Yamaha L2 Switch SWP2 series (SWP2-10SMF, SWP2-10MMF) Command Reference Rev.2.03.
| Command Reference | Contents Contents Preface: Introduction......................................................................................................... 12 Chapter 1: How to read the command reference.............................................................13 1.1 Applicable firmware revision........................................................................................................................................13 1.2 How to read the command reference.......................
Command Reference | Contents | 3 4.4 Manage boot information.............................................................................................................................................. 38 4.4.1 Show boot information...................................................................................................................................38 4.4.2 Clear boot information.....................................................................................................................
| Command Reference | Contents 4.13.3 Set RMON history group............................................................................................................................. 69 4.13.4 Set RMON event group................................................................................................................................70 4.13.5 Set RMON alarm group............................................................................................................................... 71 4.13.
Command Reference | Contents | 5 4.21.13 Show e-mail transmission information.................................................................................................... 102 4.22 Yamaha Unified Network Operation Service (Y-UNOS)......................................................................................... 102 4.22.1 Set Y-UNOS function.................................................................................................................................102 4.22.
| Command Reference | Contents 5.1.4 Set MRU.......................................................................................................................................................133 5.1.5 Set cross/straight automatic detection.......................................................................................................... 134 5.1.6 Set EEE...............................................................................................................................................
Command Reference | Contents | 7 5.3.34 Setting the time for clearing the authentication state (interface)................................................................175 5.3.35 Set EAP pass through................................................................................................................................. 176 5.4 Port security................................................................................................................................................................
| Command Reference | Contents 6.3.23 Set interface path cost for MST instance....................................................................................................210 6.3.24 Show MST region information...................................................................................................................211 6.3.25 Show MSTP information............................................................................................................................211 6.3.
Command Reference | Contents | 9 7.6.9 Show DHCPv6 client status......................................................................................................................... 243 7.6.10 Reset DHCPv6 client................................................................................................................................. 244 7.6.11 Set ND prefix received when configuring a DHCPv6 client..................................................................... 244 7.7 IPv6 route control....
| Command Reference | Contents 9.1.4 Generate IPv6 access list..............................................................................................................................273 9.1.5 Adding a description for IPv6 access list..................................................................................................... 274 9.1.6 Apply IPv6 access list..................................................................................................................................
Command Reference | Contents | 11 Chapter 10: Application...................................................................................................317 10.1 Local RADIUS server............................................................................................................................................... 317 10.1.1 Local RADIUS server function settings.....................................................................................................317 10.1.2 Set access interface...
Preface Introduction • • • • • Unauthorized reproduction of this document in part or in whole is prohibited. The contents of this document are subject to change without notice. Yamaha disclaims all responsibility for any damages caused by loss of data or other problems resulting from the use of this product. The warranty is limited to this physical product itself. Please be aware of these points. The information contained in this document has been carefully checked and is believed to be reliable.
Command Reference | How to read the command reference | 13 Chapter 1 How to read the command reference 1.1 Applicable firmware revision This command reference applies to firmware Yamaha L2 Switch SWP2 of Rev.2.03.21. For the latest firmware released after printing of this command reference, manuals, and items that differ, access the following URL and see the information in the WWW server. https://www.yamaha.com/proaudio/ 1.
| Command Reference | How to read the command reference 1.4 Input syntax for commands starting with the word "no" Many commands also have a form in which the command input syntax starts with the word no. If you use a syntax that with begins with the word no, the settings of that command are deleted and returned to the default value, unless explained otherwise.
Command Reference | How to use the commands | 15 Chapter 2 How to use the commands The SWP2 lets you perform command operations in the following two ways. Type of operation Method of operation Description Operation via console • • • Access from a console terminal Access from a TELNET client Access from a SSH client Issue commands one by one to interactively make settings or perform operations.
| Command Reference | How to use the commands 2.1.3 Access from an SSH client You can use an SSH client on a computer to connect to the SSH server of the SWP2 and control it. In order to make settings using SSH, you must first set up a connection environment (IP network) and then make SSH server settings. The IP address settings of the SWP2 are as follows. • • The default IPv4 address setting is ip address dhcp for VLAN #1. To change the IPv4 address, use the ip address command.
Command Reference | How to use the commands | 17 Setting item Content of setting Number of lines shown in one page of the terminal screen Specifies the number of lines shown on one page of the terminal screen. This can be set as 0--512 lines/page, and the default setting is 24 lines/page. When displaying in this state, 23 lines are displayed, then "---More---" is displayed and the system waits for key input.
| Command Reference | How to use the commands • Remote path for applicable files (No automatic restart) Applicable configuration Applicable file running-config CONFIG file (.txt) config ✓ ✓ - startup-config (USER mode) CONFIG file (.txt) config0 ✓ ✓ - All settings (.zip) ✓ ✓ - startup-config (DANTE mode) CONFIG file (.txt) config1 ✓ - - All settings (.
Command Reference | How to use the commands | 19 Please change the default password for admin. New Password: New Password(Confirm): Saving ... Succeeded to write configuration If the incorrect password is entered three times in a row, you will be restricted from logging in for one minute. After one minute has passed, please enter the correct password. • Login restriction screen • • Username: user Password: % Incorrect username or password, or login as user is restricted.
| Command Reference | How to use the commands 2.4.2 individual configuration mode individual configuration mode is the overall name for the mode in which you can make detailed settings for specific items such as LAN/SFP+ port, VLAN interface, and QoS. To enter individual configuration mode, issue the command for transitioning to the respective mode from global configuration mode. On SWP2, individual configuration mode contains the following modes.
Command Reference | How to use the commands | 21 • Moving the cursor Keyboard operation • → Move right one character ← Move left one character Press Esc, then F Move right one word (move to the character following the end of the word at the cursor location) Press Esc, then B Move left one word (move to the first character of the word at the cursor location) Ctrl + A Move to the beginning of the line Ctrl + E Move to the end of the line Deleting an input character Keyboard operation Backspace
| Command Reference | How to use the commands 2.5.3 Input command completion and keyword candidate list display If you press the "Tab" key while entering a command in the console, the command name is completed. If you press the "Tab" key after entering a keyword, a list of keyword candidates that can be entered next is shown. The same operation can also be performed by pressing the "Ctrl + I" key.
Command Reference | How to use the commands | 23 State Forwarding % port1.3: Port Number 907 - Ifindex 5003 - Port Id 0x838b - Role Disabled State Forwarding % port1.4: Port Number 908 - Ifindex 5004 - Port Id 0x838c - Role Disabled State Forwarding % port1.6: Port Number 910 - Ifindex 5006 - Port Id 0x838e - Role Disabled State Forwarding % port1.7: Port Number 911 - Ifindex 5007 - Port Id 0x838f - Role Disabled State Forwarding % port1.
| Command Reference | Configuration Chapter 3 Configuration 3.1 Manage setting values The SWP2 uses the following configurations to manage its settings. Description User operations that can be performed Running configuration (running-config) Setting values currently used for operation. Managed in RAM. Note Save to startup configuration (in USER mode) Save some functions to backup configuration (in DANTE mode) Startup configuration (startup-config) In USER mode, setting values saved in Flash ROM.
Command Reference | Configuration | 25 Setting position #2 #3 VLAN preset type Up (OFF) Up (OFF) Normal Down (ON) Up (OFF) A Up (OFF) Down (ON) B Down (ON) Down (ON) C The common setting values and presets are shown first, and then the specific to the presets setting values are shown.
| Command Reference | Configuration Category L2 switching DNS cliant Traffic control Web GUI • Common setting L2MS L2 switching Traffic control • Default value Automatic MAC address learning enabled Automatic MAC address learning aging time 300 sec Spanning tree enabled Proprietary loop detection enabled Behavior enabled QoS enabled QoS DSCP - transmission queue ID conversion table DSCP: 8 → transmission queue: 2 Other than above → transmission queue: 0 Flow control (IEEE 802.
Command Reference | Configuration | 27 • Interface L2MS Filter LAG(Static) Port Mode VLAN STP port1.8 Disable - Access 1(default) - port1.9 Disable - Access 1(default) - port1.10 Disable - Access 1(default) - port1.11 Disable - Access 1(default) ✓ port1.
| Command Reference | Configuration • • Category Setting item IP multicast control Function to transmit IGMP/MLD query Enabled (wait time 5 sec) when topology changes SWP2's VLAN preset B settings (LAN/SFP+ port) Interface L2MS Filter LAG(static) Port Mode VLAN STP port1.1 Disable - Access 1(default) - port1.2 Disable - Access 1(default) - port1.3 Disable - Access 1(default) - port1.4 Disable - Access 1(default) - port1.5 Disable - Access 2 - port1.
Command Reference | Configuration | 29 • • IGMP Snooping: Enable • Querier : Enable • Query Interval : 30 sec • Fast-leave : Disable • Check TTL : Disable VLAN #2(for Control) • IGMP Snooping: Enable • • • • Querier : Enable Query Interval : 30 sec Fast-leave : Disable Check TTL : Disable
| Command Reference | Maintenance and operation functions Chapter 4 Maintenance and operation functions 4.1 Passwords 4.1.
Command Reference | Maintenance and operation functions | 31 [Description] Enables password encryption. If this is enabled, the password entered by the password command, the enable password command, and the username command are saved in the configuration in an encrypted form. If this command is executed with the "no" syntax, password encryption is disabled, and the password entered by the password command, the enable password command, and the username command are saved in the configuration as plaintext.
| Command Reference | Maintenance and operation functions [Description] Sets user information. A maximum of 33 items of user information can be registered. However, while there can be up to 32 privilege off users, 1 privilege on user is required. The following words cannot be registered as user names.
Command Reference | Maintenance and operation functions | 33 [Example] Grants privileges to user1234 registered users. SWP2(config)#username user1234 privilege on 4.2.3 Show login user information [Syntax] show users [Input mode] unprivileged EXEC mode, priviledged EXEC mode, global configuration mode [Description] Shows information on the current logged-in users. The following items are shown. Item Description Shows the login method.
| Command Reference | Maintenance and operation functions [Initial value] no banner motd [Input mode] global configuration mode [Description] Sets the banner that is displayed when logging in to the console. [Example] Set the banner display to "Hello World!". Username: Password: SWP2 Rev.2.03.01 (Fri Sep 7 00:00:00 2018) Copyright (c) 2018 Yamaha Corporation. All Rights Reserved. SWP2>enable SWP2#configure terminal Enter configuration commands, one per line.
Command Reference | Maintenance and operation functions | 35 SWP2#copy running-config startup-config Succeeded to write configuration SWP2# 4.3.2 Save running configuration [Syntax] write save [Input mode] priviledged EXEC mode, individual configuration mode [Description] Saves the current operating settings (running configuration) as the settings for startup (startup configuration).
| Command Reference | Maintenance and operation functions 4.3.
Command Reference | Maintenance and operation functions | 37 [Input mode] priviledged EXEC mode [Description] Shows the startup settings (startup configuration). [Note] The startup configuration that is shown is determined by the unit's DIP switch #1 at the time that the unit is started. [Example] Shows the startup settings (startup configuration) at next startup.
| Command Reference | Maintenance and operation functions 4.3.7 Erase startup configuration [Syntax] erase startup-config [Input mode] priviledged EXEC mode [Description] Erase the settings used at startup (startup config) and the information associated with them. [Note] The startup configuration that is erased is determined by the unit's DIP switch #1 at the time that the unit is started. [Example] Erase the startup configuration. SWP2#erase startup-config Succeeded to erase configuration. SWP2# 4.3.
Command Reference | Maintenance and operation functions | 39 [Note] This history is cleared when you execute the cold start command or the clear boot list command. [Example] Show the current boot information. SWP2>show boot Running EXEC: SWP2 Rev.2.03.01 (Fri Sep Previous EXEC: SWP2 Rev.2.03.01 (Fri Sep Restart by reload command Shows a list of the boot history. SWP2>show boot list No.
| Command Reference | Maintenance and operation functions PID VID SN : SWP2 : 0000 : SMF00000 NAME : DESCR : Vendor: PID : VID : SN : SFP1 10G Base-LR Yamaha YSFP-10G-LR V1.0 Z5H00000YJ NAME : DESCR : Vendor: PID : VID : SN : SFP2 10G Base-LR Yamaha YSFP-10G-LR V1.0 Z5H00001YJ SWP2> 4.5.2 Show operating information [Syntax] show environment [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows information about the system's operating environment.
Command Reference | Maintenance and operation functions | 41 [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the usage status of the disk used by the system. • • Area used by the system (including settings information) Temporary : Temporary area [Example] Show the disk usage status. SWP2#show disk-usage Category Total Used Free Used (%) ----------- -------- -------- -------- -------System 160.6M 1.1M 154.8M 1% Temporary 80.0M 2.4M 77.6M 3% 4.5.
| Command Reference | Maintenance and operation functions 4.5.6 Show technical support information [Syntax] show tech-support [Input mode] priviledged EXEC mode [Description] Show technical support information. The technical support information includes a list of the results of executing the following commands.
Command Reference | Maintenance and operation functions | 43 Command Executable show ipv6 route ✓ show ipv6 route database ✓ show arp ✓ show ipv6 neighbors ✓ show ip igmp snooping groups ✓ show ip igmp snooping interface ✓ show ipv6 mld snooping groups ✓ show ipv6 mld snooping interface ✓ show radius-server local certificate status ✓ show radius-server local nas ✓ show radius-server local user ✓ show radius-server local certificate list ✓ show radius-server local certificate revoke
| Command Reference | Maintenance and operation functions 4.6 System self-diagnostics 4.6.1 Showing system self-diagnostics results [Syntax] show system-diagnostics [Input mode] unprivileged EXEC mode、priviledged EXEC mode [Description] Shows all system self-diagnostics results (bootup diagnostics, on-demand diagnostics, and health-monitoring diagnostics). [Example] Shows system self-diagnostics results.
Command Reference | Maintenance and operation functions | 45 [Note] Detailed on-demand diagnostics results can be checked after reboot by using the show system-diagnostics command. [Example] Executes on-demand diagnostics. SWP2#system-diagnostics on-demand execute The system will be rebooted after diagnostics. Continue ? (y/n) y on-demand diagnostics completed (pass). reboot immediately... 4.6.
| Command Reference | Maintenance and operation functions [Description] Clears the results of the prior cable-diagnostics tdr execute interface command execution. [Example] Clear the results of the prior cable diagnostic execution. SWP2#clear cable-diagnostics tdr SWP2# 4.7.
Command Reference | Maintenance and operation functions | 47 4.8.2 Set time zone [Syntax] clock timezone zone clock timezone offset no clock timezone [Parameter] zone : UTC, JST Name of the time zone shown when standard time is in effect offset : -12:00, -11:00, ... , -1:00, +1:00, ... , +13:00 Enter the difference from UTC [Initial value] clock timezone UTC [Input mode] global configuration mode [Description] Sets the time zone. If this command is executed with the "no" syntax, UTC is specified.
| Command Reference | Maintenance and operation functions [Description] Configure daylight saving time. Configure daylight saving time to start and end on a specified week and day of the week every year. The first part specifies the daylight saving time start period and the second part specifies the end period. If this command is executed with the "no" syntax, the setting is cleared. [Note] Daylight saving times cannot overlap.
Command Reference | Maintenance and operation functions | 49 [Keyword] detail : Also display detailed information [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the current time, year, month, and date. When detail is specified, detailed information (current time and daylight saving time) is displayed. If daylight saving time is recurring, it displays the actual date of the next (or currently in effect) daylight saving time period. [Example] Show current time.
| Command Reference | Maintenance and operation functions [Input mode] global configuration mode [Description] Registers the address or host name of the NTP server. Up to two instances of this command can be set. If this command is executed with the "no" syntax, the NTP server setting is deleted. If time synchronization is performed with two NTP servers specified, they are queried in the order of NTP server 1 and NTP server 2 as shown by the show ntpdate command.
Command Reference | Maintenance and operation functions | 51 [Example] Request the time every two hours. SWP2(config)#ntpdate interval 2 Disable periodic time synchronization. SWP2(config)#ntpdate interval 0 4.8.9 Show NTP server time synchronization settings [Syntax] show ntpdate [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the settings that are related to time synchronization from an NTP server. [Example] Show time synchronization settings.
| Command Reference | Maintenance and operation functions 4.9.2 Set VTY port and move to line mode (VTY port) [Syntax] line vty port1 [port2] no line vty port1 [port2] [Parameter] port1 : <0-7> VTY port number port2 : <0-7> Last VTY port number when specifying a range [Initial value] no line vty 0 7 [Input mode] global configuration mode [Description] After enabling the specified VTY ports, moves to line mode for making VTY port settings.
Command Reference | Maintenance and operation functions | 53 [Note] After this command is executed, the setting is applied starting at the next login. [Example] Set the console timeout time to five minutes. SWP2(config)#line con 0 SWP2(config-line)#exec-timeout 5 0 SWP2(config-line)# 4.9.
| Command Reference | Maintenance and operation functions [Note] After this command is executed, the setting is applied starting at the next login. If the terminal length command is executed, the result of executing the terminal length command takes priority. [Example] Change the number of lines displayed per page for the terminal in use to 100 lines. SWP2(config)#service terminal-length 100 SWP2(config)# 4.10 Management 4.10.
Command Reference | Maintenance and operation functions | 55 [Description] Specifies the IP address of the SYSLOG server to which log notifications are sent. Up to 2 entries can be specified. If this command is executed with the "no" syntax, the setting returns to its default value, and notifications are not sent. [Example] Set the SYSLOG server IPv4 address to 192.168.100.1. SWP2(config)#logging host 192.168.100.1 Set the SYSLOG server IPv6 address to fe80::2a0:deff:fe11:2233.
| Command Reference | Maintenance and operation functions [Input mode] global configuration mode [Description] Change the facility value of messages sent to the SYSLOG server. [Note] The meanings of the facility values are assigned independently on each SYSLOG server. [Example] Set the facility value of the SYSLOG message to 10. SWP2(config)#logging facility 10 4.11.
Command Reference | Maintenance and operation functions | 57 4.11.6 Set log output level (error) [Syntax] logging trap error no logging trap error [Initial value] logging trap error [Input mode] global configuration mode [Description] Outputs the error level log to SYSLOG. If this command is executed with the "no" syntax, the log is not output. [Example] Output the error level log to SYSLOG. SWP2(config)#logging trap error 4.11.
| Command Reference | Maintenance and operation functions [Input mode] priviledged EXEC mode [Description] Clears the log. [Example] Clear the log. SWP2#clear logging 4.11.10 Show log [Syntax] show logging [reverse] [Keyword] reverse : Shows the log in reverse order [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the log that records the operating status of the unit.
Command Reference | Maintenance and operation functions | 59 Setting value version : Description traps Send notifications as traps (without response confirmation) informs Send notifications as inform requests (with response confirmation). This can be specified if version is '2c' or '3'.
| Command Reference | Maintenance and operation functions SWP2(config)#snmp-server host 192.168.100.12 informs version 2c snmpinformsname Using SNMPv3, set 192.168.10.13 as the destination for notifications. Set the notification type to traps, set the security level for transmission to priv, and set the user name to "admin1". SWP2(config)#snmp-server host 192.168.10.13 traps version 3 priv admin1 4.12.
Command Reference | Maintenance and operation functions | 61 Setting value Description coldstart When the power is turned on/off, or when firmware is updated warmstart When reload command is executed linkdown At linkdown linkup At linkup authentication When authentication fails l2ms When L2MS agent is detected or lost errdisable When ErrorDisable is detected or canceled rmon When RMON event is executed termmonitor When terminal monitoring is detected bridge When spanning tree root is de
| Command Reference | Maintenance and operation functions [Example] Set the system contact to "swx_admin@sample.com". SWP2(config)#snmp-server contact swx_admin@sample.com 4.12.5 Set system location [Syntax] snmp-server location location no snmp-server location [Parameter] location : Name to register as the system location (255 characters or less) [Initial value] no snmp-server location [Input mode] global configuration mode [Description] Sets the MIB variable sysLocation.
Command Reference | Maintenance and operation functions | 63 SWP2(config)#snmp-server community public ro Delete the "public" community. SWP2(config)#no snmp-server community public 4.12.
| Command Reference | Maintenance and operation functions [Parameter] group : Group name (maximum 32 characters) seclevel : Security level required of users belonging to this group Setting value Description noauth No authentication / No encryption (noAuthNoPriv) auth Authentication / No encryption (authNoPriv) priv Authentication / Encryption (authPriv) read_view : Name of the MIB view (maximum 32 characters) that can be read by users belonging to this group write_view : Name of the MIB
Command Reference | Maintenance and operation functions | 65 Setting value auth_pass : Description md5 HMAC-MD5-96 sha HMAC-SHA-96 Authentication password (8 or more characters, maximum 32 characters) When both ends are enclosed in "" or '', the "" and '' at both ends are not included in the number of characters priv : Encryption algorithm Setting value priv_pass : Description des DES-CBC aes AES128-CFB Encryption password (8 or more characters, maximum 32 characters) When both ends are e
| Command Reference | Maintenance and operation functions Setting value permit info : Description "Permit" the condition Sets the sending source IPv4/IPv6 address information used as a condition Setting value community : Description A.B.C.D Specifies an IPv4 address (A.B.C.D) A.B.C.D/M Specifies an IPv4 address (A.B.C.
Command Reference | Maintenance and operation functions | 67 [Description] Shows SNMP community information. Shows the community name, and access mode. [Example] Show SNMP community information. SWP2#show snmp community SNMP Community information Community Name: public Access: Read-Only Community Name: private Access: Read-Write 4.12.12 Show SNMP view settings [Syntax] show snmp view [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the contents of the SNMP view settings.
| Command Reference | Maintenance and operation functions 4.12.14 Show SNMP user settings [Syntax] show snmp user [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the contents of the SNMP user settings. Shows the engine ID, user name, affiliated group name, authentication method, and encryption method. [Example] Show the contents of the SNMP user settings.
Command Reference | Maintenance and operation functions | 69 [Example] Enable RMON function. SWP2(config)#rmon enable Disable RMON function. SWP2(config)#rmon disable 4.13.
| Command Reference | Maintenance and operation functions interval : <1 - 3600> Interval at which to save history group items (seconds) (historyControlInterval) (if omitted : 1800) owner : Name of history group owner (historyControlOwner) Maximum 127 characters (if omitted : RMON_SNMP) [Initial value] none [Input mode] interface mode [Description] Enables RMON history group settings for the applicable interface.
Command Reference | Maintenance and operation functions | 71 owner : Name of event group owner (eventOwner) Maximum 127 characters (if omitted : RMON_SNMP) [Initial value] none [Input mode] global configuration mode [Description] Enables the RMON event group settings. If this command is set, it will be possible to acquire the RMON MIB's eventTable. Use the rmon alarm command to set the event group for this command. If this command is executed with the "no" syntax, the setting value is deleted.
| Command Reference | Maintenance and operation functions Upper threshold value (alarmRisingThreshold) rising_event_index : <1-65535> Event index (alarmRisingEventIndex) falling_threshold : <1-2147483647> Lower threshold value (alarmFallingThreshold) falling_event_inde : x <1-65535> Event index (alarmFallingEventIndex) startup : <1-3> Threshold value used for first alarm decision (alarmStartupAlarm) Setting value Description 1 Use only upper threshold value (risingAlarm) 2 Use only lower th
Command Reference | Maintenance and operation functions | 73 If this command is set, it will be possible to acquire the RMON MIB's alarmTable. If this command is executed with the "no" syntax, the setting value is deleted. [Note] To enable the alarm group setting of the RMON function, it is necessary to enable the system-wide RMON function in addition to this command. The MIB object specified in variable is a MIB object of the Ethernet statistical information group.
| Command Reference | Maintenance and operation functions Owner RMON_SNMP event: event Index = 1 Description RMON_SNMP Event type Log Event community name RMON_SNMP Last Time Sent = 00:00:58 Owner RMON_SNMP alarm: alarm Index = 1 alarm status = VALID alarm Interval = 15 alarm Type is Absolute alarm Value = 0 alarm Rising Threshold = 10 alarm Rising Event = 1 alarm Falling Threshold = 7 alarm Falling Event = 1 alarm Startup Alarm = 3 alarm Owner is RMON_SNMP 4.13.
Command Reference | Maintenance and operation functions | 75 history index = 1 data source ifindex = 5001 buckets requested = 50 buckets granted = 50 Interval = 1800 Owner RMON_SNMP 4.13.9 Show RMON event group status [Syntax] show rmon event [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the settings and status of the RMON event group. The following items are shown.
| Command Reference | Maintenance and operation functions alarm alarm alarm alarm alarm alarm alarm alarm Type is Absolute Value = 0 Rising Threshold = 10 Rising Event = 1 Falling Threshold = 7 Falling Event = 1 Startup Alarm = 3 Owner is RMON_SNMP 4.13.11 Clear counters of the RMON Ethernet statistical information group [Syntax] rmon clear counters [Input mode] interface mode [Description] Clears the counters of the RMON Ethernet statistical information group for the applicable interface.
Command Reference | Maintenance and operation functions | 77 [Parameter] address : A.B.C.D IPv4 address : X:X::X:X IPv6 address [Initial value] None [Input mode] global configuration mode [Description] Sets the IP address for the sFlow agent. The IP address set with this command is used in the sFlow header of the sFlow datagram. If this command is executed with the "no" syntax, the setting returns to the default. [Note] An IPv6 address cannot specified if the stack function is enabled.
| Command Reference | Maintenance and operation functions 4.14.4 Set maximum size of sFlow datagram [Syntax] sflow collector max-datagram-size size no sflow collector max-datagram-size [Parameter] size : <512 - 1452> (bytes) [Initial value] sflow collector max-datagram-size 1400 [Input mode] global configuration mode [Description] This sets the maximum size of datagrams transmitted from the sFlow agent to the sFlow collector.
Command Reference | Maintenance and operation functions | 79 [Initial value] sflow max-header-size 128 [Input mode] interface mode [Description] Sets the maximum Ethernet frame header size used for packet flow sampling on the applicable port. If this command is executed with the "no" syntax, the setting returns to the default. This command can be specified only for LAN/SFP+ port. [Example] This sets the maximum Ethernet frame header size for packet flow sampling to 100.
| Command Reference | Maintenance and operation functions sFlow Port Configuration: Sampling-Rate Polling-Interval Port (1 in N pkts) (secs) ---------------------------------------------------------port1.1 300 30 port1.5 500 (NOT SET) sFlow Drop Sampling Count : 0 4.14.
Command Reference | Maintenance and operation functions | 81 [Keyword] enable : Telnet server is enabled disable : Telnet server is disable : <1-65535> [Parameter] port Listening port of the Telnet server (if omitted: 23) [Initial value] telnet-server disable [Input mode] global configuration mode [Description] Enables the Telnet server. You can also specify the listening TCP port number. If this command is executed with the "no" syntax, the function is disabled.
| Command Reference | Maintenance and operation functions [Input mode] global configuration mode [Description] Sets the VLAN interface that allows access to the Telnet server. If this command is executed with the "no" syntax, the specified interface is deleted. This command can be used to specify up to eight items, which are applied in the order that they are specified. If this command is not set, access is permitted only from the management VLAN.
Command Reference | Maintenance and operation functions | 83 [Example] Permit access to the TELNET server only from 192.168.1.1 and the 192.168.10.0/24 segment. SWP2(config)#telnet-server access permit 192.168.1.1 SWP2(config)#telnet-server access permit 192.168.10.0/24 Deny only access to the TELNET server from the segment 192.168.10.0/24. SWP2(config)#telnet-server access deny 192.168.10.0/24 SWP2(config)#telnet-server access permit any 4.16 Telnet client 4.16.
| Command Reference | Maintenance and operation functions [Description] Enables use of the telnet command as a Telnet client. If this command is executed with the "no" syntax, the Telnet client is disabled. [Example] Enable the Telnet client. SWP2(config)#telnet-client enable 4.17 TFTP server 4.17.
Command Reference | Maintenance and operation functions | 85 4.17.3 Set hosts that can access the TFTP server [Syntax] tftp-server interface interface no tftp-server interface interface [Parameter] interface : VLAN interface name [Initial value] none [Input mode] global configuration mode [Description] Sets the VLAN interface that allows access to the TFTP server.
| Command Reference | Maintenance and operation functions 4.18.
Command Reference | Maintenance and operation functions | 87 4.18.4 Set hosts that can access the HTTP server [Syntax] http-server interface interface no http-server interface interface [Parameter] interface : VLAN interface name [Initial value] none [Input mode] global configuration mode [Description] Sets the VLAN interface that allows access to the HTTP server. If this command is executed with the "no" syntax, the specified interface is deleted.
| Command Reference | Maintenance and operation functions Up to eight instances of this command can be set, and those that are specified earlier take priority for application. If this command is set, all access that does not satisfy the registered conditions is denied. However, if this command is not set, all access is permitted. If this command is executed with the "no" syntax, the specified setting is deleted.
Command Reference | Maintenance and operation functions | 89 [Initial value] http-server login-timeout 5 [Input mode] global configuration mode [Description] Specify the time until automatic logout when there has been no access to the HTTP server. If sec is omitted, 0 is specified. If this command is executed with the "no" syntax, the setting returns to the default. [Note] The smallest value that can be specified is one minute. [Example] Set the timeout time for the HTTP server to 2 minutes 30 seconds.
| Command Reference | Maintenance and operation functions [Input mode] priviledged EXEC mode [Description] Shows the settings of the SSH server. The following items are shown. • • • • • SSH server function enabled/disabled status Listening port number Whether SSH server host key exists VLAN interface permitted to access the SSH server Filter that controls access to the SSH server [Example] Show the settings of the SSH server.
Command Reference | Maintenance and operation functions | 91 info : Setting value Description deny "Deny" the condition permit "Permit" the condition Specifies the transmission-source IPv4 address or IPv6 address that is the condition Setting value Description A.B.C.D Specifies an IPv4 address (A.B.C.D) A.B.C.D/M Specifies an IPv4 address (A.B.C.
| Command Reference | Maintenance and operation functions [Description] Sets the host RSA key and host DSA key of the SSH server. For the RSA key, the bit parameter can be used to specify the number of bits in the generated key. The DSA key generates a 1024-bit key. [Note] In order to use the SSH server function, this command must be executed in advance to generate the host keys.
Command Reference | Maintenance and operation functions | 93 ARypDjhpL1a37SDezx8yClQ5vh+4SPLdS1hdSSzXXE+MXIICXnOVPdiKC4ia10n81tMxW/EPw4SqFP 77r7VvCE/JpXv82AN2JTJ/HAn3X7lvMyCsKZLoWrEcEcBH5anvAQKByVt7RerToZ4vSgodskv7nyXX XXXXXXX ssh-rsa XXXXXXXXXX1yc2EAAAABIwAAAQEAwvAZK18jKTCHIHQfRV4r7UOYChX0oeKjBbuuLSDhSH WmhpG3xxJO0pDIedSF3Knb7LX2SfymQYJ7XYIqMjmU0oziv/zi+De/z3M7wJHQUwfMZEDAdR6Mx39w 6Q04/ehQcaszjXi+0Al2wG/kk56lAU23CW/i21o//5GZTzkFKyEJUtWauHWEW9glF5Yy7F64PesqoH 6h5oDNK7LhlT7s4QXRnUJphIlINrW278Dnvyry3liR+tgTJA
| Command Reference | Maintenance and operation functions [Parameter] interval : <1-2147483647> Client alive checking interval (seconds, if omitted: 100) count : <1-2147483647> Maximum count for client alive checking (if omitted: 3) [Initial value] ssh-server client alive disable [Input mode] global configuration mode [Description] Sets whether to perform client alive checking. A message requesting a response is sent to the client at intervals of the number of seconds specified by "interval".
Command Reference | Maintenance and operation functions | 95 SWP2#ssh uname@fe80::2a0:deff:fe11:2233%vlan1 12345 4.20.2 Enable SSH client [Syntax] ssh-client switch no ssh-client [Parameter] switch : Whether to enable SSH client Setting value Description enable Enable disable Disable [Initial value] ssh-client disable [Input mode] global configuration mode [Description] Enables use of the ssh command as an SSH client. If this command is executed with the "no" syntax, the SSH client is disabled.
| Command Reference | Maintenance and operation functions encrypt : Specifying an encryption method auth : Specifying the account information to use for SMTP authentication : <1-10> [Parameter] id Mail server ID host : Mail server address or host name IPv4 address (A.B.C.D), IPv6 address (X:X::X:X) When specifying an IPv6 link local address, the transmitting interface also needs to be specified (in fe80::X%vlanN format). Host name (64 characters or less, Single-byte alphanumeric characters - .
Command Reference | Maintenance and operation functions | 97 server_name : Mail server name (64 characters or less, single-byte alphanumeric characters and symbols other than ?) [Initial value] none [Input mode] global configuration mode [Description] Sets the name of the server used when sending e-mails. [Example] Sets the e-mail transmission server name to “test_mail_server”. SWP2(config)#mail server smtp 1 name test_mail_server 4.21.
| Command Reference | Maintenance and operation functions The following items can be configured after switching to template mode. Up to 10 templates can be created. • • • • E-mail transmission destination address E-mail transmission source address Subject of e-mails sent Wait time settings for e-mail transmission (only event notification used) [Example] Switches to the mode for setting e-mail template #1. SWP2(config)#mail template 1 SWP2(config-mail)# 4.21.
Command Reference | Maintenance and operation functions | 99 4.21.7 Destination e-mail address setting for e-mail transmission [Syntax] send to address no send to [Parameter] address : Destination e-mail address (256 characters or less, single-byte alphanumeric characters and _ - . @) [Initial value] no send to [Input mode] E-mail template mode [Description] Sets the destination e-mail addresses (maximum of four).
| Command Reference | Maintenance and operation functions 4.21.9 Wait time settings for e-mail transmission [Syntax] send notify wait-time time no send notify wait-time [Parameter] time : <1-86400> Transmission wait time (seconds) [Initial value] send notify wait-time 30 [Input mode] E-mail template mode [Description] Sets the wait time before actually sending event-related notification e-mails. [Note] This setting is used as the wait time before event-related notification e-mails are sent.
Command Reference | Maintenance and operation functions | 101 4.21.11 E-mail settings for certificate notification [Syntax] mail send certificate-notify temp-id no mail send certificate-notify [Parameter] temp-id : <1-10> E-mail template ID [Initial value] no mail send certificate-notify [Input mode] RADIUS configuration mode [Description] Specifies the template to use when sending notifications of RADIUS server client certificates by e-mail.
| Command Reference | Maintenance and operation functions 4.21.13 Show e-mail transmission information [Syntax] show mail information [temp-id] [Parameter] temp-id : <1-10> E-mail template ID [Input mode] priviledged EXEC mode [Description] Shows e-mail transmission information for the specified template ID. If the template ID is omitted, this displays all e-mail information. [Example] Shows e-mail information for e-mail template #1.
Command Reference | Maintenance and operation functions | 103 This command cannot be used if the stack function is enabled. [Example] This enables the Y-UNOS function. SWP2(config)#y-unos enable This disables the Y-UNOS function. SWP2(config)#y-unos disable 4.22.2 Show Y-UNOS information [Syntax] show y-unos [Input mode] priviledged EXEC mode [Description] Shows Y-UNOS-related settings and status information. The following content is displayed.
| Command Reference | Maintenance and operation functions 4.23 LLDP 4.23.1 Enable LLDP function [Syntax] lldp run no lldp run [Initial value] none [Input mode] global configuration mode [Description] Enable the LLDP function for the entire system. If this command is executed with the "no" syntax, disable the LLDP function for the entire system. [Note] In order to enable the LLDP function for a port, the following command must be set.
Command Reference | Maintenance and operation functions | 105 4.23.3 Set system name [Syntax] lldp system-name name no lldp system-name [Parameter] name : System name text string (255 characters or less) [Initial value] no lldp system-name [Input mode] global configuration mode [Description] Sets the system name used by the LLDP function. If this command is executed with the "no" syntax, the setting returns to the default. By default, this is "model name".
| Command Reference | Maintenance and operation functions Setting value Description enable Enable automatic setting function by LLDP disable Disable automatic setting function by LLDP [Initial value] lldp auto-setting disable [Input mode] global configuration mode [Description] Enables the function by which LLDP frames transmitted by specific Yamaha devices can automatically modify the settings of a switch.
Command Reference | Maintenance and operation functions | 107 [Example] Set the LLDP transmission/reception mode of LAN port #1 to receive-only. SWP2(config)#lldp run SWP2(config)#interface port1.1 SWP2(config-if)#lldp-agent SWP2(lldp-agent)#set lldp enable rxonly 4.23.
| Command Reference | Maintenance and operation functions (5) Management Address TLV : Management address of port (MAC address or IP address) [Example] Add basic management TLVs to the LLDP frames that are transmitted on LAN port #1. SWP2(config)#lldp run SWP2(config)#interface port1.1 SWP2(config-if)#lldp-agent SWP2(lldp-agent)#tlv-select basic-mgmt 4.23.9 Set IEEE-802.
Command Reference | Maintenance and operation functions | 109 [Example] Add IEEE-802.3 TLVs to the LLDP frames that are transmitted on LAN port #1. SWP2(config)#lldp run SWP2(config)#interface port1.1 SWP2(config-if)#lldp-agent SWP2(lldp-agent)#tlv-select ieee-8023-org-specific 4.23.11 Set LLDP-MED TLV [Syntax] tlv-select med no tlv-select med [Initial value] none [Input mode] LLDP agent mode [Description] If this command is executed with the "no" syntax, exclude LLDP-MED TLVs from transmitted frames.
| Command Reference | Maintenance and operation functions SWP2(config-if)#lldp-agent SWP2(lldp-agent)#set timer msg-tx-interval 60 4.23.
Command Reference | Maintenance and operation functions | 111 4.23.15 Set multiplier for calculating time to live (TTL) of device information [Syntax] set msg-tx-hold value no set msg-tx-hold [Parameter] value : <1-100> Multiplier for calculating the time to live (TTL) value of device information [Initial value] set msg-tx-hold 4 [Input mode] LLDP agent mode [Description] Sets the multiplier for calculating the time to live (TTL) of device information.
| Command Reference | Maintenance and operation functions 4.23.17 Set maximum number of connected devices manageable by a port [Syntax] set too-many-neighbors limit max_value no set too-many-neighbors limit [Parameter] max_value : <1-1000> Maximum number of connected devices manageable by a port [Initial value] set too-many-neighbors limit 5 [Input mode] LLDP agent mode [Description] Sets the maximum number of connected devices that can be managed by a port.
Command Reference | Maintenance and operation functions | 113 [Example] Enable the LLDP function of all LAN/SFP+ port, and set a mode that allows transmission and reception of LLDP frames. SWP2(config)#lldp interface enable txrx 4.23.19 Show interface status [Syntax] show lldp interface ifname [neighbor] [Keyword] neighbor : Shows information for connected devices.
| Command Reference | Maintenance and operation functions Type of interface number Interface Number Number of interface OID Number OID number Management Address MAC address os IP addresss • Interface Numbering Mandatory TLV information CHASSIS ID TLV type and value PORT ID TYPE PORT ID TLV type and value TTL (Time To Live) Time to maintain device information (seconds) • CHASSIS ID TYPE 8021 ORIGIN SPECIFIC TLV information ID of port VLAN PP Vlan id ID of protocol VLAN VLAN ID ID of p
Command Reference | Maintenance and operation functions | 115 Latitude Res Resolution of latitude (number of significant upper bits) Latitude Latitude (34 bits) Longitude Res Resolution of longitude (number of significant upper bits) Longitude Longitude (34 bits) AT Altitude type 1: meter 2: floor of building Altitude Res Resolution of altitude (number of significant upper bits) Altitude Altitude (30 bits) Datum Geodetic datum 0: USA's World Geodetic System (WGS 84) 1: North American Datum (N
| Command Reference | Maintenance and operation functions [Description] Shows information for connected devices of all interfaces. (For the display format, refer to the show lldp interface ifname neighbor command) [Example] Show information for connected devices. SWP2#show lldp neighbors Interface Name : port1.1 System Name : SWP2-10MMF System Description : SWP2 Rev.2.03.01 (Fri Sep Port Description : port1.
Command Reference | Maintenance and operation functions | 117 SWP2# 4.23.21 Clear LLDP frame counters [Syntax] clear lldp counters [Input mode] priviledged EXEC mode [Description] Clear the LLDP frame counter of all ports. [Example] Clear the LLDP frame counter. SWP2>clear lldp counters 4.24 L2MS (Layer 2 management service) settings 4.24.
| Command Reference | Maintenance and operation functions 4.24.2 Show L2MS information [Syntax] show l2ms [detail] [Keyword] detail : Also show detailed information [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the following information. • • Whether managed by the L2MS manager MAC address of L2MS manager (if managed) [Note] Information is not shown if L2MS is not operating. Specifying "detail" is valid only if L2MS is operating as manager.
Command Reference | Maintenance and operation functions | 119 [Keyword] except-wireless : Information for wirelessly connected terminals is excluded from the snapshot comparison. [Initial value] no snapshot trap terminal [Input mode] global configuration mode [Description] Terminal information is included in the snapshot comparison. If the except-wireless option is specified, information for terminals that are wirelessly connected below a wireless access point are excluded from the snapshot comparison.
| Command Reference | Maintenance and operation functions 4.26 Firmware update 4.26.1 Set firmware update site [Syntax] firmware-update url url no firmware-update url [Parameter] url : Single-byte alphanumeric characters and single-byte symbols (255 characters or less) URL at which the firmware is located [Initial value] firmware-update url http://www.rtpro.yamaha.co.jp/firmware/revision-up/swp2.
Command Reference | Maintenance and operation functions | 121 [Description] Configure the HTTP proxy server used when updating firmware using a firmware file located on the web server. If no HTTP proxy server is configured, the firmware update will be performed without going through the HTTP proxy server. The port number must also be explicitly configured. If this command is executed with the "no" syntax, the HTTP proxy server setting is cleared. [Example] Set the HTTP proxy server to 192.168.100.
| Command Reference | Maintenance and operation functions [Initial value] firmware-update timeout 300 [Input mode] global configuration mode [Description] Specifies the timeout duration when downloading firmware from a web server. If this command is executed with the "no" syntax, the setting returns to the default. [Example] Set the firmware download timeout duration to 120 seconds. SWP2(config)#firmware-update timeout 120 SWP2(config)# 4.26.
Command Reference | Maintenance and operation functions | 123 reload-time: SWP2# 4.26.7 Set firmware update reload time [Syntax] firmware-update reload-time hour [min] no firmware-update reload-time [Parameter] hour : <0-23> Firmware update reload time (hour) min : <0-59> Firmware update reload time (minutes) [Input mode] global configuration mode [Description] Sets the time at which the new firmware is applied by restarting after a firmware update.
| Command Reference | Maintenance and operation functions Month/day time : Month setting examples Setting contents 1 January 1.2 January and February 2- From February to December 2-7 From February to July -7 From January to July * Monthly Day setting examples Setting contents 1 One day 1.
Command Reference | Maintenance and operation functions | 125 Schedule template number [Initial value] None [Input mode] global configuration mode [Description] When setting the schedule using “time,” this executes the actions listed in the specified schedule template at the specified time(s). When setting the schedule using “event,” this executes the actions listed in the specified schedule template when the specified events occur.
| Command Reference | Maintenance and operation functions [Parameter] switch : Schedule template settings Setting value Description enable Enable schedule template disable Disable schedule template [Initial value] action enable [Input mode] Schedule template mode [Description] This enables or disables the schedule template. Specifying “disable” with this command makes it possible to stop execution of actions due to trigger startup.
Command Reference | Maintenance and operation functions | 127 command : Command [Initial value] None [Input mode] Schedule template mode [Description] This sets the commands to be executed when the trigger for a schedule function starts. If this command is executed with the "no" syntax, commands with the specified numbers are deleted.
| Command Reference | Maintenance and operation functions The host name specified by this command is used as the command prompt. If SNMP access is possible, this is used as the value of the MIB variable sysName. If this command is executed with the "no" syntax, the setting returns to the default value. [Example] Set the host name as "yamaha." SWP2(config)#hostname yamaha yamaha(config)# 4.28.2 Reload system [Syntax] reload restart [Input mode] priviledged EXEC mode [Description] Reboots the system.
Command Reference | Maintenance and operation functions | 129 Setting value Description link-act LINK/ACT mode vlan VLAN mode off OFF mode [Initial value] led-mode default link-act [Input mode] global configuration mode [Description] Set the default LED mode. When you execute this command, the LEDs are lit in the specified mode. The LEDs are lit in the specified mode even when a loop is detected in STATUS mode and the loop status has been resolved.
| Command Reference | Maintenance and operation functions [Description] Executes the “Find this switch” function with the specified number of seconds and method. [Note] If the current LED mode is OFF mode, the LED cannot blink. [Example] Start the "Find this switch" function with LED for 10 seconds only. SWP2#find switch start 10 led 4.28.7 Stop the “Find this switch” function [Syntax] find switch stop [Input mode] priviledged EXEC mode [Description] Stops the 'Find this switch' function.
Command Reference | Maintenance and operation functions | 131 [Example] Show the port error status. SWP2>show error port-led ID error ----------------------------------------port1.
| Command Reference | Interface control Chapter 5 Interface control 5.1 Interface basic settings 5.1.1 Set description [Syntax] description line no description [Parameter] line : Single-byte alphanumeric characters and single-byte symbols (80characters or less) Description of the applicable interface [Initial value] no description [Input mode] interface mode [Description] Specifies a description of the applicable interface.
Command Reference | Interface control | 133 no speed-duplex [Parameter] type : Speed and duplex mode types Speed and duplex mode types Description auto Auto negotiation 10000-full 10Gbps/Full 1000-full 1000Mbps/Full 100-full 100Mbps/Full 100-half 100Mbps/Half 10-full 10Mbps/Full 10-half 10Mbps/Half [Initial value] speed-duplex auto [Input mode] interface mode [Description] Sets the speed and duplex mode. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Interface control [Example] Set the LAN port #1 mru to 9000 bytes. SWP2(config)#interface port1.1 SWP2(config-if)#mru 9000 5.1.
Command Reference | Interface control | 135 If this command is executed with the "no" syntax, EEE is disabled. [Note] This command can be specified only for LAN port. When this command is used to change the settings, link-down temporarily occurs for the corresponding interface. [Example] Enable EEE for LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#eee enable 5.1.
| Command Reference | Interface control [Description] Shows the EEE status of the specified interface. The following items are shown. Item Description interface Interface name EEE(efficient-ethernet) Whether EEE is enabled Rx LPI Status Low-power mode status of the receiving unit Tx LPI Status Low-power mode status of the transmitting unit Wake Error Count Error count [Example] Show EEE status of LAN port #1. [If EEE is disabled] SWP2#show eee status interface port1.1 interface:port1.
Command Reference | Interface control | 137 Traffic direction Description both Both receiver and transmitter receive Receiver transmit Transmitter [Initial value] none [Input mode] interface mode [Description] Mirrors the traffic specified by direct, with the applicable interface as the sniffer port and ifname as the monitored port. If this command is executed with the "no" syntax, the mirroring setting is deleted. [Note] This command can be specified only for LAN/SFP+ port.
| Command Reference | Interface control 5.1.11 Show interface status [Syntax] show interface [ type [ index ] ] [Parameter] type : Interface type Interface type index : Description port Physical interface vlan VLAN interface sa Static logical interface po LACP logical interface Index number Interface ID Description 1.X Specifies the number printed on the chassis (X). <1-4094> Specify the VLAN ID. <1-96> Speciffy the static logical interface number.
Command Reference | Interface control | 139 Item Description Mode of the switchport Switchport mode • • access : untagged trunk : tagged Status of ingress filtering Ingress filter • • enable : enabled disable : disabled Frame types that can be received • Acceptable frame types • all : All frames are received (regardless of whether they are tagged or untagged) vlan-tagged only : Only frames with a VLAN tag are received VLAN ID that handles untagged frames • Default Vlan • • • List of the VLAN IDs
| Command Reference | Interface control Auto MDI/MDIX: on Vlan info: Switchport mode : Ingress filter : Acceptable frame types : Default Vlan : Configured Vlans : Interface counter: input packets : bytes : multicast packets: output packets : bytes : multicast packets: broadcast packets: drop packets : access enable all 1 1 320 25875 301 628 129895 628 0 0 Show the status of VLAN #1.
Command Reference | Interface control | 141 Item Description Type of associated logical interface *1 • • Port Ch (S) : Static logical interface (P) : LACP logical interface ID of associated logical interface Description Description of interface *1 Shown only for physical interface *2 hown only for physical interface and logical interface [Example] Show brief interface status.
| Command Reference | Interface control [Example] Reset LAN port #1 SWP2#interface reset port1.1 5.1.14 Show frame counter [Syntax] show frame-counter [ifname] [Parameter] ifname : Interface name of the LAN/SFP+ port Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows frame counter information for the interface specified by ifname. If ifname is omitted, shows information for all interfaces. The following items are shown.
Command Reference | Interface control | 143 *1 Varies depending on the MRU of each interface. *2 Shows the transmission information when tail dropping is enabled, and the information only for reception when tail dropping is disabled. [Example] Show the frame counter of LAN port #1. SWP2#show frame-counter port1.1 Interface port1.
| Command Reference | Interface control 5.1.16 Show SFP+ module status [Syntax] show ddm status [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the status of the SFP+ module. For each item, shows the current value, upper threshold value, and lower threshold value for each SFP+ port.
Command Reference | Interface control | 145 Setting value Description enable Enables SFP+ module optical reception level monitoring disable Disables SFP+ module optical reception level monitoring [Initial value] sfp-monitor rx-power enable [Input mode] global configuration mode [Description] Sets the monitoring of SFP+ module optical reception levels. [Example] Disable SFP+ module optical reception level monitoring. SWP2(config)#sfp-monitor rx-power disable 5.1.
| Command Reference | Interface control [Parameter] action : Configuration for transmission queue usage rate monitoring of the target interface Setting value Description enable Enable transmission queue usage rate monitoring of the target interface disable Disable transmission queue usage rate monitoring of the target interface [Initial value] tx-queue-monitor usage-rate enable [Input mode] interface mode [Description] Enable or disable transmission queue usage rate monitoring of the target inte
Command Reference | Interface control | 147 5.2 Link aggregation 5.2.1 Set static logical interface [Syntax] static-channel-group link-id no static-channel-group [Parameter] link-id : <1-96> static logical interface number [Input mode] interface mode [Description] Associates the applicable interface with the static logical interface specified by link-id. If this command is executed with the "no" syntax, the applicable interface is dissociated from the static logical interface.
| Command Reference | Interface control [Example] Show the static logical interface status. SWP2#show static-channel-group % Static Aggregator: sa5 % Load balancing: src-dst-mac % Member: port1.1 port1.2 port1.3 port1.4 5.2.3 Set LACP logical interface [Syntax] channel-group link-id mode mode no channel-group [Parameter] link-id : <1-127> LACP logical interface number mode : Operation mode mode Description active Operate LACP in active mode.
Command Reference | Interface control | 149 If a LACP logical interface is newly generated, the above settings of the LAN/SFP+ port are set to the default settings of the LACP logical interface. If a LAN/SFP+ port is associated with an LACP logical interface, the MSTP settings return to the default values. The MSTP settings also return to the default values if the LAN/SFP+ port is removed from the LACP logical interface.
| Command Reference | Interface control Item Description Status of the LACP protocol Receive machine transition variable Mux machine state • • • • "Detached" "Waiting" "Attached" "Collecting/Distributing" Usage status Selection • • • "Selected" "Unselectedic" "Standby" Information Refer to the table below (Actor is self, Partner is other party) Aggregator ID Distinguishing ID on LACP Information shows the following items.
Command Reference | Interface control | 151 Defaulted Expired 0 0 0 0 5.2.5 Set LACP system priority order [Syntax] lacp system-priority priority no lacp system-priority [Parameter] priority : <1-65535> LACP system priority irder Lower numbers have higher priority [Initial value] lacp system-priority 32768 [Input mode] global configuration mode [Description] Sets the LACP system priority order. If this command is executed with the "no" syntax, the setting returns to the default value.
| Command Reference | Interface control [Parameter] switch : Different-speed link aggregation function enable/disable settings Setting value Description enable Enabling different-speed link aggregation disable Disabling different-speed link aggregation [Initial value] lacp multi-speed disable [Input mode] global configuration mode [Description] Enables or disables different-speed link aggregation in an LACP.
Command Reference | Interface control | 153 LACP timeout indicates the time since the last LACP frame received from the other device, after which it is determined that the link has gone down. The LACP timeout setting is placed in a LACP frame and sent to the other device; after receiving this, the other device will transmit LACP frames at intervals of 1/3 of this LACP timeout.
| Command Reference | Interface control port1.4 port1.5 309 186 1350 186 0 0 0 0 0 0 0 0 5.2.
Command Reference | Interface control | 155 [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the status of the LACP logical interface specified by link-id. If link-id is omitted, shows the status of all LACP logical interface. If summary is specified, an abbreviated display is shown; if detail is specified, details are shown. sIf both summary and detail are omitted, the result is as though summary was specified. The following items are shown.
| Command Reference | Interface control Aggregator po1 ID 4601 Status Ready Partner LAG 0x8000, 00-a0-de-11-11-11 Partner Key 0001 Link count 1/ 1 Aggregator po2 ID 4602 Status Not ready Partner LAG 0x8000, 00-a0-de-11-11-11 Partner Key 0001 Link count 0/ 1 Aggregator po127 ID 4727 Status Not ready Partner LAG 0x8000, 00-a0-de-11-11-11 Partner Key 0001 Link count 0/ 1 SWP2#show etherchannel status detail Aggregator po1 ID 4601 Status Ready Actor LAG 0x8000, 00-a0-de-e0-e0-e0 Admin Key 0001 Partner LAG 0
Command Reference | Interface control | 157 [Description] Sets the LACP port priority order. If this command is executed with the "no" syntax, the setting returns to the default value. [Note] If up to eight LAN/SFP+ ports are combined into an LACP logical interface, they are immediately combined into the LACP logical interface; ports in excess of eight are standby ports used in case of a malfunction.
| Command Reference | Interface control If this command is executed with the "no" syntax, disables MAC authentication for the entire system. Use a RADIUS server for authentication on which the radius-server host command has been configured. [Note] In order to actually use MAC authentication, you need to enable MAC authentication on the applicable interface as well. (auth-mac enable command) [Example] Enable MAC authentication for the entire system. SWP2(config)#aaa authentication auth-mac 5.3.
Command Reference | Interface control | 159 If this command is executed with the "no" syntax, the IEEE 802.1X authentication function will be disabled for the applicable interface. [Note] This command can be specified only for both LAN/SFP+ port and logical interface. [Example] This command can be specified only for LAN/SFP+ port. SWP2(config)#interface port1.1 SWP2(config-if)#dot1x port-control auto 5.3.5 Set for forwarding control on an unauthenticated port for IEEE 802.
| Command Reference | Interface control Maximum number of times EAPOL packets are transmitted [Initial value] dot1x max-auth-req 2 [Input mode] interface mode [Description] Sets the maximum value for the EAPOL packet transmission count for the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for both LAN/SFP+ port and logical interface.
Command Reference | Interface control | 161 Setting value case : Format hyphen xx-xx-xx-xx-xx-xx colon xx:xx:xx:xx:xx:xx unformatted xxxxxxxxxxxx Specify upper or lowercase Setting value Description lower-case Lower case(a~f) upper-case Upper case(A~F) [Initial value] auth-mac auth-user hyphen lower-case [Input mode] global configuration mode [Description] Changes the format of the user name and password used for authentication during MAC authentication.
| Command Reference | Interface control Static registrations (authentication information) can be cleared with the clear auth state command or the auth clear-state time command. To use this command, the MAC authentication function must be enabled on the target interface. (auth-mac enable command) [Example] Enable static registration of MAC authentication for LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#auth-mac static enable 5.3.
Command Reference | Interface control | 163 Operation mode Description single-host This mode allows communications for only one supplicant per port. Only the first supplicant that passes authentication is allowed. multi-host This mode allows communication with multiple supplicants for each port. If the first supplicant passes authentication, all other supplicants of the same port will be allowed to communicate without authentication.
| Command Reference | Interface control [Note] This command can only be set for LAN/SFP+ port and logical interface. Regardless of this setting, Web authentication is performed when an ID/Password is entered on the Web authentication screen. If the IEEE 802.1X authentication, MAC authentication, or Web authentication setting is disabled, that authentication method is not performed. To use this command, the port authentication function must be enabled on the target interface.
Command Reference | Interface control | 165 For interfaces on which dynamic VLAN is enabled, the associated VLAN is actively changed based on the property (TunnelPrivate-Group-ID) specified by the RADIUS server. [Note] This command can be specified only for both LAN/SFP+ port and logical interface. Changing the settings for this command will make the authentication state return to the default. When using dynamic VLAN in multi-supplicant mode, the VLAN can be specified for individual supplicants.
| Command Reference | Interface control [Initial value] auth timeout quiet-period 60 [Input mode] interface mode [Description] Sets the period during which authentication is suppressed for the applicable interface after authentication fails. If this command is executed with the "no" syntax, the setting returns to the default. All packets received during the authentication suppression period will be discarded. [Note] This command can be specified only for both LAN/SFP+ port and logical interface.
Command Reference | Interface control | 167 [Initial value] auth timeout server-timeout 30 [Input mode] interface mode [Description] Sets the reply wait time for the RADIUS server overall when authenticating a port of the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for both LAN/SFP+ port and logical interface.
| Command Reference | Interface control timeout : Sets the reply standby time for requests sent to the RADIUS server retransmit : Sets the number of times to resend the request to the RADIUS server key : Sets the password used for communicating with the RADIUS server : IPv4 address (A.B.C.D) or IPv6 address (X:X::X:X) [Parameter] host When specifying an IPv6 link local address, the transmitting interface also needs to be specified (fe80::X%vlanN format).
Command Reference | Interface control | 169 [Parameter] time : <1-1000> Standby time for replying to requests (seconds) [Initial value] radius-server timeout 5 [Input mode] global configuration mode [Description] Sets the reply wait time for each RADIUS server. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Interface control [Parameter] secret : Shared password Single-byte alphanumeric characters, and single-byte symbols other than the characters '?' and spaces (128 characters or less) [Initial value] no radius-server key [Input mode] global configuration mode [Description] Sets the shared password used when communicating with a RADIUS server. If this command is executed with the "no" syntax, the setting returns to the default.
Command Reference | Interface control | 171 [Input mode] global configuration mode [Description] Specifies a desired text string that is sent as the NAS-Identifier attribute to the RADIUS server for port authentication. If this setting is made, it is notified to RADIUS server as the NAS-Identifier attribute. If this setting is deleted, notification is stopped. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Interface control Interface port1.4 (down) 802.
Command Reference | Interface control | 173 SWP2#show auth statistics interface port1.1 Interface port1.1 EAPOL frames: Received frames : 11 EAPOL Start : 1 EAPOL Logoff : 0 EAP Response ID : 1 EAP Response : 9 Invalid EAPOL : 0 EAP Length error : 0 Last EAPOL version : 1 Last EAPOL source : 0011.2233.
| Command Reference | Interface control Authentication Port Secret Key Timeout Retransmit Count Deadtime : : : : : 1812 abcde 10 sec 5 0 min Server Host : 192.168.100.102 Authentication Port : 1645 Secret Key : fghij Timeout : 5 sec Retransmit Count : 3 Deadtime : 0 min 5.3.
Command Reference | Interface control | 175 [Example] Clear the authentication state for supplicants connected to LAN port #1. SWP2#clear auth state interface port1.1 5.3.
| Command Reference | Interface control 5.3.35 Set EAP pass through [Syntax] pass-through eap switch no pass-through eap [Parameter] switch : Behavior EAP pass through Setting value Description enable Enable the EAP pass through disable Disable the EAP pass through [Initial value] pass-through eap enable [Input mode] global configuration mode [Description] Enables/disables EAP pass-through, specifying whether EAPOL frames are forwarded. If "disable" is specified, EAP frames are discarded.
Command Reference | Interface control | 177 [Example] Enable port security for LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#port-security enable 5.4.2 Register permitted MAC addresses [Syntax] port-security mac-address no port-security mac-address [Initial value] none [Input mode] global configuration mode [Description] Registers MAC addresses that are allowed to communicate on ports for which port security has been enabled.
| Command Reference | Interface control [Input mode] priviledged EXEC mode [Description] Shows the port security information. [Example] Show the port security information. SWP2#show port-security status Port Security Action Status Last violation -------- --------- --------- --------- ----------------port1.1 Enabled Discard Blocking 00a0.de00.0003 port1.2 Disabled Discard Normal port1.3 Disabled Discard Normal port1.4 Disabled Discard Normal port1.5 Disabled Discard Normal port1.
Command Reference | Interface control | 179 SWP2(config)#errdisable auto-recovery bpduguard interval 600 Disable automatic recovery after loop detection has caused the errdisable state. SWP2(config)#no errdisable auto-recovery loop-detect 5.5.2 Show error detection function information [Syntax] show errdisable [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows information for the error detection function. The following items are shown.
| Command Reference | Layer 2 functions Chapter 6 Layer 2 functions 6.1 FDB (Forwarding Data Base) 6.1.
Command Reference | Layer 2 functions | 181 [Example] Set the dynamic entry ageing time to 400 seconds. SWP2(config)#mac-address-table ageing-time 400 6.1.
| Command Reference | Layer 2 functions ifname : Setting value Description forward Forward discard Discard Name of LAN/SFP+ port or logical interface Applicable interface vlan-id : <1-4094> Applicable VLAN ID [Initial value] none [Input mode] global configuration mode [Description] Registers a static entry in the MAC address table. If action is specified as "forward," received frames that match the specified MAC address and VLAN ID are forwarded to the specified interface.
Command Reference | Layer 2 functions | 183 SWP2>show mac-address-table VLAN port mac 1 port1.1 00a0.de11.2233 1 sa1 1803.731e.8c2b 1 sa2 782b.cbcb.218d fwd forward forward forward type static dynamic dynamic timeout 0 300 300 6.1.
| Command Reference | Layer 2 functions 6.2.
Command Reference | Layer 2 functions | 185 type : Type of private VLAN Setting value Description primary Primary VLAN community Secondary VLAN (community VLAN) isolated Secondary VLAN (isolated VLAN) [Initial value] none [Input mode] VLAN mode [Description] Uses vlan-id as a private VLAN. If this command is executed with the "no" syntax, the private VLAN setting is deleted, and it is used as a conventional VLAN.
| Command Reference | Layer 2 functions [Initial value] none [Input mode] VLAN mode [Description] Specify the association of the secondary VLAN (isolated VLAN, community VLAN) with the primary VLAN of the private VLAN. By specifying "add," specify the association of the vlan-id with the 2nd-vlan-ids. By specifying "remove," remove the association of the vlan-id and the 2nd-vlan-ids. If this command is executed with the "no" syntax, all associations to the primary VLAN are deleted.
Command Reference | Layer 2 functions | 187 [Parameter] vlan-id : <1-4094> Associated VLAN ID [Initial value] switchport access vlan 1 [Input mode] interface mode [Description] Sets the VLAN ID that is associated as an access port with the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be set only for a LAN/SFP+ port or logical interface for which the switchport mode access command is set.
| Command Reference | Layer 2 functions To specify the VLAN ID that is associated as a trunk port, use the switchport trunk allowed vlan command. To specify the native VLAN, use the switchport trunk native vlan command. [Example] Set LAN port #1 as a trunk port. SWP2(config)#interface port1.1 SWP2(config-if)#switchport mode trunk 6.2.
Command Reference | Layer 2 functions | 189 • • If you use the switchport trunk native vlan command to specify a VLAN ID that was associated by this command, it is removed from the specified VLAN ID. If you specify and associate a VLAN ID that was set by the switchport trunk native vlan command, switchport trunk native vlan none is set.
| Command Reference | Layer 2 functions 6.2.10 Set private VLAN port type [Syntax] switchport mode private-vlan port-type no switchport mode private-vlan port-type [Parameter] port-type : Port mode Setting value Description promiscuous Promiscuous port host Host port [Initial value] none [Input mode] interface mode [Description] Specifies the private VLAN port type for the applicable interface.
Command Reference | Layer 2 functions | 191 [Description] Specifies the primary VLAN that is associated as the host port of the private VLAN for the applicable interface, and associates the secondary VLAN. If this is executed with the "no" syntax, the setting of the primary VLAN associated as the host port of the applicable interface, and the association of the secondary VLAN, are deleted.
| Command Reference | Layer 2 functions [Note] This command can be set only for a LAN/SFP+ port that has been set as a promiscuous port by the switchport mode private-vlan command. In addition, it can also be set for the following interfaces that are specified as promiscuous ports. • • Interface that is operating as a trunk port logical interface pri-vlan-id and 2nd-vlan-ids must be associated by the private-vlan association command.
Command Reference | Layer 2 functions | 193 6.2.14 Set CoS value for voice VLAN [Syntax] switchport voice cos value no switchport voice cos [Parameter] value : <0-7> CoS value to specify for connected device [Initial value] switchport voice cos 5 [Input mode] interface mode [Description] Specify the CoS value to use for voice traffic by the connected device. The connected device is notified of the setting via LLDP-MED in the following cases. • • Voice VLAN is specified for the corresponding port.
| Command Reference | Layer 2 functions [Parameter] group-ids : <1-256> Multiple VLAN group ID To specify multiple items, use "-" or "," as shown below • • To select from group #2 through group #4: 2-4 To select group #2 and group #4: 2,4 [Initial value] none [Input mode] interface mode [Description] Specify the group of multiple VLAN. If a group is specified for the interface, the corresponding interface can communicate only with interfaces of the same multiple VLAN group.
Command Reference | Layer 2 functions | 195 If this command is executed with the "no" syntax, the setting returns to the default. The name that was set is shown with the show vlan multiple-vlan command. [Example] Set multiple VLAN group #10 with the name "Network1". SWP2(config)#multiple-vlan group 10 name Network1 6.2.
| Command Reference | Layer 2 functions Item Description Name Name of the VLAN VLAN status (whether frames are forwarded) State • • ACTIVE : forwarded SUSPEND : not forwarded Interfaces associated with the VLAN ID Member ports • • (u) : Access port (untagged port) (t) : Trunk port (tagged port) [Example] Show all VLAN information.
Command Reference | Layer 2 functions | 197 Multiple VLAN group ID [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the setting status for multiple VLAN groups. If the "group" specification is omitted, all groups that are actually assigned to the interface are shown. The setting state of the YMPI frame transmission function is also displayed. [Example] Shows the setting status for multiple VLAN groups.
| Command Reference | Layer 2 functions [Description] Sets the forward delay time. If this command is executed with the "no" syntax, the setting returns to the default. [Note] The setting of this command must satisfy the following conditions. 2 x (hello time + 1) <= maximum aging time <= 2 x (forward delay time - 1) The maximum aging time can be set by the spanning-tree max-age command. The hello time is always 2 seconds, and cannot be changed. [Example] Set the forward delay time to 10 seconds.
Command Reference | Layer 2 functions | 199 [Input mode] global configuration mode [Description] Sets the bridge priority. Lower numbers have higher priority. If this command is executed with the "no" syntax, the setting returns to the default. [Note] In the case of MSTP, this is the setting for CIST (instance #0). [Example] Set the bridge priority to 4096. SWP2(config)#spanning-tree priority 4096 6.3.
| Command Reference | Layer 2 functions [Input mode] interface mode [Description] Sets the link type for the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for LAN/SFP+ port and logical interface. It is not possible to specify this command for a LAN/SFP+ port that is associated to a logical interface.
Command Reference | Layer 2 functions | 201 Setting value Description enable Enables BPDU guard disable Disables BPDU guard [Initial value] spanning-tree bpdu-guard disable [Input mode] interface mode [Description] Sets BPDU guard for the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for LAN/SFP+ port and logical interface.
| Command Reference | Layer 2 functions It is not possible to specify this command for a LAN/SFP+ port that is associated to a logical interface. If a LAN/SFP+ port is associated with a logical interface, the setting of this command for the corresponding LAN/SFP+ port returns to the default. [Example] Set the path cost of LAN port #1 to 100000. SWP2(config)#interface port1.1 SWP2(config-if)#spanning-tree path-cost 100000 6.3.
Command Reference | Layer 2 functions | 203 If a LAN/SFP+ port is associated with a logical interface, the setting of this command for the corresponding LAN/SFP+ port returns to the default. [Example] Set LAN port #1 as the edge port. SWP2(config)#interface port1.1 SWP2(config-if)#spanning-tree edgeport 6.3.
| Command Reference | Layer 2 functions Item Description Configured Path Cost Path cost setting of the interface Add type Explicit ref count Number of STP domains associated with the interface Designated Port Id ID of the designated port Priority Priority of the interface Root Root bridge identifier. This consists of the root bridge priority (the first four hexadecimal digits) and MAC address Designated Bridge Bridge identifier.
Command Reference | Layer 2 functions | 205 % port1.1: % port1.1: % port1.1: % port1.1: timer 0 % port1.1: % port1.1: % port1.1: % port1.1: % port1.1: % port1.1: % port1.1: % port1.
| Command Reference | Layer 2 functions % % % % % % Message Age Timer Message Age Timer Value Topology Change Timer Topology Change Timer Value Hold Timer Hold Timer Value % Other Port-Specific Info -----------------------% Max Age Transitions % Msg Age Expiry % Similar BPDUS Rcvd % Src Mac Count % Total Src Mac Rcvd % Next State % Topology Change Time : : : : : : INACTIVE 0 INACTIVE 0 INACTIVE 0 : : : : : : : 1 0 0 0 3 Discard/Blocking 0 % Other Bridge information & Statistics ------------------
Command Reference | Layer 2 functions | 207 [Description] Moves to MST mode in order to make MST instance and MST region settings. [Note] To return from MST mode to global configuration mode, use the exit command. To return to priviledged EXEC mode, use the end command. [Example] Move to MST mode. SWP2(config)#spanning-tree mst configuration SWP2(config-mst)# 6.3.
| Command Reference | Layer 2 functions If this command is executed with the "no" syntax, the VLAN association for the MST instance is deleted. If as a result of this deletion, not even one VLAN is associated with the MST instance, the MST instance is deleted. If you specify an MST instance that has not been generated, the MST instance will also be generated. [Note] You cannot specify a VLAN ID that is associated with another MST instance. [Example] Associate VLAN #2 with MST instance #1.
Command Reference | Layer 2 functions | 209 [Example] Set the MST region name to "Test1". SWP2(config)#spanning-tree mst configuration SWP2(config-mst)#region Test1 6.3.20 Set revision number of MST region [Syntax] revision revision [Parameter] revision : <0-65535> Revision number [Initial value] revision 0 [Input mode] MST mode [Description] Sets the revision number of the MST region. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Layer 2 functions 6.3.
Command Reference | Layer 2 functions | 211 [Description] Sets the path cost of the applicable interface on an MST instance. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for LAN/SFP+ port and logical interface. It is not possible to specify this command for a LAN/SFP+ port that is associated to a logical interface.
| Command Reference | Layer 2 functions [Example] Show MSTP information.
Command Reference | Layer 2 functions | 213 [Keyword] interface : Specifies the interface to show : <1-15> [Parameter] instance-id ID of generated MST interface ifname : Name of LAN/SFP+ port or logical interface Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode, interface mode [Description] Shows information for the specified MST instance. If "interface" is omitted, information is shown for all interfaces that are assigned the specified MST instance.
| Command Reference | Layer 2 functions If this command is executed with the "no" syntax, the setting returns to the default. [Note] The spanning tree function and the loop detection function can be used together on the entire system. In order to enable the loop detection function, the loop detection function must be enabled on the interface in addition to this command. Even if the loop detection function is enabled, the loop detection function does not operate on the following interfaces.
Command Reference | Layer 2 functions | 215 Interface LPD disabled STP disabled LPD disabled System LPD enabled LPD enabled STP enabled STP disabled STP enaabled STP disabled - - - - STP enabled - STP - STP STP disabled - - LPD LPD STP enabled - STP LPD STP [Example] Enable the loop detection function of LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#loop-detect enable Enables the loop detection function of static logical interface #1.
| Command Reference | Layer 2 functions This executes blocking if a loop is detected on static logical interface #1. SWP2(config)#interface sa1 SWP2(config-if)#loop-detect blocking enable This executes blocking if a loop is detected on LACP logical interface #1. SWP2(config)#interface po1 SWP2(config-if)#loop-detect blocking enable Do not block if a loop is detected on LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#loop-detect blocking disable 6.4.
Command Reference | Layer 2 functions | 217 [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the settings and status of the loop detection function. The following items are shown.
| Command Reference | Layer 2 functions [Input mode] global configuration mode [Description] Enables or disables settings of the system-wide DHCP snooping function. If this command is executed with the "no" syntax, the setting returns to the default. [Note] To enable the DHCP snooping function, you must enable the DHCP snooping function for the VLAN interface in addition to using this command. Also, you must use the ip dhcp snooping trust command to set the port that is connected to the DHCP server.
Command Reference | Layer 2 functions | 219 6.5.3 DHCP snooping port type setting [Syntax] ip dhcp snooping trust no ip dhcp snooping trust [Initial value] None [Input mode] interface mode [Description] Sets the applicable interface as a trusted port for DHCP snooping. If this command is executed with the "no" syntax, the setting returns to the default. All ports are set as untrusted ports by default. [Note] This command can be specified only for the LAN/SFP ports and for logical interfaces.
| Command Reference | Layer 2 functions [Example] Disables MAC address verification setting. SWP2(config)#ip dhcp snooping verify mac-address disable 6.5.
Command Reference | Layer 2 functions | 221 [Initial value] None [Input mode] global configuration mode [Description] Enables forwarding of DHCP packets to which Option 82 information has been added at an untrusted port. If this command is executed with the "no" syntax, the setting returns to the default. [Example] This enables forwarding of DHCP packets to which Option 82 information has been added at an untrusted port. SWP2(config)#ip dhcp snooping information option allow-untrusted 6.5.
| Command Reference | Layer 2 functions vlan-ifindex : Use Circuit-ID type 2 VLAN ID, ifindex : Desired text string (single-byte alphanumeric characters and single-byte symbols, 63 characters or less) [Parameter] string [Initial value] ip dhcp snooping information option format-type circuit-id vlan-ifindex [Input mode] interface mode [Description] Specifies the information used for Option 82 Circuit-ID.
Command Reference | Layer 2 functions | 223 6.5.10 DHCP packet reception rate limitation setting [Syntax] ip dhcp snooping limit rate limit no ip dhcp snooping limit rate [Parameter] limit : 10 - 125 Number of DHCP packets that can be received per second (pps) [Initial value] None [Input mode] global configuration mode [Description] Sets the number of DHCP packets that can be received per second (pps) for the entire system.
| Command Reference | Layer 2 functions [Input mode] unprivileged EXEC mode、priviledged EXEC mode [Description] Shows DHCP snooping system setting information. [Example] This shows the DHCP snooping system setting information. SWP2>show ip dhcp snooping DHCP Snooping Information for system: DHCP Snooping service ............. Option 82 insertion ............... Option 82 on untrusted ports ...... Verify MAC address ................ Rate limit ........................ Logging ...........................
Command Reference | Layer 2 functions | 225 [Input mode] unprivileged EXEC mode、priviledged EXEC mode [Description] Shows information for the entries that are registered in the binding database. The entry information is as follows. • • • • • VLAN ID that received a DHCP message from a DHCP client Information on the interface that received a DHCP message from a DHCP client MAC addresses of DHCP clients IP addresses of DHCP clients Lease time [Example] Shows the contents of the binding database.
| Command Reference | Layer 2 functions [Example] This clears the binding database. SWP2#clear ip dhcp snooping binding 6.5.17 Clear the DHCP snooping statistics [Syntax] clear ip dhcp snooping statistics [Input mode] priviledged EXEC mode [Description] Clears the DHCP snooping statistics. [Example] This clears the DHCP snooping statistics.
Command Reference | Layer 3 functions | 227 Chapter 7 Layer 3 functions 7.1 IPv4 address management 7.1.1 Set IPv4 address [Syntax] ip address ip_address/mask [secondary] [label textline] ip address ip_address netmask [secondary] [label textline] no ip address ip_address/mask [secondary] no ip address ip_address netmask [secondary] no ip address [Keyword] label : Set label as IPv4 address secondary : Set as the secondary address : A.B.C.
| Command Reference | Layer 3 functions 7.1.2 Show IPv4 address [Syntax] show ip interface [interface] brief [Parameter] interface : VLAN interface name [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the IPv4 address for each interface. The following content is shown. • IPv4 address • • • • For secondary addresses, “(secondary)” is appended to the end of IPv4 addresses.
Command Reference | Layer 3 functions | 229 A secondary address cannot be set for interfaces that are set as DHCP clients. If this command is executed with the "no" syntax, the DHCP client setting is deleted. [Note] The lease time requested from the DHCP server is fixed at 72 hours. However, the actual lease time will depend on the setting of the DHCP server.
| Command Reference | Layer 3 functions no auto-ip [Parameter] switch : Behavior of the auto IP function Setting value Description enable Enable the auto IP function disable Disable the auto IP function [Initial value] auto-ip disable [Input mode] interface mode [Description] For the VLAN interface, enables the Auto IP function which automatically generates the IPv4 link local address (169.254.xxx.xxx/16).
Command Reference | Layer 3 functions | 231 Netmask in address format Set this to 0.0.0.0 if specifying the default gateway gateway : A.B.C.D IPv4 address of gateway number : <1-255> Administrative distance (priority order when selecting route) (if omitted: 1) Lower numbers have higher priority. [Initial value] none [Input mode] global configuration mode [Description] Adds a static route for IPv4. If this command is executed with the "no" syntax, the specified route is deleted.
| Command Reference | Layer 3 functions SWP2>show ip route 192.168.100.10 Routing entry for 192.168.100.0/24 Known via "connected", distance 0, metric 0, best * is directly connected, vlan1 7.2.3 Show IPv4 Routing Information Base [Syntax] show ip route database [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the IPv4 Routing Information Base (RIB). [Example] Show the IPv4 routing information base.
Command Reference | Layer 3 functions | 233 SWP2>show arp IP Address MAC Address Interface Type 192.168.100.10 00a0.de00.0000 vlan1 dynamic 192.168.100.100 00a0.de00.0001 vlan1 static 7.3.2 Clear ARP table [Syntax] clear arp-cache [Input mode] priviledged EXEC mode [Description] Clears the ARP cache. [Example] Clear the ARP cache. SWP2#clear arp-cache 7.3.3 Set static ARP entry [Syntax] arp ip_address mac_address interface no arp ip_address [Parameter] ip_address : A.B.C.
| Command Reference | Layer 3 functions [Input mode] interface mode [Description] Changes the length of time that ARP entries are maintained in the applicable VLAN interface. ARP entries that are not received within this length of time are deleted. If this command is executed with the "no" syntax, the ARP entry timeout is set to 300 seconds. [Example] Change the ARP entry ageing timeout for VLAN #1 to ten minutes. SWP2(config)#interface vlan1 SWP2(config)#arp-aging-timeout 600 7.3.
Command Reference | Layer 3 functions | 235 [Initial value] ip forwarding disable [Input mode] global configuration mode [Description] Enables or disables forwarding of IPv4 packets. If this is executed with the "no" syntax, the setting returns to the default. 7.4.2 Show IPv4 forwarding settings [Syntax] show ip forwarding [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the IPv4 packet forwarding settings. [Example] Shows the IPv4 packet forwarding settings.
| Command Reference | Layer 3 functions [Example] This allows jumbo frames of up to 10240 bytes between the LAN port #1 belonging to VLAN interface #1 and the LAN port #2 belonging to VLAN interface #2, and sets the MTU to 2000 bytes. SWP2(config)#interface port1.1-2 SWP2(config-if)#mru 10240 SWP2(config-if)#interface vlan1-2 SWP2(config-if)#mtu 2000 7.5 IPv4 ping 7.5.
Command Reference | Layer 3 functions | 237 7.5.2 Check IPv4 route [Syntax] traceroute host [Parameter] host : Destination for which to check the route Host name, or target IP address (A.B.C.D) [Input mode] priviledged EXEC mode [Description] Shows information for the route to the specified host. [Example] Check the route to 192.168.100.1. SWP2#traceroute 192.168.100.1 traceroute to 192.168.100.1 (192.168.100.1), 30 hops 1 192.168.10.1 (192.168.10.1) 0.563 ms 0.412 ms 2 192.168.20.1 (192.168.20.1) 0.
| Command Reference | Layer 3 functions 7.6.2 Set IPv6 address [Syntax] ipv6 address ipv6_address/prefix_len no ipv6 address ipv6_address/prefix_len no ipv6 address [Parameter] ipv6_address : X:X::X:X IPv6 address prefix_len : <0-127> IPv6 prefix length [Input mode] interface mode [Description] Specifies the IPv6 address and prefix length for the VLAN interface. An IPv6 address can be set for a VLAN interface for which the ipv6 enable command has been set.
Command Reference | Layer 3 functions | 239 However, if the ipv6 nd accept-ra-default-routes disable command has been set, nothing is added to the default gateway based on the RA. If "stateless" is specified, a DHCPv6 "Information-request" is sent and the unit operates in DHCPv6 stateless mode. If "stateless" is specified, this cannot be set for a VLAN interface for which the ipv6 dhcp client pd command has already been set. Only one DHCPv6 stateless can be set for one VLAN interface.
| Command Reference | Layer 3 functions The DHCPv6 client requests "OPTION_DNS_SERVERS" (option code 23) and "OPTION_DOMAIN_LIST" (option code 24) to the DHCPv6 server. When multiple options are returned from the DHCPv6 server, up to three can be obtained for a DNS server and up to six can be obtained for a domain list. You can use the show ipv6 dhcp interface command to confirm the DNS servers or domain lists obtained due to requests made by the DHCPv6 client.
Command Reference | Layer 3 functions | 241 [Note] If prefix information cannot be obtained via the DHCPv6-PD client function, the IPv6 address is not generated. The IPv6 address is not generated if the combination of the prefix information and lower (host) part of the address is incorrect, or if the subnet is duplicated across interfaces. [Example] This obtains the IPv6 prefix for VLAN #100 via the DHCPv6-PD client.
| Command Reference | Layer 3 functions You can use the show ipv6 dhcp interface command to confirm the DNS servers or domain lists obtained due to requests made by the DHCPv6-PD client. If there is no period (dot) at the end of the domain name of a domain list that was obtained, "." is appended. Even when this command is used to obtain a DNS server or query domain list from the DHCPv6-PD server, the settings of the dns-client name-server and dns-client domain-list commands take priority.
Command Reference | Layer 3 functions | 243 SWP2(config)#interface vlan100 SWP2(config-if)#ipv6 nd accept-ra-default-routes disable 7.6.8 Show IPv6 address [Syntax] show ipv6 interface [interface] brief [Parameter] interface : VLAN interface name Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the IPv6 address for each interface.
| Command Reference | Layer 3 functions [Example] Shows the DHCPv6 client status for all VLAN interface. SWP2#show ipv6 dhcp interface Interface vlan1 Client Type : IA_NA Address : 2001:db8:1:aa10::dd2d IAID : 0f28924a DUID : 000100010000000000a0de000000 preferred lifetime : 604800 valid lifetime : 2592000 expires : 2023/4/19 07:25:48 Interface vlan2 Client Type DUID DNS Server DNS Server Domain Name : : : : : Stateless 000100012ce737dbac44f284efdd 2001:db8:1:bb10::100 2001:db8:1:bb10::200 example.
Command Reference | Layer 3 functions | 245 [Parameter] prefix_len : <1-127> Length of ND prefix received [Initial value] None [Input mode] interface mode [Description] For a VLAN interface on which an IPv6 address (prefix /128) is automatically set via the ipv6 address dhcp command, all ND (Neighbor Discovery) packets are received regardless of the IPv6 address from which they are transmitted.
| Command Reference | Layer 3 functions number : <1-255> Management route (priority order when selecting route) (if omitted: 1) Lower numbers have higher priority. [Input mode] global configuration mode [Description] Adds a static route for IPv6. If this command is executed with the "no" syntax, the specified route is deleted. [Note] For the default gateway setting, the static route setting takes priority over the RA setting.
Command Reference | Layer 3 functions | 247 7.7.3 Show IPv6 Routing Information Base [Syntax] show ipv6 route database [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the IPv6 Routing Information Base (RIB). [Note] [Example] Show the IPv6 routing information base.
| Command Reference | Layer 3 functions interface : portN.M Physical interface name [Input mode] global configuration mode [Description] Adds a static entry to the neighbor cache. If this command is executed with the "no" syntax, the specified static entry is deleted. [Note] [Example] Set the MAC address of IPv6 2001:db8:cafe::1 located at port1.1 of VLAN #1, in the Neighbor cache. SWP2(config)#ipv6 neighbor 2001:db8:cafe::1 vlan1 00a0.de80.cafe port1.1 7.8.
Command Reference | Layer 3 functions | 249 [Parameter] switch : IPv6 packet forwarding settings Setting value Description enable Enable forwarding of IPv6 packets disable Disable forwarding of IPv6 packets [Initial value] ipv6 forwarding disable [Input mode] global configuration mode [Description] Enables or disables forwarding of IPv6 packets. If this is executed with the "no" syntax, the setting returns to the default. 7.9.
| Command Reference | Layer 3 functions datalen : <36-18024> Length of ICMP payload (if omitted: 56) timeout : <1-65535> Time to wait for a reply (if omitted: 2) Ignored if count is specified as "continuous" ipv6_address : X:X::X:X IPv6 address [Input mode] priviledged EXEC mode [Description] Send ICMPv6 Echo to the specified host, and wait for ICMPv6 Echo Reply. When it is received, indicate this. Show simple statistical information when the command ends.
Command Reference | Layer 3 functions | 251 7.11 DNS client 7.11.1 Set DNS lookup function [Syntax] dns-client switch no dns-client [Parameter] switch : Behavior of the DNS client Setting value Description enable Enable the DNS client disable Disable the DNS client [Initial value] dns-client disable [Input mode] global configuration mode [Description] Enables or disables the DNS lookup function. If this command is executed with the "no" syntax, the function is disabled.
| Command Reference | Layer 3 functions [Example] Add the IP addresses 192.168.100.1, 2001:db8::1234, and fe80::2a0:deff:fe11:2233 to the DNS server list. SWP2(config)#dns-client name-server 192.168.100.1 SWP2(config)#dns-client name-server 2001:db8::1234 SWP2(config)#dns-client name-server fe80::2a0:deff:fe11:2233%vlan1 7.11.
Command Reference | Layer 3 functions | 253 However if fewer than six items were registered by this command in the query domain list, up to six items from the query domain list obtained by the DHCP server are added to the end of this list. [Example] Add the domain names "example1.com" and "example2.com" to the search domain list. SWP2(config)#dns-client domain-list example1.com SWP2(config)#dns-client domain-list example2.com 7.11.
| Command Reference | IP multicast control Chapter 8 IP multicast control 8.1 IP multicast basic settings 8.1.
Command Reference | IP multicast control | 255 This command is prioritized over the settings for the system-wide processing method for unknown multicast frames. [Example] This discards the multicast frames received by VLAN #1 that are not registered in the MAC address table. SWP2(config)#interface vlan1 SWP2(config-if)#l2-unknown-mcast discard 8.1.
| Command Reference | IP multicast control The IPv4 multicast address specified by this command is excluded from IGMP snooping. [Example] Floods the frame 224.0.0.251 with the destination IPv4 address received by VLAN #1. SWP2(config)#interface vlan1 SWP2(config-if)#l2-mcast flood 224.0.0.251 8.1.
Command Reference | IP multicast control | 257 [Description] Enables the IGMP snooping setting of the interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for VLAN interface. [Example] Enable IGMP snooping for VLAN #2. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ip igmp snooping enable Disable IGMP snooping for VLAN #2.
| Command Reference | IP multicast control [Description] Statically sets the LAN/SFP+ port to which the multicast router is connected. If this command is executed with the "no" syntax, the setting is discarded. [Note] This command can be specified only for VLAN interface. The multicast router must be connected to the specified LAN/SFP+ port. If an IGMP report is received from the receiver, it is forwarded to the specified LAN/SFP+ port.
Command Reference | IP multicast control | 259 [Input mode] interface mode [Description] Sets the transmission interval for IGMP queries. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for VLAN interface. [Example] Set the VLAN #2 query transmission interval to 30 seconds.
| Command Reference | IP multicast control 8.2.7 Set IGMP version [Syntax] ip igmp snooping version version no ip igmp snooping version [Parameter] version : <2-3> IGMP version [Initial value] ip igmp snooping version 3 [Input mode] interface mode [Description] Sets the IGMP version. If this command is executed with the "no" syntax, the IGMP version returns to the default setting (V3). [Note] This command can be specified only for VLAN interface.
Command Reference | IP multicast control | 261 [Description] Configures IGMP report suppression. If this command is executed with the "no" syntax, the setting returns to the default. When enabled, the minimum number of messages will be sent to the multicast router ports based on the information obtained from the received Report messages and Leave messages. When disabled, the received Report messages and Leave messages will be sequentially transmitted to the multicast router ports.
| Command Reference | IP multicast control 8.2.10 Show multicast router connection port information [Syntax] show ip igmp snooping mrouter ifname [Parameter] ifname : VLAN interface name Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the multicast router connection port information that was dynamically learned or statically set. [Example] Show multicast router connection port information for VLAN #2.
Command Reference | IP multicast control | 263 8.2.12 Show an interface's IGMP-related information [Syntax] show ip igmp snooping interface ifname [Parameter] ifname : VLAN interface name Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows IGMP-related information for a VLAN interface. [Example] Show IGMP-related information for VLAN #1.
| Command Reference | IP multicast control [Example] Clear IGMP group membership entries for VLAN #1. SWP2#clear ip igmp snooping interface vlan1 8.3 MLD snooping 8.3.
Command Reference | IP multicast control | 265 Do not enable this command on a VLAN interface for which multiple hosts are connected to the LAN/SFP+ port. [Example] Enable MLD snooping fast-leave for VLAN #2. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ipv6 mld snooping fast-leave Disable MLD snooping fast-leave for VLAN #2. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#no ipv6 mld snooping fast-leave 8.3.
| Command Reference | IP multicast control [Note] This command can be specified only forVLAN interfaces. Also, this can be specified only if MLD snooping is enabled. When using this command, you must specify the ipv6 enable command for one of the VLAN interfaces. Note that if the ipv6 enable command has not been specified, MLD query is not transmitted. [Example] Enable the MLD query transmission function for VLAN #2.
Command Reference | IP multicast control | 267 [Input mode] interface mode [Description] Sets the MLD version. If this command is executed with the "no" syntax, the MLD version returns to the default setting (V2). [Note] This command can be specified only for VLAN interfaces. Also, this can be specified only if MLD snooping is enabled. If an MLD packet of a different version than this setting is received, the following action occurs.
| Command Reference | IP multicast control ifname : VLAN interface name Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows MLD group membership information. [Example] Show MLD group membership information. SWP2#show ipv6 mld snooping groups MLD Connected Group Membership Group Address Reporter ff15::1 fe80::a00:27ff:fe8b:87e3 Interface Uptime Expires port1.3 00:00:44 00:01:07 Show detailed MLD group membership information.
Command Reference | IP multicast control | 269 8.3.
| Command Reference | Traffic control Chapter 9 Traffic control 9.1 ACL 9.1.1 Generate IPv4 access list [Syntax] access-list ipv4-acl-id [seq_num] action protocol src-info [src-port] dst-info [dst-port] [ack] [fin] [psh] [rst] [syn] [urg] no access-list ipv4-acl-id [seq_num] [action protocol src-info [src-port] dst-info [dst-port] [ack] [fin] [psh] [rst] [syn] [urg]] [Keyword] ack : If tcp is specified as the protocol, the ACK flag of the TCP header is specified as a condition.
Command Reference | Traffic control | 271 Setting value src-port : Description A.B.C.D E.F.G.H Specifies an IPv4 address (A.B.C.D) with wildcard bits (E.F.G.H) A.B.C.D/M Specifies an IPv4 address (A.B.C.D) with subnet mask length (Mbit) host A.B.C.D Specifies a single IPv4 address (A.B.C.D) any Applies to all IPv4 addresses <0-65535> If protocol is specified as tcp or udp, this specifies the transmission source port number <0-65535> that is the condition. This can also be omitted.
| Command Reference | Traffic control [Example] Create access list #1 that denies communication from the source segment 192.168.1.0/24 to the destination 172.16.1.1. SWP2(config)#access-list 1 deny any 192.168.1.0 0.0.0.255 host 172.16.1.1 Delete IPv4 access list #1. SWP2(config)#no access-list 1 9.1.
Command Reference | Traffic control | 273 [Input mode] interface mode [Description] Applies an IPv4 access list to both LAN/SFP+ port and logical interface. If the received/transmitted frame matches the conditions in the access list, the action in the access list will be the action (permit, deny) for the corresponding frame. If this command is executed with the "no" syntax, the applied access list is deleted from both LAN/SFP+ port and logical interface.
| Command Reference | Traffic control [Input mode] global configuration mode [Description] Generates an IPv6 access list. Multiple conditions (maximum 256) can be specified for the generated access list. To apply the generated access list, use the access-group command of interface mode. If the "no" syntax is used to specify "action" and following, the IPv6 access list that matches all conditions is deleted.
Command Reference | Traffic control | 275 [Parameter] ipv6-acl-id : <3001-4000> ID of IPv6 access list to apply direction : Specifies the direction of applicable frames Setting value Description in Apply to received frames out Apply to transmitted frames [Initial value] none [Input mode] interface mode [Description] Applies an IPv6 access list to both LAN/SFP+ port and logical interface.
| Command Reference | Traffic control Setting value src-info : Description deny "Deny" the condition permit "Permit" the condition Specifies the transmission-source MAC address information that is the condition Setting value dst-info : Description HHHH.HHHH.HHHH WWWW.WWWW.WWWW Specifies the MAC address (HHHH.HHHH.HHHH) with wildcard bits (WWWW.WWWW.WWWW) host HHHH.HHHH.HHHH Specifies an individual MAC address (HHHH.HHHH.
Command Reference | Traffic control | 277 [Parameter] mac-acl-id : <2001-3000> ID of the MAC access list to which to add a description line : Description to add. Can be up to 32 ASCII characters [Initial value] none [Input mode] global configuration mode [Description] Add a description to the generated MAC access list. If this command is executed with the "no" syntax, the MAC description is cleared.
| Command Reference | Traffic control [Example] Apply access list #2001 to received frames of LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#access-group 2001 in 9.1.10 Show generated access list [Syntax] show access-list [acl_id] [Parameter] acl-id : <1-2000>, <2001-3000>, <3001-4000> ID of access list [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the registered access list. If acl-id is omitted, all access lists are shown.
Command Reference | Traffic control | 279 [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] For each interface, shows the ID of all access lists that are applied. [Example] Show a list. SWP2>show Interface Interface Interface access-group port1.1 : IPv4 access group 1 in port1.7 : IPv6 access group 3002 in port1.8 : MAC access group 2001 in 9.1.
| Command Reference | Traffic control If this command is executed with the "no" syntax, the specified access list is deleted from the corresponding VLAN access map. [Note] Only one access list can be specified for one VLAN access map. You can use the show vlan access-map command to view the setting. [Example] Create a VLAN access map named "VAM001", and specify an access list that denies packets from 192.168.0.1. SWP2(config)#access-list 2 deny any 192.168.0.
Command Reference | Traffic control | 281 9.1.16 Show VLAN access map [Syntax] show vlan access-map [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the registered VLAN access map. The following items are shown. • • Name of the VLAN access map Access list applied to VLAN access map [Example] Show VLAN access map information. SWP2>show vlan access-map Vlan access-map VAM001 match ipv4 access-list 2 9.1.
| Command Reference | Traffic control [Input mode] global configuration mode [Description] Enables QoS. If this is executed with the "no" syntax, QoS is disabled. At this time, the related QoS settings are also deleted. [Note] If the flow control system setting is enabled, it is not possible to enable QoS. Many of the commands related to QoS cannot be executed unless QoS is left enabled. [Example] Enable QoS. SWP2(config)#qos enable Disable QoS. SWP2(config)#qos disable 9.2.
Command Reference | Traffic control | 283 [Parameter] mode : Trust mode Setting value Description cos Determines the egress queue based on the CoS value dscp Determines the egress queue based on the DSCP value port-priority Applies the specified priority to the receiving port [Initial value] qos trust cos [Input mode] interface mode [Description] Specifies the trust mode of LAN/SFP+ port and logical interface.
| Command Reference | Traffic control 9.2.4 Show status of QoS function setting [Syntax] show qos [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the enabled (Enable) or disabled (Disable) status of the QoS function. [Example] Show the status of the system's QoS setting. SWP2#show qos Enable 9.2.5 Show QoS information for interface [Syntax] show qos interface [ifname] [Parameter] ifname : Name of the LAN/SFP+ port or logical interface.
Command Reference | Traffic control | 285 Port Default CoS Priority: 0 Egress Traffic Shaping: Rate 30016 Kbps, Burst 1876 KByte Queue Scheduling: Queue0 : Weight 1 Queue1 : Weight 1 Queue2 : Weight 2 Queue3 : Weight 5 Queue4 : Weight 5 Queue5 : Weight 5 Queue6 : SP Queue7 : SP ( 5.3%) ( 5.3%) (10.5%) (26.3%) (26.3%) (26.3%) Cos (Queue): 0(2), 1(0), 2(1), 3(3), 4(4), 5(5), 6(6), 7(7) Special Queue Assignment: Sent From CPU: Queue7 Show the QoS settings of LAN port #1.
| Command Reference | Traffic control SWP2#show qos queue-counters port1.1 QoS: Enable Interface port1.1 Queue Counters: Queue 0 59.4 % Queue 1 15.0 % Queue 2 0.0 % Queue 3 0.0 % Queue 4 0.0 % Queue 5 3.6 % Queue 6 0.0 % Queue 7 0.1 % 9.2.
Command Reference | Traffic control | 287 9.2.8 Set DSCP - egress queue ID conversion tabl [Syntax] qos dscp-queue dscp-value queue-id no qos dscp-queue dscp-value [Parameter] dscp-value : <0-63> DSCP value of the conversion source queue-id : <0-7> Egress queue ID corresponding to DSCP value [Initial value] See [Note] [Input mode] global configuration mode [Description] Specifies the values of the DSCP - egress queue ID conversion table that is used to determine the egress queue.
| Command Reference | Traffic control [Input mode] interface mode [Description] Specifies the priority (egress queue ID) for the receiving interface to LAN/SFP+ port and logical interface. If this is executed with the "no" syntax, the egress queue ID for the specified interface is returned to the default setting (2). The port priority is used to determine the egress queue when the trust mode is set to "port priority." [Note] In order to execute this command, QoS must be enabled.
Command Reference | Traffic control | 289 [Input mode] global configuration mode [Description] Generates a class map. A class map defines the conditions used to classify received frames into traffic classes, and consists of conditions defined by the match command and the corresponding action (permit/deny).Class map actions are handled as follows. Class map actions are handled as follows.
| Command Reference | Traffic control • • Categorize bandwidth classes as CIR:48kbps, CBS:12kbyte, and EBS:12kbyte Green: forward, Yellow: rewrite DSCP value to 10, Red: discard [Traffic class definition] SWP2(config)#access-list 1 permit any 10.1.0.0 0.0.255.
Command Reference | Traffic control | 291 [Input mode] class map mode [Description] Uses the CoS value of the VLAN tag header as the condition to classify the traffic class. If this is executed with the "no" syntax, the CoS condition setting is deleted. The setting can be repeated up to the maximum number (eight) of registrations. [Note] In order to execute this command, QoS must be enabled. [Example] Specify CoS values "1" and "2" as the classification conditions for class map "class1.
| Command Reference | Traffic control [Note] In order to execute this command, QoS must be enabled. [Example] Specify DSCP values "48" and "56" as the classification conditions for class map "class1." SWP2(config)#class-map class1 SWP2(config-cmap)#match ip-dscp 48 56 9.2.
Command Reference | Traffic control | 293 [Description] Uses the VLAN ID as the condition to classify the traffic class. If this is executed with the "no" syntax, the classification conditions using VLAN ID are deleted. The setting can be repeated up to the maximum number (30) of registrations. [Note] In order to execute this command, QoS must be enabled. [Example] Specify VLAN #20 as the classification conditions for class map "class1". SWP2(config)#class-map class1 SWP2(config-cmap)#match vlan 20 9.2.
| Command Reference | Traffic control Section Item Description Classification conditions (match) Match Access-List Access list ID Match ethertype Ethernet Type Match vlan VLAN ID Match vlan-range • • Match CoS CoS value Match IP precedence TOS precedence Match IP DSCP DSCP value The classification condition is shown only once for each type that is specified. A classification condition for which a corresponding command (match) is not set will not be shown.
Command Reference | Traffic control | 295 SWP2(config)#access-list 1 permit any 10.1.0.0 0.0.255.255 any SWP2(config)#class-map class1 SWP2(config-cmap)#match access-list 1 SWP2(config-cmap)#exit [Policy settings] SWP2(config)#policy-map policy1 SWP2(config-pmap)#class class1 SWP2(config-pmap-c)#police 48 12 12 yellow-action remark red-action drop SWP2(config-pmap-c)#remark-map yellow ip-dscp 10 SWP2(config-pmap-c)#exit SWP2(config-pmap)#exit SWP2(config)#interface port1.
| Command Reference | Traffic control Remove policy map "policy1" from LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#no service-policy input policy1 9.2.23 Set pre-marking (CoS) [Syntax] set cos value no set cos [Parameter] value : <0 - 7> CoS value set by pre-marking [Input mode] policy map class mode [Description] Changes the CoS value of the classified traffic class to the specified CoS value.
Command Reference | Traffic control | 297 [Note] In order to execute this command, QoS must be enabled. Pre-marking cannot be used in conjunction with the set egress queue function. [Example] Make the following settings for received frames of LAN port #1 • • Permit traffic from the 10.1.0.0 network Change the classified traffic class to TOS precedence "5". [Traffic class definition] SWP2(config)#access-list 1 permit any 10.1.0.0 0.0.255.
| Command Reference | Traffic control SWP2(config)#access-list 1 permit any 10.1.0.0 0.0.255.255 any SWP2(config)#class-map class1 SWP2(config-cmap)#match access-list 1 SWP2(config-cmap)#exit [Policy settings] SWP2(config)#policy-map policy1 SWP2(config-pmap)#class class1 SWP2(config-pmap-c)#set ip-dscp 10 SWP2(config-pmap-c)#exit SWP2(config-pmap)#exit SWP2(config)#interface port1.1 SWP2(config-if)#service-policy input policy1 9.2.
Command Reference | Traffic control | 299 [Example] Make the following settings for received frames of LAN port #1 • • • Permit traffic from the 10.1.0.0 network Categorize bandwidth classes as CIR:48kbps, CBS:12kbyte, and EBS:12kbyte Green: forward, Yellow: rewrite DSCP value to 10, Red: discard [Traffic class definition] SWP2(config)#access-list 1 permit any 10.1.0.0 0.0.255.
| Command Reference | Traffic control However, remarking can be specified for either Yellow or Red, not both. Detailed remarking settings are made using the remark-map command (policy map class mode). Regardless of whether action is set to "remark," remarking is disabled if there are no detailed remarking settings for that bandwidth class. In this case, the default settings (Yellow: forward, Red: discard) are applied.
Command Reference | Traffic control | 301 [Description] Specifies remarking operations for bandwidth classes Yellow and Red that were classified by individual policers. In addition, reassign the egress queue according to the egress queue ID table that corresponds to the trust mode. For remarking, you can select either CoS value, TOS precedence, or DSCP value. If this is executed with the "no" syntax, the remarking setting is deleted.
| Command Reference | Traffic control • A policy map that includes a class map specified by the aggregate policer is applied to LAN/SFP+ port and logical interface. In the following case, the aggregate policer cannot be deleted. • The police-aggregate command was used to set the aggregate policer to a traffic class [Note] In order to execute this command, QoS must be enabled. [Example] Generate aggregate policer "AGP-01". SWP2(config)#aggregate-police AGP-01 SWP2(config-agg-policer)# 9.2.
Command Reference | Traffic control | 303 • • Executing metering by SrTCM with CIR:48kbps, CBS:12kbyte, and EBS:12kbyte Yellow: rewrite DSCP value to 10, Red: discard [Aggregate policer creating] SWP2(config)#aggregate-police AGP-01 SWP2(config-agg-policer)#police single-rate 48 12 12 yellow-action remark red-action drop SWP2(config-agg-policer)#remark-map yellow ip-dscp 10 SWP2(config-agg-policer)#exit 9.2.
| Command Reference | Traffic control • Yellow: rewrite DSCP value to 10, Red: discard [Aggregate policer creating] SWP2(config)#aggregate-police AGP-01 SWP2(config-agg-policer)#police twin-rate 48 96 12 12 yellow-action remark redaction drop SWP2(config-agg-policer)#remark-map yellow ip-dscp 10 SWP2(config-agg-policer)#exit 9.2.
Command Reference | Traffic control | 305 PHB DSCP value RFC Expedited Forwarding(EF) 46 2598 [Example] Make the following settings for aggregate policer "AGP-01".
| Command Reference | Traffic control [Note] In order to execute this command, QoS must be enabled. [Example] Apply aggregate policer "AGP-01" to the two traffic classes "class1" and "class2" of policy map "policy1.
Command Reference | Traffic control | 307 Class-map : class2 class3 Green Bytes : 28672 Yellow Bytes : 2048 Red Bytes : 51552 9.2.36 Clear metering counters [Syntax] clear qos metering-counters [ifname] [Parameter] ifname : LAN/SFP+ port name or logical interface name. If this is omitted, the command applies to all ports.
| Command Reference | Traffic control [Policy settings] SWP2(config)#policy-map policy1 SWP2(config-pmap)#class class1 SWP2(config-pmap-c)#set cos-queue 3 SWP2(config-pmap-c)#exit SWP2(config-pmap)#exit SWP2(config)#interface port1.1 SWP2(config-if)#service-policy input policy1 9.2.
Command Reference | Traffic control | 309 [Description] Shows information for the specified policy map. The following content is shown. Item Description Policy-Map Name Policy map name State Application status of the policy map (attached/detached) Class-Map Name Class map information. For details, refer to the show classmap command.
| Command Reference | Traffic control [Note] In order to execute this command, QoS must be enabled. [Example] Show information for policy map "policy1". SWP2#show policy-map policy1 Policy-Map Name: policy1 State: attached Class-Map Name: class1 Qos-Access-List Name: 1 Police: Mode: SrTCM average rate (48 Kbits/sec) burst size (12 KBytes) excess burst size (12 KBytes) yellow-action (Remark [DSCP:10]) red-action (Drop) 9.2.
Command Reference | Traffic control | 311 [Example] Show the status of policy map "policy1". SWP2#show qos map-status policy policy1 policy1 status input port : port1.3 edit/erase : Disable attach limitation CoS trust mode : Enable DSCP trust mode : Enable Port-Priority trust mode : Disable Show the status of class map "class1".
| Command Reference | Traffic control [Example] Set egress queues #7 and #6 to the SP method (7 has priority), and set #5, #4, #3, #2, #1, and #0 to the WRR method (5:5:5:2:1:1). SWP2(config)#no qos wrr-weight 7 SWP2(config)#no qos wrr-weight 6 SWP2(config)#qos wrr-weight 5 5 SWP2(config)#qos wrr-weight 4 5 SWP2(config)#qos wrr-weight 3 5 SWP2(config)#qos wrr-weight 2 2 SWP2(config)#qos wrr-weight 1 1 SWP2(config)#qos wrr-weight 0 1 9.2.
Command Reference | Traffic control | 313 [Initial value] no traffic-shpe queue 0 rate no traffic-shpe queue 1 rate no traffic-shpe queue 2 rate no traffic-shpe queue 3 rate no traffic-shpe queue 4 rate no traffic-shpe queue 5 rate no traffic-shpe queue 6 rate no traffic-shpe queue 7 rate [Input mode] interface mode [Description] Specifies shaping for the egress queue of the port. If this is executed with the "no" syntax, the egress queue shaping setting is disabled.
| Command Reference | Traffic control [Example] Enable flow control for system. SWP2(config)#flowcontrol enable 9.3.2 Set flow control (IEEE 802.
Command Reference | Traffic control | 315 [Note] The number of PAUSE frames sent and received are shown only if flow control is enabled on the corresponding port. The number of PAUSE frames sent and received is cleared when you execute the clear frame-counters command. [Example] Show flow control information for LAN port #1. SWP2#show flowcontrol port1.1 Port FlowControl RxPause TxPause ------------------------- ------port1.1 Both 4337 0 Show flow control information for all ports.
| Command Reference | Traffic control 9.4.2 Show storm control reception upper limit [Syntax] show storm-control [ifname] [Parameter] ifname : LAN/SFP+ port interface name Interface to show [Initial value] none [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the upper limit value for frame reception. If the interface name is omitted, all interfaces are shown. [Example] Show the setting status of all interfaces. SWP2#show storm-control Port BcastLevel McastLevel port1.
Command Reference | Application | 317 Chapter 10 Application 10.1 Local RADIUS server 10.1.
| Command Reference | Application SWP2(config)#radius-server local interface vlan1 SWP2(config)#radius-server local interface vlan100 10.1.3 Generate a route certificate authority [Syntax] crypto pki generate ca [ca-name] no crypto pki generate ca [Parameter] ca-name : Certificate authority name Characters that can be inputted for the certificate authority name • • • Within 3–32 characters Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces Cannot specify “
Command Reference | Application | 319 [Parameter] mode : Authentication method Setting value Description pap PAP authentication method peap PEAP authentication method eap-md5 EAP-MD5 authentication method eap-tls EAP-TLS authentication method eap-ttls EAP-TTLS authentication method [Initial value] authentication pap peap eap-md5 eap-tls eap-ttls [Input mode] RADIUS configuration mode [Description] Specifies the authentication method used for the local RADIUS server.
| Command Reference | Application [Initial value] nas 127.0.0.1 key secret_local [Input mode] RADIUS configuration mode [Description] Adds a RADIUS client (NAS) to the RADIUS client list. The maximum number of registered entries is 100. If this command is executed with the "no" syntax, the specified RADIUS client setting is deleted. [Note] RADIUS client (NAS) information configured using this command will not display in running-config or startup-config.
Command Reference | Application | 321 vlan-id : <1-4094> VLAN number for dynamic VLAN mac-address : hhhh.hhhh.hhhh (h is hexadecimal) MAC address for terminal (user) to authenticate ssid : SSID connection point (32 characters or less, single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces ) name : User name (32 characters or less, single-byte alphanumeric characters and symbols other than the characters " ? and spaces mail-address : Mail address (256 cha
| Command Reference | Application SWP2(config)#radius-server local-profile SWP2(config-radius)#user yamaha secretpassword mac 00a0.de00.0001 auth peap name YamahaTaro 10.1.8 Reauthentication interval setting [Syntax] reauth interval time no reauth interval [Parameter] time : <3600,43200,86400,604800> Reauthentication interval (no.
Command Reference | Application | 323 (within 3–32 characters; cannot specify “DEFAULT”) Authentication method Characters that can be inputted EAP-MD5, EAP-TTLS, PEAP, PAP Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces EAP-TLS Single-byte alphanumeric characters and symbols other than the characters \ [ ] / : * | < > " ? and spaces [Input mode] priviledged EXEC mode [Description] This issues client certificates to users for which the EAP-TLS certificatio
| Command Reference | Application 10.1.
Command Reference | Application | 325 (within 3–32 characters; cannot specify “DEFAULT”) Authentication method Characters that can be inputted: EAP-MD5, EAP-TTLS, PEAP, PAP Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces EAP-TLS Single-byte alphanumeric characters and symbols other than the characters \ [ ] / : * | < > " ? and spaces [Input mode] priviledged EXEC mode [Description] Sends client certificates to each user via e-mail attachment.
| Command Reference | Application 10.1.15 Show authenticated user information [Syntax] show radius-server local user [detail userid] [Keyword] detail : Show detailed information for the specified user : User ID [Parameter] userid (within 3–32 characters; cannot specify “DEFAULT”) Authentication method Characters that can be inputted EAP-MD5, EAP-TTLS, PEAP, PAP Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces EAP-TLS Single-byte alphanumeric char
Command Reference | Application | 327 Issuance status Contents Issuance of client certificate aborted by executing “certificate abort” or other command aborted [Example] Shows the issuance status for client certificates. SWP2#show radius-server local certificate status certificate process: done. 10.1.
| Command Reference | Application Reason for revocation expired Contents Revocation due to expired term of validity [Example] Displays the list of revoked client certificates.
Command Reference | Index | 329 Index A aaa authentication auth-mac 157 aaa authentication auth-web 158 aaa authentication dot1x 157 access-group (IPv4) 272 access-group (IPv6) 274 access-group (MAC) 277 access-list (IPv4) 270 access-list (IPv6) 273 access-list (MAC) 275 access-list description (IPv4) 272 access-list description (IPv6) 274 access-list description (MAC) 276 action 125 aggregate-police 301 arp 233 arp-ageing-timeout 233 arp-ageing-timeout request 234 auth clear-state time (global configurati
| Command Reference | Index interface reset 141 ip address 227 ip address dhcp 228 ip dhcp snooping (global configuration mode) 217 ip dhcp snooping (interface mode) 218 ip dhcp snooping information option 220 ip dhcp snooping information option allow-untrusted 220 ip dhcp snooping information option format remote-id 221 ip dhcp snooping information option format-type circuit-id 221 ip dhcp snooping limit rate 223 ip dhcp snooping logging 223 ip dhcp snooping subscriber-id 222 ip dhcp snooping trust 219
Command Reference | Index | 331 R radius-server deadtime 170 radius-server host 167 radius-server key 169 radius-server local enable 317 radius-server local interface 317 radius-server local refresh 322 radius-server local-profile 318 radius-server retransmit 169 radius-server timeout 168 reauth interval 322 region 208 reload 128 remark-map (aggregate policer mode) 304 remark-map (policy map class mode) 300 restart 128 revision 209 rmon 68 rmon alarm 71 rmon clear counters 76 rmon event 70 rmon history 69
| Command Reference | Index show rmon history 74 show rmon statistics 74 show running-config 36 show sflow 79 show sflow sampling 80 show snmp community 66 show snmp group 67 show snmp user 68 show snmp view 67 show spanning-tree 203 show spanning-tree mst 211 show spanning-tree mst config 211 show spanning-tree mst instance 212 show spanning-tree statistics 205 show ssh-server 89 show ssh-server host key 92 show startup-config 36 show static-channel-group 147 show storm-control 316 show system-diagnost
