manualshive.com logo in svg

Allied Telesis AT-IE200-6FP-80, Command Reference Manual

The Allied Telesis AT-IE200-6FP-80 is a high-performance and reliable network switch. To help users maximize its potential, we offer a comprehensive Command Reference Manual. Easily accessible on our website, this downloadable manual is completely free, providing detailed instructions on product usage and configuration. Visit manualshive.com to download it today.

Share
Download
background image

23

714

Command Reference for IE200 Series Industrial Managed PoE+ Switches 

C613-50066-01 REV A

AlliedWare Plus™ Operating System - Version 5.4.5I-0.x

IPv4 Software

Access Control List

(ACL) Commands

Introduction

Overview

This chapter provides an alphabetical reference for the IPv4 Software Access 
Control List (ACL) commands, and contains detailed command information and 
command examples about IPv4 software ACLs as applied to Routing and 
Multicasting, which are not applied to interfaces.

For information about ACLs, see the 

ACL Feature Overviewand Configuration 

Guide

.

To apply ACLs to an LACP channel group, apply it to all the individual switch ports 
in the channel group. To apply ACLs to a static channel group, apply it to the static 
channel group itself. For more information on link aggregation see the following 
references:

the 

Link Aggregation Feature Overview and Configuration Guide

.

Link Aggregation Commands

NOTE

:  

Text in parenthesis in command names indicates usage not keyword entry. For 

example, 

access-list hardware (named)

 indicates named IPv4 hardware ACLs 

entered as 

access-list hardware

 <

name

> where <name> is a placeholder not 

a keyword.

Parenthesis surrounding ACL filters indicates the type of ACL filter not the keyword 
entry in the CLI, such as 

(access-list standard numbered filter)

 represents command 

entry in the format shown in the syntax 

[<

sequence-number

>] {deny|permit} 

{<source>|host <

host-address

>|any}

.

Software ACLs will 

deny

 access unless 

explicitly permitted

 by an ACL action.

Summary of Contents for AT-IE200-6FP-80

Page 1: ...C613 50066 01 REV A IE200 Series INDUSTRIAL MANAGED POE SWITCHES Command Reference for AlliedWare Plus Version 5 4 5 AT IE200 6FT 80 AT IE200 6FP 80 AT IE200 6GT 80 AT IE200 6GP 80 ...

Page 2: ...Telesis Labs Ltd PO Box 8011 Christchurch New Zealand Allied Telesis AlliedWare Plus Allied Telesis Management Framework EPSRing SwitchBlade and VCStack are trademarks or registered trademarks in the United States and elsewhere of Allied Telesis Inc Adobe Acrobat and Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and or other countries Micr...

Page 3: ...p 60 logout 61 show history 62 Chapter 2 User Access Commands 63 Introduction 63 clear line console 65 clear line vty 66 enable password 67 enable secret 70 exec timeout 73 flowcontrol hardware asyn console 75 length asyn 77 line 78 privilege level 80 security password history 81 security password forced change 82 security password lifetime 83 security password minimum categories 84 security passw...

Page 4: ...8 boot config file backup 110 boot system 111 boot system backup 113 cd 114 copy current software 115 copy debug 116 copy running config 117 copy startup config 118 copy filename 119 copy zmodem 121 create autoboot 122 delete 123 delete debug 124 dir 125 edit 127 edit filename 128 erase startup config 130 mkdir 131 move 132 move debug 133 pwd 134 rmdir 135 show autoboot 136 show boot 137 show file...

Page 5: ...ot prevention 174 ecofriendly led 176 findme 177 hostname 178 no debug all 180 reboot 181 reload 182 show clock 183 show continuous reboot prevention 185 show cpu 186 show cpu history 189 show debugging 192 show ecofriendly 193 show interface memory 194 show memory 196 show memory allocations 198 show memory history 200 show memory pools 201 show memory shared 202 show process 203 show reboot hist...

Page 6: ...243 log console 244 log console filter 245 log email 248 log email filter 249 log email time 252 log host 254 log host filter 255 log host time 258 log monitor filter 260 log permanent 263 log permanent filter 264 log permanent size 267 log rate limit nsm 268 show counter log 270 show exception log 271 show log 272 show log config 275 show log permanent 278 show running config log 279 Chapter 6 Sc...

Page 7: ...form packet 319 duplex 321 flowcontrol switch port 322 linkflap action 324 loop protection 325 loop protection action 326 loop protection action delay time 327 loop protection timeout 328 mac address table acquire 329 mac address table ageing time 330 mac address table static 331 mirror interface 332 platform stop unreg mc flooding 334 platform vlan stacking tpid 336 polarity 337 show debugging lo...

Page 8: ...82 switchport trunk allowed vlan 383 switchport trunk native vlan 386 switchport vlan stacking double tagging 388 switchport voice dscp 389 switchport voice vlan 390 switchport voice vlan priority 392 vlan 393 vlan classifier activate 394 vlan classifier group 395 vlan classifier rule ipv4 396 vlan classifier rule proto 397 vlan database 400 Chapter 12 Spanning Tree Commands 401 Introduction 401 c...

Page 9: ...max hops MSTP 456 spanning tree mode 457 spanning tree mst configuration 458 spanning tree mst instance 459 spanning tree mst instance path cost 460 spanning tree mst instance priority 462 spanning tree mst instance restricted role 463 spanning tree mst instance restricted tcn 464 spanning tree path cost 466 spanning tree portfast STP 467 spanning tree portfast bpdu filter 469 spanning tree portfa...

Page 10: ...er inline 517 show power inline counters 519 show power inline interface 521 show power inline interface detail 523 Chapter 15 GVRP Commands 526 Introduction 526 clear gvrp statistics 527 debug gvrp 528 gvrp interface 530 gvrp dynamic vlan creation 531 gvrp enable global 532 gvrp registration 533 gvrp timer 534 show debugging gvrp 535 show gvrp configuration 536 show gvrp machine 537 show gvrp sta...

Page 11: ...oute 592 ping ipv6 593 show ipv6 interface brief 594 show ipv6 neighbors 595 show ipv6 route 596 show ipv6 route summary 598 traceroute ipv6 599 Chapter 18 Static Routing Commands for Management Purposes 600 Introduction 600 ip route 601 show ip route 602 show ip route database 604 show ip route summary 605 Chapter 19 Multicast Commands 606 Introduction 606 clear ip mroute 608 clear ip mroute stat...

Page 12: ...ow ip igmp groups 649 show ip igmp interface 651 show ip igmp snooping statistics 654 undebug igmp 655 Chapter 21 MLD Snooping Commands 656 Introduction 656 clear ipv6 mld 657 clear ipv6 mld group 658 clear ipv6 mld interface 659 debug mld 660 ipv6 mld access group 661 ipv6 mld limit 662 ipv6 mld snooping 664 ipv6 mld snooping fast leave 666 ipv6 mld snooping mrouter 667 ipv6 mld snooping querier ...

Page 13: ...ndard numbered 740 access list standard named filter 742 access list standard numbered filter 744 clear ip prefix list 746 ip prefix list 747 maximum access list 749 show access list IPv4 Software ACLs 750 show ip access list 752 Chapter 24 IPv6 Hardware Access Control List ACL Commands 753 Introduction 753 commit IPv6 755 ipv6 access list named 756 ipv6 access list named ICMP filter 758 ipv6 acce...

Page 14: ... 810 show policy map 811 trust dscp 812 wrr queue weight queues 813 Chapter 27 802 1X Commands 815 Introduction 815 debug dot1x 816 dot1x control direction 817 dot1x eap 818 dot1x eapol version 819 dot1x initialize interface 820 dot1x initialize supplicant 821 dot1x keytransmit 822 dot1x max auth fail 823 dot1x max reauth req 825 dot1x port control 826 dot1x timeout tx period 828 show debugging do...

Page 15: ...wpad option 892 auth web server gateway deleted 893 auth web server host name 894 auth web server http redirect deleted 895 auth web server intercept port 896 auth web server ipaddress 897 auth web server login url 898 auth web server mode deleted 899 auth web server page logo 900 auth web server page sub title 901 auth web server page success message 902 auth web server page title 903 auth web se...

Page 16: ...r 29 AAA Commands 944 Introduction 944 aaa accounting auth mac default 946 aaa accounting auth web default 948 aaa accounting commands 950 aaa accounting dot1x 952 aaa accounting login 954 aaa accounting update 957 aaa authentication auth mac 959 aaa authentication auth web 960 aaa authentication dot1x 961 aaa authentication enable default group tacacs 962 aaa authentication enable default local 9...

Page 17: ...9 crypto key generate hostkey 1010 crypto key generate userkey 1011 crypto key pubkey chain knownhosts 1012 crypto key pubkey chain userkey 1014 debug ssh client 1016 debug ssh server 1017 service ssh 1018 show banner login 1020 show crypto key hostkey 1021 show crypto key pubkey chain knownhosts 1022 show crypto key pubkey chain userkey 1023 show crypto key userkey 1024 show running config ssh 10...

Page 18: ...ings 1070 ip dhcp snooping subscriber id 1071 ip dhcp snooping trust 1072 ip dhcp snooping verify mac address 1073 ip dhcp snooping violation 1074 ip source binding 1075 service dhcp snooping 1077 show arp security 1079 show arp security interface 1080 show arp security statistics 1082 show debugging arp security 1085 show debugging ip dhcp snooping 1086 show ip dhcp snooping 1087 show ip dhcp sno...

Page 19: ...ize 1143 atmf backup bandwidth 1144 atmf backup delete 1145 atmf backup enable 1146 atmf backup now 1147 atmf backup server 1149 atmf backup stop 1151 atmf backup synchronize 1152 atmf cleanup 1153 atmf controller 1154 atmf distribute firmware 1155 atmf domain vlan 1157 atmf enable 1159 atmf group membership 1160 atmf log verbose 1162 atmf management subnet 1163 atmf management vlan 1165 atmf mast...

Page 20: ...s statistics 1236 show atmf memory 1241 show atmf nodes 1243 show atmf provision nodes 1244 show atmf tech 1245 show atmf working set 1248 show debugging atmf 1249 show debugging atmf packet 1250 show running config atmf 1251 switchport atmf arealink remote area 1252 switchport atmf crosslink 1253 switchport atmf link 1255 type atmf node 1256 undebug atmf 1259 Chapter 37 NTP Commands 1260 Introduc...

Page 21: ...ow snmp server user 1305 show snmp server view 1306 snmp trap link status 1307 snmp trap link status suppress 1309 snmp server 1311 snmp server community 1313 snmp server contact 1314 snmp server enable trap 1315 snmp server engineID local 1317 snmp server engineID local reset 1319 snmp server group 1320 snmp server host 1322 snmp server location 1324 snmp server source interface 1325 snmp server ...

Page 22: ... location id 1367 show debugging lldp 1368 show lldp 1370 show lldp interface 1372 show lldp local info 1374 show lldp neighbors 1379 show lldp neighbors detail 1381 show lldp statistics 1385 show lldp statistics interface 1387 show location 1390 Chapter 42 SMTP Commands 1392 Introduction 1392 debug mail 1393 delete mail 1394 mail 1395 mail from 1396 mail smtpserver 1397 show counter mail 1398 sho...

Page 23: ...cpu 1440 type interface 1441 type memory 1442 type periodic 1443 type ping poll 1444 type reboot 1445 type time 1446 type usb 1447 undebug trigger 1448 Chapter 45 Ping Polling Commands 1449 Introduction 1449 active ping polling 1451 clear ping poll 1452 critical interval 1453 debug ping poll 1454 description ping polling 1455 fail count 1456 ip ping polling 1457 length ping poll data 1458 normal i...

Page 24: ...24 Command Reference for IE200 Series Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x ...

Page 25: ...s list hardware TCP UDP filter 707 access list standard named filter 742 access list standard numbered filter 744 ipv6 access list named ICMP filter 758 ipv6 access list named protocol filter 761 ipv6 access list named TCP UDP filter 765 ipv6 access list standard filter 775 aaa accounting auth mac default 946 aaa accounting auth web default 948 aaa accounting commands 950 aaa accounting dot1x 952 ...

Page 26: ...40 access list extended named 716 access list hardware named 693 access list standard named 738 accounting login 971 activate 281 active ping polling 1451 active trigger 1416 alarm facility 304 arp IP address MAC 544 arp log 545 arp security violation 1054 arp security 1053 arp aging timeout 542 arp mac disparity 543 atmf area password 1137 atmf area 1136 atmf backup area masters delete 1140 atmf ...

Page 27: ...66 atmf network name 1167 atmf provision node clone 1169 atmf provision node configure boot config 1171 atmf provision node configure boot system 1173 atmf provision node create 1175 atmf provision node delete 1177 atmf provision node license cert 1179 atmf provision node locate 1181 atmf provision 1168 atmf reboot rolling 1182 atmf recover led off 1188 atmf recover 1186 atmf remote login 1189 atm...

Page 28: ... auth mac password 882 auth mac reauth relearning 883 auth web enable 884 auth web forward 885 auth web max auth fail 887 auth web method 888 auth web server blocking mode 889 auth web server dhcp ipaddress 890 auth web server dhcp lease 891 auth web server dhcp wpad option 892 auth web server gateway deleted 893 auth web server host name 894 auth web server http redirect deleted 895 auth web serv...

Page 29: ...server session keep 913 auth web server ssl intercept port 916 auth web server ssl 914 auth web server sslport deleted 915 autoboot enable 107 backpressure 311 banner exec 162 banner login SSH 1006 banner login system 164 banner motd 166 boot config file backup 110 boot config file 108 boot system backup 113 boot system 111 cd 114 channel group 481 class 780 class map 781 clear aaa local user lock...

Page 30: ...ipv6 mroute 610 clear ipv6 neighbors 583 clear lacp counters 483 clear line console 65 clear line vty 66 clear lldp statistics 1334 clear lldp table 1335 clear log buffered 231 clear log permanent 232 clear log 230 clear loop protection counters 313 clear mac address table dynamic 315 clear mac address table static 314 clear ping poll 1452 clear port counter 317 clear power inline counters interfa...

Page 31: ...b auth https file 918 copy zmodem 121 create autoboot 122 critical interval 1453 crypto key destroy hostkey 1008 crypto key destroy userkey 1009 crypto key generate hostkey 1010 crypto key generate userkey 1011 crypto key pubkey chain knownhosts 1012 crypto key pubkey chain userkey 1014 day 1417 deadtime RADIUS server group 979 debug aaa 973 debug arp security 1059 debug atmf packet 1200 debug atm...

Page 32: ... ssh client 1016 debug ssh server 1017 debug trigger 1419 default log buffered 233 default log console 234 default log email 235 default log host 236 default log monitor 237 default log permanent 238 default action 782 delete debug 124 delete mail 1394 delete 123 description interface 285 description ping polling 1455 description QoS policy map 783 description trigger 1420 dir 125 disable Privileg...

Page 33: ...it 784 enable Privileged Exec mode 56 enable password 67 enable secret 70 end 58 epsr configuration 1110 epsr datavlan 1111 epsr enhancedrecovery enable 1112 epsr mode master controlvlan primary port 1113 epsr mode transit controlvlan 1114 epsr priority 1115 epsr state 1116 epsr trap 1117 epsr 1109 erase factory default 1203 erase proxy autoconfig file 919 erase startup config 130 erase web auth h...

Page 34: ...d vlantriplet 1064 ip dhcp snooping agent option remote id 1065 ip dhcp snooping agent option 1062 ip dhcp snooping binding 1066 ip dhcp snooping database 1067 ip dhcp snooping delete by client 1068 ip dhcp snooping delete by linkdown 1069 ip dhcp snooping max bindings 1070 ip dhcp snooping subscriber id 1071 ip dhcp snooping trust 1072 ip dhcp snooping verify mac address 1073 ip dhcp snooping vio...

Page 35: ...rce interface 981 ip route 601 ip rrp snooping 1104 ip source binding 1075 ipv6 access list named 756 ipv6 access list standard named 773 ipv6 address autoconfig 585 ipv6 address dhcp 1287 ipv6 address 584 ipv6 enable 587 ipv6 mld access group 661 ipv6 mld limit 662 ipv6 mld snooping fast leave 666 ipv6 mld snooping mrouter 667 ipv6 mld snooping querier 669 ipv6 mld snooping report suppression 670...

Page 36: ...on strict med tlv order check 1344 lldp notification interval 1345 lldp notifications 1346 lldp port number type 1347 lldp reinit 1348 lldp run 1349 lldp timer 1350 lldp tlv select 1351 lldp transmit receive 1353 lldp tx delay 1354 location civic location configuration 1355 location civic location identifier 1360 location civic location id 1361 location coord location configuration 1362 location c...

Page 37: ...uthentication 974 logout 61 log rate limit nsm 268 loop protection action 326 loop protection action delay time 327 loop protection timeout 328 loop protection 325 mac address table acquire 329 mac address table ageing time 330 mac address table static 331 mail from 1396 mail smtpserver 1397 mail 1395 match access group 785 match cos 787 match dscp 788 match eth format protocol 789 match mac type ...

Page 38: ...p access group 1261 ntp authenticate 1262 ntp authentication key 1263 ntp broadcastdelay 1264 ntp master 1265 ntp peer 1266 ntp server 1268 ntp source 1270 ntp trusted key 1272 ping ipv6 593 ping 560 ping poll 1460 platform stop unreg mc flooding 334 platform vlan stacking tpid 336 polarity 337 police single rate action 801 policy map 802 port vlan forwarding priority 360 power inline allow legacy...

Page 39: ... region MSTP 413 reload 182 remark new cos 804 repeat 1421 revision MSTP 414 rmdir 135 rmon alarm 1402 rmon collection history 1404 rmon collection stats 1405 rmon event 1406 sample size 1461 script 1422 security password forced change 82 security password history 81 security password lifetime 83 security password minimum categories 84 security password minimum length 85 security password reject e...

Page 40: ...urity statistics 1082 show arp security 1079 show arp 561 show atmf area nodes 1212 show atmf area nodes detail 1214 show atmf area summary 1211 show atmf area 1208 show atmf backup area 1219 show atmf backup 1216 show atmf detail 1221 show atmf group members 1225 show atmf group 1223 show atmf links detail 1228 show atmf links statistics 1236 show atmf links 1227 show atmf memory 1241 show atmf n...

Page 41: ...nt 939 show auth web 930 show auth web server page 942 show auth web server 941 show autoboot 136 show banner login 1020 show boot 137 show class map 806 show clock 183 show continuous reboot prevention 185 show counter dhcp client 1281 show counter ipv6 dhcp client 1288 show counter log 270 show counter mail 1398 show counter ntp 1273 show counter ping poll 1463 show counter snmp server 1295 show...

Page 42: ...gging mstp 415 show debugging platform packet 339 show debugging power inline 516 show debugging radius 993 show debugging snmp 1300 show debugging trigger 1424 show debugging 192 show dhcp lease 1282 show diagnostic channel group 490 show dot1x diagnostics 833 show dot1x interface 835 show dot1x sessionstatistics 840 show dot1x statistics interface 841 show dot1x supplicant interface 844 show dot...

Page 43: ...r 539 show history 62 show hosts 565 show interface access group 713 show interface brief 294 show interface err disabled 341 show interface memory 194 show interface status 295 show interface switchport 342 show interface 291 show ip access list 752 show ip dhcp snooping acl 1088 show ip dhcp snooping agent option 1091 show ip dhcp snooping binding 1094 show ip dhcp snooping interface 1096 show i...

Page 44: ... access list IPv6 Software ACLs 777 show ipv6 dhcp interface 1291 show ipv6 dhcp 1290 show ipv6 interface brief 594 show ipv6 mif 633 show ipv6 mld groups 675 show ipv6 mld interface 676 show ipv6 mld snooping mrouter 677 show ipv6 mld snooping statistics 678 show ipv6 mroute 631 show ipv6 neighbors 595 show ipv6 route summary 598 show ipv6 route 596 show lacp sys id 494 show lacp counter 495 show...

Page 45: ...ow mls qos interface 808 show mls qos maps cos queue 810 show mls qos 807 show ntp associations 1275 show ntp status 1277 show ping poll 1466 show platform classifier statistics utilization brief 349 show platform port 350 show platform 348 show policy map 811 show port etherchannel 496 show port vlan forwarding priority 365 show power inline counters 519 show power inline interface detail 523 sho...

Page 46: ...ning config power inline 152 show running config router id 153 show running config security password 154 show running config snmp 1301 show running config ssh 1025 show running config trigger 1425 show running config 142 show security password configuration 93 show security password user 94 show snmp server community 1303 show snmp server group 1304 show snmp server user 1305 show snmp server view...

Page 47: ...w users 1032 show ssh server deny users 1033 show ssh server 1030 show ssh 1027 show startup config 155 show static channel group 498 show system environment 208 show system interrupts 209 show system mac 210 show system pluggable detail 213 show system pluggable diagnostics 217 show system pluggable 211 show system serialnumber 219 show system 207 show tacacs 999 show tech support 220 show telnet...

Page 48: ...327 snmp server view 1330 snmp server 1311 source ip 1471 spanning tree autoedge RSTP and MSTP 441 spanning tree bpdu 442 spanning tree cisco interoperability MSTP 444 spanning tree edgeport RSTP and MSTP 445 spanning tree enable 446 spanning tree errdisable timeout enable 448 spanning tree errdisable timeout interval 449 spanning tree force version 450 spanning tree forward time 451 spanning tree...

Page 49: ...6 spanning tree transmit holdcount 477 speed asyn 222 speed 354 ssh client 1036 ssh server allow users 1040 ssh server authentication 1042 ssh server deny users 1044 ssh server resolve host 1046 ssh server scp 1047 ssh server sftp 1048 ssh server 1038 ssh 1034 static channel group 499 switchport access vlan 372 switchport atmf arealink remote area 1252 switchport atmf crosslink 1253 switchport atm...

Page 50: ...390 system territory deprecated 224 tacacs server host 1000 tacacs server key 1002 tacacs server timeout 1003 tcpdump 579 telnet server 98 telnet 97 terminal length 99 terminal monitor 225 terminal resize 100 test interface 301 test 1431 time trigger 1432 timeout ping polling 1472 traceroute ipv6 599 traceroute 580 trap 1434 trigger activate 1436 trigger 1435 trust dscp 812 type atmf node 1256 typ...

Page 51: ...81 undebug lacp 501 undebug loopprot 356 undebug mail 1400 undebug mstp 478 undebug ping poll 1474 undebug platform packet 357 undebug radius 997 undebug snmp 1331 undebug ssh client 1049 undebug ssh server 1050 undebug trigger 1448 up count 1473 username 101 vlan classifier activate 394 vlan classifier group 395 vlan classifier rule ipv4 396 vlan classifier rule proto 397 vlan database 400 vlan 3...

Page 52: ...n alphabetical reference for the commands used to navigate between different modes This chapter also provides a reference for the help and show commands used to help navigate within the CLI Command List configure terminal on page 53 disable Privileged Exec mode on page 54 do on page 55 enable Privileged Exec mode on page 56 end on page 58 exit on page 59 help on page 60 logout on page 61 show hist...

Page 53: ...4 5I 0 x CLI NAVIGATION COMMANDS CONFIGURE TERMINAL configure terminal Overview This command enters the Global Configuration command mode Syntax configure terminal Mode Privileged Exec Example To enter the Global Configuration command mode note the change in the command prompt enter the command awplus configure terminal awplus config ...

Page 54: ...DS DISABLE PRIVILEGED EXEC MODE disable Privileged Exec mode Overview This command exits the Privileged Exec mode returning the prompt to the User Exec mode To end a session use the exit command Syntax disable Mode Privileged Exec Example To exit the Privileged Exec mode enter the command awplus disable awplus Related Commands enable Privileged Exec mode end exit ...

Page 55: ...I 0 x CLI NAVIGATION COMMANDS DO do Overview This command lets you to run User Exec and Privileged Exec mode commands when you are in any configuration mode Syntax do command Mode Any configuration mode Example awplus configure terminal awplus config do ping 192 0 2 23 Parameter Description command Specify the command and its parameters ...

Page 56: ...Users access higher privilege levels with the enable Privileged Exec mode command If the privilege level specified is higher than the users configured privilege level specified by the username command then the user is prompted for the password for that level Note that a separate password can be configured for each privilege level using the enable password and the enable secret commands from the Gl...

Page 57: ...0 x CLI NAVIGATION COMMANDS ENABLE PRIVILEGED EXEC MODE Privilege Exec mode Use the enable password command or the enable secret commands to set the password to enable access to Privileged Exec mode awplus enable 7 awplus Related Commands disable Privileged Exec mode enable password enable secret exit service password encryption username ...

Page 58: ...nd mode from any other advanced command mode Syntax end Mode All advanced command modes including Global Configuration and Interface Configuration modes Example The following example shows the use of the end command to return to the Privileged Exec mode directly from Interface mode awplus configure terminal awplus config interface vlan2 awplus config if end awplus Related Commands disable Privileg...

Page 59: ...previous level When used in User Exec mode the exit command terminates the session Syntax exit Mode All command modes including Global Configuration and Interface Configuration modes Example The following example shows the use of exit command to exit Interface mode and return to Configure mode awplus configure terminal awplus config interface vlan2 awplus config if exit awplus config Related Comma...

Page 60: ...d modes Example To display a description on how to use the system help use the command awplus help Output Figure 1 1 Example output from the help command When you need help at the command line press If nothing matches the help list will be empty Delete characters until entering a shows the available options Enter after a complete parameter to show remaining valid command parameters e g show Enter ...

Page 61: ...AlliedWare Plus Operating System Version 5 4 5I 0 x CLI NAVIGATION COMMANDS LOGOUT logout Overview This command exits the User Exec or Privileged Exec modes and ends the session Syntax logout Mode User Exec and Privileged Exec Example To exit the User Exec mode use the command awplus logout ...

Page 62: ...lists all command line entries including commands that returned an error For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show history Mode User Exec and Privileged Exec Example To display the commands entered during the current session use the command awplus show h...

Page 63: ...ret on page 70 exec timeout on page 73 flowcontrol hardware asyn console on page 75 length asyn on page 77 line on page 78 privilege level on page 80 security password history on page 81 security password forced change on page 82 security password lifetime on page 83 security password minimum categories on page 84 security password minimum length on page 85 security password reject expired pwd on ...

Page 64: ...tem Version 5 4 5I 0 x USER ACCESS COMMANDS show privilege on page 92 show security password configuration on page 93 show security password user on page 94 show telnet on page 95 show users on page 96 telnet on page 97 telnet server on page 98 terminal length on page 99 terminal resize on page 100 username on page 101 ...

Page 65: ...sole line If a terminal session exists on the line then the terminal session is terminated If console line settings have changed then the new settings are applied Syntax clear line console 0 Mode Privileged Exec Example To reset the console line asyn use the command awplus clear line console 0 awplus The new settings for console line 0 have been applied Related Commands clear line vty flowcontrol ...

Page 66: ...S COMMANDS CLEAR LINE VTY clear line vty Overview This command resets a VTY line If a session exists on the line then it is closed Syntax clear line vty 0 32 Mode Privileged Exec Example To reset the first vty line use the command awplus clear line vty 1 Related Commands privilege level line show telnet show users Parameter Description 0 32 Line number ...

Page 67: ...ork Administrator to set a password for entering the Privileged Exec mode when using the enable Privileged Exec mode command There are three methods to enable a password In the examples below for each method note that the configuration is different and the configuration file output is different but the password string to be used to enter the Privileged Exec mode with the enable command is the same...

Page 68: ...ncryption command First use the enable password command to specify the string that you want to use as a password mypasswd Then use the service password encryption command to encrypt the specified string mypasswd The advantage of using an encrypted password is that the configuration file does not show mypasswd it will only show the encrypted string fU7zHzuutY2SA awplus configure terminal awplus con...

Page 69: ... show only the encrypted string and not the text string awplus configure terminal awplus config enable password 8 fU7zHzuutY2SA awplus config end This results in the following show output Related Commands enable Privileged Exec mode enable secret service password encryption privilege level show privilege username show running config awplus show run Current configuration hostname awplus enable pass...

Page 70: ...ivileged Exec mode command There are three methods to enable a password In the examples below for each method note that the configuration is different and the configuration file output is different but the password string to be used to enter the Privileged Exec mode with the enable command is the same mypasswd A user can have an intermediate CLI security level set with this command for privilege l...

Page 71: ...encrypt the specified string mypasswd The advantage of using an encrypted password is that the configuration file does not show mypasswd it will only show the encrypted string fU7zHzuutY2SA awplus configure terminal awplus config enable secret mypasswd awplus config service password encryption awplus config end This results in the following show output Using hidden passwords Configure an encrypted...

Page 72: ...5 4 5I 0 x USER ACCESS COMMANDS ENABLE SECRET This results in the following show output Related Commands enable Privileged Exec mode enable secret service password encryption privilege level show privilege username show running config awplus show run Current configuration hostname awplus enable password 8 fU7zHzuutY2SA interface lo ...

Page 73: ... VTY session before it times out An exec timeout 0 0 setting will cause the telnet session to wait indefinitely The command exec timeout 0 0 is useful while configuring a device but reduces device security If no input is detected during the interval then the current connection resumes If no connections exist then the terminal returns to an idle state and disconnects incoming sessions Examples To s...

Page 74: ...mmand Reference for IE200 Series Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x USER ACCESS COMMANDS EXEC TIMEOUT Related Commands line service telnet ...

Page 75: ...device are full a message is sent to the sending device to suspend the transmission until the data in the buffers has been processed Hardware flow control can be configured on terminal console lines e g asyn0 For Reverse Telnet connections hardware flow control must be configured to match on both the Access Server and the Remote Device For terminal console sessions hardware flow control must be co...

Page 76: ...ble hardware flow control on terminal console line asyn0 use the commands awplus configure terminal awplus config line console 0 awplus config line flowcontrol hardware To disable hardware flow control on terminal console line asyn0 use the commands awplus configure terminal awplus config line console 0 awplus config line no flowcontrol hardware Related Commands clear line console show running con...

Page 77: ...a command is longer than the length of the line the output will be paused and the More prompt allows you to move to the next screen full of data A length of 0 will turn off pausing and data will be displayed to the console as long as there is data to display Examples To set the terminal session length on the console to 10 rows use the command awplus configure terminal awplus config line console 0 ...

Page 78: ...the speed asyn command Set the console speed Baud rate to match the transmission rate of the device connected to the console asyn port on your device Note that line configuration commands do not take effect immediately Line configuration commands take effect after one of the following commands or events issuing a clear line console command issuing a reboot command logging out of the current sessio...

Page 79: ...l Managed PoE Switches 79 AlliedWare Plus Operating System Version 5 4 5I 0 x USER ACCESS COMMANDS LINE Related Commands accounting login clear line console clear line vty flowcontrol hardware asyn console length asyn login authentication privilege level speed asyn ...

Page 80: ... in Privileged Exec and all User Exec commands However intermediate CLI security will not show configuration commands in Privileged Exec Examples To set the console connection to have the maximum privilege level use the following commands awplus configure terminal awplus config line console 0 awplus config line privilege level 15 To set all vty connections to have the minimum privilege level use t...

Page 81: ...To restrict reuse of the three most recent passwords use the command awplus configure terminal awplus config security password history 3 To allow the reuse of recent passwords use the command awplus configure terminal awplus config no security password history Validation Commands show running config security password show security password configuration Related Commands security password forced ch...

Page 82: ...e command and the reject expired pwd feature must be disabled with the security password reject expired pwd command The no security password forced change command disables the forced change feature Syntax security password forced change no security password forced change Default The forced change feature is disabled by default Mode Global Configuration Example To force a user to change their expir...

Page 83: ... lifetime Default The default password lifetime is 0 which will disable the lifetime functionality Mode Global Configuration Example To configure the password lifetime to 10 days use the command awplus configure terminal awplus config security password lifetime 10 Validation Commands show running config security password show security password configuration Related Commands security password histo...

Page 84: ...the minimum number of categories should align with the lifetime selected i e the fewer categories specified the shorter the lifetime specified Syntax security password minimum categories 1 4 Default The default number of categories that the password must satisfy is 1 Mode Global Configuration Example To configure the required minimum number of character categories to be 3 use the command awplus co...

Page 85: ... length 1 23 Default The default minimum password length is 1 Mode Global Configuration Example To configure the required minimum password length as 8 use the command awplus configure terminal awplus config security password minimum length 8 Validation Commands show running config security password show security password configuration Related Commands security password history security password fo...

Page 86: ...efault config file Note that when the reject expired pwd functionality is disabled and a user logs on with an expired password if the forced change feature is enabled with security password forced change command a user may have to change the password during login depending on the password lifetime specified by the security password lifetime command The no security password reject expired pwd comma...

Page 87: ...period is 0 which disables warning functionality Mode Global Configuration Example To configure a warning period of three days use the command awplus configure terminal awplus config security password warning 3 Validation Commands show running config security password show security password configuration Related Commands security password history security password forced change security password l...

Page 88: ...le the help feature displays the possible options The no service advanced vty command disables the advanced vty help feature Syntax service advanced vty no service advanced vty Default The advanced vty help feature is enabled by default Mode Global Configuration Examples To disable the advanced vty help feature use the command awplus configure terminal awplus config no service advanced vty To re e...

Page 89: ...n is enabled the device displays passwords in the running config in encrypted form instead of in plain text Use the no service password encryption command to stop the device from displaying newly entered passwords in encrypted form This does not change the display of existing passwords Syntax service password encryption no service password encryption Mode Global Configuration Example awplus config...

Page 90: ...ons However existing telnet sessions will still be active Syntax service telnet ip ipv6 no service telnet ip ipv6 Default The IPv4 and IPv6 telnet servers are enabled by default The configured telnet port is TCP port 23 by default Mode Global Configuration Examples To enable both the IPv4 and IPv6 telnet servers use the following commands awplus configure terminal awplus config service telnet To e...

Page 91: ...rence for IE200 Series Industrial Managed PoE Switches 91 AlliedWare Plus Operating System Version 5 4 5I 0 x USER ACCESS COMMANDS SERVICE TERMINAL LENGTH DELETED service terminal length deleted Overview This command has been deleted ...

Page 92: ... Privilege level 15 gives full user access to all Privileged Exec commands Syntax show privilege Mode User Exec and Privileged Exec Usage A user can have an intermediate CLI security level set with this command for privilege levels 7 14 to access all show commands in Privileged Exec mode and all commands in User Exec mode but no configuration commands in Privileged Exec mode Example To show the cu...

Page 93: ...splay the current security password rule configuration settings use the command awplus show security password configuration Output Figure 2 2 Example output from the show security password configuration command Related Commands show running config security password show security password user Security Password Configuration Minimum password length 8 Minimum password character categories to match 3...

Page 94: ... Mode Privileged Exec Example To display the system users remaining lifetime or last password change use the command awplus show security password user Output Figure 2 3 Example output from the show security password user command Related Commands show running config security password show security password configuration User account and password information UserName Privilege Last PWD Change Remai...

Page 95: ...view This command shows the Telnet server settings Syntax show telnet Mode User Exec and Privileged Exec Example To show the Telnet server settings use the command awplus show telnet Output Figure 2 4 Example output from the show telnet command Related Commands clear line vty service telnet show users telnet server Telnet Server Configuration Telnet server Enabled Protocol IPv4 IPv6 Port 23 ...

Page 96: ...m the show users command Line User Host s Idle Location Priv Idletime Timeout con 0 manager idle 00 00 00 ttyS0 15 10 N A vty 0 bob idle 00 00 03 172 16 11 3 1 0 5 Table 2 1 Parameters in the output of the show users command Parameter Description Line Console port user is connected to User Login name of user Host s Status of the host the user is connected to Idle How long the host has been idle Lo...

Page 97: ...telnet server host example use the command awplus telnet host example To connect to the telnet server host example on TCP port 100 use the command awplus telnet host example 100 Parameter Description hostname The host name of the remote system ip Keyword used to specify the IPv4 address or host name of a remote system ipv4 addr An IPv4 address of the remote system ipv6 Keyword used to specify the ...

Page 98: ...server is already enabled then it will be restarted on the new port Changing the port number does not affect the port used by existing sessions Syntax telnet server 1 65535 default Mode Global Configuration Example To enable the telnet server on TCP port 2323 use the following commands awplus configure terminal awplus config telnet server 2323 Related Commands show telnet Parameter Description 1 6...

Page 99: ...emove the length specified by this command The default length will apply unless you have changed the length for some or all lines by using the length asyn command Syntax terminal length length terminal no length length Mode User Exec and Privileged Exec Examples The following example sets the number of lines to 15 awplus terminal length 15 The following example removes terminal length set previous...

Page 100: ... of rows configured on the user s terminal Syntax terminal resize Mode User Exec and Privileged Exec Usage When the user s terminal size is changed then a remote session via SSH or TELNET adjusts the terminal size automatically However this cannot normally be done automatically for a serial or console port This command automatically adjusts the terminal size for a serial or console port Examples T...

Page 101: ...only access higher privilege levels if an enable password has been configured for the level the user tries to access and the user enters that password A user at privilege level 1 can access the majority of show commands A user at privilege level 7 can access the majority of show commands including platform show commands Privilege Level 15 to access the Privileged Exec command mode is required to a...

Page 102: ...e set for port authentication purposes from a RADIUS server Examples To create the user bob with a privilege level of 15 for all show commands including show running configuration and show startup configuration and to access configuration commands in Privileged Exec command mode and the password bobs_secret use the commands awplus configure terminal awplus config username bob privilege 15 password...

Page 103: ...e To specify a file in the configs directory in Flash flash configs example cfg Copyingtoorfrom a USB storage device usb directory filename To specify a file in the top level directory of the USB stick usb example cfg Copying with HTTP http username password hostname host ip filepath filename To specify a file in the configs directory on the server http www company com configs exa mple cfg Coying ...

Page 104: ... filenames Use hyphens or underscores instead Syntax for directory listings A leading slash indicates the root of the current filesystem location In commands where you need to specify the local filesystem s Flash base directory you may use flash or flash or flash For example these commands are all the same dir flash dir flash dir flash Similarly you can specify the USB storage device base director...

Page 105: ...ename on page 128 erase startup config on page 130 mkdir on page 131 move on page 132 move debug on page 133 pwd on page 134 rmdir on page 135 show autoboot on page 136 show boot on page 137 show file on page 139 show file systems on page 140 show running config on page 142 show running config access list on page 144 show running config dhcp on page 145 show running config full on page 146 show ru...

Page 106: ... Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x FILE MANAGEMENT COMMANDS show startup config on page 155 show version on page 156 write file on page 157 write memory on page 158 write terminal on page 159 ...

Page 107: ...se file and or configuration file from the external media An example of a valid autoboot txt file is shown in the following figure Figure 3 1 Example autoboot txt file NOTE Syntax autoboot enable no autoboot enable Default The Autoboot feature operates the first time the device is powered up in the field after which the feature is disabled by default Mode Global Configuration Example To enable the...

Page 108: ...ation fallback order see the File Management Feature Overview and Configuration Guide Examples To run the configuration file branch cfg stored on the device s Flash filesystem the next time the device boots up use the commands awplus configure terminal awplus config boot config file flash branch cfg To remove the configuration file branch cfg stored on the device s Flash filesystem the next time t...

Page 109: ...ILE MANAGEMENT COMMANDS BOOT CONFIG FILE To remove the configuration file branch cfg stored on the switch s USB storage device filesystem the next time the device boots up use the commands awplus configure terminal awplus config no boot config file usb branch cfg Related Commands boot config file backup boot system boot system backup show boot ...

Page 110: ...e File Management Feature Overview and Configuration Guide Examples To set the configuration file backup cfg as the backup to the main configuration file use the commands awplus configure terminal awplus config boot config file backup flash backup cfg To remove the configuration file backup cfg as the backup to the main configuration file use the commands awplus configure terminal awplus config no...

Page 111: ...nd all stack members have a bootloader version that supports booting from it If a stack member has a USB storage device removed an error message is displayed For example if stack member 2 does not have a USB storage device inserted the following message is displayed Examples To run the release file IE200 5 4 5I 01 rel stored on the device s Flash filesystem the next time the device boots up use th...

Page 112: ... device filesystem the next time the device boots up use the commands awplus configure terminal awplus config boot system usb IE200 5 4 5I 01 rel To remove the release file IE200 5 4 5I 01 rel stored on the switch s USB storage device filesystem the next time the device boots up use the commands awplus configure terminal awplus config boot system usb IE200 5 4 5I 01 rel Related Commands boot confi...

Page 113: ...ation Examples To specify the file IE200 5 4 5I 01 rel as the backup to the main release file use the commands awplus configure terminal awplus config boot system backup flash IE200 5 4 5I 01 rel To remove the file IE200 5 4 5I 01 rel as the backup to the main release file use the commands awplus configure terminal awplus config no boot system backup flash IE200 5 4 5I 01 rel Related Commands boot...

Page 114: ... 5I 0 x FILE MANAGEMENT COMMANDS CD cd Overview This command changes the current working directory Syntax cd directory name Mode Privileged Exec Example To change to the directory called images use the command awplus cd images Related Commands dir pwd show file systems Parameter Description directory name Name and path of the directory ...

Page 115: ...cal filesystem Syntax copy current software destination name Mode Privileged Exec Example To copy the current software as installed in the working directory with the file name my release rel use the command awplus copy current software my release rel Related Commands boot system backup show boot Parameter Description destination name The filename and path where you would like the current running r...

Page 116: ...nvs scp tftp usb source name debug flash nvs scp tftp usb Mode Privileged Exec Example To copy debug output to a USB storage device with a filename my debug use the following command awplus copy debug usb mydebug Output Figure 3 2 CLI prompt after entering the copy debug command Related Commands delete debug move debug Parameter Description destination name The filename and path where you would li...

Page 117: ...SCP to copy the running config as current cfg to the remote server listening on TCP port 2000 use the command awplus copy running config scp user server 2000 config_files current cfg Related Commands copy startup config write file write memory Parameter Description source name The filename and path of a configuration file This must be a valid configuration file with a cfg filename extension Specif...

Page 118: ...rrent directory use the command awplus copy startup config oldconfig cfg Related Commands copy running config Parameter Description source name The filename and path of a configuration file This must be a valid configuration file with a cfg filename extension Specify this to copy the script in the file into the startup config file Note that this does not make the copied file the new startup file s...

Page 119: ...e create two copies of the same file on your device Syntax copy source name destination name Mode Privileged Exec Usage The filename and path can include characters from up to four categories The categories are 1 uppercase letters A to Z 2 lowercase letters a to z 3 digits 0 to 9 4 special symbols all printable ASCII characters not included in the previous three categories Including the following ...

Page 120: ...e directory config_files on a remote server that is listening on TCP port 2000 use the command awplus copy scp beth serv 2000 config_files old cfg old cfg To copy the file newconfig cfg onto your device s Flash from a USB storage device use the command awplus copy usb newconfig cfg flash newconfig cfg To copy the file newconfig cfg to a USB storage device from your device s Flash use the command a...

Page 121: ...M using Minicom ZMODEM works over a serial connection and does not need any interfaces configured to do a file transfer Syntax copy source name zmodem copy zmodem Mode Privileged Exec Example To copy the local file asuka key using ZMODEM use the command awplus copy asuka key zmodem Related Commands copy filename show file systems Parameter Description source name The filename and path of the sourc...

Page 122: ... that the keys and values that are expected in this file are correct After the file is created the create autoboot command will copy the current release and configuration files across to the external media The external media is then available to restore a release file and or a configuration file to the device Syntax create autoboot usb Mode Privileged Exec Example To create an autoboot txt file on...

Page 123: ...om the current directory use the command awplus delete force one cfg To delete the directory old_configs which is not empty use the command awplus delete recursive old_configs To delete the directory new_configs which is not empty without prompting if any read only files are being deleted use the command awplus delete force recursive new_configs Related Commands erase startup config rmdir Paramete...

Page 124: ... a specified debug output file Syntax delete debug source name Mode Privileged Exec Example To delete debug output use the following command awplus delete debug Output Figure 3 3 CLI prompt after entering the delete debug command Related Commands copy debug move debug Parameter Description source name The filename and path where the debug output originates See Introduction on page 103 for valid UR...

Page 125: ...in the root of the Flash filesystem use the command awplus dir all flash To list recursively the files in the Flash filesystem use the command awplus dir recursive flash To list the files in alphabetical order use the command awplus dir sort name To list the files by size smallest to largest use the command awplus dir sort reverse size Parameter Description all List all files recursive List the co...

Page 126: ...al Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x FILE MANAGEMENT COMMANDS DIR To sort the files by modification time oldest to newest use the command awplus dir sort reverse time Related Commands cd pwd ...

Page 127: ...ng the editor make sure your terminal terminal emulation program or Telnet client is 100 compatible with a VT100 terminal The editor uses VT100 control sequences to display text on the terminal For more information about using the editor including control sequences see the File Management Feature Overview and Configuration Guide Syntax edit filename Mode Privileged Exec Examples To create and edit...

Page 128: ...rminal The editor uses VT100 control sequences to display text on the terminal Syntax edit filename Mode Privileged Exec Usage The filename and path can include characters from up to four categories The categories are 1 uppercase letters A to Z 2 lowercase letters a to z 3 digits 0 to 9 4 special symbols all printable ASCII characters not included in the previous three categories Including the fol...

Page 129: ...witches 129 AlliedWare Plus Operating System Version 5 4 5I 0 x FILE MANAGEMENT COMMANDS EDIT FILENAME Example To view the file bob key stored in the security directory of a TFTP server use the command awplus edit tftp security bob key Related Commands copy filename edit show file ...

Page 130: ...stem runs when it boots up At the next restart the device loads the default configuration file default cfg If default cfg no longer exists then the device loads with the factory default configuration This provides a mechanism for you to return the device to the factory default settings Syntax erase startup config Mode Privileged Exec Example To delete the file currently set as the startup config u...

Page 131: ...yntax mkdir name Mode Privileged Exec Usage You cannot name a directory or subdirectory flash nvs usb card tftp scp sftp or http These keywords are reserved for tab completion when using various file commands Example To make a new directory called images in the current directory use the command awplus mkdir images Related Commands cd dir pwd Parameter Description name The name and path of the dire...

Page 132: ...file temp cfg to startup cfg use the command awplus move temp cfg startup cfg To move the file temp cfg from the root of the Flash filesystem to the directory myconfigs use the command awplus move temp cfg myconfigs temp cfg Related Commands delete edit show file show file systems Parameter Description source name The filename and path of the source file See Introduction on page 103 for valid synt...

Page 133: ... Mode Privileged Exec Example To move debug output onto a USB storage device with a filename my debug use the following command awplus move debug usb my debug Output Figure 3 4 CLI prompt after entering the move debug command Related Commands copy debug delete debug Parameter Description destination name The filename and path where you would like the debug output moved to See Introduction on page ...

Page 134: ...66 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x FILE MANAGEMENT COMMANDS PWD pwd Overview This command prints the current working directory Syntax pwd Mode Privileged Exec Example To print the current working directory use the command awplus pwd Related Commands cd ...

Page 135: ...directory Syntax rmdir force name Mode Privileged Exec Examples To remove the directory images from the top level of the Flash filesystem use the command awplus rmdir flash images To force the removal of directory level1 containing subdirectory level2 use the command awplus mkdir level1 awplus mkdir level1 level2 awplus rmdir force level1 Related Commands cd dir mkdir pwd Parameter Description for...

Page 136: ...utput Figure 3 5 Example output from the show autoboot command Figure 3 6 Example output from the show autoboot command when an external media source is not present Related Commands autoboot enable create autoboot show boot awplus show autoboot Autoboot configuration Autoboot status enabled USB file autoboot txt exists yes Restore information on USB Autoboot enable in autoboot txt yes Restore rele...

Page 137: ...onfig flash backup cfg file not found Autoboot status enabled Table 3 1 Parameters in the output of the show boot command Parameter Description Current software The current software release that the device is using Current boot image The boot image currently configured for use during the next boot cycle Backup boot image The boot image to use during the next boot cycle if the device cannot load th...

Page 138: ...eries Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x FILE MANAGEMENT COMMANDS SHOW BOOT Related Commands autoboot enable boot config file backup boot system backup show autoboot ...

Page 139: ... command displays the contents of a specified file Syntax show file filename Mode Privileged Exec Example To display the contents of the file oldconfig cfg which is in the current directory use the command awplus show file oldconfig cfg Related Commands edit edit filename show file systems Parameter Description filename Name of a file on the local Flash filesystem or name and directory path of a f...

Page 140: ...ash rw flash static local Y system rw system virtual local 10 0M 9 9M debug rw debug static local Y 499 0K 430 0K nvs rw nvs static local Y usbstick rw usb dynamic local N tftp rw tftp network scp rw scp network sftp ro sftp network http ro http network rsync rw rsync network Table 3 2 Parameters in the output of the show file systems command Parameter Description Size B Available The total memory...

Page 141: ...ilename show file Prefixes The prefixes used when entering commands to access the filesystems one of flash system nvs tftp scp sftp http S V D The memory type static virtual dynamic Lcl Ntwk Whether the memory is located locally or via a network connection Avail Whether the memory is accessible Y yes N no not applicable Table 3 2 Parameters in the output of the show file systems command cont Param...

Page 142: ...ays To display only lines that contain a particular word enter include word after the command To start the display at the first line that contains a particular word enter begin word after the command To save the output to a file enter filename after the command For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Fea...

Page 143: ...encryption no banner motd username manager privilege 15 password 8 1 bJoVec4D JwOJGPr7YqoExA0GVasdE0 no service ssh platform hwfilter size ipv4 limited ipv6 service telnet no service telnet ipv6 service http no clock timezone no snmp server ipv6 service test aaa authentication enable default local aaa authentication login default local ip domain lookup no service dhcp server spanning tree mode rst...

Page 144: ...mand output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show running config access list Mode Privileged Exec and Global Configuration Example To display the running system status and configuration details for access list use the command awplus show running config access list Output Figure 3 10 Example output from t...

Page 145: ... awplus show running config dhcp Output Figure 3 11 Example output from the show running config dhcp command Related Commands copy running config show running config show running config dhcp no service dhcp server service dhcp snooping interface port1 0 1 ip dhcp snooping trust interface port1 0 3 ip dhcp snooping max bindings 25 access group dhcpsnooping interface port1 0 4 ip dhcp snooping max b...

Page 146: ... show running config full Mode Privileged Exec and Global Configuration Example To display the complete status and configuration of the running system use the command awplus show running config full Output Figure 3 12 Example output from the show running config full command Related Commands copy running config show running config awplus show running config full no service password encryption inter...

Page 147: ...group e g po2 a continuous range of interfaces ports static channel groups or dynamic LACP channel groups separated by a hyphen e g vlan2 8 or port1 0 1 1 0 4 or sa1 2 or po1 2 a comma separated list of the above e g port1 0 1 port1 0 4 1 0 6 Do not mix interface types in a list The specified interfaces must exist dot1x Displays running configuration for 802 1X port authentication for the specifie...

Page 148: ...vlan1 vlan3 vlan5 Output Figure 3 13 Example output from a show running config interface port1 0 2 command Figure 3 14 Example output from the show running config interface command Related Commands copy running config show running config awplus sh running config interface port1 0 2 interface port1 0 2 switchport switchport mode access awplus sh running config interface interface port1 0 1 1 0 6 sw...

Page 149: ...tering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show running config ipv6 access list Mode Privileged Exec and Global Configuration Example To display the running system status and configuration for IPv6 ACLs use the command awplus show running config ipv6 access list Output Figure 3 15 ...

Page 150: ...the running system key chain related configuration Syntax show running config key chain Mode Privileged Exec and Global Configuration Example To display the running system key chain related configuration use the command awplus show running config key chain Output Figure 3 16 Example output from the show running config key chain command Related Commands copy running config show running config key c...

Page 151: ...vileged Exec and Global Configuration Example To display the current configuration of LLDP use the command awplus show running config lldp Output Figure 3 17 Example output from the show running config lldp command Related Commands show lldp show lldp interface awplus show running config lldp lldp notification interval 10 lldp timer 20 interface port1 0 1 lldp notifications lldp tlv select port de...

Page 152: ...s The PoE usage threshold percentage as specified by the power inline usage threshold command is displayed in the running config using this command Syntax show running config power inline Mode Privileged Exec and Global Configuration Example To display the PoE running system status and configuration details use the command awplus show running config power inline Output Figure 3 18 Example output f...

Page 153: ...w Use this command to show the running system global router ID configuration Syntax show running config router id Mode Privileged Exec and Global Configuration Example To display the running system global router ID configuration use the command awplus show running config router id Output Figure 3 19 Example output from the show running config router id command Related Commands copy running config ...

Page 154: ...output is displayed for that feature Syntax show running config security password Mode Privileged Exec and Global Configuration Example To display the current security password rule settings in the running config use the command awplus show running config security password Output Figure 3 20 Example output from the show running config security password command Related Commands show security passwo...

Page 155: ...ing Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show startup config Mode Privileged Exec Example To display the contents of the current start up configuration file use the command awplus show startup config Output Figure 3 21 Example output from the show startup config command Related Commands boot config file backup copy running config copy startup config erase st...

Page 156: ... SHOW VERSION show version Overview This command displays the version number and copyright details of the current AlliedWare Plus OS your device is running Syntax show version Mode User Exec and Privileged Exec Example To display the version details of your currently installed software use the command awplus show version Related Commands boot system backup show boot ...

Page 157: ...s command copies the running config into the file that is set as the current startup config file This command is a synonym of the write memory and copy running config startup config commands Syntax write file Mode Privileged Exec Example To write configuration data to the start up configuration file use the command awplus write file Related Commands copy running config write memory show running co...

Page 158: ...his command copies the running config into the file that is set as the current startup config file This command is a synonym of the write file and copy running config startup config commands Syntax write memory Mode Privileged Exec Example To write configuration data to the start up configuration file use the command awplus write memory Related Commands copy running config write file show running ...

Page 159: ...EMENT COMMANDS WRITE TERMINAL write terminal Overview This command displays the current configuration of the device This command is a synonym of the show running config command Syntax write terminal Mode Privileged Exec Example To display the current configuration of your device use the command awplus write terminal Related Commands show running config ...

Page 160: ... on page 162 banner login system on page 164 banner motd on page 166 clock set on page 168 clock summer time date on page 169 clock summer time recurring on page 171 clock timezone on page 173 continuous reboot prevention on page 174 ecofriendly led on page 176 findme on page 177 hostname on page 178 no debug all on page 180 reboot on page 181 reload on page 182 show clock on page 183 show continu...

Page 161: ...1 show memory shared on page 202 show process on page 203 show reboot history on page 205 show router id on page 206 show system on page 207 show system environment on page 208 show system interrupts on page 209 show system mac on page 210 show system pluggable on page 211 show system pluggable detail on page 213 show system pluggable diagnostics on page 217 show system serialnumber on page 219 sh...

Page 162: ... the no banner exec command to disable the User Exec banner and remove the default User Exec banner Syntax banner exec banner text banner exec default no banner exec Default By default the AlliedWare Plus version and build date is displayed at console login such as Mode Global Configuration Examples To configure a User Exec mode banner after login enter the following commands AlliedWare Plus TM 5 ...

Page 163: ...ogin enter the following commands To remove the User Exec mode banner after login enter the following commands Related Commands banner login system banner motd awplus configure terminal awplus config banner exec default awplus config exit awplus exit awplus login manager Password AlliedWare Plus TM 5 4 5 06 06 14 13 03 59 awplus awplus configure terminal awplus config no banner exec awplus config ...

Page 164: ...ayed after the MOTD Message of the Day banner and before the login username and password prompts Use the no banner login command to disable the login banner Syntax banner login no banner login Default By default no login banner is displayed at console login Mode Global Configuration Examples To configure a login banner to be displayed when you login enter the following commands awplus configure te...

Page 165: ...ing System Version 5 4 5I 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER LOGIN SYSTEM To remove the login banner enter the following commands Related Commands banner exec banner motd awplus configure terminal awplus config no banner login awplus config exit awplus exit awplus login manager Password awplus ...

Page 166: ...etwork users for example any imminent system shutdowns Use the no variant of this command to not display a text MOTD Message of the Day banner on login Syntax banner motd motd text no banner motd Default By default the device displays the AlliedWare Plus OS version and build date before login Mode Global Configuration Examples To configure a MOTD banner to be displayed when you log in enter the fo...

Page 167: ...x SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER MOTD To remove the login banner enter the following commands Related Commands banner exec banner login system awplus enable awplus configure terminal awplus config no banner motd awplus config exit awplus exit awplus login manager Password AlliedWare Plus TM 5 4 5 06 06 14 13 03 59 awplus ...

Page 168: ...e device applies the new offset to the local time NOTE If Network Time Protocol NTP is enabled then you cannot change the time or date using this command NTP maintains the clock automatically using an external time source If you wish to manually alter the time or date you must first disable NTP Example To set the time and date on your system to 2pm on the 2nd of April 2007 use the command awplus c...

Page 169: ...as the standard time and NZDT UTC 13 00 assummertime with thesummertimesetto begin on the 1st October 2007 and end on the 18th of March 2008 awplus config clock summer time NZDT date 1 oct 2 00 2007 18 mar 2 00 2008 60 To remove any summertime settings on the system use the command awplus config no clock summer time Parameter Description timezone name A description of the summertime zone up to 6 c...

Page 170: ...ries Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS CLOCK SUMMER TIME DATE Related Commands clock summer time recurring clock timezone ...

Page 171: ...is summertime setting applies every year from now on start week Week of the month when summertime starts in the range 1 5 The value 5 indicates the last week that has the specified day in it for the specified month For example to start summertime on the last Sunday of the month enter 5 for start week and sun for start day start day Day of the week when summertime starts Valid values are mon tue we...

Page 172: ... definition for New Zealand using NZST UTC 12 00 as the standard time and NZDT UTC 13 00 as summertime with summertime set to start on the 1st Sunday in October and end on the 3rd Sunday in March use the command awplus config clock summer time NZDT recurring 1 sun oct 2 00 3 sun mar 2 00 60 To remove any summertime settings on the system use the command awplus config no clock summer time Related C...

Page 173: ...ies the new offset to the local time Examples To set the timezone to New Zealand Standard Time with an offset from UTC of 12 hours use the command awplus config clock timezone NZST plus 12 To set the timezone to Indian Standard Time with an offset from UTC of 5 30 hours use the command awplus config clock timezone IST plus 5 30 To set the timezone back to UTC with no offsets use the command awplus...

Page 174: ...opreboot no continuous reboot prevention enable no continuous reboot prevention period threshold action Default Continuous reboot prevention is disabled by default The default period value is 600 the default threshold value is 1 and the default action is linkdown Mode Global Configuration Usage Note that user initiated reboots via the CLI and software version auto synchronization reboots are not c...

Page 175: ...o 500 and action to stopreboot use the commands awplus configure terminal awplus config continuous reboot prevention period 500 action stopreboot To return the period and action to the defaults and keep the continuous reboot prevention feature enabled use the commands awplus configure terminal awplus config no continuous reboot prevention period action To disable continuous reboot prevention use t...

Page 176: ...re is disabled by default Mode Global Configuration Usage When the eco friendly LED feature is enabled a change in port status will not affect the display of the associated LED When the eco friendly LED feature is disabled and power is returned to port LEDs the LEDs will correctly show the current state of the ports For an example of how to configure a trigger to turn offpower to port LEDs see the...

Page 177: ...terface or interfaces are flashed with the optional interface parameter Example To activate the Find Me feature for the default duration 60 seconds on all ports use the following command awplus findme To activate the Find Me feature for 120 seconds on all ports use the following command awplus findme timeout 120 To activate the Find Me feature for the default duration 60 seconds on switch port int...

Page 178: ...s for ARPANET host names The name must start with a letter end with a letter or digit and use only letters digits and hyphens Refer to RFC 1035 NOTE Within an AMF network any device without a hostname applied will automatically be assigned a name based on its MAC address To efficiently manage your network using AMF we strongly advise that you devise a naming convention for your network devices and...

Page 179: ...edWare Plus Operating System Version 5 4 5I 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS HOSTNAME NOTE When AMF is configured running the no hostname command will apply a hostname that is based on the MAC address of the device node for example node_0000_5e00_5301 Related Commands show system ...

Page 180: ...yntax no debug all dot1x ipv6 nsm Mode Global Configuration and Privileged Exec Example To disable debugging for all features use the command awplus no debug all To disable all 802 1X debugging use the command awplus no debug all To disable all IPv6 debugging use the command awplus no debug all To disable all NSM debugging use the command awplus no debug all Related Commands undebug all Parameter ...

Page 181: ...N AND MONITORING COMMANDS REBOOT reboot Overview This command halts the device and performs a cold restart also known as reload It displays a confirmation request before restarting Syntax reboot reload Mode Privileged Exec Usage The reboot and reload commands perform the same action Examples To restart the device use the command awplus reboot reboot system y n y ...

Page 182: ...ies Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS RELOAD reload Overview This command performs the same function as the reboot command ...

Page 183: ...UTC Time Mon 6 Aug 2007 01 56 06 0000 Timezone NZST Timezone Offset 12 00 Summer time zone NZDT Summer time starts Last Sunday in September at 02 00 00 Summer time ends First Sunday in April at 02 00 00 Summer time offset 60 mins Summer time recurring Yes Table 4 1 Parameters in the output of the show clock command Parameter Description Local Time Current local time UTC Time Current UTC time Timez...

Page 184: ...rial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW CLOCK Related Commands clock set clock summer time date clock summer time recurring clock timezone ...

Page 185: ...e current continuous reboot prevention configuration Syntax show continuous reboot prevention Mode User Exec and Privileged Exec Examples To show the current continuous reboot prevention configuration use the command awplus show continuous reboot prevention Output Figure 4 2 Example output from the show continuous reboot prevention command Related Commands continuous reboot prevention show reboot ...

Page 186: ...lliedWare Plus Feature Overview and Configuration Guide Syntax show cpu sort thrds pri sleep runtime Mode User Exec and Privileged Exec Examples To show the CPU utilization of current processes sorting them by the number of threads the processes are using use the command awplus show cpu sort thrds Parameter Description sort Changes the sorting order using the following fields If you do not specify...

Page 187: ...0 0 20 sleep 0 153 521 dbus daemon 1 0 0 20 sleep 0 2 532 automount 1 0 0 20 sleep 0 453 571 appmond 1 0 0 20 sleep 0 41 587 crond 1 0 0 20 sleep 0 17 589 openhpid 9 0 0 20 sleep 0 284 609 inetd 1 0 0 20 sleep 0 2 761 nsm 1 0 0 20 sleep 0 260 765 imi 1 0 0 20 sleep 0 616 799 almond 1 0 0 20 sleep 0 52 805 cntrd 1 0 0 20 sleep 0 45 807 poehw 3 0 0 20 sleep 0 207 820 authd 1 0 0 20 sleep 0 76 kernel...

Page 188: ...s stated System load averages The average number of processes waiting for CPU time for the periods stated Current CPU load Current CPU utilization specified by load types pid Identifier number of the process name A shortened name for the process thrds Number of threads in the process cpu Percentage of CPU utilization that this process is consuming pri Process priority state state Process state one...

Page 189: ...ering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show cpu history Mode User Exec and Privileged Exec Usage This command s output displays three graphs of the percentage CPU utilization per second for the last minute then per minute for the last hour then per 30 minutes for the last 30 hou...

Page 190: ...rom the show cpu history command Per second CPU load history 100 90 80 70 60 50 40 30 20 10 Oldest Newest CPU load per second last 60 seconds average CPU load Per minute CPU load history 100 90 80 70 60 50 40 30 20 10 Oldest Newest CPU load per minute last 60 minutes average CPU load maximum Per 30 minute CPU load history 100 90 80 70 60 50 40 30 20 10 Oldest Newest CPU load per 30 minutes last 60...

Page 191: ...E200 Series Industrial Managed PoE Switches 191 AlliedWare Plus Operating System Version 5 4 5I 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW CPU HISTORY Related Commands show memory show memory allocations show memory pools show process ...

Page 192: ...al order Mode User Exec and Privileged Exec Usage This command displays all debugging information similar to the way the show tech support command displays all show output for use by Allied Telesis authorized service personnel only Example To display all debugging information use the command awplus show debugging Output Figure 4 5 Example output from the show debugging command awplus show debuggin...

Page 193: ...rom the show ecofriendly command awplus show ecofriendly Front panel port LEDs normal Energy efficient ethernet Port Name Configured Status port1 0 1 Port 1 off port1 0 2 off off port1 0 3 off port1 0 4 Port 4 off port1 0 5 off Table 4 3 Parameters in the output of the show ecofriendly command Parameter Description normal The eco friendly LED feature is disabled and port LEDs show the current stat...

Page 194: ...y used by all interfaces use the command awplus show interface memory To display the shared memory used by port1 0 1 and port1 0 5 to port1 0 6 use the command awplus show interface port1 0 1 port1 0 5 1 0 6 memory Output Figure 4 7 Example output from the show interface port list memory command Parameter Description port list The ports to display information about The port list can be a switch po...

Page 195: ...rface status show interface switchport awplus show interface memory Vlan blocking state shared memory usage Interface shmid Bytes Used nattch Status port1 0 1 393228 512 1 port1 0 2 458766 512 1 port1 0 3 360459 512 1 port1 0 4 524304 512 1 port1 0 5 491535 512 1 port1 0 6 557073 512 1 port1 0 7 327690 512 1 port1 0 8 655380 512 1 port1 0 9 622611 512 1 port1 0 21 950301 512 1 port1 0 22 1048608 5...

Page 196: ...arameter Description sort Changes the sorting order for the list of processes If you do not specify this then the list is sorted by percentage memory utilization size Sort by the amount of memory the process is currently using peak Sort by the amount of memory the process is currently using stk Sort by the stack size of the process awplus show memory sort stk RAM total 124384 kB free 64236 kB buff...

Page 197: ...hared Table 4 4 Parameters in the output of the show memory command Parameter Description RAM total Total amount of RAM memory free free Available memory size buffers Memory allocated kernel buffers pid Identifier number for the process name Short name used to describe the process mem Percentage of memory utilization the process is currently using size Amount of memory currently used by the proces...

Page 198: ... Privileged Exec Example To display the memory allocations used by all processes on your device use the command awplus show memory allocations Output Figure 4 10 Example output from the show memory allocations command Parameter Description process Displays the memory allocation used by the specified process awplus show memory allocations Memory allocations for imi Current 15093760 peak 15093760 St...

Page 199: ...dustrial Managed PoE Switches 199 AlliedWare Plus Operating System Version 5 4 5I 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW MEMORY ALLOCATIONS Related Commands show memory show memory history show memory pools show memory shared show tech support ...

Page 200: ...tax show memory history Mode User Exec and Privileged Exec Usage This command s output displays three graphs of the percentage memory utilization per second for the last minute then per minute for the last hour then per 30 minutes for the last 30 hours Examples To show a graph displaying the historical memory usage use the command awplus show memory history Output Figure 4 11 Example output from t...

Page 201: ...d Privileged Exec Example To shows the memory pools used by processes use the command awplus show memory pools Output Figure 4 12 Example output from the show memory pools command Related Commands show memory allocations show memory history show tech support Parameter Description process Displays the memory pools used by the specified process awplus show memory pools Memory pools for imi Current 1...

Page 202: ...in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show memory shared Mode User Exec and Privileged Exec Example To display information about the shared memory allocation used on the device use the command awplus show memory shared Output Figure 4 13 Example output from the show memory shared command Related Commands show memory allocations show memory hist...

Page 203: ...ring and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show process sort cpu mem Mode User Exec and Privileged Exec Example To display a summary of the current running processes use the command awplus show process Parameter Description sort Changes the sorting order for the list of processes cpu...

Page 204: ...log ng 1 0 0 16 sleep 88 kernel threads pid name cpu pri state sleep 71 aio 0 0 20 sleep 0 3 events 0 0 10 sleep 98 Table 4 5 Parameters in the output from the show process command Parameter Description CPU load Average CPU load for the given period RAM total Total memory size free Available memory buffers Memory allocated to kernel buffers pid Identifier for the process name Short name to describ...

Page 205: ...ected User Request 2014 01 10 01 35 31 Expected User Request 2014 01 10 01 16 25 Unexpected Rebooting due to critical process network nsm failure 2014 01 10 01 11 04 Unexpected Rebooting due to critical process network nsm failure 2014 01 09 19 56 16 Expected User Request 2014 01 09 19 51 20 Expected User Request Table 4 6 Parameters in the output from the show reboot history command Parameter Des...

Page 206: ...G COMMANDS SHOW ROUTER ID show router id Overview Use this command to show the Router ID of the current system Syntax show router id Mode User Exec and Privileged Exec Example To display the Router ID of the current system use the command awplus show router id Output Figure 4 16 Example output from the show router id command awplus show router id Router ID 10 55 0 2 automatic ...

Page 207: ...verview and Configuration Guide Syntax show system Mode User Exec and Privileged Exec Example To display configuration information use the command awplus show system Output Figure 4 17 Example output from the show system command Related Commands show system environment awplus show system Switch System Status Sun Jan 03 00 04 33 2010 Board ID Bay Board Name Rev Serial number Base 410 at IE200 6GP X...

Page 208: ...ut in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show system environment Mode User Exec and Privileged Exec Example To display the system s environmental status use the command awplus show system environment Output Figure 4 18 Example output from the show system environment command Related Commands show system awplus show system environment Environment...

Page 209: ...terrupt Request usedtointerruptinputlinesonaPIC ProgrammableInterruptController on your device For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show system interrupts Mode User Exec and Privileged Exec Example To display information about the number of interrupts fo...

Page 210: ...ORING COMMANDS SHOW SYSTEM MAC show system mac Overview This command displays the physical MAC address of the device Syntax show system mac Mode User Exec and Privileged Exec Example To display the physical MAC address enter the following command awplus show system mac Output Figure 4 19 Example output from the show system mac command awplus show system mac eccd 6d9d 4eed ...

Page 211: ...e Overview and Configuration Guide Syntax show system pluggable port list Mode User Exec and Privileged Exec Example To display brief information about all installed pluggable transceivers use the command awplus show system pluggable Output Figure 4 20 Example output from the show system pluggable command Example To display information about the pluggable transceiver installed in port1 0 5 use the...

Page 212: ... MONITORING COMMANDS SHOW SYSTEM PLUGGABLE Output Figure 4 21 Example output from the show system pluggable port1 0 5 command Related Commands show system environment show system pluggable detail show system pluggable diagnostics System Pluggable Information Port Manufacturer Device Serial Number Datecode Type 1 0 5 ATI AT TN P015 A A04840R131700049 130422 BASE BX10 ...

Page 213: ...ring datecode and type information the show system pluggable detail command displays the following information SFP Laser Wavelength Specifies the laser wavelength of the installed pluggable transceiver Single mode Fiber Specifies the link length supported by the pluggable transceiver using single mode fiber OM1 62 5μ m Fiber Specifies the link length inμm micron supported by the pluggable transcei...

Page 214: ...e either OMA Optical Module Amplitude or Avg Average Power measured in μW NOTE For parameters that are not supported or not specified a hyphen is displayed instead Example To display detailed information about the pluggable transceivers installed in a particular port on the device use a command like awplus show system pluggable port1 0 4 detail To display detailed information about all the pluggab...

Page 215: ...ration Power Monitoring FEC BER support Port1 0 6 Vendor Name ATI Device Name AT SPBD10 13 Device Type BASE BX10 Serial Number A03243R111300129 Manufacturing Datecode 11032801 SFP Laser Wavelength 1310nm Link Length Supported Single Mode Fiber 10Km OM1 62 5um Fiber OM2 50um Fiber Diagnostic Calibration Power Monitoring FEC BER support Table 4 7 Parameters in the output from the show system pluggab...

Page 216: ...Specifies the link length supported by the pluggable transceiver using single mode fiber OM1 62 5um Fiber Specifies the link length in μm micron supported by the pluggable transceiver using 62 5 micron multi mode fiber OM2 50um Fiber Specifies the link length in μm micron supported by the pluggable transceiver using 50 micron multi mode fiber Diagnostic Calibration Specifies whether the pluggable ...

Page 217: ...cs Mode User Exec and Privileged Exec Usage Modern optical SFP transceivers support Digital Diagnostics Monitoring DDM functions Diagnostic monitoring features allow you to monitor real time parameters of the pluggable transceiver such as optical output power optical input power temperature laser bias current and transceiver supply voltage Additionally RX LOS Loss of Signal is shown when the recei...

Page 218: ...n Warning Max Min Temp Degrees C 34 719 110 00 45 00 95 000 42 00 Vcc Volts 3 282 3 600 3 000 3 500 3 050 Tx Bias mA 23 024 80 000 2 000 70 000 3 000 Tx Power mW 0 357 0 631 0 126 0 501 0 159 Rx Power mW Low 0 631 0 005 Low 0 501 0 006 Rx LOS Rx Down Table 4 8 Parameters in the output from the show system pluggables diagnostics command Parameter Description Temp Degrees C Shows the temperature ins...

Page 219: ...tion for the device For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show system serialnumber Mode User Exec and Privileged Exec Example To display the serial number information for the device use the command awplus show system serialnumber Output Figure 4 24 Exampl...

Page 220: ...xternal memory or a TFTP server whenever possible to avoid device lockup This method is not likely to be appropriate when running the working set option of AMF across a range of physically separated devices Syntax show tech support all atmf dhcpsn epsr igmp ip ipv6 mld pim stp system tacacs outfile filename Default Captures all information for the device Parameter Description all Display full info...

Page 221: ...e current directory then a new file is generated with the time stamp appended to the file name for example tech support20080109 txt gz so the last saved file is retained Usage This command is useful for collecting a large amount of information about all protocols or specific protocols on your device so that it can then be analyzed for troubleshooting purposes The output of this command can be prov...

Page 222: ...ed console speed in bps Default The default console speed baud rate is 9600 bps Mode Line Configuration Usage This command is used to change the console asyn port speed Set the console speed to matchthetransmissionrateofthe device connectedto theconsole asyn port on your device Example To set the terminal console asyn0 port speed from the device to 57600 bps then exit the session use the commands ...

Page 223: ...IE200 Series Industrial Managed PoE Switches 223 AlliedWare Plus Operating System Version 5 4 5I 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SPEED ASYN Related Commands clear line console line show running config show startup config speed ...

Page 224: ...witches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SYSTEM TERRITORY DEPRECATED system territory deprecated Overview This command has been deprecated in version 5 4 4 0 1 It now has no effect ...

Page 225: ... output on the terminal or use the timeout option to stop displaying debugging output on the terminal after a set time Syntax terminal monitor 1 60 terminal no monitor Default Disabled Mode User Exec and Privileged Exec Examples To display debugging output on a terminal enter the command awplus terminal monitor To specify timeout of debugging output after 60 seconds enter the command awplus termin...

Page 226: ...strial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS UNDEBUG ALL undebug all Overview This command applies the functionality of the no debug all command ...

Page 227: ...page 230 clear log buffered on page 231 clear log permanent on page 232 default log buffered on page 233 default log console on page 234 default log email on page 235 default log host on page 236 default log monitor on page 237 default log permanent on page 238 log buffered on page 239 log buffered filter on page 240 log buffered size on page 243 log console on page 244 log console filter on page ...

Page 228: ...NDS log host time on page 258 log monitor filter on page 260 log permanent on page 263 log permanent filter on page 264 log permanent size on page 267 log rate limit nsm on page 268 show counter log on page 270 show exception log on page 271 show log on page 272 show log config on page 275 show log permanent on page 278 show running config log on page 279 ...

Page 229: ...CLEAR EXCEPTION LOG clear exception log Overview This command resets the contents of the exception log but does not remove the associated core files NOTE When this command is used within a stacked environment it will remove the contents of the exception logs in all stack members Syntax clear exception log Mode Privileged Exec Example awplus clear exception log ...

Page 230: ...the contents of the buffered and permanent logs NOTE When this command is used within a stacked environment it will remove the contents of the buffered and permanent logs in all stack members Syntax clear log Mode Privileged Exec Example To delete the contents of the buffered and permanent log use the command awplus clear log Validation Commands show log Related Commands clear log buffered clear l...

Page 231: ...LOGGING COMMANDS CLEAR LOG BUFFERED clear log buffered Overview This command removes the contents of the buffered log Syntax clear log buffered Mode Privileged Exec Example To delete the contents of the buffered log use the following commands awplus clear log buffered Validation Commands show log Related Commands clear log clear log permanent ...

Page 232: ...mand is used within a stacked environment it will remove the contents of the buffered logs in all stack members The permanent log is stored in NVS On IE200 6 Series switches files in NVS persist over a device restart but do not persist over a power cycle Syntax clear log permanent Mode Privileged Exec Example To delete the contents of the permanent log use the following commands awplus clear log p...

Page 233: ...d log stored in RAM By default the size of the buffered log is 50 kB and it accepts messages with the severity level of warnings and above Syntax default log buffered Default The buffered log is enabled by default Mode Global Configuration Example To restore the buffered log to its default settings use the following commands awplus configure terminal awplus config default log buffered Validation C...

Page 234: ...tings for log messages sent to the terminal when a log console command is issued By default all messages are sent to the console when a log console command is issued Syntax default log console Mode Global Configuration Example To restore the log console to its default settings use the following commands awplus configure terminal awplus config default log console Validation Commands show log config...

Page 235: ...esses Filters must be defined before messages will be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log email email address Mode Global Configuration Example To restore the default settings for log messages sent to the email address admin alliedtelesis com use the following commands awplus configure terminal awplus config default log e...

Page 236: ...s Filters must be defined before messages will be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log host ip addr Mode Global Configuration Example To restore the default settings for messages sent to the remote syslog server with IP address 10 32 16 21 use the following commands awplus configure terminal awplus config default log host ...

Page 237: ...he default settings for log messages sent to the terminal when a terminal monitor command is used Syntax default log monitor Default All messages are sent to the terminal when a terminal monitor command is used Mode Global Configuration Example To restore the log monitor to its default settings use the following commands awplus configure terminal awplus config default log monitor Related Commands ...

Page 238: ...50 kB and it accepts messages with the severity level of warnings and above The permanent log is stored in NVS On IE200 6 Series switches files in NVS persist over a device restart but do not persist over a power cycle Syntax default log permanent Default The permanent log is enabled by default Mode Global Configuration Example To restore the permanent log to its default settings use the following...

Page 239: ...llowable size old messages will be deleted to make way for new ones Syntax log buffered no log buffered Default The buffered log is configured by default Mode Global Configuration Examples To configured the device to store log messages in RAM use the following commands awplus configure terminal awplus config log buffered To configure the device to not store log messages in a RAM buffer use the fol...

Page 240: ...uffered level level program program name facility facility msgtext text string no log buffered level level program program name facility facility msgtext text string Parameter Description level Filter messages to the buffered log by severity level level The minimum severity of message to send to the buffered log The level can be specified as one of the following numbers or level names where 0 is t...

Page 241: ...ntegrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN Filter messages to the buffered log by syslog facility Specify one of the following syslog facilities to include messages from in the buffered log kern Kernel messages user Random user level messages...

Page 242: ... level notices program epsr To add a filter to send all messages containing the text Bridginginitialization to the buffered log use the following commands awplus configure terminal awplus config log buffered msgtext Bridging initialization To remove a filter that sends all messages generated by EPSR that have a severity of notices or higher to the buffered log use the following commands awplus con...

Page 243: ...permitted to use Once this memory allocation has been filled old messages will be deleted to make room for new messages Syntax log buffered size 50 250 Mode Global Configuration Example To allow the buffered log to use up to 100 kB of RAM use the following commands awplus configure terminal awplus config log buffered size 100 Validation Commands show log config Related Commands default log buffere...

Page 244: ...ices main console port Use the no variant of this command to configure the device not to send log messages to consoles Syntax log console no log console Mode Global Configuration Examples To configure the device to send log messages use the following commands awplus configure terminal awplus config log console To configure the device not to send log messages in all consoles use the following comma...

Page 245: ...level program program name facility facility msgtext text string no log console level level program program name facility facility msgtext text string Parameter Description level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emer...

Page 246: ...Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN Filter messages by syslog facility Specify one of the following syslog facilities to include mes...

Page 247: ...n use the command awplus config log console level info program mstp To create a filter to send all messages containing the text Bridging initialization to console instances where the log console command has been given use the following commands awplus configure terminal awplus config log console msgtext Bridging initialization To remove a filter that sends all messages generated by EPSR that have ...

Page 248: ...yntax log email email address Default By default no filters are defined for email log targets Filters must be defined before messages will be sent Mode Global Configuration Example To have log messages emailed to the email address admin alliedtelesis com use the following commands awplus configure terminal awplus config log email admin alliedtelesis com Validation Commands show log config Related ...

Page 249: ...d Syntax log email email address level level program program name facility facility msgtext text string no log email email address level level program program name facility facility msgtext text string Parameter Description email address The email address to send logging messages to level Filter messages by severity level level The minimum severity of message to send The level can be specified as ...

Page 250: ...Management Interface IMI imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN Filter messages by syslog facility Specify one of the following syslog facilities to include messages from kern Kernel messages user Random user level messages mail Ma...

Page 251: ...ormational and above to the email address admin alliedtelesis com use the following commands awplus configure terminal awplus config log email admin alliedtelesis com level informational To stop the device emailing log messages emailed to the email address admin alliedtelesis com use the following commands awplus configure terminal awplus config no log email admin homebase com To remove a filter t...

Page 252: ...sage was generated Use the offset option if the email recipient is in a different time zone to this device Specify the time offset of the email recipient in hours Messages will display the time they were generated on this device but converted to the time zone of the email recipient Parameter Description email address The email address to send log messages to time Specify the time difference betwee...

Page 253: ...admin base com with the time information converted to the time zone of the email recipient which is 3 hours ahead of the device s local time zone use the following commands awplus configure terminal awplus config log email admin base com time local offset plus 3 To send messages to the email address user remote com with the time information converted to the time zone of the email recipient which i...

Page 254: ...ill be sent Syntax log host ip addr no log host ip addr Mode Global Configuration Examples To configure the device to send log messages to a remote syslog server with IP address 10 32 16 99 use the following commands awplus configure terminal awplus config log host 10 32 16 99 To stop the device from sending log messages to the remote syslog server with IP address 10 32 16 99 use the following com...

Page 255: ...ng to this log target will be removed Syntax log host ip addr level level program program name facility facility msgtext text string no log host ip addr level level program program name facility facility msgtext text string Parameter Description ip addr The IP address of a remote syslog server level Filter messages by severity level level The minimum severity of message to send The level can be sp...

Page 256: ...anagement Interface IMI imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN Filter messages by syslog facility Specify one of the following syslog facilities to include messages from kern Kernel messages user Random user level messages mail Mai...

Page 257: ...to the syslog server with IP address 10 32 16 21 use the following commands awplus configure terminal awplus config log host 10 32 16 21 level informational To remove a filter that sends all messages generated by EPSR that have a severity of notices or higher to a remote syslog server with IP address 10 32 16 21use the following commands awplus configure terminal awplus config no log host 10 32 16...

Page 258: ...ime offset of the remote syslog server in hours Messages will display the time they were generated on this device but converted to the time zone of the remote syslog server Examples To send messages to the remote syslog server with the IP address 10 32 16 21 in the same time zone as the device s local time zone use the following commands awplus configure terminal awplus config log host 10 32 16 21...

Page 259: ...ours ahead of the device s local time zone use the following commands awplus configure terminal awplus config log host 10 32 16 12 time local offset plus 3 To send messages to the remote syslog server with the IP address 10 32 16 02 with the time information converted to the time zone of the email recipient which is 3 hours behind the device s UTC time zone use the following commands awplus config...

Page 260: ...el level program program name facility facility msgtext text string no log monitor level level program program name facility facility msgtext text string Parameter Description level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 e...

Page 261: ...tp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN Filter messages by syslog facility Specify one of the following syslog facilities to include messages from kern ...

Page 262: ...iven use the following commands awplus configure terminal awplus config log monitor level info program mstp To remove a filter that sends all messages generated by EPSR that have a severity of notices or higher to the terminal use the following commands awplus configure terminal awplus config no log monitor level notices program epsr To remove a default filter that includes sending everything to t...

Page 263: ...ges On IE200 6 Series switches files in NVS persist over a device restart but do not persist over a power cycle The no variant of this command configures the device not to send any messages to the permanent log Log messages will not be retained over a restart Syntax log permanent no log permanent Mode Global Configuration Examples To enable permanent logging use the following commands awplus confi...

Page 264: ...onding filter so that the specified messages are no longer sent to the permanent log Syntax log permanent level level program program name facility facility msgtext text string no log permanent level level program program name facility facility msgtext text string Parameter Description level Filter messages sent to the permanent log by severity level level The minimum severity of message to send T...

Page 265: ...Interface IMI imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN Filter messages by syslog facility Specify one of the following syslog facilities to include messages from kern Kernel messages user Random user level messages mail Mail system d...

Page 266: ... Examples To create a filter to send all messages generated by EPSR that have a severity of notices or higher to the permanent log use the following commands awplus configure terminal awplus config log permanent level notices program epsr To create a filter to send all messages containing the text Bridging initialization to the permanent log use the following commands awplus configure terminal awp...

Page 267: ...ill be deleted to make room for new messages The permanent log is stored in NVS On IE200 6 Series switches files in NVS persist over a device restart but do not persist over a power cycle Syntax log permanent size 50 250 Mode Global Configuration Example To allow the permanent log to use up to 100 kB of NVS use the following commands awplus configure terminal awplus config log permanent size 100 V...

Page 268: ...ice to shutdown This log rate limiting feature constrains the rate that log messages are generated by the device Notethatif withinthe giventimeinterval thenumberoflogmessages exceeds the limit then any excess log messages are discarded At the end of the time interval a single log message is generated indicating that log messages were discarded due to the log rate limit being exceeded Thus if the e...

Page 269: ...E Switches 269 AlliedWare Plus Operating System Version 5 4 5I 0 x LOGGING COMMANDS LOG RATE LIMIT NSM To return the device the default setting to generate up to 200 log messages per second use the following commands awplus configure terminal awplus config no log rate limit nsm ...

Page 270: ...ed P3 9 Total Received P4 32 Total Received P5 312 Total Received P6 1602 Total Received P7 372 Table 5 1 Parameters in output of the show counter log command Parameter Description Total Received Total number of messages received by the log Total Received P0 Total number of Priority 0 Emergency messages received Total Received P1 Total number of Priority 1 Alert messages received Total Received P2...

Page 271: ...e show exception log command on a device Output Figure 5 3 Example output from the show exception log command on a switch that has never had an exception occur awplus show exception log date time facility severity program pid message 2014 Jan 08 08 05 59 local7 debug awplus corehandler Process hsl PID 741 sig nal 11 core dumped to flash hsl IE200 proj1747_ie200 20131225 1 1 1262937958 7 41 tgz 201...

Page 272: ...ault By default the entire contents of the buffered log is displayed Mode User Exec Privileged Exec and Global Configuration Usage If the optional tail parameter is specified only the latest 10 messages in the buffered log are displayed A numerical value can be specified after the tail parameter to select how many of the latest messages should be displayed Examples To display the contents of the b...

Page 273: ... awpmaker03 dl gcc version 4 3 3 Gentoo 4 3 3 r3 p1 2 pie 10 1 5 1 Wed Dec 8 11 53 40 NZDT 2010 2011 Aug 29 07 55 22 kern warning awplus kernel No pci config register base in dev tree using default 2011 Aug 29 07 55 23 kern notice awplus kernel Kernel command line console tty S0 9600 releasefile IE200 5 4 5I 01 rel ramdisk 14688 bootversion 1 1 0 rc12 loglevel 1 extraflash 00000000 2011 Aug 29 07 ...

Page 274: ...1 cmd nbqueue wipe 2006 Nov 10 13 35 01 cron notice crond 116 USER manager pid 472 cmd nbqueue wipe 2006 Nov 10 13 40 01 cron notice crond 116 USER manager pid 477 cmd nbqueue wipe 2006 Nov 10 13 44 36 syslog notice syslog ng 67 Log statistics processed center queued 70 processed 2006 Nov 10 13 45 01 cron notice crond 116 USER manager pid 478 cmd logrotate etc logrotate conf 2006 Nov 10 13 45 01 c...

Page 275: ...d displays information about the logging system This includes the configuration of the various log destinations buffered permanent syslog servers hosts and email addresses This also displays the latest status information for each of these destinations Syntax show log config Mode User Exec Privileged Exec and Global Configuration Example To display the logging configuration use the command awplus s...

Page 276: ...ices Program any Facility any Message text any 2 Level informational Program mstp Facility daemon Message text any Statistics 1327 messages received 821 accepted by filter 2006 Dec 11 10 36 16 Permanent log Status enabled Maximum size 60kb Filters 1 Level error Program any Facility any Message text any 2 Level warnings Program dhcp Facility any Message text pool exhausted Statistics 1327 messages ...

Page 277: ...A Command Reference for IE200 Series Industrial Managed PoE Switches 277 AlliedWare Plus Operating System Version 5 4 5I 0 x LOGGING COMMANDS SHOW LOG CONFIG Related Commands show counter log show log show log permanent ...

Page 278: ...ould be displayed Mode User Exec Privileged Exec and Global Configuration Example To display the permanent log use the command awplus show log permanent Output Figure 5 7 Example output from the show log permanent command Related Commands show log Parameter Description tail Display only the latest log entries 10 250 Specify the number of log entries to display awplus show log permanent date time f...

Page 279: ...SHOW RUNNING CONFIG LOG show running config log Overview This command displays the current running configuration of the Log utility Syntax show running config log Mode Privileged Exec and Global Configuration Example To display the current configuration of the log utility use the command awplus show running config log Related Commands show log show log config ...

Page 280: ...naged PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x Scripting Commands Introduction Overview This chapter provides commands used for command scripts Command List activate on page 281 echo on page 282 wait on page 283 ...

Page 281: ... text file with a filename extension of either sh or scp only for the AlliedWare Plus CLI to activate the script file The sh filename extension indicates the file is an ASH script and the scp filename extension indicates the file is an AlliedWare Plus script Examples To activate a command script to run as a background process use the command awplus activate background test scp Related Commands con...

Page 282: ... echoes a string to the terminal followed by a blank line Syntax echo line Mode User Exec and Privileged Exec Usage This command may be useful in CLI scripts to make the script print user visible comments Example To echo the string Hello World to the console use the command awplus echo Hello World Output Related Commands activate wait Parameter Description line The string to echo Hello World ...

Page 283: ...ile executed by the activate command The script must contain an enable Privileged Exec mode command since the wait command is only executed in the Privileged Exec mode When a script is activated the privilege level is set to 1 enabling User Exec commands to run in the script If you need to run Privileged Exec commands in your script you need to add an enable Privileged Exec mode command to the sta...

Page 284: ...nds Introduction Overview This chapter provides an alphabetical reference of commands used to configure and display interfaces Command List description interface on page 285 interface to configure on page 286 mru jumbo on page 288 mtu on page 289 show interface on page 291 show interface brief on page 294 show interface status on page 295 shutdown on page 297 ...

Page 285: ...ew Use this command to add a description to a specific port or interface Syntax description description Mode Interface Configuration Example The following example uses this command to describe the device that a switch port is connected to awplus configure terminal awplus config interface port1 0 2 awplus config if description Boardroom PC Parameter Description description Text describing the speci...

Page 286: ...ces can add flexibility and simplify management information gathering and filtering One example of this increased reliability is for OSPF to advertise a local loopback interface as an interface route into the network irrespective of the physical links that may be up or down at the time This provides a higher probability that the routing traffic will be received and subsequently forwarded Mode Glob...

Page 287: ...Operating System Version 5 4 5I 0 x INTERFACE COMMANDS INTERFACE TO CONFIGURE The following example shows how to enter Interface mode to configure the local loopback interface awplus configure terminal awplus config interface lo awplus config if Related Commands ip address show interface show interface brief ...

Page 288: ...the following additional components Source and Destination addresses EtherType field Priority and VLAN tag fields FCS These additional components increase the frame size internally to 1522 bytes in the default case Syntax mru jumbo no mru Default By default jumbo frame support is not enabled Mode Interface Configuration for switch ports Usage Note that show interface output will only show MRU size...

Page 289: ...t fragment bit set then the device will send an ICMP destination unreachable 3 packet type and a fragmentation needed and DF set 4 code back to the source For IPv6 packets bigger than the MTU size of the transmitting VLAN interface an ICMP packet too big ICMP type 2 code 0 message is sent to the source Note that show interface output will only show MTU size for VLAN interfaces Examples To configur...

Page 290: ... AlliedWare Plus Operating System Version 5 4 5I 0 x INTERFACE COMMANDS MTU To restore the MTU size to the default MTU size of 1500 bytes on vlan2 and vlan4 use the commands awplus configure terminal awplus config interface vlan2 vlan4 awplus config if no mtu Related Commands show interface ...

Page 291: ...how MTU Maximum Transmission Unit size for VLAN interfaces and MRU Maximum Received Unit size for switch ports Example To display configuration and status information for all interfaces use the command awplus show interface Parameter Description interface list The interfaces or ports to configure An interface list can be an interface such as a VLAN e g vlan2 a switch port e g port1 0 6 a static ch...

Page 292: ...on learn disable Timeout 1 s Hardware is Ethernet address is 000c 2503 9a74 index 5002 metric 1 mru 1518 current duplex full current speed 100 current polarity mdi configured duplex auto configured speed auto configured polarity auto UP BROADCAST RUNNING MULTICAST SNMP link status traps Disabled input packets 4566 bytes 530517 dropped 0 multicast packets 753 output packets 0 bytes 0 multicast pack...

Page 293: ...change 69 days 01 28 47 awplus show interface vlan1 vlan2 Interface vlan1 Scope both Link is UP administrative state is UP Hardware is VLAN address is 0015 77e9 5c50 IPv4 address 192 168 1 1 24 broadcast 192 168 1 255 index 201 metric 1 mtu 1500 arp ageing timeout 300 UP BROADCAST RUNNING MULTICAST SNMP link status traps Disabled Bandwidth 1g input packets 295606 bytes 56993106 dropped 5 multicast...

Page 294: ...yntax show interface brief Mode User Exec and Privileged Exec Output Figure 7 4 Example output from the show interface brief command Related Commands show interface show interface memory awplus show interface brief Interface Status Protocol port1 0 1 admin up down port1 0 2 admin up running port1 0 3 admin up down port1 0 4 admin up down port1 0 5 admin up down port1 0 6 admin up down lo admin up ...

Page 295: ... channel group e g po2 a continuous range of ports separated by a hyphen e g port1 0 1 1 0 6 or sa1 2 or po1 2 a comma separated list of ports and port ranges e g port1 0 1 port1 0 4 1 0 6 Do not mix switch ports static channel groups and dynamic LACP channel groups in the same list Table 7 2 Example output from the show interface port list status command awplus show interface port1 0 1 1 0 5 stat...

Page 296: ... VLAN mode is private promiscuous it displays the primary VLAN ID if it has one and promiscuous if it does not have a VLAN ID When the VLAN mode is private host it displays the primary and secondary VLAN IDs When the port is an Eth port it displays none there is no VLAN associated with it When the VLAN is dynamically assigned it displays the current dynamically assigned VLAN ID not the access VLAN...

Page 297: ...iguration Example The following example shows the use of the shutdown command to shut down port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if shutdown The following example shows the use of the no shutdown command to bring up port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if no shutdown The following example shows the use of ...

Page 298: ...V A AlliedWare Plus Operating System Version 5 4 5I 0 x Interface Testing Commands Introduction Overview This chapter provides an alphabetical reference of commands used for testing interfaces Command List clear test interface on page 299 service test on page 300 test interface on page 301 ...

Page 299: ...ommands later on Syntax clear test interface port list all Mode Privileged Exec Examples To clear the counters for port1 0 1 use the command awplus clear test interface port1 0 1 To clear the counters for all interfaces use the command awplus clear test interface all Related Commands test interface Parameter Description port list The ports to test A port list can be a switch port e g port1 0 6 a c...

Page 300: ... begin testing After entering this command enter Interface Configuration mode for the desired interfaces and enter the command test interface Do not test interfaces on a device that is part of a live network disconnect the device first Use the no variant of this command to stop the test service Syntax service test no service test Mode Global Configuration Example To put the device into a test stat...

Page 301: ... all time 1 60 cont no test interface port list all Mode Privileged Exec Example To test the switch ports in VLAN 1 install loopbacks in the ports and enter the following commands awplus config service test awplus config no spanning tree rstp enable bridge forward awplus config interface vlan1 awplus config if shutdown awplus config if end awplus test interface all Parameter Description port list ...

Page 302: ...Ware Plus Operating System Version 5 4 5I 0 x INTERFACE TESTING COMMANDS TEST INTERFACE To see the output use the commands awplus show test awplus show test count To start the test on all interfaces for 1 minute use the command awplus test interface all time 1 Related Commands clear test interface ...

Page 303: ...0 x Alarm Monitoring Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure alarm monitoring For more information see the Alarm MonitoringFeature Overview and Configuration Guide Command List alarm facility on page 304 show alarm settings on page 307 show facility alarm status on page 308 ...

Page 304: ...led relay alarm facility main pse led relay alarm facility power supply power supply number led relay alarm facility pse port port list led relay alarm facility temperature led relay no alarm facility epsr input alarm number link aggregation partial failure total failure link down port list loopprot main pse power supply id pse port port list temperature led relay Parameter Description epsr EPSR a...

Page 305: ...ain pse Main power source equipment failure alarm The sum of the power consumed by all of the PoE devices plugged into the switch exceeds the maximum permitted Note This alarm pertains to PoE models only power supply Power supply failure alarm The designated power supply is down power supply number The power supply unit number The switch has two power supplies so the number must be 1 or 2 pse port...

Page 306: ...or IE200 Series Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x ALARM MONITORING COMMANDS ALARM FACILITY Related Commands show alarm settings show facility alarm status ...

Page 307: ... alarm settings command Related Commands alarm facility show facility alarm status Alarm ID LED Relay External PSU 1 Enabled Disabled External PSU 2 Enabled Disabled EPSR Disabled Disabled External contact input 1 Disabled Disabled Link down port1 0 1 Disabled Disabled Link down port1 0 2 Disabled Disabled Link down port1 0 3 Disabled Disabled Link down port1 0 4 Disabled Disabled Link down port1 ...

Page 308: ...ew all of the alarms that are currently active on the switch Syntax show facility alarm status Mode User Exec and Privileged Exec Example To display all of the currently active alarms on the switch use the command awplus show facility alarm status Output Figure 9 2 Example output from the show facility alarm status command Related Commands alarm facility show alarm settings Active alarms ID Extern...

Page 309: ...clear loop protection counters on page 313 clear mac address table static on page 314 clear mac address table dynamic on page 315 clear port counter on page 317 debug loopprot on page 318 debug platform packet on page 319 duplex on page 321 flowcontrol switch port on page 322 linkflap action on page 324 loop protection on page 325 loop protection action on page 326 loop protection action delay tim...

Page 310: ...ge 338 show debugging platform packet on page 339 show flowcontrol interface on page 340 show interface err disabled on page 341 show interface switchport on page 342 show loop protection on page 343 show mac address table on page 344 show mirror on page 346 show mirror interface on page 347 show platform on page 348 show platform classifier statistics utilization brief on page 349 show platform p...

Page 311: ...ed in the half duplex mode The flow control applied by the flowcontrol switch port command operates only on full duplex links whereas back pressure operates only on half duplex links If a port has insufficient capacity to receive further frames the device will simulate a collision by transmitting a CSMACD jamming signal from this port until the buffer empties The jamming signal causes the sending ...

Page 312: ...ting System Version 5 4 5I 0 x SWITCHING COMMANDS BACKPRESSURE Todisablebackpressureflowcontroloninterfaceport1 0 2enterthefollowing commands awplus configure terminal awplus config interface port1 0 2 awplus config if backpressure off Validation Commands show running config show interface Related Commands duplex ...

Page 313: ...e counters for the Loop Protection counters Syntax clear loop protection interface port list counters Mode Privileged Exec Examples To clear the counter information for all interfaces awplus clear loop protection counters To clear the counter information for a single port awplus clear loop protection interface port1 0 1 counters Parameters Description interface The interface whose counters are to ...

Page 314: ...This example shows how to clear all filtering database entries for a given interface configured through the CLI awplus clear mac address table static interface port1 0 3 This example shows how to clear filtering database entries filtering database entries configured through the CLI for a given mac address awplus clear mac address table static address 0202 0202 0202 Related Commands clear mac addre...

Page 315: ...this usage and operation with the clear mac address table static command Note that an MSTP instance cannot be specified with clear mac address table static Examples This example shows how to clear all dynamically learned filtering database entries for all interfaces addresses VLANs awplus clear mac address table dynamic Parameter Description interface Specify a switch port to be cleared from the f...

Page 316: ...ng database entries when learned through device operation for a given MAC address awplus clear mac address table dynamic address 0202 0202 0202 This example shows how to clear all dynamically learned filtering database entries whenlearnedthroughdeviceoperationforagivenMSTP instance1 on switchport interface port1 0 2 awplus clear mac address table dynamic interface port1 0 2 instance 1 Related Comm...

Page 317: ...COMMANDS CLEAR PORT COUNTER clear port counter Overview Use this command to clear the packet counters of the port Syntax clear port counter port Mode Privileged Exec Example To clear the packet counter for port1 0 1 use the command awplus clear port counter port1 0 1 Related Commands show platform port Parameter Description port The port number or range ...

Page 318: ...m all no debug loopprot info msg pkt state nsm all Mode Privileged Exec and Global Configuration Example To enable debug for all state transitions use the command awplus debug loopprot state Related Commands show debugging loopprot undebug loopprot Parameter Description info General Loop Protection information msg Received and transmitted Loop Detection Frames LDFs pkt Echo raw ASCII display of re...

Page 319: ... received by the CPU If a timeout is not specified then a default 5 minute timeout will be applied If a timeout of 0 is specified packet debug will be generated until the no variant of this command is used or another timeout value is specified The timeout value applies to both send and receive debug and is updated whenever the debug platform packet command is used Examples To enable both receive a...

Page 320: ...on 5 4 5I 0 x SWITCHING COMMANDS DEBUG PLATFORM PACKET To enable VLAN packet debug for VLAN 2 with a timeout duration of 3 minutes enter awplus debug platform packet vlan 2 timeout 150 To disable receive packet debug enter awplus no debug platform packet recv Related Commands show debugging platform packet undebug platform packet ...

Page 321: ... group must have the same port speed and be in full duplex mode Once switch ports have been aggregated into a channel group you can set the duplex mode of all the switch ports in the channel group by applying this command to the channel group Examples To specify full duplex for port1 0 4 enter the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if duple...

Page 322: ...ences congestion and cannot receive any more traffic it notifies the other port to stop sending until the condition clears When the local device detects congestion at its end it notifies the remote device by sending a pause frame On receiving a pause frame the remote device stops sending data packets which prevents loss of data packets during the congestion period Flow control is not recommended w...

Page 323: ...onfig interface port1 0 2 awplus config if flowcontrol receive on awplus configure terminal awplus config interface port1 0 2 awplus config if flowcontrol send on awplus configure terminal awplus config interface port1 0 2 awplus config if flowcontrol receive off awplus configure terminal awplus config interface port1 0 2 awplus config if flowcontrol send off Validation Commands show running confi...

Page 324: ... flapping port will shut down Use the no variant of this command to disable flapping detection at this rate Syntax linkflap action shutdown no linkflap action Default Linkflap action is disabled by default Mode Global Configuration Example To enable the linkflap action command on the device use the following commands awplus configure terminal awplus config linkflap action shutdown Parameter Descri...

Page 325: ...view and Configuration Guide for relevant conceptual configuration and overview information prior to applying this command Example To enable the loop detect mechanism on the switch and generate loop detect frames once every 5 seconds use the following commands awplus configure terminal awplus config loop protection loop detect ldf interval 5 Parameter Description loop detect Enables loop detection...

Page 326: ...the Loop Protection section in the Switching Feature Overview and Configuration Guide for relevant conceptual configuration and overview information prior to applying this command Example To disable an interface port1 0 4 and bring the link down when a network loop is detected use the commands awplus configure terminal awplus config interface port1 0 4 awplus config if loop protection action link ...

Page 327: ...e for an interface to default Syntax loop protection action delay time 0 86400 no loop protection action Default Action delay timer is disabled by default Mode Interface Configuration Example To configure a loop protection action delay time of 10 seconds use the commands awplus configure terminal awplus config interface port1 0 4 awplus config if loop protection action delay time 10 To reset the L...

Page 328: ...default is 7 seconds Mode Interface Configuration Usage See the Loop Protection section in the Switching Feature Overview and Configuration Guide for relevant conceptual configuration and overview information prior to applying this command Example To configure a loop protection action timeout of 10 seconds for port1 0 4 use the command awplus configure terminal awplus config interface port1 0 4 aw...

Page 329: ...E ACQUIRE mac address table acquire Overview Use this command to enable MAC address learning on the device Use the no variant of this command to disable learning Syntax mac address table acquire no mac address table acquire Default Learning is enabled by default for all instances Mode Global Configuration Example awplus configure terminal awplus config mac address table acquire ...

Page 330: ...me back to the default of 300 seconds 5 minutes Syntax mac address table ageing time ageing timer none no mac address table ageing time Default The default ageing time is 300 seconds Mode Global Configuration Examples The following commands specify various ageing timeouts on the device awplus configure terminal awplus config mac address table ageing time 1000 awplus configure terminal awplus confi...

Page 331: ... to Layer 2 switched traffic within a single VLAN Do not apply the mac address table static command to Layer 3 switched traffic passing from one VLAN to another VLAN Frames will not be discarded across VLANs because packets are routed across VLANs This command only works on Layer 2 traffic Example awplus configure terminal awplus config mac address table static 2222 2222 2222 forward interface por...

Page 332: ...ration Guide for more information A mirror port cannot be associated with a VLAN If a switch port is configured to be a mirror port it is automatically removed from any VLAN it was associated with This command can only be applied to a single mirror destination port not to a range of ports nor to a static or dynamic channel group Do not apply multiple interfaces with an interface command before iss...

Page 333: ...MIRROR INTERFACE Example To mirror traffic received and transmitted on port1 0 4 and port1 0 5 to destination port1 0 3 use the commands awplus configure terminal awplus config interface port1 0 3 awplus config if mirror interface port1 0 4 port1 0 5 direction both Related Commands access list hardware IP numbered access list hardware MAC numbered default action ...

Page 334: ...ulticast addresses 1 Syntax platform stop unreg mc flooding no platform stop unreg mc flooding Default This feature is disabled by default Mode Global Configuration Usage This command stops the periodic flooding of unknown or unregistered multicast packets when the Group Membership interval timer expires and there are no subscribers to a multicast group If there is multicast traffic in a VLAN with...

Page 335: ...Membership queries Examples To enable this feature and stop multicast packet flooding use the following commands awplus configure terminal awplus config platform stop unreg mc flooding To disable this feature and allow multicast packet flooding use the following commands awplus configure terminal awplus config no platform stop unreg mc flooding Related Commands show platform show running config aw...

Page 336: ...of this command to revert to the default TPID value 0x8100 Syntax platform vlan stacking tpid tpid no platform vlan stacking tpid Default The default TPID value is 0x8100 Mode Global Configuration Examples To set the VLAN stacking TPID value to 0x9100 use the following commands awplus configure terminal awplus config platform vlan stacking tpid 9100 To reset the VLAN stacking TPID value to the def...

Page 337: ...X polarity Polarity applies to copper 10BASE T 100BASE T and 1000BASE T switch ports It does not apply to fiber ports See the MDI MDIX Connection Modes section in the Switching Feature Overview and Configuration Guide for more information Example To set the polarity for port1 0 6 to fixed MDI mode use the following commands awplus configure terminal awplus config interface port1 0 6 awplus config ...

Page 338: ...x SWITCHING COMMANDS SHOW DEBUGGING LOOPPROT show debugging loopprot Overview This command shows Loop Protection debugging information Syntax show debugging loopprot Mode User Exec and Privileged Exec Example To display the enabled Loop Protection debugging modes use the command awplus show debugging loopprot Related Commands debug loopprot ...

Page 339: ... PLATFORM PACKET show debugging platform packet Overview This command shows platform to CPU level packet debugging information Syntax show debugging platform packet Mode User Exec and Privileged Exec Example To display the platform packet debugging information use the command awplus show debugging platform packet Related Commands debug platform packet undebug platform packet ...

Page 340: ...tion Syntax show flowcontrol interface port Mode User Exec and Privileged Exec Example To display the flow control for the port1 0 5 use the command awplus show flowcontrol interface port1 0 5 Output Figure 10 1 Example output from the show flowcontrol interface command for a specific interface Parameter Description port Specifies the name of the port to be displayed Port Send FlowControl Receive ...

Page 341: ...the protocols responsible for the shutdown Syntax show interface IFRANGE err disabled Mode User Exec and Privileged Exec Example Show the protocols that have shut down port2 0 21 and port2 0 23 use the commands awplus show interface err disabled Output Figure 10 2 Example output from the show interface err disabled command Parameter Description IFRANGE Interface range err disabled Brief summary of...

Page 342: ... User Exec and Privileged Exec Example To display VLAN information about each switch port enter the command awplus show interface switchport Output Figure 10 3 Example output from the show interface switchport command Related Commands show interface memory Interface name port1 0 1 Switchport mode access Ingress filter enable Acceptable frame types all Default Vlan 2 Configured Vlans 2 Interface na...

Page 343: ...ion interface port1 0 1 Figure 10 4 Example output from the show loop protection command To display the counter information for port1 0 1 use the command awplus show loop protection interface port1 0 1 counters Figure 10 5 Example output from the show loop protection interface counters command for port1 0 1 Parameter Description interface The interface selected for display port list A port a port ...

Page 344: ...put captured when there was no traffic being switched See the sample output captured when packets were switched and mac addresses were learned Note the new mac addresses learned for port1 0 4 and port1 0 6 added as dynamic entries Note the first column of the output below shows VLAN IDs if multiple VLANs are configured awplus show mac address table VLAN Port MAC State 1 unknown 0000 cd28 0752 stat...

Page 345: ... type column Related Commands clear mac address table dynamic clear mac address table static mac address table static awplus config mac address table static 0000 1111 2222 for int port1 0 3 vlan 2 awplus config end awplus awplus show mac address table VLAN Port MAC State 1 unknown 0000 cd28 0752 static 1 port1 0 2 0030 846e bac7 dynamic 2 port1 0 3 0000 1111 2222 static 2 unknown 0000 cd28 0752 st...

Page 346: ...r Output Figure 10 6 Example output from the show mirror command Mirror Test Port Name port1 0 1 Mirror option Enabled Mirror direction both Monitored Port Name port1 0 2 Mirror Test Port Name port1 0 3 Mirror option Enabled Mirror direction receive Monitored Port Name port1 0 4 Mirror Test Port Name port1 0 3 Mirror option Enabled Mirror direction receive Monitored Port Name port1 0 1 Mirror Test...

Page 347: ...erface port Mode User Exec Privileged Exec and Interface Configuration Example To display port mirroring configuration for the port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if show mirror interface port1 0 4 Output Figure 10 7 Example output from the show mirror interface command Parameter Description port The monitored switch port t...

Page 348: ...e To check the settings configured with platform commands on the device use the following command awplus show platform Output Figure 10 8 Example output from the show platform command awplus show platform MAC vlan hashing algorithm unknown stop unreg mc flooding off Jumboframe support off Vlan stacking TPID 0x8100 Hardware Filter Size ipv4 limited ipv6 Table 10 1 Parameters in the output of the sh...

Page 349: ...number of entries represents of the total available Syntax show platform classifier statistics utilization brief Mode Privileged Exec Example To display the platform classifier utilization statistics use the following command awplus show platform classifier statistics utilization brief Output Figure 10 9 Output from the show platform classifier statistics utilization brief command Related Commands...

Page 350: ...vileged Exec Examples To display port registers for port1 0 1 and port1 0 2 use the following command awplus show platform port port1 0 1 port1 0 2 To display platform counters for port1 0 1 and port1 0 2 use the following command awplus show platform port port1 0 1 port1 0 2 counters Parameter Description port list The ports to display information about A port list can be a continuous range of po...

Page 351: ...abled 1 loopback 0 link 0 speed 0 max speed 1000 duplex 0 linkscan 2 autonegotiate 1 master 2 tx pause 1 rx pause 1 untagged vlan 1 vlan filter 3 stp state 1 learn 5 discard 0 max frame size 1522 MC Disable SA no MC Disable TTL no MC egress untag 0 MC egress vid 0 MC TTL threshold 1 Table 10 2 Parameters in the output from the show platform port command Parameter Description Ethernet MAC counters ...

Page 352: ...ived Pkts Number of packets received FCSErrors Number of FCS Frame Check Sequence error events received UnicastPkts Number of unicast packets received MulticastPkts Number of multicast packets received BroadcastPkts Number of broadcast packets received PauseMACCtlFrms Number of Pause MAC Control Frames received OversizePkts Number of oversize packets received Fragments Number of fragments received...

Page 353: ...erral Frame counter SingleCollsnFrm Transmit Single Collision Frame counter MultCollsnFrm Transmit Multiple Collision Frame counter LateCollisions Transmit Late Collision Frame counter ExcessivCollsns Transmit Excessive Collision Frame counter Collisions Transmit Total Collision counter Layer 3 Counters ifInUcastPkts Inbound interface Unicast counter ifInDiscards Inbound interface Discarded Packet...

Page 354: ...gotiate speed except for 100Base FX ports which do not support auto negotiation so default to 100Mbps Usage Switch ports in a static or dynamic LACP channel group must have the same port speed and be in full duplex mode Once switch ports have been aggregated into a channel group you can set the speed of all the switch ports in the channel group by applying this command to the channel group NOTE No...

Page 355: ...fig interface port1 0 4 awplus config if speed auto To set a port to auto negotiate its speed at 100Mbps and 1000Mbps enter the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if speed auto 100 1000 To set a port to auto negotiate its speed at 1000Mbps only enter the following commands awplus configure terminal awplus config interface port1 0 4 awplus c...

Page 356: ...s Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x SWITCHING COMMANDS UNDEBUG LOOPPROT undebug loopprot Overview This command applies the functionality of the no debug loopprot command ...

Page 357: ...Series Industrial Managed PoE Switches 357 AlliedWare Plus Operating System Version 5 4 5I 0 x SWITCHING COMMANDS UNDEBUG PLATFORM PACKET undebug platform packet Overview This command applies the functionality of the no debug platform packet command ...

Page 358: ...ort vlan forwarding priority on page 365 show vlan on page 366 show vlan classifier group on page 367 show vlan classifier group interface on page 368 show vlan classifier interface group on page 369 show vlan classifier rule on page 370 show vlan private vlan on page 371 switchport access vlan on page 372 switchport enable vlan on page 373 switchport mode access on page 374 switchport mode privat...

Page 359: ...83 switchport trunk native vlan on page 386 switchport vlan stacking double tagging on page 388 switchport voice dscp on page 389 switchport voice vlan on page 390 switchport voice vlan priority on page 392 vlan on page 393 vlan classifier activate on page 394 vlan classifier group on page 395 vlan classifier rule ipv4 on page 396 vlan classifier rule proto on page 397 vlan database on page 400 ...

Page 360: ...rt vlan forwarding priority epsr loop protection none no port vlan forwarding priority Default By default the highest priority protocol is EPSR Mode Global Configuration Usage EPSR Loop Protection and MAC Thrashing protection do not usually need to be configured on a switch because they perform similar functions each prevents network loops by blocking a selected port for each loop containing VLAN ...

Page 361: ...s complete with port1 0 2 blocking data VLANs vlan20 and vlan30 and some broadcast traffic flowing through If the user removes vlan30 from EPSR a storm is created on vlan30 MAC thrashing protection detects it and blocks vlan30 Then after the storm has stopped MAC thrashing protection sets it to forwarding again and it keeps oscillating between forwarding and blocking In the meantime the user adds ...

Page 362: ...s awplus configure terminal awplus config port vlan forwarding priority loop protection To set EPSR Loop Protection and MAC Thrashing protection protocols to have equal priority for port forwarding and blocking which allows the protocols to override each other to set a port to the forwarding or blocking states use the commands awplus configure terminal awplus config port vlan forwarding priority n...

Page 363: ... Configuration Examples awplus configure terminal awplus config vlan database awplus config vlan vlan 2 name vlan2 state enable awplus config vlan vlan 3 name vlan3 state enable awplus config vlan vlan 4 name vlan4 state enable awplus config vlan private vlan 2 primary awplus config vlan private vlan 3 isolated awplus config vlan private vlan 4 community awplus configure terminal awplus config vla...

Page 364: ...ion add secondary vlan id remove secondary vlan id no private vlan primary vlan id association Mode VLAN Configuration Examples The following commands associate primary VLAN 2 with secondary VLAN 3 awplus configure terminal awplus config vlan database awplus config vlan private vlan 2 association add 3 The following commands remove the association of primary VLAN 2 with secondary VLAN 3 awplus con...

Page 365: ...r EPSR or Loop Protection is set as the highest priority for determining whether a port forwards a VLAN as set by the port vlan forwarding priority command For more information about EPSR see the EPSR Feature Overview and Configuration Guide Syntax show port vlan forwarding priority Mode Privileged Exec Example To display the highest priority protocol use the command awplus show port vlan forwardi...

Page 366: ... the command awplus show vlan 2 Output Figure 11 2 Example output from the show vlan command Related Commands vlan Parameter Description 1 2048 Display information about the VLAN specified by the VLAN ID all Display information about all VLANs on the device brief Display information about all VLANs on the device dynamic Display information about all VLANs learned dynamically static Display informa...

Page 367: ...lassifier groups or a specific group Syntax show vlan classifier group 1 16 Mode User Exec and Privileged Exec Usage If a group ID is not specified all configured VLAN classifier groups are shown If a group ID is specified a specific configured VLAN classifier group is shown Example To display information about VLAN classifier group 1 enter the command awplus show vlan classifier group 1 Related C...

Page 368: ...terface switch port Mode User Exec and Privileged Exec Usage All configured VLAN classifier groups are shown for a single interface Example TodisplayVLANclassifiergroupinformationforswitchportinterface port1 0 2 enter the command awplus show vlan classifier group interface port1 0 2 Output Figure 11 3 Example output from the show vlan classifier group interface port1 0 1 command Related Commands v...

Page 369: ...information about all interfaces configured for all VLAN groups enter the command awplus show vlan classifier interface group To display information about all interfaces configured for VLAN group 1 enter the command awplus show vlan classifier interface group 1 Output Figure 11 4 Example output from the show vlan classifier interface group command Output Figure 11 5 Example output from the show vl...

Page 370: ...r Exec and Privileged Exec Usage If a rule ID is not specified all configured VLAN classifier rules are shown If a rule ID is specified a specific configured VLAN classifier rule is shown Example To display information about VLAN classifier rule 1 enter the command awplus show vlan classifier rule 1 Output Figure 11 6 Example output from the show vlan classifier rule1 command Related Commands vlan...

Page 371: ...ate VLAN configuration and associations Syntax show vlan private vlan Mode User Exec and Privileged Exec Example To display the private VLAN configuration and associations enter the command awplus show vlan private vlan Output Figure 11 7 Example output from the show vlan private vlan command Related Commands private vlan private vlan association awplus show vlan private vlan PRIMARY SECONDARY TYP...

Page 372: ...cified switchports using the negated form of this command Mode Interface Configuration Usage Any untagged frame received on this port will be associated with the specified VLAN Examples To change the port based VLAN to VLAN 3 for port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if switchport access vlan 3 To reset the port based VLAN to the defau...

Page 373: ...ing Ring Note that if the VID is not given all disabled VLANs are re enabled This command enables the VLAN on the port manually once disabled by certain actions such as EPSR Ethernet Protection Switching Ring Note that if the VID is not given all disabled VLANs are re enabled Syntax switchport enable vlan 1 2048 Mode Interface Configuration Example To re enable the port1 0 1 from VLAN 1 awplus con...

Page 374: ... switchport mode access ingress filter enable disable Default By default ports are in access mode with ingress filtering on Usage Use access mode to send untagged frames only Mode Interface Configuration Example awplus configure terminal awplus config interface port1 0 2 awplus config if switchport mode access ingress filter enable Validation Command show interface switchport Parameter Description...

Page 375: ...lus config interface port1 0 2 awplus config if switchport mode private vlan host awplus config interface port1 0 3 awplus config if switchport mode private vlan promiscuous awplus config interface port1 0 4 awplus config if no switchport mode private vlan promiscuous Related Commands switchport private vlan mapping Parameter Description host This port type can communicate with all other host port...

Page 376: ...k mode is disabled as a promiscuous port Mode Interface Configuration Usage A port must be put in trunk mode with switchport mode trunk command before it can be enabled as a promiscuous port To add VLANs to be trunked over the promiscuous port use the switchport trunk allowed vlan command These VLANs can be isolated VLANs or non private VLANs To configure the native VLAN for the promiscuous port u...

Page 377: ...interface port1 0 2 awplus config if switchport mode trunk awplus config if switchport trunk allowed vlan add 2 4 awplus config if switchport mode private vlan trunk promiscuous group 3 To remove port1 0 2 in trunk mode as a promiscuous port for a private VLAN use the commands To remove port1 1 2 in trunk mode as a promiscuous port for a private VLAN use the commands awplus configure terminal awpl...

Page 378: ...n a port in trunk mode is enabled to be a secondary port for isolated VLANs by default it will have a native VLAN of none no native VLAN specified Mode Interface Configuration Usage A port must be put in trunk mode with switchport mode trunk command before the port is enabled as a secondary port in trunk mode To add VLANs to be trunked over the secondary port use the switchport trunk allowed vlan ...

Page 379: ...an vlan 2 awplus config vlan private vlan 2 isolated awplus config vlan exit awplus config interface port1 0 3 awplus config if switchport mode trunk awplus config if switchport trunk allowed vlan add 2 awplus config if switchport mode private vlan trunk secondary group 3 To remove port1 1 3 in trunk mode as a secondary port use the commands awplus configure terminal awplus config interface port1 ...

Page 380: ...tagged members of the default VLAN vlan1 and have ingress filtering on Mode Interface Configuration Usage Aportin trunkmodecan be a tagged member ofmultipleVLANs and anuntagged member of one native VLAN To configure which VLANs this port will trunk for use the switchport trunk allowed vlan command Example awplus configure terminal awplus config interface port1 0 3 awplus config if switchport mode ...

Page 381: ... variant of this command to remove the association Syntax switchport private vlan host association primary vlan id add secondary vlan id no switchport private vlan host association Mode Interface Configuration Examples awplus configure terminal awplus config interface port1 0 2 awplus config if switchport private vlan host association 2 add 3 awplus configure terminal awplus config interface port1...

Page 382: ...ndary vid list no switchport private vlan mapping Mode Interface Configuration Usage This command can be applied to a switch port or a static channel group but not a dynamic LACP channel group LACP channel groups dynamic LACP aggregators cannot be promiscuous ports in private VLANs Examples awplus configure terminal awplus config interface port1 0 2 awplus config if switchport private vlan mapping...

Page 383: ...mber set The add and remove parameters will add and remove VLANs to and from the port s member set See the note below about restrictions when using the add remove except and all parameters Parameter Description all Allow all VLANs to transmit and receive through the port none Allow no VLANs to transmit and receive through the port add Add a VLAN to transmit and receive through the port Only use th...

Page 384: ...eter with the list of VLANs to remove instead of using the remove parameter as shown in the command example below awplus configure terminal awplus config interface port1 0 6 awplus config if switchport trunk allowed vlan except 3 4 Then the configuration is changed after entering the above commands to remove VLAN 3 To add a VLAN where the configuration for port1 0 6 shows the below output awplus s...

Page 385: ...ring the above commands to add VLAN 4 Examples The following shows adding a single VLAN to the port s member set awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk allowed vlan add 2 The following shows adding a range of VLANs to the port s member set awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk allowed vla...

Page 386: ...he default VLAN which is reverted to using the no form of this command Mode Interface Configuration Examples The following commands show configuration of VLAN 2 as the native VLAN for interface port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk native vlan 2 The following commands show the removal of the native VLAN for interface port1 0 2 awplu...

Page 387: ... 387 AlliedWare Plus Operating System Version 5 4 5I 0 x VLAN COMMANDS SWITCHPORT TRUNK NATIVE VLAN ThefollowingcommandsrevertthenativeVLANtothedefaultVLAN1 forinterface port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if no switchport trunk native vlan ...

Page 388: ...ntax switchport vlan stacking customer edge port provider port no switchport vlan stacking Default By default ports are not VLAN stacking ports Mode Interface Configuration Usage Use VLAN stacking to separate traffic from different customers to that they can be managed over a provider network Traffic with an extra VLAN header added by VLAN stacking cannot be routed Example awplus configure termina...

Page 389: ... will be advertised Mode Interface Configuration Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the port switchport voice vlan command The portis configured to transmitLLDP advertisements enabled by default lldp transmit receive command The port is configured to transmit Network Policy TLVs ena...

Page 390: ... and therefore no network policy is advertised for voice devices Mode Interface Configuration Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the port using this command switchport voice vlan The portis configured to transmitLLDP advertisements enabled by default lldp transmit receive command Th...

Page 391: ...plus configure terminal awplus config interface port1 0 5 awplus config if switchport voice vlan 10 To tell IP phones connected to ports 1 0 2 1 0 6 to send priority tagged packets 802 1p priority tagged with VID 0 so that they will be assigned to the port VLAN use the following commands The priority value is 5 by default but can be configured with the switchport voice vlan priority command awplus...

Page 392: ...ace Configuration Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the port switchport voice vlan command The portis configured to transmitLLDP advertisements enabled by default lldp transmit receive command The port is configured to transmit Network Policy TLVs enabled by default lldp med tlv se...

Page 393: ...id vlan name mtu mtu value no vlan vid vid range mtu Default By default VLANs are enabled when they are created Mode VLAN Configuration Examples awplus configure terminal awplus config vlan database awplus config vlan vlan 45 name accounts state enable awplus configure terminal awplus config vlan database awplus config vlan no vlan 45 Related Commands mtu vlan database show vlan Parameter Descript...

Page 394: ...witch port Usage See the protocol based VLAN configuration example in the VLAN Feature Overview and Configuration Guide for configuration details Example To associate VLAN classifier group 3 with switch port1 0 3 enter the following commands awplus configure terminal awplus config interface port1 0 3 awplus config if vlan classifier activate 3 To remove VLAN classifier group 3 from switch port1 0 ...

Page 395: ...delete a group of VLAN classifier rules Syntax vlan classifier group 1 16 add delete rule vlan class rule id no vlan classifier group 1 16 Mode Global Configuration Example awplus configure terminal awplus config vlan classifier group 3 add rule 5 Related Commands show vlan classifier rule vlan classifier activate vlan classifier rule ipv4 vlan classifier rule proto Parameter Description 1 16 VLAN...

Page 396: ...r prefix length vlan 1 2048 no vlan classifier rule 1 256 Mode Global Configuration Usage If the source IP address matches the IP subnet specified in the VLAN classifier rule the received packets are mapped to the specified VLAN Example awplus configure terminal awplus config vlan classifier rule 3 ipv4 3 3 3 3 8 vlan 5 Related Commands show vlan classifier rule vlan classifier activate vlan class...

Page 397: ... in the IANA 802 numbers are given as hexadecimal values The no variant of this command removes a previously set rule Syntax vlan classifier rule 1 256 proto protocol encap ethv2 vlan 1 2048 no vlan classifier rule 1 256 Parameter Description 1 256 VLAN Classifier identifier proto Protocol type protocol Specify a protocol either by its decimal number 0 65535 or by one of the following protocol nam...

Page 398: ...83 DEC Systems Comms Arch protocol g8bpqx25 2303 G8BPQ AX 25 protocol ieeeaddrtrans 2561 Xerox IEEE802 3 PUP Address ieeepup 2560 Xerox IEEE802 3 PUP protocol ip 2048 IP protocol ipv6 34525 IPv6 protocol ipx 33079 IPX protocol netbeui 61680 IBM NETBIOS NETBEUI protocol netbeui 61681 IBM NETBIOS NETBEUI protocol pppdiscovery 34915 PPPoE discovery protocol pppsession 34916 PPPoE session protocol rar...

Page 399: ...an classifier rule 5 proto encap ethv2 vlan 234525 awplus config vlan classifier rule 6 proto encap ethv2 vlan 2ipv6 awplus config vlan classifier rule 7 proto encap ethv2 vlan 22048 awplus config vlan classifier rule 8 proto encap ethv2 vlan 2ip Validation Output awplus show vlan classifier rule Related Commands show vlan classifier rule vlan classifier activate vlan classifier group vlan classif...

Page 400: ...his command to enter the VLAN Configuration mode Syntax vlan database Mode Global Configuration Usage Use this command to enter the VLAN configuration mode You can then add or delete a VLAN or modify its values Example In the following example note the change to VLAN configuration mode from Configure mode awplus configure terminal awplus config vlan database awplus config vlan Related Commands vla...

Page 401: ...d protocols RSTP and MSTP on page 404 debug mstp RSTP and STP on page 405 instance priority MSTP on page 409 instance vlan MSTP on page 411 region MSTP on page 413 revision MSTP on page 414 show debugging mstp on page 415 show spanning tree on page 416 show spanning tree brief on page 419 show spanning tree mst on page 420 show spanning tree mst config on page 421 show spanning tree mst detail on ...

Page 402: ...ee forward time on page 451 spanning tree guard root on page 452 spanning tree hello time on page 453 spanning tree link type on page 454 spanning tree max age on page 455 spanning tree max hops MSTP on page 456 spanning tree mode on page 457 spanning tree mst configuration on page 458 spanning tree mst instance on page 459 spanning tree mst instance path cost on page 460 spanning tree mst instanc...

Page 403: ...rivileged Exec Usage Use this command with the instance parameter in MSTP mode Specifying this command with the interface parameter only not the instance parameter will work in STP and RSTP mode Examples awplus clear spanning tree statistics awplus clear spanning tree statistics instance 1 awplus clear spanning tree statistics interface port1 0 2 awplus clear spanning tree statistics interface por...

Page 404: ...P and MSTP Overview Use this command to clear the detected protocols for a specific port or all ports Use this command in RSTP or MSTP mode only Syntax clear spanning tree detected protocols interface port Mode Privileged Exec Example awplus clear spanning tree detected protocols Parameter Description port The port to clear detected protocols for The port may be a switch port e g port1 0 4 a stati...

Page 405: ...ration mode Usage 1 Use the debug mstp topology change interface command to generate debugging messageswhen the device receives an indicationof a topology change in a BPDU from another device The debugging can be activated on a per port basis Although this command uses the keyword mstp it displays debugging output for RSTP and STP protocols as well as the MSTP protocol Due to the likely volume of ...

Page 406: ...ng is controlled independently Although this command uses the keyword mstp it displays debugging output for RSTP and STP protocols as well as the MSTP protocol Due to the likely volume of output these debug messages are best viewed using the terminal monitor command before issuing the relevant debug mstp command The default terminal monitor filter will select and display these messages Alternative...

Page 407: ... 42 awplus MSTP 1417 CIST int pathcost 0 17 23 42 awplus MSTP 1417 CIST bridge id 0000 0000cd1000fe 17 23 42 awplus MSTP 1417 CIST hops remaining 20 17 23 42 awplus MSTP 1417 MSTI flags Agree Forward Learn role Desig 17 23 42 awplus MSTP 1417 MSTI reg root id 8001 0000cd1000fe 17 23 42 awplus MSTP 1417 MSTI pathcost 0 17 23 42 awplus MSTP 1417 MSTI bridge priority 32768 port priority 128 17 23 42 ...

Page 408: ...Commands log buffered filter show debugging mstp terminal monitor undebug mstp awplus terminal monitor awplus debug mstp packet rx decode interface port1 0 4 awplus 17 30 17 awplus MSTP 1417 port1 0 4 xSTP BPDU rx start 17 30 17 awplus MSTP 1417 Protocol version RSTP BPDU type RST 17 30 17 awplus MSTP 1417 CIST Flags Forward Learn role Desig 17 30 17 awplus MSTP 1417 CIST root id 8000 0000cd1000fe...

Page 409: ...ity for the instance MSTP selects the device with the lowest MAC address to be the root bridge Give the device a higher priority for becoming the root bridge for a particular instance by assigning it a lower priority number or vice versa Examples To set the root bridge priority for MSTP instance 2 to be the highest 0 so that it will be the root bridge for this instance when available use the comma...

Page 410: ... Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x SPANNING TREE COMMANDS INSTANCE PRIORITY MSTP Related Commands region MSTP revision MSTP show spanning tree mst config spanning tree mst instance spanning tree mst instance priority ...

Page 411: ...Syntax instance msti id vlan vid vid list no instance msti id vlan vid vid list Mode MST Configuration Usage The VLANs must be created before being associated with an MST instance MSTI If the VLAN range is not specified the MSTI will not be created This command removes the specified VLANs from the CIST and adds them to the specified MSTI If you use the no variant of this command to remove the VLAN...

Page 412: ...trial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x SPANNING TREE COMMANDS INSTANCE VLAN MSTP Related Commands region MSTP revision MSTP show spanning tree mst config spanning tree mst instance vlan ...

Page 413: ... name and reset it to the default Syntax region region name no region Default By default the region name is My Name Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example awplus configure terminal awplus config spanning tree mst configuration awplu...

Page 414: ...ly Syntax revision revision number Default The default of revision number is 0 Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example awplus configure terminal awplus config spanning tree mst configuration awplus config mst revision 25 Related Comm...

Page 415: ... filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mstp Mode User Exec and Privileged Exec mode Example To display the MSTP debugging options set enter the command awplus show debugging mstp Output Figure 12 1 Example output from the show debugging mstp command Related C...

Page 416: ...ot installed A topology change counter has been included for RSTP and MSTP You can see the topology change counter for RSTP by using the show spanning tree command You can see the topology change counter for MSTP by using the show spanning tree mst instance command Example To display spanning tree information about port1 0 3 use the command awplus show spanning tree interface port1 0 3 Parameter D...

Page 417: ... timeout interval 300 sec port1 0 3 Port 5023 Id 839f Role Designated State Forwarding port1 0 3 Designated Path Cost 0 port1 0 3 Configured Path Cost 200000 Add type Explicit ref count 1 port1 0 3 Designated Port Id 839f Priority 128 port1 0 3 Root 80000000cd20f093 port1 0 3 Designated Bridge 80000000cd20f093 port1 0 3 Message Age 0 Max Age 20 port1 0 3 Hello Time 2 Forward Delay 15 port1 0 3 For...

Page 418: ...ransitions 0 port1 0 1 Version Rapid Spanning Tree Protocol Received None Send STP port1 0 1 No portfast configured Current portfast off port1 0 1 portfast bpdu guard default Current portfast bpdu guard off port1 0 1 portfast bpdu filter default Current portfast bpdu filter off port1 0 1 no root guard configured Current root guard off port1 0 1 Configured Link Type point to point Current shared po...

Page 419: ... mst instance command Example To display a summary of spanning tree status information use the command awplus show spanning tree brief Output Figure 12 4 Example output from the show spanning tree brief command Related Commands show spanning tree Parameter Description brief A brief summary of spanning tree information Default Bridge up Spanning Tree Enabled Default Root Path Cost 40000 Root Port 4...

Page 420: ... Privileged Exec and Interface Configuration Example To display bridge level information about the CIST and VLAN to MSTI mappings enter the command awplus show spanning tree mst Output Figure 12 5 Example output from the show spanning tree mst command Related Commands show spanning tree mst interface 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32...

Page 421: ...iguration Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example To display MSTP configuration identifier information enter the command awplus show spanning tree mst config Output Figure 12 6 Example output from the show spanning tree mst config command Related Commands ...

Page 422: ... that particular instance For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree mst detail Mode User Exec Privileged Exec and Interface Configuration Example To display detailed information about each instance and all interfaces associated with them en...

Page 423: ... transitions 0 port1 0 2 Version Multiple Spanning Tree Protocol Received None Send STP port1 0 2 No portfast configured Current portfast off port1 0 2 portfast bpdu guard default Current portfast bpdu guard off port1 0 2 portfast bpdu filter default Current portfast bpdu filter off port1 0 2 no root guard configured Current root guard off port1 0 2 Configured Link Type point to point Current shar...

Page 424: ...Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree mst detail interface port Mode User Exec Privileged Exec and Interface Configuration Example To display detailed information about port1 0 3 and the instances associated with it enter the command awplus show spanning tree mst detail interface port1 0 3 Output Figure 12 8 Ex...

Page 425: ...e 0 Max Age 20 port1 0 2 CIST Hello Time 2 Forward Delay 15 port1 0 2 CIST Forward Timer 0 Msg Age Timer 0 Hello Timer 0 topo change timer 0 port1 0 2 forward transitions 0 port1 0 2 Version Multiple Spanning Tree Protocol Received None Send STP port1 0 2 No portfast configured Current portfast off port1 0 2 portfast bpdu guard default Current portfast bpdu guard off port1 0 2 portfast bpdu filter...

Page 426: ... instance instance Mode User Exec Privileged Exec and Interface Configuration Usage To display detailed information for instance 2 and all switch ports associated with that instance use the command awplus show spanning tree mst instance 2 Output Figure 12 9 Example output from the show spanning tree mst instance command Parameter Description instance Specify an MSTP instance in the range 1 15 1 MS...

Page 427: ...mand awplus show spanning tree mst instance 2 interface port1 0 2 Output Figure 12 10 Example output from the show spanning tree mst instance command Parameter Description instance Specify an MSTP instance in the range 1 15 port The port to display information about The port may be a switch port e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 MSTI Root Path C...

Page 428: ...tailed information about each instance and all interfaces associated with them for port1 0 4 use the command awplus show spanning tree mst interface port1 0 4 Output Figure 12 11 Example output from theshow spanning tree mst interface command Parameter Description port The port to display information about The port may be a switch port e g port1 0 4 a static channel group e g sa2 or a dynamic LACP...

Page 429: ...ommand Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree mst detail interface port Mode User Exec Privileged Exec and Interface Configuration Example To display detailed information about port1 0 3 and the instances associated with it enter the command awplus show spanning tree mst detail interface port1 0 3 Output Figure 12 12 Ex...

Page 430: ...e 0 Max Age 20 port1 0 2 CIST Hello Time 2 Forward Delay 15 port1 0 2 CIST Forward Timer 0 Msg Age Timer 0 Hello Timer 0 topo change timer 0 port1 0 2 forward transitions 0 port1 0 2 Version Multiple Spanning Tree Protocol Received None Send STP port1 0 2 No portfast configured Current portfast off port1 0 2 portfast bpdu guard default Current portfast bpdu guard off port1 0 2 portfast bpdu filter...

Page 431: ...ports associated with all spanning tree instances For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree statistics Mode Privileged Exec Usage To display BPDU statistics for all spanning tree instances and all switch ports associated with all spanning t...

Page 432: ... ec cd 6d 20 c0 ed Designated Port Id 8393 Top Change Ack FALSE Config Pending FALSE PORT Based Information Statistics Config Bpdu s xmitted 0 Config Bpdu s received 0 TCN Bpdu s xmitted 0 TCN Bpdu s received 0 Forward Trans Count 0 STATUS of Port Timers Hello Time Configured 2 Hello timer INACTIVE Hello Time Value 0 Forward Delay Timer INACTIVE Forward Delay Timer Value 0 Message Age Timer INACTI...

Page 433: ...and all switch ports associated with that MST instance For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree statistics instance instance Mode Privileged Exec Usage To display BPDU statistics information for MST instance 2 and all switch ports associat...

Page 434: ...Bpdu s received port inst 0 0 Message Age port Inst 0 0 port1 0 3 Forward Transitions 0 Next State Learning Topology Change Time 0 INST_PORT port1 0 4 Information Statistics Config Bpdu s xmitted port inst 0 0 Config Bpdu s received port inst 0 0 TCN Bpdu s xmitted port inst 0 0 TCN Bpdu s received port inst 0 0 Message Age port Inst 0 0 port1 0 4 Forward Transitions 0 Next State Learning Topology...

Page 435: ...information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree statistics instance instance interface port Mode Privileged Exec Example To display BPDU statistics for MST instance 2 interface port1 0 2 use the command awplus show spanning tree statistics instance 2...

Page 436: ...1 Spanning Tree Enabled for Instance 1 INST_PORT port1 0 2 Information Statistics Config Bpdu s xmitted port inst 0 0 Config Bpdu s received port inst 0 0 TCN Bpdu s xmitted port inst 0 0 TCN Bpdu s received port inst 0 0 Message Age port Inst 0 0 port1 0 2 Forward Transitions 0 Next State Learning Topology Change Time 0 Other Inst Vlan Information Statistics Bridge Priority 0 Bridge Mac Address e...

Page 437: ...witch port For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree statistics interface port Mode Privileged Exec Example To display BPDU statistics about each MST instance for port1 0 4 use the command awplus show spanning tree statistics interface port...

Page 438: ...ssage Age 0 Designated Root ec cd 6d 20 c0 ed Designated Cost 0 Designated Bridge ec cd 6d 20 c0 ed Designated Port Id 838a Top Change Ack FALSE Config Pending FALSE PORT Based Information Statistics Config Bpdu s xmitted 0 Config Bpdu s received 0 TCN Bpdu s xmitted 0 TCN Bpdu s received 0 Forward Trans Count 0 STATUS of Port Timers Hello Time Configured 2 Hello timer INACTIVE Hello Time Value 0 ...

Page 439: ...ds show spanning tree statistics Other Bridge information Statistics STP Multicast Address 01 80 c2 00 00 00 Bridge Priority 32768 Bridge Mac Address ec cd 6d 20 c0 ed Bridge Hello Time 2 Bridge Forward Delay 15 Topology Change Initiator 5023 Last Topology Change Occured Mon Aug 22 05 41 20 2011 Topology Change FALSE Topology Change Detected TRUE Topology Change Count 1 Topology Change Last Recvd ...

Page 440: ...ciated with them including the VLAN range index value for the device Syntax show spanning tree vlan range index Mode Privileged Exec Example To display information about MST instances and the VLANs associated with them for the device including the VLAN range index value use the following command awplus show spanning tree vlan range index Output Figure 12 17 Example output from theshow spanning tre...

Page 441: ...detect that it is an edge port If it does not receive any BPDUs in the first three seconds after linkup enabling or entering RSTP or MSTP mode it sets itself to be an edgeport and enters the forwarding state Use this command for RSTP or MSTP Use the no variant of this command to disable this feature Syntax spanning tree autoedge no spanning tree autoedge Default Disabled Mode Interface Configurati...

Page 442: ...he spanning tree enable command before you can use this command to then configure BPDU discarding or forwarding This command enables the switch to forward unsupported BPDUs with an unsupported Spanning Tree Protocol such as proprietary STP protocols with unsupported BPDUs by forwarding BDPU Bridge Protocol Data Unit frames unchanged through the switch When you want to revert to default behavior on...

Page 443: ...PDU forwarding for untagged frames in Global Configuration mode with STP disabled which forwards any ingress STP BPDU frames to all ports that are untagged members of the ingress port s native VLAN enter the commands awplus configure terminal awplus config no spanning tree stp enable awplus config spanning tree bpdu forward untagged vlan To enable STP BPDU forwarding for tagged frames in Global Co...

Page 444: ...es all devices in the switched LAN running the AlliedWare Plus Operating System must have Cisco interoperability enabled When the AlliedWare Plus Operating System is interoperating with Cisco the only criteria used to classify a region are the region name and revision level VLAN to instance mapping is not used to classify regions when interoperating with Cisco Examples To enable Cisco interoperabi...

Page 445: ...ferently in the output of some show commands Use the no variant of this command to set a port to its default state not an edge port Syntax spanning tree edgeport no spanning tree edgeport Default Not an edge port Mode Interface Configuration Usage Use this command on a switch port connected to a LAN that has no other bridges attached If a BPDU is received on the port that indicates that another br...

Page 446: ...ee is enabled and the spanning tree mode is set to RSTP To change the mode see spanning tree mode command Examples To enable STP in Global Configuration mode enter the below commands awplus configure terminal awplus config spanning tree stp enable To disable STP in Global Configuration mode enter the below commands awplus configure terminal awplus config no spanning tree stp enable To enable MSTP ...

Page 447: ...7 AlliedWare Plus Operating System Version 5 4 5I 0 x SPANNING TREE COMMANDS SPANNING TREE ENABLE To disable RSTP in Global Configuration mode enter the below commands awplus configure terminal awplus config no spanning tree rstp enable Related Commands spanning tree bpdu spanning tree mode ...

Page 448: ...y Syntax spanning tree errdisable timeout enable no spanning tree errdisable timeout enable Default By default the errdisable timeout is disabled Mode Global Configuration Usage The BPDU guard feature shuts down the port on receiving a BPDU on a BPDU guard enabled port This command associates a timer with the feature such that the port is re enabled without manual intervention after a set interval...

Page 449: ...as been disabled by the BPDU guard feature Use this command for RSTP or MSTP Syntax spanning tree errdisable timeout interval 10 1000000 no spanning tree errdisable timeout interval Default By default the port is re enabled after 300 seconds Mode Global Configuration Example awplus configure terminal awplus config spanning tree errdisable timeout interval 34 Related Commands show spanning tree spa...

Page 450: ...ally detects one Mode Interface Configuration mode for a switch port interface only Examples Set the value to enforce the spanning tree protocol STP awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree force version 0 Set the default protocol version awplus configure terminal awplus config interface port1 0 2 awplus config if no spanning tree force version Rel...

Page 451: ...tion from discarding to learning and from learning to forwarding This value is used only when the device is acting as the root bridge Devices not acting asthe RootBridgeuse adynamic valuefor the forwarddelayset by theroot bridge The forward delay max age and hello time parameters are interrelated Syntax spanning tree forward time forward delay no spanning tree forward time Default The default is 1...

Page 452: ...or BPDUs You can use this command for RSTP STP or MSTP Use the no variant of this command to disable the root guard feature for the port Syntax spanning tree guard root no spanning tree guard root Mode Interface Configuration mode for a switch port interface only Usage The Root Guard feature makes sure that the port on which it is enabled is a designated port If the Root Guard enabled port receive...

Page 453: ...of this command to restore the default of the hello time Syntax spanning tree hello time hello time no spanning tree hello time Default Default is 2 seconds Mode Global Configuration and Interface Configuration for switch ports Usage The allowable range of values is 1 10 seconds The forward delay max age and hello time parameters should be set according to the following formula as specified in IEE...

Page 454: ... only Use the no variant of this command to return the port to the default link type Syntax spanning tree link type point to point shared no spanning tree link type Default The default link type is point to point Mode Interface Configuration mode for a switch port interface only Usage You may want to set link type to shared if the port is connected to a hub with multiple devices connected to it Ex...

Page 455: ...age Default The default of spanning tree max age is 20 seconds Mode Global Configuration Usage Max age is the maximum time in seconds for which a message is considered valid Configure this value sufficiently high so that a frame generated by the root bridge can be propagated to the leaf nodes without exceeding the max age The forward delay max age and hello time parameters should be set according ...

Page 456: ...for MSTP only Syntax spanning tree max hops hop count no spanning tree max hops hop count Default The default max hops in a MST region is 20 Mode Global Configuration Usage Specifying the max hops for a BPDU prevents the messages from looping indefinitely in the network The hop count is decremented by each receiving port When a device receives an MST BPDU that has a hop count of zero it discards t...

Page 457: ...ult The default spanning tree protocol mode on the device is RSTP Mode Global Configuration Usage With no configuration the device will have spanning tree enabled and the spanning tree mode will be set to RSTP Use this command to change the spanning tree protocol mode on the device MSTP is VLAN aware but RSTP and STP are not VLAN aware To enable or disable spanning tree operation see the spanning ...

Page 458: ...nning tree mst configuration Overview Use this command to enter the MST Configuration mode to configure the Multiple Spanning Tree Protocol Syntax spanning tree mst configuration Mode Global Configuration Examples ThefollowingexampleusesthiscommandtoenterMSTConfigurationmode Note the change in the command prompt awplus configure terminal awplus config spanning tree mst configuration awplus config ...

Page 459: ...utomatically becomes a member of an MSTI when it is assigned to a VLAN Mode Interface Configuration mode for a switch port or channel group Usage You can disable automatic configuration of member ports of a VLAN to an associated MSTI by using a no spanning tree mst instance command to remove the member port from the MSTI Use the spanning tree mst instance command to add a VLAN member port back to ...

Page 460: ...e instance id path cost Default The default path cost values and the range of recommended path cost values depend on the port speed as shown in the following table from the IEEE 802 1q 2003 standard Mode Interface Configuration mode for a switch port interface only Usage Before you can use this command to set a path cost in a VLAN configuration you must explicitly add an MST instance to a port usi...

Page 461: ...s configure terminal awplus config interface port1 0 2 awplus config if spanning tree mst instance 3 path cost 1000 awplus configure terminal awplus config interface port1 0 2 awplus config if no spanning tree mst instance 3 path cost Related Commands instance vlan MSTP spanning tree mst instance spanning tree mst instance priority spanning tree mst instance restricted role spanning tree mst insta...

Page 462: ...ithm uses the port priority when determining the root port for the switch in the MSTI The port with the lowest value is considered to have the highest priority and will be chosen as root port over a port equivalent in all other aspects but with a higher priority value Examples awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree mst instance 3 priority 112 awp...

Page 463: ...t instance instance id restricted role Default The restricted role for an MSTI instance on a switch port is disabled by default Mode Interface Configuration mode for a switch port interface only Usage The root port is the port providing the best path from the bridge to the root bridge Use this command to disable a port from becoming a root port Use the no variant of this command to enable a port t...

Page 464: ...interface only Usage A Topology Change Notification TCN is a simple Bridge Protocol Data Unit BPDU that a bridge sends out to its root port to signal a topology change You can configure restricted TCN between TRUE and FALSE values with this command and the no variant of this command If you configure restricted TCN to TRUE with this command then this stops the switch port from propagating received ...

Page 465: ...liedWare Plus Operating System Version 5 4 5I 0 x SPANNING TREE COMMANDS SPANNING TREE MST INSTANCE RESTRICTED TCN Related Commands instance vlan MSTP spanning tree priority port priority spanning tree mst instance spanning tree mst instance path cost spanning tree mst instance restricted role ...

Page 466: ... this will apply to the port s path cost for the CIST Syntax spanning tree path cost pathcost no spanning tree path cost Default The default path cost values and the range of recommended path cost values depend on the port speed as shown in the following table from the IEEE 802 1q 2003 and IEEE 802 1d 2004 standards Mode Interface Configuration mode for switch port interface only Example awplus co...

Page 467: ...an edge port Syntax spanning tree portfast no spanning tree portfast Default Not an edge port Mode Interface Configuration mode for a switch port interface only Usage Portfast makes a port move from a blocking state to a forwarding state bypassing both listening and learning states The portfast feature is meant to be used for ports connected to end user devices Enabling portfast on ports that are ...

Page 468: ...tem Version 5 4 5I 0 x SPANNING TREE COMMANDS SPANNING TREE PORTFAST STP Example awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast Related Commands spanning tree edgeport RSTP and MSTP show spanning tree spanning tree portfast bpdu filter spanning tree portfast bpdu guard ...

Page 469: ...portfast bpdu filter Default BPDU Filter is not enabled on any ports by default Mode Global Configuration and Interface Configuration Usage This command filters the BPDUs and passes only data to continue to act as an edge port Using this command in Global Configuration mode applies the portfast bpdu filter feature to all ports on the device Using it in Interface mode applies the feature to a speci...

Page 470: ...SPANNING TREE PORTFAST BPDU FILTER To enable STP BPDU filtering in Interface Configuration mode enter the commands awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast bpdu filter enable Related Commands spanning tree edgeport RSTP and MSTP show spanning tree spanning tree portfast STP spanning tree portfast bpdu guard ...

Page 471: ...abled on any ports by default Mode Global Configuration or Interface Configuration Usage This command blocks the port s to all devices and data when enabled BPDU Guard is a port security feature that changes how a portfast enabled port behaves if it receives a BPDU When bpdu guard is set then the port shuts down if it receives a BPDU It does not process the BPDU as it is considered suspicious When...

Page 472: ...nfigured and currently running values of bpdu guard Example To enable STP BPDU guard in Global Configuration mode enter the below commands awplus configure terminal awplus config spanning tree portfast bpdu guard To enable STP BPDU guard in Interface Configuration mode enter the below commands awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast bpdu ...

Page 473: ...P STP or MSTP When MSTP mode is configured this will apply to the CIST Use the no variant of this command to reset it to the default Syntax spanning tree priority priority no spanning tree priority Default The default priority is 32678 Mode Global Configuration Usage To force a particular device to become the root bridge use a lower value than other devices in the spanning tree Example awplus conf...

Page 474: ...mmand to reset it to the default Syntax spanning tree priority priority no spanning tree priority Default The default priority is 128 Mode Interface Configuration mode for a switch port interface only Usage To force a port to be part of the active topology for instance become the root port or a designated port use a lower value than other ports on the device This behavior is subject to network top...

Page 475: ...nfiguration mode for a switch port interface only to restrict the port from becoming a root port Use the no variant of this command to disable the restricted role functionality Syntax spanning tree restricted role no spanning tree restricted role Default The restricted role is disabled Mode Interface Configuration mode for a switch port interface only Example awplus configure terminal awplus confi...

Page 476: ...fication BPDUs Bridge Protocol Data Units from being sent on a port If this command is enabled after a topology change a bridge is prevented from sending a TCN to its designated bridge Use the no variant of this command to disable the restricted TCN functionality Syntax spanning tree restricted tcn no spanning tree restricted tcn Default The restricted TCN is disabled Mode Interface Configuration ...

Page 477: ...ansmit holdcount Overview Use this command to set the maximum number of BPDU transmissions that are held back Use the no variant of this command to restore the default transmit hold count value Syntax spanning tree transmit holdcount no spanning tree transmit holdcount Default Transmit hold count default is 3 Mode Global Configuration Example awplus configure terminal awplus config spanning tree t...

Page 478: ...ndustrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x SPANNING TREE COMMANDS UNDEBUG MSTP undebug mstp Overview This command applies the functionality of the no debug mstp RSTP and STP command ...

Page 479: ... links The load sharing algorithm is designed to ensure that any given data flow always goes down the same link It also aims to spread data flows across the links as evenly as possible For example for a 2 Gbps LAG that is a combination of two 1 Gbps ports any one flow of traffic can only ever reach a maximum throughput of 1 Gbps However the hashing algorithm should spread the flows across the link...

Page 480: ... System Version 5 4 5I 0 x LINK AGGREGATION COMMANDS show etherchannel detail on page 492 show etherchannel summary on page 493 show lacp sys id on page 494 show lacp counter on page 495 show port etherchannel on page 496 show static channel group on page 498 static channel group on page 499 undebug lacp on page 501 ...

Page 481: ...roup must have the same port speed and be in full duplex mode Once the LACP channel group has been created it is treated as a device port and can be referred to in most other commands that apply to device ports To refer to an LACP channel group in other LACP commands use the channel group number To specify an LACP channel group LACP aggregator in other commands prefix the channel group number with...

Page 482: ...e active To remove device port1 0 6 from any created LACP channel groups use the command below awplus configure terminal awplus config interface port1 0 6 awplus config if no channel group awplus config To reference the pre defined LACP channel group 2 as an interface apply commands as below awplus configure terminal awplus config interface port1 0 6 awplus config if channel group 2 mode active aw...

Page 483: ...5 4 5I 0 x LINK AGGREGATION COMMANDS CLEAR LACP COUNTERS clear lacp counters Overview Use this command to clear all counters of all present LACP aggregators channel groups or a given LACP aggregator Syntax clear lacp 1 2 counters Mode Privileged Exec Example awplus clear lacp 2 counters Parameter Description 1 2 Channel group number ...

Page 484: ...etail awplus debug lacp all Related Commands show debugging lacp undebug lacp Parameter Description all Turn on all debugging for LACP cli Specifies debugging for CLI messages Echoes commands to the console event Specifies debugging for LACP events Echoes events to the console ha Specifies debugging for HA High Availability events Echoes High Availability events to the console packet Specifies deb...

Page 485: ...are selected for aggregation based on their priority with the higher priority numerically lower ports selected first Use the no variant of this command to reset the priority of port to the default Syntax lacp port priority 1 65535 no lacp port priority Default The default is 32768 Mode Interface Configuration Example awplus configure terminal awplus config interface port1 0 5 awplus config if lacp...

Page 486: ...s used in determining the system responsible for resolving conflicts in the choice of aggregation groups Use the no variant of this command to reset the system priority of the local system to the default Syntax lacp system priority 1 65535 no lacp system priority Default The default is 32768 Mode Global Configuration Example awplus configure terminal awplus config lacp system priority 6700 Paramet...

Page 487: ...out of the aggregation if no updates are seen for 3 seconds i e 3 consecutive updates are lost The device indicates its preference by means of the Timeout field in the Actor section of its LACPDUs If the Timeout field is set to 1 then the device has set the short timeout If the Timeout field is set to 0 then the device has set the long timeout Setting the short timeout enables the device to be mor...

Page 488: ...50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x LINK AGGREGATION COMMANDS LACP TIMEOUT The following commands set the LACP short timeout for 1 second on port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if lacp timeout short ...

Page 489: ...ommand output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging lacp Mode User Exec and Privileged Exec Example awplus show debugging lacp Output Figure 13 1 Example output from the show debugging lacp command Related Commands debug lacp LACP debugging status LACP timer debugging is on LACP timer detail de...

Page 490: ...ature Overview and Configuration Guide Syntax show diagnostic channel group Mode User Exec and Privileged Exec Example awplus show diagnostic channel group Output Figure 13 2 Example output from the show diagnostic channel group command Related Commands show tech support awplus show diagnostic channel group Channel Group Info based on NSM Note Pos position in hardware table Dev Interface IfIndex M...

Page 491: ...de User Exec and Privileged Exec Example awplus show etherchannel 2 Output Figure 13 3 Example output from the show etherchannel command Figure 13 4 Example output from the show etherchannel command for a particular channel Parameter Description 1 2 Channel group number awplus show etherchannel LAG Maximum 4 LAG Static Maximum 2 LAG Dynamic Maximum 2 LAG Static Count 0 LAG Dynamic Count 1 LAG Tota...

Page 492: ...Guide Syntax show etherchannel detail Mode User Exec and Privileged Exec Example awplus show etherchannel detail Output Figure 13 5 Example output from the show etherchannel detail command Aggregator po1 IfIndex 4501 Mac address 00 00 cd 24 fd 29 Admin Key 0001 Oper Key 0001 Receive link count 1 Transmit link count 0 Individual 0 Ready 1 Partner LAG 0x8000 00 00 cd 24 da a7 Link port1 0 1 IfIndex ...

Page 493: ...tering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show etherchannel summary Mode User Exec and Privileged Exec Example awplus show etherchannel summary Output Figure 13 6 Example output from the show etherchannel summary command Aggregator po1 Admin Key 0001 Oper Key 0001 Link port1 0 1 5...

Page 494: ...o display the LACP system ID and priority For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show lacp sys id Mode User Exec and Privileged Exec Example awplus show lacp sys id Output Figure 13 7 Example output from the show lacp sys id command System Priority 0x8000 ...

Page 495: ...regator For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show lacp counter 1 2 Mode User Exec and Privileged Exec Example awplus show lacp counter 2 Output Figure 13 8 Example output from the show lacp counter command Parameter Description 1 2 Channel group number T...

Page 496: ...vice port specified For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show port etherchannel port Mode User Exec and Privileged Exec Example awplus show port etherchannel port1 0 1 Output Figure 13 9 Example output from the show port etherchannel command Parameter De...

Page 497: ... periodic Mux machine state Collecting Distributing Actor Information Partner Information Selected Selected Partner Sys Priority 0 Physical Admin Key 1 Partner System 00 00 00 00 00 00 Port Key 5 Port Key 0 Port Priority 32768 Port Priority 0 Port Number 5001 Port Number 0 Mode Active Mode Passive Timeout Long Timeout Short Individual Yes Individual Yes Synchronised Yes Synchronised Yes Collecting...

Page 498: ...ame as a static aggregator For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show static channel group Mode User Exec and Privileged Exec Example awplus show static channel group Output Figure 13 10 Example output from the show static channel group command Related Co...

Page 499: ... is the last member to be removed the static channel group is deleted All the ports in a channel group must have the same VLAN configuration they must belong to the same VLANs and have the same tagging status and can only be operated on as a group Once the static channel group has been created it is treated as a device port and can be referred to in other commands that apply to device ports To ref...

Page 500: ...nce the pre defined static channel group 2 as an interface apply the example commands as below awplus configure terminal awplus config interface port1 0 6 awplus config if static channel group 2 awplus config if exit awplus config interface port 1 0 8 awplus config if static channel group 2 awplus config if exit awplus config interface sa2 awplus config if Related Commands show static channel grou...

Page 501: ...ce for IE200 Series Industrial Managed PoE Switches 501 AlliedWare Plus Operating System Version 5 4 5I 0 x LINK AGGREGATION COMMANDS UNDEBUG LACP undebug lacp Overview This command applies the functionality of the no debug lacp command ...

Page 502: ...ation Guide the SNMP MIBs Overview for information about which PoE MIB objects are supported the SNMP Feature Overview and Configuration Guide for information about SNMP traps Power over Ethernet PoE is a technology allowing devices such as IP phones to receive power over existing LAN cabling PoE is configured using the commands in this chapter Note the Power Sourcing Equipment PSE referred to thr...

Page 503: ...ER ETHERNET COMMANDS power inline max on page 510 power inline priority on page 512 power inline usage threshold on page 514 service power inline on page 515 show debugging power inline on page 516 show power inline on page 517 show power inline counters on page 519 show power inline interface on page 521 show power inline interface detail on page 523 ...

Page 504: ...eared It will also clear all Power over Ethernet PoE counters supported by the Power Ethernet MIB RFC 3621 Syntax clear power inline counters interface port list Mode Privileged Exec Usage The PoE counters are displayed with the show power inline counters command Examples To clear the PoE counters for port1 0 2only use the following command awplus clear power inline counters interface port1 0 2 To...

Page 505: ...E event and info debug messages on the console use the following commands awplus terminal monitor awplus debug power inline event info To enable PoE debugging and start the display of all PoE debugging messages on the console use the following commands awplus terminal monitor awplus debug power inline all To disable PoE debugging and stop the display of PoE event and info debug messages on the con...

Page 506: ...ies Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x POWER OVER ETHERNET COMMANDS DEBUG POWER INLINE Validation Commands show debugging power inline Related Commands terminal monitor ...

Page 507: ...f pre IEEE 802 3af Power Ethernet standard legacy Powered Devices PDs Syntax power inline allow legacy no power inline allow legacy Default Detection of legacy PDs is enabled on all ports on the Power Sourcing Equipment PSE Mode Global Configuration Examples To disable detection of legacy PDs use the following commands awplus configure terminal awplus config no power inline allow legacy To enable ...

Page 508: ...oE port a list of PoE ports or a range of PoE ports with the preceding interface to configure command If you specify a range or list of ports they must all be PoE capable ports Examples To add the description Desk Phone for a connected PD on port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if power inline description Desk Phone To clear...

Page 509: ...tion Usage Select a PoE port a list of PoE ports or a range of PoE ports from the preceding interface to configure command If you specify a range or list of ports they must all be PoE capable ports No PoE log messages are generated for specified PoE port s after PoE is disabled The disabled PoE port s still provide Ethernet connectivity after PoE is disabled Examples To disable PoE on ports port1 ...

Page 510: ...onsumes 5 W the switch will reserve the full 15 4 W for this port when determining its total power PoE power requirement The no variant of this command sets the maximum power supplied to a PoE port to the default which is set to the maximum power limit for the class of the connected Powered Device PD Syntax power inline max 4000 30000 no power inline max Default The Power Sourcing Equipment PSE su...

Page 511: ...aximum power supplied to ports in the range1 0 2 to 1 0 4 to 6450mW per port use the following commands awplus configure terminal awplus config interface port1 0 2 port1 0 4 awplus config if power inline max 6450 To set the maximum power supplied to port1 0 2 to 6450 mW use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if power inline max 6450 To ...

Page 512: ...s or a range of PoE ports with the preceding interface to configure command If you specify a range or list of ports they must all be PoE capable ports PoE ports with higher priorities are given power before PoE ports with lower priorities If the priorities for two PoE ports are the same then the lower numbered PoE port is given power before the higher numbered PoE port See the PoE Feature Overview...

Page 513: ...the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if power inline priority high To reset the priority level to the default for port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no power inline priority Validation Commands show power inline show power inline interface show running config p...

Page 514: ... The default power usage threshold is 80 of the nominal power rating of the PSE Mode Global Configuration Usage Use the snmp server enable trap command to configure SNMP notification An SNMP notification is sent when the usage threshold as configured in the example is exceeded Examples To generate SNMP notifications when power supplied exceeds 70 of the nominal PSE power use the following commands...

Page 515: ...ipment PSE for all PoE ports Syntax service power inline no service power inline Default PoE functionality is enabled by default on the PSE Mode Global Configuration Examples To disable PoE on the PSE use the following commands awplus configure terminal awplus config no service power inline To re enable PoE on the PSE if PoE has been disabled use the following commands awplus configure terminal aw...

Page 516: ...ut in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging power inline Mode User Exec and Privileged Exec Example To display PoE debug settings use the following command awplus show debugging power inline Output Figure 14 1 Example output from the show debugging power inline command Related Commands debug power inline terminal monitor awplus show...

Page 517: ...ch in watts W Power Allocated The current power allocated in watts W that is available to be drawn by any connected Powered Devices PDs This is updated every 5 seconds Actual Power Consumption The current power consumption in watts W drawn by all connected Powered Devices PDs This is updated every 5 seconds Operational Status The operational status of the PSU hardware on the PSE when this command ...

Page 518: ...E go over the power budget Off displays when PoE has been disabled for the PoE port F ault displays when a PSE goes over its power allocation Power The power consumption in milliwatts mW for the PoE port when this command was entered Device The description of the connected PD device if a description has been added with the power inline description command No description is shown for PDs not config...

Page 519: ... supported For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overviewand Configuration Guide Syntax show power inline counters port list Mode User Exec and Privileged Exec Usage To display all PoE event counters for all PoE ports on the PSE do not enter the optional interface parameter Examples To display ...

Page 520: ...le number within the device and z is the PoE port number within the module MPSAbsent The number of instances when the PoE MPS Maintain Power Signature signal has been lost The PoE MPS signal is lost when a PD is disconnected from the PSE Also increments pethPsePortMPSAbsentCounter in the PoE MIB Overload The number of instances when a PD exceeds its configured power limit as configured by the powe...

Page 521: ...witch use the following command awplus show power inline interface To display the PoE port specific information for the port range1 0 1 to 1 0 4 use the following command awplus show power inline interface port1 0 1 port1 0 4 Output Figure 14 3 Example output from the show power inline interface command Parameter Description port list Enter the PoE port s to display PoE specific information in the...

Page 522: ... power budget Disabled displays when the PoE port is administratively disabled Off displays when PoE has been disabled for the port Fault displays when a PSE goes over its power allocation Power The power consumption in milliwatts mW for the PoE port when this command was entered Device The description of the connected PD device if a description has been added with the power inline description com...

Page 523: ...ted with AlliedWare Plus Feature Overview and Configuration Guide Syntax show power inline interface port list detail Mode User Exec and Privileged Exec Usage To show detailed PoE information for all ports on the PSE do not specify any ports The power allocated to each port is listed in the Power allocated row and is limited by the maximum power per Powered Device PD class or a user configured pow...

Page 524: ...and output Parameter Description Interface The PoE port s in the format portx y z where x is the device number y is the module number within the device and z is the PoE port number within the module Powered device type The name of the PD if connected and if power is being supplied to the PD from the PSE configured with the power inline description command n a displays if a description has not been...

Page 525: ...Power allocated The power in milliwatts mW allocated for the PoE port Additionally note the following as displayed per PoE port U if the power limit for a port was user configured with the power inline max command L if the power limit for a port was supplied by LLDP C if the power limit for a port was supplied by the PD class Detection of legacy devices is Enabled Disabled The status of legacy PoE...

Page 526: ... 400 of these VLANs are supported MSTP is not supported by the AlliedWare Plus GVRP implementation GVRP and MSTP are mutually exclusive STP and RSTP are supported by GVRP This chapter provides an alphabetical reference for commands used to configure GVRP For information about GVRP including configuration see the GVRP Feature Overview and Configuration Guide Command List clear gvrp statistics on pa...

Page 527: ... or for a specific switchport Syntax clear gvrp statistics all interface Mode Privileged Exec Usage Use this command together with the show gvrp statistics command to troubleshoot GVRP Examples To clear all GVRP statistics for all switchport on the switch enter the command awplus clear gvrp statistics all Related Commands show gvrp statistics Parameter Description all Specify all switchports to cl...

Page 528: ... enter the commands awplus terminal monitor awplus configure terminal awplus config debug gvrp all To send debug output for GVRP packets to the console enter the commands awplus terminal monitor awplus configure terminal awplus config debug gvrp packets To send debug output for GVRP commands to the console enter the commands awplus terminal monitor awplus configure terminal awplus config debug gvr...

Page 529: ... 01 REV A Command Reference for IE200 Series Industrial Managed PoE Switches 529 AlliedWare Plus Operating System Version 5 4 5I 0 x GVRP COMMANDS DEBUG GVRP Related Commands show debugging gvrp terminal monitor ...

Page 530: ...his command does not enable GVRP for the switch To enable GVRP on switchports use this command in Interface Configuration mode You must issue a gvrp enable global command before issuing a gvrp interface command You must enable GVRP on both ends of a link for GVRP to propagate VLANs between links NOTE MSTP is not supported by the current AlliedWare Plus GVRP implementation GVRP and MSTP are mutuall...

Page 531: ...nabling GVRP on an interface in Interface Configuration mode Both of these tasks must occur to create VLANs NOTE There is limit of 400 VLANs supported by the AlliedWare Plus GVRP implementation VLANsmaybenumbered1 4094 butalimitof400oftheseVLANsare supported Examples Enter the following commands for switches with hostnames switch1 and switch2 respectively so switch1 propagates VLANs to switch2 and...

Page 532: ... mode You must issue a gvrp enable global command before issuing a gvrp interface command You must enable GVRP on both ends of a link for GVRP to propagate VLANs between links NOTE MSTP is not supported by the current AlliedWare Plus GVRP implementation GVRP and MSTP are mutually exclusive STP and RSTP are supported by GVRP Private VLAN trunk ports are not supported by the current AlliedWare Plus ...

Page 533: ...uration Default Normal registration is the default Usage Configuring a trunk port in normal registration mode allows dynamic creation of VLANs Normal mode is the default mode Validate using the show gvrp configuration command Configuring a trunk port in fixed registration mode allows manual creation of VLANs Configuring a trunk port in forbidden registration mode prevents VLAN creation on the port...

Page 534: ...s 1000 centiseconds 10 000 milliseconds Usage When configuring the leave timer set it to more than or equal to three times the join timer value The settings for the leave and join timers must be the same for all GVRP enabled switches See also the section Setting the GVRP Timers in the GVRP Feature Overview and Configuration Guide Use the show gvrp timer command to confirm GVRP timers set with this...

Page 535: ...ng Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging gvrp Mode User Exec and Privileged Exec Example Enter the following commands to display GVRP debugging output on the console awplus configure terminal awplus config debug gvrp all awplus config exit awplus show debugging gvrp Output See sample output from the show debugging gvrp command after entering de...

Page 536: ...ion data for a switch For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show gvrp configuration Mode User Exec and Privileged Exec Example To show GVRP configuration for the switch enter the command awplus show gvrp configuration Output The following is an output of ...

Page 537: ...tate machine for GVRP For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show gvrp machine Mode User Exec and Privileged Exec Example To show the GVRP state machine for the switch enter the command awplus show gvrp machine Output See the following output of this comma...

Page 538: ...saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show gvrp statistics interface Mode User Exec and Privileged Exec Usage Use this command together with the clear gvrp statistics command to troubleshoot GVRP Examples To show the GVRP statistics for all switchport interfaces enter the command awplus ...

Page 539: ... gvrp timer command For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show gvrp timer interface Mode User Exec and Privileged Exec Examples To show the GVRP timers for all switchport interfaces enter the command awplus show gvrp timer Related Commands gvrp timer Para...

Page 540: ...S For more information see the IP Feature Overview and Configuration Guide Command List arp aging timeout on page 542 arp mac disparity on page 543 arp IP address MAC on page 544 arp log on page 545 clear arp cache on page 549 debug ip packet interface on page 550 ip address on page 552 ip domain list on page 554 ip domain lookup on page 555 ip domain name on page 556 ip gratuitous arp link on pag...

Page 541: ...s Operating System Version 5 4 5I 0 x IP ADDRESSING AND PROTOCOL COMMANDS show ip domain name on page 567 show ip interface on page 568 show ip name server on page 569 show ip sockets on page 570 show ip traffic on page 573 tcpdump on page 579 traceroute on page 580 undebug ip packet interface on page 581 ...

Page 542: ...ies to ensure that the cache does not fill with entries for hosts that are no longer active Static ARP entries are not aged or automatically deleted By default the time limit for dynamic ARP entries is 300 seconds on all interfaces The no variant of this command sets the time limit to the default of 300 seconds Syntax arp aging timeout 0 432000 no arp aging timeout Default 300 seconds 5 minutes Mo...

Page 543: ...ARP request to resolve a multicast MAC address By default ARP replies with a multicast MAC addresses are not learned This command allows control over the learning of dynamic ARPs that resolve to a multicast MAC address ARP MAC disparity may need to be enabled to support multicast network load balancing The arp mac disparity command allows ARP replies quoting multicast MAC addresses to be accepted ...

Page 544: ...e ARP cache Syntax arp ip addr mac address port number alias no arp ip addr Mode Global Configuration Examples To add the IP address 10 10 10 9 with the MAC address 0010 2533 4655 into the ARP cache and have your device respond to ARP requests for this address use the commands awplus configure terminal awplus config arp 10 10 10 9 0010 2355 4566 alias Related Commands clear arp cache show arp Para...

Page 545: ...IEEE format hexadecimal notation HH HH HH HH HH HH when you apply the mac address format ieee parameter Enter the arp log command without the optional mac address format ieee parameter specified for MAC addresses in the ARP log output to use the default hexadecimal notation HHHH HHHH HHHH Enter the arp log mac address format ieee command for MAC addresses in the ARP log output to use the IEEE stan...

Page 546: ...ion HH HH HH HH HH HH and revert to the use of the default hexadecimal notation HHHH HHHH HHHH instead use the following commands awplus configure terminal awplus config no arp log mac address format ieee To display ARP log messages use following command awplus show log include ARP_LOG Output Below is example output from the show log include ARP_LOG command after enabling ARP logging displaying de...

Page 547: ...0 Apr 6 06 26 53 user notice awplus HSL 1007 ARP_LOG port1 0 6 vlan1 del 00 30 94 0e 13 6b 192 168 2 20 2010 Apr 6 06 27 31 user notice awplus HSL 1007 ARP_LOG port1 0 6 vlan1 del 00 17 9a b6 03 69 192 168 2 12 2010 Apr 6 06 28 09 user notice awplus HSL 1007 ARP_LOG port1 0 6 vlan1 del 00 03 37 6b a6 a5 192 168 2 10 2010 Apr 6 06 28 14 user notice awplus IMISH 1830 show log include ARP_LOG Table 1...

Page 548: ...f an ARP entry to be cleared from the ARP cache Syntax clear arp cache ip address Mode Privileged Exec Usage To display the entries in the ARP cache use the show arp command To remove static ARP entries use the no variant of the arp IP address MAC command Example To clear all dynamic ARP entries use the command awplus clear arp cache To clear all dynamic ARP entries associated with the IPv4 addres...

Page 549: ...ngle Layer 3 interface to show debugging for either all interfaces or a single interface all Specify all Layer 3 interfaces on the device ip address Specify an IPv4 address If this keyword is specified then only packets with the specified IP address as specified in the ip address placeholder are shown in the output verbose Specify verbose to output more of the IP packet If this keyword is specifie...

Page 550: ... on all interfaces on the device use the command awplus debug ip packet interface all To turn on TCP packet debugging on vlan1 and IP address 192 168 2 4 use the command awplus debug ip packet interface vlan1 address 192 168 2 4 tcp To turn off IP packet interface debugging on all interfaces use the command awplus no debug ip packet interface To turn off IP packet interface debugging on interface ...

Page 551: ...he IP address from the interface You cannot remove the primary address when a secondary address is present Syntax ip address ip addr prefix length secondary label label no ip address ip addr prefix length secondary no ip address Mode Interface Configuration for a VLAN interface or a local loopback interface Examples To add the primary IP address 10 10 10 50 24 to the interface vlan3 use the follow...

Page 552: ... 5I 0 x IP ADDRESSING AND PROTOCOL COMMANDS IP ADDRESS To add the IP address 10 10 11 50 24 to the local loopback interface lo use the following commands awplus configure terminal awplus config interface lo awplus config if ip address 10 10 11 50 24 Related Commands interface to configure show ip interface show running config interface ...

Page 553: ...ant of this command deletes a domain from the list Syntax ip domain list domain name no ip domain list domain name Mode Global Configuration Usage If there are no domains in the DNS list then your device uses the domain specified with the ip domain name command If any domain exists in the DNS list then the device does not use the domain set using the ip domain name command Example To add the domai...

Page 554: ... The client will not attempt to resolve domain names You must use IP addresses to specify hosts in commands Syntax ip domain lookup no ip domain lookup Mode Global Configuration Usage The client is enabled by default However it does not attempt DNS inquiries unless there is a DNS server configured For more information about DNS clients see the IP Feature Overview and Configuration Guide Examples T...

Page 555: ...nfiguration Usage If there are no domains in the DNS list created using the ip domain list command then your device uses the domain specified with this command If any domain exists in the DNS list then the device does not use the domain configured with this command When your device is using its DHCP client for an interface it can receive Option 15 from the DHCP server This option replaces the doma...

Page 556: ...ous arp link Default The default Gratuitous ARP time limit for all switchports is 8 seconds Mode Global Configuration Usage Every switchport will send a sequence of 3 Gratuitous ARP packets to each VLAN that the switchport is a member of whenever the switchport moves to the forwarding state The first Gratuitous ARP packet is sent 1 second after the switchport becomes a forwarding switchport The se...

Page 557: ...are Plus Operating System Version 5 4 5I 0 x IP ADDRESSING AND PROTOCOL COMMANDS IP GRATUITOUS ARP LINK To restrict the sending of Gratuitous ARP packets to one every 20 seconds use the commands awplus configure terminal awplus config ip gratuitous arp link 20 Validation Commands show running config ...

Page 558: ...yntax ip name server ip addr no ip name server ip addr Mode Global Configuration Usage When your device is using its DHCP client for an interface it can receive Option 6 messages from the DHCP server This option appends the name server list with more DNS servers For more information about DHCP and DNS see the IP Feature Overview and Configuration Guide Examples To allow a device to send DNS querie...

Page 559: ...do not fragment bit in the IP header interval 0 128 Specify the time interval in seconds between sending ping packets The default is 1 You can use decimal places to specify fractions of a second For example to ping every millisecond set the interval to 0 001 pattern hex data pattern Specify the hex data pattern repeat Specify the number of ping packets to send 1 2147483647 Specify repeat count The...

Page 560: ...ge Running this command with no additional parameters will display all entries in the ARP routing and forwarding table Example To display all ARP entries in the ARP cache use the following command awplus show arp Output Figure 16 1 Example output from the show arp command awplus show arp IP Address MAC Address Interface Port Type 192 168 10 2 0015 77ad fad8 vlan1 port1 0 1 dynamic 192 168 20 2 001...

Page 561: ... Command Reference for IE200 Series Industrial Managed PoE Switches 561 AlliedWare Plus Operating System Version 5 4 5I 0 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW ARP Related Commands arp IP address MAC clear arp cache ...

Page 562: ...and Privileged Exec Example To display theIP interface debugging statuswhen theterminal monitoroff use the command awplus terminal no monitor awplus show debug ip packet Output Figure 16 2 Example output from the show debugging ip packet command with terminal monitor off Example To display the IP interface debugging status when the terminal monitor is on use the command awplus terminal monitor awp...

Page 563: ...erence for IE200 Series Industrial Managed PoE Switches 563 AlliedWare Plus Operating System Version 5 4 5I 0 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW DEBUGGING IP PACKET Related Commands debug ip packet interface terminal monitor ...

Page 564: ...and output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show hosts Mode User Exec and Privileged Exec Example To display the default domain use the command awplus show hosts Output Figure 16 4 Example output from the show hosts command Related Commands ip domain list ip domain lookup ip domain name ip name server aw...

Page 565: ...es when sending a DNS inquiry to a DNS server For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip domain list Mode User Exec and Privileged Exec Example To display the list of domains in the domain list use the command awplus show ip domain list Output Figure 1...

Page 566: ...incomplete hostnames when sending a DNS inquiry to a DNS server For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip domain name Mode User Exec and Privileged Exec Example To display the default domain configured on your device use the command awplus show ip dom...

Page 567: ...d Exec Examples To show brief information for the assigned IP address for interface port1 0 2 use the command awplus show ip interface port1 0 2 brief To show the IP addresses assigned to vlan2 and vlan3 use the command awplus show ip interface vlan2 3 brief Output Figure 16 7 Example output from the show ip interface brief command Parameter Description interface list The interfaces to display inf...

Page 568: ... the ip name server command For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip name server Mode User Exec and Privileged Exec Example To display the list of DNS servers that your device sends DNS requests to use the command awplus show ip name server Output Fi...

Page 569: ...ckets with the associated protocol number For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip sockets Mode Privileged Exec Usage Use this command to verify that the socket being used is opening correctly If there is a local and remote endpoint a connection is e...

Page 570: ...mmand Parameter Description Not showing number local connections This field refers to established sessions between processes internal to the device that are used in its operation and management These sessions are not displayed as they are not useful to the user number is some positive integer Not showing number local listening ports This field refers to listening sockets belonging to processes int...

Page 571: ...org assignments protocol numbers Remote Address For TCP and UDP listening sockets this shows the source IP address either IPv4 or IPv6 and source TCP or UDP port number for which the socket will accept packets The address and port are separated by If the socket will accept packets addressed from any IP address the IP address will be 0 0 0 0 for IPv4 This is the usual case for a listening socket No...

Page 572: ...nt and received by all interfaces on the device showing totals for IP and IPv6 and then broken down into sub categories such as TCP UDP ICMP and their IPv6 equivalents when appropriate For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip traffic Mode Privileged ...

Page 573: ...ening ports 261 active connection openings 247 passive connection openings 14 connection attempts failed 122535 segments received 122535 segments transmitted 14 resets transmitted 227 TCP sockets finished time wait in fast timer 155 delayed acks sent 21187 headers predicted 736 pure ACKs 80497 pure ACKs predicted UDP 139468 datagrams received 139468 datagrams sent UDPLite Table 16 5 Parameters in ...

Page 574: ...eived received packets discarded Received packets discarded received packets delivered Received packets delivered forwarded packets transmitted Forwarded packets transmitted packets transmitted Packets transmitted packets discarded on transmit Packets discarded on transmit packets discarded on transmit due to no route Packets discarded on transmit due to no route fragment reassembly timeouts Fragm...

Page 575: ...atagrams received received for unknown port Received for unknown port datagrams sent Datagrams sent syncookies sent Syncookies sent syncookies received Syncookies received syncookies failed Syncookies failed embryonic resets Embryonic resets sockets pruned Sockets pruned ICMPs out of window ICMPs out of window ICMPs dropped due to lock ICMPs dropped due to lock ARPs filtered ARPs filtered TCP sock...

Page 576: ...ndos loss undos Loss undos segments lost Segments lost lost retransmits Lost retransmits TCP Reno failures TCP Reno failures SACK failures SACK failures loss failures Loss failures fast retransmits Fast retransmits forward retransmits Forward retransmits retransmits in slow start Retransmits in slow start timeouts Timeouts TCP Reno recovery failures TCP Reno recovery failures SACK recovery failure...

Page 577: ...SACKs discarded SACKs discarded Old DSACKs ignored Old DSACKs ignored DSACKs ignored without undo DSACKs ignored without undo Spurious RTOs Spurious RTOs TCP MD5 Not Found TCP MD5 Not Found TCP MD5 Unexpected TCP MD5 Unexpected TCP SACKs shifted TCP SACKs shifted TCP SACKs merged TCP SACKs merged TCP SACK shift fallback TCP SACK shift fallback UDP UDP Counters UDPLite UDPLite Counters UDP6 UDPv6 C...

Page 578: ...TCP IP traffic Press ctrl c to stop a running tcpdump Syntax tcpdump line Mode Privileged Exec Example To start a tcpdump running to capture IP packets enter the command awplus tcpdump ip Output Figure 16 11 Example output from the tcpdump command Related Commands debug ip packet interface Parameter Description line Specify the dump options For more information on the options for this placeholder ...

Page 579: ...G AND PROTOCOL COMMANDS TRACEROUTE traceroute Overview Use this command to trace the route to the specified IPv4 host Syntax traceroute ip addr hostname Mode User Exec and Privileged Exec Example awplus traceroute 10 10 0 5 Parameter Description ip addr The destination IPv4 address The IPv4 address uses the format A B C D hostname The destination hostname ...

Page 580: ...Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x IP ADDRESSING AND PROTOCOL COMMANDS UNDEBUG IP PACKET INTERFACE undebug ip packet interface Overview This command applies the functionality of the no debug ip packet interface command ...

Page 581: ...13 50066 01 REV A Command Reference for IE200 Series Industrial Managed PoE Switches 581 AlliedWare Plus Operating System Version 5 4 5I 0 x IP ADDRESSING AND PROTOCOL COMMANDS UNDEBUG IP PACKET INTERFACE ...

Page 582: ...IPv6 Feature Overview and Configuration Guide IPv6 is supported in Software Version 5 4 3A 1 x and later Command List clear ipv6 neighbors on page 583 ipv6 address on page 584 ipv6 address autoconfig on page 585 ipv6 enable on page 587 ipv6 nd raguard on page 589 ipv6 neighbor on page 591 ipv6 route on page 592 ping ipv6 on page 593 show ipv6 interface brief on page 594 show ipv6 neighbors on page...

Page 583: ...oE Switches 583 AlliedWare Plus Operating System Version 5 4 5I 0 x IPV6 COMMANDS CLEAR IPV6 NEIGHBORS clear ipv6 neighbors Overview Use this command to clear all dynamic IPv6 neighbor entries Syntax clear ipv6 neighbors Mode Privileged Exec Example awplus clear ipv6 neighbors ...

Page 584: ...v6 address ipv6 addr prefix length Mode Interface Configuration for a VLAN interface Examples To assign the IPv6 address 2001 0db8 a2 64 to the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 address 2001 0db8 a2 64 To remove the IPv6 address 2001 0db8 a2 64 from the VLAN interface vlan2 use the following commands awplus...

Page 585: ...s derives the interface identifier of the IPv6 address from the MAC address of the interface When applying SLAAC to an interface note that the MAC addressof thedefaultVLAN isappliedtotheinterfaceif theinterface doesnot have its own MAC address Note that link local addresses are retained in the system until they are negated by using the no variant of the command that established them See the ipv6 e...

Page 586: ...d Reference for IE200 Series Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x IPV6 COMMANDS IPV6 ADDRESS AUTOCONFIG Related Commands ipv6 address ipv6 enable ...

Page 587: ...t to point connection Routing does not forward packets with link local addresses IPv6 requires that a link local address is assigned to each interface that has the IPv6 protocol enabled and when addresses are assigned to interfaces for routing IPv6 packets Note that link local addresses are retained in the system until they are negated by using the no variant of the command that established them A...

Page 588: ...d Reference for IE200 Series Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x IPV6 COMMANDS IPV6 ENABLE Related Commands ipv6 address ipv6 address autoconfig ...

Page 589: ...t messages RA Guard blocks RAs from untrusted hosts Blocking RAs stops untrusted hosts from flooding malicious RAs and stops any misconfigured hosts from disrupting traffic on the local network Enabling RA Guard on a port blocks RAs from a connected host and indicates the port and host are untrusted Disabling RA Guard on a port allows RAs from a connected host and indicates the port and host are t...

Page 590: ...01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x IPV6 COMMANDS IPV6 ND RAGUARD Output Example output from a show running config interface port1 0 2 to verify RA Guard Related Commands show running config interface interface port1 0 2 switchport mode access ipv6 nd raguard ...

Page 591: ...his command to clear a specific IPv6 neighbor entry To clear all dynamic address entries use the clear ipv6 neighbors command Example To create a static neighbor entry for IPv6 address 2001 0db8 a2 on vlan 4 MAC address 0000 cd28 0880 on port1 0 6 use the command awplus configure terminal awplus config ipv6 neighbor 2001 0db8 a2 vlan4 0000 cd28 0880 port1 0 6 Related Commands clear ipv6 neighbors ...

Page 592: ...y ip gateway name distvalue Mode Global Configuration Example awplus configure terminal awplus config ipv6 route myintname 322001 0db8 1 128 Validation Commands show running config show ipv6 route Parameter Description dest prefix length Specifies the IP destination prefix The IPv6 address prefix uses the format X X prefix length The prefix length is usually set between 0 and 64 gateway ip Specifi...

Page 593: ...ination hostname repeat Specify the number of ping packets to send 1 2147483647 Specify repeat count The default is 5 size 10 1452 The number of data bytes to send excluding the 8 byte ICMP header The default is 56 64 ICMP data bytes interface interface list The interface or range of configured IP interfaces to use as the source in the IP header of the ping packet timeout 1 65535 The time in secon...

Page 594: ...w Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 interface brief Mode User Exec and Privileged Exec Examples awplus show ipv6 interface brief Output Figure 17 1 Example output from the show ipv6 interface brief command Related Commands show interface brief Parameter Description brief Specify this optional parameter to display br...

Page 595: ...PV6 COMMANDS SHOW IPV6 NEIGHBORS show ipv6 neighbors Overview Use this command to display all IPv6 neighbors For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 neighbors Mode User Exec and Privileged Exec ...

Page 596: ...ut Figure 17 2 Example output of the show ipv6 route command Parameter Description connected Displays only the routes learned from connected interfaces database Displays only the IPv6 routing information extracted from the database summary Displays summary information from the IPv6 routing table ipv6 address Displays the routes for the specified address in the IP routing table The IPv6 address use...

Page 597: ...xample 2 To display all database entries for an IP route use the following command awplus show ipv6 route database Output Figure 17 3 Example output of the show ipv6 route database command IPv6 Routing Table Codes C connected selected route FIB route p stale info Timers Uptime S 0 1 0 via 2001 a 0 0 c0a8 a01 inactive 6d22h12m 1 0 via 2001 fa 0 0 c0a8 fa01 inactive 6d22h12m ...

Page 598: ...output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 route summary Mode User Exec and Privileged Exec Example To display IP route summary use the following command awplus show ipv6 route summary Output Figure 17 4 Example output from the show ipv6 route summary command Related Commands show ip route databas...

Page 599: ...and to trace the route to the specified IPv6 host Syntax traceroute ipv6 ipv6 addr hostname Mode User Exec and Privileged Exec Example To run a traceroute for the IPv6 address 2001 0db8 a2 use the following command awplus traceroute ipv6 2001 0db8 a2 Related Commands ping ipv6 Parameter Description ipv6 addr The destination IPv6 address The IPv6 address uses the format X X X X hostname The destina...

Page 600: ... 0 x Static Routing Commands for Management Purposes Introduction Overview This chapter provides an alphabetical reference of static routing commands that are used to direct management packets to appropriate VLANs Command List ip route on page 601 show ip route on page 602 show ip route database on page 604 show ip route summary on page 605 ...

Page 601: ...ement traffic on the 10 0 0 0 network to vlan10 and other management traffic to vlan5 use the commands awplus configure terminal awplus config ip route 10 0 0 0 8 vlan10 awplus config ip route 0 0 0 0 0 vlan5 Related Commands show ip route show ip route database Parameter Description subnet mask The IPv4 address of the destination subnet defined using either a prefix length or a separate mask spec...

Page 602: ...leged Exec Example To display the static routes in the FIB use the command awplus show ip route static Output Eachentry inthe outputfromthiscommandhasa codepreceding it indicating the source of the routing entry The first few lines of the output list the possible codes that may be seen with the route entries Typically route entries are composed of the following elements code a second label indicat...

Page 603: ... address of local interface vlan2 These routes are marked as Connected routes C and always preferred over routes for the same network learned from other routing protocols Related Commands show ip route database Codes C connected S static R RIP O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 candidate default C 3 3 ...

Page 604: ... Exec Example To display the static routes in the RIB use the command awplus show ip route database static Output Figure 18 2 Example output from the show ip route database command The routes added to the FIB are marked with a When multiple routes are available for the same prefix the best route is indicated with the symbol All unselected routes have neither the nor the symbol Related Commands sho...

Page 605: ...ify the lines displayed use the output modifiertoken to save the output to a file use the output redirection token Syntax show ip route summary Mode User Exec and Privileged Exec Example To display a summary of the current RIB entries use the command awplus show ip route summary Output Figure 18 3 Example output from the show ip route summary command Related Commands show ip route show ip route da...

Page 606: ...prefix is ff7x 120 2001 0db8 96 For ASM Any Source Multicast the IPV6 multicastaddressesallocatedfor documentationpurposes areff0x 0db8 0 0 96asper RFC6676 Thisisa 96prefixsothatitcanbeusedwithgroupIDsasperRFC3307 These addresses should not be used for practical networks other than for testing purposes nor should they appear in any public network The IPv6 addresses shown use the address space 2001...

Page 607: ...ticast route limit on page 619 ip multicast wrong vif suppression on page 620 ip multicast routing on page 621 ipv6 multicast route on page 622 ipv6 multicast route limit on page 624 ipv6 multicast routing on page 625 multicast on page 626 show ip mroute on page 627 show ip mvif on page 629 show ip rpf on page 630 show ipv6 mroute on page 631 show ipv6 mif on page 633 ...

Page 608: ...ulticast route entries in its IPv4 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to the multicast protocols Each multicast protocol has its own clear multicast route command The protocol specific clear command clears multicast routes from PIM Sparse Mode and also clears the routes from the MRIB Examples awplus clear ip mroute 225 1 1 1 19...

Page 609: ...oute statistics entries from the IP multicast routing table Syntax clear ip mroute statistics ipv4 group addr ipv4 source addr Mode Privileged Exec Example awplus clear ip mroute statistics 225 1 1 2 192 168 4 4 awplus clear ip mroute statistics Parameter Description All multicast route entries ipv4 group addr Group IPv4 address in dotted decimal notation in the format A B C D ipv4 source addr Sou...

Page 610: ... MRIB clears the relevant IPv6 multicast route entries in its IPv6 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to the multicast protocols Each multicast protocol has its own clear multicast route command This command does not remove static routes from the routing table or the configuration Toremove static routes use the no parameterof t...

Page 611: ...ulticastroutes Use the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes cantake over from previous static IPv6 multicast routes Syntax clear ipv6 mroute statistics ipv6 group address ipv6 source address Mode Privileged Exec Examples awplus clear ipv6 mroute statistics 2001 2 ff08 1 awplus clear ipv6 mroute statistics Parameter Description All...

Page 612: ...lus config debug nsm mcast fib msg awplus configure terminal awplus config debug nsm mcast mrt awplus configure terminal awplus config debug nsm mcast mtrace awplus configure terminal awplus config debug nsm mcast mtrace detail awplus configure terminal awplus config debug nsm mcast register awplus configure terminal awplus config debug nsm mcast stat awplus configure terminal awplus config debug ...

Page 613: ...ration Examples awplus configure terminal awplus config debug nsm mcast6 all awplus configure terminal awplus config debug nsm mcast6 fib msg awplus configure terminal awplus config debug nsm mcast6 mif awplus configure terminal awplus config debug nsm mcast6 mrt awplus configure terminal awplus config debug nsm mcast6 register awplus configure terminal awplus config debug nsm mcast6 stats Paramet...

Page 614: ... configure the device with multicast routes back to given sources When performing the RPF check on a stream from a given IPv4 source the multicast routing protocol will look at these static entries as well as looking into the unicast routing table The route with the lowest administrative distance whether a static multicast route or a route from the unicast route table will be chosen as the RPF rou...

Page 615: ...les The following example creates a static multicast IPv4 route back to the sources in the 10 10 3 0 24 subnet The multicast route is via the host 192 168 2 3 and has an administrative distance of 2 awplus configure terminal awplus config ip mroute 10 10 3 0 24 static 2 192 168 2 3 2 The following example creates a static multicast IPv4 route back to the sources in the192 168 3 0 24subnet Themulti...

Page 616: ... in a multicast stream that create the multicast route possibly causing degradation in the quality of the multicast stream such as the pixelation of video and audio data NOTE Ifyouusethiscommand ensurethattheipigmpsnoopingcommandisenabled the default setting otherwise the device will not process the first packets of the multicast stream correctly The device will forward the first multicast packets...

Page 617: ... and multicast group can be specified Therefore if one entry for a static multicast route is configured PIM will not be able to update this multicast route in any way If a dynamic multicast route exists you cannot create a static multicast route with same source IPv4 address group IPv4 address upstream VLAN and downstream VLANs An error message is displayed and logged To add a new static multicast...

Page 618: ...cast route 2 2 2 2 224 9 10 11 vlan10 vlan20 To create an IPv4 static multicast route for the multicast source IPv4 address 2 2 2 2 and group IP address 224 9 10 11 specifying the upstream VLAN interface as vlan10 and the downstream VLAN range as vlan20 25 use the following commands awplus configure terminal awplus config ip multicast route 2 2 2 2 224 9 10 11 vlan10 vlan20 25 To remove the downst...

Page 619: ...3647 Mode Global Configuration Usage This command limits the number of multicast IPv4 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter is set a threshold warning message is generated when this threshold is exceeded and the message continues to occur until the number of mroutes reaches the limit set by the limit argume...

Page 620: ...p ip multicast wrong vif suppression no ip multicast wrong vif suppression Default By default this feature is disabled Mode Global Configuration Usage Use this command if there is excessive CPU load and multicast traffic is enabled To confirm that VIF messages are being sent to the CPU use the debug nsm mcast6 command Examples To enable the suppression of wrong VIF packets use the following comman...

Page 621: ...Syntax ip multicast routing no ip multicast routing Default By default IPv4 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base MRIB cleans up Multicast Routing Tables MRT stops IGMP operation and stops relaying multicast forwarder events to multicast protocols When multicast routing is enabled the MRIB starts ...

Page 622: ...group addr upstream vlan id downstream vlan id Default By default no static routes exist Mode Global Configuration Usage Only one multicast route entry per IPv6 address and multicast group can be specified Therefore if one entry for an IPv6 static multicast route is configured PIM will not be able to update this multicast route in any way If a dynamic multicast route exists you cannot create a sta...

Page 623: ...on and command examples Examples To create an IPv6 static multicast route for the multicast source IPv6 address 2001 1 and group IPv6 address ff08 1 specifying the upstream VLAN interface as vlan10 and the downstream VLAN interface as vlan20 use the following commands awplus configure terminal awplus config ipv6 multicast route 2001 1 ff08 1 vlan10 vlan20 To create an IPv6 static multicast route f...

Page 624: ...483647 Mode Global Configuration Usage This command limits the number of multicast IPv6 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter is set a threshold warning message is generated when this threshold is exceeded and the message continues to occur until the number of mroutes reaches the limit set by the limit argu...

Page 625: ...uting no ipv6 multicast routing Default By default IPv6 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base MRIB cleans up Multicast Routing Tables MRT and stops relaying multicast forwarder events to multicast protocols When multicast routing is enabled the MRIB starts processing any MRT addition deletion requ...

Page 626: ...that ingress the port Note that this does not affect Layer 2 forwarding of multicast packets If you enter no multicast on a port multicast packets received on that port will not be forwarded to other VLANs but ports in the same VLANs as the receiving port will still receive the multicast packets Syntax multicast no multicast Default By default all device ports route multicast packets Mode Interfac...

Page 627: ...specifying the group and source IPv4 address Figure 19 1 Example output from the show ip mroute command Parameter Description ipv4 group addr Group IPv4 address in dotted decimal notation in the format A B C D ipv4 source addr Source IPv4 address in dotted decimal notation in the format A B C D dense Display dense IPv4 multicast routes sparse Display sparse IPv4 multicast routes count Display the ...

Page 628: ... 10 1 52 224 0 1 3 uptime 00 03 24 stat expires 00 01 28 Owner PIM SM Flags TF Incoming interface vlan2 Outgoing interface list vlan3 1 awplus show ip mroute count IP Multicast Statistics Total 1 routes using 132 bytes memory Route limit Route threshold 2147483647 2147483647 Total NOCACHE WRONGVIF WHOLEPKT recv from fwd 1 0 0 Total NOCACHE WRONGVIF WHOLEPKT sent to clients 1 0 0 Immediate Timed st...

Page 629: ...ow ip mvif vlan2 Output Figure 19 5 Example output from the show ip mvif command Figure 19 6 Example output from the show ip mvif command with the interface parameter vlan2 specified Parameter Description interface The interface to display information about Interface Vif Owner TTL Local Remote Uptime Idx Module Address Address vlan2 0 PIM SM 1 192 168 1 53 0 0 0 0 00 04 26 Register 1 1 192 168 1 5...

Page 630: ...MANDS SHOW IP RPF show ip rpf Overview Use this command to display Reverse Path Forwarding RPF information for the specified IPv4 source address Syntax show ip rpf source addr Mode User Exec and Privileged Exec Example awplus show ip rpf 10 10 10 50 Parameter Description ipv4 source addr Source IPv4 address in dotted decimal notation in the format A B C D ...

Page 631: ...cast routing table for a single static IPv6 Multicast route Figure 19 7 Example output from the show ipv6 mroute command The following is a sample output of this command displaying the IPv6 multicast routing count table for a single static IPv6 Multicast route Parameter Description ipv6 group addr Group IPv6 address in hexadecimal notation in the format X X X X ipv6 source addr Source IPv6 address...

Page 632: ...imit Route threshold 1024 1024 Total NOCACHE WRONGmif WHOLEPKT recv from fwd 6 0 0 Total NOCACHE WRONGmif WHOLEPKT sent to clients 6 0 0 Immediate Timed stat updates sent to clients 0 0 Reg ACK recv Reg NACK recv Reg pkt sent 0 0 0 Next stats poll 00 01 14 Forwarding Counts Pkt count Byte count Other Counts Wrong If pkts Fwd msg counts WRONGmif WHOLEPKT recv Client msg counts WRONGmif WHOLEPKT Imm...

Page 633: ...Example awplus show ipv6 mif awplus show ipv6 mif vlan2 Output Figure 19 10 Example output from the show ipv6 mif command Figure 19 11 Example output from the show ipv6 mif command with the interface parameter vlan2 specified Parameter Description interface The interface to display information about awplus show ipv6 mif Interface Mif Owner Uptime Idx Module vlan3 0 MLD MLD Proxy Service 03 28 48 v...

Page 634: ... section for each command Command List clear ip igmp on page 635 clear ip igmp group on page 636 clear ip igmp interface on page 637 debug igmp on page 638 ip igmp snooping on page 639 ip igmp snooping fast leave on page 640 ip igmp snooping querier on page 641 ip igmp snooping report suppression on page 642 ip igmp snooping tcn query solicit on page 643 ip igmp static group on page 645 ip igmp ve...

Page 635: ...MP clear ip igmp Overview Use this command to clear all IGMP group membership records on all VLAN interfaces Syntax clear ip igmp Mode Privileged Exec Usage This command applies to VLAN interfaces configured for IGMP Snooping Example awplus clear ip igmp Validation Commands show ip igmp interface show running config Related Commands clear ip igmp group clear ip igmp interface ...

Page 636: ...d by IGMP Snooping In addition to the group a VLAN interface can be specified Specifying this will mean that only entries with the group learned on the interface will be deleted Examples awplus clear ip igmp group awplus clear ip igmp group 224 1 1 1 vlan1 Validation Commands show ip igmp interface show running config Related Commands clear ip igmp clear ip igmp interface Parameter Description Cle...

Page 637: ...bership records on a particular VLAN interface Syntax clear ip igmp interface interface Mode Privileged Exec Usage This command applies to interfaces configured for IGMP Snooping Example awplus clear ip igmp interface vlan1 Validation Commands show ip igmp interface show running config Related Commands clear ip igmp clear ip igmp group Parameter Description interface Specifies the name of the VLAN...

Page 638: ...x debug igmp all decode encode events fsm tib no debug igmp all decode encode events fsm tib Modes Privileged Exec and Global Configuration Usage This command applies to interfaces configured for IGMP Snooping Example awplus configure terminal awplus config debug igmp all Related Commands show debugging igmp undebug igmp Parameter Description all Enable or disable all debug options for IGMP decode...

Page 639: ...ce first and then disabled globally Syntax ip igmp snooping no ip igmp snooping Default By default IGMP Snooping is enabled both globally and on all VLANs Mode Global Configuration and Interface Configuration for a VLAN interface Usage For IGMP snooping to operate on particular VLAN interfaces it must be enabled both globally by using this command in Global Configuration mode and on individual VLA...

Page 640: ... message is received without sending out a group specific query Use the no variant of this command to disable fast leave processing Syntax ip igmp snooping fast leave no ip igmp snooping fast leave Default IGMP Snooping fast leave processing is disabled Mode Interface Configuration for a VLAN interface Usage This IGMP Snooping command can only be configured on VLAN interfaces Example This example ...

Page 641: ... IGMP Snooping querier uses the 0 0 0 0 Source IP address because it only masquerades as a proxy IGMP querier for faster network convergence It does not start or automatically cease the IGMP Querier operation if it detects query message s from a multicast router If an IP address is assigned to a VLAN which has IGMP querier enabled on it then the IGMP Snooping querier uses the VLAN s IP address as ...

Page 642: ... already downstream ports for this group on this interface Use the no variant of this command to disable report suppression Syntax ip igmp snooping report suppression no ip igmp snooping report suppression Default Report suppression does not apply to IGMPv3 and is turned on by default for IGMPv1 and IGMPv2 reports Mode Interface Configuration for a VLAN interface Example This example shows how to ...

Page 643: ...nd cannot be disabled using the Global Configuration mode command However Query Solicitation can be disabled for specified VLANs using this command from the Interface Configuration mode Select the VLAN you want to disable in Interface Configuration mode then issue the no variant of this command to disable the specified VLAN without disabling this feature for other VLANs Mode Global Configuration a...

Page 644: ...ng TCN Query Solicitation on a device awplus configure terminal awplus config no ip igmp snooping tcn query solicit This example shows how to enable IGMP Snooping TCN Query Solicitation for the VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ip igmp snooping tcn query solicit This example shows how to disable IGMP Snooping TCN Query Solicitation for th...

Page 645: ...mbership entries Syntax ip igmp static group ip address source ip source addr interface port no ip igmp static group ip address source ip source addr interface port Mode Interface Configuration for a VLAN interface Usage This command applies to IGMP Snooping on a VLAN interface to statically add group and or source records Parameter Description ip address Standard IP Multicast group address entere...

Page 646: ...Version 5 4 5I 0 x IGMP SNOOPING COMMANDS IP IGMP STATIC GROUP Example The following example show how to statically add group and source records for IGMP on the VLAN interface vlan3 awplus configure terminal awplus config interface vlan3 awplus config if ip igmp awplus config if ip igmp static group 226 1 2 4 source 10 2 3 4 ...

Page 647: ...terface Use the no variant of this command to return to the default version Syntax ip igmp version 1 3 no ip igmp version Default The default IGMP protocol version number is 3 Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP Example awplus configure terminal awplus config interface vlan5 awplus config if ip igmp version 2 Validatio...

Page 648: ...olling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging igmp Mode User Exec and Privileged Exec Example To display the IGMP debugging options set enter the command awplus show debugging igmp Output Figure 20 1 Example output from the show debugging igmp command Related Commands debug igmp IGMP Debugging status IGMP Decod...

Page 649: ...d Parameter Description ip address Address of the multicast group entered in the form A B C D interface Interface name for which to display local information IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter 224 0 1 1 port1 0 1 00 00 09 00 04 17 10 10 0 82 224 0 1 24 port1 0 2 00 00 06 00 04 14 10 10 0 84 224 0 1 40 port1 0 3 00 00 09 00 04 15 10 10 0 91 224 0 1 ...

Page 650: ...DS SHOW IP IGMP GROUPS Uptime The time in weeks days hours minutes and seconds that this multicast group has been known to the device Expires Time in hours minutes and seconds until the entry expires Last Reporter Last host to report being a member of the multicast group Table 20 1 Parameters in the output of the show ip igmp groups command Parameter Description ...

Page 651: ...mmands one per line End with CNTL Z awplus config interface vlan2 awplus config if ip igmp snooping awplus config if exit awplus config exit awplus show ip igmp interface vlan2 Interface vlan2 Index 202 IGMP Disabled Inactive Version 3 default IGMP interface has 0 group record states IGMP activity 0 joins 0 leaves IGMP robustness variable is 2 IGMP last member query count is 2 IGMP query interval ...

Page 652: ...checking is disabled on this interface Source Address checking is enabled IGMP Snooping is globally enabled IGMP Snooping query solicitation is globally disabled Num query solicit packets 57 sent 0 recvd IGMP Snooping is not enabled on this interface IGMP Snooping fast leave is not enabled IGMP Snooping querier is not enabled IGMP Snooping report suppression is enabled awplus awplus show ip igmp i...

Page 653: ...ghlighted in bold in the above output Use the show ip igmp interface command to validate that Query Solicitation is enabled and to show the number of query solicit message packets sent and received on a VLAN Related Commands clear ip igmp clear ip igmp group clear ip igmp interface ip igmp snooping ip igmp snooping fast leave ip igmp snooping querier ip igmp snooping report suppression ip igmp sno...

Page 654: ...xec and Privileged Exec Example To display IGMP statistical information for vlan1 and vlan2 use the command awplus show ip igmp snooping statistics interface vlan1 vlan2 Output Figure 20 3 Example output from the show ip igmp snooping statistics command Parameter Description ip address Optionally specify the address of the multicast group entered in the form A B C D interface Specify the name of t...

Page 655: ...ence for IE200 Series Industrial Managed PoE Switches 655 AlliedWare Plus Operating System Version 5 4 5I 0 x IGMP SNOOPING COMMANDS UNDEBUG IGMP undebug igmp Overview This command applies the functionality of the no debug igmp command ...

Page 656: ...mld group on page 658 clear ipv6 mld interface on page 659 debug mld on page 660 ipv6 mld access group on page 661 ipv6 mld limit on page 662 ipv6 mld snooping on page 664 ipv6 mld snooping fast leave on page 666 ipv6 mld snooping mrouter on page 667 ipv6 mld snooping querier on page 669 ipv6 mld snooping report suppression on page 670 ipv6 mld static group on page 672 show debugging mld on page 6...

Page 657: ...us Operating System Version 5 4 5I 0 x MLD SNOOPING COMMANDS CLEAR IPV6 MLD clear ipv6 mld Overview Use this command to clear all MLD local memberships on all interfaces Syntax clear ipv6 mld Mode Privileged Exec Example awplus clear ipv6 mld Related Commands clear ipv6 mld group clear ipv6 mld interface ...

Page 658: ...l interfaces for a particular group Syntax clear ipv6 mld group ipv6 address Mode Privileged Exec Example awplus clear ipv6 mld group Related Commands clear ipv6 mld clear ipv6 mld interface Parameter Description Clears all groups on all interfaces This is an alias to the clear ipv6 mld command ipv6 address Specify the group address for which MLD local memberships are to be cleared from all interf...

Page 659: ...V6 MLD INTERFACE clear ipv6 mld interface Overview Use this command to clear MLD interface entries Syntax clear ipv6 mld interface interface Mode Privileged Exec Example awplus clear ipv6 mld interface vlan2 Related Commands clear ipv6 mld clear ipv6 mld group Parameter Description interface Specifies name of the interface all groups learned from this interface are deleted ...

Page 660: ... mld all decode encode events fsm tib no debug mld all decode encode events fsm tib Mode Privileged Exec and Global Configuration Examples awplus configure terminal awplus config debug mld all awplus configure terminal awplus config debug mld decode awplus configure terminal awplus config debug mld encode awplus configure terminal awplus config debug mld events Related Commands show debugging mld ...

Page 661: ...in the range ff1e 0db8 0001 64 awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ipv6 access list standard group1 permit ff1e 0db8 0001 64 awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 mld access group group1 In the following example the VLAN interfaces vlan2 vlan4 will only accept MLD joins for groups in t...

Page 662: ...tries that can be learned with the ipv6 mld limit command The default limit of group membership entries that can be learned is 512 entries Mode Global Configuration and Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Examples The following example...

Page 663: ...re terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 mld limit 100 The following example configures an MLD limit of 100 group membership states on the VLAN interfaces vlan2 vlan4 awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interfa...

Page 664: ... MLD Snooping is enabled both globally and on all VLANs Mode Global Configuration and Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage For MLD Snooping to operate on particular VLAN interfaces it must be enabled both globally by using this command in Global Configuration mode and on individual VLAN interfaces by using this command in Interface Configuratio...

Page 665: ... VLAN interface vlan2 enter the following commands awplus configure terminal awplus config interface vlan2 awplus config no ipv6 mld snooping To disable MLD Snooping for the VLAN interfaces vlan2 vlan4 enter the following commands awplus configure terminal awplus config interface vlan2 vlan4 awplus config no ipv6 mld snooping To configure MLD Snooping globally for the device enter the following co...

Page 666: ...ommand to disable fast leave processing Syntax ipv6 mld snooping fast leave no ipv6 mld snooping fast leave Default MLD Snooping fast leave processing is disabled Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This MLD Snooping command can only be configured on VLAN interfaces Examples This example shows how to enable fast leave processing on the VL...

Page 667: ...Multicast Router interface Note that if static IPv6 multicast routing is being used with EPSR and the destination VLAN is an EPSR data VLAN then multicast router mrouter ports must be statically configured This minimizes disruption for multicast traffic in the event of ring failure or restoration When configuring the EPSR data VLAN statically configure mrouter ports so that the multicast router ca...

Page 668: ...terface to the multicast router for VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld snooping mrouter interface port1 0 5 This example shows how to specify the next hop interface to the multicast router for VLAN interfaces vlan2 vlan4 awplus configure terminal awplus config interface vlan2 vlan4 awplus config if ipv6 mld snooping mrouter interf...

Page 669: ...erier configuration Syntax ipv6 mld snooping querier no ipv6 mld snooping querier Mode Interface Configuration for a specified VLAN interface Usage This command can only be configured on a single VLAN interface not on multiple VLANs The MLD Snooping querier uses the 0 0 0 0 Source IP address because it only masquerades as an MLD querier for faster network convergence The MLD Snooping querier does ...

Page 670: ... MLDv1 Snooping maybe configured to suppress reports from hosts When a querier sends a query only the first report for particular set of group s from a host will be forwarded to the querier by the MLD Snooping device Similar reports to the same set of groups from other hosts which would not change group memberships in the querier will be suppressed by the MLD Snooping device to prevent flooding of...

Page 671: ...erating System Version 5 4 5I 0 x MLD SNOOPING COMMANDS IPV6 MLD SNOOPING REPORT SUPPRESSION This example shows how to disable report suppression for MLD reports on VLAN interfaces vlan2 vlan4 awplus configure terminal awplus config interface vlan2 vlan4 awplus config if no ipv6 mld snooping report suppression ...

Page 672: ...sage This command applies to MLD Snooping on a VLAN interface to statically add groups and or source records Parameter Description ipv6 group address Specify a standard IPv6 Multicast group address to be configured as a static group member The IPv6 address uses the format X X X X ipv6 source address Optional Specify a standard IPv6 source address to be configured as a static source from where mult...

Page 673: ...show how to statically add group and or source records for MLD Snooping on VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld static group ff1e 10 awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld static group ff1e 10 source fe80 2fd 6cff fe1c b awplus configure terminal awplus config interface vlan2 awplus config ...

Page 674: ...mld command For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mld Mode Privileged Exec Example awplus show debugging mld Output Related Commands debug mld show debugging mld MLD Debugging status MLD Decoder debugging is on MLD Encoder debugging is on M...

Page 675: ...cal membership information for all interfaces awplus show ipv6 mld groups Output The following command displays local membership information for all interfaces awplus show ipv6 mld groups detail Output Parameter Description ipv6 address Optional Specify Address of the multicast group in format X X X X interface Optional Specify the Interface name for which to display local information MLD Connecte...

Page 676: ...ys MLD interface status on all interfaces enabled for MLD awplus show ipv6 mld interface Output Parameter Description interface Interface name awplus show ipv6 mld interface Interface vlan1 Index 301 MLD Enabled Active Querier Version 2 default Internet address is fe80 215 77ff fec9 7468 MLD interface has 0 group record states MLD activity 0 joins 0 leaves MLD robustness variable is 2 MLD last mem...

Page 677: ...ing mrouter interface Mode User Exec and Privileged Exec Examples The following command displays the multicast router interfaces in vlan2 awplus show ipv6 mld snooping mrouter vlan2 Output The following command displays the multicast router interfaces for all VLAN interfaces awplus show ipv6 mld snooping mrouter Output Parameter Description interface Optional Specify the name of the VLAN interface...

Page 678: ...on Guide Syntax show ipv6 mld snooping statistics interface interface Mode User Exec and Privileged Exec Example The following command displays MLDv2 statistical information for vlan1 awplus show ipv6 mld snooping statistics interface vlan1 Output Parameter Description interface The name of the VLAN interface awplus show ipv6 mld snooping statistics interface vlan1 MLD Snooping statistics for vlan...

Page 679: ... entry For example access list hardware named indicates named IPv4 hardware ACLs entered as access list hardware name where name is a placeholder not a keyword Parenthesis surrounding ACL filters indicates the type of ACL filter not the keyword entry in the CLI such as access list standard numbered filter represents command entry in the format shown in the syntax sequence number deny permit source...

Page 680: ...e 704 access list hardware TCP UDP filter on page 707 commit IPv4 on page 710 show access list IPv4 Hardware ACLs on page 711 show interface access group on page 713 access group Global Configuration awplus config access list hardware IP numbered Global Configuration awplus config access list hardware MAC numbered Global Configuration awplus config access list hardware named Global Configuration a...

Page 681: ...theappropriatepermit denyrequirements with the access list hardware IP numbered command the access list hardware MAC numbered command or the access list hardware named command Then use this command to apply this hardware access list to a specific port or port range Note that this command will apply the access list only to incoming data packets To apply ACLs to an LACP aggregated link apply it to a...

Page 682: ...nds awplus configure terminal awplus config interface port1 0 2 awplus config if access group hw acl To apply an ACL to static channel group 2 containing switch port1 0 5 and port1 0 6 use the commands awplus configure terminal awplus config interface port1 0 5 1 0 6 awplus config if static channel group 2 awplus config interface sa2 awplus config if access group 3000 Related Commands access list ...

Page 683: ...no access list 3000 3699 Table 22 2 Parameters in the access list hardware IP numbered command ip icmp Parameter Description 3000 3699 Hardware IP access list number deny Access list rejects packets that match the source and destination filtering specified with this command permit Access list permits packets that match the source and destination filtering specified with this command send to cpu Sp...

Page 684: ...the specified subnet ip addr reverse mask Alternatively you can enter a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 icmp type Matches only a specified type of ICMP messages This is valid only when the filtering is set to match ICMP packets type number The ICMP type as defined in RFC792 and RFC950 Specify one of the followi...

Page 685: ...its packets that match the type source and destination filtering specified with this command send to cpu Specify packets to send to the CPU tcp The access list matches only TCP packets udp The access list matches only UDP packets source The source address of the packets You can specify a single host a subnet or all sources The following are the valid formats for specifying the source any Matches a...

Page 686: ...fix length This matches any destination IP address within the specified subnet ip addr reverse mask Alternatively you can enter a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 sourceport The source TCP or UDP port number specified as an integer between 0 and 65535 eq Matches port numbers that are equal to the port number spe...

Page 687: ...se mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 destination The destination address of the packets You can specify a single host a subnet or all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destination host with the IP address gi...

Page 688: ...nce 1 Internet Control Message RFC792 2 Internet Group Management RFC1112 3 Gateway to Gateway RFC823 4 IP in IP RFC2003 5 Stream RFC1190 RFC1819 6 TCP Transmission Control Protocol RFC793 8 EGP Exterior Gateway Protocol RFC888 9 IGP Interior Gateway Protocol IANA 11 Network Voice Protocol RFC741 17 UDP User Datagram Protocol RFC768 20 Host monitoring RFC869 27 RDP Reliable Data Protocol RFC908 28...

Page 689: ... Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Protocol RFC1735 88 EIGRP Enhanced Interior Gateway Routing Protocol 89 OSPFIGP RFC1583 97 Ethernet within IP Encapsulation RFC3378 98 Encapsulation Header RFC1241 108 IP Payload Compression Protocol RFC2393 112 Virtual Router Redundancy Protocol RFC3768 134 RSVP E2E IGNORE RFC3175 135 Mobility Header RFC...

Page 690: ...68 1 0 24 with any destination address and an ICMP type of 5 enter the below commands awplus configure terminal awplus config access list 3000 permit icmp 192 168 1 0 24 any icmp type 5 To destroy the access list with an access list identity of 3000 enter the below commands awplus configure terminal awplus config no access list 3000 IP Example To create an access list that will permit any type of ...

Page 691: ...tering permit Access list permits packets that match the source and destination filtering send to cpu Specify packets to send to the CPU source mac address The source MAC address of the packets Enter this in the format HHHH HHHH HHHH where each H is a hexadecimal number that represents a 4 bit binary number source mac mask The mask that will be applied to the source MAC addresses Enter this in the...

Page 692: ...kets with a MAC address of 0000 00ab 1234 and any destination address enter the commands awplus configure terminal awplus config access list 4000 permit 0000 00ab 1234 0000 0000 0000 any To create an access list that will permit packets with an initial MAC address component of 0000 00ab and any destination address enter the commands awplus configure terminal awplus config access list 4001 permit 0...

Page 693: ...e created after entry If the named hardware ACL does exist then you can enter IPv4 Hardware ACL Configuration mode for that existing ACL Entering this command with the hardware ACL name moves you to the config ip hw acl prompt for the IPv4 Hardware ACL Configuration mode so you can enter ACL filters with sequence numbers From this prompt configure the filters for the ACL See the ACL Feature Overvi...

Page 694: ...ting System Version 5 4 5I 0 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS ACCESS LIST HARDWARE NAMED Related Commands access group access list hardware ICMP filter access list hardware IP protocol filter access list hardware TCP UDP filter access list standard named filter show access list IPv4 Hardware ACLs ...

Page 695: ...mand removes an ICMP filter entry from the current hardware access list You can specify the ICMP filter entry for removal by entering either its sequence number e g no 10 or by entering its ICMP filter profile without specifying its sequence number Note that the sequence number can be found by running the command the show access list IPv4 Hardware ACLs command Syntax icmp sequence number deny perm...

Page 696: ...ches any source IP address within the specified subnet ip addr reverse mask Alternatively you can enter a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 host ip addr Matches a single source host with the IP address given by ip addr in dotted decimal notation any Matches any source IP address destination The destination addres...

Page 697: ...amed command and entering an appropriate access list name Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To add an access list filter entry with a sequence number of 100 to the access list named my list that will permit ICMP packets with a source address of 192 168 1 0 24 any destination address and an icmp type of 5 use the commands awplus configure terminal a...

Page 698: ...can specify the IP protocol type filter entry for removal by entering either its sequence number e g no 10 or by entering its IP protocol type filter profile without specifying its sequence number Notethat thesequence numbercanbefound by running theshowaccess list IPv4 Hardware ACLs command Syntax any ip proto sequence number deny permit send to cpu any ip proto ip protocol source dhcpsnooping any...

Page 699: ...ent RFC1112 3 Gateway to Gateway RFC823 4 IP in IP RFC2003 5 Stream RFC1190 RFC1819 6 TCP Transmission Control Protocol RFC793 8 EGP Exterior Gateway Protocol RFC888 9 IGP Interior Gateway Protocol IANA 11 Network Voice Protocol RFC741 17 UDP User Datagram Protocol RFC768 20 Host monitoring RFC869 27 RDP Reliable Data Protocol RFC908 28 IRTP Internet Reliable Transaction Protocol RFC938 29 ISO TP4...

Page 700: ...nced Interior Gateway Routing Protocol 89 OSPFIGP RFC1583 97 Ethernet within IP Encapsulation RFC3378 98 Encapsulation Header RFC1241 108 IP Payload Compression Protocol RFC2393 112 Virtual Router Redundancy Protocol RFC3768 134 RSVP E2E IGNORE RFC3175 135 Mobility Header RFC3775 136 UDPLite RFC3828 137 MPLS in IP RFC4023 138 MANET Protocols RFC ietf manet iana 07 txt 139 252 Unassigned IANA 253 U...

Page 701: ...255 is the same as entering 192 168 1 1 24 destination The destination address of the packets You can specify a single host a subnet or all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destination host with the IP address given by ip addr in dotted decimal notation ip addr prefix An IPv4 address...

Page 702: ... selected by running the access list hardware named command with the required access control list number or name but with no further parameters selected Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To add an access list filter entry to the access list named my list that will permit any type of IP packet with a source address of 192 168 1 1 and any destination...

Page 703: ...To add an access list filter entry to the access list named my list a filter that will deny all IGMP packets protocol 2 from the 192 168 0 0 network with sequence number 50 in access list use the commands awplus configure terminal awplus config access list hardware my list awplus config ip hw acl 50 deny proto 2 192 168 0 0 16 any Related Commands access list hardware named show running config sho...

Page 704: ... its sequence number Notethat thesequence numbercanbefound by running theshowaccess list IPv4 Hardware ACLs command Syntax mac sequence number deny permit send to cpu mac source mac address source mac mask any destination mac address destination mac mask any no deny permit send to cpu mac source mac address source mac mask any destination mac address destination mac mask any no sequence number Par...

Page 705: ...access control list number or name but with no further parameters selected Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To add an access list filter entry to the access list named my list that will permit packets with a source MAC address of 0000 00ab 1234 and any destination MAC address use the commands awplus configure terminal awplus config access list har...

Page 706: ...l Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS ACCESS LIST HARDWARE MAC FILTER Related Commands access group access list hardware named show running config ...

Page 707: ...om the current hardware access list You can specify the TCP or UDP filter entry for removal by entering either its sequence number e g no 10 or by entering its TCP or UDP filter profile without specifying its sequence number Notethat thesequence numbercanbefound by running theshowaccess list IPv4 Hardware ACLs command Syntax tcp udp sequence number deny permit send to cpu tcp udp source eq sourcep...

Page 708: ...al format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 sourceport The source TCP or UDP port number specified as an integer between 0 and 65535 destination The destination address of the packets You can specify a single host a subnet or all destinations The following are the valid formats for specifying the destination any Matches any destination IP address hos...

Page 709: ...ber is omitted the next available multiple of 10 will be used as the sequence number for the new filter A new ACL filter can be inserted into the middle of an existing list by specifying the appropriate sequence number NOTE The access control list being configured is selected by running the access list hardware named command with the required access control list number or name but with no further ...

Page 710: ...ation state of the IPv4 ACL is not written to hardware until you exit IPv4 Hardware ACL Configuration mode By entering this command you can ensure that the current state of a hardware access list that is being edited is written to hardware immediately Scripts typically do not include the exit command to exit configuration modes potentially leading to IPv4 ACL filters in hardware not being correctl...

Page 711: ...show access list To show the access list with an ID of 20 awplus show access list 20 Note the below error message if you attempt to show an undefined access list awplus show access list 2 Parameter Description 1 99 IP standard access list 1300 1999 IP standard access list standard expanded range 3000 3699 Hardware IP access list 4000 4499 Hardware MAC access list access list name IP named access l...

Page 712: ...anaged PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS SHOW ACCESS LIST IPV4 HARDWARE ACLS Related Commands access list hardware MAC numbered access list hardware named ...

Page 713: ...xec and Privileged Exec Example To show all access lists attached to port1 0 1 use the command awplus show interface port1 0 1 access group Output Figure 22 1 Example output from the show interface access group command Related Commands access group Parameter Description port list Specify the ports to display information A port list can be either a switch port e g port1 0 6 a static channel group e...

Page 714: ...tch ports in the channel group To apply ACLs to a static channel group apply it to the static channel group itself For more information on link aggregation see the following references the Link Aggregation Feature Overview and Configuration Guide Link Aggregation Commands NOTE Text in parenthesis in command names indicates usage not keyword entry For example access list hardware named indicates na...

Page 715: ...med on page 738 access list standard numbered on page 740 access list standard named filter on page 742 access list standard numbered filter on page 744 clear ip prefix list on page 746 ip prefix list on page 747 maximum access list on page 749 show access list IPv4 Software ACLs on page 750 show ip access list on page 752 Table 23 1 IPv4 Software Access List Commands and Prompts Command Name Comm...

Page 716: ... list name access list extended list name no access list extended list name Syntax icmp access list extended list name deny permit icmp source destination icmp type type number log no access list extended list name deny permit icmp source destination icmp type type number log Parameter Description list name A user defined name for the access list Table 23 2 Parameters in the access list extended n...

Page 717: ...ernatively you can enter a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 destination The destination address of the packets You can specify a single host a subnet or all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destina...

Page 718: ...nch messages 5 Redirect change route messages 8 Echo requests 11 Time exceeded messages 12 Parameter problem messages 13 Timestamp requests 14 Timestamp replies 15 Information requests 16 Information replies 17 Address mask requests 18 Address mask replies log Logs the results Table 23 2 Parameters in the access list extended named command icmp Parameter Description Table 23 3 Parameters in the ac...

Page 719: ...68 1 1 24 destination The destination address of the packets You can specify a single host a subnet or all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destination host with the IP address given by ip addr in dotted decimal notation ip addr prefix An IPv4 address followed by a forward slash then...

Page 720: ...ommand permit The access list permits packets that match the type source and destination filtering specified with this command proto Matches only a specified type of IP Protocol any The access list matches any type of IP packet ip The access list matches only IP packets source The source address of the packets You can specify a single host a subnet or all sources The following are the valid format...

Page 721: ...mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 log Logs the results ip protocol The IP protocol number as defined by IANA Internet Assigned Numbers Authority www iana org assignments protocol numbers Protocol Number Protocol Description RFC Reference 1 Internet Control Message RFC792 2 Internet Group Management RFC1112 3 Gateway to G...

Page 722: ...eference 33 Datagram Congestion Control Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Protocol RFC1735 88 EIGRP Enhanced Interior Gateway Routing Protocol 89 OSPFIGP RFC1583 97 Ethernet within IP Encapsulation RFC3378 98 Encapsulation Header RFC1241 108 IP Payload Compression...

Page 723: ...the prompts at which ACL commands are entered Note that packets must match both the source and the destination details NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples You can enter the extended named ACL in the Global Configuration mode together with the ACL filter entry on the same line as shown below awplus configure terminal awplus config access list ex...

Page 724: ...t ip source destination no access list 100 199 2000 2699 deny permit ip source destination Parameter Description 100 199 IP extended access list 2000 2699 IP extended access list expanded range Parameter Description 100 199 IP extended access list 2000 2699 IP extended access list expanded range deny Access list rejects packets that match the source and destination filtering specified with this co...

Page 725: ...the source and the destination details NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples You can enter the extended named ACL in the Global Configuration mode together with the ACL filter entry on the same line as in previous software releases as shown below awplus configure terminal awplus config access list 101 deny ip 172 16 10 0 0 0 0 255 any Alternative...

Page 726: ...eny permit icmp source destination icmp type icmp value log no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected access control list deny Access list rejects packets that match the source and destination filtering specified with this command permit Access list permits packets that match the source and destination filtering specif...

Page 727: ...the access list extended numbered command or the access list extended named command with the required access control list number or name but with no further parameters selected Software ACLs will deny access unless explicitly permitted by an ACL action Examples To add a new entry in access list called my listthatwill reject ICMP packets from 10 0 0 1 to 192 168 1 1 use the commands awplus configur...

Page 728: ...uence numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax ip sequence number deny permit ip source destination no deny permit ip source destination no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected access control list deny Access list rejects packets that match the source and destination filtering ...

Page 729: ...mber First use the following commands to enter the IPv4 Extended ACL Configuration mode and define a numbered extended access list 101 awplus configure terminal awplus config access list 101 awplus config ip ext acl Then use the following commands to add a new entry to the numbered extended access list 101 that will reject packets from 10 0 0 1 to 192 168 1 1 awplus config ip ext acl deny ip host ...

Page 730: ...xt acl deny ip host 10 0 0 1 host 192 168 1 1 awplus config ip ext acl 20 permit ip any any Example 3 list number Use the following commands to remove the access list filter entry with sequence number 20 from extended numbered access list 101 awplus configure terminal awplus config access list 101 awplus config ip ext acl no 20 Example 4 list name Use the following commands to remove the access li...

Page 731: ...can specify the IP filter entry for removal by entering either its sequence number e g no 10 or by entering its IP filter profile without specifying its sequence number Notethat thesequence numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax proto sequence number deny permit proto ip protocol source destination log no deny permit proto ip protocol source destination lo...

Page 732: ...r as defined by IANA Internet Assigned Numbers Authority www iana org assignments protocol numbers Protocol Number Protocol Description RFC Reference 1 Internet Control Message RFC792 2 Internet Group Management RFC1112 3 Gateway to Gateway RFC823 4 IP in IP RFC2003 5 Stream RFC1190 RFC1819 6 TCP Transmission Control Protocol RFC793 8 EGP Exterior Gateway Protocol RFC888 9 IGP Interior Gateway Pro...

Page 733: ...otocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Protocol RFC1735 88 EIGRP Enhanced Interior Gateway Routing Protocol 89 OSPFIGP RFC1583 97 Ethernet within IP Encapsulation RFC3378 98 Encapsulation Header RFC1241 108 IP Payload Compression Protocol RFC2393 112 Virtual Router Redun...

Page 734: ...eny access unless explicitly permitted by an ACL action Example 1 creating a list Use the following commands to add a new access list filter entry to the access list named my list that will reject IP packets from source address 10 10 1 1 32 to destination address 192 68 1 1 32 awplus configure terminal awplus config access list extended my list awplus config ip ext acl deny ip 10 10 1 1 32 192 168...

Page 735: ...EXTENDED IP PROTOCOL FILTER Example 2 adding to a list Use the following commands to add a new access list filter entry at sequence position 5 in the access list named my list that will accept packets from source address 10 10 1 1 24 to destination address 192 68 1 1 24 awplus configure terminal awplus config access list extended my list awplus config ip ext acl 5 permit ip 10 10 1 1 24 192 168 1 ...

Page 736: ...Pv4 Software ACLs command Syntax tcp udp sequence number deny permit tcp udp source eq sourceport destination eq destport log no sequence number deny permit tcp udp source eq sourceport destination eq destport log no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected access control list deny Access list rejects packets that match ...

Page 737: ...add a new entry to the access list named my list that will reject TCP packets from 10 0 0 1on TCP port 10 to 192 168 1 1 on TCP port 20 use the commands awplus configure terminal awplus config access list extended my list awplus config ip ext acl deny tcp 10 0 0 1 32 eq 10 192 168 1 1 32 eq 20 Example 2 adding to a list To insert a new entry with sequence number 5 of the access list named my list ...

Page 738: ...ame Syntax deny permit access list standard standard access list name deny permit source no access list standard standard access list name deny permit source Mode Global Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Parameter Description standard access list name Specify a name for the standard access list Parameter Description sta...

Page 739: ...permit filters for this selected standard named access list See the table IPv4 Software Access List Commands and Prompts which shows the prompts at which ACL commands are entered See the relevant links shown for the Related Commands NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples To define a standard access list named my list and deny any packets from any ...

Page 740: ...99 deny permit source Mode Global Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Usage Use this command when configuring a standard numbered access list for filtering IP software packets For backwards compatibility you can either create the access list from within this command or you can enter this command followed by Parameter Desc...

Page 741: ...nd Prompts shows the prompts at which ACL commands are entered NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples To create ACL number 67 that will deny packets from subnet 172 16 10 use the commands awplus configure terminal awplus config access list 67 deny 172 16 10 0 0 0 0 255 Alternatively to enter the IPv4 Standard ACL Configuration mode to create the A...

Page 742: ...mber Notethat thesequence numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax sequence number deny permit source exact match any no deny permit source exact match any no sequence number Mode IPv4 Standard ACL Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Parameter Description sequence number 1 65535 The...

Page 743: ... by running the access list standard named command with the required access control list number or name but with no further parameters selected Software ACLs will deny access unless explicitly permitted by an ACL action Examples Use the following commands to add a new filter entry to access list my list that will reject IP address 10 1 1 1 awplus configure terminal awplus config access list standa...

Page 744: ... Notethat thesequence numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax sequence number deny permit source host host address any no deny permit source host host address any no sequence number Mode IPv4 Standard ACL Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Parameter Description sequence number 1 6...

Page 745: ...o the middle of an existing list by specifying the appropriate sequence number NOTE The access control list being configured is selected by running the access list standard named command with the required access control list number or name but with no further parameters selected Software ACLs will deny access unless explicitly permitted by an ACL action Example To add a new entry accepting the IP ...

Page 746: ...MMANDS CLEAR IP PREFIX LIST clear ip prefix list Overview Use this command to reset the hit count to zero in the prefix list entries Syntax clear ip prefix list list name ip address mask Mode Privileged Exec Example To clear a prefix list named List1 awplus clear ip prefix list List1 Parameter Description list name The name of the prefix list ip address mask The IP prefix and length ...

Page 747: ...ce values are generated in a sequence of 5 The parameters ge and le specify the range of the prefix lengths to be matched When setting these parameters set the levalueto be less than 32 and the gevalue to be less than or equal to the le value and greater than the ip prefix mask length Prefix lists implicitly exclude prefixes that are not explicitly permitted in the prefix list This means if a pref...

Page 748: ...onfig router network 172 1 1 0 awplus config router network 172 1 2 0 awplus config router neighbor 10 6 5 3 remote as 300 awplus config router neighbor 10 6 5 3 prefix list mylist out awplus config router exit awplus config ip prefix list mylist seq 5 deny 76 2 2 0 24 awplus config ip prefix list mylist seq 100 permit any To deny the IP addresses between 10 0 0 0 14 10 0 0 0 255 252 0 0 and 10 0 ...

Page 749: ...ess list These are access lists within the ranges 1 199 1300 1999 and 2000 2699 and named standard and extended access lists The no variant of this command removes the limit on the number of filters that can be added to a software access list Syntax maximum access list 1 4294967294 no maximum access list Mode Global Configuration Example To set the maximum number of software filters to 200 awplus ...

Page 750: ... the switch awplus show access list To show the access list with an ID of 20 awplus show access list 20 Parameter Description 1 99 IP standard access list 100 199 IP extended access list 1300 1999 IP standard access list standard expanded range 2000 2699 IP extended access list extended expanded range 3000 3699 Hardware IP access list 4000 4499 Hardware MAC access list access list name IP named ac...

Page 751: ...ion 5 4 5I 0 x IPV4 SOFTWARE ACCESS CONTROL LIST ACL COMMANDS SHOW ACCESS LIST IPV4 SOFTWARE ACLS Note the below error message if you attempt to show an undefined access list awplus show access list 2 Related Commands access list standard named access list standard numbered access list extended numbered Can t find access list 2 ...

Page 752: ...100 199 1300 1999 2000 2699 access list name Mode User Exec and Privileged Exec Example awplus show ip access list Output Figure 23 1 Example output from the show ip access list command Parameter Description 1 99 IP standard access list 100 199 IP extended access list 1300 1999 IP standard access list expanded range 2000 2699 IP extended access list expanded range access list name IP named access ...

Page 753: ... in the channel group To apply ACLs to a static channel group apply it to the static channel group itself For more information on link aggregation see the following references the Link Aggregation Feature Overview and Configuration Guide Link Aggregation Commands Note that text in parenthesis in command names indicates usage not keyword entry For example ipv6 access list named indicates named IPv6...

Page 754: ...5 ipv6 traffic filter on page 768 show ipv6 access list IPv6 Hardware ACLs on page 769 Table 24 1 IPv6 Hardware Access List Commands and Prompts Command Name Command Mode Prompt show ipv6 access list IPv6 Hardware ACLs Privileged Exec awplus ipv6 access list named Global Configuration awplus config ipv6 access list named ICMP filter Global Configuration awplus config ipv6 traffic filter Interface ...

Page 755: ...configuration state of the IPv6 ACL is not written to hardware until you exit IPv6 Hardware ACL Configuration mode By entering this command you can ensure that the current state of a hardware access list that is being edited is written to hardware immediately Scripts typically do not include the exit command to exit configuration modes potentially leading to IPv6 ACL filters in hardware not being ...

Page 756: ...control the transmission of IPv6 packets on an interface and restrict the content of routing updates The switch stops checking the IPv6 hardware named access list when a match is encountered For backwards compatibility you can either create IPv6 hardware named access lists from within this command or you can enter ipv6 access list followed by only the IPv6 hardware named access list name This latt...

Page 757: ...e Plus Operating System Version 5 4 5I 0 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS IPV6 ACCESS LIST NAMED Related Commands ipv6 access list named ICMP filter ipv6 access list named protocol filter ipv6 access list named TCP UDP filter ipv6 traffic filter show ipv6 access list IPv6 Hardware ACLs ...

Page 758: ...filter entry for removal by entering either its sequence number or its filter entry profile NOTE Hardware ACLs will permit access unless explicitly denied by an ACL action Syntax ip icmp sequence number deny permit send to cpu ipv6 icmp ipv6 source address prefix length ipv6 source address ipv6 source wildcard host ipv6 source host any ipv6 destination address prefix length ipv6 destintation a ddr...

Page 759: ...care condition and binary 0 represents a match host ipv6 source host Specifies a single source host address The IPv6 address uses the format X X X X any Specifies any Source host ipv6 destination address prefix length Specifies a destination address and prefix length The IPv6 address uses the format X X X X Prefix Length The prefix length is usually set between 0 and 64 ipv6 destination addrress S...

Page 760: ...dd an ACL filter entry that blocks all ICMP6 echo requests on the default VLAN vlan1 enter the following commands awplus configure terminal awplus config ipv6 access list my acl2 awplus config ipv6 hw acl deny icmp any any icmp type 128 vlan 1 To remove an ACL filter entry that blocks all ICMP6 echo requests from he hardware IPv6 access list named my acl1 enter the following commands awplus config...

Page 761: ...fy the filter entry for removal by entering either its sequence number or its filter entry profile Syntax sequence number deny permit send to cpu ipv6 proto ip protocol ipv6 source prefix prefix length ipv6 source address ipv6 source wildcard host ipv6 source host any ipv6 destination prefix prefix length ipv6 destination add ress ipv6 destination wildcard host ipv6 destination host any sequence n...

Page 762: ... Protocol RFC793 8 EGP Exterior Gateway Protocol RFC888 9 IGP Interior Gateway Protocol IANA 11 Network Voice Protocol RFC741 17 UDP User Datagram Protocol RFC768 20 Host monitoring RFC869 27 RDP Reliable Data Protocol RFC908 28 IRTP Internet Reliable Transaction Protocol RFC938 29 ISO TP4 ISO Transport Protocol Class 4 RFC905 30 Bulk Data Transfer Protocol RFC969 33 DCCP Datagram Congestion Contr...

Page 763: ...ddress Specifies the source address The IPv6 address uses the format X X X X ipv6 source wildcard Specifies the source wildcard bits in IPv6 format X X X X host ipv6 source host Specifies a single source host The IPv6 address uses the format X X X X any Specifies any source host An abbreviation for the IPv6 prefix 0 ipv6 dest prefix prefix length Specifies a destination address and mask The IPv6 a...

Page 764: ... specified if an address does not matter NOTE Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To add an ACL filter entry to block IP traffic from network 2001 0db8 0 64 to the hardware IPv6 access list named my acl use the commands awplus configure terminal awplus config ipv6 access list my acl awplus config ipv6 hw acl deny ipv6 2001 0db8 0 64 To remove an ACL ...

Page 765: ...ering either its sequence number or its filter entry profile Syntax sequence number deny permit send to cpu tcp udp ipv6 source prefix prefix length ipv6 source address ipv6 source wildcard host ipv6 source host any eq sourceport ipv6 destination prefix prefix length ipv6 destination add ress ipv6 destination wildcard host ipv6 destination host any eq destport no deny permit send to cpu tcp udp ip...

Page 766: ... hw acl deny tcp 2001 0db8 0 64 any eq 22 ipv6 source address Specifies the source address The IPv6 address uses the format X X X X ipv6 source wildcard Specifies the source wildcard bits in IPv6 format X X X X host ipv6 source host Specifies the a single source host The IPv6 address uses the format X X X X any Specifies any Source host An abbreviation for the IPv6 prefix 0 eq Equal to sourceport ...

Page 767: ...inal awplus config ipv6 access list my acl awplus config ipv6 hw acl deny tcp 2001 0db8 0 64 any eq 22 vlan 1 To remove an ACL filter entry that blocks all SSH traffic from network 2001 0db8 0 64 from the hardware IPv6 access list named my acl use the commands awplus configure terminal awplus config ipv6 access list my acl awplus config ipv6 hw acl no deny tcp 2001 0db8 0 64 any eq 22 Validation C...

Page 768: ...s an IPv6 hardware based access list to an interface The number of access lists that can be added is determined by the amount of available space in the hardware based packet classification tables To apply the access list to all ports on the switch execute the command in the Global Configuration mode To apply the access list to a Layer 2 interface or Layer 2 interface range apply the command in the...

Page 769: ...access list named command Syntax show ipv6 access list access list name show ipv6 access list standard access list name Mode User Exec and Privileged Exec Examples To show the standard named ipv6 access list acl_name use the following command awplus show ipv6 access list standard acl_name Output Figure 24 1 Example output from the show ipv6 access list standard command To show all configured ipv6 ...

Page 770: ...e Plus Operating System Version 5 4 5I 0 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS SHOW IPV6 ACCESS LIST IPV6 HARDWARE ACLS Related Commands ipv6 access list named ipv6 access list named ICMP filter ipv6 access list named protocol filter ipv6 access list named TCP UDP filter ipv6 traffic filter ...

Page 771: ... ports in the channel group To apply ACLs to a static channel group apply it to the static channel group itself For more information on link aggregation see the following references the Link Aggregation Feature Overview and Configuration Guide Link Aggregation Commands Note that text in parenthesis in command names indicates usage not keyword entry For example ipv6 access list named indicates name...

Page 772: ...the CLI prompts at which ACL commands are entered Command List ipv6 access list standard named on page 773 ipv6 access list standard filter on page 775 show ipv6 access list IPv6 Software ACLs on page 777 Table 25 1 IPv6 Software Access List Commands and Prompts Command Name Command Mode Prompt show ipv6 access list IPv6 Software ACLs Privileged Exec awplus ipv6 access list standard named Global C...

Page 773: ... traffic controlled by a software ACL that does not explicitly match a filter is denied Usage Use IPv6 standard access lists to control the transmission of IPv6 packets on an interface and restrict the content of routing updates The switch stops checking the IPv6 standard access list when a match is encountered Parameter Description ipv6 acl list name A user defined name for the IPv6 software stan...

Page 774: ... name This latter and preferred method moves you to the config ipv6 std acl prompt for the selected IPv6 standard access list and from here you can configure the filters for this selected IPv6 standard access list NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Example To enter the IPv6 Standard ACL Configuration mode for the access list named my list use the comma...

Page 775: ...ny no deny permit ipv6 source address prefix length any no sequence number Mode IPv6 Standard ACL Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Usage The filter entry will match on any IPv6 packet that has the specified IPv6 source address and prefix length The parameter any may be specified if an address does not matter NOTE Softw...

Page 776: ...v6 access list named my list enter the commands awplus configure terminal awplus config ipv6 access list standard my list awplus config ipv6 std acl no deny any Alternately to remove the ACL filter entry with sequence number 5 to the standard IPv6 access list named my list enter the commands awplus configure terminal awplus config ipv6 access list standard my list awplus config ipv6 std acl no 5 R...

Page 777: ...ed using the ipv6 access list standard named command Syntax show ipv6 access list standard access list name Mode User Exec and Privileged Exec Example To show the ipv6 access list specified with the name acl_name use the following command awplus show ipv6 access list standard acl_name Output Figure 25 1 Example output from the show ipv6 access list standard command Related Commands ipv6 access lis...

Page 778: ...on Guide Command List class on page 780 class map on page 781 default action on page 782 description QoS policy map on page 783 egress rate limit on page 784 match access group on page 785 match cos on page 787 match dscp on page 788 match eth format protocol on page 789 match mac type on page 792 match tcp flags on page 793 match vlan on page 794 mls qos cos on page 795 mls qos cpu queue rx rate ...

Page 779: ...0 x QOS COMMANDS policy map on page 802 priority queue on page 803 remark new cos on page 804 service policy input on page 805 show class map on page 806 show mls qos on page 807 show mls qos interface on page 808 show mls qos maps cos queue on page 810 show policy map on page 811 trust dscp on page 812 wrr queue weight queues on page 813 ...

Page 780: ... maps and policy maps see the the QoS Feature Overviewand Configuration Guide If your class map does not exist you can create it by using the class map command Syntax class name default no class name Mode Policy Map Configuration Example The following example creates the policy map pmap1 using the policy map command then associates this to an already existing class map named cmap1 use the commands...

Page 781: ...iew Use this command to create a class map Use the no variant of this command to delete the named class map Syntax class map name no class map name Mode Global Configuration Example This example creates a class map called cmap1 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap Parameter Description name Name of the class map to be created ...

Page 782: ...tion can therefore be thought of as specifying the action that will be applied to any data that does not meet the criteria specified by the applied matching commands Use the no variant of this command to reset to the default action of permit Syntax default action permit deny send to cpu no default action Default The default is permit Mode Policy Map Configuration Examples To set the action for the...

Page 783: ...view Adds a textual description of the policy map This can be up to 80 characters long Use the no variant of this command to remove the current description from the policy map Syntax description line no description Mode Policy Map Configuration Example To add the description VOIP traffic use the command awplus config pmap description VOIP traffic Parameter Description line Up to 80 character long ...

Page 784: ...rminal awplus config interface port1 0 1 awplus config if egress rate limit 64k Egress rate limit has been set to 64 Kb To disable egress rate limiting on a port use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if no egress rate limit Parameter Description bandwidth Bandwidth 1 10000000 units per second usable units k m g The egress rate limit can be confi...

Page 785: ...ist matching only to incoming data packets Examples Toconfigureaclass mapnamedcmap1withonematchcriterion access list 3001 which allows IP traffic from any source to any destination use the commands awplus configure terminal awplus config access list 3001 permit ip any any awplus config class map cmap1 awplus config cmap match access group 3001 Toconfigureaclass mapnamedcmap2withonematchcriterion a...

Page 786: ...SS GROUP Toconfigureaclass mapnamedcmap3withonematchcriterion access list hw_acl which allows IP traffic from any source to any destination use the commands awplus configure terminal awplus config access list hardware hw_acl awplus config ip hw acl permit ip any any awplus config class map cmap3 awplus config cmap match access group hw_acl Related Commands class map ...

Page 787: ...ackets Use the no variant of this command to remove CoS Syntax match cos 0 7 no match cos Mode Class Map Configuration Examples To set the class map s CoS to 4 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match cos 4 To remove CoS from a class map use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap no match cos ...

Page 788: ...ss Map Configuration Usage Use the match dscp command to define the match criterion after creating a class map Examples To configure a class map named cmap1 with criterion that matches DSCP 56 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match dscp 56 To remove a previously defined DSCP from a class map named cmap1 use the commands awplus configure te...

Page 789: ... any EthII Tagged or Untagged Packets enter the parameter name layer three protocols word A Valid Protocol Number in hexidecimal any Note that the parameter any is only valid when used with the netwarerawtagged and netwarerawuntagged protocol options sna path control Protocol Number 04 enter the parameter name or its number proway lan Protocol Number 0E enter the parameter name or its number eia r...

Page 790: ... parameter name or its number dec decnet Protocol Number 6003 enter the parameter name or its number dec lat Protocol Number 6004 enter the parameter name or its number dec diagnostic Protocol Number 6005 enter the parameter name or its number dec customer Protocol Number 6006 enter the parameter name or its number dec lavc Protocol Number 6007 enter the parameter name or its number rarp Protocol ...

Page 791: ...tocol 0800 awplus awplus config cmap match eth format ethii tagged protocol ip To remove the eth format and the protocol from the class map cmap1 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap no match eth format protocol ethertalk 2 aarp Protocol Number 80F3 enter the parameter name or its number ipx snap Protocol Number 8137 enter the parameter name o...

Page 792: ...match mac type l2bcast l2mcast l2ucast no match mac type Mode Class Map Configuration Examples To set the class map s MAC type to Layer 2 multicast use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match mac type l2mcast To remove the class map s MAC type entry use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap no m...

Page 793: ...for a class map to match on Syntax match tcp flags ack fin psh rst syn no match tcp flags ack fin rst syn Mode Class Map Configuration Examples To set the class map s TCP flags to ack and syn use the commands awplus configure terminal awplus config class map awplus config cmap match tcp flags ack syn To remove the TCP flags ack and rst use the commands awplus configure terminal awplus config class...

Page 794: ...ed as match criteria Syntax match vlan 1 4094 no match vlan Mode Class Map Configuration Examples To configure a class map named cmap1 to include traffic from VLAN 3 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match vlan 3 To disable the configured VLAN ID as a match criteria for the class map named cmap1 use the commands awplus configure terminal aw...

Page 795: ...d to return the interface to the default CoS setting for untagged frames entering the interface Syntax mls qos cos 0 7 no mls qos cos Default By default all untagged frames are assigned a CoS value of 0 Note that for tagged frames the default behavior is not to alter the CoS value Mode Interface Configuration Example To assign a CoS user priority value of 2 to all untagged packets entering ports 1...

Page 796: ...ueue is unlimited Mode Global Configuration Usage Values are rounded as shown in the following table Examples To assign a traffic rate limit of 2048 Kbps to queue 0 use the command awplus configure terminal awplus config mls qos cpu queue rx rate limit 2048 queues 0 Output Figure 26 1 Example output from the mls qos cpu queue rx rate limit command Related commands show mls qos interfacewrr queue w...

Page 797: ...e no variant of this command to globally disable QoS and remove all QoS configuration The no variant of this command removes all class maps policy maps and policers that have been created Running the no mls qos command will therefore remove all pre existing QoS configurations on the switch Mode Global Configuration Syntax mls qos enable no mls qos Example To enable QoS on the switch use the comman...

Page 798: ...ack to its default setting The default mappings for this command are Syntax mls qos map cos queue cos priority to queue number no mls qos map cos queue Mode Global Configuration Examples To map CoS 2 to queue 0 use the command awplus configure terminal awplus config mls qos map cos queue 2 to 0 To set the cos queue map back to its defaults use the command awplus configure terminal awplus config no...

Page 799: ...s map premark dscp 0 63 to new queue 0 4 no mls qos map premark dscp 0 63 Mode Global Configuration Usage With the trust dscp command set the mls qos map premark dscp command enables you to specify the queue for packets When trust dscp is enabled on a port the switch cannot use the CoS 802 1p priority value to determine queue settings for traffic egressing that port Therefore non IP packets will n...

Page 800: ...e this command to disable any policer previously configured on the class map Syntax no police Mode Policy Map Class Configuration Usage This command disables any policer previously configured on the class map Example To disable policing on a class map use the command awplus configure terminal awplus config policy map name awplus config pmap class classname awplus config pmap c no police ...

Page 801: ...a port and drop non conforming red packets Example To configure a single rate meter measuring traffic of 10 Mbps that drops a sustained burst of traffic over this rate use the commands awplus configure terminal awplus config policy map name awplus config pmap class classname awplus config pmap c police single rate 10000 1875000 1875000 action drop red Related Commands no police Parameter Descripti...

Page 802: ...nd to enter Policy Map Configuration mode to configure the specified policy map Use the no variant of this command to delete an existing policy map Syntax policy map name no policy map name Mode Global Configuration Example To create a policy map called pmap1 use the commands awplus configure terminal awplus config policy map pmap1 awplus config pmap Related Commands class map Parameter Descriptio...

Page 803: ...eues are set to use strict priority When you enter a command to set a WRR weight on a queue the switch applies that to all ports It displays the following message to indicate this Note that the emptying sequence for priority queuing is always highest queue number to lowest queue number Example To apply priority based scheduling use the commands awplus configure terminal awplus config interface por...

Page 804: ... table Example For policy map pmap3 and class map cmap1 set the CoS value to 2 and also set the input to the CoS to queue map so that the traffic is assigned to egress queue 0 awplus configure terminal awplus config policy map pmap3 awplus config pmap class cmap1 awplus config pmap c remark new cos 2 both Related Commands mls qos map cos queue to show mls qos maps cos queue Parameter Description 0...

Page 805: ... policy map and interface association Syntax service policy input policy map no service policy input policy map Mode Interface Configuration Usage This command can be applied to switch ports or static channel groups but not to dynamic LACP channel groups Example To apply a policy map named pmap1 to interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awp...

Page 806: ...classifying traffic Syntax show class map class map name Mode User Exec and Privileged Exec Example To display a QoS class map s match criteria for classifying traffic use the command awplus show class map cmap1 Output Figure 26 2 Example output from the show class map command Related Commands class map Parameter Description class map name Name of the class map awplus show class map CLASS MAP NAME...

Page 807: ...S show mls qos Overview Use this command to display whether QoS is enabled or disabled on the switch Syntax show mls qos Mode User Exec and Privileged Exec Example To display whether QoS is enabled or disabled use the command awplus show mls qos Output Figure 26 3 Example output from the show mls qos command Related Commands mls qos enable awplus show mls qos Enable ...

Page 808: ...verview Displays the current settings for the interface This includes its default CoS and queue scheduling used for each queue and any policies maps that are attached Syntax show mls qos interface port Mode User Exec and Privileged Exec Example To display current CoS and queue settings for interface port1 0 1 use the command awplus show mls qos interface port1 0 1 Parameter Description port Switch...

Page 809: ...licer counters enabled CLASS MAP NAME myClass Match Mac Type 2 l2mcast Policer counters enabled Remark CoS and CoS Queue Map Index to 6 Number of egress queues 4 Egress Queue 0 Status Enabled Scheduler Strict Priority Egress Queue 1 Status Enabled Scheduler Strict Priority Egress Queue 2 Status Enabled Scheduler Strict Priority Egress Queue 3 Status Enabled Scheduler Strict Priority Trust Mode Por...

Page 810: ...w Show the current configuration of the cos queue map Syntax show mls qos maps cos queue Mode User Exec and Privileged Exec Example To display the current configuration of the cos queue map use the command awplus show mls qos maps cos queue Output Figure 26 5 Example output from the show mls qos maps cos queue command Related Commands mls qos map cos queue to COS TO QUEUE MAP COS 0 1 2 3 4 5 6 7 Q...

Page 811: ...olicy map name Mode User Exec and Privileged Exec Example To display a listing of the policy maps configured on the switch use the command awplus show policy map Output Figure 26 6 Example output from the show policy map command Related Commands service policy input Parameter Description name The name of a specific policy map awplus show policy map POLICY MAP NAME myPolicy State attached Default c...

Page 812: ...n 5 4 3A 1 x and later Syntax trust dscp no trust Mode Policy Map Configuration Because policy maps are applied to ports you can think of trust dscp as a per port setting Examples To enable the premark dscp map lookup for policy map pmap1 use the commands awplus configure terminal awplus config policy map pmap1 awplus config pmap trust dscp To disable the premark dscp map lookup for policy map pma...

Page 813: ...ply weighted round robin based scheduling to switch port interfaces for example awplus config interface port1 0 2 You cannot apply weighted round robin based scheduling to static aggregated interfaces for example awplus config interface sa2 Attempting to apply weighted round robin based scheduling on aggregated interfaces will display the console error shown below awplus configure terminal awplus ...

Page 814: ...as WRR with weighting values of 4 awplus configure terminal awplus config interface port1 0 1 1 0 6 awplus config if wrr queue weight 15 queues 3 awplus config if wrr queue weight 8 queues 2 awplus config if wrr queue weight 4 queues 0 1 In this example the queues are processed in turn Four times as much traffic goes out queue 3 as goes out queues 0 or 1 Related Commands priority queue show mls qo...

Page 815: ...dot1x eapol version on page 819 dot1x initialize interface on page 820 dot1x initialize supplicant on page 821 dot1x keytransmit on page 822 dot1x max auth fail on page 823 dot1x max reauth req on page 825 dot1x port control on page 826 dot1x timeout tx period on page 828 show debugging dot1x on page 829 show dot1x on page 830 show dot1x diagnostics on page 833 show dot1x interface on page 835 sho...

Page 816: ... Usage This command without any parameters turns on normal 802 1X debug information awplus debug dot1x awplus show debugging dot1x Examples awplus debug dot1x awplus debug dot1x all Related Commands show debugging dot1x undebug dot1x Parameter Description all Used with the no variant of this command exclusively turns off all debugging for 802 1X auth web Specifies debugging for 802 1X auth web inf...

Page 817: ...f the filter to both The port will then discard both ingress and egress traffic Syntax dot1x control direction in both no dot1x control direction Default The authentication port direction is set to both by default Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Example s To set the port direction to the default both for port1 0 2 use the commands awp...

Page 818: ... the switch use the commands awplus configure terminal awplus config dot1x eap forward To set the transmit mode of EAP packet to discard to discard EAP packets use the commands awplus configure terminal awplus config dot1x eap discard To set the transmit mode of EAP packet to forward untagged vlan to forward EAP packets to ports with the same untagged vlan use the commands awplus configure termina...

Page 819: ...ot1x eapol version Default The EAP version for 802 1X authentication is set to 1 by default Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To set the EAPOL protocol version to 2 for port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x eapol version 2 To set the EAPOL protocol version ...

Page 820: ...ode Privileged Exec Examples To initialize 802 1X port authentication on the interface port1 0 2 use the command awplus dot1x initialize interface port1 0 2 To unauthorize switch port1 0 1 and attempt reauthentication on switch port1 0 1 use the command awplus dot1x initialize interface port1 0 1 Validation Commands show dot1x show dot1x interface Related Commands dot1x initialize supplicant Param...

Page 821: ...isnottriggeredbythiscommand Theattemptistriggered by the first packet from the supplicant trying to access the network resources Syntax dot1x initialize supplicant macadd username Mode Privileged Exec Example To initialize the supplicant authentication use the commands awplus configure terminal awplus config dot1x initialize supplicant 0090 99ab a020 awplus config dot1x initialize supplicant guest...

Page 822: ...hannel a dynamic LACP channel group or a switch port Usage Use this command to enable key transmission over an Extensible Authentication Protocol EAP packet between the authenticator and supplicant Use the no variant of this command to disable key transmission Examples To enable the key transmit feature on interface port1 0 2 after it has been disabled by negation use the commands awplus configure...

Page 823: ...ets the maximum number of login attempts for supplicants on an interface The supplicant is moved to the auth fail VLAN from the Guest VLAN after the number of failed login attempts using 802 1X authentication is equal to the number set with this command See the Authentication Feature Overview and Configuration Guide for information about the auth fail VLAN feature and restrictions regarding combin...

Page 824: ...l Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x 802 1X COMMANDS DOT1X MAX AUTH FAIL Validation Commands show running config Related Commands auth auth fail vlan dot1x max reauth req show dot1x interface ...

Page 825: ...P channel group or a switch port Usage Use this command to set the maximum reauthentication attempts after failure Examples To configure the maximum number of reauthentication attempts for interface port1 0 2 to a single 1 reauthentication request use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x max reauth req 1 To configure the maximum number of ...

Page 826: ...static channel a dynamic LACP channel group or a switch port Usage Use this command to force a port state Note that all dot1x commands can only be applied to switch ports They cannot be applied to dynamic LACP or static channel groups Examples To enable port authentication on the interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x...

Page 827: ... System Version 5 4 5I 0 x 802 1X COMMANDS DOT1X PORT CONTROL To disable port authentication on the interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no dot1x port control Validation Commands show dot1x interface Related Commands aaa authentication dot1x ...

Page 828: ... port authentication is 30 seconds Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Usage Use this command to set the interval between successive attempts to request an ID Examples To set the transmit timeout period to 5 seconds on interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x t...

Page 829: ...and output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging dot1x Mode User Exec and Privileged Exec Usage This is a sample output from the show debugging dot1x command awplus debug dot1x awplus show debugging dot1x Example awplus show debugging dot1x Related Commands debug dot1x 802 1X debugging status 8...

Page 830: ...cify the optional all parameter then this command also displays all authentication information for each port available on the switch For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show dot1x all Mode Privileged Exec Example awplus show dot1x all Parameter Descript...

Page 831: ...0 6 portEnabled true portControl Auto portStatus Authorized reAuthenticate disabled reAuthPeriod 3600 PAE quietPeriod 60 maxReauthReq 2 txPeriod 30 PAE connectTimeout 30 BE suppTimeout 30 serverTimeout 30 CD adminControlledDirections in KT keyTxEnabled false critical disabled guestVlan disabled dynamicVlanCreation single dynamic vlan assignFailActionRule deny hostMode multi supplicant maxSupplican...

Page 832: ...x 0 EAP Rsp Id Frames Rx 3 EAP Response Frames Rx 2 EAP Req Id Frames Tx 8 EAP Request Frames Tx 2 Invalid EAPOL Frames Rx 0 EAP Length Error Frames Rx 0 EAPOL Last Frame Version Rx 1 EAPOL Last Frame Src 00d0 59ab 7037 Authentication session statistics for interface port1 0 6 session user name manager session authentication method Remote server session time 19440 secs session terminate cause Not ...

Page 833: ...Ware Plus Feature Overview and Configuration Guide Syntax show dot1x diagnostics interface interface list Mode Privileged Exec Example See the sample output below showing 802 1X authentication diagnostics for port1 0 5 awplus show dot1x diagnostics interface port1 0 5 Parameter Description interface Specify a port to show interface list The interfaces or ports to configure An interface list can be...

Page 834: ...rface port1 0 5 Supplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWhileConnecting 1 authEnterAuthenticating 2 authSuccessWhileAuthenticating 1 authTimeoutWhileAuthenticating 1 authFailWhileAuthenticating 0 authEapstartWhileAuthenticating 0 authEaplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthenticated 0 Backend...

Page 835: ... for the specified interfaces For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show dot1x interface interface list diagnostics sessionstatistics statistics supplicant brief Mode Privileged Exec Parameter Description interface list The interfaces or ports to configur...

Page 836: ... portStatus Authorized reAuthenticate disabled reAuthPeriod 3600 PAE quietPeriod 60 maxReauthReq 2 txPeriod 30 PAE connectTimeout 30 BE suppTimeout 30 serverTimeout 30 CD adminControlledDirections in KT keyTxEnabled false critical disabled guestVlan disabled dynamicVlanCreation single dynamic vlan assignFailActionRule deny hostMode multi supplicant maxSupplicant 256 dot1x enabled protocolVersion 1...

Page 837: ...ticating 0 authEaplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthenticated 0 BackendResponses 2 BackendAccessChallenges 1 BackendOtherrequestToSupplicant 3 BackendAuthSuccess 1 awplus show dot1x interface port1 0 6 supplicant authenticationMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicant...

Page 838: ...eter Description portEnabled Interface operational status Up true down false portControl Current control status of the port for 802 1X control portStatus 802 1X status of the port authorized unauthorized reAuthenticate Reauthentication enabled disabled status on port reAuthPeriod Value holds meaning only if reauthentication is enabled abort Indicates that authentication should be aborted when set ...

Page 839: ...timeout maxReq Maximum requests to be sent CD Controlled Directions State machine adminControlledDi r ections Administrative value Both In operControlledDir e ctions Operational Value Both In KR Key receive state machine rxKey True when EAPOL Key message is received by supplicant or authenticator false when key is transmitted KT Ket Transmit State machine keyAvailable False when key has been trans...

Page 840: ... output below showing 802 1X dot1x authentication session statistics for port1 0 6 awplus show dot1x sessionstatistics interface port1 0 6 Parameter Description interface Specify a port to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a conti...

Page 841: ...ics for port1 0 6 awplus show dot1x statistics interface port1 0 6 Parameter Description interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of interfaces ports static channel groups or dynamic LACP channel groups separated by a hyphe...

Page 842: ...show dot1x supplicant Parameter Description macadd MAC hardware address of the Supplicant brief Brief summary of the Supplicant state authenticationMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuthenticationSupplicantNum 1 webBasedAuthenticationSupplicantNum 0 Supplicant name manager Supplicant address 00d0 59ab 7037 authenticationMethod do...

Page 843: ... follows Related Commands show dot1x supplicant interface Interface port1 0 6 authenticationMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuthenticationSupplicantNum 1 webBasedAuthenticationSupplicantNum 0 Interface VID Mode MAC Address Status IP Address Username port1 0 6 2 D 00d0 59ab 7037 Authenticated 192 168 2 201 manager Interface port...

Page 844: ...trolling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show dot1x supplicant interface interface list brief Mode Privileged Exec Parameter Description interface list The interfaces or ports to configure An interface list can be aninterface e g vlan2 aswitchport e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel g...

Page 845: ...N10 Supplicant address 0000 cd07 7b60 authenticationMethod 802 1X Two Step Authentication firstAuthentication Pass Method mac secondAuthentication Pass Method dot1x portStatus Authorized currentId 3 abort F fail F start F timeout F success T PAE state Authenticated portMode Auto PAE reAuthCount 0 rxRespId 0 PAE quietPeriod 60 maxReauthReq 2 BE state Idle reqCount 0 idFromServer 2 CD adminControlle...

Page 846: ...e sa1 supplicant brief Related Commands show dot1x supplicant awplus show dot1x interface sa1 supplicant brief Interface sa1 authenticationMethod dot1x Two Step Authentication firstMethod mac secondMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuthenticationSupplicantNum 1 webBasedAuthenticationSupplicantNum 0 otherAuthenticationSupplicantNu...

Page 847: ...or IE200 Series Industrial Managed PoE Switches 847 AlliedWare Plus Operating System Version 5 4 5I 0 x 802 1X COMMANDS UNDEBUG DOT1X undebug dot1x Overview This command applies the functionality of the no variant of the debug dot1x command ...

Page 848: ...t vlan on page 857 auth host mode on page 859 auth log on page 861 auth max supplicant on page 863 auth reauthentication on page 864 auth roaming disconnected on page 865 auth roaming enable on page 867 auth supplicant mac on page 869 auth timeout connect timeout on page 871 auth timeout quiet period on page 872 auth timeout reauth period on page 873 auth timeout server timeout on page 874 auth ti...

Page 849: ...8 auth web server mode deleted on page 899 auth web server page logo on page 900 auth web server page sub title on page 901 auth web server page success message on page 902 auth web server page title on page 903 auth web server page welcome message on page 904 auth web server ping poll enable on page 905 auth web server ping poll failcount on page 906 auth web server ping poll interval on page 907...

Page 850: ...ow auth mac sessionstatistics on page 926 show auth mac statistics interface on page 927 show auth mac supplicant on page 928 show auth mac supplicant interface on page 929 show auth web on page 930 show auth web diagnostics on page 932 show auth web interface on page 934 show auth web sessionstatistics on page 937 show auth web statistics interface on page 938 show auth web supplicant on page 939...

Page 851: ...h fail vlan feature enables assignment to a different VLAN if a supplicant fails authentication To enable the auth fail vlan feature with Web Authentication you need to set Web Authentication Server virtual IP address by using the auth web server ipaddress command or the auth web server dhcp ipaddress command When using 802 1X port authentication use a dot1x max auth fail command to set the maximu...

Page 852: ...uide For more information about ACL commands see Examples To enable auth fail vlan for port1 0 2and assign VLAN 100 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth auth fail vlan 100 To disable the auth fail vlan feature for port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if ...

Page 853: ...on the interface Syntax auth critical no auth critical Default The critical port of port authentication is disabled Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To enable the critical port feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth critical To...

Page 854: ...VLANs are assigned to ports Dynamic VLANs may be associated with authenticated MAC addresses if the type parameter is applied with the rule parameter The rule parameter deals with the case where there are multiple supplicants attached to a port and the type parameter has been set to single vlan The parameter specifies how the switch should act if different VLAN IDs end up being assigned to differe...

Page 855: ... MAC address of the authenticated supplicant The VLAN ID assigned for the MAC Base VLAN is displayed using the show platform table vlan command To configure Dynamic Vlan with Web Authentication you need to set Web Authentication Server virtual IP address by using the auth web server ipaddress command or the auth web server dhcp ipaddress command You also need to create a hardware access list that ...

Page 856: ...THENTICATION COMMANDS AUTH DYNAMIC VLAN CREATION To disable the Dynamic VLAN assignment feature on interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth dynamic vlan creation Validation Commands show dot1x show dot1x interface show running config Related Commands auth host mode ...

Page 857: ...pplicant mode with per port dynamic VLAN configuration after the first successful authentication subsequent hosts cannot use the guest VLAN due to the change in VLAN ID This may be avoided by using per user dynamic VLAN assignment When using the Guest VLAN feature with the multi host mode a number of supplicants can communicate via a guest VLAN before authentication A supplicant s traffic is assoc...

Page 858: ...s regarding combinations of authentication enhancements working together Examples To define vlan100 and assign the guest VLAN feature to vlan100 on interface port1 0 2 and enable routing from the guest vlan to other VLANs use the following commands awplus configure terminal awplus config vlan database awplus config vlan vlan 100 awplus config vlan exit awplus config interface port1 0 2 awplus conf...

Page 859: ...sed all hosts do not need to be authenticated Parameter Description single host Single host mode In this mode only one host may be authorized with the port If other hosts out the interface attempt to authenticate the authenticator blocks the attempt multi host Multi host mode In this mode multiple hosts may be authorized with the port however only one host must be successfully authenticated at the...

Page 860: ...licant on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth host mode multi supplicant To set the host mode to default single host on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth host mode Validation Commands show dot1x show dot1x int...

Page 861: ...res to the log file for supplicants client devices connected to interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth log auth mac failure Parameter Description dot1x Specify only 802 1X Authentication log messages are output to the log file auth mac Specify only MAC Authentication log messages are output to the log file au...

Page 862: ...x AUTHENTICATION COMMANDS AUTH LOG To configure the logging of all types of authentication log messages to the log file for supplicants client devices connected to interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth log all Validation Commands show running config ...

Page 863: ...2 1024 no auth max supplicant Default The max supplicant of port authentication is 1024 Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To set the maximum number of supplicants to 10 on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth max supplicant 10 To reset t...

Page 864: ...nel group or a switch port Use the no variant of this command to disables reauthentication on the interface Syntax auth reauthentication no auth reauthentication Default Reauthentication of port authentication is disabled by default Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To enable reauthentication on interface port1 0 2 use the foll...

Page 865: ...s See the Authentication Feature Overview and Configuration Guide for further information about this feature Syntax auth roaming disconnected no auth roaming disconnected Default The Roaming Authentication disconnected feature is disabled by default on an interface Authentication status for a roaming supplicant is deleted by default when an interface goes down Mode Interface Configuration for a st...

Page 866: ...awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x port control auto awplus config if auth roaming enable awplus config if auth roaming disconnected To disable Roaming Authentication disconnected feature for port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth roaming disconnected Validation Commands show ru...

Page 867: ... interfaces See the Authentication Feature Overview and Configuration Guide for further information about this feature Syntax auth roaming enable no auth roaming enable Default The Roaming Authentication enable feature is disabled by default on an interface Authentication status for a roaming supplicant is deleted by default when an interface goes down Mode Interface Configuration for a static cha...

Page 868: ...d use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if dot1x port control auto awplus config if auth roaming enable To disable Roaming Authentication enable for port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if no auth roaming enable Validation Commands show running config Related Com...

Page 869: ...r Description mac addr MAC hardware address of the Supplicant entry in HHHH HHHH HHHH MAC address hexadecimal format port control Port control commands auto Allow port client to negotiate authentication force authorized Force port state to authorized force unauthorized Force port state to unauthorized skip second auth Skip the second authentication quiet period Quiet period in the HELD state defau...

Page 870: ...rt control for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth supplicant mac 0009 41A4 5943 port control force authorized To delete the supplicant MAC address 0009 41A4 5943 for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth supplica...

Page 871: ...Usage This command is used for MAC and Web Authentication If the connect timeout has lapsed and the supplicant has the state connecting then the supplicant is deleted When auth web server session keep or auth two step enableis enabled we recommend you configure a longer connect timeout period Examples To set the connect timeout period to 3600 for interface port1 0 2 use the following commands awpl...

Page 872: ...conds Syntax auth timeout quiet period 1 65535 no auth timeout quiet period Default The quiet period of port authentication is 60 seconds Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To set the quiet period to 10 for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if...

Page 873: ...uth period Default The default reauthentication period for port authentication is 3600 seconds when reauthentication is enabled on the port Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To set the reauthentication period to 1 day for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 ...

Page 874: ...efault The server timeout for port authentication is 30 seconds Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To set the server timeout to 120 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout server timeout 120 To set the server timeout to t...

Page 875: ...out Default The supplicant timeout of port authentication is 30 seconds Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To set the server timeout to 2 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout supp timeout 2 To reset the server timeout ...

Page 876: ...Interface Configuration for a port Usage Thesinglestepauthenticationmethods eitheruserordeviceauthentication have a potential security risk an unauthorized user can access the network with an authorized device or an authorized user can access the network with an unauthorized device Two step authentication solves this problem by authenticating both the user and the device The supplicant will only b...

Page 877: ...thentication followed by Web Authentication use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if switchport mode access awplus config if auth mac enable awplus config if auth web enable awplus config if auth dynamic vlan creation awplus config if auth two step enable To enable 802 1X Authentication followed by Web Authentication use the following ...

Page 878: ...erating System Version 5 4 5I 0 x AUTHENTICATION COMMANDS AUTH TWO STEP ENABLE Related Commands show auth two step supplicant brief show auth mac show auth mac interface show auth mac supplicant show auth web show auth web interface show auth web supplicant show dot1x show dot1x interface show dot1x supplicant ...

Page 879: ...ges which does not happen when spanning tree edgeport is enabled Note that re authentication is correct behavior without spanning tree edgeport enabled Applying switchport mode access on ports is also good practice to set the ports to access mode with ingress filtering turned on whenever ports for MAC Authentication are in a VLAN Examples To enable MAC Authentication on interface port1 0 2 and ena...

Page 880: ...oE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x AUTHENTICATION COMMANDS AUTH MAC ENABLE Related Commands aaa accounting auth mac default aaa authentication auth mac spanning tree edgeport RSTP and MSTP switchport mode access ...

Page 881: ... md5 pap no auth mac method Default The MAC Authentication method is PAP Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To set the MAC Authentication method to pap on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth mac method pap To set the MAC Authentication m...

Page 882: ...er to discover This is particularly important if some MAC based supplicants on the network are intelligent devices such as computers and or you are using two step authentication see the Ensuring Authentication Methods Require Different Usernames and Passwords section of the Authentication Feature Overview and Configuration Guide Examples To change the password to verySecurePassword use the command...

Page 883: ...learning no auth mac reauth relearning Default Re learning for port authentication is disabled by default Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To enable the re authentication re learning feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth mac r...

Page 884: ...vice dhcp snooping command and vice versa You need to configure an IPv4 address for the VLAN interface on which Web Authentication is running Examples To enable Web Authentication on static channel group 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if static channel group 2 awplus config if exit awplus config interface sa2 awplus config if ...

Page 885: ... Default Packet forwarding for port authentication is disabled by default Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Usage For more information about the ip address parameter and an example see the auth web forward section in the Alliedware Plus Technical Tips and Tricks Examples To enable the ARP forwarding feature on interface port1 0 2 use th...

Page 886: ...lus config if auth web enable awplus config if auth dynamic vlan creation awplus config if auth web forward 192 168 1 10 dns To disable the ARP forwarding feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth web forward arp To delete the TCP forwarding port 137 on interface port1 0 2 use the following command...

Page 887: ...entication failures Syntax auth web max auth fail 0 10 no auth web max auth fail Default The max auth fail lock counter is set to three authentication failures by default Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To set the lock count to 5 on interface port1 0 2 use the following commands awplus configure terminal awplus config interfa...

Page 888: ...sed with the RADIUS authentication method Syntax auth web method eap md5 pap no auth web method Default The Web Authentication method is set to PAP by default Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Example To set the Web Authentication method to eap md5 on interface port1 0 2 use the following commands awplus configure terminal awplus config...

Page 889: ...ax auth web server blocking mode no auth web server blocking mode Default By default blocking mode is disabled for the Web Authentication server Mode Global Configuration Example To enable blocking mode for the Web Authentication server use the following commands awplus configure terminal awplus config auth web server blocking mode To disable blocking mode for the Web Authentication server use the...

Page 890: ...s set by default Mode Global Configuration Usage See the Authentication Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhancements working together Examples To assign the IP address 10 0 0 1 to the Web Authentication server use the following commands awplus configure terminal awplus config...

Page 891: ...bal Configuration Usage See the Authentication Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhancements working together Examples To set the DHCP lease time to 1 minute for supplicants using the DHCP service on the Web Authentication server use the following commands awplus configure ter...

Page 892: ...cant is configured to use WPAD the supplicant s web browser will use TCP port 80 as usual Therefore the packet can be intercepted by Web Authentication as normal and the Web Authentication Login page can be sent However after authentication the browser does not know where to get the WPAD file and so cannot access external web pages The WPAD file is usually named proxy pac file and tells the browse...

Page 893: ...nce for IE200 Series Industrial Managed PoE Switches 893 AlliedWare Plus Operating System Version 5 4 5I 0 x AUTHENTICATION COMMANDS AUTH WEB SERVER GATEWAY DELETED auth web server gateway deleted Overview This command has been deleted ...

Page 894: ...on server uses HTTPS protocol the web browser will validate the certificate If the certificate is invalid the web page gives a warning message before displaying server content However the web page will not give warning message if the server has a hostname same as the one stored in the installed certificate Examples To set the auth example com as the hostname of the web authentication server use th...

Page 895: ...r IE200 Series Industrial Managed PoE Switches 895 AlliedWare Plus Operating System Version 5 4 5I 0 x AUTHENTICATION COMMANDS AUTH WEB SERVER HTTP REDIRECT DELETED auth web server http redirect deleted Overview This command has been deleted ...

Page 896: ...tication Login page However if the supplicant is configured to use a web proxy then it will usually be using TCP port 8080 or another user configured port number In this case Web Authentication cannot intercept the connection To overcome this limitation you can now use this command to tell the switch which additional port it should intercept and then send the Web Authentication Login page to the s...

Page 897: ...th web server ipaddress Default The Web Authentication server address on the system is not set by default Mode Global Configuration Examples To set the IP address 10 0 0 1 to the Web Authentication server use the following commands awplus configure terminal awplus config auth web server ipaddress 10 0 0 1 To delete the IP address from the Web Authentication server use the following commands awplus...

Page 898: ...te the set URL Syntax auth web server login url URL no auth web server login url Default The built in login page is set by default Mode Global Configuration Examples To set http example com login html as the login page use the commands awplus configure terminal awplus config auth web server login url http example com login html To unset the login page URL use the commands awplus configure terminal...

Page 899: ...erence for IE200 Series Industrial Managed PoE Switches 899 AlliedWare Plus Operating System Version 5 4 5I 0 x AUTHENTICATION COMMANDS AUTH WEB SERVER MODE DELETED auth web server mode deleted Overview This command has been deleted ...

Page 900: ...e logo auto default hidden no auth web server page logo Default Logo type is auto by default Mode Global Configuration Examples To display the default logo with ignoring installed custom logo use the commands awplus configure terminal awplus config auth web server page logo default To set back to the default logo type auto use the commands awplus configure terminal awplus config no auth web server...

Page 901: ...itle no auth web server page sub title Default Allied Telesis is displayed by default Mode Global Configuration Examples To set the custom sub title use the commands awplus configure terminal awplus config auth web server page sub title text Web Authentication To hide the sub title use the commands awplus configure terminal awplus config auth web server page sub title hidden To change back to the ...

Page 902: ...e success message text success message no auth web server page success message Default No success message is set by default Mode Global Configuration Examples To set the success message on the web authentication page use the commands awplus configure terminal awplus config auth web server page success message text Your success message To unset the success message on the web authentication page use...

Page 903: ... Web Access Authentication Gateway is displayed by default Mode Global Configuration Examples To set the custom title on the web authentication page use the commands awplus configure terminal awplus config auth web server page title text Login To hide the title on the web authentication page use the commands awplus configure terminal awplus config auth web server page title hidden To unset the cus...

Page 904: ... welcome message text welcome message no auth web server page welcome message Default No welcome message is set by default Mode Global Configuration Examples To set the welcome message on the web authentication page use the commands awplus configure terminal awplus config auth web server page welcome message text Your welcome message To remove the welcome message on the web authentication page use...

Page 905: ...t that is authenticated by Web Authentication Syntax auth web server ping poll enable no auth web server ping poll enable Default The ping polling feature for Web Authentication is disabled by default Mode Global Configuration Examples To enable the ping polling feature for Web Authentication use the following commands awplus configure terminal awplus config auth web server ping poll enable To dis...

Page 906: ... this command Use the no variant of this command to resets the fail count for the ping polling feature to the default 5 pings Syntax auth web server ping poll failcount 1 100 no auth web server ping poll failcount Default The default failcount for ping polling is 5 pings Mode Global Configuration Examples To set the failcount of ping polling to 10 pings use the following commands awplus configure ...

Page 907: ...lt period for ping polling 30 seconds Syntax auth web server ping poll interval 1 65535 no auth web server ping poll interval Default The interval for ping polling is 30 seconds by default Mode Global Configuration Examples To set the interval of ping polling to 60 seconds use the following commands awplus configure terminal awplus config auth web server ping poll interval 60 To set the interval o...

Page 908: ...eceived Use the no variant of this command to reset the reauth timer refresh parameter to the default setting disabled Syntax auth web server ping poll reauth timer refresh no auth web server ping poll reauth timer refresh Default The reauth timer refresh parameter is disabled by default Mode Global Configuration Examples To enable the reauth timer refresh timer use the following commands awplus c...

Page 909: ...his command to reset the timeout of ping polling to the default 1 second Syntax auth web server ping poll timeout 1 30 no auth web server ping poll timeout Default The default timeout for ping polling is 1 second Mode Global Configuration Examples To set the timeout of ping polling to 2 seconds use the command awplus configure terminal awplus config auth web server ping poll timeout 2 To set the t...

Page 910: ...Default The Web Authentication server HTTP port number is set to 80 by default Mode Global Configuration Examples To set the HTTP port number 8080 for the Web Authentication server use the following commands awplus configure terminal awplus config auth web server port 8080 To reset to the default HTTP port number 80 for the Web Authentication server use the following commands awplus configure term...

Page 911: ...ct delay time Default The default redirect delay time is 5 seconds Mode Global Configuration Examples To set the delay time to 60 seconds for the Web Authentication server use the following commands awplus configure terminal awplus config auth web server redirect delay time 60 To reset the delay time use the following commands awplus configure terminal awplus config no auth web server redirect del...

Page 912: ...erver redirect url url no auth web server redirect url Default The redirect URL for the Web Authentication server feature is not set by default null Mode Global Configuration Examples To enable and set redirect a URL string www alliedtelesis com for the Web Authentication server use the following commands awplus configure terminal awplus config auth web server redirect url http www alliedtelesis c...

Page 913: ...n keep feature is disabled by default Mode Global Configuration Usage This function doesn t ensure to keep session information in all cases Authenticated supplicant may be redirected to unexpected page when session keep is enabled This issue occurred by supplicant sending HTTP packets automatically after authentication page is displayed and the URL is written Examples To enable the session keep fe...

Page 914: ...ation server Syntax auth web server ssl no auth web server ssl Default HTTPS functionality for the Web Authentication server feature is disabled by default Mode Global Configuration Examples To enable HTTPS functionality for the Web Authentication server feature use the following commands awplus configure terminal awplus config auth web server ssl To disable HTTPS functionality for the Web Authent...

Page 915: ...nce for IE200 Series Industrial Managed PoE Switches 915 AlliedWare Plus Operating System Version 5 4 5I 0 x AUTHENTICATION COMMANDS AUTH WEB SERVER SSLPORT DELETED auth web server sslport deleted Overview This command has been deleted ...

Page 916: ...mbers Use the no variant of this command to delete registered port number Syntax auth web server ssl intercept port 1 65535 no auth web server ssl intercept port 1 65535 Default 443 TCP is registered by default Mode Global Configuration Examples To register HTTPS port number 3128 use the commands awplus configure terminal awplus config auth web server ssl intercept port 3128 To delete HTTPS port n...

Page 917: ...oad the proxy auto configuration PAC file to your switch The Web Authentication supplicant can get the downloaded file from the system web server Syntax copy filename proxy autoconfig file Mode Privileged Exec Example To download the PAC file to this device use the command awplus copy tftp server proxy pac proxy autoconfig file Related Commands show proxy autoconfig file erase proxy autoconfig fil...

Page 918: ...ion The file must be in PEM Privacy Enhanced Mail format and contain the private key and the server certificate Syntax copy filename web auth https file Mode Privileged Exec Example To download the server certificate file veriSign_cert pem from the TFTP server directory server use the command awplus copy tftp server veriSign_cert pem web auth https file Related Commands auth web server ssl erase w...

Page 919: ...MMANDS ERASE PROXY AUTOCONFIG FILE erase proxy autoconfig file Overview Use this command to remove the proxy auto configuration file Syntax erase proxy autoconfig file Mode Privileged Exec Example To remove the proxy auto configuration file use the command awplus erase proxy autoconfig file Related Commands show proxy autoconfig file copy proxy autoconfig file ...

Page 920: ... FILE erase web auth https file Overview Use this command to remove the SSL server certificate for web based authentication Syntax erase web auth https file Mode Privileged Exec Example To remove the SSL server certificate file for web based authentication use the command awplus erase web auth https file Related Commands auth web server ssl copy web auth https file show auth web server ...

Page 921: ... show two step supplicant interface port1 0 6 brief Output Figure 28 1 Example output from the show auth two step supplicant brief command Related Commands auth two step enable Parameter Description interface The interface selected for display ifrange The interface types which can be specified as ifrange Switch port e g port1 0 6 Static channel group e g sa3 Dynamic LACP channel group e g po4 inte...

Page 922: ...yntax show auth mac all Mode Privileged Exec Example To display all MAC based authentication information enter the command awplus show auth mac all Output Figure 28 2 Example output from the show auth mac command Related Commands show dot1x show auth web Parameter Description all Display all authentication information for each interface available on the switch 802 1X Port Based Authentication Disa...

Page 923: ...terface to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of interfaces ports static channel groups or dynamic LACP channel groups separated by a hyphen e g vlan2 8 or port1 0 1 1 0 4 or sa1 2 or po1 2 a comma separated list...

Page 924: ...t state for the specified interface Syntax show auth mac interface interface list diagnostics sessionstatistics statistics supplicant brief Mode Privileged Exec Examples To display MAC based authentication status for port1 0 2 enter the command awplus show auth mac interface port1 0 2 Parameter Description interface list The interfaces or ports to configure An interface list can be an interface e ...

Page 925: ...nterface port1 0 6 supplicant Related Commands show auth web diagnostics show dot1x sessionstatistics show dot1x statistics interface show dot1x supplicant interface Authentication Diagnostics for interface port1 0 2 Supplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWhileConnecting 1 authEnterAuthenticating 2 authSuccessWhileAuthenticating 1 authTimeoutWhileAuthenticating 1 auth...

Page 926: ...interface port1 0 2 Output Figure 28 4 Example output from the show auth mac sessionstatistics command Parameter Description interface Specify an interface to show interface list The interfaces or ports to configure An interface list can be aninterface e g vlan2 a switchport e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of interfaces ports ...

Page 927: ...ged Exec Example To display MAC Authentication statistics for port1 0 2 enter the command awplus show auth mac statistics interface port1 0 2 Parameter Description interface Specify ports to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a con...

Page 928: ... macadd brief Mode Privileged Exec Example To display the MAC authenticated supplicant for MAC address 00d0 59ab 7037 enter the command awplus show auth mac supplicant 00d0 59ab 7037 Parameter Description macadd Mac hardware address of the Supplicant Entry format is HHHH HHHH HHHH hexadecimal brief Brief summary of the Supplicant state Web authentication server Server status enabled Server address...

Page 929: ...ief Mode Privileged Exec Examples To display the MAC authenticated supplicant on the interface port1 0 2 enter the command awplus show auth mac supplicant interface port1 0 2 Parameter Description interface Specify ports to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic...

Page 930: ...annel or static aggregator or a dynamic or LACP channel group or a switch port awplus show auth web all 802 1X Port Based Authentication Enabled MAC based Port Authentication Disabled WEB based Port Authentication Enabled RADIUS server address auth 150 87 17 192 1812 Last radius message id 4 Authentication Info for interface port1 0 1 portEnabled true portControl Auto portStatus Authorized reAuthe...

Page 931: ...nt address 000d 6013 5398 authenticationMethod WEB based Authentication Two Step Authentication firstAuthentication Pass Method dot1x secondAuthentication Pass Method web portStatus Authorized currentId 3 abort F fail F start F timeout F success T PAE state Authenticated portMode Auto PAE reAuthCount 0 rxRespId 0 PAE quietPeriod 60 maxReauthReq 2 BE state Idle reqCount 0 idFromServer 2 CD adminCon...

Page 932: ...s to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of interfaces ports static channel groups or dynamic LACP channel groups separated by a hyphen e g vlan2 8 orport1 0 1 1 0 4 orsa1 2 or po1 2 a comma separated list of the ...

Page 933: ...REV A Command Reference for IE200 Series Industrial Managed PoE Switches 933 AlliedWare Plus Operating System Version 5 4 5I 0 x AUTHENTICATION COMMANDS SHOW AUTH WEB DIAGNOSTICS Related Commands show dot1x interface ...

Page 934: ...e Syntax show auth web interface interface list diagnostics sessionstatistics statistics supplicant brief Mode Privileged Exec Example To display the Web based authentication status for port1 0 6 enter the command awplus show auth web interface port1 0 6 If web based authentication is not configured the output will be Parameter Description interface list The interfaces or ports to configure An int...

Page 935: ...30 CD adminControlledDirections in KT keyTxEnabled false critical disabled guestVlan disabled authFailVlan disabled dynamicVlanCreation disabled hostMode single host dot1x enabled protocolVersion 1 authMac disabled authWeb enabled method PAP maxAuthFail 3 packetForwarding 10 0 0 1 80 tcp dns dhcp twoStepAuthentication configured enabled actual enabled supplicantMac none Authentication Diagnostics ...

Page 936: ... statistics for port1 0 6 enter the command awplus show auth web statistics interface port1 0 6 To display the Web Authenticated supplicant on interface port1 0 6 enter the command awplus show auth web interface port1 0 6 supplicant Related Commands show auth web diagnostics show dot1x sessionstatistics show dot1x statistics interface show dot1x supplicant interface Authentication session statisti...

Page 937: ...rt1 0 6 Output Figure 28 7 Example output from the show auth web sessionstatistics command Parameter Description interface Specify ports to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of interfaces ports static channel gr...

Page 938: ...ed Exec Example To display Web Authentication statistics for port1 0 4 enter the command awplus show dot1x statistics interface port1 0 4 Related Commands show dot1x interface Parameter Description interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a c...

Page 939: ...state when Web Authentication is configured for the switch This command shows a summary when the optional brief parameter is used Syntax show auth web supplicant macadd brief Mode Privileged Exec Examples To display Web authenticated supplicant information on the switch enter the command awplus show auth web supplicant Parameter Description macadd Mac hardware address of the supplicant Entry forma...

Page 940: ...e Web authenticated supplicant on the interface port1 0 3 enter the command awplus show auth web supplicant interface port1 0 3 To display brief summary output for the Web authenticated supplicant enter the command awplus show auth web supplicant brief Parameter Description interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0...

Page 941: ...uth web server command Related Commands auth web server gateway deleted auth web server http redirect deleted auth web server ipaddress auth web server port auth web server redirect delay time auth web server redirect url auth web server session keep auth web server ssl auth web server sslport deleted Web authentication server Server status enabled Server mode none Server address 192 168 1 1 24 DH...

Page 942: ...mples To show the web authentication page information use the command awplus show auth web server page Related Commands auth web forward auth web server page logo auth web server page sub title auth web server page success message auth web server page title auth web server page welcome message Table 28 1 Example output from the show auth web server page command on the console awplus show auth web ...

Page 943: ...uration PAC file Syntax show proxy autoconfig file Mode Privileged Exec Example To display the contents of the proxy auto configuration PAC file enter the command awplus show auth proxy autoconfig file Output Figure 28 9 Example output from the show proxy autoconfig file Related Commands copy proxy autoconfig file erase proxy autoconfig file function FindProxyForURL url host if isPlainHostName hos...

Page 944: ... aaa accounting commands on page 950 aaa accounting dot1x on page 952 aaa accounting login on page 954 aaa accounting update on page 957 aaa authentication auth mac on page 959 aaa authentication auth web on page 960 aaa authentication dot1x on page 961 aaa authentication enable default group tacacs on page 962 aaa authentication enable default local on page 964 aaa authentication login on page 96...

Page 945: ...and Reference for IE200 Series Industrial Managed PoE Switches 945 AlliedWare Plus Operating System Version 5 4 5I 0 x AAA COMMANDS show aaa local user locked on page 975 show debugging aaa on page 976 undebug aaa on page 977 ...

Page 946: ... auth mac default Default RADIUS accounting for MAC based Authentication is disabled by default Mode Global Configuration Usage There are two ways to define servers where RADIUS accounting messages are sent group radius use all RADIUS servers configured by radius server host command group group name use the specified RADIUS server group configured with the aaa group server command The accounting e...

Page 947: ...o enable RADIUS accounting for MAC based Authentication and use all available RADIUS Servers use the commands awplus configure terminal awplus config aaa accounting auth mac default start stop group radius To disable RADIUS accounting for MAC based Authentication use the commands awplus configure terminal awplus config no aaa accounting auth mac default Related Commands aaa authentication auth mac...

Page 948: ...ed Port Authentication is disabled by default Mode Global Configuration Usage There are two ways to define servers where RADIUS accounting messages are sent group radius use all RADIUS servers configured by radius server host command group group name use the specified RADIUS server group configured with the aaa group server command Configure the accounting event to be sent to the RADIUS server wit...

Page 949: ... AlliedWare Plus Operating System Version 5 4 5I 0 x AAA COMMANDS AAA ACCOUNTING AUTH WEB DEFAULT To disable RADIUS accounting for Web based Authentication use the commands awplus configure terminal awplus config no aaa accounting auth web default Related Commands aaa authentication auth web ...

Page 950: ...ed executing Note that up to four TACACS servers can be configured for accounting The servers are checked for reachability in the order they are configured and only the first reachable server is used If no server is found the accounting message is dropped Use the no variant of this command to disable command accounting Syntax aaa accounting commands 1 15 default stop only group tacacs no aaa accou...

Page 951: ...for privilege level 15 commands use the following commands awplus configure terminal awplus config aaa accounting commands 15 default stop only group tacacs To disable command accounting for privilege level 15 commands use the following commands awplus configure terminal awplus config no aaa accounting commands 15 default Related Commands aaa authentication login aaa accounting login accounting lo...

Page 952: ...e radius no aaa accounting dot1x default Default RADIUS accounting for 802 1X based Port Authentication is disabled by default there is no default server set by default Mode Global Configuration Usage There are two ways to define servers where RADIUS accounting messages will be sent group radius use all RADIUS servers configured by radius server host command group group name use the specified RADI...

Page 953: ... Authentication and use all available RADIUS Servers use the commands awplus configure terminal awplus config aaa accounting dot1x default start stop group radius To disable RADIUS accounting for 802 1X based Authentication use the commands awplus configure terminal awplus config no aaa accounting dot1x default Related Commands aaa accounting update aaa authentication dot1x aaa group server dot1x ...

Page 954: ...nfigured by an aaa accounting login command If the method list being deleted isalready applied toa console orvty line accounting onthatlinewill be disabled If the default method list name is removed by this command it will disable accounting on every line that has the default accounting configuration Syntax aaa accounting login default list name start stop stop only none group radius tacacs group ...

Page 955: ...RADIUS server group configured with the aaa group server command There is one way to define servers where TACACS accounting messages are sent group tacacs use all TACACS servers configured by tacacs server host command The accounting event to send to the RADIUS or TACACS server is configured with the following options start stop sends a start accounting message at the beginning of a session and a ...

Page 956: ...s C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x AAA COMMANDS AAA ACCOUNTING LOGIN Related Commands aaa accounting commands aaa authentication login aaa accounting login aaa accounting update accounting login radius server host tacacs server host ...

Page 957: ...bled by default Mode Global Configuration Usage Use this command to enable the device to send periodic AAA login accounting reports to the accounting server When periodic accounting report is enabled interim accounting records are sent according to the interval specified by the periodic parameter The accounting updates are start messages If the no variant of this command is used to disable periodi...

Page 958: ...4 5I 0 x AAA COMMANDS AAA ACCOUNTING UPDATE To disable periodic accounting update wherever accounting has been configured use the following commands awplus configure terminal awplus config no aaa accounting update Related Commands aaa accounting auth mac default aaa accounting auth web default aaa accounting dot1x aaa accounting login ...

Page 959: ...ys to define servers where RADIUS accounting messages are sent group radius use all RADIUS servers configured by radius server host command group group name use the specified RADIUS server group configured with the aaa group server command All configured RADIUS Servers are automatically members of the server group radius If a server is added to a named group group name it also remains a member of ...

Page 960: ...ault Mode Global Configuration Usage There are two ways to define servers where RADIUS accounting messages are sent group radius use all RADIUS servers configured by radius server host command group group name use the specified RADIUS server group configured with the aaa group server command Note that you need to configure an IPv4 address for the VLAN interface on which We Authentication is runnin...

Page 961: ... 802 1X enabled Use the no variant of this command to reset the authentication method list for 802 1X to its default i e to use the group radius containing all RADIUS servers configured by the radius server host command There are two ways to define servers where RADIUS accounting messages are sent group radius use all RADIUS servers configured by radius server host command group group name use the...

Page 962: ...ect and the specified privilege level is equal to or less than the users maximum privilege level then they are granted access to that level If the user attempts to access a privilege level that is higher than their maximum configured privilege level then the authentication session will fail and they will remain at their current privilege level NOTE If both local and none are specified you must alw...

Page 963: ...enable via the CLI Examples To enable a privilege level authentication method that will not allow the user to access Privileged Exec mode if the TACACS server goes offline or is not reachable during enable password authentication use the following commands awplus configure terminal awplus config aaa authentication enable default group tacacs To enable a privilege level authentication method that w...

Page 964: ...Global Configuration Usage The privilege level configured for a particular user in the local user database is the privilege threshold above which the user is prompted for an enable Privileged Exec mode command Examples To enable local privilege level authentication command use the following commands awplus configure terminal awplus config aaa authentication enable default local To disable privileg...

Page 965: ...es not remove the default method list This will return the default method list to its default state local is the default Syntax aaa authentication login default list name local group radius tacacs group name no aaa authentication login default list name Default If the default server is not configured using this command user login authentication uses the local user database only If the default meth...

Page 966: ...ation method list for user login to first use all available RADIUS servers for user login authentication and then use the local user database use the following commands awplus configure terminal awplus config aaa authentication login default group radius local To configure a user login authentication method list called USERS to first use the RADIUS servergroup RAD_GROUP1 foruserloginauthentication...

Page 967: ...oup name Mode Global Configuration Usage Use this command to create an AAA group of RADIUS servers and to enter Server Group Configurationmode inwhich you canadd servers to thegroup Use a server groupto specify a subset of RADIUS servers in AAA commands Each RADIUS server must be configured by the radius server host command To add RADIUS servers to a server group use the server command Examples To...

Page 968: ...stem Version 5 4 5I 0 x AAA COMMANDS AAA GROUP SERVER Related Commands aaa accounting auth mac default aaa accounting auth web default aaa accounting dot1x aaa accounting login aaa authentication auth mac aaa authentication auth web aaa authentication dot1x aaa authentication login radius server host server Server Group ...

Page 969: ... Mode Global Configuration Default The default for the lockout time is 300 seconds 5 minutes Usage While locked out all attempts to login with the locked account will fail The lockout can be manually cleared by another privileged account using the clear aaa local user lockout command Examples To configure the lockout period to 10 minutes 600 seconds use the commands awplus configure terminal awplu...

Page 970: ...ge When the failed login counter reaches the limit configured by this command that user account is locked out for a specified duration configured by the aaa local authentication attempts lockout time command When a successful login occurs the failed login counter is reset to 0 When a user account is locked out all attempts to login using that user account will fail Examples To configure the number...

Page 971: ...ommand resets AAA Authentication Authorization Accounting Accounting applied to console or vty lines for local or remote login default login accounting is applied after issuing the no accounting login command Accounting is disabled with default Syntax accounting login default list name no accounting login Default By default login accounting is disabled in the default accounting server No accountin...

Page 972: ...ccounts Syntax clear aaa local user lockout username username all Mode Privileged Exec Examples To unlock the user account bob use the following command awplus clear aaa local user lockout username bob To unlock all user accounts use the following command awplus clear aaa local user lockout all Related Commands aaa local authentication attempts lockout time Parameter Description username Clear loc...

Page 973: ...ion no debug aaa accounting all authentication authorization Default AAA debugging is disabled by default Mode Privileged Exec Examples To enable authentication debugging for AAA use the command awplus debug aaa authentication To disable authentication debugging for AAA use the command awplus no debug aaa authentication Related Commands show debugging aaa undebug aaa Parameter Description accounti...

Page 974: ... for login authentication on these console or VTY lines Command Syntax login authentication default list name no login authentication Default The default login authentication method list as specified by the aaa authentication login command is used to authenticate user login If this has not been specified the default is to use the local user database Mode Line Configuration Examples To reset user a...

Page 975: ...t command or a locked account successfully logs into the system after waiting for the lockout time this command will display nothing for that particular account Syntax show aaa local user locked Mode User Exec and Privileged Exec Example To display the current failed attempts for local users use the command awplus show aaa local user locked Output Figure 29 1 Example output from the show aaa local...

Page 976: ...ew This command displays the current debugging status for AAA Authentication Authorization Accounting Syntax show debugging aaa Mode User Exec and Privileged Exec Example To display the current debugging status of AAA use the command awplus show debug aaa Output Figure 29 2 Example output from the show debug aaa command AAA debugging status Authentication debugging is on Accounting debugging is of...

Page 977: ... Reference for IE200 Series Industrial Managed PoE Switches 977 AlliedWare Plus Operating System Version 5 4 5I 0 x AAA COMMANDS UNDEBUG AAA undebug aaa Overview This command applies the functionality of the no debug aaa command ...

Page 978: ...e device to use RADIUS servers Command List deadtime RADIUS server group on page 979 debug radius on page 980 ip radius source interface on page 981 radius server deadtime on page 982 radius server host on page 983 radius server key on page 986 radius server retransmit on page 987 radius server timeout on page 989 server Server Group on page 991 show debugging radius on page 993 show radius on pag...

Page 979: ...eadtime for the RADIUS server is set to 0 minutes by default Syntax deadtime 0 1440 no deadtime Default The deadtime is set to 0 minutes by default Mode Server Group Configuration Usage If the RADIUS server does not respond to a request packet the packet is retransmitted the number of times configured for the retransmit parameter after waiting for a timeout period to expire The server is then mark...

Page 980: ...ius packet event all Default RADIUS debugging is disabled by default Mode Privileged Exec Examples To enable debugging for RADIUS packets use the command awplus debug radius packet To enable debugging for RADIUS events use the command awplus debug radius event To disable debugging for RADIUS packets use the command awplus no debug radius packet To disable debugging for RADIUS events use the comman...

Page 981: ...x ip radius source interface interface ip address no ip radius source interface Default Source IP address of outgoing RADIUS packets depends on the interface the packets leave Mode Global Configuration Examples To configure all outgoing RADIUS packets to use the IP address of the interface vlan1 for the source IP address use the following commands awplus configure terminal awplus config ip radius ...

Page 982: ...he default RADIUS deadtime configured on the system is 0 seconds Mode Global Configuration Usage The RADIUS client considers a RADIUS server to be dead if it fails to respond to a request after it has been retransmitted as often as specified globally by the radius server retransmit command or for the server by the radius server host command To improve RADIUS response times when some servers may be...

Page 983: ...dress acct port 0 65535 auth port 0 65535 key key string retransmit 0 100 timeout 1 1000 no radius server host host name ip address acct port 0 65535 auth port 0 65535 Parameter Description host name Server host name The DNS name of the RADIUS server host ip address The IP address of the RADIUS server host acct port Accounting port Specifies the UDP destination port for RADIUS accounting requests ...

Page 984: ...conds by default The time interval in seconds to wait for the RADIUS server to reply before retransmitting a request or considering the server dead This setting overrides the global value set by the radius server timeout command If no timeout value is specified for this server the global value is used retransmit Specifies the number of retries before skip to the next server If this parameter is no...

Page 985: ...e the RADIUS server 10 0 0 20 use the following commands awplus configure terminal awplus config no radius server host 10 0 0 20 To configure rad1 company com for authentication only use the following commands awplus configure terminal awplus config radius server host rad1 company com acct port 0 To remove the RADIUS server rad1 company com configured for authentication only use the following comm...

Page 986: ...the global secret key shared between this client and its RADIUS servers If no secret key is specified for a particular RADIUS server using the radius server host c ommand this global key is used After enabling AAA authentication with the aaa authentication login command set the authentication and encryption key using the radius server key command so the key entered matches the key used on the RADI...

Page 987: ... Default The default RADIUS retransmit count on the device is 3 Mode Global Configuration Examples To set the RADIUS retransmit count to 1 use the following commands awplus configure terminal awplus config radius server retransmit 1 To set the RADIUS retransmit count to the default 3 use the following commands awplus configure terminal awplus config no radius server retransmit To configure the RAD...

Page 988: ...Series Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x RADIUS COMMANDS RADIUS SERVER RETRANSMIT Related Commands radius server deadtime radius server host show radius statistics ...

Page 989: ...ut on the system is 5 seconds Mode Global Configuration Examples To globally set the device to wait 20 seconds before retransmitting a RADIUS request to unresponsive RADIUS servers use the following commands awplus configure terminal awplus config radius server timeout 20 To set the RADIUS timeout parameter to 1 second use the following commands awplus configure terminal awplus config radius serve...

Page 990: ... Version 5 4 5I 0 x RADIUS COMMANDS RADIUS SERVER TIMEOUT To reset the global timeout period for RADIUS servers to the default use the following command awplus configure terminal awplus config no radius server timeout Related Commands radius server deadtime radius server host radius server retransmit show radius statistics ...

Page 991: ...he UDP destination port for accounting requests to the server To disable accounting for the server set acct port to 0 If the accounting port is missing the default port number is 1812 Use the no variant of this command to remove a RADIUS server from the server group Syntax server hostname ip address auth port 0 65535 acct port 0 65535 no server hostname ip address auth port 0 65535 acct port 0 655...

Page 992: ...gure terminal awplus config aaa group server radius RAD_AUTH1 awplus config sg server 192 168 1 1 acct port 0 awplus config sg server 192 168 2 1 auth port 1000 acct port 0 To create a RADIUS server group RAD_ACCT1 for accounting use the following commands awplus configure terminal awplus config aaa group server radius RAD_ACCT1 awplus config sg server 192 168 2 1 auth port 0 acct port 1001 awplus...

Page 993: ...iew This command displays the current debugging status for the RADIUS servers Syntax show debugging radius Mode User Exec and Privileged Exec Example To display the current debugging status of RADIUS servers use the command awplus show debugging radius Output Figure 30 1 Example output from the show debugging radius command RADIUS debugging status RADIUS event debugging is off RADIUS packet debugg...

Page 994: ...ple output from the show radius command showing RADIUS servers Example See the sample output below showing RADIUS client status and RADIUS configuration awplus show radius RADIUS Global Configuration Source Interface not configured Secret Key secret Timeout 5 sec Retransmit Count 3 Deadtime 20 min Server Host 192 168 1 10 Authentication Port 1812 Accounting Port 1813 Secret Key secret Timeout 3 se...

Page 995: ... time interval in minutes to mark a RADIUS server as dead Interim Update A time interval in minutes to send Interim Update Accounting report Group Deadtime The deadtime configured for RADIUS servers within a server group Server Host The RADIUS server hostname or IP address Authentication Port The destination UDP port for RADIUS authentication requests Accounting Port The destination UDP port for R...

Page 996: ...User Exec and Privileged Exec Example See the sample output below showing RADIUS client statistics and RADIUS configuration awplus show radius statistics Output Figure 30 4 Example output from the show radius statistics command RADIUS statistics for Server 150 87 18 89 Access Request Tx 5 Retransmit 0 Access Accept Rx 1 Access Reject Rx 2 Access Challenge Rx 2 Unknown Type 0 Bad Authenticator 0 Ma...

Page 997: ...ence for IE200 Series Industrial Managed PoE Switches 997 AlliedWare Plus Operating System Version 5 4 5I 0 x RADIUS COMMANDS UNDEBUG RADIUS undebug radius Overview This command applies the functionality of the no debug radius command ...

Page 998: ...ds Introduction Overview This chapter provides an alphabetical reference for commands used to configure the device to use TACACS servers For more information about TACACS see the TACACS Feature Overview and Configuration Guide Command List show tacacs on page 999 tacacs server host on page 1000 tacacs server key on page 1002 tacacs server timeout on page 1003 ...

Page 999: ... show tacacs command TACACS Global Configuration Timeout 5 sec Server Host Server IP Address Status 192 168 1 10 Alive 192 168 1 11 Unknown Table 31 1 Parameters in the output of the show tacacs command Output Parameter Meaning Timeout A time interval in seconds Server Host IP Address TACACS server hostname or IP address Server Status The status of the authentication port Alive The server is alive...

Page 1000: ...The first server configured is regarded as the primary server and if the primary server fails then the backup servers are consulted in turn A backup server is consulted if the primary server fails not if a login authentication attempt is rejected The reasons a server would fail are it is not network reachable it is not currently TACACS capable Parameter Description host name Server host name The D...

Page 1001: ...r host use the following commands awplus configure terminal awplus config tacacs server host tac1 company com To set the secret key to secret on the TACACS server 192 168 1 1 use the following commands awplus configure terminal awplus config tacacs server host 192 168 1 1 key secret To remove the TACACS server tac1 company com use the following commands awplus configure terminal awplus config no t...

Page 1002: ...shared between this client and its TACACS servers If no secret key is specified for a particular TACACS server using the tacacs server host command this global key is used Examples To set the global secret key to secret for TACACS server use the following commands awplus configure terminal awplus config tacacs server key secret To delete the global secret key for TACACS server use the following co...

Page 1003: ...servers globally The no variant of this command resets the transmit timeout to the default 5 seconds Syntax tacacs server timeout seconds no tacacs server timeout Default The default timeout value is 5 seconds Mode Global Configuration Examples To set the timeout value to 3 seconds use the following commands awplus configure terminal awplus config tacacs server timeout 3 To reset the timeout perio...

Page 1004: ...rypto key destroy hostkey on page 1008 crypto key destroy userkey on page 1009 crypto key generate hostkey on page 1010 crypto key generate userkey on page 1011 crypto key pubkey chain knownhosts on page 1012 crypto key pubkey chain userkey on page 1014 debug ssh client on page 1016 debug ssh server on page 1017 service ssh on page 1018 show banner login on page 1020 show crypto key hostkey on pag...

Page 1005: ...sh server allow users on page 1032 show ssh server deny users on page 1033 ssh on page 1034 ssh client on page 1036 ssh server on page 1038 ssh server allow users on page 1040 ssh server authentication on page 1042 ssh server deny users on page 1044 ssh server resolve host on page 1046 ssh server scp on page 1047 ssh server sftp on page 1048 undebug ssh client on page 1049 undebug ssh server on pa...

Page 1006: ...e Ctrl D at the end of your message to save the text and re enter the normal command line mode The banner message is preserved if the device restarts The no variant of this command deletes the login banner from the device Syntax banner login no banner login Default No banner is defined by default Mode Global Configuration Examples To set a login banner message use the commands awplus configure ter...

Page 1007: ...closed You can only delete an SSH session if you are a system manager or the user who initiated the session If all is specified then all active SSH sessions are deleted Syntax clear ssh 1 65535 all Mode Privileged Exec Examples To stop the current SSH session 123 use the command awplus clear ssh 123 To stop all SSH sessions active on the device use the command awplus clear ssh all Related Commands...

Page 1008: ...igured before an SSH server is started Syntax crypto key destroy hostkey dsa rsa rsa1 Mode Global Configuration Example To destroy the RSA host key used for SSH version 2 connections use the commands awplus configure terminal awplus config crypto key destroy hostkey rsa Related Commands crypto key generate hostkey service ssh Parameters Description dsa Deletes the existing DSA public and private k...

Page 1009: ...To destroy the RSA user key for the SSH user remoteuser use the commands awplus configure terminal awplus config crypto key destroy userkey remoteuser rsa Related Commands crypto key generate hostkey show ssh show crypto key hostkey Parameters Description username Name of the user whose userkey you are destroying The username must begin with a letter Valid characters are all numbers letters and th...

Page 1010: ... command in the non volatile memory Syntax crypto key generate hostkey dsa rsa rsa1 768 32768 Default 1024 bits is the default key length The DSA algorithm supports 1024 bits Mode Global Configuration Examples To generate an RSA host key for SSH version 2 connections that is 2048 bits in length use the commands awplus configure terminal awplus config crypto key generate hostkey rsa 2048 To generat...

Page 1011: ...ts RSA user key for SSH version 2 connections for the user bob use the commands awplus configure terminal awplus config crypto key generate userkey bob rsa 2048 To generate a DSA user key for the user lapo use the commands awplus configure terminal awplus config crypto key generate userkey lapo dsa Related Commands crypto key pubkey chain userkey show crypto key userkey Parameters Description user...

Page 1012: ...o cryptography algorithm is specified then rsa is used as the default cryptography algorithm Mode Privilege Exec Usage This command adds a public key of the specified SSH server to the known host database on the device The key is retrieved from the server The remote SSH server is verified by using this public key The user is requested to check the key is correct before adding it to the database If...

Page 1013: ...EY PUBKEY CHAIN KNOWNHOSTS Examples To add the RSA host key of the remote SSH host IPv4 address 192 0 2 11 to the known host database use the command awplus crypto key pubkey chain knownhosts 192 0 2 11 To delete the second entry in the known host database use the command awplus no crypto key pubkey chain knownhosts 2 Validation Commands show crypto key pubkey chain knownhosts ...

Page 1014: ...ername and hit Enter Enter the key as text Note that the key you enter as text must be a valid SSH RSA key not random ASCII text Use Ctrl D after entering it to save the text and re enter the normal command line mode Note you can generate a valid SSH RSA key on the device first using the crypto key generatehostrsacommand Viewthe SSHRSAkey generatedonthedeviceusing the show crypto hostkey rsa comma...

Page 1015: ...29EpKBmGqlkQaz5V0mU9IQe66 5YyD4Ux OKSDtTI 7jtjDcoGWHb2u4sFwRpXwJZcgYrXW16 6NvNbk h c pqGDijj4Svf ZZfeITzvvyZW4 I4pbN8 control D awplus config To add a public key for the user graydon from the file key pub use the commands awplus configure terminal awplus config crypto key pubkey chain userkey graydon key pub To add a public key for the user tamara from the terminal use the commands awplus configur...

Page 1016: ...acility This stops the SSH client from generating diagnostic debugging message Syntax debug ssh client brief full no debug ssh client Default SSH client debugging is disabled by default Mode Privileged Exec and Global Configuration Examples To start SSH client debugging use the command awplus debug ssh client To start SSH client debugging with extended output use the command awplus debug ssh clien...

Page 1017: ...es the SSH server debugging facility This stops the SSH server from generating diagnostic debugging messages Syntax debug ssh server brief full no debug ssh server Default SSH server debugging is disabled by default Mode Privileged Exec and Global Configuration Examples To start SSH server debugging use the command awplus debug ssh server To start SSH server debugging with extended output use the ...

Page 1018: ...nd Syntax service ssh ip ipv6 no service ssh ip ipv6 Default The Secure Shell server is disabled by default Both IPv4 and IPv6 Secure Shell server are enabled when you issue service ssh without specifying the optional ip or ipv6 parameters Mode Global Configuration Examples To enable both the IPv4 and the IPv6 Secure Shell server use the commands awplus configure terminal awplus config service ssh...

Page 1019: ...Industrial Managed PoE Switches 1019 AlliedWare Plus Operating System Version 5 4 5I 0 x SECURE SHELL SSH COMMANDS SERVICE SSH Related Commands crypto key generate hostkey show running config ssh show ssh server ssh server allow users ssh server deny users ...

Page 1020: ... Overview This command displays the banner message configured on the device The banner message is displayed to the remote user before user authentication starts Syntax show banner login Mode User Exec Privileged Exec Global Configuration Interface Configuration Line Configuration Example To display the current login banner message use the command awplus show banner login Related Commands banner lo...

Page 1021: ...ow crypto key hostkey To display the RSA public key of the SSH server use the command awplus show crypto key hostkey rsa Output Figure 32 1 Example output from the show crypto key hostkey command Related Commands crypto key destroy hostkey crypto key generate hostkey Parameter Description dsa Displays the DSA algorithm public key rsa Displays the RSA algorithm public key for SSH version 2 connecti...

Page 1022: ...nown host data use the command awplus show crypto key pubkey chain knownhosts 1 Output Figure 32 2 Example output from theshow crypto key public chain knownhosts command Related Commands crypto key pubkey chain knownhosts Parameter Description 1 65535 Key identifier for a specific key Displays the public key of the entry if specified No Hostname Type Fingerprint 1 172 16 23 1 rsa c8 33 b1 fe 6f d3...

Page 1023: ...user manager that are registered with the SSH server use the command awplus show crypto key pubkey chain userkey manager Output Figure 32 3 Example output from the show crypto key public chain userkey command Related Commands crypto key pubkey chain userkey Parameter Description username User name of the remote SSH user whose keys you wish to display The username must begin with a letter Valid cha...

Page 1024: ... rsa manager rsa pub Output Figure 32 4 Example output from the show crypto key userkey command Related Commands crypto key generate userkey Parameter Description username User name of the local SSH user whose keys you wish to display The username must begin with a letter Valid characters are all numbers letters and the underscore hyphen and full stop symbols dsa Displays the DSA public key rsa Di...

Page 1025: ... users manager 192 168 1 ssh server allow users john ssh server deny user john a company com ssh server Table 32 5 Parameters in the output of the show running config ssh command Parameter Description ssh server SSH server is enabled ssh server v2 SSH server is enabled and only support SSHv2 ssh server port SSH server is enabled and listening on the specified TCP port no ssh server scp SCP service...

Page 1026: ...5 4 5I 0 x SECURE SHELL SSH COMMANDS SHOW RUNNING CONFIG SSH Related Commands service ssh show ssh server ssh server allow users Add the user and hostname to the allow list ssh server deny users Add the user and hostname to the deny list Table 32 5 Parameters in the output of the show running config ssh command Parameter Description ...

Page 1027: ...from the show ssh command Secure Shell Sessions ID Type Mode Peer Host Username State Filename 414 ssh server 172 16 23 1 root open 456 ssh client 172 16 23 10 manager user auth 459 scp client 172 16 23 12 root download 550dev_ awd 463 ssh client 5ffe 33fe 5632 ffbb bc35 ddee 0101 ac51 manager user auth Table 32 6 Parameters in the output of the show ssh command Parameter Description ID Unique ide...

Page 1028: ...ccepted The device has accepted a new session host auth host to host authentication is in progress user auth User authentication is in progress authenticated User authentication is complete open The session is in progress download The user is downloading a file from the device upload The user is uploading a file from the device closing The user is terminating the session closed The session is clos...

Page 1029: ...lus show ssh client Output Figure 32 7 Example output from the show ssh client command Related Commands show ssh server Secure Shell Client Configuration Port 22 Version 2 1 Connect Timeout 30 seconds Session Timeout 0 off Debug NONE Table 32 7 Parameters in the output of the show ssh client command Parameter Description Port SSH server TCP port where the SSH client connects to The default is port...

Page 1030: ...Enabled Port 22 Version 2 Services scp sftp User Authentication publickey password Idle Timeout 60 seconds Maximum Startups 10 Debug NONE Table 32 8 Parameters in the output of the show ssh server command Parameter Description SSH Server Whether the Secure Shell server is enabled or disabled Port TCP port where the Secure Shell server listens for connections The default is port 22 Version SSH serv...

Page 1031: ...0 x SECURE SHELL SSH COMMANDS SHOW SSH SERVER Related Commands show ssh show ssh client Maximum Startups The maximum number of concurrent connections that are waiting authentication The default is 10 Debug Whether debugging is active on the server Table 32 8 Parameters in the output of the show ssh server command cont Parameter Description ...

Page 1032: ... of the SSH server use the command awplus show ssh server allow users Output Figure 32 9 Example output from the show ssh server allow users command Related Commands ssh server allow users ssh server deny users Username Remote Hostname pattern awplus 192 168 john manager alliedtelesis com Table 32 9 Parameters in the output of the show ssh server allow users command Parameter Description Username ...

Page 1033: ...leged Exec and Global Configuration Example To display the user entries in the deny list of the SSH server use the command awplus show ssh server deny users Output Figure 32 10 Example output from the show ssh server deny users command Related Commands ssh server allow users ssh server deny users Username Remote Hostname pattern john b company com manager 192 168 2 Table 32 10 Parameters in the ou...

Page 1034: ... login to the remote SSH server when user authentication is required Otherwise the current user name is used username User name to login on the remote server port SSH server port If port is specified the SSH client connects to the remote SSH server with the specified TCP port Other wise the client port configured by ssh client command or the default TCP port 22 is used 1 65535 TCP port version SSH...

Page 1035: ...r at 192 0 2 5 as user manager use the command awplus ssh ip user manager 192 0 2 5 To login to the remote SSH server at 192 0 2 5 that is listening TCP port 2000 use the command awplus ssh port 2000 192 0 2 5 To login to the remote SSH server with example_host using IPv6 session use the command awplus ssh ipv6 example_host To run the cmd command on the remote SSH server at 192 0 2 5 use the comma...

Page 1036: ...out Parameter Description port The default TCP port of the remote SSH server If an SSH client specifies an explicit port of the server it overrides the default TCP port Default 22 1 65535 TCP port number version The SSH version used by the client for SSH sessions The SSH client supports both version 2 and version 1 Default version 2 Note SSH version 2 is the default SSH version SSH client supports...

Page 1037: ...es To configure the default TCP port for SSH clients to 2200 and the session timer to 10 minutes use the command awplus ssh client port 2200 session timeout 600 To configure the connect timeout of SSH client to 10 seconds use the command awplus ssh client connect timeout 10 To restore the connect timeout to its default use the command awplus no ssh client connect timeout Related Commands show ssh ...

Page 1038: ...cription v1v2 Supports both SSHv2 and SSHv1client connections Default v1v2 v2only Supports SSHv2 client connections only 1 65535 The TCP port number that the server listens to for incoming SSH sessions Default 22 session timeout There is a maximum time period that the server waits before deciding that a session is inactive and should be terminated The server considers the session inactive when it ...

Page 1039: ...f SSH client connections waiting authentication from SSH server to 3 use the commands awplus configure terminal awplus config ssh server max startups To set max startups parameters of SSH server to the default configuration use the commands awplus configure terminal awplus config no ssh server max startups To support the Secure Shell server with TCP port 2200 use the commands awplus configure term...

Page 1040: ...exactly with the existing entry Syntax ssh server allow users username pattern hostname pattern no ssh server allow users username pattern hostname pattern Mode Global Configuration Examples To allow the user john to create an SSH session from any host use the commands awplus configure terminal awplus config ssh server allow users john To allow the user john to create an SSH session from a range o...

Page 1041: ...m Version 5 4 5I 0 x SECURE SHELL SSH COMMANDS SSH SERVER ALLOW USERS To delete the existing user entry john 192 168 1 in the allow list use the commands awplus configure terminal awplus config no ssh server allow users john 192 168 1 Related Commands show running config ssh show ssh server allow users ssh server deny users ...

Page 1042: ...ers Syntax ssh server authentication password publickey no ssh server authentication password publickey Default Both RSA public key authentication and password authentication are enabled by default Mode Global Configuration Usage For password authentication to authenticate a user password authentication for a user must be registered in the local user database or on an external RADIUS server before...

Page 1043: ...disable password authentication for users connecting through SSH use the commands awplus configure terminal awplus config no ssh server authentication password To disable publickey authentication for users connecting through SSH use the commands awplus configure terminal awplus config no ssh server authentication publickey Related Commands crypto key pubkey chain userkey service ssh show ssh serve...

Page 1044: ...pattern no ssh server deny users username pattern hostname pattern Mode Global Configuration Examples To deny the user john to access SSH login from any host use the commands awplus configure terminal awplus config ssh server deny users john To deny the user john to access SSH login from a range of IP address from 192 168 2 1 to 192 168 2 255 use the commands awplus configure terminal awplus confi...

Page 1045: ...em Version 5 4 5I 0 x SECURE SHELL SSH COMMANDS SSH SERVER DENY USERS To delete the existing user entry john 192 168 2 in the deny list use the commands awplus configure terminal awplus config no ssh server deny users john 192 168 2 Related Commands show running config ssh show ssh server deny users ssh server allow users ...

Page 1046: ... this feature Syntax ssh server resolve hosts no ssh server resolve hosts Default This feature is disabled by default Mode Global Configuration Usage Your device has a DNS Client that is enabled automatically when you add a DNS server to your device For information about configuring DNS see the Internet Protocol Feature Overview and Configuration Guide Example To resolve a host name using a DNS se...

Page 1047: ...service before the device accepts SCP connections The SCP service is enabled by default as soon as the SSH server is enabled The no variant of this command disables the SCP service on the SSH server Once disabled SCP requests from remote clients are rejected Syntax ssh server scp no ssh server scp Mode Global Configuration Examples To enable the SCP service use the commands awplus configure termin...

Page 1048: ...ts SFTP connections The SFTP service is enabled by default as soon as the SSH server is enabled If the SSH server is disabled SFTP service is unavailable The no variant of this command disables SFTP service on the SSH server Once disabled SFTP requests from remote clients are rejected Syntax ssh server sftp no ssh server sftp Mode Global Configuration Examples To enable the SFTP service use the co...

Page 1049: ...200 Series Industrial Managed PoE Switches 1049 AlliedWare Plus Operating System Version 5 4 5I 0 x SECURE SHELL SSH COMMANDS UNDEBUG SSH CLIENT undebug ssh client Overview This command applies the functionality of the no debug ssh client command ...

Page 1050: ...strial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x SECURE SHELL SSH COMMANDS UNDEBUG SSH SERVER undebug ssh server Overview This command applies the functionality of the no debug ssh server command ...

Page 1051: ...2 as well as on switch ports e g port1 0 2 Command List arp security on page 1053 arp security violation on page 1054 clear arp security statistics on page 1056 clear ip dhcp snooping binding on page 1057 clear ip dhcp snooping statistics on page 1058 debug arp security on page 1059 debug ip dhcp snooping on page 1060 ip dhcp snooping on page 1061 ip dhcp snooping agent option on page 1062 ip dhcp...

Page 1052: ...binding on page 1075 service dhcp snooping on page 1077 show arp security on page 1079 show arp security interface on page 1080 show arp security statistics on page 1082 show debugging arp security on page 1085 show debugging ip dhcp snooping on page 1086 show ip dhcp snooping on page 1087 show ip dhcp snooping acl on page 1088 show ip dhcp snooping agent option on page 1091 show ip dhcp snooping ...

Page 1053: ...t of this command to disable ARP security on the VLANs Syntax arp security no arp security Default Disabled Mode Interface Configuration VLANs Usage Enable ARP security to provide protection against ARP spoofing DHCP snooping mustalso be enabled on the switch service dhcp snoopingcommand and on the VLANs ip dhcp snooping command Example To enable ARP security on VLANs 2 to 4 use the commands awplu...

Page 1054: ...rt in a VLAN that has ARP security enabled it drops the packet This command sets the switch to perform additional actions in response to ARP violations If a port has been shut down in response to a violation to bring it back up again after any issues have been resolved use the shutdown command Example To send SNMP notifications for ARP security violations on ports 1 0 1 to 1 0 6 use the commands a...

Page 1055: ... Industrial Managed PoE Switches 1055 AlliedWare Plus Operating System Version 5 4 5I 0 x DHCP SNOOPING COMMANDS ARP SECURITY VIOLATION Related Commands arp security show arp security interface show arp security statistics show log snmp server enable trap ...

Page 1056: ...or all ports Syntax clear arp security statistics interface port list Mode Privileged Exec Example To clear statistics for ARP security on interface port1 0 1 use the command awplus clear arp security statistics interface port1 0 1 Related Commands arp security violation show arp security show arp security statistics Parameter Description port list The ports to clear statistics for If no ports are...

Page 1057: ... list vlan vid list Mode Privileged Exec Usage This command removes dynamic entries from the database Note that dynamic entries can also be deleted by using the novariant of theip dhcp snooping binding command Dynamic entries can individually restored by using the ip dhcp snooping binding command To remove static entries use the no variant of the ip source binding command Example To remove a dynam...

Page 1058: ...yntax clear ip dhcp snooping statistics interface port list Mode Privileged Exec Example To clear statistics for the DHCP snooping on interface port1 0 1 use the command awplus clear ip dhcp snooping statistics interface port1 0 1 Related Commands clear arp security statistics show ip dhcp snooping show ip dhcp snooping statistics Parameter Description port list The ports to clear statistics for I...

Page 1059: ...bug arp security Overview Use this command to enable ARP security debugging Use the no variant of this command to disable debugging for ARP security Syntax debug arp security no debug arp security Default Disabled Mode Privileged Exec Example To enable ARP security debugging use the commands awplus debug arp security Related Commands show debugging arp security show log terminal monitor ...

Page 1060: ...g all acl db packet detail no debug ip dhcp snooping all acl db packet detail Default Disabled Mode Privileged Exec Example To enable access list debugging for DHCP snooping use the commands awplus debug ip dhcp snooping acl Related Commands debug arp security show debugging ip dhcp snooping show log terminal monitor Parameter Description all All DHCP snooping debug acl DHCP snooping access list d...

Page 1061: ...mand have at least one port connected to a DHCP server configured as a trusted port by using the ip dhcp snooping trust command Any ACLs on a port that permit traffic matching DHCP snooping entries and block other traffic will block all traffic if DHCP snooping is disabled on the port If you disable DHCP snooping on particular VLANs using this command you must also remove any DHCP snooping ACLs fr...

Page 1062: ...Syntax ip dhcp snooping agent option no ip dhcp snooping agent option Default DHCP Relay Agent Option 82 insertion is enabled by default when DHCP snooping is enabled Mode Global Configuration Usage DHCP snooping must also be enabled on the switch service dhcp snooping command and on the VLANs ip dhcp snooping command If a subscriber ID is configured for the port ip dhcp snooping subscriber id com...

Page 1063: ...onfiguration Usage If the switch is connected via untrusted ports to edge switches that insert DHCP Relay Agent Option 82 information into DHCP packets you may need to allow these DHCP packets through the untrusted ports by using this command When this is disabled default the switch treats incoming DHCP packets on untrusted ports that contain DHCP Relay Agent Option 82 information as DHCP snooping...

Page 1064: ...Ifindex interface number Mode Interface Configuration for a VLAN interface Usage The Circuit ID sub option is included in the DHCP Relay Agent Option 82 field of forwarded client DHCP packets DHCP snooping Option 82 information insertion is enabled ip dhcp snooping agent option command enabled by default and DHCPsnoopingisenabled onthe switch servicedhcp snooping and onthe VLAN to which the port b...

Page 1065: ...is included in the DHCP Relay Agent Option 82 field of forwarded client DHCP packets DHCP snooping Option 82 information insertion is enabled ip dhcp snooping agent option command enabled by default and DHCPsnoopingisenabled onthe switch servicedhcp snooping and onthe VLAN to which the port belongs ip dhcp snooping Examples To set the Remote ID to myid for client DHCP packets received on vlan1 use...

Page 1066: ...ax ip dhcp snooping binding ipaddr macaddr vlan vid interface port expiry expiry time no ip dhcp snooping binding ipaddr Mode Privileged Exec Usage Note that dynamic entries can also be deleted from the DHCP snooping database by using the clear ip dhcp snooping binding command To add or remove static entries from the database use the ip source binding command Example To restore an entry in the DHC...

Page 1067: ...ault NVS Mode Global Configuration Usage If the location of the backup file is changed by using this command a new file is created in the new location and the old version of the file remains in the old location This can be removed if necessary hidden file dhcp dsn gz Example To set the location of the DHCP snooping database to non volatile storage on the switch use the commands awplus configure te...

Page 1068: ... entries are deleted from the DHCP snooping database when matching DHCP release messages are received Mode Global Configuration Usage DHCP clients send a release message when they no longer wish to use the IP address they have been allocated by a DHCP server Use this command to enable DHCP snooping to use the information in these messages to remove entries from its database immediately Use the no ...

Page 1069: ...is command to set the switch not to delete entries when ports go down Syntax ip dhcp snooping delete by linkdown no ip dhcp snooping delete by linkdown Default Disabled by default DHCP Snooping bindings are not deleted when an interface goes down Mode Global Configuration Examples To set the switch to delete DHCP snooping lease entries from the DHCP snooping database when links go down use the com...

Page 1070: ... use the show ip dhcp snooping acl command In general the default 1 will work well on an edge port with a single directly connected DHCP client If the port is on an aggregation switch that is connected to an edge switch with multiple DHCP clients connected through it then use this command to increase the number of lease entries for the port If there are multiple VLANs configured on the port the li...

Page 1071: ...command and DHCP snooping Option 82 information insertion is enabled ip dhcp snooping agent option command enabled by default and DHCPsnoopingisenabled onthe switch servicedhcp snooping and onthe VLAN to which the port belongs ip dhcp snooping Examples To set the Subscriber ID for port 1 0 3 to room_534 use the commands awplus configure terminal awplus config interface port1 0 3 awplus config if i...

Page 1072: ...ng trust no ip dhcp snooping trust Default All ports are untrusted by default Mode Interface Configuration port Usage Typically ports connecting the switch to trusted elements in the network towards the core are set as trusted ports while ports connecting untrusted network elements are set as untrusted Configure ports connected to DHCP servers as trusted ports Example To set switch ports 1 0 1 and...

Page 1073: ...ac address Default Enabled source MAC addresses are verified by default Mode Global Configuration Usage When MAC address verification is enabled the switch treats DHCP packets with source MAC address and client hardware address that do not match as DHCP snooping violations it drops them and applies any other violation action specified by the ip dhcp snooping violation command To bring the port bac...

Page 1074: ... use the shutdown command IP packets dropped by DHCP snooping filters do not resultin other DHCP snooping violation actions Example To set the switch to send an SNMP notification and set the link status to link down if it detects a DHCP snooping violation on switch ports 1 0 1 to 1 0 4 use the commands awplus configure terminal awplus config snmp server enable trap dhcpsnooping awplus config inter...

Page 1075: ...binding command Examples To add a static entry to the DHCP snooping database for a client with the IP address 192 168 1 2 MAC address 0001 0002 0003 on port1 0 6 of vlan6 use the command awplus configure terminal awplus config ip source binding 192 168 1 2 0001 0002 0003 vlan 6 interface port1 0 6 To remove the static entry for IP address 192 168 1 2 from the database use the commands awplus confi...

Page 1076: ...aged PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x DHCP SNOOPING COMMANDS IP SOURCE BINDING Related Commands clear ip dhcp snooping binding ip dhcp snooping binding show ip dhcp snooping binding show ip source binding ...

Page 1077: ...his command be enabled on the particular VLAN by using the ip dhcp snooping command have at least one port connected to a DHCP server configured as a trusted port by using the ip dhcp snooping trust command If you disable the DHCP snooping service by using the no variant of this command all DHCP snooping configuration including ARP security but excluding maximum bindings and ACLs is removed from t...

Page 1078: ...CE DHCP SNOOPING Examples To enable DHCP snooping on the switch use the command awplus configure terminal awplus config service dhcp snooping To disable DHCP snooping on the switch use the command awplus configure terminal awplus config no service dhcp snooping Related Commands ip dhcp snooping ip dhcp snooping database ip dhcp snooping max bindings show ip dhcp snooping ...

Page 1079: ...how arp security interface show arp security statistics Table 33 1 Example output from the show arp security command awplus show arp security ARP Security Information Total VLANs enabled 2 Total VLANs disabled 11 vlan1 Disabled vlan2 Disabled vlan3 Disabled vlan4 Disabled vlan5 Disabled vlan100 Disabled vlan101 Disabled vlan102 Disabled vlan103 Disabled vlan104 Disabled vlan105 Enabled vlan1000 Di...

Page 1080: ...s to display ARP security information about The port list can include switch ports and static or dynamic aggregated links Table 33 3 Example output from the show arp security interface command awplus show arp security interface Arp Security Port Status and Configuration Port Provisioned ports marked with brackets e g portx y z KEY LG Log TR Trap LD Link down Port Action port1 0 1 port1 0 2 port1 0...

Page 1081: ... SNOOPING COMMANDS SHOW ARP SECURITY INTERFACE Related Commands arp security violation show arp security show arp security statistics show log snmp server enable trap TR Trap Generate an SNMP notification trap LD Link down Shut down the link Table 33 4 Parameters in the output from the show arp security interface command cont Parameter Description ...

Page 1082: ...OW ARP SECURITY STATISTICS show arp security statistics Overview Use this command to display ARP security statistics for the specified ports or all ports Syntax show arp security statistics detail interface port list Mode User Exec and Privileged Exec Parameter Description detail Display detailed statistics interface port list Display statistics for the specified ports ...

Page 1083: ...rs in the output from the show arp security statistics command Parameter Description Interface A port name Parentheses indicate that ports are configured for provisioning In Packets The total number of incoming ARP packets that are processed by DHCP Snooping ARP Security In Discards The total number of ARP packets that are dropped by DHCP Snooping ARP Security Table 33 7 Example output from the sh...

Page 1084: ...tches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x DHCP SNOOPING COMMANDS SHOW ARP SECURITY STATISTICS Related Commands arp security arp security violation clear arp security statistics show arp security show arp security interface show log ...

Page 1085: ...lay the ARP security debugging configuration Syntax show debugging arp security Mode User and Privileged Exec Example To display the debugging settings for ARP security on the switch use the command awplus show debugging arp security Related Commands arp security violation debug arp security Table 33 8 Example output from the show debugging arp security command awplus show debugging arp security A...

Page 1086: ...xec and Privileged Exec Example To display the DHCP snooping debugging configuration use the command awplus show debugging ip dhcp snooping Related Commands debug ip dhcp snooping show log Table 33 9 Example output from the show debugging ip dhcp snooping command awplus show debugging ip dhcp snooping DHCP snooping debugging status DHCP snooping debugging is off DHCP snooping all debugging is off ...

Page 1087: ...dhcp snooping acl show ip dhcp snooping agent option show ip dhcp snooping binding show ip dhcp snooping interface Table 33 10 Example output from the show ip dhcp snooping command DHCP Snooping Information DHCP Snooping service Enabled Option 82 insertion Enabled Option 82 on untrusted ports Not allowed Binding delete by client Disabled Binding delete by link down Disabled Verify MAC address Disa...

Page 1088: ...c and Privileged Exec Example To display DHCP snooping ACL information use the command awplus show ip dhcp snooping acl Parameter Description detail Detailed DHCP Snooping ACL information hardware DHCP Snooping hardware ACL information interface ACL Interface information interface list The interfaces to display information about Table 33 11 Example output from the show ip dhcp snooping acl command...

Page 1089: ...0 20 20 0000 aaaa bbbb port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 3 dhcpsn2 cmap1 30 30 30 30 aaaa bbbb dddd port1 0 3 dhcpsn2 cmap1 40 40 40 40 0000 aaaa cccc port1 0 3 dhcpsn2 cmap1 50 50 50 50 0000 aaaa dddd port1 0 3 dhcpsn2 cmap1 60 60 60 60 0000 aaaa eeee port1 0 3...

Page 1090: ...cl detail interface port1 0 4 DHCP Snooping Based Filters Information port1 0 4 Maximum Bindings 2 port1 0 4 Template filters 7 port1 0 4 Attached hardware filters 14 port1 0 4 Current bindings 1 1 free port1 0 4 Client 1 120 120 120 120 port1 0 4 Templates cheese via class map cmap2 port1 0 4 10 permit ip dhcpsnooping 100 0 0 0 8 port1 0 4 Template dhcpsn2 via class map cmap1 port1 0 4 10 permit ...

Page 1091: ...nooping agent option interface interface list Mode User Exec and Privileged Exec Examples To display DHCP snooping Option 82 information for all interfaces use the command awplus show ip dhcp snooping agent option To display DHCP snooping Option 82 information for port1 0 1 use the command awplus show ip dhcp snooping agent option interface port1 0 1 To display DHCP snooping Option 82 information ...

Page 1092: ...ing Option 82 Configuration Key C Id Circuit Id Format R Id Remote Id S Id Subscriber Id Option 82 insertion Enabled Option 82 on untrusted ports Not allowed vlan1 C Id vlanifindex R Id Access Island 01 M1 vlan2 C Id vlantriplet R Id Access Island 01 M1 vlan3 C Id vlantriplet R Id Access Island 01 M3 vlan4 C Id vlantriplet R Id 0000 cd28 074c vlan5 C Id vlantriplet R Id 0000 cd28 074c vlan6 C Id v...

Page 1093: ...agent option DHCP Snooping Option 82 Configuration Key C Id Circuit Id Format R Id Remote Id S Id Subscriber Id Option 82 insertion Enabled Option 82 on untrusted ports Not allowed vlan1 C Id vlanifindex R Id Access Island 01 M1 vlan2 C Id vlantriplet R Id Access Island 01 M1 vlan3 C Id vlantriplet R Id Access Island 01 M3 vlan4 C Id vlantriplet R Id 0000 cd28 074c vlan5 C Id vlantriplet R Id 0000...

Page 1094: ...VLAN Port sec Type 1 2 3 4 aaaa bbbb cccc 7 1 0 6 Infinite Stat 1 2 3 6 any 4077 1 0 6 Infinite Stat 1 3 4 5 any 1 sa1 Infinite Stat 111 111 100 101 0000 0000 0001 111 112 1 1 1 1 0 6 4076 Dyna 111 111 101 108 0000 0000 0108 111 112 1 1 1 1 0 6 4084 Dyna 111 111 101 109 0000 0000 0109 111 112 1 1 1 1 0 6 4085 Dyna 111 211 100 101 1 1 0 2 2147483325 Dyna 111 211 100 109 00b0 0000 0009 111 112 111 1...

Page 1095: ... ip source binding Type The source of the entry Dyna dynamically entered by snooping DHCP traffic configured by the ip dhcp snooping binding command or loaded from the database backup file Stat added statically by the ip source binding command Total number of bindings in database The total number of dynamic and static lease entries in the DHCP snooping database Table 33 15 Parameters in the output...

Page 1096: ...on for If no ports are specified information for all ports is displayed Table 33 16 Example output from the show ip dhcp snooping interface command awplus show ip dhcp snooping interface DHCP Snooping Port Status and Configuration Port Provisioned ports marked with brackets e g portx y z Action LG Log TR Trap LD Link down Full Max Port Status Leases Leases Action Subscriber ID port1 0 1 Untrusted ...

Page 1097: ... config dhcp Max Leases The maximum number of entries that can be stored in the database for the port Action The DHCP snooping violation actions for the port Subscriber ID The subscriber ID for the port If the subscriber ID is longer than 34 characters only the first 34 characters are displayed To display the whole subscriber ID use the show running config dhcp command Table 33 17 Parameters in th...

Page 1098: ...oping statistics Overview Use this command to display DHCP snooping statistics Syntax show ip dhcp snooping statistics detail interface interface list Mode User Exec and Privileged Exec Parameter Description detail Display detailed statistics interface interface list Display statistics for the specified interfaces The interface list can contain switch ports static or dynamic link aggregators chann...

Page 1099: ... 0 4 0 0 0 0 port1 0 5 0 0 0 0 port1 0 6 58 0 58 0 Table 33 19 Example output from the show ip dhcp snooping statistics detail command awplus show ip dhcp snooping statistics detail DHCP Snooping Statistics Interface port1 0 1 All counters 0 Interface port1 0 2 All counters 0 Interface port1 0 3 All counters 0 Interface port1 0 4 In Packets 50 In BOOTP Requests 25 In BOOTP Replies 25 In Discards 1...

Page 1100: ... was discarded for reasons such as mismatch between received interface and current binding information Invalid IP UDP Header A problem was detected in the IP or UDP header of the packet Max Bindings Exceeded Accepting the packet would cause the maximum number of bindings on a port to be exceeded Option 82 Insert Error An error occurred while trying to insert DHCP Relay Agent Option 82 information ...

Page 1101: ...0 Series Industrial Managed PoE Switches 1101 AlliedWare Plus Operating System Version 5 4 5I 0 x DHCP SNOOPING COMMANDS SHOW IP DHCP SNOOPING STATISTICS Related Commands clear ip dhcp snooping statistics ip dhcp snooping ip dhcp snooping violation ...

Page 1102: ...source binding Related Commands ip source binding show ip dhcp snooping binding Table 33 21 Example output from the show ip source binding command awplus show ip source binding IP Source Bindings Client MAC Expires IP Address Address VLAN Port sec Type 1 1 1 1 0000 1111 2222 1 port1 0 1 Infinite Static Table 33 22 Parameters in the output from the show ip source binding command Parameter Descripti...

Page 1103: ...REV A AlliedWare Plus Operating System Version 5 4 5I 0 x RRP Snooping Commands Introduction Overview This section provides an alphabetical reference for commands used to configure the Router Redundancy Protocol RRP Command List ip rrp snooping on page 1104 show ip rrp snooping on page 1105 ...

Page 1104: ... The default is disabled Mode Global Configuration Usage Use this command to enable the RRP Snooping feature You cannot use RRP Snooping at the same time as the following features STP RSTP or MSTP except for edge ports RSTP is enabled by default To disable it use the command spanning tree enable on page 446 Port security the command switchport port security Port authentication EPSR Port mirroring ...

Page 1105: ...he show ip rrp snooping command The following table shows the output display for the show ip rrp snooping command Related Commands ip rrp snooping awplus show ip rrp snooping Status Enabled Vlan Master Virtual MAC Address UpTime vlan1 Port1 0 1 00e0 2b00 0085 00 00 39 Parameter Description Status Displays if RRP Snooping is enabled or disabled Vlan Displays the VLAN ID Master Displays the port ID ...

Page 1106: ...ng Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug epsr on page 1108 epsr on page 1109 epsr configuration on page 1110 epsr datavlan on page 1111 epsr enhancedrecovery enable on page 1112 epsr mode master controlvlan primary port on page 1113 epsr mode transit controlvlan on page 1114 epsr priority on page 1115 epsr state on page 1116 epsr trap on page 1117...

Page 1107: ...0066 01 REV A Command Reference for IE200 Series Industrial Managed PoE Switches 1107 AlliedWare Plus Operating System Version 5 4 5I 0 x EPSR COMMANDS show epsr summary on page 1131 undebug epsr on page 1132 ...

Page 1108: ...n from being sent to the console msg Send the decoded received and transmitted EPSR packets to the console Using this parameter with the no debug epsr command will explicitly exclude the above packets from being sent to the console pkt Send the received and transmitted EPSR packets as raw ASCII text to the console Using this parameter with the no debug epsr command will explicitly exclude the abov...

Page 1109: ...stance called blue use the command awplus config epsr epsr blue hellotime 5 To delete the EPSR instance called blue use the command awplus config epsr no epsr blue Parameter Description epsr instance Name of the EPSR instance hellotime 1 32767 The number of seconds between the transmission of health check messages failovertime 2 65535 The number of seconds that a master waits for a returning healt...

Page 1110: ...PSR COMMANDS EPSR CONFIGURATION epsr configuration Overview Use this command to enter EPSR Configuration mode so that EPSR can be configured Syntax epsr configuration Mode Global Configuration Example To change to EPSR mode use the command awplus config epsr configuration Related Commands epsr mode master controlvlan primary port epsr show epsr ...

Page 1111: ...94 using the epsr datavlan command Examples To add vlan3 to the EPSR instance called blue use the command awplus config epsr epsr blue datavlan vlan3 To add vlan2 and vlan3 to the EPSR instance called blue use the command awplus config epsr epsr blue datavlan vlan2 vlan3 To remove vlan3 from the EPSR instance called blue use the command awplus config epsr no epsr blue datavlan vlan3 To remove vlan...

Page 1112: ...e than one break partially mends For more information see the EPSR Feature Overview and Configuration Guide The no variant of this command disables the enhanced recovery mode Syntax epsr epsr instance enhancedrecovery enable no epsr epsr instance enhancedrecovery enable Default Default is that enhanced recovery mode disabled Mode EPSR Configuration Example To apply enhanced recovery on the EPSR in...

Page 1113: ...an produce unpredictable results Mode EPSR Configuration Example To create a master EPSR instance called blue with vlan2 as the control VLAN and port1 0 1 as the primary port use the command awplus config epsr epsr blue mode master controlvlan vlan2 primaryport port1 0 1 Related Commands epsr mode transit controlvlan show epsr Parameter Description epsr instance Name of the EPSR instance mode Dete...

Page 1114: ... channels an algorithm selects the two ports or channels with the lowest number to be the ring ports However if the switch has only one channel group is defined to the control vlan EPSR will not operate on the secondary port EPSR does not support Dynamic link aggregation LACP Mode EPSR Configuration Example To create a transit EPSR instance called blue with vlan2 as the control VLAN use the comman...

Page 1115: ...on Syntax epsr epsr instance priority 0 127 no epsr instance priority Default The default priority of an EPSR instance on an EPSR node is 0 The negated form of this command resets the priority of an EPSR instance on an EPSR node to the default value Mode EPSR Configuration Example To set the priority of the EPSR instance called blue to the highest priority 127 use the command awplus config epsr ep...

Page 1116: ...yntax epsr epsr instance state enabled disabled Mode EPSR Configuration Example To enable the EPSR instance called blue use the command awplus config epsr epsr blue state enabled Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan Parameter Description epsr instance The name of the EPSR instance state The operational state of the ring enabled EPSR instance is e...

Page 1117: ...tance The traps will no longer be sent when the EPSR instance changes state Syntax epsr epsr instance trap no epsr epsr instance trap Mode EPSR Configuration Example To enable traps for the EPSR instance called blue use the command awplus config epsr epsr blue trap To disable traps for the EPSR instance called blue use the command awplus config epsr no epsr blue trap Related Commands epsr mode mas...

Page 1118: ...ystem Version 5 4 5I 0 x EPSR COMMANDS SHOW DEBUGGING EPSR show debugging epsr Overview This command shows the debugging modes enabled for EPSR Syntax show debugging epsr Mode User Exec and Privileged Exec Example To show the enabled debugging modes use the command awplus show debugging epsr Related Commands debug epsr ...

Page 1119: ...liedWare Plus Operating System Version 5 4 5I 0 x EPSR COMMANDS SHOW EPSR show epsr Overview This command displays information about all EPSR instances Syntax show epsr Mode User Exec and Privileged Exec Example To show the current settings of all EPSR instances use the command awplus show epsr ...

Page 1120: ...abled State Links Up Control Vlan 2 Data VLAN s 10 Interface Mode Ports Only First Port port1 0 1 First Port Status Down First Port Direction Unknown Second Port port1 0 2 Second Port Status Down Second Port Direction Unknown Trap Enabled Master Node Unknown Enhanced Recovery Disabled Table 35 2 Example output from the show epsr command run on a master node EPSR Information Name test4 Mode Master ...

Page 1121: ...e output from the show epsr command run on a Master Node EPSR Information Name test4 Mode Master Status Enabled State Complete Control Vlan 4 Data VLAN s 20 Interface Mode Ports Only Primary Port port1 0 3 Status Forwarding logically blocking Is On Common Segment No Blocking Control Physical Secondary Port port1 0 4 Status Blocked Is On Common Segment No Blocking Control Physical Hello Time 1 s Fa...

Page 1122: ... Enabled Enhanced Recovery Disabled SLP Priority 12 Table 35 5 Parameters displayed in the output of the show epsr command Parameter on Master Node Parameter on Transit Node Description Name Name The name of the EPSR instance Mode Mode The mode in which the EPSR instance is configured either Master or Transit Status Status Indicates whether the EPSR instance is enabled or disabled State State Indi...

Page 1123: ...ysical control of it Note that on a master configured for SuperLoop Prevention non zero priority its secondary ring port can be physically forwarding but logically blocking This situation arises when it is not the highest priority node in the topology and so does not receive LINKS DOWN messages upon common segment breaks and a break on a common segment in its ring is preventing reception of its ow...

Page 1124: ...master controlvlan primary port epsr mode transit controlvlan show epsr counters Enhanced Recovery Enhanced Recovery Whether the EPSR instance has enhanced recovery mode enabled SLP Priority SLP Priority The EPSR instance s priority for SuperLoop Prevention Table 35 5 Parameters displayed in the output of the show epsr command cont Parameter on Master Node Parameter on Transit Node Description ...

Page 1125: ...ts on the switch use the command awplus show epsr common segments Related Commands show epsr show epsr summary show epsr counters Table 35 6 Example output from the show epsr common segments command EPSR Common Segments Common Seg EPSR Port Phys Ctrl Ring Ring Port Instance Mode Prio Type of Port Port Status port1 0 24 test_inst_Red Transit 127 Second Yes Fwding test_inst_Blue Transit 126 Second N...

Page 1126: ...hares a common segment with a higher priority instance The instance is a master that shares a common segment with another master The instance is a master with its secondary port on a common segment Syntax show epsr instance config check Mode User Exec and Privileged Exec Example To check the configuration of all EPSR instances and display the results use the command awplus show epsr config check P...

Page 1127: ...3 50066 01 REV A Command Reference for IE200 Series Industrial Managed PoE Switches 1127 AlliedWare Plus Operating System Version 5 4 5I 0 x EPSR COMMANDS SHOW EPSR CONFIG CHECK Related Commands show epsr ...

Page 1128: ...ew This command displays information about the specified EPSR instance Syntax show epsr epsr instance Mode User Exec and Privileged Exec Example To show the current settings of the EPSR instance called blue use the command awplus show epsr blue Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan show epsr counters Parameter Description epsr instance Name of the...

Page 1129: ...erview This command displays counter information about the specified EPSR instance Syntax show epsr epsr instance counters Mode User Exec and Privileged Exec Example To show the counters of the EPSR instance called blue use the command awplus show epsr blue counters Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan show epsr Parameter Description epsr instanc...

Page 1130: ...W EPSR COUNTERS show epsr counters Overview This command displays counter information about all EPSR instances Syntax show epsr counters Mode User Exec and Privileged Exec Example To show the counters of all EPSR instances use the command awplus show epsr counters Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan show epsr ...

Page 1131: ...ut from the show epsr summary command EPSR Summary Information Abbreviations M Master node T Transit node C is on a common segment with other instances P instance on a common segment has physical control of the shared port s data VLAN blocking LB ring port is Logically Blocking applicable to master only EPSR Ctrl Primary 1st Secondary 2nd Instance Mode Status State VLAN Prio Port Status Port Statu...

Page 1132: ...es Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x EPSR COMMANDS UNDEBUG EPSR undebug epsr Overview This command applies the functionality of the no variant of the debug epsr command ...

Page 1133: ...vice whose MAC address is 0016 76b1 7a5e will have the name host_0016_76b1_7a5e assigned to it To efficiently manage your network using AMF we strongly advise that you devise a naming convention for your network devices and accordingly apply an appropriate hostname to each device in your AMF network Command List atmf area on page 1136 atmf area password on page 1137 atmf backup on page 1139 atmf b...

Page 1134: ...rovision node configure boot config on page 1171 atmf provision node configure boot system on page 1173 atmf provision node create on page 1175 atmf provision node delete on page 1177 atmf provision node license cert on page 1179 atmf provision node locate on page 1181 atmf reboot rolling on page 1182 atmf recover on page 1186 atmf recover led off on page 1188 atmf remote login on page 1189 atmf r...

Page 1135: ...225 show atmf links on page 1227 show atmf links detail on page 1228 show atmf links statistics on page 1236 show atmf memory on page 1241 show atmf nodes on page 1243 show atmf provision nodes on page 1244 show atmf tech on page 1245 show atmf working set on page 1248 show debugging atmf on page 1249 show debugging atmf packet on page 1250 show running config atmf on page 1251 switchport atmf are...

Page 1136: ... supported on a controller depends on the license installed on that controller You must give each area in an AMF network a unique name and ID number Only one local area can be configured on a device You must specify a local area on each controller remote AMF master and gateway node Example To create the AMF area named New Zealand with an ID of 1 and specify that it is the local area use the comman...

Page 1137: ...dentically on both of the area that locally contains the controller and the remote area The command show running config atmf will display the encrypted version of this password The encryption keys will match between the controller and the remote AMF master If multiple controller and masters exist in an area they must all have the same area configuration Example To give the AMF area named Auckland ...

Page 1138: ...al Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x AMF COMMANDS ATMF AREA PASSWORD Related Commands atmf area show atmf area show atmf area summary show atmf area nodes switchport atmf arealink remote area ...

Page 1139: ...11 am and execute twice per day 11 am and 11 pm use the following command node_1 configure terminal node_1 config atmf backup 11 00 frequency 2 CAUTION File names that comprise identical text but with differing case such as Test txt and test txt will not be recognized as being different on a FAT32 based backup media such as a USB storage device However these filenames will be recognized as being d...

Page 1140: ...ea This command is only valid on AMF controllers Syntax atmf backup area masters delete area area name node node name Mode Privileged Exec Example To delete the backup of the remote area master named well gate in the area Wellington use the command controller 1 atmf backup area masters delete area Wellington node well gate Related Commands show atmf backup area Parameter Description area name The ...

Page 1141: ...a masters enable Mode Global configuration Default Remote area backups are disabled by default Usage Use the following commands to configure the remote area master backups atmf backup to configure when the backups begin and how often they run atmf backup server to configure the backup server Example To enable scheduled backups of AMF remote area masters use the commands controller 1 configure term...

Page 1142: ...rivileged Exec Example To back up all local master nodes in all areas controlled by controller 1 use the command controller 1 atmf backup area masters now To back up all local masters in the Wellington area use the command controller 1 atmf backup area masters now area Wellington To back up the local master well master in the Wellington area use the command controller 1 atmf backup area masters no...

Page 1143: ...between the active remote file server and the backup remote file server Files are copied from the active server to the remote server This command is only valid on AMF controllers Syntax atmf backup area masters synchronize Mode Privileged Exec Example To synchronize backed up files between the remote file servers for all area masters use the command controller 1 atmf backup area masters synchroniz...

Page 1144: ...the maximum configurable speed of 1000 kBps In effect zero means unlimited Use the no variant of this command to reset to its default value of zero the maximum bandwidth in kilobytes per second kBps available when initiating an AMF backup A value of zero tells the backup process to transfer files using unlimited bandwidth Syntax atmf backup bandwidth 0 1000 no atmf backup bandwidth Default The def...

Page 1145: ...rview This command removes the backup file from the external media of a specified AMF node Syntax atmf backup delete node name Mode Privileged Exec Example To delete the backup file from node2 use the following command Node_1 atmf backup delete node2 Related Commands show atmf backup atmf backup now atmf backup stop Parameter Description node name The AMF node name of the backup file to be deleted...

Page 1146: ... enabled Syntax atmf backup enable no atmf backup enable Default Automatic AMF backup functionality is enabled on the AMF master when it is configured and external media i e an SD card or a USB storage device or remote server is detected Mode Global Configuration Usage A warning message will appear if you run the atmf backup enable command with either insufficient or marginal memory availability o...

Page 1147: ...s is shown in Example 4 below Example 1 In this example an AMF member has not been assigned a host name The following command is run on the AMF_Master_2 node to immediately backup the device that is identified by its MAC address of 0016 76b1 7a5e AMF_Master_2 atmf backup now host_0016_76b1_7a5e NOTE When a host name is derived from its MAC address the syntax format entered changes from XXXX XXXX X...

Page 1148: ...cess From the AMF_master_1 set the working set to comprise only of the automatic group master nodes AMF_Master_1 atmf working set group master This command returns the following display Backup the AMF member with the host name office_annex on both the master nodes as defined by the working set AMF_Master 2 atmf backup now office_annex Note that the 2 shown in the command prompt indicates a 2 node ...

Page 1149: ...mmands AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 1 192 168 1 1 username backup1 Parameter Description id Remote server backup server identifier 1 2 The backup server identifier number 1 or 2 Note that there can be up to two backup servers numbered 1 and 2 respectively and you would need to run this command separately for each server hostlocation Either the name or t...

Page 1150: ...2 with a hostname and username use the command AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 2 www example com username backup2 To configure server 2 with a hostname and username in addition to the optional path and port parameters use the command AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 2 www example com username backup2 path tokyo port...

Page 1151: ...h then you can either run this command separately on each master node or add both masters to a working set and issue this command to the working set Syntax atmf backup stop Mode Privileged Exec Usage This command is used to halt an AMF backup that is in progress In this situation the backup process will finish on its current node and then stop Example To stop a backup that is currently executing o...

Page 1152: ... from the node s active remote file server to its backup remote file server Note that this process happens automatically each time the network is backed up Syntax atmf backup synchronize Mode Privileged Exec Example When connected to the master node AMF_Master_1 the following command will initiate a backup of all system related files from its active remote file server to its backup remote file ser...

Page 1153: ...ash backup file v1 license files flash configs swfeature lic v2 license files flash configs sw_v2 lic It then reboots to put the device in a clean state ready to be used as a replacement node on a provisioned port Syntax atmf cleanup Mode Privileged Exec Usage This command is an alias to the erase factory default command Example To erase data use the command Node_1 atmf cleanup This command will e...

Page 1154: ...n a controller depends on the license installed on that controller Syntax atmf controller no atmf controller Mode Global configuration Usage A valid AMF license must be available before this command can be applied Example To configure the node named controller 1 as an AMF controller use the commands controller 1 configure terminal controller 1 config atmf controller To stop the node named controll...

Page 1155: ...ngthe bootsystemcommand Theold release will become the backup release file If a release file exists in a remote device such as TFTP or HTTP for example then the URL should specify the exact release filename without using a wild card character The command will continue to upgrade software until all nodes are upgraded At the end of the upgrade cycle the reboot command should be used on the working s...

Page 1156: ...20140204 2 rel Release ready SW_Team2 x610 main 20140204 2 rel Release ready SW_Team3 x610 main 20140204 2 rel Release ready Continue the rolling reboot y n y Copying Release x510 main 20140204 2 rel to SW_Team1 Updating Release x510 main 20140204 2 rel information on SW_Team1 Copying Release x610 main 20140204 2 rel to SW_Team2 Updating Release x610 main 20140204 2 rel information on SW_Team2 Cop...

Page 1157: ...t form uplinks downlinks If you assign a VLAN ID to this VLAN i e changing its value from the default of 4091 then you will need to do this separately on every device within the AMF network The AMF domain subnet will then be applied to this new VID when all devices within the AMF network are next rebooted Use the no variant of this command to reset the VLAN ID to its default value of 4091 Syntax a...

Page 1158: ...m Version 5 4 5I 0 x AMF COMMANDS ATMF DOMAIN VLAN Examples To change the AMF domain VLAN to 4000 use the following commands node 1 configure terminal node 1 config atmf domain vlan 4000 To reset the AMF domain VLAN to its default of 4091 use the following commands node 1 configure terminal node 1 config no atmf domain vlan ...

Page 1159: ... configured the AMF feature starts automatically when the device starts up Mode Global Configuration Usage The device does not auto negotiate AMF domain specific settings such as the Network Name You should therefore configure your device with any domain specific non default settings before enabling AMF Examples To turn off AMF use the command MyNode config terminal MyNode config no atmf enable To...

Page 1160: ...es that are configured as masters are automatically assigned to the master group Use the no variant of this command to remove the membership Syntax atmf group group list no atmf group group list Mode Global Configuration Usage You can use this command to define your own arbitrary groups of AMF members based on your own network s configuration requirements Applying a node to a non existing group wi...

Page 1161: ...d sales first add the nodes to the working set master_node atmf working set member_node_1 member_node_2 This command returns the following output confirming that the nodes member_node_1 and member_node_2 are now part of the working set Then add the members of the working set to the groups atmf net 2 configure terminal atmf net 2 config atmf group building1 sales atmf net 2 config exit atmf net 2 s...

Page 1162: ...yntax atmf log verbose 1 3 no atmf log verbose Default The default log display is 3 Usage This command is intended for use in large networks where verbose output can make the console unusable for periods of time while nodes are joining and leaving Mode Global Configuration Example To set the log verbose to noise level 2 use the command node 1 configure terminal node 1 config atmf log verbose 2 Val...

Page 1163: ...subnet mask of 255 255 0 0 will automatically be applied Mode Global Configuration Usage Typically a network administrator would use this command to change the default subnet address to match local network requirements As previously mentioned running this command will result in the creation of a further two subnets within the class B address space assigned and the mask will extend from 16 to 17 Fo...

Page 1164: ...hes C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x AMF COMMANDS ATMF MANAGEMENT SUBNET To change the AMF management subnet address on node node 1 back to its default of 172 31 0 0 node 1 configure terminal node 1 config no atmf management subnet ...

Page 1165: ... when all devices within the AMF network are next rebooted Use the no variant of this command to restore the VID to the default of 4092 Syntax atmf management vlan 2 4090 no atmf management vlan Default VLAN ID default is 4092 NOTE Although the value applied by default lies outside the user configurable range You can use the no variant of this command to reset the VLAN to its default value mode Gl...

Page 1166: ...es may exist in a network and they must be connected by an AMF crosslink NOTE Master nodes are an essential component of an AMF network In order to run AMF an AMF License is required for each master node If the crosslink between two AMF masters fails then one of the masters will become isolated from the rest of the AMF network Use the no variant of this command to remove the device as an AMF maste...

Page 1167: ...aster Use the no variant of this command to remove the AMF network name Syntax atmf network name name no atmf network name Mode Global Configuration Usage This is one of the essential commands when configuring AMF and must be entered on each node that is to be part of the AMF This command will not take effect until the particular node is rebooted A switching node master or member may be a member o...

Page 1168: ...sioning on the node Syntax atmf provision nodename no atmf provision Default No provision Mode Interface Configuration Usage The port should be configured as an AMF link or cross link and should be down to add or remove a provisioned node Example To provision an AMF node named node1 for port1 0 1 use the command host1 config interface port1 0 1 host1 config if atmf provision node1 Related Commands...

Page 1169: ...de name If a backup or provisioned node already exists for the specified node then you must delete it before using the atmf provision node clone command When using this command it is important to be aware of the following A copy of media atmf atmf_name nodes source_node flash will be made for the provisioned node and stored in the backup media The directory node_backup_dir flash config ssh is excl...

Page 1170: ...p The output from this command is shown in the following figure and shows the details of the new provisioned node device3 Figure 36 2 Sample output from the show atmf backup command device1 atmf provision node device3 clone device2 Copying Successful operation device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Jan 2014 03 00 Backup Bandwidth ...

Page 1171: ...ed node Mode Privileged Exec Usage When using this command to set a backup configuration file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the AMF remote backup media Examples To set the configuration file branch cfg on the AMF provisioned node node1 use the command MasterNodeName atmf provision node node1 co...

Page 1172: ...ndustrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x AMF COMMANDS ATMF PROVISION NODE CONFIGURE BOOT CONFIG Related Commands atmf provision node configure boot system show atmf provision nodes ...

Page 1173: ...ed for the provisioned node Mode Privileged Exec Usage When using this command to set a backup release file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the AMF remote backup media Examples To set the release file x610 5 4 4 1 rel on the AMF provisioned node node1 use the command MasterNodeName atmf provision...

Page 1174: ...ndustrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x AMF COMMANDS ATMF PROVISION NODE CONFIGURE BOOT SYSTEM Related Commands atmf provision node configure boot config show atmf provision nodes ...

Page 1175: ...rovision node clone must be executed before you can use other atmf provision node commands with the specified node name If a backup or provisioned node already exists for the specified node name then you must delete it before using this command A date and time is assigned to the new provisioning directory reflecting when this command was executed If there is a backup or provisioned node with the s...

Page 1176: ...AMF Feature Overview and Configuration Guide Related commands atmf provision node clone device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 02 Jan 2014 03 00 Backup Bandwidth Unlimited Backup Media USB Total 7446 0MB Free 7315 2MB Server Config Synchronization Unsynchronized Last Run 1 Unconfigured 2 Unconfigured Current Action Idle Started Curre...

Page 1177: ... want to use the atmf provision node delete command to delete a provisioned node that was created in error or that is no longer needed This command cannot be used to delete backups created by the AMF backup procedure In this case use the command atmf backup delete to delete the files NOTE This command allows provisioned entries to be deleted even if they have been referenced by the atmf provision ...

Page 1178: ... provision node create device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Jan 2014 03 00 Backup Bandwidth Unlimited Backup Media USB Total 7446 0MB Free 7297 0MB Server Config Synchronization Unsynchronized Last Run 1 Unconfigured 2 Unconfigured Current Action Idle Started Current Node Node Name Date Time In ATMF On Media Status device1 01 Ja...

Page 1179: ...ected on the network and the certificate file has been downloaded to the provisioned node the hidden copy of the certificate file is deleted from AMF backup media Use the no variant of this command to set it back to the default This command can only be run on AMF master nodes Syntax atmf provision node nodename license cert file path URL no atmf provision node nodename license cert Default No lice...

Page 1180: ...ays license certification details in the last line Figure 36 5 Sample output from the show atmf provision nodes command Related commands show atmf provision nodes device1 show atmf provision nodes ATMF Provisioned Node Information Backup Media SD Total 3827 0MB Free 3481 1MB Node Name device2 Date Time 06 May 2014 23 25 44 Provision Path card atmf nodes Boot configuration Current boot image x510 1...

Page 1181: ...n the command has already been set up Otherwise an error message is shown when the command is run NOTE We advise that after running this command you return to a known working directory typically flash Example To change the working directory that happens to be on device1 to the directory of provisioned node device2 use the following command device1 atmf provision node device2 locate The directory o...

Page 1182: ...node in the sequence This command can take a significant amount of time to complete Syntax atmf reboot rolling force url Mode Privileged Exec Usage You can load the software from a variety of locations The latest compatible release for a node will be selected from your selected location based on the parameters and URL you have entered For example card 5 4 3 x 5 4 3 rel will select from the folder ...

Page 1183: ...ample to access a file on a remote device then the URL should specify the exact release filename without using wild card characters On bootup the software release is verified Should an upgrade fail the upgrading unit will revert back to its previous software version At the completion of this command a report is run showing the release upgrade status of each node NOTE Take care when removing extern...

Page 1184: ...Bld2_Floor_1 atmf working set group x510 SW_Team1 SW_Team2 SW_Team3 Working set join ATMF_NETWORK 3 atmf reboot rolling ATMF Rolling Reboot Nodes Timeout Node Name Minutes SW_Team1 14 SW_Team2 8 SW_Team3 8 Continue the rolling reboot y n y ATMF Rolling Reboot Rebooting SW_Team1 SW_Team1 has left the working set Reboot of SW_Team1 has completed ATMF Rolling Reboot Rebooting SW_Team2 SW_Team2 has le...

Page 1185: ...lling Reboot Nodes Timeout Node Name Minutes New Release File Status SW_Team1 8 x510 5 4 3 0 5 rel Release Ready SW_Team2 10 x510 5 4 3 0 5 rel Release Ready SW_Team3 8 Not Supported HW_Team1 6 Incompatible Bld1_Floor_2 2 x610 5 4 3 0 5 rel Release Ready Bld1_Floor_1 4 Incompatible Building_1 2 Incompatible Building_2 2 x908 5 4 3 0 5 rel Release Ready Continue upgrading releases y n ...

Page 1186: ...ice will poll all known AMF masters and controllers and execute an election process based on the last successful backup and its timestamp to determine which to use If no valid backup master or controller is found then this command will fail No error checking occurs when this command is run Regardless of the last backup status the recovering node will attempt to load its configuration from the spec...

Page 1187: ...lliedWare Plus Operating System Version 5 4 5I 0 x AMF COMMANDS ATMF RECOVER Example To recover the AMF node named Node_10 from the AMF master node named Master_2 use the following command Master_2 atmf recover Node_10 master Master_2 Related Commands atmf backup stop show atmf backup show atmf ...

Page 1188: ...nction to their normal operational mode and in doing so assists with resolving the recovery problem You can repeat this process until the recovery failure has been resolved For more information see the AMF Feature Overview and Configuration Guide Syntax atmf recover led off Default Normal operational mode Mode Privileged Exec Example To revert the LEDs on Node1 from recovery mode display to their ...

Page 1189: ... If the remote login session exits for any reason i e device reboot you will be returned to the originating node The software will not allow you to run multiple remote login sessions You must exit an existing session before starting a new one Example 1 To remotely login from node Node10 to Node20 use the following command Node10 atmf remote login node20 Example 2 In this example user Whitney is a ...

Page 1190: ...twork This allows access to the atmf working set command from any node in the AMF network Syntax atmf restricted login no atmf restricted login Mode Privileged Exec Default Master nodes operate with atmf restricted login disabled Member nodes operate with atmf restricted login enabled NOTE The default conditions of this command vary from those applied by its no variant Thisisbecausetherestricted l...

Page 1191: ... Privileged Exec Usage After running this command use the atmf working set command to select the set of nodes you want to access in the remote area Example To access nodes in the area Canterbury use the command controller 1 atmf select area Canterbury This displays the following output To return to the local area for controller 1 use the command controller 1 atmf select area local Alternatively to...

Page 1192: ...r If the tunnel is configured to connect a head office and branch office over the Internet typically this would involve using some type of managed WAN service such as a site to site VPN Tunnels are only supported using IPv4 Configuration involves creating a local tunnel ID a local IP address a remote tunnel ID and a remote IP address A reciprocal configuration is also required on thecorrespondingr...

Page 1193: ...e ip 192 168 2 1 Node_20 config atmf virtual link id 2 ip 192 168 2 1 remote id 1 remote ip 192 168 1 1 Example 2 To set up an area virtual link to a remote site assuming IP connectivity between the sites already one site must run the following commands SiteA configure terminal SiteA config atmf virtual link id 5 ip 192 168 100 1 remote id 10 remote ip 192 168 200 1 remote area SiteB AREA The seco...

Page 1194: ...1194 Command Reference for IE200 Series Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x AMF COMMANDS ATMF VIRTUAL LINK show atmf links ...

Page 1195: ...odes that comprise the current working set all All nodes in the AMF Automatic Groups These can be defined by hardware architecture e g x510 x610 x8100 AR3050S or AR4050S or by certain AMF nodal designations such as master Note that the Implicit Groups do not appear in show group output If a node is an AMF master it will be automatically added to the master group Syntax atmf working set node list g...

Page 1196: ...here all comprises all nodes in the AMF This command displays an output screen similar to the one shown below Example 2 To return to the local prompt and connectivity to only the local node use the command ATMF_NETWORK_Name 6 atmf working set group local node1 node1 node2 node3 node4 node5 node6 Working set join ATMF_NETWORK_Name 6 Parameter Description node1 node2 The name of the nodes as set by ...

Page 1197: ...MMANDS CLEAR ATMF LINKS STATISTICS clear atmf links statistics Overview This command resets the values of all AMF link port and global statistics to zero Syntax clear atmf links statistics Mode Privilege Exec Example To reset the AMF link statistics values use the command node_1 clear atmf links statistics Related Commands show atmf links statistics ...

Page 1198: ...osslink arealink database neighbor error all Default All debugging facilities are disabled Mode User Exec and Global Configuration Usage If no additional parameters are specified then the command output will display all AMF debugging information including link events topology discovery messages and all notable AMF events NOTE An alias to the no variant of this command is undebug atmf on page 1259 ...

Page 1199: ...C613 50066 01 REV A Command Reference for IE200 Series Industrial Managed PoE Switches 1199 AlliedWare Plus Operating System Version 5 4 5I 0 x AMF COMMANDS DEBUG ATMF Related Commands no debug all ...

Page 1200: ... 1 both Tx and Rx a timeout of 60 seconds with no filters applied NOTE An alias to the no variant of this command undebug atmf can be found elsewhere in this chapter Mode User Exec and Global Configuration Usage If no additional parameters are specified then the command output will apply a default selection of parameters shown below debug atmf packet direction rx tx both level 1 2 3 timeout second...

Page 1201: ...ifname Interface port or virtual link pkt type Sets the filter on packets with a particular AMF packet type 1 Crosslink Hello BPDU packet with crosslink links information Enter 1 to select this packet type 2 Crosslink Hello BPDU packet with downlink domain information Enter 2 to select this packet type 3 Crosslink Hello BPDU packet with uplink information Enter 3 to select this packet type 4 Downl...

Page 1202: ...ET To enable send and receive 500 packets only on vlink1 for packet types 1 7 and 11 use the command node_1 debug atmf packet num pkts 500 filter interface vlink1 pkt type 1 7 11 This example applies the debug atmf packet command and combines many of its options node_1 debug atmf packet direction rx level 1 num pkts 60 filter node x610 interface port1 0 1 pkt type 4 7 10 ...

Page 1203: ...file v1 license files flash configs swfeature lic v2 license files flash configs sw_v2 lic The device is then rebooted and returns the device to its factory default condition The device can then be used for automatic node recovery Syntax erase factory default Mode Global Configuration Usage This command is an alias to the atmf cleanup command Example To erase data use the command Node_1 config era...

Page 1204: ...show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Example 1 To show summary information on AMF node_1 use the following command node_1 show atmf summary The following figure shows some example output from running this command for a specific AMF node Example 2 To show information specific to AMF nodes use the following command node_1 show atmf ...

Page 1205: ... you want to see an overview of the AMF network Table 36 2 Output from the show atmf session command node_1 show atmf session CLI Session Neighbors Session ID 73518 Node Name node_1 PID 7982 Link type Broadcast cli MAC Address 0000 0000 0000 Options 0 Our bits 0 Link State Full Domain Controller 0 Backup Domain Controller 0 Database Description Sequence Number 00000000 First Adjacency 1 Number Eve...

Page 1206: ...ackup Domain Controller node2 Domain controller MAC 0014 2299 137d Parent Domain Parent Domain Controller Parent Domain Controller MAC 0000 0000 0000 Number of Domain Events 0 Crosslink Ports Blocking 0 Uplink Ports Waiting on Sync 0 Crosslink Sequence Number 7 Domains Sequence Number 28 Uplink Sequence Number 2 Number of Crosslink Ports 1 Number of Domain Nodes 2 Number of Neighbors 5 Number of N...

Page 1207: ...The VLAN created for traffic between Nodes of different domain up down links VLAN ID In this example VLAN 4092 is configured as the Management VLAN Management Subnet Network prefix for the subnet Management IP Address The IP address allocated for this traffic Management Mask The subnet mask used to create a subnet for this traffic 255 255 128 0 Domain VLAN The VLAN assigned for traffic between Nod...

Page 1208: ...ation about all areas use the command controller 1 show atmf area The following figure shows example output from running this command on a controller Parameter Description detail Displays detailed information area name Displays information about master and gateway nodes in the specified area only Table 36 5 Example output from the show atmf area command on a Controller controller 1 show atmf area ...

Page 1209: ... one of the following Reachable if the link has been established Unreachable if a link to the remote area has not been established This could meanthat a port or vlan is down or that inconsistent VLANs have been configured using the switchport atmf arealink remote area command N A for the area of the controller or remote master on which the command is being run because the gateway node on that devi...

Page 1210: ...olled by the controller Area Node Count The total number of nodes in the area Table 36 7 Parameter definitions from the show atmf area command cont Parameter Definition Table 36 8 Output from the show atmf area detail command controller 1 show atmf area detail ATMF Area Detail Information Controller distance 0 Controller Id 21 Backup Available FALSE Area Id 2 Gateway Node Name controller 1 Gateway...

Page 1211: ...area summary The following figure shows example output from running this command Related Commands show atmf area show atmf area nodes show atmf area nodes detail Parameter Description area name Displays information for the specified area only Table 36 9 Output from the show atmf area summary command controller 1 show atmf area summary ATMF Area Summary Information Management Information Local IPv6...

Page 1212: ...ion about all the nodes the controller is aware of use the command controller 1 show atmf area nodes The following figure shows partial example output from running this command Parameter Description area name Displays information about nodes in the specified area node name Displays information about the specified node Table 36 10 Output from the show atmf area nodes command controller 1 show atmf ...

Page 1213: ... detail ATMF Master Whether the node is an AMF master node for its area Y if it is and N if it is not SC The device configuration one of C Chassis SBx8100 series S Stackable VCS or N Standalone Parent The node to which the current node has an active uplink Node Depth The number of nodes in the path from this node to the master node Table 36 11 Parameter definitions from the show atmf area nodes co...

Page 1214: ...des detail area name node name Mode Privileged Exec Usage If you do not limit the output to a single area or node this command displays information about all remote nodes that the controller is aware of This can be a very large number of nodes Example To show information about all the nodes the controller is aware of use the command controller 1 show atmf area nodes detail Parameter Description ar...

Page 1215: ...tance to core 1 Flags 50 Extra flags 0x00000006 MAC Address 001a eb56 9020 Node name well master Parent node name none Domain id well master s domain Board type 333 Distance to core 0 Flags 51 Extra flags 0x0000000c MAC Address eccd 6d3f fef7 Table 36 13 Parameter definitions from the show atmf area nodes detail command Parameter Definition Node name The name assigned to a particular node Parent n...

Page 1216: ...all the nodes in an AMF network It can only be run on AMF master and controller nodes Syntax show atmf backup logs server status synchronize logs Mode Privileged Exec Parameter Description logs Displays detailed log information server status Displays connectivity diagnostics information for each configured remote file server synchronize Display the file server synchronization status logs For each ...

Page 1217: ...ogs Log File Location card atmf office logs rsync_ nodename log Node Name Log Details atmf_testbox2 2014 05 22 03 41 32 30299 File list size 6199 2014 05 22 03 41 32 30299 File list generation time 0 011 seconds 2014 05 22 03 41 32 30299 File list transfer time 0 000 seconds 2014 05 22 03 41 32 30299 Total bytes sent 696 2014 05 22 03 41 32 30299 Total bytes received 16 03K 2014 02 20 03 41 32 302...

Page 1218: ...f the node that is currently being backed up Node Name The name of the node that is storing backup data on its backup media Date The data of the last backup in the format DD MMM YYYY Time The time of the last backup in the format HH MM SS In ATMF Whether the node shown is active in the AMF network Yes or No Status The output can contain one of four values meaning that the status file cannot be fou...

Page 1219: ...r the master nodes in one or more areas This command is only available on AMF controllers Syntax show atmf backup area logs area name node name Mode Privileged Exec Example To show information about backups for an area use the command controller 1 show atmf backup area Parameter Description logs Displays the logs for the last backup of each node area name Displays information about nodes in the sp...

Page 1220: ...a Scheduled Backup Enabled Schedule 12 per day starting at 14 30 Next Backup Time 15 Apr 2015 04 30 Backup Bandwidth Unlimited Backup Media FILE SERVER 1 Total 128886 5MB Free 26234 2MB Server Config 1 Configured Mounted Active Host 10 37 74 1 Username root Path tftpboot backups_from_controller 1 Port 2 Configured Unmounted Host 10 37 142 1 Username root Path Port Current Action Idle Started Curre...

Page 1221: ...put in greater depth controller 1 show atmf detail ATMF Detail Information Network Name Test_network Node Name controller 1 Node Address controller 1 atmf Node ID 342 Node Depth 0 Domain State BackupDomainController Recovery State None Log Verbose Setting Verbose Management VLAN VLAN ID 4000 Management Subnet 172 31 0 0 Management IP Address 172 31 1 86 Management Mask 255 255 128 0 Management IPv...

Page 1222: ...ment VLAN The VLAN created for traffic between Nodes of different domain up down links VLAN ID In this example VLAN 4092 is configured as the Management VLAN Management Subnet Network prefix for the subnet Management IP Address The IP address allocated for this traffic Management Mask The subnet mask used to create a subnet for this traffic 255 255 128 0 Domain VLAN The VLAN assigned for traffic b...

Page 1223: ...commands collectively to any of these groups Syntax show atmf group user defined automatic Default All groups are displayed Mode Privileged Exec Example 1 To display group membership of node2 use the following command node2 show atmf group A typical output screen from this command is shown below This screen shows that node2 contains the groups master and x510 Note that although the node also conta...

Page 1224: ...ORK 6 ATMF group information master poe x8100 node1 node2 node3 node4 node5 node6 ATMF group information sysadmin x8100 AMF_NETWORK 6 Table 36 17 Sample output from the show atmf group command for a working set AMF_NETWORK 6 show atmf group node3 node4 node5 node6 ATMF group information edge_switches x510 Table 36 18 Parameter definitions from the show atmf group command for a working set Paramete...

Page 1225: ...orking set is automatically added to automatic groups which are defined by hardware architecture e g x510 x610 Nodes that are configured as masters are automatically assigned to the master group Users can define arbitrary groupings of AMF members based on their own criteria which can be used to select groups of nodes Syntax show atmf group members user defined automatic Mode Privileged Exec Parame...

Page 1226: ...ster 1 Building_1 poe 1 HW_Team1 x510 3 SW_Team1 SW_Team2 SW_Team3 x610 1 HW_Team1 x8100 2 Building_1 Building_2 ATMF Group membership User defined Total Groups Members Members marketing 1 Bld1_Floor_1 software 3 SW_Team1 SW_Team2 SW_Team3 Table 36 20 Parameter definitions from the show atmf group members command Parameter Definition Automatic Groups Lists the Automatic Groups and their nodal comp...

Page 1227: ...f details use the following command controller 1 show atmf links brief Figure 36 8 Sample output from the show atmf links command For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Related Commands no debug all clear atmf links statistics show atmf show atmf nodes device1 sh...

Page 1228: ...DETAIL show atmf links detail Overview This command displays detailed information on all the links configured in the AMF network It can only be run on AMF master and controller nodes Syntax show atmf links detail Mode User Exec Example To display the AMF link details use this command device1 show atmf links detail Parameter Description detail Detailed AMF links information ...

Page 1229: ...501 Adjacent VR ID 0 Adjacent MAC 0014 2299 137d Port Last Message Response 0 Port port2 0 2 Ifindex 6002 VR ID 0 Port Status Down Port State Init Port BPDU Receive Count 0 Link State Entries Node Ifindex Building_2 4501 Building_1 4501 Transaction ID 3 3 MAC Address 0014 2299 137d eccd 6d03 10e3 Link State Full Full Domain Nodes Tree Node Building_2 Links on Node 1 Link 0 Building_2 4501 Building...

Page 1230: ...gs 32 Domain Controller Domain Controller MAC 0000 0000 0000 Downlink Domain Information Domain Bld2_Floor_1 s domain Domain Controller Bld2_Floor_1 Domain Controller MAC eccd 6d3f fef7 Number of Links 2 Number of Links Up 2 Number of Links on This Node 1 Links are Blocked 0 Node Transaction List Node Building_2 Transaction ID 7 Domain List Domain Bld2_Floor_1 s domain Node Building_2 Ifindex 5002...

Page 1231: ...rt1 3 2 Ifindex 7002 VR ID 0 Port Status Up Port State Full Adjacent Node Bld2_Floor_1 Adjacent Internal ID 3 Adjacent Ifindex 5001 Adjacent Board ID 333 Adjacent VR ID 0 Adjacent MAC eccd 6d3f fef7 Adjacent Domain Controller Bld2_Floor_1 Adjacent Domain Controller MAC eccd 6d3f fef7 Port Forwarding State Blocking Port BPDU Receive Count 0 Port Sequence Number 15 Port Adjacent Sequence Number 8 Po...

Page 1232: ...AC address of the adjacent node in the domain Port Last Message Response Response from the remote neighbor to our AMF last hello packet Link State Entries Show all the link state database entries Node Ifindex Shows adjacent Node names and Interface index Transaction ID Shows transaction id of the current crosslink transaction MAC Address Shows adjacent Node MAC addresses Link State Shows AMF state...

Page 1233: ... for the neighbor in crosslink Flags Used in domain messages to exchange the state ATMF_DOMAIN_FLAG_DOWN 0 ATMF_DOMAIN_FLAG_UP 1 ATMF_DOMAIN_FLAG_BLOCK 2 ATMF_DOMAIN_FLAG_NOT_PRESENT 4 ATMF_DOMAIN_FLAG_NO_NODE 8 ATMF_DOMAIN_FLAG_NOT_ACTIVE_PARENT 16 ATMF_DOMAIN_FLAG_NOT_LINKS 32 ATMF_DOMAIN_FLAG_NO_CONFIG 64 Domain Controller Domain Controller in the uplink domain Domain Controller MAC MAC address...

Page 1234: ...cal port VR ID Virtual router id for the local port Port Status Shows status of the local port on the Node as UP DOWN Port State AMF state of the local port Adjacent Node nodename of the adjacent node Adjacent Internal ID Unique node identifier of the remote node Adjacent Ifindex Interface index for the port of adjacent AMF node Adjacent Board ID Product identifier for the adjacent node Adjacent V...

Page 1235: ...mand Reference for IE200 Series Industrial Managed PoE Switches 1235 AlliedWare Plus Operating System Version 5 4 5I 0 x AMF COMMANDS SHOW ATMF LINKS DETAIL Related Commands no debug all clear atmf links statistics show atmf ...

Page 1236: ...cket exchange statistics for a specified interface This command can only be run on AMF master and controller nodes Syntax show atmf links statistics interface port_number Mode User Exec Parameter Description interface Specifies that the command applies to a specific interface port or range of ports Where both the interface and port number are unspecified full statistics not just those relating to ...

Page 1237: ...124052 Crosslink Hello 20665 20666 Crosslink Hello Domain 10336 10338 Crosslink Hello Uplink 10333 10338 Hello Link 41313 82649 Hello Neighbor 0 0 Hello Stack 82652 82659 Hello Gateway 165168 165281 Database Description 42 43 Database Request 16 3 Database Update 2885 5496 Database Update Bitmap 0 115 Database Acknowledge 5331 2746 Transmit Fails 0 38 Discards 4 0 Total ATMF Packets 462823 504386 ...

Page 1238: ...mf links statistics command output device1 show atmf links statistics interface port1 0 5 ATMF Port Statistics Transmit Receive port1 0 5 Crosslink Hello 231 232 port1 0 5 Crosslink Hello Domain 116 116 port1 0 5 Crosslink Hello Uplink 116 115 port1 0 5 Hello Link 0 0 Parameter Definition Receive Shows a count of AMF protocol packets received per message type Transmit Shows the number of AMF proto...

Page 1239: ...number of discarded crosslink hello msgs received on a non crosslink port Type8 The number of discarded crosslink hello msg received on a port that is not in the correct state Type9 The number of discarded crosslink domain hello msgs received on a non crosslink port Type10 The number of discarded crosslink domain hello msgs received on a port that is not in the correct state Type11 The number of c...

Page 1240: ...r IE200 Series Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x AMF COMMANDS SHOW ATMF LINKS STATISTICS Related Commands no debug all clear atmf links statistics show atmf ...

Page 1241: ...umber 1 memory 28 bytes Line 244 number 2 memory 88 bytes Line 3753 number 2 memory 1872 bytes Line 1616 number 8 memory 320 bytes Line 1391 number 1 memory 60 bytes Line 1837 number 15 memory 600 bytes Line 288 number 1 memory 17716 bytes Line 3916 number 1 memory 1520 bytes Line 1623 number 8 memory 320 bytes Line 4477 number 1 memory 1520 bytes Line 659 number 2 memory 512 bytes Line 1844 numbe...

Page 1242: ... memory 52 bytes Line 876 number 2 memory 80 bytes Line 166 number 1 memory 232 bytes Line 415 number 7 memory 587 bytes Line 418 number 3 memory 300 bytes Line 822 number 2 memory 80 bytes Line 2341 number 4 memory 160 bytes Line 3025 number 2 memory 88 bytes Line 144 number 3 memory 1596 bytes Line 146 number 6 memory 312 bytes Line 2349 number 4 memory 160 bytes Line 1111 number 1 memory 59 byt...

Page 1243: ...e running configuration Syntax show atmf nodes Mode Privileged Exec Example To display AMF information for all nodes in the AMF use the command node_1 show atmf nodes Table 36 25 Sample output from the show atmf nodes command node1 show atmf nodes Node Information Local device SC Switch Configuration C Chassis S Stackable N Standalone Node Device ATMF Node Name Type Master SC Parent Depth Building...

Page 1244: ...n Example To show the details of all the provisioned nodes in the backup use the command NodeName show atmf provision nodes Figure 36 11 Sample output from the show atmf provision nodes command Related commands atmf provision node create atmf provision node clone atmf provision node configure boot config atmf provision node configure boot system show atmf backup device1 show atmf provision nodes A...

Page 1245: ...245 AlliedWare Plus Operating System Version 5 4 5I 0 x AMF COMMANDS SHOW ATMF TECH show atmf tech Overview This command collects and displays all the AMF command output The command can thus be used to display a complete picture of an AMF network Syntax show atmf tech Mode Privileged Exec ...

Page 1246: ...ller node1 Backup Domain Controller node2 Domain controller MAC 0014 2299 137d Parent Domain Parent Domain Controller Parent Domain Controller MAC 0000 0000 0000 Number of Domain Events 0 Crosslink Ports Blocking 0 Uplink Ports Waiting on Sync 0 Crosslink Sequence Number 7 Domains Sequence Number 28 Uplink Sequence Number 2 Number of Crosslink Ports 1 Number of Domain Nodes 2 Number of Neighbors 5...

Page 1247: ...ferent domains up down links VLAN ID In this example VLAN 4092 is configured as the Management VLAN Management Subnet the Network prefix for the subnet Management IP Address the IP address allocated for this traffic Management Mask the Netmask used to create a subnet for this traffic 255 255 128 0 prefix 17 Domain VLAN The VLAN assigned for traffic between Nodes of same domain crosslink VLAN ID In...

Page 1248: ... displays the nodes that form the current AMF working set Syntax show atmf working set Mode Privileged Exec Example To show current members of the working set use the command ATMF_NETWORK 6 show atmf working set Related Commands atmf working set show atmf show atmf group Table 36 28 Sample output from the show atmf working set command ATMF Working Set Nodes node1 node2 node3 node4 node5 node6 Work...

Page 1249: ...g atmf Mode User Exec and Global Configuration Example To display the AMF debugging status use the command node_1 show debugging atmf Figure 36 12 Sample output from the show debugging atmf command Related Commands debug atmf packet node1 show debugging atmf ATMF debugging status ATMF arealink debugging is on ATMF link debugging is on ATMF crosslink debugging is on ATMF database debugging is on AT...

Page 1250: ...splay the AMF packet debugging status use the command node_1 show debug atmf packet Figure 36 13 Sample output from the show debugging atmf packet command Related Commands debug atmf debug atmf packet ATMF packet debugging is on ATMF Packet Debugging Parameters Node Name x908 Port name port1 1 1 Limit 500 packets Direction TX Info Level Level 2 Packet Type Bitmap 2 Crosslink Hello BPDU pkt with do...

Page 1251: ...system information that is specific to AMF Syntax show running config atmf Mode User Exec and Global Configuration Example To display the current configuration of AMF use the following commands node_1 show running config atmf For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guid...

Page 1252: ...e link Each area must have the area name configured and the same area password must exist on both ends of the link Running this command will automatically place the port or static aggregator into trunk mode i e switchport mode trunk and will synchronize the area information stored on the two nodes You can configure multiple arealinks between two area nodes but only one arealink at any time will be...

Page 1253: ...re within an AMF network They have the effect of separating the AMF network into separate domains Where this command is used it is also good practice to use the switchport trunk native vlan command with the parameter none selected This is to prevent a network storm on a topology of ring connected devices Example This example is shown twice Example 2A is the most basic command sequence Example 2B i...

Page 1254: ... Reference for IE200 Series Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x AMF COMMANDS SWITCHPORT ATMF CROSSLINK Related Commands show atmf links statistics ...

Page 1255: ...t atmf link Overview This command enables you to configure a port or aggregator to be an AMF uplink downlink Running this command will automatically place the port or aggregator into trunk mode Use the no variant of this command to remove any AMF link that may exist for the selected port or aggregated link Syntax switchport atmf link no switchport atmf link Mode Interface Configuration ...

Page 1256: ...n node 1 node1 config trigger 5 node1 config trigger type atmf node leave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set node1 atmf working set group all This command returns the following display Note that the running the above command changes the prompt from the name of the local node to the name of the AM...

Page 1257: ... the triggers configured on each of the nodes in the AMF Network AMF Net 3 show running config trigger This command returns the following display node1 TR Type Details Description Ac Te Tr Repeat Scr Days Date 001 Periodic 2 min Periodic Status Chk Y N Y Continuous 1 smtwtfs 005 ATMF node leave E mail on ATMF Exit Y N Y Continuous 1 smtwtfs Node2 Node3 TR Type Details Description Ac Te Tr Repeat S...

Page 1258: ...al Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x AMF COMMANDS TYPE ATMF NODE Related Commands show trigger Node2 Node3 trigger 5 type atmf node leave description E mail on ATMF Exit script 1 email_me scp ...

Page 1259: ...ference for IE200 Series Industrial Managed PoE Switches 1259 AlliedWare Plus Operating System Version 5 4 5I 0 x AMF COMMANDS UNDEBUG ATMF undebug atmf Overview This command is an alias for the no variant of the debug atmf command ...

Page 1260: ...figuration Guide For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List ntp access group on page 1261 ntp authenticate on page 1262 ntp authentication key on page 1263 ntp broadcastdelay on page 1264 ntp master on page 1265 ntp peer on page 1266 ntp server on page 1...

Page 1261: ...ss list use the commands awplus configure terminal awplus config ntp access group peer 1998 To disable the NTP peer access group created above use the commands awplus configure terminal awplus config no ntp access group peer Parameter Description peer Allows time requests and NTP control queries and allows the system to synchronize itself to a system whose address passes the access list criteria q...

Page 1262: ...n This allows NTP to authenticate the associations with other systems for security purposes The no variant of this command disables NTP authentication Syntax ntp authenticate no ntp authenticate Mode Global Configuration Examples To enable NTP authentication use the commands awplus configure terminal awplus config ntp authenticate To disable NTP authentication use the commands awplus configure ter...

Page 1263: ...ssigned previously using ntp authentication key Syntax ntp authentication key keynumber md5 key no ntp authentication key keynumber md5 key Mode Global Configuration Examples To define an authentication key number 134343 and a key value mystring use the commands awplus configure terminal awplus config ntp authentication key 134343 md5 mystring To disable the authentication key number 134343 with t...

Page 1264: ...conds Syntax ntp broadcastdelay delay no ntp broadcastdelay Default 0 microsecond offset which can only be applied with the no variant of this command Mode Global Configuration Examples To set the estimated round trip delay to 23464 microseconds for broadcast packets use these commands awplus configure terminal awplus config ntp broadcastdelay 23464 To reset the estimated round trip delay for broa...

Page 1265: ...m number is null by default and must be set using this command The stratum levels define the distance from the reference clock and exist to prevent cycles in the hierarchy Stratum 1 is used to indicate time servers which are more accurate than Stratum 2 servers For more information on the Network Time Protocol go to www ntp org Examples To stop the device from being the designated NTP server use t...

Page 1266: ...amples See the following commands for options to configure NTP peer association key and NTP version for the peer with an IPv4 address of 192 0 2 23 awplus configure terminal awplus config ntp peer 192 0 2 23 awplus config ntp peer 192 0 2 23 prefer awplus config ntp peer 192 0 2 23 prefer version 4 awplus config ntp peer 192 0 2 23 prefer version 4 key 1234 awplus config ntp peer 192 0 2 23 versio...

Page 1267: ...n IPv6 address of 2001 0db8 010d 1 awplus configure terminal awplus config ntp peer 2001 0db8 010d 1 awplus config ntp peer 2001 0db8 010d 1 prefer awplus config ntp peer 2001 0db8 010d 1 prefer version 4 awplus config ntp peer 2001 0db8 010d 1 prefer version 4 key 1234 awplus config ntp peer 2001 0db8 010d 1 version 4 key 1234 awplus config ntp peer 2001 0db8 010d 1 version 4 awplus config ntp pe...

Page 1268: ...terminal awplus config ntp server 192 0 1 23 awplus config ntp server 192 0 1 23 prefer awplus config ntp server 192 0 1 23 prefer version 4 awplus config ntp server 192 0 1 23 prefer version 4 key 1234 awplus config ntp server 192 0 1 23 version 4 key 1234 awplus config ntp server 192 0 1 23 version 4 awplus config ntp server 192 0 1 23 key 1234 To remove an NTP peer association for this peer wit...

Page 1269: ...1 0db8 010e 2 awplus config ntp server 2001 0db8 010e 2 prefer awplus config ntp server 2001 0db8 010e 2 prefer version 4 awplus config ntp server 2001 0db8 010e 2 prefer version 4 key 1234 awplus config ntp server 2001 0db8 010e 2 version 4 key 1234 awplus config ntp server 2001 0db8 010e 2 version 4 awplus config ntp server 2001 0db8 010e 2 key 1234 To remove an NTP peer association for this pee...

Page 1270: ...ing a source IP address to use for NTP messages to the peer if the configured NTP client source IP address is unavailable then default behavior will apply and an alternative source IP address is automatically selected This IP address is based on the most appropriate egress interface used to reach the NTP peer The configured NTP client source IP may be unavailable if the interface is down or an inv...

Page 1271: ...d PoE Switches 1271 AlliedWare Plus Operating System Version 5 4 5I 0 x NTP COMMANDS NTP SOURCE To remove a configured address for the NTP source interface use the following commands awplus configure terminal awplus config no ntp source Related Commands ntp peer ntp server ...

Page 1272: ...ts NTP packets Use the no variant of this command to remove aconfigured trusted authentication key Syntax ntp trusted key 1 4294967295 no ntp trusted key 1 4294967295 Mode Global Configuration Examples To define a trusted authentication key numbered 234675 use the following commands awplus configure terminal awplus config ntp trusted key 234676 To remove the trusted authentication key numbered 234...

Page 1273: ...P client and server packets sent by your device Pkts Received Total number of NTP client and server packets received by your device Pkts Processed The number of packets processed by NTP NTP processes a packet once it has determined that the packet is valid by checking factors such as the packet s authentication format access rights and version Pkts current version The number of version 4 NTP packe...

Page 1274: ...NTP packets received that do not conform to the standard packet length NTP drops these packets Pkts bad auth The number of NTP packets received that failed authentication NTP drops these packets Packets can only fail authentication if NTP authentication is enabled with the ntp authenticate command Pkts rate exceed The number of packets dropped because the packet rate exceeded its limits Table 37 1...

Page 1275: ... command awplus show ntp associations detail 192 0 2 23 configured sane valid leap_sub stratum 16 ref ID INIT time 00000000 00000000 06 28 16 000 UTC Thu Feb 7 2036 our mode client peer mode unspec our poll intvl 512 peer poll intvl 1024 root delay 0 00 msec root disp 0 00 reach 000 delay 0 00 msec offset 0 0000 msec dispersion 0 00 precision 2 19 org time 00000000 00000000 06 28 16 000 UTC Thu Fe...

Page 1276: ...5 4 5I 0 x NTP COMMANDS SHOW NTP ASSOCIATIONS delay Round trip delay between the device and the server offset Difference between the device clock and the server clock disp Lowest measure of error associated with peer offset based on delay Table 37 4 Parameters in the output from the show ntp associations command Parameter Description ...

Page 1277: ...de User Exec and Privileged Exec Example See the sample output of the show ntp status command displaying information about the Network Time Protocol Figure 37 2 Example output from the show ntp status command awplus sh ntp status Clock is synchronized stratum 3 reference is 127 127 1 0 actual frequency is 0 0000 Hz precision is 2 19 reference time is cf11f3f2 c7c081a1 00 44 34 780 UTC Tue Feb 2 20...

Page 1278: ...r provides an alphabetical reference for commands used to configure DHCP For more information see the DHCP Feature Overview and Configuration Guide For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List ip address dhcp on page 1279 show counter dhcp client on page 1...

Page 1279: ...expiration time The no variant of this command stops the interface from obtaining IP configuration details from a DHCP server Syntax ip address dhcp client id interface hostname hostname no ip address dhcp Mode Interface Configuration for a VLAN interface Examples To set the interface vlan10 to use DHCP to obtain an IP address use the commands awplus configure terminal awplus config interface vlan...

Page 1280: ...Series Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS IP ADDRESS DHCP Validation Commands show running config show ip interface ...

Page 1281: ...client Output Figure 38 1 Example output from the show counter dhcp client command Related Commands ip address dhcp show counter dhcp client DHCPDISCOVER out 10 DHCPREQUEST out 34 DHCPDECLINE out 4 DHCPRELEASE out 0 DHCPOFFER in 22 DHCPACK in 18 DHCPNAK in 0 Table 38 1 Parameters in the output of the show counter dhcp client command Parameter Description DHCPDISCOVER out The number of DHCP Discove...

Page 1282: ... interfaces on the device For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show dhcp lease interface Mode User Exec and Privileged Exec Example To show the current lease expiry times for all interfaces use the command awplus show dhcp lease To show the current lease...

Page 1283: ... 13 Mar 2007 20 10 19 Renew 13 Mar 2007 18 37 06 Rebind 13 Mar 2007 19 49 29 Server Options subnet mask 255 255 255 0 routers 19 18 2 100 12 16 2 17 dhcp lease time 3600 dhcp message type 5 domain name servers 192 168 100 50 19 88 200 33 dhcp server identifier 192 168 22 1 domain name alliedtelesis com Interface vlan2 IP Address 100 8 16 4 Expires 13 Mar 2007 20 15 39 Renew 13 Mar 2007 18 42 25 Re...

Page 1284: ...tion at sites where centralized management of IPv6 hosts is needed IPv6 routers require automatic configuration of IPv6 addresses and IPv6 prefixes For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide NOTE The IPv6 addresses shown use the address space 2001 0db8 32 defined in ...

Page 1285: ...6 COMMANDS CLEAR COUNTER IPV6 DHCP CLIENT clear counter ipv6 dhcp client Overview Use this command in Privileged Exec mode to clear DHCPv6 client counters Syntax clear counter ipv6 dhcp client Mode Privileged Exec Example To clear DHCPv6 client counters use the following command awplus clear counter ipv6 dhcp client Related Commands show counter ipv6 dhcp client ...

Page 1286: ...P CLIENT clear ipv6 dhcp client Overview Use this command in Privileged Exec mode to restart a DHCPv6 client on an interface Syntax clear ipv6 dhcp client interface Mode Privileged Exec Example To restart a DHCPv6 client on interface vlan1 use the following command awplus clear ipv6 dhcp client vlan1 Parameter Description interface Specify the interface name to restart a DHCPv6 client on ...

Page 1287: ...v6 configuration details from a DHCPv6 server The DHCPv6 client supports the following IP configuration options Option 1 the subnet mask for your device Option 3 a list of default routers Option 6 a list of DNS servers Option 15 a domain name used to resolve host names Option 51 lease expiration time Syntax ipv6 address dhcp no ipv6 address dhcp Examples To set the interface vlan10 to use DHCPv6 t...

Page 1288: ...nter information use the command awplus show counter ipv6 dhcp client Output Figure 39 1 Example output from the show counter ipv6 dhcp client command awplus show counter ipv6 dhcp client SOLICIT out 20 ADVERTISE in 12 REQUEST out 1 CONFIRM out 0 RENEW out 0 REBIND out 0 REPLY in 0 RELEASE out 0 DECLINE out 0 INFORMATION REQUEST out 0 Table 39 1 Parameters in the output of the show counter ipv6 dh...

Page 1289: ...by the DHCPv6 client REPLY in Displays the count of REPLY messages received by the DHCPv6 client RELEASE out Displays the count of RELEASE messages sent by the DHCPv6 client DECLINE out Displays the count of DECLINE messages sent by the DHCPv6 client INFORMATION REQUEST out Displays the count of INFORMATION REQUEST messages sent by the DHCPv6 client Table 39 1 Parameters in the output of the show ...

Page 1290: ...ode User Exec and Privileged Exec Usage The DUID is based on the link layer address for both DHCPv6 client and DHCPv6 server identifiers The device uses the MAC address from the lowest interface number for the DUID The DUID is used by a DHCPv6 client to obtain an IPv6 address from a DHCPv6 server A DHCPv6 server compares the DUID with its database of DUIDs and sends configuration data for an IPv6 ...

Page 1291: ...6 information for all interfaces DHCPv6 is configured on use the command awplus show ipv6 dhcp interface Output Figure 39 3 Example output from the show ipv6 dhcp interface command Parameter Description interface name Optional Specify the name of the interface to show DHCPv6 information about Omit this optional parameter to display DHCPv6 information for all interfaces DHCPv6 is configured on awpl...

Page 1292: ...mand output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug snmp on page 1294 show counter snmp server on page 1295 show debugging snmp on page 1300 show running config snmp on page 1301 show snmp server on page 1302 show snmp server community on page 1303 show snmp server group on page 1304 show snmp serve...

Page 1293: ...NDS snmp server engineID local on page 1317 snmp server engineID local reset on page 1319 snmp server group on page 1320 snmp server host on page 1322 snmp server location on page 1324 snmp server source interface on page 1325 snmp server startup trap delay on page 1326 snmp server user on page 1327 snmp server view on page 1330 undebug snmp on page 1331 ...

Page 1294: ...nd awplus debug snmp detail To start SNMP debugging showing all SNMP debugging information use the command awplus debug snmp all Related Commands show debugging snmp terminal monitor undebug snmp Parameter Description all Enable or disable the display of all SNMP debugging information detail Enable or disable the display of detailed SNMP debugging information error string Enable or disable the dis...

Page 1295: ...sion 5 4 5I 0 x SNMP COMMANDS SHOW COUNTER SNMP SERVER show counter snmp server Overview This command displays counters for SNMP messages received by the SNMP agent Syntax show counter snmp server Mode User Exec and Privileged Exec Example To display the counters for the SNMP agent use the command awplus show counter snmp server ...

Page 1296: ...outNoSuchNames 2 outBadValues 0 outGenErrs 0 outGetRequests 0 outGetNexts 0 outSetRequests 0 outGetResponses 11 outTraps 0 UnSupportedSecLevels 0 NotInTimeWindows 0 UnknownUserNames 0 UnknownEngineIDs 0 WrongDigest 0 DecryptionErrors 0 UnknownSecModels 0 InvalidMsgs 0 UnknownPDUHandlers 0 Table 40 1 Parameters in the output of the show counter snmp server command Parameter Meaning inPkts The total...

Page 1297: ...f SNMP PDUs received by the SNMP agent where the value of the error status field is badValue This is sent by an SNMP manager to indicate that an exception occurred when processing a request from the agent inReadOnlys The number of valid SNMP PDUs received by the SNMP agent where the value of the error status field is readOnly The SNMP manager should not generate a PDU which contains the value read...

Page 1298: ...his is sent to the SNMP manager to indicate that an exception occurred when processing a request from the manager outBadValues The number of SNMP PDUs that the SNMP agent has generated with the value badValue in the error status field This is sent to the SNMP manager to indicate that an exception occurred when processing a request from the manager outGenErrs The number of SNMP PDUs that the SNMP a...

Page 1299: ...neIDs The number of received packets that the SNMP agent has dropped because they referenced an unknown snmpEngineID WrongDigest The number of received packets that the SNMP agent has dropped because they didn t contain the expected digest value DecryptionErrors The number of received packets that the SNMP agent has dropped because they could not be decrypted UnknownSecModels The number of message...

Page 1300: ...ugging snmp Overview This command displays whether SNMP debugging is enabled or disabled Syntax show debugging snmp Mode User Exec and Privileged Exec Example To display the status of SNMP debugging use the command awplus show debugging snmp Output Figure 40 2 Example output from the show debugging snmp command Related Commands debug snmp Snmp SMUX debugging status Snmp debugging is on ...

Page 1301: ...g snmp Mode Privileged Exec Example To display the current configuration of SNMP on your device use the command awplus show running config snmp Output Figure 40 3 Example output from the show running config snmp command Related Commands show snmp server snmp server contact AlliedTelesis snmp server location Philippines snmp server group grou1 auth read view1 write view1 notify view1 snmp server vi...

Page 1302: ...SNMP server Syntax show snmp server Mode Privileged Exec Example To display the status of the SNMP server use the command awplus show snmp server Output Figure 40 4 Example output from the show snmp server command Related Commands debug snmp show counter snmp server snmp server snmp server engineID local snmp server engineID local reset SNMP Server Enabled IP Protocol IPv4 SNMPv3 Engine ID configu...

Page 1303: ...P server communities configured on the device SNMP communities are specific to v1 and v2c Syntax show snmp server community Mode Privileged Exec Example To display the SNMP server communities use the command awplus show snmp server community Output Figure 40 5 Example output from the show snmp server community command Related Commands show snmp server snmp server community SNMP community informati...

Page 1304: ...sion 3 only Syntax show snmp server group Mode Privileged Exec Example To display the SNMP groups configured on the device use the command awplus show snmp server group Output Figure 40 6 Example output from the show snmp server group command Related Commands show snmp server snmp server group SNMP group information Group name guireadgroup Security Level priv Read View guiview Write View none Noti...

Page 1305: ...ommand displays the SNMP server users and is used with SNMP version 3 only Syntax show snmp server user Mode Privileged Exec Example To display the SNMP server users configured on the device use the command awplus show snmp server user Output Figure 40 7 Example output from the show snmp server user command Related Commands show snmp server snmp server user Name Group name Auth Privacy freddy guir...

Page 1306: ...command displays the SNMP server views and is used with SNMP version 3 only Syntax show snmp server view Mode Privileged Exec Example To display the SNMP server views configured on the device use the command awplus show snmp server view Output Figure 40 8 Example output from the show snmp server view command Related Commands show snmp server snmp server view SNMP view information View Name view1 O...

Page 1307: ...d dynamic link aggregation e g sa2 po2 To specify where notifications are sent use the snmp server host command To configure the device globally to send other notifications use the snmp server enable trap command Examples To enable SNMP to send link status notifications for ports 1 0 2 to 1 0 6 use following commands awplus configure terminal awplus config interface port1 0 2 1 0 6 awplus config i...

Page 1308: ...ndustrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x SNMP COMMANDS SNMP TRAP LINK STATUS Related Commands show interface snmp trap link status suppress snmp server enable trap snmp server host ...

Page 1309: ...uppression timer is started when the first link status notification of a particular type linkUp or linkDown is sent for an interface If the threshold number of notifications of this type is sent before the timerreachesthesuppresstime anyfurther notificationsofthistypegeneratedfor the interface during the interval are not sent At the end of the interval the sending of link status notifications resu...

Page 1310: ...tem Version 5 4 5I 0 x SNMP COMMANDS SNMP TRAP LINK STATUS SUPPRESS To disable the suppression link status notifications for port 1 0 2 use following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no snmp trap link status suppress Related Commands show interface snmp trap link status ...

Page 1311: ...ax snmp server ip ipv6 no snmp server ip ipv6 Default By default the SNMP agent is enabled for both IPv4 and IPv6 If neither the ip parameter nor the ipv6 parameter is specified for this command then SNMP is enabled or disabled for both IPv4 and IPv6 Mode Global Configuration Examples To enable SNMP on the device for both IPv4 and IPv6 use the commands awplus configure terminal awplus config snmp ...

Page 1312: ...Operating System Version 5 4 5I 0 x SNMP COMMANDS SNMP SERVER Related Commands show snmp server show snmp server community show snmp server user snmp server community snmp server contact snmp server enable trap snmp server engineID local snmp server group snmp server host snmp server location snmp server view ...

Page 1313: ...ro rw access list no snmp server community community name view view name access list Mode Global Configuration Example The following command creates an SNMP community called public with read only access to all MIB variables from any management station awplus configure terminal awplus config snmp server community public ro The following command removes an SNMP community called public awplus configu...

Page 1314: ...e no variant of this command removes the contact information from the system Syntax snmp server contact contact info no snmp server contact Mode Global Configuration Example To set the system contact information to support alliedtelesis co nz use the command awplus configure terminal awplus config snmp server contact support alliedtelesis co nz Related Commands show system snmp server location snm...

Page 1315: ... dhcpsnooping epsr lldp loopprot mstp nsm ospf pim power inline rmon thrash limit no snmp server enable trap auth dhcpsnooping epsr lldp loopprot mstp nsm ospf pim power inline rmon thrash limit Default By default no notifications are generated Mode Global Configuration Parameter Description auth Authentication failure dhcpsnooping DHCP snooping and ARP security traps These notifications must also...

Page 1316: ... SNMP version 3 Examples To enable the device to send PoE related traps use the following commands awplus configure terminal awplus config snmp server enable trap power inline To disable PoE traps being sent out by the device use the following commands awplus configure terminal awplus config no snmp server enable power inline To enable the device to send MAC address Thrash Limiting traps use the f...

Page 1317: ...d to force the system to generate a new engine ID when the current engine ID is also system generated Syntax snmp server engineID local engine id default no snmp server engineID local Mode Global Configuration Usage All devices must have a unique engine ID which is permanently set unless it is configured by the user Example To set the SNMPv3 engine ID to 800000cf030000cd123456 use the following co...

Page 1318: ...mands snmp server engineID local reset snmp server group awplus config snmp server engineid local asdgdfh231234d awplus config exit awplus show snmp server SNMP Server Enabled IP Protocol IPv4 SNMPv3 Engine ID configured name asdgdfh231234d SNMPv3 Engine ID actual 0x80001f888029af52e149198483 awplus config no snmp server engineid local awplus config exit awplus show snmp server SNMP Server Enabled...

Page 1319: ...dom SNMPv3 engine ID by resetting the SNMPv3 engine If the current engine ID is user defined usethe snmp server engineID local command to set SNMPv3 engineID to a system generated value Syntax snmp server engineID local reset Mode Global Configuration Example To force the SNMPv3 engine ID to be reset to a system generated value use the commands awplus configure terminal awplus config snmp server e...

Page 1320: ... notifyname no snmp server group groupname auth noauth priv Mode Global Configuration Examples To add SNMP group for ordinary users user the following commands awplus configure terminal awplus config snmp server group usergroup noauth read useraccess write useraccess To delete SNMP group usergroup use the following commands awplus configure terminal awplus config no snmp server group usergroup noa...

Page 1321: ...rence for IE200 Series Industrial Managed PoE Switches 1321 AlliedWare Plus Operating System Version 5 4 5I 0 x SNMP COMMANDS SNMP SERVER GROUP Related Commands snmp server show snmp server show snmp server group show snmp server user ...

Page 1322: ...y name SNMPv1 or SNMP v2c or the authentication encryption parameters and user name SNMP v3 Syntax snmp server host ipv4 address ipv6 address traps version 1 community name snmp server host ipv4 address ipv6 address informs traps version 2c community name snmp server host ipv4 address ipv6 address informs traps version 3 auth noauth priv user name no snmp server host ipv4 address ipv6 address trap...

Page 1323: ...to send generated traps to the IPv6 host destination 2001 db8 8a2e 7334 with the SNMPv2c community name private use the following command awplus configure terminal awplus config snmp server host version 2c private2001 db8 8a2e 7334 To remove a configured trap host of 192 0 2 5 with the SNMPv2c community name public use the following command awplus configure terminal awplus config no snmp server ho...

Page 1324: ...sysLocation The no variant of this command removes the configured location from the system Syntax snmp server location location name no snmp server location Mode Global Configuration Example To set the location to server room 523 use the following commands awplus configure terminal awplus config snmp server location server room 523 Related Commands show snmp server show system snmp server contact ...

Page 1325: ...t the source interface is the Egress interface where traps or informs were sent from Mode Global Configuration Usage An SNMP trap or inform sent from an SNMP server has the notification IP address of the interface where it was sent from Use this command to monitor notifications from an interface Example To set the interface that SNMP informs originate from to port 1 0 2 for inform packets use the ...

Page 1326: ...tartup trap delay delay time no snmp server startup trap delay Default The SNMP server trap delay time is 30 seconds The no variant restores the default Mode Global Configuration Example To delay the device sending SNMP traps until 60 seconds after device startup use the following commands awplus configure terminal awplus config snmp server startup trap delay 60 To restore the sending of SNMP trap...

Page 1327: ...e used these passwords must be the same for both entities Use the encrypted parameter when you want to enter already encrypted passwords in encrypted form as displayed in the running and startup configs stored on the device For example you may need to move a user from one group to another group and keep the same passwords for the user instead of removing the user to apply new passwords Parameter D...

Page 1328: ... snmp server user command To enter existing SNMP user authuser with existing passwords as a member of group newusergroup with authentication protocol md5 plus the encrypted authentication password 0x1c74b9c22118291b0ce0cd883f8dab6b74 privacy protocol des plus the encrypted privacy password 0x0e0133db5453ebd03822b004eeacb6608f use the following commands awplus configure terminal awplus config snmp ...

Page 1329: ...REV A Command Reference for IE200 Series Industrial Managed PoE Switches 1329 AlliedWare Plus Operating System Version 5 4 5I 0 x SNMP COMMANDS SNMP SERVER USER Related Commands show snmp server user snmp server view ...

Page 1330: ...t of this command removes the specified view on the device The view must already exist Syntax snmp server view view name mib name included excluded no snmp server view view name Mode Global Configuration Examples The following command creates a view called loc that includes the system location MIB sub tree awplus config snmp server view loc 1 3 6 1 2 1 1 6 0 included To remove the view loc use the...

Page 1331: ...eference for IE200 Series Industrial Managed PoE Switches 1331 AlliedWare Plus Operating System Version 5 4 5I 0 x SNMP COMMANDS UNDEBUG SNMP undebug snmp Overview This command applies the functionality of the no debug snmp command ...

Page 1332: ...work information gathered using LLDP is transferred to a Network Management System by SNMP For security reasons we recommend using SNMPv3 for this purpose see the SNMP Feature Overviewand Configuration Guide LLDPoperates overphysicalportsonly Forexample it canbeconfiguredonswitch ports that belong to static or dynamic channel groups but not on the channel groups themselves Command List clear lldp ...

Page 1333: ...55 location civic location identifier on page 1360 location civic location id on page 1361 location coord location configuration on page 1362 location coord location identifier on page 1364 location coord location id on page 1365 location elin location on page 1366 location elin location id on page 1367 show debugging lldp on page 1368 show lldp on page 1370 show lldp interface on page 1372 show l...

Page 1334: ...o port list is supplied LLDP statistics for all ports are cleared Syntax clear lldp statistics interface port list Mode Privileged Exec Examples To clear the LLDP statistics on ports 1 0 1 and 1 0 6 use the command awplus clear lldp statistics interface port1 0 1 port1 0 6 To clear all LLDP statistics for all ports use the command awplus clear lldp statistics Related Commands show lldp statistics ...

Page 1335: ... supplied neighbor information is cleared for all ports Syntax clear lldp table interface port list Mode Privileged Exec Examples To clear the table of neighbor information received on ports 1 0 1 and 1 0 6 use the command awplus clear lldp table interface port1 0 1 port1 0 6 Tocleartheentiretableofneighborinformationreceivedthroughallports usethe command awplus clear lldp table Related Commands s...

Page 1336: ...t no debug lldp operation no debug lldp all Default By default no debug is enabled for any ports Mode Privileged Exec Examples To enable debugging of LLDP receive on ports 1 0 1 and 1 0 6 use the command awplus debug lldp rx interface port1 0 1 port1 0 6 To enable debugging of LLDP transmit with packet dump on all ports use the command awplus debug lldp tx txpkt To disable debugging of LLDP receiv...

Page 1337: ...mand Reference for IE200 Series Industrial Managed PoE Switches 1337 AlliedWare Plus Operating System Version 5 4 5I 0 x LLDP COMMANDS DEBUG LLDP Related Commands show debugging lldp show running config lldp terminal monitor ...

Page 1338: ...instance when it detects a new LLDP MED capable device The no variant of this command resets the LLDPD MED fast start count to the default 3 Syntax lldp faststart count 1 10 no lldp faststart count Default The default fast start count is 3 Mode Global Configuration Examples To set the fast start count to 5 use the command awplus configure terminal awplus config lldp faststart count 5 To reset the ...

Page 1339: ... no lldp holdtime multiplier Default The default holdtime multiplier value is 4 Mode Global Configuration Usage The Time To Live defines the period for which the information advertised to the neighbor is valid If the Time To Live expires before the neighbor receives another update of the information then the neighbor discards the information from its database Examples To set the holdtime multiplie...

Page 1340: ...elongs to else the MAC address of the device s baseboard if no VLAN IP addresses are configured for the port Mode Interface Configuration Usage To see the management address that will be advertised use the show lldp interface command or show lldp local info command Examples To set the management address advertised by ports 1 0 1 and 1 06 to be 192 168 1 6 use the commands awplus configure terminal...

Page 1341: ...ge Detected notifications relating to the specified ports Syntax lldp med notifications no lldp med notifications Default The sending of LLDP MED notifications is disabled by default Mode Interface Configuration Examples To enable the sending of LLDP MED Topology Change Detected notifications relating to ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1...

Page 1342: ...ldp med tlv select all no lldp med tlv select capabilities network policy location power management ext inventory management no lldp med tlv select all Parameter Description capabilities LLDP MED Capabilities TLV When this is enabled the MAC PHY Configuration Status TLV from IEEE 802 3 Organizationally Specific TLVs is also automatically included in LLDP MED advertisements whether or not it has be...

Page 1343: ...vertisements transmitted via ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp med tlv select inventory management To exclude the Inventory TLV Set in advertisements transmitted via ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if no lldp med...

Page 1344: ... checking is applied to LLDP MED advertisements according to ANSI TIA 1057 and LLDP MED TLVs in non standard order are discarded Mode Global Configuration Usage The ANSI TIA 1057 specifies standard order for TLVs in LLDP MED advertisements and specifies that if LLDP receives LLDP advertisements with non standard LLDP MED TLV order the TLVs in non standard order should be discarded This implementat...

Page 1345: ...ation The no variant of this command sets the notification interval back to its default Syntax lldp notification interval 5 3600 no lldp notification interval Default The default notification interval is 5 seconds Mode Global Configuration Examples To set the notification interval to 20 seconds use the commands awplus configure terminal awplus config lldp notification interval 20 To set the notifi...

Page 1346: ...cations no lldp notifications Default The sending of LLDP SNMP notifications is disabled by default Mode Interface Configuration Examples To enable sending of LLDP SNMP notifications for ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp notifications To disable sending of LLDP SNMP notifications for ports 1 0 1 and 1 ...

Page 1347: ... Default The default port identifier type is number The no variant of this command sets the port identifier type to the default Mode Global Configuration Examples To set the type of port identifier used to enumerate LLDP MIB local port entries to port numbers use the commands awplus configure terminal awplus config lldp port number type number To set the type of port identifier used to enumerate L...

Page 1348: ... no variant of this command sets the reinitialization delay back to its default setting Syntax lldp reinit 1 10 no lldp reinit Default The default reinitialization delay is 2 seconds Mode Global Configuration Examples To set the reinitialization delay to 3 seconds use the commands awplus configure terminal awplus config lldp reinit 3 To set the reinitialization delay back to its default use the co...

Page 1349: ... device The no variant of this command disables the operation of LLDP on the device The LLDP configuration remains unchanged Syntax lldp run no lldp run Default LLDP is disabled by default Mode Global Configuration Examples To enable LLDP operation use the commands awplus configure terminal awplus config lldp run To disable LLDP operation use the commands awplus configure terminal awplus config no...

Page 1350: ...to its default Syntax lldp timer 5 32768 no lldp timer Default The default transmit interval is 30 seconds Mode Global Configuration Examples To set the transmit interval to 90 seconds use the commands awplus configure terminal awplus config lldp timer 90 To set the transmit interval back to its default use the commands awplus configure terminal awplus config no lldp timer Related Commands lldp tx...

Page 1351: ...e no variant of this command disables the specified optional TLVs or all optional TLVs for transmission in LLDP advertisements via the specified ports Syntax lldp tlv select tlv lldp tlv select all no lldp tlv select tlv no lldp tlv select all Default By default no optional TLVs are included in LLDP advertisements The MAC PHY Configuration Status TLV mac phy config is included in LLDP MED advertis...

Page 1352: ...nd 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp tlv select all To exclude the management address and system name TLVs from advertisements transmitted via ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if no lldp tlv select management address system name ...

Page 1353: ...mples To enable transmission of LLDP advertisements on ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp transmit To enable LLDP advertisement transmission and reception on ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp transmit receiv...

Page 1354: ...ay timer back to its default setting Syntax lldp tx delay 1 8192 no lldp tx delay Default The default transmission delay timer is 2 seconds Mode Global Configuration Examples To set the transmission delay timer to 12 seconds use the commands awplus configure terminal awplus config lldp tx delay 12 To set the transmission delay timer back to its default use the commands awplus configure terminal aw...

Page 1355: ...VIC LOCATION CONFIGURATION location civic location configuration Overview Use these commands to configure a civic address location The country parameter must be specified first and at least one of the other parameters must be configured before the location can be assigned to a port Use the no variants of this command to delete civic address parameters from the location ...

Page 1356: ...up street group no street group leading street direction leading street direction no leading street direction trailing street suffix trailing street suffix no trailing street suffix street suffix street suffix no street suffix house number house number no house number house number suffix house number suffix no house number suffix landmark landmark no landmark additional information additional info...

Page 1357: ...ad name sub branch road name sub branch road name no sub branch road name street name pre modifier street name pre modifier no street name pre modifier streetname post modifier streetname post modifier no streetname post modifier Parameter Description country Upper case two letter country code as specified in ISO 3166 state State Civic Address CA Type 1 national subdivisions state canton region co...

Page 1358: ...fix Trailing street suffix CA Type 17 street suffix Street suffix CA Type 18 street suffix or type house number House number CA Type 19 house number suffix House number suffix CA Type 20 landmark Landmark or vanity address CA Type 21 additional information Additional location information CA Type 22 name Name CA Type 23 residence and office occupant postal code Postal zip code CA Type 24 building B...

Page 1359: ...tifier command To delete the civic address location use the no variant of the location civic location identifier command To assign the civic address location to particular ports so that it can be advertised in TLVs from those ports use the command location civic location id command Examples To configure civic address location 1 with location 27 Nazareth Avenue Christchurch New Zealand in civic add...

Page 1360: ...formation for this civic address location identifier use the location civic location configuration command To associate this civic location identifier with particular ports use the location elin location id command Up to 400 locations can be configured on the switch for each type of location information up to a total of 1200 locations Examples To enter Civic Address Location Configuration mode for...

Page 1361: ...associated with a port can be transmitted in Location Identification TLVs via the port Before using this command create the location using the following commands location civic location identifier command location civic location configuration command If a civic address location is deleted using the no variant of the location civic location identifier command it is automatically removed from all po...

Page 1362: ...dentification TLV as 34 bit fixed point binary numbers with a 25 bit fractional part irrespective of the number of digits entered by the user Likewise Parameter Description lat resolution Latitude resolution as a number of valid bits in the range 0 to 34 latitude Latitude value in degrees in the range 90 0 to 90 0 long resolution Longitude resolution as a number of valid bits in the range 0 to 34 ...

Page 1363: ...es to define a search area To specify the coordinate identifier use the location coord location identifier command To remove coordinate information delete the coordinate location by using the no variant of that command To associate the coordinate location with particular ports so that it can be advertised in TLVs from those ports use the location elin location id command Example To configure the l...

Page 1364: ...d on the switch for each type of location information up to a total of 1200 locations To configure this coordinate location use the location coord location configuration command To associate this coordinate location with particular ports so that it can be advertised in TLVs from those ports use the location coord location id command Examples To enter Coordinate Location Configuration mode to confi...

Page 1365: ...ated with a port can be transmitted in Location Identification TLVs via the port Before using this command configure the location using the following commands location coord location identifier command location coord location configuration command If a coordinate location is deleted using the no variant of the location coord location identifier command it is automatically removed from all ports Ex...

Page 1366: ...n information up to a total of 1200 locations To assign this ELIN location to particular ports so that it can be advertised in TLVs from those ports use the location elin location id command Examples To create a new ELIN location with ID 1 and configure it with ELIN 1234567890 use the commands awplus configure terminal awplus config location elin location 1234567890 identifier 1 To delete existing...

Page 1367: ...ts Mode Interface Configuration Usage An ELIN location associated with a port can be transmitted in Location Identification TLVs via the port Before using this command configure the location using the location elin location command If an ELIN location is deleted using the no variant of one of the location elin location command it is automatically removed from all ports Examples To assign ELIN loca...

Page 1368: ... awplus show debugging lldp interface port1 0 1 1 0 6 Output Figure 41 1 Example output from the show debugging lldp command Parameter Description port list The ports for which the LLDP debug settings are shown LLDP Debug settings Debugging for LLDP internal operation is on Port Rx RxPkt Tx TxPkt 1 0 1 Yes Yes No No 1 0 2 Yes No No No 1 0 3 No No No No 1 0 4 Yes Yes Yes No 1 0 5 Yes No Yes No 1 0 ...

Page 1369: ...13 50066 01 REV A Command Reference for IE200 Series Industrial Managed PoE Switches 1369 AlliedWare Plus Operating System Version 5 4 5I 0 x LLDP COMMANDS SHOW DEBUGGING LLDP Related Commands debug lldp ...

Page 1370: ...ted TTL value 120 secs Reinitialization Delay 2 secs 2 Tx Delay 2 secs 2 Port Number Type Ifindex Port Number Fast Start Count 5 3 LLDP Global Status Total Neighbor Count 47 Neighbors table last updated 0 hrs 0 mins 43 secs ago Table 41 3 Parameters in the output of the show lldp command Parameter Description LLDP Status Whether LLDP is enabled Default is disabled Notification Interval Minimum int...

Page 1371: ...advertisements due to a change in LLDP local information Port Number Type The type of port identifier used to enumerate LLDP MIB local port entries as set by the lldp port number type command Fast Start Count The number of times fast start advertisements are sent for LLDP MED Total Neighbor Count Number of LLDP neighbors discovered on all ports Neighbors table last updated The time since the LLDP ...

Page 1372: ...s show lldp interface port1 0 1 1 0 6 LLDP Port Status and Configuration LLDP is inactive on this port because it is a mirror analyser port Notification Abbreviations RC LLDP Remote Tables Change TC LLDP MED Topology Change TLV Abbreviations Base Pd Port Description Sn System Name Sd System Description Sc System Capabilities Ma Management Address 802 1 Pv Port VLAN ID Pp Port And Protocol VLAN ID ...

Page 1373: ...DP MED Topology Change Notification Management Addr Management address advertised to neighbors Base TLVs Enabled for Tx List of optional Base TLVs enabled for transmission Pd Port Description Sn System Name Sd System Description Sc System Capabilities Ma Management Address 802 1 TLVs Enabled for Tx List of optional 802 1 TLVs enabled for transmission Pv Port VLAN ID Pp Port And Protocol VLAN ID Vn...

Page 1374: ... which local information is transmitted in advertisements via a port depends on whether the port is set to transmit LLDP advertisements lldp transmit receive command which TLVs it is configured to send lldp tlv select command lldp med tlv select command Examples To display local information transmitted via port 1 0 1 use the command awplus show lldp local info interface port1 0 1 To display local ...

Page 1375: ... PHY Auto negotiation Supported Enabled Advertised Capability 1000BaseTFD 100BaseTXFD 100BaseTX 10BaseTFD 10BaseT Operational MAU Type 1000BaseTFD 30 Power Via MDI PoE Supported Enabled Port Class PSE Pair Control Ability Disabled Power Class Unknown Link Aggregation Supported Disabled Maximum Frame Size 1522 LLDP MED Device Type Network Connectivity LLDP MED Capabilities LLDP MED Capabilities Net...

Page 1376: ...m Description System description System Capabilities Supported Capabilities that the local port supports System Capabilities Enabled Enabled capabilities on the local port Management Addresses Management address associated with the local port To change this use the lldp management address command Port VLAN ID PVID VLAN identifier associated with untagged or priority tagged frames received via the ...

Page 1377: ... maximum frame size capability of the implemented MAC and PHY LLDP MED Device Type LLDP MED device type LLDP MED Capabilities Capabilities LLDP MED capabilities supported on the local port Network Policy List of network policies configured on the local port VLAN ID VLAN identifier for the port for the specified application type Tagged Flag Whether the VLAN ID is to be used as tagged or untagged La...

Page 1378: ...O Related Commands description interface hostname lldp transmit receive Power Value The total power the switch can source over a maximum length cable to a PD device on the port The value shows the power value in Watts from the PD side Inventory Management Inventory information for the device Table 41 5 Parameters in the output of show lldp local info cont Parameter Description ...

Page 1379: ...ghbors command Parameter Description port list The ports for which the neighbor information is to be shown LLDP Neighbor Information Total number of neighbors on these ports 4 System Capability Codes O Other P Repeater B Bridge W WLAN Access Point R Router T Telephone C DOCSIS Cable Device S Station Only LLDP MED Device Type and Power Source Codes 1 Class I 3 Class III PSE PoE Both PoE Local Prim ...

Page 1380: ...Port Name Port ID of the neighbor Neighbor Sys Name System name of the LLDP neighbor Neighbor Capability Capabilities that are supported and enabled on the neighbor System Capability System Capabilities of the LLDP neighbor MED Device Type LLDP MED Device class Class I II III or Network Connectivity MED Power Source LLDP MED Power Source Table 41 6 Parameters in the output of the show lldp neighbo...

Page 1381: ...layed Syntax show lldp neighbors detail base dot1 dot3 med interface port list Mode User Exec and Privileged Exec Examples To display detailed neighbor information received via all ports use the command awplus show lldp neighbors detail To display detailed neighbor information received via ports 1 0 1 use the command awplus show lldp neighbors detail interface port1 0 1 Parameter Description base ...

Page 1382: ...754 Port VLAN ID PVID 1 Port Protocol VLAN Supported Yes Enabled Yes VIDs 5 VLAN Names default vlan5 Protocol IDs 9000 0026424203000000 888e01 8100 88090101 00540000e302 0800 0806 86dd MAC PHY Auto negotiation Supported Enabled Advertised Capability 1000BaseTFD 100BaseTXFD 100BaseTX 10BaseTFD 10BaseT Operational MAU Type 1000BaseTFD 30 Power Via MDI PoE not advertised Link Aggregation Supported Di...

Page 1383: ...pabilities that the neighbor supports System Capabilities Enabled Capabilities that are enabled on the neighbor Management Addresses List of neighbor s management addresses Port VLAN ID PVID VLAN identifier associated with untagged or priority tagged frames for the neighbor port Port Protocol VLAN Supported Whether Port Protocol VLAN is supported on the LLDP neighbor Port Protocol VLAN Enabled Whe...

Page 1384: ...w lldp neighbors LLDP MED Device Type LLDP MED Device type LLDP MED Capabilities LLDP MED capabilities supported Network Policy List of network policies Location Identification Location information Extended Power Via MDI PoE PoE capability and current status Inventory Management Inventory information Table 41 7 Parameters in the output of the show lldp neighbors detail command cont Parameter Descr...

Page 1385: ...d 0 Discarded 0 Neighbors New Entries 20 Deleted Entries 20 Dropped Entries 0 Entry Age outs 20 Table 41 9 Parameters in the output of the show lldp statistics command Parameter Description Frames Out Number of LLDPDU frames transmitted Frames In Number of LLDPDU frames received Frames In Errored Number of invalid LLDPDU frames received Frames In Dropped Number of LLDPDU frames received and discar...

Page 1386: ...rface Neighbors Dropped Entries Number of times the information advertised by neighbors could not be entered into the neighbor table because of insufficient resources Neighbors Entry Age outs Entries Number of times the information advertised by neighbors has been removed from the neighbor table because the information TTL interval has expired Table 41 9 Parameters in the output of the show lldp s...

Page 1387: ...cified ports If no port list is supplied LLDP statistics for all ports are displayed Syntax show lldp statistics interface port list Mode User Exec and Privileged Exec Examples To display LLDP statistics information for all ports use the command awplus show lldp statistics interface To display LLDP statistics information for ports 1 0 1 and 1 0 6 use the command awplus show lldp statistics interfa...

Page 1388: ...w Entries 1 Deleted Entries 0 Dropped Entries 0 Entry Age outs 0 Table 41 11 Parameters in the output of the show lldp statistics interface command Parameter Description Frames Out Number of LLDPDU frames transmitted Frames In Number of LLDPDU frames received Frames In Errored Number of invalid LLDPDU frames received Frames In Dropped Number of LLDPDU frames received and discarded for any reason T...

Page 1389: ... Neighbors Dropped Entries Number of times the information advertised by neighbors could not be entered into the neighbor table because of insufficient resources Neighbors Entry Age outs Entries Number of times the information advertised by neighbors has been removed from the neighbor table because the information TTL interval has expired Table 41 11 Parameters in the output of the show lldp stati...

Page 1390: ... civic address location configured on port1 0 1 use the command awplus show location civic location interface port1 0 1 Parameter Description civic location Display civic location information coord location Display coordinate location information elin location Display ELIN location information civic loc id Civic address location identifier in the range 1 to 4095 coord loc id Coordinate location id...

Page 1391: ...witch use the command awplus show location elin location Related Commands location elin location id location civic location identifier location civic location configuration location coord location identifier location coord location configuration location elin location Table 41 13 Example output from the show location command awplus show location coord location identifier 1 ID Element Type Element ...

Page 1392: ...ence for commands used to configure SMTP For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug mail on page 1393 delete mail on page 1394 mail on page 1395 mail from on page 1396 mail smtpserver on page 1397 show counter mail on page 1398 show mail on page 13...

Page 1393: ...debugging for sending emails The no variant of this command turns off debugging for sending emails Syntax debug mail no debug mail Mode Privileged Exec Examples To turn on debugging for sending emails use the command awplus debug mail To turn off debugging for sending emails use the command awplus no debug mail Related Commands delete mail mail mail from mail smtpserver show mail show counter mail...

Page 1394: ...eged Exec Examples To delete a unique mail item 20060912142356 1234 from the queue use the command awplus delete mail 20060912142356 1234 To delete all mail from the queue use the command awplus delete mail all Related Commands debug mail mail mail from mail smtpserver show mail Parameter Description mail id Deletes a single mail from the mail queue mail id An unique mail ID number Use the show ma...

Page 1395: ...l from command and a mail server using the mail smtpserver command Syntax mail to to subject subject file filename Mode Privileged Exec Example To send an email to rei nerv comwith the subject dummy plug configuration and with the message body inserted from the file plug conf use the command awplus mail rei nerv com subject dummy plug configuration filename plug conf Related Commands debug mail de...

Page 1396: ...e mailfrom SMTPcommand You must specify a sending email address with this command before you can send any email Syntax mail from from Mode Global Configuration Example To set the email address from which you are sending mail to kaji nerv com use the command awplus config mail from kaji nerv com Related Commands delete mail mail mail smtpserver show mail Parameter Description from The email address...

Page 1397: ...ver that your device sends email to You must specify a mail server with this command before you can send any email Syntax mail smtpserver ip address Mode Global Configuration Example To specify a mail server at 192 168 0 1 use the command awplus mail smtpserver 192 168 0 1 Related Commands debug mail delete mail mail mail from show mail show counter mail Parameter Description ip address Internet P...

Page 1398: ... 1 Example output from the show counter mail command Example To show the emails in the queue use the command awplus show counter mail Related Commands debug mail delete mail mail mail from show mail Mail Client SMTP counters Mails Sent 0 Mails Sent Fails 1 Table 42 1 Parameters in the output of the show counter mail command Parameter Description Mails Sent The number of emails sent successfully si...

Page 1399: ...Ware Plus Operating System Version 5 4 5I 0 x SMTP COMMANDS SHOW MAIL show mail Overview This command displays the emails in the queue Syntax show mail Mode Privileged Exec Example To display the emails in the queue use the command awplus show mail Related Commands delete mail mail show counter mail ...

Page 1400: ...200 Series Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x SMTP COMMANDS UNDEBUG MAIL undebug mail Overview This command applies the functionality of the no debug mail command ...

Page 1401: ... Feature Overview and Configuration Guide RMON is disabled by default in AlliedWare Plus No RMON alarms or events are configured For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List rmon alarm on page 1402 rmon collection history on page 1404 rmon collection stats...

Page 1402: ... index value oid The variable SNMP MIB Object Identifier OID name to be monitored in the format etherStatsEntry field stats index For example etherStatsEntry 5 22 is the OID for the etherStatsPkts field in the etherStatsEntry table for the interface defined by the stats index 22 in the rmon collection stats command interval 1 2147483647 Polling interval in seconds delta The RMON MIB alarmSampleTyp...

Page 1403: ...ax with oid must be specified as a dotted decimal value with the form etherStatsEntry field stats index Example To configure an alarm to monitor the change per minute in the etherStatsPkt value for interface 22 defined by stats index 22 in the rmon collection stats command to trigger event 2 defined by the rmon event command when it reaches the rising threshold 400 and to trigger event 3 when it r...

Page 1404: ...llection history history index buckets 1 65535 interval 1 3600 owner owner no rmon collection history history index Default The default interval is 1800 seconds and the default buckets is 50 buckets Mode Interface Configuration Example To create a history statistics control group to store 200 snapshots with an interval of 500 seconds use the commands awplus configure terminal awplus config interfa...

Page 1405: ...er owner no rmon collection stats collection index Default RMON statistics are not enabled by default Mode Interface Configuration Example To enable the collection of RMON statistics with a statistics index of 200 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if rmon collection stats 200 owner myrtle To to stop collecting RMON statistics use the command...

Page 1406: ... event event index log description description owner owner trap trap rmon event event index log trap description description owner owner no rmon event event index Default No event is configured by default Mode Global Configuration Example To create an event definition for a log with an index of 299 use this command awplus configure terminal awplus config rmon event 299 log description cond3 owner ...

Page 1407: ... RMON ALARM show rmon alarm Overview Use this command to display the alarms and threshold configured for the RMON probe NOTE Onlythealarmsforswitchportinterfaces notforVLANinterfaces canbeshown Syntax show rmon alarm Mode User Exec and Privileged Exec Example To display the alarms and threshold use this command awplus show rmon alarm Related Commands rmon alarm ...

Page 1408: ... command NOTE The following etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts etherStatsOversizePkts etherStatsFragments etherStatsJabbers etherStatsCollisions etherStatsPkts64Octets etherStatsPkts65to127Octets etherStatsPkts128to255Octets etherStatsPkts256to511Octets etherStatsPkts512to1023Octets etherSt...

Page 1409: ...ries Industrial Managed PoE Switches 1409 AlliedWare Plus Operating System Version 5 4 5I 0 x RMON COMMANDS SHOW RMON EVENT Example To display the events configured for the RMON probe use this command awplus show rmon event Related Commands rmon event ...

Page 1410: ...t from the show rmon history command NOTE The following etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts etherStatsOversizePkts etherStatsFragments etherStatsJabbers etherStatsCollisions etherStatsPkts64Octets etherStatsPkts65to127Octets etherStatsPkts128to255Octets etherStatsPkts256to511Octets etherStat...

Page 1411: ... Switches 1411 AlliedWare Plus Operating System Version 5 4 5I 0 x RMON COMMANDS SHOW RMON HISTORY Example To display the parameters specified on all the currently defined RMON history collections us the commands awplus show rmon history Related Commands rmon collection history ...

Page 1412: ...rom the show rmon statistics command NOTE The following etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts etherStatsOversizePkts etherStatsFragments etherStatsJabbers etherStatsCollisions etherStatsPkts64Octets etherStatsPkts65to127Octets etherStatsPkts128to255Octets etherStatsPkts256to511Octets etherStat...

Page 1413: ...66 01 REV A Command Reference for IE200 Series Industrial Managed PoE Switches 1413 AlliedWare Plus Operating System Version 5 4 5I 0 x RMON COMMANDS SHOW RMON STATISTICS Related Commands rmon collection stats ...

Page 1414: ...ing command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active trigger on page 1416 day on page 1417 debug trigger on page 1419 description trigger on page 1420 repeat on page 1421 script on page 1422 show debugging trigger on page 1424 show running config trigger on page 1425 show trigger on page 1426...

Page 1415: ...aged PoE Switches 1415 AlliedWare Plus Operating System Version 5 4 5I 0 x TRIGGER COMMANDS type memory on page 1442 type periodic on page 1443 type ping poll on page 1444 type reboot on page 1445 type time on page 1446 type usb on page 1447 undebug trigger on page 1448 ...

Page 1416: ...t Syntax active no active Mode Trigger Configuration Usage Configure a trigger first before you use this command to activate it Forinformationaboutconfiguringatrigger seethe TriggersFeatureOverviewand Configuration Guide Examples To enable trigger 172 so that it can activate when its trigger conditions are met use the commands awplus configure terminal awplus config trigger 172 awplus config trigg...

Page 1417: ...e on the 1 Jun 2010 use the commands awplus configure terminal awplus config trigger 55 awplus config trigger day 1 Jun 2010 To permit trigger 12 to activate on a Mondays Wednesdays and Fridays use the commands awplus configure terminal awplus config trigger 12 awplus config trigger day monday wednesday friday Parameter Description every day Sets the trigger so that it can activate on any day 1 31...

Page 1418: ...1418 Command Reference for IE200 Series Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x TRIGGER COMMANDS DAY Related Commands show trigger trigger ...

Page 1419: ...generates detailed messages about how your device is processing the trigger commands and activating the triggers The no variant of this command disables trigger debugging Syntax debug trigger no debug trigger Mode Privilege Exec Examples To start trigger debugging use the command awplus debug trigger To stop trigger debugging use the command awplus no trigger Related Commands show debugging trigge...

Page 1420: ...g a description for this trigger Syntax description description no description Mode Trigger Configuration Examples To give trigger 240 the description daily status report use the commands awplus configure terminal awplus config trigger 240 awplus config trigger description daily status report To remove the description from trigger 36 use the commands awplus configure terminal awplus config trigger...

Page 1421: ...an activate an unlimited number of times To reset a trigger to this default specify either yes or forever Syntax repeat forever no once yes 1 4294967294 Mode Trigger Configuration Examples To allow trigger 21 to activate only once use the commands awplus configure terminal awplus config trigger 21 awplus config trigger repeat no To allow trigger 22 to activate an unlimited number of times whenever...

Page 1422: ...by specifying their position in the script list The all parameter removes all scripts from the trigger Syntax script 1 5 filename no script 1 5 filename all Mode Trigger Configuration Examples To configure trigger 71 to run the script flash cpu_trig sh in position 3 when the trigger activates use the commands awplus configure terminal awplus config trigger 71 awplus config trigger script 3 flash c...

Page 1423: ...ve the script flash cpu_trig sh from trigger 71 s script list use the commands awplus configure terminal awplus config trigger 71 awplus config trigger no script flash cpu_trig sh To remove all the scripts from trigger 71 s script list use the commands awplus configure terminal awplus config trigger 71 awplus config trigger no script all Related Commands show trigger trigger ...

Page 1424: ... been turned on or off from the debug trigger command Syntax show debugging trigger Mode User Exec and Privileged Exec Example To display the current configuration of trigger debugging use the command awplus show debugging trigger Output Figure 44 1 Example output from the show debugging trigger command Related Commands debug trigger awplus debug trigger awplus show debugging trigger Trigger debug...

Page 1425: ...iew This command displays the current running configuration of the trigger utility Syntax show running config trigger Mode Privileged Exec Example To display the current configuration of the trigger utility use the command awplus show running config trigger Output Figure 44 2 Example output from the show running config trigger command Related Commands show trigger trigger 1 type card in type usb i...

Page 1426: ...ion about all triggers full Displays detailed information about all triggers Table 44 1 Example output from the show trigger command awplus show trigger TR Type Details Name Ac Te Tr Repeat Scr Days Date 001 USB in Y N Y Continuous 0 smtwtfs 002 USB out Y N Y Continuous 0 smtwtfs 003 CPU 80 any Busy CPU Y N Y 5 1 smtwtfs 005 Periodic 30 min Regular status check Y N N Continuous 1 mtwtf 007 Memory ...

Page 1427: ...er of times a trigger has activated use the show trigger 1 250 command Scr Number of scripts associated with the trigger Days Date Days or date when the trigger may be activated For the days options the days are shown as a seven character string representing Sunday to Saturday A hyphen indicates days when the trigger cannot be activated awplus show trigger 3 Trigger Configuration Details Trigger 1...

Page 1428: ...ified Fri Sep 3 14 45 56 2010 Number of activations 0 Last activation not activated Number of scripts 0 1 not configured 2 not configured 3 not configured 4 not configured 5 not configured Trigger 2 Description no description Type and details USB out Days smtwtfs After 00 00 00 Before 23 59 59 Active Yes Test No Trap Yes Repeat Continuous Modified Fri Sep 3 14 45 56 2010 Number of activations 0 La...

Page 1429: ...ap Whether or not the trigger is enabled to send SNMP traps Repeat Whether the trigger repeats an unlimited number of times Continuous or for a set number of times When the trigger can repeat only a set number of times then the number of times the trigger has been activated is displayed in brackets Modified The date and time of the last time that the trigger was modified Number of activations Numb...

Page 1430: ... activated today 0 Ping poll triggers activated today 0 Table 44 5 Parameters in the output of the show trigger counter command Parameter Description Trigger activations Number of times a trigger has been activated Time triggers activated today Number of times a time trigger has been activated today Periodic triggers activated today Number of times a periodic trigger has been activated today Inter...

Page 1431: ... When the trigger activates the scripts associated with the trigger will be run as normal Syntax test no test Mode Trigger Configuration Usage Configure a trigger first before you use this command to diagnose it For information about configuring a trigger see the Triggers Feature Overview and Configuration Guide Examples To put trigger 5into diagnosticmode where no scripts will berun when thetrigg...

Page 1432: ...59 that is the trigger may activate at any time If the value specified for before is later than the value specified for after a time period from after to before is defined duringwhich the trigger may activate This command is not applicable to time triggers type time The following figure illustrates how the before and after parameters operate Syntax time after hh mm ss before hh mm ss Mode Trigger ...

Page 1433: ...amples To allow trigger 63 to activate between midnight and 10 30am use the commands awplus configure terminal awplus config trigger 63 awplus config trigger time before 10 30 00 To allow trigger 64 to activate between 3 45pm and midnight use the commands awplus configure terminal awplus config trigger 64 awplus config trigger time after 15 45 00 To allow trigger 65 to activate between 10 30am and...

Page 1434: ...verview for information about which MIB objects are supported the SNMP Feature Overview and Configuration Guide Since SNMP traps are enabled by default for all defined triggers a common usage will be for the no variant of this command to disable SNMP traps from a specified trap if the trap is only periodic Refer in particular to AT TRIGGER MIB in the SNMP MIBs Overview for further information abou...

Page 1435: ...and other operational parameters can be specified At a minimum the trigger type information must be specified before the trigger can become active The no variant of this command removes a specified trigger and all configuration associated with it Syntax trigger 1 250 no trigger 1 250 Mode Global Configuration Examples To enter trigger configuration mode for trigger 12 use the command awplus trigge...

Page 1436: ...vileged Exec Usage This command manually activates a trigger without the normal trigger conditions being met The trigger is activated even if it is configured as inactive The scripts associated with the trigger will be executed even if the trigger is in the diagnostic test mode Triggers activated manually do not have their repeat counts decremented or their last triggered time updated and do not r...

Page 1437: ... on node 1 node1 config trigger 5 node1 config trigger type atmf node leave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set node1 atmf working set group all This command returns the following display Note that the running the above command changes the prompt from the name of the local node to the name of the ...

Page 1438: ...in the AMF Network AMF Net 3 show running config trigger This command returns the following display node1 TR Type Details Description Ac Te Tr Repeat Scr Days Date 001 Periodic 2 min Periodic Status Chk Y N Y Continuous 1 smtwtfs 005 ATMF node leave E mail on ATMF Exit Y N Y Continuous 1 smtwtfs Node2 Node3 TR Type Details Description Ac Te Tr Repeat Scr Days Date 005 ATMF node leave E mail on ATM...

Page 1439: ...13 50066 01 REV A Command Reference for IE200 Series Industrial Managed PoE Switches 1439 AlliedWare Plus Operating System Version 5 4 5I 0 x TRIGGER COMMANDS TYPE ATMF NODE Related Commands show trigger ...

Page 1440: ...nusual CPU and RAM Activity in the Triggers Feature Overview and Configuration Guide Examples To configure trigger 28 to be a CPU trigger that activates when CPU usage exceeds 80 use the following commands awplus configure terminal awplus config trigger 28 awplus config trigger type cpu 80 up To configure trigger 5 to be a CPU trigger that activates when CPU usage either rises above or drops below...

Page 1441: ...vate when either one of these events occurs by using the any option Syntax type interface interface up down any Mode Trigger Configuration Example To configure trigger 19 to be an interface trigger that activates when port1 0 2 becomes operational use the following commands awplus configure terminal awplus config trigger 19 awplus config trigger type interface port1 0 2 up Related Commands show tr...

Page 1442: ...igger 12 to be a memory trigger that activates when memory usage exceeds 50 use the following commands awplus configure terminal awplus config trigger 12 awplus config trigger type memory 50 up To configure trigger 40 to be a memory trigger that activates when memory usage either rises above or drops below 65 use the following commands awplus configure terminal awplus config trigger 40 awplus conf...

Page 1443: ... and time can be configured If you attempt to add more than 10 triggers the following error message is displayed For an example trigger configuration that uses the type periodic command see See Daily Statistics in the Triggers Feature Overview and Configuration Guide Example To configure trigger 44 to activate periodically at 10 minute intervals use the following commands awplus configure terminal...

Page 1444: ... becomes reachable or unreachable Syntax type ping poll 1 100 up down Mode Trigger Configuration Example To configure trigger 106 to activate when ping poll 12 detects that its target device is now unreachable use the following commands awplus configure terminal awplus config trigger 106 awplus config trigger type ping poll 12 down Related Commands show trigger trigger Parameter Description 1 100 ...

Page 1445: ...EBOOT type reboot Overview This command configures a trigger that activates when your device is rebooted Syntax type reboot Mode Trigger Configuration Example To configure trigger 32 to activate when your device reboots use the following commands awplus configure terminal awplus config trigger 32 awplus config trigger type reboot Related Commands show trigger trigger ...

Page 1446: ...n Usage A combined limit of 10 triggers of the type time and type periodic can be configured If you attempt to add more than 10 triggers the following error message is displayed Example To configure trigger 86 to activate at 15 53 use the following commands awplus configure terminal awplus config trigger 86 awplus config trigger type time 15 53 Related Commands show trigger trigger Parameter Descr...

Page 1447: ...files from a USB storage device For example trigger configurations that use the type usb command see Capture Show Output and Save to a USB Storage Device in the Triggers Feature Overview and Configuration Guide Examples To configure trigger 1 to activate on the insertion of a USB storage device use the commands awplus configure terminal awplus config trigger 1 awplus config trigger type usb in Rel...

Page 1448: ...ries Industrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x TRIGGER COMMANDS UNDEBUG TRIGGER undebug trigger Overview This command applies the functionality of the no debug trigger command ...

Page 1449: ...nd output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active ping polling on page 1451 clear ping poll on page 1452 critical interval on page 1453 debug ping poll on page 1454 Table 45 1 The following table lists the default values when configuring a ping poll Default Value Critical interval 1 second Descript...

Page 1450: ...ription ping polling on page 1455 fail count on page 1456 ip ping polling on page 1457 length ping poll data on page 1458 normal interval on page 1459 ping poll on page 1460 sample size on page 1461 show counter ping poll on page 1463 show ping poll on page 1466 source ip on page 1471 timeout ping polling on page 1472 up count on page 1473 undebug ping poll on page 1474 ...

Page 1451: ...he device it is polling is unreachable The no variant of this command disables a ping poll instance The polling instance no longer sends ICMP echo requests to the polled device This also resets all counters for this polling instance Syntax active no active Mode Ping Polling Configuration Examples To activate the ping poll instance 43 use the commands awplus configure terminal awplus config ping po...

Page 1452: ...tical interval command The device status changes to reachable once the device responses have reached the up count Syntax clear ping poll 1 100 all Mode Privileged Exec Examples To reset the ping poll instance 12 use the command awplus clear ping poll 12 To reset all ping poll instances use the command awplus clear ping poll all Related Commands active ping polling ping poll show ping poll Paramete...

Page 1453: ...l to the default of one second Syntax critical interval 1 65536 no critical interval Default The default is 1 second Mode Ping Polling Configuration Examples To set the critical interval to 2 seconds for the ping polling instance 99 use the commands awplus configure terminal awplus config ping poll 99 awplus config ping poll critical interval 2 To reset the critical interval to the default of one ...

Page 1454: ...g poll debugging for the specified ping poll Syntax debug ping poll 1 100 no debug ping poll 1 100 all Mode Privileged Exec Examples To enable debugging for ping poll instance 88 use the command awplus debug ping poll 88 To disable all ping poll debugging use the command awplus no debug ping poll all To disable debugging for ping poll instance 88 use the command awplus no debug ping poll 88 Relate...

Page 1455: ...his command to delete the description set Syntax description description no description Mode Ping Polling Configuration Examples To add the text Primary Gateway to describe the ping poll instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping poll description Primary Gateway To delete the description set for the ping poll instance 45 use the commands aw...

Page 1456: ...clared unreachable The no variant of this command resets the fail count to the default Syntax fail count 1 100 no fail count Default The default is 5 Mode Ping Polling Configuration Examples To specify the number of pings that must fail within the sample size to determine that a device is unreachable for ping polling instance 45 use the commands awplus configure terminal awplus config ping poll 45...

Page 1457: ...ping poll instance 5 to poll the device with the IP address 192 168 0 1 use the commands awplus configure terminal awplus config ping poll 5 awplus config ping poll ip 192 168 0 1 To set ping poll instance 10 to poll the device with the IPv6 address 2001 db8 use the commands awplus configure terminal awplus config ping poll 10 awplus config ping poll ip 2001 db8 Related Commands ping poll source i...

Page 1458: ...en the network is dropping packets of the size you are interested in The no variant of this command resets the data bytes to the default of 32 bytes Syntax length 4 1500 no length Default The default is 32 Mode Ping Polling Configuration Examples To specify that ping poll instance 12 sends ping packet with a data portion of 56 bytes use the commands awplus configure terminal awplus config ping pol...

Page 1459: ...s Mode Ping Polling Configuration Examples To specify a time period of 60 seconds between pings when the device is reachable for ping poll instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping poll normal interval 60 To reset the interval to the default of 30 seconds for ping poll instance 45 use the commands awplus configure terminal awplus config pi...

Page 1460: ...the device you want the polling instance to poll It is not necessary to specify any further commands unless you want to change a command s default The no variant of this command deletes the specified ping poll Syntax ping poll 1 100 no ping poll 1 100 Mode Global Configuration Examples To create ping poll instance 3 and enter ping poll configuration mode use the commands awplus configure terminal ...

Page 1461: ...ommand a device that does not always reply to pings may be declared unreachable You cannot set this command s value lower than the fail count value The polling instance uses the number of pings specified by the up count command to determine when a device is reachable The no variant of this command resets this command to the default Syntax sample size 1 100 no sample size Default The default is 5 M...

Page 1462: ...rial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x PING POLLING COMMANDS SAMPLE SIZE Related Commands critical interval fail count normal interval ping poll show ping poll timeout ping polling up count ...

Page 1463: ...NTER PING POLL show counter ping poll Overview This command displays the counters for ping polling Syntax show counter ping poll 1 100 Mode User Exec and Privileged Exec Parameter Description 1 100 A unique ping poll ID number This displays the counters for the specified ping poll only If you do not specify a ping poll then this command displays counters for all ping polls ...

Page 1464: ...wnState 2 ErrorSendingPing 2 CurrentUpCount 9 CurrentFailCount 0 UpStateEntered 0 DownStateEntered 0 Table 45 2 Parameters in output of the show counter ping poll command Parameter Description Ping poll The ID number of the polling instance PingsSent The total number of pings generated by the polling instance PingsFailedUpState The number of unanswered pings while the target device is in the Up st...

Page 1465: ...ommand awplus show counter ping poll Related Commands debug ping poll ping poll show ping poll CurrentFailCount The number of ping requests that have not received a ping reply in the current sample size window UpStateEntered Number of times the target device has entered the Up state DownStateEntered Number of times the target device has entered the Down state Table 45 2 Parameters in output of the...

Page 1466: ...ing instance state Displays polling instances based on whether the device they are polling is currently reachable or unreachable up Displays polling instance where the device state is reachable down Displays polling instances where the device state is unreachable brief Displays a summary of the state of ping polls and the devices they are polling Ping Poll Configuration Id Enabled State Destinatio...

Page 1467: ...unreachable Critical Up The device is reachable but recently the polling instance has not received some ping replies so the polled device may be going down Critical Down The device is unreachable but the polling instance received a reply to the last ping packet so the polled device may be coming back up Destinatio n The IP address of the polled device set with the ip ping polling command Table 45 ...

Page 1468: ...l interval 30 Fail count 10 Up count 5 Sample size 50 Length 32 Timeout 1 Debugging Enabled Poll 2 Description Secondary Gateway Destination IP address 192 168 0 100 Status Up Enabled Yes Source IP address Default Critical interval 5 Normal interval 60 Fail count 20 Up count 30 Sample size 100 Length 56 Timeout 2 Debugging Enabled Table 45 4 Parameters in output of the show ping poll command Param...

Page 1469: ...his is set with the critical interval command Normal interval The time period between pings when the device is reachable This is set with the normal interval command Fail count The number of pings that must be unanswered within the total number of pings specified by the sample size command for the polling instance to consider the device unreachable This is set using the fail count command Up count...

Page 1470: ...the ping poll settings use the command awplus show ping poll brief To display the settings for ping poll 6 use the command awplus show ping poll 6 To display a summary of the state of ping poll 6 use the command awplus show ping poll 6 brief To display the settings of ping polls that have reachable devices use the command awplus show ping poll state up To display a summary of ping polls that have ...

Page 1471: ...ing Configuration Examples To configure the ping polling instance 43 to use the source IP address 192 168 0 1 in ping packets use the commands awplus configure terminal awplus config ping poll 43 awplus config ping poll source ip 192 168 0 1 To configure the ping polling instance 43 to use the source IPv6 address 2001 db8 in ping packets use the commands awplus configure terminal awplus config pin...

Page 1472: ...ne second Syntax timeout 1 30 no timeout Default The default is 1 second Mode Ping Polling Configuration Examples To specify the timeout as 5 seconds for ping poll instance 43 use the commands awplus configure terminal awplus config ping poll 43 awplus config ping poll timeout 5 To reset the timeout to its default of 1 second for ping poll instance 43 use the commands awplus configure terminal awp...

Page 1473: ...default is 30 Mode Ping Polling Configuration Examples To set the upcount to 5 consecutive pings for ping polling instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping poll up count 5 To reset the upcount to the default value of 30 consecutive pings for ping polling instance 45 use the commands awplus configure terminal awplus config ping poll 45 awpl...

Page 1474: ...ndustrial Managed PoE Switches C613 50066 01 REV A AlliedWare Plus Operating System Version 5 4 5I 0 x PING POLLING COMMANDS UNDEBUG PING POLL undebug ping poll Overview This command applies the functionality of the no debug ping poll command ...

Reviews:

No comments

Related manuals for AT-IE200-6FP-80

Cabletron Systems SmartCell 6A000 User Manual preview
SmartCell 6A000
Brand: Cabletron Systems Pages: 114
Cabletron Systems MRX Installation Manual preview
MRX
Brand: Cabletron Systems Pages: 62
Cabletron Systems CyberSWITCH CSX150 Quick Start Manual preview
CyberSWITCH CSX150
Brand: Cabletron Systems Pages: 49
Cabletron Systems Cabletron CyberSWITCH CSX5500 User Manual preview
Cabletron CyberSWITCH CSX5500
Brand: Cabletron Systems Pages: 729
Danfoss LLS 4000 Installation Manual preview
LLS 4000
Brand: Danfoss Pages: 6
Xunison Hub D60 5G Quick Start Manual preview
Hub D60 5G
Brand: Xunison Pages: 14
nedis VMAT3482AT Manual preview
VMAT3482AT
Brand: nedis Pages: 24
AV-Box WUH5-H2 User Manual preview
WUH5-H2
Brand: AV-Box Pages: 11
Zhuoyi ZYT09 User Manual preview
ZYT09
Brand: Zhuoyi Pages: 2
Extron electronics FOX 4G SW8 Setup Manual preview
FOX 4G SW8
Brand: Extron electronics Pages: 1
KDS KD-MSW8x3 Operating Instructions Manual preview
KD-MSW8x3
Brand: KDS Pages: 10
Yacoub Automation GmbH SM 4TX2FX User Manual preview
SM 4TX2FX
Brand: Yacoub Automation GmbH Pages: 45
Xantech 686-10 Installation Instructions preview
686-10
Brand: Xantech Pages: 5
Eaton CH10GEN5030SN Instruction Booklet preview
CH10GEN5030SN
Brand: Eaton Pages: 4
Eaton NGI-M04C2 Quick Start Manual preview
NGI-M04C2
Brand: Eaton Pages: 8
B&B Electronics EIR610-3SFP-T Product Description preview
EIR610-3SFP-T
Brand: B&B Electronics Pages: 107
B&B Electronics EIR618-2SFP-T User Manual preview
EIR618-2SFP-T
Brand: B&B Electronics Pages: 116
Rose electronics UltraLink Lite UL-LV3 Specifications preview
UltraLink Lite UL-LV3
Brand: Rose electronics Pages: 2

Brands by name

Popular brands

Load more brands