User Manual
Table Of Contents
- Contents
- Introduction
- How to read the command reference
- How to use the commands
- Configuration
- Maintenance and operation functions
- 4.1 Passwords
- 4.2 User account maintenance
- 4.3 Configuration management
- 4.4 Manage boot information
- 4.5 Show unit information
- 4.6 System self-diagnostics
- 4.7 Cable diagnostics
- 4.8 Time management
- 4.8.1 Set clock manually
- 4.8.2 Set time zone
- 4.8.3 Configuring daylight saving time (recurring)
- 4.8.4 Configuring daylight saving time (by date)
- 4.8.5 Show current time
- 4.8.6 Set NTP server
- 4.8.7 Synchronize time from NTP server (one-shot update)
- 4.8.8 Synchronize time from NTP server (update interval)
- 4.8.9 Show NTP server time synchronization settings
- 4.9 Terminal settings
- 4.10 Management
- 4.11 SYSLOG
- 4.11.1 Set log notification destination (SYSLOG server)
- 4.11.2 Setting the notification format of the log
- 4.11.3 Setting the log facility value
- 4.11.4 Set log output level (debug)
- 4.11.5 Set log output level (informational)
- 4.11.6 Set log output level (error)
- 4.11.7 Set log console output
- 4.11.8 Back up log
- 4.11.9 Clear log
- 4.11.10 Show log
- 4.12 SNMP
- 4.12.1 Set host that receives SNMP notifications
- 4.12.2 Setting the time to wait before sending a notification message at system boot
- 4.12.3 Set notification type to transmit
- 4.12.4 Set system contact
- 4.12.5 Set system location
- 4.12.6 Set SNMP community
- 4.12.7 Set SNMP view
- 4.12.8 Set SNMP group
- 4.12.9 Set SNMP user
- 4.12.10 IP address restrictions for clients that can access the SNMP server
- 4.12.11 Show SNMP community information
- 4.12.12 Show SNMP view settings
- 4.12.13 Show SNMP group settings
- 4.12.14 Show SNMP user settings
- 4.13 RMON
- 4.13.1 Set RMON function
- 4.13.2 Set RMON Ethernet statistical information group
- 4.13.3 Set RMON history group
- 4.13.4 Set RMON event group
- 4.13.5 Set RMON alarm group
- 4.13.6 Show RMON function status
- 4.13.7 Show RMON Ethernet statistical information group status
- 4.13.8 Show RMON history group status
- 4.13.9 Show RMON event group status
- 4.13.10 Show RMON alarm group status
- 4.13.11 Clear counters of the RMON Ethernet statistical information group
- 4.14 sFlow
- 4.14.1 Set sFlow function
- 4.14.2 Set sFlow agent
- 4.14.3 Set sFlow collector
- 4.14.4 Set maximum size of sFlow datagram
- 4.14.5 Set sampling rate of packet flow sampling
- 4.14.6 Set maximum Ethernet frame header size for packet flow sampling
- 4.14.7 Set polling interval for counter sampling
- 4.14.8 Show sFlow status
- 4.14.9 Show sFlow sampling information
- 4.15 Telnet server
- 4.16 Telnet client
- 4.17 TFTP server
- 4.18 HTTP server
- 4.18.1 Start HTTP server and change listening port number
- 4.18.2 Start secure HTTP server and change listening port number
- 4.18.3 Show HTTP server settings
- 4.18.4 Set hosts that can access the HTTP server
- 4.18.5 Restrict access to the HTTP server according to the IP address of the client
- 4.18.6 Web GUI display language
- 4.18.7 Set log-in timeout time for HTTP server
- 4.19 SSH server
- 4.19.1 Start SSH server and change listening port number
- 4.19.2 Show SSH server settings
- 4.19.3 Set host that can access the SSH server
- 4.19.4 Set client that can access the SSH server
- 4.19.5 Generate SSH server host key
- 4.19.6 Clear SSH server host key
- 4.19.7 Show SSH server public key
- 4.19.8 Set SSH client alive checking
- 4.20 SSH client
- 4.21 E-mail notification
- 4.21.1 SMTP e-mail server settings
- 4.21.2 SMTP e-mail server name settings
- 4.21.3 E-mail notification trigger settings
- 4.21.4 E-mail transmission template settings mode
- 4.21.5 E-mail transmission server ID settings
- 4.21.6 E-mail transmission source address setting
- 4.21.7 Destination e-mail address setting for e-mail transmission
- 4.21.8 Setting for subject used when sending e-mails
- 4.21.9 Wait time settings for e-mail transmission
- 4.21.10 E-mail settings when sending certificates
- 4.21.11 E-mail settings for certificate notification
- 4.21.12 Notification timing settings for expired certificates
- 4.21.13 Show e-mail transmission information
- 4.22 Yamaha Unified Network Operation Service (Y-UNOS)
- 4.23 LLDP
- 4.23.1 Enable LLDP function
- 4.23.2 Set system description
- 4.23.3 Set system name
- 4.23.4 Create LLDP agent
- 4.23.5 Set automatic setting function by LLDP
- 4.23.6 Set LLDP transmission/reception mode
- 4.23.7 Set type of management address
- 4.23.8 Set basic management TLVs
- 4.23.9 Set IEEE-802.1 TLV
- 4.23.10 Set IEEE-802.3 TLV
- 4.23.11 Set LLDP-MED TLV
- 4.23.12 Set LLDP frame transmission interval
- 4.23.13 Set LLDP frame transmission interval for high speed transmission period
- 4.23.14 Set time from LLDP frame transmission stop until re-initialization
- 4.23.15 Set multiplier for calculating time to live (TTL) of device information
- 4.23.16 Set number of LLDP frames transmitted during the high speed transmission period
- 4.23.17 Set maximum number of connected devices manageable by a port
- 4.23.18 Global interface setting for LLDP function
- 4.23.19 Show interface status
- 4.23.20 Show information for connected devices of all interfaces
- 4.23.21 Clear LLDP frame counters
- 4.24 L2MS (Layer 2 management service) settings
- 4.25 Snapshot
- 4.26 Firmware update
- 4.27 Schedule
- 4.28 General maintenance and operation functions
- Interface control
- 5.1 Interface basic settings
- 5.1.1 Set description
- 5.1.2 Shutdown
- 5.1.3 Set speed and duplex mode
- 5.1.4 Set MRU
- 5.1.5 Set cross/straight automatic detection
- 5.1.6 Set EEE
- 5.1.7 Show EEE capabilities
- 5.1.8 Show EEE status
- 5.1.9 Set port mirroring
- 5.1.10 Show port mirroring status
- 5.1.11 Show interface status
- 5.1.12 Show brief interface status
- 5.1.13 Resetting an interface
- 5.1.14 Show frame counter
- 5.1.15 Clear frame counters
- 5.1.16 Show SFP+ module status
- 5.1.17 Set SFP+ module optical reception level monitoring
- 5.1.18 Configuring transmission queue usage rate monitoring (system)
- 5.1.19 Configuring transmission queue usage rate monitoring (interface)
- 5.1.20 Display configuration for transmission queue usage rate monitoring
- 5.2 Link aggregation
- 5.2.1 Set static logical interface
- 5.2.2 Show static logical interface status
- 5.2.3 Set LACP logical interface
- 5.2.4 Show LACP logical interface status
- 5.2.5 Set LACP system priority order
- 5.2.6 Show LACP system priority
- 5.2.7 LACP different-speed link aggregation settings
- 5.2.8 Set LACP timeout
- 5.2.9 Clear LACP frame counters
- 5.2.10 Show LACP frame counter
- 5.2.11 Set load balance function rules
- 5.2.12 Show protocol status of LACP logical interface
- 5.2.13 Set LACP port priority order
- 5.3 Port authentication
- 5.3.1 Configuring the IEEE 802.1X authentication function for the entire system
- 5.3.2 Configuring the MAC authentication function for the entire system
- 5.3.3 Configuring the Web authentication function for the entire system
- 5.3.4 Set operation mode for the IEEE 802.1X authentication function
- 5.3.5 Set for forwarding control on an unauthenticated port for IEEE 802.1X authentication
- 5.3.6 Set the EAPOL packet transmission count
- 5.3.7 Set the MAC authentication function
- 5.3.8 Set MAC address format during MAC authentication
- 5.3.9 Configuring static registration for MAC authentication
- 5.3.10 Set the Web authentication function
- 5.3.11 Set host mode
- 5.3.12 Configuring the authentication order
- 5.3.13 Set re-authentication
- 5.3.14 Set dynamic VLAN
- 5.3.15 Set the guest VLAN
- 5.3.16 Suppression period settings following failed authentication
- 5.3.17 Set reauthentication interval
- 5.3.18 Set the reply wait time for the RADIUS server overall
- 5.3.19 Set supplicant reply wait time
- 5.3.20 Set RADIUS server host
- 5.3.21 Set the reply wait time for each RADIUS server
- 5.3.22 Set number of times to resend requests to RADIUS server
- 5.3.23 Set RADIUS server shared password
- 5.3.24 Set time of RADIUS server usage prevention
- 5.3.25 Set NAS-Identifier attribute sent to RADIUS server
- 5.3.26 Show port authentication information
- 5.3.27 Show supplicant information
- 5.3.28 Show statistical information
- 5.3.29 Clear statistical information
- 5.3.30 Show RADIUS server setting information
- 5.3.31 Settings for redirect destination URL following successful Web authentication
- 5.3.32 Clear the authentication state
- 5.3.33 Setting the time for clearing the authentication state (system)
- 5.3.34 Setting the time for clearing the authentication state (interface)
- 5.3.35 Set EAP pass through
- 5.4 Port security
- 5.5 Error detection function
- 5.1 Interface basic settings
- Layer 2 functions
- 6.1 FDB (Forwarding Data Base)
- 6.2 VLAN
- 6.2.1 Move to VLAN mode
- 6.2.2 Set VLAN interface
- 6.2.3 Set private VLAN
- 6.2.4 Set secondary VLAN for primary VLAN
- 6.2.5 Set access port (untagged port)
- 6.2.6 Set associated VLAN of an access port (untagged port)
- 6.2.7 Set trunk port (tagged port)
- 6.2.8 Set associated VLAN for trunk port (tagged port)
- 6.2.9 Set native VLAN for trunk port (tagged port)
- 6.2.10 Set private VLAN port type
- 6.2.11 Set private VLAN host port
- 6.2.12 Set promiscuous port for private VLAN
- 6.2.13 Set voice VLAN
- 6.2.14 Set CoS value for voice VLAN
- 6.2.15 Set DSCP value for voice VLAN
- 6.2.16 Set multiple VALN group
- 6.2.17 Set name of multiple VLAN group
- 6.2.18 Configuring the YMPI frame transmission when multiple VLANs are configured
- 6.2.19 Show VLAN information
- 6.2.20 Show private VLAN information
- 6.2.21 Show multiple VLAN group setting information
- 6.3 STP (Spanning Tree Protocol)
- 6.3.1 Set spanning tree for the system
- 6.3.2 Set forward delay time
- 6.3.3 Set maximum aging time
- 6.3.4 Set bridge priority
- 6.3.5 Set spanning tree for an interface
- 6.3.6 Set spanning tree link type
- 6.3.7 Set interface BPDU filtering
- 6.3.8 Set interface BPDU guard
- 6.3.9 Set interface path cost
- 6.3.10 Set interface priority
- 6.3.11 Set edge port for interface
- 6.3.12 Show spanning tree status
- 6.3.13 Show spanning tree BPDU statistics
- 6.3.14 Clear protocol compatibility mode
- 6.3.15 Move to MST mode
- 6.3.16 Generate MST instance
- 6.3.17 Set VLAN for MST instance
- 6.3.18 Set priority of MST instance
- 6.3.19 Set MST region name
- 6.3.20 Set revision number of MST region
- 6.3.21 Set MST instance for interface
- 6.3.22 Set interface priority for MST instance
- 6.3.23 Set interface path cost for MST instance
- 6.3.24 Show MST region information
- 6.3.25 Show MSTP information
- 6.3.26 Show MST instance information
- 6.4 Loop detection
- 6.5 DHCP snooping
- 6.5.1 Enable/disable setting for DHCP snooping (system)
- 6.5.2 Enable/disable DHCP snooping (VLAN) setting
- 6.5.3 DHCP snooping port type setting
- 6.5.4 Enable/disable setting for MAC address verification
- 6.5.5 Enable/disable Option 82 setting
- 6.5.6 Settings for permitting receipt of packets on an untrusted port, including Option 82 information
- 6.5.7 Option 82 Remote-ID settings
- 6.5.8 Option 82 Circuit-ID settings
- 6.5.9 Option 82 Subscriber-ID settings
- 6.5.10 DHCP packet reception rate limitation setting
- 6.5.11 Setting to enable/disable SYSLOG output when DHCP packets are discarded
- 6.5.12 Show DHCP snooping system setting information
- 6.5.13 Show interface setting information for DHCP snooping
- 6.5.14 View the binding database
- 6.5.15 Show DHCP snooping statistics
- 6.5.16 Clear the binding database
- 6.5.17 Clear the DHCP snooping statistics
- Layer 3 functions
- 7.1 IPv4 address management
- 7.2 IPv4 route control
- 7.3 ARP
- 7.4 IPv4 forwarding control
- 7.5 IPv4 ping
- 7.6 IPv6 address management
- 7.6.1 Set IPv6
- 7.6.2 Set IPv6 address
- 7.6.3 Set RA for IPv6 address
- 7.6.4 Set dynamic IPv6 addresses with a DHCPv6 client
- 7.6.5 Set an IPv6 address using DHCPv6-PD
- 7.6.6 Set DHCPv6-PD client
- 7.6.7 Set automatic registration of default gateway using RA
- 7.6.8 Show IPv6 address
- 7.6.9 Show DHCPv6 client status
- 7.6.10 Reset DHCPv6 client
- 7.6.11 Set ND prefix received when configuring a DHCPv6 client
- 7.7 IPv6 route control
- 7.8 Neighbor cache
- 7.9 IPv6 forwarding control
- 7.10 IPv6 ping
- 7.11 DNS client
- IP multicast control
- 8.1 IP multicast basic settings
- 8.1.1 Set processing method for unknown multicast frames
- 8.1.2 Setting the processing method for unknown multicast frames (interface)
- 8.1.3 Forwarding setting for link local multicast frames
- 8.1.4 Forwarding setting for multicast frames
- 8.1.5 Enable/disable function to transmit IGMP/MLD query when topology changes
- 8.2 IGMP snooping
- 8.2.1 Set enable/disable IGMP snooping
- 8.2.2 Set IGMP snooping fast-leave
- 8.2.3 Set multicast router connection destination
- 8.2.4 Set query transmission function
- 8.2.5 Set IGMP query transmission interval
- 8.2.6 Set TTL value verification function for IGMP packets
- 8.2.7 Set IGMP version
- 8.2.8 Settings for IGMP Report Suppression
- 8.2.9 Settings for Suppression of Data Transmission to Multicast Router Ports
- 8.2.10 Show multicast router connection port information
- 8.2.11 Show IGMP group membership information
- 8.2.12 Show an interface's IGMP-related information
- 8.2.13 Clear IGMP group membership entries
- 8.3 MLD snooping
- 8.3.1 Enable/disable MLD snooping
- 8.3.2 Set MLD snooping fast-leave
- 8.3.3 Set multicast router connection destination
- 8.3.4 Set query transmission function
- 8.3.5 Set MLD query transmission interval
- 8.3.6 Set MLD version
- 8.3.7 Show multicast router connection port information
- 8.3.8 Show MLD group membership information
- 8.3.9 Show an interface's MLD-related information
- 8.3.10 Clear MLD group membership entries
- 8.1 IP multicast basic settings
- Traffic control
- 9.1 ACL
- 9.1.1 Generate IPv4 access list
- 9.1.2 Adding a description for IPv4 access list
- 9.1.3 Apply IPv4 access list
- 9.1.4 Generate IPv6 access list
- 9.1.5 Adding a description for IPv6 access list
- 9.1.6 Apply IPv6 access list
- 9.1.7 Generate MAC access list
- 9.1.8 Adding a description for MAC access lists
- 9.1.9 Apply MAC access list
- 9.1.10 Show generated access list
- 9.1.11 Clear counters
- 9.1.12 Show access list applied to interface
- 9.1.13 Set VLAN access map and move to VLAN access map mode
- 9.1.14 Set access list for VLAN access map
- 9.1.15 Set VLAN access map filter
- 9.1.16 Show VLAN access map
- 9.1.17 Show VLAN access map filter
- 9.2 QoS (Quality of Service)
- 9.2.1 Enable/disable QoS
- 9.2.2 Set default CoS
- 9.2.3 Set trust mode
- 9.2.4 Show status of QoS function setting
- 9.2.5 Show QoS information for interface
- 9.2.6 Show egress queue usage ratio
- 9.2.7 Set CoS - egress queue ID conversion table
- 9.2.8 Set DSCP - egress queue ID conversion tabl
- 9.2.9 Set port priority order
- 9.2.10 Specify egress queue of frames transmitted from the switch itself
- 9.2.11 Generate class map (traffic category conditions)
- 9.2.12 Associate class map
- 9.2.13 Set traffic classification conditions (access-list)
- 9.2.14 Set traffic classification conditions (CoS)
- 9.2.15 Set traffic classification conditions (TOS precedence)
- 9.2.16 Set traffic classification conditions (DSCP)
- 9.2.17 Set traffic classification conditions (Ethernet Type)
- 9.2.18 13.2.22 Set traffic classification conditions (VLAN ID)
- 9.2.19 Set traffic classification conditions (VLAN ID range)
- 9.2.20 Show class map information
- 9.2.21 Generate policy map for received frames
- 9.2.22 Apply policy map for received frames
- 9.2.23 Set pre-marking (CoS)
- 9.2.24 Set pre-marking (TOS precedence)
- 9.2.25 Set pre-marking (DSCP)
- 9.2.26 Set individual policers (single rate)
- 9.2.27 Set individual policers (twin rate)
- 9.2.28 Set remarking of individual policers
- 9.2.29 Generate aggregate policer
- 9.2.30 Set aggregate policer (single rate)
- 9.2.31 Set aggregate policer (twin rate)
- 9.2.32 Set remarking of aggregate policers
- 9.2.33 Show aggregate policers
- 9.2.34 Apply aggregate policer
- 9.2.35 Show metering counters
- 9.2.36 Clear metering counters
- 9.2.37 Set egress queue (CoS-Queue)
- 9.2.38 Set egress queue (DSCP-Queue)
- 9.2.39 Show policy map information
- 9.2.40 Show map status
- 9.2.41 Set egress queue scheduling
- 9.2.42 Set traffic shaping (individual port)
- 9.2.43 Set traffic-shaping (queue units)
- 9.3 Flow control
- 9.4 Storm control
- 9.1 ACL
- Application
- 10.1 Local RADIUS server
- 10.1.1 Local RADIUS server function settings
- 10.1.2 Set access interface
- 10.1.3 Generate a route certificate authority
- 10.1.4 RADIUS configuration mode
- 10.1.5 Authentication method settings
- 10.1.6 RADIUS client (NAS) settings
- 10.1.7 Authenticated user settings
- 10.1.8 Reauthentication interval setting
- 10.1.9 Apply setting data to local RADIUS server
- 10.1.10 Issuing a client certificate
- 10.1.11 Aborting the issue of a client certificate
- 10.1.12 Revoking client certificates
- 10.1.13 Exporting of client certificates (sending via e-mail)
- 10.1.14 Show RADIUS client (NAS) status
- 10.1.15 Show authenticated user information
- 10.1.16 Client certificate issuance status display
- 10.1.17 Client certificate list display
- 10.1.18 Revoked client certificate list display
- 10.1 Local RADIUS server
- Index
6.5.3 DHCP snooping port type setting
[Syntax]
ip dhcp snooping trust
no ip dhcp snooping trust
[Initial value]
None
[Input mode]
interface mode
[Description]
Sets the applicable interface as a trusted port for DHCP snooping.
If this command is executed with the "no" syntax, the setting returns to the default.
All ports are set as untrusted ports by default.
[Note]
This command can be specified only for the LAN/SFP ports and for logical interfaces.
This cannot be set for LAN/SFP ports that belong to a logical interface.
DHCP packet filtering is not performed with trusted ports, and trusted ports are set as ports to which trusted DHCP servers are
connected.
DHCP packet filtering is processed for untrusted ports as follows.
• DHCP packets transmitted from the DHCP server are discarded.
• Discard IP address release requests (DHCP RELEASE) and IP address duplicate detection notifications (DHCP DECLINE)
received from an interface whose MAC address is registered in the binding database and which is also dif
ferent from the
registered interface.
• When MAC address verification is enabled, the MAC address for the DHCP packet transmission source is compared with
the client hardware database (chaddr). If the two do not match, the relevant DHCP packet is discarded.
• When Option 82 is enabled and the Option 82 information is already added to the DHCP packet received from the DHCP
client, the relevant DHCP packet is discarded.
[Example]
This specifies port1.5 as a trusted port.
SWP2(config)#interface port1.5
SWP2(config-if)#ip dhcp snooping trust
6.5.4 Enable/disable setting for MAC address verification
[Syntax]
ip dhcp snooping verify mac-address
switch
no ip dhcp snooping verify mac-address
[Parameter]
switch : MAC address verification setting
Setting value Description
enable Enables MAC address verification setting
disable Disables MAC address verification setting
[Initial value]
ip dhcp snooping verify mac-address enable
[Input mode]
global configuration mode
[Description]
The MAC address for the transmission source of the DHCP packet received from an untrusted port is compared with the client
hardware database (chaddr). If the two do not match, the relevant DHCP packet is discarded.
If this command is executed with the "no" syntax, the setting returns to the default.
Command Reference | Layer 2 functions | 219