manualshive.com logo in svg

Alied Telesis GS970M/10, Command Reference Manual

Share
Download
Alied Telesis GS970M/10 Command Reference Manual Download Page 856

C613-50163-01 Rev C

Command Reference for GS970M Series

856

AlliedWare Plus™ Operating System - Version 5.4.7-0.x

IP

V

4 H

ARDWARE

 A

CCESS

 C

ONTROL

 L

IST

 (ACL) C

OMMANDS

ACCESS

-

LIST

 (

NUMBERED

 

HARDWARE

 ACL 

FOR

 IP 

PACKETS

)

access-list (numbered hardware ACL for IP 
packets)

Overview

This command creates an access-list for use with hardware classification. The 
access-list will match on packets that have the specified source and destination IP 
addresses. You can use the value 

any

 instead of source or destination address if an 

address does not matter.

Once you have configured the ACL, you can use the 

access-group

 or the 

match 

access-group

 command to apply this ACL to a port, VLAN or QoS class-map.

The optional 

vlan

 parameter can be used to match tagged (802.1q) packets.

The 

no

 variant of this command removes the previously specified IP hardware 

access-list.

Syntax

access-list <

3000-3699

> <

action

> ip <

source-ip

> <

dest-ip

> [vlan 

<

1-4094

>]

no access-list <

3000-3699

Table 27-2:  IP and ICMP parameters in 

access-list (hardware IP numbered)

  

Parameter

Description

<

3000-3699

>

An ID number for this hardware IP access-list.

<action>

The action that the switch will take on matching packets:

deny

Reject packets that match the 
source and destination filtering 
specified with this command.

permit

Permit packets that match the 
source and destination filtering 
specified with this command.

copy-to-cpu

Send a copy of matching packets to 
the CPU.

copy-to-mirror

Send a copy of matching packets to 
the mirror port.
Use the 

mirror interface

 command 

to configure the mirror port.

send-to-mirror

Send matching packets to the mirror 
port.
Use the 

mirror interface

 command 

to configure the mirror port.

send-to-cpu

Send matching packets to the CPU.

ip

Match against IP packets

<source-ip>

The source addresses to match against. You can specify a single 
host, a subnet, or all source addresses. The following are the valid 
formats for specifying the source:

Summary of Contents for GS970M/10

Page 1: ...C613 50163 01 Rev C CentreCOM GS970M Series MANAGED GIGABIT ETHERNET SWITCH Command Reference for AlliedWare Plus Version 5 4 7 0 x GS970M 10 GS970M 10PS GS970M 18 GS970M 18PS GS970M 28 GS970M 28PS...

Page 2: ...uction and shipping costs and a CD with the GPL code will be mailed to you GPL Code Request Allied Telesis Labs Ltd PO Box 8011 Christchurch New Zealand Allied Telesis AlliedWare Plus Allied Telesis M...

Page 3: ...do 69 enable Privileged Exec mode 70 end 72 exit 73 help 74 logout 75 show history 76 Chapter 2 File and Configuration Management Commands 77 Introduction 77 autoboot enable 80 boot config file 81 boo...

Page 4: ...clear line console 129 clear line vty 130 enable password 131 enable secret 134 exec timeout 137 flowcontrol hardware asyn console 139 length asyn 141 line 142 privilege level 144 security password hi...

Page 5: ...e http 180 show http 181 Chapter 7 System Configuration and Monitoring Commands 182 Introduction 182 banner exec 184 banner login system 186 banner motd 188 clock set 190 clock summer time date 191 cl...

Page 6: ...g sensitivity 249 show system fiber monitoring 251 show system pluggable 254 show system pluggable detail 256 show system pluggable diagnostics 259 show test cable diagnostics tdr 261 test cable diagn...

Page 7: ...10 Scripting Commands 337 Introduction 337 activate 338 echo 339 wait 340 Chapter 11 Interface Commands 341 Introduction 341 description interface 342 interface to configure 343 mru 345 mtu 347 show...

Page 8: ...ress table logging 402 mac address table static 403 mac address table thrash limit 404 platform load balancing 405 platform stop unreg mc flooding 406 platform vlan stacking tpid 408 polarity 409 show...

Page 9: ...cking double tagging 467 switchport voice dscp 468 switchport voice vlan 469 switchport voice vlan priority 471 vlan 472 vlan access map 473 vlan database 474 vlan filter 475 Chapter 16 Spanning Tree...

Page 10: ...stance path cost 533 spanning tree mst instance priority 535 spanning tree mst instance restricted role 536 spanning tree mst instance restricted tcn 538 spanning tree path cost 539 spanning tree port...

Page 11: ...wer inline interface 597 show power inline interface detail 599 PART 3 Layer 3 Switching 602 Chapter 19 IP Addressing and Protocol Commands 603 Introduction 603 arp aging timeout 605 arp mac disparity...

Page 12: ...ipv6 nd suppress ra 665 ipv6 neighbor 666 ipv6 opportunistic nd 667 ipv6 route 668 ipv6 unreachables 669 ping ipv6 670 show ipv6 forwarding 671 show ipv6 interface brief 672 show ipv6 neighbors 673 s...

Page 13: ...6 passive interface RIP 727 recv buffer size RIP 728 redistribute RIP 729 restart rip graceful 730 rip restart grace period 731 route RIP 732 router rip 733 send lifetime 734 show debugging rip 736 sh...

Page 14: ...version 784 show debugging igmp 785 show ip igmp groups 786 show ip igmp interface 788 show ip igmp snooping mrouter 790 show ip igmp snooping routermode 791 show ip igmp snooping statistics 792 unde...

Page 15: ...st numbered hardware ACL for IP packets 856 access list numbered hardware ACL for IP protocols 859 access list numbered hardware ACL for MAC addresses 863 access list numbered hardware ACL for TCP or...

Page 16: ...s 952 default action 953 description QoS policy map 954 egress rate limit 955 match access group 956 match cos 958 match dscp 959 match eth format protocol 960 match inner cos 963 match inner vlan 964...

Page 17: ...1x initialize supplicant 1018 dot1x keytransmit 1019 dot1x max auth fail 1020 dot1x max reauth req 1022 dot1x port control 1024 dot1x timeout tx period 1026 show debugging dot1x 1028 show dot1x 1029 s...

Page 18: ...3 auth web server host name 1114 auth web server intercept port 1115 auth web server ipaddress 1116 auth web server page language 1117 auth web server login url 1118 auth web server page logo 1119 aut...

Page 19: ...tication auth web 1176 aaa authentication dot1x 1178 aaa authentication enable default group tacacs 1180 aaa authentication enable default local 1182 aaa authentication login 1183 aaa authorization co...

Page 20: ...e 1248 copy local radius user db from file 1250 copy local radius user db to file 1251 crypto pki enroll local deleted 1252 crypto pki enroll local local radius all users deleted 1253 crypto pki enrol...

Page 21: ...ject name trustpoint configuration 1306 Chapter 37 TACACS Commands 1308 Introduction 1308 authorization commands 1309 aaa authorization commands 1311 aaa authorization config commands 1313 ip tacacs s...

Page 22: ...source binding 1368 PART 6 Network Availability 1369 Chapter 39 Ethernet Protection Switched Ring EPSRing Commands 1370 Introduction 1370 debug epsr 1372 epsr 1373 epsr configuration 1374 epsr datavl...

Page 23: ...up synchronize 1431 atmf cleanup 1432 atmf container 1433 atmf container login 1434 atmf controller 1435 atmf distribute firmware 1436 atmf domain vlan 1438 atmf enable 1441 atmf group membership 1442...

Page 24: ...how atmf area nodes detail 1522 show atmf area summary 1524 show atmf authorization 1525 show atmf backup 1528 show atmf backup area 1532 show atmf backup guest 1534 show atmf container 1536 show atmf...

Page 25: ...cess group deprecated 1618 ntp authenticate 1619 ntp authentication key 1620 ntp broadcastdelay 1621 ntp discard 1622 ntp peer 1623 ntp restrict 1625 ntp server 1627 ntp source 1629 ntp trusted key de...

Page 26: ...1688 lldp med notifications 1689 lldp med tlv select 1690 lldp non strict med tlv order check 1693 lldp notification interval 1694 lldp notifications 1695 lldp port number type 1696 lldp reinit 1697 l...

Page 27: ...H 1763 clear ssh 1764 crypto key destroy hostkey 1765 crypto key destroy userkey 1766 crypto key generate hostkey 1767 crypto key generate userkey 1769 crypto key pubkey chain knownhosts 1770 crypto k...

Page 28: ...28 time trigger 1829 trap 1831 trigger 1832 trigger activate 1833 type atmf node 1834 type card 1837 type cpu 1838 type interface 1839 type memory 1840 type periodic 1841 type ping poll 1842 type rebo...

Page 29: ...1871 debug sflow 1872 debug sflow agent 1873 sflow agent address 1874 sflow collector address 1876 sflow collector max datagram size 1878 sflow enable 1879 sflow max header size 1880 sflow polling int...

Page 30: ...d hardware ACL ICMP entry 872 named hardware ACL IP packet entry 876 named hardware ACL IP protocol entry 880 named hardware ACL MAC entry 886 named hardware ACL TCP or UDP entry 889 aaa accounting au...

Page 31: ...access list numbered hardware ACL for IP packets 856 access list numbered hardware ACL for IP protocols 859 access list numbered hardware ACL for MAC addresses 863 access list numbered hardware ACL fo...

Page 32: ...1421 atmf backup guests enable 1422 atmf backup guests now 1423 atmf backup guests synchronize 1424 atmf backup now 1425 atmf backup redundancy enable 1427 atmf backup server 1428 atmf backup stop 143...

Page 33: ...te login 1475 atmf restricted login 1477 atmf secure mode certificate expire 1481 atmf secure mode certificate expiry 1482 atmf secure mode certificate renew 1483 atmf secure mode enable all 1484 atmf...

Page 34: ...ep enable 1088 authentication 1241 auth mac accounting 1091 auth mac authentication 1092 auth mac enable 1093 auth mac method 1095 auth mac password 1097 auth mac reauth relearning 1098 auth mac usern...

Page 35: ...erver ping poll interval 1126 auth web server ping poll reauth timer refresh 1127 auth web server ping poll timeout 1128 auth web server port 1129 auth web server redirect delay time 1130 auth web ser...

Page 36: ...gmp 747 clear ip mroute statistics 821 clear ip mroute 820 clear ip rip route 698 clear ipv6 mld group 797 clear ipv6 mld interface 798 clear ipv6 mld 796 clear ipv6 mroute statistics 823 clear ipv6 m...

Page 37: ...client trustpoint 1246 clock set 190 clock summer time date 191 clock summer time recurring 193 clock timezone 195 commit IPv4 893 configure terminal 67 copy filename 87 copy current software 89 copy...

Page 38: ...crypto pki export local pem deleted 1255 crypto pki export local pkcs12 deleted 1256 crypto pki export pem 1289 crypto pki export pkcs12 1290 crypto pki import pem 1292 crypto pki import pkcs12 1294 c...

Page 39: ...nt 1774 debug ssh server 1775 debug trigger 1816 default log buffered 269 default log console 270 default log email 271 default log host 272 default log monitor 273 default log permanent 274 default a...

Page 40: ...pplicant 1018 dot1x keytransmit 1019 dot1x max auth fail 1020 dot1x max reauth req 1022 dot1x port control 1024 dot1x timeout tx period 1026 duplex 391 echo 339 ecofriendly led 196 edit filename 100 e...

Page 41: ...line 245 fiber monitoring enable 247 fiber monitoring interval 248 fiber monitoring sensitivity 249 findme 197 fingerprint trustpoint configuration mode 1297 flowcontrol switch port 393 flowcontrol ha...

Page 42: ...41 ip domain name 642 ip gratuitous arp link 620 ip igmp access group 752 ip igmp flood specific query 753 ip igmp immediate leave 754 ip igmp last member query count 755 ip igmp last member query int...

Page 43: ...me server 643 ip radius source interface 1218 ip redirects 622 ip rip authentication key chain 705 ip rip authentication mode 707 ip rip authentication string 710 ip rip receive version 713 ip rip rec...

Page 44: ...659 ipv6 multicast forward slow path packet 824 ipv6 multicast route limit 835 ipv6 multicast routing 836 ipv6 nd accept ra pinfo 660 ipv6 nd minimum ra interval 661 ipv6 nd raguard 663 ipv6 nd ra int...

Page 45: ...pe 1696 lldp reinit 1697 lldp run 1698 lldp timer 1699 lldp tlv select 1700 lldp transmit receive 1702 lldp tx delay 1703 location civic location configuration 1704 location civic location identifier...

Page 46: ...rmanent exclude 322 log permanent size 325 log permanent 318 log trustpoint 328 login authentication 1198 logout 75 log rate limit nsm 326 loop protection action 397 loop protection action delay time...

Page 47: ...32 maximum prefix 723 max static routes 202 max static routes 683 mirror interface 359 mkdir 105 mls qos cos 969 mls qos enable 970 mls qos map cos queue to 971 mls qos map premark dscp to 972 modelty...

Page 48: ...857 platform l3 vlan hashing algorithm 1140 platform load balancing 405 platform load balancing 563 platform mac vlan hashing algorithm 1141 platform stop unreg mc flooding 406 platform vlan stacking...

Page 49: ...r timeout 1226 reboot 204 recv buffer size RIP 728 redistribute RIP 729 region MSTP 488 reload 205 remark new cos 983 remark map 981 remote mirror interface 361 repeat 1818 restart rip graceful 730 re...

Page 50: ...t 1205 service advanced vty 152 service dhcp snooping 1346 service http 180 service password encryption 153 service power inline 590 service ssh 1776 service telnet 154 service terminal length deleted...

Page 51: ...container 1536 show atmf detail 1539 show atmf group members 1543 show atmf group 1541 show atmf guests detail 1547 show atmf guests 1545 show atmf links detail 1552 show atmf links guest detail 1563...

Page 52: ...ow clock 206 show counter log 329 show counter mail 1745 show counter ntp deprecated 1632 show counter ping poll 1860 show counter snmp server 1643 show cpu history 211 show cpu 208 show crypto key ho...

Page 53: ...w debugging mstp 490 show debugging platform packet 411 show debugging power inline 591 show debugging radius 1230 show debugging rip 736 show debugging sflow 1884 show debugging snmp 1647 show debugg...

Page 54: ...how interface brief 352 show interface err disabled 413 show interface memory 215 show interface memory 353 show interface status 355 show interface switchport 414 show interface 349 show ip access li...

Page 55: ...ing 1396 show ip sockets 631 show ip source binding 1368 show ip traffic 634 show ipv6 access list IPv6 Software ACLs 946 show ipv6 forwarding 671 show ipv6 interface brief 672 show ipv6 mif 845 show...

Page 56: ...415 show mac address table thrash limit 419 show mac address table 417 show mail 1746 show memory allocations 219 show memory history 221 show memory pools 222 show memory shared 223 show memory 217 s...

Page 57: ...595 show power inline interface detail 599 show power inline interface 597 show power inline 592 show privilege 156 show process 224 show proxy autoconfig file 1158 show radius local server group 1274...

Page 58: ...spanning tree mst config 496 show spanning tree mst detail interface 499 show spanning tree mst detail interface 504 show spanning tree mst detail 497 show spanning tree mst instance interface 502 sh...

Page 59: ...h support 233 show telnet 159 show test cable diagnostics tdr 261 show trigger 1823 show users 160 show version 122 show vlan access map 450 show vlan filter 451 show vlan private vlan 452 show vlan 4...

Page 60: ...ard root 525 spanning tree hello time 526 spanning tree link type 527 spanning tree max age 528 spanning tree max hops MSTP 529 spanning tree mode 530 spanning tree mst configuration 531 spanning tree...

Page 61: ...rm downtime 999 storm protection 1000 storm rate 1001 storm window 1002 subject name trustpoint configuration 1306 switchport access vlan 453 switchport atmf agentlink 1596 switchport atmf arealink re...

Page 62: ...port voice dscp 468 switchport voice vlan priority 471 switchport voice vlan 469 system territory deprecated 237 tacacs server host 1317 tacacs server key 1319 tacacs server timeout 1320 tcpdump 636 t...

Page 63: ...atmf 1607 undebug dot1x 1046 undebug epsr 1393 undebug igmp 794 undebug ip packet interface 638 undebug lacp 576 undebug loopprot 439 undebug mail 1747 undebug mstp 551 undebug ping poll 1870 undebug...

Page 64: ...7 0 x vlan database 474 vlan filter 475 vlan mode remote mirror vlan 368 vlan 472 vty access class numbered 939 vty ipv6 access class named 947 wait 340 write file 124 write memory 125 write terminal...

Page 65: ...C613 50163 01 Rev C Command Reference for GS970M Series 65 AlliedWare Plus Operating System Version 5 4 7 0 x Part 1 Setup and Troubleshooting...

Page 66: ...ference for the commands used to navigate between different modes This chapter also provides a reference for the help and show commands used to help navigate within the CLI Command List configure term...

Page 67: ...GATION COMMANDS CONFIGURE TERMINAL configure terminal Overview This command enters the Global Configuration command mode Syntax configure terminal Mode Privileged Exec Example To enter the Global Conf...

Page 68: ...EGED EXEC MODE disable Privileged Exec mode Overview This command exits the Privileged Exec mode returning the prompt to the User Exec mode To end a session use the exit command Syntax disable Mode Pr...

Page 69: ...ION COMMANDS DO do Overview This command lets you to run User Exec and Privileged Exec mode commands when you are in any configuration mode Syntax do command Mode Any configuration mode Example awplus...

Page 70: ...er privilege levels with the enable Privileged Exec mode command If the privilege level specified is higher than the users configured privilege level specified by the username command then the user is...

Page 71: ...N COMMANDS ENABLE PRIVILEGED EXEC MODE Privilege Exec mode Use the enable password command or the enable secret commands to set the password to enable access to Privileged Exec mode awplus enable 7 aw...

Page 72: ...other advanced command mode Syntax end Mode All advanced command modes including Global Configuration and Interface Configuration modes Example The following example shows the use of the end command t...

Page 73: ...used in User Exec mode the exit command terminates the session Syntax exit Mode All command modes including Global Configuration and Interface Configuration modes Example The following example shows...

Page 74: ...o display a description on how to use the system help use the command awplus help Output Figure 1 1 Example output from the help command When you need help at the command line press If nothing matches...

Page 75: ...Operating System Version 5 4 7 0 x CLI NAVIGATION COMMANDS LOGOUT logout Overview This command exits the User Exec or Privileged Exec modes and ends the session Syntax logout Mode User Exec and Privil...

Page 76: ...lists all command line entries including commands that returned an error For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Confi...

Page 77: ...lename To specify a file in the configs directory in Flash flash configs example cfg Copyingtoorfrom an SD or SDHC card card directory filename To specify a file in the top level directory of the SD c...

Page 78: ...enames Use hyphens or underscores instead Syntax for directory listings A leading slash indicates the root of the current filesystem location In commands where you need to specify the local filesystem...

Page 79: ...debug on page 96 dir on page 97 edit on page 99 edit filename on page 100 erase factory default on page 101 erase startup config on page 102 ip tftp source interface on page 103 ipv6 tftp source inter...

Page 80: ...e file and or configuration file from the external media An example of a valid autoboot txt file is shown in the following figure Figure 2 1 Example autoboot txt file Use the no variant of this comman...

Page 81: ...ck order see the File Management Feature Overview and Configuration Guide Examples To run the configuration file branch cfg stored on the device s Flash filesystem the next time the device boots up us...

Page 82: ...N MANAGEMENT COMMANDS BOOT CONFIG FILE To stop running the configuration file branch cfg stored on the device s SD card filesystem when the device boots up use the commands awplus configure terminal a...

Page 83: ...nagement Feature Overview and Configuration Guide Examples To set the configuration file backup cfg as the backup to the main configuration file use the commands awplus configure terminal awplus confi...

Page 84: ...f you attempt to setthereleasefileonan SD card and a backup release file is not specified in Flash the following error message is displayed Examples To boot up with the release GS970 5 4 7 0 1 rel fil...

Page 85: ...Configuration Examples To specify the file GS970 5 4 6 2 4 rel as the backup to the main release file use the commands awplus configure terminal awplus config boot system backup flash GS970 5 4 6 2 4...

Page 86: ...ION MANAGEMENT COMMANDS CD cd Overview This command changes the current working directory Syntax cd directory name Mode Privileged Exec Example To change to the directory called images use the command...

Page 87: ...d awplus copy sftp 10 0 1 2 new cfg bob key To use SCP with the username beth to copy the file old cfg into the directory config_files on a remote server that is listening on TCP port 2000 use the com...

Page 88: ...nfigtest cfg To copy the file config cfg into the current directory from a remote file server and rename it to configtest cfg use the command awplus copy fserver config cfg configtest cfg On an AMF ma...

Page 89: ...esystem Syntax copy current software destination name Mode Privileged Exec Example To copy the current software as installed in the working directory with the file name my release rel use the command...

Page 90: ...s scp tftp source name card debug flash nvs scp tftp Mode Privileged Exec Example To copy debug output to an SD or SDHC card with a filename my debug use the following command awplus copy debug card m...

Page 91: ...copy the running config as current cfg to the remote server listening on TCP port 2000 use the command awplus copy running config scp user server 2000 config_files current cfg Related Commands copy st...

Page 92: ...g as the file oldconfig cfg in the current directory use the command awplus copy startup config oldconfig cfg Related Commands copy running config Parameter Description source name The filename and pa...

Page 93: ...Minicom ZMODEM works over a serial connection and does not need any interfaces configured to do a file transfer Syntax copy source name zmodem copy zmodem Mode Privileged Exec Example To copy the loca...

Page 94: ...e keys and values that are expected in this file are correct After the file is created the create autoboot command will copy the current release and configuration files across to the external media Th...

Page 95: ...urrent directory use the command awplus delete force one cfg To delete the directory old_configs which is not empty use the command awplus delete recursive old_configs To delete the directory new_conf...

Page 96: ...fied debug output file Syntax delete debug source name Mode Privileged Exec Example To delete debug output use the following command awplus delete debug Output Figure 2 3 CLI prompt after entering the...

Page 97: ...awplus dir flash To list all the files in the root of the Flash filesystem use the command awplus dir all flash To list recursively the files in the Flash filesystem use the command awplus dir recursi...

Page 98: ...y size smallest to largest use the command awplus dir sort reverse size To sort the files by modification time oldest to newest use the command awplus dir sort reverse time Output Figure 2 4 Example o...

Page 99: ...ditor make sure your terminal terminal emulation program or Telnet client is 100 compatible with a VT100 terminal The editor uses VT100 control sequences to display text on the terminal For more infor...

Page 100: ...re your terminal terminal emulation program or Telnet client is 100 compatible with a VT100 terminal The editor uses VT100 control sequences to display text on the terminal Syntax edit filename Mode P...

Page 101: ...he backup release file license files The device is then rebooted and returned to its factory default condition The device can then be used for AMF automatic node recovery Syntax erase factory default...

Page 102: ...s when it boots up At the next restart the device loads the default configuration file default cfg If default cfg no longer exists then the device loads with the factory default configuration This pro...

Page 103: ...d is helpful in network configurations where TFTP traffic needs to traverse point to point links or subnets within your network and you do not want to propagate those point to point links through your...

Page 104: ...configurations where TFTP traffic needs to traverse point to point links or subnets within your network and you do not want to propagate those point to point links through your routing tables In thos...

Page 105: ...dir name Mode Privileged Exec Usage You cannot name a directory or subdirectory flash nvs usb card tftp scp sftp or http These keywords are reserved for tab completion when using various file commands...

Page 106: ...mp cfg to startup cfg use the command awplus move temp cfg startup cfg To move the file temp cfg from the root of the Flash filesystem to the directory myconfigs use the command awplus move temp cfg m...

Page 107: ...stination name card debug flash nvs Mode Privileged Exec Example To move debug outputonto anSD or SDHC card with a filename my debug use the following command awplus move debug card my debug Output Fi...

Page 108: ...us Operating System Version 5 4 7 0 x FILE AND CONFIGURATION MANAGEMENT COMMANDS PWD pwd Overview This command prints the current working directory Syntax pwd Mode Privileged Exec Example To print the...

Page 109: ...mples To remove the directory images from the top level of the Flash filesystem use the command awplus rmdir flash images To create a directory called level1 containing a subdirectory called level2 an...

Page 110: ...2 6 Example output from the show autoboot command Figure 2 7 Example output from the show autoboot command when an external media source is not present Related Commands autoboot enable create autoboo...

Page 111: ...image flash GS970 5 4 6 2 4 rel Default boot config flash default cfg Current boot config card my cfg file exists Backup boot config flash backup cfg file not found Autoboot status enabled Table 2 1...

Page 112: ...lated Commands autoboot enable boot config file backup boot system backup show autoboot Backup boot config The configuration file to use during the next boot cycle if the main configuration file canno...

Page 113: ...displays the contents of a specified file Syntax show file filename Mode Privileged Exec Example To display the contents of the file oldconfig cfg which is in the current directory use the command aw...

Page 114: ...5M flash rw flash static local Y system rw system virtual local 10 0M 9 8M debug rw debug static local Y 499 0K 431 0K nvs rw nvs static local Y tftp rw tftp network scp rw scp network sftp ro sftp n...

Page 115: ...ow file Prefixes The prefixes used when entering commands to access the filesystems one of flash system nvs card tftp scp sftp http S V D The memory type static virtual dynamic Lcl Ntwk Whether the me...

Page 116: ...ion full Display the running config for all features This is the default setting so it is the same as entering show running config feature Display only the configuration for a single feature The featu...

Page 117: ...6 route IPv6 static route configuration isakmp Internet Security Association Key Management Protocol ISAKMP configuration key chain Authentication key management configuration l2tp profile L2TP tunnel...

Page 118: ...config Related Commands copy running config show running config interface switch Switch configuration web control Web Control configuration Parameter Description awplus show running config service pas...

Page 119: ...0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of VLANs ports static channel groups or dynamic LACP channel groups separated by a hyphen e g vlan2 8 or p...

Page 120: ...se the command awplus show running config interface vlan1 To display the current running configuration of a device for VLANs 1 and 3 5 use the command awplus show running config interface vlan1 vlan3...

Page 121: ...Feature Overview and Configuration Guide Syntax show startup config Mode Privileged Exec Example To display the contents of the current start up configuration file use the command awplus show startup...

Page 122: ...All rights reserved c 2001 2003 Cambridge Broadband Ltd All rights reserved c 2003 Sun Microsystems Inc All rights reserved c 2003 2006 Sparta Inc All rights reserved c 2004 Cisco Inc and Information...

Page 123: ...c 2002 2004 MontaVista Software Inc All rights reserved Copyright c 2005 2010 Red Hat Inc File Utility Library Copyright c Ian F Darwin 1986 1987 1989 1992 1994 1995 Software written by Ian F Darwin a...

Page 124: ...d copies the running config into the file that is set as the current startup config file This command is a synonym of the write memory and copy running config startup config commands Syntax write file...

Page 125: ...and copies the running config into the file that is set as the current startup config file This command is a synonym of the write file and copy running config startup config commands Syntax write memo...

Page 126: ...MMANDS WRITE TERMINAL write terminal Overview This command displays the current configuration of the device This command is a synonym of the show running config command Syntax write terminal Mode Priv...

Page 127: ...meout on page 137 flowcontrol hardware asyn console on page 139 length asyn on page 141 line on page 142 privilege level on page 144 security password history on page 145 security password forced chan...

Page 128: ...x USER ACCESS COMMANDS show privilege on page 156 show security password configuration on page 157 show security password user on page 158 show telnet on page 159 show users on page 160 telnet on pag...

Page 129: ...rminal session exists on the line then the terminal session is terminated If console line settings have changed then the new settings are applied Syntax clear line console 0 Mode Privileged Exec Examp...

Page 130: ...LINE VTY clear line vty Overview This command resets a VTY line If a session exists on the line then it is closed Syntax clear line vty 0 32 Mode Privileged Exec Example To reset the first VTY line us...

Page 131: ...r to set a password for entering the Privileged Exec mode when using the enable Privileged Exec mode command There are three methods to enable a password In the examples below for each method note tha...

Page 132: ...d First use the enable password command to specify the string that you want to use as a password mypasswd Then use the service password encryption command to encrypt the specified string mypasswd The...

Page 133: ...ncrypted string and not the text string awplus configure terminal awplus config enable password 8 fU7zHzuutY2SA awplus config end This results in the following show output Related Commands enable Priv...

Page 134: ...entering the Privileged Exec mode when using the enable Privileged Exec mode command There are three methods to enable a password In the examples below for each method note that the configuration is d...

Page 135: ...use the enable password command to specify the string that you want to use as a password mypasswd Then use the service password encryption command to encrypt the specified string mypasswd The advanta...

Page 136: ...ed string and not the text string awplus configure terminal awplus config enable secret 8 fU7zHzuutY2SA awplus config end This results in the following show output Related Commands enable Privileged E...

Page 137: ...ore it times out An exec timeout 0 0 setting will cause the telnet session to wait indefinitely The command exec timeout 0 0 is useful while configuring a device but reduces device security If no inpu...

Page 138: ...C613 50163 01 Rev C Command Reference for GS970M Series 138 AlliedWare Plus Operating System Version 5 4 7 0 x USER ACCESS COMMANDS EXEC TIMEOUT Related Commands line service telnet...

Page 139: ...message is sent to the sending device to suspend the transmission until the data in the buffers has been processed Hardware flow control can be configured on terminal console lines e g asyn0 For Reve...

Page 140: ...control on terminal console line asyn0 use the commands awplus configure terminal awplus config line console 0 awplus config line flowcontrol hardware To disable hardware flow control on terminal con...

Page 141: ...er than the length of the line the output will be paused and the More prompt allows you to move to the next screen full of data A length of 0 will turn off pausing and data will be displayed to the co...

Page 142: ...To change the console asyn port speed use this line command to enter Line Configuration mode before using the speed asyn command Set the console speed Baud rate to match the transmission rate of the...

Page 143: ...To enter Line Configuration mode to configure the console asyn 0 port terminal line use the commands awplus configure terminal awplus config line console 0 awplus config line Related Commands accounti...

Page 144: ...xec and all User Exec commands However intermediate CLI security will not show configuration commands in Privileged Exec Examples To set the console connection to have the maximum privilege level use...

Page 145: ...ree most recent passwords use the command awplus configure terminal awplus config security password history 3 To allow the reuse of recent passwords use the command awplus configure terminal awplus co...

Page 146: ...lifetime command and the reject expired pwd feature must be disabled with the security password reject expired pwd command The no variant of the command disables this feature Syntax security password...

Page 147: ...me Default The default password lifetime is 0 which will disable the lifetime functionality Mode Global Configuration Example To configure the password lifetime to 10 days use the command awplus confi...

Page 148: ...imum number of categories should align with the lifetime selected i e the fewer categories specified the shorter the lifetime specified Syntax security password minimum categories 1 4 Default The defa...

Page 149: ...1 23 Default The default minimum password length is 1 Mode Global Configuration Example To configure the required minimum password length as 8 use the command awplus configure terminal awplus config...

Page 150: ...ed pwd in a default config file Note that when the reject expired pwd functionality is disabled and a user logs on with an expired password if the forced change feature is enabled with security passwo...

Page 151: ...which disables warning functionality Mode Global Configuration Example To configure a warning period of three days use the command awplus configure terminal awplus config security password warning 3 R...

Page 152: ...ure displays the possible options The no service advanced vty command disables the advanced vty help feature Syntax service advanced vty no service advanced vty Default The advanced vty help feature i...

Page 153: ...device displays passwords in the running config in encrypted form instead of in plain text Use the no service password encryption command to stop the device from displaying newly entered passwords in...

Page 154: ...ing telnet sessions will still be active Syntax service telnet ip ipv6 no service telnet ip ipv6 Default The IPv4 and IPv6 telnet servers are enabled by default The configured telnet port is TCP port...

Page 155: ...for GS970M Series 155 AlliedWare Plus Operating System Version 5 4 7 0 x USER ACCESS COMMANDS SERVICE TERMINAL LENGTH DELETED service terminal length deleted Overview This command has been deleted in...

Page 156: ...15 gives full user access to all Privileged Exec commands Syntax show privilege Mode User Exec and Privileged Exec Usage A user can have an intermediate CLI security level set with this command for p...

Page 157: ...security password rule configuration settings use the command awplus show security password configuration Output Figure 3 2 Example output from the show security password configuration command Relate...

Page 158: ...Exec Example To display the system users remaining lifetime or last password change use the command awplus show security password user Output Figure 3 3 Example output from the show security password...

Page 159: ...shows the Telnet server settings Syntax show telnet Mode User Exec and Privileged Exec Example To show the Telnet server settings use the command awplus show telnet Output Figure 3 4 Example output f...

Page 160: ...s command Line User Host s Idle Location Priv Idletime Timeout con 0 manager idle 00 00 00 ttyS0 15 10 N A vty 0 bob idle 00 00 03 172 16 11 3 1 0 5 Table 1 Parameters in the output of the show users...

Page 161: ...st example use the command awplus telnet host example To connect to the telnet server host example on TCP port 100 use the command awplus telnet host example 100 Parameter Description hostname The hos...

Page 162: ...y enabled then it will be restarted on the new port Changing the port number does not affect the port used by existing sessions Syntax telnet server 1 65535 default Mode Global Configuration Example T...

Page 163: ...specified by this command The default length will apply unless you have changed the length for some or all lines by using the length asyn command Syntax terminal length length terminal no length lengt...

Page 164: ...ed on the user s terminal Syntax terminal resize Mode User Exec and Privileged Exec Usage When the user s terminal size is changed then a remote session via SSH or TELNET adjusts the terminal size aut...

Page 165: ...lege levels if an enable password has been configured for the level the user tries to access and the user enters that password A user at privilege level 1 can access the majority of show commands A us...

Page 166: ...s To create the user bob with a privilege level of 15 for all show commands including show running configuration and show startup configuration and to access configuration commands in Privileged Exec...

Page 167: ...e Feature Licensing commands Feature Licensing enables you to use advanced features such as Layer 3 routing To see which Feature Licenses are available for your device see the AlliedWare Plus Datashee...

Page 168: ...mmand to make it specific to you when you initially add a license Once a license is added any change to the license label first requires removal of the license before adding a license again with a new...

Page 169: ...lied feature licenses label The license name to show information about This can be used instead of the index number to identify a specific license index index number The index number of the license to...

Page 170: ...C613 50163 01 Rev C Command Reference for GS970M Series 170 AlliedWare Plus Operating System Version 5 4 7 0 x FEATURE LICENSING COMMANDS SHOW LICENSE Related Commands license show license brief...

Page 171: ...ed Exec Examples To display a brief summary of information about all feature licenses use the command awplus show license feature brief Related Commands license show license Parameter Description feat...

Page 172: ...icensing commands For Software Version 5 4 6 2 x and later Subscription Licensing enables you to use OpenFlow To see the OpenFlow subscriptions for your device see the AlliedWare Plus Datasheet For st...

Page 173: ...nd license update online instead Syntax license update filename Mode Privileged Exec Usage You can download subscription licenses from the Allied Telesis Download Center in order to copy them onto the...

Page 174: ...pond for 10 or more seconds after typing the command a network routing or firewall configuration error is probably preventing the connection from establishing If this happens you can abort the command...

Page 175: ...licenses Syntax show license external Mode Privileged Exec Examples To show information about what subscription features the device is licensed for use the following command awplus show license exter...

Page 176: ...s Introduction Overview This chapter provides an alphabetical reference of commands used to configure the GUI For more information see the Getting Started with Alliedware Plus Command List atmf topolo...

Page 177: ...the GUI enabled by default Regular nodes not master or controller will always have it disabled Mode Global Configuration mode Usage This command is run from an AMF Master node Topology information ab...

Page 178: ...then enter the seconds If the GUI timeout is disabled a GUI session will remain active until you terminate it No idle time will be configured The same timeout period will apply to all GUI sessions log...

Page 179: ...slog sends the messages out as they come NOTE There is a difference between log event and log host messages Log event messages are sent out as they come by syslog Log host messages are set to wait for...

Page 180: ...ommand to enable the HTTP Hypertext Transfer Protocol service This service which is enabled by default is required to support the AlliedWare Plus GUI Java applet on a Java enabled browser Use the no v...

Page 181: ...iew This command shows the HTTP server settings Syntax show http Mode User Exec and Privileged Exec Example To show the HTTP server settings use the command awplus show http Output Figure 6 2 Example...

Page 182: ...n page 184 banner login system on page 186 banner motd on page 188 clock set on page 190 clock summer time date on page 191 clock summer time recurring on page 193 clock timezone on page 195 ecofriend...

Page 183: ...ory on page 221 show memory pools on page 222 show memory shared on page 223 show process on page 224 show reboot history on page 226 show router id on page 227 show system on page 228 show system env...

Page 184: ...dWare Plus version and build date is displayed at console login such as Mode Global Configuration Examples To configure a User Exec mode banner after login in this example to tell people to use the en...

Page 185: ...x SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER EXEC To remove the User Exec mode banner after login enter the following commands Related Commands banner login system banner motd awplus configu...

Page 186: ...he login banner Syntax banner login no banner login Default By default no login banner is displayed at console login Mode Global Configuration Examples To configure a login banner of Authorised users...

Page 187: ...63 01 Rev C Command Reference for GS970M Series 187 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER LOGIN SYSTEM Related Commands banner exec ban...

Page 188: ...ax banner motd motd text no banner motd Default By default the device displays the AlliedWare Plus OS version and build date when you login Mode Global Configuration Examples To configure a MotD banne...

Page 189: ...TION AND MONITORING COMMANDS BANNER MOTD Related Commands banner exec banner login system awplus enable awplus configure terminal Enter configuration commands one per line End with CNTL Z awplus confi...

Page 190: ...ffset to the local time NOTE If Network Time Protocol NTP is enabled then you cannot change the time or date using this command NTP maintains the clock automatically using an external time source If y...

Page 191: ...andard time and NZDT UTC 13 00 assummertime with thesummertimesetto begin on the 25th of September 2016 and end on the 2nd of April 2017 awplus config clock summer time NZDT date 25 sep 2 00 2016 2 ap...

Page 192: ...Command Reference for GS970M Series 192 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS CLOCK SUMMER TIME DATE Related Commands clock summer time recur...

Page 193: ...every year from now on start week Week of the month when summertime starts in the range 1 5 The value 5 indicates the last week that has the specified day in it for the specified month For example to...

Page 194: ...nition for New Zealand using NZST UTC 12 00 as the standard time and NZDT UTC 13 00 as summertime with summertime set to start on the last Sunday in September and end on the 1st Sunday in April use th...

Page 195: ...et to the local time Examples To set the timezone to New Zealand Standard Time with an offset from UTC of 12 hours use the command awplus config clock timezone NZST plus 12 To set the timezone to Indi...

Page 196: ...default Mode Global Configuration Usage When the eco friendly LED feature is enabled a change in port status will not affect the display of the associated LED When the eco friendly LED feature is dis...

Page 197: ...nd is used You can specify which interface or interfaces are flashed with the optional interface parameter Example To activate the Find Me feature for the default duration 60 seconds on all ports use...

Page 198: ...Command Reference for GS970M Series 198 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS FINDME To deactivate the Find Me feature use the following comma...

Page 199: ...work any device without a user defined hostname will automatically be assigned a name based on its MAC address To efficiently manage your network using AMF we strongly advise that you devise a naming...

Page 200: ...ating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS HOSTNAME NOTE When AMF is configured running the no hostname command will apply a hostname that is based on the MAC address...

Page 201: ...e following commands awplus config terminal awplus config max fib routes 2000 75 Parameter Description max fib routes This is the maximum number of routes that can be stored in the device s Forwarding...

Page 202: ...nd to set the maximum number of static routes to the default of 1000 static routes Syntax max static routes 1 1000 no max static routes Default The default number of static routes is the maximum numbe...

Page 203: ...ot1x nsm Mode Global Configuration and Privileged Exec Example To disable debugging for all features use the command awplus no debug all To disable all 802 1X debugging use the command awplus no debug...

Page 204: ...COMMANDS REBOOT reboot Overview This command halts the device and performs a cold restart also known as reload It displays a confirmation request before restarting Syntax reboot reload Mode Privileged...

Page 205: ...Command Reference for GS970M Series 205 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS RELOAD reload Overview This command performs the same function a...

Page 206: ...Oct 2016 01 56 06 0000 Timezone NZST Timezone Offset 12 00 Summer time zone NZDT Summer time starts Last Sunday in September at 02 00 00 Summer time ends First Sunday in April at 02 00 00 Summer time...

Page 207: ...ference for GS970M Series 207 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW CLOCK Related Commands clock set clock summer time date clock summer...

Page 208: ...Configuration Guide Syntax show cpu sort thrds pri sleep runtime Mode User Exec and Privileged Exec Examples To show the CPU utilization of current processes sorting them by the number of threads the...

Page 209: ...3 syslog ng 1 0 0 20 sleep 0 356 859 klogd 1 0 0 20 sleep 0 1 910 inetd 1 0 0 20 sleep 0 3 920 portmap 1 0 0 20 sleep 0 0 931 crond 1 0 0 20 sleep 0 1 1090 openhpid 11 0 0 20 sleep 0 233 1111 hpilogd...

Page 210: ...ds show memory show memory allocations show memory history show memory pools show process sleep Percentage of time that the process is in the sleep state runtime The time that the process has been run...

Page 211: ...d Configuration Guide Syntax show cpu history Mode User Exec and Privileged Exec Usage This command s output displays three graphs of the percentage CPU utilization per second for the last minute then...

Page 212: ...ORY Related Commands show memory show memory allocations show memory pools show process Per minute CPU load history 100 90 80 70 60 50 40 30 20 10 Oldest Newest CPU load per minute last 60 minutes ave...

Page 213: ...ged Exec Usage This command displays all debugging information similar to the way the show tech support command displays all show output for use by Allied Telesis authorized service personnel only Exa...

Page 214: ...friendly command awplus show ecofriendly Front panel port LEDs normal Energy efficient ethernet Port Name Configured Status port1 0 1 Port 1 off port1 0 2 off off port1 0 3 off port1 0 4 Port 4 off po...

Page 215: ...w interface port list memory Mode User Exec and Privileged Exec Example To display the shared memory used by all interfaces use the command awplus show interface memory To display the shared memory us...

Page 216: ...ef show interface status show interface switchport awplus show interface memory Vlan blocking state shared memory usage Interface shmid Bytes Used nattch Status port1 0 1 393228 512 1 port1 0 2 458766...

Page 217: ...rting order for the list of processes If you do not specify this then the list is sorted by percentage memory utilization size Sort by the amount of memory the process is currently using peak Sort by...

Page 218: ...in the output of the show memory command Parameter Description RAM total Total amount of RAM memory free free Available memory size buffers Memory allocated kernel buffers pid Identifier number for th...

Page 219: ...y the memory allocations used by all processes on your device use the command awplus show memory allocations Output Figure 7 9 Example output from the show memory allocations command Parameter Descrip...

Page 220: ...GS970M Series 220 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW MEMORY ALLOCATIONS Related Commands show memory show memory history show memory p...

Page 221: ...xec and Privileged Exec Usage This command s output displays three graphs of the percentage memory utilization per second for the last minute then per minute for the last hour then per 30 minutes for...

Page 222: ...the memory pools used by processes use the command awplus show memory pools Output Figure 7 11 Example output from the show memory pools command Related Commands show memory allocations show memory hi...

Page 223: ...Ware Plus Feature Overview and Configuration Guide Syntax show memory shared Mode User Exec and Privileged Exec Example To display information about the shared memory allocation used on the device use...

Page 224: ...how memory history Example To display a summary of the current running processes use the command awplus show process Output Figure 7 13 Example output from the show process command Parameter Descripti...

Page 225: ...of processes waiting for CPU time for the periods stated Current CPU load Current CPU utilization specified by load types RAM total Total memory size free Available memory buffers Memory allocated to...

Page 226: ...istory command Related Commands show tech support awplus show reboot history date time type description 2016 10 10 01 42 04 Expected User Request 2016 10 10 01 35 31 Expected User Request 2016 10 10 0...

Page 227: ...OUTER ID show router id Overview Use this command to show the Router ID of the current system Syntax show router id Mode User Exec and Privileged Exec Example To display the Router ID of the current s...

Page 228: ...ion Guide Syntax show system Mode User Exec and Privileged Exec Example To display configuration information use the command awplus show system Output Figure 7 16 Example output from show system Relat...

Page 229: ...Configuration Guide Syntax show system environment Mode User Exec and Privileged Exec Example To display the system s environmental status use the command awplus show system environment Output Figure...

Page 230: ...Plus Feature Overview and Configuration Guide Syntax show system interrupts Mode User Exec and Privileged Exec Example To display information about the number of interrupts for each IRQ in your device...

Page 231: ...SYSTEM MAC show system mac Overview This command displays the physical MAC address of the device Syntax show system mac Mode User Exec and Privileged Exec Example To display the physical MAC address e...

Page 232: ...tion for the device For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show system serialnumber Mode Us...

Page 233: ...hcpsn epsr firewall igmp ip ipv6 mld openflow ospf ospf6 pim rip ripng stack stp system tacacs update outfile filename Parameter Description all Display full information atmf Display ATMF specific inf...

Page 234: ...e already exists a newfilenameis generated withthe current timestamp If the output filename does not end with gz then gz is appended to the filename Since output files may be too large for Flash on th...

Page 235: ...figuration Usage This command is used to change the console asyn port speed Set the console speed to matchthetransmissionrateofthe device connectedto theconsole asyn port on your device Example To set...

Page 236: ...Reference for GS970M Series 236 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SPEED ASYN Related Commands clear line console line show running config...

Page 237: ...5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SYSTEM TERRITORY DEPRECATED system territory deprecated Overview This command has been deprecated in Software Version 5 4 4 0 1 and later It now...

Page 238: ...rminal or use the timeout option to stop displaying debugging output on the terminal after a set time Syntax terminal monitor 1 60 terminal no monitor Default Disabled Mode User Exec and Privileged Ex...

Page 239: ...Reference for GS970M Series 239 AlliedWare Plus Operating System Version 5 4 7 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS UNDEBUG ALL undebug all Overview This command applies the functionality...

Page 240: ...es in optical power received over fiber cables For more information see the Pluggables and Cabling Feature Overview and Configuration Guide Command List clear test cable diagnostics tdr on page 241 de...

Page 241: ...cable diagnostics tdr Overview Use this command to clear the results of the last cable test that was run Syntax clear test cable diagnostics tdr Mode Privileged Exec Examples To clear the results of...

Page 242: ...ec Privileged Exec Usage While debugging is enabled by this command for a port all the optical power readings for the port are sent to the console Example To enable debugging messages for active fiber...

Page 243: ...522 Fiber monitor port2 0 1 Channel 1 Reading 1748 Baseline 1708 Threshold 1356 01 42 52 awplus Pluggable 522 Fiber monitor port2 0 1 Channel 1 Reading 1717 Baseline 1709 Threshold 1357 01 42 54 awpl...

Page 244: ...only generates a log message Example To set the device to send an SNMP notification when ports 1 0 1 or 1 0 2 receive reduced power use the commands awplus config interface port1 0 1 1 0 2 awplus conf...

Page 245: ...caused by temperature fluctuations etc could lead to unnecessary alarms There are two ways to configure the baseline The first is to choose a number of readings to average This is the default and reco...

Page 246: ...Command Reference for GS970M Series 246 AlliedWare Plus Operating System Version 5 4 7 0 x PLUGGABLES AND CABLING COMMANDS FIBER MONITORING BASELINE Related Commands fiber monitoring interval fiber mo...

Page 247: ...ce or to remove all the configuration and state for the ports respectively Syntax fiber monitoring enable no fiber monitoring enable no fiber monitoring Default Active fiber monitoring is disabled by...

Page 248: ...e polling interval to the default 5 seconds Syntax fiber monitoring interval 2 60 no fiber monitoring interval Default The interval is set to 5 seconds by default Mode Interface configuration mode for...

Page 249: ...fined levels in decibels or to a fixed absolute delta in units of 0 0001mW The alarm thresholds can be seen in the show system fiber monitoring output The maximum absolute sensitivity configurable is...

Page 250: ...nce for GS970M Series 250 AlliedWare Plus Operating System Version 5 4 7 0 x PLUGGABLES AND CABLING COMMANDS FIBER MONITORING SENSITIVITY Related Commands fiber monitoring action fiber monitoring base...

Page 251: ...monitoring awplus show sys fiber monitoring Fiber Monitoring Status Reading units 0 0001mW Stack member 1 Interface port1 0 1 Status enabled Supported Supported pluggable Debugging disabled Interval 2...

Page 252: ...d sensitivity threshold for optical power changes on this port Baseline type How the baseline optical power level is calculated either the average of the specified number of previous readings or a spe...

Page 253: ...Rev C Command Reference for GS970M Series 253 AlliedWare Plus Operating System Version 5 4 7 0 x PLUGGABLES AND CABLING COMMANDS SHOW SYSTEM FIBER MONITORING fiber monitoring interval fiber monitorin...

Page 254: ...lled pluggable transceivers use the command awplus show system pluggable Output Figure 8 3 Example output from show system pluggable Parameter Description port list The ports to display information ab...

Page 255: ...gable transceiver Datecode Specifies the manufacturing datecode for the installed pluggable transceiver Checking the manufacturing datecode with the vendor may be useful when determining Laser Diode a...

Page 256: ...ggable detail command displays the following information SFP Laser Wavelength Specifies the laser wavelength of the installed pluggable transceiver Single mode Fiber Specifies the link length supporte...

Page 257: ...system pluggable detail for a specific port on a device awplus show system pluggable detail System Pluggable Information Detail Port1 0 9 Vendor Name ATI Device Name AT SP10SR Device Revision A Devic...

Page 258: ...velength of the installed pluggable transceiver Single Mode Fiber Specifies the link length supported by the pluggable transceiver using single mode fiber OM1 62 5um Fiber Specifies the link length in...

Page 259: ...Modern optical SFP transceivers support Digital Diagnostics Monitoring DDM functions Diagnostic monitoring features allow you to monitor real time parameters of the pluggable transceiver such as opti...

Page 260: ...283 3 800 2 800 3 500 3 100 Tx Bias mA Low 15 440 0 440 Low 12 440 2 440 Tx Power mW 0 357 Low 1 175 0 200 Low 0 933 0 251 Rx Power mW Low 1 259 0 049 Low 1 000 0 062 Rx LOS Rx Down Table 9 Parameters...

Page 261: ...tometer on a fixed copper cable port The displayed status of the cable can be either OK Open Short within pair Short across pair Error Syntax show test cable diagnostics tdr Mode Privileged Exec Examp...

Page 262: ...The displayed status of the cable can be either OK Short within pair or Open The Open or Short status is accompanied with the distance from the source port to the incorrect termination Syntax test cab...

Page 263: ...on page 267 clear log permanent on page 268 default log buffered on page 269 default log console on page 270 default log email on page 271 default log host on page 272 default log monitor on page 273...

Page 264: ...source on page 309 log host time on page 310 log monitor filter on page 312 log monitor exclude on page 315 log permanent on page 318 log permanent filter on page 319 log permanent exclude on page 32...

Page 265: ...ating System Version 5 4 7 0 x LOGGING COMMANDS CLEAR EXCEPTION LOG clear exception log Overview This command resets the contents of the exception log but does not remove the associated core files Syn...

Page 266: ...GGING COMMANDS CLEAR LOG clear log Overview This command removes the contents of the buffered and permanent logs Syntax clear log Mode Privileged Exec Example To delete the contents of the buffered an...

Page 267: ...buffered Overview This command removes the contents of the buffered log Syntax clear log buffered Mode Privileged Exec Example To delete the contents of the buffered log use the following commands awp...

Page 268: ...Overview This command removes the contents of the permanent log Syntax clear log permanent Mode Privileged Exec Example To delete the contents of the permanent log use the following commands awplus cl...

Page 269: ...the buffered log is 50 kB and it accepts messages with the severity level of warnings and above Syntax default log buffered Default The buffered log is enabled by default Mode Global Configuration Ex...

Page 270: ...sages sent to the terminal when a log console command is issued By default all messages are sent to the console when a log console command is issued Syntax default log console Mode Global Configuratio...

Page 271: ...ill be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log email email address Mode Global Configuration Example To restore the default set...

Page 272: ...ges will be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log host ip addr Mode Global Configuration Example To restore the default setti...

Page 273: ...sent to the terminal when a terminal monitor command is used Syntax default log monitor Default All messages are sent to the terminal when a terminal monitor command is used Mode Global Configuration...

Page 274: ...manent log is 50 kB and it accepts messages with the severity level of warnings and above Syntax default log permanent Default The permanent log is enabled by default Mode Global Configuration Example...

Page 275: ...be deleted to make way for new ones Syntax log buffered no log buffered Default The buffered log is configured by default Mode Global Configuration Examples To configured the device to store log mess...

Page 276: ...e minimum severity of message to send to the buffered log The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emerg...

Page 277: ...awplus config log buffered msgtext Bridging initialization imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protecti...

Page 278: ...og use the following commands awplus configure terminal awplus config no log buffered level notices program epsr To remove a filter that sends all messages containing the text Bridging initialization...

Page 279: ...Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is...

Page 280: ...Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the following syslo...

Page 281: ...1 Rev C Command Reference for GS970M Series 281 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG BUFFERED EXCLUDE log buffered log buffered filter log buffered size show log sho...

Page 282: ...ion has been filled old messages will be deleted to make room for new messages Syntax log buffered size 50 250 Mode Global Configuration Example To allow the buffered log to use up to 100 kB of RAM us...

Page 283: ...the no variant of this command to configure the device not to send log messages to consoles Syntax log console no log console Mode Global Configuration Examples To configure the device to send log me...

Page 284: ...rs or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error...

Page 285: ...sends all messages generated by EPSR that have a severity of notices or higher to consoles use the following commands awplus configure terminal awplus config no log console level notices program epsr...

Page 286: ...COMMANDS LOG CONSOLE FILTER To remove a default filter that includes sending critical alert and emergency level messages to the console use the following commands awplus configure terminal awplus con...

Page 287: ...text string Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names...

Page 288: ...SH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the...

Page 289: ...C613 50163 01 Rev C Command Reference for GS970M Series 289 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG CONSOLE EXCLUDE log console filter show log config...

Page 290: ...ss Default By default no filters are defined for email log targets Filters must be defined before messages will be sent Mode Global Configuration Example To have log messages emailed to the email addr...

Page 291: ...The email address to send logging messages to level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level...

Page 292: ...alization imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection dhcpsn...

Page 293: ...ing commands awplus configure terminal awplus config no log email admin homebase com To remove a filter that sends all messages generated by EPSR that have a severity of notices or higher to the email...

Page 294: ...msgtext text string Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or leve...

Page 295: ...psr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the fol...

Page 296: ...C613 50163 01 Rev C Command Reference for GS970M Series 296 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG EMAIL EXCLUDE log email filter log email time show log config...

Page 297: ...d Use the offset option if the email recipient is in a different time zone to this device Specify the time offset of the email recipient in hours Messages will display the time they were generated on...

Page 298: ...information converted to the time zone of the email recipient which is 3 hours ahead of the device s local time zone use the following commands awplus configure terminal awplus config log email admin...

Page 299: ...l Configuration Usage Specifying different facilities for log messages generated on different devices can allow messages from multiple devices sent to a common server to be distinguished from each oth...

Page 300: ...lity local6 Related Commands show log config ftp FTP daemon local 0 7 The facility labels above have specific meanings while the local facility labels are intended to be put to local use In AlliedWare...

Page 301: ...chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application The remote server may also request that a certificate is transmitted from the lo...

Page 302: ...C613 50163 01 Rev C Command Reference for GS970M Series 302 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG HOST log host time log trustpoint show log config...

Page 303: ...e IP address of a remote syslog server level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level names w...

Page 304: ...21 msgtext Bridging initialization imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection dhcpsn DHCP snooping D...

Page 305: ...use the following commands awplus configure terminal awplus config no log host 10 32 16 21 level notices program epsr To remove a filter that sends all messages containing the text Bridging initializa...

Page 306: ...t string Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names wher...

Page 307: ...r Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the follo...

Page 308: ...3 50163 01 Rev C Command Reference for GS970M Series 308 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG HOST EXCLUDE log host filter log host source log host time show log con...

Page 309: ...no variant of this command to stop specifying a source interface or address Syntax log host source interface name ipv4 addr ipv6 addr no log host source Default None no source is configured Mode Globa...

Page 310: ...remote syslog server in hours Messages will display the time they were generated on this device but converted to the time zone of the remote syslog server Examples To send messages to the remote sysl...

Page 311: ...ime zone use the following commands awplus configure terminal awplus config log host 10 32 16 12 time local offset plus 3 To send messages to the remote syslog server with the IP address 10 32 16 02 w...

Page 312: ...ollowing numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3...

Page 313: ...of notices or higher to the terminal use the following commands awplus configure terminal awplus config no log monitor level notices program epsr rmon Remote Monitoring loopprot Loop Protection dhcps...

Page 314: ...7 0 x LOGGING COMMANDS LOG MONITOR FILTER To remove a default filter that includes sending everything to the terminal use the following commands awplus configure terminal awplus config no log monitor...

Page 315: ...t text string Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names...

Page 316: ...IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of...

Page 317: ...C613 50163 01 Rev C Command Reference for GS970M Series 317 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG MONITOR EXCLUDE show log config terminal monitor...

Page 318: ...to make way for new messages The no variant of this command configures the device not to send any messages to the permanent log Log messages will not be retained over a restart Syntax log permanent n...

Page 319: ...level The minimum severity of message to send The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies Syste...

Page 320: ...e the following commands awplus configure terminal awplus config log permanent msgtext Bridging initialization epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protect...

Page 321: ...Series 321 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG PERMANENT FILTER Related Commands clear log permanent default log permanent log permanent log permanent exclude log p...

Page 322: ...ion level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity...

Page 323: ...Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the follow...

Page 324: ...1 Rev C Command Reference for GS970M Series 324 AlliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG PERMANENT EXCLUDE log permanent filter log permanent size show log config show l...

Page 325: ...n filled old messages will be deleted to make room for new messages Syntax log permanent size 50 250 Mode Global Configuration Example To allow the permanent log to use up to 100 kB of NVS use the fol...

Page 326: ...his log rate limiting feature constrains the rate that log messages are generated by the device Notethatif withinthe giventimeinterval thenumberoflogmessages exceeds the limit then any excess log mess...

Page 327: ...lliedWare Plus Operating System Version 5 4 7 0 x LOGGING COMMANDS LOG RATE LIMIT NSM To return the device the default setting to generate up to 200 log messages per second use the following commands...

Page 328: ...he certificate received from the remote server must have an issuer chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoi...

Page 329: ...ceived P4 32 Total Received P5 312 Total Received P6 1602 Total Received P7 372 Table 10 Parameters in output of the show counter log command Parameter Description Total Received Total number of messa...

Page 330: ...displays the contents of the exception log Syntax show exception log Mode User Exec and Privileged Exec Example To display the exception log use the command awplus show exception log Output Figure 9 2...

Page 331: ...tion Usage If the optional tail parameter is specified only the latest 10 messages in the buffered log are displayed A numerical value can be specified after the tail parameter to select how many of t...

Page 332: ...notice awplus kernel Linux version 2 6 32 12 at1 mak er awpmaker03 dl gcc version 4 3 3 Gentoo 4 3 3 r3 p1 2 pie 10 1 5 1 Wed Dec 8 11 53 40 NZDT 2010 2011 Aug 29 07 55 22 kern warning awplus kernel...

Page 333: ...ple To display the logging configuration use the command awplus show log config Output Figure 9 4 Example output from the show log config command Facility default PKI trustpoints example_trustpoint Bu...

Page 334: ...annot be set at the same time If console logging is enabled then the terminal logging is turned off Related Commands show counter log show log show log permanent Host 10 32 16 21 Time offset 2 00 Offs...

Page 335: ...t Output Figure 9 5 Example output from the show log permanent command Related Commands clear log permanent default log permanent log permanent log permanent filter log permanent exclude log permanent...

Page 336: ...IG LOG show running config log Overview This command displays the current running configuration of the Log utility Syntax show running config log Mode Privileged Exec and Global Configuration Example...

Page 337: ...e for GS970M Series 337 AlliedWare Plus Operating System Version 5 4 7 0 x Scripting Commands Introduction Overview This chapter provides commands used for command scripts Command List activate on pag...

Page 338: ...filename extension of either sh or scp only for the AlliedWare Plus CLI to activate the script file The sh filename extension indicates the file is an ASH script and the scp filename extension indica...

Page 339: ...to the terminal followed by a blank line Syntax echo line Mode User Exec and Privileged Exec Usage This command may be useful in CLI scripts to make the script print user visible comments Example To e...

Page 340: ...m the command line Usage Use this command to pause script execution in an scp AlliedWare Plus script or an sh ASH script file executed by the activate command The script must contain an enable command...

Page 341: ...chapter provides an alphabetical reference of commands used to configure and display interfaces Command List description interface on page 342 interface to configure on page 343 mru on page 345 mtu o...

Page 342: ...nd to add a description to a specific port or interface Syntax description description Mode Interface Configuration Example The following example uses this command to describe the device that a switch...

Page 343: ...bility and simplify management information gathering and filtering One example of this increased reliability is for OSPF to advertise a local loopback interface as an interface route into the network...

Page 344: ...0 x INTERFACE COMMANDS INTERFACE TO CONFIGURE The following example shows how to enter Interface mode to configure the local loopback interface awplus configure terminal awplus config interface lo aw...

Page 345: ...g additional components Source and Destination addresses EtherType field Priority and VLAN tag fields FCS These additional components increase the frame size internally to 1522 bytes Syntax mru mru si...

Page 346: ...AlliedWare Plus Operating System Version 5 4 7 0 x INTERFACE COMMANDS MRU To restore the MRU size of 1500 bytes on port1 0 2 use the commands awplus configure terminal awplus config interface port1 0...

Page 347: ...device will send an ICMP destination unreachable 3 packet type and a fragmentation needed and DF set 4 code back to the source For IPv6 packets bigger than the MTU size of the transmitting VLAN inter...

Page 348: ...C613 50163 01 Rev C Command Reference for GS970M Series 348 AlliedWare Plus Operating System Version 5 4 7 0 x INTERFACE COMMANDS MTU Related Commands show interface...

Page 349: ...ize for VLAN interfaces and MRU Maximum Received Unit size for switch ports Example To display configuration and status information for all interfaces use the command awplus show interface Parameter D...

Page 350: ...ash limiting Status Not Detected Action learn disable Timeout 1 s Hardware is Ethernet address is 001a eb54 f3ae index 5001 metric 1 mru 1500 configured duplex auto configured speed auto configured po...

Page 351: ...ING MULTICAST SNMP link status traps Disabled Bandwidth 1g input packets 295606 bytes 56993106 dropped 5 multicast packets 156 output packets 299172 bytes 67379392 multicast packets 0 broadcast packet...

Page 352: ...c and Privileged Exec Output Figure 11 4 Example output from the show interface brief command Related Commands show interface show interface memory awplus show int brief Interface Status Protocol port...

Page 353: ...ort list memory Mode User Exec and Privileged Exec Example To display the shared memory used by all interfaces use the command awplus show interface memory To display the shared memory used by port1 0...

Page 354: ...rface status show interface switchport awplus show interface memory Vlan blocking state shared memory usage Interface shmid Bytes Used nattch Status port1 0 1 393228 512 1 port1 0 2 458766 512 1 port1...

Page 355: ...separated by a hyphen e g port1 0 1 1 0 6 or sa1 2 or po1 2 a comma separated list of ports and port ranges e g port1 0 1 port1 0 4 1 0 6 Do not mix switch ports static channel groups and dynamic LAC...

Page 356: ...ate promiscuous it displays the primary VLAN ID if it has one and promiscuous if it does not have a VLAN ID When the VLAN mode is private host it displays the primary and secondary VLAN IDs When the p...

Page 357: ...regator and its component ports as admin down While the aggregator is down the device accepts shutdown and no shutdown commands on component ports but these have no effect on port status Ports will no...

Page 358: ...rence of commands used to configure Port Mirroring and Remote Mirroring also known as RSPAN For more information see the Mirroring Feature Overview and Configuration Guide Command List mirror interfac...

Page 359: ...e source switch ports to mirror A port list can be a port e g port1 0 2 a continuous range of ports separated by a hyphen e g port1 0 1 1 0 2 a comma separated list of ports and port ranges e g port1...

Page 360: ...d to mirror a subset of traffic from the mirrored port by using the copy to mirror parameter in hardware ACL commands Example To mirror traffic received and transmitted on port1 0 4 and port1 0 5 to d...

Page 361: ...o remote mirror interface port list direction receive transmit no remote mirror interface none Default No ports are set to be remote mirrored by default Mode Interface Configuration Usage To prevent u...

Page 362: ...he source device for remote mirroring remote mirror interface command All mirrored ports on a single device must use the same remote mirror VLAN and priority Access control lists can be used to mirror...

Page 363: ...tput Figure 12 1 Example output from the show mirror command Mirror Test Port Name port1 0 1 Mirror option Enabled Mirror direction both Monitored Port Name port1 0 2 Mirror Test Port Name port1 0 3 M...

Page 364: ...ce port Mode User Exec Privileged Exec and Interface Configuration Example To display port mirroring configuration for the port1 0 4 use the following commands awplus configure terminal awplus config...

Page 365: ...User priority 0 Monitored ports port1 0 1 direction both Remote mirror egress ports Remote mirror VLANs VLAN 259 Table 12 1 Parameters in the output from show remote mirror Parameter Description Remo...

Page 366: ...ror vlan Remote mirror egress ports On the destination device this displays the remote mirror egress ports the remote mirror VLANs they are associated with Remote mirror VLANs On source destination an...

Page 367: ...rored traffic we recommend configuring remote monitoring on the receiving device before configuring it on the source device This command would typically be used for the port that transmits the remote...

Page 368: ...onfiguring the source device The remote mirror VLAN operates in a special mode all traffic on the remote mirror VLAN is flooded and no learning or CPU processing is done for packets in the VLAN BPDU p...

Page 369: ...63 01 Rev C Command Reference for GS970M Series 369 AlliedWare Plus Operating System Version 5 4 7 0 x PORT MIRRORING AND REMOTE MIRRORING COMMANDS VLAN MODE REMOTE MIRROR VLAN switchport remote mirro...

Page 370: ...Plus Operating System Version 5 4 7 0 x Interface Testing Commands Introduction Overview This chapter provides an alphabetical reference of commands used for testing interfaces Command List clear test...

Page 371: ...ax clear test interface port list all Mode Privileged Exec Examples To clear the counters for port1 0 1 use the command awplus clear test interface port1 0 1 To clear the counters for all interfaces u...

Page 372: ...ter entering this command enter Interface Configuration mode for the desired interfaces and enter the command test interface Do not test interfaces on a device that is part of a live network disconnec...

Page 373: ...eed 100 NOTE Do not run test interface on live networks because this will degrade network performance Syntax test interface port list all time 1 60 cont no test interface port list all Mode Privileged...

Page 374: ...d enter the following commands awplus config service test awplus config no spanning tree rstp enable bridge forward awplus config interface vlan1 awplus config if shutdown awplus config if end awplus...

Page 375: ...C613 50163 01 Rev C Command Reference for GS970M Series 375 AlliedWare Plus Operating System Version 5 4 7 0 x Part 2 Interfaces and Layer 2...

Page 376: ...on page 380 clear mac address table dynamic on page 381 clear mac address table static on page 383 clear port counter on page 384 clear port security intrusion on page 385 debug loopprot on page 388...

Page 377: ...3 show interface switchport on page 414 show loop protection on page 415 show mac address table on page 417 show mac address table thrash limit on page 419 show platform on page 420 show platform clas...

Page 378: ...plex mode The flow control applied by the flowcontrol switch port command operates only on full duplex links whereas back pressure operates only on half duplex links If a port has insufficient capacit...

Page 379: ...ion 5 4 7 0 x SWITCHING COMMANDS BACKPRESSURE Todisablebackpressureflowcontroloninterfaceport1 0 2enterthefollowing commands awplus configure terminal awplus config interface port1 0 2 awplus config i...

Page 380: ...e Loop Protection counters Syntax clear loop protection interface port list counters Mode Privileged Exec Examples To clear the counter information for all interfaces awplus clear loop protection coun...

Page 381: ...mac address table static command Note that an MSTP instance cannot be specified with the command clear mac address table static Examples This example shows how to clear all dynamically learned filteri...

Page 382: ...C ADDRESS TABLE DYNAMIC This example shows how to clear all dynamically learned filtering database entries whenlearnedthroughdeviceoperationforagivenMSTP instance1 on switchport interface port1 0 2 aw...

Page 383: ...r all filtering database entries for a specific interface configured through the CLI awplus clear mac address table static interface port1 0 3 This example shows how to clear filtering database entrie...

Page 384: ...RT COUNTER clear port counter Overview Use this command to clear the packet counters of the port Syntax clear port counter port Mode Privileged Exec Example To clear the packet counter for port1 0 1 u...

Page 385: ...trusion interface port Mode Privileged Exec Examples To see the port security status on port1 0 1 use the following command awplus show port security interface port1 0 1 To see the intrusion list on p...

Page 386: ...wplus show port security intrusion interface port1 0 1 Table 2 Example output from the show port security intrusion command awplus show port security intrusion interface port1 0 1 Port Security Intrus...

Page 387: ...rating System Version 5 4 7 0 x SWITCHING COMMANDS CLEAR PORT SECURITY INTRUSION Related Commands show port security interface show port security intrusion switchport port security switchport port sec...

Page 388: ...opprot info msg pkt state nsm all Mode Privileged Exec and Global Configuration Example To enable debug for all state transitions use the command awplus debug loopprot state Related Commands show debu...

Page 389: ...ace packets sent and received by the CPU If a timeout is not specified then a default 5 minute timeout will be applied If a timeout of 0 is specified packet debug will be generated until the no varian...

Page 390: ...f 5 minutes enter awplus debug platform packet sflow To enable send packet debug with no timeout enter awplus debug platform packet send timeout 0 To enable VLAN packet debug for VLAN 2 with a timeout...

Page 391: ...LACP channel group must have the same port speed and be in full duplex mode Once switch ports have been aggregated into a channel group you can set the duplex mode of all the switch ports in the chan...

Page 392: ...C613 50163 01 Rev C Command Reference for GS970M Series 392 AlliedWare Plus Operating System Version 5 4 7 0 x SWITCHING COMMANDS DUPLEX Related Commands backpressure polarity speed show interface...

Page 393: ...and cannot receive any more traffic it notifies the other port to stop sending until the condition clears When the local device detects congestion at its end it notifies the remote device by sending a...

Page 394: ...nterface port1 0 2 awplus config if flowcontrol receive on awplus configure terminal awplus config interface port1 0 2 awplus config if flowcontrol send on awplus configure terminal awplus config inte...

Page 395: ...ll shut down Use the no variant of this command to disable flapping detection at this rate Syntax linkflap action shutdown no linkflap action Default Linkflap action is disabled by default Mode Global...

Page 396: ...verview and Configuration Guide for relevant conceptual configuration and overview information prior to applying this command Example To enable the loop detect mechanism on the switch and generate loo...

Page 397: ...nd overview information prior to applying this command Example To disable the interface port1 0 4 and bring the link down when a network loop is detected use the commands awplus configure terminal awp...

Page 398: ...o variant of this command to reset the loop protection action delay time for an interface to default Syntax loop protection action delay time 0 86400 no loop protection action Default Action delay tim...

Page 399: ...rotection section in the Switching Feature Overview and Configuration Guide for relevant conceptual configuration and overview information prior to applying this command Example To configure a loop pr...

Page 400: ...ress table acquire Overview Use this command to enable MAC address learning on the device Use the no variant of this command to disable learning Syntax mac address table acquire no mac address table a...

Page 401: ...fault of 300 seconds 5 minutes Syntax mac address table ageing time ageing timer none no mac address table ageing time Default The default ageing time is 300 seconds Mode Global Configuration Examples...

Page 402: ...c address table logging no mac address table logging Default MAC address table logging is disabled by default Mode User Exec Privileged Exec Usage When MAC address table logging is enabled the switch...

Page 403: ...hed traffic within a single VLAN Do not apply the mac address table static command to Layer 3 switched traffic passing from one VLAN to another VLAN Frames will not be discarded across VLANs because p...

Page 404: ...able thrash limiting Syntax mac address table thrash limit rate no mac address table thrash limit Default No thrash limiting Mode Global Configuration Usage Use this command to limit thrashing on the...

Page 405: ...ad balancing Default The default is src dst ip Mode Global configuration Examples To set the load balancing algorithm to include only Layer 2 MAC addresses enter awplus configure terminal awplus confi...

Page 406: ...g mc flooding no platform stop unreg mc flooding Default This feature is disabled by default Mode Global Configuration Usage This command stops the periodic flooding of unknown or unregistered multica...

Page 407: ...To enable this feature and stop multicast packet flooding use the following commands awplus configure terminal awplus config platform stop unreg mc flooding To disable this feature and allow multicas...

Page 408: ...nd 1522 bytes you must increase the MRU size to activate VLAN stacking Go into interface mode for the appropriate ports and use the mru command Syntax platform vlan stacking tpid tpid no platform vlan...

Page 409: ...ty applies to copper 10BASE T 100BASE T and 1000BASE T switch ports it does not apply to fiber ports See the MDI MDIX Connection Modes section in the Switching Feature Overview and Configuration Guide...

Page 410: ...NDS SHOW DEBUGGING LOOPPROT show debugging loopprot Overview This command shows Loop Protection debugging information Syntax show debugging loopprot Mode User Exec and Privileged Exec Example To displ...

Page 411: ...show debugging platform packet Overview This command shows platform to CPU level packet debugging information Syntax show debugging platform packet Mode User Exec and Privileged Exec Example To displa...

Page 412: ...flowcontrol interface port Mode User Exec and Privileged Exec Example To display the flow control for the port1 0 5 use the command awplus show flowcontrol interface port1 0 5 Output Figure 14 1 Examp...

Page 413: ...ocols responsible for the shutdown Syntax show interface interface range err disabled Mode User Exec and Privileged Exec Example To show which protocols have shut down ports use the commands awplus sh...

Page 414: ...ivileged Exec Example To display VLAN information about each switch port enter the command awplus show interface switchport Output Figure 14 3 Example output from the show interface switchport command...

Page 415: ...guration status use the command awplus show loop protection Figure 14 4 Example output from the show loop protection command To display the counter information use the command awplus show loop protect...

Page 416: ...liedWare Plus Operating System Version 5 4 7 0 x SWITCHING COMMANDS SHOW LOOP PROTECTION awplus show loop protection counters Switch Loop Detection Counter Interface Tx Rx Rx Invalid Last LDF Rx port1...

Page 417: ...ample output captured when packets were switched and mac addresses were learned Note the new mac addresses learned for port1 0 4 and port1 0 6 added as dynamic entries Note the first column of the out...

Page 418: ...lear mac address table static mac address table static awplus config mac address table static 0000 1111 2222 for int port1 0 3 vlan 2 awplus config end awplus awplus show mac address table VLAN Port M...

Page 419: ...nd to display the current thrash limit set for all interfaces on the device Syntax show mac address table thrash limit Mode User Exec and Privileged Exec Example To display the current use the followi...

Page 420: ...form command awplus show platform MAC vlan hashing algorithm crc32l L3 hashing algorithm crc32l stop unreg mc flooding off Vlan stacking TPID 0x8100 Table 5 Parameters in the output of the show platfo...

Page 421: ...th the platform stop unreg mc flooding command This feature prevents flooding of unregistered multicast packets in the occasional situations in which IGMP snooping does not prevent it Vlan stacking TP...

Page 422: ...represents of the total available Syntax show platform classifier statistics utilization brief Mode Privileged Exec Example To display the platform classifier utilization statistics use the following...

Page 423: ...ples To display port registers for port1 0 1 and port1 0 2 use the following command awplus show platform port port1 0 1 port1 0 2 To display platform counters for port1 0 1 and port1 0 2 use the foll...

Page 424: ...on for lport 0x08002002 Phy Driver 542XX Gigabit PHY Driver enabled 1 loopback 0 link 1 speed 1000 max speed 1000 duplex 1 linkscan 2 autonegotiate 1 master 2 tx pause 0 rx pause 0 untagged vlan 4000...

Page 425: ...tet packets received and transmitted General Counters Receive Counters for traffic received Octets Number of octets received Pkts Number of packets received FCSErrors Number of FCS Frame Check Sequenc...

Page 426: ...rral Frame counter FrmWExcesDefer Transmit Multiple Deferral Frame counter SingleCollsnFrm Transmit Single Collision Frame counter MultCollsnFrm Transmit Multiple Collision Frame counter LateCollision...

Page 427: ...Figure 14 10 Example output from the show port security interface command Related Commands clear port security intrusion show port security intrusion switchport port security switchport port security...

Page 428: ...security intrusion interface port1 0 1 Output Figure 14 11 Example output from the show port security intrusion command for port 1 0 1 Related Commands clear port security intrusion show port securit...

Page 429: ...er Exec and Privileged Exec Example To display storm control information for port1 0 2 use the following command awplus show storm control port1 0 2 Output Figure 14 12 Example output from the show st...

Page 430: ...peed except for 100Base FX ports which do not support auto negotiation so default to 100Mbps Usage Switch ports in a static or dynamic LACP channel group must have the same port speed and be in full d...

Page 431: ...0 2 awplus config if speed auto To set the port to auto negotiate its speed at 100Mbps and 1000Mbps enter the following commands awplus configure terminal awplus config interface port1 0 2 awplus con...

Page 432: ...ode Interface Configuration Usage Flooding techniques are used to block the forwarding of unnecessary flooded traffic A packet storm occurs when a large number of broadcast packets are received on a p...

Page 433: ...ntax switchport port security no switchport port security Mode Interface Configuration Examples To enable the port security feature on port1 0 4 use the following commands awplus configure terminal aw...

Page 434: ...Examples To set port1 0 4 so that the MAC addresses that have been learned by port security age out use the following commands awplus configure terminal awplus config interface port1 0 4 awplus confi...

Page 435: ...it will be ignored and the specified intrusion action for the port will be carried out Syntax switchport port security maximum 0 256 no switchport port security maximum Mode Interface Configuration Ex...

Page 436: ...iolation action to default The default violation action is protect Syntax switchport port security violation shutdown restrict protect no switchport port security violation Mode Interface Configuratio...

Page 437: ...ing this command Examples To set the action to learn disable for port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if thrash limiting actio...

Page 438: ...set the thrash limiting action to its default use the following command awplus config if no thrash limiting action To set the thrash limiting timeout to its default use the following command awplus c...

Page 439: ...mmand Reference for GS970M Series 439 AlliedWare Plus Operating System Version 5 4 7 0 x SWITCHING COMMANDS UNDEBUG LOOPPROT undebug loopprot Overview This command applies the functionality of the no...

Page 440: ...ence for GS970M Series 440 AlliedWare Plus Operating System Version 5 4 7 0 x SWITCHING COMMANDS UNDEBUG PLATFORM PACKET undebug platform packet Overview This command applies the functionality of the...

Page 441: ...orwarding priority on page 448 show vlan on page 449 show vlan access map on page 450 show vlan filter on page 451 show vlan private vlan on page 452 switchport access vlan on page 453 switchport mode...

Page 442: ...dWare Plus Operating System Version 5 4 7 0 x VLAN COMMANDS switchport voice dscp on page 468 switchport voice vlan on page 469 switchport voice vlan priority on page 471 vlan on page 472 vlan access...

Page 443: ...Configuration_Guide Syntax port vlan forwarding priority epsr loop protection none no port vlan forwarding priority Default By default the highest priority protocol is EPSR Mode Global Configuration U...

Page 444: ...data VLAN configured to VLAN interface vlan30 Initially the EPSR ring is complete with port1 0 2 blocking data VLANs vlan20 and vlan30 and some broadcast traffic flowing through If the user removes v...

Page 445: ...ure terminal awplus config port vlan forwarding priority loop protection To set EPSR Loop Protection and MAC Thrashing protection protocols to have equal priority for port forwarding and blocking whic...

Page 446: ...ted primary Mode VLAN Configuration Examples awplus configure terminal awplus config vlan database awplus config vlan vlan 2 name vlan2 state enable awplus config vlan vlan 3 name vlan3 state enable a...

Page 447: ...vlan id remove secondary vlan id no private vlan primary vlan id association Mode VLAN Configuration Examples The following commands associate primary VLAN 2 with secondary VLAN 3 awplus configure te...

Page 448: ...otection is set as the highest priority for determining whether a port forwards a VLAN as set by the port vlan forwarding priority command For more information about EPSR see the EPSR Feature Overview...

Page 449: ...nd awplus show vlan 2 Output Figure 15 2 Example output from the show vlan command Related Commands vlan Parameter Description 1 4094 Display information about the VLAN specified by the VLAN ID all Di...

Page 450: ...VLANs Syntax show vlan access map name Mode User Exec Privileged Exec Example To display the ACLs in all access maps use the command awplus show vlan access map Output Figure 15 3 Example output from...

Page 451: ...ode User Exec Privileged Exec Example To display information about the filter that uses the access map named deny_all use the command awplus show vlan filter deny_all Output Figure 15 4 Example output...

Page 452: ...ation and associations Syntax show vlan private vlan Mode User Exec and Privileged Exec Example To display the private VLAN configuration and associations enter the command awplus show vlan private vl...

Page 453: ...witchports using the negated form of this command Mode Interface Configuration Usage Any untagged frame received on this port will be associated with the specified VLAN Examples To change the port bas...

Page 454: ...access ingress filter enable disable Default By default ports are in access mode with ingress filtering on Usage Use access mode to send untagged frames only Mode Interface Configuration Example awplu...

Page 455: ...ace port1 0 2 awplus config if switchport mode private vlan host awplus config interface port1 0 3 awplus config if switchport mode private vlan promiscuous awplus config interface port1 0 4 awplus co...

Page 456: ...is disabled as a promiscuous port Mode Interface Configuration Usage A port must be put in trunk mode with switchport mode trunk command before it can be enabled as a promiscuous port To add VLANs to...

Page 457: ...s config vlan exit awplus config interface port1 0 2 awplus config if switchport mode trunk awplus config if switchport trunk allowed vlan add 2 4 awplus config if switchport mode private vlan trunk p...

Page 458: ...in trunk mode is enabled to be a secondary port for isolated VLANs by default it will have a native VLAN of none no native VLAN specified Mode Interface Configuration Usage A port must be put in trunk...

Page 459: ...lus config vlan private vlan 2 isolated awplus config vlan exit awplus config interface port1 0 3 awplus config if switchport mode trunk awplus config if switchport trunk allowed vlan add 2 awplus con...

Page 460: ...the default VLAN vlan1 and have ingress filtering on Mode Interface Configuration Usage Aportin trunkmodecan be a tagged member ofmultipleVLANs and anuntagged member of one native VLAN To configure w...

Page 461: ...command to remove the association Syntax switchport private vlan host association primary vlan id add secondary vlan id no switchport private vlan host association Mode Interface Configuration Example...

Page 462: ...switchport private vlan mapping Mode Interface Configuration Usage This command can be applied to a switch port or a static channel group but not a dynamic LACP channel group LACP channel groups dyna...

Page 463: ...and remove parameters will add and remove VLANs to and from the port s member set See the note below about restrictions when using the add remove except and all parameters Parameter Description all Al...

Page 464: ...6 awplus config if switchport trunk allowed vlan except 3 4 Then the configuration is changed after entering the above commands to remove VLAN 3 To add a VLAN where the configuration for port1 0 6 sho...

Page 465: ...t trunk allowed vlan add 2 The following shows adding a range of VLANs to the port s member set awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk allowed vl...

Page 466: ...following commands show configuration of VLAN 2 as the native VLAN for port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk native vlan 2 The followi...

Page 467: ...e Interface Configuration Usage Use VLAN stacking to separate traffic from different customers to that they can be managed over a provider network Note that you must also set an MRU of 1504 or higher...

Page 468: ...e advertised Mode Interface Configuration Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the po...

Page 469: ...Mode Interface Configuration Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the port using this...

Page 470: ...Operating System Version 5 4 7 0 x VLAN COMMANDS SWITCHPORT VOICE VLAN Egress VLAN Name 58 in the RADIUS Accept message when authenticating a phone attached to this port Tosettheseattributes ontheloc...

Page 471: ...tag also known as the Class of Service CoS or 802 1p priority When LLDP MED capable IP phones receivethis network policy information they transmitvoicedata with the specified priority Syntax switchpor...

Page 472: ...e mtu Default By default VLANs are enabled when they are created Mode VLAN Configuration Examples To enable vlan 45 use the commands awplus configure terminal awplus config vlan database awplus config...

Page 473: ...LAN ACLs and ACL processing order Use the no variant of this command to delete a VLAN access map Syntax vlan access map name no vlan access map name Default By default no VLAN access maps exist Mode G...

Page 474: ...ter the VLAN Configuration mode Syntax vlan database Mode Global Configuration Usage Use this command to enter the VLAN configuration mode You can then add or delete a VLAN or modify its values Exampl...

Page 475: ...efault no VLAN filters exist Mode Global Configuration Example To apply ACL 3001 to VLAN 48 where the ACL drops IP traffic from any source to any destination use the commands awplus configure terminal...

Page 476: ...and MSTP on page 479 debug mstp RSTP and STP on page 480 instance priority MSTP on page 484 instance vlan MSTP on page 486 region MSTP on page 488 revision MSTP on page 489 show debugging mstp on page...

Page 477: ...n page 524 spanning tree guard root on page 525 spanning tree hello time on page 526 spanning tree link type on page 527 spanning tree max age on page 528 spanning tree max hops MSTP on page 529 spann...

Page 478: ...age Use this command with the instance parameter in MSTP mode Specifying this command with the interface parameter only not the instance parameter will work in STP and RSTP mode Examples awplus clear...

Page 479: ...ew Use this command to clear the detected protocols for a specific port or all ports Use this command in RSTP or MSTP mode only Syntax clear spanning tree detected protocols interface port Mode Privil...

Page 480: ...1 Use the debug mstp topology change interface command to generate debugging messageswhen the device receives an indicationof a topology change in a BPDU from another device The debugging can be acti...

Page 481: ...his command uses the keyword mstp it displays debugging output for RSTP and STP protocols as well as the MSTP protocol Due to the likely volume of output these debug messages are best viewed using the...

Page 482: ...IST int pathcost 0 17 23 42 awplus MSTP 1417 CIST bridge id 0000 0000cd1000fe 17 23 42 awplus MSTP 1417 CIST hops remaining 20 17 23 42 awplus MSTP 1417 MSTI flags Agree Forward Learn role Desig 17 23...

Page 483: ...ebugging mstp terminal monitor undebug mstp awplus terminal monitor awplus debug mstp packet rx decode interface port1 0 4 awplus 17 30 17 awplus MSTP 1417 port1 0 4 xSTP BPDU rx start 17 30 17 awplus...

Page 484: ...instance MSTP selects the device with the lowest MAC address to be the root bridge Give the device a higher priority for becoming the root bridge for a particular instance by assigning it a lower pri...

Page 485: ...0M Series 485 AlliedWare Plus Operating System Version 5 4 7 0 x SPANNING TREE COMMANDS INSTANCE PRIORITY MSTP Related Commands region MSTP revision MSTP show spanning tree mst config spanning tree ms...

Page 486: ...MST Configuration Usage The VLANs must be created before being associated with an MST instance MSTI If the VLAN range is not specified the MSTI will not be created This command removes the specified...

Page 487: ...eference for GS970M Series 487 AlliedWare Plus Operating System Version 5 4 7 0 x SPANNING TREE COMMANDS INSTANCE VLAN MSTP Related Commands region MSTP revision MSTP show spanning tree mst config spa...

Page 488: ...t to the default Syntax region region name no region Default By default the region name is My Name Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI c...

Page 489: ...n revision number Default The default of revision number is 0 Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same o...

Page 490: ...ion on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mstp Mode User Exec and Privileged Exec mode Exam...

Page 491: ...nter has been included for RSTP and MSTP You can see the topology change counter for RSTP by using the show spanning tree command You can see the topology change counter for MSTP by using the show spa...

Page 492: ...Timer 0 topo change timer 0 port1 0 1 forward transitions 0 port1 0 1 Version Rapid Spanning Tree Protocol Received None Send STP port1 0 1 No portfast configured Current portfast off port1 0 1 portfa...

Page 493: ...t1 0 3 Designated Path Cost 0 port1 0 3 Configured Path Cost 200000 Add type Explicit ref count 1 port1 0 3 Designated Port Id 839f Priority 128 port1 0 3 Root 80000000cd20f093 port1 0 3 Designated Br...

Page 494: ...the topology change counter for MSTP by using the show spanning tree mst instance command Example To display a summary of spanning tree status information use the command awplus show spanning tree bri...

Page 495: ...ce Configuration Example To display bridge level information about the CIST and VLAN to MSTI mappings enter the command awplus show spanning tree mst Output Figure 16 5 Example output from show spanni...

Page 496: ...sage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example To display MSTP c...

Page 497: ...ff2d 1 CIST Reg Root Id 80000000cd24ff2d 1 CIST Bridge Id 80000000cd24ff2d 1 portfast bpdu filter disabled 1 portfast bpdu guard disabled 1 portfast errdisable timeout disabled 1 portfast errdisable t...

Page 498: ...egional Root 80000000cd24ff2d port1 0 3 Designated Bridge 80000000cd24ff2d port1 0 3 Message Age 0 Max Age 20 port1 0 3 CIST Hello Time 2 Forward Delay 15 port1 0 3 CIST Forward Timer 0 Msg Age Timer...

Page 499: ...ort e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward...

Page 500: ...o point Current shared Instance 2 Vlans 2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Priority 32768 1 MSTI Root Id 80020000cd24ff2d 1 MSTI Bridge Id 80020000cd24ff2d port1 0 2 Port 5002 Id 8...

Page 501: ...Exec Privileged Exec and Interface Configuration Example To display detailed information for instance 2 and all switch ports associated with that instance use the command awplus show spanning tree mst...

Page 502: ...ee mst instance 2 interface port1 0 2 Output Figure 16 10 Example output from show spanning tree mst instance Parameter Description instance id Specify an MSTP instance in the range 1 15 port The port...

Page 503: ...instance and all interfaces associated with them for port1 0 4 use the command awplus show spanning tree mst interface port1 0 4 Output Figure 16 11 Example output from show spanning tree mst interfa...

Page 504: ...ort e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward...

Page 505: ...o point Current shared Instance 2 Vlans 2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Priority 32768 1 MSTI Root Id 80020000cd24ff2d 1 MSTI Bridge Id 80020000cd24ff2d port1 0 2 Port 5002 Id 8...

Page 506: ...display BPDU statistics for all spanning tree instances and all switch ports associated with all spanning tree instances use the command awplus show spanning tree statistics Output Figure 16 13 Exampl...

Page 507: ...llo timer INACTIVE Hello Time Value 0 Forward Delay Timer INACTIVE Forward Delay Timer Value 0 Message Age Timer INACTIVE Message Age Timer Value 0 Topology Change Timer INACTIVE Topology Change Timer...

Page 508: ...spanning tree statistics instance instance id Mode Privileged Exec Example To display BPDU statistics information for MST instance 2 and all switch ports associated with that MST instance use the comm...

Page 509: ...ormation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree statistics instance instance id interfac...

Page 510: ...d for Instance 1 INST_PORT port1 0 2 Information Statistics Config Bpdu s xmitted port inst 0 0 Config Bpdu s received port inst 0 0 TCN Bpdu s xmitted port inst 0 0 TCN Bpdu s received port inst 0 0...

Page 511: ...about each MST instance for port1 0 2 use the command awplus show spanning tree statistics interface port1 0 2 Output Figure 16 16 Example output from show spanning tree statistics interface Parameter...

Page 512: ...0 Message Age Timer INACTIVE Message Age Timer Value 0 Topology Change Timer INACTIVE Topology Change Timer Value 0 Hold Timer INACTIVE Hold Timer Value 0 Other Port Specific Info Max Age Transitions...

Page 513: ...them including the VLAN range index value for the device Syntax show spanning tree vlan range index Mode Privileged Exec Example To display information about MST instances and the VLANs associated wi...

Page 514: ...an edge port If it does not receive any BPDUs in the first three seconds after linkup enabling or entering RSTP or MSTP mode it sets itself to be an edgeport and enters the forwarding state Use this...

Page 515: ...roprietary STP protocols with unsupported BPDUs by forwarding BDPU Bridge Protocol Data Unit frames unchanged through the switch You must disable RSTP with the no spanning tree rstp enable command bef...

Page 516: ...untagged frames in Global Configuration mode with STP disabled which forwards any ingress STP BPDU frames to all ports that are untagged members of the ingress port s native VLAN enter the commands a...

Page 517: ...the switched LAN running the AlliedWare Plus Operating System must have Cisco interoperability enabled When the AlliedWare Plus Operating System is interoperating with Cisco the only criteria used to...

Page 518: ...utput of some show commands Use the no variant of this command to set a port to its default state not an edge port Syntax spanning tree edgeport no spanning tree edgeport Default Not an edge port Mode...

Page 519: ...the spanning tree mode is set to RSTP To change the mode see spanning tree mode command Examples To enable STP in Global Configuration mode enter the below commands awplus configure terminal awplus c...

Page 520: ...s Operating System Version 5 4 7 0 x SPANNING TREE COMMANDS SPANNING TREE ENABLE To disable RSTP in Global Configuration mode enter the below commands awplus configure terminal awplus config no spanni...

Page 521: ...tree errdisable timeout enable no spanning tree errdisable timeout enable Default By default the errdisable timeout is disabled Mode Global Configuration Usage The BPDU guard feature shuts down the p...

Page 522: ...by the BPDU guard feature Use this command for RSTP or MSTP Syntax spanning tree errdisable timeout interval 10 1000000 no spanning tree errdisable timeout interval Default By default the port is re e...

Page 523: ...Mode Interface Configuration mode for a switch port interface only Examples Set the value to enforce the spanning tree protocol STP awplus configure terminal awplus config interface port1 0 2 awplus c...

Page 524: ...ing to learning and from learning to forwarding This value is used only when the device is acting as the root bridge Devices not acting asthe RootBridgeuse adynamic valuefor the forwarddelayset by the...

Page 525: ...use this command for RSTP STP or MSTP Use the no variant of this command to disable the root guard feature for the port Syntax spanning tree guard root no spanning tree guard root Mode Interface Confi...

Page 526: ...o restore the default of the hello time Syntax spanning tree hello time hello time no spanning tree hello time Default Default is 2 seconds Mode Global Configuration and Interface Configuration for sw...

Page 527: ...variant of this command to return the port to the default link type Syntax spanning tree link type point to point shared no spanning tree link type Default The default link type is point to point Mode...

Page 528: ...efault of spanning tree max age is 20 seconds Mode Global Configuration Usage Max age is the maximum time in seconds for which a message is considered valid Configure this value sufficiently high so t...

Page 529: ...tax spanning tree max hops hop count no spanning tree max hops hop count Default The default max hops in a MST region is 20 Mode Global Configuration Usage Specifying the max hops for a BPDU prevents...

Page 530: ...panning tree protocol mode on the device is RSTP Mode Global Configuration Usage With no configuration the device will have spanning tree enabled and the spanning tree mode will be set to RSTP Use thi...

Page 531: ...nfiguration Overview Use this command to enter the MST Configuration mode to configure the Multiple Spanning Tree Protocol Syntax spanning tree mst configuration Mode Global Configuration Examples The...

Page 532: ...ation mode for a switch port or channel group Usage You can disable automatic configuration of member ports of a VLAN to an associated MSTI by using a no spanning tree mst instance command to remove t...

Page 533: ...rom the IEEE 802 1q 2003 standard Mode Interface Configuration mode for a switch port interface only Usage Before you can use this command to set a path cost in a VLAN configuration you must explicitl...

Page 534: ...eturn the path cost to its default value on instance 3 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no spanning tree mst instance 3 path cost Related C...

Page 535: ...MSTI The port with the lowest value has the highest priority so it will be chosen as root port over a port that is equivalent in all other aspects but with a higher priority value Examples To set the...

Page 536: ...nce instance id restricted role Default The restricted role for an MSTI instance on a switch port is disabled by default Mode Interface Configuration mode for a switch port interface only Usage The ro...

Page 537: ...erating System Version 5 4 7 0 x SPANNING TREE COMMANDS SPANNING TREE MST INSTANCE RESTRICTED ROLE Related Commands instance vlan MSTP spanning tree priority port priority spanning tree mst instance s...

Page 538: ...e instance id restricted tcn no spanning tree mst instance instance id restricted tcn Default Disabled By default switch ports propagate TCNs Mode Interface Configuration mode for a switch port interf...

Page 539: ...to the port s path cost for the CIST Syntax spanning tree path cost pathcost no spanning tree path cost Default The default path cost values and the range of recommended path cost values depend on the...

Page 540: ...ax spanning tree portfast no spanning tree portfast Default Not an edge port Mode Interface Configuration mode for a switch port interface only Usage Portfast makes a port move from a blocking state t...

Page 541: ...7 0 x SPANNING TREE COMMANDS SPANNING TREE PORTFAST STP Example awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast Related Commands spanning tree edgep...

Page 542: ...ter Default BPDU Filter is not enabled on any ports by default Mode Global Configuration and Interface Configuration Usage This command filters the BPDUs and passes only data to continue to act as an...

Page 543: ...TFAST BPDU FILTER To enable STP BPDU filtering in Interface Configuration mode enter the commands awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast bp...

Page 544: ...s by default Mode Global Configuration or Interface Configuration Usage This command blocks the port s to all devices and data when enabled BPDU Guard is a port security feature that changes how a por...

Page 545: ...ently running values of bpdu guard Example To enable STP BPDU guard in Global Configuration mode enter the below commands awplus configure terminal awplus config spanning tree portfast bpdu guard To e...

Page 546: ...n MSTP mode is configured this will apply to the CIST Use the no variant of this command to reset it to the default Syntax spanning tree priority priority no spanning tree priority Default The default...

Page 547: ...to the default Syntax spanning tree priority priority no spanning tree priority Default The default priority is 128 Mode Interface Configuration mode for a switch port interface only Usage To force a...

Page 548: ...for a switch port interface only to restrict the port from becoming a root port Use the no variant of this command to disable the restricted role functionality Syntax spanning tree restricted role no...

Page 549: ...idge Protocol Data Units from being sent on a port If this command is enabled after a topology change a bridge is prevented from sending a TCN to its designated bridge Use the no variant of this comma...

Page 550: ...Overview Use this command to set the maximum number of BPDU transmissions that are held back Use the no variant of this command to restore the default transmit hold count value Syntax spanning tree tr...

Page 551: ...nd Reference for GS970M Series 551 AlliedWare Plus Operating System Version 5 4 7 0 x SPANNING TREE COMMANDS UNDEBUG MSTP undebug mstp Overview This command applies the functionality of the no debug m...

Page 552: ...ows across the links as evenly as possible Link aggregation hashes one or more of the source and destination MAC address IP address and UDP TCP ports to select a link on which to send a packet So pack...

Page 553: ...orm load balancing on page 563 show debugging lacp on page 564 show diagnostic channel group on page 565 show etherchannel on page 567 show etherchannel detail on page 568 show etherchannel summary on...

Page 554: ...same port speed and be in full duplex mode Once the LACP channel group has been created it is treated as a device port and can be referred to in most other commands that apply to device ports To refe...

Page 555: ...face port1 0 6 awplus config if channel group 2 mode active To remove device port1 0 6 from any created LACP channel groups use the command below awplus configure terminal awplus config interface port...

Page 556: ...GREGATION COMMANDS CLEAR LACP COUNTERS clear lacp counters Overview Use this command to clear all counters of all present LACP aggregators channel groups or a given LACP aggregator Syntax clear lacp 1...

Page 557: ...g lacp all Related Commands show debugging lacp undebug lacp Parameter Description all Turn on all debugging for LACP cli Specifies debugging for CLI messages Echoes commands to the console event Spec...

Page 558: ...e Global Configuration Usage Do not mix LACP configurations manual and dynamic When LACP global passive mode is turned on by using the lacp global passive mode enable command we do not recommend using...

Page 559: ...aggregation based on their priority with the higher priority numerically lower ports selected first Use the no variant of this command to reset the priority of port to the default Syntax lacp port pri...

Page 560: ...ning the system responsible for resolving conflicts in the choice of aggregation groups Use the no variant of this command to reset the system priority of the local system to the default Syntax lacp s...

Page 561: ...ation if no updates are seen for 3 seconds i e 3 consecutive updates are lost The device indicates its preference by means of the Timeout field in the Actor section of its LACPDUs If the Timeout field...

Page 562: ...lliedWare Plus Operating System Version 5 4 7 0 x LINK AGGREGATION COMMANDS LACP TIMEOUT The following commands set the LACP short timeout for 1 second on port1 0 2 awplus configure terminal awplus co...

Page 563: ...load balancing Default The default is src dst ip Mode Global configuration Examples To set the load balancing algorithm to include only Layer 2 MAC addresses enter awplus configure terminal awplus co...

Page 564: ...ommand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging lacp Mode User Exec and Privileged Exec Example awplus show debugging lacp Out...

Page 565: ...annel group Mode User Exec and Privileged Exec Example awplus show diagnostic channel group Output Figure 17 2 Example output from the show diagnostic channel group command awplus show diagnostic chan...

Page 566: ...7 0 x LINK AGGREGATION COMMANDS SHOW DIAGNOSTIC CHANNEL GROUP Related Commands show tech support Channel Group Info based on HW Note Pos position in hardware table Only entries from first device are...

Page 567: ...ration Guide which is available on our website at alliedtelesis com Syntax show etherchannel 1 32 Mode User Exec and Privileged Exec Example awplus show etherchannel Output Figure 17 3 Example output...

Page 568: ...Exec and Privileged Exec Example awplus show etherchannel detail Output Example output from show etherchannel detail awplus show etherchannel detail Aggregator po1 IfIndex 4601 Mac address 00 00 cd 3...

Page 569: ...the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show etherchannel summary Mode User Exec and Privileged...

Page 570: ...ACP system ID and priority For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our websit...

Page 571: ...rmation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show...

Page 572: ...etherchannel Parameter Description port Name of the device port to display LACP information about awplus show port etherchannel port1 0 2 LACP link info port1 0 2 7007 Link port1 0 2 IfIndex 7007 Agg...

Page 573: ...miting command is set to vlan disable the output will also show the VLANs on which thrashing is detected For information on filtering and saving command output see the Getting Started with AlliedWare...

Page 574: ...to be removed the static channel group is deleted All the ports in a channel group must have the same VLAN configuration they must belong to the same VLANs and have the same tagging status and can on...

Page 575: ...the commands awplus configure terminal awplus config interface sa2 awplus config if To make it possible to use QoS Storm Protection on static channel group 2 on port1 0 6 with an ACL named test acl u...

Page 576: ...Command Reference for GS970M Series 576 AlliedWare Plus Operating System Version 5 4 7 0 x LINK AGGREGATION COMMANDS UNDEBUG LACP undebug lacp Overview This command applies the functionality of the no...

Page 577: ...the PoE Feature Overview and Configuration_Guide the Support for Allied Telesis Enterprise_MIBs_in AlliedWare Plus for information about which PoE MIB objects are supported theSNMPFeatureOverviewand C...

Page 578: ...re Plus Operating System Version 5 4 7 0 x POWER OVER ETHERNET COMMANDS show debugging power inline on page 591 show power inline on page 592 show power inline counters on page 595 show power inline i...

Page 579: ...621 Syntax clear power inline counters interface port list Mode Privileged Exec Usage The PoE counters are displayed with the show power inline counters command Examples To clear the PoE counters for...

Page 580: ...f PoE event and info debug messages on the console use the following commands awplus terminal monitor awplus debug power inline event info To enable PoE debugging and start the display of all PoE debu...

Page 581: ...01 Rev C Command Reference for GS970M Series 581 AlliedWare Plus Operating System Version 5 4 7 0 x POWER OVER ETHERNET COMMANDS DEBUG POWER INLINE Related Commands show debugging power inline termin...

Page 582: ...of pre IEEE 802 3af Power Ethernet standard legacy Powered Devices PDs Syntax power inline allow legacy no power inline allow legacy Default Detection of legacy PDs is enabled on all ports Mode Global...

Page 583: ...a list of PoE ports or a range of PoE ports with the preceding interface to configure command If you specify a range or list of ports they must all be PoE capable ports Examples To add the description...

Page 584: ...sabled Syntax power inline enable no power inline enable Default PoE is enabled by default on all ports Mode Interface Configuration for one or more ports Usage No PoE log messages are generated for p...

Page 585: ...o variant of this command sets the maximum power supplied to a PoE port to the default which is set to the maximum power limit for the class of the connected Powered Device PD Syntax power inline max...

Page 586: ...e at the PD Examples To set the maximum power supplied to ports in the range port1 0 1 to port1 0 4 to 6450mW per port use the following commands awplus configure terminal awplus config interface port...

Page 587: ...priorities for two PoE ports are the same then the lower numbered PoE port is given power before the higher numbered PoE port See the PoE Feature Overview and Configuration Guide for further informati...

Page 588: ...E PRIORITY To reset the priority level to the default of low on port1 0 1 to port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 1 port1 0 4 awplus config if...

Page 589: ...er usage threshold is 80 of the nominal power rating Mode Global Configuration Usage Use the snmp server enable trap command to configure SNMP notification An SNMP notification is sent when the usage...

Page 590: ...for all PoE ports Syntax service power inline no service power inline Default PoE functionality is enabled by default Mode Global Configuration Examples To disable PoE use the following commands awpl...

Page 591: ...ging power inline Mode User Exec and Privileged Exec Example To display PoE debug settings use the following command awplus show debugging power inline Output Figure 18 1 Example output from the show...

Page 592: ...370W Power Allocated 246W Actual Power Consumption 151W Operational Status On Power Usage Threshold 80 296W PoE Interface Interface Admin Pri Oper Power Device Class Max mW port1 0 1 Enabled Low Power...

Page 593: ...er inline priority command Low is the lowest priority this is the default High is the second highest priority Crit critical is the highest priority If the switch cannot supply all ports it will supply...

Page 594: ...cription is shown for PDs not configured with the power inline description command Class The class of the connected PD if power is being supplied to the PD Max mW The power in milliwatts mW allocated...

Page 595: ...d Configuration Guide Syntax show power inline counters port list Mode User Exec and Privileged Exec Examples To display all PoE event counters for all PoE ports use the command awplus show power inli...

Page 596: ...signal has been lost The PoE MPS signal is lost when a PD is disconnected from the PSE Also increments pethPsePortMPSAbsentCounter in the PoE MIB Overload The number of instances when a PD exceeds its...

Page 597: ...ific information for the port range1 0 1 to 1 0 4 use the following command awplus show power inline interface port1 0 1 port1 0 4 Output Figure 18 4 Example output from the show power inline interfac...

Page 598: ...e not connected to a PD Disabled displays if the PoE port is administratively disabled Syncing displays if PoE is still initializing the port when you issue the command Fault displays if there is a pr...

Page 599: ...E port specific information for the port range 1 0 1 to 1 0 3 use the command awplus show power inline interface port1 0 1 1 0 3 detail Output Figure 18 5 Example output from the show power inline int...

Page 600: ...from the PSE Denied displays when supplying power would make the PSE go over the power budget Disabled displays when the PoE port is administratively disabled Off displays when PoE has been disabled...

Page 601: ...Command Reference for GS970M Series 601 AlliedWare Plus Operating System Version 5 4 7 0 x POWER OVER ETHERNET COMMANDS SHOW POWER INLINE INTERFACE DETAIL Related Commands show power inline show powe...

Page 602: ...C613 50163 01 Rev C Command Reference for GS970M Series 602 AlliedWare Plus Operating System Version 5 4 7 0 x Part 3 Layer 3 Switching...

Page 603: ...view and Configuration Guide Command List arp aging timeout on page 605 arp mac disparity on page 606 arp IP address MAC on page 609 arp log on page 610 arp opportunistic nd on page 613 arp reply bc d...

Page 604: ...ev C Command Reference for GS970M Series 604 AlliedWare Plus Operating System Version 5 4 7 0 x IP ADDRESSING AND PROTOCOL COMMANDS tcpdump on page 636 traceroute on page 637 undebug ip packet interfa...

Page 605: ...oes not fill with entries for hosts that are no longer active Static ARP entries are not aged or automatically deleted By default the time limit for dynamic ARP entries is 300 seconds on all interface...

Page 606: ...the disparate ARP has a multicast MAC address in the ARP reply the switch drops the ARP reply and does not learn any associated addresses If the disparate ARP has a unicast MAC address in the ARP repl...

Page 607: ...a disparate ARP response an ARP entry is created for the IP MAC in the content of the ARP packet The difference with the arp mac disparity multicast igmp command is that the egress port is set to the...

Page 608: ...IP ADDRESSING AND PROTOCOL COMMANDS ARP MAC DISPARITY To disable support for MS NLB in unicast mode on interface vlan2 use the following commands awplus configure terminal awplus config interface vla...

Page 609: ...mac address port number alias no arp ip addr Mode Global Configuration Examples To add the IP address 10 10 10 9 with the MAC address 0010 2533 4655 into the ARP cache and have your device respond to...

Page 610: ...ve the option to change how the MAC address is displayed in the ARP log message The output can either use the notation HHHH HHHH HHHH or HH HH HH HH HH HH Enter arp log to use HHHH HHHH HHHH notation...

Page 611: ...wplus configure terminal awplus config arp log awplus config exit awplus show log include ARP_LOG 2016 Oct 6 06 21 01 user notice awplus HSL 1007 ARP_LOG port1 0 1 vlan1 add 0013 4078 3b98 192 168 2 4...

Page 612: ...w log include ARP_LOG Parameter Description ARP_LOG Indicates that ARP log entry information follows port number Indicates device port number for the ARP log entry vid Indicates the VLAN ID for the AR...

Page 613: ...guration Usage When opportunistic neighbor discovery is enabled the device will reply to any received unsolicited ARP packets but not gratuitous ARP packets The source MAC address for the unsolicited...

Page 614: ...onses that contain a broadcast destination MAC Use the no variant of this command to turn off processing of ARP replies that arrive with a broadcast destination MAC Syntax arp reply bc dmac no arp rep...

Page 615: ...ip address Mode Privileged Exec Usage To display the entries in the ARP cache use the show arp command To remove static ARP entries use the no variant of the arp IP address MAC command Example To clea...

Page 616: ...rface to show debugging for either all interfaces or a single interface all Specify all Layer 3 interfaces on the device ip address Specify an IPv4 address If this keyword is specified then only packe...

Page 617: ...s on the device use the command awplus debug ip packet interface all To turn on TCP packet debugging on vlan1 and IP address 192 168 2 4 use the command awplus debug ip packet interface vlan1 address...

Page 618: ...configure a primary address on the interface before configuring a secondary address NOTE Use show running config interface not show ip interface brief when you need to view a secondary address configu...

Page 619: ...COL COMMANDS IP ADDRESS IP ADDRESSING AND PROTOCOL To add the IP address 10 10 11 50 24 to the local loopback interface lo use the following commands awplus configure terminal awplus config interface...

Page 620: ...Default The default Gratuitous ARP time limit for all switchports is 8 seconds Mode Global Configuration Usage Every switchport will send a sequence of 3 Gratuitous ARP packets to each VLAN that the s...

Page 621: ...ng System Version 5 4 7 0 x IP ADDRESSING AND PROTOCOL COMMANDS IP GRATUITOUS ARP LINK To restrict the sending of Gratuitous ARP packets to one every 20 seconds use the commands awplus configure termi...

Page 622: ...ce Usage ICMP redirect messages are used to notify hosts that a better route is available to a destination ICMP redirects are used when a packet is routed into the device on the same interface that th...

Page 623: ...se these messages to obtain information regarding the topology of a network Disabling destination unreachable messages using the no ip unreachables command secures your network against this type of pr...

Page 624: ...e destination unreachable messages use the commands awplus configure terminal awplus config no ip unreachables To enable destination unreachable messages use the commands awplus configure terminal awp...

Page 625: ...it in the IP header interval 0 128 Specify the time interval in seconds between sending ping packets The default is 1 You can use decimal places to specify fractions of a second For example to ping ev...

Page 626: ...ser Exec and Privileged Exec Usage Running this command with no additional parameters will display all entries in the ARP routing and forwarding table Example To display all ARP entries in the ARP cac...

Page 627: ...how arp command Parameter Meaning IP Address IP address of the network device this entry maps to MAC Address Hardware address of the network device Interface Interface over which the network device is...

Page 628: ...lay theIP interface debugging statuswhen theterminal monitoroff use the command awplus terminal no monitor awplus show debug ip packet Output Figure 19 4 Example output from the show debugging ip pack...

Page 629: ...v C Command Reference for GS970M Series 629 AlliedWare Plus Operating System Version 5 4 7 0 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW DEBUGGING IP PACKET Related Commands debug ip packet interface t...

Page 630: ...rmation for the assigned IP address for interface port1 0 2 use the command awplus show ip interface port1 0 2 brief To show the IP addresses assigned to vlan2 and vlan3 use the command awplus show ip...

Page 631: ...verify that the socket being used is opening correctly If there is a local and remote endpoint a connection is established with the ports indicated Note that this command does not display sockets tha...

Page 632: ...his column are tcp IP Protocol 6 udp IP Protocol 17 raw Indicates that socket is for a non port orientated protocol i e a protocol other than TCP or UDP where all packets of a specified IP protocol ty...

Page 633: ...socket any source port will be accepted This is indicated by For active TCP sessions the IP address will display the remote address and port the session was established with For raw sockets the entry...

Page 634: ...ode Privileged Exec Example To display IP traffic statistics use the command awplus show ip traffic Output Figure 19 8 Example output from the show ip traffic command IP 261998 packets received 261998...

Page 635: ...s 635 AlliedWare Plus Operating System Version 5 4 7 0 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW IP TRAFFIC 155 delayed acks sent 21187 headers predicted 736 pure ACKs 80497 pure ACKs predicted UDP 1...

Page 636: ...ump Syntax tcpdump line Mode Privileged Exec Example To start a tcpdump running to capture IP packets enter the command awplus tcpdump ip Output Figure 19 9 Example output from the tcpdump command Rel...

Page 637: ...MMANDS TRACEROUTE traceroute Overview Use this command to trace the route to the specified IPv4 host Syntax traceroute ip addr hostname Mode User Exec and Privileged Exec Example awplus traceroute 10...

Page 638: ...M Series 638 AlliedWare Plus Operating System Version 5 4 7 0 x IP ADDRESSING AND PROTOCOL COMMANDS UNDEBUG IP PACKET INTERFACE undebug ip packet interface Overview This command applies the functional...

Page 639: ...to configure the Domain Name Service DNS client For more information about DNS for Switches see the Domain Name System DNS for AlliedWare Plus Switches Feature Overview and Configuration Guide Command...

Page 640: ...d deletes a domain from the list Syntax ip domain list domain name no ip domain list domain name Mode Global Configuration Usage If there are no domains in the DNS list then your device uses the domai...

Page 641: ...and disables the DNS client The client will not attempt to resolve domain names You must use IP addresses to specify hosts in commands Syntax ip domain lookup no ip domain lookup Mode Global Configura...

Page 642: ...ame Mode Global Configuration Usage If there are no domains in the DNS list created using the ip domain list command then your device uses the domain specified with this command If any domain exists i...

Page 643: ...a DNS name server to forward requests to Name servers can be learned through the following means Manual configuration using the ip name server command Learned from DHCP server with Option 6 This comma...

Page 644: ...nd output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show hosts Mode User Exec and Privileged Exec Example To display the default domain use the comma...

Page 645: ...s when sending a DNS inquiry to a DNS server For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip...

Page 646: ...ncomplete hostnames when sending a DNS inquiry to a DNS server For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Gu...

Page 647: ...the ip name server command For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip name server Mode...

Page 648: ...ess on page 651 ipv6 address autoconfig on page 653 ipv6 enable on page 655 ipv6 eui64 linklocal on page 657 ipv6 forwarding on page 658 ipv6 multicast forward slow path packet on page 659 ipv6 nd acc...

Page 649: ...and Reference for GS970M Series 649 AlliedWare Plus Operating System Version 5 4 7 0 x IPV6 COMMANDS show ipv6 neighbors on page 673 show ipv6 route on page 674 show ipv6 route summary on page 676 tra...

Page 650: ...AlliedWare Plus Operating System Version 5 4 7 0 x IPV6 COMMANDS CLEAR IPV6 NEIGHBORS clear ipv6 neighbors Overview Use this command to clear all dynamic IPv6 neighbor entries Syntax clear ipv6 neighb...

Page 651: ...ge Note that link local addresses are retained in the system until they are negated by using the no variant of the command that established them See the ipv6 enable command for more information Also n...

Page 652: ...for GS970M Series 652 AlliedWare Plus Operating System Version 5 4 7 0 x IPV6 COMMANDS IPV6 ADDRESS Related Commands ipv6 address autoconfig ipv6 enable ipv6 eui64 linklocal show running config show...

Page 653: ...scovery messages Configured routers respond with a Router Advertisement RA containing configuration parameters for IPv6 hosts The SLAAC process derives the interface identifier of the IPv6 address fro...

Page 654: ...d Reference for GS970M Series 654 AlliedWare Plus Operating System Version 5 4 7 0 x IPV6 COMMANDS IPV6 ADDRESS AUTOCONFIG Related Commands ipv6 address ipv6 enable show ipv6 interface brief show ipv6...

Page 655: ...ion Routing does not forward packets with link local addresses IPv6 requires that a link local address is assigned to each interface that has the IPv6 protocol enabled and when addresses are assigned...

Page 656: ...d Reference for GS970M Series 656 AlliedWare Plus Operating System Version 5 4 7 0 x IPV6 COMMANDS IPV6 ENABLE Related Commands ipv6 address ipv6 address autoconfig show ipv6 interface brief show ipv6...

Page 657: ...ocal address on an IPv6 enabled interface Syntax ipv6 eui64 linklocal no ipv6 eui64 linklocal Default The command ipv6 eui64 linklocal is enabled by default on any IPv6 enabled interface Mode Interfac...

Page 658: ...g globally for all interface on your device with this command Use the no variant of this command to disable IPv6 unicast forwarding globally for all interfaces on your device IPv6 unicast forwarding a...

Page 659: ...he smallest MTU among the outgoing interfaces for the multicast group It will also ensure that a received packet that is larger than the MTU value will result in the generation of an ICMP Too Big mess...

Page 660: ...led on an interface SLAAC is also enabled SLAAC addressing along with the EUI 64 process uses the prefix information included in a received RA to generate an automatic link local address on the IPv6 i...

Page 661: ...t The RA interval for a VLAN interface is unset by default Mode Interface Configuration for a VLAN interface Examples To set the minimum RA interval for the VLAN interface vlan2 use the following comm...

Page 662: ...Interface Configuration for a VLAN interface Usage Advertisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command as shown in the example below Example To set the...

Page 663: ...rd blocks RAs from untrusted hosts Blocking RAs stops untrusted hosts from flooding malicious RAs and stops any misconfigured hosts from disrupting traffic on the local network Enabling RA Guard on a...

Page 664: ...dWare Plus Operating System Version 5 4 7 0 x IPV6 COMMANDS IPV6 ND RAGUARD Output Exampleoutputfromusing showrunning configinterfaceport1 0 2toverify RA Guard Related Commands show running config int...

Page 665: ...uto configuration Use no parameter with this command to enable Router Advertisement transmission Syntax ipv6 nd suppress ra no ipv6 nd suppress ra Default Router Advertisement RA transmission is suppr...

Page 666: ...r a specific IPv6 neighbor entry To clear all dynamic address entries use the clear ipv6 neighbors command Example To create a static neighbor entry for IPv6 address 2001 0db8 a2 on vlan 4 MAC address...

Page 667: ...nfiguration Usage When opportunistic neighbor discovery is enabled the device will reply to any received unsolicited ICMPv6 ND packets The source MAC address for the unsolicited ICMPv6 ND packet is ad...

Page 668: ...ateway ip gateway name distvalue Mode Global Configuration Usage Administrative distance can be modified so static routes do not take priority over other routes Example awplus configure terminal awplu...

Page 669: ...ges to obtain information regarding the topology of a network Disabling destination unreachable messages using the no ipv6 unreachables command secures your network against this type of probing NOTE D...

Page 670: ...The number of data bytes to send excluding the 8 byte ICMP header The default is 56 64 ICMP data bytes interface interface list The interface or range of configured IP interfaces to use as the source...

Page 671: ...IPV6 COMMANDS SHOW IPV6 FORWARDING show ipv6 forwarding Overview Use this command to display IPv6 forwarding status Syntax show ipv6 forwarding Mode User Exec and Privileged Exec Example awplus show...

Page 672: ...arted with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 interface brief Mode User Exec and Privileged Exec Examples awplus show ipv6 interface brief Output Figure 21 2 Exa...

Page 673: ...PV6 COMMANDS SHOW IPV6 NEIGHBORS show ipv6 neighbors Overview Use this command to display all IPv6 neighbors For information on filtering and saving command output see the Getting Started with AlliedW...

Page 674: ...tion connected Displays only the routes learned from connected interfaces database Displays only the IPv6 routing information extracted from the database static Displays only the IPv6 static routes yo...

Page 675: ...e entries for an IP route use the following command awplus show ipv6 route database Output Figure 21 4 Example output of the show ipv6 route database command IPv6 Routing Table Codes C connected S sta...

Page 676: ...see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 route summary Mode User Exec and Privileged Exec Example To display IP route summary use the fol...

Page 677: ...route to the specified IPv6 host Syntax traceroute ipv6 ipv6 addr hostname Mode User Exec and Privileged Exec Example To run a traceroute for the IPv6 address 2001 0db8 a2 use the following command aw...

Page 678: ...mmands that are common across the routing IP protocols For more information see the Route Selection Feature Overview and Configuration Guide Command List ip route on page 679 ipv6 route on page 681 ma...

Page 679: ...over other routes Examples To add the destination 192 168 3 0 with the mask 255 255 255 0 as a static route available through the device at 10 10 0 2 with the default administrative distance use the...

Page 680: ...th the default administrative distance use the commands awplus configure terminal awplus config no ip route 192 168 3 0 255 255 255 0 10 10 0 2 To add the destination 192 168 3 0 with the mask 255 255...

Page 681: ...gateway ip gateway name distvalue Mode Global Configuration Usage Administrative distance can be modified so static routes do not take priority over other routes Example awplus configure terminal awp...

Page 682: ...mmands awplus config terminal awplus config max fib routes 2000 75 Parameter Description max fib routes This is the maximum number of routes that can be stored in the device s Forwarding Information d...

Page 683: ...maximum number of static routes to the default of 1000 static routes Syntax max static routes 1 1000 no max static routes Default The default number of static routes is the maximum number of static ro...

Page 684: ...e FIB use the command awplus show ip route static Output Eachentry inthe outputfromthiscommandhasa codepreceding it indicating the source of the routing entry The first few lines of the output list th...

Page 685: ...routes are marked as Connected routes C and always preferred over routes for the same network learned from other routing protocols Related Commands ip route show ip route database Codes C connected S...

Page 686: ...ged Exec Example To display the static routes in the RIB use the command awplus show ip route database static Output Figure 22 2 Example output from the show ip route database command Related Commands...

Page 687: ...utput modifiertoken to save the output to a file use the output redirection token Syntax show ip route summary Mode User Exec and Privileged Exec Example To display a summary of the current RIB entrie...

Page 688: ...ption connected Displays only the routes learned from connected interfaces database Displays only the IPv6 routing information extracted from the database static Displays only the IPv6 static routes y...

Page 689: ...ase entries for an IP route use the following command awplus show ipv6 route database Output Figure 22 5 Example output of the show ipv6 route database command IPv6 Routing Table Codes C connected S s...

Page 690: ...t see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 route summary Mode User Exec and Privileged Exec Example To display IP route summary use the fo...

Page 691: ...behavior on page 695 cisco metric behavior RIP on page 697 clear ip rip route on page 698 debug rip on page 699 default information originate RIP on page 700 default metric RIP on page 701 distance RI...

Page 692: ...offset list RIP on page 726 passive interface RIP on page 727 recv buffer size RIP on page 728 redistribute RIP on page 729 restart rip graceful on page 730 rip restart grace period on page 731 route...

Page 693: ...s configure terminal awplus config key chain mychain awplus config keychain key 1 awplus config keychain key accept lifetime 03 03 01 Sep 3 2016 04 04 02 Oct 6 2016 Parameter Description start date Sp...

Page 694: ...g System Version 5 4 7 0 x RIP COMMANDS ACCEPT LIFETIME or awplus configure terminal awplus config key chain mychain awplus config keychain key 1 awplus config keychain key accept lifetime 03 03 01 3...

Page 695: ...RIP being advertised does not match the subnetting used on the outgoing RIPv1 interface it will be filtered The alliedware behavior command returns your router s RIPv1 behavior to the AlliedWare form...

Page 696: ...evice to AlliedWare Plus like behavior when sending and receiving RIPv1 update messages enter the commands awplus configure terminal awplus config router rip awplus config router no alliedware behavio...

Page 697: ...behavior enable disable no cisco metric behavior Default By default the Cisco metric behavior is disabled Mode Router Configuration Examples To enable the routing metric update to behave as per the Ci...

Page 698: ...ip rip route 10 0 0 0 8 Parameter Description ip dest network prefix length Removes entries which exactly match this destination address from RIP routing table Enter the IP address and prefix length o...

Page 699: ...Mode Privileged Exec and Global Configuration Example The following example displays information about the RIP packets that are received and sent out from the device awplus debug rip packet Related C...

Page 700: ...are being redistributed the RIP protocol will advertise this default route irrespective of whether the default information originate command has been configured or not However if the router has not re...

Page 701: ...o 1 Mode RIP Router Configuration Usage This command is used with the redistribute RIP command to make the routing protocol use the specified metric value for all redistributed routes regardless of th...

Page 702: ...ip addr prefix length access list Mode RIP Router Configuration Examples To set the administrative distance to 8 for the RIP routes within the 10 0 0 0 8 network that match the access list mylist use...

Page 703: ...ates using access list or prefix list If you do not specify the name of the interface the filter will be applied to all interfaces Examples In this example the following commands are used to apply an...

Page 704: ...lupdate is configured the device advertises the full RIP route table in outgoing triggered updates including routes that have not changed This enables faster convergence times or allows inter operatio...

Page 705: ...ication Use the ip rip authentication key chain command for multiple keys authentication See the RIP Feature Overview and Configuration Guide for illustrated RIP configuration examples For multiple ke...

Page 706: ...s config keychain key key string toyota awplus config keychain key accept lifetime 10 00 00 Oct 08 2016 duration 43200 awplus config keychain key send lifetime 10 00 00 Oct 08 2016 duration 43200 awpl...

Page 707: ...single key authentication Use the ip rip authentication key chain command for multiple keys authentication See the RIP Feature Overview and Configuration Guide for illustrated RIP configuration examp...

Page 708: ...on for the given interface text or MD5 using the following commands awplus config if ip rip authentication mode md5 text Example 1 In the following example of a configuration for multiple keys authent...

Page 709: ...e 3 The following example specifies mykey as the authentication string with MD5 authentication for the VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ip...

Page 710: ...RIP Feature Overview and Configuration Guide Use the following steps to configure a route to enable RIPv2 authentication using a single key or password 1 Define the authentication string or password...

Page 711: ...e following example the VLAN interface vlan2 is configured to have an authentication string as guest Any received RIP packet in that interface should have the same string as password awplus configure...

Page 712: ...eption of RIP packets Use the no variant of this command to disable this feature Syntax ip rip receive packet no ip rip receive packet Default Receive packet is enabled Mode Interface Configuration fo...

Page 713: ...ific VLAN interface and overrides any the version specified by the version RIP command RIP can be run in version 1 or version 2 mode Version 2 has more features than version 1 in particular RIP versio...

Page 714: ...he current interface Use the no variant of this command to disable this feature Syntax ip rip send packet no ip rip send packet Default Send packet is enabled Mode Interface Configuration for a VLAN i...

Page 715: ...more features than version 1 in particular RIP version 2 supports authentication and classless routing Once the RIP version is set RIP packets of that version will be received and sent on all the RIP...

Page 716: ...d to send RIP version 1 packets only awplus configure terminal awplus config interface vlan4 awplus config if ip rip send version 1 In the following example the VLAN interface vlan4 is configured to s...

Page 717: ...he version RIP command RIP can be run in version 1 compatible mode Version 2 has more features than version 1 in particular RIP version 2 supports authentication and classless routing Once the RIP ver...

Page 718: ...3 50163 01 Rev C Command Reference for GS970M Series 718 AlliedWare Plus Operating System Version 5 4 7 0 x RIP COMMANDS IP RIP SEND VERSION 1 COMPATIBLE Related Commands ip rip send version version R...

Page 719: ...luding routes in updates sent to the same gateway from which they were learned Without the poisoned parameter using this command causes routes learned from a neighbor to be omitted from updates sent t...

Page 720: ...no key keyid Mode Keychain Configuration Usage This command allows you to enter the keychain key mode where a password can be set for the key Example The following example configures a key number 1 an...

Page 721: ...eys Syntax key chain key chain name no key chain key chain name Mode Global Configuration Usage This command allows you to enter the keychain mode from which you can specify keys on this key chain Exa...

Page 722: ...amples In the following example the password for key1 in the key chain named mychain is set to password prime awplus configure terminal awplus config key chain mychain awplus config keychain key 1 awp...

Page 723: ...limiting of the number of RIP routes stored in the routing table Syntax maximum prefix maxprefix threshold no maximum prefix Mode Router Configuration Example To configure the maximum number of RIP ro...

Page 724: ...mand to exchange nonbroadcast routing information It can be used multiple times for additional neighbors The passive interface RIP command disables sending routing updates on an interface Use the neig...

Page 725: ...ed network or VLANs will be automatically advertised in RIP updates RIP updates will be sent and received within the specified network or VLAN Example Use the following commands to activate RIP routin...

Page 726: ...networks match the access list the offset is applied to the metrics No change occurs if the offset value is zero Examples In this example the router examines the RIP updates being sent out from interf...

Page 727: ...ce Use the no variant of this command to disable this function Syntax passive interface interface no passive interface interface Default Disabled Mode RIP Router Configuration Example Use the followin...

Page 728: ...ffer size to the system default 196608 bits Syntax recv buffer size 8192 2147483647 no recv buffer size 8192 2147483647 Default 196608 bits is the system default when reset using the no variant of thi...

Page 729: ...ode RIP Router Configuration Example To apply the metric value 15 to static routes being redistributed into RIP use the commands awplus configure terminal awplus config router rip awplus config router...

Page 730: ...d is executed the RIP process immediately shuts down It notifies the system that RIP has performed a graceful shutdown Routes that have been installed into the route table by RIP are preserved until t...

Page 731: ...ful restart Use the no variant of this command to disable this function Syntax rip restart grace period 1 65535 no rip restart grace period 1 65535 Mode Global Configuration Default The default RIP gr...

Page 732: ...ngth Default No static RIP route is added by default Mode RIP Router Configuration Usage Use this command to add a static RIP route After adding the RIP route the route can be checked in the RIP routi...

Page 733: ...ess Use the no variant of this command to disable the RIP routing process Syntax router rip no router rip Mode Global Configuration Example This command is used to begin the RIP routing process awplus...

Page 734: ...config keychain key send lifetime 03 03 01 Jan 3 2016 04 04 02 Dec 6 2016 Parameter Description start date Specifies the start time and date in the format hh mm ss day month year or hh mm ss month day...

Page 735: ...C613 50163 01 Rev C Command Reference for GS970M Series 735 AlliedWare Plus Operating System Version 5 4 7 0 x RIP COMMANDS SEND LIFETIME Related Commands key key string key chain accept lifetime...

Page 736: ...ugging status for these debugging options nsmdebugging RIP eventdebugging RIP packet debugging and RIP nsm debugging For information on filtering and saving command output see the Getting Started with...

Page 737: ...us show ip protocols rip Output Figure 23 1 Example output from the show ip protocols rip command Routing Protocol is rip Sending updates every 30 seconds with 50 next due in 12 seconds Timeout after...

Page 738: ...Feature Overview and Configuration Guide Syntax show ip rip Mode User Exec and Privileged Exec Example awplus show ip rip Output Figure 23 2 Example output from the show ip rip command Related Comman...

Page 739: ...out the RIP database For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip rip database full Mode...

Page 740: ...ce Overview Use this command to display information about the RIP interfaces You can specify an interface name to display information about a specific interface Syntax show ip rip interface interface...

Page 741: ...e specified by the garbage parameter expires the metric 16 route is finally removed from the routing table Until the garbage time expires the route is included in all updates sent by the router All th...

Page 742: ...nts nsm packet Mode Privileged Exec Example To disable the options set for debugging RIP information events use the following command awplus undebug rip packet Related Commands debug rip Parameter Des...

Page 743: ...ion will be received and sent on all the RIP enabled interfaces Setting the version command has no impact on receiving updates only on sending them The ip rip send version command overrides the value...

Page 744: ...C613 50163 01 Rev C Command Reference for GS970M Series 744 AlliedWare Plus Operating System Version 5 4 7 0 x Part 4 Multicast Applications...

Page 745: ...lticasting This chapter describes the commands to configure IGMP Querier behaviour and selection and IGMP Snooping Command List clear ip igmp on page 747 clear ip igmp group on page 748 clear ip igmp...

Page 746: ...suppression on page 773 ip igmp snooping routermode on page 774 ip igmp snooping tcn query solicit on page 776 ip igmp source address check on page 778 ip igmp static group on page 779 ip igmp startup...

Page 747: ...AND IGMP SNOOPING COMMANDS CLEAR IP IGMP clear ip igmp Overview Use this command to clear all IGMP group membership records on all interfaces Syntax clear ip igmp Mode Privileged Exec Example awplus c...

Page 748: ...nterface can be specified Specifying this will mean that only entries with the group learned on the interface will be deleted Examples To delete all group records use the command awplus clear ip igmp...

Page 749: ...particular interface Syntax clear ip igmp interface interface Mode Privileged Exec Usage This command applies to interfaces configured for IGMP or IGMP Snooping Example To delete records for vlan1 use...

Page 750: ...component of IGMP Syntax debug igmp all decode encode events fsm tib no debug igmp all decode encode events fsm tib Modes Privileged Exec and Global Configuration Example awplus configure terminal awp...

Page 751: ...t of this command to return all IGMP related configuration to the default on this interface Syntax ip igmp no ip igmp Default Disabled Mode Interface Configuration for a VLAN interface Usage An IP add...

Page 752: ...yntax ip igmp access group access list number access list name no ip igmp access group Default By default there are no access lists configured on any interface Mode Interface Configuration for a VLAN...

Page 753: ...L2 switched network running IGMP it is considered more robust to flood all specific queries In most cases the benefit of flooding specific queries to all VLAN member ports outweighs the disadvantages...

Page 754: ...name no ip igmp immediate leave Default Disabled by default Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP or IGMP Snooping Exampl...

Page 755: ...ery count 2 7 no ip igmp last member query count Default The default last member query count value is 2 Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces...

Page 756: ...mp last member query interval Default 1000 milliseconds Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP or IGMP Snooping Example To...

Page 757: ...e default limit which is reset by the no variant of this command is 512 Mode Global Configuration and Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configu...

Page 758: ...port Usage We recommend using this command with IGMP snooping fast leave on the relevant VLANs To enable fast leave use the command awplus config if ip igmp snooping fast leave Thedevicekeepscountofth...

Page 759: ...nts to 10 groups on port 1 0 1 which is in vlan1 use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if ip igmp maximum groups 10 awplus config if exit awplus co...

Page 760: ...t The default timeout interval is 255 seconds Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP The timeout value should not be less t...

Page 761: ...if a stream of Query Solicitation QS packets are sent to the IGMP Querier eliciting a rapid stream of IGMP Queries This command applies to interfaces on which the device is acting as an IGMP Querier...

Page 762: ...GS970M Series 762 AlliedWare Plus Operating System Version 5 4 7 0 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP QUERY HOLDTIME Related Commands ip igmp query interval ip igmp snooping tcn query solicit s...

Page 763: ...d for IGMP Note that the IGMP query interval is automatically set to a greater value than the IGMP query max response time For example if you set the IGMP query max response time to 2 seconds using th...

Page 764: ...reset the period between sending IGMP host query messages to the default 125 seconds for vlan10 use the following commands awplus configure terminal awplus config interface vlan10 awplus config if no...

Page 765: ...ple if you set the IGMP query interval to 3 seconds using the ip igmp query interval command and the current IGMP query interval is less than 3 seconds then the IGMP query maximum response time will b...

Page 766: ...eference for GS970M Series 766 AlliedWare Plus Operating System Version 5 4 7 0 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP QUERY MAX RESPONSE TIME Related Commands ip igmp query interval show ip igmp i...

Page 767: ...options are ignored Use the no variant of this command to disable strict RA option validation Syntax ip igmp ra option no ip igmp ra option Default The default state of RA validation is unset Mode Int...

Page 768: ...ce Syntax ip igmp robustness variable 1 7 no ip igmp robustness variable Default The default robustness variable value is 2 Mode Interface Configuration for a VLAN interface Usage This command applies...

Page 769: ...disabled globally Syntax ip igmp snooping no ip igmp snooping Default By default IGMP Snooping is enabled both globally and on all VLANs Mode Global Configuration and Interface Configuration for a VLA...

Page 770: ...up message is received without sending out a group specific query Use the no variant of this command to disable fast leave processing Syntax ip igmp snooping fast leave no ip igmp snooping fast leave...

Page 771: ...to remove the static configuration of the port as a multicast router port Syntax ip igmp snooping mrouter interface port no ip igmp snooping mrouter interface port Mode Interface Configuration for a...

Page 772: ...IP address because it only masquerades as a proxy IGMP querier for faster network convergence It does not start or automatically cease the IGMP Querier operation if it detects query message s from a m...

Page 773: ...e already downstream ports for this group on this interface Use the no variant of this command to disable report suppression Syntax ip igmp snooping report suppression no ip igmp snooping report suppr...

Page 774: ...iguration Parameter Description all All reserved multicast addresses 224 0 0 x Packets from all possible addresses in range 224 0 0 x are treated as coming from routers default Default set of reserved...

Page 775: ...TERMODE Examples To set ip igmp snooping routermode for all default reserved addresses enter awplus config ip igmp snooping routermode default To remove the multicast address 224 0 0 5 from the custom...

Page 776: ...enabled by default and cannot be disabled using the Global Configuration mode command However Query Solicitation can be disabled for specified interfaces using the no variant of this command from the...

Page 777: ...configure terminal awplus config no ip igmp snooping tcn query solicit To enable Query Solicitation for vlan2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if...

Page 778: ...guration for a VLAN interface Usage This is a security feature and should be enabled unless IGMP Reports from outside the local subnet are expected for example if Multicast VLAN Registration is active...

Page 779: ...mbership entries Syntax ip igmp static group ip address source ip source addr interface port no ip igmp static group ip address source ip source addr interface port Mode Interface Configuration for a...

Page 780: ...7 0 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP STATIC GROUP Example The following example show how to statically add group and source records for IGMP on vlan3 awplus configure terminal awplus config...

Page 781: ...p The default IGMP startup query count is 2 Syntax ip igmp startup query count startup query count no ip igmp startup query count Default The default IGMP startup query count is 2 Mode Interface Confi...

Page 782: ...rval Default The default IGMP startup query interval is one quarter of the IGMP query interval value NOTE The IGMP startup query interval must be one quarter of the IGMP query interval Mode Interface...

Page 783: ...ce mode for one or more switch ports or aggregators Usage Because all ports are trusted by default use this command in its no variant to stop IGMP processing packets on ports you do not trust For exam...

Page 784: ...rface Use the no variant of this command to return to the default version Syntax ip igmp version 1 3 no ip igmp version Default The default IGMP version is 3 Mode Interface Configuration for a VLAN in...

Page 785: ...the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging igmp Mode User Exec and Privileged Exec Example To display the IGMP debugging options set enter...

Page 786: ...A B C D interface Interface name for which to display local information IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter 224 0 1 1 port1 0 1 00 00 09 00 04 17 10 1...

Page 787: ...on 5 4 7 0 x IGMP AND IGMP SNOOPING COMMANDS SHOW IP IGMP GROUPS Expires Time in hours minutes and seconds until the entry expires Last Reporter Last host to report being a member of the multicast gro...

Page 788: ...specify a switch port number the output displays the number of groups the port belongs to and the port s group membership limit if a limit has been set with the command ip igmp maximum groups awplus...

Page 789: ...me is 500 milliseconds IGMP querier timeout is 255 seconds IGMP max query response time is 10 seconds Last member query response interval is 1000 milliseconds Group Membership interval is 260 seconds...

Page 790: ...ation Guide Syntax show ip igmp snooping mrouter interface interface Mode User Exec and Privileged Exec Example To show all multicast router interfaces use the command awplus show ip igmp snooping mro...

Page 791: ...ng command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip igmp snooping routermode Mode User Exec and Privileged Exec Example To show the r...

Page 792: ...nterface vlan1 vlan2 Output Figure 24 6 Example output from the show ip igmp snooping statistics command for VLANs Parameter Description ip address Optionally specify the address of the multicast grou...

Page 793: ...4 7 0 x IGMP AND IGMP SNOOPING COMMANDS SHOW IP IGMP SNOOPING STATISTICS Figure 24 7 Example output from the show ip igmp snooping statistics command for a switch port awplus show ip igmp interface p...

Page 794: ...mand Reference for GS970M Series 794 AlliedWare Plus Operating System Version 5 4 7 0 x IGMP AND IGMP SNOOPING COMMANDS UNDEBUG IGMP undebug igmp Overview This command applies the functionality of the...

Page 795: ...clear ipv6 mld interface on page 798 debug mld on page 799 ipv6 mld immediate leave on page 800 ipv6 mld limit on page 801 ipv6 mld snooping on page 803 ipv6 mld snooping fast leave on page 805 ipv6...

Page 796: ...tem Version 5 4 7 0 x MLD SNOOPING COMMANDS CLEAR IPV6 MLD clear ipv6 mld Overview Use this command to clear all MLD local memberships on all interfaces Syntax clear ipv6 mld Mode Privileged Exec Exam...

Page 797: ...a particular group Syntax clear ipv6 mld group ipv6 address Mode Privileged Exec Example awplus clear ipv6 mld group Related Commands clear ipv6 mld clear ipv6 mld interface Parameter Description Clea...

Page 798: ...clear ipv6 mld interface Overview Use this command to clear MLD interface entries Syntax clear ipv6 mld interface interface Mode Privileged Exec Example awplus clear ipv6 mld interface vlan2 Related C...

Page 799: ...ncode events fsm tib no debug mld all decode encode events fsm tib Mode Privileged Exec and Global Configuration Examples awplus configure terminal awplus config debug mld all awplus configure termina...

Page 800: ...example shows how to enable the immediate leave feature on an interface for a specific range of multicast groups In this example the router assumes that the group access list consists of groups that...

Page 801: ...learned with the ipv6 mld limit command The default limit of group membership entries that can be learned is 512 entries Mode Global Configuration and Interface Configuration for a specified VLAN int...

Page 802: ...ing awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 mld limit 100 The following example configures an MLD limit of 100 group membe...

Page 803: ...enabled both globally and on all VLANs Mode Global Configuration and Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage For MLD Snooping to operate on particula...

Page 804: ...lan2 enter the following commands awplus configure terminal awplus config interface vlan2 awplus config no ipv6 mld snooping To disable MLD Snooping for the VLAN interfaces vlan2 vlan4 enter the follo...

Page 805: ...fast leave processing Syntax ipv6 mld snooping fast leave no ipv6 mld snooping fast leave Default MLD Snooping fast leave processing is disabled Mode Interface Configuration for a specified VLAN inte...

Page 806: ...interface Note that if static IPv6 multicast routing is being used with EPSR and the destination VLAN is an EPSR data VLAN then multicast router mrouter ports must be statically configured This minimi...

Page 807: ...interface to the multicast router for VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld snooping mrouter interface port1 0 5 This example shows how...

Page 808: ...on Syntax ipv6 mld snooping querier no ipv6 mld snooping querier Mode Interface Configuration for a specified VLAN interface Usage This command can only be configured on a single VLAN interface not on...

Page 809: ...aybe configured to suppress reports from hosts When a querier sends a query only the first report for particular set of group s from a host will be forwarded to the querier by the MLD Snooping device...

Page 810: ...ersion 5 4 7 0 x MLD SNOOPING COMMANDS IPV6 MLD SNOOPING REPORT SUPPRESSION This example shows how to disable report suppression for MLD reports on VLAN interfaces vlan2 vlan4 awplus configure termina...

Page 811: ...dd a static group record use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld static group ff1e 10 To add a static group and source record use t...

Page 812: ...ting System Version 5 4 7 0 x MLD SNOOPING COMMANDS IPV6 MLD STATIC GROUP To add a static group record on a specific port on vlan2 use the following commands awplus configure terminal awplus config in...

Page 813: ...mld command For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mld Mode Privileged Exec...

Page 814: ...ace detail Mode User Exec and Privileged Exec Examples The following command displays local membership information for all interfaces awplus show ipv6 mld groups Output Figure 25 2 Example output for...

Page 815: ...rfaces enabled for MLD awplus show ipv6 mld interface Output Parameter Description interface Interface name awplus show ipv6 mld interface Interface vlan1 Index 301 MLD Enabled Active Querier Version...

Page 816: ...c and Privileged Exec Examples The following command displays the multicast router interfaces in vlan2 awplus show ipv6 mld snooping mrouter vlan2 Output The following command displays the multicast r...

Page 817: ...ping statistics interface interface Mode User Exec and Privileged Exec Example The following command displays MLDv2 statistical information for vlan1 awplus show ipv6 mld snooping statistics interface...

Page 818: ...1 0db8 32 is ff3x 20 2001 0db8 64 Where an RP address is 2001 0db8 1 the embedded RP multicast prefix is ff7x 120 2001 0db8 96 For ASM Any Source Multicast the IPV6 multicastaddressesallocatedfor docu...

Page 819: ...st packet on page 829 ip multicast route limit on page 830 ip multicast wrong vif suppression on page 831 ip multicast routing on page 832 ipv6 mroute on page 833 ipv6 multicast route limit on page 83...

Page 820: ...entries in its IPv4 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to the multicast protocols Each multicast protocol has its own clear mult...

Page 821: ...ntries from the IP multicast routing table Syntax clear ip mroute statistics ipv4 group addr ipv4 source addr Mode Privileged Exec Example awplus clear ip mroute statistics 225 1 1 2 192 168 4 4 awplu...

Page 822: ...outing Information Base MRIB clears the relevant IPv6 multicast route entries in its IPv6 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to t...

Page 823: ...e the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes cantake over from previous static IPv6 multicast routes Syntax clear ipv6 mroute statisti...

Page 824: ...f the smallest MTU among the outgoing interfaces for the multicast group It will also ensure that a received packet that is larger than the MTU value will result in the generation of an ICMP Too Big m...

Page 825: ...nsm mcast fib msg awplus configure terminal awplus config debug nsm mcast mrt awplus configure terminal awplus config debug nsm mcast mtrace awplus configure terminal awplus config debug nsm mcast mtr...

Page 826: ...wplus configure terminal awplus config debug nsm mcast6 all awplus configure terminal awplus config debug nsm mcast6 fib msg awplus configure terminal awplus config debug nsm mcast6 mif awplus configu...

Page 827: ...that source This command enables the user to statically configure the device with multicast routes back to given sources When performing the RPF check on a stream from a given IPv4 source the multicas...

Page 828: ...raversed in order to arrive at the current router Examples The following example creates a static multicast IPv4 route back to the sources in the 10 10 3 0 24 subnet The multicast route is via the hos...

Page 829: ...that create the multicast route possibly causing degradation in the quality of the multicast stream such as the pixelation of video and audio data NOTE If you use this command ensure that the ip igmp...

Page 830: ...Configuration Usage This command limits the number of multicast IPv4 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter i...

Page 831: ...ong vif suppression no ip multicast wrong vif suppression Default By default this feature is disabled Mode Global Configuration Usage Use this command if there is excessive CPU load and multicast traf...

Page 832: ...st routing no ip multicast routing Default By default IPv4 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base M...

Page 833: ...ia different paths to those used for unicast In this case the interface via which a multicast stream from a given source enters a router may not be the same as the interface that connects to the best...

Page 834: ...e current router will forward multicast instead it refers to the route the multicast will have traversed in order to arrive at the current router Examples The following example creates a static multic...

Page 835: ...l Configuration Usage This command limits the number of multicast IPv6 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter...

Page 836: ...ticast routing Default By default IPv6 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base MRIB cleans up Multic...

Page 837: ...not be forwarded to other VLANs but ports in the same VLANs as the receiving port will still receive the multicast packets CAUTION We do not recommend disabling multicast routing in a live network So...

Page 838: ...oup and source IPv4 address Figure 26 1 Example output from the show ip mroute command Parameter Description ipv4 group addr Group IPv4 address in dotted decimal notation in the format A B C D ipv4 so...

Page 839: ...3 uptime 00 03 24 stat expires 00 01 28 Owner PIM SM Flags TF Incoming interface vlan2 Outgoing interface list vlan3 1 awplus show ip mroute count IP Multicast Statistics Total 1 routes using 132 byte...

Page 840: ...Output Figure 26 5 Example output from the show ip mvif command Figure 26 6 Example output from the show ip mvif command with the interface parameter vlan2 specified Parameter Description interface Th...

Page 841: ...show ip rpf Overview Use this command to display Reverse Path Forwarding RPF information for the specified IPv4 source address Syntax show ip rpf source addr Mode User Exec and Privileged Exec Exampl...

Page 842: ...mple output of this command displaying the IPv6 multicast routing table for a single static IPv6 Multicast route Figure 26 7 Example output from the show ipv6 mroute command Parameter Description ipv6...

Page 843: ...tistics Total 1 routes using 152 bytes memory Route limit Route threshold 1024 1024 Total NOCACHE WRONGmif WHOLEPKT recv from fwd 6 0 0 Total NOCACHE WRONGmif WHOLEPKT sent to clients 6 0 0 Immediate...

Page 844: ...status of multicast forwarding slow path packet setting Syntax show ipv6 multicast forwarding Mode User Exec Example To show the status of the multicast forwarding slow path packet setting use the fol...

Page 845: ...ow ipv6 mif awplus show ipv6 mif vlan2 Output Figure 26 11 Example output from the show ipv6 mif command Figure 26 12 Example output from the show ipv6 mif command with the interface parameter vlan2 s...

Page 846: ...C613 50163 01 Rev C Command Reference for GS970M Series 846 AlliedWare Plus Operating System Version 5 4 7 0 x Part 5 Access and Security...

Page 847: ...the command title ends with words in parentheses these words indicate usage instead of keywords to enter into the CLI For example the title access list numbered hardware ACL for ICMP indicates that th...

Page 848: ...s access list numbered hardware ACL for IP packets Global Configuration awplus config access list numbered hardware ACL for ICMP Global Configuration awplus config access list numbered hardware ACL fo...

Page 849: ...sses on page 863 access list numbered hardware ACL for TCP or UDP on page 866 access list hardware named hardware ACL on page 870 named hardware ACL ICMP entry on page 872 named hardware ACL IP packet...

Page 850: ...h a filter is permitted Usage FirstcreateanIPaccess listthatappliestheappropriatepermit denyrequirements with the access list numbered hardware ACL for IP packets command the access list numbered hard...

Page 851: ...hw acl to switch port interface port1 0 2 enter the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if access group hw acl To apply an ACL to static channe...

Page 852: ...list Syntax access list 3000 3699 action icmp source ip dest ip icmp type number vlan 1 4094 no access list 3000 3699 Parameter Description 3000 3699 An ID number for this hardware IP access list act...

Page 853: ...ll destination addresses The following are the valid formats for specifying the destination any Match any destination IP address host ip addr Match a single destination host with the IP address given...

Page 854: ...hem to the CPU the mirror port or a specific VLAN on a specific port Use such ACLs with caution They could prevent control packets from reaching the correct destination such as EPSR healthcheck messag...

Page 855: ...for GS970M Series 855 AlliedWare Plus Operating System Version 5 4 7 0 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS ACCESS LIST NUMBERED HARDWARE ACL FOR ICMP Command changes Version 5 4 6 2 1 sen...

Page 856: ...ax access list 3000 3699 action ip source ip dest ip vlan 1 4094 no access list 3000 3699 Table 27 2 IP and ICMP parameters in access list hardware IP numbered Parameter Description 3000 3699 An ID nu...

Page 857: ...hin the specified subnet Specify the subnet by entering a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 dest ip The destinatio...

Page 858: ...e correct destination such as EPSR healthcheck messages and VCStack messages Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To create an access list that will perm...

Page 859: ...st Syntax access list 3000 3699 action proto 1 255 source ip dest ip vlan 1 4094 no access list 3000 3699 Table 27 3 Parameters in access list hardware IP numbered Parameter Description 3000 3699 An I...

Page 860: ...al format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 dest ip The destination addresses to match against You can specify a single host a subnet or all destination...

Page 861: ...monitoring RFC869 27 RDP Reliable Data Protocol RFC908 28 IRTP Internet Reliable Transaction Protocol RFC938 29 ISO TP4 ISO Transport Protocol Class 4 RFC905 30 Bulk Data Transfer Protocol RFC969 33...

Page 862: ...nt control packets from reaching the correct destination such as EPSR healthcheck messages and VCStack messages Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To c...

Page 863: ...nner vlan 1 4094 no access list 4000 4699 Parameter Description 4000 4699 Hardware MAC access list action The action that the switch will take on matching packets deny Reject packets that match the so...

Page 864: ...ss unless explicitly denied by an ACL action Examples To create an access list that will permit packets with a source MAC address of 0000 00ab 1234 and any destination address use the commands awplus...

Page 865: ...0 00ab use the commands awplus configure terminal awplus config access list 4001 copy to mirror 0000 00ab 1234 0000 0000 FFFF any You also need to configure the mirror port with the mirror interface c...

Page 866: ...re access list Syntax access list 3000 3699 action tcp udp source ip source ports dest ip dest ports vlan 1 4094 no access list 3000 3699 Parameter Description 3000 3699 An ID number for this hardware...

Page 867: ...DP port numbers Port numbers are specified as integers between 0 and 65535 You can specify one or more port numbers as follows eq 0 65535 Match a single port number lt 0 65535 Match all port numbers t...

Page 868: ...ess unless explicitly denied by an ACL action Examples To create an access list that will permit TCP packets with a destination address of 192 168 1 1 a destination port of 80 and any source address a...

Page 869: ...they have a destination addressof 192 168 1 1 adestinationport of80 and anysourceaddress and source port enter the commands awplus configure terminal awplus config access list 3000 copy to mirror tcp...

Page 870: ...IPv4 Hardware ACL Configuration mode If the named hardware ACL does not exist it will be created after entry If the named hardware ACL already exists then this command puts you into IPv4 Hardware ACL...

Page 871: ...5 4 7 0 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS ACCESS LIST HARDWARE NAMED HARDWARE ACL Related Commands access group named hardware ACL ICMP entry named hardware ACL IP protocol entry named...

Page 872: ...gitssequencenumber e g nopermiticmp192 168 1 0 24any icmp type 11 You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access unless ex...

Page 873: ...k Match any source IP address within the specified subnet Specify the subnet by entering a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192...

Page 874: ...f you do not specify a sequence number the switch puts the entry at the end of the ACL and assigns it the next available multiple of 10 as its sequence number Then use the access group or the match ac...

Page 875: ...e of 5 use the commands awplus configure terminal awplus config access list hardware my list awplus config ip hw acl 100 permit icmp 192 168 1 0 24 any icmp type 5 To remove an access list filter entr...

Page 876: ...s sequence number e g no deny ip 192 168 0 0 16 any You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access unless explicitly denie...

Page 877: ...bnet by entering the IPv4 address then a forward slash then the prefix length ip addr reverse mask Match any source IP address within the specified subnet Specify the subnet by entering a reverse mask...

Page 878: ...C address a range through a mask the address learned from DHCP snooping or any any Match against any source MAC address source mac The source MAC address to match against followed by the mask Enter th...

Page 879: ...he access list named my list that will permit any IP packet with a source address of 192 168 1 1 use the commands awplus configure terminal awplus config access list hardware my list awplus config ip...

Page 880: ...umber e g no deny proto 2 192 168 0 0 16 any You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access unless explicitly denied by an...

Page 881: ...ip addr Match a single source host with the IP address given by ip addr in dotted decimal notation ip addr prefix Match any source IP address within the specified subnet Specify the subnet by enterin...

Page 882: ...HHH HHHH where each H is a hexadecimal number Enter the mask in the format HHHH HHHH HHHH where each H is a hexadecimal number For a mask each value is either 0 or F where FF Ignore and 00 Match dhcps...

Page 883: ...ring RFC869 27 RDP Reliable Data Protocol RFC908 28 IRTP Internet Reliable Transaction Protocol RFC938 29 ISO TP4 ISO Transport Protocol Class 4 RFC905 30 Bulk Data Transfer Protocol RFC969 33 DCCP Da...

Page 884: ...e multiple of 10 as its sequence number Then use the access group or the match access group command to apply this ACL to a port VLAN or QoS class map Note that the ACL will only apply to incoming data...

Page 885: ...lus Operating System Version 5 4 7 0 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS NAMED HARDWARE ACL IP PROTOCOL ENTRY match access group show running config show access list IPv4 Hardware ACLs Co...

Page 886: ...g its sequence number e g no permit mac aaaa bbbb cccc 0000 0000 0000 any You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access u...

Page 887: ...will only apply to incoming data packets You can use ACLs to redirect packets by sending them to the CPU the mirror port or a specific VLAN on a specific port Use such ACLs with caution They could pre...

Page 888: ...onfig access list hardware my list awplus config ip hw acl permit mac 0000 00ab 1234 0000 0000 0000 any To remove a filter entry that permit packets with a source MAC address of 0000 00ab 1234 and any...

Page 889: ...specifying its sequence number e g no permit udp 192 168 0 0 16 any You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access unless...

Page 890: ...ring the IPv4 address then a forward slash then the prefix length ip addr reverse mask Match any source IP address within the specified subnet Specify the subnet by entering a reverse mask in dotted d...

Page 891: ...able multiple of 10 as its sequence number host ip addr Match a single destination host with the IP address given by ip addr in dotted decimal notation ip addr prefix Match any destination IP address...

Page 892: ...uch ACLs with caution They could prevent control packets from reaching the correct destination such as EPSR healthcheck messages and VCStack messages Example To add a filter entry to access list named...

Page 893: ...ACL is not written to hardware until you exit IPv4 Hardware ACL Configuration mode By entering this command you can ensure that the current state of a hardware access list that is being edited is writ...

Page 894: ...ss list To show the access list with an ID of 20 awplus show access list 20 The following error message is displayed if you try to show an undefined access list awplus show access list 2 Parameter Des...

Page 895: ...perating System Version 5 4 7 0 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS SHOW ACCESS LIST IPV4 HARDWARE ACLS Related Commands access list extended named access list numbered hardware ACL for M...

Page 896: ...d Exec Example To show all access lists attached to port1 0 1 use the command awplus show interface port1 0 1 access group Output Figure 27 1 Example output from the show interface access group comman...

Page 897: ...elf For more information on link aggregation see the following references the Link Aggregation Feature Overview_and Configuration Guide Link Aggregation Commands NOTE Text in parenthesis in command na...

Page 898: ...Prompts Command Name Command Mode Prompt show ip access list Privileged Exec awplus access group Global Configuration awplus config access list extended named Global Configuration awplus config access...

Page 899: ...Rev C Command Reference for GS970M Series 899 AlliedWare Plus Operating System Version 5 4 7 0 x IPV4 SOFTWARE ACCESS CONTROL LIST ACL COMMANDS show ip access list on page 938 vty access class numbere...

Page 900: ...list extended list name no access list extended list name Syntax icmp access list extended list name deny permit icmp source destination icmp type type number log no access list extended list name de...

Page 901: ...n enter a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 destination The destination address of the packets You can specify a s...

Page 902: ...Echo replies 3 Destination unreachable messages 4 Source quench messages 5 Redirect change route messages 8 Echo requests 11 Time exceeded messages 12 Parameter problem messages 13 Timestamp requests...

Page 903: ...all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destination host with the IP address given by...

Page 904: ...jects packets that match the type source and destination filtering specified with this command permit The access list permits packets that match the type source and destination filtering specified wit...

Page 905: ...rmat For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 log Logs the results ip protocol The IP protocol number as defined by IANA Internet Assigned Numbers Authority ww...

Page 906: ...agram Congestion Control Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Proto...

Page 907: ...tware ACLs will deny access unless explicitly permitted by an ACL action Examples You can enter the extended named ACL in the Global Configuration mode together with the ACL filter entry on the same l...

Page 908: ...nation no access list 100 199 2000 2699 deny permit ip source destination Parameter Description 100 199 IP extended access list 2000 2699 IP extended access list expanded range Parameter Description 1...

Page 909: ...rmitted by an ACL action Examples You can enter the extended ACL in the Global Configuration mode together with the ACL filter entry on the same line as shown below awplus configure terminal awplus co...

Page 910: ...ermit icmp source destination icmp type icmp value log no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected access control list den...

Page 911: ...ered command or the access list extended named command with the required access control list number or name but with no further parameters selected Software ACLs will deny access unless explicitly per...

Page 912: ...found by running theshowaccess list IPv4 Software ACLs command Syntax ip sequence number deny permit ip source destination no deny permit ip source destination no sequence number Parameter Description...

Page 913: ...e following commands to enter the IPv4 Extended ACL Configuration mode and define a numbered extended access list 101 awplus configure terminal awplus config access list 101 awplus config ip ext acl T...

Page 914: ...st 10 0 0 1 host 192 168 1 1 awplus config ip ext acl 20 permit ip any any Example 3 list number Use the following commands to remove the access list filter entry with sequence number 20 from extended...

Page 915: ...Ls command Syntax proto sequence number deny permit proto ip protocol source destination log no deny permit proto ip protocol source destination log no sequence number Parameter Description sequence n...

Page 916: ...Description RFC 1 Internet Control Message RFC792 2 Internet Group Management RFC1112 3 Gateway to Gateway RFC823 4 IP in IP RFC2003 5 Stream RFC1190 RFC1819 6 TCP Transmission Control Protocol RFC793...

Page 917: ...elected Software ACLs will deny access unless explicitly permitted by an ACL action Example 1 creating a list Use the following commands to add a new access list filter entry to the access list named...

Page 918: ...COL FILTER Example 2 adding to a list Use the following commands to add a new access list filter entry at sequence position 5 in the access list named my list that will accept packets from source addr...

Page 919: ...r deny permit tcp udp source eq sourceport lt sourceport gt sourceport ne sourceport destination eq destport lt destport gt destport ne destport log no sequence number Mode IPv4 Extended ACL Configura...

Page 920: ...DED TCP UDP FILTER Example 2 adding to a list To insert a new entry with sequence number 5 of the access list named my list that will accept UDP packets from 10 1 1 0 24 network to 192 168 1 0 24 netw...

Page 921: ...ermit access list standard standard access list name deny permit source no access list standard standard access list name deny permit source Mode Global Configuration Default Any traffic controlled by...

Page 922: ...you can configure your access lists by using the command access list standard named filter NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples To define a standa...

Page 923: ...999 deny permit source no access list 1 99 1300 1999 deny permit source Mode Global Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Usa...

Page 924: ...access list standard numbered filter NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples To create ACL number 67 that will deny packets from subnet 172 16 10 use...

Page 925: ...sequence numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax sequence number deny permit source exact match any no deny permit source exact match any no sequence number Mo...

Page 926: ...the access list standard named command with the required access control list name but with no further parameters selected Software ACLs will deny access unless explicitly permitted by an ACL action Ex...

Page 927: ...ence numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax sequence number deny permit source host host address any no deny permit source host host address any no sequence n...

Page 928: ...f an existing list by specifying the appropriate sequence number NOTE The access control list being configured is selected by running the access list standard numbered command with the required access...

Page 929: ...os ipoptions land ping of death smurf broadcast ip address synflood teardrop action shutdown trap mirror Mode Interface Configuration for a switch port interface Default DoS attack detection is not co...

Page 930: ...ct normal traffic switching between ports but other protocols such as IGMP and STP may be affected This defense is not recommended where a large number of fragmented packets are expected smurf This ty...

Page 931: ...he interface if an attack is detected use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if dos ipoptions action shutdown To configure ping of death DoS detecti...

Page 932: ...re access lists within the ranges 1 199 1300 1999 and 2000 2699 and named standard and extended access lists The no variant of this command removes the limit on the number of filters that can be added...

Page 933: ...To show all access lists configured on the switch awplus show access list To show the access list with an ID of 20 awplus show access list 20 Parameter Description 1 99 IP standard access list 100 199...

Page 934: ...ACCESS LIST IPV4 SOFTWARE ACLS Note the following error message is displayed if you attempt to show an undefined access list awplus show access list 2 Related Commands access list standard named acce...

Page 935: ...1 Example output from the show dos interface command prior to a DoS attack Parameter Description port list Specify the switch port or port list to display DoS configuration options set with the dos co...

Page 936: ...down with the shutdown command ipoptions Displays Enabled when the ipoptions parameter is configured with thedos command plus the action Shutdown port Mirror port or Trap port and the number of insta...

Page 937: ...s Enabled when the synflood parameter is configured with the dos command plus the action Shutdown port Mirror port or Trap port and the number of instances of any synflood DoS attacks that have occurr...

Page 938: ...2000 2699 access list name Mode User Exec and Privileged Exec Example awplus show ip access list Output Figure 28 3 Example output from the show ip access list command Parameter Description 1 99 IP s...

Page 939: ...uld be to permit a specific address or range of addresses and rely on the deny all filter to block all other access Use the no variant of this command to remove the access list Syntax vty access class...

Page 940: ...more information on link aggregation see the following references the Link Aggregation Feature Overview_and_Configuration Guide Link Aggregation Commands Note that text in parenthesis in command name...

Page 941: ...tandard filter on page 944 show ipv6 access list IPv6 Software ACLs on page 946 vty ipv6 access class named on page 947 Table 29 1 IPv6 Software Access List Commands and Prompts Command Name Command M...

Page 942: ...ed by a software ACL that does not explicitly match a filter is denied Usage Use IPv6 standard access lists to control the transmission of IPv6 packets on an interface and restrict the content of rout...

Page 943: ...and preferred method moves you to the config ipv6 std acl prompt for the selected IPv6 standard access list and from here you can configure the filters for this selected IPv6 standard access list NOT...

Page 944: ...ipv6 source address prefix length any no sequence number Mode IPv6 Standard ACL Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Usage...

Page 945: ...med my list enter the commands awplus configure terminal awplus config ipv6 access list standard my list awplus config ipv6 std acl no deny any Alternately to remove the ACL filter entry with sequence...

Page 946: ...use the following command awplus show ipv6 access list Output Figure 29 1 Example output from show ipv6 access list Example To show the IPv6 access list named deny_icmp use the following command awpl...

Page 947: ...ddress or range of addresses and rely on the deny all filter to block all other access Use the no variant of this command to remove the access list Syntax vty ipv6 access class access name no vty ipv6...

Page 948: ...page 950 class map on page 951 clear mls qos interface policer counters on page 952 default action on page 953 description QoS policy map on page 954 egress rate limit on page 955 match access group...

Page 949: ...7 show mls qos interface on page 988 show mls qos interface policer counters on page 989 show mls qos interface queue counters on page 991 show mls qos interface storm status on page 993 show mls qos...

Page 950: ...ass map If your class map does not exist you can create it by using the class map command Syntax class name default no class name Mode Policy Map Configuration Example The following example creates th...

Page 951: ...and to create a class map Use the no variant of this command to delete the named class map Syntax class map name no class map name Mode Global Configuration Example This example creates a class map ca...

Page 952: ...aps by not specifying a class map Syntax clear mls qos interface port policer counters class map class map Mode Privileged Exec Example To reset the policy counters to zero for all class maps for port...

Page 953: ...ult action of permit Syntax default action permit deny send to cpu copy to cpu copy to mirror send to mirror no default action Default The default is permit Mode Policy Map Configuration Examples To s...

Page 954: ...al description of the policy map This can be up to 80 characters long Use the no variant of this command to remove the current description from the policy map Syntax description line no description Mo...

Page 955: ...al awplus config interface port1 0 1 awplus config if egress rate limit 64k Egress rate limit has been set to 64 Kb To disable egress rate limiting on a port use the commands awplus configure terminal...

Page 956: ...ming data packets Examples To configure a class map named cmap1 which matches traffic against access list 3001 which allows IP traffic from any source to any destination use the commands awplus config...

Page 957: ...ig ip hw acl permit ip any any awplus config class map cmap3 awplus config cmap match access group hw_acl To apply ACL 3001 to VLAN 48 where the ACL drops IP traffic from any source to any destination...

Page 958: ...variant of this command to remove CoS Syntax match cos 0 7 no match cos Mode Class Map Configuration Examples To set the class map s CoS to 4 use the commands awplus configure terminal awplus config...

Page 959: ...ion Usage Use the match dscp command to define the match criterion after creating a class map Examples To configure a class map named cmap1 with criterion that matches DSCP 56 use the commands awplus...

Page 960: ...s enter the parameter name ethii untagged EthII Untagged Packets enter the parameter name ethii any EthII Tagged or Untagged Packets enter the parameter name netwareraw tagged Netware Raw Tagged Packe...

Page 961: ...ber 0807 enter the parameter name or its number banyan systems Protocol Number 0BAD enter the parameter name or its number bbn simnet Protocol Number 5208 enter the parameter name or its number dec mo...

Page 962: ...figure terminal awplus config class map cmap1 awplus config cmap no match eth format protocol appletalk Protocol Number 809B enter the parameter name or its number ibm sna Protocol Number 80D5 enter t...

Page 963: ...d to remove CoS Syntax match inner cos 0 7 no match inner cos Mode Class Map Configuration Examples To set the class map s inner cos to 4 use the commands awplus configure terminal awplus config class...

Page 964: ...ed in double tagged networks to match on a VLAN ID belonging to the client network For more information on VLAN double tagged networks see the VLAN Feature Overview and Configuration Guide Examples To...

Page 965: ...Use the no variant of this command to remove IP precedence values from a class map Syntax match ip precedence 0 7 no match ip precedence Mode Class Map Configuration Example To configure a class map n...

Page 966: ...bcast l2mcast l2ucast no match mac type Mode Class Map Configuration Examples To set the class map s MAC type to Layer 2 multicast use the commands awplus configure terminal awplus config class map cm...

Page 967: ...yntax match tcp flags ack fin psh rst syn urg no match tcp flags ack fin psh rst syn urg Mode Class Map Configuration Examples To set the class map s TCP flags to ack and syn use the commands awplus c...

Page 968: ...ria Syntax match vlan 1 4094 no match vlan Mode Class Map Configuration Examples To configure a class map named cmap1 to include traffic from VLAN 3 use the commands awplus configure terminal awplus c...

Page 969: ...nterface to the default CoS setting for untagged frames entering the interface Syntax mls qos cos 0 7 no mls qos cos Default By default all untagged frames are assigned a CoS value of 0 Note that for...

Page 970: ...his command to globally disable QoS and remove all QoS configuration The no variant of this command removes all class maps policy maps and policers that have been created Running the no mls qos comman...

Page 971: ...t setting The default mappings for this command are Syntax mls qos map cos queue cos priority to queue number no mls qos map cos queue Mode Global Configuration Examples To map CoS 2 to queue 0 use th...

Page 972: ...p command set this command mls qos map premark dscp enables you to make the following changes remap the DSCP leaving the other settings unchanged remap any or all of CoS outputqueue or bandwidth class...

Page 973: ...o use a new DSCP of 2 a new CoS of 3 and a new bandwidth class of yellow use the command awplus configure terminal awplus config mls qos map premark dscp 1 to new dscp 2 new cos 3 new bandwidth class...

Page 974: ...nfigured on the class map Syntax no police Mode Policy Map Class Configuration Usage This command disables any policer previously configured on the class map Example To disable policing on a class map...

Page 975: ...does not only apply to red traffic If a remark map is configured on the same class map as the policer then the remark map will apply to green colored and yellow colored traffic irrespectiveof the val...

Page 976: ...ction of the remark map applied to it and is then transmitted Example To configure a single rate meter measuring traffic of 10 Mbps that drops a sustained burst of traffic over this rate use the comma...

Page 977: ...ackets classed as red will be discarded Parameter Description cir Specify the Committed Information Rate CIR 1 40000000 kbps pir Specify the Peak Information Rate PIR 1 40000000 kbps cbs Specify the C...

Page 978: ...arameter of the policer So even if action is configured to drop red the remark map will be applied to green and yellow traffic So the action parameter only applies to red colored traffic If action is...

Page 979: ...y Map Configuration mode to configure the specified policy map Use the no variant of this command to delete an existing policy map Syntax policy map name no policy map name Mode Global Configuration E...

Page 980: ...You can then use the priority queue command to reset the selected queues to priority queuing Note that the emptying sequence for priority queuing is always highest queue number to lowest queue number...

Page 981: ...ts Syntax remark map bandwidth class green yellow red to new dscp 0 63 new bandwidth class green yellow red no remark map bandwidth class green yellow red to new dscp 0 63 new bandwidth class green ye...

Page 982: ...configure terminal awplus config policy map pmap1 awplus config pmap class cmap1 awplus config pmap c remark map bandwidth class green to new dscp 2 To reset the DSCP for all bandwidth classes use th...

Page 983: ...ew cos internal external both Mode Policy Map Class Configuration Usage The default CoS to Queue mappings are shown in the following table The relationship between this command and the CoS to queue ma...

Page 984: ...INPUT FROM THE XISTING O3 VALUE 7ITH THE REMARK NEW COS COMMAND SET TO INTERNAL OR BOTH THE QUEUE MAPPING TAKES ITS INPUT FROM THE VALUE SET BY THE COMMAND REMARK NEW COS OTE THAT ALTHOUGH THE O3 TO 1...

Page 985: ...nterface association Syntax service policy input policy map no service policy input policy map Mode Interface Configuration Usage This command can be applied to switch ports or static channel groups b...

Page 986: ...for classifying traffic Syntax show class map class map name Mode User Exec and Privileged Exec Example To display a QoS class map s match criteria for classifying traffic use the command awplus show...

Page 987: ...erview Use this command to display whether QoS is enabled or disabled on the switch Syntax show mls qos Mode User Exec and Privileged Exec Example To display whether QoS is enabled or disabled use the...

Page 988: ...the current settings for the interface This includes its default CoS and queue scheduling used for each queue and any policies maps that are attached Syntax show mls qos interface port Mode User Exec...

Page 989: ...he counters are based on metering performed on the specified class map Therefore the Dropped Bytes counter is the number of bytes dropped due to metering This is different from packets dropped via a d...

Page 990: ...ersion 5 4 7 0 x QOS COMMANDS SHOW MLS QOS INTERFACE POLICER COUNTERS This output shows a policer configured with remarking through action remark transmit so although bytes are marked as Red none are...

Page 991: ...port s queue which will be a sum of all egress queues Syntax show mls qos interface port queue counters queue number Mode User Exec and Privileged Exec Example To show the counters for all queues on p...

Page 992: ...SHOW MLS QOS INTERFACE QUEUE COUNTERS Port queue length Number of frames in the port s queue This will be the sum of all egress queues on the port Egress Queue length Number of frames in a specific eg...

Page 993: ...er Exec and Privileged Exec Example To see the QSP status on port1 0 1 use the command awplus show mls qos interface port1 0 1 storm status Output Figure 30 6 Example output from the show mls qos inte...

Page 994: ...current configuration of the cos queue map Syntax show mls qos maps cos queue Mode User Exec and Privileged Exec Example To display the current configuration of the cos queue map use the command awplu...

Page 995: ...CP CoS and or bandwidth class of a packet matching the class map based on a lookup DSCP value Syntax show mls qos maps premark dscp 0 63 Mode User Exec and Privileged Exec Example To display the prema...

Page 996: ...presents of the total available Syntax show platform classifier statistics utilization brief Mode Privileged Exec Example To display the platform classifier utilization statistics use the following co...

Page 997: ...ws their associated class maps Syntax show policy map name Mode User Exec and Privileged Exec Example To display a listing of the policy maps configured on the switch use the command awplus show polic...

Page 998: ...action portdisable vlandisable linkdown no storm action Mode Policy Map Class Configuration Examples To apply the storm protection of vlandisable to the policy map named pmap2 and the class map named...

Page 999: ...0 seconds Syntax storm downtime 1 86400 no storm downtime Default 10 seconds Mode Policy Map Class Configuration Examples To re enable the port in 1 minute use the following commands awplus configure...

Page 1000: ...ariant of this command disables Policy Based Storm Protection Syntax storm protection no storm protection Default By default storm protection is disabled Mode Policy Map Class Configuration Examples T...

Page 1001: ...te Default No default Mode Policy Map Class Configuration Usage This setting is made in conjunction with the storm window command Examples To limit the data rate to 100Mbps use the following commands...

Page 1002: ...default Mode Policy Map Class Configuration Usage This command should be set in conjunction with the storm rate command Examples To set the QSP window size to 5000 ms use the following commands awplus...

Page 1003: ...ents of the packet existing either at ingress or applied by the class map will pass unchanged Syntax trust dscp no trust Mode Policy Map Configuration Because policy maps are applied to ports you can...

Page 1004: ...able queues 0 1 2 3 4 5 6 7 no wrr queue disable queues 0 1 2 3 4 5 6 7 Mode Interface Configuration Examples To disable queue 1 from transmitting traffic use the commands awplus configure terminal aw...

Page 1005: ...cified The minimum is 651Kb Syntax wrr queue egress rate limit bandwidth queues 0 1 2 3 4 5 6 7 no wrr queue egress rate limit bandwidth queues 0 1 2 3 4 5 6 7 Mode Interface Configuration Example To...

Page 1006: ...hted round robin based scheduling to static aggregated interfaces for example awplus config interface sa2 Attempting to apply weighted round robin based scheduling on aggregated interfaces will displa...

Page 1007: ...thentication on page 1010 debug dot1x on page 1011 dot1x control direction on page 1012 dot1x eap on page 1014 dot1x eapol version on page 1015 dot1x initialize interface on page 1017 dot1x initialize...

Page 1008: ...C Command Reference for GS970M Series 1008 AlliedWare Plus Operating System Version 5 4 7 0 x 802 1X COMMANDS show dot1x supplicant on page 1041 show dot1x supplicant interface on page 1043 undebug d...

Page 1009: ...efault list name no dot1x accounting Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_acct on the vlan10 interface use t...

Page 1010: ...1x authentication Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_auth on the vlan10 interface use the commands awplus...

Page 1011: ...aware that this is a very verbose output It is mostly useful to capture this as part of escalating an issue to ATI support Examples Use this command without any parameters to turn on normal 802 1X de...

Page 1012: ...yntax dot1x control direction in both no dot1x control direction Default The authentication port direction is set to both by default Mode Interface Configuration for a static channel a dynamic LACP ch...

Page 1013: ...CONTROL DIRECTION To set the port direction to the default both for authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth prof...

Page 1014: ...he commands awplus configure terminal awplus config dot1x eap forward To set the transmit mode of EAP packet to discard to discard EAP packets use the commands awplus configure terminal awplus config...

Page 1015: ...Examples To set the EAPOL protocol version to 2 for port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x eapol version 2 To set the EAPOL prot...

Page 1016: ...C Command Reference for GS970M Series 1016 AlliedWare Plus Operating System Version 5 4 7 0 x 802 1X COMMANDS DOT1X EAPOL VERSION Validation Commands auth profile Global Configuration show dot1x show...

Page 1017: ...command awplus dot1x initialize interface port1 0 2 To unauthorize switch port1 0 1 and attempt reauthentication on switch port1 0 1 use the command awplus dot1x initialize interface port1 0 1 To unau...

Page 1018: ...hiscommand Theattemptistriggered by the first packet from the supplicant trying to access the network resources Syntax dot1x initialize supplicant macadd username Mode Privileged Exec Example To initi...

Page 1019: ...LACP channel group or a switch port Usage Use this command to enable key transmission over an Extensible Authentication Protocol EAP packet between the authenticator and supplicant Use the no variant...

Page 1020: ...maximum number of login attempts for supplicants on an interface The supplicant is moved to the auth fail VLAN from the Guest VLAN after the number of failed login attempts using 802 1X authentication...

Page 1021: ...al awplus config auth profile student awplus config auth profile dot1x max auth fail 1 To configure the maximum number of login attempts for a supplicant on authentication profile student to the defau...

Page 1022: ...tication attempts after failure Examples To configure the maximum number of reauthentication attempts for interface port1 0 2 to a single 1 reauthentication request use the commands awplus configure t...

Page 1023: ...eauthentication attempts for authentication profile student to the default maximum number of two 2 reauthentication attempts use the commands awplus configure terminal awplus config auth profile stude...

Page 1024: ...rt controlis set to auto the 802 1X authentication feature is executed on the interface but only if the aaa authentication dot1x command has been issued Examples To enable port authentication on the i...

Page 1025: ...minal awplus config auth profile student awplus config auth profile dot1x port control auto To enable port authentication force authorized on authentication profile student use the commands awplus con...

Page 1026: ...ttempts to request an ID Examples To set the transmit timeout period to 5 seconds on interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if d...

Page 1027: ...Command Reference for GS970M Series 1027 AlliedWare Plus Operating System Version 5 4 7 0 x 802 1X COMMANDS DOT1X TIMEOUT TX PERIOD Validation Commands auth profile Global Configuration show dot1x sh...

Page 1028: ...ing and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging dot1x Mode User Exec and Privileged Exec Usage This is a sampl...

Page 1029: ...how dot1x all Parameter Description all Displays all authentication information for each port available on the switch Table 1 Example output from the show dot1x all command awplus show dot1x all 802 1...

Page 1030: ...d false KR rxKey false KT keyAvailable false keyTxEnabled false criticalState off dynamicVlanId 2 802 1X statistics for interface port1 0 6 EAPOL Frames Rx 5 EAPOL Frames Tx 16 EAPOL Start Frames Rx 0...

Page 1031: ...S SHOW DOT1X authEaplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthenticated 0 BackendResponses 2 BackendAccessChallenges 1 BackendO...

Page 1032: ...figuration Guide Syntax show dot1x diagnostics interface interface list Mode Privileged Exec Example See the sample output below showing 802 1X authentication diagnostics for port1 0 5 awplus show dot...

Page 1033: ...Supplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWhileConnecting 1 authEnterAuthenticating 2 authSuccessWhileAuthenticating 1 authTimeoutWhileAuthenticating 1 authFailWhileAuthenti...

Page 1034: ...saving command output see the Getting Started with AlliedWare_Plus Feature Overview and Configuration Guide Syntax show dot1x interface interface list diagnostics sessionstatistics statistics supplic...

Page 1035: ...rized reAuthenticate disabled reAuthPeriod 3600 PAE quietPeriod 60 maxReauthReq 2 txPeriod 30 PAE connectTimeout 30 BE suppTimeout 30 serverTimeout 30 CD adminControlledDirections in KT keyTxEnabled f...

Page 1036: ...EaplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthenticated 0 BackendResponses 2 BackendAccessChallenges 1 BackendOtherrequestToSupp...

Page 1037: ...status of the port for 802 1X control portStatus 802 1X status of the port authorized unauthorized reAuthenticate Reauthentication enabled disabled status on port reAuthPeriod Value holds meaning onl...

Page 1038: ...nt CD Controlled Directions State machine adminControlledDi r ections Administrative value Both In operControlledDir e ctions Operational Value Both In KR Key receive state machine rxKey True when EAP...

Page 1039: ...authentication session statistics for port1 0 6 awplus show dot1x sessionstatistics interface port1 0 6 Parameter Description interface Specify a port to show interface list The interfaces or ports t...

Page 1040: ...x statistics interface port1 0 6 Parameter Description interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel...

Page 1041: ...meter awplus show dot1x supplicant 00d0 59ab 7037 brief Parameter Description macadd MAC hardware address of the Supplicant brief Brief summary of the Supplicant state authenticationMethod dot1x total...

Page 1042: ...icationMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuthenticationSupplicantNum 1 webBasedAuthenticationSupplicantNum 0 Interface VID Mode MAC...

Page 1043: ...Configuration Guide Syntax show dot1x supplicant interface interface list brief Mode Privileged Exec Examples See sample output below showing the supplicant on the interface port1 0 6 awplus show dot1...

Page 1044: ...cant address 0000 cd07 7b60 authenticationMethod 802 1X Two Step Authentication firstAuthentication Pass Method mac secondAuthentication Pass Method dot1x portStatus Authorized currentId 3 abort F fai...

Page 1045: ...rface sa1 supplicant brief Interface sa1 authenticationMethod dot1x Two Step Authentication firstMethod mac secondMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupp...

Page 1046: ...and Reference for GS970M Series 1046 AlliedWare Plus Operating System Version 5 4 7 0 x 802 1X COMMANDS UNDEBUG DOT1X undebug dot1x Overview This command applies the functionality of the no variant of...

Page 1047: ...ynamic vlan creation on page 1053 auth guest vlan on page 1056 auth guest vlan forward on page 1059 auth host mode on page 1061 auth log on page 1063 auth max supplicant on page 1065 auth profile Glob...

Page 1048: ...mode on page 1110 auth web server dhcp ipaddress on page 1111 auth web server dhcp lease on page 1112 auth web server dhcp wpad option on page 1113 auth web server host name on page 1114 auth web serv...

Page 1049: ...ption Authentication Profile on page 1137 erase proxy autoconfig file on page 1138 erase web auth https file on page 1139 platform l3 vlan hashing algorithm on page 1140 platform mac vlan hashing algo...

Page 1050: ...n feature enables assignment to a different VLAN if a supplicant fails authentication To enable the auth fail vlan feature with Web Authentication you need to set the Web Authentication Server virtual...

Page 1051: ...lus configure terminal awplus config interface port1 0 2 awplus config if auth auth fail vlan 100 To disable the auth fail vlan feature for port1 0 2 use the following commands awplus configure termin...

Page 1052: ...ode Examples To enable the critical port feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth critical To disable...

Page 1053: ...ssigned to ports Dynamic VLANs may be associated with authenticated MAC addresses if the type parameter is applied with the rule parameter The rule parameter deals with the case where there are multip...

Page 1054: ...VLAN ID assigned for the MAC Base VLAN is displayed using the show platform table vlan command To configure Dynamic Vlan with Web Authentication you need to set Web Authentication Server virtual IP ad...

Page 1055: ...nable the Dynamic VLAN assignment feature on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile auth dynamic vlan c...

Page 1056: ...f a port is in multi supplicant mode with per port dynamic VLAN configuration after the first successful authentication subsequent hosts cannot use the guest VLAN due to the change in VLAN ID This may...

Page 1057: ...ands awplus configure terminal awplus config vlan database awplus config vlan vlan 100 awplus config vlan exit awplus config interface port1 0 2 awplus config if dot1x port control auto awplus config...

Page 1058: ...mand Reference for GS970M Series 1058 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH GUEST VLAN auth guest vlan forward dot1x port control show dot1x show dot1x interf...

Page 1059: ...ng is disabled by default Mode Interface Configuration mode for a specified switch port or Authentication Profile mode Usage Before using this command you must configure the guest VLAN with the auth g...

Page 1060: ...th guest vlan forward 10 0 0 1 dns To enable the tcp forwarding port 137 on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config a...

Page 1061: ...use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth host mode multi supplicant Parameter Description single host Single host mode In this mode...

Page 1062: ...h host mode To set the host mode to multi supplicant on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile auth hos...

Page 1063: ...ging of MAC authentication failures to the log file for supplicants client devices connected to interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0...

Page 1064: ...gure the logging of web authentication failures to the log file for supplicants client devices connected to authentication profile student use the commands awplus configure terminal awplus config auth...

Page 1065: ...rofile mode Examples To set the maximum number of supplicants to 10 on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth...

Page 1066: ...eference for GS970M Series 1066 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH MAX SUPPLICANT Related Commands auth profile Global Configuration show dot1x show dot1x...

Page 1067: ...No port authentication profiles are created by default Mode Global Configuration Usage A port authentication profile is a configuration object that aggregates multiple port authentication commands The...

Page 1068: ...s a authentication profile created using the auth profile Global Configuration command to a static channel a dynamic LACP channel group or a switch port You can only attach one profile to an interface...

Page 1069: ...t or Authentication Profile mode Examples To enable reauthentication on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth...

Page 1070: ...ace goes down so supplicants must reauthenticate Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port or Authentication Profile mode Usage Note that 802 1X p...

Page 1071: ...nal awplus config auth profile student awplus config auth profile auth roaming disconnected To require supplicants using authentication profile student to reauthenticate when moving between ports if t...

Page 1072: ...tion MAC authentication or Web authentication must be configured before using this feature The port that the supplicant is moving to must have the same authentication configuration as the port the sup...

Page 1073: ...ing authentication for authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth roaming enable Related Commands a...

Page 1074: ...t entry in A B C D P format max reauth req The number of reauthentication attempts before becoming unauthorized 1 10 Count of reauthentication attempts default 2 port control Port control commands aut...

Page 1075: ...nterface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth supplicant ip 192 168 10 0 24 To disable reauthentication for the supplicant s...

Page 1076: ...ontaining a specific string mac addr mask The mask comprises a string of three period separated bytes where each byte comprises four hexadecimal characters that will generally be either 1or 0 When the...

Page 1077: ...for port 1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth supplicant mac 0000 5E00 0000 mask ffff ff00 0000 port control force authorized To de...

Page 1078: ...43 port control force authorized To delete the supplicant MAC address 0000 5E00 5343 for authentication profile student use the commands awplus configure terminal awplus config auth profile student aw...

Page 1079: ...ant has the state connecting then the supplicant is deleted When auth web server session keep or auth two step enableis enabled we recommend you configure a longer connect timeout period Examples To s...

Page 1080: ...TIMEOUT CONNECT TIMEOUT To reset the connect timeout period to the default 30 seconds for authentication profile student use the commands awplus configure terminal awplus config auth profile student a...

Page 1081: ...0 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout quiet period 10 To reset the quiet period to the...

Page 1082: ...a switch port or Authentication Profile mode Examples To set the reauthentication period to 1 day for interface port1 0 2 use the following commands awplus configure terminal awplus config interface p...

Page 1083: ...970M Series 1083 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH TIMEOUT REAUTH PERIOD Related Commands auth profile Global Configuration auth reauthentication show dot...

Page 1084: ...to 120 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout server timeout 120 To set the server timeout...

Page 1085: ...ence for GS970M Series 1085 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH TIMEOUT SERVER TIMEOUT Related Commands auth profile Global Configuration show dot1x show do...

Page 1086: ...r timeout to 2 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout supp timeout 2 To reset the server t...

Page 1087: ...rence for GS970M Series 1087 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH TIMEOUT SUPP TIMEOUT Related Commands auth profile Global Configuration show dot1x show dot...

Page 1088: ...security risk an unauthorized user can access the network with an authorized device or an authorized user can access the network with an unauthorized device Two step authentication solves this problem...

Page 1089: ...ing commands awplus configure terminal awplus config interface port1 0 2 awplus config if switchport mode access awplus config if auth web enable awplus config if dot1x port control auto awplus config...

Page 1090: ...s Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH TWO STEP ENABLE Relat ed Commands auth profile Global Configuration show auth two step supplicant brief show auth show auth interface...

Page 1091: ...t list name no auth mac accounting Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_acct on the vlan10 interface use the...

Page 1092: ...uth mac authentication Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_auth on the vlan10 interface use the commands aw...

Page 1093: ...is enabled Note that re authentication is correct behavior without spanning tree edgeport enabled Applying switchport mode access on ports is also good practice to set the ports to access mode with in...

Page 1094: ...CATION COMMANDS AUTH MAC ENABLE To disable MAC authentication on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile...

Page 1095: ...ce Configuration for a static channel a dynamic LACP channel group or a switch port or Authentication Profile mode Examples To set the MAC Authentication method to pap on interface port1 0 2 use the f...

Page 1096: ...CATION COMMANDS AUTH MAC METHOD To disable MAC authentication on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile...

Page 1097: ...s particularly important if some MAC based supplicants on the network are intelligent devices such as computers and or you are using two step authentication see the Ensuring Authentication Methods Req...

Page 1098: ...ntication re learning feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth mac reauth relearning To disable the r...

Page 1099: ...s provided to allow other vendors AlliedWare and AlliedWare Plus switches to share the same format on the RADIUS server Example To configure the format of the MAC address in the username and password...

Page 1100: ...list name no auth web accounting Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_acct on the vlan10 interface use the c...

Page 1101: ...th web authentication Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_auth on the vlan10 interface use the commands awp...

Page 1102: ...ng command and vice versa You need to configure an IPv4 address for the VLAN interface on which Web Authentication is running Examples To enable Web Authentication on static channel group 2 use the fo...

Page 1103: ...CATION COMMANDS AUTH WEB ENABLE To disable Web authentication on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile...

Page 1104: ...p address ip address prefix length dns tcp 1 65535 udp 1 65535 Or no auth web forward arp dhcp dns tcp 1 65535 udp 1 65535 Default Packet forwarding for port authentication is enabled by default for a...

Page 1105: ...hport mode access awplus config if auth web enable awplus config if auth dynamic vlan creation awplus config if auth web forward 192 168 1 10 dns To disable the ARP forwarding feature on interface por...

Page 1106: ...student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth web forward arp To delete the tcp forwarding port 137 on authentication profil...

Page 1107: ...channel group or a switch port or Authentication Profile mode Examples To set the lock count to 5 on interface port1 0 2 use the following commands awplus configure terminal awplus config interface p...

Page 1108: ...S970M Series 1108 AlliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS AUTH WEB MAX AUTH FAIL Related Commands auth profile Global Configuration auth timeout quiet period show au...

Page 1109: ...ntication Profile mode Example To set the Web Authentication method to eap md5 on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus conf...

Page 1110: ...disable blocking mode for the Web Authentication server Syntax auth web server blocking mode no auth web server blocking mode Default By default blocking mode is disabled for the Web Authentication se...

Page 1111: ...ication Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhancements working together You ca...

Page 1112: ...See the AAA and Port Authentication Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhance...

Page 1113: ...ed to use WPAD the supplicant s web browser will use TCP port 80 as usual Therefore the packet can be intercepted by Web Authentication as normal and the Web Authentication Login page can be sent Howe...

Page 1114: ...TTPS protocol the web browser will validate the certificate If the certificate is invalid the web page gives a warning message before displaying server content However the web page will not give warni...

Page 1115: ...port number In this case Web Authentication cannot intercept the connection To overcome this limitation you can use this command to tell the switch which additional port it should intercept and then...

Page 1116: ...h web server ipaddress ip address no auth web server ipaddress Default The Web Authentication server address on the system is not set by default Mode Global Configuration Examples To set the IP addres...

Page 1117: ...English by default Mode Global Configuration Examples To set Japanese as the presentation language of Web authentication pages use the following commands awplus configure terminal awplus config auth...

Page 1118: ...Configuration Guide for details Use the no variant of this command to delete the URL Syntax auth web server login url URL no auth web server login url Default The built in login page is set by default...

Page 1119: ...and Port Authentication Feature Overview and Configuration Guide Syntax auth web server page logo auto default hidden no auth web server page logo Default Logo type is auto by default Mode Global Conf...

Page 1120: ...re Overview and Configuration Guide Syntax auth web server page sub title hidden text sub title no auth web server page sub title Default Allied Telesis is displayed by default Mode Global Configurati...

Page 1121: ...and Port Authentication Feature Overview and Configuration Guide Syntax auth web server page success message text success message no auth web server page success message Default No success message is...

Page 1122: ...e Syntax auth web server page title hidden text title no auth web server page title Default Web Access Authentication Gateway is displayed by default Mode Global Configuration Examples To set the cust...

Page 1123: ...A and Port Authentication Feature Overview and Configuration Guide Syntax auth web server page welcome message text welcome message no auth web server page welcome message Default No welcome message i...

Page 1124: ...enticated by Web Authentication Syntax auth web server ping poll enable no auth web server ping poll enable Default The ping polling feature for Web Authentication is disabled by default Mode Global C...

Page 1125: ...Use the no variant of this command to resets the fail count for the ping polling feature to the default 5 pings Syntax auth web server ping poll failcount 1 100 no auth web server ping poll failcount...

Page 1126: ...ing polling 30 seconds Syntax auth web server ping poll interval 1 65535 no auth web server ping poll interval Default The interval for ping polling is 30 seconds by default Mode Global Configuration...

Page 1127: ...no variant of this command to reset the reauth timer refresh parameter to the default setting disabled Syntax auth web server ping poll reauth timer refresh no auth web server ping poll reauth timer...

Page 1128: ...reset the timeout of ping polling to the default 1 second Syntax auth web server ping poll timeout 1 30 no auth web server ping poll timeout Default The default timeout for ping polling is 1 second M...

Page 1129: ...Authentication server HTTP port number is set to 80 by default Mode Global Configuration Examples To set the HTTP port number 8080 for the Web Authentication server use the following commands awplus...

Page 1130: ...irect delay time Default The default redirect delay time is 5 seconds Mode Global Configuration Examples To set the delay time to 60 seconds for the Web Authentication server use the following command...

Page 1131: ...ntax auth web server redirect url url no auth web server redirect url Default The redirect URL for the Web Authentication server feature is not set by default null Mode Global Configuration Examples T...

Page 1132: ...is disabled by default Mode Global Configuration Usage This function doesn t ensure to keep session information in all cases Authenticated supplicant may be redirected to unexpected page when session...

Page 1133: ...yntax auth web server ssl no auth web server ssl Default HTTPS functionality for the Web Authentication server feature is disabled by default Mode Global Configuration Examples To enable HTTPS functio...

Page 1134: ...variant of this command to delete registered port number Syntax auth web server ssl intercept port 1 65535 no auth web server ssl intercept port 1 65535 Default 443 TCP is registered by default Mode G...

Page 1135: ...to configuration PAC file to your switch The Web Authentication supplicant can get the downloaded file from the system web server Syntax copy filename proxy autoconfig file Mode Privileged Exec Exampl...

Page 1136: ...be in PEM Privacy Enhanced Mail format and contain the private key and the server certificate Syntax copy filename web auth https file Mode Privileged Exec Example To download the server certificate...

Page 1137: ...ault No description configured by default Mode Authentication Profile Example To add a description to the authentication profile student use the following commands awplus configure terminal awplus con...

Page 1138: ...Y AUTOCONFIG FILE erase proxy autoconfig file Overview Use this command to remove the proxy auto configuration file Syntax erase proxy autoconfig file Mode Privileged Exec Example To remove the proxy...

Page 1139: ...auth https file Overview Use this command to remove the SSL server certificate for web based authentication Syntax erase web auth https file Mode Privileged Exec Example To remove the SSL server certi...

Page 1140: ...ore than four different IP addresses produce the same hash key When this situation occurs collisions can sometimes be avoided by changing the hashing algorithm from its default of crc32l Several diffe...

Page 1141: ...more than four different MAC addresses produce the same hash key When this situation occurs collisions can sometimes be avoided by changing the hashing algorithm from its default of crc32l Several di...

Page 1142: ...namic or LACP channel group or a switch port awplus show auth all 802 1X Port Based Authentication Enabled MAC based Port Authentication Disabled WEB based Port Authentication Enabled RADIUS server ad...

Page 1143: ...authenticationMethod WEB based Authentication Two Step Authentication firstAuthentication Pass Method dot1x secondAuthentication Pass Method web portStatus Authorized currentId 3 abort F fail F start...

Page 1144: ...face list Mode Privileged Exec Example To display authentication diagnostics for port1 0 6 enter the command awplus show auth diagnostics interface port1 0 6 Parameter Description interface Specify po...

Page 1145: ...r interface port1 0 6 Supplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWhileConnecting 1 authEnterAuthenticating 2 authSuccessWhileAuthenticating 1 authTimeoutWhileAuthenticating 1...

Page 1146: ...nterface interface list diagnostics sessionstatistics statistics supplicant brief Mode Privileged Exec Example To display the Web based authentication status for port1 0 6 enter the command awplus sho...

Page 1147: ...t1 0 1 Authentication Info for interface port1 0 1 portEnabled true portControl Auto portStatus Authorized reAuthenticate disabled reAuthPeriod 3600 PAE quietPeriod 60 maxReauthReq 2 txPeriod 30 BE su...

Page 1148: ...ionstatistics show dot1x statistics interface show dot1x supplicant interface Authentication Diagnostics for interface port1 0 6 Supplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWh...

Page 1149: ...2 3 Example output from the show auth sessionstatistics command Parameter Description interface Specify ports to show interface list The interfaces or ports to configure An interface list can be an in...

Page 1150: ...play Web Authentication statistics for port1 0 4 enter the command awplus show auth statistics interface port1 0 4 Related Commands show dot1x interface Parameter Description interface list The interf...

Page 1151: ...nt To display authenticated supplicant information for device with MAC address 0000 5E00 5301 enter the command awplus show auth supplicant 0000 5E00 5301 Output Figure 32 4 Example output from show a...

Page 1152: ...l F start F timeout F success T PAE state Authenticated portMode Auto PAE reAuthCount 0 rxRespId 0 PAE quietPeriod 60 maxReauthReq 2 BE state Idle reqCount 0 idFromServer 0 CD adminControlledDirection...

Page 1153: ...lliedWare Plus Operating System Version 5 4 7 0 x AUTHENTICATION COMMANDS SHOW AUTH SUPPLICANT Related Commands aaa accounting auth mac aaa accounting auth web aaa accounting dot1x aaa authentication...

Page 1154: ...uthenticated supplicant on the interface port1 0 3 enter the command awplus show auth supplicant interface port1 0 3 To display brief summary output for the authenticated supplicant enter the command...

Page 1155: ...step supplicant interface port1 0 6 brief Output Figure 32 7 Example output from show auth two step supplicant brief Related Commands auth two step enable Parameter Description interface The interface...

Page 1156: ...2 8 Example output from the show auth web server command Related Commands auth web server ipaddress auth web server port auth web server redirect delay time auth web server redirect url auth web serve...

Page 1157: ...how the web authentication page information use the command awplus show auth web server page Figure 32 9 Example output from the show auth web server page command Related Commands auth web forward aut...

Page 1158: ...e Syntax show proxy autoconfig file Mode Privileged Exec Example To display the contents of the proxy auto configuration PAC file enter the command awplus show auth proxy autoconfig file Output Figure...

Page 1159: ...e 1165 aaa accounting dot1x on page 1167 aaa accounting login on page 1169 aaa accounting update on page 1172 aaa authentication auth mac on page 1174 aaa authentication auth web on page 1176 aaa auth...

Page 1160: ...page 1197 login authentication on page 1198 proxy port on page 1199 radius secure proxy aaa on page 1200 server radsecproxy aaa on page 1201 server mutual authentication on page 1203 server name chec...

Page 1161: ...ly none group group name radius no aaa accounting auth mac default list name Default RADIUS accounting for MAC based Authentication is disabled by default Mode Global Configuration Usage This command...

Page 1162: ...DIUS servers use the commands awplus configure terminal awplus config aaa accounting auth mac default start stop group radius To disable RADIUS accounting for MAC based Authentication use the commands...

Page 1163: ...ly none group group name radius no aaa accounting auth web default list name Default RADIUS accounting for Web based authentication is disabled by default Mode Global Configuration Usage This command...

Page 1164: ...ervers use the commands awplus configure terminal awplus config aaa accounting auth web default start stop group radius To disable the default RADIUS accounting method for Web based authentication use...

Page 1165: ...led by default Mode Global Configuration Usage This command only supports a default method list this means that it is applied to every console and VTY line The stop only parameter indicates that the c...

Page 1166: ...privilege levels 1 7 and 15 use the following commands awplus configure terminal awplus config aaa accounting commands 1 default stop only group tacacs awplus config aaa accounting commands 7 default...

Page 1167: ...me start stop stop only none group group name radius no aaa accounting dot1x default list name Default RADIUS accounting for 802 1X based authentication is disabled by default there is no default serv...

Page 1168: ...and use all available RADIUS Servers use the commands awplus configure terminal awplus config aaa accounting dot1x default start stop group radius To disable RADIUS accounting for 802 1X based authent...

Page 1169: ...accounting method list for login shell sessions configured by an aaa accounting login command If the method list being deleted is already applied to a console or VTY line accounting on that line will...

Page 1170: ...p name use the specified RADIUS server group configured with the aaa group server command There is one way to define servers where TACACS accounting messages are sent group tacacs use all TACACS serve...

Page 1171: ...1171 AlliedWare Plus Operating System Version 5 4 7 0 x AAA COMMANDS AAA ACCOUNTING LOGIN Related Commands aaa accounting commands aaa authentication login aaa accounting login aaa accounting update...

Page 1172: ...ode Global Configuration Usage Use this command to enable the device to send periodic AAA login accounting reports to the accounting server When periodic accounting report is enabled interim accountin...

Page 1173: ...AAA COMMANDS AAA ACCOUNTING UPDATE To disable periodic accounting update wherever accounting has been configured use the following commands awplus configure terminal awplus config no aaa accounting up...

Page 1174: ...sed Port Authentication is disabled by default Mode Global Configuration Usage This command can be used to configure either the default authentication method list or a named authentication method list...

Page 1175: ...commands awplus configure terminal awplus config no aaa authentication auth mac default To enable MAC based authentication for named list vlan10_auth with RADIUS server group rad_group_vlan10 use the...

Page 1176: ...web default list name Default Web based authentication is disabled by default Mode Global Configuration Usage This command can be used to configure either the default authentication method list or a n...

Page 1177: ...tication use the commands awplus configure terminal awplus config no aaa authentication auth web default To enable Web based authentication for named list vlan10_auth with RADIUS server group rad_grou...

Page 1178: ...ation is disabled by default Mode Global Configuration Usage This command can be used to configure either the default authentication method list or a named authentication method list default the defau...

Page 1179: ...d authentication for named list vlan10_auth with RADIUS server group rad_group_vlan10 use the commands awplus configure terminal awplus config aaa authentication dot1x vlan10_auth group rad_group_vlan...

Page 1180: ...ified privilege level is equal to or less than the users maximum privilege level then they are granted access to that level If the user attempts to access a privilege level that is higher than their m...

Page 1181: ...LI Examples To enable a privilege level authentication method that will not allow the user to access Privileged Exec mode if the TACACS server goes offline or is not reachable during enable password a...

Page 1182: ...tion Usage The privilege level configured for a particular user in the local user database is the privilege threshold above which the user is prompted for an enable Privileged Exec mode command Exampl...

Page 1183: ...e default method list This will return the default method list to its default state local is the default Syntax aaa authentication login default list name local group radius tacacs group name no aaa a...

Page 1184: ...for user login to first use all available RADIUS servers for user login authentication and then use the local user database use the following commands awplus configure terminal awplus config aaa auth...

Page 1185: ...sent to the first available configured TACACS server the first server configured for authorization Parameter Description privilege level The privilege level of the set of commands the method list will...

Page 1186: ...fallback is not configured and all servers become unreachable then all commands except logout exit and quit will be denied The default method list is defined with a local fallback unless configured d...

Page 1187: ...ion Usage If authorization of configuration mode commands is not enabled then all configuration commands are accepted by default including command authorization commands NOTE Authorization of configur...

Page 1188: ...bal Configuration Usage Use this command to create an AAA group of RADIUS servers and to enter Server Group Configurationmode inwhich you canadd servers to thegroup Use a server groupto specify a subs...

Page 1189: ...x AAA COMMANDS AAA GROUP SERVER Related Commands aaa accounting auth mac aaa accounting auth web aaa accounting dot1x aaa accounting login aaa authentication auth mac aaa authentication auth web aaa...

Page 1190: ...iguration Default The default for the lockout time is 300 seconds 5 minutes Usage While locked out all attempts to login with the locked account will fail The lockout can be manually cleared by anothe...

Page 1191: ...ed login counter reaches the limit configured by this command that user account is locked out for a specified duration configured by the aaa local authentication attempts lockout time command When a s...

Page 1192: ...the console SSH and Telnet Use the novariantof this commandtoresetthe minimumtimeperiod to itsdefault value Syntax aaa login fail delay 1 10 no aaa login fail delay 1 10 Default 1 second Mode Global c...

Page 1193: ...e login default login accounting is applied after issuing the no accounting login command Accounting is disabled with default Syntax accounting login default list name no accounting login Default By d...

Page 1194: ...od list with privilege level 15 to VTY lines 0 to 5 use the following commands awplus configure terminal awplus config line vty 0 5 awplus config line authorization commands 15 TAC15 To reset the comm...

Page 1195: ...and Reference for GS970M Series 1195 AlliedWare Plus Operating System Version 5 4 7 0 x AAA COMMANDS AUTHORIZATION COMMANDS aaa authorization config commands tacacs server host Command changes Version...

Page 1196: ...ear aaa local user lockout username username all Mode Privileged Exec Examples To unlock the user account bob use the following command awplus clear aaa local user lockout username bob To unlock all u...

Page 1197: ...accounting all authentication authorization Default AAA debugging is disabled by default Mode Privileged Exec Examples To enable authentication debugging for AAA use the command awplus debug aaa authe...

Page 1198: ...ion Default The default login authentication method list as specified by the aaa authentication login command is used to authenticate user login If this has not been specified the default is to use th...

Page 1199: ...o proxy port Default The default port is 1645 Mode RadSecProxy AAA Configuration Mode Usage It is not necessary to change the value from the default unless UDP port 1645 is required for another purpos...

Page 1200: ...figuration mode This application allows local RADIUS based clients on system to communicate with remote RadSec servers via a secure TLS proxy Syntax radius secure proxy aaa Mode Global Configuration M...

Page 1201: ...ut value for RADIUS servers will be used The global timeout may be changed using the radius server timeout command The default global timeout is 5 seconds Each server may be configured to use certific...

Page 1202: ...ERVER RADSECPROXY AAA Example To add a server which waits 3 seconds before receiving replies use the commands awplus configure terminal awplus config radius secure proxy aaa awplus config radsecproxy...

Page 1203: ...sing the RadSecProxy AAA application to not transmit a certificate to the server NOTE Ifmutualauthenticationisdisabledontheclient AAA applicationbutenabled on the server a connection will not be estab...

Page 1204: ...subject field of the client s X 509 certificate must match the domain name or IP address specified in the server radsecproxy aaa command Use the no variant of this command to set the global behavior f...

Page 1205: ...server must have an issuer chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints are specified in the command the tru...

Page 1206: ...C613 50163 01 Rev C Command Reference for GS970M Series 1206 AlliedWare Plus Operating System Version 5 4 7 0 x AAA COMMANDS SERVER TRUSTPOINT server radsecproxy aaa server name check...

Page 1207: ...ocked account successfully logs into the system after waiting for the lockout time this command will display nothing for that particular account Syntax show aaa local user locked Mode User Exec and Pr...

Page 1208: ...aaa accounting auth mac aaa authentication auth web aaa authentication dot1x awplus show aaa server group User List Name Method Acct Event login auth default local login acct dot1x auth default radius...

Page 1209: ...displays the current debugging status for AAA Authentication Authorization Accounting Syntax show debugging aaa Mode User Exec and Privileged Exec Example To display the current debugging status of AA...

Page 1210: ...er groups use the command awplus show radius server group To display a information for a RADIUS server group named rad_group_list1 use the command awplus show radius server group rad_group_list1 Outpu...

Page 1211: ...DIUS SERVER GROUP Figure 33 5 Example output from show radius server group rad_group_list1 Related Commands aaa group server awplus show radius server group rad_group_list1 RADIUS Group Configuration...

Page 1212: ...1 Rev C Command Reference for GS970M Series 1212 AlliedWare Plus Operating System Version 5 4 7 0 x AAA COMMANDS UNDEBUG AAA undebug aaa Overview This command applies the functionality of the no debug...

Page 1213: ...entifier on page 1214 auth radius send service type on page 1215 deadtime RADIUS server group on page 1216 debug radius on page 1217 ip radius source interface on page 1218 radius server deadtime on p...

Page 1214: ...entifierof NASID100 as the NAS Identifier attribute use the commands awplus configure terminal awplus config auth radius send nas identifier NASID100 To use the VLAN ID as the NAS Identifier attribute...

Page 1215: ...n requests The Service Type attribute has a value of Framed 2 for 802 1x Call Check 10 for MAC authentication Unbound 5 for Web authentication Use the no variant of this command to stop including the...

Page 1216: ...RADIUS server is set to 0 minutes by default Syntax deadtime 0 1440 no deadtime Default The deadtime is set to 0 minutes by default Mode Server Group Configuration Usage If the RADIUS server does not...

Page 1217: ...all Default RADIUS debugging is disabled by default Mode Privileged Exec Examples To enable debugging for RADIUS packets use the command awplus debug radius packet To enable debugging for RADIUS even...

Page 1218: ...ce interface interface ip address no ip radius source interface Default Source IP address of outgoing RADIUS packets depends on the interface the packets leave Mode Global Configuration Examples To co...

Page 1219: ...S deadtime configured on the system is 0 seconds Mode Global Configuration Usage The RADIUS client considers a RADIUS server to be dead if it fails to respond to a request after it has been retransmit...

Page 1220: ...0 65535 auth port 0 65535 key key string retransmit 0 100 timeout 1 1000 no radius server host host name ip address acct port 0 65535 auth port 0 65535 Parameter Description host name Server host name...

Page 1221: ...The time interval in seconds to wait for the RADIUS server to reply before retransmitting a request or considering the server dead This setting overrides the global value set by the radius server time...

Page 1222: ...er 10 0 0 20 use the following commands awplus configure terminal awplus config no radius server host 10 0 0 20 To configure rad1 company com for authentication only use the following commands awplus...

Page 1223: ...t key shared between this client and its RADIUS servers If no secret key is specified for a particular RADIUS server using the radius server host c ommand this global key is used After enabling AAA au...

Page 1224: ...ault RADIUS retransmit count on the device is 3 Mode Global Configuration Examples To set the RADIUS retransmit count to 1 use the following commands awplus configure terminal awplus config radius ser...

Page 1225: ...C Command Reference for GS970M Series 1225 AlliedWare Plus Operating System Version 5 4 7 0 x RADIUS COMMANDS RADIUS SERVER RETRANSMIT Related Commands radius server deadtime radius server host show...

Page 1226: ...is 5 seconds Mode Global Configuration Examples To globally set the device to wait 20 seconds before retransmitting a RADIUS request to unresponsive RADIUS servers use the following commands awplus co...

Page 1227: ...0 x RADIUS COMMANDS RADIUS SERVER TIMEOUT To reset the global timeout period for RADIUS servers to the default use the following command awplus configure terminal awplus config no radius server timeou...

Page 1228: ...on port for accounting requests to the server To disable accounting for the server set acct port to 0 If the accounting port is missing the default port number is 1812 Use the no variant of this comma...

Page 1229: ...minal awplus config aaa group server radius RAD_AUTH1 awplus config sg server 192 168 1 1 acct port 0 awplus config sg server 192 168 2 1 auth port 1000 acct port 0 To create a RADIUS server group RAD...

Page 1230: ...displays the current debugging status for the RADIUS servers Syntax show debugging radius Mode User Exec and Privileged Exec Example To display the current debugging status of RADIUS servers use the c...

Page 1231: ...he show radius command showing RADIUS servers Example See the sample output below showing RADIUS client status and RADIUS configuration awplus show radius RADIUS Global Configuration Source Interface...

Page 1232: ...e Interface The interface name or IP address to be used for the source address of all outgoing RADIUS packets Secret Key A shared secret key to a radius server Timeout A time interval in seconds Retra...

Page 1233: ...as been dead for Alive The server is alive Error The server is not responding Dead The server is detected as dead and it will not be used for deadtime period The time displayed in the output shows the...

Page 1234: ...vileged Exec Example See the sample output below showing RADIUS client statistics and RADIUS configuration awplus show radius statistics Output Figure 34 4 Example output from the show radius statisti...

Page 1235: ...C Command Reference for GS970M Series 1235 AlliedWare Plus Operating System Version 5 4 7 0 x RADIUS COMMANDS UNDEBUG RADIUS undebug radius Overview This command applies the functionality of the no de...

Page 1236: ...l authentication on page 1244 client name check on page 1245 client trustpoint on page 1246 clear radius local server statistics on page 1247 copy fdb radius users to file on page 1248 copy local radi...

Page 1237: ...page 1268 server enable on page 1269 show crypto pki certificates deleted on page 1270 show crypto pki certificates local radius all users deleted on page 1271 show crypto pki certificates user delete...

Page 1238: ...r group If the specified attribute is already defined then it is replaced with the new value Use the no variant of this command to delete an attribute from the local RADIUS server user group Syntax at...

Page 1239: ...mes use the following commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group attribute help A list of Vendor specific Attribut...

Page 1240: ...e following commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group attribute Service Type 6 To delete the attribute Service Ty...

Page 1241: ...enabled by default Mode RADIUS Server Configuration Examples The following commands enable EAP MD5 authentication methods on the local RADIUS server awplus configure terminal awplus config radius ser...

Page 1242: ...he global behavior defined by client name check or no client name check will be used If name checking is enabled the Common Name portion of the subject field of the client s X 509 certificate must mat...

Page 1243: ...163 01 Rev C Command Reference for GS970M Series 1243 AlliedWare Plus Operating System Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS CLIENT RADSECPROXY SRV client trustpoint radius secure proxy local...

Page 1244: ...tual certificate validation The local server application will still transmit the local server certificate to the client but will not expect or validate a certificate from the client Syntax client mutu...

Page 1245: ...ion of the subject field of the client s X 509 certificate must match the domain name or IP address specified in the client radsecproxy aaa command Use the no variant of this command to set the global...

Page 1246: ...with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints are specified in the command the trustpoint list will be unchanged If no client trus...

Page 1247: ...lears the number of successful and failed logins for each local RADIUS server user Examples To clear the NAS Network Access Server statistics stored on the device use the command awplus clear radius l...

Page 1248: ...sers created use a MAC address which can be used for MAC authentication Parameter Description local radius user db Copy the local RADIUS server users created to the local RADIUS server flash Copy the...

Page 1249: ...ADIUS server use the command awplus copy fdb radius users local radius user db To register the local RADIUS server users from the interface port1 0 1 to the local RADIUS server use the command awplus...

Page 1250: ...cal RADIUS server user database before copying the contents of specified file Syntax copy source url local radius user db add replace Default When no copy method is specified with this command the rep...

Page 1251: ...rated Values format Syntax copy local radius user db flash nvs card tftp scp destination url Mode Privileged Exec Example Copy the current local RADIUS server user data to http datahost user csv awplu...

Page 1252: ...L RADIUS SERVER COMMANDS CRYPTO PKI ENROLL LOCAL DELETED crypto pki enroll local deleted Overview This command is no longer available Please use the following command instead crypto pki enroll trustpo...

Page 1253: ...ENROLL LOCAL LOCAL RADIUS ALL USERS DELETED crypto pki enroll local local radius all users deleted Overview This command is no longer available Please use the following command instead crypto pki enr...

Page 1254: ...VER COMMANDS CRYPTO PKI ENROLL LOCAL USER DELETED crypto pki enroll local user deleted Overview This command is no longer available Please use the following command instead crypto pki enroll trustpoin...

Page 1255: ...MANDS CRYPTO PKI EXPORT LOCAL PEM DELETED crypto pki export local pem deleted Overview This command is no longer available Please use the crypto pki export pem command instead crypto pki export trustp...

Page 1256: ...O PKI EXPORT LOCAL PKCS12 DELETED crypto pki export local pkcs12 deleted Overview This command is no longer available Please use the crypto pki export pkcs12 command instead crypto pki export trustpoi...

Page 1257: ...US SERVER COMMANDS CRYPTO PKI TRUSTPOINT LOCAL DELETED crypto pki trustpoint local deleted Overview This command is no longer available Please use the following command instead crypto pki trustpoint t...

Page 1258: ...C Command Reference for GS970M Series 1258 AlliedWare Plus Operating System Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS DEBUG CRYPTO PKI DELETED debug crypto pki deleted Overview This command is no...

Page 1259: ...uration Usage When both domain styles are enabled the first domain style configured has the highest priority A username login string is matched against the first domain style enabled Then if the usern...

Page 1260: ...d command or the egress vlan name command and specify the tagged parameter Examples To set the Egress VLANID attribute for the NormalUsers local RADIUS server user group to VLAN identifier 200 with ta...

Page 1261: ...01 Rev C Command Reference for GS970M Series 1261 AlliedWare Plus Operating System Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS EGRESS VLAN ID Related Commands attribute egress vlan name switchport...

Page 1262: ...the egress vlan id command or the egress vlan name command and specify the tagged parameter Examples To configure the Egress VLAN Name attribute for the RADIUS server user group NormalUsers with the V...

Page 1263: ...01 Rev C Command Reference for GS970M Series 1263 AlliedWare Plus Operating System Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS EGRESS VLAN NAME Related Commands attribute egress vlan id switchport...

Page 1264: ...roup Syntax group user group name no group user group name Mode RADIUS Server Configuration Examples The following command creates the user group NormalUsers awplus configure terminal awplus config ra...

Page 1265: ...p address key nas keystring no nas ip address Mode RADIUS Server Configuration Examples The following commands add the NAS with an IP address of 192 168 1 2 to the list of clients that may send authen...

Page 1266: ...ion mode This application allows remote RadSec clients to communicate with the local RADIUS server process via a secure TLS proxy Syntax radius secure proxy local server Mode Global Configuration Mode...

Page 1267: ...tion Example Local RADIUS Server commands are available from config radsrv configuration mode To change mode from User Exec mode to the Local RADIUS Server mode config radsrv use the commands awplus c...

Page 1268: ...ort Default The default local RADIUS server UDP authentication port number is 1812 Mode RADIUS Server Configuration Examples The following commands set the RADIUS server authentication port to 10000 a...

Page 1269: ...he local RADIUS server stops operating Syntax server enable no server enable Default The local RADIUS server is disabled by default and must be enabled for use with this command Mode RADIUS Server Con...

Page 1270: ...ersion 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES DELETED show crypto pki certificates deleted Overview This command is no longer available Please use the following command in...

Page 1271: ...n 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES LOCAL RADIUS ALL USERS DELETED show crypto pki certificates local radius all users deleted Overview This command is no longeravail...

Page 1272: ...ting System Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES USER DELETED show crypto pki certificates user deleted Overview This command is no longeravailablebecause userce...

Page 1273: ...Version 5 4 7 0 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI TRUSTPOINTS DELETED show crypto pki trustpoints deleted Overview This command is no longer available Please use the following command in...

Page 1274: ...figuration Guide Syntax show radius local server group user group name Mode User Exec and Privileged Exec Example The following command displays Local RADIUS server user group information awplus show...

Page 1275: ...eature Overview and Configuration Guide Syntax show radius local server nas ip address Mode User Exec and Privileged Exec Example The following command displays NAS information awplus show radius loca...

Page 1276: ...command displays Local RADIUS server statistics awplus show radius local server statistics Output Related Commands clear radius local server statistics radius server local server enable server auth p...

Page 1277: ...US server user information for user Tom awplus show radius local server user Tom The following command displays all Local RADIUS server information for all users awplus show radius local server user T...

Page 1278: ...L RADIUS SERVER COMMANDS SHOW RADIUS LOCAL SERVER USER Related Commands group user RADIUS server Table 8 Parameters in the output from the show radius local server user command Parameter Description U...

Page 1279: ...pplicant MAC address to configure the user name and user password parameters to use local RADIUS server for MAC Authentication See the AAA and Port_Authentication Feature Overview and Configuration_Gu...

Page 1280: ...onfigure terminal awplus config radius server local awplus config radsrv user Tom password QwerSD group NormalUsers The following commands remove user Tom from the local RADIUS server awplus configure...

Page 1281: ...p Syntax vlan vid vlan name no vlan Default VLAN information is not set by default Mode RADIUS Server Group Configuration Examples The following commands set VLAN ID 200 to the group named NormalUsers...

Page 1282: ...1284 crypto pki authenticate on page 1285 crypto pki enroll on page 1286 crypto pki enroll user on page 1287 crypto pki export pem on page 1289 crypto pki export pkcs12 on page 1290 crypto pki import...

Page 1283: ...bit lengths are more secure but require more computation time The specified key must not already exist Example To create a key with the label example server key and a bit length of 2048 use the comma...

Page 1284: ...with zeros The specified key must exist but must not be in use for any existing server certificates A key may not be deleted if it is associated with the server certificate or server certificate signi...

Page 1285: ...ollment setting is terminal then this command prompts the user to paste a certificate Privacy Enhanced Mail PEM file at the CLI terminal If the certificate is a valid selfsigned CA certificate then it...

Page 1286: ...is command results in the direct generation of the server certificate signed by the root CA for the trustpoint If the trustpoint represents an external certificate authority then this command results...

Page 1287: ...DIUS server The specified trustpoint must represent a locally self signed certificate authority The private key and certificate are packaged into a PKCS 12 formatted file suitable for export using the...

Page 1288: ...rsion 5 4 7 0 x PUBLIC KEY INFRASTRUCTURE COMMANDS CRYPTO PKI ENROLL USER To enroll all local RADIUS users with the trustpoint example use the following commands awplus enable awplus crypto pki enroll...

Page 1289: ...ged Exec Usage The specified trustpoint must already exist and it must already be authenticated Example To display the PEM file for the trustpoint example to the terminal use the following commands aw...

Page 1290: ...e server certificate and thecorrespondingprivatekey iftheserverhasbeen enrolledtothetrustpoint The command prompts for a passphrase to encrypt the private key If a RADIUS username is specified this co...

Page 1291: ...TURE COMMANDS CRYPTO PKI EXPORT PKCS12 Example To export the PKCS 12 file example pk12 for the trustpoint example to the URL tftp backup use the following commands awplus enable awplus crypto pki expo...

Page 1292: ...sure they are proper CA certificates and that the issuer chain ends in a root CA certificate already installed for the trustpoint If there is no root CA certificate for the trustpoint i e if the trust...

Page 1293: ...C KEY INFRASTRUCTURE COMMANDS CRYPTO PKI IMPORT PEM To import the PEM file for the trustpoint example from the URL tftp server_a use the following commands awplus enable awplus crypto pki import examp...

Page 1294: ...where N is a non negative integer This operation is only valid if the server certificate does not already exist for the trustpoint i e if the server is not enrolled to the trustpoint PKCS 12 files for...

Page 1295: ...icate the trustpoint as a local self signed certificate authority The no variant of this command destroys the trustpoint by removing all CA and server certificates associated with the trustpoint as we...

Page 1296: ...the root CA certificate Privacy Enhanced Mail PEM file at the terminal when the crypto pki authenticate command is issued It will create a Certificate Signing Request CSR file for the local server wh...

Page 1297: ...tch any pre accepted value then the user will be prompted to verify the certificate contents and fingerprint visually This command is useful when certificates from an external certificate authority ar...

Page 1298: ...50163 01 Rev C Command Reference for GS970M Series 1298 AlliedWare Plus Operating System Version 5 4 7 0 x PUBLIC KEY INFRASTRUCTURE COMMANDS FINGERPRINT TRUSTPOINT CONFIGURATION MODE crypto pki impor...

Page 1299: ...ned by the specified certificate the command will be rejected If the specified certificate is the root CA certificate and the trustpoint represents a locally selfsigned CA then the corresponding priva...

Page 1300: ...request The optional numeric parameter defines the bit length for the key and is only applicable for keys that are implicitly created during enrollment This command does not affect server certificates...

Page 1301: ...gerprint a hash of the key contents to help uniquely identify a key and a list of trustpoints in which the server certificate is using the key The specified keys must exist Example To show all keys us...

Page 1302: ...s with the server certificate and then displays its issuer and continues up the issuer chain until the root CA certificate is reached For each certificate the command displays the certificate type the...

Page 1303: ...CN local loc lc Issuer C NZ CN local_Signing_CA Valid From Nov 11 15 35 21 2015 GMT Valid To Aug 31 15 35 21 2018 GMT Fingerprint 5A81D34C 759CC4DA CFCA9F65 0303AD83 410B03AF Intermediate CA certific...

Page 1304: ...trustpoints using the crypto pki export pkcs12 command Syntax crypto pki enrollment user username Mode Privileged Exec Example To show the list of trustpoints to which user exampleuser1 is enrolled us...

Page 1305: ...onfigured to use the trustpoint and the trustpoint parameters that were configured from trustpoint configuration mode The specified trustpoints must already exist Example To show the details of the tr...

Page 1306: ...tion Usage The subject name is specified as a variable number of fields where each field begins with a forward slash character Each field is of the form XX value where XX is the abbreviation of the no...

Page 1307: ...01 Rev C Command Reference for GS970M Series 1307 AlliedWare Plus Operating System Version 5 4 7 0 x PUBLIC KEY INFRASTRUCTURE COMMANDS SUBJECT NAME TRUSTPOINT CONFIGURATION Related Commands crypto p...

Page 1308: ...gure the device to use TACACS servers For more information about TACACS see the TACACS Feature Overview and Configuration Guide Command List authorization commands on page 1309 aaa authorization comma...

Page 1309: ...thod list with privilege level 15 to VTY lines 0 to 5 use the following commands awplus configure terminal awplus config line vty 0 5 awplus config line authorization commands 15 TAC15 To reset the co...

Page 1310: ...d Reference for GS970M Series 1310 AlliedWare Plus Operating System Version 5 4 7 0 x TACACS COMMANDS AUTHORIZATION COMMANDS aaa authorization config commands tacacs server host Command changes Versio...

Page 1311: ...sent to the first available configured TACACS server the first server configured for authorization Parameter Description privilege level The privilege level of the set of commands the method list wil...

Page 1312: ...al fallback is not configured and all servers become unreachable then all commands except logout exit and quit will be denied The default method list is defined with a local fallback unless configured...

Page 1313: ...ation Usage If authorization of configuration mode commands is not enabled then all configuration commands are accepted by default including command authorization commands NOTE Authorization of config...

Page 1314: ...sures that all TACACS packets sent from the device will have the same source IP address Once configured this affects all TACACS packets namely accounting authentication and authorization If the specif...

Page 1315: ...gured Timeout 5 sec Server Host Server IP Address Status 192 168 1 10 Alive 192 168 1 11 Unknown Table 1 Parameters in the output of the show tacacs command Output Parameter Meaning Source Interface I...

Page 1316: ...3 50163 01 Rev C Command Reference for GS970M Series 1316 AlliedWare Plus Operating System Version 5 4 7 0 x TACACS COMMANDS SHOW TACACS Command changes Version 5 4 6 2 1 Source Interface parameter ad...

Page 1317: ...configured is regarded as the primary server and if the primary server fails then the backup servers are consulted in turn A backup server is consulted if the primary server fails not if a login authe...

Page 1318: ...llowing commands awplus configure terminal awplus config tacacs server host tac1 company com To set the secret key to secret on the TACACS server 192 168 1 1 use the following commands awplus configur...

Page 1319: ...is client and its TACACS servers If no secret key is specified for a particular TACACS server using the tacacs server host command this global key is used Examples To set the global secret key to secr...

Page 1320: ...The no variant of this command resets the transmit timeout to the default 5 seconds Syntax tacacs server timeout seconds no tacacs server timeout Default The default timeout value is 5 seconds Mode Gl...

Page 1321: ...witch ports e g port1 0 2 Command List arp security on page 1323 arp security violation on page 1324 clear arp security statistics on page 1326 clear ip dhcp snooping binding on page 1327 clear ip dhc...

Page 1322: ...ing on page 1346 show arp security on page 1348 show arp security interface on page 1349 show arp security statistics on page 1351 show debugging arp security on page 1353 show debugging ip dhcp snoop...

Page 1323: ...to disable ARP security on the VLANs Syntax arp security no arp security Default Disabled Mode Interface Configuration VLANs Usage Enable ARP security to provide protection against ARP spoofing DHCP...

Page 1324: ...has ARP security enabled it drops the packet This command sets the switch to perform additional actions in response to ARP violations If a port has been shut down in response to a violation to bring...

Page 1325: ...or GS970M Series 1325 AlliedWare Plus Operating System Version 5 4 7 0 x DHCP SNOOPING COMMANDS ARP SECURITY VIOLATION Related Commands arp security show arp security interface show arp security stati...

Page 1326: ...ax clear arp security statistics interface port list Mode Privileged Exec Example To clear statistics for ARP security on interface port1 0 1 use the command awplus clear arp security statistics inter...

Page 1327: ...st Mode Privileged Exec Usage This command removes dynamic entries from the database Note that dynamic entries can also be deleted by using the novariant of theip dhcp snooping binding command Dynamic...

Page 1328: ...cp snooping statistics interface port list Mode Privileged Exec Example To clear statistics for the DHCP snooping on interface port1 0 1 use the command awplus clear ip dhcp snooping statistics interf...

Page 1329: ...Overview Use this command to enable ARP security debugging Use the no variant of this command to disable debugging for ARP security Syntax debug arp security no debug arp security Default Disabled Mod...

Page 1330: ...et detail no debug ip dhcp snooping all acl db packet detail Default Disabled Mode Privileged Exec Example To enable access list debugging for DHCP snooping use the commands awplus debug ip dhcp snoop...

Page 1331: ...t one port connected to a DHCP server configured as a trusted port by using the ip dhcp snooping trust command Any ACLs on a port that permit traffic matching DHCP snooping entries and block other tra...

Page 1332: ...to untrusted ports Use the no variant of this command to disable DHCP Relay Agent Option 82 insertion Syntax ip dhcp snooping agent option no ip dhcp snooping agent option Default DHCP Relay Agent Opt...

Page 1333: ...e If the switch is connected via untrusted ports to edge switches that insert DHCP Relay Agent Option 82 information into DHCP packets you may need to allow these DHCP packets through the untrusted po...

Page 1334: ...number Mode Interface Configuration for a VLAN interface Usage The Circuit ID sub option is included in the DHCP Relay Agent Option 82 field of forwarded client DHCP packets DHCP snooping Option 82 i...

Page 1335: ...e DHCP Relay Agent Option 82 field of forwarded client DHCP packets DHCP snooping Option 82 information insertion is enabled ip dhcp snooping agent option command enabled by default and DHCPsnoopingis...

Page 1336: ...ng binding ipaddr macaddr vlan vid interface port expiry expiry time no ip dhcp snooping binding ipaddr Mode Privileged Exec Usage Note that dynamic entries can also be deleted from the DHCP snooping...

Page 1337: ...on This can be removed if necessary hidden file dhcp dsn gz Example To set the location of the DHCP snooping database to non volatile storage on the switch use the commands awplus configure terminal a...

Page 1338: ...ted from the DHCP snooping database when matching DHCP release messages are received Mode Global Configuration Usage DHCP clients send a release message when they no longer wish to use the IP address...

Page 1339: ...the switch not to delete entries when ports go down Syntax ip dhcp snooping delete by linkdown no ip dhcp snooping delete by linkdown Default Disabled by default DHCP Snooping bindings are not delete...

Page 1340: ...dhcp snooping acl command In general the default 1 will work well on an edge port with a single directly connected DHCP client If the port is on an aggregation switch that is connected to an edge swit...

Page 1341: ...cp snooping trust Default All ports are untrusted by default Mode Interface Configuration port Usage Typically ports connecting the switch to trusted elements in the network towards the core are set a...

Page 1342: ...t Enabled source MAC addresses are verified by default Mode Global Configuration Usage When MAC address verification is enabled the switch treats DHCP packets with source MAC address and client hardwa...

Page 1343: ...command IP packets dropped by DHCP snooping filters do not resultin other DHCP snooping violation actions Example To set the switch to send an SNMP notification and set the link status to link down i...

Page 1344: ...xamples To add a static entry to the DHCP snooping database for a client with the IP address 192 168 1 2 MAC address 0001 0002 0003 on port1 0 6 of vlan6 use the command awplus configure terminal awpl...

Page 1345: ...or GS970M Series 1345 AlliedWare Plus Operating System Version 5 4 7 0 x DHCP SNOOPING COMMANDS IP SOURCE BINDING Related Commands clear ip dhcp snooping binding ip dhcp snooping binding show ip dhcp...

Page 1346: ...abled on the particular VLAN by using the ip dhcp snooping command have at least one port connected to a DHCP server configured as a trusted port by using the ip dhcp snooping trust command If you dis...

Page 1347: ...Examples To enable DHCP snooping on the switch use the command awplus configure terminal awplus config service dhcp snooping To disable DHCP snooping on the switch use the command awplus configure ter...

Page 1348: ...ty interface show arp security statistics Table 1 Example output from the show arp security command awplus show arp security ARP Security Information Total VLANs enabled 2 Total VLANs disabled 11 vlan...

Page 1349: ...P security configuration for ports use the command awplus show arp security interface Parameter Description port list The ports to display ARP security information about The port list can include swit...

Page 1350: ...rp security statistics show log snmp server enable trap Table 4 Parameters in the output from the show arp security interface command Parameter Description Action The action the switch takes when it d...

Page 1351: ...escription detail Display detailed statistics interface port list Display statistics for the specified ports Table 5 Example output from the show arp security statistics command awplus show arp securi...

Page 1352: ...show log Table 7 Example output from the show arp security statistics detail command awplus show arp security statistics detail DHCP Snooping ARP Security Statistics Interface port1 0 3 In Packets 20...

Page 1353: ...rity debugging configuration Syntax show debugging arp security Mode User and Privileged Exec Example To display the debugging settings for ARP security on the switch use the command awplus show debug...

Page 1354: ...ged Exec Example To display the DHCP snooping debugging configuration use the command awplus show debugging ip dhcp snooping Related Commands debug ip dhcp snooping show log Table 9 Example output fro...

Page 1355: ...p snooping show arp security show ip dhcp snooping acl show ip dhcp snooping binding show ip dhcp snooping interface Table 10 Example output from the show ip dhcp snooping command DHCP Snooping Inform...

Page 1356: ...hardware ACL information use the command awplus show ip dhcp snooping acl hardware Parameter Description detail Detailed DHCP Snooping ACL information hardware DHCP Snooping hardware ACL information...

Page 1357: ...20 20 0000 aaaa bbbb port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 3 dhcps...

Page 1358: ...ximum Bindings 2 port1 0 4 Template filters 7 port1 0 4 Attached hardware filters 14 port1 0 4 Current bindings 1 1 free port1 0 4 Client 1 120 120 120 120 port1 0 4 Templates cheese via class map cma...

Page 1359: ...option interface interface list Mode User Exec and Privileged Exec Examples To display DHCP snooping Option 82 information for all interfaces use the command awplus show ip dhcp snooping agent option...

Page 1360: ...ip dhcp snooping interface awplus show ip dhcp snooping agent option DHCP Snooping Option 82 Configuration Key C Id Circuit Id Format R Id Remote Id S Id Subscriber Id Option 82 insertion Enabled Opt...

Page 1361: ...Type 1 2 3 4 aaaa bbbb cccc 7 1 0 6 Infinite Stat 1 2 3 6 any 4077 1 0 6 Infinite Stat 1 3 4 5 any 1 sa1 Infinite Stat 111 111 100 101 0000 0000 0001 111 112 1 1 1 1 0 6 4076 Dyna 111 111 101 108 0000...

Page 1362: ...ing Type The source of the entry Dyna dynamically entered by snooping DHCP traffic configured by the ip dhcp snooping binding command or loaded from the database backup file Stat added statically by t...

Page 1363: ...configuration information for If no ports are specified information for all ports is displayed Table 16 Example output from the show ip dhcp snooping interface command awplus show ip dhcp snooping in...

Page 1364: ...and Parameter Description Port The port interface name Status The port status untrusted default or trusted Full Leases The number of entries in the DHCP snooping database for the port Max Leases The m...

Page 1365: ...aces use the command awplus show ip dhcp snooping statistics Parameter Description detail Display detailed statistics interface interface list Display statistics for the specified interfaces The inter...

Page 1366: ...erface port1 0 5 All counters 0 Interface port1 0 6 All counters 0 Table 20 Parameters in the output from the show ip dhcp snooping statistics command Parameter Description Interface The interface nam...

Page 1367: ...ing the packet would cause the maximum number of bindings on a port to be exceeded Reply Received On Untrusted Port A BOOTP reply was received on an untrusted port Source MAC CHADDR Mismatch The L2 So...

Page 1368: ...Related Commands ip source binding show ip dhcp snooping binding Table 21 Example output from the show ip source binding command awplus show ip source binding IP Source Bindings Client MAC Expires IP...

Page 1369: ...C613 50163 01 Rev C Command Reference for GS970M Series 1369 AlliedWare Plus Operating System Version 5 4 7 0 x Part 6 Network Availability...

Page 1370: ...th AlliedWare Plus Feature Overview and Configuration Guide Command List debug epsr on page 1372 epsr on page 1373 epsr configuration on page 1374 epsr datavlan on page 1375 epsr enhancedrecovery enab...

Page 1371: ...C613 50163 01 Rev C Command Reference for GS970M Series 1371 AlliedWare Plus Operating System Version 5 4 7 0 x ETHERNET PROTECTION SWITCHED RING EPSRING COMMANDS undebug epsr on page 1393...

Page 1372: ...on from being sent to the console msg Send the decoded received and transmitted EPSR packets to the console Using this parameter with the no debug epsr command will explicitly exclude the above packet...

Page 1373: ...ues for an EPSR instance These are only valid for master nodes NOTE This command will only run on switches that are capable of running as an EPSR master node However even if your switch cannot functio...

Page 1374: ...SRING COMMANDS EPSR CONFIGURATION epsr configuration Overview Use this command to enter EPSR Configuration mode so that EPSR can be configured Syntax epsr configuration Mode Global Configuration Examp...

Page 1375: ...094 using the epsr datavlan command Examples To add vlan3 to the EPSR instance called blue use the command awplus config epsr epsr blue datavlan vlan3 To add vlan2 and vlan3 to the EPSR instance calle...

Page 1376: ...re than one break partially mends For more information see the EPSR Feature Overview and Configuration Guide The no variant of this command disables the enhanced recovery mode Syntax epsr epsr instanc...

Page 1377: ...n whatever switch is the master within your EPSR network This command creates a master EPSR instance Your switch is unable to run this command because it cannot function as an EPSR master node To incl...

Page 1378: ...ic channels an algorithm selects the two ports or channels with the lowest number to be the ring ports However if the switch has only one channel group is defined to the control vlan EPSR will not ope...

Page 1379: ...ion Syntax epsr epsr instance priority 0 127 no epsr instance priority Default The default priority of an EPSR instance on an EPSR node is 0 The negated form of this command resets the priority of an...

Page 1380: ...Syntax epsr epsr instance state enabled disabled Mode EPSR Configuration Example To enable the EPSR instance called blue use the command awplus config epsr epsr blue state enabled Related Commands ep...

Page 1381: ...nstance The traps will no longer be sent when the EPSR instance changes state Syntax epsr epsr instance trap no epsr epsr instance trap Mode EPSR Configuration Example To enable traps for the EPSR ins...

Page 1382: ...ROTECTION SWITCHED RING EPSRING COMMANDS SHOW DEBUGGING EPSR show debugging epsr Overview This command shows the debugging modes enabled for EPSR Syntax show debugging epsr Mode User Exec and Privileg...

Page 1383: ...lay for a non superloop topology network NOTE The above output is only displayed on an EPSR master Output superloop topology The following examples show the output display for superloop topology netwo...

Page 1384: ...Priority 12 Table 3 Parameters displayed in the output of the show epsr command Parameter on Master Node Parameter on Transit Node Description Name Name The name of the EPSR instance Mode Mode The mo...

Page 1385: ...physical control of it Note that on a master configured for SuperLoop Prevention non zero priority its secondary ring port can be physically forwarding but logically blocking This situation arises wh...

Page 1386: ...de master controlvlan primary port epsr mode transit controlvlan show epsr counters Enhanced Recovery Enhanced Recovery Whether the EPSR instance has enhanced recovery mode enabled SLP Priority SLP Pr...

Page 1387: ...ports on the switch use the command awplus show epsr common segments Related Commands show epsr show epsr summary show epsr counters Table 4 Example output from the show epsr common segments command E...

Page 1388: ...data VLANs are not assigned to the ring ports The instance is a master with its secondary port on a common segment Syntax show epsr instance config check Mode User Exec and Privileged Exec Example To...

Page 1389: ...iew This command displays information about the specified EPSR instance Syntax show epsr epsr instance Mode User Exec and Privileged Exec Example To show the current settings of the EPSR instance call...

Page 1390: ...Overview This command displays counter information about the specified EPSR instance Syntax show epsr epsr instance counters Mode User Exec and Privileged Exec Example To show the counters of the EPSR...

Page 1391: ...OW EPSR COUNTERS show epsr counters Overview This command displays counter information about all EPSR instances Syntax show epsr counters Mode User Exec and Privileged Exec Example To show the counter...

Page 1392: ...put from the show epsr summary command EPSR Summary Information Abbreviations M Master node T Transit node C is on a common segment with other instances P instance on a common segment has physical con...

Page 1393: ...r GS970M Series 1393 AlliedWare Plus Operating System Version 5 4 7 0 x ETHERNET PROTECTION SWITCHED RING EPSRING COMMANDS UNDEBUG EPSR undebug epsr Overview This command applies the functionality of...

Page 1394: ...Plus Operating System Version 5 4 7 0 x RRP Snooping Commands Introduction Overview This section provides an alphabetical reference for commands used to configure the Router Redundancy Protocol RRP C...

Page 1395: ...isabled Mode Global Configuration Usage Use this command to enable the RRP Snooping feature You cannot use RRP Snooping at the same time as the following features STP RSTP or MSTP except for edge port...

Page 1396: ...ooping command The following table shows the output display for the show ip rrp snooping command Related Commands ip rrp snooping awplus show ip rrp snooping Status Enabled Vlan Master Virtual MAC Add...

Page 1397: ...C613 50163 01 Rev C Command Reference for GS970M Series 1397 AlliedWare Plus Operating System Version 5 4 7 0 x Part 7 Network Management...

Page 1398: ...only link to one other AMF node They cannot form cross links or virtual links AMF naming convention When AMF is enabled on a device it will automatically be assigned a host name If a host name has al...

Page 1399: ...backup guests synchronize on page 1424 atmf backup now on page 1425 atmf backup redundancy enable on page 1427 atmf backup server on page 1428 atmf backup stop on page 1430 atmf backup synchronize on...

Page 1400: ...tmf secure mode certificate expire on page 1481 atmf secure mode certificate expiry on page 1482 atmf secure mode certificate renew on page 1483 atmf secure mode enable all on page 1484 atmf select ar...

Page 1401: ...f links on page 1550 show atmf links detail on page 1552 show atmf links guest on page 1561 show atmf links guest detail on page 1563 show atmf links statistics on page 1567 show atmf nodes on page 15...

Page 1402: ...us Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS switchport atmf crosslink on page 1599 switchport atmf guestlink on page 1601 switchport atmf link on page 1603 t...

Page 1403: ...ode AMF Container Configuration Usage The AMF area link connects the AMF controller on a VAA host to the AMF container Once a container has been created with the atmf container command and an area lin...

Page 1404: ...LESIS MANAGEMENT FRAMEWORK AMF COMMANDS AREA LINK To remove an area link from container vac wlg 1 use the commands awplus configure terminal awplus config atmf container vac wlg 1 awplus config atmf c...

Page 1405: ...mber of areas supported on a controller depends on the license installed on that controller You must give each area in an AMF network a unique name and ID number Only one local area can be configured...

Page 1406: ...ries 1406 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AREA Related Commands atmf area password show atmf area show atmf area summary show a...

Page 1407: ...cally on both of the area that locally contains the controller and the remote AMF area masters The command show running config atmf will display the encrypted version of this password The encryption k...

Page 1408: ...ries 1408 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AREA PASSWORD Related Commands atmf area show atmf area show atmf area summary show a...

Page 1409: ...asters must be authorized by the controller and the AMF remote area masters will also need to authorized access from the AMF controller Example To authorize all AMF nodes in the pending authorization...

Page 1410: ...0M Series 1410 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AUTHORIZE show atmf secure mode certificates show atmf secure mode statistics Co...

Page 1411: ...mf authorize provision mac mac address no atmf authorize provision all Default The default timeout is 60 minutes Mode Privileged Exec Example To provisionally authorize all non secure AMF nodes use th...

Page 1412: ...PROVISION To authorize a node with a MAC address of 0000 cd28 0880 for 2 hours use the command awplus authorize provision timeout 120 mac 0000 cd28 0880 To remove all provisional authorization on an A...

Page 1413: ...o schedule backup requests to begin at 11 am and execute twice per day 11 am and 11 pm use the following command node_1 configure terminal node_1 config atmf backup 11 00 frequency 2 CAUTION File name...

Page 1414: ...a Note that this command can only be run on an AMF controller Syntax atmf backup area masters delete area area name node node name Mode Privileged Exec Example To delete the backup of the remote area...

Page 1415: ...ult Remote area backups are disabled by default Usage Use the following commands to configure the remote area master backups atmf backup to configure when the backups begin and how often they run atmf...

Page 1416: ...leged Exec Example To back up all local master nodes in all areas controlled by controller 1 use the command controller 1 atmf backup area masters now To back up all local masters in the AMF area name...

Page 1417: ...een the active remote file server and the backup remote file server Files are copied from the active server to the remote server Note that this command is only valid on AMF controllers Syntax atmf bac...

Page 1418: ...the maximum configurable speed of 1000 kBps In effect zero means unlimited Use the no variant of this command to reset to its default value of zero the maximum bandwidth in kilobytes per second kBps...

Page 1419: ...backup file from the external media of a specified AMF node Note that this command can only be run from an AMF master node Syntax atmf backup delete node name Mode Privileged Exec Example To delete th...

Page 1420: ...kup enable Default Automatic AMF backup functionality is enabled on the AMF master when it is configured and external media i e an SD card or a USB storage device or remote server is detected Mode Glo...

Page 1421: ...Syntax atmf backup guests delete node name guest port Mode User Exec Privileged Exec Example On a parent node named node1 which in this case the user has a direct console connection to usethefollowin...

Page 1422: ...disable the ability of the guest nodes to be backed up Syntax atmf backup guests enable no atmf backup guests enable Default Guest node backups are enabled by default Mode Global Config Usage We recom...

Page 1423: ...s now node name guest port Default N A Mode Privileged Exec Example Use the following command to manually trigger the backup of all guests in the AMF network awplus atmf backup guests now Example To m...

Page 1424: ...undancy backup media such as USB storage devices This facility ensures that each device contains the same backup image files Note that this backup synchronization process will occur as part of the reg...

Page 1425: ...ent backups on both masters you can apply the backup now command to the master working set This is shown in Example 4 below Example 1 In this example an AMF member has not been assigned a host name Th...

Page 1426: ...nnex and store the configuration on both masters use the following process From the AMF_master_1 set the working set to comprise only of the automatic group master nodes AMF_Master_1 atmf working set...

Page 1427: ...er supports any removable media SD card USB it uses the removable media as the redundant backup for the AMF data backup This feature is valid only if remote file servers are configured on the AMF Mast...

Page 1428: ...ommands AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 1 192 168 1 1 username backup1 Parameter Description id Remote server backup server identifier 1 2 The backup server i...

Page 1429: ...2 with a hostname and username use the command AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 2 www example com username backup2 To configure server 2 with a hostname and u...

Page 1430: ...his command separately on each master node or add both masters to a working set and issue this command to the working set Note that this command can only be run on a master node Syntax atmf backup sto...

Page 1431: ...to its backup remote file server Note that this process happens automatically each time the network is backed up Note that this command can only be run from a master node Syntax atmf backup synchroniz...

Page 1432: ...ile the backup release file license files It then reboots to put the device in a clean state ready to be used as a replacement node on a provisioned port Syntax atmf cleanup Mode Privileged Exec Usage...

Page 1433: ...onfiguration Guide for more information on running multiple tenants on a single VAA host Use the no variant of this command to remove an AMF container Syntax atmf container container name no atmf cont...

Page 1434: ...ration Guide for more information on running multiple tenants on a single VAA host Syntax atmf container login container name Mode Privileged Exec Usage If you try to login to a AMF container that has...

Page 1435: ...a valid AMF controller license is not available on the device the device will accept this command but will not act as a controller until you install a valid license The following message will warn you...

Page 1436: ...enameisupdatedusingthe bootsystemcommand Theoldrelease will become the backup release file If a release file exists in a remote device such as TFTP or HTTP for example then the URL should specify the...

Page 1437: ...se File Status Team1 x510 5 4 6 1 4 rel Release ready Team2 x610 5 4 6 1 4 rel Release ready Team3 x610 5 4 6 1 4 rel Release ready Continue the rolling reboot y n y Copying Release x510 5 4 6 1 4 rel...

Page 1438: ...ain VLANs each having the same VID and each being applied to a horizontal slice domain of the AMF It follows therefore thatthedomain VLANsare only applied to ports that form cross links and not to por...

Page 1439: ...l execute the command in parallel leave the AMF network and attempt to rejoin through the new VLAN 4 Create the working set again using the commands master config exit master atmf working set group al...

Page 1440: ...OMMANDS ATMF DOMAIN VLAN To reset the AMF domain VLAN to its default of 4091in an existing AMF network use the following commands master atmf working set group all test 10 configure terminal test conf...

Page 1441: ...s configured the AMF feature starts automatically when the device starts up Mode Global Configuration Usage The device does not auto negotiate AMF domain specific settings such as the Network Name You...

Page 1442: ...des that are configured as masters are automatically assigned to the master group Use the no variant of this command to remove the membership Syntax atmf group group list no atmf group group list Mode...

Page 1443: ...nd sales first add the nodes to the working set master_node atmf working set member_node_1 member_node_2 This command returns the following output confirming that the nodes member_node_1 and member_no...

Page 1444: ...mode discovery method model type http enable setting guest port user name and password The no variant of this command removes the guest class Note that you cannot remove a guest class that is assigne...

Page 1445: ...63 01 Rev C Command Reference for GS970M Series 1445 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF GUEST CLASS show atmf links guest show atm...

Page 1446: ...mmand to reset to the default Syntax atmf log verbose 1 3 no atmf log verbose Default The default log display is 3 Usage This command is intended for use in large networks where verbose output can mak...

Page 1447: ...all devices the same setting so they can all rejoin the AMF network Use the no variant of this command to remove the assigned subnet Syntax atmf management subnet a b 0 0 no atmf management subnet Def...

Page 1448: ...s 10 nodes test 10 3 Enter the new subnet address using the commands test 10 configure terminal test config 10 atmf management subnet a b 0 0 The nodes will execute the command in parallel leave the A...

Page 1449: ...ANAGEMENT SUBNET To reset the AMF management subnet address to its default of 172 31 0 0 in an existing AMF network use the following commands master atmf working set group all test 10 configure termi...

Page 1450: ...nd try to rejoin it The AMF network will not be complete until you have given all devices the same setting so they can all rejoin the AMF network Use the no variant of this command to restore the VID...

Page 1451: ...logging into their consoles directly NOTE The management VLAN will automatically be assigned an IP subnet address based on the value configured by the command atmf management subnet The default VLAN I...

Page 1452: ...er nodes may exist in a network and they must be connected by an AMF crosslink NOTE Master nodes are an essential component of an AMF network In order to run AMF an AMF License is required for each ma...

Page 1453: ...ode Global Configuration Usage The default value of 1300 will work for all AMF networks including those that involve virtual links over IPsec tunnels If there are virtual links over IPsec tunnels anyw...

Page 1454: ...uring an AMF master node see the command atmf master Use the no variant of this command to remove the AMF network name Syntax atmf network name name no atmf network name Mode Global Configuration Usag...

Page 1455: ...vision nodename no atmf provision Default No AMF provisioning Mode Interface Configuration for a switchport a static aggregator or a dynamic channel group Usage The port should be configured as an AMF...

Page 1456: ...ust delete it before using the atmf provision node clone command When using this command it is important to be aware of the following A copy of media atmf atmf_name nodes source_node flash will be mad...

Page 1457: ...the new provisioned node device3 Figure 41 2 Sample output from the show atmf backup command device1 atmf provision node device3 clone device2 Copying Successful operation device1 show atmf backup Sch...

Page 1458: ...ing this command to set a backup configuration file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the AMF remot...

Page 1459: ...c Usage When using this command to set a backup release file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the...

Page 1460: ...provision node clone must be executed before you can use other atmf provision node commands with the specified node name If a backup or provisioned node already exists for the specified node name then...

Page 1461: ...AMF Feature Overview and Configuration Guide Related commands atmf provision node clone device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Oct...

Page 1462: ...y want to use the atmf provision node delete command to delete a provisioned node that was created in error or that is no longer needed This command cannot be used to delete backups created by the AMF...

Page 1463: ...f provision node create device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Oct 2016 03 00 Backup Bandwidth Unlimited Backup Media USB Total 7446...

Page 1464: ...copy of the certificate file is deleted from AMF backup media Use the no variant of this command to set it back to the default This command can only be run on AMF master nodes Syntax atmf provision n...

Page 1465: ...tmf provision nodes command Related commands show atmf provision nodes device1 show atmf provision nodes ATMF Provisioned Node Information Backup Media SD Total 3827 0MB Free 3481 1MB Node Name device...

Page 1466: ...in the command has already been set up Otherwise an error message is shown when the command is run NOTE We advise that after running this command you return to a known working directory typically flas...

Page 1467: ...reboot the next node in the sequence This command can take a significant amount of time to complete Syntax atmf reboot rolling force url Mode Privileged Exec Usage You can load the software from a va...

Page 1468: ...pecify the exact release filename without using wild card characters On bootup the software release is verified Should an upgrade fail the upgrading unit will revert back to its previous software vers...

Page 1469: ...am3 Working set join ATMF_NETWORK 3 atmf reboot rolling ATMF Rolling Reboot Nodes Timeout Node Name Minutes SW_Team1 14 SW_Team2 8 SW_Team3 8 Continue the rolling reboot y n y ATMF Rolling Reboot Rebo...

Page 1470: ...olling Reboot Nodes Timeout Node Name Minutes New Release File Status SW_Team1 8 x510 5 4 6 0 1 rel Release Ready SW_Team2 10 x510 5 4 6 0 1 rel Release Ready SW_Team3 8 Not Supported HW_Team1 6 Incom...

Page 1471: ...vice will poll all known AMF masters and controllers and execute an election process based on the last successful backup and its timestamp to determine which to use If no valid backup master or contro...

Page 1472: ...rsion 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF RECOVER Example To recover the AMF node named Node_10 from the AMF master node named Master_2 use the following command Master_2 a...

Page 1473: ...ment by reloading its backup file set that is located within the AMF backup system Note that this command must be run on the edge node device that connects to the guest node Syntax atmf recover guest...

Page 1474: ...unction to their normal operational mode and in doing so assists with resolving the recovery problem You can repeat this process until the recovery failure has been resolved For more information see t...

Page 1475: ...ser account that does not exist on the second node provided that atmf restricted login is disabled and the user account on the first node has privilege level 15 Moreover it is possible to use a RADIUS...

Page 1476: ...ession on Node20 and return to Node10 s command line use the following command Node20 exit Node10 In this example user User1 is a valid user of node5 They can remotely login from node5 to node3 by usi...

Page 1477: ...ork This allows access to the atmf working set command from any node in the AMF network Syntax atmf restricted login no atmf restricted login Mode Privileged Exec Default Master nodes operate with atm...

Page 1478: ...eference for GS970M Series 1478 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF RESTRICTED LOGIN Command changes Version 5 4 6 2 1 changes to A...

Page 1479: ...F network Use the no variant of this command to disable AMF secure mode on an AMF node Syntax atmf secure mode no atmf secure mode Default Secure mode is disabled by default Mode Global Configuration...

Page 1480: ...ESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF SECURE MODE clear atmf secure mode certificates clear atmf secure mode statistics show atmf show atmf authorization show atmf secure mode show atmf secure m...

Page 1481: ...vileged Exec Example To remove an AMF node named node3 from an AMF network use the following command on the AMF master awplus atmf secure mode certificate expire node3 To remove an AMF node named node...

Page 1482: ...obal Configuration Example To set AMF secure mode certificate expiry to 7 days use the commands awplus configure terminal awplus config atmf secure mode certificate expiry 7 To set AMF secure mode cer...

Page 1483: ...network Secure mode certificates renew automatically but this command could be used to renew a certificate in a situation where the automatic renewal may happen while the device is not attached to th...

Page 1484: ...nt of this command to disable AMF secure mode on an entire network Syntax atmf secure mode enable all no atmf secure mode enable all Default Secure mode is disabled by default Mode Privileged Exec Usa...

Page 1485: ...that ticks every 10 seconds for a maximum of 10 times and checks if all the secure mode capable nodes rejoin the AMF network NOTE Enabling or disabling secure mode on the network saves the running con...

Page 1486: ...e Privileged Exec Usage After running this command use the atmf working set command to select the set of nodes you want to access in the remote area Example To access nodes in the area Canterbury use...

Page 1487: ...s command allows a virtual tunnel to be created between two remote sites over a layer 3 link The tunnel encapsulates AMF packets and allows them to be sent transparently across a Wide Area Network WAN...

Page 1488: ...f virtual crosslink id 10 ip 192 168 200 1 remote id 5 remote ip 192 168 100 1 To remove this virtual crosslink run the following commands on the local site siteA configure terminal siteA config no at...

Page 1489: ...r If the tunnel is configured to connect a head office and branch office over the Internet typically this would involve using some type of managed WAN service such as a site to site VPN Tunnels are on...

Page 1490: ...92 168 1 1 remote id 2 remote ip 192 168 2 1 Node_20 config atmf virtual link id 2 ip 192 168 2 1 remote id 1 remote ip 192 168 1 1 Example 2 To set up an area virtual link to a remote site assuming I...

Page 1491: ...nything other than the local device the prompt will change to the AMF network name followed by the size of the working set shown in square brackets This command has to be run at privilege level 15 In...

Page 1492: ...ing set use the command node1 atmf working set group all NOTE This command adds the implicit group all to the working set where all comprises all nodes in the AMF This command displays an output scree...

Page 1493: ...the no variant of this command to remove a bridge group from an AMF container Syntax bridge group bridge id no bridge group Mode AMF Container Configuration Usage Each container has two virtual interf...

Page 1494: ...OMMANDS CLEAR ATMF LINKS STATISTICS clear atmf links statistics Overview This command resets the values of all AMF link port and global statistics to zero Syntax clear atmf links statistics Mode Privi...

Page 1495: ...atmf secure mode certificates If this is the only master on the network you will see the following warning On an AMF member you will see the following message Related Commands atmf authorize atmf sec...

Page 1496: ...ear atmf secure mode statistics Overview Use this command to reset all secure mode statistics to 0 Syntax clear atmf secure mode statistics Mode Privileged Exec Example To reset the AMF secure mode st...

Page 1497: ...rosslink arealink database neighbor error all Default All debugging facilities are disabled Mode User Exec and Global Configuration Usage If no additional parameters are specified then the command out...

Page 1498: ...613 50163 01 Rev C Command Reference for GS970M Series 1498 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS DEBUG ATMF Related Commands no debug all...

Page 1499: ...l 1 both Tx and Rx a timeout of 60 seconds with no filters applied NOTE An alias to the no variant of this command undebug atmf can be found elsewhere in this chapter Mode User Exec and Global Configu...

Page 1500: ...ifname Interface port or virtual link pkt type Sets the filter on packets with a particular AMF packet type 1 Crosslink Hello BPDU packet with crosslink links information Enter 1 to select this packe...

Page 1501: ...KET To enable send and receive 500 packets only on vlink1 for packet types 1 7 and 11 use the command node_1 debug atmf packet num pkts 500 filter interface vlink1 pkt type 1 7 11 This example applies...

Page 1502: ...itchport atmf guestlink command to separately assign an individual switch port to each of the guest nodes The MAC addresses of each of the guests of that class can then be learned from ARP or Neighbor...

Page 1503: ...MF COMMANDS DISCOVERY Example 2 To return the discovery method for the guest class TQ4600 1 to its default of dynamic use the following commands Node1 conf t Node1 config atmf guest class TQ4600 1 Nod...

Page 1504: ...VAA host See the AMF Feature Overview and Configuration Guide for more information on running multiple tenants on a single VAA host Use the no variant of this command to remove the description from an...

Page 1505: ...e the backup release file license files The device is then rebooted and returned to its factory default condition The device can then be used for AMF automatic node recovery Syntax erase factory defau...

Page 1506: ...port number no http enable Default http enable is off If http enable is selected without a port parameter the port number will default to 80 Mode ATMF Guest Configuration Mode Example 1 To enable HTT...

Page 1507: ...ce for GS970M Series 1507 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS HTTP ENABLE Related Commands atmf guest class switchport atmf guestlink sh...

Page 1508: ...ype tq to the guest class called tq_device use the following commands node1 conf t node1 config atmf guest class tq_device node1 config atmf guest modeltype tq node1 config atmf guest end Example 2 To...

Page 1509: ...Started with AlliedWare Plus Feature Overview and Configuration Guide Example 1 To show summary information on AMF node_1 use the following command node_1 show atmf summary Example 2 To show informati...

Page 1510: ...node_1 show atmf tech Table 2 Output from the show atmf session command node_1 show atmf session CLI Session Neighbors Session ID 73518 Node Name node_1 PID 7982 Link type Broadcast cli MAC Address 0...

Page 1511: ...MAC 0014 2299 137d Parent Domain Parent Domain Controller Parent Domain Controller MAC 0000 0000 0000 Number of Domain Events 0 Crosslink Ports Blocking 0 Uplink Ports Waiting on Sync 0 Crosslink Seq...

Page 1512: ...N The VLAN created for traffic between Nodes of different domain up down links VLAN ID In this example VLAN 4092 is configured as the Management VLAN Management Subnet Network prefix for the subnet Ma...

Page 1513: ...troller 1 show atmf area The following figure shows example output from running this command on a controller The following figure shows example output from running this command on a remote master Para...

Page 1514: ...ea has not been established This could meanthat a port or vlan is down or that inconsistent VLANs have been configured using the switchport atmf arealink remote area command N A for the area of the co...

Page 1515: ...w atmf area summary show atmf area nodes show atmf area nodes detail Table 8 Output from the show atmf area detail command controller 1 show atmf area detail ATMF Area Detail Information Controller di...

Page 1516: ...The area name for guest information node name The name of the node that connects to the guests main building Area Guest Node Information Device MAC IP IPv6 Type Address Parent Port Address 0008 5d10...

Page 1517: ...970M Series 1517 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF AREA GUESTS Related Commands show atmf area show atmf area nodes show atm...

Page 1518: ...etail northern node1 Output Figure 41 9 Example output from the show atmf guest detail command Parameter Description area name The name assigned to the AMF area An area is an AMF network that is under...

Page 1519: ...rt number on the parent node Guest Description A brief description of the guest node as manually entered into the description interface command for the guest node port on the parent node Device Type T...

Page 1520: ...Example To show summarized information about all the nodes the controller is aware of use the command controller 1 show atmf area nodes The following figure shows partial example output from running t...

Page 1521: ...des detail ATMF Master Whether the node is an AMF master node for its area Y if it is and N if it is not SC The device configuration one of C Chassis SBx8100 series S Stackable VCS or N Standalone Par...

Page 1522: ...Example To show information about all the nodes the controller is aware of use the command controller 1 show atmf area nodes detail The following figure shows partial example output from running this...

Page 1523: ...from the show atmf area nodes detail command Parameter Definition Node name The name assigned to a particular node Parent node name The node to which the current node has an active uplink Domain id Bo...

Page 1524: ...f area summary The following figure shows example output from running this command Related Commands show atmf area show atmf area nodes show atmf area nodes detail Parameter Description area name Disp...

Page 1525: ...y AMF nodes which are requesting authorization on an AMF controller or AMF master use the command awplus show atmf authorization pending To display AMF nodes which have provisional authorization use t...

Page 1526: ...authorization Authorization expiry time is set using atmf secure mode certificate expiry Pending Authorizations NZ Requests Node Name Product Parent Node Interface area_1_node_3 x210 9GT master_1 por...

Page 1527: ...mf show atmf secure mode show atmf secure mode certificates Command changes Version 5 4 7 0 3 command added Table 41 3 Parameters in the output from show atmf authorization provisional Parameter Descr...

Page 1528: ...n logs Displays detailed log information server status Displays connectivity diagnostics information for each configured remote file server synchronize Display the file server synchronization status l...

Page 1529: ...up logs Backup Redundancy Enabled Local media SD Total 3788 0MB Free 1792 8MB State Inactive Remote file server is not available Log File Location card atmf ATMF logs rsync_ node name log Node Name Lo...

Page 1530: ...be a combination of either Idle Starting Doing Stopping or manual scheduled Started The date and time that the currently executing task was initiated in the format DD MMM YYYY HH MM Current Node The n...

Page 1531: ...ssues note that the backup may still be deemed successful depending on the errors Stopped meaning that the backup attempt was manually aborted Good meaning that the backup was completed successfully I...

Page 1532: ...e master nodes in one or more areas Note that this command is only available on AMF controllers Syntax show atmf backup area area name node name logs Mode Privileged Exec Example To show information a...

Page 1533: ...Time 15 Oct 2016 04 30 Backup Bandwidth Unlimited Backup Media FILE SERVER 1 Total 128886 5MB Free 26234 2MB Server Config 1 Configured Mounted Active Host 10 37 74 1 Username root Path tftpboot backu...

Page 1534: ...st status use the command x930 master show atmf backup guest Output Figure 41 13 Example output from show atmf backup guest Parameter Description node name The name of parent guest node guest port The...

Page 1535: ...2 21 46 Good USB 19 Jan 2016 22 21 46 Good Table 41 1 Parameters in the output from show atmf backup guest Parameter Description Guest Backup The status of the guest node backup process Scheduled Back...

Page 1536: ...a single VAA host See the AMF Feature Overview and_Configuration Guide for more information on running multiple tenants on a single VAA host Syntax show atmf container detail container name Mode Priv...

Page 1537: ...te command Memory The amount of memory the container is using on the VAA host CPU The percentage of CPU time the container is using on the VAA at the time the show command is run awplus show atmf cont...

Page 1538: ...AMF management IP address CPU use The CPU usage of the container since it was enabled Memory use Container memory usage Link Each container has two links 1 An AMF area link this connects the containe...

Page 1539: ...ut screen from this command is shown below Parameter Description detail Displays output in greater depth atmf 1 show atmf detail ATMF Detail Information Network Name Test_network Network Mtu 1300 Node...

Page 1540: ...AMF root node Domain State The state of Node in a Domain in AMF network as Controller Backup Recovery State The AMF node recovery status Indicates whether a node recovery is in progress on this devic...

Page 1541: ...of these groups Syntax show atmf group user defined automatic Default All groups are displayed Mode Privileged Exec Example 1 To display group membership of node2 use the following command node2 show...

Page 1542: ...ion master poe x8100 node1 node2 node3 node4 node5 node6 ATMF group information sysadmin x8100 AMF_NETWORK 6 Table 43 Sample output from the show atmf group command for a working set AMF_NETWORK 6 sho...

Page 1543: ...ers based on their own criteria which can be used to select groups of nodes Syntax show atmf group members user defined automatic Mode Privileged Exec Example To display group membership of all nodes...

Page 1544: ...le 46 Parameter definitions from the show atmf group members command Parameter Definition Automatic Groups Lists the Automatic Groups and their nodal composition The sample output shows AMF nodes base...

Page 1545: ...e command awplus show atmf guests Output Figure 41 17 Example output from the show atmf guests command master show atmf guests Guest Information Device Device Parent Guest IP IPv6 Name Type Node Port...

Page 1546: ...tmf guestlink show atmf backup guest show atmf links guest Parent Node The name of the AMF node that directly connects to the guest node Guest Port The port on the parent node that directly connects t...

Page 1547: ...and specify the node name or show atmf links guest detail which shows information about the guest nodes and also about their link to their parent node Note that the parameters that are displayed depe...

Page 1548: ...t is discovered from the device or failing that auto assigned by AMF The auto assigned name consists of parent node name attached port number You can change this by configuring a description on the po...

Page 1549: ...nce for GS970M Series 1549 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF GUESTS DETAIL Related Commands atmf guest class switchport atmf...

Page 1550: ...mf links brief Figure 41 19 Example output from show atmf links brief Parameter Description brief A brief summary of AMF links their configuration and status Example core show atmf links ATMF Link Bri...

Page 1551: ...od to ensure link is stable Incompatible Neighbor rejected the link because of inconsistency in AMF configurations OneWay Link is up and has waited the hold down period and now attempting to link to a...

Page 1552: ...detail The output from this command will display all the internal data held for AMF links The following example gives details of the links that are summarized in the example in show atmf links Paramet...

Page 1553: ...4610 Example core 4610 Transaction ID 2 2 MAC Address eccd 6dd1 64d0 0000 cd37 054b Link State Full Full Domain Nodes Tree Node Building A Links on Node 1 Link 0 Building A 4630 Example core 4630 Forw...

Page 1554: ...de Depth 0 Transaction ID 6 Flags 32 Domain Controller Domain Controller MAC 0000 0000 0000 Downlink Domain Information Domain Dept A s domain Domain Controller Dept A Domain Controller MAC eccd 6d20...

Page 1555: ...st Domain Dorm D s domain Node Building A Ifindex 0 Transaction ID 20 Flags 32 Domain Dorm D s domain Node Building B Ifindex 0 Transaction ID 20 Flags 32 Domain Dorm D s domain Node Example core Ifin...

Page 1556: ...cent MAC eccd 6ddf 6cdf Adjacent Domain Controller Dorm D Adjacent Domain Controller MAC 0000 cd37 082c Port Forwarding State Forwarding Port BPDU Receive Count 95 Port Sequence Number 11 Port Adjacen...

Page 1557: ...wn Link has been shut down by user configuration Port BPDU Receive Count The number of AMF protocol PDU s received Adjacent Node Name The name of the adjacent node connected to this node Adjacent Ifin...

Page 1558: ...ier for the neighbor in crosslink Flags Used in domain messages to exchange the state ATMF_DOMAIN_FLAG_DOWN 0 ATMF_DOMAIN_FLAG_UP 1 ATMF_DOMAIN_FLAG_BLOCK 2 ATMF_DOMAIN_FLAG_NOT_PRESENT 4 ATMF_DOMAIN_...

Page 1559: ...Virtual router id for the local port Port Status Shows status of the local port on the Node as UP DOWN Port State AMF state of the local port Adjacent Node nodename of the adjacent node Adjacent Inter...

Page 1560: ...d Reference for GS970M Series 1560 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF LINKS DETAIL Related Commands no debug all clear atmf l...

Page 1561: ...ation about AMF guests that are connectible from node1 use the command node1 show atmf links guest Output Figure 41 20 Example output from show atmf links guest Parameter Description interface interfa...

Page 1562: ...chport atmf guestlink show atmf backup guest Model Type The model type of the guest node as entered by the modeltype command Can be one of the following alliedware aw tq other DC The discovery method...

Page 1563: ...t Display details for all ports with guest nodes connected Mode User Exec Privileged Exec Usage Use this command to display the guest nodes connected to a single parent node If you want to see a list...

Page 1564: ...on node1 1 0 17 Firmware Version 3 2 1 A02 Table 41 2 Parameters in the output from show atmf links guest detail Parameter Description Interface The port on the parent node that connects to the guest...

Page 1565: ...e is in the process of retrieving any other available information from the guest firmware version etc The information available depends on what device the guest node is Full The AMF device has retriev...

Page 1566: ...p guest Serial Number The serial number of the guest node Firmware Name The name of the firmware operating on the guest node Firmware Version The version of the firmware operating on the guest node HT...

Page 1567: ...evice1 show atmf links statistics Parameter Description interface Specifies that the command applies to a specific interface port or range of ports Where both the interface and port number are unspeci...

Page 1568: ...checksum or type Type7 0 Incarnation is not possible with the data received Type8 0 Discard crosslink hello received not correct state Type9 0 Discard crosslink domain hello received on non crosslink...

Page 1569: ...no debug all clear atmf links statistics show atmf device1 show atmf links statistics interface port1 0 5 ATMF Port Statistics Transmit Receive port1 0 5 Crosslink Hello 231 232 port1 0 5 Crosslink He...

Page 1570: ...other improvements Syntax show atmf nodes guest all Mode Privileged Exec Usage You can use this command to display one of three sets of nodes all nodes except guest nodes by specifying show atmf nodes...

Page 1571: ...e at the end node1 show atmf nodes all Node and Guest Information Local device SC Switch Configuration C Chassis S Stackable N Standalone G Guest Node Guest Device ATMF Parent Node Name Type Master SC...

Page 1572: ...nd is run Example To show the details of all the provisioned nodes in the backup use the command NodeName show atmf provision nodes Figure 41 24 Sample output from the show atmf provision nodes comman...

Page 1573: ...secure mode Output Figure 41 25 Example output from show atmf secure mode on an AMF master Figure 41 26 Example output from show atmf secure mode on an AMF node ATMF Secure Mode Secure Mode Status En...

Page 1574: ...icate Expiry Certificate expiry time Set with atmf secure mode certificate expiry Certificates Total Total number of certificates Certificates Revoked Certificates that have been revoked by the AMF ma...

Page 1575: ...arning The default username and password is enabled Good SNMP V1 or V2 is disabled Warning Telnet server is enabled Good ATMF is enabled Secure Mode is on Good ATMF Topology GUI is disabled No trustpo...

Page 1576: ...MF secure mode link audits for a node use the command awplus show atmf secure mode audit link Output Figure 41 28 Example output from show atmf secure mode audit link Related Commands show atmf show a...

Page 1577: ...AMF secure mode certificates for a node named area_2_node_1 in an area named area 2 use the command awplus show atmf secure mode certificates detail area area 2 node area_2_node_1 Output Figure 41 29...

Page 1578: ...AMF commands Valid statuses are Active Revoked and Rejected Certificates Detail area_2_node_1 area area 2 MAC Address 0000 cd37 0003 Status Active Serial Number A24SC8001 Product x510 28GTX Key Finge...

Page 1579: ...ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF SECURE MODE CERTIFICATES Related Commands atmf authorize atmf secure mode atmf secure mode certificate expire atmf secure mode certificate re...

Page 1580: ...aster or member node use the command awplus show atmf secure mode sa detail neighbor Output Figure 41 31 Example output from show atmf secure mode sa Parameter Description detail Display detailed secu...

Page 1581: ...eccd 6d82 6c16 Flags 000003c0 Id 83 40000053 Type Neighbor Gateway State Complete Remote MAC Address 001a eb54 e53b Flags 000003c0 Id 175 400000af Type Neighbor Gateway State Complete Remote MAC Addr...

Page 1582: ...ller master neighbor relationship Broadcast SA for working set broadcast requests State Current state of the Security Association The state must be Complete before a member node is trusted and can be...

Page 1583: ...ple To display AMF secure mode statistics on a master or member node use the command awplus show atmf secure mode statistics Output Figure 41 33 Example output from show atmf secure mode statistics on...

Page 1584: ...re mode atmf secure mode certificate renew clear atmf secure mode statistics show atmf secure mode Command changes Version 5 4 7 0 3 command added ATMF Secure Mode Statistics Local Certificates Valid...

Page 1585: ...how atmf tech Table 42 Sample output from the show atmf tech command node1 show atmf tech ATMF Summary Information ATMF Status Enabled Network Name ATMF_NET Node Name node1 Role Master Current ATMF No...

Page 1586: ...igned to the node within the AMF network Role The role configured on the device within the AMF either master or member Current ATMF Nodes A count of the AMF nodes in the AMF network Node Address The i...

Page 1587: ...et address used for this traffic Domain IP Address the IP address allocated for this traffic Domain Mask the Netmask used to create a subnet for this traffic 255 255 128 0 prefix 17 Device Type Shows...

Page 1588: ...nnects to a virtual link The first link has the IP address 192 168 1 1 and has a Local ID of 1 The second has the IP address 192 168 2 1 and has the Local ID of 2 Example 2 To display AMF virtual link...

Page 1589: ...named vlink1 equivalent to an L2TP tunnel Local ID The local ID of the virtual link This matches the vlink number State The operational state of the vlink either Up or Down This state is always displa...

Page 1590: ...nd displays the nodes that form the current AMF working set Syntax show atmf working set Mode Privileged Exec Example To show current members of the working set use the command ATMF_NETWORK 6 show atm...

Page 1591: ...f Mode User Exec and Global Configuration Example To display the AMF debugging status use the command node_1 show debugging atmf Figure 41 35 Sample output from the show debugging atmf command Related...

Page 1592: ...y the AMF packet debugging status use the command node_1 show debug atmf packet Figure 41 36 Sample output from the show debugging atmf packet command Related Commands debug atmf debug atmf packet Tab...

Page 1593: ...splays the running system information that is specific to AMF Syntax show running config atmf Mode User Exec and Global Configuration Example To display the current configuration of AMF use the follow...

Page 1594: ...is disabled Mode AMF Container Configuration Usage The first time the state enable command is executed on a container it assigns the container to an area and configures it as an AMF master This is ac...

Page 1595: ...ner vac wlg 1 use the commands awplus configure terminal awplus config atmf container vac wlg 1 awplus config atmf container state enable To stop the AMF container vac wlg 1 use the commands awplus co...

Page 1596: ...s are not visible to AMF networks Mode Interface mode for a switch port Note that the link between the x600 and the AMF network must be a single link not an aggregated link Usage The x600 Series switc...

Page 1597: ...group Usage Run this command on the port or aggregator at both ends of the link Each area must have the area name configured and the same area password must exist on both ends of the link Running this...

Page 1598: ...or GS970M Series 1598 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SWITCHPORT ATMF AREALINK REMOTE AREA Related Commands atmf area atmf area pass...

Page 1599: ...st for the selected port or aggregated link Syntax switchport atmf crosslink no switchport atmf crosslink Mode Interface Configuration for a switchport a static aggregator or a dynamic channel group U...

Page 1600: ...gure terminal Node_1 config interface sa1 Node_1 config if switchport atmf crosslink Node_1 config if switchport trunk allowed vlan add 2 Node_1 config if switchport trunk native vlan none In this exa...

Page 1601: ...configure switch port 1 0 44 to be a guest link that will connect to a guest node having a guest class of camera and an IPv4 address of 192 168 3 3 use the following commands node1 configure terminal...

Page 1602: ...tlink node1 config if end Example 4 To configure switch ports 1 0 52 to 1 0 54 to be guest links for the guest class camera use the following commands node1 configure terminal node1 config int port1 0...

Page 1603: ...el group Usage Up down links and virtual links interconnect domains in a vertical hierarchy with the highest domain being the core domain In effect they form a tree of interconnected AMF domains This...

Page 1604: ...e leave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set node1 atmf working set group all This command returns...

Page 1605: ...d returns the following display node1 TR Type Details Description Ac Te Tr Repeat Scr Days Date 001 Periodic 2 min Periodic Status Chk Y N Y Continuous 1 smtwtfs 005 ATMF node leave E mail on ATMF Exi...

Page 1606: ...3 50163 01 Rev C Command Reference for GS970M Series 1606 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS TYPE ATMF NODE Related Commands show trigg...

Page 1607: ...ence for GS970M Series 1607 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS UNDEBUG ATMF undebug atmf Overview This command is an alias for the no v...

Page 1608: ...has the guest class of phone1 use the following commands node1 conf t node1 config amf guest class phone1 node1 config atmf guest username reception password secret node1 config atmf guest end Example...

Page 1609: ...50163 01 Rev C Command Reference for GS970M Series 1609 AlliedWare Plus Operating System Version 5 4 7 0 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS USERNAME show atmf links guest show atmf no...

Page 1610: ...of commands used to configure management stacking For introductory information about management stacking in AlliedWare Plus including overview and configuration information see the Management Stacking...

Page 1611: ...other nodes in the management stack Syntax mstack command node no mstack command node Mode Global Config Usage A management stacking command node has to be present for a management stack to form Only...

Page 1612: ...ing configured Use the no variant of this command to disable turn off the management stacking feature on the node Syntax mstack enable no mstack enable Mode Global Configuration Usage To use managemen...

Page 1613: ...turned to the originating node The software will not allow you to run multiple remote login sessions You must exit an existing session before starting a new one In the remote login command the hostnam...

Page 1614: ...em Version 5 4 7 0 x MANAGEMENT STACKING COMMANDS MSTACK REMOTE LOGIN Example 2 In this example user whitney is a valid user of command node and node3 She can remotely login from command node to node3...

Page 1615: ...des Mode Privileged Exec Example To display management stacking information for all nodes in the management stack use the command command node show mstack nodes Figure 42 1 Sample output from the show...

Page 1616: ...this command to remove any mstack link that may exist for the selected link Syntax switchport mstack link no switchport mstack link Mode Interface Configuration Usage Running this command will automat...

Page 1617: ...ation on filtering and saving command output see the Getting Started with AlliedWare_Plus Feature Overview and Configuration Guide Command List ntp access group deprecated on page 1618 ntp authenticat...

Page 1618: ...Series 1618 AlliedWare Plus Operating System Version 5 4 7 0 x NTP COMMANDS NTP ACCESS GROUP DEPRECATED ntp access group deprecated Overview This command has been deprecated in Software Version 5 4 6...

Page 1619: ...to authenticate the associations with other systems for security purposes The no variant of this command disables NTP authentication Syntax ntp authenticate no ntp authenticate Mode Global Configurat...

Page 1620: ...an MD5 authentication key number 134343 and a key value mystring use the commands awplus configure terminal awplus config ntp authentication key 134343 md5 mystring To disable the authentication key...

Page 1621: ...broadcastdelay delay no ntp broadcastdelay Default 0 microsecond offset which can only be applied with the no variant of this command Mode Global Configuration Examples To set the estimated round trip...

Page 1622: ...e 192 168 1 0 16 subnet if they arrive more frequently than every 5 seconds and also send kiss of death messages use the commands awplus configure terminal awplus config ntp discard minimum 5 awplus c...

Page 1623: ...192 0 2 23 awplus configure terminal awplus config ntp peer 192 0 2 23 awplus config ntp peer 192 0 2 23 prefer awplus config ntp peer 192 0 2 23 prefer version 4 awplus config ntp peer 192 0 2 23 pre...

Page 1624: ...plus config ntp peer 2001 0db8 010d 1 prefer awplus config ntp peer 2001 0db8 010d 1 prefer version 4 awplus config ntp peer 2001 0db8 010d 1 prefer version 4 key 1234 awplus config ntp peer 2001 0db8...

Page 1625: ...address Apply this restriction to the specified IPv4 or IPv6 host Enter an IPv4 address in the format A B C D Enter an IPv6 address in the format X X X X host subnet Apply this restriction to the spe...

Page 1626: ...2 0 2 1 and the subnet 192 168 1 0 16 to authenticate NTP sessions with this device use the commands awplus configure terminal awplus config ntp restrict 192 0 2 1 notrust awplus config ntp restrict 1...

Page 1627: ...us config ntp server 192 0 1 23 awplus config ntp server 192 0 1 23 prefer awplus config ntp server 192 0 1 23 prefer version 4 awplus config ntp server 192 0 1 23 prefer version 4 key 1234 awplus con...

Page 1628: ...2 awplus config ntp server 2001 0db8 010e 2 prefer awplus config ntp server 2001 0db8 010e 2 prefer version 4 awplus config ntp server 2001 0db8 010e 2 prefer version 4 key 1234 awplus config ntp serv...

Page 1629: ...d using this command is matched to the interface When selecting a source IP address to use for NTP messages to the peer if the configured NTP client source IP address is unavailable then default behav...

Page 1630: ...configure the NTP source interface with the IPv6 address 2001 0db8 010e 2 enter the commands awplus configure terminal awplus config ntp source 2001 0db8 010e 2 To remove a configured address for the...

Page 1631: ...edWare Plus Operating System Version 5 4 7 0 x NTP COMMANDS NTP TRUSTED KEY DEPRECATED ntp trusted key deprecated Overview This command has been deprecated in Software Version 5 4 6 1 1 Please use the...

Page 1632: ...GS970M Series 1632 AlliedWare Plus Operating System Version 5 4 7 0 x NTP COMMANDS SHOW COUNTER NTP DEPRECATED show counter ntp deprecated Overview From version 5 4 6 1 x onwards this command has been...

Page 1633: ...05 256 377 27 144 0 775 0 193 system peer backup candidate outlier x false ticker Table 2 Parameters in the output from the show ntp associations command Parameter Description system peer The peer tha...

Page 1634: ...r when When last polled seconds ago h hours ago or d days ago poll Time between NTP requests from the device to the server reach An indication of whether or not the NTP server is responding to request...

Page 1635: ...stricted 0 rate limited 0 KoD responses 0 processed for time 306 Table 43 1 Parameters in the output from show ntp counters Parameter Description uptime How long NTP has been running since it was last...

Page 1636: ...atch any restrict statements in the NTP restrictions NTP drops these packets See the command ntp restrict for more information rate limited The number of packets dropped because the packet rate exceed...

Page 1637: ...uplicate 0 bad header 0 kod received 0 Table 43 2 Parameters in the output from show ntp counters associations Parameter Description Peer An NTP peer or server that the device is associated with sent...

Page 1638: ...er The number of packets where one or more header fields are invalid kod received The number of Kiss of Death packets received from the peer KoD packets indicate that this device is sending NTP packet...

Page 1639: ...show ntp status For information about the output displayed by this command see ntp org Figure 43 3 Example output from the show ntp status command awplus show ntp status associd 0 status 061b leap_non...

Page 1640: ...ommand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug snmp on page 1642 show counter snmp server on page 1643 show debugging snmp on pa...

Page 1641: ...neID local reset on page 1666 snmp server group on page 1667 snmp server host on page 1669 snmp server legacy ifadminstatus on page 1671 snmp server location on page 1672 snmp server source interface...

Page 1642: ...nmp detail To start SNMP debugging showing all SNMP debugging information use the command awplus debug snmp all Related Commands show debugging snmp terminal monitor undebug snmp Parameter Description...

Page 1643: ...mple output from the show counter snmp server command SNMP SERVER counters inPkts 11 inBadVersions 0 inBadCommunityNames 0 inBadCommunityUses 0 inASNParseErrs 0 inTooBigs 0 inNoSuchNames 0 inBadValues...

Page 1644: ...ved SNMP Messages inTooBigs The number of SNMP PDUs received by the SNMP agent where the value of the error status field is tooBig This is sent by an SNMP manager to indicate that an exception occurre...

Page 1645: ...e SNMP agent has sent outTooBigs The number of SNMP PDUs that the SNMP agent has generated with the value tooBig in the error status field This is sent to the SNMP manager to indicate that an exceptio...

Page 1646: ...MP agent s window UnknownUserNames The number of received packets that the SNMP agent has dropped because they referenced an unknown user UnknownEngineIDs The number of received packets that the SNMP...

Page 1647: ...iew This command displays whether SNMP debugging is enabled or disabled Syntax show debugging snmp Mode User Exec and Privileged Exec Example To display the status of SNMP debugging use the command aw...

Page 1648: ...leged Exec Example To display the current configuration of SNMP on your device use the command awplus show running config snmp Output Figure 44 3 Example output from the show running config snmp comma...

Page 1649: ...x show snmp server Mode Privileged Exec Example To display the status of the SNMP server use the command awplus show snmp server Output Figure 44 4 Example output from the show snmp server command Rel...

Page 1650: ...ies configured on the device SNMP communities are specific to v1 and v2c Syntax show snmp server community Mode Privileged Exec Example To display the SNMP server communities use the command awplus sh...

Page 1651: ...x show snmp server group Mode Privileged Exec Example To display the SNMP groups configured on the device use the command awplus show snmp server group Output Figure 44 6 Example output from the show...

Page 1652: ...he SNMP server users and is used with SNMP version 3 only Syntax show snmp server user Mode Privileged Exec Example To display the SNMP server users configured on the device use the command awplus sho...

Page 1653: ...the SNMP server views and is used with SNMP version 3 only Syntax show snmp server view Mode Privileged Exec Example To display the SNMP server views configured on the device use the command awplus sh...

Page 1654: ...gregation e g sa2 po2 To specify where notifications are sent use the snmp server host command To configure the device globally to send other notifications use the snmp server enable trap command Exam...

Page 1655: ...d Reference for GS970M Series 1655 AlliedWare Plus Operating System Version 5 4 7 0 x SNMP COMMANDS SNMP TRAP LINK STATUS Related Commands show interface snmp trap link status suppress snmp server ena...

Page 1656: ...is started when the first link status notification of a particular type linkUp or linkDown is sent for an interface If the threshold number of notifications of this type is sent before the timerreache...

Page 1657: ...7 0 x SNMP COMMANDS SNMP TRAP LINK STATUS SUPPRESS To disable the suppression link status notifications for port 1 0 2 use following commands awplus configure terminal awplus config interface port1 0...

Page 1658: ...ipv6 no snmp server ip ipv6 Default By default the SNMP agent is enabled for both IPv4 and IPv6 If neither the ip parameter nor the ipv6 parameter is specified for this command then SNMP is enabled o...

Page 1659: ...Version 5 4 7 0 x SNMP COMMANDS SNMP SERVER Related Commands show snmp server show snmp server community show snmp server user snmp server community snmp server contact snmp server enable trap snmp s...

Page 1660: ...no snmp server community community name view view name access list Mode Global Configuration Example The following command creates an SNMP community called public with read only access to all MIB var...

Page 1661: ...his command removes the contact information from the system Syntax snmp server contact contact info no snmp server contact Mode Global Configuration Example To set the system contact information to su...

Page 1662: ...ode Global Configuration Usage This command cannot be used to enable link status notifications globally To enable link status notifications for particular interfaces use the snmp trap link status comm...

Page 1663: ...awplus config snmp server enable trap atmfnode To enable the device to send MAC address Thrash Limiting traps use the following commands awplus configure terminal awplus config snmp server enable trap...

Page 1664: ...the current engine ID is also system generated Syntax snmp server engineID local engine id default no snmp server engineID local Mode Global Configuration Usage All devices must have a unique engine I...

Page 1665: ...onfig snmp server engineid local asdgdfh231234d awplus config exit awplus show snmp server SNMP Server Enabled IP Protocol IPv4 SNMPv3 Engine ID configured name asdgdfh231234d SNMPv3 Engine ID actual...

Page 1666: ...Pv3 engine ID by resetting the SNMPv3 engine If the current engine ID is user defined usethe snmp server engineID local command to set SNMPv3 engineID to a system generated value Syntax snmp server en...

Page 1667: ...mp server group groupname auth noauth priv Mode Global Configuration Examples To add SNMP group for ordinary users user the following commands awplus configure terminal awplus config snmp server group...

Page 1668: ...C Command Reference for GS970M Series 1668 AlliedWare Plus Operating System Version 5 4 7 0 x SNMP COMMANDS SNMP SERVER GROUP Related Commands snmp server show snmp server show snmp server group show...

Page 1669: ...SNMP v2c or the authentication encryption parameters and user name SNMP v3 Syntax snmp server host ipv4 address ipv6 address traps version 1 community name snmp server host ipv4 address ipv6 address i...

Page 1670: ...traps to the IPv6 host destination 2001 db8 8a2e 7334 with the SNMPv2c community name private use the following command awplus configure terminal awplus config snmp server host version 2c private2001...

Page 1671: ...ect the administrative state of the interface Syntax snmp server legacy ifadminstatus no snmp server legacy ifadminstatus Default Legacy ifAdminStatus is turned off by default so by default the SNMP i...

Page 1672: ...o variant of this command removes the configured location from the system Syntax snmp server location location name no snmp server location Mode Global Configuration Example To set the location to ser...

Page 1673: ...e of the traps and informs messages Mode Global Configuration Usage An SNMP trap or inform message that is sent from an SNMP server carries the notification IP address of its originating interface Use...

Page 1674: ...delay time no snmp server startup trap delay Default The SNMP server trap delay time is 30 seconds The no variant restores the default Mode Global Configuration Example To delay the device sending SN...

Page 1675: ...words must be the same for both entities Use the encrypted parameter when you want to enter already encrypted passwords in encrypted form as displayed in the running and startup configs stored on the...

Page 1676: ...command To enter existing SNMP user authuser with existing passwords as a member of group newusergroup with authentication protocol md5 plus the encrypted authentication password 0x1c74b9c22118291b0c...

Page 1677: ...C613 50163 01 Rev C Command Reference for GS970M Series 1677 AlliedWare Plus Operating System Version 5 4 7 0 x SNMP COMMANDS SNMP SERVER USER Related Commands show snmp server user snmp server view...

Page 1678: ...removes the specified view on the device The view must already exist Syntax snmp server view view name mib name included excluded no snmp server view view name Mode Global Configuration Examples The...

Page 1679: ...Rev C Command Reference for GS970M Series 1679 AlliedWare Plus Operating System Version 5 4 7 0 x SNMP COMMANDS UNDEBUG SNMP undebug snmp Overview This command applies the functionality of the no debu...

Page 1680: ...network information gathered using LLDP is transferred to a Network Management System by SNMP For security reasons we recommend using SNMPv3 for this purpose see the SNMP Feature Overview and Configur...

Page 1681: ...location identifier on page 1708 location civic location id on page 1709 location coord location configuration on page 1710 location coord location identifier on page 1712 location coord location id...

Page 1682: ...pplied LLDP statistics for all ports are cleared Syntax clear lldp statistics interface port list Mode Privileged Exec Examples To clear the LLDP statistics on ports 1 0 1 and 1 0 6 use the command aw...

Page 1683: ...r information is cleared for all ports Syntax clear lldp table interface port list Mode Privileged Exec Examples To clear the table of neighbor information received on ports 1 0 1 and 1 0 6 use the co...

Page 1684: ...peration no debug lldp all Default By default no debug is enabled for any ports Mode Privileged Exec Examples To enable debugging of LLDP receive on ports 1 0 1 and 1 0 6 use the command awplus debug...

Page 1685: ...63 01 Rev C Command Reference for GS970M Series 1685 AlliedWare Plus Operating System Version 5 4 7 0 x LLDP COMMANDS DEBUG LLDP Related Commands show debugging lldp show running config lldp terminal...

Page 1686: ...detects a new LLDP MED capable device The no variant of this command resets the LLDPD MED fast start count to the default 3 Syntax lldp faststart count 1 10 no lldp faststart count Default The default...

Page 1687: ...multiplier Default The default holdtime multiplier value is 4 Mode Global Configuration Usage The Time To Live defines the period for which the information advertised to the neighbor is valid If the...

Page 1688: ...e MAC address of the device s baseboard if no VLAN IP addresses are configured for the port Mode Interface Configuration Usage To see the management address that will be advertised use the show lldp i...

Page 1689: ...ications relating to the specified ports Syntax lldp med notifications no lldp med notifications Default The sending of LLDP MED notifications is disabled by default Mode Interface Configuration Examp...

Page 1690: ...olicy location inventory management lldp med tlv select all no lldp med tlv select capabilities network policy location inventory management no lldp med tlv select all Parameter Description capabiliti...

Page 1691: ...ory TLV Set in advertisements transmitted via ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp med tlv select inventor...

Page 1692: ...TLV SELECT Related Commands lldp tlv select location elin location id location civic location identifier location civic location configuration location coord location identifier location coord locati...

Page 1693: ...ied to LLDP MED advertisements according to ANSI TIA 1057 and LLDP MED TLVs in non standard order are discarded Mode Global Configuration Usage The ANSI TIA 1057 specifies standard order for TLVs in L...

Page 1694: ...ant of this command sets the notification interval back to its default Syntax lldp notification interval 5 3600 no lldp notification interval Default The default notification interval is 5 seconds Mod...

Page 1695: ...otifications Default The sending of LLDP SNMP notifications is disabled by default Mode Interface Configuration Examples To enable sending of LLDP SNMP notifications for ports 1 0 1 and 1 0 6 use the...

Page 1696: ...ult port identifier type is number The no variant of this command sets the port identifier type to the default Mode Global Configuration Examples To set the type of port identifier used to enumerate L...

Page 1697: ...is command sets the reinitialization delay back to its default setting Syntax lldp reinit 1 10 no lldp reinit Default The default reinitialization delay is 2 seconds Mode Global Configuration Examples...

Page 1698: ...riant of this command disables the operation of LLDP on the device The LLDP configuration remains unchanged Syntax lldp run no lldp run Default LLDP is disabled by default Mode Global Configuration Ex...

Page 1699: ...ntax lldp timer 5 32768 no lldp timer Default The default transmit interval is 30 seconds Mode Global Configuration Examples To set the transmit interval to 90 seconds use the commands awplus configur...

Page 1700: ...his command disables the specified optional TLVs or all optional TLVs for transmission in LLDP advertisements via the specified ports Syntax lldp tlv select tlv lldp tlv select all no lldp tlv select...

Page 1701: ...commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp tlv select all To exclude the management address and system name TLVs from advertisements transmitt...

Page 1702: ...ransmission of LLDP advertisements on ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp transmit To enable LLDP adverti...

Page 1703: ...its default setting Syntax lldp tx delay 1 8192 no lldp tx delay Default The default transmission delay timer is 2 seconds Mode Global Configuration Examples To set the transmission delay timer to 12...

Page 1704: ...to delete civic address parameters from the location Syntax country country state state no state county county no county city city no city division division no division neighborhood neighborhood no n...

Page 1705: ...l community name postal community name no postal community name post office box post office box no post office box additional code additional code no additional code seat seat no seat primary road nam...

Page 1706: ...ng street direction CA Type 16 trailing street suffix Trailing street suffix CA Type 17 street suffix Street suffix CA Type 18 street suffix or type house number House number CA Type 19 house number s...

Page 1707: ...ess location For more information about civic address format see the LLDP Feature Overview and Configuration Guide To specify the civic address location use the location civic location identifier comm...

Page 1708: ...s civic address location identifier use the location civic location configuration command To associate this civic location identifier with particular ports use the location elin location id command Up...

Page 1709: ...port can be transmitted in Location Identification TLVs via the port Before using this command create the location using the following commands location civic location identifier command location civ...

Page 1710: ...as 34 bit fixed point binary numbers with a 25 bit fractional part irrespective of the number of digits entered by the user Likewise Parameter Description lat resolution Latitude resolution as a numb...

Page 1711: ...arch area To specify the coordinate identifier use the location coord location identifier command To remove coordinate information delete the coordinate location by using the no variant of that comman...

Page 1712: ...or each type of location information up to a total of 1200 locations To configure this coordinate location use the location coord location configuration command To associate this coordinate location w...

Page 1713: ...can be transmitted in Location Identification TLVs via the port Before using this command configure the location using the following commands location coord location identifier command location coord...

Page 1714: ...to a total of 1200 locations To assign this ELIN location to particular ports so that it can be advertised in TLVs from those ports use the location elin location id command Examples To create a new E...

Page 1715: ...Configuration Usage An ELIN location associated with a port can be transmitted in Location Identification TLVs via the port Before using this command configure the location using the location elin lo...

Page 1716: ...ugging lldp interface port1 0 1 1 0 6 Output Figure 45 1 Example output from the show debugging lldp command Parameter Description port list The ports for which the LLDP debug settings are shown LLDP...

Page 1717: ...C613 50163 01 Rev C Command Reference for GS970M Series 1717 AlliedWare Plus Operating System Version 5 4 7 0 x LLDP COMMANDS SHOW DEBUGGING LLDP Related Commands debug lldp...

Page 1718: ...secs Reinitialization Delay 2 secs 2 Tx Delay 2 secs 2 Port Number Type Ifindex Port Number Fast Start Count 5 3 LLDP Global Status Total Neighbor Count 47 Neighbors table last updated 0 hrs 0 mins 4...

Page 1719: ...ue to a change in LLDP local information Port Number Type The type of port identifier used to enumerate LLDP MIB local port entries as set by the lldp port number type command Fast Start Count The num...

Page 1720: ...is inactive on this port because it is a mirror analyser port Notification Abbreviations RC LLDP Remote Tables Change TC LLDP MED Topology Change TLV Abbreviations Base Pd Port Description Sn System N...

Page 1721: ...nge Notification Management Addr Management address advertised to neighbors Base TLVs Enabled for Tx List of optional Base TLVs enabled for transmission Pd Port Description Sn System Name Sd System De...

Page 1722: ...ldp transmit receive command which TLVs it is configured to send lldp tlv select command lldp med tlv select command Examples To display local information transmitted via port 1 0 1 use the command aw...

Page 1723: ...Ability Disabled Power Class Unknown Link Aggregation Supported Disabled Maximum Frame Size 1522 LLDP MED Device Type Network Connectivity LLDP MED Capabilities LLDP MED Capabilities Network Policy Lo...

Page 1724: ...tem description System Capabilities Supported Capabilities that the local port supports System Capabilities Enabled Enabled capabilities on the local port Management Addresses Management address assoc...

Page 1725: ...ze capability of the implemented MAC and PHY LLDP MED Device Type LLDP MED device type LLDP MED Capabilities Capabilities LLDP MED capabilities supported on the local port Network Policy List of netwo...

Page 1726: ...s description interface hostname lldp transmit receive Power Value The total power the switch can source over a maximum length cable to a PD device on the port The value shows the power value in Watts...

Page 1727: ...p neighbors interface port1 0 1 port1 0 6 Output Figure 45 4 Example output from the show lldp neighbors command Parameter Description port list The ports for which the neighbor information is to be s...

Page 1728: ...al Port Local port on which the neighbor information was received Neighbor Chassis ID Chassis ID that uniquely identifies the neighbor Neighbor Port Name Port ID of the neighbor Neighbor Sys Name Syst...

Page 1729: ...lldp neighbors detail base dot1 dot3 med interface port list Mode User Exec and Privileged Exec Examples To display detailed neighbor information received via all ports use the command awplus show ll...

Page 1730: ...ID 1 Port Protocol VLAN Supported Yes Enabled Yes VIDs 5 VLAN Names default vlan5 Protocol IDs 9000 0026424203000000 888e01 8100 88090101 00540000e302 0800 0806 86dd MAC PHY Auto negotiation Supported...

Page 1731: ...ported Capabilities that the neighbor supports System Capabilities Enabled Capabilities that are enabled on the neighbor Management Addresses List of neighbor s management addresses Port VLAN ID PVID...

Page 1732: ...ximum frame size capability LLDP MED Device Type LLDP MED Device type LLDP MED Capabilities LLDP MED capabilities supported Network Policy List of network policies Location Identification Location inf...

Page 1733: ...23 In Errored 0 In Dropped 0 TLVs Unrecognized 0 Discarded 0 Neighbors New Entries 20 Deleted Entries 20 Dropped Entries 0 Entry Age outs 20 Table 49 Parameters in the output of the show lldp statisti...

Page 1734: ...neighbors has been removed from the neighbor table Neighbors Dropped Entries Number of times the information advertised by neighbors could not be entered into the neighbor table because of insufficie...

Page 1735: ...tistics interface To display LLDP statistics information for ports 1 0 1 and 1 0 6 use the command awplus show lldp statistics interface port1 0 1 port1 0 6 Output Parameter Description port list The...

Page 1736: ...ognized Number of LLDP TLVs received that are not recognized but the TLV type is in the range of reserved TLV types TLVs Discarded Number of LLDP TLVs discarded for any reason Neighbors New Entries Nu...

Page 1737: ...civic location interface port1 0 1 To display coordinate location information configured on the identifier 1 use the command awplus show location coord location identifier 1 Parameter Description civi...

Page 1738: ...elin location id location civic location identifier location civic location configuration location coord location identifier location coord location configuration location elin location Table 53 Examp...

Page 1739: ...ence for commands used to configure SMTP For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug...

Page 1740: ...ding emails The no variant of this command turns off debugging for sending emails Syntax debug mail no debug mail Mode Privileged Exec Examples To turn on debugging for sending emails use the command...

Page 1741: ...s To delete a unique mail item 20060912142356 1234 from the queue use the command awplus delete mail 20060912142356 1234 To delete all mail from the queue use the command awplus delete mail all Relate...

Page 1742: ...d a mail server using the mail smtpserver command Syntax mail to to subject subject file filename Mode Privileged Exec Example To send an email to rei nerv comwith the subject dummy plug configuration...

Page 1743: ...mmand You must specify a sending email address with this command before you can send any email Syntax mail from from Mode Global Configuration Example To set the email address from which you are sendi...

Page 1744: ...ice sends email to You must specify a mail server with this command before you can send any email Syntax mail smtpserver ip address Mode Global Configuration Example To specify a mail server at 192 16...

Page 1745: ...t from the show counter mail command Example To show the emails in the queue use the command awplus show counter mail Related Commands debug mail delete mail mail mail from show mail Mail Client SMTP...

Page 1746: ...ing System Version 5 4 7 0 x SMTP COMMANDS SHOW MAIL show mail Overview This command displays the emails in the queue Syntax show mail Mode Privileged Exec Example To display the emails in the queue u...

Page 1747: ...Rev C Command Reference for GS970M Series 1747 AlliedWare Plus Operating System Version 5 4 7 0 x SMTP COMMANDS UNDEBUG MAIL undebug mail Overview This command applies the functionality of the no debu...

Page 1748: ...N Feature Overview and Configuration Guide RMON is disabled by default in AlliedWare Plus No RMON alarms or events are configured For information on filtering and saving command output see the Getting...

Page 1749: ...The variable SNMP MIB Object Identifier OID name to be monitored in the format etherStatsEntry field stats index For example etherStatsEntry 5 22 is the OID for the etherStatsPkts field in the etherS...

Page 1750: ...value with the form etherStatsEntry field stats index for example etherStatsEntry 22 5 Example To configure an alarm to monitor the change per minute in the etherStatsPkt value for interface 22 define...

Page 1751: ...history index buckets 1 65535 interval 1 3600 owner owner no rmon collection history history index Default The default interval is 1800 seconds and the default buckets is 50 buckets Mode Interface Con...

Page 1752: ...collection stats collection index Default RMON statistics are not enabled by default Mode Interface Configuration Example To enable the collection of RMON statistics with a statistics index of 200 use...

Page 1753: ...x log description description owner owner trap trap rmon event event index log trap description description owner owner no rmon event event index Default No event is configured by default Mode Global...

Page 1754: ...alarm Overview Use this command to display the alarms and threshold configured for the RMON probe NOTE Only the alarms for switch port interfaces not for VLAN interfaces can be shown Syntax show rmon...

Page 1755: ...lowing etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts etherStatsOversizePkts etherStatsFragments etherS...

Page 1756: ...ce for GS970M Series 1756 AlliedWare Plus Operating System Version 5 4 7 0 x RMON COMMANDS SHOW RMON EVENT Example To display the events configured for the RMON probe use this command awplus show rmon...

Page 1757: ...utput from the show rmon history command NOTE The following etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizeP...

Page 1758: ...Operating System Version 5 4 7 0 x RMON COMMANDS SHOW RMON HISTORY etherStatsPkts1024to1518Octets Example To display the parameters specified on all the currently defined RMON history collections us t...

Page 1759: ...m the show rmon statistics command NOTE The following etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts et...

Page 1760: ...63 01 Rev C Command Reference for GS970M Series 1760 AlliedWare Plus Operating System Version 5 4 7 0 x RMON COMMANDS SHOW RMON STATISTICS etherStatsPkts1024to1518Octets Related Commands rmon collecti...

Page 1761: ...hostkey on page 1765 crypto key destroy userkey on page 1766 crypto key generate hostkey on page 1767 crypto key generate userkey on page 1769 crypto key pubkey chain knownhosts on page 1770 crypto k...

Page 1762: ...ow ssh server deny users on page 1792 ssh on page 1793 ssh client on page 1795 ssh server on page 1797 ssh server allow users on page 1799 ssh server authentication on page 1801 ssh server deny users...

Page 1763: ...nd of your message to save the text and re enter the normal command line mode The banner message is preserved if the device restarts The no variant of this command deletes the login banner from the de...

Page 1764: ...ly delete an SSH session if you are a system manager or the user who initiated the session If all is specified then all active SSH sessions are deleted Syntax clear ssh 1 65535 all Mode Privileged Exe...

Page 1765: ...key generate hostkey command to generate that key before you enable the SSH server Syntax crypto key destroy hostkey dsa ecdsa rsa rsa1 Mode Global Configuration Example To destroy the RSA host key u...

Page 1766: ...A user key for the SSH user remoteuser use the commands awplus configure terminal awplus config crypto key destroy userkey remoteuser rsa Related Commands crypto key generate hostkey show ssh show cry...

Page 1767: ...ey generate hostkey dsa 768 1024 crypto key generate hostkey rsa rsa1 768 32768 crypto key generate hostkey ecdsa 256 384 Default The default key length for RSA and DSA is 1024 bits The default key si...

Page 1768: ...5 4 7 0 x SECURE SHELL SSH COMMANDS CRYPTO KEY GENERATE HOSTKEY To generate an ECDSA host key with an elliptic curve size of 384 bits use the commands awplus configure terminal awplus config crypto k...

Page 1769: ...tions for the user bob use the commands awplus configure terminal awplus config crypto key generate userkey bob rsa 2048 To generate a DSA user key for the user lapo use the commands awplus configure...

Page 1770: ...ipv6 hostname rsa dsa rsa1 no crypto key pubkey chain knownhosts 1 65535 Default If no cryptography algorithm is specified then rsa is used as the default cryptography algorithm Mode Privilege Exec Us...

Page 1771: ...the remote server then SSH clients will inform the user that the public key of the server is altered or unknown Examples To add the RSA host key of the remote SSH host IPv4 address 192 0 2 11 to the k...

Page 1772: ...as text into the terminal To add a key as text into the terminal first enter the command crypto key pubkey chain userkey username and hit Enter Enter the key as text Note that the key you enter as tex...

Page 1773: ...hain userkey joeType CNTL D to finish AAAAB3NzaC1yc2EAAAABIwAAAIEAr1s7SokW5aW2fcOw1TStpb9J20b WluhnUC768EoWhyPW6FZ2t5360O5M29EpKBmGqlkQaz5V0mU9IQe66 5YyD4Ux OKSDtTI 7jtjDcoGWHb2u4sFwRpXwJZcgYrXW16 6Nv...

Page 1774: ...s the SSH client from generating diagnostic debugging message Syntax debug ssh client brief full no debug ssh client Default SSH client debugging is disabled by default Mode Privileged Exec and Global...

Page 1775: ...debugging facility This stops the SSH server from generating diagnostic debugging messages Syntax debug ssh server brief full no debug ssh server Default SSH server debugging is disabled by default M...

Page 1776: ...essions use the clear ssh command Syntax service ssh ip ipv6 no service ssh ip ipv6 Default The Secure Shell server is disabled by default Both IPv4 and IPv6 Secure Shell server are enabled when you i...

Page 1777: ...r GS970M Series 1777 AlliedWare Plus Operating System Version 5 4 7 0 x SECURE SHELL SSH COMMANDS SERVICE SSH Related Commands crypto key generate hostkey show running config ssh show ssh server ssh s...

Page 1778: ...mmand displays the banner message configured on the device The banner message is displayed to the remote user before user authentication starts Syntax show banner login Mode User Exec Privileged Exec...

Page 1779: ...ey hostkey dsa ecdsa rsa rsa1 Mode User Exec Privileged Exec and Global Configuration Examples To show the public keys generated on the device for SSH server use the command awplus show crypto key hos...

Page 1780: ...HELL SSH COMMANDS SHOW CRYPTO KEY HOSTKEY Related Commands crypto key destroy hostkey crypto key generate hostkey Table 1 Parameters in output of the show crypto key hostkey command Parameter Descript...

Page 1781: ...se the command awplus show crypto key pubkey chain knownhosts 1 Output Figure 48 2 Example output from the show crypto key public chain knownhosts command Related Commands crypto key pubkey chain know...

Page 1782: ...at are registered with the SSH server use the command awplus show crypto key pubkey chain userkey manager Output Figure 48 3 Example output from the show crypto key public chain userkey command Relate...

Page 1783: ...a pub Output Figure 48 4 Example output from the show crypto key userkey command Related Commands crypto key generate userkey Parameter Description username User name of the local SSH user whose keys...

Page 1784: ...192 168 1 ssh server allow users john ssh server deny user john a company com ssh server Table 5 Parameters in the output of the show running config ssh command Parameter Description ssh server SSH se...

Page 1785: ...RE SHELL SSH COMMANDS SHOW RUNNING CONFIG SSH Related Commands service ssh show ssh server ssh server allow users Add the user and hostname to the allow list ssh server deny users Add the user and hos...

Page 1786: ...sh command Secure Shell Sessions ID Type Mode Peer Host Username State Filename 414 ssh server 172 16 23 1 root open 456 ssh client 172 16 23 10 manager user auth 459 scp client 172 16 23 12 root down...

Page 1787: ...ce has accepted a new session host auth host to host authentication is in progress user auth User authentication is in progress authenticated User authentication is complete open The session is in pro...

Page 1788: ...ient Output Figure 48 7 Example output from the show ssh client command Related Commands show ssh server Secure Shell Client Configuration Port 22 Version 2 1 Connect Timeout 30 seconds Session Timeou...

Page 1789: ...e Shell Server Configuration SSH Server Enabled Port 22 Version 2 Services scp sftp User Authentication publickey password Resolve Hosts Disabled Session Timeout 0 Off Login Timeout 60 seconds Maximum...

Page 1790: ...seconds that the SSH server will wait to receive data from the SSH client The server disconnects if this timer limit is reached If set at 0 the idle timer remains off Maximum Startups The maximum numb...

Page 1791: ...er use the command awplus show ssh server allow users Output Figure 48 9 Example output from the show ssh server allow users command Related Commands ssh server allow users ssh server deny users Usern...

Page 1792: ...lobal Configuration Example To display the user entries in the deny list of the SSH server use the command awplus show ssh server deny users Output Figure 48 10 Example output from the show ssh server...

Page 1793: ...sername is used for login to the remote SSH server when user authentication is required Otherwise the current user name is used username User name to login on the remote server port SSH server port If...

Page 1794: ...the command awplus ssh ip user manager 192 0 2 5 To login to the remote SSH server at 192 0 2 5 that is listening TCP port 2000 use the command awplus ssh port 2000 192 0 2 5 To login to the remote S...

Page 1795: ...session timeout 0 3600 connect timeout 1 600 no ssh client port version session timeout connect timeout Parameter Description port The default TCP port of the remote SSH server If an SSH client specif...

Page 1796: ...ion timeout 600 To configure the connect timeout of SSH client to 10 seconds use the command awplus ssh client connect timeout 10 To restore the connect timeout to its default use the command awplus n...

Page 1797: ...ports both SSHv2 and SSHv1client connections Default v1v2 v2only Supports SSHv2 client connections only 1 65535 The TCP port number that the server listens to for incoming SSH sessions Default 22 sess...

Page 1798: ...ections waiting authentication from SSH server to 3 use the commands awplus configure terminal awplus config ssh server max startups To set max startups parameters of SSH server to the default configu...

Page 1799: ...existing entry Syntax ssh server allow users username pattern hostname pattern no ssh server allow users username pattern hostname pattern Mode Global Configuration Examples To allow the user john to...

Page 1800: ...0 x SECURE SHELL SSH COMMANDS SSH SERVER ALLOW USERS To delete the existing user entry john 192 168 1 in the allow list use the commands awplus configure terminal awplus config no ssh server allow use...

Page 1801: ...rver authentication password publickey no ssh server authentication password publickey Default Both RSA public key authentication and password authentication are enabled by default Mode Global Configu...

Page 1802: ...authentication for users connecting through SSH use the commands awplus configure terminal awplus config no ssh server authentication password To disable publickey authentication for users connecting...

Page 1803: ...rver deny users username pattern hostname pattern Mode Global Configuration Examples To deny the user john to access SSH login from any host use the commands awplus configure terminal awplus config ss...

Page 1804: ...0 x SECURE SHELL SSH COMMANDS SSH SERVER DENY USERS To delete the existing user entry john 192 168 2 in the deny list use the commands awplus configure terminal awplus config no ssh server deny users...

Page 1805: ...o its default value of 6 Syntax ssh server max auth tries 1 32 no ssh server max auth tries Default 6 attempts Mode Global Configuration Usage By default users must wait one second after a failed logi...

Page 1806: ...no variant of this command disables this feature Syntax ssh server resolve hosts no ssh server resolve hosts Default This feature is disabled by default Mode Global Configuration Usage Your device ha...

Page 1807: ...e device accepts SCP connections The SCP service is enabled by default as soon as the SSH server is enabled The no variant of this command disables the SCP service on the SSH server Once disabled SCP...

Page 1808: ...ns The SFTP service is enabled by default as soon as the SSH server is enabled If the SSH server is disabled SFTP service is unavailable The no variant of this command disables SFTP service on the SSH...

Page 1809: ...eference for GS970M Series 1809 AlliedWare Plus Operating System Version 5 4 7 0 x SECURE SHELL SSH COMMANDS UNDEBUG SSH CLIENT undebug ssh client Overview This command applies the functionality of th...

Page 1810: ...eference for GS970M Series 1810 AlliedWare Plus Operating System Version 5 4 7 0 x SECURE SHELL SSH COMMANDS UNDEBUG SSH SERVER undebug ssh server Overview This command applies the functionality of th...

Page 1811: ...output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active trigger on page 1813 day on page 1814 debug trigger on page 1816 description trigger o...

Page 1812: ...S970M Series 1812 AlliedWare Plus Operating System Version 5 4 7 0 x TRIGGER COMMANDS type memory on page 1840 type periodic on page 1841 type ping poll on page 1842 type reboot on page 1843 type time...

Page 1813: ...o active Mode Trigger Configuration Usage Configure a trigger first before you use this command to activate it Forinformationaboutconfiguringatrigger seethe TriggersFeatureOverviewand Configuration Gu...

Page 1814: ...Port LEDs in the Triggers Feature Overview and Configuration Guide Examples To permit trigger 55 to activate on the 1 October 2016 use the commands awplus configure terminal awplus config trigger 55...

Page 1815: ...erating System Version 5 4 7 0 x TRIGGER COMMANDS DAY To permit trigger 12 to activate on a Mondays Wednesdays and Fridays use the commands awplus configure terminal awplus config trigger 12 awplus co...

Page 1816: ...d messages about how your device is processing the trigger commands and activating the triggers The no variant of this command disables trigger debugging Syntax debug trigger no debug trigger Mode Pri...

Page 1817: ...or this trigger Syntax description description no description Mode Trigger Configuration Examples To give trigger 240 the description daily status report use the commands awplus configure terminal awp...

Page 1818: ...limited number of times To reset a trigger to this default specify either yes or forever Syntax repeat forever no once yes 1 4294967294 Mode Trigger Configuration Examples To allow trigger 21 to activ...

Page 1819: ...ir position in the script list The all parameter removes all scripts from the trigger Syntax script 1 5 filename no script 1 5 filename all Mode Trigger Configuration Examples To configure trigger 71...

Page 1820: ...sh cpu_trig sh from trigger 71 s script list use the commands awplus configure terminal awplus config trigger 71 awplus config trigger no script flash cpu_trig sh To remove all the scripts from trigge...

Page 1821: ...r off from the debug trigger command Syntax show debugging trigger Mode User Exec and Privileged Exec Example To display the current configuration of trigger debugging use the command awplus show debu...

Page 1822: ...mand displays the current running configuration of the trigger utility Syntax show running config trigger Mode Privileged Exec Example To display the current configuration of the trigger utility use t...

Page 1823: ...ion about all triggers full Displays detailed information about all triggers Table 1 Example output from the show trigger command awplus show trigger TR Type Details Name Ac Te Tr Repeat Scr Days Date...

Page 1824: ...e number of times a trigger has activated use the show trigger 1 250 command Scr Number of scripts associated with the trigger Days Date Days or date when the trigger may be activated For the days opt...

Page 1825: ...vation not activated Number of scripts 0 1 not configured 2 not configured 3 not configured 4 not configured 5 not configured Trigger 2 Description no description Type and details Card out Days smtwtf...

Page 1826: ...ontinuous or for a set number of times When the trigger can repeat only a set number of times then the number of times the trigger has been activated is displayed in brackets Modified The date and tim...

Page 1827: ...r has been activated Time triggers activated today Number of times a time trigger has been activated today Periodic triggers activated today Number of times a periodic trigger has been activated today...

Page 1828: ...activates the scripts associated with the trigger will be run as normal Syntax test no test Mode Trigger Configuration Usage Configure a trigger first before you use this command to diagnose it For i...

Page 1829: ...t midnight during which the trigger may activate By default the value of this parameter is 23 59 59 that is the trigger may activate at any time If the value specified for before is later than the val...

Page 1830: ...rigger 63 to activate between midnight and 10 30am use the commands awplus configure terminal awplus config trigger 63 awplus config trigger time before 10 30 00 To allow trigger 64 to activate betwee...

Page 1831: ...ich MIB objects are supported the SNMP Feature Overview and Configuration_Guide the SNMP Commands chapter Since SNMP traps are enabled by default for all defined triggers a common usage will be for th...

Page 1832: ...onal parameters can be specified At a minimum the trigger type information must be specified before the trigger can become active The no variant of this command removes a specified trigger and all con...

Page 1833: ...e This command manually activates a trigger without the normal trigger conditions being met The trigger is activated even if it is configured as inactive The scripts associated with the trigger will b...

Page 1834: ...config trigger 5 node1 config trigger type atmf node leave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set nod...

Page 1835: ...er This command returns the following display Display the triggers configured on each of the nodes in the AMF Network AMF Net 3 show running config trigger This command returns the following display n...

Page 1836: ...4 7 0 x TRIGGER COMMANDS TYPE ATMF NODE Related Commands show trigger Node1 trigger 1 type periodic 2 script 1 atmf scp trigger 5 type atmf node leave description E mail on ATMF Exit script 1 email_m...

Page 1837: ...configuration card triggers are activated on the master for either the insertion or removal of a card on the master only For example trigger configurations that use the type card command see Capture...

Page 1838: ...M Activity in the Triggers Feature Overview and Configuration Guide Examples To configure trigger 28 to be a CPU trigger that activates when CPU usage exceeds 80 use the following commands awplus conf...

Page 1839: ...one of these events occurs by using the any option Syntax type interface interface up down any Mode Trigger Configuration Example To configure trigger 19 to be an interface trigger that activates when...

Page 1840: ...memory trigger that activates when memory usage exceeds 50 use the following commands awplus configure terminal awplus config trigger 12 awplus config trigger type memory 50 up To configure trigger 40...

Page 1841: ...configured If you attempt to add more than 10 triggers the following error message is displayed For an example trigger configuration that uses the type periodic command see See Daily Statistics in the...

Page 1842: ...e or unreachable Syntax type ping poll 1 100 up down Mode Trigger Configuration Example To configure trigger 106 to activate when ping poll 12 detects that its target device is now unreachable use the...

Page 1843: ...Overview This command configures a trigger that activates when your device is rebooted Syntax type reboot Mode Trigger Configuration Example To configure trigger 32 to activate when your device reboo...

Page 1844: ...d limit of 10 triggers of the type time and type periodic can be configured If you attempt to add more than 10 triggers the following error message is displayed Example To configure trigger 86 to acti...

Page 1845: ...Command Reference for GS970M Series 1845 AlliedWare Plus Operating System Version 5 4 7 0 x TRIGGER COMMANDS UNDEBUG TRIGGER undebug trigger Overview This command applies the functionality of the no d...

Page 1846: ...command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active ping polling on page 1848 clear ping poll on page 1849 critical interval on pag...

Page 1847: ...ing on page 1852 fail count on page 1853 ip ping polling on page 1854 length ping poll data on page 1855 normal interval on page 1856 ping poll on page 1857 sample size on page 1858 show counter ping...

Page 1848: ...olling is unreachable The no variant of this command disables a ping poll instance The polling instance no longer sends ICMP echo requests to the polled device This also resets all counters for this p...

Page 1849: ...mmand The device status changes to reachable once the device responses have reached the up count Syntax clear ping poll 1 100 all Mode Privileged Exec Examples To reset the ping poll instance 12 use t...

Page 1850: ...of one second Syntax critical interval 1 65536 no critical interval Default The default is 1 second Mode Ping Polling Configuration Examples To set the critical interval to 2 seconds for the ping poll...

Page 1851: ...for the specified ping poll Syntax debug ping poll 1 100 no debug ping poll 1 100 all Mode Privileged Exec Examples To enable debugging for ping poll instance 88 use the command awplus debug ping poll...

Page 1852: ...lete the description set Syntax description description no description Mode Ping Polling Configuration Examples To add the text Primary Gateway to describe the ping poll instance 45 use the commands a...

Page 1853: ...e The no variant of this command resets the fail count to the default Syntax fail count 1 100 no fail count Default The default is 5 Mode Ping Polling Configuration Examples To specify the number of p...

Page 1854: ...e 5 to poll the device with the IP address 192 168 0 1 use the commands awplus configure terminal awplus config ping poll 5 awplus config ping poll ip 192 168 0 1 To set ping poll instance 10 to poll...

Page 1855: ...dropping packets of the size you are interested in The no variant of this command resets the data bytes to the default of 32 bytes Syntax length 4 1500 no length Default The default is 32 Mode Ping P...

Page 1856: ...ng Configuration Examples To specify a time period of 60 seconds between pings when the device is reachable for ping poll instance 45 use the commands awplus configure terminal awplus config ping poll...

Page 1857: ...nt the polling instance to poll It is not necessary to specify any further commands unless you want to change a command s default The no variant of this command deletes the specified ping poll Syntax...

Page 1858: ...hat does not always reply to pings may be declared unreachable You cannot set this command s value lower than the fail count value The polling instance uses the number of pings specified by the up cou...

Page 1859: ...erence for GS970M Series 1859 AlliedWare Plus Operating System Version 5 4 7 0 x PING POLLING COMMANDS SAMPLE SIZE Related Commands critical interval fail count normal interval ping poll show ping pol...

Page 1860: ...displays the counters for the specified ping poll only If you do not specify a ping poll then this command displays counters for all ping polls Ping polling counters Ping poll 1 PingsSent 15 PingsFail...

Page 1861: ...hile the target device is in the Up state This is a cumulative counter for multiple occurrences of the Up state PingsFailedDownState Number of unanswered pings while the target device is in the Down s...

Page 1862: ...te Displays polling instances based on whether the device they are polling is currently reachable or unreachable up Displays polling instance where the device state is reachable down Displays polling...

Page 1863: ...the polled device may be going down Critical Down The device is unreachable but the polling instance received a reply to the last ping packet so the polled device may be coming back up Destinatio n Th...

Page 1864: ...ce is reachable Down The device is unreachable Critic a l Up The device is reachable but recently the polling instance has not received some ping replies so the polled device may be going down Critic...

Page 1865: ...of pings that must be unanswered within the total number of pings specified by the sample size command for the polling instance to consider the device unreachable This is set using the fail count comm...

Page 1866: ...address no source ip Mode Ping Polling Configuration Examples To configure the ping polling instance 43 to use the source IP address 192 168 0 1 in ping packets use the commands awplus configure term...

Page 1867: ...and Reference for GS970M Series 1867 AlliedWare Plus Operating System Version 5 4 7 0 x PING POLLING COMMANDS SOURCE IP Related Commands description ping polling ip ping polling length ping poll data...

Page 1868: ...timeout 1 30 no timeout Default The default is 1 second Mode Ping Polling Configuration Examples To specify the timeout as 5 seconds for ping poll instance 43 use the commands awplus configure termina...

Page 1869: ...e Ping Polling Configuration Examples To set the upcount to 5 consecutive pings for ping polling instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping po...

Page 1870: ...d Reference for GS970M Series 1870 AlliedWare Plus Operating System Version 5 4 7 0 x PING POLLING COMMANDS UNDEBUG PING POLL undebug ping poll Overview This command applies the functionality of the n...

Page 1871: ...page 1872 debug sflow agent on page 1873 sflow agent address on page 1874 sflow collector address on page 1876 sflow collector max datagram size on page 1878 sflow enable on page 1879 sflow max heade...

Page 1872: ...mpling and or polling debug is disabled Mode Privileged Exec Examples To enable sFlow debug messagelogging for polling and sampling on port1 0 1 and port1 0 7 use the commands awplus debug sflow inter...

Page 1873: ...to particular ports For example sending an sFlow datagram to the collector The no variant of this command applies the command default Syntax debug sflow agent no debug sflow agent Default The sFlow ag...

Page 1874: ...ion or deletion of VLAN interfaces each of which will have its own specific IP address Note that sFlow is rendered inactive whenever the agent address is not set The no variant of this command applies...

Page 1875: ...C613 50163 01 Rev C Command Reference for GS970M Series 1875 AlliedWare Plus Operating System Version 5 4 7 0 x SFLOW COMMANDS SFLOW AGENT ADDRESS Related Commands show running config sflow show sflow...

Page 1876: ...535 no sflow collector ip ipv6 port Default The collector address is 0 0 0 0 which renders sFlow inactive and the UDP port is 6343 Mode Global Configuration Examples To set the sFlow collector address...

Page 1877: ...mmand awplus configure terminal awplus config sflow collector ipv6 2001 0db8 1 To remove the sFlow collector IPv6 address and leave the UDP port unchanged use the command awplus configure terminal awp...

Page 1878: ...d resets the maximum datagram size to the default Syntax sflow collector max datagram size 200 1500 no sflow collector max datagram size Default 1400 bytes Mode Global Configuration Example To set the...

Page 1879: ...tional status to active To activate sFlow the following conditions need to be met sFlow is enabled The sFlow agent address is set The sFlow collector address is set to a valid non zero IPv4 or IPv6 ad...

Page 1880: ...ault Syntax sflow max header size 14 200 no sflow max header size Default The max header size is 128 bytes Mode Interface Configuration Usage The header size is measured from the first byte of the Eth...

Page 1881: ...y this command will be included in the sFlow packet samples For example with the default of 128 applied up to 128 82 46 bytes of user data could be included in the sFlow datagram samples sent between...

Page 1882: ...and The no variant of this command applies the default Syntax sflow polling interval 0 1 16777215 no sflow polling interval Default The polling interval is 0 polling disabled Mode Interface Configurat...

Page 1883: ...received i e one in every 1000 frames sent from the specified port A value of 0 disables sampling on the specified port s The no variant of this command applies the default Syntax sflow sampling rate...

Page 1884: ...and awplus show debugging sflow interface port1 0 1 1 0 9 Output Figure 51 1 Sample obtained for an sFlow agent To display sFlow debug settings for all ports use the command awplus show debugging sflo...

Page 1885: ...0163 01 Rev C Command Reference for GS970M Series 1885 AlliedWare Plus Operating System Version 5 4 7 0 x SFLOW COMMANDS SHOW DEBUGGING SFLOW Related Commands show running config sflow show sflow inte...

Page 1886: ...ow running config sflow Mode Privileged Exec and Global Configuration Example To display the sFlow running configuration information use the command awplus show running config sflow Output Figure 51 2...

Page 1887: ...0 0 Collector UDP Port 6343 6343 Tx Max Datagram Size 1200 1400 sFlow Agent Status Polling sampling Tx Inactive because sFlow is disabled Agent Addr is not set Collector Addr is 0 0 0 0 Polling sampli...

Page 1888: ...running config sflow show sflow interface Tx Max Datagram Size The maximum size of the sFlow datagrams sent to the collector Polling sampling Tx Whether sFlow sampling and or polling and hence sFlow d...

Page 1889: ...System Version 5 4 7 0 x SFLOW COMMANDS SHOW SFLOW INTERFACE show sflow interface Overview This command displays sFlow agent sampling and polling configuration for specified ports Syntax show sflow in...

Page 1890: ...and Reference for GS970M Series 1890 AlliedWare Plus Operating System Version 5 4 7 0 x SFLOW COMMANDS UNDEBUG SFLOW undebug sflow Overview This command applies the functionality of the no variant of...

Reviews:

No comments

Brands by name

Popular brands

Load more brands