Yamaha L2 Switch SWP2 series (SWP2-10SMF, SWP2-10MMF) Command Reference Rev.2.03.
| Command Reference | Contents Contents Preface: Introduction.........................................................................................................11 Chapter 1: How to read the command reference............................................................12 1.1 Applicable firmware revision........................................................................................................................................12 1.2 How to read the command reference.........................
Command Reference | Contents | 3 4.4 Manage boot information..............................................................................................................................................37 4.4.1 Show boot information...................................................................................................................................37 4.4.2 Clear boot information......................................................................................................................
| Command Reference | Contents 4.13.3 Set RMON history group.............................................................................................................................68 4.13.4 Set RMON event group................................................................................................................................69 4.13.5 Set RMON alarm group...............................................................................................................................70 4.13.
Command Reference | Contents | 5 4.21.9 Set IEEE-802.1 TLV..................................................................................................................................101 4.21.10 Set IEEE-802.3 TLV................................................................................................................................101 4.21.11 Set LLDP-MED TLV...............................................................................................................................102 4.21.
| Command Reference | Contents 5.1.19 Configuring transmission queue usage rate monitoring (interface)...........................................................137 5.1.20 Display configuration for transmission queue usage rate monitoring........................................................138 5.2 Link aggregation.........................................................................................................................................................139 5.2.1 Set static logical interface.
Command Reference | Contents | 7 6.1.2 Set dynamic entry ageing time.....................................................................................................................172 6.1.3 Clear dynamic entry.....................................................................................................................................173 6.1.4 Set static entry...........................................................................................................................................
| Command Reference | Contents 7.1.1 Set IPv4 address...........................................................................................................................................210 7.1.2 Show IPv4 address.......................................................................................................................................210 7.1.3 Automatically set IPv4 address by DHCP client.........................................................................................211 7.1.
Command Reference | Contents | 9 8.2.11 Show IGMP group membership information.............................................................................................237 8.2.12 Show an interface's IGMP-related information..........................................................................................238 8.2.13 Clear IGMP group membership entries......................................................................................................238 8.3 MLD snooping............................
| Command Reference | Contents 9.2.30 Set aggregate policer (single rate)..............................................................................................................277 9.2.31 Set aggregate policer (twin rate)................................................................................................................278 9.2.32 Set remarking of aggregate policers...........................................................................................................279 9.2.
Preface Introduction • • • • • Unauthorized reproduction of this document in part or in whole is prohibited. The contents of this document are subject to change without notice. Yamaha disclaims all responsibility for any damages caused by loss of data or other problems resulting from the use of this product. The warranty is limited to this physical product itself. Please be aware of these points. The information contained in this document has been carefully checked and is believed to be reliable.
| Command Reference | How to read the command reference Chapter 1 How to read the command reference 1.1 Applicable firmware revision This command reference applies to firmware Yamaha L2 Switch SWP2 of Rev.2.03.18. For the latest firmware released after printing of this command reference, manuals, and items that differ, access the following URL and see the information in the WWW server. https://www.yamaha.com/proaudio/ 1.
Command Reference | How to read the command reference | 13 1.4 Input syntax for commands starting with the word "no" Many commands also have a form in which the command input syntax starts with the word no. If you use a syntax that with begins with the word no, the settings of that command are deleted and returned to the default value, unless explained otherwise.
| Command Reference | How to use the commands Chapter 2 How to use the commands The SWP2 lets you perform command operations in the following two ways. Type of operation Method of operation Description Operation via console • • • Access from a console terminal Access from a TELNET client Access from a SSH client Issue commands one by one to interactively make settings or perform operations.
Command Reference | How to use the commands | 15 2.1.3 Access from an SSH client You can use an SSH client on a computer to connect to the SSH server of the SWP2 and control it. In order to make settings using SSH, you must first set up a connection environment (IP network) and then make SSH server settings. The IP address settings of the SWP2 are as follows. • • The default IPv4 address setting is ip address dhcp for VLAN #1. To change the IPv4 address, use the ip address command.
| Command Reference | How to use the commands Setting item Content of setting Number of lines shown in one page of the terminal screen Specifies the number of lines shown on one page of the terminal screen. This can be set as 0--512 lines/page, and the default setting is 24 lines/page. When displaying in this state, 23 lines are displayed, then "--More---" is displayed and the system waits for key input.
Command Reference | How to use the commands | 17 • Remote path for applicable files (No automatic restart) Applicable configuration Applicable file running-config CONFIG file (.txt) config ✓ ✓ - startup-config (USER mode) CONFIG file (.txt) config0 ✓ ✓ - All settings (.zip) ✓ ✓ - startup-config (DANTE mode) CONFIG file (.txt) config1 ✓ - - All settings (.
| Command Reference | How to use the commands Please change the default password for admin. New Password: New Password(Confirm): Saving ... Succeeded to write configuration If the incorrect password is entered three times in a row, you will be restricted from logging in for one minute. After one minute has passed, please enter the correct password. • Login restriction screen • • Username: user Password: % Incorrect username or password, or login as user is restricted.
Command Reference | How to use the commands | 19 2.4.2 individual configuration mode individual configuration mode is the overall name for the mode in which you can make detailed settings for specific items such as LAN/SFP+ port, VLAN interface, and QoS. To enter individual configuration mode, issue the command for transitioning to the respective mode from global configuration mode. On SWP2, individual configuration mode contains the following modes.
| Command Reference | How to use the commands Keyboard operation • → Move right one character ← Move left one character Press Esc, then F Move right one word (move to the character following the end of the word at the cursor location) Press Esc, then B Move left one word (move to the first character of the word at the cursor location) Ctrl + A Move to the beginning of the line Ctrl + E Move to the end of the line Deleting an input character Keyboard operation Backspace Ctrl + H Ctrl + D Pr
Command Reference | How to use the commands | 21 2.5.3 Input command completion and keyword candidate list display If you press the "Tab" key while entering a command in the console, the command name is completed. If you press the "Tab" key after entering a keyword, a list of keyword candidates that can be entered next is shown. The same operation can also be performed by pressing the "Ctrl + I" key.
| Command Reference | How to use the commands State Forwarding % port1.3: Port Number 907 - Ifindex 5003 - Port Id 0x838b - Role Disabled State Forwarding % port1.4: Port Number 908 - Ifindex 5004 - Port Id 0x838c - Role Disabled State Forwarding % port1.6: Port Number 910 - Ifindex 5006 - Port Id 0x838e - Role Disabled State Forwarding % port1.7: Port Number 911 - Ifindex 5007 - Port Id 0x838f - Role Disabled State Forwarding % port1.
Command Reference | Configuration | 23 Chapter 3 Configuration 3.1 Manage setting values The SWP2 uses the following configurations to manage its settings. Description User operations that can be performed Running configuration (running-config) Setting values currently used for operation. Managed in RAM. Note Save to startup configuration (in USER mode) Save some functions to backup configuration (in DANTE mode) Startup configuration (startup-config) In USER mode, setting values saved in Flash ROM.
| Command Reference | Configuration Setting position #2 #3 VLAN preset type Up (OFF) Up (OFF) Normal Down (ON) Up (OFF) A Up (OFF) Down (ON) B Down (ON) Down (ON) C The common setting values and presets are shown first, and then the specific to the presets setting values are shown.
Command Reference | Configuration | 25 Category L2 switching DNS cliant Traffic control Web GUI • Common setting L2MS L2 switching Traffic control • Default value Automatic MAC address learning enabled Automatic MAC address learning aging time 300 sec Spanning tree enabled Proprietary loop detection enabled Behavior enabled QoS enabled QoS DSCP - transmission queue ID conversion table DSCP: 8 → transmission queue: 2 Other than above → transmission queue: 0 Flow control (IEEE 802.
| Command Reference | Configuration • Interface L2MS Filter LAG(Static) Port Mode VLAN STP port1.8 Disable - Access 1(default) - port1.9 Disable - Access 1(default) - port1.10 Disable - Access 1(default) - port1.11 Disable - Access 1(default) ✓ port1.
Command Reference | Configuration | 27 • • Category Setting item IP multicast control Function to transmit IGMP/MLD query Enabled (wait time 5 sec) when topology changes SWP2's VLAN preset B settings (LAN/SFP+ port) Interface L2MS Filter LAG(static) Port Mode VLAN STP port1.1 Disable - Access 1(default) - port1.2 Disable - Access 1(default) - port1.3 Disable - Access 1(default) - port1.4 Disable - Access 1(default) - port1.5 Disable - Access 2 - port1.
| Command Reference | Configuration • • IGMP Snooping: Enable • Querier : Enable • Query Interval : 30 sec • Fast-leave : Disable • Check TTL : Disable VLAN #2(for Control) • IGMP Snooping: Enable • • • • Querier : Enable Query Interval : 30 sec Fast-leave : Disable Check TTL : Disable
Command Reference | Maintenance and operation functions | 29 Chapter 4 Maintenance and operation functions 4.1 Passwords 4.1.
| Command Reference | Maintenance and operation functions [Description] Enables password encryption. If this is enabled, the password entered by the password command, the enable password command, and the username command are saved in the configuration in an encrypted form. If this command is executed with the "no" syntax, password encryption is disabled, and the password entered by the password command, the enable password command, and the username command are saved in the configuration as plaintext.
Command Reference | Maintenance and operation functions | 31 [Description] Sets user information. A maximum of 33 items of user information can be registered. However, while there can be up to 32 privilege off users, 1 privilege on user is required. The following words cannot be registered as user names.
| Command Reference | Maintenance and operation functions [Example] Grants privileges to user1234 registered users. SWP2(config)#username user1234 privilege on 4.2.3 Show login user information [Syntax] show users [Input mode] unprivileged EXEC mode, priviledged EXEC mode, global configuration mode [Description] Shows information on the current logged-in users. The following items are shown. Item Description Shows the login method.
Command Reference | Maintenance and operation functions | 33 [Initial value] no banner motd [Input mode] global configuration mode [Description] Sets the banner that is displayed when logging in to the console. [Example] Set the banner display to "Hello World!". Username: Password: SWP2 Rev.2.03.01 (Fri Sep 7 00:00:00 2018) Copyright (c) 2018 Yamaha Corporation. All Rights Reserved. SWP2>enable SWP2#configure terminal Enter configuration commands, one per line.
| Command Reference | Maintenance and operation functions SWP2#copy running-config startup-config Succeeded to write configuration SWP2# 4.3.2 Save running configuration [Syntax] write save [Input mode] priviledged EXEC mode, individual configuration mode [Description] Saves the current operating settings (running configuration) as the settings for startup (startup configuration).
Command Reference | Maintenance and operation functions | 35 4.3.
| Command Reference | Maintenance and operation functions [Description] Shows the startup settings (startup configuration). [Note] The startup configuration that is shown is determined by the unit's DIP switch #1 at the time that the unit is started. [Example] Shows the startup settings (startup configuration) at next startup.
Command Reference | Maintenance and operation functions | 37 [Input mode] priviledged EXEC mode [Description] Erase the settings used at startup (startup config) and the information associated with them. [Note] The startup configuration that is erased is determined by the unit's DIP switch #1 at the time that the unit is started. [Example] Erase the startup configuration. SWP2#erase startup-config Succeeded to erase configuration. SWP2# 4.3.
| Command Reference | Maintenance and operation functions [Example] Show the current boot information. SWP2>show boot Running EXEC: SWP2 Rev.2.03.01 (Fri Sep Previous EXEC: SWP2 Rev.2.03.01 (Fri Sep Restart by reload command Shows a list of the boot history. SWP2>show boot list No.
Command Reference | Maintenance and operation functions | 39 NAME : DESCR : Vendor: PID : VID : SN : SFP1 10G Base-LR Yamaha YSFP-10G-LR V1.0 Z5H00000YJ NAME : DESCR : Vendor: PID : VID : SN : SFP2 10G Base-LR Yamaha YSFP-10G-LR V1.0 Z5H00001YJ SWP2> 4.5.2 Show operating information [Syntax] show environment [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows information about the system's operating environment. The following items are shown.
| Command Reference | Maintenance and operation functions [Description] Shows the usage status of the disk used by the system. • • Area used by the system (including settings information) Temporary : Temporary area [Example] Show the disk usage status. SWP2#show disk-usage Category Total Used Free Used (%) ----------- -------- -------- -------- -------System 160.6M 1.1M 154.8M 1% Temporary 80.0M 2.4M 77.6M 3% 4.5.
Command Reference | Maintenance and operation functions | 41 4.5.6 Show technical support information [Syntax] show tech-support [Input mode] priviledged EXEC mode [Description] Show technical support information. The technical support information includes a list of the results of executing the following commands.
| Command Reference | Maintenance and operation functions Command Executable show ipv6 route database ✓ show arp ✓ show ipv6 neighbors ✓ show ip igmp snooping groups ✓ show ip igmp snooping interface ✓ show ipv6 mld snooping groups ✓ show ipv6 mld snooping interface ✓ show radius-server local certificate status ✓ show radius-server local nas ✓ show radius-server local user ✓ show radius-server local certificate list ✓ show radius-server local certificate revoke ✓ [Example] Show
Command Reference | Maintenance and operation functions | 43 4.6.1 Showing system self-diagnostics results [Syntax] show system-diagnostics [Input mode] unprivileged EXEC mode、priviledged EXEC mode [Description] Shows all system self-diagnostics results (bootup diagnostics, on-demand diagnostics, and health-monitoring diagnostics). [Example] Shows system self-diagnostics results.
| Command Reference | Maintenance and operation functions [Example] Executes on-demand diagnostics. SWP2#system-diagnostics on-demand execute The system will be rebooted after diagnostics. Continue ? (y/n) y on-demand diagnostics completed (pass). reboot immediately... 4.6.3 Clearing the on-demand diagnostics results [Syntax] clear system-diagnostics on-demand [Input mode] priviledged EXEC mode [Description] Clears the on-demand diagnostics results. [Example] Clears the on-demand diagnostics results.
Command Reference | Maintenance and operation functions | 45 [Example] Clear the results of the prior cable diagnostic execution. SWP2#clear cable-diagnostics tdr SWP2# 4.7.3 Display cable diagnostic results [Syntax] show cable-diagnostics tdr show test cable-diagnostics tdr [Input mode] unprivileged EXEC mode、priviledged EXEC mode [Description] Displays the result of the prior cable-diagnostics tdr execute interface command execution. [Example] Display the result of the last cable diagnostic execution.
| Command Reference | Maintenance and operation functions [Parameter] zone : UTC, JST Name of the time zone shown when standard time is in effect offset : -12:00, -11:00, ... , -1:00, +1:00, ... , +13:00 Enter the difference from UTC [Initial value] clock timezone UTC [Input mode] global configuration mode [Description] Sets the time zone. If this command is executed with the "no" syntax, UTC is specified. [Example] Set the time zone to JST.
Command Reference | Maintenance and operation functions | 47 [Note] Daylight saving times cannot overlap. [Example] Set daylight saving time to start at 2 AM on the second Sunday of March and end at 2 AM on the first Sunday of November every year. SWP2(config)#clock summer-time JDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 4.8.
| Command Reference | Maintenance and operation functions [Description] Shows the current time, year, month, and date. When detail is specified, detailed information (current time and daylight saving time) is displayed. If daylight saving time is recurring, it displays the actual date of the next (or currently in effect) daylight saving time period. [Example] Show current time. SWP2>show clock Thu Jan 1 00:00:00 JST 2015 Display detailed information about the current time.
Command Reference | Maintenance and operation functions | 49 If this command is executed with the "no" syntax, the NTP server setting is deleted. If time synchronization is performed with two NTP servers specified, they are queried in the order of NTP server 1 and NTP server 2 as shown by the show ntpdate command. The query to NTP server 2 is performed only if synchronization with NTP server 1 fails. [Example] Specify 192.168.1.1 as the NTP server. SWP2(config)#ntpdate server ipv4 192.168.1.
| Command Reference | Maintenance and operation functions SWP2(config)#ntpdate interval 0 4.8.9 Show NTP server time synchronization settings [Syntax] show ntpdate [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the settings that are related to time synchronization from an NTP server. [Example] Show time synchronization settings. *If the synchronization update interval is one hour SWP2#show ntpdate NTP Server 1 : ntp.nict.
Command Reference | Maintenance and operation functions | 51 no line vty port1 [port2] [Parameter] port1 : <0-7> VTY port number port2 : <0-7> Last VTY port number when specifying a range [Initial value] no line vty 0 7 [Input mode] global configuration mode [Description] After enabling the specified VTY ports, moves to line mode for making VTY port settings. If this command is executed with the "no" syntax, the specified VTY ports are disabled.
| Command Reference | Maintenance and operation functions SWP2(config)#line con 0 SWP2(config-line)#exec-timeout 5 0 SWP2(config-line)# 4.9.4 Change the number of lines displayed per page for the terminal in use [Syntax] terminal length line terminal no length [Parameter] line : <0-512> Number of lines displayed per page on the terminal [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Changes the number of lines displayed per page for the terminal in use.
Command Reference | Maintenance and operation functions | 53 SWP2(config)#service terminal-length 100 SWP2(config)# 4.10 Management 4.10.1 Set management VLAN [Syntax] management interface interface no management interface [Parameter] interface : VLAN interface name [Initial value] management interface vlan1 [Input mode] global configuration mode [Description] Set the VLAN that is used for management.
| Command Reference | Maintenance and operation functions [Example] Set the SYSLOG server IPv4 address to 192.168.100.1. SWP2(config)#logging host 192.168.100.1 Set the SYSLOG server IPv6 address to fe80::2a0:deff:fe11:2233. SWP2(config)#logging host fe80::2a0:deff:fe11:2233%vlan1 4.11.
Command Reference | Maintenance and operation functions | 55 [Note] The meanings of the facility values are assigned independently on each SYSLOG server. [Example] Set the facility value of the SYSLOG message to 10. SWP2(config)#logging facility 10 4.11.4 Set log output level (debug) [Syntax] logging trap debug no logging trap debug [Initial value] no logging trap debug [Input mode] global configuration mode [Description] Output the debug level log to SYSLOG.
| Command Reference | Maintenance and operation functions [Input mode] global configuration mode [Description] Outputs the error level log to SYSLOG. If this command is executed with the "no" syntax, the log is not output. [Example] Output the error level log to SYSLOG. SWP2(config)#logging trap error 4.11.
Command Reference | Maintenance and operation functions | 57 SWP2#clear logging 4.11.10 Show log [Syntax] show logging [reverse] [Keyword] reverse : Shows the log in reverse order [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the log that records the operating status of the unit. Normally the log is shown starting with the oldest events, but the display order is reversed if "reverse" is specified. The log contains a maximum of 10,000 events.
| Command Reference | Maintenance and operation functions Setting value community : Description 1 Use SNMPv1 2c Use SNMPv2c 3 Use SNMPv3 Community name (maximum 32 characters) This can be specified if version is '1' or '2c' When both ends are enclosed in "" or '', the "" and '' at both ends are not included in the number of characters seclevel : Security level requested for authenticating the notification This can be specified only if version is '3' Setting value user : Description noaut
Command Reference | Maintenance and operation functions | 59 4.12.2 Setting the time to wait before sending a notification message at system boot [Syntax] snmp-server startup-trap-delay sec no snmp-server startup-trap-delay [Parameter] sec : <10-600> Wait time (seconds) [Initial value] snmp-server startup-trap-delay 10 [Input mode] global configuration mode [Description] Sets the time to wait before sending an SNMP notification message (trap) at system startup.
| Command Reference | Maintenance and operation functions Setting value Description coldstart When the power is turned on/off, or when firmware is updated warmstart When reload command is executed linkdown At linkdown linkup At linkup authentication When authentication fails l2ms When L2MS agent is detected or lost errdisable When ErrorDisable is detected or canceled rmon When RMON event is executed termmonitor When terminal monitoring is detected bridge When spanning tree root is de
Command Reference | Maintenance and operation functions | 61 [Example] Set the system contact to "swx_admin@sample.com". SWP2(config)#snmp-server contact swx_admin@sample.com 4.12.5 Set system location [Syntax] snmp-server location location no snmp-server location [Parameter] location : Name to register as the system location (255 characters or less) [Initial value] no snmp-server location [Input mode] global configuration mode [Description] Sets the MIB variable sysLocation.
| Command Reference | Maintenance and operation functions SWP2(config)#snmp-server community public ro Delete the "public" community. SWP2(config)#no snmp-server community public 4.12.
Command Reference | Maintenance and operation functions | 63 [Parameter] group : Group name (maximum 32 characters) seclevel : Security level required of users belonging to this group Setting value Description noauth No authentication / No encryption (noAuthNoPriv) auth Authentication / No encryption (authNoPriv) priv Authentication / Encryption (authPriv) read_view : Name of the MIB view (maximum 32 characters) that can be read by users belonging to this group write_view : Name of the MIB
| Command Reference | Maintenance and operation functions Setting value auth_pass : Description md5 HMAC-MD5-96 sha HMAC-SHA-96 Authentication password (8 or more characters, maximum 32 characters) When both ends are enclosed in "" or '', the "" and '' at both ends are not included in the number of characters priv : Encryption algorithm Setting value priv_pass : Description des DES-CBC aes AES128-CFB Encryption password (8 or more characters, maximum 32 characters) When both ends are e
Command Reference | Maintenance and operation functions | 65 Setting value permit info : Description "Permit" the condition Sets the sending source IPv4/IPv6 address information used as a condition Setting value community : Description A.B.C.D Specifies an IPv4 address (A.B.C.D) A.B.C.D/M Specifies an IPv4 address (A.B.C.
| Command Reference | Maintenance and operation functions [Description] Shows SNMP community information. Shows the community name, and access mode. [Example] Show SNMP community information. SWP2#show snmp community SNMP Community information Community Name: public Access: Read-Only Community Name: private Access: Read-Write 4.12.12 Show SNMP view settings [Syntax] show snmp view [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the contents of the SNMP view settings.
Command Reference | Maintenance and operation functions | 67 4.12.14 Show SNMP user settings [Syntax] show snmp user [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the contents of the SNMP user settings. Shows the engine ID, user name, affiliated group name, authentication method, and encryption method. [Example] Show the contents of the SNMP user settings.
| Command Reference | Maintenance and operation functions [Example] Enable RMON function. SWP2(config)#rmon enable Disable RMON function. SWP2(config)#rmon disable 4.13.
Command Reference | Maintenance and operation functions | 69 interval : <1 - 3600> Interval at which to save history group items (seconds) (historyControlInterval) (if omitted : 1800) owner : Name of history group owner (historyControlOwner) Maximum 127 characters (if omitted : RMON_SNMP) [Initial value] none [Input mode] interface mode [Description] Enables RMON history group settings for the applicable interface.
| Command Reference | Maintenance and operation functions owner : Name of event group owner (eventOwner) Maximum 127 characters (if omitted : RMON_SNMP) [Initial value] none [Input mode] global configuration mode [Description] Enables the RMON event group settings. If this command is set, it will be possible to acquire the RMON MIB's eventTable. Use the rmon alarm command to set the event group for this command. If this command is executed with the "no" syntax, the setting value is deleted.
Command Reference | Maintenance and operation functions | 71 Upper threshold value (alarmRisingThreshold) rising_event_index : <1-65535> Event index (alarmRisingEventIndex) falling_threshold : <1-2147483647> Lower threshold value (alarmFallingThreshold) falling_event_inde : x <1-65535> Event index (alarmFallingEventIndex) startup : <1-3> Threshold value used for first alarm decision (alarmStartupAlarm) Setting value Description 1 Use only upper threshold value (risingAlarm) 2 Use only lower th
| Command Reference | Maintenance and operation functions If this command is set, it will be possible to acquire the RMON MIB's alarmTable. If this command is executed with the "no" syntax, the setting value is deleted. [Note] To enable the alarm group setting of the RMON function, it is necessary to enable the system-wide RMON function in addition to this command. The MIB object specified in variable is a MIB object of the Ethernet statistical information group.
Command Reference | Maintenance and operation functions | 73 Owner RMON_SNMP event: event Index = 1 Description RMON_SNMP Event type Log Event community name RMON_SNMP Last Time Sent = 00:00:58 Owner RMON_SNMP alarm: alarm Index = 1 alarm status = VALID alarm Interval = 15 alarm Type is Absolute alarm Value = 0 alarm Rising Threshold = 10 alarm Rising Event = 1 alarm Falling Threshold = 7 alarm Falling Event = 1 alarm Startup Alarm = 3 alarm Owner is RMON_SNMP 4.13.
| Command Reference | Maintenance and operation functions history index = 1 data source ifindex = 5001 buckets requested = 50 buckets granted = 50 Interval = 1800 Owner RMON_SNMP 4.13.9 Show RMON event group status [Syntax] show rmon event [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the settings and status of the RMON event group. The following items are shown.
Command Reference | Maintenance and operation functions | 75 alarm alarm alarm alarm alarm alarm alarm alarm Type is Absolute Value = 0 Rising Threshold = 10 Rising Event = 1 Falling Threshold = 7 Falling Event = 1 Startup Alarm = 3 Owner is RMON_SNMP 4.13.11 Clear counters of the RMON Ethernet statistical information group [Syntax] rmon clear counters [Input mode] interface mode [Description] Clears the counters of the RMON Ethernet statistical information group for the applicable interface.
| Command Reference | Maintenance and operation functions [Input mode] priviledged EXEC mode [Description] Shows the settings of the Telnet server. The following items are shown. • • • • Telnet server function enabled/disabled status Listening port number VLAN interface that is permitted to access the TELNET server Filter that controls access to the TELNET server [Example] Show the settings of the Telnet server.
Command Reference | Maintenance and operation functions | 77 Setting value info : Description deny "Deny" the condition permit "Permit" the condition Specifies the transmission-source IPv4 address or IPv6 address that is the condition. Setting value Description A.B.C.D Specifies an IPv4 address (A.B.C.D) A.B.C.D/M Specifies an IPv4 address (A.B.C.
| Command Reference | Maintenance and operation functions [Initial value] none [Input mode] priviledged EXEC mode [Description] Connects to the specified host via Telnet. [Example] Connect via Telnet to port number 12345 of the host at IPv4 address 192.168.100.1. SWP2#telnet 192.168.100.1 12345 Connect via Telnet to port number 12345 of the host at IPv6 address fe80::2a0:deff:fe11:2233. SWP2#telnet fe80::2a0:deff:fe11:2233%vlan1 12345 4.15.
Command Reference | Maintenance and operation functions | 79 [Initial value] tftp-server disable [Input mode] global configuration mode [Description] Enables the TFTP server. You can also specify the listening TCP port number. If this command is executed with the "no" syntax, the TFTP server is disabled. [Example] Start the TFTP server with 12345 as the listening port number. SWP2(config)#tftp-server enable 12345 4.16.
| Command Reference | Maintenance and operation functions 4.17 HTTP server 4.17.1 Start HTTP server and change listening port number [Syntax] http-server enable [port] http-server disable no http-server [Keyword] enable : HTTP server is enabled disable : HTTP server is disabled : <1-65535> [Parameter] port Listening port number of the HTTP server (if omitted: 80) [Initial value] http-server disable [Input mode] global configuration mode [Description] Enables the HTTP server.
Command Reference | Maintenance and operation functions | 81 [Example] Start the secure HTTP server with 8080 as the listening port number. SWP2(config)#http-server secure enable 8080 4.17.3 Show HTTP server settings [Syntax] show http-server [Input mode] priviledged EXEC mode [Description] Shows the settings of the HTTP server. The following items are shown.
| Command Reference | Maintenance and operation functions no http-server access [action info] [Parameter] action : Specifies the action for the access condition Setting value info : Description deny "Deny" the condition permit "Permit" the condition Specifies the transmission-source IPv4 address or IPv6 address that is the condition. Setting value Description A.B.C.D Specifies an IPv4 address (A.B.C.D) A.B.C.D/M Specifies an IPv4 address (A.B.C.
Command Reference | Maintenance and operation functions | 83 Setting value Description japanese Japanese english English [Initial value] http-server language japanese [Input mode] global configuration mode [Description] Sets the Web GUI display language. If this command is executed with the "no" syntax, the setting returns to the default. [Example] Set the Web GUI display language to English. SWP2(config)#http-server language english 4.17.
| Command Reference | Maintenance and operation functions [Keyword] enable : SSH server is enabled disable : SSH server is disable : <1-65535> [Parameter] port Listening port of the SSH server (if omitted: 22) [Initial value] ssh-server disable [Input mode] global configuration mode [Description] Enables the SSH server. You can also specify the listening TCP port number. In order to enable the SSH server, the host key must be created in advance (ssh-server host key generate).
Command Reference | Maintenance and operation functions | 85 4.18.3 Set host that can access the SSH server [Syntax] ssh-server interface ifname no ssh-server interface ifname [Parameter] ifname : VLAN interface name [Initial value] none [Input mode] global configuration mode [Description] Sets the VLAN interface that allows access to the SSH server. If this command is executed with the "no" syntax, delete the specified interface.
| Command Reference | Maintenance and operation functions [Description] Restrict access to the SSH according to the client terminal's IPv4/IPv6 address. Up to eight instances of this command can be set, and those that are specified earlier take priority for application. If this command is set, all access that does not satisfy the registered conditions is denied. However, if this command is not set, all access is permitted.
Command Reference | Maintenance and operation functions | 87 [Description] Deletes the host RSA key and host DSA key of the SSH server. [Note] This command can be executed only if the SSH server is disabled. [Example] Delete the host RSA key and host DSA key. SWP2#clear ssh-server host key 4.18.7 Show SSH server public key [Syntax] show ssh-server host key [fingerprint] [Keyword] fingerprint : Show key fingerprint [Input mode] priviledged EXEC mode [Description] Shows the public key of the SSH server.
| Command Reference | Maintenance and operation functions | o X S | | + = * . | | o . B * . | | + o . | | * * + | |X+.@ +o= | |@*o.= o. | +----[SHA256]-----+ ssh-rsa 2048 MD5:XX:XX:b8:07:e3:5e:57:b8:80:e3:fc:b3:24:17:XX:XX +---[RSA 2048]----+ | | |...* | |*+. | | . | | . + | | | | E | | . B.. | | . oo | +------[MD5]------+ 2048 SHA256:XXXXMkUuEbkJggPD68UoR+gobWPhgu7qqXzE8iUXXXX +---[RSA 2048]----+ |*.==+ | |*o+= . . | |*=o. . S | | * S . . | | + B * o | | = = . . . | | o | | . | |.
Command Reference | Maintenance and operation functions | 89 4.19.1 Start SSH client [Syntax] ssh [user@] host [port] [Parameter] user : User name used when logging in to the remote host host : Remote host name, IPv4 address (A.B.C.
| Command Reference | Maintenance and operation functions [Description] Enables use of the ssh command as an SSH client. If this command is executed with the "no" syntax, the SSH client is disabled. [Example] Enable the SSH client. SWP2(config)#ssh-client enable 4.19.3 Clear SSH host information [Syntax] clear ssh host host [Parameter] host : Remote host name, IPv4 address (A.B.C.
Command Reference | Maintenance and operation functions | 91 Setting value username : Description over-ssl Encrypting communication ( over SSL ) starttls Encrypting communication ( STARTTLS ) User name used for SMTP authentication (64 characters or less, ? " | > and aingle-byte alphanumeric characters and symbols other than spaces) password : Passwords used for SMTP authentication (64 characters or less,? " | > and aingle-byte alphanumeric characters and symbols other than spaces) [Initial value
| Command Reference | Maintenance and operation functions 4.20.
Command Reference | Maintenance and operation functions | 93 [Parameter] server-id : <1-10> E-mail template ID [Initial value] no send server [Input mode] E-mail template mode [Description] Sets the ID of the e-mail server to be used. [Example] Specifies server ID #1 for the e-mail server used in e-mail template #1. SWP2(config)#mail template 1 SWP2(config-mail)#send server 1 4.20.
| Command Reference | Maintenance and operation functions [Note] This setting is used as the destination for event notifications, and is not used for the destinations when distributing certificates or sending notifications. [Example] Specifies “user@test.com” as the destination e-mail address for e-mail template #1. SWP2(config)#mail template 1 SWP2(config-mail)#send to user@test.com 4.20.
Command Reference | Maintenance and operation functions | 95 [Example] Sets the transmission wait time for e-mail template #1 to 60 seconds. SWP2(config)#mail template 1 SWP2(config-mail)#send notify wait-time 60 4.20.
| Command Reference | Maintenance and operation functions [Note] Example of e-mail body text used when sending notifications beforehand about expired term of validity for RADIUS server client certificates --------------------------------Your certificate will expire in [X] days.
Command Reference | Maintenance and operation functions | 97 SWP2#show mail information 1 Template ID : 1 Notify trigger : lan-map, terminal, stack LAN map notices : hardware/loop/sfp-power/queue-usage/poe/snapshot/l2ms Server host : smtp-server.com Server port : 25 Encryption : STARTTLS Wait time : 30 sec Mail address (from) : sample@test.com Mail address (to) : user1@test.com user2@test.com user3@test.com user4@test.com 4.21 LLDP 4.21.
| Command Reference | Maintenance and operation functions [Description] Sets the system description used by the LLDP function. If this command is executed with the "no" syntax, the setting returns to the default. By default, this is "model name + firmware revision". [Example] Set the system description to SWITCH1_POINT_A. SWP2(config)#lldp system-description SWITCH1_POINT_A 4.21.
Command Reference | Maintenance and operation functions | 99 4.21.
| Command Reference | Maintenance and operation functions [Input mode] LLDP agent mode [Description] Sets the LLDP frame transmission/reception mode for the applicable interface. If you specify set lldp disable, LLDP frames are not transmitted or received. If this command is executed with the "no" syntax, the setting returns to the default. [Example] Set the LLDP transmission/reception mode of LAN port #1 to receive-only. SWP2(config)#lldp run SWP2(config)#interface port1.
Command Reference | Maintenance and operation functions | 101 This command adds the following TLVs to LLDP frames. (1) Port Description TLV : Description of port (2) System Name TLV : Name of system (3) System Description TLV : Description of system (4) System Capabilities TLV : System capabilities (5) Management Address TLV : Management address of port (MAC address or IP address) [Example] Add basic management TLVs to the LLDP frames that are transmitted on LAN port #1.
| Command Reference | Maintenance and operation functions This command adds the following TLVs to LLDP frames. (1) MAC/PHY Configuration/Status : Auto-negotiation support information (2) Power Via MDI : PoE information (only for models with PoE function) (3) Link Aggregation : Link aggregation information (4) Maximum Frame Size : Maximum frame size [Example] Add IEEE-802.3 TLVs to the LLDP frames that are transmitted on LAN port #1. SWP2(config)#lldp run SWP2(config)#interface port1.
Command Reference | Maintenance and operation functions | 103 [Description] Sets LLDP frame transmission interval. If this command is executed with the "no" syntax, the setting returns to the default. [Example] Set 60 seconds as the LLDP frame transmission interval on LAN port #1. SWP2(config)#lldp run SWP2(config)#interface port1.1 SWP2(config-if)#lldp-agent SWP2(lldp-agent)#set timer msg-tx-interval 60 4.21.
| Command Reference | Maintenance and operation functions [Example] Set 10 seconds as the time from when LLDP frame transmission stops on LAN port #1 until re-initialization occurs. SWP2(config)#lldp run SWP2(config)#interface port1.1 SWP2(config-if)#lldp-agent SWP2(lldp-agent)#set timer reinit-delay 10 4.21.
Command Reference | Maintenance and operation functions | 105 SWP2(config)#lldp run SWP2(config)#interface port1.1 SWP2(config-if)#lldp-agent SWP2(lldp-agent)#set tx-fast-init 2 4.21.
| Command Reference | Maintenance and operation functions If this setting is enabled, set the transmission and reception mode of the specified LLDP frames. [Note] This command can be executed only for global configuration mode. This command is for making the LLDP setting of each interface, and is not shown in running-config. [Example] Enable the LLDP function of all LAN/SFP+ port, and set a mode that allows transmission and reception of LLDP frames. SWP2(config)#lldp interface enable txrx 4.21.
Command Reference | Maintenance and operation functions | 107 System name System Description System description Port Description Port description System Capabilities System capabilities Interface Numbering Type of interface number Interface Number Number of interface OID Number OID number Management Address MAC address os IP addresss • System Name Mandatory TLV information CHASSIS ID TYPE CHASSIS ID TLV type and value PORT ID TYPE PORT ID TLV type and value TTL (Time To Live) Time to
| Command Reference | Maintenance and operation functions MED Tag/Untag VLAN tagged or untagged MED L2 Priority L2 priority order MED DSCP Val DSCP value priority order MED Location Data Format Format of location data Latitude Res Resolution of latitude (number of significant upper bits) Latitude Latitude (34 bits) Longitude Res Resolution of longitude (number of significant upper bits) Longitude Longitude (34 bits) AT Altitude type 1: meter 2: floor of building Altitude Res Resolutio
Command Reference | Maintenance and operation functions | 109 4.21.20 Show information for connected devices of all interfaces [Syntax] show lldp neighbors [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows information for connected devices of all interfaces. (For the display format, refer to the show lldp interface ifname neighbor command) [Example] Show information for connected devices. SWP2#show lldp neighbors Interface Name : port1.
| Command Reference | Maintenance and operation functions AT Altitude Res Altitude Datum LCI length What Country Code CA type MED Inventory : : : : : : : : 0 0 0 0 0 0 0 0 SWP2# 4.21.21 Clear LLDP frame counters [Syntax] clear lldp counters [Input mode] priviledged EXEC mode [Description] Clear the LLDP frame counter of all ports. [Example] Clear the LLDP frame counter. SWP2>clear lldp counters 4.22 L2MS (Layer 2 management service) settings 4.22.
Command Reference | Maintenance and operation functions | 111 [Example] Prevent port1.5 from transmitting or receiving L2MS control frames. SWP2(config)#interface port1.5 SWP2(config-if)#l2ms filter enable 4.22.2 Show L2MS information [Syntax] show l2ms [detail] [Keyword] detail : Also show detailed information [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the following information.
| Command Reference | Maintenance and operation functions 4.23.2 Set whether to include terminals in the snapshot comparison [Syntax] snapshot trap terminal [except-wireless] no snapshot trap terminal [Keyword] except-wireless : Information for wirelessly connected terminals is excluded from the snapshot comparison. [Initial value] no snapshot trap terminal [Input mode] global configuration mode [Description] Terminal information is included in the snapshot comparison.
Command Reference | Maintenance and operation functions | 113 [Description] Deletes the snapshot file. [Example] Delete the snapshot file. SWP2#snapshot delete 4.24 Firmware update 4.24.1 Set firmware update site [Syntax] firmware-update url url no firmware-update url [Parameter] url : Single-byte alphanumeric characters and single-byte symbols (255 characters or less) URL at which the firmware is located [Initial value] firmware-update url http://www.rtpro.yamaha.co.jp/firmware/revision-up/swp2.
| Command Reference | Maintenance and operation functions [Initial value] no firmware-update http-proxy [Input mode] global configuration mode [Description] Configure the HTTP proxy server used when updating firmware using a firmware file located on the web server. If no HTTP proxy server is configured, the firmware update will be performed without going through the HTTP proxy server. The port number must also be explicitly configured.
Command Reference | Maintenance and operation functions | 115 [Parameter] time : <100-86400> Timeout time (seconds) [Initial value] firmware-update timeout 300 [Input mode] global configuration mode [Description] Specifies the timeout duration when downloading firmware from a web server. If this command is executed with the "no" syntax, the setting returns to the default. [Example] Set the firmware download timeout duration to 120 seconds. SWP2(config)#firmware-update timeout 120 SWP2(config)# 4.24.
| Command Reference | Maintenance and operation functions SWP2#show firmware-update url: http://www.rtpro.yamaha.co.jp/firmware/revision-up/swp2.bin http-proxy: timeout: 300 (seconds) revision-down: Disable firmware revision for next boot: reload-time: SWP2# 4.24.
Command Reference | Maintenance and operation functions | 117 Month/day time : Month setting examples Setting contents 1 January 1.2 January and February 2- From February to December 2-7 From February to July -7 From January to July * Monthly Day setting examples Setting contents 1 One day 1.
| Command Reference | Maintenance and operation functions Schedule template number [Initial value] None [Input mode] global configuration mode [Description] When setting the schedule using “time,” this executes the actions listed in the specified schedule template at the specified time(s). When setting the schedule using “event,” this executes the actions listed in the specified schedule template when the specified events occur.
Command Reference | Maintenance and operation functions | 119 [Parameter] switch : Schedule template settings Setting value Description enable Enable schedule template disable Disable schedule template [Initial value] action enable [Input mode] Schedule template mode [Description] This enables or disables the schedule template. Specifying “disable” with this command makes it possible to stop execution of actions due to trigger startup.
| Command Reference | Maintenance and operation functions command : Command [Initial value] None [Input mode] Schedule template mode [Description] This sets the commands to be executed when the trigger for a schedule function starts. If this command is executed with the "no" syntax, commands with the specified numbers are deleted.
Command Reference | Maintenance and operation functions | 121 The host name specified by this command is used as the command prompt. If SNMP access is possible, this is used as the value of the MIB variable sysName. If this command is executed with the "no" syntax, the setting returns to the default value. [Example] Set the host name as "yamaha." SWP2(config)#hostname yamaha yamaha(config)# 4.26.2 Reload system [Syntax] reload restart [Input mode] priviledged EXEC mode [Description] Reboots the system.
| Command Reference | Maintenance and operation functions Setting value Description link-act LINK/ACT mode vlan VLAN mode off OFF mode [Initial value] led-mode default link-act [Input mode] global configuration mode [Description] Set the default LED mode. When you execute this command, the LEDs are lit in the specified mode. The LEDs are lit in the specified mode even when a loop is detected in STATUS mode and the loop status has been resolved.
Command Reference | Maintenance and operation functions | 123 4.26.7 Show port error LED status [Syntax] show error port-led [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the ID of ports that are generating an error, and the following error causes.
| Command Reference | Interface control Chapter 5 Interface control 5.1 Interface basic settings 5.1.1 Set description [Syntax] description line no description [Parameter] line : Single-byte alphanumeric characters and single-byte symbols (80characters or less) Description of the applicable interface [Initial value] no description [Input mode] interface mode [Description] Specifies a description of the applicable interface.
Command Reference | Interface control | 125 no speed-duplex [Parameter] type : Speed and duplex mode types Speed and duplex mode types Description auto Auto negotiation 10000-full 10Gbps/Full 1000-full 1000Mbps/Full 100-full 100Mbps/Full 100-half 100Mbps/Half 10-full 10Mbps/Full 10-half 10Mbps/Half [Initial value] speed-duplex auto [Input mode] interface mode [Description] Sets the speed and duplex mode. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Interface control [Example] Set the LAN port #1 mru to 9000 bytes. SWP2(config)#interface port1.1 SWP2(config-if)#mru 9000 5.1.
Command Reference | Interface control | 127 If this command is executed with the "no" syntax, EEE is disabled. [Note] This command can be specified only for LAN port. When this command is used to change the settings, link-down temporarily occurs for the corresponding interface. [Example] Enable EEE for LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#eee enable 5.1.
| Command Reference | Interface control [Description] Shows the EEE status of the specified interface. The following items are shown. Item Description interface Interface name EEE(efficient-ethernet) Whether EEE is enabled Rx LPI Status Low-power mode status of the receiving unit Tx LPI Status Low-power mode status of the transmitting unit Wake Error Count Error count [Example] Show EEE status of LAN port #1. [If EEE is disabled] SWP2#show eee status interface port1.1 interface:port1.
Command Reference | Interface control | 129 Traffic direction Description both Both receiver and transmitter receive Receiver transmit Transmitter [Initial value] none [Input mode] interface mode [Description] Mirrors the traffic specified by direct, with the applicable interface as the sniffer port and ifname as the monitored port. If this command is executed with the "no" syntax, the mirroring setting is deleted. [Note] This command can be specified only for LAN/SFP+ port.
| Command Reference | Interface control 5.1.11 Show interface status [Syntax] show interface [ type [ index ] ] [Parameter] type : Interface type Interface type index : Description port Physical interface vlan VLAN interface sa Static logical interface po LACP logical interface Index number Interface ID Description 1.X Specifies the number printed on the chassis (X). <1-4094> Specify the VLAN ID. <1-96> Speciffy the static logical interface number.
Command Reference | Interface control | 131 Item Description Mode of the switchport Switchport mode • • access : untagged trunk : tagged Status of ingress filtering Ingress filter • • enable : enabled disable : disabled Frame types that can be received • Acceptable frame types • all : All frames are received (regardless of whether they are tagged or untagged) vlan-tagged only : Only frames with a VLAN tag are received VLAN ID that handles untagged frames • Default Vlan • • • List of the VLAN IDs
| Command Reference | Interface control Auto MDI/MDIX: on Vlan info: Switchport mode : Ingress filter : Acceptable frame types : Default Vlan : Configured Vlans : Interface counter: input packets : bytes : multicast packets: output packets : bytes : multicast packets: broadcast packets: drop packets : access enable all 1 1 320 25875 301 628 129895 628 0 0 Show the status of VLAN #1.
Command Reference | Interface control | 133 Item Description Type of associated logical interface *1 • • Port Ch (S) : Static logical interface (P) : LACP logical interface ID of associated logical interface Description Description of interface *1 Shown only for physical interface *2 hown only for physical interface and logical interface [Example] Show brief interface status.
| Command Reference | Interface control [Example] Reset LAN port #1 SWP2#interface reset port1.1 5.1.14 Show frame counter [Syntax] show frame-counter [ifname] [Parameter] ifname : Interface name of the LAN/SFP+ port Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows frame counter information for the interface specified by ifname. If ifname is omitted, shows information for all interfaces. The following items are shown.
Command Reference | Interface control | 135 *1 Varies depending on the MRU of each interface. *2 Shows the transmission information when tail dropping is enabled, and the information only for reception when tail dropping is disabled. [Example] Show the frame counter of LAN port #1. SWP2#show frame-counter port1.1 Interface port1.
| Command Reference | Interface control 5.1.16 Show SFP+ module status [Syntax] show ddm status [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the status of the SFP+ module. For each item, shows the current value, upper threshold value, and lower threshold value for each SFP+ port.
Command Reference | Interface control | 137 Setting value Description enable Enables SFP+ module optical reception level monitoring disable Disables SFP+ module optical reception level monitoring [Initial value] sfp-monitor rx-power enable [Input mode] global configuration mode [Description] Sets the monitoring of SFP+ module optical reception levels. [Example] Disable SFP+ module optical reception level monitoring. SWP2(config)#sfp-monitor rx-power disable 5.1.
| Command Reference | Interface control [Parameter] action : Configuration for transmission queue usage rate monitoring of the target interface Setting value Description enable Enable transmission queue usage rate monitoring of the target interface disable Disable transmission queue usage rate monitoring of the target interface [Initial value] tx-queue-monitor usage-rate enable [Input mode] interface mode [Description] Enable or disable transmission queue usage rate monitoring of the target inte
Command Reference | Interface control | 139 5.2 Link aggregation 5.2.1 Set static logical interface [Syntax] static-channel-group link-id no static-channel-group [Parameter] link-id : <1-96> static logical interface number [Input mode] interface mode [Description] Associates the applicable interface with the static logical interface specified by link-id. If this command is executed with the "no" syntax, the applicable interface is dissociated from the static logical interface.
| Command Reference | Interface control SWP2#show static-channel-group % Static Aggregator: sa5 % Load balancing: src-dst-mac % Member: port1.1 port1.2 port1.3 port1.4 5.2.3 Set LACP logical interface [Syntax] channel-group link-id mode mode no channel-group [Parameter] link-id : <1-127> LACP logical interface number mode : Operation mode mode Description active Operate LACP in active mode. In active mode, it actively sends LACP frames to the other device.
Command Reference | Interface control | 141 The MSTP settings also return to the default values if the LAN/SFP+ port is removed from the LACP logical interface. It is not possible to associate a single LAN/SFP+ port with multiple logical interface units. You must use the "no" syntax to first remove it before associating it with a different logical interface. [Example] Associate LAN port #1 in ACTIVE mode with LACP logical interface #10. SWP2(config)#interface port1.
| Command Reference | Interface control Item Description Status of the LACP protocol Receive machine transition variable Mux machine state • • • • "Detached" "Waiting" "Attached" "Collecting/Distributing" Usage status Selection • • • "Selected" "Unselectedic" "Standby" Information Refer to the table below (Actor is self, Partner is other party) Aggregator ID Distinguishing ID on LACP Information shows the following items.
Command Reference | Interface control | 143 Defaulted Expired 0 0 0 0 5.2.5 Set LACP system priority order [Syntax] lacp system-priority priority no lacp system-priority [Parameter] priority : <1-65535> LACP system priority irder Lower numbers have higher priority [Initial value] lacp system-priority 32768 [Input mode] global configuration mode [Description] Sets the LACP system priority order. If this command is executed with the "no" syntax, the setting returns to the default value.
| Command Reference | Interface control [Parameter] switch : Different-speed link aggregation function enable/disable settings Setting value Description enable Enabling different-speed link aggregation disable Disabling different-speed link aggregation [Initial value] lacp multi-speed disable [Input mode] global configuration mode [Description] Enables or disables different-speed link aggregation in an LACP.
Command Reference | Interface control | 145 LACP timeout indicates the time since the last LACP frame received from the other device, after which it is determined that the link has gone down. The LACP timeout setting is placed in a LACP frame and sent to the other device; after receiving this, the other device will transmit LACP frames at intervals of 1/3 of this LACP timeout.
| Command Reference | Interface control port1.4 port1.5 309 186 1350 186 0 0 0 0 0 0 0 0 5.2.
Command Reference | Interface control | 147 [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the status of the LACP logical interface specified by link-id. If link-id is omitted, shows the status of all LACP logical interface. If summary is specified, an abbreviated display is shown; if detail is specified, details are shown. sIf both summary and detail are omitted, the result is as though summary was specified. The following items are shown.
| Command Reference | Interface control Aggregator po1 ID 4601 Status Ready Partner LAG 0x8000, 00-a0-de-11-11-11 Partner Key 0001 Link count 1/ 1 Aggregator po2 ID 4602 Status Not ready Partner LAG 0x8000, 00-a0-de-11-11-11 Partner Key 0001 Link count 0/ 1 Aggregator po127 ID 4727 Status Not ready Partner LAG 0x8000, 00-a0-de-11-11-11 Partner Key 0001 Link count 0/ 1 SWP2#show etherchannel status detail Aggregator po1 ID 4601 Status Ready Actor LAG 0x8000, 00-a0-de-e0-e0-e0 Admin Key 0001 Partner LAG 0
Command Reference | Interface control | 149 [Description] Sets the LACP port priority order. If this command is executed with the "no" syntax, the setting returns to the default value. [Note] If up to eight LAN/SFP+ ports are combined into an LACP logical interface, they are immediately combined into the LACP logical interface; ports in excess of eight are standby ports used in case of a malfunction.
| Command Reference | Interface control If this command is executed with the "no" syntax, disables MAC authentication for the entire system. Use a RADIUS server for authentication on which the radius-server host command has been configured. [Note] In order to actually use MAC authentication, you need to enable MAC authentication on the applicable interface as well. (authmac enable command) [Example] Enable MAC authentication for the entire system. SWP2(config)#aaa authentication auth-mac 5.3.
Command Reference | Interface control | 151 If this command is executed with the "no" syntax, the IEEE 802.1X authentication function will be disabled for the applicable interface. [Note] This command can be specified only for both LAN/SFP+ port and logical interface. [Example] This command can be specified only for LAN/SFP+ port. SWP2(config)#interface port1.1 SWP2(config-if)#dot1x port-control auto 5.3.5 Set for forwarding control on an unauthenticated port for IEEE 802.
| Command Reference | Interface control Maximum number of times EAPOL packets are transmitted [Initial value] dot1x max-auth-req 2 [Input mode] interface mode [Description] Sets the maximum value for the EAPOL packet transmission count for the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for both LAN/SFP+ port and logical interface.
Command Reference | Interface control | 153 Setting value case : Format hyphen xx-xx-xx-xx-xx-xx colon xx:xx:xx:xx:xx:xx unformatted xxxxxxxxxxxx Specify upper or lowercase Setting value Description lower-case Lower case(a~f) upper-case Upper case(A~F) [Initial value] auth-mac auth-user hyphen lower-case [Input mode] global configuration mode [Description] Changes the format of the user name and password used for authentication during MAC authentication.
| Command Reference | Interface control Static registrations (authentication information) can be cleared with the clear auth state command or the auth clear-state time command. To use this command, the MAC authentication function must be enabled on the target interface. (auth-mac enable command) [Example] Enable static registration of MAC authentication for LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#auth-mac static enable 5.3.
Command Reference | Interface control | 155 Operation mode Description single-host This mode allows communications for only one supplicant per port. Only the first supplicant that passes authentication is allowed. multi-host This mode allows communication with multiple supplicants for each port. If the first supplicant passes authentication, all other supplicants of the same port will be allowed to communicate without authentication.
| Command Reference | Interface control [Note] This command can only be set for LAN/SFP+ port and logical interface. Regardless of this setting, Web authentication is performed when an ID/Password is entered on the Web authentication screen. If the IEEE 802.1X authentication, MAC authentication, or Web authentication setting is disabled, that authentication method is not performed. To use this command, the port authentication function must be enabled on the target interface.
Command Reference | Interface control | 157 For interfaces on which dynamic VLAN is enabled, the associated VLAN is actively changed based on the property (TunnelPrivate-Group-ID) specified by the RADIUS server. [Note] This command can be specified only for both LAN/SFP+ port and logical interface. Changing the settings for this command will make the authentication state return to the default. When using dynamic VLAN in multi-supplicant mode, the VLAN can be specified for individual supplicants.
| Command Reference | Interface control [Initial value] auth timeout quiet-period 60 [Input mode] interface mode [Description] Sets the period during which authentication is suppressed for the applicable interface after authentication fails. If this command is executed with the "no" syntax, the setting returns to the default. All packets received during the authentication suppression period will be discarded. [Note] This command can be specified only for both LAN/SFP+ port and logical interface.
Command Reference | Interface control | 159 [Initial value] auth timeout server-timeout 30 [Input mode] interface mode [Description] Sets the reply wait time for the RADIUS server overall when authenticating a port of the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for both LAN/SFP+ port and logical interface.
| Command Reference | Interface control timeout : Sets the reply standby time for requests sent to the RADIUS server retransmit : Sets the number of times to resend the request to the RADIUS server key : Sets the password used for communicating with the RADIUS server : IPv4 address (A.B.C.D) or IPv6 address (X:X::X:X) [Parameter] host When specifying an IPv6 link local address, the transmitting interface also needs to be specified (fe80::X%vlanN format).
Command Reference | Interface control | 161 [Parameter] time : <1-1000> Standby time for replying to requests (seconds) [Initial value] radius-server timeout 5 [Input mode] global configuration mode [Description] Sets the reply wait time for each RADIUS server. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Interface control [Parameter] secret : Shared password Single-byte alphanumeric characters, and single-byte symbols other than the characters '?' and spaces (128 characters or less) [Initial value] no radius-server key [Input mode] global configuration mode [Description] Sets the shared password used when communicating with a RADIUS server. If this command is executed with the "no" syntax, the setting returns to the default.
Command Reference | Interface control | 163 [Input mode] global configuration mode [Description] Specifies a desired text string that is sent as the NAS-Identifier attribute to the RADIUS server for port authentication. If this setting is made, it is notified to RADIUS server as the NAS-Identifier attribute. If this setting is deleted, notification is stopped. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Interface control Interface port1.4 (down) 802.
Command Reference | Interface control | 165 SWP2#show auth statistics interface port1.1 Interface port1.1 EAPOL frames: Received frames : 11 EAPOL Start : 1 EAPOL Logoff : 0 EAP Response ID : 1 EAP Response : 9 Invalid EAPOL : 0 EAP Length error : 0 Last EAPOL version : 1 Last EAPOL source : 0011.2233.
| Command Reference | Interface control Authentication Port Secret Key Timeout Retransmit Count Deadtime : : : : : 1812 abcde 10 sec 5 0 min Server Host : 192.168.100.102 Authentication Port : 1645 Secret Key : fghij Timeout : 5 sec Retransmit Count : 3 Deadtime : 0 min 5.3.
Command Reference | Interface control | 167 [Example] Clear the authentication state for supplicants connected to LAN port #1. SWP2#clear auth state interface port1.1 5.3.
| Command Reference | Interface control 5.3.35 Set EAP pass through [Syntax] pass-through eap switch no pass-through eap [Parameter] switch : Behavior EAP pass through Setting value Description enable Enable the EAP pass through disable Disable the EAP pass through [Initial value] pass-through eap enable [Input mode] global configuration mode [Description] Enables/disables EAP pass-through, specifying whether EAPOL frames are forwarded. If "disable" is specified, EAP frames are discarded.
Command Reference | Interface control | 169 [Example] Enable port security for LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#port-security enable 5.4.2 Register permitted MAC addresses [Syntax] port-security mac-address no port-security mac-address [Initial value] none [Input mode] global configuration mode [Description] Registers MAC addresses that are allowed to communicate on ports for which port security has been enabled.
| Command Reference | Interface control [Input mode] priviledged EXEC mode [Description] Shows the port security information. [Example] Show the port security information. SWP2#show port-security status Port Security Action Status Last violation -------- --------- --------- --------- ----------------port1.1 Enabled Discard Blocking 00a0.de00.0003 port1.2 Disabled Discard Normal port1.3 Disabled Discard Normal port1.4 Disabled Discard Normal port1.5 Disabled Discard Normal port1.
Command Reference | Interface control | 171 SWP2(config)#errdisable auto-recovery bpduguard interval 600 Disable automatic recovery after loop detection has caused the errdisable state. SWP2(config)#no errdisable auto-recovery loop-detect 5.5.2 Show error detection function information [Syntax] show errdisable [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows information for the error detection function. The following items are shown.
| Command Reference | Layer 2 functions Chapter 6 Layer 2 functions 6.1 FDB (Forwarding Data Base) 6.1.
Command Reference | Layer 2 functions | 173 [Example] Set the dynamic entry ageing time to 400 seconds. SWP2(config)#mac-address-table ageing-time 400 6.1.
| Command Reference | Layer 2 functions ifname : Setting value Description forward Forward discard Discard Name of LAN/SFP+ port or logical interface Applicable interface vlan-id : <1-4094> Applicable VLAN ID [Initial value] none [Input mode] global configuration mode [Description] Registers a static entry in the MAC address table. If action is specified as "forward," received frames that match the specified MAC address and VLAN ID are forwarded to the specified interface.
Command Reference | Layer 2 functions | 175 SWP2>show mac-address-table VLAN port mac 1 port1.1 00a0.de11.2233 1 sa1 1803.731e.8c2b 1 sa2 782b.cbcb.218d fwd forward forward forward type static dynamic dynamic timeout 0 300 300 6.1.
| Command Reference | Layer 2 functions 6.2.
Command Reference | Layer 2 functions | 177 type : Type of private VLAN Setting value Description primary Primary VLAN community Secondary VLAN (community VLAN) isolated Secondary VLAN (isolated VLAN) [Initial value] none [Input mode] VLAN mode [Description] Uses vlan-id as a private VLAN. If this command is executed with the "no" syntax, the private VLAN setting is deleted, and it is used as a conventional VLAN.
| Command Reference | Layer 2 functions [Initial value] none [Input mode] VLAN mode [Description] Specify the association of the secondary VLAN (isolated VLAN, community VLAN) with the primary VLAN of the private VLAN. By specifying "add," specify the association of the vlan-id with the 2nd-vlan-ids. By specifying "remove," remove the association of the vlan-id and the 2nd-vlan-ids. If this command is executed with the "no" syntax, all associations to the primary VLAN are deleted.
Command Reference | Layer 2 functions | 179 [Parameter] vlan-id : <1-4094> Associated VLAN ID [Initial value] switchport access vlan 1 [Input mode] interface mode [Description] Sets the VLAN ID that is associated as an access port with the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be set only for a LAN/SFP+ port or logical interface for which the switchport mode access command is set.
| Command Reference | Layer 2 functions To specify the VLAN ID that is associated as a trunk port, use the switchport trunk allowed vlan command. To specify the native VLAN, use the switchport trunk native vlan command. [Example] Set LAN port #1 as a trunk port. SWP2(config)#interface port1.1 SWP2(config-if)#switchport mode trunk 6.2.
Command Reference | Layer 2 functions | 181 • • If you use the switchport trunk native vlan command to specify a VLAN ID that was associated by this command, it is removed from the specified VLAN ID. If you specify and associate a VLAN ID that was set by the switchport trunk native vlan command, switchport trunk native vlan none is set.
| Command Reference | Layer 2 functions 6.2.10 Set private VLAN port type [Syntax] switchport mode private-vlan port-type no switchport mode private-vlan port-type [Parameter] port-type : Port mode Setting value Description promiscuous Promiscuous port host Host port [Initial value] none [Input mode] interface mode [Description] Specifies the private VLAN port type for the applicable interface.
Command Reference | Layer 2 functions | 183 [Description] Specifies the primary VLAN that is associated as the host port of the private VLAN for the applicable interface, and associates the secondary VLAN. If this is executed with the "no" syntax, the setting of the primary VLAN associated as the host port of the applicable interface, and the association of the secondary VLAN, are deleted.
| Command Reference | Layer 2 functions [Note] This command can be set only for a LAN/SFP+ port that has been set as a promiscuous port by the switchport mode privatevlan command. In addition, it can also be set for the following interfaces that are specified as promiscuous ports. • • Interface that is operating as a trunk port logical interface pri-vlan-id and 2nd-vlan-ids must be associated by the private-vlan association command.
Command Reference | Layer 2 functions | 185 6.2.14 Set CoS value for voice VLAN [Syntax] switchport voice cos value no switchport voice cos [Parameter] value : <0-7> CoS value to specify for connected device [Initial value] switchport voice cos 5 [Input mode] interface mode [Description] Specify the CoS value to use for voice traffic by the connected device. The connected device is notified of the setting via LLDP-MED in the following cases. • • Voice VLAN is specified for the corresponding port.
| Command Reference | Layer 2 functions [Parameter] group-ids : <1-256> Multiple VLAN group ID To specify multiple items, use "-" or "," as shown below • • To select from group #2 through group #4: 2-4 To select group #2 and group #4: 2,4 [Initial value] none [Input mode] interface mode [Description] Specify the group of multiple VLAN. If a group is specified for the interface, the corresponding interface can communicate only with interfaces of the same multiple VLAN group.
Command Reference | Layer 2 functions | 187 If this command is executed with the "no" syntax, the setting returns to the default. The name that was set is shown with the show vlan multiple-vlan command. [Example] Set multiple VLAN group #10 with the name "Network1". SWP2(config)#multiple-vlan group 10 name Network1 6.2.
| Command Reference | Layer 2 functions Item Description Name Name of the VLAN VLAN status (whether frames are forwarded) State • • ACTIVE : forwarded SUSPEND : not forwarded Interfaces associated with the VLAN ID Member ports • • (u) : Access port (untagged port) (t) : Trunk port (tagged port) [Example] Show all VLAN information.
Command Reference | Layer 2 functions | 189 Multiple VLAN group ID [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the setting status for multiple VLAN groups. If the "group" specification is omitted, all groups that are actually assigned to the interface are shown. The setting state of the YMPI frame transmission function is also displayed. [Example] Shows the setting status for multiple VLAN groups.
| Command Reference | Layer 2 functions [Description] Sets the forward delay time. If this command is executed with the "no" syntax, the setting returns to the default. [Note] The setting of this command must satisfy the following conditions. 2 x (hello time + 1) <= maximum aging time <= 2 x (forward delay time - 1) The maximum aging time can be set by the spanning-tree max-age command. The hello time is always 2 seconds, and cannot be changed. [Example] Set the forward delay time to 10 seconds.
Command Reference | Layer 2 functions | 191 [Input mode] global configuration mode [Description] Sets the bridge priority. Lower numbers have higher priority. If this command is executed with the "no" syntax, the setting returns to the default. [Note] In the case of MSTP, this is the setting for CIST (instance #0). [Example] Set the bridge priority to 4096. SWP2(config)#spanning-tree priority 4096 6.3.
| Command Reference | Layer 2 functions [Input mode] interface mode [Description] Sets the link type for the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for LAN/SFP+ port and logical interface. It is not possible to specify this command for a LAN/SFP+ port that is associated to a logical interface.
Command Reference | Layer 2 functions | 193 Setting value Description enable Enables BPDU guard disable Disables BPDU guard [Initial value] spanning-tree bpdu-guard disable [Input mode] interface mode [Description] Sets BPDU guard for the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for LAN/SFP+ port and logical interface.
| Command Reference | Layer 2 functions It is not possible to specify this command for a LAN/SFP+ port that is associated to a logical interface. If a LAN/SFP+ port is associated with a logical interface, the setting of this command for the corresponding LAN/SFP+ port returns to the default. [Example] Set the path cost of LAN port #1 to 100000. SWP2(config)#interface port1.1 SWP2(config-if)#spanning-tree path-cost 100000 6.3.
Command Reference | Layer 2 functions | 195 If a LAN/SFP+ port is associated with a logical interface, the setting of this command for the corresponding LAN/SFP+ port returns to the default. [Example] Set LAN port #1 as the edge port. SWP2(config)#interface port1.1 SWP2(config-if)#spanning-tree edgeport 6.3.
| Command Reference | Layer 2 functions Item Description Configured Path Cost Path cost setting of the interface Add type Explicit ref count Number of STP domains associated with the interface Designated Port Id ID of the designated port Priority Priority of the interface Root Root bridge identifier. This consists of the root bridge priority (the first four hexadecimal digits) and MAC address Designated Bridge Bridge identifier.
Command Reference | Layer 2 functions | 197 % port1.1: % port1.1: % port1.1: % port1.1: timer 0 % port1.1: % port1.1: % port1.1: % port1.1: % port1.1: % port1.1: % port1.1: % port1.
| Command Reference | Layer 2 functions % % % % % % Message Age Timer Message Age Timer Value Topology Change Timer Topology Change Timer Value Hold Timer Hold Timer Value % Other Port-Specific Info -----------------------% Max Age Transitions % Msg Age Expiry % Similar BPDUS Rcvd % Src Mac Count % Total Src Mac Rcvd % Next State % Topology Change Time : : : : : : INACTIVE 0 INACTIVE 0 INACTIVE 0 : : : : : : : 1 0 0 0 3 Discard/Blocking 0 % Other Bridge information & Statistics ------------------
Command Reference | Layer 2 functions | 199 [Description] Moves to MST mode in order to make MST instance and MST region settings. [Note] To return from MST mode to global configuration mode, use the exit command. To return to priviledged EXEC mode, use the end command. [Example] Move to MST mode. SWP2(config)#spanning-tree mst configuration SWP2(config-mst)# 6.3.
| Command Reference | Layer 2 functions If this command is executed with the "no" syntax, the VLAN association for the MST instance is deleted. If as a result of this deletion, not even one VLAN is associated with the MST instance, the MST instance is deleted. If you specify an MST instance that has not been generated, the MST instance will also be generated. [Note] You cannot specify a VLAN ID that is associated with another MST instance. [Example] Associate VLAN #2 with MST instance #1.
Command Reference | Layer 2 functions | 201 [Example] Set the MST region name to "Test1". SWP2(config)#spanning-tree mst configuration SWP2(config-mst)#region Test1 6.3.20 Set revision number of MST region [Syntax] revision revision [Parameter] revision : <0-65535> Revision number [Initial value] revision 0 [Input mode] MST mode [Description] Sets the revision number of the MST region. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Layer 2 functions 6.3.
Command Reference | Layer 2 functions | 203 [Description] Sets the path cost of the applicable interface on an MST instance. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for LAN/SFP+ port and logical interface. It is not possible to specify this command for a LAN/SFP+ port that is associated to a logical interface.
| Command Reference | Layer 2 functions [Example] Show MSTP information.
Command Reference | Layer 2 functions | 205 [Keyword] interface : Specifies the interface to show : <1-15> [Parameter] instance-id ID of generated MST interface ifname : Name of LAN/SFP+ port or logical interface Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode, interface mode [Description] Shows information for the specified MST instance. If "interface" is omitted, information is shown for all interfaces that are assigned the specified MST instance.
| Command Reference | Layer 2 functions If this command is executed with the "no" syntax, the setting returns to the default. [Note] The spanning tree function and the loop detection function can be used together on the entire system. In order to enable the loop detection function, the loop detection function must be enabled on the interface in addition to this command. Even if the loop detection function is enabled, the loop detection function does not operate on the following interfaces.
Command Reference | Layer 2 functions | 207 LPD disabled System LPD enabled STP disabled - - - - STP enabled - STP - STP STP disabled - - LPD LPD STP enabled - STP LPD STP [Example] Enable the loop detection function of LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#loop-detect enable Disable the loop detection function of LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#loop-detect disable 6.4.
| Command Reference | Layer 2 functions [Initial value] None [Input mode] global configuration mode [Description] Normally, Blocking is released immediately when the loop is cleared. When this command is configured, it detects if the loop is cleared at regular intervals. If the loop is cleared, Blocking is released, but if the loop is not cleared, Blocking continues until that time passes again. If this command is executed with the "no" syntax, the setting returns to the default.
Command Reference | Layer 2 functions | 209 port loop-detect port-blocking status ------------------------------------------------------port1.1 enable(*) enable Detected port1.2 enable(*) enable Blocking port1.3 enable(*) enable Normal port1.4 enable(*) disable Normal port1.5 enable(*) enable Normal port1.6 enable(*) enable Shutdown port1.7 disable enable -----: : : : ------------------------------------------------------(*): Indicates that the feature is enabled.
| Command Reference | Layer 3 functions Chapter 7 Layer 3 functions 7.1 IPv4 address management 7.1.1 Set IPv4 address [Syntax] ip address ip_address/mask [secondary] [label textline] ip address ip_address netmask [secondary] [label textline] no ip address ip_address/mask [secondary] no ip address ip_address netmask [secondary] no ip address [Keyword] label : Set label as IPv4 address secondary : Set as the secondary address : A.B.C.
Command Reference | Layer 3 functions | 211 7.1.2 Show IPv4 address [Syntax] show ip interface [interface] brief [Parameter] interface : VLAN interface name [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the IPv4 address for each interface. The following content is shown. • IPv4 address • • • • For secondary addresses, “(secondary)” is appended to the end of IPv4 addresses.
| Command Reference | Layer 3 functions A secondary address cannot be set for interfaces that are set as DHCP clients. If this command is executed with the "no" syntax, the DHCP client setting is deleted. [Note] The lease time requested from the DHCP server is fixed at 72 hours. However, the actual lease time will depend on the setting of the DHCP server.
Command Reference | Layer 3 functions | 213 no auto-ip [Parameter] switch : Behavior of the auto IP function Setting value Description enable Enable the auto IP function disable Disable the auto IP function [Initial value] auto-ip disable [Input mode] interface mode [Description] For the VLAN interface, enables the Auto IP function which automatically generates the IPv4 link local address (169.254.xxx.xxx/16).
| Command Reference | Layer 3 functions Netmask in address format Set this to 0.0.0.0 if specifying the default gateway gateway : A.B.C.D IPv4 address of gateway number : <1-255> Administrative distance (priority order when selecting route) (if omitted: 1) Lower numbers have higher priority. [Initial value] none [Input mode] global configuration mode [Description] Adds a static route for IPv4. If this command is executed with the "no" syntax, the specified route is deleted.
Command Reference | Layer 3 functions | 215 SWP2>show ip route 192.168.100.10 Routing entry for 192.168.100.0/24 Known via "connected", distance 0, metric 0, best * is directly connected, vlan1 7.2.3 Show IPv4 Routing Information Base [Syntax] show ip route database [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the IPv4 Routing Information Base (RIB). [Example] Show the IPv4 routing information base.
| Command Reference | Layer 3 functions SWP2>show arp IP Address MAC Address Interface Type 192.168.100.10 00a0.de00.0000 vlan1 dynamic 192.168.100.100 00a0.de00.0001 vlan1 static 7.3.2 Clear ARP table [Syntax] clear arp-cache [Input mode] priviledged EXEC mode [Description] Clears the ARP cache. [Example] Clear the ARP cache. SWP2#clear arp-cache 7.3.3 Set static ARP entry [Syntax] arp ip_address mac_address interface no arp ip_address [Parameter] ip_address : A.B.C.
Command Reference | Layer 3 functions | 217 [Input mode] interface mode [Description] Changes the length of time that ARP entries are maintained in the applicable VLAN interface. ARP entries that are not received within this length of time are deleted. If this command is executed with the "no" syntax, the ARP entry timeout is set to 1200 seconds. [Example] Change the ARP entry ageing timeout for VLAN #1 to five minutes. SWP2(config)#interface vlan1 SWP2(config)#arp-aging-timeout 300 7.
| Command Reference | Layer 3 functions [Keyword] repeat : Specifies the number of times to execute size : Specifies the length of the ICMP payload (byte units) timeout : Specifies the time to wait for a reply after transmitting the specified number of Echo requests source : Sets the source address for ICMP packets : Target to which ICMP Echo is sent [Parameter] host Host name, or target IP address (A.B.C.
Command Reference | Layer 3 functions | 219 [Example] Check the route to 192.168.100.1. SWP2#traceroute 192.168.100.1 traceroute to 192.168.100.1 (192.168.100.1), 30 hops 1 192.168.10.1 (192.168.10.1) 0.563 ms 0.412 ms 2 192.168.20.1 (192.168.20.1) 0.561 ms 0.485 ms 3 192.168.30.1 (192.168.30.1) 0.864 ms 0.693 ms 4 192.168.40.1 (192.168.40.1) 0.751 ms 0.783 ms 5 192.168.50.1 (192.168.50.1) 7.689 ms 7.527 ms 6 192.168.100.1 (192.168.100.1) 33.948 ms 10.413 max 0.428 ms 0.476 ms 21.104 ms 0.673 ms 7.
| Command Reference | Layer 3 functions [Input mode] interface mode [Description] Specifies the IPv6 address and prefix length for the VLAN interface. An IPv6 address can be set for a VLAN interface for which the ipv6 enable command has been set. This command can be used with the ipv6 address autoconfig command. For IPv6 addresses, up to five global addresses (including RA settings) and one link local address can be set in one VLAN interface.
Command Reference | Layer 3 functions | 221 • • • If an IPv6 address has not been set, this will be "unassigned." Physical layer status Data link layer status If an interface is specified, information for that interface is shown. If the interface is omitted, information is shown for all interfaces for which an IPv6 address is specified. [Note] An error occurs if the specified interface is one to which an IPv6 address cannot be assigned. [Example] Show the IPv6 address for all VLAN interface.
| Command Reference | Layer 3 functions [Note] For the default gateway setting, the static route setting takes priority over the RA setting. [Example] For the destination 2001:db8:2::/64, set the gateway to 2001:db8:1::1. SWP2(config)#ipv6 route 2001:db8:2::/64 2001:db8:1::1 Set the default gateway to fe80::2a0:deff:fe:1 on VLAN #1. SWP2(config)#ipv6 route ::/0 fe80::2a0:deff:fe:1%vlan1 7.7.
Command Reference | Layer 3 functions | 223 SWP2>show ipv6 route database Codes: C - connected, S - static > - selected route, * - FIB route Timers: Uptime S C S C *> *> *> *> ::/0 [1/0] via fe80::2a0:deff:fe:1, vlan1, 00:21:39 2001:db8:1::/64 via ::, vlan1, 00:19:41 2001:db8:2::/64 [1/0] via 2001:db8:1::1, vlan1, 00:20:23 fe80::/64 via ::, vlan1, 00:21:39 7.7.
| Command Reference | Layer 3 functions SWP2(config)#ipv6 neighbor 2001:db8:cafe::1 vlan1 00a0.de80.cafe port1.1 7.8.2 Show neighbor cache table [Syntax] show ipv6 neighbors [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the neighbor cache table. [Note] [Example] Show the neighbor cache table. SWP2>show ipv neighbors IPv6 Address 2001:db8:1:0:3538:5dc7:6bc4:1a23 2001:db8:cafe::1 fe80::0211:22ff:fe33:4455 fe80::6477:88ff:fe99:aabb MAC Address 0011.2233.4455 00a0.de80.
Command Reference | Layer 3 functions | 225 [Description] Enables or disables forwarding of IPv6 packets. If this is executed with the "no" syntax, the setting returns to the default. 7.9.2 Show IPv6 forwarding settings [Syntax] show ipv6 forwarding [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the IPv6 packet forwarding settings. [Example] Shows the IPv6 packet forwarding settings. SWP2>show ipv6 forwarding IPv6 forwarding is on 7.10 IPv6 ping 7.10.
| Command Reference | Layer 3 functions [Description] Send ICMPv6 Echo to the specified host, and wait for ICMPv6 Echo Reply. When it is received, indicate this. Show simple statistical information when the command ends. [Note] [Example] Ping fe80::2a0:deff:fe11:2233. SWP2#ping6 fe80::2a0:deff:fe11:2233%vlan1 PING fe80::2a0:deff:fe11:2233%vlan1 (fe80::2a0:deff:fe11:2233%vlan1): 56 data bytes 64 bytes from fe80::2a0:deff:fe11:2233: seq=0 ttl=64 time=2.
Command Reference | Layer 3 functions | 227 [Initial value] dns-client disable [Input mode] global configuration mode [Description] Enables or disables the DNS lookup function. If this command is executed with the "no" syntax, the function is disabled. [Example] Enable the DNS lookup function. SWP2(config)#dns-client enable 7.11.2 Set DNS server list [Syntax] dns-client name-server server no dns-client name-server server [Parameter] server : A.B.C.
| Command Reference | Layer 3 functions [Initial value] none [Input mode] global configuration mode [Description] Specifies the default domain name used for DNS queries. If this command is executed with the "no" syntax, the default domain name is deleted. [Note] The setting of this command takes priority if the default domain name (option code 15) was obtained from the DHCP server by the ip address dhcp command.
Command Reference | Layer 3 functions | 229 Item Description DNS Client is enabled Enable the DNS client DNS Client is disabled Disable the DNS client Default domain Default domain name Domain list Search domain list Name Servers DNS server list (IP address) [Example] Show the DNS client information. SWP2>show dns-client DNS client is enabled Default domain : example.com Domain list : example1.com example2.com Name Servers : 192.168.100.
| Command Reference | IP multicast control Chapter 8 IP multicast control 8.1 IP multicast basic settings 8.1.
Command Reference | IP multicast control | 231 When specifying an IPv4 multicast address, frames received on the specified VLAN interface with the specified IPv4 multicast address as the destination are forwarded. If you specify IPv4 multicast addresses, you can set up to 100 addresses. If this command is executed with the "no" syntax, the specified setting is cleared. [Note] The link-local multicast address in this command is within the following range. • • IPv4: 224.0.0.
| Command Reference | IP multicast control Setting value Description enable Enable IGMP snooping disable Disable IGMP snooping [Initial value] ip igmp snooping enable [Input mode] interface mode [Description] Enables the IGMP snooping setting of the interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for VLAN interface. [Example] Enable IGMP snooping for VLAN #2.
Command Reference | IP multicast control | 233 no ip igmp snooping mrouter interface ifname [Parameter] ifname : LAN/SFP+ port interface name Interface to set [Initial value] none [Input mode] interface mode [Description] Statically sets the LAN/SFP+ port to which the multicast router is connected. If this command is executed with the "no" syntax, the setting is discarded. [Note] This command can be specified only for VLAN interface. The multicast router must be connected to the specified LAN/SFP+ port.
| Command Reference | IP multicast control 8.2.5 Set IGMP query transmission interval [Syntax] ip igmp snooping query-interval interval no ip igmp snooping query-interval [Parameter] interval : <20-18000> Query transmission interval (seconds) [Initial value] ip igmp snooping query-interval 125 [Input mode] interface mode [Description] Sets the transmission interval for IGMP queries. If this command is executed with the "no" syntax, the setting returns to the default.
Command Reference | IP multicast control | 235 [Example] Enable the TTL value verification function of IGMP packets for VLAN #2. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ip igmp snooping check ttl enable Disnable the TTL value verification function of IGMP packets for VLAN #2. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ip igmp snooping check ttl disable 8.2.
| Command Reference | IP multicast control Setting value Description enable Enable disable Disable [Initial value] ip igmp snooping report-suppression enable [Input mode] interface mode [Description] Configures IGMP report suppression. If this command is executed with the "no" syntax, the setting returns to the default. When enabled, the minimum number of messages will be sent to the multicast router ports based on the information obtained from the received Report messages and Leave messages.
Command Reference | IP multicast control | 237 [Note] This command can only be specified for VLAN interface. [Example] Enables suppression of data transmission to multicast router ports at VLAN #2. SWP2#configure terminal SWP2(config)#interface vlan2 SWP2(config-if)#ip igmp snooping mrouter-port data-suppression enable Disables suppression of data transmission to multicast router ports in VLAN #2.
| Command Reference | IP multicast control 1 239.255.255.250 192.168.100.11 V3 port1.5 R Show detailed IGMP group membership information. SWP2#show ip igmp snooping groups detail IGMP Snooping Group Membership Details Flags: (R - Remote, S - Static) Interface: port1.5 Group: 239.255.255.250 Flags: R Uptime: 01:07:10 Group mode: Exclude (Expires: 00:04:13) Last reporter: 192.168.100.11 Source list is empty 8.2.
Command Reference | IP multicast control | 239 [Parameter] A.B.C.D : Multicast group address "*" indicates all entries ifname : VLAN interface name Interface to clear [Input mode] priviledged EXEC mode [Description] Clears IGMP group membership entries. [Example] Clear IGMP group membership entries for VLAN #1. SWP2#clear ip igmp snooping interface vlan1 8.3 MLD snooping 8.3.
| Command Reference | IP multicast control [Initial value] none [Input mode] interface mode [Description] Enables MLD snooping fast-leave for the interface. If this is executed with the "no" syntax, MLD snooping fast-leave is disabled. [Note] This command can be specified only for VLAN interfaces. Also, this can be specified only if MLD snooping is enabled. Do not enable this command on a VLAN interface for which multiple hosts are connected to the LAN/SFP+ port.
Command Reference | IP multicast control | 241 8.3.4 Set query transmission function [Syntax] ipv6 mld snooping querier no ipv6 mld snooping querier [Initial value] none [Input mode] interface mode [Description] Enables the MLD query transmission function. If this command is executed with the "no" syntax, the MLD query transmission function is disabled. [Note] This command can be specified only forVLAN interfaces. Also, this can be specified only if MLD snooping is enabled.
| Command Reference | IP multicast control 8.3.6 Set MLD version [Syntax] ipv6 mld snooping version version no ipv6 mld snooping version [Parameter] version : <1-2> MLD version [Initial value] ipv6 mld snooping version 2 [Input mode] interface mode [Description] Sets the MLD version. If this command is executed with the "no" syntax, the MLD version returns to the default setting (V2). [Note] This command can be specified only for VLAN interfaces.
Command Reference | IP multicast control | 243 8.3.8 Show MLD group membership information [Syntax] show ipv6 mld snooping groups [detail] show ipv6 mld snooping groups X:X::X:X [detail] show ipv6 mld snooping groups ifname [detail] [Keyword] detail : Detailed information X:X::X:X : Multicast group address ifname : VLAN interface name [Parameter] Interface to show [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows MLD group membership information.
| Command Reference | IP multicast control MLD Snooping enabled Snooping Querier none MLD Snooping other querier timeout is 255 seconds Group Membership interval is 260 seconds MLDv1 fast-leave is disabled MLDv1 Report suppression enabled MLDv2 Report suppression enabled Router port detection using MLD Queries Number of router-ports: 0 Number of Groups: 0 Number of v1-reports: 0 Number of v1-leaves: 0 Number of v2-reports: 12 Active Ports: port1.8 8.3.
Command Reference | Traffic control | 245 Chapter 9 Traffic control 9.1 ACL 9.1.1 Generate IPv4 access list [Syntax] access-list ipv4-acl-id [seq_num] action protocol src-info [src-port] dst-info [dst-port] [ack] [fin] [psh] [rst] [syn] [urg] no access-list ipv4-acl-id [seq_num] [action protocol src-info [src-port] dst-info [dst-port] [ack] [fin] [psh] [rst] [syn] [urg]] [Keyword] ack : If tcp is specified as the protocol, the ACK flag of the TCP header is specified as a condition.
| Command Reference | Traffic control Setting value src-port : Description A.B.C.D E.F.G.H Specifies an IPv4 address (A.B.C.D) with wildcard bits (E.F.G.H) A.B.C.D/M Specifies an IPv4 address (A.B.C.D) with subnet mask length (Mbit) host A.B.C.D Specifies a single IPv4 address (A.B.C.D) any Applies to all IPv4 addresses <0-65535> If protocol is specified as tcp or udp, this specifies the transmission source port number <0-65535> that is the condition. This can also be omitted.
Command Reference | Traffic control | 247 [Example] Create access list #1 that denies communication from the source segment 192.168.1.0/24 to the destination 172.16.1.1. SWP2(config)#access-list 1 deny any 192.168.1.0 0.0.0.255 host 172.16.1.1 Delete IPv4 access list #1. SWP2(config)#no access-list 1 9.1.
| Command Reference | Traffic control [Input mode] interface mode [Description] Applies an IPv4 access list to both LAN/SFP+ port and logical interface. If the received/transmitted frame matches the conditions in the access list, the action in the access list will be the action (permit, deny) for the corresponding frame. If this command is executed with the "no" syntax, the applied access list is deleted from both LAN/SFP+ port and logical interface.
Command Reference | Traffic control | 249 [Input mode] global configuration mode [Description] Generates an IPv6 access list. Multiple conditions (maximum 256) can be specified for the generated access list. To apply the generated access list, use the access-group command of interface mode. If the "no" syntax is used to specify "action" and following, the IPv6 access list that matches all conditions is deleted.
| Command Reference | Traffic control [Parameter] ipv6-acl-id : <3001-4000> ID of IPv6 access list to apply direction : Specifies the direction of applicable frames Setting value Description in Apply to received frames out Apply to transmitted frames [Initial value] none [Input mode] interface mode [Description] Applies an IPv6 access list to both LAN/SFP+ port and logical interface.
Command Reference | Traffic control | 251 Setting value src-info : Description deny "Deny" the condition permit "Permit" the condition Specifies the transmission-source MAC address information that is the condition Setting value dst-info : Description HHHH.HHHH.HHHH WWWW.WWWW.WWWW Specifies the MAC address (HHHH.HHHH.HHHH) with wildcard bits (WWWW.WWWW.WWWW) host HHHH.HHHH.HHHH Specifies an individual MAC address (HHHH.HHHH.
| Command Reference | Traffic control [Parameter] mac-acl-id : <2001-3000> ID of the MAC access list to which to add a description line : Description to add. Can be up to 32 ASCII characters [Initial value] none [Input mode] global configuration mode [Description] Add a description to the generated MAC access list. If this command is executed with the "no" syntax, the MAC description is cleared.
Command Reference | Traffic control | 253 [Example] Apply access list #2001 to received frames of LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#access-group 2001 in 9.1.10 Show generated access list [Syntax] show access-list [acl_id] [Parameter] acl-id : <1-2000>, <2001-3000>, <3001-4000> ID of access list [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the registered access list. If acl-id is omitted, all access lists are shown.
| Command Reference | Traffic control [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] For each interface, shows the ID of all access lists that are applied. [Example] Show a list. SWP2>show Interface Interface Interface access-group port1.1 : IPv4 access group 1 in port1.7 : IPv6 access group 3002 in port1.8 : MAC access group 2001 in 9.1.
Command Reference | Traffic control | 255 If this command is executed with the "no" syntax, the specified access list is deleted from the corresponding VLAN access map. [Note] Only one access list can be specified for one VLAN access map. You can use the show vlan access-map command to view the setting. [Example] Create a VLAN access map named "VAM001", and specify an access list that denies packets from 192.168.0.1. SWP2(config)#access-list 2 deny any 192.168.0.
| Command Reference | Traffic control 9.1.16 Show VLAN access map [Syntax] show vlan access-map [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the registered VLAN access map. The following items are shown. • • Name of the VLAN access map Access list applied to VLAN access map [Example] Show VLAN access map information. SWP2>show vlan access-map Vlan access-map VAM001 match ipv4 access-list 2 9.1.
Command Reference | Traffic control | 257 [Input mode] global configuration mode [Description] Enables QoS. If this is executed with the "no" syntax, QoS is disabled. At this time, the related QoS settings are also deleted. [Note] If the flow control system setting is enabled, it is not possible to enable QoS. Many of the commands related to QoS cannot be executed unless QoS is left enabled. [Example] Enable QoS. SWP2(config)#qos enable Disable QoS. SWP2(config)#qos disable 9.2.
| Command Reference | Traffic control [Parameter] mode : Trust mode Setting value Description cos Determines the egress queue based on the CoS value dscp Determines the egress queue based on the DSCP value port-priority Applies the specified priority to the receiving port [Initial value] qos trust cos [Input mode] interface mode [Description] Specifies the trust mode of LAN/SFP+ port and logical interface.
Command Reference | Traffic control | 259 9.2.4 Show status of QoS function setting [Syntax] show qos [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the enabled (Enable) or disabled (Disable) status of the QoS function. [Example] Show the status of the system's QoS setting. SWP2#show qos Enable 9.2.5 Show QoS information for interface [Syntax] show qos interface [ifname] [Parameter] ifname : Name of the LAN/SFP+ port or logical interface.
| Command Reference | Traffic control Port Default CoS Priority: 0 Egress Traffic Shaping: Rate 30016 Kbps, Burst 1876 KByte Queue Scheduling: Queue0 : Weight 1 Queue1 : Weight 1 Queue2 : Weight 2 Queue3 : Weight 5 Queue4 : Weight 5 Queue5 : Weight 5 Queue6 : SP Queue7 : SP ( 5.3%) ( 5.3%) (10.5%) (26.3%) (26.3%) (26.3%) Cos (Queue): 0(2), 1(0), 2(1), 3(3), 4(4), 5(5), 6(6), 7(7) Special Queue Assignment: Sent From CPU: Queue7 Show the QoS settings of LAN port #1.
Command Reference | Traffic control | 261 SWP2#show qos queue-counters port1.1 QoS: Enable Interface port1.1 Queue Counters: Queue 0 59.4 % Queue 1 15.0 % Queue 2 0.0 % Queue 3 0.0 % Queue 4 0.0 % Queue 5 3.6 % Queue 6 0.0 % Queue 7 0.1 % 9.2.
| Command Reference | Traffic control 9.2.8 Set DSCP - egress queue ID conversion tabl [Syntax] qos dscp-queue dscp-value queue-id no qos dscp-queue dscp-value [Parameter] dscp-value : <0-63> DSCP value of the conversion source queue-id : <0-7> Egress queue ID corresponding to DSCP value [Initial value] See [Note] [Input mode] global configuration mode [Description] Specifies the values of the DSCP - egress queue ID conversion table that is used to determine the egress queue.
Command Reference | Traffic control | 263 [Input mode] interface mode [Description] Specifies the priority (egress queue ID) for the receiving interface to LAN/SFP+ port and logical interface. If this is executed with the "no" syntax, the egress queue ID for the specified interface is returned to the default setting (2). The port priority is used to determine the egress queue when the trust mode is set to "port priority." [Note] In order to execute this command, QoS must be enabled.
| Command Reference | Traffic control [Input mode] global configuration mode [Description] Generates a class map. A class map defines the conditions used to classify received frames into traffic classes, and consists of conditions defined by the match command and the corresponding action (permit/deny).Class map actions are handled as follows. Class map actions are handled as follows.
Command Reference | Traffic control | 265 • • Categorize bandwidth classes as CIR:48kbps, CBS:12kbyte, and EBS:12kbyte Green: forward, Yellow: rewrite DSCP value to 10, Red: discard [Traffic class definition] SWP2(config)#access-list 1 permit any 10.1.0.0 0.0.255.
| Command Reference | Traffic control [Input mode] class map mode [Description] Uses the CoS value of the VLAN tag header as the condition to classify the traffic class. If this is executed with the "no" syntax, the CoS condition setting is deleted. The setting can be repeated up to the maximum number (eight) of registrations. [Note] In order to execute this command, QoS must be enabled. [Example] Specify CoS values "1" and "2" as the classification conditions for class map "class1.
Command Reference | Traffic control | 267 [Note] In order to execute this command, QoS must be enabled. [Example] Specify DSCP values "48" and "56" as the classification conditions for class map "class1." SWP2(config)#class-map class1 SWP2(config-cmap)#match ip-dscp 48 56 9.2.
| Command Reference | Traffic control [Description] Uses the VLAN ID as the condition to classify the traffic class. If this is executed with the "no" syntax, the classification conditions using VLAN ID are deleted. The setting can be repeated up to the maximum number (30) of registrations. [Note] In order to execute this command, QoS must be enabled. [Example] Specify VLAN #20 as the classification conditions for class map "class1". SWP2(config)#class-map class1 SWP2(config-cmap)#match vlan 20 9.2.
Command Reference | Traffic control | 269 Section Item Description Classification conditions (match) Match Access-List Access list ID Match ethertype Ethernet Type Match vlan VLAN ID Match vlan-range • • Match CoS CoS value Match IP precedence TOS precedence Match IP DSCP DSCP value The classification condition is shown only once for each type that is specified. A classification condition for which a corresponding command (match) is not set will not be shown.
| Command Reference | Traffic control SWP2(config)#access-list 1 permit any 10.1.0.0 0.0.255.255 any SWP2(config)#class-map class1 SWP2(config-cmap)#match access-list 1 SWP2(config-cmap)#exit [Policy settings] SWP2(config)#policy-map policy1 SWP2(config-pmap)#class class1 SWP2(config-pmap-c)#police 48 12 12 yellow-action remark red-action drop SWP2(config-pmap-c)#remark-map yellow ip-dscp 10 SWP2(config-pmap-c)#exit SWP2(config-pmap)#exit SWP2(config)#interface port1.
Command Reference | Traffic control | 271 Remove policy map "policy1" from LAN port #1. SWP2(config)#interface port1.1 SWP2(config-if)#no service-policy input policy1 9.2.23 Set pre-marking (CoS) [Syntax] set cos value no set cos [Parameter] value : <0 - 7> CoS value set by pre-marking [Input mode] policy map class mode [Description] Changes the CoS value of the classified traffic class to the specified CoS value.
| Command Reference | Traffic control [Note] In order to execute this command, QoS must be enabled. Pre-marking cannot be used in conjunction with the set egress queue function. [Example] Make the following settings for received frames of LAN port #1 • • Permit traffic from the 10.1.0.0 network Change the classified traffic class to TOS precedence "5". [Traffic class definition] SWP2(config)#access-list 1 permit any 10.1.0.0 0.0.255.
Command Reference | Traffic control | 273 SWP2(config)#access-list 1 permit any 10.1.0.0 0.0.255.255 any SWP2(config)#class-map class1 SWP2(config-cmap)#match access-list 1 SWP2(config-cmap)#exit [Policy settings] SWP2(config)#policy-map policy1 SWP2(config-pmap)#class class1 SWP2(config-pmap-c)#set ip-dscp 10 SWP2(config-pmap-c)#exit SWP2(config-pmap)#exit SWP2(config)#interface port1.1 SWP2(config-if)#service-policy input policy1 9.2.
| Command Reference | Traffic control [Example] Make the following settings for received frames of LAN port #1 • • • Permit traffic from the 10.1.0.0 network Categorize bandwidth classes as CIR:48kbps, CBS:12kbyte, and EBS:12kbyte Green: forward, Yellow: rewrite DSCP value to 10, Red: discard [Traffic class definition] SWP2(config)#access-list 1 permit any 10.1.0.0 0.0.255.
Command Reference | Traffic control | 275 However, remarking can be specified for either Yellow or Red, not both. Detailed remarking settings are made using the remark-map command (policy map class mode). Regardless of whether action is set to "remark," remarking is disabled if there are no detailed remarking settings for that bandwidth class. In this case, the default settings (Yellow: forward, Red: discard) are applied.
| Command Reference | Traffic control [Description] Specifies remarking operations for bandwidth classes Yellow and Red that were classified by individual policers. In addition, reassign the egress queue according to the egress queue ID table that corresponds to the trust mode. For remarking, you can select either CoS value, TOS precedence, or DSCP value. If this is executed with the "no" syntax, the remarking setting is deleted.
Command Reference | Traffic control | 277 • A policy map that includes a class map specified by the aggregate policer is applied to LAN/SFP+ port and logical interface. In the following case, the aggregate policer cannot be deleted. • The police-aggregate command was used to set the aggregate policer to a traffic class [Note] In order to execute this command, QoS must be enabled. [Example] Generate aggregate policer "AGP-01". SWP2(config)#aggregate-police AGP-01 SWP2(config-agg-policer)# 9.2.
| Command Reference | Traffic control • • Executing metering by SrTCM with CIR:48kbps, CBS:12kbyte, and EBS:12kbyte Yellow: rewrite DSCP value to 10, Red: discard [Aggregate policer creating] SWP2(config)#aggregate-police AGP-01 SWP2(config-agg-policer)#police single-rate 48 12 12 yellow-action remark red-action drop SWP2(config-agg-policer)#remark-map yellow ip-dscp 10 SWP2(config-agg-policer)#exit 9.2.
Command Reference | Traffic control | 279 • Yellow: rewrite DSCP value to 10, Red: discard [Aggregate policer creating] SWP2(config)#aggregate-police AGP-01 SWP2(config-agg-policer)#police twin-rate 48 96 12 12 yellow-action remark redaction drop SWP2(config-agg-policer)#remark-map yellow ip-dscp 10 SWP2(config-agg-policer)#exit 9.2.
| Command Reference | Traffic control PHB DSCP value RFC Expedited Forwarding(EF) 46 2598 [Example] Make the following settings for aggregate policer "AGP-01".
Command Reference | Traffic control | 281 [Note] In order to execute this command, QoS must be enabled. [Example] Apply aggregate policer "AGP-01" to the two traffic classes "class1" and "class2" of policy map "policy1.
| Command Reference | Traffic control Class-map : class2 class3 Green Bytes : 28672 Yellow Bytes : 2048 Red Bytes : 51552 9.2.36 Clear metering counters [Syntax] clear qos metering-counters [ifname] [Parameter] ifname : LAN/SFP+ port name or logical interface name. If this is omitted, the command applies to all ports.
Command Reference | Traffic control | 283 [Policy settings] SWP2(config)#policy-map policy1 SWP2(config-pmap)#class class1 SWP2(config-pmap-c)#set cos-queue 3 SWP2(config-pmap-c)#exit SWP2(config-pmap)#exit SWP2(config)#interface port1.1 SWP2(config-if)#service-policy input policy1 9.2.
| Command Reference | Traffic control [Description] Shows information for the specified policy map. The following content is shown. Item Description Policy-Map Name Policy map name State Application status of the policy map (attached/detached) Class-Map Name Class map information. For details, refer to the show classmap command.
Command Reference | Traffic control | 285 [Note] In order to execute this command, QoS must be enabled. [Example] Show information for policy map "policy1". SWP2#show policy-map policy1 Policy-Map Name: policy1 State: attached Class-Map Name: class1 Qos-Access-List Name: 1 Police: Mode: SrTCM average rate (48 Kbits/sec) burst size (12 KBytes) excess burst size (12 KBytes) yellow-action (Remark [DSCP:10]) red-action (Drop) 9.2.
| Command Reference | Traffic control [Example] Show the status of policy map "policy1". SWP2#show qos map-status policy policy1 policy1 status input port : port1.3 edit/erase : Disable attach limitation CoS trust mode : Enable DSCP trust mode : Enable Port-Priority trust mode : Disable Show the status of class map "class1".
Command Reference | Traffic control | 287 [Example] Set egress queues #7 and #6 to the SP method (7 has priority), and set #5, #4, #3, #2, #1, and #0 to the WRR method (5:5:5:2:1:1). SWP2(config)#no qos wrr-weight 7 SWP2(config)#no qos wrr-weight 6 SWP2(config)#qos wrr-weight 5 5 SWP2(config)#qos wrr-weight 4 5 SWP2(config)#qos wrr-weight 3 5 SWP2(config)#qos wrr-weight 2 2 SWP2(config)#qos wrr-weight 1 1 SWP2(config)#qos wrr-weight 0 1 9.2.
| Command Reference | Traffic control [Initial value] no traffic-shpe queue 0 rate no traffic-shpe queue 1 rate no traffic-shpe queue 2 rate no traffic-shpe queue 3 rate no traffic-shpe queue 4 rate no traffic-shpe queue 5 rate no traffic-shpe queue 6 rate no traffic-shpe queue 7 rate [Input mode] interface mode [Description] Specifies shaping for the egress queue of the port. If this is executed with the "no" syntax, the egress queue shaping setting is disabled.
Command Reference | Traffic control | 289 [Example] Enable flow control for system. SWP2(config)#flowcontrol enable 9.3.2 Set flow control (IEEE 802.
| Command Reference | Traffic control [Note] The number of PAUSE frames sent and received are shown only if flow control is enabled on the corresponding port. The number of PAUSE frames sent and received is cleared when you execute the clear frame-counters command. [Example] Show flow control information for LAN port #1. SWP2#show flowcontrol port1.1 Port FlowControl RxPause TxPause ------------------------- ------port1.1 Both 4337 0 Show flow control information for all ports.
Command Reference | Traffic control | 291 9.4.2 Show storm control reception upper limit [Syntax] show storm-control [ifname] [Parameter] ifname : LAN/SFP+ port interface name Interface to show [Initial value] none [Input mode] unprivileged EXEC mode, priviledged EXEC mode [Description] Shows the upper limit value for frame reception. If the interface name is omitted, all interfaces are shown. [Example] Show the setting status of all interfaces. SWP2#show storm-control Port BcastLevel McastLevel port1.
| Command Reference | Application Chapter 10 Application 10.1 Local RADIUS server 10.1.
Command Reference | Application | 293 SWP2(config)#radius-server local interface vlan1 SWP2(config)#radius-server local interface vlan100 10.1.3 Generate a route certificate authority [Syntax] crypto pki generate ca [ca-name] no crypto pki generate ca [Parameter] ca-name : Certificate authority name Characters that can be inputted for the certificate authority name • • • Within 3–32 characters Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces Cannot specify “
| Command Reference | Application [Parameter] mode : Authentication method Setting value Description pap PAP authentication method peap PEAP authentication method eap-md5 EAP-MD5 authentication method eap-tls EAP-TLS authentication method eap-ttls EAP-TTLS authentication method [Initial value] authentication pap peap eap-md5 eap-tls eap-ttls [Input mode] RADIUS configuration mode [Description] Specifies the authentication method used for the local RADIUS server.
Command Reference | Application | 295 [Initial value] nas 127.0.0.1 key secret_local [Input mode] RADIUS configuration mode [Description] Adds a RADIUS client (NAS) to the RADIUS client list. The maximum number of registered entries is 100. If this command is executed with the "no" syntax, the specified RADIUS client setting is deleted. [Note] RADIUS client (NAS) information configured using this command will not display in running-config or startup-config.
| Command Reference | Application vlan-id : <1-4094> VLAN number for dynamic VLAN mac-address : hhhh.hhhh.hhhh (h is hexadecimal) MAC address for terminal (user) to authenticate ssid : SSID connection point (32 characters or less, single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces ) name : User name (32 characters or less, single-byte alphanumeric characters and symbols other than the characters " ? and spaces mail-address : Mail address (256 cha
Command Reference | Application | 297 SWP2(config)#radius-server local-profile SWP2(config-radius)#user yamaha secretpassword mac 00a0.de00.0001 auth peap name YamahaTaro 10.1.8 Reauthentication interval setting [Syntax] reauth interval time no reauth interval [Parameter] time : <3600,43200,86400,604800> Reauthentication interval (no.
| Command Reference | Application (within 3–32 characters; cannot specify “DEFAULT”) Authentication method Characters that can be inputted EAP-MD5, EAP-TTLS, PEAP, PAP Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces EAP-TLS Single-byte alphanumeric characters and symbols other than the characters \ [ ] / : * | < > " ? and spaces [Input mode] priviledged EXEC mode [Description] This issues client certificates to users for which the EAP-TLS certificatio
Command Reference | Application | 299 10.1.
| Command Reference | Application (within 3–32 characters; cannot specify “DEFAULT”) Authentication method Characters that can be inputted: EAP-MD5, EAP-TTLS, PEAP, PAP Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces EAP-TLS Single-byte alphanumeric characters and symbols other than the characters \ [ ] / : * | < > " ? and spaces [Input mode] priviledged EXEC mode [Description] Sends client certificates to each user via e-mail attachment.
Command Reference | Application | 301 10.1.15 Show authenticated user information [Syntax] show radius-server local user [detail userid] [Keyword] detail : Show detailed information for the specified user : User ID [Parameter] userid (within 3–32 characters; cannot specify “DEFAULT”) Authentication method Characters that can be inputted EAP-MD5, EAP-TTLS, PEAP, PAP Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces EAP-TLS Single-byte alphanumeric char
| Command Reference | Application Issuance status Contents Issuance of client certificate aborted by executing “certificate abort” or other command aborted [Example] Shows the issuance status for client certificates. SWP2#show radius-server local certificate status certificate process: done. 10.1.
Command Reference | Application | 303 Reason for revocation expired Contents Revocation due to expired term of validity [Example] Displays the list of revoked client certificates.
| Command Reference | Index Index A aaa authentication auth-mac 149 aaa authentication auth-web 150 aaa authentication dot1x 149 access-group (IPv4) 247 access-group (IPv6) 249 access-group (MAC) 252 access-list (IPv4) 245 access-list (IPv6) 248 access-list (MAC) 250 access-list description (IPv4) 247 access-list description (IPv6) 249 access-list description (MAC) 251 action 118 aggregate-police 276 arp 216 arp-ageing-timeout 216 auth clear-state time (global configuration mode) 167 auth clear-state t
Command Reference | Index | 305 ip igmp snooping fast-leave 232 ip igmp snooping mrouter interface 232 ip igmp snooping mrouter-port data-suppression 236 ip igmp snooping querier 233 ip igmp snooping query-interval 233 ip igmp snooping report-suppression 235 ip igmp snooping version 235 ip route 213 ipv6 219 ipv6 address 219 ipv6 address autoconfig 220 ipv6 forwarding 224 ipv6 mld snooping 239 ipv6 mld snooping fast-leave 239 ipv6 mld snooping mrouter interface 240 ipv6 mld snooping querier 240 ipv6 mld sno
| Command Reference | Index S save 34 save logging 56 schedule 116 schedule template 119 send from 93 send notify wait-time 94 send server 92 send subject 94 send to 93 service terminal-length 52 service-policy 270 set cos 271 set cos-queue 282 set ip-dscp 272 set ip-dscp-queue 283 set ip-precedence 271 set lldp 99 set management-address-tlv 100 set msg-tx-hold 104 set timer msg-fast-tx 103 set timer msg-tx-interval 102 set timer reinit-delay 103 set too-many-neighbors limit 105 set tx-fast-init 104 sf
Command Reference | Index | 307 snmp-server enable trap 59 snmp-server group 62 snmp-server host 57 snmp-server location 61 snmp-server startup-trap-delay 58 snmp-server user 63 snmp-server view 62 spanning-tree 191 spanning-tree bpdu-filter 192 spanning-tree bpdu-guard 192 spanning-tree edgeport 194 spanning-tree forward-time 189 spanning-tree instance 201 spanning-tree instance path-cost 202 spanning-tree instance priority 201 spanning-tree link-type 191 spanning-tree max-age 190 spanning-tree mst configu