manualshive.com logo in svg

3Com 5500-EI Series, Reference Manual

Share
Download
3Com 5500-EI Series Reference Manual Download Page 1009

 

1-33 

1                   publickey            127.0.0.1             stelnet 

ssh user authentication-type 

Syntax 

ssh user username

 

authentication-type 

all

 | 

password

 | 

password-publickey

 | 

publickey

 | 

rsa

 } 

undo ssh user username authentication-type

 

View 

System view 

Parameters 

username

: SSH user name, a string of 1 to 184 characters. It cannot contain any of these characters: 

slash (/), backslash (\), colon (:), asterisk (*), question mark (?), less than sign (<), greater than sign (>), 

and the vertical bar sign (|). In addition, the @ sign can appear up to once, the username part (that is, 

the string before the @ sign) cannot be more than 55 characters, and the domain name part cannot be 

more than 128 characters. 

all

: Specifies that the authentication mode for the SSH user can be either password authentication or 

publickey authentication.  

password

: Specifies the authentication mode for the SSH user as password authentication.  

password-publickey

: Specifies the authentication mode for the SSH user as password and publickey. 

publickey

: Specifies the authentication mode for the SSH user as publickey (RSA key or DSA key ) 

authentication. 

 

rsa

: Specifies the authentication mode for the SSH user as publickey (RSA key or DSA key ) 

authentication. The authentication modes specified by the 

rsa 

keyword and 

publickey 

keyword are 

implemented in the same way 

 

 

For the 

password-publickey

 authentication type:  

z

 

SSH1 client users can access the switch as long as they pass one of the two authentications. 

z

 

SSH2 client users can access the switch only when they pass both the authentications. 

 

Description 

Use the 

ssh user

 

authentication-type

 command to specify the authentication mode for SSH users on 

the server. 

Use the

 undo ssh user authentication-type

 command to remove the configuration.  

The differences between password authentication, publickey authentication, and password-publickey 

authentication are: 

z

 

Password authentication is vulnerable to attacks. 

z

 

Publickey authentication provides more secure SSH connections than password authentication 

does. The mode is easy to use and prevents illegal operations such as malicious password guess. 

Summary of Contents for 5500-EI Series

Page 1: ...i Table of Contents 1 CLI Configuration Commands 1 1 CLI Configuration Commands 1 1 command privilege level 1 1 display history command 1 4 super 1 4 super authentication mode 1 5 super password 1 6 ...

Page 2: ... listed in Table 1 1 Table 1 1 Available CLI views for the view argument CLI view Description acl adv Advanced ACL view acl basic Basic ACL view acl ethernetframe Layer 2 ACL view acl user User defined ACL view aux Aux 1 0 0 port view that is console port view cluster Cluster view detect group Detected group view dhcp pool DHCP address pool view ethernet 100M Ethernet port view ftp client FTP clie...

Page 3: ...ce VLAN interface view command Command for which the level is to be set Description Use the command privilege level command to set the level of a specified command in a specified view Use the undo command privilege view command to restore the default Commands fall into four levels visit level 0 monitor level 1 system level 2 and manage level 3 The administrator can change the level of a command as...

Page 4: ...rting with the keyword ftp such as ftp server acl ftp server enable and ftp timeout will be restored to the default level if you have modified the command level of commands ftp server enable and ftp timeout and you want to restore only the ftp server enable command to its default level you should use the undo command privilege view system ftp server command z If you modify the command level of a c...

Page 5: ...ormerly History commands are those commands that were successfully executed recently and saved in the history command buffer You can set the size of the buffer by the history command max size command When the history command buffer is full for that user the earlier commands will be overwritten by the new ones By default the CLI can save 10 history commands for each user Related commands history co...

Page 6: ...the correct authentication information Related commands super authentication mode super password Examples Switch from the current user level to user level 3 using super password authentication Sysname super 3 Password User privilege level is 3 and only those commands can be used whose level is equal or less than this Privilege note 0 VISIT 1 MONITOR 2 SYSTEM 3 MANAGE Switch from the current user l...

Page 7: ...ow to high user level switching the HWTACACS authentication is preferred and the super password authentication mode is the backup z When both the super password authentication and the HWTACACS authentication are specified the device adopts the preferred authentication mode first If the preferred authentication mode cannot be implemented for example the super password is not configured or the HWTAC...

Page 8: ...he cipher text password _ TT8F Y 5SQ Q MAF4 1 corresponds to the plain text password 1234567 Description Use the super password command to set a switching password for a specified user level which will be used when users switch from a lower user level to the specified user level Use the undo super password command to restore the default configuration By default no such password is set Note that no...

Page 9: ...eout 1 13 ip http shutdown 1 14 lock 1 15 parity 1 16 protocol inbound 1 16 screen length 1 18 send 1 18 service type 1 19 set authentication password 1 20 shell 1 21 speed 1 22 stopbits 1 22 telnet 1 23 telnet source interface 1 24 telnet source ip 1 25 telnet server source interface 1 25 telnet server source ip 1 26 user interface 1 27 user privilege level 1 27 2 Commands for User Control 2 1 Co...

Page 10: ...the login VTY users must enter the correct authentication password to log in to the switch z If you specify the scheme keyword to authenticate users locally or remotely using usernames and passwords the actual authentication mode that is local or remote depends on other related AAA scheme configuration of the domain z If this command is executed with the command authorization keyword specified aut...

Page 11: ...name system view System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 authentication mode password Sysname ui aux0 set authentication password simple aabbcc After the configuration when a user logs in to the switch through the console port the user must enter the correct password z Example of the scheme authentication mode configuration Configure the authenticat...

Page 12: ...utomatically z The auto execute command command may cause you unable to perform common configuration in the user interface so use it with caution z Before executing the auto execute command command and save your configuration make sure you can log in to the switch in other modes and cancel the configuration Examples Configure the telnet 10 110 100 1 command to be executed automatically after users...

Page 13: ... switch successfully Note that these two commands apply to users logging in through the console port and by means of Telnet Examples Disable copyright information displaying Copyright c 2004 2008 3Com Corp and its licensors All rights reserved Without the owner s prior written consent no decompiling or reverse engineering shall be allowed Sysname system view System View return to User View with Ct...

Page 14: ...e switch operating as the Telnet server That is when the switch operates as the Telnet server the client uses this IP address to log in to the switch z If the source IP address or source interface is specified for the switch this command displays the IP address or the primary IP address of the source interface z If neither source IP address nor source interface is specified 0 0 0 0 is displayed Th...

Page 15: ...e source interface z If no source address or source IP interface is specified for the switch 0 0 0 0 is displayed That is the source IP address of Telnet service packets is that of the outbound interface Examples Display the source IP address configured for the switch operating as the Telnet client Sysname display telnet source ip The source IP you specified is 192 168 1 1 display user interface S...

Page 16: ... Type Tx Rx Modem Privi Auth Int Super F 0 AUX 0 19200 3 N S Current user interface is active F Current user interface is active and work in async mode Idx Absolute index of user interface Type Type and relative index of user interface Privi The privilege of user interface Auth The authentication mode of user interface Int The physical location of UIs Super The Super authentication mode of UIs A A...

Page 17: ... AUX 0 UXXX XXXX User interface type VTY 8 UUUU X 5 character mode users U 8 UI never used X 5 total UI in use Table 1 2 Description on the fields of the display user interface summary command Field Description User interface type User interface type AUX or VTY 0 UXXX XXXX 8 UUUU X 0 and 8 represent the least absolute number for AUX user interfaces and VTY user interfaces U and X indicate the usag...

Page 18: ...peration user work in async mode Table 1 3 Descriptions on the fields of the display users command Field Description UI The numbers in the left sub column are the absolute user interface indexes and those in the right sub column are the relative user interface indexes Delay The period in seconds the user interface idles for Type User type Ipaddress The IP address from which the user logs in Userna...

Page 19: ... Level Level of a Web user Login Time Time when a Web user logs in Last Req Time Time when the latest request is made free user interface Syntax free user interface type number View User view Parameters type User interface type which can be AUX for AUX user interface and VTY for VTY user interface number User interface index A user interface index can be relative or absolute z In relative user int...

Page 20: ...r user name and password If a user logs in to the switch through Web the banner text configured will be displayed on the banner page shell Sets the session banner which appears after a session is established If you specify to authenticate login users the banner appears after a user passes the authentication text Banner to be displayed If no keyword is specified this argument is the login banner Yo...

Page 21: ...d with the header legal command and before login authentication z The banner configured with the header shell command is displayed after a non modem user session is established Examples Configure banners Sysname system view System View return to User View with Ctrl Z Sysname header login Welcome to login Sysname header shell Input banner text and quit with the character Welcome to shell Sysname he...

Page 22: ...mand to set the size of the history command buffer Use the undo history command max size command to revert to the default history command buffer size By default the history command buffer can contain up to ten commands Related commands display history command Examples Set the size of the history command buffer of AUX 0 to 20 to enable it to store up to 20 commands Sysname system view System View r...

Page 23: ... 1 minute Sysname system view System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 idle timeout 1 ip http shutdown Syntax ip http shutdown undo ip http shutdown View System view Parameters None Description Use the ip http shutdown command to shut down the WEB Server Use the undo ip http shutdown command to launch the WEB Server By default the WEB Server is launc...

Page 24: ...revent unauthorized operations in the user interface After you execute this command the system prompts you for the password and prompts you to confirm the password The user interface is locked only when the password entered is correct To unlock a user interface press Enter and then enter the password as prompted Note that if you set a password containing more than 16 characters the system matches ...

Page 25: ...rforms odd checks Description Use the parity command to set the check mode of the user interface Use the undo parity command to revert to the default check mode By default no check is performed Examples Set to perform even checks Sysname system view System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 parity even protocol inbound Syntax protocol inbound all ssh ...

Page 26: ... 22 will be disabled z If the authentication mode is scheme there are three scenarios when the supported protocol is specified as telnet TCP 23 will be enabled when the supported protocol is specified as ssh TCP 22 will be enabled when the supported protocol is specified as all both the TCP 23 and TCP 22 port will be enabled To configure a user interface to support SSH you need to set the authenti...

Page 27: ...iew System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 screen length 20 send Syntax send all number type number View User view Parameters all Sends messages to all user interfaces type User interface type which can be AUX for AUX user interface and VTY for VTY user interface number User interface index A user interface index can be relative or absolute z In re...

Page 28: ...net Specifies the users to be of Telnet type terminal Makes terminal services available to users logging in through the console port level level Specifies the user level for Telnet users Terminal users or SSH users The level argument ranges from 0 to 3 and defaults to 0 Description Use the service type command to specify the login type and the corresponding available command level Use the undo ser...

Page 29: ...mmand level Examples Configure commands at level 0 are available to the users logging in using the user name of zbr Sysname system view System View return to User View with Ctrl Z Sysname local user zbr Sysname luser zbr service type telnet level 0 To verify the above configuration you can quit the system log in again using the user name of zbr and then list the available commands as listed in the...

Page 30: ...F4 1 Description Use the set authentication password command to set the local password Use the undo set authentication password command to remove the local password Note that only plain text passwords are expected when users are authenticated By default password authentication is performed when a user logs in through a modem or Telnet If no password is set the user cannot establish a connection wi...

Page 31: ... ui vty0 4 are you sure Y N y speed Syntax speed speed value undo speed View AUX user interface view Parameters speed value Transmission speed in bps This argument can be 300 600 1200 2400 4800 9600 19 200 38 400 57 600 and 115 200 Description Use the speed command to set the transmission speed of the user interface Use the undo speed command to revert to the default transmission speed By default ...

Page 32: ...lue of the switch to a value different from that of the terminal emulation utility does not affect the communication between them Examples Set the stop bits to 2 Sysname system view System View return to User View with Ctrl Z Sysname user interface aux 0 Sysname ui aux0 stopbits 2 telnet Syntax telnet hostname ip address service port source interface interface type interface number source ip ip ad...

Page 33: ... telnet source interface Syntax telnet source interface interface type interface number undo telnet source interface View System view Parameters interface type interface number Interface type and interface number Description Use the telnet source interface command to specify the source interface for a Telnet client Use the undo telnet source interface command to remove the specified source interfa...

Page 34: ...e between the specified source IP address and the Telnet server Note that when the telnet source ip command is executed if the IP address specified is not an IP address of the local device your configuration fails Examples Set the source IP address to 192 168 1 1 for the Telnet client Sysname system view System View return to User View with Ctrl Z Sysname telnet source ip 192 168 1 1 telnet server...

Page 35: ...tem view Parameters ip address Source IP address to be set Description Use the telnet server source ip command to specify the source Telnet server IP address Use the undo telnet server source ip command to remove the source Telnet server IP address With the telnet server source ip command configured the client can log in to the local device using the specified IP address only and the login succeed...

Page 36: ...ent is not required In this case user interfaces are numbered from 0 to 12 last number User interface number identifying the last user interface to be configured The value of this argument must be larger than that of the first number argument Description Use the user interface command to enter one or more user interface views to perform configuration Examples Enter VTY0 user interface Sysname syst...

Page 37: ... the entire system and the system supporting modules Services are supported by these commands Commands concerning file system file transfer protocol FTP trivial file transfer protocol TFTP downloading using XModem user management and level setting are at administration level Refer to CLI Configuration for information about command level Examples Configure that commands at level 1 are available to ...

Page 38: ...sers Telnetting to the local switch from the current user interface outbound Applies the ACL for the users Telnetting to other devices from the current user interface This keyword is unavailable to Layer 2 ACLs Description Use the acl command to apply an ACL for Telnet users Use the undo acl command to cancel the configuration By default no ACL is applied Examples Apply ACL 2000 a basic ACL for th...

Page 39: ...ect all Web users by force Sysname free web users all ip http acl Syntax ip http acl acl number undo ip http acl View System view Parameters acl number ACL number ranging from 2000 to 2999 Description Use the ip http acl command to apply an ACL to filter Web users Use the undo ip http acl command to disable the switch from filtering Web users using the ACL By default the switch does not use the AC...

Page 40: ...ugh SNMP You can also optionally use this command to apply an ACL to perform access control for network management users Use the undo snmp agent community command to cancel community related configuration for the specified community By default SNMPv1 and SNMPv2c access a switch by community names Examples Set the community name to h123 enable users to access the switch in the name of the community...

Page 41: ... create an SNMP group You can also optionally use this command to apply an ACL to filter network management users Use the undo snmp agent group command to remove a specified SNMP group By default the SNMP group configured through the snmp agent group v3 command is not authenticated or encrypted Examples Create an SNMP group named h123 and apply ACL 2001 for network management users assuming that b...

Page 42: ...racters in plain text a 32 bit hexadecimal number in cipher text if MD5 algorithm is used and a 40 bit hexadecimal number in cipher text if SHA algorithm is used acl number Basic ACL number ranging from 2000 to 2999 local Specifies local entity users engineid string Engine ID associated with the user a string of even number of hexadecimal numbers and comprising of 10 to 64 hexadecimal digits Descr...

Page 43: ...2 6 ...

Page 44: ... 1 1 File Attribute Configuration Commands 1 1 display current configuration 1 1 display current configuration vlan 1 5 display saved configuration 1 6 display startup 1 8 display this 1 9 reset saved configuration 1 10 save 1 11 startup saved configuration 1 13 ...

Page 45: ...an directly input the file name text txt as the file URL File Attribute Configuration Commands display current configuration Syntax display current configuration configuration configuration type interface interface type interface number by linenum begin exclude include regular expression View Any view Parameters configuration configuration type Specifies to display non interface configuration If c...

Page 46: ...he beginning of a line For example regular expression user matches lines beginning with user not Auser Ending sign the string to the left of this character appears only at the end of a line For example regular expression user matches lines ending with user not userA Full stop a wildcard used in place of any character including blank None Asterisk the character to the left of the asterisk should ma...

Page 47: ...les Display configuration information about all the interfaces on the current switch Sysname display current configuration interface interface Vlan interface1 ip address 192 168 0 30 255 255 255 0 interface Aux1 0 0 interface Ethernet1 0 1 interface Ethernet1 0 2 interface Ethernet1 0 3 interface Ethernet1 0 4 interface Ethernet1 0 5 interface Ethernet1 0 6 interface Ethernet1 0 7 interface Ethern...

Page 48: ...ration include 10 password control login attempt 3 exceed lock time 120 vlan 1 interface Vlan interface1 ip address 192 168 0 30 255 255 255 0 ntp service unicast server 192 168 0 52 ntp service unicast server 192 168 0 65 interface Aux1 0 0 interface Ethernet1 0 1 interface Ethernet1 0 2 interface Ethernet1 0 3 interface Ethernet1 0 4 interface Ethernet1 0 5 interface Ethernet1 0 6 interface Ethe...

Page 49: ...nfiguration information with line numbers Description Use the display current configuration vlan command to display the current VLAN configuration of the switch Without the vlan id argument specified this command displays configuration information about all the VLANs that exist on the switch If there are contiguous VLANs without any configuration the system combines these VLANs together in the for...

Page 50: ...without a configuration file the system will display that no configuration file exists upon execution of the command z If you have saved configuration after the switch starts up the command displays the last saved configuration Related commands save reset saved configuration display current configuration Examples Display the initial configuration file of the current switch Sysname display saved co...

Page 51: ...rnet1 0 9 interface Ethernet1 0 10 interface Ethernet1 0 11 interface Ethernet1 0 12 interface Ethernet1 0 13 interface Ethernet1 0 14 interface Ethernet1 0 15 interface Ethernet1 0 16 interface Ethernet1 0 17 interface Ethernet1 0 18 interface Ethernet1 0 19 interface Ethernet1 0 20 interface Ethernet1 0 21 interface Ethernet1 0 22 interface Ethernet1 0 23 interface Ethernet1 0 24 TOPOLOGYCFG MUS...

Page 52: ...ation of a switch Note that z If the switch is not a unit of a fabric this command displays the startup configuration file information of the current switch no matter whether you have specified the unit id argument or not z If the switch is a unit of a fabric without unit id specified this command displays the startup configuration file information of all the units in the fabric with unit id speci...

Page 53: ...s Syntax display this by linenum View Any view Parameters by linenum Displays configuration information with line numbers Description Use the display this command to display the current configuration performed in the current view To verify the configuration performed in a view you can use this command to display the parameters that are valid in the current view Note that z Effective parameters tha...

Page 54: ...eset saved configuration command to erase the configuration file saved in the Flash of a switch The following two situations exist z While the reset saved configuration main command erases the configuration file with main attribute it only erases the main attribute of a configuration file having both main and backup attribute z While the reset saved configuration backup command erases the configur...

Page 55: ...tion file main Saves the configuration to the main configuration file Description Use the save command to save the current configuration to a configuration file in the Flash When you use this command to save the configuration file z If the main and backup keywords are not specified the current configuration will be saved to the main configuration file z If the cfgfile argument is specified but the...

Page 56: ...on cfgbak backup configuration file containing the original configuration information or and a configuration file with the extension cfgtmp temporary configuration file containing the current configuration information in the Flash you can change the extension cfgbak or cfgtmp to cfg using the rename command The switch will use the renamed configuration file to initialize itself when it starts up n...

Page 57: ...the main configuration file or the backup configuration file to be used for the next startup of the switch Use the undo startup saved configuration command to specify a switch to use null configuration when it restarts Note that z If you execute the startup saved configuration command with neither the backup nor the main keyword specified the configuration file identified by the cfgfile argument i...

Page 58: ...named config cfg as the main configuration file to be used for the next startup of the current switch which is not in any fabric Sysname startup saved configuration config cfg main Please wait Done When a fabric is formed configure the configuration file named 123 cfg as the backup configuration file to be used for the next startup of unit 1 in the fabric Sysname startup saved configuration unit1 ...

Page 59: ...down 1 5 vlan 1 6 Port Based VLAN Configuration Commands 1 7 display port 1 7 port 1 7 port access vlan 1 8 port hybrid pvid vlan 1 9 port hybrid vlan 1 9 port link type 1 10 port trunk permit vlan 1 11 port trunk pvid vlan 1 12 Protocol Based VLAN Configuration Commands 1 12 display protocol vlan interface 1 12 display protocol vlan vlan 1 13 port hybrid protocol vlan vlan 1 14 protocol vlan 1 15...

Page 60: ...iption string to the current VLAN or VLAN interface Use the undo description command to restore the default description string By default the description string of the current VLAN is its VLAN ID such as VLAN 0001 the description string of the current VLAN interface is its name such as Vlan interface 1 Interface Related command display vlan and display interface Vlan interface Example Specify the ...

Page 61: ...ace Vlan interface 2 Vlan interface2 current state DOWN Line protocol current state DOWN IP Sending Frames Format is PKTFMT_ETHNT_2 Hardware address is 000f e207 4101 Internet Address is 10 1 1 1 24 Primary Description Vlan interface2 Interface The Maximum Transmit Unit is 1500 Table 1 1 Description on the fields of the display interface Vlan interface command Field Description Vlan interface2 cur...

Page 62: ...e configured IP Address 192 168 0 39 Subnet Mask 255 255 255 0 Description VLAN 0001 Name VLAN 0001 Tagged Ports none Untagged Ports GigabitEthernet1 0 1 GigabitEthernet1 0 2 GigabitEthernet1 0 3 GigabitEthernet1 0 4 GigabitEthernet1 0 5 GigabitEthernet1 0 6 GigabitEthernet1 0 7 GigabitEthernet1 0 8 GigabitEthernet1 0 9 GigabitEthernet1 0 10 GigabitEthernet1 0 11 GigabitEthernet1 0 12 GigabitEther...

Page 63: ...enter VLAN interface view VLAN interface is a virtual interface in Layer 3 mode used to realize the layer 3 communication between different VLANs Each VLAN has a VLAN interface which can forward packets of the local VLAN to the destination IP addresses at the network layer Use the undo interface Vlan interface command to delete the VLAN interface Related command display interface Vlan interface Be...

Page 64: ...wn undo shutdown View VLAN interface view Parameter None Description Use the shutdown command to disable the VLAN interface Use the undo shutdown command to enable the VLAN interface By default the VLAN interface is enabled In this case the physical status of the VLAN interface is affected by that of the ports in the VLAN z When all the Ethernet ports in the VLAN are down the VLAN interface of the...

Page 65: ... you want to create and whose view you want to enter This argument ranges from 1 to 4 094 Description Use the vlan command to enter VLAN view If the VLAN identified by the vlan id argument does not exist this command creates the VLAN and then enters VLAN view Use the undo vlan command to remove the specified VLAN z VLAN 1 is the default VLAN and cannot be removed z When you use the undo vlan comma...

Page 66: ...View Any view Parameters hybrid Displays hybrid ports trunk Displays trunk ports Description Use the display port command to display the existing hybrid or trunk ports if any Examples Display the existing hybrid ports Sysname display port hybrid The following hybrid ports exist GigabitEthernet1 0 1 GigabitEthernet1 0 2 The above information shows the current system has two hybrid ports GigabitEthe...

Page 67: ...abitEthernet1 0 2 through GigabitEthernet1 0 4 to VLAN 2 Sysname system view System View return to User View with Ctrl Z Sysname vlan 2 Sysname vlan2 port GigabitEthernet 1 0 2 to GigabitEthernet 1 0 4 port access vlan Syntax port access vlan vlan id undo port access vlan View Ethernet port view Parameters vlan id VLAN ID defined in IEEE802 1Q in the range of 1 to 4094 Description Use the port acc...

Page 68: ...1 Description Use the port hybrid pvid vlan command to set the default VLAN ID for the hybrid port Use the undo port hybrid pvid command to restore the default VLAN ID of the port Related commands port link type The local and remote hybrid ports must use the same default VLAN ID for the traffic of the default VLAN to be transmitted properly Examples Set the default VLAN ID of the hybrid port Gigab...

Page 69: ...use the command multiple times all VLANs specified in the commands will be allowed to pass through the port The VLAN specified by the vlan id argument must exist Otherwise this command is invalid Related commands port link type Examples Assign the hybrid port GigabitEthernet 1 0 1 to VLAN 2 VLAN 4 and VLAN 50 through VLAN 100 configuring the port to keep VLAN tags when the packets of the specified...

Page 70: ...all View Ethernet port view Parameters vlan id list VLAN range to which the trunk port will be added vlan id list vlan id1 to vlan id2 1 10 where vlan id is in the range of 1 to 4094 and can be discrete and 1 10 means you can input up to ten VLAN IDs ID ranges all Adds the trunk port to all VLANs Description Use the port trunk permit vlan command to assign the trunk port to the specified VLANs Use...

Page 71: ...0 Sysname system view System View return to User View with Ctrl Z Sysname interface GigabitEthernet 1 0 1 Sysname GigabitEthernet1 0 1 port link type trunk Sysname GigabitEthernet1 0 1 port trunk pvid vlan 100 Protocol Based VLAN Configuration Commands display protocol vlan interface Syntax display protocol vlan interface interface type interface number to interface type interface number all View ...

Page 72: ...ocol type 50 1 ipx raw 80 2 at 100 3 snap etype 0x0abc 100 4 llc dsap 0xac ssap 0xbd display protocol vlan vlan Syntax display protocol vlan vlan vlan id to vlan id all View Any view Parameter vlan id VLAN ID in the range of 1 to 4094 to Specifies a VLAN ID range Make sure the vlan id argument to the right of this keyword is larger than or equal to the argument to the left of this keyword all Spec...

Page 73: ... end End protocol index in the range of 0 to 4 Note that this argument must be larger than or equal to the protocol index argument all Specifies all protocol indexes If the all keyword in the port hybrid protocol vlan vlan command is specified this command associates the port with all the protocol indexes of the specified protocol based VLAN if the all keyword in the undo port hybrid protocol vlan...

Page 74: ...n vlan 3 0 to 4 protocol vlan Syntax protocol vlan protocol index at ip ipx ethernetii llc raw snap mode ethernetii etype etype id llc dsap dsap id ssap ssap id snap etype etype id undo protocol vlan protocol index to protocol index end all View VLAN view Parameter at Specifies the VLAN to be an AppleTalk based VLAN ip Specifies the VLAN to be an IP based VLAN ipx Specifies the VLAN to be an IPX b...

Page 75: ...137 Description Use the protocol vlan command to configure the protocol template used for classifying protocol based VLANs Use the undo protocol vlan command to disable the configuration Related command display protocol vlan vlan Example Configure VLAN 3 as a protocol based VLAN and assign IP packets to VLAN 3 for transmission Sysname system view System View return to User View with Ctrl Z Sysname...

Page 76: ...1 17 ...

Page 77: ...play fib ip address 2 2 display fib acl 2 3 display fib 2 4 display fib ip prefix 2 5 display fib statistics 2 5 display icmp statistics 2 6 display ip socket 2 7 display ip statistics 2 8 display tcp statistics 2 10 display tcp status 2 12 display udp statistics 2 13 icmp redirect send 2 14 icmp unreach send 2 15 ip forward broadcast 2 15 reset ip statistics 2 16 reset tcp statistics 2 16 reset u...

Page 78: ...er 3 interfaces is displayed Examples Display information about VLAN interface 1 Sysname display ip interface Vlan interface 1 Vlan interface1 current state UP Line protocol current state UP Internet Address is 192 168 0 39 24 Primary Broadcast address 192 168 0 255 The Maximum Transmit Unit 1500 bytes IP packets input number 9678 bytes 475001 multicasts 7 IP packets output number 8622 bytes 39108...

Page 79: ... Total number of packets bytes and multicast packets forwarded and received on the interface TTL invalid packet number Number of received invalid TTL packets ICMP packet input number 0 Echo reply 0 Unreachable 0 Source quench 0 Routing redirect 0 Echo request 0 Router advert 0 Router solicit 0 Time exceed 0 IP header bad 0 Timestamp request 0 Timestamp reply 0 Information request 0 Information rep...

Page 80: ...ely down l loopback s spoofing Interface IP Address Physical Protocol Description Vlan interface1 192 168 0 39 up up Vlan inte Table 1 2 Description on the fields of the display ip interface brief command Field Description down The interface is administratively shut down with the shutdown command s Spoofing attribute of the interface It indicates that the interface whose link layer protocol is dis...

Page 81: ...ddress command without any parameter the switch deletes both primary and secondary IP addresses of the interface z The undo ip address ip address mask mask length command is used to delete the primary IP address z The undo ip address ip address mask mask length sub command is used to delete specified secondary IP addresses z You can assign at most five IP address to an interface among which one is...

Page 82: ...9 12 1 1 to VLAN interface 1 with subnet mask 255 255 255 0 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 ip address 129 12 0 1 255 255 255 0 Sysname Vlan interface1 ip address 129 12 1 1 255 255 255 0 sub ...

Page 83: ...xamples Display all FIB information Sysname display fib Flag U Usable G Gateway H Host B Blackhole D Dynamic S Static R Reject E Equal cost multi path L Generated by ARP or ESIS Destination Mask Nexthop Flag TimeStamp Interface 10 153 17 0 24 10 153 17 99 U t 37 Vlan interface1 10 153 18 88 32 127 0 0 1 GHU t 37 InLoopBack0 10 153 18 0 24 10 153 18 88 U t 37 LoopBack0 10 153 17 99 32 127 0 0 1 GHU...

Page 84: ...sk2 mask length2 longer longer View Any view Parameters ip address1 ip address2 Destination IP addresses in dotted decimal notation ip address1 and ip address2 together define an address range The FIB entries in this address range will be displayed mask1 mask2 Subnet masks in dotted decimal notation mask length1 mask length2 Length of the subnet masks the number of consecutive ones in the masks in...

Page 85: ... Flag TimeStamp Interface 12 158 10 0 24 12 158 10 1 U t 85391 Vlan interface10 Display FIB entry information which has a destination in the range of 12 158 10 0 24 to 12 158 10 6 24 and has a mask length of 24 Sysname display fib 12 158 10 0 255 255 255 0 12 158 10 6 255 255 255 0 Route Entry Count 1 Flag U Usable G Gateway H Host B Blackhole D Dynamic S Static R Reject E Equal cost multi path L ...

Page 86: ...egular expression View Any view Parameters Uses a regular expression to match FIB entries For detailed information about regular expression refer to Configuration File Management Command begin Displays a specific FIB entry and all the FIB entries following it The specific FIB entry is the first entry that matches the specified regular expression exclude Displays the FIB entries that do not match t...

Page 87: ... with Ctrl Z Sysname ip ip prefix abc permit 211 71 75 0 24 Sysname display ip ip prefix abc name index conditions ip prefix mask GE LE abc 10 permit 211 71 75 0 24 Display the FIB entries matching IP prefix list abc Sysname display fib ip prefix abc Route Entry matched by prefix list abc Summary Counts 1 Flag U Usable G Gateway H Host B Blackhole D Dynamic S Static R Reject E Equal cost multi pat...

Page 88: ...CMP packets Sysname display icmp statistics Input bad formats 0 bad checksum 0 echo 5 destination unreachable 0 source quench 0 redirects 0 echo reply 10 parameter problem 0 timestamp 0 information request 0 mask requests 0 mask replies 0 time exceeded 0 Output echo 10 destination unreachable 0 source quench 0 redirects 0 echo reply 5 parameter problem 0 timestamp 0 information reply 0 mask reques...

Page 89: ...uench Number of sent source quench packets redirects Number of sent redirection packets echo reply Number of sent replies parameter problem Number of sent parameter problem packets timestamp Number of sent time stamp packets information reply Number of sent information reply packets mask requests Number of sent mask requests mask replies Number of sent mask replies Output time exceeded Number of s...

Page 90: ...192 rcvbuf 8192 sb_cc 0 rb_cc 0 socket option SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE socket state SS_ISCONNECTED SS_PRIV SS_ASYNC Table 2 3 Description on the fields of the display ip socket command Field Description SOCK_STREAM Indicates the socket type is TCP SOCK_DGRAM Indicates the socket type is UDP SOCK_RAW Indicates the socket type is raw IP Task Task ID socketid Socket ID P...

Page 91: ... unknown protocol packets Unknown protocol packets are destined to the local device but the upper layer protocol specified in their IP header cannot be processed by the device For example if a switch is not enabled with the Layer 3 multicast function it considers IGMP packets as unknown protocol packets bad format Total number of packets with incorrect header format that contains a wrong version o...

Page 92: ...display tcp statistics command to display the statistics about TCP packets Related commands display tcp status reset tcp statistics Examples Display the statistics about TCP connections Sysname display tcp statistics Received packets Total 753 packets in sequence 412 11032 bytes window probe packets 0 window update packets 0 checksum error 0 offset error 0 short error 0 duplicate packets 4 88 byte...

Page 93: ...s received offset error Number of offset error packets received short error Number of received packets with length being too small duplicate packets Number of completely duplicate packets received partially duplicate packets Number of partially duplicate packets received out of order packets Number of out of order packets received packets of data after window Number of packets outside the receivin...

Page 94: ...ed Closed connections Number of connections closed in brackets are connections closed accidentally before receiving SYN from the peer and connections closed initiatively after receiving SYN from the peer Packets dropped with MD5 authentication Number of packets dropped with MD5 authentication Packets permitted with MD5 authentication Number of packets permitted with MD5 authentication display tcp ...

Page 95: ...ription Use the display udp statistics command to display the statistics about UDP packets Related commands reset udp statistics Examples Display the statistics about UDP packets Sysname display udp statistics Received packets Total 26320 checksum error 0 shorter than header 0 data length larger than packet 0 no socket on port 0 total broadcast or multicast packets 25006 no socket broadcast or mul...

Page 96: ...full Number of not delivered packets due to a full socket cache packets input packets missing pcb cache Number of packets without matching PCB cache Sent packets Total Total number of UDP packets sent icmp redirect send Syntax icmp redirect send undo icmp redirect send View System view Parameters None Description Use the icmp redirect send command to enable the device to send ICMP redirection pack...

Page 97: ...efault the device is enabled to send ICMP destination unreachable packets Examples Disable the device from sending ICMP destination unreachable packets Sysname system view System View return to User View with Ctrl Z Sysname undo icmp unreach send ip forward broadcast Syntax ip forward broadcast undo ip forward broadcast View System view Parameters None Description Use the ip forward broadcast comm...

Page 98: ...P packets You can use the display ip statistics command to view the current IP packet statistics Related commands display ip interface Examples Clear the statistics about IP packets Sysname reset ip statistics reset tcp statistics Syntax reset tcp statistics View User view Parameters None Description Use the reset tcp statistics command to clear the statistics about TCP packets You can use the dis...

Page 99: ...h the value ranging from 76 to 3600 Description Use the tcp timer fin timeout command to configure the TCP finwait timer Use the undo tcp timer fin timeout command to restore the default value of the TCP finwait timer By default the value of the TCP finwait timer is 675 seconds When the TCP connection state changes from FIN_WAIT_1 to FIN_WAIT_2 the finwait timer is enabled If the switch does not r...

Page 100: ...rminated Related commands tcp timer fin timeout tcp window Examples Configure the value of the TCP synwait timer to 80 seconds Sysname system view System View return to User View with Ctrl Z Sysname tcp timer syn timeout 80 tcp window Syntax tcp window window size undo tcp window View System view Parameters window size Size of the transmission and receiving buffers of the connection oriented socke...

Page 101: ...r fin timeout tcp timer syn timeout Examples Configure the size of the transmission and receiving buffers of the connection oriented socket to 3 KB Sysname system view System View return to User View with Ctrl Z Sysname tcp window 3 ...

Page 102: ...ds 1 1 display voice vlan error info 1 1 display voice vlan oui 1 1 display voice vlan status 1 2 display vlan 1 3 voice vlan 1 4 voice vlan aging 1 5 voice vlan enable 1 6 voice vlan legacy 1 7 voice vlan mac address 1 7 voice vlan mode 1 8 voice vlan qos 1 9 voice vlan security enable 1 10 ...

Page 103: ... display the ports on which the voice VLAN function fails to be enabled When ACL number applied to a port reaches to its threshold voice VLAN cannot be enabled on this port Examples Display the ports on which voice VLAN fails to be enabled Sysname display voice vlan error info Fail to apply voice VLAN ACL rules to the following port s Ethernet1 0 10 Ethernet1 0 15 display voice vlan oui Syntax dis...

Page 104: ...0 ffff ff00 0000 H3C Aolynk phone 00d0 1e00 0000 ffff ff00 0000 Pingtel phone 00e0 7500 0000 ffff ff00 0000 Polycom phone 00e0 bb00 0000 ffff ff00 0000 3Com phone display voice vlan status Syntax display voice vlan status View Any view Parameters None Description Use the display voice vlan status command to display voice VLAN related information The output of the command displays information such ...

Page 105: ...me Current voice vlan enable port mode The ports on which the voice VLAN function is enabled PORT Port number MODE Voice VLAN assignment mode on the port which can be auto or manual COS The CoS precedence marked on the voice traffic passing through the port DSCP The DSCP precedence marked on the voice traffic passing through the port The Current voice vlan enable port mode field lists the ports wi...

Page 106: ...VLAN voice vlan Syntax voice vlan vlan id enable undo voice vlan enable View System view Parameters vlan id Specifies the ID of the VLAN to be enabled with the voice VLAN function in the range of 2 to 4094 Note that the VLAN must already exist Description Use the voice vlan command to configure the specified VLAN as the voice VLAN that is enable voice VLAN globally Use the undo voice vlan enable c...

Page 107: ...le the voice VLAN function for other VLANs the system will prompt that your configuration fails Sysname voice vlan 4 enable Can t change voice vlan configuration when other voice vlan is running voice vlan aging Syntax voice vlan aging minutes undo voice vlan aging View System view Parameters minutes Sets the voice VLAN aging timer in minutes in the range of 5 to 43200 Description Use the voice vl...

Page 108: ...ve a port that has not transmitted voice traffic from the voice VLAN timely thus improving network security However this may cause the port to be assigned to or removed from the voice VLAN frequently Therefore you are recommended to set a small voice VLAN aging timer in a network with only a few voice applications Related commands display voice vlan status Examples Set the aging time of the voice ...

Page 109: ...e VLAN legacy function By default the voice VLAN legacy function is disabled Examples Enable the voice VLAN legacy function on Ethernet1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 voice vlan legacy voice vlan mac address Syntax voice vlan mac address oui mask oui mask description text undo voice vlan mac address oui Vi...

Page 110: ...e 1 2 Default OUI addresses of a switch Number OUI address Vendor 1 0003 6b00 0000 Cisco phone 2 000f e200 0000 H3C Aolynk phone 3 00d0 1e00 0000 Pingtel phone 4 00e0 7500 0000 Polycom phone 5 00e0 bb00 0000 3Com phone Related commands display voice vlan oui Examples Add MAC address 00aa bb00 0000 to the OUI list and configure its description as ABC Sysname system view System View return to User V...

Page 111: ...ith Ctrl Z Sysname interface Ethernet 1 0 2 Sysname Ethernet1 0 2 undo voice vlan mode auto voice vlan qos Syntax voice vlan qos cos value dscp value trust undo voice vlan qos View Ethernet port view Parameters cos value Sets the CoS precedence marked for voice VLAN traffic in the range 0 to 7 dscp value Sets the DSCP precedence marked for voice VLAN traffic in the range 0 to 63 trust Sets the por...

Page 112: ... enable command to enable the voice VLAN security mode Use the undo voice vlan security enable command to disable the voice VLAN security mode In security mode the ports in a voice VLAN and with voice devices attached to can only forward voice data Data packets with their MAC addresses not among the OUI addresses that can be identified by the system will be filtered out This mode has no effects on...

Page 113: ...P Configuration Commands 1 1 display garp statistics 1 1 display garp timer 1 2 garp timer 1 3 garp timer leaveall 1 4 reset garp statistics 1 5 GVRP Configuration Commands 1 6 display gvrp statistics 1 6 display gvrp status 1 7 gvrp 1 7 gvrp registration 1 8 ...

Page 114: ... not specified this command displays the GARP statistics on all the ports The switch automatically collects statistics about GVRP packets sent received and dropped on GVRP enabled ports Upon system reboot or the execution of the reset garp statistics command the system automatically deletes the statistics and starts collecting statistics again You can check whether GVRP is running normally on a po...

Page 115: ...erface list View Any view Parameters interface list Specifies a list of Ethernet ports of which the GARP timer settings are to be displayed In this list you can specify individual ports and port ranges An individual port takes the form of interface type interface number and a port range takes the form of interface type interface number1 to interface type interface number2 with interface number2 ta...

Page 116: ...alue Timeout time in centiseconds of the GARP timer Hold Join or Leave to be set Description Use the garp timer command to set a GARP timer that is the Hold timer the Join timer or the Leaver timer for an Ethernet port Use the undo garp timer command to restore the default setting of a GARP timer By default the Hold Join and Leave timers are set to 10 20 and 60 centiseconds Note that z The setting...

Page 117: ...shold by changing the timeout time of the Join timer This upper threshold is less than the timeout time of the LeaveAll timer You can change the threshold by changing the timeout time of the LeaveAll timer LeaveAll This lower threshold is greater than the timeout time of the Leave timer You can change threshold by changing the timeout time of the Leave timer 32 765 centiseconds In networking the f...

Page 118: ...In networking you are recommended to set the GARP LeaveAll timer to 12000 centiseconds 2 minutes Related commands display garp timer Examples Set the GARP LeaveAll timer to 100 centiseconds Sysname system view System View return to User View with Ctrl Z Sysname garp timer leaveall 100 reset garp statistics Syntax reset garp statistics interface interface list View User view Parameters interface li...

Page 119: ... the GVRP statistics on the specified ports You need to provide the interface list argument in the format of interface type interface number to interface type interface number 1 10 where the interface type argument represents the port type the interface number argument represents the port number and 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Note that...

Page 120: ...Examples Display the global GVRP status Sysname display gvrp status GVRP is enabled The above information indicates that GVRP is enabled globally gvrp Syntax gvrp undo gvrp View System view Ethernet port view Parameters None Description Use the gvrp command to enable GVRP globally in system view or for a port in Ethernet port view Use the undo gvrp command to disable GVRP globally in system view o...

Page 121: ...cannot register or deregister VLAN information dynamically It only propagates static VLAN information Besides the port permits only static VLANs that is it propagates only static VLAN information to the other GARP members forbidden Specifies the forbidden GVRP registration mode A port operating in this mode cannot register or deregister VLAN information dynamically It permits only VLAN 1 that is i...

Page 122: ...es Configure Ethernet1 0 1 to operate in fixed GVRP registration mode Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet1 0 1 Sysname Ethernet1 0 1 gvrp registration fixed ...

Page 123: ...erval 1 18 giant frame statistics enable 1 19 interface 1 20 jumboframe enable 1 20 link delay 1 21 loopback 1 22 loopback detection control enable 1 23 loopback detection enable 1 24 loopback detection interface list enable 1 25 loopback detection interval time 1 26 loopback detection per vlan enable 1 26 loopback detection shutdown enable 1 27 mdi 1 28 multicast suppression 1 29 reset counters i...

Page 124: ...to 262143 for a GigabitEthernet port Description Use the broadcast suppression command to limit broadcast traffic allowed to be received on each port in system view or on a specified port in Ethernet port view Use the undo broadcast suppression command to restore the default broadcast suppression setting The broadcast suppression command is used to enable broadcast suppression By default broadcast...

Page 125: ...that can be received per second by the Ethernet 1 0 1 port to 1 000 Sysname Ethernet1 0 1 broadcast suppression pps 1000 copy configuration Syntax copy configuration source interface type interface number aggregation group source agg id destination interface list aggregation group destination agg id aggregation group destination agg id View System view Parameters interface type Port type interface...

Page 126: ...apping port rate limiting priority trust mode QoS profile the qos profile port based configuration cannot be copied and so on STP The enable disable state of STP on the port link attribute of the port point to point or non point to point STP priority path cost transmission rate limit enable disable state of loop protection enable disable state of root protection and whether the port is an edge por...

Page 127: ...ation Copying QOS configuration Copying GARP configuration Copying STP configuration Copying speed duplex configuration Copying speed configuration to interface Ethernet1 0 1 failed Copying QoS rate limit configuration to interface Ethernet1 0 2 failed The output shows that all configurations except port rate limiting and QoS traffic policing were copied successfully description Syntax description...

Page 128: ...ommand to display the configured description Examples Set description string home for the Ethernet 1 0 1 port Sysname system view System View return to User View with Ctrl Z Sysname interface ethernet 1 0 1 Sysname Ethernet1 0 1 description home display brief interface Syntax display brief interface interface type interface number begin include exclude regular expression View Any view Parameters i...

Page 129: ... Related commands display interface Examples Display the brief configuration information about the Ethernet 1 0 1 port Sysname display brief interface Ethernet 1 0 1 Interface Eth Ethernet GE GigabitEthernet TENGE tenGigabitEthernet Loop LoopBack Vlan Vlan interface Cas Cascade Speed Duplex A auto negotiation Interface Link Speed Duplex Type PVID Description Eth1 0 1 DOWN A A hybrid 1 home Table 1...

Page 130: ...er description of the interface command Description Use the display interface command to display port configuration When using this command z If you specify neither port type nor port number the command displays information about all ports z If you specify only port type the command displays information about all ports of the specified type z If you specify both port type and port number the comma...

Page 131: ...rred 0 collisions 0 late collisions 0 lost carrier no carrier Table 1 4 Description on the fields of the display interface command Field Description Ethernet1 0 1 current state Current Ethernet port status UP DOWN or ADMINISTRATIVELY DOWN IP Sending Frames Format Ethernet frame format Hardware address Port hardware address Media type Media type Port hardware type Port hardware type 100Mbps speed m...

Page 132: ...es Count in packets and in bytes of incoming normal packets on the port including incoming normal packets and normal PAUSE frames The number of normal incoming broadcast packets the number of normal incoming multicast packets and the number of normal incoming PAUSE frames of the port A hyphen indicates that the statistical item is not supported input errors The total number of incoming error frame...

Page 133: ... Output normal packets bytes broadcasts multicasts pauses Count in packets and in bytes of outgoing normal packets on the port including outgoing normal packets and normal Pause frames The number of normal outgoing broadcast packets the number of normal outgoing multicast packets and the number of normal outgoing Pause frames on the port A hyphen indicates that the statistical item is not supporte...

Page 134: ...mission display link delay Syntax display link delay View Any view Parameters None Description Use the display link delay command to display the information about the ports with the link delay command configured including the port name and the configured delay Related commands link delay Examples Display the information about the ports with the link delay command configured Sysname display link de...

Page 135: ... is running Loopback detection is enabled globally Detection interval time is 30 seconds Time interval for loopback detection is 30 seconds There is no port existing loopback link No loopback port exists display packet drop Syntax display packet drop interface interface type interface number summary View Any view Parameters interface type Port type interface number Port number summary Displays the...

Page 136: ...ed By others Number of packets dropped because of other reasons display storm constrain Syntax display storm constrain interface interface type interface number begin exclude include regular expression View Any view Parameters interface type Port type interface number Port number Uses a regular expression to filter the output configuration information begin Displays the configurations that begin w...

Page 137: ...rrent status of the port which can be normal or control Trap on trap information is output when a type of traffic received on the port exceeds the upper threshold or falls below the lower threshold off trap information is not output when a type of traffic received on the port exceeds the upper threshold or falls below the lower threshold Log on log information is output when traffic received on th...

Page 138: ... Last 300 seconds output 0 packets sec 0 bytes sec Input total 0 packets 0 bytes 0 broadcasts 0 multicasts 0 pauses Input normal packets bytes broadcasts multicasts pauses Input 0 input errors 0 runts 0 giants throttles 0 CRC 0 frame overruns 0 aborts 0 ignored parity errors Output total 0 packets 0 bytes 0 broadcasts 0 multicasts 0 pauses Output normal packets bytes broadcasts multicasts pauses O...

Page 139: ...the port is in auto negotiation mode Related commands speed Examples Set the Ethernet 1 0 1 port to auto negotiation mode Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 duplex auto enable log updown Syntax enable log updown undo enable log updown View Ethernet port view Parameters None Description Use the enable log updown com...

Page 140: ...ation and execute the shutdown command or the undo shutdown command on Ethernet 1 0 1 No Up Down log information is output for Ethernet 1 0 1 Sysname Ethernet1 0 1 undo enable log updown Sysname Ethernet1 0 1 shutdown Sysname Ethernet1 0 1 undo shutdown flow control Syntax flow control undo flow control View Ethernet port view Parameters None Description Use the flow control command to configure f...

Page 141: ...gured with the flow control no pauseframe sending command can receive and process remote pause frames but cannot send pause frames actively when it is congested By default flow control is disabled on Ethernet ports Reflector ports and fabric ports do not support the flow control no pauseframe sending command Examples Configure flow control to operate in Rx mode on Ethernet 1 0 1 Sysname system vie...

Page 142: ...mation is as follows Last 100 seconds input 0 packets sec 0 bytes sec Last 100 seconds output 0 packets sec 0 bytes sec Related commands display interface Examples Set the interval to perform statistics on the Ethernet 1 0 1 port to 100 seconds Sysname system view System View return to User View with Ctrl Z Sysname interface ethernet 1 0 1 Sysname Ethernet1 0 1 flow interval 100 giant frame statis...

Page 143: ... NULL or VLAN interface interface number Port number in the format of Unit ID slot number port number where Unit ID is in the range of 1 to 8 The slot number is 0 if the port is an Ethernet port the slot number is 1 if the port is a GigabitEthernet port The port number is relevant to the device Description Use the interface command to enter specific port view To configure an Ethernet port you need...

Page 144: ...hernet 1 0 1 Sysname Ethernet1 0 1 jumboframe enable link delay Syntax link delay delay time undo link delay View Ethernet port view Parameters delay time Port state change delay to be set This argument is in the range 2 to 10 in seconds Description Use the link delay command to set the port state change delay Use the undo link delay command to restore the default By default the port state change ...

Page 145: ...the port of the switch The external loop test can locate the hardware failures on the port For 100M port the self loop headers are made from four cores of the 8 core cables for 1000M port the self loop headers are made from eight cores of the 8 core cables and the packets forwarded by the port will be received by itself internal Performs internal loop test In the internal loop test self loop is es...

Page 146: ... the trunk or hybrid port when loopback is found on the port the system sets the port to the block state where the port cannot forward data packets sends log messages to the terminal and removes the corresponding MAC forwarding entry After the loop is removed the port automatically resumes the normal forwarding state z If this feature is disabled on the trunk or hybrid port when loopback is found ...

Page 147: ...p is removed 2 If a loop is found on a trunk or hybrid port the system merely sends log messages to the terminal but does not set the port to the block state or remove the corresponding MAC forwarding entry You can also further control the loopback port by enabling one of the following function on it note that the following two functions are mutually exclusive and the latest function configured ta...

Page 148: ...e type interface number 1 10 where z interface type is the port type and interface number is the port number z Keyword to is used to specify a range of ports The port number after to must be equal to or greater than that before to z 1 10 means that you can specify up to 10 ports or port ranges Description Use the loopback detection interface list enable command to enable the loopback detection fun...

Page 149: ...rl Z Sysname loopback detection interval time 10 loopback detection per vlan enable Syntax loopback detection per vlan enable undo loopback detection per vlan enable View Ethernet port view Parameters None Description Use the loopback detection per vlan enable command to configure the system to run loopback detection on all VLANs of the current trunk or hybrid port Use the undo loopback detection ...

Page 150: ...ection function refer to loopback detection enable If a loop is found at a port z With the function enabled on the port the system will shut down the port and send log messages to the terminal After the loop is removed you need to use the undo shutdown command to bring up the port z With the function disabled on the port the system will only send log messages to the terminal and the port is still ...

Page 151: ...rt operating in this mode adjust its MDI mode between MDI and MDI X automatically z An RJ 45 interface can operate in MDI or MDI X mode z To connect two RJ 45 interfaces operating in the same MDI mode use a crossover cable to connect two RJ 45 interfaces operating in different MDI modes use a straight through cable z The MDI mode of an optical port is fixed to auto Description Use the mdi command ...

Page 152: ...multicast suppression setting on the current port When incoming multicast traffic on the port exceeds the multicast traffic threshold you set the system drops the packets exceeding the threshold to reduce the multicast traffic ratio to the reasonable range so as to keep normal network service By default the switch does not suppress multicast traffic Examples Allow the incoming multicast traffic on...

Page 153: ...eared Examples Clear the statistics of Ethernet 1 0 1 Sysname reset counters interface ethernet 1 0 1 reset packet drop interface Syntax reset packet drop interface interface type interface number View User view Parameters interface type Port type Interface number Port number Description Use the reset packet drop interface command to clear the statistics on the packets dropped on a port or all the...

Page 154: ... 3 linkDown portIndex is 4227650 ifAdminStatus is 2 ifOperStatus is 2 Apr 13 23 13 53 807 2000 Sysname L2INF 5 PORT LINK STATUS CHANGE 1 Ethernet1 0 4 is DOWN Apr 13 23 13 53 927 2000 Sysname L2INF 5 VLANIF LINK STATUS CHANGE 1 Vlan interface3 is DOWN Apr 13 23 13 54 057 2000 Sysname IFNET 5 UPDOWN 1 Line protocol on the interface Vlan interface3 is DOWN Enable Ethernet 1 0 1 Sysname Ethernet1 0 1...

Page 155: ...auto Specifies the port speed to the auto negotiation mode Description Use the speed command to set the port speed Use the undo speed command to restore the port speed to the default setting By default the port speed is in the auto negotiation mode Note that you can only specify the 1000 and auto keyword for Gigabit Ethernet ports Related commands duplex Examples Set the speed of Ethernet 1 0 1 to...

Page 156: ...uto 10 1000 storm constrain Syntax storm constrain broadcast multicast unicast max packets min packets pps kbps undo storm constrain all broadcast multicast unicast View Ethernet port view Parameters broadcast Specifies to control broadcast traffic on the port multicast Specifies to control multicast traffic on the port unicast Specifies to control unicast traffic on the port all Cancels all the s...

Page 157: ...ccording to your configuration Related commands display storm constrain storm constrain control storm constrain enable Examples Set the upper and lower thresholds of broadcast traffic on Ethernet 1 0 1 to 100 pps and 10 pps respectively Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 storm constrain broadcast 100 10 pps storm c...

Page 158: ... type of traffic on the port exceeds the upper threshold If you want to bring up the port again you can execute the undo shutdown command or the undo storm constrain all broadcast multicast unicast command Related commands display storm constrain storm constrain Examples Set the control action on Ethernet 1 0 1 to block Sysname system view System View return to User View with Ctrl Z Sysname interf...

Page 159: ...ace Ethernet 1 0 1 Sysname Ethernet1 0 1 undo storm constrain enable log storm constrain interval Syntax storm constrain interval interval value undo storm constrain interval View System view Parameters interval value Interval to collect traffic statistics in the range of 1 to 300 in seconds Description Use the storm constrain interval command to set the interval to collect traffic statistics Use ...

Page 160: ...uppression setting on the port When incoming unknown unicast traffic exceeds the unknown unicast traffic threshold you set the system drops the packets exceeding the threshold to reduce the unknown unicast traffic ratio to the reasonable range so as to keep normal network service By default the switch does not suppress unknown unicast traffic Examples Allow unknown incoming unicast traffic on Ethe...

Page 161: ...ulty point z Pair impedance mismatch z Pair skew z Pair swap z Pair polarity z Insertion loss z Return loss z Near end crosstalk By default the system does not test the cable connected to the Ethernet port Currently only cable status and cable length can be tested A hyphen indicates that the corresponding test item is not supported Examples Enable the system to test the cable connected to Ethernet...

Page 162: ...nk aggregation interface 1 1 display link aggregation summary 1 2 display link aggregation verbose 1 3 display lacp system id 1 4 lacp enable 1 5 lacp port priority 1 5 lacp system priority 1 6 link aggregation group description 1 6 link aggregation group mode 1 7 port link aggregation group 1 8 reset lacp statistics 1 9 ...

Page 163: ...e command to display the link aggregation details about a specified port or port range Note that as ports in a manual link aggregation groups do not acquire the information about their peers automatically so the entries in the information about the peer ports displayed are all 0 instead of the actual values Examples Display the link aggregation details on Ethernet 1 0 1 Sysname display link aggreg...

Page 164: ...ggregation summary Syntax display link aggregation summary View Any view Parameters None Description Use the display link aggregation summary command to display summary information of all aggregation groups Note that as ports in a manual link aggregation groups do not acquire the information about their peers automatically so the entries in the information about the peer ports displayed are all 0 ...

Page 165: ...LACP packet is received the partner ID is displayed as 0x8000 0000 0000 0000 Select Ports Number of the selected ports Unselect Ports Number of the unselected ports Share Type Load sharing type Shar load sharing or NonS non load sharing Master Port the smallest port number in an aggregation group display link aggregation verbose Syntax display link aggregation verbose agg id View Any view Paramete...

Page 166: ...g Ethernet1 0 2 S 32768 1 Ethernet1 0 3 U 32768 1 Remote Actor Partner Priority Key SystemID Flag Ethernet1 0 2 0 0 0 0x0000 0000 0000 0000 Ethernet1 0 3 0 0 0 0x0000 0000 0000 0000 Table 1 3 Description on the fields of the display link aggregation verbose command Field Description Loadsharing Type Loadsharing type including Loadsharing and Non Loadsharing Flags Flag types of LACP Aggregation ID ...

Page 167: ...ID lacp enable Syntax lacp enable undo lacp enable View Ethernet port view Parameters None Description Use the lacp enable command to enable LACP on the current port Use the undo lacp enable command to disable LACP By default LACP is disabled on a port Examples Enable the LACP protocol on Ethernet 1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet1 0 1...

Page 168: ...to User View with Ctrl Z Sysname interface Ethernet1 0 1 Sysname Ethernet1 0 1 lacp port priority 64 lacp system priority Syntax lacp system priority system priority undo lacp system priority View System view Parameters system priority System priority ranging from 0 to 65 535 Description Use the lacp system priority command to set the system priority Use the undo lacp system priority command to re...

Page 169: ...ation concerning manual and static aggregation groups and their descriptions still exists but that of the dynamic aggregation groups and their descriptions gets lost You can use the display link aggregation verbose command to check the configuration result Examples Set the description abc for aggregation group 1 Sysname system view System View return to User View with Ctrl Z Sysname link aggregati...

Page 170: ...nk aggregation group agg id undo port link aggregation group View Ethernet port view Parameters agg id Aggregation group ID in the range of 1 to 416 Description Use the port link aggregation group command to add the current Ethernet port to a manual or static aggregation group Use the undo port link aggregation group command to remove the current Ethernet port from the aggregation group Related co...

Page 171: ... Port number to Specifies a port index range with the two interface type interface number argument pairs around it as the two ends Description Use the reset lacp statistics command to clear LACP statistics on specified port s or on all ports if no port is specified Related commands display link aggregation interface Examples Clear LACP statistics on all Ethernet ports Sysname reset lacp statistics...

Page 172: ...i Table of Contents 1 Port Isolation Configuration Commands 1 1 Port Isolation Configuration Commands 1 1 display isolate port 1 1 port isolate 1 1 ...

Page 173: ...name display isolate port Isolated port s on UNIT 1 Ethernet1 0 2 Ethernet1 0 3 Ethernet1 0 4 The information above shows that Ethernet1 0 2 Ethernet1 0 3 and Ethernet1 04 are in the isolation group Neither Layer 2 nor Layer 3 packets can be exchanged between these ports port isolate Syntax port isolate undo port isolate View Ethernet port view Parameters None Description Use the port isolate comm...

Page 174: ... system view z Assigning an isolated port to an aggregation group causes all the ports in the aggregation group on the local unit to join the isolation group z The Switch 5500 EI supports cross device port isolation if XRN fabric is enabled By default the isolation group contains no port Examples Assign Ethernet 1 0 1 and Ethernet 1 0 2 to the isolation group Sysname system view System View return...

Page 175: ...urity authorization ignore 1 6 port security enable 1 7 port security guest vlan 1 8 port security intrusion mode 1 9 port security max mac count 1 11 port security ntk mode 1 12 port security oui 1 13 port security port mode 1 14 port security timer autolearn 1 17 port security timer disableport 1 18 port security timer guest vlan reauth 1 19 port security trap 1 19 ...

Page 176: ...AC address entries For each security MAC address entry the output of the command displays the MAC address the VLAN that the MAC address belongs to state of the MAC address which is always security port associated with the MAC address and the remaining lifetime of the entry By checking the output of this command you can verify the current configuration Examples Display information about all securit...

Page 177: ...display mac address security count 6 mac address es found Display the number of security MAC address entries for VLAN 1 Sysname display mac address security vlan 1 count 4 mac address es found in vlan 1 Table 1 1 Description on the fields of the display mac address security command Field Description MAC ADDR Security MAC address VLAN ID VLAN that the MAC address belongs to STATE MAC address type w...

Page 178: ...iguration Examples Display the global port security configurations and those of all ports Sysname display port security Equipment port security is enabled AddressLearn trap is Enabled Intrusion trap is Enabled Dot1x logon trap is Enabled Dot1x logoff trap is Enabled Dot1x logfailure trap is Enabled RALM logon trap is Enabled RALM logoff trap is Enabled RALM logfailure trap is Enabled Disableport T...

Page 179: ...ed The sending of 802 1x user logoff trap messages is enabled Dot1x logfailure trap is Enabled The sending of 802 1x user authentication failure trap messages is enabled RALM logon trap is Enabled The sending of MAC based authentication success trap messages is enabled RALM logoff trap is Enabled The sending of logoff trap messages for MAC based authenticated users is enabled RALM logfailure trap ...

Page 180: ... H format interface interface type interface number Specify the port on which the security MAC address is to be added The interface type interface number arguments indicate the port type and port number vlan vlan id Specify the VLAN to which the MAC address belongs The vlan id argument specifies a VLAN ID in the range 1 to 4094 Description Use the mac address security command to create a security ...

Page 181: ...display mac address interface Ethernet 1 0 1 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME s 0001 0001 0001 1 Security Ethernet1 0 1 NOAGED 1 mac address es found on port Ethernet1 0 1 port security authorization ignore Syntax port security authorization ignore undo port security authorization ignore View Ethernet port view Parameters None Description Use the port security authorization ignore comm...

Page 182: ...tax port security enable undo port security enable View System view Parameters None Description Use the port security enable command to enable port security Use the undo port security enable command to disable port security By default port security is disabled Enabling port security resets the following configurations on the ports to the defaults as shown in parentheses below z 802 1x disabled por...

Page 183: ...th a guest VLAN specified fail the authentication the port is added to the guest VLAN and users of the port can access only the resources in the guest VLAN z Multiple users may connect to one port in the macAddressOrUserLoginSecure mode for authentication however after a guest VLAN is specified a maximum of one user can pass the security authentication In this case the authentication client softwa...

Page 184: ...undo port security intrusion mode View Ethernet port view Parameters blockmac Adds the source MAC addresses of illegal packets to the blocked MAC address list As a result the packets sourced from the blocked MAC addresses will be filtered out A blocked MAC address will be unblocked three minutes not user configurable after the block action disableport Disables a port permanently once an illegal fr...

Page 185: ...you can only use the display port security command to view blocked MAC addresses Related commands display port security port security timer disableport Examples Configure the intrusion protection mode on Ethernet 1 0 1 as blockmac Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 port security intrusion mode blockmac Display info...

Page 186: ...ction mode on Ethernet 1 0 1 as disableport As a result when intrusion protection is triggered the port will be disconnected permanently Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 port security intrusion mode disableport You can bring up a port that has been permanently disabled by running the undo shutdown command or disa...

Page 187: ... security max mac count command on the port Examples Set the maximum number of MAC addresses allowed on the port to 100 Sysname system view System View return to User View with Ctrl Z Sysname port security enable Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 port security max mac count 100 port security ntk mode Syntax port security ntk mode ntkonly ntk withbroadcasts ntk withmulticasts u...

Page 188: ... Ethernet 1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname port security enable Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 port security ntk mode ntk withbroadcasts port security oui Syntax port security oui OUI value index index value undo port security oui index index value View System view Parameters OUI value OUI value You can input a 48 bit MAC address...

Page 189: ...rt security port mode Examples Configure an OUI value of 00ef ec00 0000 setting the OUI index to 5 Sysname system view System View return to User View with Ctrl Z Sysname port security oui 00ef ec00 0000 index 5 port security port mode Syntax port security port mode autolearn mac and userlogin secure mac and userlogin secure ext mac authentication mac else userlogin secure mac else userlogin secur...

Page 190: ...hentication macAddressWithRad ius In this mode MAC address authentication is applied on users trying to access the network mac else userlogin se cure macAddressElseUse rLoginSecure In this mode MAC address authentication is first applied on users If the authentication succeeds the users can access the network successfully If not 802 1x authentication is applied In this mode only one 802 1x authent...

Page 191: ...lready passed MAC address authentication However users who have already passed 802 1x authentication do not need to go through MAC address authentication In this mode only one 802 1x authenticated user can access the network through the port However there can be more than one MAC address authenticated user on the port userlogin secure or m ac ext macAddressOrUserL oginSecureExt This mode is simila...

Page 192: ...ure the port as a reflector port for port mirroring z Configure the port as a Fabric port z Configure link aggregation Related commands display port security Examples Set the security mode of Ethernet 1 0 1 on the switch to userLogin Sysname system view System View return to User View with Ctrl Z Sysname port security enable Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 port security port...

Page 193: ...erface Ethernet 1 0 1 Sysname Ethernet1 0 1 port security max mac count 4 Sysname Ethernet1 0 1 port security port mode autolearn port security timer disableport Syntax port security timer disableport timer undo port security timer disableport View System view Parameters timer This argument ranges from 20 to 300 in seconds Description Use the port security timer disableport command to set the time...

Page 194: ...mer guest vlan reauth command to configure the interval at which the switch triggers MAC address authentication after a port is added to its guest VLAN Use the undo port security timer guest vlan reauth command to restore the default By default the switch triggers MAC address authentication at intervals of 30 seconds At a certain interval the switch uses the first MAC address learned in the guest ...

Page 195: ... authentication Description Use the port security trap command to enable the sending of specified type s of trap messages Use the undo port security trap command to disable the sending of specified type s of trap messages By default the system disables the sending of any types of trap messages This command is based on the device tracking feature which enables the switch to send trap messages when ...

Page 196: ...sion trap is Enabled Disableport Timeout 20 s OUI value Ethernet1 0 1 is link down Port mode is AutoLearn NeedtoKnow mode is needtoknowonly Intrusion mode is disableportTemporarily Max mac address num is 4 Stored mac address num is 0 Authorization is ignore The rest of the information is omitted if any For description of the output information refer to Table 1 2 ...

Page 197: ...i Table of Contents 1 Port MAC IP Binding Commands 1 1 Port MAC IP Binding Commands 1 1 am user bind 1 1 display am user bind 1 2 ...

Page 198: ...address MAC address to be bound ip address IP address to be bound interface type Type of the port to be bound interface number Number of the port to be bound Description Use the am user bind command to create a port IP port MAC port MAC IP or IP MAC binding entry Use the undo am user bind command to remove a binding entry By default no binding is configured z Ensure that the IP address or MAC addr...

Page 199: ...rmation on a specified port interface type Port type interface number Port number ip addr ip addr Displays only the binding information of a specified IP address mac addr mac addr Displays only the binding information of a specified MAC address Description Use the display am user bind command to display the binding information Examples Display the binding information in the current system Sysname ...

Page 200: ...DP Configuration Commands 1 1 DLDP Configuration Commands 1 1 display dldp 1 1 dldp 1 2 dldp authentication mode 1 3 dldp interval 1 4 dldp reset 1 5 dldp unidirectional shutdown 1 5 dldp work mode 1 6 dldp delaydown timer 1 7 ...

Page 201: ...splay the DLDP configuration of a unit or a port Examples Display information about all DLDP enabled ports on unit 1 Sysname display dldp 1 dldp interval 10 dldp work mode enhance dldp authentication mode none dldp unidirectional shutdown manual dldp delaydown timer 1 The port number of unit 1 with DLDP is 1 interface GigabitEthernet1 0 49 dldp port state advertisement dldp link state up The neigh...

Page 202: ...ctive active advertisement probe disable or delaydown dldp link state Port state up or down The neighbor number of the port Number of the neighbor ports neighbor mac address MAC address of a neighbor port neighbor port index Neighbor port index neighbor state Neighbor state unknown one way or two way neighbor aged time Neighbor aging time dldp Syntax dldp enable disable View System view Ethernet p...

Page 203: ...cation mode View System view Parameters none Sets the authentication mode on the port to none Performs no authentication on the port simple Sets the authentication mode on the port to plain text simple password Plain text authentication password a string in plain text consisting of 1 to 16 characters md5 Sets the authentication mode on the port to MD5 md5 password MD5 authentication password a str...

Page 204: ...sending advertisement packets in seconds in the range of 1 to 100 It is 5 by default Description Use the dldp interval command to set the interval between sending advertisement packets for all DLDP enabled ports in the advertisement state Use the undo dldp interval command to restore the interval to the default value By default the interval between sending advertisement packets is 5 seconds A devi...

Page 205: ...mand to reset the DLDP status of all the ports disabled by DLDP In Ethernet port view Use the dldp reset command to reset the DLDP status of the current port disabled by DLDP After the dldp reset command is executed the DLDP status of a port changes from disable to active and DLDP restarts to detect the link status of the fiber cable or copper twisted pair Related commands dldp and dldp unidirecti...

Page 206: ...d By default the DLDP handling mode after a unidirectional link is found is auto Related commands dldp work mode Examples Configure DLDP to automatically disable the corresponding port when a unidirectional link is found Sysname system view System View return to User View with Ctrl Z Sysname dldp unidirectional shutdown auto dldp work mode Syntax dldp work mode enhance normal undo dldp work mode V...

Page 207: ...dp delaydown timer Syntax dldp delaydown timer delaydown time undo dldp delaydown timer View System view Parameters delaydown time Delaydown timer to be set in seconds This argument ranges from 1 to 5 Description Use the dldp delaydown timer command to set the delaydown timer Use the undo dldp delaydown timer command to restore the default delaydown timer setting By default the DelayDown timer is ...

Page 208: ...1 8 Examples Set the delaydown timer to 5 seconds Sysname system view System View return to User View with Ctrl Z Sysname dldp delaydown timer 5 ...

Page 209: ...onfiguration Commands 1 1 MAC Address Table Management Configuration Commands 1 1 display mac address aging time 1 1 display mac address 1 2 mac address 1 3 mac address aging destination hit enable 1 5 mac address max mac count 1 5 mac address timer 1 6 ...

Page 210: ...eters None Description Use the display mac address aging time command to display the aging time of the dynamic MAC address entries in the MAC address table Related commands mac address mac address timer display mac address Examples Display the aging time of the dynamic MAC address entries Sysname display mac address aging time Mac address aging time 300s The output information indicates that the a...

Page 211: ...address entries specified by related parameters in the command When this keyword is used the command displays only the number of specified MAC address entries rather than related information about these MAC address entries statistics Displays statistics of the MAC address entries maintained by the switch unit unit id Displays information about the MAC address forwarding table of the specified unit...

Page 212: ... state of the MAC address entry which can be one of the following z Config static Indicates a manually configured static address entry z Learned Indicates a dynamically learnt address entry z Config dynamic Indicates a manually configured dynamic address entry z Blackhole Indicates a blackhole entry PORT INDEX Outgoing port out of which the traffic destined for the MAC address should be sent AGING...

Page 213: ...mber vlan vlan id Removes a specified static dynamic or blackhole MAC address entry interface interface type interface number Removes all the MAC address entries concerning a specified port vlan vlan id Removes all the MAC address entries concerning a specified VLAN mac address interface interface type interface number vlan vlan id Removes a specified MAC address entry Description Use the mac addr...

Page 214: ... address entries for the destination MAC addresses This increases the MAC address table update frequency improves the usability of the MAC address table and reduces broadcasts By default the destination MAC address triggered update function is disabled Examples Enable destination MAC address triggered update Sysname system view System View return to User View with Ctrl Z Sysname mac address aging ...

Page 215: ...rn to 600 Sysname system view System View return to User View with Ctrl Z Sysname interface GigabitEthernet 1 0 3 Sysname GigabitEthernet1 0 3 mac address max mac count 600 mac address timer Syntax mac address timer aging age no aging undo mac address timer aging View System view Parameters aging age Specifies the aging time in seconds for dynamic MAC address entries The age argument ranges from 1...

Page 216: ...witch to be unable to update its MAC address table in time In this case the MAC address table cannot reflect the position changes of network devices in time Examples Set the aging time of MAC address entries to 500 seconds Sysname system view System View return to User View with Ctrl Z Sysname mac address timer aging 500 ...

Page 217: ...ommands 1 1 Auto Detect Configuration Commands 1 1 detect group 1 1 detect list 1 2 display detect group 1 3 ip route static detect group 1 4 option 1 5 retry 1 6 standby detect group 1 6 timer loop 1 7 timer wait 1 7 vrrp vrid track detect group 1 8 ...

Page 218: ...iew Parameters group number Detected group number ranging from 1 to 25 Description Use the detect group command to create a detected group and enter detected group view Use the undo detect group command to remove a detected group When a detected group is used by other features such as static routing VRRP or interface backup the detected group cannot be deleted unless you delete the features first ...

Page 219: ...detected and the Auto Detect enabled switch are not on the same network segment the ICMP packets will be forwarded to the specified next hop Description Use the detect list command to add a detected object to a detected group and specify the detection sequence number of the detected object Use the undo detect list command to remove a specified detected object When performing Auto Detect a switch d...

Page 220: ... next hop 1 202 13 1 55 1 2 3 4 Table 1 1 Description on the fields of the display detect group command Field Description detect group 1 Detected group number 1 detect loop time s Detecting interval in seconds ping wait time s Timeout time of a ping operation in seconds detect retry times Number of retries of an auto detect operation detect ip option The logic relationship between the detected obj...

Page 221: ...ou specify this keyword when executing this command any packet destined for the specified IP address is discarded and the system informs the source that the destination is unreachable blackhole Specifies the route to be a blackhole route If you specify this keyword when executing this command all outbound interfaces of the static route are the NULL 0 interfaces regardless of the next hop In additi...

Page 222: ...ween the detected objects is and When a detecting operation is being carried out the switch detects each detected object contained in the detected group in turn by their sequence number z If you specify the and keyword the switch returns reachable as the detecting result only if all the detected objects in the detected group are detected reachable z If you specify the or keyword the switch returns...

Page 223: ... the time waiting for an ICMP Reply configured with the time wait command the switch re sends an ICMP Request until the maximum retry times configured with the retry command is reached If still no ICMP Reply is received the destination IP address is considered as unreachable Examples Specify the maximum number of retires to 3 for detected group 10 Sysname system view System View return to User Vie...

Page 224: ...to 15 Description Use the timer loop command to set the detecting interval that is the frequency to perform auto detect operations Use the undo timer loop command to restore the default By default auto detect operations are performed on all detected groups every 15 seconds To monitor the destination IP address in real time an Auto Detect enabled switch detects all objects within each detecting int...

Page 225: ...hed If still no ICMP Reply is received the destination IP address is considered as unreachable Examples Set a timeout of 3 seconds waiting for an ICMP reply in detected group 10 Sysname system view System View return to User View with Ctrl Z Sysname detect group 10 Sysname detect group 10 timer wait 3 vrrp vrid track detect group Syntax vrrp vrid virtual router id track detect group group number r...

Page 226: ...etected group 10 is unreachable Sysname system view System View return to User View with Ctrl Z Sysname interface vlan interface 1 Sysname Vlan interface1 vrrp vrid 1 track detect group 10 reduced 20 After this configuration if detected group 10 is reachable the master keeps as master and if detected group 10 is unreachable the master decreases its priority by 20 and becomes a backup ...

Page 227: ...ge diameter 1 16 stp compliance 1 16 stp config digest snooping 1 18 stp cost 1 20 stp dot1d trap 1 21 stp edged port 1 22 stp loop protection 1 23 stp max hops 1 25 stp mcheck 1 25 stp mode 1 27 stp no agreement check 1 27 stp pathcost standard 1 29 stp point to point 1 30 stp port priority 1 32 stp portlog 1 33 stp portlog all 1 33 stp priority 1 34 stp region configuration 1 35 stp root primary...

Page 228: ...ii stp transmit limit 1 44 vlan mapping modulo 1 45 vlan vpn tunnel 1 46 ...

Page 229: ...ion change multiple spanning tree protocol MSTP does not recalculate spanning trees immediately after the configuration change it does this only after you activate the new MST region related settings or enable MSTP only then will the new settings begin to take effect When you carry out this command MSTP will replace the currently running MST region related parameters with the parameters you have j...

Page 230: ...errors in the protocol state of the BPDU packets In order to avoid this problem you can enable BPDU dropping on Ethernet ports Once the function is enabled on a port the port will not receive or forward any BPDU packets In this way the switch is protected against the BPDU packet attack and the STP calculation correctness is ensured Examples Enable BPDU dropping on Ethernet 1 0 1 Sysname system vie...

Page 231: ...ated MST regions You can use this command to find the MST region the switch currently belongs to or check to see whether or not the MST region related configuration is correct Related commands instance region name revision level vlan mapping modulo active region configuration Examples Display the MST region related configuration Sysname system view System View return to User View with Ctrl Z Sysna...

Page 232: ... specified ports in the order of MSTI ID MSTP state information includes 1 Global CIST parameters Protocol operating mode switch priority in the CIST instance MAC address hello time max age forward delay max hops the common root of the CIST the external path cost for the switch to reach the CIST common root region root the internal path cost for the switch to reach the region root CIST root port o...

Page 233: ... z FORWARDING The port learns MAC addresses and forwards user traffic z DISCARDING The port does not learn MAC addresses or forward user traffic z LEARNING The port learns MAC addresses but does not forward user traffic Protection Protection type of the port which can be one of the following z ROOT Root protection z LOOP Loop protection z BPDU BPDU protection z NONE No protection Display the detai...

Page 234: ...nd external path cost CIST RegRoot IRPC CIST regional root and internal path cost CIST RootPortId CIST root port ID BPDU Protection Indicates whether BPDU protection is enabled globally TC Protection Threshold Indicates whether TC BPDU attack guard function is enabled globally and the maximum times that a switch can remove the MAC address table and ARP entries within each 10 seconds Bridge Config ...

Page 235: ...the port can send which can be legacy or 802 1s Config indicates the configured value and Active indicates the actual value Port Config Digest Snooping Indicates whether digest snooping is enabled on the port Num of Vlans Mapped Number of VLANs mapped to the current MSTI PortTimes Major parameters for the port z Hello Hello timer z MaxAge Max Age timer z FwDly Forward delay timer z MsgAge Message ...

Page 236: ...blocking the port z Root Protected root guard function z Loop Protected loop guard function z Formatcompatibility Protected MSTP BPDU format incompatibility protection function display stp portdown Syntax display stp portdown View Any view Parameters None Description Use the display stp portdown command to display the ports that are shut down by STP guard functions Examples Display the ports that ...

Page 237: ... region configuration including the region name region revision level and VLAN to instance mappings configured for the switch Related commands stp region configuration Examples Display the configuration of the MST region Sysname display stp region configuration Oper Configuration Format selector 0 Region name hello Revision level 0 Instance Vlans Mapped 0 21 to 4094 1 1 to 10 2 11 to 20 Table 1 6 ...

Page 238: ...ds of the display stp root command Field Description MSTID MSTI ID in the MST region Root Bridge ID ID of the root bridge ExtPathCost Cost of the external path from the switch to the root bridge The device can automatically calculate the default path cost of a port or alternatively you can use the stp cost command to configure the path cost of a port IntPathCost Cost of the internal path from the ...

Page 239: ...mand all VLANs that are mapped to the specified MSTI are remapped to the CIST By default all VLANs are mapped to the CIST VLAN to instance mappings are recorded in the VLAN to instance mapping table of an MSTP enabled switch So these two commands are actually used to manipulate the VLAN to instance mapping table You can add remove a VLAN to from the VLAN to instance mapping table of a specific MST...

Page 240: ...e hello reset stp Syntax reset stp interface interface list View User view Parameters interface list Ethernet port list You can specify multiple Ethernet ports by providing this argument in the form of interface list interface type interface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Description Use...

Page 241: ...MSTP revision level along with MST region name and VLAN to instance mapping table determines the MST region which a switch belongs to When the MST region name and VLAN to instance mapping table are both the same for two MST regions you can still tell them apart by their MSTP revision levels Related commands instance region name check region configuration vlan mapping modulo active region configura...

Page 242: ...ks in STP compatible mode RSTP mode or MSTP mode depending on the MSTP mode setting which is configurable with the stp mode command z To control MSTP flexibly you can use the undo stp enable command to disable MSTP on ports that are not intended to take part in spanning tree calculation and thus to save CPU resources z After being enabled MSTP dynamically maintains the spanning tree status of VLAN...

Page 243: ... implement rapid transition But they resume non edge ports automatically upon receiving configuration BPDUs which causes spanning trees recalculation and network topology jitter Normally no configuration BPDU will reach edge ports But malicious users can attack a network by sending configuration BPDUs deliberately to edge ports to cause network jitter You can prevent such attacks by enabling the B...

Page 244: ...idge diameter command to restore the network diameter to the default value By default the network diameter is 7 After you configure the network diameter of a switched network MSTP adjusts its hello time forward delay and max age settings accordingly With the network diameter set to the default value 7 the three time relate settings including hello time forward delay and max age are set to their de...

Page 245: ... to set the mode in which a port recognizes and sends MSTP packets Use the undo stp interface compliance command to restore the default The default mode is auto namely all ports recognize the BPDU format automatically Note that z If the mode is set to auto on a port the port automatically recognizes and resolves the received compatible format BPDUs or 802 1s compliant BPDUs and sends when needed c...

Page 246: ...sable the digest snooping feature Configured in system view the setting takes effect globally configured in interface view the setting takes effect on the current port only z Use the stp interface config digest snooping command in system view to enable the digest snooping feature on specific ports Use the undo stp interface config digest snooping command in system view to disable the digest snoopi...

Page 247: ...y when your switch is connected to another manufacturer s switches adopting proprietary spanning tree protocols z To enable the digest snooping feature the interconnected switches and another manufacturer s switch adopting proprietary spanning tree protocols must be configured with exactly the same MST region related configurations including region name revision level and VLAN to instance mapping ...

Page 248: ... the proprietary standard selected the path cost of an Ethernet port ranges from 1 to 200000 interface list Ethernet port list You can specify multiple Ethernet ports by providing this argument in the form of interface list interface type interface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Descript...

Page 249: ... Ethernet 1 0 2 to Ethernet 1 0 4 in MSTI 2 to 400 in system view Sysname system view System View return to User View with Ctrl Z Sysname stp interface Ethernet 1 0 2 to Ethernet 1 0 4 instance 2 cost 400 stp dot1d trap Syntax stp dot1d instance instance id trap newroot topologychange enable undo stp instance instance id dot1d trap newroot topologychange enable View System view Parameters instance...

Page 250: ...rface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Description z Use the stp edged port enable command to configure the current Ethernet port as an edge port Use the stp edged port disable command to configure the current Ethernet port as a non edge port Use the undo stp edged port command to restore ...

Page 251: ...ect even if you have configured it on the port Examples Configure Ethernet 1 0 1 as an edge port z Configure Ethernet 1 0 1 as an edge port in Ethernet port view Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 stp edged port enable z Configure Ethernet 1 0 1 as an edge port in system view Sysname system view System View return ...

Page 252: ...for a certain period the switch selects a new root port the original root port becomes a designated port and the blocked ports turn to the forwarding state This may cause loops in the network The loop guard function suppresses loops With this function enabled if link congestions or unidirectional link failures happen a root port becomes a designated port and the port turns to the discarding state ...

Page 253: ...iguration BPDU And a switch discards the configuration BPDUs whose remaining hops are 0 After a configuration BPDU reaches a root bridge of a spanning tree in a MST region the value of the remaining hops field in the configuration BPDU is decreased by 1 every time the configuration BPDU passes one switch Such a mechanism disables the switches that are beyond the maximum hops from participating in ...

Page 254: ...cally But when the STP enabled downstream switch is then replaced by an MSTP enabled switch the port cannot automatically transit to the MSTP mode but still remains in the STP compatible mode In this case you can force the port to transit to the MSTP mode by performing the mCheck operation on the port Related commands stp mode Examples Perform the mCheck operation on Ethernet 1 0 1 z Perform the m...

Page 255: ...d to configure an MSTP enabled switch to operate in STP compatible mode z RSTP compatible mode where the ports of a switch send RSTP BPDUs to neighboring devices If RSTP enabled switches exist in a switched network you can use the stp mode rstp command to configure an MSTP enabled switch to operate in RSTP compatible mode z MSTP mode where the ports of a switch send MSTP BPDUs and STP BPDUs if the...

Page 256: ... their states rapidly The rapid transition feature aims to resolve this problem When a 3Com switch 5500 EI running MSTP is connected in the upstream direction to another manufacture s switch adopting proprietary spanning tree protocols you can enable the rapid transition feature on the ports of the switch 5500 EI operating as the downstream switch Among these ports those operating as the root port...

Page 257: ...tandard STP uses path costs to indicate the quality of links A smaller path cost indicates a higher link quality The path cost of a port is related to the rate of the link connecting the port The higher the link rate the smaller the path cost The path cost of a port may vary when different standards are used to calculate it For details see Table 1 8 Table 1 8 Link speeds and the corresponding path...

Page 258: ...d ports on the aggregated link which is measured in 100 Kbps You can use the stp cost command to manually configure the path cost of a port in a specified MSTI For details see stp cost Examples Configure to use the IEEE 802 1D 1998 standard to calculate the default path costs of ports Sysname system view System View return to User View with Ctrl Z Sysname stp pathcost standard dot1d 1998 Configure...

Page 259: ... by default and so MSTP automatically determines the type of the link connected to the current port The rapid transition feature is not applicable to ports on non point to point links If an Ethernet port is the master port of aggregation ports or operates in full duplex mode the link connected to the port is a point to point link You are recommended to let MSTP automatically determine the link typ...

Page 260: ... port priority command to restore the default port priority of the current port in the specified MSTI z Use the stp interface port priority command to set a port priority for the specified ports in the specified MSTI in system view Use the undo stp interface port priority command to restore the default priority of the specified ports in the specified MSTI in system view The default port priority o...

Page 261: ...System view Parameters instance instance id Specifies an MSTI ID ranging from 0 to 16 The value of 0 indicates the CIST Description Use the stp portlog command to enable log and trap message output for the ports of a specified instance Use the undo stp portlog command to disable this function By default log and trap message output is disabled Executing the stp portlog command without using the ins...

Page 262: ...h priority to be set This argument ranges from 0 to 61 440 and must be a multiple of 4 096 such as 0 4 096 and 8 192 There are totally 16 available switch priorities Description Use the stp priority command to set the priority of the switch in the specified MSTI Use the undo stp priority command to restore the switch priority to the default priority in the specified MSTI The default priority of a ...

Page 263: ...ss of the switch z All VLANs are mapped to the CIST in the VLAN to instance mapping table z The MSTP revision level is 0 You can modify the three parameters after entering MST region view by using the stp region configuration command NTDP packets sent by devices in a cluster can be transmitted in only the instances where the management VLAN of the cluster resides Examples Enter MST region view Sys...

Page 264: ...work by using the stp root primary command The switch will then figure out the following three time parameters hello time forward delay and max age As the hello time figured out by the network diameter is not always the optimal one you can set it manually through the hello time centi seconds parameter Generally you are recommended to obtain the forward delay and max age parameters through setting ...

Page 265: ...ondary root bridges for an MSTI If the switch operating as the root bridge fails or is turned off the secondary root bridge with the least MAC address becomes the root bridge You can specify the network diameter and the hello time of the switch when you are configuring it as a secondary root bridge The switch will then figure out the other two time parameters forward delay and max age If the insta...

Page 266: ...n system view By default the root guard function is disabled Because of configuration errors or malicious attacks the valid root bridge in the network may receive configuration BPDUs with their priorities higher than that of the root bridge which causes new root bridge to be elected and network topology jitter to occur In this case flows that should have traveled along high speed links are led to ...

Page 267: ...tection disable command to disable the TC BPDU attack guard function By default the TC BPDU guard attack function is enabled and the MAC address table and ARP entries can be removed for up to six times within 10 seconds Normally a switch removes the MAC address table and ARP entries upon receiving TC BPDUs If a malicious user sends a large amount of TC BPDUs to a switch in a short period the switc...

Page 268: ... upon receiving a TC BPDU and triggers a timer set to 10 seconds by default at the same time Before the timer expires the switch only performs the removing operation for limited times up to six times by default regardless of the number of the TC BPDUs it receives Such a mechanism prevents a switch from being busy in removing the MAC address table and ARP entries You can use the stp tc protection t...

Page 269: ... by the forward delay configured on the root bridge The forward delay setting configured on a root bridge applies to all non root bridges As for the configuration of the three time related parameters namely the hello time forward delay and max age parameters the following formulas must be met to prevent frequent network jitter 2 x forward delay 1 second max age Max age 2 x hello time 1 second You ...

Page 270: ...rs namely the hello time forward delay and max age parameters the following formulas must be met to prevent frequent network jitter 2 forward delay 1 second max age Max age 2 hello time 1 second You are recommended to specify the network diameter of the switched network and the hello time by using the stp root primary or stp root secondary command After that the three proper time related parameter...

Page 271: ...ands stp timer forward delay stp timer hello stp bridge diameter Examples Set the max age to 1 000 centiseconds Sysname system view System View return to User View with Ctrl Z Sysname stp timer max age 1000 stp timer factor Syntax stp timer factor number undo stp timer factor View System view Parameters number Hello time factor to be set in the range of 1 to 10 Description Use the stp timer factor...

Page 272: ...er 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Description z Use the stp transmit limit command to set the maximum number of configuration BPDUs the current port can transmit in each hello time Use the undo stp transmit limit command to restore the maximum number to the default value on the current port z Use the stp interface transmit limit...

Page 273: ... system view System View return to User View with Ctrl Z Sysname stp interface Ethernet 1 0 2 to Ethernet 1 0 4 transmit limit 15 vlan mapping modulo Syntax vlan mapping modulo modulo View MST region view Parameters modulo Modulo by which VLANs are mapped to MSTIs in the range of 1 to 16 Description Use the vlan mapping modulo command to set the modulo by which VLANs are mapped to MSTIs By default...

Page 274: ...ap VLANs to MSTIs with the modulo being 16 Sysname system view System View return to User View with Ctrl Z Sysname stp region configuration Sysname mst region vlan mapping modulo 16 vlan vpn tunnel Syntax vlan vpn tunnel undo vlan vpn tunnel View System view Parameters None Description Use the vlan vpn tunnel command to enable the VLAN VPN tunnel function for a switch Use the undo vlan vpn tunnel ...

Page 275: ...on make sure the links between operator s networks are trunk links z If a fabric port exists on a switch you cannot enable the VLAN VPN function for any port of the switch Examples Enable the VLAN VPN tunnel function for the switch Sysname system view System View return to User View with Ctrl Z Sysname vlan vpn tunnel ...

Page 276: ...ting table statistics protocol 1 12 2 Static Route Configuration Commands 2 1 Static Route Configuration Commands 2 1 delete static routes all 2 1 ip route static 2 2 3 RIP Configuration Commands 3 1 RIP Configuration Commands 3 1 checkzero 3 1 default cost 3 2 display rip 3 2 display rip interface 3 4 display rip routing 3 4 filter policy export 3 5 filter policy import 3 6 host route 3 7 import ...

Page 277: ... 4 18 display ospf nexthop 4 21 display ospf peer 4 22 display ospf request queue 4 25 display ospf retrans queue 4 26 display ospf routing 4 27 display ospf vlink 4 28 filter policy export 4 29 filter policy import 4 30 import route 4 31 log peer change 4 32 multi path number 4 32 network 4 33 nssa 4 34 ospf 4 35 ospf authentication mode 4 36 ospf cost 4 37 ospf dr priority 4 38 ospf mib binding ...

Page 278: ... cost 5 1 apply tag 5 2 display ip ip prefix 5 2 display route policy 5 3 if match acl ip prefix 5 4 if match cost 5 4 if match interface 5 5 if match ip next hop 5 6 if match tag 5 6 ip ip prefix 5 7 route policy 5 8 6 Route Capacity Configuration Commands 6 1 Route Capacity Configuration Commands 6 1 display memory 6 1 display memory limit 6 2 memory 6 3 memory auto establish disable 6 4 memory ...

Page 279: ...l routing information without the specified character string For details about regular expressions refer to Configuration File Management Operation of this manual Description Use the display ip routing table command to display the routing table summary This command displays the summary of the routing table Each line represents one route containing destination address mask length protocol preferenc...

Page 280: ...uting Table public net Destination Mask Protocol Pre Cost Nexthop Interface 4 4 4 0 24 DIRECT 0 0 4 4 4 1 Vlan interface4 Display the routing information without the character string interface4 in the current routing table Sysname display ip routing table exclude interface4 Routing Table public net Destination Mask Protocol Pre Cost Nexthop Interface 1 1 1 0 24 DIRECT 0 0 1 1 1 1 Vlan interface1 1...

Page 281: ...c ACL 2100 1 rule Acl s step is 1 rule 0 permit source 192 168 1 0 0 0 0 255 For details about the display acl command refer to ACL Command Display the information of routes that match ACL 2100 Sysname display ip routing table acl 2100 Routes matched by access list 2100 Summary count 2 Destination Mask Protocol Pre Cost Nexthop Interface 192 168 1 0 24 DIRECT 0 0 192 168 1 2 Vlan interface2 192 16...

Page 282: ...tiveU Retain Gateway Unicast Age 21 34 13 Cost 0 0 Table 1 2 Description on the fields of the display ip routing table command Field Description Destination Destination address Mask Subnet mask Protocol Protocol that discovers the route Preference Route preference Nexthop Next hop to the destination Interface Outbound interface through which data packets are forwarded to the destination network se...

Page 283: ...vise route when advertising routes in accordance with a routing policy NotInstall A NotInstall route cannot be added to the core routing table but may be advertised A route with the highest priority is generally selected from the routing table added to the core routing table and then advertised Reject The routes marked with reject do not guide the router to forward packets as a normal route does T...

Page 284: ...routing table ip address mask This command only displays the routes exactly matching the specified destination address and mask z display ip routing table ip address longer match This command displays all destination address routes matching the specified destination address in the natural mask range z display ip routing table ip address mask longer match This command displays all destination addre...

Page 285: ... displays the verbose information of both active and inactive routes Without this argument provided this command displays the summary of active routes only Description Use the display ip routing table ip address1 ip address2 command to display the route information in the specified destination address range Examples Display the routing information of destination addresses ranging from 1 1 1 0 to 2...

Page 286: ...Pre Cost Nexthop Interface 10 1 1 0 24 DIRECT 0 0 10 1 1 2 Vlan interface1 10 1 1 2 32 DIRECT 0 0 127 0 0 1 InLoopBack0 For descriptions of the above fields see Table 1 1 Display the detailed information of routes in the active or inactive state that match the prefix list abc2 Sysname display ip routing table ip prefix abc2 verbose Routes matched by ip prefix abc2 Active Route Last Active Both Nex...

Page 287: ...ified brief information of only the routes in the active state is displayed Description Use the display ip routing table protocol command to display the route information of a specific protocol Examples Display the summary of all direct connect routes Sysname display ip routing table protocol direct DIRECT Routing tables Summary count 4 DIRECT Routing tables status active Summary count 3 Destinati...

Page 288: ... nodes Routes Number of routes display ip routing table statistics Syntax display ip routing table statistics View Any view Parameters None Description Use the display ip routing table statistics command to display the integrated routing information The integrated routing information includes the total number of routes the number of active routes the number of routes added by protocols and the num...

Page 289: ... display ip routing table verbose Syntax display ip routing table verbose View Any view Parameters None Description Use the display ip routing table verbose command to display the detailed information of a routing table including inactive routes and null routes The information displayed includes route state descriptor statistics of the routing table and detailed information of each route Examples ...

Page 290: ...ield Description Holddown Number of suppressed routes Delete Number of deleted routes Hidden Number of hidden routes reset ip routing table statistics protocol Syntax reset ip routing table statistics protocol all protocol View User view Parameters all Specifies all protocols protocol Specifies a protocol which can be direct ospf ospf_ase ospf_nssa rip or static Description Use the reset ip routin...

Page 291: ...ing table statistics protocol all Display the routing statistics in the IP routing table Sysname display ip routing table statistics Routing tables Proto route active added deleted DIRECT 4 4 0 0 STATIC 0 0 0 0 RIP 0 0 0 0 OSPF 0 0 0 0 O_ASE 0 0 0 0 O_NSSA 0 0 0 0 Total 4 4 0 0 The above information shows that the routing statistics in the IP routing table is cleared ...

Page 292: ...tem view Parameters None Description Use the delete static routes all command to delete all static routes The system will request your confirmation before it deletes all the configured static routes Related commands ip route static display ip routing table Examples Delete all the static routes in the router Sysname system view System View return to User View with Ctrl Z Sysname delete static route...

Page 293: ...or this destination will be discarded and the source host will be informed that the destination is unreachable blackhole Indicates a blackhole route If a static route to a destination is marked with blackhole the outbound interface of this route is the Null 0 interface regardless of the next hop address and all the IP packet addresses destined for this destination are dropped without the source ho...

Page 294: ... the mask are both 0 0 0 0 what you are configuring is a default route All the packets that fail to find a routing entry will be forwarded through this default route z You cannot configure an interface address of the local switch as the next hop address of a static route z You can configure a different preference to implement flexible route management policy Related commands display ip routing tab...

Page 295: ...heck for RIP 1 packets By default RIP 1 performs the must be zero field check According to the protocol RFC 1058 specifications some fields in RIP 1 packets must be zero and these fields are called zero fields You can use the checkzero command to enable disable the must be zero field check for RIP 1 packets When the must be zero field check is enabled if the must be zero field in an incoming RIP 1...

Page 296: ...s from another routing protocol the routes will be redistributed with the default cost specified with the default cost command Related commands import route Examples Redistribute static routes and set the default cost of the redistributed routes to 3 Sysname system view System View return to User View with Ctrl Z Sysname rip Sysname rip import route static Sysname rip default cost 3 display rip Sy...

Page 297: ...1 packets z on Enabled z off Disabled Default cost Default cost for redistributed routes Summary State of the automatic route summarization function z on Enabled z off Disabled Preference RIP preference Period update timer Length of the period update timer in seconds Timeout timer Length of the timeout timer in seconds Garbage collection timer Length of the garbage collection timer in seconds No p...

Page 298: ...ddress of the interface running RIP You need to use the network command to enable the network segment on which the address resides Interface Name of the interface running RIP The IP address of the interface corresponds to that in the Address field Ver Version of RIP running on the interface MetrIn Out Additional metric added when a route is received sent Input Indicates whether to allow the interf...

Page 299: ... Description on the fields of the display rip routing command Field Description Destination Mask Destination address Mask Cost Cost NextHop Net hop address Age Time elapsed after the route is advertised SourceGateway Gateway originating the route Att Attributes of a route z A Active route z I Inactive route z G Working state of the garbage collection timer z C Change state z T Triggered RIP filter...

Page 300: ...going routing information Use the undo filter policy export command to disable RIP from filtering the outgoing routing information Note that if protocol is specified RIP filters only the outgoing routes redistributed from the specified routing protocol Otherwise RIP filters all routes to be advertised By default RIP does not filter advertised routing information Related commands acl filter policy ...

Page 301: ...se the undo filter policy gateway command to disable RIP from filtering the routing information advertised by a specified address Use the filter policy import command to enable RIP to filter the incoming routing information Use the undo filter policy import command to disable RIP from filtering the incoming routing information By default RIP does not filter the received routing information Related...

Page 302: ... routes are redistributed in the range of 1 to 65535 This argument is valid only for ospf ospf ase and ospf nssa value Cost for redistributed routes in the range of 0 16 If no cost is specified when redistributing routes the default cost defined by the default cost command will be used route policy name Name of a routing policy a string of 1 to 19 characters Description Use the import route comman...

Page 303: ...IP runs only on the interface attached to the specified network For an interface not on the specified network RIP neither receives sends routes on it nor forwards interface route through it Therefore you need to specify the network after enabling RIP to validate RIP on a specific interface By default RIP is disabled on all interfaces The differences between the network and rip work commands are as...

Page 304: ...stination 202 38 165 1 Sysname system view System View return to User View with Ctrl Z Sysname rip Sysname rip peer 202 38 165 1 preference Syntax preference value undo preference View RIP view Parameters value Preference level in the range of 1 to 255 Description Use the preference command to configure the preference of RIP routes Use the undo preference command to restore the default By default ...

Page 305: ...s Reset the RIP system configuration Sysname system view System View return to User View with Ctrl Z Sysname rip Sysname rip reset Reset RIP s configuration and restart RIP Y N y rip Syntax rip undo rip View System view Parameters None Description Use the rip command to enable RIP or enter RIP view Use the undo rip command to disable RIP By default the system does not run RIP You must enable RIP a...

Page 306: ...stipulated by RFC2082 rfc2453 Specifies that MD5 cipher text authentication packets will use the packet format stipulated by RFC2453 key string MD5 cipher text authentication key If it is typed in the plain text mode the length does not exceed 16 characters If it is typed in the cipher text mode the length is 24 characters The system will display the MD5 cipher text authentication key with a lengt...

Page 307: ... cipher text authentication with the authentication key of aaa and the packet format of rfc2453 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 10 Sysname Vlan interface10 rip authentication mode md5 rfc2453 aaa rip input Syntax rip input undo rip input View Interface view Parameters None Description Use the rip input command to enable an interface ...

Page 308: ...d on an interface is added to the routing table the additional metric will be added to the route Therefore if you increase the additional metric the metric of RIP routes received on the interface will increase accordingly If the sum of the additional metric and the original metric is greater than 16 the metric of the route will be 16 Related commands rip metricout Examples Set the additional metri...

Page 309: ...stem View return to User View with Ctrl Z Sysname interface Vlan interface 10 Sysname Vlan interface10 rip metricout 2 rip output Syntax rip output undo rip output View Interface view Parameters None Description Use the rip output command to enable an interface to transmit RIP packets Use the undo rip output command to disable an interface from transmitting RIP packets By default all interfaces ex...

Page 310: ...tion needs to be disabled to ensure the correct execution of the protocol So disable the split horizon function only when necessary Examples Disable the split horizon function on the interface VLAN interface 10 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 10 Sysname Vlan interface10 undo rip split horizon rip version Syntax rip version 1 2 broadc...

Page 311: ...RIP 2 broadcast mode RIP 2 multicast mode Table 3 5 Send mode of RIP packets RIP version RIP 1 broadcast packet RIP 2 broadcast packet RIP 2 multicast packet RIP 1 RIP 2 broadcast mode RIP 2 multicast mode Examples Run RIP 2 on the interface VLAN interface 10 and send RIP packets in the broadcast mode Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface ...

Page 312: ... Vlan interface 10 Sysname Vlan interface10 undo rip work summary Syntax summary undo summary View RIP view Parameters None Description Use the summary command to enable RIP 2 automatic route summarization Use the undo summary command to disable RIP 2 automatic route summarization By default RIP 2 automatic route summarization is enabled Route summarization can be used to reduce the routing traffi...

Page 313: ...s that of the Period Update timer Adjusting the Period Update timer will affect the Garbage collection timer The modification of RIP timers is validated immediately As specified in RFC 1058 RIP is controlled by the above three timers z The update timer defines the interval between routing updates z The timeout timer defines the route aging time If no routing update related to a route is received w...

Page 314: ...on is disabled When the number of equivalent routes reaches the upper limit z If this function is enabled the newly learned equivalent route replaces the existing equivalent route in the routing table z If this function is disabled the first aged route entry is replaced by the newly learned route If no route entry is aged the newly learned equivalent route will be dropped Examples Enable traffic t...

Page 315: ...ent is not provided the summary route will be advertised not advertise Specifies not to advertise the summary route Description Use the abr summary command to enable route summarization on an area border router ABR Use the undo abr summary command to disable route summarization on an ABR By default route summarization is disabled on an ABR This command is applicable to ABRs only and is used for ro...

Page 316: ... 42 0 0 255 255 0 0 area Syntax area area id undo area area id View OSPF view Parameters area id ID of an OSPF area which can be a decimal integer ranging from 0 to 4294967295 or in the form of an IP address Description Use the area command to enter OSPF area view Use the undo area command to cancel the specified area Examples Enter OSPF area 0 view Sysname system view System View return to User V...

Page 317: ...the specified network If an NSSA area is configured this command also summarizes the redistributed Type 7 LSAs falling into the specified network If the local router acts as an NSSA ABR this command summarizes Type 5 LSAs translated from Type 7 LSAs falling into the specified network This command does not take effect on non NSSA ABRs Related commands display ospf asbr summary Examples Configure tw...

Page 318: ...ation mode on interfaces When configuring virtual link authentication you can use the authentication mode command to specify the authentication mode as MD5 cipher text or simple text for the backbone area Related commands ospf authentication mode vlink peer Examples Enter area 0 view Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname ospf 1 area 0 Specify the OS...

Page 319: ... reasonably set the default cost of redistributed routes the default interval for redistributing routes and the limit of routes that can be redistributed at one time Examples Set the default cost interval limit tag and type of redistributed routes to 10 20 seconds 300 15 and 1 respectively Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname ospf 1 default cost 10...

Page 320: ... an NSSA ASBR only when a default route is available on the ASBR can the router generate the default route into the attached area Related commands stub nssa Examples Set area 1 to a Stub area and the cost of the default route advertised to this Stub area to 60 Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname ospf 1 area 1 Sysname ospf 1 area 0 0 0 1 network 20...

Page 321: ...e command to generate a default route in the OSPF routing domain Use the undo default route advertise command to disable OSPF from redistributing a default route By default OSPF does not redistribute any default route The import route command cannot redistribute any default route To redistribute the default route to the route area the default route advertise command must be used If the local route...

Page 322: ... Display the information about the OSPF ABRs and ASBRs Sysname display ospf abr asbr OSPF Process 1 with Router ID 1 1 1 1 Routing Table to ABR and ASBR I Intra i Inter A ASBR B ABR S SumASBR Destination Area Cost Nexthop Interface IA 2 2 2 2 0 0 0 0 10 10 153 17 89 Vlan interface1 Table 4 1 Description on the fields of the display ospf abr asbr command Field Description I Intra i Inter A ASBR B A...

Page 323: ...on Description Use the display ospf asbr summary command to display the summary information of OSPF redistributed routes If you do not specify an IP address or subnet mask the summary information of all OSPF redistributed routes will be displayed Related commands asbr summary Examples Display the summary information of all OSPF redistributed routes Sysname display ospf asbr summary OSPF Process 1 ...

Page 324: ...eters process id OSPF process ID in the range of 1 to 65535 If you do not specify a process ID this command applies to all current OSPF processes Description Use the display ospf brief command to display brief OSPF information Examples Display brief OSPF information Sysname display ospf brief OSPF Process 1 with Router ID 7 7 7 7 OSPF Protocol Information RouterID 7 7 7 7 Border Router Nssa Area A...

Page 325: ...ription RouterID Router ID of the router Border Router Whether the router is a border router z Area ABR z AS ASBR z Nssa Area AS NSSA ABR Spf schedule interval Interval of SPF schedule Routing preference OSPF route preference including z Inter Intra Inter area intra area route preference z External External route preference Default ASE parameters Default ASE parameters of OSPF redistributed routes...

Page 326: ... state machine z DOWN No protocol packet is sent or received on the interface z Waiting The interface starts sending and receiving Hello packets and is trying to identify the Backup designated router for the network z PtoP The interface sends Hello packets at the interval of HelloInterval and tries to establish an adjacency with the peer router z DR The router itself is the designated router on th...

Page 327: ...play ospf cumulative OSPF Process 1 with Router ID 1 1 1 1 Cumulations IO Statistics Type Input Output Hello 0 10430 DB Description 0 0 Link State Req 0 0 Link State Update 0 0 Link State Ack 0 0 ASE 0 Checksum Sum 0 LSAs originated by this router Router 180 SumNet 116 LSAs Originated 296 LSAs Received 0 Area 0 0 0 0 Neighbors 0 Interfaces 0 Spf 2 Checksum Sum 15B27 rtr 1 net 0 sumasb 0 sumnet 1 A...

Page 328: ...nated Number of originated LSAs LSAs Received Number of received LSAs generated by other routers Router Number of all Router LSAs SumNet Number of all Sumnet LSAs SumASB Number of all SumASB LSAs Neighbors Number of neighbors in this area Interfaces Number of interfaces in this area Spf Number of SPF computation count in this area Area rtr net sumasb sumnet Number of all LSAs in this area Intra Ar...

Page 329: ...h 0 DD unknown LSA type 0 LS ACK neighbor state low 0 LS ACK wrong ack 0 LS ACK duplicate ack 0 LS ACK unknown LSA type 0 LS ACK ACK length wrong 0 LS REQ neighbor state low 0 LS REQ empty request 0 LS REQ wrong request 0 LS REQ wrong length 0 LS UPD neighbor state low 0 LS UPD newer self generate LSA 0 LS UPD LSA checksum wrong 0 LS UPD received less recent LSA 0 LS UPD unknown LSA type 0 OSPF ro...

Page 330: ... neighbor state LS ACK wrong ack Link state acknowledgment packet ack error LS ACK duplicate ack Link state acknowledgment packet ack duplication LS ACK unknown LSA type Link state acknowledgment packet unknown LSA type LS ACK ACK length wrong Link state acknowledgment packet ACK length error LS REQ neighbor state low Link state request LS REQ packet asynchronous neighbor state LS REQ empty reques...

Page 331: ...signated Router 10 110 10 2 Timers Hello 10 Dead 40 Poll 10 Retransmit 5 Transmit Delay 1 Table 4 6 Description on the fields of the display ospf interface command Field Description Cost Cost of the interface State State of the interface state machine z DOWN No protocol packet is sent or received on the interface z Waiting The interface starts sending and receiving Hello packets and is trying to i...

Page 332: ...ommand applies to all current OSPF processes area id OSPF area ID which can be a decimal integer ranging from 0 to 4294967295 or in the form of an IP address brief Displays brief database information asbr Displays the database information about Type 4 LSAs summary Asbr LSAs ase Displays the database information about the Type 5 LSAs AS external LSAs This argument is unavailable if you have provide...

Page 333: ... Rtr 1 1 1 1 1 1 1 1 449 36 80000004 0 SpfTree Rtr 3 3 3 3 3 3 3 3 429 36 8000000a 0 Clist Net 10 153 18 89 3 3 3 3 429 32 80000003 0 SpfTree SNet 10 153 17 0 1 1 1 1 355 28 80000003 10 Inter List ASB 2 2 2 2 1 1 1 1 355 28 80000003 10 SumAsb List AS External Database Type LinkState ID AdvRouter Age Len Sequence Metric Where ASE 10 153 18 0 1 1 1 1 1006 36 80000002 1 Ase List ASE 10 153 16 0 2 2 2...

Page 334: ...rea reachable to the attached area z Inter List The LSA is in another area z Sum Infinity The LSA is in an unreachable area z Ase List The LSA is outside the AS and is reachable z Ase Infinity The LSA is outside the AS and is unreachable z Nssa List The LSA is in an NSSA z Nssa Infinity The LSA is in an unreachable NSSA Sysname display ospf lsdb ase OSPF Process 1 with Router ID 1 1 1 1 Link State...

Page 335: ...capability z DC On demand link support z N NSSA external LSA support z P Capability of an NSSA ABR to translate Type 7 LSAs into Type 5 LSAs Net mask Network mask E type Type of external route z 1 Type 1 external route z 2 Type 2 external route Forwarding Address Forwarding address Tag Tag display ospf nexthop Syntax display ospf process id nexthop View Any view Parameters process id OSPF process ...

Page 336: ...face to the next hop display ospf peer Syntax display ospf process id peer brief statistics View Any view Parameters process id OSPF process ID in the range of 1 to 65535 If you do not specify a process ID this command applies to all current OSPF processes brief Displays brief information of OSPF neighbors statistics Displays the statistics of OSPF neighbors Description Use the display ospf peer c...

Page 337: ... the initial Database Description DD sequence number z Exchange In this state the router is sending DD packets to the neighbor describing its entire link state database z Loading In this state the router sends Link State Request packets to the neighbor requesting more recent LSAs z Full In this state the neighboring routers are fully adjacent Mode Master Slave mode formed by negotiation in exchang...

Page 338: ... to establish neighbor relation which indicates that OSPF router does not receive the message from a certain neighbor router within a period of time Attempt It is enabled in an NBMA environment such as Frame Relay X 25 or ATM It indicates that OSPF router does not receive the message from a certain neighbor router within a period of time but still attempts to send Hello packet to the adjacent rout...

Page 339: ...and applies to all current OSPF processes Description Use the display ospf request queue command to display the information about the OSPF request queue Examples Display the information about the OSPF request queue Sysname display ospf request queue The Router s Neighbors is RouterID 1 1 1 1 Address 1 1 1 1 Interface 1 1 1 3 Area 0 0 0 0 LSID 1 1 1 3 AdvRouter 1 1 1 3 Sequence 80000017 Age 35 Tabl...

Page 340: ...ess 200 with Router ID 103 160 1 1 Retransmit List The Router s Neighbors is RouterID 162 162 162 162 Address 103 169 2 2 Interface 103 169 2 5 Area 0 0 0 1 Retrans list Type ASE LSID 129 11 77 0 AdvRouter 103 160 1 1 Type ASE LSID 129 11 108 0 AdvRouter 103 160 1 1 Table 4 14 Description on the fields of the display ospf retrans queue command Field Description RouterID ID of a neighbor router Add...

Page 341: ...n Cost Type NextHop AdvRouter Area 10 110 0 0 16 1 Net 10 110 10 1 10 10 10 1 0 0 0 0 10 10 0 0 16 1 Stub 10 10 0 1 3 3 3 3 0 0 0 0 Total Nets 2 Intra Area 2 Inter Area 0 ASE 0 NSSA 0 Table 4 15 Description on the fields of the display ospf routing command Field Description Destination IP address of the destination network Cost Cost of a route Type Type of route NextHop Next hop of route AdvRouter...

Page 342: ...ommand Field Description Virtual link Neighbor id ID of a virtual link neighbor router State State of a neighbor router It can be Down Init Attempt 2 Way Exstart Exchange Loading or Full Cost Route cost of the interface State State of the interface state machine z DOWN No protocol packet is sent or received on the interface z Waiting The interface starts sending and receiving Hello packets and is ...

Page 343: ...onfiguration Description Use the filter policy export command to configure the filtering of outgoing redistributed routes Use the undo filter policy export command to disable such filtering By default filtering of outgoing redistributed routes is not configured In some cases it may be required that only the routing information meeting some conditions can be advertised You can use the filter policy...

Page 344: ...on Description Use the filter policy import command to configure the filtering of incoming routes Use the undo filter policy import command to disable such filtering By default no filtering of incoming routes is configured In some cases it may be required that only the routing information meeting some conditions can be received You can use the filter policy import command to set the matching rules...

Page 345: ...0 to 16777214 and defaults to 1 type value Specifies the type of redistributed routes The type value is 1 or 2 and defaults to 2 tag value Specifies the tag of redistributed routes A tag can be used by a route policy The tag value ranges from 0 to 4294967295 and defaults to 1 Description Use the import route command to redistribute external routes Use the undo import route command to disable impor...

Page 346: ...output log information when a neighbor changes to the Full state or to the Down state Neighbor states include Down Init Attempt 2 Way Exstart Exchange Loading and Full Examples Enable logging of neighbor state changes Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname ospf 1 log peer change multi path number Syntax multi path number value undo multi path number ...

Page 347: ...n Use the network command to enable an interface to run the OSPF protocol Use the undo network command to disable an interface from running OSPF By default the interface does not belong to any area To run OSPF on an interface the master IP address of this interface must be in the range of the network segment specified by this command If only the slave IP address of the interface is in the range of...

Page 348: ...nly when a default route is available on the ASBR can it generate the default route in a Type 7 LSA into the attached area The no import route keyword is usable only on an NSSA ABR that is also the ASBR of the OSPF routing domain It disables redistributed routes from entering the NSSA area but allows them to enter other OSPF areas The no summary keyword is usable only on an NSSA ABR to advertise o...

Page 349: ...figure area 1 as NSSA area Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname ospf 1 area 1 Sysname ospf 1 area 0 0 0 1 network 36 0 0 0 0 255 255 255 Sysname ospf 1 area 0 0 0 1 nssa ospf Syntax ospf process id router id router id undo ospf process id View System view Parameters process id OSPF process ID in the range of 1 to 65535 By default the process ID is ...

Page 350: ...name ospf 120 ospf authentication mode Syntax ospf authentication mode simple password md5 key id key undo ospf authentication mode simple md5 View Interface view Parameters simple Plain authentication md5 MD5 authentication password Password of plain The password argument is a string of up to eight characters key id ID of the authentication key in MD5 authentication mode ranging from 1 to 255 key...

Page 351: ...ation Set the authentication key identifier to 15 and the authentication key to abc Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname ospf 1 area 1 Sysname ospf 1 area 0 0 0 1 network 131 119 0 0 0 0 255 255 Sysname ospf 1 area 0 0 0 1 authentication mode md5 Sysname ospf 1 area 0 0 0 1 quit Sysname ospf 1 quit Sysname interface Vlan interface 10 Sysname Vlan i...

Page 352: ...iority of an interface is 1 The DR election priority of an interface determines the qualification of the interface The interface with a higher priority will be preferred when an election conflict occurs An interface with a DR priority of 0 does not take part in any DR election The priority of a router affects the DR and BDR election However a router that has a higher priority specified after the D...

Page 353: ... View Interface view Parameters None Description Use the ospf mtu enable command to add the interface MTU to the MTU field in DD packets Use the undo ospf mtu enable command to restore the default By default the MTU field in DD packets is 0 That is no interface MTU is added to the MTU field in DD packets The default MTU value in DD packet is 0 You can use this command to add the interface MTU to t...

Page 354: ...i access NBMA If Frame Relay ATM HDLC or X 25 is adopted OSPF defaults the network type to NBMA z Point to Multipoint P2MP OSPF will not default the network type of any link layer protocol to P2MP The general undertaking is to change a partially connected NBMA network to P2MP network z Point to point P2P If PPP LAPB or POS is adopted OSPF defaults the network type to P2P If there is any router not...

Page 355: ...w Parameters seconds Dead interval of the OSPF neighbor It is in seconds and ranges from 1 to 65535 Description Use the ospf timer dead command to configure the dead interval of the OSPF neighbor Use the undo ospf timer dead command to restore the default By default the dead interval is z 40 seconds for the OSPF peers of p2p and broadcast interfaces z 120 seconds for those of p2mp and nbma interfa...

Page 356: ... or nbma Hello packets are periodically sent to find and maintain neighbors and used for DR BDR election The hello seconds value must be identical on interfaces attached to the same network segment Otherwise neighbor relationships cannot be established between routers Related commands ospf timer dead Examples Configure the interval of transmitting Hello messages on the interface VLAN interface 10 ...

Page 357: ...ce20 ospf timer poll 130 ospf timer retransmit Syntax ospf timer retransmit interval undo ospf timer retransmit View Interface view Parameters interval Interval in seconds for retransmitting LSA on an interface It ranges from 1 to 3600 Description Use the ospf timer retransmit command to configure the interval for retransmitting an LSA on an interface Use the undo ospf timer retransmit command to ...

Page 358: ... 1 second Each LSA in the LSDB has an age that is incremented by 1 every second but the age does not change during transmission Therefore it is necessary to add a transmission delay into its age time which is important for low speed networks Examples Set the LSA transmission delay on the interface VLAN interface 10 to 3 seconds Sysname system view System View return to User View with Ctrl Z Sysnam...

Page 359: ...ence ase View OSPF view Parameters value OSPF protocol preference in the range of 1 to 255 ase Indicates the preference of a redistributed external route of the AS Description Use the preference command to configure the preference of the OSPF protocol Use the undo preference command to restore the default By default the preference of an internal OSPF route is 10 and that of an external OSPF route ...

Page 360: ...ly z OSPF configuration before the restart will not lose After this command is issued the system will prompt you to confirm whether to re enable OSPF Examples Reset all the OSPF processes Sysname reset ospf all Reset OSPF process 200 Sysname reset ospf 200 reset ospf statistics Syntax reset ospf statistics all process id View User view Parameters all Clears the statistics of all OSPF processes pro...

Page 361: ... the router ID regardless of whether the interfaces are up or down z A new router ID is selected only after the existing router ID is deleted or modified Other cases for example when the interface with the router ID goes down when a loopback interface address is configured after a non loopback interface address is selected as the router ID or when a greater interface IP address is configured canno...

Page 362: ...terface Examples Disable interface VLAN interface 20 from transmitting OSPF packet Sysname system view System View return to User View with Ctrl Z Sysname ospf 1 Sysname ospf 1 silent interface Vlan interface 20 snmp agent trap enable ospf Syntax snmp agent trap enable ospf process id ifauthfail ifcfgerror ifrxbadpkt ifstatechange iftxretransmit lsdbapproachoverflow lsdboverflow maxagelsa nbrstate...

Page 363: ...efer to the SNMP RMON part in this manual Examples Enable the TRAP function for OSPF process 100 Sysname system view System View return to User View with Ctrl Z Sysname snmp agent trap enable ospf 100 spf schedule interval Syntax spf schedule interval interval undo spf schedule interval View OSPF view Parameters interval SPF calculation interval of OSPF in seconds It ranges from 1 to 10 Descriptio...

Page 364: ...default cost command to configure the default route cost In addition you can specify the no summary argument in the stub command to disable the receiving of Type 3 LSAs by the Stub area connected to the ABR such a stub area is known as a totally stub area Note the following when configuring a totally stub area z The backbone area cannot be a totally stub area z To configure an area as a stub area ...

Page 365: ...irtually linked peer keyid MD5 authentication key ID It ranges from 1 to 255 It must be equal to the authentication key ID of the virtually linked peer key MD5 authentication key If you use simple text authentication key you can input a string containing 1 to 16 characters When you use the display current configuration command to display system information the MD5 authentication key is displayed i...

Page 366: ...mode The router ID of Router A is 10 1 1 1 and that of Router B is 10 1 1 2 z Configure Router A RouterA system view System View return to User View with Ctrl Z RouterA ospf 1 RouterA ospf 1 area 0 0 0 0 authentication mode md5 RouterA ospf 1 area 0 0 0 0 quit RouterA ospf 1 area 10 0 0 0 RouterA ospf 1 area 10 0 0 0 vlink peer 10 1 1 2 md5 3 345 z Configure RouterB RouterB system view System View...

Page 367: ...o remove the configuration By default no cost is applied to routes satisfying matching rules The apply clause is one that sets a cost for the routes satisfying matching rules in a routing policy Related commands if match interface if match acl if match ip prefix if match ip next hop if match cost if match tag route policy apply tag Examples Create a routing policy named policy and node 1 with the ...

Page 368: ...named policy and node 1 with the matching mode being permit Apply the tag 100 to routes matching ACL 2000 Sysname system view System View return to User View with Ctrl Z Sysname route policy policy permit node 1 New sequence of this list Sysname route policy if match acl 2000 Sysname route policy apply tag 100 display ip ip prefix Syntax display ip ip prefix ip prefix name View Any view Parameters...

Page 369: ...limit of subnet mask length of the matched IP address LE Less equal that is upper limit of subnet mask length of the matched IP address display route policy Syntax display route policy route policy name View Any view Parameters route policy name Name of a routing policy a string of up to 19 characters Description Use the display route policy command to display information about routing policies If...

Page 370: ... the range of 2000 to 3999 ip prefix name Name of the IP prefix list used for filtering a string of up to 19 characters Description Use the if match command to match routes permitted by an ACL or IP prefix list Use the undo if match command to remove the configuration By default the if match clause is not configured Related commands if match interface if match ip next hop if match cost if match ta...

Page 371: ...nce of this list Sysname route policy if match cost 8 if match interface Syntax if match interface interface type interface number undo if match interface View Route policy view Parameters interface type interface number Specifies the interface type and interface number Description Use the if match interface command to match routes having the specified outgoing interface Use the undo if match inte...

Page 372: ...s with next hops specified in an ACL or IP prefix list Use the undo if match ip next hop command to remove the matching rule with an ACL Use the undo if match ip next hop ip prefix command to remove the matching rule with an IP prefix list By default no next hop matching rule is defined Related commands if match interface if match acl if match ip prefix if match cost if match tag route policy appl...

Page 373: ...ers It identifies an address prefix list uniquely index number Identifier of an entry in the IP address prefix list in the range 1 to 2047 The entry with a smaller index number will be tested first permit Specifies the match mode of the defined IP prefix entries as permit mode If the permit mode is specified and the IP address to be filtered is in the ip prefix range specified by the entry the ent...

Page 374: ...atch the prefix ranges of these two parts If you specify network len as 0 0 0 0 0 it matches the default route only To match all the routes use 0 0 0 0 0 less equal 32 Examples Define an ip prefix named p1 to permit only the routes whose mask lengths are 17 or 18 on network segment 10 0 192 0 8 to pass Sysname system view System View return to User View with Ctrl Z Sysname ip ip prefix p1 permit 1...

Page 375: ...y clause defines the actions after filtering through this node The filtering relationship between the if match clauses of the node is AND That is all if match clauses of the node must be met The filtering relation between Route policy nodes is OR That is filtering through one node means filtering through this Route policy If the information does not filter through any node it cannot filter through...

Page 376: ...mmands display memory Syntax display memory unit unit id Mode Any view Parameters unit id Unit ID Description Use the display memory command to display the memory usage Examples Display the current memory usage of the switch Sysname display memory Unit 1 System Available Memory bytes 33631488 System Used Memory bytes 16122304 Used Rate 47 The following table describes the fields of the command ...

Page 377: ...ays the current memory limit configuration free memory and state information about connections such as times of disconnection times of reconnection and whether the current state is normal Examples Display the current memory setting and state information Sysname display memory limit Current memory limit configuration information system memory safety 5 MBytes system memory limit 4 MBytes auto establ...

Page 378: ...Its value range depends on the free memory of the current switch This value defaults to 4 Description Use the memory limit limit value command to configure the lower limit of the switch free memory When the free memory of the switch is less than the limit value all the routing protocol connections will be disconnected forcibly Use the memory safety safety value command to configure the safety valu...

Page 379: ... a safety value By default when the free memory of the switch recovers to a safety value connections of all the routing protocols will always recover when the free memory of the switch decreases to a lower limit the connection will be disconnected forcibly After this command is used connections of all the routing protocols will not recover when the free memory of the switch recovers to a safety va...

Page 380: ...lt when the free memory of the switch recovers to a safety value connections of all the routing protocols will always recover when the free memory of the switch decreases to a lower limit the connection will be disconnected forcibly By default this function is enabled Related commands memory auto establish disable memory display memory limit Examples Enable automatic connections of all routing pro...

Page 381: ...ing packet 1 13 multicast source deny 1 14 reset multicast forwarding table 1 15 reset multicast routing table 1 16 unknown multicast drop enable 1 16 2 IGMP Configuration Commands 2 1 IGMP Configuration Commands 2 1 display igmp group 2 1 display igmp interface 2 2 igmp enable 2 3 igmp group limit 2 4 igmp group policy 2 5 igmp group policy vlan 2 6 igmp host join port 2 7 igmp host join vlan 2 8...

Page 382: ...8 source policy 3 19 static rp 3 20 4 MSDP Configuration Commands 4 1 MSDP Configuration Commands 4 1 cache sa enable 4 1 display msdp brief 4 1 display msdp peer status 4 2 display msdp sa cache 4 4 display msdp sa count 4 6 import source 4 7 msdp 4 7 msdp tracert 4 8 originating rp 4 10 peer connect interface 4 11 peer description 4 11 peer mesh group 4 12 peer minimum ttl 4 12 peer request sa e...

Page 383: ... time 5 10 igmp snooping max response time 5 10 igmp snooping nonflooding enable 5 11 igmp snooping querier 5 12 igmp snooping query interval 5 13 igmp snooping router aging time 5 14 igmp snooping query pkt deny 5 14 igmp snooping version 5 15 igmp snooping vlan mapping 5 15 igmp host join port 5 16 igmp host join 5 17 igmp snooping special query source ip 5 18 multicast static group interface 5 ...

Page 384: ... information in all VLANs count Displays the number of static multicast MAC entries Description Use the display mac address multicast static command to display the information about the multicast MAC address entry or entries manually configured on the switch Related commands mac address multicast interface mac address multicast vlan Examples Display the information of all static multicast MAC entr...

Page 385: ...and displays only those forwarding entries that match the specified multicast address otherwise the command displays all the forwarding entries Description Use the display mpm forwarding table command to display the information of multicast forwarding entries containing port information where mpm stands for multicast port management This command displays the incoming interface outgoing interface a...

Page 386: ...ard table contains one S G entry display mpm group Syntax display mpm group vlan vlan id View Any view Parameters vlan vlan id Specifies a VLAN With a VLAN specified this command displays the IGMP group information in the specified VLAN otherwise the command displays the information of all IGMP group entries Description Use the display mpm group command to display the IGMP group entries containing...

Page 387: ... group address Address of the IP multicast group Static host port s Static host ports Dynamic host port s Dynamic host ports MAC group s MAC multicast groups Host port s Member ports of the IP multicast group MAC group address Address of the MAC multicast group Host port s Member ports of the MAC multicast group display multicast forwarding table Syntax display multicast forwarding table group add...

Page 388: ...iption Use the display multicast forwarding table command to display the information of multicast forwarding tables As the multicast forwarding table directly guides the forwarding of multicast traffic you can view the information of the forwarding entries to determine whether a multicast stream is correctly forwarded Related commands display multicast routing table display mpm forwarding table re...

Page 389: ...View Any view Parameters group address Multicast group address in the range of 224 0 0 0 to 239 255 255 255 With this argument provided the command displays the multicast routing entries for the specified multicast group source address Multicast source address With this argument provided the command displays the multicast routing entries for the specified multicast source mask Mask of the multicas...

Page 390: ...imeout in 123 sec Upstream interface Vlan interface1 4 4 4 6 Downstream interface list NULL Matched 3 entries The following table describes the fields in the displayed information Table 1 5 display multicast routing table command output description Field Description Multicast Routing Table Multicast routing table Total 3 entries There are three entries in all in the multicast routing table 4 4 4 4...

Page 391: ...pecified port Related commands multicast source deny Examples Display the multicast source port suppression status of Ethernet 1 0 1 Sysname display multicast source deny interface Ethernet 1 0 1 Ethernet1 0 1 Multicast source deny disabled The information above shows that multicast source port suppression is disabled on Ethernet 1 0 1 mac address multicast interface Syntax mac address multicast m...

Page 392: ...5e0a 0805 and a forwarding port of Ethernet 1 0 1 in VLAN 1 Sysname system view System View return to User View with Ctrl Z Sysname mac address multicast 0100 5e0a 0805 interface Ethernet 1 0 1 vlan 1 mac address multicast vlan Syntax mac address multicast mac address vlan vlan id undo mac address multicast mac address vlan vlan id View Ethernet port view Parameters mac address Multicast MAC addre...

Page 393: ...ich the multicast traffic for 192 168 4 1 G flows to the receivers Sysname mtracert 192 168 4 1 Type Ctrl C to quit multicast traceroute facility From last hop router 192 168 2 2 trace reverse path to source 192 168 4 1 via RPF rules 1 192 168 2 2 Incoming Interface Address 192 168 2 2 Previous Hop Router Address 192 168 2 1 Input packet count on incoming interface 0 Output packet count on outgoin...

Page 394: ... packets arrive Previous hop router address IP address of the router from which this local device receives multicast packets sent by the source Input packet count on incoming interface Total number of multicast packets received on the incoming interface Output packet count on outgoing interface Total number of multicast packets transmitted on the outgoing interface Total number of packets for this...

Page 395: ... routing table currently contains more entries than configured If you execute this command again the new configuration will overwrite the existing configuration Examples Set the maximum number of entries the multicast routing table can hold to 100 Sysname system view System View return to User View with Ctrl Z Sysname multicast route limit 100 multicast routing enable Syntax multicast routing enab...

Page 396: ...rding entries after entry creation By default this function is not enabled Examples Enable the multicast packet buffering feature Sysname system view System View return to User View with Ctrl Z Sysname multicast storing enable multicast storing packet Syntax multicast storing packet packet number View System view Parameters packet number Maximum number of packets that can be buffered per multicast...

Page 397: ...efault the multicast source port suppression feature is disabled on all the ports With the multicast source port suppression feature enabled on a port the port drops all multicast data packets while it permits multicast protocol packets to pass This feature is useful for rejecting multicast traffic from unauthorized multicast source servers connected to the switch z In system view if no port or po...

Page 398: ...h Mask length of the multicast group address or multicast source address For a multicast group address this argument is in the range of 4 to 32 for a multicast source address this argument is in the range of 0 to 32 The system default is 32 in both cases incoming interface interface type interface number Clears the forwarding entries or corresponding statistics information of the forwarding entrie...

Page 399: ...ast source address this argument is in the range of 0 to 32 The system default is 32 in both cases incoming interface interface type interface number Clears the routing entries that match the specified incoming interface Description Use the reset multicast routing table command to clear the routing entries in the multicast core routing table and remove the corresponding forwarding entries in the M...

Page 400: ... undo unknown multicast drop enable command to disable the function of dropping unknown multicast packets By default the function of dropping unknown multicast packets is disabled Examples Enable the unknown multicast drop feature Sysname system view System view return to user view with Ctrl Z Sysname unknown multicast drop enable ...

Page 401: ...displays the IGMP multicast group information about the specified interface Description Use the display igmp group command to display the IGMP multicast group information Without any parameters provided the command displays the information of all IGMP multicast groups Related commands igmp host join Examples Display the information of all IGMP multicast groups on the switch Sysname display igmp gr...

Page 402: ...n all interfaces running IGMP Description Use the display igmp interface command to display the IGMP configuration and running information on the specified interface or all interfaces Examples Display the IGMP configuration and running information on Vlan interface 1 Sysname display igmp interface Vlan interface 1 Vlan interface1 10 153 17 99 IGMP is enabled Current IGMP version is 2 Value of quer...

Page 403: ...ault Value of startup query interval for IGMP in seconds 15 The IGMP startup query interval is 15 seconds default Value of last member query interval for IGMP in seconds 1 The IGMP last member query interval is 1 second default Value of query timeout for IGMP version 1 in seconds 400 The query timeout time for IGMPv1 is 400 seconds default Policy to accept IGMP reports none IGMP multicast group fi...

Page 404: ...rface Vlan interface 10 Sysname Vlan interface10 igmp enable igmp group limit Syntax igmp group limit limit undo igmp group limit View Interface view Parameters limit The maximum number of multicast groups that can be joined on the interface in the range of 0 to 256 Description Use the igmp group limit command to configure the maximum number of multicast groups allowed on the interface The switch ...

Page 405: ...tax igmp group policy acl number 1 2 port interface list undo igmp group policy port interface list View Interface view Parameters acl number Basic ACL number defining a multicast group range The value ranges from 2 000 to 2 999 1 Configures the interface to accept only IGMPv1 report messages 2 Configures the interface to accept only IGMPv2 report messages default port interface list Configures a ...

Page 406: ...ommand is configured but not other VLAN interfaces Examples Configure a multicast group filter on VLAN interface 10 so that the hosts on the subnet attached to the interface can join only multicast group 225 1 1 1 and the interface accepts only IGMPv2 reports Sysname system view System View return to User View with Ctrl Z Sysname acl number 2000 Sysname acl basic 2000 rule permit source 225 1 1 1 ...

Page 407: ...rn to User View with Ctrl Z Sysname acl number 2000 Sysname acl basic 2000 rule permit source 225 1 1 1 0 Sysname acl basic 2000 quit Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 port access vlan 10 Sysname Ethernet1 0 1 igmp group policy 2000 vlan 10 igmp host join port Syntax igmp host join group address port interface list undo igmp host join group address port interface list View Int...

Page 408: ... 10 Sysname Vlan interface10 igmp host join 225 0 0 1 port Ethernet 1 0 1 igmp host join vlan Syntax igmp host join group address vlan vlan id undo igmp host join group address vlan vlan id View Ethernet port view Parameters group address Address of the multicast group to join vlan vlan id Specifies the VLAN to which the port belongs The effective range for vlan id is 1 to 4094 Description Use the...

Page 409: ...lastmember queryinterval command to configure the IGMP last member query interval namely the interval between IGMP group specific queries the IGMP querier sends upon receiving an IGMP leave message Use the undo igmp lastmember queryinterval command to restore the default The IGMP last member query interval is 1 second by default Related commands igmp robust count display igmp interface Examples Se...

Page 410: ...rface 10 Sysname Vlan interface10 igmp max response time 8 igmp proxy Syntax igmp proxy interface type interface number undo igmp proxy View Interface view Parameters interface type interface number Specifies the interface for which the current interface will act as the IGMP proxy interface Description Use the igmp proxy command to configure the current interface as the IGMP proxy interface for an...

Page 411: ...group specific query messages the switch sends upon receiving an IGMP Leave message The effective range is 2 to 5 Description Use the igmp robust count command to configure the IGMP robustness variable Use the undo igmp robust count command to restore the default By default an IGMP querier sends two IGMP group specific query messages after receiving an IGMP Leave message Related commands igmp last...

Page 412: ...ithin the other querier present interval it assumes that the current querier is down and a new querier election process takes place In IGMP version 1 the selection of a querier is determined by the multicast routing protocol In IGMP version 2 the router with the lowest IP address on the shared network segment acts as the querier Related commands igmp timer query display igmp interface Examples Con...

Page 413: ...gmp version 1 2 undo igmp version View Interface view Parameters 1 Specifies IGMP version 1 2 Specifies IGMP version 2 Description Use the igmp version command to specify the version of IGMP to run on the interface Use the undo igmp version command to restore the default The default IGMP version is IGMP version 2 The device cannot automatically switch between different IGMP versions so all the dev...

Page 414: ...ange group mask Mask of the multicast group address 255 255 255 255 by default Description Use the reset igmp group command to clear IGMP multicast group information on the interface The groups removed with this command can be joined again Examples Remove all multicast groups on all the interfaces Sysname reset igmp group all Remove all multicast groups on VLAN interface 10 Sysname reset igmp grou...

Page 415: ...estore the default By default no range limit is configured namely all received messages are considered legal The source keyword in the rule command is translated into BSR address in the bsr policy command Examples Configure a BSR filtering policy on devices to allow only the multicast devices on subnet 101 1 1 1 32 to become BSR Sysname system view System View return to User View with Ctrl Z Sysna...

Page 416: ...fault no C BSR is configured For the configuration of the candidate BSR the larger bandwidth should be guaranteed because a large amount of information will be exchanged between the BSR and other devices in the PIM domain Related commands pim sm Examples Configure VLAN interface 10 on the switch as a C BSR with a priority of 2 and the hash mask length of 24 Sysname system view System View return t...

Page 417: ...Configure VLAN interface 10 of the switch as a C RP which will serve multicast groups 225 0 0 0 to 225 255 255 255 after it wins RP election Sysname system view System View return to User View with Ctrl Z Sysname multicast routing enable Sysname acl number 2000 Sysname acl basic 2000 rule permit source 225 0 0 0 0 255 255 255 Sysname pim Sysname pim c rp vlan interface 10 group policy 2000 crp pol...

Page 418: ...Sysname pim quit Sysname acl number 3000 Sysname acl adv 3000 rule 0 permit source 1 1 1 1 0 destination 225 1 0 0 0 0 255 255 display pim bsr info Syntax display pim bsr info View Any view Parameters None Description Use the display pim bsr info command to display the BSR information Related commands c bsr c rp Examples Display the BSR information Sysname display pim bsr info Current BSR Address ...

Page 419: ...IM configuration information on all interfaces Sysname display pim interface PIM information of VLAN interface 2 IP address of the interface is 10 10 1 20 PIM is enabled PIM version is 2 PIM mode is Sparse PIM query interval is 30 seconds PIM neighbor limit is 128 PIM neighbor policy is none Total 1 PIM neighbor on interface PIM DR designated router is 10 10 1 20 Table 3 2 display pim interface co...

Page 420: ...eighbor information With an interface specified the command displays the PIM neighbor information on the specified interface otherwise the command displays the PIM neighbor information on all interfaces Examples Display the PIM neighbor information on all interfaces Sysname display pim neighbor Neighbor Address Interface Name Uptime Expires 8 8 8 6 VLAN interface10 1637 89 8 8 7 6 VLAN interface11...

Page 421: ...terface Displays multicast routing entries containing the specified incoming interface interface type interface number Specifies an interface by its type and number If you specify null the command displays the multicast routing entries without an incoming interface dense mode Displays PIM DM multicast routing information sparse mode Displays PIM SM multicast routing information Description Use the...

Page 422: ... or PIM DM Flag Flag of S G or G entry in the PIM routing table z SPT The S G entry is on the SPT z RPT The S G or G entry is on the RPT z WC Indicates the G entry z LOC The switch is connected with the multicast source directly Uptime Time when the entry exists Timeout in 197 sec The table entry will expire in 197 seconds Upstream interface Incoming interface Upstream neighbor Upstream neighbor R...

Page 423: ... RP information Examples Display the RP information about all multicast groups Sysname display pim rp info PIM SM RP SET information BSR is 4 4 4 6 Group MaskLen 224 0 0 0 4 RP 4 4 4 6 Version 2 Priority 0 Uptime 00 39 50 Expires 00 01 40 Table 3 5 display pim rp info command output description Field Description PIM SM RP SET information RP Set BSR is IP address of the BSR Group MaskLen Multicast ...

Page 424: ...e pim bsr boundary command to configure the current interface as the BSR service boundary namely the PIM SM domain border Use the undo pim bsr boundary command to remove the configured PIM SM domain border By default no PIM SM domain border is configured on the switch After you use this command to set a PIM SM domain border on an interface no bootstrap message can cross this border in either direc...

Page 425: ...disabled Typically PIM DM should be enabled on all interfaces Before enabling PIM DM you must enable multicast routing first Related commands multicast routing enable Examples Enable PIM DM on VLAN interface 10 Sysname system view System View return to User View with Ctrl Z Sysname multicast routing enable Sysname interface Vlan interface 10 Sysname Vlan interface10 pim dm pim neighbor limit Synta...

Page 426: ... neighbor policy Syntax pim neighbor policy acl number undo pim neighbor policy View Interface view Parameters acl number Basic ACL number in the range of 2 000 to 2 999 Description Use the pim neighbor policy command to configure a PIM neighbor filter on the current interface Use the undo pim neighbor policy command to disable PIM neighbor filtering on the current interface With a PIM neighbor fi...

Page 427: ... disabled Typically PIM SM should be enabled on all interfaces Before enabling PIM SM you must enable multicast routing first Related commands multicast routing enable Examples Enable the PIM SM protocol on VLAN interface 10 Sysname system view System View return to User View with Ctrl Z Sysname multicast routing enable Sysname interface Vlan interface 10 Sysname Vlan interface10 pim sm pim timer ...

Page 428: ...e system view System View return to User View with Ctrl Z Sysname multicast routing enable Sysname interface Vlan interface 10 Sysname Vlan interface10 pim timer hello 40 prune delay Syntax prune delay interval undo prune delay View PIM view Parameters interval Specifies the prune delay interval in seconds in the rage of 1 to 128 Description Use the prune delay command to configure the PIM prune d...

Page 429: ...tering register messages Use the undo register policy command to remove a rule for filtering register messages By default no rule for filtering register messages is configured Examples Configure a rule for filtering register messages on the RP to allow multicast sources in the range of 10 10 0 0 16 to send multicast data to multicast groups in the range of 225 1 0 0 16 Sysname system view System V...

Page 430: ...address mask Mask of the multicast group address or multicast source address 255 255 255 255 by default mask length Mask length of the multicast group address or multicast source address in the range of 0 to 32 The system default is 32 incoming interface Specifies the incoming interface With this keyword provided the command clears the PIM routing entries of which the incoming interface is the spe...

Page 431: ...s the order number of the ACL in the group policy list where order value has an effective range of 1 to the largest order value in the existing group policy list 1 but the value range should not include the original order value of the ACL in the group policy list If you have assigned an order value to a certain ACL do not specify the same order value for another ACL otherwise the system gives erro...

Page 432: ...ty keyword in the spt switch threshold command on a switch that may become an RP namely a static RP or a C RP Examples Disable RPT to SPT switchover on a switch that will never become an RP Sysname system view System View return to User View with Ctrl Z Sysname pim Sysname pim spt switch threshold infinity source lifetime Syntax source lifetime interval undo source lifetime View PIM view Parameter...

Page 433: ...ce and group addresses defined in the ACL rule Use the undo source policy command to remove the configuration If a basic ACL is employed in the command the switch filters all the received multicast data packets as per the defined resource address es Those fail to pass the filtering will be discarded If an advanced ACL is employed in the command the switch filters all the received multicast data pa...

Page 434: ...o configure a static RP Use the undo static rp command to remove the static RP configuration A static RP functions as a backup for the dynamically elected RP to improve network robustness When the RP elected through the BSR mechanism functions the static RP does not take effect The same RP address must be configured on all the devices in the PIM domain The new configuration overwrites the existing...

Page 435: ...nism By default the SA message caching mechanism is enabled With the SA message caching mechanism enabled the switch sends no SA request message to the specified MSDP peer upon receiving a Join message Related commands display msdp sa cache reset msdp sa cache display msdp sa count Examples Disable the SA message caching mechanism Sysname system view System View return to User View with Ctrl Z Sys...

Page 436: ... as client in connecting state z Shutdown Deactivated z Down Connection failed Up Down time Time passed since MSDP peer connection establishment failure AS Number of the autonomous system where the MSDP peer is located indicates that the system was unable to obtain the AS number SA Count The number of S G entries cached in the SA Reset Count Number of MSDP peer connection reset times display msdp ...

Page 437: ... from this peer 0 SA cache maximum for the peer none Input queue size 0 Output queue size 0 Counters for MSDP message Count of RPF check failure 0 Incoming outgoing SA messages 0 0 Incoming outgoing SA requests 0 0 Incoming outgoing SA responses 0 0 Incoming outgoing data packets 0 0 Table 4 2 display msdp peer status command output description Field Description MSDP Peer MSDP peer address AS Numb...

Page 438: ...ding SA Requests status Whether enabled to send an SA request message to the designated MSDP peer upon receiving a new Join message Minimum TTL to forward SA with encapsulated data Minimum TTL of multicast packet encapsulated in SA messages SAs learned from this peer Number of cached SA messages SA cache maximum for the peer Maximum number of SA messages from the specified MSDP peer that can be ca...

Page 439: ...S G entries z If no AS number is specified this command displays the S G entries related to all ASs Examples Display all S G entries in the SA cache Sysname display msdp sa cache MSDP Total Source Active Cache 5 entries Source Group Origin RP Pro AS Uptime Expires 10 10 1 2 225 1 1 1 10 10 10 10 00 00 10 00 05 50 10 10 1 3 225 1 1 1 10 10 10 10 00 00 11 00 05 49 10 10 1 2 225 1 1 2 10 10 10 10 00 ...

Page 440: ...gured Examples Display the number of S G entries in the SA cache Sysname display msdp sa count Number of cached Source Active entries counted by Peer Peer s Address Number of SA 10 10 10 10 5 Number of source and group counted by AS AS Number of source Number of group 100 3 3 Total Source Active entries 5 Table 4 4 display msdp sa count command output description Field Description Number of cached...

Page 441: ...y the S G entries in this domain that need to be advertised when an MSDP peer creates an SA message Use the undo import source command to cancel the configuration By default an SA message advertise any S G entries in the domain In addition you can use the peer sa policy import command or the peer sa policy export command to filter forwarded SA messages Examples Configure the MSDP peer to advertise...

Page 442: ...p tracert Syntax msdp tracert source address group address rp address max hops max hops next hop info sa info peer info skip hops skip hops View Any view Parameters source address Specifies a multicast source address for the tracert operation group address Specifies a multicast group address for the tracert operation rp address IP address of the origin RP max hops Maximum number of hops to be trac...

Page 443: ... max hops Next Hop info Next Hop Router Address 0 0 0 0 SA info Count of SA messages received for this S G RP 0 Count of encapsulated data packets received for this S G RP 0 SA cache entry uptime 00 30 00 SA cache entry expiry time 00 03 32 Peering info Peering Uptime 10 minutes Count of Peering Resets 3 Table 4 5 msdp tracert command output description Field Description Router Address The address...

Page 444: ...try will expire in hours minutes seconds Peering Uptime 10 minutes The time of the peering session between the local switch and a Peer RPF neighbor Count of Peering Resets Count of session resets originating rp Syntax originating rp interface type interface number undo originating rp View MSDP view Parameters interface type interface number Specifies an interface by its type and number Description...

Page 445: ...to remove an MSDP peering connection If an MSDP peer of the switch is a BGP peer to this switch at the same time the same IP address must be used for both the MSDP peering connection and the BGP peering connection Related commands static rpf peer Examples Configure the switch whose IP address is 125 10 7 6 as the MSDP peer of the switch and establish a peering connection with the MSDP peer through...

Page 446: ...tion router CstmrA peer mesh group Syntax peer peer address mesh group name undo peer peer address mesh group View MSDP view Parameters peer address IP address of the MSDP peer to be added into the mesh group name Name of the mesh group case sensitive and containing 1 to 32 characters Description Use the peer mesh group command to add an MSDP peer to a mesh group Use the undo peer mesh group comma...

Page 447: ...y those multicast data packets with a TTL value greater than or equal to 10 can be forwarded to the MSDP peer 110 10 10 1 Sysname system view System View return to User View with Ctrl Z Sysname msdp Sysname msdp peer 110 10 10 1 minimum ttl 10 peer request sa enable Syntax peer peer address request sa enable undo peer peer address request sa enable View MSDP view Parameters peer address Specifies ...

Page 448: ... the specified MSDP peer that the device can cache Use the undo peer sa cache maximum command to restore the default configuration By default the device can cache a maximum of 2 048 S G entries learned from an MSDP peer You are recommended to perform this configuration on all MSDP peers on a network that is vulnerable to DoS attacks Related commands display msdp sa count display msdp peer status d...

Page 449: ...commands peer Examples Configure a filtering rule so that only those SA messages permitted by the ACL 3100 are forwarded to the MSDP peer 125 10 7 6 Sysname system view System View return to User View with Ctrl Z Sysname acl number 3100 Sysname acl adv 3100 rule permit ip source 170 15 0 0 0 0 255 255 destination 225 1 0 0 0 0 255 255 Sysname acl adv 3100 quit Sysname msdp Sysname msdp peer 125 10...

Page 450: ...s in the range of 225 1 1 0 24 and ignore all other SA request messages Sysname system view System View return to User View with Ctrl Z Sysname acl number 2001 Sysname acl basic 2001 rule permit source 225 1 1 0 0 0 0 255 Sysname acl basic 2001 quit Sysname msdp Sysname msdp peer 175 58 6 5 sa request policy acl 2001 reset msdp peer Syntax reset msdp peer peer address View User view Parameters pee...

Page 451: ...icast group 225 5 4 3 from the SA cache Sysname reset msdp sa cache 225 5 4 3 reset msdp statistics Syntax reset msdp statistics peer address View User view Parameters peer address Address of the MSDP peer whose statistics information will be cleared If no MSDP peer address is specified the statistics information of all MSDP peers will be cleared Description Use the reset msdp statistics command t...

Page 452: ...to receive SA messages rp policy ip prefix name Specifies a filtering policy based on RP addresses to filter RPs in SA messages where ip prefix name is the IP address prefix list containing 1 to 19 characters Description Use the static rpf peer command to configure a static RPF peer Use the undo static rpf peer command to remove a static RPF peer By default no static RPF peer is configured If only...

Page 453: ...s peer ip ip prefix Examples Configure a static RPF peer Sysname system view System View return to User View with Ctrl Z Sysname ip ip prefix list1 permit 130 10 0 0 16 greater equal 16 less equal 32 Sysname msdp Sysname msdp peer 130 10 7 6 connect interface Vlan interface 100 Sysname msdp static rpf peer 130 10 7 6 rp policy list1 timer retry Syntax timer retry seconds undo timer retry View MSDP...

Page 454: ... z aging time of multicast member ports z non flooding feature status Related commands igmp snooping igmp snooping router aging time igmp snooping max response time igmp snooping host aging time igmp snooping nonflooding enable Examples Display IGMP Snooping configuration information on the switch Sysname display igmp snooping configuration Enable IGMP Snooping The router port timeout is 105 secon...

Page 455: ...ast static group vlan multicast static router port multicast static router port vlan Examples Display the information about the multicast groups in VLAN 100 Sysname display igmp snooping group vlan 100 Total 1 IP Group s Total 1 MAC Group s Vlan id 100 Total 1 IP Group s Total 1 MAC Group s Static Router port s Ethernet1 0 11 Dynamic Router port s Ethernet1 0 22 IP group s the following ip group s...

Page 456: ... s MAC multicast group MAC group address Address of a MAC multicast group Host port s Member ports display igmp snooping statistics Syntax display igmp snooping statistics View Any view Parameters None Description Use the display igmp snooping statistics command to display IGMP Snooping statistics This command displays the following information the numbers of the IGMP general query messages IGMP g...

Page 457: ...eives z one IGMP general query messages z zero IGMP specific query messages z zero IGMPv1 report messages z three IGMPv2 report messages z zero IGMP leave messages z zero IGMP error packets IGMP Snooping sends z zero IGMP specific query messages igmp snooping Syntax igmp snooping enable disable View System view VLAN view Parameters enable Enables the IGMP Snooping feature disable Disables the IGMP...

Page 458: ...ble IGMP Snooping ok igmp snooping fast leave Syntax igmp snooping fast leave vlan vlan list undo igmp snooping fast leave vlan vlan list View System view Ethernet port view Parameters vlan vlan list Specifies a VLAN list With the vlan list argument you can provide one or more individual VLAN IDs in the form of vlan id and or one or more VLAN ID ranges in the form of vlan id1 to vlan id2 where vla...

Page 459: ...data for that group Examples Enable fast leave processing on Ethernet 1 0 1 in VLAN 2 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 igmp snooping fast leave vlan 2 igmp snooping general query source ip Syntax igmp snooping general query source ip current interface ip address undo igmp snooping general query source ip View VLA...

Page 460: ...roup to replace an existing multicast group with the lowest IP address vlan vlan list Specifies a VLAN list With the vlan list argument you can provide one or more individual VLAN IDs in the form of vlan id and or one or more VLAN ID ranges in the form of vlan id1 to vlan id2 where vlan id2 must be greater than vlan id1 The effective range for a VLAN ID is 1 to 4094 and the total number of individ...

Page 461: ... for a multicast group the configuration of the maximum number of multicast groups that can be joined does not take effect on the port Examples Configure to allow Ethernet 1 0 1 in VLAN 2 to join a maximum of 200 multicast groups Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 igmp snooping group limit 200 vlan 2 igmp snooping ...

Page 462: ...ration performed in Ethernet port view takes effect on the port no matter which VLAN it belongs to if no VLAN is specified if one or more VLANs are specified the configuration takes effect on the port only if the port belongs to the specified VLAN s Examples Configure a multicast group filter to allow receivers attached to Ethernet 1 0 1 to access the multicast streams for groups 225 0 0 0 to 225 ...

Page 463: ...00 to 1 000 Description Use the igmp snooping host aging time command to configure the aging time of multicast member ports Use the undo igmp snooping host aging time command to restore the default aging time By default the aging time of multicast member ports is 260 seconds The aging time of multicast member ports determines the refresh frequency of multicast group members In an environment where...

Page 464: ... User View with Ctrl Z Sysname igmp snooping max response time 15 igmp snooping nonflooding enable Syntax igmp snooping nonflooding enable undo igmp snooping nonflooding enable View System view Parameters None Description Use the igmp snooping nonflooding enable command to enable the IGMP Snooping non flooding function With this function enabled unknown multicast packets are passed to the router p...

Page 465: ...lticast drop enable multicast source deny display multicast source deny Examples Enable IGMP Snooping non flooding after you enable IGMP Snooping globally and disable both port stacking and unknown multicast dropping Sysname system view System View return to User View with Ctrl Z Sysname igmp snooping enable Sysname igmp snooping nonflooding enable igmp snooping querier Syntax igmp snooping querie...

Page 466: ... the interval at which the switch sends IGMP general queries Use the undo igmp snooping query interval command to restore the default By default the IGMP query interval is 60 seconds These commands are effective only after the IGMP Snooping querier feature is enabled Otherwise the switch will not send general queries The configured query interval must be longer than the maximum response time in ge...

Page 467: ...of the router port to 500 seconds Sysname system view System View return to User View with Ctrl Z Sysname igmp snooping router aging time 500 igmp snooping query pkt deny Syntax igmp snooping query pkt deny undo igmp snooping query pkt deny View Ethernet port view Parameters None Description Use the igmp snooping query pkt deny command to disable a port from becoming a router port Use the undo igm...

Page 468: ...mmand to configure the IGMP Snooping version in the current VLAN Use the undo igmp snooping version command to restore the default IGMP Snooping version This command can take effect only if IGMP Snooping is enabled in the VLAN Related commands igmp snooping enable Examples Set IGMP Snooping version to version 3 in VLAN 100 Sysname system view System View return to User View with Ctrl Z Sysname igm...

Page 469: ...t source address only when IGMPv3 Snooping is running in the VLAN port interface list Configures the specified port or ports under the current VLAN interface as simulated member host s for the specified multicast group With the interface list argument you can define one or more individual ports in the form of interface type interface number and or one or more port ranges in the form of interface t...

Page 470: ... vlan10 quit Sysname interface Vlan interface 10 Sysname Vlan interface10 igmp host join 225 0 0 1 port Ethernet 1 0 1 igmp host join Syntax igmp host join group address source ip source address vlan vlan id undo igmp host join group address source ip source address vlan vlan id View Ethernet port view Parameters group address Address of the multicast group to join source address Address of the mu...

Page 471: ...em View return to User View with Ctrl Z Sysname igmp snooping enable Enable IGMP Snooping ok Sysname vlan 1 Sysname vlan1 igmp snooping enable Sysname vlan1 igmp snooping version 3 Sysname vlan1 quit Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 igmp host join 225 0 0 1 source ip 1 1 1 1 vlan 10 igmp snooping special query source ip Syntax igmp snooping special query source ip current int...

Page 472: ...rface view Parameters group address IP address of the multicast group to join in the range of 224 0 0 0 to 239 255 255 255 interface interface list Specifies a port list With the interface list argument you can define one or more individual ports in the form of interface type interface number and or one or more port ranges in the form of interface type interface number1 to interface type interface...

Page 473: ...m 1 to 4094 Description Use the multicast static group vlan command to configure the current port as a static member port for the specified multicast group and specify the VLAN the port belongs to Use the undo multicast static group vlan command to remove the current port in the specified VLAN as a static member port for the specified multicast group By default no port is configured as a static mu...

Page 474: ...rface type interface number View VLAN view Parameters interface type interface number Specifies a port by its type and number Description Use the multicast static router port command to configure the specified port in the current VLAN as a static router port Use the undo multicast static router port command to remove the specified port in the current VLAN as a static router port By default a port ...

Page 475: ... a multicast VLAN nor the specified VLAN the configuration does not take effect z If the current port does not belong to any multicast VLAN but it belongs to the specified VLAN the configuration takes effect in the specified VLAN z If the current port belongs to a multicast VLAN the configuration takes effect only in the multicast VLAN no matter the port belongs to the specified VLAN or not Exampl...

Page 476: ...lated from user VLANs this method also enhances the information security z One port belongs to only one multicast VLAN z The port connected to a user terminal must be a hybrid port z The multicast member port must be in the same multicast VLAN with the router port Otherwise the port cannot receive multicast packets z If a router port is in a multicast VLAN the router port must be configured as a t...

Page 477: ...5 24 Sysname vlan 2 Sysname vlan2 service type multicast ...

Page 478: ...1x version check 1 20 reset dot1x statistics 1 21 2 Quick EAD Deployment Configuration Commands 2 1 Quick EAD Deployment Configuration Commands 2 1 dot1x free ip 2 1 dot1x timer acl timeout 2 2 dot1x url 2 2 3 HABP Configuration Commands 3 1 HABP Configuration Commands 3 1 display habp 3 1 display habp table 3 2 display habp traffic 3 2 habp enable 3 3 habp server vlan 3 4 habp timer 3 4 4 System ...

Page 479: ...ii system guard ip enable 4 5 system guard l3err enable 4 6 system guard tcn enable 4 7 system guard tcn rate threshold 4 7 ...

Page 480: ...hat up to 10 port lists can be provided Description Use the display dot1x command to display 802 1x related information such as configuration information operation information session information and statistics When the interface list argument is not provided this command displays 802 1x related information about all the ports The output information can be used to verify 802 1 x related configurat...

Page 481: ...xy logoff checker is disabled Version Check is disabled The port is an authenticator Authentication Mode is Auto Port Control Type is Port based ReAuthenticate is disabled Max number of on line users is 256 Authentication Success 4 Failed 2 EAPOL Packets Tx 7991 Rx 14 Sent EAP Request Identity Packets 7981 EAP Request Challenge Packets 0 Received EAPOL Start Packets 5 EAPOL LogOff Packets 1 EAP Re...

Page 482: ...mit Period Setting of the Transmission period timer the tx period Handshake Period Setting of the handshake period timer the handshake period ReAuth Period Re authentication interval ReAuth MaxTimes Maximum times of re authentications Quiet Period Setting of the quiet period timer the quiet period Quiet Period Timer is disabled The quiet period timer is disabled here It can also be configured as e...

Page 483: ...Disable means the switch does not checks client version z Enable means the switch checks client version The port is an authenticator The port acts as an authenticator system Authentication Mode is Auto The port access control mode is Auto Port Control Type is Mac based The access control method of the port is MAC based That is supplicant systems are authenticated based on their MAC addresses ReAut...

Page 484: ... port only after 802 1x is enabled both globally and on the port z The settings of 802 1x and MAC address learning limit are mutually exclusive Enabling 802 1x on a port will prevent you from setting the limit on MAC address learning on the port and vice versa z The settings of 802 1x and aggregation group member are mutually exclusive Enabling 802 1x on a port will prevent you from adding the por...

Page 485: ...user names are transmitted rather than passwords Therefore this method is safer In EAP authentication a switch authenticates supplicant systems by encapsulating 802 1x authentication information in EAP packets and sending the packets to the RADIUS server instead of converting the packets into RADIUS packets before forwarding to the RADIUS server You can use EAP authentication in one of the four su...

Page 486: ...w Ethernet port view Parameters vlan id VLAN ID of a guest VLAN in the range 1 to 4094 interface list Ethernet port list in the form of interface list interface type interface number to interface type interface number 1 10 in which interface type specifies the type of an Ethernet port and interface number is the number of the port The string 1 10 means that up to 10 port lists can be provided Desc...

Page 487: ... because the switch does not send authentication request packets in this case Examples Configure the switch to operate in the port based authentication mode Sysname system view System View return to User View with Ctrl Z Sysname dot1x port method portbased Enable the guest VLAN function for all the ports Sysname dot1x guest vlan 1 dot1x handshake Syntax dot1x handshake enable undo dot1x handshake ...

Page 488: ...aking function Sysname system view System View return to User View with Ctrl Z Sysname dot1x handshake enable dot1x handshake secure Syntax dot1x handshake secure undo dot1x handshake secure View Ethernet port view Parameters None Description Use the dot1x handshake secure command to enable the handshaking packet protection function protecting the device against attacks from fake clients Use the u...

Page 489: ...of the port The string 1 10 means that up to 10 port lists can be provided Description Use the dot1x max user command to set the maximum number of users an Ethernet port can accommodate Use the undo dot1x max user command to revert to the default maximum user number By default a port can accommodate up to 256 users In system view z If you do not provide the interface list argument these two comman...

Page 490: ...ort list in the form of interface list interface type interface number to interface type interface number 1 10 in which interface type specifies the type of an Ethernet port and interface number is the number of the port The string 1 10 means that up to 10 port lists can be provided Description Use the dot1x port control command to specify the access control mode for specified Ethernet ports Use t...

Page 491: ... based authentication mode the users connected to the port are authenticated separately Thus log off of a user will not affect other users z In port based authentication mode all the users connected to the port can access the network without being authenticated if a user among them passes the authentication When the user logs off the network is inaccessible to all other supplicant systems too z Ch...

Page 492: ...of the user By default the quiet period timer is disabled Related commands display dot1x dot1x timer Examples Enable the quiet period timer Sysname system view System View return to User View with Ctrl Z Sysname dot1x quiet period dot1x retry Syntax dot1x retry max retry value undo dot1x retry View System view Parameters max retry value Maximum number of times that a switch sends authentication re...

Page 493: ...max retry version value Maximum number of times that a switch sends version request packets to a user This argument ranges from 1 to 10 Description Use the dot1x retry version max command to set the maximum number of times that a switch sends version request packets to a user Use the undo dot1x retry version max command to revert to the default value By default a switch sends version request packe...

Page 494: ...ed Description Use the dot1x re authenticate command to enable 802 1x re authentication on specific ports or on all ports of the switch Use the undo dot1x re authenticate command to disable 802 1x re authentication on specific ports or on all ports of the switch By default 802 1x re authentication is disabled on all ports In system view z If you do not specify the interface list argument this comm...

Page 495: ...rface number 1 10 in which interface type specifies the type of an Ethernet port and interface number is the number of the port The string 1 10 means that up to 10 port lists can be provided Description Use the dot1x supp proxy check command to enable 802 1x proxy checking for specified ports Use the undo dot1x supp proxy check command to disable 802 1x proxy checking for specified ports By defaul...

Page 496: ... client to ask the latter to disable the use of multiple network adapters proxies and IE proxy after the user passes the authentication z The 802 1x proxy checking function needs the cooperation of H3C s 802 1x client program z The proxy checking function takes effect only after the client version checking function is enabled on the switch using the dot1x version check command Related commands dis...

Page 497: ...cket if it does not receive the response from the RADIUS server when this timer times out The server timeout value argument ranges from 100 to 300 in seconds By default the RADIUS server timer is set to 100 seconds supp timeout supp timeout value Sets the supplicant system timer This timer sets the supp timeout period and is triggered by the switch after the switch sends a request challenge packet...

Page 498: ...sired way you can use the dot1x timer command to set the timers as needed This may be necessary in some special situations or in tough network environments Normally the defaults are recommended Note that some timers cannot be adjusted Related commands display dot1x Examples Set the RADIUS server timer to 150 seconds Sysname system view System View return to User View with Ctrl Z Sysname dot1x time...

Page 499: ...1x version check command to enable 802 1x client version checking for specified Ethernet ports Use the undo dot1x version check command to disable 802 1x client version checking for specified Ethernet ports By default 802 1x client version checking is disabled on all the Ethernet ports In system view z If you do not provide the interface list argument these two commands apply to all the ports of t...

Page 500: ...iption Use the reset dot1x statistics command to clear 802 1x related statistics To retrieve the latest 802 1x related statistics you can use this command to clear the existing 802 1x related statistics first When you execute this command If the interface list argument is not specified this command clears the global 802 1x statistics and the 802 1x statistics on all the ports If the interface list...

Page 501: ...s in the range 0 to 32 Description Use the dot1x free ip command to configure a free IP range A free IP range is an IP range that users can access before passing 802 1x authentication Use the undo dot1x free ip command to remove a specified free IP range or all free IP ranges By default no free IP range is configured z You must configure the URL for HTTP redirection before configuring a free IP ra...

Page 502: ...dot1x configuration commands Examples Set the ACL timeout period to 40 minutes Sysname system view System View return to User View with Ctrl Z Sysname dot1x timer acl timeout 40 dot1x url Syntax dot1x url url string undo dot1x url View System view Parameters url string URL for HTTP redirection in the format of http x x x x Description Use the dot1x url command to configure the URL for HTTP redirec...

Page 503: ...2 3 System View return to User View with Ctrl Z Sysname dot1x url http 192 168 19 23 ...

Page 504: ...tion HABP Mode Server Sending HABP request packets every 20 seconds Bypass VLAN 2 Table 3 1 Description on the fields of the display habp command Field Description HABP Mode Indicates the HABP mode of the switch A switch can operate as an HABP server displayed as Server or an HABP client displayed as Client Sending HABP request packets every 20 seconds The HABP request packet transmission interval...

Page 505: ...isplay habp table command Field Description MAC MAC addresses contained in the HABP MAC address table Holdtime Hold time of the entries in the HABP MAC address table An entry is removed from the table if it is not updated in a period determined by the hold time Receive Port The port from which a MAC address is learned display habp traffic Syntax display habp traffic View Any view Parameters None D...

Page 506: ...ets with version errors Sent failed Number of the HABP packets that failed to be sent habp enable Syntax habp enable undo habp enable View System view Parameters None Description Use the habp enable command to enable HABP for a switch Use the undo habp enable command to disable HABP for a switch By default HABP is enabled on a switch If an 802 1x enabled switch does not have HABP enabled it cannot...

Page 507: ... enabled the habp server vlan command cannot take effect Examples Specify the switch to operate as an HABP server and the HABP packets to be broadcast in VLAN 2 Assume that HABP is enabled Sysname system view System View return to User View with Ctrl Z Sysname habp server vlan 2 habp timer Syntax habp timer interval undo habp timer View System view Parameters interval Interval in seconds to send H...

Page 508: ...3 5 Examples Configure the switch to send HABP request packets once in every 50 seconds Sysname system view System View return to User View with Ctrl Z Sysname habp timer 50 ...

Page 509: ...ed times of aging time 3 Number of suspicious hosts that can be detected 30 Number of suspicious hosts detected 0 Table 4 1 Description on the fields of the display system guard ip state command Field Description System guard IP is running System Guard against IP attacks is running IP record threshold Threshold of the number of IP addresses that can be learnt within 10 seconds Deny threshold The m...

Page 510: ...stem guard ip record M Master port of link aggregation Index Source IP Destination IP Port 1 000 000 000 000 000 000 000 000 0 0 0 2 000 000 000 000 000 000 000 000 0 0 0 3 000 000 000 000 000 000 000 000 0 0 0 4 000 000 000 000 000 000 000 000 0 0 0 5 000 000 000 000 000 000 000 000 0 0 0 Table 4 2 Description on the fields of the display system guard ip record command Field Description Index Ind...

Page 511: ... Description Use the display system guard tcn state command to view the status of TCN Examples View the status of TCN System Guard Sysname display system guard tcn state System guard TCN state enabled system guard ip detect maxnum Syntax system guard ip detect maxnum number undo system guard ip detect maxnum View System view Parameters number Maximum number of hosts that can be monitored in the ra...

Page 512: ...he range of 1 to 100 record times threshold Maximum number of times an IP address must be hit before an action can be taken in the range of 1 to 10 isolate time Isolation time in the range of 3 to 100 After System Guard takes an action on an suspected IP address the system will wait isolate time before it learns destination address es again for that source IP address Description Use the system gua...

Page 513: ...dress aging time Sysname system view System View return to User View with Ctrl Z Sysname system guard ip detect threshold 50 3 5 system guard ip enable Syntax system guard ip enable undo system guard ip enable View System view Parameters None Description Use the system guard ip enable command to enable System Guard against IP attacks Use the undo system guard ip enable command to disable System Gu...

Page 514: ...ayer 3 error control feature disabled the switch delivers all Layer 3 packets which the switch considers to be error packets including IP packets with the options field to the CPU for further processing With the Layer 3 error control feature enabled the switch directly discards all Layer 3 packets which the switch considers to be error packets without delivering them to the CPU In normal situation...

Page 515: ...ARP entries from being frequently deleted by STP or RSTP in addition when the TCN TC packet rate exceeds the preset threshold proper measures can be taken based on the output trap and log information By default this feature is disabled Examples Enable System Guard against TCN attacks Sysname system view System View return to User View with Ctrl Z Sysname system guard tcn enable system guard tcn ra...

Page 516: ... trap or log information by default if more than 10 TCN TC packets are received within 10 seconds If the TCN TC packet receiving rate is lower than the set threshold within a 10 second monitoring cycle the system will not send trap or log information in the next 10 second monitoring cycle Examples Sets the threshold of TCN TC receiving rate to 20 pps Sysname system view System View return to User ...

Page 517: ...er 1 15 idle cut 1 16 level 1 17 local user 1 18 local user password display mode 1 19 messenger 1 20 name 1 20 password 1 21 radius scheme 1 22 scheme 1 23 self service url 1 24 service type 1 25 state 1 26 vlan assignment mode 1 27 RADIUS Configuration Commands 1 29 accounting optional 1 29 accounting on enable 1 30 calling station id mode 1 31 data flow format 1 32 display local server statisti...

Page 518: ...nse timeout 1 58 user name format 1 59 HWTACACS Configuration Commands 1 60 data flow format 1 60 display hwtacacs 1 61 display stop accounting buffer 1 62 hwtacacs nas ip 1 62 hwtacacs scheme 1 63 key 1 64 nas ip 1 65 primary accounting 1 65 primary authentication 1 66 primary authorization 1 67 reset hwtacacs statistics 1 68 reset stop accounting buffer 1 69 retry stop accounting 1 69 secondary ...

Page 519: ...iii ...

Page 520: ...t ISP domain The max user number argument ranges from 1 to 2 072 Description Use the access limit command to set the maximum number of access users that can be contained in current ISP domain Use the undo access limit command to restore the default setting By default there is no limit on the number of access users in an ISP domain Because resource contention may occur among access users there is a...

Page 521: ...ent ISP domain Use the undo accounting command to cancel the accounting scheme configuration for current ISP domain By default no separate accounting scheme is configured for an ISP domain When you use the accounting command to reference a RADIUS or HWTACACS scheme in current ISP domain the RADIUS or HWTACACS scheme must already exist The accounting command takes precedence over the scheme command...

Page 522: ... it will not disconnect the user as long as the accounting optional command has been executed z The accounting optional command is commonly used in the cases where only authentication is needed and accounting is not needed z If you configure the accounting optional command in ISP domain view it is effective to all users in the domain if you configure it in RADIUS scheme view it is effective to use...

Page 523: ...ing the user to a remote port you must use nas ip ip address to specify a remote access server IP address When binding the user to a local port you need not use nas ip ip address port port number Sets the port to which you want to bind the user Here port number is in the format of device ID slot number port number the device ID ranges from 1 to 8 the slot number ranges from 0 to 15 if the bound po...

Page 524: ... name local command the local scheme is used as the secondary authentication scheme in case no RADIUS server is available That is if the communication between the switch and a RADIUS server is normal no local authentication will be performed otherwise local authentication will be performed z If you execute the authentication hwtacacs scheme hwtacacs scheme name local command the local scheme is us...

Page 525: ...entication radius scheme rd local authentication super Syntax authentication super hwtacacs scheme hwtacacs scheme name undo authentication super View ISP domain view Parameters hwtacacs scheme name Name of the HWTACACS authentication scheme a string of 1 to 32 characters Description Use the authentication super command to specify a HWTACACS authentication scheme for user level switching in the cu...

Page 526: ...r hwtacacs scheme ht authorization Syntax authorization none hwtacacs scheme hwtacacs scheme name undo authorization View ISP domain view Parameters none Specifies not to use any authorization scheme hwtacacs scheme hwtacacs scheme name Specifies to use an HWTACACS scheme Here hwtacacs scheme name is the name of an HWTACACS scheme it is a string of up to 32 characters Description Use the authoriza...

Page 527: ...as the VLAN descriptor Description Use the authorization vlan command to specify an authorized VLAN for a local user A user passing the authentication of the local RADIUS server can access network resources in the authorized VLAN Use the undo authorization vlan command to remove the configuration By default no authorized VLAN is specified for a local user For local RADIUS authentication to take ef...

Page 528: ...t number ip ip address Cuts down all user connections with a specified IP address mac mac address Cuts down the user connection with a specified MAC address Here mac address is in H H H format radius scheme radius scheme name Cuts down all user connections using a specified RADIUS scheme Here radius scheme name is a string of up to 32 characters vlan vlan id Cuts down all user connections of a spe...

Page 529: ...e form of H H H radius scheme radius scheme name Displays all user connections using a specified RADIUS scheme Here radius scheme name is a string of up to 32 characters hwtacacs scheme hwtacacs scheme name Displays all user connections using a specified RADIUS scheme Here hwtacacs scheme name is a string of up to 32 characters vlan vlan id Displays all user connections of a specified VLAN Here vl...

Page 530: ...000 04 03 02 52 22 Online 00h00m29s On Unit 1 Total 1 connections matched 1 listed Total 1 connections matched 1 listed Here Port NO 0x10003001 means by the binary bits Table 1 1 Description of the Port NO field 31 to 28 bit 27 to 24 bit 23 to 20 bit 19 to 12 bit 11 to 0 bit UNIT ID Slot number Sub slot number Port number VLAN ID display domain Syntax display domain isp name View Any view Paramete...

Page 531: ...or block Scheme AAA scheme that the domain uses Access Limit Maximum number of local user connections in the domain Vlan assignment mode VLAN assignment mode which can be Integer or String Domain User Template Domain user template settings that is attribute settings for all users in the domain Idle Cut Status of the idle cut function Self service URL Self service URL for password changing Messenge...

Page 532: ... can specify one of the following user types ftp lan access generally this type of users are Ethernet access users for example 802 1x users ssh telnet and terminal this type of user is a terminal user who logs into the switch through the Console port state active block Displays the local users in a specified state Here active represents the users allowed to request network services and block repre...

Page 533: ...s Current AccessNum Number of current access users Bind location Whether or not bound to a port Vlan ID VLAN of the user Authorization VLAN Authorized VLAN of the user IP address IP address of the user MAC address MAC address of the user domain Syntax domain isp name default disable enable isp name undo domain isp name View System view Parameters isp name Name of an ISP domain a string of up to 12...

Page 534: ...ou execute the domain command the system creates a new ISP domain if the specified ISP domain does not exist Once an ISP domain is created it is in the active state You can manually specify an ISP domain as the default domain only when the specified domain already exists Related commands access limit scheme state display domain Examples Create a new ISP domain named aabbcc net Sysname system view ...

Page 535: ...me that contains multiple the first will be used as the domain delimiter z If you have configured to use as the delimiter the must not appear more than once in the username If is the delimiter the username must not contain any Related commands domain Examples Specify as the delimiter between the username and the ISP domain name Sysname system view Enter system view return to user view with Ctrl Z ...

Page 536: ...ame domain aabbcc net New Domain added Sysname isp aabbcc net idle cut enable 50 500 level Syntax level level undo level View Local user view Parameters level Privilege level to be set for the user It is an integer ranging from 0 to 3 Description Use the level command to set the privilege level of the user The privilege level of the user corresponds to the command level of the user For detailed in...

Page 537: ...ot be longer than 128 characters If the username includes one or more characters and the last is followed by numerals it must be followed by at least five numerals to avoid confusion This is because any username longer than 16 characters will appear in the form of system prompt the first 15 characters of the username 4 digit index in the view prompt to avoid word wrap all Specifies all local users...

Page 538: ...rce Adopts the forcible cipher mode so that all local users the passwords will be displayed in cipher text auto Adopts the automatic mode so that each local user s password will be displayed in the mode you have set for the user by the password command Description Use the local user password display mode command to set the password display mode of all local users Use the undo local user password d...

Page 539: ...ple of 5 Description Use the messenger time enable command to enable the messenger function and set the related parameters Use the messenger time disable command to disable the messenger function Use the undo messenger time command to restore the messenger function to its default state By default the messenger function is disabled on the switch The purpose of this function is to remind online user...

Page 540: ...name of VLAN 100 to test Sysname system view System View return to User View with Ctrl Z Sysname vlan 100 Sysname vlan100 name test password Syntax password simple cipher password undo password View Local user view Parameters simple Specifies the password in plain text cipher Specifies the password in cipher text password Password to be set z For simple mode the password you input must be a plain ...

Page 541: ...as a password in plain text Related commands display local user Examples Set the password of user1 to 20030422 and specify to display the password in plain text Sysname system view System View return to User View with Ctrl Z Sysname local user user1 New local user added Sysname luser user1 password simple 20030422 radius scheme Syntax radius scheme radius scheme name View ISP domain view Parameter...

Page 542: ... reference a RADIUS scheme in current ISP domain the referenced RADIUS scheme must already exist z If you execute the scheme radius scheme radius scheme name local command the local scheme is used as the secondary scheme in case no RADIUS server is available That is if the communication between the switch and a RADIUS server is normal no local authentication is performed otherwise local authentica...

Page 543: ...rk If the actual URL of the self service server contains a question mark you should change it to an elect bar Description Use the self service url enable command to enable the self service server location function Use the self service url disable command to disable the self service server location function Use the undo self service url command to restore the default state of this function By defau...

Page 544: ... is an FTP user lan access Specifies that this is a LAN access user who is generally an Ethernet access user for example 802 1x user telnet Authorizes the user to access the Telnet service ssh Authorizes the user to access the SSH service terminal Authorizes the user to access the terminal service that is allows the user to log into the switch through the Console port level level Specifies the lev...

Page 545: ...urrent local user in local user view By default an ISP domain local user is in the active state once it is created After an ISP domain is set to the block state except for online users users in this domain are inhibited from accessing the network After a local user is set to the block state the user is inhibited from accessing the network unless the user is already online Related commands domain l...

Page 546: ...nteger If the RADIUS authentication server assigns integer type of VLAN IDs you can set the VLAN assignment mode to integer on the switch this is also the default mode on the switch Then upon receiving an integer ID assigned by the RADIUS authentication server the switch adds the port to the VLAN whose VLAN ID is equal to the assigned integer ID If no such a VLAN exists the switch first creates a ...

Page 547: ... VLAN ID assigned by the RADIUS server is a character string containing only digits for example 1024 the switch first regards it as an integer VLAN ID the switch transforms the string to an integer value and judges if the value is in the valid VLAN ID range if it is the switch adds the authenticated port to the VLAN with the value as the VLAN ID VLAN 1024 for example Related commands name Examples...

Page 548: ...ver when it performs accounting for an online user it will not disconnect the user as long as the accounting optional command has been executed This command is commonly used in the cases where only authentication is needed and accounting is not needed z This configuration takes effect only on the ISP domains using this RADIUS scheme z If you configure the accounting optional command in ISP domain ...

Page 549: ...tion at restart function is disabled The purpose of this function is to solve this problem users cannot re log into the switch after the switch restarts because they are regarded as already online After this function is enabled every time the switch restarts it sends an Accounting On message to the RADIUS server to tell the server that it has restarted and ask the server to log out its users The f...

Page 550: ...age any more z After configuring the accounting on enable command you need to execute the save command so that the command can take effect when the switch restarts z This function requires the cooperation of the H3C CAMS system Related commands nas ip Examples Enable the user re authentication at restart function for the RADIUS scheme named radius1 Sysname system view System View return to User Vi...

Page 551: ... in uppercase Sysname system view System View return to User View with Ctrl Z Sysname radius scheme system Sysname radius system calling station id mode mode2 uppercase data flow format Syntax data flow format data byte giga byte kilo byte mega byte packet giga packet kilo packet mega packet one packet undo data flow format View RADIUS scheme view Parameters data Sets the data unit of outgoing RAD...

Page 552: ...Radius scheme Sysname radius radius1 data flow format data kilo byte packet kilo packet display local server statistics Syntax display local server statistics View Any view Parameters None Description Use the display local server statistics command to display the RADIUS message statistics about local RADIUS server Related commands local server Examples Display the RADIUS message statistics about l...

Page 553: ... 1813 Auth Server Encryption Key Not configured Acct Server Encryption Key Not configured Accounting method required Accounting On packet enable send times 15 interval 3s TimeOutValue in second 3 RetryTimes 3 RealtimeACCT in minute 12 Permitted send realtime PKT failed counts 5 Retry sending times of noresponse acct stop PKT 500 Quiet interval min 5 Username format without domain Data flow unit By...

Page 554: ...se timeout time RetryTimes Maximum number of transmission attempts of a RADIUS request RealtimeACCT in minute Real time accounting interval in minutes Permitted send realtime PKT failed counts maximum allowed number of continuous real time accounting failures Retry sending times of noresponse acct stop PKT Maximum number of transmission attempts of the buffered stop accounting requests Quiet inter...

Page 555: ...Line 0 Stop 0 StateErr 0 Received and Sent packets statistic Unit 1 Sent PKT total 0 Received PKT total 0 RADIUS received packets statistic Code 2 Num 0 Err 0 Code 3 Num 0 Err 0 Code 5 Num 0 Err 0 Code 11 Num 0 Err 0 Running statistic RADIUS received messages statistic Normal auth request Num 0 Err 0 Succ 0 EAP auth request Num 0 Err 0 Succ 0 Account request Num 0 Err 0 Succ 0 Account off request ...

Page 556: ...ser name user name View Any view Parameters radius scheme radius scheme name Displays the buffered stop accounting requests of a specified RADIUS scheme Here radius scheme name is a string of up to 32 characters session id session id Displays the buffered stop accounting requests of a specified session Here session id is a string of up to 50 characters time range start time stop time Displays the ...

Page 557: ...he request and transmit the buffered one until the maximum number of transmission attempts set by the retry stop accounting command is reached Related commands reset stop accounting buffer stop accounting buffer enable retry stop accounting Examples Display the buffered stop accounting requests generated from 0 0 0 08 31 2002 to 23 59 59 08 31 2002 Sysname display stop accounting buffer time range...

Page 558: ...the accounting shared key you set on the switch must be respectively consistent with the shared key on the authentication authorization server and the shared key on the accounting server Related commands primary accounting primary authentication radius scheme Examples Set hello as the shared key for RADIUS authentication authorization messages in RADIUS scheme radius1 Sysname system view System Vi...

Page 559: ...DIUS services Sysname system view System View return to User View with Ctrl Z Sysname local server enable local server nas ip Syntax local server nas ip ip address key password undo local server nas ip ip address View System view Parameters nas ip ip address Specifies the IP address of a network access server NAS that can use the local RADIUS services Here ip address is in dotted decimal notation ...

Page 560: ...ou cannot set the 802 1x authentication method as eap by using the dot1x authentication method eap command Related commands radius scheme state local server enable Examples Allow the local RADIUS server to provide services to NAS 10 110 1 2 with shared key aabbcc Sysname system view System View return to User View with Ctrl Z Sysname local server nas ip 10 110 1 2 key aabbcc nas ip Syntax nas ip i...

Page 561: ...1 1 primary accounting Syntax primary accounting ip address port number undo primary accounting View RADIUS scheme view Parameters ip address IP address of the primary accounting server to be used in dotted decimal notation port number UDP port number of the primary accounting server ranging from 1 to 65535 Description Use the primary accounting command to set the IP address and port number of the...

Page 562: ...fault IP address and port number of the primary RADIUS authentication authorization server which are 0 0 0 0 and 1812 respectively In the system default RADIUS scheme system the default IP address of the primary authentication authorization server is 127 0 0 1 and the default UDP port number is 1645 In a new RADIUS scheme the default IP address of the primary authentication authorization server is...

Page 563: ... Use the radius client enable command to enable RADIUS authentication and accounting ports Use the undo radius client command to disable RADIUS authentication and accounting ports By default RADIUS authentication and accounting ports are enabled If you want to use the switch as a RADIUS client you need to ensure that the ports for RADIUS authentication and accounting are open Otherwise you can dis...

Page 564: ...ew and the configuration in RADIUS scheme view takes precedence over that in system view Note that z You can set the source IP address of outgoing RADIUS messages to avoid messages returned from RADIUS server from being unable to reach their destination due to physical interface trouble It is recommended to use a Loopback interface address as the source IP address z You can set only one source IP ...

Page 565: ...ent to interact with the RADIUS servers You should first create a RADIUS scheme and enter its view before performing RADIUS protocol configurations z A RADIUS scheme can be referenced by multiple ISP domains simultaneously z The undo radius scheme command cannot delete the default RADIUS scheme In addition you are not allowed to delete a RADIUS scheme which is being used by an online user Related ...

Page 566: ...ing server turns down By default this function is disabled This configuration takes effect on all RADIUS scheme The switch considers a RADIUS server as being down if it has tried the configured maximum number of times to send a message to the RADIUS server but does not receive any response Examples Enable the switch to send trap messages when a RADIUS authentication server turns down Sysname syste...

Page 567: ...rated within a specified time period Here start time is the start time of the time period stop time is the end time of the time period and both are in the format of hh mm ss mm dd yyyy or hh mm ss yyyy mm dd user name user name Deletes the buffered stop accounting requests of a specified user Here user name is the name of a user which is a string of up to 184 characters Description Use the reset s...

Page 568: ... if it gets no response from the RADIUS server after the server response timeout timer expires If the switch gets no answer after it has tried the maximum number of times to transmit a RADIUS request the switch considers that the request fails z Appropriately setting this maximum number of transmission attempts according to your network situation can improve the reacting speed of the system Relate...

Page 569: ...ultiple times in an accounting attempt the maximum number of transmission attempts is set by the retry command in RADIUS scheme view If no response is received after the switch tries the maximum number of attempts to send the request the switch considers the accounting fails Suppose that the response timeout time of RADIUS server is three seconds set by the timer response timeout command the maxim...

Page 570: ...ical to billing and will eventually affect the charges of users they are important to both users and ISPs Therefore the switch should do its best to transmit them to RADIUS accounting servers When getting no response to such a request the switch should first buffer the request on itself and then retransmit the request to the RADIUS accounting server until it gets a response or the maximum number o...

Page 571: ...P address and UDP port number of the secondary accounting server for RADIUS scheme radius1 to 10 110 1 1 and 1813 respectively Sysname system view System View return to User View with Ctrl Z Sysname radius scheme radius1 New Radius scheme Sysname radius radius1 secondary accounting 10 110 1 1 1813 secondary authentication Syntax secondary authentication ip address port number undo secondary authen...

Page 572: ...o support H3C s RADIUS server which is generally a CAMS that is use the procedure and message format of private RADIUS protocol to interact with an H3C s RADIUS server standard Specifies to support standard RADIUS server that is use the procedure and message format of a standard RADIUS protocol RFC 2865 2866 or above to interact with a standard RADIUS server Description Use the server type command...

Page 573: ...ndary servers authentication authorization servers or accounting servers in a RADIUS scheme note that z When the switch fails to communicate with the primary server due to some server trouble the switch will turn to the secondary server and exchange messages with the secondary server z After the primary server remains in the block state for a set time set by the timer quiet command the switch will...

Page 574: ... billing and will eventually affect the charges they are important to both users and ISPs Therefore the switch should do its best to transmit them to RADIUS accounting servers When getting no response to such a request the switch should first buffer the request on itself and then retransmit the request to the RADIUS accounting server until it gets a response or the maximum number of transmission a...

Page 575: ...DIUS servers and the corresponding timer in the switch system is called the response timeout timer of RADIUS servers You can use the timer command to set the timeout time of this timer and if the switch gets no answer before the response timeout timer expires it needs to retransmit the request to ensure that the user can obtain RADIUS service z Appropriately setting the timeout time of this timer ...

Page 576: ... with Ctrl Z Sysname radius scheme radius1 New Radius scheme Sysname radius radius1 timer quiet 10 timer realtime accounting Syntax timer realtime accounting minutes undo timer realtime accounting View RADIUS scheme view Parameters minutes Real time accounting interval in minutes It ranges from 3 to 60 and must be a multiple of 3 Description Use the timer realtime accounting command to set the rea...

Page 577: ...etry realtime accounting radius scheme Examples Set the real time accounting interval of RADIUS scheme radius1 to 51 minutes Sysname system view System View return to User View with Ctrl Z Sysname radius scheme radius1 New Radius scheme Sysname radius radius1 timer realtime accounting 51 timer response timeout Syntax timer response timeout seconds undo timer response timeout View RADIUS scheme vie...

Page 578: ...e system view System View return to User View with Ctrl Z Sysname radius scheme radius1 New Radius scheme Sysname radius radius1 timer response timeout 5 user name format Syntax user name format with domain without domain View RADIUS scheme view Parameters with domain Specifies to include ISP domain names in the usernames to be sent to RADIUS server without domain Specifies to exclude ISP domain n...

Page 579: ...es from the usernames to be sent to RADIUS server in RADIUS scheme radius1 Sysname system view System View return to User View with Ctrl Z Sysname radius scheme radius1 New Radius scheme Sysname radius radius1 user name format without domain HWTACACS Configuration Commands data flow format Syntax data flow format data byte giga byte kilo byte mega byte data flow format packet giga packet kilo pack...

Page 580: ...statistics View Any view Parameters hwtacacs scheme name HWTACACS scheme name a string of 1 to 32 characters This name is case insensitive If this argument is not specified the system displays information about all HWTACACS schemes statistics Displays statistics about one or all HWTACACS schemes Description Use the display hwtacacs command to display configuration or statistics information of one ...

Page 581: ...counting buffer hwtacacs scheme hwtacacs scheme name View Any view Parameters hwtacacs scheme hwtacacs scheme name Displays the buffered stop accounting requests of a specified HWTACACS scheme Here hwtacacs scheme name is a string of up to 32 characters Description Use the display stop accounting buffer command to display stop accounting requests buffered in the switch Related commands reset stop ...

Page 582: ...al interface trouble It is recommended to use a Loopback interface address as the source IP address z You can specify only one source IP address by using this command When you re execute this command again the newly set source IP address will overwrite the old one Related commands nas ip Examples Configure the switch to use source address 129 10 10 1 for outgoing HWTACACS messages Sysname system v...

Page 583: ...on Sets a shared key for HWTACACS authentication messages authorization Sets a shared key for HWTACACS authorization messages string Shared key to be set a string of up to 16 characters Description Use the key command to configure a shared key for HWTACACS authentication authorization or accounting messages Use the undo key command to delete such a configuration By default no key is set for HWTACA...

Page 584: ...m server from being unable to reach their destination due to physical interface trouble It is recommended to use a Loopback interface address as the source IP address z You can set only one source IP address by using this command When you re execute this command again the newly set source IP address will overwrite the old one Related commands display hwtacacs Examples Set source IP address 10 1 1 ...

Page 585: ...t z You are not allowed to set the same IP address for both primary and secondary accounting servers If you do this your setting will fail z If you re execute the command the new setting will overwrite the old one z You can remove an accounting server setting only when there is no active TCP connection that is sending accounting messages to the server Examples Set the IP address and UDP port numbe...

Page 586: ...ing will fail z If you re execute the command the new setting will overwrite the old one z You can remove an authentication server setting only when there is no active TCP connection that is sending authentication messages to the server Related commands display hwtacacs Examples Set the IP address and UDP port number of the primary authentication server for HWTACACS scheme hwt1 to 10 163 155 13 an...

Page 587: ...TCP connection that is sending authorization messages to the server Related commands display hwtacacs Examples Set the IP address and UDP port number of the primary authorization server for HWTACACS scheme hwt1 to 10 163 155 13 and 49 respectively Sysname system view System View return to User View with Ctrl Z Sysname hwtacacs scheme hwt1 Sysname hwtacacs hwt1 primary authorization 10 163 155 13 4...

Page 588: ...aracters Description Use the reset stop accounting buffer command to clear stop accounting requests that are buffered on the switch due to getting no response Related commands stop accounting buffer enable retry stop accounting display stop accounting buffer Examples Delete the stop accounting requests buffered for HWTACACS scheme hwt1 Sysname reset stop accounting buffer hwtacacs scheme hwt1 retr...

Page 589: ...ing ip address port undo secondary accounting View HWTACACS scheme view Parameters ip address IP address of the secondary accounting server to be used a valid unicast address in dotted decimal notation port Port number of the secondary accounting server ranging from 1 to 65535 Description Use the secondary accounting command to set the IP address and port number of the secondary HWTACACS accountin...

Page 590: ...nd port number of the secondary HWTACACS authentication server to be used by the current scheme Use the undo secondary authentication command to restore the default IP address and port number of the secondary HWTACACS authentication server which are 0 0 0 0 and 49 respectively Note that z You are not allowed to set the same IP address for both primary and secondary authentication servers If you do...

Page 591: ...efault IP address and port number of the secondary HWTACACS authorization server which are 0 0 0 0 and 49 respectively Note that z You are not allowed to set the same IP address for both primary and secondary authorization servers z If you re execute the command the new setting will overwrite the old one z You can remove an authorization server setting only when there is no active TCP connection t...

Page 592: ...wait 10 minutes before it tries to restore the status of the primary server to active Sysname system view System View return to User View with Ctrl Z Sysname hwtacacs scheme hwt1 Sysname hwtacacs hwt1 timer quiet 10 timer realtime accounting Syntax timer realtime accounting minutes undo timer realtime accounting View HWTACACS scheme view Parameters minutes Real time accounting interval in minutes ...

Page 593: ... as possible when the number of users is relatively great 1000 The following table lists the recommended intervals for different numbers of users Table 1 7 Numbers of users and recommended intervals Number of users Real time accounting interval 1 to 99 3 100 to 499 6 500 to 999 12 1000 15 Examples Set the real time accounting interval in HWTACACS scheme hwt1 to 51 minutes Sysname system view Syste...

Page 594: ...30 user name format Syntax user name format with domain without domain View HWTACACS scheme view Parameters with domain Specifies to include ISP domain names in the usernames to be sent to TACACS server without domain Specifies to exclude ISP domain names from the usernames to be sent to TACACS server Description Use the user name format command to set the format of the usernames to be sent to TAC...

Page 595: ... in more than one ISP domain Otherwise such errors may occur the TACACS server regards two different users having the same name but belonging to different ISP domains as the same user because the usernames sent to it are the same Related commands hwtacacs scheme Examples Specify to exclude ISP domain names from the usernames to be sent to TACACS server in HWTACACS scheme hwt1 Sysname system view S...

Page 596: ...ove one specified or all security policy server address settings You can configure up to eight security policy server addresses in each RADIUS scheme The switch only responds to those session control messages that come from authentication server or security policy server Examples Set a security policy server address 192 168 0 1 on the switch Sysname system view System View return to User View with...

Page 597: ...2 2 security policy server 192 168 0 1 user name format without domain ...

Page 598: ...ntication authmode usernameasmacaddress 1 6 mac authentication authmode usernamefixed 1 6 mac authentication authpassword 1 7 mac authentication authusername 1 8 mac authentication domain 1 8 mac authentication timer 1 9 reset mac authentication 1 9 MAC Address Authentication Enhanced Function Configuration Commands 1 10 mac authentication guest vlan 1 10 mac authentication max auth num 1 11 mac a...

Page 599: ...multiple Ethernet ports by providing this argument in the form of interface list interface type interface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Description Use the display mac authentication command to display information about MAC address authentication Examples Display the global information ...

Page 600: ...led Authentication mode Username type used in the MAC address authentication z UsernameFixed Uses the fixed username for authentication z UsernameAsMacAddress Uses the MAC address of a user as the username for authentication The default is the MAC address UsernameAsMacAddress Fixed password Meaning of this field varies by the username type for MAC address authentication z If the username type is M...

Page 601: ...d the switch sets the user to be in quiet state During quiet period the switch does not process the authentication request of this user Ethernet1 0 1 is link up The link connected to Ethernet1 0 1 port is up MAC address authentication is Enabled MAC address authentication is enabled for Ethernet1 0 1 port max auth num Maximum number of MAC address authentication users that the port can accommodate...

Page 602: ...eing executed in Ethernet port view the mac authentication command enables MAC address authentication on the current port To make the MAC address authentication take effect you must enable MAC address authentication globally and on the relevant ports You can configure MAC address authentication on a port before enabling it globally However the configuration will not take effect unless MAC address ...

Page 603: ...s By default MAC address authentication is disabled on a port z This command is essential for MAC address authentication to work on a port or on particular ports after MAC address authentication is globally enabled z You cannot configure the maximum number of dynamic MAC address entries for a port through the mac address max mac count command with MAC address authentication enabled Likewise you ca...

Page 604: ... password for MAC address authentication as the specified fixed password instead of user MAC addresses password is a string of 1 to 63 characters Description Use the mac authentication authmode usernameasmacaddress command to set the username type for MAC address authentication to MAC address and specify the username format Use the undo mac authentication authmode command to restore the default us...

Page 605: ... mac authentication authmode usernamefixed mac authentication authpassword Syntax mac authentication authpassword password undo mac authentication authpassword View System view Parameters password Password to be set a string comprising 1 to 63 characters Description Use the mac authentication authpassword command to set a password for MAC address authentication when the user name in fixed mode is ...

Page 606: ...me system view System View return to User View with Ctrl Z Sysname mac authentication authusername vipuser mac authentication domain Syntax mac authentication domain isp name undo mac authentication domain View System view Parameters isp name ISP domain name a string of 1 to 128 characters Note that this argument cannot be null and cannot contain these characters and Description Use the mac authen...

Page 607: ...60 After a user fails to pass the authentication performed by a switch the switch quiets for a specific period the quiet period before it authenticates the user again server timeout value Server timeout timer setting in seconds This argument ranges from 1 to 65 535 and defaults to 100 During authentication the switch prohibits a user from accessing the network if the connection between the switch ...

Page 608: ...cation Enhanced Function Configuration Commands mac authentication guest vlan Syntax mac authentication guest vlan vlan id undo mac authentication guest vlan View Ethernet port view Parameters vlan id ID of the guest VLAN configured for the current port This argument is in the range of 1 to 4 094 Description Use the mac authentication guest vlan command to configure a guest VLAN for the current po...

Page 609: ...thentication cannot be enabled for a port configured with a Guest VLAN z The Guest VLAN function for MAC address authentication does not take effect when port security is enabled Related commands mac authentication timer guest vlan reauth Examples Configure VLAN 4 as the Guest VLAN for Ethernet 1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 S...

Page 610: ...imum number of MAC address authentication users allowed to access Ethernet 1 0 2 to 100 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 2 Sysname Ethernet1 0 2 mac authentication max auth num 100 mac authentication timer guest vlan reauth Syntax mac authentication timer guest vlan reauth interval undo mac authentication timer guest vlan reauth View Sy...

Page 611: ...les Configure the switch to re authenticate users in Guest VLANs at the interval of 60 seconds Sysname system view System View return to User View with Ctrl Z Sysname mac authentication timer guest vlan reauth 60 ...

Page 612: ...ntication connection 1 2 web authentication customize 1 3 web authentication cut connection 1 5 web authentication enable 1 6 web authentication free ip 1 6 web authentication free user 1 7 web authentication max connection 1 8 web authentication select method 1 9 web authentication timer idle cut 1 9 web authentication timer max online 1 10 web authentication web server 1 11 ...

Page 613: ...entication configuration information Sysname display web authentication configuration Status enabled Web Server IP 30 1 1 2 Port 80 Idle cut time 900 sec Max online time 1800 sec Max connection of device is 512 Customized authentication page information Corp Name 3Com Corporation Platform Name A leading global supplier of IP based products and solutions Phone Num 1 800 876 3266 Email address relat...

Page 614: ...ee user information Interface Configuration Configuration information about Web authentication enabled ports Interface_number Index of a Web authentication enabled port method User access method on the port Shared or Designated max connection Maximum number of online users allowed on the port display web authentication connection Syntax display web authentication connection all interface interface...

Page 615: ...orm name file all View System view Parameters corp name Specifies the company name to be displayed on Web authentication pages corporation text Company name a string of 1 to 64 characters that can contain spaces email Specifies the E mail address to be displayed on Web authentication pages email string E mail address a string of 1 to 64 characters that can contain spaces If it contains spaces it m...

Page 616: ...Web authentication pages Examples Customize information to be displayed on Web authentication pages as follows z Company name 3Com Corporation z E mail mailto relations 3com com z Phone number 1 800 876 3266 z Subject A leading global supplier of IP based products and solutions Sysname system view System View return to User View with Ctrl Z Sysname web authentication customize corp name 3Com Corpo...

Page 617: ...pecifies an user by the user s MAC address user name user name Specifies a user by the user s name which is a string of 1 to 184 characters interface type interface number Specifies all users on a port Description Use the web authentication cut connection command to forcibly log out the specified or all users Examples Forcibly log out all online users on Ethernet 1 0 2 Sysname system view System V...

Page 618: ...features is enabled and vice versa 802 1x MAC authentication port security port aggregation and XRN Examples Enable Web authentication globally Sysname system view System View return to User View with Ctrl Z Sysname web authentication web server ip 192 168 0 56 port 80 Sysname web authentication enable web authentication free ip Syntax web authentication free ip ip address mask length mask undo we...

Page 619: ... free ip 10 1 1 0 24 web authentication free user Syntax web authentication free user ip ip address mac mac address undo web authentication free user ip ip address mac mac address all View System view Parameters ip address IP address of a user mac address MAC address of the user in the format of H H H for example 000d 88f6 44c1 all Deletes all authentication free user settings Description Use the ...

Page 620: ...aximum number of online Web authentication users on the port in the range of 1 to 128 Description Use the web authentication max connection command to set the maximum number of online Web authentication users on the device or on the current port When this threshold is reached no more users can pass the Web authentication on the device or port If configured in port view this command can be configur...

Page 621: ... Web authentication users to be online at the same time z designated In this mode the port allows only one Web authentication user to be online at a time This configuration takes effect only when Web authentication is enabled globally If Web authentication is not enabled globally this configuration will only be saved Note You are not allowed to enable Web authentication on a port if z The port is ...

Page 622: ...he system logs off the user You are recommended to set the interval to a value that is greater than half of the MAC address entry aging time but less than the MAC address entry aging time Examples Set the idle user checking interval to 500 seconds for Web authentication Sysname system view System View return to User View with Ctrl Z Sysname web authentication timer idle cut 500 web authentication ...

Page 623: ...number Port number of the Web authentication server It ranges from 1 to 50000 with 80 as the default Description Use the web authentication web server ip command to set the IP address and port number of the Web authentication server which will be used for Web authentication of users Use the undo web authentication web server command to restore the default By default no Web authentication server IP...

Page 624: ...statistics 1 3 reset vrrp statistics 1 4 vrrp method 1 5 vrrp ping enable 1 6 vrrp vlan interface vrid track 1 6 vrrp vrid authentication mode 1 7 vrrp vrid preempt mode 1 8 vrrp vrid priority 1 9 vrrp vrid timer advertise 1 10 vrrp vrid track interface 1 11 vrrp vrid track detect group 1 12 vrrp vrid virtual ip 1 13 ...

Page 625: ... verbose command to display the detailed VRRP state information refer to Table 1 2 for details z If you do not specify a VLAN interface or a VRRP group the command will display the state information of all VRRP groups on the switch z If you specify a VLAN interface only the command will display the state information of all VRRP groups on the specified VLAN interface z If you specify both a VLAN in...

Page 626: ...play vrrp verbose Run Method VIRTUAL MAC Virtual Ip Ping Disable Interface Vlan interface1 VRID 1 Adver Timer 1 Admin Status UP State Master Config Pri 100 Run Pri 100 Preempt Mode YES Delay Time 0 Auth Type NONE Virtual IP 192 168 0 133 Virtual MAC 0000 5e00 0101 Master IP 192 168 0 68 Table 1 2 Description on the fields of the display vrrp verbose command Field Description Run Method Current VRR...

Page 627: ...ion Use the display vrrp statistics command to display the VRRP statistics information of VRRP group s Refer to Table 1 3 for the displayed information z If neither a VLAN interface nor a VRRP group is specified the statistics information about all the VRRP groups on the switch is displayed z If only a VLAN interface is specified the statistics information about all the VRRP groups on the specifie...

Page 628: ...entication types Auth Type Mismatch Number of mismatched authentication types Packet Length Errors Number of VRRP packet length errors Address List Errors Number of the virtual IP address list errors Become Master Number of the occasions where the current switch operates as the master Priority Zero Pkts Rcvd Number of the received VRRP advertisements with the priority of 0 Advertise Rcvd Number of...

Page 629: ...l mac undo vrrp method View System view Parameters real mac Maps the real MAC address of the switch to the virtual IP address of the VRRP group virtual mac Maps the virtual MAC address of the VRRP group to the virtual IP address of the VRRP group Description Use the vrrp method command to configure the MAC Virtual IP address mapping for VRRP groups You can configure to map the real MAC address of ...

Page 630: ...onfigured before any VRRP group is created If a VRRP group already exists on the switch you are not allowed to execute the command Examples Enable a VRRP group to respond to ping packets destined for its virtual router IP address Sysname system view System View return to User View with Ctrl Z Sysname vrrp ping enable vrrp vlan interface vrid track Syntax vrrp vlan interface vlan id vrid virtual ro...

Page 631: ...king function configured on the IP address owner cannot take effect z The port to be tracked can be in the VLAN whose VLAN interface has the VRRP group configured z Up to eight ports can be tracked simultaneously Examples Configure that the priority of the switch decreases by 50 if its Ethernet 1 0 1 port fails Sysname system view Sysname vlan 2 Sysname vlan2 port Ethernet1 0 1 Sysname vlan2 quit ...

Page 632: ...r all the VRRP groups on an interface This is determined by the protocol which defines that all the VRRP groups on an interface share the same authentication type and authentication key Besides all the members joining the same VRRP group should also share the same authentication type and authentication key Examples Set the authentication type of VRRP group 1 on VLAN interface 2 to simple and the a...

Page 633: ...VRRP group Setting a preemption delay period aims at z In an unstable network backups in a VRRP group possibly cannot receive VRRP advertisements from the master in time due to network congestions This causes the master of the VRRP group to be determined frequently In this case the backup considers itself as the master and sends out VRRP advertisements to elect the master This causes the master of...

Page 634: ... it can work properly Examples Set the priority to 120 on VLAN interface 2 for the switch in the VRRP group Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 2 Sysname Vlan interface2 vrrp vrid 1 priority 120 vrrp vrid timer advertise Syntax vrrp vrid virtual router id timer advertise adver interval undo vrrp vrid virtual router id timer advertise Vie...

Page 635: ...ses This argument ranges from 1 to 255 and defaults to 10 Description Use the vrrp vrid track interface command to set a VLAN interface to be tracked Use the undo vrrp vrid track interface command to disable a VLAN interface from being tracked The VLAN interface tracking function extends the use of the backup function With this function enabled on a switch the backup function can take effect not o...

Page 636: ...ority decreases This argument ranges from 1 to 255 and defaults to 10 Description Use the vrrp vrid track detect group command to enable the auto detect function when employing VRRP Use the undo vrrp vrid track detect group command to disable the auto detect implementation in VRRP The auto detect result of the detected group can control the priority of a switch in a VRRP group In this way the auto...

Page 637: ...ured Description Use the vrrp vrid virtual ip command to create a VRRP group and configure the virtual IP address for the VRRP group or add a virtual IP address to the virtual IP address list of an existing VRRP group You can add up to 16 virtual IP addresses for a VRRP group Use the undo vrrp vrid virtual ip command to remove an existing VRRP group or remove a virtual IP address from the virtual ...

Page 638: ...em View return to User View with Ctrl Z Sysname interface Vlan interface 2 Sysname Vlan interface2 vrrp vrid 1 virtual ip 10 10 10 10 Add a virtual IP address to an existing VRRP group Sysname Vlan interface2 vrrp vrid 1 virtual ip 10 10 10 11 Remove a virtual IP address from a VRRP group Sysname Vlan interface2 undo vrrp vrid 1 virtual ip 10 10 10 10 Remove a VRRP group Sysname Vlan interface2 un...

Page 639: ...arp detection enable 2 1 arp detection trust 2 2 arp filter source 2 3 arp filter binding 2 3 arp max learning num 2 4 arp protective down recover enable 2 5 arp protective down recover interval 2 5 arp rate limit 2 6 arp rate limit enable 2 7 arp restricted forwarding enable 2 7 display arp detection statistics interface 2 8 ip source static import dot1x 2 9 3 Proxy ARP Configuration Commands 3 1...

Page 640: ...the undo arp check enable command to disable the ARP entry checking function With the ARP entry checking function enabled the switch cannot learn any ARP entry with a multicast MAC address Configuring such a static ARP entry is not allowed either otherwise the system prompts error information After the ARP entry checking function is disabled the switch can learn the ARP entry with a multicast MAC ...

Page 641: ...riodically you need to create the VRRP backup group and perform corresponding configurations Refer to the part discussing VRRP in this manual for details Examples Enable the master switch of the VRRP backup group to send gratuitous ARP packets periodically Sysname system view System View return to User View with Ctrl Z Sysname arp send gratuitous enable vrrp arp static Syntax arp static ip address...

Page 642: ...guments must belong to the VLAN z Currently static ARP entries cannot be configured on the ports of an aggregation group Related commands reset arp display arp Examples Create a static ARP mapping entry with the IP address of 202 38 10 2 the MAC address of 000f e20f 0000 The ARP mapping entry belongs to Ethernet 1 0 1 which belongs to VLAN 1 Sysname system view System View return to User View with...

Page 643: ...isplay all the ARP entries Sysname display arp Type S Static D Dynamic IP Address MAC Address VLAN ID Port Name AL ID Aging Type 10 2 72 162 000a 000a 0aaa N A N A N A S 192 168 0 77 0000 e8f5 6a4a 1 Ethernet1 0 2 13 D 192 168 0 2 000d 88f8 4e88 1 Ethernet1 0 2 14 D 192 168 0 200 0014 222c 9d6a 1 Ethernet1 0 2 14 D 192 168 0 45 000d 88f6 44c1 1 Ethernet1 0 2 15 D 192 168 0 110 0011 4301 991e 1 Eth...

Page 644: ...tries to be displayed For detailed information about regular expressions refer to Configuration File Management Command in this manual begin Displays the first ARP entry containing the specified string and all subsequent ARP entries exclude Displays the ARP entries that do not contain the specified string include Displays the ARP entries containing the specified string regular expression A case se...

Page 645: ...nt Command in this manual begin Displays the number of ARP entries counted from the first one containing the specified string exclude Displays the number of ARP entries that do not contain the specified string include Displays the number of ARP entries containing the specified string regular expression A case sensitive character string ip address IP address The ARP entries containing the IP addres...

Page 646: ...s arp period resending enable command to disable this function By default this function is enabled the gratuitous ARP packets are sent at an interval of 30 seconds After you enable a VLAN interface to send gratuitous ARP packets periodically hosts on the network will timely update the ARP entry corresponding to the VLAN interface s IP address thus preventing it from being aged out However this fun...

Page 647: ...learning enable command to disable the gratuitous ARP packet learning function By default the gratuitous ARP packet learning function is enabled Examples Enable the gratuitous ARP packet learning function on a switch Sysname system view System View return to User View with Ctrl Z Sysname gratuitous arp learning enable reset arp Syntax reset arp dynamic static interface interface type interface num...

Page 648: ...1 9 Examples Clear static ARP entries Sysname reset arp static ...

Page 649: ...rp anti attack valid check enable command to enable ARP source MAC address consistency check Use the undo arp anti attack valid check enable command to disable this function By default ARP source MAC address consistency check is disabled Examples Enable ARP source MAC address consistency check Sysname system view Sysname arp anti attack valid check enable arp detection enable Syntax arp detection ...

Page 650: ...d VLAN By default ARP attack detection is disabled on the switch Examples Enable ARP attack detection on all ports in VLAN 1 Sysname system view System View return to User View with Ctrl Z Sysname vlan 1 Sysname vlan1 arp detection enable arp detection trust Syntax arp detection trust undo arp detection trust View Ethernet port view Parameters None Description Use the arp detection trust command t...

Page 651: ...ce command to remove the configuration By default ARP packet filtering based on the gateway s IP address is disabled Note that z This command should be configured on a port directly connected to hosts z If you execute this command repeatedly the last configured command takes effect Examples Configure ARP packet filtering based on the gateway s IP address 192 168 0 1 24 on Ethernet 1 0 1 Sysname sy...

Page 652: ...rnet 1 0 2 Sysname system view Sysname interface ethernet1 0 2 Sysname Ethernet1 0 2 arp filter binding 192 168 100 1 000d 88f8 528c arp max learning num Syntax arp max learning num number undo arp max learning num View VLAN interface view Parameters number Maximum number of dynamic ARP entries that can be learned by the interface The effective range is 1 to 4 031 Description Use the arp max learn...

Page 653: ...overy function is disabled Examples Enable the port state auto recovery function of the switch Sysname system view System View return to User View with Ctrl Z Sysname arp protective down recover enable arp protective down recover interval Syntax arp protective down recover interval interval undo arp protective down recover interval View System view Parameters interval Recovery time in seconds of a...

Page 654: ...30 arp rate limit Syntax arp rate limit rate undo arp rate limit View Ethernet port view Parameters rate Maximum ARP packet receiving rate on the port in the range of 10 to 1 024 pps Description Use the arp rate limit command to specify the maximum ARP packet receiving rate on the port If a rate is specified exceeding packets will be discarded Use the undo arp rate limit command to restore the def...

Page 655: ...limit function on Ethernet 1 0 11 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 11 Sysname Ethernet1 0 11 arp rate limit enable arp restricted forwarding enable Syntax arp restricted forwarding enable undo arp restricted forwarding enable View VLAN view Parameters None Description Use the arp restricted forwarding enable command to enable ARP restri...

Page 656: ...ARP trusted port state and discarded invalid ARP packets those failed to pass ARP attack detection on the specified port If ARP attack detection is disabled the statistics of ARP trusted port state and discarded invalid ARP packets will not be displayed Examples Display ARP detection statistics on Ethernet 1 0 10 Sysname display arp detection statistics interface ethernet1 0 10 ARP DETECTION ENABL...

Page 657: ...sses both static and dynamic IP addresses and MAC addresses of authenticated 802 1x clients and uses the mappings for ARP attack detection after IP to MAC static bindings and DHCP snooping entries are checked Use the undo ip source static import dot1x command to disable the function By default this function is disabled Note that this command should be used in cooperation with the arp detection ena...

Page 658: ...the undo arp proxy enable command to disable common proxy ARP on the VLAN interface By default common proxy ARP is disabled on the VLAN interfaces of a switch Related commands display arp proxy Examples Enable common proxy ARP on VLAN interface 2 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 2 Sysname Vlan interface2 arp proxy enable display arp p...

Page 659: ...rp proxy Interface Vlan interface1 Proxy ARP status enabled Local Proxy ARP status disabled Interface Vlan interface2 Proxy ARP status enabled Local Proxy ARP status disabled Interface Vlan interface3 Proxy ARP status disabled Local Proxy ARP status enabled Display the common and local proxy ARP status on VLAN interface 2 Sysname display arp proxy interface Vlan interface 2 Interface Vlan interfac...

Page 660: ...AN interface Use the undo local proxy arp enable command to disable local proxy ARP on the VLAN interface By default local proxy ARP is disabled on the VLAN interfaces of a switch Examples Enable local proxy ARP on VLAN interface 2 Sysname system view Sysname interface vlan interface 2 Sysname Vlan interface2 local proxy arp enable ...

Page 661: ...at can transmit Resilient ARP packets If the unit id argument is not specified this command is to display the Resilient ARP state information of all units If the unit id argument is specified this command is to display the Resilient ARP state information of the specified unit Examples Display the information about the Resilient ARP state of unit 1 Sysname display resilient arp unit 1 The state of ...

Page 662: ...p enable resilient arp interface vlan interface Syntax resilient arp interface Vlan interface vlan id undo resilient arp interface Vlan interface vlan id View System view Parameters vlan id VLAN interface ID Description Use the resilient arp interface Vlan interface command to enable the VLAN interface to send Resilient ARP packets Use the undo resilient arp interface Vlan interface command to dis...

Page 663: ...4 3 Sysname resilient arp interface vlan interface 2 ...

Page 664: ... 1 16 dhcp server option 1 17 dhcp server ping 1 18 dhcp server relay information enable 1 18 dhcp server static bind 1 19 dhcp server tftp server domain name 1 20 dhcp server tftp server ip address 1 21 dhcp server voice config 1 22 display dhcp server conflict 1 23 display dhcp server expired 1 24 display dhcp server free ip 1 25 display dhcp server ip in use 1 26 display dhcp server statistics ...

Page 665: ...snooping 3 1 dhcp snooping information enable 3 1 dhcp snooping information format 3 2 dhcp snooping information packet format 3 3 dhcp snooping information remote id 3 3 dhcp snooping information strategy 3 4 dhcp snooping information vlan circuit id 3 5 dhcp snooping information vlan remote id 3 6 dhcp snooping trust 3 7 display dhcp snooping 3 7 display dhcp snooping trust 3 8 display ip source...

Page 666: ...iii ip address dhcp alloc 5 2 BOOTP Client Configuration Commands 5 3 display bootp client 5 3 ip address bootp alloc 5 4 ...

Page 667: ...DHCP address pool view Parameters domain name Name of a domain a string of 1 to 24 characters You can use the domain command to create a domain Description Use the accounting domain command to enable the DHCP accounting function Use the undo accounting domain command to disable the DHCP accounting function Examples Enter system view Sysname system view System View return to User View with Ctrl Z E...

Page 668: ... bims server command to remove specified BIMS server information from the DHCP global address pool By default the related information of the BIMS server is not specified If you execute the bims server command repeatedly the latest configuration will overwrite the previous one Related commands dhcp server bims server Examples Specify the IP address 192 168 0 1 port number 651 shared key aaa of the ...

Page 669: ...rwrite the previous one Examples Specify the bootfile name aaa cfg in DHCP global address pool 0 for the client Sysname system view Enter system view return to user view with Ctrl Z Sysname dhcp server ip pool 0 Sysname dhcp ip pool 0 bootfile name aaa cfg dhcp enable Syntax dhcp enable undo dhcp enable View System view Parameters None Description Use the dhcp enable command to enable DHCP Use the...

Page 670: ... system view Sysname system view System View return to User View with Ctrl Z Enable DHCP Sysname dhcp enable dhcp select global Syntax VLAN interface view dhcp select global undo dhcp select System view dhcp select global interface interface type interface number to interface type interface number all undo dhcp select interface interface type interface number to interface type interface number all...

Page 671: ...P client Sysname dhcp select global interface vlan interface 1 to vlan interface 3 Configure all interfaces to operate in global DHCP address pool mode so that when a DHCP packet is received from a DHCP client through any interface the DHCP server assigns an IP address in global DHCP address pools to the DHCP client Sysname dhcp select global all dhcp select interface Syntax VLAN interface view dh...

Page 672: ...ed The corresponding implementation is as follows z After a DHCP interface address pool is created by executing the dhcp select interface command UDP 67 and UDP 68 ports used by DHCP are enabled z After a DHCP interface address pool is deleted by executing the undo dhcp select interface command and all other DHCP functions are disabled UDP 67 and UDP 68 ports used by DHCP are disabled accordingly ...

Page 673: ...nterface number keyword and argument combination specifies a port range all Specifies all ports Description Use the dhcp server bims server command to specify the IP address port number and shared key of a BIMS server in the DHCP interface address pool s for the client Use the undo dhcp server bims server command to remove specified BIMS server information from the DHCP interface address pool s By...

Page 674: ... number argument specifies an interface number Description Use the dhcp server bootfile name command to specify the bootfile name in interface address pool for the client Use the undo dhcp server bootfile name command to remove the bootfile name from interface address pool No bootfile name is specified in an interface address pool by default If you execute the dhcp server bootfile name command rep...

Page 675: ...rver dns list Syntax In VLAN interface view use the following commands to specify the DNS server IP address in the current DHCP interface address pool for the client dhcp server dns list ip address 1 8 undo dhcp server dns list ip address all In system view use the following commands to specify the DNS server IP address in multiple DHCP interface address pools for the client dhcp server dns list i...

Page 676: ...ter system view Sysname system view System View return to User View with Ctrl Z Enter VLAN interface 1 view Sysname interface Vlan interface 1 Configure the DNS server IP address 1 1 1 254 for the DHCP address pool of the VLAN interface 1 for the client Sysname Vlan interface1 dhcp server dns list 1 1 1 254 dhcp server domain name Syntax In VLAN interface view use the following commands to configu...

Page 677: ...do dhcp server domain name command to remove the configured domain name suffix By default no domain name suffix is configured for the DHCP client Related commands domain name Examples Enter system view Sysname system view System View return to User View with Ctrl Z Enter VLAN interface 1 view Sysname interface Vlan interface 1 Configure the domain name suffix aabbcc com for the DHCP clients whose ...

Page 678: ...ifies an interface number the interface interface type interface number to interface type interface number keyword and argument combination specifies an interface range all Specifies all interface address pools Description Use the dhcp server expired command to configure the lease time of the IP addresses dynamically obtained in the specified DHCP interface address pool s Use the undo dhcp server ...

Page 679: ...ver forbidden ip command to cancel the forbiddance By default all IP addresses in an address pool are allowed to be automatically assigned Related commands dhcp server ip pool network static bind ip address dhcp server static bind z When you execute the undo dhcp server forbidden ip command make sure that the specified address range does not contain any statically bound IP address z You can config...

Page 680: ... following functions z UDP 67 and UDP 68 ports used by DHCP are enabled only when DHCP is enabled z UDP 67 and UDP 68 ports are disabled when DHCP is disabled The corresponding implementation is as follows z After a DHCP address pool is created by executing the dhcp server ip pool command the UDP 67 and UDP 68 ports used by DHCP are enabled z After a DHCP address pool is deleted by executing the u...

Page 681: ...mber argument specifies an interface number the interface interface type interface number to interface type interface number keyword and argument combination specifies an interface range all In comparison with the ip address argument Specifies all WINS server IP addresses all In comparison with the interface keyword Specifies all interface address pools Description Use the dhcp server nbns list co...

Page 682: ...ifies the m typed node Nodes of this type are p nodes with some broadcasting features h node Specifies the h typed node Nodes of this type are b nodes with peer to peer communicating features interface interface type interface number to interface type interface number Specifies the DHCP interface address pool The interface type argument specifies an interface type the interface number argument spe...

Page 683: ...cii ascii string Specifies a string that is of 1 to 63 characters Note that each character of the string must be an ASCII character hex hex string 1 10 Specifies strings each of which comprises 1 to 8 hexadecimal digits 1 10 means you can provide up to 10 such strings When inputting more than one string separate two neighboring strings with a space The device currently supports total 64 hex digits...

Page 684: ... ranges from 0 to 10 and defaults to 2 Value 0 means no ping operation will be performed timeout milliseconds Specifies the timeout time in milliseconds the device waits for an echo response The milliseconds argument ranges from 0 to 10 000 and defaults to 500 Description Use the dhcp server ping command to set the maximum number of the echo request packets and the maximum timeout time the device ...

Page 685: ...ress mac address View VLAN interface view Parameters ip address IP address to be statically bound Note that the specified IP address must belong to the same network segment as that of the current VLAN interface client identifier Client ID of a static binding a string of 4 to 160 characters in the format H H H each H indicates 4 hex digits except the last H that indicates 2 or 4 hex digits For exam...

Page 686: ...ss 10 1 1 2 to the MAC address 0000 e03f 0305 Assume that the DHCP interface address pool of VLAN interface 1 already exists and the IP address belongs to the address pool Sysname Vlan interface1 dhcp server static bind ip address 10 1 1 2 mac address 0000 e03f 0305 dhcp server tftp server domain name Syntax In VLAN interface view use the following commands to specify the TFTP server name in the c...

Page 687: ... Sysname interface Vlan interface 1 Sysname Vlan interface1 dhcp server tftp server domain name domain1 dhcp server tftp server ip address Syntax In VLAN interface view use the following commands to specify the TFTP server IP address in the current DHCP interface address pool for the client dhcp server tftp server ip address ip address undo dhcp server tftp server ip address In system view use the...

Page 688: ...ol for the client dhcp server voice config ncp ip ip address as ip ip address voice vlan vlan id enable disable fail over ip address dialer string undo dhcp server voice config ncp ip as ip voice vlan fail over In system view use the following commands to configure specified Option 184 and its sub options in multiple DHCP interface address pools for the client dhcp server voice config ncp ip ip ad...

Page 689: ...therwise other sub options do not take effect By default a DHCP server interface address pool does not assign Option 184 and the corresponding sub options to the client Related commands voice config Examples Enter system view Sysname system view System View return to User View with Ctrl Z Enter VLAN interface 1 view Sysname interface Vlan interface 1 Enable the DHCP server to support all the sub o...

Page 690: ...e interface interface type interface number all View Any view Parameters ip ip address Specifies an IP address pool pool name Specifies a global address pool The pool name argument a string of 1 to 35 characters is the name of an address pool If you do not provide this argument this command applies to all global address pools interface interface type interface number Specifies a VLAN interface If ...

Page 691: ...he expired IP addresses of global address pools Interface pool The information about the expired IP addresses of interface address pools IP address Bound IP addresses Client identifier Hardware address User ID or MAC addresses to which IP addresses are bound Lease expiration The time when a lease time expires Type Address binding type display dhcp server free ip Syntax display dhcp server free ip ...

Page 692: ...terface this command applies to all VLAN interfaces all Specifies all address pools Description Use the display dhcp server ip in use command to display the address binding information of one IP address the specified DHCP address pool s or all DHCP address pools Related commands reset dhcp server ip in use Examples Display the address binding information of all DHCP address pools Sysname display d...

Page 693: ...ase expiration Time when the lease expires Type Address binding type display dhcp server statistics Syntax display dhcp server statistics View Any view Parameters None Description Use the display dhcp server statistics command to display the statistics on a DHCP server Related commands reset dhcp server statistics Examples Display the statistics on a DHCP server Sysname display dhcp server statist...

Page 694: ...ne 0 Dhcp Release 1 Dhcp Inform 0 Statistics about the DHCP packets received from DHCP clients Boot Reply 4 Dhcp Offer 1 Dhcp Ack 3 Dhcp Nak 0 Statistics about the DHCP packets sent to DHCP clients Bad Messages Number of the error DHCP packets display dhcp server tree Syntax display dhcp server tree pool pool name interface interface type interface number all View Any view Parameters pool pool nam...

Page 695: ...Field Description Global pool Information about global address pools Interface pool Information about interface address pools Pool name Address pool name network Assignable IP address range Child node The child node address pool of this node This field can display the information about the following types of node Child node Displays the information about an address pool that is a child of the curr...

Page 696: ... dns list command to configure one or multiple DNS server IP addresses in a DHCP global address pool for the DHCP client Use the undo dns list command to remove one or all DNS server IP addresses configured for the DHCP client By default no DNS server IP address is configured If you execute the dns list command repeatedly the new configuration overwrites the previous one Related commands dhcp serv...

Page 697: ...the DHCP global address pool 0 for the DHCP client Sysname dhcp server ip pool 0 Sysname dhcp pool 0 domain name mydomain com expired Syntax expired day day hour hour minute minute unlimited undo expired View DHCP address pool view Parameters day day Specifies the number of days The day argument ranges from 0 to 365 hour hour Specifies the number of hours The hour argument ranges from 0 to 23 minu...

Page 698: ...more than one IP address separate two neighboring IP addresses with a space all Specifies all configured gateway IP addresses Description Use the gateway list command to configure one or multiple gateway IP addresses in the DHCP global address pool for the DHCP client Use the undo gateway list command to remove one or all the configured gateway IP addresses configured for the DHCP client By defaul...

Page 699: ...INS server IP addresses configured for the DHCP client By default no WINS server IP address is configured If you execute the nbns list command repeatedly the new configuration overwrites the previous one Related commands dhcp server ip pool dhcp server nbns list netbios type Examples Enter system view Sysname system view System View return to User View with Ctrl Z Configure the WINS server IP addr...

Page 700: ... Examples Enter system view Sysname system view System View return to User View with Ctrl Z Specify b node as the NetBIOS node type in the DHCP global address pool 0 for the clients Sysname dhcp server ip pool 0 Sysname dhcp pool 0 netbios type b node network Syntax network network address mask mask undo network View DHCP address pool view Parameters network address IP address of a network segment...

Page 701: ...character hex hex string 1 10 Specifies strings each of which comprises of 1 to 8 hexadecimal digits The 1 10 means that you can provide up to 10 such strings When entering more than one strings separate two neighboring strings with a space The device currently supports total 64 hex digits not including spaces ip address ip address 1 8 Specifies IP addresses The 1 8 string means that you can provi...

Page 702: ... ip in use all interface interface type interface number ip ip address pool pool name View User view Parameters all Clears the dynamic address binding information about all IP addresses interface interface type interface number Clears the dynamic address binding information about a specified interface address pool If you do not specify the interface number argument this command clears the dynamic ...

Page 703: ... packets request packets response packets Related commands display dhcp server statistics Examples Clear the statistics on a DHCP server Sysname reset dhcp server statistics static bind client identifier Syntax static bind client identifier client identifier undo static bind client identifier View DHCP address pool view Parameters client identifier The client ID of a static binding a string with 4...

Page 704: ...ame dhcp server ip pool 0 Sysname dhcp pool 0 static bind ip address 10 1 1 1 mask 255 255 255 0 Sysname dhcp pool 0 static bind client identifier aaaa bbbb static bind ip address Syntax static bind ip address ip address mask mask undo static bind ip address View DHCP address pool view Parameters ip address IP address to be bound mask mask Subnet mask of the specified IP address If no mask is prov...

Page 705: ...e host to which the IP address is to be bound You need to provide this argument in the form of H H H Description Use the static bind mac address command to specify a MAC address to which an IP address will be bound statically in a DHCP global address pool Use the undo static bind mac address command to remove such a MAC address By default no such MAC address is specified Note that z The static bin...

Page 706: ... name in a global address pool for the DHCP client Use the undo tftp server domain name command to remove the TFTP server name from a global address pool By default no TFTP server name is specified Using the tftp server domain name command repeatedly will overwrite the previous configuration Related commands dhcp server tftp server domain name Examples Specify the TFTP server name as aaa in the gl...

Page 707: ...config ncp ip as ip voice vlan fail over View DHCP address pool view Parameters ncp ip ip address Specifies the IP address of the primary network calling processor as ip ip address Specifies the IP address of the backup network calling processor voice vlan vlan id Specifies the voice VLAN ID in the range of 2 to 4094 z disable Disables the specified VLAN meaning DHCP clients will not take this VLA...

Page 708: ...n 184 in global address pool 123 The NCP IP address is 1 1 1 1 and the IP address of the alternate server is 2 2 2 2 The voice VLAN is enabled with the ID being 3 The fail over IP address is 3 3 3 3 and the dialer string is 99 Sysname dhcp select global all Sysname dhcp server ip pool 123 Sysname dhcp pool 123 voice config ncp ip 1 1 1 1 Sysname dhcp pool 123 voice config as ip 2 2 2 2 Sysname dhc...

Page 709: ...dresses match a binding on the DHCP relay agent if not the client cannot access outside networks via the DHCP relay agent Use the address check disable command to disable IP address match checking on the DHCP relay agent By default IP address match checking on the DHCP relay agent is disabled Examples Enter system view Sysname system view System View return to User View with Ctrl Z Enter VLAN inte...

Page 710: ...ndshake function is enabled Note that Currently the DHCP relay agent handshake function on a S5500 EI series switch can only interoperate with a Windows 2000 DHCP server Examples Disable the DHCP relay handshake function Sysname system view System View return to User View with Ctrl Z Sysname dhcp relay hand disable dhcp relay information enable Syntax dhcp relay information enable undo dhcp relay ...

Page 711: ...ep replace undo dhcp relay information strategy View System view Parameters drop Specifies to drop messages containing Option 82 keep Specifies to forward messages containing Option 82 without any change replace Specifies to forward messages containing Option 82 after replacing the original Option 82 with the Option 82 padded with the specified content Description Use the dhcp relay information st...

Page 712: ...Use the dhcp security static command to configure a static DHCP address binding entry Use the undo dhcp security command to remove one or all address binding entries or all address binding entries of a specified type Related commands display dhcp security Examples Enter system view Sysname system view System View return to User View with Ctrl Z Configure a static address binding entry with the IP ...

Page 713: ...namic binding entries to 60 seconds Sysname dhcp security tracker 60 dhcp server Syntax dhcp server groupNo undo dhcp server View VLAN interface view Parameters groupNo DHCP server group number This argument ranges from 0 to 19 Description Use the dhcp server command to map the current VLAN interface to a DHCP server group Use the undo dhcp server command to cancel the mapping Note that z A DHCP s...

Page 714: ...mand DHCP services are disabled At the same time UDP 67 and UDP 68 ports used by DHCP are disabled Examples Enter system view Sysname system view System View return to User View with Ctrl Z Enter VLAN interface 1 view Sysname interface vlan interface 1 Specify that VLAN interface 1 corresponds to DHCP server group 1 Sysname Vlan interface1 dhcp server 1 dhcp server detect Syntax dhcp server detect...

Page 715: ...s separated by a space Description Use the dhcp server ip command to configure the DHCP server IP address es in a specified DHCP server group Use the undo dhcp server command to remove all DHCP server IP addresses in a DHCP server group Related commands dhcp server display dhcp server Examples Enter system view Sysname system view System View return to User View with Ctrl Z Configure three DHCP se...

Page 716: ... 1 1 1 0001 0001 0001 Static 192 168 10 2 000d 88f7 b090 Dynamic_ack 2 dhcp security item s found Table 2 1 Description on the fields of the display dhcp security command Field Description IP Address IP address of the DHCP client MAC Address MAC address of the DHCP client IP Address Type Type of the user address entry static dynamic display dhcp server Syntax display dhcp server groupNo View Any v...

Page 717: ...ld Description IP address of DHCP server group 0 DHCP server IP addresses of DHCP server group 0 Messages from this server group Number of the packets the DHCP relay receives from the DHCP server group Messages to this server group Number of the packets the DHCP relay sends to the DHCP server group Messages from clients to this server group Number of the packets the DHCP relay receives from the DH...

Page 718: ...nterface command to display information about the DHCP server group to which a VLAN interface is mapped Related commands dhcp server display dhcp server Examples Display information about the DHCP server group to which VLAN interface 2 is mapped Sysname display dhcp server interface vlan interface 2 Dhcp group 0 is configured on this interface The above information indicates the VLAN interface 2 i...

Page 719: ...2 11 Related commands dhcp server display dhcp server Examples Clear the statistics information of DHCP server group 2 Sysname reset dhcp server 2 ...

Page 720: ...ver without recording the IP to MAC bindings of the DHCP clients By default the DHCP snooping function is disabled Note that z You need to disable DHCP relay agent before enabling DHCP snooping on the switch z The clients connected to a DHCP snooping device cannot obtain an IP address through BOOTP Related commands dhcp server display dhcp snooping Examples Enter system view Sysname system view Sy...

Page 721: ...on format Syntax dhcp snooping information format hex ascii View System view Parameters hex Specifies the storage format of Option 82 as HEX namely hexadecimal string ascii Specifies the storage format of Option 82 as ASCII Description Use the dhcp snooping information format command to configure the storage format of non user defined Option 82 as HEX or ASCII By default the Option 82 is in HEX fo...

Page 722: ...as the extended or standard one By default the padding format for Option 82 is the extended one Examples Configure the padding format for Option 82 as the standard one Sysname system view System View return to User View with Ctrl Z Sysname dhcp snooping information packet format standard dhcp snooping information remote id Syntax dhcp snooping information remote id sysname string string undo dhcp ...

Page 723: ...acket keep If a packet contains Option 82 DHCP snooping keeps and forwards this packet replace If a packet contains Option 82 DHCP snooping replaces the original Option 82 field with the Option 82 field having the specified padding content and forwards the packet Description Use the dhcp snooping information strategy command in system view to configure a handling policy for DHCP requests that cont...

Page 724: ...D sub option string Content of the circuit ID sub option a string of 3 to 63 ASCII characters Description Use the dhcp snooping information vlan circuit id command to configure the content of the circuit ID field in Option 82 Use the undo dhcp snooping information circuit id command to restore the default With vlan vlan id specified the customized circuit ID sub option applies only to the DHCP pac...

Page 725: ...he content of the remote ID in Option 82 Use the undo dhcp snooping information remote id command to restore the default remote ID in Option 82 With vlan vlan id specified the customized remote ID sub option applies only to the DHCP packets from the specified VLAN Without vlan vlan id specified the customized remote ID sub option applies to all DHCP packets that pass through the current port Use t...

Page 726: ...ore an Ethernet port to a DHCP snooping untrusted port By default with the DHCP snooping enabled all the ports of a switch are untrusted ports Note that After DHCP snooping is enabled you need to specify the port connected to a valid DHCP server as trusted to ensure that DHCP clients can obtain valid IP addresses The trusted port and the ports connected to DHCP clients must be in the same VLAN Rel...

Page 727: ... Sysname display dhcp snooping DHCP Snooping is enabled The client binding table for all untrusted ports Type D Dynamic S Static Unit ID 1 Type IP Address MAC Address Lease VLAN Interface D 10 1 1 1 000f e200 0006 200 1 Ethernet1 0 1 1 dhcp snooping item s of unit 1 found display dhcp snooping trust Syntax display dhcp snooping trust View Any view Parameters None Description Use the display dhcp s...

Page 728: ...gured If you specify a VLAN all the IP static binding entries for the specified VLAN will be displayed If you specify a port all the IP static binding entries for the specified port will be displayed Examples Display all IP static binding entries configured Sysname display ip source static binding Type IP Address MAC Address Remaining VLAN Interface lease S 192 168 0 25 0015 e20f 0101 infinite 1 E...

Page 729: ...ress Enables IP filtering based on source MAC addresses of the packets Description Use the ip check source ip address command to enable IP filtering based on the DHCP snooping table and the IP static binding table Use the undo ip check source ip address command to disable the function z If no parameter is specified IP packets are filtered based on source IP addresses z If only the mac address keyw...

Page 730: ...urce MAC address and the port By default no binding among source IP address source MAC address and the port number is configured To create a static binding after IP filtering is enabled with the mac address keyword included on a port the mac address argument must be specified otherwise the packets sent from this IP address cannot pass the IP filtering Related commands ip check source ip address Ex...

Page 731: ...reset dhcp snooping command to remove DHCP snooping entries from a switch If no ip address is specified all DHCP snooping entries are removed Examples Remove all DHCP snooping entries from the switch Sysname reset dhcp snooping ...

Page 732: ...o disable port state auto recovery With the port state auto recovery function a port that is shut down because the DHCP traffic rate limit configured on it is exceeded can automatically be brought up after a specified interval By default the port state auto recovery function on the switch is disabled Examples Enable port state auto recovery on the switch Sysname system view System View return to U...

Page 733: ...at are shut down after the dhcp protective down recover interval command is last executed Examples Set the port state auto recovery interval to 30 seconds Sysname system view System View return to User View with Ctrl Z Sysname dhcp protective down recover enable Sysname dhcp protective down recover interval 30 dhcp rate limit Syntax dhcp rate limit rate undo dhcp rate limit View Ethernet port view...

Page 734: ...ction to limit DHCP traffic for an Ethernet port You can use this command to limit the DHCP traffic passing through an Ethernet port When the number of DHCP packets received on the port per second exceeds the specified threshold the default value is 15 pps the switch will discard the exceeding DHCP packets Use the undo dhcp rate limit enable command to disable the function You can use this command...

Page 735: ...es that operate as DHCP clients support a maximum lease duration of 24 days currently Examples Display the information about the address allocation of DHCP clients Sysname display dhcp client verbose DHCP client statistic information Vlan interface1 Current machine state BOUND Allocated IP 192 168 0 2 255 255 255 0 Allocated lease 86400 seconds T1 43200 seconds T2 75600 seconds Lease from 2002 09 ...

Page 736: ...ease period Server IP IP address of the DHCP server selected Transaction ID Transaction ID Default router Gateway address Next timeout will happen after 0 days 11 hours 56 minutes 1 seconds The timer expires in 11 hours 56 minutes and 1 second ip address dhcp alloc Syntax ip address dhcp alloc undo ip address dhcp alloc View VLAN interface view Parameters None Description Use the ip address dhcp a...

Page 737: ...gh DHCP Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 ip address dhcp alloc BOOTP Client Configuration Commands display bootp client Syntax display bootp client interface Vlan interface vlan id View Any view Parameters vlan id ID of the VLAN interface Description Use the display bootp client command to display BOOTP clien...

Page 738: ...ss bootp alloc undo ip address bootp alloc View VLAN interface view Parameters None Description Use the ip address bootp alloc command to configure a VLAN interface to obtain an IP address through BOOTP Use the undo ip address bootp alloc command to cancel the configuration By default a VLAN interface does not use BOOTP to obtain an IP address Related commands display bootp client Examples Configu...

Page 739: ...scription 1 2 display acl 1 3 display drv qacl_resource 1 4 display packet filter 1 5 display time range 1 6 packet filter 1 7 packet filter vlan 1 9 rule for Basic ACLs 1 10 rule for Advanced ACLs 1 12 rule for Layer 2 ACLs 1 19 rule for user defined ACLs 1 22 rule comment 1 25 time range 1 26 ...

Page 740: ...a user defined ACL match order Specifies the match order for ACL rules Following two match orders exist z auto Specifies to match ACL rules according to the depth first rule z config Specifies to match ACL rules in the order they are defined Note that the match order keyword is not available to Layer 2 ACLs or user defined ACLs The match order for layer 2 ACLs or user defined ACLs can only be conf...

Page 741: ...0 255 255 rule 1 permit source 1 0 0 0 0 255 255 255 As shown in the output information the switch sorts the rules of ACL 2000 in the depth first order a rule with more zeros in the source IP address wildcard has a higher priority description Syntax description text undo description View Basic ACL view advanced ACL view Layer 2 ACL view user defined ACL view Parameters text Description string to b...

Page 742: ...n display acl Syntax display acl all acl number View Any view Parameters all Displays all ACLs acl number Number of the ACL to be displayed in the range of 2000 to 5999 Description Use the display acl command to display the configuration information of a specified or all ACLs Note that if you specify the match order of an ACL when configuring the ACL this command will display the rules of the ACL ...

Page 743: ...urce 3 3 3 0 0 0 0 255 Detailed information of a rule display drv qacl_resource Syntax display drv qacl_resource View Any view Parameters None Description Use the display drv qacl_resource to display the usage of ACL resources on a switch According to the output you can view the information of the consumed ACL resources and determine whether the exhaustion of ACL resources causes that ACL rules ca...

Page 744: ...he used rules spare mask Number of the remaining masks spare rule Number of the remaining rules Apply ACL 2001 to port GigabitEthernet 1 0 49 Sysname system view System View return to User View with Ctrl Z Sysname interface GigabitEthernet 1 0 49 Sysname GigabitEthernet1 0 49 packet filter inbound ip group 2001 Applying Acl 2001 rule 0 failed Reason Resource unavailable GigabitEthernet1 0 49 The a...

Page 745: ... Table 1 3 Description on the fields of the display packet filter command Field Description Ethernet1 0 1 Port on which packet filtering is performed Inbound Direction of the packet filtering Inbound or Outbound Acl 2000 rule 0 ACL and its rule s applied running Status of the rule which can be z running The ACL rule is active z not running The ACL rule is inactive Usually this is because the curre...

Page 746: ... Field Description Current time is 17 01 34 May 21 2007 Monday Current system time Time range Name of the time range Active Status of the time range which can be z Active The time range is active currently z Inactive The time range is not inactive now 12 00 to 18 00 working day The periodic time range is from 12 00 to 18 00 on each working day From 12 00 Jan 1 2008 to 12 00 Jun 1 2008 The absolute...

Page 747: ...from 4000 to 4999 z The user group acl number keyword specifies a user defined ACL The acl number argument ranges from 5000 to 5999 z The rule rule id keyword specifies a rule of an ACL The rule argument ranges from 0 to 65534 If you do not specify this argument all the rules of the ACL are applied Description Use the packet filter command to apply ACL rules on a port to filter packets Use the und...

Page 748: ... packet filter vlan vlan id inbound outbound acl rule View System view Parameters vlan id VLAN ID inbound Specifies to filter packets received by the ports in the VLAN outbound Specifies to filter packets to be transmitted by the ports in the VLAN acl rule ACL rules to be applied which can be a combination of the rules of multiple ACLs as described in Table 1 5 Description Use the packet filter vl...

Page 749: ... ACL 4000 on all ports in VLAN 40 to filter inbound packets Here it is assumed that the ACLs and their rules and the VLAN are already configured Sysname packet filter vlan 40 inbound ip group 3000 rule 1 link group 4000 rule 2 After completing the above configuration you can use the display packet filter command to view information about packet filtering rule for Basic ACLs Syntax rule rule id den...

Page 750: ...e by using the display acl command fragment Removes the settings concerning non tail fragments in the ACL rule source Removes the settings concerning source address in the ACL rule time range Removes the settings concerning time range in the ACL rule Description Use the rule command to define an ACL rule Use the undo rule command to remove an ACL rule or specified settings of an ACL rule To remove...

Page 751: ...ber 2000 Sysname acl basic 2000 rule 1 deny source 192 168 0 1 0 Sysname acl basic 2000 quit Create basic ACL 2001 and define rule 1 to deny packets that are non tail fragments Sysname acl number 2001 Sysname acl basic 2001 rule 1 deny fragment Sysname acl basic 2001 quit Create basic ACL 2002 and define rule 1 to deny all packets during the period specified by time range trname Sysname acl number...

Page 752: ...roviding 0 for the sour wildcard argument The any keyword specifies any source address destination dest addr dest wildcard any Destination address Specifies the destination address information for the ACL rule The dest addr dest wildcard arguments specify the destination address of the packets expressed in dotted decimal notation You can specify the IP address of a host as the destination address ...

Page 753: ...or example you need to input 0 0 255 255 to specify the subnet mask 255 255 0 0 If you specify the dscp keyword you can directly input a value ranging from 0 to 63 or input one of the keywords listed in Table 1 8 as DSCP Table 1 8 DSCP values and the corresponding keywords Keyword DSCP value in decimal DSCP value in binary af11 10 001010 af12 12 001100 af13 14 001110 af21 18 010010 af22 20 010100 ...

Page 754: ...in binary routine 0 000 priority 1 001 immediate 2 010 flash 3 011 flash override 4 100 critical 5 101 internet 6 110 network 7 111 If you specify the tos keyword you can directly input a value ranging from 0 to 15 or input one of the keywords listed in Table 1 10 as the ToS value Table 1 10 ToS value and the corresponding keywords Keyword ToS in decimal ToS in binary normal 0 0000 min monetary co...

Page 755: ...s numerals the value range is 0 to 65535 With the range operator the value of port2 does not need to be greater than that of port1 because the switch can automatically judge the value range If the value of port1 is the same as that of port2 the switch will convert the operator range to eq Note that if you specify a combination of lt 1 or gt 65534 the switch will convert it to eq 0 or eq 65535 esta...

Page 756: ... 1 13 Table 1 13 ICMP specific ACL rule information Parameters Type Function Description icmp type icmp type icmp code Type and message code information of ICMP packets Specifies the type and message code information of ICMP packets in the ACL rule icmp type ICMP message type ranging from 0 to 255 icmp code ICMP message code ranging from 0 to 255 If the protocol type is ICMP you can also just inpu...

Page 757: ...to TCP or UDP icmp type Removes the settings concerning the ICMP type and message code in the ACL rule This keyword is only available to the ACL rules with their protocol type set to ICMP precedence Removes the precedence related settings in the ACL rule tos Removes the ToS related settings in the ACL rule dscp Removes the DSCP related settings in the ACL rule time range Removes the time range set...

Page 758: ... with the source IP address of 192 168 0 1 and DSCP priority of 46 Sysname system view System View return to User View with Ctrl Z Sysname acl number 3000 Sysname acl adv 3000 rule 1 deny ip source 192 168 0 1 0 dscp 46 Sysname acl adv 3000 quit Create advanced ACL 3001 and define rule 1 to permit TCP packets that are sourced from network 129 9 0 0 16 destined for network 202 38 160 0 24 and using...

Page 759: ...e format of H H H vlan id Source VLAN ID in the range of 1 to 4 094 dest dest mac addr dest mac mask Destination MAC address information Specifies the destination MAC address range for the ACL rule dest mac addr Destination MAC address in the format of H H H dest mac mask Mask of the destination MAC address in the format of H H H cos cos Priority Specifies the 802 1p priority of the rule cos VLAN ...

Page 760: ...matically If the ACL has no rules the rule is numbered 0 otherwise the number of the rule will be the greatest rule number plus one If the current greatest rule number is 65534 however the system will display an error message and you need to specify a number for the rule z The content of a modified or created rule cannot be identical with the content of any existing rules otherwise the rule modifi...

Page 761: ...bytes when the rule string contains four hexadecimal numerals the maximum value of offset is 78 bytes and so on z The valid length of the mask offset is 128 hexadecimal numerals 64 bytes For example assume that you specify a rule string of aa and set its offset to 2 If you continue to specify a rule string of bb its offset must be in the range from 3 to 65 bytes If you set the offset of the rule s...

Page 762: ... you modify the rule string rule mask offset combinations however the new combinations will replace all of the original ones z If you do not specify the rule id argument when creating an ACL rule the rule will be numbered automatically If the ACL has no rules the rule is numbered 0 otherwise the number of the rule will be the greatest rule number plus one If the current greatest rule number is 655...

Page 763: ...packets sourced from 192 168 0 1 it is assumed that no port is enabled with the VLAN VPN function In the following rule command line 0806 is the protocol number of ARP 16 is the offset of the protocol field in an Ethernet packet that the switch processes internally c0a80001 is the representation of 192 168 0 1 in hexadecimal and 32 is the offset of the source IP address field in an ARP packet that...

Page 764: ...tring does not comply with the rule that a user defined rule string can contain up to eight mask offset units and any two offset units cannot belong to the same offset group The ACL cannot be assigned After completing the above configuration you can use the display acl command to view the configuration information of the ACLs rule comment Syntax rule rule id comment text undo rule rule id comment ...

Page 765: ...end time days of the week from start time start date to end time end date from start time start date to end time end date to end time end date View System view Parameters all Removes all the time ranges time name Name of a time range a case insensitive string of 1 to 32 characters that starts with a to z or A to Z To avoid confusion it cannot be all start time Start time of a periodic time range i...

Page 766: ...ed in a time range the time range is active only when the system time is within the defined absolute time section If multiple absolute time sections are defined in a time range the time range is active only when the system time is within one of the absolute time sections z If both a periodic time section and an absolute time section are defined in a time range the time range is active only when th...

Page 767: ...1 28 From 12 00 Jan 1 2008 to 12 00 Jun 1 2008 ...

Page 768: ...play qos interface traffic statistic 1 10 display queue scheduler 1 11 line rate 1 12 mirrored to 1 13 priority 1 15 priority trust 1 16 protocol priority protocol type 1 17 qos cos local precedence map 1 19 queue scheduler 1 21 reset traffic statistic 1 23 traffic limit 1 25 traffic priority 1 27 traffic priority vlan 1 30 traffic redirect 1 31 traffic remark vlanid 1 33 traffic statistic 1 33 wr...

Page 769: ...resent z High speed traffic is forwarded over a low speed link or traffic received from multiple interfaces at the same speed is forwarded through an interface at the same speed By enabling the burst function on your switch you can improve the processing performance of the switch operating in the above scenarios and thus drop packet loss rate z For packets to be forwarded properly you must not ena...

Page 770: ...orities for certain protocol packets generated by it The supported protocols are Telnet SNMP ICMP and OSPF Depending on your configuration the IP or DSCP precedence is displayed for a specified protocol Related commands protocol priority Examples Display the list of protocol priorities manually specified Sysname display protocol priority Protocol ospf IP Precedence routine 0 Protocol telnet DSCP b...

Page 771: ...play qos cos local precedence map command to display the 802 1p priority to local precedence mapping illustrated by an 802 1p priority to local precedence mapping table as shown in the following example After a packet enters a switch the switch sets the 802 1p priority and local precedence for the packet according to its own capability and the corresponding rules The local precedence is locally si...

Page 772: ...lways 1 The unit ID ranges from 1 to 8 depending on the unit ID of the switch in the fabric For example if two switches form a fabric with the unit IDs being 3 and 5 respectively the unit IDs of the two switches can only be 3 and 5 Description Use the display qos interface all command to display all the QoS related configuration settings of a port or a unit Examples Display all the QoS related con...

Page 773: ...2 weight of queue 2 3 weight of queue 3 4 weight of queue 4 5 weight of queue 5 9 weight of queue 6 13 weight of queue 7 15 Ethernet1 0 1 traffic remark vlanid Inbound Matches Acl 2000 rule 0 running Remark vlan 2 Table 1 3 Description on the fields of the display qos interface all command Field Description Ethernet1 0 1 QoS functions configured on a port including z traffic limit traffic policing...

Page 774: ... Sets IP precedence for packets z local precedence Sets local precedence for packets Redirected to z interface indicates that the packets are redirected to the port z cpu indicates that the packets are redirected to the CPU z link aggregation group indicates that the packets are redirected to the aggregation group inprofile Statistics about the packets within the traffic limit outprofile Statistic...

Page 775: ... Kbps Burst bucket size 16 Kbyte Refer to Table 1 3 for the description on the output fields display qos interface mirrored to Syntax display qos interface interface type interface number unit id mirrored to View Any view Parameters interface type interface number Specifies the type and number of a port for which traffic mirroring configuration is to be displayed unit id Unit ID of the switch for ...

Page 776: ...he value range for the unit id argument refer to Table 1 2 Description Use the display qos interface traffic limit command to display the traffic policing configuration of a port or a unit Related commands traffic limit Examples Display the traffic policing configuration of Ethernet 1 0 1 Sysname display qos interface Ethernet1 0 1 traffic limit Ethernet1 0 1 traffic limit Inbound Matches Acl 3000...

Page 777: ...t1 0 1 traffic priority Ethernet1 0 1 traffic priority Inbound Matches Acl 2000 rule 0 running Priority action dscp ef Refer to Table 1 3 for the description on the output fields display qos interface traffic redirect Syntax display qos interface interface type interface number unit id traffic redirect View Any view Parameters interface type interface number Specifies the type and number of a port...

Page 778: ... configuration is to be displayed unit id Unit ID of the switch whose VLAN mapping configuration is to be displayed For the value range for the unit id argument refer to Table 1 2 Description Use the display qos interface traffic remark vlanid command to display the VLAN mapping configuration of a port or a unit Related commands traffic remark vlanid Examples Display the VLAN mapping configuration...

Page 779: ...fic statistic Examples Display the traffic accounting configuration and traffic statistics of Ethernet 1 0 1 Sysname display qos interface Ethernet1 0 1 traffic statistic Ethernet1 0 1 traffic statistic Inbound Matches Acl 2000 rule 2 running 6 packets inprofile 0 packet outprofile Refer to Table 1 3 for the description on the output fields display queue scheduler Syntax display queue scheduler Vi...

Page 780: ...The range of this argument varies with port type as follows z Fast Ethernet port 64 to 99 968 z GigabitEthernet port 64 to 1 000 000 The granularity of port rate limit is 64 kbps Assume that the value you provide for the target rate argument is in the range N 64 to N 1 64 N is a natural number it will be rounded off to N 1 64 burst bucket burst bucket size Specifies the maximum burst traffic size ...

Page 781: ...28 Kbps Burst bucket size 32 Kbyte mirrored to Syntax mirrored to inbound outbound acl rule monitor interface cpu undo mirrored to inbound outbound acl rule View Ethernet port view Parameters inbound Duplicates inbound packets outbound Duplicates outbound packets acl rule ACL rules to be used for traffic classification This argument can be a combination of multiple ACLs For more information about ...

Page 782: ...ackets to the CPU Description Use the mirrored to command to configure traffic mirroring Use the undo mirrored to command to cancel the configuration Traffic monitoring provides a finer mirroring granularity than port mirroring which mirrors all traffic passing through a port For detailed information about port mirroring refer to the part talking about mirroring Note that z If you mirror traffic t...

Page 783: ...isplay the traffic mirroring configuration of Ethernet 1 0 1 and Ethernet 1 0 2 Sysname display qos interface Ethernet 1 0 1 mirrored to Ethernet1 0 1 mirrored to Inbound Matches Acl 2000 rule 0 running Mirrored to monitor interface Sysname display qos interface Ethernet 1 0 2 mirrored to Ethernet1 0 2 mirrored to Inbound Matches Acl 2000 rule 0 running Mirrored to cpu priority Syntax priority pri...

Page 784: ...Z Sysname interface Ethernet1 0 1 Sysname Ethernet1 0 1 priority 6 priority trust Syntax priority trust undo priority View Ethernet port view Parameters None Description Use the priority trust command to configure the switch to trust the 802 1p priority of an inbound packet Use the undo priority command to restore the default settings By default port priority is trusted and the priority of a port ...

Page 785: ...Specifies the protocol type which could be Telnet SNMP ICMP or OSPF ip precedence ip precedence Specifies an IP precedence in digits for the specified protocol in the range 0 to 7 Alternatively you can specify the IP precedence in words available keywords are listed in Table 1 6 Table 1 6 IP precedence values in words and in digits IP precedence in words IP precedence in digits routine 0 priority ...

Page 786: ... cs3 24 cs4 32 cs5 40 cs6 48 cs7 56 ef 46 Description Use the protocol priority command to set the global IP precedence or DSCP precedence for the specified type of protocol packets generated by the current switch Use the undo protocol priority command to cancel the configuration By default the IP precedence and the DSCP precedence are 0 for all protocol packets generated by the current switch Rel...

Page 787: ...p local prec cos1 map local prec cos2 map local prec cos3 map local prec cos4 map local prec cos5 map local prec cos6 map local prec cos7 map local prec undo qos cos local precedence map View System view Parameters cos0 map local prec Local precedence to which 802 1p 0 is to be mapped in the range 0 to 7 cos1 map local prec Local precedence to which 802 1p 1 is to be mapped in the range 0 to 7 cos...

Page 788: ...ping Table 1 8 The default 802 1p priority to local precedence mapping 802 1p priority Local precedence 0 2 1 0 2 1 3 3 4 4 5 5 6 6 7 7 Related commands display qos cos local precedence map Examples Configure the 802 1p priority to local precedence mapping table as follows 0 to 0 1 to 1 2 to 2 3 to 3 4 to 4 5 to 5 6 to 6 and 7 to 7 Sysname system view System View return to User View with Ctrl Z Sy...

Page 789: ...th queue5 width queue6 width queue7 width Customizes the bandwidth values to be allocated for queues 0 through 7 in kbps In system view the bandwidth ranges from 0 to 99968 The bandwidth varies with the port type as follows z Fast Ethernet port 0 to 99968 z Gigabit Ethernet port 0 to 1000000 Bandwidth granularity is 64 kbps Assume that the value provided is in the range N 64 to N 1 64 N is a natur...

Page 790: ... you configure queues 0 and 2 to adopt SP and queues 3 through 7 to adopt WRR in system view you can modify the weights of queues 3 through 7 in port view but cannot modify the queue scheduling algorithm of any queue in port view z If the weight or bandwidth value specified in system view for a queue of WRR queuing or WFQ queuing cannot meet the requirement of a port you can modify the weight or b...

Page 791: ...eue 0 through queue 7 to 1 2 3 4 5 6 7 and 8 Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 queue scheduler wrr 1 2 3 4 5 6 7 8 Display the global queue scheduling configuration Sysname Ethernet1 0 1 display queue scheduler Queue scheduling mode weighted round robin weight of queue 0 2 weight of queue 1 2 weight of queue 2 4 weight of queue 3 4 weight of queue 4 6 weight of queue 5 6 weigh...

Page 792: ...tches Acl 2008 rule 0 running 13775 packets inprofile 2061 packets outprofile Matches Acl 4008 rule 0 running 2606 packets inprofile 0 packet outprofile Clear the statistics about inbound packets matching ACL 2008 on Ethernet 1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 reset traffic statistic inbound ip group 2008 Dis...

Page 793: ...the ACL rules referenced must be those defined with the permit keyword union effect Specifies that all the ACL rules including those identified by the acl rule argument in this command and those applied previously are valid If this keyword is not specified traffic policing issues both the rate limiting action and the permit action at the same time that is traffic policing permits the conforming tr...

Page 794: ...opped egress port interface type interface number Enables traffic policing for the outbound packets of the port identified by interface type interface number The interface type interface number argument refers to the port type and port number If you specify this keyword argument combination this command applies to the outbound unicast packets that pass the port and match the ACL rules z When you c...

Page 795: ... policing for packets matching specific ACL rules Related commands display qos interface traffic limit Examples Configure traffic policing for inbound packets sourced from VLAN 200 on Ethernet 1 0 1 setting the target packet rate to 128 kbps burst bucket size to 64 KB and configuring to drop the packets exceeding the rate limit Sysname system view System View return to User View with Ctrl Z Sysnam...

Page 796: ...e pre value argument or in words as shown in Table 1 10 Alternatively you can specify the from ipprec keyword for the switch to extract the IP precedence for the 802 1p priority Table 1 10 802 1p priority values in words and in digits 802 1p priority in words 802 1p priority in digits best effort 0 background 1 spare 2 excellent effort 3 controlled load 4 video 5 voice 6 network management 7 local...

Page 797: ...netframe 4000 rule permit cos 5 Sysname acl ethernetframe 4000 quit Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 traffic priority inbound link group 4000 cos 1 Set the DSCP precedence of inbound DNS protocol packets to 16 corresponding to the cs2 keyword on Ethernet 1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname acl number 3000 Sysname acl adv 3000 rule per...

Page 798: ... can also provide one of the keywords listed in Table 1 7 for the dscp value argument ip precedence pre value from cos Sets the IP precedence You can assign a value in digits in the range of 0 to 7 for the pre value argument or in words as shown in Table 1 6 Alternatively you can specify the from cos keyword for the switch to extract the 802 1p priority for the IP precedence cos pre value from ipp...

Page 799: ...l ethernetframe 4000 quit Sysname traffic priority vlan 2 inbound link group 4000 cos 1 traffic redirect Syntax traffic redirect inbound outbound acl rule cpu interface interface type interface number link aggregation group agg id untagged undo traffic redirect inbound outbound acl rule View Ethernet port view Parameters inbound Redirects inbound packets outbound Redirects outbound packets acl rul...

Page 800: ... for information about Combo ports z If the traffic is configured to be redirected to an aggregation group the traffic is redirected to the master port of the aggregation group Refer to Link Aggregation module of this manual for information about aggregation group z When the traffic redirecting function is used in conjunction with the selective QinQ function you can specify the untagged keyword as...

Page 801: ...s are to be mapped Description Use the traffic remark vlanid command to enable VLAN mapping and set the target VLAN ID for packets matching specific ACL rules Use the undo traffic remark vlanid command to disable VLAN mapping for packets matching specific ACL rules Related commands display qos interface traffic remark vlanid Examples Enable VLAN mapping on Ethernet 1 0 1 to map the VLAN IDs of the...

Page 802: ...interface traffic statistic reset traffic statistic Examples Enable traffic accounting on Ethernet 1 0 1 for the inbound packets sourced from the IP network segment 1 1 1 0 24 Sysname system view System View return to User View with Ctrl Z Sysname acl number 2000 Sysname acl basic 2000 rule permit source 1 1 1 0 0 0 0 255 Sysname acl basic 2000 quit Sysname interface Ethernet 1 0 1 Sysname Etherne...

Page 803: ... to enable the WRED function Use the undo wred command to restore the default By default the WRED function is disabled Examples Enable the WRED function for queue 2 on Ethernet 1 0 1 specifying to drop packets at random when the number of packets in queue 2 exceeds 64 and setting the dropping probability to 20 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethern...

Page 804: ...st of Ethernet ports You can specify multiple Ethernet ports by providing this argument in the form of interface type interface number to interface type interface number Description Use the apply qos profile command to apply a QoS profile to a port in Ethernet port view or multiple ports in system view Use the undo apply qos profile command to remove a QoS profile from a port in Ethernet port view...

Page 805: ...s a string of 1 to 184 characters and in the form of aa cc with aa for user name and cc for domain name Description Use the display qos profile command to display the configuration of a QoS profile or all the QoS profiles Examples Display the configuration of the QoS profile named test Sysname display qos profile name test qos profile test 3 actions packet filter inbound ip group 2000 rule 0 traff...

Page 806: ...rofile packet filter inbound ip group 2000 rule 0 Filter the inbound packets matching rule 0 of ACL 2000 traffic limit inbound ip group 3000 rule 0 64 Limit the rate of the inbound packets matching rule 0 of ACL 3000 to 64 kbps traffic priority inbound ip group 4000 rule 0 cos controlled load Set the 802 1p precedence of the inbound packets matching rule 0 of ACL 4000 to controlled load that is 80...

Page 807: ...he packet filtering action to a QoS profile Use the undo packet filter command to remove the packet filtering action from a QoS profile Examples Add the packet filtering action to the QoS profile named a123 to filter the inbound packets sourced from MAC address 000F 1FD7 9528 Sysname system view System View return to User View with Ctrl Z Sysname acl number 4000 Sysname acl ethernetframe 4000 rule...

Page 808: ...S profile is applied to the port manually use the undo apply qos profile command to remove the QoS profile from the port z If the QoS profile is applied to the port dynamically log off the user connected to the port to remove the QoS profile from the port Examples Create a QoS profile named a123 Sysname system view System View return to User View with Ctrl Z Sysname qos profile a123 Sysname qos pr...

Page 809: ...kets received through the interface acl rule ACL rules to be applied for traffic classification This argument can be the combination of multiple ACLs For more information about this argument refer to Table 1 4 and Table 1 5 Note that the ACL rules referenced must be those defined with the permit keyword union effect Specifies that all the ACL rules including those identified by the acl rule argume...

Page 810: ... outbound packets of the port identified by interface type interface number If you specify this keyword this command applies to the outbound unicast packets that pass the port and match the ACL rules z When you configure the traffic policing over a port an ACL rule can only be applied to one egress port If you configure the same ACL rule for different egress ports only the last configuration takes...

Page 811: ...affic priority inbound outbound acl rule View QoS profile view Parameters inbound Performs priority marking on the inbound packets outbound Performs priority marking on the outbound packets acl rule ACL rules to be applied for traffic classification This argument can be the combination of multiple ACLs For more information about this argument refer to Table 1 4 and Table 1 5 Note that the ACL rule...

Page 812: ...al precedence automatically If local precedence marking is also configured there will be two local precedence values for the traffic resulting in conflict In this case the device will display an error prompt Examples Add the priority marking action to the QoS profile named a123 to set the local precedence of the inbound packets sourced from IP address 1 1 1 1 to 0 Sysname system view System View r...

Page 813: ...nds 1 1 display mirroring group 1 1 mirroring group 1 3 mirroring group mirroring port 1 3 mirroring group monitor port 1 4 mirroring group reflector port 1 5 mirroring group remote probe vlan 1 6 mirroring port 1 7 monitor port 1 8 remote probe vlan enable 1 9 ...

Page 814: ...lay the parameter settings of the destination groups for remote mirroring remote source Specifies to display the parameter settings of the source groups for remote mirroring Description Use the display mirroring group command to display port mirroring configurations Related commands mirroring group mirroring port mirroring group monitor port Examples Display the configurations of a local mirroring...

Page 815: ...group which can be active or inactive mirroring port Source port in port mirroring This field is available only for local mirroring groups or remote source mirroring groups both inbound outbound The direction of the mirrored packets which can be one of the following z both means packets received on and sent from the mirroring port are mirrored z Inbound means packets received on the mirroring port...

Page 816: ...e the undo mirroring group command to remove a port mirroring group The mirroring group you created can take effect only after you configure other parameters for it Note that a Switch 5500 EI supports configuring only one destination port in local port mirroring or one reflector port in remote port mirroring That is on a Switch 5500 EI there can be only one effective local mirroring group or one e...

Page 817: ...roring group mirroring port command to configure the source ports for a local mirroring group or a remote source mirroring group Use the undo mirroring group mirroring port command to remove the source ports of a local mirroring group or a remote source mirroring group Note that z You cannot configure a member port of an existing mirroring group or a fabric port as a source port for port mirroring...

Page 818: ... an existing mirroring group a member port of an aggregation group a fabric port or a port enabled with LACP or STP as the destination port z Before configuring a destination port for a local mirroring group make sure that the corresponding mirroring group has already been created z It is recommended that you use a destination port for port mirroring purpose only Do not use a destination port to t...

Page 819: ...etection packet filtering QoS port security and so on z When a port is configured as a reflector port the switch configures its link state as up duplex mode as full and port rate as the maximum rate supported on the port You cannot modify the duplex mode port rate and MDI attribute of a reflector port z It is recommended that you use a reflector port for port mirroring purpose only Examples Config...

Page 820: ...Sysname system view System View return to User View with Ctrl Z Sysname vlan 100 Sysname vlan100 remote probe vlan enable Sysname vlan100 quit Sysname mirroring group 1 remote source Sysname mirroring group 1 remote probe vlan 100 mirroring port Syntax mirroring port both inbound outbound undo mirroring port View Ethernet port view Parameters both Specifies to mirror all packets received on and se...

Page 821: ...re Ethernet 1 0 1 as the source port and mirror all packets received on and sent from this port Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 mirroring port both monitor port Syntax monitor port undo monitor port View Ethernet port view Parameters None Description Use the monitor port command to configure the destination port...

Page 822: ...e Ethernet 1 0 4 as a destination port in Ethernet port view Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 4 Sysname Ethernet1 0 4 monitor port remote probe vlan enable Syntax remote probe vlan enable undo remote probe vlan enable View VLAN view Parameters None Description Use the remote probe vlan enable command to configure the current VLAN as the...

Page 823: ...d commands mirroring group remote probe vlan Examples Configure VLAN 5 as the remote probe VLAN Sysname system view System View return to User View with Ctrl Z Sysname vlan 5 Sysname vlan5 remote probe vlan enable ...

Page 824: ...i Table of Contents 1 Web Cache Redirection Configuration Commands 1 1 Web Cache Redirection Configuration Commands 1 1 display webcache 1 1 webcache address 1 2 webcache redirect vlan 1 4 ...

Page 825: ...play Web cache redirection configuration and the status of Web cache Sysname display webcache webcache IP address 1 1 1 1 webcache MAC address 000f e20f 0000 webcache port Ethernet1 0 1 webcache VLAN 1 webcache TCP port 80 webcache redirect VLAN VLAN 2 Valid VLAN 3 Invalid webcache status accessible Table 1 1 Description on the fields of the display webcache command Filed Description webcache IP a...

Page 826: ...tion function is enabled but Web cache detection is not started z Enable and detecting Indicates that the redirection function is enabled and the system is detecting the Web cache device z Enable but hardware not support Indicates that the redirection function is enabled but the hardware does not support this function z Enable but detection fail Indicates that the redirection function is enabled b...

Page 827: ... will not take effect z The VLAN interface of the VLAN which the Web cache server belongs to must be up otherwise the Web cache redirection function will not take effect z If you configured both the Web cache redirection function and the STP function to ensure that the Web cache redirection function can take effect you are recommended to configure the port connecting the Web cache server as a trun...

Page 828: ...Before configuring a VLAN as a redirected VLAN you need to create the VLAN interface for the VLAN z You can configure multiple redirected VLANs by executing the webcache redirect vlan command repeatedly You can configure up to 8 redirected VLANs z If you do not specify the vlan id argument when executing the undo webcache redirect vlan command the command will remove all the configured redirected ...

Page 829: ...supply 1 4 display poe temperature protection 1 5 poe disconnect 1 6 poe enable 1 6 poe legacy enable 1 7 poe max power 1 7 poe mode 1 8 poe power management 1 9 poe priority 1 9 poe temperature protection 1 10 poe update 1 11 update fabric 1 12 2 PoE Profile Configuration Commands 2 1 PoE Profile Configuration Commands 2 1 apply poe profile 2 1 display poe profile 2 2 poe profile 2 3 ...

Page 830: ...sconnect The PoE disconnect mode is AC display poe interface Syntax display poe interface interface type interface number View Any view Parameters interface type interface number Port type and port number Description Use the display poe interface command to view the PoE status of a specific port or all ports of the switch If the interface type interface number argument is not specified the command...

Page 831: ... PoE status on the port z user command set port to off PoE to the port is turned off by the user z Standard PD was detected A standard PD is detected z detection is in process PDs are being detected Port power mode PoE mode on the port signal PoE through the signal cable Port PD class Class of power to the PD Port power priority PoE priority of the port z critical The highest z high High z low Low...

Page 832: ...R Power status on the port ON OFF ENABLE PoE enabled disabled status on the port MODE PoE mode on the port z signal PoE through the signal cable z spare PoE through the spare cable PRIORITY PoE priority of the port z critical Highest z high High z low Low STATUS PoE status on the port z user command set port to off PoE to the port is turned off by the user z Standard PD was detected A standard PD ...

Page 833: ...poe interface power PORT INDEX POWER mW PORT INDEX POWER mW Ethernet1 0 1 0 Ethernet1 0 2 0 Ethernet1 0 3 0 Ethernet1 0 4 0 Ethernet1 0 5 0 Ethernet1 0 6 0 Ethernet1 0 7 0 Ethernet1 0 8 0 Ethernet1 0 9 0 Ethernet1 0 10 12400 Omitted display poe powersupply Syntax display poe powersupply View Any view Parameters None Description Use the display poe powersupply command to view the parameters of the ...

Page 834: ...D Version Version of the PSE complex programmable logical device CPLD PSE Power Management mode PoE management mode on the port when the PSE is overloaded z The auto keyword indicates that the auto mode is adopted that is the PoE management mode based on the PoE priority of the port is adopted z The manual keyword indicates that the manual mode is adopted in the PoE management on the port display ...

Page 835: ...mand to restore the default The default PD disconnection detection mode is AC Note that change to the PD disconnection detection mode may lead to power off of some PDs Examples Set the PD disconnection detection mode to DC Sysname system view Sysname poe disconnect dc poe enable Syntax poe enable undo poe enable View Ethernet port view Parameters None Description Use the poe enable command to enab...

Page 836: ...stem view Parameters None Description Use the poe legacy enable command to enable the PD compatibility detection function Use the undo poe legacy enable command to disable the PD compatibility detection function PDs compliant with IEEE 802 3af standards are called standard PDs When the PD compatibility detection function is enabled the switch can detect non standard PDs By default the PD compatibi...

Page 837: ...d display poe interface power commands to display the power supply information of a port Examples Set the maximum power supplied by Ethernet 1 0 3 to 15000 mW Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 3 Sysname Ethernet1 0 3 poe max power 15000 poe mode Syntax poe mode signal spare undo poe mode View Ethernet port view Parameters signal Supplies...

Page 838: ...ding Use the undo poe power management command to restore the default mode By default the PoE management mode on port is auto You can use the poe priority command to set the PoE priority of a port Examples Configure the PoE management mode on a port to auto that is adopt the PoE management mode based on the PoE priority of the port Sysname system view System View return to User View with Ctrl Z Sy...

Page 839: ...vailable power of the whole switch is less than 18 8 W and there is no port with low priority the port with the inserted PD cannot supply power Examples Set the PoE priority of Ethernet 1 0 3 to critical Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 3 Sysname Ethernet1 0 3 poe priority critical poe temperature protection Syntax poe temperature prote...

Page 840: ... PSE completely and then reload the PoE processing software filename Update file name with a length of 1 to 64 characters and with the extension s19 Description Use the poe update command to update the PSE processing software online z Use the full mode only when the refresh mode fails In normal cases use the refresh mode z When the PSE processing software is damaged that is all the PoE commands ca...

Page 841: ...ftware of the fabric switch remotely on any device in the fabric Examples Upgrade the PSE processing software poe2046 s19 in the flash of unit 2 to upgrade the PSE processing software of all the units in the fabric Sysname update fabric unit2 flash poe2046 s19 This will update the Fabric Continue Y N y The software is verifying The result of verification is Unit ID Free space bytes Enough Version ...

Page 842: ...view Parameters profile name Name of a PoE profile a string of 1 to 15 characters It starts with a letter from a to z or from A to Z and it cannot be any of reserved keywords like all interface user undo and mode interface type interface number Port type and port number With this argument provided you can specify the Ethernet port on which the existing PoE profile configuration is applied in syste...

Page 843: ...to query which PoE profile is applied to a port However the command cannot be used to query which PoE features in a PoE profile are applied successfully Examples Apply the existing PoE profile profile test configuration to ports Ethernet 1 0 1 through Ethernet 1 0 9 of the switch Sysname system view System View return to User View with Ctrl Z Sysname apply poe profile profile test interface ethern...

Page 844: ...e Description Use the poe profile command to create a PoE profile and then enter PoE profile view If the PoE profile is already created you will enter PoE profile view directly Use the undo poe profile command to delete an existing PoE profile The following PoE features can be configured in the PoE profile mode poe enable poe mode signal spare poe priority critical high low poe max power max power...

Page 845: ...ange unit id 1 2 display ftm 1 4 display xrn fabric 1 7 fabric member auto update software enable 1 7 fabric save unit id 1 8 fabric port enable 1 10 ftm fabric vlan 1 12 xrn fabric authentication mode 1 12 port link type xrn fabric 1 13 reset ftm statistics 1 14 set unit name 1 14 sysname 1 15 ...

Page 846: ...ID of the current switch note the following z If the modified unit ID is not used in the XRN fabric the system sets its priority to 5 and saves it in the Flash memory of the current switch z If the modified unit ID is being used the system prompts you to confirm if you really want to change the unit ID If you choose to change it the existing unit ID is replaced and the priority is set to 5 The ori...

Page 847: ...umbering mode Description Use the change unit id command to configure the unit ID of a specified switch in an XRN fabric to a new value By default when a switch is added to an XRN fabric it uses the automatically assigned unit ID When you change the unit ID of a switch in an XRN fabric note the following z If the modified unit ID of the switch is not used in the fabric the system sets its priority...

Page 848: ...00f e20f 5132 10 Left 1 A 3 000f e20f 5252 10 Right 1 A 4 000f e20f 8922 10 Left 1 A 5 000f cbb7 2142 10 Right 1 A 6 000f cbb7 3264 10 Left 1 A 7 000f cbb7 2260 10 Right 1 A 8 000f cbb7 2734 10 Left 1 A Change the unit ID of the switch from 6 to 4 Sysname system view System View return to User View with Ctrl Z Sysname change unit id 6 to 4 The unit 4 already exists in fabric Continue Y N y Apr 2 0...

Page 849: ...tatistics topology database Displays the topology database information of the fabric Description Use the display ftm command to display the protocol information or the topology database information of the current fabric Examples Display the FTM module information of the switch Sysname display ftm information FTM State HB STATE Unit ID 2 FTM Master Fabric Type Line Fabric Auth NONE Fabric Vlan ID 4...

Page 850: ...c name of the fabric are different z Isolated different version The software version of the directly connected device and that of the current device are different z Isolated auth failure The XRN fabric authentication modes configured for the local device and that of the fabric are not the same or the password configured does not match z Isolated connection error Fabric port connection error occurs...

Page 851: ...ID A M 1 000f e20f 5002 10 Left Right 1 A 2 000f e20f 5132 10 Left Right 1 A 3 000f e20f 5252 10 Left Right 1 A 4 000f cbb7 3264 5 Left Right 1 M 5 000f cbb7 2142 10 Left Right 1 A 6 000f e20f 8922 10 Left Right 1 A 7 000f cbb7 2260 10 Left Right 1 A 8 000f cbb7 2734 10 Left Right 1 A Table 1 2 display ftm topology database command output description Field Description UID Unit ID Priority Priority...

Page 852: ...st 1 Second 2 From the above example you can see the following z The name of the fabric is Sysname z The system operation mode is Layer 3 forwarding z The current device is 1 marked by z The name of the current device is First the name of a device can be configured by using the set unit name command z The other unit in the fabric is numbered 2 Display the fabric port of the current device Sysname ...

Page 853: ...ble the candidate switch to download software and discovery neighbors and thus be added to the fabric normally z If the candidate switch is going to download software from a unit in an XRN fabric you are recommended to set the ID of the unit to 1 to make the candidate switch download the software of correct version z Before configuring the XRN automatic fabric function make sure that the candidate...

Page 854: ... Left 1 A 5 000f cbb7 2142 10 Right 1 A 6 000f cbb7 3264 10 Left 1 A 7 000f cbb7 2260 10 Right 1 A 8 000f cbb7 2734 10 Left 1 A Save the unit IDs of all the units in an XRN fabric to the unit Flash memory Sysname fabric save unit id The unit ID will be saved to the device Are you sure Y N y Apr 2 02 13 44 413 2000 5500 FTM 3 DDPFLA 4 Save self unitid unit 4 sav ed UnitID 4 in flash Unit 1 saved un...

Page 855: ...ccessfully Unit 4 removed unit ID successfully Unit 5 removed unit ID successfully Unit 6 removed unit ID successfully Unit 7 removed unit ID successfully Unit 8 removed unit ID successfully Display the unit IDs of the current fabric Sysname display ftm topology database Total number of units in fabric 8 My Unit ID 1 UID CPU Mac Priority Fabric Port Board ID A M 1 000f e20f 5002 10 Right 1 A 2 000...

Page 856: ... the second group Only one group of ports can be configured as fabric ports at a time Given a group either GigabitEthernet 1 0 25 49 or GigabitEthernet 1 0 27 51 can be configured as the left fabric port and either GigabitEthernet 1 0 26 50 or GigabitEthernet 1 0 28 52 can be configured as the right fabric port z Establishing an XRN system requires a high consistency of the configuration of each d...

Page 857: ...mit XRN data among devices avoiding packets being sent to non fabric ports You need to specify the XRN fabric VLAN before the XRN fabric is established Because after the fabric is established the VLAN cannot be modified Examples Specify VLAN 2 of the switch as an XRN fabric VLAN Sysname system view System View return to User View with Ctrl Z Sysname ftm fabric vlan 2 xrn fabric authentication mode...

Page 858: ...ion mode simple hello port link type xrn fabric Syntax port link type xrn fabric View Ethernet port view Parameters None Description Use the port link type command to configure an Ethernet port as the fabric port This command has the same function with the fabric port enable command and is available only in gigabit port view By default no port is configured as the fabric port Note that After you u...

Page 859: ...sname reset ftm statistics set unit name Syntax set unit unit id name unit name View System view Parameters unit id Unit ID of a device unit name Name of the specified unit a string of 1 to 64 characters Description Use the set unit name command to set a name for a device Device name visually identifies a device by showing its location role in the fabric and connected networks thus facilitating co...

Page 860: ...o sysname command to restore the default fabric name Before a new device is added into a fabric make sure that the fabric name of the device and the fabric name of the devices in the fabric are consistent You can enable the XRN automatic fabric function by using the fabric member auto update software enable command to configure the device to synchronize the fabric name automatically By default the...

Page 861: ...p timer port delay 1 12 Cluster Configuration Commands 1 13 add member 1 13 administrator address 1 13 auto build 1 14 build 1 16 cluster 1 18 cluster enable 1 18 cluster switch to 1 19 cluster mac 1 20 cluster mac syn interval 1 21 delete member 1 22 display cluster 1 22 display cluster candidates 1 24 display cluster members 1 26 ftp cluster 1 28 ftp server 1 29 holdtime 1 29 ip pool 1 30 loggin...

Page 862: ...9 black list 1 39 display cluster base members 1 40 display cluster base topology 1 40 display cluster black list 1 41 display cluster current topology 1 42 display ntdp single device mac address 1 43 topology accept 1 45 topology restore from 1 46 topology save to 1 47 ...

Page 863: ...d operating information including the global NDP status the interval to send NDP packets the holdtime of NDP information and the NDP status and neighbor information on all ports If executed with the interface keyword the display ndp command will display the NDP status of the specified interfaces and the related information of the peer device If executed without the interface keyword the command wi...

Page 864: ... Timer Interval for the switch to send NDP packets which is configured through the ndp timer hello command Aging Timer Holdtime for neighbors to keep the NDP information of the switch which is configured through the ndp timer aging command Interface Port index used to identify a port Status NDP state on the port enabled disabled Pkts Snd Number of NDP packets sent by the port Pkts Rvd Number of ND...

Page 865: ...mand in system view without the interface keyword specified NDP will be enabled globally if you specify the interface keyword in the command NDP will be enabled on the specified ports In Ethernet port view the interface keyword is unavailable and execution of the command will enable NDP on the current port only By default NDP is enabled both globally and on ports Note that NDP can take effect on a...

Page 866: ... in instability of the NDP port neighbor table Examples Set the holdtime of the NDP information sent by the switch to 60 seconds Sysname system view System View return to User View with Ctrl Z Sysname ndp timer aging 60 ndp timer hello Syntax ndp timer hello timer in seconds undo ndp timer hello View System view Parameters timer in seconds Interval between sending NDP packets ranging from 5 to 254...

Page 867: ...he NDP statistics on specific ports When executing the command if you specify the interface keyword the command will clear NDP statistics on the specified ports if you do not specify the interface keyword the command will clear NDP statistics on all ports You can use the display ndp command to view the NDP statistics before and after the execution of the reset ndp statistics command to verify the ...

Page 868: ...le 1 2 Description on the fields of the display ntdp command Field Description NTDP is running NTDP is enabled globally on this device Hops Hop count for topology collection which is configured through the ntdp hop command Timer Interval to collect topology information which is configured through the ntdp timer command disable means this switch is not a management device and does not perform perio...

Page 869: ...ice list command Field Description MAC MAC address of a device collected by NTDP HOP Hops from this device to the collected device IP IP address and mask length of the management VLAN interface on the collected device PLATFORM Platform information about the collected device Display detailed device information collected by NTDP Sysname display ntdp device list verbose Hostname 5500 EI MAC 000f e20f...

Page 870: ...on Hostname System name of a device collected by NTDP MAC MAC address of the collected device Hop Hops from this device to the collected device Platform Software platform of the collected device IP IP address and mask length of the cluster management VLAN interface on the collected device Version Software version of the collected device Cluster The role of the collected device for the cluster Peer...

Page 871: ... 1 ntdp enable ntdp explore Syntax ntdp explore View User view Parameters None Description Use the ntdp explore command to manually start a topology collection process NTDP is able to periodically collect topology information In addition you can use this command to manually start a topology collection process at any moment If you do this NTDP collects NDP information from all devices in a specific...

Page 872: ...the range of topology collection by setting the maximum hops from the collecting device to the collected devices For example if you set the maximum hops to two the switch initiating the topology collection collects topology information from the switches within two hops Note that z The topology collection range set by this command is applicable to both the periodic and manual topology collection z ...

Page 873: ...t up the management switch will collect the topology information of the network at the topology collection interval you set and automatically add the candidate switches it discovers into the cluster z If you do not want the candidate switches to be automatically added into the cluster you can set the topology collection interval to zero and use the add member command to add the candidate switches ...

Page 874: ...on Use the ntdp timer port delay command to configure the topology request forwarding delay between two ports that is the interval at which the device forwards the topology requests through the NTDP enabled ports one after another Use the undo ntdp timer port delay command to restore the default port forwarding delay By default the port forwarding delay is 20 ms Network congestion may occur if lar...

Page 875: ...e to the cluster You can only use this command on the management device of a cluster If you do not specify the member number when adding a new cluster member the management device assigns the next available member number to the new member If you want to specify the member manually you need to specify a number that is never used by a member device of the cluster After you add a candidate device to ...

Page 876: ... device Setting the management device MAC address on a device can add the device to the cluster and enable the device to identify the management device even if it restarts You can add a device to a cluster using the administrator address command no matter whether the super password of the device is consistent with that of the management device Normally it is recommended to use the delete member co...

Page 877: ...ice the device cannot be added to the cluster z After a cluster is built automatically ACL 3998 and ACL 3999 will automatically generate a rule respectively to prohibit packets whose source and destination addresses are private IP addresses of the cluster from being sent to or received from the public network The two ACL rules will be automatically applied to all ports of the cluster members z Aft...

Page 878: ... 37 863 2000 aaa_0 Sysname CLST 5 LOG 1 Member 000f e200 2420 is joined in cluster aaa Apr 3 08 12 37 996 2000 aaa_0 Sysname CLST 5 LOG 1 Member 000f e202 2180 is joined in cluster aaa Apr 3 08 12 38 113 2000 aaa_0 Sysname CLST 5 LOG 1 Member 0016 e0c0 c201 is joined in cluster aaa Apr 3 08 12 38 139 2000 aaa_0 Sysname CLST 5 LOG 1 Member 000f e200 5104 is joined in cluster aaa Apr 3 08 12 38 367 ...

Page 879: ...ng functions are implemented as follows z When you create a cluster by using the build or auto build command UDP port 40000 is opened at the same time z When you remove a cluster by using the undo build or undo cluster enable command UDP port 40000 is closed at the same time On member devices the preceding functions are implemented as follows z When you execute the add member command on the manage...

Page 880: ...0 00 12 a9 90 22 40 role change NTDPIndex 0 00 00 00 00 00 12 a9 90 22 40 Role 1 aaa_0 Sysname cluster cluster Syntax cluster View System view Parameters None Description Use the cluster command to enter cluster view Examples Enter cluster view Sysname system view System View return to User View with Ctrl Z Sysname cluster Sysname cluster cluster enable Syntax cluster enable undo cluster enable Vi...

Page 881: ...Z Sysname cluster enable cluster switch to Syntax cluster switch to member number mac address H H H administrator View User view Parameters member number Member number of a member device ranging from 1 to 255 mac address H H H Specifies the MAC address of a member device administrator Switches back from the member device to the management device Description Use the cluster switch to command to swi...

Page 882: ...itching Examples Switch from the management device to number 6 member device and then switch back to the management device aaa_0 Sysname cluster switch to 6 aaa_6 Sysname quit aaa_0 Sysname cluster mac Syntax cluster mac H H H undo cluster mac View Cluster view Parameters H H H Multicast MAC address to be set for the cluster in hexadecimal format This argument can be one of the following addresses...

Page 883: ...ac syn interval command to set the interval for the management device to send HGMP V2 multicast MAC synchronization packets periodically You can only use this command on a management device By default this interval is one minute HGMPv2 multicast MAC synchronization packets are used for synchronizing the HGMPv2 multicast MAC address configuration configured through the cluster mac command between d...

Page 884: ...on Therefore to remove a device from a cluster permanently you can use the following methods z Use the delete member command with the to black list keyword specified to remove a device and add the device to the blacklist of the cluster z Before using the delete member command to remove a device from the cluster use the undo ndp enable and undo ntdp enable command to disable NDP and NTDP on the por...

Page 885: ...the cluster cluster status holdtime and interval to send handshake packets Executing this command on a device that does not belong to any cluster will display an error Examples Display cluster information on a management device aaa_0 Sysname cluster display cluster Cluster name aaa Role Administrator Management vlan 100 Handshake timer 10 sec Handshake hold time 60 sec IP Pool 20 1 1 1 24 cluster ...

Page 886: ...the management device display cluster candidates Syntax display cluster candidates mac address H H H verbose View Any view Parameters mac address H H H Specifies a candidate device by its MAC address H H H represents the MAC address verbose Displays detailed information about candidate devices Description Use the display cluster candidates command to display information about one specified or all ...

Page 887: ...idates command Field Description MAC MAC address of the candidate device Hop Hops from the management device to the candidate device IP IP address of the candidate device Platform Platform of the candidate device Display information about a specified candidate device aaa_0 Sysname cluster display cluster candidates mac address 000f e20f 3190 Hostname 5500 EI 3 MAC 000f e20f 3190 Hop 1 Platform 550...

Page 888: ...ormation about all the devices in a cluster Description Use the display cluster members command to display information about one specific or all devices in a cluster This command is only applicable to a management device Examples Display information about all devices in a cluster aaa_0 Sysname cluster display cluster members SN Device MAC Address Status Name 0 5500 EI 000f e20f 3901 Admin aaa_0 Sy...

Page 889: ...P 16 1 1 11 24 Version 3Com Corporation Switch 5500 EI Software Version 3Com OS V3 03 02s56e Copyright c 2004 2008 3Com Corporation and its licensors All rights reserved Switch 5500 EI Switch 5500 EI OS V3 03 02s56e Member number 2 Name aaa_2 Sysname Device 5500 MAC Address 000f e20f 3190 Member status Up Hops to administrator device 1 IP 16 1 1 1 24 Version 3Com Corporation Switch 5500 EI Softwar...

Page 890: ...evice You can use the ftp server command on the management device to configure the shared FTP server of the cluster which is used for software version update and configuration file backup of the cluster members Related commands ftp server For how to access other FTP servers using the ftp command refer to the FTP SFTP TFTP part of the manual Examples Connect to the FTP server shared by the cluster ...

Page 891: ...on the management device takes effect on the management device only and will not be applied to the member devices through the cluster management packets After the IP address of the shared FTP server is configured network address translation NAT is enabled on the management device immediately When a member device uses the ftp cluster command to access the shared FTP server the management device wil...

Page 892: ...evice receives NDP information form a member device within the holdtime the member device stays in the normal state and does not need to be added to the cluster again z Note that you need only execute the command on a management device which will advertise the holdtime value to all member devices in the cluster Examples Set the neighbor information holdtime of the cluster members to 30 seconds aaa...

Page 893: ... User View with Ctrl Z Sysname cluster Sysname cluster ip pool 10 200 0 1 20 logging host Syntax logging host ip address undo logging host View Cluster view Parameters ip address IP address of the device to be configured as the log host of a cluster Description Use the logging host command to configure a shared log host for a cluster on the management device Use the undo logging host command to re...

Page 894: ...at already joins a cluster If you want to change the management VLAN on a device where a cluster has already been created you must first remove the cluster configuration on the device then re specify a VLAN as the management VLAN and finally re created the cluster z The management VLAN of a cluster defaults to VLAN 1 To isolate cluster management packets from other packets to improve the cluster i...

Page 895: ...Syntax reboot member member number mac address H H H eraseflash View Cluster view Parameters member number Member number of a member device ranging from 1 to 255 mac address H H H Specifies the MAC address of the member device to be rebooted eraseflash Deletes the configuration file of the member device when the member device reboots Description Use the reboot member command to reboot a specified ...

Page 896: ...e shared SNMP NMS setting By default no shared SNMP NMS is configured After setting the IP address of an SNMP NMS for the cluster the member devices in the cluster can send trap messages to the SNMP NMS through the management device Note that you can only use the commands on a management device For how to configure a switch to send trap messages to the SNMP NMS refer to Information Center Operatio...

Page 897: ...ights and directory configuration refer to the user guide of the TFTP server software Related commands tftp put tftp server z You need to specify the cluster keyword completely in the command z For description of other parameters of the tftp command refer to the FTP SFTP TFTP part of the manual Examples Download file LANSwitch app from the shared TFTP server of the cluster to the switch and save i...

Page 898: ...p address undo tftp server View Cluster view Parameters ip address IP address of a TFTP server to be configured for the cluster Description Use the tftp server command to configure a shared TFTP server for the cluster on the management device Use the undo tftp server command to remove the shared TFTP server setting By default no shared TFTP server is configured After the IP address of the shared T...

Page 899: ...val By default the interval between sending handshake packets is 10 seconds In a cluster the management device keeps connections with the member devices through handshake packets Through the periodic handshaking between the management and member devices the management device monitors the member status and link status Note that you need only execute the command on a management device which will adv...

Page 900: ...ponding ARP entry but the corresponding MAC address of the IP address does not exist in the MAC address table the trace of the device fails z To trace a specific device using the tracemac command make sure that all the devices passed support the tracemac function z To trace a specific device in a management VLAN using the tracemac command make sure that all the devices passed are within the same m...

Page 901: ...t so that all devices or the device with the specified MAC address can join the cluster By default no MAC address is added to the cluster blacklist You can only use this command on the cluster administrative device If the device to be added to the blacklist is a member of the cluster the execution of the black list add mac command will remove the device from the cluster and then add it to the clus...

Page 902: ...uster base members SN Device MAC Adress Status 0 aaa_0 Sysname 000f e200 30a0 UP 1 aaa_1 5500 EI 000f e200 86e4 UP Table 1 10 Description on the fields of display cluster base members Field Description SN Device number in the cluster Device Device name MAC Address Device MAC address Status Device status Up The member is connected Down The member is disconnected display cluster base topology Syntax...

Page 903: ...se topology PeerPort ConnectFlag NativePort SysName DeviceMac aaa_0 3Com 000f e202 2180 P_0 40 P_0 6 Sysname 000f e200 2200 P_0 28 P_3 0 1 Sysname 000f e200 1774 P_0 22 P_1 0 2 aaa_5 3Com 000f e200 5111 P_0 18 P_3 0 2 Sysname S3600 000f e218 d0d0 P_0 14 P_1 0 2 Sysname 000f e200 5601 P_0 4 P_0 2 Switch 5500 EI 28 Port 000f e200 00cc The output information of the display cluster base topology comma...

Page 904: ... display cluster current topology Syntax display cluster current topology mac address mac address1 to mac address mac address2 member id member id1 to member id member id2 View Any view Parameters mac address mac address1 Displays the topology structure three layers above or below the node specified by the MAC address If to mac address is specified mac address1 is the start point of the route in t...

Page 905: ...topology of the current cluster aaa_0 Sysname display cluster current topology PeerPort ConnectFlag NativePort SysName DeviceMac ConnectFlag normal connect odd connect in blacklist lost device new device STP discarding aaa_0 Sysname 000f e202 2180 P_0 40 P_0 6 Sysname 000f e200 2200 P_0 28 P_3 0 1 Sysname 000f e200 1774 P_0 24 P_1 0 6 clie 000f e200 5502 P_0 22 P_1 0 2 aaa_5 3Com 000f e200 5111 P_...

Page 906: ...gle device mac address 000f e200 3956 Hostname 3Com MAC 000f e200 3956 Hop 0 Platform Switch 5500 EI IP Version 3Com Corporation Switch 5500 EI Software Version 3Com OS V3 03 02s56e Copyright c 2004 2008 3Com Corporation and its licensors All rights reserved Switch 5500 EI 28 Port Switch 5500 EI V3 03 02s56e Cluster Candidate switch Peer MAC Peer Port ID Native Port ID Speed Duplex 000f e239 1333 ...

Page 907: ...c address mac address Accepts adding the device with the specified MAC address to the standard topology of the cluster member id member id Accepts adding the device with the specified member ID to the standard topology of the cluster administrator Accepts adding the administrative device to the standard topology of the cluster Description Use the topology accept command to accept the topology of t...

Page 908: ...lash View Cluster view Parameters local flash Restores the standard topology of the cluster from the local Flash memory Description Use the topology restore from command to restore the standard topology of the cluster from the Flash memory of the administrative device when errors occur to the topology and advertise the topology to the member devices of the cluster to ensure normal operation of the...

Page 909: ... topology is topology top Do not modify the file name This command is applicable to only the management device of a cluster Related commands topology restore from Examples Enter Cluster view aaa_0 Sysname system view System View return to User View with Ctrl Z aaa_0 Sysname cluster aaa_0 Sysname cluster Save the standard topology of the cluster to the local Flash aaa_0 Sysname cluster topology sav...

Page 910: ...mp agent local engineid 1 16 snmp agent log 1 16 snmp agent mib view 1 17 snmp agent packet max size 1 19 snmp agent sys info 1 19 snmp agent target host 1 21 snmp agent trap enable 1 22 snmp agent trap ifmib 1 23 snmp agent trap life 1 24 snmp agent trap queue size 1 24 snmp agent trap source 1 25 snmp agent usm user v1 v2c 1 26 snmp agent usm user v3 1 27 2 RMON Configuration Commands 2 1 RMON C...

Page 911: ... an SNMP agent By default each device has a default engine ID You should ensure that each engine ID is unique within an SNMP domain The creation of username and generation of cipher text password are related to engine ID in SNMPv3 If you change an engine ID the username and password configured on the agent with this engine ID become invalid You can use the snmp agent local engineid command to conf...

Page 912: ...SNMP Agent disabled To display the current configuration username information of SNMPv3 use the display snmp agent usm user command Examples Display the information about all the existing SNMPv1 SNMPv2c communities Sysname display snmp agent community Community name public Group name public Storage type nonVolatile Community name private Group name private Storage type nonVolatile Table 1 1 displa...

Page 913: ...y the information about an SNMP group including group name security mode related views and storage mode A group is used to define security mode and related views Users in the same group have the common attributes Security mode falls into three types authPriv authentication with privacy authNoPriv authentication without privacy noAuthNoPriv no authentication no privacy Related views include read MI...

Page 914: ...ted z permanent Modification is permitted but deletion is forbidden z readOnly Read only that is no modification no deletion z other Other storage types display snmp agent mib view Syntax display snmp agent mib view exclude include viewname view name View Any view Parameters exclude Specifies the SNMP MIB views that are of the excluded type Include Specifies the SNMP MIB views that are of the incl...

Page 915: ...nVolatile View Type excluded View status active The above output information indicates that MIB view ViewDefault includes all MIB objects under the ISO MIB subtree except snmpUsmMIB snmpVacmMIB and snmpModules 18 display snmp agent statistics Syntax display snmp agent statistics View Any view Parameters None Description Use the display snmp agent statistics command to display the statistics on SNM...

Page 916: ...statistics command output description Field Description Messages delivered to the SNMP entity The total number of messages delivered to the SNMP entity from the transport service Messages which were for an unsupported version The total number of SNMP messages delivered to the SNMP protocol entity and were for an unsupported SNMP version Messages which used a SNMP community name not known The total...

Page 917: ... Request PDUs which have been accepted and processed by the SNMP protocol entity GetNextRequest PDU accepted and processed The total number of SNMP Get Next PDUs which have been accepted and processed by the SNMP protocol entity GetBulkRequest PDU accepted and processed The total number of SNMP Get Bulk PDUs which have been accepted and processed by the SNMP protocol entity GetResponse PDU accepte...

Page 918: ...SNMP running in the system Description Use the display snmp agent sys info command to display the system SNMP information about the current device including contact information geographical location of the device and the employed SNMP version This command displays all the system SNMP information if you execute it with no keyword specified The display snmp agent sys info command displays the relate...

Page 919: ...unction is enabled on the modules Sysname display snmp agent trap list configuration trap enable flash trap enable ospf trap enable standard trap enable system trap enable vrrp trap enable Enable traps 6 Disable traps 0 In the above output information enable indicates that traps are allowed to be generated on the module and disable indicates that traps are not allowed to be generated on the module...

Page 920: ...and SNMP agent can be ensured by configuring whether to perform authentication and privacy or not You can configure whether to perform authentication and privacy when you create an SNMPv3 group and configure the specific algorithms and passwords for authentication and privacy when you create a user Examples Display the information about all the SNMP users Sysname display snmp agent usm user User n...

Page 921: ...erate port interface linkUp linkDown traps when the state of the port interface changes To enable this function on a port interface use the enable snmp trap updown command to enable this function globally use the snmp agent trap enable standard linkdown linkup command By default both are enabled Examples Enable the port Ethernet 1 0 1 to send linkUp linkDown SNMP traps to the NMS whose IP address ...

Page 922: ...he SNMP agent closes UDP ports used by SNMP agents and SNMP trap as well snmp agent calculate password Syntax snmp agent calculate password plain password mode md5 sha local engineid specified engineid engineid View System view Parameters plain password The plain text password to be encrypted in the range 1 to 64 characters mode Specifies the authentication algorithm used to encrypt a plain text p...

Page 923: ... agent calculate password aaaa mode md5 local engineid The result of the password is B02A2E48346E2CBFFCE809C99CF1F6C snmp agent community Syntax snmp agent community read write community name acl acl number mib view view name undo snmp agent community community name View System view Parameters read Specifies that the community to be created has read only permission to MIB objects Communities of th...

Page 924: ... read write permission to MIB objects Sysname snmp agent community write mgr Remove the community named comaccess Sysname undo snmp agent community comaccess snmp agent group Syntax 1 Version 1 and version 2c snmp agent group v1 v2c group name read view read view write view write view notify view notify view acl acl number undo snmp agent group v1 v2c group name 2 Version 3 snmp agent group v3 gro...

Page 925: ...P groups created using the snmp agent group v3 command do not authenticate or encrypt packets Related commands snmp agent mib view snmp agent usm user Examples Create an SNMPv1 group named v1group Sysname system view System View return to User View with Ctrl Z Sysname snmp agent group v1 v1group Create an SNMPv3 group v3group set the security mode to no authentication no privacy and set the read v...

Page 926: ... an SNMP entity is formed by appending the device information to the enterprise number The device information can be determined according to the device which can be an IP address a MAC address or a user defined string comprising of hexadecimal digits The configurations with the snmp agent usm user v3 and snmp agent calculate password commands are related to engine ID If you modify the engine ID th...

Page 927: ...of the information center set the output destinations of SNMP logs will be decided z The severity level of SNMP logs is informational that is the logs are taken as general prompt information of the device To view SNMP logs you need to enable the information center to output system information with informational level z For detailed description on system information and information center refer to ...

Page 928: ...must be the same as the sub OID at the corresponding position of the MIB subtree OID 0 indicates fuzzy matching meaning the OID of the node to be accessed is not necessarily the same as the sub OID at the corresponding position of the MIB subtree OID Note the following when defining a MIB view with a mask z If the bit number of a mask value is more than the number of sub OIDs of the MIB subtree OI...

Page 929: ... from 484 to 17 940 Description Use the snmp agent packet max size command to set the maximum SNMP packet size allowed by an agent Use undo snmp agent packet max size command to restore the default maximum SNMP packet size The configuration of the maximum SNMP packet size is to prevent giant packets being discarded due to existence of devices not supporting fragmentation on a routing path Typicall...

Page 930: ...rer according to the system information The SNMP versions of the device and the NMS must be consistent otherwise data exchange cannot be completed The device processes the SNMP messages of the corresponding SNMP version when the SNMP version is enabled on the device If only SNMPv1 is enabled while the device receives SNMPv2c messages the messages will be discarded if only SNMPv2c is enabled the de...

Page 931: ...nticate the packets without encryption privacy Configures to authenticate and encrypt the packets Description Use snmp agent target host command to set a destination host to receive the SNMP traps generated by the local device Use undo snmp agent target host command to cancel the current setting You can configure multiple destination hosts to receive traps with the command as needed To enable a de...

Page 932: ... cases of authentication failures coldstart Specifies to send SNMP cold start traps when the device is rebooted linkdown Specifies to send SNMP linkDown traps when a port becomes down linkup Specifies to send SNMP linkUp traps when a port becomes up warmstart Specifies to send SNMP warm start traps when SNMP is newly launched system Specifies to send SYS MAN MIB proprietary MIB traps vrrp authfail...

Page 933: ... link is down Apr 2 05 53 15 883 2000 3Com L2INF 2 PORT LINK STATUS CHANGE 1 Trap 1 3 6 1 6 3 1 1 5 3 linkDown portIndex is 4227634 ifAdminStatus is 2 ifOperStatus is 2 Apr 2 05 53 16 094 2000 3Com IFNET 5 TRAP 1 1 3 6 1 6 3 1 1 5 3 linkDown Interface 31 is Down Configure the extended linkUp linkDown trap format to make traps include the interface description and interface type information Sysname...

Page 934: ...SNMP trap queue Related commands snmp agent trap enable snmp agent target host Examples Set the SNMP trap aging time to 60 seconds Sysname system view System View return to User View with Ctrl Z Sysname snmp agent trap life 60 snmp agent trap queue size Syntax snmp agent trap queue size size undo snmp agent trap queue size View System view Parameters size The maximum number of traps that can be st...

Page 935: ...of this interface Description Use the snmp agent trap source command to configure the source address for the SNMP traps sent Use the undo snmp agent trap source command to cancel the configuration By default the outbound interface is determined by SNMP and the IP address of this interface is used as the source IP address of the traps After the command is executed the system uses the primary IP add...

Page 936: ...gent usm user v1 v2c command to add a user to an SNMP group Use the undo snmp agent usm user v1 v2c command to remove a user from an SNMP group This command is applicable to SNMPv1 and SNMPv2c and is equal to using the snmp agent community command to create a community As the SNMP protocol defines in the networking of SNMPv1 and SNMPv2c community name is used for authentication between NMS and age...

Page 937: ...r undo snmp agent usm user v3 user name group name local engineid engineid string View System view Parameters user name Username a string of 1 to 32 characters group name Name of the group corresponding to the user a string of 1 to 32 characters cipher Specifies the authentication password auth password or encryption password priv password to be in cipher text The cipher text password can be calcu...

Page 938: ...the original engine ID becomes invalid Note that z If the password is in cipher text the pri password argument can be obtained by the snmp agent calculate password command To make the calculated cipher text password applicable to the snmp agent usm user v3 cipher command ensure that the same authentication algorithm is specified for the two commands and the local engine ID specified in the snmp ag...

Page 939: ... authentication and privacy passwords should be in cipher text Set the security mode to authentication with privacy the authentication algorithm to md5 the privacy algorithm to des56 the authentication password to authkey and the cipher text privacy password to prikey Sysname system view Sysname snmp agent group v3 testgroup privacy Sysname snmp agent calculate password authkey mode md5 local engi...

Page 940: ... last sampled value Related commands rmon alarm Examples Display the configuration of all the alarm entries Sysname display rmon alarm Alarm table 1 owned by user1 is VALID Samples type absolute Variable formula 1 3 6 1 2 1 16 1 1 1 4 1 etherStatsOctets 1 Sampling interval 20 sec Rising threshold 100 linked with event 1 Falling threshold 10 linked with event 2 When startup enables risingOrFallingA...

Page 941: ...arm is triggered when the falling threshold is reached Latest value The value of the latest sample display rmon event Syntax display rmon event event entry View Any view Parameters event entry RMON event entry index in the range 1 to 65535 If you do not specify the event entry argument the configuration of all the RMON event entries is displayed Description Use the display rmon event command to di...

Page 942: ...displayed Description Use the display rmon eventlog command to display the log of an RMON event On creating an RMON event you can configure to record the event information into the logbuffer when an event is triggered thus facilitating displaying of the information The recorded information includes z RMON event entry Index z Current RMON event entry status z The time in seconds when an event log i...

Page 943: ...0 The sampling type is absolute display rmon history Syntax display rmon history interface type interface number unit unit number View Any view Parameters interface type Interface type interface number Interface number unit unit number Specifies a unit number Description Use the display rmon history command to display the RMON history information about a specified port The information about the la...

Page 944: ...stem collects statistics of the port at this interval buckets Number of the records in the history control table Latest sampled values Latest sampled values dropevents Number of the packet dropping events octets Number of the received transmitted bytes during sampling duration packets Number of the received transmitted packets during sampling duration broadcastpackets Number of the broadcast packe...

Page 945: ...type absolute Variable formula 1 3 6 1 2 1 16 1 1 1 4 1 100 Description Sampling interval 10 sec Rising threshold 10000 linked with event 1 Falling threshold 2000 linked with event 1 When startup enables risingOrFallingAlarm This entry will exist forever Latest value 0 Table 2 5 display rmon prialarm command output description Field Description Prialarm table Index of an entry in the extended alar...

Page 946: ...isplay rmon statistics interface type interface number unit unit number View Any view Parameters interface type Interface type interface number Interface number unit unit number Specifies a unit number Description Use the display rmon statistics command to display the RMON statistics on a specified port or a specified unit If you do not specify the port or the unit this command displays the RMON s...

Page 947: ...ets received etherStatsBroadcastPkts Number of broadcast packets received etherStatsMulticastPkts Number of multicast packets received etherStatsUndersizePkts Number of undersize packets received etherStatsOversizePkts Number of oversize packets received etherStatsFragments Number of undersize packets received with CRC errors etherStatsJabbers Number of oversize packets received with CRC errors et...

Page 948: ...f 1 to 127 characters Description Use the rmon alarm command to add an alarm entry to the alarm table If you do not specify the owner text keyword argument combination the owner of the entry is displayed as null Use the undo rmon alarm command to remove an alarm entry from the alarm table You can use the rmon alarm command to define an alarm entry so that a specific alarm event can be triggered un...

Page 949: ...nt identifies event 1 z Lower threshold 5 z The event entry2 argument identifies event 2 z Owner user1 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 rmon statistics 1 Sysname Ethernet1 0 1 quit Sysname rmon event 1 log Sysname rmon event 2 none Sysname rmon alarm 1 1 3 6 1 2 1 16 1 1 1 4 1 10 absolute rising_threshold 50 1 fa...

Page 950: ...ntry to an event table you need to specify the event index You need also to specify the corresponding actions including logging the event sending traps to the NMS and the both for the network device to perform corresponding operation when an alarm referencing the event is triggered Examples Add the event entry numbered 10 to the event table and configure it to be a log event Sysname system view Sy...

Page 951: ... history control entry numbered 15 Sysname Ethernet1 0 1 undo rmon history 15 rmon prialarm Syntax rmon prialarm entry number prialarm formula prialarm des sampling timer delta absolute changeratio rising_threshold threshold value1 event entry1 falling_threshold threshold value2 event entry2 entrytype forever cycle cycle period owner text undo rmon prialarm entry number View System view Parameters...

Page 952: ... event command z You can define up to 50 extended alarm entries With an extended alarm entry defined in an extended alarm group the device performs the following operations accordingly z Sampling the alarm variables referenced in the defined extended alarm expression prialarm formula once in each period specified by the sampling timer argument z Performing operations on the sampled values accordin...

Page 953: ... statistics Syntax rmon statistics entry number owner text undo rmon statistics entry number View Ethernet port view Parameters entry number Statistics entry Index in the range 1 to 65535 owner text Specifies the owner of the entry a string of 1 to 127 characters Description Use the rmon statistics command to add an entry to the statistics table If you do not specify the owner text keyword argumen...

Page 954: ...stics entry with a different index for the port You can use the display rmon statistics command to display the information about the statistics entry Examples Add the statistics entry numbered 20 to take statistics of Ethernet 1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 rmon statistics 20 ...

Page 955: ...P Helper Configuration Commands 1 1 UDP Helper Configuration Commands 1 1 display udp helper server 1 1 reset udp helper packet 1 1 udp helper enable 1 2 udp helper port 1 2 udp helper server 1 4 udp helper ttl keep enable 1 4 ...

Page 956: ...ecified VLAN interface is displayed Examples Display the UDP broadcast relay forwarding information on VLAN interface 1 Sysname display udp helper server interface Vlan interface 1 Interface name Server address Packets sent Vlan interface1 192 1 1 2 0 The information above shows that the IP address of the destination server corresponding to VLAN interface 1 is 192 1 1 2 and no packets have been fo...

Page 957: ...e destination server Use the undo udp helper enable command to disable UDP Helper function By default UDP Helper is disabled Note that On an S5500 EI Series Ethernet Switch the reception of directed broadcast packets to a directly connected network is disabled by default As a result UDP Helper is available only when the ip forward broadcast command is configured in system view For details about th...

Page 958: ...P port numbers 53 138 137 49 69 and 37 Note that z You need to enable the UDP Helper function before specifying any UDP port otherwise the system prompts error information When the UDP helper function is disabled all configured UDP ports are disabled including the default ports z The relaying of BOOTP DHCP broadcast packets is implemented through the DHCP relay agent function using UDP port 67 and...

Page 959: ... helper server command without specifying the ip address argument removes all the destination servers configured on the current interface z You can specify up to 20 destination server IP addresses on a VLAN interface Related commands display udp helper server Examples Specify the destination server at 192 1 1 2 for VLAN interface 1 Sysname system view System View return to User View with Ctrl Z Sy...

Page 960: ...e by one Use the undo udp helper ttl keep enable command to restore the default By default the UDP Helper TTL keep function is disabled Note that you need to enable UDP Helper before enabling the TTL keep function otherwise the TTL keep function does not take effect Examples Enable the UDP Helper TTL keep function on the switch Sysname system view System View return to User View with Ctrl Z Sysnam...

Page 961: ... authentication enable 1 6 ntp service authentication keyid 1 7 ntp service broadcast client 1 7 ntp service broadcast server 1 8 ntp service in interface disable 1 8 ntp service max dynamic sessions 1 9 ntp service multicast client 1 10 ntp service multicast server 1 10 ntp service reliable authentication keyid 1 11 ntp service source interface 1 12 ntp service unicast peer 1 12 ntp service unica...

Page 962: ...nt and ntp service multicast server commands enables the NTP feature and opens UDP port 123 at the same time z Execution of the undo form of one of the above six commands disables all implementation modes of the NTP feature and closes UDP port 123 at the same time NTP Configuration Commands display ntp service sessions Syntax display ntp service sessions verbose View Any view Parameters verbose Di...

Page 963: ...lock is the clock of another switch on the network the value of this field will be the IP address of that switch stra Stratum of the clock of the synchronization source reach Reachability count of the clock source 0 indicates that the clock source is unreachable poll Polling interval in seconds that is the maximum interval between two successive packets now Time elapsing since the last NTP packet ...

Page 964: ...NTP services Examples View the status of the NTP service of the local switch Sysname display ntp service status Clock status synchronized Clock stratum 4 Reference clock ID 1 1 1 11 Nominal frequency 100 0000 Hz Actual frequency 100 0000 Hz Clock precision 2 18 Clock offset 0 8174 ms Root delay 37 86 ms Root dispersion 45 98 ms Peer dispersion 35 78 ms Reference time 16 30 46 078 UTC Mar 29 2007 C...

Page 965: ... dispersion of the remote NTP server in milliseconds Reference time Reference timestamp display ntp service trace Syntax display ntp service trace View Any view Parameters None Description Use the display ntp service trace command to display the brief information of each NTP time server along the time synchronization chain from the local switch to the reference clock source Examples View the brief...

Page 966: ...lled control query refers to query of state of the NTP service including alarm information authentication status clock source information and so on synchronization Synchronization right This level of right permits the peer device to synchronize its clock to the local switch but does not permit the peer device to perform control query server Server right This level of right permits the peer device ...

Page 967: ...peer 2076 Configure the access right from the remote device in ACL 2028 to the local NTP server as server Sysname system view System View return to User View with Ctrl Z Sysname ntp service access server 2028 ntp service authentication enable Syntax ntp service authentication enable undo ntp service authentication enable View System view Parameters None Description Use the ntp service authenticati...

Page 968: ...the Message Digest 5 MD5 algorithm After configuring the NTP authentication key you need to use the ntp service reliable authentication keyid command to specify the authentication key as a trusted key Related commands ntp service reliable authentication keyid Examples Configure an MD5 authentication key with the key ID being 10 and the key being abc Sysname system view System View return to User V...

Page 969: ...nfigure authentication keyid key id if authentication is not required version number Specifies the NTP version number The number argument ranges from 1 to 3 and defaults to 3 Description Use the ntp service broadcast server command to configure an Ethernet switch to operate in the NTP broadcast server mode and send NTP broadcast packets through the current interface Use the undo ntp service broadc...

Page 970: ...essions Syntax ntp service max dynamic sessions number undo ntp service max dynamic sessions View System view Parameters number Maximum number of the dynamic NTP sessions that can be established locally This argument ranges from 0 to 100 Description Use the ntp service max dynamic sessions command to set the maximum number of dynamic NTP sessions that can be established locally Use the undo ntp se...

Page 971: ...h the multicast IP address being 224 0 1 2 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 ntp service multicast client 224 0 1 2 ntp service multicast server Syntax ntp service multicast server ip address authentication keyid key id ttl ttl number version number undo ntp service multicast server ip address View VLAN interf...

Page 972: ... ntp service reliable authentication keyid key id undo ntp service reliable authentication keyid key id View System view Parameters key id Authentication key ID in the range of 1 to 4294967295 Description Use the ntp service reliable authentication keyid command to specify an authentication key as a trusted key Use the undo ntp service reliable authentication keyid command to remove the configurat...

Page 973: ...is way the IP address of the interface is the source IP address of all NTP packets sent by the local device Examples Specify the source IP addresses of all sent NTP packets as the IP address of VLAN interface 1 Sysname system view System View return to User View with Ctrl Z Sysname ntp service source interface Vlan interface 1 ntp service unicast peer Syntax ntp service unicast peer remote ip peer...

Page 974: ...e the clock of local Ethernet switch and that of the remote device can be synchronized to each other Examples Configure the local switch to obtain time information from the peer with the IP address 128 108 22 44 and also to provide time information to the peer Set the NTP version number to 3 The source IP address of NTP packets is the IP address of Vlan interface 1 Sysname system view System View ...

Page 975: ...escription Use the ntp service unicast server command to configure an Ethernet switch to operate in the NTP client mode Use the undo ntp service unicast server command to remove the configuration By default no NTP operate mode is configured The remote server specified by remote ip or server name serves as the NTP server and the local switch serves as the NTP client The clock of the NTP client will...

Page 976: ...ort dsa 1 15 public key peer 1 17 public key peer import sshkey 1 18 public key code begin 1 19 public key code end 1 20 rsa local key pair create 1 21 rsa local key pair destroy 1 22 rsa peer public key 1 23 rsa peer public key import sshkey 1 24 ssh authentication type default 1 25 ssh client assign 1 26 ssh client first time enable 1 27 ssh server authentication retries 1 28 ssh server compatib...

Page 977: ...y pair rsa Displays the public keys of the current switch s RSA key pairs Description Use the display public key local command to display the public key information of the current switch s key pairs The displayed local public key can be configured as the public key on the remote peer for authentication Related commands public key local create Examples Display the public key part of the current swi...

Page 978: ...4013082011F02818100D757262C4584C44C211F18BD96E5F061C4F0A4 23F7FE6B6B85B34CEF72CE14A0D3A5222FE08CECE65BE6C265854889DC1EDBD13EC8B274DA9F75BA26CCB987 723602787E922BA84421F22C3C89CB9B06FD60FE01941DDD77FE6B12893DA76EEBC1D128D97F0678D7722B53 41C8506F358214B16A2FAC4B368950387811C7DA33021500C773218C737EC8EE993B4F2DED30F48EDACE915F 0281810082269009E14EC474BAF2932E69D3B1F18517AD9594184CCDFCEAE96EC4D5EF93133...

Page 979: ...ly generated key pair may have 1024 or 1023 bits You can configure an SSH peer s public key on the current switch by using the public key peer command or the public key peer import sshkey command Related commands public key peer public key peer import sshkey Examples Display brief information about all peer public keys Sysname display public key peer brief Type Module Name RSA 1023 idrsa DSA 1024 ...

Page 980: ...ic keys of the current switch s RSA key pairs Sysname display rsa local key pair public Time of Key pair created 20 08 35 2000 04 02 Key name Sysname_Host Key type RSA encryption Key Key code 3047 0240 DE99B540 87B666B9 69C948CD BBCC2B60 997F9C18 9AA6651C 6066EF76 242DEAD1 DEFEA162 61677BD4 1A7BFAE7 668EDAA9 FB048C37 A0F1354D 5798C202 2253F4F5 0203 010001 Time of Key pair created 20 08 46 2000 04 ...

Page 981: ...t the public keys of all SSH peers keyname Specifies a key by its name which is a string of 1 to 64 characters Description Use the display rsa peer public key command to display information about the locally saved public keys of all SSH peers If no key name is specified the command displays detailed information about the locally saved public keys of all SSH peers The display rsa peer public key co...

Page 982: ...1394276CE5AAF5AF01DA8B0F33E0 8335E0C3820911B90BF4D19085CADCE0B50611B9F6696D31930203010001 display ssh server Syntax display ssh server session status View Any view Parameters session Displays SSH session information status Displays SSH status information Description Use the display ssh server command on an SSH server to display information about SSH status or about sessions of active connections w...

Page 983: ...nts Sysname display ssh server session Conn Ver Encry State Retry SerType Username VTY 0 2 0 AES started 0 stelnet kk VTY 1 2 0 AES started 0 sFTP abc Table 1 1 Description on the fields of the display ssh server session command Field Description Conn Number of VTY interface used for user login Ver SSH version Encry Encryption algorithm used by SSH State Session status Retry Number of connection r...

Page 984: ...s It cannot contain any of these characters slash backslash colon asterisk question mark less than sign greater than sign and the vertical bar sign In addition the sign can appear up to once the username part that is the string before the sign cannot be more than 55 characters and the domain name part cannot be more than 128 characters Description Use the display ssh user information command on an...

Page 985: ...y test sftp display ssh2 source ip Syntax display ssh2 source ip View Any view Parameters None Description Use the display ssh2 source ip command to display the current source IP address or the IP address of the source interface specified for the SSH client If neither source IP address nor source interface is specified the command displays 0 0 0 0 Related commands ssh2 source ip Examples Display t...

Page 986: ...ied is 192 168 1 1 peer public key end Syntax peer public key end View Public key view Parameters None Description Use the peer public key end command to return from public key view to system view Related commands rsa peer public key public key code begin public key peer Examples Exit public key view Sysname system view System View return to User View with Ctrl Z Sysname rsa peer public key Switch...

Page 987: ... interface by using the authentication mode scheme command z For a user interface if you have executed the authentication mode password or authentication mode none command the protocol inbound ssh command cannot be executed if you have executed the protocol inbound ssh command neither of the authentication mode password and authentication mode none commands can be executed Examples Configure vty0 ...

Page 988: ...amples Create local RSA key pairs Sysname system view System View return to User View with Ctrl Z Sysname public key local create rsa The range of public key size is 512 2048 NOTES If the key modulus is greater than 512 It will take a few minutes Input the bits in the modulus default 1024 Generating keys Display the public key information of the local RSA key pairs Sysname display public key local...

Page 989: ...mation of the local DSA key pair Sysname display public key local dsa public Time of Key pair created 03 17 33 2000 04 06 Key name Key type DSA encryption Key Key code 3081F03081A806072A8648CE38040130819C0241008DF2A494492276AA3D25759BB06869CBEAC0D83AFB8D0C F7CBB8324F0D7882E5D0762FC5B7210EAFC2E9ADAC32AB7AAC49693DFBF83724C2EC0736EE31C80291021500 C773218C737EC8EE993B4F2DED30F48EDACE915F0240626D027839...

Page 990: ...troy these keys Y N y public key local export rsa Syntax public key local export rsa openssh ssh1 ssh2 filename View System view Parameters rsa Specifies the host public key of the current switch s RSA key pair openssh Specifies the format of the exported public key as OpenSSH ssh1 Specifies the format of the exported public key as SSH1 ssh2 Specifies the format of the exported public key as SSH2 ...

Page 991: ...s Input the bits in the modulus default 1024 Generating keys Display the host public key in the OpenSSH format Sysname public key local export rsa openssh ssh rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgMSPi xIkHkAo6E9LwLKWN eN9EqW 6FIYEIlVKcpIa0 6IT4eSyq4OldeiZ9WorOiDqX3ROo4FmaTR QCSK3C9whE1qz 4soVL1eHDdgzQCumKKsJCVaM5OdZ2sdNbEnhLuc s8ZrfTgEkDB1hmbgzuDpWPokPfkQDD 8dC hkFVV rsa key Export the host public key...

Page 992: ... the SSH2 format use the public key local export dsa ssh2 filename command z The host public key displayed on the screen is in a format that is not transformed and cannot be used as the public key data for public key configuration Related commands public key local create Examples Generate a DSA key pair Sysname system view Sysname public key local create dsa The range of public key size is 512 204...

Page 993: ...ame of the public key a string of 1 to 64 characters Description Use the public key peer command to enter public key view Use the undo public key peer command to delete the configuration of peer public key After configuring this command you enter public key view You can use this command together with the public key code begin command to configure the peer public key This public key configuration m...

Page 994: ...ssue this command the system will automatically identify the format of the public key transforms the public key into the PKCS format and saves the public key locally This public key configuration method requires that the public key file be uploaded to the current switch through FTP or TFTP Examples Configure the devices so that an SSH connection can be set up between the SSH server and an SSH clie...

Page 995: ...view and use the public key code begin command to enter the public key edit view Then you can input the key by pasting the copied characters or pressing the keys on the keyboard It must be a hexadecimal string that has been encoded complying with PKCS Spaces and carriage returns are allowed between characters Related commands rsa peer public key public key peer public key code end Examples Enter p...

Page 996: ...rded z If the key is valid it is saved in the local public key list Related commands rsa peer public key public key peer public key code begin Examples Exit public key edit view and save the public key you input Sysname system view System View return to User View with Ctrl Z Sysname rsa peer public key Switch003 RSA public key view return to System View with peer public key end Sysname rsa public ...

Page 997: ... pair public command displays two public keys the host public key and server public key when the switch is working in SSH1 compatible mode but only one public key the host public key when the switch is working in SSH2 mode Related commands rsa local key pair destroy display rsa local key pair public Examples Generate local RSA key pairs Sysname system view System View return to User View with Ctrl...

Page 998: ...rver Key type RSA encryption Key Key code 3067 0260 C9BEF5C8 1AF3E457 AD007039 DDB21785 28B0204F A9ED61A6 AD381860 9491B700 0286568F 4CAF27B1 1B17B1A2 0D516E74 8DAFA6C1 0F71624B B8BE6FB2 F550E7B9 BABD5B34 7D3E85C2 126B59DC 93BB4EA5 6A147737 E9CE41EB 1B31171C 142902AF 0203 010001 rsa local key pair destroy Syntax rsa local key pair destroy View System view Parameters None Description Use the rsa lo...

Page 999: ...ommand to enter public key view Use the undo rsa peer public key command to remove the setting After using this command you can use the public key code begin command to configure the peer public key This public key configuration method requires that you obtain the peer public key in hexadecimal format in advance Currently the switch supports only public keys of 512 to 2048 bits Related commands pu...

Page 1000: ... key file from the peer through FTP TFTP z Only public key files in the format of SSH1 or SSH2 are supported z Currently only public keys with the modulues being in the range 512 to 2048 bits can be imported to the switch z You may use this command to configure an SSH peer s public key on the current switch After you issue this command the system will automatically identify the format of the publi...

Page 1001: ...ication mode is specified by using the ssh user authentication type command Use the undo ssh authentication type default command to remove the specified default authentication mode That is no default authentication mode is specified for SSH users In this case when an SSH user is added you must specify an authentication mode for the user at the same time By default no default authentication mode is...

Page 1002: ...rameters server ip IP address of the server server name Name of the server a string of 1 to 184 characters keyname Name of the public key of the server a string of 1 to 64 characters Both the publickey and rsa key keywords indicate specifying the publickey key They are implemented with the same method Description Use the ssh client assign command to specify the name of the public key of the server...

Page 1003: ...er View with Ctrl Z Sysname ssh client 192 168 0 1 assign publickey pub ppk ssh client first time enable Syntax ssh client first time enable undo ssh client first time View System view Parameters None Description Use the ssh client first time enable command to enable the client to run first time authentication for the SSH server it accesses for the first time Use the undo ssh client first time com...

Page 1004: ...s View System view Parameters times Authentication retry times in the range of 1 to 5 Description Use the ssh server authentication retries command to set the authentication retry times for SSH connections This configuration will take effect for all users logging in later Use the undo ssh server authentication retries command to restore the default authentication retry times By default the number ...

Page 1005: ...ples Configure the server to be compatible with SSH1 x clients Sysname system view System View return to User View with Ctrl Z Sysname ssh server compatible ssh1x enable ssh server rekey interval Syntax ssh server rekey interval hours undo ssh server rekey interval View System view Parameters hours Interval to update the server keys ranging from 1 to 24 in hours Description Use the ssh server reke...

Page 1006: ...onds Authentication timeout time ranging from 1 to 120 in seconds Description Use the ssh server timeout command to set the authentication timeout time for SSH connections Use the undo ssh server timeout command to restore the default timeout time that is 60 seconds The configuration here will take effect at next login Related commands display ssh server Examples Set the authentication timeout tim...

Page 1007: ... it tears down the connection An SSH user created with this command uses the default authentication type specified by the ssh authentication type default command If no default authentication type is specified for SSH users you need to use the ssh user authentication type command to create an SSH user and specify an authentication mode for the user An SSH user is created on an SSH server for the pu...

Page 1008: ...sh user assign command to assign an existing public key to a specified SSH user on the SSH server side Use the undo ssh user assign command to remove the association The public key of the client is subject to the one assigned last time The new public key takes effect when the user logs in next time z On an SSH server you need to assign a public key to each SSH user using publickey authentication z...

Page 1009: ...d and publickey publickey Specifies the authentication mode for the SSH user as publickey RSA key or DSA key authentication rsa Specifies the authentication mode for the SSH user as publickey RSA key or DSA key authentication The authentication modes specified by the rsa keyword and publickey keyword are implemented in the same way For the password publickey authentication type z SSH1 client users...

Page 1010: ...tion for SSH users Sysname system view System View return to User View with Ctrl Z Sysname ssh user kk authentication type publickey Display the SSH user information Sysname display ssh user information kk Username Authentication type User public key name Service type kk publickey null stelnet ssh user service type Syntax ssh user username service type stelnet sftp all undo ssh user username servi...

Page 1011: ...ge_group prefer_ctos_cipher 3des des aes128 prefer_stoc_cipher 3des des aes128 prefer_ctos_hmac sha1 sha1_96 md5 md5_96 prefer_stoc_hmac sha1 sha1_96 md5 md5_96 View System view Parameters host ip Server IP address host name Server name a string of 1 to 20 characters port num Server port number It is in the range of 0 to 65 535 and defaults to 22 identity key Specifies the algorithm for publickey ...

Page 1012: ...ablish a connection with an SSH server and at the same time specify the preferred key exchange algorithm encryption algorithms and HMAC algorithms between the server and client Note that when logging into the SSH server using publickey authentication an SSH client needs to read its own private key for authentication As two algorithms RSA or DSA are available the identity key keyword must be used t...

Page 1013: ...the SSH client Sysname system view System View return to User View with Ctrl Z Sysname ssh2 source interface Vlan interface 1 ssh2 source ip Syntax ssh2 source ip ip address undo ssh2 source ip View System view Parameters ip address Source IP address Description Use the ssh2 source ip command to specify a source IP address for the SSH client If the specified IP address is not an address of the dev...

Page 1014: ... the SSH clients can only access the SSH server using the IP address of the specified interface as the destination This improves the service manageability when the SSH server has multiple IP addresses and interfaces Examples Specify Vlan interface 1 as the source interface of the SSH server Sysname system view System View return to User View with Ctrl Z Sysname ssh server source interface Vlan int...

Page 1015: ...s can only access the SSH server using the specified IP address as the destination This improves the service manageability when the SSH server has multiple IP addresses Examples Specify source IP address 192 168 0 1 for the SSH server Sysname system view System View return to User View with Ctrl Z Sysname ssh server source ip 192 168 0 1 ...

Page 1016: ...rename 1 12 reset recycle bin 1 12 rmdir 1 15 undelete 1 15 update fabric 1 16 File Attribute Configuration Commands 1 17 boot attribute switch 1 17 boot boot loader 1 18 boot boot loader backup attribute 1 18 boot web package 1 19 display boot loader 1 20 display web package 1 21 startup bootrom access enable 1 21 Configuration File Backup and Restore Commands 1 22 backup current configuration 1 ...

Page 1017: ...starting with flash For example the URL of file text txt in the root directory of the Flash on the current unit is flash text txt z To access a file in the current directory enter the path name or file name directly For example to access file text txt in the current directory you can directly input the file name text txt as the file URL File System Configuration Commands Note to limit the lengths ...

Page 1018: ...Name of the target file Description Use the copy command to copy a file If the fileurl dest argument identifies an existing file the existing file will be overwritten after the command is executed successfully If the path rather than the name of the target file is specified the source file name is used as the target file name by default Examples Copy file config cfg from the root directory to dire...

Page 1019: ... the specified file is removed to the recycle bin and you can use the undelete command to restore it You can delete files based on file attribute z If you execute the delete running files command all the files with the main attribute will be deleted z If you execute the delete standby files command all the files with the backup attribute will be deleted For a file that has both the main and backup...

Page 1020: ... test test txt Y N y Delete file unit1 flash test test txt Done Delete all the main Web files on the local unit Sysname delete running files Delete all the running files Y N n Delete the running image file Y N n Delete the running config file Y N n Delete the running web file Y N y Start deleting Deleting done Delete all the main files in the fabric Sysname delete running files fabric Delete the r...

Page 1021: ...abric If executed without the fabric keyword the command will display information about files and folders in the root directory of the current device z If executed with the file url argument the command will display information about files and folders in the specified directory If executed without the file url argument the command will display information about files and folders in the current wor...

Page 1022: ...0 rwh 4 Apr 01 2000 23 55 24 snmpboots 1 rw 4724347 Apr 01 2000 23 59 45 test bin 2 rw 1475 Apr 01 2000 23 59 53 config cfg 3 rw 1737 Apr 02 2000 00 46 21 cfg cfg 4 rw 279296 Apr 02 2000 00 21 55 love rar 5 rw 428 Apr 02 2000 13 07 11 hostkey 6 rwh 151 Apr 01 2000 23 58 39 private data txt 7 rw 572 Apr 02 2000 13 07 20 serverkey 8 rw 1589 Apr 02 2000 00 58 20 1 cfg 7239 KB total 3475 KB free with ...

Page 1023: ...uration command after this command is configured successfully otherwise this command may not be executed correctly Examples Execute the batch file named test bat under the directory flash Sysname system view System View return to User View with Ctrl Z Sysname execute test bat Sysname Created dir unit1 flash test3 file prompt Syntax file prompt alert quiet View System view Parameters alert Specifie...

Page 1024: ...l be displayed when you delete a file Sysname delete unit1 flash te txt Delete file unit1 flash te txt Done Examples Set the prompt mode to quiet for file related operations Sysname system view System View return to User View with Ctrl Z Sysname file prompt quiet fixdisk Syntax fixdisk device View User view Parameters device Name of a device Description Use the fixdisk command to restore space on ...

Page 1025: ...ysname format unit1 flash All data on unit1 flash will be lost proceed with format Y N y Format unit1 flash completed mkdir Syntax mkdir directory View User view Parameters directory Name of a directory Description Use the mkdir command to create a subdirectory in the specified directory of a Flash memory Note that z The name of the subdirectory to be created must be unique under the specified dir...

Page 1026: ...e of a file in the Flash memory Description Use the more command to display the contents of a specified file Currently the file system only supports to display the contents of text files Examples Display the content of the file test txt Sysname more test txt AppWizard has created this test application for you This file contains a summary of what you will find in each of the files that make up your...

Page 1027: ...e is used as the target file name by default Examples Move the file 1 txt from flash to flash a within unit1 with the name unchanged Sysname move unit1 flash 1 txt unit1 flash a Move unit1 flash 1 txt to unit1 flash a 1 txt Y N y Moved file unit1 flash 1 txt to unit1 flash a 1 txt Move the file flash 22 txt to unit1 flash test and overwrite the file in the directory unit1 flash test Sysname move 2...

Page 1028: ...t Target path name or file name Description Use the rename command to rename a file or a directory If the target file name or directory name is the same with any existing file name or directory name you will fail to perform the rename operation Examples Rename the file config txt to config bak Sysname rename config txt config bak Rename unit1 flash config txt to unit1 flash config bak Y N y Rename...

Page 1029: ...ll not ask for your confirmation Use the reset recycle bin fabric command to permanently delete files in the recycle bin of all the devices in the fabric The system will not prompt you to confirm deletion of each file when you clear recycle bins throughout the fabric The files deleted by the delete command without the unreserved keyword are moved to the recycle bin To delete them permanently you c...

Page 1030: ...g cfg 2 rw 4036197 May 14 2000 10 13 18 main bin 3 rw 2386 Apr 26 2000 13 30 30 back cfg 4 drw May 08 2000 09 49 25 test 5 rwh 716 Apr 24 2007 16 17 30 hostkey 6 rwh 572 Apr 24 2007 16 17 44 serverkey 7239 KB total 2734 KB free The above information indicates that file flash a cfg and flash b cfg are deleted permanently z In directory flash test see whether the file in the recycle bin is deleted o...

Page 1031: ...y unit1 flash dd undelete Syntax undelete file url View User view Parameters file url Path name or file name of a file in the Flash memory Description Use the undelete command to restore a deleted file from the recycle bin If the name of the file to be restored is the same as that of an existing file the existing file will be overwritten after the command is executed successfully Examples Restore ...

Page 1032: ...the file used for upgrading will be copied to the root directories of other units in the fabric z When you execute the update fabric command the system first collects the free space information of each unit and then decides whether the available Flash memory space is enough on each unit The available space of the Flash should be at least 1 K larger than the size of the file used for upgrading If a...

Page 1033: ...t to set test bin to be running agent next time to boot Y N y The test bin is configured successfully File Attribute Configuration Commands boot attribute switch Syntax boot attribute switch all app configuration web fabric View User view Parameters all Specifies all the files including app files configuration files and Web files app Specifies app files configuration Specifies configuration files ...

Page 1034: ...ce in the fabric to be with the main attribute The app file specified by this command becomes the main startup file when the device starts up next time If you execute the boot boot loader command without the fabric keyword the configuration applies to the local unit only Before configuring the main or backup attribute for a file in the fabric make sure the file already exists on all devices in the...

Page 1035: ...tion applies to the local unit only Before configuring the main or backup attribute for a file in the fabric make sure the file already exists on all devices in the fabric This is because Ethernet switches do not allows you to specify an app file in other unit s Flash memory as the app startup file of the local unit Examples Configure the file backup bin to be the backup startup file of the fabric...

Page 1036: ...e named boot web to be with the main attribute Sysname boot web package boot web main display boot loader Syntax display boot loader unit unit id View Any view Parameters unit unit id Specifies the unit ID of a switch The APP startup file information of the specified unit will be displayed Description Use the display boot loader command to display the information about the APP startup files of the...

Page 1037: ...eb package is flash http3 1 5 0040 web The main web package is unit1 flash http3 1 5 0040 web The backup web package is unit1 flash startup bootrom access enable Syntax startup bootrom access enable undo startup bootrom access enable View User view Parameters None Description Use the startup bootrom access enable command to specify a switch to prompt users to use customized password to enter the B...

Page 1038: ...s of a TFTP server dest hostname Host name of a TFTP server filename cfg Name of the configuration file to which the current configuration will be backed up a string of 5 to 56 characters including the extension cfg Description Use the backup unit unit id current configuration to command to back up the current configuration of the specified switch to the specified TFTP server Use the backup fabric...

Page 1039: ...le fabric system source addr IP address of a TFTP server source hostname Host name of a TFTP server filename cfg Name of the configuration file to be restored to a string of 5 to 56 characters including the extension cfg Description Use the restore unit unit id startup configuration from command to restore the startup configuration of the specified switch from the configuration file backed on the ...

Page 1040: ...sname restore fabric startup configuration from 1 1 1 253 bbb cfg Restore startup configuration from 1 1 1 253 Please wait File will be transferred in binary mode Downloading file from remote tftp server please wait TFTP 2029 bytes sent in 0 second s File downloaded successfully Unit 7 Restore startup current configuration finished Unit 8 Restore startup current configuration finished ...

Page 1041: ...tion Commands 1 7 ascii 1 7 binary 1 8 bye 1 8 cd 1 9 cdup 1 9 close 1 10 delete 1 10 dir 1 11 disconnect 1 12 display ftp source ip 1 12 ftp 1 13 ftp cluster remote server source interface 1 13 ftp cluster remote server source ip 1 14 ftp source interface 1 15 ftp source ip 1 15 get 1 16 lcd 1 17 ls 1 17 mkdir 1 18 open 1 19 passive 1 19 put 1 20 pwd 1 21 quit 1 21 remotehelp 1 21 rename 1 22 rmd...

Page 1042: ...1 32 quit 1 33 remove 1 33 rename 1 34 rmdir 1 34 sftp 1 35 sftp source interface 1 36 sftp source ip 1 37 2 TFTP Configuration Commands 2 1 TFTP Configuration Commands 2 1 display tftp source ip 2 1 tftp ascii binary 2 1 tftp get 2 2 tftp put 2 3 tftp tftp server source interface 2 4 tftp tftp server source ip 2 4 tftp source interface 2 5 tftp source ip 2 6 tftp server acl 2 6 ...

Page 1043: ...t Examples Display the FTP server related settings of the switch assuming that the switch is operating as an FTP server Sysname display ftp server FTP server is running Max user number 1 User count 0 Timeout value in minute 30 Table 1 1 display ftp server command output description Field Description FTP server is running The FTP server is started If the FTP server is not started FTP server has bee...

Page 1044: ...only use this address as the destination address to connect to the FTP server z If neither source interface nor source IP address is specified 0 0 0 0 will be displayed In this case the FTP client can use any reachable IP address on the FTP server as the destination address to connect to the FTP server To set the source IP address for an FTP server use the ftp server source interface or the ftp se...

Page 1045: ...rs characters behind the tenth will be displayed in the second line with a left aligning mode Take username username test for example the result is Sysname display ftp user UserName HostIP Port Idle HomeDir administra tor 192 168 0 152 1031 0 flash Table 1 2 display ftp user command output description Field Description HostIP IP address of the FTP client Port Port used when the FTP client logs in ...

Page 1046: ...0 152 1029 0 flash Disconnect the user named admin from the FTP server Sysname system view System View return to User View with Ctrl Z Sysname ftp disconnect admin The user connection will be disconnected after the data transfer finished Sysname Apr 2 01 06 14 915 2000 Sysname FTPS 5 USEROUT 1 User admin 192 168 0 152 logged out ftp server enable Syntax ftp server enable undo ftp server View Syste...

Page 1047: ...e timeout time of an FTP client When the idle time of the FTP client exceeds this timeout time the FTP server terminates the connection with the FTP client Use the undo ftp timeout command to restore the default idle timeout time By default the idle timeout time is 30 minutes If an FTP connection between an FTP server and an FTP client breaks down abnormally but the FTP server cannot be aware of t...

Page 1048: ...t no source interface is specified for an FTP server and an FTP client can use any reachable interface address on the FTP server as the destination address to connect to the FTP server Related commands ftp server source ip Examples Specify VLAN interface 1 as the source interface of the FTP server Sysname system view System View return to User View with Ctrl Z Sysname ftp server source interface V...

Page 1049: ...e omitted to avoid repetition For the configuration of the command for entering FTP client view refer to ftp z When executing the FTP client configuration commands in this section confirm whether the corresponding access rights are configured on the FTP server for example query file lists under a working directory read download the specified files create a directory upload a file and rename delete...

Page 1050: ... Related commands ascii Examples Specify to transfer files in binary mode ftp binary 200 Type set to I bye Syntax bye View FTP client view Parameters None Description Use the bye command to terminate the control connection and data connection with the FTP server and return to user view This command has the same effect as that of the quit command Examples Terminate the connections with the remote F...

Page 1051: ... cd flash temp Display the current working directory ftp pwd 257 flash temp is current directory cdup Syntax cdup View FTP client view Parameters None Description Use the cdup command to exit the current working directory and enter the parent directory The parent directory must be a directory that a user is authorized to access otherwise the command cannot be executed Related commands cd pwd Examp...

Page 1052: ...ew This command has the same effect as that of the disconnect command Examples Terminate the FTP connection without quitting FTP client view ftp close 221 Server closing ftp delete Syntax delete remotefile View FTP client view Parameters remotefile Name of the file to be deleted Description Use the delete command to delete a specified remote file Examples Delete the file temp c ftp delete temp c 2...

Page 1053: ...mmand Related commands pwd Examples Display the information about all the files in the current directory on the remote FTP server ftp dir 227 Entering Passive Mode 192 168 0 152 4 0 125 ASCII mode data connection already open transfer starting for rwxrwxrwx 1 noone nogroup 377424 Apr 26 13 05 s3r01 btm rwxrwxrwx 1 noone nogroup 377424 Oct 10 2006 s3r01_15 btm rwxrwxrwx 1 noone nogroup 2833 May 11 ...

Page 1054: ...ceived in 5 818 second s 11 00 byte s sec disconnect Syntax disconnect View FTP client view Parameters None Description Use the disconnect command to terminate an FTP connection without quitting FTP client view This command has the same effect as that of the close command Examples Terminate the FTP connection without quitting FTP client view ftp disconnect 221 Server closing ftp display ftp source...

Page 1055: ...r View User view Parameters cluster Connects to the configured FTP server of a cluster For the configuration of the FTP server of a cluster refer to the Cluster part of this manual remote server Host name or IP address of an FTP server a string of 1 to 20 characters port number Port number of the FTP server in the range 0 to 65535 The default is 21 Description Use the ftp command to establish a co...

Page 1056: ...ce interface to connect to the FTP server whose IP address is 192 168 8 8 Sysname ftp 192 168 8 8 source interface Vlan interface 1 ftp cluster remote server source ip Syntax ftp cluster remote server source ip ip address View User view Parameters cluster Connects to the configured FTP server of a cluster For the configuration of the FTP server of a cluster refer to the Cluster part of this manual...

Page 1057: ...tem decides which interface will be used for accessing FTP servers By default the switch uses the IP address of the outbound interface in the local routing table as the source IP address for connecting to an FTP server The destination of the outbound interface is the subnet where the FTP server resides To configure the source interface used only for the current connection to an FTP server use the ...

Page 1058: ...switch uses every time it connects to an FTP server Sysname system view System View return to User View with Ctrl Z Sysname ftp source ip 192 168 0 1 get Syntax get remotefile localfile View FTP client view Parameters remotefile Name of a file to be downloaded localfile File name used when a file is downloaded and saved to the local device If this argument is not specified the source file name is ...

Page 1059: ...ent to modify the local working directory you need to terminate the connection with the FTP server quit FTP client view execute the cd command in user view and reconnect to the FTP server Examples Display the local working directory on the FTP client ftp lcd Local directory now flash temp ls Syntax ls remotefile localfile View FTP client view Parameters remotefile Name of the file to be queried lo...

Page 1060: ...4 125 ASCII mode data connection already open transfer starting for s3r01 btm s3r01_15 btm config cfg default diag test test txt mytest bak a txt myopenssh public temp c swithc001 226 Transfer complete FTP 200 byte s received in 0 145 second s 1 00Kbyte s sec mkdir Syntax mkdir pathname View FTP client view Parameters pathname Name of the directory to be created Description Use the mkdir command t...

Page 1061: ... a control connection with an FTP server If you have connected to an FTP server you cannot use the open command to connect to another server and you need to terminate the connection with the current FTP server and then execute the open command Related commands close Examples Establish a control connection with the FTP server whose IP address is 1 1 1 1 in FTP client view ftp open 1 1 1 1 Trying Pr...

Page 1062: ...he firewall may block the connection request because the FTP server initiates the connection with Port1 through an external network and thus data transmission will be affected Therefore you are recommended to set the data transmission mode of the FTP client to passive when accessing the FTP server through a firewall Examples Set the data transfer mode to the passive mode ftp passive Passive is on ...

Page 1063: ...7 flash temp is current directory quit Syntax quit View FTP client view Parameters None Description Use the quit command to terminate FTP control connection and FTP data connection and return to user view This command has the same effect as that of the bye command Examples Terminate the FTP control connection and FTP data connection and return to user view ftp quit 221 Server closing Sysname remot...

Page 1064: ...w whether the FTP server provides help information about FTP protocol commands Examples Display the syntax of the user command ftp remotehelp user 214 Syntax USER sp username rename Syntax rename remote source remote dest View FTP client view Parameters remote source Name of a file on a remote host remote dest Destination file name Description Use the rename command to rename a file on a remote FT...

Page 1065: ... on the FTP server Assume that the directory is empty ftp rmdir flash temp1 200 RMD command successful user Syntax user username password View FTP client view Parameters username Username used to log in to an FTP server password Password used to log in to an FTP server Description Use the user command to log in to an FTP server with the specified username and password Examples Log in to the FTP se...

Page 1066: ...inished successfully FTP 100 byte s received in 5 109 second s 20 00 byte s sec Disable the verbose function ftp undo verbose Download the file with name test cfg ftp get test cfg FTP 1740 byte s received in 9 367 second s 185 00 byte s sec The above output indicates that if the verbose function is disabled only execution information of users operations is obtained from the system of the switch wh...

Page 1067: ...imeout time out value undo sftp timeout View System view Parameters time out value Timeout time in the range 1 to 35 791 in minutes The default value is 10 Description Use the sftp timeout command to set the idle timeout time on an SFTP server Use the undo sftp timeout command to restore the idle timeout time to the default value If the idle timeout time exceeds the specified threshold the system ...

Page 1068: ...xamples Terminate the connection with the remote SFTP server sftp client bye Bye Sysname cd Syntax cd remote path View SFTP client view Parameters remote path Path of the target directory on the remote server Description Use the cd command to change the working path on the remote SFTP server If no remote path is specified this command displays the current working path z Use the cd command to retur...

Page 1069: ...ry Examples Change the working path and return to the parent directory sftp client cdup Received status Success Current Directory is delete Syntax delete remote file 1 10 View SFTP client view Parameters remote file 1 10 Name of a file on the server 1 10 indicates that up to ten file names can be input These file names should be separated by spaces Description Use the delete command to delete a sp...

Page 1070: ...a specified directory on the remote SFTP server If a or l is not specified the command displays details about the files and folders in the specified directory in a list If no remote path is specified this command displays the files in the current working directory This command has the same effect as that of the Is command Examples Display the files in the current directory sftp client dir rwxrwxrw...

Page 1071: ...rface otherwise this command displays the IP address 0 0 0 0 Examples Display the source IP address for the current SFTP client Sysname display sftp source ip The source IP you specified is 192 168 1 1 exit Syntax exit View SFTP client view Parameters None Description Use the exit command to terminate a connection with the remote SFTP server and return to system view This command has the same effe...

Page 1072: ... tt txt This operation may take a long time please wait Remote file tt bak Local file tt txt Received status End of file Received status Success Downloading file successfully ended help Syntax help all command View SFTP client view Parameters all Displays all the command names command Command name Description Use the help command to display the help information about SFTP client commands If no com...

Page 1073: ...files in the current working directory This command has the same effect as that of the dir command Examples Display the files in the current directory sftp client ls rwxrwxrwx 1 noone nogroup 1759 Aug 23 06 52 config cfg rwxrwxrwx 1 noone nogroup 225 Aug 24 08 01 pubkey2 rwxrwxrwx 1 noone nogroup 283 Aug 24 07 39 pubkey1 rwxrwxrwx 1 noone nogroup 225 Sep 28 08 28 pub1 drwxrwxrwx 1 noone nogroup 0 ...

Page 1074: ... By default the local file name is used for the remote file if no remote file name is specified Examples Upload the file named config cfg to the remote SFTP server and save it as 1 txt sftp client put config cfg 1 txt This operation may take a long time please wait Local file config cfg Remote file 1 txt Received status Success Uploading file successfully ended pwd Syntax pwd View SFTP client view...

Page 1075: ... Bye Sysname remove Syntax remove remote file 1 10 View SFTP client view Parameters remote file 1 10 Name of a file on the server 1 10 indicates that up to ten file names can be input These file names should be separated by spaces Description Use the remove command to delete a specified file from the remote SFTP server This command has the same effect as that of the delete command Examples Delete ...

Page 1076: ...p txt sftp client rename temp bat temp txt File successfully renamed rmdir Syntax rmdir remote path 1 10 View SFTP client view Parameters remote path 1 10 Name of a directory on the remote SFTP server 1 10 indicates that up to ten file names can be input These file names should be separated by spaces Description Use the rmdir command to remove a specified directory from the remote SFTP server Exam...

Page 1077: ...ange algorithm diffie hellman group1 sha1 It is the default key exchange algorithm z dh_exchange_group Key exchange algorithm diffie hellman group exchange sha1 prefer_ctos_cipher Preferred client to server encryption algorithm The default algorithm is aes128 prefer_stoc_cipher Preferred server to client encryption algorithm The default algorithm is aes128 z 3des 3des_cbc encryption algorithm Supp...

Page 1078: ...you want to save the server s public key Y N y Enter password sftp client sftp source interface Syntax sftp source interface interface type interface number undo sftp source interface View System view Parameters interface type Type of a source interface It can be loopback or VLAN interface interface number Number of a source interface Description Use the sftp source interface command to specify a ...

Page 1079: ...ed IP address is not the IP address of the local device the system prompts that the configuration fails Use the undo sftp source ip command to remove the specified source IP address Then the client accesses the SFTP server with the local device address determined by the system Examples Specify 192 168 0 1 as the source IP address of the SFTP client Sysname system view System View return to User Vi...

Page 1080: ...is displayed If neither source IP address nor source interface is specified for the TFTP client 0 0 0 0 is displayed Related commands tftp source ip tftp source interface Examples Display the source IP address that a TFTP client uses every time it connects to a TFTP server Sysname display tftp source ip The source IP you specified is 192 168 0 1 tftp ascii binary Syntax tftp ascii binary View Syst...

Page 1081: ...ed or specified on a TFTP client To enter another working directory you need to modify the working directory on the TFTP server and relog in The 3com switch 5500 EI supports the TFTP file size negotiation function namely before downloading a file the switch requests the size of the file to be downloaded to the TFTP server thus to ensure whether there is enough space on the Flash for file downloadi...

Page 1082: ...rver IP address or the host name of a TFTP server a string of 1 to 20 characters If the switch belongs to a cluster the value cluster means to connect to the TFTP server of the cluster For the configuration of the TFTP server of a cluster refer to the Cluster part in this manual source file Name of the file to be uploaded to the TFTP server dest file File name used when a file is uploaded and save...

Page 1083: ... File name used when a file is downloaded and saved to the switch put Specifies to upload a file to the TFTP server source file url Path and name of the file to be uploaded to the TFTP server dest file File name used when a file is uploaded and saved to a TFTP server Description Use the tftp tftp server source interface command to connect to a TFTP server through the specified source interface and...

Page 1084: ...ompt appears to show the command fails to be executed Examples Connect to the remote TFTP server whose IP address is 192 168 8 8 through the source IP address 192 168 0 1 and download the file named test bin from it Sysname tftp 192 168 8 8 source ip 192 168 0 1 get test bin tftp source interface Syntax tftp source interface interface type interface number undo tftp source interface View System vi...

Page 1085: ...wise a prompt appears to show the configuration fails Use the undo tftp source ip command to cancel the source IP address setting The switch uses the IP address of the outbound interface in the local routing table as the source IP address to connect to a TFTP server The destination of the outbound interface is the subnet where the TFTP server resides By default no source IP address is specified fo...

Page 1086: ...ted for the connection between a TFTP client and a TFTP server Use the undo tftp server acl command to cancel all ACLs adopted Examples Specify to adopt ACL 2000 on the TFTP client Sysname system view System View return to User View with Ctrl Z Sysname tftp server acl 2000 ...

Page 1087: ...o center enable 1 7 info center logbuffer 1 8 info center loghost 1 9 info center loghost source 1 10 info center monitor channel 1 10 info center snmp channel 1 11 info center source 1 12 info center synchronous 1 14 info center switch on 1 15 info center timestamp 1 16 info center timestamp loghost 1 16 info center timestamp utc 1 17 info center trapbuffer 1 18 reset logbuffer 1 19 reset trapbuf...

Page 1088: ...uffer logbuffer snmpagent channel6 channel7 channel8 channel9 Description Use the display channel command to display the settings of an information channel If no argument is specified in the command the settings of all channels are displayed Examples Display the settings of information channel 0 Sysname display channel 0 channel number 0 channel name console MODU_ID NAME ENABLE LOG_LEVEL ENABLE TR...

Page 1089: ...r 0 channel name console Monitor channel number 1 channel name monitor SNMP Agent channel number 5 channel name snmpagent Log buffer enabled max buffer size 1024 current buffer size 512 current messages 512 channel number 4 channel name logbuffer dropped messages 0 overwritten messages 586 Trap buffer enabled max buffer size 1024 current buffer size 256 current messages 5 channel number 3 channel ...

Page 1090: ...d debugging information XRN SWITCH OF Device Unit 1 Information about the information output state of the device enabled or disabled showing whether the log trap and debugging information output are enabled on the device display logbuffer Syntax display logbuffer unit unit id level severity size buffersize begin exclude include regular expression View Any view Parameters unit id Unit ID of the dev...

Page 1091: ...e log buffer Examples Display the status of the log buffer and the records in the log buffer Sysname display logbuffer Logging buffer configuration and contents enabled Allowed max buffer size 1024 Actual buffer size 512 Channel number 4 Channel name logbuffer Dropped messages 0 Overwritten messages 0 Current messages 91 Jun 19 18 03 24 55 2006 Sysname IC 7 SYS_RESTART System restarted The rest is...

Page 1092: ...tics of the log buffer Examples Display the summary of the log buffer Sysname display logbuffer summary EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG 0 0 0 0 94 0 1 0 The above information indicates that there are 94 warnings and one informational information in the log buffer display trapbuffer Syntax display trapbuffer unit unit id size buffersize View Any view Parameters unit id Unit ID of the d...

Page 1093: ...tus is 1 ifOperStatus is 1 Omitted info center channel name Syntax info center channel channel number name channel name undo info center channel channel number View System view Parameters channel number Channel number ranging from 0 to 9 corresponding to the 10 channels of the system channel name Channel name up to 30 characters in length The name must start with an English letter containing no sp...

Page 1094: ...hannel9 Description Use the info center console channel command to set the channel through which information is output to the console Use the undo info center console channel command to restore the default channel through which system information is output to the console By default output of information to the console is enabled with channel 0 as the default channel known as console This command w...

Page 1095: ...uffersize undo info center logbuffer channel size View System view Parameters channel Sets the channel through which information outputs to the log buffer channel number Channel number ranging from 0 to 9 corresponding to the 10 channels of the system channel name Channel name by default the name of channel 0 to channel 9 is in turn console monitor loghost trapbuffer logbuffer snmpagent channel6 c...

Page 1096: ...er snmpagent channel6 channel7 channel8 channel9 facility local number The logging facility of the log host The local number argument ranges from local0 to local7 with the corresponding value ranging from 16 to 23 The default logging facility is local7 with the value being 23 Description Use the info center loghost command to enable information output to a log host through specifying the IP addres...

Page 1097: ...command to configure the source interface through which information is sent to the log host Use the undo info center loghost source command to cancel the source interface configuration Related commands info center enable display info center Examples Configure VLAN interface 1 as the source interface through which information is sent to the log host Sysname system view System View return to User Vi...

Page 1098: ... 0 Sysname system view System View return to User View with Ctrl Z Sysname info center monitor channel 0 info center snmp channel Syntax info center snmp channel channel number channel name undo info center snmp channel View System view Parameters channel number Channel number ranging from 0 to 9 corresponding to the 10 channels of the system channel name Channel name by default the name of channe...

Page 1099: ... rules By default the output rules for the system information are listed in Table 1 4 This command can be used to set the filter and redirection rules of log trap and debugging information For example the user can set to output log information with severity higher than warnings to the log host and information with severity higher than informational to the log buffer The user can also set to output...

Page 1100: ...allowed Enabled disabled Severity Enabled disabled Severity Enabled disabled Severity Console default all modules Enabled warnings Enabled debuggin g Enabled debuggin g Monitor terminal default all modules Enabled warnings Enabled debuggin g Enabled debuggin g Log host default all modules Enabled informatio nal Enabled debuggin g Disabled debuggin g Trap buffer default all modules Disabled informa...

Page 1101: ...tion are echoed after the output note that the command prompt is echoed in command edit state but is not echoed in interactive state Use the undo info center synchronous command to disable synchronous information output By default the synchronous information output function is disabled z The synchronous information output function is used in the case that your input is interrupted by a large amoun...

Page 1102: ...ng information output is enabled and log and trap information output is disabled for the master switch in the fabric Debugging log and trap information output for other switches in the fabric is disabled z After the switches supporting XRN form a fabric the log debugging and trap information of each switch in the fabric can be synchronized Each switch sends its own information to other switches in...

Page 1103: ...or example 7 z hh mm ss sss The local time with hh ranging from 00 to 23 mm and ss ranging from 00 to 59 and sss ranging from 0 to 999 z yyyy Represents the year none Specifies not to include time stamp in the specified output information Description Use the info center timestamp command to set the format of time stamp included in the log trap debugging information Use the undo info center timesta...

Page 1104: ...System View return to User View with Ctrl Z Sysname info center timestamp loghost no year date info center timestamp utc Syntax info center timestamp utc undo info center timestamp utc View System view Parameters None Description Use the info center timestamp utc command to configure to add UTC time zone to the time stamp of the date type output in each direction of the information center Use the ...

Page 1105: ...ges 0 overwritten messages 0 Information timestamp setting with utc log date trap date debug boot XRN SWITCH OF Device Unit 1 LOG disable TRAP disable DEBUG enable If you configure to add the UTC time zone in the time stamp the system information is output as follows Dec 8 10 12 21 708 2006 GMT 08 00 00 Sysname SHELL 5 LOGIN 1 VTY 1 1 0 2 in unit1 login info center trapbuffer Syntax info center tr...

Page 1106: ... command takes effect only after the information center function is enabled Related commands info center enable display info center Examples Enable the system to output trap information to the trap buffer whose size is set to 30 Sysname system view System View return to User View with Ctrl Z Sysname info center trapbuffer size 30 reset logbuffer Syntax reset logbuffer unit unit id View User view P...

Page 1107: ...d to enable debugging terminal display Use the undo terminal debugging command to disable debugging terminal display By default debugging terminal display is disabled You can execute the terminal debugging command to display debugging information on a user terminal Related commands debugging commands in the System Maintenance and Debugging module of the manual Examples Enable debugging terminal di...

Page 1108: ...ole users and terminal users This command works only on the current terminal The debugging log trap information can be output on the current terminal only after this command is executed in user view z Disabling the function has the same effect as executing the following three commands undo terminal debugging undo terminal logging and undo terminal trapping That is no debugging log trap information...

Page 1109: ...n Use the terminal trapping command to enable trap terminal display Use the undo terminal trapping command to disable trap terminal display By default trap terminal display is enabled Examples Enable trap terminal display Sysname terminal trapping ...

Page 1110: ...ivity Test Commands 2 1 Network Connectivity Test Commands 2 1 ping 2 1 tracert 2 3 3 Device Management Commands 3 1 Device Management Commands 3 1 boot boot loader 3 1 boot bootrom 3 1 display boot loader 3 2 display cpu 3 3 display device 3 3 display fan 3 4 display memory 3 5 display power 3 5 display schedule reboot 3 6 display transceiver alarm interface 3 6 display transceiver diagnosis inte...

Page 1111: ...ii xmodem get 3 18 ...

Page 1112: ... from 2000 to 2099 MM represents month ranging from 1 to 12 and DD represents day ranging from 1 to 31 Description Use the clock datetime command to set the current date and time of the Ethernet switch By default it is 23 55 00 04 01 2000 when the system starts up In an implementation where exact absolute time is required it is necessary to use this command to set the current date and time of the ...

Page 1113: ...iption Use the clock summer time command to set the summer time including the name time range and time offset After the setting you can use the display clock command to check the results Examples Set the summer time named abc1 which starts from 06 00 00 2005 08 01 ends until 06 00 00 2005 09 01 and is one hour ahead of the standard time Sysname clock summer time abc1 one off 06 00 00 08 01 2005 06...

Page 1114: ...ck timezone command to restore the local time zone to the default UTC time zone After the setting you can use the display clock command to check the setting The log information time and the debugging information time adopts the local time after the time zone and the summer time have been adjusted Related commands clock summer time display clock Examples Set the local time zone named z5 which is fi...

Page 1115: ...ysname Return to system view from Ethernet port view Sysname system view System View return to User View with Ctrl Z Sysname interface ethernet 1 0 1 Sysname Ethernet1 0 1 quit Sysname return Syntax return View Views other than user view Parameters None Description Use the return command to return from current view to user view The composite key Ctrl Z has the same effect with the return command R...

Page 1116: ...the system name will affect the CLI prompt For example if the system name of the switch is 3Com the prompt for user view is 3Com Examples Set the system name of the Ethernet switch to LSW Sysname system view System View return to User View with Ctrl Z Sysname sysname LSW LSW system view Syntax system view View User view Parameters None Description Use the system view command to enter system view f...

Page 1117: ... the system Sysname display clock 18 36 31 beijing Sat 2002 02 02 Time Zone beijing add 01 00 00 Summer Time bj one off 01 00 00 2003 01 01 01 00 00 2003 08 08 01 00 00 Table 1 1 Description on the fields of the display clock command Field Description 18 36 31 beijing Sat 2002 02 02 Current date and time of the system Time Zone Configured time zone information Summer Time Configured summer time in...

Page 1118: ...s on display version Syntax display version View Any view Parameters None Description Use the display version command to display the version information about the switch system Specifically you can use this command to check the software version and release time the basic hardware configuration and some other information about the switch Examples Display the version information of the system Sysnam...

Page 1119: ...ging information and thus will affect the efficiency of the system Therefore it is recommended not to enable debugging for multiple functions at the same time To disable all debugging at a time you can use the undo debugging all command z The specific debugging information can be displayed on a terminal only after you have configured the debugging terminal debugging and terminal monitor commands z...

Page 1120: ...ut the file name diag flash default diag The file is already existing overwrite it Y N y Output information to file flash default diag Please wait After saving the information you can use the more default diag command in user view to view the contents of the file default diag with the Page Up and Page Down keys Display the running statistics of the system function modules Sysname display diagnosti...

Page 1121: ...al monitor command you will disable the monitoring of the log trap and debugging information on the current terminal Thereby no log trap or debugging information will be displayed on the terminal z The configuration of the terminal debugging command takes effect for the current connection only If the terminal re establishes a connection the terminal display for debugging information is disabled Re...

Page 1122: ... sending interface by its type and number With the interface specified the TTL of packets are set to 1 automatically to test the directly connected device the IP address of the device is in the same network segment with that of the interface ip Specifies the device to support IPv4 By default the device supports IPv4 n Specifies to directly regard the host argument as an IP address without performi...

Page 1123: ... packet including the number of bytes packet sequence number TTL and response time of the response packet if the response packet is received within the timeout time If no response packet is received within the timeout time the message Request time out is displayed instead z Final statistics including the numbers of sent packets and received response packets the irresponsive packet percentage and t...

Page 1124: ...er of packets to be sent each time The num packet argument ranges from 0 to 65 535 and defaults to 3 w timeout Specifies the timeout time to wait for ICMP error packets The timeout argument ranges from 0 to 65 535 and defaults to 5 000 in milliseconds string Host name of the destination host in the range of 1 to 20 characters Description Use the tracert command to trace the gateways that the test ...

Page 1125: ...9 ms 19 ms 19 ms 4 128 32 136 23 128 32 136 23 19 ms 39 ms 39 ms 5 128 32 168 22 128 32 168 22 20 ms 39 ms 39 ms 6 128 32 197 4 128 32 197 4 59 ms 119 ms 39 ms 7 131 119 2 5 131 119 2 5 59 ms 59 ms 39 ms 8 129 140 70 13 129 140 70 13 80 ms 79 ms 99 ms 9 129 140 71 6 129 140 71 6 139 ms 139 ms 159 ms 10 129 140 81 7 129 140 81 7 199 ms 180 ms 300 ms 11 129 140 72 17 129 140 72 17 300 ms 239 ms 239 ...

Page 1126: ...nit NO flash which is used to indicate that the specified file is stored in the Flash memory of a specified switch Description Use the boot boot loader command to specify the host software that will be used when the switch starts up next time You can use this command to specify a app file in the Flash as the host software to be adopted at next startup Examples Specify the host software that will b...

Page 1127: ...ed display boot loader Syntax display boot loader unit unit id View Any view Parameters unit id Unit ID of a switch Description Use the display boot loader command to display the host software app file that will be adopted when the switch starts up next time Examples Display the host software that will be adopted when the switch starts up next time Sysname display boot loader Unit 1 The current bo...

Page 1128: ...nutes Table 3 2 Description on the fields of the display cpu command Field Description CPU busy status CPU usage status 12 in last 5 seconds 12 in last 1 minute 12 in last 5 minutes The CPU usage in the last five seconds is 12 The CPU usage in the last one minute is 12 The CPU usage in the last five minutes is 12 display device Syntax display device manuinfo unit unit id unit unit id View Any view...

Page 1129: ...RomVer AddrLM Type State 0 0 24 REV C NULL 001 510 IVL MAIN Normal 0 1 4 REV C NULL 001 NULL IVL 4 GE Normal Table 3 3 Description on the fields of the display device command Field Description SlotNo Serial number of the slot SubSNo Serial number of the sub slot PortNum Number of ports PCBVer Version number of the PCB card FPGAVer Version number of the FPGA encapsulation CPLDVer Logical version nu...

Page 1130: ...usage of a specified switch Examples Display the memory usage of this switch Sysname display memory Unit 1 System Available Memory bytes 30045312 System Used Memory bytes 15698468 Used Rate 52 Table 3 4 Description on the fields of the display memory command Field Description System Available Memory bytes Available memory size of the system in bytes System Used Memory bytes Used memory size of the...

Page 1131: ...reboot Syntax display schedule reboot View Any view Parameters None Description Use the display schedule reboot command to display information about scheduled reboot Related commands schedule reboot at schedule reboot delay Examples Display the information about scheduled reboot Sysname display schedule reboot System will reboot at 16 00 00 2002 11 1 in 2 hours and 5 minutes display transceiver al...

Page 1132: ...h Temperature is high Temp low Temperature is low Voltage high Voltage is high Voltage low Voltage is low Transceiver info I O error Transceiver information read and write error Transceiver info checksum error Transceiver information checksum error Transceiver type and port configuration mismatch Transceiver type does not match port configuration Transceiver type not supported by port hardware Tra...

Page 1133: ...fault WIS WAN Interface Sublayer local fault Receive optical power fault Receive optical power fault PMA PMD receiver local fault PMA PMD Physical Medium Attachment Physical Medium Dependent receiver local fault PCS receive local fault PCS Physical Coding Sublayer receiver local fault PHY XS receive local fault PHY XS PHY Extended Sublayer receive local fault RX power high RX power is high RX powe...

Page 1134: ...information Current alarm information of the transceiver TX fault TX fault display transceiver diagnosis interface Syntax display transceiver diagnosis interface interface type interface number View Any view Parameters interface type interface number Interface type and interface number Description Use the display transceiver diagnosis interface command to display the currently measured value of di...

Page 1135: ...sion to 0 01 dBM TX power dBM Digital diagnosis parameter TX power in dBM with the precision to 0 01 dBM display transceiver interface Syntax display transceiver interface interface type interface number View Any view Parameters interface type interface number Interface type and interface number Description Use the display transceiver interface command to display main parameters of a single or all...

Page 1136: ...ivers If the transceiver supports multiple transfer medium every two values of the transfer distance are separated by a comma The corresponding transfer medium is included in the bracket following the transfer distance value The following are the transfer media z 9 um 9 125 um single mode fiber z 50 um 50 125 um multi mode fiber z 62 5 um 62 5 125 um multi mode fiber z TP Twisted pair z CX4 CX4 ca...

Page 1137: ...info interface Field Description Manu Serial Number Serial number generated during debugging and testing Manufacturing Date Debugging and testing date The date takes the value of the system clock of the computer that performs debugging and testing Vendor Name Vendor name specified that is H3C port auto power down Syntax port auto power down undo port auto power down View Ethernet port view Paramet...

Page 1138: ...ange If yes it prompts whether or not to proceed This prevents the system from losing the configurations in case of shutting down the system without saving the configurations Examples Directly restart this switch without saving the current configuration Sysname reboot Start to check configuration with next startup configuration file please wait This command will reboot the device Current configura...

Page 1139: ...on of one minute that is the switch will reboot within one minute after the specified reboot date and time Note that z After you execute the schedule reboot at command with a specified future date the switch will reboot at the specified time with at most one minute delay z After you execute the schedule reboot at command without specifying a date the switch will reboot at the specified time on the...

Page 1140: ...Note that z The switch timer is precise to one minute When the reboot time reaches the switch will reboot in one minute at most z You can set the reboot delay in two formats the hour minute format and the absolute minute format and both must be less than or equal to 30 24 60 that is 30 days z After you execute the command the system will prompt you to confirm Enter Y or y for your setting to take ...

Page 1141: ...regularity command to cancel the configured reboot period By default the reboot period of the switch is not configured The switch timer can be set to a precision of one minute that is the switch will reboot within one minute after the specified reboot date and time After you execute the command the system will prompt you to confirm Enter Y or y for your setting to take effect Your setting will ove...

Page 1142: ...ysis and solution of the problems of the device By default real time monitoring of the running status of the system is enabled Enabling of this function consumes some amounts of CPU resources Therefore if your network has a high CPU usage requirement you can disable this function to save your CPU resources Examples Disable real time monitoring of the running status of the system Sysname system vie...

Page 1143: ...red on unit 2 successfully Do you want to set s5500 app to be running agent next time to boot Y N y The s5500 app is configured successfully xmodem get Syntax xmodem get file url device name View User view Parameters file url Path plus name of a host software file in the Flash a string of 1 to 64 characters device name File name in the form of unit NO flash which is used to indicate that the speci...

Page 1144: ...3 19 WARNING xmodem is a slow transfer protocol limited to the current speed settings of the auxiliary ports During the course of the download no exec input output will be available ...

Page 1145: ... vlan vpn inner cos trust 1 4 vlan vpn priority 1 4 vlan vpn tpid 1 6 2 Selective QinQ Configuration Commands 2 1 Selective QinQ Configuration Commands 2 1 mac address mapping 2 1 raw vlan id inbound 2 2 vlan vpn vid 2 3 3 BPDU Tunnel Configuration Commands 3 1 BPDU Tunnel Configuration Commands 3 1 bpdu tunnel 3 1 bpdu tunnel tunnel dmac 3 2 display bpdu tunnel 3 3 ...

Page 1146: ...vlan vpn Ethernet1 0 6 VLAN VPN status enabled VLAN VPN VLAN 1 VLAN VPN inner cos trust status disable VLAN VPN TPID 8100 Table 1 1 Description on the fields of the display port vlan vpn command Field Description Ethernet1 0 6 The port with the VLAN VPN feature enabled VLAN VPN status The operation status of the VLAN VPN feature on the port enabled indicates that VLAN VPN is enabled on the port Yo...

Page 1147: ...t By default transparent IGMP message transmission is disabled on a port For a VLAN VPN disabled port the switch can transmit an IGMP message received on the port within the VLAN that the IGMP message belongs to normally For the switch to transparently transmit an IGMP message received on a VLAN VPN port in the outer VLAN however you must enable transparent IGMP message transmission on the port z ...

Page 1148: ...packet already carries a VLAN tag the packet becomes a dual tagged packet z Otherwise the packet becomes a packet carrying the default VLAN tag of the port If XRN fabric is enabled on a device the VLAN VPN feature cannot be enabled on any port of the device You can use the display port vlan vpn command to display the configuration information of VLAN VPN on the ports to verity your configuration A...

Page 1149: ...s the outer tag priority of packets For descriptions on receiving port priority refer to QoS QoS Profile Operation Note that z This feature can be enabled only on VLAN VPN enabled ports z This command is mutually exclusive with the vlan vpn priority command Examples Enable the inner to outer tag priority replicating feature for Ethernet 1 0 2 Sysname system view System View return to User View wit...

Page 1150: ...an outer tag that has the corresponding priority Use the undo vlan vpn priority command to remove the configuration By default no mapping between the inner tag priority and the outer tag priority is configured and the switch uses the priority of the receiving port as the outer tag priority of packets For descriptions on receiving port priority refer to QoS QoS Profile Operation Note that z This co...

Page 1151: ...t TPID value The default TPID value is 0x8100 For the position and function of the TPID field in a packet refer to VLAN Operation The TPID field in an Ethernet frame has the same position with the protocol type field in a frame without a VLAN tag To prevent other devices in the network from recognizing the tag encapsulated packets of the current switch as protocol packets you are not allowed to se...

Page 1152: ...1 7 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 2 Sysname Ethernet1 0 2 vlan vpn tpid 9100 ...

Page 1153: ...the range 1 to 4094 all Removes all the inter VLAN MAC address replicating configurations created on the current port Description Use the mac address mapping command to configure the inter VLAN MAC address replicating feature for a port This feature can replicate MAC address entries of the MAC address tables of specified source VLANs to the MAC address table of the specified destination VLAN Use t...

Page 1154: ...raw vlan id inbound all vlan id list View QinQ view Parameters vlan id list Lists of VLAN IDs After receiving packets of these VLANs the switch will encapsulate the packets with the specified outer VLAN tag You need to provide this argument in the form of vlan id to vlan id 1 10 where the VLAN ID after the to keyword must be larger than or equal to the VLAN ID before the to keyword and 1 10 means ...

Page 1155: ...rl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 vlan vpn vid 20 Sysname Ethernet1 0 1 vid 20 raw vlan id inbound 8 to 15 vlan vpn vid Syntax vlan vpn vid vlan id undo vlan vpn vid vlan id View Ethernet port view Parameters vlan id VLAN ID in the range 1 to 4094 Description Use the vlan vpn vid command to configure the outer VLAN tag for a selective QinQ policy that is the outer VLAN ta...

Page 1156: ...hich VLANs packets will be encapsulated with the specified outer VLAN tag Otherwise the configuration of the outer VLAN tag is of no use Related commands raw vlan id inbound Examples Specify Ethernet 1 0 1 add VLAN 20 tag as the outer tag to the packets with their inner VLAN IDs being 2 through 14 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysn...

Page 1157: ...ble BPDU tunnel for link aggregation control protocol LACP pagp Enable Disable BPDU tunnel for port aggregation protocol PAGP pvst Enable Disable BPDU tunnel for per VLAN spanning tree PVST stp Enable Disable BPDU tunnel for spanning tree protocol STP vtp Enable Disable BPDU tunnel for VLAN trunk protocol VTP udld Enable Disable BPDU tunnel for uni directional link direction UDLD all Disables BPDU...

Page 1158: ...work cannot be transparently transmitted properly z If XRN fabric is enabled on one port of a device the BPDU tunnel feature cannot be enabled on any port of the device Examples Enable BPDU tunnel for packets of LACP Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 bpdu tunnel lacp bpdu tunnel tunnel dmac Syntax bpdu tunnel tunn...

Page 1159: ... e266 c3ab Sysname system view System View return to User View with Ctrl Z Sysname bpdu tunnel tunnel dmac 010f e266 c3ab display bpdu tunnel Syntax display bpdu tunnel View Any view Parameters None Description Use the display bpdu tunnel command to display the private multicast MAC address configured for protocol packets transmitted along the BPDU tunnel s Related commands bpdu tunnel tunnel dmac...

Page 1160: ...tion 1 18 history keep time 1 19 history record enable 1 20 history records 1 20 http operation 1 21 http string 1 22 remote ping 1 22 remote ping agent clear 1 23 remote ping agent enable 1 23 remote ping agent max requests 1 24 jitter interval 1 25 jitter packetnum 1 25 password 1 26 probe failtimes 1 27 send trap 1 28 sendpacket passroute 1 28 source interface 1 29 source ip 1 30 source port 1 ...

Page 1161: ...ii ttl 1 37 username 1 38 remote ping Server Commands 1 39 remote ping server enable 1 39 remote ping server tcpconnect 1 40 remote ping server udpecho 1 40 ...

Page 1162: ...figure the advantage factor which is used to count Mos and ICPIF value in a jitter voice test Use the undo adv factor command to restore the default This command applies only to jitter voice test Examples Configure the advantage factor for a jitter voice test as 10 Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator jitter Sysname remote ping administr...

Page 1163: ...icmp test type icmp Sysname remote ping administrator icmp count 10 datafill Syntax datafill string undo datafill View remote ping test group view Parameters string Data for padding test packets It is a string of 1 to 230 characters including spaces Description Use the datafill command to configure the data for padding test packets Use the undo datafill command to restore the default By default te...

Page 1164: ... None First 68 bytes jitter G 711 A Law First 16 bytes jitter G 711 muHmm Law First 16 bytes jitter G 729 A Law First 16 bytes Examples Configure a packet padding string 12 ab cd Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator icmp Sysname remote ping administrator icmp datafill 12 ab cd datasize Syntax datasize size undo datasize View remote ping ...

Page 1165: ...g administrator icmp test type icmp Sysname remote ping administrator icmp datasize 50 description Syntax description string undo description View remote ping test group view Parameters string Brief description about a test operation By default no description is configured Description Use the description command to briefly describe a test operation Use the undo description command to delete the co...

Page 1166: ...s it must be an IP address Examples Set the destination IP address of an ICMP test to 169 254 10 3 Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator icmp Sysname remote ping administrator icmp test type icmp Sysname remote ping administrator icmp destination ip 169 254 10 3 destination port Syntax destination port port number undo destination port Vi...

Page 1167: ...ote ping administrator tcp destination port 9000 display remote ping Syntax display remote ping results history jitter administrator name operation tag View Any view Parameters results Displays results of the last test history Displays the history records of tests jitter Displays the jitter test information administrator name Name of the administrator who created the remote ping test operation a s...

Page 1168: ...Destination IP address Send operation times Number of probes made Receive response times Number of received response packets Min Max Average Round Trip Time Minimum maximum average roundtrip time in milliseconds Square Sum of Round Trip Time Square sum of roundtrip time Last succeeded test time Completion time of the last successful test SD Maximal delay Maximum delay from the source to the destin...

Page 1169: ...eived 2 unknown Unknown error 3 internalError System internal error 4 requestTimeOut Request timed out 5 unknownDestinationAddress Unknown destination address 6 noRouteToTarget Destination unreachable 7 interfaceInactiveToTarget Interface to destination address inactive 8 arpFailure ARP operation failed 9 maxConcurrentLimitReached Maximum limit of concurrent accesses reached 10 unableToResolveDnsN...

Page 1170: ...sult command Field Description DNS Resolve Time Time used for a DNS resolution HTTP Operation Time Total time used to establish an HTTP connection DNS Resolve Min Time Minimal time used for a DNS resolution HTTP Test Total Time Total time used for an HTTP test DNS Resolve Max Time Maximum time used for a DNS resolution HTTP Transmission Successful Times Number of successful HTTP transmissions DNS ...

Page 1171: ...Number 25 Positive SD Sum 85 Positive DS Sum 42 Positive SD average 2 Positive DS average 1 Positive SD Square Sum 267 Positive DS Square Sum 162 Min Negative SD 1 Min Negative DS 1 Max Negative SD 6 Max Negative DS 8 Negative SD Number 30 Negative DS Number 24 Negative SD Sum 64 Negative DS Sum 41 Negative SD average 2 Negative DS average 1 Negative SD Square Sum 200 Negative DS Square Sum 161 SD...

Page 1172: ... the source to the destination Max Negative DS Maximum absolute value of negative jitter delays from the destination to the source Negative SD Number Number of negative jitter delays from the source to the destination Negative DS Number Number of negative jitter delays from the destination to the source Negative SD Sum Sum of absolute values of negative jitter delays from the source to the destina...

Page 1173: ...ult DNS Resolve Current Time 10 DNS Resolve Min Time 6 DNS Resolve Times 10 DNS Resolve Max Time 10 DNS Resolve Timeout Times 0 DNS Resolve Failed Times 0 Table 1 6 Description on the fields of the display remote ping result command Field Description DNS Resolve Current Time Time used for the current DNS resolution DNS Resolve Min Time Minimum time used for a DNS resolution DNS Resolve Times Numbe...

Page 1174: ...d Trip Time 0 Packet lost in test 0 Disconnect operation number 0 Operation timeout number 0 System busy operation number 0 Connection fail number 0 Operation sequence errors 0 Drop operation number 0 Other operation errors 0 Jitter result Min Positive SD 0 Min Positive DS 0 Max Positive SD 0 Max Positive DS 0 Positive SD Number 0 Positive DS Number 0 Positive SD Sum 0 Positive DS Sum 0 Positive S...

Page 1175: ...itter value from source to destination destination to source is the minimum of positive value Max Positive SD DS The jitter value from source to destination destination to source is the maximum of positive value Positive SD DS number sum average square sum The jitter value from source to destination destination to source is the number sum average square sum of positive jitter values Min Negative S...

Page 1176: ... address is configured z This command applies to DNS and HTTP tests only z For an HTTP test if configuring the destination address as the host name you must configure the IP address of the DNS server to resolve the host name into an IP address which is the destination IP address of this HTTP test Examples Set the IP address of the DNS server to 169 254 10 5 Sysname system view System View return t...

Page 1177: ...tem view System View return to User View with Ctrl Z Sysname remote ping administrator dns Sysname remote ping administrator dns test type dns Sysname remote ping administrator dns dns resolve target www test com filename Syntax filename file name undo filename View remote ping test group view Parameters file name Name of the file to be downloaded uploaded in FTP tests a string of 1 to 230 charact...

Page 1178: ...mote ping test group view Parameters size File size in the range 1 to 10000 Kbytes Description Use the filesize command to configure the size of the file to be uploaded in an FTP test Use the undo filesize command to restore the default By default the file size is 1000 Kbytes Related commands username password ftp operation This command applies only to the PUT operation of an FTP test Examples Con...

Page 1179: ... by default Related commands count z The frequency command does not apply to DHCP tests z The frequency command supports fabric only when the test type of this test group is ICMP With fabric enabled you are allowed to configure the frequency command and use the display command to check your configuration but unless the test type is ICMP your configuration does not take effect until fabric is disab...

Page 1180: ...n FTP test Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator ftp Sysname remote ping administrator ftp test type ftp Sysname remote ping administrator ftp ftp operation put history keep time Syntax history keep time keep time undo history keep time View remote ping test group view Parameters keep time Retaining time of the history record for a test g...

Page 1181: ...e history record as needed z If you need to save history record enable it z If you disable the history record after enabling it the saved history record will be deleted and the maximum number of the history record for you to save will not be changed z If you do not need to save history record disable it At this time you can also configure the number of the history record to be saved but the histor...

Page 1182: ...w with Ctrl Z Sysname remote ping administrator icmp Sysname remote ping administrator icmp test type icmp Sysname remote ping administrator icmp history records 10 http operation Syntax http operation get post View remote ping test group view Parameters get Specifies the test operation to be download from the HTTP server post Specifies the test operation to be uploaded to the HTTP server Descript...

Page 1183: ...ng command to configure the HTTP operation string and HTTP version Use the undo http string command to remove the configured HTTP operation string and version By default no HTTP operation string and HTTP version are configured Note that the http string command applies to HTTP tests only Related commands http operation Examples Configure the webpage to be accessed by an HTTP test as index htm and t...

Page 1184: ... group Examples Create an remote ping test group of which the administrator name is administrator and operation tag is icmp Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator icmp Sysname remote ping administrator icmp remote ping agent clear Syntax remote ping agent clear View System view Parameters None Description Use the remote ping agent clear co...

Page 1185: ...e remote ping client Sysname system view System View return to User View with Ctrl Z Sysname remote ping agent enable remote ping agent max requests Syntax remote ping agent max requests max number undo remote ping agent max requests View System view Parameters max number Maximum number of concurrent tests in the range of 1 to 5 Description Use the remote ping agent max requests command to set the...

Page 1186: ...terval between sending jitter test packets Use the undo jitter interval command to restore the default By default the interval between sending jitter test packets is 20 milliseconds Related commands jitter packetnum The jitter interval command applies to jitter tests only Examples Set the interval between sending jitter test packets to 30 milliseconds Sysname system view System View return to User...

Page 1187: ...kets in a probe for a jitter test Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator jitter Sysname remote ping administrator jitter test type jitter Sysname remote ping administrator jitter jitter packetnum 30 password Syntax password password undo password View remote ping test group view Parameters password Password for logging in to an FTP server ...

Page 1188: ... failtimes View remote ping test group view Parameters times Number of consecutive failed probes in the range of 1 to 15 Description Use the probe failtimes command to configure the number of consecutive times the probe fails before the switch sends out a trap message Use the undo probe failtimes command to restore the default By default the switch sends a trap about probe failure each time when a...

Page 1189: ...p command to disable debugging for a trap By default no trap is output Examples Send a trap message after an ICMP test is finished Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator icmp Sysname remote ping administrator icmp test type icmp Sysname remote ping administrator icmp send trap testcomplete sendpacket passroute Syntax sendpacket passroute u...

Page 1190: ...face View remote ping test group view Parameters interface type interface number Interface type and interface number Description For ICMP tests use the source interface command to specify a source interface for sending ICMP requests The corresponding IP address of the specified interface is used as the source IP address of ICMP requests For DHCP tests use the source interface command to specify an...

Page 1191: ...ace z The interface to be specified must be Up otherwise the test will fail Examples Configure the source interface that sends test packets in DHCP tests as VLAN interface 1 Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator dhcp Sysname remote ping administrator dhcp test type dhcp Sysname remote ping administrator dhcp source interface Vlan interfac...

Page 1192: ...ysname remote ping administrator icmp source ip 169 254 10 2 source port Syntax source port port number undo source port View remote ping test group view Parameters port number Protocol source port number in the range of 1 to 50000 Description Use the source port command to configure the protocol source port number for the current test Use the undo source port command to remove the configured sour...

Page 1193: ...ur configuration and restore the default By default the statistics interval for a test is once every 60 minutes and up to two groups of statistics information can be retained Delete all statistics information when internet parameter changes Examples Set the statistics interval to 120 minutes and the maximum number of statistics groups to three Sysname system view System View return to User View wi...

Page 1194: ...he range 1 to 2147483647 in seconds Description Use the test time begin command to configure the start time and the lasting time of a test Use the undo test time command to stop the test and remove the configuration z When the test is not performed the configuration information you input is saved including test start time and lasting time z If you set a start time earlier than the current system t...

Page 1195: ... delay change of UDP packet transmission z snmpquery Indicates an SNMP test z tcpprivate Indicates a TCP test on a specified unknown port z tcppublic Indicates a TCP test on port 7 z udpprivate Indicates a UDP test on a specified unknown port z udppublic Indicates a UDP test on port 7 codec value Coding type for a voice test which can be configured for a Jitter test and can be the following keywor...

Page 1196: ...emote ping test Related commands display remote ping The result of the remote ping test cannot be displayed automatically and you need to use the display remote ping command to display the test result Examples Perform a remote ping test on an ICMP test group with the administrator name and operation tag being administrator and icmp respectively Sysname system view System View return to User View w...

Page 1197: ... for three consecutive times Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator icmp Sysname remote ping administrator icmp test type icmp Sysname remote ping administrator icmp test failtimes 3 timeout Syntax timeout time undo timeout View remote ping test group view Parameters time Timeout time for one probe in the range of 1 to 60 in seconds Descri...

Page 1198: ...packet header in the range of 0 to 255 Description Use the tos command to configure the ToS value in a remote ping test packet header Use the undo tos command to remove the ToS value in a remote ping test packet header By default no ToS value is configured This command does not apply to DHCP tests Examples Set the ToS value in the header of an ICMP test packet to 1 Sysname system view System View ...

Page 1199: ...CP and tracert tests z The sendpacket passroute command voids the ttl command Examples Set the TTL of remote ping ICMP test packets to 16 Sysname system view System View return to User View with Ctrl Z Sysname remote ping administrator icmp Sysname remote ping administrator icmp ttl 16 username Syntax username name undo username View remote ping test group view Parameters name Username for logging...

Page 1200: ...ator remote ping Server Commands z A remote ping server is required for only jitter TCP and UDP tests z You are not recommended to configure remote ping jitter UDP TCP servers on ports 1 through 1023 well known ports otherwise remote ping probes may fail or the services corresponding to these ports may be unavailable remote ping server enable Syntax remote ping server enable undo remote ping serve...

Page 1201: ...d for fixed functions such as port 1701 Otherwise the remote ping test may fail Description Use the remote ping server tcpconnect command to create a TCP listening service on the remote ping server Use the undo remote ping server tcpconnect command to remove the created TCP listening service When performing a TCP connection test on a specified port of a remote ping client you must create a TCP lis...

Page 1202: ...echo command to enable UDP listening on a remote ping server Use the undo remote ping server udpecho command to disable UDP listening When performing a jitter test or a UDP connection test on a specified port of a remote ping client you must enable UDP listening on the server if an switch serves as a remote ping server otherwise the test may fail Related commands remote ping server enable Examples...

Page 1203: ...Commands 1 1 DNS Configuration Commands 1 1 display dns domain 1 1 display dns dynamic host 1 1 display dns server 1 2 display ip host 1 3 dns domain 1 4 dns resolve 1 5 dns server 1 5 ip host 1 6 nslookup type 1 6 reset dns dynamic host 1 7 ...

Page 1204: ... protocols Description Use the display dns domain command to display the DNS suffixes Related commands dns domain Examples Display DNS suffixes Sysname display dns domain No Domain name 0 aaa com Table 1 1 Description on the fields of the display dns domain command Field Description No Sequence number Domain name DNS suffix display dns dynamic host Syntax display dns dynamic host View Any view Par...

Page 1205: ...name Domain name Ipaddress IP address of the corresponding domain name TTL Time for which an entry is cached in seconds Alias Alias for the domain name There can be four aliases at most DNS resolution has two types Forward resolution domain name IP address Reverse resolution IP address domain name display dns server Syntax display dns server dynamic View Any view Parameters dynamic Displays the DN...

Page 1206: ...ver which is assigned automatically by the system and starts from 1 display ip host Syntax display ip host View Any view Parameters None Description Use the display ip host command to display mappings between host names and IP addresses in the static DNS database Examples Display mappings between host names and IP addresses in the static DNS database Sysname display ip host Host Age Flags Address ...

Page 1207: ...domain name you entered for resolution Use the undo dns domain command to delete the configured DNS suffix No DNS suffix is configured by default You can configure a maximum of 10 DNS suffixes You must enter the DNS suffix before deleting it Otherwise all configured DNS suffixes are deleted Related commands display dns domain The DNS feature supported by S5500 series Ethernet switches should be us...

Page 1208: ...iew System View return to User View with Ctrl Z Sysname dns resolve dns server Syntax dns server ip address undo dns server ip address View System view Parameters ip address IP address of the DNS Server Description Use the dns server command to configure an IP address for the DNS Server Use the undo dns server to remove the IP address of the DNS server No IP address is configured for the DNS serve...

Page 1209: ... to remove the mapping No mappings are created by default Each host name can correspond to only one IP address When IP addresses are configured for the same host for multiple times only the IP address configured last time is valid Related commands display ip host Examples Configure IP address 10 110 0 1 for host aaa Sysname system view System View return to User View with Ctrl Z Sysname ip host aa...

Page 1210: ...host com Address 192 168 3 2 Display the corresponding IP address for www host com Sysname nslookup type a www host com Trying DNS server 10 72 66 36 Name www host com Address 192 168 3 2 reset dns dynamic host Syntax reset dns dynamic host View User view Parameters None Description Use the reset dns dynamic host command to clear information in the dynamic domain name cache Related commands displa...

Page 1211: ... vlan 1 3 link aggregation group 1 3 port 1 4 port smart link group 1 5 reset smart link packets counter 1 6 smart link flush enable 1 6 smart link group 1 7 2 Monitor Link Configuration Commands 2 1 Monitor Link Configuration Commands 2 1 display monitor link group 2 1 link aggregation group 2 1 monitor link group 2 2 port 2 3 port monitor link group 2 4 smart link group 2 5 ...

Page 1212: ...ived 000f e20f 5566 Device ID of last flush packet received 000f e20f 5566 Control VLAN ID of last flush packet received 1 Table 1 1 Description on the fields of the display smart link flush command Field Description Flush interface Interface that receives the latest legal flush message Count of flush packets received Total number of flush messages received Time of last flush packet received Time ...

Page 1213: ...formation about smart link group 1 Sysname display smart link group 1 Smart Link Group 1 information Device ID 000f e212 3456 Control VLAN ID 1 Member Role State Flush count Last flush time Ethernet1 0 1 MASTER ACTVIE 1 16 37 20 2006 04 21 AGG 1 SLAVE STANDBY 2 17 45 20 2006 04 21 Table 1 2 Description on the fields of the display smart link group command Field Description Member Member of the sma...

Page 1214: ...ith Ctrl Z Sysname smart link group 1 Sysname smlk group1 flush enable control vlan 1 link aggregation group Syntax link aggregation group group id master slave undo link aggregation group group id View Smart link group view Parameters group id Link aggregation group ID in the range of 1 to 416 Note that the specified link aggregation group can only be a static or manual one master Specifies the s...

Page 1215: ...er master Specifies the specified port as the master port of the smart link group slave Specifies the specified port as the slave port of the smart link group Description Use the port command to assign the specified port to the smart link group Use the undo port command to remove the specified port from the smart link group The port you specified in this command cannot be a link aggregation group ...

Page 1216: ... smart link group Use the undo port smart link group command to remove the current port from the specified smart link group The port where you configure the command cannot be a link aggregation group member port Besides assigning single ports to a smart link group you can assign a link aggregation group static or manual but not dynamic to a smart link group with the link aggregation group command ...

Page 1217: ...e interface number undo smart link flush enable port interface type interface number to interface type interface number View Ethernet port view system view Parameters vlan id Control VLAN ID in the range of 1 to 4 094 Description Use the smart link flush enable control vlan command to enable the current specified port to process flush messages received on the specified control VLAN Use the undo sm...

Page 1218: ...lush messages received from control VLAN 1 Sysname system view System View return to User View with Ctrl Z Sysname smart link flush enable control vlan 1 port Ethernet 1 0 5 to Ethernet 1 0 10 smart link group Syntax smart link group group id undo smart link group group id View System view Parameters group id Smart link group ID in the range of 1 to 24 Description Use the smart link group command ...

Page 1219: ...no members before executing the undo smart link group command Examples Create a smart link group Sysname system view System View return to User View with Ctrl Z Sysname smart link group 1 New Smart Link Group has been created Sysname smlk group1 ...

Page 1220: ...k group 1 Sysname display monitor link group 1 Monitor link group 1 information Member Role Status Last up time Last down time SMLK 2 UPLINK UP 16 37 20 2006 4 21 16 37 20 2006 4 20 AGG 1 DOWNLINK UP Table 2 1 Description on the fields of the display monitor link group command Field Description Member Member of the monitor link group Role Role of monitor link group member port UPLINK or DOWNLINK S...

Page 1221: ...roup member can be a single port a manual or static link aggregation group but not a dynamic link aggregation group Uplink port can also be a smart link group Use this command only on the link aggregation groups that are not smart link group members A port or a link aggregation group cannot serve as a member port for two smart link groups On the other hand a port or a link aggregation group cannot...

Page 1222: ...ecuting the undo monitor link group command Examples Create a monitor link group Sysname system view System View return to User View with Ctrl Z Sysname monitor link group 1 New Monitor Link Group has been created Sysname mtlk group1 port Syntax port interface type interface number uplink downlink undo port interface type interface number View Monitor link group view Parameters interface type Port...

Page 1223: ...Ctrl Z Sysname monitor link group 1 Sysname mtlk group1 port Ethernet 1 0 7 downlink port monitor link group Syntax port monitor link group group id uplink downlink undo port monitor link group group id View Ethernet port view Parameters group id Monitor link group ID ranging 1 to 24 uplink Specifies the port as the uplink port of the specified monitor link group downlink Specifies the port as the...

Page 1224: ...link group group id uplink undo smart link group group id View Monitor link group view Parameters group id Smart link group ID ranging 1 to 24 uplink Specifies the specified smart link group as the uplink port of the monitor link group Description Use the smart link group command to configure the specified smart link group as the uplink port of the monitor link group Use the undo smart link group ...

Page 1225: ...i Table of Contents 1 Access Management Configuration Commands 1 1 Access Management Configuration Commands 1 1 am enable 1 1 am ip pool 1 1 am trap enable 1 2 display am 1 3 ...

Page 1226: ...nable command to disable the function By default Access management function is disabled Before enabling access management you are recommended to cancel the static ARP configuration to ensure that the binding of IP address and Ethernet switch can take effect Examples Enable the access management function Sysname system view System View return to User View with Ctrl Z Sysname am enable am ip pool Sy...

Page 1227: ...l Note that z Before configuring the access management IP address pool of a port you need to configure the interface IP address of the VLAN to which the port belongs and the IP addresses in the access management IP address pool of a port must be in the same network segment as the interface IP address of the VLAN which the port belongs to z If an access management address pool configured contains I...

Page 1228: ...the format of interface type interface number to interface type interface number 1 10 where interface type is port type interface number is port number and 1 10 means that you can specify up to ten ports port lists Description Use the display am command to display the current access management configuration including the status enabled disabled and the access management IP address pool configurati...

Page 1229: ...cess Management state of a port enabled or disabled IP Pools Access management IP pools NULL means the access management IP pool is not configured Each IP address range is represented as X X X X number among which X X X X is the starting address and number indicates the number of successive IP addresses contained in the IP address range ...

Page 1230: ...ig 1 14 lldp admin status 1 15 lldp check change interval 1 16 lldp compliance admin status cdp 1 17 lldp compliance cdp 1 17 lldp enable 1 18 lldp encapsulation snap 1 18 lldp fast count 1 19 lldp hold multiplier 1 20 lldp management address tlv 1 20 lldp notification remote change enable 1 21 lldp timer notification interval 1 21 lldp timer reinit delay 1 22 lldp timer tx delay 1 22 lldp timer t...

Page 1231: ...oring devices through a port If no keyword or argument is specified this command displays all the LLDP information to be sent including the global LLDP information and the LLDP information about the LLDP enabled ports Examples Display all the LLDP information to be sent Sysname display lldp local information Global LLDP local information Chassis ID 00e0 fc00 5500 System name Sysname System descrip...

Page 1232: ...VLAN name of VLAN 1 VLAN 0001 Auto negotiation supported Yes Auto negotiation enabled Yes OperMau speed 1000 duplex Full PoE supported No Link aggregation supported Yes Link aggregation enabled No Aggregation port ID 0 Maximum frame Size 1536 MED information Media policy type Unknown Unknown Policy Yes VLAN tagged No Media policy VlanID 0 Media policy L2 priority 0 Media policy Dscp 0 Table 1 1 di...

Page 1233: ...fier Asset tracking ID LLDP local information of port number interface type interface number LLDP information about a port Port ID subtype Port ID type Port ID Port ID Port description Port description Management address type Management address type Management address Management address Management address interface type Type of the interface identified by the management address Management address ...

Page 1234: ...k aggregation is enabled Aggregation port ID Aggregation group ID which is 0 if link aggregation is not enabled Maximum frame Size Maximum frame size supported MED information MED LLDP information Media policy type Media policy type which can be z Voice indicating the device is capable of processing voice data z Unknown indicating the media policy is unknown Unknown Policy Indicates whether or not...

Page 1235: ...s received through a port With no keyword argument specified this command displays the LLDP information received through all the ports Examples Display the LLDP information received through all the ports Sysname display lldp neighbor information LLDP neighbor information of port 1 Ethernet1 0 1 Neighbor index 1 Update time 0 days 0 hours 1 minutes 1 seconds Chassis type MAC address Chassis ID 000f...

Page 1236: ...ation Class 0 Link aggregation supported Yes Link aggregation enabled No Aggregation port ID 0 Maximum frame Size 1536 Neighbor index 2 Update time 0 days 0 hours 1 minutes 1 seconds Chassis type MAC address Chassis ID 000f 0055 0002 Port ID type Interface name Port ID Ethernet1 0 2 Port description Ethernet1 0 2 Interface System name Sysname System description Sysname Switch System capabilities s...

Page 1237: ...aximum frame Size 1536 Table 1 2 display lldp neighbor information command output description Field Description LLDP neighbor information LLDP information about a neighboring device LLDP neighbor information of Port number interface type interface number LLDP information received through a specific port Neighbor index Neighbor index Update time Time when the LLDP information about a neighboring de...

Page 1238: ...urrently enabled Management address type Management address type Management address Management address Management address interface type Type of the interface identified by the management address Management address interface ID Management address interface ID Management address OID Management address object ID Port VLAN ID Port VLAN ID Port and protocol VLAN ID PPVID Port protocol VLAN ID Port and...

Page 1239: ...e LLDP enabled are of this type z Class Ⅱ indicating a media terminal device A device of this type is media capable That is besides the capabilities of a normal terminal device it also supports media stream z Class Ⅲ indicating a communication terminal device A device of this type supports IP communication systems of end user A device of this type supports all the capabilities of a normal terminal...

Page 1240: ...E type which can be z Primary indicating a primary power supply z Backup indicating a backup power supply PoE service type PoE service type Port PSE Priority Port PSE priority which can be z Unknown z Critical z High z Low Available power value PoE power Unknown basic TLV Unknown basic TLV TLV type Unknown basic TLV type TLV information Information contained in the unknown basic TLV type Unknown o...

Page 1241: ...0 The number of LLDP frames discarded 0 The number of LLDP error frames 0 The number of LLDP TLVs discarded 0 The number of LLDP TLVs unrecognized 0 The number of LLDP neighbor information aged out 0 The number of CDP frames transmitted 0 The number of CDP frames received 0 The number of CDP frames discarded 0 The number of CDP error frames 0 Table 1 3 display lldp statistics command output descri...

Page 1242: ...es transmitted on the port The number of CDP frames received Total number of the CDP frames received on the port The number of CDP frames discarded Total number of the CDP frames dropped on the port The number of CDP error frames Total number of the CDP error frames received on the port display lldp status Syntax display lldp status interface interface type interface number View Any view Parameter...

Page 1243: ...ialization delay Transmit delay Delay period to send LLDPDUs Trap interval Interval to send traps Fast start times Number of the LLDPDUs to be sent successively when a new neighboring device is detected Port number interface type interface number Port LLDP status Port status of LLDP Indicates whether or not LLDP is enabled on the port Admin status LLDP mode of the port which can be z TxRx A port i...

Page 1244: ...t through a port If no port is specified this command displays all the TLVs that are currently sent through all the ports Examples Display all the TLVs that are currently sent through all the ports Sysname display lldp tlv config LLDP tlv config of port 1 Ethernet1 0 1 NAME STATUS DEFAULT Basic optional TLV Port Description TLV YES YES System Name TLV YES YES System Description TLV YES YES System ...

Page 1245: ...z System name TLV z System description TLV z System capabilities TLV z Management address TLV IEEE 802 1 extended TLV IEEE 802 1 extended TLVs including z Port VLAN ID TLV z Port and protocol VLAN ID TLV z VLAN name TLV IEEE 802 3 extended TLV IEEE 802 3 extended TLVs including z MAC Physic TLV z Power via MDI TLV z Link aggregation TLV z Maximum frame size TLV LLDP MED extend TLV MED related LLDP...

Page 1246: ...ysname Ethernet1 0 1 lldp admin status rx lldp check change interval Syntax lldp check change interval value undo lldp check change interval View Ethernet interface view Parameters value LLDP polling interval to be set in the range 1 to 30 in seconds Description Use the lldp check change interval command to enable LLDP polling and set the polling interval Use the undo lldp check change interval co...

Page 1247: ...n configure CDP compatible LLDP to work in TxRx mode on the specified port s Examples Configure CDP compatible LLDP to operate in TxRx mode on Ethernet 1 0 1 Sysname system view Sysname interface ethernet 1 0 1 Sysname Ethernet1 0 1 lldp compliance admin status cdp txrx lldp compliance cdp Syntax lldp compliance cdp undo lldp compliance cdp View System view Parameters None Description Use the lldp...

Page 1248: ...ldp enable command to enable LLDP Use the undo lldp enable command to disable LLDP By default LLDP is disabled globally and is enabled on a port Note that LLDP takes effect on a port only when it is enabled both globally and on the port Examples Disable LLDP on Ethernet 1 0 1 Sysname system view Sysname interface ethernet 1 0 1 Sysname Ethernet1 0 1 undo lldp enable lldp encapsulation snap Syntax ...

Page 1249: ...iew Sysname interface ethernet 1 0 1 Sysname Ethernet1 0 1 lldp encapsulation snap lldp fast count Syntax lldp fast count value undo lldp fast count View System view Parameters value Number of the LLDPDUs to be sent successively when a new neighboring device is detected This argument ranges from 1 to 10 Description Use the lldp fast count command to set the number of the LLDPDUs to be sent success...

Page 1250: ...local device information by configuring the TTL multiplier Note that the TTL can be up to 65535 seconds TTLs longer than it will be rounded off to 65535 seconds To enable local device information to be updated on neighboring devices before being aged out make sure the interval to send LLDPDUs is shorter than the TTL of the local device information Examples Set the TTL multiplier to 6 Sysname syste...

Page 1251: ...ame interface ethernet 1 0 1 Sysname Ethernet1 0 1 lldp management address tlv 192 6 0 1 lldp notification remote change enable Syntax lldp notification remote change enable undo lldp notification remote change enable View Ethernet interface view Parameters None Description Use the lldp notification remote change enable command to enable trap for a port or all the ports in a port group Use the und...

Page 1252: ...cation interval 8 lldp timer reinit delay Syntax lldp timer reinit delay value undo lldp timer reinit delay View System view Parameters value Initialization delay period to be set in the range 1 to 10 in seconds Description Use the lldp timer reinit delay command to set the initialization delay period Use the undo lldp timer reinit delay command to restore the default By default the initialization...

Page 1253: ...al to send LLDPDUs Use the undo lldp timer tx interval command to restore the default By default the interval to send LLDPDUs is 30 seconds To enable local device information to be updated on neighboring devices before being aged out make sure the interval to send LLDPDUs is shorter than the TTL of the local device information Examples Set the interval to send LLDPDUs to 20 seconds Sysname system ...

Page 1254: ...ent This argument defaults to the least protocol VLAN ID dot3 tlv Sends IEEE 802 3 defined LLDP TLVs link aggregation Sends link aggregation group TLVs mac physic Sends MAC PHY configuration status TLVs max frame size Sends maximum frame size TLVS power Sends power via MDI TLVs med tlv Sends MED related LLDP TLVs capability Sends LLDP MED capabilities TLVs inventory Sends hardware revision TLVs fi...

Page 1255: ... LLDP TLV z To disable MAC PHY configuration status TLV sending you need to disable LLDP MED capabilities TLV sending first z Specifying the all keyword for basic LLDP TLVs and organization defined LLDP TLVs including IEEE 802 1 defined LLDP TLVs and IEEE 802 3 defined LLDP TLVs enables sending of all the corresponding LLDP TLVs For MED related LLDP TLVs the all keyword enables sending of all the ...

Page 1256: ...aging 1 4 password control length 1 4 password control login attempt 1 5 password control history 1 6 password control alert before expire 1 6 password control authentication timeout 1 7 password control enable 1 7 password control composition 1 9 password control super 1 10 password control super composition 1 11 reset password control history record 1 12 reset password control history record sup...

Page 1257: ...ion Enabled 1 type s 1 character s per type Password history Enabled Max history record 4 Password alert before expire 7 days Password authentication timeout 60 seconds Password attempt times 3 times Password attempt failed action Lock for 120 minutes The following table describes the output fields of the display password control command Table 1 1 Description on the fields of the display password ...

Page 1258: ...blacklist command to display the information about one or all users who have been added to the blacklist because of password attempt failure Example Display the information about all the users who have been added to the blacklist because of password attempt failure Sysname display password control blacklist USERNAME IP Jack 10 1 1 2 Total 1 blacklist item s 1 listed display password control super ...

Page 1259: ...bination of characters from the following four types letters A to Z a to z numbers 0 to 9 and 32 special characters including the space and _ z The password must conform to the related configuration of password control when you set the local user password in interactive mode Example Configure the login password for the local user test to 9876543210 Sysname system view System View return to User Vi...

Page 1260: ...nce z If both global and local settings are available the local settings take effect Example Set the global password aging time to 100 days Sysname system view System View return to User View with Ctrl Z Sysname password control aging 100 Set the password aging time for a local user test to 80 days Sysname local user test Sysname luser test password control aging 80 password control length Syntax ...

Page 1261: ...2 to 10 exceed Specifies the processing mode used after login failure lock A processing mode In this mode a user who fails to log in is added to the blacklist and cannot log in the device until the administrator manually removes this user from the blacklist lock time time A processing mode In this mode a user who fails to log in is inhibited from logging in to the device in a certain period which ...

Page 1262: ...umber undo password control history View System view Parameter max record number Maximum number of history records allowed for each user The effective range is 2 to 15 Description Use the password control history command to configure the maximum number of history password records allowed for each user Use the undo password control history command to restore the default setting By default the maxim...

Page 1263: ...l authentication timeout Syntax password control authentication timeout authentication timeout undo password control authentication timeout View System view Parameter authentication timeout Timeout time in seconds for user password authentication The effective range is 30 to 120 Description Use the password control authentication timeout command to configure the timeout time for user password auth...

Page 1264: ... and password composition check functions are all enabled Using any of the password control aging enable password control length enable and password control history enable commands you can enable the password control feature globally With this feature enabled user passwords are stored in private files through which password security can be improved In this case you need to use the save command to ...

Page 1265: ... password length Sysname undo password control length enable Password minimum length disabled for all users Disable the password aging feature This operation also disables the password control feature globally Sysname undo password control aging enable Password control will be disabled globally And all user s password will be res et Are you sure Y N y Password aging disabled for all users password...

Page 1266: ...t specify the type length type length keyword argument combination the global setting is adopted Example Configure a global password composition policy a password must contain at least three character types and at least five characters of each type Sysname system view System View return to User View with Ctrl Z Sysname password control composition type number 3 type length 5 Configure a password c...

Page 1267: ...position type number policy type type length type length undo password control super composition View System view Parameter type number policy type Sets the minimum number of character types that a super user password should contain The policy type ranges from 1 to 4 type length type length Sets the minimum number of characters of each type The type length ranges from 1 to 63 The product of policy...

Page 1268: ...ted Description Use the reset password control history record command to delete the history password records of all users Use the reset password control history record user name user name command to delete the history password record of a specific user Example Delete the history password records of all users Sysname reset password control history record Are you sure to delete local user s history ...

Page 1269: ...el 2 Sysname reset password control history record super level 2 Are you sure to delete super s history records of level 2 Y N If you input Y the system deletes the history records of the super password for the users at level 2 All historical passwords have been cleared Updating user password please wait reset password control blacklist Syntax reset password control blacklist user name user name V...

Page 1270: ...ist Sysname reset password control blacklist user name test Are you sure to delete the specified user in blacklist Y N y Check the current user information in the blacklist as you can see the user test has been deleted Sysname display password control blacklist USERNAME IP tes 192 168 30 24 test2 192 168 30 23 Total 2 blacklist item s 2 listed ...

Page 1271: ...26 ACL Command 1 1 active region configuration 16 MSTP Command 1 1 add member 32 Cluster Command 1 13 address check 25 DHCP Commands 2 1 administrator address 32 Cluster Command 1 13 adv factor 42 Remote ping Command 1 1 am enable 45 Access Management Command 1 1 am ip pool 45 Access Management Command 1 1 am trap enable 45 Access Management Command 1 2 am user bind 12 Port MAC IP Binding Command ...

Page 1272: ...7 arp send gratuitous enable vrrp 24 ARP Commands 1 2 arp static 24 ARP Commands 1 2 arp timer aging 24 ARP Commands 1 3 asbr summary 17 Routing Protocol Command 4 2 ascii 38 FTP SFTP TFTP Command 1 7 attribute 20 AAA Command 1 3 authentication 20 AAA Command 1 5 authentication super 20 AAA Command 1 6 authentication mode 02 Login Command 1 1 authentication mode 17 Routing Protocol Command 4 3 aut...

Page 1273: ...ommand 3 2 broadcast suppression 08 Port Basic Configuration Command 1 1 bsr policy 18 Multicast Command 3 1 build 32 Cluster Command 1 16 burst mode enable 27 QoS QoS Profile Command 1 1 bye 38 FTP SFTP TFTP Command 1 8 bye 38 FTP SFTP TFTP Command 1 26 C cache sa enable 18 Multicast Command 4 1 calling station id mode 20 AAA Command 1 31 c bsr 18 Multicast Command 3 2 cd 37 File System Managemen...

Page 1274: ... System Management Command 1 2 copy configuration 08 Port Basic Configuration Command 1 2 copyright info enable 02 Login Command 1 4 count 42 Remote ping Command 1 1 c rp 18 Multicast Command 3 2 crp policy 18 Multicast Command 3 3 cut connection 20 AAA Command 1 9 D databits 02 Login Command 1 4 datafill 42 Remote ping Command 1 2 data flow format 20 AAA Command 1 32 data flow format 20 AAA Comma...

Page 1275: ...p protective down recover enable 25 DHCP Commands 4 1 dhcp protective down recover interval 25 DHCP Commands 4 1 dhcp rate limit 25 DHCP Commands 4 2 dhcp rate limit enable 25 DHCP Commands 4 3 dhcp relay information enable 25 DHCP Commands 2 2 dhcp relay information strategy 25 DHCP Commands 2 3 dhcp select global 25 DHCP Commands 1 4 dhcp select interface 25 DHCP Commands 1 5 dhcp server bims se...

Page 1276: ...HCP Commands 2 7 dhcp snooping 25 DHCP Commands 3 1 dhcp snooping information enable 25 DHCP Commands 3 1 dhcp snooping information format 25 DHCP Commands 3 2 dhcp snooping information packet format 25 DHCP Commands 3 3 dhcp snooping information remote id 25 DHCP Commands 3 3 dhcp snooping information strategy 25 DHCP Commands 3 4 dhcp snooping information vlan circuit id 25 DHCP Commands 3 5 dhc...

Page 1277: ...cluster 32 Cluster Command 1 22 display cluster base members 32 Cluster Command 1 40 display cluster base topology 32 Cluster Command 1 40 display cluster black list 32 Cluster Command 1 41 display cluster candidates 32 Cluster Command 1 24 display cluster current topology 32 Cluster Command 1 42 display cluster members 32 Cluster Command 1 26 display connection 20 AAA Command 1 10 display cpu 40 ...

Page 1278: ...ing Command 1 8 display dldp 13 DLDP Command 1 1 display dns domain 43 DNS Command 1 1 display dns dynamic host 43 DNS Command 1 1 display dns server 43 DNS Command 1 2 display domain 20 AAA Command 1 11 display dot1x 19 802 1x and System Guard Command 1 1 display drv qacl_resource 26 ACL Command 1 4 display fan 40 System Maintenance and Debugging Command 3 4 display fib 05 IP Address and Performa...

Page 1279: ...play icmp statistics 05 IP Address and Performance Optimization Command 2 6 display igmp group 18 Multicast Command 2 1 display igmp interface 18 Multicast Command 2 2 display igmp snooping configuration 18 Multicast Command 5 1 display igmp snooping group 18 Multicast Command 5 2 display igmp snooping statistics 18 Multicast Command 5 3 display info center 39 Information Center Command 1 1 displa...

Page 1280: ...n Command 1 4 display link aggregation interface 09 Link Aggregation Command 1 1 display link aggregation summary 09 Link Aggregation Command 1 2 display link aggregation verbose 09 Link Aggregation Command 1 3 display link delay 08 Port Basic Configuration Command 1 11 display lldp local information 46 LLDP Commands 1 1 display lldp neighbor information 46 LLDP Commands 1 5 display lldp statistic...

Page 1281: ...st forwarding table 18 Multicast Command 1 4 display multicast routing table 18 Multicast Command 1 6 display multicast source deny 18 Multicast Command 1 8 display ndp 32 Cluster Command 1 1 display ntdp 32 Cluster Command 1 6 display ntdp device list 32 Cluster Command 1 7 display ntdp single device mac address 32 Cluster Command 1 43 display ntp service sessions 35 NTP Command 1 1 display ntp s...

Page 1282: ...outing table 18 Multicast Command 3 7 display pim rp info 18 Multicast Command 3 8 display poe disconnect 30 PoE PoE Profile Command 1 1 display poe interface 30 PoE PoE Profile Command 1 1 display poe interface power 30 PoE PoE Profile Command 1 3 display poe powersupply 30 PoE PoE Profile Command 1 4 display poe temperature protection 30 PoE PoE Profile Command 1 5 display poe profile 30 PoE PoE...

Page 1283: ...mand 1 36 display remote ping 42 Remote ping Command 1 6 display remote ping statistics 42 Remote ping Command 1 12 display resilient arp 24 ARP Commands 4 1 display rip 17 Routing Protocol Command 3 2 display rip interface 17 Routing Protocol Command 3 4 display rip routing 17 Routing Protocol Command 3 4 display rmon alarm 33 SNMP RMON Command 2 1 display rmon event 33 SNMP RMON Command 2 2 disp...

Page 1284: ...ion 36 SSH Command 1 8 display ssh2 source ip 36 SSH Command 1 9 display ssh server source ip 36 SSH Command 1 9 display startup 03 Configuration File Management Command 1 8 display stop accounting buffer 20 AAA Command 1 37 display stop accounting buffer 20 AAA Command 1 62 display storm constrain 08 Port Basic Configuration Command 1 13 display stp 16 MSTP Command 1 3 display stp abnormalport 16...

Page 1285: ...m Maintenance and Debugging Command 3 11 display trapbuffer 39 Information Center Command 1 5 display udp statistics 05 IP Address and Performance Optimization Command 2 13 display udp helper server 34 UDP Helper Commands 1 1 display unit 08 Port Basic Configuration Command 1 14 display user interface 02 Login Command 1 6 display users 02 Login Command 1 9 display version 40 System Maintenance and...

Page 1286: ...ns server 43 DNS Command 1 5 dns list 25 DHCP Commands 1 30 dns server 42 Remote ping Command 1 15 domain 20 AAA Command 1 14 domain delimiter 20 AAA Command 1 15 domain name 25 DHCP Commands 1 30 dot1x 19 802 1x and System Guard Command 1 4 dot1x authentication method 19 802 1x and System Guard Command 1 5 dot1x dhcp launch 19 802 1x and System Guard Command 1 6 dot1x free ip 19 802 1x and System...

Page 1287: ...on Command 1 16 enable snmp trap updown 33 SNMP RMON Command 1 11 execute 37 File System Management Command 1 6 exit 38 FTP SFTP TFTP Command 1 29 expired 25 DHCP Commands 1 31 F fabric member auto update software enable 31 XRN Fabric Command 1 7 fabric save unit id 31 XRN Fabric Command 1 8 fabric port enable 31 XRN Fabric Command 1 10 file prompt 37 File System Management Command 1 7 filename 42...

Page 1288: ...mand 1 3 ftp server enable 38 FTP SFTP TFTP Command 1 4 ftp source interface 38 FTP SFTP TFTP Command 1 15 ftp source ip 38 FTP SFTP TFTP Command 1 15 ftp timeout 38 FTP SFTP TFTP Command 1 5 ftp operation 42 Remote ping Command 1 18 ftp server 32 Cluster Command 1 29 ftp server source interface 38 FTP SFTP TFTP Command 1 6 ftp server source ip 38 FTP SFTP TFTP Command 1 6 G garp timer 07 GVRP Com...

Page 1289: ... ping Command 1 21 http string 42 Remote ping Command 1 22 hwtacacs nas ip 20 AAA Command 1 62 hwtacacs scheme 20 AAA Command 1 63 I icmp redirect send 05 IP Address and Performance Optimization Command 2 14 icmp unreach send 05 IP Address and Performance Optimization Command 2 15 idle cut 20 AAA Command 1 16 idle timeout 02 Login Command 1 13 if match acl ip prefix 17 Routing Protocol Command 5 4...

Page 1290: ...Multicast Command 5 5 igmp snooping general query source ip 18 Multicast Command 5 6 igmp snooping group limit 18 Multicast Command 5 7 igmp snooping group policy 18 Multicast Command 5 8 igmp snooping host aging time 18 Multicast Command 5 10 igmp snooping max response time 18 Multicast Command 5 10 igmp snooping nonflooding enable 18 Multicast Command 5 11 igmp snooping querier 18 Multicast Comm...

Page 1291: ...ommand 1 16 info center timestamp loghost 39 Information Center Command 1 16 info center timestamp utc 39 Information Center Command 1 17 info center trapbuffer 39 Information Center Command 1 18 instance 16 MSTP Command 1 11 interface 08 Port Basic Configuration Command 1 20 interface Vlan interface 04 VLAN Command 1 4 ip address 05 IP Address and Performance Optimization Command 1 4 ip address b...

Page 1292: ...SFTP TFTP Command 1 17 level 20 AAA Command 1 17 line rate 27 QoS QoS Profile Command 1 12 link aggregation group 44 Smart Link Monitor Link Command 1 3 link aggregation group 44 Smart Link Monitor Link Command 2 1 link aggregation group description 09 Link Aggregation Command 1 6 link aggregation group mode 09 Link Aggregation Command 1 7 link delay 08 Port Basic Configuration Command 1 21 lldp a...

Page 1293: ...ommand 1 31 log peer change 17 Routing Protocol Command 4 32 loopback 08 Port Basic Configuration Command 1 22 loopback detection control enable 08 Port Basic Configuration Command 1 23 loopback detection enable 08 Port Basic Configuration Command 1 24 loopback detection interface list enable 08 Port Basic Configuration Command 1 25 loopback detection interval time 08 Port Basic Configuration Comm...

Page 1294: ... Command 1 10 mac authentication interface 21 MAC Address Authentication Command 1 5 mac authentication max auth num 21 MAC Address Authentication Command 1 11 mac authentication timer 21 MAC Address Authentication Command 1 9 mac authentication timer guest vlan reauth 21 MAC Address Authentication Command 1 12 management vlan 32 Cluster Command 1 32 mdi 08 Port Basic Configuration Command 1 28 me...

Page 1295: ...group vlan 18 Multicast Command 5 20 multicast static router port 18 Multicast Command 5 21 multicast static router port vlan 18 Multicast Command 5 21 multicast storing enable 18 Multicast Command 1 13 multicast storing packet 18 Multicast Command 1 13 multicast source deny 18 Multicast Command 1 14 multicast suppression 08 Port Basic Configuration Command 1 29 multi path number 17 Routing Protoc...

Page 1296: ...5 NTP Command 1 7 ntp service broadcast client 35 NTP Command 1 7 ntp service broadcast server 35 NTP Command 1 8 ntp service in interface disable 35 NTP Command 1 8 ntp service max dynamic sessions 35 NTP Command 1 9 ntp service multicast client 35 NTP Command 1 10 ntp service multicast server 35 NTP Command 1 10 ntp service reliable authentication keyid 35 NTP Command 1 11 ntp service source int...

Page 1297: ...and 1 16 passive 38 FTP SFTP TFTP Command 1 19 password 20 AAA Command 1 21 password 42 Remote ping Command 1 26 password 47 Password Control Command 1 3 password control aging 47 Password Control Command 1 4 password control alert before expire 47 Password Control Command 1 6 password control authentication timeout 47 Password Control Command 1 7 password control composition 47 Password Control C...

Page 1298: ...policy 18 Multicast Command 3 12 pim sm 18 Multicast Command 3 13 pim timer hello 18 Multicast Command 3 13 ping 40 System Maintenance and Debugging Command 2 1 poe disconnect 30 PoE PoE Profile Command 1 6 poe enable 30 PoE PoE Profile Command 1 6 poe legacy enable 30 PoE PoE Profile Command 1 7 poe max power 30 PoE PoE Profile Command 1 7 poe mode 30 PoE PoE Profile Command 1 8 poe power managem...

Page 1299: ...ble 11 Port Security Command 1 7 port security guest vlan 11 Port Security Command 1 8 port security intrusion mode 11 Port Security Command 1 9 port security max mac count 11 Port Security Command 1 11 port security ntk mode 11 Port Security Command 1 12 port security oui 11 Port Security Command 1 13 port security port mode 11 Port Security Command 1 14 port security timer autolearn 11 Port Secu...

Page 1300: ...xport rsa 36 SSH Command 1 14 public key peer 36 SSH Command 1 17 public key peer import sshkey 36 SSH Command 1 18 public key code begin 36 SSH Command 1 19 public key code end 36 SSH Command 1 20 put 38 FTP SFTP TFTP Command 1 20 put 38 FTP SFTP TFTP Command 1 32 pwd 37 File System Management Command 1 11 pwd 38 FTP SFTP TFTP Command 1 21 pwd 38 FTP SFTP TFTP Command 1 32 Q qos cos local precede...

Page 1301: ... 42 Remote ping Command 1 23 remote ping agent max requests 42 Remote ping Command 1 24 remote ping server enable 42 Remote ping Command 1 39 remote ping server tcpconnect 42 Remote ping Command 1 40 remote ping server udpecho 42 Remote ping Command 1 40 remote probe vlan enable 28 Mirroring Command 1 9 remove 38 FTP SFTP TFTP Command 1 33 rename 37 File System Management Command 1 12 rename 38 FT...

Page 1302: ...1 MAC Address Authentication Command 1 9 reset msdp peer 18 Multicast Command 4 16 reset msdp sa cache 18 Multicast Command 4 17 reset msdp statistics 18 Multicast Command 4 17 reset multicast forwarding table 18 Multicast Command 1 15 reset multicast routing table 18 Multicast Command 1 16 reset ndp statistics 32 Cluster Command 1 5 reset ospf 17 Routing Protocol Command 4 46 reset ospf statistic...

Page 1303: ...and 1 4 resilient arp enable 24 ARP Commands 4 1 resilient arp interface vlan interface 24 ARP Commands 4 2 restore startup configuration 37 File System Management Command 1 23 retry 15 Auto Detect Command 1 6 retry 20 AAA Command 1 48 retry realtime accounting 20 AAA Command 1 49 retry stop accounting 20 AAA Command 1 51 retry stop accounting 20 AAA Command 1 69 return 40 System Maintenance and D...

Page 1304: ...y pair destroy 36 SSH Command 1 22 rsa peer public key 36 SSH Command 1 23 rsa peer public key import sshkey 36 SSH Command 1 24 rule for Advanced ACLs 26 ACL Command 1 12 rule for Basic ACLs 26 ACL Command 1 10 rule for Layer 2 ACLs 26 ACL Command 1 19 rule for user defined ACLs 26 ACL Command 1 22 rule comment 26 ACL Command 1 25 S save 03 Configuration File Management Command 1 11 schedule rebo...

Page 1305: ... 20 set unit name 31 XRN Fabric Command 1 14 sftp 38 FTP SFTP TFTP Command 1 35 sftp server enable 38 FTP SFTP TFTP Command 1 24 sftp source interface 38 FTP SFTP TFTP Command 1 36 sftp source ip 38 FTP SFTP TFTP Command 1 37 sftp timeout 38 FTP SFTP TFTP Command 1 25 shell 02 Login Command 1 21 shutdown 04 VLAN Command 1 5 shutdown 08 Port Basic Configuration Command 1 31 shutdown 18 Multicast Co...

Page 1306: ...ommand 1 24 snmp agent trap queue size 33 SNMP RMON Command 1 24 snmp agent trap source 33 SNMP RMON Command 1 25 snmp agent usm user 02 Login Command 2 4 snmp agent usm user v1 v2c 33 SNMP RMON Command 1 26 snmp agent usm user v3 33 SNMP RMON Command 1 27 snmp host 32 Cluster Command 1 34 source interface 42 Remote ping Command 1 29 source ip 42 Remote ping Command 1 30 source lifetime 18 Multica...

Page 1307: ...ect group 15 Auto Detect Command 1 6 startup bootrom access enable 37 File System Management Command 1 21 startup saved configuration 03 Configuration File Management Command 1 13 state 20 AAA Command 1 26 state 20 AAA Command 1 54 static bind client identifier 25 DHCP Commands 1 37 static bind ip address 25 DHCP Commands 1 38 static bind mac address 25 DHCP Commands 1 39 static rp 18 Multicast Co...

Page 1308: ...reement check 16 MSTP Command 1 27 stp pathcost standard 16 MSTP Command 1 29 stp point to point 16 MSTP Command 1 30 stp port priority 16 MSTP Command 1 32 stp portlog 16 MSTP Command 1 33 stp portlog all 16 MSTP Command 1 33 stp priority 16 MSTP Command 1 34 stp region configuration 16 MSTP Command 1 35 stp root primary 16 MSTP Command 1 35 stp root secondary 16 MSTP Command 1 37 stp root protec...

Page 1309: ... System Guard Command 4 7 system guard tcn rate threshold 19 802 1x and System Guard Command 4 7 system monitor enable 40 System Maintenance and Debugging Command 3 17 system view 40 System Maintenance and Debugging Command 1 5 T tcp timer fin timeout 05 IP Address and Performance Optimization Command 2 17 tcp timer syn timeout 05 IP Address and Performance Optimization Command 2 18 tcp window 05 ...

Page 1310: ...Command 2 5 tftp source ip 38 FTP SFTP TFTP Command 2 6 tftp tftp server source interface 38 FTP SFTP TFTP Command 2 4 tftp tftp server source ip 38 FTP SFTP TFTP Command 2 4 tftp server 32 Cluster Command 1 36 tftp server acl 38 FTP SFTP TFTP Command 2 6 tftp server domain name 25 DHCP Commands 1 40 tftp server ip address 25 DHCP Commands 1 40 timeout 42 Remote ping Command 1 36 timer 20 AAA Comm...

Page 1311: ...affic priority vlan 27 QoS QoS Profile Command 1 30 traffic redirect 27 QoS QoS Profile Command 1 31 traffic remark vlanid 27 QoS QoS Profile Command 1 33 traffic share across interface 17 Routing Protocol Command 3 20 traffic statistic 27 QoS QoS Profile Command 1 33 ttl 42 Remote ping Command 1 37 U udp helper enable 34 UDP Helper Commands 1 2 udp helper port 34 UDP Helper Commands 1 2 udp helpe...

Page 1312: ...an vpn enable 41 VLAN VPN Command 1 3 vlan vpn inner cos trust 41 VLAN VPN Command 1 4 vlan vpn priority 41 VLAN VPN Command 1 4 vlan vpn tpid 41 VLAN VPN Command 1 6 vlan vpn tunnel 16 MSTP Command 1 46 vlan vpn vid 41 VLAN VPN Command 2 3 vlink peer 17 Routing Protocol Command 4 51 voice vlan 06 Voice VLAN Command 1 4 voice vlan aging 06 Voice VLAN Command 1 5 voice vlan enable 06 Voice VLAN Com...

Page 1313: ... 5 web authentication enable 22 Web Authentication Command 1 6 web authentication free ip 22 Web Authentication Command 1 6 web authentication free user 22 Web Authentication Command 1 7 web authentication max connection 22 Web Authentication Command 1 8 web authentication select method 22 Web Authentication Command 1 9 web authentication timer idle cut 22 Web Authentication Command 1 9 web authen...

Page 1314: ...A 44 Z ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands