manualshive.com logo in svg

Allied Telesis AlliedWare Plus 5.2.1, Software Reference Manual, Page: 820 / 1294

Share
Download
Allied Telesis AlliedWare Plus 5.2.1 Software Reference Manual Download Page 820

Access Control List (ACL) Commands

©2008 Allied Telesis Inc. All rights reserved.

38.14

AlliedWare Plus

TM

 Operating System Software Reference  C613-50003-00 REV E

Software Version 5.2.1

 

Syntax 

[tcp|udp]

access-list extended 

<list-name>

 {deny|permit} {tcp|udp} 

<source>

 

 

{eq|lt|gt|ne} 

<source>

 {eq|lt|gt|ne} 

<destport>

 [log]

no access-list extended 

<list-name>

 {deny|permit} {tcp|udp} 

<source>

 

 

{eq|lt|gt|ne} 

<sourceport> <destination>

 {eq|lt|gt|ne} 

<destport>

 

[log]

Parameter

 

Description

 

<list-name>

A user-defined name for the access-list. 

deny

The access-list rejects packets that match the type, source, and destination 
filtering specified with this command.

permit

The access-list permits packets that match the type, source, and 
destination filtering specified with this command.

tcp

The access-list matches only TCP packets.

udp

The access-list matches only UDP packet.

<source>

The source address of the packets. You can specify either a subnet or all 
sources. The following are the valid formats for specifying the source:

<ip-addr>/

<reverse-

mask>

An IPv4 address, followed by a forward slash, then the 
prefix length. This matches any source IP address within 
the specified subnet. 

any

Matches any source IP address.

<sourceport>

The source port number, specified as an integer between 0 and 65535.

<destination>

The destination address of the packets. You can specify either a subnet or 
all destinations.The following are the valid formats for specifying the 
destination:

<ip-addr>/

<reverse-

mask>

An IPv4 address, followed by a forward slash, then the 
prefix length. This matches any source IP address within 
the specified subnet. 

any

Matches any destination IP address.

<destport>

The destination port number, specified as an integer between 0 and 
65535.

eq

Matches port numbers equal to the port number specified immediately 
after this parameter.

lt

Matches port numbers less than the port number specified immediately 
after this parameter.

gt

Matches port numbers greater than the port number specified 
immediately after this parameter.

ne

Matches port numbers not equal to the port number specified 
immediately after this parameter.

log

Log the results.

Summary of Contents for AlliedWare Plus 5.2.1

Page 1: ...AlliedWare Plus Operating System x900 12XT S x900 24XS x900 24XT x900 24XT N Switchblade x908 Software Reference SoftwareVersion 5 2 1 C613 50003 00 Rev E ...

Page 2: ...is subject to change without notice No part of this publication may be reproduced stored in a retrieval system or transmitted in any form or any means electronic or mechanical including photocopying and recording for any purpose other than the purchaser s internal use without the written permission of Allied Telesis Inc Allied Telesis and AlliedWare Plus are trademarks or registered trademarks in ...

Page 3: ...stem parameters 1 18 How to set the time and date 1 20 How to add and remove users 1 22 How to undo settings 1 24 How to upgrade the firmware 1 25 Controlling show command output 1 26 Commands available in each mode 1 28 2 Command Syntax Conventions in this Software Reference 3 Startup Sequence AlliedWare Plus Start up 3 2 Diagnostic menu 3 3 Bootloader menu 3 5 Start up sequence 3 10 4 CLI Naviga...

Page 4: ...y of Service 14 21 IGMP Snooping 14 22 15 Switching Commands 16 VLAN Commands VLAN Commands 16 2 17 GVRP Commands GVRP Commands 17 2 18 Spanning Tree Introduction STP RSTP MSTP Introduction 18 2 Overview of Spanning Trees 18 2 Spanning Tree Protocol STP 18 5 Configuring STP 18 6 Rapid Spanning Tree Protocol RSTP 18 7 Configuring RSTP 18 8 Multiple Spanning Tree Protocol MSTP 18 10 Configuring MSTP...

Page 5: ...eys 27 5 RIPv2 md5 authentication multiple keys 27 8 28 RIP Commands Introduction 28 2 29 OSPF Configuration Introduction 29 2 Terminology 29 2 Enabling OSPF on an Interface 29 3 Setting priority 29 5 Configuring an Area Border Router 29 7 Redistributing routes into OSPF 29 8 OSPF Cost 29 9 Configuring Virtual Links 29 11 OSPF Authentication 29 12 30 OSPF Commands Introduction 30 3 31 BGP Commands...

Page 6: ...n 41 2 The 802 1x Implementation 41 2 Configuring 802 1x 41 2 42 802 1x and RADIUS Commands Introduction 42 2 43 Secure Shell SSH Introduction Introduction 43 2 Configuring the SSH Server 43 3 Configuring the SSH Client 43 8 44 SSH Configuration Configuring the SSH Server 44 2 45 Secure Shell Commands High Availability Reference 46 VRRP Introduction Introduction 46 2 Virtual Router Redundancy Prot...

Page 7: ...MIB II MIB 56 3 TCP MIB 56 5 UDP MIB 56 6 IP Forwarding Table MIB 56 7 Ethernet like Interface Types MIB 56 8 Medium Attachment Unit MAU MIB 56 9 Host Resources MIB 56 11 Bridge MIB 56 13 RMON MIB 56 15 57 SMTP Commands 58 RMON Commands Introduction 58 2 59 Triggers Introduction Introduction 59 2 Configuring a Trigger 59 2 Troubleshooting Triggers 59 4 60 Triggers Configuration Introduction 60 2 R...

Page 8: ...65 Stacking Commands Introduction 65 2 Appendix l Command List ...

Page 9: ...tup Sequence Chapter 4 CLI Navigation Commands Chapter 5 User Access Commands Chapter 6 Creating and Managing Files Chapter 7 File Management Commands Chapter 8 System Configuration and Monitoring Commands Chapter 9 Debugging and Logging Chapter 10 Logging Commands Chapter 11 Scripting Commands Chapter 12 Interface Commands Chapter 13 Interface Testing Commands ...

Page 10: ......

Page 11: ...eate and use a new configuration file 1 13 How to return to the factory defaults 1 15 How to see system information 1 16 Viewing overall system information 1 16 Viewing temperature voltage and fan status 1 17 Viewing the serial number 1 17 How to set system parameters 1 18 How to change the telnet session timeout 1 18 How to name the switch 1 18 How to display a text banner at login 1 19 How to se...

Page 12: ...g system OS 1 Set the console baud rate The default baud rate is 9600 By default the AlliedWare PlusTM OS supports VT100 compatible terminals on the console port This means that the terminal size is 80 columns by 24 rows 2 Login with manager friend The defaults are username manager password friend The switch logs you into User Exec mode From User Exec mode you can perform high level diagnostics so...

Page 13: ...xt at a time with the prompt More at the end of each screenful Press the space bar to display the next screenful or the Q key to return to the command prompt Example To see which commands are available in User Exec mode enter at the User Exec mode command prompt awplus This results in the following output Exec commands clear Reset functions disable Turn off privileged mode command echo Echo a stri...

Page 14: ...t the help only indicates what you can type next For commands that have a series of parameters like clock timezone the help does not make the number of parameters obvious Complete keywords To complete keywords type Tab after part of the command If only one keyword matches the partial command the AlliedWare Plus OS fills in that keyword If multiple keywords match it lists them Example To use Tab co...

Page 15: ... entered The switch also prints the command and marks the first invalid character by putting a under it Note that you may get this error if you enter a command in the wrong mode as the following output shows awplus interface port1 0 1 interface port1 0 1 Invalid input detected at marker Unrecognized command when you try to use help and get this message it indicates that the switch can not provide ...

Page 16: ...log into on the switch It lets you perform high level diagnostics show commands ping traceroute etc start sessions Telnet SSH and change mode The default User Exec mode prompt is awplus Privileged Exec mode To change from User Exec to Privileged Exec mode enter the command awplus enable Privileged Exec mode is the main mode for monitoring for example running show commands and debugging From Privil...

Page 17: ... awplus config if Class map QoS classes which isolate and name specific traffic flows classes from all other traffic class map name awplus config cmap EPSR Ethernet Protection Switching Ring a loop protection mechanism with extremely fast convergence times epsr configuration awplus config epsr Line Console port settings or virtual terminal settings for telnet line console 0 line vty number awplus ...

Page 18: ...figuration mode When you are configuring the switch you are likely to want to enter show commands to confirm the configuration This can mean you change often between configuration modes and Privileged Exec mode However you can run Privileged Exec commands without changing mode by using the command do command you want to run You cannot use the help to find out command syntax when using the do comma...

Page 19: ...e the current configuration The current configuration is called the running config To see it enter the following command in either Privileged Exec mode or any configuration mode awplus show running config To see only part of the current configuration enter the command awplus show running config include word This displays only the lines that contain word To start the display at a particular place e...

Page 20: ...o work you have to configure a DNS server turns off L3 multicast packet switching in the switch s hardware This prevents L3 multicasts from flooding the switch s CPU in its default state as an L2 switch sets the maximum number of ECMP routes to 8 turns on RSTP on all ports Note that the ports are not set to be edge ports sets all the switch ports to access mode This means they are untagged ports s...

Page 21: ...tion Forces passwords in the script to be encrypted log record priority Records log message priority username manager privilege 15 password 8 1 bJoVec4D JwOJGPr7YqoExA0GVasdE0 Specifies the password for the manager user service telnet Turns on the telnet server ip domain lookup Allows domain name lookups no ip multicast routing Turns off L3 multicast packet switching in the switch hardware maximum...

Page 22: ...uration After logging in enter Privileged Exec mode by using the command awplus enable Then check the current configuration by using one of the following commands awplus show ip interface eth0 brief This results in the following output awplus show running config interface eth0 This results in the following output 2 Enter Interface Configuration mode for the eth0 interface Enter Global Configuratio...

Page 23: ...g is a short cut for the current boot configuration file which will be the default configuration file unless you have changed it as described in the next section How to create and use a new configuration file 1 Copy the current configuration to a new file Enter Privileged Exec mode and enter the command awplus copy running config filename cfg Example To save the current configuration in a file cal...

Page 24: ...guration When you next want to save the current configuration enter Privileged Exec mode and enter the command awplus copy running config startup config The parameter startup config is a short cut for the current boot configuration file Boot configuration Current software r1 5 2 1 rel Current boot image flash r1 5 2 1 rel Backup boot image Not set Default boot config flash configs default cfg Curr...

Page 25: ... it is the current boot configuration file enter Privileged Exec mode and enter either of the commands awplus delete force filename or awplus erase startup config Note that erasing startup config deletes the current boot configuration file it does not simply stop the file from being the boot file To make sure that no other file is loaded at start up enter Global Configuration mode and enter the co...

Page 26: ... Exec or Privileged Exec mode and enter the command awplus show system The output looks like this Switch System Status Tue Jun 12 16 41 17 2007 Board ID Bay Board Name Rev Serial number Base 270 x900 24XT C 0 P1FY7502C PSU 212 PSU1 AT PWR01 AC F 1 4221F7E Fan module 214 PSU2 AT FAN01 F 1 422177F Memory DRAM 514472 kB Flash 31 0MB Used 25 0MB Available 6 0MB Environment Status Normal Uptime 0 days ...

Page 27: ...tself To do this enter User Exec or Privileged Exec mode and enter the command awplus show system serialnumber Environment Monitoring Status Overall Status Normal Resource ID 1 Name PSU bay 1 ID Sensor Units Reading Low Limit High Limit Status 1 Device Present 1 Ok 2 PSU Overtemp 0 Ok 3 PSU Fan Fail 0 Ok 4 PSU Power Good 1 Ok Resource ID 2 Name PSU bay 2 ID Sensor Units Reading Low Limit High Limi...

Page 28: ...line vty 0 32 awplus config line exec timeout new timeout The new timeout value only applies to new sessions not current sessions Examples To set the timeout to 30 minutes enter the command awplus config line exec timeout 30 To set the timeout to 30 seconds enter the command awplus config line exec timeout 0 30 To set the timeout to infinity so that sessions never time out enter either of the comm...

Page 29: ... the command awplus config banner motd banner text The text can contain spaces and other printable characters You do not have to surround words with quote marks Example To display this is a new banner when someone logs in enter the command awplus config banner motd this is a new banner This results in the following output at login Removing the banner To return to the default banner AlliedWare Plus...

Page 30: ...imezone and date enter Privileged Exec mode and enter the command awplus show clock The output looks like this How to set the time and date To set the time and date enter Privileged Exec mode and enter the command awplus clock set hh mm ss day month year where hh is two digits giving the hours in 24 hour format e g 14 mm is two digits giving the minutes ss is two digits giving the seconds day is t...

Page 31: ...ates enter Global Configuration mode and enter the command awplus config clock summer time zone name recurring start week start day start month start time end week end day end month end time offset minutes The zone name can be any string up to 6 characters long The start time and end time are in the form hh mm in 24 hour time Note that if you specify 5 for the week this changes the time on the las...

Page 32: ...no username Bob You can delete any user except the user called manager including the user you are currently logged in as Displaying users To list the currently logged in users enter User Exec or Privileged Exec mode and enter the command awplus show users The output looks like this To list all configured users enter User Exec or Privileged Exec mode and enter the command awplus show running config...

Page 33: ...s you typed it After entering the command above logging in as Bob with a password of friend does not work This is because the switch takes the password you enter friend hashes it and compares the hash with the string in the running config friend The hashed value and friend are not the same so the switch rejects the login Caution Only enter the number 8 if you are entering a pre encrypted password ...

Page 34: ...mple You can set the timezone to Eastern Standard Time by entering the command awplus config clock timezone EST minus 5 To remove the timezone setting enter the command awplus config no clock timezone How to use the default parameter Some commands have a default parameter that returns the feature to its default setting Example You can change the login banner to this is a new banner by entering the...

Page 35: ...s Flash memory for the new release Note that you cannot delete the current release file To see how much space is free use the command awplus show file system 3 Copy the new release from your TFTP server onto the switch Follow the instructions in Copying with Trivial File Transfer Protocol TFTP on page 6 11 4 Set the switch to boot from the new release Enter Global Configuration mode and enter the ...

Page 36: ...gin Begin with the first line that contains matching output exclude Exclude lines that contain matching output include Include lines that contain matching output redirect Redirect output Begin The begin parameter causes the display to begin at the first line that contains the input string awplus show run begin eth0 skipping interface eth0 ip address 192 168 14 1 line con 0 login line vty 0 4 login...

Page 37: ...ackets 80434552 bytes 2147483647 dropped 0 multicast packets 0 input errors 0 length 0 overrun 0 CRC 0 frame 0 fifo 1 missed 0 Redirect The redirect parameter puts the lines of output into the specified file If the file already exists the new output overwrites the file s contents the new output is not appended to the existing file contents redirect and are synonyms awplus show history redirect his...

Page 38: ...t functions disable Turn off privileged mode command echo Echo a string enable Turn on privileged mode command exit End current mode and down to previous mode help Description of the interactive help system logout Exit from the EXEC mstat Show statistics after multiple multicast traceroutes mtrace Trace multicast path from source to destination ping Send echo messages quit Exit current mode and do...

Page 39: ...t mode and down to previous mode help Description of the interactive help system license Activate software feature license logout Exit from the EXEC mail Send an email mkdir Make a new directory move Rename or move a file mstat Show statistics after multiple multicast traceroutes mtrace Trace multicast path from source to destination no Negate a command or set its defaults ping Send echo messages ...

Page 40: ...Debugging functions see also undebug default Restore default settings do To run exec commands in config mode dot1x IEEE 802 1X Port Based Access Control enable Modify enable password parameters epsr Ethernet Protection Switching Ring EPSR exception Configure exception settings exit End current mode and down to previous mode fib FIB information gvrp GARP Vlan Registration Protocol help Description ...

Page 41: ...uration commands rip Routing Information Protocol RIP rmon Remote Monitoring Protocol RMON route map Create route map or enter route map command mode router Enable a routing process router id Router identifier for this system service Modify use of network based services show Show running system information snmp server Manage snmp server spanning tree Spanning tree commands ssh Secure Shell stack V...

Page 42: ...Getting Started 2008 Allied Telesis Inc All rights reserved 1 32 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 43: ...d by a hyphen 0 255 Enter a number from the range Do not enter the angle brackets Placeholders are shown in lowercase italics in angle brackets or in uppercase italics port list or ip dhcp pool NAME Replace the placeholder with the value you require The place holder may be an IP address a text string or some other value See the parameter table for the command for information about the type of valu...

Page 44: ...Command Syntax Conventions in this Software Reference 2008 Allied Telesis Inc All rights reserved 2 2 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 45: ...em Software Reference C613 50003 00 REV E 3 1 2008 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 3 1 3 Startup Sequence AlliedWare Plus Start up 3 2 Diagnostic menu 3 3 Bootloader menu 3 5 Start up sequence 3 10 ...

Page 46: ...ons before running the product release software Previous versions of AlliedWare provide the option to boot to EPROM if a software release cannot be loaded is unlicensed or if selected by the user The EPROM provides enough basic functionality to get a working software release loaded and operational on the switch In AlliedWare Plus this task is handled by the bootloader As AlliedWare Plus begins its...

Page 47: ...stage 2 diagnostics menu 8 Quit to U Boot shell 9 Quit and continue booting Enter selection The options in the stage 1 diagnostics menu allow you to initiate the following tests RAM The Bootloader fully tests any all SDRAM installed in the system NVS The Bootloader fully tests any all non volatile battery backed SRAM installed in the system checksum The Bootloader checksums ROM memory for error de...

Page 48: ...owing tests Flash The Bootloader tests the user file system area of flash The bootloader is stored in a protected area of flash that is not accessed by the user file system Flash Erase The Bootloader erases the user file system area of flash only SD Card slot The Bootloader tests the SD Card slot Once any required tests are completed from the diagnostics menu enter 9 to quit the diagnostic menu an...

Page 49: ...powerful feature of AlliedWare Plus is the ability to boot from a variety of sources Previously the switch was constrained to just booting off the release loaded into flash memory The only software release upgrade path being to load a new release into flash memory and then set this release to be loaded at the next restart With AlliedWare Plus the switch can boot from other sources such as a memory...

Page 50: ...erver IP 0 0 0 0 172 30 1 242 Enter filename r1 5 2 1 latest rel Loading tftp 172 30 1 242 r1 5 2 1 latest rel When the switch is booted up using the one off selected source for the software release it provides the option to copy the release just used to flash for further permanent use Awplus login manager Password The system has been booted using the one off boot recovery mechanism Bootup has suc...

Page 51: ...he baud rate selected can be set as the new default for future use if preferred Select baud rate 0 Return to previous menu 1 9600 2 19200 3 38400 4 57600 5 115200 6 230400 Setting can t be made permanent 7 460800 Setting can t be made permanent 8 921600 Setting can t be made permanent UNTESTED 9 Quit and continue booting Enter selection 5 Change your terminal program baud rate to 9600 and press en...

Page 52: ...e MPC8541E Speed 666 MHz Memory Total installed 512 MB Speed 166 MHz Flash Total installed 32 MB Product information Compatible software 1 r1 Serial 41CD64004 Manufacture date 04 2006 Product 280 Product name AT 9924Tsi N x900 24XT N Revision X1 First MAC address 00 00 CD 24 F6 94 Boot software information Version 1 0 7 Build time Dec 19 2006 14 59 13 Built by matthewm Build host matthewm dl Build...

Page 53: ...e bootloader to be set back to factory defaults WARNING This option erases any settings that may have been configured by this menu Are you sure Y N The bootloader menu provides a powerful set of options for flexibility in the way software releases are upgraded on the switch and system recovery is performed These should meet the requirements of the many different network scenarios that Allied Teles...

Page 54: ..._ ____ ______ _____ ____________ Allied Telesis Inc AlliedWare Plus TM v5 2 1 Original release filename r1 5 2 1 20070515 2 rel Built Tue May 15 10 12 20 NZST 2007 by systest buildpc3 dl Mounting virtual filesystems OK Mounting static filesystems OK Mounting flash OK Checking NVS filesystem OK Mounting NVS filesystem OK Starting syslog ng OK Starting klogd OK Inserting kernel module ipifwd OK Conf...

Page 55: ... occurred and device operation may be affected Additional specific information accompanies an INFO or ERROR status result For example if a corrupt release file was set as the startup release the following error message would be seen Bootloader 1 0 8 loaded Press Ctrl B for the Boot Menu Reading filesystem Error Release filename is invalid should be release rel Error There is no backup release file...

Page 56: ...Startup Sequence 2008 Allied Telesis Inc All rights reserved 3 12 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 57: ...00 REV E 4 1 2008 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 4 1 4 CLI Navigation Commands Introduction 4 2 configure terminal 4 2 disable 4 2 do 4 3 enable 4 3 end 4 4 exit 4 4 help 4 5 logout 4 5 show cli 4 6 show history 4 6 show list 4 7 ...

Page 58: ...lp navigate within the CLI configure terminal This command enters the configure command mode Syntax configure terminal Mode Privileged Exec mode Examples The following example shows the use of the configure terminal command to enter the Configure command mode note the change in the command prompt awplus configure terminal awplus config disable This command exits the Privileged Exec mode returning ...

Page 59: ...ration mode Syntax do line Mode Any configuration mode Example awplus configure terminal awplus config do ping 10 10 0 23 enable This command enters the Privileged Exec command mode Syntax enable Mode Exec mode Examples The following example shows the use of the enable command to enter the Privileged Exec mode note the change in the command prompt awplus enable awplus Related Commands disable exit...

Page 60: ...Privileged Exec mode directly from Interface mode awplus configure terminal awplus config interface VLAN1 awplus config if end awplus Related Commands disable enable exit exit This command exits the current mode and returns the prompt to the previous level When used in Exec mode the exit command terminates the session Syntax exit Mode All command modes Examples The following example shows the use ...

Page 61: ...to use the system help use the command awplus config help logout This command exits the Exec or Privileged Exec modes and ends the session Syntax logout Mode Exec and Privileged Exec modes Example To exit the Exec mode use the command awplus logout When you need help at the command line press If nothing matches the help list will be empty Delete characters until entering a shows the available opti...

Page 62: ...n The history buffer is cleared automatically upon reboot The output lists all command line entries including commands that returned an error Syntax show history Mode Exec mode and Privileged Exec mode Output Figure 4 3 Example output from the show history command Examples To display the commands entered during the current session use the command awplus show history ospf A B C D authentication no ...

Page 63: ...e C613 50003 00 REV E 4 7 show list Use this command to display a list of all the commands relevant to the current mode Syntax show list Mode All command modes Output Figure 4 4 Example output from the show list command in Configure mode Examples To run the show list command echo LINE edit edit URL enable erase startup config awplus show list ...

Page 64: ...CLI Navigation Commands 2008 Allied Telesis Inc All rights reserved 4 8 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 65: ... REV E 5 1 5 User Access Commands Introduction 5 2 clear line console 5 2 clear line vty 5 2 clear pam local user lockout 5 3 enable password 5 4 exec timeout 5 6 length 5 7 line 5 8 pam local authentication attempts lockout time 5 8 pam local authentication attempts max fail 5 9 service password encryption 5 10 service telnet 5 10 service terminal length 5 11 show privilege 5 11 show telnet 5 12 ...

Page 66: ...ine then it is closed Syntax clear line console 0 Mode Privileged Exec mode Example To reset the console use the command awplus clear line console 0 Related Commands clear line vty show users clear line vty This command resets a VTY line If a session exists on the line then it is closed Syntax clear line vty 0 32 Mode Privileged Exec mode Example To reset the first vty line use the command awplus ...

Page 67: ...clear pam local user lockout username word clear pam local user lockout all Mode Privileged Exec Mode Example To unlock the user account bob use the command awplus clear pam local user lockout username bob To unlock all user accounts use the command awplus clear pam local user lockout all Related Commands pam local authentication attempts lockout time pam local authentication attempts max fail Par...

Page 68: ...the string that you want to use as a password mypasswd Then use the service encrypted password command to encrypt the specified string mypasswd The advantage of using an encrypted password is that the configuration file does not show mypasswd it will only show the encrypted string fU7zHzuutY2SA Parameter Description plain Specifies the unencrypted password 8 Specifies a hidden password will follow...

Page 69: ...e plain text string that you want to use as a password It is not required to use the service password encryption command for this method The output in the configuration file will show only the encrypted string and not the text string Related Commands service password encryption Validation Commands show running config Configuration Output in the Configuration File awplus configure terminal awplus c...

Page 70: ...c timeout minutes seconds no exec timeout Mode Line mode Usage This command is used set the time the telnet session waits for an idle VTY session before it times out An exec timeout 0 0 setting will cause the telnet session to wait indefinitely Examples To set VTY connections to timeout after 2 minutes 30 seconds if there is no response from the user use the commands awplus config line vty 0 32 aw...

Page 71: ...ata A length of 0 will turn off pausing and data will be displayed to the console as long as there is data to display The no parameter restores the length of a line terminal session attached to a console port or to a VTY to its default Syntax length 0 512 no length Mode Configure Line mode Examples To set the terminal session length on the console to 10 rows use the command awplus config line cons...

Page 72: ...iod to the default value 300 seconds Syntax pam local authentication attempts lockout time 0 10000 no pam local authentication attempts lockout time Default The default value for lockout time is 300 seconds Mode Configure Mode Usage A user account is locked if failed login attempts reach the limit set by the pam local authentication attempts max fail command The lockout can be manually cleared by ...

Page 73: ...s the fail counter is reset to 0 When a user account is locked out all attempts to login using that account will fail Use the no parameter to restore the maximum number of failed login attempts to its default setting of 5 Syntax pam local authentication attempts max fail 1 32 no pam local authentication attempts max fail Default The default value for max fail is 5 Mode Configure Mode Example To co...

Page 74: ... service password encryption Mode Configure mode Examples awplus configure terminal awplus config service password encryption Validation Commands show running config service telnet Use this command to enable the telnet server The server is enabled by default The server listens on port 23 unless you have changed the port by using the pam local authentication attempts lockout time command on page 5 ...

Page 75: ...lines no service terminal length lines Mode Configure mode Usage This command overrides any lengths set by using the length command on page 5 7 in Line mode Examples To display 60 rows of text before pausing use the command awplus configure terminal awplus config service terminal length 60 Related Commands service terminal length terminal length show privilege This command displays the current pri...

Page 76: ... 5 1 Example output from the show telnet command Related Commands clear line vty telnet server show users show users This command shows information about the users who are currently logged into the device Syntax show users Mode Exec mode and Privileged Exec mode Output Figure 5 2 Example output from the show users command Example To show the users currently connected to the device use the command ...

Page 77: ...r This command enables the telnet server on the specified TCP port If the server is already enabled then it will be restarted on the new port Changing the port number does not affect the port used by existing sessions Syntax telnet server 1 65535 default Mode Configure mode Example To enable the telnet server on TCP port 2323 use the command awplus config telnet server 2323 Related Commands show t...

Page 78: ...pecified by this command The default length will apply unless you have changed the length for some or all lines by using the length command on page 5 7 Syntax terminal length length terminal no length length Mode Exec mode and Privileged Exec mode Examples The following example sets the number of lines to 15 awplus terminal length 15 The following example removes terminal length set previously awp...

Page 79: ... for each user 1 15 A privilege level either 1 14 limited access or 15 full access The default manager account on your device cannot be set to a lower privilege level than 15 A user with privilege level 1 14 can only enter Privileged Exec mode if an enable password has been configured and they enter the password password A password that the user must enter when logging in 8 Specifies that you are ...

Page 80: ...User Access Commands 2008 Allied Telesis Inc All rights reserved 5 16 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 81: ...Creating and Managing Files Introduction 6 2 Working with files 6 2 Listing files 6 2 Displaying the contents of configuration and text files 6 4 Navigating through the file system 6 4 Using the editor 6 6 Creating and Using Configuration Files 6 7 Creating a Configuration File 6 7 Specifying the Startup Configuration Script 6 7 Working with Configuration Files 6 8 Copying Files To and From Your D...

Page 82: ...tch automatically compacts itself to recover space available from deleted files The switch only does this when necessary and not every file deletion causes flash compaction Flash compaction can occur after a file of any size is added to or deleted from the switch While flash is compacting the console is unresponsive Do not restart the switch as interrupting flash compaction can damage files Listin...

Page 83: ...ry enter Privileged Exec mode and enter the command awplus dir directory name Tip You can specify the directory with or without a after the directory name Example To display the contents of a directory called example enter the command awplus dir example drwx 0 Jul 12 2007 17 16 32 rw 401 Jul 12 2007 17 16 32 example cfg rw 534 Jul 12 2007 17 52 50 stp cfg rw 12429011 Jul 12 2007 16 26 06 r1 5 2 1 ...

Page 84: ...ontents of a file enter Privileged Exec mode and enter the command awplus show file filename Example To display the contents of the file called example cfg enter the command awplus show file example cfg Navigating through the file system Showing the current directory To see which directory you are currently in enter Privileged Exec mode and enter the command awplus pwd For the top level directory ...

Page 85: ...y name awplus cd card directory name To return to the Flash file system enter the command awplus cd flash Example To change to the directory within NVS called example enter the command awplus cd nvs example To go up one level which returns you to the top level directory of NVS memory enter the command awplus cd Creating new directories To create a directory enter Privileged Exec mode and enter the...

Page 86: ...arizes a few useful sequences for details see joe editor sourceforge net manpage html Function Control character sequence Access the help Ctrl K H Save the file without exiting for new files this prompts for a filename Ctrl K D Save the file and exit this prompts for a filename Ctrl K X Exit without saving the file Ctrl C Go to the beginning of the file Ctrl K U Go to the end of the file Ctrl K V ...

Page 87: ... device s text editor Use the command awplus edit source URL where source URL is the name of the copied file in Flash memory creating a file on a remote PC then copying it to onto your device See Copying files for more information about using the copy commands Once you have created a configuration file you can use it as the startup config file See Specifying the Startup Configuration Script for mo...

Page 88: ... backup configuration file that loads if no other file is set as the startup config file Working with Configuration Files When you use the CLI or GUI to configure your device it stores this dynamic configuration as a list of commands called the running config To view the device s running config use the command awplus show running config If you turn off the device or restart it any unsaved changes ...

Page 89: ...cross a serial connection using ZMODEM Use the command awplus copy zmodem See Copying with ZMODEM for further details from your device onto a remote device or to your device from a remote device To copy a file across an interface with IP configured use the command awplus copy SOURCE URL DESTINATION URL To copy files across these interfaces you can use the following protocols Copying with Hypertext...

Page 90: ...rectory names in the path To use the same filename as the original press the Enter key do not press the y key that names the copy y Example To put a copy of example cfg into the example directory enter the command awplus copy example cfg example The prompt and messages look like this Copying To and From NVS or SD card To copy between file systems you need to specify the file system prefix nvs or c...

Page 91: ...pany com use the command Copying with Trivial File Transfer Protocol TFTP TFTP runs over User Datagram Protocol UDP It is simpler and faster than FTP but has minimal capability such as no provisions for user authentication To copy a file from a TFTP server to Flash memory enter Privileged Exec mode and enter the command awplus copy tftp flash The switch prompts you for the TFTP server hostname you...

Page 92: ...provides a secure way to copy files onto your device from a remote device The AlliedWare PlusTM OS includes both a SSH server and a SSH client SFTP provides additional features from SCP such as allowing you to manipulate the remote files and halt or resume file transfers without closing the session For example to load the file rei cfg onto Flash memory from the remote server at 10 0 0 5 use the co...

Page 93: ... 2 boot backup 7 3 boot config file 7 3 boot system 7 4 cd 7 4 copy current software 7 5 copy LOCAL 7 6 copy running config 7 7 copy startup config 7 8 copy URL 7 9 copy zmodem 7 10 delete 7 11 dir 7 12 edit 7 13 edit URL 7 14 erase startup config 7 14 license 7 15 mkdir 7 15 move 7 16 pwd 7 16 rmdir 7 17 show boot 7 18 show file 7 19 show file systems 7 20 show license 7 22 show running config 7 ...

Page 94: ...d or card or card The keywords flash nvs card tftp scp sftp and http are reserved for tab completion when using the copy move delete cd and dir commands Keywords flash nvs card tftp scp sftp and http cannot be applied as directory or subdirectory names when using a mkdir command A leading slash indicates the root of the current filesystem location When you copy a file Use this syntax In local Flas...

Page 95: ...mands boot config file boot system show boot boot config file This command sets the configuration file to use during the next boot cycle Syntax boot config file filename Mode Configure mode Examples To run the configuration file branch cfg the next time the device boots up use the command awplus config boot config file flash branch cfg Related Commands boot backup boot system show boot Parameter D...

Page 96: ...ts up use the command awplus config boot system rl 5 2 1 rel Related Commands boot config file boot backup show boot cd This command changes the current working directory Syntax cd directory url Mode Privileged Exec mode Examples To change to the directory called images use the command awplus cd images Related Commands dir pwd show file systems Parameter Description filename Name of a release file...

Page 97: ... system Syntax copy current software destination url Mode Privileged Exec mode Examples To copy the current software install the working directory with the name my release rel use the command awplus copy current software my release rel Related Commands boot system show boot Parameter Description destination url The URL where you would like the current running release saved This command creates a f...

Page 98: ...e Syntax copy local source local destination filename Mode Privileged Exec mode Examples To copy the file newconfig cfg onto your device s flash from an SD Card use the command awplus copy card flash newconfig cfg Related Commands copy URL copy zmodem show file show file systems Parameter Description local source File system where the original file is stored card Copies the file from an attached S...

Page 99: ... cfg to the remote server listening on TCP port 2000 use the command awplus copy running config scp user server 2000 config_files current cfg Related Commands copy startup config write file write memory Parameter Description source url The URL of a configuration file This must be a valid cfg file Specify this when you want the script in the file to become the new running config The URL can contain...

Page 100: ...onfig as the file oldconfig cfg in the current directory use the command awplus copy startup config oldconfig cfg Related Commands copy running config Parameter Description source url The URL of a configuration file This must be a valid cfg file Specify this to copy the script in the file into the startup config file Note that this does not make the copied file the new startup file so any further ...

Page 101: ...rt 2000 use the command awplus copy scp beth server 2000 config_files old cfg old cfg To copy the file config cfg into the current directory from an SD Card and rename it to configtest cfg use the command awplus copy card config cfg configtest cfg Stacked Devices In a stacked environment you can use the CLI on a stack master to access file systems that are located on another stack member In this c...

Page 102: ...MODEM works over a serial connection and does not need any interfaces configured to do a file transfer Syntax copy source url zmodem copy zmodem Mode Privileged Exec mode Examples To copy the local file asuka key using ZMODEM use the command awplus copy asuka key zmodem Related Commands copy LOCAL copy URL show file systems Parameter Description source url The URL of the source file See URL Syntax...

Page 103: ...e current directory use the command awplus delete force one cfg To delete the directory old_configs which is not empty use the command awplus delete recursive old_configs To delete the directory new_configs which is not empty without prompting if any read only files are being deleted use the command awplus delete force recursive new_configs Related Commands erase startup config rmdir Parameter Des...

Page 104: ...lus dir recursive flash Usage In a stacked environment you can use the CLI on a stack master to access file systems that are located on another stack member In this case when you enter the command specify the stack member s file system by using the following syntax hostname member id for example awplus 1 for a file or directory on stack member 1 awplus 2 for member 2 etc Example To list the files ...

Page 105: ...fore starting the editor make sure your terminal terminal emulation program or Telnet client is 100 compatible with a VT100 terminal The editor uses VT100 control sequences to display text on the terminal For more information about using the editor including control sequences see Using the editor on page 6 6 Syntax edit filename Mode Privileged Exec mode Examples To create and edit a new text file...

Page 106: ...ity bob key Related Commands edit show file erase startup config This command deletes the file that is set as the startup config file which is the configuration file that the system runs when it boots up At the next restart the device loads the default configuration file default cfg If default cfg no longer exists then the device loads with the factory default configuration This provides a mechani...

Page 107: ...1anG1Vrm4BrV93DC3HZRj5PE6fqpBlqOq9 3Dw Related Commands show license mkdir This command makes a new directory Syntax mkdir url Mode Privileged Exec mode Usage The keywords flash nvs card tftp scp sftp and http are reserved for tab completion when using the copy move delete cd and dir command Keywords flash nvs card tftp scp sftp and http cannot be applied as directory or subdirectory names when us...

Page 108: ...g from the root of the flash filesystem to the directory myconfigs use the command awplus move temp cfg myconfigs temp cfg Related Commands delete edit show file show file systems pwd This command prints the current working directory Syntax pwd Mode Privileged Exec mode Examples To print the current working directory use the command awplus pwd Related Commands cd Parameter Description source url T...

Page 109: ...level1 awplus rmdir level1 level2 awplus rmdir force level1 Usage In a stacked environment you can use the CLI on a stack master to access file systems that are located on another stack member In this case when you enter the command specify the stack member s file system by using the following syntax hostname member id for example awplus 1 for a file or directory on stack member 1 awplus 2 for mem...

Page 110: ...oftware r1 5 2 1 rel Current boot image flash r1 5 2 1 rel Backup boot image flash r2 5 1 1 rel Default boot config flash default cfg Current boot config flash my cfg file exists Parameter Meaning Current software The current software release that the device is using Current boot image The boot image currently configured for use during the next boot cycle Backup boot image The boot image to use du...

Page 111: ...This command displays the contents of a specified file Syntax show filename url Mode Privileged Exec mode Example To display the contents of the file oldconfig cfg which is in the current directory use the command awplus show oldconfig cfg Related Commands edit edit URL show file systems Parameter Description filename Name of a file on the local Flash file system url URL of a file ...

Page 112: ... will list the file systems for only that stack member Syntax show file systems Mode Privileged Exec mode Output Figure 7 2 Example output from the show file systems command STACK member 1 Size B Free B Type Flags Prefixes S D V Lcl Ntwk Avail 30 0M 6 7M flash rw flash static local Y system rw system virtual local 499 0k 0 nvs rw nvs static local Y sdcard rw card dynamic local N tftp rw tftp netwo...

Page 113: ...e given after the value and are M for Megabytes or k for kilobytes Free B The total memory free within this file system The units are given after the value and are M for Megabytes or k for kilobytes Type The memory type used for this file system flash system nvs sdcard tftp scp sftp or http Flags The file setting options rw read write ro read only Prefixes The prefixes used when entering commands ...

Page 114: ...e the command awplus show license To display full information about the licences with index number 1 use the command awplus show license index 1 Related Commands license Parameter Description name The licence name of the software feature to show information about index number The index number of the software feature to display information about brief Displays a brief summary of license information...

Page 115: ...e You can control the output in any one of the following ways To display only lines that contain a particular word follow the command with include word To start the display at the first line that contains a particular word follow the command with begin word To save the output to a file follow the command with filename For more information see Controlling show command output on page 1 26 Syntax sho...

Page 116: ...me manager privilege 15 password 8 1 bJoVec4D JwOJGPr7YqoExA0GVasdE0 platform jumboframe platform routingratio ipv4only service telnet no clock timezone ip domain lookup no ip multicast routing spanning tree mode rstp no platform e2efc interface port1 0 1 1 0 24 switchport switchport mode access service telnet no clock timezone ip domain lookup no ip multicast routing spanning tree mode rstp no pl...

Page 117: ...an interface a switch port or a channel group e g vlan2 port1 1 12 sa3 or po4 a contiguous range of interfaces ports or channel groups separated by a hyphen e g vlan2 vlan8 or port1 1 1 port1 1 24 or sa2 4 po1 3 a comma separated list of the above e g port1 0 1 port1 1 1 1 2 24 Do not mix interface types in a list The specified interfaces must exist dot1x displays running configuration for 802 1x ...

Page 118: ...s 1 and 3 5 use the command awplus show running config interface vlan1 vlan3 vlan5 To display current OSPF configuration of your switch for ports 1 to 24 use the command awplus show running config interface port1 0 1 port1 0 24 ospf To display current IGMP configuration for ports 1 to 12 on XEM 1 and 3 use the command awplus show running config interface port1 0 1 1 0 12 port1 3 1 1 3 12 ip igmp R...

Page 119: ...config Mode Privileged Exec mode Output Figure 7 5 Example output from the show startup config command Examples To display the contents of the current start up configuration file use the command awplus show startup config Related Commands boot config file copy running config copy startup config erase startup config show boot service password encryption username manager privilege 15 password 8 1 bJ...

Page 120: ...7 00 47 48 Build name r1 5 2 1 20070806 1 rel Build date Mon Aug 6 00 47 48 NZST 2007 Build type RELEASE IP Infusion Software Copyright C 2001 2004 IP Infusion Inc All rights reserved NET SNMP SNMP agent software c 1989 1991 1992 by Carnegie Mellon University c 1996 1998 2000 The Regents of the University of California All Rights Reserved c 2001 Networks Associates Technology Inc All rights reserv...

Page 121: ...Exec mode Examples To write configuration data to the start up configuration file use the command awplus write file Related Commands copy running config write memory show running config write memory This command copies the running config into the file that is set as the current startup config file This command is a synonym of the write file and copy running config startup config commands Syntax wr...

Page 122: ... E Software Version 5 2 1 write terminal This command displays the current configuration of the device This command is a synonym of the show running config command Syntax write terminal Mode Privileged Exec mode Examples To display the current configuration of your device use the command awplus write terminal Related Commands show running config ...

Page 123: ...banner 8 2 clock set 8 3 clock summer time date 8 4 clock summer time recurring 8 5 clock timezone 8 6 debug nsm 8 7 hostname 8 8 no debug all 8 9 service advanced vty 8 9 show clock 8 10 show cpu 8 11 show cpu history 8 13 show debugging nsm 8 15 show memory 8 16 show memory allocations 8 18 show memory history 8 20 show memory pools 8 22 show nsm client 8 23 show process 8 24 show router id 8 25...

Page 124: ...ring and monitoring the system banner This command displays a text banner on login Use the default parameter to display the default banner the AlliedWare Plus version and build date Use the no parameter to display no banner Syntax banner motd default text no banner motd default Mode Configure mode Default By default the AlliedWare Plus version and build date is displayed at login such as AlliedWar...

Page 125: ...eged Exec mode Usage Configure the timezone before setting the local time Otherwise when you change the timezone the device applies the new offset to the local time Example To set the time and date on your system to 2pm on the 2nd of April 2007 use the command awplus clock set 14 00 00 2 apr 2007 Related Commands clock timezone show clock Parameter Description HH MM SS Local time in 24 hour format...

Page 126: ...th the summertime set to begin on the 1st October 2007 and end on the 18th of March 2008 To remove any summertime settings on the system use the command awplus config no clock summer time Related Commands clock summer time recurring clock timezone show clock Parameter Description ZONENAME A description of the summertime zone up to 6 characters long date Specifies that this is a date based summerti...

Page 127: ...e up to 6 characters long recurring Specifies that this summertime setting applies every year from now on START WEEK Week of the month when summertime starts in the range 1 5 The value 5 indicates the last week that has the specified day in it for the specified month For example to start summertime on the last Sunday of the month enter 5 for START WEEK and sun for START DAY START DAY Day of the we...

Page 128: ...ock timezone Mode Configure mode Usage Configure the timezone before setting the local time Otherwise when you change the timezone the device applies the new offset to the local time Examples To set the timezone to New Zealand Standard Time with an offset from UTC of 12 hours use the command awplus config clock timezone NZST plus 12 To set the timezone back to UTC with no offsets use the command a...

Page 129: ...ftware Reference C613 50003 00 REV E 8 7 debug nsm This command specifies a set of debug options for use by Allied Telesis authorized service personnel only Syntax debug nsm all events debug nsm packet recv send detail no debug nsm all events packets no debug nsm packet Mode Privileged Exec mode and Configure mode Related Commands show debugging nsm ...

Page 130: ...me that is the stack name hyphenated with a numeric suffix For example awplus 1 awplus 2 and so on The hostname command can then be used to change the stack name and the stack master s host name For example for the hostname Lab the stack master s host name will be Lab and the other stack members will have host names Lab 1 Lab 2 and so on In case of stack master fail over or stack split the new sta...

Page 131: ...e and Privileged Exec mode Examples To disable debugging facility for all features use the command awplus no debug all service advanced vty Use this command to enable the advanced mode VTY interface This sets multiple options to be listed when the Tab key is pressed after completing a command Use the no version of this command to set no options to be listed when the Tab key is pressed after comple...

Page 132: ... time date clock summer time recurring clock timezone Local Time Mon 6 Aug 2007 13 56 06 1200 UTC Time Mon 6 Aug 2007 01 56 06 0000 Timezone NZST Timezone Offset 12 00 Summer time zone NZDT Summer time starts Last Sunday in September at 02 00 00 Summer time ends First Sunday in April at 02 00 00 Summer time offset 60 mins Summer time recurring Yes Parameter Meaning Local Time Current local time UT...

Page 133: ...erent information for every stack member device Entering this command for a specific stack member as a host directed command will display the information for that stack member Syntax show cpu sort thrds pri sleep runtime Mode Exec mode and Privileged Exec mode Parameter Description sort Whether to sort the list by a specified field If you do not specify this then the list is sorted by percentage C...

Page 134: ... 0 kernel 0 interrupts 0 iowaits 0 user processes pid name thrds cpu pri state sleep runtime 1358 hostd 1 2 8 15 run 97 5 1133 exfx 17 0 9 25 sleep 1 277 1538 pimd 1 0 9 15 sleep 98 89 1 init 1 0 0 18 sleep 78 29 kernel threads pid name cpu pri state sleep runtime 2 ksoftirqd 0 0 9 34 sleep 98 1571 83 aio 0 0 0 20 sleep 0 0 4 events 0 0 0 10 sleep 98 0 Parameter Meaning STACK member The ID of the ...

Page 135: ...red on a specific stack member as a host directed command it will print the graph for that particular stack member Syntax show cpu history Mode Exec mode and Privileged Exec mode Output This command s output displays three graphs of the percentage CPU utilization per second for the last minute then per minute for the last hour then per 25 minutes for the last 24 hours For each graph the horizontal...

Page 136: ... CPU utilization for all the stack members To display the memory utilization history graph for stack member 3 use the command Related Commands remote command show memory show memory allocations show memory pools show process STACK member 1 Per minute CPU load history 100 90 80 70 60 50 40 30 20 10 0 5 1 1 2 2 3 3 4 4 5 5 0 5 0 5 0 5 0 5 0 5 CPU load per minute last 60 minutes average CPU load STAC...

Page 137: ...ersion 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 8 15 show debugging nsm This command displays system details for use by Allied Telesis authorized service personnel only Syntax show debugging nsm Mode Exec mode and Privileged Exec mode Related Commands debug nsm ...

Page 138: ...esponding memory utilization information for that stack member Syntax show memory sort size peak stk Mode Exec mode and Privileged Exec mode Output Figure 8 4 Example output from the show memory command Parameter Description sort Changes the sorting order for the list of processes If you do not specify this then the list is sorted by percentage memory utilization size Sorts the list by the amount ...

Page 139: ...locations show memory history show memory pools Parameter Meaning RAM total Total amount of RAM memory free free Available memory size buffers Memory allocated kernel buffers pid Identifier number for the process name Short name used to describe the process mem Percentage of memory utilization the process is currently using size Amount of memory currently used by the process peak Greatest amount o...

Page 140: ...show memory allocations PROCESS Mode Exec mode and Privileged Exec mode Figure 8 5 Example output from the show memory allocations command Output Example To display the memory allocations used by all processes on your device use the command Parameter Description PROCESS Displays the memory allocation used by the specified process Memory allocations for BGP name bgpd pid 1155 size 2860 peak 8988 da...

Page 141: ...hts reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 8 19 To display the memory allocations used by BGP use the command Related Commands show memory show memory history show memory pools awplus show memory allocations bgp ...

Page 142: ... on a specific stack member as host directed commands it will display corresponding memory utilization information for that stack member Syntax show memory history Mode Exec mode and Privileged Exec mode Output This command s output displays three graphs of the percentage memory utilization per second for the last minute then per minute for the last hour then per 25 minutes for the last 24 hours F...

Page 143: ...orical memory usage for a single device device 3 in this example within a stack use the command Related Commands show memory allocations show memory pools STACK member 1 Per minute memory utilization history 100 90 80 70 60 50 40 30 20 10 0 5 1 1 2 2 3 3 4 4 5 5 0 5 0 5 0 5 0 5 0 5 Memory utilization per minute last 60 minutes average memory utilization STACK member 2 Per minute memory utilization...

Page 144: ...w memory pools Related Commands show memory allocations show memory history Parameter Description PROCESS Displays the memory pools used by the specified process Memory pools for BGP name bgpd pid 1207 size 1996 peak 8640 data 2012 stack 84 pool allocated LDP Id 296 Memory diagnostics 2508 Message of The Day 96 Host config 8 Link list 320 Rmap 64 Temporary memory 113440 Vector 21992 Application To...

Page 145: ...ghts reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 8 23 show nsm client This command displays system details for use by Allied Telesis authorized service personnel only Syntax show nsm client Mode Privileged Exec mode ...

Page 146: ...nd Privileged Exec mode Output Figure 8 8 Example output from the show process command Parameter Description sort Changes the sorting order for the list of processes cpu Sorts the list by the percentage of CPU utilization mem Sorts the list by the percentage of memory utilization CPU load for 1 minute 0 5 minutes 3 15 minutes 0 RAM total 514920 kB free 382600 kB buffers 16368 kB user processes pid...

Page 147: ...and Related Commands remote command show cpu show cpu history show router id Use this command to display the Router ID of the current system Syntax show router id Mode Exec mode and Privileged Exec mode Usage awplus show router id Router ID 10 55 0 2 automatic Examples pri Process priority state Process state one of run sleep stop zombie or dead sleep Percentage of time the process is in the sleep...

Page 148: ...distinguish the different information for every stack member If it is entered on a specific stack member as a host directed command it will display the information for that stack member Syntax show system Mode Exec mode and Privileged Exec mode Output Figure 8 9 Example output from the show system command Switch System Status Wed Dec 19 08 42 16 2007 Board ID Bay Board Name Rev Serial number Base ...

Page 149: ...5 Bay2 XEM STK A 0 M1L174004 PSU 212 PSU1 AT PWR01 AC F 1 3F4AAA3 Fan module 214 PSU2 AT FAN01 F 1 3F0A72D Memory DRAM 514460 kB Flash 31 0MB Used 25 1MB Available 5 9MB Environment Status Normal Uptime 0 days 04 26 02 Stack member 2 Board ID Bay Board Name Rev Serial number Base 271 x900 24XS A 2 41HF6900U Expansion 272 Bay1 XEM 1XP A 0 41AR5B003 Expansion 285 Bay2 XEM STK nul M1L17400T PSU 212 P...

Page 150: ...all Status Fault Resource ID 1 Name PSU bay 1 ID Sensor Units Reading Low Limit High Limit Status 1 Device Present 0 FAULT 2 PSU Overtemp 0 Ok 3 PSU Fan Fail 0 Ok 4 PSU Power Good 0 Ok Resource ID 2 Name PSU bay 2 ID Sensor Units Reading Low Limit High Limit Status 1 Device Present 1 Ok 2 PSU Overtemp 0 Ok 3 PSU Fan Fail 0 Ok 4 PSU Power Good 1 Ok Resource ID 3 Name x900 24XS ID Sensor Units Readi...

Page 151: ...erent information for every stack member If it is entered on a specific stack member as a host directed command it will display the information for that stack member Mode Exec mode and Privileged Exec mode Output Figure 8 12 Example output from the show system pluggable command Example To display information about the pluggable LAN connectors installed in your device use the command awplus show sy...

Page 152: ...fault displays all information for the switch The output is saved to the file tech support txt in the current directory If this file already exists in the current directory then a new file is generated with the time stamp appended to the file name for example tech support20080109 txt so the last saved file is retained Mode Privileged Exec mode Usage The show tech support command is useful for coll...

Page 153: ...b Build date Mon Jan 7 17 14 28 NZDT 2008 Current boot config flash vcs_n10_06 cfg file exists Territory japan System Name N10 06 System Contact System Location N10 06 show system environment Environment Monitoring Status Overall Status Fault Resource ID 1 Name PSU bay 1 ID Sensor Units Reading Low Limit High Limit Status 1 Device Present 1 Ok 2 PSU Power Output 1 Ok Resource ID 2 Name 9912T SPsi ...

Page 154: ...of the system Use the no parameter to return the territory to its default setting of japan Syntax system territory australia nz europe japan usa china korea no system territory Mode Configure Mode Example awplus config system territory usa Validation Commands show system Parameter Description system System properties territory Territory of system australia Australia nz New Zealand europe Europe ja...

Page 155: ...ing output press the Enter key Use the command terminal no monitor to stop displaying debugging output on the terminal Syntax terminal monitor terminal no monitor Mode Privileged Exec mode Examples Related Commands All debug commands undebug nsm This command specifies a set of debug options for use by Allied Telesis authorized service personnel only Syntax undebug nsm all events undebug nsm packet...

Page 156: ...System Configuration and Monitoring Commands 2008 Allied Telesis Inc All rights reserved 8 34 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 157: ... Reference C613 50003 00 REV E 9 1 2008 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 9 1 9 Debugging and Logging Introduction 9 2 Debugging 9 2 Logging to terminal 9 2 Turning off debugging 9 2 Logging 9 3 Log Outputs 9 3 ...

Page 158: ...ls by using parameters with these commands Logging to terminal To start debugging to the terminal 1 Turn on the debug options by using the relevant debug command 2 Run the terminal monitor command awplus enable awplus configure terminal awplus config debug protocol parameter awplus config exit awplus terminal monitor Sample Output This is a sample output of the debug rsvp events command displayed ...

Page 159: ...e the type of facility that generated the message substrings within the message text The severity levels in order are emergencies alerts critical errors warnings notifications informational debugging The facility categories are auth Security authorization messages authpriv Security authorization messages private cron Clock daemon daemon System daemons ftp FTP daemon kern Kernel messages lpr Line p...

Page 160: ...t and has a filter to include messages with a severity level of warning and above The permanent log can be disabled using the command no log permanent Additional filters can be added and removed using the commands log permanent facility level msgtext program no log permanent facility level msgtext program The following permanent log commands are available show log Displays the entire contents of t...

Page 161: ...o send messages to no log email to There are no default filters associated with email outputs when they are created Filters can be added and removed with the commands log email to facility level msgtext program no log email to facility level msgtext program It is not possible to view the log messages sent to this type of output as they are not retained on the device They must be viewed by the emai...

Page 162: ...V E Software Version 5 2 1 Note An email server and from address must be configured on the device in order for email logs to work awplus config mail from The address to send in the mail from command smtpserver SMTP server to send the emails to Email logs are sent in batches of approximately 20 messages and have the subject line Log messages ...

Page 163: ... log buffered 10 4 default log console 10 5 default log email 10 5 default log host 10 6 default log monitor 10 7 default log permanent 10 7 exception coredump size 10 8 log buffered 10 9 log buffered filter 10 10 log buffered size 10 12 log console 10 13 log console filter 10 14 log email 10 16 log email filter 10 17 log email time 10 20 log host 10 21 log host filter 10 22 log host time 10 25 lo...

Page 164: ... Mode Example clear log Removes the contents of the buffered and permanent logs Syntax clear log Mode Privileged Exec mode Examples To delete the contents of the buffered and permanent log use the command Validation Commands show log Related Commands clear log buffered clear log permanent Parameter Description clear Reset functions exception Clear exception information log Clear the exception log ...

Page 165: ...ds clear log clear log permanent clear log permanent Removes the contents of the permanent log Syntax clear log permanent Mode Privileged Exec mode Examples To delete the contents of the permanent log use the command Validation Commands show log Related Commands clear log clear log buffered Parameter Description clear Remove dynamic information log The contents of the logs buffered The RAM buffere...

Page 166: ...d log is 50kb and it accepts messages with the severity level of warnings and above The buffered log is enabled by default Syntax default log buffered Mode Configure mode Examples To restore the buffered log to its default settings use the command Validation Commands show log config Related Commands log buffered log buffered size Parameter Description default Restore default settings log Logging c...

Page 167: ...ult settings for log messages sent to an email address By default no filters are defined for email addresses Filters must be defined before messages will be sent Also restores the remote syslog server time offset value to local no offset Syntax default log email to Mode Configure mode Examples To restore the default settings for log messages sent to the email address admin alliedtelesis com use th...

Page 168: ...l be sent Also restores the remote syslog server time offset value to local no offset Syntax default log host ip address Mode Configure mode Examples To restore the default settings for messages sent to the remote syslog server with IP address 10 32 16 21 use the command Validation Commands show log config Related Commands log email Parameter Description default Restore default settings log Loggin...

Page 169: ...ds show exception log log monitor filter show log config default log permanent Restores the default settings for the permanent log stored in NVS By default the size of the permanent log is 50 kB and it accepts messages with the severity level of warnings and above The permanent log is enabled by default Syntax default log permanent Mode Config mode Examples To restore the permanent log to its defa...

Page 170: ...tting only applies to processes created after this command has been executed to ensure this is applied to all processes the system will need to be restarted Syntax exception coredump size none small medium large unlimited no exception coredump size Mode Configure Mode Default Unlimited Examples To restrict the size of the core file created use the command To restore the size of the core files crea...

Page 171: ...ke way for new ones The buffered log is configured by default Syntax log buffered no log buffered Mode Configure mode Examples To configured the device to store log messages in RAM use the command To configure the device to not store log messages in a RAM buffer use the command Validation Commands show log config Related Commands default log buffered log buffered filter log buffered size Parameter...

Page 172: ...sing the no form of this command Syntax log buffered level level program program name facility facility msgtext text string no log buffered level level program program name facility facility msgtext text string Parameter Description log Logging control buffered Store log messages in a RAM buffer no Deletes the specified filter so that corresponding messages are no longer sent to the buffered log l...

Page 173: ...ed Access Control lacp Link Aggregation Control Protocol LACP stp Spanning Tree Protocol STP rstp Rapid Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR irdp ICMP Router Discovery Protocol IRDP rmon Remote Monitoring facility Filter messages to...

Page 174: ...fig Related Commands default log buffered log buffered log buffered size log buffered size Configures the amount of memory that the buffered log is permitted to use Once this memory allocation has been filled old messages will be deleted to make room for new messages Syntax log buffered size 50 250 Mode Configure mode Examples To allow the buffered log to use up to 100kb of RAM use the command Val...

Page 175: ... port Use the no version of this command to configure the device not to send log messages to consoles Syntax log console no log console Mode Configure Mode Examples To configure the device to send log messages use the command awplus config log console To configure the device not to send log messages in all consoles use the command Validation Commands show log config Related Commands log console fi...

Page 176: ...d by filters that are more selective Syntax log console level level program program name facility facility msgtext text string no log console level level program program name facility facility msgtext text string Parameter Description log Logging control console Set console logging parameters no Deletes the specified filter so that corresponding messages are no longer sent to the console level Fil...

Page 177: ...ent Multicast Sparse Mode PIM SM dot1x IEEE 802 1X Port Based Access Control lacp Link Aggregation Control Protocol LACP stp Spanning Tree Protocol STP rstp Rapid Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR irdp ICMP Router Discovery Proto...

Page 178: ...nding critical alert and emergency level messages to the console use the command awplus config no log console level critical Validation Commands show log config Related Commands log console log email Configures the device to send log messages to an email address The email address is specified in this command By default no filters are defined for email log targets Filters must be defined before mes...

Page 179: ... name facility facility msgtext text string no log email to level level program program name facility facility msgtext text string Parameter Description log Logging control email Set email logging parameters to The email address to send logging messages to no Deletes the specified filter so that corresponding messages are no longer sent to the specified email address level Filter messages by sever...

Page 180: ...M dot1x IEEE 802 1X Port Based Access Control lacp Link Aggregation Control Protocol LACP stp Spanning Tree Protocol STP rstp Rapid Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR irdp ICMP Router Discovery Protocol IRDP rmon Remote Monitoring...

Page 181: ...edtelesis com use the command To remove a filter that sends all messages generated by BGP that have a severity of notices or higher to the email address admin homebase com use the command To remove a filter that sends messages with a severity level of informational and above to the email address admin alliedtelesis com use the command Related Commands default log email log email show log config aw...

Page 182: ...recipient The default is local Syntax log email to time local offset plus minus 0 24 Mode Configure mode Examples To send messages to the email address admin homebase com with the time information converted to the time zone of the email recipient which is 3 hours ahead of this device use the command Validation Commands show log config Related Commands default log buffered Parameter Description log...

Page 183: ...ages will be sent Syntax log host ip address no log host ip address Mode Configure mode Examples To configure the device to send log messages to a remote syslog server with IP address 10 32 16 99 use the command To stop the device from sending log messages to the remote syslog server with IP address 10 32 16 99 use the command no log host 10 32 16 99 Validation Commands show log config Related Com...

Page 184: ...l program program name facility facility msgtext text string no log host a b c d level ip address program program name facility facility msgtext text string Parameter Description log Logging control host Send log messages to a remote syslog server ip address The IP address of a remote syslog server no Deletes the specified filter so that corresponding messages are no longer sent to the specified e...

Page 185: ...Mode PIM DM pim sm Protocol Independent Multicast Sparse Mode PIM SM pim smv6 Protocol Independent Multicast Spare Mode version 6 PIM SMv6 dot1x IEEE 802 1X Port Based Access Control lacp Link Aggregation Control Protocol LACP stp Spanning Tree Protocol STP rstp Rapid Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Mana...

Page 186: ...ces or higher to a remote syslog server with IP address 10 32 16 21 use the command To remove a filter that sends all messages containing the text Bridging initialization to a remote syslog server with IP address 10 32 16 21 use the command To remove a filter that sends messages with a severity level of informational and above to the syslog server with IP address 10 32 16 21 use the command Relate...

Page 187: ...s local Syntax log host a b c d time local offset plus minus 0 24 Mode Configure mode Examples To send messages to the remote syslog server with IP address 10 32 16 21 with the time information converted to the time zone of the syslog server which is 3 hours ahead of this device use the command Validation Commands show log config Related Commands default log buffered log host Parameter Description...

Page 188: ...m program name facility facility msgtext text string no log monitor level level program program name facility facility msgtext text string Parameter Description log Logging control monitor Set monitor logging parameters no Deletes the specified filter so that corresponding messages are no longer sent to the permanent log level Filter messages to the permanent log by severity level level The minimu...

Page 189: ...lticast Sparse Mode PIM SM pim smv6 Protocol Independent Multicast Spare Mode version 6 PIM SMv6 dot1x IEEE 802 1X Port Based Access Control lacp Link Aggregation Control Protocol LACP stp Spanning Tree Protocol STP rstp Rapid Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH epsr Ethernet...

Page 190: ...t Once the permanent log reaches its configured maximum allowable size old messages will be deleted to make way for new ones The no form of the command configures the device not to send any messages to the permanent log Log messages will not be retained over a restart Syntax log permanent no log permanent Mode Configure mode Examples To enable permanent logging use the command To disable permanent...

Page 191: ... of this command Syntax log permanent level level program program name facility facility msgtext text string no log permanent level level program program name facility facility msgtext text string Parameter Description log Logging control permanent Send messages to the permanent log innon volatile storage NVS memory no Deletes the specified filter so that corresponding messages are no longer sent ...

Page 192: ...pim smv6 Protocol Independent Multicast Spare Mode version 6 PIM SMv6 dot1x IEEE 802 1X Port Based Access Control lacp Link Aggregation Control Protocol LACP stp Spanning Tree Protocol STP rstp Rapid Spanning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings ...

Page 193: ...ce C613 50003 00 REV E 10 31 To create a filter to send all messages containing the text Bridging initialization to the permanent log use the command Validation Commands show log config Related Commands default log permanent log permanent log permanent size show log permanent awplus config log permanent msgtext Bridging initialization ...

Page 194: ...the permanent log to use up to 100kb of NVS use the command Validation Commands show log config Related Commands default log permanent log permanent show exception log This command is used to display the contents of the exception log Syntax show exception log Mode Privileged Exec Mode Parameter Description log Logging control permanent Store log messages permanently in NVS size Set the maximum siz...

Page 195: ...evel 8 2006 Nov 10 09 30 14 daemon err snmpd 181 flash configs snmpd conf line 20 Error bad SUBTREE object 2006 Nov 10 09 30 14 user info HSL 192 HSL INFO Registering port port1 0 1 To display the 10 latest entries in the buffered log use the command date time facility severity program pid message 2006 Nov 10 13 30 01 cron notice crond 116 USER manager pid 469 cmd logrotate etc logrotate conf 2006...

Page 196: ...00 REV E Software Version 5 2 1 2006 Nov 10 13 49 32 syslog notice syslog ng 67 SIGHUP received reloading configuration 2006 Nov 10 13 50 01 cron notice crond 116 USER manager pid 482 cmd nbqueue wipe 2006 Nov 10 13 55 01 cron notice crond 116 USER manager pid 483 cmd nbqueue wipe Related Commands show log config show log permanent ...

Page 197: ... Maximum size 50kb Filters 1 Level notices Program any Facility any Msg text any Statistics 17 messages received 0 accepted by filter 1977 Nov 23 10 42 11 Permanent log Status enabled Maximum size 50kb Filters 1 Level warnings Program any Facility any Msg text any Statistics 17 messages received 0 accepted by filter 1977 Nov 23 10 42 11 Terminal log Filters 1 Level debugging Program any Facility a...

Page 198: ... the buffered log configuration indicates that this is the default filter The permanent log has had its default filter removed so none of the filters are marked with Note Statistics are updated periodically not in real time Whenever a logging configuration command is issued the statistics are reset Also when automatic log rotation occurs the statistics are reset Related Commands show log show log ...

Page 199: ...to user bin 2006 Nov 10 09 30 09 cron notice crond 116 crond 2 3 2 dillon started log level 8 2006 Nov 10 09 30 14 daemon err snmpd 181 flash configs snmpd conf line 20 Error bad SUBTREE object 2006 Nov 10 09 30 14 user info HSL 192 HSL INFO Registering port port1 0 1 To display the 10 latest entries in the permanent log use the command awplus show log permanent tail date time facility severity pr...

Page 200: ...d displays the current running configuration of the Log utility Syntax show running config log Mode Privileged Exec mode Examples To display the current configuration of the log utility use the command Related Commands show log show log config Parameter Description show Show running config information running config Current operating configuration log Logging utility awplus show running config log...

Page 201: ...AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 11 1 2008 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 11 1 11 Scripting Commands activate 11 2 echo 11 2 ...

Page 202: ...he password to your script after enable Example To activate a command script to run as a background process use the command awplus activate background test scp To activate a script flash test scp in stack member 2 use the command awplus 1 activate awplus 2 flash test scp echo This command echoes a string to the terminal followed by a blank line It is useful in CLI scripts to make the script print ...

Page 203: ...rence C613 50003 00 REV E 12 1 2008 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 12 1 12 Interface Commands Introduction 12 2 description 12 2 interface 12 3 mtu 12 4 show interface 12 5 show interface brief 12 6 shutdown 12 7 ...

Page 204: ...ommands used to configure and display interfaces description This command adds a description to a specific port or interface Syntax description description Mode Interface mode Examples The following example uses this command to describe the device that a switch port is connected to awplus config interface port1 0 2 awplus config if description Boardroom PC Parameter Description description Text de...

Page 205: ...n1 Note how the prompt changes awplus configure terminal awplus config interface vlan1 awplus config if Parameter Description interface list The interfaces or ports to configure An interface list can be an interface a switch port or a channel group e g vlan2 port1 1 12 sa3 or po4 a continuous range of interfaces ports or channel groups separated by a hyphen e g vlan2 vlan8 or port1 1 1 port1 1 24 ...

Page 206: ... Transmission Unit MTU size for a VLAN interface Use the no command to remove a previously specified Maximum Transmission Unit MTU size for a VLAN interface Syntax mtu mtu_size no mtu Command Mode Interface mode Example Parameter Description mtu_size 64 9208 Specifies size of the VLAN Maximum Transmission Unit MTU in bytes awplus configure terminal awplus config interface vlan1 awplus config if mt...

Page 207: ...rt or a channel group e g vlan2 port1 1 12 sa3 or po4 a continuous range of interfaces switch ports or channel groups separated by a hyphen e g vlan2 vlan8 or port1 1 1 port1 1 24 or sa2 4 po1 3 a comma separated list of the above The specified interfaces must exist Interface port1 0 1 Scope both Link is UP administrative state is UP Hardware is Ethernet address is 0000 cd24 daeb bia 0000 cd24 dae...

Page 208: ...interface brief Interface Status Protocol port1 0 1 admin up down port1 0 2 admin up down port1 0 3 admin up down port1 0 4 admin up down port1 0 5 admin up down port1 0 6 admin up down port1 0 7 admin up down port1 0 8 admin up down port1 0 9 admin up down port1 0 10 admin up down port1 0 11 admin up down port1 0 12 admin up down port1 0 13 admin up down port1 0 14 admin up down port1 0 15 admin ...

Page 209: ...s administratively disables the link and takes the link down at the physical electrical layer Use the no form of this command to disable this function and therefore to bring the link back up again Syntax shutdown no shutdown Mode Interface mode Examples The following example shows the use of the shutdown command to shut down port1 0 20 awplus configure terminal awplus config interface port1 0 20 a...

Page 210: ...Interface Commands 2008 Allied Telesis Inc All rights reserved 12 8 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 211: ...m Software Reference C613 50003 00 REV E 13 1 2008 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 13 1 13 Interface Testing Commands Introduction 13 2 clear test interface 13 2 service test 13 3 test interface 13 4 ...

Page 212: ...s for all interfaces use the command To clear the counters for ports 1 to 12 on XEM 1 port1 1 1 through port1 1 12 apply Related Commands test interface Parameter Description clear Resets functions test Test device functionality interface Test interface interface list The interfaces or ports to clear test results and counters for An interface list can be an interface a switch port or a channel gro...

Page 213: ...ting After entering this command enter Interface Configuration mode for the desired interfaces and enter the command test interface command on page 13 4 Do not test interfaces on a device that is part of a live network disconnect the device first Use the no parameter to stop the test service Syntax service test no service test Mode Configure Mode Example To put the device into a test state use the...

Page 214: ... the following commands To see the output use the commands Parameter Description no Negate test device functionality test Test device functionality interface Test interface interface list The interfaces or ports to test An interface list can be an interface a switch port or a channel group e g vlan2 port1 1 12 sa3 or po4 a continuous range of interfaces ports or channel groups separated by a hyphe...

Page 215: ... interfaces for 1 minute use the command To start the test on ports 1 to 12 for XEM 1 port1 1 1 through port1 1 12 use the command awplus test interface port1 1 1 port1 1 12 To stop testing ports 1 to 12 for XEM 1 port1 1 1 through port1 1 12 use the command Related Commands clear test interface awplus show test count awplus test interface all time 1 awplus no test interface port1 1 1 port1 1 12 ...

Page 216: ...Interface Testing Commands 2008 Allied Telesis Inc All rights reserved 13 6 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 217: ... 14 Switching Introduction Chapter 15 Switching Commands Chapter 16 VLAN Commands Chapter 17 GVRP Commands Chapter 18 Spanning Tree Introduction STP RSTP MSTP Chapter 19 Spanning Tree Commands Chapter 20 Link Aggregation Configuration Chapter 21 Link Aggregation Commands ...

Page 218: ......

Page 219: ...peed options 14 4 Configuring the port speed 14 5 MDI MDIX Connection Modes 10BASE T 14 5 The Layer 2 Switching Process 14 7 The Ingress Rules 14 7 The Learning Process 14 8 The Forwarding Process 14 8 The Egress Rules 14 9 Layer 2 Filtering 14 10 Channel Groups Link Aggregation 14 10 Static Channel Groups 14 11 LACP Channel Groups 14 11 Storm Control 14 13 Support for Jumbo Frames 14 13 Port Mirr...

Page 220: ...ames await transmission according to their priority Such a situation could occur where data enters a number of input ports and all destined for the same output port The switch can be used to Increase both the physical extent and the maximum number of stations on a LAN LANs are limited in their physical extent by the signal distortion and propagation delay characteristics of the media The switch ov...

Page 221: ...e number 0 In an unstacked configuration all device numbers are 1 Example port number 1 2 6 represents device 1 module 2 port 6 Adding a description You can add a description to an interface to help identify its purpose or position For example to add the description connected to Nerv to port1 0 3 use the commands awplus config interface port1 0 3 awplus config if description connected to Nerv Port...

Page 222: ...s When in full duplex mode a port transmits and receives data simultaneously When in half duplex mode the port transmits or receives but not both at the same time You can set a port to use either of these options or allow it to autonegotiate the duplex mode with the device at the other end of the link To configure the duplex mode Speed options Before configuring a port s speed check the hardware l...

Page 223: ...lts in a duplex mismatch and packet loss To avoid this either fix the mode at both ends or use autonegotiation at both ends Configuring the port speed To set the port speed to 1000 kbps on port 1 0 1 MDI MDIX Connection Modes 10BASE T The IEEE 802 3 standard defines a series of Media Dependant interface types and their physical connections For twisted pair 10BASE T networking the standard defines ...

Page 224: ...rity command on page 15 14 To set the MDI MDIX mode for port 1 0 1 Note that if you override a port s autonegotiation by setting it to a fixed speed and duplex mode automatic MDI MDI X detection is also overridden Ports have the MDI X polarity by default awplus configure terminal Enter the config terminal mode awplus config if configure interface port1 0 1 Enter the Config Interface mode to config...

Page 225: ...tagged and untagged that a VLAN aware switch receives must be classified into a VLAN Each received frame is mapped to exactly one VLAN If an incoming frame is tagged with a valid VLAN identifier VID then that VID is used If an incoming frame is untagged or is priority tagged a tagged frame with a VID of all zeros then the switch uses internal VLAN association rules to determine the VLAN it belongs...

Page 226: ...ve stations are kept alive in the forwarding database By default the ageing timer is enabled It can be disabled with the no mac address table ageing time command You can enable it with the mac address table ageing time command on page 15 7 If switch learning is disabled and the ageing timer has aged out all dynamically learned filter entries only statically entered MAC source addresses decide the ...

Page 227: ...ge 14 10 Otherwise the frame is forwarded on the indicated port Forwarding occurs only when the port on which the frame was received is in the Spanning Tree forwarding or disabled state The destination address is then looked up in the forwarding database for the VLAN The Egress Rules After the forwarding process has determined from which ports and transmission queues to forward a frame the egress ...

Page 228: ...ived This process is referred to as flooding If an entry is found in the forwarding database but the entry is not marked forwarding or the entry points to the same port the frame was received on the frame is discarded Otherwise the frame is transmitted on the port specified by the forwarding database Channel Groups Link Aggregation Channels either static or dynamic LACP increase channel reliabilit...

Page 229: ...ontrol Protocol LACP LACP operates where systems are connected over multiple communications links Once LACP has been initially configured and enabled it automatically creates Ether channels and assigns appropriate links to their membership LACP continues to monitor these groups and dynamically adds or removes links to them as network changes occur LACP achieves this by determining which ports are ...

Page 230: ...mined by the device connection The lag ID can be displayed for each aggregated link by entering the show etherchannel LACP command on page 21 5 Configuring an LACP channel group The following example creates LACP channel group 2 and enables link aggregation on switch ports 1 0 1 and 1 0 2 within this channel group Note that all aggregated ports must belong to the same VLAN For a more detailed LACP...

Page 231: ...itch Support for Jumbo Frames You can enable jumbo frame support on the switch to improve throughput and network utilization By increasing frame size more data is put in each packet that the switch has to process When jumbo frames support is enabled the maximum received packet size is 9710 bytes for ports that work at speeds of either 10Mbps or 100Mbs 10240 bytes for ports that work at speeds of 1...

Page 232: ...ch port These comprise MAC address learn limits IEEE 802 1x MAC Address Learn Limits MAC address limiting is applied using the switchport port security command on page 15 26 If enabled on a port the switch will learn MAC addresses up to a user defined limit from 1 to 256 then lock out all other MAC addresses One of the following options can be specified for the action taken when an unknown MAC add...

Page 233: ...t broadcast traffic to only those devices which need to receive it to reduce traffic across the network Connect 802 1Q compatible switches together through one port on each switch Devices that are members of the same VLAN only exchange data with each other through the switch s layer 2 switching capabilities To exchange data between devices that are located in different VLANs the switch s layer 3 r...

Page 234: ...associated with one VLAN the port based VLAN by default vlan1 and when it receives untagged frames it associates them with the VID of this VLAN You can associate the port with another VLAN created by the vlan command and this removes it from the default VLAN switchport access vlan command Use access mode for any ports connected to devices that do not use VLAN tagging for instance PC workstations T...

Page 235: ... switch ports that will be in access mode for a particular VLAN Associate the VLAN with these ports in access mode Repeat for other VLANs and ports in access mode awplus config if switchport access vlan vlan id awplus config if interface port list Associate switch ports in trunk mode with VLANs Enter Interface Configuration mode for all the switch ports that will be in trunk mode for a particular ...

Page 236: ...ge port and is removed as it leaves the destination customer edge port From this point on the S Tag is used for transmission within the service provider or public Layer 2 network The VID that is used within the client s own network now termed the C Tag is ignored by the service provider network and bridging is based on the value of the S Tag The ethertype of the S Tag is set by changing the Tag Pr...

Page 237: ... support To create the VLANs to be nested 1 Create and enable service provider VLANS 10 and 20 2 Configure ports 1 0 1 and 102 as a provider port members of of VLAN 10 and 20 3 Configure port 1 0 3 as a customer edge port member of VLAN 10 awplus configure terminal awplus config platform jumbo frame awplus reboot awplus configure terminal awplus config vlan database awplus config vlan vlan 10 20 s...

Page 238: ...ommand This example changes the TPID to 0x9100 The nestedtpid parameter specifies the Ethernet type of the tagged packet This is set to 0x8100 by default Note that this command specifies the TPID value that applies to all VLANs used for double tagged VLANs stacked VLANs You cannot set individual TPID values for different VLANs within a multi double tagged VLAN network awplus configure terminal awp...

Page 239: ...easily supply different customers with different amounts of bandwidth Configuring Quality of Service involves two separate stages 1 Classifying traffic into flows according to a wide range of criteria Classification is performed by the switch s class maps 2 Acting on these traffic flows The switch s QoS functionality includes the following policies to provide a QoS configuration for a port or port...

Page 240: ...roup by default multicast packets will be flooded onto all ports in the VLAN IGMP snooping enables the switch to forward multicast traffic intelligently on the switch The switch listens to IGMP membership reports queries and leave messages to identify the switch ports that are members of multicast groups Multicast traffic will only be forwarded to ports identified as members of the specific multic...

Page 241: ...dress table static 15 8 mirror interface 15 9 platform control plane prioritization rate 15 10 platform enhancedmode 15 12 platform jumboframe 15 13 platform vlan stacking tpid 15 14 polarity 15 14 show flowcontrol interface 15 15 show interface switchport 15 16 show mac address table 15 17 show mirror 15 18 show mirror interface 15 19 show platform 15 20 show platform table port 15 21 show port s...

Page 242: ... This example shows how to clear multicast filtering database entries for a given VLAN This example shows how to clear static filtering database entries for a given mac address Parameter Description static Filtering database entries configured through CLI multicast Multicast filtering database entries address Filtering database entries with the given mac address vlan Filtering database entries for...

Page 243: ...n for a given MAC address clear port counter Clears the packet counters of the port Syntax clear port counter port Mode Exec and Privileged Exec Mode Example To clear the packet counter for port1 0 1 awplus clear port counter port1 0 1 Related Commands show platform table port awplus clear mac address table dynamic address 0202 0202 0202 Parameter Description clear Reset functions port Clear the p...

Page 244: ...sable platform to CPU level packet debug If the result means both send and receive packet debug are disabled then any active timeout will be cancelled Syntax debug platform packet recv send timeout 0 3600 no debug platform packet recv send Mode Privileged Exec Mode and Configure Mode Example To enable both receive and send packet debug for the default 5 minutes awplus debug platform packet To enab...

Page 245: ... show running config Syntax duplex auto full half Mode Interface mode Usage Switch ports in a static or dynamic LACP channel group must have the same port speed and be in full duplex mode Once switch ports have been aggregated into a channel group you can set the duplex mode of all the switch ports in the channel group by applying this command to the channel group Examples To specify full duplex e...

Page 246: ...estion and cannot receive any more traffic it notifies the other port to stop sending until the condition clears When the local device detects congestion at its end it notifies the remote device by sending a pause frame On receiving a pause frame the remote device stops sending data packets which prevents loss of data packets during the congestion period Examples Parameter Description receive When...

Page 247: ... command to specify an ageing out time for a learned MAC address The learned MAC address will persist for at least the specified time Syntax mac address table ageing time ageing timer none no mac address table ageing time Default The default ageing time is 300 seconds Mode Configure mode Examples awplus configure terminal awplus config mac address table acquire Parameter Description ageing timer 1...

Page 248: ...mand is only applicable to layer 2 switched traffic within a single VLAN Do not apply the mac address table static command to layer 3 switched traffic passing from one VLAN to another VLAN Frames will not be discarded across VLANs because packets are routed across VLANs This command only works on layer 2 traffic Examples Parameter Description mac addr the destination MAC address in HHHH HHHH HHHH ...

Page 249: ...was associated with This command can only be applied to a single mirror destination port not to a range of ports nor to a static or dynamic channel group Do not apply multiple interfaces with an interface command before issuing the mirror interface command One interface may have multiple mirror interfaces Example To mirror traffic received and transmitted on ports 1 1 4 and 1 1 5 to destination po...

Page 250: ...y integer values are accepted for rate limits Set the rate to 0 using platform control plane prioritization rate to disable CPU protection Syntax platform control plane prioritization rate rate limit no platform control plane prioritization rate Mode Configure mode Default 60 Mbps Usage Confirming default settings Use show platform to confirm the default rate limit settings displayed with platform...

Page 251: ...ontrol plane prioritization 10 Confirm the maximum traffic rate has been configured using the following show command awplus show platform Load Balancing srt dst mac src dst ip Control plane prioritization Max 10 Mbps Jumboframe support off Enhanced mode qos counters Vlan stacking TPID 0x8100 Reset the maximum traffic rate on the CPU port to 60 Mbps using the following no command awplus config no p...

Page 252: ... You must set the qoscounters option before you configure QoS storm protection Examples To turn monitoring of QoS traffic class counters on use the command awplus config platform enhancedmode qoscounters To restore the silicon memory so that the QoS traffic counters are no longer monitored use the command awplus config no platform enhancedmode To increase the size of the nexthop table use the comm...

Page 253: ...eds of 1000Mbps is 10240 bytes You must restart the device after entering this command for it to take effect You can use the the reboot command on page 65 4 to restart the device The no parameter disables the device from forwarding jumbo frames This stops the ports from forwarding packets larger than VLAN tagged frames 1522 bytes You must restart the device after entering this command for it to ta...

Page 254: ... Mode Configure mode Examples To set the VLAN stacking TPID to 0x9100 use the command Related Commands switchport vlan stacking double tagging show platform show running config polarity This command sets the polarity on a switch port Ports auto negotiate polarity by default Syntax polarity mdi mdix auto Mode Interface mode Examples To set the polarity for port1 0 7 to MDI use the commands awplus c...

Page 255: ...control interface ifname Mode Exec and Privileged Exec mode Output Figure 15 1 Example output from the show flowcontrol interface command for a specific interface Example To display the flow control for the port1 1 5 use the command Parameter Description ifname Specifies the name of the interface to be displayed Port Send FlowControl Receive FlowControl RxPause TxPause admin oper admin oper port1 ...

Page 256: ...ce switchport Mode Exec and Privileged Exec mode Example The following is an output of this command displaying the characteristics of this switch ports awplus show interface switchport awplus show interface switchport Interface name port1 1 1 Switchport mode access Ingress filter disable Acceptable frame types all Default vlan 2 Configured vlans 2 Interface name port1 1 2 Switchport mode access In...

Page 257: ...as no traffic being switched See the sample output captured when packets were switched and mac addresses were learnt Note the new mac addresses learnt for port 1 0 9 and port 1 0 11 added as dynamic entries Note the first column of the output below shows VLAN IDs if multiple VLANs are configured awplus show mac address table VLAN port mac type 1 unknown 0000 cd28 0752 forward static ARP 0000 cd00 ...

Page 258: ...lus awplus show mac address table VLAN port mac type 1 unknown 0000 cd28 0752 forward static 1 port1 0 9 0030 846e bac7 forward dynamic 2 port1 0 11 0000 1111 2222 forward static 2 unknown 0000 cd28 0752 forward static 2 port1 0 11 0030 846e 9bf4 forward dynamic ARP 0000 cd00 0000 forward static Mirror Test Port Name port1 1 1 Mirror option Enabled Mirror direction both Monitored Port Name port1 1...

Page 259: ...h port Syntax show mirror interface port Mode Interface Privileged Exec and Exec mode Output Figure 15 3 Example output from the show mirror interface command Example To display port mirroring configuration for the port1 0 4 use the command awplus config if show mirror interface port1 0 4 Parameter Description port The monitored switch port to display information about Mirror Test Port Name port1 ...

Page 260: ... platform enhancedmode platform jumboframe platform vlan stacking tpid Control plane prioritization Max 60 Mbps Jumboframe support off Enhanced mode none Vlan stacking TPID 0x8100 Parameter Meaning Control plane prioritization Maximum traffic rate on the CPU port set using the platform control plane prioritization rate command Jumboframe support Whether the jumbo frames setting is enabled or disab...

Page 261: ...C680 portVid 0x02004004 value 0x00000001 brdByteLimit 0x02004008 value 0xFFFF0000 brdByteWindow 0x0200400C value 0x00FFFF00 protoVidBased 0x02004800 value 0x00010001 rxBufLimit 0x03011010 value 0xFA404001 flowCntrlThr 0x03010010 value 0xFA404001 PHY Registers for ifx 5002 lport 0x00000003 0 1140 1 7949 2 0141 3 0CD4 4 01E1 5 0000 6 0004 7 2001 8 0000 9 0F00 10 4000 11 0000 12 0000 13 0000 14 0000 ...

Page 262: ... 0xFA404001 show port security interface Shows the current configuration and the switch port status Syntax show port security interface port Mode Exec and Privileged Exec Mode Example To see the port security status on port1 0 1 use command awplus show port security interface port1 0 1 Port Security configuration Security Enabled YES Port Status ENABLED Violation Mode TRAP Aging OFF Maximum MAC Ad...

Page 263: ...trol information for all interfaces or a particular interface Syntax show storm control port Mode Exec and Privileged Exec mode Output Figure 15 5 Example output from the show storm control command for port 1 1 2 Examples To display storm control information for port1 1 2 use the command Parameter Description show Show running system information port security Port Security intrusion Display intrus...

Page 264: ...ns for each type of port Mode Interface mode Usage Switch ports in a static or dynamic LACP channel group must have the same port speed and be in full duplex mode Once switch ports have been aggregated into a channel group you can set the speed of all the switch ports in the channel group by applying this command to the channel group Examples To set the speed of a tri speed port to 100Mbps enter t...

Page 265: ...cast or DLF traffic Syntax storm control broadcast multicast dlf level level no storm control broadcast multicast dlf level Default By default storm control is disabled Mode Interface mode Example To limit broadcast traffic on port 1 0 2 to 30 of the maximum port speed use the command Parameter Description level 0 100 Specifies the threshold as a percentage of the maximum port speed broadcast Appl...

Page 266: ... port based learn limit It allows the user to set the maximum number of MAC addresses that each port can learn Use the no switchport port security command to disable the port security feature Syntax switchport port security no switchport port security Mode Interface Mode Example To enable the port security use command awplus config if switchport port security To disable port security use command a...

Page 267: ...command to set the port security to not time out Syntax switchport port security aging no switchport port security aging Mode Interface Mode Example To set the MAC to time out awplus switchport port security aging To unset the MAC time out awplus no switchport port security aging Parameter Description no Negate a command or set its defaults switchport Set the switching characteristics of the Layer...

Page 268: ...to 0 This command also resets the intrusion list table Syntax switchport port security maximum 0 256 no switchport port security maximum Mode Interface Mode Example To learn 3 MAC addresses on port1 0 1 use command awplus config if switchport port security maximum 3 To remove the MAC learning limit use command awplus config if no switchport port security maximum Parameter Description no Negate a c...

Page 269: ...ilently The no switchport port security violation command sets the violation action to default The default violation action is protect Syntax switchport port security violation shutdown restrict protect no switchport port security violation Mode Interface Mode Example To set the action to be shutdown awplus config if switchport port security violation shutdown To set the port security action to th...

Page 270: ...Switching Commands 2008 Allied Telesis Inc All rights reserved 15 30 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 271: ...group 16 4 show vlan classifier interface group 16 5 show vlan classifier rule 16 5 show vlan private vlan 16 6 switchport access vlan 16 6 switchport enable vlan 16 7 switchport mode access 16 8 switchport mode private vlan 16 9 switchport mode trunk 16 10 switchport private vlan host association 16 11 switchport private vlan mapping 16 12 switchport trunk allowed vlan 16 13 switchport trunk nati...

Page 272: ...no private vlan vlan id community isolated primary Mode VLAN Configuration mode Example Parameter Description vlan id VLAN ID of the vlan which is to be made a private vlan community Community vlan isolated Isolated vlan primary Primary vlan awplus configure terminal awplus config vlan database awplus config vlan vlan 2 name vlan2 state enable awplus config vlan vlan 3 name vlan3 state enable awpl...

Page 273: ...on of all the secondary vlans to a primary vlan Syntax private vlan primary vlan id association add secondary vlan id private vlan primary vlan id association remove secondary vlan id secondary vlan id primary vlan id association Mode VLAN Configuration mode Example Parameter Description primary vlan id VLAN ID of the primary vlan secondary vlan id VLAN ID of the secondary vlan either isolated or ...

Page 274: ...l configured VLAN classifier groups or a specific group Syntax show vlan classifier group 1 16 Mode Exec and Privileged Exec mode Usage If a group ID is not specified all configured VLAN classifier groups are shown If a group ID is specified a specific configured VLAN classifier group is shown Example Parameter Description 1 4094 Display information about the VLAN specified by the VLAN ID all brie...

Page 275: ... group vlan classifier group 1 interface port1 1 1 vlan classifier group 1 interface port1 1 2 vlan classifier group 2 interface port1 1 4 vlan classifier group 3 interface port1 1 5 awplus show vlan classifier interface group 1 vlan classifier group 1 interface port1 1 1 vlan classifier group 1 interface port1 1 2 show vlan classifier rule Use this command to display information about all configu...

Page 276: ... access vlan Use this command to change the port based VLAN of the current port Use the no parameter to change the port based VLAN of this port to the default VLAN vlan1 Syntax switchport access vlan vlan id no switchport access vlan Mode Interface mode Usage Any untagged frame received on this port will be associated with the specified VLAN Examples To change the port based VLAN to VLAN 3 for por...

Page 277: ... If the VID is not given all the disabled VLAN will be re enabled Syntax switchport enable vlan 1 4094 Mode Interface Mode Example To re enable the port1 0 1 from vlan1 Related Commands show mls qos interface storm status storm window Parameter Description switchport Switchport enable Re enables the vlan on the port vlan Re enables the vlan on the port 1 4094 VLAN ID awplus configure terminal awpl...

Page 278: ...a Syntax switchport mode access ingress filter enable disable Default By default ports are in access mode with ingress filtering on Usage Use access mode to send untagged frames only Mode Interface mode Examples Parameter Description ingress filter Set the ingress filtering for the received frames enable Turn on ingress filtering for received frames This is the default value disable Turn off ingre...

Page 279: ...Description host This port type can communicate with all other host ports assigned to the same community vlan but it cannot communicate with the ports in the same isolated vlan All communications outside of this vlan must pass through a promiscuous port in the associated primary vlan promiscuous A promiscuous port can communicate with all interfaces including the community and isolated ports withi...

Page 280: ... are untagged members of the default VLAN vlan1 and have ingress filtering on Mode Interface mode Usage A port in trunk mode can be a tagged member of multiple VLANs and an untagged member of one native VLAN To configure which VLANs this port will trunk for use the switchport trunk allowed vlan command Examples Parameter Description ingress filter Set the ingress filtering for the frames received ...

Page 281: ... remove the association Syntax switchport private vlan host association primary vlan id add secondary vlan id no switchport private vlan host association primary vlan id Mode Interface mode Examples Parameter Description primary vlan id VLAN ID of the primary vlan secondary vlan id VLAN ID of the secondary vlan either isolated or community awplus configure terminal awplus config interface port1 0 ...

Page 282: ...no switchport private vlan mapping Mode Interface mode Usage This command can be applied to a switch port or a static channel group but not a dynamic LACP channel group LACP channel groups dynamic LACP aggregators cannot be promiscuous ports in private VLANs Example Related Commands switchport mode private vlan Parameter Description primary vlan id VLAN ID of the primary vlan secondary vid list VL...

Page 283: ...st no switchport trunk vlan Default By default ports are untagged members of the default VLAN vlan1 Mode Interface mode Examples The following shows adding a single VLAN to the port s member set Parameter Description all Allow all VLANs to transmit and receive through the port none Allow no VLANs to transmit and receive through the port add Add a VLAN to transmit and receive through the port remov...

Page 284: ... the native VLAN to the default VLAN ID 1 Syntax switchport trunk native vlan vid no switchport trunk native vlan Default vlan1 the default VLAN Mode Interface mode Examples L awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk allowed vlan add 2 4 awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk allowed vlan ad...

Page 285: ...n stacking customer edge port provider port no switchport vlan stacking Default By default ports are not VLAN stacking ports Mode Interface mode Usage Use VLAN stacking to separate traffic from different customers to that they can be managed over a provider network Traffic with an extra VLAN header added by VLAN stacking cannot be routed Example Parameter Description customer edge port Set the por...

Page 286: ...the specified VLANs Syntax vlan vid name vlan name state enable disable vlan vid range state enable disable no vlan vid vid range Default By default VLANs are enabled when they are created Mode VLAN Database Configuration mode Examples Related Commands vlan database Parameter Description vid The VID of the VLAN that will be enabled or disabled 2 4094 vlan name The ASCII name of the VLAN Maximum le...

Page 287: ... vlan classifier group Use this command to create a group of VLAN classifier rules The rules must already have been created Use the no version to delete the group Syntax vlan classifier group 1 16 add delete rule vlan class rule id no vlan classifier group 1 16 Mode Configure mode Example Related Commands show vlan classifier rule vlan classifier rule ipv4 vlan classifier rule proto Parameter Desc...

Page 288: ...1 256 ipv4 A B C D P vlan 1 4094 no vlan classifier rule 1 256 Mode Configure mode Usage If the source IP address matches the IP subnet specified in the VLAN classifier rule the received packets are mapped to the specified VLAN Example Related Commands show vlan classifier rule Parameter Description 1 256 VLAN Classifier Rule identifier A B C D P The IPv4 address followed by a slash then the prefi...

Page 289: ...atalkddp protocol Appletalk DDP atmmulti protocol MultiProtocol Over ATM atmtransport protocol Frame based ATM Transport dec protocol DEC Assigned deccustom protocol DEC Customer use decdiagnostics protocol DEC Diagnostics decdnadumpload protocol DEC DNA Dump Load decdnaremoteconsole protocol DEC DNA Remote Console decdnarouting protocol DEC DNA Routing declat protocol DEC LAT decsyscomm protocol ...

Page 290: ...yntax vlan database Mode Configure mode Usage Use this command to enter the VLAN configuration mode You can then add or delete a VLAN or modify its values Examples In the following example note the change to VLAN configuration mode from Configure mode Related Commands vlan awplus configure terminal awplus config vlan classifier rule 34 proto ip encap ethv2 vlan 444 awplus configure terminal awplus...

Page 291: ...ed Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 17 1 17 GVRP Commands GVRP Commands 17 2 clear gvrp statistics 17 2 debug gvrp 17 2 gvrp 17 3 gvrp applicant state 17 3 gvrp dynamic vlan creation 17 3 gvrp registration 17 4 gvrp timer 17 4 show gvrp configuration 17 5 show gvrp machine 17 5 show gvrp statistics 17 6 show gvrp timer 17 6 ...

Page 292: ...s packets timer starts and commands sending output to the console Use the no parameter to turn off debugging Syntax debug gvrp all event cli timer packet no debug gvrp all event cli timer packet Mode Configure mode Examples Parameter Description vlan id 1 4094 Specify VLAN ID value awplus clear gvrp statistics vid 333 Parameter Description all turns on or off debugging for all levels event turns o...

Page 293: ...gvrp applicant state active normal Mode Interface mode Examples gvrp dynamic vlan creation Use this command to enable and disable dynamic VLAN creation for a switch Syntax gvrp dynamic vlan creation enable gvrp dynamic vlan creation disable Mode Configure mode Examples awplus configure terminal awplus config gvrp enable Parameter Description active Active state normal Normal state awplus configure...

Page 294: ...egistration and deregistration fixed Specify the multicast groups currently registered on the switch to apply but subsequent registrations or deregistrations are not applied Any registered multicast groups are not deregistered based on the GARP timers forbidden Specify that all GVRP multicasts are deregistered and prevent any further GVRP multicast registration awplus configure terminal awplus con...

Page 295: ...nfiguration Mode Exec and Privileged Exec mode Example show gvrp machine Use this command to display the state machine for GVRP Syntax show gvrp machine Mode Exec Privileged Exec and Configure modes Usage The following is an output of this command displaying the GVRP state machine awplus show gvrp machine port 1 0 1 applicant state QA registrar state INN port 1 0 2 applicant state QA registrar sta...

Page 296: ...wing is an output of this command displaying a statistical summary awplus show gvrp statistics Port JoinEmpty JoinIn LeaveEmpty LeaveIn Empty 1 0 1 RX 0 2 0 0 0 TX 0 0 0 0 0 1 0 2 RX 0 1 0 0 1 TX 0 0 0 0 0 Example show gvrp timer Use this command to display data for the timers Syntax show gvrp timer Mode Exec and Privileged Exec mode Usage The following show output displays data for the timers on ...

Page 297: ... E 18 1 18 Spanning Tree Introduction STP RSTP MSTP Introduction 18 2 Overview of Spanning Trees 18 2 Spanning tree operation 18 2 Spanning tree modes 18 4 Spanning Tree Protocol STP 18 5 Configuring STP 18 6 Rapid Spanning Tree Protocol RSTP 18 7 Configuring RSTP 18 8 Multiple Spanning Tree Protocol MSTP 18 10 Multiple Spanning Tree Instances MSTI 18 11 MSTP Regions 18 12 Common and Internal Span...

Page 298: ...ports except for the one on which the frame was received and then waits for a reply This process is known as flooding A significant problem arises where bridges connect via multiple paths A frame that arrives with an unknown destination address is flooded over all available paths The arrival of these frames at another network via different paths and bridges produces major problems The bridges can ...

Page 299: ...rt port number D M P is used to find the lowest port number where D is the device number within a stack 1 for a non stacked device M is the module number XEM number within the device note that 0 is used for all base board connected ports and P is the number of the port within the XEM or base board The spanning tree algorithm By Selects a root bridge It selects as the root bridge for the spanning t...

Page 300: ... and respond to connected devices in RSTP and STP mode Particular ports can also be forced to only operate in a particular mode spanning tree force version command on page 19 26 STP The Spanning Tree Protocol STP is the original protocol defined by IEEE standard 802 1D 1988 It creates a single spanning tree over a network STP mode may be useful for supporting applications and protocols that may be...

Page 301: ...t does not participate in the operation of the Spanning Tree Algorithm and Protocol The port can still switch if its switch state is enabled BLOCKING The forwarding process discards received frames and does not submit forwarded frames for transmission This is the standby mode The port does not participate in frame relay LISTENING The port is enabled for receiving frames only The port is preparing ...

Page 302: ...t all devices have the same root bridge priority 32768 8000 in hexadecimal so the device with the lowest MAC address becomes the root bridge If you want the device to be the root bridge set the root bridge priority to a value lower than 32768 If you enter a number that is not a multiple of 4096 the switch rounds the number down Configure Root Guard The Root Guard feature makes sure that the port o...

Page 303: ...te that a port wants to enter the forwarding mode In rapid mode the rapid transition of a port to the forwarding state is possible when the port is considered to be part of a point to point link or when the port is considered to be an edge port An edge port is one that attaches to a LAN that has no other bridges attached Table 18 4 RSTP port states State Meaning DISABLED STP operations are disable...

Page 304: ...been changed to STP or MSTP mode change it back to RSTP awplus config spanning tree stp rstp mstp enable By default RSTP is enabled on all switch ports If it has been disabled enable it awplus config spanning tree priority priority By default all devices have the same root bridge priority 32768 8000 in hexadecimal so the device with the lowest MAC address becomes the root bridge If you want the de...

Page 305: ...BPDU Guard feature and configure timeout parameters awplus config spanning tree errdisable timeout enable awplus config spanning tree errdisable timeout interval 10 1000000 Check RSTP configuration awplus config exit Return to Privileged Exec mode awplus show spanning tree interface port list Display the spanning tree configuration for the device and confirm the new root bridge priority Bridge Pri...

Page 306: ...P uses BPDUs to exchange information between devices and prevents loops for each MSTI and for the CIST by selecting active and blocked paths by the process described in Table 18 1 If multiple links are aggregated together into dynamic LACP or static channel groups the spanning tree application is notified and considers the links as a single logical path Advantage of MSTP over RSTP MSTP is similar ...

Page 307: ...n different switches becoming root bridges for different MSTIs That will result in the different MSTIs choosing different active topologies on the network An example of how different MSTIs can choose different active topologies on the same physical set of links is illustrated in Figure 18 1 MSTP is compatible with RSTP and STP see Common and Internal Spanning Tree CIST on page 18 14 Figure 18 1 Di...

Page 308: ...on Revision level the revision number of configuration Configuration Digest the mapping of which VLANs are mapped to which MST instances Each of the MST instances created are identified by an MSTI number This number is locally significant within the MST region Therefore an MSTI will not span across MST regions Figure 18 2 MSTIs in different regions MSTI1 MSTI2 MSTI3 MSTI_numbers MSTI1 MSTI3 MSTI2 ...

Page 309: ...cement applies where a large number of VLANs share a few internetwork paths In this situation there need only be as many Multiple Spanning Tree Instances MSTIs as there are source and destination bridge pairs remembering that a pair of bridges probably has multiple paths between them In order to ensure that each bridge within a region maintains the same configuration information particularly their...

Page 310: ...ee protocols in several ways In addition to the MST region described in the previous section the protocol provides for single spanning tree systems by employing a Common and Internal Spanning Tree CIST The CIST applies a common and internal spanning tree protocol to the whole of the bridged network and is a direct equivalent to the internal spanning tree IST protocol of earlier versions In common ...

Page 311: ...ide the region The following operational rules apply Each bridge can be a member of only one region A data frame is associated with a single VID Data frames with a given VID are associated with either the CIST or their particular MSTI but not both The role of the Common Spanning Tree CST in a network and the Common and Internal Spanning Tree CIST configured on each device is to prevent loops withi...

Page 312: ...s 5 Bit 1 is the topology change flag Bit 2 conveys the CIST proposal flag in RST and MST BPDUs unused in STP Bits 3 4 convey the CIST port role in RST and MST BPDUs unused in STP Bit 5 conveys the CIST learning flag in RST and MST BPDUs unused in STP Bit 6 conveys the CIST forwarding flag in RST and MST BPDUs unused in STP Bit 7 conveys the CIST agreement flag in RST and MST BPDUs unused in STP B...

Page 313: ...rmation for the CIST MSTI Configuration Messages may be absent 103 39 plus Version 3 Length See Table 18 8 Field Name Octets Description MSTI Flags 1 Bits 1 through 8 convey the topology change flag proposal flag port role two bits Learning flag forwarding flag agreement flag and master flag for this MSTI MSTI Regional Root Identifier 2 9 This includes the value of the MSTID for this configuration...

Page 314: ...red into another MSTI are members of the CIST The software supports a single instance of the MSTP Algorithm consisting of the CIST and up to 15 MSTIs A VLAN can only be mapped to one MSTI or to the CIST One VLAN mapped to multiple spanning trees is not allowed All the VLANs are mapped to the CIST by default Once a VLAN is mapped to a specified MSTI it is removed from the CIST An MSTI is locally si...

Page 315: ...specifies the name you want to assign to the MST region for identification awplus config mst revision revision number Specify the MSTP revision number 0 255 The revision parameter specifies the revision of the current MST configuration The revision is an arbitrary number that you assign to an MST region It can be used to keep track of the number of times that MST configuration has been updated for...

Page 316: ...ou can set particular switch ports as edge ports or set them to automatically detect whether they are edge ports awplus config if interface port list Enter Interface Configuration mode for these switch ports awplus config if awplus config if spanning tree edgeport or spanning tree autoedge Set these ports to be edge ports or to automatically detect whether they are edge ports Configure Root Guard ...

Page 317: ...00 REV E 18 21 Advanced configuration For most networks the default settings of the following will be suitable However you can also configure path costs for ports in an MSTI spanning tree mst instance path cost or for the CIST spanning tree path cost port priority for ports in an MSTI spanning tree mst instance priority or for the CIST spanning tree priority port priority ...

Page 318: ...Spanning Tree Introduction STP RSTP MSTP 2008 Allied Telesis Inc All rights reserved 18 22 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 319: ... 18 show spanning tree mst instance interface 19 19 show spanning tree mst interface 19 20 spanning tree autoedge RSTP and MSTP 19 21 spanning tree edgeport RSTP and MSTP 19 22 spanning tree enable 19 23 spanning tree errdisable timeout enable 19 24 spanning tree errdisable timeout interval 19 25 spanning tree force version 19 26 spanning tree forward time 19 27 spanning tree guard root 19 28 span...

Page 320: ...s disabled Mode Configure mode Usage For compatibility with certain Cisco devices all devices in the switched LAN running the AlliedWare PlusTM Operating System must have Cisco interoperability enabled When the AlliedWare PlusTM Operating System is interoperating with Cisco the only criteria used to classify a region are the region name and revision level VLAN to instance mapping is not used to cl...

Page 321: ...command to clear the detected protocols for a specific port or all ports Use this command in RSTP or MSTP mode only Syntax clear spanning tree detected protocols interface port Mode Privileged Exec mode Example awplus clear spanning tree detected protocols Parameter Description port The port to clear detected protocols for The port may be a switch port e g port1 1 4 a static channel group e g sa3 ...

Page 322: ...e of output these debug messages are best viewed using the terminal monitor command before issuing the relevant debug mstp command The default terminal monitor filter will select and display these messages Alternatively the messages can be directed to any of the other log outputs by adding a filter for the MSTP application using log buffered Output 1 Parameter Description all echoes all spanning t...

Page 323: ...STP 1417 CIST reg root id 0000 0000cd1000fe 17 23 42 awplus MSTP 1417 CIST port id 8001 128 1 17 23 42 awplus MSTP 1417 msg age 0 max age 20 hellotime 2 fwd delay 15 17 23 42 awplus MSTP 1417 Version 3 length 80 17 23 42 awplus MSTP 1417 Format id 0 17 23 42 awplus MSTP 1417 Config name test 17 23 42 awplus MSTP 1417 Revision level 0 17 23 42 awplus MSTP 1417 Config digest 3ab68794d602fdf43b21c0b3...

Page 324: ... BPDU type RST 17 30 17 awplus MSTP 1417 CIST Flags Forward Learn role Desig 17 30 17 awplus MSTP 1417 CIST root id 8000 0000cd1000fe 17 30 17 awplus MSTP 1417 CIST ext pathcost 0 17 30 17 awplus MSTP 1417 CIST reg root id 8000 0000cd1000fe 17 30 17 awplus MSTP 1417 CIST port id 8001 128 1 17 30 17 awplus MSTP 1417 msg age 0 max age 20 hellotime 2 fwd delay 15 17 30 17 awplus MSTP 1417 port1 0 19 ...

Page 325: ...st MAC address to be the root bridge Give the device a higher priority for becoming the root bridge for a particular instance by assigning it a lower priority number or vice versa Example To set the root bridge priority for MSTP instance 2 to be the highest 0 so that it will be the root bridge for this instance when available use the commands To reset the root bridge priority for instance 2 to the...

Page 326: ...ated with an MST instance MSTI If the VLAN range is not specified the MSTI will not be created This command removes the specified VLANs from the CIST and adds them to the specified MSTI If you use the no command to remove the VLAN from the MSTI it returns it to the CIST To move a VLAN from one MSTI to another you must first use the no version of this command to return it to the CIST Ports in these...

Page 327: ...et it to the default Syntax region region name no region Mode MST Configuration mode Default By default the region name is My Name Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Examples Related Commands revision MSTP show spanning tree mst config Parameter Description r...

Page 328: ...sion revision number Mode MST Configuration Mode Default The default value of revision number is 0 Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Examples Related Commands region MSTP show spanning tree mst config instance vlan MSTP Parameter Description revision number ...

Page 329: ... 1 1 port1 1 24 or po1 po4 a comma separated list of ports and port ranges e g port1 0 1 port1 1 1 1 2 24 Do not mix switch ports static channel groups and LACP channel groups in the same list awplus show spanning tree interface port1 0 23 1 Bridge up Spanning Tree Enabled 1 Root Path Cost 0 Root Port 0 Bridge Priority 32768 1 Forward Delay 15 Hello Time 2 Max Age 20 1 Root Id 80000000cd20f093 1 B...

Page 330: ... 0 topo change timer 0 port1 0 1 forward transitions 0 port1 0 1 Version Rapid Spanning Tree Protocol Received None Send STP port1 0 1 No portfast configured Current portfast off port1 0 1 portfast bpdu guard default Current portfast bpdu guard off port1 0 1 portfast bpdu filter default Current portfast bpdu filter off port1 0 1 no root guard configured Current root guard off port1 0 1 Configured ...

Page 331: ...of this command displaying the number of instances created and the VLANs associated with it Related Commands show spanning tree mst interface awplus show spanning tree mst 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward Delay 15 Hello Time 2 Max Age 20 Max hops 20 1 CIST Root Id 8000000475e93ffe 1 CIST Reg Root Id 8000000475e93ffe 1 C...

Page 332: ... Exec and Privileged Exec mode and Interface mode Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example The following show output displays the MSTP configuration identifier Related Commands instance vlan MSTP region MSTP revision MSTP awplus show spanning tree mst confi...

Page 333: ...Path Cost 20000000 Add type Explicit ref count 1 port1 0 1 Designated Port Id 8389 CIST Priority 128 port1 0 1 CIST Root 80000000cd24ff2d port1 0 1 Regional Root 80000000cd24ff2d port1 0 1 Designated Bridge 80000000cd24ff2d port1 0 1 Message Age 0 Max Age 20 port1 0 1 CIST Hello Time 2 Forward Delay 15 port1 0 1 CIST Forward Timer 0 Msg Age Timer 0 Hello Timer 0 topo cha nge timer 0 port1 0 1 forw...

Page 334: ...gnated External Path Cost 0 Internal Path Cost 0 port1 0 3 Configured Path Cost 20000000 Add type Explicit ref count 1 port1 0 3 Designated Port Id 838b CIST Priority 128 port1 0 3 CIST Root 80000000cd24ff2d port1 0 3 Regional Root 80000000cd24ff2d port1 0 3 Designated Bridge 80000000cd24ff2d port1 0 3 Message Age 0 Max Age 20 port1 0 3 CIST Hello Time 2 Forward Delay 15 port1 0 3 CIST Forward Tim...

Page 335: ... Internal Path Cost 0 port1 0 2 Configured Path Cost 20000000 Add type Explicit ref count 2 port1 0 2 Designated Port Id 838a CIST Priority 128 port1 0 2 CIST Root 80000000cd24ff2d port1 0 2 Regional Root 80000000cd24ff2d port1 0 2 Designated Bridge 80000000cd24ff2d port1 0 2 Message Age 0 Max Age 20 port1 0 2 CIST Hello Time 2 Forward Delay 15 port1 0 2 CIST Forward Timer 0 Msg Age Timer 0 Hello ...

Page 336: ...ace mode Usage The following is an output of this command displaying detailed information for instance 2 Parameter Description msti id Specify the MST instance ID for which information needs to be displayed awplus sh spanning tree mst instance 2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Priority 32768 1 MSTI Root Id 80020000cd24ff2d 1 MSTI Bridge Id 80020000cd24ff2d port1 0 2 Port 5002 ...

Page 337: ...e g port1 1 4 a static channel group e g sa3 or an LACP channel group e g po4 awplus sh spanning tree mst instance 2 interface port1 0 2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Priority 32768 1 MSTI Root Id 80020000cd24ff2d 1 MSTI Bridge Id 80020000cd24ff2d port1 0 2 Port 5002 Id 838a Role Disabled State Discarding port1 0 2 Designated Internal Path Cost 0 Designated Port Id 838a port...

Page 338: ...nce and all interfaces associated with them for port1 1 4 Parameter Description port The port to display information about The port may be a switch port e g port1 1 4 a static channel group e g sa3 or an LACP channel group e g po4 awplus show spanning tree mst interface port1 1 4 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward Delay 1...

Page 339: ...an edge port If it does not receive any BPDUs in the first three seconds after linkup enabling or entering RSTP or MSTP mode it sets itself to be an edgeport and enters the forwarding state Use this command for RSTP or MSTP Use the no parameter with this command to disable this feature Syntax spanning tree autoedge no spanning tree autoedge Default Disabled Mode Interface mode Example Related comm...

Page 340: ...t of some show commands Use the no parameter with this command to set a port to its default state not an edge port Syntax spanning tree edgeport no spanning tree edgeport Default Not an edge port Mode Interface mode Usage Use this command on a switch port connected to a LAN that has no other bridges attached If a BPDU is received on the port that indicates that another bridge is connected to the L...

Page 341: ...ee mode on the device Use the no parameter to disable the configured spanning tree protocol on the device Syntax spanning tree mstp rstp stp enable no spanning tree mstp rstp stp enable Mode Configure mode Default The configured spanning tree mode is enabled by default Examples Parameter Description mstp Enables MSTP rstp Enables RSTP stp Enables STP awplus configure terminal awplus config spannin...

Page 342: ...ng tree errdisable timeout enable Mode Configure mode Default By default the errdisable timeout is disabled Usage The BPDU guard feature shuts down the port on receiving a BPDU on a BPDU guard enabled port This command associates a timer with the feature such that the port is re enabled without manual intervention after a set interval This interval can be configured by the user using the spanning ...

Page 343: ...he BPDU guard feature Use this command for RSTP or MSTP Syntax spanning tree errdisable timeout interval 10 1000000 no spanning tree errdisable timeout interval Mode Configure mode Default By default the port is re enabled after 300 seconds Example Related Commands show spanning tree spanning tree errdisable timeout enable spanning tree portfast bpdu guard Parameter Description 10 1000000 Specify ...

Page 344: ...etects one Examples Set the value to enforce the spanning tree protocol STP Set the default protocol version Related Commands show spanning tree Parameter Description version 0 3 Version identifier 0 Forces the port to operate in STP mode 1 Not supported 2 Forces the port to operate in RSTP mode If it receives STP BPDUs it can automatically revert to STP mode 3 Forces the port to operate in MSTP m...

Page 345: ...y when the switch is acting as the root bridge Switches not acting as the Root Bridge use a dynamic value for the forward delay set by the root bridge The forward delay maxage and hello time parameters are interrelated Syntax spanning tree forward time forward delay no spanning tree forward time Mode Configure mode Default The default value is 15 seconds Usage The allowable range for forward time ...

Page 346: ...mmand for RSTP STP or MSTP Use the no parameter with this command to disable the root guard feature for the port Syntax spanning tree guard root no spanning tree guard root Mode Interface mode Usage The Root Guard feature makes sure that the port on which it is enabled is a designated port If the Root Guard enabled port receives a superior BPDU it goes to a Listening state for STP or discarding st...

Page 347: ...ault value of the hello time use the no parameter Syntax spanning tree hello time hello time no spanning tree hello time Mode Configure mode Default Default value is 2 seconds Usage The allowable range of values is 1 10 seconds The forward delay maxage and hello time parameters should be set according to the following formulae as specified in IEEE Standard 802 1d 2 x forward delay 1 0 seconds maxa...

Page 348: ...parameter to return the port to the default link type Syntax spanning tree link type point to point shared no spanning tree link type Default The default link type is point to point Mode Interface mode Usage You may want to set link type to shared if the port is connected to a hub with multiple switches connected to it Examples Parameter Description shared Disable rapid transition point to point E...

Page 349: ...fault value of spanning tree max age is 20 seconds Usage Max age is the maximum time in seconds for which a message is considered valid Configure this value sufficiently high so that a frame generated by the root bridge can be propagated to the leaf nodes without exceeding the max age The forward delay maxage and hello time parameters should be set according to the following formulae as specified ...

Page 350: ...witch receives an MST BPDU that has a hop count of zero it discards the BPDU Examples spanning tree enable Use this command to disable or re enable the specified spanning tree protocol on the device Note that this must be the spanning tree protocol as configured by the spanning tree mode command Syntax spanning tree stp rstp mstp enable no spanning tree stp rstp mstp enable Default RSTP is enabled...

Page 351: ...tree mode will be set to RSTP Use this command to change the spanning tree protocol mode on the device Mode Configure mode Examples To change the spanning tree mode from the default of RSTP to MSTP use the following commands spanning tree mst configuration Use this command to enter the Multiple Spanning Tree Configuration mode Syntax spanning tree mst configuration Mode Configure mode Examples The...

Page 352: ...a switch port or channel group Use the no parameter with this command to remove the instance from this port Syntax spanning tree mst instance instance id no spanning tree mst instance Mode Interface mode Examples Parameter Description instance id 1 15 Specify the instance ID The instance must have already been created using the instance vlan MSTP command awplus configure terminal awplus config int...

Page 353: ...d as shown in the following table from the IEEE 802 1q 2003 standard Usage Before you can use this command to set a path cost in a VLAN configuration you must explicitly add an MST instance to a port using the spanning tree instance command Example Related Commands instance vlan MSTP spanning tree mst instance Parameter Description instance id Specify the instance identifier 1 15 path cost 1 20000...

Page 354: ...e chosen as root port over a port equivalent in all other aspects but with a higher priority value Use the no parameter with this command to restore the default priority value Syntax spanning tree mst instance instance id priority priority no spanning tree mst instance priority instance id Mode Interface mode Default The default value is 128 Examples Related Commands spanning tree priority port pr...

Page 355: ...port s path cost for the CIST Syntax spanning tree path cost pathcost no spanning tree path cost Mode Interface mode Default The default path cost values and the range of recommended path cost values depend on the port speed as shown in the following table from the IEEE 802 1q 2003 and IEEE 802 1d 2004 standards Example Parameter Description pathcost 1 200000000 The cost to be assigned to the port...

Page 356: ...s no longer treated as an edge port Example spanning tree portfast bpdu filter Use this command to set portfast BPDU filter for the switch or the specified ports All ports that have their BPDU filter set to default take the same value of bpdu filter as that of the switch Use this command for RSTP or MSTP Use the no parameter with this command to disable the BPDU filter for the switch or the specif...

Page 357: ...ture is set for a switch all portfast enabled ports of the switch that have bpdu guard set to default shut down the port on receiving a BPDU In this case the BPDU is not processed You can either bring the port back up manually by using the no shutdown command or configure the errdisable timeout feature to enable the port after the specified time interval Use the show spanning tree command to displ...

Page 358: ...TP mode is configured this will apply to the CIST Use the no form of the command to reset it to the default value Syntax spanning tree priority priority no spanning tree priority Mode Configure mode Default The default priority is 32678 Usage To force a particular switch to become the root bridge use a lower value than other switches in the spanning tree Example Related Commands spanning tree mst ...

Page 359: ...lue Syntax spanning tree priority priority no spanning tree priority Mode Interface mode Default The default priority is 128 Usage To force a port to be part of the active topology for instance become the root port or a designated port use a lower value than other ports on the device This behavior is subject to network topology and more significant factors such as bridge ID Example Related Command...

Page 360: ...Spanning Tree Commands 2008 Allied Telesis Inc All rights reserved 19 42 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 361: ...sTM Operating System Software Reference C613 50003 00 REV E 20 1 2008 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 20 1 20 Link Aggregation Configuration Introduction 20 2 Configuring LACP 20 2 ...

Page 362: ...ding enhanced performance and redundancy The aggregated channel is viewed as a single link to each switch The spanning tree views the channel as one interface and not as multiple interfaces When there is a failure in one physical port the other ports stay up and there is no disruption This device supports the aggregation of a maximum of eight physical ports into a single channel group Configuring ...

Page 363: ...mode active Add this interface to a channel group 1 and enable link aggregation so that it may be selected for aggregation by the local system awplus config interface port1 0 3 Enter the Interface mode and configure this interfaces properties awplus config if channel group 1 mode active Add this interface to a channel group 1 and enable link aggregation so that it may be selected for aggregation b...

Page 364: ...Link Aggregation Configuration 2008 Allied Telesis Inc All rights reserved 20 4 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 365: ...m Software Reference C613 50003 00 REV E 21 1 21 Link Aggregation Commands Introduction 21 2 clear lacp counters 21 2 channel group mode LACP 21 3 lacp port priority 21 4 lacp system priority 21 4 lacp timeout 21 5 show etherchannel LACP 21 5 show etherchannel detail LACP 21 6 show etherchannel summary LACP 21 6 show lacp counter 21 7 show lacp sys id 21 7 show port etherchannel LACP 21 8 show sta...

Page 366: ...mmands Link aggregation is also sometimes referred to as channelling For a description of static and dynamic link aggregation LACP see Channel Groups Link Aggregation on page 14 10 For an LACP configuration example see Chapter 20 Link Aggregation Configuration clear lacp counters Use this command to clear all counters of all present LACP aggregators channel groups or a given LACP aggregator Syntax...

Page 367: ...has been created it is treated as a switch port and can be referred to in most other commands that apply to switch ports To refer to an LACP channel group in other LACP commands use the channel group number To specify an LACP channel group LACP aggregator in other commands prefix the channel group number with po For example po4 refers to the static channel group with channel group number 4 For mor...

Page 368: ...riority Use this command to set the system priority of a local system This is used in determining the system responsible for resolving conflicts in the choice of aggregation groups Use the no parameter with this command to reset the system priority of the local system to the default value 32768 Syntax lacp system priority 1 65535 no lacp system priority Mode Configure mode Example Parameter Descri...

Page 369: ...therchannel LACP Use this command to display information about an LACP etherchannel specified by the channel group number Syntax show etherchannel 1 65535 Mode Exec and Privileged Exec mode Example Aggregator po1 4501 Mac address 00 00 cd 24 fd 29 Admin Key 0001 Oper Key 0001 Receive link count 1 Transmit link count 0 Individual 0 Ready 1 Partner LAG 0x8000 00 00 cd 24 da a7 Link port1 0 1 5001 di...

Page 370: ...unt 0 Individual 0 Ready 1 Partner LAG 0x8000 00 00 cd 24 da a7 Link port1 0 1 5001 disabled Link port1 0 2 5002 sync 1 Aggregator po2 4502 Mac address 00 00 cd 24 fd 29 Admin Key 0002 Oper Key 0002 Receive link count 1 Transmit link count 0 Individual 0 Ready 1 Partner LAG 0x8000 00 00 cd 24 da a7 Link port1 0 7 5007 disabled show etherchannel summary LACP Use this command to display a summary of...

Page 371: ... the packet traffic on all ports of all present LACP aggregators or a given LACP aggregator Syntax show lacp counter 1 65535 Mode Privileged Exec mode show lacp sys id Use this command to display the LACP system ID and priority Syntax show lacp sys id Mode Privileged Exec mode Example awplus show lacp sys id System Priority 0x8000 32768 MAC Address 00 00 cd 24 fd 29 Parameter Description 1 65535 C...

Page 372: ...e Current Periodic Transmission machine state Fast periodic Mux machine state Collecting Distributing Actor Information Partner Information Selected Selected Partner Sys Priority 0 Physical Admin Key 1 Partner System 00 00 00 00 00 00 Port Key 5 Port Key 0 Port Priority 32768 Port Priority 0 Port Number 5001 Port Number 0 Mode Active Mode Passive Timeout Long Timeout Short Individual Yes Individua...

Page 373: ... this command to display all configured static channel groups and their corresponding member ports Note that a static channel group is the same as a static aggregator Syntax show static channel group Mode Exec and Privileged Exec mode Examples awplus show static channel group Static Aggregator sa1 Member port1 1 2 port1 1 3 Static Aggregator sa2 Member port1 1 4 Related Commands static channel gro...

Page 374: ...el group is deleted All the ports in a channel group must have the same VLAN configuration they must belong to the same VLANs and have the same tagging status and can only be operated on as a group Once the static channel group has been created it is treated as a switch port and can be referred to in other commands that apply to switch ports To refer to a static channel group in other static chann...

Page 375: ...rotocols Chapter 23 IP Addressing and Protocol Commands Chapter 24 Routing Protocol Overview Chapter 25 Route Selection Chapter 26 Routing Commands Chapter 27 RIP Configuration Chapter 28 RIP Commands Chapter 29 OSPF Configuration Chapter 30 OSPF Commands Chapter 31 BGP Commands Chapter 32 Route Map Commands ...

Page 376: ......

Page 377: ...TM Operating System Software Reference C613 50003 00 REV E 22 1 22 Internet Protocol IP Addressing and Protocols Introduction 22 2 Address Resolution Protocol ARP 22 3 Static ARP Entries 22 3 Timing Out ARP Entries 22 3 Deleting ARP Entries 22 4 Proxy ARP 22 4 Domain Name System DNS 22 6 Internet Control Message Protocol ICMP 22 8 ICMP Router Discovery Protocol IRDP 22 9 Checking IP Connections 22...

Page 378: ...efix length Note that you cannot specify the mask in dotted decimal notation in this command For example to give the interface vlan1 an address of 192 168 10 10 with a class C subnet mask use the command The secondary parameter allows you to add multiple IP addresses to an interface using this command Each interface must have a primary IP address before you can add a secondary address Your device ...

Page 379: ...to record the IP address to physical address mapping also called a binding It uses that ARP entry to forward further packets to that address The ARP protocol is described in RFC 826 An Ethernet Address Resolution Protocol or Converting Network Protocol Addresses to 48 bit Ethernet Address for Transmission on Ethernet Hardware Static ARP Entries If your LAN includes hosts that do not support ARP yo...

Page 380: ... neighbor status BGP peer status the TCP UDP connection status VRRP status Proxy ARP Proxy ARP defined in RFC 1027 allows hosts that do not support routing i e they have no knowledge of the network structure to determine the physical addresses of hosts on other networks Your device intercepts ARP broadcast packets and substitutes its own physical address for that of the remote host This occurs onl...

Page 381: ...ting and responding to ARP requests between hosts within a subnet Local proxy ARP responds to ARP requests with your device s own MAC address details instead of those from the destination host This stops hosts from learning the MAC address of other hosts within its subnet When local proxy ARP is operating on an interface your device does not generate or forward any ICMP Redirect messages on that i...

Page 382: ...cal DNS server cannot resolve your request it sends the request to a higher level DNS server For example to access the site alliedtelesis com your PC sends a DNS enquiry to its local DNS server asking for the IP address matching alliedtelesis com If this address is already locally cached following its recent use the DNS server returns the IP address that matches alliedtelesis com If the DNS server...

Page 383: ...net To check the entries in the domain list use the command To disable the DNS client on your device use the command To check the status of the DNS client on your device and the configured servers and domain names use the command DHCP options When your device is using its DHCP client for an interface it can receive the following DHCP options from the DHCP server Option 6 a list of DNS servers This...

Page 384: ...ice sends this message when it must drop a packet due to limited internal resources This could be because the source was sending data too fast to be forwarded Redirect 5 Your device issues this message to inform a local host that its target is located on the same LAN no routing is required or when it detects a host using a non optimal route usually because a link has failed or changed its status F...

Page 385: ...fields the addresses and preference levels of all the logical interfaces that are set to advertise Your device does not send router advertisements by default When Then Router Discovery advertising starts on an interface because your device starts up or you enable advertisements on your device or on an interface your device multicasts a router advertisement and continues to multicast them periodica...

Page 386: ... preferred over a lower value Lifetime The lifetime of a router advertisement is how long the information in the advertisement is valid By default the lifetime of all advertisements is 1800 seconds 30 minutes Address type Your device can send its router advertisements using either a broadcast or multicast destination address By default your device sends router advertisements using the all systems ...

Page 387: ... addresses on this interface use the command To set the preference for a specific address on the interface use the command 5 Enable advertising on the interface To enable router advertisements on an interface enter the interface mode and use the command 6 Enable advertising on your device To globally enable router advertisements on your device enter the configure mode and use the command 7 Check a...

Page 388: ...the network or higher layers If pinging the end destination fails use traceroute to discover the point of failure in the route to the destination To ping a device use the command where WORD can be either the hostname or the IP address of the device you are trying to reach Traceroute You can use traceroute to discover the route that packets pass between two systems running the IP protocol Tracerout...

Page 389: ...rdp 23 6 ip address IPADDR 23 7 ip domain list 23 8 ip domain lookup 23 9 ip domain name 23 10 ip forwarding 23 11 ip irdp 23 11 ip irdp address preference 23 12 ip irdp broadcast 23 13 ip irdp lifetime 23 14 ip irdp maxadvertinterval 23 15 ip irdp minadvertinterval 23 16 ip irdp multicast 23 17 ip irdp preference 23 18 ip local proxy arp 23 19 ip name server 23 20 ip proxy arp 23 21 ping 23 22 ro...

Page 390: ...entry it deletes the ARP entry from the ARP cache after this timeout is reached Your device times out dynamic ARP entries to ensure that the cache does not fill with entries for hosts that are no longer active Static ARP entries are not aged or automatically deleted By default the time limit for dynamic ARP entries is 300 seconds on all interfaces The no form sets the time limit to the default of ...

Page 391: ... mac address port number alias no arp ip address Mode Configure mode Examples To add the IP address 10 10 10 9 with the MAC address 0010 2533 4655 into the ARP cache and have your device respond to ARP requests for this address use the command awplus config arp 10 10 10 9 0010 2355 4566 alias Related Commands clear arp cache ip proxy arp show arp Parameter Description ip address A B C D format IPv...

Page 392: ...This command deletes the dynamic ARP entries from the ARP cache To display the entries in the ARP cache use the show arp command To remove static ARP entries use the no arp ip address command Syntax clear arp cache Mode Privileged Exec mode Examples To clear the dynamic ARP entries use the command awplus config clear arp cache Related Commands arp aging timeout arp IP address MAC address show arp ...

Page 393: ...the output If the optional icmp keyword is specified then ICMP packets are shown in the output The no debug ip interface command disables the debug ip interface command Syntax debug ip interface interface name all address ip address verbose hex arp udp tcp icmp no debug ip interface interface name Mode Privileged Exec mode Example To turn on ARP packet debugging on VLAN 1 use the command awplus de...

Page 394: ...ll Negating any packet debug mode will switch detail off Syntax debug ip irdp event nsm receive send both detail all no debug ip irdp event nsm receive send both detail all Mode Privileged Exec mode Example To enable IRDP input packet process debugging use the command To disable all IRDP debugging use the command Related Commands ip irdp router ip irdp show ip irdp Parameter Description event Enab...

Page 395: ...address Mode Interface mode Examples To add the primary IP address 10 10 10 50 24 to the interface vlan3 use the command awplus configure terminal awplus config interface vlan3 awplus config if ip address 10 10 10 50 24 To add the secondary IP address 10 10 11 50 24 to the same interface use the command awplus config if ip address 10 10 11 50 24 secondary Related Commands show ip interface brief P...

Page 396: ...ked first If there are no domains in the DNS list then your device uses the domain specified with the ip domain name command If any domain exists in the DNS list then the device does not use the domain set using the ip domain name command The no parameter deletes a domain from the list Syntax ip domain list domain_name no ip domain list domain_name Mode Configure mode Examples To add the domain ex...

Page 397: ...th the ip name server command The client is enabled by default However it does not attempt DNS enquiries unless there is a DNS server configured The no parameter disables the DNS client The client will not attempt to resolve domain names You must use IP addresses to specify hosts in commands Syntax ip domain lookup no ip domain lookup Mode Configure mode Examples To enable the DNS client on your d...

Page 398: ...e does not use the domain configured with this command When your device is using its DHCP client for an interface it can receive Option 15 from the DHCP server This option replaces the domain name set with this command See Chapter 52 Dynamic Host Configuration Protocol DHCP Introduction for more information about DHCP and DHCP options The no parameter removes the domain name previously set by this...

Page 399: ...vice from routing IP packets use the command awplus config no ip forwarding Related Commands show ip interface brief ip irdp This command enables ICMP Router Discovery advertising on an interface However the interface does not send or process Router Discovery messages until at least one IP address is configured on the interface with the ip address IPADDR command The no form disables ICMP Router Di...

Page 400: ...cific address to the default of 0 Syntax ip irdp address ip_address preference 0 2147483647 no ip irdp address ip_address preference Mode Interface mode Examples To set the preference value to 3000 for the address 192 168 1 1 advertised on vlan5 use the command To set the preference value to the default of 0 for the address 192 168 1 1 advertised on vlan5 use the command Related Commands ip irdp i...

Page 401: ...gures multicast Router Discovery advertisements on an interface The interface sends IRDP advertisements with the all system multicast address 224 0 0 1 as the IP destination address Syntax ip irdp broadcast no ip irdp broadcast Mode Interface mode Examples To enable broadcast Router Discovery advertisements on vlan13 use the commands To enable multicast Router Discovery advertisements on vlan13 us...

Page 402: ... sets the lifetime back to the default of 1800 seconds Syntax ip irdp lifetime 0 9000 no ip irdp lifetime Mode Interface mode Examples To set the lifetime value to 4000 seconds for addresses advertised on vlan6 use the command To set the lifetime value to the default of 1800 seconds for addresses advertised on vlan6 use the command Related Commands ip irdp ip irdp maxadvertinterval ip irdp minadve...

Page 403: ...nimum value first The no form sets the maxadvertinterval back to the default of 600 seconds Syntax ip irdp maxadvertinterval 4 1800 no ip irdp maxadvertinterval Mode Interface mode Examples To set the maximum interval between Router Discovery advertisements on vlan7 to 950 seconds use the command To set the maximum interval between advertisements on vlan7 back to default use the command Related Co...

Page 404: ... the maximum value first The no form sets the minadvertinterval back to the default of 450 seconds Syntax ip irdp minadvertinterval 3 1800 no ip irdp minadvertinterval Mode Interface mode Examples To set the minimum interval between advertisements on vlan4 to 900 seconds use the command To set the minimum interval between advertisements on vlan4 back to the default of 450 seconds use the command R...

Page 405: ...ements on an interface The interface sends IRDP advertisements with the broadcast address 255 255 255 255 as the IP destination address The multicast address is the default IP destination address for Router Discovery advertisements Syntax ip irdp multicast no ip irdp multicast Mode Interface mode Examples To enable multicast Router Discovery advertisements on vlan5 use the commands To enable broad...

Page 406: ...e interface are assigned the same preference value except the addresses that have specific preference value assignment using the command ip irdp address preference The no form sets the preference value to the default of 0 Syntax ip irdp preference 0 2147483647 no ip irdp preference Mode Interface mode Examples To set the preference of addresses advertised on vlan6 to 500 use the command To set the...

Page 407: ...s lets you monitor and filter traffic between hosts in the same subnet and enables you to have control over which hosts may communicate with one another When local proxy ARP is operating on an interface your device does not generate or forward any ICMP Redirect messages on that interface This command does not enable proxy ARP on the interface see the ip proxy arp command for more information on en...

Page 408: ...en your device is using its DHCP client for an interface it can receive Option 6 from the DHCP server This option appends the name server list with more DNS servers See Chapter 52 Dynamic Host Configuration Protocol DHCP Introduction for more information about DHCP and DHCP options The no form removes the DNS server from the list of servers Syntax ip name server ip_address no ip name server ip_add...

Page 409: ...its physical address and it can then forward these to the remote host Your device responds only when it has a specific route to the address being requested excluding the interface route that the ARP request arrived from It ignores all other ARP requests See the ip local proxy arp command about enabling your device to respond to other ARP messages Proxy ARP is enabled by default The no form disable...

Page 410: ...use dotted decimal notation with the format A B C D broadcast Allow pinging of a broadcast address df bit Enable or disable the do not fragment bit in the IP header interval Specify the time interval in seconds between sending ping packets The default is 1 pattern Specify the hex data pattern repeat The number of ping packets to send The default is 5 size The number of data bytes to send excluding...

Page 411: ...interface is configured to use IP and has had IRDP enabled on the interface with the ip irdp command The no form globally disables IRDP advertisements on the device All interfaces immediately stop transmitting and processing Router Discovery messages Syntax router ip irdp no router ip irdp Mode Configure mode Examples To enable Router Discovery advertisements on your device use the command To disa...

Page 412: ...rface Port Type 192 168 2 4 0013 4078 3b98 vlan3 port1 0 7 dynamic 192 168 15 20 0030 940e 136b vlan3 port1 0 7 dynamic 192 168 17 1 0017 9ab6 0369 vlan3 port1 0 7 dynamic 192 168 18 10 0003 376b a6a5 vlan3 port1 0 7 dynamic 192 168 18 12 0000 cd23 55c4 vlan3 port1 0 7 dynamic 192 168 21 1 0003 476b a8a9 vlan3 port1 0 7 dynamic 192 168 26 1 0030 846e 9bc5 vlan3 port1 0 7 dynamic 192 168 27 10 0000...

Page 413: ... list ip domain lookup ip domain name ip name server show ip domain list This command shows the domains configured in the domain list The DNS client uses the domains in this list to append incomplete hostnames when sending a DNS enquiry to a DNS server Syntax show ip domain list Mode Exec and Privileged Exec mode Output Figure 23 3 Example output from the show ip domain list command Examples To di...

Page 414: ... ip domain name Mode Exec and Privileged Exec mode Output Figure 23 4 Example output from the show ip domain name command Examples To display the default domain configured on your device use the command awplus show ip domain list Related Commands ip domain name ip domain lookup show ip forwarding Use this command to display the IP forwarding status Syntax show ip forwarding Mode Exec mode and Priv...

Page 415: ... for interface port1 0 2 use the command awplus show ip interface port1 0 2 brief To show the IP addresses assigned to vlan2 and vlan3 use the command awplus show ip interface vlan2 3 brief Interface IP Address Status Protocol vlan2 unassigned admin up down vlan3 192 168 6 6 admin up down Parameter Description interface list The interfaces to display information about An interface list can be an i...

Page 416: ... Privileged Exec mode Output Figure 23 6 Example output from the show ip irdp command Output Figure 23 7 Example output from the show ip irdp command with debug ip irdp detail set Output Figure 23 8 Example output from the show ip irdp command with debug ip irdp both set Example To display global IRDP configuration use the command awplus show ip irdp Related Commands debug ip irdp router ip irdp I...

Page 417: ...ding mode Whether this interface is sending broadcast or multicast router advertisements This means the destination IP address of router advertisements will be either the multicast address 224 0 0 1 or the broadcast address 255 255 255 255 Router Lifetime The lifetime value set for router advertisements sent from this interface This is the maximum time that other devices should treat the advertise...

Page 418: ...ut from the show ip name server command Examples To display the list of DNS servers that your device sends DNS requests to use the command awplus show ip name server Related Commands ip domain lookup ip name server Out packets The number of packets sent by IRDP on this interface In bad packets The number of packets received by IRDP that it has discarded because they do not conform or corrupted Out...

Page 419: ...Syntax tcpdump no tcpdump Mode Privileged Exec mode Example To start a tcpdump running as a background process enter the command awplus tcpdump To stop a running tcpdump enter the command awplus no tcpdump Related Commands debug ip interface traceroute Use this command to trace the route to the specified IP host Syntax traceroute ip addr hostname Mode Privileged Exec mode Example awplus traceroute...

Page 420: ...IP Addressing and Protocol Commands 2008 Allied Telesis Inc All rights reserved 23 32 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 421: ...rating System Software Reference C613 50003 00 REV E 24 1 2008 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 24 1 24 Routing Protocol Overview Introduction 24 2 RIP 24 2 OSPF 24 2 PIM SM 24 3 VRRP 24 3 ...

Page 422: ...routing protocol Open Shortest Path First OSPF is an interior gateway protocol IGP that uses the Shortest Path First SPF Dijsktra algorithm OSPF sends link state advertisements LSAs to all other routers within the same hierarchical area Data on attached interfaces metrics used and other variables are included in OSPF LSAs As OSPF routers accumulate link state data they use the SPF algorithm to cal...

Page 423: ...otocol Independent Multicast Sparse Mode PIM SM module is a multicast routing protocol module that uses the underlying unicast Routing Information Base RIB to determine the best next hop neighbor to reach the root of the multicast data distribution tree the Rendezvous Point RP or the source It builds unidirectional shared trees per group and optionally creates shortest path trees per source VRRP M...

Page 424: ...Routing Protocol Overview 2008 Allied Telesis Inc All rights reserved 24 4 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 425: ...Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 25 1 25 Route Selection Introduction 25 2 Types of Routes 25 2 Interface Routes 25 2 Static Routes 25 2 Dynamic Routes 25 2 RIB and FIB Routing Tables 25 4 Administrative Distance 25 4 Equal Cost Multipath Routing 25 6 How the AlliedWare PlusTM OS Adds Routes 25 7 How the AlliedWare PlusTM OS Deletes Routes 25 ...

Page 426: ... Interface Routes Your device creates an interface route when you create the interface This route tells your device to send packets over that interface when the packets are addressed to the interface s subnet Static Routes You can manually enter routes which are then called static routes You can use static routes to specify the default route to 0 0 0 0 If your device does not have a route to the p...

Page 427: ...iven a choice of routes RIP uses the route that takes the lowest number of hops If multiple routes have the same hop count RIP chooses the first route it finds Open Shortest Path First OSPF The Open Shortest Path First OSPF protocol is documented in RFC 1247 It has a number of significant benefits over RIP including OSPF supports the concept of areas to allow networks to be administratively partit...

Page 428: ... the Forwarding Information Base FIB with the best route to each destination When your device receives an IP packet and no filters are active that would exclude the packet it uses the FIB to find the most specific route to the destination If your device does not find a direct route to the destination and no default route exists it discards the packet and sends an ICMP message to that effect back t...

Page 429: ...e value for all OSPF route types use the command for RIP routes enter the router mode and use the command This sets the administrative distance for all RIP routes You cannot set an administrative distance for connected routes Protocols Distance Preference Connected Routes directly connected to an interface 1 highest Static Routes added using the ip route command or learnt through DHCP options on i...

Page 430: ...traffic to that destination it distributes the traffic across all routes in the group The AlliedWare PlusTM OS distributes traffic over the routes one flow at a time so all packets in a session take the same route Each equal cost route group can contain up to eight individual routes ECMP is only used to select between routes already in the FIB By default each equal cost route group can contain fou...

Page 431: ...al cost route group from the FIB Adds this new route to the FIB Has the route reached the maximum allowed equal cost routes Does not add route to FIB route_1 End of the Route Selection Process Is the distance for the new route the same as the existing route s Is the distance for the new route lower than the existing route s Does the route for this prefix already exists in the FIB Adds route to its...

Page 432: ...m a routing protocol it first deletes the specified route from its RIB Then it checks if the specified route is in the FIB If the route is in the FIB it deletes it from the FIB and checks if another route is available in its database for the same prefix If there is another route in the database the software installs this route in the FIB When multiple such routes exist the software uses the route ...

Page 433: ...nce C613 50003 00 REV E 26 1 2008 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 26 1 26 Routing Commands Introduction 26 2 ip route 26 2 maximum paths 26 3 show ip route 26 4 show ip route database 26 6 show ip route summary 26 7 ...

Page 434: ...te available through the device at 10 10 0 2 with an administrative distance of 128 use the command awplus config ip route 192 168 3 0 255 255 255 0 10 10 0 2 128 To add the destination 10 0 0 0 with a prefix length of 8 as a static route available through vlan4 with an administrative distance of 32 use the command awplus config ip route 10 0 0 0 8 vlan4 32 Related Commands show ip route Parameter...

Page 435: ...ing Information Base FIB ECMP is enabled by default The no form sets the maximum paths to the default of 4 Syntax maximum paths 1 8 no maximum paths Mode Configure mode Examples To set the maximum number of paths for each route in the FIB to 5 use the command awplus config maximum paths 5 To set the maximum paths for a route to the default of 4 use the command awplus config no maximum paths Parame...

Page 436: ...try For example O indicates OSPF as the origin of the route The first few lines of the output list the possible codes that may be seen with the route entries Typically route entries are composed of the following elements code a second label indicating the sub type of the route network or host ip address administrative distance and metric nexthop ip address outgoing interface name time since route ...

Page 437: ...rived from the IP address of local interface vlan2 These routes are marked as Connected routes C and always preferred over routes for the same network learned from other routing protocols OSPF External Route O E2 14 5 1 0 24 110 20 via 10 10 31 16 vlan2 00 18 56 This route entry denotes This route is the same as the other OSPF route explained above the main difference is that it is a Type 2 Extern...

Page 438: ...d in the FIB If the static route becomes unavailable then the device automatically selects the OSPF route and installs it in the FIB Parameter Description bgp Displays only the routes learned from BGP connected Displays only the routes learned from connected interfaces ospf Displays only the routes learned from OSPF rip Displays only the routes learned from RIP static Displays only the static rout...

Page 439: ...ip route summary This command displays a summary of the current RIB entries Syntax show ip route summary Mode Exec mode and Privileged Exec mode Output Figure 26 3 Example output from the show ip route summary command Examples To display a summary of the current RIB entries use the command Related Commands show ip route show ip route database IP routing table name is Default IP Routing Table 0 IP ...

Page 440: ...Routing Commands 2008 Allied Telesis Inc All rights reserved 26 8 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 441: ...llied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 27 1 27 RIP Configuration Introduction 27 2 Enabling RIP 27 2 Specifying the RIP version 27 3 RIPv2 authentication single key 27 4 RIPv2 text authentication multiple keys 27 5 RIPv2 md5 authentication multiple keys 27 8 ...

Page 442: ...assumes that the devices have already been configured with IP interfaces in those subnets To enable RIP first define the RIP routing process and then associate a network with the routing process Switch 1 Switch 2 Names of Commands Used router rip network Validation Commands show ip rip show run show ip protocols rip show ip rip interface show ip route rip_1 Switch 2 Switch 1 port1 0 1 port1 0 2 10...

Page 443: ... 12 10 Switch 3 port1 0 1 10 10 12 50 awplus configure terminal Enter the Configure mode awplus config router rip Enable the RIP routing process awplus config router exit awplus config interface port1 0 1 Specify interface port1 0 1 as an interface you want to configure awplus config if ip rip send version 1 2 Allow sending RIP version 1 and version 2 packets out of this interface awplus config if...

Page 444: ...gure mode awplus config router rip Define a RIP routing process and enter the Router mode awplus config router network 10 10 10 0 24 Associate network 10 10 10 0 24 with the RIP process awplus config router redistribute connected Enable redistributing from connected routes awplus config router exit Exit the Router mode and return to the Configure mode awplus config interface port1 0 1 Specify the ...

Page 445: ...ntication mode to be used Switch 1 accepts all packets that contain any key string that matches one of the key strings included in the specified key chain within the accept lifetime on that interface The key ID is not considered for matching For additional security the accept lifetime and send lifetime are configured such that every fifth day the key ID and key string changes To maintain continuit...

Page 446: ...se key string Earth can be received from noon of March 7 to 2 pm March 12 2007 awplus config keychain key send lifetime 12 00 00 Mar 7 2007 12 00 00 Mar 12 2007 Specify the time period during which authentication key string Earth can be sent In this case key string Secret can be received from noon of March 7 to noon of March 12 2007 awplus config keychain key end Enter Privileged Exec mode awplus ...

Page 447: ...config keychain key 40 Add another authentication key 40 to the key chain MOON awplus config keychain key key string Earth Specify a password Earth to be used by the specified key awplus config keychain key accept lifetime 12 00 00 Mar 7 2007 14 00 00 Mar 12 2007 Specify the time period during which authentication key string Earth can be received In this case key string Earth can be received from ...

Page 448: ...witch 1 For additional security the accept lifetime and send lifetime are configured such that every fifth day the key ID and key string changes To maintain continuity the accept lifetimes should be configured to overlap however the send lifetime should not be overlapping Switch 1 rip_5 Switch 2 Switch 1 port1 0 0 port1 0 1 10 10 10 10 10 10 10 50 port1 0 1 10 10 12 50 port1 0 2 10 10 11 10 awplus...

Page 449: ...t1 0 1 interface and specify the key chain SUN to be used for authentication awplus config if ip rip authentication mode md5 Specify md5 authentication mode to be used for RIP packets awplus configure terminal Enter the Configure mode awplus config router rip Define a RIP routing process and enter the Router mode awplus config router network 10 10 10 0 24 Associate network 10 10 10 0 24 with the R...

Page 450: ...Earth can be received In this case key string Earth can be received from noon of March 7 to 2 pm March 12 2007 awplus config keychain key send lifetime 12 00 00 Mar 7 2007 12 00 00 Mar 12 2007 Specify the time period during which authentication key string Earth can be send In this case key string Secret can be received from noon of March 7 to noon of March 12 2007 awplus config keychain key end En...

Page 451: ...rip authentication key chain 28 8 ip rip authentication mode 28 9 ip rip authentication string 28 10 ip rip receive packet 28 10 ip rip receive version 28 11 ip rip send packet 28 11 ip rip send version 28 12 ip rip send version 1 compatible 28 13 ip rip split horizon 28 13 key 28 14 key chain 28 15 key string 28 16 maximum prefix 28 16 neighbor 28 17 network 28 18 offset list 28 19 passive interf...

Page 452: ...in awplus config keychain key 1 awplus config keychain key accept lifetime 03 03 01 Dec 3 2007 04 04 02 Oct 6 2008 or awplus configure terminal awplus config key chain mychain awplus config keychain key 1 Parameter Description START HH MM SS DAY MONTH YEAR HH MM SS MONTH DAY YEAR HH MM SS Time of the day when accept lifetime starts in hours minutes and seconds DAY 1 31 Specifies the day of the mon...

Page 453: ...p all Mode Privileged Exec mode Usage Using this command with the all parameter clears the RIP table of all the routes Examples awplus clear ip rip route 10 0 0 0 8 awplus clear ip rip route ospf Parameter Description A B C D M removes entries which exactly match this destination address from RIP routing table static removes static entries from the RIP routing table connected removes entries for c...

Page 454: ...wplus debug rip packet default information originate Use this command to generate a default route into the Routing Information Protocol RIP Use the no parameter with this command to disable this feature Syntax default information originate no default information originate Default Disabled Mode Router mode Examples awplus configure terminal awplus config router rip awplus config router default info...

Page 455: ...This command is used with the redistribute command to make the routing protocol use the specified metric value for all redistributed routes Default metric is useful in redistributing routes with incompatible metrics Every protocol has different metrics and can not be compared directly Default metric provides the standard to compare All routes that are redistributed will use the default metric Exam...

Page 456: ...ode Router mode Examples To set the administrative distance to 8 for the RIP routes within the 10 0 0 0 8 network that match the access list mylist use the commands awplus config router rip awplus config router distance 8 10 0 0 0 8 mylist To set the administrative distance to the default of 120 for the RIP routes within the 10 0 0 0 8 network that match the access list mylist use the commands awp...

Page 457: ...out incoming or outgoing route updates using access list or prefix list If you do not specify the name of the interface the filter will be applied to all interfaces Example awplus configure terminal awplus config router rip awplus config router distribute list prefix myfilter in VLAN1 Parameter Description LIST ACCESSLIST prefix PREFIXLIST ACCESSLIST Specifies the IPv4 access list number or name t...

Page 458: ...YCHAINNAME no ip rip authentication key chain KEYCHAINNAME Mode Interface mode Usage Use this command to perform authentication on the interface Not configuring the key chain results in no authentication at all Examples In the following example interface VLAN23 is configured to use key chain authentication with the keychain mykey See the key command for a description of how a key chain is created ...

Page 459: ... rip authentication mode md5 text no ip rip authentication mode md5 text Default Text authentication is enabled Mode Interface mode Examples The following example shows md5 authentication configured on VLAN2 ensuring authentication of rip packets received on this interface awplus configure terminal awplus config interface VLAN2 awplus config if ip rip authentication mode md5 Related Commands ip ri...

Page 460: ...g example the interface VLAN2 is configured to have an authentication string as guest Any received RIP packet in that interface should have the same string as password awplus configure terminal awplus config interface VLAN2 awplus config if ip rip authentication string guest Related commands ip rip authentication mode ip rip receive packet Use this command to configure the interface to enable the ...

Page 461: ...lowing example interface VLAN3 is configured to receive both RIP version 1 and 2 packets awplus configure terminal awplus config interface VLAN3 awplus config if ip rip receive version 1 2 Related Commands version ip rip send packet Use this command to enable sending RIP packets through the current interface Use the no parameter with this command to disable this feature Syntax ip rip send packet n...

Page 462: ...sion command Syntax ip rip send version 1 2 no ip rip send version 1 2 Default Version 2 Mode Interface mode Usage This command applies to a specific interface and overrides any the version specified by the version command Examples In the following example interface VLAN4 is configured to send both RIP version 1 and 2 packets awplus configure terminal awplus config interface VLAN4 awplus config if...

Page 463: ...ce VLAN2 awplus config if ip rip send version 1 compatible ip rip split horizon Use this command to perform the split horizon action on the interface The default is split horizon poisoned Use the no parameter with this command to disable this function Syntax ip rip split horizon poisoned no ip rip split horizon Default Split horizon poisoned Mode Interface mode Usage Use this command to avoid incl...

Page 464: ...ey KEYID no key KEYID Mode Keychain mode Usage This command allows you to enter the keychain key mode where a password can be set for the key Examples The following example configures a key number 1 and shows the change into a keychain key command mode prompt awplus configure terminal awplus config key chain mychain awplus config keychain key 1 awplus config keychain key Related Commands key chain...

Page 465: ...in and all configured keys Syntax key chain KEYNAME no key chain KEYNAME Mode Configure mode Usage This command allows you to enter the keychain mode from which you can specify keys on this key chain Examples The following example shows the creation of a key chain named mychain and the change into keychain mode prompt awplus configure terminal awplus config key chain mychain awplus config keychain...

Page 466: ... 1 awplus config keychain key key string prime Related Commands key key chain accept lifetime send lifetime maximum prefix Use this command to configure the maximum number of RIP routes stored in the routing table Use the no parameter with this command to disable all limiting of the number of RIP routes stored in the routing table Syntax maximum prefix MAXPREFIX THRESHOLD no maximum prefix MAXPREF...

Page 467: ...d Mode Router mode Usage Use this command to exchange nonbroadcast routing information It can be used multiple times for additional neighbors Passive interface command disables sending routing updates on an interface Use the neighbor command in conjunction with the passive interface command on page 28 20 to send routing updates to specific neighbors Examples awplus configure terminal awplus config...

Page 468: ...mily mode Usage Use this command to specify networks or interfaces to which routing updates will be sent and received The connected routes corresponding to any interfaces that lie within the specified network will be automatically advertised in RIP updates RIP updates will be sent and received on all the interfaces that lie within the specified network Examples awplus configure terminal awplus con...

Page 469: ...the networks match the access list the offset is applied to the metrics No change occurs if the offset value is zero Examples In this example the router examines the RIP updates being sent out from interface VLAN2 and adds 5 hops to the routes matching the ip addresses specified in the access list 1 awplus configure terminal awplus config router rip awplus config router offset list 1 in 5 VLAN2 Re...

Page 470: ...passive interface VLAN20 Related Commands show ip rip recv buffer size Use this command to run time configure the RIP UDP User Datagram Protocol receive buffer size to improve UDP reliability by avoiding UDP receive buffer overrun Use the no parameter with this command to unset the configured RIP UDP receive buffer size and set it back to the system default value 196608 bits Command Syntax recv bu...

Page 471: ...start rip graceful grace period 1 65535 Mode Privileged Exec mode Usage After this command is executed the RIP process immediately shuts down It notifies the system that RIP has performed a graceful shutdown Routes that have been installed into the route table by RIP are preserved until the specified grace period expires When a restart rip graceful command is issued the RIP configuration is reload...

Page 472: ...Use the no parameter with this command to disable the RIP routing process Syntax router rip no router rip Mode Configure mode Examples This command is used to begin the RIP routing process awplus configure terminal awplus config router rip awplus config router version 1 awplus config router network 10 10 10 0 24 awplus config router network 10 10 11 0 24 awplus config router neighbor 10 10 10 10 R...

Page 473: ...4 02 Dec 6 2006 Related Commands key key string key chain accept lifetime Parameter Description START HH MM SS DAY MONTH YEAR HH MM SS Time of the day when lifetime starts in hours minutes and seconds DAY 1 31 Specifies the day of the month to start MONTH Specifies the month of the year to start the first three letters of the month for example Feb YEAR 1993 2035 Specifies the year to start END TIM...

Page 474: ...ntax show ip protocols rip Mode Privileged Exec mode and Exec mode Usage This is an example of the output from the show ip protocols rip command awplus show ip protocols rip Routing Protocol is rip Sending updates every 30 seconds with 50 next due in 12 seconds Timeout after 180 seconds garbage collect after 120 seconds Outgoing update filter list for all interface is not set Incoming update filte...

Page 475: ...ic to reach it awplus show ip rip Codes R RIP C Connected S Static O OSPF B BGP Network Next Hop Metric From If Time C 10 0 1 0 24 1 VLAN20 S 10 10 10 0 24 1 VLAN20 C 10 10 11 0 24 1 VLAN20 S 192 168 101 0 24 1 VLAN20 R 192 192 192 0 24 1 Examples awplus show ip rip Related Commands network clear ip rip route Equivalent Commands show ip rip database show ip rip database Use this command to display...

Page 476: ... interfaces You can specify an interface name to display information about a specific interface Syntax show ip rip interface IFNAME Mode Exec mode and Privileged Exec mode Example The following is the output from the show ip rip interface command This output shows the RIP related configuration of each IP interface awplus show ip rip interface Parameter Description IFNAME Name of the interface for ...

Page 477: ...c 16 so that neighbors are notified that the route has been dropped When the time specified by the garbage parameter expires the metric 16 route is finally removed from the routing table Until the garbage time expires the route is included in all updates sent by the router All the routers in the network must have the same timers to ensure the smooth operation of RIP throughout the network Examples...

Page 478: ... run in version 1 or version 2 mode Version 2 has more features than version 1 in particular RIP version 2 supports authentication Once the rip version is set RIP packets of that version will be received and sent on all the RIP enabled interfaces The ip rip receive version command and the ip rip send version command override the value set by this command Examples awplus configure terminal awplus c...

Page 479: ...ved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 28 29 Validation Commands show running config awplus show running config router rip version 1 Related Commands ip rip receive version ip rip send version ...

Page 480: ...RIP Commands 2008 Allied Telesis Inc All rights reserved 28 30 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 481: ...ghts reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 29 1 29 OSPF Configuration Introduction 29 2 Terminology 29 2 Enabling OSPF on an Interface 29 3 Setting priority 29 5 Configuring an Area Border Router 29 7 Redistributing routes into OSPF 29 8 OSPF Cost 29 9 Configuring Virtual Links 29 11 OSPF Authentication 29 12 ...

Page 482: ...rk is determined dynamically via hello packets On non broadcast multi access networks static configuration information is used to initiate the search for a designated router To help in dynamic fallover OSPF also determines a backup designated router for a network via hello packets The backup designated router like the designated router maintains an adjacency to all other routers on the network If ...

Page 483: ...4 Note Configure one interface so that it belongs to only one area However you can configure different interfaces on an OSPF router to belong to different areas Switch 1 ospf_1 Switch 1 10 10 10 10 24 AS1 10 10 10 11 24 Area 0 Switch 2 awplus configure terminal Enter the Configure mode awplus config router ospf 100 Configure the Routing process and specify the Process ID 100 The Process ID should ...

Page 484: ... and specify the Process ID 200 The Process ID should be a unique positive integer identifying the routing process Note that the process ID used on this switch is different to that used on Switch 1 This is correct configuration as the process ID is a value that is only used within a single OSPF router Therefore there is no requirement for the process IDs used on one OSPF router to have any relatio...

Page 485: ...uter awplus config interface vlan2 Specify the interface vlan2 to be configured awplus config if ip ospf priority 10 Specify the router priority to a higher priority 10 to make Switch 3 the Designated Router DR awplus config if exit Exit the Interface mode and return to the Configure mode awplus config router ospf 100 Configure the Routing process and specify the Process ID 100 The Process ID shou...

Page 486: ...ea ip ospf priority Validation Commands show ip ospf neighbor show ip ospf interface awplus config router ospf 200 Configure the Routing process and specify the Process ID 200 The Process ID should be a unique positive integer identifying the routing process awplus config router network 10 10 10 0 24 area 0 Define the interface 10 10 10 0 24 on which OSPF runs and associate the area ID 0 with the ...

Page 487: ...Switch 1 10 10 10 10 24 10 10 10 11 24 Area 0 Switch 2 Switch 3 10 10 10 12 24 port1 0 0 port1 0 0 port1 0 0 Designated Router 10 10 11 11 24 port1 0 1 10 10 11 13 24 port1 0 2 port1 0 1 Switch 4 Area 1 awplus configure terminal Enter the Configure mode awplus config router ospf 100 Configure the Routing process and specify the Process ID 100 The Process ID should be a unique positive integer iden...

Page 488: ...istribute network area ospf_4 Device 1 10 10 10 10 24 Area 0 Device 2 Device 3 Designated Router OSPF Device 5 Area 2 AS2 BGP 10 10 10 12 24 10 10 10 11 24 BGP OSPF 10 10 10 11 24 OSPF AS1 awplus configure terminal Enter the Configure mode awplus config router ospf 100 Configure the Routing process and specify the Process ID 100 The Process ID should be a unique positive integer identifying the ro...

Page 489: ...erminal Enter the Configure mode awplus config router ospf 100 Configure the Routing process and specify the Process ID 100 The Process ID should be a unique positive integer identifying the routing process awplus config router network 10 10 9 0 24 area 0 awplus config router network 10 10 10 0 24 area 0 awplus config router network 10 10 12 0 24 area 0 Define interfaces on which OSPF runs and ass...

Page 490: ...0 Configure the Routing process and specify the Process ID 100 The Process ID should be a unique positive integer identifying the routing process awplus config router network 10 10 12 0 24 area 0 awplus config router network 10 10 13 0 24 area 0 Define interfaces on which OSPF runs and associate the area ID 0 with the interface awplus config router ospf 100 Configure the Routing process and specif...

Page 491: ...6 Device 4 Area 0 Device 1 10 10 22 0 24 10 10 21 0 24 10 10 22 0 24 Device 6 Device 5 Device 2 10 10 23 0 24 10 10 23 0 24 10 10 24 0 24 10 10 24 0 24 Area 2 Area 1 Virtual Link Area Border Router Area Border Router awplus configure terminal Enter the Configure mode awplus config router ospf 100 Configure the Routing process and specify the Process ID 100 The Process ID should be a unique positiv...

Page 492: ... Interface authentication type overrides the Area authentication type If the Authentication type is not specified for an interface the Authentication type for the area is used The authentication command descriptions contain details of each type of authentication Refer to Chapter 30 OSPF Commands for OSPF authentication commands In this example the OSPF routers are Allied Telesis managed Layer 3 sw...

Page 493: ... OSPF runs and associate the area ID 0 with the interface area ID 0 specifies the backbone area awplus config router area 0 authentication message digest Enable MD5 authentication on area 0 awplus config router exit Exit the Router mode and return to Configure mode awplus config interface vlan2 Specify the interface vlan2 you are configuring awplus config if ip ospf message digest key 1 md5 test R...

Page 494: ...e interfaces on which OSPF runs and associate the area ID 0 with the interface area ID 0 specifies the backbone area awplus config router area 0 authentication message digest Enable MD5 authentication on area 0 awplus config router exit Exit the Router mode and return to Configure mode awplus config interface vlan2 Specify the interface vlan2 you are configuring awplus config if ip ospf message di...

Page 495: ...30 15 debug ospf ifsm 30 16 debug ospf lsa 30 17 debug ospf nfsm 30 18 debug ospf nsm 30 18 debug ospf packet 30 19 debug ospf route 30 20 default information originate 30 21 default metric 30 22 distance ospf 30 23 distribute list 30 24 host area 30 25 ip ospf authentication 30 26 ip ospf authentication key 30 27 ip ospf cost 30 28 ip ospf database filter 30 29 ip ospf dead interval 30 30 ip ospf...

Page 496: ...atabase 30 53 show ip ospf database asbr summary 30 54 show ip ospf database external 30 55 show ip ospf database network 30 56 show ip ospf database nssa external 30 58 show ip ospf database opaque area 30 59 show ip ospf database opaque as 30 60 show ip ospf database opaque link 30 61 show ip ospf database router 30 62 show ip ospf database summary 30 63 show ip ospf interface 30 65 show ip ospf...

Page 497: ...routing domain Give all routers that are to communicate with each other through OSPF the same authentication password Use the ip ospf authentication key command to specify a Simple Text password Use the ip ospf message digest key command to specify MD5 password The no form removes the authentication specification for an area Syntax area area_id authentication message digest no area area_id authent...

Page 498: ... on NSSA The no form of this command removes the assigned default route cost Syntax area area_id default cost 0 16777215 no area area_id default cost Mode Router mode Examples To set the default cost to 10 in area 1 for the OSPF instance 100 use the commands awplus configure terminal awplus config router ospf 100 awplus config router area 1 default cost 10 Related Commands area nssa area stub Para...

Page 499: ... configuration Syntax area area_id filter list access word prefix word in out Mode Router mode Examples awplus configure terminal awplus config access list 1 deny 172 22 0 0 awplus config router ospf 100 awplus config router area 1 filter list access 1 in Parameter Description area_id The OSPF area that you are configuring the filter for Use one of the following formats A B C D OSPF Area ID in IPv...

Page 500: ...an NSSA not both The no form removes this designation Syntax area area_id nssa default information originate metric no redistribution no summary translator role role no area area_id nssa default information originate metric no redistribution no summary translator role role Mode Router mode Parameter Description area_id The OSPF area that you are configuring as an NSSA Use one of the following form...

Page 501: ...n an area are assigned in a way such that they fall into sets of contiguous routes the ABRs can be configured to advertise a small set of summary routes that cover the individual networks within the area The no form disables this function Syntax area area id range ip_address advertise not advertise no area area id range Mode Router mode Usage Multiple ranges can be configured on a single area by m...

Page 502: ...ea default cost commands In all routers attached to the stub area configure the area by using the area stub command For an area border router ABR attached to the stub area also use the area default cost command The no form removes this definition Syntax area area id stub no summary no area area id stub no summary Mode Router mode Examples awplus configure terminal awplus config router ospf 100 awp...

Page 503: ...rval results in the router detecting topological changes faster but also an increase in the routing traffic The retransmit interval is the expected round trip delay between any two routers in a network Set the value to be greater than the expected round trip delay to avoid needless retransmissions The transmit delay is the time taken to transmit a link state update packet on the interface Before t...

Page 504: ...An 8 character password msg_key Specifies a message digest key using the MD5 algorithm Use the following format message digest key 1 255 md5 LINE 1 255 The key ID LINE Authentication password of 16 characters authentication Enables authentication on this virtual link message digest Use message digest authentication null Use null authentication to override password or message digest dead interval I...

Page 505: ...reasing bandwidth beyond 100 Mbps The auto cost command is used to alter this reference bandwidth in order to give a real difference between the metrics of high bandwidth links of differing bandwidths In a network that has multiple links with high bandwidths specify a larger reference bandwidth value to differentiate the costs on those links The no form of this command assign cost based only on th...

Page 506: ...awplus configure terminal awplus config interface port1 0 2 awplus config if bandwidth 1000000 Related Commands show running config show running config interface show interface capability opaque This command enables opaque LSAs Opaque LSAs are Type 9 10 and 11 LSAs that deliver information used by external applications By default opaque LSAs are enabled The no form of this command to disables opaq...

Page 507: ...ocess This command clears and restarts the OSPF routing process Specify the Process ID to clear one particular OSPF process When no Process ID is specified this command clears all running OSPF processes Syntax clear ip ospf process clear ip ospf 0 65535 process Mode Privileged Exec Mode Examples awplus clear ip ospf process Parameter Description 0 65535 The Routing Process ID ...

Page 508: ... the minimum metric of the component paths available RFC 2328 specifies a method for calculating metrics based on maximum cost It is possible that some ABRs in an area might conform to RFC 1583 and others support RFC 2328 which could lead to incompatibility in their interoperation This command addresses this issue by allowing you to selectively disable compatibility with RFC 2328 Use the no form o...

Page 509: ...meters to disable all the options Syntax debug ospf event abr asbr lsa nssa os router vlink no debug ospf event abr asbr lsa nssa os router vlink undebug ospf event abr asbr lsa nssa os router vlink Mode Privileged Exec mode and Configure mode Examples awplus debug ospf event asbr awplus debug ospf event lsa awplus undebug ospf event nssa awplus no debug ospf event abr Related Commands terminal mo...

Page 510: ...nd undebug form disables OSPF IFSM debugging Syntax debug ospf ifsm status events timers no debug ospf ifsm status events timers undebug ospf ifsm status events timers Mode Privileged Exec mode and Configure mode Examples awplus no debug ospf ifsm events awplus debug ospf ifsm status awplus debug ospf ifsm timers Related Commands terminal monitor Parameter Description events Displays IFSM event in...

Page 511: ...mand Examples awplus no debug ospf lsa refresh awplus debug ospf lsa flooding awplus debug ospf lsa install awplus debug ospf lsa maxage awplus debug ospf lsa generate awplus undebug ospf lsa refresh Related Commands terminal monitor Parameter Description flooding Displays LSA flooding generate Displays LSA generation install Show LSA installation maxage Shows maximum age of the LSA in seconds ref...

Page 512: ... ospf nfsm events Related Commands terminal monitor debug ospf nsm This command enables debugging options for the OSPF Network Service Module The no and undebug form disables this debugging Syntax debug ospf nsm interface redistribute no debug ospf nsm interface redistribute undebug ospf nsm interface redistribute Mode Priviledged Exec mode and Configure mode Examples awplus debug ospf nsm interfa...

Page 513: ...Privileged Exec mode and Configure mode Examples awplus debug ospf packet detail awplus debug ospf packet dd send detail awplus no debug ospf packet ls request recv detail awplus undebug ospf packet ls request recv detail Related Commands terminal monitor Parameter Description dd Specifies debugging for OSPF database descriptions detail Sets the debug option to detailed information hello Specifies...

Page 514: ...tax debug ospf route ase ia install spf no debug ospf route ase ia install spf undebug ospf route ase ia install spf Mode Privileged Exec mode and Configure mode Examples awplus debug ospf route awplus no debug ospf route ia awplus debug ospf route install awplus undebug ospf route install Related Commands terminal monitor Parameter Description ia Specifies the debugging of Inter Area route calcul...

Page 515: ...nal route could be either Type 1 or 2 the default is the Type 2 The no form of this command disables this feature Syntax default information originate always metric route map word no default information originate Mode Router mode Examples awplus configure terminal awplus config router ospf 100 awplus config router default information originate always metric 23 metric type 2 route map myinfo Relate...

Page 516: ...distribution to continue The effect of this command is that OSPF will use the same metric value for all redistributed routes Use this command in conjunction with the redistribute command The no form of this command returns OSPF to using built in automatic metric translations as appropriate for each routing protocol Syntax default metric 0 16777214 no default metric Mode Router mode Examples awplus...

Page 517: ...rm sets the administrative distance for all OSPF route types to the default of 110 Syntax distance 1 255 distance external 1 255 inter area 1 255 intra area 1 255 no distance ospf Mode Router mode Examples To set the following administrative distances for route types in OSPF 100 20 for inter area routes 10 for intra area routes 40 for external routes use the commands To set the administrative dist...

Page 518: ...on of BGP routing updates based on access list 1 network 172 10 0 0 awplus configure terminal awplus config access list 1 permit 172 10 0 0 0 0 255 255 awplus config router ospf 100 awplus config router distribute list 1 out bgp awplus config router redistribute bgp Related Commands redistribute Parameter Description list_name Specifies the name of the access list out Indicates that this applies t...

Page 519: ...is command removes the host area configuration Syntax host ip_address area area_id cost 0 65535 no host ip_address area area_id cost 0 65535 Mode Router mode Examples awplus configure terminal awplus config router ospf 100 awplus config router host 172 16 10 100 area 1 awplus config router host 172 16 10 101 area 2 cost 10 Parameter Description ip_address The IPv4 address of the host in dotted dec...

Page 520: ... password Use the ip ospf message digest key command to specify MD5 password Syntax ip ospf ip_address authentication message digest null no ip ospf ip_address authentication Mode Interface mode Examples In this example interface vlan1 is configured to have no authentication This will override any text or MD5 authentication configured on this interface awplus configure terminal awplus config inter...

Page 521: ...or each area Configure the routers in the same routing domain with the same password By default an authentication password is not specified The no form of this command removes the OSPF authentication password Syntax ip ospf ip_address authentication key line no ip ospf ip_address authentication key Mode Interface mode Examples In the following example an authentication key test is created on inter...

Page 522: ...rface bandwidth By default the reference bandwidth is 100 Mbps 108 but can be set to a different value by the command auto cost reference bandwidth command on page 30 11 To set the interface cost manually use this command The no form of this command resets the interface cost to the default value Syntax ip ospf ip_address cost 1 65535 no ip ospf ip_address cost Mode Interface mode Examples The foll...

Page 523: ...idth and might lead to excessive link and CPU usage in certain topologies resulting in destabilizing the network To avoid this use the ip ospf database filter command to block flooding of LSAs over specified interfaces By default all outgoing LSAs are flooded to the interface The no form of this command turns off the filter Syntax ip ospf ip_address database filter all out no ip ospf ip_address da...

Page 524: ...IP address no ip ospf IPADDR dead interval Syntax ip ospf ip_address dead interval 1 65535 no ip ospf ip_address dead interval Mode Interface mode Examples The following example shows configuring the dead interval to 10 seconds on interface vlan1 awplus configure terminal awplus config interface vlan1 awplus config if ip ospf dead interval 10 Related Commands ip ospf hello interval show ip ospf in...

Page 525: ...logical changes but results in more routing traffic The no form of this command returns the interval to the default of 10 seconds Syntax ip ospf ip_address hello interval 1 65535 no ip ospf ip_address hello interval Mode Interface mode Examples The following example shows setting the hello interval to 3 seconds on interface VLAN2 awplus configure terminal awplus config interface VLAN2 awplus confi...

Page 526: ...with a new password The router will stop sending duplicate packets once it detects that all of its neighbors have adopted the new password Maintain only one password per interface removing the old password whenever you add a new one This will prevent the local system from continuing to communicate with the system that is using the old password Removing the old password also reduces overhead during...

Page 527: ...u This command sets the MTU size for OSPF Whenever OSPF constructs packets it uses interface MTU size as Maximum IP packet size This command forces OSPF to use the specified value overriding the actual interface MTU size This command allows an administrator to configure the MTU size recognized by the OSPF protocol It does not configure the MTU settings on the interface OSPF will not recognize MTU ...

Page 528: ...ghbor If the MTU size does not match the interface MTU the neighbor adjacency is not established Using this command makes OSPF ignore this check and allows establishing of adjacency regardless of MTU size in the DD packet Use the no parameter with this command to make sure that OSPF checks MTU size during DD exchange Syntax ip ospf ip_address mtu ignore no ip ospf ip_address mtu ignore Mode Interf...

Page 529: ...orm of this command returns the network type to the default for the particular interface For Ethernet the default is broadcast Syntax ip ospf network broadcast non broadcast point to point point to multipoint no ip ospf network Mode Interface mode Examples The following example shows setting the network type to point to point on the vlan1 interface awplus configure terminal awplus config interface...

Page 530: ...etwork If two routers attempt to become the DR the router with the higher router priority becomes the DR If the router priority is the same for two routers the router with the higher router ID takes precedence Only routers with nonzero router priority values are eligible to become the designated or backup designated router Configure router priority for multiaccess networks only and not for point t...

Page 531: ...ceived from a neighbor Use the no parameter with this command to return to the default value Syntax ip ospf ip_address resync timeout 1 65535 no ip ospf ip_address resync timeout Mode Interface mode Examples The following example shows setting the OSPF resynchronization timeout value to 65 seconds on the vlan2 interface awplus configure terminal awplus config interface vlan2 awplus config if ip os...

Page 532: ...n LSA to a neighbor the router keeps the LSA until it receives an acknowledgement In case the router does not receive an acknowledgement during the set time the retransmit interval value it retransmits the LSA Set the retransmission interval value conservatively to avoid needless retransmission The interval should be greater than the expected round trip delay between two routers Examples The follo...

Page 533: ... The transmit delay value adds a specified time to the age field of an update If the delay is not added the time in which the LSA transmits over the link is not considered This command is especially useful for low speed links Add transmission and propagation delays when setting the transmit delay value Examples The following example shows setting the OSPF transmit delay time to 3 seconds on the vl...

Page 534: ...ected to the same NBMA network Use the no parameter with this command to remove a configuration Syntax neighbor ip_address cost priority poll interval no neighbor ip_address cost priority poll interval Mode Router mode Usage To configure a neighbor on an NBMA network manually use the neighbor command and include one neighbor entry for each known nonbroadcast network neighbor The IP address used in...

Page 535: ...outers continue to send hello packets when a neighboring router has become inactive Set the poll interval to be much larger than hello interval Examples This example shows a neighbor configured with a priority value poll interval time and cost awplus configure terminal awplus config router ospf 100 awplus config router neighbor 1 2 3 4 priority 1 poll interval 90 awplus config router neighbor 1 2 ...

Page 536: ... Mode Router mode Usage OSPF routing can be enabled per IPv4 subnet The network address can be defined using either the prefix length or a wild card mask A wild card mask is comprised of consecutive 0 s as network bits and consecutive 1 s as host bits Examples awplus configure terminal awplus config router ospf 100 awplus config router network 10 0 0 0 8 area 3 awplus config router network 10 0 0 ...

Page 537: ...co ABR Type By this definition a router is considered an ABR if it has more than one area actively attached and one of them is the backbone area Standard ABR Type By this definition a router is considered an ABR if it has more than one area actively attached to it IBM ABR Type By this definition a router is considered an ABR if it has more than one area actively attached and the backbone area is c...

Page 538: ... database Use this command to limit the maximum number of LSAs that can be supported by the current OSPF instance Use the no parameter with this command to have no limit on the maximum number of LSAs Syntax overflow database 0 4294967294 hard soft no overflow database Mode Router mode Usage Use hard with this command if a shutdown is required if the number of LSAs exceeds the specified number Use ...

Page 539: ...sage Use this command to limit the number of AS external LSAs a router can receive once it is in the wait state It takes the number of seconds specified as the WAITTIME to recover from this state Examples The following example shows setting the size of database overflow to 50 and the time to recover from overflow state to be 3 awplus configure terminal awplus config router ospf 100 awplus config r...

Page 540: ...th this command to disable this function Syntax redistribute protocol METRIC METRIC TYPE ROUTE MAP TAG no redistribute protocol METRIC METRIC TYPE ROUTE MAP TAG Mode Router mode Usage Use the redistribute command to inject routes learnt from other routing protocols into the OSPF domain to generate AS external LSAs If a route map is configured on this command then that route map is used to control ...

Page 541: ...erminal awplus config router ospf 100 awplus config router redistribute bgp metric 12 restart ospf graceful Use this command to force the OSPF process to restart Syntax restart ospf graceful grace period 1 1800 Mode Privileged Exec mode Usage After this command is executed the OSPF process immediately shuts down It notifies the system that OSPF has performed a graceful shutdown Routes installed by...

Page 542: ...rocess If no process ID is specified on the no command then all OSPF routing processes are terminated and all OSPF configuration is removed Syntax router ospf PROCESSID no router ospf PROCESSID Default No routing process defined Mode Configure mode Usage The process ID of OSPF is an optional parameter When running a single instance of OSPF you may or may not specify the Process ID but when running...

Page 543: ...id is used at the next reload or when you restart OSPF manually Examples The following example shows a fixed router ID 10 10 10 60 awplus configure terminal awplus config router ospf 100 awplus config router router id 10 10 10 60 Related Commands show ip ospf show debugging ospf Use this command to display which OSPF debugging options are currently enabled Syntax show debugging ospf Mode Privilege...

Page 544: ...y 5 secs Hold time between two SPFs 10 secs Refresh timer 10 secs Number of external LSA 1 Checksum Sum 0xBC1E Number of non default external LSA 1 External LSA database is unlimited Number of areas attached to this router 1 Area 0 BACKBONE Number of interfaces in this area is 1 1 Number of fully adjacent neighbors in this area is 1 Area has no authentication SPF algorithm last executed 00 46 27 9...

Page 545: ...ess ospf 100 with ID 10 10 11 146 Process uptime is 0 minute Conforms to RFC2328 and RFC1583Compatibility flag is disabled Supports only single TOS TOS0 routes Supports opaque LSA SPF schedule delay 5 secs Hold time between two SPFs 10 secs Refresh timer 10 secs Number of external LSA 0 Checksum Sum 0x0 Number of non default external LSA 0 External LSA database is unlimited Number of areas attache...

Page 546: ...ileged Exec mode Output Figure 30 4 Example output from the show ip ospf border routers command Examples To display the ABRs and ASBRs for all OSPF instances use the command awplus show ip ospf border routers To display the ABRs and ASBRs for the specific OSPF instance 721 use the command awplus show ip ospf 721 border routers Parameter Description process_id 0 65535 The ID of the router process f...

Page 547: ...es max age Displays LSAs in MaxAge list It maintains the list of the all LSAs in the database which have reached the max age which is 3600 seconds OSPF Router process 1 with ID 10 10 11 60 Router Link States Area 0 0 0 1 Link ID ADV Router Age Seq CkSum Link count 10 10 11 60 10 10 11 60 32 0x80000002 0x472b 1 OSPF Router process 100 with ID 10 10 11 60 Router Link States Area 0 0 0 0 Link ID ADV ...

Page 548: ...ry Use this command to display information about the Autonomous System Boundary Router ASBR summary LSAs Syntax show ip ospf database asbr summary A B C D self originate ADVROUTER Mode Privileged Exec mode Examples awplus show ip ospf database asbr summary 1 2 3 4 self originate awplus show ip ospf database asbr summary self originate awplus show ip ospf database asbr summary 1 2 3 4 adv router 2 ...

Page 549: ...self originate awplus show ip ospf database external self originate awplus show ip ospf database external 1 2 3 4 adv router 2 3 4 5 Parameter Description ADVROUTER adv router A B C D adv router Displays all the LSAs of the specified router A B C D A link state ID as an IP address self originate Displays self originated link states OSPF Router process 100 with ID 10 10 11 50 AS External Link State...

Page 550: ...s all the LSAs of the specified router A B C D A link state ID as an IP address self originate Displays self originated link states OSPF Router process 200 with ID 192 30 30 2 Net Link States Area 0 0 0 0 LS age 1387 Options 0x2 E LS Type network LSA Link State ID 192 10 10 9 address of Designated Router Advertising Router 192 30 30 3 LS Seq Number 80000001 Checksum 0xe1b0 Length 32 Network Mask 2...

Page 551: ...ngth 32 Network Mask 24 Attached Router 192 20 20 1 Attached Router 192 30 30 3 LS age 1327 Options 0x2 E LS Type network LSA Link State ID 192 20 20 2 address of Designated Router Advertising Router 192 20 20 2 LS Seq Number 8000000d Checksum 0xbce6 Length 32 Network Mask 24 Attached Router 192 20 20 1 Attached Router 192 20 20 2 LS age 1278 Options 0x2 E LS Type network LSA Link State ID 192 30 ...

Page 552: ...ter A B C D A link state ID as an IP address self originate Displays self originated link states OSPF Router process 100 with ID 10 10 11 50 NSSA external Link States Area 0 0 0 0 NSSA external Link States Area 0 0 0 1 NSSA LS age 78 Options 0x0 LS Type AS NSSA LSA Link State ID 0 0 0 0 External Network Number For NSSA Advertising Router 10 10 11 50 LS Seq Number 80000001 Checksum 0xc9b6 Length 36...

Page 553: ...se opaque area self originate command Examples awplus show ip ospf database opaque area 1 2 3 4 self originate awplus show ip ospf database opaque area self originate awplus show ip ospf database opaque area 1 2 3 4 adv router 2 3 4 5 Parameter Description ADVROUTER adv router A B C D adv router Displays all the LSAs of the specified router A B C D A link state ID as an IP address self originate D...

Page 554: ...atabase opaque as self originate command Examples awplus show ip ospf database opaque as 1 2 3 4 self originate awplus show ip ospf database opaque as self originate awplus show ip ospf database opaque as 1 2 3 4 adv router 2 3 4 5 Parameter Description ADVROUTER adv router A B C D adv router Displays all the LSAs of the specified router A B C D A link state ID as an IP address self originate Disp...

Page 555: ... Examples awplus show ip ospf database opaque link 1 2 3 4 self originate awplus show ip ospf database opaque link self originate awplus show ip ospf database opaque link 1 2 3 4 adv router 2 3 4 5 Parameter Description ADVROUTER adv router A B C D adv router Displays all the LSAs of the specified router A B C D A link state ID as an IP address self originate Displays self originated link states O...

Page 556: ... LSAs of the specified router A B C D A link state ID as an IP address self originate Displays self originated link states OSPF Router process 100 with ID 10 10 11 50 Router Link States Area 0 0 0 0 LS age 878 Options 0x2 E Flags 0x3 ABR ASBR LS Type router LSA Link State ID 10 10 11 50 Advertising Router 10 10 11 50 LS Seq Number 80000004 Checksum 0xe39e Length 36 Number of Links 1 Link connected...

Page 557: ... output from the show ip ospf database summary A B C D command Parameter Description ADVROUTER adv router A B C D adv router Displays all the LSAs of the specified router A B C D A link state ID as an IP address self originate Displays self originated link states OSPF Router process 100 with ID 10 10 11 50 Summary Link States Area 0 0 0 0 Summary Link States Area 0 0 0 1 LS age 1124 Options 0x2 E ...

Page 558: ...etric 10 Summary Link States Area 0 0 0 1 LS age 1061 Options 0x2 E LS Type summary LSA Link State ID 10 10 11 0 summary Network Number Advertising Router 10 10 11 50 LS Seq Number 80000001 Checksum 0x36ac Length 28 Network Mask 24 TOS 0 Metric 10 Summary Link States Area 0 0 0 1 LS age 1061 Options 0x2 E LS Type summary LSA Link State ID 10 10 10 0 summary Network Number Advertising Router 10 10 ...

Page 559: ...Description IFNAME An alphanumeric string that is the interface name VLAN1 is up line protocol is up Internet Address 1 1 1 1 24 Area 0 0 0 0 MTU 1500 Process ID 0 Router ID 33 33 33 33 Network Type BROADCAST Cost 10 Transmit Delay is 1 sec State Waiting Priority 1 TE Metric 0 No designated router on this network No backup designated router on this network Timer intervals configured Hello 10 Dead ...

Page 560: ...ow ip ospf PROCESSID neighbor command Parameter Description PROCESSID 0 65535 The ID of the router process for which information will be displayed A B C D A B C D detail Neighbor ID all Include downstatus neighbor DETAIL detail all Detail of all neighbors INTERFACE Interface A B C D A B C D Address of the interface OSPF process 1 Neighbor ID Pri State Dead Time Address Interface 10 10 10 50 1 Full...

Page 561: ...or 00 53 07 Database Summary List 0 Link State Request List 0 Link State Retransmission List 0 Crypt Sequence Number is 0 Thread Inactivity Timer on Thread Database Description Retransmission off Thread Link State Request Retransmission off Thread Link State Update Retransmission on Neighbor 10 10 11 50 interface address 10 10 11 50 In the area 0 0 0 0 via interface VLAN2 Neighbor priority is 1 St...

Page 562: ... table use the command awplus show ip ospf route Parameter Description PROCESSID 0 65535 The ID of the router process for which information will be displayed If this parameter is included only the information for this specified routing process is displayed OSPF process 1 Codes C connected D Discard O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external...

Page 563: ...ameters and statistics use the command awplus show ip protocols Virtual Link VLINK0 to router 10 10 0 9 is up Transit area 0 0 0 1 via interface eth0 Transmit Delay is 1 sec State Point To Point Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 02 Adjacency state Full Virtual Link VLINK1 to router 10 10 0 123 is down Transit area 0 0 0 1 via interface Transmit Del...

Page 564: ...show memory ospf MTYPEs for OSPF Memory type Alloc cells OSPF structure 2 OSPF area 2 OSPF interface 2 OSPF neighbor 1 OSPF SPF vertex 4 OSPF SPF vertex nexthop 2 OSPF Nexthop 3 OSPF Route 3 OSPF Path 3 OSPF LSA 16 OSPF LSA data 14 OSPF Router LSA Map 2 OSPF Summary LSA Map 0 OSPF LSDB 8 OSPF LS request 0 OSPF Packet 3 OSPF FIFO Queue 2 OSPF Redistribute Info 1 OSPF Redistribute Map 1 OSPF Distanc...

Page 565: ...Redistributing routes from other protocols into OSPF requires the router to advertise each route individually in an external LSA Use the summary address command to advertise one summary route for all redistributed routes covered by a specified network address and mask This helps decrease the size of the OSPF link state database Examples The following example uses the summary address command to agg...

Page 566: ...onfigures the delay time between the receipt of a topology change and the calculation of the Shortest Path First SPF This command also configures the hold time between two consecutive SPF calculations Examples awplus configure terminal awplus config router ospf 100 awplus config router timers spf 7 12 Parameter Description spf_delay 0 2147483647 Specifies the delay between receiving changed routin...

Page 567: ...ers 31 14 bgp config type 31 15 bgp dampening 31 16 bgp default ipv4 unicast 31 17 bgp default local preference 31 18 bgp deterministic med 31 19 bgp enforce first as 31 20 bgp fast external failover 31 20 bgp graceful restart 31 21 bgp log neighbor changes 31 22 bgp memory maxallocation 31 23 bgp multiple instance 31 24 bgp rfc1771 path select 31 24 bgp rfc1771 strict 31 25 bgp router id 31 26 bg...

Page 568: ...or enforce multihop 31 64 neighbor filter list 31 65 neighbor interface 31 66 neighbor maximum prefix 31 67 neighbor next hop self 31 68 neighbor override capability 31 69 neighbor passive 31 70 neighbor peer group adding a neighbor 31 71 neighbor peer group creating a peer group 31 72 neighbor port 31 73 neighbor prefix list 31 74 neighbor remote as 31 75 neighbor remove private AS 31 76 neighbor...

Page 569: ...06 show ip bgp 31 107 show ip bgp attribute info 31 108 show ip bgp cidr only 31 109 show ip bgp community 31 110 show ip bgp community info 31 110 show ip bgp community list 31 111 show ip bgp dampening 31 112 show ip bgp filter list 31 113 show ip bgp inconsistent as 31 114 show ip bgp longer prefixes 31 114 show ip bgp neighbors 31 115 show ip bgp paths 31 116 show ip bgp prefix list 31 117 sho...

Page 570: ... the exit address family command to leave the address family mode and return to the Configure mode Syntax address family ipv4 multicast unicast Mode Router mode Examples Related Commands exit address family Parameter Description ipv4 Configures sessions for IPv4 prefixes multicast Specifies multicast prefixes unicast Specifies unicast prefixes awplus configure terminal awplus config router bgp 100...

Page 571: ... by listing the AS number only once even if it was included in multiple paths that were aggregated The as set parameter is useful when aggregation of information results in an incomplete path information In the following configuration Router1 has set the as set parameter When sending aggregate information to Router2 this indicates that 172 0 0 0 belongs to a set 100 and 200 Without the as set para...

Page 572: ...gp aggregate nexthop check This command enables the BGP option to perform aggregation only when next hop matches the specified IP address By default this is disabled The no form disable this function Syntax bgp aggregate nexthop check no bgp aggregate nexthop check Mode Configure mode Examples awplus configure terminal awplus config bgp aggregate nexthop check ...

Page 573: ...are med is enabled Route1 as path 400 med 300 Route2 as path 200 med 200 Route3 as path 400 med 250 Route1 is compared to Route2 Route2 is best of the two lower MED Next Route2 is compared to Route3 and Route2 is chosen best path again lower MED If always compare med was disabled MED is not taken into account when Route1 and Route2 are compared because of different ASs and MED is compared for only...

Page 574: ...pecifies that the AS confederation path length must be used when available in the BGP best path decision process It is effective only when bgp bestpath as path ignore command has not been specified By default BGP receives routes with identical eBGP paths from eBGP peers and selects the first route received as the best path The no form reverts the selection and ignore AS confederation path length i...

Page 575: ...similar routes are compared and the route with lowest router ID is selected The router id is the highest IP address on the router with preference given to loopback addresses You can set the router id manually by using the bgp router id command By default BGP receives routes with identical eBGP paths from eBGP peers and selects the first route received as the best path The no form disables this fun...

Page 576: ...1 and Route2 only Path1 32000 32004 med 4 Path2 32001 32004 med 2 Path3 32003 1 med 1 The missing as worst attribute to consider a missing MED attribute in a path as having a value of infinity making the path without a MED value the least desirable path If missing as worst is disabled the missing MED is assigned the value of 0 making the path with the missing MED attribute the best path By default...

Page 577: ...P speakers are not fully meshed If the clients are fully meshed the route reflector is not required use the no bgp client to client reflection command to disable the client to client route reflection When a router is configured as a route reflector client to client reflection is enabled by default The no form turns off client to client reflection Syntax bgp client to client reflection no bgp clien...

Page 578: ...ess when using the no form Syntax bgp cluster id ip address cluster id no bgp cluster id ip address Mode Router mode Examples To add a bgp cluster id apply the example commands as shown below To remove a bgp cluster id apply the example commands as shown below Related Commands bgp client to client reflection neighbor route reflector client show ip bgp Router1 config router bgp 200 Router1 config r...

Page 579: ...nfederation identifier 1 65535 no bgp confederation identifier 1 65535 Mode Router mode Usage Note that the no form of this command removes all BGP confederation identifiers Examples Related Commands bgp confederation peers Parameter Description 1 65535 Set routing domain confederation AS number awplus configure terminal awplus config router bgp 100 awplus config router bgp confederation identifie...

Page 580: ...hbor 5 5 5 4 has an eBGP connection to confederation 300 Router2 does not know about the ASs 100 and 200 it knows about only confederation 300 BGP confederation thus reduces the iBGP mesh inside an AS Router1 Router2 The no form removes an autonomous system from the confederation Syntax bgp confederation peers 1 65535 no bgp confederation peers 1 65535 Mode Router mode Examples Related Commands bg...

Page 581: ...ecifies the Industry standard style configuration After setting the configuration to standard make sure to use the neighbor send community command to send out BGP community attributes The no synchronization command is always shown in the configuration extended Specifies the extended style configuration The extended configuration type requires no specific configuration for sending out BGP standard ...

Page 582: ...e reuse suppress maxsuppress unreachtime no bgp dampening reachtime reuse suppress maxsuppress unreachtime bgp dampening routemap no bgp dampening routemap Parameter Description reachtime 1 45 Specifies the reachability half life time in minutes The time for the penalty to decrease to one half of its current value The default is 15 minutes reuse 1 20000 Specifies the reuse limit value When the pen...

Page 583: ...his affects the BGP global configuration This is enabled by default The no form disables this function The BGP routing process will no longer exchange IPv4 addressing information with BGP neighbor routers Syntax bgp default ipv4 unicast no bgp default ipv4 unicast Mode Router mode Examples awplus configure terminal awplus config router bgp 11 awplus config router bgp dampening 20 800 2500 80 25 aw...

Page 584: ...preference is preferred Use this command to define the preference of a particular path The preference is sent to all routers and access servers in the local autonomous system The no form reverts to the default setting Syntax bgp default local preference pref_value no bgp default local preference pref_value Mode Router mode Examples Parameter Description pref_value 0 4294967295 Configure default lo...

Page 585: ...mmand compares MED variable when choosing routes advertised by different peers in the same AS to compare MED when choosing routes from neighbors in different ASs use the bgp always compare med command When the bgp deterministic med command is enabled routes from the same AS are grouped together and the best routes of each group are compared If the BGP table showed Route1 as path 200 med 300 intern...

Page 586: ...omous System AS at the beginning of the AS_PATH in the received update must be denied Enabling this feature adds to the security of the BGP network by not allowing traffic from unauthorized systems Examples bgp fast external failover Use this command to reset a BGP session immediately if the interface used for BGP connection goes down Use the no parameter with this command to disable this feature ...

Page 587: ...ul restart neighbor waits to come back up after a restart This value is applied to all neighbors unless you explicitly override it by configuring the corresponding value on the neighbor The stalepath time parameter is used to set the maximum time to preserve stale paths from a gracefully restarted neighbor All stalepaths unless reinstated by the neighbor after a re establishment will be deleted at...

Page 588: ...he bgp log neighbor changes command To see bgp neighbor changes in the log you need to set the log level to informational using the log buffered level information command log buffered filter in10 Logging Commands A sample output of this log is Protocol Severity Events Message text A sample output of the log for an interface down event is BGP 5 ADJCHANGE neighbor 10 10 0 24 Down Interface flap The ...

Page 589: ...lf if it needs to The no bgp memory maxallocation command sets the maximum percentage of total memory that maybe allocated to the BGP routing process back to the default value which is 100 Syntax bgp memory maxallocation 1 100 no bgp memory maxallocation Mode Configure Mode Example To limit the maximum amount of memory BGP may allocate for its routing management to 65 of total RAM use the command ...

Page 590: ...tiple instance no bgp multiple instance Default No multiple instance support Mode Configure mode Example bgp rfc1771 path select Use this command to set RFC1771 compatible path selection mechanism Use the no parameter with this command to revert this setting Syntax bgp rfc1771 path select no bgp rfc1771 path select Default Industry standard compatible path selection mechanism Mode Configure mode E...

Page 591: ...re Reference C613 50003 00 REV E 31 25 bgp rfc1771 strict Use this command to set the Strict RFC1771 setting Use the no parameter with this command to revert this setting Syntax bgp rfc1771 strict no bgp rfc1771 strict Default Disabled Mode Configure mode Examples awplus configure terminal awplus config bgp rfc1771 strict ...

Page 592: ...If not the highest IP address is the router id Mode Router mode Usage Use bgp router id command to manually configure a fixed router ID as a BGP router identifier Examples To configure a router ID with an IP address for a BGP router identifier issue the commands listed below To disable the router ID for a BGP router identifier issue the commands listed below Parameter Description routerid A B C D ...

Page 593: ...on Syntax bgp scan time time no bgp scan time time Mode Router mode Usage Use this command to configure scanning intervals of BGP routers This interval is the period after which router checks the validity of the routes in its database To disable BGP scanning set the scan time interval to 0 seconds Examples Parameter Description time 0 60 Scanning interval in seconds The default scanning interval i...

Page 594: ...imum time starts from the instance the first neighbor attains established state after restart The restarting router prematurely terminates this timer when end of rib markers are received from all its graceful restart capable neighbors Example clear bgp Use this command to reset the BGP connection for all peers Syntax clear bgp in out soft Mode Privileged Exec mode Examples awplus configure termina...

Page 595: ...e cleared prefix filters Pushes out prefix list ORF and does inbound soft reconfiguration out Indicates that outgoing advertised routes will be cleared soft soft in out Indicates that both incoming and outgoing routes will be cleared awplus clear bgp 3 3 3 3 soft in prefix filter awplus clear bgp ipv6 2 2 2 2 out Parameter Description ASN 1 65535 The AS number for which all routes will be cleared ...

Page 596: ...incoming advertised routes will be cleared prefix filters Pushes out prefix list ORF and does inbound soft reconfiguration out Indicates that outgoing advertised routes will be cleared soft soft in out Indicates that both incoming and outgoing routes will be cleared awplus clear bgp external soft in awplus clear bgp external in prefix filter Parameter Description peer group clears all members of a...

Page 597: ... and outgoing routes will be cleared in Indicates that incoming advertised routes will be cleared out Indicates that outgoing advertised routes will be cleared awplus clear bgp view instance1 soft in Parameter Description clears all bgp peers ipv4 clears all IPv4 address family peers routes in out soft in in prefix filter in Indicates that incoming advertised routes will be cleared prefix filter P...

Page 598: ...he IPv4 address of the BGP route to be cleared ipv4 clears all IPv4 address family peers routes IN out soft in in prefix filter in Indicates that incoming advertised routes will be cleared prefix filter Pushes out prefix list ORF and does inbound soft reconfiguration out Indicates that outgoing advertised routes will be cleared soft soft in out Indicates that both incoming and outgoing routes will...

Page 599: ...C D M Mode Privileged Exec mode Examples Parameter Description A B C D Specifies the IPv4 address for which BGP dampening is to be cleared A B C D M Specifies the IPv4 address with mask for which BGP dampening is to be cleared ipv4 clears all IPv4 address family peers prefix unicast multicast unicast address family modifier multicast address family modifier awplus clear ip bgp dampening 10 10 0 12...

Page 600: ...1 65535 Specifies the AS Number for which all routes will be cleared ipv4 clears all IPv4 address family peers routes IN out soft in in prefix filter in Indicates that incoming advertised routes will be cleared prefix filter Pushes out prefix list ORF and does inbound soft reconfiguration out Indicates that outgoing advertised routes will be cleared soft soft in out Indicates that both incoming an...

Page 601: ...on external Clears all external peers ipv4 clears all IPv4 address family peers routes IN out soft in in prefix filter in Indicates that incoming advertised routes will be cleared prefix filter Pushes out prefix list ORF and does inbound soft reconfiguration out Indicates that outgoing advertised routes will be cleared soft soft in out Indicates that both incoming and outgoing routes will be clear...

Page 602: ...r group word Specifies the name of the peer group for which all members will be cleared ipv4 clears all IPv4 address family peers routes in out soft IN in prefix filter in Indicates that incoming advertised routes will be cleared prefix filter Pushes out prefix list ORF and does inbound soft reconfiguration out Indicates that outgoing advertised routes will be cleared soft soft in out Indicates th...

Page 603: ...Description view Specifies BGP view word Specifies the name of the view for which all routes will be cleared Clears all peers ipv4 clears all IPv4 address family peers routes IN out soft in in prefix filter in Indicates that incoming advertised routes will be cleared prefix filter Pushes out prefix list ORF and does inbound soft reconfiguration out Indicates that outgoing advertised routes will be...

Page 604: ...s nsm updates Mode Privileged Exec mode Usage This command without any parameters turns on normal bgp debug information Examples Parameter Description all Used with the no form exclusively turns off all debugging for BGP dampening Specifies debugging for BGP dampening events Specifies debugging for BGP events filters Specifies debugging for BGP filters fsm Specifies debugging for BGP Finite State ...

Page 605: ...nsistency in the routing table and obstruct routing Examples To set the administrative distance to 34 for the route 10 10 0 0 24 in BGP 100 and use the access list mylist to filter the routes use the commands awplus config router bgp 100 awplus config router distance 34 10 10 0 0 24 mylist Parameter Description 1 255 The administrative distance value you are setting for the route A B C D M The IP ...

Page 606: ...awplus config router distance bgp 34 23 15 exit address family Use this command to exit the address family mode Syntax exit address family Mode Address Family ipv4 unicast ipv4 multicast vpnv4 unicast mode Examples The following example shows the use of exit address family command and the change in the prompt after using this command Related Commands address family awplus configure terminal awplus...

Page 607: ...tname deny permit line Mode Configure mode Examples awplus configure terminal awplus config ip as path access list mylist deny 65535 Symbol Character Meaning Caret Used to match the beginning of the input string When used at the beginning of a string of characters it negates a pattern match Dollar sign Used to match the end of the input string Period Used to match a single character white spaces i...

Page 608: ...ines the community attributes in a specified format and not with regular expressions The expanded community list defines the communities attributes with regular expressions Examples Related Commands ip community list standard ip community list expanded Parameter Description listname Specifies the community listname deny Specifies the community to reject permit Specifies the community to accept com...

Page 609: ...omous systems It includes community values that are 32 bits long Symbol Character Meaning Caret Used to match the beginning of the input string When used at the beginning of a string of characters it negates a pattern match Dollar sign Used to match the end of the input string Period Used to match a single character white spaces included Asterix Used to match none or more sequences of a pattern Pl...

Page 610: ...d standard The standard community list defines the community attributes in a specified format and not with regular expressions The expanded community list defines the communities attributes with regular expressions Examples Related Commands ip community list ip community list standard awplus configure terminal awplus config ip community list 125 permit 6789906 awplus config ip community list expan...

Page 611: ...mmunities attributes with regular expressions Use the ip community list standard command to add a standard community list entry The standard community list is compiled into binary format and is directly compared with the BGP communities attribute in the BGP updates The comparison is faster than the expanded community list Any community value that does not match the standard community value is auto...

Page 612: ...ftware Reference C613 50003 00 REV E Software Version 5 2 1 Examples Related Commands ip community list ip extcommunity list expanded awplus configure terminal awplus config ip community list standard CLIST permit 7675 80 7675 90 no export awplus config ip community list 34 permit 5675 50 no advertise ...

Page 613: ... beginning of the input string When used at the beginning of a string of characters it negates a pattern match Dollar sign Used to match the end of the input string Period Used to match a single character white spaces included Asterix Used to match none or more sequences of a pattern Plus sign Used to match one or more sequences of a pattern Question mark Used to match none or one occurrence of a ...

Page 614: ...no ip extcommunity list standard standard_listname Mode Configure mode Examples Related Commands ip extcommunity list expanded show ip extcommunity list Parameter Description 1 99 Standard extcommunity list number standard standard standard_listname standard Specifies a standard extcommunity list standard_listname Standard extcommunity list name deny Specifies the extcommunity to reject permit Spe...

Page 615: ... to enable or disable the exchange of the specified AF information with a neighboring router To enable the exchange of multicast and VPNv4 address prefix types neighbors are activated using the neighbor activate command in address family mode Examples Related Commands neighbor remote as Parameter Description neighborid ipaddr TAG ipaddr Specifies the address of the BGP neighbor in IPv4 format TAG ...

Page 616: ...ping of routes to internet a minimum advertisement interval is set so that the BGP routing updates are sent only per interval seconds BGP dampening can also be used to control the effects of flapping routes Example Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer gr...

Page 617: ...ceives prefixes with ASNs from the CE router and re advertises them to all PE routers in the hub and spoke configuration Specify the remote as or peer group first using the related commands Mode Router mode and Address Family ipv4 unicast ipv4 multicast vpnv4 unicast mode Examples awplus configure terminal awplus config router bgp 10 awplus config router neighbor 10 10 0 1 allowas in 3 awplus conf...

Page 618: ...rval time neighbor neighbor_address as origination interval no neighbor neighbor_address as origination interval Default Disabled Mode Router mode and Address Family ipv4 unicast ipv4 multicast mode Usage This command is used to change the minimum interval between sending AS origination routing updates The interval can be from 1 to 600 seconds Examples Related Commands address family Parameter Des...

Page 619: ... Address Family ipv4 unicast ipv4 multicast vpnv4 unicast mode Example Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor command on page 31 71 and neighbor remote as command on page 31 75 When this parameter i...

Page 620: ...ge This command allows a BGP speaker to advertise or withdraw an address family capability to a peer in a non disruptive manner Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor command on page 31 71 ...

Page 621: ...amily when BGP restarts Use the neighbor capability graceful restart command to advertise to the neighbor routers the capability of graceful restart First specify neighbors remote as identification number assigned by the neighbor router The graceful restart capability is advertised only when the graceful restart capability has been enabled using the bgp graceful restart command Examples Related Co...

Page 622: ...e two routers exchange updates to maintain the ORF for each router Only an individual router or a peer group can be configured to be in receive or send mode A peer group member cannot be configured to be in receive or send mode Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on...

Page 623: ...eer about route refresh capability support If route refresh capability is supported then router can dynamically request that the peer readvertises its Adj RIB Out Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group addin...

Page 624: ...This command must be used only when specially required It is not required in most network deployments The associated functionality of including an established neighbor into TCP connection collision conflict resolution is automatically enabled when neighbor is configured for BGP graceful restart Example Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor i...

Page 625: ...e The neighbor default originate command can be used with standard or extended access lists Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor command on page 31 71 and neighbor remote as command on pa...

Page 626: ...er mode Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor command on page 31 71 and neighbor remote as command on page 31 75 When this parameter is used with a command the command applies on all peers...

Page 627: ... Use one of the following formats A B C D The address of an IPv4 BGP neighbor in dotted decimal notation TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor and neighbor remote as commands When this parameter is used with a command the command applies on all peers in the specified group access list The specific access l...

Page 628: ...able capability negotiation Syntax neighbor neighborid dont capability negotiate no neighbor neighborid dont capability negotiate Mode Router mode Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor com...

Page 629: ...ebgp multihop count Mode Router mode Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor command on page 31 71 and neighbor remote as command on page 31 75 When this parameter is used with a command the...

Page 630: ...rce multihop Mode Router mode Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor command on page 31 71 and neighbor remote as command on page 31 75 When this parameter is used with a command the comman...

Page 631: ...vpnv4 unicast mode Examples Parameter Description neighborid Identification method for the BGP peer Use one of the following formats A B C D The address of an IPv4 BGP neighbor in dotted decimal notation TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor and neighbor remote as commands When this parameter is used with ...

Page 632: ...rface name of a BGP speaking neighbor Syntax neighbor ipaddr interface ifname no neighbor ipaddr interface ifname Mode Router mode Examples Parameter Description ipaddr Specifies the IPv4 address of the BGP neighbor entered in dotted decimal notation ifname Specifies the interface name of BGP neighbor awplus configure terminal awplus config router bgp 10 awplus config router neighbor 10 10 0 72 in...

Page 633: ...any extra prefixes are received the router ends the peering A terminated peer stays down until the clear ip bgp command is used Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor command on page 31 71 ...

Page 634: ...to change the nexthop information that is sent to the iBGP peer The nexthop information is set to the IP address of the interface used to communicate with the neighbor Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group ...

Page 635: ...ighborid override capability Mode Router mode Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor command on page 31 71 and neighbor remote as command on page 31 75 When this parameter is used with a co...

Page 636: ... inbound connections Use the no parameter with this command to disable this function Syntax neighbor neighborid passive no neighbor neighborid passive Mode Router mode Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group ...

Page 637: ...s are grouped into peer groups This facilitates the updates of various policies such as distribute and filter lists The peer group is then configured easily with any of the neighbor commands Any changes made to the peer group affect all members To create a peer group use the neighbor peer group create command and then use this command to add neighbors to the group Example This example shows a new ...

Page 638: ...roup Mode Router mode and Address Family ipv4 unicast ipv4 multicast mode Usage Neighbors with the same update policies are grouped into peer groups This facilitates the updates of various policies such as distribute and filter lists The peer group is then configured easily with any of the neighbor commands Any changes made to the peer group affect all members Use this command to create a peer gro...

Page 639: ...s Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor command on page 31 71 and neighbor remote as command on page 31 75 When this parameter is used with a command the command applies on all peers in the specifi...

Page 640: ...e search at the top of the prefix list with the sequence number 1 Once a match or deny occurs the router does not need to go through the rest of the prefix list For efficiency the most common matches or denies are listed at the top The neighbor distribute list command is an alternative to the neighbor prefix list command and only one of them can be used for filtering to the same neighbor in any di...

Page 641: ...eter with this command to remove a previously configured BGP TCP session Example To configure a BGP TCP session with another router To remove a configured BGP TCP session from another router Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighb...

Page 642: ...e not advertised to the Internet This command is used with external BGP peers only The router removes the AS numbers only if the update includes private AS numbers If the update includes both private and public AS numbers the system treats it as an error Example Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing pee...

Page 643: ...start time value is the maximum time that a graceful restart neighbor waits to come back up after a restart The default value is 120 seconds Make sure that the restart time specified using this command does not exceed the stalepath time specified in the Router mode Example Related Commands bgp graceful restart Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP ne...

Page 644: ...iguration of the route map name rmap2 and then the use of this map name in the neighbor route map command Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor command on page 31 71 and neighbor remote as command ...

Page 645: ...te reflector and specify neighbors as its client An AS can have more than one route reflector One route reflector treats the other route reflector as another iBGP speaker In the following configuration Router1 is the route reflector for clients 3 3 3 3 and 2 2 2 2 it also has a non client peer 6 6 6 6 Router1 router bgp 200 neighbor 3 3 3 3 remote as 200 neighbor 3 3 3 3 route reflector client nei...

Page 646: ... Router mode and Address Family ipv4 unicast ipv4 multicast vpnv4 unicast mode Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor command on page 31 71 and neighbor remote as command on page 31 75 When...

Page 647: ...ceiving community attributes the router reannounces them to the neighbor Only when the no parameter is used with this command the community attributes are not reannounced to the neighbor By default both standard and extended community attributes are sent to a neighbor To explicitly send only the standard or extended community attribute run the bgp config type command with the standard parameter be...

Page 648: ...ny active session for the specified neighbor and clears all related routing data Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor command on page 31 71 and neighbor remote as command on page 31 75 Wh...

Page 649: ...e refresh capability Using this command enables local storage of all the received routes and their attributes This requires additional memory When a soft reset inbound is done on this neighbor the locally stored routes are re processed according to the inbound policy The BGP neighbor connection is not affected Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of t...

Page 650: ...y match no neighbor neighborid strict capability match Mode Router mode Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor command on page 31 71 and neighbor remote as command on page 31 75 When this p...

Page 651: ...for this period it declares the neighbor dead Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor command on page 31 71 and neighbor remote as command on page 31 75 When this parameter is used with a co...

Page 652: ...nformation on how to create peer groups refer to the neighbor peer group adding a neighbor command on page 31 71 and neighbor remote as command on page 31 75 When this parameter is used with a command the command applies on all peers in the specified group awplus configure terminal awplus config router bgp 12 awplus config router neighbor 10 10 10 10 transparent as Parameter Description neighborid...

Page 653: ...he aggregate are suppressed to all neighbors Use the unsuppress map command to selectively leak more specific routes to a particular neighbor Example Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neighbor command o...

Page 654: ...e is the interface that is most commonly used with this command The use of loopback interface eliminates a dependency and BGP does not have to rely on the availability of a particular interface for making TCP connections Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to...

Page 655: ... version 2 Using this command disables the router s version negotiation capability and forces the router to use only a specified version with the neighbor Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups refer to the neighbor peer group adding a neig...

Page 656: ...k Unlike the local preference attribute the weight attribute is relevant only to the local router The weights assigned using the set weight command overrides the weights assigned using this command Examples Parameter Description neighborid A B C D TAG A B C D Specifies the address of the BGP neighbor in IPv4 format TAG Name of an existing peer group For information on how to create peer groups ref...

Page 657: ... and Address Family ipv4 unicast ipv4 multicast mode Examples The following example illustrates a Class A address configured as a network route The natural Class A network prefix mask length of 8 will be internally derived that is 2 0 0 0 8 router bgp 1 no synchronization network 1 0 0 0 The following example illustrates a network address which does not fall into its natural class boundary and hen...

Page 658: ...x network synchronization no network synchronization Default Network synchronization is disabled by default Mode Router mode and Address Family ipv4 unicast ipv4 multicast vpnv4 unicast mode Examples The following example enables IGP synchronization of BGP static network routes in the router configuration mode The following example enables IGP synchronization of BGP static network routes in the IP...

Page 659: ...ter should not advertise routes learned from iBGP neighbors unless those routes are also present in an IGP for example OSPF Synchronization may be enabled when all the routers in an autonomous system do not speak BGP and the autonomous system is a transit for other autonomous systems The no synchronization command is used when BGP router can advertise routes learned from its iBGP neighbors without...

Page 660: ...nly routes to be advertised reach the internet not everything This command allows redistribution by injecting prefixes from one routing protocol into another routing protocol Examples The following example shows the configuration of the route map name rmap1 and then the use of this map name in the redistribute route map command Parameter Description connected Specifies the redistribution of connec...

Page 661: ...ole BGP process and makes AlliedWare PlusTM retain the BGP routes and mark them as stale Receiving BGP speakers retain and mark as stale all BGP routes received from the restarting speaker for all the address families received in the Graceful Restart Capability exchange When a restart bgp graceful command is issued the BGP configuration is reloaded from the last saved configuration Ensure you firs...

Page 662: ...ing process Syntax router bgp ASN no router bgp ASN Mode Configure mode Usage The router bgp command enables a BGP routing process so you can setup a route server router bgp 1 neighbor 10 0 0 1 remote as 2 neighbor 10 0 0 2 remote as 3 router bgp 2 neighbor 10 0 0 3 remote as 4 neighbor 10 0 0 4 remote as 5 Examples Related Commands router bgp view Parameter Description ASN 1 65525 Specifies the A...

Page 663: ...fore applying router bgp view so you can setup a route server router bgp 1 view 1 neighbor 10 0 0 1 remote as 2 neighbor 10 0 0 2 remote as 3 router bgp 2 view 2 neighbor 10 0 0 3 remote as 4 neighbor 10 0 0 4 remote as 5 If you have enabled bgp with the router bgp command you must disable bgp with the no router bgp command before you can specify bgp multiple instance Examples Related Commands bgp...

Page 664: ...B C D M Specifies the address and subnet prefix unicast multicast unicast Specifies a unicast address family Unicast is the default option multicast Specifies a multicast address family awplus show bgp multicast 192 168 10 0 8 Parameter Description type AA NN local AS no advertise no export AA NN Specifies a valid value for a community number local AS Do not send outside local AS well known commun...

Page 665: ... dampening to maintain dampened path information in memory Examples Parameter Description listname Specifies the community list name exact match Displays only routes that have exactly the same specified communities prefix unicast multicast unicast Specifies a unicast address family Unicast is the default option multicast Specifies a multicast address family awplus show bgp community list mylist ex...

Page 666: ... display routes with inconsistent AS Paths Syntax show bgp inconsistent as show bgp prefix inconsistent as Mode Privileged Exec mode and Exec mode Examples Parameter Description listname Specifies the regular expression access list name prefix unicast multicast unicast Specifies a unicast address family Unicast is the default option multicast Specifies a multicast address family awplus show bgp fi...

Page 667: ...shed up for 00 02 01 Last read 00 00 01 hold time is 180 keepalive interval is 60 seconds Received 3 messages 0 notifications 0 in queue Sent 5 messages 0 notifications 0 in queue Route refresh request received 0 sent 0 Minimum time between advertisement runs is 5 seconds Connections established 1 dropped 0 Nexthop 10 10 10 10 BGP connection shared network Read thread on Write thread off Examples ...

Page 668: ...or its routing management use the command show bgp paths Use this command to display BGP path information Syntax show bgp paths show bgp prefix paths Mode Privileged Exec mode and Exec mode Example Parameter Description show Show running system information bgp Border Gateway Protocol BGP memory Memory information maxallocation Maximum percentage of RAM allocated to daemons awplus show bgp memory m...

Page 669: ...matching the AS path regular expression in quotes Syntax show bgp quote regexp word show bgp prefix quote regexp word Mode Privileged Exec mode and Exec mode Example Parameter Description list Specifies the name of the IP prefix list prefix unicast multicast unicast Specifies a unicast address family Unicast is the default option multicast Specifies a multicast address family Parameter Description...

Page 670: ...route map Syntax show bgp route map route map show bgp prefix route map route map Mode Privileged Exec mode and Exec mode Example Parameter Description expression Specifies a regular expression to match the BGP AS paths prefix unicast multicast unicast Specifies a unicast address family Unicast is the default option multicast Specifies a multicast address family awplus show bgp regexp myexpression...

Page 671: ...how bgp summary Use this command to display a summary of BGP neighbor status Syntax show bgp summary show bgp prefix summary Mode Privileged Exec mode and Exec mode Examples Parameter Description prefix unicast multicast unicast Specifies a unicast address family Unicast is the default option multicast Specifies a multicast address family awplus show bgp summary ...

Page 672: ...tion set To modify the lines displayed use the output modifier token to save the output to a file use the output redirection token Syntax show debugging bgp Mode Privileged Exec mode Usage This is a sample output from the show debugging bgp command BGP debugging status BGP debugging is on BGP events debugging is on BGP updates debugging is on BGP fsm debugging is on Examples awplus show debugging ...

Page 673: ...GP e EGP incomplete Network Next Hop Metric LocPrf Weight Path S i10 70 0 0 24 192 10 23 67 0 100 0 S i30 30 30 30 32 192 10 23 67 0 100 0 S i63 63 63 1 32 192 10 23 67 0 100 0 S i67 67 67 67 32 192 10 23 67 0 100 0 S i172 22 10 0 24 192 10 23 67 0 100 0 S i192 10 21 0 192 10 23 67 0 100 0 S i192 10 23 0 192 10 23 67 0 100 0 Total number of prefixes 7 Examples Parameter Description ipaddr ipaddr m...

Page 674: ...s command to show internal attribute hash information Syntax show ip bgp attribute info Mode Privileged Exec mode and Exec mode Usage This is a sample output from the show ip bgp attribute info command displaying internal attribute information attr 1 nexthop 0 0 0 0 attr 1 nexthop 10 10 10 10 attr 1 nexthop 10 10 10 50 Examples awplus show ip bgp attribute info awplus show ip bgp attribute info ...

Page 675: ...ample output from the show ip bgp cidr only command BGP table version is 0 local router ID is 10 10 10 50 Status codes s suppressed d damped h history p stale valid best i internal Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 3 3 3 0 24 10 10 10 10 0 11 i 6 6 6 0 24 0 0 0 0 32768 i Total number of prefixes 2 Examples Parameter Description ipv4 Specifies the addres...

Page 676: ... the output redirection token Syntax show ip bgp community info Mode Privileged Exec mode and Exec mode Examples Parameter Description type AA NN local AS no advertise no export AA NN Specifies a valid value for a community number local AS Do not send outside local AS well known community no advertise Do not advertise to any peer well known community no export Do not export to next AS well known c...

Page 677: ...atch show ip bgp ipv4 prefix community list listname exact match Mode Privileged Exec mode and Exec mode Examples Parameter Description listname Specifies the community list name exact match Displays only routes that have exactly the same specified communities ipv4 Specifies the address family The type of address family determines the routing table that is displayed prefix multicast unicast unicas...

Page 678: ...0 min Un reachability Half Life time 15 min Max penalty ceil 11999 Min penalty floor 375 The following sample output is showing that the internal route i has flapped 3 times and is now categorized as history h awplus show ip bgp dampening flap statistics BGP table version is 1 local router ID is 30 30 30 77 Status codes s suppressed d damped h history valid best i internal S Stale Origin codes i I...

Page 679: ...umber of prefixes 1 Examples show ip bgp filter list Use this command to display routes conforming to the filter list Syntax show ip bgp filter list listname show ip bgp ipv4 prefix filter list listname Mode Privileged Exec mode and Exec mode Examples awplus show ip bgp dampening dampened paths Parameter Description listname Specifies the regular expression access list name ipv4 Specifies the addr...

Page 680: ...efixes show ip bgp ipv4 prefix A B C D M longer prefixes Mode Privileged Exec mode and Exec mode Examples Parameter Description ipv4 Specifies the address family The type of address family determines the routing table that is displayed prefix multicast unicast unicast Specifies a IPv4 unicast address family This is the default option multicast Specifies a IPv4 multicast address family awplus show ...

Page 681: ...eceived old and new Address family IPv4 Unicast advertised and received Received 3 messages 0 notifications 0 in queue Sent 3 messages 0 notifications 0 in queue Route refresh request received 0 sent 0 Minimum time between advertisement runs is 5 seconds For address family IPv4 Unicast BGP table version 1 neighbor version 1 Index 1 Offset 0 Mask 0x2 AF dependant capabilities Parameter Description ...

Page 682: ...al 1111 80 Nexthop local fe80 203 47ff fe97 bb79 BGP connection non shared network Examples show ip bgp paths Use this command to display BGP path information Syntax show ip bgp paths show ip bgp ipv4 prefix paths Mode Privileged Exec mode and Exec mode Examples awplus show ip bgp neighbors 1 2 3 4 received routes awplus show ip bgp ipv4 unicast neighbors 7 67 7 0 received prefix filter Parameter ...

Page 683: ...escription list Specifies the name of the IP prefix list ipv4 Specifies the address family The type of address family determines the routing table that is displayed prefix multicast unicast unicast Specifies a IPv4 unicast address family This is the default option multicast Specifies a IPv4 multicast address family awplus show ip bgp prefix list mylist Parameter Description regexp Displays routes ...

Page 684: ...d to display BGP scan status Syntax show ip bgp scan Mode Privileged Exec mode and Exec mode Usage BGP scan is running BGP scan interval is 60 BGP instance AS is 11 DEFAULT Current BGP nexthop cache BGP connected route 10 10 10 0 24 10 10 11 0 24 Examples Parameter Description route map Specifies a route map that is matched ipv4 Specifies the address family The type of address family determines th...

Page 685: ...gp summary BGP router identifier 10 10 15 50 local AS number 65000 1 BGP AS PATH entries 0 BGP community entries Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up Down State PfxRcd 10 10 9 50 4 65000 460 595 0 0 0 00 17 48 3 10 10 14 51 4 100 93 1200 0 0 00 42 16 Total number of neighbors 2 Examples Parameter Description ipv4 Specifies the address family The type of address family determines the ro...

Page 686: ...outer ID is 10 10 10 50 Status codes s suppressed d damped h history p stale valid best i internal Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path i100 156 70 0 24 10 10 10 52 0 0 i i100 156 71 0 24 10 10 10 52 0 0 i i100 156 72 0 24 10 10 10 52 0 0 i i100 156 73 0 24 10 10 10 52 0 0 i i100 156 74 0 24 10 10 10 52 0 0 i Total number of prefixes 5 Examples Related Com...

Page 687: ...ies Route refresh advertised Address family IPv4 Unicast advertised Received 8 messages 0 notifications 0 in queue Sent 8 messages 0 notifications 0 in queue Route refresh request received 0 sent 0 Minimum time between advertisement runs is 5 seconds For address family IPv4 Unicast Community attribute sent to this neighbor both 5 accepted prefixes 0 announced prefixes Connections established 1 dro...

Page 688: ...ode Usage The following example shows the summary data of instance named I2 awplus show ip bgp view I2 summary BGP router identifier 10 10 10 50 local AS number 10 1 BGP AS PATH entries 0 BGP community entries Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up Down State PfxRcd 10 10 10 52 4 10 1 2 0 0 0 00 00 07 5 Total number of neighbors 1 Examples Related Commands show ip bgp neighbors Parameter...

Page 689: ...eged Exec mode and Exec mode Examples show ip extcommunity list Use this command to display a configured extcommunity list Syntax show ip extcommunity list 1 199 WORD Mode Exec mode and Privileged Exec mode Examples Parameter Description listnumber Specifies the community list number in the range 1 199 as specified by a previously issued ip community list command listname Specifies the community l...

Page 690: ...o reset timers to default value Syntax timers bgp keep_alive hold_time no timers bgp Mode Router mode Usage This command is used globally to set or unset the keepalive and holdtime values for all the neighbors Examples awplus show ip protocols Parameter Description keep_alive 0 65535 The frequency with which the keepalive messages are sent to the neighbors The default value is 60 seconds hold_time...

Page 691: ...s fsm keepalives nsm updates undebug all bgp Mode Privileged Exec mode Examples Parameter Description all Disable all debugging for BGP dampening Disable debugging for BGP dampening events Disable debugging for BGP events filters Disable debugging for BGP filters fsm Disable debugging for BGP Finite State Machine FSM keepalives Disable debugging for BGP keepalives nsm Disable debugging for NSM mes...

Page 692: ...BGP Commands 2008 Allied Telesis Inc All rights reserved 31 126 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 693: ...oduction 32 2 match as path 32 2 match community 32 3 match interface 32 4 match ip address 32 5 match ip next hop 32 7 match metric 32 9 match origin 32 10 match route type 32 11 match tag 32 12 route map 32 13 set aggregator 32 15 set as path 32 16 set atomic aggregate 32 17 set comm list delete 32 18 set community 32 19 set dampening 32 21 set extcommunity 32 23 set ip next hop 32 24 set metric...

Page 694: ...ss list Each entry of a route map can only match against one AS path access list in one AS path match clause If the route map entry already has an AS path match clause entering this command replaces that match clause with the new clause Note that AS path access lists and route map entries both specify an action of deny or permit The action in the AS path access list determines whether the route ma...

Page 695: ...e that community lists and route map entries both specify an action of deny or permit The action in the community list determines whether the route map checks update messages for a given community value The route map action and its set clauses determine what the route map does with update messages that contain that community value Use the no parameter to remove the community match clause from a ro...

Page 696: ...at this clause only determines whether the route map checks routes for the given interface The route map action and its set clauses determine what the route map does with routes that use that interface Use the no parameter to remove the interface match clause from the route map entry Syntax match interface interface no match interface Mode Route map mode Usage This command is valid for RIP and OSP...

Page 697: ...messages and routes for a given prefix The route map action and its set clauses determine what the route map does with routes that contain that prefix Use the no parameter to remove the IP address match clause from a route map entry To remove a prefix list based match clause you must also specify the prefix list parameter Syntax match ip address accesslistID prefix list prefix_listname no match ip...

Page 698: ...c All rights reserved 32 6 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 Related Commands access list extended access list standard ip prefix list route map show ip access list show route map ...

Page 699: ...ermit The action in the access list or prefix list determines whether the route map checks update messages and routes for a given next hop value The route map action and its set clauses determine what the route map does with update messages and routes that contain that next hop Use the no parameter to remove the next hop match clause from a route map entry To remove a prefix list based match claus...

Page 700: ...d entry 3 to the route map called mymap which will process routes whose next hop matches the prefix list called list1 use the commands awplus config route map mymap permit 3 awplus config route map match ip next hop prefix list list1 Related Commands access list extended access list standard ip prefix list route map show ip access list show ip prefix list show route map ...

Page 701: ...is command replaces that match clause with the new clause Note that this clause only determines whether the route map checks routes for the given metric value The route map action and its set clauses determine what the route map does with routes that have that metric Use the no parameter to remove the metric match clause from the route map entry Syntax match metric metric no match metric Mode Rout...

Page 702: ...y determines whether the route map checks update messages for the given origin value The route map action and its set clauses determine what the route map does with update messages that have that origin Use the no parameter to remove the origin match clause from the route map entry Syntax match origin egp igp incomplete no match origin Mode Route map mode Usage This command is valid for BGP update...

Page 703: ...that this clause only determines whether the route map checks OSPF routes for the given route type value The route map action and its set clauses determine what the route map does with routes of that type Use the no parameter to remove the route type match clause from the route map entry Syntax match route type external type 1 type 2 no match route type external Mode Route map mode Usage This comm...

Page 704: ... entering this command replaces that match clause with the new clause Note that this clause only determines whether the route map checks OSPF routes for the given tag value The route map action and its set clauses determine what the route map does with routes that have that tag Use the no parameter to remove the tag match clause from the route map entry Syntax match tag 0 4294967295 no match tag M...

Page 705: ...age Route maps allow you to control and modify routing information by filtering routes and setting route attributes You can apply route maps when the device processes BGP update messages that it has received from a peer prepares BGP update messages to send to peers redistributes routes from one routing protocol into another redistributes static routes into routing protocols uses BGP route flap dam...

Page 706: ...h an entry that has an action of permit and no match clause Examples To enter route map mode for entry 1 of the route map called route1 and then add a match and set clause to it use the commands awplus configure terminal awplus config route map route1 permit 1 awplus config route map match as path 60 awplus config route map set weight 70 Note how the prompt changes when you go into route map confi...

Page 707: ...the device that performed the aggregation Use the no parameter to remove the set clause Syntax set aggregator as ASNUM IPADDRESS no set aggregator as Mode Route map mode Usage This command is valid for BGP update messages only Examples To use entry 3 of the route map called myroute to set the aggregator attribute to 43 10 10 0 3 in matching update messages use the commands awplus config route map ...

Page 708: ...onomous systems each autonomous system adds its ASN to the beginning of the list This means that the AS path attribute can be used to make routing decisions Use the no parameter to remove the set clause Syntax set as path prepend 1 65535 1 65535 no set as path prepend Mode Route map mode Usage This command is valid for BGP update messages only Examples To use entry 3 of the route map called myrout...

Page 709: ...map entry the device adds the atomic aggregate attribute to the update Use the no parameter to remove the set clause Syntax set atomic aggregate no set atomic aggregate Mode Route map mode Usage This command is valid for BGP update messages only Examples To use entry 3 of the route map called rmap1 to add the atomic aggregator attribute to matching update messages use the commands awplus config ro...

Page 710: ...unities from the update s comm unity attribute Use the no parameter to stop deleting the communities Syntax set comm list 1 199 100 199 WORD delete no set comm list 1 199 100 199 WORD delete Mode Route map mode Usage This command is valid for BGP update messages only Examples To use entry 3 of the route map called myroute to delete the communities in community list 34 from matching update messages...

Page 711: ...tching routes into the no advertise community use the commands awplus config route map rmap1 permit 3 awplus config route map set community no advertise Parameter Description AA NN The number of the community in AA NN format AA and NN are both integers from 0 to 65534 AA is the AS number NN is a value chosen by the ASN administrator local as The community of routes that must not be advertised to e...

Page 712: ...ftware Version 5 2 1 To use entry 3 of the route map called rmap1 to put matching routes into several communities use the commands awplus config route map rmap1 permit 3 awplus config route map set community 10 01 23 34 12 14 no export Related Commands match community route map set aggregator set comm list delete set extcommunity show route map ...

Page 713: ...ble The instability penalty is called the Figure of Merit FoM For example if reachtime is 15 the FoM of a stable route halves over a 15 minute period quarters over a 30 minute period and so on The default is 15 minutes REUSE 1 20000 The value that the instability penalty FoM must reach for the device to use a suppressed route again Once a route is suppressed it remains suppressed until its FoM fal...

Page 714: ...613 50003 00 REV E Software Version 5 2 1 Example To use entry 24 of the route map called R1 to enable dampening of matching routes and set the dampening parameters use the commands awplus config route map R1 permit 24 awplus config route map set dampening 20 333 534 30 Related Commands bgp dampening route map show route map ...

Page 715: ...community attribute to 06 01 use the commands awplus config route map rmap1 permit 3 awplus config route map set extcommunity rt 06 01 To instead specify the extended community number in dotted decimal notation use the command awplus config route map set extcommunity rt 0 0 0 6 01 To use entry 3 of the route map called rmap1 to set the site of origin extended community attribute to 06 01 use the c...

Page 716: ...to the specified IP address Use the no parameter to remove the set clause Syntax set ip next hop A B C D no set ip next hop Mode Route map mode Usage This command is valid for BGP update messages and OSPF and RIP routes Examples To use entry 3 of the route map called mymap to give matching routes a next hop of 10 10 0 67 use the commands awplus config route map mymap permit 3 awplus config route m...

Page 717: ...ues in update messages from peers in different ASes also enter the command bgp always compare med The device always compares MED values in update messages from peers in the same AS This command is valid for BGP update messages and OSPF and RIP routes Examples To use entry 3 of the route map called rmap1 to give matching routes a metric of 600 use the commands awplus config route map rmap1 permit 3...

Page 718: ...Route map mode Usage Note The set metric type internal external command is valid for IS IS only This command is valid for OSPF routes only Examples To use entry 3 of the route map called rmap1 to redistribute matching routes into OSPF as type 1 external routes use the commands awplus config route map rmap1 permit 3 awplus config route map set metric type 1 Related Commands default information orig...

Page 719: ... remove the set clause Syntax set origin egp igp incomplete no set origin Mode Route map mode Usage This command is valid for BGP update messages only Examples To use entry 3 of the route map called rmap1 to give matching update messages an origin of egp use the commands awplus config route map rmap1 permit 3 awplus config route map set origin egp Related Commands match origin route map show route...

Page 720: ... update message matches the route map entry the device sets its originator ID attribute to the specified value Use the no parameter to remove the set clause Syntax set originator id ip_address no set originator id Mode Route map mode Usage This command is valid for BGP update messages only Examples To use entry 3 of the route map called rmap1 to give matching update messages an originator ID of 1 ...

Page 721: ...he route into OSPF Use the no parameter to remove the set clause Syntax set tag tag_value no set tag Mode Route map mode Usage This command is valid only when redistributing routes into OSPF Examples To use entry 3 of the route map called rmap1 to tag matching routes with the number 6 use the commands awplus config route map rmap1 permit 3 awplus config route map set tag 6 Related Commands default...

Page 722: ...tes with a common destination the device uses the route with the highest weight value When a route matches the route map entry the device sets its weight to the specified value Use the no parameter to remove the set clause Syntax set weight weight no set weight Mode Route map mode Usage This command is valid for BGP routes only Examples To use entry 3 of the route map called rmap1 to give matching...

Page 723: ...Exec and Privileged Exec mode Output Figure 32 1 Example output from the show route map command Examples To display information about the route map named example map use the command awplus show route map example map Related Commands route map Parameter Description map_name A name to identify the route map route map example map permit sequence 1 Match clauses ip address prefix list example pref Set...

Page 724: ...Route Map Commands 2008 Allied Telesis Inc All rights reserved 32 32 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 725: ...ence This part includes the following chapters Chapter 33 IGMP Snooping Configuration Chapter 34 IGMP Multicast Commands Chapter 35 Common Multicast Commands Chapter 36 PIM SM Configuration Chapter 37 PIM SM Commands ...

Page 726: ......

Page 727: ...TM Operating System Software Reference C613 50003 00 REV E 33 1 2008 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 33 1 33 IGMP Snooping Configuration Introduction 33 2 Configuring Switch 1 33 3 ...

Page 728: ...e same multicast group To enable IGMP Snooping on an interface Enable IGMP Snooping globally if necessary Statically configure ports that are connected to routers if necessary By default IGMP report suppression is enabled on the switch As a result of this configuration The switch replies back with Membership report messages in response to queries received on interface port1 0 12 Because Host A and...

Page 729: ... the following command only if you have previously disabled it awplus config ip igmp snooping 3 Specify the interface you are configuring Specify the interface vlan1 you are configuring and enter the Interface mode Use the command awplus config interface vlan1 4 Configure the multicast router port Configure port1 0 12 as a multicast router port Use the command awplus config if ip igmp snooping mro...

Page 730: ...IGMP Snooping Configuration 2008 Allied Telesis Inc All rights reserved 33 4 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 731: ...unt 34 7 ip igmp last member query interval 34 8 ip igmp limit 34 9 ip igmp mroute proxy 34 10 ip igmp proxy service 34 11 ip igmp querier timeout 34 12 ip igmp query interval 34 13 ip igmp query max response time 34 14 ip igmp robustness variable 34 14 ip igmp snooping 34 15 ip igmp snooping fast leave 34 15 ip igmp snooping mrouter 34 16 ip igmp snooping querier 34 17 ip igmp snooping report sup...

Page 732: ... Protocol IGMP module includes the IGMP Proxy service and IGMP Snooping functionality Some of the following commands may have commonalities and restrictions these are described under the Usage section for each command clear ip igmp Use this command to clear all IGMP group membership records on all interfaces Syntax clear ip igmp Mode Privileged Exec mode Usage This command applies to interfaces co...

Page 733: ...ed Commands clear ip igmp clear ip igmp interface clear ip igmp interface Use this command to clear IGMP group membership records on a particular interface Syntax clear ip igmp interface interface Mode Privileged Exec mode Usage This command applies to interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example Related Commands clear ip igmp clear ip igmp group Parameter Description Clears ...

Page 734: ...Proxy Example ip igmp Use this command to enable IGMP on an interface The command configures the device as an IGMP querier Use the no parameter with this command to return all IGMP related configuration to the default on this interface Syntax ip igmp no ip igmp Mode Interface mode Default Disabled Usage This command will have no effect on IGMP Proxy or IGMP Snooping configuration Example Parameter...

Page 735: ...for IGMP IGMP Snooping or IGMP Proxy By default there are no access lists configured on any interface The no form disables the access control filtering on the interface Syntax ip igmp access group 1 99 word no ip igmp access group Mode Interface mode Examples In the following example hosts serviced by VLAN1 can only join the group 225 2 2 2 Parameter Description 1 99 Standard IP access list number...

Page 736: ...ies to interfaces configured for IGMP IGMP Snooping or IGMP Proxy Examples The following example shows how to enable the immediate leave feature on an interface for a specific range of multicast groups Related Commands ip igmp last member query interval Parameter Description accesslist 1 99 1300 1999 word Standard access list name or number that defines multicast groups in which the immediate leav...

Page 737: ...t member query count value To return to the default value on an interface use the no parameter with this command Syntax ip igmp last member query count 2 7 no ip igmp last member query count Mode Interface mode Default The default last member query count value is 2 Example Parameter Description 2 7 last member query count value awplusconfigure terminal awplus config interface vlan1 awplus config i...

Page 738: ... use the no parameter with this command Syntax ip igmp last member query interval interval no ip igmp last member query interval Mode Interface mode Default 1000 milliseconds Examples The following example changes the IGMP group specific host query message interval to 2 seconds Related Commands ip igmp immediate leave Parameter Description interval 1000 25500 Frequency in milliseconds at which IGM...

Page 739: ...rameter with this command to unset the limit and any specified exception access list Syntax ip igmp limit limitvalue except accesslist no ip igmp limit Mode Global Config mode and Interface mode Usage This command applies to interfaces configured for IGMP IGMP Snooping or IGMP Proxy Examples The following example configures an IGMP limit of 100 group membership entries across all interfaces on whi...

Page 740: ...u must also enable the IGMP proxy service on the upstream interface using the ip igmp proxy service command You can associate one or more downstream mroute proxy interfaces on the device with a single upstream proxy service interface This downstream mroute proxy interface listens for IGMP reports and forwards them to the upstream IGMP proxy service interface IGMP Proxy does not work with other mul...

Page 741: ...tion of the interface as an upstream proxy service interface Syntax ip igmp proxy service no ip igmp proxy service Mode Interface mode Usage This command is used with the ip igmp mroute proxy command to enable forwarding of IGMP reports to a proxy service interface for all forwarding entries for this interface You must also enable the downstream IGMP mroute proxy interfaces on this device using th...

Page 742: ...de Default 255 seconds Usage This command applies to interfaces configured for IGMP The timeout value should not be less than the current active querier s general query interval Examples The following example configures the device to wait 130 seconds from the time it received the last query before it takes over as the querier for the interface Related Commands ip igmp query interval Parameter Desc...

Page 743: ...ery interval is 125 seconds Usage This command applies to interfaces configured for IGMP Note that the IGMP query interval must be set to a greater value than the IGP query max response time For example if the IGMP query max response time is set to 1 second then the IGMP query interval must be set to at least 2 seconds Example The following example changes the frequency of sending IGMP host query ...

Page 744: ...onfigures a maximum response time of 8 seconds ip igmp robustness variable Use this command to change the robustness variable value on an interface To return to the default value on an interface use the no parameter with this command Syntax ip igmp robustness variable 2 7 no ip igmp robustness variable Mode Interface mode Default The default robustness variable value is 2 Usage This command applie...

Page 745: ...terfaces or globally Examples ip igmp snooping fast leave Use this command to enable IGMP Snooping fast leave processing Fast leave processing is analogous to immediate leave processing the IGMP group membership entry is removed as soon as an IGMP leave group message is received without sending out a group specific query Use the no parameter with this command to disable fast leave processing Synta...

Page 746: ...s a multicast router port Syntax ip igmp snooping mrouter interface port no ip igmp snooping mrouter interface port Mode Interface mode for VLAN interface Usage This IGMP Snooping command can only be configured on VLAN interfaces Example This example shows port1 1 2 statically configured to be a multicast router interface Parameter Description port The port to display information about The port ma...

Page 747: ...disable IGMP querier configuration Syntax ip igmp snooping querier no ip igmp snooping querier Mode Interface mode for VLAN interface Usage This command can only be configured on VLAN interfaces The IGMP Snooping querier uses the 0 0 0 0 Source IP address because it only masquerades as a proxy IGMP querier for faster network convergence It does not start or automatically cease the IGMP Querier ope...

Page 748: ...s group on this interface Use the no parameter with this command to disable report suppression Syntax ip igmp snooping report suppression no ip igmp snooping report suppression Mode Interface mode for VLAN interface Default Report suppression does not apply to IGMPv3 and is turned on by default for IGMPv1 and IGMPv2 reports Usage This command can only be configured on VLAN interfaces Example This ...

Page 749: ... set ip igmp snooping routermode for all default reserved addresses enter To remove the multicast address 224 0 0 5 from the custom list of multicast addresses enter Related commands show ip igmp snooping routermode Parameter Description no Negates ip igmp snooping routermode command and resets to its default all All reserved multicast addresses 224 0 0 x Packets from all possible addresses in ran...

Page 750: ...le Source Specific Mapping SSM on the device Use the no parameter with this command to disable SSM mapping Syntax ip igmp ssm map enable no ip igmp ssm map enable Mode Global Config mode Usage This command applies to interfaces configured for IGMP Example This example shows how to configure SSM mapping on the router Related Commands ip igmp ssm map static awplus configure terminal awplus config ip...

Page 751: ...er with this command to remove the SSM map association Syntax ip igmp ssm map static access list A B C D no ip igmp ssm map static access list A B C D Mode Global Config mode Usage This command applies to interfaces configured for IGMP Examples This example shows how to configure an SSM static mapping for group address 224 1 1 1 Related Commands ip igmp ssm map enable Parameter Description access ...

Page 752: ... or to IGMP Snooping on a VLAN interface to statically add group and or source records Parameter Description A B C D Standard IP Multicast group address to be configured as a static group member source Optional E F G H Standard IP source address to be configured as a static source from where multicast packets originate ssm map Mode of defining SSM mapping SSM mapping statically assigns sources to ...

Page 753: ...P version 1 2 or 3 on an interface To return to the default version use the no parameter with this command Syntax ip igmp version 1 3 no ip igmp version Mode Interface mode Usage This command applies to interfaces configured for IGMP Default The default IGMP protocol version number is 3 Example Parameter Description 1 3 IGMP protocol version number awplus configure terminal awplus config interface...

Page 754: ...1 60 port1 1 3 00 00 05 00 04 15 10 10 0 7 224 100 100 100 port1 1 1 00 00 11 00 04 13 10 10 0 91 228 5 16 8 port1 1 3 00 00 11 00 04 16 10 10 0 91 228 81 16 8 port1 1 7 00 00 05 00 04 15 10 10 0 91 228 249 13 8 port1 1 3 00 00 08 00 04 17 10 10 0 91 235 80 68 83 port1 1 11 00 00 12 00 04 15 10 10 0 40 239 255 255 250 port1 1 3 00 00 12 00 04 15 10 10 0 228 239 255 255 254 port1 1 12 00 00 08 00 0...

Page 755: ...lliseconds Group Membership interval is 260 seconds IGMP Snooping is globally enabled IGMP Snooping is enabled on this interface IGMP Snooping fast leave is not enabled IGMP Snooping querier is not enabled IGMP Snooping report suppression is enabled The following command displays the IGMP interface status for port 1 0 24 awplus show ip igmp interface port1 0 24 Interface port1 0 24 Index 5024 vlan...

Page 756: ...e this command to display the multicast router ports both static and dynamic in a VLAN Syntax show ip igmp snooping mrouter interface interface Mode Exec and Privileged Exec mode Example The following command displays the multicast router interfaces in VLAN 1 awplus show ip igmp snooping mrouter vlan1 VLAN Interface 1 port1 1 2 1 port1 1 5 Parameter Description interface The name of the VLAN inter...

Page 757: ...dresses set as router multicast addresses from the ip igmp snooping routermode command Syntax show ip igmp snooping routermode Mode Exec mode and Privileged Exec mode Example To show the routermode and the list of router multicast addresses use the command awplus sh ip igmp snooping routermode Router mode Def Reserved multicast address 224 0 0 1 224 0 0 2 224 0 0 4 224 0 0 5 224 0 0 6 224 0 0 9 22...

Page 758: ...ata Syntax show ip igmp snooping statistics interface interface E Mode Exec and Privileged Exec mode Example The following displays IGMPv3 statistical information for VLAN 1 awplus show ip igmp snooping statistics interface vlan1 IGMP Snooping statistics for vlan1 Interface port1 1 3 Group 224 1 1 1 Uptime 00 00 09 Group mode Exclude Expires 00 04 10 Last reporter 10 4 4 5 Source list is empty Par...

Page 759: ...ghts reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 35 1 35 Common Multicast Commands Introduction 35 2 clear ip mroute 35 2 clear ip mroute statistics 35 2 debug nsm mcast 35 3 ip mroute 35 4 ip multicast route limit 35 5 ip multicast routing 35 6 multicast 35 7 show ip mroute 35 8 show ip mvif 35 10 show ip rpf 35 10 ...

Page 760: ...st forwarder The MRIB sends a clear message to the multicast protocols Each multicast protocol has its own clear multicast route command The protocol specific clear command clears multicast routes from PIM Sparse Mode and also clears the routes from the MRIB Example clear ip mroute statistics Use this command to delete multicast route statistics entries from the IP multicast routing table Syntax c...

Page 761: ...ug nsm mcast all fib msg mrt mtrace mtrace detail register stats vif Mode Privileged Exec and Configure mode Example Parameter Description all All IPv4 multicast debugging fib msg Forwarding Information Base FIB messages mrt Multicast routes mtrace Multicast traceroute mtrace detail Multicast traceroute detailed debugging register Multicast PIM register messages stats Multicast statistics vif Mult...

Page 762: ...ssible through 10 10 10 50 Validation Commands show ip rpf Parameter Description source addr mask length A B C D 0 32 Specifies multicast source IP address and mask length bgp BGP unicast routing protocol ospf OSPF unicast routing protocol rip RIP unicast routing protocol static specifies a static route rpf addr A B C D RPF address for the multicast route The host IP address can be a directly conn...

Page 763: ...fault limit and threshold value is 2147483647 Usage This command limits the number of multicast routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter is set a threshold warning message is generated when this threshold is exceeded and the message continues to occur until the number of mroutes reaches the limit set by the li...

Page 764: ... multicast routing no ip multicast routing Mode Configure mode Default By default multicast routing is off Usage When the no parameter is used with this command the Multicast Routing Information Base MRIB cleans up Multicast Routing Tables MRT stops IGMP operation and stops relaying multicast forwarder events to multicast protocols When multicast routing is enabled the MRIB starts processing any M...

Page 765: ... does not affect layer 2 forwarding of multicast packets If you enter no multicast on a port multicast packets received on that port will not be forwarded to other VLANs but ports in the same VLANs as the receiving port will still receive the multicast packets Syntax multicast no multicast Mode Interface mode Default By default all switch ports route multicast packets Examples awplus configure ter...

Page 766: ...rder installed Timers Uptime Stat Expiry Interface State Interface TTL 10 10 1 52 224 0 1 3 uptime 00 00 31 stat expires 00 02 59 Owner PIM SM Flags TF Incoming interface vlan2 Outgoing interface list vlan3 1 awplus show ip mroute 10 10 1 52 224 0 1 3 IP Multicast Routing Table Flags I Immediate Stat T Timed Stat F Forwarder installed Timers Uptime Stat Expiry Parameter Description group addr Grou...

Page 767: ...m fwd 1 0 0 Total NOCACHE WRONGVIF WHOLEPKT sent to clients 1 0 0 Immediate Timed stat updates sent to clients 0 0 Reg ACK recv Reg NACK recv Reg pkt sent 0 0 0 Next stats poll 00 01 10 Forwarding Counts Pkt count Byte count Other Counts Wrong If pkts Fwd msg counts WRONGVIF WHOLEPKT recv Client msg counts WRONGVIF WHOLEPKT Imm Stat Timed Stat sent Reg pkt counts Reg ACK recv Reg NACK recv Reg pkt...

Page 768: ...ow ip rpf Use this command to display Reverse Path Forwarding RPF information for the specified source address Syntax show ip rpf source addr Mode Exec mode and Privileged Exec mode Examples Parameter Description interface The interface to display information about awplus show ip mvif Interface Vif Owner TTL Local Remote Uptime Idx Module Address Address vlan2 0 PIM SM 1 192 168 1 53 0 0 0 0 00 04...

Page 769: ...g System Software Reference C613 50003 00 REV E 36 1 2008 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 36 1 36 PIM SM Configuration Introduction 36 2 PIM Sparse Mode 36 2 Operation of PIM Sparse Mode 36 3 ...

Page 770: ... multicast distribution tree by sending an explicit join message to the group s primary RP A source uses the RP to announce its presence and to find a path to members that have joined the group This model requires Sparse Mode routers to maintain some state information the RP list prior to the arrival of data packets In contrast Dense Mode multicast routing protocols are data driven since they do n...

Page 771: ... s information The switch sends Hello messages regularly at the Hello Time interval Operation of PIM Sparse Mode Once roles are established multicast routing follows specific phases 1 Rendezvous point tree 2 Register stop 3 Shortest path tree While multicast routing always begins with phase 1 the designated router for a receiver determines whether and when to move on to phases 2 and 3 depending on...

Page 772: ...the sender s DR the DR starts forwarding the multicast data directly towards the receiver As several receivers all initiate shortest paths to the sender these paths converge creating a shortest path tree When the multicast packets start arriving from the SPT at the receiver s DR or an upstream router common to the SPT and the RPT it starts discarding the packets from the RPT and sends a prune mess...

Page 773: ... Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 36 5 leaves the SPT the Assert winner sends an Assert Cancel message saying that it is about to stop forwarding data on the SPT Any RPT downstream routers then switch back to the RP tree ...

Page 774: ...PIM SM Configuration 2008 Allied Telesis Inc All rights reserved 36 6 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 775: ...ip pim exclude genid 37 9 ip pim hello holdtime 37 9 ip pim hello interval 37 10 ip pim ignore rp set priority 37 10 ip pim jp timer 37 11 ip pim neighbor filter 37 11 ip pim register rate limit 37 12 ip pim register rp reachability 37 12 ip pim register source 37 13 ip pim register suppression 37 14 ip pim rp address 37 15 ip pim rp candidate 37 16 ip pim rp register kat 37 16 ip pim sparse mode ...

Page 776: ...ovides an alphabetical reference for each of the PIM SM Commands See also Chapter 35 Common Multicast Commands clear ip pim sparse mode bsr rp set Use this command to clear all RP sets learned through the PIMv2 Bootstrap Router BSR Syntax clear ip pim sparse mode bsr rp set Mode Privileged Exec mode Example Parameter Description Clears all RP sets awplus clear ip pim sparse mode bsr rp set ...

Page 777: ...w debugging pim sparse mode Parameter Description all activates deactivates all PIM SM debugging events activates debug printing of events mfc activates debug printing of MFC Multicast Forwarding Cache in kernel add delete updates mib activates debug printing of PIM SM MIBs nexthop activates debug printing of PIM SM nexthop communications nsm activates debugging of PIM SM Network Services Module c...

Page 778: ...to enable the PIM SM Hello timer s debugging Use the no parameter with this command to disable the PIM SM Hello timer s debugging Syntax debug pim sparse mode timer hello ht nlt tht no debug pim sparse mode timer hello ht nlt tht Mode Configure and Privileged Exec modes Related Commands show debugging pim sparse mode Parameter Description bst Turn on off Boot strap debugging timer crp Turn on off ...

Page 779: ...d to enable the PIM SM register timer s debugging Use the no parameter with this command to disable the PIM SM register timer s debugging Syntax debug pim sparse mode timer register rst no debug pim sparse mode timer register rst Mode Configure and Privileged Exec modes Example Related Commands show debugging pim sparse mode Parameter Description jt Turn on off PIM SM JoinPrune timer upstream Join...

Page 780: ...bsr candidate Use this command to set this router s BSR candidate information using the specified IP interface Use the no parameter with this command to remove this candidate interface Syntax ip pim bsr candidate ifname hash priority no ip pim bsr candidate ifname Mode Configure mode Example Parameter Description SIMPLERANGE 100 199 IP extended access list EXPRANGE 2000 2699 IP extended access lis...

Page 781: ...ster checksum group list Use this command to configure the option to calculate the Register checksum over the whole packet on multicast groups specified by the access list This command is used to inter operate with older Cisco IOS versions Use the no parameter with this command to revert to default settings Syntax ip pim cisco register checksum group list SIMPLERANGE EXPRANGE ACCESSLIST no ip pim ...

Page 782: ...fix no ip pim crp cisco prefix Mode Configure mode Example Related Commands ip pim rp candidate ip pim dr priority Use this command to set the designated router priority value Use the no parameter with this command to disable this function Syntax ip pim dr priority priority no ip pim dr priority priority Mode Interface mode Example Related Commands ip pim ignore rp set priority awplus configure te...

Page 783: ...o holdtime value that is less than the current hello interval Each time the hello interval is updated the hello holdtime is also updated according to the following rules If the hello holdtime is not configured or if the hello holdtime is configured and less than the current hello interval value it is modified to the 3 5 hello interval Otherwise it retains the configured value Use the no variant of...

Page 784: ...r with this command to reset the default value Syntax ip pim hello interval interval no ip pim hello interval Mode Interface mode Example ip pim ignore rp set priority Use this command to ignore the RP SET priority value and use only the hashing mechanism for RP selection This command is used to inter operate with older Cisco IOS versions Use the no command to disable this setting Syntax ip pim ig...

Page 785: ...eighbor or terminate adjacency with the existing neighbors if denied by the filtering access list Use the no parameter with this command to disable this function Syntax ip pim neighbor filter number accesslist no ip pim neighbor filter number accesslist Mode Interface mode Default By default there is no filtering Example Parameter Description 1 65535 Specifies the Join Prune timer value awplus con...

Page 786: ...egister rp reachability Use this command to enable the RP reachability check for PIM Register processing at the DR The default setting is no checking for RP reachability Use the no parameter to disable this processing Syntax ip pim register rp reachability no ip pim register rp reachability Mode Configure mode Default This command is disabled by default there is no checking for RP reachability Exa...

Page 787: ...nterface toward the source host The configured address must be a reachable address to be used by the RP to send corresponding Register Stop messages in response It is normally the loopback interface address but can also be other physical addresses This address must be advertised by unicast routing protocols on the DR The configured interface does not have to be PIM enabled Syntax ip pim register s...

Page 788: ...guring this value modifies register suppression time at the DR Configuring this value at the RP modifies the RP keepalive period value if the ip pim rp register kat command on page 37 16 is not used Use the no parameter to reset the value to its default of 60 seconds Syntax ip pim register suppression 1 65535 no ip pim register suppression Mode Configure mode Example Parameter Description 1 65535 ...

Page 789: ...ticast group range 224 0 0 0 4 without ACL or for specific group ranges using ACL For configuring ip pim rp address 192 168 3 4 will configure static RP 192 168 3 4 for the default group range 224 0 0 0 4 Configuring ip pim rp address 192 168 7 8 grp list will configure static RP 192 168 7 8 for all the group ranges represented by permit filters in grp list ACL If multiple static RPs are available...

Page 790: ...nfigure the Keep Alive Time KAT for S G states at the RP to monitor PIM Register packets Use the no parameter to set the value back to its default Syntax ip pim rp register kat 1 65535 no ip pim rp register kat Mode Configure mode Example awplus configure terminal awplus config ip pim rp register kat 3454 Parameter Description ifname Interface name priority 0 255 configure priority for an RP candi...

Page 791: ...de ip pim sparse mode passive Enable disable passive mode operation for local members on the interface Passive mode essentially stops PIM transactions on the interface allowing only IGMP mechanism to be active To turn off passive mode use the no ip pim sparse mode passive or the ip pim sparse mode command To turn off PIM activities on the interface use the no ip pim sparse mode command Syntax ip p...

Page 792: ...ing to SPT happens either at the receiving of the first data packet or not at all it is not rate based Use the no variant of this command to turn off switching to the SPT Syntax ip pim spt threshold group list simplerange expandedrange namedaccesslist no ip pim spt threshold group list simplerange expandedrange namedaccesslist Mode Configure mode Example Usage Turn on off the ability for the last ...

Page 793: ...nge accesslist named_accesslist no ip pim ssm default range accesslist named_accesslist Mode Configure mode Default The command is disabled Usage When an SSM range of IP multicast addresses is defined by the ip pim ssm command the no G or S G rpt state will be initiated for groups in the SSM range The messages corresponding to these states will not be accepted or originated in the SSM range Exampl...

Page 794: ... show ip pim sparse mode bsr router Use this command to show the bootstrap router BSR v2 address Syntax show ip pim sparse mode bsr router Mode Privileged Exec and Exec mode Output Figure 37 2 output from the show ip pim sparse mode bsr router command Related Commands show ip pim sparse mode rp mapping show ip pim sparse mode neighbor Debugging status PIM event debugging is on PIM Hello THT timer ...

Page 795: ... interface detail Use this command to show detailed information on a PIM SM interface Syntax show ip pim sparse mode interface detail Command Mode Privileged Exec and Exec mode Output Figure 37 4 output from the show ip pim sparse mode interface detail command Address Interface VIFindex Ver Nbr DR DR Mode Count Prior 192 168 1 53 vlan2 0 v2 S 2 2 192 168 1 53 192 168 10 53 vlan3 2 v2 S 0 2 192 168...

Page 796: ...ress source_address show ip pim sparse mode mroute group_address source_address show ip pim sparse mode mroute source_address group_address Mode Privileged Exec and Exec Parameter Description group_address A B C D Group IP address Output is all multicast entries belonging to that group source_address A B C D Source IP address Output is all multicast entries belonging to that source Parameter Descr...

Page 797: ...Table RP Entries 0 G Entries 1 S G Entries 0 S G rpt Entries 0 FCR Entries 1 224 0 1 3 RP 10 10 5 153 RPF nbr 192 168 1 152 RPF idx vlan2 Upstream State JOINED Local Joined j Asserted FCR Source 10 10 1 52 Outgoing o KAT timer running 144 seconds remaining Packet count 1 awplus show ip pim sparse mode mroute awplus show ip pim sparse mode mroute 40 40 40 11 awplus show ip pim sparse mode mroute 23...

Page 798: ...ute GRPADD SRCADD detail show ip pim sparse mode mroute SRCADD GRPADD detail Mode Privileged Exec and Exec Parameter Description detail Show detailed information Parameter Description GRPADD A B C D Group IP address Output is all multicast entries belonging to that group SRCADD A B C D Source IP address Output is all multicast entries belonging to that source detail Show detailed information Param...

Page 799: ...24 0 1 24 Uptime 00 06 42 RP 0 0 0 0 RPF nbr None RPF idx None Upstream State JOINED SPT Switch Disabled JT off Macro state Join Desired Downstream vlan2 State NO INFO ET off PPT off Assert State NO INFO AT off Winner 0 0 0 0 Metric 4294967295l Pref 4294967295l RPT bit on Macro state Could Assert Assert Track Local Olist vlan2 awplus show ip pim sparse mode mroute detail awplus show ip pim sparse ...

Page 800: ...utput from the show ip pim sparse mode neighbor interface detail command Parameter Description interface Optional Interface name e g vlan2 Show neighbors on an interface A B C D Optional Show neighbors with a particular address on an interface detail Show detailed information Neighbor Interface Uptime Expires Ver DR Address Priority Mode 10 10 0 9 vlan2 00 55 33 00 01 44 v2 1 10 10 0 136 vlan2 00 ...

Page 801: ...xthop Nexthop Nexthop Nexthop Metric Pref Refcnt Num Addr Ifindex Name ____________________________________________________________________ 10 10 0 9 RS 1 0 0 0 0 4 0 0 1 Parameter Meaning Destination The destination address for which PIM SM requires nexthop information Type The type of destination as indicated by the Flags description N New R RP S Source U Unreachable Nexthop Num The number of ne...

Page 802: ...ip pim sparse mode rp hash 224 0 1 3 Related Commands show ip pim sparse mode rp mapping show ip pim sparse mode rp mapping Use this command to show group to RP rendezvous point mappings and the RP set Syntax show ip pim sparse mode rp mapping Mode Privileged Exec and Exec mode Output Figure 37 11 output from the show ip pim sparse mode rp mapping command Related Commands show ip pim sparse mode r...

Page 803: ...are PlusTM Operating System Software Reference C613 50003 00 REV E 37 29 undebug all pim sparse mode Use this command to disable all PIM SM debugging Syntax undebug all pim sparse mode Mode Privileged Exec mode Example Related Commands debug pim sparse mode awplus undebug all pim sparse mode ...

Page 804: ...PIM SM Commands 2008 Allied Telesis Inc All rights reserved 37 30 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 805: ...Chapter 38 Access Control List ACL Commands Chapter 39 Quality of Service QoS Chapter 40 QoS Commands Chapter 41 802 1x Configuration Chapter 42 802 1x and RADIUS Commands Chapter 43 Secure Shell SSH Introduction Chapter 44 SSH Configuration Chapter 45 Secure Shell Commands ...

Page 806: ......

Page 807: ...rence C613 50003 00 REV E 38 1 38 Access Control List ACL Commands Introduction 38 2 access list extended 38 2 access list standard 38 3 access list IP 38 4 access list MAC 38 10 access list extended Named 38 12 access list standard Named 38 17 clear ip prefix list 38 17 ip access group 38 18 ip prefix list 38 19 mac access group 38 21 match access group 38 22 maximum access list 38 23 show access...

Page 808: ...ed with this command permit Access list permits packets that match the source and destination filtering specified with this command source The source address of the packets You can specify either a subnet a host or all sources The following are the valid formats to specify the source any Filters packets with any source address host ip addr Filters packets matching a specific source address ip addr...

Page 809: ... list expanded range 2000 2699 IP standard access list expanded range deny Access list rejects packets from the specified source permit Access list accepts packets from the specified source source The source address of the packets You can specify either a subnet a host or all sources The following are the valid formats to specify the source any Filters packets with any source address host ip addr ...

Page 810: ...ejects packets that match the source and destination filtering specified with this command permit Access list permits packets that match the source and destination filtering specified with this command send to cpu Specify packets to send to the CPU icmp ICMP packet ip IP packet tcp TCP packet udp UDP packet source The source address of the packets You can specify either a subnet a host or all sour...

Page 811: ...tween the IP address and the mask The mask works as a reverse address mask For example 0 0 0 255 means you permit or deny the route which matches the first 24 bits A B C D icmp type Matches only a specified type of ICMP messages This is valid only when the filtering is set to match ICMP packets type number The ICMP type as defined in RFC792 and RFC950 Specify one of the following integers to creat...

Page 812: ...rces The following are the valid formats for specifying the source ip addr mask An IPv4 address followed by a forward slash then the prefix length This matches any source IP address within the specified subnet any Matches any source IP address host Matches any source IP host sourceport The source port number specified as an integer between 0 and 65535 destination The destination address of the pac...

Page 813: ...ddress and mask are specified in dotted decimal notation with a space between the IP address and the mask The mask works as a reverse address mask For example 0 0 0 255 means you permit or deny the route which matches the first 24 bits A B C D any Any source host host A single source host destination The destination of the packets You can specify either a subnet a host or all destinations The foll...

Page 814: ...ontrol Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Protocol RFC1735 58 ICMP for IPv6 RFC1883 59 No Next Header for IPv6 RFC1883 60 Destination Options for IPv6 RFC1883 88 EIGRP Enhanced Interior Gateway Routing Protocol 89 OSPFIGP RFC1583 97 Ethernet within IP Encapsulation...

Page 815: ... type of 5 issue the below example commands To destroy the access list with an access list identity of 3000 issue the below example commands IP protocol To create an access list that will permit any type of IP packet with a source address of 192 168 1 1 and any destination address issue the example commands To create an access list that will deny all IGMP packets IP protocol 2 from the 192 168 0 0...

Page 816: ...st that will permit packets with a MAC address of 0000 00ab 1234 and any destination address issue the below example commands Parameter Description 4000 4699 Hardware MAC access list copy to cpu Specify packets to copy to the CPU copy to mirror Specify packets to copy to the mirror port deny Access list rejects packets that match the source and destination filtering permit Access list permits pack...

Page 817: ...2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 38 11 To destroy the access list with an access list identity of 4000 issue the below example commands Related Commands show running config show ip access list awplus configure terminal awplus config no access list 4000 ...

Page 818: ...match the type source and destination filtering specified with this command permit The access list permits packets that match the type source and destination filtering specified with this command any The access list matches any type of packet ip The access list matches only IP packets icmp The access list matches only ICMP packets source The source address of the packets You can specify either a s...

Page 819: ... one of the following integers to create a filter for the ICMP message type 0 Echo replies 3 Destination unreachable messages 4 Source quench messages 5 Redirect change route messages 8 Echo requests 11 Time exceeded messages 12 Parameter problem messages 13 Timestamp requests 14 Timestamp replies 15 Information requests 16 Information replies 17 Address mask requests 18 Address mask replies log L...

Page 820: ...formats for specifying the source ip addr reverse mask An IPv4 address followed by a forward slash then the prefix length This matches any source IP address within the specified subnet any Matches any source IP address sourceport The source port number specified as an integer between 0 and 65535 destination The destination address of the packets You can specify either a subnet or all destinations ...

Page 821: ...x length This matches any source IP address within the specified subnet any Matches any source IP address destination The destination address of the packets You can specify either a subnet or all destinations The following are the valid formats for specifying the destination ip addr reverse mask An IPv4 address followed by a forward slash then the prefix length This matches any source IP address w...

Page 822: ... Destination Options for IPv6 RFC1883 88 EIGRP Enhanced Interior Gateway Routing Protocol 89 OSPFIGP RFC1583 97 Ethernet within IP Encapsulation RFC3378 98 Encapsulation Header RFC1241 108 IP Payload Compression Protocol RFC2393 112 Virtual Router Redundancy Protocol RFC3768 134 RSVP E2E IGNORE RFC3175 135 Mobility Header RFC3775 136 UDPLite RFC3828 137 MPLS in IP RFC4023 138 MANET Protocols RFC i...

Page 823: ...e ip addr mask Mode Privileged Exec mode Examples To clear a prefix list named List1 Parameter Description list name A user defined name for the access list deny The access list rejects packets that match the type source and destination filtering specified with this command permit The access list permits packets that match the type source and destination filtering specified with this command sourc...

Page 824: ...o an LACP channel group apply it to all the individual switch ports in the channel group To apply ACLs to a static channel group apply it to the static channel group itself Do not apply an ACL to a dynamic LACP or static channel group that spans more than one switch instance Chapter 21 Link Aggregation Commands Example To add access list 3005 to interface port1 0 1 To apply an ACL to static channe...

Page 825: ... value to be less than 32 and the ge value to be less than the le value In this configuration the ip prefix list command matches all but denies the IP address range 76 2 2 0 Parameter Description line text description of the prefix list list name specifies the name of a prefix list seq seq 1 429496725 deny permit ip prefix any length seq 1 429496725 sequence number of the prefix list deny specifie...

Page 826: ...tware Version 5 2 1 Example To deny the IP addresses between 10 0 0 0 14 10 0 0 0 255 252 0 0 and 10 0 0 0 22 10 0 0 0 255 255 252 0 within the 10 0 0 0 8 10 0 0 0 255 0 0 0 addressing range Related Commands match ip address neighbor prefix list match route type awplus configure terminal awplus config ip prefix list mylist seq 12345 deny 10 0 0 0 8 le 22 ge 14 ...

Page 827: ...e a mac access list that applies the appropriate permit deny requirements etc Then use the mac access group command to apply this access list to a specific port or range Note that this command will apply the access list only to incoming data packets Example To add access list 4010 to interface port1 0 1 To remove access list 4010 from interface port1 0 1 Related Commands show interface access grou...

Page 828: ...s command will apply the access list matching only to incomming data packets Example Configure mode The following example configures a class map named cmap1 with 1 match criterion access list 103 which allows traffic from any source to any destination Related Commands class map Parameter Description access group Used to apply an access control list of the same number group number The access group ...

Page 829: ...ists Hardware access lists are excluded from this command These lists are those within the ranges 3000 3699 and 4000 4699 The no variant of this command removes the limit on the number of filters that can be added to a software access list Syntax maximum access list 1 4294967294 no maximum access list Mode Config Examples To set the maximum number of software filters to 200 Related Commands remote...

Page 830: ...c mode Example To show the access list with an ID of 1 Standard IP access list 1 deny any Note the below error message if you attempt to show an undefined access list Related Commands access list standard access list extended Parameter Description show Show running system information access list List access lists 1 99 IP standard access list 100 199 IP extended access list 1300 1999 IP standard ac...

Page 831: ...1300 1999 2000 2699 list name Mode Privileged Exec mode Output Figure 38 1 Example output from the show ip access list command Examples awplus show ip access list Parameter Description 1 99 IP standard access list 100 199 IP extended access list 1300 1999 IP standard access list expanded range 2000 2699 IP extended access list expanded range list name IP named access list Standard IP access list 1...

Page 832: ...ip addr mask first match longer ip addr mask IP address for the prefix list and mask 0 32 is the range for the mask first match the show command displays the first matching routing table for the given IP address or prefix longer causes the show command to lookup longer prefixes detail detail word detail word detail name of prefix list when used after the keyword detail summary summary word summary...

Page 833: ...packets 39 6 Applying QoS on Your Switch 39 7 Classifying your Data 39 7 Class Maps 39 7 Policy Maps 39 10 Premarking your Traffic 39 11 CoS to egress queue premarking 39 11 DSCP to egress queue premarking 39 13 Policing Metering Your Data 39 15 Single rate three color policing 39 16 Two rate three color policing 39 17 Configuring and Applying a Policer 39 18 Remarking Your Data 39 19 Configuring ...

Page 834: ...providers to sell different levels of service to customers based on what their customers require and be confident in their ability to guarantee the reliable delivery of these services enterprise and educational organizations to actively manage and provide many services across one network for example live video streaming and standard data services with preferential treatment being given to mission ...

Page 835: ...g priorities to 7 traffic types These are summarized in the Table 39 1 below Table 39 1 CoS Traffic Mapping Guidelines On the switch you can use the command match cos on page 40 10 to select frames that match a particular User Priority value and assign them to a particular class map You can then map these incoming frames to one of eight egress queues This facility enables you to accept frames that...

Page 836: ... description of the differential services model is outside the scope of this software reference a brief introduction is provided For further information RFC 2475 provides an in depth definition of the architecture The basic differential services model envisages a multi router network within which common service qualities are applied At the network boundary QoS Edge Routers inspect the traffic and ...

Page 837: ...to an appropriate egress queue For example you could decide to send frames with a User Priority value of 7 to queue 3 and frames with a User Priority value of 2 to queue 7 Because the model offers considerable flexibility and the mapping of traffic types to DCSPs is individual for each network this locally applied definition is known as a Differential Services Domain The previous section introduce...

Page 838: ...t comprises QoS boundary routers at its edge and QoS core routers in its core network At the network edge the QoS boundary routers filter the incoming data based on specific packet components Based on this filtering each packet is assigned a DSCP value This value will determine the service level priority queueing etc that will be applied Within the network core the packet filtering required is red...

Page 839: ... 39 3 or a network level DSCP Differentiated Services Architecture on page 39 4 You can also assign the data to a particular output or egress queue Class Maps Class Maps are among the pivotal QoS components They provide the means that associate the classified traffic with its appropriate QoS actions They are the linking elements for the following functions classification policy mapping aggregate p...

Page 840: ...d to the class map that was created first An example of such a conflict is the arrival of a packet that meets the classification requirements of two class maps each configured to the same policy map and set to apply different priority settings to the packet Figure 39 5 Relationship between a class map and its associated functions Creating a class map To create a class map use the class map command...

Page 841: ...d on page 40 5 To set the default class map for the policy map p map1 to have the action of deny Applying a match command to a class map To apply a matching filter to a class map use one of the match commands This example creates a filter to select vlan5 traffic and applies this filter to the class map named video traffic Associating a class map with a policy map To associate a class map with a po...

Page 842: ...aps corporate users and domestic users To create a policy map called pmap1 use the commands Having created the policy map corp we can use the class command on page 40 3 to assign it to one or more class maps Since we created the class maps video traffic and office traffic earlier in this chapter we can now attach the policy map pmap1 to both class maps Use the class command to assign the policy ma...

Page 843: ... order to reassign a particular DSCP to a specific egress queue CoS value or both When no other mapping is set all traffic is sent to the queue that is set by the mls qos queue command If this command is unset i e in the absence of any other queue selection traffic will be sent to queue 2 For core QoS switches Traffic entering ports within the QoS core network will almost certainly contain some pr...

Page 844: ... qos map cos queue to enables you to create a switch wide mapping of CoS values to egress queues The default mappings for this command are COS 0 1 2 3 4 5 6 7 QUEUE 2 0 1 3 4 5 6 7 These mappings match the CoS guidelines documented in Annex H 2 of ANSI IEEE 802 1D 1988 Edition Table H 15 on page 355 of the standard shows a table of user priorities for specific traffic types Table 39 4 shows an ada...

Page 845: ...CoS and a DSCP fields and each field maps to a different class map policy map the switch will apply a priority based on the creation date of class maps the earlier the creation date the higher the priority priorities Table 39 5 DSCP Mapping Commands in Hierarchical Order Table 39 5 shows that if no overriding commands have been configured and there is no CoS value in the packet then the default se...

Page 846: ...m the mls qos map mark dscp to command and provides the highest priority of all the pre marking controls To apply this table you must first apply the trust setting by using the command trust dscp At this point the dscp input to the table will be that existing in the incoming packet However by setting the set dscp will change the dscp for all packets within the specified policy map and class map sp...

Page 847: ...ring types can be configured from the mls qos aggregate police exceed action command on page 40 19 these types are single rate three color twin rate three color Note that the although the color marking process is carried out on the input port on ingress the egress port can also use this color marking to modify its output data flows The meter operates in the color aware mode however the premarker t...

Page 848: ...eeding the CIR will begin to empty the bucket As the data and tokens are paired data bytes that match tokens below the CBS level are marked green those that are between CBS and EBS will be marked yellow and those that are above EBS are marked red Note that although the data is metered per byte the color marking process is applied per packet This means that if there were only sufficient tokens avai...

Page 849: ...thus the token count in bucket C remains constant Similarly if data enters the port at the PIR then the token count in bucket P remains constant You can specify the CIR and the PIR by using either the the police twin rate exceed action command or the mls qos aggregate police exceed action command The function of each of these commands is explained in the section Configuring and Applying a Policer ...

Page 850: ...s unchanged Configuring and Applying a Policer The previous section showed how the policer works and how to select either the single rate or twin rate exceed action There are two methods to apply a policy to class maps 1 Select your policy map and class map from the command prompt then enter either the police twin rate exceed action command or the police twin rate exceed action command whilst sele...

Page 851: ...h class of yellow Table 39 8 Remarking Table Example To configure this setting you would enter the following commands Existing DSCP BANDWIDTH CLASS Green Yellow Red DSCP value in the packet leaving the meter New value for Dscp New value for CoS Tag New bandwidth class Red Yellow or Green New value for egress queue New value for Dscp New value for CoS Tag New bandwidth class Red Yellow or Green New...

Page 852: ...c adaptors terminates in four input queues These queues schedule the data between the internal fabric adaptors and each port s egress queue The mls qos input queue command mentioned above enables you to select the scheduling algorithm to be either strict priority or weighted round robin WRR Use the show mls qos input queue to see the present settings on your switch The mls qos map input queue comm...

Page 853: ...t to the setting of the command mls qos map cos queue to 3 Situations 1 and 2 can be overridden by the mls qos queue command This command sets a default queue for each switch port 4 If the set queue command has been applied to specific ports via its class map policy map combination then the queue mapping of this command will override that set by the the mls qos queue command for those specific por...

Page 854: ...ound robin Strict priority servicing By default all queues on all ports are serviced in a strict priority order This means that the highest numbered priority queue queue 7 is emptied first then when it is completely empty the next highest priority queue is processed and so on Thus for a strict priority queue to be processed all higher priority queues must be empty Strict priority servicing is the ...

Page 855: ...mple In this example port 1 0 1 has queues configured as follows queues 6 and 7 are configured strict priority queues 3 4 and 5 are WRR group 1 with weighting values of 6 6 and 12 respectively queues 0 1 and 2 are WRR group 2 all with a weighting value of 6 I In this example the queues are processed as follows 1 Queue 7 is processed first 2 If queue 7 is empty Queue 6 is processed next 3 If queues...

Page 856: ... drop mode profile for each of the 8 egress queues Your switch has 4 pre existing queue sets one pre configured for 1G ports and another for 10 G ports These configurations are shown in Figure 39 10 and Figure 39 11 You can name and reconfigure these profiles and change the association of queue sets to switch ports These steps are explained later in this section Note The default drop mode operatio...

Page 857: ... 100 KB 125 KB 1 50 Red 100 KB 125 KB 1 50 Queue 2 Green 100 KB 125 KB 1 50 Yellow 100 KB 125 KB 1 50 Red 100 KB 125 KB 1 50 Queue 3 Green 100 KB 125 KB 1 50 Yellow 100 KB 125 KB 1 50 Red 100 KB 125 KB 1 50 Queue 4 Green 100 KB 125 KB 1 50 Yellow 100 KB 125 KB 1 50 Red 100 KB 125 KB 1 50 Queue 5 Green 100 KB 125 KB 1 50 Yellow 100 KB 125 KB 1 50 Red 100 KB 125 KB 1 50 Queue 6 Green 100 KB 125 KB 1...

Page 858: ... Queue Set 2 Description 10G Defaults BandwidthClass Min Max Drop Probability Queue 0 Green 1 MB 1 MB 1 50 Yellow 1 MB 1 MB 1 50 Red 1 MB 1 MB 1 50 Queue 1 Green 1 MB 1 MB 1 50 Yellow 1 MB 1 MB 1 50 Red 1 MB 1 MB 1 50 Queue 2 Green 1 MB 1 MB 1 50 Yellow 1 MB 1 MB 1 50 Red 1 MB 1 MB 1 50 Queue 3 Green 1 MB 1 MB 1 50 Yellow 1 MB 1 MB 1 50 Red 1 MB 1 MB 1 50 Queue 4 Green 1 MB 1 MB 1 50 Yellow 1 MB 1...

Page 859: ...orts by using the mls qos queue set You also use this command to select the drop mode to apply Note the following rules when applying queue sets to queues and ports a port can only have one queue set applied to it a queue set can be applied to many ports Example To set port 1 0 1 to use queue set 2 in random detect mode use the command awplus config terminal awplus config interface port1 0 1 awplu...

Page 860: ... alternative random detect RED and in most situations offers similar performance In some situations such as when using the UDP protocol it is more appropriate to use tail drop than RED This is because UDP unlike TCP is not a sliding window protocol UDP is also a popular protocol for real time data such as voice and video conferencing The defaults for tail drop are shown in Figure 39 10 and Figure ...

Page 861: ...lts for WRED configuration are shown in Figure 39 10 on page 39 25 and Figure 39 11 on page 39 26 Random early detection operates in a similar way to tail drop but begins to gracefully drop packets as the average queue length1 approaches the Maximum threshold point Maxth The concept is illustrated in Figure 39 12 on page 39 30 This figure shows how packets in the three classes Red Yellow and Green...

Page 862: ...Early Detection As previously mentioned the defaults for both drop methods can be seen from Table 39 10 and Table 39 11 These tables show the same output for both tail drop and RED detection methods However when tail drop is applied the values for Minth and average queue length Qave are ignored and the drop probability is either 0 for a current queue size Maxth or 100 for for a current queue size ...

Page 863: ...etting the average queue length for a maximum queue ratio of 37 across all used queues on the particular port i e 4 62 per queue when using 8 queues This will provide 667 KB per port 83 KB per queue when the switch is set for normal frame sizes and 3 1 MB per port 388 KB per queue when the switch is set to support Jumbo frames You can then use these values to form the basis for setting the Maxth v...

Page 864: ...port at layer two may be tagged or untagged VLAN tagged frames contain 3 additional fields as shown in Figure 39 13 below The User Priority field enables you to map incoming frames to any one of eight egress queues This facility enables you can accept frames that are already carrying meaningful priority information to be automatically assigned to an appropriate egress queue For example you could d...

Page 865: ...ally recorded in the log and you can configure an SNMP trap to signal that a port has been disabled When a storm is detected on a trunk or port group the entire trunk or port group is disabled The following table explains the basic concepts involved with storm protection To set the action to take when triggered by QoS Storm Protection QSP use the storm protection command on page 40 66 To set the t...

Page 866: ...ng fabric has four queues whereas each switch port in a switch processor instance has eight egress queues These two types of queues must be mapped to each other To specify the mapping of the 8 switch processor port queues to the 4 fabric queues use the command mls qos map input queue command on page 40 24 The integers q0 to q7 indicate the fabric queue that corresponds to an egress queue You can a...

Page 867: ...40 13 match protocol 40 14 match tcp flags 40 16 match tpid 40 17 match vlan 40 17 mls qos enable 40 18 mls qos aggregate police exceed action 40 19 mls qos input queue 40 21 mls qos map cos queue to 40 23 mls qos map input queue 40 24 mls qos map mark dscp to 40 26 mls qos map policed dscp to 40 27 mls qos queue 40 29 mls qos queue set averaging factor 40 30 mls qos queue set drop probability 40 ...

Page 868: ...w mls qos interface storm status 40 56 show mls qos maps cos queue 40 57 show mls qos maps input queue 40 58 show mls qos maps mark dscp 40 59 show mls qos maps policed dscp 40 60 show mls qos queue set 40 61 show policy map 40 63 storm action 40 64 storm downtime 40 65 storm protection 40 66 storm rate 40 67 storm window 40 68 trust dscp 40 69 wrr queue disable queues 40 70 wrr queue egress rate ...

Page 869: ...yntax class name Mode Policy Map Mode Example The following example shows creating a policy map and defining the traffic classification Related Commands class map policy map class map Use this command to create a class map Syntax class map name no class map name Mode Configure Mode Example This example creates a class map called cmap1 Parameter Description name name of the class map no delete the ...

Page 870: ...ounter platform enhanced mode Syntax clear mls qos interface ifname policer counters class map class_map Mode Privileged Exec Mode Example To reset the policy counters to zero for all class maps Related Commands platform enhancedmode show mls qos interface policer counters Parameter Description clear Reset functions mls Multi Layer Switch L2 L3 qos Quality of Service interface Select an interface ...

Page 871: ...t meet the criteria specified by the applied matching commands Use the no default action command to reset to the default action of permit Syntax default action permit deny send to cpu copy to cpu copy to mirror no default action Mode Policy Map Mode Example To set the action for the default class map to deny Parameter Description no negate a command or set its defaults default action specify or re...

Page 872: ...an be up to 80 characters long Use the no description command to remove the current description from the policy map Syntax description line no description Mode Policy Map Mode Example To add the description VOIP traffic Parameter Description no Negate a command or set its defaults description Specify or remove policy map description line Up to 80 character long line description awplus config pmap ...

Page 873: ...mega bits Use the no egress rate limit command to disable the limiting of traffic egressing on the interface Syntax egress rate limit bandwidth no egress rate limit Mode Interface Mode Examples To enable egress rate limiting on a port enter the commands Parameter Description egress rate limit Limits the amount of traffic egressing the interface bandwidth Bandwidth 1 10000000 kbits per second usabl...

Page 874: ...p access group command to remove a specified access list from a given interface Syntax ip access group 3000 3699 no ip access group 3000 3699 Mode Interface Mode Example To add access list 3005 to interface port1 0 1 To remove access list 3005 from interface port1 0 1 Related Commands show interface access group Parameter Description ip IP Information access group Access Control List 3000 3699 Har...

Page 875: ... criterion for a class map Syntax match access group acl number Mode Class Map Mode Example The following example configures a class map named cmap1 with 1 match criterion access list 103 which allows traffic from any source to any destination Related Commands class map Parameter Description mac MAC Information access group Access Control List 4000 4699 Hardware MAC access list no Negate a command...

Page 876: ...s map to match on Syntax match inner cos 0 7 no match inner cos 0 7 Mode Class Map Mode Example To set the class map s inner cos to 4 Parameter Description match Specifies that this is a match command cos 0 7 Specifies the CoS value no Negate a command or set its defaults awplus config terminal awplus class map awplus config cmap match cos 4 Parameter Description match Define the match criteria in...

Page 877: ...se the match ip dscp command to define the match criterion after creating a class map Example To configure a class map named cmap1 with criterion that matches IP DSCP 56 Related Commands class map Parameter Description match Define the match criteria inner tpid Specify Inner Tag Protocol Identifier tpid Two byte hexadecimal number representing the TPID no Negate a command or set its defaults awplu...

Page 878: ... precedence values from a class map Syntax match ip precedence 0 7 no match ip precedence Mode Class Map Mode Example To configure a class map named cmap1 to evaluate all IPv4 packets for a precedence value of 5 Parameter Description match Define the match criteria ip precedence The precedence value set in the IPv4 header 0 7 The precedence value to be matched no Negate a command or set its defaul...

Page 879: ... mac type l2bcast l2mcast l2ucast no match mac type l2bcast l2mcast l2ucast Mode Class Map Mode Examples To set the class map s MAC type to layer 2 broadcast Parameter Description match Define the match criteria mac type Specify MAC type l2bcast Layer 2 Broadcast l2mcast Layer 2 Multicast l2ucast Layer 2 Unicast no Negate a command or set its defaults awplus config terminal awplus class map awplus...

Page 880: ...e parameter name ethii untagged EthII Untagged Packets enter the parameter name netwareraw tagged Netware Raw Tagged Packets enter the parameter name netwareraw untagged Netware Raw Untagged Packets enter the parameter name snap tagged SNAP Tagged Packets enter the parameter name snap untagged SNAP Untagged Packets enter the parameter name protocol Specifies that a layer three network protocol typ...

Page 881: ...umber dec lanbridge Protocol Number 8038 enter the parameter name or its number dec encryption Protocol Number 803D enter the parameter name or its number appletalk Protocol Number 809B enter the parameter name or its number ibm sna Protocol Number 80D5 enter the parameter name or its number appletalk aarp Protocol Number 80F3 enter the parameter name or its number ipx ethii Protocol Number 8137 e...

Page 882: ...ass Map Mode Examples To set the class map s tcp flags to ack and syn To remove the tcp flags ack rst awplus config terminal awplus config class map awplus config cmap match eth format ethii tagged protocol 0800 or awplus config cmap match eth format ethii tagged protocol ip Parameter Description match Define the match criteria tcp flags Specify TCP flags ack Acknowledge fin Finish rst Reset syn S...

Page 883: ...ommand to disable the VLAN ID used as match criteria Syntax match vlan 1 4094 no match vlan 1 4094 Mode Class Map Mode Examples To configure a class map named cmap1 to include traffic from VLAN 3 Parameter Description match Define the match criteria tpid Specify the Tag Protocol Identifier tpid Two byte hexadecimal number that identifies the TPID awplus configure terminal awplus config class map c...

Page 884: ... Use the no variant of this command to globally disable QoS and remove all QoS configuration Syntax mls qos enable no mls qos 1 Running the no mls qos command will therefore remove all pre existing QoS configurations on the switch Parameter Description mls Multi Layer Switch L2 L3 qos Quality of Service enable enables QoS no Removes all QoS configuration It removes all class maps policy maps polic...

Page 885: ...have accumulative application to the same policer Another application of aggregate policers is to attach them to a single class map but apply the class maps to multiple ports via it s policy map This enables the same traffic to have accumulative policed application over multiple ports Parameter Description aggregate police Specify a policer for the classified traffic name Specify aggregate policer...

Page 886: ...low if the rate is between the CBS and the EBS Traffic is classed as red if the rate exceeds the average rate and the EBS Using an exceed action of drop will result in all packets classed as red being discarded When using an exceed action of policed dscp transmit the packet will be remarked with the values configured in the policed dscp map The index into this map is determined by the DSCP in the ...

Page 887: ... waiting in the higher numbered queues Weighted Round Robin Sequencing In this mode the weighting that you assign to each queue will determine how often it is serviced with respect to the other WRR queues For example if queue 0 is configured with a weight of 5 and queue 1 is configured with a weight of 1 then queue 0 will be serviced 5 times more than queue 1 Setting all weights to the same value ...

Page 888: ...ler for input queues 0 and 1 to WRR and both have a weight of 5 use the command To reset the scheduling algorithm for input queues 0 and 1 use the command Related Commands mls qos map input queue show mls qos input queue show mls qos maps input queue awplus config terminal awplus config mls qos input queue 0 1 wrr weight 5 awplus config terminal awplus config no mls qos input queue 0 1 ...

Page 889: ... 2 0 1 3 4 5 6 7 Syntax mls qos map cos queue 0 7 to 0 7 no mls qos map cos queue Mode Configure Mode Example To set the cos queue map back to its defaults use the command To map CoS 2 to queue 3 Related Commands mls qos map input queue show mls qos input queue show mls qos maps input queue mls qos queue set averaging factor mls qos queue set description mls qos queue set drop probability mls qos ...

Page 890: ...ates in the above example Parameter Description no Negate a command or set its defaults mls Multi Layer Switch L2 L3 qos Quality of Service map Specify maps input queue Modify the egress queue to input queue map q0 Egress queue 0 Select a value 0 to 3 to map this egress queue to one of the four input fabric queues q0 q4 q1 Egress queue 1 Select a value 0 to 3 to map this egress queue to one of the...

Page 891: ...C613 50003 00 REV E 40 25 Figure 40 1 Egress Queue to Fabric Queue mapping To reset the input queue map use the command Related Commands mls qos input queue show mls qos input queue show mls qos maps input queue awplus config terminal awplus config no mls qos map input queue qos queues Fabric Queue 0 1 2 3 5 6 7 Egress Queue 1 2 3 4 0 ...

Page 892: ...ap mark dscp 0 63 to new dscp 0 63 new cos 0 7 new queue 0 7 new bandwidth class green yellow red no mls qos map mark dscp 0 63 Mode Configure Mode Examples To set the entry for DSCP 1 to use a new DSCP of 2 a new CoS of 3 a new queue of 4 and a new bandwidth class of yellow use the command To reset the entry for DSCP 1 use the command Related Commands mls qos map policed dscp to set dscp show mls...

Page 893: ...eue 0 7 new bandwidth class green yellow red no mls qos map policed dscp new dscp bandwidth class green yellow red Parameter Description map Specify maps policed dscp Modify the policed DSCP map existing dscp The value of the DSCP when it leaves the policer meter 0 63 bandwidth class Bandwidth Class green Mark the packet as green yellow Mark the packet as yellow red Mark the packet as red to Chang...

Page 894: ...mark the policed green traffic to a new DSCP of 2 a new CoS of 3 and new queue of 4 and a new bandwidth class of yellow use the command Related Commands mls qos map mark dscp to police single rate exceed action police twin rate exceed action show mls qos maps policed dscp awplus config terminal awplus config mls qos map policed dscp 2 bandwidth class green to new dscp 5 new cos 3 new queue 4 new b...

Page 895: ...ult queue on the interface Syntax mls qos queue 0 7 no mls qos queue Mode Interface Mode Example To set the default egress queue to 7 To turn off the default mls queue usage on port 1 0 1 use the command Related Commands show mls qos interface Parameter Description no Negate a command or set its defaults mls Multi Layer Switch L2 L3 qos Quality of Service queue The queue to become the default egre...

Page 896: ...for all queues This parameter is only valid when a port is using this queue set in random detect mode Syntax mls qos queue set 1 4 queues 0 1 2 3 4 5 6 7 averaging factor 0 15 Mode Configure Mode Examples To set the averaging factor for queues 1 3 in queue set 1 to be 4 use the command Related Commands mls qos queue set mls qos queue set description mls qos queue set drop probability mls qos queue...

Page 897: ...obability for queues 1 3 in queue set 2 to be 50 use the command The drop probability parameter specifies the maximum drop probability for packets when using the random detect RED drop mode This is the probability that a packet will be dropped when the computed average queue length reaches the Max threshold value setting for a specific traffic class within a specific queue The drop probability is ...

Page 898: ...iedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 Related Commands mls qos queue set mls qos queue set averaging factor mls qos queue set description mls qos queue set threshold show mls qos interface show mls qos queue set ...

Page 899: ... threshold 1 16000000 1 16000000 1 16000000 1 16000000 1 16000000 1 16000000 Mode Configure Mode Examples Random Early Discard RED Example To set the thresholds for queues 1 3 in queue set 1 to a minimum or 1KB and a maximum of 2 KB use the command Tail Drop Example To set the thresholds for queue 2 in queue set 1 to 1KB use the command Parameter Description queue set queue set 1 4 queue set ID qu...

Page 900: ...Ware PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 Related Commands mls qos queue set mls qos queue set averaging factor mls qos queue set description mls qos queue set drop probability show mls qos interface show mls qos queue set ...

Page 901: ...lobal flow synchronization The down side of this is that more packets are dropped By default all ports are assigned to a queue set created for each class of port 100 M 1G or 10 G All ports are also set to operate in taildrop mode Use the no mls qos queue set command to reset a queue set back to it s default values If one or more queues are specified then only those queue s will be reset Otherwise ...

Page 902: ...his is a textual string that can be up to 80 characters long Syntax mls qos queue set 1 4 description line Mode Configure Mode Example To set the description for queue set 1 to be Customized 1G defaults use the command Related Commands mls qos queue set averaging factor mls qos queue set drop probability mls qos queue set threshold show mls qos interface awplus config terminal awplus config no mls...

Page 903: ...This command disables any policer previously configured on the class map Example To disable policing on a class map use the command Related Commands mls qos map policed dscp to police single rate exceed action police twin rate exceed action show mls qos maps policed dscp Parameter Description no Negate a command or set its defaults police Disable policing of traffic awplus config awplus config pol...

Page 904: ...g the police single or twin rate exceed action command Example To apply aggregate policer ap1 to a class map use the command To remove a previously created aggregate policer from the class map use the command Related Commands mls qos aggregate police exceed action mls qos map mark dscp to mls qos map policed dscp to show mls qos aggregate policer show mls qos maps policed dscp Parameter Descriptio...

Page 905: ...The index into this map is determined by the DSCP in the packet If a DSCP index is to be forced regardless of the packet DSCP the set dscp command can be used to achieve this If no DSCP is present in the packet an index of 0 will be used When using an exceed action of policed dscp transmit Example To configure a single rate meter measuring traffic of 10 Mbps that drops any traffic bursting over 10...

Page 906: ...All rights reserved 40 40 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 Related Commands mls qos map policed dscp to no police police twin rate exceed action show mls qos maps policed dscp ...

Page 907: ...used When using an exceed action of policed dscp transmit the packet will be remarked with the values configured in the policed dscp map The index into this map is determined by the DSCP in the packet If a DSCP index is to be forced regardless of the packet DSCP the set dscp command can be used to achieve this If no DSCP is present in the packet an index of 0 will be used Parameter Description pol...

Page 908: ...policed dscp to no police police twin rate exceed action show mls qos maps policed dscp policy map Use this command to create a policy map Syntax policy map name no policy map name Mode Configure Mode Example To create a policy map called pmap1 use the commands Related Commands class map awplus config awplus config policy map name awplus config pmap class classname awplus config pmap c police twin...

Page 909: ...s command to remove a policy map and interface association Syntax service policy input policy map no service policy input policy map Mode Interface Mode Usage This command can be applied to switch ports or static channel groups but not to dynamic LACP channel groups Example To apply a policy map named pmap1 to interface port1 1 2 Related Commands show mls qos maps policed dscp Parameter Descriptio...

Page 910: ...te that the class map and p maps should already have been created by using the class map command on page 40 3 and the policy map command on page 40 42 To turn off the setting of a packets in the green bandwidth class for the policy pmap1 and the class cmap1 use the command Related Commands class map set cos set dscp set queue trust dscp Parameter Description set Setting a new value in the packet b...

Page 911: ... for all traffic classified by the selected class map and policy map use the command To turn off the above setting use the command Related Commands set bandwidth class set dscp set queue set dscp Parameter Description set Setting a new value in the packet cos CoS 0 7 The new CoS value to be assigned no Negate a command or set its defaults awplus configure terminal awplus config policy map pmap1 aw...

Page 912: ...hat assigned to the class map and policy map will be the value that is used by the lookup process in the mark dscp mapping The result of the lookup with then be assigned to the traffic Syntax set dscp 0 63 no set dscp Mode Policy Map Class Mode Example To set a DSCP value of 35 to all traffic classified by a class map of cmap and a policy map of pmap1 use the command Related Commands set bandwidth...

Page 913: ...chanisms such as remarking This command is not valid if the trust dscp command on page 40 69 is set Syntax set queue 0 7 Mode Policy Map Class Mode Example To set the queue to value 7 for all traffic classified as cmap1 and pmap1 use the command Related Commands set bandwidth class set cos set dscp trust dscp Parameter Description set Setting a new value in the packet queue Queue 0 7 Specify a new...

Page 914: ... awplus show interface port1 0 1 port1 0 12 access group Output Figure 40 2 Example output from the show interface access group command Related Commands ip access group mac access group Parameter Description port list The ports to display information about A port list can be a switch port e g port1 2 12 a static channel group e g sa3 or a dynamic LACP channel group e g po3 a continuous range of po...

Page 915: ...ation about the stack use the command Output AGGREGATE POLICER NAME ap1 Policer single rate exceed action drop average rate 1 kbps minimum burst 2 B maximum burst 3 B AGGREGATE POLICER NAME ap2 Policer twin rate exceed action policed dscp tx minimum rate 1 kbps maximum rate 2 kbps minimum burst 3 B maximum burst 4 B Related Commands mls qos aggregate police exceed action police aggregate Parameter...

Page 916: ... Privileged Exec Mode Example To display the scheduling algorithms for the input queues use the command Output Input Queue 0 Scheduler WRR Weight 5 Input Queue 1 Scheduler WRR Weight 1 Input Queue 2 Scheduler Priority Input Queue 3 Scheduler Priority Related Commands mls qos input queue show mls qos maps input queue Parameter Description show Show running system information mls Multi Layer Switch ...

Page 917: ... command Default CoS 7 Default Queue 7 Number of egress queues 8 Queue Set 1 Egress Queue 0 Status Enabled Scheduler Strict Priority Queue Limit 12 Egress Rate Limit 0 Kb Egress Queue 1 Status Enabled Scheduler Strict Priority Queue Limit 12 Egress Rate Limit 0 Kb Egress Queue 2 Status Enabled Scheduler Strict Priority Queue Limit 12 Egress Rate Limit 0 Kb Egress Queue 3 Status Enabled Scheduler W...

Page 918: ...eaning Default CoS The default CoS priority that will be applied to all packets arriving on this interface Default Queue The default queue that will be applied to all packets arriving on this interface Number of egress queues The total number of egress queues available on this interface Queue Set Drop queue set that has been applied to the port This could either be operating in threshold or random...

Page 919: ...the QoS counter platform enhancemode before running this command Syntax show mls qos interface ifname policer counters class map class_map Mode Exec and Privileged Exec Mode Example To show the counters for all class maps attached to port1 0 1 enter the command Default CoS 7 Default Queue 7 Number of egress queues 8 Queue Set 1 Egress Queue 0 Status Enabled Scheduler Strict Priority Queue Limit 12...

Page 920: ...Wrr Group 1 Weight 10 Queue Limit 12 Egress Rate Limit 0 Kb Egress Queue 5 Status Enabled Scheduler Strict Priority Queue Limit 12 Egress Rate Limit 0 Kb Egress Queue 6 Status Enabled Scheduler Strict Priority Queue Limit 12 Egress Rate Limit 0 Kb Egress Queue 7 Status Enabled Scheduler Strict Priority Queue Limit 12 Egress Rate Limit 0 Kb Related Commands mls qos queue wrr queue group weight queu...

Page 921: ...eged Exec Mode Example To show the counters for all queues on port1 0 1 enter the command Output Interface port1 0 1 Queue Counters Port queue length 0 maximum 896 Egress Queue length Queue 0 0 maximum 112 Queue 1 0 maximum 112 Queue 2 0 maximum 112 Queue 3 0 maximum 112 Queue 4 0 maximum 112 Queue 5 0 maximum 112 Queue 6 0 maximum 112 Queue 7 0 maximum 112 Related Commands wrr queue queue limit P...

Page 922: ...the QSP status on port1 0 1 use command Output Interface port1 0 1 Storm Protection Enabled Port status Enabled Storm Action vlandisable Storm Window 5000 ms Storm Downtime 0 s Timeout Remaining 0 s Last read data rate 0 kbps Storm Rate 1000 kbps Related Commands storm action storm downtime storm protection storm rate storm window Parameter Description show Show running system information mls Mult...

Page 923: ...ode Exec and Privileged Exec Mode Example To display the current configuration of the cos queue map use the command Output COS TO QUEUE MAP COS 0 1 2 3 4 5 6 7 QUEUE 0 7 1 3 4 5 6 7 Related Commands mls qos map cos queue to Parameter Description show Show running system information mls Multi Layer Switch L2 L3 qos Quality of Service maps Select QoS map cos queue Queue to CoS priority map awplus sh...

Page 924: ...xec Mode Example To display the input queue map use the command Output Egress Queue Input Queue 0 0 1 0 2 1 3 1 4 2 5 2 6 3 7 3 Related Commands mls qos input queue mls qos map input queue show mls qos input queue Parameter Description show Show running system information mls Multi Layer Switch L2 L3 qos Quality of Service maps Select QoS map input queue Egress queue to input queue map awplus show...

Page 925: ...r that class map the set value is used for the lookup of the mark dscp map Otherwise the DSCP value in the packet is used for the lookup Syntax show mls qos maps mark dscp 0 63 Mode Exec and Privileged Exec Mode Example To display the mark dscp map for DSCP 1 enter the command Output MARK DSCP MAP DSCP 1 Bandwidth Class Green Yellow Red New DSCP 1 New CoS 0 New Queue 0 New Bandwidth Class green Re...

Page 926: ...vileged Exec Mode Example To display the policed dscp map for DSCP 1 enter the command Output POLICED DSCP MAP DSCP 1 Bandwidth Class Green Yellow Red New DSCP 1 1 1 New CoS 0 0 0 New Queue 0 0 0 New Bandwidth Class green yellow red Related Commands mls qos map mark dscp to no police police single rate exceed action police twin rate exceed action Parameter Description show Show running system info...

Page 927: ...tion 1G Defaults BandwidthClass Min Max Drop Probability Queue 0 Green 100 KB 125 KB 1 50 Yellow 100 KB 125 KB 1 50 Red 100 KB 125 KB 1 50 Queue 1 Green 100 KB 125 KB 1 50 Yellow 100 KB 125 KB 1 50 Red 100 KB 125 KB 1 50 Queue 2 Green 100 KB 125 KB 1 50 Yellow 100 KB 125 KB 1 50 Red 100 KB 125 KB 1 50 Queue 3 Green 100 KB 125 KB 1 50 Yellow 100 KB 125 KB 1 50 Red 100 KB 125 KB 1 50 Queue 4 Green 1...

Page 928: ...t Parameter Meaning Queue Set queue set number Description Textual description for this queue set Queue X Parameter set for egress queue X BandwidthClass Parameter set per bandwidth class per queue Min The amount of traffic required in the queue before packets start getting dropped Max The amount of traffic required in the queue before all packets are dropped Drop Probability The probability that ...

Page 929: ... configured on the switch The output also shows whether or not they are connected to a port attached detached and shows their associated class maps Syntax show policy map Mode Exec and Privileged Exec Mode Example To display a listing of the policy maps configured on the switch Output POLICY MAP NAME general traffic State attached Default class map action permit CLASS MAP NAME default CLASS MAP NA...

Page 930: ...atch vlan class map to be present in the class map Syntax storm action portdisable vlandisable linkdown no storm action Mode Priority Map Mode Example To apply the storm protection of vlandisable to the policy map named pmap2 and the class map named cmap1 use commands Related Commands storm downtime storm protection storm rate storm window Parameter Description storm action Action to take at the s...

Page 931: ...imum of one second to maximum of 86400 seconds i e one day Syntax storm downtime 1 86400 no storm downtime Default 10 seconds Mode Priority Map Mode Example To re enable the port in 1 minute use command Related Commands storm action storm protection storm rate storm window Parameter Description storm downtime time before resetting the storm action 1 86400 seconds no Resets the default value awplus...

Page 932: ...Syntax storm protection no storm protection Mode Priority Map Mode Example To enable QSP on cmap2 in pmap2 use the commands Related Commands storm action storm downtime storm rate storm window storm downtime storm protection storm rate storm window Parameter Description storm protection Policy based storm protection no Negate a command or set its defaults awplus policy map pmap2 awplus config pmap...

Page 933: ...Syntax storm rate 1 10000000 no storm rate Default No default Mode Priority Map Mode Usage Note that this setting is made in conjunction with the storm window command on page 40 68 Example To the limit to 1Mbps use the commands Related Commands storm action storm downtime storm protection storm window Parameter Description storm rate Data limit in Kbps to trigger the storm action 1 10000000 The ra...

Page 934: ...ndow 100 60000 Default No default Mode Priority Map Mode Usage This command should be set in conjunction with the storm rate command on page 40 67 Example To display basic information about the stack use the command Related Commands storm action storm downtime storm protection storm rate Parameter Description storm window Time interval in milliseconds to check for the storm 100 60000 window size m...

Page 935: ... specified for the class map the set value is used for the lookup of the mark dscp map Otherwise the DSCP value in the packet is used for the lookup Note that the set bandwidth class set cos and set queue are not valid with trust dscp Example To enable mark dscp map lookup use the command Related Commands mls qos map mark dscp to set bandwidth class set cos set dscp set queue Parameter Description...

Page 936: ... 1 2 3 4 5 6 7 Mode Interface Mode Example To enable queues 1 3 to transmit traffic use the commands To disable queues 1 3 from transmitting traffic use the commands Related Commands show mls qos interface Parameter Description wrr queue WRR queue disable Disable queues from transmitting traffic queues List queue s to disable 1 2 7 Selects one or more queues numbered 0 to 7 no Negate a command or ...

Page 937: ... 7 no wrr queue egress rate limit bandwidth queues 0 1 2 3 4 5 6 7 Mode Interface Mode Example To set enable egress rate limiting on queues 1 3 enter the commands Related Commands show mls qos interface Parameter Description wrr queue WRR queue egress rate limit Limit the amount of traffic egressing the queue bandwidth Bandwidth 1 10000000 kbits usable units k m g queues List queue s to configure ...

Page 938: ... sent The weights are specified as ratio s relative to each other Note that ports within a round robin group must be contiguous Syntax wrr queue group 1 2 weight 6 255 queues 0 1 2 3 4 5 6 7 Mode Config Example To configure wrr queue group 1 weight 6 queues 0 1 2 use the following commands Related Commands priority queue show mls qos interface Parameter Description wrr queue Wrr queue group Config...

Page 939: ... 1 100 1 100 1 100 1 100 1 100 1 100 Mode Interface Mode Example To configure a wrr queue queue limit on port 1 0 1 to 12 for each queue use the following commands Related Commands show mls qos interface Parameter Description wrr queue WRR queue queue limit Configure egress queue size ratios should be 100 totally 1 100 Queue ratio for Queue 0 a value between 1 and 100 1 100 Queue ratio for Queue 1...

Page 940: ...QoS Commands 2008 Allied Telesis Inc All rights reserved 40 74 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 941: ...g System Software Reference C613 50003 00 REV E 41 1 2008 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 41 1 41 802 1x Configuration Introduction 41 2 The 802 1x Implementation 41 2 Configuring 802 1x 41 2 ...

Page 942: ...ntrolled port Authentication is required on a per port basis The main components of an 802 1x implementation are the authenticator the port on this device that wishes to enforce authentication before allowing access to services that are accessible behind it the supplicant the port that wishes to access services offered by the authenticator s system The supplicant may be a port on a PC or other dev...

Page 943: ... port port1 0 1 awplus config if dot1x port control direction both Block traffic in both directions other than authentication packets until authentication is complete awplus config if exit Exit the Interface mode and enter the Configure mode awplus config interface port1 0 2 Specify the interface port1 0 2 you are configuring and enter the Interface mode awplus config if dot1x port control auto En...

Page 944: ...802 1x Configuration 2008 Allied Telesis Inc All rights reserved 41 4 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 945: ...req 42 3 dot1x port control 42 4 dot1x quiet period 42 5 dot1x reauthentication 42 5 dot1x reauthMax 42 6 dot1x system auth ctrl 42 6 dot1x timeout re authperiod 42 7 dot1x timeout server timeout 42 7 dot1x timeout supp timeout 42 8 dot1x timeout tx period 42 8 radius server deadtime 42 9 radius server host 42 10 radius server key 42 11 radius server retransmit 42 11 radius server timeout 42 12 sh...

Page 946: ...oups Examples To unauthorize switch port 1 0 1 and attempt reauthentication on switch port 1 0 1 enter awplus dot1x initialize interface port1 0 1 To unauthorize all switch ports for a 24 switch port device and attempt reauthentication enter awplus dot1x initialize interface port1 0 1 port1 0 24 dot1x keytransmit Use this command to enable key transmission over an Extensible Authentication Protoco...

Page 947: ...The maximum number of reauthentication attempts after failure is set to 2 attempts by default Examples awplus configure terminal awplus config interface port1 0 1 awplus config if dot1x max req 4 awplus configure terminal awplus config interface port1 0 1 awplus config if dot1x keytransmit awplus configure terminal awplus config interface port1 0 1 awplus config if no dot1x keytransmit Parameter D...

Page 948: ...age Note that all dot1x commands can only be applied to switch ports They cannot be applied to dynamic LACP or static channel groups Examples awplus configure terminal awplus config interface port1 0 1 awplus config if dot1x port control auto Parameter Description force authorized Specify to force a port to always be in an authorized state force unauthorized Specify to force a port to always be in...

Page 949: ...then tries again By administratively changing the quiet period interval by entering a lower number than the default a faster response time can be provided Syntax dot1x quiet period 1 65535 no dot1x quiet period Mode Interface mode Examples awplus configure terminal awplus config interface port1 0 1 awplus config if dot1x quiet period 200 dot1x reauthentication Use this command to enable reauthenti...

Page 950: ...wplus config interface port1 0 1 awplus config if dot1x reauthMax 5 The following sets the reauthentication maximum to the default value awplus configure terminal awplus config interface port1 0 1 awplus config if no dot1x reauthMax dot1x system auth ctrl Use this command to globally enable 802 1x port authentication on the device You must use this command before any other 802 1x authentication co...

Page 951: ...port1 0 1 awplus config if dot1x timeout re authperiod 25 dot1x timeout server timeout Use this command to set the RADIUS server response timeout Syntax dot1x timeout server timeout seconds Mode Interface mode Default The default RADIUS server response timeout is 30 seconds Examples awplus configure terminal awplus config interface port1 0 1 awplus config if dot1x timeout re authperiod 40 Paramete...

Page 952: ...f dot1x timeout supp timeout 40 dot1x timeout tx period Use this command to set the interval between successive attempts to request an ID Syntax dot1x timeout tx period seconds Mode Interface mode Default The default period between successive request ID attempts is 30 seconds Examples awplus configure terminal awplus config interface port1 0 1 awplus config if dot1x timeout tx period 34 Parameter ...

Page 953: ...f 0 Syntax radius server deadtime 1 1440 no radius server deadtime Default Deadtime is set to 0 Mode Configure mode Usage To improve RADIUS response times when some servers might be unavailable use the RADIUS server deadtime command in global configuration mode to cause the unavailable servers to be skipped immediately Examples awplus configure terminal awplus config radius server deadtime 10 awpl...

Page 954: ...ort 1812 timeout 5 retransmit 3 key authd awplus config no radius server host 10 10 10 40 Parameter Description hostname DNS name of the RADIUS server host A B C D IP address of the RADIUS server host udp auth port Optional Specifies the UDP destination port for authentication requests the host is not used for authentication if set to 0 Typical UPD ports for authentication are 1812 or 1645 timeout...

Page 955: ...times the device transmits each RADIUS request to the server before giving up Use the no form of this command to disable retransmission Syntax radius server retransmit 1 100 no radius server retransmit Default The default value is 3 Mode Configure mode Examples awplus configure terminal awplus config radius server retransmit 12 awplus config no radius server retransmit Parameter Description key th...

Page 956: ...us server timeout Default 5 seconds Mode Configure mode Examples awplus configure terminal awplus config radius server timeout 20 show dot1x Use this command to display the state of the whole system Syntax show dot1x Mode User Exec and Privileged Exec mode Example awplus show dot1x show dot1x all Use this command to display detailed information for all the ports Syntax show dot1x all Mode User Exe...

Page 957: ...re Reference C613 50003 00 REV E 42 13 show dot1x diagnostics interface Use this command to display all diagnostics information of the authenticator associated with a port Syntax show dot1x diagnostics interface port Mode User Exec and Privileged Exec mode Parameter Description port Specify the switch port to display information about ...

Page 958: ...cates authentication should be started when set to true timeout indicates authentication attempt timed out when set to true success indicates authentication successful when set to true state Current 802 1x operational state of interface mode configured 802 1x mode reAuthCount Reauthentication count quietperiod time between reauthentication attempts reAuthMax Maximum reauthentication attempts BE Ba...

Page 959: ...sion Syntax show dot1x sessionstatistics interface port Mode User Exec and Privileged Exec mode show dot1x statistics interface Use this command to display the vital statistics of an interface Syntax show dot1x statistics interface port Mode User Exec and Privileged Exec mode Example awplus show dot1x statistics interface port1 02 Parameter Description port Specify the switch port to display infor...

Page 960: ...802 1x and RADIUS Commands 2008 Allied Telesis Inc All rights reserved 42 16 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 961: ... AlliedWare PlusTM OS 43 2 Configuring the SSH Server 43 3 Creating a Host Key 43 3 Enabling the Server 43 4 Modifying the Server 43 4 Validating the Server Configuration 43 5 Adding SSH Users 43 5 Authenticating SSH Users 43 6 Adding a Login Banner 43 6 Monitoring the Server and Managing Sessions 43 7 Debugging the Server 43 7 Configuring the SSH Client 43 8 Modifying the Client 43 8 Adding SSH S...

Page 962: ...th a SSH client The AlliedWare PlusTM OS includes both a SSH server and a SSH client to enable you to securely with the benefit of cryptographic authentication and encryption manage your devices over an insecure network SSH replaces Telnet for remote terminal sessions SSH is strongly authenticated and encrypted Remote command execution allows you to send commands to a device securely and convenien...

Page 963: ...ell supports the following features for SSH version 2 only File loading from remote machines using SSH File Transfer Protocol SFTP a login banner on the SSH server that displays when SSHv2 clients connect to the server Configuring the SSH Server This section provides instructions on Creating a Host Key Enabling the Server Modifying the Server Validating the Server Configuration Adding SSH Users Au...

Page 964: ...ifying the Server To modify the SSH version that the server supports or the TCP port that the server listens to for incoming sessions use the command The server listens on port 22 for incoming sessions and supports both SSH version 2 and SSH version 1 by default To modify session and login timeouts on the SSH server and the number of unauthenticated connections the server allows use the command Th...

Page 965: ...at you have defined the user in the Authorized User Database of your device To add a new user use the command To register a user with the SSH server use the command Registered entries can contain just the username or the username with some host details such as an IP address range Additionally you can specify a range of users or hostname details by using an asterisk to match any string of character...

Page 966: ...ype the key in as text You can add multiple keys for the same user To display the list of public keys associated with a user use the command The 1 65535 parameter allows you to display an individual key To delete a key associated with a user from your device use the command Adding a Login Banner You can add a login banner to the SSH server for sessions with SSH version 2 clients The server display...

Page 967: ...your Allied Telesis device is running Use this command to view the unique identification number assigned to each incoming or outgoing SSH session You need the ID number when terminating a specific session from your device To terminate a session or all sessions use the command Debugging the Server Information which may be useful for troubleshooting the SSH server is available using the SSH debuggin...

Page 968: ... client to only use a specific SSH version for sessions for example SSH version 1 use the version parameter The client terminates sessions that are not established after 30 seconds by default You can change this time period by using the session timeout parameter Once the client has authenticated with a server the client does not time out the SSH session by default Use the session timeout parameter...

Page 969: ...t generate a pair of keys one private and one public and copy the public key onto the SSH server To generate an RSA or DSA set of private and public keys for an SSH user use the command You can generate one key of each encryption type per user on your client When authenticating with an SSH server that supports SSH version 1 only you must use a key generated by the rsa1 parameter To copy the public...

Page 970: ...example to use SFTP to load a file from the SSH server 192 168 1 2 onto the flash memory of your device use the command To upload files to the SSH server you must use SCP For example to upload the file bobskey pub as the user bob use the command For more information see Chapter 6 Creating and Managing Files Debugging the Client Information which may be useful for troubleshooting the SSH client is ...

Page 971: ...edWare PlusTM Operating System Software Reference C613 50003 00 REV E 44 1 2008 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 44 1 44 SSH Configuration Configuring the SSH Server 44 2 ...

Page 972: ...hell server for each type of SSH version Use the commands awplus config crypto key generate hostkey rsa awplus config crypto key generate hostkey rsa1 To verify the key creation use the command awplus show crypto key hostkey 3 Enable the Secure Shell server Enable Secure Shell on the device using the command awplus config service ssh Modify the SSH server settings as desired For example to set the...

Page 973: ...hentication and RSA or DSA private public key authentication When using password authentication the user must supply their User Authentication Database password To use private public key authentication copy the public keys for each user onto the device To copy the files onto flash from the key directory of an attached TFTP server use the command awplus copy tftp key john pub flash john pub awplus ...

Page 974: ...SSH Configuration 2008 Allied Telesis Inc All rights reserved 44 4 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 975: ...5 crypto key generate userkey 45 6 crypto key pubkey chain knownhosts 45 7 crypto key pubkey chain userkey 45 8 debug ssh client 45 9 debug ssh server 45 10 service ssh 45 11 show banner login 45 11 show crypto key hostkey 45 12 show crypto key pubkey chain knownhosts 45 13 show crypto key pubkey chain userkey 45 14 show crypto key userkey 45 15 show running config ssh 45 16 show ssh 45 17 show ss...

Page 976: ... banner login and hit Enter Write your message You can use any character and spaces Use Ctrl D at the end of your message to save the text and re enter the normal command line mode The banner message is preserved if the device restarts The no form deletes the login banner from the device By default no banner is defined Syntax banner login no banner login Mode Configure mode Examples To set a login...

Page 977: ...deletes the existing public and private keys of the SSH server Note that for the server to operate it needs at least one set of hostkeys configured Syntax crypto key destroy hostkey dsa rsa rsa1 Mode Configure mode Example To destroy the RSA host key used for SSH version 2 connections use the command awplus config crypto key destroy hostkey rsa Related Commands crypto key generate hostkey service ...

Page 978: ...SSH user asuka use the command awplus config crypto key destroy userkey asuka rsa Related Commands crypto key generate hostkey show ssh show crypto key hostkey Parameters Description username Name of the user whose userkey you are destroying The username must begin with a letter Valid characters are all numbers letters and the underscore hyphen and full stop symbols dsa or rsa or rsa1 The algorith...

Page 979: ...e memory Syntax crypto key generate hostkey dsa rsa rsa1 768 32768 Mode Configure mode Examples To generate an RSA host key for SSH version 2 connections that is 2048 bits in length use the command awplus config crypto key generate hostkey rsa 2048 To generate DSA host key use the command awplus config crypto key generate dsa Related Commands crypto key destroy hostkey show crypto key hostkey Para...

Page 980: ...ctions for the user bob use the command awplus config crypto key generate userkey bob rsa 2048 To generate a DSA user key for the user lapo use the command awplus config crypto key generate userkey lapo dsa Related Commands crypto key destroy userkey show crypto key userkey Parameters Description username Name of the user that the user key is generated for The username must begin with a letter Val...

Page 981: ...tabase on your device Syntax crypto key pubkey chain knownhosts hostname dsa rsa rsa1 no crypto key pubkey chain knownhosts 1 65535 Mode Configure mode Examples To add the RSA host key of the remote SSH host 172 16 23 1 to the known host database use the command awplus config crypto key pubkey chain knownhosts 172 16 23 1 To delete the second entry in the known host database use the command awplus...

Page 982: ...ic key authentication Syntax crypto key pubkey chain userkey username filename no crypto key pubkey chain userkey username 1 65535 Mode Configure mode Examples To add a public key for the user graydon from the file key pub use the command awplus config crypto key pubkey chain userkey graydon key pub To add a public key for the user tamara from the terminal use the command awplus config crypto key ...

Page 983: ...is disabled by default Syntax debug ssh client brief full no debug ssh client Mode Configure mode and Privileged Exec mode Examples To start SSH client debugging use the command awplus debug ssh client To start SSH client debugging with extended output use the command awplus debug ssh client full To disable SSH client debugging use the command awplus no debug ssh client Related Commands debug ssh ...

Page 984: ...messages SSH server debugging is disabled by default Syntax debug ssh server brief full no debug ssh server Mode Configure mode and Privileged Exec mode Examples To start SSH server debugging use the command awplus debug ssh server To start SSH server debugging with extended output use the command awplus debug ssh server full To disable SSH server debugging use the command awplus no debug ssh serv...

Page 985: ...not affect existing SSH sessions To terminate existing sessions use the clear ssh command The Secure Shell server is disabled by default Syntax service ssh no service ssh Mode Configure mode Examples To enable the Secure Shell server use the command awplus config service ssh To disable the Secure Shell server use the command awplus config no service ssh Related Commands crypto key generate hostkey...

Page 986: ...ys generated on the device for SSH server use the command awplus show crypto key hostkey To display the RSA public key of the SSH server use the command awplus show crypto key hostkey rsa Related Commands crypto key destroy hostkey crypto key generate hostkey Parameter Description dsa or rsa or rsa1 The public key you wish to display identified by its algorithm Default displays all keys dsa Displa...

Page 987: ...how crypto key pubkey chain knownhosts To display the key data of the first entry in the known host data use the command awplus show crypto key pubkey chain knownhosts 1 Related Commands crypto key pubkey chain knownhosts Parameter Description 1 65535 Key identifier for a specific key Displays the public key of the entry if specified Default displays all keys No Hostname Type Fingerprint 1 172 16 ...

Page 988: ...utput of the show crypto key userkey command To display the public keys for the user manager that are registered with the SSH server use the command awplus show crypto key pubkey chain userkey manager Related Commands crypto key pubkey chain userkey Parameter Description username User name of the remote SSH user whose keys you wish to display The username must begin with a letter Valid characters ...

Page 989: ...mmand awplus show crypto key userkey manager rsa manager rsa pub Related Commands crypto key generate userkey Parameter Description username User name of the local SSH user whose keys you wish to display The username must begin with a letter Valid characters are all numbers letters and the underscore hyphen and full stop symbols dsa or rsa or rsa1 The public key you wish to display identified by i...

Page 990: ...users manager 192 168 1 ssh server allow users john ssh server deny user john a company com ssh server Parameter Meaning ssh server SSH server is enabled ssh server v2 SSH server is enabled and only support SSHv2 ssh server port SSH server is enabled and listening on the specified TCP port no ssh server scp SCP service is disabled no ssh server sftp SFTP service is disabled ssh server session time...

Page 991: ...Meaning ID Unique identifier for each SSH session Type Session type either SSH SCP or SFTP Mode Whether the device is acting as an SSH client client or SSH server server for the specified session Peer Host The hostname or IP address of the remote server or client Username Login user name of the server State The current state of the SSH session One of connecting The device is looking for a remote s...

Page 992: ...d Example To display the current configuration for SSH clients on the login shell use the command awplus show ssh client Related Commands show ssh server Secure Shell Client Configuration Port 22 Version 2 1 Connect Timeout 30 seconds Session Timeout 0 off Debug NONE Parameter Meaning Port SSH server TCP port where the SSH client connects to The default is port 22 Version SSH server version either...

Page 993: ... Services scp sftp User Authentication publickey password Idle Timeout 60 seconds Maximum Startups 10 Debug NONE Parameter Meaning SSH Server Whether the Secure Shell server is enabled or disabled Port TCP port where the Secure Shell server listens for connections The default is port 22 Version SSH server version either 1 2 or 2 1 Services List of the available Secure Shell service one or more of ...

Page 994: ...rameters in output of the show ssh server allow users command Example To display the user entries in the allow list of the SSH server use the command awplus config show ssh server allow users Related Commands ssh server allow users ssh server deny users Username Remote Hostname pattern awplus 192 168 john manager alliedtelesis com Parameter Meaning Username User name that is allowed to access the ...

Page 995: ...xec mode Output Figure 45 10 Example output from the show ssh server deny user command Parameters in output of the show ssh server deny user command Example To display the user entries in the deny list of the SSH server use the command awplus config show ssh server deny users Related Commands ssh server allow users ssh server deny users Username Remote Hostname pattern john b company com manager 1...

Page 996: ... SSH server at 192 168 1 1 that is listening TCP port 2000 use the command awplus ssh port 2000 192 168 1 1 To run cmd command on the remote SSH server at 192 168 1 1 use the command awplus ssh 192 168 1 1 cmd Parameter Description user Login user If user is specified the username is used for login to the remote SSH server when user authentication is required Otherwise the current user name is use...

Page 997: ...ion timeout connect timeout Mode Privileged Exec mode Parameter Description port The default TCP port of the remote SSH server If an SSH client specifies an explicit port of the server it overrides the default TCP port Default 22 1 65535 TCP port number version The SSH version used by the client for SSH sessions The SSH client supports both version 2 and version 1 Default version 2 Note SSH versio...

Page 998: ...he default TCP port for SSH clients to 2200 and the session timer to 10 minutes use the command awplus ssh client port 2200 session timeout 600 To configure the connect timeout of SSH client to 10 seconds use the command awplus ssh client connect timeout 10 To restore the connect timeout to its default use the command awplus no ssh client connect timeout Related Commands show ssh client ssh ...

Page 999: ...to 30 seconds use the command awplus config ssh server login timeout 30 Parameter Description v1v2 or v2only The SSH versions that the server supports Default v1v2 v1v2 Supports both SSHv2 and SSHv1client connections v2only Supports SSHv2 client connections only 1 65535 The TCP port number that the server listens to for incoming SSH sessions Default 22 session timeout The maximum time period the s...

Page 1000: ...mer of SSH server use the command awplus config no ssh server client alive interval To set max startups parameters of SSH server to the default configuration use the command awplus config no ssh server max startups To support the Secure Shell server with TCP port 2200 use the command awplus config ssh server 2200 To force the Secure Shell server to support SSHv2 only use the command awplus config ...

Page 1001: ...no ssh server allow users username_pattern hostname_pattern Mode Configure mode Example To allow the user john to create an SSH session from any host use the command awplus config ssh server allow users john To allow the user john to create an SSH session from a range of IP address from 192 168 1 1 to 192 168 1 255 use the command awplus config ssh server allow users john 192 168 1 To allow the us...

Page 1002: ...To deny the user john to access SSH login from any host use the command awplus config ssh server deny users john To deny the user john to access SSH login from a range of IP address from 192 168 2 1 to 192 168 2 255 use the command awplus config ssh server deny users john 192 168 2 To deny the user john to access SSH login from b company com domain use the command awplus config ssh server deny use...

Page 1003: ...onfig ssh server scp To disable the SCP service use the command awplus config no ssh server scp Related Commands show running config ssh show ssh server ssh server sftp This command enables the Secure FTP SFTP service on the SSH server Once enabled the server accepts SFTP requests from remote clients You must enable the SSH server as well as this service before the device accepts SFTP connections ...

Page 1004: ...Secure Shell Commands 2008 Allied Telesis Inc All rights reserved 45 30 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 1005: ...High Availability Reference This part includes the following chapters Chapter 46 VRRP Introduction Chapter 47 VRRP Commands Chapter 48 EPSR Introduction Chapter 49 EPSR Commands ...

Page 1006: ......

Page 1007: ...08 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 46 1 46 VRRP Introduction Introduction 46 2 Virtual Router Redundancy Protocol 46 3 VRRP Configuration 46 4 VRRP Election and Pre empt 46 5 VRRP Authentication 46 6 VRRP Debugging 46 6 Configuration Examples 46 7 ...

Page 1008: ...uch as RIP or OSPF to determine the gateway switch to use as the next hop in order to reach a specific IP destination However there are a number of factors such as administrative or processing overhead that may make it undesirable to use a dynamic routing protocol One alternative is to use static routing however if the statically configured first hop switch fails the hosts on the LAN are unable to...

Page 1009: ...at the specified advertisement interval to inform backup switches that it is still acting as the master switch In accordance with the RFC standard a user does not receive a response to ping or Telnet packets sent to the VR address unless the switch owns this address Each of the other switches participating in the virtual router is considered to be a backup switch A switch can be part of several di...

Page 1010: ...ig router vrrp 1 Create a new VRRP session on the router and specify the virtual router ID VRID for the session awplus config router enable Enable the VRRP session on the switch awplus config router CNTL Z Return to the config prompt awplus config router vrrp 1 Specify an existing VRRP session awplus config router disable Disable the VRRP session on the switch awplus config router CNTL Z Return to...

Page 1011: ... again and if it is a preferred switch i e it owns the virtual router IP address then it resumes the role of master Use the following commands to set the priority and preempt mode when you create the virtual router To set the priority and preempt mode for VRRP 1 The advertisement interval determines the rate that the master sends its advertisement packets This rate must be the same value for all s...

Page 1012: ...tication string guest to VLAN2 In order to maintain consistent authentication level each switch in the virtual router must have at least the minimum allowable level of security that meets the network environment VRRP Debugging VRRP debugging displays data that is useful for troubleshooting To enable or disable debugging use the following commands To select and deselect VRRP debugging It is importa...

Page 1013: ...ole of master whenever it is available Switch_B is the backup and assumes the role of master backing up this IP address if A becomes unavailable No authentication is used for this simple virtual router 1 Configure Switch_A At this point we assume that you have already created VLAN 2 on Switch_A See Configuring VLANs on page 14 16 Configure IP awplus configure terminal Enter the privileged exec mod...

Page 1014: ...ble the VRRP session on the router Switch_A config router exit Exit the Interface mode and enter the Configure Mode Switch_A config CNTL Z Return to the config prompt awplus configure terminal Enter the privileged exec mode awplus config hostname Switch_B Assign a host name to Switch_B Switch_B config interface vlan2 Specify the physical interface that will participate in virtual routing Switch_B ...

Page 1015: ...ter At this point we assume that you have already created VLAN 2 on Switches A B and C See Configuring VLANs on page 14 16 1 Configure IP On switch_A add an IP interface to the virtual router On switch_B add a different IP interface to virtual router On switch_C add a third IP interface to the virtual router awplus configure terminal Enter the privileged exec mode awplus config hostname Switch_A A...

Page 1016: ... virtual routing Switch_A config preempt mode on Turn on preempt mode Switch_A config priority 254 Set the VRRP priority of 255 for the switch Switch_A config enable Enable VRRP on the switch Switch_A config interface vlan2 Specify the interface VLAN2 that will participate in virtual routing Switch_A config ip vrrp authentication mode text Apply text mode authentication to VLAN2 Switch_A config ip...

Page 1017: ...B config ip vrrp authentication string trip4e Specify the authentication string trip4e used by the key Switch_B config CNTL Z Return to the config prompt Switch_C configure terminal Enter the privileged exec mode Switch_C config router vrrp2 Create a new VRRP session on the router and specify the VRID for the session Switch_C config virtual ip 192 168 1 4 backup Set the virtual IP address for the ...

Page 1018: ...VRRP Introduction 2008 Allied Telesis Inc All rights reserved 46 12 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 1019: ...ction 47 2 Typical command sequences 47 2 VRRP Commands 47 3 advertisement interval 47 3 circuit failover 47 3 debug vrrp 47 4 debug vrrp events 47 4 debug vrrp packet 47 5 disable 47 5 enable 47 6 interface 47 6 ip vrrp authentication mode 47 7 ip vrrp authentication string 47 8 preempt mode 47 8 priority 47 9 router vrrp 47 9 show debugging vrrp 47 10 show running config router vrrp 47 10 show v...

Page 1020: ...Master awplus enable awplus configure terminal awplus config router vrrp 1 awplus config router virtual ip A B C D master awplus config router disable awplus config interface VLAN2 awplus config if priority 255 awplus config router preempt mode true awplus config router advertisement interval 2 awplus config router enable Router 2 Default Backup awplus enable awplus configure terminal awplus confi...

Page 1021: ...us config router advertisement interval 6 circuit failover Use this command to enable the VRRP circuit failover feature Use the no parameter with this command to disable this feature Syntax circuit failover interface delta_value no circuit failover interface Mode Router mode Examples awplus configure terminal awplus config router vrrp 1 awplus config router circuit failover vlan2 30 Parameter Desc...

Page 1022: ...rrp all no debug vrrp all Mode Configure mode and Privileged Exec mode Examples awplus configure terminal awplus config debug vrrp all debug vrrp events Use this command to specify debugging options for VRRP event troubleshooting Use the no parameter with this command to disable this function Syntax debug vrrp events no debug vrrp events Mode Configure mode and Privileged Exec mode Usage The debug...

Page 1023: ...ec mode Usage The debug vrrp packet command enables the display of debug information related to the sending and receiving of packets Examples awplus configure terminal awplus config debug vrrp packet send disable Use this command to disable a VRRP session on the router In other words it will stop participating in virtual routing Syntax disable Mode Router mode Example awplus configure terminal awp...

Page 1024: ...ble interface Use this command define the physical interface that will participate in virtual routing This interface is used for two purposes to send receive advertisement messages and to forward on behalf of the virtual router when in Master state Use the no parameter with this command to remove the specified interface Syntax interface IFNAME no interface Mode Router mode Examples awplus configur...

Page 1025: ...tication mode md5 no ip vrrp authentication mode md5 Default No authentication Usage RFC 3768 Virtual Router Redundancy Protocol VRRP recommends no authentication Mode Interface mode Examples The following example shows text authentication configured on the vlan2 interface ensuring authentication packets received on this interface awplus configure terminal awplus config interface vlan2 awplus conf...

Page 1026: ... vrrp authentication string guest Related Command ip vrrp authentication mode preempt mode Use this command to configure preempt mode If set to true the highest priority backup will ALWAYS be the master when the default Master is unavailable If set to false a higher priority backup will not preempt a lower priority backup who is acting as Master Syntax preempt mode true preempt mode false Mode Rou...

Page 1027: ...er vrrp 3 awplus config router priority 101 Related Commands circuit failover preempt mode router vrrp Use this command to configure VRRP This command allows you to enter the Router mode Use the no parameter with this command to remove the VRRP configuration Disable the VRRP session before using the no router vrrp command Syntax router vrrp VRID no router vrrp VRID Mode Configure mode Example awpl...

Page 1028: ...m the show debugging vrrp command Some lines in this output wrap around they might not wrap around in the actual display Examples awplus show debugging vrrp show running config router vrrp Use this command to show the configuration for VRRP This command is available only if VRRP is enabled Syntax show running config router vrrp Mode Privileged Exec mode Configure mode Line mode and Interface mode ...

Page 1029: ...de Exec mode and Privileged Exec mode Usage The following is a sample output from the show vrrp command displaying relevant information about VRRP session 1 awplus show vrrp 1 VRID 1 State is Master Virtual IP is 10 10 11 250 Not IP owner Interface is vlan2 Priority is 100 Advertisement interval is 1 sec Preempt mode is TRUE Example awplus show vrrp 5 awplus show vrrp VrId 1 State is Master Virtua...

Page 1030: ...ll undebug vrrp events Use this command to disable debugging options for VRRP event troubleshooting Syntax undebug vrrp events Mode Privileged Exec mode Examples awplus undebug vrrp events undebug vrrp packet Use this command to disable debugging options for VRRP packets Syntax undebug vrrp packet send recv Mode Privileged Exec mode Examples awplus undebug vrrp packet send Parameter Description se...

Page 1031: ...he no parameter with this command to disable this feature Syntax virtual ip A B C D master virtual ip A B C D backup no virtual ip Mode Router mode Example awplus configure mode awplus config router vrrp 5 awplus config router virtual ip 10 10 20 30 master Parameter Description A B C D The virtual IP address of the virtual router master Sets the default state of the VRRP router within the Virtual ...

Page 1032: ...VRRP Commands 2008 Allied Telesis Inc All rights reserved 47 14 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 1033: ...re Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 48 1 48 EPSR Introduction Introduction 48 2 Ring Components and Operation 48 2 Fault Detection and Recovery 48 4 Fault Recovery 48 4 Restoring Normal Operation 48 5 Configuration Examples 48 6 Single Domain Single Ring Network 48 6 Single Ring Dual Domain Network 48 10 EPSR and Spanning Tree Operation 48 11 ...

Page 1034: ... secondary port Figure 48 1 Simple EPSR ring configuration EPSR instances and domains Each physical EPSR ring contains one or more EPSR instances An EPSR instance can be thought of as a component of an EPSR ring existing on a single node A set of instances across the whole ring is called a domain Therefore a ring whose individual nodes each have two instances results in a two domain ring Each inst...

Page 1035: ...and monitors their arrival back at its secondary port after they have circled the ring Under normal operating conditions the master node s secondary port is always in the blocking state to all data VLAN traffic This is to prevent data loops forming within the ring This port however operates in the forwarding state for the traffic on the control VLAN Loops do not occur on the control VLAN because t...

Page 1036: ...at their interfaces and immediately notifying master nodes about the break When a transit node detects a connectivity loss it sends a links down message over its good link Because a link spans two nodes both nodes send the links down message back to the master node These nodes also change their state from links up to links down and change the state of the port connecting to the broken link from fo...

Page 1037: ...Up Flush message This prevents the possibility of a loop condition occurring caused by the transit nodes moving into the forwarding state before the master node secondary port can return to the blocking state During such a period the ring would have no ports blocked Master node With the link restored the healthcheck messages that are sent from the primary port of the master node now complete the l...

Page 1038: ...ee Operation Single Domain Single Ring Network This example shows a simple single ring single domain configuration with no connecting lobes Figure 48 3 EPSR single domain single ring network Master Node Other Ports Other Ports Other Ports Control VLAN control_ring Transit Node 3 Transit Node 1 Transit Node 2 EPSR 3 eps P S Date VLAN data_ring Other Ports Port 1 0 1 Primary Port 1 0 1 Port 1 0 1 Po...

Page 1039: ...of frames on the VLAN aware node awplus config vlan exit Exit the VLAN configuration mode and enter Configure mode awplus config interface port1 0 1 Specify the interface port1 0 1 that you are configuring and enter the Interface mode awplus config if switchport mode trunk Set the switching characteristics of this port to trunk mode awplus config if switchport trunk allowed vlan add 5 Enable VLAN ...

Page 1040: ...control vlan Make port 1 0 1 the primary port Make this node the master Command Description awplus config epsr epsr blue state enable datavlan 40 primaryport port1 0 1 On epsr instance called blue make vlan40 the data vlan Command Description awplus config epsr epsr blue state enable enable the epsr named blue awplus config epsr exit Exit the epsr mode awplus configure terminal Enter the command c...

Page 1041: ...this port awplus config if exit Exit the Interface mode and enter the Configure mode awplus config interface port1 0 2 Specify the interface port1 0 2 that you are configuring and enter the Interface mode awplus config if switchport mode trunk Set the switching characteristics of this port to trunk mode awplus config if switchport trunk allowed vlan add 5 Enable VLAN 5 on this port awplus config i...

Page 1042: ...ing different nodes to be the master for each ring Figure 48 4 EPSR single ring network two domain network Control VLAN control_ring Ring_A Transit Node Ring_A Transit Node Ring_A Transit Node Ring_B Master Node Ring_B Master Node Ring_A Transit Node Ring_B Transit Node Ring_B Transit Node Ring_A EPSR 4 eps Date VLAN data_ring Ring_A Control VLAN control_ring Ring_B EPSR Ring Date VLAN data_ring R...

Page 1043: ...igurations This configuration might have a high speed fibre loop topology backbone controlled and managed using EPSR Lobes could extend out from each loop node into a user mesh network Any loops in this mesh network would be controlled and managed using STP RSTP Note that EPSR and STP cannot share the same ports The following figure shows a basic combined EPSR STP network Figure 48 5 EPSR and span...

Page 1044: ...EPSR Introduction 2008 Allied Telesis Inc All rights reserved 48 12 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 1045: ...rsion 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 49 1 49 EPSR Commands debug epsr 49 2 epsr 49 3 epsr configuration 49 4 epsr datavlan 49 5 epsr mode master controlvlan primaryport 49 6 epsr mode transit controlvlan 49 7 epsr state 49 7 epsr trap 49 8 show debugging epsr 49 8 show epsr 49 9 show epsr word 49 9 show epsr word counters 49 10 show epsr counters 49...

Page 1046: ...a command or set its defaults debug Debugging functions see also undebug epsr Ethernet Protection Switching Ring EPSR info Echo general EPSR information to console Do not echo general EPSR information to console when negated msg Echo decoded display of received and transmitted EPSR packets to console Do not echo decoded display of received and transmitted EPSR packets to console pkt Echo raw ASCII...

Page 1047: ...ice the hellotime or the hellotime must be less than equal to half the failovertime Do not setting hellotime at or below failovertime To destroy an EPSR instance called blue use the command Related Commands epsr mode master controlvlan primaryport epsr mode transit controlvlan epsr configuration epsr datavlan epsr state epsr trap show epsr Parameter Description no Negate a command or set its defau...

Page 1048: ...This command changes the cli mode to EPSR mode so that EPSR can be configured Syntax epsr configuration Mode Configure mode Example To change to EPSR mode use the command Related Commands epsr mode master controlvlan primaryport epsr show epsr Parameter Description epsr Ethernet Protection Switching Ring EPSR configuration Configure EPSR settings awplus config epsr configuration ...

Page 1049: ...se the command To add vlan2 and vlan3 to the EPSR instance called blue use the command To remove vlan3 from the EPSR instance called blue use the command To remove vlan2 and vlan3 from the EPSR instance called blue use the command Related Commands epsr mode master controlvlan primaryport epsr mode transit controlvlan show epsr Parameter Description no Negate a command or set its defaults epsr Ethe...

Page 1050: ... use the command Related Commands epsr mode transit controlvlan show epsr Parameter Description epsr Ethernet Protection Switching Ring EPSR name Name of the EPSR mode Determines whether the node is acting as a master or transit node master Sets switch to be the master node for the named EPSR ring controlvlan The VLAN that will transmit EPSR control frames 2 4094 VLAN id primaryport Primary port f...

Page 1051: ...ables an EPSR instance Syntax epsr word state enabled disabled Mode EPSR mode Example To disable pkt debug use the command Related Commands epsr mode master controlvlan primaryportt epsr mode transit controlvlan Parameter Description epsr Ethernet Protection Switching Ring EPSR word Name of the EPSR mode Determines whether the node is acting as a master or transit node transit Sets switch to be th...

Page 1052: ...ated Commands epsr mode master controlvlan primaryport epsr mode transit controlvlan show epsr show debugging epsr This command shows the debugging modes enabled for EPSR Syntax show debugging epsr Mode Exec mode and Privileged Exec mode Example To show the enabled debugging modes use the command Related Commands debug epsr Parameter Description no Negate a command or set its defaults epsr Etherne...

Page 1053: ...epsr mode transit controlvlan show epsr counters show epsr word This command displays information about the specified EPSR instance Syntax show epsr word Mode Exec mode and Privileged Exec mode Example To show the current settings of the EPSR instance called blue use the command Related Commands epsr mode master controlvlan primaryport epsr mode transit controlvlan show epsr counters Parameter Des...

Page 1054: ...r show epsr counters This command displays counter information about all EPSR instances Syntax show epsr counters Mode Exec mode and Privileged Exec mode Example To show the counters of all EPSR instances use the command Related Commands epsr mode master controlvlan primaryport epsr mode transit controlvlan show epsr Parameter Description show Show running system information epsr Ethernet Protecti...

Page 1055: ...CP Introduction Chapter 53 Dynamic Host Configuration Protocol DHCP Commands Chapter 54 SNMP Introduction Chapter 55 SNMP Commands Chapter 56 SNMP MIBs Chapter 57 SMTP Commands Chapter 58 RMON Commands Chapter 59 Triggers Introduction Chapter 60 Triggers Configuration Chapter 61 Trigger Commands Chapter 62 Ping Polling Introduction Chapter 63 Ping Polling Commands ...

Page 1056: ......

Page 1057: ...ware Reference C613 50003 00 REV E 50 1 2008 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 50 1 50 NTP Configuration Introduction 50 2 Overview 50 2 NTP on the Switch 50 3 Troubleshooting 50 3 Configuration Example 50 4 ...

Page 1058: ...rotocol overhead and allows selected hosts to be equipped with cheaper but less accurate clocks NTP provides information which organizes this hierarchy on the basis of precision or estimated error An NTP entity may be in one of the following operating modes however the switch s implementation of NTP supports two modes client and server An NTP entity operating in a client mode sends periodic messag...

Page 1059: ...t cannot operate as a primary time server unless the primary clock source is operating in server mode A primary clock source usually operates in broadcast mode which is not supported by the switch s implementation of NTP There is no support for clock selection or filtering When the switch receives a valid reply from the peer it synchronizes its own internal clock according to the information from ...

Page 1060: ... defined NTP transfers time information in UTC format To set the switch to automatically change the time when summer time starts and ends enable a summer time offset setting Example configuration parameters for a network time service Site Regional Office Head Office Switch Name RG1 HO1 IP Address of Switch 192 168 35 114 192 168 35 113 IP Address of Peer 192 168 35 113 192 168 13 3 1 Enable NTP an...

Page 1061: ... All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 51 1 51 NTP Commands ntp access group 51 2 ntp authenticate 51 3 ntp authentication key 51 3 ntp broadcastdelay 51 4 ntp master 51 4 ntp peer 51 5 ntp server 51 6 ntp trusted key 51 6 show counter ntp 51 7 show ntp associations 51 8 show ntp status 51 8 ...

Page 1062: ...er query only serve serve only Mode Configure mode Examples Parameter Description peer Allows time requests and NTP control queries and allows the system to synchronize itself to a system whose address passes the access list criteria query only Allows only NTP control queries from a system whose address passes the access list criteria serve Allows time requests and NTP control queries but does not...

Page 1063: ...no ntp authenticate Mode Configure mode Example To enable NTP authentication use the command ntp authentication key This command defines each of the authentication keys Each key has a key number a type and a value Currently the only key type supported is MD5 Syntax ntp authentication key keynum md5 key no ntp authentication key keynum md5 key Mode Configure mode Examples awplus config ntp authenti...

Page 1064: ... ntp broadcastdelay Mode Configure mode Examples ntp master Use this command to make the system to be an authoritative NTP server even if the system is not synchronized to an outside time source Syntax ntp master stratum Mode Configure mode Examples Parameter Description delay 1 999999 broadcast delay in microseconds awplus configure terminal awplus config ntp broadcastdelay 23464 Parameter Descri...

Page 1065: ...synchronize to it Use the no command to remove configuration Syntax ntp peer peeraddress no ntp peer peeraddress ntp peer peeraddress prefer key version no ntp peer peeraddress prefer key version Mode Configure mode Examples Parameter Description peeraddress A B C D the address of the peer prefer Prefer this peer when possible key key 1 4294967295 Configure peer authentication key version version ...

Page 1066: ...hentication keys If a key is trusted this system will be ready to synchronize to a system that uses this key in its NTP packets Syntax ntp trusted key 1 4294967295 no ntp trusted key 1 4294967295 Mode Configure mode Examples Parameter Description serveraddress A B C D the address of the server prefer Prefer this server when possible key key 1 4294967295 Configure server authentication key version ...

Page 1067: ...cking factors such as the packet s authentication format access rights and version Pkts current version The number of version 4 NTP packets received Pkts old version The number of NTP packets received that are from an older version down to version 1 of NTP NTP is compatible with these versions and processes these packets Pkts unknown version The number of NTP packets received that are an earlier v...

Page 1068: ...clock st when poll reach delay offset disp 127 127 1 0 127 127 1 0 5 22 64 377 0 0 0 0 1 0 master synced master unsynced selected candidate configured Examples show ntp status Use this command to display the status of the Network Time Protocol NTP Syntax show ntp status Mode Exec and Privileged Exec mode Usage This is a sample output of the show ntp status commands displaying information about the...

Page 1069: ...System Software Reference C613 50003 00 REV E 52 1 52 Dynamic Host Configuration Protocol DHCP Introduction Introduction 52 2 BOOTP 52 2 DHCP 52 2 DHCP Relay Agents 52 2 Configuring the DHCP Server 52 3 Create the Pool 52 3 Define the Network 52 3 Define the Range 52 4 Set the Lease 52 4 Set the Options 52 4 Configuring the DHCP Relay Agent 52 5 Configuring the DHCP Relay Agent 52 5 DHCP Option 82...

Page 1070: ...a DHCP relay agent DHCP DHCP is based on BOOTP and is defined in RFC 2131 It extends the BOOTP mechanism by providing a method for passing configuration information to hosts on a TCP IP network automatic allocation of reusable network addresses other additional configuration options When your device is configured as a DHCP server it allocates IP addresses and other IP configuration parameters to c...

Page 1071: ... enable the DHCP server by using the command For networks where you do not want the server to respond to BOOTP requests you can configure the DHCP server so that it ignores them by use the command awplus config ip dhcp bootp ignore Create the Pool A DHCP pool is identified by a name To create a DHCP pool and enter the configuration mode for the pool use the command Define the Network Define the ne...

Page 1072: ...lar client The DHCP server recognizes the client by its MAC address This lets you use DHCP to manage most of your network automatically while having unchanging IP addresses on key devices such as servers To assign a static IP address to a device use the command BOOTP requests can be satisfied by pools with leases set to infinity Set the Options DHCP allows clients to receive options from the DHCP ...

Page 1073: ... BOOTREQUEST messages originating from any of the device s interfaces to a user defined destination BOOTREPLY messages addressed to BOOTP clients on networks directly connected to the device The relay agent ignores BOOTREPLY messages addressed to clients on networks not directly connected to the device The device treats these as ordinary IP packets for forwarding A BOOTREQUEST message may be relay...

Page 1074: ...nt policies based on the network location of the client device For more information about option 82 see RFC 3046 Option 82 can be added to packets relayed from the DHCP client to DHCP server removed from packets relayed from DHCP server to DHCP client checked from sources closer to the client To enable the relay agent to insert its details into the option 82 field in requests received from clients...

Page 1075: ... other IP configuration parameters from a DHCP server To configure an interface to gain its IP configuration using the DHCP client use the command The DHCP client supports the following IP configuration options Option 1 the subnet mask for your device Option 3 a list of default routers Option 6 a list of DNS servers This list appends the DNS servers set on your device with the ip name server comma...

Page 1076: ...Dynamic Host Configuration Protocol DHCP Introduction 2008 Allied Telesis Inc All rights reserved 52 8 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 1077: ... 7 ip dhcp bootp ignore 53 8 ip dhcp option 53 9 ip dhcp pool 53 10 ip dhcp relay agent option 53 11 ip dhcp relay agent option checking 53 12 ip dhcp relay information policy 53 13 ip dhcp relay maxhops 53 14 ip dhcp relay server address 53 15 lease 53 16 network 53 17 next server 53 17 option 53 18 range 53 20 service dhcp relay 53 21 service dhcp server 53 21 show counter dhcp client 53 22 show...

Page 1078: ...This is the name of the boot file that the client should use in its bootstrap process It may need to include a path The no parameter removes the boot filename from a DHCP server pool Syntax bootfile line no bootfile Mode DHCP mode Examples To configure the boot filename for a pool P2 use the command Parameter Description bootfile Configures the boot file name line The boot file name awplus dhcp co...

Page 1079: ...on command then you will override any settings created with this command The no parameter removes either the specified default router or all default routers from the DHCP pool Syntax default router ip_address no default router ip_address Mode DHCP mode Examples To add a router with an IP address 192 168 1 2 to the DHCP pool use the command awplus dhcp config default router 192 168 1 2 To remove a ...

Page 1080: ...hen you will override any settings created with this command The no parameter removes either the specified DNS server or all DNS servers from the DHCP pool Syntax dns server ip_address no dns server ip_address Mode DHCP mode Examples To add the DNS server at IP address 192 168 1 1 to the DHCP pool use the command awplus dhcp config dns server 192 168 1 1 To remove the DNS server at IP address 192 ...

Page 1081: ...mand on page 53 18 then you will override any settings created with this command The no parameter removes the domain name from the address pool Syntax domain name domain_name no domain name Mode DHCP mode Examples To add the domain name Nerv_Office to the DHCP pool use the command awplus dhcp config domain name Nerv_Office To remove the domain name Nerv_Office from the DHCP pool use the command aw...

Page 1082: ...all Mode DHCP mode Usage Note that a network mask must be configured using a network command before issuing a host command Also note that a host address must match a network to add a static host address Examples To add the host at 192 168 1 5 with the MAC address 000a 451d 6e34 use the command awplus config ip dhcp pool 1 awplus dhcp config network 192 168 1 0 24 awplus dhcp config host 192 168 1 ...

Page 1083: ...domain name used to resolve host names This option replaces the domain name set with the ip domain name command Your device ignores this domain name if it has a domain list set using the ip domain list command Option 51 lease expiration time The no parameter stops the interface from obtaining IP configuration details from a DHCP server Syntax ip address dhcp client id interface hostname hostname n...

Page 1084: ...ives The DHCP server accepts BOOTP requests by default The no parameter configures the DHCP server to accept BOOTP requests This is the default setting Syntax ip dhcp bootp ignore no ip dhcp bootp ignore Mode Configure mode Examples To configure the DHCP server to ignore BOOTP requests use the command awplus config ip dhcp bootp ignore To configure the DHCP server to respond to BOOTP requests use ...

Page 1085: ... tcpip node type use the command awplus config ip dhcp option 46 name tcpip node type hex To define a user defined IP address option as option 175 with the name special address use the command awplus config ip dhcp option 175 name special address ip To remove the specific user defined option with the option number 12 use the command awplus config no ip dhcp option 12 To remove the specific user de...

Page 1086: ...d before the next exit command apply to this pool You can create multiple DHCP pools on devices with multiple interfaces This allows the device to act as a DHCP server on multiple interfaces to distribute different information to clients on the different networks The no parameter deletes the specific DHCP pool Syntax ip dhcp pool name no ip dhcp pool name Mode Configure mode Examples To create the...

Page 1087: ...hat the client does not receive this field Use this command to alter the relay agent s option 82 setting when your device is the first hop for the DHCP client The no parameter stops the relay agent from appending the option 82 field of DHCP requests before forwarding it to the server This feature is disabled by default Syntax ip dhcp relay agent option no ip dhcp relay agent option Mode Interface ...

Page 1088: ...matching IP address then the packet is dropped All valid responses are forwarded The no parameter stops the relay agent from checking the option 82 field for the Agent ID suboption All packets are forwarded regardless of whether or not the IP address in suboption field matches the IP address of the specified interface The relay agent does not check the Agent ID suboption by default Syntax ip dhcp ...

Page 1089: ...the payload and option 82 field then the relay agent responds according to the policy specified using this command By default the relay agent replaces any existing option field with its own relay agent field This is the functionality of the replace parameter Syntax ip dhcp relay information policy append drop keep replace Mode Interface mode Examples To make the relay agent listening on vlan15 dro...

Page 1090: ... discarding BOOTP messages When the hops field in a BOOTP message exceeds the threshold the relay agent discards the BOOTP message Syntax ip dhcp relay maxhops 1 255 Mode Interface mode Examples To set the maximum number of hops to 5 for packets arriving in interface vlan15 use the command awplus config interface vlan15 awplus config if ip dhcp relay maxhops 5 Related Commands service dhcp relay P...

Page 1091: ... server from the list of servers available to the DHCP relay agent Syntax ip dhcp relay server address ip addr no ip dhcp relay server address ip addr Mode Interface mode Examples To add a DHCP server 192 168 1 200 to forward to on the interface vlan100 use the command To delete the DHCP server 192 168 1 200 from the list of servers available to the DHCP relay agent use the command Related Command...

Page 1092: ...ys hours minutes lease infinite no lease Mode DHCP mode Examples To set the lease expiration time for address pool P2 to 35 minutes use the commands awplus config ip dhcp pool P2 awplus dhcp config lease 0 0 35 To set the lease expiration time for the address pool Nerv_Office to 1 day 5 hours and 30 minutes use the commands awplus config ip dhcp pool Nerv_Office awplus dhcp config lease 1 5 30 To ...

Page 1093: ...t server This command sets the next server address for a DHCP server pool It is the address of the next server that the client should use in its bootstrap process The no parameter removes the next server address from the DHCP address pool Syntax next server ip_address no next server Mode DHCP mode Examples To set the next server address for the address pool P2 use the command awplus config ip dhcp...

Page 1094: ...e Examples To add the ASCII type option named tftp server name to the pool P2 and give the option the value server1 use the command awplus config ip dhcp pool P2 awplus dhcp config option tftp server name server1 To add the hex type option named tcpip node type to a pool and give the option the value 08af use the command awplus dhcp config option tcpip node type 08af Parameter Description 1 254 Th...

Page 1095: ...tion 175 192 168 5 33 To add the option 179 to a pool and give the option the value 123456 use the command awplus dhcp config option 179 123456 To add a user defined flag option with the name perform router discovery use the command awplus dhcp config option perform router discovery yes To clear all user defined options from a DHCP address pool use the command awplus dhcp config no option To clear...

Page 1096: ... command to remove all address ranges from the DHCP pool Syntax range ip address ip address no range ip address ip address no range all Mode DHCP mode Examples To add an address range of 10 10 0 5 to 10 10 1 16 to the pool Nerv_Office use the command awplus config ip dhcp pool Nerv_Office awplus dhcp config range 10 10 0 5 10 10 1 16 To add the individual IP address 192 168 1 2 to a pool use the c...

Page 1097: ...ble the DHCP relay global function use the command awplus config service dhcp relay To disable the DHCP relay global function use the command awplus config no service dhcp relay Related Commands ip dhcp relay agent option ip dhcp relay agent option checking ip dhcp relay information policy ip dhcp relay maxhops ip dhcp relay server address service dhcp server This command enables the DHCP server o...

Page 1098: ...counter dhcp client Related Commands ip address dhcp show counter dhcp client DHCPDISCOVER out 10 DHCPREQUEST out 34 DHCPDECLINE out 4 DHCPRELEASE out 0 DHCPOFFER in 22 DHCPACK in 18 DHCPNAK in 0 Parameter Meaning DHCPDISCOVER out The number of DHCP Discover messages sent by the client DHCPREQUEST out The number of DHCP Request messages sent by the client DHCPDECLINE out The number of DHCP Decline...

Page 1099: ...ssages received from clients Replies In The number of DHCP Reply messages received from servers Relayed To Server The number of DHCP Request messages relayed to servers Relayed To Client The number of DHCP Reply messages relayed to clients Out To Server Failed The number of failures when attempting to send request messages to servers This is an internal debugging counter Out To Client Failed The n...

Page 1100: ...relay Missing Circuit ID The number of incoming DHCP Reply messages dropped due to missing circuit ID Option Insert Failed The number of incoming DHCP Request messages dropped due to an error adding the relay agent information option 82 This counter increments when the relay agent is set to drop packets with the option 82 field already filled by another relay agent This policy is set with the ip d...

Page 1101: ...Parameter Meaning DHCPDISCOVER in The number of Discover messages received by the DHCP server DHCPREQUEST in The number of Request messages received by the DHCP server DHCPDECLINE in The number of Decline messages received by the DHCP server DHCPRELEASE in The number of Release messages received by the DHCP server DHCPINFORM in The number of Inform messages received by the DHCP server DHCPOFFER ou...

Page 1102: ...how the current lease for vlan1 use the command awplus show dhcp lease vlan1 Related Commands ip address dhcp Parameter Description interface Interface name to display dhcp lease details for Interface vlan1 IP Address 192 168 22 4 Expires 13 Mar 2007 20 10 19 Renew 13 Mar 2007 18 37 06 Rebind 13 Mar 2007 19 49 29 Server Options subnet mask 255 255 255 0 routers 19 18 2 100 12 16 2 17 dhcp lease ti...

Page 1103: ... 16 To display the leases from the address pool MyPool use the command awplus show ip dhcp binding MyPool Related Commands ip dhcp pool lease range service dhcp server show ip dhcp pool Parameter Description ip addr IPv4 address of a leased IP address in dotted decimal notation This displays the lease information for the specified IP address name Name of an address pool This displays the lease inf...

Page 1104: ...figuration of the specified address pool only Pool p1 network 192 45 7 0 24 address ranges addr 192 45 7 6 to 192 45 7 15 addr 192 45 7 70 to 192 45 7 89 lease days hours minutes 1 0 0 subnet mask 255 255 255 0 pool s network mask Dynamic Hosts 2 30 Static Hosts 0 0 Total Utilisation 6 7 Pool p2 network 134 42 0 0 16 address ranges addr 134 42 11 1 to 134 42 11 100 static host addresses addr 134 4...

Page 1105: ...ocated by this pool domain The domain name sent by the pool to clients This is the domain name that the client should use when resolving host names using DNS subnet mask The subnet mask sent by the pool to clients dns servers The DNS server addresses sent to by the pool to clients default router s The default router addresses sent by the pool to clients user defined options The list of user define...

Page 1106: ...elay agent s configuration on the interface vlan100 use the command awplus show ip dhcp relay interface vlan100 Related Commands ip dhcp relay agent option ip dhcp relay agent option checking ip dhcp relay information policy ip dhcp relay maxhops ip dhcp relay server address Parameter Description interface name Name of a specific interface This displays the DHCP configuration for the specified int...

Page 1107: ...ut 4 DHCPNAK out 0 BOOTREQUEST in 0 BOOTREPLY out 0 Parameter Meaning DHCPDISCOVER in The number of Discover messages received by the DHCP server DHCPREQUEST in The number of Request messages received by the DHCP server DHCPDECLINE in The number of Decline messages received by the DHCP server DHCPRELEASE in The number of Release messages received by the DHCP server DHCPINFORM in The number of Info...

Page 1108: ...rently configured This show command does not include any configuration details of the address pools You can display these using the show ip dhcp pool command Syntax show ip dhcp server summary Mode Exec and Privileged Exec mode Output Figure 53 9 Example output from the show ip dhcp command Examples To display the current configuration of the DHCP server use the command awplus show ip dhcp server ...

Page 1109: ...created with this command If you do not specify a subnet mask using this command then the pool s network mask specified using the next server command is applied The no parameter removes a subnet mask option from a DHCP pool The pool reverts to using the pool s network mask Syntax subnet mask mask no subnet mask Mode DHCP mode Examples To set the subnet mask option to 255 255 255 0 for a pool use t...

Page 1110: ...Dynamic Host Configuration Protocol DHCP Commands 2008 Allied Telesis Inc All rights reserved 53 34 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 1111: ...6 Syntax 54 6 Access 54 6 Status 54 7 Description 54 7 The SNMP Protocol 54 8 SNMP Versions 54 8 SNMP Messages 54 9 Polling versus Event Notification 54 9 Message Format for SNMPv1 and SNMPv2c 54 10 SNMP Communities Version v1 and v2c 54 11 SNMPv3 Entities 54 11 SNMP Engine 54 11 SNMPv3 Message Protocol Format 54 12 SNMPv1 and SNMPv2c on the Switch 54 13 SNMP MIB Views for SNMPv1 and SNMPv2c 54 13...

Page 1112: ... more Network Management Stations NMS An NMS is a host system running a network management protocol and network management applications enabling the user to manage the network A network management protocol used by the NMS and agents to exchange information Figure 54 1 Components of a network management system The Internet standard Network Management Framework is the framework used for network mana...

Page 1113: ...Version 2 and Version 3 of the Internet standard Network Management Framework RFC 2578 Structure of Management Information Version 2 SMIv2 RFC 2579 Textual Conventions for SMIv2 RFC 2580 Conformance Statements for SMIv2 Subsequent documents that have defined SNMPv3 are RFC 3410 Introduction and Applicability Statements for Internet Standard Management Framework RFC 3411 An Architecture for Describ...

Page 1114: ...e and is defined by its name syntax access mode status and description It can also be specifically identified by its unique position within the tree This position is expressed as a series of dot delimited sub identifiers that start at the root node and end in the sub identifier at the particular object s leaf node For example in Figure 54 2 the object named interfaces would be uniquely identified ...

Page 1115: ...e root to the node in question separated by spaces and enclosed in braces For following example identifies the internet sub tree iso org dod 1 The name may be abbreviated to a relative form The following example identifies the first directory node of the internet sub tree internet 1 Combined notation lists both the integer values and textual descriptions found by traversing the tree from the root ...

Page 1116: ...ormation about IP routes and is indexed by the destination address ipRouteDest The instance of the ipRouteNextHop object for the route 131 203 9 0 is ipRouteNextHop 131 203 9 0 or 1 3 6 1 2 1 4 21 1 7 131 203 9 0 If the table has more than one index the values of all the index columns are combined to form the instance identifier The object tcpConnTable in MIB II contains information about existing...

Page 1117: ...may include an optional textual description of the meaning and use of the object This description is often essential for successful understanding of the object Status Description Mandatory Managed devices must implement the object Optional Managed devices may implement the object Obsolete Managed devices need no longer implement the object Deprecated Managed devices should implement the object How...

Page 1118: ...rrectly See Chapter 23 IP Addressing and Protocol Commands for detailed descriptions of the commands required to enable and configure IP SNMP Versions The switch supports SNMP version 1 SNMPv1 SNMP version 2c SNMPv2c and SNMP Version 3 SNMPv3 The three versions operate similarly SNMPv2c updated the original protocol and offered the following main enhancements a new format for trap messages the get...

Page 1119: ...n the choice and safe guarding of community names which are effectively passwords for SNMP Polling versus Event Notification SNMP employs a polling paradigm A Network Management Station NMS polls the managed device for information as and when it is required by sending get request get next request and or get bulk request PDUs to the managed device The managed device responds by returning the reques...

Page 1120: ...cessive get next request PDUs get bulk request Sent by an NMS to an agent to request a large amount of data with a single message This is for SNMPv2c messages set request Sent by an NMS to an agent to manipulate the value of an object SNMP PDU Version Community get response Sent by an agent to an NMS in response to a get request get next request get bulk response or set request PDU trap Sent by an...

Page 1121: ...scription of entities can be found in RFC 3411 on which the following text is based SNMPv3 defines two entity types a manager and an agent Both entity types contain two basic components an SNMP engine and a set of applications SNMP Engine The engine provides the basic services to support the agents component applications in this respect it performs much of the functionality expected of the ISO Ses...

Page 1122: ...ppropriately msgAuthoritativeEngine ID The ID of the authoritative engine that relates to a particular message i e the source engine ID for Traps Responses and Reports and the destination engine for Gets GetNexts Sets and Informs msgAuthoritativeEngine Boots A value that represents the number of times the authoritative engine has rebooted since its installation Its value has the range 1 to 231 1 m...

Page 1123: ...mber of the community The community profile associated with the community name then determines the sender s view of the MIB and the operations that can be performed on objects in the view SNMP Communities SNMP communities were introduced into SNMPv1 and retained in version 2c Although the switch s software still supports communities this is to provide backward compatibility with legacy management ...

Page 1124: ...objects in the MIB that pertain to a particular network element For example the MIB view of a hub would be the objects relevant to management of the hub and would not include IP routing table objects for example The switch s SNMP agent does not allow the construction of MIB views The switch supports all relevant objects from all MIBs that it implements Note that the switch s standard set and show ...

Page 1125: ...ter 13 Internet Protocol IP for commands that enable and configure IP To configure SNMP 1 Enable the SNMP agent Enable the SNMP agent and enable the generation of authenticate failure traps to monitor unauthorised SNMP access SNMP is enabled by default in AlliedWare Plus 2 Create a community with write access for the central NMS Create a community called private with write access for use only by t...

Page 1126: ...the view may be from any part of the object name space and not necessarily the same sub tree SNMP Groups Groups were introduced as part of SNMPv3 They are the means by which users are assigned their views and access control policy Once a group has been created users can be added to them In practice a number of groups would be created each with varying views and access security requirements Users w...

Page 1127: ...the IP module handles the UDP datagrams used to transport SNMP messages To configure SNMP 1 Enable the SNMP agent Enable the SNMP agent and enable the generation of authenticate failure traps to monitor unauthorized SNMP access SNMP is enabled by default in AlliedWare Plus 2 Add SNMP views You can specify views using their OID or the predefined MIB name awplus config snmp server view atmib 1 3 6 1...

Page 1128: ...SNMP Introduction 2008 Allied Telesis Inc All rights reserved 54 18 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 1129: ...MP Commands debug snmp 55 2 show counter snmp server 55 3 show debugging snmp 55 6 show running config snmp 55 6 show snmp server 55 7 show snmp server community 55 7 show snmp server group 55 8 show snmp server user 55 8 show snmp server view 55 9 no snmp server 55 10 snmp server community 55 11 snmp server contact 55 12 snmp server enable trap 55 13 snmp server engineID 55 14 snmp server group 5...

Page 1130: ...tware Reference C613 50003 00 REV E Software Version 5 2 1 debug snmp This command enables SNMP debugging The no form disables SNMP debugging Syntax debug snmp no debug snmp Mode Privileged Exec mode Examples To start SNMP debugging use the command Related Commands show debugging snmp awplus debug snmp ...

Page 1131: ...s 11 outTooBigs 0 outNoSuchNames 2 outBadValues 0 outGenErrs 0 outGetRequests 0 outGetNexts 0 outSetRequests 0 outGetResponses 11 outTraps 0 UnSupportedSecLevels 0 NotInTimeWindows 0 UnknownUserNames 0 UnknownEngineIDs 0 WrongDigest 0 DecryptionErrors 0 UnknownSecModels 0 InvalidMsgs 0 UnknownPDUHandlers 0 Parameter Meaning inPkts The total number of SNMP messages received by the SNMP agent inBadV...

Page 1132: ...he error status field is genErr inTotalReqVars The number of MIB objects that the SNMP agent has successfully retrieved after receiving valid SNMP Get Request and Get Next PDUs inTotalSetVars The number of MIB objects that the SNMP agent has successfully altered after receiving valid SNMP Set Request PDUs inGetRequests The number of SNMP Get Request PDUs that the SNMP agent has accepted and proces...

Page 1133: ...ved packets that the SNMP agent has dropped because they requested a securityLevel unknown or not available to the SNMP agent NotInTimeWindows The number of received packets that the SNMP agent has dropped because they appeared outside of the authoritative SNMP agent s window UnknownUserNames The number of received packets that the SNMP agent has dropped because they referenced an unknown user Unk...

Page 1134: ...snmp show running config snmp This command displays the current configuration of SNMP on your device Syntax show running config snmp Mode Exec and Privileged Exec mode Output Example To display the current configuration of SNMP on your device use the command awplus show running config snmp Related commands show snmp server Snmp SMUX debugging status Snmp debugging is on snmp server contact AlliedT...

Page 1135: ...mand awplus show snmp server Related commands debug snmp show counter snmp server show snmp server community This command displays the SNMP server communities Syntax show snmp server community Mode Exec and Privileged Exec mode Output Example To display the SNMP server communities use the command awplus show snmp server community Related commands show snmp server community SNMP enable Yes SNMPv3 e...

Page 1136: ...the command awplus show snmp server group Related commands snmp server group show snmp server user This command displays the SNMP server users Syntax show snmp server user Mode Exec and Privileged Exec mode Output Example To display the SNMP server users use the command awplus show snmp server user Related commands show snmp server user SNMPgroupinformation Groupname grou1 SecurityLevel auth ReadV...

Page 1137: ...C613 50003 00 REV E 55 9 show snmp server view This command displays the SNMP server view Syntax show snmp server view Mode Exec and Privileged Exec mode Output Example To display the SNMP server view use the command awplus show snmp server view Related commands snmp server view SNMP view information View Name view1 OID 1 Type included ...

Page 1138: ... Syntax no snmp server Mode Configure mode Default By default the SNMP agent is disabled Usage To re enable the SNMP agent use the SNMP commands below to add SNMP configuration These commands will also enable the SNMP agent Examples To disable the SNMP agent and remove all SNMP configuration on the device use the command Related Commands show snmp server show snmp server community snmp server comm...

Page 1139: ... snmp server community community_name view view_name ro rw 1 99 no snmp server community community_name Mode Configure mode Example The following command creates an SNMP community called public with read only access to all MIB variables from any management station The following command removes an SNMP community called public Related Commands show snmp server community snmp server view Parameter De...

Page 1140: ...t The no form removes the contact information from the system Syntax snmp server contact contact info no snmp server contact Mode Configure mode Examples To set the system contact information to support alliedtelesis co nz use the command Related Commands show snmp server show system snmp server location snmp server group Parameter Description contact info The contact information for the system fr...

Page 1141: ...mand also applies to notifications sent by SNMP 3 Command Syntax snmp server enable trap auth bgp mstp nsm ospf pim rip rmon no snmp server enable trap auth bgp mstp nsm ospf pim rip rmon Mode Configure mode Examples To allow the device to send BGP related traps use the following command To disable BGP traps being sent out by the device use the following command See Also snmp server host Parameter...

Page 1142: ...et the engine ID to be generated automatically The no form sets the SNMPv3 engine ID to its default value Syntax snmp server engineID local engine id default no snmp server engineID local Mode Configure mode Example To set the SNMPv3 engine ID to 800000cf030000cd123456 use the following command The following command sets SNMPv3 engine ID back to the default value Related Commands show snmp server ...

Page 1143: ... groupname auth noauth priv Mode Configure mode Examples To add SNMP group for ordinary users user the command To delete SNMP group usergroup use the command Related Commands show snmp server group snmp server group snmp server user Parameter Description groupname Group name The group name is a string up to 20 characters long and is case sensitive auth Authenticate noauth No authentication and no ...

Page 1144: ...raps version 2 community name snmp server host ipaddress informs traps version 3 auth noauth priv user name no snmp server host ipaddress traps version 1 community name no snmp server host ipaddress informs traps version 2 community name no snmp server host ipaddress informs traps version 3 auth noauth priv user name Mode Configure mode Examples To configure the device to send generated traps to t...

Page 1145: ...n the MIB object sysLocation The no parameter removes the configured location from the system Syntax snmp server location location_name no snmp server location Mode Configure mode Examples To set the location to server room 523 use the command Related Commands show snmp server show system snmp server contact Parameter Description location_name The location of the system from 0 to 255 characters lo...

Page 1146: ...o snmp server user username Mode Configure mode Example To add SNMP user authuser as a member of group usergroup with authentication protocol MD5 authentication password Authpass privacy protocol DES and privacy password Privpass use the following command To delete SNMP user authuser use the command Related Commands show snmp server user snmp server view Parameter Description username User name Th...

Page 1147: ...snmp server view command removes the specified view on the device The view must already exist Syntax snmp server view view name mib name included excluded no snmp server view view name Mode Configure mode Example The following command creates a view caleld loc that includes system location mib sub tree To remove the view loc use the following command Related Commands show snmp server view snmp ser...

Page 1148: ...SNMP Commands 2008 Allied Telesis Inc All rights reserved 55 20 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 1149: ...are Reference C613 50003 00 REV E 56 1 56 SNMP MIBs Introduction 56 2 MIB II MIB 56 3 Implementation 56 4 TCP MIB 56 5 Implementation 56 5 UDP MIB 56 6 Implementation 56 6 IP Forwarding Table MIB 56 7 Implementation 56 7 Ethernet like Interface Types MIB 56 8 Implementation 56 8 Medium Attachment Unit MAU MIB 56 9 Implementation 56 10 Host Resources MIB 56 11 Implementation 56 12 Bridge MIB 56 13 ...

Page 1150: ...see Chapter 55 SNMP Commands For RFCs see http www rfc editor org rfc html Supported MIBs SNMP MIB RFC Description MIB II RFC 1213 The core set of objects for TCP IP internets TCP MIB RFC 2012 UDP MIB RFC 2013 IP Forwarding Table MIB RFC 2096 Objects for managing Classless Inter Domain Routing CIDR Ethernet like Interface Types MIB RFC 3635 Objects for managing Ethernet like interfaces Medium Atta...

Page 1151: ...th subnet which refers to an addressing partitioning scheme used in the Internet suite of protocols The Address Translation group contains objects that describe the translation between network addresses e g IP addresses and subnetwork specific or physical addresses on the entity The IP group contains objects that describe the entity s IP addressing scheme IP routing table IP address translation an...

Page 1152: ...the SNMP protocol on the entity These groups are the basic unit of management Implementation The switch implements all groups in RFC 1213 MIB II However the implementation of some objects differs from RFC 1213 as shown in the following table Object Name Object ID Implementation atIfIndex 1 3 6 1 2 1 3 1 1 1 Read only atPhysAddress 1 3 6 1 2 1 3 1 1 2 Read only atNetAddress 1 3 6 1 2 1 3 1 1 3 Read...

Page 1153: ... TCP using the SNMPv2 framework Objects defined in the TCP MIB reside in the tcp 6 and tcpMIB 49 subtrees Figure 56 2 and have the object identifier prefixes tcp mib 2 6 or tcpMIB mib 2 49 Figure 56 2 The TCP MIB subtree of the Internet standard Management Information Base MIB Implementation The switch implements all groups in RFC 2012 tcp and tcpMIB However the implementation of some objects diff...

Page 1154: ...s MIB II defines managed objects for managing implementations of the User Datagram Protocol UDP using the SNMPv2 framework Objects defined in the UDP MIB reside in the udp 7 subtree Figure 56 3 and have the object identifier prefix udp mib 2 7 Figure 56 3 The UDP subtree of the Internet standard Management Information Base MIB Implementation The switch implements all groups in the UDP MIB system 1...

Page 1155: ... Implementation The switch implements the following objects and groups in the IP Forwarding Table MIB The ipForwardNumber object contains the number of current ipForwardTable entries that are not invalid obsolete The ipCidrRouteNumber object contains the number of current ipCidrRouteTable entries that are not invalid The IP CIDR Route Table ipCidrRouteTable contains objects that obsolete and repla...

Page 1156: ...dentified by three values of the ifType object in the Internet Standard MIB ethernet csmacd 6 iso88023 csmacd 7 starLan 11 For these interfaces the value of the ifSpecific variable in MIB II has the object identifier value dot3 transmission 7 The objects in this MIB are organized into two groups The Ethernet like Statistics group contains objects that record statistics for Ethernet like interfaces...

Page 1157: ...ports of a repeater and applies to MAUs attached to repeaters which have one or more external jacks connectors dot3IfMauBasicGroup is a collection of objects for managing IEEE 802 3 Ethernet like interfaces ifMauTable is a table of information about MAU s attached to an interface The value of ifMauIfIndex is the same as the value of ifIndex in the Interface group of MIB II ifJackTable is a table o...

Page 1158: ...plemented because they are not meaningful in the context of the switch The dot3MauType object identities The Repeater MAU Basic Group dot3RpMauBasicGroup The Broadband MAU Basic Group dot3BroadMauBasicGroup The implementation of the objects in the following table differs from RFC 2239 Object Name Object ID Access Implementation ifMauStatus 1 3 6 1 2 1 26 2 1 1 4 Read write Read only ifMauDefaultTy...

Page 1159: ...e Internet standard Management Information Base MIB The MIB is organized into six groups The Host Resources System group contains objects that describe general system configuration parameters The Host Resources Storage group contains objects that describe the logical storage areas on the host The Host Resources Device group contains objects that describe the devices on the host The Host Resources ...

Page 1160: ... of some objects differs from RFC 2790 as shown in the table below The following group in the Host Resources MIB is not implemented The Host Resources Installed Software group Object Name Object ID Access Implementation hrSystemDate 1 3 6 1 2 1 25 1 2 Read write Read only hrSystemInitialLoadDevice 1 3 6 1 2 1 25 1 3 Read write Read only hrSystemInitialLoadParameters 1 3 6 1 2 1 25 1 4 Read write R...

Page 1161: ...he MIB is composed of the following sections The dot1dBase Group is mandatory and contains the objects which are applicable to all types of bridges The dot1dStp Group contains objects that denote the bridge s state with respect to the Spanning Tree Protocol If a node does not implement the Spanning Tree Protocol this group is not implemented The dot1dSr Group contains objects that describe the ent...

Page 1162: ... is associated with a different interface However there are situations in which multiple ports are associated with the same interface An example of such a situation would be several ports each corresponding one to one with several X 25 virtual circuits but all on the same interface Each port is uniquely identified by a port number A port number has no mandatory relationship to an interface number ...

Page 1163: ...and packet collisions The switch implements the etherStatsTable of the Statistics group The History group contains objects that store periodic statistical samples from the Ethernet network The switch implements the historyControlTable of the History group The Alarm group contains objects that periodically collect statistical samples of variables from the probe and compare them to previously config...

Page 1164: ...SNMP MIBs 2008 Allied Telesis Inc All rights reserved 56 16 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 1165: ...Reference C613 50003 00 REV E 57 1 2008 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 57 1 57 SMTP Commands debug mail 57 2 delete mail 57 2 mail 57 3 mail from 57 4 mail smtpserver 57 4 show counter mail 57 5 show mail 57 5 ...

Page 1166: ...ding emails use the command awplus no debug mail Related Commands delete mail mail mail from mail smtpserver show mail show counter mail delete mail This command deletes mail from the queue Syntax delete mail mail id mail id all Mode Privileged Exec mode Examples To delete mail from the queue use the command awplus delete mail 20060912142356 1234 awplus delete mail all Related Commands delete mail...

Page 1167: ...mmand and a mail server using the mail smtpserver command Syntax mail to to subject subject file filename Mode Privileged Exec mode Examples To send an email to rei nerv com with the subject dummy plug configuration and with the message body inserted from the file plug conf use the command Related Commands debug mail delete mail mail from mail smtpserver show mail show counter mail Parameter Descr...

Page 1168: ...onfig mail from kaji nerv com Related Commands delete mail mail mail smtpserver show mail mail smtpserver This command sets the IP address of the SMTP server that your device sends email to You must specify a mail server with this command before you can send any email Syntax mail smtpserver ip address Mode Configure mode Examples To specify a mail server at 192 168 0 1 use the command awplus mail ...

Page 1169: ...ue use the command awplus show counter mail Related Commands debug mail delete mail mail mail from show mail show mail This command displays the emails in the queue Syntax show mail Mode Privileged Exec mode Examples To display the emails in the queue use the command awplus show mail Related Commands delete mail mail show counter mail Mail Client SMTP counters Mails Sent 0 Mails Sent Fails 1 Param...

Page 1170: ...SMTP Commands 2008 Allied Telesis Inc All rights reserved 57 6 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 1171: ...Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 58 1 58 RMON Commands Introduction 58 2 rmon alarm 58 2 rmon collection history 58 3 rmon collection stats 58 4 rmon event 58 5 show rmon alarm 58 6 show rmon event 58 6 show rmon history 58 7 show rmon statistics 58 8 ...

Page 1172: ...35 Alarm entry index value oid The variable SNMP MIB Object Identifier OID name to be monitored in the format etherStatsEntry field stats index For example etherStatsEntry 5 22 is the OID for the etherStatsPkts field in the etherStatsEntry table for the interface defined by the stats index 22 in the rmon collection stats command interval Polling interval in seconds delta The RMON MIB alarmSampleTy...

Page 1173: ...here is sufficient memory available then the device will allocate memory for storing the set of buckets that comprise this history control Use the no form of this command to remove the specified history control configuration Syntax rmon collection history history index buckets 1 65535 interval 1 3600 owner owner no rmon collection history history index Mode Interface mode Default The default inter...

Page 1174: ...istics on this interface Syntax rmon collection stats collection index owner owner no rmon collection stats collection index Mode Interface mode Default Ethernet statistics probe is not running Examples Parameter Description collection index 1 65535 Give this collection of statistics an index number to uniquely identify it This is the index to use to access the statistics collected for this interf...

Page 1175: ...owner owner trap trap rmon event event index log description description owner owner trap trap rmon event event index log trap description description owner owner no rmon event event index Mode Configure mode Default No default event is configured Examples Related Commands rmon alarm Parameter Description event index 1 65535 Unique event entry index value log Log event type trap Trap event type lo...

Page 1176: ...ands rmon alarm show rmon event Use this command to display the events configured for the RMON probe Syntax show rmon event Mode User Exec mode and Privileged Exec mode Output Example output from the show rmon event command Examples Related Commands rmon event awplus show rmon alarm awplus sh rmon event event Index 787 Description TRAP Event type log trap Event community name gopher Last Time Sent...

Page 1177: ...ry collections on the device Syntax show rmon history Mode User Exec mode and Privileged Exec mode Output Example output from the show rmon history command Example Related Commands rmon collection history awplus sh rmon history history index 56 data source ifindex 4501 buckets requested 34 buckets granted 34 Interval 2000 Owner Andrew history index 458 data source ifindex 5004 buckets requested 40...

Page 1178: ...ivileged Exec mode Examples Output Example output from the show rmon statistics command Related Commands rmon collection stats awplus show rmon statistics awplus show rmon statistics rmon collection index 45 stats ifindex 4501 input packets 1279340 bytes 85858960 dropped 00 multicast packets 1272100 output packets 7306090 bytes 268724 multicast packets 7305660 broadcast packets 290 rmon collection...

Page 1179: ... System Software Reference C613 50003 00 REV E 59 1 2008 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 59 1 59 Triggers Introduction Introduction 59 2 Configuring a Trigger 59 2 Troubleshooting Triggers 59 4 ...

Page 1180: ...s and any script may be used by any trigger When an event activates a trigger the trigger executes the scripts associated with it in sequence Various types of triggers are supported each activated in a different way Configuring a Trigger The following describes the general steps to configure a trigger For specific configuration examples see Chapter 60 Triggers Configuration 1 Create a configuratio...

Page 1181: ...ing a specific time of the day use the command awplus config trigger time after HH MM SS before HH MM SS If you want your trigger to activate only on a specific date use the command If you want the trigger to activate only on specific days of the week use the command Note that you can set either a specific date or specific weekdays but not both 5 Specify how often the trigger can activate By defau...

Page 1182: ...er activates if its trigger conditions are met but does not run any of its scripts Your device generates a log message to indicate that the trigger was activated To place a trigger in diagnostic mode enter the trigger s configuration mode and use the command awplus config trigger test To start debugging for triggers use the command awplus debug trigger This generates detailed messages about how yo...

Page 1183: ...50003 00 REV E 60 1 2008 Allied Telesis Inc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 60 1 60 Triggers Configuration Introduction 60 2 Restrict Internet Access 60 2 Capturing Unusual CPU and RAM Activity 60 3 Seeing Daily Statistics 60 4 Link Status 60 5 ...

Page 1184: ...called shutdown cfg This script adds commands to restrict access to the specified sites Trigger two activates at 5 30pm and runs the script called open cfg This script removes the configuration specified by shutdown cfg 1 Create the shutdown cfg configuration script Create a configuration script using Access Control List commands to restrict users on vlan2 from accessing the specific sites 2 Creat...

Page 1185: ...ing configuration allows you to troubleshoot high CPU or RAM usage by the device It uses two triggers to capture show output and places this output in a file Trigger three activates the script cpu usage cfg when CPU usage is over 90 and can activate up to 5 times Trigger four activates the script ram usage cfg when RAM usage is over 95 and can activate up to 10 times 1 Create the cpu usage cfg con...

Page 1186: ...c is dropped with the QoS bandwidths set over the next week To do this they want to generate an hourly report on QoS traffic on the first day that this is implemented Trigger five activates the script qos stats cfg every 60 minutes and sends the output to The trigger is set to only activate during work hours 1 Create the qos stats cfg configuration script Create a configuration script with the app...

Page 1187: ... with the QoS bandwidths set over the next week To do this they want to generate an hourly report on QoS traffic on the first day that this is implemented Trigger five activates the script qos stats cfg every 60 minutes and sends the output to The trigger is set to only activate during work hours 1 Create the linkup cfg configuration script Create a configuration script with the appropriate show c...

Page 1188: ...Triggers Configuration 2008 Allied Telesis Inc All rights reserved 60 6 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 1189: ...ion 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 61 1 61 Trigger Commands active 61 2 day 61 3 debug trigger 61 4 description 61 5 repeat 61 6 script 61 7 show running config trigger 61 8 show trigger 61 9 test 61 12 time 61 13 trigger 61 14 type cpu 61 15 type interface 61 16 type memory 61 17 type periodic 61 18 type ping poll 61 18 type reboot 61 19 type time ...

Page 1190: ...a trigger While in this state the trigger cannot activate when its trigger conditions are met Syntax active no active Mode Trigger mode Examples To enable trigger 172 so that it can activate when its trigger conditions are met use the commands awplus config trigger 172 awplus config trigger active To disable trigger 182 preventing it from activating when its trigger conditions are met use the comm...

Page 1191: ...n 2008 To permit trigger 12 to activate on a Mondays Wednesdays and Fridays use the commands awplus config trigger 12 awplus config trigger day monday wednesday friday Related Commands show trigger trigger Parameter Description every day Sets the trigger so that it can activate on any day 1 31 Day of the month the trigger is permitted to activate on month Sets the month that the trigger is permitt...

Page 1192: ... debugging This generates detailed messages about how your device is processing the trigger commands and activating the triggers The no form disables trigger debugging Syntax debug trigger no debug trigger Mode Privilege Exec mode Examples To start trigger debugging use the command awplus debug trigger To stop trigger debugging use the command awplus no trigger Related Commands show trigger test t...

Page 1193: ...top displaying a description for this trigger Syntax description line no description Mode Trigger mode Examples To give trigger 240 the description daily status report use the commands awplus config trigger 240 awplus config trigger description daily status report To remove the description from trigger 36 use the commands awplus config trigger 36 awplus config trigger no description Related Comman...

Page 1194: ...conditions are met By default triggers can activate an unlimited number of times To reset a trigger to this default specify either yes or forever Syntax repeat forever no once yes 1 4294967294 Mode Trigger mode Examples To allow trigger 21 to activate only once use the commands awplus config trigger 21 awplus config trigger repeat no To allow trigger 22 to activate an unlimited number of times whe...

Page 1195: ...rigger Syntax script 1 5 filename no script 1 5 filename all Mode Trigger mode Examples To configure trigger 71 to run the script flash cpu_trig sh in position 3 when the trigger activates use the commands awplus config trigger 71 awplus config trigger script 3 flash cpu_trig sh To configure trigger 99 to run the scripts flash reconfig cfg flash cpu_trig sh and flash email cfg in positions 2 3 and...

Page 1196: ...e commands awplus config trigger 71 awplus config trigger no script all Related Commands show trigger trigger show running config trigger This command displays the current running configuration of the trigger utility Syntax show running config trigger Mode Privileged Exec mode Examples To display the current configuration of the trigger utility use the command awplus show running config trigger Re...

Page 1197: ...mtwtfs 005 Periodic 30 min Regular status check Y N Continuous 1 mtwtf 007 Memory 85 up High mem usage Y N 8 1 smtwtfs 011 Time 00 01 Weekend access Y N Continuous 1 s 013 Reboot Y N Continuous 2 smtwtfs 017 Interface vlan1 Change config for Y N Once 1 2 apr 2008 019 Ping poll 5 up Connection to svr1 Y N Continuous 1 smtwtfs Parameter Description TR Trigger identifier ID Type Details The trigger t...

Page 1198: ... 1 flash cpu_alert sh 2 flash reconfig cfg 3 not configured 4 not configured 5 not configured Trigger Configuration Details Trigger 1 Name Busy CPU Type and details CPU 80 up Days smtwtfs Active Yes Test No Repeat Continuous Modified Fri Feb 2 17 05 16 2007 Number of activations 0 Last activation not activated Number of scripts 2 1 flash cpu_alert sh 2 flash reconfig cfg 3 not configured 4 not con...

Page 1199: ... is displayed in brackets Modified The date and time of the last time that the trigger was modified Number of activations Number of times the trigger has been activated since the last restart of the device Last activation The date and time of the last time that the trigger was activated Number of scripts How many scripts are associated with the trigger followed by the names of the script files in ...

Page 1200: ...uts the trigger into a diagnostic mode In this mode the trigger may activate but when it does it will not run any of the trigger s scripts A log message will be generated to indicate when the trigger has been activated The no parameter takes the trigger out of diagnostic mode restoring normal operation When the trigger activates the scripts associated with the trigger will be run as normal Syntax ...

Page 1201: ... may activate at any time If the value specified for before is later than the value specified for after a time period from after to before is defined during which the trigger may activate This command is not applicable to time triggers type time The following figure illustrates how the before and after parameters operate Syntax time after HH MM SS before HH MM SS Mode Trigger mode 00 00 06 00 12 0...

Page 1202: ...00 Related Commands show trigger trigger trigger This command is used to access the configuration mode for the specified trigger Once trigger configuration mode has been entered the trigger type information can be configured and the trigger scripts and other operational parameters can be specified At a minimum the trigger type information must be specified before the trigger can become active The ...

Page 1203: ...p down any Mode Trigger mode Examples To configure trigger 28 to be a CPU trigger that activates when CPU usage exceeds 80 use the following commands awplus config trigger 28 awplus config trigger type cpu 80 up To configure trigger 5 to be a CPU trigger that activates when CPU usage either rises above or drops below 65 use the following commands awplus config trigger 5 awplus config trigger type ...

Page 1204: ... activate when either one of these events occurs by using the any option Syntax type interface interface up down any Mode Trigger mode Examples To configure trigger 19 to be an interface trigger that activates when switchport 1 1 2 becomes operational use the following commands awplus config trigger 19 awplus config trigger type interface 1 1 2 up Related Commands show trigger trigger Parameter De...

Page 1205: ...ger mode Examples To configure trigger 12 to be a memory trigger that activates when memory usage exceeds 50 use the following commands awplus config trigger 12 awplus config trigger type memory 50 up To configure trigger 40 to be a memory trigger that activates when memory usage either rises above or drops below 65 use the following commands awplus config trigger 40 awplus config trigger type mem...

Page 1206: ...mmand configures a trigger that activates when Ping Polling identifies that a target device s status has changed This allows you to run a configuration script when a device becomes reachable or unreachable Syntax type ping poll 1 100 up down Mode Trigger mode Examples To configure trigger 106 to activate when ping poll 12 detects that its target device is now unreachable use the following commands...

Page 1207: ... activate when your device reboots use the following commands awplus config trigger 32 awplus config trigger type reboot Related Commands show trigger trigger type time This command configures a trigger that activates at a specified time of day Syntax type time HH MM Mode Trigger mode Examples To configure trigger 86 to activate at 15 53 use the following commands awplus config trigger 86 awplus c...

Page 1208: ...Trigger Commands 2008 Allied Telesis Inc All rights reserved 61 20 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 1209: ...nc All rights reserved Software Version 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 62 1 62 Ping Polling Introduction Introduction 62 2 How Ping Polling Works 62 2 Configuring Ping Polling 62 4 Creating a Polling Instance 62 4 Customizing a Polling Instance 62 5 Troubleshooting Ping Polling 62 6 Interaction with Other Protocols 62 6 ...

Page 1210: ...umber of responses it considers the device to be reachable again By default a polling instance sends a ping every 30 seconds as long as it is receiving replies The frequency of this polling is controlled by the normal interval command When a reply is not received the polling instance increases the frequency at which it polls the device This frequency is controlled by the critical interval command ...

Page 1211: ...er than the remote device failing the backup link and primary link must point to different IP addresses on the remote device Otherwise when the backup link points to the IP address that your device is polling your device receives ping replies through the backup link considers the device to be reachable again and attempts to reopen the primary link instead of using the backup link See Chapter 59 Tr...

Page 1212: ...ate a polling instance by using the command awplus config ping poll 1 100 The range 1 100 identifies the polling instance in the trigger commands and in other ping poll commands Your device can poll up to 100 IP addresses at once 2 Set the IP address of the device you are polling by using the command awplus config ping poll ip ip_address 3 Enable the polling instance by using the command awplus co...

Page 1213: ... the device at the frequency set as the critical interval by default one second To change the frequency set by the critical interval use the command awplus config ping poll critical interval 1 65536 The critical interval enables the polling instance to quickly observe changes in the state of the device and should be set to a much lower value than the normal interval Configuring when the device s s...

Page 1214: ... the Privileged Exec mode and use the command awplus clear ping poll 1 100 all The polling instance changes to the polling frequency specified with the critical interval command The device status changes to reachable once the device responses have reached the up count To start debugging for ping polling use the command awplus debug ping poll 1 100 Interaction with Other Protocols Ping polling does...

Page 1215: ... 5 2 1 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E 63 1 63 Ping Polling Commands Introduction 63 2 active 63 2 clear ping poll 63 3 critical interval 63 4 debug ping poll 63 5 description 63 6 fail count 63 7 ip 63 8 length 63 9 normal interval 63 10 ping poll 63 11 sample size 63 12 show counter ping poll 63 13 show ping poll 63 15 source ip 63 18 timeout 63 19 up co...

Page 1216: ...ice it is polling is unreachable The no form disables a ping poll instance The polling instance no longer sends ICMP echo requests to the polled device This also resets all counters for this polling instance Syntax active no active Mode Ping Polling mode Examples To activate the ping poll 43 use the commands awplus config ping poll 43 awplus config ping poll active To disable the ping poll and res...

Page 1217: ...itical interval command The device status changes to reachable once the device responses have reached the up count Syntax clear ping poll 1 100 all Mode Privileged Exec mode Examples To reset the ping poll 12 use the command awplus clear ping poll 12 To reset all ping polls use the command awplus clear ping poll all Related Commands active ping poll show ping poll Parameter Description 1 100 A pin...

Page 1218: ...rmal interval command The no form sets the critical interval to the default of one second Syntax critical interval 1 65536 no critical interval Mode Ping Polling mode Examples To set the critical interval to 2 seconds for the polling instance 99 use the commands awplus config ping poll 99 awplus config ping poll critical interval 2 To reset the critical interval to the default of one second use th...

Page 1219: ... messages about ping execution The no parameter disables ping poll debugging for the specified ping poll Syntax debug ping poll 1 100 no debug ping poll 1 100 Mode Privileged Exec mode Examples To enable debugging for ping poll 88 use the command awplus debug ping poll 88 To disable debugging for ping poll 88 use the command awplus no debug ping poll 88 Related Commands active clear ping poll ping...

Page 1220: ...escription The no form delete the description set using this command Syntax description line no description Mode Ping Polling mode Example To add the text Primary Gateway to describe the ping poll 45 use the commands awplus config ping poll 45 awplus config ping poll description Primary Gateway To delete the description set for the ping poll use the command awplus config ping poll no description R...

Page 1221: ...mber set by the fail count command then a device that does not always reply to pings may be declared unreachable The no parameter resets the fail count to the default Syntax fail count 1 100 no fail count Mode Ping Polling mode Examples To specify the number of pings that must fail within the sample size to determine that a device is unreachable use the command awplus config ping poll fail count 5...

Page 1222: ...pecifies the IPv4 address of the device you are polling Syntax ip ip_address Mode Ping Polling mode Examples To set ping poll 5 to poll the device with the IP address 192 168 0 1 use the command awplus config ping poll 5 awplus config ping poll ip 192 168 0 1 Related Commands ping poll source ip show ping poll Parameter Description ip_address An IPv4 address in dotted decimal notation ...

Page 1223: ... to change the device s status to unreachable when the network is dropping packets of the size you are interested in The no parameter resets the data bytes to the default of 32 bytes Syntax length 4 1500 no length Mode Ping Polling mode Examples To specify that the ping poll 12 sends ping packet with a data portion of 56 bytes use the command awplus config ping poll 12 awplus config ping poll leng...

Page 1224: ...ds Syntax normal interval 1 65536 no normal interval Mode Ping Polling mode Examples To specify a time period of 60 seconds between pings when the device is reachable use the command awplus config ping poll normal interval 60 To reset the interval to the default value of 30 seconds use the command awplus config ping poll no normal interval Related Commands critical interval fail count ping poll sa...

Page 1225: ...l create a ping poll using this command and use the ip command to specify the device you want the polling instance to poll It is not necessary to specify any further commands unless you want to change a command s default The no parameter deletes the specified ping poll Syntax ping poll 1 100 no ping poll 1 100 Mode Configure mode Examples To create ping poll 3 and enter its configuration mode use ...

Page 1226: ... than that set with the fail count command a device that does not always reply to pings may be declared unreachable You cannot set this command s value lower than the fail count value The polling instance uses the number of pings specified by the up count command to determine when a device is reachable The no parameter resets this command to the default value Syntax sample size 1 100 no sample siz...

Page 1227: ...splays the counters for the specified ping poll only If you do not specify a ping poll then this command displays counters for all ping polls Ping polling counters Ping poll 1 PingsSent 15 PingsFailedUpState 0 PingsFailedDownState 0 ErrorSendingPing 2 CurrentUpCount 13 CurrentFailCount 0 UpStateEntered 0 DownStateEntered 0 Ping poll 2 PingsSent 15 PingsFailedUpState 0 PingsFailedDownState 0 ErrorS...

Page 1228: ...while the target device is in the Up state This is a cumulative counter for multiple occurrences of the Up state PingsFailedDownState Number of unanswered pings while the target device is in the Down state This is a cumulative counter for multiple occurrences of the Down state ErrorSendingPing The number of pings that were not successfully sent to the target device This error can occur when your d...

Page 1229: ...eachable down Displays polling instances where the device state is unreachable brief Displays a summary of the state of ping polls and the devices they are polling Ping Poll Configuration Id Enabled State Destination 1 Yes Down 192 168 0 1 2 Yes Up 192 168 0 100 Parameter Meaning Id The ID number of the polling instance set when creating the polling instance with the ping poll command Enabled Whet...

Page 1230: ...description command Destination IP address The IP address of the polled device set with the ip command Status The current status of the device being polled Up The device is reachable Down The device is unreachable Critical Up The device is reachable but recently the polling instance has not received some ping replies so the polled device may be going down Critical Down The device is unreachable bu...

Page 1231: ...ed Commands debug ping poll ping poll Fail count The number of pings that must be unanswered within the total number of pings specified by the sample size command for the polling instance to consider the device unreachable This is set using the fail count command Up count The number of consecutive pings that the polling instance must receive a reply to before classifying the device reachable again...

Page 1232: ...the interface through which it transmits the ping packets is used The no form resets the source IP in the packets to the device s local interface IP address Syntax source ip ip_address no source ip Mode Ping Polling mode Examples To configure the polling instance to use the source IP address 192 168 0 1 in ping packets use the command awplus config ping poll source ip 192 168 0 1 To reset the sour...

Page 1233: ...ority The no parameter resets the set time out to the default of one second Syntax time out 1 30 no time out Mode Ping polling mode Examples To specify the time out as 5 seconds use the command awplus config ping poll timeout 5 To reset the time out to its default of 1 second use the command awplus config ping poll no timeout Related Commands critical interval fail count normal interval ping poll ...

Page 1234: ...resets the up count to the default of 30 Syntax up count 1 100 no up count Mode Ping polling mode Examples To set the upcount to 5 consecutive pings use the command awplus config ping poll up count 5 To reset the upcount to the default value of 30 consecutive pings use the command awplus config ping poll no up count Related Commands critical interval fail count normal interval ping poll sample siz...

Page 1235: ...Stacking Reference This part includes the following chapters Chapter 64 Stacking Introduction Chapter 65 Stacking Commands ...

Page 1236: ......

Page 1237: ...ystem Software Reference C613 50003 00 REV E 64 3 64 Stacking Introduction Introduction 64 4 Supported Platforms 64 4 Features of Virtual Chassis Stacking 64 4 The Physical Stack 64 4 Stack Configuration 64 5 Resilient Stacked Topology 64 6 Stack Formation 64 7 Selecting the Master Stack Member 64 7 Stack Management VLAN 64 8 VCS Fault Tolerance 64 10 Stack Member Failure and Recovery 64 10 VCS Fa...

Page 1238: ...additional link is able to provide an alternative data path thus the stack will continue to function if a single switch fails Degraded performance might occur however due to the reduced VCS bandwidth User ports can also be made extremely resilient by utilizing link aggregation Aggregated links can span ports modules and even switches within the stack Creating aggregated links that span multiple sw...

Page 1239: ...e over the role as stack master if the master unit fails See Stack Resiliency Link on page 10 PORT 2 PORT 1 STACK SELECT STATUS ID XEM STK FAULT NEGOTIATING LINK PORT STAT MEMBER MASTER PORT 2 PORT 1 STACK SELECT STATUS ID XEM STK FAULT NEGOTIATING LINK PORT STAT MEMBER MASTER Resiliency Link Resiliency Link High Speed Stacking Links High Speed Stacking Links PORT 2 PORT 1 STACK SELECT STATUS ID X...

Page 1240: ...switch note that smaller switches such as the X900 24XT or X900 24XS can be also be used to form the stacked core This network topology supplies multiple dual connections to a number of downstream distribution switches that can in turn connect to user devices Similarly the dual network paths provide very reliable connectivity to the server aggregation portion of the network Employing link aggregat...

Page 1241: ...8 The stack also assigns a Stack ID number to each stack member You can change the stack ID by using either the ID select button on the XEM STK or by using the stack renumber command on page 65 22 Note that the Stack ID number plays no part in the selection of the master stack member Caution Once the stack is formed each stack member s configuration is associated with its stack ID number Pressing ...

Page 1242: ...xample VLAN1 and use SSH for remote access Initially the stack assigns the default VLAN tag ID of 4094 to the management VLAN and assigns an IP address from the subnet 192 168 255 0 28 to this VLAN as the management IP address Once the stack has formed you can change both these settings To change the VLAN ID use the stack management vlan command on page 65 20 To change the management IP address us...

Page 1243: ...blank The following LEDs indicate the switch s status within the stack Stacking LED Functions The following figure shows the XEM STK ports and LEDs Figure 64 3 XEM STK LEDs LED State Meaning Port 1 and Port 2 Green A stacking link is established Amber flashing slowly The link has transmission fault Off The stacking link is down Status Green The switch is the stack master Amber The switch is a non ...

Page 1244: ...tack member failure conditions and recovery actions in situations where the resiliency link is present or absent State change table 1 If the slave s ports are still up this may cause downstream switches with trunked ports to operate incorrectly Event on Master Node Reaction on Master Reaction on Slave Reaction on Slave With Resiliency Link Without Resiliency Link Both stack links removed No change...

Page 1245: ...ge 65 18 Re elect New Stack Master The slave members automatically determine which slave member becomes the new VCS master Recombining Broken Stacks When two broken stacks stubs are reconnected a multiple master condition will be detected In this situation a single Master is elected based upon the lowest Priority ID or the lowest MAC address The losing master and the new joining stack members will...

Page 1246: ...Stacking Introduction 2008 Allied Telesis Inc All rights reserved 64 12 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 1247: ...cking Commands Introduction 65 2 debug stack 65 3 reboot 65 4 reload 65 5 remote command 65 6 show counter stack 65 7 show debugging stack 65 11 show stack 65 12 stack autoupgrade 65 16 stack enable 65 17 stack fallback config 65 18 stack management subnet 65 19 stack management vlan 65 20 stack priority 65 21 stack renumber 65 22 stack renumber cascade 65 24 stack resiliencylink 65 25 type stack ...

Page 1248: ...g commands shown in this chapter stacking parameters also exist in the following commands hostname command on page 8 8 reboot command on page 65 4 show cpu command on page 8 11 show cpu history command on page 8 13 show file systems command on page 7 20 show memory command on page 8 16 show memory allocations command on page 8 18 show memory history command on page 8 20 show process command on pag...

Page 1249: ... will be displayed including link events topology discovery messages and all notable stacking events If link parameter is specified only the link events debugging information will be displayed Examples To enable debugging enter the following command on the stack master To enable link debugging enter the following command on the stack master To enable topology discovery debugging enter the followin...

Page 1250: ...tack member ID 1 to 8 of the device you want to reboot Before the reboot occurs you will receive a confirmation request saying reboot stack member specific stack member ID system y n If the specified stack member ID does not exist in the current stack the command will be rejected Executing this command with no parameters specified will reboot all devices in the stack Before the reboot occurs you w...

Page 1251: ...tack member ID 1 to 8 of the device you want to reboot Before the reload occurs you will receive a confirmation request saying reboot stack member specific stack member ID system y n If the specified stack member ID does not exist in the current stack the command will be rejected Executing this command with no parameters specified will reload all devices in the stack Before the reload occurs you w...

Page 1252: ...er to execute a command subset that are specific to stack members If the member ID is not used by any current stack member the command will be rejected Examples To execute show system command on stack member 2 Remote command Remote stack member command execution 1 8 The ID of the stack member where the command should be executed on show Show running system information cpu Show CPU utilization coun...

Page 1253: ...ster it will display all the stacking counter information for every stack member When used as a host directed command it will display only the stacking counter information for the specific stack member Examples To display the stacking counter information about the whole stack use the following command on the stack master To display the stacking counter information about stack member 2 use the comm...

Page 1254: ...e 0 Nbr 2way comms 1 Nbr full comms 1 Stack Port 2 Topology Event counters Link up 0 Link down 0 Nbr re init 0 Nbr incompatible 0 Nbr 2way comms 0 Nbr full comms 0 Stack Port 2 Topology Event counters Link up 0 Link down 0 Nbr re init 0 Nbr incompatible 0 Nbr 2way comms 0 Nbr full comms 0 Topology Message counters Tx Total 4 Tx Hellos 4 Tx Topo DB 0 Tx Topo update 0 Tx Link event 0 Tx Reinitialise...

Page 1255: ...br incompatible 0 Nbr 2way comms 0 Nbr full comms 1 Stack Port 2 Topology Event counters Link up 1 Link down 0 Nbr re init 0 Nbr incompatible 0 Nbr 2way comms 1 Nbr full comms 0 Topology Message counters Tx Total 1 Tx Hellos 1 Tx Topo DB 0 Tx Topo update 0 Tx Link event 0 Tx Reinitialise 0 Tx Port 1 0 Tx Port 2 1 Tx 1 hop transport 1 Tx Layer 2 transport 0 Rx Total 2 Rx Hellos 2 Rx Topo DB 0 Rx To...

Page 1256: ...times that the neighbour is detected as having reinitialised Nbr incompatible Number of times that the neighbour is detected as incompatible Nbr 2way comms Number of times that the neighbour is in two way communication status Nbr full comms Number of times that the neighbour is in full communication status Topology message counters Total Number of total topology messages Hellos Number of hello mes...

Page 1257: ...o debug stack remote command Virtual Chassis Stacking counters information Stack member 2 Topology Event Counters Units joined 3 Units left 1 Links up 6 Links down 2 ID conflict 1 Master conflict 0 Master failover 0 Master elected 1 Master discovered 0 SW autoupgrades 0 Unit renumbered 0 Unit reinitialised 0 Unit master 1 Unit slave 0 Stack port 2 1 1 counters Link up 1 Link down 0 Nbr re init 1 N...

Page 1258: ...ary information is displayed This command can be entered on any stack member as a host directed command However all stack members display the same stacking information Example To display basic information about the stack use the command Apply the command to a specific stack member in this case stack member 2 To display the detailed stacking information about the whole stack Apply the command for d...

Page 1259: ...scription ID Stack member ID MAC address Stack member MAC address Priority Stack member master election priority between 1 and 255 Note that the lowest number has the highest priority Role Stack member s role in the stack this can be one of Active Master Disabled Master The temporary master when there is a communication break within the stack and no fallback script exists In this state all switch ...

Page 1260: ...n Management VLAN ID 4094 Management VLAN subnet address 192 168 255 0 Stack member 1 ID 1 Pending ID MAC address 00 00 cd 24 f6 51 Last role change Wed Aug 15 10 39 16 2007 Product type x900 24XT N Role Active Master Priority 128 Host name awplus Auto upgrade True Fallback config Not configured Resiliency link Not configured Port 1 2 1 status Down Port 1 2 2 status Learnt neighbour 2 Stack member...

Page 1261: ...e stack renumber command on page 65 22 If there is no pending ID the symbol will display MAC address Stack member s hardware MAC address Note that frames from devices within a stacked virtual chassis will carry the source address of the stack master Last role change The time and date when the stack member last changed its role in the stack Product type Stack member product type Role Stack member s...

Page 1262: ... feature will copy the master s software release onto the new member If the auto upgrade feature is not enabled then the new member cannot join the stack Note that the auto upgrade feature may also result in the new stack member downgrading its software release if the master is running an older software version By default all stack members have the auto upgrade feature enabled Use the no form of t...

Page 1263: ...d can only be used when the stacking feature and XEM STK links were disabled by using no stack enable on the stack master Because that stackable standalone unit became a master for itself after using no stack enable when it tries to re join the stack by using this command it will reboot itself and join the stack as a back up member to avoid the master conflict Syntax stack enable no stack enable M...

Page 1264: ...cking units The fallback config allows the remaining stack members to continue processing network traffic to some degree without clashing with the existing stack s configuration Configuring a fallback configuration also means that the isolated stub members can still be accessible via a management IP address and so can be re configured on the fly Caution It is important that any ports that are conf...

Page 1265: ...cannot be reached external to the stack You should only change the VCS management VLAN subnet address if it causes a conflict within your network Note that several separate stacks can use the same default management VLAN subnet address even though their user ports may share the same external network If the VCS subnet address is changed then the configuration for any new units must also be updated ...

Page 1266: ...VCS management VLAN is created and configured automatically so that the VCS VLAN cannot be used in the stack s VLAN configuration commands such as awplus config vlan vlan VCS management VLAN ID bridge 1 23 The management VLAN should only be changed if the default VCS VLAN ID needs to be used in the stack s VLAN configuration Warning When the command is entered the updated management VLAN configura...

Page 1267: ...hen the stack member with the lowest MAC address will be elected as master Note that assigning a new priority value will not immediately change the current stack master In order to force a master re election after the new priority value is assigned use reboot stack member master s ID to reboot the current stack master a new stack master will be elected based on the new priority values Examples To ...

Page 1268: ...er 2 The current member ID must already be assigned to an existing stack member To avoid duplicating IDs a warning message will appear if you assign a new member ID that is currently assigned to another stack member However you can continue to rename the stack member IDs and remove ID duplications If you do not remove the duplications then the device with the highest root priority will be allocate...

Page 1269: ...13 50003 00 REV E 65 23 Because this command is an action command and is used in EXEC mode the configured member ID is saved immediately on the renumbered member and so is not reliant on the copy running config to startup config for it to take effect Examples Validation Command show stack Related Commands show stack awplus stack 2 renumber 3 ...

Page 1270: ...ther when the stack is initially configured or following a major reconfiguration This command is equivalent to pressing and holding the select button on the XEM STK to renumber the stack members The renumber will start on the specified stack member if that member ID is not used by any of the existing stack member the command will be rejected The starting stack member will be renumbered with the ne...

Page 1271: ...ss stub will now use the fallback config configuration to form a second temporary stack This utilizes the remaining stack members resources without conflicting directly with the master s configuration If no fallback config was specified for the stack then the masterless stub members will disable their switch ports If no health check reply messages are received then the master is assumed to be comp...

Page 1272: ...red on the stack master Syntax type stack master fail Mode Trigger Mode Examples To configure trigger 86 to activate when stack master fail over event occurs use the commands Related Commands trigger type stack neighbour type stack xem stk Parameter Description type Configure a particular type of trigger stack Virtual Chassis Stacking VCS master fail To activate the trigger if the master unit fail...

Page 1273: ... Syntax type stack neighbour join leave Mode Trigger Mode Examples To configure trigger 86 to activate when stack neighbour join event occurs Related Commands trigger type stack master fail type stack xem stk Parameter Description type Configure a particular type of trigger stack Virtual Chassis Stacking VCS neighbour The neighbour event to activate the trigger join Neighbour join event leave Neig...

Page 1274: ... master Syntax type stack xem stk up down Mode Trigger Mode Examples To configure trigger 86 to activate when stack XEM STK link down event occurs Related Commands trigger type stack master fail type stack xem stk Parameter Description type Configure a particular type of trigger stack Virtual Chassis Stacking VCS xem stk Stacking Expansion Module up XEM STK link up event down XEM STK link down eve...

Page 1275: ...the whole stack Syntax show running config stack Mode Privileged Exec mode Output Figure 65 5 Example output from the show running config stack command on page 65 29 To display the stacking running configuration information use the command Related Commands remote command show running config Parameter Description show Show running system information running config Current operating configuration st...

Page 1276: ...Stacking Commands 2008 Allied Telesis Inc All rights reserved 65 30 AlliedWare PlusTM Operating System Software Reference C613 50003 00 REV E Software Version 5 2 1 ...

Page 1277: ...t 30 5 area nssa 30 6 area range 30 7 area stub 30 8 area virtual link 30 9 arp IP address MAC address 23 3 arp aging timeout 23 2 auto cost reference bandwidth 30 11 B bandwidth 30 12 banner login 45 2 banner 8 2 bgp aggregate nexthop check 31 6 bgp always compare med 31 7 bgp bestpath as path ignore 31 8 bgp bestpath compare confed aspath 31 8 bgp bestpath compare routerid 31 9 bgp bestpath med ...

Page 1278: ...3 4 clear bgp 31 28 clear bgp A B C D 31 29 clear bgp ASN 31 29 clear bgp external 31 30 clear bgp peer group 31 30 clear bgp view 31 31 clear exception log 10 2 clear gvrp statistics 17 2 clear ip bgp 31 31 clear ip bgp A B C D 31 32 clear ip bgp ASN 31 34 clear ip bgp dampening 31 33 clear ip bgp external 31 35 clear ip bgp flap statistics 31 33 clear ip bgp peer group 31 36 clear ip bgp view 31...

Page 1279: ...terval 63 4 crypto key destroy hostkey 45 3 crypto key destroy userkey 45 4 crypto key generate hostkey 45 5 crypto key generate userkey 45 6 crypto key pubkey chain knownhosts 45 7 crypto key pubkey chain userkey 45 8 D day 61 3 debug bgp 31 38 debug epsr 49 2 debug gvrp 17 2 debug igmp 34 4 debug ip interface 23 5 debug ip irdp 23 6 debug mail 57 2 debug mstp RSTP and STP 19 4 debug nsm mcast 35...

Page 1280: ... default metric 28 5 default metric 30 22 default router 53 3 delete mail 57 2 delete 7 11 description 12 2 description 40 6 description 61 5 description 63 6 dir 7 12 disable 4 2 disable 47 5 distance bgp 31 39 distance ospf 30 23 distance rip 28 6 distribute list 28 7 distribute list 30 24 dns server 53 4 do 4 3 domain name 53 5 dot1x initialize interface 42 2 dot1x max req 42 3 dot1x port contr...

Page 1281: ... 4 exit address family 31 40 F fail count 63 7 flowcontrol 15 6 G gvrp applicant state 17 3 gvrp dynamic vlan creation 17 3 gvrp registration 17 4 gvrp timer 17 4 gvrp 17 3 H help 4 5 host area 30 25 host 53 6 hostname 8 8 I instance priority MSTP 19 7 instance vlan MSTP 19 8 interface 12 3 interface 47 6 ip access group 38 18 ip access group 40 8 ip address dhcp 53 7 ip address IPADDR 23 7 ip as ...

Page 1282: ...ble 34 14 ip igmp snooping fast leave 34 15 ip igmp snooping mrouter 34 16 ip igmp snooping querier 34 17 ip igmp snooping report suppression 34 18 ip igmp snooping routermode 34 19 ip igmp snooping 34 15 ip igmp ssm map enable 34 20 ip igmp ssm map static 34 21 ip igmp static group 34 22 ip igmp version 34 23 ip igmp 34 4 ip irdp address preference 23 12 ip irdp broadcast 23 13 ip irdp lifetime 2...

Page 1283: ... rp reachability 37 12 ip pim register source 37 13 ip pim register suppression 37 14 ip pim rp address 37 15 ip pim rp candidate 37 16 ip pim rp register kat 37 16 ip pim sparse mode passive 37 17 ip pim sparse mode 37 17 ip pim spt threshold group list 37 18 ip pim spt threshold 37 18 ip pim ssm 37 19 ip prefix list 38 19 ip proxy arp 23 21 ip rip authentication key chain 28 8 ip rip authenticat...

Page 1284: ...ess group 38 21 mac access group 40 9 mac address table acquire 15 7 mac address table ageing time 15 7 mac address table static 15 8 mail from 57 4 mail smtpserver 57 4 mail 57 3 match access group 38 22 match access group 40 9 match as path 32 2 match community 32 3 match cos 40 10 match inner cos 40 10 match inner tpid 40 11 match interface 32 4 match ip address 32 5 match ip next hop 32 7 matc...

Page 1285: ...amic 31 54 neighbor capability graceful restart 31 55 neighbor capability orf prefix list 31 56 neighbor capability route refresh 31 57 neighbor collide established 31 58 neighbor default originate 31 59 neighbor description 31 60 neighbor distribute list 31 61 neighbor dont capability negotiate 31 62 neighbor ebgp multihop 31 63 neighbor enforce multihop 31 64 neighbor filter list 31 65 neighbor ...

Page 1286: ...ss group 51 2 ntp authenticate 51 3 ntp authentication key 51 3 ntp broadcastdelay 51 4 ntp master 51 4 ntp peer 51 5 ntp server 51 6 ntp trusted key 51 6 O offset list 28 19 option 53 18 ospf abr type 30 43 ospf router id 30 44 overflow database external 30 45 overflow database 30 44 P pam local authentication attempts lockout time 5 8 pam local authentication attempts max fail 5 9 passive interf...

Page 1287: ...oad 65 5 remote command 65 6 repeat 61 6 restart bgp graceful 31 95 restart ospf graceful 30 47 restart rip graceful 28 21 revision MSTP 19 10 rmdir 7 17 rmon alarm 58 2 rmon collection history 58 3 rmon collection stats 58 4 rmon event 58 5 route map 32 13 router bgp view 31 97 router bgp 31 96 router ip irdp 23 23 router ospf 30 48 router rip 28 22 router vrrp 47 9 router id 30 49 S sample size ...

Page 1288: ...0 show bgp memory maxallocation 31 102 show bgp neighbors 31 101 show bgp paths 31 102 show bgp prefix list 31 103 show bgp quote regexp 31 103 show bgp regexp 31 104 show bgp route map 31 104 show bgp summary 31 105 show bgp 31 98 show boot 7 18 show cli 4 6 show clock 8 10 show counter dhcp client 53 22 show counter dhcp relay 53 23 show counter dhcp server 53 25 show counter mail 57 5 show coun...

Page 1289: ...s 17 6 show gvrp timer 17 6 show history 4 6 show hosts 23 25 show interface access group 40 48 show interface brief 12 6 show interface switchport 15 16 show interface 12 5 show ip access list 38 25 show ip bgp attribute info 31 108 show ip bgp cidr only 31 109 show ip bgp community 31 110 show ip bgp community info 31 110 show ip bgp community list 31 111 show ip bgp dampening 31 112 show ip bgp...

Page 1290: ... 60 show ip ospf database opaque link 30 61 show ip ospf database router 30 62 show ip ospf database summary 30 63 show ip ospf database 30 53 show ip ospf interface 30 65 show ip ospf neighbor 30 66 show ip ospf route 30 68 show ip ospf virtual links 30 69 show ip ospf 30 50 show ip pim sparse mode bsr router 37 20 show ip pim sparse mode interface detail 37 21 show ip pim sparse mode interface 3...

Page 1291: ...associations 51 8 show ntp status 51 8 show ping poll 63 15 show platform table port 15 21 show platform 15 20 show policy map 40 63 show port etherchannel LACP 21 8 show port security interface 15 22 show port security intrusion 15 23 show privilege 5 11 show process 8 24 show rmon alarm 58 6 show rmon event 58 6 show rmon history 58 7 show rmon statistics 58 8 show route map 32 31 show router id...

Page 1292: ...n 16 4 show vrrp VRID 47 11 show vrrp 47 11 shutdown 12 7 snmp server community 55 11 snmp server contact 55 12 snmp server enable trap 55 13 snmp server engineID 55 14 snmp server group 55 15 snmp server host 55 16 snmp server location 55 17 snmp server user 55 18 snmp server view 55 19 source ip 63 18 spanning tree autoedge RSTP and MSTP 19 21 spanning tree edgeport RSTP and MSTP 19 22 spanning ...

Page 1293: ...number 65 22 stack resiliencylink 65 25 static channel group 21 10 storm action 40 64 storm control level 15 25 storm downtime 40 65 storm protection 40 66 storm rate 40 67 storm window 40 68 subnet mask 53 33 summary address 30 71 switchport access vlan 16 6 switchport enable vlan 15 26 switchport enable vlan 16 7 switchport mode access 16 8 switchport mode private vlan 16 9 switchport mode trunk...

Page 1294: ... type stack neighbour 65 27 type stack xem stk 65 28 type time 61 19 U undebug all pim sparse mode 37 29 undebug bgp 31 125 undebug nsm 8 33 undebug rip 28 28 undebug vrrp events 47 12 undebug vrrp packet 47 12 undebug vrrp 47 12 up count 63 20 username 5 15 V version 28 28 virtual ip 47 13 vlan classifier activate 16 17 vlan classifier group 16 17 vlan classifier rule ipv4 16 18 vlan classifier r...

Reviews:

No comments