N8406-023 1Gb Intelligent L3 Switch Command Reference Guide (AOS) Part number: 856-126757-204-00 Second edition: Oct 2007 456-01770-000 PN# 456-01770-000
Legal notices © 2007 NEC Corporation The information contained herein is subject to change without notice. The only warranties for NEC products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. NEC shall not be liable for technical or editorial errors or omissions contained herein. Microsoft®, Windows®, and Windows NT® are U.S. registered trademarks of Microsoft Corporation.
Contents Command line interface Introduction ............................................................................................................................................................. 8 Additional references .............................................................................................................................................. 8 Connecting to the switch ...................................................................................................................
Route information ................................................................................................................................................. 40 Show all Route information ............................................................................................................................. 41 ARP information ...................................................................................................................................................
ACL statistics .................................................................................................................................................. 79 SNMP statistics .................................................................................................................................................... 79 NTP statistics ........................................................................................................................................................
Network Filter configuration ................................................................................................................................ 120 Route Map configuration .................................................................................................................................... 120 IP Access List configuration ...............................................................................................................................
Menu information ................................................................................................................................................ 155 Updating the switch software image ................................................................................................................... 155 Downloading new software to the switch ...................................................................................................... 155 Selecting a software image to run ...........
Command line interface Introduction The 1Gb Intelligent L3 Switch is ready to perform basic switching functions right out of the box. Some of the more advanced features, however, require some administrative configuration before they can be used effectively.
To establish a console connection with the switch: 1. Connect the terminal to the console port using the null modem cable. 2. Power on the terminal. 3. Press the Enter key a few times on the terminal to establish the connection. 4. You will be required to enter a password for access to the switch. (For more information, see the ―Setting passwords‖ section in the ―First-time configuration‖ chapter.
The supported SSH encryption and authentication methods are listed below. Server Host Authentication—Client RSA authenticates the switch in the beginning of every connection Key Exchange—RSA Encryption: AES256-CBC AES192-CBC AES128-CBC 3DES-CBC 3DES ARCFOUR User Authentication—Local password authentication; Remote Authentication Dial-in User Service (RADIUS) The following SSH clients are supported: SSH 3.0.1 for Linux (freeware) SecureCRT® 4.1.8 (VanDyke Technologies, Inc.) OpenSSH_3.
Table 2 User access levels User account Description and tasks performed User The user has no direct responsibility for switch management. He or she can view all switch status information and statistics, but cannot make any configuration changes to the switch. The user account is enabled by default, and the default password is user. The operator manages all functions of the switch. The operator can reset ports or the entire switch. By default, the operator account is disabled and has no password.
Menu basics Introduction The AOS CLI is used for viewing switch information and statistics. In addition, the administrator can use the CLI for performing all levels of switch configuration. To make the CLI easy to use, the various commands have been logically grouped into a series of menus and submenus. Each menu displays a list of commands and/or submenus that are available, along with a summary of what each command will do.
Global commands Some basic commands are recognized throughout the menu hierarchy. These commands are useful for obtaining online Help, navigating through menus, and for applying and saving configuration changes. For help on a specific command, type help. The following screen displays: Global Commands: [can be issued from any menu] help up print lines verbose exit diff apply save ping traceroute telnet pushd popd who pwd quit revert history The following are used to navigate the menu structure: .
Table 4 Global commands Command Action pushd popd who Remembers the current location in the directory of menu commands. Returns to the last pushd location. Displays users who are logged in. Command line history and editing Using the command line interface, you can retrieve and modify previously entered commands with just a few keystrokes.
Command line interface shortcuts The following shortcuts allow you to enter commands quickly and easily. Command stacking As a shortcut, you can type multiple commands on a single line, separated by forward slashes (/). You can connect as many commands as required to access the menu option that you want.
First-time configuration Introduction This chapter describes how to perform first-time configuration and how to change system passwords. To begin first-time configuration of the switch, perform the following steps. 1. Connect to the switch console. After connecting, the login prompt displays. Blade Network Technologies 1Gb Intelligent L3 Switch. Enter password: 2. Enter admin as the default administrator password. The system displays the Main Menu with administrator privileges.
4. Apply and save configuration if you are not configuring the switch with Telnet support. Otherwise apply and save after the performing the ―Optional Setup for Telnet Support‖ steps. >> System# apply >> System# save Setting passwords NEC recommends that you change all passwords after initial configuration and as regularly as required under the network security policies. See the ―Accessing the switch‖ section in the ―Command line interface‖ chapter for a description of the user access levels.
[System Menu] syslog - Syslog Menu sshd - SSH Server Menu radius - RADIUS Authentication Menu tacacs+ - TACACS+ Authentication Menu ntp - NTP Server Menu ssnmp - System SNMP Menu access - System Access Menu date - Set system date time - Set system time timezone - Set system timezone (daylight savings) olddst - Set system DST for US dlight - Set system daylight savings idle - Set timeout for idle CLI sessions notice - Set login notice bannr - Set login banner hprompt - Enable/disable display hostname (sysNam
5. Enter the current administrator password at the prompt. Only the administrator can change the user password. Entering the administrator password confirms your authority. Changing USER password; validation required... Enter current administrator password: 6. Enter the new user password at the prompt: Enter new user password: 7. Enter the new user password, again, at the prompt: Re-enter new user password: 8.
Information Menu Introduction You can view configuration information for the switch in the user, operator, and administrator command modes. This chapter discusses how to use the CLI to display switch information.
System Information Menu Command: /info/sys [System Menu] snmpv3 general log user dump - SNMPv3 Information Menu Show general system information Show last 100 syslog messages Show current user status Dump all system information The following table describes the System Information Menu options. Table 7 System Information Menu options Command Usage snmpv3 general Displays the SNMP v3 Menu.
The following table describes the SNMPv3 Information Menu options. Table 8 SNMPv3 Information Menu options Command Usage usm view access group Displays User Security Model (USM) table information. Displays information about view name, subtrees, mask and type of view. Displays View-based Access Control information. Displays information about the group that includes the security model, user name, and group name. Displays information about the community table. Displays the Target Address table.
SNMPv3 View Table information Command: /info/sys/snmpv3/view View Name Subtree ------------------ ---------------------------iso 1 v1v2only 1 v1v2only 1.3.6.1.6.3.15 v1v2only 1.3.6.1.6.3.16 v1v2only 1.3.6.1.6.3.
The following table describes the SNMPv3 Access Table information. Table 11 SNMPv3 Access Table parameters Field Description Group Name Model Level Displays the name of group. Displays the security model used, for example, SNMPv1, or SNMPv2 or USM. Displays the minimum level of security required to gain rights of access. For example, noAuthNoPriv, authNoPriv, or auth-Priv. Displays the MIB view to which this entry authorizes the read access.
Table 14 SNMPv3 Target Address Table parameters Field Description Name Displays the locally arbitrary, but unique identifier associated with this snmpTargetAddrEntry. Displays the transport addresses. Displays the SNMP UDP port number. This column contains a list of tag values which are used to select target addresses for a particular SNMP message. The value of this object identifies an entry in the snmpTargetParamsTable.
SNMPv3 dump Command: /info/sys/snmpv3/dump Engine ID = 80:00:07:50:03:00:0F:6A:F8:EF:00 usmUser Table: User Name Protocol -------------------------------- -------------------------------admin NO AUTH, NO PRIVACY adminmd5 HMAC_MD5, DES PRIVACY adminsha HMAC_SHA, DES PRIVACY v1v2only NO AUTH, NO PRIVACY vacmAccess Group Name ---------admin v1v2grp admingrp Table: Model ------usm snmpv1 usm Level -----------noAuthNoPriv noAuthNoPriv authPriv ReadV ------org org org WriteV -------org org org vacmViewTreeFa
System information Command: /info/sys/gen System Information at Time zone: Asia/Tokyo 6:56:22 Thu Jan 11, 2006 Blade Network Technologies 1Gb Intelligent L3 Switch sysName: sysLocation: RackId: NEC01A 6X00125 RackName: Default_Rack_Name EnclosureSerialNumber: NEC01A 6X00125 EnclosureName: Default_Chassis_Name BayNumber: 1 Switch is up 0 days, 14 hours, 56 minutes and 22 seconds. Last boot: 17:25:38 Mon Jan 8, 2006 (software reset) MAC address: 00:10:00:01:00:01 IP (If 1) address: 10.14.4.
Date ---Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Time ---17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:42 17:25:42 17:25:42 17:25:42 17:25:42 17:25:42 Severity level ----------------NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE system: system: system
Layer 2 information Command: /info/l2 [Layer 2 Menu] fdb lacp 8021x stp cist trunk vlan gen dump - Forwarding Database Information Menu Link Aggregation Control Protocol Menu Show 802.1x information Show STP information Show CIST information Show Trunk Group information Show VLAN information Show general information Dump all layer 2 information The following table describes the Layer 2 Information menu options.
FDB information menu Command: /info/l2/fdb [Forwarding Database Menu] find - Show a single FDB entry by MAC address port - Show FDB entries on a single port vlan - Show FDB entries on a single VLAN state - Show FDB entries by state dump - Show all FDB entries The forwarding database (FDB) contains information that maps the media access control (MAC) address of each known device to the switch port where the device address was learned.
Link Aggregation Control Protocol information Command: /info/l2/lacp [LACP Menu] aggr port dump - Show LACP aggregator information for the port - Show LACP port information - Show all LACP ports information The following table describes the Link Aggregation Control Protocol Menu options. Table 20 LACP information Command Usage aggr port dump Displays LACP aggregator information for the port. Displays LACP information for the port. Displays all LACP information parameters.
802.
Table 21 802.1x information Field Description Backend Auth State Displays the Backend Authorization State.
The following table describes the STP parameters. Table 22 STP parameters Parameter Description Current Root Shows information about the root bridge for the Spanning Tree. Information includes the priority (hex) and MAC address of the root. Path-cost is the total path cost to the root bridge. It is the summation of the path cost between bridges (up to the root bridge). The current root port refers to the port on the switch that receives data from the current root.
Rapid Spanning Tree and Multiple Spanning Tree information Command: /info/l2/stp -----------------------------------------------------------------upfast disabled, update 40 -----------------------------------------------------------------Spanning Tree Group 1: On (RSTP) VLANs: 1-3 4095 Current Root: 8000 00:00:01:00:19:00 Parameters: Port ---1 2 3 4 5 6 7 8 9 10 11 12 Prio ---0 0 0 0 0 0 0 0 0 0 0 0 Priority 32768 Cost ---0 0 0 0 0 0 0 0 0 0 0 0 Path-Cost 0 Hello 9 MaxAge 20 Port Hello MaxAge FwdDel 0
The following table describes the STP parameters in RSTP or MSTP mode. Table 233 Rapid Spanning Tree parameter descriptions Parameter Description Current Root Shows information about the root bridge for the Spanning Tree. Information includes the priority (hex) and MAC address of the root. Path-cost is the total path cost to the root bridge. It is the summation of the path cost between bridges (up to the root bridge).
Common Internal Spanning Tree information Command: /info/l2/cist Mstp Digest: 0xac36177f50283cd4b83821d8ab26de62 Common Internal Spanning Tree: VLANs: 1 3-4094 Current Root: 8000 00:03:42:fa:3b:80 Path-Cost 11 Port 1 MaxAge 20 FwdDel 15 CIST Regional Root: Path-Cost 8000 00:03:42:fa:3b:80 11 Parameters: Port ---1 2 3 4 5 6 7 8 9 10 11 12 Priority 32768 MaxAge 20 FwdDel 15 Hops 20 Prio Cost State Role Designated Bridge Des Port Hello Type ---- ---- ------ ---- --------------------- -------- ----- -
The following table describes the CIST parameters. Table 24 Common Internal Spanning Tree parameter descriptions Parameter Description CIST Root Shows information about the root bridge for the Common Internal Spanning Tree (CIST). Values on this row of information refer to the CIST root. Shows information about the root bridge for this MSTP region. Values on this row of information refer to the regional root.
VLAN information Command: /info/l2/vlan VLAN ---1 2 7 11 14 15 16 17 18 20 21 22 24 300 4000 4095 Name Status -------------------------------- -----Default VLAN ena pc03p ena pc07f ena pc04u ena 8600-14 ena 8600-15 ena 8600-16 ena 8600-17 ena 35k-1 ena 35k-3 ena 35k-4 ena pc07z ena redlan ena ixiaTraffic ena bpsports ena Mgmt VLAN ena Ports ---------------4 5 2 7 11 14 15 16 17 18 20 21 22 24 1 12 13 23 3-6 8-10 19 This information display includes all configured VLANs and all member ports that have an a
The following table describes the Layer 3 Information Menu options. Table 26 Layer 3 information menu options Command route arp ospf rip ip igmp vrrp dump Usage Displays the IP Routing Menu.
Show all Route information Command: /info/l3/route/dump Status code: * Destination --------------* 11.0.0.0 * 11.0.0.1 * 11.255.255.255 * 12.0.0.0 * 12.0.0.1 * 12.255.255.255 * 13.0.0.0 * 47.0.0.0 * 47.133.88.0 * 172.30.52.223 * 224.0.0.0 * 224.0.0.5 best Mask --------------255.0.0.0 255.255.255.255 255.255.255.255 255.0.0.0 255.255.255.255 255.255.255.255 255.0.0.0 255.0.0.0 255.255.255.0 255.255.255.255 224.0.0.0 255.255.255.255 Gateway --------------11.0.0.1 11.0.0.1 11.255.255.255 12.0.0.1 12.0.0.
ARP information Command: /info/arp [Address Resolution Protocol Menu] find - Show a single ARP entry by IP address port - Show ARP entries on a single port vlan - Show ARP entries on a single VLAN addr - Show ARP entries for switch's interface dump - Show all ARP entries The Address Resolution Protocol (ARP) information includes IP address and MAC address of each entry, address status flags, VLAN, and port for the address, and port referencing information.
OSPF information Command: /info/l3/ospf [OSPF Information Menu] general - Show general information aindex - Show area(s) information if - Show interface(s) information virtual - Show details of virtual links nbr - Show neighbor(s) information dbase - Database Menu sumaddr - Show summary address list nsumadd - Show NSSA summary address list routes - Show OSPF routes dump - Show OSPF information The following table describes the OSPF Menu options.
OSPF general information Command: /info/l3/ospf/general OSPF Version 2 Router ID: 10.10.10.
Table 33 OSPF Database information Command Usage advrtr Takes advertising router as a parameter. Displays all the Link State Advertisements (LSAs) in the LS database that have the advertising router with the specified router ID, for example: 20.1.1.1. asbrsum | | Displays ASBR summary LSAs. The usage of this command is as follows: a. asbrsum adv-rtr 20.1.1.1 displays ASBR summary LSAs having the advertising router 20.1.1.1. b.
OSPF route codes information Command: /info/l3/ospf/routes Codes: IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 IA 10.10.0.0/16 via 200.1.1.2 IA 40.1.1.0/28 via 20.1.1.2 IA 80.1.1.0/24 via 200.1.1.2 IA 100.1.1.0/24 via 20.1.1.2 IA 140.1.1.0/27 via 20.1.1.2 IA 150.1.1.0/28 via 200.1.1.2 E2 172.18.1.1/32 via 30.1.1.2 E2 172.18.1.2/32 via 30.1.1.2 E2 172.18.1.3/32 via 30.1.1.2 E2 172.18.1.4/32 via 30.1.1.2 E2 172.18.1.
IP information Command: /info/l3/ip Interface information: 1: 47.80.23.243 255.255.254.0 47.80.23.255, vlan 1, up Default gateway information: metric strict 1: 47.80.22.1, up 2: 47.80.225.2, up Current BOOTP relay settings: OFF 0.0.0.0, 0.0.0.
IGMP multicast router port information Command: /info/l3/igmp/mrouter [IGMP Multicast Router Menu] vlan - Show all multicast router ports on a single vlan dump - Show all multicast router ports The following table describes the commands used to display information about multicast routers learned through IGMP Snooping. Table 36 IGMP Multicast Router menu options Command Usage vlan <1-4094> dump Displays information for all multicast groups on a single VLAN.
QoS information Command: /info/qos [QoS Menu] 8021p - Show QOS 802.1p information The following table describes the commands used to display Quality of Service (QoS) information. Table 37 QoS menu options Command Usage 8021p Displays the QoS 802.1p Information Menu. 802.
ACL information Command: /info/acl Current ACL information: -----------------------Filter 1 profile: Ethernet - VID : 1/0xfff Actions : Set COS to 0 Filter 2 profile: Ethernet - VID : 1/0xfff Actions : Permit No ACL groups configured. Access Control List (ACL) information provides configuration parameters for each Access Control List. It also shows which ACLs are included in each ACL Group.
Table 41 RMON History Information Menu /info/rmon/hist Command Usage Gbnum Displays the number of granted buckets that may hold sampled data.
RMON event information Command: /info/rmon/event RMON Event group configuration: Index ----1 2 3 4 5 10 11 15 100 Type ---both none log trap both both both both both Last Sent ---------------0D: 0H: 1M:20S 0D: 0H: 0M: 0S 0D: 0H: 0M: 0S 0D: 0H: 0M: 0S 0D: 0H: 0M: 0S 0D: 0H: 0M: 0S 0D: 0H: 0M: 0S 0D: 0H: 0M: 0S 0D: 0H: 0M: 0S Description --------------------------------Event_1 Event_2 Event_3 Event_4 Log and trap event for Link Down Log and trap event for Link Up Send log and trap for icmpInMsg Send log an
Use this command to display link status information about each port on a switch, including: Port number Phy-Type (GE or SFP) Port speed (10 Mb/s, 100 Mb/s, 1000 Mb/s, or any) Duplex mode (half, full, or any) Flow control for transmit and receive (no, yes, or any) Link status (up or down) Port information Command: /info/port Port Tag Media RMON PVID NAME ---- --- ---- ---- ---- -------------1 n Auto d 1 Downlink1 2 n Auto d 1 Downlink2 3 n Auto d 1 Downlink3 4 n Auto d 1 Downlink4 5 n Auto d 1 Downlink5 6 n
Logical Port to GEA Port mapping Command: /info/geaport Logical Port -----------1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 GEA Port(0-based) ----------------1 2 4 7 8 12 13 14 0 3 5 6 9 10 11 15 16 17 18 19 23 22 21 20 GEA Unit --------0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 This display correlates the logical port number to the GEA unit on which each port resides.
Uplink Failure Detection information Command: /info/ufd Uplink Failure Detection 1: Enabled LtM status: Down Member STG STG State Link Status -------------------------------port 24 down 1 DISABLED 10 DISABLED * 15 DISABLED * * = STP turned off for this port.
Statistics Menu Introduction You can view switch performance statistics in the user, operator, and administrator command modes. This chapter discusses how to use the CLI to display switch statistics.
The following table describes the Port Statistics Menu options: Table 45 Port Statistics Menu options Command Usage 8021x brg ether if ip link rmon clear Displays IEEE 802.1x statistics Displays bridging (―dot1‖) statistics for the port. Displays Ethernet (―dot3‖) statistics for the port. Displays interface statistics for the port. Displays Internet Protocol statistics for the port. Displays link statistics for the port. Displays Remote Monitoring (RMON) statistics for the port.
Table 46 802.1x statistics for port Statistics Description authSuccessesWhile Authenticating Total number of times that the state machine transitions from AUTHENTICATING to AUTHENTICATED, as a result of the Backend Authentication state machine indicating successful authentication of the Supplicant.
Bridging statistics Command: /stats/port /brg Bridging statistics for port 1: dot1PortInFrames: dot1PortOutFrames: dot1PortInDiscards: dot1TpLearnedEntryDiscards: dot1StpPortForwardTransitions: 63242584 63277826 0 0 0 The following table describes the bridging statistics for a selected port: Table 47 Bridging statistics for port Statistics Description dot1PortInFrames The number of frames that have been received by this port from its segment.
Ethernet statistics Command: /stats/port /ether Ethernet statistics for port 1: dot3StatsAlignmentErrors: dot3StatsFCSErrors: dot3StatsSingleCollisionFrames: dot3StatsMultipleCollisionFrames: dot3StatsLateCollisions: dot3StatsExcessiveCollisions: dot3StatsInternalMacTransmitErrors: dot3StatsFrameTooLongs: dot3StatsInternalMacReceiveErrors: 0 0 0 0 0 0 0 0 0 The following table describes the Ethernet statistics for a selected port: Table 48 Ethernet statistics for port Statistics Description
Table 48 Ethernet statistics for port Statistics Description dot3StatsInternalMacTransmitErrors A count of frames for which transmission on a particular interface fails due to an internal MAC sublayer transmit error. A frame is only counted by an instance of this object if it is not counted by the corresponding instance of either the dot3StatsLateCollisions object, the dot3StatsExcessiveCollisions object, or the dot3StatsCarrierSenseErrors object.
Interface statistics Command: /stats/port /if Interface statistics for port 1: ifHCIn Counters Octets: 51697080313 UcastPkts: 65356399 BroadcastPkts: 0 MulticastPkts: 0 Discards: 0 Errors: 0 ifHCOut Counters 51721056808 65385714 6516 0 0 21187 The following table describes the interface (IF) statistics for a selected port: Table 49 Interface statistics for port Statistics Description Octets—IfHCIn UcastPkts—IfHCIn The total number of octets received on the interface, including framing char
The following table describes the Internet Protocol (IP) statistics for a selected port: Table 50 IP statistics for port Statistics Description ipInReceives The total number of input datagrams received from interfaces, including those received in error. The number of input datagrams discarded because the IP address in their IP header's destination field was not a valid address to be received at this entity (the switch).
Port RMON statistics Command: /stats/port /rmon RMON statistics for port 2: etherStatsDropEvents: etherStatsOctets: etherStatsPkts: etherStatsBroadcastPkts: etherStatsMulticastPkts: etherStatsCRCAlignErrors: etherStatsUndersizePkts: etherStatsOversizePkts: etherStatsFragments: etherStatsJabbers: etherStatsCollisions: etherStatsPkts64Octets: etherStatsPkts65to127Octets: etherStatsPkts128to255Octets: etherStatsPkts256to511Octets: etherStatsPkts64Octets: etherStatsPkts1024to1518Octets: NA 0 0 0 0
Table 52 RMON statistics Statistic Description etherStatsPkts65to127 Octets The total number of packets (including bad packets) received that were greater than 64 octets in length (excluding framing bits but including FCS octets). The total number of packets (including bad packets) received that were greater than 127 octets in length (excluding framing bits but including FCS octets).
Layer 3 statistics Command: /stats/l3 [Layer 3 Statistics Menu] geal3 - GEA Layer 3 Stats Menu ip - Show IP stats route - Show route stats arp - Show ARP stats dns - Show DNS stats icmp - Show ICMP stats tcp - Show TCP stats udp - Show UDP stats igmp - Show IGMP stats ospf - OSPF stats vrrp - Show VRRP stats clrvrrp - Clear VRRP stats rip - Show RIP stats clrigmp - Clear IGMP stats ipclear - Clear IP stats dump - Dump layer 3 stats The following table describes the Layer 3 statistics menu options.
Table 56 Layer 3 GEA statistics menu options Command Usage Dump Displays all GEA statistics.
Route statistics Command: /stats/l3/route Route statistics: ipRoutesCur: ipRoutesMax: 7 512 ipRoutesHighWater: 7 The following table describes the Route statistics: Table 58 Route statistics Statistics Description ipRoutesCur The total number of outstanding routes in the route table. ipRoutesMax The maximum number of supported routes. ipRoutesHighWater The highest number of routes ever recorded in the route table.
ICMP statistics Command: /stats/l3/icmp ICMP statistics: icmpInMsgs: icmpInDestUnreachs: icmpInParmProbs: icmpInRedirects: icmpInEchoReps: icmpInTimestampReps: icmpInAddrMaskReps: icmpOutErrors: icmpOutTimeExcds: icmpOutSrcQuenchs: icmpOutEchos: icmpOutTimestamps: icmpOutAddrMasks: 245802 41 0 0 244350 0 0 0 0 0 253777 0 0 icmpInErrors: icmpInTimeExcds: icmpInSrcQuenchs: icmpInEchos: icmpInTimestamps: icmpInAddrMasks: icmpOutMsgs: icmpOutDestUnreachs: icmpOutParmProbs: icmpOutRedirects: icmpOutEchoReps: i
TCP statistics Command: /stats/l3/tcp TCP statistics: tcpRtoAlgorithm: tcpRtoMax: tcpActiveOpens: tcpAttemptFails: tcpInSegs: tcpRetransSegs: tcpCurBuff: tcpOutRsts: 4 240000 252214 528 756401 0 0 417 tcpRtoMin: tcpMaxConn: tcpPassiveOpens: tcpEstabResets: tcpOutSegs: tcpInErrs: tcpCurConn: 0 2048 7 4 756655 0 3 The following table describes the Transmission Control Protocol (TCP) statistics: Table 62 TCP statistics Statistics Description tcpRtoAlgorithm The algorithm used to determine the timeout va
UDP statistics Command: /stats/l3/udp UDP statistics: udpInDatagrams: udpInErrors: 54 0 udpOutDatagrams: udpNoPorts: 43 1578077 The following table describes the User Datagram Protocol (UDP) statistics: Table 63 UDP statistics Statistics Description udpInDatagrams udpOutDatagrams udpInErrors The total number of UDP datagrams delivered to the switch. The total number of UDP datagrams sent from this switch.
OSPF statistics menu Command: /stats/l3/ospf [OSPF stats Menu] general - Show global stats aindex - Show area(s) stats if - Show interface(s) stats The following table describes the OSPF statistics menu options. Table 65 OSPF statistics menu options Command Usage general Displays OSPF global statistics. aindex <0-2> Displays area index statistics. if <1-255> Displays interface statistics.
Table 66 OSPF global statistics Statistic Description Tx Hello The sum total of all Hello packets transmitted on all OSPF areas and interfaces. Rx Database The sum total of all Database Description packets received on all OSPF areas and interfaces. Tx Database The sum total of all Database Description packets transmitted on all OSPF areas and interfaces. Rx ls Requests The sum total of all Link State Request packets received on all OSPF areas and interfaces.
Table 66 OSPF global statistics Statistic Description down The total number of Neighboring routers down (that is, in the initial state of a neighbor conversation) across all OSPF areas and interfaces. Intf Change Stats: up The sum total number of interfaces up in all OSPF areas. down The sum total number of interfaces down in all OSPF areas. loop The sum total of interfaces no longer connected to the attached network across all OSPF areas and interfaces.
VRRP statistics Virtual Router Redundancy Protocol (VRRP) support on the switch provides redundancy between routers in a LAN. This is accomplished by configuring the same virtual router IP address and ID number on each participating VRRPcapable routing device. One of the virtual routers is then elected as the master, based on a number of priority criteria, and assumes control of the shared virtual router IP address.
RIP statistics Command: /stats/l3/rip RIP ALL STATS INFORMATION: RIP packets received = 12 RIP packets sent = 75 RIP request received = 0 RIP response received = 12 RIP request sent = 3 RIP response sent = 72 RIP route timeout = 0 RIP bad size packet received = 0 RIP bad version received = 0 RIP bad zeros received = 0 RIP bad src port received = 0 RIP bad src IP received = 0 RIP packets from self received = 0 The following table describes the basic Routing Information Protocol (RIP) statistics : Table 68 RI
Management Processor statistics Command: /stats/mp [MP-specific Statistics Menu] pkt - Show Packet stats tcb - Show All TCP control blocks in use ucb - Show All UDP control blocks in use cpu - Show CPU utilization The following table describes the MP-specific Statistics Menu options: Table 69 MP-specific Statistics Menu Command Usage pkt tcb ucb cpu Displays packet statistics, to check for leads and load. Displays all Transmission Control Protocol (TCP) control blocks (TCB) that are in use.
TCP statistics Command: /stats/mp/tcb All TCP allocated control blocks: 10ad41e8: 0.0.0.0 0 <=> 0.0.0.0 10ad5790: 47.81.27.5 1171 <=> 47.80.23.243 80 23 listen established The following table describes the Transmission Control Protocol (TCP) control block (TCB) statistics shown in this example: Table 71 TCP statistics Description Example statistic Memory 10ad41e8/10ad5790 Destination IP address Destination port Source IP Source port State 0.0.0.0/47.81.27.5 0/1171 0.0.0.0/47.80.23.
Access Control List (ACL) statistics menu Command: /stats/acl [ACL Menu] acl dump clracl - Display ACL stats - Display all available ACL stats - Clear ACL stats The following table describes the Access Control List (ACL) Statistics menu options: Table 74 ACL statistics menu options Command Usage acl <1-762> Displays the Access Control List Statistics for a specific ACL. dump Displays all ACL statistics. clracl Clear all ACL statistics.
Table 75 SNMP statistics Statistics Description snmpInASNParseErrs The total number of ASN.1 (Abstract Syntax Notation One) or BER (Basic Encoding Rules), errors encountered by the SNMP protocol entity when decoding SNMP messages received. The Open Systems Interconnection (OSI) method of specifying abstract objects is called ASN.1 (Abstract Syntax Notation One, defined in X.
Table 75 SNMP statistics Statistics Description snmpOutGetResponses The total number of SNMP Get-Response Protocol Data Units (PDUs), which have been generated by the SNMP protocol entity. The total number of SNMP Trap Protocol Data Units (PDUs), which have been generated by the SNMP protocol entity.
Uplink Failure Detection statistics This menu option allows you to display Uplink Failure Detection (UFD) statistics. To reset UFD statistics, follow the command /stats/ufd with the following argument: clear.
Configuration Menu Introduction The Configuration Menu is only available from an administrator login. It includes submenus for configuring every aspect of the switch. Changes to configuration are not active until explicitly applied. Changes can be saved to nonvolatile memory (NVRAM).
Viewing pending changes You can view all pending configuration changes by entering diff at any CLI prompt: # diff You can view all pending configuration changes that have been applied but not saved to flash memory by entering diff flash at any CLI prompt: # diff flash Applying pending changes To make your configuration changes active, you must apply them. To apply configuration changes, enter the following command at any prompt: # apply NOTE: All configuration changes take effect immediately when applied.
Reminders CLI reminders prompt users to complete configuration tasks that require multiple steps. The default setting for CLI reminders is enabled. Use the following command to disable CLI reminders: /cfg/sys/reminders dis The following is an example of a configuration task performed with CLI reminders enabled. >> Layer 2# vlan 5 VLAN number 5 with name "VLAN 5" created. Reminder: VLAN 5 needs to be enabled. >> VLAN 5# add 9 Port 9 is an UNTAGGED port and its current PVID is 1.
Table 79 System Configuration Menu options Command Usage dlight disable|enable Disables or enables daylight saving time in the system clock. When enabled, the switch will add an extra hour to the system clock so that it is consistent with the local clock. By default, this option is disabled. Sets the idle timeout for CLI sessions, from 1 to 60 minutes. The default is 5 minutes. This setting affects both the console port and Telnet port.
Table 80 Syslog Configuration Menu options Command Description console disable|enable Enables or disables delivering syslog messages to the console. When necessary, disabling console ensures the switch is not affected by syslog messages. It is enabled by default. Displays a list of features for which syslog messages can be generated. You can choose to enable/disable specific features or enable/disable syslog on all available features.
The following table describes the SSHD Configuration Menu options. Table 81 SSHD Configuration Menu options Command Description intrval <0-24> Defines interval for auto-generating the RSA server key. The switch will auto-generate the RSA server key at the interval defined in this command. The value of zero (0) means the RSA server key autogeneration is disabled.
RADIUS server configuration Command: /cfg/sys/radius [RADIUS Server prisrv secsrv secret secret2 port retries timeout telnet secbd on off cur - Menu] Set primary RADIUS server address Set secondary RADIUS server address Set primary RADIUS server secret Set secondary RADIUS server secret Set RADIUS port Set RADIUS server retries Set RADIUS server timeout Enable/disable RADIUS backdoor for telnet/ssh/http/https Enable/disable RADIUS secure backdoor for telnet/ssh/http/https Turn RADIUS authentication ON Turn
TACACS+ server configuration Command: /cfg/sys/tacacs+ [TACACS+ Server Menu] prisrv - Set IP address of primary TACACS+ server secsrv - Set IP address of secondary TACACS+ server secret - Set secret for primary TACACS+ server secret2 - Set secret for secondary TACACS+ server port - Set TACACS+ port number retries - Set number of TACACS+ server retries timeout - Set timeout value of TACACS+ server retries telnet - Enable/disable TACACS+ back door for telnet/ssh/http/https secbd - Enable/disable TACACS+ secur
IMPORTANT: If TACACS+ is enabled, you must login using TACACS+ authentication when connecting via the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can connect using notacacs and the administrator password even if the backdoor (telnet) or secure backdoor (secbd) are disabled. If Telnet backdoor is enabled (telnet ena), type in notacacs as a backdoor to bypass TACACS+ checking, and use the administrator password to log into the switch.
System SNMP configuration Command: /cfg/sys/ssnmp [SNMP Menu] snmpv3 name locn cont rcomm wcomm timeout auth linkt ufd cur - SNMPv3 Menu Set SNMP "sysName" Set SNMP "sysLocation" Set SNMP "sysContact" Set SNMP read community string Set SNMP write community string Set timeout for the SNMP state machine Enable/disable SNMP "sysAuthenTrap" Enable/disable SNMP link up/down trap Enable/disable SNMP Uplink Failure Detection trap Display current SNMP configuration The switch software supports SNMP-based network
SNMPv3 configuration Command: /cfg/sys/ssnmp/snmpv3 [SNMPv3 Menu] usm view access group comm taddr tparam notify v1v2 cur - usmUser Table Menu vacmViewTreeFamily Table Menu vacmAccess Table Menu vacmSecurityToGroup Table Menu community Table Menu targetAddr Table Menu targetParams Table Menu notify Table Menu Enable/disable V1/V2 access Display current SNMPv3 configuration SNMP version 3 (SNMPv3) is an extensible SNMP Framework that supplements the SNMPv2 Framework by supporting the following: a new SNMP
User Security Model configuration Command: /cfg/sys/ssnmp/snmpv3/usm [SNMPv3 usmUser name auth authpw priv privpw del cur - 1 Menu] Set USM user name Set authentication protocol Set authentication password Set privacy protocol Set privacy password Delete usmUser entry Display current usmUser configuration You can make use of a defined set of user identities using this Security Model. An SNMP engine must have the knowledge of applicable attributes of a user.
Table 88 SNMPv3 View Configuration Menu options Command Description cur Displays the current vacmViewTreeFamily configuration.
SNMPv3 Group configuration Command: /cfg/sys/ssnmp/snmpv3/group [SNMPv3 vacmSecurityToGroup 1 Menu] model - Set security model uname - Set USM user name gname - Set group name del - Delete vacmSecurityToGroup entry cur - Display current vacmSecurityToGroup configuration The following table describes the SNMPv3 Group Configuration Menu options.
SNMPv3 Target Address Table configuration Command: /cfg/sys/ssnmp/snmpv3/taddr [SNMPv3 snmpTargetAddrTable 1 Menu] name - Set target address name addr - Set target transport address IP port - Set target transport address port taglist - Set tag list pname - Set targetParams name del - Delete targetAddrTable entry cur - Display current targetAddrTable configuration This menu allows you to configure an entry of a transport address that transmits SNMP traps.
SNMPv3 Target Parameters Table configuration Command: /cfg/sys/ssnmp/snmpv3/tparam [SNMPv3 snmpTargetParamsTable 1 Menu] name - Set targetParams name mpmodel - Set message processing model model - Set security model uname - Set USM user name level - Set minimum level of security del - Delete targetParamsTable entry cur - Display current targetParamsTable configuration You can configure the target parameters entry and store it in the target parameters table in the SNMP engine.
System Access configuration Command: /cfg/sys/access [System Access Menu] mgmt - Management Network Definition Menu user - User Access Control Menu (passwords) http - Enable/disable HTTP (Web) access https - HTTPS Web Access Menu wport - Set HTTP (Web) server port number snmp - Set SNMP access control tnet - Enable/disable Telnet access tnport - Set Telnet server port number tport - Set the TFTP Port for the system cur - Display current system access configuration The following table describes the System Ac
User Access Control configuration Command: /cfg/sys/access/user [User Access Control Menu] uid - User ID Menu eject - Eject user usrpw - Set user password (user) opw - Set operator password (oper) admpw - Set administrator password (admin) cur - Display current user status The following table describes the User Access Control menu options.
HTTPS Access configuration Command: /cfg/sys/access/https [https Menu] access port generate certSave cur - Enable/Disable HTTPS Web access HTTPS WebServer port number Generate self-signed HTTPS server certificate save HTTPS certificate Display current SSL Web Access configuration The following table describes the HTTPS Access Configuration menu options. Table 99 HTTPS Access Configuration menu options Command Description access enable|disable Enables or disables BBI access (Web access) using HTTPS.
The following table describes the Port Configuration Menu options. Table 100 Port Configuration Menu options Command Description gig aclqos Displays theGigabit Ethernet Physical Link Menu. Displays the Access Control List (ACL)/Quality of Service (QoS) configuration menu. Configures the port‘s 802.1p priority level. Sets the default VLAN number which will be used to forward frames which are not VLAN tagged. The default number for all ports except Port 19 is 1.
Port link configuration Command: /cfg/port /gig [Gigabit Link speed mode fctl auto cur Menu] - Set link speed - Set full or half duplex mode - Set flow control - Set auto negotiation - Display current gig link configuration Use these menu options to set port parameters for the port link. Link menu options are described in the following table and display on the Gigabit port configuration menus for the switch.
Layer 2 configuration Command: /cfg/l2 [Layer 2 Menu] 8021x mrst stp fdb trunk thash lacp vlan upfast update cur - 802.1x Menu Multiple Spanning Tree/Rapid Spanning Tree Menu Spanning Tree Menu FDB Trunk Group Menu IP Trunk Hash Menu Link Aggregation Control Protocol Menu VLAN Menu Enable/disable Uplink Fast UplinkFast station update rate Display current layer 2 parameters The following table describes the Layer 2 Configuration Menu options.
802.1x Global configuration Command: /cfg/l2/8021x/global [802.
802.1x Port configuration Command: /cfg/l2/8021x/port [802.
Rapid Spanning Tree Protocol / Multiple Spanning Tree Protocol configuration Command: /cfg/l2/mrst [Multiple Spanning Tree Menu] cist - Common and Internal Spanning Tree menu name - Set MST region name rev - Set revision level of this MST region maxhop - Set Maximum Hop Count for MST (4 - 60) mode - Spanning Tree Mode on - Globally turns RSTP/MSTP ON off - Globally turns RSTP/MSTP OFF cur - Display current MST parameters The switch supports the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) and IEEE 802.
Common Internal Spanning Tree configuration Command: /cfg/l2/mrst/cist [Common Internal Spanning Tree Menu] brg - CIST Bridge parameter menu port - CIST Port parameter menu add - Add VLAN(s) to CIST default - Default Common Internal Spanning Tree and Member parameters cur - Display current CIST parameters The Common Internal Spanning Tree (CIST) provides compatibility with different MSTP regions and with devices running different Spanning Tree instances. It is equivalent to Spanning Tree Group 0.
CIST port configuration Command: /cfg/l2/mrst/cist/port [CIST Port prior cost hello link edge on off cur 1 - Menu] Set port Priority (0-240) Set port Path Cost (1-200000000, 0 for auto) Set CIST port Hello Time (1-10 secs) Set MSTP link type (auto, p2p, or shared; default: auto) Enables or disables edge port Turn port's Spanning Tree ON Turn port's Spanning Tree OFF Display current port Spanning Tree parameters CIST port parameters are used to modify MST operation on an individual port basi
Spanning Tree configuration Command: /cfg/l2/stp [Spanning Tree Group 1 Menu] brg - Bridge parameter menu port - Port parameter menu add - Add VLAN(s) to Spanning Tree Group remove - Remove VLAN(s) from Spanning Tree Group clear - Remove all VLANs from Spanning Tree Group on - Globally turn Spanning Tree ON off - Globally turn Spanning Tree OFF default - Default Spanning Tree and Member parameters cur - Display current bridge parameters This switch supports the IEEE 802.
Bridge Spanning Tree configuration Command: /cfg/l2/stp /brg [Bridge Spanning Tree Menu] prior - Set bridge Priority [0-65535] hello - Set bridge Hello Time [1-10 secs] mxage - Set bridge Max Age (6-40 secs) fwd - Set bridge Forward Delay (4-30 secs) cur - Display current bridge parameters Spanning tree bridge parameters can be configured for each Spanning Tree Group.
Spanning Tree port configuration Command: /cfg/l2/stp /port [Spanning Tree Port 1 Menu] prior - Set port Priority (0-255) cost - Set port Path Cost (1-65535 (802.
Forwarding Database configuration Command: /cfg/l2/fdb [FDB Menu] static aging cur - Static FDB Menu - Configure FDB aging value - Display current FDB configuration The following table describes the Forwarding Database Configuration Menu options. Table 114 FDB Configuration Menu options Command Description static aging <0-65535> cur Displays the Static FDB Configuration Menu. Configures the aging value for FDB entries. The default value is 300. Displays current FDB parameters.
NOTE: See the N8406-023 1Gb Intelligent L3 Switch Application Guide for information on how to use port trunks. The following table describes the Trunk Group Configuration Menu options. Table 116 Trunk Group Configuration Menu options Command Description add rem ena dis del cur Adds a physical port to the current trunk group. Removes a physical port from the current trunk group. Enables the current trunk group. Turns the current trunk group off.
Link Aggregation Control Protocol configuration Command: /cfg/l2/lacp [LACP Menu] sysprio timeout port cur - Set LACP system priority Set LACP system timeout scale for timing out partner info LACP port Menu Display current LACP configuration The following table describes the LACP Configuration Menu options. Table 119 LACP Configuration Menu options Command Description sysprio <1-65535> Defines the priority value (1 through 65535) for the switch. Lower numbers provide higher priority.
VLAN configuration Command: /cfg/l2/vlan <1-4095> [VLAN 1 Menu] name stg add rem def ena dis del cur - Set VLAN name Assign VLAN to a Spanning Tree Group Add port to VLAN Remove port from VLAN Define VLAN as list of ports Enable VLAN Disable VLAN Delete VLAN Display current VLAN configuration The commands in this menu configure VLAN attributes, change the status of the VLAN, delete the VLAN, and change the port membership of the VLAN.
Layer 3 configuration Command: /cfg/l3 [Layer 3 Menu] if gw route arp frwd nwf rmap rip ospf igmp dns bootp vrrp rtrid cur - Interface Menu Default Gateway Menu Static Route Menu ARP Menu Forwarding Menu Network Filters Menu Route Map Menu Routing Information Protocol Menu Open Shortest Path First (OSPF) Menu IGMP Menu Domain Name System Menu Bootstrap Protocol Relay Menu Virtual Router Redundancy Protocol Menu Set router ID Display current IP configuration The following table describes the Layer 3 Config
Table 123 IP Interface Configuration Menu options Command Description vlan <1-4094> Configures the VLAN number for this interface. Each interface can belong to one VLAN, though any VLAN can have multiple IP interfaces in it. Enables or disables BOOTP relay on this IP interface. The default is enabled. Enables this IP interface. Disables this IP interface. Removes this IP interface. Displays the current interface settings.
IP Static Route configuration Command: /cfg/l3/route [IP Static Route Menu] add - Add static route rem - Remove static route cur - Display current static route configuration The following table describes the IP Static Route Configuration Menu options. Table 125 IP Static Route Configuration Menu options Command Description add rem cur Adds a static route.
IP Forwarding configuration Command: /cfg/l3/frwd [IP Forwarding Menu] dirbr - Enable/disable forwarding directed broadcasts on - Globally turn IP Forwarding ON off - Globally turn IP Forwarding OFF cur - Display current IP Forwarding configuration The following table describes the IP Forwarding Configuration Menu options. Table 128 IP Forwarding Configuration Menu options Command Description dirbr disable|enable Enables or disables forwarding directed broadcasts. This command is disabled by default.
The following table describes the Route Map Configuration Menu options. Table 130 Route Map Configuration Menu options Command Description alist <1-8> metric <0-16777214>|none type 1|2|none Displays the Access List menu. Sets the metric of the matched route. Assigns the type of OSPF metric. Type 1—External routes are calculated using both internal and external metrics. Type 2—External routes are calculated using only the external metrics. Type 2 routes have more cost than Type 2.
Routing Information Protocol configuration Command: /cfg/l3/rip [Routing Information Protocol Menu] if - RIP Interface Menu update - Set update period in seconds redist - RIP Route Redistribute Menu on - Globally turn RIP ON off - Globally turn RIP OFF current - Display current RIP configuration The RIP Menu is used for configuring Routing Information Protocol parameters. This option is turned off by default. The following table describes the RIP Configuration Menu options.
RIP Interface configuration Command: /cfg/l3/rip/if <1-255> [RIP Interface 1 Menu] version - Set RIP version supply - Enable/disable supplying route updates listen - Enable/disable listening to route updates poison - Enable/disable poisoned reverse split - Enable/disable split horizon trigg - Enable/disable triggered updates mcast - Enable/disable multicast updates default - Set default route action metric - Set metric auth - Set authentication type key - Set authentication key enable - Enable interface dis
RIP Route Redistribution configuration Command: /cfg/l3/rip/redist fixed|static|ospf|eospf [RIP Redistribute Fixed Menu] add - Add rmap into route redistribution list rem - Remove rmap from route redistribution list export - Export all routes of this protocol cur - Display current route-maps added The following table describes the RIP Route Redistribute Menu options.
Table 135 OSPF Configuration Menu options Command Description redist lsdb <0-2000> Displays Route Distribution Menu. Sets the link state database limit. Enter 0 (zero) for no limit. The default value is 0. Sets one default route among multiple choices in an area. Enter none for no default route. Enables OSPF. Disables OSPF. This is the default. Displays the current OSPF configuration settings.
Table 136 OSPF Area Index Configuration Menu options Command Description cur Displays the current OSPF configuration.
OSPF Summary Range configuration Command: /cfg/l3/ospf/range <1-16> [OSPF Summary addr mask aindex hide enable disable delete cur Range 1 Menu] - Set IP address - Set IP mask - Set area index - Enable/disable hide range - Enable range - Disable range - Delete range - Display current OSPF summary range configuration The following table describes the OSPF Summary Range Configuration Menu options.
Table 138 OSPF Interface Configuration Menu options Command Description retra <1-3600> key |none mdkey <1-255>|none enable disable delete cur Configures the retransmit interval in seconds. The default value is 5 seconds. Sets the authentication key to clear the password. Assigns an MD5 key to the interface. The default is none. Enables the OSPF interface. Disables the OSPF interface. This is the default. Deletes the OSPF interface. Displays the current settings for OSPF interface.
Table 140 OSPF Host Entry Configuration Menu options Command Description addr Configures the base IP address for the host entry. For example, 100.10.1.1 Configures lays the area index of the host. The default is 0. Configures the cost value of the host. The default value is 1. Enables OSPF host entry. Disables OSPF host entry. This is the default. Deletes OSPF host entry. Displays the current OSPF host entries.
IGMP configuration Command: /cfg/l3/igmp [IGMP Menu] snoop mrouter igmpflt on off cur - IGMP Snoop Menu Static Multicast Router Menu IGMP Filtering Menu Globally turn IGMP ON Globally turn IGMP OFF Display current IGMP configuration IGMP Snooping allows the switch to forward multicast traffic only to those ports that request it. IGMP Snooping prevents multicast traffic from being flooded to all ports.
Table 144 IGMP Snoop Menu options Command Description clear fastlv <1-4094> disable|enable Removes all VLANs from IGMP Snooping. Enables or disables Fastleave processing. Fastleave allows the switch to immediately remove a port from the IGMP port list, if the host sends a Leave message, and the proper conditions are met. This command is disabled by default. Enables IGMP Snooping. Disables IGMP Snooping. This is the default. Displays the current IGMP Snooping parameters.
[IGMP Filter 1 Definition Menu] range - Set IP Multicast address range action - Set filter action ena - Enable filter dis - Disable filter del - Delete filter cur - Display current IGMP filter configuration The following table describes the IGMP Filter Definition Menu options. Table 147 IGMP Filter Definition Menu Command Description range Configures the range of IP multicast addresses for this filter.
Table 149 Domain Name System (DNS) Configuration Menu options Command Description dname |none Sets the default domain name used by the switch. For example: mycompany.com Displays the current Domain Name System (DNS) settings.
Bootstrap Protocol Relay configuration Command: /cfg/l3/bootp [Bootstrap Protocol Relay Menu] addr - Set IP address of BOOTP server addr2 - Set IP address of second BOOTP server on - Globally turn BOOTP relay ON off - Globally turn BOOTP relay OFF cur - Display current BOOTP relay configuration The Bootstrap Protocol (BOOTP) Relay Menu is used to allow hosts to obtain their configurations from a DHCP server.
Table 151 VRRP Configuration Menu options Command Description off cur Globally disables VRRP on this switch. This is the default. Displays the current VRRP parameters.
Table 152 VRRP Configuration Menu options Command Description preem disable|enable Enables or disables master preemption. When enabled, if this virtual router is in backup mode but has a higher priority than the current master, this virtual router will preempt the lower priority master and assume control. Note that even when preem is disabled, this virtual router will always preempt any other master if this switch is the owner (the IP interface address and virtual router addr are the same).
[VRRP Virtual track vrid if prio adver preem ena dis del cur Router Group Menu] - Priority Tracking Menu - Set virtual router ID - Set interface number - Set router priority - Set advertisement interval - Enable/disable preemption - Enable virtual router - Disable virtual router - Delete virtual router - Display current VRRP virtual router configuration The Virtual Router Group menu is used for associating all virtual routers into a single logical virtual router, which forces all virtual routers on the sw
The following table describes the Virtual Router Group Priority Tracking Configuration Menu options. Table 155 Virtual Router Group Priority Tracking Configuration Menu options Command Description ifs disable|enable When enabled, the priority for this virtual router will be increased for each other IP interface active on this switch. An IP interface is considered active when there is at least one active port on the same VLAN.
Table 157 VRRP Tracking Configuration Menu options Command Description ifs <0-254> Defines the priority increment value (0 through 254) for active IP interfaces detected on this switch. The default value is 2. Defines the priority increment value (0 through 254) for active ports on the virtual router‘s VLAN. The default value is 2. Displays the current configuration of priority tracking increment values. ports <0-254> cur Quality of Service configuration Command: /cfg/qos [QOS Menu] 8021p - 802.
Table 160 Access Control Configuration Menu options Command Description group <1-762> cur Displays ACL Group configuration menu. Displays the current Access Control parameters.
Access Control List configuration Command: /cfg/acl/acl [ACL 1 Menu] ethernet ipv4 tcpudp meter re-mark pktfmt egrport action stats reset cur - Ethernet Header Options Menu IP Header Options Menu TCP/UDP Header Options Menu ACL Metering Configuration Menu ACL Re-mark Configuration Menu Set to filter specific packet format types Set to filter for packets egressing this port Set filter action Enable/disable statistics for this acl Reset filtering parameters Display current filter configuration
Table 162 Ethernet Filter Configuration Menu options Command Description smac Defines the source MAC address and MAC mask for this ACL. For example: 00:60:cf:40:56:00 ff:ff:ff:ff:ff:fc Defines the destination MAC address and MAC mask for this ACL. For example: 00:60:cf:40:56:00 ff:ff:ff:ff:ff:fc Defines a VLAN number and mask for this ACL. Defines the Ethernet type for this ACL.
Table 164 TCP/UDP Filter Configuration Menu options Command Description sport <1-65535> Defines a source port for the ACL. If defined, traffic with the specified TCP or UDP source port will match this ACL. Specify the port number. Listed below are some of the well-known ports: Number Name 20 ftp-data 21 ftp 22 ssh 23 telnet 25 smtp 37 time 42 name 43 whois 53 domain 69 tftp 70 gopher 79 finger 80 http Defines a destination port for the ACL.
ACL Re-mark configuration Command: /cfg/acl/acl /re-mark [Re-mark Menu] inprof outprof reset cur - In Profile Menu Out Profile Menu Reset re-mark settings Display current settings You can choose to re-mark IP header data for the selected ACL. You can configure different remark values, based on whether packets fall within the ACL Metering profile, or out of the ACL Metering profile.
ACL Re-mark Out-of-Profile configuration Command: /cfg/acl/acl /re-mark/outprof [Re-marking - Out Of Profile Menu] updscp - Set the update DSCP reset - Reset out of profile settings cur - Display current settings Table 169 ACL Re-mark Out-of-Profile Configuration Menu options Command Description updscp <0-63> Sets the DiffServ Code Point (DSCP) of Out-of-Profile packets to the selected value. The switch sets the DSCP value on Out-of-Profile packets.
Remote Monitoring configuration Command: /cfg/rmon [RMON Menu] hist event alarm cur - RMON History Menu RMON Event Menu RMON Alarm Menu Display current RMON configuration Remote Monitoring (RMON) allows you to monitor traffic flowing through the switch. The RMON MIB is described in RFC 1757. The following table describes the RMON Configuration Menu options. Table 172 RMON Menu options Command Description hist event alarm cur Displays the RMON History Menu. Displays the RMON Event Menu.
RMON event configuration Command: /cfg/rmon/event <1-65535> [RMON Event 1 descn type owner delete cur Menu] - Set description for the event - Set event type - Set owner for the event - Delete this event and restore defaults - Display current event configuration The following table describes the RMON Event Menu options. Table 174 RMON Event Menu options Command Description descn <1-127 characters> Enter a text string to describe the event. The description can have a maximum of 127 characters.
Table 175 RMON Alarm Menu options Command Description almtype rising|falling|either Configures the alarm type as rising, falling, or either (rising or falling). The default is either. Configures the rising threshold for the sampled statistic. When the current sampled value is greater than or equal to this threshold, and the value at the last sampling interval was less than this threshold, a single event is generated. The default value is 0. Configures the falling threshold for the sampled statistic.
Table 177 Port Mirroring Configuration Menu options Command Description add in|out|both Adds the port to be mirrored. This command also allows you to enter the direction of the traffic. It is necessary to specify the direction because: If the source port of the frame matches the mirrored port and the mirrored direction is ingress or both (ingress and egress), the frame is sent to the mirrored port.
Link to Monitor configuration Command: /cfg/ufd/fdp /ltm [Failure Link addport remport addtrnk remtrnk addkey remkey cur to Monitor Menu] - Add port to Link to Monitor - Remove port from Link to Monitor - Add trunk to Link to Monitor - Remove trunk from Link to Monitor - Add adminkey to Link to Monitor - Remove adminkey from Link to Monitor - Display current LtM configuration The following table describes the Link to Monitor (LtM) Menu options.
Dump Command: /cfg/dump The dump program writes the current switch configuration to the terminal screen. To start the dump program, at the Configuration# prompt, enter: Configuration# dump The configuration is displayed with parameters that have been changed from the default values. The screen display can be captured, edited, and placed in a script file, which can be used to configure other switches. Paste the configuration commands from the script file at the command line prompt of the switch.
Enter the password for the FTP server (if prompted): Enter password for username on FTP server: NOTE: The switch supports three configuration files: active, backup, and factory. See the ―Selecting a configuration block‖ section in the ―Boot Options Menu‖ chapter for information on how to set which configuration file to use upon boot up.
Operations Menu Introduction Operations-level commands are used for making immediate and temporary changes to switch configuration. The Operations Menu is used for bringing ports temporarily in and out of service. This menu is available only from an administrator and operator login.
Operations-level port 802.1x options Command: /oper/port /8021x [802.1x Operation Menu] reset - Reinitialize 802.1x access control on this port reauth - Initiate reauthentication on this port now Operations-level port 802.1x options are used to temporarily set 802.1x parameters for a port. This menu is available only from an administrator login. Table 184 Operations-Level Port 802.1x Menu options Command Description reset Re-initializes the 802.1x access-control parameters for the port.
Boot Options Menu Introduction You must be logged in to the switch as the administrator to use the Boot Options Menu. The Boot Options Menu provides options for: Selecting a switch software image to be used when the switch is next reset. Selecting a configuration block to be used when the switch is next reset. Downloading or uploading a new software image to the switch via FTP/TFTP.
When the above requirements are met, use the following procedure to download the new software to the switch. 1. At the Boot Options# prompt, enter: Boot Options# gtimg 2. Enter the name of the switch software to be replaced: Enter name of switch software image to be replaced ["image1"/"image2"/"boot"]: 3. Enter the hostname or IP address of the FTP or TFTP server: Enter hostname or IP address of FTP/TFTP server: 4.
Uploading a software image from the switch You can upload a software image from the switch to a FTP or TFTP server. 1. At the Boot Options# prompt, enter: Boot Options# ptimg 2. The system prompts you for information. Enter the desired image: Enter name of switch software image to be uploaded ["image1"|"image2"|"boot"]: 3. Enter the name or the IP address of the FTP or TFTP server: Enter hostname or IP address of FTP/TFTP server: 4.
Resetting the switch You can reset the switch to make your software image file and configuration block changes occur. Resetting the switch causes the Spanning Tree Protocol to restart. This process can be lengthy, depending on the topology of your network. To reset the switch, at the Boot Options# prompt, enter: >> Boot Options# reset You are prompted to confirm your request.
Maintenance Menu Introduction The Maintenance Menu is used for debugging purposes, enabling you to generate a technical support dump of the critical state information in the switch, and to clear entries in the Forwarding Database and the Address Resolution Protocol (ARP) and routing tables. This menu is available only from an administrator and operator login.
System maintenance options Command: /maint/sys [System Maintenance Menu] flags - Set NVRAM flag word The System Maintenance Menu is reserved for use by NEC technical support. The options are used to perform system debugging. The following table describes the System Maintenance Menu options. Table 187 System Maintenance Menu options Command Usage flags Sets the flags that are used for debugging purposes by NEC technical support.
Debugging options Command: /maint/debug [Miscellaneous Debug Menu] tbuf - Show MP trace buffer snap - Show MP snap (or post-mortem) trace buffer clrcfg - Clear all flash configs The Miscellaneous Debug Menu displays trace buffer information about events that can be helpful in understanding switch operation.
IP Route Manipulation options Command: /maint/route [IP Routing Menu] find - Show a single route by destination IP address gw - Show routes to a single gateway type - Show routes of a single type tag - Show routes of a single tag if - Show routes on a single interface dump - Show all routes clear - Clear route table The following table describes the IP Route Manipulation Menu options: Table 191 IP Route Manipulation Menu options Command Usage find gw type indirect|direct|local|br
The following table describes the IGMP Snoop Maintenance Menu options. Table 193 IGMP Snooping Menu options Command Usage find vlan <1-4094> port dump clear Shows a single IGMP Multicast group by IP address. Shows IGMP Multicast groups on a single VLAN. Shows IGMP Multicast groups on a single port. Shows all IGMP Multicast groups. Clears IGMP Multicast data from switch memory.
Maintenance# ptdmp Type the FTP/TFTP server IP address or hostname as , and the target dump file as .
Note: A system dump exists in FLASH. The dump was saved at 13:43:22 Wednesday October 30, 2005. Use /maint/uudmp to extract the dump for analysis and /maint/cldmp to clear the FLASH region. The region must be cleared before another dump can be saved.
