Yamaha L2 Switch Intelligent L2 SWX232x Series Command Reference Rev.2.05.07 / Rev.2.06.
| Command Reference | TOC Contents Preface: Introduction ............................................................................................14 Chapter 1: How to read the command reference ...............................................15 1.1 Applicable firmware revision .....................................................................................................................15 1.2 How to read the command reference .......................................................................
Command Reference | TOC | 3 4.3.5 Erase startup configuration ..........................................................................................................36 4.3.6 Copy startup configuration ..........................................................................................................36 4.3.7 Select startup config ....................................................................................................................37 4.3.8 Set description for startup config ...........
| Command Reference | TOC 4.10.10 Show log ..................................................................................................................................59 4.11 SNMP .......................................................................................................................................................59 4.11.1 Set host that receives SNMP notifications ................................................................................59 4.11.
Command Reference | TOC | 5 4.18.1 Start SSH server and change listening port number ..................................................................85 4.18.2 Show SSH server settings ..........................................................................................................85 4.18.3 Set host that can access the SSH server .....................................................................................86 4.18.4 Set client that can access the SSH server .................................
| Command Reference | TOC 4.22.4 Set L2MS slave watch interval ................................................................................................112 4.22.5 Set number of times that is interpreted as L2MS slave down .................................................113 4.22.6 Set terminal management function ..........................................................................................113 4.22.7 Set the device information acquisition time interval ..................................
Command Reference | TOC | 7 5.1.2 Shutdown ...................................................................................................................................138 5.1.3 Set communication speed and communication mode ...............................................................138 5.1.4 Auto negotiation type settings ...................................................................................................139 5.1.5 Auto negotiation information display ...............................
| Command Reference | TOC 5.3.20 Set number of times to resend requests to RADIUS server ....................................................173 5.3.21 Set RADIUS server shared password ......................................................................................173 5.3.22 Set time of RADIUS server usage prevention .........................................................................174 5.3.23 Set NAS-Identifier attribute sent to RADIUS server .................................................
Command Reference | TOC | 9 6.2.12 Set promiscuous port for private VLAN .................................................................................201 6.2.13 Set voice VLAN ......................................................................................................................202 6.2.14 Set CoS value for voice VLAN ...............................................................................................202 6.2.15 Set DSCP value for voice VLAN ......................................
| Command Reference | TOC 7.2.3 Show IPv4 Routing Information Base .......................................................................................231 7.2.4 Show summary of the route entries registered in the IPv4 Routing Information Base .............231 7.3 ARP ..........................................................................................................................................................231 7.3.1 Show ARP table ...........................................................
Command Reference | TOC | 11 8.2.10 Show an interface's IGMP-related information .......................................................................251 8.2.11 Clear IGMP group membership entries ...................................................................................252 8.3 MLD snooping ..........................................................................................................................................252 8.3.1 Enable/disable MLD snooping .................................
| Command Reference | TOC 9.2.20 Show class map information ...................................................................................................281 9.2.21 Generate policy map for received frames ................................................................................282 9.2.22 Apply policy map for received frames ....................................................................................282 9.2.23 Set pre-marking (CoS) ......................................................
Command Reference | TOC | 13 10.1.20 Revoked client certificate list display ....................................................................................
| Command Reference | Introduction Preface Introduction • • • • • • Unauthorized reproduction of this document in part or in whole is prohibited. The contents of this document are subject to change without notice. Yamaha disclaims all responsibility for any damages caused by loss of data or other problems resulting from the use of this product. The warranty is limited to this physical product itself. Please be aware of these points.
Command Reference | How to read the command reference | 15 Chapter 1 How to read the command reference 1.1 Applicable firmware revision This command reference applies to firmware Yamaha Intelligent L2 Switch SWX232x of Rev.2.05.07 / Rev.2.06.07. For the latest firmware released after printing of this command reference, manuals, and items that differ, access the following URL and see the information in the WWW server. http://www.rtpro.yamaha.co.jp 1.
| Command Reference | How to read the command reference Interface type Prefix Description Examples Specify sa or po followed by "logical interface ID". 1.4 Input syntax for commands starting with the word "no" Many commands also have a form in which the command input syntax starts with the word no. If you use a syntax that with begins with the word no, the settings of that command are deleted and returned to the default value, unless explained otherwise.
Command Reference | How to use the commands | 17 Chapter 2 How to use the commands The SWX232x lets you perform command operations in the following two ways. Type of operation Method of operation Description Operation via console • • • Access from a console terminal Access from a TELNET client Access from a SSH client Issue commands one by one to interactively make settings or perform operations.
| Command Reference | How to use the commands To make VTY port settings, use the line vty command to specify the target VTY port, and then move to line mode. ID management for virtual terminal ports is handled within the SWX232x, but since login session and ID assignments depend on the connection timing, you should normally make the same settings for all VTY ports. 2.1.3 Access from an SSH client You can use an SSH client on a computer to connect to the SSH server of the SWX232x and control it.
Command Reference | How to use the commands | 19 Setting item Content of setting command Setting 1) is a function that temporarily applies to the user who is using the terminal, and is applied as soon as the command is executed. Setting 2) applies starting with the next session. 2.2 Operation via configuration (config) files A file containing a set of needed commands is called a configuration (config) file.
| Command Reference | How to use the commands If you want to restart the system automatically after applying the CONFIG file, specify the following remote path. The currently running configuration is applicable. • Remote path for applicable files (with automatic restart) Applicable configuration Currently running startup-config Applicable file Remote path Load (GET) Save (PUT) Automatic restart CONFIG file (.txt) reconfig - ✓ ✓ All settings (.
Command Reference | How to use the commands | 21 The basic commands related to moving between command input modes are described below. For commands that move from global configuration mode mode to individual configuration mode, refer to "individual configuration mode." • exit command • logout command • enable command / administratorcommand • disable command • configure terminal command • end command 2.4.
| Command Reference | How to use the commands individual configuration mode Transition command Prompt LLDP agent mode lldp-agent command SWX232x(lldp-agent)# E-mail template mode mail template command SWX232x(config-mail)# RADIUS configuration mode radius-server local-profile command SWX232x(config-radius)# 2.4.3 Command prompt prefix he command prompt prefix indicates the host name. In the default state, the host name is the model name "SWX232x".
Command Reference | How to use the commands | 23 • Keyboard operation Description and notes Press Esc, then D Delete from the cursor position until immediately before the first space Ctrl + K Delete from the cursor position until the end of the line Ctrl + U Delete all characters that are being entered Other Keyboard operation Description and notes Ctrl + T Exchange the character at the cursor position with the preceding character.
| Command Reference | How to use the commands Operation is shown below. Keyboard operation ↑ Ctrl + P ↓ Ctrl + N Description and notes Move backward through command history Move forward through command history 2.6 Commands that start with the word "show" 2.6.1 Modifiers Modifiers send the information produced by the show command through a filter, restricting the content that is shown in the screen and making it easier for you to see the desired information.
Command Reference | Configuration | 25 Chapter 3 Configuration 3.1 Manage setting values The SWX232x uses the following configurations to manage its settings. Types of configuration Description User operations that can be performed Running configuration (running-config) Setting values currently used for operation. Managed in RAM. Note / Save to startup configuration Startup configuration (startup-config) These are the saved setting values.
| Command Reference | Configuration Category Setting item Default value Download URL firmware-update url http:// www.rtpro.yamaha.co.jp/firmware/ revision-up/swx2320.bin (Note: the file for the SWX2322P model is “swx2322p.
Command Reference | Configuration | 27 Category L2MS L2 switching Traffic control PoE power supply LLDP agent • Settings for the default VLAN (vlan1) • IPv4 Address : 192.168.100.
| Command Reference | Maintenance and operation functions Chapter 4 Maintenance and operation functions 4.1 Passwords 4.1.
Command Reference | Maintenance and operation functions | 29 [Description] Specifies the administrator password needed to enter privileged EXEC mode. If this command is executed with the "no" syntax, the administrator password is deleted. [Note] If the password was encrypted by the password-encryption command, it is shown in the configuration in the form "enable password 8 password." The user cannot enter the password in this form when making configuration settings from the command line.
| Command Reference | Maintenance and operation functions [Parameter] switch : Allow login by special password Setting value Description enable Allow disable Don't allow [Initial value] force-password enable [Input mode] global configuration mode [Description] Enable login with special password.
Command Reference | Maintenance and operation functions | 31 Single-type alphanumeric characters and " and ' and | and > and ? and single-byte symbols other than space characters (32 characters or less) The first character must be a single-byte alphanumeric character [Initial value] none [Input mode] global configuration mode [Description] Sets user information. A maximum of 32 items of user information can be registered. The following words cannot be registered as user names.
| Command Reference | Maintenance and operation functions --------------------------------------------------------------------------------------------con 0 user1234 Login 02:15:23 vty 0 * operators1 Login 00:12:59 192.168.100.1 vty 1 abcdefghijklmnopqrstuvwxyzabcdef Login 00:00:50 192.168.100.24 vty 2 Login 00:00:21 192.168.100.10 vty 3 vty 4 vty 5 vty 6 vty 7 http 0 user1234 Login 01:12:25 192.168.100.4 http 1 (noname) Login 00:18:04 192.168.100.
Command Reference | Maintenance and operation functions | 33 SWX232x>enable SWX232x#configure terminal Enter configuration commands, one per line. SWX232x(config)#banner motd Hello World! SWX232x(config)#exit SWX232x#exit End with CNTL/Z. Username: Password: Hello World! SWX232x>enable SWX232x#configure terminal Enter configuration commands, one per line. SWX232x(config)#no banner motd SWX232x(config)#exit SWX232x#exit End with CNTL/Z. Username: Password: SWX2320 Rev.2.05.
| Command Reference | Maintenance and operation functions [Parameter] config_num : Configuration number Setting value Description <0-1> Startup configuration #0-#1 sd Startup config in SD card [Input mode] privileged EXEC mode, individual configuration mode [Description] Saves the current operating settings (running configuration) as the settings for startup (startup configuration). If config_num is omitted, it is saved in the startup config that was used for the current startup.
Command Reference | Maintenance and operation functions | 35 [Input mode] privileged EXEC mode, individual configuration mode [Description] Shows the currently-operating settings (running configuration). If section is not specified, all settings are shown. [Example] Show the running configuration. SWX232x#show running-config ! interface port1.1 switchport ... ! line con 0 line vty 0 7 ! end SWX232x# 4.3.
| Command Reference | Maintenance and operation functions no switchport ip address 192.168.100.240/24 no shutdown ! clock timezone JST ! http-server enable http-proxy enable ! telnet-server enable ! line con 0 line vty 0 7 ! end SWX232x# 4.3.
Command Reference | Maintenance and operation functions | 37 Setting value Description <0-1> Startup configuration #0-#1 sd Startup config in SD card [Input mode] privileged EXEC mode [Description] Copy the startup settings (startup config) and the information associated with them. [Note] In a state in which the SD card is not mounted, executing this command on a config that is in the SD card produces an error. [Example] Copy startup config #0 to startup config #1.
| Command Reference | Maintenance and operation functions [Parameter] config_num : <0-1> Configuration number line : Single-byte alphanumeric characters and single-byte symbols (63 characters or less) Description for applicable startup config [Input mode] privileged EXEC mode [Description] Specify a description for the applicable startup config. If this command is executed with the "no" syntax, the description is deleted.
Command Reference | Maintenance and operation functions | 39 4.4.2 Clear boot information [Syntax] clear boot list [Input mode] privileged EXEC mode [Description] Clears the boot information history. [Example] Clear the boot information. SWX232x#clear boot list 4.4.
| Command Reference | Maintenance and operation functions SWX232x#show boot prioritize sd SD boot configuration: firmware : enable 4.5 Show unit information 4.5.1 Show inventory information [Syntax] show inventory [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows inventory information for this unit and the SFP modules. The following items are shown.
Command Reference | Maintenance and operation functions | 41 • • • • Current time Elapsed time from boot Temperature status Temperature [Example] Show operating information. SWX232x>show environment SWX2320-16MT BootROM Ver.1.00 SWX2320 Rev.2.05.02 (Mon Dec 14 12:08:51 2020) main=SWX2320-16MT ver=00 serial=S00000000 MAC-Address=00a0.de00.
| Command Reference | Maintenance and operation functions 4.5.5 Display memory usage [Syntax] show memory [Input mode] privileged EXEC mode [Description] Shows how much memory is used by each process. The following items are shown.
Command Reference | Maintenance and operation functions | 43 Command Stack disabled Stack enabled Master switch Slave switch show logging ✓ ✓ ✓ show process ✓ ✓ ✓ show users ✓ ✓ ✓ show interface ✓ ✓ - show frame-counter ✓ ✓ - show vlan brief ✓ ✓ - show spanning-tree mst detail ✓ ✓ - show etherchannel status detail ✓ ✓ - show loop-detect ✓ ✓ - show mac-address-table ✓ ✓ - show l2ms detail ✓ ✓ - show qos queue-counters ✓ ✓ - show ddm status ✓ (※1) ✓ (※1)
| Command Reference | Maintenance and operation functions [Example] Show technical support information. SWX232x#show tech-support # # Information for Yamaha Technical Support # *** show running-config *** ! ! - Running Configuration ! Current Time: Fri Jan 1 00:00:00 JST 2021 ! dns-client enable ! vlan database vlan 2 name VLAN0002 vlan 3 name VLAN0003 ! interface port1.1 switchport switchport mode access ... *** show startup-config *** ... *** show stack *** ... *** show environment *** ...
Command Reference | Maintenance and operation functions | 45 SWX232x#copy tech-support sd SWX232x# 4.5.8 Show fan operating history [Syntax] show fan history [Input mode] unprivileged EXEC mode、privileged EXEC mode [Description] Shows the fan operating history. [Example] Shows the fan operating history. SWX232x>show fan history 2020/10/22 15:45:54: FAN1 status:Low perform:80% 4.6 Time management 4.6.
| Command Reference | Maintenance and operation functions Enter the difference from UTC [Initial value] clock timezone UTC [Input mode] global configuration mode [Description] Sets the time zone. If this command is executed with the "no" syntax, UTC is specified. [Example] Set the time zone to JST. SWX232x(config)#clock timezone JST Set the time zone to UTC+9 hours. SWX232x(config)#clock timezone +9:00 4.6.
Command Reference | Maintenance and operation functions | 47 [Input mode] global configuration mode [Description] Registers the address or host name of the NTP server. Up to two instances of this command can be set. If this command is executed with the "no" syntax, the NTP server setting is deleted. If time synchronization is performed with two NTP servers specified, they are queried in the order of NTP server 1 and NTP server 2 as shown by the show ntpdate command.
| Command Reference | Maintenance and operation functions [Example] Request the time every two hours. SWX232x(config)#ntpdate interval 2 Disable periodic time synchronization. SWX232x(config)#ntpdate interval 0 4.6.7 Show NTP server time synchronization settings [Syntax] show ntpdate [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows the settings that are related to time synchronization from an NTP server. [Example] Show time synchronization settings.
Command Reference | Maintenance and operation functions | 49 This command cannot be used if the stack function is enabled. [Example] Enable the PTP function for the entire system. SWX232x(config)#ptp enable Disable the PTP function for the entire system. SWX232x(config)#ptp disable 4.7.
| Command Reference | Maintenance and operation functions [Parameter] type : PTP operation mode Setting value transparent mechanism : Description Transparent clock Delay mechanism Setting value e2e step-mode : Description End-to-end mode Step mode Setting value one-step Description One-step mode [Initial value] ptp mode transparent delay-mechanism e2e step one-step [Input mode] global configuration mode [Description] This configures the PTP operation mode, delay mechanism and step mode.
Command Reference | Maintenance and operation functions | 51 [Input mode] global configuration mode [Description] Sets the forwarding protocol settings for PTP messages. If this command is executed with the "no" syntax, the setting returns to the default. [Note] If the system-wide PTP function is disabled, this will not operate. [Example] This uses IPv6 in UDP to forward PTP messages. SWX232x(config)#ptp transport protocol udp ipv6 4.7.
| Command Reference | Maintenance and operation functions port1.7 port1.8 Enable Enable Shows the PTP information for LAN port #1. SWX232x>show ptp interface port1.1 Interface PTP ------------------port1.1 Disable 4.8 Terminal settings 4.8.1 Move to line mode (console terminal) [Syntax] line con port [Parameter] port : 0 Serial console port number [Initial value] line con 0 [Input mode] global configuration mode [Description] Moves to line mode in order to make console terminal settings.
Command Reference | Maintenance and operation functions | 53 [Note] The maximum number of simultaneous Telnet client connections depends on the number of VTY ports that are enabled. To return from line mode to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command. [Example] Enable VTY port #0 and then move to line mode. SWX232x(config)#line vty 0 SWX232x(config-line)# 4.8.
| Command Reference | Maintenance and operation functions [Note] When this command is executed, the change applies immediately. The result of executing this command takes priority over the setting applied by the service terminal-length command. [Example] Change the number of lines displayed per page for the terminal in use to 100 lines. SWX232x>terminal length 100 SWX232x> 4.8.
Command Reference | Maintenance and operation functions | 55 SWX232x#baudrate select 115200 4.9 Management 4.9.1 Set management VLAN [Syntax] management interface interface no management interface [Parameter] interface : VLAN interface name [Initial value] management interface vlan1 [Input mode] global configuration mode [Description] Set the VLAN that is used for management.
| Command Reference | Maintenance and operation functions SWX232x(config)#logging host 192.168.100.1 Set the SYSLOG server IPv6 address to fe80::2a0:deff:fe11:2233. SWX232x(config)#logging host fe80::2a0:deff:fe11:2233%vlan1 4.10.2 Set log output level (debug) [Syntax] logging trap debug no logging trap debug [Initial value] no logging trap debug [Input mode] global configuration mode [Description] Output the debug level log to SYSLOG.
Command Reference | Maintenance and operation functions | 57 If this command is executed with the "no" syntax, the log is not output. [Example] Output the error level log to SYSLOG. SWX232x(config)#logging trap error 4.10.5 Set log console output [Syntax] logging stdout info no logging stdout info [Initial value] no logging stdout info [Input mode] global configuration mode [Description] Outputs the informational level SYSLOG to the console.
| Command Reference | Maintenance and operation functions Logs are accumulated in RAM, and are periodically backed up automatically to Flash ROM, but you can use this command to back up this data manually. If the logging backup sd enable command has been set and an SD card is inserted, the log data is saved to Flash ROM and also simultaneously saved to the SD card with the following file name. /swx2320/log/YYYYMMDD_syslog.txt or /swx2322p/log/YYYYMMDD_syslog.
Command Reference | Maintenance and operation functions | 59 SWX232x#clear logging 4.10.10 Show log [Syntax] show logging [reverse] [Keyword] reverse : Shows the log in reverse order [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows the log that records the operating status of the unit. Normally the log is shown starting with the oldest events, but the display order is reversed if "reverse" is specified. The log contains a maximum of 10,000 events.
| Command Reference | Maintenance and operation functions Setting value community : Description 1 Use SNMPv1 2c Use SNMPv2c 3 Use SNMPv3 Community name (maximum 32 characters) This can be specified if version is '1' or '2c' seclevel : Security level requested for authenticating the notification This can be specified only if version is '3' Setting value user : Description noauth No authentication / No encryption (noAuthNoPriv) auth Authentication / No encryption (authNoPriv) priv Aut
Command Reference | Maintenance and operation functions | 61 [Parameter] trap_type : Type of trap Setting value Description coldstart When the power is turned on/off, or when firmware is updated warmstart When reload command is executed linkdown At linkdown linkup At linkup authentication When authentication fails l2ms When L2MS slave is detected or lost errdisable When ErrorDisable is detected or canceled rmon When RMON event is executed termmonitor When terminal monitoring is detected
| Command Reference | Maintenance and operation functions [Initial value] no snmp-server contact [Input mode] global configuration mode [Description] Sets the MIB variable sysContact. sysContact is a variable that is typically used to enter the name of the administrator or contact. If this command is executed with the "no" syntax, the setting is deleted. [Example] Set the system contact to "swx_admin@sample.com". SWX232x(config)#snmp-server contact swx_admin@sample.com 4.11.
Command Reference | Maintenance and operation functions | 63 [Description] Sets the SNMP community. Up to 16 communities can be registered. If this is executed with the "no" syntax, the specified community is deleted. [Example] Set the read-only community name to "public". SWX232x(config)#snmp-server community public ro Delete the "public" community. SWX232x(config)#no snmp-server community public 4.11.
| Command Reference | Maintenance and operation functions 4.11.
Command Reference | Maintenance and operation functions | 65 [Parameter] user : User name (maximum 32 characters) group : Group name (maximum 32 characters) auth : Authentication algorithm Setting value Description md5 HMAC-MD5-96 sha HMAC-SHA-96 auth_pass : Authentication password (8 or more characters, maximum 32 characters) priv : Encryption algorithm Setting value priv_pass : Description des DES-CBC aes AES128-CFB Encryption password (8 or more characters, maximum 32 character
| Command Reference | Maintenance and operation functions [Example] Show SNMP community information. SWX232x#show snmp community SNMP Community information Community Name: public Access: Read-Only Community Name: private Access: Read-Write 4.11.10 Show SNMP view settings [Syntax] show snmp view [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows the contents of the SNMP view settings. Shows the view name, object ID, and type.
Command Reference | Maintenance and operation functions | 67 [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows the contents of the SNMP user settings. Shows the engine ID, user name, affiliated group name, authentication method, and encryption method. [Example] Show the contents of the SNMP user settings.
| Command Reference | Maintenance and operation functions SWX232x(config)#rmon disable 4.12.
Command Reference | Maintenance and operation functions | 69 Maximum 127 characters (if omitted : RMON_SNMP) [Initial value] none [Input mode] interface mode [Description] Enables RMON history group settings for the applicable interface. If this command is set, it will be possible to acquire the RMON MIB's historyControlTable. After setting this command, history information is collected at the specified interval, and the RMON MIB's etherHistoryTable can be acquired.
| Command Reference | Maintenance and operation functions [Input mode] global configuration mode [Description] Enables the RMON event group settings. If this command is set, it will be possible to acquire the RMON MIB's eventTable. Use the rmon alarm command to set the event group for this command. If this command is executed with the "no" syntax, the setting value is deleted.
Command Reference | Maintenance and operation functions | 71 falling_event_inde : x <1-65535> Event index (alarmFallingEventIndex) startup : <1-3> Threshold value used for first alarm decision (alarmStartupAlarm) Setting value Description 1 Use only upper threshold value (risingAlarm) 2 Use only lower threshold value (fallingAlarm) 3 Use both upper threshold value and lower threshold value (risingOrFallingAlarm) (if omitted : 3) owner : Name of alarm group owner (alarmOwner) maximum 127 charac
| Command Reference | Maintenance and operation functions The Ethernet statistical information group can be created by the rmon statistics command. If the Ethernet statistical information group being used by this command is deleted, this command is also deleted. The event index specifies the index that is set by the rmon event command. If the event group being used by this command is deleted, this command is also deleted. The rising_threshold value must be a higher value than the falling_threshold value.
Command Reference | Maintenance and operation functions | 73 alarm Index = 1 alarm status = VALID alarm Interval = 15 alarm Type is Absolute alarm Value = 0 alarm Rising Threshold = 10 alarm Rising Event = 1 alarm Falling Threshold = 7 alarm Falling Event = 1 alarm Startup Alarm = 3 alarm Owner is RMON_SNMP 4.12.
| Command Reference | Maintenance and operation functions [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows the settings and status of the RMON event group. The following items are shown. • Index • Description of event • Type of event • Community name when sending trap • Time of executing event • Owner name [Example] SWX232x>show rmon event event Index = 1 Description RMON_SNMP Event type Log Event community name RMON_SNMP Last Time Sent = 00:00:58 Owner RMON_SNMP 4.12.
Command Reference | Maintenance and operation functions | 75 [Input mode] interface mode [Description] Clears the counters of the RMON Ethernet statistical information group for the applicable interface. [Example] Clear the counters of the RMON Ethernet statistical information group for port1.1. SWX232x(config)#interface port1.1 SWX232x(config-if)#rmon clear counters 4.13 Telnet server 4.13.
| Command Reference | Maintenance and operation functions Management interface(vlan): 1 Interface(vlan):1, 2, 3 Access: deny 192.168.100.5 permit 192.168.100.0/24 4.13.3 Set host that can access the Telnet server [Syntax] telnet-server interface interface no telnet-server interface interface [Parameter] interface : VLAN interface name [Initial value] none [Input mode] global configuration mode [Description] Sets the VLAN interface that allows access to the Telnet server.
Command Reference | Maintenance and operation functions | 77 [Initial value] none [Input mode] global configuration mode [Description] Restrict access to the TELNET server according to the client terminal's IPv4/IPv6 address. Up to eight instances of this command can be set, and those that are specified earlier take priority for application. If this command is set, all access that does not satisfy the registered conditions is denied. However, if this command is not set, all access is permitted.
| Command Reference | Maintenance and operation functions [Parameter] switch : Whether to enable TELNET client Setting value Description enable Enable disable Disable [Initial value] telnet-client disable [Input mode] global configuration mode [Description] Enables use of the telnet command as a Telnet client. If this command is executed with the "no" syntax, the Telnet client is disabled. [Example] Enable the Telnet client. SWX232x(config)#telnet-client enable 4.14.
Command Reference | Maintenance and operation functions | 79 [Keyword] enable : TFTP server is enabled disable : TFTP server is disable : <1-65535> [Parameter] port Listening port number of the TFTP server (if omitted: 69) [Initial value] tftp-server disable [Input mode] global configuration mode [Description] Enables the TFTP server. You can also specify the listening TCP port number. If this command is executed with the "no" syntax, the TFTP server is disabled.
| Command Reference | Maintenance and operation functions This command can be used to specify up to eight items, which are applied in the order that they are specified. If this command is not set, access is permitted only from the management VLAN. [Example] Allow access to the TFTP server from the hosts connected to VLAN #1 and VLAN #2. SWX232x(config)#tftp-server interface vlan1 SWX232x(config)#tftp-server interface vlan2 4.16 HTTP server 4.16.
Command Reference | Maintenance and operation functions | 81 [Description] Enables the secure HTTP server. You can also specify the listening TCP port number. If this command is executed with the "no" syntax, the function is disabled. If the secure HTTP server is enabled, encryption is performed in software, meaning that depending on the amount of traffic, the CPU usage rate will rise.
| Command Reference | Maintenance and operation functions SWX232x(config)#http-server interface vlan1 SWX232x(config)#http-server interface vlan2 4.16.
Command Reference | Maintenance and operation functions | 83 [Parameter] lang : Specify the language Setting value Description japanese Japanese english English [Initial value] http-server language japanese [Input mode] global configuration mode [Description] Sets the Web GUI display language. If this command is executed with the "no" syntax, the setting returns to the default. [Example] Set the Web GUI display language to English. SWX232x(config)#http-server language english 4.16.
| Command Reference | Maintenance and operation functions [Parameter] switch : Whether to enable HTTP Proxy function Setting value Description enable Enable disable Disable [Initial value] http-proxy disable [Input mode] global configuration mode [Description] Enables the HTTP Proxy function of the HTTP server. If this command is executed with the "no" syntax, the function is disabled. [Example] Enable the HTTP Proxy function of the HTTP server. SWX232x(config)#http-proxy enable 4.17.
Command Reference | Maintenance and operation functions | 85 SWX232x#show http-proxy Service:Enable Timeout:60 4.18 SSH server 4.18.
| Command Reference | Maintenance and operation functions Service:Enable Port:23 Hostkey:Generated Management interface(vlan): 1 Interface(vlan):1, 2, 3 Access: deny 192.168.100.5 permit 192.168.100.0/24 4.18.3 Set host that can access the SSH server [Syntax] ssh-server interface ifname no ssh-server interface ifname [Parameter] ifname : VLAN interface name [Initial value] none [Input mode] global configuration mode [Description] Sets the VLAN interface that allows access to the SSH server.
Command Reference | Maintenance and operation functions | 87 [Initial value] none [Input mode] global configuration mode [Description] Restrict access to the SSH according to the client terminal's IPv4/IPv6 address. Up to eight instances of this command can be set, and those that are specified earlier take priority for application. If this command is set, all access that does not satisfy the registered conditions is denied. However, if this command is not set, all access is permitted.
| Command Reference | Maintenance and operation functions [Input mode] privileged EXEC mode [Description] Deletes the host RSA key and host DSA key of the SSH server. [Note] This command can be executed only if the SSH server is disabled. [Example] Delete the host RSA key and host DSA key. SWX232x#clear ssh-server host key 4.18.
Command Reference | Maintenance and operation functions | 89 +---[DSA 1024]----+ | . +E. | | o o | | o X S | | + = * . | | o . B * . | | + o . | | * * + | |X+.@ +o= | |@*o.= o. | +----[SHA256]-----+ ssh-rsa 2048 MD5:XX:XX:b8:07:e3:5e:57:b8:80:e3:fc:b3:24:17:XX:XX +---[RSA 2048]----+ | | |...* | |*+. | | . | | . + | | | | E | | . B.. | | . oo | +------[MD5]------+ 2048 SHA256:XXXXMkUuEbkJggPD68UoR+gobWPhgu7qqXzE8iUXXXX +---[RSA 2048]----+ |*.==+ | |*o+= . . | |*=o. . S | | * S . . | | + B * o | | = = . . .
| Command Reference | Maintenance and operation functions 4.19.1 Start SSH client [Syntax] ssh [user@] host [port] [Parameter] user : User name used when logging in to the remote host host : Remote host name, IPv4 address (A.B.C.
Command Reference | Maintenance and operation functions | 91 [Description] Enables use of the ssh command as an SSH client. If this command is executed with the "no" syntax, the SSH client is disabled. [Example] Enable the SSH client. SWX232x(config)#ssh-client enable 4.19.3 Clear SSH host information [Syntax] clear ssh host host [Parameter] host : Remote host name, IPv4 address (A.B.C.
| Command Reference | Maintenance and operation functions Setting value starttls username : Description Encrypting communication ( STARTTLS ) User name used for SMTP authentication (64 characters or less, ? " | > and aingle-byte alphanumeric characters and symbols other than spaces) password : Passwords used for SMTP authentication (64 characters or less,? " | > and aingle-byte alphanumeric characters and symbols other than spaces) [Initial value] none [Input mode] global configuration mode [Descr
Command Reference | Maintenance and operation functions | 93 mail notify temp-id trigger stack no mail notify temp-id trigger lan-map no mail notify temp-id trigger terminal no mail notify temp-id trigger stack [Keyword] lan-map : Notify events related to the LAN map terminal : Notify events related to the terminal monitoring function stack : Notify events related to the stack function : <1-10> [Parameter] temp-id E-mail template ID Specify a template to use for event notification [Initial value
| Command Reference | Maintenance and operation functions 4.20.5 E-mail transmission server ID settings [Syntax] send server server-id no send server [Parameter] server-id : <1-10> E-mail template ID [Initial value] no send server [Input mode] E-mail template mode [Description] Sets the ID of the e-mail server to be used. [Example] Specifies server ID #1 for the e-mail server used in e-mail template #1. SWX232x(config)#mail template 1 SWX232x(config-mail)#send server 1 4.20.
Command Reference | Maintenance and operation functions | 95 [Description] Sets the destination e-mail addresses (maximum of four). [Note] This setting is used as the destination for event notifications, and is not used for the destinations when distributing certificates or sending notifications. [Example] Specifies “user@test.com” as the destination e-mail address for e-mail template #1. SWX232x(config)#mail template 1 SWX232x(config-mail)#send to user@test.com 4.20.
| Command Reference | Maintenance and operation functions [Example] Sets the transmission wait time for e-mail template #1 to 60 seconds. SWX232x(config)#mail template 1 SWX232x(config-mail)#send notify wait-time 60 4.20.
Command Reference | Maintenance and operation functions | 97 --------------------------------Your certificate will expire in [X] days. Name : [Name] - Setting value for the NAME option in the “user” command Account : [User name] - USERID value for the “user” command MAC address : XX:XX:XX:XX:XX:XX Expire : YYYY/MM/DD --------------------------------[Example] Specifies “#2” for the template to use when sending notifications of RADIUS server client certificates by e-mail.
| Command Reference | Maintenance and operation functions Encryption : Wait time : Mail address (from) : Mail address (to) : STARTTLS 30 sec sample@test.com user1@test.com user2@test.com user3@test.com user4@test.com 4.21 LLDP 4.21.1 Enable LLDP function [Syntax] lldp run no lldp run [Initial value] none [Input mode] global configuration mode [Description] Enable the LLDP function for the entire system. If this command is executed with the "no" syntax, disable the LLDP function for the entire system.
Command Reference | Maintenance and operation functions | 99 SWX232x(config)#lldp system-description SWITCH1_POINT_A 4.21.3 Set system name [Syntax] lldp system-name name no lldp system-name [Parameter] name : System name text string (255 characters or less) [Initial value] no lldp system-name [Input mode] global configuration mode [Description] Sets the system name used by the LLDP function. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Maintenance and operation functions Setting value Description enable Enable automatic setting function by LLDP disable Disable automatic setting function by LLDP [Initial value] lldp auto-setting disable [Input mode] global configuration mode [Description] Enables the function by which LLDP frames transmitted by specific Yamaha devices can automatically modify the settings of a switch. The functions that can be set are flow control, QoS, IGMP snooping, and EEE.
Command Reference | Maintenance and operation functions | 101 4.21.7 Set type of management address [Syntax] set management-address-tlv type no set management-address-tlv [Parameter] type : Type of management address Setting value Description ip-address Set IP address as the management address mac-address Set MAC address as the management address [Initial value] set management-address-tlv ip-address [Input mode] LLDP agent mode [Description] Sets the type of port management address used by LLDP.
| Command Reference | Maintenance and operation functions 4.21.9 Set IEEE-802.1 TLV [Syntax] tlv-select ieee-8021-org-specific no tlv-select ieee-8021-org-specific [Initial value] none [Input mode] LLDP agent mode [Description] Adds IEEE-802.1 TLVs to transmitted frames. If this command is executed with the "no" syntax, exclude IEEE-802.1 TLVs from transmitted frames. This command adds the following TLVs to LLDP frames.
Command Reference | Maintenance and operation functions | 103 4.21.11 Set LLDP-MED TLV [Syntax] tlv-select med no tlv-select med [Initial value] none [Input mode] LLDP agent mode [Description] If this command is executed with the "no" syntax, exclude LLDP-MED TLVs from transmitted frames. This command adds the following TLVs to LLDP frames.
| Command Reference | Maintenance and operation functions [Parameter] fast_tx : <1-3600> LLDP frame transmission interval for high speed transmission period (seconds) [Initial value] set timer msg-fast-tx 1 [Input mode] LLDP agent mode [Description] Sets the LLDP frame transmission interval during the high speed transmission period. If this command is executed with the "no" syntax, the setting returns to the default.
Command Reference | Maintenance and operation functions | 105 [Initial value] set msg-tx-hold 4 [Input mode] LLDP agent mode [Description] Sets the multiplier for calculating the time to live (TTL) of device information. If this command is executed with the "no" syntax, the setting returns to the default. This setting is multiplied with the LLDP frame transmission interval (msg-tx-interval), and then increased by +1 to become the TTL value (seconds). The TTL value is set in "Time To Live TLV".
| Command Reference | Maintenance and operation functions [Description] Sets the maximum number of connected devices that can be managed by a port. If this command is executed with the "no" syntax, the setting returns to the default. If the maximum number of connected device for a port is exceeded, LLDP frames sent from new devices are ignored. [Note] When this command is set, the remote device management table is cleared once when the first LLDP frame is received on the applicable port.
Command Reference | Maintenance and operation functions | 107 Interface to show [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows LLDP information for the interface specified by ifname. If "neighbor" is specified, information for the device connected to the interface is shown. The following items are shown.
| Command Reference | Maintenance and operation functions ID of port VLAN PP Vlan id ID of protocol VLAN VLAN ID ID of port VLAN VLAN Name Name of port VLAN Remote Protocols Advertised List of supported protocols Remote VID Usage Digestt VID Usage Digestt value Remote Management Vlan Name of management VLAN Link Aggregation Status Link aggregation enabled/disabled Link Aggregation Port ID ID of link aggregation port • Port Vlan id 8023 ORIGIN SPECIFIC TLV information Auto negotiation
Command Reference | Maintenance and operation functions | 109 Datum Geodetic datum 0: USA's World Geodetic System (WGS 84) 1: North American Datum (NAD 83) 2: Average historical minimum sea level of North American Datum (NAD 83) LCI length Length of location information data What Place of reference location 0: Location of the DHCP server 1: Position of the network element thought to be nearest the client 2: Location of client Country Code Country code CA type CA (Civic Address) type MED Inventory
| Command Reference | Maintenance and operation functions CHASSIS ID TYPE IP ADDRESS : 0.0.0.0 PORT ID TYPE INTERFACE NAME : port1.
Command Reference | Maintenance and operation functions | 111 SWX232x>clear lldp counters 4.22 L2MS (Layer 2 management service) settings 4.22.1 Move to L2MS mode [Syntax] l2ms configuration [Input mode] global configuration mode [Description] Moves to L2MS mode in order to make L2MS settings. [Note] To return from L2MS mode to global configuration mode, use the exit command. To return to privileged EXEC mode, use the end command. [Example] Move to L2MS mode.
| Command Reference | Maintenance and operation functions Setting value Description master Operate as an L2MS master that sets and controls SWR series or SWX series units that are connected subordinate to it slave Be managed from a Yamaha device that is operating as an L2MS master, such as a router, firewall, or SWX series unit that is set as the L2MS master [Initial value] l2ms role slave [Input mode] L2MS mode [Description] Sets the role when using the L2MS function.
Command Reference | Maintenance and operation functions | 113 4.22.5 Set number of times that is interpreted as L2MS slave down [Syntax] slave-watch down-count count no slave-watch down-count [Parameter] count : <2-10> Number of times that is interpreted as down [Initial value] slave-watch down-count 3 [Input mode] L2MS mode [Description] Sets the number of query frames that are transmitted without receiving a response frame from the slave until it is determined that the L2MS slave is down.
| Command Reference | Maintenance and operation functions SWX232x(config-l2ms)#l2ms role master SWX232x(config-l2ms)#terminal-watch enable 4.22.7 Set the device information acquisition time interval [Syntax] terminal-watch interval time no terminal-watch interval [Parameter] time : <1800-86400> Acquisition interval (seconds) [Initial value] terminal-watch interval 1800 [Input mode] L2MS mode [Description] Specifies the time interval at which network device information is acquired.
Command Reference | Maintenance and operation functions | 115 Regardless of the setting of this command, L2MS control frames might not be transmitted or received if any of the following conditions exist. • The interface is in the Blocking status due to STP or the loop detection function • The switchport trunk native vlan none command has been specified • It is inside a logical interface [Example] Prevent port1.5 from transmitting or receiving L2MS control frames. SWX232x(config)#interface port1.
| Command Reference | Maintenance and operation functions • • Information for the L2MS slaves being managed • MAC address • Model name • Device name • Route • Linked-up ports • Uplink port • Downlink port • Settings applied • Number of terminals connected to the L2MS slave • Information of terminals connected to the L2MS slave (in the case of a switch) • MAC address • Ports connected • Time at which terminal was discovered • Information of terminals connected to the L2MS slave (in the case of an AP) •
Command Reference | Maintenance and operation functions | 117 [Parameter] slave : MAC address (HHHH.HHHH.HHHH) or route (portD.D-D.D) Specify the MAC address or route of the applicable L2MS slave terminal. If omitted, this applies to all L2MS slave terminals. [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Show the config information of the L2MS slave terminal (SWX2200). The following content is shown.
| Command Reference | Maintenance and operation functions Item poe-class port class Description Set upper limit for class of power supplied from each port [Example] Show the config information of all L2MS slave terminals. SWX232x>show l2ms slave-config [port1.23-1.23-8] system-name TEST3_SWX2200-8G vlan-id 2 2 vlan-id 3 3 vlan-port-mode 1 hybrid vlan-access 5 2 vlan-access 6 3 vlan-trunk 1 2 join vlan-trunk 1 3 join [00a0.de00.
Command Reference | Maintenance and operation functions | 119 vlan-access 6 3 vlan-trunk 1 2 join vlan-trunk 1 3 join 4.22.
| Command Reference | Maintenance and operation functions SWX232x(config-l2ms)#l2ms role master SWX232x(config-l2ms)#event-watch disable 4.22.14 Set event information acquisition time interval [Syntax] event-watch interval time no event-watch interval [Parameter] time : <60-1800> Acquisition time interval (seconds) [Initial value] event-watch interval 300 [Input mode] L2MS mode [Description] Sets the time interval at which event information is acquired from L2MS slaves existing on the network.
Command Reference | Maintenance and operation functions | 121 SWX232x(config-l2ms)#l2ms role master SWX232x(config-l2ms)#config-auto-set enable 4.23 Snapshot 4.23.1 Set snapshot function [Syntax] snapshot enable snapshot disable no snapshot [Keyword] enable : Snapshot function is enabled disable : Snapshot function is disable [Initial value] snapshot disable [Input mode] global configuration mode [Description] Enables the snapshot function.
| Command Reference | Maintenance and operation functions 4.23.3 Create snapshot [Syntax] snapshot save [after-update] [Keyword] after-update : After updating the network's connection state, save it as a snapshot [Input mode] privileged EXEC mode [Description] Saves a snapshot file that is the base for the LAN map's snapshot function. If the after-update option is not included, the network connection state currently maintained by the master is saved as the snapshot file.
Command Reference | Maintenance and operation functions | 123 The input syntax is "http://server IP address or hostname/pathname". If the server's port number is other than 80, you must specify this within the URL, using the syntax "http://server IP address or hostname:port number/path name". [Example] Specify http://192.168.100.1/swx2320.bin as the firmware download URL. SWX232x(config)#firmware-update url http://192.168.100.1/swx2320.bin SWX232x(config)# 4.24.
| Command Reference | Maintenance and operation functions SWX232x(config)#firmware-update timeout 120 SWX232x(config)# 4.24.4 Allow revision-down [Syntax] firmware-update revision-down enable no firmware-update revision-down [Initial value] no firmware-update revision-down [Input mode] global configuration mode [Description] When using a firmware file from a web server to update the firmware, this allows the firmware to be changed to a revision that is older than the current revision.
Command Reference | Maintenance and operation functions | 125 If you want to maintain the mounted state of the SD card, enter "Y"; if you want to unmount, enter "N." If you specify no-confirm, the mounted state of the SD card is maintained and the firmware is updated without asking for confirmation. If you specify sd-unmount, the SD card is unmounted without asking for confirmation. [Note] The firmware file references the "/swx2320/firmware/swx2320.bin" or "/swx2322p/firmware/swx2322p.
| Command Reference | Maintenance and operation functions Setting value Description normal Reload stack master and slaves simultaneously sequential Reload stack master and slaves sequentially [Initial value] firmware-update reload-method normal [Input mode] global configuration mode [Description] Sets the method of restarting after a firmware update when using a stack configuration. "normal" restarts the master and slaves simultaneously.
Command Reference | Maintenance and operation functions | 127 SWX232x(config)#stack disable 4.25.2 Change ID of stack member [Syntax] stack stack_id renumber new_stack_id [Parameter] stack_id : <1-2> Stack member ID to be changed. If a non-existent ID is specified, an error results new_stack_id : <1-2> Stack member ID after change [Initial value] none [Input mode] global configuration mode [Description] Changes the ID of the specified stack member.
| Command Reference | Maintenance and operation functions Status Explanation Setting Status for carrying out necessary settings to configure stacks between member switches. Active Status when stacks are configured between member switches. Inacive Status when a fault has occurred on a stacked switch, where this switch is separated from the virtualized switch.
Command Reference | Maintenance and operation functions | 129 The fixed subnet 255.255.255.0 is applied to NETWORK_ADDR. In the case of auto-ip, the Auto IP function is used between the stacked devices. If this command is executed with the "no" syntax, the setting returns to the default. The IP address space specified by this command cannot be used by ports other than the stack port. A restart is required in order to apply the settings of this command to operation.
| Command Reference | Maintenance and operation functions event template_id : : Hour setting examples Setting contents 12 12:00 12.13 12:00 and 13:00 12- From 12:00 to 23:00 10-20 From 10:00 to 20:00 -20 From 0:00 to 20:00 * Hourly Minute setting examples Setting contents 30 30 minutes 15.
Command Reference | Maintenance and operation functions | 131 4.26.2 Schedule template description text settings [Syntax] description line no description [Parameter] line : Single-byte alphanumeric characters and single-byte symbols (64 characters or less) Schedule template description text [Initial value] no description [Input mode] Schedule template mode [Description] Sets the schedule template description text.
| Command Reference | Maintenance and operation functions no schedule template [Parameter] template_id : <1-10> Schedule template number [Initial value] None [Input mode] global configuration mode [Description] Switches to the mode for setting the schedule template. If this command is executed with the "no" syntax, the specified schedule template is deleted. [Example] This switches to the mode for setting schedule template #1. SWX232x(config)#schedule template 1 SWX232x(config-schedule)# 4.26.
Command Reference | Maintenance and operation functions | 133 ssh-server host key generate, commands beginning with “stack,” commands beginning with “no stack,” startup-config select, no startup-config select, telnet, traceroute, traceroute6 [Example] This registers the “copy tech-support sd” command in number #1 of schedule template #1. SWX232x(config)#schedule template 1 SWX232x(config-schedule)#cli-command 1 copy tech-support sd 4.26.
| Command Reference | Maintenance and operation functions [Description] Specifies the host name. The host name specified by this command is used as the command prompt. If SNMP access is possible, this is used as the value of the MIB variable sysName. If this command is executed with the "no" syntax, the setting returns to the default value. [Example] Set the host name as "yamaha." SWX232x(config)#hostname yamaha yamaha(config)# 4.27.
Command Reference | Maintenance and operation functions | 135 4.27.4 Mount SD card [Syntax] mount sd [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Mounts the SD card. When you insert an SD card, this command is executed automatically, so you do not need to execute it. If you have unmounted the card by the unmount sd command, you will need to execute this. [Note] The SD card cannot be used if the SD card is in an unmounted state. [Example] Mount the SD card. SWX232x>mount sd 4.27.
| Command Reference | Maintenance and operation functions [Description] Set the default LED mode. When you execute this command, the LEDs are lit in the specified mode. The LEDs are lit in the specified mode even when a loop is detected in STATUS mode and the loop status has been resolved. If this command is executed with the "no" syntax, the setting returns to the default. PoE mode can only be used on models that support PoE power supply. [Example] Set the default LED mode to OFF mode.
Command Reference | Maintenance and operation functions | 137 4.27.9 Backup system information [Syntax] backup system [Input mode] privileged EXEC mode [Description] Copy the following settings from the unit to the SD card. • Startup configurations #0 - #1 and information that pertains to them • startup-config select command values • boot prioritize sd command values If the SD card's "/swx2320/firmware" folder contains "swx2320.bin", copy it to the backup folder.
| Command Reference | Interface control Chapter 5 Interface control 5.1 Interface basic settings 5.1.1 Set description [Syntax] description line no description [Parameter] line : Single-byte alphanumeric characters and single-byte symbols (80characters or less) Description of the applicable interface [Initial value] no description [Input mode] interface mode [Description] Specifies a description of the applicable interface.
Command Reference | Interface control | 139 [Parameter] type : Communication speed and communication mode types Communication speed and communication mode types Description auto Auto negotiation 10000-full 10Gbps/Full 100-full 100Mbps/Full 100-half 100Mbps/Half [Initial value] speed-duplex auto [Input mode] interface mode [Description] Sets the communication speed and communication mode. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Interface control Communication type Explanation 10000-full 10Gbps/Full 5000-full 5Gbps/Full 2500-full 2.5Gbps/Full 1000-full 1000Mbps/Full 100-full 100Mbps/Full 100-half 100Mbps/Half [Initial value] negotiation 10000-full 5000-full 2500-full 1000-full 100-full 100-half [Input mode] interface mode [Description] Sets the communication type supported by auto negotiation. If this command is executed with the "no" syntax, the setting returns to the default.
Command Reference | Interface control | 141 Interface Nego Link Advertisement ------------------------------------------------------------------------port1.1 Enabled All port1.2 Enabled 10000-full, 5000-full, 2500-full, 1000-ful, 100-full port1.3 Enabled 100-full, 100-half port1.4 Enabled All port1.5 Enabled -port1.6 Enabled -port1.7 Enabled -port1.8 Enabled -- 5.1.
| Command Reference | Interface control When this command is used to change the settings, link-down temporarily occurs for the corresponding interface. [Example] Disable cross/straight automatic detection for LAN port #1. SWX232x(config)#interface port1.1 SWX232x(config-if)#mdix auto disable 5.1.
Command Reference | Interface control | 143 [Note] If another unit is not connected, the display indicates that EEE is not supported. [Example] Show EEE capabilities for LAN port #1. [If the other unit supports EEE] SWX232x#show eee capabilities interface port1.1 interface:port1.1 EEE(efficient-ethernet): yes (1000-T, 100-TX) Link Partner : yes (1000-T, 100-TX) [If the other unit does not support EEE] SWX232x#show eee capabilities interface port1.1 interface:port1.
| Command Reference | Interface control Rx LPI Status Tx LPI Status Wake Error Count : : : Interrupted Interrupted 0 [If EEE is enabled and has transitioned to low-power mode] SWX232x#show eee status interface port1.1 interface:port1.1 EEE(efficient-ethernet): Operational Rx LPI Status : Low Power Tx LPI Status : Low Power Wake Error Count : 0 5.1.
Command Reference | Interface control | 145 [Parameter] ifname : Interface name of the LAN/SFP port Monitor port to show [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows the port mirroring setting. If interface is omitted, the settings for all monitor ports are shown. The following items are shown for each monitor port.
| Command Reference | Interface control Item Description Interface Interface name Link is Link status *2 (if shutdown, shows the cause) • If shutdown is specified : (by shutdown) • If port error is detected : (by errdisable) Hardware is Interface type (e.g.
Command Reference | Interface control | 147 Item Description bytes Number of transmitted bytes *2 multicast packets Number of transmitted multicast packets *2 broadcast packets Number of transmitted broadcast packets *2 drop packets Number of tail-dropped packets transmitted *2, *5 *1 Shown only for physical interface *2 Shown only for physical interface and logical interface *3 Shown only for VLAN interface *4 In the case of logical interface and VLAN interface, shows the minimum value for the phy
| Command Reference | Interface control [Description] Shows brief interface status. The following items are shown.
Command Reference | Interface control | 149 -------------------------------------------------------------------------------sa1 AGG 1 access up -1g -- 5.1.15 Resetting an interface [Syntax] interface reset ifname [Parameter] ifname : LAN/SFP port or logical interface Interface to reset [Input mode] privileged EXEC mode [Description] This resets the specified interface. [Note] The link status for the specified interface will be reset, and the link is re-established.
| Command Reference | Interface control Item Description FCS errors Number of FCS error packets received RX errors Number of reception errors TX errors Number of transmission errors Collisions Number of collision occurrences Drop packets Number of tail-dropped packets transmitted, number of packets not received due to buffer overflow *2 64octet packets Number of packets with 64 octet length transmitted/received 65-127octet packets Number of packets with 65--127 octet length transmitted/ r
Command Reference | Interface control | 151 5.1.17 Clear frame counters [Syntax] clear counters ifname clear counters all [Keyword] all : Clearing the frame counter information for all interfaces : Interface name of LAN/SFP port or logical interface [Parameter] ifname Applicable interface [Input mode] privileged EXEC mode [Description] This clears the frame counter for the interfaces. If ifname is specified, the frame counter for that interface is cleared.
| Command Reference | Interface control port1.26 port1.27 port1.28 3.34 Unsupported 3.89 Unsupported 3.70 Unsupported 2.89 Unsupported 2.70 Unsupported Current Interface (mA) ------------ -----------port1.25 4.0 port1.26 port1.27 6.2 port1.28 Unsupported High Alarm Threshold -----------16.0 17.0 Unsupported High Warning Threshold -----------15.0 14.0 Unsupported Low Warning Threshold -----------2.0 2.0 Unsupported Low Alarm Threshold -----------2.0 1.
Command Reference | Interface control | 153 [Parameter] link-id : <1-96> static logical interface number [Input mode] interface mode [Description] Associates the applicable interface with the static logical interface specified by link-id. If this command is executed with the "no" syntax, the applicable interface is dissociated from the static logical interface. [Note] This command can be specified only for LAN/SFP port.
| Command Reference | Interface control 5.2.3 Set LACP logical interface [Syntax] channel-group link-id mode mode no channel-group [Parameter] link-id : <1-127> LACP logical interface number mode : Operation mode mode Description active Operate LACP in active mode. In active mode, it actively sends LACP frames to the other device. passive Operate LACP in passive mode. In passive mode, it sends LACP frames only if LACP frames are received from the other device.
Command Reference | Interface control | 155 SWX232x(config)#interface port1.1 SWX232x(config-if)#channel-group 10 mode active 5.2.4 Show LACP logical interface status [Syntax] show etherchannel [ifname] [Parameter] ifname : Interface name of the LAN/SFP port Interfaces that make up the LACP logical interface [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] If ifname is omitted, shows the status of the LACP logical interface.
| Command Reference | Interface control Item Aggregator ID Description Distinguishing ID on LACP Information shows the following items.
Command Reference | Interface control | 157 LACP system priority irder Lower numbers have higher priority [Initial value] lacp system-priority 32768 [Input mode] global configuration mode [Description] Sets the LACP system priority order. If this command is executed with the "no" syntax, the setting returns to the default value. [Note] If an LACP logical interface is connected to the other device, the system priorities are compared, and control privilege is given to the device with the higher priority.
| Command Reference | Interface control [Description] Enables or disables different-speed link aggregation in an LACP. If this command is executed with the "no" syntax, the setting returns to the default value. [Note] Operations when different-speed link aggregation is enabled • All associated ports up to the maximum (eight ports) are set to active, regardless of communication speed. • Load balancing is handled the same for all associated ports.
Command Reference | Interface control | 159 5.2.9 Clear LACP frame counters [Syntax] clear lacp [link-id] counters [Parameter] link-id : <1-127> LACP logical interface number [Input mode] privileged EXEC mode [Description] Clears the LACP frame counters. If link-id is omitted, the frame counter of every existing LACP logical interface is cleared. [Example] Clear the frame counter for every LACP logical interface. SWX232x#clear lacp counters 5.2.
| Command Reference | Interface control type Description dst-ip Destination IPv4/IPv6 address dst-mac Destination MAC address dst-port Destination TCP/UDP port number src-dst-ip Source and destination IPv4/IPv6 address src-dst-mac Source and destination MAC address src-dst-port Source and destination TCP/UDP port number src-ip Source IPv4/IPv6 address src-mac Source MAC address src-port Source TCP/UDP port number [Initial value] port-channel load-balance src-dst-mac [Input mode] glob
Command Reference | Interface control | 161 Item Description Aggregator LACP logical interface ID Distinguishing ID on the LACP logical interface Actor LAG The actor's own LACP system ID (priority, MAC address) Admin Key The ID that is the basis of the actor's own LACP key (logical port number) Status Link aggregation status ("Not ready"/"Ready") Partner LAG The partner's LACP system ID (priority, MAC address) Partner Key The ID that is the basis of the partner's LACP key Link count Number
| Command Reference | Interface control ID 4727 Status Not ready Partner LAG 0x8000, 00-a0-de-11-11-11 Partner Key 0001 Link count 0/ 1 SWX232x#show etherchannel status detail Aggregator po1 ID 4601 Status Ready Actor LAG 0x8000, 00-a0-de-e0-e0-e0 Admin Key 0001 Partner LAG 0x8000, 00-a0-de-11-11-11 Partner Key 0001 Link count 1/ 1 Link port1.
Command Reference | Interface control | 163 2 ) If the LACP port priority is the same, priority is given to the lower interface number. If an SFP port is to be given priority, its LACP port priority must be set lower than other ports. [Example] Set the LACP port priority order to 1024. SWX232x(config-if)#channel-group 1 mode active SWX232x(config-if)#lacp port-priority 1024 5.3 Port authentication 5.3.1 Configuring the IEEE 802.
| Command Reference | Interface control no aaa authentication auth-web [Initial value] no aaa authentication auth-web [Input mode] global configuration mode [Description] Enables Web authentication for the entire system. If this command is executed with the "no" syntax, Disables Web authentication for the entire system. Use a RADIUS server for authentication on which the radius-server host command has been configured.
Command Reference | Interface control | 165 [Parameter] direction : Sets the packet forwarding operation for unauthenticated ports Forwarding operation Description both Both send and receive packets are discarded. in Only receive packets are discarded. [Initial value] dot1x control-direction both [Input mode] interface mode [Description] Changes the packet forwarding operation for the applicable interface when the IEEE 802.1X authentication is unauthenticated.
| Command Reference | Interface control [Example] Set the EAPOL packet transmission count for LAN port #1 to "3". SWX232x(config)#interface port1.1 SWX232x(config-if)#dot1x max-auth-req 3 5.3.7 Set the MAC authentication function [Syntax] auth-mac enable auth-mac disable no auth-mac enable [Initial value] auth-mac disable [Input mode] interface mode [Description] Enables MAC authentication for the applicable interface.
Command Reference | Interface control | 167 During MAC authentication, the MAC address of the supplicant is used as a user name and password, and a request is sent to the RADIUS server for authentication. If this command is executed with the "no" syntax, the setting returns to the default. [Note] To use this command, you must enable the port authentication function for the applicable interface.
| Command Reference | Interface control Operation mode multi-supplicant Description This mode allows communication with multiple supplicants for each port. Communication is allowed or denied on a per-supplicant basis. [Initial value] auth host-mode single-host [Input mode] interface mode [Description] Changes the port authentication operation mode for the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default.
Command Reference | Interface control | 169 5.3.12 Set dynamic VLAN [Syntax] auth dynamic-vlan-creation no auth dynamic-vlan-creation [Initial value] no auth dynamic-vlan-creation [Input mode] interface mode [Description] Sets dynamic VLAN for the applicable interface. If this is executed with the "no" syntax, the dynamic VLAN is disabled. For interfaces on which dynamic VLAN is enabled, the associated VLAN is actively changed based on the property (TunnelPrivate-Group-ID) specified by the RADIUS server.
| Command Reference | Interface control SWX232x(config)#interface port1.1 SWX232x(config-if)#auth guest-vlan 10 5.3.
Command Reference | Interface control | 171 5.3.16 Set the reply wait time for the RADIUS server overall [Syntax] auth timeout server-timeout time no auth timeout server-timeout [Parameter] time : <1-65535> Reply wait time from the authentication server for the authentication request (seconds) [Initial value] auth timeout server-timeout 30 [Input mode] interface mode [Description] Sets the reply wait time for the RADIUS server overall when authenticating a port of the applicable interface.
| Command Reference | Interface control 5.3.
Command Reference | Interface control | 173 [Parameter] time : <1-1000> Standby time for replying to requests (seconds) [Initial value] radius-server timeout 5 [Input mode] global configuration mode [Description] Sets the reply wait time for each RADIUS server. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Interface control Single-byte alphanumeric characters, and single-byte symbols other than the characters '?' and spaces (128 characters or less) [Initial value] no radius-server key [Input mode] global configuration mode [Description] Sets the shared password used when communicating with a RADIUS server. If this command is executed with the "no" syntax, the setting returns to the default.
Command Reference | Interface control | 175 If this setting is made, it is notified to RADIUS server as the NAS-Identifier attribute. If this setting is deleted, notification is stopped. If this command is executed with the "no" syntax, the setting returns to the default. [Example] Set "Nas-ID-001" as the NAS-Identifier attribute that is sent to the RADIUS server. SWX232x(config)#auth radius attribute nas-identifier Nas-ID-001 5.3.
| Command Reference | Interface control Dynamic VLAN creation Guest VLAN Reauthentication Reauthentication period MAX request Supplicant timeout Server timeout Quiet period Controlled directions Protocol version Clear-state time : : : : : : : : : : : Disabled Disabled Disabled 3600 sec 2 times 30 sec 30 sec 60 sec In (configured:both) 2 Not configured 5.3.
Command Reference | Interface control | 177 EAP Response Invalid EAPOL EAP Length error Last EAPOL version Last EAPOL source Transmitted frames EAP Request ID EAP Request EAP Success EAP Fail RADIUS packets: Received packets Access Request Access Challenge Access Accept Access Reject Transmitted packets Access Request : : : : : : : : : : 9 0 0 1 0011.2233.4455 11 1 9 1 0 : : : : : : : 10 0 9 1 0 10 10 5.3.
| Command Reference | Interface control Authentication Port Secret Key Timeout Retransmit Count Deadtime : : : : : 1645 fghij 5 sec 3 0 min 5.3.
Command Reference | Interface control | 179 5.3.31 Setting the time for clearing the authentication state (system) [Syntax] auth clear-state time time no auth clear-state time [Parameter] time : <0-23> Time at which the authentication state is cleared [Initial value] no auth clear-state time [Input mode] global configuration mode [Description] Sets the time at which the authentication state for the supplicant is cleared for the entire system.
| Command Reference | Interface control [Keyword] all : Copies the file for customizing all Web authentication screens : Single-byte alphanumeric characters and single-byte symbols [Parameter] filename Filename of the file for customizing the Web authentication screen src_config_num dst_config_num : : Copy source configuration number Setting value Description 0-1 Number of the start-up config sd SD card Copy destination configuration number Setting value Description 0−1 Number of the
Command Reference | Interface control | 181 [Description] Deletes the file for customizing the Web authentication screen. [Note] In a state in which the SD card is not mounted, executing this command on a config that is in the SD card produces an error. [Example] Deletes logo.png from startup configuration #0. SWX232x#erase auth-web startup-config logo.png 0 5.3.
| Command Reference | Interface control [Description] Enables the port security function for the applicable interface. If this is executed with the "no" syntax, or disable is specified, port security will be disabled for the applicable interface. [Note] This command can be specified only for both LAN/SFP port and logical interface. Any unregistered terminals will be discarded at the time when the port security function is enabled. [Example] Enable port security for LAN port #1.
Command Reference | Interface control | 183 SWX232x(config)#interface port1.1 SWX232x(config-if)#port-security violation shutdown 5.4.4 Show port security information [Syntax] show port-security status [Input mode] privileged EXEC mode [Description] Shows the port security information. [Example] Show the port security information. SWX232x#show port-security status Port Security Action Status Last violation -------- --------- --------- --------- ----------------port1.1 Enabled Discard Blocking 00a0.de00.
| Command Reference | Interface control [Note] For a LAN/SFP port that was put in the errdisable state by the BPDU guard function before this command was executed, the change in the setting is applied the next time BPDU is detected. [Example] Enable automatic recovery after BPDU guard has caused the errdisable state, and set the recovery time to 600 seconds. SWX232x(config)#errdisable auto-recovery bpduguard interval 600 Disable automatic recovery after loop detection has caused the errdisable state.
Command Reference | Interface control | 185 [Description] Set the system-wide PoE power supply function as enabled or disabled. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can only be executed on models that support PoE power supply. Even if the system-wide PoE power supply function is enabled, power supply will be disabled for each port if the power supply function is disabled for individual ports.
| Command Reference | Interface control 5.6.3 Set description of PoE port [Syntax] power-inline description line no power-inline description [Parameter] line : Single-byte alphanumeric characters (64 characters or less) [Initial value] none [Input mode] interface mode [Description] Sets the description text of the PD device to connect to PoE port. [Note] This command can only be executed on models that support PoE power supply.
Command Reference | Interface control | 187 SWX232x(config)#interface port1.5 SWX232x(config-if)#power-inline priority high 5.6.
| Command Reference | Interface control If the amount of usable power is equal to or less than the guard band, power will not be supplied even if a new PD device is connected to PoE port. The guard band will not operate if “0W” is specified. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can only be executed on models that support PoE power supply. [Example] Sets the guard band to 30W.
Command Reference | Interface control | 189 port1.11 port1.12 Enable Enable Low Low Disable Disable Standby Standby n/a n/a 0 0 * - Assigned by LLDP. 90000 90000 This shows power supply information for port1.1. SWX232x#show power-inline interface port1.1 PoE Status Available Power : 250000mW Used Power : 41500mW Remaining Power : 208500mW Guard Band : 7000mW Operation Status: Enable PoE Interface port1.
| Command Reference | Layer 2 functions Chapter 6 Layer 2 functions 6.1 FDB (Forwarding Data Base) 6.1.
Command Reference | Layer 2 functions | 191 SWX232x(config)#mac-address-table ageing-time 400 6.1.3 Clear dynamic entry [Syntax] clear clear clear clear mac-address-table mac-address-table mac-address-table mac-address-table dynamic dynamic adress mac-addr dynamic vlan vlan-id dynamic interface ifname [instance inst] [Keyword] address : Specifies the MAC address vlan : Specifies the VLAN ID interface : Specifies the interface instance : Specifies the MST instance : hhhh.hhhh.
| Command Reference | Layer 2 functions ifname : Setting value Description discard Discard Name of LAN/SFP port or logical interface Applicable interface vlan-id : <1-4094> Applicable VLAN ID [Initial value] none [Input mode] global configuration mode [Description] Registers a static entry in the MAC address table. If action is specified as "forward," received frames that match the specified MAC address and VLAN ID are forwarded to the specified interface.
Command Reference | Layer 2 functions | 193 1 1 sa1 sa2 1803.731e.8c2b 782b.cbcb.218d forward forward dynamic dynamic 300 300 6.1.
| Command Reference | Layer 2 functions [Keyword] name : Specifies the name of the VLAN state : Specifies the state of the VLAN : <2-4094> [Parameter] vlan-id VLAN ID name : Single-byte alphanumeric characters and single-byte symbols(32characters or less) Name of the VLAN state : Whether frame forwarding is enabled or disabled Setting value Description enable Frames are forwarded disable Frames are not forwarded [Initial value] none [Input mode] VLAN mode [Description] Sets the VLAN
Command Reference | Layer 2 functions | 195 Setting value Description isolated Secondary VLAN (isolated VLAN) [Initial value] none [Input mode] VLAN mode [Description] Uses vlan-id as a private VLAN. If this command is executed with the "no" syntax, the private VLAN setting is deleted, and it is used as a conventional VLAN.
| Command Reference | Layer 2 functions [Description] Specify the association of the secondary VLAN (isolated VLAN, community VLAN) with the primary VLAN of the private VLAN. By specifying "add," specify the association of the vlan-id with the 2nd-vlan-ids. By specifying "remove," remove the association of the vlan-id and the 2nd-vlan-ids. If this command is executed with the "no" syntax, all associations to the primary VLAN are deleted.
Command Reference | Layer 2 functions | 197 [Input mode] interface mode [Description] Sets the VLAN ID that is associated as an access port with the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be set only for a LAN/SFP port or logical interface for which the switchport mode access command is set.
| Command Reference | Layer 2 functions 6.2.
Command Reference | Layer 2 functions | 199 SWX232x(config)#interface port1.1 SWX232x(config-if)#switchport mode trunk SWX232x(config-if)#switchport trunk allowed vlan add 2 6.2.
| Command Reference | Layer 2 functions [Initial value] none [Input mode] interface mode [Description] Specifies the private VLAN port type for the applicable interface. If this is executed with the "no" syntax, the setting of the private VLAN specified for the applicable interface is deleted. [Note] This command can be set only for a LAN/SFP port for which the switchport mode access command is set. In addition, promiscuous can be specified for the following interfaces.
Command Reference | Layer 2 functions | 201 SWX232x(config)# interface port1.1 SWX232x(config-if)# switchport mode private-vlan host SWX232x(config-if)# switchport private-vlan host-association 100 add 101 SWX232x(config-if)# interface port1.2 SWX232x(config-if)# switchport mode private-vlan host SWX232x(config-if)# switchport private-vlan host-association 100 add 102 SWX232x(config-if)# interface port1.
| Command Reference | Layer 2 functions SWX232x(config)# interface port1.1 SWX232x(config-if)# switchport mode private-vlan promiscuous SWX232x(config-if)# switchport private-vlan mapping 100 add 101 SWX232x(config-if)# switchport private-vlan mapping 100 add 102 SWX232x(config-if)# switchport private-vlan mapping 100 add 103 6.2.
Command Reference | Layer 2 functions | 203 SWX232x(config)#interface port1.1 SWX232x(config-if)#switchport voice cos 6 6.2.15 Set DSCP value for voice VLAN [Syntax] switchport voice dscp value no switchport voice dscp [Parameter] value : <0-63> DSCP value to specify for connected device [Initial value] switchport voice dscp 0 [Input mode] interface mode [Description] Specify the DSCP value to use for voice traffic by the connected device.
| Command Reference | Layer 2 functions Even if multiple VLAN is specified, correct communication might not be possible due to the following. • Spanning tree block status • IGMP snooping or MLD snooping status • Loop detection block status [Example] Assign LAN port #1 to multiple VLAN group #10. SWX232x(config)#interface port1.1 SWX232x(config-if)#switchport multiple-vlan group 10 SWX232x(config-if)#exit 6.2.
Command Reference | Layer 2 functions | 205 Item Description Name Name of the VLAN State VLAN status (whether frames are forwarded) • ACTIVE : forwarded • SUSPEND : not forwarded Member ports Interfaces associated with the VLAN ID • (u) : Access port (untagged port) • (t) : Trunk port (tagged port) [Example] Show all VLAN information.
| Command Reference | Layer 2 functions [Parameter] group-id : <1-256> Multiple VLAN group ID [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows the setting status for multiple VLAN groups. If the "group" specification is omitted, all groups that are actually assigned to the interface are shown. [Example] Shows the setting status for multiple VLAN groups.
Command Reference | Layer 2 functions | 207 If this command is executed with the "no" syntax, the setting returns to the default. [Note] The setting of this command must satisfy the following conditions. 2 x (hello time + 1) <= maximum aging time <= 2 x (forward delay time - 1) The maximum aging time can be set by the spanning-tree max-age command. The hello time is always 2 seconds, and cannot be changed. [Example] Set the forward delay time to 10 seconds. SWX232x(config)#spanning-tree forward-time 10 6.
| Command Reference | Layer 2 functions [Note] In the case of MSTP, this is the setting for CIST (instance #0). [Example] Set the bridge priority to 4096. SWX232x(config)#spanning-tree priority 4096 6.3.
Command Reference | Layer 2 functions | 209 [Note] This command can be specified only for LAN/SFP port and logical interface. It is not possible to specify this command for a LAN/SFP port that is associated to a logical interface. If a LAN/SFP port is associated with a logical interface, the setting of this command for the corresponding LAN/SFP port returns to the default. [Example] Set the LAN port #1 link type to "shared." SWX232x(config)#interface port1.
| Command Reference | Layer 2 functions [Initial value] spanning-tree bpdu-guard disable [Input mode] interface mode [Description] Sets BPDU guard for the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for LAN/SFP port and logical interface. It is not possible to specify this command for a LAN/SFP port that is associated to a logical interface.
Command Reference | Layer 2 functions | 211 SWX232x(config)#interface port1.1 SWX232x(config-if)#spanning-tree path-cost 100000 6.3.10 Set interface priority [Syntax] spanning-tree priority priority no spanning-tree priority [Parameter] priority : <0-240> (multiple of 16) Priority value [Initial value] spanning-tree priority 128 [Input mode] interface mode [Description] Sets the priority of the applicable interface. If this command is executed with the "no" syntax, the setting returns to the default.
| Command Reference | Layer 2 functions 6.3.12 Show spanning tree status [Syntax] show spanning-tree [interface ifname] [Keyword] interface : Specifies the interface to show : Name of LAN/SFP port or logical interface [Parameter] ifname Interface to show [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows the spanning tree status. If "interface" is omitted, the status of all interfaces is shown. In the case of MSTP, shows CIST (instance #0) information.
Command Reference | Layer 2 functions | 213 Item Description Root Root bridge identifier. This consists of the root bridge priority (the first four hexadecimal digits) and MAC address Designated Bridge Bridge identifier.
| Command Reference | Layer 2 functions % % % % % % port1.1: port1.1: port1.1: port1.1: port1.1: port1.1: No portfast configured - Current portfast off bpdu-guard disabled - Current bpdu-guard off bpdu-filter disabled - Current bpdu-filter off no root guard configured - Current root guard off Configured Link Type point-to-point - Current point-to-point No auto-edge configured - Current port Auto Edge off 6.3.
Command Reference | Layer 2 functions | 215 % Other Port-Specific Info -----------------------% Max Age Transitions % Msg Age Expiry % Similar BPDUS Rcvd % Src Mac Count % Total Src Mac Rcvd % Next State % Topology Change Time : : : : : : : 1 0 0 0 3 Discard/Blocking 0 % Other Bridge information & Statistics -------------------------------------% STP Multicast Address : 01:80:c2:00:00:00 % Bridge Priority : 32768 % Bridge Mac Address : ac:44:f2:30:01:10 % Bridge Hello Time : 2 % Bridge Forward Delay : 15
| Command Reference | Layer 2 functions [Example] Move to MST mode. SWX232x(config)#spanning-tree mst configuration SWX232x(config-mst)# 6.3.16 Generate MST instance [Syntax] instance instance-id no instance [Parameter] instance-id : <1-15> Instance ID [Initial value] none [Input mode] MST mode [Description] Generates an MST instance. If this command is executed with the "no" syntax, the MST instance is deleted.
Command Reference | Layer 2 functions | 217 SWX232x(config)#spanning-tree mst configuration SWX232x(config-mst)#instance 1 vlan 2 6.3.18 Set priority of MST instance [Syntax] instance instance-id priority priority no instance instance-id priority [Parameter] instance-id : <1-15> Instance ID priority : <0-61440> (multiple of 4096) Priority value [Initial value] instance instance-id priority 32768 [Input mode] MST mode [Description] Sets the priority of the MST instance.
| Command Reference | Layer 2 functions [Parameter] revision : <0-65535> Revision number [Initial value] revision 0 [Input mode] MST mode [Description] Sets the revision number of the MST region. If this command is executed with the "no" syntax, the setting returns to the default. [Example] Set the revision number as 2 for the MST region. SWX232x(config)#spanning-tree mst configuration SWX232x(config-mst)#revision 2 6.3.
Command Reference | Layer 2 functions | 219 Priority value [Initial value] spanning-tree instance instance-id priority 128 [Input mode] interface mode [Description] Sets the priority for the applicable interface in the MST instance. If this command is executed with the "no" syntax, the setting returns to the default. [Note] This command can be specified only for LAN/SFP port and logical interface. It is not possible to specify this command for a LAN/SFP port that is associated to a logical interface.
| Command Reference | Layer 2 functions SWX232x(config)#interface port1.1 SWX232x(config-if)#spanning-tree instance 2 SWX232x(config-if)#spanning-tree instance 2 path-cost 100000 6.3.24 Show MST region information [Syntax] show spanning-tree mst config [Input mode] unprivileged EXEC mode, privileged EXEC mode, interface mode [Description] Shows distinguishing information for the MST region. [Example] Show distinguishing information for the MST region.
Command Reference | Layer 2 functions | 221 % % 0: 1: 1 100 (port1.8) Show detailed MSTP information for LAN port #8. SWX232x>show spanning-tree mst detail interface port1.
| Command Reference | Layer 2 functions [Description] Shows information for the specified MST instance. If "interface" is omitted, information is shown for all interfaces that are assigned the specified MST instance. [Note] A LAN/SFP port that is associated with a logical interface cannot be specified as ifname. [Example] Show information for MST instance #1.
Command Reference | Layer 2 functions | 223 SWX232x(config)#loop-detect enable Disable the loop detection function for the entire system. SWX232x(config)#loop-detect disable 6.4.
| Command Reference | Layer 2 functions 6.4.
Command Reference | Layer 2 functions | 225 The following items are shown. • Setting of the system-wide loop detection function • Loop detection status for each LAN/SFP port • Interface name (port) • Setting of the loop detection function (loop-detect) for LAN/SFP port. If the loop detection function is operating, (*) is added • Status of the Port Blocking setting (port-blocking) • Loop detection status (status) [Example] Show the loop detection status.
| Command Reference | Layer 3 functions Chapter 7 Layer 3 functions 7.1 IPv4 address management 7.1.1 Set IPv4 address [Syntax] ip ip no no no address ip_address/mask [secondary] [label textline] address ip_address netmask [secondary] [label textline] ip address ip_address/mask [secondary] ip address ip_address netmask [secondary] ip address [Keyword] label : Set label as IPv4 address secondary : Set as the secondary address : A.B.C.
Command Reference | Layer 3 functions | 227 [Parameter] interface : VLAN interface name [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows the IPv4 address for each interface. The following content is shown. • IPv4 address • For secondary addresses, “(secondary)” is appended to the end of IPv4 addresses. • If an IPv4 address has been specified by the ip address dhcp command, an "*" is shown added before the displayed IPv4 address.
| Command Reference | Layer 3 functions [Note] The lease time requested from the DHCP server is fixed at 72 hours. However, the actual lease time will depend on the setting of the DHCP server. Even if this command is used to obtain the default gateway, DNS server, and default domain name from the DHCP server, the settings of the ip route, ip name-server, ip domain-name commands take priority.
Command Reference | Layer 3 functions | 229 [Parameter] switch : Behavior of the auto IP function Setting value Description enable Enable the auto IP function disable Disable the auto IP function [Initial value] auto-ip disable [Input mode] interface mode [Description] For the VLAN interface, enables the Auto IP function which automatically generates the IPv4 link local address (169.254.xxx.xxx/16).
| Command Reference | Layer 3 functions Netmask in address format Set this to 0.0.0.0 if specifying the default gateway gateway : A.B.C.D IPv4 address of gateway number : <1-255> Administrative distance (priority order when selecting route) (if omitted: 1) Lower numbers have higher priority. [Initial value] none [Input mode] global configuration mode [Description] Adds a static route for IPv4. If this command is executed with the "no" syntax, the specified route is deleted.
Command Reference | Layer 3 functions | 231 Known via "connected", distance 0, metric 0, best * is directly connected, vlan1 7.2.3 Show IPv4 Routing Information Base [Syntax] show ip route database [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows the IPv4 Routing Information Base (RIB). [Example] Show the IPv4 routing information base. SWX232x>show ip route database Codes: C - connected, S - static > - selected route, * - FIB route S S S C C *> *> *> *> *> 0.0.0.
| Command Reference | Layer 3 functions 7.3.2 Clear ARP table [Syntax] clear arp-cache [Input mode] privileged EXEC mode [Description] Clears the ARP cache. [Example] Clear the ARP cache. SWX232x#clear arp-cache 7.3.3 Set static ARP entry [Syntax] arp ip_address mac_address interface no arp ip_address [Parameter] ip_address : A.B.C.D IP address mac_address : HHHH.HHHH.HHHH MAC address interface : portN.
Command Reference | Layer 3 functions | 233 If this command is executed with the "no" syntax, the ARP entry timeout is set to 1200 seconds. [Example] Change the ARP entry ageing timeout for VLAN #1 to five minutes. SWX232x(config)#interface vlan1 SWX232x(config)#arp-aging-timeout 300 7.4 IPv4 forwarding control 7.4.
| Command Reference | Layer 3 functions [Parameter] host : Target to which ICMP Echo is sent Host name, or target IP address (A.B.C.
Command Reference | Layer 3 functions | 235 5 6 192.168.50.1 (192.168.50.1) 7.689 ms 7.527 ms 7.168 ms 192.168.100.1 (192.168.100.1) 33.948 ms 10.413 ms 7.681 ms 7.6 IPv6 address management 7.6.
| Command Reference | Layer 3 functions For IPv6 addresses, up to five global addresses (including RA settings) and one link local address can be set in one VLAN interface. Up to 8 IPv6 addresses can be configured for the system overall (excepting link local addresses that are automatically assigned). If this command is executed with the "no" syntax, the specified IPv6 address is deleted. If no IPv6 address is specified, all IPv6 addresses (including RA settings) are deleted.
Command Reference | Layer 3 functions | 237 This command cannot be used if the stack function is enabled. [Example] Show the IPv6 address for all VLAN interface. SWX232x>show ipv6 interface brief Interface IPv6-Address Link-Status vlan1 2001:db8:1::2/64 2001:db8:2::2/64 fe80::2a0:deff:fe:2/64 vlan2 2001:db8:2::2/64 fe80::2a0:deff:fe:2/64 down vlan3 unassigned down Admin-Status up up up up 7.7 IPv6 route control 7.7.
| Command Reference | Layer 3 functions SWX232x(config)#ipv6 route ::/0 fe80::2a0:deff:fe:1%vlan1 7.7.2 Show IPv6 Forwarding Information Base [Syntax] show ipv6 route [ipv6_address[/prefix_len]] [Parameter] ipv6_address : X:X::X:X IPv6 address mask : <0-128> IPv6 prefix length (if omitted: 128) [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows the IPv6 Forwarding Information Base (FIB). If the IPv6 address is omitted, the entire content of the FIB is shown.
Command Reference | Layer 3 functions | 239 S C *> 2001:db8:2::/64 [1/0] via 2001:db8:1::1, vlan1, 00:20:23 *> fe80::/64 via ::, vlan1, 00:21:39 7.7.4 Show summary of the route entries registered in the IPv6 Routing Information Base [Syntax] show ipv6 route summary [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows a summary of the route entries that are registered in the IPv6 Routing Information Base (RIB). [Note] This command cannot be used if the stack function is enabled.
| Command Reference | Layer 3 functions [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows the neighbor cache table. [Note] This command cannot be used if the stack function is enabled. [Example] Show the neighbor cache table. SWX232x>show ipv neighbors IPv6 Address 2001:db8:1:0:3538:5dc7:6bc4:1a23 2001:db8:cafe::1 fe80::0211:22ff:fe33:4455 fe80::6477:88ff:fe99:aabb MAC Address 0011.2233.4455 00a0.de80.cafe 0011.2233.4455 6677.8899.
Command Reference | Layer 3 functions | 241 [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows the IPv6 packet forwarding settings. [Example] Shows the IPv6 packet forwarding settings. SWX232x>show ipv6 forwarding IPv6 forwarding is on 7.10 IPv6 ping 7.10.
| Command Reference | Layer 3 functions 64 64 64 64 64 bytes bytes bytes bytes bytes from from from from from fe80::2a0:deff:fe11:2233: fe80::2a0:deff:fe11:2233: fe80::2a0:deff:fe11:2233: fe80::2a0:deff:fe11:2233: fe80::2a0:deff:fe11:2233: seq=0 seq=1 seq=2 seq=3 seq=4 ttl=64 ttl=64 ttl=64 ttl=64 ttl=64 time=2.681 ms time=4.760 ms time=10.045 ms time=10.078 ms time=10.
Command Reference | Layer 3 functions | 243 [Example] Enable the DNS lookup function. SWX232x(config)#dns-client enable 7.11.2 Set DNS server list [Syntax] dns-client name-server server no dns-client name-server server [Parameter] server : A.B.C.
| Command Reference | Layer 3 functions [Note] The setting of this command takes priority if the default domain name (option code 15) was obtained from the DHCP server by the ip address dhcp command. If a search domain list is specified by the dns-client domain-list command, the default domain name specified by this command and the default domain name automatically specified by the ip address dhcp command are not used. [Example] Set the default domain name to "example.com".
Command Reference | Layer 3 functions | 245 SWX232x>show dns-client DNS client is enabled Default domain : example.com Domain list : example1.com example2.com Name Servers : 192.168.100.1 2001:db8::1234 fe80::2a0:deff:fe11:2233%vlan1 * - Values assigned by DHCP Client.
| Command Reference | IP multicast control Chapter 8 IP multicast control 8.1 IP multicast basic settings 8.1.
Command Reference | IP multicast control | 247 [Example] Enable IGMP snooping for VLAN #2. SWX232x#configure terminal SWX232x(config)#interface vlan2 SWX232x(config-if)#ip igmp snooping enable Disable IGMP snooping for VLAN #2. SWX232x#configure terminal SWX232x(config)#interface vlan2 SWX232x(config-if)#ip igmp snooping disable 8.2.
| Command Reference | IP multicast control The multicast router must be connected to the specified LAN/SFP port. If an IGMP report is received from the receiver, it is forwarded to the specified LAN/SFP port. [Example] Specify LAN port #8 as a connection destination of the multicast router. SWX232x#configure terminal SWX232x(config)#interface vlan2 SWX232x(config-if)#ip igmp snooping mrouter interface port1.8 Remove LAN port #8 as a connection destination of the multicast router.
Command Reference | IP multicast control | 249 [Note] This command can be specified only for VLAN interface. Also, this can be specified only if IGMP snooping is enabled. [Example] Set the VLAN #2 query transmission interval to 30 seconds. SWX232x#configure terminal SWX232x(config)#interface vlan2 SWX232x(config-if)#ip igmp snooping query-interval 30 Return the VLAN #2 query transmission interval to the default setting.
| Command Reference | IP multicast control IGMP version [Initial value] ip igmp snooping version 3 [Input mode] interface mode [Description] Sets the IGMP version. If this command is executed with the "no" syntax, the IGMP version returns to the default setting (V3). [Note] This command can be specified only for VLAN interface. Also, this can be specified only if IGMP snooping is enabled. If an IGMP packet of a different version than this setting is received, the following action occurs.
Command Reference | IP multicast control | 251 [Parameter] A.B.C.D : Multicast group address ifname : VLAN interface name Interface to show [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows IGMP group membership information. [Example] Show IGMP group membership information. SWX232x#show ip igmp snooping groups IGMP Snooping Group Membership Group source list: (R - Remote, S - Static) Vlan Group/Source Address Interface Reporter Version 1 239.255.255.250 port1.5 192.168.100.
| Command Reference | IP multicast control Number of v2-leaves: 0 Number of v3-reports: 127 Active Ports: port1.5 port1.8 8.2.11 Clear IGMP group membership entries [Syntax] clear ip igmp snooping clear ip igmp snooping group A.B.C.D clear ip igmp snooping interface ifname [Keyword] group : Specifies the multicast group address to be cleared interface : Specifies the VLAN interface to be cleared : Multicast group address [Parameter] A.B.C.
Command Reference | IP multicast control | 253 [Example] Enable MLD snooping for VLAN #2. SWX232x#configure terminal SWX232x(config)#interface vlan2 SWX232x(config-if)#ipv6 mld snooping enable Disnable MLD snooping for VLAN #2. SWX232x#configure terminal SWX232x(config)#interface vlan2 SWX232x(config-if)#ipv6 mld snooping disable 8.3.
| Command Reference | IP multicast control The multicast router must be connected to the specified LAN/SFP port. If an MLD report is received from the receiver, it is forwarded to the specified LAN/SFP port. [Example] Specify LAN port #8 as a connection destination of the multicast router. SWX232x#configure terminal SWX232x(config)#interface vlan2 SWX232x(config-if)#ipv6 mld snooping mrouter interface port1.8 Remove LAN port #8 as a connection destination of the multicast router.
Command Reference | IP multicast control | 255 [Note] This command can be specified only for VLAN interfaces. Also, this can be specified only if MLD snooping is enabled. [Example] Set the VLAN #2 query transmission interval to 30 seconds. SWX232x#configure terminal SWX232x(config)#interface vlan2 SWX232x(config-if)#ipv6 mld snooping query-interval 30 Return the VLAN #2 query transmission interval to the default setting.
| Command Reference | IP multicast control Interface to show [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows the multicast router connection port information that was dynamically learned or statically set. [Example] Show multicast router connection port information for VLAN #2. SWX232x#show ipv6 mld snooping mrouter vlan2 VLAN Interface IP-address Expires 2 port1.11(dynamic) fe80::ae44:f2ff:fe30:291 00:01:04 8.3.
Command Reference | IP multicast control | 257 [Parameter] ifname : VLAN interface name Interface to show [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Show a VLAN interface's MLD-related information. [Example] Show MLD-related information for VLAN #1.
| Command Reference | Traffic control Chapter 9 Traffic control 9.1 ACL 9.1.1 Generate IPv4 access list [Syntax] access-list ipv4-acl-id [seq_num] action protocol src-info [src-port] dst-info [dst-port] [ack] [fin] [psh] [rst] [syn] [urg] no access-list ipv4-acl-id [seq_num] [action protocol src-info [src-port] dst-info [dst-port] [ack] [fin] [psh] [rst] [syn] [urg]] [Keyword] ack : If tcp is specified as the protocol, the ACK flag of the TCP header is specified as a condition.
Command Reference | Traffic control | 259 Setting value src-port : Description A.B.C.D/M Specifies an IPv4 address (A.B.C.D) with subnet mask length (Mbit) host A.B.C.D Specifies a single IPv4 address (A.B.C.D) any Applies to all IPv4 addresses <0-65535> If protocol is specified as tcp or udp, this specifies the transmission source port number <0-65535> that is the condition. This can also be omitted.
| Command Reference | Traffic control SWX232x(config)#access-list 1 deny any 192.168.1.0 0.0.0.255 host 172.16.1.1 Delete IPv4 access list #1. SWX232x(config)#no access-list 1 9.1.2 Add comment to IPv4 access list [Syntax] access-list ipv4-acl-id description line no access-list ipv4-acl-id description [Parameter] ipv4-acl-id : <1-2000> ID of IPv4 access list to which a comment will be added line : Comment to add.
Command Reference | Traffic control | 261 If the received/transmitted frame matches the conditions in the access list, the action in the access list will be the action (permit, deny) for the corresponding frame. If this command is executed with the "no" syntax, the applied access list is deleted from both LAN/SFP port and logical interface. [Note] Only one access list for each direction can be registered for incoming frames (in) and for outgoing frames (out) on the same interface.
| Command Reference | Traffic control To apply the generated access list, use the access-group command of interface mode. If the "no" syntax is used to specify "action" and following, the IPv6 access list that matches all conditions is deleted. If the "no" syntax is used without specifying "action" and following, the IPv6 access list of the matching ID of access list is deleted. [Note] An access list that is applied to LAN/SFP port and logical interface cannot be deleted using the "no" syntax.
Command Reference | Traffic control | 263 Setting value Description in Apply to received frames out Apply to transmitted frames [Initial value] none [Input mode] interface mode [Description] Applies an IPv6 access list to both LAN/SFP port and logical interface. If the received/transmitted frame matches the conditions in the access list, the action in the access list will be the action (permit, deny) for the corresponding frame.
| Command Reference | Traffic control Setting value dst-info : Description HHHH.HHHH.HHHH WWWW.WWWW.WWWW Specifies the MAC address (HHHH.HHHH.HHHH) with wildcard bits (WWWW.WWWW.WWWW) host HHHH.HHHH.HHHH Specifies an individual MAC address (HHHH.HHHH.HHHH) any Applies to all MAC addresses Specifies the destination MAC address information that is the condition Setting value Description HHHH.HHHH.HHHH WWWW.WWWW.WWWW Specifies the MAC address (HHHH.HHHH.HHHH) with wildcard bits (WWWW.WWWW.
Command Reference | Traffic control | 265 [Initial value] none [Input mode] global configuration mode [Description] Adds a comment (remark) to the already-generated MAC access list. If this is executed with the "no" syntax, the comment is deleted from the MAC access list. [Note] You can use this command to add a comment even after the access list has been applied to LAN/SFP port and logical interface. (The last-written comment overwrites the previous one.
| Command Reference | Traffic control 9.1.10 Show generated access list [Syntax] show access-list [acl_id] [Parameter] acl-id : <1-2000>, <2001-3000>, <3001-4000> ID of access list [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows the registered access list. If acl-id is omitted, all access lists are shown.
Command Reference | Traffic control | 267 SWX232x>show access-group Interface port1.1 : IPv4 access group 1 in Interface port1.7 : IPv6 access group 3002 in Interface port1.8 : MAC access group 2001 in 9.1.
| Command Reference | Traffic control 9.1.15 Set VLAN access map filter [Syntax] vlan filter access-map-name vlan-id [direction] no vlan filter access-map-name vlan-id [direction] [Parameter] access-map-name : Single-byte alphanumeric characters and single-byte symbols(256 characters or less) Access map name specified by the vlan access-map command vlan-id : <1-4094> VLAN ID set to the "enable" status by the vlan command direction : Specifies the direction of applicable frames.
Command Reference | Traffic control | 269 [Example] Show VLAN access map information. SWX232x>show vlan access-map Vlan access-map VAM001 match ipv4 access-list 2 9.1.17 Show VLAN access map filter [Syntax] show vlan filter [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Show VLAN access map filter application information. The following items are shown.
| Command Reference | Traffic control SWX232x(config)#qos disable 9.2.2 Set default CoS [Syntax] qos cos value no qos cos [Parameter] value : <0-7> Default CoS value [Initial value] qos cos 0 [Input mode] interface mode [Description] Sets the default CoS of LAN/SFP port and logical interface. If this is executed with the "no" syntax, the default value (CoS=0) is specified. The default CoS is used if untagged frames are received when the interface's trust mode is set to CoS.
Command Reference | Traffic control | 271 [Description] Specifies the trust mode of LAN/SFP port and logical interface. If this is executed with the "no" syntax, the default value (CoS trust mode) is specified. In the case of "CoS" trust mode, the CoS value of incoming frames is used to determine the egress queue. In the case of "DSCP," the DSCP value of incoming frames is used to determine the egress queue.
| Command Reference | Traffic control [Parameter] ifname : Name of the LAN/SFP port or logical interface. If this is omitted, the command applies to all ports. Interface to show [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows QoS settings for the specified interface. The following content is shown.
Command Reference | Traffic control | 273 Port Trust Mode: DSCP Egress Traffic Shaping: Not Configured Queue Scheduling: Queue0 : SP Queue1 : SP Queue2 : SP Queue3 : SP Queue4 : SP Queue5 : SP Queue6 : SP Queue7 : SP DSCP (Queue): 0(2), 8(0), 16(1), 24(3), 32(4), 40(5), 48(6), 56(7), 1(2), 9(0), 17(1), 25(3), 33(4), 41(5), 49(6), 57(7), 2(2), 10(0), 18(1), 26(3), 34(4), 42(5), 50(6), 58(7), 3(2), 11(0), 19(1), 27(3), 35(4), 43(5), 51(6), 59(7), 4(2), 12(0), 20(1), 28(3), 36(4), 44(5), 52(6), 60(7), 5(
| Command Reference | Traffic control CoS value of conversion source queue-id : <0-7> Egress queue ID corresponding to CoS value [Initial value] See [Note] [Input mode] global configuration mode [Description] Specifies the values of the CoS - egress queue ID conversion table that is used to determine the egress queue. If this is executed with the "no" syntax, the egress queue ID for the specified CoS value is returned to the default setting.
Command Reference | Traffic control | 275 The DSCP - egress queue ID conversion table is used when the trust mode is set to DSCP. [Note] In order to execute this command, QoS must be enabled. The following table shows the default settings of the DSCP - egress queue ID conversion table. DSCP value Egress queue 0-7 2 8-15 0 16-23 1 24-31 3 32-39 4 40-47 5 48-55 6 56-63 7 [Example] Assign egress queue #4 to DSCP value "0.
| Command Reference | Traffic control 9.2.10 Specify egress queue of frames transmitted from the switch itself [Syntax] qos queue sent-from-cpu queue-id no qos queue sent-from-cpu [Parameter] queue-id : <0-7> Egress queue ID [Initial value] qos queue sent-from-cpu 7 [Input mode] global configuration mode [Description] Specifies the egress queue for the storage destination of frames sent to each LAN/SFP port from the switch itself (CPU).
Command Reference | Traffic control | 277 [Example] Create class map "class1." SWX232x(config)#class-map class1 SWX232x(config-cmap)# 9.2.12 Associate class map [Syntax] class name no class name [Parameter] name : Class map name [Input mode] policy map mode [Description] Associates a class map to a policy map. When the class map association succeeds, move to policy map class mode. In policy map class mode, you can make the following settings for each traffic class.
| Command Reference | Traffic control [Parameter] acl-id : <1 - 2000> IPv4 access list ID : <2001 - 3000> MAC access list ID : <3001 - 4000> IPv6 access list ID [Input mode] class map mode [Description] Uses the access list as the conditions to classify the traffic class. If the received frame matches the conditions in the access list, the action in the access list will be the action (permit, deny) for the traffic class.
Command Reference | Traffic control | 279 [Parameter] tos-list : <0 - 7> Value of the IP header's TOS precedence field used as a classification condition. Up to eight can be registered. [Input mode] class map mode [Description] Uses the value of the IP header's TOS precedence field as a condition to classify the traffic class. If this is executed with the "no" syntax, the classification conditions using TOS precedence are deleted.
| Command Reference | Traffic control [Parameter] type : Specifies the type of the Ethernet frame. Setting value Description 0xXXXX Hexadecimal expression of type value any All frame [Input mode] class map mode [Description] Uses the Ethernet frame's type value and the presence of a VLAN tag as the conditions to classify the traffic class. If this command is executed with the "no" syntax, deletes conditional settings based on the Ethernet frame's type value and the presence of a VLAN tag.
Command Reference | Traffic control | 281 Starting VLAN ID value used as classification condition. id-end : <1 - 4094> Ending VLAN ID value used as classification condition. The range from the specified starting value to the ending value can be a maximum of 30. [Input mode] class map mode [Description] Uses the VLAN ID as the condition to classify the traffic class. To delete the classification condition, use the no match vlan command.
| Command Reference | Traffic control 9.2.21 Generate policy map for received frames [Syntax] policy-map name no policy-map name [Parameter] name : Name of policy map (maximum 32 characters; uppercase and lowercase are distinguished) [Input mode] global configuration mode [Description] Generates a policy map. The policy map combines the following processing for received frames, for each traffic class.
Command Reference | Traffic control | 283 [Description] Applies the policy map to the corresponding LAN/SFP port and logical interface. If this is executed with the "no" syntax, the policy map is deleted from the LAN/SFP port and logical interface. [Note] In order to execute this command, QoS must be enabled. If a policy map has already been applied to the LAN/SFP port and logical interface, an error occurs.
| Command Reference | Traffic control [Note] In order to execute this command, QoS must be enabled. Pre-marking cannot be used in conjunction with the set egress queue function. [Example] Make the following settings for received frames of LAN port #1 • Permit traffic from the 10.1.0.0 network • Change the classified traffic class to the CoS value "2" [Traffic class definition] SWX232x(config)#access-list 1 permit any 10.1.0.0 0.0.255.
Command Reference | Traffic control | 285 9.2.25 Set pre-marking (DSCP) [Syntax] set ip-dscp value no set dscp [Parameter] value : <0 - 63> DSCP value specified by pre-marking [Input mode] policy map class mode [Description] Changes the DSCP value of the classified traffic class to the specified DSCP value. In addition, reassign the egress queue according to the egress queue ID table that corresponds to the trust mode.
| Command Reference | Traffic control [Parameter] CIR : <1 - 102300000> Traffic rate (kbps) CBS : <11 - 2097120> Burst size of conformant token bucket (kbyte) EBS : <11 - 2097120> Burst size of excess token bucket (kbyte) action : Operation for packets categorized by bandwidth class Setting value Operation transmit Forward drop Discard remark Remarking (CoS/TOS/DSCP) [Input mode] policy map class mode [Description] Specifies individual policers (single rate) for the categorized traffi
Command Reference | Traffic control | 287 SWX232x(config)#interface port1.1 SWX232x(config-if)#service-policy input policy1 9.2.27 Set individual policers (twin rate) [Syntax] police twin-rate CIR PIR CBS PBS yellow-action action red-action action no police [Keyword] twin-rate : Use twin rate policers : <1 - 102300000> [Parameter] CIR Traffic rate (kbps) PIR : <1 - 102300000> Peak traffic rate (kbps). A value less than CIR cannot be specified.
| Command Reference | Traffic control • Green: forward, Yellow: rewrite DSCP value to 10, Red: discard [Traffic class definition] SWX232x(config)#ip-access-list 1 permit 10.1.0.0 0.0.255.
Command Reference | Traffic control | 289 Up to four user-defined values may be used for pre-marking/remarking to a DSCP value not recommended in the RFC. The following table shows the DSCP values that are recommended in the RFC.
| Command Reference | Traffic control SWX232x(config)#aggregate-police AGP-01 SWX232x(config-agg-policer)# 9.2.
Command Reference | Traffic control | 291 SWX232x(config-agg-policer)#remark-map yellow ip-dscp 10 SWX232x(config-agg-policer)#exit 9.2.31 Set aggregate policer (twin rate) [Syntax] police twin-rate CIR PIR CBS PBS yellow-action action red-action action no police [Keyword] twin-rate : Use twin rate policers : <1 - 102300000> [Parameter] CIR Traffic rate (kbps) PIR : <1 - 102300000> Peak traffic rate (kbps). A value less than CIR cannot be specified.
| Command Reference | Traffic control action drop SWX232x(config-agg-policer)#remark-map yellow ip-dscp 10 SWX232x(config-agg-policer)#exit 9.2.
Command Reference | Traffic control | 293 • • Executing metering by TrTCM with CIR:48kbps, PIR:96kbps, CBS:12kbyte, and PBS:12kbyte Yellow: rewrite DSCP value to 10, Red: discard [Aggregate policer creating] SWX232x(config)#aggregate-police AGP-01 SWX232x(config-agg-policer)#police twin-rate 48 96 12 12 yellow-action remark redaction drop SWX232x(config-agg-policer)#remark-map yellow ip-dscp 10 SWX232x(config-agg-policer)#exit 9.2.
| Command Reference | Traffic control [Example] Apply aggregate policer "AGP-01" to the two traffic classes "class1" and "class2" of policy map "policy1.
Command Reference | Traffic control | 295 Yellow Bytes : 2048 Red Bytes : 51552 9.2.36 Clear metering counters [Syntax] clear qos metering-counters [ifname] [Parameter] ifname : LAN/SFP port name or logical interface name. If this is omitted, the command applies to all ports. [Input mode] privileged EXEC mode [Description] Clears the metering totals for all policers (individual policers / aggregate policers) on the specified LAN/SFP port or logical interface.
| Command Reference | Traffic control SWX232x(config-pmap-c)#set cos-queue 3 SWX232x(config-pmap-c)#exit SWX232x(config-pmap)#exit SWX232x(config)#interface port1.1 SWX232x(config-if)#service-policy input policy1 9.2.38 Set egress queue (DSCP-Queue) [Syntax] set ip-dscp-queue value no set ip-dscp-queue [Parameter] value : <0 - 63> DSCP value corresponding to egress queue [Input mode] policy map class mode [Description] Assigns an egress queue to the classified traffic class.
Command Reference | Traffic control | 297 Item Description Policy-Map Name Policy map name State Application status of the policy map (attached/detached) Class-Map Name Class map information. For details, refer to the show classmap command.
| Command Reference | Traffic control SWX232x#show policy-map policy1 Policy-Map Name: policy1 State: attached Class-Map Name: class1 Qos-Access-List Name: 1 Police: Mode: SrTCM average rate (48 Kbits/sec) burst size (12 KBytes) excess burst size (12 KBytes) yellow-action (Remark [DSCP:10]) red-action (Drop) 9.2.
Command Reference | Traffic control | 299 edit/erase : Disable attach limitation CoS trust mode : Enable DSCP trust mode : Enable Port-Priority trust mode : Disable Show the status of class map "class1". SWX232x#show qos map-status class class1 class1 status policy-map association : policy1 (Detached) edit/erase : Disable attach limitation CoS trust mode : Enable DSCP trust mode : Enable Port-Priority trust mode : Disable 9.2.
| Command Reference | Traffic control 9.2.42 Set traffic shaping (individual port) [Syntax] traffic-shape rate kbps CIR burst BC no traffic-shape rate [Parameter] CIR : <18-10000000> Traffic rate (kbps). Since rounding occurs, the value actually applied to the input value might be less BC : <16-16000> Burst size (kbyte). Specified in 4 kbyte units. (See [Note]) [Initial value] no traffic-shape rate [Input mode] interface mode [Description] Specifies shaping for the port.
Command Reference | Traffic control | 301 [Input mode] interface mode [Description] Specifies shaping for the transmission queue of the port. If this command is executed with the "no" syntax, the egress queue shaping setting is disabled. [Note] In order to execute this command, QoS must be enabled. Since rounding occurs on the traffic rate, the value actually applied to the input value might be less.
| Command Reference | Traffic control [Parameter] type : Flow control operation Setting value Description auto Enable flow control auto negotiation both Enable transmission/reception of Pause frames disable Disable flow control [Initial value] flowcontrol disable [Input mode] interface mode [Description] Enables flow control for the LAN/SFP port (IEEE 802.3x PAUSE frames send/receive). If this is executed with the "no" syntax, flow control is disabled.
Command Reference | Traffic control | 303 [Example] Show flow control information for LAN port #1. SWX232x#show flowcontrol port1.1 Port FlowControl RxPause TxPause ------------------------- ------port1.1 Both 4337 0 Show flow control information for all ports. SWX232x#show flowcontrol System flow-control: Enable Port FlowControl ------------------port1.1 Both port1.2 Disable port1.3 Both port1.4 Disable port1.5 Disable port1.6 Disable port1.7 Disable port1.
| Command Reference | Traffic control [Parameter] ifname : LAN/SFP port interface name Interface to show [Initial value] none [Input mode] unprivileged EXEC mode, privileged EXEC mode [Description] Shows the upper limit value for frame reception. If the interface name is omitted, all interfaces are shown. [Example] Show the setting status of all interfaces. SWX232x#show storm-control Port BcastLevel McastLevel port1.1 30.00% 30.00% port1.2 20.00% 20.00% port1.3 100.00% 100.00% port1.4 100.00% 100.
Command Reference | Application | 305 Chapter 10 Application 10.1 Local RADIUS server 10.1.
| Command Reference | Application 10.1.3 Generate a route certificate authority [Syntax] crypto pki generate ca [ca-name] no crypto pki generate ca [Parameter] ca-name : Certificate authority name Characters that can be inputted for the certificate authority name • Within 3–32 characters • Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces • Cannot specify “DEFAULT” [Initial value] none [Input mode] global configuration mode [Description] Generates a route
Command Reference | Application | 307 Setting value Description pap PAP authentication method peap PEAP authentication method eap-md5 EAP-MD5 authentication method eap-tls EAP-TLS authentication method eap-ttls EAP-TTLS authentication method [Initial value] authentication pap peap eap-md5 eap-tls eap-ttls [Input mode] RADIUS configuration mode [Description] Specifies the authentication method used for the local RADIUS server.
| Command Reference | Application [Input mode] RADIUS configuration mode [Description] Adds a RADIUS client (NAS) to the RADIUS client list. The maximum number of registered entries is 100. If this command is executed with the "no" syntax, the specified RADIUS client setting is deleted. [Note] RADIUS client (NAS) information configured using this command will not display in running-config or startup-config.
Command Reference | Application | 309 mac-address : hhhh.hhhh.hhhh (h is hexadecimal) MAC address for terminal (user) to authenticate ssid : SSID connection point (32 characters or less, single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces ) name : User name (32 characters or less, single-byte alphanumeric characters and symbols other than the characters " ? and spaces mail-address : Mail address (256 characters or less, single-byte alphanumeric character
| Command Reference | Application 10.1.8 Reauthentication interval setting [Syntax] reauth interval time no reauth interval [Parameter] time : <3600,43200,86400,604800> Reauthentication interval (no. of seconds) [Initial value] reauth interval 3600 [Input mode] RADIUS configuration mode [Description] Sets the reauthentication interval that is notified to the RADIUS client (NAS). The RADIUS client (NAS) determines whether the reauthentication interval will be used.
Command Reference | Application | 311 Authentication method Characters that can be inputted EAP-MD5, EAP-TTLS, PEAP, PAP Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces EAP-TLS Single-byte alphanumeric characters and symbols other than the characters \ [ ] / : * | < > " ? and spaces [Input mode] privileged EXEC mode [Description] This issues client certificates to users for which the EAP-TLS certification method is specified.
| Command Reference | Application 10.1.
Command Reference | Application | 313 Authentication method Characters that can be inputted EAP-MD5, EAP-TTLS, PEAP, PAP Single-byte alphanumeric characters and symbols other than the characters \ [ ] " ? and spaces EAP-TLS Single-byte alphanumeric characters and symbols other than the characters \ [ ] / : * | < > " ? and spaces [Input mode] privileged EXEC mode [Description] This exports the client certificates to an SD card.
| Command Reference | Application Client certificates to be sent are ZIP files, compressed using the passwords for each user. E-mail cannot be sent to users whose e-mail addresses have not been set. To send e-mail, the e-mail destination server and e-mail recipient name must be configured in the e-mail template, and an email template ID for use when sending the e-mail must be set using the mail send certificate command. [Note] Only the newest client certificate (1) can be sent via e-mail.
Command Reference | Application | 315 Setting value Description IPv4 address (A.B.C.D) Range from 0.0.0.1 to 223.255.255.255, except for 127.0.0.1 IPv4 network address (A.B.C.
| Command Reference | Application SWX232x#show radius-server local user detail 00a0de000001 Total 1 userid : password : mode : vlan : MAC : SSID : name : mail-address: expire date : certificated: 00a0de000001 secretpassword eap-tls 10 00a0.de00.0001 YamahaTaro test.com 2037/12/31 Not 10.1.18 Client certificate issuance status display [Syntax] show radius-server local certificate status [Input mode] privileged EXEC mode [Description] Shows the issuance status for client certificates.
Command Reference | Application | 317 [Example] This displays client certificates that have been issued for specific users. SWX232x#show radius-server local certificate list detail Yamaha userid certificate number enddate -------------------------------------------------------------------------------------------Yamaha Yamaha-DF598EE9B44D22CC 2018/12/31 Yamaha-DF598EE9B44D22CD 2019/12/31 10.1.
| Command Reference | Index Index A aaa authentication auth-mac 163 aaa authentication auth-web 163 aaa authentication dot1x 163 access-group (IPv4) 260 access-group (IPv6) 262 access-group (MAC) 265 access-list (IPv4) 258 access-list (IPv6) 261 access-list (MAC) 263 access-list description (IPv4) 260 access-list description (IPv6) 262 access-list description (MAC) 264 action 131 aggregate-police 289 arp 232 arp-ageing-timeout 232 auth clear-state time (global configuration mode) 179 auth clear-state t
Command Reference | Index | 319 http-server interface 81 http-server language 82 http-server login-timeout 83 http-server secure 80 I instance 216 instance priority 217 instance vlan 216 interface reset 149 ip address 226 ip address dhcp 227 ip forwarding 233 ip igmp snooping 246 ip igmp snooping check ttl 249 ip igmp snooping fast-leave 247 ip igmp snooping mrouter interface 247 ip igmp snooping querier 248 ip igmp snooping query-interval 248 ip igmp snooping version 249 ip route 229 ipv6 235 ipv6 address
| Command Reference | Index Q qos cos 270 qos cos-queue 273 qos dscp-queue 274 qos enable 269 qos port-priority-queue 275 qos queue sent-from-cpu 276 qos trust 270 qos wrr-weight 299 R radius-server deadtime 174 radius-server host 172 radius-server key 173 radius-server local enable 305 radius-server local interface 305 radius-server local refresh 310 radius-server local-profile 306 radius-server retransmit 173 radius-server timeout 172 reauth interval 310 region 217 reload 134 remark-map (aggregate p
Command Reference | Index | 321 show policy-map 296 show port-security status 183 show power-inline 188 show process 41 show ptp 51 show ptp interface 51 show qos 271 show qos interface 271 show qos map-status 298 show qos metering-counters 294 show qos queue-counters 273 show radius-server 177 show radius-server local certificate list 316 show radius-server local certificate revoke 317 show radius-server local certificate status 316 show radius-server local nas 314 show radius-server local user 315 show rm
| Command Reference | Index V W vlan 193 vlan access-map 267 vlan database 193 vlan filter 268 wireless-terminal-watch interval 119 write 33
