N8406-022 1Gb Intelligent L2 Switch Command Reference Guide (ISCLI) Part number: 856-126757-301-00 First edition: Jan 2007
Legal notices © 2007 NEC Corporation The information contained herein is subject to change without notice. The only warranties for NEC products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. NEC shall not be liable for technical or editorial errors or omissions contained herein. Microsoft®, Windows®, and Windows NT® are U.S. registered trademarks of Microsoft Corporation.
Contents ISCLI Reference Introduction............................................................................................................................................................. 6 Additional references.............................................................................................................................................. 6 Connecting to the switch ............................................................................................................................
Statistics commands Introduction........................................................................................................................................................... 41 Port Statistics........................................................................................................................................................ 41 Bridging statistics ..................................................................................................................................
VLAN configuration ......................................................................................................................................... 82 Layer 3 configuration ............................................................................................................................................ 82 IP interface configuration ................................................................................................................................
ISCLI Reference Introduction The 1Gb Intelligent L2 Switch is ready to perform basic switching functions right out of the box. Some of the more advanced features, however, require some administrative configuration before they can be used effectively.
To establish a console connection with the switch: 1. Connect the terminal to the console port using the null modem cable. 2. Power on the terminal. 3. Press the Enter key a few times on the terminal to establish the connection. 4. You will be required to enter a password for access to the switch. Setting an IP address To access the switch via a Telnet or an SSH connection, you need to have an Internet Protocol (IP) address set for the switch.
The supported SSH encryption and authentication methods are listed below. • Server Host Authentication—Client RSA authenticates the switch in the beginning of every connection • Key Exchange—RSA • Encryption: • • AES256-CBC • AES192-CBC • AES128-CBC • 3DES-CBC • 3DES • ARCFOUR User Authentication—Local password authentication; Remote Authentication Dial-in User Service (RADIUS) The following SSH clients are supported: • SSH 3.0.1 for Linux (freeware) • SecureCRT® 4.1.
Table 2 User access levels User account Description and tasks performed User The User has no direct responsibility for switch management. He or she can view all switch status information and statistics, but cannot make any configuration changes to the switch. The user account is enabled by default, and the default password is user. The Operator has no direct responsibility for switch management.
Typeface or symbol Meaning brackets [ ] Indicate optional elements in syntax descriptions. Do not type the brackets when entering the command. Example: If the command syntax is show ip interface [<1-256>] you can enter show ip interface or show ip interface 1 italic text Indicates variables in command syntax descriptions. Also indicates new terms and book titles. Where a variable is two or more words, the words are connected by a hyphen.
ISCLI basics Introduction The ISCLI is used for viewing switch information and statistics. In addition, the administrator can use the CLI for performing all levels of switch configuration. This chapter describes the ISCLI Command Modes, and provides a list of commands and shortcuts that are commonly available from all the command modes within the ISCLI. Accessing the ISCLI The first time you start this switch, it boots into the AOS CLI.
Global commands Some basic commands are recognized throughout the ISCLI hierarchy. These commands are useful for obtaining online Help, navigating through the interface, and saving configuration changes. To get help about a specific command, type the command, followed by help. The following table describes the global commands. Table 4 Global commands Command Action ? Provides more information about a specific command or lists commands available at the current level.
Command line interface shortcuts The following shortcuts allow you to enter commands quickly and easily. Command abbreviation Most commands can be abbreviated by entering the first characters that distinguish the command from the others in the same mode.
Information Commands Introduction You can view configuration information for the switch in the ISCLI. This chapter discusses how to use the ISCLI to display switch information. The following table describes general information commands. Table 5 Information commands Command Usage show sys-info Displays system information. Command mode: All Displays Layer 2 information. Command mode: All Displays Layer 3 information. Command mode: All Displays Remote Monitoring Information.
System Information commands The following table describes the System Information commands. Table 6 System Information commands Command Usage show snmp-server v3 Displays SNMP v3 information.
SNMPv3 USM User Table information The following command displays SNMPv3 user information: show snmp-server v3 user Command mode: All The User-based Security Model (USM) in SNMPv3 provides security services such as authentication and privacy of messages. This security model makes use of a defined set of user identities displayed in the USM user table.
The following table describes the SNMPv3 View Table information. Table 9 View Table parameters Field Description View Name Subtree Displays the name of the view. Displays the MIB subtree as an OID string. A view subtree is the set of all MIB object instances which have a common Object Identifier prefix to their names. Displays the bit mask. Displays whether a family of view subtrees is included or excluded from the MIB view.
SNMPv3 Group Table information The following command displays SNMPv3 group information: show snmp-server v3 group Command mode: All Sec Model ---------snmpv1 usm usm User Name ----------------------------v1v2only adminmd5 adminsha Group Name ------------------------------v1v2grp admingrp admingrp A group is a combination of security model and security name that defines the access rights assigned to all the security names belonging to that group. The group is identified by a group name.
SNMPv3 Target Address Table information The following command displays SNMPv3 target address information: show snmp-server v3 target-address Command mode: All Name Transport Addr Port Taglist Params ---------- --------------- ---- ---------- --------------trap1 47.81.25.66 162 v1v2trap v1v2param This command displays the SNMPv3 target address table information, which is stored in the SNMP engine. The following table describes the SNMPv3 Target Address Table information.
SNMPv3 Notify Table information The following command displays the SNMPv3 Notify Table: show snmp-server v3 notify Command mode: All Name Tag -------------------- -------------------v1v2trap v1v2trap The following table describes the SNMPv3 Notify Table information. Table 15 SNMPv3 Notify Table information Field Description Name Tag The locally arbitrary, but unique identifier associated with this snmpNotifyEntry.
SNMPv3 dump The following command displays SNMPv3 information: show snmp-server v3 Command mode: All Engine ID = 80:00:07:50:03:00:0F:6A:F8:EF:00 usmUser Table: User Name Protocol -------------------------------- -------------------------------admin NO AUTH, NO PRIVACY adminmd5 HMAC_MD5, DES PRIVACY adminsha HMAC_SHA, DES PRIVACY v1v2only NO AUTH, NO PRIVACY vacmAccess Group Name ---------admin v1v2grp admingrp Table: Model ------usm snmpv1 usm Level -----------noAuthNoPriv noAuthNoPriv authPriv Match --
System information The following command displays system information: show sys-info Command mode: All System Information at Time zone: Asia/Tokyo 6:56:22 Thu Jan 11, 2006 Blade Network Technologies 1Gb Intelligent L2 Switch sysName: sysLocation: RackId: NEC01A 6X00125 RackName: Default_Rack_Name EnclosureSerialNumber: NEC01A 6X00125 EnclosureName: Default_Chassis_Name BayNumber: 1 Switch is up 0 days, 14 hours, 56 minutes and 22 seconds.
Show recent syslog messages The following command displays system log messages: show logging messages Command mode: All Date ---Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Jul 8 Time ---17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:41 17:25:42 17:25:42 17:25:42 17:25:42 17:25:42 17:25:42 Severity level ----------------NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE N
The following table describes the user status information. Table 16 User status Information Field Usage user oper admin Displays the status of the user access level. Displays the status of the oper (operator) access level. Displays the status of the admin (administrator) access level. Layer 2 information The following table describes the Layer 2 Information commands. The following sections provide more detailed information and commands.
FDB information commands The forwarding database (FDB) contains information that maps the media access control (MAC) address of each known device to the switch port where the device address was learned. The FDB also shows which other ports have seen frames destined for a particular MAC address. NOTE: The master forwarding database supports up to 8K MAC address entries on the management processor (MP) per switch.
Spanning Tree information The following command displays Spanning Tree information: show spanning-tree stp <1-32> information Command mode: All -----------------------------------------------------------------upfast disabled, update 40 -----------------------------------------------------------------Spanning Tree Group 1: On (STP/PVST+) VLANs: 1 Current Root: 8000 00:02:a5:d1:0f:ed Parameters: Port ---1 2 3 Priority 32768 Priority -------0 0 0 Path-Cost 8 Hello 2 Cost ---0 0 0 Port 20 MaxAge 20 FastF
Table 19 STP parameters Parameter Description FwdDel The forward delay parameter specifies, in seconds, the amount of time that a bridge port has to wait before it changes from learning state to forwarding state. The aging time parameter specifies, in seconds, the amount of time the bridge waits without receiving a packet from a station before removing the station from the Forwarding Database. The port priority parameter helps determine which bridge port becomes the designated port.
The switch software can be set to use the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) or the IEEE 802.1s Multiple Spanning Tree Protocol (MSTP).
Common Internal Spanning Tree information The following command displays Common Internal Spanning Tree (CIST) information: show spanning-tree mstp cist information Command mode: All Mstp Digest: 0xac36177f50283cd4b83821d8ab26de62 Common Internal Spanning Tree: VLANs: 1 3-4094 Current Root: 8000 00:03:42:fa:3b:80 Path-Cost 11 Port 1 MaxAge 20 FwdDel 15 CIST Regional Root: Path-Cost 8000 00:03:42:fa:3b:80 11 Parameters: Port ---1 2 3 4 5 6 7 8 9 10 11 12 Priority 32768 MaxAge 20 FwdDel 15 Hops 20 Pr
You can also refer to the following port-specific CIST information: • Port number and priority • Cost • State • Role • Designated bridge and port • Hello interval • Link type and port type The following table describes the CIST parameters. Table 21 Common Internal Spanning Tree parameter descriptions Parameter Description CIST Root Shows information about the root bridge for the Common Internal Spanning Tree (CIST). Values on this row of information refer to the CIST root.
Trunk group information The following command displays Trunk Group information: show portchannel information Command mode: All Trunk group 1, Enabled port state: 17: STG 1 forwarding 18: STG 1 forwarding When trunk groups are configured, you can view the state of each port in the various trunk groups. NOTE: If Spanning Tree Protocol on any port in the trunk group is set to forwarding, the remaining ports in the trunk group are set to forwarding.
Layer 3 information The following table describes basic Layer 3 Information commands. The following sections provide more detailed information and commands. Layer 3 functionality is limited in this release. Table 22 Layer 3 information commands Command Usage show ip arp Displays Address Resolution Protocol (ARP) Information. Command mode: All except User EXEC Displays IP Information.
Show all ARP entry information The following command displays ARP information: show ip arp Command mode: All except User EXEC IP address Flags --------------- ----192.168.2.4 192.168.2.19 192.168.2.61 P MAC address ----------------00:50:8b:b2:32:cb 00:0e:7f:25:89:b5 00:0f:6a:ed:46:00 VLAN ---1 1 1 Port ---18 17 The Flag field provides additional information about an entry. If no flag displays, the entry is normal.
IGMP multicast group information The following table describes the commands used to display information about IGMP groups learned by the switch. Table 25 IGMP Multicast Group commands Command Usage show ip igmp groups address show ip igmp groups vlan <1-4095> show ip igmp groups interface show ip igmp groups trunk <1-12> show ip igmp groups Displays a single IGMP multicast group by its IP address.
The following table describes the RMON History Information parameters. Table 27 RMON History Information Command Usage Index IFOID Interval Rbnum Displays the index number that identifies each history instance. Displays the MIB Object Identifier. Displays the time interval for each for each sampling bucket. Displays the number of requested buckets, which is the number of data slots into which data is to be saved. Displays the number of granted buckets that may hold sampled data.
The following table describes the RMON Alarm Information parameters. Table 28 RMON Alarm Information Command Usage Index Interval Displays the index number that identifies each alarm instance. Displays the time interval over which data is sampled and compared with the rising and falling thresholds.
Link status information The following command displays link information: show interface link Command mode: All except User EXEC -----------------------------------------------------------------Port Speed Duplex Flow Ctrl Link --------------- --TX-----RX------1 1000 any yes yes down 2 1000 any yes yes down 3 1000 full yes yes down 4 1000 full yes yes down 5 1000 any yes yes down 6 1000 any yes yes down 7 1000 any yes yes down 8 1000 full yes yes up 9 1000 full yes yes down 10 1000 full yes yes down 11 1000 a
Port information The following command displays port information: show interface information Command mode: All except User EXEC Port Tag RMON PVID NAME ---- --- ---- ---- -------------1 n d 1 Downlink1 2 n d 1 Downlink2 3 n d 1 Downlink3 4 n d 1 Downlink4 5 n d 1 Downlink5 6 n d 1 Downlink6 7 n d 1 Downlink7 8 n d 1 Downlink8 9 n d 1 Downlink9 10 n d 1 Downlink10 11 n d 1 Downlink11 12 n d 1 Downlink12 13 n d 1 Downlink13 14 n d 1 Downlink14 15 n d 1 Downlink15 16 n d 1 Downlink16 17 n d 1 Xconnect1 18 n d
Logical Port to GEA Port mapping The following command displays information about GEA ports: show geaport Command mode: All Logical Port -----------1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 GEA Port(0-based) ----------------1 2 4 7 8 12 13 14 0 3 5 6 9 10 11 15 16 17 18 19 23 22 21 20 GEA Unit --------0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 This display correlates the logical port number to the GEA unit on which each port resides.
Information dump The following command dumps switch information: show information-dump Command mode: All Use the dump command to dump all switch information available from this switch memory (10K or more, depending on your configuration). This data is useful for tuning and debugging switch performance. If you want to capture dump data to a file, set the communication software on your workstation to capture session data prior to issuing the dump commands.
Statistics commands Introduction You can view switch performance statistics in the user, operator, and administrator command modes. This chapter discusses how to use the ISCLI to display switch statistics. The following table describes general Statistics commands. Table 30 Statistics commands Command Usage show layer2 counters Displays Layer 2 Statistics. Command mode: All Displays Layer 3 Statistics. Command mode: All Displays SNMP statistics.
Bridging statistics Use the following command to display the bridging statistics of the selected port: show interface gigabitethernet bridging-counters Command mode: All Bridging statistics for port 1: dot1PortInFrames: dot1PortOutFrames: dot1PortInDiscards: dot1TpLearnedEntryDiscards: dot1StpPortForwardTransitions: 63242584 63277826 0 0 0 The following table describes the bridging statistics for a selected port: Table 32 Bridging statistics for port Statistics Description dot1PortInFrames
The following table describes the Ethernet statistics for a selected port: Table 33 Ethernet statistics for port Statistics Description dot3StatsAlignmentErrors A count of frames received on a particular interface that are not an integral number of octets in length and do not pass the Frame Check Sequence (FCS) check. The count represented by an instance of this object is incremented when the alignmentError status is returned by the MAC service to the Logical Link Control (LLC) (or other MAC user).
Table 33 Ethernet statistics for port Statistics Description dot3StatsFrameTooLongs A count of frames received on a particular interface that exceeds the maximum permitted frame size. The count represented by an instance of this object is incremented when the frameTooLong status is returned by the MAC service to the LLC (or other MAC user). Received frames for which multiple error conditions obtained are, according to the conventions of IEEE 802.
Table 34 Interface statistics for port Statistics Description UcastPkts—IfHCOut The total number of packets that higher-level protocols requested to be transmitted, and which were not addressed to a multicast or broadcast address at this sublayer, including those that were discarded or not sent. The total number of packets that higher-level protocols requested to be transmitted, and which were addressed to a broadcast address at this sublayer, including those that were discarded or not sent.
Link statistics Use the following command to display the link statistics of the selected port: show interface gigabitethernet link-counters Command mode: All Link statistics for port 1: linkStateChange: 2 The following table describes the link statistics for a selected port: Table 36 Link statistics for port Statistic Description linkStateChange The total number of link state changes. Layer 2 statistics The following table describes the Layer 2 statistics commands.
Layer 3 statistics The following table describes basic Layer 3 statistics commands. The following sections provide more detailed information and commands. Layer 3 functionality is limited in this release. Table 39 Layer 3 Statistics commands Command Usage show ip counters Displays IP statistics. Command mode: All except UserEXEC Clears IP statistics. Use this command with caution as it deletes all the IP statistics. Command mode: All except UserEXEC Displays Address Resolution Protocol (ARP) statistics.
Table 40 IP statistics Statistics Description ipInDiscards The number of input IP datagrams for which no problems were encountered to prevent their continued processing, but which were discarded (for example, for lack of buffer space). This counter does not include any datagrams discarded while awaiting re-assembly. The total number of input datagrams successfully delivered to IP user-protocols (including ICMP).
DNS statistics show ip dns counters Command mode: All except User EXEC DNS statistics: dnsInRequests: dnsBadRequests: 0 0 dnsOutRequests: 0 The following table describes the Domain Name System (DNS) statistics: Table 42 DNS statistics Statistic Description dnsInRequests dnsOutRequests dnsBadRequests The total number of DNS request packets that have been received. The total number of DNS response packets that have been transmitted. The total number of DNS request packets received that were dropped.
Table 43 ICMP statistics Statistics Description icmpOutDestUnreachs icmpOutTimeExcds icmpOutParmProbs icmpOutSrcQuenchs The number of ICMP Destination Unreachable messages sent. The number of ICMP Time Exceeded messages sent. The number of ICMP Parameter Problem messages sent. The number of ICMP Source Quench (buffer almost full, stop sending data) messages sent. The number of ICMP Redirect messages sent. The number of ICMP Echo (request) messages sent. The number of ICMP Echo Reply messages sent.
Table 44 TCP statistics Statistics Description tcpRetransSegs The total number of segments retransmitted, that is, the number of TCP segments transmitted containing one or more previously transmitted octets. The total number of segments received in error (for example, bad TCP checksums). The total number of outstanding memory allocations from heap by TCP protocol stack. The total number of outstanding TCP sessions that are currently opened. The number of TCP segments sent containing the reset (RST) flag.
IGMP Multicast Group statistics The following command displays statistics about the use of the IGMP Multicast Groups: show ip igmp counters Command mode: All except User EXEC Enter VLAN number: (1-4095) 1 -----------------------------------------------------------IGMP Snoop vlan 1 statistics: -----------------------------------------------------------rxIgmpValidPkts: 0 rxIgmpInvalidPkts: 0 rxIgmpGenQueries: 0 rxIgmpGrpSpecificQueries: 0 rxIgmpLeaves: 0 rxIgmpReports: 0 txIgmpReports: 0 txIgmpGrpSpecificQuer
TCP statistics The following command displays TCP statistics: show mp tcp-block Command mode: All except User EXEC All TCP allocated control blocks: 10ad41e8: 0.0.0.0 0 <=> 0.0.0.0 10ad5790: 47.81.27.5 1171 <=> 47.80.23.
CPU statistics The following command displays the CPU utilization statistics: show mp cpu Command mode: All except User EXEC CPU utilization: cpuUtil1Second: cpuUtil4Seconds: cpuUtil64Seconds: 8% 9% 8% The following table describes the management port CPU utilization statistics: Table 50 CPU statistics Statistics Description cpuUtil1Second The utilization of MP CPU over 1 second. This is shown as a percentage. The utilization of MP CPU over 4 seconds. This is shown as a percentage.
Table 51 SNMP statistics Statistics Description snmpInASNParseErrs The total number of ASN.1 (Abstract Syntax Notation One) or BER (Basic Encoding Rules), errors encountered by the SNMP protocol entity when decoding SNMP messages received. The Open Systems Interconnection (OSI) method of specifying abstract objects is called ASN.1 (Abstract Syntax Notation One, defined in X.
Table 51 SNMP statistics Statistics Description snmpOutGenErrs The total number of SNMP Protocol Data Units (PDUs), which were generated by the SNMP protocol entity and for which the value of the error-status field is genErr. The total number of SNMP Get-Request Protocol Data Units (PDUs), which have been generated by the SNMP protocol entity. The total number of SNMP Get-Next Protocol Data Units (PDUs), which have been generated by the SNMP protocol entity.
The following table describes the NTP statistics: Table 52 NTP statistics Statistics Description Primary Server Requests Sent: The total number of NTP requests the switch sent to the primary NTP server to synchronize time. Responses Received: The total number of NTP responses received from the primary NTP server. Updates: The total number of times the switch updated its time based on the NTP responses received from the primary NTP server.
Configuration Commands Introduction The Configuration commands are available only from an administrator login. They include commands for configuring every aspect of the switch. Changes can be saved to non-volatile memory (NVRAM). The following table describes the basic Configuration commands. The following sections provide more detailed information and commands. Table 54 Configuration commands Command Usage show running-config Dumps current configuration to a script file.
Table 55 System Configuration commands Command Usage [no] system notice <1-1024 characters multi-line> <’-‘ to end> Displays login notice immediately before the “Enter password:” prompt. This notice can contain up to 1024 characters and new lines. Command mode: Global configuration Configures a login banner of up to 80 characters. When a user or administrator logs into the switch, the login banner is displayed.
Table 56 Syslog Configuration commands Command Description [no] logging log {} Displays a list of features for which syslog messages can be generated. You can choose to enable/disable specific features or enable/disable syslog on all available features. Features include: • console • system • mgmt • cli • stg • vlan • ssh • ntp • ip • web • rmon • ufd Command mode: Global configuration Displays the current syslog settings.
Table 57 SSHD Configuration commands Command Description no ssh scp-enable Disables the SCP apply and save. This is the default for SCP. Command mode: Global configuration Enables the SSH server. Command mode: Global configuration Disables the SSH server. This is the default for the SSH server. Command mode: Global configuration Displays the current SSH server configuration.
TACACS+ server configuration TACACS+ (Terminal Access Controller Access Control System) is an authentication protocol that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be allowed to a given system. TACACS+ and Remote Authentication Dial-In User Service (RADIUS) protocols are more secure than the TACACS encryption protocol. TACACS+ is described in RFC 1492.
IMPORTANT: If TACACS+ is enabled, you must login using TACACS+ authentication when connecting via the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can connect using notacacs and the administrator password even if the backdoor (telnet) or secure backdoor (secbd) are disabled. If Telnet backdoor is enabled (telnet ena), type in notacacs as a backdoor to bypass TACACS+ checking, and use the administrator password to log into the switch.
System SNMP configuration The switch software supports SNMP-based network management. In SNMP model of network management, a management station (client/manager) accesses a set of variables known as MIBs (Management Information Base) provided by the managed device (agent).
SNMPv3 configuration SNMP version 3 (SNMPv3) is an extensible SNMP Framework that supplements the SNMPv2 Framework by supporting the following: • a new SNMP message format • security for messages • access control • remote configuration of SNMP parameters For more details on the SNMPv3 architecture please see RFC2271 to RFC2275. The following table describes the SNMPv3 Configuration commands.
User Security Model configuration You can make use of a defined set of user identities using this Security Model. An SNMP engine must have the knowledge of applicable attributes of a user. These commands help you create a user security model entry for an authorized user. You need to provide a security name to create the USM entry. The following table describes the User Security Model Configuration commands.
SNMPv3 View configuration The following table describes the SNMPv3 View Configuration commands. Table 64 SNMPv3 View Configuration commands Command Description snmp-server view <1-128> name <1-32 characters> Defines the name for a family of view subtrees up to a maximum of 32 characters. Command mode: Global configuration Defines the Object Identifier (OID), a string of maximum 32 characters, which when combined with the corresponding mask defines a family of view subtrees. An example of an OID is 1.3.6.
Table 65 View-based Access Control Configuration commands Command Description show snmp-server access <1-32> Displays the View-based Access Control configuration. Command mode: All SNMPv3 Group configuration The following table describes the SNMPv3 Group Configuration commands. Table 66 SNMPv3 Group Configuration commands Command Description snmp-server group <1-16> security {usm|snmpv1|snmpv2} snmp-server group <1-16> user-name <1-32 characters> Defines the security model.
SNMPv3 Target Address Table configuration These commands allow you to configure an entry of a transport address that transmits SNMP traps. The following table describes the SNMPv3 Target Address Table Configuration commands.
SNMPv3 Notify Table configuration SNMPv3 uses Notification Originator to send out traps. A notification typically monitors a system for particular events or conditions, and generates Notification-Class messages based on these events or conditions. The following table describes the SNMPv3 Notify Table Configuration commands.
User Access Control configuration The following table describes the User Access Control commands. Table 73 User Access Control Configuration commands Command Description access user <1-10> Configures the User ID. Command mode: Global configuration access user eject <1-10> Ejects the selected user from the switch. Command mode: Global configuration Sets the user (user) password (maximum of 128 characters). The user has no direct responsibility for switch management.
HTTPS Access configuration The following table describes the HTTPS Access Configuration commands. Table 75 HTTPS Access Configuration commands Command Description [no] access https enable Enables or disables BBI access (Web access) using HTTPS. The default value is disabled. Command mode: Global configuration Defines the HTTPS Web server port number. Command mode: Global configuration Allows you to generate a certificate to connect to the SSL to be used during the key exchange.
Port configuration Use the port configuration commands to configure settings for individual switch ports. NOTE: Port 19 is reserved for switch management. The following table describes the Port Configuration commands. The following sections provide more detailed information and commands. Table 76 Port Configuration commands Command Description interface gigabitethernet {} pvid {<1-4095>} Enter Interface Port configuration mode for the selected port.
Port link configuration Use these commands to set port parameters for the port link. Link commands are described in the following table. Using these commands, you can set port parameters such as speed, duplex, flow control, and negotiation mode for the port link. The following table describes the Gigabit Link Configuration commands. Table 77 Gigabit Link Configuration commands Command Description speed {10|100|1000|auto} Sets the link speed. Not all options are valid on all ports.
Rapid Spanning Tree Protocol / Multiple Spanning Tree Protocol configuration The switch supports the IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) and IEEE 802.1s Multiple Spanning Tree Protocol (MSTP). MSTP allows you to map many VLANs to a small number of spanning tree groups, each with its own topology. You can configure up to 31 spanning tree groups on the switch (STG 32 is reserved for switch management). MRST is turned off by default.
Common Internal Spanning Tree configuration The Common Internal Spanning Tree (CIST) provides compatibility with different MSTP regions and with devices running different Spanning Tree instances. It is equivalent to Spanning Tree Group 0. The following table describes the commands used to configure CIST commands. Table 80 CIST Configuration commands Command Description spanning-tree mstp cist-add-vlan <1-4095> default spanning-tree mstp cist show spanning-tree mstp cist Adds VLANs to the CIST.
CIST port configuration CIST port parameters are used to modify MRST operation on an individual port basis. CIST parameters do not affect operation of STP/PVST. For each port, CIST is turned on by default. Port parameters include: • Port priority • Port path cost • Port Hello time • Link type • Edge • On and off • Current port configuration The port option of MRST is turned on by default. The following table describes the commands used to configure CIST Port Configuration commands.
Spanning Tree configuration The switch supports the IEEE 802.1d Spanning Tree Protocol (STP) and Cisco proprietary PVST and PVST+ protocols. You can configure up to 31 spanning tree groups on the switch (STG 32 is reserved for switch management). Spanning Tree is turned on by default. NOTE: When RSTP is turned on, only STP group 1 can be configured. The following table describes the Spanning Tree Configuration commands.
Bridge Spanning Tree configuration Spanning tree bridge parameters can be configured for each Spanning Tree Group. STP bridge parameters include: • Bridge priority • Bridge hello time • Bridge maximum age • Forwarding delay • Current bridge configuration The following table describes the Bridge Spanning Tree Configuration commands. Table 84 Bridge Spanning Tree Configuration commands Command Description spanning-tree stp {<1-32>} bridge priority {<0-65535>} Configures the bridge priority.
Spanning Tree port configuration By default for STP/PVST+, Spanning tree is turned Off for downlink ports (1-16), and turned On for cross-connect ports (17-18), and uplink ports (20-24). By default for RSTP/MSTP, Spanning tree is turned On for all downlink ports (1-16), all cross-connect ports (17-18), and all uplink ports (20-24), with downlink ports configured as Edge ports. Spanning tree port parameters are used to modify STP operation on an individual port basis.
Forwarding Database configuration The following table describes the Forwarding Database Configuration commands. Table 86 FDB Configuration commands Command Description aging <0-65535> show mac-address-table Configures the aging value for FDB entries. The default value is 300. Displays current FDB parameters. Static FDB configuration The following table describes the Static FDB Configuration commands.
VLAN configuration The commands in this section configure VLAN attributes, change the status of the VLAN, delete the VLAN, and change the port membership of the VLAN. By default, the VLANs are disabled except VLAN 1, which is always enabled. The switch supports a maximum of 1,000 VLANs. VLAN 4095 is reserved for switch management. NOTE: See the N8406-022 1Gb Intelligent L2 Switch Application Guide for information on VLANs. The following table describes the VLAN Configuration commands.
IP interface configuration The switch can be configured with up to 256 IP interfaces. Each IP interface represents the switch on an IP subnet on your network. The IP Interface option is disabled by default. Interface 256 is reserved for switch management. The following table describes the IP Interface Configuration commands. Table 91 IP Interface Configuration commands Command Description interface ip {<1-256>} Enter IP interface mode.
Address Resolution Protocol configuration Address Resolution Protocol (ARP) is the TCP/IP protocol that resides within the Internet layer. ARP resolves a physical address from an IP address. ARP queries machines on the local network for their physical addresses. ARP also maintains IP to physical address pairs in its cache memory. In any IP communication, the ARP cache is consulted to see if the IP address of the computer or the router is present in the ARP cache.
Table 94 IGMP Snooping commands Command Description [no] ip igmp snoop vlan <1-4095> fastleave Enables or disables Fastleave processing. Fastleave allows the switch to immediately remove a port from the IGMP port list, if the host sends a Leave message, and the proper conditions are met. This command is disabled by default. Command mode: Global configuration Enables IGMP Snooping. Command mode: Global configuration Disables IGMP Snooping.
IGMP filter definition The following table describes the IGMP Filter Definition commands. Table 97 IGMP Filter Definition commands Command Description ip igmp profile <1-16> range Configures the range of IP multicast addresses for this filter. Enter the first IP multicast address of the ranger, followed by the second IP multicast address of the range.
Remote Monitoring configuration Remote Monitoring (RMON) allows you to monitor traffic flowing through the switch. The RMON MIB is described in RFC 1757. The following table describes the RMON Configuration commands. Table 100 RMON commands Command Description show rmon Displays the current RMON configuration. Command mode: All RMON history configuration The switch supports up to five History Groups. The following table describes the RMON History commands.
Table 102 RMON Event commands Command Description no rmon event <1-65535> Deletes this event index. Command mode: Global configuration Displays the current RMON Event parameters. Command mode: All show rmon event RMON alarm configuration The Alarm RMON group can track rising or falling values for a MIB object. The MIB object must be a counter, gauge, integer, or time interval. Each alarm index must correspond to an event index that triggers once the alarm threshold is crossed.
Port mirroring Port Mirroring is used to configure, enable, and disable the monitored port. When enabled, network packets being sent and/or received on a target port are duplicated and sent to a monitor port. By attaching a network analyzer to the monitor port, you can collect detailed information about your network performance and usage. Port mirroring is disabled by default.
Failure Detection Pair configuration Use these commands to configure a Failure Detection Pair, which consists of one Link to Monitor (LtM) and one Link to Disable (LtD). When the switch detects a failure on the LtM, it automatically disables the ports in the LtD. The following table describes the Failure Detection Pair (FDP) configuration commands. Table 107 Failure Detection Pair Configuration commands Command Description ufd fdp enable Enables the FDP Parameters.
Saving the active switch configuration When the copy running-config tftp command is used, the active configuration commands of the switch will be uploaded to the specified script configuration file on the TFTP server. To start the switch configuration upload, at the prompt, enter: Switch(config)# copy running-config tftp NOTE: The output file is formatted with line-breaks but no carriage returns. The file cannot be viewed with editors that require carriage returns (such as Microsoft Notepad).
Operations Commands Introduction Operations-level commands are used for making immediate and temporary changes to switch configuration. Operations commands are used for bringing ports temporarily in and out of service. These commands are available only from an administrator and operator login. The following table describes basic Operations commands. The following sections provide more detailed information and commands.
Boot Options Introduction You must be logged in to the switch as the administrator to use the Boot Options commands. The Boot Options allow you to perform the following functions: • Select a switch software image to be used when the switch is next reloaded. • Select a configuration block to be used when the switch is next reloaded. • Download or upload a new software image to the switch via TFTP. Each of the Boot Options commands is discussed in the following sections.
5. The system prompts you to confirm your request. You should next select a software image to run, as described in the “Selecting a Soft Image to Run” section. 6. If you are loading an image from which you are not currently booted, the system prompts you to change the image. image2 currently contains Software Version 1.1.0 that was downloaded at 15:46:36 Wed Apr 23, 2006. New download will replace image2 with file "1.1.0_OS.img" from TFTP server 192.168.2.4.
5. The system then requests confirmation of what you have entered. To have the file uploaded, enter y. image2 currently contains Software Version 1.1.0 Upload will transfer image2 (1889411 bytes) to file "test" on TFTP server 192.1.1.1. Confirm upload operation [y/n]: y Selecting a configuration block When you make configuration changes to the switch, you must save the changes so that they are retained beyond the next time the switch is reset.
Maintenance Commands Introduction The Maintenance commands are used for debugging purposes, enabling you to generate a technical support dump of the critical state information in the switch, and to clear entries in the Forwarding Database and the Address Resolution Protocol (ARP) and routing tables. These commands are available only from an administrator login.
Debugging options The Miscellaneous Debug commands display trace buffer information about events that can be helpful in understanding switch operation. You can view the following information using Debug commands: • Events traced by the management processor (MP) • Events traced to a buffer area when a reset occurs If the switch resets for any reason, the management processor (MP) trace buffer is saved into the snap trace buffer area.
IGMP Snooping maintenance The following table describes the IGMP Snooping Maintenance commands. Table 116 IGMP Snooping Maintenance commands Command Usage show ip igmp groups address show ip igmp groups vlan <1-4095> Shows a single IGMP Multicast group by IP address. Command mode: All except User EXEC Shows IGMP Multicast groups on a single VLAN. Command mode: All except User EXEC Shows IGMP Multicast groups on a single port.
TFTP system dump put Use this command to put (save) the system dump to a TFTP server. NOTE: If the TFTP server is running SunOS or the Solaris operating system, the specified copy flash-dump tftp (or ftp)file must exist prior to executing the copy flash-dump tftp command (or copy flash-dump tftp) command, and must be writable (set with proper permission, and not locked by any application). The contents of the specified file will be replaced with the current dump data.
Unscheduled system dumps If there is an unscheduled system dump to flash memory, the following message is displayed when you log on to the switch: Note: A system dump exists in FLASH. The dump was saved at 13:43:22 Wednesday October 30, 2006. Use show flash-dump uuencode to extract the dump for analysis and clear flash-dump to clear the FLASH region. The region must be cleared before another dump can be saved.
Index A abbreviating commands, 14 access control, user, 70 active configuration block, 59, 97 active switch configuration: gtcfg, 93; ptcfg, 92; restoring, 93 Address Resolution Protocol (ARP): address list, 99 Address Resolution Protocol (ARP) Menu, 33 aging: STP information, 28, 29 apply command, 13 auto-negotiation: enable/disable on port, 75; flow control configuration, 75 B backup configuration block, 59, 97 banner (system option), 60 Boot Options Menu, 95 bootstrap protocol (BOOTP): obtain the IP add
S save command, 13, 97 save n command, 13 secret, radius server, 62 Secure Shell (SSH): encryption and authentication methods, 9 Secure Shell Server (SSHD) Menu, 61 shortcuts, 14 snap traces, buffer, 99 SNMP: set and get access, 65 SNMPv3 Access Table information, 18 SNMPv3 Community Table information, 19 SNMPv3 dump, 22 SNMPv3 Group Table information, 19 SNMPv3 Information Menu, 16 SNMPv3 Notify Table information, 21 SNMPv3 Target Address Table information, 20 SNMPv3 Target Parameters Table information, 20
