Allied Telesis AT-9000/12PoE User Manual Download Page 1364 | Manualshive

Page: 1364 / 1482

background image

Chapter 86: Secure HTTPS Web Browser Server

1364

Overview

The switch has a web browser server for remote management of the unit
with a web browser application from management workstations on your
network. The server has a secure HTTPS mode and a non-secure HTTP
mode. Web browser management sessions that use the secure HTTPS
mode are protected against snooping because the packets exchanged
between the switch and your management workstations are encrypted.
Only the switch and the workstations are able to decipher the packets.

In contrast, web browser management sessions conducted in the non-
secure HTTP mode are vulnerable to eavesdropping because the packets
are sent in clear text.

This chapter explains how to configure the switch for the secure HTTPS
mode. For directions on the non-secure mode, refer to Chapter 84, “Non-
secure HTTP Web Browser Server” on page 1351.

Certificates

When you initiate an HTTPS connection from your management
workstation to the switch, the switch responds by sending a certificate to
your workstation. This file contains the encryption key that the two devices
use to encrypt and decrypt their packets to each other. Also included in
the certificate is a distinguished name that identifies the owner of the
certificate, which in the case of a certificate for your switch, is the switch
itself and your company.

The switch does not come with a certificate. You have to create it, along
with the encryption key and distinguished name, as part of the HTTPS
configuration process.

There are two ways to create the certificate. The quickest and easiest way
is to have the switch create it itself. This type of certificate is called a self-
signed certificate because the switch authenticates the certificate itself.

Another option is to create the encryption key and have someone else
issue the certificate. That person, group, or organization is called a
certification authority (CA), of which there are public and private CAs. A
public CA issues certificates typically intended for use by the general
public, for other companies or organizations. Public CAs require proof of
the identify of the company or organization before they will issue a
certificate. VeriSign is an example of a public CA.

Because the certificate for the switch is not intended for general use and
will only be used by you and other network managers to manage the
device, having a public CA issue the certificate will probably be
unnecessary.

Some large companies have private CAs. This is a person or group that is
responsible for issuing certificates for the company’s network equipment.

«
...
1362
1363
1364
1365
1366
...
»

Summary of Contents for AT-9000/12PoE

Page 1: ...001823 Rev B AT 9000 Series Gigabit Ethernet Switches AT 9000 12PoE AT 9000 28 AT 9000 28PoE AT 9000 28SP AT 9000 52 Management Software Command Line Interface User s Guide AlliedWare Plus Version 2 1...

Page 2: ...ng University of Posts and Telecommunications All rights reserved Copyright c 2003 by Fabasoft R D Software GmbH Co KG All rights reserved Copyright c 2004 2006 by Internet Systems Consortium Inc ISC...

Page 3: ...is logo are trademarks of Allied Telesis Incorporated Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation All other product names company names logos or other designatio...

Page 4: ......

Page 5: ...unk 54 INTERFACE VLAN Command 54 VLAN DATABASE Command 55 LOCATION CIVIC LOCATION Command 55 LOCATION COORD LOCATION Command 55 Moving Up the Hierarchy 56 EXIT and QUIT Commands 56 END Command 56 DISA...

Page 6: ...D 104 Chapter 6 Temperature and Fan Control Commands 105 ECOFRIENDLY LED 106 NO ECOFRIENDLY LED 107 SHOW ECOFRIENDLY 108 SHOW SYSTEM ENVIRONMENT 109 Section II Basic Operations 111 Chapter 7 Basic Swi...

Page 7: ...I MDI X Wiring Configuration 175 Enabling or Disabling Ports 176 Enabling or Disabling Backpressure 177 Enabling or Disabling Flow Control 178 Resetting Ports 181 Configuring Threshold Limits for Ingr...

Page 8: ...bling and Disabling PoE 246 Adding PD Descriptions to Ports 248 Prioritizing Ports 249 Managing the Maximum Power Limit on Ports 250 Managing Legacy PDs 251 Monitoring Power Consumption 252 Displaying...

Page 9: ...teway 297 Chapter 14 IPv4 and IPv6 Management Address Commands 299 CLEAR IPV6 NEIGHBORS 301 IP ADDRESS 302 IP ADDRESS DHCP 304 IP ROUTE 306 IPV6 ADDRESS 308 IPV6 ROUTE 310 NO IP ADDRESS 312 NO IP ADDR...

Page 10: ...and Switch to Member Switches 385 Disabling Enhanced Stacking 387 Chapter 20 Enhanced Stacking Commands 389 ESTACK COMMAND SWITCH 391 ESTACK RUN 392 NO ESTACK COMMAND SWITCH 393 NO ESTACK RUN 394 RCOM...

Page 11: ...TCHPORT BLOCK EGRESS MULTICAST 450 SWITCHPORT BLOCK INGRESS MULTICAST 451 Section III File System 453 Chapter 26 File System 455 Overview 456 Copying Boot Configuration Files 457 Renaming Boot Configu...

Page 12: ...PY FLASH TFTP 503 COPY TFTP FLASH 504 COPY ZMODEM 506 UPLOAD IMAGE REMOTELIST 507 Section IV Event Messages 509 Chapter 32 Event Log 511 Overview 512 Displaying the Event Log 513 Clearing the Event Lo...

Page 13: ...39 LACP Commands 575 CHANNEL GROUP 576 LACP SYSTEM PRIORITY 578 NO CHANNEL GROUP 579 PORT CHANNEL LOAD BALANCE 580 SHOW ETHERCHANNEL 582 SHOW ETHERCHANNEL DETAIL 583 SHOW ETHERCHANNEL SUMMARY 585 SHO...

Page 14: ...641 Configuring Port Costs 641 Configuring Port Priorities 642 Designating Point to point and Shared Ports 642 Designating Edge Ports 642 Enabling or Disabling RSTP Loop guard 643 Enabling or Disabli...

Page 15: ...HOW SPANNING TREE MST CONFIG 700 SHOW SPANNING TREE MST 701 SHOW SPANNING TREE MST INSTANCE 702 SPANNING TREE ERRDISABLE TIMEOUT ENABLE 703 SPANNING TREE ERRDISABLE TIMEOUT INTERVAL 704 SPANNING TREE...

Page 16: ...VRP and Network Security 766 GVRP inactive Intermediate Switches 767 Enabling GVRP on the Switch 768 Enabling GIP on the Switch 769 Enabling GVRP on the Ports 770 Setting the GVRP Timers 771 Disabling...

Page 17: ...S 822 VLAN MACADDRESS 824 VLAN SET MACADDRESS Global Configuration Mode 826 VLAN SET MACADDRESS Port Interface Mode 828 Chapter 53 Private Port VLANs 831 Overview 832 Host Ports 832 Uplink Port 832 Pr...

Page 18: ...PORT SECURITY 887 SWITCHPORT PORT SECURITY AGING 888 SWITCHPORT PORT SECURITY MAXIMUM 889 SWITCHPORT PORT SECURITY VIOLATION 890 Chapter 60 802 1x Port based Network Access Control 893 Overview 894 A...

Page 19: ...ZED 942 DOT1X PORT CONTROL FORCE UNAUTHORIZED 943 DOT1X TIMEOUT TX PERIOD 944 NO AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUS 945 NO AUTH DYNAMIC VLAN CREATION 946 NO AUTH GUEST VLAN 947 NO AUTH REAU...

Page 20: ...IEW 1007 SHOW SNMP SERVER 1008 SHOW SNMP SERVER GROUP 1009 SHOW SNMP SERVER HOST 1010 SHOW SNMP SERVER USER 1011 SHOW SNMP SERVER VIEW 1012 SNMP SERVER 1013 SNMP SERVER ENGINEID LOCAL 1014 SNMP SERVER...

Page 21: ...2 Deleting LLDP MED Location Entries 1073 Disabling LLDP and LLDP MED on the Switch 1074 Displaying General LLDP Settings 1075 Displaying Port Settings 1076 Displaying or Clearing Neighbor Information...

Page 22: ...pter 71 RMON 1155 Overview 1156 RMON Port Statistics 1157 Adding Statistics Groups 1157 Viewing Statistics Groups 1158 Deleting Statistics Groups 1158 RMON Histories 1159 Adding History Groups 1159 Di...

Page 23: ...tricting Remote Access 1224 Deleting Numbered IP and MAC Address ACLs 1225 Displaying the ACLs 1226 Displaying IPv4 ACLs 1226 Displaying IP ACL Port Assignments 1226 Displaying ACLs Assigned to VTY Li...

Page 24: ...E PASSWORD 1304 NO SERVICE PASSWORD ENCRYPTION 1305 NO USERNAME 1306 SERVICE PASSWORD ENCRYPTION 1307 USERNAME 1308 Chapter 78 Telnet Server 1311 Overview 1312 Enabling the Telnet Server 1313 Disablin...

Page 25: ...ificate 1367 Configuring the HTTPS Web Server for a Certificate Issued by a CA 1370 Enabling the Web Browser Server 1374 Disabling the Web Browser Server 1375 Displaying the Web Browser Server 1376 Ch...

Page 26: ...CS SERVER HOST 1430 TACACS SERVER KEY 1431 TACACS SERVER TIMEOUT 1432 Appendix A System Monitoring Commands 1433 SHOW CPU 1434 SHOW CPU HISTORY 1435 SHOW CPU USER THREADS 1436 SHOW MEMORY 1437 SHOW ME...

Page 27: ...MPv3 1467 Simple Network Time Protocol 1468 Spanning Tree Protocols STP RSTP and MSTP 1469 Spanning Tree Status 1469 Spanning Tree Protocol 1469 Rapid Spanning Tree Protocol 1469 Multiple Spanning Tre...

Page 28: ...Contents 28...

Page 29: ...22 Connecting the Management Cable to the Console Port 66 Figure 23 AlliedWare Plus Command Line Prompt 67 Figure 24 SHOW BOOT Command 71 Figure 25 Displaying the Keywords of a Mode 79 Figure 26 Displ...

Page 30: ...igure 77 SHOW MAC ADDRESS TABLE Command 363 Figure 78 SHOW ESTACK REMOTELIST Command 374 Figure 79 SHOW ESTACK Command 376 Figure 80 SHOW ESTACK Command 398 Figure 81 SHOW ESTACK COMMAND SWITCH Comman...

Page 31: ...pans Switches 805 Figure 140 SHOW VLAN MACADDRESS Command 813 Figure 141 SHOW VLAN MACADDRESS Command 822 Figure 142 SHOW VLAN PRIVATE VLAN Command 838 Figure 143 SHOW VLAN PRIVATE VLAN Command 842 Fi...

Page 32: ...190 Figure 195 SHOW RMON HISTORY Command 1192 Figure 196 SHOW RMON STATISTICS Command 1194 Figure 197 SHOW ACCESS LIST Command 1226 Figure 198 SHOW INTERFACE ACCESS GROUP Command 1227 Figure 199 SHOW...

Page 33: ...OW POWER INLINE COUNTERS INTERFACE Command 277 Table 25 SHOW POWER INLINE INTERFACE DETAIL Command 280 Table 26 Features Requiring an IP Management Address on the Switch 286 Table 27 Management IP Add...

Page 34: ...AN MACADDRESS Command 823 Table 79 Private Port VLAN Commands 839 Table 80 Voice VLAN Commands 845 Table 81 VLAN Stacking Process 855 Table 82 VLAN Stacking Commands 861 Table 83 MAC Address based Por...

Page 35: ...131 Numbered MAC ACL Example 1213 Table 132 Assigning Numbered IPv4 ACLs 1215 Table 133 Assigning MAC Address ACLs Example 1215 Table 134 Removing Numbered IP ACLs Example 1217 Table 135 Removing MAC...

Page 36: ...Tables 36...

Page 37: ...aution The customer re seller sub contractor distributor software developer or any buyer of an Allied Telesis ATI product known as customer hereby agrees to have all licenses required by any governmen...

Page 38: ...s Note Notes provide additional information Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data Warning Warnings inform you that pe...

Page 39: ...Guide 39 Where to Find Web based Guides The installation and user guides for all of the Allied Telesis products are available for viewing in portable document format PDF from our web site at www allie...

Page 40: ...and to contact Allied Telesis experts USA and EMEA phone support Select the phone number that best fits your location and customer type Hardware warranty information Learn about Allied Telesis warran...

Page 41: ...Line Interface on page 43 Chapter 2 Starting a Management Session on page 65 Chapter 3 Basic Command Line Management on page 77 Chapter 4 Basic Command Line Management Commands on page 83 Chapter 5 T...

Page 42: ...42...

Page 43: ...on page 44 Management Interfaces on page 47 Local Manager Account on page 48 AlliedWare Plus Command Modes on page 49 Moving Down the Hierarchy on page 52 Moving Up the Hierarchy on page 56 Port Numbe...

Page 44: ...h the switch For modern PCs without a serial port a USB to serial adapter and driver software is required Note The initial management session of the switch must be from a local management session Remo...

Page 45: ...Secure Shell Management The switch has an SSH server for remote management with an SSH client on a management workstation This management method is similar to Telnet management sessions in that it giv...

Page 46: ...EdgeSwtich mib RFC 1155 MIB RFC 1213 MIB II RFC 1493 Bridge MIB RFC 1643 Ethernet MIB RFC 2096 IP Forwarding Table MIB RFC 2790 Host MIB RFC 2863 Interface Group MIB RFC 3176 sFlow MIB IEEE 802 1x 201...

Page 47: ...management interfaces AlliedWare Plus command line Web browser windows The AlliedWare Plus command line is available from local management sessions and remote Telnet and Secure Shell management sessio...

Page 48: ...ticates the user name and password itself If more manager accounts are needed you can add up to eight more local manager accounts For instructions refer to Chapter 76 Local Manager Accounts on page 12...

Page 49: ...anagement function you first have to move to the mode that has the appropriate commands For instance to configure the speeds and wiring configurations of the ports you have to move to the Port Interfa...

Page 50: ...ile system Pings remote systems Sets the date and time Saves the current configuration Downloads new versions of the management software Restores the default settings Renames files in the file system...

Page 51: ...f Configures port settings Disables and enables ports Configures the port mirror Configures 802 1x port based network access control Creates static port trunks Sets the load distribution method for st...

Page 52: ...ed Exec mode The format of the command is enable Figure 2 ENABLE Command CONFIGURE TERMINAL Command You use this command to move from the Privileged Exec mode to the Global Configuration mode The form...

Page 53: ...ic port trunks You specify a trunk by its name of po followed by its ID number You can specify only one static port trunk at a time The format of the command is interface trunk_name This example enter...

Page 54: ...k by its name of sa followed by its ID number You can specify only one static port trunk at a time The format of the command is interface trunk_name This example enters the Static Port Trunk Interface...

Page 55: ...ies The format of the command is location civic location id_number This example assigns the ID number 16 to a new LLDP civic location entry Figure 13 LLDP LOCATION CIVIC LOCATION Command LOCATION COOR...

Page 56: ...one level in the hierarchy as illustrated in Figure 15 Figure 15 Moving Up One Mode with the EXIT and QUIT Command END Command After you have configured a feature you may want to return to the Privil...

Page 57: ...57 Figure 16 Returning to the Privileged Exec Mode with the END Command DISABLE Command To return to the User Exec mode from the Privileged Exec mode use the DISABLE command Figure 17 Returning to the...

Page 58: ...lots for networking modules It is used to identify the networking modules by their slot numbers This number should always be 0 for AT 9000 Series switches because they are not modular switches Port nu...

Page 59: ...l ports and port ranges in the same command as illustrated in these commands which enter the Port Interface mode for ports 5 to 11 and ports 16 and 18 awplus enable awplus configure terminal awplus co...

Page 60: ...SFP module is installed but does not have a link to a network device The twisted pair port automatically changes to the redundant status mode when an SFP module establishes a link with a network devic...

Page 61: ...ses the following command format conventions screen text font This font illustrates the format of a command and command examples Brackets indicate optional parameters Vertical line separates parameter...

Page 62: ...000000 bytes 128MB Total memory used by CFE 0x87EB8000 0x87FFFBE0 1342432 Initialized Data 0x87EFA324 0x87EFCAF0 10188 BSS Area 0x87EFCAF0 0x87EFDBE0 4336 Local Heap 0x87EFDBE0 0x87FFDBE0 1048576 Stac...

Page 63: ...T VLAN done Initializing Port Mirroring done Initializing Telnet done Initializing Snmp Service done Initializing Web Service done Initializing Monitor done Initializing STP done Initializing SPANNING...

Page 64: ...AB done Initializing FTABV6 done Initializing ACM done Initializing Filter done Initializing L3_MGMT done Initializing L3APP_MGMT done Initializing SFLOW done Initializing NTP done Initializing CPU_HI...

Page 65: ...tions Starting a Local Management Session on page 66 Starting a Remote Telnet or SSH Management Session on page 68 What to Configure First on page 70 Ending a Management Session on page 75 Note You mu...

Page 66: ...n the back panel on the AT 9000 52 Switch Figure 22 Connecting the Management Cable to the Console Port 2 Connect the other end of the cable to an RS 232 port on a terminal or PC with a terminal emula...

Page 67: ...nagement session of the switch enter manager as the user name friend as the password The user name and password are case sensitive The local management session has started when the AlliedWare Plus com...

Page 68: ...the client resides The default gateway must be a member of the same subnet as the management IP address For instructions refer to What to Configure First on page 70 or Chapter 13 IPv4 and IPv6 Managem...

Page 69: ...dividual lines Management session timer This timer is used by the switch to end inactive management sessions automatically This protects the switch from unauthorized changes to its configuration sessi...

Page 70: ...container the file when you create it contains about 20 lines The quickest and easiest way to create a new boot configuration file and to designate it as the active file is with the BOOT CONFIG FILE...

Page 71: ...clearsky2a Note Write down the new password and keep it in a safe and secure location If you forget the manager password you cannot manage the switch if there are no other management accounts on the u...

Page 72: ...h the default gateway The switch must also have a default gateway if the network devices are not members of the same subnet as the management IP address The default gateway specifies the IP address of...

Page 73: ...right that constitute the network portion of the address For example the decimal masks 16 and 24 are equivalent to masks 255 255 0 0 and 255 255 255 0 respectively awplus config if exit Return to the...

Page 74: ...the ports as untagged ports to the VLAN with the SWITCHPORT ACCESS VLAN command awplus config if exit Return to the Global Configuration mode awplus config interface vlan5 Use the INTERFACE VLAN comma...

Page 75: ...go to either the Privileged Exec mode or the User Exec mode From the Privileged Exec mode enter either the EXIT or LOGOUT to end a management session awplus exit or awplus logout From the User Exec mo...

Page 76: ...Chapter 2 Starting a Management Session 76...

Page 77: ...mmand Line Management This chapter contains the following sections Clearing the Screen on page 78 Displaying the On line Help on page 79 Saving Your Configuration Changes on page 81 Ending a Managemen...

Page 78: ...you can start fresh by entering the CLEAR SCREEN command in the User Exec or Privileged Exec mode If you are in a lower mode you have to move up the mode hierarchy to one of these modes to use the co...

Page 79: ...tem simply displays the previous keyword Typing a question mark at the point in a command where a value is required displays a value s class that is integer string etc The example in Figure 27 on page...

Page 80: ...d Line Management 80 Figure 27 Displaying the Class of a Parameter awplus enable awplus configure terminal awplus config hostname STRING sysName awplus enable awplus configure terminal awplus config h...

Page 81: ...ING CONFIG STARTUP CONFIG command both of which are found in the Privileged Exec mode When you enter either of these commands the switch copies its running configuration into the active boot configura...

Page 82: ...go to either the Privileged Exec mode or the User Exec mode From the Privileged Exec mode enter either the EXIT or LOGOUT to end a management session awplus exit or awplus logout From the User Exec mo...

Page 83: ...with the current settings from the switch DISABLE on page 90 Privileged Exec Returns you to the User Exec mode from the Privileged Exec mode DO on page 91 Global Configuration Performs Privileged Exe...

Page 84: ...98 All modes except the User Exec and Privileged Exec Moves you up one mode WRITE on page 99 Privileged Exec Updates the active boot configuration file with the current settings of the switch Table 5...

Page 85: ...available parameters Note You must type a space between a keyword and the question mark Otherwise the on line help returns the previous keyword Typing after a keyword or parameter that requires a valu...

Page 86: ...ine Management Commands 86 This example displays the class of the value for the SPANNING TREE HELLO TIME command in the Global Configuration mode awplus enable awplus configure terminal awplus config...

Page 87: ...0 Switch Command Line User s Guide 87 CLEAR SCREEN Syntax clear screen Parameters None Modes User Exec and Privileged Exec modes Description Use this command to clear the screen Example awplus clear s...

Page 88: ...mands 88 CONFIGURE TERMINAL Syntax configure terminal Parameters None Mode Privileged Exec mode Description Use this command to move from the Privileged Exec mode to the Global Configuration mode Exam...

Page 89: ...When you enter the command the switch copies its parameter settings into the active boot configuration file The switch saves only those parameters that are not at their default settings Note Paramete...

Page 90: ...DISABLE Syntax disable Parameters None Mode Privileged Exec mode Description Use this command to return to the User Exec mode from the Privileged Exec mode Example The following command returns the s...

Page 91: ...d Exec mode commands To view the available commands type a question mark after the DO command Examples This example displays all of the Privileged Exec mode commands you may perform using the DO comma...

Page 92: ...Syntax enable Parameters None Mode User Exec mode Description Use this command to move from the User Exec mode to the Privileged Exec mode Example The following command moves the prompt from the User...

Page 93: ...yntax end Parameters None Mode All modes below the Global Configuration mode Description Use this command to return to the Privileged Exec mode Example The following command returns the prompt to the...

Page 94: ...ve down one mode in the mode hierarchy in all modes except the User Exec and Privileged Exec modes Using the EXIT command in the User Exec and Privileged Exec modes terminates the management session E...

Page 95: ...ethods To set this parameter for local management sessions enter the command in the Console Line mode To set this parameter for the ten VTY lines for remote Telnet and SSH sessions enter the same comm...

Page 96: ...d Line Management Commands 96 This example returns the number of lines to the default setting for local management sessions awplus enable awplus configure terminal awplus config line console 0 awplus...

Page 97: ...Description Use this command to end a management session Note Entering the EXIT command in either the User Exec or Privileged Exec mode also ends a management session Example This example shows the s...

Page 98: ...se this command to move up one mode in the mode hierarchy This command is almost identical to the EXIT command The difference is that unlike the EXIT command the QUIT command cannot be used to end a m...

Page 99: ...he switch copies its parameter settings into the active boot configuration file The switch saves only those parameters that are not at their default settings Note Parameter changes that are not saved...

Page 100: ...Chapter 4 Basic Command Line Management Commands 100...

Page 101: ...101 Chapter 5 Temperature and Fan Control Overview Overview on page 102 Displaying the System Environmental Status on page 103 Controlling Eco Mode LED on page 104...

Page 102: ...n modules Checking this information helps you to identify potential hardware issues before they become problems To check the switch s environmental and saving energy status and turn on and off the por...

Page 103: ...c or Privileged Exec mode and enter the command awplus show system environment Figure 28 shows an example of the information the command displays The columns are described in SHOW SYSTEM ENVIRONMENT o...

Page 104: ...Eco Mode LED control to conserve additional power on the port LEDs The Eco Mode LED is an eco friendly feature that turns off the port LEDs when they are not necessary To enable Eco Mode LED control e...

Page 105: ...106 Global Configuration Turns off the port LEDs on the switch to save power NO ECOFRIENDLY LED on page 107 Global Configuration Turns on the port LEDs on the switch SHOW ECOFRIENDLY on page 108 Priv...

Page 106: ...ECOFRIENDLY LED Syntax ecofriendly led Parameters None Mode Global Configuration mode Description Use this command to turn off the port LEDs on the switch to save power Confirmation Command SHOW ECOF...

Page 107: ...ecofriendly led Parameters None Mode Global Configuration mode Description Use this command to turn on the port LEDs on the switch Confirmation Command SHOW ECOFRIENDLY on page 108 Example The followi...

Page 108: ...ec mode Description Use this command to display the power saving status of the port LEDs An example of the information the command displays is shown in Figure 29 Figure 29 SHOW ECOFRIENDLY Command Exa...

Page 109: ...ure 30 SHOW SYSTEM ENVIRONMENT Command The columns in the display are described here Table 7 SHOW SYSTEM ENVIRONMENT Command Parameter Description Switch Model Indicates a model name of the switch ID...

Page 110: ...e The following example displays environmental information for the switch awplus show system environment Reading Indicates the current reading of the item Status Indicates the status of the item Table...

Page 111: ...n page 285 Chapter 14 IPv4 and IPv6 Management Address Commands on page 299 Chapter 15 Simple Network Time Protocol SNTP Client on page 323 Chapter 16 SNTP Client Commands on page 331 Chapter 17 MAC A...

Page 112: ...112...

Page 113: ...ngs on page 116 Manually Setting the Date and Time on page 117 Pinging Network Devices on page 118 Resetting the Switch on page 119 Restoring the Default Settings to the Switch on page 120 Setting the...

Page 114: ...nsist of up to 39 alphanumeric characters Spaces punctuation special characters and quotation marks are not permitted This example assigns the name Switch12 to the switch awplus enable awplus configur...

Page 115: ...paces and special characters are allowed To view the information use the SHOW SYSTEM command in the User Exec and Privileged Exec modes Here is an example that assigns the switch this contact and loca...

Page 116: ...mode The settings which are displayed in their equivalent command line commands are limited to just those parameters that have been changed from their default values The information includes new sett...

Page 117: ...rst three letters For example June is Jun The first letter must be uppercase and the second and third letters lowercase yyyy Use this variable to specify the year The year must be specified in four di...

Page 118: ...switch to send ICMP Echo Requests to a network device known by the IP address 149 122 14 15 awplus enable awplus ping 149 122 14 15 The results of the ping are displayed on the screen Note To send ICM...

Page 119: ...r and complexity of the commands in the active boot configuration file Note Any configuration changes that have not been saved in the active boot configuration file are discarded when you reset the sw...

Page 120: ...o delete the active boot configuration file One way is with the DELETE command in the Privileged Exec mode Here is the format of the command delete filename cfg This example deletes the active boot co...

Page 121: ...active boot configuration file you can rename it with the MOVE command in the Privileged Exec mode and then reset the switch Here is the format of the MOVE command move filename1 cfg filename2 cfg The...

Page 122: ...an example to set the baud rate of the Console port on the switch to 57600 bps Example 1 awplus enable awplus configure terminal awplus config conf baud rate set 57600 awplus config Enter configuratio...

Page 123: ...000 Switch Command Line User s Guide 123 Note The baud rate is the only adjustable parameter on the Console port For reference information refer to BAUD RATE SET on page 139 and SHOW BAUD RATE on page...

Page 124: ...er this command in different modes depending on the timer you want to set The timer for local management sessions is set in the Line Console mode which is accessed using the LINE CONSOLE 0 command fro...

Page 125: ...VTY lines This example sets the management session timer to 8 minutes on VTY line 2 awplus enable awplus configure terminal awplus config line vty 2 awplus config line exec timeout 8 This example set...

Page 126: ...n manage the unit at a time You set the maximum number of sessions with the SERVICE MAXMANAGER command in the Global Configuration mode The default is three manager sessions This example sets the maxi...

Page 127: ...d SSH management sessions The display banner displays the contents of the login banner The User Exec and Privileged Exec modes banner is displayed above the command line prompts of these two modes aft...

Page 128: ...ode This example of the BANNER MOTD command assigns the switch the message of the day banner in Figure 33 on page 127 awplus enable awplus configure terminal awplus config banner motd Type CTRL D to f...

Page 129: ...ves the message of the day banner awplus enable awplus configure terminal awplus config no banner motd This example removes the login banner awplus enable awplus configure terminal awplus config no ba...

Page 130: ...Chapter 7 Basic Switch Management 130...

Page 131: ...page 141 Privileged Exec Restores the default settings to all the parameter settings on the switch EXEC TIMEOUT on page 142 Line Console Sets the console timer which is used to end inactive management...

Page 132: ...active boot configuration file SHOW SWITCH on page 159 Privileged Exec Displays general information about the switch SHOW SYSTEM on page 161 User Exec Displays general information about the switch SH...

Page 133: ...nter the command the Type CTRL D to finish prompt is displayed Enter a banner message of up to 256 characters Spaces and special characters are allowed When you are finished press CTRL D To remove the...

Page 134: ...Chapter 8 Basic Switch Management Commands 134 This example deletes the banner awplus enable awplus configure terminal awplus config no banner exec...

Page 135: ...the command the Type CTRL D to finish prompt is displayed on your screen Enter a login message of up to 4 000 characters Spaces and special characters are allowed When you are finished press CTRL D T...

Page 136: ...Chapter 8 Basic Switch Management Commands 136 This example removes the login banner awplus enable awplus configure terminal awplus config no banner login...

Page 137: ...the command the Type CTRL D to finish prompt is displayed Enter a message of the day banner of up to 256 characters Spaces and special characters are allowed When you are finished press CTRL D To rem...

Page 138: ...Chapter 8 Basic Switch Management Commands 138 This example removes the message of the day banner awplus enable awplus configure terminal awplus config no banner motd...

Page 139: ...switch Note If you change the baud rate of the serial terminal port during a local management session your session will be interrupted To resume the session you must change the speed of your terminal...

Page 140: ...and the second and third letters lowercase year Specifies the year The year must be specified in four digits for example 2011 or 2012 Mode Privileged Exec mode Confirmation Command SHOW CLOCK on page...

Page 141: ...management software Some network traffic may be lost To resume managing the switch after restoring the default settings you must establish a local management session from the Console port Remote manag...

Page 142: ...active by the switch if there is no management activity for the duration of a timer Local management sessions which are conducted through the Console port on the switch and remote Telnet and SSH sessi...

Page 143: ...mmand Line User s Guide 143 This example sets the session timer for the first vty 0 Telnet or SSH session to 5 minutes awplus enable awplus configure terminal awplus config line vty 0 awplus config li...

Page 144: ...the description displayed on the screen Figure 34 HELP Command Example This example displays the HELP command awplus help When you need help at the command line press If nothing matches the help list...

Page 145: ...al characters and quotation marks are not permitted Mode Global Configuration mode Description Use this command to assign the switch a name The switch displays the name in the command line prompt in p...

Page 146: ...Console mode to set the session timer and to activate or deactivate remote authentication for local management sessions Example The following example enters the Line Console mode to set the session t...

Page 147: ...or a range of VTY lines to set the session timer or to activate or deactivate remote authentication for Telnet or SSH management sessions Refer to EXEC TIMEOUT on page 142 to set session timeout valu...

Page 148: ...obal Configuration mode Description Use this command to delete the switch s name without assigning a new name Example This example deletes the current name of the switch without assigning a new value...

Page 149: ...tween the switch and another network device such as a RADIUS server or a Telnet client or to troubleshoot communication problems To ping an IPv6 address see PING IPv6 on page 151 In order to specify t...

Page 150: ...ch Management Commands 150 Example This command instructs the switch to ping a network device with the IP address 149 122 14 15 awplus enable awplus ping 149 122 14 15 The results of the ping are disp...

Page 151: ...quivalent 12c4 421e 09a8 0000 0000 0000 00a4 1c50 12c4 421e 09a8 a4 1c50 X X X X repeat 1 99 Specifies the number of times the ping is sent The default is 4 times size 36 18024 Indicates the packet si...

Page 152: ...lost The reset can take from 10 seconds to two minutes depending on the number and complexity of the commands in the active boot configuration file Note The switch discards any configuration changes...

Page 153: ...traffic may be lost The reset can take from 10 seconds to 2 minutes depending on the number and complexity of the commands in the active boot configuration file Note The switch discards any configura...

Page 154: ...Use this command to set the maximum number of manager sessions that can be open on the switch simultaneously This feature makes it possible for more than one person to manage the unit at one time The...

Page 155: ...the contents of the banner login file configured with the BANNER LOGIN command A sample of the display is shown below Figure 35 SHOW BANNER LOGIN Command Example This example displays the contents of...

Page 156: ...r local management sessions of the switch Here is an example of the information Figure 36 SHOW BAUD RATE Command To set the baud rate refer to BAUD RATE SET on page 139 Note The baud rate is the only...

Page 157: ...Guide 157 SHOW CLOCK Syntax show clock Parameters None Modes User Exec mode Description Use this command to display the system s current date and time Example This example displays the system s curre...

Page 158: ...mands The command displays only the settings that have been changed from their default values and includes those values that have not yet been saved in the active boot configuration file Parameters at...

Page 159: ...plication Software Version The version number of the management software Application Software Build Date The date and time when Allied Telesis released this version of the management software MAC Addr...

Page 160: ...tch ends management sessions if they are inactive for the length of the timer To set the timer refer to EXEC TIMEOUT on page 142 Telnet Server Status The status of the Telnet server The switch can be...

Page 161: ...nd Example This example displays general information about the switch awplus show system Switch System StatusFri 18 Nov 2011 00 37 26 BoardBoard NameRevSerial Number BaseAT 9000 28 R1S05525A090200007...

Page 162: ...ters None Mode User Exec and Privileged Exec modes Description Use this command to display the serial number of the switch Figure 39 is an example of the output Figure 39 SHOW SYSTEM SERIALNUMBER Comm...

Page 163: ...th a web browser application or an SNMP application Figure 40 displays an example of the information Figure 40 SHOW USERS Command The columns are described in Table 10 Table 10 SHOW USERS Command Para...

Page 164: ...u just entered the SHOW USERS command Location The network device from which the manager is accessing the switch A device connected to the Console port is identified by ttys0 while remote Telnet and S...

Page 165: ...r and build date of the management software Figure 41 displays an example of the information Figure 41 SHOW VERSION Command Example This example displays the management software version number awplus...

Page 166: ...act information to the switch The contact information is usually the name of the person who is responsible for managing the unit To remove the current contact information without adding a new contact...

Page 167: ...this command to add location information to the switch To remove the current location information without adding new information use the NO form of this command Confirmation Command SHOW SYSTEM on pa...

Page 168: ...ing australia china europe japan korea nz New Zealand usa Mode Global Configuration mode Description Use this command to specify the territory of the switch The territory setting is not currently used...

Page 169: ...AT 9000 Switch Command Line User s Guide 169 This example removes the current territory information awplus enable awplus configure terminal awplus config no system territory...

Page 170: ...Chapter 8 Basic Switch Management Commands 170...

Page 171: ...g or Disabling Backpressure on page 177 Enabling or Disabling Flow Control on page 178 Resetting Ports on page 181 Configuring Threshold Limits for Ingress Packets on page 182 Displaying Threshold Lim...

Page 172: ...move the current description from a port without assigning a new description use the NO form of this command This example assigns the name printer22 to port 15 awplus enable awplus configure terminal...

Page 173: ...o activates Auto Negotiation for duplex mode You should review the following information before configuring the ports Auto Negotiation may be activated separately for speed and duplex mode on a port F...

Page 174: ...gure terminal awplus config interface port1 0 2 port1 0 4 awplus config if speed 10 awplus config if duplex full This example sets the speed on port 15 to Auto Negotiation and the duplex mode to half...

Page 175: ...is the POLARITY command in the Port Interface mode Here is the format of the command polarity auto mdi mdix The AUTO setting activates auto MDI MDIX which enables a port to detect the wiring configura...

Page 176: ...disable ports use the SHUTDOWN command in the Port Interface mode To enable ports again use the NO SHUTDOWN command This example disables ports 1 to 4 awplus enable awplus configure terminal awplus co...

Page 177: ...x modes manually If you enable backpressure the default setting a port initiates backpressure when it needs to prevent a buffer overrun from packet congestion If you disable backpressure a port does n...

Page 178: ...OWCONTROL SEND command controls whether or not a port sends pause packets during periods of packet congestion If you set it to ON the port sends pause packets when it reaches the point of packet conge...

Page 179: ...low control use the NO FLOWCONTROL command in the Port Interface mode This example disables flow control on ports 22 and 23 awplus enable awplus configure terminal awplus config interface port1 0 22 p...

Page 180: ...Chapter 9 Port Parameters 180 If flow control is not configured on a port this message is displayed Flow control is not set on interface port1 0 2...

Page 181: ...the Port Interface mode This command performs a hardware reset The port parameter settings are retained The reset takes just a second or two to complete This example resets ports 16 and 17 awplus ena...

Page 182: ...ronym for database lookup failure is for unknown unicast packets The VALUE parameter specifies the maximum permitted number of ingress packets per second a port will accept The range is 0 to 33 554 43...

Page 183: ...no storm control broadcast This example disables unknown unicast rate limiting on port 5 6 and 15 awplus enable awplus configure terminal awplus config interface port1 0 5 port1 0 6 port1 0 15 awplus...

Page 184: ...ion the command displays Figure 43 SHOW STORM CONTROL Command The columns are described in Table 15 on page 227 If the parameter port is not specified the command displays the threshold settings on al...

Page 185: ...plished with the RENEGOTIATE command in the Port Interface mode The command does not have any parameters A port must already be set to Auto Negotiation before you can use this command This example pro...

Page 186: ...a port use the PURGE command in the Port Interface mode This example returns ports 12 13 and 15 to their default settings awplus enable awplus configure terminal awplus config interface port1 0 12 po...

Page 187: ...and 20 awplus show interface port1 0 18 port1 0 20 status Here is an example of the information the command displays Figure 45 SHOW INTERFACE STATUS Command The columns are described in Table 15 on p...

Page 188: ...NNING CONFIG INTERFACE Command For a description of the command see SHOW RUNNING CONFIG INTERFACE on page 232 Interface port1 0 1 Link is UP administrative state is UP Address is 0015 77cc e243 index...

Page 189: ...of the command show platform table port port counters This example displays the statistics for ports 23 and 24 awplus show platform table port port1 0 23 port1 0 24 counter The statistics are describ...

Page 190: ...BLE command in the Privileged Exec mode Here is the format of the command show system pluggable For more information about this command see SHOW SYSTEM PLUGGABLE on page 235 To view more detail inform...

Page 191: ...S RATE LIMIT on page 202 Port Interface Sets a limit on the amount of traffic that can be transmitted per second from the port FCTRLLIMIT on page 203 Port Interface Specifies threshold levels for flow...

Page 192: ...HOW INTERFACE STATUS on page 227 Privileged Exec Displays the speed and duplex mode settings of the ports SHOW PLATFORM TABLE PORT COUNTERS on page 229 Privileged Exec Displays packet statistics for t...

Page 193: ...CONTROL on page 241 Port Interface Sets a maximum limit of the number of broadcast multicast or unknown unicast packets forwarded by a port Table 11 Port Parameter Commands Continued Command Mode Des...

Page 194: ...buffer overrun and the subsequent loss and retransmission of network packets A port initiates backpressure by transmitting on the shared link to cause a data collision which causes its link partner to...

Page 195: ...configures ports 8 and 21 to 100 Mbps half duplex mode with backpressure disabled awplus enable awplus configure terminal awplus config interface port1 0 8 port1 0 21 awplus config if speed 100 awplu...

Page 196: ...default value is 7935 cells Mode Port Interface mode Description Use this command to specify a threshold level for backpressure on a port Confirmation Command SHOW RUNNING CONFIG on page 158 Example T...

Page 197: ...r You can specify more than one port at a time in the command Mode User Exec mode and Privileged Exec mode Description Use this command to clear the packet counters of the ports To display the counter...

Page 198: ...entify if they have descriptions Use the NO form of this command to remove descriptions from ports without assigning new descriptions Note The POWER INLINE DESCRIPTION command is used to describe powe...

Page 199: ...ommand Line User s Guide 199 This example removes the current name from port 11 without assigning a new name awplus enable awplus configure terminal awplus config interface port1 0 11 awplus config if...

Page 200: ...end and receive packets simultaneously Note To avoid a duplex mode mismatch between switch ports and network devices do not select Auto Negotiation on ports that are connected to network devices on wh...

Page 201: ...11 half duplex awplus enable awplus configure terminal awplus config interface port1 0 11 awplus config if duplex half This example configures the duplex mode with Auto Negotiation on port 15 awplus e...

Page 202: ...s per second Mode Port Interface mode Description Use this command to set a limit on the amount of traffic that can be transmitted per second from the port Confirmation Command SHOW RUNNING CONFIG on...

Page 203: ...35 cells The default value is 7935 cells Mode Port Interface mode Description Use this command to specify threshold levels for flow control on the ports Confirmation Command SHOW RUNNING CONFIG on pag...

Page 204: ...time to process the packets already in their buffers A port that is experiencing traffic congestion initiates flow control by sending pause packets These packets instruct the link partner to stop tra...

Page 205: ...perating in full duplex mode Confirmation Command SHOW FLOWCONTROL INTERFACE on page 219 Examples This example configures port 19 to 100 Mbps full duplex mode with both the send and receive parts of f...

Page 206: ...ing periods of traffic congestion But the receive portion is enabled so that the ports respond to pause packets from their network counterparts by temporarily ceasing transmission awplus enable awplus...

Page 207: ...bed port can prevent other ports from forwarding packets to each other because ingress packets on a port are buffered in a First In First Out FIFO manner If a port has at the head of its ingress queue...

Page 208: ...of the storage capacity of port D exceeds the threshold the switch signals the other ports to discard packets destined for port D Port A drops the D packets enabling it to once again forward packets t...

Page 209: ...ce mode Description Use this command to disable egress rate limiting on the ports Confirmation Command SHOW RUNNING CONFIG on page 158 Example This example disable egress rate limiting on the ports 4...

Page 210: ...t Interface mode Description Use this command to disable flow control on ports Confirmation Command SHOW FLOWCONTROL INTERFACE on page 219 Example This example disables flow control on port 16 awplus...

Page 211: ...e Description Use this command to enable ports so that they forward packets again This is the default setting for a port Confirmation Command SHOW RUNNING CONFIG on page 158 Example This example enabl...

Page 212: ...the ports of the switch The switch does not send traps when a port on which link trap is disabled experiences a change in its link state i e goes up or down Confirmation Command SHOW INTERFACE on pag...

Page 213: ...on page 158 Examples This example removes the threshold limit for broadcast packets on port 12 awplus enable awplus configure terminal awplus config interface port1 0 12 awplus config if no storm con...

Page 214: ...perating at 10 or 100 Mbps can have one of two wiring configurations known as MDI medium dependent interface and MDI X medium dependent interface crossover To forward traffic a port on the switch and...

Page 215: ...configuration awplus enable awplus configure terminal awplus config interface port1 0 4 port1 0 18 awplus config if polarity mdix This example activates auto MDI MDIX on ports 1 to 3 awplus enable awp...

Page 216: ...to these port parameters Enabled status NO SHUTDOWN Description Speed Duplex mode MDI MDI X Flow control Backpressure Head of line blocking threshold Backpressure cells Example This example restores...

Page 217: ...s speed and duplex mode with its network device You might use this command if you believe that a port and a network device did not establish the highest possible common settings during the Auto Negoti...

Page 218: ...and to perform a hardware reset on the ports The ports retain their parameter settings The reset takes only a second or two to complete You might reset a port if it is experiencing a problem Example T...

Page 219: ...Command The fields are described in Table 12 Table 12 SHOW FLOWCONTROL INTERFACE Command Parameter Description Port Port number Send admin Whether or not flow control is active on the transmit side of...

Page 220: ...displays the flow control settings for port 2 awplus show flowcontrol interface port1 0 2 RxPause The number of received pause packets TxPause The number of transmitted pause packets Table 12 SHOW FL...

Page 221: ...port whose current status you want to view You can display more than one port at a time To display all the ports do not include this parameter Modes Privileged Exec mode Description Use this command t...

Page 222: ...put packets 0 bytes 0 dropped 0 multicast packets 0 output packets 0 bytes 0 multicast packets 0 broadcast packets 0 Interface port1 0 2 Link is UP administrative state is UP Address is 0015 77cc e244...

Page 223: ...m packet size of the ports The ports have a maximum packet size of 9198 bytes This is not adjustable Unknown Ingress Egress Multicast Blocking The status of multicast blocking on the port To set multi...

Page 224: ...r Commands 224 Examples This command displays the current operational state of all the ports awplus show interface This command displays the current operational state of ports 1 to 4 awplus show inter...

Page 225: ...ed in Table 14 Table 14 SHOW INTERFACE BRIEF Command Field Description Interface Indicates the port number Status Indicates the administrative state of the port The administrative state is DOWN if the...

Page 226: ...ink statuses of all of the ports on the switch awplus show interface brief Protocol Indicates the status of the link on the port This field is UP when the port has a link with a network device and DOW...

Page 227: ...mmand The fields are described in Table 15 PortNameStatus Vlan Duplex SpeedType port1 0 1Port_01down3 half 10010 100 1000Base T port1 0 2Port_02up11 auto auto10 100 1000Base T port1 0 2Port_02up2 auto...

Page 228: ...interface port1 0 17 port1 0 18 status Duplex The duplex mode setting of the port The setting can be half full or auto for Auto Negotiation To set the duplex mode refer to DUPLEX on page 200 Speed The...

Page 229: ...witch The statistics are described in Table 16 To clear the packet counters refer to CLEAR PORT COUNTER on page 197 Table 16 SHOW PLATFORM TABLE PORT COUNTERS Command Parameter Description 64 65 127 1...

Page 230: ...port has encountered UnsupportOpcode Number of MAC Control frames with unsupported opcode UndersizePkts Number of frames that were less than the minimum length as specified in the IEEE 802 3 standard...

Page 231: ...discarded prior to transmission because of an error ipInHdrErrors Number of ingress packets that were discarded because of a hardware error Miscellaneous Counters MAC TxErr Number of frames not trans...

Page 232: ...f the ports The command displays only the settings that have been changed from their default values and includes those values that have not yet been saved in the active boot configuration file An exam...

Page 233: ...hows an example of the information when you enter the following command awplus show storm control port1 0 15 Figure 54 SHOW STORM CONTROL Command See Table 17 for a description of the table headings T...

Page 234: ...mmand displays the settings of ports 15 and 18 awplus show storm control port1 0 15 port1 0 18 DlfLevel Indicates the maximum number of unknown unicast packets destination lookup failure DLF packets p...

Page 235: ...nd to display information about the SFP modules in the switch Figure 55 SHOW SYSTEM PLUGGABLE Command Example This example displays SFP module information awplus show system pluggable System Pluggable...

Page 236: ...igure 56 SHOW SYSTEM PLUGGABLE DETAIL Command The OM1 field specifies the link length supported by the pluggable transceiver using 62 5 micron multi mode fiber The OM2 field specifies the link length...

Page 237: ...hat are unused to secure them from unauthorized use or that are having problems with network cables or their link partners The default setting for the ports is enabled To reactivate a port refer to NO...

Page 238: ...state To disable link traps on a port refer to NO SNMP TRAP LINK STATUS on page 212 Note For the switch to send SNMP traps you must activate SNMP and specify one or more trap receivers For instructio...

Page 239: ...uplex operation a twisted pair port must be set to Auto Negotiation Mode Port Interface mode Description Use this command to manually set the speeds of the twisted pair ports or to activate Auto Negot...

Page 240: ...Chapter 10 Port Parameter Commands 240 This example activates Auto Negotiation on port 15 awplus enable awplus configure terminal awplus config interface port1 0 15 awplus config if speed auto...

Page 241: ...0 to 33 554 431 packets Mode Port Interface mode Description Use this command to set maximum thresholds for the ingress packets on the ports Ingress packets that exceed the thresholds are discarded by...

Page 242: ...example sets the maximum threshold level of 100 000 packets per second for ingress multicast packets on port 4 awplus enable awplus configure terminal awplus config interface port1 0 4 awplus config i...

Page 243: ...Disabling PoE on page 246 Adding PD Descriptions to Ports on page 248 Prioritizing Ports on page 249 Managing the Maximum Power Limit on Ports on page 250 Managing Legacy PDs on page 251 Monitoring P...

Page 244: ...hat provides PoE to other network devices is referred to as power sourcing equipment PSE The AT 9000 12PoE and AT 9000 28PoE switches are PSE devices providing DC power to the network cable and functi...

Page 245: ...itization The ports on the PoE switch are assigned to one of three priority levels These levels and descriptions are listed in Table 19 Without enough power to support all the ports set to the same pr...

Page 246: ...le and enable PoE Globally all the ports on the switch at a time Individually on a port basis To enable PoE globally use the SERVICE POWER INLINE command in the Global Configuration mode See SERVICE P...

Page 247: ...Command Line User s Guide 247 This example disables PoE individually on port 5 to port 8 awplus enable awplus configure terminal awplus config interface port1 0 5 port1 0 8 awplus config if no power...

Page 248: ...ION on page 267 To remove the current description from the port without assigning a new one use the NO POWER INLINE DESCRIPTION command See NO POWER INLINE DESCRIPTION on page 259 This example adds a...

Page 249: ...priority level to the PDs See POWER INLINE PRIORITY on page 270 To reset the priority level to the default Low level use the NO POWER INLINE PRIORITY command See NO POWER INLINE PRIORITY on page 262 T...

Page 250: ...IP phone to port 1 on the PoE switch The switch detects that the power class of the IP phone is 2 The maximum power output from the switch for a PD of class 2 is 7 0 watts Thus the switch sets 7 0 wa...

Page 251: ...egacy PDs as valid PDs use the POWER INLINE ALLOW LEGACY command to provide power to legacy PDs See POWER INLINE ALLOW LEGACY on page 266 To disable the switch to detect legacy PDs as valid PDs use th...

Page 252: ...n Table 20 Note You have to configure SNMP to use the trap For instructions refer to Chapter 62 SNMPv1 and SNMPv2c on page 963 or Chapter 64 SNMPv3 Commands on page 999 This example configures the swi...

Page 253: ...ports on the switch SHOW POWER INLINE COUNTERS Displays the PoE event counters for the ports SHOW POWER INLINE INTERFACE Displays PoE information of specified ports SHOW POWER INLINE INTERFACE DETAIL...

Page 254: ...the information the command displays The columns are described in Table 25 on page 280 Figure 59 SHOW POWER INLINE INTERFACE DETAIL Command Interface Admin Pri Oper Power Device Class Max mW port1 0 1...

Page 255: ...261 Port Interface Restores a port s power limit to the default value NO POWER INLINE PRIORITY on page 262 Port Interface Restores a port s priority setting to the default Low level NO POWER INLINE U...

Page 256: ...WER INLINE on page 274 Privileged Exec Displays switch and port PoE information SHOW POWER INLINE COUNTERS INTERFACE on page 277 Privileged Exec Displays the port PoE event counters SHOW POWER INLINE...

Page 257: ...Privileged Exec mode Description Use this command to clear the PoE port event counters To clear all of the port counters do not enter a port number Confirmation Command SHOW POWER INLINE COUNTERS INT...

Page 258: ...Legacy PDs are PoE devices that were designed before the IEEE 802 3af and IEEE 802 3at PoE standards were finalized This is the default setting for the ports Confirmation Command SHOW POWER INLINE INT...

Page 259: ...mand to delete PD descriptions from the ports Confirmation Commands SHOW POWER INLINE on page 274 SHOW POWER INLINE INTERFACE on page 279 SHOW POWER INLINE INTERFACE DETAIL on page 280 Example The fol...

Page 260: ...ot transmit power when PoE is disabled but they do forward network traffic Confirmation Commands SHOW POWER INLINE on page 274 SHOW POWER INLINE INTERFACE on page 279 SHOW POWER INLINE INTERFACE DETAI...

Page 261: ...mits are based on the power classes of the PDs See Managing the Maximum Power Limit on Ports on page 250 for details Confirmation Commands SHOW POWER INLINE on page 274 SHOW POWER INLINE INTERFACE on...

Page 262: ...ore the default Low priority setting to the ports Confirmation Commands SHOW POWER INLINE on page 274 SHOW POWER INLINE INTERFACE on page 279 SHOW POWER INLINE INTERFACE DETAIL on page 280 Example Thi...

Page 263: ...mmand to reset the power usage threshold to the default 80 The switch sends an SNMP power inline trap if the power requirements of the switch and PDs exceed the defined threshold Confirmation Command...

Page 264: ...The ports do not transmit power to the PDs when PoE is disabled but they do forward network traffic The default setting for PoE is enabled Confirmation Commands SHOW POWER INLINE on page 274 SHOW POWE...

Page 265: ...sable the transmission of SNMP power inline traps The switch sends this trap if the power requirements of the switch and PDs exceed the threshold set with POWER INLINE USAGE THRESHOLD on page 272 Conf...

Page 266: ...y PDs are PoE devices that were designed before the IEEE 802 3af and IEEE 802 3at PoE standards were finalized The default setting is no support for legacy PDs Confirmation Commands SHOW POWER INLINE...

Page 267: ...e ports to make the ports and PDs easier to identify Note To add a general description to a port use the DESCRIPTION command For more information see DESCRIPTION on page 198 Confirmation Commands SHOW...

Page 268: ...mmand to enable PoE on the ports This is the default setting Confirmation Commands SHOW POWER INLINE on page 274 SHOW POWER INLINE INTERFACE on page 279 SHOW POWER INLINE INTERFACE DETAIL on page 280...

Page 269: ...ount of power a port may transmit to a PD Ports can have different limits The default power limits are based on the classes of the PDs See Managing the Maximum Power Limit on Ports on page 250 for det...

Page 270: ...ng power This level is the default setting Mode Port Interface mode Description Use this command to assign PoE priority levels to the ports The priority levels are Low High and Critical Ports connecte...

Page 271: ...mmand Line User s Guide 271 Example This example assigns the Critical priority level to port 5 awplus enable awplus configure terminal awplus config interface port1 0 5 awplus config if power inline p...

Page 272: ...Use this command to set a threshold of the switch s total available system and PoE power An SNMP trap is transmitted if the requirements of the switch and the PDs exceed the threshold To activate the...

Page 273: ...scription Use this command to enable PoE on the switch This is the default setting Confirmation Commands SHOW POWER INLINE on page 274 SHOW POWER INLINE INTERFACE on page 279 SHOW POWER INLINE INTERFA...

Page 274: ...us Nominal Power 490W Power Allocated 346 0W Actual Power Consumption 151 0W Operational Status On Power Usage Threshold 80 392W PoE Interface Interface Admin Pri Oper Power mW DeviceClassMax mW port1...

Page 275: ...A SNMP trap is transmitted if the power requirements of the switch and PDs exceed the threshold This parameter is set with POWER INLINE USAGE THRESHOLD on page 272 PoE Interface A table of port PoE in...

Page 276: ...witch is exceeding the total available power Test The port is in a test mode Power The port s current power consumption in milliwatts mW Device The port s PD description This parameter is set with POW...

Page 277: ...61 SHOW POWER INLINE COUNTERS INTERFACE Command The fields are described in Table 24 PoE Counters Interface MPSAbsent Overload Short Invalid Denied port1 0 4 0 0 0 0 0 port1 0 5 0 0 0 0 0 port1 0 6 0...

Page 278: ...t counters for ports 4 to 6 awplus show power inline counters interface port1 0 4 port1 0 6 Denied The number of times the port had to deny power to the PD because the switch had reached its maximum p...

Page 279: ...OW POWER INLINE INTERFACE Command This command displays a subset of the information the SHOW POWER INLINE command displays The fields are described in Table 23 on page 275 Example This example display...

Page 280: ...3 Figure 63 SHOW POWER INLINE INTERFACE DETAIL Command The fields are described in Table 25 Interface port1 0 1 Powered device type Desk Phone 1 PoE admin enabled Priority Low Detection status Powered...

Page 281: ...evel This is default level High the higher priority level Crit the critical or highest priority level Detection status The PoE operating status of the port The possible status are listed here Powered...

Page 282: ...ces The status of support for a legacy PD on the port Enabled The port supports legacy devices Disabled The port does not support legacy devices Support for legacy devices is enabled with POWER INLINE...

Page 283: ...tivate the transmission of the SNMP power inline trap The trap is sent if the power requirements of the switch and PDs exceed the power limit threshold set with POWER INLINE USAGE THRESHOLD on page 27...

Page 284: ...Chapter 12 Power Over Ethernet Commands 284...

Page 285: ...Management Addresses This chapter contains the following information Overview on page 286 Assigning an IPv4 Management Address and Default Gateway on page 289 Assigning an IPv6 Management Address and...

Page 286: ...or along with an IPv6 address Table 26 Features Requiring an IP Management Address on the Switch Feature Description Supported by IPv4 Address Supported by IPv6 Address 802 1x port based network acces...

Page 287: ...to the switch yes no Syslog client Used to send the event messages from the switch to syslog servers on your network for storage yes no TACACS client Used for remote management authentication using a...

Page 288: ...e switch does not support the assignment of an IPv6 management address from a DHCP server or by IPv6 auto assignment You must also assign the switch a default gateway if the management devices syslog...

Page 289: ...address For instructions refer to Chapter 47 Port based and Tagged VLANs on page 717 Here is the format of the command ip address ipaddress mask dhcp The IPADDRESS parameter is the IPv4 management ad...

Page 290: ...The VLAN is assigned the VID 17 and consists of untagged ports 5 and 6 The first series of commands create the new VLAN awplus enable Enter the Privileged Executive mode from the User Exec mode awplus...

Page 291: ...sents the first hop to the networks in which the management devices reside The switch can have only one IPv4 default gateway and the address must be a member of the same subnet as the management IPv4...

Page 292: ...to change the address or assign it to a different VLAN you have to delete it and recreate it with the necessary changes To delete a static IPv4 management address from the switch enter the NO IP ADDR...

Page 293: ...witch is displayed in the first entry in the table and the default gateway address if assigned to the switch in the second entry Figure 64 displays an example of the information Figure 64 SHOW IP ROUT...

Page 294: ...s refer to Chapter 47 Port based and Tagged VLANs on page 717 If the switch already has an IPv4 address the IPv6 address must be assigned to the same VLAN as that address Here is the format of the com...

Page 295: ...ce vlan8 awplus config if ipv6 address 1857 80cf d54 1a 8f57 64 awplus config if exit Note You cannot use a DHCP server or SLAAC State Address Autoconfiguration to assign the switch a dynamic IPv6 add...

Page 296: ...ipv6 route 0 389c be45 78 c45 8156 To verify the default route issue these commands awplus config if end awplus show ipv6 route Deleting an IPv6 Management Address and Default Gateway To delete a sta...

Page 297: ...efault route is displayed first followed by the management address Figure 66 SHOW IPV6 ROUTE Command Another way to display just the management address is with the SHOW IPV6 INTERFACE command shown he...

Page 298: ...Chapter 13 IPv4 and IPv6 Management Addresses 298...

Page 299: ...address IPV6 ADDRESS on page 308 VLAN Interface Assigns the switch a static IPv6 management address IPV6 ROUTE on page 310 Global Configuration Assigns the switch an IPv6 default gateway address NO IP...

Page 300: ...OW IPV6 INTERFACE on page 320 Privileged Exec Displays the IPv4 management address SHOW IPV6 ROUTE on page 321 Privileged Exec Displays the IPv6 management address and default gateway Table 27 Managem...

Page 301: ...RS Syntax clear ipv6 neighbors Parameters None Mode Privileged Exec mode Description Use this command to clear all of the dynamic IPv6 neighbor entries Example This example clears all of the dynamic I...

Page 302: ...asks 255 255 0 0 and 255 255 255 0 respectively Mode VLAN Interface mode Description Use this command to manually assign the switch an IPv4 management address You must perform this command from the VL...

Page 303: ...which has the VID 1 awplus enable awplus configure terminal awplus config interface vlan1 awplus config if ip address 142 35 78 21 24 This example assigns the switch the IPv4 management address 116 15...

Page 304: ...hich you want to assign the address The switch must have a management IPv4 address to support the features listed in Table 26 on page 286 The switch can have only one IPv4 address and it must be assig...

Page 305: ...activates the DHCP client so that the switch obtains its IPv4 management address from a DHCP server on your network The address is applied to a VLAN with the VID 4 awplus enable awplus configure termi...

Page 306: ...rk devices such as Telnet clients and syslog servers that are not members of the same subnet as its IPv4 address You must assign the switch a default gateway address if both of the following are true...

Page 307: ...witch Command Line User s Guide 307 Example This example assigns the switch the IPv4 default gateway address 143 87 132 45 awplus enable awplus configure terminal awplus config ip route 0 0 0 0 0 143...

Page 308: ...number that represents the number of bits from left to right that constitute the network portion of the address For example an address whose network designator consists of the first eight bytes would...

Page 309: ...he IPv6 management address 4c57 17a9 11 190 a1d4 64 to the Default_VLAN which has the VID 1 awplus enable awplus configure terminal awplus config interface vlan1 awplus config if ipv6 address 4c57 17a...

Page 310: ...n address of an interface on a router or other Layer 3 device It defines the first hop to reaching the remote subnets or networks where the network devices are located You must assign the switch a def...

Page 311: ...Command Line User s Guide 311 Example This example assigns the switch the IPv6 default gateway address 45ab 672 934c 78 17cb awplus enable awplus configure terminal awplus config ipv6 route 0 45ab 67...

Page 312: ...mmand from the VLAN Interface mode of the VLAN to which the address is attached Note The switch uses the IPv4 management address to perform the features listed Table 26 on page 286 If you delete it th...

Page 313: ...is attached This command also disables the DHCP client Note The switch uses the IPv4 management address to perform the features listed Table 26 on page 286 If you delete it the switch will not support...

Page 314: ...ode Global Configuration mode Description Use this command to delete the current IPv4 default gateway The command must include the current default gateway Confirmation Command SHOW IP ROUTE on page 31...

Page 315: ...ress is attached Note The switch uses the IPv6 management address to perform the features listed Table 26 on page 286 If you delete it the switch will not support the features unless it also has an IP...

Page 316: ...iguration mode Description Use this command to delete the current IPv6 default gateway from the switch The command must include the current default gateway Confirmation Command SHOW IPV6 ROUTE on page...

Page 317: ...the switch Figure 68 is an example of the information Figure 68 SHOW IP INTERFACE Command The Interface field is the VID of the VLAN to which the management IP address is assigned The IP Address field...

Page 318: ...d in Table 28 Table 28 SHOW IP ROUTE Command Parameter Description Mask The masks of the management IP address and the default gateway address The mask of the default gateway is always 0 0 0 0 NextHop...

Page 319: ...AT 9000 Switch Command Line User s Guide 319 Example The following example displays the routes on the switch awplus show ip route...

Page 320: ...xample of the information Figure 70 SHOW IPV6 INTERFACE Command The fields are described in Table 29 Example The following example displays the IPv6 management address awplus show ipv6 interface Inter...

Page 321: ...he switch Figure 71 is an example of the information The default route is display first followed by the management address Figure 71 SHOW IPV6 ROUTE Command Example The following example displays the...

Page 322: ...Chapter 14 IPv4 and IPv6 Management Address Commands 322...

Page 323: ...tion Overview on page 324 Activating the SNTP Client and Specifying the IP Address of an NTP or SNTP Server on page 325 Configuring Daylight Savings Time and UTC Offset on page 326 Disabling the SNTP...

Page 324: ...s Time For instructions refer to Configuring Daylight Savings Time and UTC Offset on page 326 You must specify the offset of the switch from Coordinated Universal Time UTC For instructions refer to Co...

Page 325: ...n NTP or SNTP server use the NTP PEER command in the Global Configuration mode You can specify the IP address of only one server This example of the command specifies 1 77 122 54 as the IP address of...

Page 326: ...ions refer to Activating the SNTP Client and Specifying the IP Address of an NTP or SNTP Server on page 325 This table lists the commands you use to configure the daylight savings time and UTC offset...

Page 327: ...Line User s Guide 327 In this example the client is configured for ST and a UTC offset of 2 hours and 45 minutes awplus enable awplus configure terminal awplus config no clock summer time awplus confi...

Page 328: ...Disabling the SNTP Client To disable the SNTP client so that the switch does not obtain its date and time from an NTP or SNTP server use the NO PEER command in the Global Configuration mode awplus ena...

Page 329: ...SHOW NTP ASSOCIATIONS Command The fields are described in Table 32 on page 339 To learn whether the switch has synchronized its time with the designated NTP or SNTP server use the SHOW NTP STATUS comm...

Page 330: ...apter 15 Simple Network Time Protocol SNTP Client 330 Displaying the Date and Time To display the date and time use the SHOW CLOCK command in the User Exec mode or Privileged Exec mode awplus show clo...

Page 331: ...ctivates Daylight Savings Time and enables Standard Time NO NTP PEER on page 335 Global Configuration Disables the NTP client NTP PEER on page 336 Global Configuration Specifies the IP address of the...

Page 332: ...he switch is in a locale that uses DST you must remember to enable this when DST begins and disable when DST ends If the switch is in a locale that does not use DST set this option to disabled all the...

Page 333: ...is 00 00 Mode Global Configuration mode Description Use this command to set the UTC offset which is used by the switch to convert the time from an SNTP or NTP server into local time You must configur...

Page 334: ...e this command to disable Daylight Savings Time DST and activate Standard Time ST on the SNTP client Confirmation Command SHOW NTP ASSOCIATIONS on page 339 Examples The following example disables Dayl...

Page 335: ...the SNTP client on the switch When the client is disabled the switch does not obtain its date and time from an SNTP or NTP server the next time it is reset or power cycled Confirmation Command SHOW N...

Page 336: ...pecify the IP address of the SNTP or NTP server from which it is to obtain its date and time You can specify only one SNTP or NTP server After you enter this command the switch automatically begins to...

Page 337: ...ete the IP address of the SNTP or NTP server and restore the client settings to the default values Confirmation Command SHOW NTP ASSOCIATIONS on page 339 Example The following example disables the SNT...

Page 338: ...W CLOCK Syntax show clock Parameters None Modes User Exec mode and Privileged Exec mode Description Use this command to display the switch s date and time Example The following example displays the sw...

Page 339: ...SHOW NTP ASSOCIATIONS Command Parameter Description Status The status of the SNTP client software on the switch The status can be either enabled or disabled If enabled the switch seeks its date and t...

Page 340: ...n hours between UTC and local time The range is 12 to 12 hours The default is 0 hours This value is set with CLOCK TIMEZONE on page 333 Daylight Savings Time DST The status of the daylight savings tim...

Page 341: ...or SNTP server An example of the display is shown in Figure 75 Figure 75 SHOW NTP STATUS Command The IP address above is the address of the NTP or SNTP server specified with the NTP PEER command See...

Page 342: ...Chapter 16 SNTP Client Commands 342...

Page 343: ...Table This chapter discusses the following topics Overview on page 344 Adding Static MAC Addresses on page 346 Deleting MAC Addresses on page 348 Setting the Aging Timer on page 350 Displaying the MAC...

Page 344: ...l its ports excluding the port where the packet was received If the ports are grouped into virtual LANs the switch floods the packet only to those ports that belong to the same VLAN from which the pac...

Page 345: ...tes You can also enter addresses manually into the table These addresses are referred to as static addresses Static MAC addresses remain in the table indefinitely and are never deleted even when the n...

Page 346: ...iable to specify the port to which the end node of an address is connected You can specify just one port vlan name or VID Use this variable to specify the name or the ID number of the VLAN of the port...

Page 347: ...AT 9000 Switch Command Line User s Guide 347 awplus enable awplus configure terminal awplus config mac address table static 00 a0 d2 18 1a 11 discard interface port1 0 7...

Page 348: ...xx xx or xxxx xxxx xxxx interface You can use this parameter to delete all of the static or dynamic addresses on a particular port You can specify more than one port at a time vlan You can use this pa...

Page 349: ...ddresses added to ports 2 to 5 awplus enable awplus clear mac address table static interface port1 0 2 port1 0 5 This example deletes all of the dynamic addresses learned on the ports of the VLAN with...

Page 350: ...To set the aging timer use the MAC ADDRESS TABLE AGEING TIME command in the Global Configuration mode Here is the format of the command mac address table ageing time value none The aging time is expre...

Page 351: ...e command displays the entire MAC address table awplus show mac address table This example displays the MAC addresses learned on port 2 awplus show mac address table interface port1 0 2 Aging Interval...

Page 352: ...Chapter 17 MAC Address Table 352 This example displays the addresses learned on the ports in a VLAN with the VID 8 awplus show mac address table vlan 8...

Page 353: ...EING TIME on page 356 Global Configuration Sets the aging timer which is used by the switch to identify inactive dynamic MAC addresses for deletion from the table MAC ADDRESS TABLE STATIC on page 358...

Page 354: ...er one of the following formats xx xx xx xx xx xx or xxxx xxxx xxxx interface Deletes MAC addresses learned on a specific port port Specifies the port the MAC addresses to be deleted was learned on Yo...

Page 355: ...r mac address table static address 00 12 a3 d4 67 da This example deletes all of the dynamic addresses learned on ports 17 to 20 awplus enable awplus clear mac address table dynamic interface port1 0...

Page 356: ...ddress table to prevent the table from becoming full of inactive addresses An address is considered inactive if no packets are sent to or received from the corresponding node for the duration of the t...

Page 357: ...not delete inactive dynamic MAC addresses from the table awplus enable awplus configure terminal awplus config mac address table ageing time none This example returns the aging timer to its default se...

Page 358: ...C address is to be assigned A unicast MAC address can be added to only one port vlan name Specifies the name of the VLAN where the node designated by the MAC address is a member vid Specifies the ID n...

Page 359: ...0 4 vlan Production This example adds the static MAC address 00 a0 d2 18 1d 11 to port 7 in the Default_VLAN which has the VID 1 The port discards the packets from the specified node awplus enable awp...

Page 360: ...designated source MAC address port Specifies the port s where the MAC address is assigned vlan name Specifies the name of the VLAN where the node of the MAC address is a member This parameter is optio...

Page 361: ...of the owner of the address awplus enable awplus configure terminal awplus config no mac address table static 00 a0 d2 18 1a 11 forward interface port1 0 12 vlan 1 This example deletes the MAC address...

Page 362: ...address is included in the display The address must be specified in either one of the following formats xx xx xx xx xx xx or xxxx xxxx xxxx port Specifies a port You may specify more than one port vi...

Page 363: ...ard Dynamic 1 1 0 2 00a0 c416 3b80 Forward Dynamic 1 1 0 3 00a0 12c2 10c6 Forward Dynamic 1 1 0 4 00a0 c209 10d8 Forward Dynamic 1 1 0 4 00a0 3343 a187 Forward Dynamic 1 1 0 4 00a0 12a7 1468 Forward D...

Page 364: ...t include a value of 90 08 B9 awplus show mac address table include 90 08 B9 Fwd The status of the address MAC addresses have the status of Forward meaning that they are used by the switch to forward...

Page 365: ...Member Switch on page 372 Managing the Member Switches of an Enhanced Stack on page 374 Changing the Enhanced Stacking Mode on page 376 Uploading Boot Configuration Files from the Command Switch to Me...

Page 366: ...nt to the other switches in a stack To manage the switches of a stack you start a local or remote management session on the command switch and then redirect the session as needed to the other switches...

Page 367: ...tance limitations between the command switch and the member switches of a stack other than those dictated by the Ethernet cabling standards The command switch is not required to be assigned a manageme...

Page 368: ...is not necessary if you are using the Default_VLAN VID 1 as the common VLAN 5 Optionally assign the command switch a management IP address in the common VLAN 6 If you plan to remotely manage the stack...

Page 369: ...ame subnet as the command switch 1 This step creates the common VLAN awplus enable Enter the Privileged Exec mode from the User Exec mode awplus configure terminal Enter the Global Configuration mode...

Page 370: ...rt VLAN awplus config if ip address 149 22 88 5 24 Assign the VLAN the management IP address 149 22 88 5 and the subnet mask 255 255 255 0 awplus config if exit Return to the Global Configuration mode...

Page 371: ...AT 9000 Switch Command Line User s Guide 371 awplus write Save the configuration...

Page 372: ...se that is the default setting awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config vlan database...

Page 373: ...e Privileged Executive mode 4 Connect the switches together using ports of the common VLAN awplus config estack run Activate enhanced stacking on the switch awplus config exit Return to the Privileged...

Page 374: ...ample is shown here Figure 78 SHOW ESTACK REMOTELIST Command 3 Use the RCOMMAND command in the Global Configuration mode to redirect the management session from the command switch to one of the member...

Page 375: ...User Exec mode or Privileged Exec mode to return the management session to the command switch 7 To manage another member switch in the enhanced stack repeat this procedure starting with Step 2 8 To e...

Page 376: ...o change its mode to the command mode if it is part of an active stack The easiest way to determine whether the switch is part of an active stack is to use the SHOW ESTACK command An example of the co...

Page 377: ...mand with the ESTACK COMMAND SWITCH command 3 On the original command switch restart enhanced stacking with the ESTACK RUN command and if desired reestablish its command mode with the ESTACK COMMAND S...

Page 378: ...store the file on the command switch To restore the configuration of a member switch you could download this file to it from the command switch and afterwards manually configure whatever other setting...

Page 379: ...k in which multiple switches have the same IP address A member switch has to be configured for enhanced stacking before the command switch can upload a configuration file to it This means you have to...

Page 380: ...rminal Enter the Global Configuration mode awplus config upload config remotelist Enter the UPLOAD CONFIG REMOTELIST command to begin the file transfer Enter the configuration file name Eng12c cfg At...

Page 381: ...on the new switch is to be actSalesE4 cfg The first step is to create the common VLAN on the new switch This is necessary because the enhanced stack is not using the Default VLAN as the common VLAN o...

Page 382: ...rom the command switch with these steps 1 Start a local or remote management session on the command switch of the enhanced stack 2 Transfer the SalesE4 cfg configuration file from the command switch t...

Page 383: ...confirm that it has the configuration file you want to upload to the member switch In this example the filename is Eng12c cfg file awplus configure terminal Enter the Global Configuration mode awplus...

Page 384: ...tch awplus enable Enter the Privileged Exec mode awplus config move boot cfg actSalesE4 cfg Rename the boot cfg configuration file to actSalesE4 cfg awplus config boot config file actSalesE4 cfg Desig...

Page 385: ...see this prompt enter the enhanced stacking ID numbers of the member switches to receive the management software from the command switch The numbers are viewed with the SHOW ESTACK REMOTELIST command...

Page 386: ...lled on the command switch awplus enable Enter the Privileged Exec mode from the User Exec mode awplus show estack remotelist Display the enhanced stacking ID numbers of the member switches in the sta...

Page 387: ...he command when you are managing a switch directly from a local management session or a remote Telnet SSH or web browser session When you disable enhanced stacking on a command switch you may not use...

Page 388: ...Chapter 19 Enhanced Stacking 388...

Page 389: ...Configuration Redirects the management session to a different switch in the enhanced stack REBOOT ESTACK MEMBER on page 396 Global Configuration Reboots member switches of an enhanced stack from the c...

Page 390: ...Commands 390 UPLOAD IMAGE REMOTELIST on page 404 Global Configuration Uploads the management software on the command switch of an enhanced stack to the member switches Table 36 Enhanced Stacking Comma...

Page 391: ...A switch that is a member of an active enhanced stack cannot be changed to the command mode You must first disable enhanced stacking on the current command switch in the stack You cannot use this com...

Page 392: ...Mode Global Configuration mode Description Use this command to activate enhanced stacking on the switch Confirmation Command SHOW ESTACK on page 398 Example The following example activates enhanced st...

Page 393: ...command mode and now want to return it to member mode Enhanced stacking must be activated on the switch for you to use the command To activate enhanced stacking refer to ESTACK RUN on page 392 You can...

Page 394: ...ble enhanced stacking on the command switch its mode is reset to member mode Consequently you must set it back again to the command mode if you reactivate enhanced stacking Note You should only use th...

Page 395: ...er switch in the enhanced stack The member switch is identified by its ID number displayed with SHOW ESTACK REMOTELIST on page 401 You can manage only one member switch at a time Note You must perform...

Page 396: ...vidual member switches or all of the member switches of a stack You must perform SHOW ESTACK REMOTELIST on page 401 prior to this command to determine the ID numbers of the switches Caution A switch d...

Page 397: ...ots a member switch that has the ID number 3 awplus enable awplus configure terminal awplus config reboot estack member 3 This example reboots all of the member switches of the enhanced stack awplus e...

Page 398: ...f the information the command displays Figure 80 SHOW ESTACK Command The fields are described in Table 37 on page 398 Table 37 SHOW ESTACK Command Parameter Description Enhanced Stacking mode The stat...

Page 399: ...mand switch on the common VLAN of the enhanced stack The number is the switch s stack ID number If the brackets are empty the switch did not detect a command switch on the common VLAN and so does not...

Page 400: ...lent to issuing the SHOW ESTACK command on the command switch Figure 81 is an example of the information the command displays Figure 81 SHOW ESTACK COMMAND SWITCH Command The fields are described in T...

Page 401: ...e or model series The default is MAC address An example is shown in Figure 82 Figure 82 SHOW ESTACK REMOTELIST Command The list does not include the command switch on which you entered the command Not...

Page 402: ...mple sorts the switches by host name awplus enable awplus configure terminal awplus config show estack remotelist name This example sorts the switches by model series awplus enable awplus configure te...

Page 403: ...itch to the member switches You may specify only one filename and the name must include the extension cfg The second prompt is shown here Enter the list of switches At this prompt enter the enhanced s...

Page 404: ...mas To update all of the switches in the enhanced stack enter ALL The numbers are viewed with the SHOW ESTACK REMOTELIST command in the Privileged Exec mode Here are the steps of the file transfer bet...

Page 405: ...t power off the member switches while they are writing the software to their flash memory Example This example uploads the management software on the command switch to two member switches that have th...

Page 406: ...Chapter 20 Enhanced Stacking Commands 406...

Page 407: ...ing topics Overview on page 408 Creating the Port Mirror or Adding New Source Ports on page 409 Removing Source Ports or Deleting the Port Mirror on page 410 Combining the Port Mirror with Access Cont...

Page 408: ...ource ports are the ports whose packets are to be mirrored and monitored The destination port is the port where the packets from the source ports are copied and where the network analyzer is connected...

Page 409: ...re terminal awplus config interface port1 0 5 awplus config if mirror interface port1 0 3 direction receive The switch immediately begins to copy the monitored traffic from the source ports to the des...

Page 410: ...interface port1 0 11 awplus config if no mirror interface port1 0 2 To stop port mirroring and return the destination port to normal network operations remove all of the source ports from the port mi...

Page 411: ...n have to create the access control list and assign it to the port whose packets you want to monitor When you create the access control list you have to specify the copy to mirror action Here is an ex...

Page 412: ...ination port of the port mirror awplus show access list Use the SHOW ACCESS LIST command to confirm the configuration of the access control list awplus show interface port1 0 14 port1 0 15 access grou...

Page 413: ...ror with access control lists to copy subsets of ingress packets on source ports the SHOW MIRROR command displays only the destination port of the copied traffic Here is an example Figure 84 SHOW MIRR...

Page 414: ...Chapter 21 Port Mirror 414...

Page 415: ...nation port for access control lists that use the copy to mirror action MIRROR INTERFACE on page 417 Port Interface Creates the port mirror and adds ports to the port mirror NO MIRROR INTERFACE on pag...

Page 416: ...he copy to mirror action in access control lists You can designate only one destination port Confirmation Command SHOW MIRROR on page 420 Example This example designates port 21 as the destination por...

Page 417: ...he destination port The options are receive Copies the ingress packets on a source port transmit Copies the egress packets on a source port both Copies both the ingress and egress packets on a source...

Page 418: ...and 4 the source ports to port 5 the destination port If port 5 is already acting as the destination port of the port mirror the commands add ports 3 and 4 to the port mirror awplus enable awplus con...

Page 419: ...t Interface mode of the destination port of the port mirror To delete the port mirror and return the destination port to normal operations remove all of the source ports from the port mirror Confirmat...

Page 420: ...rror Test Port Name port1 0 22 Mirror option Enabled Mirror direction both Monitored Port Name port1 0 1 Mirror Test Port Name port1 0 22 Mirror option Enabled Mirror direction receive Monitored Port...

Page 421: ...264 respectively Example The following example displays the source and destination ports of the port mirror on the switch awplus show mirror Mirror direction The packets to be mirrored to the destinat...

Page 422: ...Chapter 22 Port Mirror Commands 422...

Page 423: ...ping This chapter discusses the following topics Overview on page 424 Host Node Topology on page 426 Enabling IGMP Snooping on page 427 Configuring the IGMP Snooping Commands on page 428 Disabling IGM...

Page 424: ...s that want to be members of multicast groups the router does not send multicast packets out the port This improves network performance by restricting the multicast packets only to router ports where...

Page 425: ...t all reports are suppressed on the specified ports except for reserved multicast addresses When you enable IGMP Snooping by executing the IP IGMP SNOOPING command all unknown multicast traffic is uns...

Page 426: ...requests or have timed out The switch responds by immediately ceasing the transmission of additional multicast packets out the ports Multiple hosts Per Port The multiple hosts per port setting is appr...

Page 427: ...the IP IGMP SNOOPING command in the Global Configuration mode After you enter the command the switch begins to build its multicast table as queries from the multicast router and reports from the host...

Page 428: ...nds To Use This Command Range Clear all IGMP group membership records CLEAR IP IGMP none Specify the maximum number of multicast groups the switch will support IP IGMP LIMIT multicastgroups 0 to 255 m...

Page 429: ...timeout 50 awplus config ip igmp snooping mrouter interface port1 0 4 For more information about these commands see IP IGMP QUERIER TIMEOUT on page 436 and IP IGMP SNOOPING MROUTER on page 440 This ex...

Page 430: ...Snooping on the switch is the NO IP IGMP SNOOPING command in the Global Configuration mode To disable IGMP Snooping awplus enable awplus configure terminal awplus config no ip igmp snooping When IGMP...

Page 431: ...dow is described in Table 42 on page 445 IGMP Snooping Configuration IGMP Snooping Status Enabled Host Topology Single Host Port Host Router Timeout Interval 255 seconds Maximum IGMP Multicast Groups...

Page 432: ...Chapter 23 Internet Group Management Protocol IGMP Snooping 432...

Page 433: ...uters IP IGMP SNOOPING on page 437 Global Configuration Enables IGMP snooping on the switch IP IGMP SNOOPING FLOOD UNKNOWN MCAST on page 438 Global Configuration Disables the automatic suppression of...

Page 434: ...tax clear ip igmp Parameters None Mode Privileged Exec mode Description Use this command to clear all IGMP group membership records on all VLANs Example This example clears all IGMP group membership r...

Page 435: ...lobal Configuration mode Description Use this command to specify the maximum number of multicast addresses the switch can learn If your network has a large number of multicast groups you can use this...

Page 436: ...for the duration of the timer The switch stops transmitting multicast packets from a port of an inactive host node if there are no additional host nodes A multicast router is deemed inactive if the s...

Page 437: ...OOD UNKNOWN MCAST command is enabled by default when IGMP Snooping is activated This may cause a slow down of network data If you want to disable flooding of unknown multicast packets you must enter t...

Page 438: ...in message Once a join message occurs for a particular multicast destination it is no longer unknown and therefore no longer floods Use the no version of this command NO IP IGMP SNOOPING FLOOD UNKNOWN...

Page 439: ...terminal awplus config ip igmp snooping awplus config ip igmp snooping flood unknown mcast This example enables the automatic suppression of unknown multicast traffic on the switch awplus enable awpl...

Page 440: ...y ports that are connected to multicast routers Manually specifying multicast router ports deactivates auto detect To reactivate auto detect remove all static multicast router ports For instructions r...

Page 441: ...e Mode Global Configuration mode Description Use this command to specify the IGMP host node topology For background information refer to Host Node Topology on page 426 Confirmation Command SHOW IP IGM...

Page 442: ...e Description Use this command to deactivate IGMP snooping on the switch When IGMP snooping is disabled the switch floods multicast packets on all ports except on ports that receive the packets Confir...

Page 443: ...e Global Configuration mode Description Use this command to remove static multicast router ports Removing all multicast router ports activates auto detect Confirmation Command SHOW IP IGMP SNOOPING on...

Page 444: ...iguration IGMP Snooping Status Enabled Host Topology Single Host Port Host Router Timeout Interval 255 seconds Maximum IGMP Multicast Groups 64 Router Port s Auto Detect Router List VLAN ID Port Trunk...

Page 445: ...etting multihost This is the multiple host per port topology This topology is appropriate when there is more than one host node per port on the switch To set this parameter refer to IP IGMP STATUS on...

Page 446: ...ueries from it Host List Number of IGMP Multicast Groups The number of IGMP multicast groups that have active host nodes on the switch Multicast Group The multicast addresses of the groups ID The ID n...

Page 447: ...t Interface Resumes forwarding egress multicast packets on ports NO SWITCHPORT BLOCK INGRESS MULTICAST on page 449 Port Interface Resumes forwarding ingress multicast packets on ports SWITCHPORT BLOCK...

Page 448: ...o resume forwarding of egress multicast packets on ports By default this is the default setting on all of the ports on the switch Confirmation Command SHOW INTERFACE on page 221 Example This example r...

Page 449: ...ode Description Use this command to resume forwarding of ingress multicast packets on ports Confirmation Command SHOW INTERFACE on page 221 Example This example resumes forwarding of ingress multicast...

Page 450: ...range of 01 80 C2 00 00 00 to 01 80 C2 00 00 0F Note If IGMP snooping is disabled on the switch all reports are suppressed on a port even if you enable this command By default IGMP snooping is disable...

Page 451: ...o 01 80 C2 00 00 0F Note If IGMP snooping is disabled on the switch all reports are suppressed on a port even if you enable this command By default IGMP snooping is disabled on the switch For more inf...

Page 452: ...Chapter 25 Multicast Commands 452...

Page 453: ...ers Chapter 26 File System on page 455 Chapter 27 File System Commands on page 463 Chapter 28 Boot Configuration Files on page 471 Chapter 29 Boot Configuration File Commands on page 477 Chapter 30 Fi...

Page 454: ...454...

Page 455: ...s Overview on page 456 Copying Boot Configuration Files on page 457 Renaming Boot Configuration Files on page 458 Deleting Boot Configuration Files on page 459 Displaying the Specifications of the Fil...

Page 456: ...ion key pairs The file system has a flat directory structure All the files are stored in the root directory The file system does not support subdirectories Table 44 File Extensions and File Types Exte...

Page 457: ...specifies the name of the boot configuration file you want to copy The DESTINATIONFILE parameter specifies the name of the new copy The name can be up to 16 alphanumeric characters and must include th...

Page 458: ...s example renames the Sales2sw cfg boot configuration file to unit12a cfg awplus enable awplus move Sales2sw cfg unit12a cfg Note If you rename the active boot configuration file you will have to desi...

Page 459: ...he configuration file unit2a cfg awplus delete unit2a cfg Note If you delete the active boot configuration file you will have to designate another active boot configuration file before the switch will...

Page 460: ...d the amount of space used by the files currently stored in the file system It is the SHOW FILE SYSTEMS command Here is an example of the information Figure 89 SHOW FILE SYSTEMS Command The fields in...

Page 461: ...d Line User s Guide 461 Listing the Files in the File System To view the names of the files in the file system of the switch use the DIR command in the Privileged Exec mode awplus dir The command does...

Page 462: ...Chapter 26 File System 462...

Page 463: ...DELETE on page 465 Privileged Exec Deletes boot configuration files from the file system DELETE FORCE on page 466 Privileged Exec Deletes boot configuration files from the file system DIR on page 467...

Page 464: ...his command to create copies of boot configuration files in the file system of the switch Creating copies of the active boot configuration file is an easy way to maintain a history of the configuratio...

Page 465: ...itch This command is equivalent to DELETE FORCE on page 466 Note If you delete the active configuration file the switch recreates it the next time you issue the WRITE command or the COPY RUNNING CONFI...

Page 466: ...command is equivalent to DELETE on page 465 Note If you delete the active configuration file the switch recreates it the next time you issue the WRITE command or the COPY RUNNING CONFIG STARTUP CONFI...

Page 467: ...DIR Syntax dir Parameter None Mode Privileged Exec mode Description Use this command to list the names of the files stored in the file system on the switch Example The following command lists the fil...

Page 468: ...de Description Use this command to rename boot configuration files in the switch s file system Note If you rename the active boot configuration file the switch recreates it the next time you issue the...

Page 469: ...Prefixes S D V Lcl Ntwk Avail 2 0M 1 4M flash rw cfg static local Y Table 46 SHOW FILE SYSTEMS Command Parameter Description Size B The total amount of flash memory in the switch The amount is given...

Page 470: ...system awplus show file systems S D V The memory type static dynamic or virtual Lcl Ntwk Whether the memory is located locally or via a network connection This is always Local Y N Whether the memory i...

Page 471: ...les This chapter discusses the following topics Overview on page 472 Specifying the Active Boot Configuration File on page 473 Creating a New Boot Configuration File on page 475 Displaying the Active...

Page 472: ...tings every time you power off or reset the unit The switch as part of its initialization process whenever it is powered on or reset automatically refers to this file to set its parameter settings You...

Page 473: ...nter the WRITE command or the COPY RUNNING CONFIG STARTUP CONFIG command In fact you probably will not want to enter either of those commands after you specify a new active boot configuration file bec...

Page 474: ...it as the active boot configuration file The file is now ready to store any new parameter settings you might make to the switch In this example the settings of the switch are configured using a differ...

Page 475: ...cluding the extension cfg If you specify the name of an existing file the new file overwrites the existing file It is important to understand that this command does not change the switch s active boot...

Page 476: ...nd awplus show boot Here is an example of the information Figure 91 SHOW BOOT Command The Current boot config field displays the name of the active boot configuration file which for the switch in the...

Page 477: ...vileged Exec Saves the switch s current configuration to the active boot configuration file ERASE STARTUP CONFIG on page 482 Privileged Exec Returns the switch to its default settings NO BOOT CONFIG F...

Page 478: ...nfiguration file enter a new filename in the command The command automatically creates the file updates it with the current settings of the switch and designates it as the active boot configuration fi...

Page 479: ...as the switch s active configuration file The example assumes that the file already exists in the file system of the switch and that you want to reconfigure the switch according to the settings in the...

Page 480: ...ored in the file system on the switch the files contain the current settings of the switch You might use this command to create a backup copy of the switch s current configuration This command does no...

Page 481: ...ter settings into the active boot configuration file The switch saves only those parameters that have been changed from their default settings Note Parameter changes that are not saved in the active b...

Page 482: ...uration file To return the active configuration file to the default settings you must enter the WRITE or COPY RUNNING CONFIG STARTUP CONFIG command after the switch reboots and after you have establis...

Page 483: ...ses the BOOT CFG file to configure its parameter settings To overwrite the settings in the active boot configuration file with the switch s current settings enter the WRITE or COPY RUNNING CONFIG STAR...

Page 484: ...le 48 SHOW BOOT Command Field Description Current software The version number of the AlliedWare Plus Management Software on the switch Current boot image The version number of the bootloader Default b...

Page 485: ...9000 Switch Command Line User s Guide 485 Example This command displays the name of the active boot configuration file and the version numbers of the management software and bootloader awplus show bo...

Page 486: ...ax show startup config Parameters None Mode Privileged Exec mode Description Use this command to display the contents of the active boot configuration file Example The following example displays the c...

Page 487: ...t configuration file The switch saves only those parameters that have been changed from their default settings Note Parameter changes that are not saved in the active boot configuration file are disca...

Page 488: ...Chapter 29 Boot Configuration File Commands 488...

Page 489: ...r This chapter discusses the following topics Overview on page 490 Uploading or Downloading Files with TFTP on page 491 Uploading or Downloading Files with Zmodem on page 495 Downloading Files with En...

Page 490: ...private CA certificates Refer to Chapter 86 Secure HTTPS Web Browser Server on page 1363 You can upload following file types from the switch Boot configuration files CA certificate requests Technical...

Page 491: ...New Management Software with TFTP To use TFTP to download new management software to the switch Caution This procedure causes the switch to reset The switch does not forward network traffic while it w...

Page 492: ...switch to write the new management software to flash memory 6 To resume managing the switch start a new management session after the switch has reset 7 To confirm the new management software on the s...

Page 493: ...ch s new active boot configuration file awplus configure terminal awplus config boot config file switch1a cfg 6 At this point do one of the following To configure the switch using the settings in the...

Page 494: ...ur network The FILENAME parameter is the name of the file to be uploaded from the switch to the TFTP server The filename can not contain spaces and must include the appropriate extension This example...

Page 495: ...switch For instructions refer to Starting a Local Management Session on page 66 3 Enter this command in the Privileged Exec mode awplus copy zmodem You will see this prompt Waiting to receive 4 Use y...

Page 496: ...6 Secure HTTPS Web Browser Server on page 1363 Technical support text files Refer to SHOW TECH SUPPORT on page 1444 To upload a file from the switch using Zmodem 1 Start a local management session on...

Page 497: ...ommand the switch displays this message Waiting to send 4 Use your terminal or terminal emulator program to begin the upload The upload must be Zmodem The upload should take only a few moments The upl...

Page 498: ...hapter 2 After you have updated the management software on the command switch start a new local or remote session on it Issue the SHOW ESTACK REMOTELIST command in the Privileged Exec mode to display...

Page 499: ...ist of switches 1 2 The command switch starts the download process with the first switch After downloading its management software to that switch it repeats the process with the next switch and so on...

Page 500: ...Chapter 30 File Transfer 500...

Page 501: ...P on page 503 Privileged Exec Uses TFTP to upload files from the switch COPY TFTP FLASH on page 504 Privileged Exec Uses TFTP to download new versions of the management software boot configuration fil...

Page 502: ...em utility to upload boot configuration files from the file system in the switch to your terminal or computer This command must be performed from a local management session For instructions on how to...

Page 503: ...lename Mode Privileged Exec mode Description Use this command to upload configuration files from the file system in the switch to a TFTP server on your network You can perform the command from a local...

Page 504: ...mode Description Use this command to download new versions of the management software boot configuration files or CA certificates to the switch from a TFTP server on your network You may perform the c...

Page 505: ...to the switch from a TFTP server that has the IP address 149 22 121 45 awplus enable awplus copy tftp flash 149 22 121 45 at9000_app img This example downloads the boot configuration file sw12a cfg to...

Page 506: ...r instructions on how to use this command refer to Downloading Files to the Switch with Zmodem on page 495 Note You may not use Zmodem to download new versions of the management software to the switch...

Page 507: ...65 For instructions on how to use this command refer to Uploading the Management Software from the Command Switch to Member Switches on page 385 Caution Downloading new management software causes the...

Page 508: ...Chapter 31 File Transfer Commands 508...

Page 509: ...vent Messages This section contains the following chapters Chapter 32 Event Log on page 511 Chapter 33 Event Log Commands on page 515 Chapter 34 Syslog Client on page 529 Chapter 35 Syslog Client Comm...

Page 510: ...510...

Page 511: ...511 Chapter 32 Event Log This chapter covers the following topics Overview on page 512 Displaying the Event Log on page 513 Clearing the Event Log on page 514...

Page 512: ...t happened when a problem occurred The operation of the switch can be monitored by viewing the event messages generated by the device These events and the vital information about system activity that...

Page 513: ...are displayed one screen at a time To cancel the log type q for quit Here is an example of the log Figure 94 SHOW LOG Command The columns are described in Table 52 on page 521 If you happen to be inte...

Page 514: ...hapter 32 Event Log 514 Clearing the Event Log To clear all the messages from the event log use the CLEAR LOG BUFFERED command in the Privileged Exec mode Here is the command awplus clear log buffered...

Page 515: ...be stored in the event log NO LOG BUFFERED on page 519 Global Configuration Cancels the settings set by the LOG BUFFERED command SHOW LOG on page 521 Privileged Exec Displays the event messages in th...

Page 516: ...Parameters None Mode Privileged Exec mode Description Use this command to delete the event messages in the event log Confirmation Command NO LOG BUFFERED on page 519 Example The following command dele...

Page 517: ...everity level 0 4 or 6 program Specifies the event messages of a particular management software module The modules are listed in Table 53 on page 522 To specify more than one module separate the modul...

Page 518: ...awplus enable awplus configure terminal awplus config log buffered program igmpsnoop lacp pcfg This example configures the event log to save event messages that have the severity level 0 or 4 and tha...

Page 519: ...e settings set by the log buffered command You can cancel a setting individually by specifying a parameter If you do not specify any parameters the command cancels all the settings and restores the de...

Page 520: ...Chapter 33 Event Log Commands 520 awplus configure terminal awplus config no log buffered Program mac OUtputID Type Status Details 1 Temporary Enabled Wrap on Full Filter Level 4 program MAC IP...

Page 521: ...te time facility severity program pid message 2010 Jan 15 14 39 04 user information awplus stp Set Configuration succeeded 2010 Jan 15 14 39 04 user information awplus stp Set Configuration succeeded...

Page 522: ...nagement Software Modules Module Name Description ALL All management software modules ACL Port access control list CFG Switch configuration CLASSIFIER Classifiers used by ACL and QoS CLI Command line...

Page 523: ...ce RADIUS RADIUS authentication protocol RTC Real time clock SNMP SNMP SSH Secure Shell protocol SSL Secure Sockets Layer protocol STP Spanning Tree and Rapid Spanning protocols SYSTEM Hardware status...

Page 524: ...CONFIG Command The fields in the display are described here Table 54 SHOW LOG CONFIG Command Field Description Level The severity levels of the messages to be stored in the log The default is level 6...

Page 525: ...slog Client Commands on page 537 Example The following command displays the configuration of the event log awplus show log config Program The software module messages to be stored in the log The modul...

Page 526: ...LOG command display the same messages but in different order The SHOW LOG command displays the messages from oldest to newest To cancel the display type q for quit You cannot filter the log for speci...

Page 527: ...vent messages in the buffered event log The NUMBER parameter is used to specify the number of messages to display The messages are displayed from oldest to newest For an example and description of the...

Page 528: ...Chapter 33 Event Log Commands 528...

Page 529: ...og Client This chapter covers the following topics Overview on page 530 Creating Syslog Server Definitions on page 531 Deleting Syslog Server Definitions on page 534 Displaying the Syslog Server Defin...

Page 530: ...ent IP Address on page 72 or Chapter 13 IPv4 and IPv6 Management Addresses on page 285 The syslog servers must be members of the same subnet as the management IP address of the switch or must be able...

Page 531: ...server For example specifying level 4 for a syslog server definition causes the switch to transmit levels 0 and 4 messages If you omit this parameter messages of all severity levels are sent The PROG...

Page 532: ...CFG Port configuration PKI Public Key Infrastructure PMIRR Port mirroring PSEC MAC address based port security PTRUNK Static port trunking QOS Quality of Service RADIUS RADIUS authentication protocol...

Page 533: ...on that sends messages from the RADIUS spanning tree protocols and static port trunks to a syslog server that has the IP address 156 74 134 76 awplus enable awplus configure terminal awplus config log...

Page 534: ...s To view the IP addresses of the syslog servers of the definitions use the SHOW LOG CONFIG command You can delete just one definition at a time with this command The switch stops sending event messag...

Page 535: ...Entries The syslog server entries are marked with Host followed by the server IP addresses The example display has two syslog server entries that have the IP addresses 149 132 45 75 and 149 132 101 1...

Page 536: ...Chapter 34 Syslog Client 536...

Page 537: ...within the chapter Table 57 Syslog Client Commands Command Mode Description LOG HOST on page 538 Global Configuration Creates syslog server definitions NO LOG HOST on page 540 Global Configuration De...

Page 538: ...the syslog server The modules are listed in Table 53 on page 522 You can specify more than one feature Separate multiple features with commas Omit this parameter to send messages from all features Mo...

Page 539: ...that has the IP address 149 152 122 143 The definition sends only those messages that have a minimum severity level of 4 and that are generated by the RADIUS client RADIUS and static port trunks PTRUN...

Page 540: ...er Mode Global Configuration mode Description Use this command to delete syslog server definitions from the switch Confirmation Command SHOW LOG CONFIG on page 541 Example This example deletes a syslo...

Page 541: ...mmand with Syslog Server Entries The syslog server entries are marked with Host followed by the server IP addresses The example display has two syslog server entries that have the IP addresses 149 132...

Page 542: ...Chapter 35 Syslog Client Commands 542 Example This example displays the configurations of the syslog server entries awplus show log config...

Page 543: ...section contains the following chapters Chapter 36 Static Port Trunks on page 545 Chapter 37 Static Port Trunk Commands on page 555 Chapter 38 Link Aggregation Control Protocol LACP on page 563 Chapte...

Page 544: ...544...

Page 545: ...opics Overview on page 546 Creating New Static Port Trunks or Adding Ports To Existing Trunks on page 550 Specifying the Load Distribution Method on page 551 Removing Ports from Static Port Trunks or...

Page 546: ...ion Control Protocol LACP on page 563 static port trunks do not permit standby ports If a link is lost on a port in a static port trunk the trunk s total bandwidth is reduced Although the traffic carr...

Page 547: ...me you created a static port trunk or an LACP trunk of Ports 7 through 14 on the switch The table below shows the mappings of the switch ports to the possible values of the last three bits of a MAC or...

Page 548: ...ethods assume that the final three bits of the source and or destination addresses of the packets from the network nodes are varied enough to support efficient distribution of the packets over the tru...

Page 549: ...hout also changing the other ports A port can belong to only one static trunk at a time A port cannot be a member of a static trunk and an LACP trunk at the same time The ports of a static trunk must...

Page 550: ...ates a new trunk of ports 22 to 23 and the ID number 1 awplus enable awplus configure terminal awplus config interface port1 0 22 port1 0 23 awplus config if static channel group 1 If a static port tr...

Page 551: ...AC address src ip Specifies source IP address dst ip Specifies destination IP address src dst ip Specifies source address destination IP address To enter the Static Port Trunk Interface mode you use t...

Page 552: ...port1 0 4 port1 0 5 awplus config if no static channel group To delete a static port trunk remove all its member ports This example deletes a trunk that consists of member ports 15 to 17 and 21 awplus...

Page 553: ...ileged Exec mode awplus show static channel group Here is an example of the information Figure 100 SHOW STATIC CHANNEL GROUP Command To view the load distribution methods of static port trunks display...

Page 554: ...Chapter 36 Static Port Trunks 554...

Page 555: ...Removes ports from existing static port trunks and deletes trunks from the switch PORT CHANNEL LOAD BALANCE on page 557 Static Port Trunk Interface Sets the load distribution methods of static port tr...

Page 556: ...ve ports from a static port trunk without first disconnecting their network cable Network loops can result in broadcast storms that can adversely affect network performance Note You cannot leave a tru...

Page 557: ...ecifies source address destination IP address Mode Static Port Trunk Interface mode Description Use this command to specify the load distribution methods of static port trunks The load distribution me...

Page 558: ...558 Example This example sets the load distribution method to destination MAC address for a trunk with an ID number 4 awplus enable awplus configure terminal awplus config interface sa4 awplus config...

Page 559: ...An example of the command is shown in Figure 101 Figure 101 SHOW STATIC CHANNEL GROUP Command To view the load distribution methods of static port trunks display the running configuration with SHOW RU...

Page 560: ...resulting in a broadcast storm and poor network performance To create a new static port trunk you have to assign it an ID number in the range of 1 to 32 This number is used by the switch to identify...

Page 561: ...e port you are adding will be the lowest numbered port in the trunk its parameter settings will overwrite the settings of the existing ports in the trunk Consequently you check to see if its settings...

Page 562: ...Chapter 37 Static Port Trunk Commands 562...

Page 563: ...following topics Overview on page 564 Creating New Aggregators on page 567 Setting the Load Distribution Method on page 568 Adding Ports to Aggregators on page 569 Removing Ports from Aggregators on...

Page 564: ...occur if there is a difference in their LACP implementations For example the two devices might not support the same number of active ports in an aggregate trunk If a conflict does occur the two devic...

Page 565: ...802 3ad compliant An aggregator can consist of any number of ports The switch supports up to eight active ports in an aggregate trunk at a time The switch can support up to a total of 32 static and LA...

Page 566: ...rt forwarding network traffic while also continuing to transmit LACPDU packets The port with the highest priority in an aggregate trunk carries broadcast packets and packets with an unknown destinatio...

Page 567: ...rts of a new aggregator are already members of other aggregators the switch automatically removes them from their current assignments before adding them to the new aggregator Caution To avoid creating...

Page 568: ...the mode use the INTERFACE PO command from the Global Configuration mode in this format interface poid_number You specify the intended aggregator by adding its ID number as a suffix to PO Here is the...

Page 569: ...the ID number of the existing aggregator to which the new ports are to be assigned If you do not know the ID number use the SHOW ETHERCHANNEL DETAIL command If the new ports of an aggregator are alre...

Page 570: ...disconnecting the network cable Leaving the network cable connected may result in a network loop which can cause a broadcast storm Note You cannot remove the base port of an aggregator The base port i...

Page 571: ...t delete an aggregator without first disconnecting the network cables from its ports Leaving the network cables connected may result in a network loop which can cause a broadcast storm These commands...

Page 572: ...NEL DETAIL The only information the SHOW ETHERCHANNEL DETAIL command does not include is the LACP system priority value That value can been seen with the SHOW LACP SYS ID command also in the Privilege...

Page 573: ...nformation Figure 103 SHOW LACP SYS ID Command It should be mentioned that while the system priority value is set as an integer with the LACP SYSTEM PRIORITY command this command displays it in hexade...

Page 574: ...Chapter 38 Link Aggregation Control Protocol LACP 574...

Page 575: ...ports from aggregators and deletes aggregators PORT CHANNEL LOAD BALANCE on page 580 LACP Port Trunk Interface Sets the load distribution method SHOW ETHERCHANNEL on page 582 Privileged Exec Displays...

Page 576: ...ator you cannot add ports that are below the base port For example you cannot add ports 1 to 6 to an existing aggregator that consists of ports 7 to 12 You have to delete and recreate an aggregator to...

Page 577: ...mber of the aggregator is 2 awplus enable awplus configure terminal awplus config interface port1 0 11 port1 0 16 awplus config if channel group 2 This example adds port 15 to an existing aggregator t...

Page 578: ...ACP priority of the switch The switch uses the LACP priority to resolve conflicts with other network devices when it creates aggregate trunks Confirmation Command SHOW LACP SYS ID on page 586 Note The...

Page 579: ...recreating the aggregator Caution To prevent creating a loop in your network topology you should not remove ports from an aggregator without first disconnecting their network cables Network loops can...

Page 580: ...ddress destination IP address Mode LACP Port Trunk Interface mode Description Use this command to set the load distribution methods of aggregators An aggregator can have only one load distribution met...

Page 581: ...THERCHANNEL DETAIL on page 583 Example This example sets the load distribution method to source MAC address for the LACP trunk that has the ID number 22 awplus enable awplus configure terminal awplus...

Page 582: ...and to display the ports of specific aggregators on the switch Figure 104 illustrates the information Figure 104 SHOW ETHERCHANNEL Command Example This example displays the ports of the aggregator wit...

Page 583: ...77 d8 43 60 0000 Admin Key 0xff01 Oper Key 0x0101 Receive link count 4 Transmit link count 4 Individual 0 Ready 0 Distribution Mode MACBoth Partner LAG 0080 00 a0 d2 00 94 24 F601 Link Port 1 0 1 sync...

Page 584: ...Chapter 39 LACP Commands 584 Example This example displays detailed information about aggregators awplus show etherchannel detail...

Page 585: ...gure 106 SHOW ETHERCHANNEL SUMMARY Command Example This example displays the states of the aggregator s member ports awplus show etherchannel summary Aggregator 2 po2 Admin Key 0xff01 Oper Key 0x0101...

Page 586: ...s of the switch Figure 107 provides an example of the display Figure 107 SHOW LACP SYS ID Command Note The LACP priority value is set as an integer with LACP SYSTEM PRIORITY on page 578 and displayed...

Page 587: ...L Command Example This example displays the LACP port information for port 5 awplus show port etherchannel port1 0 5 Link port 1 0 5 Aggregator 2 Receive machine state Defaulted Periodic Transmission...

Page 588: ...Chapter 39 LACP Commands 588...

Page 589: ...ocols on page 591 Chapter 41 Spanning Tree Protocol STP Procedures on page 611 Chapter 42 STP Commands on page 619 Chapter 43 Rapid Spanning Tree Protocol RSTP Procedures on page 635 Chapter 44 RSTP C...

Page 590: ...590...

Page 591: ...s on page 594 Port Priority on page 595 Forwarding Delay and Topology Changes on page 596 Hello Time and Bridge Protocol Data Units BPDU on page 597 Point to Point and Edge Ports on page 598 Mixed STP...

Page 592: ...convergence When a change is made to the network topology such as the addition of a new bridge a spanning tree protocol must determine whether there are redundant paths that must be blocked to preven...

Page 593: ...two or more bridges have the same bridge priority number of those bridges the one with the lowest MAC address is designated as the root bridge You can change the bridge priority number on the switch...

Page 594: ...will be the primary active path and which path s will be placed in the standby blocking mode This is accomplished by a determination of path costs The path offering the lowest cost to the root bridge...

Page 595: ...ferred path In some instances this can involve the use of the port priority parameter This parameter is used as a tie breaker when two paths have the same cost The port priority has a range from 0 to...

Page 596: ...to forwarding passes through two additional states listening and learning before beginning to forward frames The amount of time a port spends in these states is set by the forwarding delay value This...

Page 597: ...already been selected in the network and if not whether it has the lowest bridge priority number of all the bridges and should therefore become the root bridge The root bridge periodically transmits a...

Page 598: ...ex mode is functioning as a point to point port Figure 109 illustrates two switches that are connected with one data link With the link operating in full duplex the ports are point to point ports Figu...

Page 599: ...illustrates a port functioning as both a point to point and edge port Figure 111 Point to Point and Edge Port Determining whether a bridge port is point to point edge or both can be a bit confusing Fo...

Page 600: ...ther to create a single spanning tree domain Given this if you decide to activate spanning tree on the switch there is no reason not to use RSTP even if the other switches are running STP The switch c...

Page 601: ...Ns Sales and Production span two switches Two links consisting of untagged ports connect the separate parts of each VLAN If STP or RSTP is activated on the switches one of the links is disabled becaus...

Page 602: ...k such as workstations and printers The advantages of edge ports are that they typically do not participate in the convergence process and that they immediately transition to the forwarding state skip...

Page 603: ...ting is disabled This feature is supported on the base ports of the switch and any fiber optic transceivers installed in the unit Note A port disabled by the BPDU guard feature remains in that state u...

Page 604: ...more ports in the spanning tree domain causing a network loop The loop guard feature protects against this type of failure by monitoring the ports on the switch for BPDUs from the other RSTP devices I...

Page 605: ...ws spanning tree under normal operations in a network of three switches that have been connected to form a loop To block the loop switch 3 designates port 14 as an alternate port and places it in the...

Page 606: ...rd works to maintain a loop free topology by keeping alternate ports in the blocking state when they stop receiving BPDUs Loop guard can also work on root and designated ports that are in the forwardi...

Page 607: ...orwarding state from the blocking state to become the new root port for the switch The result is a network loop Figure 116 Loop Guard Example 4 But if loop guard is active on port 4 on switch 3 the po...

Page 608: ...Loop Guard Example 5 Switch 3 Switch 1 Old root bridge RSTP stops operating Port 4 Loop guard changes the port to the blocking state from the forwarding state Switch 2 New root bridge Port 14 Transit...

Page 609: ...t bridge are connected If the bridge receives a superior BPDU on a root designated port the Root Guard feature changes the state of the port to a root inconsistent STP state This state varies dependin...

Page 610: ...Chapter 40 STP RSTP and MSTP Protocols 610...

Page 611: ...rocedures Designating STP as the Active Spanning Tree Protocol on page 612 Enabling the Spanning Tree Protocol on page 613 Setting the Switch Parameters on page 614 Setting the Port Parameters on page...

Page 612: ...spanning tree protocols in addition to STP but only one of them can be active at a time on the device To designate STP as the active spanning tree protocol on the switch use the SPANNING TREE MODE ST...

Page 613: ...TP on the switch use the SPANNING TREE STP ENABLE command in the Global Configuration mode Here is the command awplus enable awplus configure terminal awplus config spanning tree stp enable The switch...

Page 614: ...config spanning tree max age 20 If you want the switch to be the root bridge of the spanning tree domain assign it a low priority number with the SPANNING TREE PRIORITY command The bridge priority ha...

Page 615: ...AT 9000 Switch Command Line User s Guide 615 This example of the command sets the switch s priority value to 8 192 awplus enable awplus configure terminal awplus config spanning tree priority 8192...

Page 616: ...t1 0 4 port1 0 18 awplus config if spanning tree path cost 40 This example of the SPANNING TREE PRIORITY command assigns a priority value of 32 awplus enable awplus configure terminal awplus config in...

Page 617: ...ig no spanning tree stp enable Note Before disabling the spanning tree protocol on the switch display the STP states of the ports and disconnect the network cables from any ports that are in the disca...

Page 618: ...1 Default Bridge Id 8000 00153355ede1 Default portfast bpdu guard disabled Default portfast bpdu filter disabled Default portfast errdisable timeout disabled Default portfast errdisable timeout interv...

Page 619: ...625 Port Interface Enables the Root Guard feature on a port SPANNING TREE HELLO TIME on page 626 Global Configuration Sets the hello time which defines how frequently the switch sends spanning tree co...

Page 620: ...f they receive BPDUs SPANNING TREE PRIORITY Bridge Priority on page 632 Global Configuration Assigns the switch a priority number SPANNING TREE Priority Port Priority on page 633 Port Interface Assign...

Page 621: ...ch display the STP states of the ports and disconnect the network cables from any ports that are in the discarding state Ports that are in the discarding state begin to forward traffic again when STP...

Page 622: ...efault Bridge Id 8000 00153355ede1 Default portfast bpdu guard disabled Default portfast bpdu filter disabled Default portfast errdisable timeout disabled Default portfast errdisable timeout interval...

Page 623: ...ne User s Guide 623 Examples This command displays the STP settings for all the ports awplus show spanning tree This command displays the STP settings for ports 1 and 4 awplus show spanning tree inter...

Page 624: ...ch is acting as the root bridge of the spanning tree domain Switches that are not acting as the root bridge use a dynamic value supplied by the root bridge The forward time max age and hello time para...

Page 625: ...t state For STP this state is a listening state Use the no version of this command NO SPANNING TREE GUARD ROOT to disable the Root Guard feature on the specified port To display the current setting fo...

Page 626: ...come the root bridge The forward time max age and hello time parameters should be set according to the following formulas as specified in IEEE Standard 802 1d max age 2 x forward time 1 0 second max a...

Page 627: ...s are stored by the switch before they are deleted The forward time max age and hello time parameters should be set according to the following formulas as specified in IEEE Standard 802 1d max age 2 x...

Page 628: ...on the switch You must select STP as the active spanning tree protocol before you can enable it or configure its parameters Only one spanning tree protocol can be active on the switch at a time Confir...

Page 629: ...he cost of a port to the root bridge This cost is combined with the costs of the other ports in the path to the root bridge to determine the total path cost The lower the numeric value the higher the...

Page 630: ...spanning tree devices As a consequence edge ports do not receive BPDUs If an edge port starts to receive BPDUs it is no longer considered to be an edge port This command is used in conjunction with th...

Page 631: ...and disables them if they receive BPDU packets To disable an edge port that was disabled by the BPDU guard feature use the NO SPANNING TREE PORTFAST BPDU GUARD command See NO SPANNING TREE PORTFAST B...

Page 632: ...two or more devices have the same priority value the device with the numerically lowest MAC address becomes the root bridge The range is 0 to 61 440 in increments of 4 096 The priority values can be s...

Page 633: ...reaker when two or more ports have equal costs to the root bridge The range is 0 to 240 in increments of 16 The priority values can be set only in increments of 16 The default is 128 Use the no form o...

Page 634: ...st designate STP as the active spanning tree protocol on the switch before you can enable it or configure its parameters For instructions refer to SPANNING TREE MODE STP on page 628 Confirmation Comma...

Page 635: ...es Designating RSTP as the Active Spanning Tree Protocol on page 636 Enabling the Rapid Spanning Tree Protocol on page 637 Configuring the Switch Parameters on page 638 Configuring the Port Parameters...

Page 636: ...complished with the SPANNING TREE MODE RSTP command in the Global Configuration mode Afterwards you can configure its settings and enable the protocol Here is the command awplus enable awplus configur...

Page 637: ...Configuration mode Here is the command awplus enable awplus configure terminal awplus config spanning tree rstp enable After you enter the command the switch immediately begins to participate in the s...

Page 638: ...ax age 10 Table 63 RSTP Switch Parameters To Use This Command Range Specify how long the ports remain in the listening and learning states before they transition to the forwarding state SPANNING TREE...

Page 639: ...meter is 0 to 61 440 in increments of 4 096 The priority values can be set only in increments of 4 096 This example assigns the switch the low priority number 4 096 to increase the likelihood of it be...

Page 640: ...cedures 640 To disable the BPDU guard feature on the switch use the NO SPANNING TREE BPDU GUARD command in the Global Configuration mode Here is the command awplus enable awplus configure terminal awp...

Page 641: ...is Command Range Specify port costs SPANNING TREE PATH COST path cost 1 to 200000000 Assign a priority value to be used as a tie breaker when two or more paths have equal costs to the root bridge SPAN...

Page 642: ...ample designates ports 11 to 23 as point to point ports awplus enable awplus configure terminal awplus config interface port1 0 11 port1 0 23 awplus config if spanning tree link type point to point Th...

Page 643: ...nning tree loop guard A port disabled by this feature remains disabled until it starts to receive BPDU packets again or the switch is reset To disable the loop guard feature use the NO SPANNING TREE L...

Page 644: ...activates disabled ports after the specified period of time This example activates the timer and sets it to 1000 seconds awplus enable awplus configure terminal awplus config spanning tree errdisable...

Page 645: ...w the current status of RSTP refer to Displaying RSTP Settings on page 646 Note Before disabling the spanning tree protocol on the switch display the RSTP states of the ports and disconnect the networ...

Page 646: ...bf9 Default Bridge Id 8000 eccd6d4d5bf9 Default portfast bpdu guard disabled Default portfast bpdu filter disabled Default portfast errdisable timeout disabled Default portfast errdisable timeout inte...

Page 647: ...RSTP on the switch SHOW SPANNING TREE on page 654 User Exec and Privileged Exec Displays the RSTP settings on the switch SPANNING TREE ERRDISABLE TIMEOUT ENABLE on page 656 Global Configuration Activa...

Page 648: ...e spanning tree protocol on the switch SPANNING TREE PATH COST on page 665 Port Interface Specifies the costs of the ports to the root bridge SPANNING TREE PORTFAST on page 666 Port Interface Designat...

Page 649: ...ode Port Interface mode Description Use this command to remove ports as edge ports on the switch Confirmation Command SHOW RUNNING CONFIG on page 158 Example This example removes port 21 as an edge po...

Page 650: ...RSTP BPDU guard feature When the timer is deactivated ports that the feature disables because they receive BPDU packets remain disabled until you manually activate them again with the NO SHUTDOWN com...

Page 651: ...s disabled Note Ports that are disabled by the loop guard feature do not forward traffic again when you disable the feature They only forward traffic if they start to receive BPDUs again or you reset...

Page 652: ...n a port Note Edge ports disabled by the BPDU guard feature remain disabled until you enable them with the management software For instructions refer to NO SHUTDOWN on page 211 Confirmation Command SH...

Page 653: ...rts and disconnect the network cables from any ports that are in the discarding state Ports that are in the discarding state begin to forward traffic again when RSTP is disabled Leaving the cables con...

Page 654: ...bpdu filter disabled Default portfast errdisable timeout disabled Default portfast errdisable timeout interval 300 sec port1 0 1 Port Id 8101 Role Disabled State Forwarding port1 0 1 Designated Path...

Page 655: ...AT 9000 Switch Command Line User s Guide 655 Example This example displays the RSTP settings on the switch awplus show spanning tree...

Page 656: ...y RSTP domain convergences by disabling edge ports if they receive BPDUs When the timer is activated the switch will automatically reactivate disabled ports The time interval that ports remain disable...

Page 657: ...seconds Mode Global Configuration mode Description Use this command to specify the number of seconds that must elapse before the switch automatically enables ports that are disabled by the RSTP BPDU...

Page 658: ...the learning state to the forwarding state This parameter is active only if the switch is acting as the root bridge Switches that are not acting as the root bridge use a dynamic value supplied by the...

Page 659: ...t state For RSTP this state is a discarding state Use the no version of this command NO SPANNING TREE GUARD ROOT to disable the Root Guard feature on the specified port To view the current setting for...

Page 660: ...hen it is the root bridge or is trying to become the root bridge The forward time max age and hello time parameters should be set according to the following formulas as specified in IEEE Standard 802...

Page 661: ...witches connected to it Mode Port Interface mode Description Use this command to designate point to point ports and shared ports Confirmation Command SHOW RUNNING CONFIG on page 158 Examples This exam...

Page 662: ...ch automatically disables it A port that has been disabled by the feature remains in that state until it begins to receive BPDU packets again or the switch is reset The default setting for BPDU loop g...

Page 663: ...ridge protocol data units BPDUs before it deletes them The forward time maximum age and hello time parameters should be set according to the following formulas as specified in IEEE Standard 802 1d max...

Page 664: ...col and set the switch or port parameters RSTP is active on the switch only after you have designated it as the active spanning tree with this command and enabled it with SPANNING TREE RSTP ENABLE on...

Page 665: ...he cost of a port to the root bridge This cost is combined with the costs of the other ports in the path to the root bridge to determine the total path cost The lower the numeric value the higher the...

Page 666: ...ing tree devices or to LANs that have spanning tree devices As a consequence edge ports do not receive BPDUs If an edge port starts to receive BPDUs it is no longer considered an edge port by the swit...

Page 667: ...switch monitors edge ports and disables them if they receive BPDU packets To disable an edge port that was disabled by the BPDU guard feature use the NO SPANNING TREE PORTFAST BPDU GUARD command Confi...

Page 668: ...omes the root bridge If two or more devices have the same priority value the device with the numerically lowest MAC address becomes the root bridge The range is 0 to 61 440 in increments of 4 096 The...

Page 669: ...reaker when two or more ports have equal costs to the root bridge The range is 0 to 240 in increments of 16 The priority values can be set only in increments of 16 The default is 128 Use the no form o...

Page 670: ...to enable the Rapid Spanning Tree Protocol on the switch You cannot enable RSTP until you have activated it with SPANNING TREE MODE RSTP on page 664 Confirmation Command SHOW RUNNING CONFIG on page 15...

Page 671: ...s Overview on page 672 Multiple Spanning Tree Instance MSTI on page 673 MSTI Guidelines on page 675 VLAN and MSTI Associations on page 676 Ports in Multiple MSTIs on page 677 Multiple Spanning Tree Re...

Page 672: ...The drawback to this approach is that the link formed by the tagged ports can create a bottleneck to your Ethernet traffic resulting in reduced network performance Another approach is to use the Multi...

Page 673: ...eral examples Figure 122 illustrates two AT 9000 Switches each containing the two VLANs Sales and Production The two parts of each VLAN are connected with a direct link using untagged ports on both sw...

Page 674: ...nd Presales VLANs and MSTI 2 contains the Design and Engineering VLANs Figure 124 Multiple VLANs in an MSTI In this example because an MSTI contains more than one VLAN the links between the VLAN parts...

Page 675: ...ch port can belong to more than one spanning tree instance at a time by being an untagged and tagged member of VLANs belonging to different MSTIs This is possible because a port can be in different MS...

Page 676: ...tions Part of the task to configuring MSTP involves assigning VLANs to spanning tree instances The mapping of VLANs to MSTIs is called associations A VLAN either port based or tagged can belong to onl...

Page 677: ...d to as generic parameters These are set just once on a port and apply to all the MSTIs where the port is a member One of these parameters is the external path cost which sets the operating cost of a...

Page 678: ...unctions of the nodes and bridges of the region Examples are Sales Region and Engineering Region The revision number is an arbitrary number assigned to a region This number can be used to keep track o...

Page 679: ...n MSTI s root bridge is called a regional root The MSTIs within a region may share the same regional root or they can have different regional roots A regional root for an MSTI must be within the regio...

Page 680: ...A region can contain any number of VLANs All of the bridges in a region must have the same configuration name revision level VLANs and VLAN to MSTI associations An MSTI cannot span multiple regions Ea...

Page 681: ...oundaries while an MSTI cannot If a port is a boundary port that is if it is connected to another region that port automatically belongs solely to CIST even if it was assigned to an MSTI because only...

Page 682: ...can be considered as a virtual bridge The implication is that other MSTP regions and STP and RSTP single instance spanning trees cannot discern the topology or constitution of an MSTP region The only...

Page 683: ...ree instance A router or Layer 3 network device is required to forward traffic between VLANs A network can contain any number of regions and a region can contain any number of AT 9000 Switches The AT...

Page 684: ...ree Protocol MSTP 684 Note The AlliedWare Plus MSTP implementation complies fully with the new IEEE 802 1s standard Any other vendor s fully compliant 802 1s implementation is interoperable with the A...

Page 685: ...STI ID 10 The BPDUs transmitted by port 8 to switch B would indicate that the port is a member of both CIST and MSTI 7 while the BPDUs from port 1 would indicate the port is a member of the CIST and M...

Page 686: ...ST in determining whether a loop exists The result would be that the switch detects a loop because the other port is also receiving BPDU packets from CIST 0 Switch B would block a port to cancel the l...

Page 687: ...t can be a physical loop which spanning tree disables by blocking ports This is illustrated in Figure 127 The example show two switches each residing in a different region Port 7 in switch A is a boun...

Page 688: ...Support Product Management and Accounting You can group these three VLANs into the same MSTI in each region For instance for Region 1 you might group the three VLANs in MSTI 11 and in Region 2 you cou...

Page 689: ...ll designated ports unless two or more ports of the root bridge are connected If the bridge receives a superior BPDU on a root designated port the Root Guard feature changes the state of the port to a...

Page 690: ...Chapter 45 Multiple Spanning Tree Protocol MSTP 690...

Page 691: ...P on the switch SHOW SPANNING TREE on page 699 User Exec and Privileged Exec Displays the MSTP settings on the switch SHOW SPANNING TREE MST CONFIG on page 700 Privileged Executive Displays the MSPT C...

Page 692: ...port SPANNING TREE PATH COST on page 710 Port Interface Specifies the cost of a port to the root bridge SPANNING TREE PORTFAST on page 711 Port Interface Designates the ports as edge ports SPANNING T...

Page 693: ...e lowest value is considered to have the highest priority and is chosen as the root port over a port equivalent in all other aspects but with a higher priority value The default value is 32768 For inf...

Page 694: ...a priority of 4096 to port 4 awplus enable awplus configure terminal awplus config spanning tree mode mstp awplus config spanning tree mstp enable awplus config spanning tree spanning tree mst config...

Page 695: ...about MSTI see MSTI Guidelines on page 675 After you use the INSTANCE MSTI ID VLAN command to create an instance and associate it with a VLAN use the SPANNING TREE MST INSTANCE command to associate po...

Page 696: ...STP BPDU guard feature When the timer is deactivated ports that the feature disables because they receive BPDU packets remain disabled until you manually activate them again with the NO SHUTDOWN comma...

Page 697: ...t Interface mode Description Use this command to remove ports as edge ports on the switch This command is equivalent to NO SPANNING TREE PORTFAST on page 649 Example This example removes port 21 as an...

Page 698: ...disconnect the network cables from any ports that are in the discarding state Ports that are in the discarding state begin to forward traffic again when MSTP is disabled Leaving the cables connected m...

Page 699: ...ettings on the switch awplus show spanning tree Default Bridge up Spanning Tree Enabled Default CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 Default Forward Delay 15 Hello Time 2...

Page 700: ...y to check that the digest is the same on this device as for all other devices in the same region Example This example displays the MSTP configuration information for a bridge awplus enable awplus sho...

Page 701: ...tree mst An example of the display is shown in Figure 131 Figure 131 SHOW SPANNING TREE MST Command Default Bridge up Spanning Tree Enabled Default CIST Root Path Cost 200000 CIST Root Port 33033 CIS...

Page 702: ...ange is from 1 to 15 Mode Privileged Executive Mode Description Use this command to display detailed information for a particular instance and all switch ports associated with that instance Example Th...

Page 703: ...they receive BPDUs When the timer is activated the switch will automatically reactivate disabled ports The time interval that ports remain disabled is set with SPANNING TREE ERRDISABLE TIMEOUT INTERV...

Page 704: ...nd to specify the number of seconds that must elapse before the switch automatically enables ports that are disabled by the BPDU guard feature To activate the timer refer to SPANNING TREE ERRDISABLE T...

Page 705: ...t state For MSTP this state is a discarding state Use the no version of this command NO SPANNING TREE GUARD ROOT to disable the Root Guard feature on the specified port To view the current setting for...

Page 706: ...de Global Configuration mode Description Use this command to set MSTP as the spanning tree protocol mode Confirmation Command SHOW RUNNING CONFIG on page 158 Example This example sets MSTP as the span...

Page 707: ...able the spanning tree protocol and set the switch or port parameters MSTP is active on the switch only after you have designated it as the active spanning tree with this command and enabled it with S...

Page 708: ...escription Use this command to enter the MST mode Note Only one spanning tree protocol STP RSTP or MSTP can be active on the switch Confirmation Command SHOW SPANNING TREE on page 699 Example This exa...

Page 709: ...spanning tree information for the associated MSTI when you assign a VLAN to the MSTI using the INSTANCE MST ID VLAN command For information about this command see INSTANCE MSTI ID VLAN on page 695 To...

Page 710: ...o the root bridge to determine the total path cost For MSTP this command only applies to the path cost for CIST The lower the numeric value the higher the priority of a path The range is 1 to 20000000...

Page 711: ...to spanning tree devices or to LANs that have spanning tree devices As a consequence edge ports do not receive BPDUs If an edge port starts to receive BPDUs it is no longer considered an edge port by...

Page 712: ...feature on the switch which protects the switch from receiving superior BPDUs Use the no version of this command NO SPANNING TREE PORTFAST BPDU GUARD to disable the root guard feature on a switch Con...

Page 713: ...on mode Description Use this command to name the MSTP Region Confirmation Command SHOW RUNNING CONFIG on page 158 or SHOW SPANNING TREE on page 699 Example This example names the MSTP region santa cla...

Page 714: ...This value is an arbitrary value that you assign to an MST region Use the revision number to track the number of times an MST configuration has been updated on the network Confirmation Command SHOW RU...

Page 715: ...ration Protocol on page 761 Chapter 50 GARP VLAN Registration Protocol Commands on page 779 Chapter 51 MAC Address based VLANs on page 801 Chapter 52 MAC Address based VLAN Commands on page 817 Chapte...

Page 716: ...716...

Page 717: ...N Overview on page 720 Tagged VLAN Overview on page 726 Creating VLANs on page 731 Adding Untagged Ports to VLANs on page 732 Adding Tagged Ports to VLANs on page 734 Removing Untagged Ports from VLAN...

Page 718: ...ic stays within the VLANs The nodes of a VLAN receive traffic only from nodes of the same VLAN This reduces the need for nodes to handle traffic not destined for them and frees up bandwidth within all...

Page 719: ...switch This makes it possible to create VLANs of end nodes that are connected to switches located in different physical locations The switch supports the following types of VLANs you can create yours...

Page 720: ...e The switch is pre configured with one port based VLAN called the Default_VLAN All ports on the switch are members of this VLAN The parts that make up a port based VLAN are VLAN name VLAN Identifier...

Page 721: ...te a port based VLAN on the switch and assign it a VID of 5 assign the PVID for each port in the VLAN to 5 Some switches and switch management programs require that you assign the PVID value for each...

Page 722: ...untagged VLAN assignment After the VLAN assignment is made the port s role can be changed back again to authenticator or supplicant if desired You cannot delete the Default VLAN from the switch Delet...

Page 723: ...reate a VLAN The ports have been assigned PVID values A port s PVID is assigned automatically by the switch when you create the VLANs The PVID of a port is the same as the VID in which the port is an...

Page 724: ...re port based VLANs In this example two VLANs Sales and Engineering span two switches Figure 133 Port based VLAN Example 2 Router Sales VLAN VID 2 Engineering VLAN VID 3 Production VLAN VID 4 Engineer...

Page 725: ...orts 9 to 13 on the top switch and ports 16 18 to 20 and 22 on the bottom switch Because this VLAN spans multiple switches it needs a direct connection between its various parts to provide a communica...

Page 726: ...equirements and standards for tagging The device must be able to process the tagged information on received frames and add tagged information to transmitted frames The benefit of a tagged VLAN is that...

Page 727: ...ID of a port determines the VLAN where the port is an untagged member Because a tagged port determines VLAN membership by examining the tagged header within the frames that it receives and not the PVI...

Page 728: ...e used to interconnect IEEE 802 1q based products Figure 134 Example of a Tagged VLAN Router Sales VLAN VID 2 Engineering VLAN VID 3 Production VLAN VID 4 Engineering VLAN VID 3 Sales VLAN VID 2 AT 90...

Page 729: ...rt Assignments Switch Sales VLAN VID 2 Engineering VLAN VID 3 Production VLAN VID 4 Untagged Ports Tagged Ports Untagged Ports Tagged Ports Untagged Ports Tagged Ports AT 9000 Switch top 1 3 to 5 PVID...

Page 730: ...e used to simplify network design in the example They are port 10 on the top switch and port 9 on the lower switch These ports have been made tagged members of the Sales and Engineering VLANs so that...

Page 731: ...vid name name This example creates the Engineering VLAN and assigns it a VID of 5 awplus enable awplus configure terminal awplus config vlan database awplus config vlan vlan 5 name Engineering Note T...

Page 732: ...you can use the SWITCHPORT ACCESS VLAN command which is also found in the Port Interface mode to assign it as an untagged member of a VLAN Here is the format of the command switchport access vlan vid...

Page 733: ...agged ports of a VLAN with the VID 4 The SWITCHPORT MODE ACCESS command is omitted because the example assumes the ports are already designated as untagged ports awplus enable awplus configure termina...

Page 734: ...mat shown here switchport mode trunk ingress filter enable disable For an explanation of the optional INGRESS FILTER parameter refer to SWITCHPORT MODE TRUNK on page 751 Once a port is labeled as a ta...

Page 735: ...ar VLAN A port can have only one native VLAN The command for setting the native VLAN of tagged ports is the SWITCHPORT TRUNK NATIVE VLAN command in the Port Interface mode Here is the command s format...

Page 736: ..._VLAN You can remove more than one port at a time from a VLAN and the same command can be used to remove untagged ports from different VLANs This example removes untagged port 5 from its current VLAN...

Page 737: ...ich the port is to be removed This example removes tagged ports 18 and 19 from the VLAN with the VID 7 awplus enable awplus configure terminal awplus config interface port1 0 18 port1 0 19 awplus conf...

Page 738: ...figuration mode You cannot delete the Default_VLAN The untagged ports of deleted VLANs are automatically returned back to the Default_VLAN Here is the format of the command no vlan vid This example de...

Page 739: ...nformation is shown in Figure 135 Figure 135 SHOW VLAN ALL Command The information is described in Table 72 on page 746 VLAN ID Name Type State Member ports u Untagged t Tagged 1 default STATIC ACTIVE...

Page 740: ...Chapter 47 Port based and Tagged VLANs 740...

Page 741: ...e native VLAN of tagged ports NO VLAN on page 745 VLAN Configuration Deletes VLANs from the switch SHOW VLAN on page 746 User Exec and Privileged Exec Displays all the VLANs on the switch SWITCHPORT A...

Page 742: ...VLAN if they are set to the authenticator role for 802 1x port based network access control You must first remove the authenticator role For instructions refer to NO DOT1X PORT CONTROL on page 950 Con...

Page 743: ...the trunk mode has been removed Note You must first remove a port from all tagged VLAN assignments before you can remove its tagged designation For instructions refer to SWITCHPORT TRUNK ALLOWED VLAN...

Page 744: ...s and egress untagged packets A tagged port can have only one native VLAN Note This command will not work if the tagged port is already a tagged member of the Default_VLAN because a port cannot be bot...

Page 745: ...ntagged ports Static addresses assigned to the ports of a deleted VLAN become obsolete and should be deleted from the MAC address table For instructions refer to NO MAC ADDRESS TABLE STATIC on page 36...

Page 746: ...136 SHOW VLAN Command The columns in the table are described here VLAN ID Name Type State Member ports u Untagged t Tagged 1 default STATIC ACTIVE 1 u 20 u 21 u 22 u 23 u 26 u 27 u 28 u 5 Sales STATIC...

Page 747: ...ANs on the switch awplus show vlan State The states of the VLANs A VLAN has an Active state if it has at least one tagged or untagged port and an Inactive state if it does not have any ports Member Po...

Page 748: ...tically removes it from its current untagged VLAN assignment before moving it to its new assignment For example if you add port 4 as an untagged port to a VLAN the switch automatically removes the por...

Page 749: ...0 5 port1 0 7 awplus config if switchport access vlan 12 This example returns port 15 as an untagged port to the Default_VLAN which has the VID 1 awplus enable awplus configure terminal awplus config...

Page 750: ...ts to VLANs The second command is SWITCHPORT ACCESS VLAN on page 748 The access mode is the default setting for all ports on the switch Consequently you only need to perform this command for ports tha...

Page 751: ...LLOWED VLAN on page 753 The INGRESS FILTER parameter controls whether the tagged port accepts or rejects tagged packets containing VIDs that do not match any of its tagged VIDs If ingress filtering is...

Page 752: ...is example designates port 18 as a tagged port and disables ingress filtering so that it accepts all tagged packets awplus enable awplus configure terminal awplus config interface port1 0 18 awplus co...

Page 753: ...ignated VLAN You can specify more than one VID except vid Adds the port as a tagged port to all the VLANs on the switch except for the designated VLAN You can specify more than one VID remove vid Remo...

Page 754: ...1x none role before they can be removed from a VLAN You can reassign their roles after you change their VLAN assignments Confirmation Command SHOW VLAN on page 746 Examples of Adding Tagged Ports to...

Page 755: ...plus config if switchport trunk allowed vlan except 11 Examples of Removing Tagged Ports from VLANs This example removes tagged port 17 from the VLAN with a VID of 8 awplus enable awplus configure ter...

Page 756: ...native VLANs for tagged ports The native VLAN of a tagged port specifies the appropriate VLAN for ingress untagged packets A tagged port can have only one native VLAN and the VLAN must already exist...

Page 757: ...uide 757 This example reestablishes the Default_VLAN as the native VLAN for tagged ports 18 and 20 awplus enable awplus configure terminal awplus config interface port1 0 18 port1 0 20 awplus config i...

Page 758: ...e VID value name Specifies a name for a new VLAN A name can be from 1 to 20 characters in length The first character must be a letter it cannot be a number VLANs will be easier to identify if their na...

Page 759: ...ring awplus enable awplus configure terminal awplus config vlan database awplus config vlan vlan 5 name Engineering This example creates a new VLAN with the VID 17 and the name Manufacturing awplus en...

Page 760: ...Chapter 48 Port based and Tagged VLAN Commands 760...

Page 761: ...page 767 Enabling GVRP on the Switch on page 768 Enabling GIP on the Switch on page 769 Enabling GVRP on the Ports on page 770 Setting the GVRP Timers on page 771 Disabling GVRP Timers on the Switch...

Page 762: ...device that sent it It then does the following If the PDU contains a VID of a VLAN that does not exist on the switch it creates the designated VLAN and adds the port that received the PDU as a tagged...

Page 763: ...Example The example consists of three switches Switches 1 and 3 have the Sales VLAN but switch 2 does not Consequently the end nodes of the two parts of the Sales VLANs cannot communicate with each o...

Page 764: ...s VID of 11 Note that port 3 is not yet a member of the VLAN Ports are added to VLANs when they receive PDUs from other network devices not when they transmit PDUs 4 Switch 3 receives the PDU on port...

Page 765: ...GVRP VLANs and dynamic GVRP port assignments The dynamic assignments are relearned by the switch as PDUs arrive on the ports from other switches GVRP has three timers Join Timer Leave Timer and Leave...

Page 766: ...member of the VLANs giving the intruder access to restricted areas of your network Here are a couple of suggestions to protect against this type of network intrusion Activating GVRP only on those swi...

Page 767: ...ives from the GVRP active switches GVRP PDUs are management frames intended for the switch s CPU In all likelihood a GVRP inactive switch will discard the PDUs because it will not recognize them The s...

Page 768: ...Configuration mode It is the GVRP ENABLE command After the command is entered the switch immediately begins to transmit PDUs from those ports where GVRP is enabled and to learn dynamic GVRP VLANs Her...

Page 769: ...GVRP on the switch GIP must be enabled if the switch is using GVRP The command for activating GIP is the GVRP APPLICANT STATE ACTIVE command in the Global Configuration mode Here is the command awplus...

Page 770: ...default setting for GVRP on the ports is enabled you should only need to use this command if you want to enable GVRP after disabling it on a port This example of the command activates GVRP on ports 1...

Page 771: ...n Timer 2 x Leave Timer The commands for setting the timers are in the Global Configuration mode They are gvrp timer join value gvrp timer leave value gvrp timer leaveall value The timers are set in o...

Page 772: ...ey are no gvrp timer join no gvrp timer leave no gvrp timer leaveall Use these commands to reset GVRP timers to the default values for each individual parameter The default values are GVRP timer join...

Page 773: ...he GVRP REGISTRATION NONE command in the Port Interface mode This example of the command deactivates GVRP on ports 4 and 5 awplus enable awplus configure terminal awplus config interface port1 0 4 1 0...

Page 774: ...d if the switch is using GVRP There is never any reason to disable GIP Even if the switch is not performing GVRP you can still leave GIP enabled The command for disabling GIP is GVRP APPLICANT STATE N...

Page 775: ...to stop the switch from learning any further dynamic VLANs or GVRP ports use the NO GVRP ENABLE command in the Global Configuration mode Here is the command awplus enable awplus configure terminal aw...

Page 776: ...Default Settings To disable GVRP and to return the timers to their default settings use the PURGE GVRP command in the Global Configuration mode awplus enable awplus configure terminal awplus config pu...

Page 777: ...d the three timer settings Here is the command awplus show gvrp timer Here is an example of the information the command provides Figure 138 SHOW GVRP TIMER Command For reference information refer to S...

Page 778: ...Chapter 49 GARP VLAN Registration Protocol 778...

Page 779: ...nables GVRP GVRP REGISTRATION on page 785 Port Interface Set a port s GVRP status GVRP TIMER JOIN on page 786 Global Configuration Sets the GARP Join Timer GVRP TIMER LEAVE on page 787 Global Configur...

Page 780: ...ameters for the internal database for the GARP application SHOW GVRP MACHINE on page 796 User Exec and Privileged Exec Displays parameters for the GID state machines for the GARP application SHOW GVRP...

Page 781: ...mmand to convert dynamic GVRP VLANs and dynamic GVRP port assignments to static VLANs and static port assignments Example This example converts dynamic GVRP VLANs and dynamic GVRP port assignments to...

Page 782: ...icant state active Parameters None Mode Global Configuration mode Description Use this command to enable GIP on the switch GIP must be enabled for GVRP to operate properly Example This example enables...

Page 783: ...None Mode Global Configuration mode Description Use this command to disable GIP on the switch Note Do not disable GIP if the switch is running GVRP GIP is required for proper GVRP operation Example Th...

Page 784: ...84 GVRP ENABLE Syntax gvrp enable Parameters None Mode Global Configuration mode Description Use this command to enable GVRP on the switch Example This example enables GVRP on the switch awplus enable...

Page 785: ...or disable GVRP on a port A port where GVRP is enabled transmits GVRP PDUs A port where GVRP is disabled does not send GVRP PDUs Examples This example enables GVRP on ports 5 and 6 awplus enable awpl...

Page 786: ...s 20 centiseconds Mode Global Configuration mode Description Use this command to set the GARP Join Timer This timer must be set in relation to the GVRP Leave Timer according to the following equation...

Page 787: ...a second The range is 30 to 180 centiseconds The default is 60 centiseconds Mode Global Configuration mode Description Use this command to set the GARP Leave Timer Note The setting for this timer must...

Page 788: ...ge is 500 to 3000 centiseconds The default is 1000 centiseconds Mode Global Configuration mode Description Use this command to set the GARP Leave All timer Note The settings for this timer must be the...

Page 789: ...ENABLE Syntax no gvrp enable Parameters None Mode Global Configuration mode Description Use this command to disable GVRP on the switch Example This example disables GVRP on the switch awplus enable aw...

Page 790: ...urations and return the GVRP Join Timer to its default value This timer must only be disabled in relation to the GVRP Leave Timer according to the following equation Join Timer 2 x GVRP Leave Timer No...

Page 791: ...and return the GVRP Leave Timer to its default value This timer must only be disabled in relation to the GVRP Join Timer according to the following equation Join Timer 2 x GVRP Leave Timer Note The s...

Page 792: ...mode Description Use this command to disable the GARP Leave All timer and return the GVRP Leave All timer to its default value Note The settings for this timer must be the same on all GVRP active net...

Page 793: ...Global Configuration mode Description Use this command to disable GVRP on the switch and to return the timers to their default values Example This example disables GVRP on the switch and returns the t...

Page 794: ...pplicant Parameter None Mode Privileged Exec mode Description Use this command to display the following parameters for the GIP connected ring for the GARP application GARP Application GIP contact STP...

Page 795: ...cription Use this command to display the following parameters for the internal database for the GARP application Each attribute is represented by a GID index within the GARP application GARP Applicati...

Page 796: ...Description Use this command to display the following parameters for the GID state machines for the GARP application The output is shown on a per GID index basis each attribute is represented by a GID...

Page 797: ...eive Discarded GARP Disabled Receive Discarded Port Not Listening Transmit Discarded Port Not Sending Receive Discarded Invalid Port Receive Discarded Invalid Protocol Receive Discarded Invalid Format...

Page 798: ...ommands 798 Receive GARP Messages Empty Transmit GARP Messages Empty Receive GARP Messages Bad Message Receive GARP Messages Bad Attribute Example This example displays the values of GARP packet and m...

Page 799: ...scription Use this command to display the current values for the following GARP application parameters GARP application protocol GVRP status GVRP GIP status GVRP Join Time GVRP Leave Time GVRP Leaveal...

Page 800: ...Chapter 50 GARP VLAN Registration Protocol Commands 800...

Page 801: ...lines on page 807 General Steps on page 808 Creating MAC Address based VLANs on page 809 Adding MAC Addresses to VLANs and Designating Egress Ports on page 810 Removing MAC Addresses on page 811 Delet...

Page 802: ...the same resources regardless of the points at which they access the network If you employed port based or tagged VLANs for roaming users you might have to constantly reconfigure the VLANs moving por...

Page 803: ...LANs relieves you from having to map each address to its corresponding egress port Instead you only need to be sure that all the egress ports in a MAC address based VLAN are assigned to at least one a...

Page 804: ...l be flooded out port 4 This means that whatever device is connected to the port receives the flooded traffic form all three VLANs If security is a major concern for your network you might not want to...

Page 805: ...odes on all the switches where the VLAN exists The same MAC address based VLAN on different switches must have the same list of MAC addresses Figure 139 illustrates an example of a MAC address based V...

Page 806: ...here is a match the switch considers the packet as a member of the corresponding MAC address based VLAN and not the port based VLAN and forwards it out the egress ports defined for the corresponding M...

Page 807: ...rt of a MAC address based VLAN and an untagged member of a port based VLAN Given that there is no way for the switch to determine the VLAN to which the broadcast packet belongs it floods the packet on...

Page 808: ...tion mode to assign a name and a VID to the new VLAN and to designate the VLAN as a MAC address based VLAN 2 Use the VLAN SET MACADDRESS command in the Global Configuration mode to assign the MAC addr...

Page 809: ...of the VLAN must be unique from all other VLANs on the switch The name of a VLAN can be up to 20 characters It cannot contain any spaces and the first character must be a letter not a number This exam...

Page 810: ...hich the address is to be added and the MAC ADDRESS parameter is the address which has to be entered in this format xx xx xx xx xx xx or xxxx xxxx xxxx The MACADDRESS and DESTADDRESS keywords are equi...

Page 811: ...g interface port1 0 6 port1 0 8 awplus config if no vlan 23 macaddress 11 8a 92 ce 76 28 Before MAC addresses can be completely removed from this type of VLAN you must first remove them from their egr...

Page 812: ...he switch use the NO VLAN command in the VLAN Configuration mode You can delete only one VLAN at a time Here is the format of the command no vlan vid This example deletes the VLAN with the VID 23 awpl...

Page 813: ...in Table 78 on page 823 VLAN 5 MAC Associations Total number of associated MAC addresses 5 MAC Address Ports 5A 9E 84 31 23 85 port1 0 13 port1 0 18 1A 87 9B 52 36 D5 port1 0 18 26 72 9A CB 1A E4 por...

Page 814: ...esignate it as a MAC address based VLAN awplus config vlan exit Return to the Global Configuration mode Use the VLAN SET MACADDRESS command in the Global Configuration mode to assign the MAC addresses...

Page 815: ...us config if vlan set 21 macaddress 00 30 42 53 10 3a awplus config if end Return to the Privileged Exec mode awplus show vlan macaddress Confirm the configuration again with the SHOW VLAN MACADDRESS...

Page 816: ...Chapter 51 MAC Address based VLANs 816...

Page 817: ...e 819 Global Configuration Removes MAC addresses from VLANs NO VLAN MACADDRESS Port Interface Mode on page 820 Port Interface Removes MAC addresses from egress ports SHOW VLAN MACADDRESS on page 822 P...

Page 818: ...Configuration mode Description Use this command to delete MAC address based VLANs from the switch You can delete only one VLAN at a time with this command Confirmation Command SHOW VLAN MACADDRESS on...

Page 819: ...ode Description Use this command to remove MAC addresses from MAC address based VLANs You can remove only one address at a time with this command The command does not accept ranges or wildcards MAC ad...

Page 820: ...xx xx xx xx xx xx Note The MACADDRESS and DESTADDRESS keywords are equivalent Mode Port Interface mode Description Use this command to remove MAC addresses from egress ports in MAC address based VLANs...

Page 821: ...s example removes the MAC address 00 30 84 75 11 B2 from the egress port 11 to 14 in a VLAN with the VID 24 awplus enable awplus configure terminal awplus config interface port1 0 11 port1 0 14 awplus...

Page 822: ...SHOW VLAN MACADDRESS Command VLAN 11 MAC Associations Total number of associated MAC addresses 5 MAC Address Ports 5A 9E 84 31 23 85 port1 0 4 port1 0 8 1A 87 9B 52 36 D5 port1 0 4 26 72 9A CB 1A E4 p...

Page 823: ...ess based VLANs on the switch awplus show vlan macaddress Table 78 SHOW VLAN MACADDRESS Command Parameter Description VLAN VID MAC Associations The VID of the MAC address based VLAN Total Number of As...

Page 824: ...cter of the name must be a letter it cannot be a number VLANs will be easier to identify if their names reflect the functions of their subnetworks or workgroups for example Sales or Accounting A name...

Page 825: ...ser s Guide 825 Example This example creates a MAC address based VLAN that has the name Sales and the VID 3 awplus enable awplus configure terminal awplus config vlan database awplus config vlan vlan...

Page 826: ...Use this command to add MAC addresses to MAC address based VLANs You can add only one address at a time with this command You cannot use ranges or wildcards The specified VLAN must already exist Refer...

Page 827: ...mand Line User s Guide 827 This example adds the MAC address 00 30 84 32 76 1A to a MAC address based VLAN with the VID 12 awplus enable awplus configure terminal awplus config vlan set 12 macaddress...

Page 828: ...ivalent Mode Port Interface mode Description Use this command to assign MAC addresses to egress ports for MAC address based VLANs The specified MAC address must already be assigned to the VLAN For ins...

Page 829: ...This example assigns the MAC address 00 30 84 75 11 B2 to ports 11 to 14 in a VLAN that has the VID 24 awplus enable awplus configure terminal awplus config interface port1 0 1 port1 0 4 awplus config...

Page 830: ...Chapter 52 MAC Address based VLAN Commands 830...

Page 831: ...ANs This chapter provides the following topics Overview on page 832 Guidelines on page 834 Creating Private VLANs on page 835 Adding Host and Uplink Ports on page 836 Deleting VLANs on page 837 Displa...

Page 832: ...ation for private VLANs is to simplify IP address assignments Ports can be isolated from each other while still belonging to the same subnet A private VLAN generally consists of one or more host ports...

Page 833: ...ommunicate with uplink ports Can communicate with appropriately configured trunk ports Uplink ports Promiscuous ports Promiscuous ports act as untagged trunk ports A private VLAN can have more than on...

Page 834: ...ort can be an uplink port of just one private VLAN at a time however a private VLAN can have more than one uplink port The host ports of private VLANs are untagged ports and as such transmit only unta...

Page 835: ...ate vlan vid The VID number has the range of 2 to 4094 The VID of a private VLAN must be unique from all other VLANs on the switch This example assigns the VID 26 to a new private VLAN awplus enable a...

Page 836: ...d adds ports 2 to 7 as host ports of a private VLAN that has the VID 15 awplus enable awplus configure terminal awplus config interface port1 0 2 port1 0 7 awplus config if switchport mode private vla...

Page 837: ...re automatically returned by the switch to the Default_VLAN Here is the format of the command no vlan vid The VID parameter is the VID of the private VLAN you want to delete The command lets you delet...

Page 838: ...in the Privileged Exec mode displays the private VLANs currently existing on the switch along with their host and uplink ports Here is the command awplus show vlan private vlan Here is an example of...

Page 839: ...VLAN Configuration Deletes VLANs from the switch PRIVATE VLAN on page 841 VLAN Configuration Creates private port VLANs SHOW VLAN PRIVATE VLAN on page 842 Privileged Exec Displays the private port VLA...

Page 840: ...ode VLAN Configuration mode Description Use this command to delete private port VLANs from the switch You can delete one VLAN at a time with this command Confirmation Command SHOW VLAN PRIVATE VLAN on...

Page 841: ...iguration mode Description Use this command to create new private port VLANs You can create just one VLAN at a time Refer to SWITCHPORT MODE PRIVATE VLAN HOST on page 843 to add host ports to a new VL...

Page 842: ...ileged Exec mode Description Use this command to display the private port VLANs on the switch Here is an example of the information Figure 143 SHOW VLAN PRIVATE VLAN Command Example The following exam...

Page 843: ...erface mode Description Use this command to add host ports to private port VLANs Devices connected to host ports in a private port VLAN can only communicate with the uplink port Confirmation Command S...

Page 844: ...rface mode Description Use this command to add a promiscuous uplink port to a private port VLAN A promiscuous port can be an uplink port of just one private VLAN at a time Confirmation Command SHOW VL...

Page 845: ...e VLAN Commands Command Mode Description NO SWITCHPORT VOICE VLAN on page 846 Port Interface Removes ports from voice VLANs SWITCHPORT VOICE DSCP on page 847 Port Interface Configures the Layer 3 DSCP...

Page 846: ...This command removes LLDP MED network policy configuration for a voice device connected to these ports but does not change the spanning tree edge port status Confirmation Command SHOW VLAN on page 74...

Page 847: ...e VLAN DSCP and CoS values Use the NO form of this command to remove a DSCP value from a port without replacing it with a new value A DSCP value of 0 will be advertised Confirmation Command SHOW RUNNI...

Page 848: ...and to configure the Voice VLAN tagging advertised when the transmission of LLDP MED Network Policy TLVs for voice endpoint devices is enabled When LLDP MED capable IP phones receive this network poli...

Page 849: ...ge 158 SHOW LLDP LOCAL INFO INTERFACE on page 1125 Examples This example tells IP phones connected to port 1 0 5 to send voice data tagged for VLAN 10 awplus enable awplus configure terminal awplus co...

Page 850: ...Chapter 55 Voice VLAN Commands 850...

Page 851: ...851 Chapter 56 VLAN Stacking This chapter provides the following topics Overview on page 852 Components on page 854 VLAN Stacking Process on page 855 Example of VLAN Stacking on page 856...

Page 852: ...ative headers is that different customers are likely to use the same VIDs in their networks And requiring that customers reconfigure their VLANs by assigning unique VIDs not used by other customers is...

Page 853: ...the source MAC address and remains in the packets only while the packets are being transported across a metro network The headers are deleted at the point the packets leave the metro network and reen...

Page 854: ...t handle tagged packets But with VLAN stacking customer ports may handle tagged or untagged packets The extra 802 1Q headers are added to or deleted from the packets at the customer ports The action o...

Page 855: ...mer port adds the new 802 1Q header giving it the same VID number as the VLAN in which the customer port is a member 3 The modified packet is forwarded out the provider port and into the metro Etherne...

Page 856: ...r the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config vlan database Enter the VLAN Configuration mode awplus config v...

Page 857: ...t access vlan 79 Add the ports as untagged ports to the VLAN with the SWITCHPORT ACCESS VLAN command awplus config if switchport vlan stacking customer edge port Use the SWITCHPORT VLAN STACKING comma...

Page 858: ...awplus show vlan Use the SHOW VLAN command again to confirm the configuration of the ABC_Inc VLAN TPID INTERFACES c Customer Edge Port p Provider Port 0x8100 port1 0 5 c 0x8100 port1 0 6 c 0x8100 port...

Page 859: ...alue to 0x8100 with the PLATFORM VLAN STACKING TPID command awplus exit Return to the Privileged Exec mode awplus show vlan vlan stacking Use the SHOW VLAN VLAN STACKING command to confirm the change...

Page 860: ...Chapter 56 VLAN Stacking 860 Section III File System...

Page 861: ...Interface Removes ports from VLAN stacking PLATFORMVLAN STACKING TPID on page 863 Global Configuration Specifies the Tag Protocol Identifier TPID value SHOW VLAN VLAN STACKING on page 864 Privileged E...

Page 862: ...rt Interface mode Description Use this command to remove ports from VLAN stacking Confirmation Command SHOW VLAN VLAN STACKING on page 864 Example This example removes ports 3 to 16 and 21 from VLAN s...

Page 863: ...one TPID value The value must be entered in hexadecimal format Mode Global Configuration mode Description Use this command to specify the Tag Protocol Identifier TPID value that applies to all frames...

Page 864: ...o display the port assignments of VLAN stacking Here is an example of the information Figure 147 SHOW VLAN VLAN STACKING Command Example awplus enable awplus show vlan vlan stacking TPID INTERFACES c...

Page 865: ...edge port or provider port This is sometimes referred to as VLAN double tagging nested VLANs or QinQ Confirmation Command SHOW VLAN VLAN STACKING on page 864 Examples awplus enable awplus configure t...

Page 866: ...Chapter 57 VLAN Stacking Commands 866 Section III File System...

Page 867: ...chapters Chapter 58 MAC Address based Port Security on page 869 Chapter 59 MAC Address based Port Security Commands on page 879 Chapter 60 802 1x Port based Network Access Control on page 893 Chapter...

Page 868: ...868...

Page 869: ...This chapter contains the following topics Overview on page 870 Configuring Ports on page 872 Enabling MAC Address based Security on Ports on page 874 Disabling MAC Address based Security on Ports on...

Page 870: ...tore the addresses as dynamic addresses can learn new addresses when addresses are timed out from the table by the switch The addresses are aged out according to the aging time of the MAC address tabl...

Page 871: ...address based port security and 802 1x port based access control on the same port To configure a port as an Authenticator or Supplicant in 802 1x port based access control you must remove MAC address...

Page 872: ...to learn up to 25 source MAC addresses each and to store the addresses as static addresses in the MAC address table The intrusion action is set to protect so that the ports discard packets with unknow...

Page 873: ...g interface port1 0 16 awplus config if switchport port security maximum 45 awplus config if switchport port security aging awplus config if switchport port security violation restrict This example co...

Page 874: ...to activate the feature on the ports This is accomplished with the SWITCHPORT PORT SECURITY command in the Port Interface mode This example of the command activates port security on ports 16 to 24 awp...

Page 875: ...SWITCHPORT PORT SECURITY command in the Port Interface mode This example of the command removes port security from port 23 awplus enable awplus configure terminal awplus config interface port1 0 23 aw...

Page 876: ...is shown in Figure 148 Figure 148 SHOW PORT SECURITY INTERFACE Command The fields are defined in Table 85 on page 882 If you are interested in viewing just the number of packets the ports have discard...

Page 877: ...877 Figure 149 is an example of the information Figure 149 Example of SHOW PORT SECURITY INTRUSION INTERFACE Command Port Security Intrusion List Last 256 Intrusions Interface Port 1 0 17 2 intrusion...

Page 878: ...Chapter 58 MAC Address based Port Security 878...

Page 879: ...SECURITY INTERFACE on page 882 Privileged Exec Displays the security mode settings of the ports SHOW PORT SECURITY INTRUSION INTERFACE on page 885 Privileged Exec Displays the number of packets the po...

Page 880: ...AC address based security from the ports Note To activate ports that were disabled by the shutdown intrusion action refer to NO SHUTDOWN on page 211 Confirmation Command SHOW PORT SECURITY INTERFACE o...

Page 881: ...e never deleted from the table ports that learn their maximum numbers of source MAC addresses cannot learn new addresses even when the source nodes of the learned addresses are inactive Confirmation C...

Page 882: ...NTERFACE Command The fields are described in Table 85 Table 85 SHOW PORT SECURITY INTERFACE Command Field Description Port Port number Security Enabled The current status of MAC address based security...

Page 883: ...Protect intrusion action Restrict Restrict intrusion action Shutdown Shut down intrusion action Aging The status of MAC address aging on the port If the aging status is No the MAC addresses that are...

Page 884: ...ort Lock Status Whether or not the port has learned its maximum number of MAC addresses The port will have a Locked status if it has learned its maximum number of MAC addresses and an Unlocked status...

Page 885: ...ource MAC addresses The ports begin to discard packets after learning their maximum number of source MAC addresses This information is also available with SHOW PORT SECURITY INTERFACE on page 882 Figu...

Page 886: ...TY INTRUSION INTERFACE Command Port Security Intrusion List Port Security Intrusion List Last 10 Intrusions Interface Port 1 0 5 132 intrusion s detected 000 0900 127E 000 0900 127F 000 0900 027D 000...

Page 887: ...n Use this command to activate MAC address based security on ports Confirmation Command SHOW PORT SECURITY INTERFACE on page 882 Example This example activates MAC address based security on port 3 and...

Page 888: ...MAC address in the MAC address table Ports that learn their maximum numbers of addresses can learn new addresses as inactive addresses are deleted from the table Confirmation Command SHOW PORT SECURI...

Page 889: ...number of dynamic MAC addresses that ports can learn Ports that learn their maximum numbers of MAC addresses discard ingress packets with unknown MAC addresses Use the no form of this command NO SWITC...

Page 890: ...how the switch responds when ports that have learned their maximum number of MAC addresses receive ingress frames that have unknown source MAC addresses The no form of this command NO SWITCHPORT PORT...

Page 891: ...erminal awplus config interface port1 0 22 port1 0 24 awplus config if switchport port security violation restrict This example sets the intrusion action on port 2 to shutdown The switch disables the...

Page 892: ...Chapter 59 MAC Address based Port Security Commands 892...

Page 893: ...for Authenticator Ports on page 899 Supplicant and VLAN Associations on page 903 Guest VLAN on page 906 Guidelines on page 907 Enabling 802 1x Port Based Network Access Control on the Switch on page...

Page 894: ...w that you can also use the RADIUS client software on the switch along with a RADIUS server on your network to create new remote manager accounts Note RADIUS with Extensible Authentication Protocol EA...

Page 895: ...ich the authenticator responds with an EAP Request Identity packet The supplicant responds with an EAP Response Identity packet to the authentication server via the authenticator The authentication se...

Page 896: ...and must communicate with the switch through a port that is not configured as an authenticator port Authenticator Role The authenticator role activates port access control on a port Ports in this role...

Page 897: ...signed valid combinations Another advantage is that the authentication is not tied to any specific computer or node An end user can log on from any system and still be verified by the RADIUS server as...

Page 898: ...S server the port begins forwarding all traffic to and from the supplicant Force authorized Automatically places the port in the authorized state without any authentication exchange required The port...

Page 899: ...de Multi Host Mode This mode permits multiple supplicants on an authenticator port An authenticator host forwards packets from all supplicants once one supplicant has successfully logged on This mode...

Page 900: ...e traffic of all the supplicants Figure 154 Multi Host Operating Mode If the port is configured as 802 1x Authenticator one supplicant must have 802 1x client firmware and must provide a username and...

Page 901: ...and you want all supplicants to be authenticated A switch can support up to a maximum of 208 supplicants If the authentication method is MAC address based the authenticator port uses the MAC addresses...

Page 902: ...d Network Access Control 902 Figure 155 Multi Supplicant Mode RADIUS Authentication Server Port 1 0 6 Role Authenticator Operating Mode Multi Supplicant Mode Ethernet Hub or Non 802 1x compliant Switc...

Page 903: ...and security levels The problem with a port based VLAN is that VLAN membership is determined by the port on the switch to which the device is connected If a different device that needs to belong to a...

Page 904: ...e the VID of a nonexistent VLAN it leaves the port in the unauthorized state to deny access to the port Multi Supplicant Mode The initial authentication on an authenticator port running in the multi s...

Page 905: ...t medium to be used for the tunnel specified by Tunnel Private Group Id The only supported value is 802 6 Tunnel Private Group ID The ID of the tunnel the authenticated user should use This must be th...

Page 906: ...If the switch receives 802 1x packets on the port signalling that a supplicant is logging on the authentication process continues normally If dynamic VLAN creation is enabled using AUTH DYNAMIC VLAN...

Page 907: ...and password when working at different workstations After a supplicant has successfully logged on the MAC address of the end node is added to the switch s MAC address table as an authenticated addres...

Page 908: ...MD5 EAP TLS EAP TTLS and EAP PEAP authentication methods The switch must have a management IP address to communicate with the RADIUS server For background information refer to Chapter 13 IPv4 and IPv...

Page 909: ...ENTICATION DOT1X DEFAUT GROUP RADIUS command The command has no parameters Here is the command awplus enable awplus configure terminal awplus config aaa authentication dot1x default group radius Note...

Page 910: ...rrupts network operations because the designated ports stop forwarding traffic until the supplicants log on Designating the Authentication Methods A port can be configured for either 802 1x authentica...

Page 911: ...onnected to multiple nodes The ports forward all traffic after just one supplicant successfully logs on Multi supplicant mode For authenticator ports that are connected to multiple nodes The supplican...

Page 912: ...onfig interface port1 0 8 awplus config if dot1x port control auto awplus config if auth host mode multi host This example configures ports 1 0 16 to 1 0 19 to use the MAC address authentication metho...

Page 913: ...cate every 2 hours 7200 seconds awplus enable awplus configure terminal awplus config interface port1 0 21 port1 0 22 awplus config if dot1x port control auto awplus config if auth reauthentication aw...

Page 914: ...y forward traffic without authenticating supplicants go to the Port Interface mode of the ports and enter the NO DOT1X PORT CONTROL command This example removes the authenticator role from ports 1 0 1...

Page 915: ...de and enter the NO AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUS command Here is the command awplus enable awplus configure terminal awplus config no aaa authentication dot1x default group radius Not...

Page 916: ...Figure 156 is an example of what you will see Figure 156 SHOW DOT1X INTERFACE Command Authentication Info for interface port1 0 1 portEnabled Enabled portControl Auto portStatus DOWN reAuthenticate Di...

Page 917: ...ort 1 0 2 awplus enable awplus show dot1x statistics interface port1 0 2 Figure 157 SHOW DOT1X STATISTICS INTERFACE Command Authentication Statistics for interface port1 0 2 EAPOL Frames Rx 0 EAPOL Fr...

Page 918: ...Chapter 60 802 1x Port based Network Access Control 918...

Page 919: ...e Sets the operating modes on authenticator ports AUTH REAUTHENTICATION on page 928 Port Interface Activates reauthentication on the authenticator ports AUTH TIMEOUT QUIET PERIOD on page 929 Port Inte...

Page 920: ...t authentication sessions DOT1X PORT CONTROL AUTO on page 941 Port Interface Sets ports to the authenticator role DOT1X PORT CONTROL FORCE AUTHORIZED on page 942 Port Interface Configures ports to the...

Page 921: ...ERFACE on page 953 Privileged Exec Displays the authentication statistics of authenticator ports SHOW AUTH MAC SUPPLICANT INTERFACE on page 954 Privileged Exec Displays the supplicant state on authent...

Page 922: ...ing for this feature is disabled Note You should activate and configure the RADIUS client software on the switch before activating port based access control For instructions refer to Chapter 88 RADIUS...

Page 923: ...o disable this feature refer to NO AUTH DYNAMIC VLAN CREATION on page 946 Confirmation Command SHOW AUTH MAC INTERFACE on page 951 or SHOW DOT1X INTERFACE on page 956 Examples This example activates s...

Page 924: ...ds 924 This example activates multiple dynamic VLAN assignment on authenticator port 1 0 4 awplus enable awplus configure terminal awplus config interface port1 0 4 awplus config if dot1x port control...

Page 925: ...hich point it is moved to a configured VLAN or if the dynamic VLAN setting is enabled it will be moved to the VLAN specified in a supplicant s account on the RADIUS server A port must already be desig...

Page 926: ...is referred to as piggy backing multi supplicant Specifies the multi supplicant operating mode An authenticator port set to this mode requires that all supplicants log on Mode Port Interface mode Desc...

Page 927: ...nable awplus configure terminal awplus config interface port1 0 8 awplus config if auth host mode multi host This example configures authenticator ports 1 0 12 and 1 0 13 to the multi supplicant opera...

Page 928: ...ator ports The supplicants must periodically reauthenticate according to the time interval set with AUTH TIMEOUT REAUTH PERIOD on page 930 Confirmation Command SHOW AUTH MAC INTERFACE on page 951 or S...

Page 929: ...is 60 seconds Mode Port Interface mode Description Use this command to set the number of seconds that an authenticator port waits after a failed authentication with a supplicant before accepting auth...

Page 930: ...erval for reauthentication of supplicants on an authenticator port Reauthentication must be enabled on an authenticator port for the timer to work Reauthentication on a port is activated with AUTH REA...

Page 931: ...The default value is 30 seconds Mode Port Interface mode Description Use this command to set the amount of time the switch waits for a response from a RADIUS authentication server Confirmation Command...

Page 932: ...nds Mode Port Interface mode Description Use this command to set the retransmission time for EAP request frames from authenticator ports Confirmation Command SHOW AUTH MAC INTERFACE on page 951 or SHO...

Page 933: ...he initial frames from a supplicant and automatically sends it as the supplicant s username and password to the authentication server This authentication method does not require 802 1x client software...

Page 934: ...is command to set the MAC address of the supplicant client device to re learning for re authentication on the interface specified in the INTERFACE command Example This example sets the MAC address of...

Page 935: ...entering the specified port are discarded The in parameter discards the ingress packets received from the supplicant If the both parameter is specified with this command packets entering ingress and...

Page 936: ...Chapter 61 802 1x Port based Network Access Control Commands 936 awplus enable awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x control direction in...

Page 937: ...me VLAN as the ingress port forward vlan Forwards ingress EAP packets to tagged and untagged ports in the same VLAN as the ingress port Mode Global Configuration mode Description Use this command to c...

Page 938: ...packets when 802 1x authentication is disabled awplus enable awplus configure terminal awplus config dot1x eap discard This example configures the switch to forward EAP packets only to untagged ports...

Page 939: ...ommand to force authenticator ports into the unauthorized state You might use this command to force supplicants on authenticator ports to reauthenticate themselves again by logging in with their usern...

Page 940: ...The default value is 2 Mode Port Interface mode Description Use this command to specify the maximum number of times the switch transmits EAP Request packets to a supplicant before it times out the aut...

Page 941: ...ate forwarding only EAPOL frames until a supplicant has successfully logged on For background information refer to Operational Settings for Authenticator Ports on page 898 Confirmation Command SHOW AU...

Page 942: ...e without any authentication exchanges required The ports transmit and receive traffic normally without 802 1x based authentication of the supplicants For background information refer to Operational S...

Page 943: ...in the authenticator role the switch blocks all traffic on the ports For background information refer to Operational Settings for Authenticator Ports on page 898 Confirmation Command SHOW AUTH MAC IN...

Page 944: ...Mode Port Interface mode Description Use this command to set the amount of time that an authenticator port on the switch waits for a reply from a supplicant to an EAP request identity frame If no rep...

Page 945: ...iption Use this command to disable 802 1x port based network access control on the switch All ports forward packets without any authentication This is the default setting Confirmation Command SHOW DOT...

Page 946: ...c VLAN assignments of authentication ports For background information refer to Supplicant and VLAN Associations on page 903 Confirmation Command SHOW AUTH MAC INTERFACE on page 951 SHOW DOT1X INTERFAC...

Page 947: ...command to disable the Guest VLAN feature on an authenticator port Confirmation Command SHOW AUTH MAC INTERFACE on page 951 SHOW DOT1X INTERFACE on page 956 Example This example removes the guest VLAN...

Page 948: ...odically reauthenticate after the initial authentication Reauthentication is still required if there is a change to the status of the link between a supplicant and the switch or the switch is reset or...

Page 949: ...Use this command to deactivate MAC address based authentication on authenticator ports Confirmation Command SHOW DOT1X SUPPLICANT INTERFACE on page 958 Example This example removes MAC address based...

Page 950: ...ommand to remove ports from the authenticator role so that they forward traffic without authentication Confirmation Command SHOW AUTH MAC INTERFACE on page 951 or SHOW DOT1X INTERFACE on page 956 Exam...

Page 951: ...ure 158 SHOW AUTH MAC INTERFACE Command Example This example displays the parameter settings of authenticator ports 1 0 1 through 1 0 4 awplus show auth mac interface port1 0 1 port1 0 4 Authenticatio...

Page 952: ...display session statistics of the authenticator ports An example is shown in Figure 159 Figure 159 SHOW AUTH MAC SESSIONSTATISTICS INTERFACE Command Example This example displays the session statistic...

Page 953: ...e 957 An example is shown in Figure 160 Figure 160 SHOW AUTH MAC STATISTICS INTERFACE Command Example This example displays the EAP packet statistics of authenticator port 1 0 7 awplus show auth mac s...

Page 954: ...d is equivalent to SHOW DOT1X SUPPLICANT INTERFACE Command on page 958 An example is shown in Figure 161 Figure 161 SHOW AUTH MAC SUPPLICANT INTERFACE Command Example This example displays the supplic...

Page 955: ...ss control is enabled or disabled on the switch and the IP addresses of the RADIUS servers An example is shown in Figure 162 Figure 162 SHOW DOT1X Command Example This example displays the status of t...

Page 956: ...ays an example of the information Figure 163 SHOW DOT1X INTERFACE Command Example The example displays the authenticator parameter settings for ports 1 0 1 to 1 0 4 awplus enable awplus show dot1x int...

Page 957: ...xample is shown in Figure 164 Figure 164 SHOW DOT1X STATISTICS INTERFACE Command Example This example displays the EAP packet statistics for authenticator port 1 0 7 awplus enable awplus show dot1x st...

Page 958: ...s equivalent to SHOW AUTH MAC SUPPLICANT INTERFACE Command on page 954 An example is shown in Figure 165 Figure 165 SHOW DOT1X SUPPLICANT INTERFACE Command Interface port1 0 3 authenticationMethod dot...

Page 959: ...ch Command Line User s Guide 959 Example This example displays the supplicant state of the authentication mode on ports 1 0 21 to 1 0 23 awplus enable awplus show dot1x supplicant interface port1 0 21...

Page 960: ...Chapter 61 802 1x Port based Network Access Control Commands 960...

Page 961: ...Simple Network Management Protocols This section contains the following chapters Chapter 62 SNMPv1 and SNMPv2c on page 963 Chapter 63 SNMPv1 and SNMPv2c Commands on page 975 Chapter 64 SNMPv3 Command...

Page 962: ...962...

Page 963: ...on page 964 Enabling SNMPv1 and SNMPv2c on page 966 Creating Community Strings on page 967 Adding or Removing IP Addresses of Trap or Inform Receivers on page 968 Deleting Community Strings on page 9...

Page 964: ...onto your SNMP management workstation The MIBs are available from the Allied Telesis web site at www alliedtelesis com A community string must be assigned an access level The levels are Read and Read...

Page 965: ...o specify the format in which the switch should send the messages The format can be either SNMPv1 or SNMPv2c For inform messages the format is always SNMPv2c For instructions refer to Adding or Removi...

Page 966: ...parameters The switch begins to send trap and inform messages to the receivers and permits remote management from SNMP workstations as soon as you enter the command This assumes of course you have alr...

Page 967: ...ame of the new string It can be up to 15 alphanumeric characters and special characters such as and is case sensitive Spaces are not allowed The RW and RO options define the access levels of new commu...

Page 968: ...essages The switch can send trap messages in either SNMPv1 or SNMPv2c format Inform messages can only be sent in SNMPv2c format Note SNMP must be activated on the switch for you to add trap or inform...

Page 969: ...awplus configure terminal awplus config snmp server host 143 154 76 17 informs version 2c st_bldg2 To remove IP addresses of trap or inform receivers from community strings use the NO form of the com...

Page 970: ...no snmp server community community You can delete only one community string at a time with the command which is found in the Global Configuration mode The COMMUNITY parameter is case sensitive This e...

Page 971: ...ch use the NO SNMP SERVER command You cannot remotely manage the switch with an SNMP application when SNMP is disabled Furthermore the switch stops transmitting trap and inform messages to your SNMP a...

Page 972: ...he information that the command provides for each community string includes the community name and the access level of read write or read only There is also a view field which for community strings cr...

Page 973: ...8 SHOW RUNNING CONFIG SNMP Command snmp server no snmp server enable trap auth snmp server community sw12eng1 rw snmp server community sw12eng1limit rw snmp server community westplnm7 ro snmp server c...

Page 974: ...Chapter 62 SNMPv1 and SNMPv2c 974...

Page 975: ...80 Global Configuration Disables the transmission of SNMP authentication traps NO SNMP SERVER HOST on page 981 Global Configuration Removes the IP addresses of trap and inform receivers from the commu...

Page 976: ...status and authentication traps which are activated separately SNMP SERVER ENABLE TRAP AUTH on page 993 Global Configuration Activates the transmission of SNMP authentication traps SNMP SERVER HOST on...

Page 977: ...SNMPv1 SNMPv2c and SNMPv3 on the switch The switch does not permit remote management from SNMP applications when SNMP is disabled It also does not send SNMP trap or inform messages Confirmation Comman...

Page 978: ...gs from the switch Deleting community strings with this command also deletes any IP addresses of SNMP trap or inform receivers assigned to the community strings You can delete only one community strin...

Page 979: ...to disable the transmission of SNMP traps except for the link status and authentication traps which are disabled separately Confirmation Command SHOW RUNNING CONFIG SNMP on page 985 Example This exam...

Page 980: ...meters None Mode Global Configuration mode Description Use this command to disable the transmission of SNMP traps Confirmation Command SHOW RUNNING CONFIG SNMP on page 985 Example This example disable...

Page 981: ...ceiver You can specify only 2c when you are deleting the IP address of an inform message receiver community_string Specifies the SNMP community string to which the IP address of the trap or inform rec...

Page 982: ...ivate This example removes the IPv4 address 171 42 182 102 of a trap receiver from the community string station12a awplus enable awplus configure terminal awplus config no snmp server host 115 124 187...

Page 983: ...cifies the OID of the view Mode Global Configuration mode Description Use this command to delete SNMP views You can delete just one view at a time with this command Confirmation Command SHOW SNMP SERV...

Page 984: ...ssion of SNMP link status notifications traps when ports establish links linkUp or lose links linkDown to network devices Confirmation Command SHOW INTERFACE on page 221 Example This example disables...

Page 985: ...ample displays the SNMPv1 and SNMPv2c community strings and the IP addresses of trap and inform receivers awplus show running config snmp snmp server no snmp server enable trap auth snmp server commun...

Page 986: ...tch You can remotely manage the switch with SNMPv1 or v2c when the server is enabled Remote management is not possible when the server is disabled To activate or deactivate SNMP refer to SNMP SERVER o...

Page 987: ...Table 89 SHOW SNMP SERVER COMMUNITY Command Parameter Description Community Name The community string Access The access level of the community string The possible access levels are Read Write and Rea...

Page 988: ...Chapter 63 SNMPv1 and SNMPv2c Commands 988 Example This example displays the SNMPv1 and SNMPv2c community strings awplus show snmp server community...

Page 989: ...P SERVER VIEW Command The fields in the entries are described in Table 90 Example This example displays the SNMPv1 and SNMPv2c views on the switch awplus show snmp server view Table 90 SHOW SNMP SERVE...

Page 990: ...1 SNMPv2c and SNMPv3 on the switch The switch permits remote management from SNMP applications when SNMP is enabled The switch also sends SNMP messages to trap and inform receivers Confirmation Comman...

Page 991: ...ifies the access level of a new community string of read write RW or read only RO Mode Global Configuration mode Description Use this command to create new SNMPv1 and SNMPv2c community strings on the...

Page 992: ...e transmission of all SNMP traps except for power inline link status and authentication traps which are activated separately Confirmation Command SHOW RUNNING CONFIG SNMP on page 985 Example This exam...

Page 993: ...l Configuration mode Description Use this command to activate the transmission of SNMP authentication failure traps Confirmation Command SHOW RUNNING CONFIG on page 158 Example This example activates...

Page 994: ...MPv1 1 or SNMPv2c 2c For inform messages the format must be SNMPv2c 2c community Specifies an SNMP community string This parameter is case sensitive Mode Global Configuration mode Description Use this...

Page 995: ...gns the IPv4 address 152 34 32 18 as a trap receiver to the community string tlpaac78 The traps are sent in the SNMPv1 format awplus enable awplus configure terminal awplus config snmp server host 152...

Page 996: ...the part of the MIB tree specified by the OID Mode Global Configuration mode Description Use this command to create SNMPv1 and SNMPv2c views on the switch Views are used to restrict the MIB objects th...

Page 997: ...new view AlliedTelesis that limits the available MIB objects to those in the OID 1 3 6 1 4 1 207 awplus enable awplus configure terminal awplus config snmp server view AlliedTelesis 1 3 6 1 excluded...

Page 998: ...notifications traps when ports establish links linkUp or lose links linkDown to network devices Confirmation Command SHOW INTERFACE on page 221 Example This example configures the switch to transmit l...

Page 999: ...MP SERVER USER on page 1006 Global Configuration Deletes SNMPv3 users from the switch NO SNMP SERVER VIEW on page 1007 Global Configuration Deletes SNMPv3 views from the switch SHOW SNMP SERVER on pag...

Page 1000: ...MPv3 groups SNMP SERVER HOST on page 1017 Global Configuration Creates SNMPv3 host entries SNMP SERVER USER on page 1019 Global Configuration Creates SNMPv3 users SNMP SERVER VIEW on page 1021 Global...

Page 1001: ...SNMPv1 SNMPv2c and SNMPv3 on the switch The switch does not permit remote management from SNMP applications when SNMP is disabled It also does not send SNMP trap or inform messages Confirmation Comman...

Page 1002: ...Global Configuration mode Description Use this command to return the SNMP engine ID value to the default value Confirmation Command SHOW SNMP SERVER on page 1008 Example This example returns the SNMP...

Page 1003: ...be deleted The options are auth Indicates authentication but no privacy noauth Indicates no authentication or privacy priv Indicates authentication and privacy Mode Global Configuration mode Descript...

Page 1004: ...The options are informs Sends inform messages trap Sends trap messages noauth auth priv Specifies the minimum security level of the user associated with this entry The options are noauth Indicates no...

Page 1005: ...1005 Example This example deletes the host entry with the IPv4 address 187 87 165 12 The user name associated with this entry is jones awplus enable awplus configure terminal awplus config snmp serve...

Page 1006: ...h The name is case sensitive Mode Global Configuration mode Description Use this command to delete SNMPv3 users You can delete just one user at a time with this command Confirmation Command SHOW SNMP...

Page 1007: ...ase sensitive OID Specifies the OID of the subtree of the view to be deleted Mode Global Configuration mode Description Use this command to delete SNMPv3 views from the switch Confirmation Command SHO...

Page 1008: ...u can remotely manage the switch with SNMPv1 or v2c when the server is enabled Remote management is not possible when the server is disabled To activate or deactivate SNMP refer to SNMP SERVER on page...

Page 1009: ...de 1009 SHOW SNMP SERVER GROUP Syntax show snmp server group Parameters None Mode Privileged Exec mode Description Use this command to display the SNMPv3 groups Example This example displays the SNMPv...

Page 1010: ...SNMP SERVER HOST Syntax show snmp server host Parameters None Mode Privileged Exec mode Description Use this command to display the SNMPv3 host entries Example This example displays the SNMPv3 host e...

Page 1011: ...uide 1011 SHOW SNMP SERVER USER Syntax show snmp server user Parameters None Mode Privileged Exec mode Description Use this command to display the SNMPv3 users Example This example displays the SNMPv3...

Page 1012: ...SERVER VIEW Syntax show snmp server view Parameter None Mode Privileged Exec mode Description Use this command to display the SNMPv3 views on the switch Example This example displays the SNMPv3 views...

Page 1013: ...MPv2c and SNMPv3 on the switch The switch permits remote management from SNMP applications when SNMP is enabled The switch also sends SNMP messages to trap and inform receivers Confirmation Command SH...

Page 1014: ...figure the SNMPv3 engine ID Note Changing the SNMPv3 engine ID from its default value is not recommended because the SNMP server on the switch may fail to operate properly Confirmation Command SHOW SN...

Page 1015: ...privacy noauth Indicates no authentication or privacy priv Indicates authentication and privacy readview Specifies the name of an existing SNMPv3 view that specifies the MIB objects the members of the...

Page 1016: ...s a group called swengineering with a minimum security level of authentication and privacy The group has the read view internet and the write view ATI awplus enable awplus configure terminal awplus co...

Page 1017: ...message the switch sends The options are informs Sends inform messages traps Sends trap messages noauth auth priv Specifies the minimum security level of the user associated with this entry The optio...

Page 1018: ...gures SNMPv3 to send trap messages to an end node with the IPv4 address 149 157 192 12 The user name associated with this entry is sthompson awplus enable awplus configure terminal awplus config snmp...

Page 1019: ...gest Algorithms authentication protocol sha The SHA Secure Hash Algorithms authentication protocol auth_password Specifies a password for authentication A password can have up to 40 alphanumeric and o...

Page 1020: ...plus enable awplus configure terminal awplus config snmp server user dcraig This example creates the user bjones The user is assigned authentication using SHA and the authentication password as11fir T...

Page 1021: ...MIB tree specified by the OID included Permits access to the part of the MIB tree specified by the OID Mode Global Configuration mode Description Use this command to create SNMPv3 views on the switch...

Page 1022: ...ew AlliedTelesis that limits the available MIB objects to those in the OID 1 3 6 1 4 1 207 awplus enable awplus configure terminal awplus config snmp server view AlliedTelesis 1 3 6 1 excluded awplus...

Page 1023: ...1049 Chapter 68 LLDP and LLDP MED Commands on page 1081 Chapter 69 Address Resolution Protocol ARP on page 1141 Chapter 70 Address Resolution Protocol ARP Commands on page 1147 Chapter 71 RMON on pag...

Page 1024: ...1024...

Page 1025: ...ing topics Overview on page 1026 Configuring the sFlow Agent on page 1028 Configuring the Ports on page 1029 Enabling the sFlow Agent on page 1031 Disabling the sFlow Agent on page 1032 Displaying the...

Page 1026: ...defines the average number of ingress packets from which the agent samples one packet For example a sampling rate of 1000 on a port prompts the agent to send one packet from an average of 1000 ingres...

Page 1027: ...depending on its internal dynamics may send the information to the collector before five minutes have actually elapsed Guidelines Here are the guidelines to the sFlow agent You can specify just one s...

Page 1028: ...dress port udp_port The IPADDRESS parameter specifies the IP address of the collector and the UDP_PORT parameter its UDP port This example specifies the IP address of the sFlow collector as 154 122 11...

Page 1029: ...can have different rates The packet sampling rate is controlled with the SFLOW SAMPLING RATE command in the Port Interface mode Here is the format of the command sflow sampling rate value The VALUE pa...

Page 1030: ...st one polling rate but different ports can have different settings The command to set this value is the SFLOW POLLING INTERVAL command in the Port Interface mode Here is the format of the command sfl...

Page 1031: ...sflow enable This command assumes that you have already performed these steps Added the IP address of the collector to the sFlow agent with the SFLOW COLLECTOR IP command Used the SFLOW SAMPLING RATE...

Page 1032: ...t from collecting performance data on the ports on the switch and from sending the data to the collector on your network use the NO SFLOW ENABLE command in the Global Configuration mode Here is the co...

Page 1033: ...in the Global Configuration mode Here is the command awplus config show sflow Here is an example of the display Figure 174 SHOW SFLOW Command The fields are described in Table 93 on page 1047 Number o...

Page 1034: ...the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config sflow collector ip 152 232 56 11 port 6342 Use the SFLOW COLLECTO...

Page 1035: ...utes 1800 seconds before sending performance data for that particular port awplus config if sflow sampling rate 50000 Use the SFLOW SAMPLING RATE command to set the sampling rate of the ports to 1 pac...

Page 1036: ...Chapter 65 sFlow Agent 1036...

Page 1037: ...collectors on your network to the sFlow agent on the switch SFLOW ENABLE on page 1041 Global Configuration Activates the sFlow agent on the switch SFLOW POLLING INTERVAL on page 1042 Port Interface Se...

Page 1038: ...ector Mode Global Configuration mode Description Use this command to delete the IP address of an sFlow collector from the switch Confirmation Command SHOW SFLOW on page 1046 Example This example delet...

Page 1039: ...on mode Description Use this command to disable the sFlow agent to stop the switch from transmitting sample and counter data to the sFlow collector on your network Confirmation Command SHOW SFLOW on p...

Page 1040: ...sFlow collector on your network The packet sampling data and the packet counters from the ports are sent by the switch to the specified collector You can specify just one collector If the IP address o...

Page 1041: ...Flow agent on the switch The switch uses the agent to gather packet sampling data and packet counters from the designated ports and to transmit the data to the sFlow collector on your network Confirma...

Page 1042: ...ed between successive pollings of the packet counters on the ports by the sFlow agent The ports can have different polling intervals To remove sFlow monitoring from a port enter the NO form of this co...

Page 1043: ...Line User s Guide 1043 This example removes sFlow monitoring on port 21 using the NO form of the command awplus enable awplus configure terminal awplus config interface port1 0 21 awplus config if no...

Page 1044: ...sFlow collector For example a sample rate of 700 on a port means that one sample packet is taken for every 700 ingress packets The ports can have different sampling rates To disable packet sampling on...

Page 1045: ...000 Switch Command Line User s Guide 1045 This example disables packet sampling on port 7 awplus enable awplus configure terminal awplus config interface port1 0 7 awplus config if no sflow sampling r...

Page 1046: ...agent on the switch The command displays the same information with or without the DATABASE keyword Here is an example of the information Figure 175 SHOW SFLOW Command Number of Collectors 1 Collector_...

Page 1047: ...ured to be sampled or polled Port The port number Sample rate The rate of ingress packet sampling on the port For example a rate of 500 means that one in every 500 packets is sent to the designated co...

Page 1048: ...Chapter 66 sFlow Agent Commands 1048 Example This example displays the settings of the sFlow agent awplus enable awplus show sflow...

Page 1049: ...ing Ports to Send LLDP MED Civic Location TLVs on page 1062 Configuring Ports to Send LLDP MED Coordinate Location TLVs on page 1065 Configuring Ports to Send LLDP MED ELIN Location TLVs on page 1069...

Page 1050: ...transmitted in LLDP advertisements flows in one direction only from one device to its neighbors and the communication ends there Transmitted advertisements do not solicit responses and received advert...

Page 1051: ...that transmitted the advertisements Time to Live TTL The length of time in seconds for which the information received in the advertisements remains valid If the value is greater than zero the informat...

Page 1052: ...s The names of the VLANs in which the transmitting port is either an untagged or tagged member Protocol IDs List of protocols that are accessible through the port for instance 9000 Loopback 0026424203...

Page 1053: ...is connected to a port Otherwise LLDP MED TLVs are not transmitted Note The switch is not an LLDP MED activated device The switch while capable of transmitting LLDP MED TLVs to other devices cannot p...

Page 1054: ...this switch this advertises the power that the port can supply over a maximum length cable based on its current configuration that is it takes into account power losses over the cable In TLVs received...

Page 1055: ...transmit advertisements from those ports that are configured to send TLVs and begins to populate its neighbor information table as advertisements from the neighbors arrive on the ports The command doe...

Page 1056: ...ports do not receive any advertisements from the switch because the ports do not send any TLVs awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal...

Page 1057: ...the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config interface port1 0 16 port1 0 20 Enter the Port Interface mode for ports 16 to 20 awplus config if l...

Page 1058: ...ry TLVs port description link aggregation mac phy config Table 97 Optional LLDP TLVs Summary TLV Designator Description port description Port description system name System name system description Sys...

Page 1059: ...wplus config if no lldp tlv select all Remove all optional LLDP TLVs from the ports with the NO LLDP TLV SELECT command awplus config if no lldp med tlv select all Remove all optional LLDP MED TLVs fr...

Page 1060: ...ivileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config interface port1 0 3 port1 0 4 Enter the Port Interface mode for ports 3...

Page 1061: ...AT 9000 Switch Command Line User s Guide 1061 awplus show lldp interface port1 0 3 port1 0 4 Use the SHOW LLDP INTERFACE command to confirm the configuration...

Page 1062: ...witch and then configure the ports to send it as their civic location TLV Here are the main steps to creating civic location TLVs 1 Starting in the Global Configuration mode use the LOCATION CIVIC LOC...

Page 1063: ...he location entry seat cube 411a state CA street suffix Blvd unit A11 Table 98 Abbreviated List of LLDP MED Civic Location Entry Parameters Parameter Example awplus enable Enter the Privileged Executi...

Page 1064: ...ode for port 14 awplus config if lldp transmit receive Configure the port to send and receive LLDP advertisements awplus config if lldp location civic location id 8 Use the LLDP LOCATION command to ad...

Page 1065: ...imal degrees The range is 90 0 to 90 0 The parameter accepts up to eight digits to the right of the decimal point lat resolution Latitude resolution as the number of valid bits The range is 0 to 34 lo...

Page 1066: ...ntry are ID number 16 Latitude 37 29153547 Longitude 121 91528320 Datum nad83 navd Altitude 10 25 meters The example is assigned to port 15 The first series of commands creates the coordinate location...

Page 1067: ...the parameter commands to define the entry awplus config_coord exit Return to the Global Configuration mode awplus config exit Return to the Privileged Exec mode awplus show location coord location i...

Page 1068: ...s show lldp interface port1 0 15 Use the SHOW LLDP INTERFACE command to confirm the port is configured to send the location entry ID Element Type Element Value 16 Latitude Resolution 12 bits Latitude...

Page 1069: ...TLV SELECT command to configure the ports to send the TLV in their advertisements Here is an example of how to create an ELIN location entry and apply it to a port The specifications of the entry are...

Page 1070: ...us config if lldp location elin location id 3 Use the LLDP LOCATION command to add the ELIN location entry ID number 3 to the port awplus config if lldp med tlv select location Use the LLDP MED TLV SE...

Page 1071: ...s ports 4 and 5 from including the system capabilities and the management address TLVs in their advertisements awplus enable awplus configure terminal awplus config interface port1 0 4 port1 0 5 awplu...

Page 1072: ...in the Port Interface mode This example stops ports 6 and 11 from sending the location and inventory management TLVs in their advertisements awplus enable awplus configure terminal awplus config inte...

Page 1073: ...y one entry at a time and must include both the type and the ID number of the location entry to be deleted This example deletes the civic location ID 22 awplus enable awplus configure terminal awplus...

Page 1074: ...NO LLDP RUN command in the Global Configuration mode The command has no parameters After the protocols are disabled the switch neither sends advertisements to nor collects information from its neighb...

Page 1075: ...is an example of the information Figure 176 SHOW LLDP Command The fields are defined in Table 104 on page 1121 LLDP Global Configuration Default Values LLDP Status Enabled Disabled Notification Interv...

Page 1076: ...ns RC LLDP Remote Tables Change TC LLDP MED Topology Change TLV Abbreviations Base Pd Port Description Sn System Name Sd System Description Sc System Capabilities Ma Management Address 802 1 Pv Port V...

Page 1077: ...e summary information The fields are defined in Table 106 on page 1132 To view all the neighbor information use the SHOW LLDP NEIGHBORS DETAIL command The command has this format show lldp neighbors d...

Page 1078: ...e information the switch has received from all the neighbors awplus enable awplus clear lldp table This example clears the information the switch has received from the neighbor connected to port 11 aw...

Page 1079: ...fter you have configured the ports or if you believe that ports are not sending the correct information The command has this format show lldp local info interface port To view the TLVs on all the port...

Page 1080: ...ics for individual ports use this command show lldp statistics interface port You can view the statistics of more than one port at a time as demonstrated in this example which displays the LLDP statis...

Page 1081: ...the neighbors LLDP LOCATION on page 1087 Port Interface Adds LLDP MED location information to the ports on the switch LLDP MANAGEMENT ADDRESS on page 1089 Port Interface Replaces the default managemen...

Page 1082: ...and or accept LLDP and LLDP MED advertisements from their neighbors LLDP TX DELAY on page 1104 Global Configuration Sets the value of the transmission delay timer which is the minimum time interval be...

Page 1083: ...E on page 1123 Privileged Exec Displays the LLDP port settings SHOW LLDP LOCAL INFO INTERFACE on page 1125 Privileged Exec Displays the current configurations of the LLDP advertisements that the ports...

Page 1084: ...pecifies all the ports Mode Privileged Exec mode Description Use this command to clear the LLDP statistics packet and event counters on the ports You can delete the statistics from all ports or from s...

Page 1085: ...o clear the LLDP and LLDP MED information the switch has received from its neighbors You can delete all the information the switch has amassed or only the information from neighbors on selected ports...

Page 1086: ...ode Description Use this command to set the holdtime multiplier value The transmit interval is multiplied by the holdtime multiplier to give the Time To Live TTL the switch advertises to the neighbors...

Page 1087: ...e Port Interface mode Description Use this command to add LLDP MED location information to the ports on the switch The same command is used to add civic coordinate and ELIN locations The specified loc...

Page 1088: ...ldp location coord location id 11 This example adds the ELIN location ID 27 to port 21 awplus enable awplus configure terminal awplus config interface port1 0 21 awplus config_if lldp location elin lo...

Page 1089: ...esent Here are the possible default values for a port A port that belongs to the same VLAN as the management IP address uses the address as its TLV default value A port that belongs to a VLAN that doe...

Page 1090: ...t IP address TLV awplus enable awplus configure terminal awplus config interface port1 0 2 awplus config if lldp management address 149 122 54 2 This example returns the management IP address TLV on p...

Page 1091: ...ected from the specified ports To prevent the switch from transmitting topology change notifications refer to NO LLDP NOTIFICATIONS on page 1115 Confirmation Command SHOW LLDP INTERFACE on page 1123 E...

Page 1092: ...ecifies the extended power via MDI TLV inventory management Specifies the inventory management TLV all Configures a port to send all LLDP MED TLVs Mode Port Interface mode Description Use this command...

Page 1093: ...e terminal awplus config interface port1 0 3 port1 0 8 awplus config if lldp med tlv select inventory management This example configures port 2 to send the capabilities and the location TLVs to its ne...

Page 1094: ...he NO form of this command to configure the switch to accept only advertisements with TLVs that adhere to the correct order Advertisements in which the TLVs are not in the standard order are discarded...

Page 1095: ...d LLDP SNMP notifications traps To prevent ports from transmitting LLDP SNMP notifications refer to NO LLDP NOTIFICATIONS on page 1115 Confirmation Command SHOW LLDP INTERFACE on page 1123 Example Thi...

Page 1096: ...e is 5 to 3600 seconds Mode Global Configuration mode Description Use this command to set the notification interval This is the minimum interval between LLDP SNMP notifications traps Confirmation Comm...

Page 1097: ...lobal Configuration mode Description Use this command to set the re initialization delay This is the number of seconds that must elapse after LLDP is disabled on a port before it can be re initialized...

Page 1098: ...iption Use this command to activate LLDP on the switch Once you have activated LLDP the switch begins to transmit and accept advertisements on its ports To deactivate LLDP refer to NO LLDP RUN on page...

Page 1099: ...Use this command to set the transmit interval This is the interval between regular transmissions of LLDP advertisements The transmit interval must be at least four times the transmission delay timer...

Page 1100: ...select all the TLVs use the ALL option The optional TLVs are listed in Table 101 Table 101 Optional TLVs TLV Description all Sends all optional TLVs link aggregation Advertises link aggregation value...

Page 1101: ...ort is an untagged member power management Transmits Power over Ethernet PoE information protocol ids Transmits the protocols that are accessible through the port system capabilities The device s func...

Page 1102: ...port1 0 5 awplus config if lldp tlv select all This example configures ports 14 and 22 to transmit the optional LLDP port description port vlan and system description TLVs awplus enable awplus configu...

Page 1103: ...any optional LLDP TLVs they have been configured to send Ports configured to receive LLDP advertisements accept all advertisements from their neighbors Confirmation Command SHOW LLDP INTERFACE on pag...

Page 1104: ...timer This is the minimum time interval between transmissions of LLDP advertisements due to a change in LLDP local information The transmission delay timer cannot be greater than a quarter of the tran...

Page 1105: ...nfiguration mode Description Use this command to create or modify LLDP MED civic location entries on the switch This command moves you to the Civic Location mode which contains the parameters you use...

Page 1106: ...parameters in a single location entry To remove parameters from a location entry use the NO forms of the parameter commands for example NO UNIT leading street direction West name J Smith neighborhood...

Page 1107: ...ig location civic location identifier 5 awplus config_civic country US awplus config_civic city San Jose awplus config_civic state CA awplus config_civic building 100 awplus config_civic primary road...

Page 1108: ...ommand moves you to the Coordinate Location mode which contains the parameters you use to define the entries The parameters are listed in Table 103 Table 103 LLDP MED Coordinate Location Entry Paramet...

Page 1109: ...ter must be specified between the two keywords as shown here altitude n floors altitude meters Altitude in meters The range is 2097151 0 to 2097151 0 meters The parameter accepts up to eight digits to...

Page 1110: ...ation identifier 16 awplus config_coord latitude 37 29153547 awplus config_coord longitude 121 91528320 awplus config_coord datum nad83 navd awplus config_coord altitude 10 25 meters awplus config_coo...

Page 1111: ...ne ID number Mode Global Configuration mode Description Use this command to create or modify LLDP MED ELIN location entries on the switch To create a new ELIN TLV specify an unused ID number To modify...

Page 1112: ...pology change notifications when devices are connected to or disconnected from the specified ports Confirmation Command SHOW LLDP INTERFACE on page 1123 Example This example configures the switch not...

Page 1113: ...the location identification TLV power management ext Specifies the extended power via MDI TLV inventory management Specifies the inventory management TLV all Configures a port to stop sending all LLD...

Page 1114: ...nfig interface port1 0 8 awplus config if no lldp med tlv select all This example stops ports 2 and 16 from transmitting the LLDP MED capabilities and network policy TLVs awplus enable awplus configur...

Page 1115: ...de Description Use this command to prevent ports from sending LLDP SNMP notifications traps Confirmation Command SHOW LLDP INTERFACE on page 1123 Example This example prevents port 14 from transmittin...

Page 1116: ...and LLDP MED on the switch The switch when LLDP and LLDP MED are disabled neither sends advertisements to nor collects information from its neighbors The LLDP settings are retained by the switch Confi...

Page 1117: ...01 on page 1100 To stop ports from transmitting LLDP MED TLVs refer to NO LLDP MED TLV SELECT on page 1113 Confirmation Command SHOW LLDP INTERFACE on page 1123 Examples This example configures ports...

Page 1118: ...g and or accepting LLDP and LLDP MED advertisements to or from their neighbors Confirmation Command SHOW LLDP INTERFACE on page 1123 Examples This example stops port 12 from transmitting or receiving...

Page 1119: ...a time Mode Global Configuration mode Description Use this command to delete LLDP MED location entries from the switch The same command is used to remove civic locations coordinate locations and ELIN...

Page 1120: ...LDP and LLDP MED Commands 1120 This example removes the ELIN location IDs 3 and 4 awplus enable awplus configure terminal awplus config no location elin location id 3 awplus config no location elin lo...

Page 1121: ...LLDP is enabled or disabled on the switch Notification Interval Minimum interval between LLDP notifications Tx Timer Interval Transmit interval between regular transmissions of LLDP advertisements LLD...

Page 1122: ...lay The re initialization delay This is the minimum time that must elapse after LLDP has been disabled before it can be initialized again Tx Delay The transmission delay This is the minimum time inter...

Page 1123: ...Change TLV Abbreviations Base Pd Port Description Sn System Name Sd System Description Sc System Capabilities Ma Management Address 802 1 Pv Port VLAN ID Pp Port And Protocol VLAN ID Vn VLAN Name Pi...

Page 1124: ...ds 1124 Examples This example displays the LLDP settings for all the ports on the switch awplus show lldp interface This example displays the LLDP settings for ports 5 6 and 11 awplus show lldp interf...

Page 1125: ...ve not established links with their LLDP counterparts cannot be displayed with this command See Figure 181 and Figure 182 on page 1126 Figure 181 SHOW LLDP LOCAL INFO INTERFACE Command LLDP Local Info...

Page 1126: ...ower Via MDI PoE Not Supported Link Aggregation Supported Disabled Maximum Frame Size 1522 Octets LLDP MED Device Type Network Connectivity LLDP MED Capabilities LLDP MED Capabilities Network Policy L...

Page 1127: ...Neighbor Information Neighbors table last updated 0 hrs 0 mins 20 secs ago Chassis ID Type MAC address Chassis ID 0015 77d8 4360 Port ID Type Port component Port ID port1 0 25 TTL 120 secs Port Descri...

Page 1128: ...mware Revision v1 0 0 Software Revision v1 0 0 Serial Number A04161H09020007 Manufacturer Name ATI Model Name AT 9000 52 Asset ID not advertised Table 105 SHOW LLDP NEIGHBORS DETAIL Command Parameter...

Page 1129: ...and duplex mode of the port and whether the port was configured with Auto Negotiation Advertised Capability The auto negotiation port capabilities including 1000BaseTDF 100BaseTXFD 100BaseTX 10BaseTFD...

Page 1130: ...k ID VID Layer 2 Priority Layer 2 user priority is in the range of 0 to 7 DSCP Value Indicates a DSCP priority level The range is 0 to 63 A level of 0 is the lowest priority and a level of 63 is the h...

Page 1131: ...This example displays the information from all of the neighbors that are connected to ports 1 and 4 awplus show lldp neighbors interface port1 0 1 port1 0 4 Manufacturer Name The name of the company t...

Page 1132: ...ained in Table 106 Total number of neighbors on these ports 1 System Capability Codes O Other P Repeater B Bridge W WLAN Access Point R Router T Telephone C DOCSIS Cable Device S Station Only LLDP MED...

Page 1133: ...s a summary of the information from the neighbors connected to ports 1 and 4 awplus show lldp neighbors interface port1 0 1 port1 0 4 Neighbor Port Name The number of the neighbor s port that sent the...

Page 1134: ...on the command displays is explained in Table 107 Table 107 SHOW LLDP STATISTICS Command Statistic Description Frame Out Number of LLDPDU frames transmitted Frame In Number of LLDPDU frames received F...

Page 1135: ...ighbors has been inserted into the neighbor table Neighbors Deleted Entries Number of times the information advertised by neighbors has been removed from the neighbor table Neighbors Dropped Entries N...

Page 1136: ...e 187 SHOW LLDP STATISTICS INTERFACE Command The information the command displays is explained in Table 108 Table 108 SHOW LLDP STATISTICS INTERFACE Command Statistic Description Frame Out Number of L...

Page 1137: ...he port Neighbors New Entries Number of times the information advertised by the neighbor on the port has been inserted into the neighbor table Neighbors Deleted Entries Number of times the information...

Page 1138: ...splay the civic coordinate or ELIN location entries on the switch Here is an example of a civic location entry Figure 188 SHOW LOCATION Command for a Civic Location The information the command display...

Page 1139: ...e coordinate location entries awplus show location coord location The following example displays only coordinate location entry 16 awplus show location coord location identifier 16 The following examp...

Page 1140: ...Chapter 68 LLDP and LLDP MED Commands 1140...

Page 1141: ...ss Resolution Protocol ARP This chapter contains the following topics Overview on page 1142 Adding Static ARP Entries on page 1143 Deleting Static and Dynamic ARP Entries on page 1144 Displaying the A...

Page 1142: ...ulate the ARP table in the cache These are called dynamic ARP entries Dynamic ARP entries are updated in two ways During regular operations When a node receives frames from the media it records the so...

Page 1143: ...tes statically you can reduce ARP broadcasting requests To add a static ARP entry use the ARP command in the Global Configuration mode Here is the format of the command arp ipaddress macaddress port_n...

Page 1144: ...once The following example deletes all of the dynamic ARP entries in the ARP cache awplus enable awplus clear arp cache You can delete one static ARP entry with the NO ARP IP ADDRESS command The foll...

Page 1145: ...arp An example is shown in Figure 189 Figure 189 SHOW ARP Command The fields are described in Table 112 on page 1152 IP ARP ARP Cache Timeout 300 seconds Total ARP Entries 215 IP Address MAC Address...

Page 1146: ...Chapter 69 Address Resolution Protocol ARP 1146...

Page 1147: ...on page 1148 Global Configuration Adds static ARP entries to the ARP cache CLEAR ARP CACHE on page 1150 User Exec and Privileged Exec Deletes all dynamic ARP entries from the ARP cache NO ARP IP ADDR...

Page 1148: ...P address Mode Global Configuration mode Description Use this command to add the static ARP entry of a host to the ARP cache The ARP entry must not already exist in the ARP cache The switch can suppor...

Page 1149: ...de 1149 Example The following example creates an ARP entry for the IP address 192 168 1 3 and the MAC address 7a 54 2b 11 65 72 on port 25 awplus enable awplus configure terminal awplus config arp 192...

Page 1150: ...es User Exec mode and Privileged Exec mode Description Use this command to delete all dynamic ARP entries from the ARP cache on the switch Confirmation Command SHOW ARP on page 1152 Example The follow...

Page 1151: ...tion Use this command to delete a static ARP entry from the ARP cache Static ARP entries do not expire and you must remove them manually This command can delete only one ARP entry at a time Confirmati...

Page 1152: ...ble are described in Table 112 IP ARP ARP Cache Timeout 300 seconds Total ARP Entries 2 IP Address MAC Address Interface Port Type 10 0 0 1 eccd 6d41 9e57 vlan1 port1 0 10 Dynamic 10 0 0 150 000c 2957...

Page 1153: ...rp Type Indicates the type of entry The type is one of the following Static Static entry added with the ARP IP ADDRESS MAC ADDRESS command Dynamic Dynamic entry learned from ARP request reply exchange...

Page 1154: ...Chapter 70 Address Resolution Protocol ARP Commands 1154...

Page 1155: ...1155 Chapter 71 RMON This chapter contains the following topics Overview on page 1156 RMON Port Statistics on page 1157 RMON Histories on page 1159 RMON Alarms on page 1162...

Page 1156: ...to identify traffic trends or patterns For instructions refer to RMON Histories on page 1159 Alarm group This group is used to create alarms that trigger event log messages or SNMP traps when statisti...

Page 1157: ...Interface mode Here is the format of the command rmon collection stats stats_id owner owner The STATS_ID parameter is the ID number of the new group The range is 1 to 65535 The groups will be easier...

Page 1158: ...lege Exec mode awplus show rmon statistics Here is an example of the information Figure 191 SHOW RMON STATISTICS Command The fields are described in Table 119 on page 1194 Deleting Statistics Groups T...

Page 1159: ...ups on page 1160 Deleting History Groups on page 1161 Adding History Groups The command for creating history groups is the RMON COLLECTION HISTORY command This command is in the Port Interface mode be...

Page 1160: ...three buckets the switch deletes the first bucket when it adds the fourth bucket To stop a history from gathering any more statistics you must delete it This example configures the switch to take a s...

Page 1161: ...switch The switch stops collecting port statistic histories as soon as you enter the command This example of the command deletes the history group with the ID 2 on port 2 awplus enable awplus configur...

Page 1162: ...Here are the three components that comprise RMON alarms RMON statistics group A port must have an RMON statistics group if it is to have an alarm When you create an alarm you specify the port to whic...

Page 1163: ...er Here is the command to create events that send SNMP traps rmon event event_id trap community_string description description owner owner This command creates events that both send SNMP traps and ent...

Page 1164: ...MIB object names and numbers for use in the OID portion of the variable For the complete list refer to Table 115 on page 1178 The second part of the OID STATS_ID variable is the ID number of the stati...

Page 1165: ...3 6 1 2 1 16 1 1 1 5 The alarm is assigned the ID number 1 and triggers event 3 which enters a message in the event log if the ingress traffic on the port exceeds 20000 packets per minute or falls bel...

Page 1166: ...istics group ID number 22 Interval 60 seconds Rising threshold 20000 packets Rising threshold event 3 Falling threshold 1000 packets Falling threshold event 3 awplus configure terminal Enter the Globa...

Page 1167: ...re are the steps to create the community string assign it the IP addresses of the host nodes and activate SNMP on the switch awplus configure terminal Enter the Global Configuration mode awplus config...

Page 1168: ...ith the SHOW SNMP SERVER command awplus show snmp server community Verify the new community string with the SHOW SNMP SERVER COMMUNITY command awplus show running config Verify the host IP addresses o...

Page 1169: ...the steps to creating the alarm awplus configure terminal Enter the Global Configuration mode awplus config rmon event 2 log trap Station12ap description trap_and_log_event Create the event with the R...

Page 1170: ...Chapter 71 RMON 1170 awplus show rmon alarm Use the SHOW RMON ALARM command to verify the new alarm...

Page 1171: ...ge 1177 Global Configuration Creates alarms to monitor RMON statistics on the ports RMON COLLECTION HISTORY on page 1180 Port Interface Creates history groups on the ports RMON COLLECTION STATS on pag...

Page 1172: ...ivileged Exec Displays the RMON history groups that are assigned to the ports on the switch SHOW RMON STATISTICS on page 1194 Privileged Exec Displays the statistics groups that are assigned to the po...

Page 1173: ...you want to delete You can delete only one alarm at a time The range is 1 to 65535 Mode Global Configuration mode Description Use this command to delete alarms from the switch Confirmation Command SH...

Page 1174: ...ly one group at a time The range is 1 to 65535 Mode Port Interface mode Description Use this command to delete history groups from ports on the switch Confirmation Command SHOW RMON HISTORY on page 11...

Page 1175: ...to delete The range is 1 to 65535 Mode Port Interface mode Description Use this command to delete statistics groups from ports on the switch Confirmation Command SHOW RMON STATISTICS on page 1194 Exam...

Page 1176: ...lete from the switch You can delete only one event at a time The range is 1 to 65535 Mode Global Configuration mode Description Use this command to delete events from the switch Confirmation Command S...

Page 1177: ...more information on the OID and STATS_ID variables refer to Creating RMON Alarms on page 1164 interval Specifies the polling interval in seconds The range is 1 to 65535 seconds delta Specifies that t...

Page 1178: ...OLLECTION STATS on page 1182 The port of an alarm is specified indirectly in the command You use the STATS_ID parameter to specify the ID number of the RMON statistics group you added to the port The...

Page 1179: ...refer to RMON Alarms on page 1162 etherStatsMulticastPkts 1 3 6 1 2 1 16 1 1 1 7 stats_id etherStatsCRCAlignErrors 1 3 6 1 2 1 16 1 1 1 8 stats_id etherStatsUndersizePkts 1 3 6 1 2 1 16 1 1 1 9 stats_...

Page 1180: ...e switch to capture snapshots of the RMON statistics of the ports over time You can view the snapshots with an SNMP program to look for trends or patterns in the numbers or types of ingress packets on...

Page 1181: ...es eight buckets because there are eight fifteen minute intervals in two hours The group is assigned the ID number 1 awplus enable awplus configure terminal awplus config interface port1 0 14 awplus c...

Page 1182: ...ups on the ports of the switch The groups are used to view RMON port statistics from SNMP workstations on your network and to create RMON alarms A port can have only one RMON statistics group and a gr...

Page 1183: ...the event Spaces and special characters are not allowed Mode Global Configuration mode Description Use this command to create events for RMON alarms This type of event enters a message in the event l...

Page 1184: ...xist on the switch description Specifies a description of up to 20 alphanumeric characters for the event Spaces and special characters are not allowed owner Specifies an owner of up to 20 alphanumeric...

Page 1185: ...eates an event for RMON alarms with an ID of 2 a community string of station43a a description of broadcast_packets and an owner named jones awplus enable awplus configure terminal awplus config rmon e...

Page 1186: ...must already exist on the switch description Specifies a description of up to 20 alphanumeric characters for the event Spaces and special characters are not allowed owner Specifies an owner of up to...

Page 1187: ...1187 Example The following example creates an event with an ID of 4 a community string of st_west8 and a description of router_north awplus enable awplus configure terminal awplus config rmon event 4...

Page 1188: ...f the information Figure 193 SHOW RMON ALARM Command Alarm Index 2 Variable etherStatsBroadcastPkts 2 Interval 80 Alarm Type rising and falling Rising Threshold 1000 Event Index 5 Falling Threshold 10...

Page 1189: ...r the port and MIB object Interval The polling interval in seconds Alarm Type The alarm type This is always rising and falling meaning the alarm has both a rising threshold and a falling threshold Ris...

Page 1190: ...17 Event index 2 Description broadcast_packets Event type log trap Event community name wkst12a Last Time Sent 0 Owner Agent Event index 3 Description port24_traffic Event type log Event community nam...

Page 1191: ...message in the event log and sends an SNMP trap Event community name The SNMP community string used to send SNMP traps Last Time Sent The number of seconds the switch had been operating when it last...

Page 1192: ...N HISTORY Command The fields are described in Table 118 Table 118 SHOW RMON HISTORY Command Parameter Description History Index The ID number of the history group History Index 1 Data source ifindex 2...

Page 1193: ...t created the history group Buckets granted The number of buckets allocated by the switch for the history group The value in this field will be less than the value in the buckets requested field if th...

Page 1194: ...ATISTICS Command The fields are described in Table 119 Example awplus show rmon statistics Table 119 SHOW RMON STATISTICS Command Parameter Description Stats Index The ID number of the port statistics...

Page 1195: ...s Overview on page 1196 Creating ACLs on page 1199 Assigning ACLs to Ports on page 1214 Removing ACLs from Ports on page 1217 Restricting Remote Access on page 1219 Unrestricting Remote Access on page...

Page 1196: ...ered IPv4 ACLs and Numbered MAC ACLs are identified by ID numbers The ID number range for Numbered IPv4 ACLs is 3000 to 3699 The ID number range for Numbered MAC ACLs is 4000 to 4699 In addition Numbe...

Page 1197: ...CLs and forward all other traffic A port that has one ACL that specifies a particular source IP address for example discards all ingress packets with the specified source address and forwards all othe...

Page 1198: ...sult you must apply ACLs to the ingress ports of the designated traffic flows ACLs for static port trunks or LACP trunks must be assigned to the individual ports of the trunks Because ports by default...

Page 1199: ...ample on page 1206 Numbered IPv4 ACL with TCP Port Packets Example on page 1207 Numbered IPv4 ACL with UDP Port Packets Example on page 1209 Table 121 ACCESS LIST Commands for Creating Numbered IPv4 A...

Page 1200: ...to forward a subset of packets that are otherwise discarded deny Discards all ingress packets that match the ACL copy to mirror Copies all ingress packets that match the ACL to the destination port o...

Page 1201: ...ed IPv4 ACLs that block all traffic with specified subnets 149 87 201 0 24 and 149 87 202 0 24 If you want a port to forward a subset of packets of a more specific traffic flow you have to create a pe...

Page 1202: ...specified network devices and discard all other ingress traffic The allowed traffic is specified with three permit ACLs Table 124 Creating a Permit ACL Followed by a Deny ACL Example Command Descript...

Page 1203: ...54 32 any Create the three permit ACLs with the ACCESS LIST command awplus config access list 3018 deny ip any any Create the deny ACL awplus config interface port1 0 21 port1 0 22 Move to the Port In...

Page 1204: ...tering criteria of the ACL Here are the possible actions permit Forwards all ingress packets that match the ACL Ports by default accept all ingress packets Consequently a permit ACL Table 126 ACL Filt...

Page 1205: ...The IPv4 address and the mask are separated by a slash for example 149 11 11 0 24 host ipaddress Matches packets with a specified IPv4 address and is an alternative to the IPADRESS MASK variable for a...

Page 1206: ...n port of the mirror port This action must be used together with the port mirror feature explained in Chapter 21 Port Mirror on page 407 The protocol_number parameter specifies a protocol number You c...

Page 1207: ...to 3699 Within this range you can number ACLs in any order The ACTION parameter specifies the action that the port performs on packets matching the filtering criteria of the ACL Here are the possible...

Page 1208: ...r specified by the SRC_TCP_PORT or DST_TCP_PORT parameter The lt parameter matches packets that are less than the TCP port number specified by the SRC_TCP_PORT or DST_TCP_PORT parameter The gt paramet...

Page 1209: ...ackets Consequently a permit ACL is only necessary when you want a port to forward a subset of packets that are otherwise discarded deny Discards all ingress packets that match the ACL copy to mirror...

Page 1210: ...d indicates that the IPv4 address is assigned to a specific end node and that no mask is required The eq parameter matches packets that are equal to the UDP port number specified by the SRC_UDP _PORT...

Page 1211: ...mask dst_mac_address ANY dst_mac_mask The id_number parameter specifies the ID number for the new ACL The range is 4000 to 4699 The ACTION parameter specifies the action that the port performs on pack...

Page 1212: ...0 or F Use a 0 mask to indicate the parts of the MAC address the ACL is to filter Use an F mask for parts of the MAC address the ACL should ignore Note Do not include a mask if you specified ANY as t...

Page 1213: ...nter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config access list 4102 deny any a4 54 86 12 00 00 00 00 00 00 ff f...

Page 1214: ...CLs you must assign the permit ACLs to a port first because ingress packets are compared against the ACLs in the order in which they are added to the ports If you add the deny ACLs first the ports may...

Page 1215: ...tarting with 45 2A B5 ACL 4055 denies all other MAC addresses Then assign both ACLs to port 7 Table 132 Assigning Numbered IPv4 ACLs Command Description awplus enable Enter the Privileged Executive mo...

Page 1216: ...Port Interface mode for port 7 awplus config_if mac access group 4025 Apply the ACL to the port with the ACCESS GROUP command awplus config_if mac access group 4055 Apply the ACL to the port with the...

Page 1217: ...age 1233 With this command you can remove one ACL at a time See Table 134 The following example removes an ACL with an ID number of 3082 from port 15 Removing MAC Address ACLs To remove a MAC ACL from...

Page 1218: ...g MAC Address ACLs Example Command Description awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus confi...

Page 1219: ...g Numbered IP ACLs to VTY Lines on page 1219 Assigning MAC ACLs to VTY Lines on page 1220 Assigning Named IPv4 and IPv6 ACLs to VTY Lines on page 1221 Assigning Numbered IP ACLs to VTY Lines The follo...

Page 1220: ...10 0 0 3 full access to the switch awplus config access list 3001 deny ip any host 10 0 0 20 Creates an ACL with an ID number of 3001 that denies all IP addresses access to the switch awplus config l...

Page 1221: ...10 0 0 7 has remote access to the switch See Table 138 awplus config mac access list 4000 permit ip host 10 0 0 5 host 10 0 0 20 Creates an ACL with an ID number of 4000 that allows IP address 10 0 0...

Page 1222: ...nfig ip acl permit ip host 10 0 0 7 host 10 0 0 20 Allows IP address 10 0 0 7 full access to the switch awplus config ip acl deny ip any host 10 0 0 20 Denies access all IP addresses access to the swi...

Page 1223: ...bnet mask 2001 odb8 a2 64 full access to the switch awplus config ipv6 acl deny ip any host 2001 odb8 a5 64 Denies access all IP addresses access to the switch awplus config ipv6 acl exit Exit the Con...

Page 1224: ...oved from VTY Lines 0 through 9 See Table 140 Table 140 Removing Numbered IP ACLs from VTY Lines Example Command Description awplus enable Enter the Privileged Executive mode from the User Executive m...

Page 1225: ...3018 and 3019 from the switch The following example deletes a MAC ACL with ID number 4415 from the switch Table 141 Deleting Numbered IP ACLs Example 1 Command Description awplus enable Enter the Pri...

Page 1226: ...7 SHOW ACCESS LIST Command As you can see from the example the SHOW ACCESS LIST command does not display which if any ports the ACLs are assigned to To display that information use the SHOW INTERFACE...

Page 1227: ...ACLs assigned to VTY lines Here is the format of the command awplus show running config See Figure 199 for an example of the display that pertains to ACLs assigned to VTY lines For more information a...

Page 1228: ...Chapter 73 Advanced Access Control Lists ACLs 1228...

Page 1229: ...ddresses ACCESS LIST IP on page 1241 Global Configuration Creates ACLs that filter packets based on source and destination IP addresses ACCESS LIST PROTO on page 1245 Global Configuration Creates ACLs...

Page 1230: ...address ACLs from ports on the switch SHOW ACCESS LIST on page 1262 Privileged Exec Displays the ACLs on the switch SHOW INTERFACE ACCESS GROUP on page 1264 Privileged Exec Displays the port assignmen...

Page 1231: ...de Description Use this command to assign an Access Control List to a VTY This is done to restrict the remote access of the switch via Telnet Web SNMP or SSH access You can add one ACL to multiple VTY...

Page 1232: ...lly ACL 3025 is assigned to VTY lines 0 through 9 The result is that IP address 10 0 0 3 has full remote access to the switch All other IP addresses are denied remote access to the switch awplus enabl...

Page 1233: ...signed ACLs This command works for all ACLs except for MAC address ACLs which are added to ports with the MAC ACCESS GROUP command See MAC ACCESS GROUP on page 1258 Note If a port is to have both perm...

Page 1234: ...rt 15 awplus enable awplus configure terminal awplus config interface port1 0 15 awplus config if access group 3022 This example removes an IP ACL with an ID of 3001 from port 7 awplus enable awplus c...

Page 1235: ...n with the port mirror feature explained in Chapter 21 Port Mirror on page 407 src_mac_address Specifies the source MAC address of the ingress packets Here are the possible options src_mac_address Spe...

Page 1236: ...ss the ACL is to filter Specify F for parts of the MAC address the ACL should ignore Mode Global Configuration mode Description Use this command to create ACLs that filter packets based on source and...

Page 1237: ...ple configures port 7 to accept only those packets that have source MAC addresses starting with 45 2A B5 awplus enable awplus configure terminal awplus config access list 4025 permit 45 2a b5 00 00 00...

Page 1238: ...he access list should filter Here are the possible options any Matches any IP address ipaddress mask Matches packets that have a source IP address of a subnet or an end node The mask is a decimal numb...

Page 1239: ...ription Use this command to create Numbered IPv4 ACLs that identify traffic flows based on ICMP and source and destination IP addresses Confirmation Commands SHOW ACCESS LIST on page 1262 and SHOW INT...

Page 1240: ...313 0 24 subnets respectively The ACLs are assigned the ID numbers 3045 and 3046 awplus enable awplus configure terminal awplus config access list 3045 deny icmp 115 201 312 0 24 115 201 313 0 24 awpl...

Page 1241: ...ress Specifies the source IP address of the ingress packets the access list should filter Here are the possible options any Matches any IP address ipaddress mask Matches packets that have a source IP...

Page 1242: ...ant the ACL to filter untagged packets Specify a value between 1 and 4094 You can enter only one VID Mode Global Configuration mode Description Use this command to create ACLs that identify traffic fl...

Page 1243: ...from the 157 11 21 0 subnet and are going to an end node with the IP address 157 11 21 45 The VID of the tagged packets is 15 awplus enable awplus configure terminal awplus config access list 3202 den...

Page 1244: ...22 port1 0 23 awplus config_if access group 3011 awplus config_if access group 3012 awplus config_if end awplus show access list awplus show interface port1 0 22 port1 0 23 access group This example...

Page 1245: ...specify one protocol number Refer to Table 144 Protocol Numbers on page 1246 for the list of protocol numbers scr_ipaddress Specifies the source IP address of the ingress packets the access list shou...

Page 1246: ...ACL to filter tagged packets Omit a VLAN if you want the ACL to filter untagged packets Specify a value between 1 and 4094 You can enter only one VID Mode Global Configuration mode Confirmation Comman...

Page 1247: ...ntrol Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Protocol RFC1735 58 ICMP...

Page 1248: ...list awplus show interface port1 0 2 access group This example adds a deny access list to ports 5 and 6 so that they discard all tagged ingress packets that have the protocol 17 number and the VID 12...

Page 1249: ...col 54 The permit ACL is assigned the ID number 3014 and the deny ACL which blocks all protocol 54 packets is assigned the ID number 3025 awplus enable awplus configure terminal awplus config access l...

Page 1250: ...of the ingress packets the access list should filter Choose one of the following any Matches any IP address ipaddress mask Matches packets that have a source IP address of a subnet or an end node The...

Page 1251: ...ring a range of TCP port numbers dst_ipaddress Specifies the destination IP address of the ingress packets the access list should filter Here are the possible options any Matches any IP address ipaddr...

Page 1252: ...ACL that discards all untagged ingress packets that have the source and destination TCP port number 165 The ACL is applied to port 1 and assigned the ID number 3078 awplus enable awplus configure ter...

Page 1253: ...mple configures port 21 to forward untagged TCP port 67 to 87 packets only if they are from the 154 11 234 0 network and are going to the 154 11 235 0 network This example requires a permit ACL becaus...

Page 1254: ...f the ingress packets the access list should filter Here are the possible options any Matches any IP address ipaddress mask Matches packets that have a source IP address of a subnet or an end node The...

Page 1255: ...ring a range of UDP port numbers dst_ipaddress Specifies the destination IP address of the ingress packets the access list should filter Here are the possible options any Matches any IP address ipaddr...

Page 1256: ...p any range 0 65535 any range 0 65535 awplus config interface port1 0 18 port1 0 19 awplus config_if access group 3118 awplus config_if end awplus show access list awplus show interface port1 0 18 por...

Page 1257: ...plus show access list awplus show interface port1 0 18 access group This example configures port 21 to forward tagged UDP port 67 to 87 packets only if they are from the 154 11 234 0 network and are g...

Page 1258: ...this command NO MAC ACCESS LIST to remove a MAC address ACL from a switch Note If a port is to have both permit and deny ACLs you must add the permit ACLs first because ingress packets are compared ag...

Page 1259: ...ription Use this command to delete ACLs from the switch ACLs must first be removed from their port assignments before they can be deleted For instructions refer to NO ACCESS GROUP on page 1260 and NO...

Page 1260: ...mmand to remove ACLs from ports on the switch This command works for all ACLs except for MAC address ACLs which are removed with NO MAC ACCESS GROUP on page 1261 Confirmation Command SHOW INTERFACE AC...

Page 1261: ...at a time with this command Mode Port Interface mode Description Use this command to remove MAC address ACLs from ports on the switch Confirmation Command SHOW INTERFACE ACCESS GROUP on page 1264 Exam...

Page 1262: ...Indicates a MAC ACL list name Indicates a Named IP ACL Mode Privileged Exec mode Description Use this command to display the configurations of the Numbered IPv4 MAC and Named IPv4 ACLs on the switch I...

Page 1263: ...access list Figure 200 SHOW ACCESS LIST Command IP access list 3104 deny 149 87 201 1 mask 255 255 255 0 any MAC access list 4400 permit any any IP access list icmppermit ICMP permit an any time rang...

Page 1264: ...ec mode Description Use this command to display the port assignments of the ACLs Here is an example of the information Figure 201 SHOW INTERFACE ACCESS GROUP Command Example This example displays the...

Page 1265: ...specified CoS value MLS QOS SET DSCP on page 1274 Port Interface Remarks all egress packets on a port with the specified DSCP value MLS QOS TRUST COS on page 1275 Port Interface Configures ports to u...

Page 1266: ...the mappings of CoS priority values to egress queues SHOW MLS QOS MAPS DSCP QUEUE on page 1283 Privileged Exec Displays the mappings of DSCP priority values to port egress queues WRR QUEUE WEIGHT on...

Page 1267: ...ers None Mode Global Configuration mode Description Use this command to activate QoS on the switch so that ingress packets are stored in egress queues according to their CoS or DSCP values Confirmatio...

Page 1268: ...one queue Mode Port Interface mode Description Use this command to map CoS priorities to port egress queues An egress queue can have more than one priority but you can assign just one priority at a t...

Page 1269: ...qos map cos queue 1 to 5 awplus config if mls qos map cos queue 2 to 5 awplus config if mls qos map cos queue 3 to 6 This example restores the default mappings of the CoS priorities to the egress que...

Page 1270: ...e Mode Port Interface mode Description Use this command to map DSCP priorities to port egress queues An egress queue can have more than one priority but you can assign just one priority at a time with...

Page 1271: ...11 to 7 awplus config if mls qos map cos queue 12 to 7 awplus config if mls qos map cos queue 13 to 7 This example restores the default mappings of the DSCP priorities to the egress queues on port 3 a...

Page 1272: ...default egress queue for any packet arriving on the port When no default queue is configured the cos queue map is used to choose the queue for packets Confirmation Command SHOW RUNNING CONFIG on page...

Page 1273: ...s packets on a port with the specified CoS value Use the NO form of this command to remove remark CoS values from ports Confirmation Command SHOW RUNNING CONFIG on page 158 Example This example config...

Page 1274: ...ets on a port with the specified DSCP value Use the NO form of this command to remove remark DSCP values from ports Confirmation Command SHOW RUNNING CONFIG on page 158 Example This example configures...

Page 1275: ...ets Note QoS must be enabled on the switch before you can use this command Use the NO form of this command to stop ports from using the CoS priorities in ingress packets to determine the egress queues...

Page 1276: ...re the packets Note QoS must be enabled on the switch before you can use this command Use the NO form of this command to stop ports from using the DSCP priorities in ingress packets to determine the e...

Page 1277: ...MLS QOS ENABLE Syntax no mls qos enable Parameters None Mode Global Configuration mode Description Use this command to disable QoS on the switch When QoS is disabled all traffic is treated the same Ex...

Page 1278: ...heduling method on the ports to strict priority so that they transmit packets from higher priority queues before packets in lower priority queues Confirmation Command SHOW MLS QOS INTERFACE on page 12...

Page 1279: ...ignments of weights to egress queues Figure 202 and Figure 203 on page 1280 are examples of a port set to strict priority Figure 202 SHOW MLS QOS INTERFACE Command Strict Priority Default CoS 0 Defaul...

Page 1280: ...eduler Strict Priority Weight N A Default CoS 0 Default Queue 2 Number of egress queues 8 Trust Mark Remark Egress Queue 0 Scheduler Weighted Round Robin Weight 1 Egress Queue 1 Scheduler Weighted Rou...

Page 1281: ...packets that do not have a value Default Queue Specifies the default egress queue for packets that do not have a COS value Number of egress queues Specifies the number of egress queues on the port Eac...

Page 1282: ...igure 205 SHOW MLS QOS MAPS COS QUEUE Command The CoS values in the first line are matched with the egress queue assignments in the second line For example in Figure 205 of port 1 packets with CoS 0 a...

Page 1283: ...w mls qos maps dscp queue interface port Parameters port Specifies the port to display You can view only one port at a time Mode Privileged Exec mode Description Use this command to display the mappin...

Page 1284: ...ess queues are set with MLS QOS MAP DSCP QUEUE on page 1270 Example This example displays the DSCP mappings for port 21 awplus show mls qos maps dscp queue interface port1 0 21 Interface port1 0 21 DS...

Page 1285: ...specify all eight queues For example to assign a weight of 1 to Q0 and Q1 a weight of 5 to Q2 and Q3 a weight of 10 to Q4 and Q5 and a weight of 15 to Q6 and Q7 you enter this parameter as 1 1 5 5 10...

Page 1286: ...Chapter 75 Quality of Service QOS Commands 1286 Section X Network Management awplus config interface port1 0 3 awplus config if wrr queue weight 1 1 10 10 15 15 15 15...

Page 1287: ...1321 Chapter 81 Telnet Client Commands on page 1325 Chapter 82 Secure Shell SSH Server on page 1329 Chapter 83 SSH Server Commands on page 1341 Chapter 84 Non secure HTTP Web Browser Server on page 1...

Page 1288: ...1288...

Page 1289: ...on page 1293 Deleting Local Manager Accounts on page 1295 Activating Command Mode Restriction and Creating the Special Password on page 1296 Deactivating Command Mode Restriction and Deleting the Spec...

Page 1290: ...ere in the command mode structure managers can go and consequently which commands they can access The privilege levels are 1 and 15 Manager accounts with a privilege level of 15 have access to the ent...

Page 1291: ...yption When you create a new manager account you have to assign it a password You also have to create a new password if you activate command mode restrictions The commands for creating manager account...

Page 1292: ...asswords of new manager accounts When you deactivate password encryption with the NO SERVICE PASSWORD ENCRYPTION command the switch searches the running configuration and decrypts passwords that were...

Page 1293: ...password is case sensitive and can have up to 16 alphanumeric characters including punctuation and printable special characters Spaces are not permitted To enter an encrypted password precede it with...

Page 1294: ...76 Local Manager Accounts 1294 Passwords entered in encrypted form remain encrypted in the running configuration even if you disable password encryption by issuing the NO SERVICE PASSWORD ENCRYPTION...

Page 1295: ...e the switch If you delete the account with which you logged on to the switch your current management session is not interrupted But you will not be able to use that account again to log in and config...

Page 1296: ...hanging the password is the ENABLE PASSWORD command in the Global Configuration mode The switch can have only one special password Here is the format of the command enable password 8 password The PASS...

Page 1297: ...password is the NO ENABLE PASSWORD command in the Global Configuration mode When command mode restriction is deactivated manager accounts with a privilege level of 15 do not have to enter the special...

Page 1298: ...erminal awplus config service password encryption When password encryption is activated the switch searches the running configuration for plaintext passwords and encrypts them It also automatically en...

Page 1299: ...lay the running configuration Here is an example of several accounts Figure 209 Displaying the Local Manager Accounts in the Running Configuration username manager privilege 15 password WestWind11a us...

Page 1300: ...Chapter 76 Local Manager Accounts 1300...

Page 1301: ...h and specifies the password NO ENABLE PASSWORD on page 1304 Global Configuration Deactivates command mode restriction on the switch NO SERVICE PASSWORD ENCRYPTION on page 1305 Global Configuration Di...

Page 1302: ...managers with a privilege level of 1 must enter the password to move to the Privileged Exec mode from the User Exec mode Managers who do not know the password or have a privilege level of 1 are restr...

Page 1303: ...AT 9000 Switch Command Line User s Guide 1303 awplus enable awplus configure terminal awplus config enable password 8 1255bbf963118fcf750aca356d 35f6ab...

Page 1304: ...activate command mode restriction on the switch to allow managers who have the privilege level 15 to access all of the command modes without having to enter the special password Confirmation Command S...

Page 1305: ...onfiguration file unless they are entered in their encrypted forms in the USERNAME command Also the switch decrypts all of the passwords of the current manager accounts in the running configuration fi...

Page 1306: ...Note You can delete the default manager account from the switch Caution Do not delete all of the local manager accounts that have the privilege level 15 if the switch does not have any remote RADIUS o...

Page 1307: ...assword encryption This feature encrypts all of the manager account passwords in the running configuration of the switch and the passwords of new manager accounts This is the default setting for passw...

Page 1308: ...odes unless command mode restriction is activated Manager accounts with the privilege level 1 are restricted to the User Exec mode 8 Specifies that the password is encrypted password Specifies the pas...

Page 1309: ...e password is laf238pl awplus enable awplus configure terminal awplus config username allen privilege 15 password laf238pl This example creates a manager account for the user sjones The privilege leve...

Page 1310: ...Chapter 77 Local Manager Account Commands 1310...

Page 1311: ...ter 78 Telnet Server This chapter provides the following topics Overview on page 1312 Enabling the Telnet Server on page 1313 Disabling the Telnet Server on page 1314 Displaying the Telnet Server on p...

Page 1312: ...ve access to it through routers or other Layer 3 devices If the Telnet clients are not members of the same subnet as the switch s management IP address the switch must have a default gateway This is t...

Page 1313: ...command awplus enable awplus configure terminal awplus config service telnet Once the server is started you can conduct remote management sessions over your network from Telnet clients provided that...

Page 1314: ...no service telnet Note If you disable the server from a remote Telnet management session your session ends To resume managing the unit establish a local management session or remote web browser sessi...

Page 1315: ...display the status of the Telnet server use the SHOW TELNET command in the User Exec mode or Privileged Exec mode Here is the command awplus show telnet Here is the information the command displays Fi...

Page 1316: ...Chapter 78 Telnet Server 1316...

Page 1317: ...chapter Table 148 Telnet Server Commands Command Mode Description NO SERVICE TELNET on page 1318 Global Configuration Disables the Telnet server SERVICE TELNET on page 1319 Global Configuration Enable...

Page 1318: ...gement session ends if you disable the server from a remote Telnet session To resume managing the unit establish a local management session or remote web browser session If the maximum number of manag...

Page 1319: ...tch with a Telnet application protocol The default setting for the Telnet server is enabled Note The switch must have a management IP address for remote Telnet management For background information re...

Page 1320: ...tion Use this command to display the status of the Telnet server on the switch The status of the server can be either enabled or disabled Here is the information Figure 211 SHOW TELNET Command Example...

Page 1321: ...1321 Chapter 80 Telnet Client This chapter provides the following topics Overview on page 1322 Starting a Remote Management Session with the Telnet Client on page 1323...

Page 1322: ...s that have IPv6 addresses For instructions refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 285 The other network devices that you intend to manage with the Telnet client must be member...

Page 1323: ...Telnet client The default is 23 For example if the IPv4 address of the remote device is 149 174 154 12 you enter awplus enable awplus telnet 149 174 154 12 You should now see the login prompts of the...

Page 1324: ...Chapter 80 Telnet Client 1324...

Page 1325: ...tail within the chapter Table 149 Telnet Client Commands Command Mode Description TELNET on page 1326 Privileged Exec Starts Telnet management sessions on remote devices that have IPv4 addresses TELNE...

Page 1326: ...rt number of the Telnet client The default value is 23 Mode Privileged Exec mode Description Use this command to start Telnet management sessions on network devices that have IPv4 addresses You can ma...

Page 1327: ...et client The default value is 23 Mode Privileged Exec mode Description Use this command to start Telnet management sessions on network devices that have IPv6 addresses You can manage just one remote...

Page 1328: ...Chapter 81 Telnet Client Commands 1328...

Page 1329: ...erview on page 1330 Support for SSH on page 1331 SSH and Enhanced Stacking on page 1333 Creating the Encryption Key Pair on page 1335 Enabling the SSH Server on page 1336 Disabling the SSH Server on p...

Page 1330: ...ent workstation exchange during management sessions are encrypted In contrast Telnet management sessions are unsecured and are vulnerable to snooping because the packets are sent in readable text The...

Page 1331: ...lt port The following SSH options and features are not supported IDEA or Blowfish encryption Non encrypted Secure Shell sessions Tunnelling of TCP IP traffic Guidelines Here are the guidelines to usin...

Page 1332: ...re you activate and configure SSH server on the master switch not on the member switches Note If your switch is in a network that is protected by a firewall you may need to configure the firewall to p...

Page 1333: ...ement station Enhanced stacking uses a proprietary protocol different from Telnet and SSH protocols Consequently there is no encryption between a master switch and a member switch The result is that S...

Page 1334: ...1334 Because enhanced stacking does not allow for SSH encrypted management sessions between a management station and a member switch you configure SSH only on the master switch of a stack Activating S...

Page 1335: ...ause you can specify a length in bits by using the VALUE parameter in the command The other keys have a fixed key length of 1024 bits The range is 768 to 2048 bits Entering the length is optional This...

Page 1336: ...dure The command that activates the server is the SERVICE SSH command in the Global Configuration mode Here is the command awplus enable awplus configure terminal awplus config service ssh After you e...

Page 1337: ...r the following commands awplus enable awplus configure terminal awplus config no service ssh Note If you disable the server during a remote SSH management session your session ends To resume managing...

Page 1338: ...SH management session your session ends To resume managing the unit with the manager account you must wait for the console timer on the switch to expire and then establish a local management session o...

Page 1339: ...0 Switch Command Line User s Guide 1339 Displaying the SSH Server To display the current settings of the server enter this command in the Privileged Exec or Global Configuration mode awplus show ssh s...

Page 1340: ...Chapter 82 Secure Shell SSH Server 1340...

Page 1341: ...CRYPTO KEY GENERATE HOSTKEY on page 1344 Global Configuration Creates encryption keys NO SERVICE SSH on page 1346 Global Configuration Disables the SSH server SERVICE SSH on page 1347 Global Configura...

Page 1342: ...yption keys are permanently removed by the switch when you enter this command You do not have to enter the WRITE command or the COPY RUNNING CONFIG STARTUP CONFIG command to save your changes on the s...

Page 1343: ...AT 9000 Switch Command Line User s Guide 1343 This example deletes the RSA1 key awplus enable awplus configure terminal awplus config crypto key destroy hostkey rsa1...

Page 1344: ...escription Use this command to create the encryption key for the Secure Shell server You must create the key before activating the server The switch can have one key of each type at the same time If y...

Page 1345: ...wanted switch behavior create a key during periods of low network activity Examples This example creates a DSA key awplus enable awplus configure terminal awplus config crypto key generate hostkey dsa...

Page 1346: ...ession of the switch ends if you disable the server from a remote SSH management session To resume managing the switch from a local management session or a remote Telnet or web browser session you mus...

Page 1347: ...enable the Secure Shell server on the switch You must create an encryption key before enabling the server For instructions refer to CRYPTO KEY GENERATE HOSTKEY on page 1344 Confirmation Command SHOW S...

Page 1348: ...nfiguration mode Description Use this command to display the encryption keys Here is an example of the information for an RSA key Figure 213 SHOW CRYPTO KEY HOSTKEY Command Examples This example displ...

Page 1349: ...and to display the current status of the SSH server Versions supported Server Status Server Port Example This example displays the status of the SSH server awplus show ssh server An example of the inf...

Page 1350: ...Chapter 83 SSH Server Commands 1350...

Page 1351: ...This chapter describes the following topics Overview on page 1352 Enabling the Web Browser Server on page 1353 Setting the Protocol Port Number on page 1354 Disabling the Web Browser Server on page 1...

Page 1352: ...ures the management packet that contains your user name and password he or she could use that information to access the switch and make unauthorized changes to its configuration settings Here are the...

Page 1353: ...address For instructions refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 285 If the web browser server is already configured for secure HTTPS and you are changing it back to non secure...

Page 1354: ...port 80 for the protocol port of the HTTP web server can be adjusted with the IP HTTP PORT command in the Global Configuration mode This example of the command changes the protocol port to 100 awplus...

Page 1355: ...TTP command in the Global Configuration mode awplus enable awplus configure terminal awplus config no service http No further web browser management sessions are permitted by the switch after the serv...

Page 1356: ...r is enabled or disabled on the switch issue the SHOW IP HTTP command in the Privileged Exec mode The command also displays the protocol port number if the server is enabled Here is the command awplus...

Page 1357: ...ure HTTP Web Browser Server Commands Command Mode Description SERVICE HTTP on page 1358 Global Configuration Enables the HTTP web browser server IP HTTP PORT on page 1359 Global Configuration Sets the...

Page 1358: ...se this command to activate the HTTP web browser server on the switch The switch supports non secure HTTP web browser management sessions when the server is activated Confirmation Command SHOW IP HTTP...

Page 1359: ...P web server listens on The range is 0 to 65535 Mode Global Configuration mode Description Use this command to set the TCP port for the web browser server Confirmation Command SHOW IP HTTP on page 136...

Page 1360: ...gement with a web browser Any active web browser management session are interrupted and are not allowed to continue You might disable the server to prevent remote web browser management sessions of th...

Page 1361: ...e Privileged Exec mode Description Use this command to display the status of the HTTP server on the switch Here is an example of the information Figure 216 SHOW IP HTTP Command Example This example di...

Page 1362: ...Chapter 85 Non secure HTTP Web Browser Server Commands 1362...

Page 1363: ...cs Overview on page 1364 Creating a Self signed Certificate on page 1367 Configuring the HTTPS Web Server for a Certificate Issued by a CA on page 1370 Enabling the Web Browser Server on page 1374 Dis...

Page 1364: ...distinguished name that identifies the owner of the certificate which in the case of a certificate for your switch is the switch itself and your company The switch does not come with a certificate You...

Page 1365: ...ompany The name of the owner is entered in the form of a distinguished name which has six parts Common name cn This is the IP address or name of the switch Organizational unit ou This is the name of t...

Page 1366: ...ns must be members of the same network as the management IP address of the switch or they must have access to it through routers or other Layer 3 devices The web browser server cannot operate in both...

Page 1367: ...4 to 20 alphanumeric characters that are used to export the certificate in PKCS12 file format Although the switch does not allow you to export certificates you are still required to include a value f...

Page 1368: ...n Jones_Industries Location San_Jose State California Country US Duration 365 days awplus enable Enter the Privileged Exec mode from the User Exec mode awplus configure terminal Enter the Global Confi...

Page 1369: ...er with SERVICE HTTPS on page 1385 awplus config exit Return to the Privileged Exec mode awplus show ip https Confirm the confirmation with SHOW IP HTTPS on page 1389 HTTPS server enabled Port 443 Cer...

Page 1370: ...state country The values of the parameters in this command must be exactly the same as the corresponding values from the CRYPTO CERTIFICATE GENERATE command used to create the self signed certificate...

Page 1371: ...a public or private CA The certificate is assigned these specifications ID number 1 Key length 512 Passphrase hazeltime Common name 124 201 76 54 This is the IP address of the switch Organizational un...

Page 1372: ...onfig crypto certificate 1 import Import the new certificate into the certificate database with CRYPTO CERTIFICATE IMPORT on page 1382 awplus config ip https certificate 1 Designate the new certificat...

Page 1373: ...wser server is enabled on the unit disabled it with NO SERVICE HTTP on page 1360 awplus config service https Enable the HTTPS server with SERVICE HTTPS on page 1385 awplus config exit Return to the Pr...

Page 1374: ...structions refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 285 The switch should have a HTTPS certificate If the HTTP mode is enabled you must disable it with the NO HTTP SERVER command...

Page 1375: ...TPS command in the Global Configuration mode awplus enable awplus configure terminal awplus config no service https No further web browser management sessions are permitted by the switch after the ser...

Page 1376: ...tocol port number if the server is enabled Here is the command awplus enable awplus show ip https Here is an example of the display Figure 217 SHOW IP HTTPS Command The fields are described in Table 1...

Page 1377: ...bal Configuration Imports certificates from public or private CAs into the certificate database on the switch CRYPTO CERTIFICATE REQUEST on page 1383 Global Configuration Creates certificate enrollmen...

Page 1378: ...tion Use this command to delete unused certificates from the switch You can delete just one certificate at a time with this command Entering the WRITE or COPY RUNNING CONFIG STARTUP CONFIG command aft...

Page 1379: ...ough the switch does not permit the export of certificates a passphrase is still required in the command common_name Specifies a common name for the certificate This should be the IP address or fully...

Page 1380: ...se this command to create self signed certificates for secure HTTPS web browser management of the switch All the parameters in the command are required Entering the WRITE or COPY RUNNING CONFIG STARTU...

Page 1381: ...Sales Organization Jones_Industries Location San_Jose State California Country US Duration 365 days awplus enable awplus configure terminal awplus config crypto certificate 2 generate 1280 trailtree...

Page 1382: ...to the certificate database of the switch A certificate has to be residing in the file system on the switch before you can import it into the certificate database Entering the WRITE or COPY RUNNING CO...

Page 1383: ...and special characters are not allowed organizational_unit Specifies the name of a department such as Network Support or IT This parameter can have up to 64 characters Spaces and special characters a...

Page 1384: ...ve the same ID number and other information as its corresponding self signed certificate Confirmation Command DIR on page 467 Example This example creates a certificate enrollment request that has the...

Page 1385: ...is activated Here are the preconditions to activating the server The non secure HTTP server on the switch must be disabled For instructions refer to NO SERVICE HTTP on page 1360 The switch must have a...

Page 1386: ...er The switch can have only one active certificate The certificate which must already exist on the switch can be a self signed certificate that the switch created itself or a certificate that was issu...

Page 1387: ...erver on the switch The switch rejects secure HTTPS web browser management sessions when the server is deactivated You might disable the server to prevent remote web browser management sessions of the...

Page 1388: ...d_number Specifies a certificate ID number Mode Privileged Exec mode Description Use this command to display detailed information about the certificates on the switch You can display just one certific...

Page 1389: ...le 153 HTTPS server enabled Port 443 Certificate 1 is active Issued by self signed Valid from 5 17 2010 to 5 16 2011 Subject C US ST California L San_Jose O Jones_Industries OU Sales CN 167 214 121 45...

Page 1390: ...tive Displays the status of the certificate An active status indicates that the certificate was designated with IP HTTPS CERTIFICATE on page 1386 as the active certificate for the HTTPS server The swi...

Page 1391: ...chapter describes the following topics Overview on page 1392 Remote Manager Accounts on page 1393 Managing the RADIUS Client on page 1396 Managing the TACACS Client on page 1400 Configuring Remote Au...

Page 1392: ...lets you add more manager accounts to the switch by transferring the task of authenticating the accounts from the switch to an authentication server on your network This feature is described in Remote...

Page 1393: ...entication server when a manager logs on 1 The switch uses its RADIUS or TACACS client to transmit the user name and password to an authentication server on the network 2 The server checks to see if t...

Page 1394: ...0 to 15 however the AT 9000 switch provides only two settings of the Privilege attribute 0 or 15 If command mode restriction is active on the switch a manager account with a privilege level of 0 is re...

Page 1395: ...rvers The switch must have a management IP address For instructions refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 285 The authentication servers on your network must be members of the...

Page 1396: ...e switch the IP addresses below it are moved up For example if you make the following assignments server one is 186 178 11 154 server two is 186 178 11 156 server three is 186 178 11 158 If you delete...

Page 1397: ...TI Specifying a RADIUS Global Encryption Key If the RADIUS servers on your network use the same encryption key use the RADIUS SERVER KEY command in the Global Configuration mode to enter a global encr...

Page 1398: ...ter disables accounting messages The GROUP parameter indicates the user server group Specify the RADIUS server The LOCAL parameter indicates that if the first attempt to authenticate a user with the R...

Page 1399: ...of RADIUS servers awplus enable awplus configure terminal awplus config no radius server host 211 132 123 12 Displaying the RADIUS Client To display the settings of the RADIUS client use the SHOW RADI...

Page 1400: ...addresses below it are moved up For example if you make the following assignments server one is 186 178 11 154 server two is 186 178 11 156 server three is 186 178 11 158 If you delete the IP address...

Page 1401: ...counting message is sent at the end of the session The STOP ONLY parameter indicates a stop accounting message is sent at the end of the session The NONE parameter disables accounting messages The GRO...

Page 1402: ...122 124 15 7 from the TACACS client awplus enable awplus configure terminal awplus config no tacacs server host 122 114 15 7 Displaying the TACACS Client To display the settings of the TACACS client u...

Page 1403: ...ntication login tacacs After you activate the feature all future login attempts by managers are forwarded by the switch to the designated authentication servers for authentication To deactivate the fe...

Page 1404: ...g line no login authentication Now even though remote authentication is activated the switch uses its local manager accounts to authenticate the user name and password whenever someone logs on through...

Page 1405: ...ne vty 0 awplus config line no login authentication Now the switch uses the local manager accounts instead of the remote accounts to authenticate the user name and password when an administrator estab...

Page 1406: ...Chapter 88 RADIUS and TACACS Clients 1406...

Page 1407: ...ON on page 1417 Console Line and Virtual Terminal Line Activates remote authentication for local management sessions and remote Telnet and SSH sessions NO LOGIN AUTHENTICATION on page 1419 Console Lin...

Page 1408: ...eged Exec Displays the configuration settings of the TACACS client TACACS SERVER HOST on page 1430 Global Configuration Adds IP addresses of TACACS servers to the TACACS client in the switch TACACS SE...

Page 1409: ...cify one of the following radius Uses all RADIUS servers tacacs Uses all TACACS servers Mode Global Configuration mode Description This command configures RADIUS or TACACS accounting for all login she...

Page 1410: ...ure terminal awplus config aaa accounting login default start stop group radius To reset the configuration of the default accounting list use the following commands awplus enable awplus configure term...

Page 1411: ...command see ENABLE PASSWORD on page 1302 This is an optional parameter Mode Global Configuration mode Description Use this command to enable the TACACS password on the switch This password is used to...

Page 1412: ...use the following commands awplus enable awplus configure terminal awplus config aaa authentication enable default group tacacs local To enable the TACACS password on the switch use the following com...

Page 1413: ...about this command see ENABLE PASSWORD on page 1302 This is an optional parameter Mode Global Configuration mode Description Use this command to enable RADIUS or TACACS on the switch globally This co...

Page 1414: ...ble RADIUS servers on the switch use the following commands awplus enable awplus configure terminal awplus config aaa authentication login default group radius local To enable TACACS servers on the sw...

Page 1415: ...client uses the specified IP address on every outgoing RADIUS packet Use the no version of this command NO IP RADIUS SOURCE INTERFACE to remove the RADIUS source lP address from the client Confirmati...

Page 1416: ...pter 89 RADIUS and TACACS Client Commands 1416 This example removes the RADIUS source IP address from the RADIUS client awplus enable awplus configure terminal awplus config no ip radius source interf...

Page 1417: ...hile remote authentication for remote Telnet and SSH management sessions is activated in the Virtual Terminal Line mode Note If the switch is unable to communicate with the authentication servers when...

Page 1418: ...nt Commands 1418 This example activates remote authentication for remote Telnet and SSH management sessions that use VTY line 0 awplus enable awplus configure terminal awplus config line vty 0 awplus...

Page 1419: ...SSH sessions Confirmation Command SHOW RUNNING CONFIG on page 158 Examples This example deactivates remote authentication for local management sessions awplus enable awplus configure terminal awplus...

Page 1420: ...l Configuration mode Description Use this command to delete IP addresses of RADIUS servers from the list of authentication servers on the switch You can delete only one IP address at a time with this...

Page 1421: ...address at a time with this command Mode Global Configuration mode Description Use this command to delete IP addresses of TACACS servers from the client You can delete only one IP address at a time wi...

Page 1422: ...thentication requests If 0 is specified the server is not used for authentication The default UDP port for authentication is 1812 key Specifies the encryption key used by the designated RADIUS server...

Page 1423: ...er host 149 245 22 22 auth port 1815 key tiger12 This example adds a RADIUS server with the IP address 176 225 15 23 to the switch The accounting port is 1811 and the UDP port is 1815 The encryption k...

Page 1424: ...two or three servers that use different encryption keys do not enter a global encryption key with this command Instead define the individual keys when you add the IP addresses of the servers to the c...

Page 1425: ...er for an authentication request If the timeout expires without a response the client queries the next server in the list If there are no further servers in the list to query the switch defaults to th...

Page 1426: ...dress assigned to an interface on the switch that is the source of all outgoing RADIUS packets WIth hardware stacking this the source address of the master switch Timeout The length of the time in sec...

Page 1427: ...xample This example displays the configuration of the RADIUS client awplus show radius Accounting Port The accounting protocol port Encryption Keys The server encryption keys if defined Table 155 SHOW...

Page 1428: ...ble 156 SHOW TACACS Command Parameter Description Timeout The length of the time in seconds that the switch waits for a response from a TACACS server to an authentication request The default is 40 sec...

Page 1429: ...ch awplus show tacacs Server Status Indicates the status of the server host One of the following options is displayed Alive Indicates the server is working correctly The sockets are successful Dead In...

Page 1430: ...scription Use this command to add IP addresses of TACACS servers to the TACACS client in the switch The list can have up to three TACACS authentication servers but you can add only one at a time with...

Page 1431: ...two or three servers that use different encryption keys do not enter a global encryption key with this command Instead define the individual keys when you add the IP addresses of the servers to the cl...

Page 1432: ...rver for an authentication request If the timeout expires without a response the client queries the next server in the list If there are no further servers in the list to query the switch defaults to...

Page 1433: ...s SHOW MEMORY ALLOCATION on page 1438 Privileged Exec Displays the memory allocations used by the processes SHOW MEMORY HISTORY on page 1439 Privileged Exec Displays a graph showing historical memory...

Page 1434: ...processes sleep Sorts the list by the average sleeping times thrds Sorts the list by the number of threads Mode Privileged Exec mode Description Use this command to display a list of running processe...

Page 1435: ...Syntax show cpu history Parameters None Mode Privileged Exec mode Description Use this command to display graphs of historical CPU utilization on the switch Example This example displays graphs of hi...

Page 1436: ...user threads Parameters None Mode Privileged Exec mode Description Use this command to display a list of CPU utilization and the status of the user threads Example This example displays a list of CPU...

Page 1437: ...the peak amounts of memory the processes are currently using stk Sorts the list by the stack sizes of the processes Mode Privileged Exec mode Description Use this command to display the memory consum...

Page 1438: ...stem process Mode Privileged Exec mode Description Use this command to display the memory allocations used by the processes Examples This example displays the memory allocations used by all the proces...

Page 1439: ...Y HISTORY Syntax show memory history Parameters None Mode Privileged Exec mode Description Use this command to display a graph showing historical memory usage Example This example displays a graph sho...

Page 1440: ...LS Syntax show memory pools Parameters None Mode Privileged Exec mode Description Use this command to display a list of memory pools used by the processes Example This example displays a list of memor...

Page 1441: ...ry utilization Mode Privileged Exec mode Description Use this command to display a summary of the current running processes Examples This example lists the running processes by ID number awplus show p...

Page 1442: ...r Parameters None Modes User Exec mode and Privileged Exec mode Description Use this command to display the serial number of the switch The serial number is also displayed with SHOW SYSTEM on page 161...

Page 1443: ...one Mode Privileged Exec mode Description Use this command to display the number of interrupts for each Interrupt Request IRQ used to interrupt input lines on a Programmable Interrupt Controller PIC o...

Page 1444: ...e file name tech support followed by a string of numbers and the extension txt After performing the command upload the file from the switch using TFTP or Zmodem and email it to Allied Telesis technica...

Page 1445: ...ional commands SHOW ARP SHOW INTERFACE SHOW IP INTERFACE SHOW IPV6 INTERFACE SHOW MAC ADDRESS TABLE Examples This example stores the system information in a file awplus show tech support This example...

Page 1446: ...Chapter System Monitoring Commands 1446...

Page 1447: ...ED on page 1456 MAC Address based Port Security on page 1457 MAC Address Table on page 1458 Management IP Address on page 1459 Manager Account on page 1460 Port Settings on page 1461 RADIUS Client on...

Page 1448: ...Appendix B Management Software Default Settings 1448 Boot Configuration File The following table lists the name of the default configuration file Boot Configuration File Default Switch boot cfg...

Page 1449: ...1449 Class of Service The following table lists the default mappings of the IEEE 802 1p priority levels to the egress port priority queues IEEE 802 1p Priority Level Port Priority Queue 0 Q2 1 Q0 lowe...

Page 1450: ...50 Console Port The following table lists the default settings for the Console port Note The baud rate is the only adjustable parameter on the port Console Port Setting Default Data Bits 8 Stop Bits 1...

Page 1451: ...rk Access Control Settings Default Port Access Control Disabled Authentication Method RADIUS EAP Port Roles None Authentication Port 1812 Authenticator Port Setting Default Authentication Mode 802 1x...

Page 1452: ...Appendix B Management Software Default Settings 1452 The following table lists the default settings for RADIUS accounting RADIUS Accounting Settings Default Status Disabled Port 1813...

Page 1453: ...AT 9000 Switch Command Line User s Guide 1453 Enhanced Stacking The following table lists the enhanced stacking default setting Enhanced Stacking Setting Default Switch State Member...

Page 1454: ...are Default Settings 1454 GVRP This section provides the default settings for GVRP GVRP Setting Default Status Disabled GIP Status Enabled Join Timer 20 centiseconds Leave Timer 60 centiseconds Leave...

Page 1455: ...ing table lists the IGMP Snooping default settings IGMP Snooping Setting Default IGMP Snooping Status Disabled Multicast Host Topology Single Host Port Edge Host Router Timeout Interval 260 seconds Ma...

Page 1456: ...The following table lists the default settings for LLDP and LLDP MED LLDP an LLDP MED Default Status Disabled Notification Interval 5 seconds Transmit Interval 30 seconds Holdtime Multiplier 4 Reiniti...

Page 1457: ...de 1457 MAC Address based Port Security The following table lists the MAC address based port security default settings MAC Address based Port Security Setting Default Status Disabled Intrusion Action...

Page 1458: ...ix B Management Software Default Settings 1458 MAC Address Table The following table lists the default setting for the MAC address table MAC Address Table Setting Default MAC Address Aging Time 300 se...

Page 1459: ...User s Guide 1459 Management IP Address The following table lists the default settings for the management IP address Management IP Address Setting Default Management IP Address 0 0 0 0 Subnet Mask 0...

Page 1460: ...following table lists the manager account default settings Note Login names and passwords are case sensitive Manager Account Setting Default Manager Login Name manager Manager Password friend Console...

Page 1461: ...on MDI MDI X Auto MDI MDIX Threshold Limits for Ingress Packets Disabled Broadcast Multicast or Unknown Unicast Packet Filtering Storm control 33 554 431 packets per second Override Priority No overri...

Page 1462: ...RADIUS configuration default settings RADIUS Configuration Setting Default Global Encryption Key ATI Global Server Timeout Period 5 seconds RADIUS Server 1 Configuration 0 0 0 0 RADIUS Server 2 Confi...

Page 1463: ...de 1463 Remote Manager Account Authentication The following table describes the remote manager account authentication default settings Authentication Setting Default Server based Authentication Disabl...

Page 1464: ...following table lists the default settings for RMON collection histories There are no default settings for alarms or events RMON Setting Default History Buckets 50 History Polling Interval 1800 secon...

Page 1465: ...rver The following table lists the SSH default settings Note The SSH port number is not adjustable SSH Setting Default Status Disabled Host Key ID Not Defined Server Key ID Not Defined Server Key Expi...

Page 1466: ...ettings 1466 sFlow Agent The default settings for the sFlow agent are listed in this table sFlow Agent Setting Default sFlow Agent Status Disabled sFlow Collector IP Address 0 0 0 0 UDP Port 6343 Port...

Page 1467: ...67 Simple Network Management Protocol SNMPv1 SNMPv2c and SNMPv3 The following table describes the default settings for SNMPv1 SNMPv2c and SNMPv3 SNMP Communities Setting Default SNMP Status Disabled A...

Page 1468: ...ettings 1468 Simple Network Time Protocol The following table lists the SNTP default settings SNTP Setting Default System Time Sat 01 Jan 2000 00 00 00 SNTP Status Disabled SNTP Server 0 0 0 0 UTC Off...

Page 1469: ...ings Rapid Spanning Tree Protocol The following table describes the RSTP default settings Spanning Tree Setting Default Spanning Tree Status Enabled Active Protocol Version RSTP STP Setting Default Br...

Page 1470: ...Status Disabled BPDU Guard Timeout Interval 300 seconds RSTP Setting Default MSTP Setting Default Force Version MSTP Bridge Priority 32768 Bridge Hello Time 2 Bridge Forwarding 15 Bridge Max Age 20 E...

Page 1471: ...AT 9000 Switch Command Line User s Guide 1471 System Name The default setting for the system name is listed in this table System Name Setting Default System Name awplus...

Page 1472: ...1472 TACACS Client The following table lists the TACACS client configuration default settings TACACS Client Configuration Setting Default TAC Server 1 0 0 0 0 TAC Server 2 0 0 0 0 TAC Server 3 0 0 0...

Page 1473: ...ine User s Guide 1473 Telnet Server The default settings for the Telnet server are listed in this table Note The Telnet port number is not adjustable Telnet Server Setting Default Telnet Server Enable...

Page 1474: ...lt Settings 1474 VLANs This section provides the VLAN default settings VLAN Setting Default Default VLAN Name Default_VLAN all ports Management VLAN ID 1 Default_VLAN VLAN Type Port based Member Ports...

Page 1475: ...mmand Line User s Guide 1475 Web Server The following table lists the web server default settings Web Server Configuration Setting Default Status Disabled Operating Mode HTTP HTTP Port Number 80 HTTPS...

Page 1476: ...Appendix B Management Software Default Settings 1476...

Page 1477: ...34 CLEAR IPV6 NEIGHBORS command 301 CLEAR LLDP STATISTICS command 1084 CLEAR LLDP TABLE command 1077 1085 CLEAR LOG BUFFERED command 104 109 514 516 CLEAR MAC ADDRESS TABLE command 354 CLEAR PORT COUN...

Page 1478: ...mand 1089 LLDP MED NOTIFICATIONS command 1091 LLDP MED TLV SELECT command 1060 1063 1066 1069 1092 LLDPNON STRICT MED TLV ORDER CHECKcommand 1094 LLDP NOTIFICATION INTERVAL command 1096 LLDP NOTIFICAT...

Page 1479: ...O SERVICE HTTPS command 1387 NO SERVICE PASSWORD ENCRYPTION command 1298 1305 NO SERVICE POWER INLINE command 264 NO SERVICE SSH command 1346 NO SERVICE TELNET command 1314 1318 NO SFLOW COLLECTOR IP...

Page 1480: ...ASED AUTHENTICATION TACACS command 1403 SERVICE HTTP command 1353 1358 SERVICE HTTPS command 1385 SERVICE MAXMANAGER command 126 154 SERVICE PASSWORD ENCRYPTION command 1298 1307 SERVICE POWER INLINE...

Page 1481: ...SHOW SFLOW command 1046 SHOW SFLOW DATABASE command 1033 SHOW SNMP SERVER command 972 986 1008 SHOW SNMP SERVER COMMUNITY command 972 987 SHOW SNMP SERVER GROUP command 1009 SHOW SNMP SERVER HOST comm...

Page 1482: ...VLAN HOST command 836 843 SWITCHPORT MODE PRIVATE VLAN PROMISCUOUS command 836 844 SWITCHPORT MODE TRUNK command 734 751 SWITCHPORT PORT SECURITY AGING command 872 888 SWITCHPORT PORT SECURITY comman...

Reviews:

No comments

Related manuals for AT-9000/12PoE

Brand: Quatech Pages: 27

Brand: XESS Pages: 23

Brand: ebm-papst Pages: 6

Brand: ebm-papst Pages: 6

Brand: ebm-papst Pages: 5

Brand: RadiSys Pages: 44

Brand: Hawking Pages: 2

PG-FLEX RT FRL-752

Brand: PairGain Pages: 6

Brand: Aaeon Pages: 61

Brand: Gigabyte Pages: 18

Brand: Advantech Pages: 68

Brand: iDirect Pages: 72

Brand: ACTi Pages: 14

Brand: Chase Research Pages: 114

Bolide BN-NVR/NX

Brand: GSA Pages: 101

LOYTEC LIP‑3ECTC

Brand: DELTA GROUP Pages: 4

Brand: TEC Control Pages: 4

Brand: l-com Pages: 11

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands