User's Manual

ManualsBrandsNetgear ManualsSwitchNetgear Switch L3

September 5, 2003

NETGEAR, Inc.

4500 Great America

Parkway

Santa Clara, CA

7000 Series L3 Managed

Switch Reference Manual for

Software v2.0

Summary of content (271 pages)

PAGE 1
7000 Series L3 Managed Switch Reference Manual for Software v2.0 NETGEAR, Inc.
PAGE 2
© 2003 by NETGEAR, Inc. , September 5, 2003. FullManual All rights reserved. Technical Support Please register to obtain technical support. Please retain your proof of purchase and warranty information. To register your product, get product support or obtain product information and product documentation, go to http://www.NETGEAR.com. If you do not have access to the World Wide Web, you may register your product by filling out the registration card and mailing it to NETGEAR customer service.
PAGE 3
Canadian Department of Communications Compliance Statement This Class B Digital apparatus (GSM73xx Level 3 Managed Switch Software v2) meets all the requirements of the Canadian Interference Causing Equipment Regulations. Cet appareil numerique del la classe B respect les exigences du Regalement sur le material broilleur du Canada. This device comples with Class B limits of Industry of Canada. Operation is subject to the following two conditions: 1. This device may not cause harmful interference. 2.
PAGE 4
iv
PAGE 5
Contents Chapter 1 About This Guide About this Manual ...........................................................................................................1-1 Organization of This Manual ....................................................................................1-1 Typographical Conventions ......................................................................................1-2 Special Message Formats ........................................................................................
PAGE 6
Chapter 6 Quick Startup Quick Starting the Switch ................................................................................................6-1 Software Version Information ...................................................................................6-1 Physical Port Data ....................................................................................................6-2 User Account Management ......................................................................................
PAGE 7
show network .........................................................................................................7-15 config network parms .............................................................................................7-15 config network protocol ..........................................................................................7-15 config network webmode .......................................................................................7-16 config network javamode ............
PAGE 8
config switchconfig flowcontrol ...............................................................................7-25 show port ................................................................................................................7-26 config port adminmode ...........................................................................................7-26 config port linktrap ..................................................................................................7-27 config port physicalmode ..
PAGE 9
config protocol interface add ..................................................................................7-37 config protocol interface remove ............................................................................7-37 show garp info ........................................................................................................7-37 show garp interface ................................................................................................7-37 config garp gmrp adminmode .........
PAGE 10
config spanningtree adminmode ............................................................................7-50 config spanningtree forceversion ...........................................................................7-50 config spanningtree configuration name ................................................................7-50 config spanningtree configuration revision .............................................................7-51 show spanningtree port ................................................
PAGE 11
config users snmpv3 authentication .......................................................................7-61 config users snmpv3 encryption .............................................................................7-62 config users snmpv3 accessmode .........................................................................7-62 show loginsession ..................................................................................................7-62 config loginsession close ................................
PAGE 12
config dot1x port maxrequests ..............................................................................7-72 config dot1x port reauthperiod ..............................................................................7-72 config dot1x port reauthenabled ............................................................................7-73 show dot1x summary .............................................................................................7-73 show dot1x port summary ...............................
PAGE 13
transfer download start ...........................................................................................7-83 clear transfer ..........................................................................................................7-83 clear config .............................................................................................................7-84 clear pass ...............................................................................................................
PAGE 14
config ip vlan routing delete .....................................................................................8-7 show router ip interface summary ............................................................................8-7 show router ospf info ................................................................................................8-8 config router id .........................................................................................................8-8 config trapflags ospf ..........
PAGE 15
show router rip interface detailed ...........................................................................8-20 show router rip interface summary .........................................................................8-21 config router rip adminmode ..................................................................................8-21 config router rip preference ....................................................................................8-22 config router rip interface authtypekey ............
PAGE 16
config router vrrp interface routerID .......................................................................8-32 config router vrrp interface priority .........................................................................8-32 config router vrrp interface ipaddress .....................................................................8-33 config router vrrp interface preemptmode ..............................................................8-33 config router vrrp interface advinterval ....................
PAGE 17
config diffserv class match dstmac ..........................................................................9-7 config diffserv class match every .............................................................................9-7 config diffserv class match ipdscp ............................................................................9-8 config diffserv class match ipprecedence ................................................................9-8 config diffserv class match iptos ..........................
PAGE 18
config diffserv policy police action nonconform drop ..............................................9-22 config diffserv policy police action nonconform markdscp .....................................9-23 config diffserv policy police action nonconform markprec ......................................9-23 config diffserv policy police action nonconform send .............................................9-23 config diffserv policy police style simple ...............................................................
PAGE 19
config acl rule match dstl4port keyword .................................................................10-3 config acl rule match dstl4port range .....................................................................10-4 config acl rule match every ....................................................................................10-4 config acl rule match ipdscp ...................................................................................10-4 config acl rule match ipprecedence .....................
PAGE 20
E ...................................................................................................................................13-8 F ...................................................................................................................................13-9 G .................................................................................................................................13-10 H .................................................................................................
PAGE 21
Chapter 1 About This Guide Thank you for purchasing the NETGEAR™ GSM73xx L3 Switch. About this Manual This reference manual assumes that the reader has basic-to-intermediate computer and Internet skills. However, basic computer network, Internet, and wireless technology tutorial information is provided in the Appendices. This document describes configuration commands for the 7000 Series L3 Managed Switch software. The commands can be accessed from the CLI, telnet, and Web interfaces.
PAGE 22
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Typographical Conventions This guide uses the following typographical conventions: Table 1. Typographical conventions italics Emphasis. bold times roman User input. [Enter] Named keys in text are shown enclosed in square brackets. The notation [Enter] is used for the Enter key and the Return key. [Ctrl]+C Two or more keys that must be pressed simultaneously are shown in text linked with a plus (+) sign.
PAGE 23
7000 Series L3 Managed Switch Reference Manual for Software v2.0 How to Navigate this Manual The HTML version of this manual includes these features. 2 1 3 Figure 1-1: HTML version of this manual 1. Left pane. Use the left pane to view the Contents, Index, and Search tabs. To view the HTML version of the manual, you must have a version 4 or later browser with JavaScript enabled. 2. Toolbar buttons. Use the toolbar buttons across the top to navigate, print pages, and more.
PAGE 24
7000 Series L3 Managed Switch Reference Manual for Software v2.0 How to Print this Manual To print this manual you man choose one of the following several options, according to your needs. • Printing a “How To” Sequence of Steps in the HTML View. Use the Print button on the upper right of the toolbar to print the currently displayed topic.
PAGE 25
Chapter 2 Switch Management Overview This chapter gives an overview of switch management, including the methods you can use to manage your NETGEAR GSM73xx Level 3 Managed Switch Software v2. • Management Access Overview • SNMP Access • Protocols The 7000 Series L3 Managed Switch Software software has two purposes: • Assist attached hardware in switching frames, based on Layer 2 or 3 information contained in the frames. • Provide a complete switch management portfolio for the network administrator.
PAGE 26
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Each management method enables the network administrator to configure, manage, and control the GSM73xx locally or remotely using in-band or out-of-band mechanisms. Management is standards-based, with configuration parameters and a private MIB providing control for functions not completely specified in the MIBs. Table 2-1.
PAGE 27
Chapter 3 Administration Console Telnet Interface The administration console is an internal, character-oriented, VT-100/ANSI menu-driven user interface for performing management activities. Using this method, you can view the administration console from a terminal, PC, Apple Macintosh, or UNIX workstation connected to the switch’s console port. Figure 3-1 shows an example of this management method.
PAGE 28
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Examples of terminal-emulation programs include: • Hyper Terminal, which is included with Microsoft Windows operating systems • ZTerm for the Apple Macintosh • TIP for UNIX workstations This example describes how to set up the connection using a Hyper Terminal on a PC, but other systems follow similar steps. 1. Click the Windows Start button. Select Accessories and then Communications.
PAGE 29
7000 Series L3 Managed Switch Reference Manual for Software v2.0 4. When the following screen appears, make sure that the port setting are as follows: Baud Rate: Data Bits: Parity: Stop Bits: Flow Control: 9600 8 None 1 None Figure 3-4: Connection Settings 5. Click OK. The Hyper Terminal window will open and you should be connected to the switch. If you do not get a welcome screen or a system menu, hit the return key.
PAGE 30
7000 Series L3 Managed Switch Reference Manual for Software v2.0 There are several characteristics to the CMI pages that are necessary to know before proceeding to use it. The TAB key or the arrow keys may be used to move within menus and sub-screens. At the bottom of every screen are some key commands available to the user for that particular screen, as well as some helpful information.
PAGE 31
Chapter 4 Web-Based Management Interface Your NETGEAR GSM73xx Level 3 Managed Switch Software v2 provides a built-in browser interface that lets you configure and manage it remotely using a standard Web browser such as Microsoft Internet Explorer 5.0 or later or Netscape Navigator 6.0 or later. This interface also allows for system monitoring and management of the switch. The ‘help’ page will cover many of the basic functions and features of the switch and it’s web interface.
PAGE 32
7000 Series L3 Managed Switch Reference Manual for Software v2.0 • Product Overview Describes supported SNMP and Web management features • Summary of Features Feature List How to Log In to the GSM73xx The GSM73xx Level 3 Managed Switch Software v2 can be configured remotely from Microsoft Internet Explorer browser version 5.0 or above, or Netscape Navigator web browser version 4.78 or above. Determine the IP address of your GSM73xx. 2.
PAGE 33
7000 Series L3 Managed Switch Reference Manual for Software v2.0 A user name and password dialog box opens like this one. Figure 4-4: User name/password dialog box 4. Type the default user name of admin and default of no password, or whatever password you have set up. Once you have entered your access point name, your Web browser should automatically find the GSM73xx L3 Switch and display the home page, as shown below.
PAGE 34
7000 Series L3 Managed Switch Reference Manual for Software v2.
PAGE 35
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Figure 4-8: GSM7324 Interactive switch image Menus The Web-based interface enables navigation through several menus. The main navigation menu is on the left of every page and contains the screens that let you access all the commands and statistics the switch provides.
PAGE 36
7000 Series L3 Managed Switch Reference Manual for Software v2.0 System-Wide Popup Menus The GSM73xx L3 Switch also provides several popup menus. Figure 4-9: Switch popup menus You can also access the main navigation menu by right clicking on the image of the switch and browsing to the menu you want to use.
PAGE 37
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Port-Specific Popup Menus The GSM73xx L3 Switch also provides several popup menus for each port. Figure 4-10: Switch popup menus You can access a port-specific popup menu by right clicking on the port in the image of the switch and browsing to the menu you want to use.
PAGE 38
7000 Series L3 Managed Switch Reference Manual for Software v2.
PAGE 39
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Chapter 5 Command Line Interface Syntax The Command Line Interface (CLI) syntax, conventions and terminology are described in this section. Each CLI command is illustrated using the structure outlined below. CLI Command Format Commands are followed by values, parameters or both. Example 1: config network parms [gateway] – – – config network parms is the command name.
PAGE 40
7000 Series L3 Managed Switch Reference Manual for Software v2.0 – [parameter]. The [] square brackets indicate that an optional parameter must be entered in place of the brackets and text inside them. – choice1|choice2. The | indicates that only one of the parameters should be entered. CLI Command Values ipAddr This parameter is a valid IP address, made up of four decimal bytes ranging from 0 to 255. The default for all IP parameters consists of zeros (that is, 0.0.0.1).
PAGE 41
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Table 1. Network Address Syntax Address Type Format Range ipAddr A.B.C.D 0.0.0.0 to 255.255.255.255 (decimal) macAddr YY:YY:YY:YY:YY:YY hexidecimal digit pairs Double quotation marks such as "System Name with Spaces" set off user defined strings. If the operator wishes to use spaces as part of a name parameter then it must be enclosed in double quotation marks.
PAGE 42
7000 Series L3 Managed Switch Reference Manual for Software v2.
PAGE 43
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Chapter 6 Quick Startup The CLI Quick Start up details procedures to quickly become acquainted with the 7000 Series L3 Managed Switch Software. Quick Starting the Switch 1. Read the device Installation Guide for the connectivity procedure. In-band connectivity allows access to the 7000 Series L3 Managed Switch Software locally or from a remote workstation.
PAGE 44
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Physical Port Data Table 6-2. Quick Start Up Physical Port Data Command Details show port all Displays the Ports Slot.
PAGE 45
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Table 6-3. Quick Start Up User Account Management Command Details config users passwd Allows the user to set passwords or change passwords needed to log in. A prompt will appear after the command is entered requesting the users old password. In the absence of an old password leave the area blank. The operator must press enter to execute the command.
PAGE 46
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Table 6-4.
PAGE 47
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Table 6-5. Quick Start Up Uploading from Switch to Out-of-Band PC (Only XMODEM) Command Details transfer upload datatype The types are: config - configuration file errorlog - error log system trace - system trace traplog - trap log transfer upload start This starts the upload and also displays the mode of uploading and the type of upload it is and confirms the upload is taking place.
PAGE 48
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Downloading from TFTP Server Before starting a TFTP server download, the operator must complete the Quick Start up for the IP Address. Table 6-7. Quick Start Up Downloading from TFTP Server Command Details transfer download mode TFTP Makes the download mode to be TFTP transfer download datatype Sets the download datatype to be an image or config file. The default is a code file.
PAGE 49
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Basic Configuration Examples This section provides configuratoin examples for port and VLAN routing, and VLAN configurations. Port Routing, RIP, and OSPF Configuration This section presents routing configuration examples for routing, RIP, and OSPF. The configuration commands used in the following example enable routing on ports 0.2, 0.3, and 0.5. . Table 6-9.
PAGE 50
7000 Series L3 Managed Switch Reference Manual for Software v2.0 The config commands used in the following example enable OSPF on ports 0.1 and 0.2 Table 6-11. OSPF Configuration Example OSPF config config config config config config config config config config config routing enable interface routing 0.1 enable interface routing 0.2 enable router id 192.150.2.1 router ospf interface areaid 0.1 0.0.0.0 router ospf interface areaid 0.2 0.0.0.0 ip interface create 0.1 192.150.2.1 255.255.255.
PAGE 51
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Table 6-12. VLAN Routing RIP Configuration Step Example CLI Command 1. Create VLAN Disable console timeout. config serial timeout 0 Create VLAN. SC box only supports VLAN routing, router port has to join VLAN. config vlan create 10 config vlan create 20 Physical Port IDs are 0.1 and 0.2. config vlan participation include 10 0.1 config vlan participation include 20 0.2 Create PVID for ports. config vlan port pvid 10 0.
PAGE 52
7000 Series L3 Managed Switch Reference Manual for Software v2.0 This example creates two router ports to run OSPF. Table 6-13. VLAN Routing OSPF Configuration Step Example CLI Command 1. Create VLAN Disable console timeout. config serial timeout 0 Create VLAN. SC box only supports VLAN routing, router port has to join VLAN. config vlan create 10 config vlan create 20 Physical Port IDs are 0.1 and 0.2. config vlan participation include 10 0.1 config vlan participation include 20 0.
PAGE 53
7000 Series L3 Managed Switch Reference Manual for Software v2.0 VLAN Example LAN switches can segment networks into logically defined virtual workgroups.This logical segmentation is commonly referred as a virtual LAN (VLAN). This logical segmentation of devices provides better LAN administration, security, and management of broadcast activity over the network. Virtual LANs have become an integral feature of switched LAN solutions.
PAGE 54
7000 Series L3 Managed Switch Reference Manual for Software v2.0 SOLUTION 1 All traffic entering the ports is tagged traffic. Since the traffic is tagged, the PVID configuration for each port is not a concern.
PAGE 55
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Chapter 7 Switching Commands This chapter provides detailed explanation of the Switching commands. The commands are divided into five functional groups: • Show commands display switch settings, statistics, and other information. • Config commands configure features and options of the switch. For every config command there is a show command that displays the config setting.
PAGE 56
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Machine Type Burnedin MAC Address Software Version Specifies the machine model as defined by the Vital Product Data. Universally assigned network address. The release.version.revision number of the code currently running on the switch. show sysinfo This command displays switch information.
PAGE 57
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config syscontact This command sets the organization responsible for the network. The range for name is from 1 to 31 alphanumeric characters. Default Format Blank config syscontact show arp switch This command displays connectivity between the switch and other devices. The Address Resolution Protocol (ARP) cache identifies the MAC addresses of the IP stations communicating with the switch. Format MAC Address IP Address Slot.
PAGE 58
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Status The status of this entry. The meanings of the values are: Static The value of the corresponding instance was added by the system or a user and cannot be relearned. Learned The value of the corresponding instance was learned, and is being used. Management The value of the corresponding instance is also the value of an existing instance of dot1d Static Address. Currently this is used when enabling VLANs for routing.
PAGE 59
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Packets Received 128-255 Octets - The total number of packets (including bad packets) received that were between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets). Packets Received 256-511 Octets - The total number of packets (including bad packets) received that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets).
PAGE 60
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Packets Received with MAC Errors Received Packets not forwarded 7-6 Total - The total number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.
PAGE 61
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Unacceptable Frame Type - The number of frames discarded from this port due to being an unacceptable frame type. VLAN Membership Mismatch - The number of frames discarded on this port due to ingress filtering. VLAN Viable Discards - The number of frames discarded on this port when a lookup on a particular VLAN occurs while that entry in the VLAN table is being modified, or if the VLAN has not been configured.
PAGE 62
7000 Series L3 Managed Switch Reference Manual for Software v2.0 and 255 octets in length inclusive (excluding framing bits but including FCS octets). Packets Transmitted 256-511 Octets - The total number of packets (including bad packets) received that were between 256 and 511 octets in length inclusive (excluding framing bits but including FCS octets).
PAGE 63
7000 Series L3 Managed Switch Reference Manual for Software v2.0 between 64 and 1518 octets, inclusive, but had a bad Frame Check Sequence (FCS) with an integral number of octets Oversized - The total number of frames that exceeded the max permitted frame size. This counter has a max increment rate of 815 counts per sec. at 10 Mb/s. Underrun Errors - The total number of frames discarded because the transmit FIFO buffer became empty during frame transmission.
PAGE 64
7000 Series L3 Managed Switch Reference Manual for Software v2.0 GVRP PDU's Transmitted - The count of GVRP PDU's transmitted from the GARP layer. GVRP Failed Registrations - The number of times attempted GVRP registrations could not be completed. GMRP PDU's received - The count of GMRP PDU's received in the GARP layer. GMRP PDU's Transmitted - The count of GMRP PDU's transmitted from the GARP layer. GMRP Failed Registrations - The number of times attempted GMRP registrations could not be completed.
PAGE 65
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Broadcast Packets Received Packets Transmitted Without Error Transmit Packets Errors Collisions Frames Time Since Counters Last Cleared The total number of packets received that were directed to the broadcast address. Note that this does not include multicast packets. The total number of packets transmitted out of the interface. The number of outbound packets that could not be transmitted because of errors.
PAGE 66
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Octets Transmitted - The total number of octets transmitted out of the interface, including framing characters. Packets Transmitted without Errors - The total number of packets transmitted out of the interface. Unicast Packets Transmitted - The total number of packets that higher-level protocols requested be transmitted to a subnetworkunicast address, including those that were discarded or not sent.
PAGE 67
7000 Series L3 Managed Switch Reference Manual for Software v2.0 show stats switch summary This command displays a count of all CPU traffic.
PAGE 68
7000 Series L3 Managed Switch Reference Manual for Software v2.0 The task ID of the event. Code The event code. Time The time this event occurred. Note: Event log information is retained across a switch reset. Task Id show msglog This command displays the message log maintained by the switch. The message log contains system trace information. The trap log contains a maximum of 256 entries that wrap. show msglog Message The message that has been logged.
PAGE 69
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Management Commands These commands manage the switch and show current management settings. show network This command displays network configuration settings that are vital for switch operation. Format IP Address Subnet Mask Default Gateway BurnedIn MAC Address Network Configuration Protocol Current Web Mode Java Mode show network The IP address of the interface. The factory default value is 0.0.0.0 The IP subnet mask for this interface.
PAGE 70
00 Series L3 Managed Switch Reference Manual for Software v2.0 Default Format none config network protocol , where bootp indicates that the switch periodically sends requests to a Bootstrap Protocol (BootP) server or a dhcp server until a response is received. none indicates that the switch should be manually configured with IP information. config network webmode This command enables or disables access to the switch through the Web interface.
PAGE 71
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Serial Port Login Timeout (minutes) Baud Rate Character Size Flow Control Stop Bits Parity Type Specifies the time, in minutes, of inactivity on a Serial port connection, after which the Switch will close the connection. Any numeric value between 0 and 160 is allowed, the factory default is 5. A value of 0 disables the timeout. The default baud rate at which the serial port will try to connect. This is selected from a pull-down menu.
PAGE 72
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config snmpcommunity create This command adds (and names) a new SNMP community. A community name is a name associated with the switch and with a set of SNMP managers that manage it with a specified privileged level. The length of name can be up to 16 case-sensitive characters. Note: Community names in the SNMP community table must be unique.
PAGE 73
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config snmpcommunity mode This command activates or deactivates an SNMP community. If a community is enabled, an SNMP manager associated with this community manages the switch according to its access right. If the community is disabled, no SNMP requests using this community are accepted. In this case the SNMP manager associated with this community cannot manage the switch until the Status is changed back to Enable.
PAGE 74
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config snmptrap delete This command deletes trap receivers for a community. Format config snmptrap delete config snmptrap ipaddr This command assigns an IP address to a specified community name. The maximum length of name is 16 case-sensitive alphanumeric characters. Note: IP addresses in the SNMP trap receiver table must be unique.
PAGE 75
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Multiple Users Flag Spanning Tree Flag Broadcast Storm Flag May be enabled or disabled by selecting the corresponding line on the pull-down entry field. The factory default is enabled. Indicates whether a trap will be sent when the same user ID is logged into the switch more than once at the same time (either via telnet or serial port). May be enabled or disabled by selecting the corresponding line on the pull-down entry field.
PAGE 76
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config trapflags multiusers This command enables or disables Multiple User traps. When the traps are enabled, a Multiple User Trap is sent when a user logs in to the terminal interface (EIA 232 or telnet) and there is an existing terminal interface session.
PAGE 77
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config telnet mode This command regulates new telnet sessions. If sessions are enabled, new telnet sessions can be established until there are no more sessions available. If sessions are disabled, no new telnet sessions are established. An established session remains active until the session is ended or an abnormal network error ends it.
PAGE 78
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config forwardingdb agetime This command configures the forwarding database address aging timeout. In an IVL system, the [fdbid/all] parameter is required. In an SVL system, the [fdbid/all] parameter is not used and will be ignored if entered.
PAGE 79
7000 Series L3 Managed Switch Reference Manual for Software v2.0 The threshold implementation follows a percentage pattern. If the broadcast traffic on any Ethernet port exceeds the high threshold percentage (as represented in “Broadcast Storm Recovery Thresholds” table) of the link speed, the switch discards the broadcasts traffic until the broadcast traffic returns to the low threshold percentage or less. The full implementation is depicted in the “Broadcast Storm Recovery Thresholds” table. Table 2.
PAGE 80
7000 Series L3 Managed Switch Reference Manual for Software v2.0 show port This command displays port information. Format Slot.Port Type Admin Mode Physical Mode Physical Status Link Status Link Trap LACP Mode show port The physical slot and physical port. If not blank, this field indicates that this port is a special type of port. The possible values are: Mon - this port is a monitoring port. Look at the Port Monitoring screens to find out more information.
PAGE 81
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config port linktrap This command enables or disables link status traps by interface. Note: This command is valid only when the Link Up/Down Flag is enabled (see “config trapflags linkmode” on page 21). Format config port linktrap < slot.port|all> config port physicalmode This command sets the speed and duplex setting for the interface. Format config port physicalmode
PAGE 82
7000 Series L3 Managed Switch Reference Manual for Software v2.0 show lag This command displays an overview of all link aggregations (LAGs) on the switch. Format Logical Slot.Port Lag Name Link State Admin Mode Link Trap Mode STP Mode Mbr Ports show lag The logical slot and the logical port. The name of this lag. You may enter any string of up to 15 alphanumeric characters. Indicates whether the Link is up or down.
PAGE 83
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Format config lag addport config lag deleteport This command deletes one or more ports from the LAG. The first interface is a logical slot and port number of a configured LAG, and the second interface is a valid slot and port number that is a member of any LAG or all (to delete all ports in the specified LAG). Format config lag deleteport
PAGE 84
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config lag deletelag This command deletes an existing lag from the configuration. The interface is a logical slot and port for a configured LAG. The all option removes all configured LAGs. Format config lags deletelag config lag stpmode This command sets the STP mode for a specific LAG. This is the value specified for STP Mode on the Port Configuration Menu. 802.1D mode is the default.
PAGE 85
7000 Series L3 Managed Switch Reference Manual for Software v2.0 show vlan detailed This command displays detailed information, including interface information, for a specific VLAN. Format VLAN ID VLAN Name VLAN Type Slot.Port Current Configured Switching Commands config vlan detailed , where the ID is a valid VLAN identification number There is a VLAN Identifier (VID) associated with each VLAN. The range of the VLAN ID is 1 to 4094. A string associated with this VLAN as a convenience.
PAGE 86
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Tagging Autodetect - Specifies to allow the port to be dynamically registered in this VLAN via GVRP. The port will not participate in this VLAN unless a join request is received on this port. This is equivalent to registration normal in the IEEE 802.1Q standard. Select the tagging behavior for this port in this VLAN. Tagged - specifies to transmit traffic for this VLAN as tagged frames.
PAGE 87
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Format config vlan makestatic <2-4094> config vlan participation This command configures the degree of participation for a specific interface in a VLAN. The ID is a valid VLAN identification number, and the interface is a valid interface number or all. Format config vlan participation <1-4094> Participation options are: include exclude auto The interface is always a member of this VLAN.
PAGE 88
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Port VLAN ID Acceptable Frame Types Ingress Filtering The VLAN ID that this port will assign to untagged frames or priority tagged frames received on this port. The value must be for an existing VLAN. The factory default is 1. Specifies the types of frames that may be received on this port. The options are 'VLAN only' and 'Admit All'. When set to 'VLAN only', untagged frames or priority tagged frames received on this port are discarded.
PAGE 89
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config vlan port acceptframe Format config vlan port ingressfilter This command enables or disables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN. disable config vlan port ingressfilter
PAGE 90
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config protocol protocol add This command adds the to the protocol-based VLAN identified by . A group may have more than one protocol associated with it. Each interface and protocol combination can only be associated with one group. If adding a protocol to a group causes any conflicts with interfaces currently associated with the group, this command will fail and the protocol will not be added to the group.
PAGE 91
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config protocol interface add This command adds the physical interface to the protocol-based VLAN identified by . If is selected, all physical interfaces will be added to this protocol group. A group may have more than one interface associated with it. Each interface and protocol combination can only be associated with one group.
PAGE 92
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Join Timer Leave Timer LeaveAll Timer Port GMRP Mode Port GVRP Mode 7-38 Specifies the interval between the transmission of GARP PDUs registering (or re-registering) membership for an attribute. Current attributes are a VLAN or multicast group. There is an instance of this timer on a per-Port, per-GARP participant basis. Permissible values are 10 to 100 centiseconds (0.1 to 1.0 seconds). The factory default is 20 centiseconds (0.
PAGE 93
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config garp gmrp adminmode This command enables or disables GARP Multicast Registration Protocol (GMRP) on the system. The default value is disable. Format config garp gmrp adminmode config garp gmrp interfacemode This command enables or disables GARP Multicast Registration Protocol on a selected interface. The parameter identifies the interface on which to configure the mode.
PAGE 94
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config garp jointimer This command sets the GVRP join time per port and per GARP. Join time is the interval between the transmission of GARP Protocol Data Units (PDUs) registering (or re-registering) membership for a VLAN or multicast group. This command has an effect only when GVRP is enabled. The time is from 10 to 100 (centiseconds) Default Format 20 centiseconds (0.2 seconds) config garp jointimer
PAGE 95
7000 Series L3 Managed Switch Reference Manual for Software v2.0 show igmpsnooping This command displays IGMP Snooping information. Configured information is displayed whether or not IGMP Snooping is enabled. Status information is only displayed when IGMP Snooping is enabled. Format Admin Mode Query Interval Time Max Response Time Multicast Router Present Expiration Time Interfaces Enabled for IGMP Snooping show igmpsnooping This indicates whether or not IGMP Snooping is active on the switch.
PAGE 96
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config igmpsnooping groupmembershipinterval This command sets the IGMP Group Membership Interval time on the system. The Group Membership Interval time is the amount of time in seconds that a switch will wait for a report from a particular group on a particular interface before deleting the interface from the entry. This value must be greater than the IGMP Maximum Response time value. The range is 1 to 3600 seconds.
PAGE 97
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Format config igmpsnooping interface mode show mfdb table This command displays the Multicast Forwarding Database (MFDB) information. If the command is entered with no parameter, the entire table is displayed. This is the same as entering the optional all parameter. The user can display the table entry for one MAC Address by specifying the MAC address a an optional parameter.
PAGE 98
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Type Description Interfaces displayed as 8 bytes. In an SVL system, the MAC address will be displayed as 6 bytes. This displays the type of the entry. Static entries are those that are configured by the end user. Dynamic entries are added to the table as a result of a learning process or protocol. The text description of this multicast table entry. The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).
PAGE 99
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Type Description Interfaces This displays the type of the entry. Static entries are those that are configured by the end user. Dynamic entries are added to the table as a result of a learning process or protocol. The text description of this multicast table entry. The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:). show mfdb stats This command displays the Multicast Forwarding Database (MFDB) statistics.
PAGE 100
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Format config mirroring create config mirroring delete This command removes the port mirroring designation from both the probe port and the mirrored port and removes the probe port from all VLANs. The port must be manually re-added to any desired VLANs. Format config mirroring delete config mirroring mode This command configures the Port Mirroring mode. The possible values are enable and disable.
PAGE 101
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config macfilter create This command adds a static MAC filter entry for the MAC address on the VLAN . The parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The restricted MAC Addresses are: 00:00:00:00:00:00, 01:80:C2:00:00:00 to 01:80:C2:00:00:0F, 01:80:C2:00:00:20 to 01:80:C2:00:00:21, and FF:FF:FF:FF:FF:FF. The parameter must identify a valid VLAN.
PAGE 102
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config macfilter delsrc This command removes a port from the source filter set for the MAC filter with the MAC address of and VLAN of . The parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The parameter must identify a valid VLAN. The parameter identifies the source port to be removed from the source port filter set for the MAC filter.
PAGE 103
7000 Series L3 Managed Switch Reference Manual for Software v2.0 If all is selected, all ports will be removed from the destination port filter set. Format config macfilter deldest Spanning Tree Commands This section provides detailed explanation of the spanning tree commands. The commands are divided into two functional groups: • Show commands display spanning tree settings, statistics, and other information.
PAGE 104
7000 Series L3 Managed Switch Reference Manual for Software v2.0 MST Instances List of all multiple spanning tree instances configured on the switch config spanningtree adminmode This command sets the spanningtree operational mode. While disabled, the spanningtree configuration is retained and can be changed, but it is not activated. Default Format disable config spaningtree adminmode config spanningtree forceversion This command sets the Force Protocol Version parameter to a new value.
PAGE 105
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config spanningtree configuration revision This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using. The is a number in the range of 0 to 65535.
PAGE 106
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config spanningtree port mode This command sets the Administrative Switch Port State to a new value for the specified port. The port is the desired switch port. To enable or disable all ports with a single command, "all" can be specified. Note that only 4095 ports can be enabled. Default Format disable config spanningtree port mode
PAGE 107
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config spanningtree bridge forwarddelay This command sets the Bridge Forward Delay parameter to a new value for the common and internal spanning tree. The forwarddelay is in whole seconds within a range of 4 to 30, with the value being greater than or equal to "(Bridge Max Age / 2) + 1".
PAGE 108
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Root Port Bridge Forward Delay Hello Time Bridge Hold Time Derived value Configured value Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs) CST Regional Root Regional Root Path Cost Associated FIDs Associated VLANs List of forwarding database identifiers currently associated with this instance. List of VLAN IDs currently associated with this instance.
PAGE 109
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Port Role Port Path Cost Designated Root Designated Port Cost Designated Bridge Designated Port Identifier Topology Change Acknowledgement Hello Time Edge Port Edge Port Status Point To Point MAC Status CST Regional Root CST Port Cost The role of the specified interface within the CST. The configured path cost for the specified interface. Identifier of the designated root for this port within the CST.
PAGE 110
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config spanningtree cst port edgeport This command specifies if a port is an Edge Port within the common and internal spanning tree. This will allow the port to transition to Forwarding State without delay. The is the desired switch port. The edgeport can either be "true" or "false". Default Format false config spanningtree cst port edgeport
PAGE 111
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config spanningtree mst vlan remove This command removes an association between a multiple spanning tree instance and a VLAN. The VLAN will again be associated with the common and internal spanning tree. The instance is a number that corresponds to the desired existing multiple spanning tree instance. The corresponds to an existing VLAN ID.
PAGE 112
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Format config spanningtree mst port priority <0-240> show spanningtree mst summary This command displays summary information about all multiple spanning tree instances in the switch. Format MST Instance ID List show spanningtree mst summary List of multiple spanning trees IDs currently configured. For each MSTID: Associated FIDs Associated VLANs List of forwarding database identifiers associated with this instance.
PAGE 113
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Associated VLANs List of VLAN IDs associated with this instance. show spanningtree mst port summary This command displays the settings of one or all ports within the specified multiple spanning tree instance. The parameter indicates a particular MST instance. The parameter indicates the desired switch port or all ports. Format MST Instance ID Slot.
PAGE 114
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Designated Port Identifier Port on the Designated Bridge that offers the lowest cost to the LAN show spanningtree vlan This command displays the association between a VLAN and a multiple spanning tree instance. The corresponds to an existing VLAN ID.
PAGE 115
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Authentication Encryption The SNMPv3 access mode may be different than the CLI and Web access mode. This field displays the authentication protocol to be used for the specified login user. This field displays the encryption protocol to be used for the specified login user. config users add This command adds a new user (account) if space permits. The account is up to eight alphanumeric characters. The is not case-sensitive.
PAGE 116
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Default no authentication Format config users snmpv3 authentication config users snmpv3 encryption This command specifies the encryption protocol and key to be used for the specified login user. The valid encryption protocols are none or des. The des protocol requires a key, which can be specified on the command line. The key may be up to 16 characters long.
PAGE 117
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Session Time Total time this session has been connected. config loginsession close This command closes a telnet session. Format config loginsession close Security Commands This section describes commands used for configuring security settings for login users and port users.
PAGE 118
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Consideration to maximum delay time should be given when configuring RADIUS maxretransmit and RADIUS timeout. If multiple RADIUS servers are configured, the max retransmit value on each will be exhausted before the next server is attempted. A retransmit will not occur until the configured timeout value on that server has passed without a response from the RADIUS server.
PAGE 119
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config radius accounting server remove This command removes a configured accounting server. The IP address specified must match that of the previously configured accounting server. Since only a single accounting server is supported, issuing this command will cause future accounting attempts to fail.
PAGE 120
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config radius server remove This command removes the configured RADIUS server. The specified IP address must match that of a previously configured RADIUS server. When a server is removed all configuration for the server is erased including the shared secret. If the removed server was the primary server, one of the remaining configured servers will be used as the RADIUS server for future RADIUS requests.
PAGE 121
7000 Series L3 Managed Switch Reference Manual for Software v2.0 show radius summary This command displays the following RADIUS configuration items for the switch. show radius summary Format Current Server IP address The IP address of the server currently used for authentication. Number of Configured Servers The number of RADIUS servers that have been configured. This value will be in the range of 0 and 3.
PAGE 122
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Round Trip Time Access Requests Access Retransmissions Access Accepts Access Rejects Access Challenges Malformed Access Responses Bad Authenticators Pending Requests The time interval, in seconds, between the most recent AccessReply/Access-Challenge and the Access-Request that matched it from this RADIUS authentication server The number of RADIUS Access-Request packets sent to this server. This number does not include retransmissions.
PAGE 123
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Port Secret Configured The port in use by the accounting server Yes or No show radius accounting stats This command displays the statistics for the accounting server. The IP address specified must match that of a configured accounting server.
PAGE 124
7000 Series L3 Managed Switch Reference Manual for Software v2.0 show radius stats This command displays the RADIUS statistics that are not related to a specific server or to the accounting server. Format Invalid Server Addresses show radius stats The number of RADIUS Access-Response packets received from unknown addresses. clear radius stats This command clears all RADIUS statistics.
PAGE 125
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config dot1x port controldir This command configures the control direction for the specified port or ports. The control direction dictates the degree to which protocol exchanges take place between Supplicant and Authenticator.
PAGE 126
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config dot1x port transmitperiod This command sets the value, in seconds, of the timer used by the authenticator state machine on the specified port to determine when to send an EAPOL EAP Request/Identity frame to the supplicant. The transmit period must be a value in the range of 1 and 65535. Default Format 30 config dot1x port transmitperiod
PAGE 127
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Default Format 3600 config dot1x port reauthperiod <1-65535> config dot1x port reauthenabled This command enables or disables reauthentication of the supplicant for the specified port. The reauthenabled value must be ‘true’ or ‘false’. If the value is ‘true’ reauthentication will occur. Otherwise, reauthentication will not be allowed. Default Format false config dot1x port reauthenabled
PAGE 128
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Format Port Protocol Version PAE Capabilities Authenticator PAE State Backend Authentication State Quiet Period Transmit Period Supplicant Timeout Server Timeout Maximum Requests Reauthentication Period Reauthentication Enabled 7-74 show dot1x port detailed The interface whose configuration is displayed The protocol version associated with this port.
PAGE 129
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Key Transmission Enabled Control Direction Indicates if the key is transmitted to the supplicant for the specified port. Possible values are True or False. Indicates the control direction for the specified port or ports. Possible values are both or in. show dot1x port stats This command displays the dot1x statistics for a specified port.
PAGE 130
7000 Series L3 Managed Switch Reference Manual for Software v2.0 EAP Request Frames Transmitted Invalid EAPOL Frames Received EAP Length Error Frames Received The number of EAP request frames (other than request/identity frames) that have been transmitted by this authenticator. The number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized. The number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized.
PAGE 131
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config authentication login set This command sets an ordered list of methods in the authentication login list. The maximum number of authentication login methods is three. The possible method values are local, radius, and reject. The value of local indicates that the user’s locally stored ID and password are used for authentication. The value of radius indicates that the user’s ID and password will be authenticated using the RADIUS server.
PAGE 132
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Default Format Access to all ports config dot1x port users add config dot1x port users remove This command removes the specified user from the list of users with access to the specified port. Format config dot1x port users remove config users defaultlogin This command assigns the authentication login list to use for non-configured users when attempting to log in to the system.
PAGE 133
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Method 3 This displays the third method in the specified authentication login list, if any. show authentication login users This command displays information about the users assigned to the specified authentication login list. If the login is assigned to non-configured users, the user “default” will appear in the user column.
PAGE 134
7000 Series L3 Managed Switch Reference Manual for Software v2.0 save config This command permanently saves configuration changes to Non-Volatile Random Access Memory (NVRAM). Format save config logout This command closes the current telnet connection or resets the current serial connection. Note: Save configuration changes before logging out. See “save config” . Format logout transfer upload mode This command specifies whether XMODEM or TFTP mode is used when uploading from the switch.
PAGE 135
7000 Series L3 Managed Switch Reference Manual for Software v2.0 See the example of the path setup. TFTP Upload Example: The TFTP upload example details three scenarios for TFTP client to server file transfer. In the example, the operator will upload the config.bin file from the switch to the location c:\tftp\ on the server. The different scenarios are detailed below: Table 3. TFTP Upload Example.
PAGE 136
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Format transfer upload datatype The datatype is one of the following: config errorlog msglog traplog Configuration file Error log Message log Trap log (the default) transfer upload start This command starts an upload transfer after displaying current settings and upon confirmation.
PAGE 137
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Note: This command is valid only when the Transfer Mode is TFTP. See “transfer download mode” on page 82. Details of the TFTP path are explained under the command transfer upload path . Default Format Blank transfer download path transfer download filename This command sets the name for the file that is downloaded to the switch. The switch “remembers” the last file name used.
PAGE 138
7000 Series L3 Managed Switch Reference Manual for Software v2.0 clear config This command resets the configuration to the factory defaults without powering off the switch. The switch is automatically reset when this command is processed. You are prompted to confirm that the reset should proceed. Format clear config clear pass This command resets all user passwords to the factory defaults without powering off the switch. You are prompted to confirm that the password reset should proceed.
PAGE 139
7000 Series L3 Managed Switch Reference Manual for Software v2.0 clear stats switch This command clears the stats for the switch. clear stats switch Format clear igmpsnooping This command clears the tables managed by the IGMP Snooping function and will attempt to delete these entries from the Multicast Forwarding Database. Format clear igmpsnooping reset system This command resets the switch without powering it off. Reset means that all network connections are terminated and the boot code executes.
PAGE 140
7000 Series L3 Managed Switch Reference Manual for Software v2.
PAGE 141
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Chapter 8 Routing Commands This chapter provides detailed explanation of the Routing commands. The switch commands are divided by functionality into these different groups: • Show commands are used to display switch settings, statistics and other information. • Config commands are used to configure features and options of the switch. For every config command there is a show command that will display the config setting.
PAGE 142
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Type Is the type that was configured into the unit. The possible values are Local, Gateway, Dynamic and Static. config arp agetime This command configures the ARP entry ageout time. The value for is a valid positive integer, which represents the IP ARP entry ageout time in seconds. The range for is between 15-3600 seconds.
PAGE 143
7000 Series L3 Managed Switch Reference Manual for Software v2.0 The value for is a valid positive integer, which represents the IP ARP entry response timeout time in seconds. The range for is between 1-10 seconds. Default Format l config arp resptime <1-10seconds>. config arp retries This command configures the ARP count of maximum request for retries. The value for is an integer, which represents the maximum number of request for retries.
PAGE 144
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Is the burnedin physical address of the specified interface. The format is 6 two-digit hexadecimal numbers that are separated by colons. Maximum Transmission Unit Is a number representing the maximum transmission unit (MTU) size (in bytes) for the interface. The default value is 1500. For the standard implementation the maximum value is 1500 and the minimum value is 576 bytes. This value was configured into the unit.
PAGE 145
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Format config ip interface mtu <5761500> config ip interface netdirbcast This command enables or disables the forwarding of network-directed broadcasts. The value for is either enable or disable. When enabled, network directed broadcasts are forwarded. When disabled they are dropped. Default Format enable. config ip interface netdirbcast
PAGE 146
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Format Default Time to Live Router ID Routing Mode IP Forwarding Mode show ip summary The computed TTL (Time to Live) of forwarding a packet from the local router to the final destination. Is a 32 bit integer in dotted decimal format identifying the router, about which information is displayed. This is a configured value. Shows whether the routing mode is enabled or disabled. Shows whether forwarding of IP frames is enabled or disabled.
PAGE 147
7000 Series L3 Managed Switch Reference Manual for Software v2.0 VLAN ID Logical Interface IP Address Subnet Mask routing interfaces. It will be displayed above the per-VLAN information. Is the identifier of the VLAN. Indicates the logical slot and port associated with the VLAN routing interface. Displays the IP Address associated with this VLAN. Indicates the subnet mask that is associated with this VLAN. config ip vlan routing create This command creates routing on a VLAN.
PAGE 148
7000 Series L3 Managed Switch Reference Manual for Software v2.0 show router ospf info This command displays information relevant to the OSPF router. This command takes no options. Format Router ID OSPF Admin Mode ASBR Mode show router ospf info Is a 32 bit integer in dotted decimal format identifying the router, about which information is displayed. This is a configured value. The administrative mode of OSPF in the router. This is a configured value. Reflects whether the ASBR mode is enabled or disabled.
PAGE 149
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config trapflags ospf This command enables or disables OSPF traps. Default Format enable config trapflags ospf config router ospf adminmode This command sets the administrative mode of OSPF in the router to active or inactive. Default Format disable config router ospf adminmode config router ospf asbr This command determines whether the router can act as an autonomous system border router.
PAGE 150
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Subnet Mask OSPF Admin Mode OSPF Area ID Router Priority Retransmit Interval Hello Interval Dead Interval LSA Ack Interval Iftransit Delay Interval Authentication Type Is a mask of the network and host portion of the IP address for the OSPF interface. This value was configured into the unit. This is a configured value. States whether OSPF is enabled or disabled on a router interface. This is a configured value.
PAGE 151
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Format OSPF Area ID Spf Runs Area Border Router Count AS Border Router Count Area LSA Count IP Address OSPF Interface Events Virtual Events Neighbor Events External LSA Count LSAs Received Originate New LSAs show router ospf interface stats The area id of this OSPF interface. The number of times that the intra-area route table has been calculated using this area's link-state database.
PAGE 152
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config router ospf interface areaid This command sets the OSPF area to which the specified router interface belongs. The value for is an IP address, formatted as a 4-digit dotted-decimal number that uniquely identifies the area to which the interface connects. Assigning an area id, which does not exist on an interface, causes the area to be created with default values. Format config router ospf interface areaid
PAGE 153
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config router ospf interface interval hello This command sets the OSPF hello interval for the specified interface. The value for is a valid positive integer, which represents the length of time in seconds. The value for the length of time must be the same for all routers attached to a network. Valid values range from 1 to 65535. Default Format 10 config router ospf interface interval hello
PAGE 154
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Default Format disable config router ospf interface mode config router ospf interface priority This command sets the OSPF priority for the specified router interface. The priority of the interface is a priority integer from 0 to 255. A value of '0' indicates that the router is not eligible to become the designated router on this network. Default Format 1, which is the highest router priority.
PAGE 155
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Area LSA Count Area LSA Checksum Stub Mode Total number of link-state advertisements in this area's link-state database, excluding AS External LSA's. A number representing the Area LSA Checksum for the specified AreaID excluding the external (LS type 5) link-state advertisements. Represents whether the specified Area is a stub area or not. The possible values are enabled and disabled. This is a configured value.
PAGE 156
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config router ospf area range delete This command deletes a specified area range. The is a valid IP address. The is a valid subnet mask. The parameter [summ] is optional. Format config router ospf area range delete [summ] config router ospf area stub metric value This command configures the monetary default metric for the stub area.
PAGE 157
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config router ospf area stub create This command creates a stub area for the specified area ID. A stub area is characterized by the fact that AS External LSAs are not propagated into the area. Removing AS External LSAs and Summary LSAs can significantly reduce the link state database of routers within the stub area.
PAGE 158
7000 Series L3 Managed Switch Reference Manual for Software v2.0 State Events Permanence Hellos Suppressed Retransmission Queue Length indicates that the router is not eligible to become the designated router on this network. The types are: Down- initial state of the neighbor conversation - no recent information has been received from the neighbor. Attempt - no recent information has been received from the neighbor but a more concerted effort should be made to contact the neighbor.
PAGE 159
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Router ID IP Address Neighbor Interface Index Is 4 digit dotted decimal number representing the neighbor interface. Is an IP address representing the neighbor interface. Is a slot.port identifying the neighbor interface index. show router ospf stub table This command displays the OSPF stub table. The information below will only be displayed if OSPF is initialized on the switch.
PAGE 160
7000 Series L3 Managed Switch Reference Manual for Software v2.0 show router rip info This command displays information relevant to the RIP router. Format Router ID RIP Admin Mode Global Route Changes Global queries show router rip info Is a 32 bit dotted decimal number representing the interface. RIP administrative mode of router RIP operation; enable activates and disable de-activates the RIP ability for the switch. This is a configured value.
PAGE 161
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Default Metric A number which represents the metric used for default routes in RIP updates originated on the specified interface. This is a configured value. The following information will be invalid if the link state is down. Bad Packets Received Bad Routes Received Updates Sent The number of RIP response packets received by the RIP process which were subsequently discarded for any reason.
PAGE 162
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config router rip preference This command sets the route preference value of RIP in the router. Lower route preference values are preferred when determining the best route. Default Format 15 config router rip preference <0-255> config router rip interface authtypekey This command sets the RIP Version 2 Authentication Type and Key for the specified interface. The value of is either none or simple.
PAGE 163
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config router rip interface mode This command enables or disables RIP on a router interface. The value for is either enable or disable. Default Format disable config router rip interface mode config router rip interface version receive This command configures the interface to allow RIP control packets of the specified version(s) to be received. The value for
PAGE 164
7000 Series L3 Managed Switch Reference Manual for Software v2.0 show router ospf virtif detailed This command displays the OSPF Virtual Interface information for a specific area and neighbor. The parameter identifies the area and the parameter identifies the neighbor's IP Address.
PAGE 165
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config router ospf virtif delete This command deletes the OSPF virtual interface from the given interface, identified by and . The parameter is the IP address of the neighbor. Format config router ospf virtif delete config router ospf virtif authtypekey This command configures the authentication type and key for the OSPF virtual interface identified by and .
PAGE 166
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config router ospf virtif interval hello This command configures the hello interval for the OSPF virtual interface on the virtual interface identified by and . The parameter is the IP address of the neighbor. The range for is 1 to 65535.
PAGE 167
7000 Series L3 Managed Switch Reference Manual for Software v2.0 show router route table This command causes the entire route table to be displayed. This commands takes no options. Format Network Address Subnet Mask Protocol Next Hop Intf Next Hop IP Address Total Number of Routes show router route table Is an IP address identifying the network on the specified interface. Is a mask of the network and host portion of the IP address for the router interface. Tells which protocol added the specified route.
PAGE 168
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Format Network Address Subnet Mask Protocol Next Hop Interface Next Hop IP Address Metric show router route entry Is a valid network address identifying the network on the specified interface. Is a mask of the network and host portion of the IP address for the attached network. Tells which protocol added the specified route. The possibilities are: local, static, OSPF or RIP.
PAGE 169
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config router route delete This command causes a static route to be deleted. The and are valid IP address. The is a 4-digit dotted-decimal number representing a valid Subnet Mask. Format config router route delete config router route preference This command sets the route preference value of local and static routes in the router.
PAGE 170
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Router Checksum Errors Router Version Errors Router VRID Errors Represents the total number of VRRP packets received with an invalid VRRP checksum value. Represents the total number of VRRP packets received with Unknown or unsupported version number. Represents the total number of VRRP packets received with invalid VRID for this virtual router. config router vrrp adminmode This command sets the administrative mode of VRRP in the router.
PAGE 171
7000 Series L3 Managed Switch Reference Manual for Software v2.0 VRID IP Address Mode State Represents the router ID of the virtual router. Is the IP Address that was configured on the virtual router Represents whether the virtual router is enabled or disabled. Represents the state (Master/backup) of the virtual router. show router vrrp interface stats This command displays the statistical information about each virtual router configured on the 7000 Series L3 Managed Switch.
PAGE 172
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Authentication Type Mismatch Packet Length Errors Represents the total number of VRRP advertisements received for which 'auth type' not equal to locally configured one for this virtual router. Represents the total number of VRRP packets received with packet length less than length of VRRP header config router vrrp interface adminmode This command enables and disables the virtual router configured on the specified interface.
PAGE 173
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config router vrrp interface ipaddress This command sets the ipaddress value for a virtual router. The value for is the IP Address which is to be configured on that interface for VRRP. The parameter is the virtual router ID which has an integer value range from 1 to 255. Default Format There is no default value for ipaddress. config router vrrp interface ipaddress
PAGE 174
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Format config router vrrp interface authdetails [key] config router vrrp removedetails This command removes all VRRP configuration details of the virtual router configured on a specific interface. The parameter is the virtual router ID which has an integer value ranges from 1 to 255. Format config router vrrp removedetails
PAGE 175
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config router rtrdiscovery lifetime This command configures the value, in seconds, of the lifetime field of the router advertisement sent from this interface. The range is the maxinterval to 9000 seconds. Default Format 3 * maxinterval config router rtrdiscovery lifetime config router rtrdiscovery address This command configures the address to be used to advertise the router for the interface.
PAGE 176
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Adv Life Preferences Displays advertise lifetime which is the value of the lifetime field of the router advertisement sent from the interface in seconds. Displays the preference of the address as a default router address, relative to other router addresses on the same subnet. show router bootpdhcprelay This command displays the BootP/DHCP Relay information.
PAGE 177
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config router bootpdhcprelay maxhopcount This command configures the maximum allowable relay agent hops for BootP/DHCP Relay on the system. The parameter has a range of 1 to 16. Default 4 Format config bootpdhcprelay maxhopcount <1-16> config router bootpdhcprelay minwaittime This command configures the minimum wait time in seconds for BootP/DHCP Relay on the system.
PAGE 178
7000 Series L3 Managed Switch Reference Manual for Software v2.
PAGE 179
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Chapter 9 CLI Commands: Differentiated Services This chapter contains the CLI commands used for the QOS Differentiated Services (DiffServ) package.
PAGE 180
7000 Series L3 Managed Switch Reference Manual for Software v2.
PAGE 181
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Class Commands The 'class' command set is used in DiffServ to define: Traffic Classification Service Levels Specify Behavior Aggregate (BA), based on DSCP, and MultiField (MF) classes of traffic (name, match criteria) Specify the BA forwarding classes / service levels. Conceptually, DiffServ is a two-level hierarchy of classes: 1. Service/PHB, 2.
PAGE 182
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config diffserv class create all This command defines a new DiffServ class of type all. The parameter is a casesensitive alphanumeric string from 1 to 31 characters uniquely identifying the class (Note: the class name ‘default’ is reserved and must not be used here). The class type of all indicates how the individual class match criteria are evaluated.
PAGE 183
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config diffserv class rename This command changes the name of a DiffServ class. The is the name of an existing DiffServ class. The parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the class (Note: the class name ‘default’ is reserved and must not be used here).
PAGE 184
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config diffserv class match dstl4port keyword This command adds to the specified class definition a match condition based on the destination layer 4 port of a packet using a single keyword notation. The is the name of an existing DiffServ class. The value for is one of the supported port name keywords (listed below). The optional [exclude] parameter has the effect of negating this match condition for the class (i.e.
PAGE 185
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config diffserv class match dstl4port range This command adds to the specified class definition a match condition based on the destination layer 4 port of a packet using a numeric range notation. The is the name of an existing DiffServ class. Two layer 4 port numbers are required and together they specify a contiguous port range.
PAGE 186
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Default Format none config diffserv class match every [exclude] config diffserv class match ipdscp This command adds to the specified class definition a match condition based on the value of the IP DiffServ Code Point (DSCP) field in a packet, which is defined as the high-order six bits of the Service Type octet in the IP header (the low-order two bits are not checked). The is the name of an existing DiffServ class.
PAGE 187
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Note: The ipdscp, ipprecedence, and iptos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header, but with a slightly different user notation. Note: To specify a match on all Precedence values, use the config diffserv class match iptos command with set to 0 and set to 1F (hex).
PAGE 188
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config diffserv class match protocol keyword This command adds to the specified class definition a match condition based on the IP Protocol of a packet using a single keyword notation. The is the name of an existing DiffServ class. The value for is one of the supported protocol name keywords (listed below). The optional [exclude] parameter has the effect of negating this match condition for the class (i.e.
PAGE 189
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config diffserv class match refclass This command adds to or removes from the specified class definition the set of match conditions defined for another class. The is the name of an existing DiffServ class. The is the name of an existing DiffServ class whose match conditions are being referenced by the specified class definition. Note: there is no [exclude] option for this match command.
PAGE 190
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Default Format none config diffserv class match srcip [exclude] config diffserv class match srcl4port keyword This command adds to the specified class definition a match condition based on the source layer 4 port of a packet using a single keyword notation. The is the name of an existing DiffServ class. The value for is one of the supported port name keywords (listed below).
PAGE 191
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config diffserv class match srcl4port range This command adds to the specified class definition a match condition based on the source layer 4 port of a packet. The is the name of an existing DiffServ class. Two layer 4 port numbers are required and together they specify a contiguous port range.
PAGE 192
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Default Format none config diffserv class match vlan <1-4094> [exclude] Policy Commands The 'policy' command set is used in DiffServ to define: Traffic Conditioning Service Provisioning Specify traffic conditioning actions (policing, marking, shaping) to apply to traffic classes Specify bandwidth and queue depth management requirements of service levels (EF, AF, etc.
PAGE 193
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Note: The policy type dictates which of the individual policy attribute commands are valid within the policy definition. Format config diffserv policy create config diffserv policy delete This command eliminates an existing DiffServ policy. The parameter is the name of an existing DiffServ policy.
PAGE 194
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Format config diffserv policy class remove config diffserv policy bandwidth kbps This command identifies a minimum amount of bandwidth to be reserved for the specified class instance within the named policy using an absolute rate notation. The and are the names of an existing DiffServ policy and class, respectively.
PAGE 195
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Format config diffserv policy bandwidth percent <1-100> Restrictions The sum of the committed information rate values for all bandwidth and expedite commands defined within a policy must not exceed the available link bandwidth of the interface to which that policy is assigned.
PAGE 196
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config diffserv policy expedite percent This command identifies the maximum guaranteed amount of bandwidth to be reserved for the specified class instance within the named policy using a relative rate notation. The and are the names of an existing DiffServ policy and class, respectively. The committed information rate is specified as a percentage of total link capacity and is an integer from 1 to 100.
PAGE 197
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config diffserv policy mark ipdscp This command marks all packets for the associated traffic stream with the specified IP DSCP value. The and are the names of an existing DiffServ policy and class, respectively.
PAGE 198
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config diffserv policy police action conform markdscp This command sets the action taken on conforming traffic to markdscp for the police command (simple, singlerate, tworate) currently configured for the specified class in this policy. The and are the names of an existing DiffServ policy and class, respectively.
PAGE 199
7000 Series L3 Managed Switch Reference Manual for Software v2.0 This command can be issued at any time, but is only meaningful within the context of one of the police simple, singlerate, or tworate command attributes defined for this class instance.
PAGE 200
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config diffserv policy police action exceed markprec This command sets the action taken on excess traffic to markprec for the police command (singlerate, tworate) currently configured for the specified class in this policy. The and are the names of an existing DiffServ policy and class, respectively. An IP Precedence value is required and is specified as an integer from 0-7.
PAGE 201
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config diffserv policy police action nonconform markdscp This command sets the action taken on nonconforming traffic to markdscp for the police command (simple, singlerate, tworate) currently configured for the specified class in this policy. The and are the names of an existing DiffServ policy and class, respectively.
PAGE 202
7000 Series L3 Managed Switch Reference Manual for Software v2.0 This command can be issued at any time, but is only meaningful within the context of the police simple, singlerate, or tworate command attributes defined for this class instance. Format config diffserv policy police action nonconform send Policy Type In config diffserv policy police style simple This command is used to establish the traffic policing style for the specified class.
PAGE 203
7000 Series L3 Managed Switch Reference Manual for Software v2.0 For each outcome, the only possible actions are drop, markdscp, markprec, or send. In this singlerate form of the police command, the conform action defaults to send, the exceed action defaults to drop, and the nonconform action defaults to drop. These actions cannot be changed directly with this command, but can be changed through their respective config diffserv policy police action conform, exceed, and nonconform commands.
PAGE 204
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config diffserv policy randomdrop This command changes the active queue depth management scheme from the default tail drop to RED. The and are the names of an existing DiffServ policy and class, respectively. The first two data parameters are the average queue depth minimum and maximum threshold values specified in bytes. The minimum threshold is an integer from 1 to 250000.
PAGE 205
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Restrictions Policy Type This shaping rate must not exceed the maximum link data rate of the interface to which the policy is applied.
PAGE 206
7000 Series L3 Managed Switch Reference Manual for Software v2.0 This set of commands consists of service addition/removal. The CLI command root is config diffserv service. config diffserv service add This command attaches a policy to an interface in a particular direction. The parameter specifies a valid slot number and port number for the system. Alternatively, the value all can be used in place of to attach this policy to all system interfaces.
PAGE 207
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Format config diffserv service remove Show Commands The 'show' command set is used in DiffServ to display configuration and status information for: • Classes • Policies • Services This information can be displayed in either summary or detailed formats. The status information is only shown when the DiffServ administrative mode is enabled; it is suppressed otherwise.
PAGE 208
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Values Excluded IP Address, Destination Layer 4 Port, Destination MAC Address, Every, IP DSCP, IP Precedence, IP TOS, Protocol Keyword, Reference Class, Source IP Address, Source Layer 4 Port, Source MAC Address, and VLAN. This field displays the values of the Match Criteria. This field indicates whether or not this Match Criteria is excluded. show diffserv class summary This command displays a list of all defined DiffServ classes.
PAGE 209
7000 Series L3 Managed Switch Reference Manual for Software v2.0 DiffServ Admin mode Class Table Size Class Table Max Class Rule Table Size Class Rule Table Max Policy Table Size Policy Table Max Policy Instance Table Size Policy Instance Table Max Policy Attribute Table Size Policy Attribute Table Max Service Table Size Service Table Max The current value of the DiffServ administrative mode. The current number of entries (rows) in the Class Table. The maximum allowed entries (rows) for the Class Table.
PAGE 210
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Mark IP DSCP Mark IP Precedence Policing Style Committed Rate (Kbps) Committed Burst Size (KB) Excess Burst Size (KB) Peak Rate (Kbps) Peak Burst Size (KB) Conform Action Conform DSCP Value Conform IP Precedence Value Exceed Action Exceed DSCP Value Exceed IP Precedence Value Non-Conform Action Non-Conform DSCP Value 9-32 Denotes the mark/re-mark value used as the DSCP for traffic matching this class.
PAGE 211
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Non-Conform IP Precedence Value Bandwidth Expedite Burst Size (KBytes) Shaping Average Shape Committed Rate (Kbps) Shape Peak Rate (Kbps) Random Drop Minimum Threshold Random Drop Maximum Threshold Random Drop Maximum Drop Probability Random Drop Sampling Rate Random Drop Decay Exponent This field displays the IP Precedence mark value if this action is markprec.
PAGE 212
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Policy Name Policy Type Class Members The name of this policy. (Note that the order in which the policies are displayed is not necessarily the same order in which they were created.) The policy type, namely whether it is an inbound or outbound policy definition. List of all class names associated with this policy. show diffserv service info detailed This command displays policy service information for the specified interface and direction.
PAGE 213
7000 Series L3 Managed Switch Reference Manual for Software v2.0 DiffServ Mode The current setting of the DiffServ administrative mode. An attached policy is only active on an interface while DiffServ is in an enabled mode. The following information is repeated for interface and direction (only those interfaces configured with an attached policy are shown): Interface Direction OperStatus Policy Name The slot number and port number of the interface (slot.port).
PAGE 214
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Interface Sent Octets/Packets A cumulative count of the octets/packets forwarded by this service interface in the specified direction after the defined DiffServ treatment was applied. In this case, forwarding means the traffic stream was passed to the next functional element in the data path, such as the switching or routing function or an outbound link transmission element.
PAGE 215
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Note: None of the counters listed here are guaranteed to be supported on all platforms. Only supported counters are shown in the display output. show diffserv service stats summary This command enables or disables the route reflector client. A route reflector client relies on a route reflector to re-advertise its routes to the entire AS. The possible values for this field are enable and disable.
PAGE 216
7000 Series L3 Managed Switch Reference Manual for Software v2.
PAGE 217
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Chapter 10 ACL Commands Show Commands The show commands show the current settings for a command. show acl summary This command displays a summary of the Access Control Lists (ACLs) that are associated with interfaces in the system. Format ACL ID Rules Interface(s) Direction show acl summary This field displays the ACL identifier. This field displays the number of rules that are associated with this ACL.
PAGE 218
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Source IP Mask Source Ports Destination IP Address Destination IP Mask Destination Ports Service Type Field Match Service Type Field Value This field displays the source IP Mask for this rule. This field displays the source port range for this rule. This displays the destination IP address for this rule. This field displays the destination IP Mask for this rule. This field displays the destination port range for this rule.
PAGE 219
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config acl rule delete This command removes a rule from the ACL referenced by the parameter . The rule is identified by the parameter. Format config acl rule delete config acl rule action This command removes a rule from the ACL referenced by the parameter . The rule is identified by the parameter. The values of permit or deny indicate how this rule is evaluated.
PAGE 220
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config acl rule match dstl4port range This command specifies a destination layer 4 port match condition for an ACL rule referenced by the and . The and parameters identify the first and last ports that are part of the port range. They have values from 0 to 65535. The ending port must have a value equal or greater than the starting port.
PAGE 221
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config acl rule match ipprecedence This command specifies an IP Precedence match condition for an ACL rule referenced by the and . The IP Precedence field in a packet is defined as the high-order three bits of the Service Type octet in the IP header. The parameter identifies the precedence value as an integer from 0 to 7.
PAGE 222
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config acl rule match protocol keyword This command specifies the IP protocol of a packet as a match condition for an ACL rule referenced by the and . The parameter identifies the protocol using a single keyword notation and has the possible values of icmp, igmp, ip, tcp, and udp. A protocol keyword of ip is interpreted to match all protocol number values.
PAGE 223
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config acl rule match srcl4port keyword This command specifies a source layer 4 port match condition for an ACL rule referenced by the and . The uses a single keyword notation and has the possible values of domain, echo, ftp, ftpdata, http, smtp, snmp, telnet, tftp, and www. Each of these values translates into its equivalent port number, which is used as both the start and end of the port range.
PAGE 224
7000 Series L3 Managed Switch Reference Manual for Software v2.0 config acl interface remove This command disassociates an ACL from an interface in the specified direction. The parameter can have the values of in or out. The parameter specifies the ACL to add. Format config acl interface remove
PAGE 225
Appendix A Cabling Guidelines This appendix provides specifications for cables used with a NETGEAR GSM73xx Level 3 Managed Switch Software v2. Fast Ethernet Cable Guidelines Fast Ethernet uses UTP cable, as specified in the IEEE 802.3u standard for 100BASE-TX.The specification requires Category 5 UTP cable consisting of either two-pair or four-pair twisted insulated copper conductors bound in a single plastic sheath. Category 5 cable is certified up to 100 MHz bandwidth.
PAGE 226
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Category 5 Cable Category 5 distributed cable that meets ANSI/EIA/TIA-568-A building wiring standards can be a maximum of 328 feet (ft.) or 100 meters (m) in length, divided as follows: 20 ft. (6 m) between the hub and the patch panel (if used) 295 ft. (90 m) from the wiring closet to the wall outlet 10 ft.
PAGE 227
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Table 10-1. Electrical Requirements of Category 5 Cable SPECIFICATIONS CATEGORY 5 CABLE REQUIREMENTS Number of pairs Four Impedance 100 ± 15% Mutual capacitance at 1 KHz 5.6 nF per 100 m Maximum attenuation (dB per 100 m, at 20° C) at 4 MHz: 8.2 at 31 MHz: 11.7 at 100 MHz: 22.
PAGE 228
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Figure A-2 illustrates crossover twisted pair cable. Figure A-2: Crossover Twisted-Pair Cable Patch Panels and Cables If you are using patch panels, make sure that they meet the 100BASE-TX requirements. Use Category 5 UTP cable for all patch cables and work area cables to ensure that your UTP patch cable rating meets or exceeds the distribution cable rating.
PAGE 229
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Note: Flat “silver satin” telephone cable may have the same RJ-45 plug. However, using telephone cable results in excessive collisions, causing the attached port to be partitioned or disconnected from the network. Using 1000BASE-T Gigabit Ethernet over Category 5 Cable When using the new 1000BASE-T standard, the limitations of cable installations and the steps necessary to ensure optimum performance must be considered.
PAGE 230
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Unlike 10BASE-T and 100BASE-TX, which use only two of the four pairs of wires within the Category 5, 1000BASE-T uses all four pairs of the twisted pair. Make sure all wires are tested ⎯ this is important. Factors that affect the return loss are: The number of transition points, as there is a connection via an RJ-45 to another connector, a patch panel, or device at each transition point.
PAGE 231
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Figure A-4 shows the RJ-45 plug and RJ-45 connector. Figure A-4: RJ-45 Plug and RJ-45 Connector with Built-in LEDs Table 10-2 lists the pin assignments for the 10/100 Mbps RJ-45 plug and the RJ-45 connector. Table 10-2.
PAGE 232
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Table 10-3.
PAGE 233
Appendix B 802.1x Port-Based Authentication Overview This appendix provides an overview of802.1x security and configuration. 802.1x is well on its way to becoming an industry standard, and provides an effective wired and wireless LAN security solution. Windows XP implements 802.1x natively, and the GSM73xx Level 3 Managed Switch Software v2 supports 802.1x. The 802.11i committee is specifying the use of 802.1x to eventually become part of the 802.11 standard.
PAGE 234
7000 Series L3 Managed Switch Reference Manual for Software v2.0 1 2 3 4 6 5 7 Figure B-1: 802.1x authentication 1. The client sends an EAP-start message. This begins a series of message exchanges to authenticate the client. 2. The access point replies with an EAP-request identity message. 3. The client sends an EAP-response packet containing the identity to the authentication server. 4. The authentication server uses a specific authentication algorithm to verify the client's identity.
PAGE 235
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Initial 802.1x communications begin with an unauthenticated supplicant (i.e., client device) attempting to connect with an authenticator (i.e., 802.11 access point). The access point responds by enabling a port for passing only EAP packets from the client to an authentication server located on the wired side of the access point.
PAGE 236
7000 Series L3 Managed Switch Reference Manual for Software v2.0 B-4 802.
PAGE 237
Appendix C Glossary Use the list below to find definitions for technical terms used in this manual. Numeric 802.1D The IEEE designator for Spanning Tree Protocol (STP). STP, a link management protocol, is part of the 802.1D standard for media access control bridges. Using the spanning tree algorithm, STP provides path redundancy while preventing endless loops in a network. An endless loop is created by multiple active paths between stations where there are alternate routes between hosts.
PAGE 238
7000 Series L3 Managed Switch Reference Manual for Software v2.0 multiple authentication methods, such as token cards, Kerberos, one-time passwords, certificates, and public key authentication. For details on EAP specifically, refer to IETF's RFC 2284. 10BASE-T The IEEE specification for 10 Mbps Ethernet over Category 3, 4, or 5 twisted-pair cable. 100BASE-FX The IEEE specification for 100 Mbps Fast Ethernet over fiber-optic cable.
PAGE 239
7000 Series L3 Managed Switch Reference Manual for Software v2.0 API See “Application Programming Interface” on page 3. Application Programming Interface An API is an interface used by an programmer to interface with functions provided by an application. Area Border Router A router located on the border of one or more OSPF areas that connects those areas to the backbone network. ABRs are considered members of both the OSPF backbone and the attached areas.
PAGE 240
7000 Series L3 Managed Switch Reference Manual for Software v2.0 AVL tree Binary tree having the property that for any node in the tree, the difference in height between the left and right subtrees of that node is no more than 1. B BPDU See “Bridge Protocol Data Unit” on page 5. BGP See “Border Gateway Protocol” on page 4. Backbone The part of a network used as a primary path for transporting traffic between network segments.
PAGE 241
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Inter-Domain Routing (Classless Inter-Domain Routing), which is a way to have more addresses within the network than with the current IP address assignment scheme Bridge Protocol Data Unit BPDU is the IEEE 802.1D MAC Bridge Management protocol that is the standard implementation of STP (Spanning Tree Protocol). It uses the STP algorithm to insure that physical loops in the network topology do not result in logical looping of network traffic.
PAGE 242
7000 Series L3 Managed Switch Reference Manual for Software v2.0 and checks to make sure the accompanying numerical value is the same. If not, the receiver can assume that the message has been corrupted. Class of Service A term to describe treating different types of traffic with different levels of service priority. Higher priority traffic gets faster treatment during times of switch congestion CLI See “Command Line Interface” on page 6.
PAGE 243
7000 Series L3 Managed Switch Reference Manual for Software v2.0 D DAPI See “Device Application Programming Interface” on page 7. Device Application Programming Interface DAPI is the software interface that facilitates communication of both data and control information between the Application Layer and HAPI, with support from System Support. DHCP See “Dynamic Host Configuration Protocol.” on page 8. Differentiated Services.
PAGE 244
7000 Series L3 Managed Switch Reference Manual for Software v2.0 198.105.232.4. The DNS system is, in fact, its own network. If one DNS server doesn't know how to translate a particular domain name, it asks another one, and so on, until the correct IP address is returned. Domain Name A descriptive name for an address or group of addresses on the Internet. Domain names are of the form of a registered entity name plus one of a number of predefined top level suffixes such as .com, .edu, .uk, etc.
PAGE 245
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Electronically Erasable Programmable Read Only Memory EEPROM is also known as Flash memory. This is re-programmable memory. Endstation A computer, printer, or server that is connected to a network. Ethernet A LAN specification developed jointly by Xerox, Intel and Digital Equipment Corporation. Ethernet networks transmit packets at a rate of 10 Mbps. F Fast Ethernet An Ethernet system that is designed to operate at 100 Mbps.
PAGE 246
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Full-duplex A system that allows packets to be transmitted and received at the same time and, in effect, doubles the potential throughput of a link. G GARP See “Generic Attribute Registration Protocol.” on page 10. GARP Information Propagation GIP is the propagation of information between GARP participants for the same application in a bridge is carried out by a GIP component.
PAGE 247
7000 Series L3 Managed Switch Reference Manual for Software v2.0 GIP See “GARP Information Propagation” on page 10. GMRP See “GARP Multicast Registration Protocol” on page 10. GPCM See “General Purpose Chip-select Machine” on page 10. GVD GARP VLAN Database. GVRP See “GARP VLAN Registration Protocol.” on page 10. H .h file Header file in C code. Contains function and coding definitions. HAPI See “Hardware Abstraction Programming Interface” on page 11.
PAGE 248
7000 Series L3 Managed Switch Reference Manual for Software v2.0 IEEE Institute of Electrical and Electronics Engineers. This American organization was founded in 1963 and sets standards for computers and communications. IETF Internet Engineering Task Force. An organization responsible for providing engineering solutions for TCP/ IP networks. In the network management area, this group is responsible for the development of the SNMP protocol. IGMP See “Internet Group Management Protocol” on page 12.
PAGE 249
7000 Series L3 Managed Switch Reference Manual for Software v2.0 small part of the Internet. The gateway computer reads the destination address and forwards the packet to an adjacent gateway that in turn reads the destination address and so forth across the Internet until one gateway recognizes the packet as belonging to a computer within its immediate neighborhood or domain. That gateway then forwards the packet directly to the computer whose address is specified.
PAGE 250
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Learning The bridge examines the Layer 2 source addresses of every frame on the attached networks (called listening) and then maintains a table, or cache, of which MAC addresses are attached to each of its ports. Link-State In routing protocols, the declared information about the available interfaces and available neighbors of a router or network. The protocol's topological database is formed from the collected link-state declarations.
PAGE 251
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Mbps Megabits per second. MBONE See “Multicast Backbone” on page 15. MD5 MD5 creates digital signatures using a one-way hash function, meaning that it takes a message and converts it into a fixed string of digits, also called a message digest. When using a one-way hash function, one can compare a calculated message digest against the message digest that is decrypted with a public key to verify that the message hasn't been tampered with.
PAGE 252
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Multicasting To transmit a message to specific recipients across a network. A simple example of multicasting is sending an e-mail message to a mailing list. Teleconferencing and videoconferencing also use multicasting, but require more robust protocols and networks. Standards are being developed to support multicasting over a TCP/IP network such as the Internet.
PAGE 253
7000 Series L3 Managed Switch Reference Manual for Software v2.0 N NAT See “Network Address Translation” on page 17. NetBIOS Network Basic Input Output System. An application programming interface (API) for sharing services and information on local-area networks (LANs). Provides for communication between stations of a network where each station is given a name. These names are alphanumeric names, 16 characters in length.
PAGE 254
7000 Series L3 Managed Switch Reference Manual for Software v2.0 O Open Shortest Path First A link- state (algorithm used by the router to determine the current topology of a network), Interior Gateway (distributes routing information between routers belonging to a single Autonomous System) routing protocol. This protocol's algorithm determines the shortest path from its router to all the other routers in the network. This protocol is rapidly replacing RIP on the Internet.
PAGE 255
7000 Series L3 Managed Switch Reference Manual for Software v2.0 PHY The OSI Physical Layer: The physical layer provides for transmission of cells over a physical medium connecting two ATM devices. This physical layer is comprised of two sublayers: the Physical Medium Dependent (PMD) sublayer, and the Transmission Convergence (TC) sublayer. PIM-DM See “Protocol Independent Multicast – Dense Mode” on page 20. PMC Packet Mode Channel. Point-to-Point Protocol PPP.
PAGE 256
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Protocol Data Unit PDU is a packet of data passed across a network. The term implies a specific layer of the OSI model and a specific protocol. Protocol Independent Multicast – Dense Mode Like DVMRP, PIM-DM uses a flood and prune protocol for building multicast trees. However, unlike DVMRP, PIM-DM uses existing unicast protocols for determining the route to the source. Q QoS See “Quality of Service” on page 20.
PAGE 257
7000 Series L3 Managed Switch Reference Manual for Software v2.0 RIP See “Routing Information Protocol” on page 21. router A device that forwards data between networks. An IP router forwards data based on IP source and destination addresses. Routing Information Protocol RIP is the routing protocol used by the routed process on Berkeley-derived UNIX systems. Many networks use RIP; it works well for small, isolated, and topologically simple networks. RIPng Routing Information Protocol, new generation.
PAGE 258
7000 Series L3 Managed Switch Reference Manual for Software v2.0 SNMPsec (historic): Security is based on parties. Few, if any, vendors implemented this version of the protocol, which is now largely forgotten. SNMPv2p (historic): For this version, much work was done to update the SNMPv1 protocol and the SMIv1, and not just security. The result was updated protocol operations, new protocol operations and data types, and party-based security from SNMPsec.
PAGE 259
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Spanning Tree Protocol (STP) A protocol that finds the most efficient path between segments of a multi-looped, bridged network. STP allows redundant switches and bridges to be used for network resilience, without the broadcast storms associated with looping. If a switch or bridge falls, a new path to a redundant switch or bridge is opened. SRAM Static Random Access Memory. STP Spanning Tree Protocol. See “802.
PAGE 260
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Telnet A character-based UNIX application that enables users with a Telnet server account to log on to a UNIX computer and utilize its resources. TFTP See “TLS” on page 24. TLS Short for Transport Layer Security, TLS is a protocol that guarantees privacy and data integrity between client/server applications communicating over the Internet. The TLS protocol is made up of two layers.
PAGE 261
7000 Series L3 Managed Switch Reference Manual for Software v2.0 USP An abbreviation that represents Unit, Slot, Port. UTP Unshielded twisted pair is the cable used by 10BASE-T and 100BASE-Tx Ethernet networks. V Virtual Local Area Network Operating at the Data Link Layer (Layer 2 of the OSI model), the VLAN is a means of parsing a single network into logical user groups or organizations, as if they physically resided on a dedicated LAN segment of their own.
PAGE 262
7000 Series L3 Managed Switch Reference Manual for Software v2.0 Web Also known as World-Wide Web (WWW) or W3. An Internet client-server system to distribute information, based upon the hypertext transfer protocol (HTTP). Wide Area Network A WAN is a computer network that spans a relatively large geographical area. Typically, a WAN consists of two or more local-area networks (LANs). Windows Internet Naming Service WINS.
PAGE 263
7000 Series L3 Managed Switch Reference Manual for Software v2.
PAGE 264
7000 Series L3 Managed Switch Reference Manual for Software v2.
PAGE 265
Index A Address Resolution Protocol.
PAGE 266
config users add 7-61 config users delete 7-61 config users passwd 7-61 config vlan add 7-32 config vlan delete 7-32 config vlan garp gvarp 7-39 config vlan garp jointime 7-40 config vlan garp leavealltime 7-40 config vlan garp leavetime 7-40 config vlan interface acceptframe 7-34 config vlan makestatic 7-32 config vlan name 7-32 config vlan participation 7-33 config vlan ports gvrp 7-39 config vlan ports ingressfilter 7-35 config vlan ports pvid 7-34 config vlan ports tagging 7-33 config garp gvrp-status 7
PAGE 267
Config router route delete 8-29 console port 3-1 Config routing 8-6 config serial timeout 7-17 conventions typography 1-2 config snmpcommunity add 7-18 crossover cable 13-3 config snmpcommunity delete 7-19 config snmpcommunity ipaddr 7-18 D config snmpcommunity ipmask 7-18 Device Configuration Commands 7-24 config snmpcommunity mode 7-19 config snmpcommunity status 7-19 device configuration commands 201 commands 7-24 to 7-40, ?? to 7-40 config snmptrap add 7-19 DHCP 7-15 config snmptrap delete
PAGE 268
I N IEEE 802.
PAGE 269
S save config command 7-80 serial communication settings 7-16, 7-17 sessions closing 7-63, 7-80 displaying 7-62 show network 7-15 show port 7-26, 7-58, 7-59 Show router ospf area 8-14 Show router ospf info 8-7, 8-8 Show router ospf interface stats 8-10, 8-11 Show router ospf lsdb summary 8-19 show arp switch 7-3 Show router ospf neighbor detailed 8-17 show arp table 8-1 Show router ospf neighbor table 8-18, 8-19 show commands show arp switch 7-3 show arp table 8-1 show forwardingDB 7-3 show inventory
PAGE 270
names 7-19 status 7-20 speeds 7-27 statistics port, related 201 commands 7-4, 7-10 switch, related 201 commands 7-11, 7-13 STP settings for LAGs 7-30 traps 7-22 switch connectivity 7-3 information, related 201 commands 7-2, 7-24 inventory 7-1, 7-35, 7-37, 7-41, 7-43, 7-44, 7-45, 7-50, 9-13, 9-18, 9-33, 10-1 IP address 7-15 location 7-2 name 7-2 resetting 7-85 serial communication settings 7-16 statistics, related 201 commands 7-11, 7-13 trap log 7-13, 7-14 TIP 3-2 topology change notification traps 7-22 tr
PAGE 271
IP addresses, setting 7-80 mode, setting 7-80 starting a transfer 7-82 Z ZTerm 3-2 User Account Management Commands 7-60 user account management commands 201 commands 7-60 to ?? users adding 7-61 deleting 7-61 displaying 7-60 passwords 7-61, 7-84 V VLANs adding 7-32 changing the name of 7-32 deleting 7-32 details 7-31 frame acceptance mode 7-34 GVRP 7-39 IDs 7-34 ingress filtering 7-35 jointime 7-40 leave all time 7-40 leave time 7-40 making static 7-32 participation in 7-33 port information 7-33 resetti