocol 0x37) %Jan 05 00:26:40 2006 DHCP6SNP PACKET: to vlan 24 except port Ethernet1/23 (designPort flag 0) %Jan 05 00:26:40 2006 DHCP6SNP PACKET: and return packet to network stack switch# 18.2.
subscriber-id option enable The slot port vlan select option is : port and vlan The delimiter is : # 310
Chapter 19 Commands for DHCP Snooping 19.1 debug ip dhcp snooping binding Command: debug ip dhcp snooping binding no debug ip dhcp snooping binding Function: This command is use to enable the DHCP SNOOPING debug switch to debug the state of binding data of DHCP SNOOPING. Command Mode: Admin mode Usage Guide: This command is mainly used to debug the state of DHCP SNOOPING task when it adds ARP list entries, dot1x users and trusted user list entries according to binding data. 19.
information, adding binding information, transmitting DHCP messages, adding/peeling option 82 and etc. 19.4 debug ip dhcp snooping packet interface Command: debug ip dhcp snooping packet interface {[ethernet] } no debug ip dhcp snooping packet {[ethernet] } Function: This command is used to enable the DHCP SNOOPING debug switch to debug the information that DHCP SNOOPING is receiving a packet. Parameters: : Interface name. Command Mode: Admin Mode.
spoofing, it can be configured to encrypt these packets. And at the same time, the same password should be configured on TrustView server. Example: Enable encrypt or hash function of private message. Switch(config)# enable trustview key 0 foxgate 19.7 ip dhcp snooping Command: ip dhcp snooping enable no ip dhcp snooping enable Function: Enable the DHCP Snooping function. Parameters: None. Command Mode: Globe mode. Default Settings: DHCP Snooping is disabled by default.
defense action of the port will be automatically deleted. Example: Set the DHCP Snooping defense action of port ethernet1/1 as setting blackhole, and the recovery time is 30 seconds. switch(config)#interface ethernet 1/1 switch(Config-Ethernet1/1)#ip dhcp snooping action blackhole recovery 30 19.9 ip dhcp snooping action MaxNum Command: ip dhcp snooping action {|default} Function: Set the number of defense action that can be simultaneously took effect.
Relative Command: ip dhcp snooping enable 19.11 ip dhcp snooping binding arp This command is not supported by switch. 19.12 ip dhcp snooping binding dot1x Command: ip dhcp snooping binding dot1x no ip dhcp snooping binding dot1x Function: Enable the DHCP Snooping binding DOT1X funciton. Parameters: None Command Mode: Port mode Default Settings: By default, the binding DOT1X funciton is disabled on all ports.
: The access interface of static binding user. Command Mode: Globe mode Default Settings: DHCP Snooping has no static binding list entry by default. Usage Guide: The static binding users is deal in the same way as the dynamic binding users captured by DHCP SNOOPING; the follwoing actions are all allowed: notifying DOT1X to be a controlled user of DOT1X, adding a trusted user list entry directly, adding a bingding ARP list entry.
19.15 ip dhcp snooping binding user-control max-user Command: ip dhcp snooping binding user-control max-user no ip dhcp snooping binding user-control max-user Function: Set the max number of users allowed to access the port when enabling DHCP Snooping binding user funciton; the no operation of this command will restore default value. Parameters: the max number of users allowed to access the port, from 0 to 1024. Command Mode: Port Configuration Mode.
option 82 (Circuit ID option) is standard vlan name plus physical port name, like vlan1+ethernet1/12. That of option2 in option 82 (remote ID option) is CPU MAC of the switch, like 00030f023301. If a DHCP request message with option 82 options is received, DHCP Snooping will replace those options in the message with its own. If a DHCP reply message with option 82 options is received, DHCP Snooping will dump those options in the message and forward it.
Parameters: None. Default Settings: slash (―/‖). Command Mode: Global mode Usage Guide: Divide parameters with the configured delimiters after users have defined them which are used to create suboption (remote-id, circuit-id) of option82 in global mode. Example: Set the parameter delimiters as dot (―.‖) for suboption of option82. Switch(config)# ip dhcp snooping information option delimiter dot 19.
Default: Using standard method. Usage Guide: After configure this command, if users do not configure ip dhcp snooping information option remote-id globally, it will create remote-id suboption for option82 according to self-defined method. For mac, use the format such as 00-02-d1-2e-3a-0d if it is filled to packets with ascii format, but hex format occpies 6 bytes.
Command Mode: Global Mode Default: Using standard method. Usage Guide: After configure this command, if users do not configure circuit-id on port, it will create circuit-id suboption for option82 according to self-defined method. Self-defined format of circuit-id: if self-defined subscriber-id format is ascii, the filled format of vlan such as ―Vlan2‖, the format of port such as ―Ethernet1/1‖, the format of mac and remote-mac such as ―00-02-d1-2e-3a-0d‖.
} no ip dhcp snooping information option subscriber-id Function: Set the suboption1 (circuit ID option) content of option 82 added by DHCP request packets (they are received by the port). The no command sets the additive suboption1 (circuit ID option) format of option 82 as standard. Parameters: standard means the standard format of VLAN name and physical port name, such as Vlan2+Ethernet1/12.
VLAN field fill in VLAN ID. For chassis switch, Slot means slot number, for box switch, Slot is 1; default Module is 0; Port means port number which begins from 1. The compatible subscriber-id format with HP manufacturer defined as below: Suboption Length type 1 2 Port 1 byte 1 byte 2 byte Port means port number which begins from 1. Example: Set subscriber-id format of DHCP snooping option82 as hexadecimal format. Switch(config)#ip dhcp snooping information option subscriber-id format hex 19.
Usage Guide: Only when DHCP Snooping is globally enabled, can this command be set. When a port turns into a trusted port from a non-trusted port, the original defense action of the port will be automatically deleted; all the security history records will be cleared (except the information in system log). Example: Set port ethernet1/1 as a DHCP Snooping trusted port switch(config)#interface ethernet 1/1 switch(Config- Ethernet 1/1)#ip dhcp snooping trust 19.
address as 100.1.1.100 and the port as default value. switch(config)#interface vlan 1 switch(Config- If-Vlan1)#ip address 100.1.1.1 255.255.255.0 switch(Config-if-Vlan1)exit switch(config)#ip user helper-address 100.1.1.100 source 100.1.1.1 19.29 ip user private packet version two Command: ip user private packet version two no ip user private packet version two Function: The switch choose private packet version two to communicate with trustview. Parameter: None. Command Mode: Global Mode.
DHCP Snooping limit rate: 100(pps), switch ID: 0003.0F12.
DHCP Snooping limit rate The rate limitation of receiving packets switch ID The switch ID is used to identify the switch, usually using the CPU MAC address. DHCP Snooping droped packets The number of dropped messages when the received DHCP messages exceeds the rate limit. discarded packets The number of discarded packets caused by the communication failure within the system.
Binding info: 0 Expired Binding: 0 Request Binding: 0 Displayed Information Explanation interface The name of port trust attribute The truest attributes of the port action The automatic defense action of the port recovery interval The automatic recovery time of the port maxnum of alarm info The max number of automatic defense actions that can be recorded by the port binding dot1x Whether the binding dot1x function is enabled on the port binding user Whether the binding user function is enabl
MAC IP address Interface Vlan ID Flag -------------------------------------------------------------------------00-00-00-00-11-11 192.168.40.1 Ethernet1/1 1 S 00-00-00-00-00-10 192.168.40.10 Ethernet1/2 1 D 00-00-00-00-00-11 192.168.40.11 Ethernet1/4 1 D 00-00-00-00-00-12 192.168.40.12 Ethernet1/4 1 D 00-00-00-00-00-13 192.168.40.13 Ethernet1/4 1 SU 00-00-00-00-00-14 192.168.40.14 Ethernet1/4 1 SU 00-00-00-00-00-15 192.168.40.15 Ethernet1/5 1 SL 00-00-00-00-00-16 192.168.40.
Primary TrustView Server 200.101.0.9:9119 TrustView version2 message inform successed TrustView inform free resource successed TrustView inform web redirect address successed TrustView inform user binding data successed TrustView version2 message encrypt/digest enabled Key: 08:02:33:34:35:36:37:38 Rcvd 106 encrypted messages, in which MD5-error 0 messages, DES-error 0 messages Sent 106 encrypted messages Free resource is 200.101.0.9/255.255.255.
Chapter 20 Commands for DHCP Snooping option 82 20.1 ip dhcp snooping information enable Command: ip dhcp snooping information enable no ip dhcp snooping information enable Function: This command will enable option 82 function of DHCP Snooping on the switch, the no operation of this command will disable that function. Parameters: None. Default Settings: Option 82 function is disabled in DHCP Snooping by default. Command Mode: Global Configuration Mode.
Command: access-list <6000-7999> {deny|permit} ip {{ }|{host }|any-source} {{ }|{host-destination }|any-destination} no access-list <6000-7999> }|{host {deny|permit} ip }|any} {{ {{ }|{host-destination }|any-destination} Function: Configure destination control multicast access-list, the ―no access-list <
}|{host-destination }|any-destination} no access-list <5000-5099> }|{host {deny|permit} }|any} ip {{ {{ }|{host-destination }|any-destination} Function: Configure source control multicast access-list; the ―no access-list <5000-5099> {deny|permit} ip {{ }|{host }|any-source} {{ }|{
Command: ip multicast destination-control access-group <6000-7999> no ip multicast destination-control access-group <6000-7999> Function: Configure multicast destination-control access-list used on interface, the ―no ip multicast destination-control access-group <6000-7999>‖ command deletes the configuration. Parameter: <6000-7999>: destination-control access-list number.
command, it needs to execute clear ip igmp groups command to clear relevant groups in Admin mode. Example: Switch(config)#ip multicast destination-control 10.1.1.0/24 access-group 6000 21.1.
address, and mask length separately. : specified priority, range from 0 to 7 Default: None Command Mode: Global Mode Usage Guide: The command configuration modifies to a specified value through the switch matching priority of specified range multicast data packet, and the TOS is specified to the same value simultaneously.Carefully, the packet transmitted in UNTAG mode does not modify its priority. Example: Switch(config)#ip multicast policy 10.1.1.0/24 225.1.1.0/24 cos 7 21.1.
according to configured access-list, such as matching: permit, the message will be received and forwarded; otherwise the message will be thrown away. Example: Switch (config)#interface ethernet1/4 Switch (Config-If-Ethernet1/4)#ip multicast source-control access-group 5000 Switch (Config-If-Ethernet1/4)# Switch(router-msdp)#default-rpf-peer 10.0.0.1 rp-policy 10 21.1.
including detail option, and access-list information applied in detail. Example: Switch (config)#show ip multicast destination-control ip multicast destination-control is enabled ip multicast destination-control 11.0.0.0/8 access-group 6003 ip multicast destination-control 1 00-03-05-07-09-11 access-group 6001 multicast destination-control access-group 6000 used on interface Ethernet1/13 switch(config)# 21.1.
Example: Switch#show ip multicast policy ip multicast-policy 10.1.1.0/24 225.0.0.0/8 cos 5 21.1.14 show ip multicast source-control Command: show ip multicast source-control [detail] show ip multicast source-control interface [detail] Function: Display multicast source control configuration Parameter: detail: expresses if it displays information in detail. : interface name, such as Ethernet 1/1 or ethernet1/1.
21.2 Commands for IGMP Snooping 21.2.1 clear ip igmp snooping vlan Command: clear ip igmp snooping vlan <1-4094> groups [A.B.C.D] Function: Delete the group record of the specific VLAN. Parameters: <1-4094> the specific VLAN ID; A.B.C.D the specific group address. Command Mode: Admin Configuration Mode Usage Guide: Use show command to check the deleted group record. Example: Delete all groups. Switch#clear ip igmp snooping vlan 1 groups Relative Command: show ip igmp snooping vlan <1-4094> 21.2.
Default: IGMP Snooping debugging switch is disabled on the switch by default. Usage Guide: The command is used for enable the IGMP Snooping debugging switch of the switch, switch IGMP data packet message can be shown with ―packet‖ parameter, event message with ―event‖, timer message with ―time‖, downsending hardware entries message with ―mfc‖, and all debugging messages with ―all‖. 21.2.
Parameter: is the VLAN number. Command mode: Global Mode Default: IGMP Snooping is disabled by default. Usage Guide: To configure IGMP Snooping on specified VLAN, the global IGMP Snooping should be first enabled. Disable IGMP Snooping on specified VLAN with the ―no ip igmp snooping vlan ‖ command. Example: Enable IGMP Snooping for VLAN 100 in Global Mode. Switch(config)#ip igmp snooping vlan 100 21.2.
disabling the layer 2 general querier function. This command is mainly for sending general queries regularly to help switches within this segment learn mrouter ports. Comment: There are three paths IGMP snooping learn mrouter 1 Port receives the IGMP query messages 2 Port receives multicast protocol packets, and supports DVMRP, PIM 3 Static configured port 21.2.9 ip igmp snooping vlan l2-general-querier-source Command: ip igmp snooping vlan L2-general-query-source
Example: Switch(config)#ip igmp snooping vlan 2 L2-general-query-version 2 21.2.11 ip igmp snooping vlan limit Command: ip igmp snooping vlan limit {group | source } no ip igmp snooping vlan limit Function: Configure the max group count of VLAN and the max source count of every group. The ―no ip igmp snooping vlan limit‖ command cancels this configuration. Parameter: is the VLAN number. g_limit:<1-65535>, max number of groups joined.
ifname: Name of interface port-channel: Port aggregation Command Mode: Global mode Default: No static mrouter port on VLAN by default. Usage Guide: When a port is a static mrouter port while also a dynamic mrouter port, it should be taken as a static mrouter port. Deleting static mrouter port can only be realized by the no command. Example: Switch(config)#ip igmp snooping vlan 2 mrouter-port interface ethernet1/13 21.2.
21.2.15 ip igmp snooping vlan query-interval Command: ip igmp snooping vlan query-interval no ip igmp snooping vlan query-interval Function: Configure this query interval. Parameter: vlan-id: VLAN ID, ranging between <1-4094> value: query interval, ranging between <1-65535>seconds Command Mode: Global mode Default: 125s Usage Guide: It is recommended to use the default settings.
Default: 2 Usage Guide: It is recommended to use the default settings. Please keep this configure in accordance with IGMP configuration as possible if layer 3 IGMP is running. Example: Switch(config)#ip igmp snooping vlan 2 query- robustness 3 21.2.18 ip igmp snooping vlan report source-address Command: ip igmp snooping vlan report source-address
Example: Configure/cancel the specific-query-mrsp of vlan3 as 2s. Swith(config)#ip igmp snooping vlan 3 specific-query-mrsp 2 Swith(config)#no ip igmp snooping vlan 3 specific-query-mrspt 21.2.20 ip igmp snooping vlan static-group Command: ip igmp snooping vlan static-group [source ] interface [ethernet | port-channel] no ip igmp snooping vlan static-group [source
enters when receives query from the layer 3 IGMP in the segments. Example: Switch(config)#ip igmp snooping vlan 2 suppression-query-time 270 21.2.22 show ip igmp snooping Command: show ip igmp snooping [vlan ] Parameter: is the VLAN number specified for displaying IGMP Snooping messages.
Igmp snooping mrouter port keep-alive time :255(s) Igmp snooping query-suppression time :255(s) IGMP Snooping Connect Group Membership Note:*-All Source, (S)- Include Source, [S]-Exclude Source Groups Sources 238.1.1.1 Ports (192.168.0.1) Exptime System Level Ethernet1/8 (192.168.0.
Chapter 22 IPv6 Multicast Protocol 22.1 Commands for MLD Snooping Configuration 22.1.1 clear ipv6 mld snooping vlan Command: clear ipv6 mld snooping vlan <1-4094> groups [X:X::X:X] Function: Delete the group record of the specific VLAN. Parameters: <1-4094> the specific VLAN ID; X:X::X:X the specific group address. Command Mode: Admin Configuration Mode Usage Guide: Use show command to check the deleted group record. Example: Delete all groups.
Command Mode: Admin Mode Default: The MLD Snooping Debugging of the switch is disabled by default Usage Guide: This command is used for enabling the switch MLD Snooping debugging, which displays the MLD data packet message processed by the switch——packet, event messages——event, timer messages——timer,messages of down streamed hardware entry——mfc,all debug messages——all. 22.1.
Command: ipv6 mld snooping vlan immediate-leave no ipv6 mld snooping vlan immediate-leave Function: Enable immediate-leave function of the MLD protocol in specified VLAN; the ―no‖ form of this command disables the immediate-leave function of the MLD protocol Parameter: is the id number of specified VLAN, with valid range of <1-4094>.
Function: Configure number of groups the MLD snooping can join and the maximum number of sources in each group. Parameter: vlan-id: VLAN ID, the valid range is <1-4094> g_limit: <1-65535>, max number of groups joined s_limit: <1-65535>, max number of source entries in each group, consisting of include source and exclude source Command Mode: Global Mode Default: Maximum 50 groups by default, with each group capable with 40 source entries.
no ipv6 mld snooping vlan mrouter-port learnpim6 Function: Enable the function that the specified VLAN learns mrouter-port (according to pimv6 packets), the no command will disable the function. Parameter: : The specified VLAN ID, ranging from 1 to 4094. Command Mode: Global Mode Default: Enable Usage Guide: Enable the function that the specified VLAN learns mrouter-port (according to pimv6 packets).
Switch(config)#ipv6 mld snooping vlan 2 query-interval 130 22.1.13 ipv6 mld snooping vlan query-mrsp Command: ipv6 mld snooping vlan query-mrsp no ipv6 mld snooping vlan query-mrsp Function: Configure the maximum query response period. The ―no‖ form of this command restores the default value. Parameter: vlan-id: VLAN ID, the valid range is<1-4094> value: the valid range is <1-25> secs .
Function: Configure static-group on specified port of the VLAN. The no form of the command cancels this configuration. Parameter: vlan-id: ranging between <1-4094> X:X::X:X:The address of group or source. ethernet: Name of Ethernet port port-channel: Port aggregation ifname: Name of interface Command Mode: Global mode Default: No configuration by default. Usage Guide: When a group is a static while also a dynamic group, it should be taken as a static group.
Parameter: is the number of VLAN specified to display the MLD Snooping messages Command Mode: Admin Mode Usage Guide: If no VLAN number is specified, it will show whether the global MLD snooping is enabled and layer 3 multicast protocol is running, as well as on which VLAN the MLD Snooping is enabled and configured l2-general-querier. If a VLAN number is specified, the detailed MLD Snooping messages of this VLAN will be displayed. Example: 1.
Groups Sources Ports Exptime System Level Ff1e::15 (2000::1) Ethernet1/8 00:04:14 V2 (2000::2) Ethernet1/8 00:04:14 V2 Mld snooping vlan 1 mrouter port Note:"!"-static mrouter port !Ethernet1/2 Displayed information Mld snooping Explanation L2 general querier whether or not l2-general-querier is enabled on VLAN, the querier display status is set to could-query or suppressed Mld snooping query-interval Query interval time of the VLAN Mld snooping max reponse Max response time of this V
Chapter 23 Commands for Multicast VLAN 23.1 multicast-vlan Command: multicast-vlan no multicast-vlan Function: Enable multicast VLAN function on a VLAN; the ―no‖ form of this command disables the multicast VLAN function. Parameter: None. Command Mode: VLAN Configuration Mode. Default: Multicast VLAN function not enabled by default. Usage Guide: The multicast VLAN function can not be enabled on Private VLAN.
multicast VLAN should not be a Private VLAN. A VLAN can only be associated with another VLAN after the multicast VLAN is enabled. Only one multicast VLAN can be enabled on a switch. Examples: Switch(config)#vlan 2 Switch(Config-Vlan2)# multicast-vlan association 3, 4 Chapter 24 Commands for ACL 24.
Default: No time-range configuration. Usage Guide: Periodic time and date. The definition of period is specific time period of Monday to Saturday and Sunday every week. day1 hh:mm:ss To day2 hh:mm:ss or {[day1+day2+day3+day4+day5+day6+day7]|weekend|weekdays|daily} hh:mm:ss To hh:mm:ss Examples: Make configurations effective within the period from9:15:30 to 12:30:00 during Tuesday to Saturday.
Switch(config)#Time-range admin_timer Switch(Config-Time-Range-admin_timer)#absolute start 6:00:00 2004.10.1 end 13:30:00 2005.1.26 24.
is the reverse mask of destination IP, the format is dotted decimal notation, attentive position o, ignored position1;,the type of igmp, 0-15; , the type of icmp, 0-255;, protocol No. of icmp, 0-255;, IP priority, 0-7; , to value, 0-15; , source port No.
rule list; the ―no access-list ― operation of this command is to delete a numeric standard IP access-list. Parameters: is the No. of access-list, 100-199; is the source IP address, the format is dotted decimal notation; is the reverse mask of source IP, the format is dotted decimal notation. Command Mode: Global mode Default: No access-lists configured.
Examples: Permit tagged-eth2 with any source MAC addresses and any destination MAC addresses and the packets pass. Switch(config)#access-list 1100 permit any-source-mac any-destination-mac tagged-eth2 24.
}}[d-port{ | range }] [precedence ] [tos ][time-range ] access-list {deny|permit}{any-source-mac| }|{ {any-destination-mac|{host-destination-mac {host-source-mac }|{ }} }} {eigrp|gre|igrp|ip|ipinip|ospf|{ }} {{ }|any-source|{host-source }} {{ }|any-
configuration of corresponding position, then initialization of TCP data report is enabled to form a match when in connection; precedence (optional) packets can be filtered by priority which is a number from 0-7; tos (optional) packets can be filtered by service type which ia number from 0-15; icmp-type (optional) ICMP packets can be filtered by packet type which is a number from 0-255; icmp-code (optional) ICMP packets can be filtered by packet code which is a number from 0-255; igmp-type (optional) ICMP p
Switch(config)# access-list 700 deny 00-00-00-00-00-ab 00-00-00-FF-00-00 24.8 clear access-group statistic Command: clear access-group statistic [ethernet ] Functions: Empty packet statistics information of assigned interfaces . Parameters: : Interface name. Command Mode: Admin mode Default: None Examples: Empty packet statistics information of interface. Switch#clear access-group statistic 24.
non-all-digit characters of length of 1 to 32. Command Mode: Global Mode. Default: No access list is configured by default. Usage Guide: When this command is issued for the first time, an empty access list will be created. Example: To create a extended IP access list name tcpFlow. Switch(config)#ip access-list extended tcpFlow 24.12 ip access standard Command: ip access standard no ip access standard Function: Create a named standard access list.
Usage Guide: Creates a numbered 520 standard IP access-list first time, the following configuration will add to the current access-list. Examples: Creates a numbered 520 standard IP access-list, allow the source packet from 2003:1:2:3::1/64 pass through the net, and deny all the other packet from the source address 2003:1:2::1/48 pass through. Switch (config)#ipv6 access-list 520 permit 2003:1:2:3::1/64 Switch (config)#ipv6 access-list 520 deny 2003:1:2:::1/48 24.
Command Mode: Port Mode Default: The entry of port is not bound ACL. Usage Guide: One port can bind ingress rulesNote: when a ACL has multiple rules, traffic-statistic can't configure. There are four kinds of packet head field based on concerned: MAC ACL, IP ACL, MAC-IP ACL and IPv6 ACL; to some extent, ACL filter behavior (permit, deny) has a conflict when a data packet matches multi types of four ACLs. The strict priorities are specified for each ACL based on outcome veracity.
Usage Guide: After assigning this command for the first time, only an empty name access-list is created and no list item included. Examples: Create an MAC ACL named mac_acl. Switch(config)# mac-access-list extended mac_acl Switch(Config-Mac-Ext-Nacl-mac_acl)# 24.
[no] {deny | permit} udp {{ } | any-source | {host-source }} [s-port { | range }] {{ } | any-destination | {host-destination }} [d-port { | range }] [precedence ] [tos ][time-range ] [no] {deny | permit} {eigrp | gre | igrp | ipinip | ip | ospf | } {{ } | any-source | {host-source }} {{ } | any-destina
Functions: Create a name standard IP access rule, and ―no {deny | permit} {{ } | any-source | {host-source }}‖ action of this command deletes this name standard IP access rule. Parameters: is the source IP address, the format is dotted decimal notation; is the reverse mask of source IP, the format is dotted decimal notation. Command Mode: Name standard IP access-list configuration mode Default: No access-list configured.
24.
VLAN mask, 0-4095, reverse mask and mask bit is consecutive; protocol: specific Ethernet protocol No., 1536-65535; protocol-bitmask: protocol mask, 0-65535, reverse mask and mask bit is consecutive. Notice: mask bit is consecutive means the effective bit must be consecutively effective from the first bit on the left, no ineffective bit can be added through. For Example: the reverse mask format of one byte is: 00001111b; mask format is 11110000; and this is not permitted: 00010011.
}}{any-destination-mac|{host-destination-mac }|{ }}tcp{{ }|any-source| {host-source }}[s-port { | range }] {{ } | any-destination| {host-destination }} [d-port { | range }] [ack + fin + psh + rst + urg + syn] [precedence ] [tos ][time-range ] [no]{deny|permit}{
system expressed by decimal‘s numbers with four-point separated, reverse mask; destination-host-ip, destination No. of destination network or host to which packets are delivered. Numbers of 32-bit binary system with dotted decimal notation expression; host: means the address is that the destination host address, otherwise the network IP address; destination-wildcard: mask of destination.
Usage Guide: When not assigning names of ACL, all ACL will be revealed, used x time (s)indicates the times of ACL to be used.
Examples: Switch#show access-group interface name: Ethernet 1/1 IP Ingress access-list used is 100, traffic-statistics Disable. interface name: Ethernet1/2 IP Ingress access-list used is 1, packet(s) number is 11110. Displayed information Explanation interface name: Ethernet 1/1 Tying situation on port Ethernet1/1 IP Ingress access-list used is No. 100 numeric expansion ACL tied to entrance 100 of port Ethernet1/1 packet(s) number is 11110 Number of packets matching this ACL rule 24.
access control list, lengthening within 1~32. Default: None. Command Mode: Admin and Configuration Mode. Usage Guide: When no access control list is specified, all the access control lists will be displayed; in used x time(s) is shown the times the ACL had been quoted.
Parameters: time_range_name, time range name must start with letter or number, and the length cannot exceed 32 characters long. Command Mode: Global mode Default: No time-range configuration. Usage Guide: None Examples: Create a time-range named admin_timer.
Chapter 25 Commands for 802.1x 25.1 debug dot1x detail Command: debug dot1x detail {pkt-send | pkt-receive | internal | all | userbased} interface [ethernet] no debug dot1x detail { pkt-send | pkt-receive | internal | all | userbased} interface [ethernet] Function: Enable the debug information of dot1x details; the no operation of this command will disable that debug information.
Example: Enable the debug information of dot1x about errors. Switch#debug dot1x error 25.3 debug dot1x fsm Command: debug dot1x fsm {all | aksm | asm | basm | ratsm} interface no debug dot1x fsm {all | aksm | asm | basm | ratsm} interface Function: Enable the debug information of dot1x state machine; the no operation of this command will disable that debug information. Command Mode: Admin Mode.
packets; : The name of the interface. Usage Guide: By enabling the debug information of dot1x about messages, users can check the negotiation process of dot1x protocol, which might help diagnose the cause of faults if there is any. Example: Enable the debug information of dot1x about messages. Switch#debug dot1x packet all interface ethernet1/1 25.
Default: EAP relay authentication is used by default. Usage Guide: The switch and RADIUS may be connected via Ethernet or PPP. If an Ethernet connection exists between the switch and RADIUS server, the switch needs to authenticate the user by EAP relay (EAPoR authentication); if the switch connects to the RADIUS server by PPP, the switch will use EAP local end authentication (CHAP authentication).
Usage Guide: The function can only be enabled when 802.1x function is enabled both globally and on the port, with userbased being the control access mode. After it is enabled, users can send IPv6 messages without authentication. Examples: Enable IPv6 passthrough function on port Ethernet1/12. Switch(config)#dot1x enable Switch(config)#interface ethernet 1/12 Switch(Config-If-Ethernet1/12)#dot1x enable Switch(Config-If-Ethernet1/12)#dot1x ipv6 passthrough 25.
effect. If the access control mode of the port is macbased or userbased, the Guest VLAN can be successfully set without taking effect. Examples:Set Guest-VLAN of port Ethernet1/3 as VLAN 10. Switch(Config-If-Ethernet1/3)#dot1xguest-vlan 10 25.10 dot1x macfilter enable Command: dot1x macfilter enable no dot1x macfilter enable Function: Enables the dot1x address filter function in the switch; the "no dot1x macfilter enable" command disables the dot1x address filter function.
25.12 dot1x user free-resource Command: dot1x user free-resource no dot1x user free-resource Function: To configure 802.1x free resource; the no form command closes this function. Parameter: is the segment for limited resource, in dotted decimal format; is the mask for limited resource, in dotted decimal format. Command Mode: Global Mode. Default: There is no free resource by default. Usage Guide: This command is available only if user based access control is applied.
25.14 dot1x max-user userbased Command: dot1x max-user userbased no dot1x max-user userbased Function: Set the upper limit of the number of users allowed access the specified port when using user-based access control mode; the no command is used to reset the default value. Parameters: the maximum number of users allowed to access the network, ranging from 1 to 1~256. Command Mode: Port Mode. Default Settings: The maximum number of users allowed to access each port is 10 by default.
25.16 dot1x port-method Command: dot1x port-method {macbased | portbased | userbased {standard | advanced}} no dot1x port-method Function: To configure the access control method of appointed interface. The no form command restores the default access control method.
authentication protocol. The no prefix will disable the command and allow the authentication client to use the standard 802.1x authentication protocol. Command: Global Mode. Default: Private 802.1x authentication packet format is disabled by default. Usage Guide: To implement integrated solution, the switch must be enabled to use private 802.1x protocol, or many applications will not be able to function. For detailed information, please refer to DCBI integrated solution.
Example: Enabling the periodical re-authentication for authenticated users. Switch(config)#dot1x re-authentication 25.20 dot1x timeout quiet-period Command: dot1x timeout quiet-period no dot1x timeout quiet-period Function: Sets time to keep silent on supplicant authentication failure; the ―no dot1x timeout quiet-period‖ command restores the default value. Parameters: is the silent time for the port in seconds, the valid range is 1 to 65535. Command mode: Global Mode.
Function: Sets the interval for the supplicant to re-transmit EAP request/identity frame; the ―no dot1x timeout tx-period‖ command restores the default setting. Parameters: is the interval for re-transmission of EAP request frames, in seconds; the valid range is 1 to 65535. Command mode: Global Mode. Default: The default value is 30 seconds. Usage Guide: Default value is recommended. Example: Setting the EAP request frame re-transmission interval to 1200 seconds.
25.26 dot1x web redirect This command is not supported by switch. 25.27 dot1x web redirect enable This command is not supported by switch. 25.28 show dot1x Command: show dot1x [interface ] Function: Displays dot1x parameter related information, if parameter information is added, corresponding dot1x status for corresponding port is displayed. Parameters: is the port list. If no parameter is specified, information for all ports is displayed.
802.1x is enabled on ethernet Ethernet1/1 Authentication Method:Port based Max User Number:1 Status Authorized Port-control Auto Supplicant 00-03-0F-FE-2E-D3 Authenticator State Machine State Authenticated Backend State Machine State Idle Reauthentication State Machine State Stop Displayed information Explanation Global 802.1x Parameters reauth-enabled Global 802.
25.29 user-control limit This command is not supported by switch. 25.30 user-control limit ipv6 This command is not supported by switch.
Chapter 26 Commands for the Number Limitation Function of MAC in Port 26.1 debug switchport mac count Command: debug switchport mac count no debug switchport mac count Function: When the number limitation function debug of MAC on the port, if the number of dynamic MAC and the number of MAC on the port is larger than the max number allowed, users will see debug information. ‖no debug switchport mac count‖ command is used to disable the number limitation function debug of MAC on the port.
Function: Display the number of dynamic MAC of corresponding port. Parameters: display the specified VLAN ID. This option is not supported by switch. is the name of layer-2 port. Command Mode: Any mode Usage Guide: Use this command to display the number of dynamic MAC of corresponding port. Examples: Display the number of dynamic MAC of the port which are configured with number limitation function of MAC.
number to be set is 20 Switch(config)#interface ethernet 1/2 Switch(Config-If-Ethernet1/2)# switchport mac-address dynamic maximum 20 Disable the number limitation function of dynamic MAC address in port 1/2 mode Switch(Config-If-Ethernet1/2)#no switchport mac-address dynamic maximum 26.
Chapter 27 Commands for AM Configuration 27.1 am enable Command: am enable no am enable Function: Globally enable/disable AM function. Parameters: None. Default: AM function is disabled by default. Command Mode: Global Mode. Usage Guide: None. Example: Enable AM function on the switch. Switch(config)#am enable Disable AM function on the switch. Switch(config)#no am enable 27.2 am port Command: am iport no am port Function: Enable/disable AM function on port. Parameters: None.
messages from a source IP within that segment to be forwarded via the interface. Parameters: the starting address of an address segment in the IP address pool; is the number of consecutive addresses following ip-address, less than or equal with 32. Default: IP address pool is empty. Command Mode: Port Mode. Usage Guide: None. Example: Configure that interface 1/3 of the switch will forward data packets from an IP address which is one of 10 consecutive IP addresses starting from 10.10.10.
Usage Guide: None. Example: Delete all configured IP address pools. Switch(config)#no am all ip-pool 27.6 show am Command: show am [interface ] Function: Display the configured AM entries. Parameters: is the name of the interface of which the configuration information will be displayed. No parameter means to display the AM configuration information of all interfaces. Command Mode: Admin and Configuration Mode. Example: Display all configured AM entries.
am ip-pool 50.10.10.1 30 am mac-ip-pool 00-02-04-06-08-09 20.10.10.5 am ip-pool 50.20.10.
Chapter 28 Commands for Security Feature 28.1 dosattack-check srcip-equal-dstip enable Command: [no] dosattack-check srcip-equal-dstip enable Function: Enable the function by which the switch checks if the source IP address is equal to the destination IP address; the ―no‖ form of this command disables this function. Parameter: None Default: Disable the function by which the switch checks if the source IP address is equal to the destination IP address.
Example: Drop one or more types of above four packet types. Switch(config)#dosattack-check tcp-flags enable 28.4 dosattack-check srcport-equal-dstport enable Command: dosattack-check srcport-equal-dstport enable no dosattack-check srcport-equal-dstport enable Function: Enable the function by which the switch will check if the source port is equal to the destination port; the no command disables this function.
Usage Guide: With this function enabled the switch will be protected from the ICMP fragment attacks, dropping the fragment ICMPv4/v6 data packets whose net length is smaller than the specified value. Example: Enable the ICMP fragment attack checking function. Switch(config)#dosattack-check icmp-attacking enable 28.8 dosattack-check icmpV4-size Command: dosattack-check icmpV4-size <64-1023> Function: Configure the max net length of the ICMPv4 data packet permitted by the switch.
Chapter 29 Commands for TACACS+ 29.1 tacacs-server authentication host Command: tacacs-server authentication host [port ] [timeout ] [key ] [primary] no tacacs-server authentication host Function: Configure the IP address, listening port number, the value of timeout timer and the key string of the TACACS+ server; the no form of this command deletes TACACS+ authentication server.
no tacacs-server key Function: Configure the key of TACACS+ authentication server; the ―no tacacs-server key‖ command deletes the TACACS+ server key. Parameter: is the character string of the TACACS+ server key, containing maximum 16 characters. Command Mode: Global Mode Usage Guide: The key is used on encrypted packet communication between the switch and the TACACS+ server.
Function: Configure a TACACS+ server authentication timeout timer; the ―no tacacs-server timeout‖ command restores the default configuration. Parameter: is the value of TACACS+ authentication timeout timer, shown in seconds and the valid range is 1~60. Command Mode: Global Mode Default: 3 seconds by default. Usage Guide: The command specifies the period the switch wait for the authentication through TACACS+ server.
Chapter 30 Commands for RADIUS 30.1 aaa enable Command: aaa enable no aaa enable Function: Enables the AAA authentication function in the switch; the "no AAA enable" command disables the AAA authentication function. Command mode: Global Mode. Parameters: No. Default: AAA authentication is not enabled by default. Usage Guide: The AAA authentication for the switch must be enabled first to enable IEEE 802.1x authentication for the switch. Example: Enabling AAA function for the switch.
30.3 aaa-accounting update Command: aaa-accounting update {enable | disable} Function: Enable or disable the AAA update accounting function. Command Mode: Global Mode. Default: Enable the AAA update accounting function. Usage Guide: After the update accounting function is enabled, the switch will sending accounting message to each online user on time. Example: Disable the AAA update accounting function for switch. Switch(config)#aaa-accounting update disable 30.
no debug aaa detail attribute interface {ethernet | } Function: Enable the debug information of AAA about Radius attribute details; the no operation of this command will disable that debug information. Parameters: : the number of the interface. : the name of the interface. Command Mode: Admin Mode.
the information of all kinds of event generated in the operation process of Radius protocol, which might help diagnose the cause of faults if there is any. Example: Enable the debug information of aaa about events. Switch#debug aaa detail event 30.8 debug aaa error Command: debug aaa error no debug error Function: Enable the debug information of aaa about errors; the no operation of this command will disable that debug information. Parameters: None. Command Mode: Admin Mode.
Switch#radius nas-ipv4 192.168.2.254 30.10 radius nas-ipv6 Command: radius nas-ipv6 no radius nas-ipv6 Function: Configure the source IPv6 address for RADIUS packet sent by the switch. The no command deletes the configuration. Parameter: is the source IPv6 address of the RADIUS packet, it must be a valid unicast IPv6 address.
Default: No RADIUS accounting server is configured by default. Usage Guide: This command is used to specify the IPv4/IPv6 address and port number of the specified RADIUS server for switch accounting, multiple command instances can be configured. The parameter is used to specify accounting port number, which must be the same as the specified accounting port in the RADIUS server; the default port number is 1813.
Usage Guide: This command is used to specify the IPv4 address or IPv6 address and port number, cipher key string and access mode of the specified RADIUS server for switch authentication, multiple command instances can be configured. The port parameter is used to specify authentication port number, which must be the same as the specified authentication port in the RADIUS server, the default port number is 1812. If this port number is set to 0, the specified server is regard as non-authenticating.
30.14 radius-server key Command: radius-server key no radius-server key Function: Specifies the key for the RADIUS server (authentication and accounting); the ―no radius-server key‖ command deletes the key for RADIUS server. Parameters: is a key string for RADIUS server, up to 16 characters are allowed. Command mode: Global Mode Usage Guide: The key is used in the encrypted communication between the switch and the specified RADIUS server.
no radius-server timeout Function: Configures the timeout timer for RADIUS server; the ―no radius-server timeout‖ command restores the default setting. Parameters: is the timer value (second) for RADIUS server timeout, the valid range is 1 to 1000. Command mode: Global Mode Default: The default value is 3 seconds. Usage Guide: This command specifies the interval for the switch to wait RADIUS server response.
The maximum number of users The interval of sending fee-counting update messages(in seconds) 1~299 300(default value) 300~599 600 600~1199 1200 1200~1799 1800 ≥1800 3600 Example: The maximum number of users supported by NAS is 700, the interval of sending fee-counting update messages 1200 seconds. Switch(config)#radius-server accounting-interim-update timeout 1200 30.18 show aaa authenticated-user Command: show aaa authenticated-user Function: Displays the authenticated users online.
------------------------- authenticating users -----------------------------User-name Retry-time Radius-ID Port Eap-ID Chap-ID Mem-Addr State ------------------------------------------------------------------------------------------- total: 0 --------------- 30.20 show aaa config Command: show aaa config Function: Displays the configured commands for the switch as a RADIUS client. Command mode: Admin and Configuration Mode.
.Is Server Dead = 0 :This server whether dead .Socket No = 0 :The local socket number lead to this server accounting server[1].sock_addr = 10:2004::7.1813 .Is Primary = 1 .Is Server Dead = 0 .Socket No = 0 Time Out = 5s :After send the require packets, wait for response time out Retransmit = 3 :The number of retransmit Dead Time = 5min :The tautology interval of the dead server Account Time Interval = 0min :The account time interval 30.
Chapter 31 Commands for SSL Configuration 31.1 ip http secure-server Command: ip http secure-server no ip http secure-server Function: Enable/disable SSL function. Parameter: None. Command Mode: Global Mode. Default: Disabled. Usage Guide: This command is used for enable and disable SSL function. After enable SSL function, the users visit the switch through https client, switch and client use SSL connect, can form safety SSL connect channel.
31.3 ip http secure- ciphersuite Command: ip http secure-ciphersuite {des-cbc3-sha|rc4-128-sha| des-cbc-sha} no ip http secure-ciphersuite Function: Configure/delete secure cipher suite by SSL used. Parameter: des-cbc3-sha encrypted algorithm DES_CBC3, summary algorithm SHA. rc4-128-sha encrypted algorithm RC4_128, summary algorithm SHA. des-cbc-sha encrypted algorithm DES_CBC, summary algorithm SHA. default use is rc4-md5. Command Mode: Global Mode. Default: Not configure.
Switch# debug ssl %Jan 01 01:02:05 2006 ssl will to connect to web server 127.0.0.
Chapter 32 Commands for IPv6 Security RA 32.1 ipv6 security-ra enable Command: ipv6 security-ra enable no ipv6 security-ra enable Function: Globally enable IPv6 security RA function, all the RA advertisement messages will not be forwarded through hardware, but only sent to CPU to handle. The no operation of this command will globally disable IPv6 security RA function. Parameters: None. Command Mode: Global Configuration Mode. Default: The IPv6 security RA function is disabled by default.
32.3 show ipv6 security-ra Command: show ipv6 security-ra [interface ] Function: Display all the interfaces with IPv6 RA function enabled. Parameters: No parameter will display all distrust ports, entering a parameter will display the corresponding distrust port. Command Mode: Admin and Configuration Mode.
Chapter 33 Commands for MAB 33.1 authentication mab Command: authentication mab {radius | none} no authentication mab Function: Configure the authentication mode and priority of MAC address authentication, the no command restores the default authentication mode. Parameters: radius means RADIUS authentication mode, none means the authentication is needless. Default: Using RADIUS authentication mode.
Function: Enable the debugging of the packet information, event information or binding information for MAB authentication. Parameters: packet: Enable the debugging of the packet information for MAB authentication. event: Enable the debugging of the event information for MAB authentication. binding: Enable the debugging of the binding information for MAB authentication. Command Mode: Admin Mode Default: None. Usage Guide: None. Example: Enable the debugging of the packet information for MAB authentication.
Command Mode: Global Mode and Port Mode Default: Disable the global and port MAB function. Usage Guide: To process MAB authentication of a port, enable the global MAB function first, and then, enable the MAB function of the corresponding port. Example: Enable the global and port Eth1/1 MAB function. Switch(Config)#mac-authentication-bypass enable Switch(Config)#interface ethernet 1/1 Switch(Config-If-Ethernet1/1)#mac-authentication-bypass enable 33.
33.9 mac-authentication-bypass timeout offline-detect Command: mac-authentication-bypass timeout offline-detect (0 | <60-7200>) no mac-authentication-bypass timeout offline-detect Function: Configure offline-detect time. The no command restores the default value. Parameters: (0 | <60-7200>): offline-detect time, the range is 0 or 60 to 7200s. Command Mode: Global Mode Default: offline-detect time is 180s.
33.12 mac-authentication-bypass timeout stale-period Command: mac-authentication-bypass timeout stale-period <0-60> no mac-authentication-bypass timeout stale-period Function: Set the time that delete the binding user after MAB port is down. The no command restores the default value. Parameters: <1-60>: The time that delete the binding, ranging from 0 to 60s. Command Mode: Global Mode Default: 30s.
33.14 show mac-authentication-bypass Command: show mac-authentication-bypass {interface {ethernet IFNAME | IFNAME) |} Function: Show the binding information of MAB authentication. Parameters: interface {ethernet IFNAME|IFNAME}: The port name. Command Mode: Admin Mode Default: None. Usage Guide: None. Example: Show the binding information of all MAB users.
Binding info: 1 -------------------------------------------------------MAB Binding built at SUN JAN 01 01:14:48 2006 VID 1, Port: Ethernet1/1 Client MAC: 00-0a-eb-6a-7f-8e Binding State: MAB_AUTHENTICATED Binding State Lease: 164 seconds left Displayed information Explanation MAB enable MAB function enabled or not Binding info The MAB binding number of the specified port MAB Binding built at The time when the user binding was created VID The VLAN that MAB user belongs Port The binding port Clie
Chapter 34 Commands for PPPoE Intermediate Agent 34.1 debug pppoe intermediate agent packet {receive | send} interface ethernet Command: debug pppoe intermediate agent packet (receive | send|) interface ethernet no debug pppoe intermediate agent packet (receive | send|) interface ethernet Function: Enable PPPoE packet debug for the specified port, the no command disables it. Parameter: receive: Enable the debug that receive PPPoE packet.
Example: Enable global PPPoE intermediate agent function. Switch(config)#pppoe intermediate agent 34.3 pppoe intermediate-agent (Port) Command: pppoe intermediate-agent no pppoe intermediate-agent Function: Enable PPPoE intermediate agent function of the port. The no command disables PPPoE intermediate agent function of the port. Parameter: None. Command Mode: Port mode Default: Disable PPPoE intermediate agent function of the port.
After port ethernet1/3 of vlan3 receives PPPoE packet, circuit-id value of the added vendor tag as ‖abcd eth 01/003:0003‖. 34.5 pppoe intermediate-agent circuit-id Command: pppoe intermediate-agent circuit-id no pppoe intermediate-agent circuit-id Function: Configure circuit ID of the port, the no command cancels this configuration. Parameter: : circuit-id, the max character number is 63 bytes. Command Mode: Port mode Default: This configuration is null.
than pppoe intermediate-agent access-node-id command. circuit-id value is access-node-id +‖ eth ―+ Slot ID + delimiter + Port Index + delimiter + Vlan ID, access-node-id occupies n bytes (n<48), ― eth ― is space + e + t + h + space, occupy 5 bytes, Slot ID occupies 2 bytes, Port Index occupies 3 bytes, Vlan ID occupies 4 bytes, delimiter occupies 1 byte.
Command Mode: Port mode Default: Untrust port. Usage Guide: The port which connect to server must be configured as trust port. Note: At least one trust port is connected to PPPoE server. Example: Configure port ethernet1/1 as trust port. Switch(config-if-ethernet1/1)#pppoe intermediate-agent trust 34.
34.11 show pppoe intermediate-agent identifier-string option delimiter Command: show pppoe intermediate-agent identifier-string option delimiter Function: Show the configured identifier-string, the combination format and delimiter of slot, port and vlan. Parameter: None. Command Mode: Admin mode Default: The configuration information is null. Usage Guide: Show the configured identifier-string, the combo format and delimiter of slot, port and vlan.
---------- ------ ------ ----------- ------- Ethernet1/2 yes no no --------- ---------no 442 test1/port1 host1
Chapter 35 Commands for Web Portal Configuration 35.1 clear webportal binding Command: clear webportal binding {mac WORD | interface |} Function: Clear the binding information of web portal authentication. Parameter: mac: Clear the binding of the specific MAC address. IFNAME: Port ID list, divide the ports with ―;‖. If the parameter is null, delete all web portal binding. Command Mode: Admin Mode. Default: None.
0 packet binding debug is on 35.3 debug webportal error Command: debug webportal error no debug webportal error Function: Enable/ disable the error debugging of web portal authentication. Parameter: None. Command Mode: Admin Mode. Default: There is no limitation. Usage Guide: Enable the error debugging of web portal authentication, the no command disables the error debugging. Example: Enable the error debugging of web portal authentication.
Function: Enable/ disable the debugging that show the synchronization information of the local clock. Parameter: send: Enable the debugging that web portal sends the packet. receive: Enable the debugging that web portal receives the packet. all: Enable the debugging that web portal receives and sends the packet. : The port name. The port name is null that means to enable all ports. Command Mode: Admin Mode. Default: There is no limitation.
35.7 show webportal Command: show webportal {interface |} Function: Show the parameter and enable information of web portal authentication. Parameter: : The port name, if the port name is null, show all port information. Command Mode: Admin Mode. Default: There is no limitation. Usage Guide: Show the parameter and enable information of web portal authentication according to the condition.
IP MAC Interface Vlan ID ---------------------------------------------------------------------------------------------------------- 35.9 webportal binding-limit Command: webportal binding-limit <1-256> no webportal binding-limit Function: Configure the max webportal binding number allowed by the port. Parameter: <1-256>: the max binding number allowed by the port, the max webportal binding number is 24 by default, ranging from 1 to 256. Command Mode: Port Mode. Default: 24.
35.11 webportal enable (Port) Command: webportal enable no webportal enable Function: Enable/disable web portal authentication of the port. Parameter: None. Command Mode: Port Mode. Default: Do not enable web portal authentication of the port. Usage Guide: Enable web portal authentication of the port. The no command disables web portal authentication of the port, it is mutually exclusive with 802.1x on port. Example: Enable/disable web portal authentication on port.
35.13 webportal redirect Command: webportal redirect no webportal redirect Function: Configure HTTP redirection address of web portal authentication. Parameter: is IP address of portal server. Command Mode: Global Mode. Default: There is no redirection address. Usage Guide: Enable web portal authentication globally before configuring its HTTP redirection address. The no command cancels the configured redirection address.
Chapter 36 Commands for VLAN-ACL 36.1 clear vacl statistic vlan Command: clear vacl [in | out] statistic vlan [<1-4094>] Function: This command can clear the statistic information of VACL. Parameter: in | out: Clear the traffic statistic of the ingress/egress. vlan <1-4094>: The VLAN which needs to clear the VACL statistic information. If do not input VLAN ID, then clear all VLAN statistic information. Command mode: Admin Mode. Default: None.
string \w match the letter, the number or the underline \b match the beginning or the end of the words \W match any characters which are not alphabet letter, number and underline \B match the locations which are not the begin or end of the word [^x] match any characters except x [^aeiou] match any characters except including aeiou letters * repeat zero time or many times + repeat one time or many times (n) repeat n times (n,) repeat n or more times (n, m) repeat n to m times At present, the regular expressi
36.3 vacl ip access-group Command: vacl ip access-group {<1-299> | WORD} {in | out} [traffic-statistic] vlan WORD no vacl ip access-group {<1-299> | WORD} {in | out} vlan WORD Function: This command configure VACL of IP type on the specific VLAN. Parameter: <1-299> | WORD: Configure the numeric IP ACL (include: standard ACL rule <1-99>, extended ACL rule <100-299>) or the named ACL. in | out: Filter the ingress/egress traffic. traffic-statistic: Enable the statistic of matched packets number.
Switch(config)#vacl ipv6 access-group 600 in traffic-statistic vlan 5 36.5 vacl mac access-group Command: vacl mac access-group {<700-1199> | WORD} {in | out} [traffic-statistic] vlan WORD no vacl mac access-group {<700-1199> | WORD} {in | out} vlan WORD Function: This command configure VACL of MAC type on the specific VLAN. Parameter: <700-1199> | WORD: Configure the numeric IP ACL (include: <700-799> MAC standard access list, <1100-1199> MAC extended access list) or the named ACL.
Example: Configure the numeric MAC-IP ACL for Vlan 1, 2, 5.
Chapter 37 Commands for SAVI 37.1 Commands for SAVI 37.1.1 ipv6 cps prefix Command: ipv6 cps prefix vlan no ipv6 cps prefix Function: Configure IPv6 address prefix of the link manually, no command deletes IPv6 address prefix. Parameter: ipv6-address: the address prefix of link, like 2001::/64; vid: vlan ID of the current link. Command Mode: Global Mode. Default: None.
37.1.3 ipv6 dhcp snooping trust Command: ipv6 dhcp snooping trust no ipv6 dhcp snooping trust Function: Configure the port as dhcpv6 trust port, it does not establish dynamic DHCPv6 binding again and allows all DHCPv6 protocol packets to pass; no command deletes the port trust function. Parameter: None. Command Mode: Port Mode. Default: Disable. Usage Guide: Set the port as dhcpv6 trust attribute, enable uplink port of the switch with SAVI function for connecting dhcpv6 server or dhcpv6 relay generally.
Function: Configure the check mode for conflict binding, the no command deletes the check mode. Parameter: simple mode: only check the port state for conflict binding, if the state is up, keep the conflict binding and do not set new binding. If the state is down, delete the conflict binding to set a new one probe mode: besides checking the port state for conflict binding, it will send NS packets to probe the usability of the corresponding user when the port state is up.
Parameter: limit-num: set the range from 0 to 65535, the default value of the port binding number is 65535. Command Mode: Port Mode. Default: 65535. Usage Guide: The configured binding number only include the dynamic binding type of slaac, dhcp. If the binding sum exceeds the configured number, this port does not create new dynamic binding any more, if the configured number is 0, this port does not create any dynamic binding. Example: Configure the binding number to be 100 for port ethernet1/1.
Interface ethernet1/1 type slaac lifetime 2010 Configure the static binding for SAVI manually. Switch(config)#savi ipv6 check source binding ip 2001::20 mac 00-25-64-BB-8F-04 Interface ethernet1/1 type static 37.1.9 savi ipv6 check source ip-address mac-address Command: savi ipv6 check source [ip-address mac-address | ip-address | mac-address] no savi ipv6 check source Function: Enable the control authentication function for the packets of the port, no command disables this function. Parameter: None.
DAD NS packets. Disable all kinds of application scene detection function for SAVI by default. Example: Enable the specified dhcp-only application scene for SAVI. Switch(config)#savi ipv6 dhcp-only enable 37.1.11 savi ipv6 mac-binding-limit Command: savi ipv6 mac-binding-limit no savi ipv6 mac-binding-limit Function: Configure the dynamic binding number of the same MAC address, no command restores the default value.
Function: Configure lifetime period of redetection for the dynamic binding, no command restores the default value. Parameter: max-dad-prepare-delay: set the ranging between 1 and 65535 seconds, its default value is 1 second. Command Mode: Global Mode. Default: 1 second. Usage Guide: It is recommended to user the default value. Example: Set the redetection lifetime as 2 seconds. Switch(config)#savi max-dad-prepare-delay 2 37.1.
of BOUND state. If the configured parameter is 0 second, all binding of the port will be deleted immediately. Example: Set bind-protect lifetime period to be 20 seconds. Switch(config)#savi timeout bind-protect 20 37.2 Commands for Monitor and Debug 37.2.1 Monitor and Debugg 37.2.1.1 debug ipv6 dhcp snooping binding Command: debug ipv6 dhcp snooping binding no debug ipv6 dhcp snooping binding Function: Enable binding debug of dhcp type for SAVI, no command disables the debug. Parameter: None.
Command: debug ipv6 dhcp snooping packet no debug ipv6 dhcp snooping packet Function: Enable the debug of DHCPv6 packets, no command disables the debug. Parameter: None. Command Mode: Admin Mode. Default: None. Usage Guide: After enable packets debug, the relative DHCPv6 packtets will be print for misarranging. The no command disables this function. Example: Enable the debug of DHCPv6 packets. Switch#debug ipv6 dhcp snooping packet 37.2.1.
37.2.1.6 debug ipv6 nd snooping packet Command: debug ipv6 nd snooping packet no debug ipv6 nd snooping packet Function: Enable ND packets debug, no command disables ND packets debug. Parameter: None. Command Mode: Admin Mode. Default: None. Usage Guide: After enable packets debug, the relative ND packets will be print for misarranging. The no command disables this function. Example: Enable ND packets debug. Switch#debug ipv6 nd snooping packet 37.2.1.
MAC IP VLAN Port Type State Expires -------------------------------------------------------------------------------------------------------------00-25-64-bb-8f-04 fe80::225:64ff:febb:8f04 1 Ethernet1/5 slaac BOUND 14370 00-25-64-bb-8f-04 2001::13 1 Ethernet1/5 slaac BOUND 14370 00-25-64-bb-8f-04 2001::10 1 Ethernet1/5 slaac BOUND 14370 -------------------------------------------------------------------------------------------------------------- Chapter 38 Commands for MRPP 38.
transferring. Parameter: is MRPP ring ID, the valid range is from 1 to 4096, if not specified ID, it clears all of MRPP ring statistic information. Command Mode: Admin Mode. Default: None. Usage Guide: None. Example: Clear statistic information of MRPP ring 4000 of switch. Switch#clear mrpp statistics 4000 38.3 debug mrpp Command: debug mrpp no debug mrpp Function: Open MRPP debug information; ―no description‖ command disables MRPP debug information. Command Mode: Admin Mode Parameter: None.
Switch(mrpp-ring-4000)#control-vlan 4000 Switch(mrpp-ring-4000)# node-mode master Switch(mrpp-ring-4000)#fail-timer 18 Switch(mrpp-ring-4000)#hello-timer 6 Switch(mrpp-ring-4000)#enable Switch(mrpp-ring-4000)#exit Switch(config)#in ethernet 1/1 Switch(config-If-Ethernet1/1)#mrpp ring 4000 primary-port Switch(config)#in ethernet 1/3 Switch(config-If-Ethernet1/3)#mrpp ring 4000 secondary-port 38.
Parameter: valid range is from 1 to 100s. Command Mode: MRPP ring mode Default: Default configuration timer interval is 1s. Usage Guide: The primary node of MRPP ring continuously sends Hello packet on configured Hello timer interval, if secondary port of primary node can receive this packet in configured period; the whole loop is normal, otherwise fail. Transfer node of MRPP ring doesn‘t need this timer and configure. Example: Configure hello-timer of MRPP ring 4000 to 3 seconds.
38.9 mrpp ring Command: mrpp ring no mrpp ring Function: Create MRPP ring, and access MRPP ring mode, the ―no mrpp ring‖ command deletes configured MRPP ring. Parameter: is MRPP ring ID, the valid range is from 1 to 4096. Command Mode: Global Mode Usage Guide: If this MRPP ring doesn‘t exist it create new MRPP ring when executing the command, and then it enter MRPP ring mode. It needs to ensure disable this MRPP ring when executing the ―no mrpp ring‖ command.
38.11 mrpp ring secondary-port Command: mrpp ring < ring-id > secondary-port no mrpp ring < ring-id > secondary-port Function: Specify secondary of MRPP ring. Parameter: is the ID of MRPP ring; range is <1-4096>. Command Mode: Port mode Default: None Usage Guide: The command specifies secondary port of MRPP ring. The primary node uses secondary port to receive Hello packet from primary node. There are no difference on function between primary port and secondary of secondary node.
Command Mode: Admin and Configuration Mode. Default: None Usage Guide: None Example: Display configuration of MRPP ring 4000 of switch Switch# show mrpp 4000 38.14 show mrpp statistics Command: show mrpp statistics [] Function: Display statistic information of data packet of MRPP ring receiving and transferring. Parameter: is MRPP ring ID, the valid range is from 1 to 4096, if not specified ID, it displays all of MRPP ring statistic information.
Chapter 39 Commands for ULPP 39.1 clear ulpp flush counter interface Command: clear ulpp flush counter interface Function: Clear the statistic information of the flush packets. Parameter: is the name of the port. Default: None. Command mode: Admin mode. Usage Guide: None. Example: Clear the statistic information of the flush packets for the port1/1. Switch#clear ulpp flush counter interface e1/1 ULPP flush counter has been reset. 39.
Function: Show the error information of ULPP. The no operation disables showing the error information of ULPP. Parameter: None. Default: Do not display. Command mode: Admin mode. Usage Guide: None. Example: Show the error information of ULPP. Switch# debug ulpp error Unrecognized Flush packet received. 39.4 debug ulpp event Command: debug ulpp event no debug ulpp event Function: Show the event information of ULPP. The no operation disables showing the event information of ULPP. Parameter: None.
Switch# debug ulpp flush content interface e1/1 Flush packet content: Destination MAC: 01-03-0f-cc-cc-cc Source MAC: 00-a0-cc-d7-5c-ea Type: 8100 Vlan ID: 1 Length: 518 Control Type: 2 Control Vlan: 10 MAC number:0 Vlan Bitmap: 39.
Usage Guide: None. Example: Configure the description of ULPP group as switch. Switch(config)# ulpp group 20 Switch(ulpp-group-20)# description switch 39.8 flush disable arp Command: flush disable arp Function: Disable sending the flush packets of deleting ARP. Parameter: None. Default: By default, enable the sending function of the flush packets which are deleted by ARP. Command mode: ULPP group configuration mode.
Parameter: None. Default: By default, enable sending the flush packets of deleting ARP. Command mode: ULPP group configuration mode. Usage Guide: If enable this function, when the link is switched, it will actively send the flush packets to notify the upstream device, so as to delete the list entries of ARP. Example: Enable sending the flush packets of deleting ARP. Switch(config)# ulpp group 20 Switch(ulpp-group-20)# flush enable arp 39.
39.13 preemption mode Command: preemption mode no preemption mode Function: Open/close the preemption mode of ULPP group. Parameter: None. Default: Do not preempt. Command mode: ULPP group configuration mode. Usage Guide: If the preemption mode configured by ULPP group, and the slave port is in forwarding state, and the master port is in the standby state, the master port will turn into the forwarding state and the slave port turn into the standby state after the preemption delay.
39.15 show ulpp flush counter interface Command: show ulpp flush counter interface {ethernet | } Function: Show the statistic information of the flush packets. Parameter: is the name of the ports. Default: None. Command mode: Admin mode. Usage Guide: Show the statistic information of the flush packets, such as: the information of the flush packets number which has been received, the time information that receive the flush packets finally.
Parameter: [group-id]: Show the information of the specific ULPP group. Default: By default, show the information of all ULPP groups which have been configured. Command mode: Admin mode. Usage Guide: Show the configuration information of ULPP groups which have been configured, such as: the state of the master port and the slave port, the preemption mode, the preemption delay, etc. Example: Show the configuration information of ULPP group1.
39.19 ulpp flush disable arp Command: ulpp flush disable arp Function: Disable receiving the flush packets of deleting ARP. Parameter: None. Default: By default, disable receiving the flush packets of deleting ARP. Command mode: Port mode. Usage Guide: If this command is configured, then it will not receive the flush packets of deleting ARP. Example: Disable receiving the flush packets of deleting ARP. Switch(config)# interface ethernet 1/1 Switch(config-If-Ethernet1/1)# ulpp flush disable arp 39.
Switch(config-If-Ethernet1/1)# ulpp flush enable arp 39.22 ulpp flush enable mac Command: ulpp flush enable mac Function: Enable receiving the flush packets of updating MAC address. Parameter: None. Default: By default, disable receiving the flush packets of updating MAC address. Command mode: Port mode. Usage Guide: Enable receiving the flush packets of updating MAC address table. Example: Enable receiving the flush packets of updating the MAC address.
Command mode: Port mode. Usage Guide: There is no sequence requirement for the master and slave port configuration in a group, but the protective VLANs must be configured before the member ports. Each group has only one master port, if the master port exists, then the configuration fail. Example: Configure the master port of ULPP group. Switch(config)# interface ethernet 1/1 Switch(config-If-Ethernet1/1)# ulpp group 20 master 39.
Chapter 40 Commands for ULSM 40.1 debug ulsm event Command: debug ulsm event no debug ulsm event Function: Show the event information of ULSM. The no operation disables showing ULSM events. Parameter: None. Default: None. Command mode: Admin Mode. Usage Guide: None. Example: Show the event information of ULSM. Switch# debug ulsm event Downlink synchoronized with ULSM group, change state to Down. 40.
40.3 ulsm group Command: ulsm group no ulsm group Function: Create a ULSM group. The no command deletes the ULSM group. Parameter: is the ID of ULSM group, range from 1 to 32. Default: There is no ULSM group configured by default. Command mode: Global Mode. Usage Guide: None. Example: Create ULSM group 10. Switch(config)# ulsm group 10 40.
Chapter 41 Commands for Mirroring Configuration 41.1 monitor session source interface Command: monitor session source {interface | cpu} {rx| tx| both} no monitor session source {interface | cpu} Function: Specify the source interface for the mirror. The no form command will disable this configuration. Parameters: is the session number for the mirror. Currently only 1 is supported.
Function: Specify the access control for the source of the mirror. The no form command will disable this configuration. Parameters: is the session number for the mirror. Currently only 1 is supported. is the list of source interfaces of the mirror which can be separated by '-' and ';'. is the number of the access list. rx means to filter the datagram received by the interface. tx for the datagram sent out, and both means both of income and outcome datagram.
Example: Configure interface 1/7 as the destination of the mirror. Switch(config)#monitor session 1 destination interface ethernet 1/7 41.4 show monitor Command: show monitor Function: To display information about the source and destination ports of all the mirror sessions. Command Mode: Admin Mode Usage Guide: This command is used to display the source and destination ports for the configured mirror sessions.
Chapter 42 Commands for sFlow 42.1 sflow agent-address Command: sflow agent-address no sflow agent-address Function: Configure the sFlow sample proxy address. The ―no‖ form of this command deletes the proxy address. Parameter: is the sample proxy IP address which is shown in dotted decimal notation. Command Mode: Global Mode. Default: None default value. Usage Guide: The proxy address is used to mark the sample proxy which is similar to OSPF or the Router ID in the BGP.
command deletes the statistic sampling interval value. Parameter: is the value of the interval with a valid range of 20~120 and shown in second. Command Mode: Port Mode Default: No default value Usage Guide: If no statistic sampling interval is configured, there will not be any statistic sampling on the interface. Example: Set the statistic sampling interval on the interface e1/1 to 20 seconds. Switch(Config-If-Ethernet1/1)#sflow counter-interval 20 42.
Default: The destination port of the sFlow packet is defaulted at 6343, and the analyzer has no default address. Usage Guide: If the analyzer address is configured at Port Mode, this IP address and port configured at Port Mode will be applied when sending the sample packet. Or else the address and port configured at global mode will be applied. The analyzer address should be configured to let the sFlow sample proxy work properly. Example: Configure the analyzer address and port at global mode.
will not be interfered. The higher the priority value is set, the higher its priority will be. Example: Configure the priority when sFlow receives packet from the hardware at global mode. switch (config)#sflow priority 1 42.8 sflow rate Command: sflow rate { input | output } no sflow rate [input | output] Function: Configure the sample rate of the sFlow hardware sampling. The ―no‖ form of this command deletes the sampling rate value.
Sampler priority is 2 Sflow DataSource: type 2, index 194(Ethernet1/2) Collector address is 192.168.1.200 Collector port is 6343 Counter interval is 0 Sample rate is input 0, output 0 Sample packet max len is 1400 Sample header max len is 50 Sample version is 4 Displayed Information Explanation Sflow version 1.2 Indicates the sFlow version is 1.2 Agent address is 172.16.1.100 Address of the sFlow sample proxy is 172.16.1.
Chapter 43 Commands for SNTP 43.1 clock timezone Command: clock timezone WORD {add | subtract} <0-23> [<0-59>] no clock timezone WORD Function: This command configures timezone in global mode, the no command deletes the configured timezone. Parameters: WORD: timezone name, the length should not exceed 16 add | subtract: the action of timezone 0-23: the hour value <0-59>: the minute value Command Mode: Global mode Default: None.
no sntp polltime Function: Sets the interval for SNTP clients to send requests to NTP/SNTP; the ―no sntp polltime‖ command cancels the polltime sets and restores the default setting. Parameters: is the interval value from 16 to 16284. Default: The default polltime is 64 seconds. Command Mode: Global Mode Example: Setting the client to send request to the server every 128 seconds. Switch#config Switch(config)#sntp polltime128 43.
43.5 show sntp Command: show sntp Function: Displays current SNTP client configuration and server status. Parameters: N/A. Command Mode: Admin and Configuration Mode. Example: Displaying current SNTP configuration. Switch#show sntp SNTP server 2.1.0.
Chapter 44 Commands for NTP 44.1 clock timezone Command: clock timezone WORD {add | subtract} <0-23> [<0-59>] no clock timezone WORD Function: This command configures timezone in global mode, the no command deletes the configured timezone. Parameters: WORD: timezone name, the length should not exceed 16 add | subtract: the action of timezone 0-23: the hour value <0-59>: the minute value Command Mode: Global mode Default: None.
Function: To display NTP authentication information, the no form command disabled the switch of displaying NTP authentication information. Parameter: None. Default: Disabled. Command Mode: Admin Mode. Usage Guide: To display NTP authentication information, if the switch is enabled, and if the packets schlepped authentication information when the packet in sending or receiving process, then the key identifier will be printed out. Example: To enable the switch of displaying NTP authentication information.
Example: To enable the debug switch of displaying NTP packet information. Switch# debug ntp packet 44.6 debug ntp sync Command: debug ntp sync no debug ntp sync Function: To enable/disable debug switch of displaying local time synchronization information. Parameter: None. Default: Disabled. Command Mode: Admin Mode. Usage Guide: None. Example: To enable debug switch of displaying local time synchronization information. Switch# debug ntp sync 44.
Usage Guide: None. Example: To enable NTP authentication function. Switch(config)#ntp authenticate 44.9 ntp authentication-key Command: ntp authentication-key md5 no ntp authentication-key Function: To enable/cancel NTP authentication function, and defined NTP authentication key. Parameter: key-id: The id of key, range is from 1 to 4294967295. value: The value of key, range between 1 to 16 of ascii code.
44.12 ntp disable Command: ntp disable no ntp disable Function: To disable/enable the NTP function on port. Parameter: None. Default: To enable NTP function on all ports. Command Mode: Interface Configuration Mode. Usage Guide: None. Example: To disable the NTP function on vlan1 interface. Switch(config)# interface vlan 1 Switch(Config-if-Vlan1)#ntp disable 44.13 ntp enable Command: ntp enable ntp disable Function: To enable/disable NTP function globally. Parameter: None. Default: Disabled.
] no ntp server {|} Function: To enable specified time server of time source, the no form of this command cancels the specified time server of time source. Parameter: ip-address: IPv4 address of time server. ipv6-address: IPv6 address of time server. version: The version information configured for server. version_no: The version number of server, range is from 1 to 4, default is 4. key: To configure key for server. key-id: The key id. Default: Disabled.
Example: Switch# show ntp status Clock status: synchronized Clock stratum: 3 Reference clock server: 1.1.1.2 Clock offset: 0.010 s Root delay: 0.012 ms Root dispersion: 0.000 ms Reference time: TUE JAN 03 01:27:24 2006 44.19 show ntp session Command: show ntp session [ | ] Function: To display the information of all NTP session or one specific session, include server ID, server layer, and the local offset according to server.
Chapter 45 Commands for Summer Time 45.1 clock summer-time absolute Command: clock summer-time absolute [] no clock summer-time Function: Configure summer time range, the time in this range is summer time. The no command deletes the configuration. Parameter: is the time zone name of summer time; is the start time, the format is hour (from 0 to 23):minute (from 0 to 59);
no clock summer-time Function: Configure the recurrent summer time range, the time in this range is summer time. Parameter: is the time zone name of summer time; is the start time, the format is hour (from 0 to 23):minute (from 0 to 59); is the start date, the format is month(from 1 to 12).date(from 1 to 31); is the end time, the format is hour(from 0 to 23):minute(from 0 to 59); is the end date, the format is month(from 1 to 12).
value, the value as ―Sun‖, ―Mon‖, ―Tue‖, ―Wed‖, ―Thu‖, ―Fri‖, ―Sat‖; is the month, the value as ‖Jan‖, ―Feb‖, ―Mar‖, ―Apr‖, ―May‖, ‖Jun‖, ―Jul‖, ―Aug‖, ―Sep‖, ―Oct‖, ―Nov‖, ―Dec‖ is the time offset, the range from 1 to 1440, unit is minute, default value is 60 minutes. Default: There is no summer time range. Command Mode: Global Mode Usage Guide: This command sets the start and end time for the recurrent summer time flexibly.
Function: This command is used to clear all the information in the log buffer zone. Command Mode: Admin Mode Usage Guide: When the old information in the log buffer zone is no longer concerned, we can use this command to clear all the information. Example: Clear all information in the log buffer zone sdram. Switch#clear logging sdram Related Command: show logging buffered 46.
Default: No log information output to the log host by default. The default recorder of the log host is the local0; the default severity level is warnings. Usage Guide: Only when the log host is configured by the logging command, this command will be available. We can configure many IPv4 and IPv6 log hosts. Example 1: Send the log information with a severity level equal to or higher than warning to the log server with an IPv4 address of 100.100.100.5, and save to the log recording equipment local1.
Default: Do not include the sequence-number. Usage Guide: Use logging command to configure the loghost before this command is set. Example: Open the loghost sequence-number. Switch(config)# logging loghost sequence-number 46.7 ping Command: ping [[src ] { | host }] Function: Issue ICMP request to remote devices, check whether the remote device can be reached by the switch.
Type ^c to abort. Sending 5 56-byte ICMP Echos to 10.1.128.160, using source address 10.1.128.161, timeout is 2 seconds. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms In the example above, 10.1.128.161 is configured as the source address of the ICMP echo requests, while the destination device is configured to be at 10.1.128.160. The command receives all the ICMP reply packets for all of the five ICMP echo requests. The success rate is 100%. It is denoted on the switch ―.
46.8 ping6 Command: ping6 [ | host | src { | host }] Function: To check whether the destination network can be reached. Parameters: is the target IPv6 address of the ping command. is the source IPv6 address where the ping command is issued. is the target host name of the ping command, which should not exceed 64 characters.
Repeat count [5]: Datagram size in byte [56]: Timeout in milli-seconds [2000]: Extended commands [n]: Type ^c to abort. Sending 5 56-byte ICMP Echos to fe80::2d0:59ff:feb8:3b27, using src address fe80::203:fff:fe0b:16e3, timeout is 2 seconds. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/16 ms Display Information Explanation ping6 The ping6 command Target IPv6 address The target IPv6 address of the command.
corresponding storage device, which IMG file is currently used in booting, the configuration information of the CFG file in the storage device and the CFG file currently booted. Example: Display the first and second IMG files and the CFG file enabled by switch. Switch#show boot-files Booted files on switch The primary img file at the next boot time: flash:/nos.img The backup img file at the next boot time: flash:/nos.img Current booted img file: flash:/nos.
Example: To list the files and their size in the flash. Switch#show flash boot.rom 329, 828 1900-01-01 00:00:00 --SH boot.conf 94 1900-01-01 00:00:00 --SH nos.img 2, 449, 496 1980-01-01 00:01:06 ---- startup-config 2, 064 1980-01-01 00:30:12 ---- 46.12 show history Command: show history Function: Display the recent user command history.
Time Type User Command 0w 0d 0h 2m Telnet/SSH admin show history all-users detail 192.168.1.2:1419 0w 0d 0h 1m Telnet/SSH admin show history all-users 192.168.1.2:1419 0w 0d 0h 1m Console Null show history all-users 0w 0d 0h 1m Console Null end 0w 0d 0h 1m Console Null ip address 192.168.1.1 255.255.255.0 0w 0d 0h 0m Console Null in v 1 0w 0d 0h 0m Console Null telnet-server enable 46.
Parameter: None. Command Mode: Admin mode. Default: None. Usage Guide: Use this command to display the state (enable or disable). Example: Switch#show logging executed-commands state Logging executed command state is enable 46.16 show logging source Command: show logging source mstp Function: Show the log information source of MSTP module. Parameters: None. Default: None. Command mode: Admin and configuration mode.
Example: Switch#show memory start address : 0x2100 number of words[64]: 002100: 0000 0000 0000 0000 0000 0000 0000 0000 *................* 002110: 0000 0000 0000 0000 0000 0000 0000 0000 *................* 002120: 0000 0000 0000 0000 0000 0000 0000 0000 *................* 002130: 0000 0000 0000 0000 0000 0000 0000 0000 *................* 002140: 0000 0000 0000 0000 0000 0000 0000 0000 *................* 002150: 0000 0000 0000 0000 0000 0000 0000 0000 *................
Usage Guide: The show running-config command differs from show startup-config in that when the user finishes a set of configurations, show running-config displays the added-on configurations whilst show startup-config won‘t display any configurations. However, if write command is executed to save the active configuration to the Flash memory, the displays of show running-config and show startup-config will be the same. 46.
46.21 show tcp Command: show tcp Function: Display the current TCP connection status established to the switch. Command mode: Admin Mode Example: Switch#show tcp LocalAddress LocalPort ForeignAddress ForeignPort State 0.0.0.0 23 0.0.0.0 0 LISTEN 0.0.0.0 80 0.0.0.0 0 LISTEN Displayed information Description LocalAddress Local address of the TCP connection. LocalPort Local pot number of the TCP connection. ForeignAddress Remote address of the TCP connection.
46.23 show telnet login Command: show telnet login Function: List information of currently available telnet clients which are connected to the switch. Command Mode: Admin Mode and Configuration Mode. Usage Guide: This command used to list the information of currently available telnet clients which are connected to the switch. Example: Switch#show telnet login Authenticate login by local. Login user: aa 46.24 show temperature This command is not supported by the switch. 46.
Function: Display the current UDP connection status established to the switch. Command mode: Admin Mode Example: Switch#show udp LocalAddress LocalPort ForeignAddress ForeignPort State 0.0.0.0 161 0.0.0.0 0 CLOSED 0.0.0.0 123 0.0.0.0 0 CLOSED 0.0.0.0 1985 0.0.0.0 0 CLOSED Displayed information Description LocalAddress Local address of the UDP connection. LocalPort Local pot number of the UDP connection. ForeignAddress Remote address of the UDP connection.
46.28 show version Command: show version Function: Display the switch version. Command mode: Admin Mode Usage Guide: Use this command to view the version information for the switch, including hardware version and software version. Example: Switch#show version 46.29 traceroute Command: traceroute [source ] { | host } [hops ] [timeout ] Function: This command is tests the gateway passed in the route of a packet from the source device to the target device.
is the IPv6 address of the destination host, shown in colonned hex notation; is the name of the remote host; is the max number of the gateways the traceroute6 passed through, ranging between 1-255; is the timeout period of the data packets, shown in millisecond and ranging between 100~10000. Default: Default number of the gateways passes by the data packets is 30, and timeout period is defaulted at 2000ms.
Chapter 47 Commands for Reload Switch after Specified Time 47.1 reload after Command: reload after {[] [days ]} Function: Reload the switch after a specified period of time. Parameters: the specified time, HH (hours) ranges from 0 to 23, MM (minutes) and SS (seconds) range from 0 to 59. the specified days, unit is day, range from 1 to 30. time and day may be configured at the same time or configured solely.
Switch#reload cancel Reload cancel successful. Related Commands: reload, reload after, show reload 47.3 show reload Command: show reload Function: Display the user‘s configuration of command ―reload after‖. Parameters: None. Command Mode: Admin and configuration mode Usage Guide: With this command, users can view the configuration of command ―reload after‖ and check how long a time is left before rebooting the switch. Example: View the configuration of command ―reload after‖.
Chapter 48 Commands for Debugging and Diagnosis for Packets Received and Sent by CPU 48.1 clear cpu-rx-stat protocol Command: clear cpu-rx-stat protocol [ ] Function: Clear the statistics of the CPU received packets of the protocol type.
telnet, http, dhcp, igmp, ssh; is the max rate of CPU receiving packets of the protocol type, its range is 1-2000 pps. Command Mode: Global Mode Default: A different default rate is set for the different type of protocol. Usage Guide: The rate limit set by this command have an effect on CPU receiving packets, so it is supposed to be used with the help of the technical support. Example: Set the rate of the ARP packets to 500pps. Switch(config)#cpu-rx-ratelimit protocol arp 500 48.
48.8 show cpu-rx protocol Command: show cpu-rx protocol [ ] Function: Show the statistics of the CPU received packets of the specified protocol type. Parameter: is the protocol type of the packets, if do not input parameters, show all statistic packets. Command Mode: Admin and configuration mode Default: None. Usage Guide: This command is used to debug, it is supposed to be used with the help of the technical support. Example:Show the statistics of CPU receiving ARP packets.
Command ―policy‖. Deleted commands and parematers for double-barrel mode. Deleted ―Double-barrel mode: ― and command also deleted. In the desctiption to the ―accounting‖ command removed ―single-barrel mode, ‖ and ‖under double-barrel mode packets of three colors will be present. “in-profile” – green color is displayed. “out-profile” – red and yellow color.‖ In command ―mls qos queue wrr weight ‖ removed ―wrr‖.
