N8406-022A 1Gb Intelligent L2 Switch Command Reference Guide (ISCLI) Part number: 856-126757-306-00 First edition: July 2008 456-01767-000 PN# 456-01767-000
Legal notices © 2008 NEC Corporation The information contained herein is subject to change without notice. The only warranties for NEC products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. NEC shall not be liable for technical or editorial errors or omissions contained herein. Microsoft®, Windows®, and Windows NT® are U.S. registered trademarks of Microsoft Corporation.
Contents ISCLI Reference Introduction ............................................................................................................................................................. 7 Additional references .............................................................................................................................................. 7 Connecting to the switch ..........................................................................................................................
Information dump .................................................................................................................................................. 42 Statistics commands Introduction ........................................................................................................................................................... 43 Port Statistics.........................................................................................................................................
CIST port configuration ................................................................................................................................... 83 Spanning Tree configuration ................................................................................................................................ 84 Bridge Spanning Tree configuration................................................................................................................ 85 Spanning Tree port configuration ..........
N8406-022A 1Gb Intelligent L2 Switch Command Reference Guide (ISCLI) 6
ISCLI Reference Introduction The 1Gb Intelligent L2 Switch is ready to perform basic switching functions right out of the box. Some of the more advanced features, however, require some administrative configuration before they can be used effectively.
To establish a console connection with the switch: 1. Connect the terminal to the console port using the null modem cable. 2. Power on the terminal. 3. Press the Enter key a few times on the terminal to establish the connection. 4. You will be required to enter a password for access to the switch. Setting an IP address To access the switch via a Telnet or an SSH connection, you need to have an Internet Protocol (IP) address set for the switch.
The supported SSH encryption and authentication methods are listed below. Server Host Authentication—Client RSA authenticates the switch in the beginning of every connection Key Exchange—RSA Encryption: AES256-CBC AES192-CBC AES128-CBC 3DES-CBC 3DES ARCFOUR User Authentication—Local password authentication; Remote Authentication Dial-in User Service (RADIUS) The following SSH clients are supported: SSH 3.0.1 for Linux (freeware) SecureCRT® 4.1.8 (VanDyke Technologies, Inc.) OpenSSH_3.
Table 2 User access levels User account Description and tasks performed User The User has no direct responsibility for switch management. He or she can view all switch status information and statistics, but cannot make any configuration changes to the switch. The user account is enabled by default, and the default password is user. The Operator has no direct responsibility for switch management.
Typeface or symbol Meaning brackets [ ] Indicate optional elements in syntax descriptions. Do not type the brackets when entering the command. Example: If the command syntax is show ip interface [<1-256>] you can enter show ip interface or show ip interface 1 italic text Indicates variables in command syntax descriptions. Also indicates new terms and book titles. Where a variable is two or more words, the words are connected by a hyphen.
ISCLI basics Introduction The ISCLI is used for viewing switch information and statistics. In addition, the administrator can use the CLI for performing all levels of switch configuration. This chapter describes the ISCLI Command Modes, and provides a list of commands and shortcuts that are commonly available from all the command modes within the ISCLI. Accessing the ISCLI The first time you start this switch, it boots into the AOS CLI.
Table 3 ISCLI Command Modes Command Mode/Prompt Command used to enter or exit. FDP configuration Enter RIP Configuration mode, from Global Configuration mode: ufd fdp <1-4> Exit to Global Configuration mode: exit Exit to Privileged EXEC mode: end Switch(config-fdp)# Global commands Some basic commands are recognized throughout the ISCLI hierarchy. These commands are useful for obtaining online Help, navigating through the interface, and saving configuration changes.
Command line interface shortcuts The following shortcuts allow you to enter commands quickly and easily. Command abbreviation Most commands can be abbreviated by entering the first characters that distinguish the command from the others in the same mode.
Information Commands Introduction You can view configuration information for the switch in the ISCLI. This chapter discusses how to use the ISCLI to display switch information. The following table describes general information commands. Table 5 Information commands Command Usage show sys-info Displays system information. Command mode: All Displays Layer 2 information. Command mode: All Displays Layer 3 information. Command mode: All Displays Remote Monitoring Information.
System Information commands The following table describes the System Information commands. Table 6 System Information commands Command Usage show snmp-server v3 Displays SNMP v3 information.
SNMPv3 USM User Table information The following command displays SNMPv3 user information: show snmp-server v3 user Command mode: All usmUser Table User Name -------------------------------adminmd5 adminsha v1v2only Protocol -------------------------------HMAC_MD5, DES PRIVACY HMAC_SHA, DES PRIVACY NO AUTH, NO PRIVACY The User-based Security Model (USM) in SNMPv3 provides security services such as authentication and privacy of messages.
The following table describes the SNMPv3 View Table information. Table 9 View Table parameters Field Description View Name Subtree Displays the name of the view. Displays the MIB subtree as an OID string. A view subtree is the set of all MIB object instances which have a common Object Identifier prefix to their names. Displays the bit mask. Displays whether a family of view subtrees is included or excluded from the MIB view.
SNMPv3 Group Table information The following command displays SNMPv3 group information: show snmp-server v3 group Command mode: All Sec Model ---------snmpv1 usm usm User Name ----------------------------v1v2only adminmd5 adminsha Group Name ------------------------------v1v2grp admingrp admingrp A group is a combination of security model and security name that defines the access rights assigned to all the security names belonging to that group. The group is identified by a group name.
SNMPv3 Target Address Table information The following command displays SNMPv3 target address information: show snmp-server v3 target-address Command mode: All Name Transport Addr Port Taglist Params ---------- --------------- ---- ---------- --------------trap1 47.81.25.66 162 v1v2trap v1v2param This command displays the SNMPv3 target address table information, which is stored in the SNMP engine. The following table describes the SNMPv3 Target Address Table information.
SNMPv3 Notify Table information The following command displays the SNMPv3 Notify Table: show snmp-server v3 notify Command mode: All Name Tag -------------------- -------------------v1v2trap v1v2trap The following table describes the SNMPv3 Notify Table information. Table 15 SNMPv3 Notify Table information Field Description Name Tag The locally arbitrary, but unique identifier associated with this snmpNotifyEntry.
SNMPv3 dump The following command displays SNMPv3 information: show snmp-server v3 Command mode: All Engine ID = 80:00:07:50:03:00:0F:6A:F8:EF:00 usmUser Table: User Name Protocol -------------------------------- -------------------------------admin NO AUTH, NO PRIVACY adminmd5 HMAC_MD5, DES PRIVACY adminsha HMAC_SHA, DES PRIVACY v1v2only NO AUTH, NO PRIVACY vacmAccess Group Name ---------admin v1v2grp admingrp Table: Model ------usm snmpv1 usm Level -----------noAuthNoPriv noAuthNoPriv authPriv ReadV --
System information The following command displays system information: show sys-info Command mode: All System Information at Time zone: Asia/Tokyo 6:56:22 Thu Jan 11, 2006 Blade Network Technologies 1Gb Intelligent L2 Switch sysName: sysLocation: RackId: NEC01A 6X00125 RackName: Default_Rack_Name EnclosureSerialNumber: NEC01A 6X00125 EnclosureName: Default_Chassis_Name BayNumber: 1 Switch is up 0 days, 14 hours, 56 minutes and 22 seconds.
Show recent syslog messages The following command displays system log messages: show logging messages Command mode: All Date ---Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Time ---17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:42 17:25:42 17:25:42 17:25:42 17:25:42 17:25:42 Severity level ----------------NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE N
The following table describes the user status information. Table 16 User status Information Field Usage user oper admin Current User ID Table Displays the status of the user access level. Displays the status of the oper (operator) access level. Displays the status of the admin (administrator) access level. Displays the status of configured user IDs. Layer 2 information The following table describes the Layer 2 Information commands. The following sections provide more detailed information and commands.
FDB information commands The forwarding database (FDB) contains information that maps the media access control (MAC) address of each known device to the switch port where the device address was learned. The FDB also shows which other ports have seen frames destined for a particular MAC address. NOTE: The master forwarding database supports up to 8K MAC address entries on the management processor (MP) per switch.
Link Aggregation Control Protocol information The following table describes the Link Aggregation Control Protocol information commands. Table 19 LACP information commands Command Usage show interface gigabitEthernet lacp information Displays LACP aggregator information for the port. Command mode: All show lacp Displays LACP information for the port. Command mode: All show lacp information Displays all LACP information parameters.
Spanning Tree information The following table describes the Spanning Tree Protocol (STP) information commands. Table 20 STP information commands Command Usage show spanning-tree stp <1-32> Displays information about the spanning tree group. Command mode: All show spanning-tree stp <1-32> bridge Displays STP bridge information. Command mode: All show spanning-tree stp <1-32> information Displays STP information. Command mode: All show spanning-tree Displays all STP information.
Table 21 STP parameters Parameter Description Current Root Shows information about the root bridge for the Spanning Tree. Information includes the priority (hex) and MAC address of the root. Path-cost is the total path cost to the root bridge. It is the summation of the path cost between bridges (up to the root bridge). The current root port refers to the port on the switch that receives data from the current root. Zero (0) indicates the root bridge of the STP.
The switch software can be set to use the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) or the IEEE 802.1s Multiple Spanning Tree Protocol (MSTP).
Common Internal Spanning Tree information The following command displays Common Internal Spanning Tree (CIST) information: show spanning-tree mstp cist information Command mode: All Mstp Digest: 0xac36177f50283cd4b83821d8ab26de62 Common Internal Spanning Tree: VLANs: 1 3-4094 Current Root: 8000 00:03:42:fa:3b:80 Path-Cost 11 Port 1 MaxAge 20 FwdDel 15 CIST Regional Root: Path-Cost 8000 00:03:42:fa:3b:80 11 Parameters: Port ---1 2 3 4 5 6 7 8 9 10 11 12 Prio ---128 128 128 128 128 128 128 128 128 128 1
You can also refer to the following port-specific CIST information: Port number and priority Cost State Role Designated bridge and port Hello interval Link type and port type The following table describes the CIST parameters. Table 23 Common Internal Spanning Tree parameter descriptions Parameter Description CIST Root Shows information about the root bridge for the Common Internal Spanning Tree (CIST). Values on this row of information refer to the CIST root.
Trunk group information The following command displays Trunk Group information: show portchannel information Command mode: All Trunk group 1, Enabled port state: 17: STG 1 forwarding 18: STG 1 forwarding When trunk groups are configured, you can view the state of each port in the various trunk groups. NOTE: If Spanning Tree Protocol on any port in the trunk group is set to forwarding, the remaining ports in the trunk group are set to forwarding.
Layer 3 information The following table describes basic Layer 3 Information commands. The following sections provide more detailed information and commands. Layer 3 functionality is limited in this release. Table 25 Layer 3 information commands Command Usage show ip arp Displays Address Resolution Protocol (ARP) Information. Command mode: All except User EXEC Displays IP Information.
Show all ARP entry information The following command displays ARP information: show ip arp Command mode: All except User EXEC IP address Flags --------------- ----192.168.2.4 192.168.2.19 192.168.2.61 P MAC address ----------------00:50:8b:b2:32:cb 00:0e:7f:25:89:b5 00:0f:6a:ed:46:00 VLAN ---1 1 1 Port ---18 17 The Flag field provides additional information about an entry. If no flag displays, the entry is normal.
IGMP multicast group information The following table describes the commands used to display information about IGMP groups learned by the switch. Table 28 IGMP Multicast Group commands Command Usage show ip igmp groups address show ip igmp groups vlan <1-4094> show ip igmp groups interface show ip igmp groups trunk <1-40> show ip igmp groups Displays a single IGMP multicast group by its IP address.
The following table describes the RMON History Information parameters. Table 30 RMON History Information Command Usage Index IFOID Interval Rbnum Displays the index number that identifies each history instance. Displays the MIB Object Identifier. Displays the time interval for each for each sampling bucket. Displays the number of requested buckets, which is the number of data slots into which data is to be saved. Displays the number of granted buckets that may hold sampled data.
The following table describes the RMON Alarm Information parameters. Table 31 RMON Alarm Information Command Usage Index Interval Displays the index number that identifies each alarm instance. Displays the time interval over which data is sampled and compared with the rising and falling thresholds.
Link status information The following command displays link information: show interface link Command mode: All -----------------------------------------------------------------Port Speed Duplex Flow Ctrl Link --------------- --TX-----RX------1 1000 any yes yes down 2 1000 any yes yes down 3 1000 full yes yes down 4 1000 full yes yes down 5 1000 any yes yes down 6 1000 any yes yes down 7 1000 any yes yes down 8 1000 full yes yes up 9 1000 full yes yes down 10 1000 full yes yes down 11 1000 any yes yes down 1
Port information The following command displays port information: show interface information Command mode: All Port Tag RMON PVID NAME ---- --- ---- ---- -------------1 n d 1 Downlink1 2 n d 1 Downlink2 3 n d 1 Downlink3 4 n d 1 Downlink4 5 n d 1 Downlink5 6 n d 1 Downlink6 7 n d 1 Downlink7 8 n d 1 Downlink8 9 n d 1 Downlink9 10 n d 1 Downlink10 11 n d 1 Downlink11 12 n d 1 Downlink12 13 n d 1 Downlink13 14 n d 1 Downlink14 15 n d 1 Downlink15 16 n d 1 Downlink16 17 n d 1 Xconnect1 18 n d 1 Xconnect2 19 n
Logical Port to GEA Port mapping The following command displays information about GEA ports: show geaport Command mode: All Logical Port -----------1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 GEA Port(0-based) ----------------1 2 4 7 8 12 13 14 0 3 5 6 9 10 11 15 16 17 18 19 23 22 21 20 GEA Unit --------0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 This display correlates the logical port number to the GEA unit on which each port resides.
Uplink Failure Detection information The following table describes the commands used to display information about UFD (Uplink Failure Detection). Table 33 UFD commands Command Usage show ufd Displays information for the current UFD. Command mode: All Displays information for a FDP (Failure Detection Pair). Command mode: All Displays information for all LTD (Link to Disable). Command mode: All Displays information for all LTM (Link to Monitor).
Statistics commands Introduction You can view switch performance statistics in the user, operator, and administrator command modes. This chapter discusses how to use the ISCLI to display switch statistics. The following table describes general Statistics commands. Table 34 Statistics commands Command Usage show layer3 counters Displays Layer 3 Statistics. Command mode: All Displays SNMP statistics. Command mode: All Displays Network Time Protocol (NTP) Statistics.
Bridging statistics Use the following command to display the bridging statistics of the selected port: show interface gigabitethernet bridging-counters Command mode: All Bridging statistics for port 1: dot1PortInFrames: dot1PortOutFrames: dot1PortInDiscards: dot1TpLearnedEntryDiscards: dot1StpPortForwardTransitions: 63242584 63277826 0 0 0 The following table describes the bridging statistics for a selected port: Table 36 Bridging statistics for port Statistics Description dot1PortInFrames
The following table describes the Ethernet statistics for a selected port: Table 37 Ethernet statistics for port Statistics Description dot3StatsAlignmentErrors A count of frames received on a particular interface that are not an integral number of octets in length and do not pass the Frame Check Sequence (FCS) check. The count represented by an instance of this object is incremented when the alignmentError status is returned by the MAC service to the Logical Link Control (LLC) (or other MAC user).
Table 37 Ethernet statistics for port Statistics Description dot3StatsFrameTooLongs A count of frames received on a particular interface that exceeds the maximum permitted frame size. The count represented by an instance of this object is incremented when the frameTooLong status is returned by the MAC service to the LLC (or other MAC user). Received frames for which multiple error conditions obtained are, according to the conventions of IEEE 802.
Table 38 Interface statistics for port Statistics Description UcastPkts—IfHCOut The total number of packets that higher-level protocols requested to be transmitted, and which were not addressed to a multicast or broadcast address at this sublayer, including those that were discarded or not sent. The total number of packets that higher-level protocols requested to be transmitted, and which were addressed to a broadcast address at this sublayer, including those that were discarded or not sent.
Link statistics Use the following command to display the link statistics of the selected port: show interface gigabitethernet link-counters Command mode: All Link statistics for port 1: linkStateChange: 2 The following table describes the link statistics for a selected port: Table 40 Link statistics for port Statistic Description linkStateChange The total number of link state changes.
Table 41 RMON statistics Statistic Description etherStatsOversizePkts The total number of packets received that were longer than 1518 octets (excluding framing bits but including FCS octets) and were otherwise well formed.
Layer 2 statistics The following table describes the Layer 2 statistics commands. The following sections provide more detailed information and commands. Table 42 Layer 2 Statistics commands Command Usage show mac-address-table counters Displays the Forwarding Database statistics. Command mode: All Displays Link Aggregation Control Protocol (LACP) statistics.
Layer 3 statistics The following table describes basic Layer 3 statistics commands. The following sections provide more detailed information and commands. Layer 3 functionality is limited in this release. Table 44 Layer 3 Statistics commands Command Usage show ip counters Displays IP statistics. Command mode: All except UserEXEC Clears IP statistics. Use this command with caution as it deletes all the IP statistics. Command mode: All except UserEXEC Displays Address Resolution Protocol (ARP) statistics.
Table 45 IP statistics Statistics Description ipInDiscards The number of input IP datagrams for which no problems were encountered to prevent their continued processing, but which were discarded (for example, for lack of buffer space). This counter does not include any datagrams discarded while awaiting re-assembly. The total number of input datagrams successfully delivered to IP user-protocols (including ICMP).
DNS statistics show ip dns counters Command mode: All except User EXEC DNS statistics: dnsInRequests: dnsBadRequests: 0 0 dnsOutRequests: 0 The following table describes the Domain Name System (DNS) statistics: Table 47 DNS statistics Statistic Description dnsInRequests dnsOutRequests dnsBadRequests The total number of DNS request packets that have been received. The total number of DNS response packets that have been transmitted. The total number of DNS request packets received that were dropped.
Table 48 ICMP statistics Statistics Description icmpOutErrors The number of ICMP messages that this switch did not send due to problems discovered within ICMP such as a lack of buffer. This value should not include errors discovered outside the ICMP layer such as the inability of IP to route the resultant datagram. In some implementations there may be no types of errors that contribute to this counter's value. The number of ICMP Destination Unreachable messages sent.
Table 49 TCP statistics Statistics Description tcpEstabResets The number of times TCP connections have made a direct transition to the CLOSED state from either the ESTABLISHED state or the CLOSE- WAIT state. The total number of segments received, including those received in error. This count includes segments received on currently established connections. The total number of segments sent, including those on current connections but excluding those containing only retransmitted octets.
IGMP Multicast Group statistics The following command displays statistics about the use of the IGMP Multicast Groups: show ip igmp counters Command mode: All except User EXEC -----------------------------------------------------------IGMP Snoop vlan 1 statistics: -----------------------------------------------------------rxIgmpValidPkts: 0 rxIgmpInvalidPkts: 0 rxIgmpGenQueries: 0 rxIgmpGrpSpecificQueries: 0 rxIgmpLeaves: 0 rxIgmpReports: 0 txIgmpReports: 0 txIgmpGrpSpecificQueries: 0 txIgmpLeaves: 0 These c
Management Processor statistics The following table describes the MP-specific Statistics commands. The following sections provide more detailed information and commands. Table 53 MP-specific Statistics commands Command Usage show mp packet Displays packet statistics, to check for leads and load. Command mode: All Displays all Transmission Control Protocol (TCP) control blocks (TCB) that are in use. Command mode: All Displays all User Datagram Protocol (UDP) control blocks (UCB) that are in use.
TCP statistics The following command displays TCP statistics: show mp tcp-block Command mode: All All TCP allocated control blocks: 10ad41e8: 0.0.0.0 0 <=> 0.0.0.0 10ad5790: 47.81.27.5 1171 <=> 47.80.23.
SNMP statistics The following command displays SNMP statistics: show snmp-server counters Command mode: All SNMP statistics: snmpInPkts: snmpInBadC'tyNames: snmpInASNParseErrs: snmpOutPkts: snmpInTooBigs: snmpInBadValues: snmpInGenErrs: snmpInTotalSetVars: snmpInGetNexts: snmpInGetResponses: snmpOutTooBigs: snmpOutBadValues: snmpOutGenErrs: snmpOutGetNexts: snmpOutGetResponses: snmpSilentDrops: 54 0 0 54 0 0 0 0 52 0 0 0 0 0 54 0 snmpInBadVersions: snmpInBadC'tyUses: snmpEnableAuthTraps: snmpInBadTypes: s
Table 58 SNMP statistics Statistics Description snmpInReadOnlys The total number of valid SNMP Protocol Data Units (PDUs), which were delivered to the SNMP protocol entity and for which the value of the error-status field is read-only. It should be noted that it is a protocol error to generate an SNMP PDU, which contains the value read-only in the error-status field. As such, this object is provided as a means of detecting incorrect implementations of the SNMP.
NTP statistics The following command displays NTP statistics: show ntp counters Command mode: All NTP statistics: Primary Server: Requests Sent: Responses Received: Updates: Secondary Server: Requests Sent: Responses Received: Updates: 17 17 1 0 0 0 Last update based on response from primary server.
Uplink Failure Detection statistics The following command allows you to display Uplink Failure Detection (UFD) statistics.
Configuration Commands Introduction The Configuration commands are available only from an administrator login. They include commands for configuring every aspect of the switch. Changes can be saved to flash memory. The following table describes the basic Configuration commands. The following sections provide more detailed information and commands. Table 61 Configuration commands Command Usage show running-config Dumps current configuration to a script file.
System configuration These commands allow you to configure switch management parameters such as user and administrator privilege mode passwords, browser-based management settings, and management access list. The following table describes the System Configuration commands. Table 62 System Configuration commands Command Usage system date - Prompts the user for the system date. Command mode: Global configuration Configures the system time using a 24-hour clock format.
System host log configuration The following table describes the Syslog Configuration commands. Table 63 Syslog Configuration commands Command Description [no] logging host <1-2> address Sets the IP address of the first or second syslog host. For example, 100.10.1.1 Command mode: Global configuration Sets the severity level of the first or second syslog host displayed. The default is 7, which means log all the severity levels.
Secure Shell Server configuration Telnet traffic on the network is not secure. These commands enable Secure Shell (SSH) access from any SSH client. The SSH program securely logs into another computer over a network and executes commands in a secure environment. All data using SSH is encrypted. Secure Shell can be configured on the switch using the console port only. The commands are not available if you access the switch using Telnet or the Browser-based Interface (BBI).
RADIUS server configuration NOTE: See the Application Guide for information on RADIUS. The following table describes the RADIUS Server Configuration commands. Table 65 RADIUS Server Configuration commands Command Description [no] radius-server primary-host key <1-32 characters> [no] radius-server secondaryhost key <1-32 characters> radius-server port Sets the primary RADIUS server address and shared secret between the switch and the RADIUS server(s).
TACACS+ server configuration TACACS+ (Terminal Access Controller Access Control System) is an authentication protocol that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be allowed to a given system. TACACS+ and Remote Authentication Dial-In User Service (RADIUS) protocols are more secure than the TACACS encryption protocol. TACACS+ is described in RFC 1492.
IMPORTANT: If TACACS+ is enabled, you must login using TACACS+ authentication when connecting via the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can connect using notacacs and the administrator password even if the backdoor (telnet) or secure backdoor (secbd) are disabled. If Telnet backdoor is enabled (telnet ena), type in notacacs as a backdoor to bypass TACACS+ checking, and use the administrator password to log into the switch.
System SNMP configuration The switch software supports SNMP-based network management. In SNMP model of network management, a management station (client/manager) accesses a set of variables known as MIBs (Management Information Base) provided by the managed device (agent).
SNMPv3 configuration SNMP version 3 (SNMPv3) is an extensible SNMP Framework that supplements the SNMPv2 Framework by supporting the following: a new SNMP message format security for messages access control remote configuration of SNMP parameters For more details on the SNMPv3 architecture please see RFC2271 to RFC2275. The following table describes the SNMPv3 Configuration commands.
SNMPv3 User Security Model configuration You can make use of a defined set of user identities using this Security Model. An SNMP engine must have the knowledge of applicable attributes of a user. These commands help you create a user security model entry for an authorized user. You need to provide a security name to create the USM entry. The following table describes the User Security Model Configuration commands.
SNMPv3 View-based Access Control Model configuration The view-based Access Control Model defines a set of services that an application can use for checking access rights of the user. Access control is needed when the user has to process SNMP retrieval or modification request from an SNMP entity. The following table describes the User Access Control Configuration commands.
SNMPv3 Community Table configuration These commands are used for configuring the community table entry. The configured entry is stored in the community table list in the SNMP engine. This table is used to configure community strings in the Local Configuration Datastore (LCD) of SNMP engine. The following table describes the SNMPv3 Community Table Configuration commands.
SNMPv3 Target Parameters Table configuration You can configure the target parameters entry and store it in the target parameters table in the SNMP engine. This table contains parameters that are used to generate a message. The parameters include the message processing model (for example: SNMPv3, SNMPv2c, SNMPv1), the security model (for example: USM), the security name, and the security level (noAuthnoPriv, authNoPriv, or authPriv).
System Access configuration The following table describes the System Access Configuration commands. Table 78 System Access Configuration commands Command Description [no] access http enable Enables or disables HTTP (Web) access to the Browser-based Interface. It is enabled by default. Command mode: Global configuration Sets the switch port used for serving switch Web content. The default is HTTP port 80. Command mode: Global configuration Disables or provides read-only/write-read SNMP access.
User Access Control configuration The following table describes the User Access Control commands. Table 80 User Access Control Configuration commands Command Description access user Configures the User ID. Command mode: Global configuration access user eject <1-10> Ejects the selected user from the switch. Command mode: Global configuration Sets the user (user) password (maximum of 128 characters). The user has no direct responsibility for switch management.
HTTPS Access configuration The following table describes the HTTPS Access Configuration commands. Table 82 HTTPS Access Configuration commands Command Description [no] access https enable Enables or disables BBI access (Web access) using HTTPS. The default value is disabled. Command mode: Global configuration Defines the HTTPS Web server port number. The default is 443. Command mode: Global configuration Allows you to generate a certificate to connect to the SSL to be used during the key exchange.
Port configuration Use the port configuration commands to configure settings for individual switch ports. NOTE: Port 19 is reserved for switch management interface. The following table describes the Port Configuration commands. The following sections provide more detailed information and commands. Table 83 Port Configuration commands Command Description interface gigabitethernet pvid <1-4095> Enter Interface Port configuration mode for the selected port.
Port link configuration Use these commands to set port parameters for the port link. Link commands are described in the following table. Using these commands, you can set port parameters such as speed, duplex, flow control, and negotiation mode for the port link. The following table describes the Gigabit Link Configuration commands. Table 84 Gigabit Link Configuration commands Command Description speed {10|100|1000|auto} Sets the link speed. Not all options are valid on all ports.
Rapid Spanning Tree Protocol / Multiple Spanning Tree Protocol configuration The switch supports the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) and IEEE 802.1s Multiple Spanning Tree Protocol (MSTP). MSTP allows you to map many VLANs to a small number of spanning tree groups, each with its own topology. You can configure up to 31 spanning tree groups on the switch (STG 32 is reserved for switch management).
Common Internal Spanning Tree configuration The Common Internal Spanning Tree (CIST) provides compatibility with different MSTP regions and with devices running different Spanning Tree instances. It is equivalent to Spanning Tree Group 0. The following table describes the commands used to configure CIST commands. Table 87 CIST Configuration commands Command Description spanning-tree mstp cist-add-vlan <1-4095> Adds VLANs to the CIST. Enter one VLAN per line, and press Enter to add the VLANs.
CIST port configuration CIST port parameters are used to modify MRST operation on an individual port basis. CIST parameters do not affect operation of STP/PVST. For each port, CIST is turned on by default. Port parameters include: Port priority Port path cost Port Hello time Link type Edge On and off Current port configuration The port option of MRST is turned on by default. The following table describes the commands used to configure CIST Port Configuration commands.
Spanning Tree configuration The switch supports the IEEE 802.1D Spanning Tree Protocol (STP) and Cisco proprietary PVST and PVST+ protocols. You can configure up to 31 spanning tree groups on the switch (STG 32 is reserved for switch management). Spanning Tree is turned on by default. NOTE: When RSTP is turned on, only STP group 1 can be configured. The following table describes the Spanning Tree Configuration commands.
Bridge Spanning Tree configuration Spanning tree bridge parameters can be configured for each Spanning Tree Group. STP bridge parameters include: Bridge priority Bridge hello time Bridge maximum age Forwarding delay Current bridge configuration The following table describes the Bridge Spanning Tree Configuration commands. Table 91 Bridge Spanning Tree Configuration commands Command Description spanning-tree stp <1-32> bridge priority <0-65535> Configures the bridge priority.
Spanning Tree port configuration By default for STP/PVST+, Spanning tree is turned Off for downlink ports (1-16), and turned On for cross-connect ports (17-18), and uplink ports (20-24). By default for RSTP/MSTP, Spanning tree is turned Off for all downlink ports (1-16) configured as Edge ports, and turned On for cross-connect ports (17-18) and all uplink ports (20-24). Spanning tree port parameters are used to modify STP operation on an individual port basis.
Forwarding Database configuration The following table describes the Forwarding Database Configuration commands. Table 93 FDB Configuration commands Command Description mac-address-table aging <0-65535> show mac-address-table Configures the aging value for FDB entries. The default value is 300. Command mode: Global configuration Displays current FDB parameters. Command mode: All Static FDB configuration The following table describes the Static FDB Configuration commands.
Layer 2 IP Trunk Hash configuration Trunk hash parameters are set globally for this switch. You can enable one or two parameters, to configure any of the following valid combinations: SMAC (source MAC only) DMAC (destination MAC only) SIP (source IP only) DIP (destination IP only) SIP + DIP (source IP and destination IP) SMAC + DMAC (source MAC and destination MAC) The following table describes the IP Trunk Hash Configuration commands.
LACP Port configuration The following table describes the LACP Port Configuration commands. Table 98 LACP Port Configuration commands Command Description lacp mode {off|active|passive} Set the LACP mode for this port, as follows: off Turn LACP off for this port. You can use this port to manually configure a static trunk. The default value is off. active Turn LACP on and set this port to active. Active ports initiate LACPDUs. passive Turn LACP on and set this port to passive.
IMPORTANT: All ports must belong to at least one VLAN. Any port which is removed from a VLAN and which is not a member of any other VLAN is automatically added to default VLAN 1. You cannot remove a port from VLAN 1 if the port has no membership in any other VLAN. Also, you cannot add a port to more than one VLAN unless the port has VLAN tagging turned on. Layer 3 configuration The following table describes basic Layer 3 Configuration commands.
Default Gateway configuration The switch supports up to four gateways. By default, no gateways are configured on the switch. Enter 1, 2, 3, or 4 in the command as the , depending upon which gateway you want to configure. Gateway 4 is reserved for switch management. The following table describes the Default IP Gateway Configuration commands.
IGMP configuration IGMP Snooping allows the switch to forward multicast traffic only to those ports that request it. IGMP Snooping prevents multicast traffic from being flooded to all ports. The switch learns which server hosts are interested in receiving multicast traffic, and forwards it only to ports connected to those servers. IGMP snooping configuration The following table describes the IGMP Snooping Configuration commands.
IGMP static multicast router configuration The following table describes the Static Multicast Router Configuration commands. NOTE: When you configure a static multicast router on a VLAN, the process of learning multicast routers is disabled for that VLAN.
IGMP filtering port configuration The following table describes the IGMP Port Filtering Configuration commands. Table 108 IGMP Filtering Port commands Command Description [no] ip igmp filtering Enables or disables IGMP Filtering on this port. The default is disabled. Command mode: Interface port Adds an IGMP filter to this port. Command mode: Interface port Removes an IGMP filter from this port. Command mode: Interface port Displays the current IGMP filter parameters for this port.
Remote Monitoring configuration Remote Monitoring (RMON) allows you to monitor traffic flowing through the switch. The RMON MIB is described in RFC 1757. The following table describes the RMON Configuration commands. Table 110 RMON commands Command Description show rmon Displays the current RMON configuration. Command mode: All RMON history configuration The switch supports up to five History Groups. The following table describes the RMON History commands.
Table 112 RMON Event commands Command Description no rmon event <1-65535> Deletes this event index. Command mode: Global configuration Displays the current RMON Event parameters. Command mode: All show rmon event RMON alarm configuration The Alarm RMON group can track rising or falling values for a MIB object. The MIB object must be a counter, gauge, integer, or time interval. Each alarm index must correspond to an event index that triggers once the alarm threshold is crossed.
Port mirroring Port Mirroring is used to configure, enable, and disable the monitored port. When enabled, network packets being sent and/or received on a target port are duplicated and sent to a monitor port. By attaching a network analyzer to the monitor port, you can collect detailed information about your network performance and usage. Port mirroring is disabled by default. NOTE: See the ―Troubleshooting tools‖ appendix in the Application Guide for information on how to use port mirroring.
Uplink Failure Detection configuration Uplink Failure Detection (UFD) supports network fault tolerance in network adapter teams. Use these commands to configure a Failure Detection Pair of one Links to Monitor (LtM) group and one Links to Disable (LtD) group. When UFD is enabled and a Failure Detection Pair is configured, the switch automatically disables ports in the LtD if it detects a failure in the LtM.
Link to Monitor configuration The following table describes the Link to Monitor (LtM) commands. The LtM can consist of only one uplink port (ports 20-24) a single trunk containing only uplink ports, or a single LACP trunk containing only uplink ports. The commands depend on the software version. Table 118 Link to Monitor commands Command Description ltm port Adds a port to the LtM. Only uplink ports (20-24) are allowed in the LtM.
Configuration Dump The dump program writes the current switch configuration to the terminal screen. To start the dump program, at the prompt, enter: Switch(config)# show running-config The configuration is displayed with parameters that have been changed from the default values. The screen display can be captured, edited, and placed in a script file, which can be used to configure other switches. Paste the configuration commands from the script file at the command line prompt of the switch.
Operations Commands Introduction Operations-level commands are used for making immediate and temporary changes to switch configuration. Operations commands are used for bringing ports temporarily in and out of service. These commands are available only from an administrator and operator login. The following table describes basic Operations commands. The following sections provide more detailed information and commands.
Boot Options Introduction You must be logged in to the switch as the administrator to use the Boot Options commands. The Boot Options allow you to perform the following functions: Select a switch software image to be used when the switch is next reloaded. Select a configuration block to be used when the switch is next reloaded. Download or upload a new software image to the switch via FTP/TFTP. Each of the Boot Options commands is discussed in the following sections.
The exact form of the name will vary by FTP/TFTP server. However, the file location is normally relative to the FTP/TFTP directory. 5. Enter the user name, if you are using a FTP server: Enter username for FTP server or hit return for TFTP server: 6. Enter the password for the FTP server (if prompted): Enter password for username on FTP server: 7. The system prompts you to confirm your request.
Uploading a software image from the switch You can upload a software image from the switch to a FTP/TFTP server. 1. In Privileged EXEC mode, enter: Switch# copy {image1|image2|boot-image} tftp or Switch# copy {image1|image2|boot-image} ftp 2. The system prompts you for information. Enter the desired image: Enter name of switch software image to be uploaded ["image1"|"image2"|"boot"]: 3.
Resetting the switch You can reset the switch to make your software image file and configuration block changes occur. Resetting the switch causes the Spanning Tree Protocol to restart. This process can be lengthy, depending on the topology of your network. To reset the switch, at the prompt, enter: >> Switch# reload You are prompted to confirm your request.
Maintenance Commands Introduction The Maintenance commands are used for debugging purposes, enabling you to generate a technical support dump of the critical state information in the switch, and to clear entries in the Forwarding Database and the Address Resolution Protocol (ARP) and routing tables. These commands are available only from an administrator login.
Debugging options The Miscellaneous Debug commands display trace buffer information about events that can be helpful in understanding switch operation. You can view the following information using Debug commands: Events traced by the management processor (MP) Events traced to a buffer area when a reset occurs If the switch resets for any reason, the management processor (MP) trace buffer is saved into the snap trace buffer area. The output from these commands can be interpreted by NEC technical support.
IGMP Snooping maintenance The following table describes the IGMP Snooping Maintenance commands. Table 126 IGMP Snooping Maintenance commands Command Usage show ip igmp groups address show ip igmp groups vlan <1-4094> Shows a single IGMP Multicast group by IP address. Command mode: All except User EXEC Shows IGMP Multicast groups on a single VLAN. Command mode: All except User EXEC Shows IGMP Multicast groups on a single port.
Uuencode flash dump show flash-dump-uuencode Command mode: All Using this command, dump information is presented in uuencoded format. This format makes it easy to capture the dump information as a file or a string of characters. If you want to capture dump information to a file, set your communication software on your workstation to capture session data prior to issuing the command. This will ensure that you do not lose any information.
Panic command The panic command causes the switch to dump state information immediately to flash memory and reboot. To select panic, at the prompt, enter: >> Switch# debug panic A FLASH dump already exists. Confirm replacing existing dump and reboot [y/n]: Enter y to confirm the command: Dump and reboot [y/n]: y A list of messages is displayed: Starting system dump...done. Reboot at 11:54:08 Wednesday October 30, 2006... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
