background image

7. MAC-based Authentication

215

Notes

The setting is applied to the internal MAC-based authentication DB only when the 

commit 

mac-authentication

 command is executed.

Can't execute.

The command could not be executed. Re-execute the command.

Mac-authentication is not configured.

The MAC-based authentication functionality is not configured. 

Check the configuration.

Now another user is using mac-authentication 

command, please try again.

Another user is using a command related to the MAC-based 

authentication functionality. Wait a while, and then retry the 

operation.

Unknown mac-address '

<mac>

'.

The specified MAC address has not been registered.

Message

Description

Summary of Contents for AX6300S series

Page 1: ...AX6700S AX6600S AX6300S Software Manual Operation Command Reference Vol 2 For Version 11 7 AX63S S011X 30 ...

Page 2: ... United States and other countries IPX is a trademark of Novell Inc Microsoft is either a registered trademark or trademark of Microsoft Corporation in the United States and other countries Octpower is a registered trademark of NEC Corporation sFlow is a registered trademark of InMon Corporation in the United States and other countries UNIX is a registered trademark of The Open Group in the United...

Page 3: ...he manual Operation Command Reference Vol 1 up to version 11 2 were moved to this manual For details about the summary of amendments for version 11 2 and earlier see the manual Operation Command Reference Vol 1 For Version 11 7 Summary of amendments Location and title Changes 16 SNMP The following commands were added show snmp show snmp pending Item Changes DHCP snooping This chapter was added Ite...

Page 4: ......

Page 5: ...00S switches AX6600S The description applies to AX6600S switches AX6300S The description applies to AX6300S switches Unless otherwise noted this manual describes functionality applicable to the basic software OS S OS SE Functionality specific to an optional license is indicated as follows OP BGP The description applies to the OP BGP optional license OP DH6R The description applies to the OP DH6R o...

Page 6: ... shows the manuals you need to consult according to your requirements determined from the following workflow for installing setting up and starting regular operation of the Switch Conventions The terms Switch and switch The term Switch upper case S is an abbreviation for any or all of the following models AX6700S series switch ...

Page 7: ...rotocol CLNS ConnectionLess Network System CONS Connection Oriented Network System CRC Cyclic Redundancy Check CSMA CD Carrier Sense Multiple Access with Collision Detection CSNP Complete Sequence Numbers PDU CST Common Spanning Tree CSU Control and Switching Unit DA Destination Address DC Direct Current DCE Data Circuit terminating Equipment DHCP Dynamic Host Configuration Protocol DIS Draft Inte...

Page 8: ...t MIB Management Information Base MIP Maintenance domain Intermediate Point MRU Maximum Receive Unit MSTI Multiple Spanning Tree Instance MSTP Multiple Spanning Tree Protocol MSU Management and Switching Unit MTU Maximum Transfer Unit NAK Not AcKnowledge NAS Network Access Server NAT Network Address Translation NCP Network Control Protocol NDP Neighbor Discovery Protocol NET Network Entity Title N...

Page 9: ...Point STP Spanning Tree Protocol TA Terminal Adapter TACACS Terminal Access Controller Access Control System Plus TCP IP Transmission Control Protocol Internet Protocol TLA ID Top Level Aggregation Identifier TLV Type Length and Value TOS Type Of Service TPID Tag Protocol Identifier TTL Time To Live UDLD Uni Directional Link Detection UDP User Datagram Protocol UPC Usage Parameter Control UPC RED ...

Page 10: ......

Page 11: ...splayed by the entry error location detection functionality 7 PART 2 Filters 2 Filters 9 show access filter 10 clear access filter 16 3 Access List Logging 19 show access log 20 clear access log 22 show access log flow 23 clear access log flow 28 dump access log 29 restart access log 30 debug access log 32 no debug access log 34 PART 3 QoS 4 QoS 35 show qos flow 36 clear qos flow 42 show qos queue...

Page 12: ...authentication statistics 168 commit web authentication 169 store web authentication 171 load web authentication 173 clear web authentication auth state 175 restart web authentication 177 dump protocols web authentication 179 set web authentication html files 180 clear web authentication html files 183 show web authentication html files 184 7 MAC based Authentication 187 show mac authentication lo...

Page 13: ...tics 260 show ip dhcp snooping logging 261 clear ip dhcp snooping logging 274 restart dhcp snooping 275 dump protocols dhcp snooping 277 PART 6 High Reliability Based on Redundant Configurations 10 Redundancy of BCUs CSUs and MSUs 279 inactivate standby 280 activate standby 282 redundancy force switchover 283 synchronize 285 11 GSRP 289 show gsrp 290 show gsrp aware 302 clear gsrp 304 set gsrp mas...

Page 14: ...ion 389 15 CFM 391 l2ping 392 l2traceroute 395 show cfm 398 show cfm remote mep 402 show cfm fault 408 show cfm l2traceroute db 411 show cfm statistics 416 clear cfm remote mep 421 clear cfm fault 423 clear cfm l2traceroute db 425 clear cfm statistics 426 restart cfm 428 dump protocols cfm 430 PART 8 Remote Network Management 16 SNMP 431 show snmp 432 show snmp pending 437 snmp lookup 439 snmp get...

Page 15: ...mation 18 LLDP 475 show lldp 476 show lldp statistics 482 clear lldp 484 clear lldp statistics 485 restart lldp 486 dump protocols lldp 488 19 OADP 489 show oadp 490 show oadp statistics 495 clear oadp 497 clear oadp statistics 499 restart oadp 501 dump protocols oadp 503 Index 505 ...

Page 16: ......

Page 17: ... Reading the Manual Chapter 1 Reading the Manual Command description format Specifiable values for parameters List of character codes Error messages displayed by the entry error location detection functionality ...

Page 18: ...ation when all parameters are omitted For details on the behavior when only a specific parameter is omitted see Operation when this parameter is omitted For details on the behavior when each parameter is omitted see Operation when each parameter is omitted Example Provides examples of appropriate command usage Display items Describes the display items generated by the example The following table d...

Page 19: ...etection functionality The Switch assigns names to corresponding interfaces set by configuration If interface name is shown in Response messages the Switch displays any of the interface names listed in Table 1 2 List of interface names assigned for input format Notes Provides cautionary information on using the command interface tengigabitethernet tengeth1 1 The numeric values represent nif no por...

Page 20: ...arameter or keyword has been entered ip access list standard inbound1 MAC address MAC address mask Specify these items in hexadecimal format separating 2 byte hexadecimal values by periods 1234 5607 08ef 0000 00ff ffff IPv4 address IPv4 subnet mask Specify these items in decimal format separating 1 byte decimal values by periods 192 168 0 14 255 255 255 0 Wildcard mask The same input format as IPv...

Page 21: ...ple VLAN IDs You can also specify one VLAN ID as when vlan id is written as the parameter input format The range of permitted values is VLAN ID 1 VLAN ID for the default VLAN and other VLAN IDs set by the configuration command Example of a range specification that uses a hyphen and comma 1 3 5 10 How to specify channel group list If channel group list is written in parameter input format use a hyp...

Page 22: ... 0x31 A 0x41 Q 0x51 a 0x61 q 0x71 0x22 2 0x32 B 0x42 R 0x52 b 0x62 r 0x72 0x23 3 0x33 C 0x43 S 0x53 c 0x63 s 0x73 0x24 4 0x34 D 0x44 T 0x54 d 0x64 t 0x74 0x25 5 0x35 E 0x45 U 0x55 e 0x65 u 0x75 0x26 6 0x36 F 0x46 V 0x56 f 0x66 v 0x76 0x27 7 0x37 G 0x47 W 0x57 g 0x67 w 0x77 0x28 8 0x38 H 0x48 X 0x58 h 0x68 x 0x78 0x29 9 0x39 I 0x49 Y 0x59 i 0x69 y 0x79 0x2A 0x3A J 0x4A Z 0x5A j 0x6A z 0x7A 0x2B 0x3...

Page 23: ...alid name is entered at When an invalid name is entered 7 out of range marker A numeric value entered at is out of the valid range When a numeric value that is out of the valid range is entered 8 illegal IP address format at marker An invalid IPv4 address or IPv6 address is entered at When the input format of the IPv4 address or IPv6 address is invalid 9 illegal combination or already appeared at ...

Page 24: ......

Page 25: ...9 PART 2 Filters Chapter 2 Filters show access filter clear access filter ...

Page 26: ...istics for the specified VLAN interface For vlan id specify the VLAN ID set by the interface vlan command access list number access list name access list number Access list number access list name Access list name Displays statistics for the specified interface that has the specified access list number or access list name Operation when this parameter is omitted Displays statistics for all access ...

Page 27: ...of displaying the standard IPv4 access list show access filter interface vlan 10 12 out Date 2006 03 01 12 00 00 UTC Using Interface vlan 10 out Standard IP access list 12 layer3 forwarding remark permit only host pc permit host 10 10 10 1 matched packets 32156826 permit host 10 10 10 254 matched packets 23486 implicitly denied packets 45 Figure 2 3 Result of displaying the extended IPv4 access li...

Page 28: ...1 12 00 00 UTC Using Interface vlan 1500 in Standard IP access list pc a1024 layer2 forwarding remark permit only pc a1024 permit host 192 168 1 254 matched packets 5542166226 implicitly denied packets 767895 IPv6 access list only smtp layer3 forwarding remark permit only smtp ipv6 permit ipv6 41 any host 3ffe 501 811 ff00 1 eq smtp 25 matched packets 51218136 implicitly denied packets 66514 Using...

Page 29: ...implicitly denied packets 37125 Using Interface vlan 100 in Extended MAC access list only appletalk layer2 forwarding remark permit only appletalk permit any any appletalk 0x809b matched packets 826 permit any any 0x80f3 matched packets 55 implicitly denied packets 321314588 Display items Display items of statistics for the access list applied to an interface by using an access group command are d...

Page 30: ...n interface Extended IP access list access list number access list name layer3 forwarding Extended IPv4 access list ID with Layer 3 forwarding specified when an access list is applied to an interface IPv6 access list access list name layer2 forwarding IPv6 access list ID with Layer 2 forwarding specified when an access list is applied to an interface IPv6 access list access list name layer3 forwar...

Page 31: ... The specified NIF number is invalid Make sure the specified parameter is correct and then try again nif no NIF number Illegal Port port no The specified port number is invalid Make sure the specified parameter is correct and then try again port no Port number No configuration No access group was set for the Ethernet interface or VLAN interface Make sure the specified parameter or access group set...

Page 32: ...for the specified VLAN interface For vlan id specify the VLAN ID set by the interface vlan command access list number access list name access list number Access list number access list name Access list name Resets statistics for the specified access list number or access list name of the specified interface Operation when this parameter is omitted Resets statistics for all access lists applied to ...

Page 33: ...nd cannot be executed on a standby system Can t execute The command could not be executed Possible causes are as follows There are no active BSUs CSUs and MSUs Make sure at least one BSU CSU or MSU is active before re executing the command The command cannot be executed because the access list is being set Wait a while and then re execute the command Illegal NIF nif no The specified NIF number is ...

Page 34: ......

Page 35: ...19 Chapter 3 Access List Logging show access log clear access log show access log flow clear access log flow dump access log restart access log debug access log no debug access log ...

Page 36: ...ay items Table 3 1 Items displayed for access list logging Item Meaning Displayed information Access list logging Information rate limit Maximum number of packets transferred to the CPU per second 10 to 250 Maximum number of frames pps BSU or PSP is not operating interval Interval for outputting access list logs 5 to 1440 Interval minutes unlimit No logs are output at the specified interval thresh...

Page 37: ... list log information Access list logging Statistics flow table full Number of packets discarded because there is no available space in the access list log information table rate limit discard Number of packets discarded because they exceed the rate limit Message Description Access list logging is not enable Access list logging is disabled Check the configuration Can t execute this command in stan...

Page 38: ...nse messages Table 3 3 List of response messages for the clear access log command Notes None Message Description Access list logging is not enable Access list logging is disabled Check the configuration Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command Connection failed to access l...

Page 39: ...v4 any vlan vlan id list port port list in out packets sort Display of access list log information for IPv6 packets show access log flow ipv6 next header source ipv6 length host source ipv6 any destination ipv6 length host destination ipv6 any vlan vlan id list port port list in out packets sort Display of access list log information for all protocols show access log flow vlan vlan id list port po...

Page 40: ...in MAC address format that specifies bits in the MAC address whose permitted value is arbitrary host destination mac Displays access list log information of the destination MAC address that perfectly matches destination mac any Displays access list log information for all MAC address Operation when this parameter is omitted The source MAC address and the destination MAC address are not included in...

Page 41: ... matches destination ipv4 any Displays access list log information for all IPv4 addresses Operation when this parameter is omitted The source IPv4 address and the destination IPv4 address are not included in display conditions next header Displays the access list log information that matches with the next header number you specified Set 0 to 255 in decimal or a next header name The following table...

Page 42: ...ilter Displays information about the specified VLAN IDs in list format For details about how to specify vlan id list see Specifiable values for parameters port port list Specify the Ethernet interface Displays information about the specified port number in list format For details about how to specify port list and the specifiable range of values see Specifiable values for parameters Operation when...

Page 43: ...2 vlan11 Ethernet3 1 2 packets Display items None Impact on communication None Response messages Table 3 6 List of response messages for the show access log flow command Notes None Message Description Access list logging is not enable Access list logging is disabled Check the configuration Can t execute this command in standby system This command cannot be executed on a standby system Can t execut...

Page 44: ...og flow Date 2009 12 14 12 00 00 UTC Display items None Impact on communication None Response messages Table 3 7 List of response messages for the clear access log flow command Notes None Message Description Access list logging is not enable Access list logging is disabled Check the configuration Can t execute this command in standby system This command cannot be executed on a standby system Can t...

Page 45: ...storage directory and the name of the output dump file are as follows Storage directory usr var acllog Output file acllogd_dump gz If necessary back up the file in advance because the specified file is unconditionally overwritten if it already exists Message Description Access list logging is not enable Access list logging is disabled Check the configuration Can t execute The command could not be ...

Page 46: ...message for restarting the program is output the access list logging program is restarted Example Figure 3 6 Restarting the access list logging program restart access log Access list logging restart OK y n y Display items None Impact on communication None Response messages Table 3 9 List of response messages for the restart access log command Message Description Access list logging doesn t seem to...

Page 47: ...storage directory and the name of the core file are as follows Storage directory usr var core Core file acllogd core If necessary back up the file in advance because the specified file is unconditionally overwritten if it already exists ...

Page 48: ... debug access log command Message Description Access list logging is not enable Access list logging is disabled Check the configuration Already displayed for event log The access list log entry has already been displayed on the operation terminal Already printed for event log Output of access list log entries has already started Can t execute The command could not be executed Re execute the comman...

Page 49: ...3 Access List Logging 33 Notes None ...

Page 50: ...ist of response messages for the no debug access log command Notes None Message Description Access list logging is not enable Access list logging is disabled Check the configuration Already does not printed for event log Output of access list log entries has already stopped Can t execute The command could not be executed Re execute the command Connection failed to access list logging program The c...

Page 51: ...queueing clear qos queueing show qos queueing distribution clear qos queueing distribution show qos queueing interface clear qos queueing interface show qos queueing to cpu clear qos queueing to cpu show shaper clear shaper show shaper port list clear shaper port list ...

Page 52: ...name qos flow list name Specify the QoS flow list name Displays statistics for the specified QoS flow list of the specified interface Operation when this parameter is omitted Displays statistics for all QoS flow lists applied to the specified interface in out in Inbound Specifies the receiving side out Outbound Specifies the sending side Displays statistics for the receiving side or the sending si...

Page 53: ...re 4 3 Result of displaying IPv6 QoS flow list information show qos flow interface vlan 11 telnet qos in Date 2006 03 01 12 00 00 UTC Using Interface vlan 11 in IPv6 qos flow list telnet qos layer2 forwarding remark QoS for telnet tcp 6 any host 3ffe 501 811 ff00 1 eq telnet 23 action priority class 6 discard class 2 matched packets 612359745 Figure 4 4 Result of displaying Advance QoS flow list i...

Page 54: ...d packets 5484365 Figure 4 7 Result of displaying information when all parameters are omitted show qos flow Date 2009 07 15 12 00 00 UTC Using Port 1 12 in IP qos flow list http qos layer2 forwarding remark QoS for http tcp 6 any host 10 10 10 2 eq http 80 action priority class 4 matched packets 745268726368 Using Port 1 12 out IP qos flow list http qos layer2 forwarding remark QoS for http tcp 6 ...

Page 55: ...ny eq http 80 action priority class 4 min rate 256 min rate burst 4000 penalty discard class 1 matched packets min rate over 146723 min rate under 2118673486 Figure 4 9 Result of displaying IPv4 QoS flow list information when maximum bandwidth control is used show qos flow interface vlan 100 http qos max Date 2006 10 01 12 00 00 UTC Using Interface vlan 100 in IP qos flow list http qos max layer3 ...

Page 56: ...ist for which Layer 2 forwarding is set when a QoS flow list is applied to an interface IP qos flow list qos flow list name layer3 forwarding Name of an IPv4 QoS flow list for which Layer 3 forwarding is set when a QoS flow list is applied to an interface IPv6 qos flow list qos flow list name layer2 forwarding Name of an IPv6 QoS flow list for which Layer 2 forwarding is set when a QoS flow list i...

Page 57: ... Make sure at least one BSU CSU or MSU is active before re executing the command The command cannot be executed because the QoS flow list is being set Wait a while and then re execute the command Illegal NIF nif no The NIF number is outside the valid range Make sure the specified parameter is correct and then try again nif no NIF number Illegal Port port no The specified port number is invalid Mak...

Page 58: ...ified interface Operation when this parameter is omitted Clears statistics for all QoS flow lists applied to the specified interface in out in Inbound Specifies the receiving side out Outbound Specifies the sending side Clears statistics for the receiving side or the sending side of the specified interface Operation when this parameter is omitted Clears statistics for the receiving side and the se...

Page 59: ...SU or MSU is active before re executing the command The command cannot be executed because the QoS flow list is being set Wait a while and then re execute the command Illegal NIF nif no The specified NIF number is invalid Make sure the specified parameter is correct and then try again nif no NIF number Illegal Port port no The specified port number is invalid Make sure the specified parameter is c...

Page 60: ...witch Displays the following to monitor the traffic status Length of a priority queue Maximum queue length Number of packets accumulated in a queue Number of bytes accumulated in a queue Statistics for the total of the items Figure 4 12 Queues to be displayed other than NK1GS 8M AX6700S ...

Page 61: ...4 QoS 45 Figure 4 13 Queues to be displayed for NK1GS 8M AX6700S Figure 4 14 Queues to be displayed other than NK1GS 8M AX6600S ...

Page 62: ...4 QoS 46 Figure 4 15 Queues to be displayed for NK1GS 8M AX6600S Figure 4 16 Queues to be displayed other than NH1GS 6M and NH10G 1RX AX6300S ...

Page 63: ...G 1RX Syntax show qos queueing port list inbound outbound Input mode User mode and administrator mode Parameters port list Specify the port number in list format Displays information about all distribution input and output queues and port input and output queues that include one or more ports specified in the ...

Page 64: ...output queue Operation when this parameter is omitted Displays information about input and output queues Example The following is an example of displaying information about all input and output queues Figure 4 19 Result of displaying information about all input and output queues AX6700S AX6600S show qos queueing Date 2008 04 16 12 00 00 UTC BSU1 To CPU Max_Queue 16 Queue1 Qlen 0 Peak_Qlen 0 Limit_...

Page 65: ...len 1 Limit_Qlen 63 discard send_pkt discard_pkt send_byte 1 4 0 2 0 0 total 4 0 240 Note is displayed for the items that do not exist in the statistics counter If the command is executed on an AX600S Switch information displayed for BSU is displayed for CSU Figure 4 20 Result of displaying information about all input and output queues AX6300S show qos queueing Date 2008 04 16 12 00 00 UTC To CPU ...

Page 66: ...Limit_Qlen 255 discard send_pkt discard_pkt send_byte 1 192 0 2 0 0 total 192 0 15 8k Note is displayed for the items that do not exist in the statistics counter Display items Table 4 4 Items displayed for statistics AX6700S AX6600S Item Displayed information Detailed information Meaning Interface information NIF nif no Port port no outbound Port output queue NIF nif no Port port no port no outbou...

Page 67: ...nd Distribution output queue CSU csu no NIF nif no Port port no Distribution_Queue inbound Distribution input queue CSU csu no NIF nif no Port port no port no Distribution_Queue inbound Distribution input queue CSU csu no To CPU Queues output to the CPU QoS information Max_Queue number of queue Number of queues Rate rate Bandwidth for which the legacy shaper functionality is performed When auto ne...

Page 68: ...iguration Guide Vol 2 For Version 11 7 send_pkt Number of packets accumulated in a queue discard_pkt Number of packets discarded without being accumulated in a queue send_byte Number of bytes in packets accumulated in a queue unit k indicates 1024 M indicates 10242 and G indicates 10243 The range from the MAC header to DATA and PAD excluding FCS is included total Total of the items unit k indicate...

Page 69: ...n a queue Limit_Qlen queue length Limit of the number of in use packet buffers in a queue Drop_mode tail_drop Drop control mode tail_drop Statistics discard Queuing priority For details about queuing priority see the description about the number of discard classes in Table 6 35 Correspondence between NIF models and send control functionality 2 of 3 in the manual Configuration Guide Vol 2 For Versi...

Page 70: ...xecuted There are no active BSUs CSUs and MSUs Make sure at least one BSU CSU or MSU is active before re executing the command Illegal NIF nif no The specified NIF number is invalid Make sure the specified parameter is correct and then try again nif no NIF number Illegal Port port no The specified port number is invalid Make sure the specified parameter is correct and then try again port no Port n...

Page 71: ...ound Specify an input queue or an output queue This parameter can be specified only when port list is specified inbound Clears statistics for an input queue outbound Clears statistics for an output queue Operation when this parameter is omitted Clears statistics for input and output queues Example The following shows an example of clearing statistics for all input and output queues Figure 4 21 Res...

Page 72: ...Us and MSUs Make sure at least one BSU CSU or MSU is active before re executing the command Illegal NIF nif no The specified NIF number is invalid Make sure the specified parameter is correct and then try again nif no NIF number Illegal Port port no The specified port number is invalid Make sure the specified parameter is correct and then try again port no Port number No operational port There is ...

Page 73: ...6M and NH10G 1RX AX6300S Syntax For AX6700S series switches show qos queueing distribution bsu no port list inbound outbound queue queue number list For AX6600S series switches show qos queueing distribution csu no port list inbound outbound queue queue number list For AX6300S series switches show qos queueing distribution port list inbound outbound queue queue number list Input mode User mode and...

Page 74: ...ues queue queue number list Specify the queue number in list format Displays information about the specified queue number The specifiable range of queue numbers is from 1 to 8 This parameter can be specified only when an output queue is specified Operation when this parameter is omitted Displays information about all queue numbers Operation when all parameters are omitted Displays information abou...

Page 75: ... 03 UTC NIF1 Port1 24 Distribution_Queue inbound Max_Queue 1 Queue1 Qlen 0 Peak_Qlen 2 Limit_Qlen 127 send_pkt discard_pkt send_byte total 34877867 0 38 1G Note is displayed for the items that do not exist in the statistics counter The following shows an example of displaying information when a distribution output queue is specified Figure 4 25 Result of displaying information when a distribution ...

Page 76: ..._byte 1 0 0 2 0 0 3 0 0 4 2122478 0 total 2122478 0 3072 6M Note is displayed for the items that do not exist in the statistics counter Figure 4 27 Result of displaying information when a distribution output queue is specified AX6300S show qos queueing distribution 1 11 outbound Date 2008 04 16 12 00 00 UTC NIF1 Port1 24 Distribution_Queue outbound Max_Queue 8 Queue1 Qlen 0 Peak_Qlen 2 Limit_Qlen ...

Page 77: ...queue 2 BSU bsu no NIF nif no Port port no port no Distribution_Queue inbound Distribution input queue when allocation per port was configured for load balancing of BSUs BSU bsu no NIF nif no Port port no port no Distribution_Queue1 inbound Distribution input queue 1 when allocation per source MAC address was configured for load balancing of BSUs BSU bsu no NIF nif no Port port no port no Distribu...

Page 78: ...11 7 send_pkt Number of packets accumulated in a queue discard_pkt Number of packets discarded without being accumulated in a queue send_byte Number of bytes in packets accumulated in a queue unit k indicates 1024 M indicates 10242 and G indicates 10243 The range from the MAC header to DATA and PAD excluding FCS is included total Total of the items unit k indicates 1024 M indicates 10242 and G ind...

Page 79: ...ulated in a queue unit k indicates 1024 M indicates 10242 and G indicates 10243 The range from the MAC header to DATA and PAD excluding FCS is included total Total of the items unit k indicates 1024 M indicates 10242 and G indicates 10243 Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be execu...

Page 80: ...4 QoS 64 Notes None ...

Page 81: ...n allocation per port was configured for load balancing of BSUs the specified BSU number is ignored and statistics for the BSU number with which port list is associated are cleared Operation when this parameter is omitted Clears statistics for all BSUs to be installed csu no AX6600S Specify the CSU number The specifiable range of CSU numbers is from 1 to 2 This parameter can be specified if the fo...

Page 82: ...tion 1 1 11 Date 2008 12 24 12 00 00 UTC Figure 4 30 Result of clearing statistics for the distribution input queue clear qos queueing distribution 1 11 inbound Date 2008 12 24 12 00 00 UTC Display items Table 4 11 Items displayed for statistics AX6700S Display items None Impact on communication None Response messages Table 4 12 List of response messages for the clear qos queueing distribution com...

Page 83: ...g the command Illegal NIF nif no The specified NIF number is invalid Make sure the specified parameter is correct and then try again nif no NIF number Illegal Port port no The specified port number is invalid Make sure the specified parameter is correct and then try again port no Port number No operational port There is no port that is active Make sure the specified NIF is active and then re execu...

Page 84: ...mber in list format For the ports specified in the list displays information about one or more associated queues For details about how to specify port list and the specifiable range of values see Specifiable values for parameters inbound outbound Specify an input queue or an output queue inbound Displays information about an input queue outbound Displays information about an output queue Operation...

Page 85: ...ort output queue NIF nif no Port port no port no outbound Port output queue NIF nif no Port port no inbound Port input queue NIF nif no Port port no port no inbound Port input queue QoS information Max_Queue number of queue Number of queues Rate rate Bandwidth for which the legacy shaper functionality is performed When auto negotiation is unresolved including when processing is in progress or for ...

Page 86: ...discarded without being accumulated in a queue send_byte Number of bytes in packets accumulated in a queue unit k indicates 1024 M indicates 10242 and G indicates 10243 The range from the MAC header to DATA and PAD excluding FCS is included total Total of the items unit k indicates 1024 M indicates 10242 and G indicates 10243 Message Description Can t execute this command in standby system This co...

Page 87: ...4 QoS 71 Notes None No operational port There is no port that is active Make sure the specified NIF is active and then re execute the command Message Description ...

Page 88: ...or an output queue inbound Clears statistics for an input queue outbound Clears statistics for an output queue Operation when this parameter is omitted Clears statistics for input and output queues Operation when all parameters are omitted Clears statistics for port input and output queues Example The following shows an example of clearing statistics for a port Figure 4 32 Result of clearing stati...

Page 89: ...Us and MSUs Make sure at least one BSU CSU or MSU is active before re executing the command Illegal NIF nif no The specified NIF number is invalid Make sure the specified parameter is correct and then try again nif no NIF number Illegal Port port no The specified port number is invalid Make sure the specified parameter is correct and then try again port no Port number No operational port There is ...

Page 90: ...eue queue number list Input mode User mode and administrator mode Parameters bsu no AX6700S Specifies the BSU number The specifiable range of BSU numbers is from 1 to 3 This parameter can be specified if the following applies 1 When a distribution output queue is displayed 2 When the distribution input queue is displayed when allocation per source MAC address was configured for load balancing of B...

Page 91: ... output to the CPU are specified Figure 4 33 Result of displaying information when queues output to the CPU are specified AX6700S show qos queueing to cpu 1 Date 2008 04 16 12 00 00 UTC BSU1 To CPU Max_Queue 16 Queue1 Qlen 0 Peak_Qlen 1 Limit_Qlen 1023 discard send_pkt discard_pkt send_byte 1 0 0 2 0 0 3 0 0 4 107 0 total 107 0 9 7k Queue16 Qlen 0 Peak_Qlen 2 Limit_Qlen 1023 discard send_pkt disca...

Page 92: ... discard send_pkt discard_pkt send_byte 1 0 0 2 0 0 3 0 0 4 0 0 total 0 0 0 Note is displayed for the items that do not exist in the statistics counter Display items Table 4 16 Items displayed for statistics AX6700S AX6600S Item Displayed information Detailed information Meaning Interface information BSU bsu no To CPU Queues output to the CPU AX6700S CSU csu no To CPU Queues output to the CPU AX66...

Page 93: ...ueue discard_pkt Number of packets discarded without being accumulated in a queue send_byte Number of bytes in packets accumulated in a queue unit k indicates 1024 M indicates 10242 and G indicates 10243 The range from the MAC header to DATA and PAD excluding FCS is included total Total of the items unit k indicates 1024 M indicates 10242 and G indicates 10243 Item Displayed information Detailed i...

Page 94: ...nd_byte Number of bytes in packets accumulated in a queue unit k indicates 1024 M indicates 10242 and G indicates 10243 The range from the MAC header to DATA and PAD excluding FCS is included total Total of the items unit k indicates 1024 M indicates 10242 and G indicates 10243 Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can ...

Page 95: ...istribution input queue is cleared when allocation per port was configured for load balancing of BSUs the specified BSU number is ignored and statistics for the BSU number with which port list is associated are cleared Operation when this parameter is omitted Clears statistics for all BSUs to be installed csu no AX6600S Specifies the CSU number The specifiable range of CSU numbers is from 1 to 2 T...

Page 96: ...is also cleared If this command is executed the number of discarded packets Dropped Que displayed by executing the show sflow command is also cleared Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed There are no active BSUs CSUs and MSUs Make sure at least one BSU CSU or MSU is activ...

Page 97: ...r of discarded bytes discard mode and queue length Operation when all parameters are omitted Displays statistics for the number of output or discarded packets in a queue and the queue length Example Figure 4 37 Displayed information when all is specified show shaper all Date 2008 06 24 12 00 00 UTC NIF 1 Port 1 Shaper_mode RGQ Set_default_user_priority disable Predicted_tail_drop disable Vlan_user...

Page 98: ..._byte discard_byte discard_mode 1 9 2M 5 5M tail drop2 2 4 2M 2 5M tail drop2 3 3 1G 348 4k tail drop2 4 6 8G 0 tail drop2 5 21 1G 0 tail drop2 6 32 6G 0 tail drop2 7 40 0G 0 tail drop2 8 53 6G 0 tail drop2 total 156 2G 8 5M NIF 1 Port 2 Shaper_mode RGQ Set_default_user_priority disable Predicted_tail_drop disable Vlan_user_map disable Port Rate_limit 1Gbit s Discard packets User not configured 25...

Page 99: ...5873 8 5M NIF 1 Port 2 Shaper_mode RGQ Set_default_user_priority disable Predicted_tail_drop disable Vlan_user_map disable Port Rate_limit 1Gbit s Discard packets User not configured 123456789012345678 Figure 4 39 Displayed information when all parameters are omitted show shaper Date 2008 06 24 12 00 00 UTC NIF 1 Port 1 Shaper_mode RGQ Set_default_user_priority disable Predicted_tail_drop disable ...

Page 100: ...rface information Shaper_mode shaper mode Shaper mode is displayed when this item is not set Set_default_user_priority Indicates whether modification of default user priority is set enable Set disable Not set Predicted_tail_drop Indicates whether predicted tail drop is set enable Set disable Not set Vlan_user_map Indicates whether VLAN user mapping is set enable Set disable Not set Port Rate_limit...

Page 101: ...speed is displayed Weight weight A value set as weighting for user bandwidth control LLPQ_peak_rate rate AX6700S AX6600S A value set as the maximum bandwidth for LLPQ is displayed if the line speed is less than the specified bandwidth Queue information Queue Queue number Statistics send_pkt Number of packets accumulated in a queue discard_pkt Number of packets discarded without being accumulated i...

Page 102: ...f a user for whom configuration is not specified in the hierarchical shaper information Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command No operational port There is no port that is active Possible causes are as follows Make sure the specified NIF is active and...

Page 103: ...of the axsShaperUser group is also cleared Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command No operational port There is no port that is active Possible causes are as follows Make sure the specified NIF is active and then re execute the command The NIF number a...

Page 104: ...ormation about one or more associated queues For details about how to specify port list and the specifiable range of values see Specifiable values for parameters user user id list Displays statistics for the specified user ID user id list Multiple user IDs can be specified by using a hyphen or a comma You can also specify one user ID as when user id is written as the parameter input format If a hy...

Page 105: ...haper 1 1 user 1 all Date 2008 06 24 12 00 00 UTC NIF 1 Port 1 Shaper_mode RGQ Set_default_user_priority disable Predicted_tail_drop disable Vlan_user_map disable Port Rate_limit 1Gbit s Buffer QoS1 194 1812 2000 QoS2 82 1784 2000 QoS3 74 1582 1500 QoS4 71 1422 1500 QoS5 68 1398 1500 QoS6 61 1284 1500 QoS7 51 1231 1000 QoS8 41 1098 1000 User ID 1 USER A Schedule_mode PQ Peak_rate 500Mbit s Min_rat...

Page 106: ...73 8 5M Discard packets User not configured 123456789012345678 Figure 4 43 Displayed information when rate is specified show shaper 1 1 user 1 rate Date 2008 06 24 12 00 00 UTC NIF 1 Port 1 Shaper_mode RGQ Set_default_user_priority disable Predicted_tail_drop disable Vlan_user_map disable Port Rate_limit 1Gbit s User ID 1 USER A Schedule_mode PQ Peak_rate 500Mbit s Min_rate 250Mbit s Weight 10 Que...

Page 107: ...ontrol is used Rate_limit rate A value set as the maximum bandwidth for a group is displayed if the line speed is less than the specified bandwidth User information User ID user id user list name User ID and user list name llrlq1 user list name AX6700S AX6600S llrlq1 user and user list name llrlq2 user list name AX6700S AX6600S llrlq2 user and user list name default user user list name Default use...

Page 108: ...s accumulated in a queue discard_byte Number of bytes in packets discarded without being accumulated in a queue discard_mode Specified discard mode is displayed if VLAN user mapping is set total Total value of the items Discard packets User not configured Total number of discarded packets of a user for whom configuration is not specified in the hierarchical shaper information packet s Packet trans...

Page 109: ...figuration the number of discarded packets of the user is subtracted from the total value Illegal user id The specified user ID is invalid Make sure the specified parameter is correct and then try again No operational port There is no port that is active Possible causes are as follows Make sure the specified NIF is active and then re execute the command The NIF number and the port number you speci...

Page 110: ...s user user id list Clears statistics for the specified user ID user id list Multiple user IDs can be specified by using a hyphen or a comma You can also specify one user ID as when user id is written as the parameter input format If a hyphen or a comma is used the specifiable range is user ID values set in the configuration For AX6700S and AX6600S the specifiable range of user IDs is from 1 to 10...

Page 111: ...he command could not be executed Re execute the command Illegal user id The specified user ID is invalid Make sure the specified parameter is correct and then try again No operational port There is no port that is active Possible causes are as follows Make sure the specified NIF is active and then re execute the command The NIF number and the port number you specified are invalid Make sure the spe...

Page 112: ......

Page 113: ...er 2 Authentication Chapter 5 IEEE802 1X show dot1x statistics show dot1x clear dot1x statistics clear dot1x auth state reauthenticate dot1x restart dot1x dump protocols dot1x show dot1x logging clear dot1x logging ...

Page 114: ...id list Displays statistics for VLAN based authentication static of the specified VLANs in list format For details about how to specify vlan id list see Specifiable values for parameters Note that the default VLAN VLAN ID 1 cannot be specified for this command vlan dynamic Displays statistics for VLAN based authentication dynamic Operation when this parameter is omitted Statistics for all the abov...

Page 115: ...ying statistics for IEEE 802 1X VLAN based authentication dynamic show dot1x statistics vlan dynamic Date 2006 03 23 12 32 00 UTC EAPOL frames VLAN TxTotal 30 TxReq Id 10 TxReq 10 Dynamic TxSuccess 10 TxFailure 0 TxNotify 0 RxTotal 20 RxStart 0 RxLogoff 0 RxResp Id 10 RxResp 10 RxNotify 0 RxInvalid 0 RxLenErr 0 EAPoverRADIUS frames VLAN TxTotal 10 TxNakResp 0 TxNoNakRsp 10 Dynamic RxTotal 30 RxAcc...

Page 116: ...VLAN vlan id Indicates a VLAN ID for VLAN based authentication static VLAN Dynamic Indicates VLAN based authentication dynamic EAPOL frames Statistics for EAPOL frames For details about the items see the following TxTotal The total number of EAPOL frames that have been sent TxReq Id The number of EAPOL Request Identity frames that have been sent TxReq The number of EAP Request frames excluding Ide...

Page 117: ...d could not be executed Re execute the command Connection failed to 802 1X program Reason Connection Error An attempt to connect to the IEEE 802 1X program failed Re execute the command If the failure occurs frequently use the restart dot1x command to restart IEEE 802 1X Connection failed to 802 1X program Reason Receive Error An attempt to receive data from the IEEE 802 1X program failed Re execu...

Page 118: ...5 IEEE802 1X 102 Notes None Now another user is using dot1x command please try again Another user is using the dot1x command Wait a while and then retry the operation Message Description ...

Page 119: ...information about VLAN based authentication static for VLANs specified in list format For details about how to specify vlan id list see Specifiable values for parameters Note that the default VLAN VLAN ID 1 cannot be specified for this command vlan dynamic vlan id list Displays status information about VLAN based authentication dynamic For details about how to specify vlan id list see Specifiable ...

Page 120: ...ReAuthTimer s 123 300 ReAuthSuccess 4 ReAuthFail 0 KeepUnauth s 3600 Supplicants MAC Status AuthState BackEndState ReAuthSuccess SessionTime s Date Time 0012 e200 0021 Authorized Authenticated Idle 0 177 2006 03 23 17 55 00 Figure 5 9 Displaying the status information for each channel group that uses IEEE 802 1X port based authentication no display type is specified show dot1x channel group number...

Page 121: ...l Auto Status Last EAPOL 0012 e200 0003 Supplicants 2 2 256 ReAuthMode Enable TxTimer s 30 ReAuthTimer s 123 300 ReAuthSuccess 4 ReAuthFail 0 SuppDetection Disable Port s 1 1 10 ChGr 1 5 Force Authorized Port s 1 4 8 10 ChGr 1 5 Supplicants MAC Status AuthState BackEndState ReAuthSuccess SessionTime s Date Time Port 1 1 0012 e200 0003 Authorized Authenticated Idle 0 177 2008 12 17 17 55 00 0012 e2...

Page 122: ...nable TxTimer s 30 ReAuthTimer s 123 300 ReAuthSuccess 4 ReAuthFail 0 SuppDetection Disable VLAN s 2 5 VLAN Dynamic Supplicants VLAN 2 2 Figure 5 16 Displaying status information about each VLAN for IEEE 802 1X VLAN based authentication dynamic detail display show dot1x vlan dynamic 2 detail Date 2008 12 17 17 57 03 UTC VLAN Dynamic AccessControl Multiple Auth PortControl Auto Status Last EAPOL 00...

Page 123: ...t EAPOL 0012 e200 0011 Supplicants 2 2 256 ReAuthMode Enable TxTimer s 15 30 ReAuthTimer s 123 300 ReAuthSuccess 4 ReAuthFail 0 SuppDetection Shortcut Supplicants MAC Status AuthState BackEndState ReAuthSuccess SessionTime s Date Time 0012 e200 0011 Authorized Authenticated Idle 0 177 2008 12 17 17 55 00 0012 e200 0012 Authorized Authenticated Idle 0 5 2008 12 17 17 56 58 VLAN 20 AccessControl Mul...

Page 124: ...s disabled Authorization Network Displays the operating status of VLAN allocation from RADIUS when VLAN based authentication dynamic is used 1 Enable VLAN allocation from RADIUS is enabled 2 Disable VLAN allocation from RADIUS is disabled Accounting Dot1x Displays the operating status of the accounting functionality 1 Enable The accounting functionality is enabled 2 Disable The accounting function...

Page 125: ...ber of supplicants within an authentication type ReAuthMode Displays the status of the self issuance of EAPOL Request ID re authentication requests 1 Enable 2 Disable TxTimer s Displays the timer for sending EAPOL Request ID authentication requests prior to authentication The timer on a Switch is disabled because any of the following applies The number of supplicants to be authenticated reached th...

Page 126: ...icants For VLAN based authentication dynamic only This item displays the number of supplicants already authenticated Supplicant MAC The supplicant s MAC address Status Displays the authentication status of the supplicants Authorized Already authenticated Unauthorized Not authenticated 1 Authorized 2 Unauthorized AuthState Displays the status of authentication processing for the supplicant Connecti...

Page 127: ...t dot1x command to restart IEEE 802 1X Connection failed to 802 1X program Reason Receive Error An attempt to receive data from the IEEE 802 1X program failed Re execute the command If the failure occurs frequently use the restart dot1x command to restart IEEE 802 1X Connection failed to 802 1X program Reason Send Error An attempt to send data to the IEEE 802 1X program failed Re execute the comma...

Page 128: ... in list format For details about how to specify channel group list see Specifiable values for parameters vlan vlan id list Clears statistics for VLAN based authentication static of the specified VLAN in list format For details about how to specify vlan id list see Specifiable values for parameters Note that the default VLAN VLAN ID 1 cannot be specified for this command vlan dynamic Clears statis...

Page 129: ...An attempt to send data to the IEEE 802 1X program failed Re execute the command If the failure occurs frequently use the restart dot1x command to restart IEEE 802 1X Dot1x doesn t seem to be running The IEEE 802 1X setting has not been enabled Check the configuration No operational Channel Group There are no available channel groups Check the authentication mode set by the configuration No operat...

Page 130: ...lan id list Initializes the authentication status of the VLANs specified in list format for VLAN based authentication statistic For details about how to specify vlan id list see Specifiable values for parameters Note that the default VLAN VLAN ID 1 cannot be specified for this command vlan dynamic vlan id list Initializes the authentication status of the VLANs specified in list format for VLAN bas...

Page 131: ...Connection failed to 802 1X program Reason Connection Error An attempt to connect to the IEEE 802 1X program failed Re execute the command If the failure occurs frequently use the restart dot1x command to restart IEEE 802 1X Connection failed to 802 1X program Reason Receive Error An attempt to receive data from the IEEE 802 1X program failed Re execute the command If the failure occurs frequently...

Page 132: ...ified type of IEEE 802 1X authentication If the parameter is supplicant mac mac address EAP Failure is unicasted to the specified authentication terminal If there is no authentication terminal under the IEEE 802 1X authentication to which the specified authentication terminal belongs EAP Req Id is multicasted once to the type of IEEE 802 1X authentication to which the specified authentication term...

Page 133: ...Specifiable values for parameters vlan vlan id list Re authenticates the authentication status of the VLANs specified in list format for VLAN based authentication static For details about how to specify vlan id list see Specifiable values for parameters Note that the default VLAN VLAN ID 1 cannot be specified for this command vlan dynamic vlan id list Re authenticates the authentication status of ...

Page 134: ...led to 802 1X program Reason Receive Error An attempt to receive data from the IEEE 802 1X program failed Re execute the command If the failure occurs frequently use the restart dot1x command to restart IEEE 802 1X Connection failed to 802 1X program Reason Send Error An attempt to send data to the IEEE 802 1X program failed Re execute the command If the failure occurs frequently use the restart d...

Page 135: ...igure 5 21 Restarting the IEEE 802 1X program restart dot1x 802 1X restart OK y n y Figure 5 22 Restarting IEEE 802 1X program when the f parameter is specified restart dot1x f Display items None Impact on communication All the IEEE 802 1X authentication statuses on a Switch are initialized and communication is lost To restore communication re authentication is necessary Response messages Table 5 ...

Page 136: ...rage directory and the name of the core file are as follows Storage directory usr var core Core file dot1xd core If necessary back up the file in advance because the specified file is unconditionally overwritten if it already exists ...

Page 137: ...andby system Can t execute The command could not be executed Re execute the command Connection failed to 802 1X program Reason Connection Error An attempt to connect to the IEEE 802 1X program failed Re execute the command If the failure occurs frequently use the restart dot1x command to restart IEEE 802 1X Connection failed to 802 1X program Reason Receive Error An attempt to receive data from th...

Page 138: ... 43 NORMAL LOGIN MAC 0012 e200 0001 PORT 1 1 VLAN 10 Login succeeded New Supplicant Auth Success No 16 Jan 23 13 16 55 NORMAL LOGOUT MAC 0012 e200 0001 PORT 1 1 VLAN 10 Force Logout Port link down No 2 Jan 23 13 16 10 NORMAL LOGIN MAC 0012 e200 0001 PORT 1 1 VLAN 10 Login succeeded Supplicant Re Auth Success No 1 Jan 23 13 15 10 NORMAL LOGIN MAC 0012 e200 0001 PORT 1 1 VLAN 10 Login succeeded New ...

Page 139: ...was successful LOGOUT Indicates that logout was successful SYSTEM Indicates a runtime notification NOTICE LOGIN Indicates that authentication failed LOGOUT Indicates that logout failed WARNING SYSTEM Indicates a communication failure ERROR SYSTEM Indicates an operation failure of the IEEE 802 1X program Display format Meaning MAC xxxx xxxx xxxx Indicates the MAC address VLAN xxxx Indicates the VLA...

Page 140: ...ared because it was registered to mac address table with the configuration Meaning An attempt to authenticate the relevant suppliant was canceled because a MAC address was configured for mac address table Action None MAC address port number or channel group number VLAN ID 14 NORMAL LOGOUT Force logout The status of port was changed to Unauthorized because another supplicant was detection in single...

Page 141: ...pplicant and the user settings of the RADIUS server MAC address port number or channel group number VLAN ID 31 NOTICE LOGIN Login failed RADIUS authentication failed Re Auth Meaning Re authentication of a supplicant failed Action Correctly set the user name and password sent from the supplicant and the user settings of the RADIUS server MAC address port number or channel group number VLAN ID 32 NO...

Page 142: ... 802 6 MAC address port number or channel group number 37 NOTICE LOGIN Login failed Failed to assign VLAN Reason No Tunnel Private Group ID Attribute Meaning VLAN dynamic assignment failed because there was no Tunnel Private Group ID attribute Action Set the Tunnel Private Group ID attribute in the Accept packet to be sent by the RADIUS server MAC address port number or channel group number 38 NOT...

Page 143: ...ort number or channel group number VLAN ID 42 NOTICE LOGIN Login failed Failed to assign VLAN Reason The VLAN status is disabled Meaning VLAN dynamic assignment failed because the VLAN is disabled for VLAN based authentication dynamic Action Execute the state configuration command to set the status of the VLAN to be assigned to active MAC address port number or channel group number VLAN ID 43 NOTI...

Page 144: ...en the numberofauthenticated supplicants goes below the capacity limit MAC address port number or channel group number VLAN ID 47 NOTICE LOGIN Login failed Failed to connect to RADIUS server Meaning Authentication failed because an attempt to connect to the RADIUS server failed Action Check the following Communication between the Switch and the RADIUS server is available The RADIUS server function...

Page 145: ... to the RADIUS server failed Action Check the following Communication between the Switch and the RADIUS server is available The RADIUS server functionality is enabled Server IPv6 address 84 WARNING SYSTEM Failed to connect to Accounting server Meaning An attempt to connect to the accounting server failed Action Check the following Communication between the Switch and the accounting server is avail...

Page 146: ... Connection failed to 802 1X program Reason Connection Error An attempt to connect to the IEEE 802 1X program failed Re execute the command If the failure occurs frequently use the restart dot1x command to restart IEEE 802 1X Connection failed to 802 1X program Reason Receive Error An attempt to receive data from the IEEE 802 1X program failed Re execute the command If the failure occurs frequentl...

Page 147: ...ion Error An attempt to connect to the IEEE 802 1X program failed Re execute the command If the failure occurs frequently use the restart dot1x command to restart IEEE 802 1X Connection failed to 802 1X program Reason Receive Error An attempt to receive data from the IEEE 802 1X program failed Re execute the command If the failure occurs frequently use the restart dot1x command to restart IEEE 802...

Page 148: ......

Page 149: ...entication logging show web authentication show web authentication statistics clear web authentication logging clear web authentication statistics commit web authentication store web authentication load web authentication clear web authentication auth state restart web authentication dump protocols web authentication set web authentication html files clear web authentication html files show web au...

Page 150: ...ls about the specifiable range of values see Specifiable values for parameters Note that the default VLAN VLAN ID 1 cannot be specified for this command When dynamic VLAN mode or legacy mode is used Specify the VLAN ID of the VLAN to which the user will move after authentication When fixed VLAN mode is used Specify a VLAN ID Example When USER01 is added as the user name user0101 as the password an...

Page 151: ...ommand has been executed Now another user is using WA command please try again Another user is using a command for the Web authentication functionality Wait a while and then retry the operation The number of users exceeds 300 The number of users to be registered exceeds 300 WA is not configured The Web authentication functionality is not enabled Check the configuration Message Description ...

Page 152: ...he password after the change Only alphanumeric characters can be used and the characters are case sensitive Specify a name with 1 to 16 characters Example Changing the password for user USER01 set web authentication passwd USER01 user0101 user1111 Display items None Impact on communication None Response messages Table 6 2 List of response messages for the set web authentication passwd command Mess...

Page 153: ...rrently by multiple users The settings are available as authentication information only after the commit web authentication command has been executed WA is not configured The Web authentication functionality is not enabled Check the configuration Message Description ...

Page 154: ... the VLAN to which user USER01 belongs to 30 set web authentication vlan USER01 30 Display items None Impact on communication None Response messages Table 6 3 List of response messages for the set web authentication vlan command Notes This command cannot be used concurrently by multiple users The settings are available as authentication information only after the commit web authentication command ...

Page 155: ...remove web authentication user USER01 Remove web authentication user Are you sure y n y When deleting all users registered in the local authentication data remove web authentication user all Remove all web authentication user Are you sure y n y Display items None Impact on communication None Response messages Table 6 4 List of response messages for the remove web authentication user command Messag...

Page 156: ...settings are available as authentication information only after the commit web authentication command has been executed WA is not configured The Web authentication functionality is not enabled Check the configuration Message Description ...

Page 157: ...being edited commit Displays information about the user who is executing the command Example When displaying the user information being edited show web authentication user edit Date 2006 10 14 10 52 49 UTC Total user counts 2 username VLAN 0123456789012345 3 USER01 4094 When displaying information of the user who is performing operation show web authentication user commit Date 2006 10 14 10 52 49 ...

Page 158: ...nd in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command Now another user is using WA command please try again Another user is using a command for the Web authentication functionality Wait a while and then retry the operation WA is not configured The Web authentication functionality is not enabled Check the conf...

Page 159: ... show web authentication login Date 2010 04 15 10 52 49 UTC Total user counts 2 Username VLAN MAC address Port IP address Login time Limit time 0123456789012345 3 0012 e2e3 9166 1 5 192 168 0 1 2010 04 15 09 58 04 UTC 00 10 20 USER01 4094 0012 e268 7527 1 6 192 168 1 10 2010 04 15 10 10 23 UTC 00 20 35 Display items Table 6 7 Information displayed for authenticated users Item Meaning Displayed inf...

Page 160: ...efore the user is logged out due to a timeout When the maximum connection time is 10 to 1440 minutes hh mm ss hour minute second When the maximum connection time is set to unlimited infinity Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command Connection failed to ...

Page 161: ...00 0001 USER testdata1 Logout succeeded No 90 Nov 15 00 09 55 NORMAL SYSTEM connection failed L2MacManager When user is specified for the parameter show web authentication logging user Date 2007 11 15 11 13 15 UTC No 1 Nov 15 00 09 50 NORMAL LOGIN MAC 0012 e200 0001 USER testdata1 Login succeeded No 2 Nov 15 00 10 10 NORMAL LOGOUT MAC 0012 e200 0001 USER testdata1 Logout succeeded Display items Ta...

Page 162: ...essful LOGOUT Indicates that logout was successful SYSTEM Indicates a runtime notification NOTICE LOGIN Indicates that authentication failed LOGOUT Indicates that logout failed ERROR SYSTEM Indicates a communication failure or an operation failure in the Web authentication program Display format Meaning MAC xxxx xxxx xxxx Indicates the MAC address USER xxxxxxxxxx Indicates the user ID IP xxx xxx x...

Page 163: ... aging Action The terminal is not in use Check the terminal MAC address User name IP address 1 VLAN ID 1 Port number 1 7 NORMAL LOGOUT Force logout VLAN deleted Meaning Authentication was canceled because a VLAN for Web authentication was deleted Action Check the VLAN configuration settings MAC address User name VLAN ID 8 NORMAL LOGOUT Force logout Authentic method changed RADIUS Local Meaning Aut...

Page 164: ...iled ARP resolution Meaning Authentication could not be canceled because ARP resolution of the client PC s IP address failed Action Log out again User name 1 IP address 14 NOTICE LOGIN Login failed Double login Meaning Authentication failed because duplicated login operation was performed The cause is either of the following The user has already logged in the same client PC using a different user ...

Page 165: ... the VLAN ID set for Web authentication Action Set the correct VLAN ID in the configuration MAC address User name VLAN ID 18 NOTICE LOGIN Login failed MAC address could not register Meaning Authentication could not be performed because registration of the MAC address failed Action Log in again MAC address User name 19 NOTICE LOGOUT Logout failed MAC address could not delete Meaning Authentication ...

Page 166: ...cManager Meaning Authentication failed because an attempt to communicate with the VLAN program failed Action Log in again If this message appears frequently specify the mac manager parameter for the restart vlan command and execute it MAC address User name 23 NOTICE LOGIN Login failed L2MacManager failed Meaning Authentication failed because notification from the VLAN program was received indicati...

Page 167: ...nd Action Analyze the cause and log in again MAC address 25 NOTICE LOGIN Login failed Double login L2MacManager Meaning Authentication failed because notification from the VLAN program was received indicating that authentication could not be performed The cause is either of the following The terminal for which Web authentication was performed had already been authenticated by IEEE 802 1X or MAC ba...

Page 168: ...n cannot be performed because the authentication request was sent from a VLAN that was not set for the interface Action Correctly configure the VLAN again MAC address User name VLAN ID 28 NORMAL LOGOUT Force logout Polling time out Meaning Authentication was canceled because disconnection of an authenticated terminal was detected Action None MAC address User name IP address VLAN ID Port number 29 ...

Page 169: ...d because the request was not issued from the port set for fixed VLAN mode or dynamic VLAN mode Action Connect the terminal to the port to be authenticated and then log in again MAC address User name Port number 39 NOTICE LOGIN Login failed VLAN not specified Meaning When the mode is fixed VLAN mode or dynamic VLANmode authentication cannot be performed because the authentication request was issue...

Page 170: ...cy mode or dynamic VLAN mode to fixed VLAN mode Action None MAC address User name IP address 1 VLAN ID Port number 1 50 NORMAL LOGOUT Force logout Authentic mode had changed static vlan dynamic vlan Meaning Authentication of all users was canceled because the authentication method was switched from fixed VLAN mode to legacy mode or dynamic VLAN mode Action None MAC address User name IP address VLA...

Page 171: ...tics command to clear statistics was received Action None n a 84 NORMAL SYSTEM Accepted commit command Meaning A commit notification issued by the commit web authentication command for the internal DB was received Action None n a 85 NORMAL SYSTEM Accepted dump command Meaning A dump output request issued by the dump protocols web authentication command was received Action None n a 86 NORMAL LOGOUT...

Page 172: ...Web authentication program error code 89 ERROR SYSTEM Connection failed Operation command error error code Meaning Outputting the response message for the command failed Action Wait a while and then re execute the command error code 90 ERROR SYSTEM Connection failed L2MacManager Meaning An attempt to communicate with the VLAN program was made but failed Action If this message appears frequently sp...

Page 173: ...ing Logout failed because the user is not being authenticated by Web authentication Action Use the show web authentication login command to check the authentication status MAC address 99 ERROR SYSTEM Accounting failed RADIUS accounting Meaning A response to an accounting request was not received from the RADIUS server Action Check whether communication is possible between the Switch and the RADIUS...

Page 174: ...nce with the hardware was found Action No action is required because the authentication status and the hardware status can be synchronized by Web authentication MAC address User name 105 NOTICE LOGIN Login failed VLAN suspended Meaning An authentication error occurred because the VLAN used by the login user to be switched after authentication was in the disable status Action Enable the VLAN after ...

Page 175: ...d Communication failed with an internal functionality indicated by the error code in after The other error Action An internal Web authentication error occurred Use the dump protocols web authentication command to collect information and then use the restart web authentication command to restart Web authentication error code Message Description Can t execute this command in standby system This comm...

Page 176: ... with registered VLANs show web authentication Date 2010 04 16 10 52 49 UTC web authentication Information Authentic mode Legacy Authentic method Local Accounting state disable Max timer 60 Max user 4096 VLAN Count 16 Auto logout disable Syslog send enable Jump URL http www example com Web port http 80 https 443 VLAN Information VLAN ID 5 10 15 20 25 30 35 40 1000 1007 When the authentication mode...

Page 177: ...https 443 8443 Redirect vlan 10 Access list No 100 Port 1 10 VLAN ID 1000 1500 Native VLAN 10 Port 1 12 VLAN ID 1000 1500 Native VLAN 10 When the authentication mode is dynamic VLAN mode and the authentication method is RADIUS authentication show web authentication Date 2010 04 15 10 52 49 UTC web authentication Information Authentic mode Dynamic VLAN Authentic method RADIUS Accounting state enabl...

Page 178: ... address aging is available Whether forced logout by MAC address aging in legacy mode and dynamic VLAN mode for the Web authentication functionality is available enable Forced logout can be used disable Forced logout cannot be used is displayed when the mode is fixed VLAN mode Syslog send The usage state of the syslog server output functionality The usage state of the functionality that outputs th...

Page 179: ...LAN for which URL redirection is configured Access list No Access Lists The access list number or the access list name is displayed if neither is specified 2 VLAN Information VLAN information Detailed information about a VLAN registered in Web authentication Port Port information The number of the port embedded in a VLAN VLAN ID VLAN information VLAN ID registered in Web authentication Native VLAN...

Page 180: ...tal 100 Authentication Current Count 10 Authentication Error Total 30 RADIUS web authentication Information RADIUS frames TxTotal 10 TxAccReq 10 TxError 0 RxTotal 30 RxAccAccpt 10 RxAccRejct 10 RxAccChllg 10 RxInvalid 0 Account web authentication Information Account frames TxTotal 10 TxAccReq 10 TxError 0 RxTotal 20 RxAccResp 10 RxInvalid 0 When the authentication mode is legacy mode and the authe...

Page 181: ...ion to the RADIUS server RxTotal The total number of received packets from the RADIUS server RxAccAccpt The total number of Access Accept packets received from the RADIUS server RxAccRejct The total number of Access Reject packets received from the RADIUS server RxAccChllg The total number of Access Challenge packets received from the RADIUS server RxInvalid The total number of invalid frames rece...

Page 182: ...ed to WA program Communication with the Web authentication program failed Re execute the command If communication fails frequently use the restart web authentication command to restart the Web authentication program WA is not configured The Web authentication functionality is not enabled Check the configuration Message Description ...

Page 183: ...of response messages for the clear web authentication logging command Notes None Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command Connection failed to WA program Communication with the Web authentication program failed Re execute the command If communication fa...

Page 184: ...ponse messages for the clear web authentication statistics command Notes None Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command Connection failed to WA program Communication with the Web authentication program failed Re execute the command If communication fails...

Page 185: ...d Message Description Can not commit An attempt to update the authentication information failed Execute the restart web authentication command to update the authentication information again Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command Command information was damaged Informatio...

Page 186: ...lowing commands are executed to add change or delete users set web authentication user set web authentication passwd set web authentication vlan remove web authentication user If execution of this command is interrupted before completion the Web authentication database is not updated In such a case re execute the command to update the Web authentication database ...

Page 187: ...t of response messages for the store web authentication command Notes If Web authentication user information is backed up to a file when the available space in the flash memory is insufficient incomplete backup files might be created When creating backup files use the show flash command to make sure there is enough free capacity in the flash memory The following shows an example of executing the s...

Page 188: ...7 144kB free 616kB 7 199kB 8 152kB 15 967kB total 37 679kB 7 265kB 8 168kB 53 112kB Note The underlined part the value for free indicating the free capacity of the user area must be at least 20 KB If the free capacity in flash memory is insufficient use the rm command to delete unnecessary files before creating the backup files ...

Page 189: ...hout displaying a confirmation message Operation when this parameter is omitted A confirmation message is displayed Example When Web authentication user information is restored from the authdata backup file load web authentication authdata Restore web authentication user data Are you sure y n y Restore complete Display items None Impact on communication None Response messages Table 6 22 List of re...

Page 190: ...tication database Connection failed to WA program Communication with the Web authentication program failed Re execute the command If communication fails frequently use the restart web authentication command to restart the Web authentication program File format error Registration is not possible because the file is not a backup file Load operation failed Restoration from the backup file failed Now ...

Page 191: ...t right curly bracket bracket and single quotation mark semicolon dollar sign grave accent mark backslash sharp sign at the beginning and percent sign all Forcibly logs out the authenticated currently logged in users mac address mac mac Forces user logout by specifying the MAC address that is used by the authenticated currently logged in user Specify the MAC address in the range from 0000 0000 000...

Page 192: ...uth state command Notes None Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command Connection failed to WA program Communication with the Web authentication program failed Re execute the command If communication fails frequently use the restart web authentication co...

Page 193: ...e core files are not output Example The following shows an example of restarting the Web authentication program restart web authentication WA restart OK y n y Display items None Impact on communication If web server is specified for a parameter only the Web server is restarted and authentication is not canceled There is no impact on communication Note that if web server is not specified communicat...

Page 194: ...written if it already exists WA is not configured If Web authentication functionality has not been set check the configuration If the web authentication system auth control configuration command has been set perform the following operation Use the no web authentication system auth control configuration command to stop Web authentication Wait at least 10 seconds and then use the web authentication ...

Page 195: ...s for the dump protocols web authentication command Notes The storage directory and the name of an output file are as follows Storage directory usr var wa File wad_dump gz If necessary back up the file in advance because the specified file is unconditionally overwritten if it already exists Message Description Can t execute The command could not be executed Re execute the command Connection failed...

Page 196: ...ed on the Favorites menu of the Web browser that you want to register Page images messages and icons to be displayed in the Favorites menu of the Web browser that you want to register must be stored on a directory according to the following conditions Stores the above in a directory other than config wa htdocs There must be no subdirectories in the specified directory There must be a login html fi...

Page 197: ... has been set If this command is executed during dual operation page images messages and icons are registered automatically in the standby system If you use the synchronize command to synchronize the information between the active and standby systems the information will also be applied to the standby system Page images messages and icons registered by using this command are retained when Web auth...

Page 198: ... might take time If this command is interrupted while it is being executed the registered page is not displayed but the default page is displayed In addition the result might not be displayed correctly by using the show web authentication html files command If this happens re execute this command to register page images and messages In dynamic VLAN mode or legacy mode if the loginOK html file cont...

Page 199: ...cation html files command Notes This command can be executed regardless of whether or not the configuration command for Web authentication has been set If this command is executed during duplex operation the file registered by using the set web authentication html files command is also deleted in the standby system If you use the synchronize command to synchronize the information between the activ...

Page 200: ...ion html files command and the date and time the file was registered When the file is registered show web authentication html files Date 2007 04 01 10 07 04 UTC TOTAL SIZE 60775 SIZE DATE login html 2049 2007 03 30 14 05 loginOK html 1046 2007 03 30 14 05 loginNG html 985 2007 03 30 14 05 logout html 843 2007 03 30 14 05 logoutOK html 856 2007 03 30 14 05 logoutNG html 892 2007 03 30 14 05 webauth...

Page 201: ...0 default now aaa gif 20000 2007 03 30 14 05 bbb gif 15000 2007 03 30 14 05 ccc gif 10000 2007 03 30 14 05 ddd gif 9000 2007 03 30 14 05 Display items None Impact on communication None Response messages Table 6 28 List of response messages for the show web authentication html files command Notes This command can be executed regardless of whether or not the configuration command for Web authenticat...

Page 202: ......

Page 203: ...stics clear mac authentication auth state clear mac authentication logging clear mac authentication statistics set mac authentication mac address remove mac authentication mac address commit mac authentication show mac authentication mac address store mac authentication load mac authentication restart mac authentication dump protocols mac authentication ...

Page 204: ...played information Total client counts Total number of terminals The number of authenticated currently logged in terminals MAC address MAC address The MAC addresses of authenticated currently logged in terminals Port Port number The physical port numbers of the ports where the authenticated currently logged in terminal is located VLAN VLAN VLANs set for the authenticated currently logged in termin...

Page 205: ...and in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Connection failed to mac authentication program Communication with the MAC based authentication program failed Re execute the command If communication fails frequently use the restart mac authentication command to restart the MAC based authentication program Mac authentication ...

Page 206: ... MAC 0012 e200 0001 PORT 1 1 VLAN 3 Login succeeded No 2 Dec 1 10 10 10 NORMAL LOGOUT MAC 0012 e212 0001 PORT 1 1 VLAN 3 Logout succeeded No 82 Dec 1 10 10 55 NORMAL SYSTEM accepted clear auth state command When client is specified for the parameter show mac authentication logging client Date 2007 12 01 11 13 15 UTC No 1 Dec 1 10 09 50 NORMAL LOGIN MAC 0012 e200 0001 PORT 1 1 VLAN 3 Login succeede...

Page 207: ...essages Table 7 4 Log ID and type in operation log messages Table 7 5 Additional information Table 7 6 List of operation log messages Log ID Log type Meaning NORMAL LOGIN Indicates that authentication was successful LOGOUT Indicates that authentication was canceled SYSTEM Indicates a runtime notification NOTICE LOGIN Indicates that authentication failed LOGOUT Indicates that cancelation of authent...

Page 208: ...UT Force logout Connection time was beyond a limit Meaning Authentication was canceled because the maximum connection time was exceeded Action None If the terminal is connected authentication is attempted again MAC address VLAN ID Port number 6 NOTICE LOGIN Login failed Port link down Meaning An authentication error occurred because the port was down Action Make sure the status of relevant port is...

Page 209: ... VLAN ID Port number 10 NORMAL LOGOUT Force logout Other authentication program Meaning Authentication was canceled because it was overwritten by another authentication operation Action Check whether another authentication operation was performed on the same terminal MAC address VLAN ID Port number 11 NORMAL LOGOUT Force logout VLAN deleted Meaning Authentication was canceled because the VLAN for ...

Page 210: ... Check whether the MAC address has already been authenticated If necessary cancel the existing authentication for the relevant MAC address from the authentication functionality that is currently authenticating the MAC address MAC address 15 NOTICE LOGIN Login failed Number of login was beyond limit Meaning Authentication could not be performed because the maximum login limit was exceeded The cause...

Page 211: ... failed Action Attempt de authentication again MAC address 1 VLAN ID 1 Port number 1 error code 20 NOTICE LOGIN Login failed RADIUS authentication failed Meaning Authentication could not be performed because RADIUS authentication failed Action Make sure the terminal to be authenticated is correct Also make sure the RADIUS definition is correct MAC address VLAN ID Port number 21 NOTICE LOGIN Login ...

Page 212: ... Action Attempt authentication again MAC address Port number 30 NORMAL LOGOUT Force logout mac address table aging Meaning Authentication was canceled because a MAC address was deleted due to MAC address table aging Action The terminal is not in use Check the terminal MAC address VLAN ID Port number 31 NORMAL LOGOUT Force logout Authentic mode had changed dynamic vlan static vlan Meaning All authe...

Page 213: ...cepted commit command Meaning A notification issued by the commit mac authentication commandforre configuring the authentication information was received Action None n a 85 NORMAL SYSTEM Accepted dump command Meaning A dump output request issued by the dump protocols mac authentication command was received Action None n a 86 NORMAL LOGOUT Force logout MAC address not found L2MacManager Meaning An ...

Page 214: ... Connection failed L2MacManager Meaning An attempt to communicate with the VLAN program was made but failed Action If this message appears frequently specify the mac manager parameter for the restart vlan command and execute it n a 92 ERROR SYSTEM Disconnectionfailed L2MacManager Meaning Communication with the VLAN program was interrupted Action If this message appears frequently specify the mac m...

Page 215: ...ailed Action Use the restart mac authentication command to restart the MAC based authentication program n a 99 ERROR SYSTEM Accounting failed RADIUS accounting Meaning A response to an accounting request was not received from the RADIUS server Action Check whether communication is possible between the Switch and the RADIUS server After the Switch can communicate with the RADIUS server attempt auth...

Page 216: ...ion error occurred because the VLAN was disabled Action Enable the VLAN and then attempt authentication again MAC address VLAN ID Port number 106 NORMAL LOGOUT Force logout VLAN suspended Meaning Authentication was canceled because the status of the VLAN changed to disable Action Enable the VLAN and then attempt authentication again MAC address VLAN ID Port number 107 NOTICE LOGIN Login failed MAC...

Page 217: ...ror occurred Communication failed with an internal functionality indicated by the error code in after The other error Action An internal error of the MAC based authentication program occurred Use the dump protocols mac authentication command to collect information and then use the restart mac authentication command to restart MAC based authentication error code Message Description Can t execute th...

Page 218: ...Notes MAC based authentication operation log messages are displayed with newer messages displayed first For duplex configuration operation log information is deleted on transfer between active and standby rather than being inherited ...

Page 219: ... Max terminal 4096 Port Count 0 Auto logout enable VLAN check enable Vid key VLAN Authentic mode Dynamic VLAN Max timer 60 Max terminal 4096 Port Count 0 Auto logout enable When a port for MAC based authentication is registered show mac authentication Date 2010 04 15 10 52 49 UTC mac authentication Information Authentic method RADIUS Accounting state disable Syslog send enable Authentic mode Stati...

Page 220: ...r of authentication terminals that can simultaneously login to the MAC based authentication functionality Port Count Total number of ports Total number of ports registered for MAC based authentication Auto logout Auto logout setting for when no accesses detected status continues The status of the auto logout functionality when continuing no access status is detected for a MAC address enable The au...

Page 221: ...ndby system This command cannot be executed on a standby system Can t execute The command could not be executed Connection failed to mac authentication program Communication with the MAC based authentication program failed Re execute the command If communication fails frequently use the restart mac authentication command to restart the MAC based authentication program Mac authentication is not con...

Page 222: ...AccResp 10 RxInvalid 0 Display items Table 7 10 Items displayed for MAC based authentication statistics Item Meaning Authentication Request Total The total number of authentication requests Authentication Current Count The number of currently authenticated terminals Authentication Error Total The total number of authentication request errors RADIUS frames RADIUS information TxTotal The total numbe...

Page 223: ...ed packets from the accounting server RxAccResp The total number of Accounting Response packets received from the accounting server RxInvalid The total number of invalid frames received from the accounting server Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Connection failed to m...

Page 224: ... all the authenticated currently logged in terminals f Forcibly logs out terminals without displaying a confirmation message Operation when this parameter is omitted A confirmation message is displayed Example The following show examples of forcibly logging out all the authenticated currently logged in terminals When forcibly logging out the authenticated currently logged in terminals by specifyin...

Page 225: ...xecute The command could not be executed Connection failed to mac authentication program Communication with the MAC based authentication program failed Re execute the command If communication fails frequently use the restart mac authentication command to restart the MAC based authentication program Delete Error An attempt to delete the terminal failed Mac authentication is not configured The MAC b...

Page 226: ... response messages for the clear mac authentication logging command Notes None Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Connection failed to mac authentication program Communication with the MAC based authentication program failed Re execute the command If communication fails...

Page 227: ...e messages for the clear mac authentication statistics command Notes None Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Connection failed to mac authentication program Communication with the MAC based authentication program failed Re execute the command If communication fails freq...

Page 228: ...red Specify the MAC address in the range from 0000 0000 0000 to feff ffff ffff Note that you cannot specify a multicast MAC address address in which the lowest bit of the first byte is 1 vlan id Specify the VLAN ID of the VLAN to which the user will communicate after authentication For details about the specifiable range of values see Specifiable values for parameters In dynamic VLAN mode you must...

Page 229: ... VLAN ID and with an associated VLAN ID then this is taken to be no VLAN ID specified and an authentication error occurs at terminal authentication time When 1 is specified as the VLAN ID an authentication error occurs at terminal authentication time Message Description Already mac address mac vlan id exists The specified MAC address has already been registered Can t execute this command in standb...

Page 230: ...C address address in which the lowest bit of the first byte is 1 all Deletes all MAC addresses f Deletes MAC addresses without displaying a confirmation message Operation when this parameter is omitted A confirmation message is displayed Example When deleting the MAC address 0012 e200 1234 remove mac authentication mac address 0012 e200 1234 Remove mac authentication mac address Are you sure y n y...

Page 231: ...the command Mac authentication is not configured The MAC based authentication functionality is not configured Check the configuration Now another user is using mac authentication command please try again Another user is using a command related to the MAC based authentication functionality Wait a while and then retry the operation Unknown mac address mac The specified MAC address has not been regis...

Page 232: ...eter is omitted A confirmation message is displayed Example The following shows an example of saving the internal MAC based authentication DB for MAC based authentication commit mac authentication Commitment mac authentication mac address data Are you sure y n y Commit complete Display items None Impact on communication None Response messages Table 7 17 List of response messages for the commit mac...

Page 233: ...d to mac authentication program Communication with the MAC based authentication program failed Re execute the command If communication fails frequently use the restart mac authentication command to restart the MAC based authentication program Mac authentication is not configured The MAC based authentication functionality is not configured Check the configuration Now another user is using mac authe...

Page 234: ...nternal MAC based authentication DB Example When displaying information that is being edited show mac authentication mac address edit Date 2007 12 01 10 52 49 UTC Total mac address counts 2 mac address VLAN 0012 e200 1234 3 0012 e201 abcd 4094 When displaying information about the current internal MAC based authentication DB show mac authentication mac address commit Date 2007 12 01 10 52 49 UTC T...

Page 235: ... This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command Mac authentication is not configured The MAC based authentication functionality is not configured Check the configuration Now another user is using mac authentication command please try again Another user is using a command related to the MAC based authentication functionalit...

Page 236: ...sponse messages Table 7 20 List of response messages for the store mac authentication command Notes If the internal MAC based authentication DB is backed up when the flash memory capacity is insufficient incomplete backup files might be created When creating backup files use the show flash command to make sure there is enough free capacity in the flash memory Message Description Can t execute this...

Page 237: ... area area total used 37 063kB 65kB 16kB 37 144kB free 616kB 7 199kB 8 152kB 15 967kB total 37 679kB 7 265kB 8 168kB 53 112kB Note The underlined part the value for free indicating the free capacity of the user area must be at least 100 KB If the free capacity in flash memory is insufficient use the rm command to delete unnecessary files before creating the backup files ...

Page 238: ...firmation message Operation when this parameter is omitted A confirmation message is displayed Example When restoring the internal MAC based authentication DB from the authdata backup file load mac authentication authdata Restore mac authentication MAC address data Are you sure y n y Restore complete Display items None Impact on communication None Response messages Table 7 21 List of response mess...

Page 239: ...program Communication with the MAC based authentication program failed Re execute the command If communication fails frequently use the restart mac authentication command to restart the MAC based authentication program File format error Registration is not possible because the file is not a backup file Load operation failed Restoration from the backup file failed Mac authentication is not configur...

Page 240: ...th restart OK y n y Display items None Impact on communication All authentications for authenticated currently logged in terminals are canceled and communication will be impossible After the MAC based authentication program is restarted you must perform authentication again Response messages Table 7 22 List of response messages for the restart mac authentication command Notes The storage directory...

Page 241: ...p protocols mac authentication command Notes The storage directory and the name of an output file are as follows Storage directory usr var macauth File macauthd_dump gz If necessary back up the file in advance because the specified file is unconditionally overwritten if it already exists Message Description Can t execute The command could not be executed Connection failed to mac authentication pro...

Page 242: ......

Page 243: ... 8 Authentication VLANs OP VAA show fense server OP VAA show fense statistics OP VAA show fense logging OP VAA clear fense statistics OP VAA clear fense logging OP VAA restart vaa OP VAA dump protocols vaa OP VAA ...

Page 244: ...ontroller vlan id list Specifies multiple VLAN IDs which have been set as authenticated VLANs For details about how to specify vlan id list see Specifiable values for parameters Note that the default VLAN VLAN ID 1 cannot be specified for this command Operation when this parameter is omitted Displays all information about configured VLANs Operation when all parameters are omitted Displays all info...

Page 245: ...5 255 255 0 VLAN ID 11 lP Subnet Address 192 168 11 0 mask 255 255 255 0 Display items The following table shows the items displayed for VLANaccessAgent information Table 8 1 Items displayed for VLANaccessAgent information Item Meaning Displayed information VAA NAME VLANaccessAgent name Displays the name set for VLANaccessAgent of a Switch switch name Indicates the device name Not set VAA Sync Mod...

Page 246: ...mic MAC address is deleted Indicates the setting value as the number of retries before the dynamic MAC address for the authentication VLAN is deleted if connection to the authentication server fails infinity Indicates an unlimited number of retries 0 to 32767 Indicates the number of retries Current Count Current number of retries Indicates the current number of retries for connecting to the authen...

Page 247: ...authentication server 1024 to 65535 Indicates the port number Retry Timer Interval for retrying connection to the authentication server Indicates the setting value for the retry interval in seconds when connection to the authentication server fails 1 to 65535 Indicates the retry interval Retry Count The number of retries to the authentication server until a dynamic MAC address is deleted Indicates...

Page 248: ...e authenticated VLAN corresponding to the VLAN ID Message Description Can t execute The command could not be executed Re execute the command Connection failed to VAA program Communication with the VLANaccessAgent program failed Re execute the command If this error occurs frequently use theshow fense logging command and the dump protocols vaa command to acquire the vaa status and the FENSE server l...

Page 249: ...displaying statistics for all VLANaccessAgent you have set show fense statistics Date 2007 01 26 10 50 49 UTC ID 1 VLANaccessController Connection Connect Count 1 Connect Failure Count 0 Timeout Disconnect Count 0 VLANaccessAgent Recv Message ADDMAC DELMAC LSTMAC CLRMAC DELMACALL Request 11020 11000 100 0 0 Error 0 0 0 0 0 FORMERROR 0 0 0 0 0 INVSTATE 0 0 0 0 0 NOMEMORY 0 0 0 0 0 INVPARAM 0 0 0 0 ...

Page 250: ...n server Unsigned 32 bit value Indicates the number of failed connections Timeout Disconnect Count Number of timeouts Indicates the number of disconnections when the Switch did not receive the Keep Alive message from the authentication server within the interval set by the fense alive timer command Unsigned 32 bit value Indicates the number of timeouts VLANaccessAgent Recv Message Statistics for r...

Page 251: ... authentication server Unsigned 32 bit value Indicates the number of deletion requests Error Number of failed MAC address deletion requests Indicates the total number of times that MAC address deletion requests received from the authentication server failed Unsigned 32 bit value Indicates the number of failed deletion requests FORMERROR Number of times that FORMERROR has been sent as the cause of ...

Page 252: ... requests were received Indicates the number of times that batch deletion requests were received from the authentication server Unsigned 32 bit value Indicates the number of times that batch deletion requests were issued Error Number of failed batch deletion requests Indicates the total number of times that batch deletion requests from the authentication server failed Unsigned 32 bit value Indicat...

Page 253: ...of NOMEMORY errors INVPARAM Number of times that INVALIDPARAM has been sent as the cause of the error Indicates the number of INVALIDPARAM error responses to requests to delete all MAC addresses Unsigned 32 bit value Indicates the number of INVALIDPARAM errors Target VLAN Registration Statistics for registering MAC in a MAC VLAN Indicates statistics for requests to register a MAC address to a MAC ...

Page 254: ...of MAC address deletion requests Unsigned 32 bit value Indicates the number of deletion requests Error Number of failed MAC address deletion requests Indicates the number of times that requests to delete an authenticated MAC address from a MAC VLAN failed Unsigned 32 bit value Indicates the number of failed deletion requests NOMAC Number of times that an invalid MAC address error has been returned...

Page 255: ...tly use the show fense logging command and the dump protocols vaa command to acquire the vaa status and the FENSE server logs see the manual for the FENSE server for details and then check the FENSE server status After that use the restart vaa command to restart VLANaccessAgent VAA is not configured VLANaccessAgent has not been configured Check the configuration Message Description ...

Page 256: ...id 1 Subnet 192 168 1 0 MAC 0012 e201 0203 3 Jul 2 10 49 23 NOTICE WELCOME message was received from the authentication server id 1 SrvVer 1 0 SrvIP 192 168 2 10 4 Jul 2 10 49 23 NOTICE The connection with the authentication server succeeded id 1 Display items Outputs operation log messages by severity level The following table shows the levels of operation log messages and Table 8 7 List of opera...

Page 257: ...cation server id vaa_id MAC MAC address Received a request from the authentication server to delete all specified MAC addresses vaa_id MAC address 8 NOTICE WELCOME message was received from the authentication server id vaa_id SrvVer authentication server version SrvIP authentication server IP address Received a Welcome message from the authentication server vaa_id Version of the authentication ser...

Page 258: ... Message Description Can t execute The command could not be executed Re execute the command Connection failed to VAA program Communication with the VLANaccessAgent program failed Re execute the command If this error occurs frequently use theshow fense logging command and the dump protocols vaa command to acquire the vaa status and the FENSE server logs see the manual for the FENSE server for detai...

Page 259: ...or VLANaccessAgent clear fense statistics Display items None Impact on communication None Response messages Table 8 9 List of response messages for the clear fense statistics command Notes None Message Description Can t execute The command could not be executed Re execute the command Connection failed to VAA program Communication with the VLANaccessAgent program failed Re execute the command If th...

Page 260: ...clear fense logging command Notes None Message Description Can t execute The command could not be executed Re execute the command Connection failed to VAA program Communication with the VLANaccessAgent program failed Re execute the command If this error occurs frequently use theshow fense logging command and the dump protocols vaa command to acquire the vaa status and the FENSE server logs see the...

Page 261: ...lay items None Impact on communication While VLANaccessAgent is being restarted dynamic MAC addresses cannot be registered by using VLANaccessAgent After restart if the authentication server has registered the MAC address the authentication server performs re authentication automatically If the authentication server has not registered the MAC address re authentication from a terminal is required R...

Page 262: ...e storage directory and the name of the core file are as follows Storage directory usr var core Core file vaad core If the specified file already exists the file is overwritten unconditionally Therefore back up the file in advance if necessary ...

Page 263: ...ile vaad_dump gz If the specified file already exists the file is overwritten unconditionally Therefore back up the file in advance if necessary Message Description Can t execute The command could not be executed Re execute the command Connection failed to VAA program Communication with the VLANaccessAgent program failed Re execute the command If this error occurs frequently use the show fense log...

Page 264: ......

Page 265: ...lear ip dhcp snooping binding show ip dhcp snooping statistics clear ip dhcp snooping statistics show ip arp inspection statistics clear ip arp inspection statistics show ip dhcp snooping logging clear ip dhcp snooping logging restart dhcp snooping dump protocols dhcp snooping ...

Page 266: ...erface For interface type interface number the following values can be set gigabitethernet nif no port no tengigabitethernet nif no port no port channel channel group number For details about the valid setting range of nif no port no and channel group number see Specifiable values for parameters static dynamic static Displays the binding database entry for statically registered entries dynamic Dis...

Page 267: ... URL Save location for the binding database Displays setting information in the configuration flash Indicates internal flash memory mc Indicates a memory card Not specified Last succeeded time Date and time the Switch last saved year month day hour minute second time zone Displays the date and time when information was saved to the save location is displayed for the following cases The agent URL i...

Page 268: ...ce is gigabitethernet or tengigabitethernet the NIF number and the port number are displayed For port channel the following value is displayed ChGr 1 to ChGr 63 Message Description Can t execute this command in standby system This command cannot be executed on a standby system DHCP snooping doesn t seem to be running The command failed because DHCP snooping is not operating Illegal NIF nif no The ...

Page 269: ...ified interface For interface type interface number the following values can be set gigabitethernet nif no port no tengigabitethernet nif no port no port channel channel group number For details about the valid setting range of nif no port no and channel group number see Specifiable values for parameters Operation when a parameter is omitted This command can clear only the entries that meet the co...

Page 270: ...and cannot be executed on a standby system DHCP snooping doesn t seem to be running The command failed because DHCP snooping is not operating Illegal NIF nif no The specified NIF number is invalid Make sure the specified parameter is correct and then try again nif no Indicates the NIF number Illegal Port port no The specified port number is invalid Make sure the specified parameter is correct and ...

Page 271: ...atistics Legend n a Not applicable Impact on communication None Item Meaning Displayed information Database Exceeded Number of times that binding database entries exceeded the maximum allowed number n a Total DHCP Packets Total number of DHCP packets processed on untrusted ports in DHCP snooping n a Port An untrusted port for which DHCP snooping is enabled If the interface is gigabitethernet or te...

Page 272: ...ult VLAN the mirror port is also displayed using this command Message Description Can t execute this command in standby system This command cannot be executed on a standby system DHCP snooping doesn t seem to be running The command failed because DHCP snooping is not operating Program error occurred error message A program error occurred Re execute the command error message Location of the error ...

Page 273: ...ping statistics clear ip dhcp snooping statistics Display items None Impact on communication None Response messages Table 9 6 List of response messages for the clear ip dhcp snooping statistics command Notes None Message Description Can t execute this command in standby system This command cannot be executed on a standby system DHCP snooping doesn t seem to be running The command failed because DH...

Page 274: ...isplay items Table 9 7 Items displayed for statistics for dynamic ARP inspection Legend n a Not applicable Impact on communication None Item Meaning Displayed information Port Port number If the interface is gigabitethernet or tengigabitethernet the NIF number and the port number are displayed For port channel the following value is displayed ChGr 1 to ChGr 63 Forwarded Number of forwarded ARP pac...

Page 275: ... the mirror port is also displayed using this command Message Description ARP Inspection doesn t seem to be running The command could not be executed because dynamic ARP inspection is not operating Can t execute this command in standby system This command cannot be executed on a standby system Program error occurred error message A program error occurred Re execute the command error message Locati...

Page 276: ...n statistics clear ip arp inspection statistics Display items None Impact on communication None Response messages Table 9 9 List of response messages for the clear ip arp inspection statistics command Notes None Message Description ARP Inspection doesn t seem to be running The command could not be executed because dynamic ARP inspection is not operating Can t execute this command in standby system...

Page 277: ...ple of displaying an operation log message for DHCP snooping Figure 9 7 Result of executing the command for displaying an operation log message of DHCP snooping show ip dhcp snooping logging Date 2010 04 20 12 00 00 UTC Apr 20 11 00 00 ID 2201 NOTICE DHCP server packets were received at an untrust port 1 2 1 0012 e2ff fe01 192 168 100 254 Display items The following shows the display format of a m...

Page 278: ...ated nif no port no vlan id mac address ip address Meaning An entry was added to the binding database Explanation of message variables nif no port no vlan id mac address ip address Indicates DHCP client terminal information nif no Indicates the NIF number port no Indicates the port number vlan id Indicates the VLAN ID mac address Indicates the MAC address ip address Indicates the IP address Action...

Page 279: ...es the port number vlan id Indicates the VLAN ID mac address Indicates the MAC address ip address Indicates the IP address Action None 1205 INFO The binding entry was renewed nif no port no vlan id mac address ip address Meaning A binding database entry was updated because lease renewal was detected Explanation of message variables nif no port no vlan id mac address ip address Indicates DHCP clien...

Page 280: ...C address ip address Indicates the IP address Action None 1301 INFO The binding entry was created ChGr channel group number vlan id mac address ip address Meaning An entry was added to the binding database Explanation of message variables ChGr channel group number vlan id mac address ip address Indicates DHCP client terminal information channel group number Indicates the channel group number vlan ...

Page 281: ...nel group number vlan id Indicates the VLAN ID mac address Indicates the MAC address ip address Indicates the IP address Action None 1305 INFO The binding entry was renewed ChGr channel group number vlanid macaddress ip address Meaning A binding database entry was updated because lease renewal was detected Explanation of message variables ChGr channel group number vlan id mac address ip address In...

Page 282: ...o vlan id mac address ip address Meaning Invalid lease release was detected This message is output once every five minutes on a port by port basis Explanation of message variables nif no port no vlan id mac address ip address Indicates DHCP client terminal information nif no Indicates the NIF number port no Indicates the port number vlan id Indicates the VLAN ID mac address Indicates the MAC addre...

Page 283: ...ery five minutes on a port by port basis Explanation of message variables ChGr channel group number vlan id mac address ip address Indicates DHCP server information channel group number Indicates the channel group number vlan id Indicates the VLAN ID mac address Indicates the MAC address ip address Indicates the IP address Action Check the connected device 2302 NOTICE Lease release was received fr...

Page 284: ... once every five minutes on a port by port basis Explanation of message variables ChGr channel group number vlan id mac address Indicates ARP terminal information channel group number Indicates the channel group number vlan id Indicates the VLAN ID mac address Indicates the MAC address Action Review the network configuration If there is no problem in the configuration then this might have been cau...

Page 285: ...ss contained in the ARP header do not match was discarded This message is output once every five minutes on a port by port basis Explanation of message variables nif no port no vlan id mac address Indicates ARP terminal information nif no Indicates the NIF number port no Indicates the port number vlan id Indicates the VLAN ID mac address Indicates the MAC address Action Check the connected devices...

Page 286: ...lient terminal information channel group number Indicates the channel group number vlan id Indicates the VLAN ID mac address Indicates the MAC address ip address Indicates the IP address Action Review the network configuration If there is no problem in the configuration then this might have been caused by an attack 3302 WARN Discard of the DHCP packet which SMAC and chaddr isn t identica ChGr chan...

Page 287: ...tination MAC address contained in the ARP header do not match was discarded This message is output once every five minutes on a port by port basis Explanation of message variables ChGr channel group number vlan id mac address Indicates ARP terminal information channel group number Indicates the channel group number vlan id Indicates the VLAN ID mac address Indicates the MAC address Action Check th...

Page 288: ...t no vlan id mac address ip address Indicates DHCP client terminal information nif no Indicates the NIF number port no Indicates the port number vlan id Indicates the VLAN ID mac address Indicates the MAC address ip address Indicates the IP address Action Review the system configuration If this message is displayed because a static entry or a channel group has been added delete the relevant static...

Page 289: ...ow ip dhcp snooping logging command Notes None Message Description DHCP snooping doesn t seem to be running The command failed because DHCP snooping is not operating Program error occurred error message A program error occurred Re execute the command error message Location of the error ...

Page 290: ... Result of executing the command for clearing the log messages for DHCP snooping clear ip dhcp snooping logging Display items None Impact on communication None Response messages Table 9 13 List of response messages for the clear ip dhcp snooping logging command Notes None Message Description DHCP snooping doesn t seem to be running The command failed because DHCP snooping is not operating Program ...

Page 291: ...utputs the confirmation message before restarting the DHCP snooping program Example Figure 9 9 Result of executing the command for restarting the DHCP snooping program restart dhcp snooping DHCP snooping program restart OK y n y Display items None Impact on communication None Response messages Table 9 14 List of response messages for the restart dhcp snooping command Notes 1 Core output file usr v...

Page 292: ...m is being restarted In addition do not use the copy command to copy the configuration The binding database might become invalid 3 Do not switch systems within 30 seconds of the DHCP snooping program restarting In addition do not use the copy command to copy the configuration The binding database might become invalid ...

Page 293: ...to a file Figure 9 10 Result of executing the DHCP snooping dump command dump protocols dhcp snooping Display items None Impact on communication None Response messages Table 9 15 List of response messages for the dump protocols dhcp snooping command Notes Output file usr var dhsn dhcp_snoopingd dmp Message Description DHCP snooping doesn t seem to be running The command failed because DHCP snoopin...

Page 294: ......

Page 295: ...279 PART 6 High Reliability Based on Redundant Configurations Chapter 10 Redundancy of BCUs CSUs and MSUs inactivate standby activate standby redundancy force switchover synchronize ...

Page 296: ...essage appears inactivate standby system OK y n If you enter y the standby system is inactivated Display items None Impact on communication None Response messages Table 10 1 List of response messages for the inactivate standby command Notes 1 To restore a standby system that has been changed to inactive by this command to active use the activate standby command Message Description Can t accept com...

Page 297: ...hen the standby system is inactivated the inactive state of the standby system is retained 5 When the Switch is duplexed redundant if you execute the inactivate standby command the System mode changed from duplex to simplex log message is displayed 6 When you execute the ppupdate command to update the HDC Hardware Dependent Code of an active system if you use the inactivate standby command to inac...

Page 298: ...ms None Impact on communication None Response messages Table 10 2 List of response messages for the activate standby command Notes It takes a few seconds for this command to re display the prompt Message Description Can t accept command system is busy The command cannot be accepted because the system is busy Re execute the command later Can t execute this command in standby system This command can...

Page 299: ...ter Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command Now switchover executing The system is being switched Now synchronize executing The synchronize command is being executed Re execute the redundancy force switchover command after the synchronize command completes Now configurati...

Page 300: ... discord License keys for the active system and for the standby system do not match Now power control mode changing Power control mode is being changed Re execute the command after the following log message is displayed The change of power control mode was completed Standby system is failure A failure occurs in the standby system Standby system is notconnect The standby system is not installed Mes...

Page 301: ...n status between the active system and the standby system Specify this parameter to decide whether synchronization is required diff Displays the synchronization status between the active system and the standby system Specify this parameter to decide whether synchronization is required account The synchronization status of only files related to user information 2 Password file 3 User account and 4 ...

Page 302: ...yed for the home directory item Message Description Can t execute because operation mode is simplex now The command cannot be executed because the system is in simplex mode Can t execute for software version mismatch The command cannot be executed because the versions of software do not match Can t execute this command in standby system This command cannot be executed on a standby system Can t exe...

Page 303: ...lash memory capacity in the standby system copying a file might fail Pay special attention if BCUs or MSUs with different internal flash memory capacities are installed in the active system and the standby system If you failed to copy files to be synchronized delete the files in the user area of the active and standby systems before re executing the synchronize command ...

Page 304: ......

Page 305: ...289 Chapter 11 GSRP show gsrp show gsrp aware clear gsrp set gsrp master clear gsrp port up delay clear gsrp forced shift restart gsrp dump protocols gsrp ...

Page 306: ...for the specified port and the specified channel group is displayed port port list For details about how to specify port list and the specifiable range of values see Specifiable values for parameters Ports configured as direct link ports and ports belonging to VLANs that are part of VLAN groups can be specified channel group number channel group list For details about how to specify channel group ...

Page 307: ...otal VLAN Group Counts Total number of VLAN groups in the Switch 0 to 128 Layer 3 Redundancy Layer 3 redundancy switching Off Not set On The Layer 3 redundancy switching functionality is enabled VLAN Group ID VLAN group ID 1 to 128 Local State Status of VLAN groups on the Switch Master Indicates master status Backup Indicates backup status Backup Lock Indicates backup fixed status Backup Waiting I...

Page 308: ...Backup Advertise Hold Timer 3 Priority 100 101 Active Ports 3 3 Up Ports 3 VLAN Group ID 2 VLAN ID 120 Member Port Active Port Last Transition Transition by reason Master to Backup Counts Backup to Master Counts Virtual MAC Address 0000 8758 138f Local Neighbor State disable Acknowledged State Advertise Hold Timer Priority 100 Active Ports Up Ports VLAN Group ID 8 VLAN ID 180 Member Port 1 6 8 Act...

Page 309: ...N Group ID VLAN group ID 1 to 128 VLAN ID VLAN ID 1 to 4095 When used in combination with Ring Protocol VLANs that do not belong to the VLAN group are not included Member Port Ports belonging to a VLAN which is configured for a VLAN group is displayed if no active ports belong to a VLAN group or if the VLAN group is disabled Active Port Active port is displayed if no active ports belong to a VLAN ...

Page 310: ... of the partner switch MAC address was smaller than neighbor s The MAC address of the Switch is smaller than that of the partner switch BackupLock was enabled backup lock was set Double Master was detected It was detected that the Switch and the partner switch were in master status is displayed if no state transitions have been performed or the port is disabled Also when the GSRP device does not r...

Page 311: ...up Indicates backup status Backup Lock Indicates backup fixed status Backup Waiting Indicates backup master wait status Backup No Neighbor Indicates backup neighbor unknown status is displayed if the partner switch is unknown or disabled is displayed for information about the partner switch Advertise Hold Timer Length of time that an Advertise frame continues to be active 0 to 120 seconds is displ...

Page 312: ...e in VLAN groups Off Not set On The functionality restricting GSRP control to VLANs that are in VLAN groups is being applied GSRP Exception Port Port which is not subject to GSRP control is displayed if the port is not configured When used with Ring Protocol if a ring port is configured it is displayed as Exception Port No Neighbor To Master Operation setting in backup neighbor unknown status manu...

Page 313: ...ormation about the partner switch Advertise Interval Transmission interval between Advertise frames 0 5 to 60 seconds Selection Pattern Method for selecting the masteror backup state ports priority mac The number of active ports the priority and the MAC address of the Switch are selected in that order priority ports mac The priority the number of active ports and the MAC address of the Switch are ...

Page 314: ...ample 4 Table 11 4 Items displayed for GSRP information when a port is specified Item Meaning Displayed information GSRP ID GSRP group ID 1 to 65535 Port Information Port information nif no port no Port number CH Channel group number GSRP Status of a port belonging to a VLAN configured for a VLAN group or a port belonging to a GSRP management VLAN Active Indicates that the port status is active No...

Page 315: ...comes an active port 0 to 43200 seconds or infinity TxFrame Number of sent GSRP Advertise frames statistics 0 to 4294967295 RxFrame Number of received GSRP Advertise frames statistics 0 to 4294967295 Discard Frame Number of GSRP Advertise frames discarded when they are received statistics 0 to 262140 The maximum value is 65535 the maximum number by reason why the frame is discarded times 4 the num...

Page 316: ...4294967295 Discard Frame Number of GSRP Advertise frames discarded when they are received statistics 0 to 262140 The maximum value is 65535 the maximum number by reason why the frame is discarded times 4 the number of components Discard Frame by reason Detailed statistics for discarded frames by reason mismatch GSRP VLAN ID Number of GSRP Advertise frames discarded due to GSRP management VLAN ID m...

Page 317: ... gsrp command to restart the GSRP program GSRP is not configured GSRP has not been configured Check the configuration Specified GSRP ID is not configured gsrp group id The specified GSRP group ID has not been configured gsrp group id Indicates the GSRP group ID Specified port is not operational The specified port and channel group are not active Specified VLAN group ID is not configured vlan group...

Page 318: ...ow gsrp aware command Item Meaning Displayed information Last mac_address_table Flush Time Time mac_address_table Flush was last performed yyyy mm dd hh mm ss year month day hour minute second GSRP Flush Request Parameters Information about the GSRP Flush request frame when mac_address_table Flush was last performed GSRP ID GSRP group ID 1 to 65535 VLAN Group ID VLAN group ID for the received GSRP...

Page 319: ...and could not be executed Re execute the command Connection failed to GSRP program Communication with the GSRP program failed Re execute the command If the failure occurs frequently use the restart gsrp command to restart the GSRP program No received flush request frame No GSRP Flush request frames were received Message Description ...

Page 320: ...pecified at the same time In this case GSRP statistics for the specified port and statistics for the specified channel group are cleared Operation when this parameter is omitted Clears statistics for GSRP relating to all ports and channel groups port port list Clears statistics for GSRP relating to the specified port The items to be cleared are TxFrame RxFrame Discard Frame mismatch GSRP VLAN ID m...

Page 321: ...an group 1 Date 2006 03 14 12 00 00 UTC GSRP ID 10 Local MAC Address 0012 e2a8 2527 Neighbor MAC Address 0012 e2a8 2505 Total VLAN Group Counts 1 VLAN Group ID 1 VLAN ID 110 200 2169 Member Port 1 6 8 Active Port 1 6 8 Last Transition 2006 03 14 10 00 00 Master to Backup Transition by reason Priority was lower than neighbor s Master to Backup Counts 0 Backup to Master Counts 0 Local Neighbor State...

Page 322: ...stics are cleared Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command Connection failed to GSRP program Communication with the GSRP program failed Re execute the command If the failure occurs frequently use the restart gsrp command to restart the GSRP program GSRP...

Page 323: ...e Operation when this parameter is omitted A confirmation message is displayed Example Figure 11 10 Example of executing a master transition command set gsrp master 10 vlan group 8 Transit to Master Are you sure y n y set gsrp master 10 vlan group 8 f Display items None Impact on communication The status is switched from communication disabled to communication enabled Response messages Table 11 10...

Page 324: ...been configured gsrp group id Indicates the GSRP group ID Specified VLAN group ID is not configured vlan group id The specified VLAN group ID has not been configured vlan group id Indicates the VLAN group ID Specified VLAN group is not no neighbor state The specified VLAN group is not in backup neighbor unknown status Use the show gsrp command to make sure the specified VLAN group is in backup nei...

Page 325: ...AN group in active status For details about how to specify channel group list see Specifiable values for parameters Operation when all parameters are omitted Immediately puts all ports which are both active and belongs to a VLAN that is configured to be a member of a VLAN group in active status Example Figure 11 11 Example of executing the clear gsrp port up delay command show gsrp 10 port 1 6 10 ...

Page 326: ...0 UTC GSRP ID 10 Port Information 1 6 GSRP Active Port Up Type Member Flush Reset Delay 0 TxFrame 0 RxFrame 0 Discard Frame 0 Display items None Impact on communication None Response messages Table 11 11 List of response messages for the clear gsrp port up delay command Notes None Message Description Can t execute this command in standby system This command cannot be executed on a standby system C...

Page 327: ...lues for GSRP group IDs are from 1 to 65535 Operation when this parameter is omitted For all GSRP groups disables the automatic transition to master and associated wait delay If wait status is disabled the current status of the VLAN group remains unchanged and the GSRP switch is not automatically changed to master status Example Figure 11 13 Example of executing the command for canceling the autom...

Page 328: ...11 GSRP 312 Notes None Specified GSRP ID is not configured gsrp group id The specified GSRP group ID has not been configured gsrp group id Indicates the GSRP group ID Message Description ...

Page 329: ...P program after displaying a confirmation message Example Figure 11 14 Example of restarting GSRP restart gsrp gsrp program restart OK y n y restart gsrp f Display items None Impact on communication Frames cannot be received in VLANs belonging to a VLAN group of GSRP Response messages Table 11 13 List of response messages for the restart gsrp command Notes The storage directory and the name of the...

Page 330: ...11 GSRP 314 Core file gsrpd core If necessary back up the file in advance because the specified file is unconditionally overwritten if it already exists ...

Page 331: ...d the name of the output dump file are as follows Storage directory usr var gsrp File gsrp_dump gz If a file with this name already exists the file is overwritten unconditionally Therefore back up the file in advance if necessary Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re ex...

Page 332: ......

Page 333: ...317 Chapter 12 VRRP show vrrpstatus IPv4 clear vrrpstatus IPv4 swap vrrp IPv4 show vrrpstatus IPv6 clear vrrpstatus IPv6 swap vrrp IPv6 show track IPv4 show track IPv6 ...

Page 334: ...ut the virtual router status protocol ip name virtual router name interface vlan vlan id vrid vrid protocol ip Displays information about an IPv4 protocol virtual router Operation when this parameter is omitted Displays information about both IPv4 and IPv6 protocol virtual routers name virtual router name Specifies a virtual router name interface vlan vlan id Specifies the interface that is used t...

Page 335: ...dress priority priority original priority primary virtual router name follow primary virtual router name Summary information interface name Name of the interface where a virtual router is operating VRID vrid Virtual router ID VRF vrf id OP NPAR VRF ID Not displayed if the virtual router is operating in a global network state Current status of a virtual router MASTER Indicates the master status BAC...

Page 336: ... 0 20 Vrrp Polling Status reachable track 20 VLAN0023 Status IF UP Down Priority 40 track 30 gigabitethernet 1 10 Status IF DOWN Down Priority 20 track 40 port channel 2 Status IF UP Down Priority 20 IPv4 Advertisement Type ietf unified spec 02 mode Figure 12 4 Example of displaying the detailed virtual router status for follower virtual routers show vrrpstatus detail interface vlan 10 vrid 2 Pres...

Page 337: ...s the name of the interface where the virtual router is operating vrid Indicates the virtual router ID VRF vrf id Indicates the VRF ID Not displayed if the virtual router is operating in a global network OP NPAR Virtual Router IP Address ip address ADDRESS OWNER IP address of the virtual router ADDRESS OWNER Displayed if the user is the owner of the address Virtual MAC Address mac address MAC addr...

Page 338: ...iority is displayed for a follower virtual router or a standby router original priority Indicates the priority set in the configuration If configuration settings are omitted the initial value 100 is displayed Disable Indicates that the operation is invalid For a follower virtual router or a standby router this functionality is invalid For a primary virtual router this item is not displayed IP Addr...

Page 339: ...od seconds Now Waiting N sec left Displays the remaining time until the state is changed to master while switching to master is suppressed by this setting N Indicates a value from 1 to 65535 Disable Indicates that the operation is invalid For a follower virtual router this functionality is disabled For a primary virtual router this item is not displayed Non Preempt swap timer second Now Waiting N ...

Page 340: ...nel group interface that monitors for failures status Indicates the current status of an interface that monitors failures IF UP Indicates that the interface is in the UP status IF DOWN Indicates that the interface is in the DOWN status Disable Indicates that the track assigned to a virtual router is disabled Method for changing priority Down Priority priority Indicates the priority is decreased if...

Page 341: ...t been specified or for an interface that monitors failures status Indicates connectivity by VRRP polling reachable Indicates that communication is possible Disable Indicates that the operation is invalid unreachable Indicates that communication is impossible reason Provides a detailed reason why communication is impossible This information is displayed if status is unreachable interface down Indi...

Page 342: ...ent received Number of received ADVERTISEMENT packets number of packets with bad advertisement interval Number of received ADVERTISEMENT packets that have invalid packet sending intervals number of packets with authentication failed Number of received ADVERTISEMENT packets of which authentication failed number of packets with bad ip ttl Number of received ADVERTISEMENTpacketswhose TTL for the IP h...

Page 343: ...zero Number of sent ADVERTISEMENTpacketswhose priority is 0 number of frames virtual MAC learning frame sent Number of sent MAC address learning frames N change by command Number of times that the swap vrrp command was executed N change by interface down Number of status transitions due to interface going down N change by receiving advertisement with high priority Number of status transitions caus...

Page 344: ...isplayed OP NPAR interface type interface number Indicates an interface that monitors for failures gigabitethernet nif no port no Indicates a 10BASE T 100BASE TX 1000BASE T or 1000BASE X interface that monitors failures tengigabitethernet nif no port no Indicates a 10GBASE R interface that monitors for failures port channel channel group number Indicates a channel group interface that monitors for...

Page 345: ...ual router ID VRF vrf id Indicates the VRF ID Not displayed if the virtual router is operating in a global network OP NPAR Virtual Router Name virtual router name primary follow Virtual router name primary follow Indicates the type of the virtual router Virtual Router Follow virtual router name interface name VRID vrid VRF vrf id not running Name of a followed primary virtual router virtual router...

Page 346: ...l router is operating vrid Indicates the virtual router ID VRF vrf id Indicates the VRF ID Not displayed if the virtual router is operating in a global network OP NPAR Message Description Can t execute The command could not be executed Re execute the command no entries There are no applicable virtual routers Vrrp vlan disable because virtual router is not configured The VRRP management VLAN is dis...

Page 347: ...al routers name virtual router name Specifies a virtual router name interface vlan vlan id Specifies the interface that is used to configure the virtual router For vlan id specify a VLAN ID set by the interface vlan configuration command vrid vrid Specifies the router ID Operation when this parameter is omitted Clears all virtual router information configured via the VLAN Operation when all parame...

Page 348: ...n Can t execute The command could not be executed Re execute the command no entries There are no applicable virtual routers Vrrp vlan disable because virtual router is not configured The VRRP management VLAN is disabled because no virtual routers are configured Vrrp vlan not configured The VRRP management VLAN has not been configured ...

Page 349: ... virtual router name interface vlan vlan id Specifies the interface that is used to configure the virtual router For vlan id specify a VLAN ID set by the interface vlan configuration command vrid vrid Specifies the router ID Operation when this parameter is omitted Displays confirmation messages for the virtual routers configured for the specified interface Example The following figure shows how t...

Page 350: ...In a configuration where the no vrrp preempt and the vrrp timers non preempt swap configuration commands are set for all devices that make up the VRRP if a switch back command is executed in the master device all devices change to the backup status until the period set for the vrrp timers non preempt swap command elapses To avoid this situation do not set the vrrp timers non preempt swap command f...

Page 351: ...tatus of the device with the greater IP address is changed to the master status The status of the device with the greaterIPaddress is changed to the master status The status of the device with the greater IP address is changed to the master status The status of the device with the greater IP address is changed to the master status Low Switch back Switch back Switch back Switch back Local device Ba...

Page 352: ...t the virtual router status protocol ipv6 name virtual router name interface vlan vlan id vrid vrid protocol ipv6 Displays information about an IPv6 protocol virtual router Operation when this parameter is omitted Displays information about both IPv4 and IPv6 protocol virtual routers name virtual router name Specifies a virtual router name interface vlan vlan id Specifies the interface that is use...

Page 353: ...p address priority priority original priority primary virtual router name follow primary virtual router name Summary information interface name Name of the interface where a virtual router is operating VRID vrid Virtual router ID VRF vrf id OP NPAR VRF ID Not displayed if the virtual router is operating in a global network state Current status of a virtual router MASTER Indicates the master status...

Page 354: ... Address fe80 ba Vrrp Polling Status reachable track 30 gigabitethernet 1 10 Status IF DOWN Down Priority 20 track 40 port channel 2 Status IF UP Down Priority 20 IPv6 Advertisement Type ietf unified spec 02 mode Figure 12 14 Example of displaying the detailed virtual router status for follower virtual routers show vrrpstatus detail interface vlan 10 vrid 3 Press the Enter key Date 2009 07 15 12 0...

Page 355: ... virtual router is operating vrid Indicates the virtual router ID VRF vrf id Indicates the VRF ID Not displayed if the virtual router is operating in a global network OP NPAR Virtual Router IP Address ip address ADDRESS OWNER IP address of the virtual router ADDRESS OWNER Displayed if the user is the owner of the address Virtual MAC Address mac address MAC address of a virtual router Virtual Route...

Page 356: ...iority is displayed for a follower virtual router or a standby router original priority Indicates the priority set in the configuration If configuration settings are omitted the initial value 100 is displayed Disable Indicates that the operation is invalid For a follower virtual router or a standby router this functionality is invalid For a primary virtual router this item is not displayed IP Addr...

Page 357: ...iod seconds Now Waiting N sec left Displays the remaining time until the state is changed to master while switching to master is suppressed by this setting N Indicates a value from 1 to 65535 Disable Indicates that the operation is invalid For a follower virtual router this functionality is disabled For a primary virtual router this item is not displayed Non Preempt swap timer second Now Waiting N...

Page 358: ...nel group interface that monitors for failures status Indicates the current status of an interface that monitors failures IF UP Indicates that the interface is in the UP status IF DOWN Indicates that the interface is in the DOWN status Disable Indicates that the track assigned to a virtual router is disabled Method for changing priority Down Priority priority Indicates the priority is decreased if...

Page 359: ...ndicates that the operation is invalid unreachable Indicates that communication is impossible reason Provides a detailed reason why communication is impossible This information is displayed if status is unreachable interface down Indicates that the source interface for polling is in the DOWN status no response Indicates that there were no responses from the polling destination no route Indicates t...

Page 360: ...of received ADVERTISEMENT packets number of packets with bad advertisement interval Number of received ADVERTISEMENT packets that have invalid packet sending intervals number of packets with authentication failed Number of received ADVERTISEMENT packets of which authentication failed number of packets with bad ipv6 hoplimit Number of received ADVERTISEMENT packets whose HopLimit for the IPv6 heade...

Page 361: ...zero Number of sent ADVERTISEMENT packets whose priority is 0 number of frames virtual MAC learning frame sent Number of sent MAC address learning frames N change by command Number of times that the swap vrrp command was executed N change by interface down Number of status transitions due to interface going down N change by receiving advertisement with high priority Number of status transitions ca...

Page 362: ...ce that monitors failures VRF vrf id Indicates the VRF ID When the destination for VRRP polling is a global network this item is not displayed OP NPAR interface type interface number Indicates an interface that monitors for failures gigabitethernet nif no port no Indicates a 10BASE T 100BASE TX 1000BASE T or 1000BASE X interface that monitors failures tengigabitethernet nif no port no Indicates a ...

Page 363: ...e VRID vrid VRF vrf id not running Name of a followed primary virtual router virtual router name is displayed for a primary virtual router For a follower virtual router the name of the followed primary virtual router is displayed interface name Indicates the name of the interface where a primary virtual router is operating vrid Indicates the virtual router ID of the primary virtual router VRF vrf ...

Page 364: ...n Can t execute The command could not be executed Re execute the command no entries There are no applicable virtual routers Vrrp vlan disable because virtual router is not configured The VRRP management VLAN is disabled because no virtual routers are configured Vrrp vlan not configured The VRRP management VLAN has not been configured ...

Page 365: ...irtual router name Specifies a virtual router name Operation when this parameter is omitted Clears all virtual router information interface vlan vlan id Specifies the interface that is used to configure the virtual router For vlan id specify a VLAN ID set by the interface vlan configuration command vrid vrid Specifies the router ID Operation when this parameter is omitted Clears all virtual router...

Page 366: ...sage Description Can t execute The command could not be executed Re execute the command no entries There are no applicable virtual routers Vrrp vlan disable because virtual router is not configured The VRRP management VLAN is disabled because no virtual routers are configured Vrrp vlan not configured The VRRP management VLAN has not been configured ...

Page 367: ...ifies a virtual router name interface vlan vlan id Specifies the interface that is used to configure the virtual router For vlan id specify a VLAN ID set by the interface vlan configuration command vrid vrid Specifies the router ID Operation when this parameter is omitted Displays confirmation messages for the virtual routers configured via the specified VLAN Example The following figure shows how...

Page 368: ... configuration where the no vrrp preempt and the vrrp timers non preempt swap configuration commands are set for all devices that make up the VRRP if a switch back command is executed in the master device all devices change to the backup status until the period set for the vrrp timers non preempt swap command elapses To avoid this situation do not set the vrrp timers non preempt swap command for a...

Page 369: ...of the device with the greater IP address is changed to the master status The status of the device with the greater IP address is changed to the master status The status of the device with the greaterIPaddress is changed to the master status The status of the device with the greater IP address is changed to the master status Low Switch back Switch back Switch back Switch back Local device Backup H...

Page 370: ... vlan vlan id Specifies a VLAN interface for which a track is configured For vlan id specify a VLAN ID set by the interface vlan configuration command interface interface type interface number Specifies the interface that monitors failures For interface type interface number the following values can be set gigabitethernet nif no port no tengigabitethernet nif no port no For the specifiable range o...

Page 371: ...track 10 interface VLAN0022 Mode interface track 20 interface VLAN0031 VRF 10 Mode polling The following figure shows an example of displaying detailed track information Figure 12 22 Example of displaying detailed track information show track detail interface vlan 31 Press the Enter key Date 2009 07 15 12 00 00 UTC track 20 interface VLAN0031 VRF 10 Mode polling Target Address 170 10 10 10 Assigne...

Page 372: ... tengigabitethernet nif no port no Indicates a 10GBASE R interface that monitors for failures port channel channel group number Indicates a channel group interface that monitors for failures Mode mode Indicates the monitoring mode of the track This item is not displayed if the track interface configuration command is not set interface Monitors the interface status polling Monitors the polling stat...

Page 373: ... to check if the interface sent by VRRP polling and theinterface that received the response match This item is not displayed if it has not been set Assigned to interface name VRID vrid VRF vrf id List of virtual routers to which a track is assigned This item is not displayed if no tracks are assigned to a virtual router interface name Indicates the name of an interface for which a virtual router t...

Page 374: ...ace vlan vlan id Specifies a VLAN interface for which a track is configured For vlan id specify a VLAN ID set by the interface vlan configuration command interface interface type interface number Specifies the interface that monitors failures For interface type interface number the following values can be set gigabitethernet nif no port no tengigabitethernet nif no port no For the specifiable rang...

Page 375: ...settings track number Indicates the number of the track assigned to a virtual router interface interface name VRF vrf id interface type interface number Indicates information about an interface that monitors failures not assigned is displayed if the track interface configuration command is not set interface name Indicates the interface name of the VLAN interface that monitors for failures VRF vrf ...

Page 376: ...detection_interval seconds Interval in seconds between attempts when VRRP polling detects restoration This item is not displayed if it has not been set Initial value 2 recovery_detection_times count Number of attempts until the status is changed when VRRP polling detects restoration This item is not displayed if it has not been set Initial value 3 check_reply_interface on Whether to check if the i...

Page 377: ...12 VRRP 361 Notes None ...

Page 378: ......

Page 379: ...363 PART 7 High Reliability Based on Network Failure Detection Chapter 13 IEEE 802 3ah UDLD show efmoam show efmoam statistics clear efmoam statistics restart efmoam dump protocols efmoam ...

Page 380: ...this parameter is omitted No information about ports in passive mode is displayed Operation when all parameters are omitted The IEEE 802 3ah OAM configuration information for all ports that are not in passive mode is displayed Example 1 The following figure is an example of displaying brief information related to the IEEE 802 3ah OAM configuration Figure 13 1 Example of displaying IEEE 802 3ah OAM...

Page 381: ...tes that the port status is Down Down uni link Indicates that the port status is Down unidirectional link failure detection Down loop Indicates that the port status is Down loop detection UDLD status UDLD operating status by the IEEE 802 3ah UDLD functionality for each port detection Indicates that failure detection is performed active Indicates that OAMPDU frames are being sent and responses are ...

Page 382: ...MPDU frames are being sent and responses are received passive Only OAMPDU frames are responded to Dest MAC MAC address of the partner device unknown is displayed if no information has been received from the partner device Note however that no unknown ports are displayed in passive mode If a bidirectional link is confirmed in active mode is displayed on the left of the MAC address Message Descripti...

Page 383: ...OAM show efmoam statistics Date 2006 10 02 23 59 59 UTC Port 1 1 detection OAMPDUs Tx 295 Rx 295 Invalid 0 Unrecogn 0 TLVs Invalid 0 Unrecogn 0 Info TLV Tx_Local 190 Tx_Remote 105 Rx_Remote 187 Timeout 3 Invalid 0 Unstable 0 Inactivate TLV 0 Timeout 0 Port 1 2 active OAMPDUs Tx 100 Rx 100 Invalid 0 Unrecogn 0 TLVs Invalid 0 Unrecogn 0 Info TLV Tx_Local 100 Tx_Remote 100 Rx_Remote 100 Timeout 0 Inv...

Page 384: ...4294967295 Info TLV TLV statistics for Information OAMPDU frames Tx_Local Number of times that Local Information TLV was sent 0 to 4294967295 Tx_Remote Number of times that Local Information TLV from the partner device was received and Remote Information TLV was edited and then sent 0 to 4294967295 Rx_Remote Number of received Local Information TLVs for responses from the partner device 0 to 42949...

Page 385: ...uted on a standby system Can t execute The command could not be executed Re execute the command Connection failed to IEEE802 3ah OAM program Communication with the IEEE 802 3ah OAM program failed Re execute the command If the failure occurs frequently use the restart efmoam command to restart the IEEE 802 3ah OAM program IEEE802 3ah OAM doesn t seem to be running This command failed because the IE...

Page 386: ...ample of clearing IEEE 802 3ah OAM statistics clear efmoam statistics Display items None Impact on communication None Response messages Table 13 6 List of response messages for the clear efmoam statistics command Notes None Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute ...

Page 387: ...n message Example Figure 13 5 Example of restarting the IEEE 802 3ah OAM program restart efmoam IEEE802 3ah OAM program restart OK y n y Display items None Impact on communication None Response messages Table 13 7 List of response messages for the restart efmoam command Notes The storage directory and the name of the core file are as follows Storage directory usr var core Core file efmoamd core If...

Page 388: ...13 IEEE 802 3ah UDLD 372 file in advance if necessary ...

Page 389: ...ile are as follows Storage directory usr var efmoam File efmoamd_dump gz If a file with this name already exists the file is overwritten unconditionally Therefore backup the file in advance if necessary Message Description Can t execute The command could not be executed Re execute the command Connection failed to IEEE802 3ah OAM program Communication with the IEEE 802 3ah OAM program failed Re exe...

Page 390: ......

Page 391: ...14 L2 Loop Detection show loop detection show loop detection statistics show loop detection logging clear loop detection statistics clear loop detection logging restart loop detection dump protocols loop detection ...

Page 392: ...hannel group list Displays L2 loop detection information for the specified channel group link aggregation in a list For details about how to specify channel group list see Specifiable values for parameters Operation when this parameter is omitted Displays all L2 loop detection information not limiting it to specific ports or specific channel groups Example The following figure shows an example of ...

Page 393: ...er than the value displayed for the number of ports allowed to send L2 loop detection frames the excess L2 loop detection frames cannot be sent Capacity Number of ports allowed to send L2 loop detection frames The number of VLAN ports where L2 loop detection frames can be sent at the defined transmission rate is displayed Port Port number or channel group number nif no port no Indicates the port n...

Page 394: ...ames have been received Vlan Source VLAN ID of the L2 loop detection frame Displays the source VLAN ID when an L2 loop detection frame was last received Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command Connection failed to L2 Loop Detection program Communicatio...

Page 395: ...gregation For details about how to specify channel group list see Specifiable values for parameters Operation when this parameter is omitted Displays all L2 loop detection statistics not limiting them to specific ports or specific channel groups Example The following figure is an example of displaying L2 loop detection statistics Figure 14 2 Example of displaying L2 loop detection statistics show ...

Page 396: ...send Indicates a detecting and sending port trap Indicates a detecting port exception Indicates a port exempted from detection uplink Indicates an uplink port TxFrame Number of sent L2 loop detection frames RxFrame Number of received L2 loop detection frames Inactive Count Number of times that the port or channel group was inactivated RxDiscard Number of L2 loop detection frames that have been rec...

Page 397: ...program Communication with the L2 loop detection program failed Re execute the command L2 Loop Detection is not configured L2 loop detection has not been set or the functionality has not been enabled Check the configuration No corresponding port information No port and channel group information for L2 loop detection was found Message Description ...

Page 398: ...H 32 Source CH 32 Vlan 4090 Uplink Inactive 2008 04 10 04 10 10 1 20 Source CH 32 Vlan 4090 2008 03 21 03 10 10 1 20 Source 1 12 Vlan 4095 2008 03 21 02 12 50 1 20 Source 1 12 Vlan 4095 2008 03 21 02 12 10 1 20 Source 1 12 Vlan 4095 2008 03 21 02 12 09 1 20 Source 1 12 Vlan 12 2007 09 05 20 00 00 CH 32 Source 1 12 Vlan 12 Uplink 2007 09 05 00 00 00 CH 32 Source 1 12 Vlan 12 Uplink Display items Ta...

Page 399: ...e status is changed to inactive status Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command Connection failed to L2 Loop Detection program Communication with the L2 loop detection program failed Re execute the command L2 Loop Detection is not configured L2 loop det...

Page 400: ...p list Clears the L2 loop detection statistics for the channel groups specified in list format in the specified link aggregation For details about how to specify channel group list see Specifiable values for parameters Operation when this parameter is omitted Clears all L2 loop detection statistics not limiting them to specific ports or specific channel groups Example The following figure is an ex...

Page 401: ...ality clears the statistics Using this command to clear statistics also clears the MIB information acquired by SNMP L2 Loop Detection is not configured L2 loop detection has not been set or the functionality has not been enabled Check the configuration Message Description ...

Page 402: ...detection logging Display items None Impact on communication None Response messages Table 14 8 List of response messages for the clear loop detection statistics command Notes None Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command Connection failed to L2 Loop Det...

Page 403: ...op detection program after displaying a confirmation message Example The following figure is an example of restarting the L2 loop detection program Figure 14 6 Example of restarting the L2 loop detection program restart loop detection L2 Loop Detection program restart OK y n y Display items None Impact on communication None Response messages Table 14 9 List of response messages for the restart loo...

Page 404: ...14 L2 Loop Detection 388 Core file l2ldd core If necessary back up the file in advance because the specified file is unconditionally overwritten if it already exists ...

Page 405: ...one Response messages Table 14 10 List of response messages for the dump protocols loop detection command Notes The storage directory and the name of the output dump file are as follows Storage directory usr var l2ld Output file l2ld_dump gz If necessary back up the file in advance because the specified file is unconditionally overwritten if it already exists Message Description Can t execute The ...

Page 406: ......

Page 407: ...2ping l2traceroute show cfm show cfm remote mep show cfm fault show cfm l2traceroute db show cfm statistics clear cfm remote mep clear cfm fault clear cfm l2traceroute db clear cfm statistics restart cfm dump protocols cfm ...

Page 408: ...y a configuration command ma no Specify the MA ID number whose connectivity you want to verify For this parameter you can specify an MA ID number that was set by using a configuration command mep mepid Specify the ID of the Switch s MEP from which you want to verify connectivity For this parameter you can specify an MEP ID that was set by a configuration command count count Sends loopback messages...

Page 409: ...hen the destination remote MEP ID is specified Level Domain level 0 to 7 MA MA ID number Configured MA ID number MEP MEP ID MEP ID for the Switch VLAN VLAN ID Source VLAN ID Time Send time yyyy mm dd hh mm ss year month day hour minute second count Test number Test number L2ping Reply from mac address MAC address of the replying MP The MAC address of the remote MEP or MIP that replied bytes Number...

Page 410: ...nd cannot be executed on a standby system Can t execute The command could not be executed Re execute the command CFM is not configured CFM has not been configured Check the configuration Connection failed to CFM program Communication with the CFM program failed Re execute the command No such Remote MEP The specified remote MEP is unknown Make sure the specified parameter is correct and then try ag...

Page 411: ...For this parameter you can specify an MA ID number that was set by using a configuration command mep mepid Specify the MEP ID of the Switch from which you want to verify the route For this parameter you can specify an MEP ID that was set by a configuration command timeout seconds Specify the wait time for a response in seconds The specifiable values are from 1 to 60 Operation when this parameter i...

Page 412: ...eplied during route verification Forwarded Linktrace message forwarded Indicates that the replying MP forwarded the linktrace message NotForwarded Linktrace message not forwarded Indicates that the replying MP did not forward the linktrace message Hit Reply from the destination remote MEP or MIP Indicates that the reply was from the destination remote MEP or MIP Transmission failure Transmission f...

Page 413: ... mep is specified the route is verified by using the MAC address that corresponds to the MEP ID Therefore even when the specified MEP ID does not exist due to a configuration change or another reason a reply is sent if an MEP or MIP has that MAC address Specified Domain Level is not configured The specified domain level has not been configured Make sure the specified parameter is correct and then ...

Page 414: ...ng to the conditions will be displayed summary Displays the number of MPs and CFM ports that can be accommodated Operation when this parameter is omitted All CFM information is displayed Example 1 The following figure is an example of displaying the CFM configuration information Figure 15 3 Example of displaying the CFM configuration information show cfm Date 2009 03 15 18 32 10 UTC Domain Level 3...

Page 415: ... has not been configured VLAN VLAN ID VLAN ID belonging to the MA is displayed if no VLANs have been configured CC Operating status of the CC Enable CC is enabled Disable CC is disabled Interval Interval for sending CCMs 1s The interval for sending CCMs is 1 second 10s The interval for sending CCMs is 10 seconds 1min The interval for sending CCMs is 1 minute 10min The interval for sending CCMs is ...

Page 416: ...us of failure detection on the MEP The highest level failure of the failures detected by MEP is displayed OtherCCM Indicates that a CCM was received from another MA ErrorCCM Indicates that a CCM that contains an invalid MEP ID or a CCM with an invalid transmission interval was received Timeout Indicates CCM timeout PortState Indicates that a CCM reporting a port failure was received RDI Indicates ...

Page 417: ...r of CFM ports Total number of VLAN ports to which CFM frames are sent out of primary VLANs for MA For MA for which only Down MEP is configured total number of Down MEP s VLAN ports For MA that contains Up MEPs total number of all VLAN ports of the primary VLAN Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The com...

Page 418: ...parameter has not been set information is displayed with no condition applied If multiple parameters are specified information conforming to the conditions will be displayed detail The following figure is an example of displaying detailed remote MEP information Operation when this parameter is omitted Summary information about the remote MEP is displayed Operation when all parameters are omitted S...

Page 419: ...s that the VLAN ID is used for the MA name MEP ID MEP ID for the Switch nif no port no Port number MEP port number CH channel group number Channel group number MEP channel group number Up The port is in Up status Indicates that the port is in Up status If link aggregation is used this means that the channel group is in Up status Down The port is in Down status Indicates that the port is in Down st...

Page 420: ...with the highest priority OtherCCM Indicates that a CCM was received from another MA ErrorCCM Indicates that a CCM that contains an invalid MEP ID or a CCM with an invalid transmission interval was received Timeout Indicates CCM timeout PortState Indicates that a CCM reporting a port failure was received RDI Indicates a CCM reporting failure detection was received is displayed if no failure has be...

Page 421: ... Indicates that a CCM was received from another MA ErrorCCM Indicates that a CCM that contains an invalid MEP ID or a CCM with an invalid transmission interval was received Timeout Indicates CCM timeout PortState Indicates that a CCM reporting a port failure was received RDI Indicates a CCM reporting failure detection was received is displayed if no failure has been detected RMEP Information Remot...

Page 422: ... Indicates that a failure is being detected is displayed if no failure has been detected Chassis ID Chassis ID of the remote MEP Displays the chassis ID information in the CCM that was last received Type Subtype for the chassis ID Type of the information displayed for Info CHAS COMP Indicates that entPhysicalAlias of the Entity MIB is displayed for Info CHAS IF Indicates that ifAlias of the interf...

Page 423: ...unication with the CFM program failed Re execute the command No such Remote MEP The specified remote MEP is unknown Make sure the specified parameter is correct and then try again Specified Domain Level is not configured The specified domain level has not been configured Make sure the specified parameter is correct and then try again Specified MA is not configured The specified MA ID has not been ...

Page 424: ...hen a parameter is omitted This command can display only the information relevant to the condition applied by a parameter that has been set If the parameter has not been set information is displayed with no condition applied If multiple parameters are specified information conforming to the conditions will be displayed detail Displays detailed information about a failure Operation when this parame...

Page 425: ...isplayed for detailed failure information Item Meaning Displayed information MD Domain level 0 to 7 MA MA ID number Configured MA ID number MEP MEP ID MEP ID for the Switch Fault A failure is being detected Cleared A failure has been cleared Time Time when a failure was detected The time when a failure was detected by the MEP If multiple failures have been detected the time each failure was detect...

Page 426: ...n A failure was found No failures were found RMEP Remote MEP ID Indicates the remoter MEP ID of the CCM that triggered failure detection MAC MAC address of the remote MEP VLAN VLAN that received a CCM Time Time when a failure was detected The time when a failure was detected yyyy mm dd hh mm ss year month day hour minute second Message Description Can t execute this command in standby system This ...

Page 427: ...ma no Specify the MA ID number to which the destination remote MEP or MIP belongs detail Displays detailed information about the route and the MP on the route Operation when this parameter is omitted Only the route information is displayed Operation when all parameters are omitted All route information in the linktrace database is displayed Example 1 The following figure is an example of displayin...

Page 428: ...012 e228 aa38 Action OK Egress Port MP Address 0012 e228 aa3b Action Down Item Meaning Displayed information L2traceroute to MP remote mp The MAC address of the destination remote MEP or MIP The MAC address of the destination remote MEP or MIP remote mac address When the MAC address of the destination remote MEP or MIP is specified remote mep id remote mac address When the destination remote MEP I...

Page 429: ...the destination remote MEP or MIP Indicates that the reply was from the destination remote MEP or MIP Last Egress ID of the source device that forwarded a linktrace message The MAC address that identifies the device that forwarded a linktrace message is displayed if this information is not found in the received linktrace reply Next Egress ID of the device that received a linktrace message The MAC ...

Page 430: ... MP that received a linktrace message The MAC address of the MP that received a linktrace message is displayed if this information is not found in the received linktrace reply Action Status of the port that received a linktrace message Displays the status of the MP port that received the linktrace message of each device OK Indicates normal status Down Indicates Down status Blcked Indicates Blocked...

Page 431: ...ices that exceeds the number of devices on the routes that can be registered in the linktrace database Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command CFM is not configured CFM has not been configured Check the configuration Connection failed to CFM program Co...

Page 432: ...condition applied If multiple parameters are specified information conforming to the conditions will be displayed Operation when all parameters are omitted All CFM statistics are displayed Example The following figure is an example of displaying CFM statistics Figure 15 11 Example of displaying CFM statistics show cfm statistics domain level 3 Date 2009 03 15 18 32 10 UTC Domain Level 3 Name str P...

Page 433: ...s that the port is in Up status If link aggregation is used this means that the channel group is in Up status Down The port is in Down status Indicates that the port is in Down status If link aggregation is used this means that the channel group is in Down status CFM Operating status of CFM on a port The operating status of CFM on a port to which MEP belongs Enable Indicates that CFM on the port i...

Page 434: ... or a linktrace A loopback message whose destination MAC address is not the MAC address for the receiving MIP for an MIP LBR Tx Number of loopback replies that have been sent Rx Number of loopback replies that have been received is displayed for MIP RxDiscard Number of loopback replies that have been discarded For an MEP the following loopback replies are discarded A loopback reply with an invalid...

Page 435: ...fferent from the value in the linktrace message A linktrace reply that was received after the wait time for a response that was set by an operation command expired is displayed for MIP Other RxDiscard Number of other CFM PDUs that have been discarded The following CFM PDUs are counted Unsupported CFM PDUs Loopback replies and linktrace replies received by MIP Message Description Can t execute this...

Page 436: ...15 CFM 420 Notes None ...

Page 437: ...tion applied by a parameter that has been set If no parameter is specified information is cleared without being limited by any conditions If multiple parameters are specified the information conforming to the conditions will be cleared Operation when all parameters are omitted All remote MEP information is cleared Example The following figure is an example of clearing remote MEP information Figure...

Page 438: ... 422 Notes None CFM is not configured CFM has not been configured Check the configuration Connection failed to CFM program Communication with the CFM program failed Re execute the command Message Description ...

Page 439: ...ions If multiple parameters are specified the information conforming to the conditions will be cleared Operation when all parameters are omitted All failure information is cleared Example The following figure is an example of clearing CFM failure information Figure 15 13 Example of clearing CFM failure information clear cfm fault Display items None Impact on communication None Response messages Ta...

Page 440: ...15 CFM 424 Notes None ...

Page 441: ... cfm l2traceroute db Display items None Impact on communication None Response messages Table 15 21 List of response messages for the clear cfm l2traceroute db command Notes None Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command CFM is not configured CFM has not ...

Page 442: ...s see Specifiable values for parameters channel group number channel group list Clears CFM statistics for the channel groups specified in list format in the specified link aggregation For details about how to specify channel group list see Specifiable values for parameters Operation when a parameter is omitted This command can clear only the information relevant to the condition applied by a param...

Page 443: ... Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command CFM is not configured CFM has not been configured Check the configuration Connection failed to CFM program Communication with the CFM program failed Re execute the command ...

Page 444: ...rts the CFM program after displaying a confirmation message Example The following figure is an example of restarting the CFM program Figure 15 16 Example of restarting the CFM program restart cfm CFM program restart OK y n y Display items None Impact on communication None Response messages Table 15 23 List of response messages for the restart cfm command Notes The storage directory and the name of...

Page 445: ...15 CFM 429 If necessary back up the file in advance because the specified file is unconditionally overwritten if it already exists ...

Page 446: ...e 15 24 List of response messages for the dump protocols cfm command Notes The storage directory and the name of the output dump file for the collected information are as follows Storage directory usr var cfm Output file cfmd_dump gz If necessary back up the file in advance because the specified file is unconditionally overwritten if it already exists Message Description Can t execute The command ...

Page 447: ...etwork Management Chapter 16 SNMP show snmp show snmp pending snmp lookup snmp get snmp getnext snmp walk snmp getif snmp getroute snmp getarp snmp getforward snmp rget snmp rgetnext snmp rwalk snmp rgetroute snmp rgetarp ...

Page 448: ...p Input mode User mode and administrator mode Parameters None Example Figure 16 2 Example of executing the show snmp command show snmp Date 2011 12 27 15 06 08 UTC Contact Suzuki example com Location ServerRoom SNMP packets input 137 get 417 set 2 Get request PDUs 18 Get next PDUs 104 Get bulk PDUs 0 Set request PDUs 6 Response PDUs 3 with error 0 Error PDUs 7 Bad SNMP version errors 1 Unknown com...

Page 449: ...r contact configuration command Location Indicates the name of the location where the Switch is installed Value set by the snmp server location configuration command SNMP packets input Indicates the snmpInPkts value total number of received SNMP messages get Indicates the snmpInTotalReqVars value total number of MIB objects for which a MIB was successfully collected set Indicates the snmpInTotalSe...

Page 450: ...nt Inform request PDUs 0 to 4294967295 Response PDUs Indicates the snmpOutGetResponses value total number of sent GetResponse PDUs with error Indicates the number of PDUs of the sent GetResponse PDUs whose error status is not noError 0 to 4294967295 No errors Indicates the total number of sent PDUs whose error status is noError 0 to 4294967295 Too big errors Indicates the snmpOutTooBigs value tota...

Page 451: ...er of the snmp server informs configuration command Host Indicates the inform event destination Value set by the manager address parameter of the snmp server host configuration command VRF OP NPAR Indicates the VRF ID Value set by the vrf parameter of the snmp server host configuration command sent Indicates the number of inform events bound for the SNMP manager that sent InformRequest PDUs 0 to 4...

Page 452: ...true even when MIBs are acquired by using SNMP operation commands 3 If inform events bound for the SNMP manager occur after a coldStart inform event is issued due to startup of the switch issuance of inform events for the SNMP manager is suppressed until the response to the coldStart inform event is received The inform events that are bound for SNMP manager and that have not yet been issued are co...

Page 453: ...onds 30 Display items Table 16 3 Items displayed when the show snmp pending command is executed Impact on communication None Response messages Table 16 4 List of response messages for the show snmp pending command Item Meaning Displayed information Req ID Request ID Dest Destination SNMP manager Value set by the manager address parameter of the snmp server host configuration command VRF OP NPAR VR...

Page 454: ...12 27 17 06 10 UTC Req ID 88 Dest 192 168 0 1 Remaining Retry 0 Expires in seconds 0 Req ID 89 Dest 192 168 0 2 Remaining Retry 0 Expires in seconds 0 Req ID 90 Dest 192 168 0 3 Remaining Retry 0 Expires in seconds 0 Can t execute The command could not be executed Re execute the command Connection failed to SNMP program Communication with the SNMP program failed Re execute the command no entries T...

Page 455: ... object names are listed in dot notation Example Figure 16 4 Example of executing the snmp lookup command snmp lookup sysDescr sysDescr 1 3 6 1 2 1 1 1 snmp lookup iso 1 org 1 3 dod 1 3 6 internet 1 3 6 1 mgmt 1 3 6 1 2 Display items Supported MIB object names and object IDs are displayed in the object name object ID format Impact on communication None Response messages Table 16 5 List of response...

Page 456: ...command Item Meaning Displayed information Name Object instance Value Object instance value Message Description SNMP agent IP address host unknown An invalid SNMP agent address was specified Cannot translate variable class MIB Object Name The object name MIB Object Name is invalid Error code set in packet General error Number A response from the applicable SNMP agent indicating that the specified ...

Page 457: ...se status code Code which is undefined non standard was received error parsing packet An SNMP frame in an invalid format was received error parsing pdu packet A frame that contains an SNMP PDU frame format error was received make_obj_id_from_dot bad character x y z An object ID specified in dot notation contains invalid characters such as x y and z No response retrying The command is being retried...

Page 458: ...mp getnext command is executed Impact on communication None Response messages Table 16 9 List of response messages for the snmp getnext command Item Meaning Displayed information Name Object instance following the specified one Value Object instance value following the specified one Message Description SNMP agent IP address host unknown An invalid SNMP agent address was specified Cannot translate ...

Page 459: ...r Error code set in packet Return packet too big The response indicating that an attempt to return a MIB value exceeding the allowable size was made in the applicable SNMP agent was returned Error code set in packet Unknown status code Code An SNMP frame containing response status code Code which is undefined non standard was received error parsing packet An SNMP frame in an invalid format was rec...

Page 460: ... the snmp walk command snmp walk interfaces Name ifNumber 0 Value 3 Name ifIndex 1 Value 1 Name ifIndex 2 Value 2 Name ifIndex 3 Value 3 Name ifDescr 1 Value loopback Name ifDescr 10 Value Gigabitether 0 1 Display items Table 16 10 Items displayed when the snmp walk command is executed Impact on communication None Response messages Table 16 11 List of response messages for the snmp walk command It...

Page 461: ...pecified object ID is not managed was returned The object ID specified at the following position is not managed Number The object ID specified at the following position is not managed Number Error code set in packet Return packet too big The response indicating that an attempt to return a MIB value exceeding the allowable size was made in the applicable SNMP agent was returned Error code set in pa...

Page 462: ... up dwn 601 854 6 7 Display items Table 16 12 Items displayed when the snmp getif command is executed Item Meaning Displayed information Indicates the ifIndex number Type Indicates the interface type ifType other A type other than the following types Ethernet loopback local loopback l2vlan LA PhysAddr Indicates a physical address of an interface ifPhysAddress Adm Indicates the interface status of ...

Page 463: ...uch variable name Index Number A response from the applicable SNMP agent indicating that the specified object ID is not managed was returned The object ID specified at the following position is not managed Number The object ID specified at the following position is not managed Number Error code set in packet Return packet too big The response indicating that an attempt to return a MIB value exceed...

Page 464: ... 0 direct local 720 Display items Table 16 14 Items displayed when the snmp getroute command is executed Item Meaning Displayed information Index Indicates the interface number used for reaching the next hop on this route ipRouteIfIndex Destination Indicates the destination IP address on this route ipRouteDest NextHop Indicates the IP address of the next hop for the destination of this route ipRou...

Page 465: ...ame Index Number A response from the applicable SNMP agent indicating that the specified object ID is not managed was returned The object ID specified at the following position is not managed Number The object ID specified at the following position is not managed Number Error code set in packet Return packet too big The response indicating that an attempt to return a MIB value exceeding the allowa...

Page 466: ...16 SNMP 450 appears and the MIB cannot be acquired ...

Page 467: ...nformation Index Indicates the interface number that has this ARP information ipNetToMediaIfIndex Network Address Indicates the IP address corresponding to a physical address ipNetToMediaNetAddress Physical Address Indicates a physical address ipNetToMediaPhysAddress Type Indicates the type of mapping ipNetToMediaType other Mapping other than the following types invalid invalid mapping dynamic dyn...

Page 468: ...mber Error code set in packet Return packet too big The response indicating that an attempt to return a MIB value exceeding the allowable size was made in the applicable SNMP agent was returned Error code set in packet Unknown status code Code An SNMP frame containing response status code Code which is undefined non standard was received error parsing packet An SNMP frame in an invalid format was ...

Page 469: ...S 1210 10 10 10 0 24 10 10 10 1 0 local local 855 0 VRF 4 Index Destination NextHop Metric1 Type Proto Age NH AS 1211 20 1 1 0 24 20 1 1 1 0 local local 855 0 1212 20 20 20 0 24 20 20 20 1 0 local local 855 0 Display items Table 16 18 Items displayed when the snmp getforward command is executed Item Meaning Displayed information Index Indicates the identifier of the local interface connected to th...

Page 470: ...Destination Indicates the destination address of this route axsVrfIpFwDest and the mask for ANDing with the destination axsVrfIpFwMask displayed as a mask length NextHop Indicates the address of the next system on this route axsVrfIpFwNextHop Metric1 Indicates the metric for this route axsVrfIpFwMetric1 Type Indicates the type of the route axsVrfIpFwType local local remote remote invalid invalid o...

Page 471: ...rom the applicable SNMP agent indicating that the specified object ID is not managed was returned The object ID specified at the following position is not managed Number The object ID specified at the following position is not managed Number Error code set in packet Return packet too big The response indicating that an attempt to return a MIB value exceeding the allowable size was made in the appl...

Page 472: ...le name Specify an object name of MIB or an object in dot notation Example Figure 16 12 Example of executing the snmp rget command snmp rget version 2 192 168 11 35 public sysObjectID 0 Name sysObjectID 0 Value ax6300s Display items Table 16 21 Items displayed when the snmp rget command is executed Impact on communication None Response messages Table 16 22 List of response messages for the snmp rg...

Page 473: ... the applicable SNMP agent was returned Error code set in packet Unknown status code Code An SNMP frame containing response status code Code which is undefined non standard was received error parsing packet An SNMP frame in an invalid format was received error parsing pdu packet A frame that contains an SNMP PDU frame format error was received make_obj_id_from_dot bad character x y z An object ID ...

Page 474: ...ariable name Specify an object name of MIB or an object in dot notation Example Figure 16 13 Example of executing the snmp rgetnext command snmp rgetnext version 2 192 168 11 35 public sysObjectID 0 Name sysUpTime 0 Value 27603450 Display items Table 16 23 Items displayed when the snmp rgetnext command is executed Impact on communication None Response messages Table 16 24 List of response messages...

Page 475: ...packet too big The response indicating that an attempt to return a MIB value exceeding the allowable size was made in the applicable SNMP agent was returned Error code set in packet Unknown status code Code An SNMP frame containing response status code Code which is undefined non standard was received error parsing packet An SNMP frame in an invalid format was received error parsing pdu packet A f...

Page 476: ...d 1 is specified ip address Specify the IP address of the device which is remotely accessed community Specify the community name of the remote device variable name Specify an object name of MIB or an object in dot notation Example Figure 16 14 Example of executing the snmp rwalk command snmp rwalk version 2 192 168 11 35 public ifDescr Name ifDescr 1 Value loopback Name ifDescr 10 Value 1000BASE X...

Page 477: ...e following position is not managed Number The object ID specified at the following position is not managed Number Error code set in packet Return packet too big The response indicating that an attempt to return a MIB value exceeding the allowable size was made in the applicable SNMP agent was returned Error code set in packet Unknown status code Code An SNMP frame containing response status code ...

Page 478: ...1 30 101 public Index Destination NextHop Metric1 Type Proto Age 2 20 0 0 0 20 1 1 1 0 direct local 180 2 20 1 1 0 20 1 1 1 0 direct local 720 Display items Table 16 27 Items displayed when the snmp rgetroute command is executed Item Meaning Displayed information Index Indicates the interface number used for reaching the next hop on this route ipRouteIfIndex Destination Indicates the destination I...

Page 479: ...object ID specified at the following position is not managed Number Error code set in packet Return packet too big The response indicating that an attempt to return a MIB value exceeding the allowable size was made in the applicable SNMP agent was returned Error code set in packet Unknown status code Code An SNMP frame containing response status code Code which is undefined non standard was receiv...

Page 480: ...ere are too many interfaces on the target Switch it takes time for searching MIB information for ipRouteTable and a timeout might occur If that happens use the snmp rgetnext command to acquire the ipRouteTable information ...

Page 481: ...and snmp rgetarp 20 1 30 101 public Index Network Address Physical Address Type 4 12 1 1 99 0012 e258 8860 static 1 112 1 1 99 0012 e258 8870 static Display items Table 16 29 Items displayed when the snmp rgetarp command is executed Impact on communication None Item Meaning Displayed information Index Indicates the interface number that has this ARP information ipNetToMediaIfIndex Network Address ...

Page 482: ... The object ID specified at the following position is not managed Number Error code set in packet Return packet too big The response indicating that an attempt to return a MIB value exceeding the allowable size was made in the applicable SNMP agent was returned Error code set in packet Unknown status code Code An SNMP frame containing response status code Code which is undefined non standard was r...

Page 483: ...467 Chapter 17 sFlow show sflow clear sflow statistics restart sflow dump sflow ...

Page 484: ...or data Collector IP address 192 168 4 199 UDP 6343 Source IP address 130 130 130 1 Send FlowSample UDP packets 12077 Send failed packets 0 Send CounterSample UDP packets 621 Send failed packets 0 Collector IP address 192 168 4 203 UDP 65535 Source IP address 130 130 13 0 1 Send FlowSample UDP packets 12077 Send failed packets 0 Send CounterSample UDP packets 621 Send failed packets 0 Figure 17 2 ...

Page 485: ...packet CounterSample interval rate Sending interval in seconds between counter samples Default configured rate Sampling interval for the entire Switch set in the configuration Default actual rate Actual sampling interval for the entire Switch Configured sFlow ingress ports Ports for which sflow ingress is set in the configuration and on which sFlow statistics are collected Configured sFlow egress ...

Page 486: ...t number used to determine if a packet is an HTTP packet when URL information is used for the extended data format Sampling mode Sampling method random number Collection at a rate random numbers according to the sampling interval Sampling rate to collector Recommended sampling interval at which no packets are discarded If there are problems at the current sampling interval an applicable value is d...

Page 487: ...being accumulated in the queue whose To CPU queue number which is displayed by executing the show qos queueing command is 1 and queueing priority is 4 is also cleared Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command sflow doesn t seem to be running This command...

Page 488: ...ication None Response messages Table 17 4 List of response messages for the restart sflow command Notes The counter value for statistics is cleared when the flow statistics program is restarted The storage directory and the name of the core file are as follows Storage directory usr var core Core file flowd core If a file with this name already exists the file is overwritten unconditionally Back up...

Page 489: ...ws Storage directory usr var flowd File sflow trc If a file with this name already exists the file is overwritten unconditionally Back up the file in advance if necessary Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command sflow doesn t seem to be running This com...

Page 490: ......

Page 491: ...475 PART 9 Management of Neighboring Device Information Chapter 18 LLDP show lldp show lldp statistics clear lldp clear lldp statistics restart lldp dump protocols lldp ...

Page 492: ...l parameters are omitted The LLDP configuration information for the Switch and all neighboring device information are displayed in a simplified format Example 1 The following figure is an example of displaying the LLDP configuration information in a simplified format Figure 18 1 Example of displaying the LLDP configuration information and neighboring device information in a simplified format show ...

Page 493: ...8 248 220 2 TTL 100 Chassis ID Type MAC Info 0012 e268 2c2d System Name LLDP3 System Description ALAXALA AX6300S AX 6300 S08 AX6308S Switching so ftware Ver 10 2 OS SE Chassis ID Chassis ID of the Switch Type Subtype for the chassis ID MAC Indicates that a MAC address is displayed for Info Info Information about the chassis ID MAC address of the Switch Interval Time Interval for sending LDPDUs tha...

Page 494: ...econds 5 to 32768 Hold Count Multiplier for Interval Time used for calculating the LDPDU retention time to be reported to neighboring devices 2 to 10 TTL LDPDU retention time to be reported to neighboring devices 10 to 65535 System Name System name of the Switch A character string set by using the name parameter of the system command This item is not displayed if the information has not been set i...

Page 495: ...in the configuration Tagged VLAN ID for the VLAN to which an IP address has been assigned The smallest ID is displayed if multiple IDs have been assigned ip address IP address that has been assigned An IP address assigned to the VLAN that is described in the previous item TTL Remaining LDPDU retention time in seconds 0 to 65535 Chassis ID Chassis ID of the neighboring device Type Subtype for the c...

Page 496: ...neighboring device IPv4 This item is not displayed if it has not been reported Tagged VLAN ID for the VLAN to which an IP address has been assigned The smallest ID is displayed if multiple IDs have been assigned ip address IP address that has been assigned An IP address assigned to the VLAN that is described in the previous item IPv6 Address IP address assigned to the neighboring device IPv6 This ...

Page 497: ...18 LLDP 481 Notes None ...

Page 498: ... Rx 1294 Invalid 0 Discard TLV TLVs 0 LDPDUs 0 Port 1 2 LDPDUs Tx 890 Rx 547 Invalid 0 Discard TLV TLVs 0 LDPDUs 0 Port 1 3 LDPDUs Tx 0 Rx 0 Invalid 0 Discard TLV TLVs 0 LDPDUs 0 Display items Table 18 4 Items displayed for LLDP statistics Item Meaning Displayed information Port counts Number of ports subject to this statistics Port Port number nif no port no LDPDUs Statistics for frames 0 is disp...

Page 499: ...dby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command Connection failed to LLDP program Communication with the LLDP program failed Re execute the command If the failure occurs frequently use the restart lldp command to restart the LLDP program LLDP is not configured LLDP has not been configured Check the configuration ...

Page 500: ...ample Figure 18 4 Example of executing the clear lldp command clear lldp Display items None Impact on communication None Response messages Table 18 6 List of response messages for the clear lldp command Notes None Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the comman...

Page 501: ...he clear lldp statistics command clear lldp statistics Display items None Impact on communication None Response messages Table 18 7 List of response messages for the clear lldp statistics command Notes None Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command Conne...

Page 502: ...rts the LLDP program after displaying a confirmation message Example Figure 18 6 Example of restarting the LLDP program restart lldp LLDP restart OK y n y Display items None Impact on communication None Response messages Table 18 8 List of response messages for the restart lldp command Notes The storage directory and the name of the core file are as follows Storage directory usr var core Core file...

Page 503: ...18 LLDP 487 If a file with this name already exists the file is overwritten unconditionally Therefore back up the file in advance if necessary ...

Page 504: ... name of the output dump file are as follows Storage directory usr var lldp File lldpd_dump gz If a file with this name already exists the file is overwritten unconditionally Therefore back up the file in advance if necessary Message Description Can t execute The command could not be executed Re execute the command Connection failed to LLDP program Communication with the LLDP program failed Re exe...

Page 505: ...489 Chapter 19 OADP show oadp show oadp statistics clear oadp clear oadp statistics restart oadp dump protocols oadp ...

Page 506: ... neighboring device information for all channel groups is displayed device id device id Displays neighboring device information for the specified device ID Operation when this parameter is omitted All neighboring device information is displayed detail Displays OADP CDP configuration information for the Switch and neighboring device information in detail Operation when this parameter is omitted OAD...

Page 507: ... Date 2006 03 09 19 50 40 UTC OADP CDP status Enabled Disabled Device ID OADP 1 Interval Time 60 Hold Time 180 ignore vlan 2 4 10 Enabled Port 1 1 5 16 20 CH 10 Total Neighbor Counts 1 Local VID Holdtime Remote VID Device ID Capability Platform 1 16 0 9 1 1 0 OADP 3 RS AX6308S Capability Codes R Router T Trans Bridge B Source Route Bridge S Switch H Host I IGMP r Repeater Display items in Example ...

Page 508: ...DP functionality is enabled on the Switch NIF number port number channel group number Total Neighbor Counts Number of neighboring devices whose information is retained by the Switch 0 to 250 Local Received port number NIF number port number channel group number VID VLAN ID of the IEEE802 1Q VLAN Tag attached to the receive frame VLAN ID Holdtime Remaining retention time for neighboring device info...

Page 509: ... Paused The OADP CDP functionality is being paused Interval Time Interval for sending OADP frames that has been set on the Switch in seconds 5 to 254 Hold Time OADP frame retention time to be reported to neighboring devices in seconds 10 to 255 ignore vlan VLANs that ignore OADP PDUs VLAN ID list Enabled Port Information about ports where the OADP functionality is enabled on the Switch NIF number ...

Page 510: ...d of a port sent from a neighboring device Example 10M 10Mbit s 1G 1Gbit s Duplex Duplex information for a port sent from a neighboring device FULL or HALF Version Version information about neighboring devices Version information Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re ex...

Page 511: ...n when this parameter is omitted OADP statistics for all channel groups are displayed Operation when all parameters are omitted Statistics for all OADP CDP frames are displayed by port Example Figure 19 3 Example of displaying OADP CDP statistics show oadp statistics Date 2006 03 09 23 12 23 UTC Port Counts 3 Port 1 6 OADP PDUs Tx 9 OADP CDP PDUs Rx 14 RX PDUs OADP 6 CDPv1 0 CDPv2 8 Discard ERR He...

Page 512: ...or error frames Head Number of header error PDUs 0 to 4294967295 cksum Number of checksum error PDUs 0 to 4294967295 capacity Number of PDUs exceeding the accommodation limit 0 to 4294967295 Message Description Can t execute this command in standby system This command cannot be executed on a standby system Can t execute The command could not be executed Re execute the command Connection failed to ...

Page 513: ...oup list see Specifiable values for parameters Operation when this parameter is omitted The neighboring device information for all channel group numbers is cleared Operation when all parameters are omitted Information about all neighboring devices retained on the Switch is cleared Example Figure 19 4 Example of executing the clear oadp command clear oadp Display items None Impact on communication ...

Page 514: ...19 OADP 498 Notes None OADP is not configured OADP has not been configured Check the configuration Message Description ...

Page 515: ...list see Specifiable values for parameters Operation when this parameter is omitted OADP CDP statistics for all channel groups are cleared Operation when all parameters are omitted All OADP CDP statistics for the Switch are cleared Example Figure 19 5 Example of executing the clear oadp statistics command clear oadp statistics Display items None Impact on communication None Response messages Table...

Page 516: ...19 OADP 500 Notes None OADP is not configured OADP has not been configured Check the configuration Message Description ...

Page 517: ...tted Restarts the OADP program after displaying a confirmation message Example Figure 19 6 Example of restarting the OADP program restart oadp OADP restart OK y n y Display items None Impact on communication None Response messages Table 19 8 List of response messages for the restart oadp command Notes The storage directory and the name of the core file are as follows Storage directory usr var core...

Page 518: ...19 OADP 502 Core file oadpd core If necessary back up the file in advance because the specified file is unconditionally overwritten if it already exists ...

Page 519: ...ry and the name of the output dump file are as follows Storage directory usr var oadp File oadpd_dump gz If necessary back up the file in advance because the specified file is unconditionally overwritten if it already exists Message Description Can t execute The command could not be executed Re execute the command Connection failed to OADP Communication with the OADP program failed Re execute the ...

Page 520: ......

Page 521: ...t list 94 clear vrrpstatus IPv4 331 clear vrrpstatus IPv6 349 clear web authentication auth state 175 clear web authentication html files 183 clear web authentication logging 167 clear web authentication statistics 168 command description format 2 commit mac authentication 216 commit web authentication 169 D debug access log 32 dump access log 29 dump protocols cfm 430 dump protocols dhcp snooping...

Page 522: ... authentication 203 show mac authentication logging 190 show mac authentication login 188 show mac authentication mac address 218 show mac authentication statistics 206 show oadp 490 show oadp statistics 495 show qos queueing 44 show qos queueing distribution 57 show qos queueing interface 68 show qos queueing to cpu 74 show qos flow 36 show sflow 468 show shaper 81 show shaper port list 88 show s...

Reviews: