M4500 Intelligent Fully Managed Switches Software Version 7.0.0 Model M4500-32C Model M4500-48XF8C August 2020 202-12041-03 NETGEAR, Inc. 350 E.
Support and Community Visit netgear.com/support to get your questions answered and access the latest downloads. You can also check out our NETGEAR Community for helpful advice at community.netgear.com. Regulatory and Legal Si ce produit est vendu au Canada, vous pouvez accéder à ce document en français canadien à https://www.netgear.com/support/download/. (If this product is sold in Canada, you can access this document in Canadian French at https://www.netgear.com/support/download/.
CONTENTS 1. INTRODUCTION ................................................................................................................ 63 1.1. Product Overview ....................................................................................... 63 1.1.1. Simplicity .................................................................................................... 63 1.1.2. High Availability .......................................................................................... 63 1.1.3.
3.3.2. Using the Service Port or Network Interface for Remote Management......... 79 3.3.2.1. Configuring Service Port Information ................................................................ 80 3.3.2.2. Configuring the In-Band Network Interface....................................................... 80 3.3.2.3. Firmware Image Update..................................................................................... 81 4. COMMAND LINE INTERFACE STRUCTURE AND MODE-BASED CLI.......................
.1.20. show process proc-list ............................................................................... 102 5.1.21. show environment .................................................................................... 102 5.1.22. show configuration files ............................................................................ 104 5.1.23. process cpu threshold ............................................................................... 104 5.1.24. memory free low-watermark processor ..
5.2.1.14.1. ..... interface .....................................................................................................................................131 5.2.1.14.2. ..... description .................................................................................................................................132 5.2.1.14.3. ..... no description ............................................................................................................................132 5.2.1.14.4. .....
5.2.4.4. vlan makestatic................................................................................................. 144 5.2.4.5. vlan name ......................................................................................................... 145 5.2.4.6. no vlan name .................................................................................................... 145 5.2.4.7. switchport acceptable-frame-types ................................................................. 145 5.2.4.8.
5.2.6. Switch Ports .............................................................................................. 154 5.2.6.1. switchport mode .............................................................................................. 154 5.2.6.2. no switchport mode ......................................................................................... 155 5.2.6.3. switchport trunk allowed vlan ......................................................................... 155 5.2.6.4.
5.2.8.13. no ip igmp snooping mcrtrexpiretime ............................................................. 164 5.2.8.14. ip igmp snooping mrouter ................................................................................ 164 5.2.8.15. no ip igmp snooping mrouter .......................................................................... 165 5.2.8.16. set igmp ............................................................................................................ 165 5.2.8.17.
5.2.9.3. ip igmp snooping querier address .................................................................... 174 5.2.9.4. no ip igmp snooping querier address............................................................... 175 5.2.9.5. ip igmp snooping querier query-interval ......................................................... 175 5.2.9.6. no ip igmp snooping querier query-interval .................................................... 175 5.2.9.7.
5.2.10.17. no ipv6 mld snooping fast-leave ...................................................................... 185 5.2.10.18. ipv6 mld snooping groupmembershipinterval ................................................. 186 5.2.10.19. no ipv6 mld snooping groupmembershipinterval............................................ 186 5.2.10.20. ipv6 mld snooping mcrtrexpiretime................................................................. 186 5.2.10.21. no ipv6 mld snooping mcrtrexpiretime .....................
5.2.11.15. no ipv6 mld snooping querier vlan address ..................................................... 194 5.2.11.16. ipv6 mld snooping querier vlan election participate ....................................... 195 5.2.11.17. no ipv6 mld snooping querier vlan election participate .................................. 195 5.2.12. Port-Channel/LAG (802.3ad) Commands .................................................... 195 5.2.12.1. show interface port-channel brief .........................................
5.2.12.31. lacp fallback ...................................................................................................... 208 5.2.12.32. no lacp fallback ................................................................................................. 209 5.2.12.33. lacp fallback timeout ........................................................................................ 209 5.2.12.34. no lacp fallback timeout ...................................................................................
5.2.13.25. storm-control unicast rate ............................................................................... 220 5.2.13.26. no storm-control unicast rate .......................................................................... 220 5.2.14. Port Mirror Commands.............................................................................. 221 5.2.14.1. show port-mirror session ................................................................................. 221 5.2.14.2.
5.3.1. switchport priority all ................................................................................ 232 5.3.2. no switchport priority all ........................................................................... 232 5.3.3. switchport priority .................................................................................... 232 5.3.4. no switchport priority ............................................................................... 232 5.4. Management Commands ..................
5.4.3.1. telnet ................................................................................................................ 241 5.4.3.2. show line vty..................................................................................................... 242 5.4.3.3. line vty .............................................................................................................. 242 5.4.3.4. exec-timeout .........................................................................................
5.4.4.14. no snmp-server filter [] ........................................... 254 5.4.4.15. show snmp user ............................................................................................... 254 5.4.4.16. snmp-server user.............................................................................................. 255 5.4.4.17. no snmp-server user ........................................................................................ 255 5.4.4.18.
5.4.5.24. no snmp-server enable traps powersupply ..................................................... 266 5.4.5.25. snmp-server enable traps stpmode ................................................................. 267 5.4.5.26. no snmp-server enable traps stpmode ............................................................ 267 5.4.5.27. snmp-server enable traps temperature ........................................................... 267 5.4.5.28. no snmp-server enable traps temperature...........
5.4.8.1. crypto key generation {RSA|DSA} .................................................................... 275 5.4.8.2. no crypto key generate {RSA | DSA} ................................................................ 276 5.4.8.3. crypto certificate generation ........................................................................... 276 5.4.8.4. no crypto certificate generate ......................................................................... 276 5.4.9. DHCP Client Commands ...........
5.4.10.23. no sflow sampler rate....................................................................................... 286 5.4.10.24. sflow sampler maxheadersize .......................................................................... 286 5.4.10.25. no sflow sampler maxheadersize ..................................................................... 286 5.4.11. Service Port Commands ............................................................................. 286 5.4.11.1. show serviceport ............
5.4.13.6. no kron policy-list ............................................................................... 298 5.4.13.7. cli … .................................................................................... 298 5.4.13.8. no cli … ............................................................................. 299 5.4.14. Switch Database Management Template Commands ................................. 299 5.4.14.1. show sdm prefer ...................
5.5.3. show spanning-tree vlan ........................................................................... 327 5.5.4. show spanning-tree mst detailed............................................................... 328 5.5.5. show spanning-tree mst summary ............................................................. 328 5.5.6. show spanning-tree mst port detailed ....................................................... 329 5.5.7. show spanning-tree mst port summary ...................................
5.5.37. no spanning-tree mst ................................................................................ 339 5.5.38. spanning-tree port mode ........................................................................... 339 5.5.39. no spanning-tree port mode ...................................................................... 340 5.5.40. spanning-tree port model all ..................................................................... 340 5.5.41. no spanning-tree port mode all .................
5.6.15. logging syslog facility ................................................................................. 352 5.6.16. logging syslog source-interface .................................................................. 352 5.6.17. logging console ......................................................................................... 352 5.6.18. logging console severity level .................................................................... 353 5.6.19. logging monitor ....................
5.9.3. show users accounts ................................................................................. 369 5.9.4. show passwords configuration .................................................................. 371 5.9.5. show passwords result .............................................................................. 372 5.9.6. username .................................................................................................. 373 5.9.7. no username .................................
5.10.9. clear dot1x authentication-history............................................................. 390 5.10.10. clear RADIUS statistics ............................................................................... 390 5.10.11. dot1x eapolflood ....................................................................................... 391 5.10.12. no dot1x eapolflood .................................................................................. 391 5.10.13. dot1x dynamic-vlan enable..........
5.11.4. no aaa authentication login ....................................................................... 401 5.11.5. aaa accounting .......................................................................................... 401 5.11.6. no aaa accounting ..................................................................................... 402 5.11.7. accounting ................................................................................................ 403 5.11.8. no aaa accounting ...........
5.12.27. radius server timeout ................................................................................ 422 5.12.28. no radius server timeout ........................................................................... 422 5.12.29. radius source-interface .............................................................................. 423 5.12.30. no radius source-interface ......................................................................... 423 5.13. TACACS+ Commands ....................
5.14.7. port-security max-dynamic ........................................................................ 435 5.14.8. no port-security max-dynamic ................................................................... 435 5.14.9. port-security max-static ............................................................................ 436 5.14.10. no port-security max-static........................................................................ 436 5.14.11. port-security mac-address .....................
5.15.23. lldp timers ................................................................................................. 451 5.15.24. no lldp timers ............................................................................................ 451 5.15.25. lldp tx-delay .............................................................................................. 451 5.15.26. no lldp tx-delay ......................................................................................... 451 5.15.27.
5.16.1.18. clear ipv6 neighbors ......................................................................................... 461 5.16.1.19. clear ipv6 statistics ........................................................................................... 461 5.16.1.20. clear ipv6 dhcp statistics .................................................................................. 461 5.16.1.21. clear ipv6 dhcp statistics per interface ............................................................ 462 5.16.1.22.
5.16.16.2. boot-system autoinstall ................................................................................... 475 5.16.16.3. boot-system host autoinstall ........................................................................... 475 5.16.16.4. no boot-system host autoinstall ...................................................................... 475 5.16.16.5. boot-system host autosave .............................................................................. 475 5.16.16.6.
5.16.24. file verify ................................................................................................... 485 5.17. DHCP Snooping Commands ....................................................................... 487 5.17.1. show ip dhcp snooping .............................................................................. 487 5.17.2. show ip dhcp snooping per interface ......................................................... 488 5.17.3. show ip dhcp snooping binding.................
5.18.1.2. show ip verify source ....................................................................................... 501 5.18.1.3. show ip source binding .................................................................................... 501 5.18.2. Configuration commands .......................................................................... 502 5.18.2.1. ip verify source ................................................................................................. 502 5.18.2.2.
5.20.2.9. match destination-address mac ....................................................................... 515 5.20.2.10. match dstip ....................................................................................................... 516 5.20.2.11. match dstI4port ................................................................................................ 516 5.20.2.12. match ethertype ............................................................................................... 517 5.20.2.
5.20.4.1. service-policy .................................................................................................... 531 5.20.4.2. no service-policy............................................................................................... 532 5.20.5. Show commands ....................................................................................... 532 5.20.5.1. show class-map ................................................................................................ 532 5.20.5.
5.22.2. Configuration Commands .......................................................................... 559 5.22.2.1. ipv6 access-list .................................................................................................. 559 5.22.2.2. ipv6 access-list rename .................................................................................... 560 5.22.2.3. ipv6 access-list resequence .............................................................................. 560 5.22.2.4.
5.25. Domain Name Server Client Commands..................................................... 580 5.25.1. show hosts ................................................................................................ 580 5.25.2. ip host ....................................................................................................... 581 5.25.3. no ip host .................................................................................................. 581 5.25.4. clear host ....................
5.27.1. mlag .......................................................................................................... 592 5.27.2. no mlag ..................................................................................................... 592 5.27.3. mlag domain ............................................................................................. 592 5.27.4. no mlag domain ........................................................................................ 593 5.27.5.
5.29.1. vxlan mode ............................................................................................... 608 5.29.2. no vxlan mode .......................................................................................... 608 5.29.3. vxlan source-interface ............................................................................... 608 5.29.4. no vxlan source-interface .......................................................................... 609 5.29.5. vxlan udp-port ................
5.31.5. role description ......................................................................................... 622 5.31.6. no role description .................................................................................... 622 5.31.7. rule command ........................................................................................... 623 5.31.8. no rule (to delete a rule of command string) .............................................. 623 5.31.9. rule feature .........................
6.1.1.2. show ip arp brief .............................................................................................. 637 6.1.1.3. show ip arp static ............................................................................................. 638 6.1.2. Configuraton commands ........................................................................... 638 6.1.2.1. arp .................................................................................................................... 638 6.1.2.2.
6.2.1.19. show ip load-sharing ........................................................................................ 658 6.2.1.20. show bfd neighbors .......................................................................................... 658 6.2.2. Configuration commands .......................................................................... 659 6.2.2.1. routing .............................................................................................................. 659 6.2.2.2.
6.3.1.14. show ip ospf traffic ........................................................................................... 683 6.3.1.15. show ip ospf virtual-link ................................................................................... 684 6.3.1.16. show ip ospf virtual-link brief........................................................................... 685 6.3.1.17. show ip ospf lsa-group ..................................................................................... 685 6.3.2.
6.3.2.30. clear ip ospf redistribution ............................................................................... 696 6.3.2.31. clear ip ospf stub-router................................................................................... 697 6.3.2.32. default-information originate .......................................................................... 697 6.3.2.33. default-metric .................................................................................................. 697 6.3.2.34.
6.4.2. Configuration commands .......................................................................... 708 6.4.2.1. bootpdhcprelay cidoptmode ........................................................................... 708 6.4.2.2. bootpdhcprelay maxhopcount ......................................................................... 709 6.4.2.3. bootpdhcprelay minwaittime .......................................................................... 709 6.5. IP Helper Commands ..........................
6.8.2.7. ip vrrp authentication ...................................................................................... 723 6.8.2.8. ip vrrp preempt ................................................................................................ 723 6.8.2.9. ip vrrp priority .................................................................................................. 723 6.8.2.10. ip vrrp timers advertise .................................................................................... 724 6.
6.9.2.22. set metric.......................................................................................................... 741 6.9.2.23. clear ip prefix-list .............................................................................................. 742 6.9.2.24. clear ipv6 prefix-list .......................................................................................... 742 6.10. Border Gateway Protocol (BGP) Commands............................................... 743 6.10.1.
6.10.2. Configuration commands .......................................................................... 778 6.10.2.1. router bgp......................................................................................................... 778 6.10.2.2. enable ............................................................................................................... 778 6.10.2.3. aggregate-address ............................................................................................ 778 6.10.
6.10.2.34. neighbor remote-as.......................................................................................... 795 6.10.2.35. neighbor remove-private-as ............................................................................ 796 6.10.2.36. neighbor route-map ......................................................................................... 797 6.10.2.37. neighbor route-reflector-client ........................................................................ 798 6.10.2.38.
6.10.2.68. address-family ipv6 .......................................................................................... 817 6.10.2.69. address-family vpnv4 ....................................................................................... 817 6.10.2.70. neighbor allowas-in .......................................................................................... 817 6.11. VRRPv3 Commands ................................................................................... 819 6.11.1. Show commands .
6.13.2.3. clear counter bhd ............................................................................................. 832 6.14. IP Event Dampening Commands ................................................................ 833 6.14.1.1. dampening........................................................................................................ 833 6.14.1.2. show dampening interface............................................................................... 833 7. IP MULTICAST COMMANDS ....
7.2.2.6. clear ipv6 mld counters .................................................................................... 850 7.2.2.7. clear ipv6 mld traffic ........................................................................................ 850 7.2.2.8. ipv6 mld version ............................................................................................... 850 7.2.2.9. ipv6 mld reset-status........................................................................................ 851 7.2.2.
7.4.1.7. show ip pim ssm ............................................................................................... 869 7.4.1.8. show ip pim statistic ......................................................................................... 869 7.4.1.9. show ip mfc ...................................................................................................... 870 7.4.1.10. clear ip pim statistics ........................................................................................
7.5.2.7. ipv6 pim join-prune-interval ............................................................................ 886 7.5.2.8. ipv6 pim rp-address.......................................................................................... 886 7.5.2.9. ipv6 pim rp-candiate ........................................................................................ 887 7.5.2.10. ipv6 pim spt-threshold ..................................................................................... 888 7.5.2.11.
8.3.2.3. ipv6 enable ....................................................................................................... 912 8.3.2.4. ipv6 address ..................................................................................................... 913 8.3.2.5. ipv6 address autoconfig ................................................................................... 914 8.3.2.6. ipv6 address dhcp............................................................................................. 914 8.
8.4.1.8. show ipv6 ospf interface brief.......................................................................... 933 8.4.1.9. show ipv6 ospf interface stats ......................................................................... 934 8.4.1.10. show ipv6 ospf lsa-group ................................................................................. 935 8.4.1.11. show ipv6 ospf max-metric .............................................................................. 936 8.4.1.12.
8.4.2.24. area stub no-summary ..................................................................................... 952 8.4.2.25. area virtual-link ................................................................................................ 952 8.4.2.26. area virtual-link dead-interval .......................................................................... 953 8.4.2.27. area virtual-link hello-interval .......................................................................... 953 8.4.2.28.
8.5.2.3. set ipv6 next-hop.............................................................................................. 967 8.5.2.4. clear ipv6 prefix-list .......................................................................................... 967 8.6. DHCPv6 Snooping Commands .................................................................... 968 8.6.1. show ipv6 dhcp snooping .......................................................................... 968 8.6.2.
10. 9.1.6. show fip-snooping statistics ...................................................................... 985 9.1.7. feature fip-snooping .................................................................................. 986 9.1.8. fip-snooping enable................................................................................... 987 9.1.9. fip-snooping fc-map .................................................................................. 987 9.1.10. fip-snooping port-mode fcf .........
11. 12. 10.2.7. dstat ....................................................................................................... 1004 10.2.8. exec ........................................................................................................ 1004 10.2.9. matchpattern .......................................................................................... 1005 10.2.10. forward ................................................................................................... 1005 10.2.11.
12.2.2. show exception kernel-dump list ............................................................. 1018 12.2.3. show exception kernel-dump log ............................................................. 1018 12.2.4. exception kernel-dump ........................................................................... 1018 12.2.5. exception kernel-dump path ................................................................... 1019 12.3. Memory Buffer Commands ..........................................
1. Introduction 1.1. Product Overview The switch provides high performance, high availability, and simplicity of management. The switch is designed for adaptability and scalability for campus use and data center use. 1.1.1. Simplicity The switch can be managed through industry standard command-line interface (CLI) which reduces the training and operating costs.
1.1.4. Advance IPv4 and IPv6 Routing The switch is a full layer 2 and layer 3 routing switch that supports advanced IPv4 and IPv6 routing features such as OSPFv2, BGP4, and OSPFv3. The multicast routing features for IGMP v1/v2/v3, PIM-SM, MLD v1/v2 and PIMSM6 are all supported. 1.1.5. Data Center Application The switch is an IEEE DCB-based switch delivering a high-performance solution to integrate server edge access. The key features include: - Enhanced Transmission Selection (ETS, 802.
⚫ IP Routing support ⚫ OSPF v2 and v3 support ⚫ BGP4 Support ⚫ Router Discovery Protocol support ⚫ Virtual Router Redundancy Protocol (VRRP) v2 support ⚫ VLAN Routing support ⚫ 32-way ECMP support ⚫ 31 subnets support ⚫ Source IP configuration support ⚫ Policy Based Routing (PBR) ⚫ IP Multicast support ⚫ IGMP v1, v2, and v3 support ⚫ Protocol Independent Multicast - Sparse Mode (PIM-SM) support for IPv4 and IPv6 ⚫ IPv6 function • Supports DHCPv6 protocol, OSPFv3 protocol, Tunneli
⚫ CLI Scheduler support ⚫ Simple Network Time Protocol support ⚫ SSH Secure Shell v2.0 support; not support SSH v1.5. ⚫ SSL Secure HTTP TLS Version 1 and SSL version 3 support ⚫ Auto Install Support ⚫ Fiber Channel Over Ethernet(FCoE) • ⚫ FIP Snooping Data Center Bridge (DCB) • Enhanced Transmission Selection (ETS, IEEE 802.1Qaz) • Priority Flow Control (PFC, IEEE 802.1Qbb) • Application Priority (IEEE 802.1Qaz) ⚫ Data Center Bridge Exchange (DCBX, IEEE802.1Qaz) • CEE 1.
1.5. SNMP-Based Management You can manage the Switch with an SNMP-compatible console program. The Switch supports SNMP version 1.0, version 2.0, and version 3.0. The SNMP agent decodes the incoming SNMP messages and responds to requests with MIB objects stored in the database.
⚫ QOS-COS-MIB ⚫ QOS-AUTOVOIP-MIB ⚫ QOS-DIFFSERV-PRIVATE-MIB ⚫ QOS-ISCSI-MIB ⚫ RFC 1907 - SNMPv2-MIB ⚫ RFC 2465 - IPV6-MIB ⚫ RFC 2466 - IPV6-ICMP-MIB ⚫ TACACS-MIB ⚫ IGMP/MLD Snooping ⚫ IGMP/MLD Layer2 Multicast ⚫ QoS – IPv6 ACL ⚫ Guest VLAN ⚫ LLDP-MIB ⚫ LLDP MED ⚫ RFC 2925 (DISMAN-TRACEROUTE-MIB) ⚫ OSPFV3-MIB ⚫ RFC 2571 - SNMP-FRAMEWORK-MIB ⚫ RFC 2572 - SNMP-MPD-MIB ⚫ RFC 2573 - SNMP-NOTIFICATION-MIB ⚫ RFC 2573 - SNMP-TARGET-MIB ⚫ RFC 2574 - SNMP-USER-BASED-SM-MIB ⚫
⚫ PORTSECURITY-PRIVATE-MIB ⚫ RADIUS-CLIENT-PRIVATE-MIB ⚫ RFC 5060 - PIM-STD-MIB ⚫ RFC 5240 - PIM-BSR-MIB ⚫ RFC 3419 - TRANSPORT-ADDRESS-MIB ⚫ IANA-MAU-MIB NETGEAR M4500 Series Switches CLI Command Reference Manual 69
2. Quick Startup 2.1. Quick-Start the Switch 1. Read the device Installation Guide for the connectivity procedure. In-band connectivity allows access to the Switch locally. From a remote workstation, the device must be configured with IP information (IP address, subnet mask, and default gateway). 2. Turn the Power ON. 3. Allow the device to load the software until the login prompt appears. The device initial state is called the default mode. 4.
2.2.1. Switch CLI Access Using a Console When a user logs in to the switch using serial console connection, the system automatically logs in to the switch Linux shell and prompts the user to log in to switch CLI, as shown in the following example: Ubuntu 16.04 LTS M4500-48XF8C ttyS0 M4500-48XF8C login: admin (automatic login) Last login: Tue Sep 17 05:38:06 UTC 2019 from 10.1.109.26 on pts/1 Welcome to Ubuntu 16.04 LTS (GNU/Linux 4.14.4 x86_64) * Documentation: https://help.ubuntu.
2.2.2. Switch CLI Access Using SSH Standard Port 22 A user can log in to the switch by using an SSH connection over standard port 22 with the default user name admin and default password EndGame, as shown in the following example: switch$ ssh admin@10.1.18.206 admin@10.1.18.206's password: Welcome to Ubuntu 16.04 LTS (GNU/Linux 4.14.4 x86_64) * Documentation: https://help.ubuntu.com/ Last login: Tue Sep 24 05:32:19 2019 from 10.1.51.30 Initializing console session.
2.2.4. Switch CLI Access Using Telnet Special Port 1223 Access to the switch CLI using Telnet special port 1223 follows the same process as access to the switch CLI using SSH special port 1234. 2.2.5. Limitations for a Guest User Login ⚫ A guest user cannot change the password. Only an admin user can change the password for a guest password. ⚫ A guest cannot log in using default password. Guest user access is denied until an admin user sets up the password for the guest user.
Physical Mode - Selects the desired port speed and duplex mode Physical Status - Indicates the port speed and duplex mode Link Status - Indicates whether the link is up or down Link Trap - Determines whether or not to send a trap when link status changes LACP Mode - Displays whether LACP is enabled or disabled on this port Flow Mode - Indicates the status of flow control on this port Cap. Status - Indicates the port capabilities during autonegotiation 2.3.3. Quick Startup User Account Management Table 2-3.
Table 2-4. Quick Start up IP Address Command show ip interface Details Displays the Network Configurations Interface Status – Indicates whether the interface is up or down. IP Address - IP Address of the interface Subnet Mask - IP Subnet Mask for the interface. MAC Address - The MAC Address used for this in-band connectivity Network Configurations Protocol Current - Indicates which network protocol is being used. Default is None.
2.3.6. Quick Startup Factory Defaults Table 2-6. Quick Start up Factory Defaults Command clear config copy running-config startup-config reload [warm] Details Enter yes when the prompt pops up to clear all the configurations made to the switch. You can also decide if the IP settings of service port be kept or not in this command. Enter yes when the prompt pops up that asks if you want to save the configurations made to the switch.
3. Console and Telnet Administration Interface This chapter discusses many of the features used to manage the Switch, and explains many concepts and important points regarding these features. Configuring the Switch to implement these concepts is discussed in detail in chapter 5. The command-line interface (CLI) provides a text-based way to manage and monitor the switch features. You can access the CLI by using a direct connection to the console port or by using a Telnet or SSH client.
3. Set the console to use the following communication parameters for your terminal: ⚫ The console port is set for the following configuration: ⚫ Baud rate: 115,200 ⚫ Data width: 8 bits ⚫ Parity: none ⚫ Stop bits: 1 ⚫ Flow Control: none A typical console connection is illustrated below: Figure 3-1: Console Setting Environment 3.3.
User:admin Password:*********** (M4500-48XF8C) # ⚫ SSH via port standard port 22. Example: my-ubuntu:~$ ssh admin@10.1.18.206 admin@10.1.18.206's password: Welcome to Ubuntu 16.04 LTS (GNU/Linux 4.14.4 x86_64) * Documentation: https://help.ubuntu.com/ Last login: Sun Sep 8 07:16:34 2019 from 10.1.50.127 Initializing console session. Press ^z to exit Connecting to /dev/pts/0 User:admin Password:*********** (M4500-48XF8C) # 3.3.2.
3.3.2.1. Configuring Service Port Information To disable DHCP/BootP and manually assign an IPv4 address, enter commands under Global Configuration mode: serviceport protocol none serviceport ip ipaddress netmask For example, serviceport ip 192.168.2.22 255.255.255.
ip address ipaddr subnet-mask To manually configure the IPv6 address, subnet mask, use: interface vlan 1 ipv6 address prefix /prefix-length 3.3.2.3. Firmware Image Update Starting with release 7.0.1.x, the M4500 series switches support signed firmware images only. Therefore, updating firmware directly from an unsigned 7.0.0.x image to a signed 7.0.1.x image is not supported. To update firmware from a 7.0.0.x image to a 7.0.1.
4. Command Line Interface Structure and Modebased CLI The Command Line Interface (CLI) syntax, conventions, and terminology are described in this section. Each CLI command is illustrated using the structure outlined below. 4.1. CLI Command Format Commands are followed by values, parameters, or both. Example 1 ip address [] ⚫ ip address is the command name. ⚫ are the required values for the command. ⚫ [] is the optional value for the command.
4.2. CLI Mode-based Topology 4.2.1. Parameters Parameters are order dependent. The text in bold italics should be replaced with a name or number. To use spaces as part of a name parameter, enclose it in double quotes like this: "System Name with Spaces". Parameters may be mandatory values, optional values, choices, or a combination. ⚫ . The <> angle brackets indicate that a mandatory parameter must be entered in place of the brackets and text inside them. ⚫ [parameter].
This parameter denotes a valid slot number, and a valid port number. For example, 0/1 represents unit number 1, slot number 0 and port number 1. The field is composed of a valid slot number and a valid port number separated by a forward slash (/). ⚫ logical slot/port This parameter denotes a logical slot number, and logical port number assigned. This is applicable in the case of a port-channel (LAG).
show ip interface 0/1 !Displays the information about the first interface ! Display information about the next interface show ip interface 0/2 ! End of the script file NETGEAR M4500 Series Switches CLI Command Reference Manual 85
5. Switching Commands 5.1. System Information and Statistics Commands This section describes the commands that use to display system information or statistics. 5.1.1. show arp This command displays connectivity between the switch and other devices from service port or management port. The Address Resolution Protocol (ARP) cache identifies the MAC addresses of the IP stations communicating with the switch.
5.1.3. show process cpu This command provides the percentage utilization of the CPU by different tasks. Format show process cpu Default None Mode Privileged Exec Example: (M4500-32C) #show process cpu Memory and Process CPU Utilization Info of Unit:1 Memory Utilization Report status KBytes ------ ---------free 1277836 alloc 792756 CPU Utilization: PID Name 5 Secs 60 Secs 300 Secs ---------- ------------------- -------- -------- -------10 (rcu_sched) 0.00% 0.06% 0.07% 15 (kworker/1:0) 0.00% 0.01% 0.
5.1.4. show process cpu threshold This command displays the configurations of CPU utilization threshold. Format show process cpu threshold Default None Mode Privileged Exec Example: (M4500-32C) #show process cpu threshold CPU Utilization Monitoring Parameters Rising Threshold............................... Rising Interval................................ Falling Threshold.............................. Falling Interval...............................
5.1.6. show running-config This command is used to display/capture the current setting of different protocol packages supported on switch. This command displays/captures only commands with settings/configurations with values that differ from the default value. The output is displayed in script format, which can be used to configure another switch with the same configuration.
line ssh exit interface vlan 1 exit ! interface control-plane exit ip igmp snooping application install orig_restful_api router ospf exit ipv6 router ospf exit exit (M4500-48XF8C) # 5.1.7. show sysinfo This command displays switch brief information and MIBs supported. Format show sysinfo Default None Mode Privileged Exec Example: (M4500-48XF8C) #show sysinfo System System System System System System Description............................. Name.................................... Location...........
QNOS-KEYING-PRIVATE-MIB LLDP-EXT-DOT3-MIB DISMAN-PING-MIB QNOS-OUTBOUNDTELNET-PRIVATE-MIB DISMAN-TRACEROUTE-MIB RFC 1213 - RFC1213-MIB RFC 2674 - P-BRIDGE-MIB RFC 2737 - ENTITY-MIB RFC 3635 - Etherlike-MIB SWITCHING-EXTENSION-MIB QNOS-PORTSECURITY-PRIVATE-MIB IANAifType-MIB MAU-MIB QNOS-PFC-MIB QNOS-VPC-MIB QNOS-DOT1X-ADVANCED-FEATURES-MIB QNOS-RADIUS-AUTH-CLIENT-MIB RADIUS-AUTH-CLIENT-MIB QNOS-MGMT-SECURITY-MIB RFC 1850 - OSPF-TRAP-MIB QNOS-ROUTING-MIB IP-MIB RFC 1657 - BGP4-MIB QNOS-QOS-MIB QNOS-QOS-COS-
(M4500-48XF8C) # 5.1.8. POST Diagnostic Commands The M4500 series switches support Power On Self Test ( POST ) commands. These commands test major hardware components to detect errors and let you see the test results. 5.1.8.1. show system self-test Use this command to display the test result of POST. Format show system self-test Mode Privileged Exec Example: (M4500-48XF8C) #show system self-test Date: Mar-13-2020 08:45:10 Version: 1.0.0.
Format run system self-test Default None Mode Privileged Exec 5.1.9. show system This command displays switch system information. Format show system Default None Mode Privileged Exec Example: (M4500-48XF8C) #show system System description: M4500-48XF8C, Runtime Code 7.0.0.1 System object ID : 1.3.6.1.4.1.4526.100.3.
Example: (M4500-48XF8C) # show tech-support *************** show version *************** Switch: 1 System Description............................. Machine Model.................................. Serial Number.................................. Burned In MAC Address.......................... Software Version............................... Software Storage............................... Additional Packages............................ M4500-48XF8C, Runtime Code 7.0.0.
Switch: 1 System Description............................. Machine Model.................................. Serial Number.................................. Burned In MAC Address.......................... Software Version............................... Manufacturer Name.............................. Date Code...................................... M4500-48XF8C, Runtime Code 7.0.0.1 M4500-48XF8C QTFCU38510002 D8:C4:97:B5:6A:BF 7.0.0.
Mode Privileged Exec Example: (M4500-48XF8C) #show version Switch: 1 System Description............................. Machine Model.................................. Serial Number.................................. Burned In MAC Address.......................... Software Version............................... Software Storage............................... Additional Packages............................ ............................................... ............................................... .........
The parameter “|” means to use filter option. The parameter “begin” sets output to begin with the line that matches assigned keyword. The parameter “exclude” sets output to exclude lines that matches assigned keyword. The parameter “include” sets output to include lines that matches assigned keyword only. The parameter “section” sets output to include only a specified section of the content (e.g., “interface 0/1”) with a configurable end-of-section delimiter.
5.1.15. show transceiver device This command displays summary of digital optical monitor information for the switch. Format show transceiver device Default None Mode Privileged Exec Example: (M4500-32C) #show transceiver device Gigabit Ethernet Vendor Name Vendor Part Interface Compliance Code Number ---------- ----------------- ----------------- ----------------0/7 10GBase-SR FINISAR CORP. FTLX8571D3BCL 0/9 10GBase-SR FINISAR CORP.
mA: milliamperes, dBm: decibels (milliwatts), NA: not available, -: null/unknown. Interface...................................... Gigabit Ethernet Compliance Codes.............. Vendor Name.................................... Vendor Part Number............................. Vendor Serial Number........................... Vendor Revision Number......................... Vendor Manufacturing Date...................... Wavelength..................................... Link length supported for 50um OM2 fiber......
Free: 5690956 KB Component MaxAllocated[Allocs/Frees] 1 - SIM [1697/26] 2 - NIM 3 - TRAPMGR 5 - CNFGR ... 177 - COMMAND_SCHEDULER 178 - -Unknown179 - BHD CurrentAllocated[change] 80904570[ +0] 82085413 959361[ 1456[ 20868[ +0] +0] +0] 959361 [20/0] 1456 [1/0] 20868 [108/0] 69728[ 6720[ 7484[ +0] +0] +0] 69728 [3/0] 6720 [3/0] 7484 [2/0] Total Current Usage = 2064220254 osapi Debug overhead = 1928808 (M4500-32C) # 5.1.18.
10 ping-0 32143 Enabled Enabled Running 11 traceroute-0 32150 Enabled Enabled Running (M4500-32C) # 5.1.19. show process app-resource-list This command displays the configured and in-use resources of each application known to the Process Manager.
5.1.20. show process proc-list This command displays the processes started by applications created by the Process Manager.
Crit Temp The maximum limit of temperature. State The status of module. Max Temp The highest temperature after the system boot. Type The type of module (fixed or removable). Speed The fan speed (RPM). Description The name of sensor. Power The power of RPSU (W). Example: The following shows examples of the command.
1 6 Fan-6 Removable - Failed 1 7 Fan-7 Removable - Failed 1 8 Fan-8 Removable - Failed 1 9 Fan-9 Removable - Failed 1 10 Fan-10 Removable - Failed 1 11 Fan-11 Removable - Failed 1 12 Fan-12 Removable - Failed Power Modules: Description Type Temp1 (C) Temp2 (C) Speed (RPM) Power (W) State ------------ ----------- --------- --------- ----------- --------- -----------PS-1 Removable 28 46 3150 60 Operational PS-2 Removable 27 45 3000 50 Operational 5.1.22.
configured from 5 seconds to 86400 seconds in multiples of 5 seconds. The CPU utilization threshold configuration is saved across a switch reboot. Configuring the falling utilization threshold is optional. If the falling CPU utilization parameters are not configured, then they take the same value as the rising CPU utilization parameters.
Parameter Description low-watermark When CPU free memory falls below this threshold, a notification message is triggered. The range is 1 to the maximum available memory on the switch. The default is 0 (disabled). 5.1.25. show supported cardtype Use this command to display the supported card type(s) information. Format show supported cardtype Mode Privileged Exec Display Message Fields Definition CID The card index Card Model ID The model identifier for each card index 5.1.26.
5.1.27. pager Use this command to enable or disable pager admin mode for current access line. Format [no] pager Default Enabled Mode Privileged Exec 5.1.28. show pager Use this command to display the pager configuration. Format show pager Mode Privileged Exec Example: (M4500-48XF8C) #show pager Pager Admin mode...............................
5.2. Device Configuration Commands 5.2.1. Interface commands 5.2.1.1. show interface status The command displays a summary of information for a specific interface or all interfaces. Format show interface status [{ | err-disabled | loopback | port-channel | tunnel | vlan }] Parameter Definition no parameter To display information for all interfaces. Specifies Interface number .
Source: This port is a monitoring port. PC Mbr: This port is a member of a port-channel (LAG). Dest: This port is a probe port. Admi Mode (Admin Mode) Selects the Port control administration state. The port must be enabled in order for it to be allowed into the network. It may be enabled or disabled. The factory default is enabled. Phy Mode (Physical Mode) Selects the desired port speed and duplex mode.
advertised. Otherwise, this object will determine the port's duplex mode and transmission rate. The factory default is Auto. Physical Status Indicates the port speed and duplex mode. Cable Type Displays interface cable type. Link Status Indicates whether the Link is up or down. Link Trap This object determines whether to send a trap when link status changes. The factory default is enabled. LACP Mode Displays whether LACP is enabled or disabled on this port.
Admin Mode Displays the port-channel control administration state. Physical Mode The speed and duplex mode setting on the interface. Physical Status Indicates the speed and duplex mode for the physical interface. Cable Type Displays interface cable type. Link Status Indicates whether the Link is up or down. Link Trap Indicates whether to send a trap when link status changes. The factory default is enabled. LACP Mode Displays whether LACP is enabled or disabled on this port.
Flow Control Mode Displays flow control mode. Capability Information Displays interface capabilities. Bit Offset Val Displays the bit offset value which corresponds to the port when the MIB object type PortList is used to manage in SNMP. 5.2.1.1.6. show interface status tunnel <0-7> Displays information for the tunnel interface. Fields Definition Interface The interface name. ifIndex Displays the interface index associated with the interface.
Interface The interface name. ifIndex Displays the interface index associated with the interface. Description Description string attached to an interface . Admin Mode Displays the administration state. Physical Mode The speed and duplex mode setting on the interface. Physical Status Indicates the speed and duplex mode for the physical interface. Cable Type Displays interface cable type. Link Status Indicates whether the Link is up or down.
Detailed switchport Mode Display detailed statistics for the entire switch. Privileged EXEC The following will show the counter information for the command with a different parameter. 5.2.1.2.1. show interface counters Displays summary statistics for all interfaces. Fields Definition Packets Received Without Error The total number of packets (including broadcast packets and multicast packets) received by the processor.
Time Since Counters Last Cleared The elapsed time, in days, hours, minutes, and seconds since the statistics for this port were last cleared. 5.2.1.2.2. show interface counters detailed Displays detailed statistics for a specific interface. Fields Definition Total Packets Received (Octets) The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). This object can be used as a reasonable estimate of Ethernet utilization.
Packets RX and TX 65-127 Octets The total number of packets (including bad packets) received that were between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets). Packets RX and TX 128-255 Octets The total number of packets (including bad packets) received that were between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets).
Undersize Received The total number of packets received that were less than 64 octets in length with GOOD CRC(excluding framing bits but including FCS octets). Fragments Received The total number of packets received that were less than 64 octets in length with ERROR CRC(excluding framing bits but including FCS octets).
Packets Transmitted 256-511 Octets The total number of packets (including bad packets) transmitted that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets). Packets Transmitted 512-1023 Octets The total number of packets (including bad packets) transmitted that were between 512 and 1023 octets in length inclusive (excluding framing bits but including FCS octets).
Excessive Collision Frames A count of frames for which transmission on a particular interface fails due to excessive collisions. Packets Dropped by MMU A count for the packets dropped by the MMU. There are reasons for MMU to drop packets, such as CBP full, HOL blocking, etc. STP BPDUs Transmitted Spanning Tree Protocol Bridge Protocol Data Units sent. STP BPDUs Received Spanning Tree Protocol Bridge Protocol Data Units received.
their being deliverable to a higher-layer protocol. A possible reason for discarding a packet could be to free up buffer space. Octets Transmitted The total number of octets transmitted out of the interface, including framing characters. Packets Transmitted Without Errors The total number of packets transmitted out of the interface.
5.2.1.3. show interface dampening This command displays the status and configured parameters of the interfaces configured with dampening. The CLI command “clear counters” resets the flap counter to zero. The interface CLI command “no shutdown” reset the suppressed state to False. Any change in the dampening configuration resets the current penalty, reuse time and suppressed state to their default value, meaning 0, 0, and False respectively.
Parameter Definition <0-63> The loopback ID vrf-name Specify the name of the VRF Mode Privileged EXEC Display Message Fields Definition Loopback Id The loopback ID associated with the rest of the information in the row. This item is shown only when a loopback Id is not specified. interface The interface name. This item is shown only when a loopback Id is not specified. IP Address The address of the interface. Interface Link Status Shows whether the link is up or down.
Channel Name The name of the port-channel. Link State Indicates whether the link is up or down. Admin Mode Indicates if the port-channel is enabled or not . Link Trap Mode Indicates whether or not to send a trap when link status changes. The factory default is enabled. STP Mode Indicates if the STP mode for the interface is enabled or not . Type Indicates whether the port-channel is statically or dynamically maintained. Port-channel Min-links Indicates the minimum links for the port-channel.
25G Interface Indicates the interface number of 25G port. 10G Interfaces Indicates the interface number of 10G ports. Configured Mode Indicates the configured mode of the 100G port. The mode should be 1x100G, 1x40G, 2x50G, 4x25G, or 4x10G. Operating Mode Indicates the current operational mode of the 100G port. The mode should be 1x100G, 1x40G, 2x50G, 4x25G, or 4x10G.
Operational Drop Priorities The 802.1p priority values that the switch is using with a drop priority. The operational drop priorities might not be the same as the configured priorities if the interface has accepted different priorities from a peer device. Operational No-Drop Priorities The 802.1p priority values that the switch is using with a no-drop priority.
Broadcast Packets Received The total number of packets received that were directed to the broadcast address. Note that this does not include multicast packets. Packets Received With Error The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. Packets Transmitted Without Errors The total number of packets transmitted out of the interface.
Port VLAN ID The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port. The value must be for an existing VLAN. Default Priority The 802.1p priority assigned to untagged packets arriving on the port. Admin. Native VLAN The administrative VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port. The value must be for an existing VLAN. Oper.
5.2.1.10. show interface tunnel This command displays the parameters related to tunnel such as tunnel mode, tunnel source address and tunnel destination address. Format show interface tunnel [<0-7>] Parameter Definition <0-7> Specifies the tunnel ID Mode Privileged EXEC Display Message Fields Definition TunnelId Shows the tunnel identification number. Interface Shows the name of the tunnel interface.. Tunnel Mode Shows the tunnel mode .
Router Advertisement Interval (max) Shows maximum time allowed between sending router advertisements from the interface. Range of maximum advertisement interval is (4 to 1800).Default value is 600. Router Advertisement Interval (min) Shows minimum time allowed between sending router advertisements from the interface. Range of minimum advertisement interval is (3 to 1350).Default value is 200. Router Advertisement Managed Config Flag.
Format show interface fec [] Parameter Definition no parameter To display information for all ports. Specifies Interface number Mode Privileged EXEC 5.2.1.13. show interface advertise Use this command to display the advertisement information for interfaces. Format show interface advertise [] Parameter Definition no parameter Displays information for all ports. The interface number for which information is displayed.
0/12 Disabled - - - - - - (M4500-48XF8C) #show interface advertise 0/1 Port: 0/1 Link State: Up Auto Negotiation:Enabled Clock:Slave 100000f 50000f 40000f 25000f 10000f 1000f ------- ------ ------ ------ ------ -----Admin Local link Advertisement no no no yes no no Oper Local link Advertisement no no no yes no no Oper Peer Advertisement no no no yes no no Priority Resolution no no no yes no no 5.2.1.14. Interface configuraton commands 5.2.1.14.1.
Mode Global Config 5.2.1.14.2. description This command is used to create an alpha-numeric description of the port. Format description Parameter Definition an alpha-numeric description Default None Mode Interface Config 5.2.1.14.3. no description This command removes the description of the interface. Format no description Mode Interface Config 5.2.1.14.4. flowcontrol This command enables 802.3x flow control for the interface(s).
5.2.1.14.5. no flowcontrol This command removes the flow control feature from the interface(s). Format no flowcontrol Mode Global Config, Interface Config 5.2.1.14.6. mtu Use the mtu command to set the maximum transmission unit (MTU) size, in bytes, for frames that ingress or egress the interface. You can use the mtu command to configure jumbo frame support for physical and portchannel (LAG) interfaces.
1x100G Configure the port as a single 100G port using four lanes. 1x40G Configure the port as a single 40G port using four lanes. 2x50G Configure the port as two 50G ports, each on two lanes. 4x25G Configure the port as four 25G ports, each on a separate lane. This mode requires the use of a suitable 4x25G to 1x100G pigtail cable. 4x10G Configure the port as a four 10G ports, each on a separate lane. This mode requires the use of a suitable 4x10G to 1x40G pigtail cable.
5.2.1.14.11. shutdown all This command is used to disable all ports. Format [no] shutdown all Parameter Definition no. Reset to default. Mode Global Config 5.2.1.14.12. fec Enable forward error correction on the interface. Note: 1. Different type of FEC should be applied on different speed. FEC CL74 is applied on 25G/50G interface, FEC CL91 is applied on 100G/50G interface, and FEC CL108 is applied on 25G interface. 2.
on Ethernet port 0/2, 0/3, or 0/4. However, if you issue the negotiate command on Ethernet port 0/1, all four ports from 0/1 to 0/4 are configured for auto-negotiation. • If you enable auto-negotiation on SFP28 ports, the advertisement of FEC is CL108. On QSFP28 ports, it is CL91. Format negotiate no negotiate Default Enabled Mode Interface Config 5.2.1.15. show port status all This command displays the status of all ports.
Display Message Fields Definition Admin Flow Control The administrative mode of flow control. port The port associated with the rest of the data in the row. Flow Control Oper The operational mode of flow control. RxPause The received pause frame count. TxPause The transmitted pause frame count. Example: The following shows examples of the command.
5.2.2. Show BMC Commands 5.2.2.1. show bmc Use this command to display the information for BMC.
BMC MAC Address................................ d8:c4:97:b4:87:cb BMC Watchdog Status............................ Stopped BMC Watchdog Actions........................... Hard Reset BMC Watchdog Timeout........................... False BMC Watchdog Config Time (sec)................. 60 BMC Watchdog Present Time (sec)................ 60 BMC User List -----------------------qct.admin 5.2.2.2. bmc account password Use this command to change the password of the specific account for BMC.
Format bmc watchdog [timer <10-600>] no bmc watchdog [timer] Default The watchdog is disabled. If enabled, the default time is 60 seconds. Mode Global Config 5.2.3. L2 MAC Address and Multicast Forwarding Database Tables 5.2.3.1. show mac-addr-table This command displays the forwarding database entries. If the command is entered with no parameter, the entire table is displayed.
Total MAC Addresses in use..................... 1 Total MAC Addresses available.................. 98304 5.2.3.3. show mac-addr-table interface This command displays the forwarding database entries. The user can search FDB table by using specific interface number. Format show mac-addr-table interface { | port-channel | vlan } Mode Privileged EXEC Example: The following example shows the CLI display output for the command show mac-addr-table vlan 1.
5.2.3.5. show mac-address-table multicast This command displays the MFDB information. If the command is entered with no parameter, the entire table is displayed. This is the same as entering the all parameter. The user can display the table entry for one MAC Address by specifying the MAC address as an optional parameter. Format show mac-address-table multicast [] Mode Privileged EXEC Example: The following example shows the CLI display output for the command show mac-address-table multicast.
5.2.3.7. show mac-addr-table agetime This command displays the forwarding database address aging timeout. Format show mac-addr-table agetime Mode Privileged EXEC Example: The following example shows the CLI display output for the command show mac-addr-table agetime. (M4500-32C) #show mac-addr-table agetime Address Aging Timeout:300 5.2.3.8. mac-addr-table aging-time This command configures the forwarding database address aging timeout in seconds.
5.2.4. VLAN Commands This section describes the commands you use to configure VLAN settings. 5.2.4.1. vlan database This command gives you access to the VLAN Config mode, which allows you to configure VLAN characteristics. Format vlan database Mode Global Config 5.2.4.2. vlan This command creates a new VLAN and assigns it an ID. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). VLAN range is 1-4093. Format vlan Mode VLAN Config 5.2.4.3.
5.2.4.5. vlan name This command changes the name of a VLAN. The name is an alphanumeric string of up to 32 characters, and the ID is a valid VLAN identification number. ID range is 1-4093. Format vlan name <1-4093> Default VLAN ID 1 - default Other VLANS - blank string Mode VLAN Config 5.2.4.6. no vlan name This command sets the name of a VLAN to a blank string. Format no vlan name <1-4093> Mode VLAN Config 5.2.4.7.
5.2.4.9. switchport acceptbale-frame-type all This command sets the frame acceptance mode for all interfaces. For VLAN Only mode, untagged frames or priority frames received on this interface are discarded. For Admit All mode, untagged frames or priority frames received on this interface are accepted and assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q VLAN specification.
5.2.4.13. switchport ingress-filtering all This command enables ingress filtering for all interfaces. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN. Format switchport ingress-filtering all Default disabled Mode Global Config 5.2.4.14. no switchport ingress-filtering all This command disables ingress filtering for all interfaces.
5.2.4.17. switchport native vlan all This command changes the VLAN ID which will be assigned to untagged or priority tagged frames for all interfaces. Format switchport native vlan all <1-4093> Default 1 Mode Global Config 5.2.4.18. no switchport native vlan all This command sets the VLAN ID for all interfaces to 1. Format no switchport native vlan all Mode Global Config 5.2.4.19. switchport allowed vlan This command configures the degree of participation for a specific interface in a VLAN.
Format switchport tagging Default Disable Mode Interface Config 5.2.4.22. no switchport tagging This command configures the tagging behavior for a specific interface in a VLAN to disabled. If tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN identification number. Format no switchport tagging Mode Interface Config 5.2.4.23. switchport tagging all This command configures the tagging behavior for all interfaces in a VLAN to be enabled.
User EXEC Display Message Term VLAN ID Definition There is a VLAN Identifier (vlanid) associated with each VLAN. The range of the VLAN ID is 1 to 4093. A string associated with this VLAN as a convenience. It can be up to 16 alphanumeric characters, including blanks. The default is blank. VLAN ID 1 is always named `Default`. This field is optional.
This port is never a member of this VLAN. This is equivalent to registration forbidden in the IEEE 802.1Q standard. Specifies to allow the port to be dynamically registered in this VLAN via GVRP. The port will not participate in this VLAN unless a join request is received on this port. This is equivalent to registration normal in the IEEE 802.1Q standard. Select the tagging behavior for this port in this VLAN: Specifies to transmit traffic for this VLAN as tagged frames.
Ingress Filtering May be enabled or disabled. When enabled, the frame is discarded if this port is not a member of the VLAN with which this frame is associated. In a tagged frame, the VLAN is identified by the VLAN ID in the tag. In an untagged frame, the VLAN is the Port VLAN ID specified for the port that received this frame. When disabled, all frames are forwarded in accordance with the 802.1Q VLAN bridge specification. The factory default is disabled.
5.2.5.1. switchport private-vlan This command defines a private-VLAN association for an isolated or community port or a mapping for a promiscuous port. Format switchport private-vlan {host-association | mapping [add | remove] } Parameter host-association mapping primary-vlan-id secondary-vlanid add remove secondary-vlanlist Mode Definition Defines the VLAN association for community or host ports.
5.2.5.4. no switchport mode private-vlan This command removes the private-VLAN association or mapping from the port. Format no switchport mode private-vlan Mode Interface Config 5.2.5.5. private-vlan This command configures the private VLANs and configures the association between the primary private VLAN and secondary VLANs.
Format switchport mode Default General Mode Mode Interface Config 5.2.6.2. no switchport mode This command sets the mode to General. Format no switchport mode Mode Interface Config 5.2.6.3. switchport trunk allowed vlan Use this command to configure the list of allowed VLANs that can receive and send traffic on this interface in tagged format when in trunking mode. The default is all.
5.2.6.4. no switchport trunk allowed vlan This command resets the list of allowed VLANs on the trunk port to its default value. Format no switchport trunk allowed vlan Mode Interface Config 5.2.6.5. switchport trunk native vlan Use this command to configure the Trunk port Native VLAN (PVID) parameter. Any ingress untagged packets on the port are tagged with the value of Native VLAN. Native VLAN must be in the allowed VLAN list for tagging of received untagged packets.
5.2.6.8. no switchport access vlan This command sets the access VLAN ID to 1. Format no switchport access vlan Mode Interface Config 5.2.6.9. show interfaces switchport Use this command to display the switchport status for all interfaces or a specified interface. Format show interfaces switchport [ | port-channel ] Mode Privileged EXEC 5.2.7. Double VLAN Commands This section describes the commands you use to configure double VLAN (DVLAN).
5.2.7.2. no dvlan-tunnel ethertype Use the no form of the command to disassociate globally defined TPID(s) to all interfaces. Format no dvlan-tunnel ethertype Mode Global Config 5.2.7.3. dot1q-tunnel ethertype This command configures the ethertype for the all interfaces. The two-byte hex ethertype is used as the first 16 bits of the DVLAN tag. The ethertype may have the values of 802.1Q, vman, or custom.
5.2.7.6. no mode dot1q-tunnel This command is used to disable Double VLAN Tunneling on the specified interface. By default, Double VLAN Tunneling is disabled. Format no mode dot1q-tunnel Mode Interface Config 5.2.7.7. mode dvlan-tunnel Use this command to enable Double VLAN Tunneling on the specified interface. Note: When you use the mode dvlan-tunnel command on an interface, it becomes a service provider port. Ports that do not have double VLAN tunneling enabled are customer ports.
EtherType Mode A 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. There are three different EtherType tags. The first is 802.1Q, which represents the commonly used value of 0x8100. The second is vMAN, which represents the commonly used value of 0x88A8. If EtherType is not one of these two values, then it is a custom tunnel value, representing any value in the range of 1 to 65535.
Example: The following shows examples of the CLI display output for the commands show dvlan-tunnel. (M4500-32C) #show dvlan-tunnel Ethertype...................................... 0x8100 Interfaces Enabled for DVLAN Tunneling......... None (M4500-32C) #show dvlan-tunnel interface port-channel 1 Interface ------------ch1 Mode -----------Disable EtherType --------------0x8100 5.2.8. IGMP snooping commands This section describes the commands which are used to configure IGMP Snooping.
5.2.8.3. clear igmp snooping Use this command to delete all dynamic entries in Multicast Forwarding Database which is managed by the IGMP Snooping. Format clear igmp snooping Default None Mode Privileged Exec 5.2.8.4. ip igmp snooping interfacemode Use this command to enable IGMP snooping on one particular interface. Format ip igmp snooping interfacemode Default Disable Mode Interface Config 5.2.8.5.
5.2.8.7. no ip igmp snooping interfacemode all Use this command to disable IGMP snooping on all interfaces. Format no ip igmp snooping interfacemode all Mode Global Config 5.2.8.8. ip igmp snooping fast-leave Use this command to enable IGMP snooping fast-leave admin mode on one particular interface or all interfaces. Format ip igmp snooping fast-leave Default Disable Mode Global Config Interface Config 5.2.8.9.
5.2.8.11. no ip igmp snooping groupmembershipinterval Use this command to restore IGMP Group Membership Interval time to default value. Format no ip igmp snooping groupmembershipinterval Mode Global Config Interface Config 5.2.8.12. ip igmp snooping mcrtrexpiretime Use this command to configure Multicast Router Present Expiration time globally or on one particular interface. Format ip igmp snooping mcrtrexpiretime <0-3600> Default 300 seconds Mode Global Config Interface Config 5.2.8.13.
5.2.8.15. no ip igmp snooping mrouter Use this command to disable multicast router attached mode for one particular interface or a VLAN. Format no ip igmp snooping mrouter {interface | } Parameter Mode Description The VLAN ID. (Range: 1-4093) Interface Config 5.2.8.16. set igmp Use this command to enable IGMP Snooping on a particular VLAN. Format set igmp Default Disable Mode VLAN database 5.2.8.17.
5.2.8.19. no set igmp fast-leave Use this command to disable IGMP Snooping fast-leave admin mode on a particular VLAN. Format no set igmp fast-leave Parameter Mode Description The VLAN ID. (Range: 1-4093) VLAN database 5.2.8.20. set igmp groupmembership-interval Use this command to configure IGMP Group Membership Interval time on a particular VLAN. Format set igmp groupmembership-interval <2-3600> Default 600 seconds Mode VLAN database 5.2.8.21.
5.2.8.23. no set igmp maxresponse Use this command to restore IGMP Maximum Response time on a particular VLAN to default value. Format no set igmp maxresponse Parameter Mode Description The VLAN ID. (Range: 1-4093) VLAN database 5.2.8.24. set igmp mcrtrexpiretime Use this command to configure Multicast Router Present Expiration time on a particular VLAN. Format set igmp mcrtrexpiretime <0-3600> Default 300 Mode VLAN database 5.2.8.25.
5.2.8.27. no set igmp report-suppression Use this command to disable Report Suppression on a particular VLAN. Format no set igmp report-suppression Parameter Mode Description The VLAN ID. (Range: 1-4093) VLAN database 5.2.8.28. set snoop-vlan-block Use this command to enable Snooping Vlan Block mode for a list of VLAN. Format set snoop-vlan-block Default None Mode VLAN database 5.2.8.29.
5.2.8.31. no ip igmp snooping static Use this command to remove an interface from a multicast group. Format no ip igmp snooping static vlan interface { | port-channel } Parameter vlan-id macaddr slot/port portchannel-id Mode Description The VLAN ID. (Range: 1-4093) Multicast Group MAC address Interface number Port-channel interface number. The range of port-channel ID is 1 to 64. Global Config 5.2.8.32.
Display Message If no parameters are specified, this command displays the following information: Term Admin Mode Operation Mode Multicast Control Frame Count IGMP Snooping Router-Alert check Interfaces Enabled for IGMP Snooping VLANs enabled for IGMP snooping VLANs Block enabled for snooping Definition Indicates whether or not IGMP Snooping is enabled on the switch. Indicates whether or not IGMP Snooping is active on the switch. Displays the number of IGMP Control frames that are processed by the CPU.
Report Suppression Mode Vlan Block Mode 5.2.8.35. attached. The interface is removed if a query is not received. This value may be configured. Indicate whether Report Suppression mode is active on the VLAN. Indicate whether Vlan Block Mode is active on the VLAN. show ip igmp snooping mrouter interface Use this command to display information about dynamically learned or statically configured multicast routerattached interfaces.
Mode Privilege Exec Display Message Term VLAN Definition The VLAN ID used with the MAC address to fully identify the L2Mcast Group packets The MAC address of the L2Mcast Group in the format 01:00:5e:xx:xx:xx. List the ports you want included into L2Mcast Group. The active interface number belongs to this Multicast Group. MAC Address Port State 5.2.8.38. show mac-address-table igmpsnooping Use this command to display the IGMP Snooping entries in the Multicast Forwarding Database (MFDB) table.
5.2.8.40. show ip igmp snooping ssm groups Use this command to display IGMP SSM group membership information. Format show ip igmp snooping ssm groups Mode Privilege Exec Display Message Term VLAN ID Group Interface Definition VLAN ID Multicast Group IP address Interface which is included or excluded for specified group, VLAN and source address.
5.2.8.43. no ip igmp snooping maxresponse Use this command to restore the IGMP Maximum Response time on a particular interface to default value. Format no ip igmp snooping maxresponse Mode Interface Config 5.2.9. IGMP snooping querier commands This section describes the commands which are used to configure IGMP Snooping querier.
5.2.9.4. no ip igmp snooping querier address Use this command to restore IGMP snooping querier address to default value. Format no ip igmp snooping querier address Mode Global Config 5.2.9.5. ip igmp snooping querier query-interval Use this command to configure IGMP snooping querier query interval. Format ip igmp snooping querier query-interval <1-1800> Default 60 Mode Global Config 5.2.9.6.
5.2.9.8. no ip igmp snooping querier querier-expiry-interval Use this command to restore IGMP snooping querier querier expiry interval to default value. Format no ip igmp snooping querier querier-expiry-interval Mode Global Config 5.2.9.9. ip igmp snooping querier version Use this command to configure IGMP snooping querier version. Format ip igmp snooping querier version <1-2> Default 2 Mode Global Config 5.2.9.10.
Parameter Mode Description The VLAN ID. (Range: 1-4093) Global Config 5.2.9.13. ip igmp snooping querier vlan address Use this command to configure IGMP snooping querier vlan address. Format ip igmp snooping querier vlan address Default 0.0.0.0 Mode Global Config 5.2.9.14. no ip igmp snooping querier vlan address Use this command to restore IGMP snooping querier vlan address to default value.
Format no ip igmp snooping querier vlan election participate Parameter Mode Description The VLAN ID. (Range: 1-4093) Global Config 5.2.9.17. show ip igmp snooping querier Use this command to display IGMP snooping querier global information. Format show ip igmp snooping querier Display Message Term IGMP Snooping Querier Mode Querier Address Definition Administrative mode for IGMP Snooping. The default is disable.
Querier Vlan Address Operational State Operational Version Operational Max Resp Time 5.2.9.19. querier move to non querier state. Only when this mode is enabled, the snooping querier will participate in querier election where in the least ip address will win the querier election and operates as the querier in that VLAN. The other querier moves to non-querier state. Displays the Snooping Querier Address to be used as source address in periodic IGMP queries sent on the specified VLAN.
5.2.10. MLD Snooping Commands 5.2.10.1. show ipv6 mld snooping Use this command to display mld snooping information. Format show ipv6 mld snooping [interface { | vlan | port-channel }] Parameter vlan-id slot/port portchannel-id Mode Description The VLAN ID. (Range: 1-4093) Interface number Port-channel interface number. The range of port-channel ID is 1 to 64. Privilege Exec Display Message If no parameters are specified, following information is displayed.
VLAN ID MLD Snooping Admin Mode Fast Leave Mode Group Membership Interval VLAN ID. Indicates whether MLD Snooping is active on the VLAN. Indicates whether MLD Snooping Fast Leave is active on the VLAN. Shows the amount of time in seconds that a switch will wait for a report from a particular group on a particular interface, which is participating in the VLAN, before deleting the interface from the entry. This value may be configured.
5.2.10.4. show ipv6 mld snooping static Use this command to display MLD snooping static information. Format show ipv6 mld snooping static Mode Privilege Exec Display Message Term VLAN Definition The VLAN ID used with the MAC address to fully identify packets you want L2Mcast Group The MAC address of the L2Mcast Group in the format 33:33:xx:xx:xx:xx. List the ports you want included into L2Mcast Group The active interface number belongs to this Multicast Group. MAC Address Port State 5.2.10.5.
Group Source IP Source Filter Mode Multicast Group IP address Source IP address Source filter mode (Include or Exclude) for the specified group on the specified interface and VLAN The list of interfaces which are included or excluded for specified group, VLAN and source address. Interfaces 5.2.10.7. show ipv6 mld snooping ssm groups Use this command to display MLD SSM group membership information.
Format ipv6 mld snooping Default Disable Mode Global Config 5.2.10.10. no ipv6 mld snooping Use this command to disable MLD Snooping globally. Format no ipv6 mld snooping Mode Global Config 5.2.10.11. clear mld snooping Use this command to delete all dynamic entries in Multicast Forwarding Database which is managed by the MLD Snooping. Format clear mld snooping Default None Mode Privilege Exec 5.2.10.12.
5.2.10.14. ipv6 mld snooping interfacemode all Use this command to enable MLD Snooping on all interfaces. Format ipv6 mld snooping interfacemode all Default Disable Mode Global Config 5.2.10.15. no ipv6 mld snooping interfacemode all Use this command to disable MLD Snooping on all interfaces. Format no ipv6 mld snooping interfacemode all Mode Global Config 5.2.10.16.
5.2.10.18. ipv6 mld snooping groupmembershipinterval Use this command to configure the MLD Group Membership Interval time on a particular interface or all interfaces. Format ipv6 mld snooping groupmembershipinterval <2-3600> Default 260 Mode Global Config Interface Config 5.2.10.19. no ipv6 mld snooping groupmembershipinterval Use this command to restore the MLD Group Membership Interval time to default value.
5.2.10.22. ipv6 mld snooping mrouter Use this command to configure the interface as a multicast router-attached interface or configure the VLAN ID for the VLAN that has the multicast router attached mode enabled. Format ipv6 mld snooping mrouter {interface |} Default None Mode Interface Config 5.2.10.23. no ipv6 mld snooping mrouter Use this command to disable multicast router attached mode for the interface or a VLAN.
Mode Global Config 5.2.10.26. set mld Use this command to enable MLD Snooping on a particular VLAN. Format set mld Default Disable Mode VLAN database 5.2.10.27. no set mld Use this command to disable MLD Snooping on a particular VLAN. Format no set mld Parameter Mode Description The VLAN ID. (Range: 1-4093) VLAN database 5.2.10.28. set mld fast-leave Use this command to enable MLD Snooping fast-leave admin mode on a particular VLAN.
5.2.10.30. set mld groupmembership-interval Use this command to configure the MLD Group Membership Interval time on a particular VLAN. Format set mld groupmembership-interval <2-3600> Default 260 Mode VLAN database 5.2.10.31. no set mld groupmembership-interval Use this command to restore the MLD Group Membership Interval time on a particular VLAN to default value. Format no set mld groupmembership-interval Parameter Mode Description The VLAN ID.
5.2.10.34. set mld mcrtrexpiretime Use this command to configure the Multicast Router Present Expiration time on a particular VLAN. Format set mld mcrtrexpiretime <0-3600> Default 300 seconds Mode VLAN database 5.2.10.35. no set mld mcrtrexpiretime Use this command to restore the Multicast Router Present Expiration time on a particular VLAN to default value. Format no set mld mcrtrexpiretime Parameter Mode Description The VLAN ID. (Range: 1-4093) VLAN database 5.
Querier Expiry Interval 5.2.11.2. Specify the time interval in seconds after which the last querier information is removed. The Querier Expiry Interval must be a value in the range of 60 and 300. The default value is 120. show ipv6 mld snooping querier vlan Use this command to display MLD snooping querier vlan information. Format show ipv6 mld snooping querier vlan Parameter Mode Description The VLAN ID.
Last Querier Address Specify the IP address of the most recent Querier from which a Query was received. MLD Snooping Querier Mode Specify the Snooping Querier Address to be used as source address in periodic MLD queries. This address is used when no address is configured on the VLAN on which query is being sent. Querier Address Specify the Snooping Querier Address to be used as source address in periodic MLD queries.
Default 0 Mode Global Config 5.2.11.7. no ipv6 mld snooping querier address Use this command to restore MLD snooping querier address to default value. Format no ipv6 mld snooping querier address Mode Global Config 5.2.11.8. ipv6 mld snooping querier query-interval Use this command to configure MLD snooping querier querier interval. Format ipv6 mld snooping querier query-interval <1-1800> Default 60 Mode Global Config 5.2.11.9.
Format no ipv6 mld snooping querier querier-expiry-interval Mode Global Config 5.2.11.12. ipv6 mld snooping querier vlan Use this command to enable MLD snooping querier vlan admin mode. Format ipv6 mld snooping querier vlan Default Disable Mode Global Config 5.2.11.13. no ipv6 mld snooping querier vlan Use this command to disable MLD snooping querier vlan admin mode. Format no ipv6 mld snooping querier vlan Parameter Description The VLAN ID.
Parameter Description The VLAN ID. (Range: 1-4093) Mode Global Config 5.2.11.16. ipv6 mld snooping querier vlan election participate Use this command to enable MLD snooping querier vlan election participate mode. Format ipv6 mld snooping querier vlan election participate Default Disable Mode Global Config 5.2.11.17. no ipv6 mld snooping querier vlan election participate Use this command to disable MLD snooping querier vlan election participate mode.
5.2.12.1. show interface port-channel brief This command displays the capability of all port-channels (LAGs) on the device as well as a summary of individual port-channels. Format show interface port-channel brief Mode Privileged EXEC User EXEC For each port-channel the following information is displayed: Parameter Definition Channel ID The field displays the port-channel’s ID. Port-Channel Name This field displays the name of the port-channel.
5 ch5 1 Down Disabled Static 6 ch6 1 Down Disabled Static 7 ch7 1 Down Disabled Static 8 ch8 1 Down Disabled Static 9 ch9 1 Down Disabled Static 10 ch10 1 Down Disabled Static 11 ch11 1 Down Disabled Static 12 ch12 1 Down Disabled Static 13 ch13 1 Down Disabled Static 14 ch14 1 Down Disabled Static 15 ch15 1 Down Disabled Static 16 ch16 1 Down Disabled Static 17 ch17 1 Down Disabled Static 18 ch18 1 Down Disabled Static 19 ch19 1 Down
The factory default is enabled STP Mode This field displays the MSTP administrative bridge port state. Type This field displays the status designating whether a particular port-channel (LAG) is statically or dynamically maintained. The possible values of this field are Static, indicating that the port-channel is statically maintained; and Dynamic, indicating that the port-channel is dynamically maintained.
9 ch9 1 Down En. Dis. En. Stat 10 ch10 1 Down En. Dis. En. Stat 11 ch11 1 Down En. Dis. En. Stat 12 ch12 1 Down En. Dis. En. Stat 13 ch13 1 Down En. Dis. En. Stat 14 ch14 1 Down En. Dis. En. Stat 15 ch15 1 Down En. Dis. En. Stat If you use the optional parameters ID, the command displays following information for the specific port-channel: Parameter Definition Port Channel ID The field displays the port-channel’s ID.
Device Timeout This field displays the device timeout value of actor and partner. The value of device timeout should be short(1 second) or long(30 seconds). Port Speed Speed of the port-channel port. Active Ports This field lists the ports that are actively participating in the port-channel (LAG). Example: The following example displays the interface port-channel configurations. M4500-48XF8C) #show interface port-channel 1 Port Channel ID................................ 1 Channel Name.................
5.2.12.4. show lacp actor This command displays LACP actor attributes. Format show lacp actor [slot/port] Mode Privileged EXEC User EXEC Display Message Parameter Description Admin Key The administrative value of the key Port Priority The priority value assigned to the Aggregation Port Admin State The administrative values of the actor state as transmitted by the Actor in LACPUDs 5.2.12.5. show lacp interface This command displays LACP status for interface.
5.2.12.7. staticcapability This command enables the static function to support on specific port-channels (static link aggregations - LAGs) on the device. Format staticcapability Default Disabled Mode Interface Config 5.2.12.8. no staticcapability This command disables the static function to support on specific port-channels (static link aggregations - LAGs) on the device. Format no staticcapability Mode Interface Config 5.2.12.9.
5.2.12.11. port-channel load-balance This command selects the load-balancing option used on a port-channel (LAG). Traffic is balanced on a portchannel (LAG) by selecting one of the links in the channel over which to transmit specific packets. The link is selected by creating a binary pattern form selected fields in a packet, and associating that pattern with a particular link. This command can be configured for a single interface, a range of interfaces, or all interfaces.
selected by creating a binary pattern form selected fields in a packet, and associating that pattern with a particular link. Format load-balance {src-mac | dst-mac | dst-src-mac | src-ip | dst-ip | dst-src-ip | enhanced} Parameter Definition src-mac Sets the mode on the source MAC address. dst-mac Sets the mode on the destination MAC address. src-dst-mac Sets the mode on the source and destination MAC addresses. src-ip Sets the mode on the source IP address.
5.2.12.16. no port-channel system priorty This command configures the default port-channel system priority vlaue. Format no port-channel system priority Mode Global Config 5.2.12.17. lacp This command enables Link Aggregation Control Protocol (LACP) on a port or a range of interfaces. Format lacp Default Enabled Mode Interface Config 5.2.12.18. no lacp This command disables Link Aggregation Control Protocol (LACP) on a port or a range of interfaces.
Mode Global Config 5.2.12.21. lacp admin key This command configures the administrative value of the key for the port-channel. This command can be used to configure a single interface or a range of interfaces. Note: This command is applicable only to port-channel interfaces Format lacp admin key <0-65535> Default Internal interface number of this port-channel Mode Interface Config 5.2.12.22.
Mode Interface Config 5.2.12.25. lacp actor admin state This command configures the administrative value of the actor state as transmitted by the Actor in LACPUDs. This command can be used to configure a single interface or a range of interfaces. Note: This command is applicable only to physical interfaces Format lacp actor admin state Default no lndividual (aggregation) longtimeout (no shorttimeout) no passive (active) Mode Interface Config 5.2.12.26.
5.2.12.28. no lacp actor port priority This command configures the default priority value assigned to the Aggregation Port. Format no lacp actor port priority Mode Interface Config 5.2.12.29. min-links This command configures the minimum links for port-channel interfaces. The maximum number of members for each port-channel is 32. For T1048-LB9/T1048-LB9A, the maximum number of members is 8.
5.2.12.32. no lacp fallback This command restores the fallback feature to default value. Format no lacp fallback Mode Interface Config 5.2.12.33. lacp fallback timeout This command configures the fallback timeout value for Link Aggregation. Note: This command is applicable only to port-channel interfaces Format lacp fallback timeout <1-100> Default 5 Mode Interface Config 5.2.12.34. no lacp fallback timeout This command restores the fallback feature to default timeout value.
on Enables static mode (Cisco EtherChannel-like). Default None Mode Interface Config 5.2.12.36. no channel-group This command removes the interface from the specified channel group. Format no channel-group Mode Interface Config 5.2.12.37. delete-channel-group This command deletes all configured ports from the port-channel (LAG). The interface is an ID of a configured port-channel.
Format port lacptimeout {actor | partner} {long | short} no port lacptimeout {actor | partner} Default Mode long Global Config 5.2.13. Storm Control This section describes the commands you use to configure storm control or display storm control information. A traffic storm is a condition that occurs when incoming packets flood the LAN, which creates performance degradation in the network. The Storm-Control feature protects against this condition. 5.2.13.1.
Broadcast Storm Control Action The storm-control action for broadcast traffic. Multicast Storm Control Mode The storm-control configuration mode for multicast traffic. Multicast Storm Control Level The storm-control speed threshold for multicast traffic. Multicast Storm Control Action The storm-control action for multicast traffic. Unicast Storm Control Mode The storm-control configuration mode for unicast traffic. Unicast Storm Control Level The storm-control speed threshold for unicast traffic.
5.2.13.2. storm-control Configuration Use this command to enable storm control on each port or all ports. Format storm-control {broadcast | multicast | unicast} [ {action { shutdown| trap} | level <0-100>| rate <014880000>}] Parameter Definition broadcast | multicast | unicast Specifies to enable one of storm control modes for an interface or all interfaces. action shutdown | trap Indicates the action to be taken if the storm occurs. Shutdown is to disable the interface. Trap is to send SNMP trap.
Format no storm-control broadcast Mode Global Config Interface Config 5.2.13.5. storm-control broadcast action This command configures the broadcast storm recovery action to either shutdown or trap for all interfaces (Global Config mode) or one or more interfaces (Interface Config mode). If configured to shutdown, the interface that receives the broadcast packets at a rate above the threshold is diagnostically disabled.
Mode Global Config Interface Config 5.2.13.8. no storm-control broadcast rate This command sets the broadcast storm recovery threshold to the default value for all interfaces (Global Config mode) or one or more interfaces (Interface Config mode) and disables broadcast storm recovery. Format no storm-control broadcast rate Mode Global Config Interface Config 5.2.13.9.
5.2.13.11. storm-control multicast This command enables multicast storm recovery mode for all interfaces (Global Config mode) or one or more interfaces (Interface Config mode). If the mode is enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold.
5.2.13.14. no storm-control multicast action This command returns the multicast storm recovery action option to the default value for all interfaces (Global Config mode) or one or more interfaces (Interface Config mode). Format no storm-control multicast action Mode Global Config Interface Config 5.2.13.15.
If the mode is enabled, multicast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic is dropped. Therefore, the rate of multicast traffic is limited to the configured threshold. Format storm-control multicast rate <0-14880000> Default 0 Mode Global Config Interface Config 5.2.13.18.
Format no storm-control unicast Mode Global Config Interface Config 5.2.13.21. storm-control unicast action This command configures the unicast storm recovery action to either shutdown or trap for all interfaces (Global Config mode) or one or more interfaces (Interface Config mode). If configured to shutdown, the interface that receives unicast packets at a rate above the threshold is diagnostically disabled.
Format storm-control unicast level <0-100> Default 5 Mode Global Config Interface Config 5.2.13.24. no storm-control unicast level This command sets the unicast storm recovery threshold to the default value for all interfaces (Global Config mode) or one or more interfaces (Interface Config mode) and disables unicast storm recovery. Format no storm-control multicast level Mode Global Config Interface Config 5.2.13.25.
5.2.14. Port Mirror Commands This section describes the commands you use to select network traffic that you can analyze with a network analyzer. Note: On LY4R, one port cannot join more than one port-monitor session regardless of source port or destination port due to the HW limitation. 5.2.14.1. show port-mirror session Use this command to display the port monitoring information for the specified session.
Type Direction in which source port configured for port mirroring. Types are tx for transmitted packets and rx for receiving packets. IP ACL The IP access-list id or name attached to the port mirroring session. MAC ACL The MAC access-list id or name attached to the port mirroring session. 5.2.14.2. port-monitor session source This command configures the source interface for a selected monitor session. Use the source interface slot/port parameter to specify the interface to monitor.
Default None Mode Global Config 5.2.14.3. no port-monitor session source Use this command to remove the specified mirrored port from the selected port mirroring session. Format no port-monitor session source { interface { | cpu | port-channel } [ {rx | tx} } | remote vlan | vlan } Default None Mode Global Config 5.2.14.4. port-monitor session destination This command configures the probe interface for a selected monitor session.
Default None Mode Global Config 5.2.14.5. no port-monitor session destination Use this command to remove the specified probe port from the selected port mirroring session. Format no port-monitor session destination { interface | remote vlan reflector-port } Default None Mode Global Config 5.2.14.6. port-monitor session filter This command attaches an IP/MAC ACL to a selected monitor session.
5.2.14.7. no port-monitor session filter Use this command to remove the specified IP/MAC ACL from the selected monitoring session. Format no port-monitor session filter { ip | mac } access-group Default None Mode Global Config 5.2.14.8. port-monitor session mode Use this command to configure the mode parameters to enable the administrative mode of the selected port mirroring session.
Format no port-monitor session Parameter Definition <1-4> Session number. The range of session id is 1 to 4 Default None Mode Global Config 5.2.14.11. no port-monitor This command removes all the source ports and a destination port and restores the default value for mirroring session mode for all the configured sessions. Format no port-monitor Default enabled Mode Global Config 5.2.15. Link State 5.2.15.1. show link state Show link state information.
Link Action This group was set which action Group State The state of this group 5.2.15.2. link state group action This command is used to Link DOWN the group downstream interface list when upstream link goes down (link is up othewise) or Link UP the group downstream interface list when upstream link goes down (link is down otherwise). Format link state group <1-48> action {down | up} no link state group <1-48> Parameter Description <1-48> The range of group id is 1 to 48.
5.2.16. Port-backup Commands This section describes commands you use to configure port-backup group. Port- backup group consists of two ports, one port is used under normal condition and treated as an “active port”, the other port is NOT used while the other port is active mode and it is treated as a “Backup (Stand-by) port”. 5.2.16.1. show port-backup This command displays information about port-backup group.
5.2.16.4. port-backup group Use this command to create the port backup group. Format port-backup group [] Default NA Mode Global Config 5.2.16.5. no port-backup group Use this command to destroy the port-backup group. Format no port-backup group Mode Global Config 5.2.16.6. port-backup group active Use this command to set active port for a port-backup group. Format port-backup group active Default NA Mode Interface Config 5.2.16.7.
Format port-backup group backup Default NA Mode Interface Config 5.2.16.9. no port-backup group backup Use this command to reset backup port for a port-backup group. Format no port-backup group backup Mode Interface Config 5.2.16.10. port-backup group enable Use this command to enable a port-backup group. Format port-backup group enable Default Disable Mode Global Config 5.2.16.11.
5.2.16.13. port-backup group failback-time Use this command to set auto-failback time for a port-backup group. Setting the value to 0 means that autofailback time feature is disabled. Format port-backup group failback-time 0 port-backup group failback-time <10-60> Default 60s Mode Global Config 5.2.16.14. no port-backup group failback-time Use this command to reset auto-failback time for a port-backup group.
5.3. Provisioning (IEEE 802.1p) Commands This section describes the commands you use to configure provisioning (IEEE 802.1p,) which allows you to prioritize ports. 5.3.1. switchport priority all This command configures the port priority assigned for untagged packets for all ports presently plugged into the device. Any subsequent per port configuration will override this configuration setting. Format switchport priority all <0-7> Default 0 Mode Global Config 5.3.2.
5.4. Management Commands 5.4.1. Network Commands 5.4.1.1. show ip interface This command displays configuration settings associated with the switch's network interface. The network interface is the logical interface used for in-band connectivity with the switch via any of the switch's front panel ports. The configuration parameters associated with the switch's network interface do not affect the configuration of the front panel ports through which traffic is switched or routed.
5.4.1.3. mtu Use the mtu command to set the maximum transmission unit(MTU) size, in bytes, for frames that ingress or egress the interface. You can use the mtu command to configure jumbo frame support for physical and portchannel(LAG) interfaces. Note: To receive and process packets, the Ethernet MTU must include any extra bytes that Layer-2 headers might require. To configure the IP MTU size, which is the maximum size of the IP packet(IP Header + IP payload).
Format ip address {subnetmask | /prefix-length} [secondary] Parameter Definition ipaddr The IP address of the interface. subnetmask A 4-digit dotted-decimal number which represents the subnet mask of the interface. masklen Implements RFC 3021. Using the/notation of the subnet mask, this is and integer that indicates the length of subnet mask. Range is 5 to 32 bits. Default IP address: 0.0.0.0 Subnet Mask: 0.0.0.
no Restore the default IP address of the default gateway. Default IP address: 0.0.0.0 Mode Global Config 5.4.1.9. ip address dhcp This command enables the DHCPv4 client on an in-band interface so that it can acquire network information, such as the IP address, subnet mask, and default gateway, from a network DHCP server. Format ip address dhcp [{client-id | restart}] Parameter Definition client-id Enable the DHCP client to specify the unique client identifier (option 61).
5.4.1.12. no ip filter Disable ip filter. Format no ip filter Mode Global Config 5.4.1.13. ip filter {ipv4|ipv6}[] This command is used to set an IP address to be a filter. Format ip filter {ipv4 [] | ipv6 } no ip filter Parameter Definition The name of the IP filter. Specifies an IP address to the filter. Specifies the mask for a range filter.
Default None Mode Privileged Exec Display Message Parameter Definition Serial Port Login Timeout (minutes) Specifies the time, in minutes, of inactivity on a Serial port connection, after which the Switch will close the connection. Any numeric value between 0 and 160 is allowed, the factory default is 5. A value of 0 disables the timeout. Baud Rate The default baud rate at which the serial port will try to connect.
Default 115200 Mode Line Config 5.4.2.4. no baudrate This command sets the communication rate of the terminal interface to 115200. Format line console Mode Line Config 5.4.2.5. exec-timeout This command specifies the maximum connect time (in minutes) without console activity. A value of 0 indicates that a console can be connected indefinitely. The time range is 0 to 160. Format exec-timeout <0-160> Default 5 Mode Line Config 5.4.2.6.
5.4.2.8. no password-threshold This command sets the maximum value to the default. Format no password-threshold Mode Line Config 5.4.2.9. silent-time This command uses to set the amount of time the management console is inaccessible after the number of unsuccessful logon tries exceeds the threshold value. Format silent-time <0-65535> Default 0 Mode Line Config 5.4.2.10. no silent-time This command sets the maximum value to the default. Format no silent-time Mode Line Config 5.4.2.11.
5.4.2.12. line password This command is used to specify the password for the line mode. Format password [] Default None Mode Line Config no password (Line Config) This command set the password for the line mode to default. Format no password Mode Line Config 5.4.3. Telnet Session Commands 5.4.3.1. telnet This command establishes a new outbound telnet connection to a remote host.
5.4.3.2. show line vty This command displays telnet settings. Format show line vty Default None Mode Privileged Exec Display Message Parameter Definition Remote Connection Login Timeout (minutes) This object indicates the number of minutes a remote connection session is allowed to remain inactive before being logged off. A zero means there will be no timeout. May be specified as a number from 0 to 160. The factory default is 5.
Changing the timeout value for active sessions does not become effective until the session is reaccessed. Any keystroke will also activate the new timeout duration. i Format exec-timeout <1-160> Default 5 Mode Line Vty Example: (M4500-32C) #configure (M4500-32C) (Config)#line vty (M4500-32C) (Config-vty)#exec-timeout 10 5.4.3.5. no exec-time out This command sets the remote connection session timeout value, in minutes, to the default. Format no exec-timeout Mode Line Vty 5.4.3.6.
5.4.3.7. no password-threshold This command sets the maximum value to the default Format no password-threshold Mode Line Vty 5.4.3.8. maxsessions This command specifies the maximum number of remote connection sessions that can be established. A value of 0 indicates that no remote connection can be established. The range is 0 to 5. Format maxsessions <0-5> Default 5 Mode Line Vty Example: (M4500-32C) #configure (M4500-32C) (Config)#line vty (M4500-32C) (Config-vty)#maxsessions 5 5.4.3.9.
Mode Line Vty 5.4.3.11. no server enable This command disables telnet server. If telnet server is disabled, all telnet sessions are droped. Format no server enable Mode Line Vty 5.4.3.12. sessions This command regulates new telnet sessions. If sessions are enabled, new telnet sessions can be established until there are no more sessions available. If sessions are disabled, no new telnet sessions are established.
5.4.3.15. no telnet sessions This command disables new outbound telnet connections. If disabled, no new outbound telnet connection can be established. Format no telnet sessions Mode Global Config 5.4.3.16. telnet maxsessions This command specifies the maximum number of simultaneous outbound telnet sessions. A value of 0 indicates that no outbound telnet session can be established. Format telnet maxsessions <0-5> Default 5 Mode Global Config 5.4.3.17.
5.4.3.19. no telnet exec-timeout This command sets the remote connection session timeout value, in minutes, to the default. Format no telnet exec-timeout Mode Global Config 5.4.3.20. show telnet This command displays the current outbound telnet settings.
The SNMP agent of the switch complies with SNMP versions 1, 2c, and 3 (for more about the SNMP specification, see the SNMP RFCs). The SNMP agent sends traps through TCP/IP to an external SNMP manager based on the SNMP configuration (the trap receiver and other SNMP community parameters). Note: By default, no community strings such as ‘private’ or ‘public’ exist for SNMPv1 and SNMPv2. In addition, the MD5 authentication procotol is used for SNMPv3, and the ‘None’ authentication protocol is not allowed.
Username The user this mapping configures. Security Level The authentication and encryption level for snmpv3. NoAuth-N No authentication checksum and no encryption algorithm assigned. Auth-NoP Md5 or sha authentication checksum assigned and no encryption algorithm assigned. Auth-Pri Md5 or sha authentication checksum and des encryption algorithm assigned. 5.4.4.2. snmp-server sysname This command sets the name of the switch. The range for name is from 1 to 64 alphanumeric characters.
5.4.4.4. snmp-server contact This command sets the name of the organization responsible for the network. The name can be from 1 to 255 alphanumeric characters. Format snmp-server contact Parameter Definition The name can be from 1 to 255 alphanumeric characters. Default None Mode Global Config 5.4.4.5. snmp-server community This command adds a new SNMP community, and optionally sets the access mode, allowed IP address, and creates a view for the community.
5.4.4.6. no snmp-server community This command deletes snmp community. Format no snmp-server community Mode Global Config 5.4.4.7. snmp-server community-group This command configures a community access string to permit access via the SNMPv1 and SNMPv2c protocols. Format snmp-server community-group [ipaddress ] Parameter Definition The community which is created and then associated with the group.
Parameter Definition Local SNMP EngineID The current configuration of the displayed SNMP engineID. Example: The following shows examples of the CLI display output for the commands. (M4500-32C) (Config)#show snmp engineid Local SNMP engineID : 80001c4c032c600c83ad47 5.4.4.10. snmp-server engineid This command configures snmp engineID on the local device. Note: Changing the engineID will invalidate all SNMP configuration that exists on the box.
5.4.4.12. show snmp filters This command displays the configured filters used when sending traps. Format show snmp filters [] Default None Mode Privileged Exec Display Message Parameter Definition Name The filter name for this entry. OID Tree The OID tree this entry will include or exclude. Type Indicates if this entry includes or excludes the OID Tree. Example: The following shows examples of the CLI display output for the commands.
5.4.4.14. no snmp-server filter [] This command removes the specified filter. Format no snmp-server filter [] Mode Global Config 5.4.4.15. show snmp user This command displays the currently configured SNMPv3 users. Format show snmp user [] Default None Mode Privileged Exec Display Message Parameter Definition Name The name of the user. Group Name The group that defines the SNMPv3 access parameters.
5.4.4.16. snmp-server user This command creates an SNMPv3 user for access to the system. Format snmp-server user [remote ] {[auth-md5 | auth-md5-key | auth-sha | auth-sha-key ] [priv-des-key ]} Parameter Definition The username the SNMPv3 user will connect to the switch as. The range is 1 to 30 characters. The name of the group the user belongs to. The range is 1 to 30 characters.
Display Message Parameter Definition Name The name of the group. Security Model Indicates which protocol can access the system via this group. Security Level Indicates the security level allowed for this group. Read View The view this group provides read access to. Write View The view this group provides write access to. Notify View The view this group provides trap access to. Example: The following shows examples of the CLI display output for the commands.
5.4.4.19. snmp-server group This command creates an SNMP access group. Format snmp-server group [v1 | v2 | v3 {auth | priv}] {[read ] | [write ] | [context ] | [notify ]} Parameter Definition The group name to be used when configuring communities or users. The range is 1 to 30 characters. v1 This group can only access via SNMPv1. v2 This group can only access via SNMPv2c. v3 This group can only access via SNMPv3.
Default None Mode Privileged Exec Display Message Parameter Definition Name The view name for this entry. OID Tree The OID tree that this entry will include or exclude. Type Indicates if this entry includes or excludes the OID tree. Example: The following shows examples of the CLI display output for the commands.
Mode Global Config 5.4.4.23. no snmp-server view This command removes the specified view. Format no snmp-server view [] Mode Global Config 5.4.5. SNMP Trap Commands 5.4.5.1. snmp-server host traps This command configures traps to be sent to the specified host.
5.4.5.2. no snmp-server host This command deletes trap receivers. Format no snmp-server host Mode Global Config 5.4.5.3. show trapflags This command displays trap conditions. Configure which traps the switch should generate by enabling or disabling the trap condition. If a trap condition is enabled and the condition is detected, the switch's SNMP agent sends the trap to all enabled trap receivers. The switch does not have to be reset to implement the changes.
Power Supply Module state May be enabled or disabled. The factory default is enabled. Indicates whether trap power supply status traps will be sent. Temperature trap May be enabled or disabled. The factory default is enabled. Indicates whether temperature status traps will be sent. Fan trap May be enabled or disabled. The factory default is enabled. Indicates whether fan status traps will be sent. FIP snooping Traps May be enabled or disabled. The factory default is enabled.
Format snmp trap link-status all Default Disabled Mode Global Config 5.4.5.5. no snmp trap link-status all This command disables link status traps for all interfaces. Format no snmp trap link-status all Mode Global Config 5.4.5.6. snmp-server enable traps acl-trapflags This command enables the acl trap. Format snmp-server enable traps acl-trapflags Default Disabled Mode Global Config 5.4.5.7. no snmp-server enable traps acl-trapflags This command disables the acl trap.
5.4.5.9. no snmp-server enable traps authentication This command enables the Authentication trap. Format no snmp-server enable traps authentication Mode Global Config 5.4.5.10. snmp-server enable traps bgp state-changes limited This command enables the BGP trap. Format snmp-server enable traps bgp state-changes limited Default Disabled Mode Global Config 5.4.5.11. no snmp-server enable traps bgp state-changes limited This command disables the BGP trap.
Mode Global Config 5.4.5.14. snmp-server enable traps linkmode This command enables Link Up/Down traps for the entire switch. When enabled, link traps are sent only if the Link Trap flag setting associated with the port is enabled (see ‘snmp trap link-status’ command). Format snmp-server enable traps linkmode Default Enabled Mode Global Config 5.4.5.15. no snmp-server enable traps linkmode This command disables Link Up/Down traps for the entire switch.
5.4.5.17. snmp-server enable traps ospf This command enables OSPF traps.
approaching-overflow} | retransmit {all | packets | virt-packets} | state-change {all | if-state-change | neighbor-state-change | virtif-state-change | virtneighbor-state-change}} Mode Global Config 5.4.5.21. snmp-server enable traps pim This command enables PIM traps. Format snmp-server enable traps pim Default Disabled Mode Global Config 5.4.5.22. no snmp-server enable traps pim This command disables PIM trap. Format no snmp-server enable traps pim Mode Global Config 5.4.5.23.
5.4.5.25. snmp-server enable traps stpmode This command enables the sending of new root traps and topology change notification traps. Format snmp-server enable traps stpmode Default Enabled Mode Global Config 5.4.5.26. no snmp-server enable traps stpmode This command disables the sending of new root traps and topology change notification traps. Format no snmp-server enable traps stpmode Mode Global Config 5.4.5.27.
Default Disabled Mode Global Config 5.4.5.30. no snmp-server enable traps transceiver This command disables the transceiver trap. Format no snmp-server enable traps transceiver Mode Global Config 5.4.5.31. snmp-server enable traps violation This command enables the violation trap. Format snmp-server enable traps violation Default Disabled Mode Global Config Interface Config 5.4.5.32. no snmp-server enable traps violation This command disables the violation trap.
Mode Privileged Exec Display Message Parameter Definition SNMP trap Client Source Interface The interface configured as the source interface for the SNMP trap/inform client. SNMP trap Client IPv4 Address The IP address configured on the SNMP client source interface. Example: The following shows examples of the CLI display output for the commands. (M4500-32C) (Config)#show snmp source-interface SNMP trap Client Source Interface.............. serviceport SNMP trap Client Source IPv4 Address...........
5.4.5.35. no snmptrap source-interface This command removes the global source-interface for all SNMP communication between the SNMP client and the server. Format no snmptrap source-interface Mode Global Config 5.4.5.36. snmp trap link-status This command enables link up/down traps for the specified port. Format snmp trap link-status Default Enabled Mode Interface Config 5.4.5.37. no snmp trap link-status This command disables link status traps for the specified interfaces.
Community string sent as part of the notification. The range is 1 to 20 characters. The filter name to associate with this host. Filters can be used to specify which informs are sent to this host. The range is 1 to 30 characters. The SNMP Inform receiver port. The default is port 162. The number of times to resend an Inform. The default is 3 attempts. The range is 1 to 255 retries.
Protocol Levels The protocol level supports. SSH Sessions Currently Active This field specifies the current number of SSH connections. Max SSH Sessions Allowed The maximum number of inbound SSH sessions allowed on the switch. SSH Timeout This field is the inactive timeout value for incoming SSH sessions to the switch. Keys Present Indicates whether the SSH RSA and DSA key files are present on the device.
Default None Mode Privileged Exec Display Message Parameter Definition Public Key Owners A username list which indicates the owners of public keys in this device. 5.4.7.4. ip ssh This command is used to enable SSH. Format ip ssh Default Enabled Mode Global Config 5.4.7.5. no ip ssh This command is used to disable SSH. Format no ip ssh Mode Global Config 5.4.7.6. ip ssh maxsessions This command specifies the maximum number of SSH connection sessions that can be established.
Mode Global Config 5.4.7.8. ip ssh port This command specifies the listen port number of SSH service. The range is 1 to 65535. Format ip ssh port <1-65535> Default 1234 Mode Global Config 5.4.7.9. no ip ssh port This command sets the listen port number of SSH service to the default value. Format no ip ssh port Mode Global Config 5.4.7.10. ip ssh timeout This command specifies the maximum idle time for each SSH login session. The range is 1 to 160 minutes.
Default Enabled Mode Global Config 5.4.7.13. no ip ssh user-password-auth This command is used to disable the SSH authentication mode of user password. Format no ip ssh user-password-auth Mode Global Config 5.4.7.14. ip ssh user-public-key-auth This command is used to enable the SSH authentication mode of user public key. Format ip ssh user-public-key-auth Default Disabled Mode Global Config 5.4.7.15.
5.4.8.2. no crypto key generate {RSA | DSA} This command is used to delete the RSA or DSA key from the device. Format no crypto key generate {RSA | DSA} Mode Global Config 5.4.8.3. crypto certificate generation This command is used to generate a certificate for HTTPS. Format crypto certificate generate Default None Mode Global Config 5.4.8.4. no crypto certificate generate This command is used to delete the certificate from the device.
5.4.9.2. no dhcp client vendor-id-option This command is used to restore to default value. Format no dhcp client vendor-id-option Mode Global Config 5.4.9.3. dhcp client vendor-id-option-string This command is used to set the DCHP Option 60 string in the requests transmitted to the DHCP server by the DHCP client in this switch. The length of the string is from 0 to 128 characters. Use the no form to restore to default value.
DHCP Client Vendor Identifier Option String The string to be included in the Vendor ID Option 5.4.9.6. show dhcp lease This command is used to display the DHCP client lease parameters. Format show dhcp lease [interface { | vlan }] Default None Mode Privilege Exec Display Message Parameter Definition IP address The IP address allocated by DHCP server and correspond interface. Subnet mask The IP subnet mask allocated by DHCP server for the interface.
Mode Privilege Exec Display Message Parameter Definition sFlow Version Uniquely identifies the version and implementation of this MIB. The version string must have the following structure: MIB Version; Organization; Software Revision where: • MIB Version: 1.3, the version of this MIB. • Organization: Netgear. • Revision: The version of FW IP Address 5.4.10.2. The IP address associated with this agent.
Receiver Index The sFlow Receiver associated with the sampler/poller. Owner String The identity string for receiver, the entity making use of this sFlowRcvrTable entry. Time Out The time (in seconds) remaining before the receiver is released and stops sending samples to sFlow receiver. The no timeout value of this parameter means that the sFlow receiver is configured as a non-timeout entry. Max Datagram Size The maximum number of bytes that can be sent in a single sFlow datagram.
5.4.10.5. show sflow source-interface The user can go to the CLI Privilege Exec to get the configured source interface for sFlow, use the show sflow source-interface Privilege command. Format show sflow source-interface Default None Mode Privilege Exec Display Message Parameter Definition sFlow Client Source interface The interface ID of the physical or logical interface configured as the sFlow client source interface.
Parameter Definition The identity string for the receiver, the entity making use of this sFlowRcvrTable entry. The range is 127 characters. The default is a null string. The empty string indicates that the entry is currently unclaimed and the receiver configuration is reset to the default values. An entity wishing to claim an sFlowRcvrTable entry must ensure that the entry is unclaimed before trying to claim it. The entry is claimed by setting the owner string to a non-null value.
Mode Global Config 5.4.10.12. sflow receiver port Use this command to configure the destination UDP port for the sFlow collector. Format sflow receiver port <1-65535> Default 6343 Mode Global Config 5.4.10.13. no sflow receiver port Use the no sflow receiver port return to default UDP port 6343. Format no sflow receiver port Mode Global Config 5.4.10.14. sflow poller interval Use this command to configure the sFlow instance polling interval.
5.4.10.15. no sflow poller interval Use the no sflow poller interval return to default value zero. Format no sflow poller interval Mode Interface Config 5.4.10.16. sflow sampler index Use this command to configure a new sFlow sampler instance on an interface or a range of interfaces for this data source if the specified receiver is valid. A data source configured to collect flow samples is called a sampler. Flow samples for the sFlow sampler are sent to the sFlow receiver.
Format no sflow poller Mode Interface Config 5.4.10.20. sflow source-interface Use this command to specify the physical or logical routing interface to use as the sFlow client source interface. If configured, the address of source interface is used for all sFlow communications between the sFlow receiver and the sFlow client. Otherwise there is no change in behavior. If service port is configured as the source interface, sFlow packets will be transmitted via source port only.
is 1024-65536 and 0. Format sflow sampler rate Default 0 Mode Interface Config 5.4.10.23. no sflow sampler rate Use the no sflow sampler rate return to default setting. Format no sflow sampler rate Mode Interface Config 5.4.10.24. sflow sampler maxheadersize Use this command to configure the maximum number of bytes that should be copied from the sampler packet. The range is 20-256. When set to zero (0), all the sampler parameters are set to their corresponding default value.
Default None Mode Privileged Exec Display Message Parameter Definition Interface Status Indicates whether the interface is up or down. IP Address The IP address of the interface. The factory default value is 192.168.0.238. Subnet Mask The IP subnet mask for this interface. The factory default value is 255.255.255.0. Default Gateway The default gateway for this IP interface. The factory default value is 0.0.0.0. IPv6 Administrative Mode Whether enabled or disabled. Default value is enabled.
Parameter Definition DHCPv6 Advertisement Packets Received The number of DHCPv6 Advertisement packets received on the network. DHCPv6 Reply Packets Received The number of DHCPv6 Reply packets received on the network interface. Received DHCPv6 Advertisement Packets Discard The number of DHCPv6 Advertisement packets discarded on the network. Received DHCPv6 Reply Packets Discarded The number of DHCPv6 Reply packets discarded on the network interface.
DHCPv6 Malformed Packets Received.............. 0 Total DHCPv6 Packets Received.................. 0 DHCPv6 Solicit Packets Transmitted............. 0 DHCPv6 Request Packets Transmitted............. 0 DHCPv6 Renew Packets Transmitted............... 0 DHCPv6 Rebind Packets Transmitted.............. 0 DHCPv6 Release Packets Transmitted............. 0 Total DHCPv6 Packets Transmitted............... 0 5.4.11.3.
IPv6 Address isRtr State ------------------------------------ ----------------- ----- --------- ------ fe80::290:e8ff:feaa:35 Dynamic 00:90:e8:aa:00:35 True Stale 3 fe80::a9e:1ff:feff:eed4 Dynamic 08:9e:01:ff:ee:d4 True Stale 3 5.4.11.4. Type MAC Address (Secs) serviceport ip This command sets the IP address, the netmask and the gateway of the service port. User can specify the none option to clear the Ipv4 address, mask, and the default gateway.
Periodically sends requests to a DHCPv6 server until a response is received. Option restart is used to restart DHCPv6 client. dhcp6 Default DHCP with client-id Mode Global Config 5.4.11.6. serviceport ipv6 enable Use this command to enable IPv6 operation on the service port. Format serviceport ipv6 enable Default Enabled Mode Global Config 5.4.11.7. no serviceport ipv6 enable Use this command to disable IPv6 operation on the service port.
Default None Mode Global Config 5.4.11.9. no serviceport ipv6 address This command removes all configured IPv6 prefixes on the service port interface. Use this command with the address option to remove the manually configured IPv6 global address. Use the command with the autoconfig option to disable the stateless global address autoconfiguration on the service port. Format no serviceport ipv6 address [{
/ [eui64] | autoconfig}] Mode Global Config 5.4.11.10.Default None Mode Privileged Exec 5.4.11.13. serviceport ipv6 neighbor Use this command to configure IPv6 neighbor information for the service port. Format serviceport ipv6 neighbor Default None Mode Global Config 5.4.11.14. no serviceport ipv6 neighbor Use this command to remove IPv6 neighbor on the service port interface. Format no serviceport ipv6 neighbor Mode Global Config 5.4.12. Time Range Commands 5.4.12.1.
Maximum number of all Time Ranges The maximum number of time ranges can be configured. Time Range Name Name of the time range. Time Range Status Status of the time range (active/inactive). Absolute Start Time Start time and day for absolute time entry. Absolute End Time End time and day for absolute time entry. Periodic Entries Number of periodic entries in a time-range. Periodic Start Time Start time and day for periodic entry. Periodic End Time End time and day for periodic entry. 5.4.12.
Parameter Definition time range name. Default None Mode Global Config 5.4.12.5. no time-range This command deletes a time-range identified by name. Format no time-range Mode Global Config 5.4.12.6. absolute Use this command to add an absolute time entry to a time range. Only one absolute time entry is allowed per time-range. The time parameter is based on the currently configured time zone.
5.4.12.8. periodic Use this command to add a periodic time entry to a time range. The time parameter is based off of the currently configured time zone. The first occurrence of the days-of-the-week argument is the starting day(s) from which the configuration that referenced the time range starts going into effect. The second occurrence is the ending day or days from which the configuration that referenced the time range is no longer in effect.
Format kron occurrence {at {<1-31> <2000-2037>| {oneshot | recurring}| oneshot | recurring} | in {oneshot | recurring}} Parameter Definition Specifies an occurrence name. at Date of the kron occurrence. Time of the day for the occurrence. <1-31> Day of the month. Month of the year, for example, jan, feb, and so on. <2000-2037> Specifies the year. Day of the week, for example, mon, tue, and so on.
Mode Kron Occurrence Config 5.4.13.4. no policy-list This command dissociates the specified policy-list by name with the occurrence. Format no policy-list Mode Kron Occurrence Config 5.4.13.5. kron policy-list Policy lists consist of one or more lines of fully-qualified EXEC CLI commands. All commands in a policy list are executed when the policy list is run by Command Scheduler using the kron occurrence command. The policy lists is run in the order in which it was configured.
Parameter Definition Exec level cli to be executed. Default None Mode Kron Policy-list Config 5.4.13.8. no cli … This command deletes a list of CLI command lines. Format no cli ... Mode Kron Policy-list Config 5.4.14. Switch Database Management Template Commands A Switch Database Management (SDM) template is a description of the maximum resources a switch or router can use for various features.
dual-ipv4-and-ipv6 dcvpndata-center (Optional)Lists the scaling parameters for the Dual IPv4 and IPv6 template for the DCVPN feature. dual-ipv4-and-ipv6 default (Optional) Lists the scaling parameters for the template supporting IPv4 and IPv6. ipv4-routing data-center default (Optional) Lists the scaling parameters for the IPv4-only template supporting more ECMP next hops.
dual-ipv4-and-ipv6 datacenter Increase the number of ECMP next hops in each route to 32 and reduce the number of IPv4 and IPv6 unicast routes. dual-ipv4-and-ipv6 dcvpndata-center Maximize the number of IPv4 and IPv6 unicast routes while supporting DCVPN feature. dual-ipv4-and-ipv6 default Maximize the number of IPv4 and IPv6 unicast routes while limiting the number of ECMP next hops in each route to 4.
Display Message Fields Definition index An index that uniquely identifies an entry in the table. Each entry defines a diagnostic sample at a particular interval for an object on the device. The range is 1 to 65535. OID The object identifier of the particular variable to be sampled. Only variables that resolve to an ASN.1 primitive type of integer. interval The interval in seconds over which the data is sampled and compared with the rising and falling thresholds. The range is 1 to 2147483647.
Last Sample Value: 5 Interval: 5 Sample Type: absolute Startup Alarm: rising-falling Rising Threshold: 100 Falling Threshold: 10 Rising Event: 1 Falling Event: 2 Owner: mibbrowser 5.4.15.2. show rmon collection history This command displays the entries in the RMON history control table. Format show rmon collection history [interfaces ] Mode Privileged EXEC Display Message Fields Definition index An index that uniquely identifies an entry in the historyControl table.
Example: (M4500-48XF8C) #show rmon collection history Index Interface Interval Requested Granted Samples Samples Owner ----- --------- -------- --------- ------- ----------------------- 1 0/1 30 50 10 monitorHistoryControl 2 0/1 1800 50 10 monitorHistoryControl 3 0/2 30 50 10 monitorHistoryControl 4 0/2 1800 50 10 monitorHistoryControl 5 0/3 30 50 10 monitorHistoryControl 6 0/3 1800 50 10 monitorHistoryControl --More-- or (q)uit (M4500-48XF8C) #show rmon co
index An index that uniquely identifies an entry in the event table. Each such entry defines one event that is to be generated when the appropriate conditions occur. The range is 1 to 65535. description A comment describing the event entry. The default is alarmEvent. type The type of notification that the probe makes about the event. Possible values are None, Log, SNMP Trap, Log and SNMP Trap. The default is None.
Requested samples The number of samples (interval) requested for the RMON history entry. Granted samples The number of samples granted for the RMON history entry. Maximum table size Maximum number of entries that the history table can hold. Output for Errors Parameter Time Time at which the sample is collected, displayed as period seconds. CRC Align Number of CRC align errors. Undersize Total number of undersize packets.
Example: (M4500-48XF8C) #show rmon history 1 errors Sample set: 1 Interface: 0/1 Owner: monitorHistoryControl Interval: 30 Requested Samples: 50 Granted Samples: 10 Maximum table size: 630 Time CRC Align Undersize Oversize Fragments Jabbers -------------------- --------- --------- -------- --------- ------- May 06 2020 07:03:43 0 0 0 0 0 May 06 2020 07:04:13 0 0 0 0 0 May 06 2020 07:04:44 0 0 0 0 0 May 06 2020 07:05:14 0 0 0 0 0 May 06 2020 07:05:44 0 0 0 0 0 May
May 06 2020 07:05:44 0 0 May 06 2020 07:06:14 0 0 May 06 2020 07:06:44 0 0 May 06 2020 07:07:14 0 0 May 06 2020 07:07:44 0 0 May 06 2020 07:08:15 0 0 May 06 2020 07:08:45 0 0 (M4500-48XF8C) #show rmon history 1 throughput Sample set: 1 Interface: 0/1 Owner: monitorHistoryControl Interval: 30 Requested Samples: 50 Granted Samples: 10 Maximum table size: 630 Time Octets Packets Broadcast Multicast Util -------------------- ------ ------- --------- --------- ---- May 06 2020 07:04:13
Mode Privileged EXEC Display Message Fields Definition Maximum table size Maximum number of entries that the log table can hold. Event Event index for which the log is generated. Description A comment describing the event entry for which the log is generated. Time Time at which the event is generated.
Packets Total number of packets received (including error packets) on the interface. Broadcast Total number of good broadcast packets received on the interface. Multicast Total number of good multicast packets received on the interface. CRC Align Errors Total number of packets received have a length (excluding framing bits, including FCS octets) of between 64 and 1518 octets inclusive. Collisions Total number of collisions on the interface. Undersize Pkts Total number of undersize packets.
HC Overflow Pkts 65 - 127 Octets: 0 HC Pkts 65 - 127 Octets: 6063 HC Overflow Pkts 128 - 255 Octets: 0 HC Pkts 128 - 255 Octets: 0 HC Overflow Pkts 256 - 511 Octets: 0 HC Pkts 256 - 511 Octets: 0 HC Overflow Pkts 512 - 1023 Octets: 0 HC Pkts 512 - 1023 Octets: 0 HC Overflow Pkts 1024 - 1518 Octets: 0 5.4.15.7. HC Pkts 1024 - 1518 Octets: 0 show rmon hcalarms This command displays the entries in the RMON high-capacity alarm table.
Falling Threshold Low The lower 32 bits of the absolute value for threshold for the sampled statistic. The range is 0 to 4294967295. The default is 1. Falling Threshold Status This object indicates the sign of the data for the falling threshold, as defined by the objects hcAlarmFallingThresAbsValueLow and hcAlarmFallingThresAbsValueHigh. Possible values are valueNotAvailable, valuePositive, or valueNegative. The default is valuePositive.
Falling Threshold Low: 1 Falling Threshold Status: Positive Rising Event: 1 Falling Event: 2 Startup Alarm: Rising-Falling Owner: monitorHCAlarm 5.4.15.8. rmon alarm This command sets the RMON alarm entry in the RMON alarm MIB group.
owner string The owner string associated with the entry. The default is monitorAlarm. Example: (M4500-48XF8C) (Config)#rmon alarm 1 ifInErrors.2 30 absolute rising-threshold 100 1 falling-threshold 10 2 startup rising owner myOwner 5.4.15.9. no rmon alarm This command deletes the RMON alarm entry Format Mode Global Config 5.4.15.10. rmon hcalarm This command sets the RMON hcalarm entry in the High Capacity RMON alarm MIB group.
rising-threshold value The upper 32 bits of the absolute value for threshold for the sampled statistic. The range low is 0 to 4294967295. The default is 0. value status This object indicates the sign of the data for the rising threshold, as defined by the objects hcAlarmRisingThresAbsValueLow and hcAlarmRisingThresAbsValueHigh. Possible values are valueNotAvailable, valuePositive, or valueNegative. The default is valuePositive.
Parameter Description event number An number that uniquely identifies an entry in the event table. Each such entry defines one event that is to be generated when the appropriate conditions occur. The range is 1 to 65535. string A comment describing the event entry. The default is alarmEvent. type The type of notification that the probe makes about the event. Possible values are None, and Log, SNMP Trap, Log and SNMP Trap. The default is None. owner string Owner string associate with the entry.
number The requested number of discrete time intervals over which data is to be saved The range is 1 to 65535. The default is 50. interval The interval in seconds over which the data is sampled. The range is 1 to 3600. The default is 1800. owner string The owner string associated with the entry. The default is monitorHistoryControl. Example: (M4500-48XF8C) (Interface 0/1)#rmon collection history 1 buckets 10 interval 30 owner myOwner 5.4.15.15.
Format stats group group {id | name} tierange time reporing list of reporting methods no stats group group {id | name} Mode Global Config Parameter Definition Group ID, name Name of the group of statistics or its identifier to apply on the interface. The range is: 1. received 2. received-errors 3. transmitted 4. transmitted-errors 5. received- transmitted 6. port-utilization 7. congestion The default is none.
5.4.16.2. stats flow-based (Global Config) This command configures flow based statistics rules for the given parameters over the specified time range. Only an IPv4 address is allowed as source and destination IP address.
(Routing) (Config)#stats flow-based 2 timerange test srcip 1.1.1.1 dstip 2.2.2.2 srctcpport 123 dsttcpport 123 srcudpport 123 dstudpport 123 (Routing) (Config)# no stats flow-based 1 (Routing) (Config)# no stats flow-based 2 5.4.16.3. stats flow-based reporting This command configures the reporting mechanism for all the flow-based rules configured on the system. There is no per flow-based rule reporting mechanism. Setting the reporting method as none resets all the reporting methods.
5. received- transmitted 6. port-utilization 7. congestion The default is none. Example: The following shows examples of the command. (Routing) (Interface 0/1-0/10)# stats group 1 (Routing) (Interface 0/1-0/10)# stats group 2 (Routing) (Interface 0/1-0/10)# no stats group 1 (Routing) (Interface 0/1-0/10)# no stats group 2 5.4.16.5. stats flow-based (Interface Config) This command applies the flow-based rule specified by the id on an interface or interface-range.
Format show stats group {group-id | name} Mode Privileged EXEC Parameter Definition Group ID, name Specify the ID or name of the group. The ID and name associations are as follows: 1. received 2. received-errors 3. transmitted 4. transmitted-errors 5. received- transmitted 6. port-utilization 7. congestion The default is none. Example: The following shows examples of the command.
Rx 65to128 0/4 0 Rx 65to128 lag 1 0 Rx 128to255 0/2 4758 Rx 128to255 0/4 0 Rx 128to255 lag 1 0 Rx 256to511 0/2 0 (Routing) #show stats group port-utilization Group: port-utilization Time Range: test Interface List -------------0/2, 0/4, lag 1 Interface Utilization (%) --------- --------------0/2 0 0/4 0 lag 1 0 5.4.16.7. show stats flow-based This command displays the configured time range, flow-based rule parameters and the interface list for the flow specified.
Flow based rule Id............................. 1 Time Range..................................... test Source IP...................................... 1.1.1.1 Source MAC..................................... 1234 Source TCP Port................................ 123 Source UDP Port................................ 123 Destination IP................................. 2.2.2.2 Destination MAC................................ 1234 Destination TCP Port........................... 123 Destination UDP Port...............
Interface Hit Count --------- --------0/1 100 0/2 0 (Routing) #show stats flow-based 2 Flow based rule Id............................. 2 Time Range..................................... test Source IP...................................... 1.1.1.1 Source TCP Port................................ 123 Source UDP Port................................ 123 Destination IP................................. 2.2.2.2 Destination TCP Port........................... 123 Destination UDP Port...........................
5.5. Spanning Tree Protocol Commands This section describes the commands you use to configure Spanning Tree Protocol (STP). STP helps prevent network loops, duplicate messages, and network instability. Note: STP is enabled on the switch and on all ports and LAGs by default. Note: If STP is disabled, the system does not forward BPDU messages. 5.5.1. show spanning-tree This command displays spanning tree settings for the common and internal spanning tree. The following details are displayed.
5.5.2. show spanning-tree interface This command displays the settings and parameters for a specific switch port within the common and internal spanning tree. The is the desired switch port. The following details are displayed on execution of the command.
VLAN Identifier................................ 1 Associated Instance............................ CST 5.5.4. show spanning-tree mst detailed This command displays the detailed settings for an MST instance. The instance <0-4094> is a number that corresponds to the desired existing multiple spanning tree instance ID. The following details are displayed.
5.5.6. show spanning-tree mst port detailed This command displays the detailed settings and parameters for a specific switch port within a particular multiple spanning tree instance. The parameter is a number that corresponds to the desired existing multiple spanning tree instance. The is the desired switch port.
Designated Root Designated Port Cost Designated Bridge Designated Port Identifier Topology Change Acknowledgement Hello Time Edge Port Edge Port Status Point To Point MAC Status CST Regional Root CST Internal Root Path Cost Loop Inconsistent State Transitions Into Loop Inconsistent State Transitions Out Of Loop Inconsistent State Identifier of the designated root for this port within the CST. Path Cost offered to the LAN by the Designated Port. The bridge containing the designated port.
5.5.8. show spanning-tree summary This command displays spanning tree settings and parameters for the switch. The following details are displayed on execution of the command. Format show spanning-tree summary Mode Privileged EXEC User EXEC Display Message Parameter Spanning Tree Admin mode Spanning Tree Forward BPDU Spanning Tree Version Definition Enabled or disabled. Enabled or disabled. Version of 802.1 currently supported (IEEE 802.1s, IEEE 802.1w, or IEEE 802.
5.5.10. spanning-tree This command sets the spanning-tree operational mode to enabled. Note: If the MST is enabled with MLAG, MST must be enabled on both MLAG peer devices. Format spanning-tree Default Enabled Mode Global Config 5.5.11. no spanning-tree This command sets the spanning-tree operational mode to disabled. While disabled, the spanning-tree configuration is retained and can be changed, but is not activated. Format no spanning-tree Mode Global Config 5.5.12.
5.5.14. spanning-tree protocol-migration This command enables BPDU migration check on a given interface. The all option enables BPDU migration check on all interfaces. Format spanning-tree protocol-migration { | port-channel | all} Default None Mode Global Config 5.5.15. spanning-tree configuration name This command sets the Configuration Identifier Name for use in identifying the configuration that this switch is currently using.
5.5.18. no spanning-tree configuration revision This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using to the default value. Format no spanning-tree configuration revision Mode Global Config 5.5.19. spanning-tree mode This command configures global spanning tree mode per VLAN spanning tree. On a switch, only one mode can be enabled at a time. Note: Both RSTP and MSTP can be enabled with MLAG.
Mode Global Config 5.5.22. no spanning-tree forward-time This command sets the Bridge Forward Delay parameter for the common and internal spanning tree to the default value. Format no spanning-tree forward-time Mode Global Config 5.5.23. spanning-tree max-age This command sets the Bridge Max Age parameter to a new value for the common and internal spanning tree.
Mode Global Config 5.5.26. spanning-tree max-hops This command sets the MSTP Max Hops parameter to a new value for the common and internal spanning tree. The max-hops value is a range from 6 to 40. Format spanning-tree max-hops <6-40> Default 20 Mode Global Config 5.5.27. no spanning-tree max-hops This command sets the Bridge Max Hops parameter for the common and internal spanning tree to the default value. Format no spanning-tree max-hops Mode Global Config 5.5.28.
5.5.30. spanning-tree mst instance This command adds a multiple spanning tree instance to the switch. The parameter mstid is a number within a range of 1 to 4094 that corresponds to the new instance ID to be added. The maximum number of multiple instances supported by the switch is 4. Format spanning-tree mst instance Default None Mode Global Config 5.5.31.
5.5.33. no spanning-tree mst priority This command sets the bridge priority for a specific multiple spanning tree instance to the default value. The parameter mstid <0-4094> is a number that corresponds to the desired existing multiple spanning tree instance. If 0 (defined as the default CIST ID) is passed as the mstid, this command sets the Bridge Priority parameter for the common and internal spanning tree to the default value. Format no spanning-tree mst priority Mode Global Config 5.5.34.
the path cost as a number in the range of 1 to 200000000 or auto. If you select auto the path cost value is set based on Link Speed. If you specify the port-priority option, this command sets the priority for this port within a specific multiple spanning tree instance or the common and internal spanning tree instance, depending on the mstid parameter. The port-priority value is a number in the range of 0 to 240 in increments of 16.
5.5.39. no spanning-tree port mode This command sets the Administrative Switch Port State for this port to disabled. Format no spanning-tree port mode Mode Interface Config 5.5.40. spanning-tree port model all This command sets the Administrative Switch Port State for all ports to enabled. Format spanning-tree port mode all Default Enabled Mode Global Config 5.5.41. no spanning-tree port mode all This command sets the Administrative Switch Port State for all ports to disabled.
5.5.43. no spanning-tree auto-edge This command resets the auto-edge status of the port to the default value. Format no spanning-tree auto-edge Mode Interface Config 5.5.44. spanning-tree cost Use this command to configure the external path cost for port used by a MST instance. When the auto keyword is used, the path cost from the port to the root bridge is automatically determined by the speed of the interface. To configure the cost manually, specify a cost value from 1 – 200000000.
5.5.47. no spanning-tree edgeport This command specifies that this port is not an Edge Port within the common and internal spanning tree. Format no spanning-tree edgeport Mode Interface Config 5.5.48. spanning-tree edgeport bpduguard This command sets the Edgeport BPDU Guard enable/disable parameter on this switch. Format spanning-tree edgeport bpduguard Default Disabled Mode Global Config 5.5.49.
5.5.51. no spanning-tree bpduguard Use this command to disable BPDU Guard on the interface. Format no spanning-tree bpduguard Mode Interface Config 5.5.52. spanning-tree guard Use this command to select whether loop guard or root guard is enabled on an interface or range of interfaces. Format spanning-tree guard {loop | root} Parameter Definition loop This command sets the Guard Mode to loop guard on this interface. root This command sets the Guard Mode to root guard on this interface.
5.5.55. no spanning-tree tcnguard Use this command to reset the TCN guard status of the port to the default value.
5.6. System Log Commands 5.6.1. show logging This command displays configurations of logging application.
Example: (M4500-32C) #show logging buffered Buffered (In-Memory) Logging Buffered Logging Wrapping Behavior Buffered Log Count : enabled : On : 33 Apr 28 19:35:09: %1-6-NIM: [396203556] nim_rif.c(352) 117 %% Set expandable port 0/50 count set to 1 Apr 28 19:35:09: %1-6-NIM: [396203556] nim_rif.c(352) 116 %% Set expandable port 0/49 count set to 1 Apr 28 19:35:05: %1-5-TRAPMGR: [397164180] traputil.
Apr 28 11:34:35: %1-5-General: [396148460] sdm_template_mgr.c(494) 3 %% Booting with default SDM template Data Center - IPv4 and IPv6. Apr 28 11:34:34: %1-6-General: [1209039980] procmgr.c(3677) 2 %% Application Terminated (user.start, ID = 7, PID = 686 Apr 28 11:34:33: %1-1-General: [396148460] usmdb_sim.c(3921) 1 %% Reboot 1 (0x1) (M4500-32C) # 5.6.3. logging buffered This command is used to enable or disable logging to the in-memory log. If the log buffer is full, the log wrap around.
In the following two examples, the severity level is set the warning level. (M4500-32C) #logging buffered 4 (M4500-32C) #logging buffered warning 5.6.6. logging buffered wrap This command enables wrapping of in-memory logging, it will overwrite old log records when full capacity reached. Otherwise when full capacity is reached, logging stops. Format [no] logging buffered wrap Default Enabled Mode Global Config 5.6.7. clear logging buffered This command clears all in-memory logs.
Number of Traps Since Log Last Viewed.......... 5 Log System Up Time Trap --- ------------------------ ------------------------------------------------0 Apr 28 19:35:51 2000 Cold Start: Unit: 0 1 Apr 28 19:35:05 2000 Temperature state change alarm: Unit Number: 1 Current: Normal, Previous: None 2 Apr 28 19:34:59 2000 Succeeded User Login: Console started for user admin connected from EIA-232.
5.6.10. logging host This command is used to add addresses of remote log hosts. The parameter “” could be IPv4 address, or IPv6 address, or domain name. This parameter needs to match next parameter {dns | ipv4 | ipv6} to clarify its format. The parameter “” means the service port number of remote log host.
5.6.12. logging host reconfigure This command is used to reconfigure the setting of existing log host. The parameter “” means logging host Index which could be found in the output of “show logging hosts". The parameter “” could be IPv4 address, or IPv6 address, or domain name. The parameter “” means the service port number of remote log host.
5.6.15. logging syslog facility This command sets the default facility used in syslog messages for components that do not have an internally assigned facility. The parameter “” can be one of the following keywords: kernel, user, mail, system, security, syslog, lpr, nntp, uucp, cron, auth, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7, all. Format logging syslog facility Default user Mode Global Config 5.6.16.
5.6.18. logging console severity level This command sets the severity level of logging console. The logging console only prints the messages which of level is equal or above severity level. The parameters “severitylevel” could be specified as either an integer from 0 to 7 or symbolically through one of the following keywords: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), informational (6), debug (7).
Example: Below two examples are some configurations, it sets severity level of logging monitor to warning. (M4500-32C) #logging monitor 4 (M4500-32C) #logging monitor warning 5.6.21. show logging cli-command-log This command displays the logging configuration and the received cli command messages. The log may not show in time order since QNOS only keeps the last 5000 logs in file and the new log entries overwrite the old ones when the logs number is more than 5000.
5.6.22. logging cli-command This command is used to enable or disable system logs the cli-command history to a file in global configuration mode. QNOS supports up to 5000 entries in cli-command history log. If the logs are more than 5000 entries, QNOS removes the oldest log and writes the new entry. All the entries have the time stamp for reference. Format [no] logging cli-command Default Enabled Mode Global Config 5.6.23.
5.7.Email Alert and Mail Server Commands Email Alert is an extension of the logging system. This feature can immediately send urgent log messages to a specified mail address by email. It also can send non-urgent log messages created in a specified interval to a specified address. If there is no buffer to keep non-urgent log messages in the specified interval, the log messages will be sent and cleared. 5.7.1. show logging email config This command displays the configurations of email alert.
5.7.2. show logging email statistics This command displays the statistics of email alert. Format show logging email statistics Default None Mode Privileged Exec Example: (M4500-32C) (Config)#show logging email statistics Email Alert operation status................... enabled Email Alert Statistics: No of email Failures so far.................... 1 No of email sent so far........................ 3 Time since last email Sent.....................
No of mail servers configured.................. 1 Email Alert Mail Server Address................ smtp.gmail.com Email Alert Mail Server Port................... 465 Email Alert Security Protocol.................. tlsv1 Email Alert Username........................... mailServerUser01 M4500-32C) (Config)# 5.7.4. logging email This command enables or disables email alerting function. Format [no] logging email Default Disabled Mode Global Config 5.7.5.
5.7.6. logging email logtime This command is used to configure how frequently non-urgent email messages are sent. Non-urgent messages are collected and sent in a batch email at the specified interval. The parameter ““ uses to Specify how frequently non-urgent email messages are sent. The valid interval is 30 to 1440 minutes. Format logging email logtime no logging email logtime Default 30 Mode Global Config 5.7.7.
(M4500-32C) #configure (M4500-32C) (Config)# logging email message-type urgent to-addr toAddr01@email.com (M4500-32C) (Config)# logging email message-type both to-addr toAddr02@email.com 5.7.9. logging email from-addr This command is used to configure the email source address (the address of the sender, i.e., switch) to which messages are sent. The parameter ““ specifies a standard email address to be the source address of both urgent and non-urgent message.
5.7.11. mail-server security This command sets the email alerting security protocol by enabling the switch to use TLSv1/STARTTLS authentication with the SMTP Server. If the TLSv1/STARTTLS mode is enabled on the switch but the SMTP sever does not support TLSv1/STARTTLS mode, no email is sent to the SMTP server. The parameter “none” means email server doesn’t use security protocol. The parameter “starttls” means to use STARTTLS security protocol. The parameter “tlsv1” means to use TLSv1 security protocol.
5.7.14. mail-server password This command configures the password that is used to authenticate with the SMTP server. You can set the password using one of the following options: Type the password keyword to configure the password in plain text. The password is displayed with * for each character that you type. The password must be in alphanumeric characters with a maximum length of 64 characters. Type the password 7 keyword to configure the password in encrypted form.
5.8. Script Management Commands 5.8.1. script apply This command applies the commands in the script to the switch. Format script apply Default None Mode Privilege EXEC 5.8.2. script delete This command deletes a specified script or all scripts on the switch. Format script delete { | all} Default None Mode Privilege EXEC 5.8.3. script list This command lists all scripts on the switch as well as the remaining available space.
2 configuration script(s) found. 5117 Kbytes free. (M4500-32C) # 5.8.4. script show This command displays the content of a script file. Format script show Default None Mode Privilege EXEC Example: (M4500-32C) #script show test.scr 1 : !Current Configuration: 2 : ! 3 : !System Description "M4500-32C, Runtime Code 7.0.0.1" 4 : !System Software Version "7.0.0.
17 : exit 18 : username "admin" passwd 7 d32036926a456949a1dd05f3768212c089add94bccd752314f0c05fedf66f52c407256118c62e461710 1230004dff4ee69c4e4d4eaed9590cfd5fe318b39dac3 level 15 19 : username "admin" role "network-admin" 20 : username "guest" role "network-operator" 21 : aaa authentication login "networkList" radius 22 : radius server host auth "172.20.0.
5.8.5. script validate This command validates an assigned script by parsing each line. The validate option is intended to be used as a tool for script development. Format script validate Default None Mode Privilege EXEC Example: (M4500-32C) #script validate test.scr configure hostname "Switch" serviceport protocol dhcp6 vlan database exit time-range kron policy-list p1 cli show version | redirect tftp://172.20.0.28/kr-t6.
exit line ssh exit interface vlan 1 exit snmp-server sysname "Switch" interface control-plane exit application install orig_restful_api router ospf exit ipv6 router ospf exit exit Configuration script 'new-script.scr' validated.
5.9. User Account Management Commands This section describes the commands you use to configure port-based network access control (IEEE 802.1X). Port-based network access control allows you to permit access to network services only and to permit access to devices that are authorized and authenticated. 5.9.1. show users This command displays the configured user names and their settings.
Default None Example: (M4500-48XF8C) # show users long User Name -----------admin guest (M4500-48XF8C) # 5.9.3. show users accounts The user can go to the CLI Privilege Exec to get all of user information, use the show users accounts Privilege command. Format show users accounts [detail] Default None Mode Privileged Exec Display Message Parameter Definition User Name The local user account’s user name. Privilege The user’s privilege level. The range of privilege level is 1 and 15.
Example: The following shows examples of the CLI display output for the commands. (M4500-32C) (Config)#show users accounts UserName Privilege Password Password Aging Expiry date -------- ----------- Lockout --------- --------- ------- admin 15 False guest 1 False (M4500-32C) (Config)#show users accounts detail UserName....................................... admin Privilege...................................... 15 Password Aging................................. --Password Expiry...........
5.9.4. show passwords configuration Use this command to display the configured password management settings. Format show passwords configuration Default None Mode Privileged Exec Display Message Parameter Definition Minimum Password Length Minimum number of characters required when changing passwords. Password Aging Length in days that a password is valid. Password History Number of passwords to store for reuse prevention.
Passwords Configuration --------------------------------Minimum Password Length........................ 8 Password Aging (days).......................... 0 Password History............................... 0 Lockout Attempts............................... 0 Password Strength Check........................ Enable Minimum Password Uppercase Letters............. 0 Minimum Password Lowercase Letters............. 0 Minimum Password Numeric Characters............ 1 Minimum Password Special Characters............
Example: The following shows examples of the CLI display output for the commands. (M4500-32C) (Config)#show passwords result Last User whose password is set .................. guest Password strength check .......................... Disable Last Password Set Result: ======================== Password Successfully Configured for User 'guest'. 5.9.6. username This command adds a new user (account) if space permits. The default privilege level is 1. The account can be up to 64 characters in length.
5.9.7. no username This command removes a user name created before. Format no username Mode Global Config 5.9.8. username unlock The user can go to the CLI Global Configuration Mode to unlock a locked user account, use the username unlock global configuration command. Format username unlock Parameter Definition A username. Default None Mode Global Config 5.9.9.
Mode Global Config 5.9.11. passwords history Use this command to set the number of previous passwords that shall be stored for each user account. If password history is set, the local user will not be able to reuse any password stored in password history when the local user changes his or her password. Format passwords aging history <0-10> Parameter Definition <0-10> Number of passwords to be used in password history check. Default 0, no aging Mode Global Config 5.9.12.
Note: If the admin user fails to connect to the switch using SSH port 1234 or telnet port 1223, the admin user is locked out. However, the admin user can still log in to the switch using a console connection or using SSH port 22 (Linux system login). 5.9.14. no passwords lock-out Use the no passwords lock-out to return to default value 0. Format no passwords lock-out Mode Global Config 5.9.15. passwords min-length The user can go to the CLI Global Configuration Mode to set the minimum password length.
Format passwords strength-check Default Disable Mode Global Config 5.9.18. no passwords strength-check Use the no passwords strength-check return to default disable. Format no passwords strength-check Mode Global Config 5.9.19. passwords strength maximum The user can go to the CLI Global Configuration Mode to set the password strength. Format passwords strength maximum {consecutive-characters | repeated-characters} [<0-15>] Default 0 Mode Global Config 5.9.20.
numeric-characters 2 special-characters 2 character-classes 4 Mode Global Config 5.9.22. no passwords strength minimum Use the no passwords strength minimum {character-classes | lowercase-letters | numeric-characters | specialcharacters | uppercase-letters} return to default value 2. Format no passwords strength minimum {character-classes | lowercase-letters | numeric-characters | special-characters | uppercase-letters} Mode Global Config 5.9.23.
Default None Example: (M4500-48XF8C) #show users login-history Login Time Username Protocol Location --------------------- -------------------- ------------ --------------- May 06 2020 03:33:21 admin Serial May 06 2020 03:24:42 admin Serial May 06 2020 02:46:16 admin Serial May 06 2020 02:35:13 admin Serial May 06 2020 02:14:59 admin Serial May 06 2020 02:04:07 admin Serial May 06 2020 01:56:32 admin Serial May 06 2020 01:08:01 admin Serial May 06 2020 00:46:43 admin Seri
5.9.27. user role This command is used to assign an RBAC role to a user.
5.10. Port-based Network Access Control Commands This section describes the commands you use to configure port-based network access control (IEEE 802.1X). Port-based network access control allows you to permit access to network services only to and devices that are authorized and authenticated. 5.10.1. show authentication methods This command displays the ordered authentication methods for all authentication login lists.
Line Login Method List ----------Console ------------------------- defaultList Telnet Enable Method List enableList networkList SSH enableList networkList DOT1X -------------------------- enableList : 5.10.2.
Parameter Definition Interface The interface whose configuration is displayed. Control Mode The configured control mode for this port. Possible values are forceunauthorized | forceauthorized | auto | mac-based | authorized | unauthorized. Operating Control Mode The control mode under which this port is operating. Possible values are authorized | unauthorized. Reauthentication Enabled Indicates whether reauthentication is enabled on this port.
authentication is enabled on the port, this parameter is deprecated. Quiet Period The timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant. The value is expressed in seconds and will be in the range 0 and 65535. Transmit Period The timer used by the authenticator state machine on the specified port to determine when to send an EAPOL EAP Request/Identity frame to the supplicant.
Possible values are True or False. Control Direction The control direction for the specified port or ports. Possible values are both or in. Maximum Users The maximum number of clients that can get authenticated on the port in the MAC-based dot1x authentication mode. This value is used only when the port control mode is not MACbased. Unauthenticated VLAN ID Indicates the unauthenticated VLAN configured for this port. This value is valid for the port only when the port control mode is not MAC-based.
Operational MAB Mode................................... Disabled VLAN Id................................................ 0 VLAN Assigned Reason................................... Not Assigned Reauthentication Period (secs)......................... 3600 Reauthentication Enabled............................... False Key Transmission Enabled............................... False Control Direction...................................... both Maximum Users..........................................
EAPOL Frames Transmitted The number of EAPOL frames of any type that have been transmitted by this authenticator. EAPOL Start Frames Received The number of EAPOL start frames that have been received by this authenticator. EAPOL Logoff Frames Received The number of EAPOL logoff frames that have been received by this authenticator. Last EAPOL Frame Version The protocol version number carried in the most recently received EAPOL frame.
MAC-Address The supplicant/client MAC address. VLAN assigned The VLAN assigned to the client/port on authentication. VLAN assigned Reason The type of VLAN ID assigned, which can be Guest VLAN, Unauth, Default, RADIUS Assigned, or Monitor Mode VLAN ID. Filter Name Filter Name returned by RADIUS server when the client was authenticated. This is a configured DiffServ policy name on switch. Auth Status The authentication status. Reason The actual reason behind the successful or failed authentication.
Interface The physical port to which the supplicant is associated. User Name The user name used by the client to authenticate to the server. Supp MAC Address The supplicant device MAC address. Session Time The time since the supplicant is logged on. Filter Id Identifies the Filter ID returned by RADIUS server when the client was authenticated. This is a configured DiffServ policy name on switch. VLAN ID The VLAN assigned to the port.
⚫ none. Uses no authentication. ⚫ radius. Uses the list of all RADIUS servers for authentication. Format aaa authentication dot1x default {local | none | radius} Mode Global Config 5.10.7. no aaa authentication dot1x default This command resets the authentication method for port-based access to the switch. Format no aaa authentication dot1x default Mode Global Config 5.10.8. clear dot1x statistics This command resets the 802.1X statistics for the specified port or for all ports.
5.10.11. dot1x eapolflood Use this command to enable EAPOL flood support on the switch. Format dot1x eapolflood Default Disable Mode Global Config 5.10.12. no dot1x eapolflood This command disables EAPOL flooding on the switch. Format no dot1x eapolflood Mode Global Config 5.10.13. dot1x dynamic-vlan enable Use this command to enable the switch to create VLANs dynamically when a RADIUS-assigned VLAN does not exist in the switch.
5.10.15. dot1x guest-vlan This command configures VLAN as guest vlan on an interface. The command specifies an active VLAN as an IEEE 802.1X guest VLAN. The range is 1 to the maximum VLAN ID supported by the platform. Format dot1x guest-vlan Default Disable Mode Interface Config 5.10.16. no dot1x guest-vlan This command disables Guest VLAN on the interface. Format no dot1x guest-vlan Mode Interface Config 5.10.17.
5.10.19. no dot1x mac-auth-bypass This command disables dot1x MAC authentication bypass on an interface. Format no dot1x mac-auth-bypass Default Disable Mode Interface Config 5.10.20. dot1x max-req This command sets the maximum number of times the authenticator state machine on an interface will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant. Format dot1x max-req <1-10> Default 2 Mode Interface Config 5.10.21.
5.10.23. no dot1x max-users This command resets the maximum number of clients allowed per port to its default value. Format no dot1x max-users Mode Interface Config 5.10.24. dot1x port-control This command sets the authentication mode to use on the specified interface. Use the force-unauthorized parameter to specify that the authenticator PAE unconditionally sets the controlled port to unauthorized.
Default Auto Mode Global Config 5.10.27. no dot1x port-control all This command sets the authentication mode on all ports to the default value. Format no dot1x port-control all Mode Global Config 5.10.28. dot1x re-authenticate This command begins the re-authentication sequence on the specified port. This command is only valid if the control mode for the specified port is auto or mac-based. If the control mode is not auto or mac-based, an error will be returned.
5.10.31. dot1x system-auth-control Use this command to enable the dot1x authentication support on the switch. While disabled, the dot1x configuration is retained and can be changed, but is not activated. Format dot1x system-auth-control Default Disable Mode Global Config 5.10.32. no dot1x system-auth-control This command is used to disable the dot1x authentication support on the switch. Format no dot1x system-auth-control Mode Global Config 5.10.33.
tx-period The value, in seconds, of the timer used by the authenticator state machine on this port to determine when to send an EAPOL EAP Request/Identity frame to the supplicant. The quiet-period must be a value in the range 1 - 65535. supp-timeout The value, in seconds, of the timer used by the authenticator state machine on this port to timeout the supplicant. The supp-timeout must be a value in the range 1 - 65535.
5.10.36. no dot1x unauthenticated-vlan This command resets the unauthenticated-vlan associated with the port to its default value. Format no dot1x unauthenticated-vlan Mode Interface Config 5.10.37. dot1x user This command adds the specified user to the list of users with access to the specified port or all ports. The user parameter must be a configured user. Format dot1x user { | all} Mode Global Config 5.10.38.
5.11. AAA Commands This section describes the commands you use to add, manage, and delete system users. Software has two default users: admin and guest. The admin user can view and configure system settings, and the guest user can view settings. Note: You cannot delete the admin user. There is only one user allowed with read/write privileges. You can configure up to five read-only users on the system. 5.11.1. show accounting This command displays ordered methods for accounting lists.
(M4500-32C) #show accounting methods AcctType MethodName MethodType Method1 Method2 -------- -------------- ---------- ------- ------- Exec dfltExecList none tacacs Commands dfltCmdList none tacacs DOT1X dfltDot1xList start-stop radius Line EXEC Method List Command Method List ------------ ---------------- ------------------- Console dfltExecList dfltCmdList Telnet dfltExecList dfltCmdList SSH dfltExecList dfltCmdList 5.11.3.
[method2…] enable. Uses the enable password for authentication. line. Uses the line password for authentication. local. Uses the local username database for authentication. none. Uses no authentication. radius. Uses the list of all RADIUS servers for authentication. tacacs. Uses the list of all TACACS servers for authentication. Default .defaultList. Used by the console and only contains the method local. .networkList. Used by telnet and SSH and only contains the method local.
Start-stop or None are the only supported record types for DOT1X accounting. Start-stop enables accounting and None disables accounting. RADIUS is the only accounting method type supported for DOT1X accounting. Format aaa accounting {exec | commands | dot1x} {default | } {start-stop | stop-only | none} method1 [method2] Parameter Definition exec Provides accounting for a user EXEC terminal sessions. commands Provides accounting for all user executed commands.
5.11.7. accounting Use this command in Line Configuration mode to apply the accounting method list to a line config (console/telnet/ssh). Format accounting {exec | commands} {default | } Parameter Definition exec Causes accounting for an EXEC session. commands This causes accounting for each command execution attempt. If a user is enabling accounting for exec mode for the current line-configuration type, the user will be logged out.
Example: (M4500-32C) #clear aaa ias-users Are you sure you want to clear all IAS user entries (y/n) y All Internal Authentication Server user database entries are cleared. 5.11.10. clear accounting statistics This command clears the accounting statistics.
5.12. RADIUS Commands This section describes the commands you use to use a Remote Authentication Dial-In User Service (RADIUS) server on your network for authentication and accounting. 5.12.1. show radius This command displays the various RADIUS configuration items for the switch. Format show radius Mode Privileged EXEC Display Message Parameter Definition Number of Configured Authentication Servers The number of RADIUS Authentication servers that have been configured.
RADIUS Attribute MSCHAPv2 Mode A global parameter to indicate whether the MS-CHAPv2 attributes have been enabled to use at RADIUS authentication. Example: The following shows an example of the command. (M4500-32C) #show radius Number of Configured Authentication Servers.... 1 Number of Configured Accounting Servers........ 1 Number of Named Authentication Server Groups... 1 Number of Named Accounting Server Groups....... 1 Number of Retransmits.......................... 4 Timeout Duration.................
Parameter Definition RADIUS Accounting Mode A global parameter to indicate whether the accounting mode for all the servers is enabled or not. Host Address The IP address of the host. Port The port used for communication with the accounting server. Secret Configured Yes or No Boolean value indicating whether this server is configured with a secret. If the optional token '' or ‘name ’ is included.
Retransmissions The number of RADIUS Accounting-Request packets retransmitted to this RADIUS accounting server. Responses The number of RADIUS packets received on the accounting port from this server. Malformed Responses The number of malformed RADIUS Accounting-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators and unknown types are not included as malformed accounting responses.
(M4500-32C) #show radius accounting name Server Name Host Address Port Secret Configured -------------------------------- ------------------------ ------- ---------Default-RADIUS-Server 10.0.0.1 1813 No (M4500-32C) #show radius accounting statistics 10.0.0.1 RADIUS Accounting Server Host Address.......... 10.0.0.1 Round Trip Time................................ 0.00 Requests....................................... 0 Retransmissions................................ 0 Responses........................
If you do not specify any parameters or only the token ‘name’, then only the RADIUS authentication server details are displayed. Parameter Definition current The ‘*’ symbol preceding the server host address specifies that the server is currently active. ipaddr |Host Address The IP address or host name of the authenticating server. Server Name The Name of the authenticating server. Port The port used for communication with the accounting server.
RADIUS Attribute 95 Value Specifies the IPv6 address to be used in the NAS-IPv6-Address attribute to be used in RADIUS requests. RADIUS Attribute MSCHAPv2 Mode Indicate whether the MS-CHAPv2 attributes have been enabled to use at RADIUS authentication. Link local interface Indicate the outgoing interface for link local address Port The port used for communication with the accounting server. Type Specifies whether this server is a primary or secondary type.
M4500-48XF8C) #show radius servers Current Host Address Server Name Port Type Usage ---- ------------------------ -------------------------------- ----- --------- -------- * 10.27.65.114 Default-RADIUS-Server 1812 Secondary Both 10.27.65.103 Default-RADIUS-Server 1812 Primary Both * currently selected server (M4500-32C) #show radius servers name Server Name Host Address Port Secret Configured ---------------------- ------------- ------- ---------- Default-RADIUS-Server 192.168.100.
Number of CoA ACK Responses Sent............... 0 Number of CoA NAK Responses Sent............... 0 Number of CoA Requests Ignored................. 0 Number of CoA Missing/Unsupported Attribute R.. 0 Number of CoA Session Context Not Found Reque.. 0 Number of CoA Invalid Attribute Value Request.. 0 Number of Administratively Prohibited Request.. 0 5.12.4. show radius statistics This command is used to display the statistics for RADIUS or configured server.
Malformed Access Responses The number of malformed RADIUS Access-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators or signature attributes or unknown types are not included as malformed access responses. Bad Authenticators The number of RADIUS Access-Response packets containing invalid authenticators or signature attributes received from this server.
5.12.5. show radius source-interface This command is used to display the configured global source interface details used for a RADIUS client. The IP address of the selected interface is used as source IP for all communications with the server. Format show radius source-interface Mode Privileged EXEC Display Message Parameter Definition RADIUS Client Source Interface The interface to use as the source interface for RADIUS client.
Example: (M4500-32C) #clear radius dynamic-author statistics Are you sure you want to clear statistics? (y/n) y Statistics cleared. 5.12.9. radius accounting mode This command is used to enable RADIUS accounting function. Format radius accounting mode Default Disable Mode Global Config 5.12.10. no radius accounting mode This command is used to set the RADIUS accounting function to the default value. Format no radius accounting mode Mode Global Config 5.12.11.
5.12.12. no radius server attribute 4 This command disables the NAS-IP-Address attribute global parameter for RADIUS client. When this parameter is disabled, the RADIUS client does not send the NAS-IP-Address attribute in RADIUS requests. Format no radius server attribute 4 Mode Global Config 5.12.13. radius server attribute 95 This command specifies the RADIUS client to use the NAS-IPv6 Address attribute in the RADIUS requests.
Format RADIUS server attribute mschapv2 Parameter Definition machapv2 MS-CHAPv2 attributes to be used at RADIUS authenticaton. Default None Mode Global Config 5.12.16. no radius server attribute mschapv2 This command disables the MS-CHAPv2 attributes for RADIUS authentication. Format no radius server attribute mschapv2 Mode Global Config 5.12.17. radius server deadtime This command configures radius server dead time.
The same name can be configured for more than one authenticating servers and the name should be unique for accounting servers. If the 'auth' token is used, the command configures the IP address to use to connect to a RADIUS authentication server. Up to 3 servers can be configured per RADIUS client. If the maximum number of configured servers is reached, the command will fail until one of the servers is removed by executing the no form of the command.
Similarly, if the 'acct' token is used, the previously configured RADIUS accounting server is removed from the configuration. The ipaddr|hostname parameter must match the IP address or hostname of the previously configured RADIUS authentication / accounting server. Format no radius server host {acct | auth} Mode Global Config Example: The following shows an example of the command. (M4500-32C) (Config) #radius server host acct 192.168.37.
5.12.22. no radius server host link-local This command removes the configured radius server link-local-address. Format no radius server host {acct | auth} link-local Mode Global Config 5.12.23. radius server key This command is used to configure the shared secret between the RADIUS client and the RADIUS accounting / authentication server.
5.12.25. radius server retransmit This command sets the maximum number of times a request packet is re-transmitted when no response is received from the RADIUS server. The retries value is an integer in the range of 1 to 15. Format radius server retransmit Default 4 Mode Global Config 5.12.26. no radius server retransmit This command is used to set the maximum number of retries to the default value. Format no radius server retransmit Mode Global Config 5.12.27.
5.12.29. radius source-interface Use this command to specify the physical or logical interface to use as the RADIUS client source interface (Source IP address). If configured, the address of source Interface is used for all RADIUS communications between the RADIUS server and the RADIUS client. The selected source-interface IP address is used for filling the IP header of RADIUS management protocol packets.
5.13. TACACS+ Commands TACACS+ provides access control for networked devices via one or more centralized servers. Similar to RADIUS, this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network. TACACS+ is based on the TACACS protocol (described in RFC1492) but additionally provides for separate authentication, authorization, and accounting services.
5.13.2. show tacacs source-interface Use the show tacacs source-interface command in Global Config mode to display the configured global source interface details used for a TACACS+ client. The IP address of the selected interface is used as source IP for all communications with the server. Format show tacacs source-interface Mode Privileged EXEC Display Message Parameter Definition TACACS Client Source Interface The interface to use as the source interface for TACACS client.
5.13.4. tacacs-server host link-local Use the tacacs-server host link-local command in Global Configuration mode to configure the linklocal-address of the TACACS+ server and the outgoing interface to be used by the TACACS+ client to communicate with the TACACS+ server. The outgoing interface can be any physical interface or the service port. Format tacacs-server host link-local interface {serviceport | } Mode Global Config 5.13.5.
5.13.8. tacacs-server keystring This command is used to set the global authentication encryption key used for all TACACS+ communications between the TACACS+ server and the client. Note: The length of the secret key is up to 128 characters. Format tacacs-server keysting Mode Global Config Example: The following shows an example of the command. (M4500-32C) # tacacs-server keystring Enter key:********** Re-enter key:********** 5.13.9.
5.13.11. key This command is used to configure the TACACS+ authentication and encryption key. You can configure the format of the key in two ways: • Type the key keyword to configure the key in plain text. The key is displayed with * for each character that you type. The key must be in alphanumeric characters with a maximum length of 128 characters. • Type the key encrypted keyword to configure the key in encrypted form.
5.13.15. no port This command set the TACACS+ server-specific port to default. Format no port Mode TACACS server Config 5.13.16. priority This command is used to set the TACACS+ server-specific authentication host priority. The server priority range is 0 to 65535. Format priority [] Default 0 Mode TACACS server Config 5.13.17. no priority This command set the TACACS+ server-specific authentication host priority to default. Format no priority Mode TACACS server Config 5.13.18.
5.13.19. no timeout This command set the timeout value for communication with the TACACS+ servers to default. Format no timeout Mode TACACS server Config 5.13.20. tacacs-server source-interface Use this command in Global config mode to configure the source interface (Source IP address) for TACACS+ server configuration. The selected source-interface IP address is used for filling the IP header of management protocol packets.
5.13.22. clear tacacs This command clears the TACACS configuration. Format clear tacacs Mode Privileged Exec Example: (M4500-32C) # clear tacacs Are you sure you want to clear TACACS information? (y/n)y No TACACS servers configured.
5.14. Security Commands This section describes the commands you use to configure Port Security, which is also known as port MAC locking, allows you to secure the network by locking allowable MAC addresses on a given port. Packets with a matching source MAC address are forwarded normally, and all other packets are discards. Note: To enable the SNMP trap specific to port security, see “snmp-server enable traps violation”. 5.14.1.
Example: The following shows example CLI display output for the command. (M4500-32C) #show port-security Port Security Administration Mode: Disabled (M4500-32C) #show port-security 0/1 Admin Dynamic Static Violation Violation Sticky Intf Mode Limit Limit Trap Mode Shutdown Mode ------ ----------- -------- -------- ------------- ------------ -------- 0/1 Disabled 20 Disabled Disabled 600 Disabled 5.14.2.
Display Message Parameter Definition Number of static MAC addresses configured The number of static MAC addresses configured Statically Configured MAC Address The statically configured MAC address. VLAN ID The ID of the VLAN that includes the host with the specified MAC address. Sticky Indicates whether the static MAC address entry is added in sticky mode. Example: The following shows example CLI display output for the command.
5.14.5. port-security This command enables port locking at the system level (Global Config) or port level (Interface Config) on an interface, a range of interfaces. Format port-security Default Disabled Mode Global Config Interface Config 5.14.6. no port-security This command disables port locking for one or a range of ports (Interface Config) or all (Global Config) ports. Format no port-security Mode Global Config Interface Config 5.14.7.
5.14.9. port-security max-static This command sets the maximum of statically locked MAC addresses allowed on a specific port. Format port-security max- static <0-20> Default 20 Mode Interface Config 5.14.10. no port-security max-static This command resets the maximum number of statically locked MAC addresses allowed on a specific port to its default value. Format no port-security max- static Mode Interface Config 5.14.11.
5.14.13. port-security mac-address move This command converts dynamically locked MAC addresses to statically locked MAC addresses for an interface or a range of interfaces Format port-security mac-address move Default None Mode Interface Config 5.14.14. port-security mac-address sticky This command enables sticky mode Port MAC Locking on a port.
5.14.16. port-security violation shutdown This command configures the port violation shutdown mode. Once the violation happens, the interface will be shutdown Format port-security violation shutdown Default Disabled Mode Interface Config 5.14.17. no port-security violation This command restores violation mode to the default value.
5.15. LLDP (Link Layer Discovery Protocol) Commands 5.15.1. show lldp This command is used to display a summary of the current LLDP configuration. Format show lldp Default None Mode Privileged Exec Display Message Term Definition Transmit Interval Shows how frequently the system transmits local data LLDPDUs, in seconds. Transmit Hold Multiplier Shows the multiplier on the transmit interval that sets the TTL in local data LLDPDUs.
Link Shows whether the link is up or down. Transmit Shows whether the interface transmits LLDPDUs. Receive Shows whether the interface receives LLDPDUs. Notify Shows whether the interface sends remote data change notifications. TLVs Shows whether the interface sends optional TLVs in the LLDPDUs. The TLV codes can be 0 (Port Description), 1 (System Name), 2 (System Description), or 3 (System Capability).
Discards Total number of LLDP frames discarded on the port for any reason. Errors The number of invalid LLDP frames received on the port. Ageout Total number of times a complete remote data entry was deleted for the port because the Time to Live interval expired. TLV Discards Shows the number of TLVs discarded. TLV Unknowns Total number of LLDP TLVs received on the port where the type value is in the reserved range, and not recognized. TLV 802.
5.15.5. show lldp remote-device detail This command is used to display detailed information about remote devices that transmit current LLDP data to an interface on the system. Format show lldp remote-deveice detail Default None Mode Privileged Exec Display Message Term Definition Local Interface Identifies the interface that received the LLDPDU from the remote device. Remote Identifier An internal identifier to the switch to mark each remote device to the system.
PMD Auto-Negotitation Advertised Capabilities: The duplex and bit-rate capability of the port of the remote device. Operational MAU Type: Displays the MAU type. The MAU performs physical layer functions, including digital data conversion from the Ethernet interfaces’ collision detection and bit injection into the network. MDI Power Support: The MDI power capabilities and status. Power Via MDI PSE Power Pair: Indicates the way of feeding the voltage to the data cable. Power Class: PoE power class.
Port ID Shows the port ID associated with this interface. Port Description Shows the port description associated with the interface. 5.15.7. show lldp local-device detail This command is used to display detailed information about the LLDP data a specific interface transmits. Format show lldp local-deveice detail Default None Mode Privileged Exec Display Message Term Definition Interface Identifies the interface that sends the LLDPDU.
PMD Auto-Negotitation Advertised Capabilities: The duplex and bit-rate capability of the port of the local device. Operational MAU Type: Displays the MAU type. The MAU performs physical layer functions, including digital data conversion from the Ethernet interfaces’ collision detection and bit injection into the network. MDI Power Support: The MDI power capabilities and status. Power Via MDI PSE Power Pair: Indicates the way of feeding the voltage to the data cable. Power Class: PoE power class.
Status Specifies the DCBX status of the interfaces. Role Specifies the DCBX role on the interfaces. Version Specifies the DCBX version on the interfaces. DCBX Tx Total number of transmitted DCBX TLV(s) on the interfaces. DCBX Rx Total number of received DCBX TLV(s) on the interfaces. DCBX Error Total number of error DCBX TLV(s) on the interfaces. unknown TLV Total number of unknown DCBX TLV(s) on the interfaces. DCBX operational status Specifies the DCBX status of the interface.
PFC configuration Specifies the PFC configuration of the peer device. Application priority (Tx enabled/disabled) Specifies the mapping of the specific application to the priority of the peer device. Note: Local DCBX configuration shown is configured according to: (1) Configuration set by user via PFC commands (priority-flow-control) for manual ports.
Display Message Term Definition LLDP Comparison Specifies all the difference of TLVs between remote interface & local interface. 5.15.11. lldp notification This command is used to enable remote data change notifications. Format lldp notification Default Disabled Mode Interface Config 5.15.12. no lldp notification This command is used to disable notifications. Format no lldp notification Mode Interface Config 5.15.13.
Mode Global Config 5.15.15. lldp receive This command is used to enable the LLDP receive capability. Format lldp receive Default Enable Mode Interface Config 5.15.16. no lldp receive This command is used to return the reception of LLDPDUs to the default value. Format no lldp receive Mode Interface Config 5.15.17. lldp transmit This command is used to enable the LLDP advertise capability. Format lldp transmit Default Enable Mode Interface Config 5.15.18.
5.15.19. lldp transmit-mgmt This command is used to include transmission of the local system management address information in the LLDPDUs. Format lldp transmit-mgmt Default None Mode Interface Config 5.15.20. no lldp transmit-mgmt This command is used to cancel inclusion of the management information in LLDPDUs. Format no lldp transmit-mgmt Mode Interface Config 5.15.21. lldp transmit-tlv This command is used to specify which optional type length values (TLVs) in the 802.
5.15.23. lldp timers This command is used to set the timing parameters for local data transmission on ports enabled for LLDP. The determines the number of seconds to wait between transmitting local data LLDPDUs. The range is 5-32768 seconds. The is the multiplier on the transmit interval that sets the TTL in local data LLDPDUs. The multiplier range is 2-10. The is the delay before re-initialization, and the range is 1-10 seconds.
5.15.27. lldp dcbx version This command is used to support a specific version of the DCBX protocol or to detect the peer version and match it. DCBX can be configured to operate in IEEE mode or CEE mode or CIN. In auto mode, version detection is based on the peer device DCBX version. The switch operates in either IEEE or one of the legacy modes on each interface. In auto mode, the switch will attempt to jump start the exchange by sending an IEEE frame, followed by a CEE frame followed by a CIN frame.
5.15.29. lldp dcbx port-role This command is used to configure configure the port role to manual, auto-upstream, auto-downstream and configuration source. In order to reduce configuration flapping, ports that obtain configuration information from a configuration source port will maintain that configuration for 2x the LLDP timeout, even if the configuration source port becomes operationally disabled.
Mode Interface Config 5.15.31. lldp tlv-select dcbxp This command is used to send specific DCBX TLVs if LLDP is enabled to transmit on the given interface. Format lldp tlv-select dcbxp [pfc | application-priority] Term Definition pfc Transmit DCBX priority flow control TLV. application-priority Transmit DCBX application-priority TLV.
Term Definition vlan Configure the IP address on VLAN 1 as the management address serviceport Configure the IP address on service port as the management address sys-mac Configure the system MAC as the management address Default serviceport Mode Global Config 5.15.34. no lldp mgmt-address Use the no lldp mgmt-address to reset this function to default value. Format no lldp mgmt-address Mode Global Config 5.15.35.
5.15.36. no lldp portid-subtype Use the no lldp portid-subtype to reset this function to default value. Format no lldp portid-subtype Mode Interface Config 5.15.37. data-center-bridging This command enables the data-center bridging mode. In order to use the Data Center Bridging Capability Exchange (DCBX) command, you must first enable this mode.
5.16. System Utilities This section describes the commands you use to help troubleshoot connectivity issues and to restore various configurations to their factory defaults. 5.16.1. Clear 5.16.1.1. clear arp This command is used to remove all dynamic ARP entries from the ARP cache. Format clear arp Default None Mode Privileged Exec 5.16.1.2. clear traplog This command clears the trap log. Format clear traplog Default None Mode Privileged Exec 5.16.1.3.
Default None Mode Privileged Exec 5.16.1.5. clear config This command resets the configuration to the factory defaults without powering off the switch. You are prompted to confirm if the IP settings of service port would be kept and if the reset should proceed. Format clear config Default None Mode Privileged Exec 5.16.1.6. clear pass This command resets all user passwords to the factory defaults without powering off the switch.
Default None Mode Privileged Exec 5.16.1.9. clear igmp snooping This command clears IGMP snooping entries from the MFDB table. Format clear igmp snooping Default None Mode Privileged Exec 5.16.1.10. clear ip filter This command is used to clear all IP filter entries. Format clear ip filter Default None Mode Privileged Exec 5.16.1.11. clear dot1x authentication-history This command is used to clear 802.1x authentication history table.
5.16.1.13. clear host This command is used to delete entries from the host name-to-address cache, and it clears the entries from the DNS cache maintained by the software. The parameter “hostname” means to deletes the cached entry which matches assigned hostname. Format clear host Default None Mode Privileged Exec 5.16.1.14. clear port-security dynamic This command is used to clear an entry of dynamic MAC address in the port security table.
Default None Mode Privileged Exec 5.16.1.17. clear lldp remote-data This command is used to delete all information from the LLDP (Link Layer Discovery Protocol) remote data table, including MED-related information. Format clear lldp remote-data Default None Mode Privileged Exec 5.16.1.18. clear ipv6 neighbors This command is used to clear all entries in IPv6 neighbor table or an entry on a specific interface. Use the parameter to specify the interface.
Default None Mode Privileged Exec 5.16.1.21. clear ipv6 dhcp statistics per interface This command is used to clear DHCPv6 statistics for a specific interface. Format clear ipv6 dhcp interface { | vlan <1-4093>} statistics Default None Mode Privileged Exec 5.16.1.22. enable password This command changes the password that is used to confirm that the user mode can be upgraded to Privileged EXEC mode.
(M4500-32C) (Config)# enable passwd 7 0fdd841c8a524979e5ba47893efcf48b12a08619953e1b6e42cde0931198ca717cb5ff8b4979 5a3497e283990827c5ba1ce32855ced76a505726dfb1ee222c4b 5.16.1.23. clear cpu-traffic counters This command clears the CPU traffic counters on all interfaces. Format clear cpu-traffic counters Default None Mode Privileged Exec Example: (M4500-32C) #clear cpu-traffic counters 5.16.1.24. clear cpu-traffic traces This command clears the CPU traffic traces on all interfaces.
port-channel Enter specific port-channel ID. vlan Configuration of VLAN Interface. Default None Mode Privileged Exec 5.16.1.26. clear network ipv6 dhcp statistics This command clears IPv6 DHCP statistics. Format clear network ipv6 dhcp statistics Default None Mode Privileged Exec 5.16.2. copy This command uploads and downloads files to and from the switch. You can also use the copy command to manage the dual images (active and backup) on the file system. Local URLs can be specified using FTP, TFTP.
fastpath.cfg log operational-log running-config script startup-config startup-log tech-support traplog 5.16.2.2. Uploads Binary Config file. Uploads Log file. Uploads Operational Log file. Copies system config file. Uploads sourcefilename Configuration Script file. Uploads Startup Config file. Uploads Startup Log file. Uploads Tech Support file. Uploads Trap log file. copy destination This command downloads files to the switch.
Filename....................................... id_dsa.pub Data Type...................................... SSH User Public DSA key Management access will be blocked for the duration of the transfer Are you sure you want to start? (y/n) y File transfer in progress. Management access will be blocked for the duration of the transfer. please wait... User Public Key transfer completely and update key successfully. 5.16.2.3. copy running-config This command saves the running configuration to NVRAM.
Mode Privileged EXEC 5.16.5. erase startup-config This command erases the startup-config from the permanent storage. Format erase startup-config Mode Privileged EXEC 5.16.6. erase user public key This command erases an assigned SSH user public key from the permanent storage, and it only allows user “admin” or public key owner to execute this command. Format erase user-public-key Mode Privileged EXEC 5.16.7.
428241 21 22 436321 23 36 25 33 27 395921 28 29 30 31 32 26 34 24 35 37 38 39 40 41 drwx -rw-rwx drwx -rw-rw-rw-rw-rwdrwx -rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw-rw- 4096 Feb 13 2000 11:42:06 dstat 0 Mar 11 2000 06:26:39 fluent.conf 10 Feb 13 2000 11:42:08 user.start 4096 Feb 13 2000 11:42:08 crashlogs 16328 Mar 11 2000 06:26:40 log2.bin 5 Mar 11 2000 06:26:23 ologNdx0.txt 0 Mar 05 2000 12:48:11 slog2.txt 5 Mar 09 2000 06:05:18 ologNdx1.txt 172 Feb 13 2000 11:42:25 hpc_port_broad.
5.16.9. Ping Commands Use these commands to determine whether another computer is on the network. A ping provides a synchronous response when initiated from the CLI interface. 5.16.9.1. ping Use this command to determine whether another computer is on the network. To use this command, configure the switch for network (in-band) connection. The source and target devices must have the ping utility enabled and running on top of TCP/IP.
sends three pings to the target station. Use the ipv6-address|hostname parameter to ping an interface by using the global IPv6 address of the interface. Use the optional size keyword to specify the size of the ping packet. You can utilize the ping or traceroute facilities over the service/network ports when using an IPv6 global address ipv6-address|hostname.
5.16.10. Traceroute 5.16.10.1. traceroute Use the traceroute command to discover the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis. Traceroute continues to provide a synchronous response when initiated from the CLI.
5.16.10.2. traceroute ipv6 Use the traceroute command to discover the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis. The parameter must be a valid IPv6 address|hostname.
configuration Gracefully reloads the configuration. If no configuration file is specified, the startup-config file is loaded. scriptname The configuration file to load. The scriptname must include the extension. os Caution! Resets the switch and starts ONIE. Prepare to reinstall the OS. Default None Mode Privileged Exec 5.16.12. configure This command is used to activate global configuration mode. Format Configure Default None Mode Privileged Exec 5.16.13.
Mode Global Config 5.16.15. quit This command is used to exit a CLI session. Format quit Default None Mode Privileged Exec 5.16.16. AutoInstall commands 5.16.16.1. show autoinstall This command displays the current status of the AutoInstall process. Format show autoinstall Default None Mode Privileged Exec Display Message Parameter Definition AutoInstall Operation Displays the autoinstall operation is started or stoped.
5.16.16.2. boot-system autoinstall Use this command to operationally start or stop the AutoInstall process on the switch. The command is nonpersistent and is not saved in the startup or running configuration file. Format boot-system autoinstall { start | stop } Default None Mode Privileged Exec 5.16.16.3. boot-system host autoinstall Use this command to enable AutoInstall on the switch for the next reboot cycle.
5.16.16.6. no boot-system host autosave Use this command to disable automatically saving the downloaded configuration on the switch. Format no boot-system host autosave Mode Privileged Exec 5.16.16.7. boot-system host autoreboot Use this command to allow the switch to automatically reboot after successfully downloading an image. When auto reboot is enabled, no administrative action is required to activate the image and reload the switch. This command only work on the autoupgrade is enabled.
5.16.16.10. no boot-system host upgrade Use this command to disable this function. Format no boot-system host upgrade Mode Privileged Exec 5.16.16.11. boot-system host retrycount Use this command to set the number of attempts to download a configuration file from the TFTP server. Format boot-system host retrycount <1-3> Default 3 Mode Privileged Exec 5.16.17. Capture CPU packet commands 5.16.17.1.
Line Wrap Mode Displays the line wrap mode for Line capturing type. Default is disabled. RPCAP Listening Port Displays the pcap listening port number. Default listening port number is 2002. RPCAP dump file size (KB) Disaply the capture packet file size. Default file size is 512KB. 5.16.17.2. capture start Use this command to manually start capturing CPU packets for packet trace.
5.16.17.4. capture {file | remote | line} Use this command to configure packet capture options. This command is persistent across a reboot cycle. Format capture {file | remote | line} Parameter Definition file In the capture file mode, the captured packets are stored in a file. The maximum file size defaults to 512KB. The switch can transfer the file to a TFTP server via TFTP, FTP via CLI. The file is formatted in pcap format, is name cpupkt-capture.
5.16.17.6. capture file size Use this command to configure file capture options. This command is persistent across a reboot cycle. Format capture file [size ] Parameter Definition Configure the file size in KB. The range of file size is 2 to 512KB. Default 512 Mode Global Config 5.16.17.7. capture line wrap This command enables wrapping of captured packets in line mode when the captured packets reaches full capacity. This command is persistent across a reboot cycle.
Banner text where “” (double quote) is a delimiting character. The banner message can be up to 2000 characters. line 5.16.19. no set clibanner This command unconfigures the pre-login CLI banner. Format no set clibanner Mode Global Config 5.16.20. show clibanner Use this command to display the configured pre-login CLI banner. The pre-login banner is the text that displays before displaying the CLI prompt. Format show clibanner Default No contents to display before displaying the login prompt.
5.16.21.2. link-flap Use this command to enable Link-Flap functionality and configure the maximum allowed link-flap times and the detection duration. Use no form of this command to reset to default. Format [no] link-flap [<3-10> [<5-30>]] Parameter Definition <3-10> Configure the maximum allowed link-flap times before the interface is put into err-disabled state. (Default is 3) <5-30> Configure the error detection duration in seconds. (Default is 10) Default Disabled Mode Global Config 5.16.
Parameter Definition intf-range The interfaces for which to show statistics. all Show statistics for all interfaces Display Message Parameter Definition Port The slot and port associated with the interface. Admin Status Shows whether the specified port is enabled or disabled. Loop Detected The loop presence on the specified port. Loop Count The loop count for the the specified port. Time Since Last Loop The time since the last loop occured for the specified port.
5.16.22.4. loop-detection (Interface Config) Use this command to enable loop-detection on the interface. Use no form of this command to reset to default. Format [no] loop-detection Default Disabled Mode Interface Config 5.16.22.5. loop-detection action Use this command to configure the action to be taken on an interface when a loop is detected. Use no form of this command to reset to default.
Any feature not listed above is ISSU unaware. This means that the feature does not distinguish between an ISSU restart and a normal restart. A feature that is not ISSU-aware tends to initialize afresh whithout the knowledge of previous active instance of the same and can cause traffic disruption during initialization. 5.16.23.1. show issu status Use this command to display the current ISSU status summary.
no file verify Default Mode None Global Config Fields Definition script Verify the digital signature of configuration script files. none Disable digital signature verification for configuration script files.
5.17. DHCP Snooping Commands DHCP snooping is a security feature that monitors DHCP messages between a DHCP client and DHCP servers to filter harmful DHCP messages and to build a bindings database of {MAC address, IP address, VLAN ID, port} tuples that are considered authorized. You can enable DHCP snooping globally and on specific VLANs, and configure ports within the VLAN to be trusted or untrusted. DHCP servers must be reached through trusted ports.
Example: (M4500-32C) #show ip dhcp snooping DHCP snooping is Enabled DHCP snooping source MAC verification is enabled DHCP snooping is enabled on the following VLANs: 1 Interface ----------0/1 0/2 0/3 0/4 0/5 0/6 0/7 0/8 0/9 0/10 0/11 0/12 0/13 0/14 0/15 Trusted ---------Yes No No No No No No No No No No No No No No Log Invalid Pkts ---------------No No No No No No No No No No No No No No No (M4500-32C) # 5.17.2.
0/11 0/12 0/13 0/14 0/15 0/16 0/17 0/18 0/19 No No No No No No No No No None None None None None None None None None N/A N/A N/A N/A N/A N/A N/A N/A N/A (M4500-32C) # 5.17.3. show ip dhcp snooping binding This command displays the DHCP Snooping binding entries. The parameter “static” means to restrict the output based on static entries which are added by user manually. The parameter “dynamic” means to restrict the output based on dynamic entries which are added by DHCP Snooping automatically.
(M4500-32C) # 5.17.4. show ip dhcp snooping database This command displays the DHCP Snooping configuration related to the database persistency. Format show ip dhcp snooping database Default None Mode Privileged Exec Example: (M4500-32C) #show ip dhcp snooping database agent url: local write-delay: 300 (M4500-32C) # 5.17.5. show ip dhcp snooping information all This command displays the summaries of DHCP Option-82 configurations.
0/12 0/13 0/14 0/15 0/16 0/17 0/18 Disabled Disabled Disabled Disabled Disabled Disabled Disabled untrusted untrusted untrusted untrusted untrusted untrusted untrusted (M4500-32C) # 5.17.6. show ip dhcp snooping information statistics This command displays DHCP Option-82 statistics per interface.
5.17.7. show ip dhcp snooping information agent-option This command displays the Option-82 configurations of DHCP Relay agent on specific VLAN. Format show ip dhcp snooping information agent-option vlan Default None Mode Privileged Exec Example: (M4500-32C) # show ip dhcp snooping information agent-option vlan 1 DHCP Information Option82 is VLAN Id --------1 DHCP OPT82 --------Enabled Enabled.
Default None Mode Privileged Exec Example: (M4500-32C) # show ip dhcp snooping information circuit-id vlan 1 DHCP Information Option82 is Enabled. DHCP Circuit-Id option is enabled on the following VLANs: 1 (M4500-32C) # 5.17.10. show ip dhcp snooping information remote-id This command displays the remote-id configuration of DHCP Option-82 per specific VLAN.
DHCP Information Option82 is Interface --------0/1 OPT82 Mode -----------Enabled Enabled. TrustMode -------------trusted (M4500-32C) # 5.17.12. ip dhcp snooping This command enables or disables the DHCP Snooping globally. Format [no] ip dhcp snooping Default Disable Mode Global Config 5.17.13. ip dhcp snooping vlan This command enables or disables the DHCP Snooping to the specific VLAN. Format [no] ip dhcp snooping vlan Default Disable Mode Global Config 5.17.14.
The parameter “local” means to set database access inside device. The parameter “tftp://hostIP/filename” means to set database access on remote TFTP Server. Format ip dhcp snooping database {local | } Default Local Mode Global Config 5.17.16. ip dhcp snooping database write-delay This command configures the interval in seconds at which the DHCP Snooping database will be persisted, and this database stores the results of DHCP snooping bindings.
5.17.18. ip dhcp snooping information option This command enables or disables the DHCP Snooping application to support information Option 82 in global configuration or a specific interface. Format [no] ip dhcp snooping information option Default Disable Mode Global Config Interface Config 5.17.19. ip dhcp snooping information option circuit-id This command enables or disables the DHCP Snooping Option 82 with sub-option circuit-id in a range of VLANs.
5.17.21. ip dhcp snooping information option vlan This command enables or disables the DHCP Snooping option 82 in a range of VLANs. Format [no] ip dhcp snooping information option vlan Default Disable Mode Global Config 5.17.22. ip dhcp snooping information option trust This command configures an interface to be trusted for Option-82 reception. Format [no] ip dhcp snooping information option trust Default Disable Mode Interface Config 5.17.23.
(M4500-32C) (Interface 0/1)# ip dhcp snooping limit rate 100 burst interval 10 (M4500-32C) (Interface 0/1)# 5.17.24. ip dhcp snooping log-invalid This command controls logging the illegal DHCP messages to logging buffer. Format [no] ip dhcp snooping log-invalid Default Disabled Mode Interface Config 5.17.25. ip dhcp snooping trust This command enables or disables a port as DHCP Snooping trust port. Format [no] ip dhcp snooping trust Default Disabled Mode Interface Config 5.17.26.
5.17.28. clear ip dhcp snooping statistics This command is used to clear all DHCP Snooping statistics. Format clear ip dhcp snooping statistics Default None Mode Privileged EXEC 5.17.29. clear ip dhcp snooping information statistics This command is used to clear statistics of DHCP Snooping Option 82.
5.18. IP Source Guard (ISG) Commands IP Source Guard (IPSG) is a security feature that filters IP packets based on source ID. The source ID may be either the source IP address or a {source IP address, source MAC address} pair. The DHCP snooping binding database and static IPSG entries identify authorized source IDs. You can configure: • Whether enforcement includes the source MAC address. • Static authorized source IDs.
5.18.1.2. show ip verify source This command displays the IPSG interface and binding configurations on all ports. Format show ip verify source [interface | port-channel ] Term Definition Specifies the interface number. Specifies the port-channel interfaces. The range of the port-channel ID is 1 to 64. Default None Mode Privileged Exec Display Message Term Definition Interface Interface address in slot/port or port-channel format.
Default None Mode Privileged Exec Display Message Term Definition Interface IP address of the interface in the slot/port or port-channel format. Entry type; statically configured from CLI or dynamically learned from DHCP Snooping. The IP address of the entry that is added. The MAC address for the entry that is added. VLAN for the entry. Type IP Address MAC Address VLAN 5.18.2. Configuration commands 5.18.2.1.
Term Definition Specifies an MAC address. VLAN ID. The range of VLAN ID is 1 to 4093. Specifies an IP address. Specifies the interface number. Specifies the port-channel interfaces. The range of the port-channel ID is 1 to 64.
5.19. Dynamic ARP Instpection (DAI) Command Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. DAI prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting neighbors. The miscreant sends ARP requests or responses mapping another station's IP address to its own MAC address.
Bad Dest MAC Invalid IP Packet Queue Exceed 5.19.1.2. The number of packets dropped due to Destination MAC validation failure. The number of packets dropped due to invalid IP checks. The number of packets dropped due to the DAI processing queue being full. show ip arp inspection This command displays the Dynamic ARP Inspection global configuration and configuration on all the VLANs. With the vlan-list argument (i.e.
Mode Privileged Exec Display Message Term Interface Trust State Rate Limit Burst Interval 5.19.1.4. Definition The interface ID for each displayed row. Whether the interface is trusted or untrusted for DAI. The configured rate limit value in packets per second. The configured burst interval value in seconds show arp access-list This command displays the configured ARP ACLs with the rules. Giving an ARP ACL name as the argument will display only the rules in that ARP ACL.
Format ip arp inspection vlan no ip arp inspection vlan Term Definition Specifies VLAN ID in a list. The range of VLAN ID is 1 to 4093. Default Disable Mode Global Config 5.19.2.3. ip arp inspection vlan logging This command enables logging of invalid ARP packets on a list of comma-separated VLAN ranges. To disable logging of invalid ARP packets on a list of comma-separated VLAN ranges, use the no form of this command.
5.19.2.5. ip arp inspection trust This command configures an interface as trusted for Dynamic ARP Inspection. To configure an interface as untrusted for Dynamic ARP Inspection, use the no form of this command. Format ip arp inspection trust no ip arp inspection trust Default Disable Mode Interface Config 5.19.2.6. ip arp inspection limit This command configures the rate limit and burst interval values for an interface.
5.19.2.8. permit ip host mac host This command configures a rule for a valid IP address and MAC address combination used in ARP packet validation. To delete a rule for a valid IP and MAC combination, use the no form of this command. Format permit ip host mac host no permit ip host mac host Term Definition Specifies IP address in the ARP ACL rule. Specifies MAC address in the ARP ACL rule.
5.20. Differenciated Service Commands ! This Switching Command function can only be used on the QoS software version. This chapter contains the CLI commands used for the QoS Differentiated Services (DiffServ) package. The user configures DiffServ in several stages by specifying: 1. Class • creating and deleting classes • defining match criteria for a class ! The only way to remove an individual match criterion from an existing class definition is to delete the class and re-create it. 2.
⚫ hierarchical service policies not supported in a class definition ⚫ access list matched by reference only, and must be sole criterion in a class - that is, ACL rules copied as class match criteria at time of class creation, with class type 'any' - implicit ACL 'deny all' rule also copied - no nesting of class type 'acl' Regarding nested classes, referred to here as class references, a given class definition can contain at most one reference to another class, which can be combined with other match
5.20.2. Class commands The 'class' command set is used in DiffServ to define: Traffic Classification specifies Behavior Aggregate (BA) based on DSCP, and Multi- Field (MF) classes of traffic (name, match criteria) Service Levels specifies the BA forwarding classes / service levels. Conceptually, DiffServ is a two-level hierarchy of classes: 1. Service/PHB, 2.
5.20.2.2. no class-map This command eliminates an existing DiffServ class. Format no class-map Parameter Description The name of an existing DiffServ class.. ! The class name 'default' is reserved and is not allowed here. This command may be issued at any time; if the class is currently referenced by one or more policies or by any other class, this deletion attempt shall fail. Default None Mode Global Config 5.20.2.3.
Mode Class-Map Config / Ipv6-Class-Map Config 5.20.2.5. match class-map This command adds to the specified class definition the set of match conditions defined for another class. Format match class-map Parameter Description The name of an existing DiffServ class whose match conditions are being referenced by the specified class definition. i There is no [not] option for this match command.
i There is no [not] option for this match command. Default None Mode Class-Map Config / Ipv6-Class-Map Config 5.20.2.7. match cos This command adds to the specified class definition a match condition for the Class of Service value (the only tag in a single tagged packet or the first or outer 802.1Q tag of a double VLAN tagged packet). The value may be from 0 to 7. Format match cos <0-7> Parameter Description <0-7> Integer in the range of 0 to 7 specifying the COS value.
Format match destination-address mac
Parameter Description Specifies any layer 2 MAC address. Specifies a layer 2 MAC address bit mask. Default None Mode Class-Map Config 5.20.2.10. match dstip This command adds to the specified class definition a match condition based on the destination IP address of a packet. Format match dstip Parameter Description Specifies an IP address.To specify the match condition using a numeric notation, one layer 4 port number is required. <0-65535> The port number is an integer from 0 to 65535. To specify the match condition using a numeric range notation, two layer 4 port numbers are required and together they specify a contiguous port range. Each port number is an integer from 0 to 65535, but with the added requirement that the second number be equal to or greater than the first. Default None Mode Class-Map Config / Ipv6-Class-Map Config 5.
i The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header, but with a slightly different user notation. To specify a match on all DSCP values, use the match [not] ip tos command with set to 0 and set to 03 (hex). Default None Mode Class-Map Config / Ipv6-Class-Map Config 5.20.2.14.
IP TOS value having bits 7 and 5 set and bit 1 clear, where bit 7 is most significant, use a value of a0 (hex) and a of a2 (hex). i The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header, but with a slightly different user notation.
Parameter Description
Specifies any layer 2 MAC address. Specifies a layer 2 MAC address bit mask. Default None Mode Class-Map Config 5.20.2.18. match scrip This command adds to the specified class definition a match condition based on the source IP address of a packet. Format match srcip Parameter Description < ipaddr > Specifies an IP address .To specify the match condition as a range, two layer 4 port numbers are required and together they specify a contiguous port range. Each port number is an integer from 0 to 65535, but with the added requirement that the second number be equal to or greater than the first. Default None Mode Class-Map Config / IPv6-Class-Map Config 5.20.2.20.
5.20.2.22. match dstipv6 This command adds to the specified class definition a match condition based on the destination IPv6 address of a packet. Format match dstip6 Parameter Description IPv6 address and prefix length. Default None Mode IPv6-Class-Map Config 5.20.2.23. match srcipv6 This command adds to the specified class definition a match condition based on the source IP address of a packet.
5.20.3. Policy commands The 'policy' command set is used in DiffServ to define: Traffic Classification Specify traffic conditioning actions (policing, marking, shaping) to apply to traffic classes. Service Provisioning Specify bandwidth and queue depth management requirements of service levels (EF, AF, etc.). The policy commands are used to associate a traffic class, which was defined by the class command set, with one or more QoS policy attributes.
5.20.3.2. drop This command specifies that all packets for the associated traffic stream are to be dropped at ingress. Format drop Default None Mode Policy-Class-Map Config Incompatibilities 5.20.3.3. Assign Queue, Mark (all forms), Mirror, Police, Redirect mirror This command specifies that all incoming packets for the associated traffic stream are copied to a specific egress interface (physical port or LAG).
Default None Mode Policy-Class-Map Config Incompatibilities 5.20.3.5. Drop, Mirror conform-color This command is used to enable color-aware traffic policing and define the conform-color class maps used. Used in conjunction with the police command where the fields for the conform level (for simple, single-rate, and tworate policing) are specified. The parameter is the name of an existing Diffserv class map, where different ones must be used for the conform and exceed colors.
5.20.3.7. mark cos-as-sec-cos This command marks outer VLAN tag priority bits of all packets as the inner VLAN tag priority, marking CoS as Secondary CoS. This essentially means that the inner VLAN tag CoS is copied to the outer VLAN tag CoS. Format mark cos-as-sec-cos Default None Mode Policy-Class-Map Config Incompatibilities 5.20.3.8.
5.20.3.10. mark ip-dscp This command marks all packets for the associated traffic stream with the specified IP DSCP value. Format mark ip-dscp Parameter Description Specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef. Default None Mode Policy-Class-Map Config Incompatibilities 5.20.3.11.
For set-dscp-transmit, a value is required and is specified as either an integer from 0 to 63, or symbolically through one of the following keywords: af11, af12, af13, af21, af22, af23,af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef. For set-prec-transmit, an IP Precedence value is required and is specified as an integer from 0-7. For set-cos-transmit an 802.1p priority value is required and is specified as an integer from 0-7.
Format police-single-rate {<1-4294967295> <1-128> <1-128> conform-action {drop | set-cos-as-sec-cos | setcos-transmit <0-7> | set-dscp-transmit | set-prec-transmit <0-7> | transmit} exceed-action { drop | set-cos-as-sec-cos | set-cos-transmit <0-7> | set-dscp-transmit | set-prec-transmit <0-7> | transmit} [violate-action { drop | set-cos-as-sec-cos | set-cos-transmit <0-7> | set-dscptransmit | set-prec-transmit <0-7> | transmit }]} Parameter Description
conform action defaults to transmit and the violate action defaults to drop. These actions can be set with this command once the style has been configured. Beside, the set-cos-transmit is to combine only with drop between the conform-action and the violate-action. Priority value is required and is specified as an integer from 0-7.
Parameter Description Old Policy name. New policy name. Default None Mode Global Config 5.20.4. Service commands The 'service' command set is used in DiffServ to define: Traffic Classification Assign a DiffServ traffic conditioning policy (as specified by the policy commands) to an interface in the incoming direction. Service Provisioning Assign a DiffServ service provisioning policy (as specified by the policy commands) to an interface in the outgoing direction.
Restrictions Only a single policy may be attached to a particular interface in a particular direction at any one time. 5.20.4.2. no service-policy This command detaches a policy from an interface in a particular direction. Format no service-policy {in | out} Parameter Description The name of an existing DiffServ policy. Note that this command causes a service to remove its reference to the policy.
Parameter Description The name of an existing DiffServ class. Default None Mode Privileged Exec Display Message Fields Definition Class Name The name of this class. Class Type The class type (all, any, or acl) indicating how the match criteria are evaluated for this class. A class type of all means every match criterion defined for the class is evaluated simultaneously they must all be true to indicate a class match.
Default None Mode Privileged Exec Display Message Fields Definition DiffServ Admin mode The current value of the DiffServ administrative mode. Class Table Size Current/Max The current or maximum number of entries (rows) in the Class Table. Class Rule Table Size Current/Max The current or maximum number of entries (rows) in the Class Rule Table. Policy Table Size Current/Max The Layer 3 protocol for this class. Possible values are IPv4 and IPv6.
Operational Status The current operational status of this DiffServ service interface. Policy Name The name of the policy attached to the interface in the indicated direction. 5.20.5.4. show diffserv service brief This command displays all interfaces in the system to which a DiffServ policy has been attached. The direction parameter is optional; if specified, only services in the indicated direction are shown.
Default None Mode Privileged Exec Display Message Fields Definition Policy Name The name of this policy. Policy Type The policy type, namely whether it is an inbound or outbound policy definition. The following information is repeated for each class associated with this policy (only those policy attributes actually configured are displayed): Fields Definition Class Name The name of this class. Mark CoS Denotes the class of service value that is set in the 802.1p header of outbound packets.
Non-Conform Action The current setting for the action taken on a packet considered to not conform to the policing parameters. This is not displayed if policing not in use for the class under this policy. Non-Conform DSCP Value This field displays the DSCP mark value if this action is markdscp. Non-Conform IP Precedence Value This field displays the IP Precedence mark value if this action is markprec. Assign Queue Directs traffic stream to the specified QoS queue.
Display Message Fields Definition Interface The slot number and port number of the interface (slot/port) Direction The traffic direction of this interface service, either in or out. Operational Status The current operational status of this DiffServ service interface. Policy Name The name of the policy attached to the interface in the indicated direction.
Fields Definition Interface The slot number and port number of the interface (slot/port). Operational Status The current operational status of this DiffServ service interface. Policy Name The name of the policy attached to the interface. i None of the counters listed here are guaranteed to be supported on all platforms. Only supported counters are shown in the display output. 5.21.
Destination MAC Address Displays the destination MAC address for this rule. Destination MAC Mask Displays the destination MAC mask for this rule. Ethertype Displays the Ethertype keyword or custom value for this rule. VLAN ID Displays the VLAN identifier value or range for this rule. CoS Value Displays the COS (802.1p) value for this rule. Assign Queue Displays the queue identifier to which packets matching this rule are assigned.
Direction Denotes the direction in which this MAC ACL is attached to the set of interfaces listed. The value is Inbound or Outbound. Interface(s) Displays the list of interfaces (slot/port) to which this MAC ACL is attached in a given direction. VLAN(s) Displays VLAN(s) to which the MAC ACL applies 5.21.1.3. show ip access-lists Use this command to view summary information about all IP ACLs configured on the switch.
Match ALL Indicates whether this ACL applies to every packet. The possible values are True or False. IPv4 Protocol Displays the protocol to filter for this rule. Source IP Address Displays the source IP address for this rule. Source IP Wildcard Mask Displays the source IP mask for this rule. Source L4 Port Keyword Displays the source port for this rule. Destination IP Address Displays the destination IP address for this rule. Destination MAC Mask Displays the destination IP mask for this rule.
1-64 The port-channel ID. The port-channel ID is range from 1 to 64. in | out The direction value is either in or out Default None Mode Privileged EXEC Display Message Fields Definition ACL Type The type of access list (IP,IPv6 or MAC) ACL ID The identifier of this ACL. Sequence Number An optional sequence number may be specified to indicate the order of this access list relative to other access lists already assigned to this interface and direction.
5.21.2. Configuration commands 5.21.2.1. mac access-list extended This command creates a MAC access control list (ACL) identified by name, consisting of classification fields defined for the Layer 2 header of an Ethernet frame. If a MAC ACL by this name already exists, this command enters Mac-Access-List config mode to allow updating the existing ACL. Format [no] mac access-list extended Parameter Description name The ACL name which is used to identify a specific MAC ACL.
numbers of ACL rules in the ACL and change the order in which entries are applied. This command is not saved in startup configuration and is not displayed in running configuration. Format mac access-list resequence {} <1-2147483647> <1-2147483647> Parameter Description name The ACL name which is used to identify a specific MAC ACL. It is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the MAC access list. <1-2147483647> The sequence number from which to start.
then the ACL rule is applied when the time-range with specified name becomes active. The ACL rule is removed when the time-range with specified name becomes inactive.
Format [no] remark Parameter Description remark To Add an ACL rule remark The rule ID to be removed. no To remove an ACL rule remark Default None Mode Mac Access-list Config 5.21.2.5. mac access-group This command attaches a specific MAC Access Control List (ACL) identified by to an interface, or associates it with a VLAN ID, in a given direction. The parameter must be the name of an existing MAC ACL.
1-4294967295 The sequence number of the ACL. Default None Mode Global Config Interface Config 5.21.2.6. ip access-list Use this command to create an extended IP Access Control List (ACL) identified by , consisting of classification fields defined for the IP header of an IPv4 frame. If an IP ACL by this name already exists, this command enters IPv4-Access_List config mode to allow updating the existing IP ACL.
5.21.2.8. ip access-list resequence Use this command to renumber the sequence numbers of the entries for specified IP access list with the given increment value starting from a particular sequence number. The command is used to edit the sequence numbers of ACL rules in the ACL and change the order in which entries are applied. This command is not saved in startup configuration and is not displayed in running configuration.
deny | permit To deny or permit the matching rule. every Matches every packet Specify a source ip address and source netmask pair for the match condition of this IP ACL rule. host Specify host designated source ip address for this rule. log Enable logging for this access list rule time-range-name Specify the name of the time-range if the IP ACL rule has referenced a time range.
{ <0-255> | eigrp | gre | icmp | igmp | ip | Specifies the protocol to filter for an extended IP ACL rule. ipinip | ospf | pim | tcp | udp } Specifies a source IP address and source netmask pair for matching condition of this rule. srcip srcmask | any | The parameter any specifies srcip as 0.0.0.0 and srcmask as 255.255.255.255. host The parameter host A.B.C.D specifies srcip as A.B.C.D and srcmask as 0.0.0.0. Specifies a destination IP address and netmask pair for matching condition of this rule.
Specifies that the IP ACL rule matches on the TCP flags. The value parameter represents : +fin, -fin, +syn, -syn, +rst, -rst,+psh, -psh, +ack, -ack, +urg, -urg, established. flag When + is specified, a match occurs if the specified flag is set in the TCP header. When is specified, a match occurs if the specified flag is NOT set in the TCP header. When established is specified, a match occurs if the specified RST or ACK bits are set in the TCP.
rate-limit <1-4294967295> <1-128> Mode Specifies the allowed rate of traffic as per the configured rate in <1-4294967295> kb/s, and burst-size in <1-128> kilobytes Global Config To remove the rule with the specified ID, use the below no form command. Format no rule-id Parameter Description ID The rule with ID to be removed. Default None Mode IP Access-list Config 5.21.2.10.
currently attached IP access list using that sequence number. If the sequence number is not specified for this command, a sequence number that is one greater than the highest sequence number currently in use for this interface and direction is used. This command specified in 'Interface Config' mode only affects a single interface, whereas the 'Global Config' mode setting is applied to all interfaces. The VLAN keyword is only valid in the 'Global Config' mode.
Format no ip access-group {<1-199> | } [vlan ] {in | out} Parameter Description name The ACL name which is used to identify a specific IP ACL. It is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the MAC access list. <1-199> The identifier of this ACL. Range 1 to 99 is the access list number for an IP standard ACL. Range 100 to 199 is the access list number for an IP extended ACL. vlan-id The VLAN ID.
the ACL rule is applied when the time-range with specified name becomes active. The ACL rule is removed when the time-range with specified name becomes inactive.
Specifies the layer 4 port match condition for the IP ACL rule. A port number can be used, in the range 0- 65535, or the portkey, which can be one of the following keywords: • For TCP: bgp, domain, echo, ftp, ftp-data, http, smtp, telnet, www, pop2, pop3 • For UDP: domain, echo, ntp, rip, snmp, tftp, time, who. flag [+fin | -fin] [+syn | -syn] Specifies that the IP ACL rule matches on the tcp flags.
5.22. IPv6 ACL Commands 5.22.1. Show commands 5.22.1.1. show ipv6 access-lists This command displays an IPv6 access list and all of the rules that are defined for the IPv6 ACL. Use the [name] parameter to identify a specific IPv6 ACL to display. Format show ipv6 access-lists [] Parameter Description ACL name which uniquely identifies the IPv6 ACL to display.
Action The action associated with each rule. The possible values are Permit or Deny. Match Every Indicates whether this access list applies to every packet. Possible values are True or False. IPv6 Protocol The protocol to filter for this rule. Source IP Address The source IP address for this rule. Source L4 Port Keyword The source port for this rule. Destination IP Address The destination IP address for this rule. Destination L4 Port Keyword The destination port for this rule.
uniquely identifying the IPv6 access list. If an IPv6 ACL by this name already exists, this command enters IPv6-Access-List config mode to allow updating the existing IPv6 ACL. To delete the IPv6 ACL identified by from the system, use the no form of this command. Format ipv6 access-list no ipv6 access-list Parameter Description access-list name up to 31 characters in length.
Format ipv6 access-list resequence <1-2147483647> <1-2147483647> Parameter Description name The ACL name which is used to identify a specific IP ACL. It is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the IP access list. <1-2147483647> The sequence number from which to start. The range is 1-2147483647. The default is 1. <1-2147483647> The amount to increment. The range is 1-2147483647. The default is 10. Default 1 Mode Global Config 5.22.2.4.
Format {deny | permit} {{every [rule-id] [assign-queue ] [log] [{{mirror | redirect} | portchannel }] [rate-limit <1-4294967295> <1-128>] [sequence <1-2147483647>] [time-range ]} | {{<0-255> | icmpv6 | ipv6 | tcp | udp} { | any | host } [eq {<0-65535> | }] { | any | host } [eq {<0-65535> | }] [flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+ps
Specifies the layer 4 port match condition for the IPv6 ACL rule. A port number can be used, in the range 0- 65535, or the portkey, which can be one of the following keywords: • For TCP: bgp, domain, echo, ftp, ftp-data, http, smtp, telnet, www, pop2, pop3 • For UDP: domain, echo, ntp, rip, snmp, tftp, time, who. flag [+fin | -fin] [+syn | -syn] Specifies that the IPv6 ACL rule matches on the tcp flags.
5.22.2.5. no rule-id This command removes a rule for the current IPv6 access list. Format no rule-id Parameter Description Specifies a rule ID, the value range from 1 to 2147483647. Default None Mode IPv6-Access-List Config 5.22.2.6. ipv6 traffic-filter This command either attaches a specific IPv6 ACL identified by to an interface or associates with a VLAN ID in a given direction. The parameter must be the name of an existing IPv6 ACL.
Default Mode None Global Config Interface Config NETGEAR M4500 Series Switches CLI Command Reference Manual 565
5.23. CoS (Class of Service) Command 5.23.1. Show commands 5.23.1.1. show queue cos-map This command displays the current Dot1p (802.1p) priority mapping to internal traffic classes for a specific interface. The slot/port parameter is optional and is only valid on platforms that support independent per-port class of service mappings. If specified, the 802.1p mapping table of the interface is displayed. If omitted, the most recent global configuration settings are displayed.
Display Message Fields Definition IP DSCP Displays IP DSCP value. Traffic Class Displays the queue mapping. 5.23.1.3. show queue trust This command displays the current trust mode setting for a specific interface. The slot/port parameter is optional and is only valid on platforms that support independent per-port class of service mappings. If specified, the port trust mode of the interface is displayed. If omitted, the port trust mode of each interface in the system is shown.
Format show queue trust { | port-channel } Parameter Description slot/port The interface number. id Specified the port channel ID Default None Mode Privileged EXEC Display Message Fields Definition Interface This displays the slot/port of the interface. If displaying the global configuration, this output line is replaced with a Global Config indication. Interface Shaping Rate The maximum transmission bandwidth limit for the interface as a whole.
Parameter Description slot/port The interface number. id Specified the port channel ID Default None Mode Privileged EXEC Display Message Fields Definition Queue Id Interface supports n queues numbered 0 to (n-1). The specific n value is platform dependent. WRED Minimum Threshold The configured minimum threshold the queue depth (as a percentage) where WRED starts marking and dropping traffic.
This command maps an 802.1p priority to an internal traffic class for a device. Format queue cos-map all <0-7> <0-7> no queue cos-map all Parameter Description <0-7> The range of queue priority is 0 to 7. <0-7> The range of mapped traffic class is 0 to 7. no Reset to the default mapping of the queue priority and the mapped traffic class. Default None Mode Global Config 5.23.2.2. queue trust This command sets the class of service trust mode of an interface.
Mode Interface Config 5.23.2.3. queue cos-queue min-bandwidth This command specifies the minimum transmission bandwidth guarantee for each interface queue. Format queue cos-queue min-bandwidth … no queue cos-queue min-bandwidth Parameter Description Each Valid range is (0 to 100) in increments of 5 and the total sum is less than or equal to 100. no Restores the default for each queue's minimum bandwidth value.
Parameter Description Queue ID from 0 to 7. no Restores the default weighted scheduler mode for each specified queue on a "per-port" basis. Default None Mode Interface Config This command activates the strict priority scheduler mode for each specified queue on a device. Format queue cos-queue strict all [ … ] no queue cos-queue strict all [ … ] Parameter Description Queue ID from 0 to 7.
This command specifies the maximum transmission bandwidth limit for all interfaces. Also known as rate shaping, this has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded. Format queue cos-queue traffic-shape all no queue cos-queue traffic-shape all Parameter Description < bw > Valid range is (0 to 100) in increments 1. no Restores the default shaping rate value for all interfaces. Default None Mode Global Config 5.23.2.6.
Mode Global Config Interface Config 5.23.2.8. random-detect queue-parms This command is used to configure WRED parameters for each drop precedence level supported by a queue. It is used only when per-COS queue configuration is enabled (using the cos-queue random-detect command). Format random-detect queue-parms […] ...
5.24. iSCSI Optimization Commands This section describes commands you use to monitor iSCSI sessions and prioritize iSCSI packets. iSCSI Optimzation provides a means of giving traffic between iSCSI initiator and target systems special Quality of Service (QoS) treatment. This is accomplished by monitoring traffic to detect packets used by iSCSI stations to establish iSCSI sessions and connections.
Display Message Fields Definition Session # The iSCSI sequence number Target The target Name Initiator The initiator Name ISID The iSCSI session ID Up Time The starting time for the iSCSI session connected Time for aging out The time left to be inactive, in mins. Target IP Address The IP address for the target Target TCP Port The TCP port number for the target Initiator IP Address The IP address for the initiator. Initiator TCP Port The TCP port number for the initiator 5.24.3.
5.24.5. iscsi aging time Use this command to configure the aging time for iSCSI sessions. Behavior when changing aging time: • When aging time is increased, current sessions will be timed out according to the new value. • When aging time is decreased, any sessions that have been dormant for a time exceeding the new setting will be immediately deleted from the table. All other sessions will continue to be monitored against the new time out value.
5.24.8. no iscsi queue The command recovery iSCSI egress queue out parameter. Format no iscsi queue Default 3 Mode Global Config 5.24.9. iscsi target Use this command to configures an iSCSI target port and, optionally, a target system’s IP address and IQN name.
Mode Global Config 5.24.10. no iscsi target The command delete an iSCSI target port, address, and name. Format no iscsi target port [ ...
5.25. Domain Name Server Client Commands 5.25.1. show hosts This command displays the static host name-to-address mapping table. Format show hosts [] Default None Mode Privileged Exec Display Message Parameter Definition DNS Client Source Interface The source interface of the DNS client. Host Name Domain host name. Default Domain Default domain name. Default Domain List Default domain list. Domain Name Lookup DNS client enabled/disabled.
Dns Client Source Interface.................... (not configured) Configured host name-to-address mapping: Host Addresses ------------------------ ---------------------No host name is configured to IP address Host Total ---------------------- ------- Elapsed Type Addresses ------- ---- -------------- No hostname is mapped to an IP address 5.25.2. ip host This command creates a static entry in the DNS table that maps a host name to an IP address.
5.25.4. clear host This command clears the entire static host name-to-address mapping table. Format clear host Default None Mode Privileged Exec 5.25.5. ip domain-name This command defines the default domain name to be appended to incomplete host names (i.e., host names passed from a client are not formatted with dotted notation). Format ip domain-name Parameter Definition Default domain name used to complete unqualified host names.
Domain list indicates list of default domain names to complete unqualified names. Default None Mode Global Config 5.25.8. no ip domain-list This command removes the default domain list. Format no ip domain-list Mode Global Config 5.25.9. ip name-server This command specifies the address of one or more domain name servers to use for name-to-address resolution.
5.25.11. ip name-server source-interface This command specifies the source address of dns client to use for name-to-address resolution. Format ip name-server source-interface { | loopback | serviceport | tunnel | vlan } Parameter Definition Specifies the interface to use as the source interface. Specifies the loopback interface to use as the source interface. The range of the loopback ID is 0 to 63.
5.25.14. no ip domain-lookup This command disables the IP Domain Naming System (DNS)-based host name-to-address translation. Format no ip domain-lookup Mode Global Config 5.25.15. ip domain-retry This command specifies the number of times to retry sending Domain Name System (DNS) queries. Format ip domain-retry <0-100> Parameter Definition <0-100> The number of times to retry sending a DNS query to the server. Default 2 Mode Global Config 5.25.16.
5.25.18. no ip domain-retry-timeout This command will reset the timeout to the default setting. Format no ip domain-retry-timeout Mode Global Config 5.25.19. ipv6 host This command creates a static entry in the DNS table that maps a host name to an IPv6 address. Format ipv6 host Parameter Definition Host name. IPv6 address of the host. Default None Mode Global Config 5.25.20.
5.26. Unidirectional Link Detection Commands This section describes the commands you use to configure and display Unidirectional Link Detection (UDLD). The purpose of the UDLD feature is to detect and avoid unidirectional links. A unidirectional link is a forwarding anomaly in a Layer 2 communication channel in which a bi-directional link stops passing traffic in one direction. 5.26.1. udld enable (Global Config) Use this command to enable UDLD globally on the switch.
5.26.5. udld timeout interval Use this command to configure the time interval value (in seconds) after which the UDLD link is considered to be unidirectional. Format udld timeout interval <5-60> Default 5 Mode Global Config 5.26.6. no udld timeout interval Use this command to restore the time interval value after which the UDLD link is considered to be unidirectional to the default value. Format no udld timeout interval Mode Global Config 5.26.7.
5.26.9. udld port Use this command to select the UDLD mode operating on this interface. Format udld port [aggressive] Default normal Mode Interface Config 5.26.10. udld reset Use this command to reset all interfaces that have been shutdown by UDLD. Format udld reset Mode Privileged EXEC 5.26.11. show udld Use this command to display the global settings of UDLD. If you specify a slot and port, the command displays the UDLD setting for the specified slot and port.
Timeout Interval............................... 5 Display Message for a specified slot and port Parameter Definition Port The identifying port of the interface. Admin Mode The administrative mode of UDLD configured on this interface. The mode is either enabled or disabled. UDLD Mode The UDLD mode configured on this interface. The mode is either normal or aggressive. UDLD Status The status of the link as determined by UDLD.
Time-To-Live: 39 Neighbor echo 1 device: NTGROZ5200014 Neighbor echo 1 port: 0/3 Message Interval: 15 Timeout Interval: 5 Neighbor Device Name: SW2 NETGEAR M4500 Series Switches CLI Command Reference Manual 591
5.27. Multi-chassis Link Aggregation Commands This section describes the commands you use to configure and display Multi-Chassis Link Aggregation (MLAG). MLAG allows links that are physically connected to two different devices to appear as a single Port Channel to a third device. Note: MLAG can support RSTP and IGMP Snooping. The configuration of RSTP and IGMP Snooping on peers of MLAG must be the same to guarantee that MLAG can work correctly. 5.27.1.
5.27.4. no mlag domain This command deletes the MLAG domain with the specified domain ID. Format no mlag domain <1-255> Mode Global Config 5.27.5. mlag system-mac Use this command to manually configure the MAC address for the MLAG domain. The specified MAC address should be a unicast MAC and cannot be equal to the MAC address of either the primary MLAG or secondary MLAG device.
Mode Global Config 5.27.8. no mlag system-priority This command restores the MLAG system priority to the default settings. Format no mlag system-priority Mode Global Config 5.27.9. mlag role priority This command configures a role priority for the MLAG domain. This value is used for the MLAG role election. The MLAG switch with lower priority becomes the Primary and the switch with higher priority becomes the Secondary.
5.27.12. no mlag peer-link This command removes the MLAG peer link. Format no mlag peer-link Mode Port Channel Interface Config 5.27.13. mlag id This command configures a port channel as part of a MLAG. Upon issuing this command, the port channel is down until the port channel member information is exchanged and agreed between the MLAG peer switches. Format mlag <1-63> Default None Mode Port Channel Interface Config 5.27.14.
5.27.16. no mlag peer detection interval This command resets the DCPDP transmission interval and reception timeout to default values. Format no mlag peer detection interval <200-4000> timeout <700-14000> Mode Global Config 5.27.17. mlag peer-keepalive destination This command configures the IP address of the peer MLAG switch, which is the destination IP address of the DCPDP on the peer MLAG switch.
Format mlag peer-keepalive enable Mode Global Config 5.27.20. no mlag peer-keepalive enable This command stops the MLAG peer keepalive state machine. Format no mlag peer-keepalive enable Mode Global Config 5.27.21. mlag peer-keepalive timeout This command configures the peer keepalive timeout value (in seconds). If a MLAG switch does not receive a keepalive message from the peer for the duration of this timeout value, it transitions its role (if required).
Example1: The following example shows the CLI display output for the command show mlag brief. In this example, the MLAG operational status is enabled. (M4500-32C) #show mlag brief MLAG domain ID................................. 1 MLAG admin status.............................. Enabled Keep-alive admin status........................ Enabled MLAG operational status........................ Enabled Self role...................................... Secondary Peer role......................................
MLAG id# 1 ----------Interface...................................... ch1 Configured VLANs............................... 1 MLAG interface state........................... Active Local Members Status ----------------- ------ 0/3 Up Peer Members Status ---------------- ------ 0/3 Up Example2: The following example shows the CLI display output for the command show mlag brief. In this example, MLAG operational status is disabled because of disabling MLAG admin status.
5.27.24. show mlag This command displays information about a MLAG. The configuration and operational modes of the MLAG are displayed; the MLAG is operationally enabled if all the preconditions are met. The port-channel that is configured as a MLAG interface is also displayed with the member ports on the current switch and peer switch (with their link status). Format show mlag <1-63> Mode Privileged EXEC Example: The following example shows the CLI display output for the command show mlag 1.
Example: The following example shows the CLI display output for the command show mlag role. (M4500-32C) #show mlag role Self ---MLAG domain ID................................. 1 Keep-alive admin status........................ Enabled Keep-alive operational status.................. Enabled Role Priority.................................. 100 Configured MLAG MAC............................ 00:00:00:00:00:00 Operational MLAG MAC........................... C4:54:44:EA:AA:01 Configured MLAG system priority.......
5.27.26. show mlag consistency-parameters This command displays the global parameters of the self and peer devices which should be the identical in MLAG domain. ‘ * ‘ means that the parameters between self and peer device configurations are different. “MST VLAN Configuration“ displays associated vlans with MSTP (Multiple Spanning Tree Protocol) instance 0. “IGMP Snooping VLAN Configuration“ displays associated vlans with IGMP Snooping.
5.27.27. show mlag peer-keepalive This command displays the peer MLAG switch IP address used by the dual control plane detection protocol. The port used for the DCPDP is shown. This command also displays if peer detection is enabled. If enabled, the detection status is displayed. The DCPDP message transmission interval and reception timeout are also displayed.
Tx errors...................................... 0 Total received................................. 63342 Rx successful.................................. 63342 Rx Errors...................................... 0 Timeout counter................................ 0 Example: The following example shows the CLI display output for the command show mlag statistics peer-link. (M4500-32C) # show mlag statistics peer-link Peer link control messages transmitted......... 16 Peer link control messages Tx errors...........
5.27.29. show mlag core-config This command displays information about the core configurations to ensure this device can form a MLAG pair. This command displays two sections: required configurations and optional configurations. In the required configurations section, all the required configurations that starts the MLAG peer keepalive state machine are displayed. In the optional configurations section, the configurations that might change the roles of devices which form MLAG pair are displayed.
5.28. Control Plane Policing Commands Control plane packets are generated or received from network device that are used for the operation of the network itself. Therefore, control plane packets always have a receive destination IP address and are handled by the CPU in the network device. Examples include protocols such as ARP, BGP, OSPF, and other protocols that glue the network together.
(M4500-32C) (Config)#interface control-plane (M4500-32C) (if-control-plane)#ip access-group acl001 (M4500-32C) (if-control-plane)# 5.28.2. show access-lists interface control-plane This command displays IP, IPv6, and MAC ACLs configurations for CPU port.
5.29. VXLAN and RIOT Commands This section describes the commands you use to configure VXLAN and RIOT settings. 5.29.1. vxlan mode Use this command to set VXLAN mode on the switch. VXLAN mode must be enabled prior to performing any VXLAN configuration on the switch. A VXLAN supports two different modes for flood traffic: 1. Multicast mode—A VXLAN uses an IP multicast address as the destination IP address to send broadcast, multicast, and unknown unicast flood frames. 2.
A valid VXLAN configuration requires the assignment of an interface to the VTEP and the assignment of a valid IP address to the specified interface. There is no default source interface assignment. Format vxlan source-interface { | loopback | vlan } Parameter Description The Logic interface number. The Loopback ID. (Range: 0-63) The VLAN ID. (Range: 1-4093) Default None Mode VXLAN Config 5.29.4.
Default 4789 Mode VXLAN Config 5.29.6. no vxlan udp-port Use this command to return VXLAN udp port to the default settings. Format no vxlan udp-port Mode VXLAN Config 5.29.7. vxlan unicast-group Use this command to configure VXLAN unicast group on the switch. The setting is available when VXLAN mode is unicast mode. Switch uses each VTEP’s source IP address as the destination IP address to send broadcast, multicast, and unknown unicast flood frames.
5.29.9. default vxlan multicast-group Use this command to configure VXLAN default multicast group on the switch. The setting is available when VXLAN mode is in multicast mode. Switch uses the value as a default multicast group. The default value applied when user creates a new tenant.There is no default multicast group assignment. Format vxlan default-multicast-group Parameter Description Configure multicast-group IP address Default None Mode VXLAN Config 5.29.10.
Configure multicast-group IP address Default None Mode VXLAN Config 5.29.12. no vxlan vni multicast-group Use this command to return VXLAN multicast group to the default settings. Format no vxlan vni multicast-group Mode VXLAN Config 5.29.13. vxlan vlan vni Use this command to configure VXLAN VLAN to VNI mapping on the switch. The “vxlan vlan vni” command associates a VLAN ID with a virtual network identifier (VNI).
Mode VXLAN Config 5.29.15. interface vxlan Use this command to configure VXLAN interface on the switch. Format interface vxlan Parameter Description The VXLAN ID. (Range: 1-1) Default NA Mode Global Config 5.29.16. show vxlan Use this command to display detailed information about the VXLAN configured on the switch.
Multicast Group Address 5.29.17. The multicast group IP address used to send broadcast, multicast, and unknown unicast flood frames show vxlan vtep Use this command to display IP address about the VXLAN remote VTEPs on the switch. This command only shows remote VTEPs which really have communication with local device. If system doesn’t receive any packet from remote VTEPs, it means there is no communication in the environment, this command shows nothing.
5.29.19. vxlan riot Use this command to enable RIOT mode on the switch. VXLAN must be enabled prior to enabling RIOT on the switch. RIOT is supported only under VXLAN unicast mode. Format vxlan riot Default Disabled Mode VXLAN Config 5.29.20. no vxlan riot Use this command to return the RIOT mode to the default settings. Format no vxlan riot Mode VXLAN Config 5.29.21. vxlan riot-physical-loopback Use this command to assign an interface as the VXLAN RIOT loopback interface on the switch.
( ( ( ( ( ( ( Switch Switch Switch Switch Switch Switch Switch ) ) ) ) ) ) ) 5.29.22. (Config)#interface vlan 200 (if-vlan200)# ip address 192.168.20.1 255.255.255.0 (if-vlan200)#exit (Config)#interface vxlan 1 (if-vxlan-1)#vxlan riot (if-vxlan-1)#vxlan riot-physical-loopback 0/8 (if-vxlan-1)#vxlan vlan 200 vni 2001 no vxlan riot-physical-loopback Use this command to delete the VXLAN RIOT loopback interface on the switch.
5.30. Interface Error Disable and Auto Recovery Interface error disable automatically disables an interface when an error is detected; no traffic is allowed until the interface is either manually re-enabled or, if auto recovery is configured, the configured auto recovery time interval has passed. For interface error disable and auto recovery, an error condition is detected for an interface, the interface is placed in a diagnostic disabled state by shutting down the interface.
Default 300s Mode Global Config 5.30.4. no errdisable recovery interval Use this command to return the auto recovery interval to the default settings. Format no errdisable recovery interval Mode Global Config 5.30.5. show errdisable recovery Use this command to display the errdisable configuration status of all configurable causes. Format show errdisable recovery Mode Privileged EXEC Display Message Parameter Definition arp-inspection Enable/Disable status of arp-inspection auto recovery.
loop-detection Enable/Disable status of loop protection. Example: The following example shows the CLI display output for the command show errdisable recovery.
5.31. Role-Based Access Control Role-Based Access Contro (RBAC) allows you to create roles which define CLI executive permissions of individual functions, and assign roles to a user let him own the suitable authorization to manage and operate the system User Role A role contains one or multiple rules that define the operations allowed for the user who is assigned the role, and one user can have multiple roles.
One user could have many roles and there isn’t any different priority between roles. However, if rules are conflicting between roles, the rule that is “permit” action will be higher priority than another rule that is “deny” action. For example, below User1 has role1 and role2, therefore, User1 can show all related commands of “ip igmp”. Since rule1 of role2 conflicts to rule1 of role1 and “permit” action is higher priority, the rule1 of role2 is invalid.
⚫ Role name only allows to include alphabetic, numeric, dash, dot or underscore characters only. Name must start with a letter and the size of the name string must be less than or equal to 31 characters. ⚫ Role name is case sensitive. ⚫ System default role “network-admin” and “network-operator” can’t be destroyed or modified. ⚫ The maximum number of roles is 256. ⚫ A role can’t be deleted, if any user still uses it. Format role name Default None Mode Global Config 5.31.4.
Format no description Mode Role Interface 5.31.7. rule command This command is used to add a rule of command string to a role. ⚫ Rule ID is an integer between 1 and 256, and it shall be unique inside one role. ⚫ Maximum length of rule command string is 255 characters. ⚫ Rule command isn't case sensitive and it's converted to lower case automatically.
5.31.9. rule feature This command is used to add a rule of feature to a role. ⚫ Rule ID is an integer between 1 and 256, and it shall be unique inside one role. ⚫ Feature name comes from an existing feature. Format rule feature Default None Mode Role Interface 5.31.10. no rule (to delete a rule of feature) This command is used to delete a rule of feature from a role. Format no rule Mode Role Interface 5.31.11.
5.31.12. no rule (to delete a rule of feature group) This command is used to delete a rule of feature group from a role. Format no rule Mode Role Interface 5.31.13. rule This command is used to add a rule which denies or permits to execute all “show commands” or all commands.
5.31.16. role feature-group name This command is used to create a new feature group or configure an existing feature group. ⚫ Feature group name only allows to include alphabetic, numeric, dash, dot or underscore characters only. Name must start with a letter and the size of the name string must be less than or equal to 63 characters. ⚫ Feature group name is case sensitive. ⚫ The maximum number of feature groups is 256.
5.31.19. no feature This command is used to remove a feature from a feature group. Format no feature Mode Feature Group Interface 5.31.20. username role This command is used to to assign a role to a user. ⚫ Username comes from an existing user. ⚫ Role name comes from an existing role ⚫ User 'admin' is a system account of administrator and it shall always own the system default role 'network-admin'.
Mode Privileged EXEC Display Message Parameter Definition Role Based Access Control Indicates RBAC function is enabled or disabled now. Current numbers of roles Indicates how many numbers of roles are created now. Maximum numbers of roles Indicates maximum numbers of roles can be created on the device. Role The role name. Description Description of this role. ID Rule ID Permit Indicates permit or deny this role to execute this rule.
Format show role feature-group [detail | name ] Default None Mode Privileged EXEC Display Message Parameter Definition Current numbers of feature group Indicates how many numbers of feature groups are created now. Maximum numbers of feature group Indicates maximum numbers of feature groups can be created on the device. feature group name The name of this feature group. Feature name The system pre-defined feature name.
Maximum numbers of total commands per user The maximun numbers of total commands can be set to one user. Role The role name. Description Description of this role. ID Rule ID Permit Indicates permit or deny this role to execute this rule. Read & Write Indicate this rule is “read” or “read-write”. The “read” means “it can execute ‘show command’ only”, and “read-write” means “it can execute ‘all commands’. Type Indicates type of this rule is command string, feature, or feature group.
5.32. Application Commands Use the application commands to manage applications on switches. 5.32.1. show application This command displays the applications installed and their parameters. Format show application Mode Privileged EXEC Display Message Fields Definition Name The name of the application. StartOnBoot If the application is configured to start on boot up. AutoRestart ◼ Yes: The application will start on boot up. ◼ No: The application will not start on boot up.
filename Name of the file. Total bytes for all files Number of bytes all the files in the application directory. 5.32.3. application install This command starts the application through the designated executable file available for configuration and execution. The parameters of this command determine how the application runs on the switch. This command can be issued using an already installed application file name to update the parameters.
5.32.4. application start This command starts the execution of the specified application. The application must be installed before it can be started using this command. Format application start Mode Privileged EXEC 5.32.5. application stop This command stops the execution of the specified application.
5.33. Precision Time Protocol Transparant Clock Commands The switch supports Precision Time Protocol (PTP) Transparant Clock (TC). 5.33.1. ptp clock e2e-transparent Use this command to enable the PTP E2E transparent clock at system level (that is, globaly) or for an interface. In Global Config mode, the command applies the PTP transparent clock configuration to all physical ports and LAGs on the switch.
Example: (M4500-48XF8C) # show ptp clock e2e-transparent PTP TC global mode....................................
6. Routing Commands 6.1. Address Resolution Protocol (ARP) Commands 6.1.1. Show commands 6.1.1.1. show ip arp This command displays the Address Resolution Protocol (ARP) cache. If the VRF is not specified, the shown ARP cache is in the default VRF. If the VRF is specified, the ARP cache in the specified VRF is shown. Format show ip arp [vrf ] Default None Mode Privileged EXEC Display Message Fields Definition Age Time Is the time it takes for an ARP entry to age out.
MAC Address Is the hardware MAC address of that device. Interface Is the routing slot/port associated with the device ARP entry. Type Is the type that was configured into the unit. The possible values are Local, Gateway, Dynamic and Static. Age This field displays the current age of the ARP entry since last refresh (in hh:mm:ss format). 6.1.1.2. show ip arp brief This command displays the brief Address Resolution Protocol (ARP) table information.
6.1.1.3. show ip arp static This command displays the static Address Resolution Protocol (ARP) table information. Format show ip arp static Default None Mode Privileged EXEC Display Message Fields Definition VRF-ID The VRF ID to which the IP address belongs. VRF-Name The VRF name for the VRF ID. IP address The IP address of a device on a subnet attached to an existing routing interface. MAC address The MAC address for that device. 6.1.2. Configuraton commands 6.1.2.1.
6.1.2.2. ip proxy-arp This command enables proxy ARP on a router interface or range of interfaces. Without proxy ARP, a device only responses to an ARP request if the target IP address is an address configured on the interface where the ARP request arrived. With proxy ARP, the device may also response if the target IP address is reachable. The device only responses if all next hops in its route to the destination are through interfaces other than the interface that received the ARP request.
• dual-ipv4-and-ipv6 default • dual-ipv4-and-ipv6 alpm • dual-ipv4-and-ipv6 alpm-mpls-data-center • dual-ipv4-and-ipv6 data-center • dual-ipv4-and-ipv6 dcvpn-data-center • dual-ipv4-and-ipv6 mpls-data-center The range of cache size is 1152 to 6144 for the following platform: <1152-6144> no • ipv4-routing default • ipv4-routing data-center plus This command configures the default ARP cache size. Default The default cache size is 8192 or 6144, which depends on the platform currently used.
no This command configures the default response timeout time. Default The default response time is 1. Mode Global Config 6.1.2.7. arp retries This command configures the ARP count of maximum request for retries. Format arp retries <0-10> no arp retries Fields Definition <1-10> The range of maximum request for retries is 0 to 10. no This command configures the default count of maximum request for retries. Default The default value is 4. Mode Global Config 6.1.2.8.
Format arp access-list no arp access-list Fields Definition Enter ARP access-list name <1-31> alphanumeric characters in length. no Use this command to delete a configured ARP ACL. Default None Mode Global Config 6.1.2.10. permit ip host mac host Use this command to configure a rule for a valid IP address and MAC address combination used in ARP packet validation.
6.2. IP Routing Commands 6.2.1. Show commands 6.2.1.1. show ip brief This command displays all the summary information of the IP. Format show ip brief Default None Mode Privileged EXEC User EXEC Display Message Fields Definition Default Time to Live The computed TTL (Time to Live) of forwarding a packet from the local router to the final destination. Routing Mode Shows whether the routing is enabled or disabled. Maximum Next Hops The maximum number of hops supported by this switch.
Mode Privileged EXEC User EXEC Display Message Fields Definition Routing Interface Status Determine the operational status of IPv4 routing Interface. The possible values are Up or Down. Primary IP Address The primary IP address and subnet masks for the interface. This value appears only if you configure it. Method Shows whether the IP address was configured manually or acquired from a DHCP server. Secondary IP Address One or more secondary IP addresses and subnet masks for the interface.
Destination Unreachables Displays whether ICMP Destination Unreachables may be sent (enabled or disabled). ICMP Redirects Displays whether ICMP Redirects may be sent (enabled or disabled). Interface Suppress Status Displays whether the interface suppressed or not. Interface Name Displays the routing interface name. 6.2.1.3. show ip interface vlan This command displays all pertinent information about the VLAN routing interfaces.
Local Proxy ARP Displays whether Local Proxy ARP is enabled or disabled on the interface. Active State displays whether the interface is active or inactive. An interface is considered active if its link is up and it is in forwarding state. Active State Displays whether an interface is active with its link up and in forwarding state. Link Speed Data Rate An integer representing the physical link data rate of the specified interface. This is measured in Megabits per second (Mbps).
If you specify a loopback ID, the following information appears: Fields Definition Routing Interface Status The operational status of IPv4 routing Interface. The possible values are Up or Down. Primary IP Address The primary IP address and subnet masks for the interface. This value appears only if you configure it. Secondary IP Address(es) One or more secondary IP addresses and subnet masks for the interface. This value appears only if you configure it.
6.2.1.6. show ip route This command displays the routing table. The specifies the network for which the route is to be displayed and displays the best matching best-route for the address. The specifies the subnet mask for the given . When you use the keyword, the and pair becomes the prefix, and the command displays the routes to the addresses that match that prefix.
MultiCast Fwd Indicates the multicast forwarding administrative mode on the interface. Possible values are Enable or Disable. The command displays the routing tables in the following format: Code IP-Address/Mask [Preference/Metric] via Next-Hop, Interface Fields Definition Code The codes for the routing protocols that created the routes. IP-Address/Mask The IP-Address and mask of the destination network corresponding to this route.
For each next hop: Fields Definition Next Hop Intf The outgoing router interface to use when forwarding traffic to the next destination. Next Hop IP Address The outgoing router IP address to use when forwarding traffic to the next router (if any) in the path toward the destination. 6.2.1.8. show ip route entry This command displays the router route entry information.
Pref The preference value that is used for this route entry. 6.2.1.9. show ip route connected This command displays directly connected routes. Format show ip route [vrf ] connected Default None Mode Privileged EXEC Display Message Fields Definition Route Codes Displays the key for the routing protocol codes that might appear in the routing table output.
Mode Privileged EXEC Display Message Fields Definition Route Codes Displays the key for the routing protocol codes that might appear in the routing table output. The command displays the routing tables in the following format: Code IP-Address/Mask [Preference/Metric] via Next-Hop, Interface Fields Definition Code The codes for the routing protocols that created the routes. IP-Address/Mask The IP-Address and mask of the destination network corresponding to this route.
Fields Definition Code The codes for the routing protocols that created the routes. IP-Address/Mask The IP-Address and mask of the destination network corresponding to this route. Preference The administrative distance associated with this route. Routes with low values are preferred over routes with higher values. Metric The cost associated with this route. via Next-Hop The outgoing router IP address to use when forwarding traffic to the next router (if any) in the path toward the destination.
The command displays the routing tables in the following format: Code IP-Address/Mask [Preference/Metric] via Next-Hop, Interface Fields Definition Code The codes for the routing protocols that created the routes. IP-Address/Mask The IP-Address and mask of the destination network corresponding to this route. Preference The administrative distance associated with this route. Routes with low values are preferred over routes with higher values. Metric The cost associated with this route.
Local: The number of local BGP routes. OSPF Routes Total number of routes installed by OSPF protocol: Intra Area Routes: Total number of Intra Area routes installed by OSPF protocol. Inter Area Routes: Total number of Inter Area routes installed by OSPF protocol. External Type-1 Routes: Total number of External Type-1 routes installed by OSPF protocol. External Type-2 Routes: Total number of External Type-2 routes installed by OSPF protocol.
Hardware Failed Route Adds The number of routes failed to be inserted into the hardware because of a hash error or a table full condition. Reserved Locals The number of routing table entries reserved for a local subnet on a routing interface that is down. Space for local routes is always reserved so that the local routes can be installed when a routing interface is up. Unique Next Hop (High) The number of the distinct next hops used among all routes currently in the routing table.
Format show ip route [vrf ] preferences Default None Mode Privileged EXEC User EXEC Display Message Fields Definition Local This field displays the local route preference value. Static This field displays the static route preference value. BGP External This field displays the BGP external route preference value. OSPF Intra This field displays the OSPF intra route preference value. OSPF Inter This field displays the OSPF inter route preference value.
Default None Mode Privileged EXEC Display Message Fields Definition Heap Size The amount of memory, in bytes, allocated at startup for the routing heap. Memory in Use The number of bytes currently allocated. Memory on Free List The number of bytes currently on the free list. When a chunk of memory from the routing heap is freed, it is placed on a free list for future reuse. Memory Available in Heap The number of bytes in the original heap that have never been allocated.
Uptime The amount of time the interface has been up. Registered Protocol The protocol from which the BFD session was initiated and that is registered to receive events from BFD. (for example, BGP) Local Diag The diagnostic state specifying the reason for the most recent change in the local session state. Demand mode Indicates if the system wishes to use Demand mode. NOTE: Demand mode is not supported in the current release.
Fields Definition no Disable routing for an interface. Default Disable Mode Interface Config 6.2.2.2. ip routing This command enables the IP Router Admin Mode for the master switch. Format ip routing no ip routing Fields Definition no Disable the IP Router Admin Mode for the master switch. Default Disable Mode Global Config 6.2.2.3. ip address This command configures an IP address on an interface. The IP address may be a secondary IP address.
6.2.2.4. ip address dhcp This command enables the DHCPv4 client on an in-band interface so that it can acquire network information, such as the IP address, subnet mask, and default gateway, from a network DHCP server. When DHCP is enabled on the interface, the system automatically deletes all manually configured IPv4 addresses on the interface.
6.2.2.6. ip load-sharing This command manually configures the IP ECMP load balancing mode. Format ip load-sharing <1-6> {inner | outer} no ip load-sharing Fields Definition The load balancing or sharing mode for all ECMP groups. 1: Based on a hash using the Source IP address of the packet. 2: Based on a hash using the Destination IP address of the packet. 3: Based on a hash using the Source and Destination IP addresses of the packet.
A valid subnet mask. IP address of the next hop router. The VLAN ID used for this interface. The range of the VLAN ID is from 1 to 4093. <1-255> The preference value of this route. The range is 1 to 255. The description for the route. Null0 Null interface. no Delete all next hops to a destination static route.
Lower route distance values are preferred when determining the best route. The ip route and ip route default commands allow you to optionally set the distance (preference) of an individual static route. The default distance is used when no distance is specified in these commands. Changing the default distance does not update the distance of existing static routes, even if they were assigned the original default distance.
6.2.2.11. ip route vrf static bfd This command configures the BFD for static route with specific VRF. To remove the BFD for static route with specific VRF, use no form of this command. Format ip route vrf static bfd no ip route vrf static bfd Fields Definition VRF Name in which the the static route is configured IP address of the next hop router. Local IP address of static route for BFD.
6.2.2.13. ip unnumbered gratuitous-arp accept This command enables the configuration of static interface routes to the unnumbered peer dynamically on receiving gratuitous ARP. Format ip unnumbered gratuitous-arp accept no ip unnumbered gratuitous-arp accept Fields Definition no Disable interface route configuration on receiving gratuitous ARP. Default Interface route installation for receiving gratuitous ARP is enabled by default. Mode Interface Config 6.2.2.14.
snap The link layer encapsulation type is SNAP. Default The default value is ethernet. Mode Interface Config Restrictions Routed frames are always Ethernet encapsulated when a frame is routed to a VLAN. 6.2.2.16. fpti Use this command to enable FPTI mode either globally (in Global Config mode) or for a specific interface (in Interface Config mode).
6.3. Open Shortest Path First (OSPF) Commands 6.3.1. Show commands 6.3.1.1. show ip ospf This command displays information relevant to the OSPF router. Format show ip ospf [vrf ] Default None Mode Privileged Exec Display Message ! Some of the information below displays only if you enable OSPF and configure certain features. Fields Definition Router ID A 32-bit integer in dotted decimal format identifying the router, about which information is displayed. This is a configured value.
Default Passive Setting Shows whether the interfaces are passive by default. Prefix Suppression Whether the prefix-suppression is enabled or disabled. Maximum Paths The maximum number of paths that OSPF can report for a given destination. Maximum Routes The number of maximum IPv4 routes in a VRF. Default Metric Default value for redistributed routes. Stub Router Configuration One of Always, Startup, or None. Stub Router Startup Time Configured value in seconds.
configured to redistribute routes learned by other protocols) or disabled (if the router is not configured for the same). Stub Router Status When OSPF runs out of resources to store the entire link state database, or any other state information, OSPF goes into stub router mode. As a stub router, OSPF re-originates its own router LSAs, setting the cost of all non-stub interfaces to infinity. To restore OSPF to normal operation, disable and re-enable OSPF. One of Active, Inactive.
Maximum Number of Retransmit Entries The maximum number of LSAs that can be waiting for acknowledgment at any given time. Retransmit Entries High Water Mark The highest number of LSAs that have been waiting for acknowledgment. NSF Helper Support Whether this router is configured to act as a graceful restart helpful neighbor. Possible values are: Helper Support Always, Disabled, or Planned.
6.3.1.3. show ip ospf area This command displays information about the area. The identifies the OSPF area that is being displayed. Format show ip ospf area [vrf ] Default None Mode Privileged EXEC User EXEC Display Message Fields Definition AreaID The area id of the requested OSPF area. External Routing A number representing the external routing capabilities for this area.
Default Metric Type The metric type for the default route advertised into the NSSA. Translator Role The NSSA translator role of the ABR, which is always or candidate. Translator Stability Interval The amount of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router. Translator State Shows whether the ABR translator state is disabled, always, or elected. 6.3.1.4.
Format show ip ospf [] database [vrf ] [{asbr-summary | external | network | nssaexternal | opaque-area | opaque-as | opaque-link | router | summary}] [] [{adv-router [] | self-originate}] Fields Definition vrf-name Specify the virtual router for which to display information adv-router Display the LSAs that are restricted by the advertising router. To specify a router, enter the IP address of the router.
Adv Router The Advertising Router. Is a 32 bit dotted decimal number representing the LSDB interface. Age A number representing the age of the link state advertisement in seconds. Sequence A number that represents which LSA is more recent. Chksm The total number LSA checksum. Options This is an integer. It indicates that the LSA receives special handling during routing calculations. Rtr Opt Options are valid for router links only. 6.3.1.6.
Total Number of entries for all areas. 6.3.1.7. show ip ospf interface This command displays the OSPF information for the specific interface. Format show ip ospf interface { | loopback | vlan } Default None Mode Privileged EXEC User EXEC Display Message Fields Definition IP Address The IP address for the specified interface. Subnet Mask A mask of the network and host portion of the IP address for the OSPF interface.
OSPF MTU-ignore Indicates whether to ignore MTU mismatches in database descriptor packets sent from neighboring routers. Flood Blocking Indicates if flood blocking is enabled or disabled. The information below is displayed only if OSPF is enabled. Fields Definition State The OSPF Interface States are: down, loopback, waiting, point-to-point, designated router, and backup designated router. Designated Router The router ID representing the designated router.
Router Priority A number representing the OSPF Priority for the specified interface. Cost The metric cost of the OSPF interface. Hello Interval A number representing the OSPF Hello Interval for the specified interface. Dead Interval A number representing the OSPF Dead Interval for the specified interface. Retransmit Interval A number representing the OSPF Retransmit Interval for the specified interface.
Neighbor Events The number of times this neighbor relationship has changed state, or an error has occurred. Sent Packets The number of OSPF packets transmitted on the interface. Received Packets The number of valid OSPF packets received on the interface. Discards The number of received OSPF packets discarded because of an error in the packet or an error in processing the packet.
detailed information about the neighbor displays. The information below only displays if OSPF is enabled and the interface has a neighbor. Format show ip ospf neighbor [vrf ] [interface { | vlan }] [] Default None Mode Privileged EXEC User EXEC Display Message If you do not specify an IP address, a table with the following columns displays for all neighbors.
The amount of time, in seconds, to wait before the router assumes the neighbor is unreachable. Dead Time If you specify an IP address for the neighbor router, the following fields display: Fields Definition Interface Valid slot and port number separated by a forward slash. Neighbor IP Address The IP address of the neighbor router. Interface Index The interface ID of the neighbor router. Area ID The area ID of the OSPF area associated with the interface.
Mode Privileged EXEC User EXEC Display Message Fields Definition Prefix The summary prefix. Subnet Mask The subnetwork mask of the summary prefix. Type S (Summary Link) or E (External Link) Action Advertise or Suppress Cost Metric to be advertised when the range is active. If a static cost is not configured, the field displays Auto. If the action is Suppress, the field displays N/A. Active Whether the range is currently active (Y or N). 6.3.1.12.
The time from the completion of the routing table calculation until all changes have been made in the routing table, named Routing Information Based (RIB). The time is in milliseconds. RIB Update The reason the SPF was scheduled. Reason codes are as follows: Reason 6.3.1.13.
Default None Mode Privileged EXEC User EXEC Display Message Fields Definition OSPFv2 Packet Statistics The number of packets of each type sent and received since OSPF counters were last cleared. LSAs Retransmitted The number of LSAs retransmitted by this router since OSPF counters were last cleared. LS Update Max Recieve Rate The maximum rate of LS Update packets received during any 5-second interval since OSPF counters were last cleared. The rate is in packets per second.
Transmit Delay Interval The configured transit delay for the OSPF virtual interface. Retransmit Interval The configured retransmit interval for the OSPF virtual interface. Authentication Type The configured authentication type of the OSPF virtual interface. State The OSPF Interface States are: down, loopback, waiting, point-to-point, designated router, and backup designated router. This is the state of the OSPF interface. Metric The OSPF virtual interface metric.
Mode Privileged EXEC User EXEC Display Message Fields Definition Total self-originated LSAs The number of LSAs originated from self. Average LSAs per group The average number of self-originated LSAs per group. Pacing group limit The maximum number of self-originated LSAs in one LSA group. If the number of LSAs in a group exceeds this limit, OSPF redistributes LSAs throughout the refresh interval to achieve better balance.
Default Enabled Mode Router OSPF Config 6.3.2.3. network area Use network area command to enable OSPFv2 on an interface and set its area ID if the IP address of an interface is covered by this network command. Use no network area command to disable the OSPFv2 on a interface if the IP address of an interface was earlier covered by this network command.
6.3.2.6. area default-cost This command configures the default cost for the stub area. You must specify the area ID and an integer value between 1-16777214. Format area default-cost <1-16777214> Default None Mode Router OSPF Config 6.3.2.7. area nssa area nssa command configures the specified areaid to function as an NSSA. no area nssa command disables nssa from the specified area id. Format area nssa no area nssa Default None Mode Router OSPF Config 6.3.2.8.
Format area nssa no-redistribute no area nssa no-redistribute Default None Mode Router OSPF Config 6.3.2.10. area nssa no-summary area nssa no-summary command configures the NSSA so that summary LSAs are not advertised into the NSSA. no area nssa no-summary command disables nssa from the summary LSAs. Format area nssa no-summary no area nssa no-summary Default None Mode Router OSPF Config 6.3.2.11.
Mode Router OSPF Config 6.3.2.13. area range area range command configures a summary prefix that an area border router (ABR) advertises for a specified area.
6.3.2.14. area stub area stub command creates a stub area for the specified area ID. A stub area is characterized by the fact that AS External LSAs are not propagated into the area. Removing AS External LSAs and Summary LSAs can significantly reduce the link state database of routers within the stub area. no area stub command deletes a stub area for the specified area ID. Format area stub no area stub Default None Mode Router OSPF Config 6.3.2.15.
neighbor. The value for is either none, simple, or encrypt. The [key] is composed of standard displayable, non-control keystrokes from a standard 101/102-key keyboard. The authentication key must be 8 bytes or less if the authentication type is simple. If the type is encrypt, the key can be configured with plain-text up to 16 characters or configured in encrypted form with option 7. Unauthenticated interfaces do not need an authentication key.
no area virtual-link hello-interval Default 10 Mode Router OSPF Config 6.3.2.20. area virtual-link retransmit-interval area virtual-link retransmit-interval command configures the retransmit interval for the OSPF virtual interface on the virtual interface identified by and . The parameter is the Router ID of the neighbor. The range for seconds is 0 to 3600.
reference bandwidth range is 1-4294967 Mbps. The different reference bandwidth can be independently configured for OSPFv2 and OSPFv3. Use the no auto-cost command to set the reference bandwidth to the default value. Format auto-cost reference-bandwidth <1 to 4294967> no auto-cost reference-bandwidth Default 100Mbps Mode Router OSPF Config 6.3.2.23. bfd This command configures BFD for all interfaces. To reset BFD for interfaces to default, use the no form of this command.
Fields Definition The virtual rotuer on which the OSPF is disabled and re-enabled. Default None Mode Privileged Exec 6.3.2.26. clear ip ospf configuration Use this command to reset the OSPF configuration to factory defaults. Format clear ip ospf configuration [vrf ] Fields Definition The virtual rotuer on which the OSPF is reset. Default None Mode Privileged Exec 6.3.2.27. clear ip ospf counters Use this command to reset global and interface statistics.
Fields Definition The neighbor’s Router IDIP address. The virtual rotuer on which the adjacency with OSPF neighbors are dropped. Default None Mode Privileged Exec 6.3.2.29. clear ip ospf neighbor interface To drop adjacency with all neighbors on a specific interface, use the optional parameter [slot/port]. To drop adjacency with a specific router ID on a specific interface, use the optional parameter [ipaddr].
6.3.2.31. clear ip ospf stub-router Use this command to exit the stub router mode. Format clear ip ospf stub-router [vrf ] Fields Definition The virtual rotuer on which the OSPF exits stub router mode. Default None Mode Privileged Exec 6.3.2.32. default-information originate default-information originate command is used to control the advertisement of default routes. no default-information originate command is used to control the advertisement of default routes.
6.3.2.34. distance ospf distance ospf command sets the route preference value of OSPF in the router. Lower route preference values are preferred when determining the best route. The type of OSPF route can be intra, inter, or external. All the external type routes are given the same preference value. The range of value is 1 to 255. no distance ospf command sets the default route preference value of OSPF routes in the router. The type of OSPF can be intra, inter, or external.
6.3.2.37. external-lsdb-limit external-lsdb-limit command configures the external LSDB limit for OSPF. If the value is -1, then there is no limit. When the number of non-default AS-external-LSAs in a router's link-state database reaches the external LSDB limit, the router enters overflow state. The router never holds more than the external LSDB limit non-default ASexternal-LSAs in it database.
6.3.2.39. ip ospf cost ip ospf cost command configures the cost on an OSPF interface. The parameter has a range of 1 to 65535. no ip ospf cost command configures the default cost on an OSPF interface. Format ip ospf cost <1–65535> no ip ospf cost Default 10 Mode Interface Config 6.3.2.40. ip ospf dead-interval ip ospf dead-interval command sets the OSPF dead interval for the specified interface.
interfaces have a special loopback network type, which cannot be changed.) When there are only two routers on the network, OSPF can operate more efficiently by treating the network as a point-to-point network. For pointto-point networks, OSPF does not elect a designated router or generate a network link state advertisement (LSA). Both endpoints of the link must be configured to operate in point-to-point mode.. no ip ospf network command to return the OSPF network type to the default.
6.3.2.45. ip ospf retransmit-interval ip ospf retransmit command sets the OSPF retransmit Interval for the specified interface. The retransmit interval is specified in seconds. The value for is the number of seconds between link-state advertisement retransmissions for adjacencies belonging to this router interface. This value is also used when retransmitting database description and link-state request packets. Valid values range from 0 to 3600 (1 hour).
6.3.2.48. ip ospf bfd This command enables BFD for OSPFv2 on the specified interface. To disable BFD for OSPFv2 on the specified interface, use the no form of this command. Format ip ospf bfd no ip ospf bfd Default Disabled Mode Interface Config 6.3.2.49. router-id router-id command sets a 4-digit dotted-decimal number uniquely identifying the router ospf id. The is a configured value. Format router-id Default None Mode Router OSPF Config 6.3.2.50.
Format maximum-paths no maximum-paths Default 4 Mode Router OSPF Config 6.3.2.52. passive-interface default passive-interface default command to enable global passive mode by default for all interfaces. It overrides any interface level passive mode. OSPF will not form adjacencies over a passive interface. no passive-interface default command to disable the global passive mode by default for all interfaces. Any interface previously configured to be passive reverts to non-passive mode.
6.3.2.55. max-metric Use max-metric command to configure OSPF to enable stub router mode. Use no max-metric command to disable stub router mode. If you configure the summary LSA metric to 16,777,215, other routers will skip the summary LSA when they compute routes.
6.3.2.57. prefix-suppression Use max-metric command to suppress the advertisement of all the IPv4 prefixes except for prefixes that are associated with secondary IPv4 addresses, loopbacks, and passive interfaces from the OSPFv2 router advertisements. To suppress a loopback or passive interface, use the command ip ospf prefix-suppresion in interface config mode. Prefixes associated with secondary IPv4 addresses can never be suppressed. no prefix-suppression command disables prefix-suppression.
Specify that an OSPF helper exits helper mode whenever a topology change occurs. OSPF continues as a helpful neighbor in spite of topology changes if this option is not set. strict-lsa-checking Default Enabled Mode Router OSPF Config Mode 6.3.2.60. bandwidth By default, OSPF computes the link cost of an interface as the ratio of the reference bandwidth to the interface bandwidth. Reference bandwidth is specified with the auto-cost command.
6.4. BOOTP/DHCP Relay Commands 6.4.1. Show commands 6.4.1.1. show bootpdhcprelay This command displays the BootP/DHCP Relay information. Format show bootpdhcprelay [vrf ] Default None Mode Privileged EXEC User EXEC Display Message Fields Definition Maximum Hop Count Is the maximum allowable relay agent hops. Minimum Wait Time (Seconds) Is the minimum wait time. Admin Mode Represents whether relaying of requests is enabled or disabled.
6.4.2.2. bootpdhcprelay maxhopcount This command configures the maximum allowable relay agent hops for BootP/DHCP Relay on the system. To reset the maximum allowable relay agent hops for BootP/DHCP Relay on the system to 4, use the no form of this command. Format bootpdhcprelay maxhopcount no bootpdhcprelay maxhopcount Parameter Description hops The range of maximum hop count is 1 to 16. Default 4 Mode Global Config 6.4.2.3.
6.5. IP Helper Commands 6.5.1. Show commands 6.5.1.1. show ip helper-address Use this command to display the IP helper address configuration. Format show ip helper-address [vrf ] [{ | vlan <1 - 4093>}] Default None Mode Privileged EXEC User EXEC Display Message Fields Definition Interface The relay configuration is applied to packets that arrive on this interface. This field is set to ‘any’ for global IP helper entries.
DHCP client messages relayed The number of DHCP client messages relayed to a server . DHCP server messages received The number of DHCP responses received from the server . DHCP server messages relayed The number of DHCP server messages relayed to a client. UDP client messages received The number of valid UDP messages received. UDP client messages relayed The number of valid UDP messages relayed.
The destination UDP port may be optionally specified by its name. Whether a port is specified by its number or its name has no effect on behavior.
dhcp (port 67) domain (port 53) isakmp (port 500) mobile-ip (port 434) nameserver (port 42) netbios-dgm (port 138) netbios-ns (port 137) ntp (port 123) pim-auto-rp (port 496) rip (port 520) tacacs (port 49) tftp (port 69) time (port 37) Other ports must be specified by number. Default None Mode Interface Config 6.5.2.3. ip helper-address discard Use this command to configure the discard of certain UDP broadcast packets received on a specific interface or range of interfaces.
tacacs (port 49) tftp (port 69) time (port 37) Other ports must be specified by number. Default None Mode Interface Config 6.5.2.4. ip helper enable This command enables the relay of UDP packets. To disable the replay of UDP packets, use the no form of this command. Format ip helper enable no ip helper enable Default Disabled Mode Global Config 6.5.2.5. clear ip helper statistics Use this command to clear the statistics data of UDP packets processed and relayed by IP helper.
6.6. Router Discovery Protocol Commands 6.6.1. Show commands 6.6.1.1. show ip irdp This command displays the router discovery information for all interfaces, or a specified interface. Format show ip irdp { | all | vlan } Fields Definition All Show router discovery information for all interfaces. Default None Mode Privileged Exec User Exec Display Message Fields Definition Interface The relay configuration is applied to packets that arrive on this interface.
6.7. VLAN Routing Commands 6.7.1. Configuration commands 6.7.1.1. interface vlan This command creates a VLAN routing interface. To delete a VLAN routing interface, use the no form of this command. Format interface vlan no interface vlan Fields Definition The VLAN ID used for this interface. The range of VLAN ID is from 1 to 4093.
6.8. Virtual Router Redundancy Protocol (VRRP) Commands 6.8.1. Show commands 6.8.1.1. show ip vrrp This command displays whether VRRP functionality is enabled or disabled. It also displays some global parameters which are required for monitoring. Format show ip vrrp Default None Mode Privileged Exec User Exec Display Message Fields Definition Admin Mode Displays the administrative mode for VRRP functionality on the switch.
VRID Represents the router ID of the virtual router. IP Address Is the IP Address that was configured on the virtual router. Mode Represents whether the virtual router is enabled or disabled. State Represents the state (Master/backup) of the virtual router. 6.8.1.3. show ip vrrp interface This command displays all configuration information of a virtual router configured on a specific interface.
Accept Mode When enabled, the VRRP Master can accept ping packets sent to one of the virtual router’s IP addresses. State Represents the state (Master/backup) of the specific virtual router. 6.8.1.4. show ip vrrp interface stats This command displays the statistical information about each virtual router configured on the switch. Format show ip vrrp interface stats { | vlan } [] Fields Definition Valid slot and port number separated by forward slashes.
IP TTL errors Represents the total number of VRRP packets received by the virtual router with IP TTL (time to live) not equal to 255. Zero Priority Packets Received Represents the total number of VRRP packets received by virtual router with a priority of '0'. Zero Priority Packets Sent Represents the total number of VRRP packets sent by the virtual router with a priority of '0'.
Default Disabled Mode Global Config 6.8.2.2. ip vrrp master-backup This command disables the active active mode of VRRP in the router. To enable the active active mode of VRRP in the router, use the no form of this command. Format ip vrrp master-backup no ip vrrp master-backup Default Disabled Mode Global Config 6.8.2.3. ip vrrp This command sets the virtual router ID on an interface for Virtual Router configuration in the router.
no ip vrrp <1-255> ip [secondary] Fields Definition <1-255> The range of virtual router ID is 1 to 255. Secondary IP address of the router ID. Default None Mode Interface Config 6.8.2.5. ip vrrp mode This command enables the virtual router configured on the specified interface. Enabling the status field starts a virtual router. Disabling the status field stops a virtual router. To disable the virtual router configured on the specified interface, use the no form of this command.
6.8.2.7. ip vrrp authentication This command sets the authorization details value for the virtual router configured on a specified interface. To set the default authorization detailed value for the virtual router configured on a specified interface, use the no form of this command. Format ip vrrp <1-255> authentication no ip vrrp <1-255> authentication Fields Definition <1-255> The range of virtual router ID is 1 to 255. A text password used for authentication.
address owner) and you configure the priority of another router in the group higher than the master's priority, the router will take over as master only if preempt mode is enabled. To set the default priority value for the virtual router configured on a specified interface, use the no form of this command. Format ip vrrp <1-255> priority <1-254> no ip vrrp <1-255> priority Fields Definition <1-255> The range of virtual router ID is 1 to 255. <1-254> The range of priority is 1 to 254.
When the tracked interface is down or the interface has been removed from the router, the priority of the VRRP router will be decremented by the value specified in the decrement argument. When the interface is up for IP protocol, the priority will be incremented by the decrement value. A VRRP configured interface can track more than one interface. When a tracked interface goes down, then the priority of the router will be decreased by 10 (the default priority decrement) for each downed interface.
< 1-254 > The range of decrement is 1 to 254.
6.9. Policy Based Routing (PBR) Commands 6.9.1. Show commands 6.9.1.1. show ip policy This command lists the route map associated with each interface. Format show ip policy Default None Mode Privileged Exec Display Message Fields Definition Interface The interface. Route-map The route map. 6.9.1.2. show ip prefix-list This command displays configuration and status for a prefix list.
first-match (Optional) Displays the entry of a prefix list that matches the given network/length. 6.9.1.3. show ipv6 prefix-list This command displays configuration and status for a selected prefix list.
6.9.2. Configuration commands 6.9.2.1. ip policy route-map Use this command to identify a route map to use for policy-based routing on an interface specified by . Policy-based routing is configured on the interface that receives the packets, not on the interface from which the packets are sent.
seq number (Optional) The sequence number for this prefix list statement. Prefix list statements are ordered from lowest sequence number to highest and applied in that order. If you do not specify a sequence number, the system will automatically select a sequence number five larger than the last sequence number in the list. Two statements may not be configured with the same sequence number. The value ranges from 1 to 4,294,967,294. permit Permit routes whose destination prefix matches the statement.
Default No description is configured by default. Mode Global Config 6.9.2.4. ipv6 prefix-list To create a IPv6 prefix list or add a prefix list entry, use the ipv6 prefix-list command in Global Configuration mode. An IPv6 prefix list can contain only IPv6 addresses. Prefix lists allow matching of route prefixes with those specified in the prefix list. Each prefix list includes of a sequence of prefix list entries ordered by their sequence numbers.
ge length (Optional) If this option is configured, specifies a prefix length greater than or equal to the ipv6-prefix/prefix-length. It is the lowest value of a range of the length. le length (Optional) If this option is configured, specifies a prefix length less than or equal to the ipv6-prefix/prefix-length. It is the highest value of a range of the length.
⚫ If there is already more than one route map in system, need to specify the sequence number. . The range is 0 to 65,535. Default No route maps are configured by default. If no permit or deny tag is given, permit is the default. Mode Global Config 6.9.2.6. match as-path This route map match term matches BGP autonomous system paths against an AS path access list.
(Optional) When this option is given, a route is only considered a match if the set of communities on the route is an exact match for the set of communities in one of the statements in the community list. exact-match Default None Mode Route Map Config 6.9.2.8. match ip address prefix-list To configure a route map to match based on a destination prefix, use the match ip address command in Route Map Configuration mode.
Fields Definition acl-id The access-list number that identifies an access-list configured through accesslist CLI configuration commands. This number is 1 to 99 for standard access list number. This number is 100 to 199 for extended access list number. acl-name The access-list name that identifies named IP ACLs. Access-list name can be up to 31 characters in length. A maximum of 16 ACLs can be specified in this 'match' clause.
Default No match criteria are defined by default Mode Route Map Config 6.9.2.12. match mac-list Use this command to configure a route map in order to match based on the match criteria configured in an MAC access-list. A MAC ACL is configured before it is linked to a route-map. Actions present in MAC ACL configuration are applied with other actions involved in route-map. When a MAC ACL referenced by a route-map is removed, the route-map rule is also removed and the corresponding rule is not effective.
with a space and enclose the string in quotes. Up to ten AS numbers may be prepended. Default None Mode Route Map Config 6.9.2.14. set comm-list delete To remove BGP communities from an inbound or outbound UPDATE message, use the set comm-list delete command in Route Map Configuration mode. A route map with this set command can be used to remove selected communities from inbound and outbound routes.
Fields Definition community-number One to sixteen community numbers, either as a 32-bit integers or in AA:NN format. Communities are separated by spaces. The well-known communities no advertise and no-export are also accepted. additive (Optional) Communities are added to those already attached to the route. no-advertise Matching route not to be advertised to any BGP peer.
6.9.2.17. set ip next-hop Use this command to specify the adjacent next-hop router in the path toward the destination to which the packets should be forwarded. If more than one IP address is specified, the ECMP rule is used to route the packets. This command affects all incoming packet types and is always used if configured. If configured next-hop is not present in the routing table, an ARP request is sent from the router.
6.9.2.19. set ip precedence Use this command to set the three IP precedence bits in the IP packet header. With three bits, you have eight possible values for the IP precedence; values 0 through 7 are defined. This command is used when implementing QoS and can be used by other QoS services, such as weighted fair queuing (WFQ) and weighted random early detection (WRED). To reset the three IP precedence bits in the IP packet header to the default, use the no form of this command.
Fields Definition Next-hop-ipv6-address The IPv6 address set as the Network Address of Next Hop field in the MP_NLRI attribute of an UPDATE message. Default None Mode Route Map Config 6.9.2.21. set local-preference To set the local preference of specific BGP routes, use the set local-preference command in Route Map Configuration mode. The local preference is the first attribute used to compare BGP routes. Setting the local preference can influence which route BGP selects as the best route.
Default None Mode Route Map Config 6.9.2.23. clear ip prefix-list To reset IP prefix-list counters, use the clear ip prefix-list command in Privileged EXEC mode. This command is used to clear prefix-list hit counters. The hit count is a value indicating the number of matches to a specific prefix list entry. Format clear ip prefix-list [[list-name] [prefix/length]] Fields Definition list-name (Optional) Name of the prefix list from which the hit count is to be cleared.
6.10. Border Gateway Protocol (BGP) Commands 6.10.1. Show commands 6.10.1.1. show ip bgp This command displays information relevant to the BGP router. Format show ip bgp Default None Mode Privileged Exec Display Message Fields Definition BGP table version The BGP Table Version is the main number used. This number is the same as the Generation ID of any BGP prefix for a specific address family and is used to track changes to the BGP route table.
Metric Multi Exit Discriminator. LocPref Local preference value as set with the set local-preference route-map configuration command. The default value is 100. Path Autonomous system paths to the destination network. There can be one entry in this field for each autonomous system in the path. 6.10.1.2. show ip bgp This command displays the BGP routing table entries which are filtered the display output with a prefix/length.
Local Preference Local preference value as set with the set local-preference route-map configuration command or received from the peer. The default value is 100. AS Path An Autnonomous System path is a list of all the autonomous systems that a specific route passes through to reach one destination. Origin Indicates the origin of the entry. It can be IGP, EGP, and Incomplete. Value of the ORIGIN attribute. Metric The value of the interautonomous system metric. Value of the MED attribute, if included.
Display Message Fields Definition Aggregation of routes with different MED values is allowed The aggregate-different-meds is enabled. Prefix/Len Destination IP prefix and prefix length. AS Set Indicates whether an empty AS path is advertised with the aggregate address (N) or an AS SET is advertised with the set of AS numbers for the paths contributing to the aggregate (Y). Summary Only Indicates whether the individual networks are suppressed (Y) or advertised (N).
A 32-bit integer in dotted decimal format identifying the router, about which information is displayed. This is a configured value. Local Route ID Status of the table entry. The status is displayed at the beginning of each line in the table. It can be one of the following values: Status Codes • s — The table entry is suppressed. • * — The table entry is valid. • > — The table entry is the best entry to use for that network. • i — The table entry was learned via an internal BGP (iBGP) session.
exact-match Default None Mode Privileged Exec Displays only routes that are an exact match for the set of communities in the matching community list statement. User Exec Display Messages Fields Definition BGP table version The BGP Table Version is the main number used. This number is the same as the Generation ID of any BGP prefix for a specific address family and is used to track changes to the BGP route table.
Autonomous system paths to the destination network. There can be one entry in this field for each autonomous system in the path. Path 6.10.1.6. show ip bpg filter-list Use this command to display routes that conform to a specified filter list. Format show ip bgp filter-list as-path-list Fields Definition as-path-list Filter the output to the set of routes that match a given AS Path list. It can be a number from 1 to 500.
Next Hop IP address of the next system that is used when forwarding a packet to the destination network. An entry of 0.0.0.0 indicates that the router has some nonBGP routes to this network. Metric The value of the interautonomous system metric. Value of the MED attribute, if included. LocPref Local preference value as set with the set local-preference route-map configuration command or received from the peer. The default value is 100. Path Autonomous system paths to the destination network.
Remote AS Autonomous system number of the neighbor. BFD Enabled to Detect Fast Fallover Specify if BFD has been enabled for BGP neighbors. Peer ID Router ID of the neighbor. Peer Admin Status States whether BGP is enabled or disabled of the neighbor. Peer State Finite state machine (FSM) stage of session negotiation. Local Interface Address The IPv4 address used as the source IP address in packets sent to this neighbor. Local Port The port number of the local port.
Last SubError Last sub error for this neighbor. Time Since Last Error The time stamps in which the last error occurred. Established Transitions The number of connections established. Flap Count Total number of times the neighbor flaps. Established Time The time from the last connection established. Time Since Last Update The time from the last Update message received. IPv4 Outbound Update Group The corresponding index number of the IPv4 update group.
Prefixes Rejected Number of prefixes rejected. Max NLRI per Update Maximum number of network layer reachability attributes in UPDATEs. Min NLRI per Update Minimum number of network layer reachability attributes in UPDATEs. 6.10.1.8. show ip bgp prefix-list This command displays information about a prefix list or prefix list entries. Format show ip bgp prefix-list Fields Definition prefix-list-name Filter the output to the set of routes that match a given prefix list..
• ? — Origin of the path is not clear. Usually, this is a router that is redistributed into BGP from an IGP. Network Destination IP address. Next Hop IP address of the next system that is used when forwarding a packet to the destination network. An entry of 0.0.0.0 indicates that the router has some nonBGP routes to this network. Metric The value of the interautonomous system metric. Value of the MED attribute, if included.
6.10.1.10. show ip bgp summary This command displays the status of all Border Gateway Protocol (BGP) connections. If a VRF instance is specified, the configuration and status for the routes within that VRF instance are displayed. Format show ip bgp [vrf vrf-name] summary Default None Mode Privileged Exec User Exec Display Messages Fields Definition IPv4 Routing Whether IPv4 routing is globally enabled.
6.10.1.11. show ip bgp template This command displays peer policy template configurations. Format show ip bgp template [] Fields Definition template-name Displays the configurations in a specific template. Default None Mode Privileged Exec User Exec Display Messages Fields Definition template-name Name of the peer template. AF Address Family (IPv4 or IPv6). Configuration The configuration information of the peer template. 6.10.1.12.
Open Number of open messages sent and received. Update Number of update messages sent and received. Notification Number of notification (error) messages sent and received. Keepalive Number of keepalive messages sent and received. Refresh Number of route refresh request messages sent and received. Total Total number of messages sent and received. Max Received UPDATE rate Maximum rate of received UPDATE messages. Max Send UPDATE rate Maximum rate of sent UPDATE messages.
Peeripadd Default None Mode Privileged Exec IPv4 or IPv6 address of a single neighbor who is a member of an update group. User Exec Display Messages Fields Definition Update Group Update-group number. Peer Type Update-group type (internal or external). Minimum Advertisement Interval Minimum time, in seconds, between update advertisements. Send Community If the BGP communities are included in route advertisements to members of the group.
Prefixes Advertised Number of prefixes advertised. Prefixes Withdrawn Number of prefixes withdrawn. UPDATE Send Failures Number of Tx of UPDATE message failed to one or more group members. Current Members The IPv4 address of all current members of the group. Version The number of times decision process phase 3 had run before this history table entry. Delta T When update send occured. Duration How long the update send process took.
• s — The table entry is suppressed. • * — The table entry is valid. • > — The table entry is the best entry to use for that network. • i — The table entry was learned via an internal BGP (iBGP) session. • S — The table entry is stale route Origin of the entry. The origin code is placed at the end of each line in the table. It can be one of the following values: • i — Entry originated from an Interior Gateway Protocol (IGP) and was advertised with a network router configuration command.
User Exec Display Messages Fields Definition ipv6-prefix/length The destination IPv6 prefix and prefix length entered to filter the output to display only a particular host or network in the BGP routing table. Generation ID Incremented each time phase 2 of the decision process runs and whenever an aggregate address changes. Used to track changes to the BGP route table. Advertised to Update Groups The outbound update groups that this route is advertised to.
6.10.1.16. show bgp ipv6 aggregate-address This command displays information about the aggregate-address. Format show bgp ipv6 aggregate-address Default None Mode Privileged Exec User Exec Display Messages Fields Definition Aggregation of routes with different MED values is allowed The aggregate-different-meds is enabled. Prefix/Len Destination IPv6 prefix and prefix length.
no-export-subconfed Default None Mode Privileged Exec Display only routes that are not sent outside of the local AS or subconfeds. User Exec Display Messages Fields Definition BGP table version The BGP Table Version is the main number used. This number is the same as the Generation ID of any BGP prefix for a specific address family and is used to track changes to the BGP route table.
6.10.1.18. show bgp ipv6 community-list This command display IPv6 routes that are permitted by the Border Gateway Protocol (BGP) community list. Format show bgp ipv6 community-list [exact-match] Fields Definition community-list-name Community list name. The community list name can be standard or expanded. exact-match Displays only routes that are an exact match for the set of communities in the matching community list statement.
Next Hop IP address of the next system that is used when forwarding a packet to the destination network. An entry of 0.0.0.0 indicates that the router has some nonBGP routes to this network. Metric The value of the interautonomous system metric. Value of the MED attribute, if included. LocPref Local preference value as set with the set local-preference route-map configuration command or received from the peer. The default value is 100. Path Autonomous system paths to the destination network.
Origin of the entry. The origin code is placed at the end of each line in the table. It can be one of the following values: • i — Entry originated from an Interior Gateway Protocol (IGP) and was advertised with a network router configuration command. • e — Entry originated from an Exterior Gateway Protocol (EGP). • ? — Origin of the path is not clear. Usually, this is a router that is redistributed into BGP from an IGP. Origin codes Network Destination prefix. Next Hop The route’s BGP next hop.
6.10.1.21. show ip protocols bgp This command displays setting of IPv4 BGP configuration. If the virtual router is specified, the summary of the configuration and status running in the specified virtual router is listed. If no virtual router is specified, the configuration and status for the default router are displayed. Format show ip protocol [vrf vrf-name] bgp Default None Mode Privileged Exec User Exec Display Messages Fields Definition Routing Protocol Routing protocol of these setting.
Prefix List Out The global prefix list used to filter outbound routers from all neighbors. Networks Originated The set of networks originated through a network command. Those networks that are actually advertised to neighbors are marked “active”. 6.10.1.22. show bgp ipv6 filter-list Use this command to display routes that conform to a specified filter list.
• ? — Origin of the path is not clear. Usually, this is a router that is redistributed into BGP from an IGP. Network Destination IPv6 address. Next Hop IPv6 address of the next system that is used when forwarding a packet to the destination network. Metric The value of the interautonomous system metric. Value of the MED attribute, if included. LocPref Local preference value as set with the set local-preference route-map configuration command or received from the peer. The default value is 100.
Display Messages Fields Definition Remote Address The IP Address of the Peer's BGP interface. Autodetect Status Display only if the peer is configured as “autodetect”. The field shows one of the following statuses: “Peer is detected”, “Peer is not detected”, or “Multiple peers are detected”. Remote AS Autonomous system number of the neighbor. Allow my ASN occurences The allowas-in count for a given peer. Peer ID Router ID of the neighbor.
Negotiated Hold Time Negotiated time with this neighbor, in seconds, that BGP will maintain the session with this neighbor without receiving a messages. Negotiated Keep Alive Time Negotiated time interval with this neighbor, in seconds, at which keepalive messages are transmitted to this neighbor. MD5 Password The TCP MD5 password, if one is configured, in plain text. eBGP-MultiHop Configured TTL value of the external BGP for this neighbor.
Prefixes Advertised Number of prefixes advertised. Prefixes Withdrawn Number of prefixes withdrawn. Prefixes Current Number of prefixes current kept. Prefixes Accepted Number of prefixes accepted. Prefixes Rejected Number of prefixes rejected. Max NLRI per Update Maximum number of network layer reachability attributes in UPDATEs. Min NLRI per Update Minimum number of network layer reachability attributes in UPDATEs. 6.10.1.24.
6.10.1.25. show bgp ipv6 statistics This command displays the recent decision process history. Format show bgp ipv6 statistics Default None Mode Privileged Exec User Exec Display Messages Fields Definition Delta T The time values since decision process ran. Hours:minutes:seconds if the elapsed time is less than 24 hours. Otherwise, days:hours. Phase In which decision process phase that ran. Upd Grp Outbound update group ID. Only set when decProcPhase is 3.
Fields Definition IPv6 Routing Whether IPv6 routing is globally enabled. BGP Admin Mode Shows whether the administrative mode of BGP in the router is enabled or disabled. BGP Operational Mode Shows whether the BGP is operated in enabled or disabled. BGP Router ID Router ID for the current BGP. Local AS Number Autonomous system number of the current BGP. Number of Network Entries Number of unique IPv6 prefix entries in the BGP database.
Display Messages Fields Definition Update Group Update-group number. Peer Type Update-group type (internal or external). Minimum Advertisement Interval Minimum time, in seconds, between update advertisements. Send Community If the BGP communities are included in route advertisements to members of the group. If BGP removes private ASNs from paths advertised to members of this update group. Remove Private ASNs Replace if BGP replaces private ASNs with the local ASN.
Version The number of times decision process phase 3 had run before this history table entry. Delta T When update send occured. Duration How long the update send process took. UPD Built Number of UPDATE messages constructed during this update send. UPD Sent Number of UPDATE messages transmitted during this update send. Generally each UPDATE built is sent once to each member of the update group. Paths Sent Number of prefixes advertised during this update send.
Always compare MED Whether BGP is configured to compare the MEDs for routers received from peers in different ASs. Maximum AS Path Length Limit on the length of AS paths that BGP accepts from its neighbors. Fast Internal Failover Whether BGP immediately brings down a iBGP adjacency if the routing table manager reports that the peer address is no longer reachable.
State The neighboring state of the BGP peer discovered. 6.10.2. Configuration commands 6.10.2.1. router bgp Use this command to enable BGP, enter the Border Gateway Protocol (BGP) router mode, and identify the AS number of the router. Only a single instance of BGP can be run and the router can only belong to a single AS. no router bgp command disables BGP and resets all BGP configuration to default values.
To be considered a match for an aggregate address, a prefix must be more specific (i.e. have a longer prefix length) than the aggregate address. A prefix whose prefix lengh equals the length of the aggregate address is not considered a match. BGP accepts up to 128 summary addresses for each address family.
Default Disable All the routes aggregated by a given aggrerate address must have the same MED value. Mode Router BGP Config Mode IPv6 Address Family Config Mode IPv4 VRF Address Family 6.10.2.5. bgp always-compare-med Use bgp always-compare-med command to compare MED values in paths received from peers in different ASs. Use no bgp always-compare-med command to disable this function.
6.10.2.7. bgp client-to-client reflection Use this command to reflect routes received from its client ot its other clients. To disable client-to-client reflection, use the no form of this command. Format bgp client-to-client reflection no bgp client-to-client reflection Default Enabled when a router is configured as a route reflector. Mode Router BGP Config Mode IPv6 Address Family Config Mode IPv4 VRF Address Family 6.10.2.8.
Default 100 Mode Router BGP Config Mode IPv4 VRF Address Family 6.10.2.10. bgp fast-external-failover This command configures Border Gateway Protocol (BGP) routing process to immediately reset external BGP peering sessions if the link used to reach these peers goes down. no bgp fast-external-failover command disables this function. Format bgp fast-external-failover no bgp fast-external-failover Default Enabled Mode Router BGP Config Mode IPv4 VRF Address Family 6.10.2.11.
no bgp log-neighbor-changes Default Disabled Mode Router BGP Config Mode IPv4 VRF Address Family 6.10.2.13. bgp router-id This command configures a valid IPv4 unicast address uniquely identifying the router bgp id. The is a configured value. There is no default BGP router ID. The system does not select a router ID automatically and must configure one manually. Format bgp no bgp Fields Definition router-id An IPv4 address for BGP to use as its router ID.
6.10.2.15. bgp graceful-restart The user is able to enable BGP graceful restart enabled mode by command bgp graceful-restart in BGP router configuration mode. To disable the BGP graceful restart enabled mode, use no form of this command. Format bgp graceful-restart no bgp graceful-restart Default Disable Mode Router BGP Config Mode 6.10.2.16. bgp graceful-restart-helper The user is able enable BGP graceful restart helper mode by command bgp graceful-restart-helper in BGP router configuration mode.
Mode Router BGP Config Mode 6.10.2.18. bgp graceful-restart stalepath-time The user is able configure BGP graceful restart helper stale path timer by command bgp graceful-restart stalepath-time in BGP router configuration mode. To reset BGP graceful restart helper restart timer to default value, use no form of this command.
Mode Router BGP Config Mode IPv6 Address Family Mode 6.10.2.20. exit This command is used to exit bgp configuration mode. Format exit Default None Mode Router BGP Config Mode 6.10.2.21. timers bgp This command is used to set the keepalive and holdtime timers. To return the router to default operation, use the no form of this command.
A route map may be configured to set attributes on the default route sent to the neighbor. If the route map includes a match ip-address term, that term is ignored. If the route map includes match community or match aspath terms, the default route is not advertised. If there is no route map with the route map name given, the default route is not advertised. To prevent BGP from originating a default route to a specific neighbor, use the no form of this command.
Fields Definition ipv4-address IPv4 address of the neighboring router. ipv6-address IPv6 address of the neighboring router. Not support under IPv4 VRF address family mode. Interface If the neighbor’s IPv6 address is a link local address, the local interface must be specified as well. Not support under IPv4 VRF address family mode. autodetect interface The routing interface on which the neighbor’s IPv6 link local address is auto detected.
Default None Mode Router BGP Config Mode IPv4 VRF Address Family 6.10.2.25. neighbor update-source This command is used to configure BGP to use the IP address on the specific routing interface as the source address for the TCP connection with a neighbor. To use the primary IP address on the outgoing interface to the neighbor for the TCP connection, use the no form of this command.
Format neighbor { | [interface { | vlan {1-4093}}] | autodetect interface } description no neighbor { | [interface { | vlan {1-4093}}] | autodetect interface } description Fields Definition ipv4-address IPv4 address of the neighboring router. ipv6-address IPv6 address of the neighboring router. Not support under IPv4 VRF address family mode.
The maximum hop-count allowed to reach the neighbor. The allowed range is from 1 to 255. hop-count Default 1 Mode Router BGP Config Mode IPv4 VRF Address Family 6.10.2.28. neighbor password This command is used to enable Message Digest 5 (MD5) authentication on a TCP connection between two BGP peers and configures an authentication key. MD5 must either be enabled or disabled on both peers. The same password must be configured on both peers. To disable this function, use the no form of this command.
default, the TCP connection is retried after 2, 4, and 8 seconds. If none of the retries is successful, the adjacency is reset to IDLE state and the IDLE hold timer is started. BGP skips the retries and transitions to IDLE state if TCP returns an error, such as destination unreachable, on a connection attempt. To return the router to default initial connection retry time for a specific neighbor, use the no form of this command.
Interface If the neighbor’s IPv6 address is a link local address, the local interface must be specified as well. Not support under IPv4 VRF address family mode. autodetect interface The routing interface on which the neighbor’s IPv6 link local address is auto detected. Maximum Maximum number of prefixes BGP will accept from this neighbor. Range is from 0 to 4294967295. Unlimited Don’t restric the number of prefixes from this neighbor.
Default None Mode Router BGP Config Mode IPv6 Address Family Config Mode IPv4 VRF Address Family 6.10.2.32. neighbor filter-list This command is used to filter advertisements to or from a specific neighbor according to the advertisement’s AS path. Only a single AS path list can be configured in each direction for each neighbor. If you invoke the command a second time for a given neighbor, the new AS path list number replaces the previous AS path list number.
6.10.2.33. neighbor prefix-list This command is used to filter advertisements sent to or receive from a specific neighbor based on the destination prefix of each route. Only one prefix list may be defined for each neighbor in each direction. If you assign a prefix list that does not exist, all prefixes are permitted. To remove an IP filter list, use the no form of this command.
no neighbor { | [interface { | vlan {1-4093}}] | autodetect interface } remote-as Fields Definition ipv4-address IPv4 address of the neighboring router. ipv6-address IPv6 address of the neighboring router. Interface If the neighbor’s IPv6 address is a link local address, the local interface must be specified as well. autodetect interface The routing interface on which the neighbor’s IPv6 link local address is auto detected.
To retain the original AS path length, replace each private AS number with the local AS number. all replace-as Default Private AS numbers are not removed by default Mode Router BGP Config Mode IPv6 Address Family Config Mode IPv4 VRF Address Family 6.10.2.36. neighbor route-map This command is used to apply a route map to incoming or outgoing routes for a specific neighbor. A route map can be used to change the local preference, MED, or AS path of a route.
6.10.2.37. neighbor route-reflector-client This command is used to configure an internal peer as an IPv4 route reflector client. Configuring the first route reflector client automatically makes this router a route reflector. If you configure multiple route reflectors within a cluster, you must configure each route reflector in the cluster with the same cluster ID. Use the bgp cluster-id command to configure a cluster ID. An external peer may not be configured as a route reflector client.
Fields Definition ipv4-address IPv4 address of the neighboring router. ipv6-address IPv6 address of the neighboring router. Not support IPv4 VRF address family mode. Interface If the neighbor’s IPv6 address is a link local address, the local interface must be specified as well. Not support IPv4 VRF address family mode. autodetect interface The routing interface on which the neighbor’s IPv6 link local address is auto detected.
KEEPALIVE is received from a neighbor for longer than this value, BGP drops the adjacency. If the hold time is set to 0, BGP does not enforce a hold time and does not send periodic KEEPALIVE messages. The range is from 0 to 65535. Default The default value of is 60 seconds. The default value of is 180 seconds. Mode Router BGP Config Mode IPv4 VRF Address Family 6.10.2.40.
6.10.2.41. neighbor send-community This command is used to configure the router to send the BGP community attributes in Update messages to a specific neighbor. To revert to default configuration, use the no form of this command.
⚫ Both enables the router to send both standard and extended community attributes. Default The communities attribute is not sent to neighbors Mode VPNv4 Address Family Config Mode 6.10.2.43. neighbor active This command is used to enable exchange of IPv6 routes with a neighbor. The neighbor address must be the same IP address used in the neighbor remote-as command to create peer.
Format neighbor { | autodetect interface } rfc5549-support no neighbor { | autodetect interface } rfc5549-support Fields Definition ipv6-address IPv6 address of the neighboring router. Autodetect interface The routing interface on which the neighbor’s link local IPv6 address is auto detected. Default Enabled Mode BGP Router Configuration Mode 6.10.2.45.
6.10.2.46. distance bgp This command is used to set the preference (also known as administrative distance) of BGP routes. Different distance values can be configured for routes learnt from external peers, routes learnt from internal peers, and BGP routes locally originated. A route with a lower preference value is preferred to a route with a higher preference value to the same destination. Routes with a preference of 255 may not be selected as best routes and used for forwarding.
Fields Definition Originate a default route even if routing table doesn't have one. Disable by default. Default Disable Mode Router BGP Config Mode IPv6 Address Family Config Mode IPv4 VRF Address Family 6.10.2.48. maximum-paths This command is used to configure the maximum number of next hops BGP may include in an Equal Cost Multipath (ECMP) route derived from paths received from neighbors within or outside the local AS.
Format default-metric no default-metric Fields Definition Default metric value applied to the redistributed route. The range of values for this argument is from 1 to 4294967295. Default No default metric is set and no MED is included in redistributed routes Mode Router BGP Config Mode IPv6 Address Family Config Mode IPv4 VRF Address Family 6.10.2.50. redistribute This command is used to redistribute routes from outside into BGP routing domain.
Mode Router BGP Config Mode IPv6 Address Family Config Mode IPv4 VRF Address Family 6.10.2.51. distribute-list in This command is used to filter routes received in incoming Border Gateway Protocol (BGP) updates based on destination prefix. The distribute list is applied to all routes received from all neighbors. Only routes permitted by the prefix list are accepted. If the command refers to a prefix list which does not exist, the command is accepted and all routes are permitted.
connected | ospf | static When a route source is specified, the distribute list applies to routes redistributed from that source. Only routes that pass the distribute list are redistributed. Default None Mode Router BGP Config Mode IPv4 VRF Address Family 6.10.2.53. ip bgp fast-external-failover {deny|permit} This command configures fast external failover behavior for a specific routing interface. This command overrides the global configured fast external failover behavior.
Format network mask [route-map ] no network mask [route-map ] Fields Definition Ipaddress An address prefix that BGP will advertise. Mask Network mask for the prefix. route-map-name Identifier of a configured route map. The route map should be examined to filter the networks to be advertised. Default No networks are advertised Mode Router BGP Config Mode IPv4 VRF Address Family 6.10.2.55.
6.10.2.56. template peer This command is used to create a BGP peer template and enter BGP peer template mode for the specified template. Peer template is a configuration feature that allows you to share policies between neighbors. Neighbors can then be configured to inherit parameters from the peer template. A peer template can include both session parameters and peer policies. Peer policies are configured with an address family configuration mode and apply only to that address family.
Soft By default, adjacencies are torn down and re-established. If this option is specified, RGP resends all updates to neighbors and reprocesses updates from the neighbors. in/out If the in option is given, updates from the neighbors are reprocessed. If the out option is given, updates are resent to the neighbors. If neither keywords is given, updates are reprocessed in both directions. Default None Mode Privileged EXEC User EXEC 6.10.2.58.
Format ip as-path access-list <1-500> no ip as-path access-list <1-500> Fields Definition 1-500 A number uniquely identifying the list. All AS path access list commands with the same this number are considered part of the same list. Permit Permit the routes whose AS PATH attribute matches the regular expression. Deny Deny the routes whose AS PATH attribute matches the regular expression.
6.10.2.61. ip community-list This command is used to create or configure a BGP community list. A community list statement with no community values is considered a match for all routes, regardless of their community membership. So the statement ip community-list standard testlist permit is a permit all statement. A community number may be entered in either format, as a 32-bit integer or a pair of 16-bit integers separated by a colon, regardless of whether the ip bgp-community new-format command is active.
Fields Definition 0-500 When an AS path list number is specified, the output is limited to the single AS path list specified. Default None Mode Privileged EXEC User EXEC 6.10.2.63. show ip community-list This command is used to display community lists. The format of community values is dictated by the command ip bgp-community new-format. Format show ip community-list [detail] [] Fields Definition listname A standard community list name.
6.10.2.65. rd This command is used to specify the route distinquisher (RD) for a VRF instance that is used to create a VPNv4 prefix. An RD creates routing and forwarding tables and specifies the default route distinquisher for a VPN. The RD is added to the beginning of the IPv4 prefixes to change them into globally unique VPNv4 prefixes.
Import Imports routing information from the target VPN extended community. Both Exports/imports routing information to/from the target VPN extended community. The route-target extended community attributes to be added to the list of import, export or both (import and export) route-target extended communities. The route-target specifies a target VPN extended community.
6.10.2.68. address-family ipv6 This command is used to enter IPv6 Address Family Configuration mode in order to specify IPv6-specific configuration parameters. Commands entered in this mode can be used to enable exchange of IPv6 routes, specify IPv6 prefixes to be originated, and configure inbound and outbound policies to be applied to IPv6 routes. To return to the default values, use the no form of this command.
Fields Definition Count The maximum number of occurrences of the local ASN allowed in the AS_PATH attribute received in the prefix updates. The range is 1 to 10.
6.11. VRRPv3 Commands VRRPv3 provides address redundancy for both IPv4 and IPv6 router addresses. VRRPv3 support in QNOS is similar to VRRP support. The following table provides a summary of the differences.
Example: (IX2) (config-if-vrrp)#show vrrp vlan 2 - VRID 2 - Address-Family IPv4 Virtual IP address............................. Secondary IP Address(es)....................... Virtual MAC Address............................ Priority....................................... Configured Priority............................ Advertisement Interval......................... Pre-empt Mode.................................. Accept Mode.................................... Administrative Mode............................
AdvIntvl Advertisement interval configured for this virtual router. Pre Preemption state of the virtual router. Acc Accept Mode of the virtual router State VRRP group state. The state can be one of the following: Init, Backup, Master VR IP address Virtual IP address for a VRRP group. Example: (IX8D) (Config)#show vrrp Interface VRID A-F Pri ----------- ---- ---- --0/1 1 IPv4 100 6.11.1.3. brief AdvIntvl Pre Acc State VR IP Address -------- --- --- ------ ------------1 N N Backup 10.255.255.
Example: (IX8D) (Config)#show vrrp statistics ipv4 0/1 1 Master Transitions............................. New Master Reason.............................. Advertisements Received........................ Advertisements Sent............................ Advertisement Interval Errors.................. IP TTL Errors.................................. Last Protocol Error Reason..................... Zero Priority Packets Received................. Zero Priority Packets Sent.....................
Fields Definition The virutal router group number. The range is from 1 to 255. address-family Specifies the address family for the VRRP. ipv4 (Optional) Specifies IPv4 address. ipv6 (Optional) Specifies IPv6 address. Default None Mode Interface Config 6.11.2.3. preempt This command configures the device to take over as master virtual router for a VRRP group if it has higher priority than the current master virtual route.
6.11.2.5. priority This command sets the priority level of the device within a VRRPv3 group. The priority level controls which device becomes the master virtual router. To reset the priority level of the device to the default value, use the no form of this command. Format priority no priority Fields Definition level Priority of the device within the VRRP group. The range is from 1 to 254. Default 100 Mode VRRPv3 Config 6.11.2.6.
Format shutdown no shutdown Default shutdown Mode VRRPv3 Config 6.11.2.8. address This command set the primary or secondary IP address of the device within a VRRPv3 group. If the primary or secondary option is not specified, the specified IP address is set as the primary. The Virtual IPv6 primary address should be a link-local address only.
Fields Definition slot/port The interface to track. vlan-id The VLAN to track. decrement number (Optional) Specify the VRRP priority decrement for the tracked object. The number is the amount by which priority is decremented. The range is 1–254. Default Disabled (the default of the decrement number is 10) Mode VRRPv3 Config 6.11.2.10. track ip route This command configures tracking of the IP route for the device within a Virtual Router Redundancy Protocol (VRRPv3) group.
ipv6 (Optional) The Virtual router group belongs to IPv6 address family. slot/port (Optional) The interface number to which the Virtual router belongs. (Optional) The VLAN number to which the virtual router belongs. The range is from 1 to 4093. vlan-id vr-id Mode (Optional) The virtual router group number. The range is from 1 to 255.
6.12. Virtual Router Commands 6.12.1. Show commands 6.12.1.1. show ip vrf This command shows the information about the virtual router instances.
6.12.2.2. maximum routes Use this command to reserve the number of routes allowed and sets the maximum limit on the number of routes for a virtual router instance in the total routing table space for the router, provided there is enough free space in the router’s total routing table. Alternatively, you can use no maximum routes command to remove any reservation for the number of routes allowed in the virtual router instance and clears the warning threshold value.
Format ip vrf forwarding no ip vrf forwarding Fields Definition vrf-name The name of the virtual router.
6.13. Black Hole Detection (BHD) Commands In networking terms, black holes refer to the places in the Clos network where incoming or outgoing traffic is silently discarded without informing the source that the data did not reach its intended recipient. Black hole conditions arise when the traffic is directed towards an incorrect path in Clos networks where uRPF is not running.
6.13.2.2. bhd enable Use this command to enable the BHD feature globally on the system. Alternatively, you can use no bhd enable command to disable the BHD feature globally on the system. Format bhd enable no bhd enable Default Disabled Mode Global Config 6.13.2.3. clear counter bhd Use this command to clear the counters of BHD.
6.14. IP Event Dampening Commands 6.14.1.1. dampening Use this command to enable IP event dampening on a routing interface. Format dampening [half-life period] [reuse-threshold suppress-threshold max-suppress-time[restart restartpenalty]] no dampening Mode Interface Config Parameter Definition Half-life period The numbe of seconds it takes for the penalty to reduce by half. The configurable range is 1-30 seconds. Default value is 5 seconds.
7. IP Multicast Commands 7.1. Internet Group Management Protocol (IGMP) Commands This section provides a detailed explanation of the IGMP commands. The commands are divided into the following different groups: Show commands are used to display device settings, statistics and other information. Configuration commands are used to configure features and options of the switch. For every configuration command there is a show command that will display the configuration setting. 7.1.1. Show commands 7.1.1.1.
Fields Definition Valid slot and port number separated by forward slashes. VLAN ID. The range of VLAN ID is from 1 to 4093. Loopback interface number. The range of Loopback interface is from 0-63. [detail] Display details of subscribed multicast groups. Default None Mode Privileged EXEC Display Message Fields Definition IP Address This displays the IP address of the interface participating in the multicast group.
Version2 Host Timer This displays the time remaining until the local router assumes that there are no longer any IGMP version 2 multicast members on the IP subnet attached to this interface.This could be an integer value or “-----” if there is no Version 2 host present. Group Compatibilty Mode The group compatibility mode (v1, v2 or v3) for this group on the specified interface. 7.1.1.3. show ip igmp interface This command displays the IGMP information for the interface.
Query Interval (secs) This field indicates the frequency at which IGMP Host-Query packets are transmitted on this interface. This is a configured value. Query Max Response Time (secs) This field indicates the maximum query response time advertised in IGMPv2 queries on this interface. This is a configured value. Robustness This field displays the tuning for the expected packet loss on a subnet. If a subnet is expected to be have a lot of loss, the Robustness variable may be increased for that interface.
State This displays whether the interface has IGMP in Querier mode or Non-Querier mode. Group Compatibility Mode The group compatibility mode (v1, v2 or v3) for the specified group on this interface. Source Filter Mode The source filter mode (Include/Exclude) for the specified group on this interface. This is “-----” for IGMPv1 and IGMPv2 Membership Reports.
User EXEC Display Message Fields Definition Querier Status This field indicates the status of the IGMP router, whether it is running in Querier mode or Non-Querier mode. Querier IP Address This field displays the IP Address of the IGMP Querier on the IP subnet to which this interface is attached. Querier Up Time This field indicates the time since the interface Querier was last changed.
Format ip igmp router-alert-check no ip igmp router-alert-check Default Disable Mode Global Config 7.1.2.3. ip igmp version This command configures the version of IGMP for an interface. To reset the version of IGMP for this interface to the default value, use the no form of this command. Format ip igmp version {1 | 2 | 3} no ip igmp version Fields Definition <1- 3> The IGMP version number. Default 3 Mode Interface Config 7.1.2.4.
7.1.2.5. ip igmp last-member-query-interval This command configures the Maximum Response Time being inserted into Group-Specific Queries sent in response to Leave Group messages on the interface. To reset the Maximum Response Time being inserted into Group-Specific Queries sent in response to Leave Group messages on the interface to the default value, use the no form of this command.
To reset the maximum response time interval for the specified interface to the default value, use the no form of this command. Format ip igmp query-max-response-time <0-3174> no ip igmp query-max-response-time Fields Definition <1-3174> The range for query-max-response-time is from 0 to 3174 seconds. IGMP version 3 range 1-3174, version 2: range 1-25, version 1: range 1-25 Default 10 seconds Mode Interface Config 7.1.2.8.
no ip igmp startup-query-count Fields Definition <1-20> The range for startup-query-count is from 1 to 20. Default 2 Mode Interface Config 7.1.2.10. ip igmp startup-query-interval This command sets the interval between General Queries sent by a Querier on startup on the interface. The time interval value is in seconds. To reset the interval between General Queries sent by a Querier on startup on the interface to the default value, use the no form of this command.
7.2. MLD Commands This section provides a detailed explanation of the MLD commands. The commands are divided into the following different groups: Show commands are used to display device settings, statistics and other information. Configuration commands are used to configure features and options of the switch. For every configuration command there is a show command that will display the configuration setting. 7.2.1. Show commands 7.2.1.1.
When is specified, the following fields are displayed for each multicast group and each interface. Fields Definition Interface Interface through which the multicast group is reachable. Group Address The address of the multicast group. Last Reporter The IP Address of the source of the last membership report received for this multicast group address on that interface. Filter Mode The filter mode of the multicast group on this interface. The values it can take are include and exclude.
Mode Privileged Exec Display Message The following information is displayed for each of the interfaces or for only the specified interface. Fields Definition Interface The interface number in slot/port format. MLD Global Admin Mode Displays the configured administrative status of MLD. MLD Interface Admin Mode Displays the configured administrative status of MLD on the interface. MLD Operational Mode The operational status of MLD on the interface.
Querier Up Time Time elapsed in seconds since the querier state has been updated. Querier Expiry Time Time left in seconds before the Querier loses its title as querier. Wrong Version Queries Indicates the number of queries received whose MLD version does not match the MLD version of the interface. Number of Joins Received The number of times a group membership has been added on this interface. Number of Groups The current number of membership entries for this interface. 7.2.1.3.
7.2.2. Configuration commands 7.2.2.1. ipv6 mld query-interval Use this command to set the MLD router’s query interval for the interface. The query-interval is the amount of time between the general queries sent when the router is the querier on that interface. To reset the query interval for the specified interface to the default value, use the no form of this command.
7.2.2.3. ipv6 mld last-member-query-interval Use this command to set the last member query interval for the MLD interface, which is the value of the maximum response time parameter in the group specific queries sent out of this interface. To reset the Maximum Response Time being inserted into Group-Specific Queries sent in response to Leave Group messages on the interface to the default value, use the no form of this command.
Format ipv6 mld router no ipv6 mld router Default Disable Mode Global Config Interface Config 7.2.2.6. clear ipv6 mld counters The user can go to the CLI Privilege Configuration Mode to clear MLD counters on the system. Format clear ipv6 mld counters [{ | vlan }] Fields Definition Specify the interface. Specifies the VLAN interface. The range of the VLAN ID is 1 to 4093. Default None Mode Privileged Exec 7.2.2.7.
Fields Definition <1- 2> The mld version number. Default 2 Mode Interface Config 7.2.2.9. ipv6 mld reset-status Use this command to reset the MLD proxy's host interface status parameters for the interface. Format ipv6 mld reset-status Mode Interface Config 7.2.2.10. ipv6 mld startup-query-count Use this command to set the MLD router’s startup query count for the interface. Format ipv6 mld startup-query-count <1-20> Default 2 Mode Interface Config 7.2.2.11.
7.2.2.12. ipv6 mld unsolicit-rprt-interval Use this command to set the MLD proxy unsolicited report interval for the interface.
7.3. Multicast Commands 7.3.1. Show commands 7.3.1.1. show ip mcast This command displays the system-wide multicast information Format show ip mcast Default None Mode Privileged Exec User Exec Display Message Fields Definition Admin Mode This field displays the administrative status of multicast. This is a configured value. IPv4 Protocol State This field indicates the current state of the IPv4 multicast protocol. Possible values are Operational or Non-Operational.
7.3.1.2. show ip mcast boundary This command displays all the configured administrative scoped multicast boundaries. Format show ip mcast boundary { | all | vlan } Fields Definition Interface number. VLAN ID. The range of VLAN ID is 1 to 4093. All interface. Default None Mode Privileged Exec User Exec Display Message Fields Definition Interface Valid slot and port number separated by forward slashes. Group IP The group IP address.
Display Message Fields Definition Interface Valid slot and port number separated by forward slashes. TTL This field displays the time-to-live value for this interface. 7.3.1.4. show ip mcast mroute This command displays a summary or all the details of the multicast table. Format show ip mcast mroute {detail | summary} Fields Definition Detail displays the multicast routing table details. Summary displays the multicast routing table summary.
If the “summary” parameter is specified, the following fields are displayed: Fields Definition Source IP This field displays the IP address of the multicast data source. Group IP This field displays the IP address of the destination of the multicast packet. Protocol This field displays the multicast routing protocol by which this entry was created. Incoming Interface This field displays the interface on which the packet for this source/group arrives.
Expiry Time (secs) This field displays the time of expiry of this entry in seconds. Up Time (secs) This field displays the time elapsed since the entry was created in seconds. RPF Neighbor This field displays the IP address of the RPF neighbor. Flags This field displays the flags associated with this entry. If the summary parameter is specified the follow fields are displayed: Fields Definition Source IP This field displays the IP address of the multicast data source.
Display Message If the detail parameter is specified the follow fields are displayed: Fields Definition Source IP This field displays the IP address of the multicast data source. Group IP This field displays the IP address of the destination of the multicast packet. Expiry Time (secs) This field displays the time of expiry of this entry in seconds. Up Time (secs) This field displays the time elapsed since the entry was created in seconds.
Mode Privileged Exec User Exec Display Message Fields Definition Source IP This field displays the IP address of the multicast data source. Source Mask This field displays the IP address Mask of the multicast data source. RPF Address This field displays the IP address of the RPF next-hop toward the source. Preference This field displays the administrative distance for this static mroute. 7.3.1.8. show ipv6 mroute Use this command to display IPv6 multicast routing table information.
Example: (M4500-48XF8C) # show ipv6 mroute summary Multicast route table summary Incoming Source IP Group IP Protocol Outgoing Interface Interface List --------------- --------------- ---------- --------- --------------* 2002::6 ff1e::1 PIMSM ff1e::1 PIMSM 0/1 0/2 0/1 (M4500-48XF8C) (Interface 0/2)#show ipv6 mroute detail IP Multicast Routing Table Flags: C - Connected, J - Received Pim (*,G) Join, R - RP-bit set, F - Register flag, T - SPT-bit set Timers: Uptime/Expires Protocol: PIMSM ( *,ff
7.3.1.9. show ipv6 mroute group Use this command to display IPv6 multicast routing table information specific to the given group IPv6 address. Format show ipv6 mroute group {detail | summary} Mode Privileged Exec User Exec Display Message If you use the detail parameter, the command displays the following information: Fields Definition Source IP The IP address of the multicast data source. Group IP The IP address of the destination of the multicast packet.
User Exec Display Message If you use the detail parameter, the command displays the following information: Fields Definition Source IP The IP address of the multicast data source. Group IP The IP address of the destination of the multicast packet. Protocol The multicast routing protocol by which the entry was created. Incoming Interface The interface on which the packet for the source/group arrives. Outgoing Interface List The list of the outgoing interfaces on which the packet is forwarded.
Source Mask The subnet mask pertaining to the source IP. RPF Address The IP address of the RPF next hop router toward the source. Interface The interface that is used to reach the RPF next hop. This is valid if the RPF address is link-local address. Preference The administrative distance for this Static MRoute. 7.3.1.12. clear ip mroute This command clears IPv4 multicast route entries. Format clear ip mroute {* | []} Default None Mode Privileged Exec 7.3.1.13.
Mode Global Config 7.3.2.2. ip mcast boundary This command adds an administrative scope multicast boundary specified by and for which this multicast administrative boundary is applicable. is a group IP address and is a group IP mask. To remove an administrative scope multicast boundary specified by and for which this multicast administrative boundary is applicable, use the no form of this command.
7.4. IPv4 Protocol Independent Multicast (PIM) Commands 7.4.1. Show commands 7.4.1.1. show ip pim This command displays the system-wide information for PIM-SM.
BSR Priority Priority as configured in the „ip pim bsr-candidate“ command BSR Hash Mask Length Length of a mask (maximum 32 bits) that is to be ANDed with the group address before the hash function is called. This value is configured in the ip pim bsrcandidate command C-BSR Advertisement Interval(secs) Indicates the configured C-BSR Advertisement interval with which the router, acting as a C-BSR, will periodically send the C-BSR advertisement messages.
DR Priority The priority of the Designated Router configured on the interface. BSR Border Identifies whether this interface is configured as a bootstrap router border interface Neighbor Count The number of PIM neighbors learned on this interface. This is a dynamic value and is shown only when a PIM interface is operational Designated Router The IP address of the elected Designated Router for this interface. This is a dynamic value and will only be shown when a PIM interface is operational. 7.4.1.4.
i DR Priority is applicable only when sparse-mode configured routers are neighbors. Otherwise, NA is displayed in this field. 7.4.1.5. show ip pim rp mapping Use this command to display all active group-to-RP mappings of which the router is a aware (either configured or learned from the bootstrap router (BSR)). Use the optional parameters to limit the display to a specific RP address or to view group-to-candidate RP or group to Static RP mapping information.
Fields Definition the multicast group address for the start of the range of addresses to be excluded. The address must be in the range of 239.0.0.0 through 239.255.255.255. Default None Mode Privileged Exec User Exec Display Message Fields Definition RP Address The IP address of the RP for the group specified Type Indicates the mechanism (BSR or static) by which the RP was selected 7.4.1.7.
Fields Definition Interface number. VLAN ID. The range of VLAN ID is 1 to 4093. Default None Mode Privileged Exec User Exec Display Message Fields Definition Intf The PIM-enabled routing interface. Stat Rx: Packets received, Tx: Packets transmitted. Hello The number of PIM Hello messages. Register The number of PIM Register messages. Reg-Stop The number of PIM Register-stop messages. Join/Pru The number of PIM Join/Prune messages.
Display Message Fields Definition MFC IPv4 Mode Enabled when IPv4 Multicast routing is operational. MFC IPv6 Mode Enabled when IPv6 Multicast routing is operational. MFC Entry Count The number of entries present in MFC. Current multicast IPv4 protocol The current operating IPv4 multicast routing protocol. Current multicast IPv6 protocol The current operating IPv6 multicast routing protocol. Total software forwarded packets Total number of multicast packets forwarded in software.
7.4.2. Configuration commands 7.4.2.1. ip pim bsr-candidate This command is used to configure the router to announce its candidacy as a bootstrap router (BSR). To remove a configured candidate bootstrap router (C-BSR), use the no form of this command.
Fields Definition Specifies the rp address. Specifies the group address. Specifies the group mask. [overide] Indicates that if there is a conflict, the RP configured with this command prevails over the RP learned by BSR. Default 0 Mode Global Config i This command takes effect only when PIM-SM is configured as the PIM mode. 7.4.2.3.
Default None Mode Global Config i This command takes effect only when PIM-SM is configured as the PIM mode. 7.4.2.4. ip pim sparse This command enables the administrative mode of PIM-SM in the router. To set the administrative mode of IPv4 PIM-SM in the router to inactive, use the no form of this command. ip pim sparse Format no ip pim sparse Default Disable Mode Global Config 7.4.2.5.
7.4.2.6. ip pim ssm Use this command to define the Source Specific Multicast (SSM) range of IP multicast addresses. To disable the specified Source Specific Multicast (SSM) range, use the no form of this command. Format ip pim ssm {default | } no ip pim ssm {default | } Fields Definition Default Defines the SSM range access list 232/8. Specifies the group address. Specifies the group-mask.
Mode i Interface Config This command takes effect only when PIM-SM is configured as the PIM mode. 7.4.2.9. ip pim dr-priority Use this command to set the priority value for which a router is elected as the designated router (DR). This command can be configured on a single interface or a range of interfaces. To reset the priority value to the default value for which a router is elected as the designated router (DR), use the no form of this command.
7.4.2.11. ip pim join-prune-interval This command is used to configure the join/prune interval for the PIM-SM router on an interface or range of interfaces. The join/prune interval is specified in seconds. To reset the PIM join/prune interval to the default value, use the no form of this command. Format ip pim join-prune-interval <0-18000> no ip pim join-prune-interval Fields Definition <0-18000> The range for the join/prune interval is from 0 to 18000 seconds.
7.5. IPv6 Protocol Independent Mulitcast (PIM) Commands 7.5.1. Show commands 7.5.1.1. show ipv6 pim Use this command to display the system-wide information for PIM-SM. Format show ipv6 pim Default None Mode Privileged Exec User Exec Display Message Fields Definition PIM Mode Indicates the PIM mode is sparse (PIM-SM) Data Threshold Rate Indicates the data threshold rate for PIM. Interface slot/port, loopback ID or VLAN ID.
Display Message Fields Definition Group Address The IPv6 multicast address of the SSM group. Prefix Length The network prefix length. 7.5.1.3. show ipv6 pim interface Use this command to displays the interface information for PIM on the specified interface. If no interface is specified, the command displays the status parameters for all PIM-enabled interfaces.
Neighbor Count The number of PIM neighbors learned on this interface. This is a dynamic value and is shown only when a PIM interface is operational. Designated Router The IP address of the elected Designated Router for this interface. This is a dynamic value and will only be shown when a PIM interface is operational. 7.5.1.4. show ipv6 pim neighbor Use this command to display PIM neighbors discovered by PIMv2 Hello messages.
Mode Privileged Exec User Exec Display Message Fields Definition BSR Address IPv6 address of the BSR. BSR Priority Priority as configured in the ipv6 pim bsr-candidate command. BSR Hash Mask Length Length of a mask (maximum 32 bits) that is to be ANDed with the group address before the hash function is called. This value is configured in the ipv6 pim bsrcandidate command. Next Bootstrap Message Time (in hours, minutes, and seconds) in which the next bootstrap message is due from this BSR.
7.5.1.7. show ipv6 pim rp-mapping This command displays themapping for the PIM group to the active Rendezvous points(RP) of which the router is aware (either configured or learned from the bootstrap router(BSR)). Use the optional parameters to limit the display to a specific RP address or to view group-to-candidate RP or group to Static RP mapping information.
Fields Definition Interface number. VLAN ID. The range of VLAN ID is 1 to 4093. Default None Mode Privileged Exec User Exec Display Message Fields Definition Intf The PIM-enabled routing interface. Stat Rx: Packets received, Tx: Packets transmitted. Hello The number of PIM Hello messages. Register The number of PIM Register messages. Reg-Stop The number of PIM Register-stop messages. Join/Pru The number of PIM Join/Prune messages.
7.5.2. Configuration commands 7.5.2.1. ipv6 pim sparse This command enables the administrative mode of PIM-SM in the router. To set the administrative mode of IPv6 PIM-SM in the router to inactive, use the no form of this command. Format ipv6 pim sparse no ipv6 pim sparse Default Disable Mode Global Config 7.5.2.2. ipv6 pim This command administratively enables PIM on an interface or range of interfaces.
7.5.2.4. ipv6 pim bsr-border Use this command to prevent bootstrap router (BSR) messages from being sent or received through an interface or range of interfaces. Note that this command takes effect only when PIM-SM is enabled in the Global mode. To disable the interface from being the BSR border, use the no form of this command. ipv6 pim bsr-border Format no ipv6 pim bsr-border Default Disable Mode Interface Config 7.5.2.5.
Mode Global Config 7.5.2.6. ipv6 pim dr-priority Use this command to set the priority value for which a router is elected as the designated router (DR). This command can be configured on a single interface or a range of interfaces. To reset the priority value to the default value for which a router is elected as the designated router (DR), use the no form of this command.
keyword override indicates that if there is a conflict, the RP configured with this command prevails over the RP learned by BSR. To remove a configured RP address for one or more multicast groups, use the no form of this command. ipv6 pim rp-address [override] Format no ipv6 pim rp-address Fields Definition The IPv6 address of the RP. The group address supported by the RP.
The multicast group prefix that is advertised in association with the RP address. Configure the C-RP advertisement interval. The range of interval is 1 to 16383, and the default value is 60. Default None Mode Global Config 7.5.2.10. ipv6 pim spt-threshold This command is used to configure the Data Threshold rate for the last-hop router to switch to the shortest path. Now support to enable (0) or disable(Infinity).
Specifies the group address. Specifies the group-mask.
8. IPv6 Commands 8.1. Tunnel Interface Commands The commands in this section describe how to create, delete, and manage tunnel interfaces.Several different types of tunnels provide functionality to facilitate the transition of IPv4 networks to IPv6 networks. These tunnels are divided into two classes: configured and automatic. The distinction is that configured tunnels are explicitly configured with a destination or endpoint of the tunnel.
If you specify a tunnel ID, the command shows the following information for the tunnel: Fields Definition interface Link Status Shows whether the link is up or down. MTU Size Shows the maximum transmission unit for packets on the interface. IPv6 Address/Length If you enable IPv6 on the interface and assign an address, the IPv6 address and prefix display. Example: If you specify a tunnel ID, the command shows the following information for the tunnel in the example.
8.1.2. Configuration commands 8.1.2.1. interface tunnel This command uses to enter the Interface Config mode for a tunnel interface. The tunnel id range is from 0 to 7. To remove the tunnel interface and associated configuration parameters for the specified tunnel interface, use the no form of this command. Format interface tunnel <0-7> no interface tunnel <0-7> Default None Mode Global Config 8.1.2.2.
Format tunnel destination {} no tunnel destination Fields Definition A valid IP Address. Default None Mode Interface Tunnel Mode 8.1.2.4. tunnel mode This command specifies the mode of the tunnel. To restore the tunnel mode, use the no form of this command. Format tunnel mode ipv6ip [6to4] ] no tunnel mode Fields Definition [6to4] With the optional 6to4 argument, the tunnel mode is set to 6to4 automatic.
8.2. Loopback Interface Commands The commands in this section describe how to create, delete, and manage loopback interfaces. A loopback interface is always expected to be up. This interface can provide the source address for sent packets and can receive both local and remote packets. The loopback interface is typically used by routing protocols. To assign an IP address to the loopback interface, please refer to “ip address” command.
IPv6 is enabled (disabled) Shows whether IPv6 is enabled on the interface IPv6 Prefix is Shows the IPv6 address of the interface. MTU size Shows the maximum transmission size for packets on this interface, in bytes. 8.2.2. Configuration commands 8.2.2.1. interface loopback This command is used to enter the Interface Config mode for a loopback interface. The range of the loopback ID is 0 to 63.
8.3. IPv6 Routing Commands This section describes the IPv6 commands you use to configure IPv6 on the system and on the interfaces. This section also describes IPv6 management commands and show commands. 8.3.1. Show commands 8.3.1.1. show ipv6 brief This command displays the IPv6 status and IPv6 unicast routing mode. Format show ipv6 brief Default None Mode Privileged Exec User Exec Display Message Fields Definition IPv6 Unicast Routing Mode Shows whether the IPv6 unicast routing mode is enabled.
IPv6 NUD Maximum Unicast Shows the exponential backoff multiple to be used in the calculation of the next SolicitsExponential Backoff timeout value for Neighbor Solicitations transmission during NUD (neighbor Multiple unreachability detection) following the exponential backoff algorithm. 8.3.1.2. show ipv6 interface This command displays the usability status of IPv6 interfaces and whether ICMPv6 Destination Unreachable messages may be sent.
Routing Mode Shows whether IPv6 routing is enabled or disabled. IPv6 Enable Mode Shows whether IPv6 is enabled on the interface. IPv6 Routing Operational Mode Shows whether the operational state of an interface is enabled or disabled. IPv6 Link-local Scope ID Shows the scope ID of the link local address. Bandwidth Shows the bandwidth of the interface. Interface Maximum Transmission Unit Shows the MTU size, in bytes.
Router Advertisement Suppress Flag Shows whether router advertisements are suppressed (enabled) or sent (disabled). IPv6 Destination Unreachables Shows whether ICMPv6 Destination Unreachable messages may be sent (enabled) or not (disabled). ICMPv6 Redirects Specify if ICMPv6 redirect messages are sent back to the sender by the Router in the redirect scenario is enabled on this interface. If an IPv6 prefix is configured on the interface, the following information also appears.
Display Message Count of Learned Neighbors the number of neighbor mac address be learned. Fields Definition Interface Shows the interface in slot/port format. Type The type of the IPv6 address. It can be Dynamic, Static, Local or Other. IPv6 Address IPV6 address of neighbor or interface. MAC Address Link-layer Address. IsRtr Shows whether the neighbor is a router. If the value is TRUE, the neighbor is known to be a router, and FALSE otherwise.
BGP Router ID The router ID configured for BGP. Local AS Number The AS number that the local router is in. BGP Admin Mode Whether BGP is globally enabled or disabled. BGP GR-Enabled Mode Whether BGP Graceful Restart Enabled Mode is enabled. (Enabled or Disabled) BGP GR-Aware Mode Whether BGP Graceful Restart Aware Mode is enabled. (Enabled or Disabled) BGP GR restart-time Setting of BGP Graceful Restart Timer. BGP GR stalepath-time Setting of BGP Graceful Stale Path Timer.
OSPF Admin Mode Whether OSPFv3 is globally enabled or disabled. Maximum Paths The maximum number of next hops in an OSPF route. Default Route Advertise Whether OSPF is configured to orginiate a default route. Distance The default administrative distance (or route preference) for intra-as, inter-as, and external OSPF routes. Always Whether default advertisement depends on having a default route in the common routing table. Metric The metric configured to be advertised with the default route.
Display Message The show ipv6 route command displays the routing tables in the following format: Codes: C - connected, S – static, 6To4 – 6to4 Route , B - BGP Derived, D - Database Route O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF Ext 1, OE2 - OSPF Ext 2 ON1 - OSPF NSSA Ext Type 1, ON2 - OSPF NSSA Ext Type 2, K - Kernel The columns for the routing table display the following information: Fields Definition Code The code for the routing protocol that created this routing entry.
8.3.1.6. show ipv6 route ecmp-groups This command reports all current ECMP groups in the IPv6 routing table. An ECMP group is a set of two or more next hops used in one or more routes. The groups are numbered arbitrarily from 1 to n. The output indicates the number of next hops in the group and the number of routes that use the set of next hops. The output lists the IPv6 address and outgoing interface of each next hop in each group.
OSPF External Preference of OSPF external routes. BGP External Preference of eBGP routes. BGP Internal Preference of iBGP routes. BGP Local Preference of BGP local routes. 8.3.1.9. show ipv6 route summary This command displays the summary of the routing table. Use all to display the count summary for all routes, including best and non-best routes. Use the command without parameters to display the count summary for only the best routes.
Alternate Routes The number of alternate routes currently in the routing table. An alternate route is a route that was not selected as the best route to its destination. Route Adds The number of routes that have been added to the routing table. Route Modifies The number of routes that have been changed after they were initially added to the routing table. Route Deletes The number of routes that have been deleted from the routing table.
ECMP Retries The number of ECMP routes that have been installed in the forwarding table after initially being installed with a single next hop. Routes with n Next Hop The current number of routes with each number of next hops. Number of Prefixes Summarizes the number of routes with prefixes of different lengths. 8.3.1.10. show ipv6 traffic This command displays traffic and statistics for IPv6 and ICMPv6.
Received Datagrams Discarded Due To No Route Number of input datagrams discarded because no route could be found to transmit them to their destination. Received Datagrams With Unknown Protocol Number of locally-addressed datagrams received successfully but discarded because of an unknown or unsupported protocol. This counter increments at the interface to which these datagrams were addressed, which might not be necessarily the input interface for some of the datagrams.
for lack of buffer space). Note that this counter would include datagrams counted in Datagrams Forwarded if any such packets met this (discretionary) discard criterion. Datagrams Successfully Fragmented Number of IPv6 datagrams that have been successfully fragmented at this output interface. Datagrams Failed To Fragment Number of IPv6 datagrams that have been discarded because they needed to be fragmented at this output interface but could not be.
ICMPv6 Echo Request Messages Received Number of ICMP Echo request messages received by the interface. ICMPv6 Echo Reply Messages Received Number of ICMP Echo reply messages received by the interface. ICMPv6 Router Solicit Messages Received Number of ICMP Router Solicit messages received by the interface. ICMPv6 Router Advertisement Messages Received Number of ICMP Router Advertisement messages received by the interface.
ICMPv6 Time Exceeded Messages Transmitted Number of ICMP Time Exceeded messages sent by the interface. ICMPv6 Parameter Problem Messages Transmitted Number of ICMP Parameter Problem messages sent by the interface. ICMPv6 Packet Too Big Messages Transmitted Number of ICMP Packet Too Big messages sent by the interface. ICMPv6 Echo Request Messages Transmitted Number of ICMP Echo request messages sent by the interface.
8.3.2. Configuration commands This section describes the IPv6 commands you use to configure IPv6 on the system and on the interface. 8.3.2.1. ipv6 hop-limit This command defines the unicast hop count used in ipv6 packets originated by the node. The value is also included in router advertisements. The default “not configured” means that a value of zero is sent in router advertisements and a value of 64 is sent in packets originated by the node. Note that this is not the same as configuring a value of 64.
Format ipv6 enable no ipv6 enable Default Disabled Mode Interface Config Interface VLAN 8.3.2.4. ipv6 address Use this command to configure an IPv6 address on an interface, including tunnel and loopback interfaces, and to enable IPv6 processing on this interface. You can assign multiple globally reachable addresses to an interface by using this command. You do not need to assign a linklocal address by using this command since one is automatically created.
supply any parameters, the command deletes all the IPv6 addresses on an interface. link-local The IPv6 link-local address to be configured. Default None Mode Interface Config Interface VLAN 8.3.2.5. ipv6 address autoconfig Use this command to allow an in-band interface to acquire an IPv6 address through IPv6 Neighbor Discovery Prococol (NDP) and through the use of Router Advertisement messages.
Interface Config 8.3.2.7. ipv6 route Use this command to configure an IPv6 static route. The is the IPv6 network that is the destination of the static route. The is the length of the IPv6 prefix — a decimal value (usually 0-64) that shows how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). A slash mark must precede the .
Format ipv6 route distance <1-255> no ipv6 route distance Default 1 Mode Global Config 8.3.2.9. ipv6 mtu This command sets the maximum transmission unit (MTU) size, in bytes, of IPv6 packets on an interface. This command replaces the default or link MTU with a new MTU value. The default MTU value for a tunnel interface is 1480. You cannot change this value. To reset maximum transmission unit value to default value, use the no form of this command.
Format ipv6 nd managed-config-flag no ipv6 nd managed-config-flag Default False Mode Interface Config 8.3.2.12. ipv6 nd ns-interval This command sets the interval between router advertisements for advertised neighbor solicitations, in milliseconds, for an interface. An advertised value of 0 means the interval is unspecified. To reset the neighbor solicit retransmission interval of the specified interface to the default value, use the no form of this command.
Fields Definition Min Router Advertisement Interval This command sets the minimal transmission interval between router advertisements on the interface. Default 600 Mode Interface Config 8.3.2.15. ipv6 nd ra-lifetime This command sets the value, in seconds, that is placed in the Router Lifetime field of the router advertisements sent from the interface. The value must be zero, or it must be an integer between the value of the router advertisement transmission interval and 9000.
8.3.2.17. ipv6 nd router-preference This command sets the default router preference that the interface advertises in router advertisement messages. To reset router preference to default, use the no form of this command. Format ipv6 nd router-preference no ipv6 nd router-preference Default Medium Mode Interface Config 8.3.2.18. ipv6 nd suppress-ra This command suppresses router advertisement transmission on an interface.
Format ipv6 nd prefix [{<0-4294967295> | infinite}{<0-4294967295> | infinite}] [noautoconfig][off-link] no ipv6 nd prefix Default Valid-lifetime: 2592000 Preferred-lifetime: 604800 Autoconfig: enabled On-link: enabled Mode Interface Config 8.3.2.20. ipv6 neighbor Use this command to configure a static IPv6 neighbor with the given IPv6 address and MAC address on a routing interface.
8.3.2.22. ipv6 nud Use this command to configure Neighbor Unreachability Detection (NUD). NUD verifies that communication with a neighbor exists. To reset to the default value, use the no form of this command.
8.3.2.24. ipv6 unresolved-traffic rate-limit Use this command to control the rate at which IPv6 data packets come into the CPU. By default, rate limiting is disabled. When enabled, the rate can range from 50 to 1024 packets per second. To disable the rate limit, use the no form of this command. Format ipv6 unresolved-traffic rate-limit <50-1024> no ipv6 unresolved-traffic rate-limit Default Enable Mode Global Config 8.3.2.25.
Format clear ipv6 route counters Default None Mode Privileged Exec 8.3.2.27. ipv6 nd mtu Use this command to set the advertised IPv6 MTU. To restore to the default value, use the no form of this command.
8.4. OSPFv3 Commands This section describes the commands you use to configure OSPFv3, which is a link-state routing protocol that you use to route traffic within a network. 8.4.1. Show commands 8.4.1.1. show ipv6 ospf This command displays information relevant to the OSPF router. Some of the information below displays only if you enable OSPF and configure certain features.
Prefix Suppression Display whether prefix-suppression is enabled or disabled. Maximum Paths The maximum number of paths that OSPF can report for a given destination. Default Metric Default value for redistributed routes. Maximum Routes The maximum number of routes that OSPF can support. Stub Router Configuration Indicates whether stub router is configured. BFD Mode Indicates whether BFD is enabled or disabled.
External LSA Checksum Shows the sum of the LS checksums of external link-state advertisements contained in the link-state database. New LSAs Originated Shows the number of new link-state advertisements that have been originated. LSAs Received Shows the number of link-state advertisements received determined to be new instantiations. LSA Count The total number of link state advertisements currently in the link state database. Maximum Number of LSAs The maximum number of LSAs that OSPF can store.
Format show ipv6 ospf abr Default None Mode Privileged Exec User Exec Display Messages Fields Definition Type The type of the route to the destination. It can be either: • intra — Intra-area route • inter — Inter-area route Router ID Router ID of the destination Cost Cost of using this route Area ID The area ID of the area from which this route is learned.
Area Border Router Count The total number of area border routers reachable within this area. Area LSA Count Total number of link-state advertisements in this area's link-state database, excluding AS External LSAs. Area LSA Checksum A number representing the Area LSA Checksum for the specified AreaID excluding the external (LS type 5) link-state advertisements. Stub Mode Represents whether the specified Area is a stub area or not. The possible values are enabled and disabled.
Default None Mode Privileged Exec User Exec Display Messages Fields Definition Type The type of the route to the destination. It can be either: • intra — Intra-area route • inter — Inter-area route Router ID Router ID of the destination Cost Cost of using this route Area ID The area ID of the area from which this route is learned. Next Hop Next hop toward the destination Next Hop Intf The outgoing router interface to use when forwarding traffic to the next hop. 8.4.1.5.
Fields Definition Configures to display database information about a specific area. Specify the link state ID. Specify an IP Address. Default None Mode Privileged Exec User Exec Display Messages Fields Definition Link Id A number that uniquely identifies an LSA that a router originates from all other self originated LSA's of the same LS type. Adv Router The Advertising Router. Is a 32 bit dotted decimal number representing the LSDB interface.
Display Messages Fields Definition Router Total number of router LSAs in the OSPFv3 link state database. Network Total number of network LSAs in the OSPFv3 link state database. Inter-area Prefix Total number of inter-area prefix LSAs in the OSPFv3 link state database. Inter-area Router Total number of inter-area router LSAs in the OSPFv3 link state database. Type-7 Ext Total number of NSSA external LSAs in the OSPFv3 link state database.
<0-7> Tunnel Interface ID. VLAN ID. The range is from 0 to 4093. Default None Mode Privileged Exec User Exec Display Messages Fields Definition IPv6 Address Shows the IPv6 address of the interface. ifIndex Shows the interface index number associated with the interface. OSPF Admin Mode Shows whether the admin mode is enabled or disabled. OSPF Area ID Shows the area ID associated with this interface. Router Priority Shows the router priority.
Link LSA Suppresion Shows the configured state of Link LSA Suppresion for the interface. The following information only displays if OSPF is initialized on the interface: Fields Definition OSPF Interface Type Broadcast LANs, such as Ethernet and IEEE 802.5, take the value broadcast. The OSPF Interface Type will be 'broadcast'. State The OSPF Interface States are: down, loopback, waiting, point-to-point, designated router, and backup designated router.
Metric Cost The priority of the path. Low costs have a higher priority than high costs. Hello Interval Shows the frequency, in seconds, at which the interface sends Hello packets. Dead Interval Shows the amount of time, in seconds, the interface waits before assuming a neighbor is down. Retransmit Interval Shows the frequency, in seconds, at which the interface sends LSA. Retransmit Delay Interval Shows the number of seconds the interface adds to the age of LSA packets before transmission.
IPv6 Address The IPv6 address associated with this OSPF interface. OSPF Interface Events The number of times the specified OSPF interface has changed its state, or an error has occurred. Virtual Events The number of state changes or errors that occurred on this virtual link. Neighbor Events The number of times this neighbor relationship has changed state, or an error has occurred. Sent Packets The number of OSPF packets transmitted on the interface.
Default None Mode Privileged Exec User Exec Display Messages Fields Definition Total self-originated LSAs The number of LSAs the router is currently originating. Average LSAs per group The number of self-originated LSAs divided by the number of LSA groups. The number of LSA groups is the refresh interval (1800 seconds) divided by the pacing interval (configured with timers pacing lsa-group) plus two. Pacing group limit The maximum number of self-originated LSAs in one LSA group.
Interface number. VLAN ID ranges from 1 to 4093. Default None Mode Privileged Exec User Exec Display Messages If you do not specify an IP address, a table with the following columns displays for all neighbors or the neighbor associated with the interface that you specify: Fields Definition Router ID Shows the 4-digit dotted-decimal number of the neighbor router. Priority Displays the OSPF priority for the specified interface.
• Loading - Link State Request packets are sent to the neighbor asking for the more recent LSAs that have been discovered (but not yet received) in the Exchange state. • Full - the neighboring routers are fully adjacent and they will now appear in router-LSAs and network-LSAs. Shows the amount of time, in seconds, to wait before the router assumes the neighbor is unreachable.
The area ID of the requested OSPFv3 area Default None Mode Privileged Exec User Exec Display Messages Fields Definition Area ID The area ID of the requested OSPFv3 area IPv6 Prefix/Prefix Length The summary prefix and prefix length. Lsdb Type The type of link advertisement associated with this area range. Advertisement The status of the advertisement. Advertisement has two possible settings: enabled or disabled. 8.4.1.14.
SPF Total The total time taken to compute routes, in milliseconds. The total may exceed the sum of Intra, Summ, and Ext times. RIB Update The time from the completion of the routing table calculation until all changes have been made in the common routing table (the Routing Information Base, RIB), in milliseconds. Reason The event or events that triggered the SPF. The reaons codes are as follows: 8.4.1.15. • R – New router LSA. • N – New network LSA.
Import Summary LSA 8.4.1.16. Controls the import of summary LSAs into stub areas. show ipv6 ospf virtual-link This command displays the OSPF Virtual Interface information for a specific area and neighbor. Format show ipv6 ospf virtual-link Fields Definition Area ID. Neighbor's router ID. Default None Mode Privileged Exec User Exec Display Messages Fields Definition Area ID The area ID of the requested OSPFv3 area.
8.4.1.17. show ipv6 ospf virtual-link brief This command displays the OSPFv3 Virtual Interface information for all areas in the system. Format show ipv6 ospf virtual-link brief Default None Mode Privileged Exec User Exec Display Messages Fields Definition Area ID The area ID of the requested OSPFv3 area. Neighbor The neighbor interface of the OSPFv3 virtual interface. Hello Interval The configured hello interval for the OSPFv3 virtual interface.
area uniquely identifies the area to which the interface connects. Assigning an area ID, which does not exist on an interface, causes the area to be created with default values. Format ipv6 ospf area {<0-4294967295> | } Fields Definition An 32-bit integer, formatted as a 4-digit dotted-decimal number. <0-4294967295> A decimal value for an area ID. Default None Mode Interface Config 8.4.2.3. ipv6 ospf bfd This command enables BFD for OSPF on the specified interface.
its neighbor routers declare that the router is down. The value for the length of time must be the same for all routers attached to a common network. This value should be some multiple of the Hello Interval (i.e. 4). To set the default OSPF dead interval for the specified interface, use the no form of this command. Format ipv6 ospf dead-interval no ipv6 ospf dead-interval Fields Definition This value ranges from 1 to 65535. Default 40 Mode Interface Config 8.4.2.6.
no ipv6 ospf link-lsa-suppresion Default Disable Mode Interface Config 8.4.2.8. ipv6 ospf mtu-ignore This command disables OSPF maximum transmission unit (MTU) mismatch detection. OSPF Database Description packets specify the size of the largest IP packet that can be sent without fragmentation on the interface. When a router receives a Database Description packet, it examines the MTU advertised by the neighbor.
8.4.2.10. ipv6 ospf prefix-suppression This command suppresses the advertisement of the IPv6 prefixs that are associated with an interface, except for those associated with secondary IPv6 addresses. This command takes precedence over the global configuration. If this configuration is not specified, the global prefix-suppression configuration applies. To remove prefix-suppression configurations for the specified interface, use the no form of this command.
no ipv6 ospf retransmit-interval Fields Definition Valid value ranges from 0 to 3600 (1 hour). Default 5 Mode Interface Config 8.4.2.13. ipv6 ospf transmit-delay This command sets the OSPF Transit Delay for the specified interface. The transmit delay is specified in seconds. In addition, it sets the estimated number of seconds it takes to transmit a link state update packet over this interface.
8.4.2.15. area default-cost This command configures the monetary default cost for the stub area. The operator must specify the area id and an integer value between 1-16777214. Format area default-cost <1-16777214> Fields Definition Area ID. Default None Mode Router OSPFv3 Config 8.4.2.16. area nssa This command configures the specified areaid to function as an NSSA. To disable nssa from the specified area id, use the no form of this command.
Fields Definition Area ID. <1-16777214> The metric of the default route. The range is 1 to 16777214. comparable Specify the metric type as NSSA-External 1. non-comparable Specify the metric type as NSSA-External 2. Default Disable Mode Router OSPFv3 Config 8.4.2.18. area nssa no-redistribute This command configures the NSSA ABR so that learned external routes will not be redistributed to the NSSA.
Default None Mode Router OSPFv3 Config 8.4.2.20. area nssa translator-role This command configures the translator role of the NSSA. A value of always causes the router to assume the role of the translator the instant it becomes a border router and a value of candidate causes the router to participate in the translator election process when it attains border router status. To disable the NSSA translator role from the specified area id, use the no form of this command.
Default None Mode Router OSPFv3 Config 8.4.2.22. area range This command creates a specified area range for a specified NSSA. The is a valid IPv6 address. The is a valid subnet mask. The LSDB type must be specified by either summarylink or nssaexternallink, and the advertising of the area range can be allowed or suppressed. To delete a specified area range, use the no form of this command.
Format area stub no area stub Fields Definition Area ID. Default None Mode Router OSPFv3 Config 8.4.2.24. area stub no-summary This command disables the import of Summary LSAs for the stub area identified by the specified area ID. To sets the Summary LSA import mode to the default for the stub area identified by the specified area ID, use the no form of this command.
Router ID of the neighbor. Default The default authentication type is none Mode Router OSPFv3 Config 8.4.2.26. area virtual-link dead-interval This command configures the dead interval for the OSPF virtual interface on the virtual interface identified by and . To configures the default dead interval for the OSPF virtual interface on the virtual interface identified by and , use the no form of this command.
Router ID of the neighbor. <1-65535> The range of the dead interval is 1 to 65535, in seconds. Default 10 seconds Mode Router OSPFv3 Config 8.4.2.28. area virtual-link retransmit-interval This command configures the retransmit interval for the OSPF virtual interface on the interface identified by and .
Fields Definition Area ID. Router ID of the neighbor. <0-3600> The range of the retransmit interval is 0 to 3600, in seconds. Default 1 seconds Mode Router OSPFv3 Config 8.4.2.30. auto-cost reference-bandwidth By default, OSPF computes the link cost of each interface from the interface bandwidth. Faster links have lower metrics, making them more attractive in route selection.
Format bfd no bfd Default Disable Mode Router OSPFv3 Config 8.4.2.32. default-information originate This command is used to control the advertisement of default routes. To configure the default advertisement of default routes, use the no form of this command.
Mode Router OSPFv3 Config 8.4.2.34. distance ospf This command sets the route preference value of OSPF in the router. Lower route preference values are preferred when determining the best route. The type of OSPF can be intra, inter, or external. All the external type routes are given the same preference value. The range is 1 to 255. A route with a preference of 255 cannot be used to forward traffic.
Format exit-overflow-interval <0-2147483647> no exit-overflow-interval Fields Definition <0-2147483647> The range of exit overflow interval for OSPF, in seconds. Default 0 Mode Router OSPFv3 Config 8.4.2.37. external-isdb-limit This command configures the external LSDB limit for OSPF. If the value is -1, then there is no limit. When the number of non-default AS-external-LSAs in a router's link-state database reaches the external LSDB limit, the router enters overflow state.
on-startup OSPF starts in stub router mode after a reboot. <5-86400> The number of seconds that OSPF remains in stub router mode after a reboot. The range is from 5 to 86,400 seconds. There is no default value. summary-lsa Set the maximum metric value for summary LSAs. The range is from 1-16777215. external-lsa Set the maximum metric value for external LSAs. The range is from 1-16777215. Inter-area-lsas Set the maximum metric value for inter-area LSAs. The range is from 1-16777215.
Default Disable Mode Router OSPFv3 Config 8.4.2.41. passive-interface Use this command to set the interface or tunnel as passive. It overrides the global passive mode that is currently effective on the interface or tunnel. To set the interface or tunnel as non-passive, use the no form of this command. It overrides the global passive mode that is currently effective on the interface or tunnel.
8.4.2.43. redistribute This command configures the OSPFv3 protocol to allow redistribution of routes from the specified source protocol/routers. To configure OSPF to prohibit redistribution of routes from the specified soure protocol/rotuers, use the no form of this command.
Default None Mode Privileged Exec 8.4.2.46. clear ipv6 ospf configuration This command resets the OSPF configuration to factory defaults. Format clear ipv6 ospf configuration Default None Mode Privileged Exec 8.4.2.47. clear ipv6 ospf counters This command reset global and interface statistics. Format clear ipv6 ospf counters Default None Mode Privileged Exec 8.4.2.48. clear ipv6 ospf neighbor This command drops the adjacency with all OSPF neighbors.
8.4.2.49. clear ipv6 ospf neighbor interface This command drops the adjacency with all OSPF neighbors on a specific interface. To drop adjacency with a specific router ID on a specific interface, specify the neighbor’s Router ID using the optional parameter . Format clear ipv6 ospf neighbor interface { | vlan <1-4093>} [ipaddr] Fields Definition Specify the interface. <1-4093> Specifies the VLAN interface. The range of the VLAN ID is 1 to 4093.
8.5. Routing Policy Commands 8.5.1. Show commands 8.5.1.1. show ipv6 prefix-list This command displays configuration and status for a selected prefix list. Format show ipv6 prefix-list [detail | summary] listname [ipv6-prefix/prefix-length] [seq sequencenumber] [longer] [first-match] Default None Mode Privileged Exec Display Message Fields Definition detail | summary (Optional) Displays detailed or summarized information about all prefix lists.
permit/deny The action to take. sequences Range of sequence numbers for the entries in the list. hit count Number of matches for the prefix entry. 8.5.2. Configuration commands 8.5.2.1. ipv6 prefix-list To create a IPv6 prefix list or add a prefix list entry, use the ipv6 prefix-list command in Global Configuration mode. An IPv6 prefix list can contain only IPv6 addresses. Prefix lists allow matching of route prefixes with those specified in the prefix list.
ipv6-prefix/prefix-length Specifies the match criteria for routes being compared to the prefix list statement. The ipv6-prefix can be any valid IPv6 prefix where the address is specified in hexadecimal using 16-bit values between colons. The prefix-length is the length of the IPv6 prefix, given as a decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). A slash mark must precede the decimal value.
8.5.2.3. set ipv6 next-hop To set the IPv6 next hop of a route, use the set ipv6 next-hop command in Route Map Configuration mode. When used in a route map applied to UPDATE messages received from a neighbor, the command sets the next hop address for matching IPv6 routes received from the neighbor. When used in a route map applied to UPDATE messages sent to a neighbor, the command sets the next hop address for matching IPv6 routes sent to the neighbor.
8.6. DHCPv6 Snooping Commands DHCPv6 snooping is a security feature that monitors DHCPv6 messages between a DHCPv6 client and DHCPv6 servers to filter harmful DHCPv6 messages and to build a bindings database of {MAC address, IPv6 address, VLAN ID, port} tuples that are considered authorized. You can enable DHCPv6 snooping globally and on specific VLANs, and configure ports within the VLAN to be trusted or untrusted. DHCPv6 servers must be reached through trusted ports.
(M4500-32C) # 8.6.2. show ipv6 dhcp snooping per interface This command displays the DHCPv6 snooping detail configurations for all interfaces or for a specific interface.
Format show ipv6 dhcp snooping binding [{static | dynamic}] [interface { | port-channel }] [vlan ] Default None Mode Privileged Exec Example: (M4500-32C) #show ipv6 dhcp snooping binding Total number of bindings: 363 Total number of Tentative bindings: MAC Address ----------------44:0A:A7:8A:00:00 44:0A:A7:8A:00:01 44:0A:A7:8A:00:02 44:0A:A7:8A:00:03 44:0A:A7:8A:00:04 44:0A:A7:8A:00:05 44:0A:A7:8A:01:00 44:0A:A7:8A:01:01 44:0A:A7:8A:01:02 44:0A:A7:8A:01:03 44:0A:A7:
8.6.5. ipv6 dhcp snooping This command enables or disables the DHCPv6 Snooping globally. Format [no] ipv6 dhcp snooping Default Disabled Mode Global Config 8.6.6. ipv6 dhcp snooping vlan This command enables or disables the DHCPv6 Snooping to the specific VLAN. Format [no] ipv6 dhcp snooping vlan Default Disabled Mode Global Config 8.6.7.
Mode Global Config 8.6.9. ipv6 dhcp snooping database write-delay This command configures the interval in seconds at which the DHCPv6 Snooping database will be persisted, and this database stores the results of DHCPv6 snooping bindings. Use keyword “no” to restore the default value of this command. The parameter “” value ranges is from 15 to 86400 seconds. Format ipv6 dhcp snooping database write-delay no ipv6 dhcp snooping database write-delay Default 300 Mode Global Config 8.
The parameter “rate” means to the limitation of packet rate. Its range is from 0 to 300 packets per second. The parameter “burst interval” means the time interval of packet burst could be over rate limitation. Its range is from 1 to 15 seconds. Format ipv6 dhcp snooping limit {rate [burst interval ]} | none no ipv6 dhcp snooping limit rate Default “rate” is None “burst interval” is 1 second.
8.6.14. clear ipv6 dhcp snooping binding This command is used to clear all DHCPv6 Snooping bindings on all interfaces or on a specific interface. Format clear ipv6 dhcp snooping binding [interface ] Default None Mode Privileged EXEC 8.6.15. clear ipv6 dhcp snooping statistics This command is used to clear all DHCPv6 Snooping statistics. Format clear ipv6 dhcp snooping statistics Default None Mode Privileged EXEC 8.6.16.
8.6.17. show ipv6 dhcp binding This command displays the DHCPv6 binding information. Format show ipv6 dhcp binding [] Mode Privileged Exec 8.6.18. clear ipv6 dhcp binding This command clears ipv6 dhcp bindings.
8.7. DHCPv6 Commands 8.7.1. show ipv6 dhcp interface This command displays the DHCPv6 information for the specific interface. Format show ipv6 dhcp interface { | vlan } [statistics] Default None Mode Privileged Exec Example: (M4500-32C) #show ipv6 dhcp interface 0/1 IPv6 Interface................................. Mode........................................... Relay Address.................................. Relay Interface Number......................... Relay Remote ID............
DHCPv6 Reply Packets Transmitted............... DHCPv6 Reconfig Packets Transmitted............ DHCPv6 Relay-reply Packets Transmitted......... DHCPv6 Relay-forward Packets Transmitted....... Total DHCPv6 Packets Transmitted............... 0 0 0 0 0 8.7.3. ipv6 dhcp relay destination This command configures an interface for DHCPv6 relay functionality on an interface or range of interfaces. Use the destination keyword to set the relay server IPv6 address.
8.7.5. service dhcpv6 This command enables the DHCPV6 relay. Use the no form of this command to disable the DHCPV6 relay.
9. Data Center Bridging Commands 9.1. FIP Snooping 9.1.1. show fip-snooping This command displays information about the global FIP snooping configuration and status. Format show fip-snooping Default None Mode Privileged EXEC Display Message Fields Definition Global Mode FIP snooping configuration status on the switch. It displays Enable when FIP snooping is enabled on the switch and Disable when FIP snooping is disabled on the switch.
Fields Definition MAC address of the ENode to dispaly. Default None Mode Privileged EXEC Display Message Fields Definition Interface Interface to which the ENode is connected. VLAN ID number of the VLAN to which the ENode belongs. Name-ID Name of the ENode. ENode-MAC MAC address of the ENode. FCFs Number of FCFs connected. Session Established Number of successful virtual connections established.
Default None Mode Privileged EXEC Display Message Fields Definition interface-id ID of an interface on which FIP snooping has been enabled. FCF-MAC MAC address of the FCF that is part of the session. ENode-MAC MAC address of the ENode that is part of the session. VLAN ID number of the VLAN that contains the session. FCoE MAC Source MAC address of the FCoE packets that are originated by the ENode as part of the session.
ENode Information: Fields Definition Interface The interface to which the ENode is connected. MAC MAC address of the ENode Sessions Total number of virtual sessions originated from ENodes to FCF in the associated VLAN. Waiting Total number of virtual connections waiting for FCF acceptance in the associated VLAN. Session Information: Fields Definition FCoE-MAC Source MAC address of the FCoE packets that are originated by the ENode as part of the session.
9.1.4. show fip-snooping fcf This command displays information about the interfaces connected to FCFs. This command can only be entered after FIP snooping is enabled using the feature fip-snooping command. Otherwise, it does not appear in the CLI. Format show fip-snooping fcf [fcf-mac] Default None Mode Privileged EXEC Display Message Fields Definition Interface Interface to which the FCF is connected. VLAN ID number of the VLAN to which the FCF belongs. No.
transmitting FCF is available for FIP FLOGI/FDISC from ENodes. This is informational and shall have no effect on existing login. Priority The priority returned from the FCF in Solicited Discovery Advertisement. This indicates the priority that has been manually assigned to the FCF. FKA-ADV FIP keepalive interval (FKA_ADV_PERIOD) in seconds configured on the FCF multiplied by five. For example, if the FKA_ADV period configured on the FCF is 80 seconds, the value of this field is 400.
ENodes Number of ENodes discovered. Sessions Total virtual sessions in FCoE VLAN. 9.1.6. show fip-snooping statistics This command displays the statistics of the FIP packets snooped in the VLAN or on an interface. If the optional (VLAN or interface) argument is not given, this command displays the statistics for all of the FIP snooping enabled VLANs. When an interface is provided as an argument, interface applicable statistics are only displayed.
MDA Number of Multicast Discovery Advertisement messages snooped on the VLAN. UDA Number of Unicast Discovery Advertisement messages snooped on the VLAN. FLOGI_ACC Number of Fabric Logins accepted on the VLAN. FLOGI_RJT Number of Fabric Logins rejected on the VLAN. FDISC_ACC Number of Fabric Discovery Logins accepted on the VLAN. FDISC_RJT Number of Fabric Discovery Logins rejected on the VLAN. LOGO_ACC Number of Fabric Logouts accepted on the VLAN.
port until the port is operationally enabled for PFC. VLAN tagging must be enabled on the interface in order to carry the dot1p values through the network. To return the settings to the default values and globally disable FIP snooping, use the no form of this command. When FIP snooping is globally disabled, received FIP frames are forwarded or flooded using the normal multicast rules. In addition, other FIP snooping commands are not available until the FIP snooping feature is enabled.
Fields Definition <0x0-0xffffff> Valid FC map values are in the range of 0x0 to 0xffffff. Default 0x0efc00 Mode VLAN Config 9.1.10. fip-snooping port-mode fcf This command configures the interface that is connected towards FCF. To relay the FIP packets received from the hosts toward the FCF, the switch needs to know the interfaces to which the FCFs are connected. By default, an interface is configured to be a host-facing interface if it is not configured to be an FCF-facing interface.
Default Disable Mode Privileged Exec NETGEAR M4500 Series Switches CLI Command Reference Manual 989
9.2. Priority-based Flow Control 9.2.1. show interface priority-flow-control This command displays the PFC information of a given interface or all interfaces. Format show interface [ Interface number. Default None Mode Privileged EXEC Display Message Fields Definition Interface Detail The port for which data is displayed. Operational State The operational status of the interface.
Incompatible Configuration The number of received configurations that were not accepted from a peer device because they were incompatible. Count Priority The 802.1p priority value. Received PFC Frames The number of PFC frames received by the interface with the associated 802.1p priority. Transmitted PFC Frames The number of PFC frames transmitted by the interface with the associated 802.1p priority.
9.2.3. priority-flow-control priority This command enables or disables the priority group for lossless (no-drop) or lossy (drop) behavior on the selected interface. Up to two lossless priorities can be enabled on an interface. The users must configure the same no-drop priorities across the network in order to ensure end-to-end lossless behavior. This command has no effect on interfaces not enabled of PFC. VLAN tagging needs to be turned on in order to carry the dot1p value through the network.
9.3. OpenFlow 9.3.1. show openflow This command displays the OpenFlow feature status and configuration information. Format show openflow Default None Mode Privileged EXEC Display Message Fields Definition Administrative Mode The OpenFlow feature administrative mode set by the command “openflow enable”. Administrative Status Disable Reason IP Address The operational status of the OpenFlow feature.
Display Message Fields Definition IP Address IPv4 address of the controller. IP Port IPv4 port number for the controller connection. Connection Mode SSL or TCP Controller Connection mode. Role The role of the controller: Master, Equal, Slave 9.3.3. show openflow installed flows This command displays the list of configured flows on the switch.
table The table number. vlan The VLAN. vlan_prio The VLAN priority. Default None Mode Privileged EXEC Display Message Fields Definition Flow type The type of flow. (For example, 1DOT3) Macth criteria The match criteria specified by the flow. Flow table The hardward table in which the flow is installed. Flow priority The priority of the flow versus other flows. Ingress port The port on which the flow is active. Actions The action specified by the flow.
Display Message Fields Definition group type Type of the Group – Indirect, All, Select etc. group ID Unique ID of the Group. reference count Group Reference Count - is used only for Indirect groups. This count indicates how many Select groups are referring to the current Indirect group. duration The time since the group was created. bucket count Number of Buckets in the group. reference group ID References the Indirect group ID and used for Select group only. 9.3.5.
Flow Deletion Count Total number of flows that were deleted from this table since the switch powered up. Insertaion Failure Count Total number of hardware insertion attempts that were rejected due to lack of space since the switch powered up. Flow Table Description A detailed description for this table. 9.3.6. openflow enable This command enables or disables the OpenFlow feature. If the OpenFlow feature is not in disabled state, then enabling has no effect on the OpenFlow feature.
9.3.8. openflow controller Specify up to twenty IP addresses to which the switch should establish an OpenFlow Controllers connection. Each command invocation specifies one IP address and connection mode (TCP or SSL). If the IP Port is omitted then the default IP port number 6633 is used. The default connection mode is SSL. The controller table configured by this command is used by the switch in OpenFlow 1.3 modes.
Format openflow passive-mode no openflow passive-mode Default Disabled Mode Global Config 9.3.11. openflow failmode This command configures the OpenFlow fail mode of connection interruption. It can choose the Fail-Secure or Fail-Standalone mode. In the case that a switch loses contact with all controllers, the switch should immediately enter either “fail secure mode” or “fail standalone mode”.
10. Fluentd Commands 10.1. Show Commands 10.1.1. show fluentd This command is used to display fluentd status and configuration settings. Format show fluentd [] Fields Definition The fluentd entry name (up to 31 alphanumeric characters).
Example #2: (M4500-32C) #show fluentd fluent Fluentd Entry : fluent Fluentd Entry Status : Enable Source Status : Enable Source Tag : syslog.switch Source Type : syslog Port : 5140 Bind : 0.0.0.0 Protocol Ty[e : udp Match Pattern : flu.** Match Type : forward Host Type : ipv4 Host : 172.16.2.
10.2. Configuration Commands 10.2.1. fluentd This command enables or disables FluentD service. Format fluentd no fluentd Default Disabled Mode Global Config 10.2.2. fluentd This command creates or deletes FluentD entry. Format fluentd no fluentd Fields Definition The fluentd entry name (up to 31 alphanumeric characters). Default None Mode Global Config 10.2.3. enable This command enables FluentD entry.
10.2.4. sourcetag This command configures the tag of the FluentD source. Format sourcetag type {syslog | localsyslog | dstat | exec} no sourcetag Fields Definition The sourcetag (up to 31 alphanumeric characters). Default None Mode Fluentd Configuration 10.2.5. syslog This command configures syslog settings. Format [enable | advance [port <1-65534> | bind | protocol-type {tcp | udp}]] no enable Fields Definition <1-65534> The port to listen to.
Default Severity: 5 Mode Localsyslog configuration 10.2.7. dstat This command configures dstat settings. Format [enable | advance [option
Default Time-key: current time Time-format: %Y-%m-%d %H:%M:%S Mode Exec configuration 10.2.9. matchpattern This command configures fluentd match. Format matchpattern type {forward | webhdfs | elasticsearch} no matchpattern Fields Definition The pattern (up to 31 alphanumeric characters). Default None Mode Fluentd configuration 10.2.10. forward This command configures forward settings.
The path where buffer chunks are stored. <1-16> The length limit of the chunk queue. The size of each buffer chunk (the value in the range <1 - 8>, and suffix k(KB) or m(MB)). The interval between data flushes (the value in the range <1 - 60>, and suffix s(seconds), m(minutes), or h(hours)).
The interval between data flushes (the value in the range <1 - 60>, and suffix s(seconds), m(minutes), or h(hours)). Default Localtime: enable Buffer-type: memory Buffer-queue-limit: 16 Buffer-chunk-limit: 8m Flush-interval: 60s Mode Webhdfs configuration 10.2.12. elasticsearch This command configures elasticsearch settings.
HTTP request timeout (the value in the range <1 - 60>, and suffix s(seconds), m(minutes), or h(hours)). The path where buffer chunks are stored. <1-16> The length limit of the chunk queue. The size of each buffer chunk (the value in the range <1 - 8>, and suffix k(KB) or m(MB)). The interval between data flushes (the value in the range <1 - 60>, and suffix s(seconds), m(minutes), or h(hours)).
11. SDVoE Commands SDVoE (Software Defined Video-over-Ethernet) is the latest high-performance, software-based AV-over-IP platform for control and distribution of audio and video over Ethernet & Fiber networks. In an SDVoE environment, L2 multicast is used by default. All these enhancements are applicable for L2 multicast only. If the user configures L3 multicast then L3 multicast should behave as per the standard. In addition, the enhancement is applicable only to IGMP version 1 and version 2.
Example: (M4500-32C) #show igmpsnooping group VLAN Subscriber MC Group Interface Type Timeout ===== ============================== ============================== ========= ====== ====== 1 192.85.1.3/00:10:26:00:00:01 225.0.0.63/01:00:5e:00:00:3f 0/2 IGMPv2 244 1 192.85.1.3/00:10:26:00:00:01 225.0.0.64/01:00:5e:00:00:40 0/2 IGMPv2 244 2 192.85.1.4/00:10:27:00:00:01 225.0.0.1/01:00:5e:00:00:01 0/30 IGMPv2 238 2 192.85.1.4/00:10:27:00:00:01 225.0.0.
11.2. Configuration Commands for an SDVoE Environment 11.2.1. igmp-plus This command enables IGMP plus to support SDVoE on the specific VLAN. That is, this command enables IGMP enhancements for the specified VLAN to support audio and video devices in an SDVoE environment. Format igmp-plus no igmp-plus Default igmp-plus 1 Mode Global Config 11.2.2.
11.2.4. set igmp fast-leave auto-assignment Use this command to configure automatic assignment of fast-leave in system level (to all ports and LAGs). Use the no form to restore to default mode.
12. Serviceability Packet Tracing Commands 12.1. CPU Traffic Commands 12.1.1. show cpu-traffic Use this command to display the current configuration parameters. Format show cpu-traffic Mode Privileged EXEC 12.1.2. show cpu-traffic interface Use this command to display per-interface statistics for configured filters. The statistics can be displayed for a specific filter such as stp, udld, arp, and so on. If no filter is specified, statistics are displayed for all configured filters.
Format show cpu-traffic trace [] Mode Privileged EXEC 12.1.5. cpu-traffic direction interface Use this command to associate CPU filters to an interface or list of interfaces. The interfaces can be a physical or logical LAG. The statistics counters are updated only for the configured interfaces. The traces can also be obtained for the configured interfaces. NOTE: The offset must consider the VLAN tag headers becuase the packet to the CPU is always a tagged packet.
Format cpu-traffic direction {tx | rx | both} match srcip [mask ] no cpu-traffic direction {tx | rx | both} match srcip Default None Mode Global Config 12.1.8. cpu-traffic direction match dstip Use this command to configure the destination IP address-specific filter. The statistics, traces, or both for configured filters are obtained for the packet matching the configured destination IP/mask.
Mode Global Config 12.1.11. cpu-traffic direction match mac Use this command to configure the source or destination MAC filter. The statistics, traces, or both for configured filters are obtained for the packet matching the configured source or destination MAC address. Format cpu-traffic direction {tx | rx | both} match {srcmac | dstmac} <0-65535> [mask ] no cpu-traffic direction {tx | rx | both} match {srcmac | dstmac} Default None Mode Global Config 12.1.12.
Default Disabled Mode Global Config 12.1.14. cpu-traffic trace Use this command to configure CPU packet tracing. The packet can be received by multiple components. If the feature is enabled and tracing configured, the packets are traced per the defined filter. If the dump-pkt keyword is enabled, the first 64 bytes of the packet are displayed along with the trace statistics. Format cpu-traffic trace [dump-pkt] no cpu-traffic trace Default Disabled Mode Global Config 12.1.15.
12.2. Exception Kernel Dump Commands 12.2.1. show exception kernel-dump Use this command to display the current kernel dump settings and slots available to view. Format show exception kernel-dump Mode Privileged Exec 12.2.2. show exception kernel-dump list Use this command to display the currently captured dumps. Format show exception kernel-dump list Mode Privileged Exec 12.2.3.
12.2.5. exception kernel-dump path Use this command to set the path where the kernel crash core dump (kdump) entries are stored.
12.3. Memory Buffer Commands 12.3.1. show mbuf Use this command to display the memory buffer (MBUF) utilization monitoring parameters. Format show mbuf Mode Privileged Exec Display Message Fields Definition Rising Threshold The percentage of the memory buffer resources that, when exceeded for the configured rising interval, triggers a notification. The range is 1 to 100. The default is 0 (disabled).
Mbufs Rx High Used Number of message buffers of class RX High currently in use. Mbufs Tx Used Number of message buffers of class TX currently in use. Total Rx Norm Alloc Attempts Number of times the system tried to allocate a message buffer allocation of class RX Norm. Total Rx Mid2 Alloc Attempts Number of times the system tried to allocate a message buffer allocation of class RX Mid2.
Fields Definition Rising Threshold The percentage of the memory buffer resources that, when exceeded for the configured rising interval, triggers a notification. The range is 1 to 100. The default is 0 (disabled).. Falling Threshold The percentage of memory buffer resources that, when usage falls below this level for the configured interval, triggers a notification. The range is 1 to 100. The default is 0 (disabled). Severity The severity level at which Mbuf logs messages. The range is 1 to 7.
